gitWeb 1.5.2 - Remote Command Execution

No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...

Tarantella Enterprise 3 3.x TTAWebTop.CGI Arbitrary File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script...

Sitebuilder 1.4 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-suppli...

Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an ECHO command in quotes, and as a result shell expansion of the character ca...

Endymion MailMan 3.0..x Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open...

AWStats (6.4-6.5) migrate Remote Command Execution

No description provided by source. $Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon...

CGI Script Center Subscribe Me Lite 2.0 Administrative Password Alteration (2)

No description provided by source. source: http://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition o...

PT-2014-5616 · D Link · D-Link Dir-505 +1

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 versions 1.01b06 and earlier D-Link DIR-505 versions prior to 1.08b10 D-Link DIR-505L versions 1.01 and earlier Description: The issue allows remote attackers to execute arbitrary code via a long Content-Length header in a...

csUpload Authentication Bypass

Exploit Title: "csUpload Script Site" Authentication Bypass Google Dork: CSUpload.cgi?command= Date: 4/9/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12 Version:...

csUpload Script Site - Authentication Bypass

Exploit Title: "csUpload Script Site" Authentication Bypass Google Dork: CSUpload.cgi?command= Date: 4/9/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12 Version:...

Motorola WiMAX CPEi25890 /cgi-bin/f1_fcgi_cgi.fcgi设备名字段跨站脚本漏洞

code/codeMotorola WiMAX CPEi25890是摩托罗拉发布的WiMax猫。 Motorola WiMAX CPEi25890 /cgi-bin/f1fcgicgi.fcgi脚本不正确过滤设备名字段输入，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时可获取敏感信息或者劫持用户会话。 Motorola WiMAX CPEi25890是摩托罗拉发布的WiMax猫。 Motorola WiMAX CPEi25890...

QNAP QTS 'f' Parameter Directory Traversal Vulnerability

QNAP QTS is prone to a directory traversal vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

QNAP QTS path traversal vulnerability

Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-7174QNAP QTS is a Network-Attached Storage NAS system accessible via a web interface. QNAP QTS...

PSF-2013-3 CGI directory traversal (URL parsing)

An error in separating the path and filename of the CGI script to run in http.server.CGIHTTPRequestHandler allows running arbitrary executables in the directory under which the server was started...

HP LaserJet Pro P1606dn - Webadmin Password Reset

HP LaserJet Pro P1606dn - Webadmin Password Reset !/usr/bin/python Exploit Title: HP LaserJet Pro P1606dn Webadmin password reset Date: 20.05.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...

Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Movable Type 4.2x, 4.3x Web Upgrade...

Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution

This module can be used to execute a payload on MoveableType MT that exposes a CGI script, mt-upgrade.cgi usually at /mt/mt-upgrade.cgi, that is used during installation and updating of the platform. The vulnerability arises due to the following properties: 1. This script may be invoked remotely...

Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Movable Type 4.2x, 4.3x Web Upgrade...