Writeup Exploits
62,858 exploits tracked across all sources.
ILIAS 5.3.4 - Cross-Site Scripting via PHP_SELF in shib_logout.php
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS 6.1
Call of Duty Modern Warfare 2 < 2018-04-26 - Remote Code Execution via Stack-Based Buffer Overflow
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
CVSS 10.0
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
CVSS 9.8
CSP MySQL User Manager 2.3.1 - SQL Injection and Authentication Bypass via Login Username
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
CVSS 9.8
ShenZhen Anni 5 in 1 XVR Firmware - Unauthenticated Sensitive Information Exposure via download.rsp
download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attackers to download the configuration (without a login) to discover the password.
CVSS 9.8
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x00222040
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.
CVSS 7.8
Bitpie Bitcoin Wallet < 3.2.4 - Cleartext Storage of Sensitive Information
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).
CVSS 4.1
Alps Pointing-device Driver 10.1.101.207 - Denial of Service via ApMsgFwd File Mapping Object
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
CVSS 5.5
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x002220e0
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
CVSS 7.8
libgit2 < 0.27.3 - Integer Overflow and Out-of-Bounds Read in git_delta_apply
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
CVSS 8.1
yum-utils < 1.1.31 - Path Traversal via Remote Repository Configuration
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
CVSS 8.1
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.
CVSS 7.5
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash.
CVSS 4.4
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.
CVSS 7.5
2345 Security Guard 3.7 - Denial of Service via IOCTL 0x8000200D
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.
CVSS 7.8
Admin Notes 1.1 - Cross-Site Request Forgery via Clear Table Action
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
CVSS 6.5
ILIAS 5.1.0-5.1.25, 5.2.x, 5.3.0-5.3.4 - Cross-Site Scripting via RSS Feed URI
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS 6.1
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Memory Corruption via Lua cmsgpack Library
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVSS 9.8
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Integer Overflow in Lua Struct Library
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVSS 9.8
MakeMyTrip 7.2.4 - Cleartext Storage of Sensitive Information in Local Databases
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVSS 6.5
GVToken Genesis Vision - Integer Overflow in Mint Function
GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
radare2 2.5.0 - Denial of Service via Heap-Based Out-of-Bounds Read in avr_op_analyze()
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVSS 5.5
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
CVSS 5.3
SAP Internet Transaction Server 6200.X.X - Reflected Cross-Site Scripting via wgate URIs
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
CVSS 6.1
atlant - Integer Overflow in Mint Function
ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVSS 7.5
By Source