PT-2019-18095 · Soyal · Soyal Ar-829Ev5 +1

Name of the Vulnerable Software and Affected Versions: SOYAL AR-727H affected versions not specified SOYAL AR-829Ev5 affected versions not specified Description: The issue allows unauthenticated POST access to all CGI programs. Recommendations: For SOYAL AR-727H, at the moment, there is no...

Home Web Server 1.9.1 Build 164 Remote Code Execution

Exploit Title: Home Web Server 1.9.1 build 164 - CGI Remote Code Execution Date: 26/05/2017 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage: http://downstairs.dnsalias.net/ does not exist...

Home Web Server 1.9.1 (build 164) - Remote Code Execution

Home Web Server 1.9.1 build 164 - Remote Code Execution Exploit Title: Home Web Server 1.9.1 build 164 - CGI Remote Code Execution Date: 26/05/2017 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor...

CVE-2017-5633

Multiple cross-site request forgery CSRF vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to 1 change the admin password, 2 reboot the device, or 3 possibly have unspecified other impact via crafted requests to CGI programs...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to 1 change the admin password, 2 reboot the device, or 3 possibly have unspecified other impact via crafted requests to CGI programs...

CVE-2017-5633

Multiple cross-site request forgery CSRF vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to 1 change the admin password, 2 reboot the device, or 3 possibly have unspecified other impact via crafted requests to CGI programs...

CVE-2017-5633

CVE-2017-5633 describes multiple CSRF vulnerabilities affecting the D-Link DI-524 Wireless Router running firmware 9.01. The issue enables remote attackers to perform actions via crafted requests to CGI programs, including changing the admin password and rebooting the device (and possibly other i...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

Tomcat: CGI sets environmental variable based on user supplied Proxy request header

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

CVE-2014-3896

CVE-2014-3896 involves multiple CSRF vulnerabilities in Seeds acmailer CGI programs. Affected: acmailer < 3.8.17 and

Trend Micro OfficeScan Corporate Edition 3.0/3.5/3.11/3.13 DoS Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/1013/info Trend Micro OfficeScan is an antivirus software program which is deployable across an entire network. During the installation of the management software, the administrator is asked to choose between managing fro...

Wolfram Research webMathematica 4.0 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied inpu...

Trend Micro Interscan Viruswall (Linux) 3.0.1 - Multiple Program Buffer Overflow

source: http://www.securityfocus.com/bid/2579/info Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network. A problem...

NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias...

Apache suEXEC - Information Disclosure Privilege Escalation

Apache suEXEC - Information Disclosure Privilege Escalation Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web...

HP OpenView Network Node Manager execvp_nc Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01207 or NNM01206 without the SSRT100025 hotfix. By specifying a long 'sel' parameter when calling methods within the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow...

[SECURITY] Fedora 13 Update: boa-0.94.14-0.15.rc21.fc13

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

[SECURITY] Fedora 11 Update: boa-0.94.14-0.15.rc21.fc11

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

Remote included and local contain vulnerabilities principle-vulnerability warning-the black bar safety net

First, let's discuss the include file vulnerability,the first thing to ask is,what is"remote file inclusion vulnerability"for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to tha...