Sun Secure Global Desktop / Oracle Global Desktop Shellshock

Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop Google Dork: intitle:Install the Sun Secure Global Desktop Native Client Date: 6/4/2016 Exploit Author: [email protected] Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/ Software Link:...

D-Link 2750u/2730u /cgi-bin/webproc 任意文件读取

No description provided by source...

shopvac.com vulnerability

Vulnerable URL: https://www.shopvac.com/cgi-bin/clickthru.asp?URL=https://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 21.12.2015 Latest check for patch:| 21.12.2015 16:07 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 274016 Google Pagerank| 4 VIP website...

refe.co.jp vulnerability

Vulnerable URL: http://www.refe.co.jp/cgi-bin/yomi-search/rank.cgi?mode=link=1147=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 19.12.2015 Latest check for patch:| 19.12.2015 09:47 GMT Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

EasyCTF Arbitrary File Content Write Vulnerability

EasyCTF is a CGI program for scoring CTFs. EasyCTF has an unspecified security vulnerability that could be exploited by remote attackers to write arbitrary executable content to a file...

Airties login-cgi Buffer Overflow

This module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This module has been tested successfully on the...

Remotely Exploitable 'Bash Shell' Vulnerability Affects Linux, Unix and Apple Mac OS X

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier toda...

Caldera OpenLinux 2.3 rpm_query CGI Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and version...

ContentKeeper Web Appliance < 125.10 Command Execution

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Boozt 0.9.8 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3787/info Boozt! is a free open source banner management software for Linux hosts. An issue has been reported which could allow for a user to execute arbitrary code on a Boozt! host. This is acheivable when a Boozt! user...

Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability

No description provided by source. Apache = 1.1,NCSA httpd = 1.5.2,Netscape Commerce Server 1.12/Communications Server 1.1/Enterprise Server 2.0 a nph-test-cgi Vulnerability source: http://www.securityfocus.com/bid/686/info Description as given by Josh Richards: A security hole exists in the...

Sambar Server 4.2 beta 7 Batch CGI Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid...

nph-maillist 3.0/3.5 Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form,...

Active Classifieds 1.0 Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remo...

Adcycle 0.77/0.78 AdLibrary.pm Session Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2393/info Adcycle is a package of perl scripts available from Adcycle.com. The scripts are designed to manage banner ad rotation through a web interface, backended with a MySQL database. A problem with the suite could all...

ShopEx某些服务器存在任意代码执行漏洞(可泄漏用户交易数据)

简要描述： 可执行命令，查看源码！ 详细说明： php cgi漏洞 http://shop322763.p13.shopex.cn/ 漏洞证明： http://shop322763.p13.shopex.cn/?-s http://shop319398.p09.shopex.cn/?-s http://shop317459.p21.shopex.cn/?-s 尝试执行PHP代码，虽然有openbasedir，disablefunctions的限制，不过我能直接CGI方式给PHP传参，这些限制自然不在话下，bypass之。 影响的用户太多了，厂商还是自查吧。。。...

Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities

Exploit for linux platform in category web applications Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manag...

CVE-2013-3506

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...

QNAP Turbo NAS 3.7.3 File Disclosure

Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120507)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially crafted request to a PHP script that would result in the que...