Ruby Exploits
5,920 exploits tracked across all sources.
Novell File Reporter <1.0.2 - Path Traversal
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
by juan vazquez
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
Strangerstudios Paid Memberships Pro < 2.9.8 - SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
by h00die, Joshua Martinelle
CVSS 9.8
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
by hdm
Mtheme-unus < 2.3 - Path Traversal
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
by Khwanchai Kaewyos
CVSS 7.5
Wp-ecommerce Easy WP SMTP < 1.4.4 - Log Information Exposure
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
by h00die
CVSS 7.5
Netmechanica Netdecision < 4.5.1 - Memory Corruption
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma, sinn3r
Red Hat JBoss EAP <4.2.0.CP09 and <4.3.0.CP08 - Info Disclosure
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
by Tyler Krpata, Zach Grace <@ztgrace>
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
by Robert Rowley, Christophe De La Fuente, Chaim Sanders, Felipe Costa, Jonathan Claudius, Karl Sigler, Christian Mehlmauer
Syncovery <9.47x - Privilege Escalation
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.
by Jan Rude
CVSS 9.8
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
by h00die, Hacker5preme (Ron Jost)
CVSS 7.2
Imagely Nextgen Gallery < 2.1.15 - Path Traversal
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
by Sathish Kumar
CVSS 6.5
EmbedThis GoAhead <3.4.1 - Path Traversal
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
by Matthew Daley
Accellion File Transfer Appliance < fta_9_11_200 - Path Traversal
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
by hdm
CVSS 7.5
TVT Nvms-1000 Firmware - Path Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by Numan Türle, Dhiraj Mishra
CVSS 7.5
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
Subscribe to Comments for WordPress <=2.1.2 - Local File Inclusion
The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.
CVSS 7.2
Apache httpd <2.4.28 - Use After Free
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
by Hanno Böck, h00die
CVSS 7.5
Dolibarr <16.0.5 - Info Disclosure
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
by Vladimir TOUTAIN, Nolan LOSSIGNOL-DRILLIEN
CVSS 7.5
Novell File Reporter 1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
by juan vazquez
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
by Trustwave SpiderLabs, Dhiraj Mishra
CVSS 7.5
Apache - Info Disclosure
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
by altonjx, Jeffrey Cap
CVSS 9.8
Oracle Demantra Demand Management - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Oliver Gruskovnjak
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
by hdm
By Source