Search criteria
4 vulnerabilities found for Axessh by Labf
CVE-2019-25607 (GCVE-0-2019-25607)
Vulnerability from nvd – Published: 2026-03-22 13:38 – Updated: 2026-03-23 16:16
VLAI
Title
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Summary
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
Severity
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46922 | exploit |
| http://www.labf.com | product |
| http://www.labf.com/download/axessh.exe | product |
| https://www.exploit-db.com/exploits/46858 | exploit |
| https://www.exploit-db.com/shellcodes/46281 | exploit |
| https://www.vulncheck.com/advisories/axessh-local… | third-party-advisory |
Date Public
2019-05-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25607",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:16:14.383679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:16:24.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axessh",
"vendor": "Labf",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Uday Mittal (https://github.com/yaksas443/YaksasCSC-Lab/)"
}
],
"datePublic": "2019-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T13:38:41.830Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46922",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46922"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.labf.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.labf.com/download/axessh.exe"
},
{
"name": "Exploit DB",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46858"
},
{
"name": "Exploit DB",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/shellcodes/46281"
},
{
"name": "VulnCheck Advisory: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name"
}
],
"title": "Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25607",
"datePublished": "2026-03-22T13:38:41.830Z",
"dateReserved": "2026-03-22T13:14:15.419Z",
"dateUpdated": "2026-03-23T16:16:24.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25590 (GCVE-0-2019-25590)
Vulnerability from nvd – Published: 2026-03-22 13:38 – Updated: 2026-03-23 15:31
VLAI
Title
Axessh 4.2 Denial of Service via Log File Name
Summary
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
Severity
6.2 (Medium)
CWE
- CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46858 | exploit |
| http://www.labf.com | product |
| http://www.labf.com/download/axessh.exe | product |
| https://www.vulncheck.com/advisories/axessh-denia… | third-party-advisory |
Date Public
2019-05-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:31:52.647034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:31:59.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axessh",
"vendor": "Labf",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1282",
"description": "Assumed-Immutable Data is Stored in Writable Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T13:38:28.762Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46858",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46858"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.labf.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.labf.com/download/axessh.exe"
},
{
"name": "VulnCheck Advisory: Axessh 4.2 Denial of Service via Log File Name",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name"
}
],
"title": "Axessh 4.2 Denial of Service via Log File Name",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25590",
"datePublished": "2026-03-22T13:38:28.762Z",
"dateReserved": "2026-03-22T12:50:42.558Z",
"dateUpdated": "2026-03-23T15:31:59.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25607 (GCVE-0-2019-25607)
Vulnerability from cvelistv5 – Published: 2026-03-22 13:38 – Updated: 2026-03-23 16:16
VLAI
Title
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Summary
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
Severity
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46922 | exploit |
| http://www.labf.com | product |
| http://www.labf.com/download/axessh.exe | product |
| https://www.exploit-db.com/exploits/46858 | exploit |
| https://www.exploit-db.com/shellcodes/46281 | exploit |
| https://www.vulncheck.com/advisories/axessh-local… | third-party-advisory |
Date Public
2019-05-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25607",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:16:14.383679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:16:24.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axessh",
"vendor": "Labf",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Uday Mittal (https://github.com/yaksas443/YaksasCSC-Lab/)"
}
],
"datePublic": "2019-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T13:38:41.830Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46922",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46922"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.labf.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.labf.com/download/axessh.exe"
},
{
"name": "Exploit DB",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46858"
},
{
"name": "Exploit DB",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/shellcodes/46281"
},
{
"name": "VulnCheck Advisory: Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name"
}
],
"title": "Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25607",
"datePublished": "2026-03-22T13:38:41.830Z",
"dateReserved": "2026-03-22T13:14:15.419Z",
"dateUpdated": "2026-03-23T16:16:24.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25590 (GCVE-0-2019-25590)
Vulnerability from cvelistv5 – Published: 2026-03-22 13:38 – Updated: 2026-03-23 15:31
VLAI
Title
Axessh 4.2 Denial of Service via Log File Name
Summary
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
Severity
6.2 (Medium)
CWE
- CWE-1282 - Assumed-Immutable Data is Stored in Writable Memory
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46858 | exploit |
| http://www.labf.com | product |
| http://www.labf.com/download/axessh.exe | product |
| https://www.vulncheck.com/advisories/axessh-denia… | third-party-advisory |
Date Public
2019-05-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:31:52.647034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:31:59.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axessh",
"vendor": "Labf",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1282",
"description": "Assumed-Immutable Data is Stored in Writable Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T13:38:28.762Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46858",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46858"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.labf.com"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.labf.com/download/axessh.exe"
},
{
"name": "VulnCheck Advisory: Axessh 4.2 Denial of Service via Log File Name",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/axessh-denial-of-service-via-log-file-name"
}
],
"title": "Axessh 4.2 Denial of Service via Log File Name",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25590",
"datePublished": "2026-03-22T13:38:28.762Z",
"dateReserved": "2026-03-22T12:50:42.558Z",
"dateUpdated": "2026-03-23T15:31:59.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}