| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html. |
| Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash. |
| Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash. |
| 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain. |
| PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code. |
| Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field. |
| Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions. |
| ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service. |
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. |
| Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device. |
| B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process. |
| Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. |
| CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution. |
| Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution. |
| Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit. |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page. |
| jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads. |
| Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields. |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. |
| Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. |
