67 matches found
CVE-2023-2384
CVE-2023-2384 affects Netgear SRX5308 Web Management Interface, specifically the file scgi-bin/platform.cgi?page=dmz_setup.htm. The vulnerability arises from insufficient input validation on the dhcp.SecDnsIPByte2 parameter, enabling remote cross-site scripting. Multiple sources confirm versions ...
CVE-2023-2381
CVE-2023-2381 affects Netgear SRX5308 Web Management Interface up to firmware 4.3.5-3. The vulnerability is a cross-site scripting flaw in the BandWidthProfile.ProfileName parameter within scgi-bin/platform.cgi?page=bandwidth_profile.htm, exploitable remotely and reportedly disclosed. Public refe...
SUSE CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
Server secret was included in static assets and served to clients
Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...
GHSA-R587-7JH2-4QR3 Server secret was included in static assets and served to clients
Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
Cross site scripting
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
Directory traversal
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...
CVE-2017-15805
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...
CVE-2017-15805
Cisco Small Business SA520/SA540 devices with firmware 2.1.71 and 2.2.0.7 are affected by a directory traversal vulnerability in scgi-bin/platform.cgi via the thispage parameter, enabling reading of arbitrary files. Root cause: improper validation of the thispage parameter leading to path travers...
Phusion Passenger Server allows to overwrite headers in some cases
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...
[SECURITY] Fedora 21 Update: cherokee-1.2.103-6.fc21
Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...
[SECURITY] Fedora 22 Update: cherokee-1.2.103-6.fc22
Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...
Fedora Update for cherokee FEDORA-2011-14622
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14622 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for cherokee FEDORA-2011-12657
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12657 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 16 Update: cherokee-1.2.101-1.fc16
Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...