-
CGI Files ≈ Packet Storm
Sep 10, 2019 | 01:46 am
The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more...
-
CGI Files ≈ Packet Storm
Aug 26, 2019 | 17:54 pm
Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]
Read more...
-
CGI Files ≈ Packet Storm
Jul 16, 2019 | 22:09 pm
Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 21, 2019 | 22:32 pm
The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 12, 2019 | 20:44 pm
Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more...
-
CGI Files ≈ Packet Storm
May 9, 2019 | 20:22 pm
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more...
-
CGI Files ≈ Packet Storm
May 9, 2019 | 16:55 pm
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more...
-
CGI Files ≈ Packet Storm
Apr 27, 2019 | 19:20 pm
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 27, 2019 | 01:55 am
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 27, 2019 | 01:44 am
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to,[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 23:01 pm
An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 22:32 pm
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 26, 2019 | 21:32 pm
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request[…]
Read more...
-
CGI Files ≈ Packet Storm
Mar 6, 2019 | 19:19 pm
This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading[…]
Read more...
-
CGI Files ≈ Packet Storm
Feb 5, 2019 | 03:33 am
devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the[…]
Read more...
-
CGI Files ≈ Packet Storm
Jan 18, 2019 | 15:44 pm
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field[…]
Read more...
-
CGI Files ≈ Packet Storm
Nov 19, 2018 | 20:09 pm
Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass[…]
Read more...
-
CGI Files ≈ Packet Storm
Oct 15, 2018 | 18:58 pm
The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or[…]
Read more...
-
CGI Files ≈ Packet Storm
Oct 12, 2018 | 18:22 pm
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Read more...
-
CGI Files ≈ Packet Storm
Oct 12, 2018 | 18:16 pm
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Read more...
-
CGI Files ≈ Packet Storm
Aug 8, 2018 | 03:11 am
man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
Read more...
-
CGI Files ≈ Packet Storm
Jul 16, 2018 | 23:11 pm
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in[…]
Read more...
-
CGI Files ≈ Packet Storm
Jul 2, 2018 | 18:16 pm
This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware
Read more...
-
CGI Files ≈ Packet Storm
May 31, 2018 | 22:38 pm
Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only[…]
Read more...