CVE-2026-34792

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34795

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...

CVE-2015-0867

Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename...

CVE-2015-0867

CVE-2015-0867 is a directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI, affecting version 3.0 and earlier. The flaw allows remote attackers to read arbitrary files by supplying a crafted filename. Public disclosures in JVN/NVD indicate root cause in the Download Log CGI’s file-na...

SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal

Overview Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...