CVE-2023-7308 SecGate3600 Firewall Information Disclosure via authManageSet.cgi

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2023-46586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused. CVE-2023-46586 Note that...

PT-2025-34954 · D Link · D-Link Dir-645 +6

Name of the Vulnerable Software and Affected Versions: D-Link DIR-110 version 1.03 D-Link DIR-412 version 1.03 D-Link DIR-600 version 1.03 D-Link DIR-610 version 1.03 D-Link DIR-615 version 1.03 D-Link DIR-645 version 1.03 D-Link DIR-815 version 1.03 Description: Multiple D-Link DIR-series router...

PT-2025-34808 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...

Linux Distros Unpatched Vulnerability : CVE-2016-4561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web scri...

VulnCheck KEV: CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

VulnCheck KEV: CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2009-10005

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-50615

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wlmacfilterset in the payload, which can cause the program to crash and lead to a Denial of...

CVE-2025-50611

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wlsecset5g and wlsecrpset5g in the payload, which can cause the program to crash and potentially...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wdsset in the payload, which can cause the program to crash and potentially lead to a Denial...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

CVE-2012-10039

CVE-2012-10039 affects ZEN Load Balancer versions 2.0 and 3.0-rc1. A command injection exists in content2-2.cgi where the filelog parameter is passed directly to a backtick-delimited exec() call without sanitization, allowing an authenticated attacker to execute arbitrary shell commands and achie...

CVE-2012-10039 ZEN Load Balancer Filelog Command Execution

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddnsenc.cgi. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

Exploit for CVE-2025-54769

CVE-2025-54769 – LPAR2RRD RCE Description : This rep...