CVE-2025-7815

PHPGurukul Apartment Visitors Management System 1.0 is affected by CVE-2025-7815 due to an XSS flaw in the HTTP POST Request Handler. The visname parameter in /manage-newvisitors.php can be manipulated to execute arbitrary Web script or HTML. The issue can be exploited remotely and has been discl...

PT-2025-30131 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A cross site scripting issue exists due to the manipulation of the visname argument within the HTTP POST Request Handler in the /bwdates-reports.php file. The attack can...

PT-2025-30130 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A cross-site scripting issue exists due to the manipulation of the visname argument within the HTTP POST Request Handler component, specifically in the /visitor-detail.p...

PT-2025-30155 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A problematic issue exists in PHPGurukul Apartment Visitors Management System 1.0. The issue is related to cross site scripting within the HTTP POST Request Handler...

PT-2025-30136 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A problematic issue exists in the HTTP POST Request Handler component of the software. The vulnerability is due to the manipulation of the visname argument within the...

PT-2025-30123 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A problematic issue exists in the processing of the /manage-newvisitors.php file within the HTTP POST Request Handler component. Manipulation of the visname argument can...

CVE-2025-7758

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer...

CVE-2025-7758

The CVE-2025-7758 issue affects TOTOLINK T6 firmware (versions prior to 4.1.5cu.748_B20211015). The vulnerability is in the HTTP POST Request Handler, specifically the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi, where manipulating the ip argument leads to a buffer overflow. This can be expl...

CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer...

CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer...

CVE-2025-34108

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-7615

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

CVE-2025-34108

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-34108 Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-34108

Disk Pulse Enterprise 9.0.34 contains a stack-based buffer overflow in the login function. The overflow occurs in the libspp.dll when a crafted long username is sent to POST /login, enabling arbitrary code execution with SYSTEM privileges. Exploitation details and PoCs exist (e.g., Metasploit mod...

CVE-2025-7524

A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. It is possible ...

Netty Vulnerable to Denial-of-Service (DoS) via Uncontrolled Memory Allocation in 'HttpPostRequestDecoder' Component

Netty is vulnerable to denial-of-service DoS due to insufficient restrictions on the amount of memory that is allocated in the HttpPostRequestDecoder component. An attacker could exploit this by sending maliciously crafted data in order to cause an out-of-memory OOM error and a denial-of-service...

CVE-2025-7505

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function frmL7ProtForm of the file /goform/L7Prot of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the atta...

CVE-2025-7506

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can ...