16 matches found
EUVD-2026-16961
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...
EUVD-2018-5260
Malware in sbrugna...
VulnCheck KEV: CVE-2025-28137
The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...
CVE-2025-45797
TOTOlink A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cstemodules/system.so...
TOTOLINK A810R 安全漏洞
The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a command execution vulnerability that stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed command special character...
Ubuntu: Security Advisory (USN-7330-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7236-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NTP < 4.2.8p3 DoS Vulnerability
Under limited and specific circumstances an attacker can send a crafted packet to cause a vulnerable ntpd instance to crash. This requires each of the following to be true: - ntpd set up to allow for remote configuration not allowed by default, and - knowledge of the configuration password, and -...
ZOO by YOOtheme,3.3.33,SQL Injection
ZOO by YOOtheme,3.3.33,SQL Injection Fix SQL injection vulnerability in Admin Controllers new version number 3.3.34 Update Notice URL https://yootheme.com/support/zoo/changelog...
oziogallery,5.0.1,XSS (Cross Site Scripting)
oziogallery,5.0.1,XSS Cross Site Scripting Update Notice URL https://www.facebook.com/groups/oziogallery/permalink/1588619457938122/ Change log Url https://www.opensourcesolutions.es/en/ext/ozio-gallery.htmlChangelog...
AcyMailing 5.10.6 Various
AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
Spider contacts, 1.3.3,
Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...
Unite Horizontal Carousel
Unite Horizontal Carousel, , Directory Traversal Updated the extension, fixed the bug, the new version is 1.1 UpdateNoticeURL http://unitecms.net/news...