Search

Search Results (366310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-25307 2 Flexense, Sysgauge 2 Sysgauge, Sysgauge Pro 2026-07-15 8.4 High
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges.
CVE-2018-25296 2 Fireeye, P10 2 Central Management, Central Management Software 2026-07-15 5.5 Medium
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
CVE-2018-25264 1 Acutesystems 1 Transmac 2026-07-15 6.2 Medium
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.
CVE-2018-25243 2 Caspie, Fasttube 2 Fast Tube, Fasttube 2026-07-15 6.2 Medium
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
CVE-2018-25236 1 Belden 2 Hirschmann Hios, Hirschmann Hisecos 2026-07-15 9.8 Critical
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
CVE-2018-25212 2 Boxoft, Vmware 2 Wav To Wma Converter, Converter Enterprise Client 2026-07-15 8.4 High
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.
CVE-2018-25207 2 Ays-pro, Hscripts 2 Quiz Maker, Online Quiz Maker 2026-07-15 7.1 High
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.
CVE-2018-25203 2 Online Store System Project, Wecodex 2 Online Store System, Online Store System Cms 2026-07-15 8.2 High
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.
CVE-2018-25193 1 Cesanta 2 Mongoose, Mongoose Web Server 2026-07-15 7.5 High
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
CVE-2017-20273 2 Joomlashowroom, Vcita 2 Event Registration Pro Calendar, Event Registration Calendar By Vcita 2026-07-15 8.2 High
Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_registrationpro&view=category&id parameter containing SQL injection payloads to extract sensitive database information.
CVE-2017-20268 2 Apereo, Zcontent 2 Bw-calendar-engine, Zap Calendar Lite 2026-07-15 8.2 High
Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads to extract sensitive database information including database names and table structures.
CVE-2017-20229 2 Invisible-island, Mawk 2 Mawk, Mawk 2026-07-15 9.8 Critical
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.
CVE-2016-20094 1 Anydesk 1 Anydesk 2026-07-15 7.8 High
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during application startup or system reboot.
CVE-2016-20093 2 Wise, Wisecleaner 2 Wisecleaner, Wise Care 365 2026-07-15 7.8 High
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.
CVE-2016-20091 2 Malwarebytes, Microsoft 2 Binisoft Windows Firewall Control, Windows Firewall 2026-07-15 7.8 High
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
CVE-2016-20085 2 Dell, Realtek 2 Realtek High Definition Audio Driver, Realtek High Definition Audio Driver 2026-07-15 7.8 High
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
CVE-2016-20084 3 Codepeople, Dwbooster, Wordpress 3 Booking Calendar Contact Form, Booking Calendar Contact, Wordpress 2026-07-15 7.2 High
WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface.
CVE-2016-20075 2 Etoilewebdesign, Wordpress 2 Ultimate Product Catalog, Wordpress 2026-07-15 8.8 High
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
CVE-2016-20070 3 Codepeople, Dwbooster, Wordpress 3 Booking Calendar Contact Form, Booking Calendar Contact Form, Wordpress 2026-07-15 6.4 Medium
WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with subscriber-level accounts can inject XSS payloads through parameters like price, name, calendar_language, and email_confirmation_to_user via admin-ajax.php and admin.php endpoints to execute arbitrary JavaScript in administrator browsers.
CVE-2016-20069 3 Codepeople, Dwbooster, Wordpress 3 Booking Calendar Contact Form, Booking Calendar Contact Form, Wordpress 2026-07-15 8.2 High
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information.