CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

EUVD-2025-203237

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

CVE-2025-14586 TOTOLINK X5000R cstecgi.cgi snprintf os command injection

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

EUVD-2024-55349

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

[SECURITY] Fedora 43 Update: perl-CGI-Simple-1.282-1.fc43

Simple totally OO CGI interface that is CGI.pm compliant...

[SECURITY] Fedora 42 Update: perl-CGI-Simple-1.282-1.fc42

Simple totally OO CGI interface that is CGI.pm compliant...

Fedora 43 : perl-CGI-Simple (2025-3dd97ed203)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3dd97ed203 advisory. 1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927. Tenable has extracted the preceding description block...

Fedora: Security Advisory (FEDORA-2025-47551b2aa2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-3dd97ed203)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : perl-CGI-Simple (2025-47551b2aa2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-47551b2aa2 advisory. 1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927. Tenable has extracted the preceding description block...

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

BIT-APACHE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65287

SNMP Web Pro 1.1 is affected by an unauthenticated directory traversal in cgi-bin/upload.cgi. The CGI concatenates user-supplied parameters onto /var/www/files/userScript/ using memcpy/strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The down...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

MGASA-2025-0322 Updated apache packages fix security vulnerabilities

Apache HTTP Server: modmd ACME, unintended retry intervals. CVE-2025-55753 Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Apache HTTP Server: CGI environment...

CVE-2025-14186

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...