Control Center PRO 6
Description
Control Center PRO 6
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
Control Center PRO 6
Control Center PRO 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
gSOAP 2
gSOAP 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
iSmartViewPro 1
iSmartViewPro 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Foscam Video Management System 1
Foscam Video Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Crystal Live HTTP Server 6
Crystal Live HTTP Server 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Centova Cast 3
Centova Cast 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
XMedia Recode 3
XMedia Recode 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ScadaApp for iOS 1
ScadaApp for iOS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
thesystem App 1
thesystem App 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TheSystem 1
TheSystem 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Realtek IIS Codec Service 6
Realtek IIS Codec Service 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Wondershare MobileGo 8
Wondershare MobileGo 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NextVPN 4
NextVPN 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Centova Cast 3
Centova Cast 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
iNetTools for iOS 8
iNetTools for iOS 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SpotAuditor 5
SpotAuditor 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GHIA CamIP 1
GHIA CamIP 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user ac...
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endp...
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
Update Arch parameter to to the latest version. Monitor for exploitation attempts and review access logs.
SpotAuditor 5
SpotAuditor 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PRO-7070 Hazır Profesyonel Web Sitesi version 1
PRO-7070 Hazır Profesyonel Web Sitesi version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Bullwark Momentum Series JAWS 1
Bullwark Momentum Series JAWS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTP Commander Pro 8
FTP Commander Pro 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AVS Audio Converter 9
AVS Audio Converter 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SurfOffline Professional 2
SurfOffline Professional 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTP Navigator 8
FTP Navigator 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
XnConvert 1
XnConvert 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Prime95 version 29.8 build 6 contains a buffer overflow in the user ID and proxy host fields, allowing remote attackers to execute arbitrary code and...
Prime95 version 29.8 build 6 contains a buffer overflow in the user ID and proxy host fields, allowing remote attackers to execute arbitrary code and establish a bind shell.
---METADATA---
VENDOR: Prime95
PRODUCT: Prime95
AFFECTED_VERSIONS: 29.8 build 6
---END_METADATA---
Description Summary:
Prime95 version 29.8 build 6 contains a buffer overflow in the user ID and proxy host fields, allowing remote attackers to execute arbitrary code and establish a bind shell.
Executive Summary:
A critical buffer overflow in Prime95 allows attackers to execute arbitrary code and gain remote access to systems by exploiting the user ID input fields.
Vulnerability Details
CVE-ID: CVE-2019-25327
Affected Software: Prime95
Affected Versions: 29.8 build 6
Vulnerability: This stack-based buffer overflow is triggered when a malicious payload is pasted into the PrimeNet user ID or proxy host fields. Successful exploitation allows an attacker to execute arbitrary code and open a bind shell on port 3110.
Business Impact
A CVSS score of 9.8 indicates a critical risk. If Prime95 is used on corporate systems (e.g., for stress testing), an attacker could gain a persistent foothold on the network, enabling further exploitation, data theft, and potential ransomware deployment.
Remediation Plan
Immediate Action: Update Prime95 to the latest version or uninstall version 29.8 build 6 immediately.
Proactive Monitoring: Monitor network traffic for unauthorized connections on port 3110 and scan endpoints for the presence of vulnerable Prime95 installations.
Compensating Controls: Use host-based intrusion prevention systems (HIPS) to detect and block buffer overflow attempts and restrict the use of stress-testing software to isolated, non-production environments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 12, 2026, there is no public information indicating active exploitation. This is a late disclosure for an older version of the software, but the ability to easily trigger a bind shell makes it a high-priority concern.
Analyst Recommendation
Organizations should strictly control the use of third-party utility software like Prime95. Ensure that all such tools are kept up to date and are only utilized by authorized personnel within controlled environments to minimize the risk of remote code execution.
Update Prime95 Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Thrive Smart Home 1
Thrive Smart Home 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Heatmiser Netmonitor 3
Heatmiser Netmonitor 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FTP Navigator 8.03 is vulnerable to a stack-based buffer overflow via the Custom Command textbox, enabling remote code execution through the overwriti...
FTP Navigator 8.03 is vulnerable to a stack-based buffer overflow via the Custom Command textbox, enabling remote code execution through the overwriting of SEH registers.
---METADATA---
VENDOR: FTP Navigator
PRODUCT: FTP Navigator
AFFECTED_VERSIONS: 8.03
---END_METADATA---
Description Summary:
FTP Navigator 8.03 is vulnerable to a stack-based buffer overflow via the Custom Command textbox, enabling remote code execution through the overwriting of SEH registers.
Executive Summary:
A critical stack overflow vulnerability in FTP Navigator 8.03 allows attackers to execute arbitrary code and gain system-level access through malicious input in the Custom Command field.
Vulnerability Details
CVE-ID: CVE-2019-25321
Affected Software: FTP Navigator
Affected Versions: 8.03
Vulnerability: This is a stack-based buffer overflow vulnerability triggered when a long, specially crafted string is pasted into the Custom Command textbox. The flaw allows an attacker to overwrite Structured Exception Handler (SEH) registers, facilitating arbitrary code execution.
