255 matches found
CVE-2025-15257 Edimax BR-6208AC Web-based Configuration formRoute command injection
A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...
Sensitive Cookie in HTTPS Session Without "Secure" Attribute
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute via the SetValue method in the CookieHelper class. The requireSSL...
CVE-2024-58317
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
PT-2025-52324
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A configuration issue in Kentico Xperience related to cookie security allows attackers to bypass SSL requirements when setting administration cookies through the web.config file. Th...
CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...
CVE-2024-58314
CVE-2024-58314 affects Atcom 100M IP Phones firmware v2.7.x.x. An authenticated command-injection vulnerability exists in the web configuration CGI script, allowing execution of arbitrary system commands via the cmd parameter in web_cgi_main.cgi . This enables remote code execution with administr...
CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...
ATCOM 100M 操作系统命令注入漏洞
ATCOM 100M is an IP phone from ATCOM Greece. An operating system command injection vulnerability exists in ATCOM 100M version 2.7.x.x. The vulnerability stems from a command injection in the web configuration CGI script, which could lead to the execution of arbitrary system commands...
CVE-2025-34429
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : CUPS vulnerability (USN-7897-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7897-1 advisory. It was discovered that CUPS incorrectly handled input from users in the web configuration settings...
CVE-2025-11779
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...
CVE-2025-11779
CVE-2025-11779 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. A stack-based buffer overflow in the SetLan function is triggered when applying a new configuration via the management web interface (index.cgi). Un-sanitised configuration parameters can lead to command injection. Publicly referenced ...
Ubuntu: Security Advisory (USN-7897-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7897-1: CUPS vulnerability
It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service or possibly executing arbitrary code...
USN-7897-1 cups vulnerability
It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service or possibly executing arbitrary code...
EUVD-2025-198375
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack...
CVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
CVE-2025-52263
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...