LiveActive security incident?Get immediate response
CVE archive

March 2019

Browse CVE records published in March 2019, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1600 matching CVEs · Page 3 of 32.

High · CVSS 8.8

CVE-2019-25581: i-doit CMDB 1.12 SQL Injection via objGroupID Parameter

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25587: BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25593: jetCast Server 2.0 Denial of Service via Log Directory

jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25599: Backup Key Recovery 2.2.4 Denial of Service via Name Field

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.

Published Mar 22, 2026 · Updated Mar 23, 2026

High · CVSS 8.7

CVE-2019-25605: EquityPandit 1.0 Insecure Logging Information Disclosure

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Published Mar 22, 2026 · Updated Mar 23, 2026

High · CVSS 8.6

CVE-2019-25611: MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25617: Ease Audio Converter 5.30 Denial of Service via Audio Cutter

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25623: Luminance Studio 2.17 Denial of Service via Malformed Input

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.

Published Mar 23, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25622: Paint Studio 2.17 Denial of Service via Malformed Input

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.

Published Mar 23, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25546: NetAware 1.20 Share Name Denial of Service

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new share through the Manage Shares interface.

Published Mar 21, 2026 · Updated Mar 23, 2026

High · CVSS 8.7

CVE-2019-25552: CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25558: Selfie Studio 2.17 Denial of Service via Resize Image

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25550: Encrypt PDF 2.3 Denial of Service via Buffer Overflow

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25556: TwistedBrush Pro Studio 24.06 Resize Image Denial of Service

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25562: jetAudio 8.1.7 Denial of Service via File Naming Buffer Overflow

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.

Published Mar 21, 2026 · Updated Mar 23, 2026

Critical · CVSS 9.8

CVE-2019-25568: Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with system-level privileges when the service restarts after a computer reboot.

Published Mar 21, 2026 · Updated Mar 23, 2026

High · CVSS 8.8

CVE-2019-25580: ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25553: CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25586: Deluge 1.3.15 Denial of Service via URL Field

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25547: NetAware 1.20 Denial of Service via Add Block Buffer Overflow

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash when removing the created block.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25577: SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with directory traversal sequences in the getcss or getjs parameters to retrieve file contents.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25571: MediaMonkey 4.1.23 Denial of Service via Malformed URL

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25565: Magic Iso Maker 5.5 Buffer Overflow Denial of Service

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25559: SpotPaltalk 1.1.5 Name/Key Field Denial of Service

SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25583: RarmaRadio 2.72.3 Username Field Denial of Service

RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25601: UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.

Published Mar 22, 2026 · Updated Mar 23, 2026

High · CVSS 8.6

CVE-2019-25607: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Published Mar 22, 2026 · Updated Mar 23, 2026

High · CVSS 8.7

CVE-2019-25613: Easy Chat Server 3.1 Denial of Service via message Parameter

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25595: jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25592: PHPRunner 10.1 Denial of Service via Dashboard Name Field

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25598: HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25625: Blob Studio 2.17 Denial of Service via Malformed Input

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.

Published Mar 23, 2026 · Updated Mar 23, 2026

High · CVSS 7.1

CVE-2019-25610: NetNumber Titan Master 7.9.1 Path Traversal via drp

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25616: AnMing MP3 CD Burner 2.0 Local Denial of Service

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25548: BlueStacks 4.80.0.1060 Denial of Service via Search Field

BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25554: Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.

Published Mar 21, 2026 · Updated Mar 23, 2026

High · CVSS 8.7

CVE-2019-25560: Lyric Video Creator 2.1 Denial of Service via MP3 File

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25572: NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

Published Mar 21, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25584: RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25590: Axessh 4.2 Denial of Service via Log File Name

Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25596: SpotAuditor 5.2.6 Name Field Denial of Service

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.8

CVE-2019-25602: GSearch 1.0.1.0 Denial of Service via Search Input

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.

Published Mar 22, 2026 · Updated Mar 23, 2026

High · CVSS 8.6

CVE-2019-25608: Iperius Backup 6.1.0 Privilege Escalation via Backup Job

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

Published Mar 22, 2026 · Updated Mar 23, 2026

Critical · CVSS 9.8

CVE-2019-25614: Free Float FTP 1.0 STOR Command Remote Buffer Overflow

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.

Published Mar 22, 2026 · Updated Mar 23, 2026

Medium · CVSS 6.9

CVE-2019-25620: Tree Studio 2.17 Denial of Service via Malformed Input

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.

Published Mar 23, 2026 · Updated Mar 23, 2026

High · CVSS 8.8

CVE-2019-25488: Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.

Published Mar 12, 2026 · Updated Mar 14, 2026

High · CVSS 8.8

CVE-2019-25482: Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.

Published Mar 12, 2026 · Updated Mar 14, 2026

High · CVSS 8.8

CVE-2019-25481: iScripts ReserveLogic Lastest SQL Injection via search endpoint

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information.

Published Mar 12, 2026 · Updated Mar 14, 2026

High · CVSS 8.8

CVE-2019-25479: Inout RealEstate Lastest SQL Injection via agentlistdetails

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information.

Published Mar 12, 2026 · Updated Mar 14, 2026

High · CVSS 7.1

CVE-2019-25473: Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.

Published Mar 12, 2026 · Updated Mar 14, 2026