PT-2026-29751

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands via the DATE parameter to the '/cgi-bin/logs proxy.cgi' API endpoint. The DATE paramet...

Smoothwall Express proxy.cgi Endpoint Cross-Site Scripting Vulnerability

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...

CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2019-25378

CVE-2019-25378 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, via the proxy.cgi endpoint. The vulnerability allows cross-site scripting by injecting payloads through parameters such as CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST re...

CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2019-25378 Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

CVE-2019-25378 Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

PT-2026-8361

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE SIZE, MAX SIZE, MIN SIZE, MAX OUTGOING SIZE, and MAX INCOMING SIZE. Attackers can...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...

EUVD-2025-21433

Malicious code in bioql PyPI...

CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

Smoothwall Express 3.1-SP4 - Cross-Site Scripting

Smoothwall Express 3.1-SP4 - Cross-Site Scripting Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link:...

IPFire 2.21 Cross Site Scripting

Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...

Belkin N750 Arbitrary Command Execution Vulnerability (CNVD-2018-08981)

Belkin N750 is a dual-band wireless router product from Belkin USA. A security vulnerability exists in the Belkin N750 using firmware version 1.10.22. The vulnerability can be exploited by a remote attacker to execute commands with root privileges by sending a specially crafted HTTP request to th...

Design/Logic Flaw

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...

CVE-2018-1144

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...

CVE-2018-1145

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...

CVE-2018-1145

Affected product: Belkin N750 router (firmware 1.10.22). Vulnerable component: proxy.cgi handling crafted HTTP requests. Root cause: stack buffer overflow triggered by unauthenticated remote input. Impact (as stated): remote unauthenticated user can overflow a stack buffer; exploitation details n...

IPFire &lt; 2.19 Update Core 110 - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL'...