CVE-2025-41418

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request...

PT-2025-27050 · Unknown · Tb-Eye Network Recorders +1

Name of the Vulnerable Software and Affected Versions: TB-eye network recorders and AHD recorders affected versions not specified Description: A buffer overflow issue exists in the affected devices. The CGI process may terminate abnormally when processing a specially crafted request...

CVE-2025-34048

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

CVE-2025-34037

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcpip parameter without sanitization, allowing...

VulnCheck KEV: CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

Vacron Network Video Recorder 安全漏洞

Vacron Network Video Recorder is a webcam from Vacron Corporation of Taiwan, China. A security vulnerability exists in Vacron Network Video Recorder v1.4, which stems from improperly cleaned inputs to the board.cgi script, which could lead to remote command execution...

Beward N100 IP Camera 安全漏洞

Beward N100 IP Camera is an open source camera from Beward, Russia. A security vulnerability exists in Beward N100 IP Camera version M2.1.6.04C014, which is caused by incorrect manipulation of the ServerName and TimeZone parameters in the servetest CGI page, resulting in a command injection attac...

CVE-2025-34037

CVE-2025-34037 is an OS command injection in Linksys E-Series routers, exploitable via unauthenticated HTTP POSTs to /tmUnblock.cgi or /hndUnblock.cgi on port 8080. The issue stems from improper sanitization of the ttcp_ip parameter, enabling shell command injection and arbitrary code execution. ...

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP CGI Remote Code Execution Exploit Author:...

PT-2025-26664

Name of the Vulnerable Software and Affected Versions Linksys E-Series routers versions prior to a firmware update Linksys E4200 Linksys E3200 Linksys E3000 Linksys E2500 Linksys E2100L Linksys E2000 Linksys E1550 Linksys E1500 Linksys E1200 Linksys E1000 Linksys E900 Description An OS command...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1030)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1030 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...

📄 PHP CGI Remote Code Execution

A critical vulnerability in PHP's CGI implementation allows remote attackers to execute arbitrary code through command injection. The vulnerability exists due to improper handling of command-line arguments in PHP CGI, which can be exploited to bypass security restrictions and execute arbitrary...

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: PHP CGI Module 8.3.4 - Remote Code Execution RCE Date: 2025-06-13 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/yigitsql old account banned Vendor Homepage: https://www.php.net/ Software Link: https://www.php.net/downloads Version: PH...

FreeBSD : webmin -- CGI Command Injection Remote Code Execution (805ad2e0-49da-11f0-87e8-bcaec55be5e5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 805ad2e0-49da-11f0-87e8-bcaec55be5e5 advisory. Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1677)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1604)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1603)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The...

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1625)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1603)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1642)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...