mark

13 exploits Active since Mar 2007
CVE-2026-20805 NOMISEC MEDIUM WRITEUP
Desktop Windows Manager - Info Disclosure
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
CVSS 5.5
CVE-2021-3560 NOMISEC HIGH WORKING POC
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 7.8
CVE-2026-29051 WRITEUP MEDIUM WRITEUP
melange has Path Traversal via .PKGINFO in --persist-lint-results
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `melange build --persist-lint-results`) constructs output file paths by joining `--out-dir` with the `arch` and `pkgname` values read from the `.PKGINFO` control file of the APK being linted. In affected versions these values were not validated for path separators or `..` sequences, so an attacker who can supply an APK to a melange-based lint/build pipeline (e.g. CI that lints third-party APKs, or build-as-a-service) could cause melange to write `lint-<pkgname>-<pkgver>-r<epoch>.json` to an arbitrary `.json` path reachable by the melange process. The written file is a JSON lint report whose content is partially attacker-influenced. There is no direct code-execution path, but the write can clobber other JSON artifacts on the filesystem. The issue only affects deployments that explicitly pass `--persist-lint-results`; the flag is off by default. The issue is fixed in melange v0.43.4 by validating `arch` and `pkgname` for `..`, `/`, and `filepath.Separator` before path construction in `pkg/linter/results.go` (commit 84f3b45). As a workaround, do not pass `--persist-lint-results` when linting or building APKs whose `.PKGINFO` contents are not fully trusted. Running melange as a low-privileged user and confining writes to an isolated directory also limits impact.
CVSS 4.4
CVE-2016-1000282 WRITEUP CRITICAL WORKING POC
Haraka < 2.8.8 - OS Command Injection via Attachment Processing Plugin
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
CVSS 9.8
CVE-2020-26252 WRITEUP HIGH WRITEUP
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Product Data Update
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.
CVSS 8.7
CVE-2020-26285 WRITEUP HIGH WRITEUP
OpenMage < 19.4.10 - Authenticated Remote Code Execution via Data Import/Export
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
CVSS 8.7
CVE-2020-26295 WRITEUP HIGH WRITEUP
OpenMage <19.4.10, <20.0.5 - Code Injection
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
CVSS 8.7
CVE-2007-1564 EXPLOITDB text WRITEUP
Konqueror 3.5.5 - Exposure of Sensitive Information via FTP PASV Response
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1562 EXPLOITDB text WRITEUP
Firefox < 1.5.0.11 and 2.x < 2.0.0.3 - FTP PASV Response Manipulation
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-1563 EXPLOITDB text WRITEUP
Opera 9.10 - FTP PASV Response Manipulation Leading to Information Exposure
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
EIP-2026-103132 EXPLOITDB python WORKING POC
Haraka < 2.8.9 - Remote Command Execution
EIP-2026-102630 EXPLOITDB html WORKING POC
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service
CVE-2007-1308 EXPLOITDB html WORKING POC
Konqueror - Denial of Service via FTP iframe Content Access
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.