NXQ

18 exploits Active since Jun 2020
CVE-2020-13905 WRITEUP HIGH WRITEUP
IrfanView 4.54 - User-Mode Write Access Violation in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.
CVSS 8.8
CVE-2020-23549 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Denial of Service via Crafted .cr2 File
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".
CVSS 7.8
CVE-2020-23550 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.
CVSS 7.8
CVE-2020-23551 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.
CVSS 7.8
CVE-2020-23552 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.
CVSS 7.8
CVE-2020-23553 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.
CVSS 7.8
CVE-2020-23554 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.
CVSS 7.8
CVE-2020-23555 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.
CVSS 7.8
CVE-2020-23556 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in FORMATS!GetPlugInInfo
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.
CVSS 7.8
CVE-2020-23557 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in PlugIn Save Options
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.
CVSS 7.8
CVE-2020-23558 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in PlugIn Save Options
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.
CVSS 7.8
CVE-2020-23559 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in PlugIn Save Options
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.
CVSS 7.8
CVE-2020-23560 WRITEUP HIGH WRITEUP
IrfanView 4.54 - Out-of-bounds Write in PlugIn Save Options
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.
CVSS 7.8
CVE-2020-23561 WRITEUP MEDIUM WRITEUP
IrfanView 4.54 - User-Mode Write Access Violation in FORMATS!ShowPlugInSaveOptions_W
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.
CVSS 5.5
CVE-2020-23562 WRITEUP MEDIUM WRITEUP
IrfanView 4.54 - User-Mode Write Access Violation in ShowPlugInSaveOptions_W
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.
CVSS 5.5
CVE-2020-23563 WRITEUP MEDIUM WRITEUP
IrfanView 4.54 - User-Mode Write Access Violation in FORMATS!ShowPlugInSaveOptions_W
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.
CVSS 5.5
CVE-2022-40405 WRITEUP HIGH WRITEUP
WoWonder 4.1.2 - SQL Injection via offset Parameter
WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs.
CVSS 7.5
CVE-2022-42984 WRITEUP CRITICAL WRITEUP
WoWonder 4.1.4 - SQL Injection via Search Recipients Offset Parameter
WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.
CVSS 9.8