249 matches found
PT-2023-9272 · Eclipse +4 · Eclipse Jetty +4
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.52 Eclipse Jetty versions prior to 10.0.16 Eclipse Jetty versions prior to 11.0.16 Eclipse Jetty versions prior to 12.0.0-beta2 Description: The issue is related to the formation of a command line that...
PT-2023-28081 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to a Path Traversal vulnerability in the cgi component, allowing remote attackers to read specific files via unspecified vectors. Recommendations: Fo...
CVE-2023-33274
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...
CVE-2023-33274
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...
ruby/cgi-gem: HTTP response splitting in CGI
A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...
CVE-2023-29709
An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...
ruby/cgi-gem: HTTP response splitting in CGI
A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...
Synology Router Manager 操作系统命令注入漏洞
Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. in China. An operating system command injection vulnerability exists in Synology Router Manager SRM before version 1.2.5-8227-6. A remote attacker can exploit this vulnerability to execute...
The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.
The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router RAX30 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2023-2268 · NetGear · Netgear Nighthawk Wifi6 Router
Name of the Vulnerable Software and Affected Versions: NETGEAR Nighthawk WiFi6 Router versions prior to V1.0.10.94 Description: The issue is related to a buffer overflow vulnerability in the CGI mechanisms of the router's software. This vulnerability could allow an attacker to execute arbitrary...
SUSE CVE-2003-0709
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...
SUSE CVE-2006-2489
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...
SUSE CVE-2008-1111
modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...
SUSE CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...
SUSE CVE-2013-3738
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...
SUSE CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
SUSE CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...
SUSE CVE-2021-20273
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off...
PT-2023-14796 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered in the Common Gateway Interface CGI program cs.exe, allowing an attacker to increase or decrease an arbitrary memory address by 1 and trigger a call to ...
USN-5806-1 ruby2.3 vulnerability
Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application...