Export limit exceeded: 336206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25628 | 1 Speedbit | 1 Download Accelerator Plus | 2026-03-25 | 9.8 Critical |
| Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality. | ||||
| CVE-2019-25629 | 1 Aida64 | 1 Aida64 Extreme | 2026-03-25 | 8.4 High |
| AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path. | ||||
| CVE-2019-25630 | 1 Phreesoft | 1 Phreebookserp | 2026-03-25 | 8.8 High |
| PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution. | ||||
| CVE-2019-25631 | 1 Aida64 | 1 Aida64 Business | 2026-03-25 | 8.4 High |
| AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges. | ||||
| CVE-2019-25632 | 2 Dulldusk, Sourceforge | 2 Phpfilemanager, Phpfilemanager | 2026-03-25 | 6.2 Medium |
| phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files like /etc/passwd from the server. | ||||
| CVE-2019-25633 | 1 Aida64 | 1 Aida64 Extreme | 2026-03-25 | 8.4 High |
| AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges. | ||||
| CVE-2019-25634 | 1 4mhz | 1 Base64 Decoder | 2026-03-25 | 8.4 High |
| Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution. | ||||
| CVE-2019-25635 | 1 Zeeways | 1 Zeeways Matrimony Cms | 2026-03-25 | 8.2 High |
| Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques. | ||||
| CVE-2019-25636 | 1 Zeeways | 1 Zeejobsite | 2026-03-25 | 8.2 High |
| Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information. | ||||
| CVE-2019-25637 | 1 Freshsoftware | 1 Netstat Pro | 2026-03-25 | 8.4 High |
| X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality. | ||||
| CVE-2019-25638 | 1 Meeplace | 1 Meeplace Business Review Script | 2026-03-25 | 7.1 High |
| Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25639 | 1 Matri4web | 1 Matrimony Website Script | 2026-03-25 | 8.2 High |
| Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands. | ||||
| CVE-2019-25640 | 1 Inoutscripts | 1 Inout Article Base Cms | 2026-03-25 | 8.2 High |
| Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks. | ||||
| CVE-2019-25641 | 1 Netartmedia | 1 Vlog System | 2026-03-25 | 8.2 High |
| Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information. | ||||
| CVE-2019-25642 | 1 Getbootstrap | 1 Bootstrap | 2026-03-25 | 8.2 High |
| Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25643 | 1 Endonesia | 1 Endonesia | 2026-03-25 | 8.2 High |
| eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables. | ||||
| CVE-2019-25644 | 1 Winmpg | 1 Winmpg Video Convert Local Dos Exploit | 2026-03-25 | 6.2 Medium |
| WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition. | ||||
| CVE-2019-25645 | 1 Winavi | 1 Winavi Ipod/3gp/mp4/psp Converter | 2026-03-25 | 6.2 Medium |
| WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash. | ||||
| CVE-2019-25646 | 1 Tabslab | 1 Mailcarrier | 2026-03-25 | 9.8 Critical |
| Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload. | ||||
| CVE-2019-25647 | 1 Phreesoft | 1 Phreebookserp | 2026-03-25 | 8.8 High |
| PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands. | ||||