D-Link多款产品 命令注入漏洞

D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...

Advantech WISE-6610 OS Command Injection Vulnerability

Advantech WISE-6610 is a core gateway device from Advantech, Taiwan, China. The Advantech WISE-6610 suffers from an operating system command injection vulnerability that originates from a misuse of the parameter deletefile in the file /cgi-bin/luci/admin/openvpnapply, which can be exploited by an...

EUVD-2017-5230

Malware in sbrugna...

EUVD-2025-13368

Malicious code in bioql PyPI...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2025-4271

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...

CVE-2019-20215

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2014-6616

Cross-site scripting XSS vulnerability in Softing FG-100 PROFIBUS Single Channel FG-100-PB with firmware FG-x00-PBV2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICENAME parameter to cgi-bin/CFGhttp/...

PT-2009-5129

Name of the Vulnerable Software and Affected Versions DD-WRT versions prior to build 12533 Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a "cgi-bin/" URI. This is due to a problem in the httpd.c in httpd in the management GUI...

Apache 2.x leaked descriptors

Hello, I noticed a problem with apache 2.x back in October and contacted the apache security team with the problem. They've had about 4 months to do something with the problem but haven't seen fit to fix it yet. The last time I tried to status their progress no one replied to my query. I was...

CVE-1999-0854

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file...

FreeBSD-SA-00:06.htdig

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:06 Security Advisory FreeBSD, Inc. Topic: htdig port allows remote reading of files Category: ports Module: htdig Announced: 2000-03-01 Affects: Ports collection before...

CVE-1999-0509

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands...

SGI IRIX 6.4 - cgi-bin handler

SGI IRIX 6.4 - cgi-bin handler source: https://www.securityfocus.com/bid/380/info A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute arbitrary commands on the vulnerabl...