SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNsasoft Spotauditor
APPNsasoft≤ 5.3.1.0
Related vulnerabilities
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that al...
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that...
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local atta...
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows atta...
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes ...