U.S. Dept Of Defense: an internel important paths disclosure [HtUS]

Summary: i found CGI script environment variable disclosure an important paths Steps To Reproduce: 1. visit this link : https://███ 2. look at poc pic you should restrict this quickly Impact this is so dangerous because attacker now know an internal paths and this juicy information as u can see i...

WAVLINK WN579 X3 Information Disclosure Vulnerability (CNVD-2022-61036)

The WAVLINK WN579 X3 is a wireless router from the Chinese company WAVLINK. An information disclosure vulnerability exists in WAVLINK WN579 X3 M79X3.V5030.180719 version, which originates from improper authorization management in /cgi-bin/ExportAllSettings.sh. An attacker can exploit this...

CVE-2017-20049

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

Design/Logic Flaw

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

CVE-2017-20049

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely...

CVE-2017-20049

Axis legacy network cameras (P3225, M3005) are affected by CVE-2017-20049 due to a flaw in an unspecified part of the CGI Script, causing improper privilege management. The vulnerability can be triggered remotely, enabling an attacker to exploit the issue without user interaction. No explicit roo...

PT-2022-7922 · Axis · Axis Device

Name of the Vulnerable Software and Affected Versions: Axis devices affected versions not specified Description: A vulnerability was found in legacy Axis devices, affecting an unknown part of the component CGI Script. The manipulation leads to improper privilege management, and it is possible to...

PT-2022-5814 · Dingtian · Dingtian Dt-R002

Name of the Vulnerable Software and Affected Versions: Dingtian DT-R002 2CH relay devices with firmware 3.1.276A Description: The issue is related to the relay cgi.cgi script on Dingtian DT-R002 2CH relay devices, which allows an attacker to replay HTTP post requests without the need for...

GoAhead file upload vulnerability

GoAhead is an open source small embedded web server from Embedthis Software, U.S. GoAhead is vulnerable to a file upload vulnerability that stems from incomplete filter processing in the file upload filter. An attacker could exploit this vulnerability to import untrusted environment variables int...

Visual Tools DVR VX16 4.2.28.0 Command Injection

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can...

Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) Vulnerability

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can inject arbitrary...

Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. CVE: CVE-2021-42071 Reference:...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

VulnCheck KEV: CVE-2013-1599

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04US, DCS-2102/2121 1.05RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410...

MagazinegerZ vulnerable to cross-site scripting

Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

Cisco UCS Manager 2.2(1d) Remote Command Execution

import sys, ssl, os, time import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning Exploit Title : Cisco UCS Manager - 2.21d - Remote Command Execution Description : An unspecified CGI script in Cisco...

Cisco UCS Manager 2.2(1d) - Remote Command Execution

Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...