15 matches found
CVE-2026-33765
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
EUVD-2026-16781
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
CVE-2026-33765
Summary: Pi-hole Admin Interface (web) prior to 6.0 contains a critical OS command injection in savesettings.php. The vulnerability arises from unsanitized user-controlled $_POST['webtheme'] being concatenated into a system command executed via PHP’s exec(), with the command running under sudo pr...
CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
PT-2026-28535
Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 6.0 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole ad and internet tracker blocking application, contains an OS Command Injection issue in the savesettings.php file. The application...
ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...
phpGB 1.1/1.2 PHP Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...
CVE-2012-3000
Summary: CVE-2012-3000 is an SQL injection vulnerability affecting multiple BIG-IP components (APM WebGUI, AVR WebGUI, and related WebGUIs) on BIG-IP LTM, GTM, ASM, Link Controller, PSM, Edge Gateway, Analytics, WebAccelerator, and WOM up to 11.2.x with specific HF3 fixes. Affected path/trigger: ...
ShoutLIVE 1.1.0 - savesettings.php Remote Code Execution
ShoutLIVE 1.1.0 - savesettings.php Remote Code Execution !/usr/bin/perl ShoutLIVE | +---------------------------------------------+ | Coded by DarkFig | +------------------+ ";exit sub headers print "\n +----------------------------------------------+ | ShoutLIVE "$host", PeerPort = "80", Proto =...
ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...
CVE-2006-0940
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...
Code injection
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...
CVE-2006-0940
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...
CVE-2002-1481
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php...