David

7 exploits Active since Dec 2003
CVE-2019-15146 WRITEUP MEDIUM WRITEUP
GoPro GPMF-parser 1.2.2 - Heap-Based Buffer Over-Read in GPMF_Next
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
CVSS 6.5
CVE-2019-15147 WRITEUP MEDIUM WRITEUP
GoPro GPMF-parser 1.2.2 - Out-of-bounds Read in GPMF_Next
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.
CVSS 6.5
CVE-2019-15148 WRITEUP MEDIUM WRITEUP
GoPro GPMF-parser 1.2.2 - Out-of-bounds Write in OpenMP4Source
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.
CVSS 6.5
CVE-2021-32641 WRITEUP HIGH WRITEUP
auth0-lock < 11.30.1 - Reflected Cross-Site Scripting via FlashMessage or LanguageDictionary
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1.
CVSS 8.1
CVE-2003-1244 EXPLOITDB php WORKING POC
phpBB 2.0-2.0.2 - SQL Injection via forum_id Parameter
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-1435 EXPLOITDB php WORKING POC
PHP-Nuke 5.6 and 6.0 - SQL Injection via Search Module Days Parameter
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
EIP-2026-101762 EXPLOITDB text WRITEUP
Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities