-
CGI Files ≈ Packet Storm
Sep 18, 2020 | 17:11 pm
TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 2, 2020 | 15:00 pm
The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more...
-
CGI Files ≈ Packet Storm
Aug 17, 2020 | 17:40 pm
This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions
Read more...
-
CGI Files ≈ Packet Storm
Jun 18, 2020 | 16:04 pm
This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 4, 2020 | 19:29 pm
CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
Read more...
-
CGI Files ≈ Packet Storm
Jun 4, 2020 | 19:26 pm
CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
Read more...
-
CGI Files ≈ Packet Storm
Jun 4, 2020 | 16:43 pm
Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files[…]
Read more...
-
CGI Files ≈ Packet Storm
May 22, 2020 | 19:03 pm
This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a[…]
Read more...
-
CGI Files ≈ Packet Storm
May 13, 2020 | 14:26 pm
Ubuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 23, 2020 | 19:32 pm
This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more...
-
CGI Files ≈ Packet Storm
Jan 22, 2020 | 16:26 pm
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Read more...
-
CGI Files ≈ Packet Storm
Jan 14, 2020 | 16:16 pm
This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
Read more...
-
CGI Files ≈ Packet Storm
Sep 9, 2019 | 23:46 pm
The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more...
-
CGI Files ≈ Packet Storm
Aug 26, 2019 | 15:54 pm
Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]
Read more...
-
CGI Files ≈ Packet Storm
Jul 16, 2019 | 20:09 pm
Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 21, 2019 | 20:32 pm
The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 12, 2019 | 18:44 pm
Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more...
-
CGI Files ≈ Packet Storm
May 9, 2019 | 18:22 pm
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more...
-
CGI Files ≈ Packet Storm
May 9, 2019 | 14:55 pm
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more...
-
CGI Files ≈ Packet Storm
Apr 27, 2019 | 17:20 pm
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 23:55 pm
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 23:44 pm
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to,[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 21:01 pm
An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 20:32 pm
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password[…]
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!