249 matches found
KASDA KW5515 安全漏洞
KASDA KW5515 is a wireless router from KASDA. A security vulnerability exists in KASDA KW5515 v1.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands via cgi parameters...
CVE-2024-8882
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS conditions via a crafted URL...
CVE-2024-8881
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...
CLSA-2024-1730134476 php: Fix of 2 CVEs
CVE-2024-8927: Fix bypass of cgi.forceredirect configuration - CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer...
The vulnerability of the cgi_get_cooliris() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgigetcooliris function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...
D-Link多款产品 安全漏洞
D-Link DI-7003G and others are a wireless router from China AUO D-Link. A security vulnerability exists in various D-Link products, which stems from insufficient parameter filtering in the CGI handler function of upgradefilter.asp. The following products and versions are affected: D-Link DI-7003G...
CAYIN CMS 安全漏洞
Cayin CAYIN CMS is a content management system CMS from China Cayin Cayin. A security vulnerability exists in CAYIN CMS, which stems from a lack of proper access control and allows an unauthenticated, remote attacker to download arbitrary CGI files...
ruby/cgi-gem: HTTP response splitting in CGI
A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...
PHP OS Command Injection Vulnerability
PHP is a scripting language that executes on the server side. PHP suffers from an operating system command injection vulnerability that arises when, under certain conditions, the Windows system replaces characters on the command line with the "Best-Fit" behavior, which may cause the PHP CGI modul...
ruby/cgi-gem: HTTP response splitting in CGI
A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...
CVE-2024-5400
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...
PT-2024-36006
Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue is related to improper filtering of parameters in specific CGI, allowing remote attackers with regular privileges to execute arbitrary system commands on the remote...
VulnCheck KEV: CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
The vulnerability of the web interface of the E-DDC3.3 automation station’s microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the E-DDC3.3 automation station’s web interface involves incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted web requests via the CGI protocol...
PT-2024-1441 · Se Elektronic Gmbh · E-Ddc3.3
Name of the Vulnerable Software and Affected Versions: SE-elektronic GmbH E-DDC3.3 versions 03.07.03 and higher Description: The issue is related to a remote command execution vulnerability in the web configuration functionality of the device, allowing an attacker to send different commands from...
CVE-2024-22113
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...
The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN devices allows a intruder to gain unauthorized access to protected information.
The vulnerability of the CGI microprogramming interface of Zyxel ATP, USG FLEX, and VPN network devices is related to deficiencies in access control for personal information. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...
CVE-2023-33412
The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...
Synology SSL VPN Client Security Vulnerability
Synology SSL VPN Client is a VPN client software for secure connection to Synology NAS from China-based Synology Inc. A security vulnerability exists in Synology SSL VPN Client prior to version 1.4.7-0687, which stems from a buffer replication in the cgi component that does not check the input...
The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster allows a intruder to disclose protected information.
The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster exists due to the lack of authentication checks before access to functions is granted. Exploiting this vulnerability could allow a malicious actor to disclose protected information...