ignore security and it'll go away
Showing 76 - 100 of 948 RSS Feed

CGI Files

Mandriva Linux Security Advisory 2014-142
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 5cc6454096e1740c662549e0e30c7831
D-Link info.cgi POST Request Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the my_cgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasploit module has been successfully tested on D-Link DSP-W215 in an emulated environment.

tags | exploit, remote, web, overflow, cgi, code execution
MD5 | 6536bc2c5fe1aa932ecb74dca292aac3
Python CGIHTTPServer File Disclosure / Code Execution
Posted Jun 27, 2014
Site redteam-pentesting.de

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

tags | exploit, arbitrary, cgi, root, python
advisories | CVE-2014-4650
MD5 | 366ebd78e93b049c2077b7f457cd3446
D-Link authentication.cgi Buffer Overflow
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.

tags | exploit, remote, web, overflow, cgi
advisories | OSVDB-95951
MD5 | e86843e76fd74450b6a58bebe5f22c7f
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

tags | exploit, remote, web, cgi, code execution
advisories | OSVDB-95950
MD5 | f42a41ed103516610ddf009f7f6aba79
Web Terra 1.1 Remote Command Execution
Posted May 22, 2014
Authored by Felipe Andrian Peixoto

Web Terra version 1.1 suffers from a remote command execution vulnerability in books.cgi. Note that this finding houses site-specific data.

tags | exploit, remote, web, cgi
MD5 | 23608abdbb351cc7796ad5b14d1fce14
Mandriva Linux Security Advisory 2014-089
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-089 - Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service via a long message to cmd.cgi.

tags | advisory, remote, denial of service, overflow, cgi
systems | linux, mandriva
advisories | CVE-2014-1878
MD5 | 79cc376d0e2393406ff5c6dec3583762
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
MD5 | cf5a1ebb66e0d9f766736399194e02b5
Red Hat Security Advisory 2014-0373-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0373-01 - JBoss Web Server is an enterprise ready web server designed for medium and large applications, and is based on Tomcat. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications.

tags | advisory, java, web, cgi, php, file upload
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0050
MD5 | a9efdc53a6f8acc17a2647204d97dd66
Diskstation Manager 4.3-3810 Data Append / Code Execution
Posted Mar 25, 2014
Authored by tiamat451

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

tags | advisory, remote, web, arbitrary, cgi
advisories | CVE-2013-6955, CVE-2013-6987
MD5 | 7155d6e39ef68cd839a292af56e2baa2
FastCGI.com searcharchive.cgi Remote Command Execution
Posted Mar 20, 2014
Authored by Felipe Andrian Peixoto

searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.

tags | exploit, remote, cgi
MD5 | f1ac4bfdfbdf431b9e604f2510ccda60
Cosmoshop pwd.cgi htaccess Creation
Posted Mar 15, 2014
Authored by l0om

Cosmoshop suffers from having an unrestricted pwd.cgi script that allows for arbitrary creation of an htaccess file that can be leveraged to block access or perform phishing attacks.

tags | exploit, arbitrary, cgi
MD5 | e871b9476cf87b8e9d8a372f255acfc2
Linksys Worm Remote Root
Posted Feb 17, 2014
Authored by infodox

Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.

tags | exploit, worm, cgi, proof of concept
MD5 | 98029f878e6fe6748f2a3f31170306c5
PHP-CGI Remote Code Execution Scanner
Posted Feb 17, 2014
Authored by infodox

This small python script scans for a number of variations on the PHP-CGI remote code execution vulnerability, includes "apache magica" and plesk paths, along with other misconfigurations.

tags | tool, remote, cgi, scanner, php, code execution, python
systems | unix
MD5 | c043d2636d722f6c633d0653ab1ca8f5
Mandriva Linux Security Advisory 2014-004
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi
systems | linux, mandriva
advisories | CVE-2013-7108, CVE-2013-7205
MD5 | 36ee9c14e0e6826f2f6d357a431cb2a9
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
Posted Dec 23, 2013
Authored by Markus Wulftange | Site metasploit.com

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a so called SLICEUPLOAD functionality, which can be triggered by an unauthenticated user with a specially crafted HTTP request. This is exploited by this module to append the given commands to /redirect.cgi, which is a regular shell script file, and can be invoked with another HTTP request. Synology reported that the vulnerability has been fixed with versions 4.0-2259, 4.2-3243, and 4.3-3810 Update 1, respectively; the 4.1 branch remains vulnerable.

tags | exploit, web, arbitrary, shell, cgi, root
advisories | CVE-2013-6955
MD5 | c2f7ccadd1aa8e6f7f9ba47191a96fb7
Mandriva Linux Security Advisory 2013-285
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743
MD5 | f13e8ba9f8db87507ac43dc7f30e8c56
Mandriva Linux Security Advisory 2013-277
Posted Nov 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-277 - lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too. In lighttpd before 1.4.34, if fam is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS.

tags | advisory, remote, cgi, root
systems | linux, mandriva
advisories | CVE-2013-4508, CVE-2013-4559, CVE-2013-4560
MD5 | 66510844b76d68ade1fb8fa2f9403a33
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
Posted Nov 17, 2013
Authored by H D Moore, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This Metasploit module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.

tags | exploit, web, overflow, arbitrary, cgi
advisories | CVE-2013-3623
MD5 | 93402586b187bf6a3206c59f7317c96f
Apache + PHP 5.x Remote Code Execution Python Exploit #2
Posted Oct 31, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python. Version 2 of this exploit.

Changes: Multi-threaded scanner and connect-back shell added. Various bug fixes and it now allows an input file for scanning.
tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
MD5 | a79b540dfe48bc91f755a82796e83f2c
Apache Magicka Code Execution
Posted Oct 29, 2013
Authored by Kingcope

Apache and PHP remote command execution exploit that leverages php5-cgi.

tags | exploit, remote, cgi, php
advisories | CVE-2012-1823
MD5 | bdb5dbeddbd99bb47e41085bb02a8b97
Apache / PHP Remote Command Execution
Posted Oct 29, 2013
Authored by noptrix | Site nullsecurity.net

Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.

tags | exploit, remote, cgi, php, python
advisories | CVE-2012-1823
MD5 | 1b8cde875eff98bf11b70ba0d00606d8
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
MD5 | 6aca173027c40771cf3490070e12b3b4
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Posted Sep 23, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.

tags | exploit, web, cgi
advisories | OSVDB-90221
MD5 | f3151dd2eca5d42b2a5b5d7426fb71ac
PHP-CGI Argument Injection
Posted Jun 26, 2013
Authored by infodox

Exploit for the PHP-CGI argument injection vulnerability disclosed in 2012. Has file uploading, inline shell spawning, and both python and perl reverse shell implementations using an earlier version of the "payload" library written for such exploits.

tags | exploit, shell, cgi, perl, php, python, file upload
systems | unix
advisories | CVE-2012-1823
MD5 | bbf30f73a92bfb0a1e522e790fabad73
Page 4 of 38
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close