Lucene search
K

67 matches found

CVE
CVE
added 2023/04/28 5:31 p.m.56 views

CVE-2023-2384

CVE-2023-2384 affects Netgear SRX5308 Web Management Interface, specifically the file scgi-bin/platform.cgi?page=dmz_setup.htm. The vulnerability arises from insufficient input validation on the dhcp.SecDnsIPByte2 parameter, enabling remote cross-site scripting. Multiple sources confirm versions ...

4.8CVSS4.3AI score0.00649EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/04/28 5:0 p.m.43 views

CVE-2023-2381

CVE-2023-2381 affects Netgear SRX5308 Web Management Interface up to firmware 4.3.5-3. The vulnerability is a cross-site scripting flaw in the BandWidthProfile.ProfileName parameter within scgi-bin/platform.cgi?page=bandwidth_profile.htm, exploitable remotely and reportedly disclosed. Public refe...

4.8CVSS4.2AI score0.00605EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.2 views

SUSE CVE-2007-3950

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...

4.3CVSS6.8AI score0.02915EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/08/26 7:32 p.m.53 views

Server secret was included in static assets and served to clients

Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...

1.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2020/08/26 7:32 p.m.10 views

GHSA-R587-7JH2-4QR3 Server secret was included in static assets and served to clients

Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...

7.6AI score
Exploits0References4
OSV
OSV
added 2020/06/02 2:15 p.m.5 views

CVE-2020-13229

An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...

8.8CVSS7.3AI score0.01607EPSS
Exploits1References2
NVD
NVD
added 2020/06/02 2:15 p.m.22 views

CVE-2020-13228

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...

6.1CVSS6AI score0.03075EPSS
Exploits4References4
OSV
OSV
added 2020/06/02 2:15 p.m.6 views

CVE-2020-13228

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...

6.1CVSS6.4AI score0.03075EPSS
Exploits4References4
NVD
NVD
added 2020/06/02 2:15 p.m.15 views

CVE-2020-13229

An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...

8.8CVSS8.8AI score0.01607EPSS
Exploits1References2
Prion
Prion
added 2020/06/02 2:15 p.m.17 views

Cross site scripting

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...

4.3CVSS5.9AI score0.03075EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2020/06/02 1:51 p.m.25 views

CVE-2020-13228

An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...

6AI score0.03075EPSS
Exploits4References4
Prion
Prion
added 2017/10/23 8:29 a.m.16 views

Directory traversal

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...

5CVSS7.7AI score0.02178EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2017/10/23 8:29 a.m.12 views

CVE-2017-15805

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...

7.5CVSS7.7AI score0.02178EPSS
Exploits0References1
CVE
CVE
added 2017/10/23 8:0 a.m.50 views

CVE-2017-15805

Cisco Small Business SA520/SA540 devices with firmware 2.1.71 and 2.2.0.7 are affected by a directory traversal vulnerability in scgi-bin/platform.cgi via the thispage parameter, enabling reading of arbitrary files. Root cause: improper validation of the thispage parameter leading to path travers...

7.5CVSS7.6AI score0.02178EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2015/11/23 12:0 a.m.29 views

Phusion Passenger Server allows to overwrite headers in some cases

It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...

4.3CVSS6.8AI score0.02364EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2015/04/27 8:45 a.m.36 views

[SECURITY] Fedora 21 Update: cherokee-1.2.103-6.fc21

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...

6.8CVSS1AI score0.02844EPSS
Exploits0
Fedora
Fedora
added 2015/04/22 10:42 p.m.29 views

[SECURITY] Fedora 22 Update: cherokee-1.2.103-6.fc22

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...

6.8CVSS1AI score0.02844EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/04/02 12:0 a.m.19 views

Fedora Update for cherokee FEDORA-2011-14622

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14622 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.8CVSS0.2AI score0.01398EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/04/02 12:0 a.m.28 views

Fedora Update for cherokee FEDORA-2011-12657

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12657 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.8CVSS0.2AI score0.01398EPSS
Exploits1References2
Fedora
Fedora
added 2011/11/25 1:53 a.m.75 views

[SECURITY] Fedora 16 Update: cherokee-1.2.101-1.fc16

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...

6.8CVSS1AI score0.01398EPSS
Exploits1
Rows per page
Query Builder