Exploit Database

145,404 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3887 WRITEUP HIGH
ProxyChains-NG <4.9 - Privilege Escalation
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.
CVSS 7.8
CVE-2015-3905 WRITEUP
t1utils <1.39 - Buffer Overflow
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2015-4054 WRITEUP HIGH
pgbouncer < 1.5.4 - Denial of Service via Password Packet Before Startup Packet
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
CVSS 7.5
CVE-2015-4411 WRITEUP HIGH
mongodb/bson < 3.0.4 - Denial of Service via Crafted String in ObjectId.legal?
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
CVSS 7.5
CVE-2015-4425 WRITEUP
pimcore < build 3473 - Authenticated Path Traversal and Arbitrary File Write via Admin Asset Compatibility Endpoint
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
CVE-2015-4590 WRITEUP
ArduinoJson < 4.4 - Denial of Service via Malformed JSON String
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read.
CVE-2015-4628 WRITEUP
LimeSurvey < 2.06+ - Authenticated SQL Injection via sid Parameter
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2015-4706 WRITEUP MEDIUM
IPython 3.x < 3.2 - Cross-Site Scripting via JSON Error Messages
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
CVSS 6.1
CVE-2015-4707 WRITEUP MEDIUM
IPython < 3.2.0 - Cross-Site Scripting via JSON Error Messages
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
CVSS 6.1
CVE-2015-5059 WRITEUP MEDIUM
MantisBT < 1.2.19 - Authenticated Unauthorized File Download via Project Documentation Feature
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
CVSS 5.3
CVE-2015-5074 WRITEUP
X2Engine X2CRM < 5.0.8 - Authenticated Arbitrary File Upload via .pht Extension
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
CVE-2015-5195 WRITEUP HIGH
Fedora < 4.2.7 - Improper Input Validation
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVSS 7.5
CVE-2015-5218 WRITEUP
util-linux < 2.27 - Denial of Service via Crafted File in colcrt
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
CVE-2015-5232 WRITEUP HIGH
opa-fm <10.4.0.0.196, opa-ff <10.4.0.0.197 - Use After Free
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
CVSS 8.1
CVE-2015-5263 WRITEUP HIGH
pulp-consumer-client <2.7 - Info Disclosure
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
CVSS 8.1
CVE-2015-5287 WRITEUP
ABRT sosreport Privilege Escalation
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
CVE-2015-5377 WRITEUP CRITICAL
Elasticsearch < 1.6.1 - Remote Code Execution via Transport Protocol
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
CVSS 9.8
CVE-2015-5382 WRITEUP MEDIUM
Roundcube Webmail <1.0.6, <1.1.2 - Info Disclosure
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
CVSS 6.5
CVE-2015-5607 WRITEUP HIGH
IPython 2-3 - Cross-Site Request Forgery in REST API
Cross-site request forgery in the REST API in IPython 2 and 3.
CVSS 8.8
CVE-2015-5659 WRITEUP
Network Applied Communication Laboratory Pref Shimane CMS <2.0.1 - ...
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5707 WRITEUP
Linux Kernel 2.6.0-4.0 - Integer Overflow in sg_start_req via Large iov_count Value
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
CVE-2015-6031 WRITEUP
MiniUPnPc <1.9.20150917 - Buffer Overflow
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
CVE-2015-6240 WRITEUP HIGH
Ansible < 1.9.2 - Symlink Attack via Chroot, Jail, and Zone Connection Plugins
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
CVSS 7.8
CVE-2015-6545 WRITEUP
Cerb < 7.0.3 - Cross-Site Request Forgery via ajax.php saveWorkerPeek Action
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
CVE-2015-6567 WRITEUP HIGH
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
CVSS 8.8