61 matches found
EUVD-2020-23052
Malware in sbrugna...
EUVD-2002-1721
Malware in sbrugna...
EUVD-2014-2404
Malware in sbrugna...
CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...
CVE-2025-9779 TOTOLINK A702R formFilter sub_4162DC buffer overflow
A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now publi...
CVE-2025-9089
The CVE-2025-9089 entry concerns the Tenda AC20 router (firmware 16.03.08.12). Affected component: the sub_48E628 function in /goform/SetIpMacBind. Root cause: improper validation of the input argument list leads to a stack-based buffer overflow, enabling remote consideration of an attack vector....
The vulnerability of the sub_455D4() function in the microprogramming software of Tenda AX1806 allows a hacker to cause a service failure.
The vulnerability of the sub455D4 function in the microprogramming software of the Tenda AX1806 router lies in the fact that the operation’s output goes beyond the buffer in memory when processing the wpapskcrypto parameter. Exploiting this vulnerability can allow a remote attacker to cause a...
CVE-2023-52039
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415AA4 function...
TOTOLINK X6000R Command Injection Vulnerability
The TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R v9.4.0cu.652B20230116 version that stems from a remote command execution vulnerability in the method in the sub412688 location...
SUSE CVE-2010-1447
The Safe aka Safe.pm module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended 1...
SUSE CVE-2014-2241
The 1 cf2initLocalRegionBuffer and 2 cf2initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service assertion failure, as demonstrated by a crafted ttf file...
SUSE CVE-2015-8387
PCRE before 8.38 mishandles ?123 subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
Design/Logic Flaw
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2015-2326
Disclaimer: This data contains information about vulnerable...
CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
DEBIAN-CVE-2019-9824
tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...
CVE-2015-1027
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...