Lucene search
K

249 matches found

Cvelist
Cvelist
added 2025/08/27 10:21 a.m.5 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.4 views

PT-2025-34848 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The paths /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl expose data containing session IDs...

9.4CVSS5.9AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/20 3:31 p.m.13 views

CVE-2009-10005 ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

8.7CVSS0.00722EPSS
Exploits0References5
CVE
CVE
added 2025/08/20 3:31 p.m.16 views

CVE-2009-10005

ContentKeeper Web Appliance (Impero) versions before 125.10 expose the mimencode binary via a CGI endpoint (/cgi-bin/ck/mimencode) allowing unauthenticated remote reading of arbitrary files (e.g., /etc/passwd) through crafted POST requests with traversal and output parameters. Root cause: exposed...

8.7CVSS6.6AI score0.00722EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.4 views

ContentKeeper Web Appliance 安全漏洞

ContentKeeper Web Appliance is a web content filtering and security gateway appliance from ContentKeeper Australia. A security vulnerability exists in the ContentKeeper Web Appliance versions prior to 125.10, which originates from a CGI endpoint that exposes the mimencode binary, which could allo...

8.7CVSS6.8AI score0.00722EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34094 · Undefined · Undefined

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

8.7CVSS7.2AI score0.00722EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-33621

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use...

8.8CVSS6.8AI score0.02287EPSS
Exploits1References2
OSV
OSV
added 2025/08/11 1:54 p.m.4 views

BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

7.5CVSS7.2AI score0.01077EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.3 views

SYNCK GRAPHICA Mailform Pro CGI 安全漏洞

SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI versions prior to 4.3.4, which originates from an error message...

6.3CVSS4.7AI score0.00338EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.8 views

CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

8.8CVSS6.9AI score0.01874EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2025/05/06 2:33 a.m.4 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00784EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/06 2:33 a.m.4 views

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

7.5CVSS5.7AI score0.00702EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/06 2:20 a.m.10 views

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

7.5CVSS5.7AI score0.00702EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/05/05 12:0 a.m.8 views

The vulnerability in the Webmin web control panel allows a hacker to escalate their privileges.

The vulnerability in the Webmin server’s web control panel relates to the failure to handle CRLF sequences properly. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted CGI requests remotely...

9CVSS8AI score
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

D-Link DSL-3788 安全漏洞

The D-Link DSL-3788 is a modem from China-based AUO D-Link. The D-Link DSL-3788 suffers from a buffer overflow vulnerability that stems from the webproc cgi's COMMMAKECustomMsg function failing to correctly validate the length of the input data, which can be exploited by an attacker to cause a...

7.5CVSS7AI score0.00747EPSS
Exploits0References2
OSV
OSV
added 2025/02/27 9:15 p.m.2 views

CVE-2024-41339

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...

8.8CVSS5.9AI score0.00614EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.6 views

PT-2025-2663 · Iocharger · Iocharger

Name of the Vulnerable Software and Affected Versions: Iocharger firmware for AC models versions prior to 24120701 Description: The issue allows attackers to upload arbitrary files to /tmp/upload/ or /tmp/ as any user, although the file upload interface is only visible to the iocadmin user. The...

5.3CVSS7.1AI score0.00587EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.3 views

PT-2025-49183

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.65 Description An issue exists in Apache HTTP Server where improper neutralization of escape, meta, or control sequences can occur through environment variables set via the Apache configuration. Th...

6.5CVSS7AI score0.00771EPSS
Exploits0References215
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.5 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/12/11 4:19 p.m.4 views

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

7.5CVSS5.7AI score0.01077EPSS
Exploits1References6
Rows per page
Query Builder