jetlib.sec

48 items tagged "cgi"

Related tags: security vulnerability [+], header values [+], header [+], php [+], cgi backdoor [+], site [+], shell [+], command execution [+], capability [+], argument [+], txt [+], stack buffer [+], network node manager [+], miyabi [+], manager. authentication [+], input validation [+], hp network [+], code [+], cgi tools [+], whitepaper [+], web browser [+], web [+], tickling [+], tcl cgi scripts [+], shell metacharacters [+], query string [+], problems [+], perl cgi program [+], nnm [+], neo [+], namazu [+], mdvsa [+], mako [+], irc [+], format string [+], exploits [+], exploit [+], code execution [+], clearsilver [+], cgi script [+], cgi problems [+], cgi irc [+], bugtraq [+], buffer overflow [+], zonecheck [+], zip [+], urchin [+], surgeftpmgr [+], surgeftp [+], statuswml [+], sql [+], shell command [+], script [+], remote exploit [+], nagios [+], mime [+], injection [+], inj [+], index [+], hot links [+], google urchin [+], google [+], evuln [+], devshell [+], d link [+], cross [+], backuppc [+], authentication [+], admin [+], Tools [+], vulnerability [+], perl [+], perl cgi [+]

May 22, 2012
4:11
PHP CGI Argument Injection
» ‎ Packet Storm Security Exploits

PHP CGI argument injection remote exploit version 0.3. Works on versions up to 5.3.12 and 5.4.2.
Tags: cgi php argument remote-exploit
May 05, 2012
19:16
PHP CGI Injection
» ‎ Packet Storm Security Exploits

PHP CGI argument injection exploit that executes phpinfo.
Tags: cgi php argument exploit

19:16
PHP CGI Injection
» ‎ Packet Storm Security Recent Files

PHP CGI argument injection exploit that executes phpinfo.
Tags: injection cgi php exploit

18:32
PHP CGI Argument Injection
» ‎ Packet Storm Security Exploits

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."
Tags: cgi php argument shell-metacharacters code-execution query-string

18:32
PHP CGI Argument Injection
» ‎ Packet Storm Security Misc. Files

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."
Tags: cgi php argument shell-metacharacters code-execution query-string

February 21, 2012
0:00
Vuln: BackupPC 'index.cgi' Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

BackupPC 'index.cgi' Cross Site Scripting Vulnerability
Tags: backuppc cgi index vulnerability
December 23, 2011
0:00
Vuln: ClearSilver 'neo_cgi' Module Format String Vulnerability
» ‎ SecurityFocus Vulnerabilities

ClearSilver 'neo_cgi' Module Format String Vulnerability
Tags: neo clearsilver cgi format-string vulnerability
December 09, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
December 08, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
December 01, 2011
0:00
Vuln: ClearSilver 'neo_cgi' Module Format String Vulnerability
» ‎ SecurityFocus Vulnerabilities

ClearSilver 'neo_cgi' Module Format String Vulnerability
Tags: neo clearsilver cgi format-string vulnerability

October 15, 2011
16:36
Perl CGI Shell
» ‎ Packet Storm Security Recent Files

This is a Perl CGI backdoor that provides shell-like capability.
Tags: perl cgi shell cgi-backdoor capability

16:36
Perl CGI Shell
» ‎ Packet Storm Security Tools

This is a Perl CGI backdoor that provides shell-like capability.
Tags: perl cgi shell cgi-backdoor capability
16:36
Perl CGI Shell
» ‎ Packet Storm Security Tools

This is a Perl CGI backdoor that provides shell-like capability.
Tags: perl cgi shell cgi-backdoor capability

16:36
Perl CGI Shell
» ‎ Packet Storm Security Misc. Files

This is a Perl CGI backdoor that provides shell-like capability.
Tags: perl cgi shell cgi-backdoor capability

October 11, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
May 03, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi

March 23, 2011
15:00
[remote exploits] - HP NNM CGI webappmon.exe execvp Buffer Overflow
» ‎ 1337day (was: Inj3ct0r, 1337db)

[remote exploits] - HP NNM CGI webappmon.exe execvp Buffer Overflow
Tags: nnm cgi exploits buffer-overflow
15:00
[remote exploits] - HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
» ‎ 1337day (was: Inj3ct0r, 1337db)

[remote exploits] - HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
Tags: nnm cgi exploits buffer-overflow

March 03, 2011
7:57
Tickling CGI Problems
» ‎ Packet Storm Security Recent Files

Tickling CGI Problems is a whitepaper that focuses on the security of Tcl CGI scripts.
Tags: tickling cgi problems tcl-cgi-scripts cgi-problems whitepaper

7:57
Tickling CGI Problems
» ‎ Packet Storm Security Misc. Files

Tickling CGI Problems is a whitepaper that focuses on the security of Tcl CGI scripts.
Tags: tickling cgi problems tcl-cgi-scripts cgi-problems whitepaper

February 09, 2011
5:28
CGI IRC 0.5.10
» ‎ Packet Storm Security Recent Files

CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
Tags: cgi web irc perl-cgi-program cgi-irc web-browser

5:28
CGI IRC 0.5.10
» ‎ Packet Storm Security Misc. Files

CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
Tags: cgi web irc perl-cgi-program cgi-irc web-browser

January 31, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
January 25, 2011
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
January 14, 2011
14:00
Bugtraq: [ MDVSA-2011:008 ] perl-CGI
» ‎ SecurityFocus Vulnerabilities

[ MDVSA-2011:008 ] perl-CGI
Tags: bugtraq mdvsa cgi perl-cgi
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
December 23, 2010
0:00
Vuln: D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability
Tags: d-link admin cgi cgi-script vulnerability authentication
December 15, 2010
0:00
Vuln: Google Urchin 'urchin.cgi' Local File Include Vulnerability
» ‎ SecurityFocus Vulnerabilities

