Lucene search
K

9795 matches found

Tenable Nessus
Tenable Nessus
added 2020/12/23 12:0 a.m.218 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-5493)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5493 advisory. delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596...

7.5CVSS6.5AI score0.03813EPSS
Exploits2References5
NVD
NVD
added 2020/12/18 3:15 p.m.18 views

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

9.8CVSS9.8AI score0.39193EPSS
Exploits3References2
Prion
Prion
added 2020/12/18 3:15 p.m.24 views

Code injection

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

7.5CVSS9.8AI score0.39193EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/12/18 2:27 p.m.27 views

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

9.9AI score0.39193EPSS
Exploits3References2
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.8 views

Xinuos Openserver Parameter Injection Vulnerability

Xinuos Openserver is a FreeBSD-based operating system from the US company Xinuos. A security vulnerability exists in Xinuos formerly SCO Openserver versions v5 and v6 that allows an attacker to execute arbitrary commands to the cgi-bin printbook via the shell metacharacter outputform or toclevels...

9.8CVSS7.6AI score0.39193EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2020/12/18 12:0 a.m.319 views

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Recent assessments: gwillcox-r7 at October 15, 2021 3:45pm UTC reported: This is now being exploited in the wild by the Necro...

9.8CVSS9.8AI score0.39193EPSS
In wildExploits3References3
Prion
Prion
added 2020/12/17 4:15 a.m.15 views

Information disclosure

A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser...

5CVSS8.8AI score0.01567EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 5:50 p.m.32 views

Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Service.

Summary A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A...

6.1CVSS0.9AI score0.03646EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2020/12/15 5:12 p.m.7 views

golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS

A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in...

6.1CVSS7.3AI score0.03646EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2020/12/15 5:12 p.m.114 views

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.03813EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.59 views

EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2548)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2020/12/15 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-2548)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.03646EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2020/12/14 12:0 a.m.65 views

EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-2512)

According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References2
Veracode
Veracode
added 2020/12/13 4:24 a.m.31 views

Remote Code Execution

awstats is vulnerable to remote code execution. The vulnerability exists as cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format...

9.8CVSS2.3AI score0.02909EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2020/12/12 12:15 a.m.16 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS7AI score0.01834EPSS
Exploits0References4
OSV
OSV
added 2020/12/12 12:15 a.m.17 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.4AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/12/12 12:15 a.m.38 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.8AI score0.01834EPSS
Exploits0References2
CVE
CVE
added 2020/12/11 11:16 p.m.146 views

CVE-2020-35176

AWStats vulnerability CVE-2020-35176 affects AWStats up to version 7.8, where cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting /etc), enabling directory traversal and potential filesystem access. Root cause cited as an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.8AI score0.01834EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2020/12/09 2:56 p.m.231 views

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw

Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...

1.4AI score0.02275EPSS
Exploits0References13
OSV
OSV
added 2020/12/09 8:15 a.m.4 views

CVE-2020-29656

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dmapply.cgi?actionmode=initial&downloadtype=General&specialcgi=getlanguage makes it possible to reach "unknown functionality" in a "known to be easy" manner via an...

7.5CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder