Lucene search
K

249 matches found

Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.8 views

PT-2023-9272 · Eclipse +4 · Eclipse Jetty +4

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.52 Eclipse Jetty versions prior to 10.0.16 Eclipse Jetty versions prior to 11.0.16 Eclipse Jetty versions prior to 12.0.0-beta2 Description: The issue is related to the formation of a command line that...

9.8CVSS7.2AI score0.99999EPSS
Exploits32References116
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.11 views

PT-2023-28081 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to a Path Traversal vulnerability in the cgi component, allowing remote attackers to read specific files via unspecified vectors. Recommendations: Fo...

5.3CVSS5AI score0.00759EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/07/12 9:15 p.m.6 views

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

9.8CVSS5.8AI score0.00884EPSS
Exploits1References2
OSV
OSV
added 2023/07/12 9:15 p.m.6 views

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

9.8CVSS5.8AI score0.00884EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/06/27 3:16 p.m.7 views

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References4
OSV
OSV
added 2023/06/22 11:15 a.m.4 views

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

7.5CVSS5.8AI score0.00749EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/05/24 8:59 a.m.9 views

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.5 views

Synology Router Manager 操作系统命令注入漏洞

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. in China. An operating system command injection vulnerability exists in Synology Router Manager SRM before version 1.2.5-8227-6. A remote attacker can exploit this vulnerability to execute...

9.8CVSS9AI score0.01534EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.6 views

The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.

The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router RAX30 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.00813EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.5 views

PT-2023-2268 · NetGear · Netgear Nighthawk Wifi6 Router

Name of the Vulnerable Software and Affected Versions: NETGEAR Nighthawk WiFi6 Router versions prior to V1.0.10.94 Description: The issue is related to a buffer overflow vulnerability in the CGI mechanisms of the router's software. This vulnerability could allow an attacker to execute arbitrary...

10CVSS8.7AI score0.00813EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.5 views

SUSE CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

7.5CVSS8.3AI score0.02736EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.2 views

SUSE CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

7.5CVSS8.2AI score0.05431EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.2 views

SUSE CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

5CVSS7.1AI score0.02017EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.4 views

SUSE CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...

7.5CVSS7.9AI score0.32542EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.20 views

SUSE CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

9.8CVSS7.5AI score0.03125EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.3 views

SUSE CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS7AI score0.011EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

7.5CVSS8.7AI score0.10118EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-20273

A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off...

7.5CVSS7.1AI score0.01953EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.5 views

PT-2023-14796 · Opentext · Opentext Content Suite Platform

Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered in the Common Gateway Interface CGI program cs.exe, allowing an attacker to increase or decrease an arbitrary memory address by 1 and trigger a call to ...

8.8CVSS8.5AI score0.01874EPSS
Exploits2References6
OSV
OSV
added 2023/01/17 3:59 p.m.6 views

USN-5806-1 ruby2.3 vulnerability

Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References2
Rows per page
Query Builder