Lucene search
K

356 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 2:45 p.m.2 views

CVE-2026-34792 Endian Firewall /cgi-bin/logs_clamav.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29757

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs smtp.cgi' endpoint. The vulnerability...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29754

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS6.1AI score0.01222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.16 views

PT-2026-29756

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation for the DATE...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incomplete regular expression validation of the DATE...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logssmtp.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.11 views

PT-2026-29751

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs proxy.cgi' API endpoint. The DATE paramet...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logslog.cgi, and can be exploited by an...

8.8CVSS6.1AI score0.01469EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29755

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs log.cgi' API endpoint. The DATE parameter...

8.8CVSS6.1AI score0.01469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29753

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Authenticated users can execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs firewall.cgi' endpoint. This is due to an incomplete regular expression validation whe...

8.8CVSS6.1AI score0.01248EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Endian Firewall 操作系统命令注入漏洞

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsopenvpn.cgi, and can be exploited by...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29752

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier permit authenticated users to execute arbitrary operating system commands through the DATE parameter of the '/cgi-bin/logs clamav.cgi' endpoint...

8.8CVSS6.1AI score0.01272EPSS
Exploits0References6
CNVD
CNVD
added 2026/03/26 12:0 a.m.8 views

MailEnable StartDate Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable StartDate parameter, which stems from improper cleanup of the StartDate parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

6.1CVSS5.9AI score0.00296EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24674

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check in date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/09 7:54 p.m.4 views

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

7.2CVSS5.7AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 7:53 p.m.4 views

CVE-2026-3751

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

7.2CVSS5.7AI score0.00313EPSS
Exploits1References1
Rows per page
Query Builder