9795 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Go. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker...
ASUS RT-AC88U Information Disclosure Vulnerability
The ASUS RT-AC88U is a wireless router from Asus China. An information disclosure vulnerability exists in RT-AC88U Download Master versions prior to 3.1.0.108, which stems from allowing direct access to the downloadmaster dm app .cgi...
WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...
Format string
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...
Eldy Awstats Path Traversal Vulnerability
Eldy Awstats is Eldy personal developer of a log analysis tool applied to Web sites. The software supports analyzing Web, WAP, proxy, streaming server, FTP, mail server log files on all operating systems such as IIS 5.0 +, Apache, etc. It displays all Web statistics including: visitors, pages,...
The vulnerability of the cgi_api.php component in the network storage software from Western Digital’s MyCloud NAS allows a perpetrator to execute arbitrary code.
The vulnerability of the cgiapi.php component in the Western Digital MyCloud NAS network storage software is related to insecure privilege management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-12262
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...
CVE-2020-12262
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...
Cross site scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...
CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...
Directory traversal
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...
PT-2020-13751 · Intelbras · Intelbras Tip 200 Lite +2
Name of the Vulnerable Software and Affected Versions: Intelbras TIP 200 version 60.61.75.15 Intelbras TIP 200 LITE version 60.61.75.15 Intelbras TIP 300 version 65.61.75.22 Description: The issue allows Directory Traversal via the "cgi-bin/cgiServer.exx" endpoint with the page parameter set to...
Cross-Site Scripting Vulnerability in Multiple Intelbras Products
Intelbras TIP 200 and others are products of the Brazilian company Intelbras.Intelbras TIP 200 is an IP phone product.Intelbras TIP 200 Lite is an IP phone product.Intelbras TIP 300 is an IP phone product. A cross-site scripting vulnerability exists in several Intelbras products, which originates...
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE Authenticated Date: 5 Aug 2020 Exploit Author: maj0rmil4d Vendor Homepage: http://www.seowonintech.co.kr/en/ Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: 1.0.11 Possibly al...
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
Medium: golang
Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory ALAS-2020-1445 to update your...
Updated golang packages fix a security vulnerability
A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing fo...
Medium: golang
Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...
Cellinx NVT Web Server Access Control Error Vulnerability
Cellinx NVT Web Server is a web platform for virtual terminal management NVT from Cellinx, Korea. The platform is mainly used for managing video surveillance devices, and it is divided into monitoring page and setting page to control terminals. An access control error vulnerability exists in...