Publicly Disclosed
PoC Exploits

ZoneMinder, a popular open-source closed-circuit television software, has a vulnerability that exposes versions v1.37.* up to and including v1.37.64 to a boolean-based SQL injection attack through the web/ajax/event.php endpoint. This flaw can allow an attacker to manipulate SQL queries, potentia...

Protobuf.js, a library that compiles protocol buffer definitions into JavaScript functions, is susceptible to a vulnerability that enables attackers to inject arbitrary code via the 'type' fields in protobuf definitions. This injected code can be executed during the decoding of the corresponding ...

A significant vulnerability has been detected in the Toowiredd chatgpt-mcp-server, specifically within the MCP/HTTP component and its docker.service.ts file. This issue permits an OS command injection, allowing attackers to execute arbitrary commands on the server. The exploit is publicly accessi...

A vulnerability exists in the liyupi yu-picture application that allows for SQL injection attacks via the PageRequest function within the PictureServiceImpl.java file. This issue arises from improper handling of the sortField argument, permitting attackers to manipulate SQL queries remotely. The ...

A path traversal vulnerability exists in 666ghj MiroFish versions up to 0.1.2, specifically in the get_simulation_posts function located in backend/app/api/simulation.py. This flaw allows an attacker to manipulate the Platform argument, leading to unauthorized access to restricted directories and...

A security vulnerability has been identified in the command handling function of 666ghj MiroFish's Inter-Process Communication module. The flaw resides in the SimulationIPCClient.send_command method within the simulation_ipc.py file. This vulnerability allows attackers to execute arbitrary comman...

A vulnerability has been identified in the Tenda F456 router firmware version 1.0.0.5, which resides within a specific function of the httpd component. By manipulating the parameters 'funcname' and 'funcpara1', an attacker can trigger a buffer overflow remotely. This vulnerability poses a signifi...

A vulnerable function, fromSafeUrlFilter, within the Tenda F456's httpd component exposes the product to buffer overflow attacks. By manipulating the 'page' argument of the /goform/SafeUrlFilter endpoint, attackers can exploit this vulnerability remotely, leading to potential unauthorized access ...

A security vulnerability has been identified in the Tenda F456 router, specifically in the handling of the 'fromVirtualSer' function within the httpd service. This vulnerability arises due to improper manipulation of the 'menufacturer/Go' argument, which can lead to a buffer overflow condition. E...

A vulnerability has been discovered in the Tenda F456 1.0.0.5 model, specifically in the PPTPDClient component's fromPptpUserAdd function, located in the /goform/PPTPDClient file. This weakness allows for a buffer overflow due to improper handling of the opttype and username arguments. An attacke...

A critical security flaw exists in the Tenda F456 router, specifically in the function frmL7ProtForm of the httpd component located at /goform/L7Prot. This vulnerability allows remote attackers to exploit a buffer overflow by manipulating the 'page' argument. Such exploitation can lead to unautho...

A vulnerability exists in versions of GreenCMS up to 2.3 that allows attackers to exploit the 'themeadd' function via the /index.php?m=admin&c=custom&a=themeadd endpoint. This flaw permits unrestricted file uploads, enabling remote attackers to upload malicious files without proper authorization....

Wansview Camera Software version 1.0.2 contains a buffer overflow flaw that could be exploited by local attackers. By providing excessively large input strings, such as 2000-byte payloads in the Camera name and DID number fields during the camera setup process, an attacker can trigger application...

The P10 Central Management Software version 1.4.13 is vulnerable to a buffer overflow in the login password field. This flaw allows local attackers to execute a Denial of Service (DoS) attack by submitting an excessively large input string, specifically a 2000-byte payload. When the payload is in...

The ObserverIP Scan Tool version 1.4.0.1 is prone to a denial of service vulnerability that allows local attackers to crash the application. By inputting an excessively long string into the IP input field—specifically a 2000-byte buffer of repeated characters—attackers can trigger a search operat...

A buffer overflow vulnerability exists in CEWE Photoshow version 6.3.4, specifically within the login dialog. This flaw allows an attacker to submit oversized input by injecting 4000 bytes of data into the email address and password fields. The result is a denial of service condition, potentially...

