Writeup Exploits
62,786 exploits tracked across all sources.
404_to_301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVSS 9.8
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
CVSS 9.8
pcs < 0.9.157 - Session Fixation
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS 8.1
Linux kernel <4.4.1 - Privilege Escalation/DoS
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
CVSS 7.8
Pillow < 3.1.1 - Buffer Overflow in TIFF Image Decoding
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
CVSS 6.5
Pillow < 3.1.1 - Buffer Overflow in FLI File Decoder
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
CVSS 6.5
mirror_manager < 0.7.2 - Remote Code Execution in Checkin Code
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
CVSS 9.8
tough-cookie < 2.3.0 - Denial of Service via HTTP Cookie Header Parsing
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVSS 5.3
Bouncy Castle JCE Provider <1.55 - Info Disclosure
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CVSS 5.3
OpenSSH < 7.3 - Remote Code Execution via Forwarded SSH-Agent PKCS#11 Module Loading
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVSS 7.3
OpenSSH <7.4 - Privilege Escalation
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
CVSS 7.0
Smack <4.1.9 - Privilege Escalation
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVSS 5.9
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
CVSS 9.8
Piwigo < 2.8.3 - Unauthenticated Exposure of Sensitive Information via admin/plugin.php
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
CVSS 9.8
aWeb Cart Watching System <2.6.1 - SQL Injection
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
CVSS 9.8
libgit2 <0.24.6, <0.25.1 - Buffer Overflow
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
CVSS 9.8
libgit2 < 0.24.6 and 0.25.x < 0.25.1 - Denial of Service via Empty Packet Line
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
CVSS 7.5
libgit2 <0.24.6, <0.25.1 - Info Disclosure
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
CVSS 5.9
Apache HTTP Server/ZoneMinder <1.30-1.29 - Info Disclosure
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.
CVSS 7.5
systemd <v229 - Privilege Escalation
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
CVSS 7.8
libevent < 2.1.6-beta - Out-of-bounds Read in evdns.c name_parse Function
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVSS 9.8
Debian Linux < 2.1.5 - Out-of-Bounds Write
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS 7.5
Debian Linux < 2.1.5 - Out-of-Bounds Read
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVSS 7.5
BigTree CMS < 4.2.14 - Cross-Site Scripting via Dashboard Module Integrity Check ID Parameter
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 5.4
Phusion Passenger < 5.1.0 - Privilege Escalation via Predictable /tmp Filename
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
CVSS 7.8
By Source