CVE-2026-34797 Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2016-1236

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...