CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

CVE-2025-56752

CVE-2025-56752 affects Ruijie RG-ES series switches running firmware ESW_1.0(1)B1P39. The vulnerability allows remote attackers to bypass authentication via a crafted HTTP POST to /user.cgi, granting unrestricted access to modify administrative settings and potentially take control of affected de...

CVE-2018-12312

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secretkey" URL parameter...

CVE-2018-12312

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secretkey" URL parameter...

Command injection

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secretkey" URL parameter...

CVE-2018-12307

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter...

ASUSTOR Data Master Account Enumeration Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A security vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability to enumerate all accounts on the device with the help of the user.cgi...

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

Code injection

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

suchhits.de XSS vulnerability

Open Bug Bounty ID: OBB-627396 Description| Value ---|--- Affected Website:| suchhits.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-6408

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account...

Gossamer Threads Links 2.x User.CGI Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13484/info Gossamer Threads Links is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

SurgeLDAP 1.0 User.CGI Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploi...

SurgeLDAP 1.0 d User.CGI Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8407/info SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may be rendered i...

CVE-2004-2253

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command...

Gossamer Threads Links 2.x - 'User.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13484/info Gossamer Threads Links is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...

[NT] SurgeLDAP Web Service user.cgi File Retrieval

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

SurgeLDAP10.txt

SurgeLDAP 1.0g Web service user.cgi File retrieval Release Date: April 13, 2004 Severity: Low Vendor: http://netwinsite.com Details: SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any number of schemas, easy to add/modify existing schemas,...