Astra Linux - уязвимость в mercurial

A vulnerability was discovered in Mercurial SCM 4.5.3/71.19.145.211. This vulnerability is considered problematic. It affects unknown code within the Web Interface component. Manipulating the cmd argument leads to cross-site scripting attacks. The attack can be initiated remotely. The exploit has...

D-Link多款产品 访问控制错误漏洞

D-Link DNS-120, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have a vulnerability related to access...

PT-2026-5824

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file...

CVE-2023-29915

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...

CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /mspinfo.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

CVE-2024-58314

CVE-2024-58314 affects Atcom 100M IP Phones firmware v2.7.x.x. An authenticated command-injection vulnerability exists in the web configuration CGI script, allowing execution of arbitrary system commands via the cmd parameter in web_cgi_main.cgi . This enables remote code execution with administr...

EUVD-2007-4130

Malware in sbrugna...

EUVD-2018-17457

Malware in sbrugna...

EUVD-2004-2310

Malware in sbrugna...

EUVD-2002-0227

Malware in sbrugna...

EUVD-2022-52663

Malicious code in bioql PyPI...

EUVD-2023-33452

Malicious code in bioql PyPI...

JSC R7 R7-Office Document Server 路径遍历漏洞

JSC R7 R7-Office Document Server is an office software from the Russian company JSC R7. A path traversal vulnerability exists in JSC R7 R7-Office Document Server 20250820 and earlier versions, which stems from incorrect manipulation of the parameter cmd in the file /downloadas/, which could lead ...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures taken to neutralize special elements when processing parameters such as flag, cmd, and iface on the mspinfo.htm page. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

CVE-2025-45988

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...

CVE-2025-45988

The CVE-2025-45988 entry affects Blink routers (BL-WR9000, BL-AC2100 AZ3, BL-X10 AC8, BL-LTE300, BL-F1200 AT1, BL-X26 AC8, BLAC450M AE4, BL-X26 DA3) with multiple command injection vulnerabilities in the bs_SetCmd function via the cmd parameter. Root cause: improper handling of the cmd parameter ...