108 matches found
CVE-2022-3844 Webmin index.cgi cross site scripting
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issu...
CVE-2022-1669
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...
CVE-2022-1669
CVE-2022-1669 affects Circutor COMPACT DC-S BASIC (CIR_CDC_v1.2.17). A stack-based buffer overflow exists in the firewall function of the provisioning/management portal: an authenticated user can send a long Address value to a strcpy‑based copy without length checks, overflowing the process stack...
CVE-2021-26777
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...
Buffer overflow
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...
CVE-2021-26777
CVE-2021-26777 concerns a buffer overflow in SetFirewall within index.cgi of Circutor Compact DC-S BASIC smart metering concentrator firmware CIR_CDC_v1.2.17. The flaw stems from improper data boundary handling, enabling an attacker to execute arbitrary code remotely via the device’s network inte...
Zen Load Balancer 'index.cgi' Directory Traversal Vulnerability
Zen Load Balancer is a complete load balancing solution that provides high availability for TCP, UDP, advanced HTTP and HTTPS services, and data line communications uplinks. A directory traversal vulnerability exists in Zen Load Balancer 'index.cgi'. An attacker can exploit the vulnerability to...
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...
Design/Logic Flaw
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...
CVE-2018-19191
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...
Code injection
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...
CVE-2019-7301
Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=ViewCert certname parameter...
autobazar.inkiev.net XSS vulnerability
Open Bug Bounty ID: OBB-655103 Description| Value ---|--- Affected Website:| autobazar.inkiev.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
jgo-os.com XSS vulnerability
Open Bug Bounty ID: OBB-654985 Description| Value ---|--- Affected Website:| jgo-os.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability
Document Title: =============== Barracuda ADC 5.x - CS Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1425 Release Date: ============= 2018-07-10 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2018-6211
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
D-Link DIR-620 Router OS Command Injection Vulnerability
D-link DIR-620 is a wireless router product from AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-620 that stems from the program failing to properly handle the 'resbuf' parameter passed to the index.cgi file. An attacker can exploit this vulnerability to...
PT-2018-3904 · D Link · D-Link Dir-620
Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to incorrect processing of the res buf parameter to "index.cgi", allowing OS command injection. This can be exploited by a remote...