Publicly Disclosed
PoC Exploits

A vulnerability exists in versions of GreenCMS up to 2.3 that allows attackers to exploit the 'themeadd' function via the /index.php?m=admin&c=custom&a=themeadd endpoint. This flaw permits unrestricted file uploads, enabling remote attackers to upload malicious files without proper authorization....

Wansview Camera Software version 1.0.2 contains a buffer overflow flaw that could be exploited by local attackers. By providing excessively large input strings, such as 2000-byte payloads in the Camera name and DID number fields during the camera setup process, an attacker can trigger application...

The P10 Central Management Software version 1.4.13 is vulnerable to a buffer overflow in the login password field. This flaw allows local attackers to execute a Denial of Service (DoS) attack by submitting an excessively large input string, specifically a 2000-byte payload. When the payload is in...

The ObserverIP Scan Tool version 1.4.0.1 is prone to a denial of service vulnerability that allows local attackers to crash the application. By inputting an excessively long string into the IP input field—specifically a 2000-byte buffer of repeated characters—attackers can trigger a search operat...

A buffer overflow vulnerability exists in CEWE Photoshow version 6.3.4, specifically within the login dialog. This flaw allows an attacker to submit oversized input by injecting 4000 bytes of data into the email address and password fields. The result is a denial of service condition, potentially...

Prime95 version 29.4b7 has a critical buffer overflow vulnerability in the PrimeNet connection dialog. This flaw allows local attackers to crash the application by supplying an excessively long string (up to 6000 bytes) in the optional proxy password field. Upon entering such a payload, the appli...

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting an excessively long string into the Name field. By supplying a crafted payload exceeding 4000 bytes, an attacker can trigger an application crash, leading to a denial of...

Project64 version 2.3.2 is susceptible to a buffer overflow vulnerability located in the Plugin Directory settings field. Local attackers can exploit this weakness by entering a string as long as 6000 bytes into the Plugin Directory field via the Options > Settings > Directories interface. This c...

Easyboot 6.6.0 is susceptible to a buffer overflow vulnerability within its Replace Text function. This issue enables local attackers to induce a denial-of-service condition by submitting an oversized string, specifically a 7000-byte payload, into the text fields after navigating to File > Tools ...

Softdisk 3.0.3 has a vulnerability in the registration code dialog that allows local attackers to exploit a buffer overflow by entering an oversized string. By inputting a 6000-byte payload in the Registration Name field via the Help menu's Enter Registration Code dialog, attackers can trigger a ...

StyleWriter 1.0 has a vulnerability that allows local attackers to exploit a buffer overflow by supplying an excessively long string. This vulnerability can trigger a denial of service condition, causing the application to crash. Attackers can achieve this by inserting a payload of up to 6000 byt...

Drive Power Manager 1.10 has a vulnerability in its handling of input which can be exploited via a buffer overflow. Attackers can input an excessively long string into the Name field—up to 6000 bytes—which could lead to a denial of service by crashing the application when the Register action is t...

The Easy PhotoResQ version 1.0 is vulnerable to a buffer overflow that can be exploited by local attackers. By entering a significantly long string—specifically a 6000-byte payload—in the Folder/filename field through the File Options dialog, attackers can trigger a denial of service condition, c...

Fathom 2.4 is susceptible to a buffer overflow vulnerability in the Authorization Code field, which can be exploited by local attackers. By submitting an oversized input string of up to 6000 bytes, attackers can initiate a denial of service condition that crashes the application. This vulnerabili...

HD Tune Pro 5.70 has a buffer overflow vulnerability that can be exploited by local attackers. By entering an excessively long string (up to 6000 bytes) in the folder/file name input field within the File > Options > Save dialog, an attacker can cause the application to crash, resulting in a deni...

