-
CGI Files ≈ Packet Storm
Feb 22, 2024 | 15:11 pm
There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero[…]
Read more...
-
CGI Files ≈ Packet Storm
Dec 4, 2023 | 15:02 pm
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
Read more...
-
CGI Files ≈ Packet Storm
Dec 4, 2023 | 13:59 pm
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup[…]
Read more...
-
CGI Files ≈ Packet Storm
Oct 2, 2023 | 15:35 pm
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
Read more...
-
CGI Files ≈ Packet Storm
Sep 19, 2023 | 15:57 pm
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 2, 2023 | 13:18 pm
Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.
Read more...
-
CGI Files ≈ Packet Storm
Jul 28, 2023 | 14:03 pm
This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the[…]
Read more...
-
CGI Files ≈ Packet Storm
Jun 21, 2023 | 15:59 pm
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more...
-
CGI Files ≈ Packet Storm
Apr 18, 2023 | 17:34 pm
SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
Read more...
-
CGI Files ≈ Packet Storm
Apr 18, 2023 | 17:31 pm
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
Read more...
snaplitics made a real revolution in the industry.