Prime95 version 29.4b7 has a critical buffer overflow vulnerability in the PrimeNet connection dialog. This flaw allows local attackers to crash the application by supplying an excessively long string (up to 6000 bytes) in the optional proxy password field. Upon entering such a payload, the appli...

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting an excessively long string into the Name field. By supplying a crafted payload exceeding 4000 bytes, an attacker can trigger an application crash, leading to a denial of...

Easyboot 6.6.0 is susceptible to a buffer overflow vulnerability within its Replace Text function. This issue enables local attackers to induce a denial-of-service condition by submitting an oversized string, specifically a 7000-byte payload, into the text fields after navigating to File > Tools ...

Project64 version 2.3.2 is susceptible to a buffer overflow vulnerability located in the Plugin Directory settings field. Local attackers can exploit this weakness by entering a string as long as 6000 bytes into the Plugin Directory field via the Options > Settings > Directories interface. This c...

Softdisk 3.0.3 has a vulnerability in the registration code dialog that allows local attackers to exploit a buffer overflow by entering an oversized string. By inputting a 6000-byte payload in the Registration Name field via the Help menu's Enter Registration Code dialog, attackers can trigger a ...

StyleWriter 1.0 has a vulnerability that allows local attackers to exploit a buffer overflow by supplying an excessively long string. This vulnerability can trigger a denial of service condition, causing the application to crash. Attackers can achieve this by inserting a payload of up to 6000 byt...

The Easy PhotoResQ version 1.0 is vulnerable to a buffer overflow that can be exploited by local attackers. By entering a significantly long string—specifically a 6000-byte payload—in the Folder/filename field through the File Options dialog, attackers can trigger a denial of service condition, c...

Drive Power Manager 1.10 has a vulnerability in its handling of input which can be exploited via a buffer overflow. Attackers can input an excessively long string into the Name field—up to 6000 bytes—which could lead to a denial of service by crashing the application when the Register action is t...

Fathom 2.4 is susceptible to a buffer overflow vulnerability in the Authorization Code field, which can be exploited by local attackers. By submitting an oversized input string of up to 6000 bytes, attackers can initiate a denial of service condition that crashes the application. This vulnerabili...

HD Tune Pro 5.70 has a buffer overflow vulnerability that can be exploited by local attackers. By entering an excessively long string (up to 6000 bytes) in the folder/file name input field within the File > Options > Save dialog, an attacker can cause the application to crash, resulting in a deni...

iSmartViewPro version 1.5 is susceptible to a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field. This flaw allows local attackers to input crafted payloads exceeding 260 bytes via the System Setup interface. Exploiting this vul...

Nmap 7.70 presents a vulnerability that enables local attackers to exploit the application by processing crafted XML files. This involves the use of nested entity definitions that, when opened through ZenMap's scan import feature, lead to excessive resource consumption and ultimately crash the pr...

iCash version 7.6.5 is vulnerable to a buffer overflow that can be exploited by local attackers to crash the application. By entering an oversized payload—specifically a 7000-byte string—into the Host field during the Connect to Server action, attackers are able to trigger an application crash. T...

The Infiltrator Network Security Scanner 4.6 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By inputting an oversized string—up to 6000 bytes—into the Scan Target field, attackers can induce a denial of service condition, leading the application to cra...

PicaJet FX version 2.6.5 contains a vulnerability that allows local attackers to initiate a denial of service by exploiting the registration fields. When attackers submit oversized input—specifically, a buffer length of 6000 bytes—into the Registration Name and Registration Key fields found in th...

jiNa OCR Image to Text version 1.0 contains a vulnerability that can lead to denial of service. Local attackers can exploit this weakness by processing specially crafted malformed PNG files containing oversized buffers, effectively crashing the application during the file conversion process to PD...

PixGPS version 1.1.8 is vulnerable to a buffer overflow issue that enables local attackers to disrupt the application. By inputting an oversized string—specifically one that exceeds 6000 bytes—into the 'Folder with picture files' input field, an attacker can crash the application, resulting in a ...

