CVE-2026-6158 Totolink N300RH upgrade.so setUpgradeUboot os command injection

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-6158

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2026-7002

Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A flaw exists in D-Link DWR-M921 version 1.1.50 that allows for command injection. The issue stems from manipulating the fota url argument within the file /boafrm/formLtefotaUpgradeFibocom. This...

EUVD-2024-36100

Malicious code in bioql PyPI...

EUVD-2025-30909

Malicious code in bioql PyPI...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-29084

CSZ-CMS v1.3.0 is affected by a SQL injection in the Upgrade.php file (execSqlFile), enabling a remote attacker to execute arbitrary code. The vulnerability is associated with CVE-2025-29084 and is described consistently across NVD/Red Hat/CNNVD/CVE listings, with no public patch/version details ...

TOTOLINK CA300-PoE 命令注入漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...

CVE-2025-29058

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component...

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

CVE-2024-36456

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file...

PT-2024-28032 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM system affected versions not specified Description: The issue allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Recommendations: At the...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

CVE-2023-20266

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . gopeak masterlab 2.1.5 A code issue vulnerability exists in the Upgrade.php source parameter...

DEBIAN-CVE-2008-6762

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter...

sHibby sHop <= 2.2 (SQL/Update) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== sHibby sHop = 2.2 SQL/Update Multiple Remote Vulnerabilities =============================================================== + Author : KnocKout + Special Thankz : Dr.Kacak +...