9795 matches found
[SECURITY] Fedora 33 Update: php-7.4.11-1.fc33
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Fedora: Security Advisory for php (FEDORA-2020-4573f0e03a)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-12126
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...
CVE-2020-12123
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work...
CVE-2020-12124
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...
Authentication flaw
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...
Design/Logic Flaw
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...
movietok.kr Cross Site Scripting vulnerability OBB-1375189
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
...
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs which generates a large number of processes.
...
Command injection
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
UBUNTU-CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2020-24916
CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
AZL-79064 CVE-2020-24553 affecting package golang 1.25.7-1
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
Type confusion
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...
CVE-2020-24553
CVE-2020-24553 affects Go before 1.14.8 and 1.15.x before 1.15.1. If the Content-Type header is not set, net/http/cgi and net/http/fcgi default to text/html for CGI/FCGI handlers, enabling cross‑site scripting via crafted responses. Exploitation is described as a remote attacker being able to run...