-
Supermicro Onboard IPMI CGI Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThis Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more... -
Zen Load Balancer Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:40 pmThis Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
DnaLIMS Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:34 pmThis Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more... -
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:28 pmThis Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more... -
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:27 pmThis Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more... -
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:15 pmThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more... -
ZyXEL GS1510-16 Password Extractor
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:44 pmThis Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached[…]
Read more... -
Sophos Web Protection Appliance Patience.cgi Directory Traversal
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:35 pmThis Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.
Read more... -
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:34 pmThis Metasploit module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable[…]
Read more... -
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
CGI Files ≈ Packet Storm Aug 31, 2024 | 21:28 pmThis Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been[…]
Read more...
snaplitics made a real revolution in the industry.