CVE-2018-25328

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute...

EUVD-2026-29501

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

PT-2026-40056

Name of the Vulnerable Software and Affected Versions optimate versions prior to commit a6d302f912b481c94370811af6b11402f51d377f Description The load model function in the neural magic training.py script allows arbitrary code execution. When a directory path is supplied via the --model command-li...

EUVD-2019-19928

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to...

CVE-2019-25593

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to...

CVE-2019-25593

JetCast Server 2.0 is affected by a local denial-of-service vulnerability: supplying an excessively long string (about 5000 characters) to the Log directory configuration field and starting the server can crash the process. Root cause is input handling of the Log directory field leading to a cras...

PT-2026-26981

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to...

Command Injection

Overview cli-onprem is a CLI tool for infrastructure engineers Affected versions of this package are vulnerable to Command Injection due to the use of shell-invoked subprocess calls with unvalidated input. An attacker can execute arbitrary commands by injecting shell metacharacters in the directo...

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...

CMS Made Simple 安全漏洞

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...

PT-2023-9278 · Zoho · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADSelfService Plus versions below 6401 Description: The issue is related to an uncontrolled resource consumption in the password reset software, which can be exploited by a remote attacker to cause a denial of service. The...

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. A buffer overflow vulnerability exists in the ASUS BMC firmware Web management page, which originates from the Active Directory configuration function not validating the length of a string entered by a user, and can be exploited by a remote attacke...

CVE-2018-3877

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long...

Paskto - Passive Web Scanner

Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and known URL lists to identify interesting content. Hash signatures are also used to identify known...