8.6
CVE-2019-25637 - X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload whβ¦
8.8
CVE-2019-25636 - Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'idβ¦
8.8
CVE-2019-25635 - Zeeways Matrimony CMS Lastest SQL Injection via profile_list
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information uβ¦
8.6
CVE-2019-25634 - Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-Rβ¦
8.6
CVE-2019-25633 - AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name β¦
6.9
CVE-2019-25632 - phpFileManager 1.7.8 Local File Inclusion via index.php
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files β¦
8.6
CVE-2019-25631 - AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences oβ¦
8.7
CVE-2019-25630 - PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manβ¦
8.6
CVE-2019-25629 - AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferβ¦
9.3
CVE-2019-25628 - Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and eβ¦