Google Urchin 'urchin.cgi' Local File Include Vulnerability
Tags: google urchin cgi google-urchin vulnerability
December 14, 2010
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
December 09, 2010
0:00
Vuln: Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Tags: perl cgi header security-vulnerability header-values perl-cgi
December 01, 2010
0:00
Vuln: Perl CGI.pm 'multipart/x-mixed-replace' MIME Boundary HTTP Response Splitting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Perl CGI.pm 'multipart/x-mixed-replace' MIME Boundary HTTP Response Splitting Vulnerability
Tags: mime perl cgi perl-cgi vulnerability
November 22, 2010
9:00
Bugtraq: [eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version)
» ‎ SecurityFocus Vulnerabilities

[eVuln.com] report.cgi SQL inj in Hot Links SQL (CGI version)
Tags: evuln cgi sql inj hot-links
November 16, 2010
14:00
Bugtraq: [ MDVSA-2010:237 ] perl-CGI
» ‎ SecurityFocus Vulnerabilities

[ MDVSA-2010:237 ] perl-CGI
Tags: bugtraq mdvsa cgi
September 29, 2010
0:00
Vuln: Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
Tags: mako cgi site vulnerability
July 07, 2010
0:00
Vuln: Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
Tags: mako cgi site vulnerability
June 30, 2010
0:00
Vuln: Miyabi CGI Tools 'index.pl' Remote Command Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Miyabi CGI Tools 'index.pl' Remote Command Execution Vulnerability
Tags: Tools cgi miyabi command-execution cgi-tools vulnerability

June 29, 2010
21:05
miyabicgi-exec.txt
» ‎ Packet Storm Security Recent Files

Miyabi CGI Tools suffers from an input validation vulnerability that allows for command execution.
Tags: txt cgi miyabi command-execution input-validation cgi-tools

21:03
miyabicgi-exec.txt
» ‎ Packet Storm Security Exploits

Miyabi CGI Tools suffers from an input validation vulnerability that allows for command execution.
Tags: txt cgi miyabi command-execution input-validation cgi-tools

June 23, 2010
1:02
cgi-exploitable.txt
» ‎ Packet Storm Security Tools

This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
Tags: txt script cgi command-execution input-validation cgi-script

June 19, 2010
18:03
devshell.zip
» ‎ Packet Storm Security Misc. Files

Devshell is a CGI backdoor kit.
Tags: devshell cgi zip cgi-backdoor

June 07, 2010
0:00
Vuln: ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZoneCheck 'zc.cgi' Cross Site Scripting Vulnerability
Tags: cross cgi zonecheck vulnerability
May 31, 2010
0:00
Vuln: SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities
Tags: surgeftpmgr cgi surgeftp

May 11, 2010
20:34
ZDI-10-086.txt
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 10-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid Hostname parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

20:00
ZDI-10-084.txt
» ‎ Packet Storm Security Recent Files

Zero Day Initiative Advisory 10-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

20:00
ZDI-10-084.txt
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 10-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

April 27, 2010
0:00
Vuln: Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
Tags: namazu cgi site vulnerability
April 22, 2010
0:00
Vuln: Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

Namazu 'namazu.cgi' Cross-Site Scripting Vulnerability
Tags: namazu cgi site vulnerability
March 30, 2010
0:00
Vuln: Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
Tags: cgi statuswml nagios shell-command vulnerability

jetlib.sec » Tags » cgi

Feeds

48 items tagged "cgi"

Tags: cgi php argument remote-exploit

Tags: cgi php argument exploit

Tags: injection cgi php exploit

Tags: cgi php argument shell-metacharacters code-execution query-string

Tags: cgi php argument shell-metacharacters code-execution query-string

Tags: backuppc cgi index vulnerability

Tags: neo clearsilver cgi format-string vulnerability

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: neo clearsilver cgi format-string vulnerability

Tags: perl cgi shell cgi-backdoor capability

Tags: perl cgi shell cgi-backdoor capability

Tags: perl cgi shell cgi-backdoor capability

Tags: perl cgi shell cgi-backdoor capability

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: nnm cgi exploits buffer-overflow

Tags: nnm cgi exploits buffer-overflow

Tags: tickling cgi problems tcl-cgi-scripts cgi-problems whitepaper

Tags: tickling cgi problems tcl-cgi-scripts cgi-problems whitepaper

Tags: cgi web irc perl-cgi-program cgi-irc web-browser

Tags: cgi web irc perl-cgi-program cgi-irc web-browser

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: bugtraq mdvsa cgi perl-cgi

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: d-link admin cgi cgi-script vulnerability authentication

Tags: google urchin cgi google-urchin vulnerability

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: perl cgi header security-vulnerability header-values perl-cgi

Tags: mime perl cgi perl-cgi vulnerability

Tags: evuln cgi sql inj hot-links

Tags: bugtraq mdvsa cgi

Tags: mako cgi site vulnerability

Tags: mako cgi site vulnerability

Tags: Tools cgi miyabi command-execution cgi-tools vulnerability

Tags: txt cgi miyabi command-execution input-validation cgi-tools

Tags: txt cgi miyabi command-execution input-validation cgi-tools

Tags: txt script cgi command-execution input-validation cgi-script

Tags: devshell cgi zip cgi-backdoor

Tags: cross cgi zonecheck vulnerability

Tags: surgeftpmgr cgi surgeftp

Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

Tags: code cgi vulnerability manager.-authentication network-node-manager stack-buffer hp-network

Tags: namazu cgi site vulnerability

Tags: namazu cgi site vulnerability

Tags: cgi statuswml nagios shell-command vulnerability