290 matches found
EUVD-2018-21867
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...
CVE-2018-25330
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...
CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...
EUVD-2025-209614
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...
3onedata GW1101-1D(RS-485)-TB-P 操作系统命令注入漏洞
The 3onedata GW1101-1DRS-485-TB-P is an industrial communication gateway device produced by the 3onedata company. The 3onedata GW1101-1DRS-485-TB-P V2.2.0 version contains a vulnerability related to operating system command injection. This vulnerability stems from a flaw in the IP address field o...
CVE-2018-25295 ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...
CVE-2026-40872
Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...
CVE-2018-25256
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...
CVE-2018-25252
The CVE-2018-25252 entry concerns FTP Voyager 16.2.0, where a denial-of-service condition arises from a buffer overflow caused by injecting oversized data into the site profile IP field. Attackers can craft a site profile containing about 500 bytes of repeated characters and paste it into the IP ...
CVE-2018-25252 FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP...
CVE-2016-20050
NetSchedScan 1.0 is affected by a local-denial-of-service vulnerability due to a buffer overflow in the Hostname/IP field. A crafted input of 388 bytes followed by 4 bytes of EIP overwrite can crash the application. The issue is limited to local access and does not specify remote exploitation or ...
CVE-2016-20050 NetSchedScan 1.0 Buffer Overflow Denial of Service
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the...
PT-2026-30348
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the...
EUVD-2019-19918
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...
UBUNTU-CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...