Lucene search
K

290 matches found

EUVD
EUVD
added 2026/05/23 6:30 p.m.14 views

EUVD-2018-21867

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the...

8.6CVSS6.3AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/05/17 1:16 p.m.14 views

CVE-2018-25330

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.35 views

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/04 2:52 p.m.56 views

EUVD-2025-209614

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS6AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 2:52 p.m.88 views

CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

3onedata GW1101-1D(RS-485)-TB-P 操作系统命令注入漏洞

The 3onedata GW1101-1DRS-485-TB-P is an industrial communication gateway device produced by the 3onedata company. The 3onedata GW1101-1DRS-485-TB-P V2.2.0 version contains a vulnerability related to operating system command injection. This vulnerability stems from a flaw in the IP address field o...

9.3CVSS6.1AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/26 1:19 p.m.33 views

CVE-2018-25295 ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...

6.9CVSS0.00124EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/21 7:14 p.m.4 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:14 p.m.18 views

CVE-2026-40872

Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.7 views

CVE-2018-25256

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

6.8CVSS6.2AI score0.00202EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/04 1:51 p.m.22 views

CVE-2018-25252

The CVE-2018-25252 entry concerns FTP Voyager 16.2.0, where a denial-of-service condition arises from a buffer overflow caused by injecting oversized data into the site profile IP field. Attackers can craft a site profile containing about 500 bytes of repeated characters and paste it into the IP ...

6.9CVSS6.1AI score0.003EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.6 views

CVE-2018-25252 FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP...

6.9CVSS6.1AI score0.003EPSS
Exploits1References4
CVE
CVE
added 2026/04/04 1:50 p.m.12 views

CVE-2016-20050

NetSchedScan 1.0 is affected by a local-denial-of-service vulnerability due to a buffer overflow in the Hostname/IP field. A crafted input of 388 bytes followed by 4 bytes of EIP overwrite can crash the application. The issue is limited to local access and does not specify remote exploitation or ...

6.9CVSS6.2AI score0.00165EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/04 1:50 p.m.21 views

CVE-2016-20050 NetSchedScan 1.0 Buffer Overflow Denial of Service

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the...

6.9CVSS0.00165EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30348

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the...

6.9CVSS6.2AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/22 3:30 a.m.6 views

EUVD-2019-19918

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS6AI score0.00171EPSS
Exploits1References5
NVD
NVD
added 2026/03/22 1:16 a.m.6 views

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS0.00171EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/22 1:16 a.m.4 views

CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS6.1AI score0.00178EPSS
Exploits1References5
OSV
OSV
added 2026/03/22 1:16 a.m.5 views

UBUNTU-CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS6AI score0.00178EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/22 12:11 a.m.1 views

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS6AI score0.00171EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder