8.8
CVE-2019-25486 - Varient 1.6.1 SQL Injection via user_id Parameter
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensβ¦
6.9
CVE-2019-25485 - R 3.4.4 Windows x64 Buffer Overflow SEH DEP ASLR Bypass
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chainβ¦
6.9
CVE-2019-25484 - WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condβ¦
8.6
CVE-2019-25483 - Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k Restricted Shell Escape
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allβ¦
8.7
CVE-2019-25480 - ARMBot Unrestricted File Upload via upload.php
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code tβ¦
8.7
CVE-2019-25478 - GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it β¦
6.9
CVE-2019-25477 - RAR Password Recovery 1.80 Denial of Service Buffer Overflow
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Cβ¦
6.9
CVE-2019-25476 - Outlook Password Recovery 2.10 Denial of Service Buffer Overflow
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to triβ¦
6.9
CVE-2019-25475 - SQL Server Password Changer 1.90 Denial of Service Buffer Overflow
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
6.9
CVE-2019-25474 - Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application sβ¦