Geutebruck instantrec Remote Command Execution
This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx...
View ArticleApache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by...
View ArticleUbuntu Security Notice USN-5142-3
Ubuntu Security Notice 5142-3 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the...
View ArticleCisco Small Business RV Series Authentication Bypass / Command Injection
This Metasploit module exploits an authentication bypass (CVE-2021-1472) and command injection (CVE-2021-1473) in the Cisco Small Business RV series of VPN/routers. The device does not adequately...
View ArticleZyxel Firewall ZTP Unauthenticated Command Injection
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious...
View ArticleCarel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal
Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash...
View ArticleSchneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute...
View ArticleWebmin 1.984 File Manager Remote Code Execution
In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote...
View ArticleperfSONAR 4.4.4 Open Proxy / Relay
perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the...
View ArticleSOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.
View ArticleSOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.
View ArticleUbuntu Security Notice USN-5806-1
Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly...
View ArticleUbuntu Security Notice USN-5806-2
Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby...
View ArticleUbuntu Security Notice USN-5806-3
Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user...
View ArticlePython CGI Documentation Cross Site Scripting
The documentation for the python CGI module suffers from a cross site scripting vulnerability.
View ArticleSecurePoint UTM 12.x Session ID Leak
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
View ArticleSecurePoint UTM 12.x Memory Leak
SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
View ArticleUbuntu Security Notice USN-6181-1
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly...
View ArticleWestern Digital MyCloud Unauthenticated Command Injection
This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve...
View ArticleTinycontrol LAN Controller 3 Denial Of Service
Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory...
View ArticleLexmark Device Embedded Web Server Remote Code Execution
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer...
View ArticleElectrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the...
View ArticleR Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text...
View ArticleNikto Web Scanner 2.5.0
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers,...
View ArticleQNAP QTS / QuTS Hero Unauthenticated Remote Code Execution
There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network...
View Article
