249 matches found
CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...
PT-2025-34848 · Clininet · Clininet
Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The paths /cgi-bin/CliniNET.prd/utils/userlogstat.pl, /cgi-bin/CliniNET.prd/utils/usrlogstat.pl, and /cgi-bin/CliniNET.prd/utils/dblogstat.pl expose data containing session IDs...
CVE-2009-10005 ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode
ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...
CVE-2009-10005
ContentKeeper Web Appliance (Impero) versions before 125.10 expose the mimencode binary via a CGI endpoint (/cgi-bin/ck/mimencode) allowing unauthenticated remote reading of arbitrary files (e.g., /etc/passwd) through crafted POST requests with traversal and output parameters. Root cause: exposed...
ContentKeeper Web Appliance 安全漏洞
ContentKeeper Web Appliance is a web content filtering and security gateway appliance from ContentKeeper Australia. A security vulnerability exists in the ContentKeeper Web Appliance versions prior to 125.10, which originates from a CGI endpoint that exposes the mimencode binary, which could allo...
PT-2025-34094 · Undefined · Undefined
ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...
Linux Distros Unpatched Vulnerability : CVE-2021-33621
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use...
BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...
SYNCK GRAPHICA Mailform Pro CGI 安全漏洞
SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI versions prior to 4.3.4, which originates from an error message...
CVE-2022-45923
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...
CGI: Denial of Service in CGI::Cookie.parse
A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...
CGI: ReDoS in CGI::Util#escapeElement
A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...
CGI: ReDoS in CGI::Util#escapeElement
A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...
The vulnerability in the Webmin web control panel allows a hacker to escalate their privileges.
The vulnerability in the Webmin server’s web control panel relates to the failure to handle CRLF sequences properly. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted CGI requests remotely...
D-Link DSL-3788 安全漏洞
The D-Link DSL-3788 is a modem from China-based AUO D-Link. The D-Link DSL-3788 suffers from a buffer overflow vulnerability that stems from the webproc cgi's COMMMAKECustomMsg function failing to correctly validate the length of the input data, which can be exploited by an attacker to cause a...
CVE-2024-41339
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...
PT-2025-2663 · Iocharger · Iocharger
Name of the Vulnerable Software and Affected Versions: Iocharger firmware for AC models versions prior to 24120701 Description: The issue allows attackers to upload arbitrary files to /tmp/upload/ or /tmp/ as any user, although the file upload interface is only visible to the iocadmin user. The...
PT-2025-49183
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.65 Description An issue exists in Apache HTTP Server where improper neutralization of escape, meta, or control sequences can occur through environment variables set via the Apache configuration. Th...
php: cgi.force_redirect configuration is bypassable due to the environment variable collision
A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...
php: cgi.force_redirect configuration is bypassable due to the environment variable collision
A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...