Overview CVE-2016-15056 is a critical vulnerability affecting Ubee EVW3226 cable modem/routers. Firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. Crucially, these backup files remain accessible without authentication until the device is rebooted. This allows a remote attacker on the local network to retrieve the configuration backup and, because it is unencrypted, extract the plaintext admin password, leading to complete device compromise. Technical Details The vulnerability stems from the improper handling of configuration backups. When a user initiates a backup through the web interface, the Ubee EVW3226 creates…
-
-
Overview CVE-2025-13187 is a medium-severity security vulnerability affecting Intelbras ICIP version 2.0.20. This vulnerability allows for the unprotected storage of user credentials, specifically the username and password. A remote attacker can potentially exploit this flaw to gain unauthorized access to the system. The exploit has been publicly disclosed, making it crucial for users of affected Intelbras ICIP devices to take immediate action to mitigate the risk. Technical Details The vulnerability exists within the /xml/sistema/acessodeusuario.xml file. By manipulating the NomeUsuario and SenhaAcess arguments, an attacker can cause the system to store user credentials in plaintext, rather than using proper encryption or…
-
Overview CVE-2025-13186 details a Cross-Site Scripting (XSS) vulnerability found in Bdtask/CodeCanyon’s Isshue Multi Store eCommerce Shopping Cart Solution up to version 4.0. The vulnerability resides within the /dashboard/Ccustomer/manage_customer file, specifically through the manipulation of the Search argument. This allows a remote attacker to inject malicious scripts, potentially impacting users who interact with the affected functionality. The vendor was notified, but did not respond to the disclosure. Technical Details The vulnerability lies in the inadequate sanitization of user-supplied input passed via the Search parameter within the /dashboard/Ccustomer/manage_customer file. An attacker can inject arbitrary JavaScript code into this parameter, which will then…
-
Overview A critical SQL injection vulnerability, identified as CVE-2025-64084, has been discovered in Cloudlog, an amateur radio logging software. This vulnerability affects versions 2.7.5 and earlier. An authenticated attacker can exploit this flaw to execute arbitrary SQL commands on the Cloudlog database. This article provides a detailed analysis of the vulnerability, its potential impact, and the steps required to mitigate it. Technical Details The vulnerability resides within the vucc_details_ajax function located in the application/controllers/Awards.php file. The code fails to properly sanitize user-supplied input from the Gridsquare POST parameter. Specifically, the Gridsquare parameter is directly concatenated into a raw SQL query…
-
Overview CVE-2025-63891 identifies a critical information disclosure vulnerability affecting the SourceCodester Simple Online Book Store System. This vulnerability allows an unauthenticated, remote attacker to retrieve the complete database contents, including schema and credential hashes, via a publicly accessible backup file. This poses a significant risk to the security and integrity of the application and its users’ data. Technical Details The vulnerability stems from the presence of a web-accessible database backup file (obs_db.sql) located within the /obs/database/ directory. Due to improper access controls, this file can be downloaded by anyone without requiring authentication. The database backup contains the full database schema,…
-
Overview CVE-2025-63745 describes a NULL pointer dereference vulnerability found in radare2, a reverse engineering framework. Specifically, the vulnerability exists within the info() function of the bin_ne.c file. This flaw can be triggered when radare2 processes a specially crafted binary input. The result of exploiting this vulnerability is a segmentation fault, which leads to a denial-of-service (DoS) condition. This means an attacker can cause radare2 to crash, preventing legitimate users from using the tool. Technical Details The vulnerability stems from a potential NULL pointer dereference within the info() function in bin_ne.c. When radare2 encounters a malformed or unexpected structure in a…
-
Overview A NULL pointer dereference vulnerability, identified as CVE-2025-63744, affects radare2 versions 6.0.5 and earlier. This vulnerability resides in the load() function of the bin_dyldcache.c file. By processing a specially crafted file, an attacker can trigger a segmentation fault, leading to a program crash. This can disrupt radare2’s functionality and potentially hinder security analysis tasks. Technical Details The vulnerability stems from a missing check for a NULL pointer before dereferencing it within the load() function in bin_dyldcache.c. When radare2 attempts to process a malicious or corrupted dyldcache file, a specific condition can cause the pointer to remain NULL. Subsequent attempts…
-
Overview A medium-severity security vulnerability, identified as CVE-2025-13185, has been discovered in Bdtask/CodeCanyon’s News365, affecting versions up to 7.0.3. This flaw allows for unrestricted file uploads via the /admin/dashboard/profile endpoint. Specifically, manipulation of the profile_image and banner_image arguments can be exploited to upload arbitrary files, potentially leading to remote code execution and system compromise. This vulnerability is actively being exploited in the wild. Technical Details The vulnerability lies in the insufficient validation of file types and sizes during the upload process within the /admin/dashboard/profile functionality. An attacker can bypass expected restrictions and upload malicious files, such as PHP scripts, that…
-
Overview CVE-2025-13182 describes a Cross-Site Scripting (XSS) vulnerability discovered in pojoin h3blog version 1.0. This vulnerability allows a remote attacker to inject malicious scripts into the application via the ‘Title’ argument of the /admin/cms/category/addtitle file. The vulnerability has been classified as low severity and a proof-of-concept exploit is publicly available. Technical Details The XSS vulnerability exists within the /admin/cms/category/addtitle endpoint. By manipulating the Title parameter, an attacker can inject arbitrary JavaScript code that will be executed in the context of a user’s browser when they interact with the affected page. This could lead to session hijacking, defacement, or other malicious…
-
Overview CVE-2025-63701 details a heap corruption vulnerability found in the Advantech TP-3250 printer driver, specifically within the DrvUI_x64_ADVANTECH.dll file (version 0.3.9200.20789). This vulnerability arises from an incorrect size assumption during the DocumentPropertiesW() function call, potentially leading to serious security consequences. Technical Details The vulnerability occurs when DocumentPropertiesW() is called with a valid dmDriverExtra value, but the provided output buffer is smaller than expected. The driver erroneously assumes that the size of the output buffer matches the input buffer. This incorrect assumption leads to an out-of-bounds write during memory operations, causing heap corruption. The affected DLL is DrvUI_x64_ADVANTECH.dll, version 0.3.9200.20789. CVSS…