D-Link DSL-3788 Buffer Overflow Vulnerability

The D-Link DSL-3788 is a modem from China-based AUO D-Link. The D-Link DSL-3788 suffers from a buffer overflow vulnerability that stems from the webproc cgi's COMMMAKECustomMsg function failing to correctly validate the length of the input data, which can be exploited by an attacker to cause a...

CVE-2025-26008

In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost...

CVE-2025-26005

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp...

CVE-2025-26002

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost...

Telesquare TLR-2005Ksh 安全漏洞

The Telesquare TLR-2005Ksh is a wireless router from the South Korean company Telesquare. A security vulnerability exists in Telesquare TLR-2005Ksh version 1.1.4 that originates from an unauthorized stack overflow when requesting the admin.cgi parameter setSyncTimeHost...

CVE-2025-26010

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the eMinute parameter. Exploiti...

VulnCheck KEV: CVE-2021-35402

A vulnerability is present in Prolink PRC2402M that could allow unauthenticated remote adversaries to inject commands due to improper checks on input supplied to 'liveapi.cgi'...

CVE-2024-57440

D-Link DSL-3788 revA1 1.01R1B036EUEN is vulnerable to Buffer Overflow via the COMMMAKECustomMsg function of the webproc cgi...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 41 Update: php-8.3.19-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2024-57440

D-Link DSL-3788 revA1 1.01R1B036EUEN is vulnerable to Buffer Overflow via the COMMMAKECustomMsg function of the webproc cgi...

CVE-2024-57440

CVE-2024-57440 affects D-Link DSL-3788 revA1 1.01R1B036_EU_EN. The vulnerability stems from the webproc CGI’s COMM_MAKECustomMsg function, which fails to validate input length, causing a buffer overflow. PT-2025-12358 provides concrete details: affected device and version, vulnerable function, an...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

Exploit for OS Command Injection in Php

PHP-CGI Injector 🚀 CVE-2024-4577 & CVE-2024-8926 Exploit To...

[SECURITY] Fedora 42 Update: man2html-1.6-39.g.fc42

man2html is a man page to HTML converter. This package contains CGI scripts that allow you to view, browse, and search man pages using a web server...

OESA-2025-1264 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains ...

OESA-2025-1263 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains ...