CVE-2026-44193

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restoreconfigsection fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the restoreConfig function. An attacker can overwrite arbitrary files on the host system and cause permanent data loss by providing a maliciously crafted ZIP archive containing traversal paths and insufficient...

EUVD-2026-8753

Vikunja has Path Traversal in CLI Restore...

CVE-2019-20499

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configrestore configRestore or configServerip parameter...

CVE-2025-47901 RCE on restore configuration password

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-47901

Microchip Time Provider 4100 devices are affected by an OS Command Injection due to improper neutralization of special elements. The issue affects Time Provider 4100: before 2.5. The CVSS data indicates remote exploitation over the network with low privileges and no user interaction. Exploitation...

CVE-2025-55295

A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the serv...

PT-2025-33819 · Unknown · Qbit Manage

Name of the Vulnerable Software and Affected Versions: qBit Manage versions prior to 4.5.4 Description: A path traversal vulnerability exists in qBit Manage's web API that allows authenticated users to read arbitrary files from the server filesystem. The vulnerability is located in the restore...

CVE-2022-1373

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...

CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...

PT-2022-13835 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server version 1.22 Description: The issue arises from a directory traversal vulnerability in the "restore configuration" feature when processing zip files. This allows an attacker to craft a zip file that can load ...

Softing Secure Integration Server 路径遍历漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A path traversal vulnerability exists in Softing Secure...

CVE-2019-20499

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configrestore configRestore or configServerip parameter...

CVE-2019-20499

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configrestore configRestore or configServerip parameter...

PT-2020-10481 · D Link · D-Link Dwl-2600Ap

Name of the Vulnerable Software and Affected Versions: D-Link DWL-2600AP version 4.2.0.15 Rev A Description: The issue is an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface. This can be exploited by using shell metacharacters in th...

D-Link DWL-2600AP - Multiple OS Command Injection

D-Link DWL-2600AP - Multiple OS Command Injection Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use a...

D-Link DWL-2600AP - Multiple OS Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

BSNL Teracom Router Firmware Rewrite / Link Modification

Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...

BT Home Hub 6.2.2.6 - Login procedure Authentication Bypass

BT Home Hub 6.2.2.6 - Login procedure Authentication Bypass source: https://www.securityfocus.com/bid/26333/info BT Home Hub is prone to an authentication-bypass vulnerability. An attacker could exploit this issue to gain unauthorized access to the affected device. BT Home Hub firmware 6.2.2.6 is...