mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.1 KiB
1.1 KiB
CVE-2025-34108
Description
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
POC
Reference
- https://www.exploit-db.com/exploits/40452
- https://www.vulncheck.com/advisories/disk-pulse-enterprise-login-stack-buffer-overflow
Github
No PoCs found on GitHub currently.