PT-2026-34704

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi...

EUVD-2020-28699

Malware in sbrugna...

EUVD-2018-5743

Malware in sbrugna...

EUVD-2023-24204

Malicious code in bioql PyPI...

EUVD-2025-19902

Malicious code in bioql PyPI...

EUVD-2022-29285

Malicious code in bioql PyPI...

EUVD-2024-51176

Malicious code in bioql PyPI...

EUVD-2023-24224

Malicious code in bioql PyPI...

CVE-2025-34033

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...

Cisco Evolved Programmable Network Manager XSS (CVE-2025-20203)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by a stored cross site scripting XSS vulnerability. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-48418

CVE-2024-48418 affects Edimax AC1200 Wi‑Fi 5 Dual‑Band Router BR-6476AC v1.06. The endpoint "/goform/fromSetDDNS" does not properly handle special characters in user‑provided parameters, enabling an attacker with web‑UI access to inject and execute arbitrary shell commands. The practical impact i...

CVE-2024-55513

CVE-2024-55513 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (version 3.90). The web interface endpoint /upload_netaction.php allows crafting a form name to upload arbitrary files, potentially leading to unauthorized server access. Reports from multiple sources confirm the same issue; PT-2024...

PT-2024-10391 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06 Description: The issue concerns the request "/goform/fromSetDDNS" which does not properly handle special characters in user-provided parameters. This allows an attacker with access...

PT-2022-24137 · Hewlett Packard +1 · Aruba Mobility Conductor (Formerly Mobility Master); Aruba Mobility Controllers; Wlan Gateways/Sd-Wan Gateways Managed By Aruba Central +3

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this issue...

Dell TrueMobile 2300 - Remote Credential Reset

source: https://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through t...

Re: [Full-Disclosure] Re: [Full-Disclosure] iDEFENSE Security Advisory 07.01.03: Caché Insecure Installation File and Directory Permissions

Here are more details of my research... Vuln1 Local attackers can exploit this to manipulate directories and binaries inside the installation tree. This may be used by a local malicious user to gain root access. The content in /cachesys/csp/user is executed as root through the web interface. user...

SurfControl SuperScout Email Filter 3.5 - User Credential Disclosure

SurfControl SuperScout Email Filter 3.5 - User Credential Disclosure source: https://www.securityfocus.com/bid/5929/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. One of the files userlist.asp that comes with the we...

HP AdvanceStack Switch - Authentication Bypass

source: https://www.securityfocus.com/bid/4062/info HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching. It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of...

Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...