190 matches found
EUVD-2025-205599
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...
CVE-2025-15194
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...
CVE-2025-15194 D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...
D-Link DIR-600 安全漏洞
The D-Link DIR-600 is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DIR-600 version 2.15WWb02 and prior versions, which stems from the incorrect manipulation of the parameter Cookie in the file hedwig.cgi of the component HTTP Header Handler, which could...
CVE-2025-15154
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154
CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...
PT-2025-53670
Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A security issue exists in PbootCMS that allows for remote manipulation of the X-Forwarded-For argument. This manipulation impacts the get user ip function within the core/function/handle.php file,...
CVE-2025-13803
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803
MediaCrush 1.0.0/1.0.1 contains a vulnerability in the Header Handler component (unknown function in /mediacrush/paths.py) where manipulation of the Host argument leads to improper neutralization of HTTP headers for scripting syntax. The issue can be triggered remotely. CVSS scores vary by versio...
PT-2025-48407
Name of the Vulnerable Software and Affected Versions MediaCrush versions 1.0.0 through 1.0.1 Description A flaw exists in MediaCrush that involves improper neutralization of HTTP headers for scripting syntax. This issue is located within an unknown function of the /mediacrush/paths.py file, part...
CVE-2025-13434
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...
CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...
CVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...
CVE-2025-12344
Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...