105 matches found
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...
PT-2025-35128
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A weakness exists in the HTTP Handler component due to the manipulation of the enable argument within the /goform/set hidessid cfg file, leading to os command injection. This issue can be exploited...
PT-2025-35131
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-X26 version 1.2.8 Description: A security issue has been identified in LB-LINK BL-X26 version 1.2.8 related to the HTTP Handler component. Manipulation of the mac argument in the /goform/set blacklist file can lead to os command...
CVE-2025-6158
A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function subAC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-5629
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to...
CVE-2025-5629
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to...
CVE-2025-5629
The CVE affects Tenda AC10 up to version 15.03.06.47. The HTTP Handler’s formSetPPTPServerCfg function in /goform/SetPptpServerCfg is vulnerable: improper validation of startIp/endIp leads to a buffer overflow. This can be exploited remotely to execute arbitrary code or cause denial of service. M...
CVE-2025-5629 Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to...
CVE-2025-5629 Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to...
PT-2025-23882 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 versions up to 15.03.06.47 Description: A critical issue was found in the HTTP Handler component, specifically affecting the formSetPPTPServer function of the /goform/SetPptpServerCfg file. The manipulation of the startIp and endIp...
CVE-2017-20011
A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. Th...
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...
Exploit for Command Injection in Dlink Dns-320L_Firmware
CVE-2024-3273 - D-Link Remote Code Execution RCE :boom: A c...
CVE-2024-1064
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
Design/Logic Flaw
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
CVE-2024-1064
Summary of CVE-2024-1064 (Crafty Controller) : The issue is a host header injection in the HTTP handler of Crafty Controller, enabling a remote, unauthenticated attacker to trigger a Denial of Service via a modified Host header. Reported CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vecto...
CVE-2024-1064 Improper Neutralization of HTTP Headers for Scripting Syntax in Crafty Controller 4
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Design/Logic Flaw
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...