Lucene search
K

108 matches found

Vulnrichment
Vulnrichment
added 2022/11/02 12:0 a.m.14 views

CVE-2022-3844 Webmin index.cgi cross site scripting

A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issu...

4CVSS6.2AI score0.00591EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 6:15 p.m.3 views

CVE-2022-1669

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...

8.1CVSS6AI score0.00718EPSS
Exploits0References1
CVE
CVE
added 2022/05/24 5:38 p.m.66 views

CVE-2022-1669

CVE-2022-1669 affects Circutor COMPACT DC-S BASIC (CIR_CDC_v1.2.17). A stack-based buffer overflow exists in the firewall function of the provisioning/management portal: an authenticated user can send a long Address value to a strcpy‑based copy without length checks, overflowing the process stack...

8.1CVSS7.4AI score0.00718EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/02 4:15 a.m.22 views

CVE-2021-26777

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...

10CVSS0.02445EPSS
Exploits1References1
Prion
Prion
added 2021/12/02 4:15 a.m.16 views

Buffer overflow

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...

10CVSS9.7AI score0.02445EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/02 3:26 a.m.52 views

CVE-2021-26777

CVE-2021-26777 concerns a buffer overflow in SetFirewall within index.cgi of Circutor Compact DC-S BASIC smart metering concentrator firmware CIR_CDC_v1.2.17. The flaw stems from improper data boundary handling, enabling an attacker to execute arbitrary code remotely via the device’s network inte...

10CVSS9.7AI score0.02445EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/04/13 12:0 a.m.1 views

Zen Load Balancer 'index.cgi' Directory Traversal Vulnerability

Zen Load Balancer is a complete load balancing solution that provides high availability for TCP, UDP, advanced HTTP and HTTPS services, and data line communications uplinks. A directory traversal vulnerability exists in Zen Load Balancer 'index.cgi'. An attacker can exploit the vulnerability to...

7.1AI score
Exploits0References1
NVD
NVD
added 2020/04/02 2:15 p.m.20 views

CVE-2020-11491

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

4.9CVSS4.9AI score0.0787EPSS
Exploits1References2
OSV
OSV
added 2020/04/02 2:15 p.m.4 views

CVE-2020-11491

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

4.9CVSS5.8AI score0.0787EPSS
Exploits1References2
Prion
Prion
added 2020/04/02 2:15 p.m.19 views

Design/Logic Flaw

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...

9CVSS7.2AI score0.01926EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/02 1:7 p.m.20 views

CVE-2020-11491

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

5AI score0.0787EPSS
Exploits1References2
NVD
NVD
added 2019/03/21 4:0 p.m.27 views

CVE-2018-19191

Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...

5.4CVSS5.3AI score0.3965EPSS
Exploits2References2
Prion
Prion
added 2019/03/21 4:0 p.m.23 views

Code injection

Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...

3.5CVSS5.2AI score0.3965EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/02/01 9:0 a.m.16 views

CVE-2019-7301

Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=ViewCert certname parameter...

7.2AI score0.03415EPSS
Exploits4References2
Openbugbounty
Openbugbounty
added 2018/07/28 4:52 p.m.12 views

autobazar.inkiev.net XSS vulnerability

Open Bug Bounty ID: OBB-655103 Description| Value ---|--- Affected Website:| autobazar.inkiev.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/07/28 1:58 p.m.10 views

jgo-os.com XSS vulnerability

Open Bug Bounty ID: OBB-654985 Description| Value ---|--- Affected Website:| jgo-os.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2018/07/10 12:0 a.m.550 views

Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability

Document Title: =============== Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1425 Release Date: ============= 2018-07-10 Vulnerability Laboratory ID VL-ID: ====================================...

0.4AI score
Exploits0
OSV
OSV
added 2018/06/20 4:29 p.m.4 views

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

7.2CVSS5.8AI score0.05768EPSS
Exploits1References4
CNVD
CNVD
added 2018/05/24 12:0 a.m.2 views

D-Link DIR-620 Router OS Command Injection Vulnerability

D-link DIR-620 is a wireless router product from AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-620 that stems from the program failing to properly handle the 'resbuf' parameter passed to the index.cgi file. An attacker can exploit this vulnerability to...

9CVSS7.4AI score0.05768EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/05/23 12:0 a.m.7 views

PT-2018-3904 · D Link · D-Link Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to incorrect processing of the res buf parameter to "index.cgi", allowing OS command injection. This can be exploited by a remote...

9CVSS7.4AI score0.05768EPSS
Exploits1References6
Rows per page
Query Builder