what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,041 RSS Feed

CGI Files

ZyXEL GS1510-16 Password Extractor
Posted Aug 31, 2024
Authored by Sven Vetsch, Daniel Manser | Site metasploit.com

This Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached end of life for support from the manufacturer, so it is unlikely this problem will be addressed.

tags | exploit, cgi
SHA-256 | f64ee1ebff3c90a08beadeb514409a3b5bbf36e3c99ab50125bfcad7485c04c5
Sophos Web Protection Appliance Patience.cgi Directory Traversal
Posted Aug 31, 2024
Authored by juan vazquez, Wolfgang Ettlingers | Site metasploit.com

This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.

tags | exploit, web, cgi
advisories | CVE-2013-2641
SHA-256 | 3d4fc09d9f6482421e030cede564961a2b390c83045857868d24748e125478ec
Netgear R7000 Backup.cgi Heap Overflow Remote Code Execution
Posted Aug 31, 2024
Authored by Grant Willcox, colorlight2019, SSD Disclosure | Site metasploit.com

This Metasploit module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable the telnet server which allows attackers to connect to the target and execute commands as the admin user from within a BusyBox shell. Users can connect to this telnet server by running the command "telnet *target IP*".

tags | exploit, overflow, shell, cgi, root, code execution
advisories | CVE-2021-31802
SHA-256 | 042eaa7026a5227a1b186fee630ffdae53cf707f495f6cf7879c9d6f44e1ac01
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2983
SHA-256 | 6c0a9a2b80ec4a4d227511510ff034d0be1d1387d4299cbb7189ca3bd983eb19
C2S DVR Management Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

C2S DVR allows an unauthenticated user to disclose the username and password by requesting the javascript page read.cgi?page=2. This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.

tags | exploit, cgi, javascript
SHA-256 | f14eb376c1dcefd1b99e4b5370da22899ba91385ab2b1509b470c463d912db0f
NETGEAR Administrator Password Disclosure
Posted Aug 31, 2024
Authored by Simon Kenin, thecarterb | Site metasploit.com

This Metasploit module will collect the password for the admin user. The exploit will not complete if password recovery is set on the router. The password is received by passing the token generated from unauth.cgi to passwordrecovered.cgi. This exploit works on many different NETGEAR products. The full list of affected products is available in the References section.

tags | exploit, cgi
advisories | CVE-2017-5521
SHA-256 | aa53592f4c2de5f7742c7914a0b26fa42e6e62f00e84c3a8ce2e442d825edf56
JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure
Posted Aug 31, 2024
Authored by h00die, Yakir Wizman | Site metasploit.com

SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU), and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allow an unauthenticated user to disclose the username and password by requesting the javascript page readfile.cgi?query=ADMINID. Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235.

tags | exploit, cgi, javascript
SHA-256 | 75f290c73dd9cc43a56aaf952cb417b04741e27f28826be5a9ebfc52ebd9c6c9
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Posted Aug 20, 2024
Authored by LiquidWorm | Site zeroscience.mk

Akuvox Smart Intercom/Doorphone suffers from an unauthenticated live stream disclosure when requesting video.cgi endpoint on port 8080. Many versions are affected.

tags | exploit, cgi
SHA-256 | b9109fbd6b81561f43a64e422162fa5e99ed650e66b857057e94fc3b868986d0
PHP CGI Argument Injection Remote Code Execution
Posted Jun 18, 2024
Authored by Orange Tsai, sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

tags | exploit, web, cgi, php
systems | windows
advisories | CVE-2024-4577
SHA-256 | c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
Posted Feb 22, 2024
Authored by Spencer McIntyre, jheysel-r7, sfewer-r7 | Site metasploit.com

