Twenty Year Anniversary
Showing 26 - 50 of 963 RSS Feed

CGI Files

Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
MD5 | 60527f7fa635a3aa1bf0b3ea132bd026
Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8588
MD5 | e421113779124b966d2a378961176ec1
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8589
MD5 | b3bfac68f542227a72e9459f1bc56b1d
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8590
MD5 | 85247d66647dbab7ddff869cae051fc6
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8591
MD5 | fd0b275e96c82c9051e3c2c25ca89caa
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8592
MD5 | beb8008a07bbf48c61178c388c733a97
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
MD5 | 4f9ee58cfbe5fe18bbb4aa1a4926eca7
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
MD5 | 3eb4ddb8e86d4a0dab985176c6c1a683
Ubuntu Security Notice USN-3253-1
Posted Apr 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3253-1 - It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, cgi
systems | linux, ubuntu
advisories | CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2016-9566
MD5 | 84b8bad522cea2d054117e97ba900205
Ubuntu Security Notice USN-3215-2
Posted Mar 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3215-2 - USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.

tags | advisory, remote, arbitrary, cgi
systems | linux, ubuntu
MD5 | 51ece64d0111f805d85cf6c8b3cf6875
Ubuntu Security Notice USN-3215-1
Posted Mar 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3215-1 - It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.

tags | advisory, remote, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2017-6188
MD5 | d0bd199e11e50ba5fc58c92cc87bbcf3
Debian Security Advisory 3794-2
Posted Mar 2, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3794-2 - The update for munin issues as DSA-3794-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue.

tags | advisory, cgi
systems | linux, debian
MD5 | 5a45a9cbf54f376d207a54d4f5dc52b1
Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution
Posted Feb 26, 2017
Authored by SivertPL

Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-administrative authenticated remote command execution vulnerability via dnslookup.cgi.

tags | exploit, remote, cgi
advisories | CVE-2017-6334
MD5 | e9720dafd68191f8ed319602cf186f95
Geutebruck testaction.cgi Remote Command Execution
Posted Feb 17, 2017
Authored by Davy Douhine, Frederic Cikala, Florent Montel | Site metasploit.com

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/testaction.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.11.0.12 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.11.0.12 firmware.

tags | exploit, arbitrary, cgi, root
advisories | CVE-2017-5173, CVE-2017-5174
MD5 | 584256c90a7c1a22c6fb8b90488d1b76
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect
Posted Nov 29, 2016
Authored by LiquidWorm | Site zeroscience.mk

Input passed via the '_redirect' GET parameter via 'service.cgi' script on various Peplink VPN-Firewall devices is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

tags | exploit, arbitrary, cgi
MD5 | 5af9c98feacf1c9f241e8c52fcc8846f
Ubuntu Security Notice USN-3134-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3134-1 - It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, cgi, python
systems | linux, ubuntu
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699
MD5 | 0ce8a8b98671640d3e776ca2617dbc64
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
MD5 | 51d8e2299330edaa913b00676551d000
Red Hat Security Advisory 2016-1851-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1851-01 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387
MD5 | b15744f67fff01d22370d8bb54a6ff20
Red Hat Security Advisory 2016-1635-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1635-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387, CVE-2016-5388
MD5 | 149540e482b47698e6e0df21eb5f5881
Red Hat Security Advisory 2016-1626-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 53b0ca7b2756e948f24fbe6f5e5bc10e
Red Hat Security Advisory 2016-1629-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1629-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 071423e786f2546938e8ff0585f22468
Red Hat Security Advisory 2016-1628-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1628-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | a48c45d1cb8791d0084505e7c812eddb
Red Hat Security Advisory 2016-1630-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1630-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 5c4f0a8e974437ef65b97dc33fd28f3f
Red Hat Security Advisory 2016-1627-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1627-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 4a80a804ca49b06fb96354f767bbcc96
Red Hat Security Advisory 2016-1636-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1636-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387, CVE-2016-5388
MD5 | 71e4a37e06d92d984bcdf8bab8012f4a
Page 2 of 39
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    22 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close