The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 microprogramming routers allows a hacker to execute arbitrary commands and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 router microprogramming systems arises from the lack of access and data validation restrictions in the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands and compromise the...

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures taken to neutralize special elements when processing parameters such as flag, cmd, and iface on the mspinfo.htm page. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the wget_test.asp script in the D-Link DI-7300G+ router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the wgettest.asp script of the D-Link DI-7300G+ router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system allows a hacker to execute arbitrary commands.

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system is related to the lack of measures taken to clean data at the administrative level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Malicious Package

Overview sisaws is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

CVE-2014-125124

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2013-10053

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

CVE-2013-10049

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10053 ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

CVE-2013-10049

The vulnerability CVE-2013-10049 affects Raidsonic NAS devices IB-NAS5220 and IB-NAS4220 via the unauthenticated POST endpoint timeHandler.cgi, where improper sanitization of the timeZone parameter allows OS command execution. The root cause is input handling in timeHandler.cgi, enabling remote a...

CVE-2013-10049 Raidsonic NAS Devices Unauthenticated Remote Command Execution

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10060 Netgear Routers pppoe.cgi RCE

An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

The vulnerability of microprogrammed access point software for small and medium-sized businesses under HPE Networking Instant On, related to the lack of data cleaning measures at the management level, allows attackers to execute arbitrary commands.

The vulnerability of HPE Networking Instant On’s microprogramming software for small and medium-sized businesses is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2014-125124

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

CVE-2013-10037

CVE-2013-10037 affects WebTester 5.x installed via install2.php. The cpusername, cppassword, and cpdomain parameters are passed directly to shell commands without sanitization, enabling remote unauthenticated command execution with web server privileges. Public references discuss existing exploit...

CVE-2013-10039

CVE-2013-10039 describes a remote command injection in GestioIP

Eppler Software WebTester 安全漏洞

Eppler Software WebTester is an online exam and quiz platform from Eppler Software. A security vulnerability exists in Eppler Software WebTester version 5.x. The vulnerability stems from a failure to clean up user input in the install2.php script, which could lead to remote command execution...