Teradek T-RAX version 7.3.2 suffers from a stream disclosure vulnerability in snapshot.cgi.
69d8a2bfab670f5bce274a6f980f3cf8b6cd28a765740ec72516f1a6fc6cb370Teradek Cube version 7.3.6 suffers from a stream disclosure vulnerability in snapshot.cgi.
88954f646ded8b7e83029b9f42aae86899a385a53ce2d403178347c0cae7ba17Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
8320cd451f55d0feeed44694d94eb4d4ebd31a347fc8e66647043d1614a99308This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.
bee949e92c0ea2f22d837f57390d8e28e16e861007e5e679292d373e6ac8037aD-Link routers 110/412/615/815 versions prior to 1.03 suffer from a service.cgi arbitrary code execution vulnerability.
651186c87c851fe922b89dd1f1984831bd08a44f073434250ee0cab39587d7f9Synology DiskStation Manager (DMS) versions prior to 6.1.3-15152 suffer from a forget_passwd.cgi user enumeration vulnerability.
badeff38c0b5be1a4c2359ece25657ca8c8f3d34316f5218270d5f7e18e562d5Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.
8b6426fb7ecab4c3be36761c437ebb2dc9019377c22d2acbac83d341781b3249This Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.
86c53ad96211bee0a0215a95caed6678b01af806833286d61151eee772e71fa9IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965Sonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
329940cf4063e7a9fb0d94eae38b5e003d9143b085469fa57ef97279bed2d20eVarious WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
1c406ac717264e13cef5f2341197c0e2013b4a9fe6fe7c509442d497b4bb32b7Ubuntu Security Notice 3253-2 - USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Dawid Golunski discovered that Nagios incorrectly handled symlinks when accessing log files. A local attacker could possibly use this issue to elevate privileges. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.
9cd930c45365b94384d95a76fd5e0a17478d59a64a006c5ca2020bd550784c72EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
d1c799db7f9176c2a6b0027bf79644fb435f7c9a61e487538ff26b55f1a89a22This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
fdde35982e5ae8f4f3cfc494b6eb51af6b81f5d276ee9db4ad67d0db0267baf2Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48beTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.
edee6760c7f2c9ebf89f541fa00a52bf885df3f8a7630f79abf5b032785960a4Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.
a9196290400935ef3b6319c48e7689aa9a949b9efd2be8e9d8861ef419b6e001Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.
bbbed1b3bf17f683837d3fecae8f6085dee8a26a7ae1148d404cc746cff6632bTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.
5cb3107445be9dd17d7844b1475bdac38b6b7f828e25697fa092549f47228aa5Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.
e465300a0c016f04a03e4baea8fb3f12dea6565a5f3c380f365cb72843951a4e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed