peter

4 exploits Active since Dec 2003
CVE-2021-29506 WRITEUP MEDIUM WRITEUP
GraphHopper 2.0-2.4 - Denial of Service via Regular Expression Injection
GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304
CVSS 6.5
EIP-2026-110599 EXPLOITDB text WORKING POC
Phorum 3.4 - Email Subject Line Script Injection
EIP-2026-109929 EXPLOITDB text WRITEUP
Newsscript 1.0 - Administrative Privilege Escalation
CVE-2003-1227 EXPLOITDB text WORKING POC
Gallery 1.4 and 1.4-pl1 - Remote Code Execution via GALLERY_BASEDIR Parameter
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.