Business Impact
The ability to execute arbitrary code on a workstation using FTP Navigator can lead to full system compromise. Given the CVSS score of 9.8, this vulnerability represents a critical risk where attackers could move laterally through the network, exfiltrate sensitive files, or install persistent malware.
Remediation Plan
Immediate Action: Discontinue the use of FTP Navigator 8.03 and migrate to a modern, supported FTP client that receives regular security updates.
Proactive Monitoring: Review endpoint detection and response (EDR) logs for suspicious child processes spawned by FTP client software, such as cmd.exe or calc.exe.
Compensating Controls: Use application whitelisting to prevent unauthorized software execution and implement strict "Least Privilege" policies to limit the impact of a compromised user account.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Feb 12, 2026, there is no public information indicating active exploitation of this vulnerability. This is a late disclosure of an older software version, increasing the likelihood that exploit code may be developed by enthusiasts or researchers.
Analyst Recommendation
Legacy software like FTP Navigator 8.03 often lacks modern exploit mitigations. Organizations should prioritize the removal of this software from their environment and transition to secure, maintained alternatives to mitigate the risk of remote code execution.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Domain Quester Pro 6.02 is vulnerable to a stack-based buffer overflow via the 'Domain Name Keywords' field, allowing remote attackers to execute arbi...
Domain Quester Pro 6.02 is vulnerable to a stack-based buffer overflow via the 'Domain Name Keywords' field, allowing remote attackers to execute arbitrary code by overwriting SEH registers.
---METADATA---
VENDOR: Domain Quester
PRODUCT: Domain Quester Pro
AFFECTED_VERSIONS: 6.02
---END_METADATA---
Description Summary:
Domain Quester Pro 6.02 is vulnerable to a stack-based buffer overflow via the 'Domain Name Keywords' field, allowing remote attackers to execute arbitrary code by overwriting SEH registers.
Executive Summary:
Domain Quester Pro 6.02 is subject to a critical stack overflow vulnerability that enables remote attackers to execute arbitrary code and gain unauthorized system access via a bind shell.
Vulnerability Details
CVE-ID: CVE-2019-25319
Affected Software: Domain Quester Pro
Affected Versions: 6.02
Vulnerability: This vulnerability is a stack-based buffer overflow occurring within the 'Domain Name Keywords' input field. By overwriting Structured Exception Handler (SEH) registers, a remote, unauthenticated attacker can redirect application flow to execute a malicious payload, resulting in a bind shell on port 9999.
Business Impact
A successful exploit grants the attacker full remote code execution (RCE) capabilities, leading to complete system compromise. With a CVSS score of 9.8, the risk is categorized as Critical, as it allows for the total loss of confidentiality, integrity, and availability of the host system. This could result in sensitive data exfiltration, the installation of ransomware, or the use of the server as a pivot point for further internal network attacks.
Remediation Plan
Immediate Action: Administrators should immediately update Domain Quester Pro to the latest available version provided by the vendor to patch the overflow vulnerability.
Proactive Monitoring: Monitor network traffic for unusual activity on port 9999 and review system logs for access violations or unexpected application crashes related to the Domain Quester process.
Compensating Controls: Implement an Intrusion Prevention System (IPS) with signatures designed to detect SEH exploitation attempts and restrict network access to the application using a robust firewall.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, because this is a late disclosure of a 2019 flaw and the technical details for triggering the overflow are specific, the potential for exploitation remains high for unpatched systems.
Analyst Recommendation
The critical nature of an SEH-based buffer overflow cannot be overstated, as it provides a direct path to system-level execution. Organizations must prioritize the decommissioning of version 6.02 or the application of vendor-supplied patches immediately to mitigate the risk of a full environment compromise.
Update Domain Quester Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
AVS Audio Converter 9
AVS Audio Converter 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ActiveFax Server 6
ActiveFax Server 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Zilab Remote Console Server 3
Zilab Remote Console Server 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Mikogo 5
Mikogo 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
WorkgroupMail 7
WorkgroupMail 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
BlackMoon FTP Server 3
BlackMoon FTP Server 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
JumpStart 0
JumpStart 0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SecurOS Enterprise 10
SecurOS Enterprise 10
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TheJshen ContentManagementSystem 1
TheJshen ContentManagementSystem 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Acer Launch Manager 6
Acer Launch Manager 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
thejshen Globitek CMS 1
thejshen Globitek CMS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
RimbaLinux AhadPOS 1
RimbaLinux AhadPOS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
html5_snmp 1
html5_snmp 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload...
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently uploading their own database files.
