Lucene search
K

9795 matches found

Fedora
Fedora
added 2020/10/04 12:16 a.m.50 views

[SECURITY] Fedora 33 Update: php-7.4.11-1.fc33

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS2.2AI score0.05029EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/10/04 12:0 a.m.21 views

Fedora: Security Advisory for php (FEDORA-2020-4573f0e03a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.3AI score0.05029EPSS
Exploits1References2
OSV
OSV
added 2020/10/02 9:15 a.m.6 views

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...

9.8CVSS7.3AI score0.0129EPSS
Exploits0References2
OSV
OSV
added 2020/10/02 9:15 a.m.6 views

CVE-2020-12123

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work...

8.1CVSS7.2AI score0.00425EPSS
Exploits0References2
OSV
OSV
added 2020/10/02 9:15 a.m.5 views

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

9.8CVSS7.6AI score0.75215EPSS
Exploits0References2
Prion
Prion
added 2020/10/02 9:15 a.m.13 views

Authentication flaw

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...

7.5CVSS9.5AI score0.0129EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/10/02 9:15 a.m.13 views

Design/Logic Flaw

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

10CVSS9.7AI score0.75215EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2020/09/30 5:54 p.m.8 views

movietok.kr Cross Site Scripting vulnerability OBB-1375189

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.9 views

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

...

7.5CVSS7AI score0.25788EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.6 views

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs which generates a large number of processes.

...

5CVSS7AI score0.35342EPSS
Exploits0
Prion
Prion
added 2020/09/09 7:15 p.m.27 views

Command injection

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS9.6AI score0.17374EPSS
Exploits3References7Affected Software3
UbuntuCve
UbuntuCve
added 2020/09/09 7:15 p.m.54 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS7.2AI score0.17374EPSS
Exploits3References4
OSV
OSV
added 2020/09/09 7:15 p.m.1 views

UBUNTU-CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

9.8CVSS7.3AI score0.17374EPSS
Exploits3References5
CVE
CVE
added 2020/09/09 6:10 p.m.134 views

CVE-2020-24916

CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...

10CVSS9.4AI score0.17374EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2020/09/09 6:10 p.m.38 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

9.6AI score0.17374EPSS
Exploits3References7
OSV
OSV
added 2020/09/02 5:15 p.m.11 views

AZL-79064 CVE-2020-24553 affecting package golang 1.25.7-1

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.8AI score0.03646EPSS
Exploits2References1
OSV
OSV
added 2020/09/02 5:15 p.m.26 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS5.9AI score
Exploits0References10
UbuntuCve
UbuntuCve
added 2020/09/02 5:15 p.m.34 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.8AI score0.03646EPSS
Exploits2References6
Prion
Prion
added 2020/09/02 5:15 p.m.21 views

Type confusion

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

4.3CVSS6AI score0.03646EPSS
Exploits2References10Affected Software4
CVE
CVE
added 2020/09/02 4:25 p.m.318 views

CVE-2020-24553

CVE-2020-24553 affects Go before 1.14.8 and 1.15.x before 1.15.1. If the Content-Type header is not set, net/http/cgi and net/http/fcgi default to text/html for CGI/FCGI handlers, enabling cross‑site scripting via crafted responses. Exploitation is described as a remote attacker being able to run...

6.1CVSS6AI score0.03646EPSS
Exploits2References10Affected Software1
Rows per page
Query Builder