19611 matches found
CVE-2025-34044
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
CVE-2025-34043
A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...
Code-Projects Inventory Management System 注入漏洞
Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the /phpaction/removeProduct.php file not securely filtering the productId parameter. An attacker can exploit this vulnerability to remote...
CVE-2025-34043
A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...
CVE-2025-34044
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
CVE-2025-34044
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
CVE-2025-34044 WIFISKY 7-Layer Flow Control Router Remote Command Execution
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
CVE-2025-34044 WIFISKY 7-Layer Flow Control Router Remote Command Execution
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
CVE-2025-34044
The CVE-2025-34044 issue affects the WIFISKY 7-layer Flow Control Router, specifically the confirm.php interface. A vulnerability in input validation on the t HTTP GET parameter allows unauthenticated attackers to execute arbitrary OS commands (remote command injection). Exploitation evidence was...
CVE-2025-34043 Vacron NVR Remote Command Execution
A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...
CVE-2025-34043 Vacron NVR Remote Command Execution
A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests...
CVE-2025-34043
Vacron NVR devices (v1.4) are affected by a remote command injection due to improper input sanitization in the board.cgi script. The issue allows unauthenticated attackers to pass arbitrary commands to the underlying OS via crafted HTTP requests, resulting in remote code execution with the web se...
CVE-2025-34042 Beward N100 IP Camera Remote Command Execution
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...
CVE-2024-56731
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...
CVE-2025-34036
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...
PT-2025-26992
Name of the Vulnerable Software and Affected Versions: Vacron Network Video Recorder NVR devices version 1.4 Description: A remote command injection issue exists due to improper input sanitization in the board.cgi script. This allows unauthenticated attackers to pass arbitrary commands to the...
Vacron Network Video Recorder 安全漏洞
Vacron Network Video Recorder is a webcam from Vacron Corporation of Taiwan, China. A security vulnerability exists in Vacron Network Video Recorder v1.4, which stems from improperly cleaned inputs to the board.cgi script, which could lead to remote command execution...
PT-2025-26993
Name of the Vulnerable Software and Affected Versions: WIFISKY 7-layer Flow Control Router affected versions not specified Description: A remote command injection issue exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This is due to insufficient input validation,...
VulnCheck KEV: CVE-2025-34044
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...
The vulnerability of the built-in web server boa (/boa/formWSC) in TOTOLINK N150RT router’s microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of the built-in web server boa /boa/formWSC of TOTOLINK N150RT routers is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the targetAPSsid parameter. Exploiting this vulnerability allows a remote...