-
Cayin Content Management Server 11.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:29 pmCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
Read more... -
Cayin Signage Media Player 3.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:26 pmCAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
Read more... -
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
CGI Files ≈ Packet Storm Jun 4, 2020 | 16:43 pmSecure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files[…]
Read more... -
Synology DiskStation Manager smart.cgi Remote Command Execution
CGI Files ≈ Packet Storm May 22, 2020 | 19:03 pmThis Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a[…]
Read more... -
Ubuntu Security Notice USN-4356-1
CGI Files ≈ Packet Storm May 13, 2020 | 14:26 pmUbuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid[…]
Read more... -
Zen Load Balancer 3.10.1 Directory Traversal
CGI Files ≈ Packet Storm Apr 23, 2020 | 19:32 pmThis Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
D-Link DIR-859 Unauthenticated Remote Command Execution
CGI Files ≈ Packet Storm Jan 22, 2020 | 16:26 pmD-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Read more... -
Barco WePresent file_transfer.cgi Command Injection
CGI Files ≈ Packet Storm Jan 14, 2020 | 16:16 pmThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
Read more... -
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
CGI Files ≈ Packet Storm Sep 9, 2019 | 23:46 pmThe Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more... -
Debian Security Advisory 4507-1
CGI Files ≈ Packet Storm Aug 26, 2019 | 15:54 pmDebian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]
Read more...
snaplitics made a real revolution in the industry.
