-
PHP CGI Argument Injection Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2024 | 14:03 pmThis Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert[…]
Read more... -
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
CGI Files ≈ Packet Storm Feb 22, 2024 | 15:11 pmThere exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage (NAS) devices, and QuTS hero[…]
Read more... -
Nikto Web Scanner 2.5.0
CGI Files ≈ Packet Storm Dec 4, 2023 | 15:02 pmNikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
Read more... -
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
CGI Files ≈ Packet Storm Dec 4, 2023 | 13:59 pmR Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup[…]
Read more... -
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
CGI Files ≈ Packet Storm Oct 2, 2023 | 15:35 pmElectrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
Read more... -
Lexmark Device Embedded Web Server Remote Code Execution
CGI Files ≈ Packet Storm Sep 19, 2023 | 15:57 pmAn unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they[…]
Read more... -
Tinycontrol LAN Controller 3 Denial Of Service
CGI Files ≈ Packet Storm Sep 2, 2023 | 13:18 pmTinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.
Read more... -
Western Digital MyCloud Unauthenticated Command Injection
CGI Files ≈ Packet Storm Jul 28, 2023 | 14:03 pmThis Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the[…]
Read more... -
Ubuntu Security Notice USN-6181-1
CGI Files ≈ Packet Storm Jun 21, 2023 | 15:59 pmUbuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user[…]
Read more... -
SecurePoint UTM 12.x Memory Leak
CGI Files ≈ Packet Storm Apr 18, 2023 | 17:34 pmSecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
Read more...
snaplitics made a real revolution in the industry.