Victor Mondragón

58 exploits Active since Jan 2026
CVE-2018-25233 EXPLOITDB MEDIUM python WORKING POC
WebDrive 18.00.5057 Denial of Service via Secure WebDAV
WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.
CVSS 6.2
CVE-2018-25232 EXPLOITDB MEDIUM python WORKING POC
Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.
CVSS 5.5
CVE-2018-25231 EXPLOITDB MEDIUM python WORKING POC
HeidiSQL 9.5.0.5196 Denial of Service via Preferences
HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to trigger an application crash.
CVSS 6.2
CVE-2018-25230 EXPLOITDB MEDIUM python WORKING POC
Free IP Switcher 3.1 Denial of Service via Computer Name
Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
CVSS 5.5
CVE-2018-25229 EXPLOITDB MEDIUM python WORKING POC
BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button.
CVSS 5.5
CVE-2018-25228 EXPLOITDB MEDIUM python WORKING POC
NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service
NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
CVSS 6.2
CVE-2018-25227 EXPLOITDB MEDIUM python WORKING POC
Valentina Studio 9.0.4 Denial of Service via Host Parameter
Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts.
CVSS 6.2
CVE-2018-25226 EXPLOITDB MEDIUM python WORKING POC
FTPShell Server 6.83 Denial of Service via Account Name
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.
CVSS 6.2
CVE-2019-25655 EXPLOITDB MEDIUM python WORKING POC
Device Monitoring Studio 8.10.00.8925 Denial of Service
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
CVSS 6.2
CVE-2019-25654 EXPLOITDB HIGH python WORKING POC
Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
CVSS 7.5
CVE-2019-25653 EXPLOITDB MEDIUM python WORKING POC
Navicat for Oracle 12.1.15 Password Field Denial of Service
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.
CVSS 6.2
CVE-2018-25235 EXPLOITDB MEDIUM python WORKING POC
NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
CVSS 6.2
CVE-2018-25234 EXPLOITDB MEDIUM python WORKING POC
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
CVSS 6.2
CVE-2019-25592 EXPLOITDB MEDIUM python WORKING POC
PHPRunner 10.1 Denial of Service via Dashboard Name Field
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
CVSS 6.2
CVE-2019-25591 EXPLOITDB MEDIUM python WORKING POC
DNSS Domain Name Search Software 2.1.8 Denial of Service
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code containing 300 repeated characters into the Name/Key field via the Register menu option.
CVSS 6.2
CVE-2019-25590 EXPLOITDB MEDIUM python WORKING POC
Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
CVSS 6.2
CVE-2019-25607 EXPLOITDB HIGH python WORKING POC
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
CVSS 8.4
CVE-2019-25601 EXPLOITDB MEDIUM python WORKING POC
UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
CVSS 6.2
CVE-2019-25600 EXPLOITDB MEDIUM python WORKING POC
UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.
CVSS 6.5
CVE-2019-25599 EXPLOITDB MEDIUM python WORKING POC
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
CVSS 6.2
CVE-2019-25598 EXPLOITDB MEDIUM python WORKING POC
HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.
CVSS 6.2
CVE-2019-25597 EXPLOITDB MEDIUM python WORKING POC
NSauditor 3.1.2.0 Denial of Service via Community Field
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
CVSS 6.2
CVE-2019-25596 EXPLOITDB MEDIUM python WORKING POC
SpotAuditor 5.2.6 Name Field Denial of Service
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
CVSS 6.2
CVE-2019-25595 EXPLOITDB MEDIUM python WORKING POC
jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.
CVSS 6.2
CVE-2019-25594 EXPLOITDB MEDIUM python WORKING POC
ASPRunner.NET 10.1 Denial of Service via Table Name Field
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash.
CVSS 6.2