chuyreds

20 exploits Active since Feb 2026
CVE-2019-25353 EXPLOITDB HIGH python WORKING POC
Foscam Video Management System 1.1.4.9 - Denial of Service via Username Input Buffer Overflow
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
CVSS 7.5
CVE-2020-37171 EXPLOITDB MEDIUM python WORKING POC
TapinRadio < 2.12.3 - Denial of Service via Username Field Buffer Overflow
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
CVSS 6.2
CVE-2020-37170 EXPLOITDB MEDIUM python WORKING POC
TapinRadio < 2.12.3 - Denial of Service via Proxy Address Configuration Overwrite
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
CVSS 6.2
CVE-2020-37166 EXPLOITDB MEDIUM python WORKING POC
AbsoluteTelnet 11.12 - Denial of Service via SSH2 Username Buffer Overflow
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
CVSS 6.2
CVE-2020-37165 EXPLOITDB MEDIUM python WORKING POC
AbsoluteTelnet < 11.12 - Denial of Service via Oversized License Name
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
CVSS 6.2
CVE-2020-37164 EXPLOITDB MEDIUM python WORKING POC
AbsoluteTelnet < 11.12 - Denial of Service via Oversized License Name
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
CVSS 6.2
CVE-2020-37136 EXPLOITDB HIGH text WORKING POC
ZOC Terminal 7.25.5 - Denial of Service via Private Key File Input Buffer Overflow
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files.
CVSS 7.5
CVE-2020-37134 EXPLOITDB HIGH python WORKING POC
UltraVNC Viewer 1.2.4.0 - Denial of Service via Malformed VNC Server Input
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.
CVSS 7.5
CVE-2020-37133 EXPLOITDB HIGH python WORKING POC
UltraVNC < 1.2.4.0 - Denial of Service via Repeater Host Configuration Field
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
CVSS 7.5
CVE-2020-37132 EXPLOITDB MEDIUM python WORKING POC
UltraVNC < 1.2.4.0 - Denial of Service via Password Field Overflow
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
CVSS 6.2
CVE-2020-37129 EXPLOITDB CRITICAL text WORKING POC
Memu Play 7.1.3 - Privilege Escalation
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.
CVSS 9.8
CVE-2020-37128 EXPLOITDB MEDIUM python WORKING POC
ZOC Terminal 7.25.5 - Denial of Service via Malicious REXX Script Processing
ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.
CVSS 6.2
CVE-2019-25345 EXPLOITDB HIGH text WRITEUP
Realtek IIS Codec Service 6.4.10041.133 - Code Injection
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
CVSS 7.8
CVE-2019-25266 EXPLOITDB HIGH text WRITEUP
Wondershare Application Framework Service 2.4.3.231 - Code Injection
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
CVSS 7.8
EIP-2026-118149 EXPLOITDB text WRITEUP
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
EIP-2026-116151 EXPLOITDB python WORKING POC
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)
EIP-2026-116152 EXPLOITDB python WORKING POC
RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
EIP-2026-115433 EXPLOITDB python WORKING POC
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
EIP-2026-115447 EXPLOITDB python WORKING POC
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
EIP-2026-114832 EXPLOITDB python WORKING POC
AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)