-
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution
CGI Files ≈ Packet Storm Feb 5, 2019 | 03:33 amdevolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the[…]
Read more... -
Webmin 1.900 Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2019 | 15:44 pmThis Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field[…]
Read more... -
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
CGI Files ≈ Packet Storm Nov 19, 2018 | 20:09 pmSynaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass[…]
Read more... -
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
CGI Files ≈ Packet Storm Oct 15, 2018 | 18:58 pmThe FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or[…]
Read more... -
Teltonika RUT9XX Reflected Cross Site Scripting
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:22 pmTeltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Read more... -
Teltonika RUT9XX Unauthenticated OS Command Injection
CGI Files ≈ Packet Storm Oct 12, 2018 | 18:16 pmTeltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Read more... -
man-cgi Local File Inclusion
CGI Files ≈ Packet Storm Aug 8, 2018 | 03:11 amman-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
Read more... -
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Configuration Download
CGI Files ≈ Packet Storm Jul 16, 2018 | 23:11 pmMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in[…]
Read more... -
Geutebruck simple_loglistjs.cgi Remote Command Execution
CGI Files ≈ Packet Storm Jul 2, 2018 | 18:16 pmThis Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware
Read more... -
Ubuntu Security Notice USN-3665-1
CGI Files ≈ Packet Storm May 31, 2018 | 22:38 pmUbuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only[…]
Read more...
snaplitics made a real revolution in the industry.
