IPCop Firewall cgi-bin/iptablesgui.cgi Arbitrary Code Execution Vulnerability

IPCop Firewall is a firewall suite for the Linux environment , mainly for home and SOHO Small Office/Home Office users . An arbitrary code execution vulnerability exists in cgi-bin/iptablesgui.cgi in IPCop Firewall, which allows remote authenticated users to execute arbitrary code via the TABLE...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

CVE-2013-7417

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the 1 PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or 2 COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi...

CVE-2011-5284

CVE-2011-5284 describes a Cross-site Request Forgery vulnerability in Smoothwall Express 3.1 and 3.0 SP3 and earlier, specifically in the web management interface’s httpd/cgi-bin/shutdown.cgi. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform reboo...

SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...

Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service

/ source: https://www.securityfocus.com/bid/69809/info Multiple Aztech routers are prone to a denial-of-service vulnerability. Attackers may exploit this issue to cause an affected device to crash, resulting in a denial-of-service condition. Aztech DSL5018EN, DSL705E and DSL705EU are vulnerable. ...

VM-Turbo-Operations-Manager 4.5.x /cgi-bin/help/doIt.cgi 任意文件读取漏洞

No description provided by source...

Path traversal

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx...

CVE-2013-5756

The provided sources confirm CVE-2013-5756 affects Yealink VoIP Phone SIP-T38G via a directory traversal in the web interface (cgi-bin/cgiServer.exx). An authenticated remote attacker can read arbitrary files by supplying a crafted …/ page parameter, enabling access to sensitive files such as /et...

CVE-2013-5756

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. dot dot in the page parameter to cgi-bin/cgiServer.exx...

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

E-Mail Security Virtual Appliance (ESVA) Remote Execution

No description provided by source. Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: 2.0.6 ESVA E-Mail Security Virtual...

Cart32 3.0 "expdate" Administrative Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1358/info By appending the string /expdate to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging page containing the server...

PServ 3.2 - Remote Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information...

pserv 3.2 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from t...

Sambar Server 5.x Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7207/info An information disclosure vulnerability has been reported for Sambar Server. The vulnerability exists in some files existing in Sambar Server's cgi-bin directory. An attacker can exploit this vulnerability by...

AutomatedShops WebC 2.0/5.0 Symbolic Link Following Configuration File Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7272/info It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous...

Apache 2.0 Encoded Backslash Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this include Windows,...