CVE-2024-35387

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

TOTOLINK LR1200GB 安全漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability that originates from the parameter httphost in the file /cgi-bin/cstecgi.cgi that can lead to a stack-based buffer overflow, and n...

Stack overflow

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36340

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36340

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

Stack overflow

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36340

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36950

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36340

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

CVE-2023-36950

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

Cross site scripting

thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...

CVE-2021-43682

thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...

Ruby on Rails: HTTP Host injection in redirect_to function

Hi team, Here is the sample vulnerable code ruby class TesttestController You are being redirected." end Then it will check if the options, because the input is String, so it will be the concatenate of request.protocol + request.hostwithport + options File actioncontroller\metal\redirecting.rb li...

CVE-2016-7965

DokuWiki 2016-06-26a and older uses $SERVERHTTPHOST instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header. The vulnerability can be triggered only if the Host...

openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)

typo3-cms-45 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed : - Add trusted HTTPHOST configuration CVE-2014-3941 - XSS in old extension manager information function CVE-2014-3943 - XSS in new content element wizard...

Cross site scripting

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

CVE-2008-5278

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...