Lucene search
K

9795 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/12/09 4:42 a.m.33 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker...

6.1CVSS0.7AI score0.03646EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.7 views

ASUS RT-AC88U Information Disclosure Vulnerability

The ASUS RT-AC88U is a wireless router from Asus China. An information disclosure vulnerability exists in RT-AC88U Download Master versions prior to 3.1.0.108, which stems from allowing direct access to the downloadmaster dm app .cgi...

7.5CVSS7.1AI score0.01058EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/12/08 1:59 p.m.31 views

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

1.1AI score
Exploits0
Prion
Prion
added 2020/12/07 8:15 p.m.34 views

Format string

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

7.5CVSS7AI score0.04352EPSS
Exploits1References4Affected Software3
CNNVD
CNNVD
added 2020/12/07 12:0 a.m.9 views

Eldy Awstats Path Traversal Vulnerability

Eldy Awstats is Eldy personal developer of a log analysis tool applied to Web sites. The software supports analyzing Web, WAP, proxy, streaming server, FTP, mail server log files on all operating systems such as IIS 5.0 +, Apache, etc. It displays all Web statistics including: visitors, pages,...

9.8CVSS6.8AI score0.02909EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2020/12/01 12:0 a.m.3 views

The vulnerability of the cgi_api.php component in the network storage software from Western Digital’s MyCloud NAS allows a perpetrator to execute arbitrary code.

The vulnerability of the cgiapi.php component in the Western Digital MyCloud NAS network storage software is related to insecure privilege management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.07191EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/11/30 5:24 p.m.16 views

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

9.8AI score0.36672EPSS
Exploits1References1
NVD
NVD
added 2020/11/27 12:15 a.m.12 views

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

5.4CVSS5.7AI score0.01506EPSS
Exploits1References3
OSV
OSV
added 2020/11/27 12:15 a.m.4 views

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

5.4CVSS6.1AI score0.01506EPSS
Exploits1References3
Prion
Prion
added 2020/11/27 12:15 a.m.10 views

Cross site scripting

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

3.5CVSS5.7AI score0.01506EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2020/11/26 5:15 p.m.3 views

CVE-2020-13886

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

5.3CVSS6.8AI score0.04344EPSS
Exploits2References3
Prion
Prion
added 2020/11/26 5:15 p.m.19 views

Directory traversal

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

5CVSS5.4AI score0.04344EPSS
Exploits2References3Affected Software3
Positive Technologies
Positive Technologies
added 2020/11/26 12:0 a.m.5 views

PT-2020-13751 · Intelbras · Intelbras Tip 200 Lite +2

Name of the Vulnerable Software and Affected Versions: Intelbras TIP 200 version 60.61.75.15 Intelbras TIP 200 LITE version 60.61.75.15 Intelbras TIP 300 version 65.61.75.22 Description: The issue allows Directory Traversal via the "cgi-bin/cgiServer.exx" endpoint with the page parameter set to...

5.3CVSS6AI score0.04344EPSS
Exploits2References11
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.9 views

Cross-Site Scripting Vulnerability in Multiple Intelbras Products

Intelbras TIP 200 and others are products of the Brazilian company Intelbras.Intelbras TIP 200 is an IP phone product.Intelbras TIP 200 Lite is an IP phone product.Intelbras TIP 300 is an IP phone product. A cross-site scripting vulnerability exists in several Intelbras products, which originates...

5.4CVSS5.9AI score0.01506EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.789 views

Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)

Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE Authenticated Date: 5 Aug 2020 Exploit Author: maj0rmil4d Vendor Homepage: http://www.seowonintech.co.kr/en/ Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: 1.0.11 Possibly al...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.926 views

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

10CVSS9.8AI score0.89849EPSS
Exploits11
Amazon
Amazon
added 2020/11/18 12:0 a.m.47 views

Medium: golang

Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory ALAS-2020-1445 to update your...

6.1CVSS6.9AI score0.03646EPSS
Exploits2
Mageia
Mageia
added 2020/11/15 3:45 p.m.95 views

Updated golang packages fix a security vulnerability

A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References3
Amazon
Amazon
added 2020/11/11 12:0 a.m.39 views

Medium: golang

Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

6.1CVSS6.9AI score0.03646EPSS
Exploits2
CNVD
CNVD
added 2020/11/09 12:0 a.m.1 views

Cellinx NVT Web Server Access Control Error Vulnerability

Cellinx NVT Web Server is a web platform for virtual terminal management NVT from Cellinx, Korea. The platform is mainly used for managing video surveillance devices, and it is divided into monitoring page and setting page to control terminals. An access control error vulnerability exists in...

10CVSS7.3AI score0.02852EPSS
Exploits1References1
Rows per page
Query Builder