-
CGI Files ≈ Packet Storm
Feb 22, 2024 | 15:11 pm
There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero[…]
Read more...
-
CGI Files ≈ Packet Storm
Dec 4, 2023 | 15:02 pm
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
Read more...
-
CGI Files ≈ Packet Storm
Dec 4, 2023 | 13:59 pm
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup[…]
Read more...
-
CGI Files ≈ Packet Storm
Oct 2, 2023 | 15:35 pm
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
Read more...
-
CGI Files ≈ Packet Storm
Sep 19, 2023 | 15:57 pm
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 2, 2023 | 13:18 pm
Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.
Read more...
-
CGI Files ≈ Packet Storm
Jul 28, 2023 | 14:03 pm
This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 21, 2023 | 15:59 pm
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 18, 2023 | 17:34 pm
SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
Read more...
-
CGI Files ≈ Packet Storm
Apr 18, 2023 | 17:31 pm
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
Read more...
-
CGI Files ≈ Packet Storm
Mar 22, 2023 | 15:11 pm
The documentation for the python CGI module suffers from a cross site scripting vulnerability.
Read more...
-
CGI Files ≈ Packet Storm
Mar 21, 2023 | 17:41 pm
Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem.[…]
Read more...
-
CGI Files ≈ Packet Storm
Jan 24, 2023 | 16:30 pm
Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which[…]
Read more...
-
CGI Files ≈ Packet Storm
Jan 18, 2023 | 16:40 pm
Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more...
-
CGI Files ≈ Packet Storm
Dec 15, 2022 | 16:35 pm
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.
Read more...
-
CGI Files ≈ Packet Storm
Dec 15, 2022 | 16:32 pm
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.
Read more...
-
CGI Files ≈ Packet Storm
Nov 30, 2022 | 21:16 pm
perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to[…]
Read more...
-
CGI Files ≈ Packet Storm
Nov 2, 2022 | 15:02 pm
In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote[…]
Read more...
-
CGI Files ≈ Packet Storm
Jul 21, 2022 | 20:34 pm
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in[…]
Read more...
-
CGI Files ≈ Packet Storm
Jul 1, 2022 | 15:17 pm
Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can[…]
Read more...
-
CGI Files ≈ Packet Storm
May 16, 2022 | 14:19 pm
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an[…]
Read more...
-
CGI Files ≈ Packet Storm
Feb 1, 2022 | 17:14 pm
This Metasploit module exploits an authentication bypass (CVE-2021-1472) and command injection (CVE-2021-1473) in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the[…]
Read more...
-
CGI Files ≈ Packet Storm
Dec 14, 2021 | 15:37 pm
Ubuntu Security Notice 5142-3 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/show_bug.cgi?id=14922 This update fixes the problem. Various[…]
Read more...
-
CGI Files ≈ Packet Storm
Oct 25, 2021 | 17:10 pm
This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 17, 2021 | 16:02 pm
This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and[…]
Read more...