sugarriverraceway.com vulnerability

Vulnerable URL: http://sugarriverraceway.com/cgi-bin/FrameIt.cgi?url=http://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.01.2016 Latest check for patch:| 26.01.2016 03:42 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 1204206 Google Pagerank| 2 VIP website...

council.nyc.gov XSS vulnerability

Vulnerable URL: http://council.nyc.gov/cgi-bin/goto.cgi?agency=Council=data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTUE9TRUQvKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...

Design/Logic Flaw

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Advantech Switch Bash Environment Variable Code Injection Shellshock', 'Description' = %q This module exploits the Shellshock...

Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...

Synology Video Station 1.5-0757 Command Injection / SQL Injection

------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...

Synology Video Station 1.5-0757 - Multiple Vulnerabilities

Synology Video Station 1.5-0757 - Multiple Vulnerabilities ------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahi...

Synology Video Station 1.5-0757 - Multiple Vulnerabilities

------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...

Endian Firewall Proxy Password Change Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

Endian Firewall Proxy Password Change Command Injection Exploit

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...

Endian Firewall - Password Change Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module) Exploit

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability i...

Endian Firewall 3.0.0 - OS Command Injection (Metasploit)

Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...

Endian Firewall &lt; 3.0.0 - OS Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change password...

iBall 150M Wireless-N ADSL2+ Router Authentication Bypass

Exploit Title: iBall 150M Wireless-N ADSL2+ Router Authentication Bypass and Vulnerability Date: 23\04\2015 Submitter: Gem George Vendor: iBall Tested product:iBall 150M Wireless-N ADSL2+ Router, firmware version 1.00 Tested Product URL:...

AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

Maroyaka Image Album vulnerable to cross-site scripting

Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Nagios-history.cgi-Exec-Code

CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...

Lantronix xPrintServer Remote Command Execution / CSRF

Hi, The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web interface. The problem is that the configuration happens through some ‘RPC’ interface; the web interfaces uses AJAX requests to talk to a CGI script that simply executes shell...