9795 matches found
Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-5493)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5493 advisory. delve 1.4.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.4.1-1 - Rebase to 1.4.1 - Resolves: rhbz1821281 - Related: rhbz1820596...
CVE-2020-25494
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...
Code injection
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...
CVE-2020-25494
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...
Xinuos Openserver Parameter Injection Vulnerability
Xinuos Openserver is a FreeBSD-based operating system from the US company Xinuos. A security vulnerability exists in Xinuos formerly SCO Openserver versions v5 and v6 that allows an attacker to execute arbitrary commands to the cgi-bin printbook via the shell metacharacter outputform or toclevels...
CVE-2020-25494
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Recent assessments: gwillcox-r7 at October 15, 2021 3:45pm UTC reported: This is now being exploited in the wild by the Necro...
Information disclosure
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser...
Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A...
golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2548)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-2548)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-2512)
According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type...
Remote Code Execution
awstats is vulnerable to remote code execution. The vulnerability exists as cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
AWStats vulnerability CVE-2020-35176 affects AWStats up to version 7.8, where cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting /etc), enabling directory traversal and potential filesystem access. Root cause cited as an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw
Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...
CVE-2020-29656
An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dmapply.cgi?actionmode=initial&downloadtype=General&specialcgi=getlanguage makes it possible to reach "unknown functionality" in a "known to be easy" manner via an...