CVE-2008-6555

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...

i-dreams GB 5.4 Final (admin.dat) File Disclosure Vulnerability

Exploit for cgi platform in category web applications =============================================================== i-dreams GB 5.4 Final admin.dat File Disclosure Vulnerability ===============================================================...

CVE-2009-0545

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...

NaviCopa HTTP Server buffer overflow

Stack buffer overflow stack overrun on oversized request to cgi-bin directory. Script content leak with "." added to path...

HSPell 1.1 Command Execution

!/usr/bin/perl use IO::Socket; print q HSpell v1.1 Command Execution Exploit Theres a 1000 ways to improve this exploit, but I really couldn't be fucked with it. Made By ZeN http://dusecurity.com/ http://darkcode.me/ ; $host = 'site.com'; $port = '80'; $path = '/cgi-bin/cilla.cgi'; ShellMe: print...

HTMPL 1.11 - Command Execution

HTMPL 1.11 - Command Execution Software : HTMPL v1.11 Download Link : http://vmeste.org/templex/doc/1.html Vulnrability : Command Execution Severity : High Author : ZeN Website : http://dusecurity.com / http://darkcode.me/ Exploit : site.com/cgi-bin/htmpladmin.cgi?help=|cat /etc/passwd A few othe...

Ads Pro (dhtml.pl page) Remote Command Execution Exploit

No description provided by source. \Adspro Script Remote Command Execution/ Author S0l1D Script Adspro Homepage http://adspro.mhfmedia.com/index.shtm \Exploit/ http://serv.com/cgi-bin/adspro/dhtml.pl?page=adverttop.htm|id| http://serv.com/cgi-bin/adspro/dhtml.pl?page=advertlogin.htm|id|...

CVE-2008-2835

CVE-2008-2835 affects IGSuite 3.2.4 with a SQL injection in cgi-bin/igsuite via the formid parameter, enabling remote attackers to execute arbitrary SQL commands. Public exploit references exist (Exploit-DB), but the provided documents do not include a remediation or patch details.

IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection

!/usr/bin/perl 05/18/2008 - IGSuite 3.2.4 Blind SQL Injection - ksOSe 05/21/2008 - Vendor notified 05/23/2008 - A patch was pushed via the igsuited daemonnot enabled by default Fix: run igsuited --update-igsuite or upgrade to 3.2.5-beta. Tested on IGSuite 3.2.4 on linux with MySQL, needs ncin pat...

Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Parameter XSS

According to its firmware version, the remote Barracuda Spam Firewall device fails to filter input to the 'email' parameter of the '/cgi-bin/ldaptest.cgi' script before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary...

CVE-2008-1960

CVE-2008-1960 describes a Cross-site Scripting (XSS) vulnerability in ContRay 3.x, affecting the CGI script cgi-bin/contray/search.cgi via the search parameter. Remote attackers can inject arbitrary web script or HTML. Per NVD data, the attack is network-delivery with medium complexity and no aut...

Design/Logic Flaw

cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...

Authentication flaw

cgi-bin/setupdns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns11, dns12, dns13, and dns14 parameters. NOTE: it was later reported that...

CVE-2007-6700

Cross-site scripting XSS vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

CVE-2007-5735

CVE-2007-5735 affects eFileMan 7.1.0.87-88. The vulnerability arises from storing sensitive information under the web root with insufficient access control, allowing remote attackers to obtain unspecified user information via a direct request to cgi-bin/efileman/efileman_config.pm. Impact is part...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

CVE-2007-5673

Cross-site scripting XSS vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the 1 DD or 2 DU parameter...

CVE-2007-4822

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...