CVE-2022-47853

Affected software: TOTOlink A7100RU router (firmware 7.4cu.2313_B20191024). Vulnerability: command injection in the httpd service due to insufficient sanitization of input, enabling an attacker to execute arbitrary commands and potentially obtain a stable root shell with a crafted payload. Root c...

CVE-2022-47853

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: moddav out of bounds read, or write of zero byte CVE-2006-20001 moderate modproxyajp Possible request smuggling CVE-2022-36760 moderate modproxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436 moderate...

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

Heap overflow

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

CVE-2022-4499

CVE-2022-4499 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 (TP-Link routers). The vulnerability arises from a side-channel attack on the httpd process, specifically a strcmp() used to verify credentials, allowing an attacker to deterministically guess each byte of the username and pas...

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

Stack overflow

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

Linksys WUMC710 操作系统命令注入漏洞

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

CVE-2022-43973

The CVE-2022-43973 issue affects Linksys WRT54GL Wireless-G Broadband Router versions

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/php-7.4.33-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: PDO::quote may return unquoted string. For more information...

EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2023-1074)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2905)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2905)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2866)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...