CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD-2019-20171

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score

Exploits0References4

OSV•added 2025/06/09 8:30 p.m.•2 views

GHSA-G4CF-PP4X-HQGW HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

8.5CVSS8.2AI score0.04034EPSS

Exploits1References4

CNVD•added 2024/01/12 12:0 a.m.•9 views

TRENDnet TV-IP1314PI Command Injection Vulnerability

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. The TRENDnet TV-IP1314PI suffers from a command injection vulnerability, which originates from davinci's use of the system function to unpack language packets without strict filtering of URL strings, which can be exploited by an...

9.8CVSS7.6AI score0.69803EPSS

Exploits1References1

Vulnrichment•added 2024/01/09 12:0 a.m.•2 views

CVE-2023-49237

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...

9.9AI score0.69803EPSS

Exploits1References2

NVD•added 2023/09/27 7:15 p.m.•7 views

CVE-2023-4523

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm...

9.4CVSS9.2AI score0.00085EPSS

Exploits0References1

Positive Technologies•added 2023/09/19 12:0 a.m.•2 views

PT-2023-27025 · Unknown · Isl Arp Guard

Name of the Vulnerable Software and Affected Versions: ISL ARP Guard version 4.0.2 Description: A reflected cross-site scripting XSS issue exists in the url str URL parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of maliciou...

5.4CVSS5.4AI score0.0021EPSS

Exploits1References5

Github Security Blog•added 2022/08/02 12:0 a.m.•18 views

node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function in referrer.js, when processing a URL string with alternating letters and periods,...

5.9CVSS5.4AI score0.00225EPSS

Exploits1References6Affected Software1

Cvelist•added 2019/07/25 1:12 p.m.•14 views

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

9.7AI score0.06441EPSS

Exploits0References3

seebug.org•added 2014/07/01 12:0 a.m.•22 views

ActivePerl 5.6.1 perlIIS.dll Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a DLL called 'perlIIS.dll'...

7.1AI score

Exploits0

OSV•added 2013/10/25 11:55 p.m.•1 views

DEBIAN-CVE-2013-6283

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string in a URL in a m3u file...

7.5CVSS7.8AI score0.09811EPSS

Exploits1References1

Check Point Advisories•added 2010/01/06 12:0 a.m.•1 views

Orbit Downloader Long URL Stack Buffer Overflow (CVE-2009-0187)

Orbit Downloader, developed by Orbit Downloader Team, is a graphical download manager for Microsoft Windows operating system. Orbit Downloader works with all major browsers like Opera, Mozilla Firefox, Microsoft Internet Explorer, Maxthon, and Netscape. A buffer overflow vulnerability exists in...

9.3CVSS7.6AI score0.73411EPSS

Exploits8

Prion•added 2009/12/03 5:30 p.m.•12 views

Stack overflow

Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the 1 LogURL, 2 ConnectURL, 3 SkinURL, 4 AlbumCreateURL, 5 ErrorURL, or 6 httpsinglehost property val...

9.3CVSS8.4AI score0.06939EPSS

Exploits0References7Affected Software1

NVD•added 2009/12/03 5:30 p.m.•9 views

CVE-2009-1567

9.3CVSS7.8AI score0.06939EPSS

Exploits0References7

NVD•added 2004/12/31 5:0 a.m.•13 views

CVE-2004-2581

Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."...

5CVSS6.4AI score0.0082EPSS

Exploits0References6

NVD•added 2000/12/19 5:0 a.m.•14 views