Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:46 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1480117076&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=CGI%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fcgi%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1480117076.1338191806.1338191806.1338191806.1%3B%2B__utmz%3D32867617.1338191806.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112971/phpcgi-exploit.txt http://packetstormsecurity.org/files/112971/phpcgi-exploit.txt http://packetstormsecurity.org/files/112971/PHP-CGI-Argument-Injection.html Tue, 22 May 2012 11:11:11 GMT PHP CGI argument injection remote exploit version 0.3. Works on versions up to 5.3.12 and 5.4.2. http://packetstormsecurity.org/files/112631/RHSA-2012-0570-01.txt http://packetstormsecurity.org/files/112631/RHSA-2012-0570-01.txt http://packetstormsecurity.org/files/112631/Red-Hat-Security-Advisory-2012-0570-01.html Fri, 11 May 2012 21:47:37 GMT Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112606/RHSA-2012-0569-01.txt http://packetstormsecurity.org/files/112606/RHSA-2012-0569-01.txt http://packetstormsecurity.org/files/112606/Red-Hat-Security-Advisory-2012-0569-01.html Thu, 10 May 2012 21:02:26 GMT Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112605/RHSA-2012-0568-01.txt http://packetstormsecurity.org/files/112605/RHSA-2012-0568-01.txt http://packetstormsecurity.org/files/112605/Red-Hat-Security-Advisory-2012-0568-01.html Thu, 10 May 2012 21:02:10 GMT Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112597/MDVSA-2012-068-1.txt http://packetstormsecurity.org/files/112597/MDVSA-2012-068-1.txt http://packetstormsecurity.org/files/112597/Mandriva-Linux-Security-Advisory-2012-068-1.html Thu, 10 May 2012 15:26:54 GMT Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw. http://packetstormsecurity.org/files/112508/RHSA-2012-0547-01.txt http://packetstormsecurity.org/files/112508/RHSA-2012-0547-01.txt http://packetstormsecurity.org/files/112508/Red-Hat-Security-Advisory-2012-0547-01.html Mon, 07 May 2012 20:04:50 GMT Red Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112507/RHSA-2012-0546-01.txt http://packetstormsecurity.org/files/112507/RHSA-2012-0546-01.txt http://packetstormsecurity.org/files/112507/Red-Hat-Security-Advisory-2012-0546-01.html Mon, 07 May 2012 20:04:24 GMT Red Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. http://packetstormsecurity.org/files/112486/phpcgi-inject.txt http://packetstormsecurity.org/files/112486/phpcgi-inject.txt http://packetstormsecurity.org/files/112486/PHP-CGI-Injection.html Sun, 06 May 2012 02:16:06 GMT PHP CGI argument injection exploit that executes phpinfo. http://packetstormsecurity.org/files/112477/php_cgi_arg_injection.rb.txt http://packetstormsecurity.org/files/112477/php_cgi_arg_injection.rb.txt http://packetstormsecurity.org/files/112477/PHP-CGI-Argument-Injection.html Sun, 06 May 2012 01:32:17 GMT When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary." http://packetstormsecurity.org/files/112474/USN-1437-1.txt http://packetstormsecurity.org/files/112474/USN-1437-1.txt http://packetstormsecurity.org/files/112474/Ubuntu-Security-Notice-USN-1437-1.html Sun, 06 May 2012 01:28:45 GMT Ubuntu Security Notice 1437-1 - It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. http://packetstormsecurity.org/files/112290/MDVSA-2012-065.txt http://packetstormsecurity.org/files/112290/MDVSA-2012-065.txt http://packetstormsecurity.org/files/112290/Mandriva-Linux-Security-Advisory-2012-065.html Fri, 27 Apr 2012 20:29:47 GMT Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed. http://packetstormsecurity.org/files/112229/DDIVRT-2012-41.txt http://packetstormsecurity.org/files/112229/DDIVRT-2012-41.txt http://packetstormsecurity.org/files/112229/ACTi-Web-Configurator-cgi-bin-Directory-Traversal.html Thu, 26 Apr 2012 22:49:23 GMT The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server. http://packetstormsecurity.org/files/111488/MDVSA-2012-049.txt http://packetstormsecurity.org/files/111488/MDVSA-2012-049.txt http://packetstormsecurity.org/files/111488/Mandriva-Linux-Security-Advisory-2012-049.html Tue, 03 Apr 2012 02:27:56 