19 matches found
GHSA-9WXG-VF3R-56HC OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source
Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...
CVE-2018-25314 Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow
Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...
PT-2026-35998
Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...
EUVD-2026-10079
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...
CVE-2026-30237
Group-Office (enterprise CRM/groupware) is affected by a reflected XSS in the installer at install/license.php. Versions prior to 6.8.155, 25.0.88, and 26.0.10 render the POST parameter license inside a textarea without escaping, enabling a breakout sequence such as . This could allow arbitrary s...
CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php)
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without escaping inside a ,...
PT-2026-23757
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.155 Group-Office versions prior to 25.0.88 Group-Office versions prior to 26.0.10 Description Group-Office is a customer relationship management and groupware tool. A reflected cross-site scripting XSS issue...
CVE-2019-25405
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense fie...
CVE-2019-25363 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...
CVE-2019-25363 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...
CVE-2019-25363
CVE-2019-25363 concerns WMV to AVI MPEG DVD WMV Convertor 4.6.1217. The connected documents confirm a buffer overflow in the product’s input handling, specifically when a user pastes a ~6000‑byte payload into the 'License Name and License Code' field, which triggers an application crash. This vul...
PT-2026-20538
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an...
CVE-2020-37184
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the...
CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...
CVE-2020-36971
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...
EUVD-2020-30878
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...
CVE-2020-36971
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...