EUVD-2026-24503

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

CVE-2026-6799 Comfast CF-N1-S Endpoint mbox-config command injection

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

Comfast CF-N1-S 注入漏洞

The Comfast CF-N1-S is a wireless network adapter device developed by Comfast Corporation. Version 2.6.0.1 of the Comfast CF-N1-S contains a vulnerability caused by incorrect handling of the Endpoint component parameter “destination” in the file /cgi-bin/mbox-config?method=SET§ion=pingconfig. Thi...

Camaleon CMS Insufficient Session Expiration vulnerability

Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed. Resolved in commit...

Denial of Service (DoS)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Denial of Service DoS. The media upload feature crashes permanently when a low privileged attacker uploads a crafted...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

Directory traversal

Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter...

CVE-2010-4798

Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter...

OrangeHRM 2.6.0.1 Local File Inclusion Vulnerability

Exploit for php platform in category web applications ==================================================== OrangeHRM 2.6.0.1 Local File Inclusion Vulnerability ==================================================== Exploit Title: OrangeHRM 2.6.0.1 Local File Inclusion Vulnerability Date: 11-10-2010...