GMT Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/110203/TWSL2012-003.txt http://packetstormsecurity.org/files/110203/TWSL2012-003.txt http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html Fri, 24 Feb 2012 23:42:42 GMT Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page. http://packetstormsecurity.org/files/110201/bugzillaxmlrpc-xsrf.txt http://packetstormsecurity.org/files/110201/bugzillaxmlrpc-xsrf.txt http://packetstormsecurity.org/files/110201/Bugzilla-Cross-Site-Request-Forgery.html Fri, 24 Feb 2012 23:38:30 GMT Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2. http://packetstormsecurity.org/files/108874/hp_nnm_ovbuildpath_textfile.rb.txt http://packetstormsecurity.org/files/108874/hp_nnm_ovbuildpath_textfile.rb.txt http://packetstormsecurity.org/files/108874/HP-OpenView-Network-Node-Manager-ov.dll-_OVBuildPath-Buffer-Overflow.html Fri, 20 Jan 2012 17:22:00 GMT This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path. http://packetstormsecurity.org/files/108793/dacs-1.4.27.tgz http://packetstormsecurity.org/files/108793/dacs-1.4.27.tgz http://packetstormsecurity.org/files/108793/Distributed-Access-Control-System-1.4.27.html Wed, 18 Jan 2012 16:14:48 GMT DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program. http://packetstormsecurity.org/files/108384/ZDI-12-003.txt http://packetstormsecurity.org/files/108384/ZDI-12-003.txt http://packetstormsecurity.org/files/108384/Zero-Day-Initiative-Advisory-12-003.html Fri, 06 Jan 2012 00:06:06 GMT Zero Day Initiative Advisory 12-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. When processing crafted parameters, there exists an insufficient boundary check before supplying a format string with the values, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service. http://packetstormsecurity.org/files/108298/MDVSA-2012-001.txt http://packetstormsecurity.org/files/108298/MDVSA-2012-001.txt http://packetstormsecurity.org/files/108298/Mandriva-Linux-Security-Advisory-2012-001.html Mon, 02 Jan 2012 15:10:09 GMT Mandriva Linux Security Advisory 2012-001 - The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/108454/snort-2.9.2.tar.gz http://packetstormsecurity.org/files/108454/snort-2.9.2.tar.gz http://packetstormsecurity.org/files/108454/Snort-IDS-2.9.2.html Thu, 15 Dec 2011 12:12:12 GMT Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient. http://packetstormsecurity.org/files/107852/ZDI-11-348.txt http://packetstormsecurity.org/files/107852/ZDI-11-348.txt http://packetstormsecurity.org/files/107852/Zero-Day-Initiative-Advisory-11-348.html Wed, 14 Dec 2011 02:39:25 GMT Zero Day Initiative Advisory 11-348 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When processing crafted nameParams parameters, there exists an insufficient boundary check that can lead to a insufficient heap buffer, enabling a heap overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service. http://packetstormsecurity.org/files/107659/RHSA-2011-1797-01.txt http://packetstormsecurity.org/files/107659/RHSA-2011-1797-01.txt http://packetstormsecurity.org/files/107659/Red-Hat-Security-Advisory-2011-1797-01.html Thu, 08 Dec 2011 23:45:56 GMT Red Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. http://packetstormsecurity.org/files/107643/MATTA-2011-003.txt http://packetstormsecurity.org/files/107643/MATTA-2011-003.txt http://packetstormsecurity.org/files/107643/Restorepoint-3.2-Evaluation-Remote-Root-Command-Execution.html Thu, 08 Dec 2011 16:32:29 GMT The 3.2 evaluation image of Restorepoint is vulnerable to a remote command execution vulnerability in the remote_support.cgi script prior to license activation. http://packetstormsecurity.org/files/105843/sublime.pl.txt http://packetstormsecurity.org/files/105843/sublime.pl.txt http://packetstormsecurity.org/files/105843/Perl-CGI-Shell.html Sat, 15 Oct 2011 23:36:27 GMT This is a Perl CGI backdoor that provides shell-like capability. http://packetstormsecurity.org/files/103407/dsa-2285-1.txt http://packetstormsecurity.org/files/103407/dsa-2285-1.txt http://packetstormsecurity.org/files/103407/Debian-Security-Advisory-2285-1.html Tue, 26 Jul 2011 02:52:55 GMT Debian Linux Security Advisory 2285-1 - Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications.