11 matches found
PT-2025-18077 · Usermin · Usermin
Name of the Vulnerable Software and Affected Versions: Usermin versions 0.980 through 1.x before 1.660 Description: The issue allows remote code execution in uconfig save.cgi due to the use of the two-argument form of Perl open, specifically in the sig file free function. This enables an attacker...
CVE-2019-18938
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution...
CVE-2018-18852
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...
CVE-2018-18852
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...
Command injection
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...
CVE-2018-18852
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...
CVE-2018-18852
Cerio DT-300N devices, version 1.1.6–1.1.12, are affected by an OS command injection due to improper input validation in the web-interface PING feature (Save.cgi). The issue allows execution of arbitrary commands on the device; exploitation was observed in the wild in October 2018. CVSS details p...
VulnCheck KEV: CVE-2018-18852
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...
Usermin cross-site scripting vulnerabilties
Overview Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...
CVE-2006-4246
Usermin before 1.220 20060629 allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user...
CVE-2006-4246
Usermin before 1.220 20060629 allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user...