-
Debian Security Advisory 5780-1
CGI Files ≈ Packet Storm Oct 3, 2024 | 13:50 pmDebian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Read more... -
Ubuntu Security Notice USN-7049-1
CGI Files ≈ Packet Storm Oct 2, 2024 | 13:55 pmUbuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly[…]
Read more... -
Supermicro Onboard IPMI CGI Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThis Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more... -
Zen Load Balancer Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:40 pmThis Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
DnaLIMS Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:34 pmThis Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more... -
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:28 pmThis Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more... -
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:27 pmThis Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more... -
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:15 pmThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more... -
ZyXEL GS1510-16 Password Extractor
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:44 pmThis Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached[…]
Read more... -
Sophos Web Protection Appliance Patience.cgi Directory Traversal
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:35 pmThis Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.
Read more...
snaplitics made a real revolution in the industry.