Writeup Exploits
62,915 exploits tracked across all sources.
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSS 9.8
Amazon AWS JavaScript S3 Explorer <2019-08-02 - XSS
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.
CVSS 6.1
Firefly III 4.7.17.4 - Stored Cross-Site Scripting in Transaction Description and Asset Account Name
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.
CVSS 6.1
osTicket <1.10.7/1.12.x<1.12.1 - Unrestricted File Upload & Stored XSS via Ticket Form
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
CVSS 5.4
osTicket <1.10.7, <1.12.1 - Code Injection
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
CVSS 8.8
osTicket < 1.10.7 and 1.12.x < 1.12.1 - Stored Cross-Site Scripting in Installer Firstname/Lastname Fields
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
CVSS 6.1
nltk < 3.4.5 - Arbitrary File Write via Directory Traversal in Package Extraction
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVSS 7.5
Linux Kernel < 4.16.4 - Denial of Service via Double-Locking in USB DWC3 Gadget Driver
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
CVSS 5.5
UNA 10.0.0-RC1 - Stored Cross-Site Scripting via System Name Field in Email Template Editor
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
CVSS 4.8
mod_auth_openidc < 2.4.0.1 - Open Redirect via Trailing Slash URL
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVSS 6.1
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
CVSS 8.8
OpenCart 3.0.0.0-3.0.3.1 - Authenticated Stored Cross-Site Scripting in Source/HTML Editor
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
CVSS 4.8
libpcap < 1.9.1 - Buffer Overflow via rpcapd/daemon.c Length Mishandling
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
CVSS 5.3
libpcap < 1.9.1 - Information Disclosure via Authentication Error Messages
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
CVSS 5.3
libpcap < 1.9.1 - Denial of Service via NULL Pointer Dereference in rpcapd
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
CVSS 7.5
libpcap < 1.9.1 - Server-Side Request Forgery via rpcapd URL Parameter
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
CVSS 5.3
libpcap < 1.9.1 - Denial of Service via Invalid PHB Header Length
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
CVSS 5.3
tcpdump < 4.9.3 - Buffer Overflow in lmp_print_data_link_subobjs
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
CVSS 1.6
Envoy 1.10.0-1.11.1 - Denial of Service via O(n^2) Header Size Verification
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.
CVSS 7.5
yarn < 1.19.0 - TOCTOU Race Condition in Package Integrity Validation
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.
CVSS 5.9
MantisBT < 1.3.20 - Authenticated Remote Code Execution via Command Injection
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVSS 7.2
NSA Ghidra <= 9.0.4 - Remote Code Execution via Bit Patterns Explorer XML File Processing
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).
CVSS 9.8
By Source