CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

EUVD-2026-25248

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

EUVD-2026-21074

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. Th...

CVE-2026-5688

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...

EUVD-2026-17054

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

EUVD-2026-12282

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

CVE-2026-4204

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

EUVD-2026-3222

A vulnerability was determined in Totolink LR350 9.3.5u.6369B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2019-11527

An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter...

EUVD-2002-1965

Malware in sbrugna...

EUVD-2019-4892

Malware in sbrugna...

EUVD-2000-0380

Malware in sbrugna...

EUVD-2001-1222

Malware in sbrugna...

EUVD-2013-7262

Malware in sbrugna...

EUVD-2024-40404

Malicious code in bioql PyPI...

CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

CVE-2024-7335

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument httphost leads to buffer overflow. It is possible to launch the attack...

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

gitWeb 1.5.2 - Remote Command Execution

gitWeb 1.5.2 - Remote Command Execution Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind...