CVE-2025-9586 Comfast CF-N1 webmgnt wireless_device_dissoc command injection

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to cause a data leak or complete database corruption...

The vulnerability in the FortiADC Manager web management tool, a controller for FortiADC applications, allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the FortiADC Manager web management tool, a controller for FortiADC application delivery, is related to the failure to remove special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands with ro...

Blahz-DNS 0.2 - Direct Script Call Authentication Bypass

source: https://www.securityfocus.com/bid/4618/info Blahz-DNS is a web based management tool for DNS information. It is implemented in PHP, and available for Linux systems. By directly calling scripts included with Blahz-DNS, it is possible to bypass the authentication check, gaining full access ...

DNSTools 2.0 - Authentication Bypass

source: https://www.securityfocus.com/bid/4617/info DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris. A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative...