Xyhackr

**Name of the Vulnerable Software and Affected Versions** zyx0814 FilePress versions prior to 2.2.1 **Description** An issue exists in the Shares Filelist API within the file 'dzz/shares/admin.php'. Manipulation of the argument order allows a remote attacker to perform SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution to manipulate a database. **Recommendations** Apply patch e20ec58414103f781858f2951d178e19b1736664 to remediate the issue.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RT version 3.4.0-B20250430 **Description** A remote buffer overflow can occur via the manipulation of the `localPin` argument. This issue exists within the `is cmd string valid()` function of the `/boafrm/formWsc` file in the `libapmib.so` component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RT version 3.4.0-B20250430 **Description** A buffer overflow exists in the `/boafrm/formIpQoS` file. A remote attacker can trigger this issue by manipulating the `entry name` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C Magic B0 versions prior to 100R002 **Description** A buffer overflow exists in the `Edit BasicSSID()` function within the '/goform/aspForm' file. This issue occurs when the `param` argument is manipulated, allowing for remote execution of the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.