Lucene search
K

9794 matches found

Prion
Prion
added 2021/05/06 1:15 p.m.14 views

Design/Logic Flaw

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5CVSS5.2AI score0.01478EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2021/05/06 1:15 p.m.14 views

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5.3CVSS6AI score0.01478EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.4 views

Hongdian H8922 输入验证错误漏洞

The Hongdian H8922 is a router from the Chinese company Hongdian. A security vulnerability exists in the Hongdian H8922 3.0.5 devices that allows unprivileged users to read cli.conf with administrator password and other sensitive data via backup2.cgi...

5.5CVSS5.8AI score0.02584EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/05/05 6:39 p.m.22 views

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5.3CVSS5.1AI score0.01478EPSS
Exploits0
OSV
OSV
added 2021/04/30 5:32 p.m.27 views

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

6.9CVSS5.4AI score0.02406EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/04/30 5:32 p.m.56 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.02406EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/04/29 3:15 p.m.27 views

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

9CVSS0.05212EPSS
Exploits1References1
OSV
OSV
added 2021/04/29 3:15 p.m.4 views

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

8.8CVSS7.4AI score
Exploits0References1
Prion
Prion
added 2021/04/29 3:15 p.m.28 views

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

9CVSS9.1AI score0.05212EPSS
Exploits1References1Affected Software6
CNVD
CNVD
added 2021/04/29 12:0 a.m.6 views

D-Link DAP-2020 Command Injection Vulnerability

The D-Link DAP-2020 is a WiFi range extender from D-Link, a Taiwan-based company.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A command injection vulnerability exists in D-Link DAP-2020...

8.8CVSS7.9AI score0.026EPSS
Exploits0References1
NVD
NVD
added 2021/04/26 1:15 a.m.12 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

9CVSS0.02399EPSS
Exploits0References2
OSV
OSV
added 2021/04/26 1:15 a.m.4 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

8.8CVSS6AI score0.02399EPSS
Exploits0References2
Prion
Prion
added 2021/04/26 1:15 a.m.17 views

Design/Logic Flaw

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

9CVSS8.7AI score0.02399EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/26 12:20 a.m.46 views

CVE-2021-20696

CVE-2021-20696 affects D-Link DAP-1880AC firmware 1.21 and earlier. A remote authenticated attacker can send a crafted request to a CGI program to execute arbitrary OS commands, enabling remote code execution. Impact: high (CVE-2021-20696). Remediation: update to firmware 1.23 or later as per ven...

9CVSS8.7AI score0.02399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/26 12:20 a.m.11 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

8.9AI score0.02399EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2016:1818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.55724EPSS
Exploits0References4
OSV
OSV
added 2021/04/14 4:15 p.m.1 views

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2021/04/14 4:15 p.m.17 views

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

8.8CVSS0.026EPSS
Exploits0References2
OSV
OSV
added 2021/04/14 4:15 p.m.4 views

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

8.8CVSS7.7AI score0.026EPSS
Exploits0References2
NVD
NVD
added 2021/04/14 4:15 p.m.19 views

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

8.8CVSS0.05089EPSS
Exploits0References2
Rows per page
Query Builder