6.9
CVE-2018-25252 - FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP fiβ¦
8.6
CVE-2018-25251 - Snes9K 0.0.9z Buffer Overflow SEH via Netplay Socket
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu tβ¦
5.1
CVE-2018-25250 - MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visiβ¦
5.1
CVE-2018-25249 - MyBB My Arcade Plugin 1.3 Persistent XSS via Comment
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit tβ¦
5.1
CVE-2018-25248 - MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators valβ¦
5.1
CVE-2018-25247 - MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, wβ¦
8.7
CVE-2018-25245 - Microsoft 7 Tik 1.0.1.0 Denial of Service via Search
Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
6.9
CVE-2018-25244 - Microsoft Eco Search 1.0.2.0 Denial of Service
Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiaβ¦
6.9
CVE-2018-25243 - Microsoft FastTube 1.0.1.0 Denial of Service via Search
Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search opβ¦
6.9
CVE-2018-25242 - Microsoft One Search 1.1.0.0 Denial of Service
Microsoft One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled eβ¦