Exploit Database
145,600 exploits tracked across all sources.
ImageMagick 6.9.4-8 - Buffer Overflow
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS 7.8
ImageMagick <6.9.4.4 - Buffer Overflow
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS 7.8
ImageMagick < 6.9.0-3 - Denial of Service via Crafted DDS File
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted DDS File
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted SUN File
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted SUN File
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted SUN File
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted SUN File
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVSS 6.5
ImageMagick < 6.9.0-3 - Denial of Service via Crafted SUN File
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVSS 6.5
ImageMagick < 6.9.2-3 - Denial of Service via Crafted Image File
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVSS 5.5
ImageMagick < 6.9.4-0 - Denial of Service via Crafted DDS File
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVSS 6.5
ImageMagick < 6.9.4-0 - Denial of Service via Crafted DDS File
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVSS 6.5
ImageMagick <6.9.4.5, <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVSS 9.8
ImageMagick <6.9.4.5, <7.0.1.7 - Remote Code Execution
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVSS 9.8
ImageMagick <6.9.4.5 & <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS 9.8
Linux kernel <4.7 - RCE
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
CVSS 4.8
phpMyAdmin 4.4.x-4.6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
CVSS 6.1
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - Info Disclosure
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
CVSS 5.3
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - XSS
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.
CVSS 6.1
phpMyAdmin 4.6.0-4.6.3 - Cross-Site Scripting via Partition Range Table Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.
CVSS 6.1
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
CVSS 6.1
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
CVSS 9.8
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - CSRF
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
CVSS 7.5
ImageMagick <7.0.2-1 - Info Disclosure
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVSS 7.5
FAQ package <2.3.6, <4.0.5, <5.0.5 - SQL Injection
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.
CVSS 9.4
By Source