Publicly Disclosed
PoC Exploits

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A relative path traversal vulnerability exists in Fortinet FortiWeb products versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.4, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11. This vulnerability allows an attacker to potentially execute unauthorized administrative commands on the system by sending sp...

A significant vulnerability has been identified in the Linksys MR9600 firmware version 2.0.6.206937. A flaw in the 'smartConnectConfigure' function located in the SmartConnect.lua file allows for OS command injection through manipulation of specific arguments such as configApSsid, configApPassphr...

A cross site scripting vulnerability has been identified in the Exam Form Submission product by Code-Projects, specifically within the updating function located in /admin/update_s1.php. By manipulating the 'sname' argument, an attacker can inject malicious scripts into web pages viewed by other u...

A vulnerability has been identified in the D-Link DIR-513 router, specifically within the formEasySetTimezone function in the boa component. This issue can lead to a stack-based buffer overflow when the curTime argument is manipulated. Attackers can exploit this vulnerability remotely, potentiall...

A security flaw has been identified in the Tenda F453 router, specifically in the FormWriteFacMac function located within the /goform/WriteFacMac file. This vulnerability allows for command injection through manipulation of the mac argument, enabling an attacker to execute unauthorized commands r...

The vulnerability in the TLS and DTLS implementations of OpenSSL versions prior to 1.0.1g allows remote attackers to exploit crafted Heartbeat Extension packets. This exploitation results in a buffer over-read, potentially revealing sensitive information from the memory of the affected process. A...

A stack-based buffer overflow vulnerability has been identified in the Tenda F453 device, specifically in the Parameters Handler within the function fromNatlimit. The vulnerability arises due to improper handling of argument manipulation for the 'page' parameter in the /goform/Natlimit file. An a...

A stack-based buffer overflow vulnerability exists in the Tenda F453 router version 1.0.0.3, specifically within the fromVirtualSer function in the Parameters Handler. By manipulating the 'page' argument of the /goform/VirtualSer file, an attacker can exploit this vulnerability remotely, potentia...

A vulnerability in the Tenda F453 device allows for a stack-based buffer overflow due to improper handling of user-supplied input in the fromSafeClientFilter function of the Parameters Handler component. This issue can be exploited remotely, potentially allowing attackers to manipulate the menufa...

An SQL injection vulnerability exists in the Simple Gym Management System's func.php file, specifically through unsanitized data passed via the Trainer_id or fname parameters. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or modificat...

FTP Shell Server version 6.83 is vulnerable to a buffer overflow attack in the 'Account name to ban' field. This flaw enables local attackers to execute arbitrary code on the system by supplying a crafted string within the Manage FTP Accounts dialog. By manipulating the account name parameter, at...

AdminExpress 1.2.5 is susceptible to a denial of service vulnerability that enables local attackers to crash the application. By submitting oversized input in the Folder Path field within the System Compare feature, attackers can trigger unresponsiveness or a full crash of the application, render...

The Ease Audio Converter version 5.30 is vulnerable to a denial of service attack through its Audio Cutter function. This vulnerability allows local attackers to exploit the application by processing specially crafted MP4 files that contain oversized buffers. When these malformed files are loaded...

AnMing MP3 CD Burner version 2.0 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By inputting a specially crafted oversized string (up to 6000 bytes) into the registration name field, an attacker can trigger a denial of service condition, effectively cr...

Lavavo CD Ripper 4.20 has a structured exception handling (SEH) buffer overflow vulnerability that can be exploited by local attackers to execute arbitrary code. By providing a specially crafted string in the License Activation Name field, an attacker can manipulate the application's memory and c...

Free Float FTP 1.0 has a critical buffer overflow vulnerability in its STOR command handler. This flaw allows an unauthenticated attacker to execute arbitrary code on the FTP server. By sending a specially crafted STOR request with an oversized payload, attackers can manipulate the server into ex...

The Easy Chat Server version 3.1 is susceptible to a denial of service attack, which allows remote attackers to crash the server. By sending an excessively large message through the message parameter in a POST request to the chat.ghp endpoint, attackers can disrupt the normal functioning of the a...

The version 1.2.5.485 of Admin Express, developed by Softonic, is susceptible to a local structured exception handling buffer overflow vulnerability. This flaw allows an attacker with local access to craft a payload that, when injected into the Folder Path field through the System Compare feature...

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function, which allows local attackers to execute arbitrary code. This occurs when oversized configuration values are provided, specifically exceeding 128 bytes. Attackers can craft a malicious miniftpd.conf file to ov...

The NetNumber Titan Master 7.9.1 is vulnerable to a path traversal issue in the drp endpoint. This flaw permits authenticated users to exploit directory traversal sequences, enabling them to download arbitrary files from the server. By manipulating the path parameter using base64-encoded payloads...

The JetAudio JetCast Server 2.0 contains a vulnerability in the Log Directory configuration field that leads to a stack-based buffer overflow. Local attackers can exploit this weakness by injecting specially crafted alphanumeric encoded shellcode into the Log Directory field. This manipulation al...

Iperius Backup 6.1.0 is susceptible to a vulnerability that permits low-privilege users to execute arbitrary applications with elevated permissions. This is achieved by crafting backup jobs that can trigger the execution of malicious scripts or programs, either before or after backup processes. T...

Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...

Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...

Fast AVI MPEG Joiner version 1.2.0812 is susceptible to a buffer overflow vulnerability that permits local attackers to crash the application. By injecting an oversized payload, specifically a text file with 6000 bytes of data into the License Name field, an attacker can trigger a denial of servi...

Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...

EquityPandit version 1.0 is susceptible to an insecure logging vulnerability that permits malicious actors to retrieve sensitive user credentials. By exploiting the Android Debug Bridge (ADB), attackers can gain access to developer console logs where plaintext passwords are recorded during the pa...

TuneClone 2.20 is susceptible to a structured exception handler (SEH) buffer overflow vulnerability. Local attackers can exploit this weakness by providing a specially crafted license code string, which allows for arbitrary code execution. By manipulating the buffer and redirecting execution flow...

DVDXPlayer Pro 5.5 is susceptible to a local buffer overflow vulnerability that can be exploited by attackers to execute arbitrary code. By crafting malicious playlist files, specifically .plf files containing carefully designed shellcode and NOP sleds, attackers can overflow a buffer and manipul...

The GSearch application version 1.0.1.0 suffers from a denial of service vulnerability that can be exploited by local attackers. By entering an excessively long string (up to 2000 characters) in the search bar, the attacker can trigger a crash of the application. This vulnerability arises from im...

UltraVNC Launcher version 1.2.2.4 has a buffer overflow vulnerability in the Path vncviewer.exe property field. This flaw can be exploited by local attackers who provide an excessively long string, leading to a denial of service condition. Specifically, a 300-byte payload of repeated characters c...

UltraVNC Viewer version 1.2.2.4 is vulnerable to a denial of service attack, which occurs when an attacker inputs an oversized string of characters into the VNC Server input field. Specifically, by pasting a malicious string composed of 256 identical characters and then clicking 'Connect', the ap...

HeidiSQL Portable version 10.1.0.5464 contains a vulnerability that allows a local attacker to cause a denial of service by entering an excessively long string in the password field during login attempts to Microsoft SQL Server. When a buffer overflow payload is inserted, it results in an applica...

The Backup Key Recovery 2.2.4 application contains a denial of service vulnerability that can be exploited by local attackers. By entering an excessively long string (300 characters or more) in the Name field during the registration process, attackers can trigger a crash of the application upon f...

NSauditor version 3.1.2.0 is affected by a buffer overflow vulnerability in the SNMP Auditor Community field, which allows attackers to crash the application. By inputting an excessively long string into the Community field and invoking the Walk function, local attackers can initiate a denial of ...

SpotAuditor 5.2.6 is vulnerable to a denial of service attack due to improper handling of input in the registration dialog. By inputting a excessively long string in the Name field, such as a buffer containing 300 repeated characters, a local attacker can cause the application to crash, disruptin...

The jetAudio Basic application is susceptible to a denial of service condition triggered by the URL input handler. An attacker can exploit this vulnerability by entering an excessively long string—specifically, a buffer of 5000 characters—into the Open URL dialog. This action causes the applicati...

ASPRunner.NET 10.1 contains a vulnerability that allows local attackers to cause a denial of service by submitting excessively long strings in the table name field during database creation. By sending a buffer of 10,000 characters, attackers can reliably crash the application, leading to potentia...

jetCast Server 2.0 is susceptible to a denial of service vulnerability that permits local attackers to crash the application. By inputting an excessively long string of 5000 characters into the Log directory configuration field, an attacker can initiate a server crash by clicking the Start button...

PHPRunner 10.1 is susceptible to a denial of service vulnerability that enables local attackers to crash the application by entering an excessively long string in the dashboard name field. Specifically, attackers can exploit this weakness by inputting a buffer of up to 10,000 characters during da...

The DNSS Domain Name Search Software version 2.1.8 is susceptible to a buffer overflow flaw in its registration code input field. This vulnerability enables local attackers to exploit the application by submitting an excessively long string, leading to a denial of service. By inserting a registra...

A significant vulnerability has been identified in PuTTY 0.83, specifically within the eddsa_verify function of the Ed25519 Signature Handler. This flaw leads to improper verification of cryptographic signatures, allowing potential remote manipulation. Although the exploit has a high complexity l...

A vulnerability exists in the Wavlink WL-WN578W2 device, specifically within the POST Request Handler component located at /cgi-bin/login.cgi. This issue arises from improper handling of user input in the homepage/hostname/login_page arguments. An attacker can exploit this flaw to execute cross s...

A command injection vulnerability exists in the Wavlink WL-WN578W2 router affecting the POST Request Handler located in the /cgi-bin/firewall.cgi file. This vulnerability allows unauthorized remote attackers to manipulate the dmz_flag/del_flag arguments, potentially compromising the device's inte...

A path traversal vulnerability has been identified in SSCMS version 4.7.0. This issue occurs in the file LayerImageController.Submit.cs, where improper handling of the 'filePaths' argument allows potential attackers to exploit the layerImage Endpoint from a remote location. If successfully exploi...

A vulnerability has been identified in the Ed25519 Signature Handler of tinyssh, which allows for improper verification of cryptographic signatures. This flaw impacts local execution and could enable an attacker to manipulate signatures, posing security risks. Difficulty in exploitation adds comp...

A SQL injection vulnerability exists in the projectworlds Online Notes Sharing System 1.0, specifically within the processing of the /login.php file in the Parameters Handler component. Attackers can manipulate the 'Benutzer' argument to execute arbitrary SQL commands remotely. This critical issu...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A security flaw exists in the Pygments library, specifically within the AdlLexer function found in pygments/lexers/archetype.py. This vulnerability leads to inefficient regular expression processing, potentially allowing a local attacker to execute denial of service attacks. Although the issue wa...