9794 matches found
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...
PT-2021-13841 · Privoxy +3 · Privoxy +3
Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A memory leak in the show-status CGI handler can occur when no filter files are configured, potentially leading to a system crash. This issue affects Privoxy and can be exploited by attackers to...
Cisco UCS Manager 2.2(1d) Remote Command Execution
import sys, ssl, os, time import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning Exploit Title : Cisco UCS Manager - 2.21d - Remote Command Execution Description : An unspecified CGI script in Cisco...
Cisco UCS Manager 2.2(1d) - Remote Command Execution
Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...
Webmin < 1.970 RCE Vulnerability
miniserv.pl in Webmin on Windows mishandles special characters in query arguments to the CGI program. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
The vulnerability of the do_cgi() function in D-Link DSL-2640B router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the docgi function in D-Link DSL-2640B router software arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Fedora: Security Advisory for awstats (FEDORA-2020-d1aa0e030c)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: awstats-7.8-2.fc33
Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy server...
CVE-2020-35743
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...
Sql injection
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...
CVE-2020-35743 HGiga MailSherlock - SQL Injection -3
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...
CVE-2020-35769
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...
Code injection
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...
CVE-2020-35769
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...
CVE-2020-35769
Summary: CVE-2020-35769 affects Webmin 1.962 on Windows, via miniserv.pl mishandling special characters in CGI query parameters. This has been linked to remote command execution (in-the-wild vectors reported in multiple advisories) with CVSS 3.1/2.0 vectors indicating high/critical impact. Connec...
Webmin 输入验证错误漏洞
Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. An input validation error vulnerability exists in Webmin version 1.962, which stems from miniserv.pl incorrectly handling special characters in the query parameters of a CGI program, and...
Design/Logic Flaw
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/setfactory URI...
Arbitrary File Read
AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-5493)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5493 advisory. delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596...