CVE-2019-25609

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

CVE-2019-25619 FTP Shell Server 6.83 Buffer Overflow via Account Name

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

CVE-2019-25611 MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconfloadsetting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite...

CVE-2019-25609 JetAudio jetCast Server 2.0 Local SEH Buffer Overflow

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

CVE-2019-25609 JetAudio jetCast Server 2.0 Local SEH Buffer Overflow

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

CVE-2019-25608 Iperius Backup 6.1.0 Privilege Escalation via Backup Job

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...

CVE-2019-25608 Iperius Backup 6.1.0 Privilege Escalation via Backup Job

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...

CVE-2019-25608

CVE-2019-25608 affects Iperius Backup 6.1.0. A privilege-escalation flaw lets low-privilege users cause arbitrary code execution by configuring backup jobs to run pre-/post-backup batch files or programs. These run with the privileges of the Iperius Backup Service account (Local System or Adminis...

CVE-2019-25607 Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute...

CVE-2019-25604 DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a...

PT-2026-26992

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a...

PT-2026-26996

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...

MiniFtp 缓冲区错误漏洞

MiniFtp is a lightweight FTP server software developed by Arvin’s individual developer. MiniFtp has a buffer error vulnerability, which stems from a buffer overflow in the parseconfloadsetting function. This vulnerability could allow local attackers to execute arbitrary code by providing...

Lavavo CD Ripper 缓冲区错误漏洞

Lavavo CD Ripper is an audio extraction tool developed by the Lavavo company. Version 4.20 of Lavavo CD Ripper contains a buffer overflow vulnerability, which stems from improper handling of structured exceptions and buffer overflows. This vulnerability could allow local attackers to execute...

PT-2026-26997

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

Debian dsa-6175 : libyaml-syck-perl - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6175 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6175-1 [email protected] https://www.debian.org/security/...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DataInterpreter component. An attacker can execute arbitrary code by injecting malicious inp...

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the codegenerate function in the metagpt/ext/aflow/scripts/operator.py file. An attacker can execute arbitrary code by supplying crafted input to this function...

Arbitrary Code Execution

PySpector is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete AST validation in the plugin system where indirect calls via getattr are not properly resolved, which allows an attacker to bypass security checks and execute arbitrary system commands through malicious...

Code Injection

craftcms/cms is vulnerable to Code Injection. The vulnerability is due to passing unvalidated configuration data to Craft::configure without proper sanitization, which allows an attacker to inject malicious behavior or event handlers and execute arbitrary code...