Writeup Exploits
62,994 exploits tracked across all sources.
PassMark BurnInTest, OSForensics, and PerformanceTest <9.1 <7.1 <10 - Arbitrary Ring-0 Code Execution
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
CVSS 8.8
Silicon Labs Bluetooth Low Energy SDK < 2.13.3.0 - Buffer Overflow via Packet Data
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
CVSS 6.5
Silicon Labs Bluetooth Low Energy SDK < 2.13.3.0 - Remote Code Execution via Packet Data Buffer Overflow
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
CVSS 8.8
Texas Instruments CC256x/WL18xx - Buffer Overflow
Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.
CVSS 8.8
whoopsie < 0.2.69 - Denial of Service via Malformed Crash File
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVSS 5.5
nim < 1.2.6 - CRLF Injection in asyncftpclient
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
CVSS 9.8
MiniUPnP MiniUPnPc 1.4.20101221-2.0 - Denial of Service via Integer Signedness Error
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
Parity Browser <= 1.6.10 - Origin Validation Error via Web Proxy Engine
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
CVSS 5.3
Claymore Dual GPU Miner 10.1 - Remote Code Execution via Stack-Based Buffer Overflow
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
CVSS 9.8
Claymore Dual GPU miner 10.1 - Path Traversal
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
CVSS 8.1
JCraft JSch <0.1.54 - Path Traversal
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVSS 5.9
Dropbear SSH <2016.72 - Auth Bypass
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVSS 6.4
OpenSSH < 7.2 - Authenticated Command Restriction Bypass via X11 Forwarding CRLF Injection
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVSS 6.4
9bis kitty < 0.66.6.3 - Stack-based Buffer Overflow via SCP-SINK File-Size Response
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
CVSS 9.8
Tapatalk plugin <4.9.0, 5.x-5.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVSS 9.8
CVE-2014-2022
WRITEUP
vBulletin < 4.2.2 - Authenticated SQL Injection via XMLRPC API conceptid Argument
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVE-2014-2021
WRITEUP
vBulletin < 4.2.2 and 5.0.x-5.0.5 - Authenticated Stored Cross-Site Scripting via XMLRPC API Client Name
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.
RosarioSIS 6.7.2 - Cross-Site Scripting via Preferences.php Tab Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
CVSS 6.1
RosarioSIS 6.7.2 - Cross-Site Scripting via Preferences.php Tab Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
CVSS 6.1
RosarioSIS 6.7.2 - Cross-Site Scripting via Search.inc.php Advanced Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
CVSS 6.1
RosarioSIS 6.7.2 - Cross-Site Scripting via PrintSchedules.php include_inactive Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS 6.1
RosarioSIS 6.7.2 - Cross-Site Scripting via PrintSchedules.php include_inactive Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS 6.1
RosarioSIS < 6.8 - Cross-Site Scripting via NotifyParents.php href Attributes
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVSS 6.1
OpenSSH <= 8.3p1 - OS Command Injection via scp Destination Argument
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVSS 7.4
LibreNMS < 1.65.1 - Authenticated SQL Injection via device_id POST Parameter
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS 6.5
By Source