355 matches found
Linksys E1200 安全漏洞
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...
CVE-2025-60673
CVE-2025-60673 describes an unauthenticated command-injection vulnerability in the D-Link DIR-878A1 router, firmware FW101B04.bin. The flaw exists in SetDMZSettings where the IPAddress parameter in prog.cgi is stored in NVRAM and later used by librcm.so to build iptables commands executed via tws...
PT-2025-46857
An unauthenticated command injection vulnerability exists in the Start EPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200 v2.0.11.001 us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wl ant, wl ssid, wl rate, ttcp num, ttcp ip, ttcp size are...
CVE-2025-60672
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...
CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection
Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2025-11546 NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under...
CVE-2025-11546
CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...
CVE-2022-50596 D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...
CVE-2016-15048
AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...
EUVD-2016-10793
AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...
CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php
AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...
AMTT Hotel Broadband Operation System 安全漏洞
AMTT Hotel Broadband Operation System is a hotel broadband operation system from China-based AmTech Century AMTT. A security vulnerability exists in the AMTT Hotel Broadband Operation System, which originates from an unauthenticated command injection in the /manager/radius/serverping.php endpoint...
VulnCheck KEV: CVE-2016-15048
AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...
CVE-2025-34513
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-34513
Ilevia EVE X1 Server firmware ≤ 4.7.18.0.eden contains a pre-authentication OS command injection in mbus_build_from_csv.php (/ajax/php/mbus_build_from_csv.php), allowing unauthenticated code execution. Multiple sources (NVD, Red Hat CVE page, CIRCL, ZSL) confirm unauthenticated remote command exe...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Remote Command Injection
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the mbusfile and mbuscsv HTTP POST parameters through the /ajax/php/mbusbuildfromcsv.php script...
EUVD-2010-5304
Malware in sbrugna...
EUVD-2017-15270
Malware in sbrugna...
EUVD-2012-6587
Malware in sbrugna...
EUVD-2012-6592
Malware in sbrugna...
EUVD-2018-8947
Malware in sbrugna...