CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

BDU FSTEC•added 2024/04/22 12:0 a.m.•2 views

The vulnerability of the CGI script “info.cgi” in the microprogramming software of D-Link devices such as DNS-320L, DNS-320LW, and DNS-327L allows a hacker to execute arbitrary code.

The vulnerability of the CGI script in the info.cgi microprogramming system of D-Link’s DNS-320L, DNS-320LW, and DNS-327L devices is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP GET...

5.3CVSS6.8AI score0.33484EPSS

Exploits0References4Affected Software3

Zero Day Initiative•added 2023/09/07 12:0 a.m.•35 views

Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive da...

5.3CVSS6.1AI score0.00687EPSS

Exploits0References1

CNVD•added 2018/12/25 12:0 a.m.•2 views

Synology Router Manager Cross-Site Scripting Vulnerability

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology. A cross-site scripting vulnerability exists in the info.cgi file in Synology SRM versions prior to 1.1.7-6941, which can be exploited by remote attackers to inject arbitrary web script or HTML...

6.5CVSS5.9AI score0.00803EPSS

Exploits0References1

CNVD•added 2018/12/25 12:0 a.m.•2 views

Synology DiskStation Manager Cross-Site Scripting Vulnerability (CNVD-2019-03275)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. A cross-site scripting vulnerability exists in the info.cgi file in Synology DSM versions prior to...

6.5CVSS6AI score0.00803EPSS

Exploits0References1

ATTACKERKB•added 2018/12/24 3:29 p.m.•2 views

CVE-2018-8917

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

6.5CVSS5.7AI score0.00803EPSS

Exploits0References2

OSV•added 2018/12/24 3:29 p.m.•4 views

CVE-2018-8917

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

5.4CVSS5.9AI score

Exploits0References1

Prion•added 2018/12/24 3:29 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

3.5CVSS5.4AI score0.00803EPSS

Exploits0References1Affected Software1

NVD•added 2018/12/24 3:29 p.m.•19 views

CVE-2018-8917

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

6.5CVSS6.2AI score0.00803EPSS

Exploits0References1

CVE•added 2018/12/24 3:0 p.m.•54 views

CVE-2018-8917

The CVE-2018-8917 issue affects Synology DiskStation Manager (DSM) through the info.cgi component, with the host parameter allowing cross-site scripting. Affected versions are DSM before 6.1.6-15266. Root cause is input handling in info.cgi that enables arbitrary web script or HTML injection by r...

6.5CVSS5.4AI score0.00803EPSS

Exploits0References1Affected Software1

CVE•added 2018/12/24 3:0 p.m.•51 views

CVE-2018-8918

Synology Router Manager (SRM) is affected by a cross-site scripting (XSS) vulnerability in the info.cgi endpoint. The issue allows remote attackers to inject arbitrary web script or HTML via the host parameter in SRM versions prior to 1.1.7-6941. The root cause is an XSS flaw in how the host para...

6.5CVSS5.3AI score0.00803EPSS

Exploits0References1Affected Software1

Prion•added 2018/12/24 2:29 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in info.cgi in Synology Router Manager SRM before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

3.5CVSS5.4AI score0.00803EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2018/12/24 2:29 p.m.•2 views

CVE-2018-8918

Cross-site scripting XSS vulnerability in info.cgi in Synology Router Manager SRM before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

6.5CVSS5.7AI score0.00803EPSS

Exploits0References2

OSV•added 2018/12/24 2:29 p.m.•3 views

CVE-2018-8918

Cross-site scripting XSS vulnerability in info.cgi in Synology Router Manager SRM before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

5.4CVSS5.9AI score0.00803EPSS

Exploits0References1

Positive Technologies•added 2018/12/24 12:0 a.m.•4 views

PT-2018-18715 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the host parameter in the info.cgi...

6.5CVSS6.1AI score0.00803EPSS

Exploits0References3

Positive Technologies•added 2018/12/20 12:0 a.m.•3 views

PT-2018-3942 · D Link · D-Link Dcs Series Wi-Fi Cameras

Name of the Vulnerable Software and Affected Versions: D-Link DCS series Wi-Fi cameras versions 1.00 and above Description: The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote...

7.8CVSS7.3AI score0.01943EPSS

Exploits2References3

Circl•added 2018/05/29 3:50 p.m.•3 views

CVE-2014-125117

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlinkdspw215infocgibof.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9.8CVSS5.7AI score0.04698EPSS

Exploits1References1

Prion•added 2017/09/17 7:29 p.m.•16 views

Authentication flaw

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi,...

10CVSS9.6AI score0.14786EPSS

Exploits6References2Affected Software1

0day.today•added 2014/07/12 12:0 a.m.•31 views

D-Link DSP-W215 (info.cgi) POST Request Buffer Overflow Exploit

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the mycgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasplo...

8.3AI score

Exploits0

Packet Storm•added 2014/07/11 12:0 a.m.•35 views

D-Link info.cgi POST Request Buffer Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link info.cgi POST Request Buffer Overflow', 'Description' = %q This module exploits an anonymous remote code execution vulnerabili...

0.6AI score

Exploits0

Tenable Nessus•added 2014/02/05 12:0 a.m.•18 views

Synology DiskStation Manager < 4.3-3776 Update 3 info.cgi Multiple Parameters XSS

According to its version number, the Synology DiskStation Manager installed on the remote host is a version prior to 4.3-3776 Update 3. It is, therefore, potentially affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'host', 'target'...

5.4AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by