484 matches found
CVE-2025-60699
A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...
TOTOLINK LR350 http_host parameter stack buffer overflow vulnerability
TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the httphost parameter in the...
EUVD-2025-37373
Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63468
Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63468
Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63468
Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-63468
Totolink LR350, version 9.3.5u.6369_B20220309, has a stack overflow in the http_host handling within sub_426EF8. The vulnerability enables Denial of Service through a crafted request sent over the network. Public details consistently describe a stack-buffer/stack overflow without evidence of a fi...
CVE-2025-61543
A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...
CVE-2025-52647 HCL BigFix WebUI is affected by a host header poisoning vulnerability
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks...
EUVD-2001-0528
Malware in sbrugna...
EUVD-2003-1029
Malware in sbrugna...
EUVD-2018-14359
Malware in sbrugna...
EUVD-2018-5206
Malware in sbrugna...
EUVD-2017-2611
Malware in sbrugna...
EUVD-2020-20522
Malware in sbrugna...
EUVD-2008-4658
Malware in sbrugna...
EUVD-2012-0292
Malware in sbrugna...
EUVD-2019-17825
Malware in sbrugna...
EUVD-2016-3072
Malware in sbrugna...
EUVD-2021-25604
Malware in sbrugna...