Lucene search
K

359 matches found

Cvelist
Cvelist
added 2026/04/02 2:45 p.m.19 views

CVE-2026-34791 Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsproxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01272EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:45 p.m.17 views

CVE-2026-34791

Endian Firewall versions 3.3.25 and earlier are affected by a command-injection flaw in /cgi-bin/logs_proxy.cgi through the DATE parameter. The value is used to build a file path then passed to a Perl open(), with incomplete regex validation enabling authenticated users to execute arbitrary OS co...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 2:45 p.m.23 views

CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.13 views

PT-2026-29751

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs proxy.cgi' API endpoint. The DATE paramet...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29755

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs log.cgi' API endpoint. The DATE parameter...

8.8CVSS6.1AI score0.01469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.10 views

PT-2026-29752

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier permit authenticated users to execute arbitrary operating system commands through the DATE parameter of the '/cgi-bin/logs clamav.cgi' endpoint...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.12 views

PT-2026-29754

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29753

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Authenticated users can execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs firewall.cgi' endpoint. This is due to an incomplete regular expression validation whe...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.11 views

PT-2026-29757

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs smtp.cgi' endpoint. The vulnerability...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.21 views

PT-2026-29756

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation for the DATE...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01469EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/26 12:0 a.m.20 views

MailEnable StartDate Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable StartDate parameter, which stems from improper cleanup of the StartDate parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

6.1CVSS5.9AI score0.00296EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24674

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check in date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References6
Rows per page
Query Builder