Exploit for Path Traversal in Apache Http_Server

PoC exploit for CVE-2021-41773, a path traversal vulnerability i...

Exploit for OS Command Injection in Gnu Bash

PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

CVE-2025-10358 Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

The vulnerability of the reboot() and restore() functions in the /cgi-bin/lighttpd.cgi microprogramming system of LB-LINK routers allows a attacker to execute arbitrary code.

The vulnerability of the reboot and restore functions in the /cgi-bin/lighttpd.cgi microprogramming system of LB-LINK routers is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection RCE Summary CV...

CVE-2025-34037

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcpip parameter without sanitization, allowing...

📄 PHP CGI Remote Code Execution

A critical vulnerability in PHP's CGI implementation allows remote attackers to execute arbitrary code through command injection. The vulnerability exists due to improper handling of command-line arguments in PHP CGI, which can be exploited to bypass security restrictions and execute arbitrary...

Apache Tomcat 11.0.0-M1 < 11.0.7 CGI Security Constraint Bypass

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.105, 10.1.0-M1 prior to 10.1.41 or 11.0.0-M1 prior to 11.0.7. It is, therefore, affected by a CGI security sonstraint bypass. Note that the scanner has not attempted to exploit these issues but has instead relied...

Apache Tomcat CGI Security Constraint Bypass Vulnerability (May 2025) - Linux

Apache Tomcat is prone to a CGI security constraint bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

CVE-2024-6108

A vulnerability was found in Genexis Tilgin Home Gateway 322AS0500-03051305. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/voodview.cgi?act=index⟨=EN of the component Login. The manipulation of the argument errmsg leads to basic cross site...

CVE-2024-36444

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs...

CVE-2020-13886

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

CVE-2019-13484

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c...

CVE-2002-2011

Cross-site scripting XSS vulnerability in the fom CGI program fom.cgi in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-1999-0146

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...

CVE-2025-44881

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

Fixed in Apache Tomcat 11.0.7

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buff...