Gitlab Exploits
438 exploits tracked across all sources.
WhatsApp for Android <2.19.291 - Buffer Overflow
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.
by gavz
CVSS 9.8
3xLogic Infinias Access Control <=6.6.9586.0 - CSRF
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.
by crypt0crc
CVSS 6.5
WhatsApp <2.19.274 - Buffer Overflow
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
by gavz
CVSS 7.8
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by ntkernel
CVSS 9.8
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by ntkernel
CVSS 7.8
NEMA DICOM Standard 1995-2019b - Code Injection
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems, including Portable Executable (PE) files for Windows and Executable and Linkable Format (ELF) files for Linux-based systems. This space is left unspecified so that dual-purpose files can be created. For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging applications in medicine. This design flaw enables system-wide compromise as malicious DICOM files are routinely shared between medical devices and hospital systems and transported via removable media for patient care coordination. To exploit this vulnerability, someone must execute the maliciously crafted file. These files can be executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. DICOM files exist on systems that process protected health information, and successful exploitation could result in violations of regulatory compliance requirements such as HIPAA and FDA postmarket obligations.
by kosmokat
CVSS 7.8
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
by samyuktha_p
CVSS 7.5
Zoho ManageEngine Applications Manager <13620 - SQL Injection
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
by eLeN3Re
CVSS 9.8
Zoho ManageEngine Applications Manager <13640 - SQL Injection
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
by eLeN3Re
CVSS 8.8
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by alessio_
CVSS 9.8
WatchGuard XMT515 <12.1.3 - XSS
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
by crypt0crc
CVSS 6.1
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by bontchev
Zohocorp Manageengine Applications Manager - Missing Authentication
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
by eLeN3Re
CVSS 5.3
Zohocorp Manageengine Applications Manager - Missing Authentication
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
by eLeN3Re
CVSS 5.3
Php < 7.1.33 - Out-of-Bounds Write
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by yangsec888
CVSS 8.7
Apple Ipados < 13.2 - TOCTOU Race Condition
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
by jamieoglindsey0
CVSS 3.1
Micro-Star MSI Afterburner 4.6.2.15658 - Privilege Escalation
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
by gavz
CVSS 7.8
Google Chrome <77.0.3865.120 - Use After Free
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by nemux
CVSS 8.8
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by s0ups
CVSS 8.8
Bludit - Brute Force
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by quizno
CVSS 9.8
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
by digipenguin
CVSS 10.0
Nostromo nhttpd <1.9.6 - RCE
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Kr0ff
CVSS 9.8
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.
To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.
The security update addresses the vulnerability by correctly validating file operations.
by k44sh
CVSS 7.8
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
by FiveO
CVSS 8.8
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
by FiveO
CVSS 7.5
By Source