Executive Summary:
A critical vulnerability exists in the WP Cost Estimation & Payment Forms Builder plugin for WordPress, identified as CVE-2019-25296. This flaw allows any unauthenticated attacker on the internet to upload malicious files, leading to a complete server compromise, and delete critical system files, potentially causing a total loss of the website. Due to the ease of exploitation and severe impact, this vulnerability represents an immediate and significant threat to any organization using an affected version of the plugin.
Vulnerability Details
CVE-ID: CVE-2019-25296
Affected Software: WP Cost Estimation & Payment Forms Builder plugin for WordPress
Affected Versions: All versions up to, and including, 9.642
Vulnerability: The plugin contains an unauthenticated arbitrary file upload and deletion vulnerability. The issue stems from a lack of proper file type validation within two AJAX functions: lfb_upload_form and lfb_removeFile. An unauthenticated attacker can craft a malicious request to the lfb_upload_form action to upload any type of file, such as a PHP web shell, to the server. Successful exploitation of the upload vulnerability allows the attacker to achieve remote code execution (RCE), granting them full control over the website and underlying server. Furthermore, the attacker can leverage the lfb_removeFile action to delete arbitrary files on the server, including the critical wp-config.php file, which could lead to a denial of service or allow the attacker to reconfigure the site to point to a database under their control.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the highest possible level of risk. A successful exploit could lead to a complete compromise of the web server's confidentiality, integrity, and availability. Potential consequences include theft of sensitive data (customer information, payment details, intellectual property), website defacement, service disruption, and the use of the compromised server for further malicious activities like hosting malware or launching attacks against other systems. The ability to delete core configuration files could result in extended downtime and significant recovery costs, leading to severe reputational damage and financial loss.
Remediation Plan
Immediate Action: Immediately update the WP Cost Estimation & Payment Forms Builder plugin to the latest available version, which contains a patch for this vulnerability. After patching, it is crucial to review server logs for any signs of exploitation that may have occurred while the vulnerable version was active.
Proactive Monitoring:
/wp-admin/admin-ajax.php containing action=lfb_upload_form or action=lfb_removeFile from untrusted IP addresses./wp-content/uploads/) or modifications/deletions of core WordPress files like wp-config.php..php, .phtml, or .php5 in directories where they should not exist.Compensating Controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Jan 8, 2026, multiple public proofs-of-concept (PoCs) and exploit scripts are available for this vulnerability. Due to its unauthenticated nature and high impact, it is actively targeted by automated scanners and opportunistic threat actors. Although it is not listed on the CISA KEV catalog, the widespread availability of exploits makes it a high-priority threat for any organization running a vulnerable version.
Analyst Recommendation
Given the critical severity (CVSS 9.8), the unauthenticated attack vector, and the availability of public exploits, this vulnerability poses an extreme risk. We strongly recommend that organizations immediately identify all instances of the WP Cost Estimation & Payment Forms Builder plugin and update them to a patched version without delay. Due to the high likelihood of automated exploitation, systems running a vulnerable version should be considered potentially compromised and should be thoroughly investigated for indicators of a breach, such as backdoors or suspicious user accounts.
Update The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
BlueStacks App Player 2
BlueStacks App Player 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Alps HID Monitor Service 8
Alps HID Monitor Service 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
INIM Electronics Smartliving SmartLAN/G/SI <=6
INIM Electronics Smartliving SmartLAN/G/SI <=6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SmartLiving SmartLAN <=6
SmartLiving SmartLAN <=6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: ownCloud
PRODUCT: ownCloud
AFFECTED_VERSIONS: 8.1.8
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
ownCloud 8.1.8 contains a username enumeration vulnerability in the share.php endpoint that allows remote attackers to discover valid user accounts via crafted requests.
Executive Summary:
A username enumeration vulnerability in ownCloud 8.1.8 allows unauthorized parties to harvest user account information, facilitating targeted credential attacks.
Vulnerability Details
CVE-ID: CVE-2019-25337
Affected Software: ownCloud
Affected Versions: 8.1.8
Vulnerability: The vulnerability exists in the
/index.php/core/ajax/share.phpendpoint, where improper handling of a wildcard search parameter allows an unauthenticated attacker to enumerate valid system usernames.Business Impact
While the CVSS score is 9.8, the primary impact is the unauthorized disclosure of user information, which serves as a precursor to more severe attacks such as brute-forcing or credential stuffing. Exposure of valid usernames can lead to successful unauthorized access to sensitive company data stored within the ownCloud platform.
Remediation Plan
Immediate Action: Upgrade ownCloud to a version beyond 8.1.8 that specifically addresses endpoint enumeration vulnerabilities.
Proactive Monitoring: Review web server access logs for repeated, anomalous requests to the
share.phpendpoint that utilize wildcard characters or unexpected search patterns.Compensating Controls: Implement rate-limiting on the
share.phpendpoint at the WAF or application level to mitigate the speed at which an attacker can enumerate users.Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Feb 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Username enumeration is a critical reconnaissance step for attackers. Administrators should prioritize updating the ownCloud environment to ensure that user metadata is protected from unauthorized discovery.