Lucene search
K

9795 matches found

Cvelist
Cvelist
added 2020/09/02 4:25 p.m.30 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.2AI score0.03646EPSS
Exploits2References10
AlpineLinux
AlpineLinux
added 2020/09/02 4:25 p.m.626 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.5AI score0.03646EPSS
Exploits2
Debian CVE
Debian CVE
added 2020/09/02 4:25 p.m.28 views

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

6.1CVSS6.7AI score0.03646EPSS
Exploits2
NVD
NVD
added 2020/09/02 4:15 p.m.17 views

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

9CVSS9AI score0.52717EPSS
Exploits1References4
Prion
Prion
added 2020/09/02 4:15 p.m.21 views

Command injection

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

9CVSS8.9AI score0.52717EPSS
Exploits1References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/09/02 12:0 a.m.43 views

FreeBSD : go -- net/http/cgi, net/http/fcgi: XSS (XSS) when Content-Type is not specified (67b050ae-ec82-11ea-9071-10c37b4ac2ea)

The Go project reports : When a Handler does not explicitly set the Content-Type header, both CGI implementations default to 'text/html'. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly...

6.1CVSS6.9AI score0.03646EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2020/09/02 12:0 a.m.617 views

Go CGI / FastCGI Transport Cross Site Scripting

Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return...

0.2AI score0.03646EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2020/08/28 12:0 a.m.3 views

PT-2020-5768 · Yaws +1 · Yaws +1

Name of the Vulnerable Software and Affected Versions: Yaws versions 1.81 through 2.0.7 Description: The issue is related to the CGI implementation in the Yaws web server, which is associated with incorrect cleaning of CGI requests. This can allow a remote attacker to access confidential data,...

10CVSS9.4AI score0.17374EPSS
Exploits4References29
NVD
NVD
added 2020/08/21 3:15 p.m.10 views

CVE-2020-24057

The management website of the Verint S5120FD VerintFW042 unit features a CGI endpoint 'ipfilter.cgi' that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as...

9CVSS9.2AI score0.05483EPSS
Exploits1References2
Prion
Prion
added 2020/08/21 3:15 p.m.16 views

Command injection

The management website of the Verint S5120FD VerintFW042 unit features a CGI endpoint 'ipfilter.cgi' that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as...

9CVSS9.1AI score0.05483EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/08/21 2:31 p.m.41 views

CVE-2020-24057

The Verint S5120FD (Verint_FW_0_42) management web interface exposes a CGI endpoint ipfilter.cgi that allows network filtering management and is vulnerable to command injection. An authenticated attacker can run arbitrary commands as root, gaining full control over the device. The affected compon...

9CVSS9.2AI score0.05483EPSS
Exploits1References2Affected Software1
FreeBSD
FreeBSD
added 2020/08/20 12:0 a.m.29 views

go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified

The Go project reports: When a Handler does not explicitly set the Content-Type header, both CGI implementations default to “text/html”. If an attacker can make a server generate content under their control e.g. a JSON containing user data or an uploaded image file this might be mistakenly return...

6.1CVSS1AI score0.03646EPSS
Exploits2References1
OSV
OSV
added 2020/08/06 5:15 p.m.4 views

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...

8.8CVSS6.8AI score0.01151EPSS
Exploits0References2
NVD
NVD
added 2020/08/06 5:15 p.m.29 views

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...

9CVSS7AI score0.01151EPSS
Exploits0References2
OSV
OSV
added 2020/08/06 4:15 p.m.4 views

CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

9.9CVSS7.5AI score0.33874EPSS
Exploits8References3
Cvelist
Cvelist
added 2020/08/06 3:45 p.m.22 views

CVE-2020-7357 Cayin CMS Command Injection

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

9.6CVSS9.9AI score0.33874EPSS
Exploits8References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.52 views

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

6.5CVSS0.2AI score0.14524EPSS
Exploits6Affected Software1
NVD
NVD
added 2020/07/13 2:15 p.m.11 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5CVSS0.01328EPSS
Exploits0References1
OSV
OSV
added 2020/07/13 2:15 p.m.5 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5CVSS5.8AI score0.01328EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/13 1:48 p.m.13 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5AI score0.01328EPSS
Exploits0References1
Rows per page
Query Builder