VulnCheck KEV: CVE-2017-16959

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2104

CVE-2012-2104 concerns the Munin project: the CGI script cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which could allow a user‑assisted remote attacker to inject terminal emulator escape sequences and execute arbitrary commands or del...

CVE-2012-4667

Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...

CVE-2012-0902

AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service reboot via a direct request to cgi-bin/loader...

Design/Logic Flaw

AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service reboot via a direct request to cgi-bin/loader...

CVE-2011-4715

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm...

CVE-2011-4715

CVE-2011-4715 affects Koha and LibLime Koha prior to updates: a directory traversal/ local file inclusion flaw in cgi-bin/koha/mainpage.pl related to the KohaOpacLanguage cookie can allow reading arbitrary files via the cookie to cgi-bin/opac/opac-main.pl (Output.pm). Affected versions: Koha 3.4 ...

LibLime Koha 4.2 - Local File Inclusion

Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team www.vigasis.com 0-Day Exploit Akin Tosunlar Special Thanks to Ozg...

CommerceSQL LFI Vulnerability

Exploit for php platform in category web applications Exploit Title: CommerceSQL LFI Vulnerability . Author: xConsoLe Home: http://dztools.net Vendor or Software Link: http://www.commercesql.com/ Category:: Local File Include d0rk: intext:Couldn't exec sth! at ./admin/htmllib.pl line d0rk:...

gitWeb 1.x Remote Command Execution

Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.X Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code:...

CVE-2001-1586

CVE-2001-1586 affects SimpleServer:WWW 1.13 and earlier. It is a directory traversal flaw where encoded ../ sequences in requests to the cgi-bin/ directory allow remote attackers to run arbitrary commands with the server’s privileges. OpenVAS/Nessus entries describe remote command execution, conf...

CVE-2008-7115

The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to 1 statusprocess.exe, 2 systemall.exe, or 3 restore.exe in cgi-bin/. NOTE: the setupdns.exe...

CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

CVE-2009-2766

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests...

CVE-2009-2765

The CVE-2009-2765 issue affects the DD-WRT HTTPd management GUI, where httpd.c in the HTTP daemon is vulnerable to shell metacharacter injection via requests to a CGI-bin URI. The vulnerability allows an unauthenticated remote attacker to execute arbitrary commands with root privileges on affecte...

PT-2009-5129

Name of the Vulnerable Software and Affected Versions DD-WRT versions prior to build 12533 Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a "cgi-bin/" URI. This is due to a problem in the httpd.c in httpd in the management GUI...

CVE-2009-2322

The CVE-2009-2322 entry concerns the Axesstel MV 410R router. A vulnerability in the CGI script cgi-bin/sysconf.cgi enables cross-site scripting (XSS), allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD metrics indicate a Medium severity (CVSS v2: AV...

Command injection

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...