Nmap 7.70 presents a vulnerability that enables local attackers to exploit the application by processing crafted XML files. This involves the use of nested entity definitions that, when opened through ZenMap's scan import feature, lead to excessive resource consumption and ultimately crash the pr...

iSmartViewPro version 1.5 is susceptible to a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field. This flaw allows local attackers to input crafted payloads exceeding 260 bytes via the System Setup interface. Exploiting this vul...

iCash version 7.6.5 is vulnerable to a buffer overflow that can be exploited by local attackers to crash the application. By entering an oversized payload—specifically a 7000-byte string—into the Host field during the Connect to Server action, attackers are able to trigger an application crash. T...

The Infiltrator Network Security Scanner 4.6 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By inputting an oversized string—up to 6000 bytes—into the Scan Target field, attackers can induce a denial of service condition, leading the application to cra...

PicaJet FX version 2.6.5 contains a vulnerability that allows local attackers to initiate a denial of service by exploiting the registration fields. When attackers submit oversized input—specifically, a buffer length of 6000 bytes—into the Registration Name and Registration Key fields found in th...

jiNa OCR Image to Text version 1.0 contains a vulnerability that can lead to denial of service. Local attackers can exploit this weakness by processing specially crafted malformed PNG files containing oversized buffers, effectively crashing the application during the file conversion process to PD...

PixGPS version 1.1.8 is vulnerable to a buffer overflow issue that enables local attackers to disrupt the application. By inputting an oversized string—specifically one that exceeds 6000 bytes—into the 'Folder with picture files' input field, an attacker can crash the application, resulting in a ...

RoboImport version 1.2.0.72 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By submitting excessively large input—specifically a 6000-byte buffer in the Registration Name and Registration Key fields—attackers can trigger an application cra...

Faleemi Plus version 1.0.2 contains a buffer overflow vulnerability that can be exploited by local attackers. By providing oversized input strings, specifically a payload exceeding 2000 bytes in the Camera name and DID number fields, attackers can trigger an application crash during the camera ad...

InfraRecorder 0.53 has a vulnerability that allows local attackers to cause the application to crash through the importation of a specially crafted text file. By utilizing a text file with 6000 bytes of data, an attacker can trigger the application's import function, leading to a denial of servic...

TransMac 12.2 is susceptible to a buffer overflow vulnerability in its license key input field. This flaw enables local attackers to exploit the application by entering an oversized string, which can lead to a denial of service condition. By generating a malicious payload of 4000 bytes and submit...

CrossFont 7.5 is vulnerable to a buffer overflow issue due to inadequate input validation in the License Key field. Local attackers can exploit this vulnerability by crafting a malicious file containing an oversized payload of 4000 bytes, which when submitted, results in an application crash. Thi...

Faleemi Desktop Software version 1.8.2 is susceptible to a local buffer overflow vulnerability in the Device alias field. This flaw enables local attackers to exploit a structured exception handler (SEH) overwrite. By crafting a malicious payload and pasting it into the Device alias field within ...

A significant vulnerability has been identified in GreenCMS versions up to 2.3, affecting the pluginAddLocal function in the index.php file. This flaw allows for unrestricted file uploads, enabling attackers to execute remote exploits. As this vulnerability affects unsupported products, it is ess...

A security flaw has been identified in 666ghj MiroFish versions up to 0.1.2, specifically in the create_app function within the backend/app/__init__.py file of its REST API Endpoint. This vulnerability allows unauthorized users to manipulate the API, potentially granting access to critical functi...

A vulnerability exists in the MiroFish component of 666ghj products, specifically in an unknown function within the Werkzeug Debugger PIN Handler, located in the /console file. By manipulating the argument 'SECRET', attackers can disclose sensitive information remotely. The complexity of this att...

A security flaw has been identified in the Tufantunc SSH-MCP application, specifically in the 'shell.write' function located in src/index.ts. This vulnerability allows for command injection through manipulated arguments, enabling attackers to execute unauthorized commands locally. Despite early n...

A vulnerability in the Tufantunc SSH-MCP up to version 1.5.0 has been detected, specifically within an unidentified function of the Command Line Handler component. This weakness results in insufficient protection of credentials, which may permit unauthorized access during local execution. The exp...

A vulnerability has been identified that affects certain versions of Django's RasterField, primarily utilized in PostGIS. This issue allows remote attackers to execute SQL injection attacks via manipulation of the band index parameter. Specifically, problematic versions include Django 6.0 before ...

