FreshTomato httpd logs/view.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1641 FreshTomato httpd logs/view.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-42484 SUMMARY An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP...

Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1610 Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability January 26, 2023 CVE Number CVE-2022-38715 SUMMARY A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1608 Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-38459 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD...

Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1609 Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38088 SUMMARY A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...

FreshTomato httpd update.cgi directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1642 FreshTomato httpd update.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38451 SUMMARY A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can...

PT-2023-13586 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A directory traversal issue exists in the httpd downfile.cgi functionality, allowing an attacker to send a specially-crafted HTTP request to read arbitrary files. Recommendations...

PT-2023-13580 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A command injection issue exists in the httpd SNMP functionality, allowing arbitrary command execution through a specially-crafted HTTP response. An attacker can trigger this iss...

Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....

PT-2023-13894 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A directory traversal issue exists in the httpd delfile.cgi functionality, allowing an attacker to send a specially-crafted HTTP request to delete arbitrary files. Recommendation...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

RHEL 6 / 7 : httpd24-httpd and httpd24-mod_md (RHSA-2020:2263)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2263 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modrewrite...

Slackware: Security Advisory (SSA:2023-018-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-36760

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

CVE-2022-37436

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.55-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modproxy allow...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-018-02)

The version of httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-018-02 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

CVE-2022-47853

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...

Command injection

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2022-47853

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...