9784 matches found
CVE-2025-14184 SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAMEFILE/OPERATEFILE/NGNIXUPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14183
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
SUSE CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
Exploit for OS Command Injection in Gnu Bash
Exploiting Shellshock CVE-2014-6271: A Complete, Modern Demo...
EUVD-2025-201404
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
AZL-71596 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
ALPINE-CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
AZL-71590 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
AZL-71528 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
UBUNTU-CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
UBUNTU-CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200
CVE-2025-66200 affects Apache HTTP Server 2.4.7–2.4.65. A mod_userdir+suexec bypass via AllowOverride FileInfo lets users with htaccess access to the RequestHeader directive cause some CGI scripts to execute under an unexpected userid. Connected advisories confirm the fix is in 2.4.66 (e.g., Debi...
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
EUVD-2025-201403
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-65082
CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...
CVE-2025-65082 Apache HTTP Server: CGI environment variable override
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
[SECURITY] Fedora 41 Update: fcgi-2.4.7-1.fc41
FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs...
CVE-2025-29843
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...