The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the memberhtml.cgi script. This could lead to attacks against system...

Cobalt RaQ4 Administrative Interface Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6326/info The RaQ4 is a server appliance distributed and maintained by Sun Microsystems. A vulnerability has been reported in the web administration interface of the RaQ4. It is possible for a remote attacker to execute...

MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Buffer Overflow

No description provided by source. $Id: mdaemonworldclientform2raw.rb 9653 2010-07-01 23:33:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...

Sitebuilder 1.4 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-suppli...

gitWeb 1.5.2 - Remote Command Execution

No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...

CGI Script Center Account Manager 1.0 LITE / PRO Administrative Password Alteration (1)

No description provided by source. source: http://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST...

FileSeek CGI Script File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from The CGI/Perl Cookbook from John Wiley & Sons. The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server...

CGI Script Center Account Manager 1.0 LITE / PRO Administrative Password Alteration (2)

No description provided by source. source: http://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST...

CGI Script Center Subscribe Me Lite 2.0 Administrative Password Alteration (2)

No description provided by source. source: http://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition o...

Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an ECHO command in quotes, and as a result shell expansion of the character ca...

Free Online Dictionary of Computing 1.0 - Remote File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called The Free Online Dictionary of Computing. Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files...

Network Security Wizards Dragon-Fire IDS 1.0 Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon...

Endymion MailMan 3.0..x Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open...

PT-2014-5616 · D Link · D-Link Dir-505 +1

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 versions 1.01b06 and earlier D-Link DIR-505 versions prior to 1.08b10 D-Link DIR-505L versions 1.01 and earlier Description: The issue allows remote attackers to execute arbitrary code via a long Content-Length header in a...

csUpload Authentication Bypass

Exploit Title: "csUpload Script Site" Authentication Bypass Google Dork: CSUpload.cgi?command= Date: 4/9/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12 Version:...

csUpload Script Site - Authentication Bypass

Exploit Title: "csUpload Script Site" Authentication Bypass Google Dork: CSUpload.cgi?command= Date: 4/9/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12 Version:...

Motorola WiMAX CPEi25890 /cgi-bin/f1_fcgi_cgi.fcgi设备名字段跨站脚本漏洞

code/codeMotorola WiMAX CPEi25890是摩托罗拉发布的WiMax猫。 Motorola WiMAX CPEi25890 /cgi-bin/f1fcgicgi.fcgi脚本不正确过滤设备名字段输入，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时可获取敏感信息或者劫持用户会话。 Motorola WiMAX CPEi25890是摩托罗拉发布的WiMax猫。 Motorola WiMAX CPEi25890...