Faleemi Plus version 1.0.2 contains a buffer overflow vulnerability that can be exploited by local attackers. By providing oversized input strings, specifically a payload exceeding 2000 bytes in the Camera name and DID number fields, attackers can trigger an application crash during the camera ad...

RoboImport version 1.2.0.72 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By submitting excessively large input—specifically a 6000-byte buffer in the Registration Name and Registration Key fields—attackers can trigger an application cra...

InfraRecorder 0.53 has a vulnerability that allows local attackers to cause the application to crash through the importation of a specially crafted text file. By utilizing a text file with 6000 bytes of data, an attacker can trigger the application's import function, leading to a denial of servic...

TransMac 12.2 is susceptible to a buffer overflow vulnerability in its license key input field. This flaw enables local attackers to exploit the application by entering an oversized string, which can lead to a denial of service condition. By generating a malicious payload of 4000 bytes and submit...

CrossFont 7.5 is vulnerable to a buffer overflow issue due to inadequate input validation in the License Key field. Local attackers can exploit this vulnerability by crafting a malicious file containing an oversized payload of 4000 bytes, which when submitted, results in an application crash. Thi...

Faleemi Desktop Software version 1.8.2 is susceptible to a local buffer overflow vulnerability in the Device alias field. This flaw enables local attackers to exploit a structured exception handler (SEH) overwrite. By crafting a malicious payload and pasting it into the Device alias field within ...

A significant vulnerability has been identified in GreenCMS versions up to 2.3, affecting the pluginAddLocal function in the index.php file. This flaw allows for unrestricted file uploads, enabling attackers to execute remote exploits. As this vulnerability affects unsupported products, it is ess...

A security flaw has been identified in 666ghj MiroFish versions up to 0.1.2, specifically in the create_app function within the backend/app/__init__.py file of its REST API Endpoint. This vulnerability allows unauthorized users to manipulate the API, potentially granting access to critical functi...

A vulnerability exists in the MiroFish component of 666ghj products, specifically in an unknown function within the Werkzeug Debugger PIN Handler, located in the /console file. By manipulating the argument 'SECRET', attackers can disclose sensitive information remotely. The complexity of this att...

A security flaw has been identified in the Tufantunc SSH-MCP application, specifically in the 'shell.write' function located in src/index.ts. This vulnerability allows for command injection through manipulated arguments, enabling attackers to execute unauthorized commands locally. Despite early n...

A vulnerability in the Tufantunc SSH-MCP up to version 1.5.0 has been detected, specifically within an unidentified function of the Command Line Handler component. This weakness results in insufficient protection of credentials, which may permit unauthorized access during local execution. The exp...

A vulnerability has been identified that affects certain versions of Django's RasterField, primarily utilized in PostGIS. This issue allows remote attackers to execute SQL injection attacks via manipulation of the band index parameter. Specifically, problematic versions include Django 6.0 before ...

A security flaw in the Totolink A8000RU router, specifically in the CGI Handler component, allows for remote command injection. This vulnerability is present in the function setVpnPassCfg of the cgi-bin/cstecgi.cgi file and is triggered by manipulating the pptpPassThru argument. An attacker can e...

A vulnerability has been identified in the Tenda i9, specifically within the R7WebsSecurityHandler function of its HTTP Handler component. This flaw allows an attacker to exploit path traversal techniques, enabling unauthorized access to files and directories outside the intended scope. The vulne...

A stack-based buffer overflow vulnerability exists in the Tenda FH1202 router, specifically in the fromWrlclientSet function within the httpd component. This flaw is triggered by manipulating the 'Go' argument in the /goform/WrlclientSet file, allowing remote attackers to execute arbitrary code. ...

A stack-based buffer overflow vulnerability exists in the HTTPD component of the Tenda FH1202 router. Specifically located in the 'WrlExtraSet' function of the '/goform/WrlExtraSet' file, this security flaw can be exploited by manipulating the 'Go' argument. Attackers could potentially execute th...

A vulnerability has been identified in the Tenda F456 router, specifically in the fromSafeClientFilter function within the /goform/SafeClientFilter file. An attacker can manipulate the argument `menufacturer/Go`, leading to a buffer overflow condition. This vulnerability can be exploited remotely...