CVE-2019-25736 LabF nfsAxe 3.7 Ping Client Buffer Overflow

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

CVE-2018-25423 Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

CVE-2018-25423

Arm Whois 3.11 is affected by a local denial-of-service vulnerability due to a buffer overflow when processing an oversized input string (about 700 bytes) in the IP address or domain field. The flaw allows local attackers to crash the application. No remediation, patch version, or exploit details...

CVE-2018-25378 Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Noteboo...

rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

EUVD-2026-31180

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

EUVD-2020-31247

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2020-37245 WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2020-37235

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

CVE-2018-25295 ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...

EUVD-2018-21792

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...

PT-2026-32178

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

CVE-2019-25648

MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registratio...

CVE-2019-25600

CVE-2019-25600 affects UltraVNC Viewer 1.2.2.4. A denial-of-service exists where an oversized string in the VNC Server input field can cause a buffer overflow and crash the viewer. Attack described: paste a string with 256 repeated characters into the VNC Server field and click Connect. CVSS metr...

CVE-2019-25586 Deluge 1.3.15 Denial of Service via URL Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

Nsasoft Dnss Domain Name Search Software 缓冲区错误漏洞

Nsasoft Dnss Domain Name Search Software is a domain name search and analysis tool developed by the American company Nsasoft. Version 2.1.8 of Nsasoft Dnss Domain Name Search Software contains a buffer overflow vulnerability. This vulnerability stems from an issue with the registration code input...

PT-2026-26988

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect t...

CVE-2019-25547

NetAware 1.20 is affected by a local-denial-of-service vulnerability in the User Blocking feature. A crafted input of 512 bytes pasted into the “Add a website or keyword to be filtered” field can cause a buffer overflow, crashing the application when the created block is removed. This CVE (CVE-20...

PT-2026-26643

CVE-2026-29828 DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/id page via the input field projectDesc. https://t.co/IdJyEMWfTe...

PT-2026-20528

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login...