CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

EUVD-2017-12335

Malware in sbrugna...

EUVD-2017-12336

Malware in sbrugna...

TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...

CVE-2025-9782

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2025-9782

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been...

TOTOLINK A702R Buffer Overflow Vulnerability

The TOTOLINK A702R is a wireless router model from China's Gion Electronics, with key features including dual-band 2.4GHz/5.8GHz network connectivity, up to 1200Mbps transfer rate, four 5dBi antennas, and a built-in firewall. A buffer overflow vulnerability exists in the TOTOLINK A702R, which...

CVE-2025-8138

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

Onionhead Cloud Reinstallation suffers from DLL hijacking vulnerability

Onionhead Cloud Reinstall is a powerful one-key reinstallation system tool, intelligent adaptation of the current system environment, DOS and PE dual-mode free switching; support for GHO, WIM, ESD, ISO and other image suffixes; support for unattended installation of the windows system under the...

Milwaukee ONE-KEY Android mobile application unauthorized operation vulnerability

Milwaukee ONE-KEY Android mobile application is an automation tool control program based on the Android platform from Milwaukee Tool. A security vulnerability exists in the Milwaukee ONE-KEY Android mobile application. The vulnerability can be exploited by remote attackers to perform user actions...

Milwaukee ONE-KEY Android mobile application trust management vulnerability

Milwaukee ONE-KEY Android mobile application is an automation tool control program based on the Android platform from Milwaukee Tool. A security vulnerability exists in the Milwaukee ONE-KEY Android mobile application, which originates from the program storing the master token in plaintext in the...

CVE-2017-3215

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a userid can be used to perform user actions...

Design/Logic Flaw

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a userid can be used to perform user actions...

Code injection

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...

CVE-2017-3214

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...

CVE-2017-3215

CVE-2017-3215 affects the Milwaukee ONE-KEY Android app: it uses a bearer token with a one-year expiration that is stored on the device and, when combined with a user_id, can be used to perform user actions. Threat research notes the token can be reused if the phone is compromised, implying poten...

CVE-2017-3214

The CVE-2017-3214 entry concerns the Milwaukee ONE-KEY Android app, where the master token is stored in plaintext inside the APK binary. Connected sources corroborate this as part of a broader set of findings in IoT security testing: the master credentials are needed to obtain a bearer token, whi...

CVE-2017-3214

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary...

CVE-2017-3215

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a userid can be used to perform user actions...