PHP CGI Argument Injection

PHP CGI Argument Injection Remote Exploit PHP CGI Argument Injection Coded by: Mostafa Azizi admin@0-Daydotnet Mass File Uploader /th...

CVE-2012-1823

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the 1 cusemail parameter in a custlostpw action; or 2 helpname, 3 helpemail, 4 helpwebsite, or 5 helpexampleurl parameters in an...

D-Link DNS-320 ShareCenter - Remote RebootShutdownReset (Denial of Service)

D-Link DNS-320 ShareCenter - Remote RebootShutdownReset Denial of Service !/usr/bin/perl Title: ShareCenter D-Link DNS-320 remote reboot/shutdown/reset DoS. Type: Hardware Remote: yes Author: rigan - imrigan sobachka gmail.com Tested on: Firmware : DNS320-v2.00b06 Security flaws: dskmgr.cgi allow...

About CGI exploits-vulnerability warning-the black bar safety net

CGI vulnerability has always been easy to be people ignore the problem, but also is widespread, and shortly before the break PCWEEK LINUX hack is to use the CGI a vulnerability. I myself know of and from a foreign site, it seems that some of the CGI vulnerabilities to write some use of CGI in the...

CVE-2010-4411

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761...

Mercantec Softcart CGI Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercantec...

Netgear SSL312 Router - Denial of Service

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2008-02-27 Affected Software: propietary CGI Affected OS : Netgear embedded Linux for...

Trend Micro OfficeScan Server cgiRecvFile.exe Buffer Overflow Vulnerability.

This Remote host is installed with Trend Micro OfficeScan, which is prone to Buffer Overflow Vulnerability. OpenVAS Vulnerability Test $Id: secpodtrendmicroofficescanbofvulnsept08900220.nasl 8615 2018-02-01 08:19:49Z cfischer $ Description: Trend Micro OfficeScan Server cgiRecvFile.exe Buffer...

HTTPD-User-Manage cross-site scripting vulnerability

Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...

A CGI vulnerability discovery and exploit-vulnerability warning-the black bar safety net

Disclaimer:writing this post the purpose is not encouraged to vandalize,just to illustrate one Issue,there who used to post the information provided did what bad thing,that is entirely his own Own thing,and own nothing! A few days ago at home a 1 6 9 node read news,this site is the top of a Row...

Ourspace 2.0.9 - uploadmedia.cgi Arbitrary File Upload

Ourspace 2.0.9 - uploadmedia.cgi Arbitrary File Upload ++++++++++++++++++++++++++++++++++++ | Discovered by Breakerunit & Don | | Ourspace 2.0.9| script info: http://www.codedworld.com/download/our-space/26931.html Exploit: /cgi-bin/ourspace/newswire/uploadmedia.cgi dork: inurl:"/cgi-bin/ourspace...

Mail Machine 3.989 - Local File Inclusion

!/usr/bin/perl -w Mail Machine Local File Include Exploit Vuln. v3.980, v3.985, v3.987, v3.988 and v3.989 ! Application homepage : http://www.mikesworld.net/mailmachine.shtml ! Author : H4 / Team XPK ! Contact : [email protected] -------------------------------------------------------------------...

Design/Logic Flaw

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."...

Network Security Series knowledge of CGI exploits collection on-vulnerability warning-the black bar safety net

Following the collection and collation of some of the famous CGI vulnerability and provided some security recommendations and solutions, if the server of the presence of these vulnerabilities not patched, then, each vulnerability is likely will fill the intruder utilization, increase Server been...

SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "sysinfo.cgi 1.21 remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: inurl:sysinfo.cgi ext:cgi\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0...

SysInfo 1.21 - 'sysinfo.cgi' Remote Command Execution

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $e...

JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability

Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...

Remember the Alma Mater of a non-marginalia attack-vulnerability warning-the black bar safety net

Editor's note: a very old article, The author has also not been released, I steal it out for everyone to draw on the following ideas． A． Causes. School of the FAI says he sent the on-campus DV reviews old deleted, so they want to test the forum security, then on the use side note got the...

msmmask.exe

The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your webserver's directories by using the 'mask' parameter. OpenVAS Vulnerability Test $Id: msmmask.nasl 5786 2017-03-30 10:08:58Z cfi $ Description: msmmask.exe Authors: Michel Arboi Copyright:...