766 matches found
MESSOA NIC990 IP-Camera Authentication Bypass
MESSOA NIC990 IP-Camera auth bypass configuration download Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies,...
Crestron AirMedia AM-100 cgi-bin/login.cgi Directory Traversal Vulnerability
The Crestron AirMedia AM-100 is a gateway product from Crestron Electronics, USA. A directory traversal vulnerability in the cgi-bin/login.cgi file in the Crestron AirMedia AM-100 device allows remote attackers to submit a special request to read arbitrary files...
xeanon.com XSS vulnerability
Vulnerable URL: http://www.xeanon.com/cgi-bin/xsn.cgi?l=rus=account Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 669335 VIP website status:| No Check xeanon.com SSL connection:|...
The vulnerability of the Microprogramming Software of the AirTies router allows a hacker to execute arbitrary code.
The vulnerability of the AirTies router’s microprogramming software arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending an incorrect parameter to the cgi-bin/login subcomponent remotely...
CVE-2015-8289
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code...
TP-Link SC2020n Authenticated Telnet Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'TP-Link SC2020n Authenticated Telnet Injection', 'Description' = %q The TP-Link SC2020n Network Video Camera is vulnerable to O...
CVE-2015-7248
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...
secure.worc.ac.uk XSS vulnerability
Vulnerable URL: https://secure.worc.ac.uk/cgi-bin/library/digitization/login.pl?errmsg=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:49 GMT Vulnerability type:| XSS Vulnerability status:|...
CVE-2014-6616
Cross-site scripting XSS vulnerability in Softing FG-100 PROFIBUS Single Channel FG-100-PB with firmware FG-x00-PBV2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICENAME parameter to cgi-bin/CFGhttp/...
python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...
Multiple AirTies Air product stack buffer overflow vulnerability
Airties Air 6372 and others are wireless modem products from Airties Turkey. Multiple AirTies Air products contain a cgi-bin/login that fails to properly handle extra-long strings in the 'redirect' parameter, allowing remote attackers to exploit the vulnerability by submitting a special request...
Stack overflow
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login...
CVE-2015-2797
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login...
python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...
CVE-2014-9727
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...
PT-2015-4366 · Avm · Avm Fritz!Box
Name of the Vulnerable Software and Affected Versions: AVM Fritz!Box affected versions not specified Description: The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the var:lang parameter to the "cgi-bin/webcm" API endpoint...
Dell SonicWALL Secure Remote Access Cross-Site Request Forgery Vulnerability
Dell SonicWALL Secure Remote Access is a remote security access solution. A cross-site request forgery vulnerability exists in the Dell SonicWALL Secure Remote Access user portal, which allows remote attackers to construct a special cgi-bin/editBookmark request that hijacks an authenticated user...
CVE-2015-2248
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
CVE-2015-2248
Dell SonicWALL Secure Remote Access (SRA) appliances are affected by CVE-2015-2248 (CSRF in the user portal) affecting firmware prior to 7.5.1.0-38sv and 8.x prior to 8.0.0.1-16sv. The vulnerability enables an attacker to hijack a logged-in user’s authentication to create bookmarks via a crafted ...