Writeup Exploits
62,994 exploits tracked across all sources.
openSIS <= 7.4 - SQL Injection
openSIS through 7.4 allows SQL Injection.
CVSS 9.8
FreeRDP < 2.1.1 - Out-of-bounds Read in NTLM Challenge Message
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVSS 7.1
FreeRDP < 2.1.1 - Out-of-bounds Read in security_fips_decrypt
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
CVSS 5.5
FreeRDP < 2.1.1 - Out-of-bounds Write in crypto_rsa_common
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVSS 8.3
Microweber <1.1.20 - Info Disclosure
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
CVSS 7.5
acf-to-rest-api < 3.1.0 - Insecure Direct Object Reference via Permalinks Manipulation
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
CVSS 7.5
The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVSS 4.3
The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVSS 4.3
sabberworm/php_css_parser < 8.3.1 - Remote Code Execution via eval in allSelectors or getSelectorsBySpecificity
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
CVSS 9.8
ZNC 1.8.0-1.8.1-rc1 - Authenticated Denial of Service via NULL Pointer Dereference
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
CVSS 6.5
Intelbras TIP 200/TIP 200 LITE 60.61.75.15 & TIP 300 65.61.75.22 - Path Traversal
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
CVSS 5.3
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in SDP Processing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
CVSS 7.5
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in SDP Processing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
CVSS 7.5
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in janus_sdp_preparse
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
CVSS 7.5
meetecho janus 0.3.0-0.10.0 - Stack-based Buffer Overflow in janus_sdp_merge
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.
CVSS 9.8
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in janus_sdp_preparse
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
CVSS 7.5
meetecho janus 0.9.0-0.10.0 - Information Disclosure via Uninitialized Stack Memory
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
CVSS 7.5
Roundcube Webmail < 1.3.12 and 1.4.x < 1.4.5 - Stored Cross-Site Scripting via XML Attachment Preview
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVSS 6.1
kramdown < 2.3.0 - Unauthenticated Arbitrary File Read and Remote Code Execution via Template Option
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
CVSS 9.8
meetecho janus < 0.10.0 - Buffer Overflow via RTSP Server SDP Parsing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.
CVSS 9.8
meetecho janus < 0.10.0 - Buffer Overflow via SDP Offer Packet
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.
CVSS 9.8
IceWarp Email Server 12.3.0.1 - Incorrect Access Control
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
CVSS 6.5
IceWarp Mail Server 12.3.0.1 - Unrestricted File Upload
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
CVSS 6.5
IceWarp Mail Server 12.3.0.1 - Unrestricted Upload of JavaScript Files
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVSS 8.8
PRTG Network Monitor 20.1.56.1574 - Authenticated Stored Cross-Site Scripting via Map Designer Properties
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
CVSS 5.4
By Source