Lucene search
K

9793 matches found

Saint
Saint
added 2021/05/24 12:0 a.m.194 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

2.3AI score
Exploits0
Saint
Saint
added 2021/05/24 12:0 a.m.29 views

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

8.7AI score
Exploits0
OSV
OSV
added 2021/05/21 11:15 p.m.3 views

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2021/05/21 11:15 p.m.17 views

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

10CVSS0.08798EPSS
Exploits2References2
Prion
Prion
added 2021/05/21 11:15 p.m.26 views

Command injection

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

10CVSS9.7AI score0.08798EPSS
Exploits2References2Affected Software17
Cvelist
Cvelist
added 2021/05/21 10:10 p.m.21 views

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

8.8CVSS10AI score0.08798EPSS
Exploits2References2
CVE
CVE
added 2021/05/21 10:10 p.m.153 views

CVE-2021-33514

CVE-2021-33514 affects multiple NETGEAR devices (e.g., GC108P/GC108PP/GS108Tv3/GS110TPPv1/GS110TPv3/GS110TUPv1/GS710TUPv1/GS716TP/GS716TPP/GS724TPP/v1/v2/GS728TPPv2/GS752TPPv1/v2/MS510TXM/MS510TXUP) with a pre-authentication command injection in the CGI setup path. The root cause is improper hand...

10CVSS9.7AI score0.08798EPSS
Exploits2References2Affected Software1
Hacker One
Hacker One
added 2021/05/21 12:21 p.m.23 views

Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

以下のCGIスクリプトについて、name、path、domainに改行、等号、改行のインジェクションが可能 !/usr/bin/env ruby require "cgi" cgi = CGI.new name = "name" path = "/" domain = "example.jp" cookie = CGI::Cookie.new'name' = name, 'value' = "value", 'domain' = domain, 'path' = path cgi.out"cookie" = cookie...

6.5CVSS0.02287EPSS
Exploits1
Hacker One
Hacker One
added 2021/05/21 1:10 a.m.61 views

Ruby: RubyのCGIライブラリにHTTPレスポンス分割(HTTPヘッダインジェクション)があり、秘密情報が漏洩する

PoC1: !/usr/bin/env ruby require 'cgi' cgi = CGI.new url = "http://example.jp\r\nSet-Cookie: foo=bar;" External Parameter print cgi.header'status' = '302 Found', 'Location' = url Actual Result1: $ curl -s -i http://localhost:8080/cgi-bin/cgi.ru HTTP/1.1 302 Found Date: Fri, 21 May 2021 00:46:33 G...

6.5CVSS7.2AI score0.04569EPSS
Exploits1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.6 views

Netgear NETGEAR 操作系统命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from NETGEAR devices can be exploited by unauthenticated attackers to inject...

10CVSS8.3AI score0.08798EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2021/05/17 12:0 a.m.111 views

IPFire 2.25 Remote Code Execution

Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2021/05/13 12:0 a.m.7 views

Fedora: Security Advisory for php (FEDORA-2021-6f34b7c382)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Exploit DB
Exploit DB
added 2021/05/13 12:0 a.m.175 views

ZeroShell 3.9.0 - Remote Command Execution

Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests impor...

10CVSS9.8AI score0.89849EPSS
Exploits11
Fedora
Fedora
added 2021/05/12 5:45 a.m.26 views

[SECURITY] Fedora 34 Update: php-7.4.19-1.fc34

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

2.2AI score
Exploits0
OSV
OSV
added 2021/05/06 4:15 p.m.3 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS6.1AI score0.02584EPSS
Exploits1References2
NVD
NVD
added 2021/05/06 4:15 p.m.17 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS0.02584EPSS
Exploits1References2
Prion
Prion
added 2021/05/06 4:15 p.m.21 views

Default credentials

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

2.1CVSS5.5AI score0.02584EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/06 3:12 p.m.22 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.8AI score0.02584EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 1:15 p.m.13 views

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5.3CVSS6.7AI score
Exploits0References6
Prion
Prion
added 2021/05/06 1:15 p.m.14 views

Design/Logic Flaw

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5CVSS5.2AI score0.01478EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder