CVE-2023-35968

Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-35056

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Buffer overflow

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-35194

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

CVE-2023-35056

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Yifan YF325 Buffer Error Vulnerability

Yifan YF325 is a wireless router from Yifan. A buffer error vulnerability exists in Yifan YF325 v1.020221108, which stems from a buffer overflow vulnerability in the gwcfgcgisetmanagepostdata function...

PT-2023-6258 · Yifan · Yifan Yf325

Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow ...

Command injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

VulnCheck KEV: CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

Atcom 2.7.x.x - Authenticated Command Injection Vulnerability

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Tested on: Kali Linux Exploit Request:...

The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.

The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2023-5896 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

Debian: Security Advisory (DLA-3592-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-8216 · Zyxel · Zyxel Pmg2005-T20B

Name of the Vulnerable Software and Affected Versions: ZyXel PMG2005-T20B firmware version V1.00ABNK.2b11 C0 Description: The issue is related to a buffer overflow vulnerability in the cgi-bin/login.asp component of the ZyXel PMG2005-T20B firmware. This vulnerability can be exploited by a remote...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-003)

The version of ruby installed on the remote host is prior to 3.0.3-154. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY3.0-2023-003 advisory. CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-002)

The version of ruby installed on the remote host is prior to 2.6.9-129. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-002 advisory. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-003)

The version of ruby installed on the remote host is prior to 2.6.10-130. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-003 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-004)

The version of ruby installed on the remote host is prior to 3.0.5-155. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2023-004 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is releva...