Lucene search
K

249 matches found

CNNVD
CNNVD
added 2024/11/20 12:0 a.m.4 views

KASDA KW5515 安全漏洞

KASDA KW5515 is a wireless router from KASDA. A security vulnerability exists in KASDA KW5515 v1.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands via cgi parameters...

9.1CVSS7.5AI score0.00546EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 2:15 a.m.7 views

CVE-2024-8882

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS conditions via a crafted URL...

4.5CVSS6.1AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 2:15 a.m.3 views

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

6.8CVSS5.9AI score0.0068EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 5:32 p.m.5 views

CLSA-2024-1730134476 php: Fix of 2 CVEs

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration - CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...

7.5CVSS6.8AI score0.01077EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.7 views

The vulnerability of the cgi_get_cooliris() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgigetcooliris function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...

9CVSS8.1AI score0.01821EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/09/09 12:0 a.m.5 views

D-Link多款产品 安全漏洞

D-Link DI-7003G and others are a wireless router from China AUO D-Link. A security vulnerability exists in various D-Link products, which stems from insufficient parameter filtering in the CGI handler function of upgradefilter.asp. The following products and versions are affected: D-Link DI-7003G...

8.8CVSS6.8AI score0.31751EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/14 12:0 a.m.3 views

CAYIN CMS 安全漏洞

Cayin CAYIN CMS is a content management system CMS from China Cayin Cayin. A security vulnerability exists in CAYIN CMS, which stems from a lack of proper access control and allows an unauthenticated, remote attacker to download arbitrary CGI files...

7.5CVSS6.9AI score0.00616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/15 4:20 p.m.6 views

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.8 views

PHP OS Command Injection Vulnerability

PHP is a scripting language that executes on the server side. PHP suffers from an operating system command injection vulnerability that arises when, under certain conditions, the Windows system replaces characters on the command line with the "Best-Fit" behavior, which may cause the PHP CGI modul...

9.8CVSS9.4AI score0.99987EPSS
Exploits64References23
RedHat Linux
RedHat Linux
added 2024/05/30 1:22 p.m.4 views

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References4
OSV
OSV
added 2024/05/27 6:15 a.m.4 views

CVE-2024-5400

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

8.8CVSS6.1AI score0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.9 views

PT-2024-36006

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue is related to improper filtering of parameters in specific CGI, allowing remote attackers with regular privileges to execute arbitrary system commands on the remote...

8.8CVSS6.2AI score0.00578EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/05/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.04526EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.6 views

The vulnerability of the web interface of the E-DDC3.3 automation station’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the E-DDC3.3 automation station’s web interface involves incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted web requests via the CGI protocol...

10CVSS7.7AI score0.01446EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.4 views

PT-2024-1441 · Se Elektronic Gmbh · E-Ddc3.3

Name of the Vulnerable Software and Affected Versions: SE-elektronic GmbH E-DDC3.3 versions 03.07.03 and higher Description: The issue is related to a remote command execution vulnerability in the web configuration functionality of the device, allowing an attacker to send different commands from...

9.8CVSS8.6AI score0.01446EPSS
Exploits1References9
OSV
OSV
added 2024/01/22 5:15 a.m.5 views

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

6.1CVSS5.9AI score0.00395EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.4 views

The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN devices allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN network devices is related to deficiencies in access control for personal information. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...

6.8CVSS6.9AI score0.00771EPSS
Exploits0References3Affected Software5
ATTACKERKB
ATTACKERKB
added 2023/12/07 6:15 p.m.4 views

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

8.8CVSS6.1AI score0.0122EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.6 views

Synology SSL VPN Client Security Vulnerability

Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from China-based Synology Inc. A security vulnerability exists in Synology SSL VPN Client prior to version 1.4.7-0687, which stems from a buffer replication in the cgi component that does not check the input...

5.5CVSS6.6AI score0.00194EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/02 12:0 a.m.9 views

The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster allows a intruder to disclose protected information.

The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster exists due to the lack of authentication checks before access to functions is granted. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

6.5CVSS6.5AI score0.00682EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder