-
D-Link DIR-859 Unauthenticated Remote Command Execution
CGI Files ≈ Packet Storm Jan 22, 2020 | 17:26 pmD-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Read more... -
Barco WePresent file_transfer.cgi Command Injection
CGI Files ≈ Packet Storm Jan 14, 2020 | 17:16 pmThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
Read more... -
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
CGI Files ≈ Packet Storm Sep 10, 2019 | 01:46 amThe Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more... -
Debian Security Advisory 4507-1
CGI Files ≈ Packet Storm Aug 26, 2019 | 17:54 pmDebian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]
Read more... -
Ubuntu Security Notice USN-4059-1
CGI Files ≈ Packet Storm Jul 16, 2019 | 22:09 pmUbuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]
Read more... -
ABB IDAL HTTP Server Authentication Bypass
CGI Files ≈ Packet Storm Jun 21, 2019 | 22:32 pmThe IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an[…]
Read more... -
Telus Actiontec WEB6000Q Denial Of Service
CGI Files ≈ Packet Storm Jun 12, 2019 | 20:44 pmTelus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more... -
RICOH SP 4520DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 20:22 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more... -
RICOH SP 4510DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 16:55 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more... -
Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 19:20 pmAn exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more...
snaplitics made a real revolution in the industry.