Shocker - A tool to find and exploit servers vulnerable to Shellshock

A tool to find and exploit servers vulnerable to Shellshock Help Text usage: shocker.py -h, --help show this help message and exit --Host HOST, -H HOST A target hostname or IP address --file FILE, -f FILE File containing a list of targets --port PORT, -p PORT The target port number default=80...

D-Link DWR-932 Authentication Bypass / Password Disclosure

D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

Exploit for hardware platform in category web applications D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product UR...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

madeira-island.com XSS vulnerability

Vulnerable URL: http://www.madeira-island.com/cgi-bin/emailcentre/preprocessors/converteuro.cgi?Amount2=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:40 GMT Vulnerability type:| XSS Vulnerabili...

Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

CVE-2015-6435

Cisco CVE-2015-6435 describes a remote command execution vulnerability via an unprotected CGI script in Cisco FX-OS on Firepower 9000 devices and Cisco UCS Manager. A crafted HTTP request to the CGI script can allow an unauthenticated attacker to execute arbitrary shell commands. Affected softwar...

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is...

aupamnet.ru Open Redirect vulnerability

Vulnerable URL: http://aupamnet.ru/cgi-bin/redirect.cgi?url=http://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 7036780 Google Pagerank| 0 VIP website...

integral.esac.esa.int XSS vulnerability

Vulnerable URL: http://integral.esac.esa.int/cgi-scripts/cc/sgssearchccs.cgi?reference=%3CSCRIPT%3Ealert%28String.fromCharCode%2888,%2083,%2083,%2080,%2079,%2083,%2069,%2068%29%29%3C/SCRIPT%3E=v3.0screw=XSS Details: Description| Value ---|--- Patched:| Yes, at 25.01.2016 Latest check for patch:|...

guitar.import-sales.com vulnerability

Vulnerable URL: http://www.guitar.import-sales.com/cgi/cala/indi.cgi?spot=7=http%3A%2F%2Fxssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 2 VIP website...

sugarriverraceway.com vulnerability

Vulnerable URL: http://sugarriverraceway.com/cgi-bin/FrameIt.cgi?url=http://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.01.2016 Latest check for patch:| 26.01.2016 03:42 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 1204206 Google Pagerank| 2 VIP website...

council.nyc.gov XSS vulnerability

Vulnerable URL: http://council.nyc.gov/cgi-bin/goto.cgi?agency=Council=data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTUE9TRUQvKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...

Design/Logic Flaw

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Advantech Switch Bash Environment Variable Code Injection Shellshock', 'Description' = %q This module exploits the Shellshock...

CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

Endian Firewall Proxy Password Change Command Execution (CVE-2015-5082)

A command injection vulnerability has been reported in Endian Firewall. The vulnerability is due to an input validation error in a CGI script. A remote, authenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the target. Successful exploitation could lead to remo...

Synology Video Station 1.5-0757 - Multiple Vulnerabilities

Synology Video Station 1.5-0757 - Multiple Vulnerabilities ------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahi...

Synology Video Station 1.5-0757 Command Injection / SQL Injection

------------------------------------------------------------------------ Synology Video Station command injection and multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Han Sahin, September 2015...