Teradek T-RAX version 7.3.2 suffers from a stream disclosure vulnerability in snapshot.cgi.
69d8a2bfab670f5bce274a6f980f3cf8b6cd28a765740ec72516f1a6fc6cb370
Teradek Cube version 7.3.6 suffers from a stream disclosure vulnerability in snapshot.cgi.
88954f646ded8b7e83029b9f42aae86899a385a53ce2d403178347c0cae7ba17
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
8320cd451f55d0feeed44694d94eb4d4ebd31a347fc8e66647043d1614a99308
This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.
bee949e92c0ea2f22d837f57390d8e28e16e861007e5e679292d373e6ac8037a
D-Link routers 110/412/615/815 versions prior to 1.03 suffer from a service.cgi arbitrary code execution vulnerability.
651186c87c851fe922b89dd1f1984831bd08a44f073434250ee0cab39587d7f9
Synology DiskStation Manager (DMS) versions prior to 6.1.3-15152 suffer from a forget_passwd.cgi user enumeration vulnerability.
badeff38c0b5be1a4c2359ece25657ca8c8f3d34316f5218270d5f7e18e562d5
Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.
8b6426fb7ecab4c3be36761c437ebb2dc9019377c22d2acbac83d341781b3249
This Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.
86c53ad96211bee0a0215a95caed6678b01af806833286d61151eee772e71fa9
IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965
Sonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
329940cf4063e7a9fb0d94eae38b5e003d9143b085469fa57ef97279bed2d20e
Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
1c406ac717264e13cef5f2341197c0e2013b4a9fe6fe7c509442d497b4bb32b7
Ubuntu Security Notice 3253-2 - USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
9cd930c45365b94384d95a76fd5e0a17478d59a64a006c5ca2020bd550784c72
EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
d1c799db7f9176c2a6b0027bf79644fb435f7c9a61e487538ff26b55f1a89a22
This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
fdde35982e5ae8f4f3cfc494b6eb51af6b81f5d276ee9db4ad67d0db0267baf2
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48be
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.
edee6760c7f2c9ebf89f541fa00a52bf885df3f8a7630f79abf5b032785960a4
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.
a9196290400935ef3b6319c48e7689aa9a949b9efd2be8e9d8861ef419b6e001
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.
bbbed1b3bf17f683837d3fecae8f6085dee8a26a7ae1148d404cc746cff6632b
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.
5cb3107445be9dd17d7844b1475bdac38b6b7f828e25697fa092549f47228aa5
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.
e465300a0c016f04a03e4baea8fb3f12dea6565a5f3c380f365cb72843951a4e