There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. The vulnerable endpoint is the quick.cgi component, exposed by the device's web based administration feature. The quick.cgi component is present in an uninitialized QNAP NAS device. This component is intended to be used during either manual or cloud based provisioning of a QNAP NAS device. Once a device has been successfully initialized, the quick.cgi component is disabled on the system. An attacker with network access to an uninitialized QNAP NAS device may perform unauthenticated command injection, allowing the attacker to execute arbitrary commands on the device.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2023-47218
SHA-256 | 512c538bc485b9095fb0fb14daba0e91a985496262d3017dc3aaf05f8005e9ad
Nikto Web Scanner 2.5.0
Posted Dec 4, 2023
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Breaking changes to JSON and XML output may have occurred. IPv6 support added. Updated db_checks format uses multiple reference. Hundreds of OSVDB and BID references replaced. Removal of some very old and false-positive prone tests. Decodes Netscaler cookies. Added -usecookies flag to send received cookies with subsequent requests. Added -followredirects flag to signal 3xx responses should be fetched and tested. Added -noslash to remove trailing slash from directories. Check for indexing on redirect paths. Alert on alt-svc header. Hundreds of bug fixes, test updates and enhancements, and other optimization changes.
tags | tool, web, cgi
systems | unix
SHA-256 | fb0dc4b2bc92cb31f8069f64ea4d47295bcd11067a7184da955743de7d97709d
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Posted Dec 4, 2023
Authored by LiquidWorm | Site zeroscience.mk

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

tags | exploit, cgi
SHA-256 | 957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Posted Oct 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

tags | exploit, denial of service, cgi
SHA-256 | b9b0622841f3107d917cdcd1705a85c49fc9e8558ff56a20647b6b895f6e0b05
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
advisories | CVE-2023-26067, CVE-2023-26068
SHA-256 | 55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70a
Tinycontrol LAN Controller 3 Denial Of Service
Posted Sep 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

tags | exploit, remote, denial of service, cgi
SHA-256 | 9b6ba51344fefe8dd52543c161ab1ed42968403a056b495c0371ffad0323a48c
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Ubuntu Security Notice USN-6181-1
Posted Jun 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | f634308d9f8170226b080952b6f1730c28beb18e02e1b9af7f1902121a0a253c
SecurePoint UTM 12.x Memory Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, memory leak
advisories | CVE-2023-22897
SHA-256 | 15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350
SecurePoint UTM 12.x Session ID Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, info disclosure
advisories | CVE-2023-22620
SHA-256 | 1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69
Python CGI Documentation Cross Site Scripting
Posted Mar 22, 2023
Authored by Georgi Guninski

The documentation for the python CGI module suffers from a cross site scripting vulnerability.

tags | exploit, cgi, xss, python
SHA-256 | 12070a3cded8397a9c1036c6ffa17c97d5ef5a584b91e3216867995ff23654e8
Ubuntu Security Notice USN-5806-3
Posted Mar 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 2946affe6446c720209e8c8a6781b9e746e6210d18a5a939af4608b1e97f3dfd
Ubuntu Security Notice USN-5806-2
Posted Jan 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 5e9eaa591a250702e16d36f855a65138db55f846075d60d7208d9a3e346086a8
Ubuntu Security Notice USN-5806-1
Posted Jan 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 75ea48c38a96b7594dbd0877d422b431f6c885a45730d787e0fa46952d38d26c
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.

tags | exploit, cgi
SHA-256 | 1a0c507a2c0f666f15e332c7934c5598e8049b69d4e09f06340c0fbb87d33517
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.

tags | exploit, remote, cgi, code execution
SHA-256 | 3c3c6d279fd591ebe7b26f14524ac53bdce85b020d4fd8b0674e18a3fd734b58
Page 1 of 42
Back12345Next

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    29 Files
  • 21
    Aug 21st
    42 Files
  • 22
    Aug 22nd
    26 Files
  • 23
    Aug 23rd
    25 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    21 Files
  • 27
    Aug 27th
    28 Files
  • 28
    Aug 28th
    15 Files
  • 29
    Aug 29th
    41 Files
  • 30
    Aug 30th
    13 Files
  • 31
    Aug 31st
    467 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close