CVE-2009-1556

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

CVE-2006-3377

Cross-site scripting XSS vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the 1 Keyword parameter in search.php and the 2 Username parameter in main.cgi...

Linksys Web Camera File Inclusion Vuln

Linksys Web Camera version 2.10 only tested with 2.10 is vulnerable to a file inclusion vulnerability in main.cgi Example: http://www.host.com/main.cgi?nextfile=/etc/passwd...

CVE-2001-0075

CVE-2001-0075 involves the Technote package where the CGI script main.cgi is vulnerable to a directory traversal via the filename parameter (using “..”). This allows remote attackers to read arbitrary files on the host, with the privileges of the web server. The vulnerability is concrete in the T...