CVE-2025-11779

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

PT-2015-3669 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 versions 2.5.4 and earlier Description: The issue allows remote attackers to hijack the authentication of unspecified users for requests that change various settings, including Enable Wireless, MBSSID, BSSID, Hide Access Point...

CVE-2013-0126

Multiple cross-site request forgery CSRF vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrative accounts via the username and userlevel...

E-Cart 1.1 - index.cgi Remote Command Execution

E-Cart 1.1 - index.cgi Remote Command Execution !/usr/bin/perl Example added if code doesn't work for ya: http://SITE/DIRTOECART/index.cgi?action=viewart&cat=reproductoresdvd&art=reproductordvp-ns315.dat|uname%20-a| /str0ke info: [email protected] use IO::Socket; print "\n\n www.badroot.org...

commerceSQL.txt

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...