CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 3CVE-2019-6274 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6274
16 Jan 2019 — Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Vulnerabilidad de salto de directorio en storage_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos provoquen un impacto sin especificar mediante secuencias de salto de directorio. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directo... • https://packetstorm.news/files/id/151207 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 7%CPEs: 2EXPL: 3CVE-2019-6275 – GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6275
16 Jan 2019 — Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Vulnerabilidad de inyección de comandos en firmware_cgi en dispositivos GL.iNet GL-AR300M-Lite con firmware en versiones 2.27 permite que los atacantes remotos ejecuten código arbitrario. GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities. • https://packetstorm.news/files/id/151207 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2009-0292 – SHOP-INET 4 - 'grid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0292
27 Jan 2009 — SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. Vulnerabilidad de inyección SQL en el archivo show_cat2.php en SHOP-INET 4, permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro grid. • https://www.exploit-db.com/exploits/7874 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-1999-0023 – BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun
https://notcve.org/view.php?id=CVE-1999-0023
24 Jul 1996 — Local user gains root privileges via buffer overflow in rdist, via lookup() function. • https://www.exploit-db.com/exploits/19106 •