-
PHP-CGI Argument Injection Remote Code Execution
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:42 pmProof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
Read more... -
PHP-CGI Argument Injection Susceptibility Scanner
CGI Files ≈ Packet Storm Nov 14, 2024 | 15:37 pmThis is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a[…]
Read more... -
Debian Security Advisory 5780-1
CGI Files ≈ Packet Storm Oct 3, 2024 | 13:50 pmDebian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Read more... -
Ubuntu Security Notice USN-7049-1
CGI Files ≈ Packet Storm Oct 2, 2024 | 13:55 pmUbuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly[…]
Read more... -
Supermicro Onboard IPMI CGI Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThis Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more... -
Zen Load Balancer Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:40 pmThis Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more... -
DnaLIMS Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:34 pmThis Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more... -
Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:28 pmThis Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more... -
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:27 pmThis Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more... -
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
CGI Files ≈ Packet Storm Sep 1, 2024 | 16:15 pmThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more...
snaplitics made a real revolution in the industry.