Gionathan "John" Reale

46 exploits Active since Feb 2019
CVE-2018-25297 EXPLOITDB MEDIUM python WORKING POC
Wansview 1.0.2 Denial of Service via Buffer Overflow
Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes.
CVSS 6.2
CVE-2018-25296 EXPLOITDB MEDIUM python WORKING POC
P10 Central Management Software 1.4.13 Denial of Service
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
CVSS 5.5
CVE-2018-25295 EXPLOITDB MEDIUM python WORKING POC
ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.
CVSS 6.2
CVE-2018-25294 EXPLOITDB HIGH python WORKING POC
CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
CVSS 7.5
CVE-2018-25293 EXPLOITDB MEDIUM python WORKING POC
Prime95 29.4b7 Denial of Service via Proxy Password Field
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.
CVSS 6.2
CVE-2018-25292 EXPLOITDB MEDIUM python WORKING POC
Bome Restorator 1793 Denial of Service via Buffer Overflow
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
CVSS 6.2
CVE-2018-25291 EXPLOITDB MEDIUM text WORKING POC
Project64 2.3.2 Denial of Service via Plugin Directory
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
CVSS 6.2
CVE-2018-25290 EXPLOITDB MEDIUM python WORKING POC
Easyboot 6.6.0 Buffer Overflow Denial of Service
Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by accessing File > Tools > Replace Text and pasting a 7000-byte payload into the text fields to cause a denial of service.
CVSS 6.2
CVE-2018-25289 EXPLOITDB MEDIUM python WORKING POC
Softdisk 3.0.3 Buffer Overflow Denial of Service
Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help menu's Enter Registration Code dialog to cause a denial of service.
CVSS 6.2
CVE-2018-25288 EXPLOITDB MEDIUM python WORKING POC
StyleWriter 1.0 Denial of Service via Pattern Input
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition.
CVSS 6.2
CVE-2018-25287 EXPLOITDB MEDIUM python WORKING POC
Drive Power Manager 1.10 Denial of Service via Name Field
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition.
CVSS 5.5
CVE-2018-25286 EXPLOITDB MEDIUM python WORKING POC
Easy PhotoResQ 1.0 Buffer Overflow Denial of Service
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition.
CVSS 6.2
CVE-2018-25285 EXPLOITDB MEDIUM python WORKING POC
Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition.
CVSS 5.5
CVE-2018-25284 EXPLOITDB MEDIUM python WORKING POC
HD Tune Pro 5.70 Denial of Service via Options Dialog
HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trigger a denial of service by entering a 6000-byte payload through the File > Options > Save dialog's folder/file name input field.
CVSS 6.2
CVE-2018-25283 EXPLOITDB HIGH python WORKING POC
iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter
iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.
CVSS 8.4
CVE-2018-25282 EXPLOITDB MEDIUM text WORKING POC
Nmap 7.70 Denial of Service via XML Entity Expansion
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
CVSS 6.2
CVE-2018-25281 EXPLOITDB MEDIUM python WORKING POC
iCash 7.6.5 Denial of Service via Connect to Server
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash.
CVSS 5.5
CVE-2018-25280 EXPLOITDB MEDIUM python WORKING POC
Infiltrator Network Security Scanner 4.6 Denial of Service
Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked.
CVSS 5.5
CVE-2018-25279 EXPLOITDB MEDIUM python WORKING POC
jiNa OCR Image to Text 1.0 Denial of Service via PNG
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.
CVSS 6.2
CVE-2018-25278 EXPLOITDB MEDIUM python WORKING POC
PicaJet FX 2.6.5 Denial of Service via Registration Fields
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash.
CVSS 6.2
CVE-2018-25277 EXPLOITDB MEDIUM python WORKING POC
PixGPS 1.1.8 Buffer Overflow Denial of Service
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
CVSS 6.2
CVE-2018-25276 EXPLOITDB MEDIUM python WORKING POC
RoboImport 1.2.0.72 Denial of Service via Registration Fields
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.
CVSS 5.5
CVE-2018-25275 EXPLOITDB MEDIUM python WORKING POC
Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.
CVSS 6.2
CVE-2018-25274 EXPLOITDB MEDIUM python WORKING POC
InfraRecorder 0.53 Denial of Service via txt File Import
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.
CVSS 6.2
CVE-2018-25273 EXPLOITDB MEDIUM python WORKING POC
CrossFont 7.5 Denial of Service via License Key Field
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.
CVSS 6.2