Lucene search
K

9794 matches found

Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.463 views

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/22 12:0 a.m.3 views

PT-2021-13841 · Privoxy +3 · Privoxy +3

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A memory leak in the show-status CGI handler can occur when no filter files are configured, potentially leading to a system crash. This issue affects Privoxy and can be exploited by attackers to...

7.8CVSS7.5AI score0.02355EPSS
Exploits0References57
Packet Storm
Packet Storm
added 2021/01/18 12:0 a.m.173 views

Cisco UCS Manager 2.2(1d) Remote Command Execution

import sys, ssl, os, time import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning Exploit Title : Cisco UCS Manager - 2.21d - Remote Command Execution Description : An unspecified CGI script in Cisco...

10CVSS9.7AI score0.08684EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/01/18 12:0 a.m.307 views

Cisco UCS Manager 2.2(1d) - Remote Command Execution

Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2021/01/15 12:0 a.m.16 views

Webmin < 1.970 RCE Vulnerability

miniserv.pl in Webmin on Windows mishandles special characters in query arguments to the CGI program. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.8CVSS7AI score0.0173EPSS
Exploits0References1
Fedora
Fedora
added 2021/01/14 1:40 a.m.3836 views

[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.3CVSS2.2AI score0.02983EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.3 views

The vulnerability of the do_cgi() function in D-Link DSL-2640B router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the docgi function in D-Link DSL-2640B router software arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS7.7AI score0.02601EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.13 views

Fedora: Security Advisory for awstats (FEDORA-2020-d1aa0e030c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2021/01/08 3:5 a.m.199 views

[SECURITY] Fedora 33 Update: awstats-7.8-2.fc33

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy server...

5.3CVSS0.4AI score0.01834EPSS
Exploits0
OSV
OSV
added 2020/12/31 8:15 a.m.3 views

CVE-2020-35743

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...

7.6CVSS7.2AI score0.00598EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 8:15 a.m.15 views

Sql injection

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...

6.5CVSS7.9AI score0.00598EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2020/12/31 7:45 a.m.19 views

CVE-2020-35743 HGiga MailSherlock - SQL Injection -3

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages...

7CVSS8AI score0.00598EPSS
Exploits0References1
OSV
OSV
added 2020/12/29 6:15 a.m.20 views

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

9.8CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2020/12/29 6:15 a.m.18 views

Code injection

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

7.5CVSS9.3AI score0.0173EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/12/29 5:35 a.m.20 views

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

9.5AI score0.0173EPSS
Exploits0References2
CVE
CVE
added 2020/12/29 5:35 a.m.110 views

CVE-2020-35769

Summary: CVE-2020-35769 affects Webmin 1.962 on Windows, via miniserv.pl mishandling special characters in CGI query parameters. This has been linked to remote command execution (in-the-wild vectors reported in multiple advisories) with CVSS 3.1/2.0 vectors indicating high/critical impact. Connec...

9.8CVSS9.4AI score0.0173EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.6 views

Webmin 输入验证错误漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. An input validation error vulnerability exists in Webmin version 1.962, which stems from miniserv.pl incorrectly handling special characters in the query parameters of a CGI program, and...

9.8CVSS5.8AI score0.0173EPSS
Exploits0References3
Prion
Prion
added 2020/12/28 7:15 a.m.18 views

Design/Logic Flaw

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/setfactory URI...

5CVSS7.2AI score0.012EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2020/12/23 9:54 p.m.28 views

Arbitrary File Read

AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...

9.8CVSS2.7AI score0.04352EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/23 12:0 a.m.218 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-5493)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5493 advisory. delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596...

7.5CVSS6.5AI score0.03813EPSS
Exploits2References5
Rows per page
Query Builder