Writeup Exploits
62,858 exploits tracked across all sources.
EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
CVSS 8.8
EasyService Billing 1.0 - Cross-Site Scripting via jobcard-ongoing.php q Parameter
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
CVSS 6.1
EasyService Billing 1.0 - SQL Injection via jobcard-ongoing.php q Parameter
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
CVSS 9.8
EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
CVSS 8.8
Linux Kernel < 4.16.9 - Unauthorized Memory Read via adjtimex
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
CVSS 5.5
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
CVSS 9.8
wityCMS 0.6.1 - Authenticated Stored Cross-Site Scripting via Website Name Field
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
CVSS 4.8
ChangUonDyU Advanced Statistics 1.0.2 - Cross-Site Scripting via Subject Field
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.
CVSS 6.1
SITEMAKIN SLAC 1.0 - SQL Injection via my_item_search Parameter
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
CVSS 9.8
Espruino 2v20 - Out-of-bounds Read in jsvStringIteratorPrintfCallback
Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.
CVSS 7.5
Espruino 2v20 - Stack Overflow in jspeFactorFunctionCall
Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.
CVSS 7.5
Espruino 2v11 - Stack Buffer Overflow in jsvGetNextSibling
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.
CVSS 7.8
Espruino 2v11.251 - Stack Buffer Overflow in jsvNewFromString
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
CVSS 7.8
Espruino 2v10.246 - Buffer Overflow
Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.
CVSS 7.8
Espruino 2v11.251 - Buffer Overflow
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
CVSS 7.8
Espruino 2v11.251 - Memory Corruption
Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.
CVSS 5.5
Espruino 2v05.41 - Denial of Service via jsvGarbageCollectMarkUsed Buffer Overflow
Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.
CVSS 7.5
Espruino < 2.09 - Remote Code Execution via Buffer Overflow in jsvGetStringChars
Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.
CVSS 9.8
Espruino - Out-of-bounds Write via jswrap_function_replacewith OldFunc Parameter
An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.
CVSS 9.8
Espruino 2V00 - Stack-Based Buffer Over-Read in jsfNameFromString
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
CVSS 7.8
Espruino < 1.99 - Denial of Service and Information Disclosure via For Loop Syntax Parsing
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
CVSS 7.1
Espruino < 1.99 - Denial of Service and Information Disclosure via For Loop Syntax Parsing
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
CVSS 7.1
Espruino < 1.99 - Denial of Service and Information Disclosure via For Loop Syntax Parsing
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
CVSS 7.1
Espruino < 1.99 - Denial of Service and Information Disclosure via For Loop Syntax Parsing
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
CVSS 7.1
Espruino < 1.99 - Denial of Service via Stack Exhaustion in jsparse.c
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
CVSS 5.5
By Source