738 matches found
sugarriverraceway.com vulnerability
Vulnerable URL: http://sugarriverraceway.com/cgi-bin/FrameIt.cgi?url=http://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.01.2016 Latest check for patch:| 26.01.2016 03:42 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 1204206 Google Pagerank| 2 VIP website...
council.nyc.gov XSS vulnerability
Vulnerable URL: http://council.nyc.gov/cgi-bin/goto.cgi?agency=Council=data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTUE9TRUQvKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...
Design/Logic Flaw
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Advantech Switch Bash Environment Variable Code Injection Shellshock', 'Description' = %q This module exploits the Shellshock...
CVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...
Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)
A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...
Synology Video Station 1.5-0757 Command Injection / SQL Injection
------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
Synology Video Station 1.5-0757 - Multiple Vulnerabilities ------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahi...
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...
Endian Firewall Proxy Password Change Command Injection Exploit
This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...
Endian Firewall Proxy Password Change Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...
Endian Firewall - Password Change Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...
Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module) Exploit
Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability i...
Endian Firewall 3.0.0 - OS Command Injection (Metasploit)
Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...
Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change password...
iBall 150M Wireless-N ADSL2+ Router Authentication Bypass
Exploit Title: iBall 150M Wireless-N ADSL2+ Router Authentication Bypass and Vulnerability Date: 23\04\2015 Submitter: Gem George Vendor: iBall Tested product:iBall 150M Wireless-N ADSL2+ Router, firmware version 1.00 Tested Product URL:...
AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)
A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...
Maroyaka Image Album vulnerable to cross-site scripting
Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Nagios-history.cgi-Exec-Code
CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...
Lantronix xPrintServer Remote Command Execution / CSRF
Hi, The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web interface. The problem is that the configuration happens through some RPC interface; the web interfaces uses AJAX requests to talk to a CGI script that simply executes shell...