IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
1f8ebd286acb009b1e30960495f5b74dSonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
1b8a31b46825c7465b2937b76b39b411Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
cd86304aec43ab3feeb8080444d44ebaUbuntu Security Notice 3253-2 - USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
04f7a17df00f437de002a52271d94331EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
6051f5e6ab0341318d0a8979089a82beThis Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
9b114a97c4c0d9295990975928a03725Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
1adf882631024240e0ddc894cd726f0bTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
e64dcba98301f1ab384f8984e9224a9bTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
3cf21d2a823e33a734b8a40da596090aTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
7f4e75e562a262a818281920334a6854Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
aa20468f976a8f6eddbfec0fe9caa436Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
60527f7fa635a3aa1bf0b3ea132bd026Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.
e421113779124b966d2a378961176ec1Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.
b3bfac68f542227a72e9459f1bc56b1dTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.
85247d66647dbab7ddff869cae051fc6Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.
fd0b275e96c82c9051e3c2c25ca89caaTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.
beb8008a07bbf48c61178c388c733a97Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.
4f9ee58cfbe5fe18bbb4aa1a4926eca7This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
3eb4ddb8e86d4a0dab985176c6c1a683Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
84b8bad522cea2d054117e97ba900205Ubuntu Security Notice 3215-2 - USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.
51ece64d0111f805d85cf6c8b3cf6875Ubuntu Security Notice 3215-1 - It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.
d0bd199e11e50ba5fc58c92cc87bbcf3Debian Linux Security Advisory 3794-2 - The update for munin issues as DSA-3794-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue.
5a45a9cbf54f376d207a54d4f5dc52b1Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-administrative authenticated remote command execution vulnerability via dnslookup.cgi.
e9720dafd68191f8ed319602cf186f95This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/testaction.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.11.0.12 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.11.0.12 firmware.
584256c90a7c1a22c6fb8b90488d1b76
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed