Exploit the possiblities
Showing 1 - 25 of 954 RSS Feed

CGI Files

Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Jan 28, 2018
Authored by mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
MD5 | f56935b7186a1bb0e06c683d70145e04
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
MD5 | b52da760a508f605f6ac4e9e7f6f0ffe
D-Link Routers 110/412/615/815 Arbitrary Code Execution
Posted Jan 12, 2018
Authored by Cr0n1c

D-Link routers 110/412/615/815 versions prior to 1.03 suffer from a service.cgi arbitrary code execution vulnerability.

tags | exploit, arbitrary, cgi, code execution
MD5 | 3d62c7e0cb26b053130f3ca201d0f494
Synology DiskStation Manager (DSM) User Enumeration
Posted Jan 8, 2018
Authored by Steve Kaun

Synology DiskStation Manager (DMS) versions prior to 6.1.3-15152 suffer from a forget_passwd.cgi user enumeration vulnerability.

tags | exploit, cgi
advisories | CVE-2017-9554
MD5 | c48c4c4573098defd903d29ddeae9f02
Synology StorageManager 5.2 Remote Command Execution
Posted Nov 29, 2017
Authored by securiteam

Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.

tags | exploit, remote, cgi, root
MD5 | 0e725291dedfc743e647723b95b3a423
Netgear DGN1000 Setup.cgi Remote Command Execution
Posted Oct 25, 2017
Authored by Roberto Paleari | Site metasploit.com

This Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.

tags | exploit, cgi
MD5 | ca19c9ae7f1297c6b3244ef66e8bdb35
IPFire proxy.cgi Remote Code Execution
Posted Jul 22, 2017
Authored by h00die, 0x09AL | Site metasploit.com

IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.

tags | exploit, remote, cgi
systems | linux
MD5 | 1f8ebd286acb009b1e30960495f5b74d
Sonicwall SRA 8.1.0.2-14sv gencsr.cgi Command Injection
Posted Jul 19, 2017
Authored by Russell Sanford

Sonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.

tags | exploit, remote, cgi
MD5 | 1b8a31b46825c7465b2937b76b39b411
WiMAX CPE Authentication Bypass
Posted Jun 7, 2017
Authored by Stefan Viehbock | Site sec-consult.com

Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).

tags | exploit, arbitrary, cgi
MD5 | cd86304aec43ab3feeb8080444d44eba
Ubuntu Security Notice USN-3253-2
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3253-2 - USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, local, cgi, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-1878, CVE-2016-9566
MD5 | 04f7a17df00f437de002a52271d94331
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
Posted Jun 4, 2017
Authored by LiquidWorm | Site zeroscience.mk

EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.

tags | exploit, arbitrary, cgi, root
MD5 | 6051f5e6ab0341318d0a8979089a82be
WePresent WiPG-1000 Command Injection
Posted Apr 24, 2017
Authored by Matthias Brun | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.

tags | exploit, cgi
MD5 | 9b114a97c4c0d9295990975928a03725
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
MD5 | 1adf882631024240e0ddc894cd726f0b
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
MD5 | e64dcba98301f1ab384f8984e9224a9b
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 3cf21d2a823e33a734b8a40da596090a
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 7f4e75e562a262a818281920334a6854
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
MD5 | aa20468f976a8f6eddbfec0fe9caa436
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
MD5 | 60527f7fa635a3aa1bf0b3ea132bd026
Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8588
MD5 | e421113779124b966d2a378961176ec1
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8589
MD5 | b3bfac68f542227a72e9459f1bc56b1d
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8590
MD5 | 85247d66647dbab7ddff869cae051fc6
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8591
MD5 | fd0b275e96c82c9051e3c2c25ca89caa
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8592
MD5 | beb8008a07bbf48c61178c388c733a97
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
MD5 | 4f9ee58cfbe5fe18bbb4aa1a4926eca7
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
MD5 | 3eb4ddb8e86d4a0dab985176c6c1a683
Page 1 of 39
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close