The vulnerability of the wget_test.asp script in the D-Link DI-7300G+ router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the wgettest.asp script of the D-Link DI-7300G+ router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Malicious Package

Overview sisaws is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

CVE-2014-125124

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2013-10053

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

CVE-2013-10049

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10053 ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

CVE-2013-10049

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10049

The vulnerability CVE-2013-10049 affects Raidsonic NAS devices IB-NAS5220 and IB-NAS4220 via the unauthenticated POST endpoint timeHandler.cgi, where improper sanitization of the timeZone parameter allows OS command execution. The root cause is input handling in timeHandler.cgi, enabling remote a...

CVE-2013-10049 Raidsonic NAS Devices Unauthenticated Remote Command Execution

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10060 Netgear Routers pppoe.cgi RCE

An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...

CVE-2013-10058

The CVE-2013-10058 entry describes an authenticated OS command-injection affecting Linksys routers (tested on WRT160Nv2) running firmware v2.0.03 via the /apply.cgi endpoint. The web UI fails to sanitize input to the ping_size parameter during diagnostics, allowing an authenticated attacker to in...

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

PT-2025-32517 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is located in the um red function within t...

PT-2025-32498 · Linksys · Linksys Re6250 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to...

PT-2025-32495 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is related to the setDFSSetting function...

PT-2025-32515 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...

PT-2025-32518 · Linksys · Linksys Re7000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000. The issue is due to os command injection in the sub 3517C...

PT-2025-32516 · Linksys · Linksys Re7000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in the ipv6cmd function of the /goform/setIpv6 file. Manipulation of the following arguments leads to OS command injection:...