Exploit Database
145,404 exploits tracked across all sources.
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
CVSS 8.8
CVE-2015-6830
WRITEUP
phpMyAdmin 4.3.x-4.3.13.1 & 4.4.x-4.4.14.0 - Brute-Force Protection Bypass via reCaptcha
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
CVE-2015-6938
WRITEUP
Jupyter Notebook < 4.0.5 - Cross-Site Scripting via Folder Name
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.
CVE-2015-7254
WRITEUP
Huawei HG532e, HG532n, and HG532s - Path Traversal via Icon URI
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
Milton Webdav < 2.7.0.1 - XML External Entity Injection
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.
CVSS 9.8
Git < 2.3.10, 2.4.x < 2.4.10, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Remote Code Execution via Remote Helper Protocols
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CVSS 9.8
Linux Kernel < 4.4.1 - Denial of Service via USB Device Without Bulk-Out Endpoint
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
CVSS 4.6
CVE-2015-7872
WRITEUP
Linux Kernel < 4.2.6 - Denial of Service via Keyctl Commands
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
lldpd < 0.8.0 - Denial of Service via Malformed Packet
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
CVSS 7.5
KNX ETS 4.1.5 Build 3246 - Remote Code Execution via Crafted KNXnet/IP UDP Packet
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CVSS 9.8
Cherry Music <0.36.0 - Path Traversal
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
CVSS 4.3
Composer <2016-02-10 - Cache Poisoning
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.
CVSS 8.8
PHP 7.x < 7.0.1 - Remote Code Execution via Format String Specifiers in Class Name
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
CVSS 9.8
libEBML < 1.3.3 - Use-After-Free via Deeply Nested EBML Element
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
CVSS 9.6
libmatroska < 1.4.4 - Heap Memory Information Disclosure via Crafted EBML Lacing
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
CVSS 5.3
Fedora - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
CVSS 6.1
Varnish 3.x <3.0.7 - HTTP Response Splitting
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
CVSS 7.5
Debian Linux < 2.1.0 - Use After Free
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 9.8
Linux Kernel < 4.5.7 - Denial of Service via mbcache Xattr Block Caching
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
CVSS 5.5
iTerm2 3.x < 3.1.1 - Unauthenticated Exposure of Sensitive Information via DNS Queries
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
CVSS 7.5
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
CVSS 9.8
jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVSS 6.1
PHP < 7.1.20 - Uncontrolled Resource Consumption via Non-Blocking STDIN Stream
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
CVSS 6.5
404_to_301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVSS 9.8
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
CVSS 9.8
By Source