CVE-2024-35388

TOTOLINK NR1800X v9.1.0u.6681_B20230703 contains a stack overflow in the urldecode function triggered via the password parameter. Multiple sources (NVD/CNVD/Red Hat/CVE entries) describe the vulnerability as arising from insufficient input length validation, enabling arbitrary code execution or a...

TOTOLINK NR1800X 安全漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version v9.1.0u.6681B20230703, which stems from the password paramete...

TOTOLINK LR350 urldecode function buffer overflow vulnerability

TOTOLINK LR350 is a 4G LTE router from China's TOTOLINK , which supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a buffer overflow vulnerability, which arises when the password parameter in the urldecode function fails to correctly...

CVE-2024-34308

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode...

CVE-2024-34308

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a 4G LTE router from China's TOTOLINK , which supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a buffer overflow vulnerability, which arises when the password parameter in the urldecode function fails to correctly...

CVE-2024-34308

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode...

CVE-2024-34308

Affected product: TOTOLINK LR350 (v9.3.5u.6369_B20220309). A vulnerability in the urldecode function allows a stack overflow via the password parameter. Public records indicate potential for arbitrary code execution and/or denial of service . Several sources corroborate the stack overflow root ca...

PT-2024-25781 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: A stack overflow issue was discovered, related to the password parameter in the urldecode function. Recommendations: For TOTOLINK LR350 version 9.3.5u.6369 B20220309, avoid using the...

CVE-2023-0479

The CVE-2023-0479 entry affects the WordPress plugin Print Invoice & Delivery Notes for WooCommerce, prior to version 4.7.2. The issue is a reflected XSS vulnerability in an admin note on the WooCommerce orders page, caused by echoing a GET value after a urldecode() cleanup (post-esc_url_raw()), ...

SUSE CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

OESA-2022-1556 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

ohmyzsh 操作系统命令注入漏洞

ohmyzsh is an open source, community-driven framework for managing your zsh configuration. An operating system command injection vulnerability exists in ohmyzsh, which stems from the fact that ohmyzsh's omzurldecode function uses an eval to decode input, which can be used to inject commands. This...

Out-of-bound Read

PHP is vulnerable to out-of-bound read. It is possible when compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (PHP CVE-2020-7067)

Summary IBM API Connect had addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7067 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the urldecode function. By persuading a victim to open a...

EulerOS 2.0 SP2 : php (EulerOS-SA-2020-1632)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, whi...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : php73 (ALAS-2020-1368)

The version of php73 installed on the remote host is prior to 7.3.17-1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1368 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

Amazon Linux AMI : php72 (ALAS-2020-1367)

The version of php72 installed on the remote host is prior to 7.2.30-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1367 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

Medium: php73

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...