19 matches found
EUVD-2019-19994
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...
CVE-2019-25627
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...
CVE-2019-25627 FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...
CVE-2019-25627 FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...
CVE-2019-25627
FlexHEX 2.71 exposes a local buffer overflow vulnerability in the Stream Name field that can be triggered via a crafted text file to overflow the SEH chain, enabling local execution of commands (e.g., calc.exe) when the exception handler is invoked. The issue is a local vulnerability with shellco...
PT-2026-27361
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...
FlexHEX 代码问题漏洞
FlexHEX is an open-source hexadecimal data editor developed by FlexHEX. Version 2.71 of FlexHEX contains a code vulnerability caused by a local buffer overflow in the Stream Name field. This vulnerability could allow local attackers to execute arbitrary code by triggering the structured exception...
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...
CVE-2026-33485
CVE-2026-33485 affects WWBN/AVideo up to version 26.0, where the RTMP on_publish.php endpoint is reachable without authentication. The attack relies on the stream key in $_POST['name'], which is interpolated directly into SQL in two places: LiveTransmitionHistory::getLatest() and LiveTransmition:...
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations —...
GHSA-8P58-35C3-CCXX AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
Summary The RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations — LiveTransmitionHistory::getLatest and LiveTransmition::keyExists — without parameterized binding...
AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
Summary The RTMP onpublish callback at plugin/Live/onpublish.php is accessible without authentication. The $POST'name' parameter stream key is interpolated directly into SQL queries in two locations — LiveTransmitionHistory::getLatest and LiveTransmition::keyExists — without parameterized binding...
PT-2025-4114 · Unknown · Code-Projects Job Recruitment
Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problematic issue has been found in the file / parse/load job-details.php, where the manipulation of the business stream name and company website url arguments leads to cross site...
Code-Projects Job Recruitment 代码注入漏洞
Code-Projects Job Recruitment is an open source job portal from Code-Projects. A code injection vulnerability exists in Code-Projects Job Recruitment version 1.0, which stems from a cross-site scripting attack due to manipulation of the parameter businessstreamname...
SUSE CVE-2008-5238
Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...
Daniel Fahlke magento-lts 代码问题漏洞
Magento lts is a long term support alternative to Magento Community Edition CE. A code issue vulnerability exists in Magento lts. The vulnerability exists due to insufficient validation of the stream name in "lib Zend Http Response stream .php". A remote attacker could use this vulnerability to...
CVE-2008-5238
Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...
CVE-2008-5238
Integer overflow in the realparsemdpr function in demuxreal.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted streamnamesize field...