766 matches found
SGI IRIX <= 6.4 cgi-bin handler Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/380/info A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute arbitrary commands on the...
Microburst uDirectory 2.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software...
Rit Research Labs TinyWeb 1.9.2 Unauthorized Script Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will all...
Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl...
Philip Chinery's Guestbook 1.1 Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4566/info Philip Chinery's Guestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Philip Chinery's Guestbook does not filter script...
SGI IRIX 6.2 cgi-bin wrap Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/373/info A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world...
WEBgais 1.0 websendmail Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2077/info WEBgais is a package that provides a web interface to the gais Global Area Intelligent Search search engine tool. This package contains a vulnerable script, websendmail, which can be used to execute arbitrary...
DNSTools Software DNSTools 1.0.8/1.10 Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1028/info A vulnerability exists in the 1.0.8 release of DNSTools labeled on some areas of their site as 1.08, from DNSTools Software. By manipulating the contents of certain post variables, arbitrary code may be executed...
Design/Logic Flaw
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to 1 cause a denial of service reboot via a defaultreboot action or 2 reset all configuration values via a factorydefault action...
Design/Logic Flaw
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...
Path traversal
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter...
Cross site request forgery (csrf)
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...
Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
/ Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi package. When the php5-cgi package is installed on Debian and...
Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution
Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution / Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi...
CVE-2013-3686
cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action...
CVE-2013-2578
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the ServerName parameter and 2 other unspecified...
CVE-2013-3686
cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action...
CVE-2013-3541
The CVE-2013-3541 entry concerns a directory traversal vulnerability in AirLive devices, specifically the cgi-bin/admin/fileread functionality. The documented flaw allows remote attackers to read arbitrary files by manipulating the READ.filePath parameter (using .. to traverse directories). Affec...
ZeroShell cgi-binkerbynet - Local File Disclosure
ZeroShell cgi-binkerbynet - Local File Disclosure Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here :...
Command injection
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...