120 matches found
PT-2025-41741
Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...
EUVD-2006-0648
Malware in sbrugna...
EUVD-2015-8217
Malware in sbrugna...
EUVD-2019-7291
Malware in sbrugna...
EUVD-2022-47147
Malicious code in bioql PyPI...
CVE-2025-10634
CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...
CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order
The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...
CVE-2025-55114
The CVE-2025-55114 entry concerns BMC Control-M/Agent. The root cause is the improper ordering of AUTHORIZED_CTM_IP validation, where the Server IP is validated only after an SSL/TLS handshake, exposing the agent to issues in the SSL/TLS implementation under certain non-default conditions (relate...
CVE-2025-8170
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748B20211015. This vulnerability affects the function tcpchecknet of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be...
TOTOLINK T6 serverIp Parameter Buffer Overflow Vulnerability
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...
CVE-2025-7913
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha...
CVE-2020-27621
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...
CVE-2022-39178
Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure...
CVE-2025-32012
Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...
The vulnerability of the meshSlaveUpdate() function in the microprogramming software for TOTOLINK T8 allows a hacker to execute arbitrary commands.
The vulnerability of the meshSlaveUpdate function in the microprogramming software for TOTOLINK T8 lies in the lack of measures taken to clean data at the control level when processing the serverIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2024-32122
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...
CVE-2025-31135
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...