A security flaw in the Totolink A8000RU router, specifically in the CGI Handler component, allows for remote command injection. This vulnerability is present in the function setVpnPassCfg of the cgi-bin/cstecgi.cgi file and is triggered by manipulating the pptpPassThru argument. An attacker can e...

A vulnerability has been identified in the Tenda i9, specifically within the R7WebsSecurityHandler function of its HTTP Handler component. This flaw allows an attacker to exploit path traversal techniques, enabling unauthorized access to files and directories outside the intended scope. The vulne...

A stack-based buffer overflow vulnerability exists in the Tenda FH1202 router, specifically in the fromWrlclientSet function within the httpd component. This flaw is triggered by manipulating the 'Go' argument in the /goform/WrlclientSet file, allowing remote attackers to execute arbitrary code. ...

A stack-based buffer overflow vulnerability exists in the HTTPD component of the Tenda FH1202 router. Specifically located in the 'WrlExtraSet' function of the '/goform/WrlExtraSet' file, this security flaw can be exploited by manipulating the 'Go' argument. Attackers could potentially execute th...

A vulnerability has been identified in the Tenda F456 router, specifically in the fromSafeClientFilter function within the /goform/SafeClientFilter file. An attacker can manipulate the argument `menufacturer/Go`, leading to a buffer overflow condition. This vulnerability can be exploited remotely...

A buffer overflow vulnerability exists in Tenda F456 version 1.0.0.5, specifically within the SafeEmailFilter function. This issue arises from improper handling of input in the /goform/SafeEmailFilter endpoint, allowing an attacker to manipulate arguments and execute a remote exploit. The potenti...

A buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in the SafeMacFilter functionality of the /goform/SafeMacFilter file. This security flaw arises from improper handling of input parameters, enabling an attacker to exploit this weakness from a remote locati...

A security vulnerability has been identified in the Tenda F456 router version 1.0.0.5 that primarily affects the 'fromRouteStatic' function located in the '/goform/RouteStatic' file. This vulnerability allows an attacker to manipulate the 'page' argument, which leads to a buffer overflow. The exp...

A buffer overflow vulnerability has been discovered in the Tenda F456 router version 1.0.0.5. This flaw resides in the fromaddressNat function located in the /goform/addressNat file. An attacker can exploit this vulnerability remotely by manipulating the argument 'menufacturer/Go', potentially le...

A security flaw has been uncovered in the CodeAstro Online Job Portal version 1.0, specifically targeting the delete-jobs.php file within the All Jobs Page component. This vulnerability arises from an unnamed function that fails to properly validate input parameters. By manipulating the ID argume...

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

A vulnerability exists in the Ping Back Service Endpoint of Typecho, specifically in its sendPingHandle function found in var/Widget/Service.php. This flaw allows remote attackers to manipulate the X-Pingback/link argument, leading to server-side request forgery (SSRF) attacks. The attacker can e...

A path traversal vulnerability exists in Rawchen Sims affecting the deleteFileServlet endpoint. This flaw enables an attacker to manipulate the filename argument, potentially leading to unauthorized file deletion. The issue can be exploited remotely, allowing attackers to gain unauthorized access...

A significant SQL injection vulnerability has been identified in the ByteDance Coze-Studio, specifically within the ExecuteSQL function located in the backend/domain/memory/database/service/database_impl.go file of the databaseTool component. This flaw allows attackers to manipulate SQL queries, ...

Squidex, an open-source headless content management system, suffers from a vulnerability in its Restore API prior to version 7.23.0. The flaw arises from insufficient validation of the URI scheme within the user-supplied 'Url' parameter. This oversight permits an authenticated administrator to ex...

A security vulnerability has been identified in SmythOS sre versions up to 0.0.15 within the AgentRuntime function of the HTTP Header Handler. This vulnerability arises from manipulation of the X-DEBUG-RUN/X-DEBUG-INJ arguments, leading to improper authentication mechanisms. As a result, attacker...