Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-20003

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-21 Aug, 2025 | 20:15
Updated At-15 May, 2026 | 11:13
Rejected At-
Credits

Xenorate <= 2.50 .xpl File Stack-Based Buffer Overflow

Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:21 Aug, 2025 | 20:15
Updated At:15 May, 2026 | 11:13
Rejected At:
▼CVE Numbering Authority (CNA)
Xenorate <= 2.50 .xpl File Stack-Based Buffer Overflow

Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.

Affected Products
Vendor
Xenorate
Product
Xenorate
Modules
  • .xpl file parser
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 0 through 2.50 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

Configurations

Workarounds

Exploits

Credits

finder
germaya_x
finder
loneferret
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb
exploit
https://www.exploit-db.com/exploits/10371
exploit
https://www.exploit-db.com/exploits/10373
exploit
https://www.fortiguard.com/encyclopedia/ips/18035
third-party-advisory
http://www.xenorate.com/
product
https://web.archive.org/web/20100507021109/http://www.xenorate.com/
vendor-advisory
patch
https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflow
third-party-advisory
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/10371
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/10373
Resource:
exploit
Hyperlink: https://www.fortiguard.com/encyclopedia/ips/18035
Resource:
third-party-advisory
Hyperlink: http://www.xenorate.com/
Resource:
product
Hyperlink: https://web.archive.org/web/20100507021109/http://www.xenorate.com/
Resource:
vendor-advisory
patch
Hyperlink: https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflow
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:21 Aug, 2025 | 21:15
Updated At:22 Aug, 2025 | 18:08

Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-121Secondarydisclosure@vulncheck.com
CWE ID: CWE-121
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.xenorate.com/disclosure@vulncheck.com
N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rbdisclosure@vulncheck.com
N/A
https://web.archive.org/web/20100507021109/http://www.xenorate.com/disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/10371disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/10373disclosure@vulncheck.com
N/A
https://www.fortiguard.com/encyclopedia/ips/18035disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflowdisclosure@vulncheck.com
N/A
Hyperlink: http://www.xenorate.com/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://web.archive.org/web/20100507021109/http://www.xenorate.com/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/10371
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/10373
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.fortiguard.com/encyclopedia/ips/18035
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/xenorate-xpl-file-stack-based-buffer-overflow
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

68Records found

CVE-2020-37142
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.34% / 26.00%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigger remote code execution.

Action-Not Available
Vendor-10-Strike Software
Product-Network Inventory Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37095
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 23:14
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.

Action-Not Available
Vendor-Cyberoam
Product-Cyberoam Authentication Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37161
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.87% / 54.37%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 23:14
Updated-24 Feb, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.

Action-Not Available
Vendor-wedding-slideshow-studioWedding Slideshow Studio
Product-wedding_slideshow_studioWedding Slideshow Studio
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37176
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:36
Updated-13 Feb, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Torrent 3GP Converter 1.51 - Stack Overflow (SEH)

Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.

Action-Not Available
Vendor-Torrentrockyou
Product-Torrent 3GP Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37183
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-12 Feb, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.

Action-Not Available
Vendor-Allok Soft
Product-Allok RM RMVB to AVI MPEG DVD Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37184
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-12 Feb, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)

Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.

Action-Not Available
Vendor-Allok Soft
Product-Allok Video Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37138
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.63% / 45.77%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)

10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain.

Action-Not Available
Vendor-10-Strike Software
Product-Network Inventory Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37013
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.18% / 8.31%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-12 May, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.

Action-Not Available
Vendor-Tucows Inc.
Product-Audio Playback Recorder
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37159
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.61% / 45.12%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 23:14
Updated-17 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cuckoo Clock 5.0 - Buffer Overflow

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.

Action-Not Available
Vendor-Parallaxis
Product-Cuckoo Clock
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25318
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.29% / 20.82%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVS Audio Converter 9.1.2.600 - Stack Overflow

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.

Action-Not Available
Vendor-Avs4You
Product-AVS Audio Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25331
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.15% / 4.26%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-05 Mar, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.

Action-Not Available
Vendor-AVS4YOU
Product-AVS Audio Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25332
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.25% / 16.18%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-13 Feb, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FTP Commander Pro 8.03 - Local Stack Overflow

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.

Action-Not Available
Vendor-Internet-Soft
Product-FTP Commander Pro
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25357
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.19% / 8.94%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 21:55
Updated-05 Mar, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.

Action-Not Available
Vendor-WEBGATE Inc.
Product-Control Center PRO
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25363
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.37% / 29.33%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 21:55
Updated-26 Feb, 2026 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.

Action-Not Available
Vendor-alloksoftAlloksoft
Product-wmv_to_avi_mpeg_dvd_wmv_convertorWMV to AVI MPEG DVD WMV Convertor
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25365
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.45% / 36.22%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 21:55
Updated-19 Feb, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ChaosPro 2.0 - Buffer Overflow

ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.

Action-Not Available
Vendor-Chaospro
Product-ChaosPro
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25336
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.21% / 11.43%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-05 Mar, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.

Action-Not Available
Vendor-nsasoftNsasoft
Product-spotauditorNsauditor SpotAuditor
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25319
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.45% / 36.22%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-13 Feb, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Domain Quester Pro 6.02 - Stack Overflow (SEH)

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.

Action-Not Available
Vendor-Internet-Soft
Product-Domain Quester Pro
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25321
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.67% / 47.40%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FTP Navigator 8.03 - Stack Overflow (SEH)

FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.

Action-Not Available
Vendor-internet-softSoftpedia
Product-ftp_navigatorFTP Navigator
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • Next
Details not found