-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:45 pm
This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more...
-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:40 pm
This Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more...
-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:34 pm
This Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more...
-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:28 pm
This Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:27 pm
This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more...
-
CGI Files ≈ Packet Storm
Sep 1, 2024 | 16:15 pm
This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more...
-
CGI Files ≈ Packet Storm
Aug 31, 2024 | 21:44 pm
This Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached[…]
Read more...
-
CGI Files ≈ Packet Storm
Aug 31, 2024 | 21:35 pm
This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.
Read more...
-
CGI Files ≈ Packet Storm
Aug 31, 2024 | 21:34 pm
This Metasploit module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable[…]
Read more...
-
CGI Files ≈ Packet Storm
Aug 31, 2024 | 21:28 pm
This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been[…]
Read more...
snaplitics made a real revolution in the industry.