QNAP QTS 'f' Parameter Directory Traversal Vulnerability

QNAP QTS is prone to a directory traversal vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

QNAP QTS path traversal vulnerability

Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-7174QNAP QTS is a Network-Attached Storage NAS system accessible via a web interface. QNAP QTS...

PSF-2013-3 CGI directory traversal (URL parsing)

An error in separating the path and filename of the CGI script to run in http.server.CGIHTTPRequestHandler allows running arbitrary executables in the directory under which the server was started...

HP LaserJet Pro P1606dn - Webadmin Password Reset

HP LaserJet Pro P1606dn - Webadmin Password Reset !/usr/bin/python Exploit Title: HP LaserJet Pro P1606dn Webadmin password reset Date: 20.05.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...

Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Movable Type 4.2x, 4.3x Web Upgrade...

Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution

This module can be used to execute a payload on MoveableType MT that exposes a CGI script, mt-upgrade.cgi usually at /mt/mt-upgrade.cgi, that is used during installation and updating of the platform. The vulnerability arises due to the following properties: 1. This script may be invoked remotely...

Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Movable Type 4.2x, 4.3x Web Upgrade...

Ubuntu: Security Advisory (USN-1613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JVN#58160713: MyWebSearch vulnerable to cross-site scripting

MyWebSearch is a CGI script for searching within a website. MyWebSearch contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

squidclamav -- cross-site scripting in default virus warning pages

SquidClamav developers report: This release fix several security issues by escaping CGI parameters. Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site...

php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

VulnCheck KEV: CVE-2012-1823

sapi/cgi/cgimain.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

EUVD-2012-2329

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

WebGlimpse query Parameter Command Injection

The version of WebGlimpse installed on the remote host does not sufficiently sanitize user input to the 'query' parameter of the 'webglimpse.cgi' script before using it to construct and then run a command. An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on th...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

AirTies-4450 Unauthorized Remote Reboot

!/usr/bin/perl Title: AirTies-4450 Unauthorized Remote Reboot DoS. Type: hardware Tested on firmware: AirTiesAir4450RUFW1.1.2.18.bin Author: rigan - imrigan sobachka gmail.com The description of the device from a site of the vendor: With its Access Point and Router functionality, the Air 4450...

AirTies-4450 - Unauthorized Remote Reboot (Denial of Service)

AirTies-4450 - Unauthorized Remote Reboot Denial of Service !/usr/bin/perl Title: AirTies-4450 Unauthorized Remote Reboot DoS. Type: hardware Tested on firmware: AirTiesAir4450RUFW1.1.2.18.bin Author: rigan - imrigan sobachka gmail.com The description of the device from a site of the vendor: With...