Exploit for Stack-based Buffer Overflow in Dlink Dap-1620_Firmware

CVE-2025-2620 Proof-of-Concept Exploit Overview This repos...

CVE-2025-2620

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-2620 D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-2620

CVE-2025-2620 is a stack-based buffer overflow in D-Link DAP-1620 firmware 1.03, within the mod_graph_auth_uri_handler function under /storage. Multiple sources confirm remote exploitation potential and high impact (DoS and possible RCE) on a no-longer-supported device. A PoC exploit repository e...

CVE-2025-2619

CVE-2025-2619 affects D-Link DAP-1620 (firmware 1.03) and targets the check_dws_cookie function in the Cookie Handler’s /storage path. The weakness is a stack-based buffer overflow triggered by improper input length validation, allowing remote exploitation. Multiple sources corroborate critical s...

CVE-2024-13903

CVE-2024-13903 affects quickjs-ng QuickJS up to 0.8.0. The vulnerability targets the JS_GetRuntime function in quickjs.c (component qjs), enabling a stack-based buffer overflow. The issue can be exploited remotely. Upgrade to version 0.9.0 to address the vulnerability; the patch is identified by ...

CVE-2025-26336

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, versions prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX versions prior to 3.41.200.202209300499, contains a Stack-based Buffer Overflow vulnerability. An unauthenticated...

CVE-2025-26336

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, versions prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX versions prior to 3.41.200.202209300499, contains a Stack-based Buffer Overflow vulnerability. An unauthenticated...

RHEL 6 / 7 : ruby193-ruby (RHSA-2014:1913)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1913 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CVE-2025-29121

CVE-2025-29121 affects Tenda AC6 (V15.03.05.16). The vulnerability arises in the /goform/fast_setting_wifi_set form (form_fast_setting_wifi_set) when the timeZone parameter is processed, causing a stack-based buffer overflow. This is documented across multiple sources (NVD, Red Hat, CNVD/CNNVD va...

Azure Linux 3.0 Security Update: binutils (CVE-2025-0840)

The version of binutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0840 advisory. - A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects th...

Azure Linux 3.0 Security Update: libxml2 (CVE-2025-24928)

The version of libxml2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in...

CVE-2025-29121

A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fastsettingwifiset file formfastsettingwifiset. Using the timeZone parameter causes a stack-based buffer overflow...

CVE-2025-29121

A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fastsettingwifiset file formfastsettingwifiset. Using the timeZone parameter causes a stack-based buffer overflow...

Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mangle executable. The issue results from the lack of proper...

CVE-2025-2370

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The...

CVE-2025-2369

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the atta...

Important: libxml2

Issue Overview: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML...

RHEL 8 : libxml2 (RHSA-2025:2660)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2660 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-After-Free ...

X.Org Server XkbVModMaskText Stack-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the XkbVModMaskText...