Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.
b35aa71589ba337fad0f50e2db1dd972The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
1713c8fd894c04a7b7bca5abd747a8a4Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
ff8c8d3835518737f0d6871a0c139c16Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
8a6dc3eb56196849d5108968e9b04d85man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
bca0e6274252ccbf0017f77e91d0f04eMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.
e8955597bdd0224a62bfdb870b980cf0This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.
3c493d70dda3e9875442ed78bc1db5d8Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
4010dd1ed3cd225ed49a240fc59a47d5Teradek VidiU Pro version 3.0.3 suffers from a stream disclosure vulnerability in snapshot.cgi.
85f74b0bec8310d4a27675d34c91fdcfTeradek Slice version 7.3.15 suffers from a stream disclosure vulnerability in snapshot.cgi.
0cf6b30e0f45999cc94c85ea740b66edTeradek T-RAX version 7.3.2 suffers from a stream disclosure vulnerability in snapshot.cgi.
b94d2810cd0ee343c10b24d906ad3e7dTeradek Cube version 7.3.6 suffers from a stream disclosure vulnerability in snapshot.cgi.
4503c90da737c7d782d2b0c1ff45ad01Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
f56935b7186a1bb0e06c683d70145e04This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.
b52da760a508f605f6ac4e9e7f6f0ffeD-Link routers 110/412/615/815 versions prior to 1.03 suffer from a service.cgi arbitrary code execution vulnerability.
3d62c7e0cb26b053130f3ca201d0f494Synology DiskStation Manager (DMS) versions prior to 6.1.3-15152 suffer from a forget_passwd.cgi user enumeration vulnerability.
c48c4c4573098defd903d29ddeae9f02Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.
0e725291dedfc743e647723b95b3a423This Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.
ca19c9ae7f1297c6b3244ef66e8bdb35IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
1f8ebd286acb009b1e30960495f5b74dSonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
1b8a31b46825c7465b2937b76b39b411Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
cd86304aec43ab3feeb8080444d44ebaUbuntu Security Notice 3253-2 - USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
04f7a17df00f437de002a52271d94331EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
6051f5e6ab0341318d0a8979089a82beThis Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
9b114a97c4c0d9295990975928a03725Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
1adf882631024240e0ddc894cd726f0b
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed