CVE-2025-9935

The CVE-2025-9935 entry concerns TOTOLINK N600R version 4.3.0cu.7866_B20220506. The issue affects the function sub_4159F8 in /web_cste/cgi-bin/cstecgi.cgi, where manipulation can lead to a remote command injection. The exploit is publicly disclosed and may be utilized. Multiple connected sources ...

CVE-2025-9935 TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection

A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866B20220506. This vulnerability affects the function sub4159F8 of the file /webcste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed an...

CVE-2025-9934

CVE-2025-9934 affects TOTOLINK X5000R 9.1.0cu.2415_B20250515. The vulnerability is in the function sub_410C34 of the file /cgi-bin/cstecgi.cgi, where manipulation of the pid argument can trigger a command injection. Remote exploitation is possible and the exploit has been made public. Multiple co...

CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

PT-2025-35851

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 4.3.0cu.7866 B20220506 Description: A vulnerability exists in the function sub 4159F8 of the file /web cste/cgi-bin/cstecgi.cgi that can lead to command injection. This issue can be exploited remotely. The exploit has...

Linux Distros Unpatched Vulnerability : CVE-2017-15041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.8.4 and 1.9.x before 1.9.1 allows go get remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1...

PT-2025-35850

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description: A command injection issue exists in the sub 410C34 function of the /cgi-bin/cstecgi.cgi file. Manipulation of the pid argument can lead to remote code execution. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2024-50636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyMOL 2.5.0 contains a vulnerability in its Run Script function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can...

CVE-2025-9745

A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...

CVE-2025-9727

A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgimain of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the publ...

Linux Distros Unpatched Vulnerability : CVE-2020-25592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

CVE-2025-57799

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799

CVE-2025-57799 relates to StreamVault, a multi-platform video parsing/downloading tool. Affects versions prior to 250822 where an attacker can modify system parameters, craft and execute commands, enabling remote command execution and potential server privilege gain. Patch released in 250822. In ...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...

CVE-2025-54857

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges...

CVE-2025-9752

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...