9794 matches found
Design/Logic Flaw
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...
CVE-2021-32062
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...
Hongdian H8922 输入验证错误漏洞
The Hongdian H8922 is a router from the Chinese company Hongdian. A security vulnerability exists in the Hongdian H8922 3.0.5 devices that allows unprivileged users to read cli.conf with administrator password and other sensitive data via backup2.cgi...
CVE-2021-32062
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...
GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
CVE-2020-21992
Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...
CVE-2020-21992
Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...
Command injection
Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...
D-Link DAP-2020 Command Injection Vulnerability
The D-Link DAP-2020 is a WiFi range extender from D-Link, a Taiwan-based company.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A command injection vulnerability exists in D-Link DAP-2020...
CVE-2021-20696
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...
CVE-2021-20696
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...
Design/Logic Flaw
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...
CVE-2021-20696
CVE-2021-20696 affects D-Link DAP-1880AC firmware 1.21 and earlier. A remote authenticated attacker can send a crafted request to a CGI program to execute arbitrary OS commands, enabling remote code execution. Impact: high (CVE-2021-20696). Remediation: update to firmware 1.23 or later as per ven...
CVE-2021-20696
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...
SUSE: Security Advisory (SUSE-SU-2016:1818-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-27253
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...
CVE-2021-27248
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...
CVE-2021-27248
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...
CVE-2021-27249
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...