Publish Advisories

GHSA-72f4-q73h-wfwq
GHSA-g9j5-xpjv-f35r
GHSA-gfrv-jc8x-494c
GHSA-hjgc-c8mr-mg36
GHSA-j477-xrpr-5872
GHSA-pfrw-7rxm-j92h
GHSA-r252-84qw-9rcg
GHSA-rr9x-rmx5-9jcm
GHSA-w6rw-qpr3-rrc8

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-72f4-q73h-wfwq/GHSA-72f4-q73h-wfwq.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-72f4-q73h-wfwq",
+  "modified": "2025-07-17T00:31:25Z",
+  "published": "2025-07-17T00:31:25Z",
+  "aliases": [
+    "CVE-2025-34124"
+  ],
+  "details": "A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34124"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/homm3_h3m.rb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/37716"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/heroes-of-might-and-magic-iii-map-file-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:23Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-g9j5-xpjv-f35r/GHSA-g9j5-xpjv-f35r.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g9j5-xpjv-f35r",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2025-34132"
+  ],
+  "details": "A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface. 777",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-gfrv-jc8x-494c/GHSA-gfrv-jc8x-494c.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gfrv-jc8x-494c",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:25Z",
+  "aliases": [
+    "CVE-2025-34126"
+  ],
+  "details": "A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codesec.blogspot.com/2015/03/rips-scanner-v-054-local-file-include.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/rips_traversal.rb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rips-scanner.sourceforge.net"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/18660"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/rips-scanner-path-traversal"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-hjgc-c8mr-mg36/GHSA-hjgc-c8mr-mg36.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hjgc-c8mr-mg36",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2025-34129"
+  ],
+  "details": "A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-j477-xrpr-5872/GHSA-j477-xrpr-5872.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j477-xrpr-5872",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2024-12498"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12498"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T23:15:22Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-pfrw-7rxm-j92h/GHSA-pfrw-7rxm-j92h.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pfrw-7rxm-j92h",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2025-34127"
+  ],
+  "details": "A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34127"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/achat_bof.rb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/36056"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/achat-seh-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-r252-84qw-9rcg/GHSA-r252-84qw-9rcg.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r252-84qw-9rcg",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2025-34130"
+  ],
+  "details": "An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34130"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/lilin-dvr-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-rr9x-rmx5-9jcm/GHSA-rr9x-rmx5-9jcm.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rr9x-rmx5-9jcm",
+  "modified": "2025-07-17T00:31:26Z",
+  "published": "2025-07-17T00:31:26Z",
+  "aliases": [
+    "CVE-2025-34128"
+  ],
+  "details": "A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34128"
+    },
+    {
+      "type": "WEB",
+      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/x360_video_player_set_text_bof.rb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rh0dev.github.io/blog/2015/fun-with-info-leaks"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/35948"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/36100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.fortiguard.com/encyclopedia/ips/40167/x360-videoplayer-activex-control-buffer-overflow"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/x360-videoplayer-activex-control-buffer-overflow"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-16T22:15:24Z"
+  }
+}