The vulnerability of the sub_175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 router microprogramming system, related to the lack of data cleaning at the control level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the sub175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 routers’ microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to...

The vulnerability of the sub_454F2C function in D-Link DIR-605L router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub454F2C function in D-Link DIR-605L router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the ssdpcgi_main function in the binary file cgibin of D-Link DIR-815 router microprogramming software, allowing a hacker to execute any command they desire.

The vulnerability of the ssdpcgimain function in the binary file cgibin of D-Link DIR-815 router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Alibaba Cloud Linux 3 : 0031: vim (ALINUX3-SA-2022:0031)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0031 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12735: getchar.c in Vim before...

Alibaba Cloud Linux 3 : 0097: pcp (ALINUX3-SA-2024:0097)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3019: A flaw was found in PCP. The default...

CVE-2025-30012

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in...

F5 BIG-IP 16.1.4.1 Remote Command Execution

F5 BIG-IP version 16.1.4.1 suffers from a command injection vulnerability via an authenticated user with administrator privileges...

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Exploit for CVE-2025-47227

ScriptCase - Pre-Authenticated Remote Command Execution Ch...

CVE-2025-4454

A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wakeonlan. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure...

CVE-2025-4443

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This...

CVE-2025-4445

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wakeonlan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This...

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP allows a perpetrator to inject arbitrary commands.

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands remotely...

The vulnerability of the setDeviceName() function in the global.so library of the TOTOLink A950RG router’s software allows a intruder to execute arbitrary commands.

The vulnerability of the setDeviceName function in the global.so library of the TOTOLink A950RG router’s software is due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands by processing the...

SonicWALL SMA100 安全漏洞

The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. An input validation vulnerability exists in the SonicWall SMA100 SSL-VPN, which can be exploited by a remote attacker to submit a special request that can inject shell commands, upload files, and execute arbitrary...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

CVE-2025-4357

A vulnerability was found in Tenda RX3 16.03.13.11multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2025-4349

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no long...

CVE-2025-4350

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wakeonlan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerability only affects products that are no longer...

CVE-2025-4341

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command...