EUVD-1999-0835

Malware in sbrugna...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

CVE-2024-57049

CVE-2024-57049 affects the TP-Link Archer C20 router (firmware versions up to V6.6_230412 and earlier). The vulnerability allows unauthenticated access to certain interfaces under the /cgi directory by including a Referer header with the value http://tplinkwifi.net, which the device erroneously t...

PT-2025-6737 · Tp Link · Tp-Link Wr840N V6

Name of the Vulnerable Software and Affected Versions: TP-Link WR840N versions 0.9.1 4.16 and earlier Description: The issue is related to a lack of proper authentication procedure in the TP-Link WR840N router's firmware, allowing unauthorized individuals to bypass security restrictions. This can...

CVE-2024-57050

...

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

Xymon useradm Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...

Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2808/info Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at th...

F-Secure Internet Gatekeeper for linux < 2.15.484 Local Root Exploit

No description provided by source. !/usr/bin/env python F-Secure Anti-Virus Internet Gatekeeper for Linux 2.15.484 F-Secure Anti-Virus Linux Gateway 2.16 added line 3-4 for references /str0ke fsigkexp.py: F-Secure Internet Gatekeeper for Linux local root exploit acknowledgements: everyone in...

PSF-2011-1 CGI directory traversal (is_cgi() function)

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

A CGI vulnerability discovery and exploit-vulnerability warning-the black bar safety net

Disclaimer:writing this post the purpose is not encouraged to vandalize,just to illustrate one Issue,there who used to post the information provided did what bad thing,that is entirely his own Own thing,and own nothing! A few days ago at home a 1 6 9 node read news,this site is the top of a Row...

After testing,it seems the Administrastor account is really insecure-vulnerability warning-the black bar safety net

If you have an ordinary user account,there is a very simple method to get the NT Administrator account: First put c:\winnt\system32 under logon. the scr was renamed as logon. old backup Then put the usrmgr. exe renamed to logon. scr Then restart the logon. the scr is loaded at startup of the...

Novell NetWare Enterprise Web Server /perl/ handler vulnerable to buffer overflow

Overview Novell NetWare Enterprise Web Server contains a buffer overflow vulnerability that can be exploited via the /perl/ HTTP request handler. A remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the server process. Description Novell...

Trend Micro OfficeScan 3.x - CGI Directory Insufficient Permissions

source: https://www.securityfocus.com/bid/6616/info A vulnerability has been reported for Trend Micro OfficeScan that may allow attackers to access programs residing in the cgi directory of the OfficeScan installation. http://x.x.x.x/officescan/cgi/cgiMasterPwd.exe...

Trend Micro OfficeScan 3.x - CGI Directory Insufficient Permissions

Trend Micro OfficeScan 3.x - CGI Directory Insufficient Permissions source: https://www.securityfocus.com/bid/6616/info A vulnerability has been reported for Trend Micro OfficeScan that may allow attackers to access programs residing in the cgi directory of the OfficeScan installation...

Advisory Ghttp 1.4

/--------------------------------------------/ / - Advisory "Ghttpd 1.4" - / /--------------------------------------------/ / Auteurs : Lionel & Gangstuck / / Contact : [email protected] / / [email protected] / / WEB : www.secu-fr.org / / www.clickmicro.com / / IRC : :secu-fr clickmicro /...

Очередная дырка в WebSite Pro

CGI-директории по умолчанию открыты на запись. В состав сервера входит программа, позволяющая загружать файлы на сервер. Кроме того, при определенном запросе сервер показывает путь к локальным файлам, что суммарно позволяет загрузить и выполнить любой файл на сервере...

CVE-2000-0213

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters...

CVE-2000-0213

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters...