Writeup Exploits
63,466 exploits tracked across all sources.
D-Link Router DIR-842 v3.0.2 - Auth Bypass
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
CVSS 5.9
Grafana 6.7.3-7.4.1 - Unauthenticated Denial of Service via Snapshot API
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
CVSS 7.5
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Cross-Site Scripting via curWebPage Parameter
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
CVSS 6.1
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Open Redirect via Host Header Injection
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
CVSS 6.1
EyesOfNetwork 5.3-10 - Authenticated Unrestricted Upload of Dangerous File Type
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
CVSS 8.8
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVSS 6.5
exif < 0.6.22 - Denial of Service via Malicious JPEG File
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
CVSS 5.5
e107 < 2.3.0 - Cross-Site Request Forgery via usersettings.php
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS 8.8
Craft CMS < 3.6.0 - Cross-Site Scripting via Front-End Form User Uploads
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
CVSS 6.1
Craft CMS < 3.6.7 - Remote Code Execution via Administrative Session Hijack
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
CVSS 9.8
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
CVSS 9.8
MSI Dragon Center <2.0.98.0 - Privilege Escalation
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.
CVSS 9.8
jamovi <= 1.6.18 - Stored Cross-Site Scripting via Column Name in .omv File
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.
CVSS 6.1
phpfusion 9.03.110 - Cross-Site Request Forgery and Cross-Site Scripting in search.php
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
CVSS 6.1
urllib3 1.26.0-1.26.3 - Improper Certificate Validation in HTTPS Proxy Connections
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVSS 6.5
Gitea 1.12.0-1.12.5 and < 1.13.4 - Cross-Site Scripting via Issue Data
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
CVSS 3.7
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
CVSS 8.8
HorizontCMS - Unrestricted File Upload via .htaccess and *.hello Files
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.
CVSS 9.8
D-Link DAP-2310/2330/2360/2553/2660/2690/2695/3320/3662 - Null Pointer Dereference via atoi in sbin/httpd
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.
CVSS 7.5
Dlink Dap-2310 Firmware - NULL Pointer Dereference
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability.
CVSS 7.5
D-Link DAP-2310/2330/2360/2553/2660/2690/2695/3320/3662 - Null Pointer Dereference in upload_config
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability.
CVSS 7.5
MagpieRSS 0.72 - OS Command Injection via RSS URL Parameter
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.
CVSS 9.8
rConfig 3.9.6 - Authenticated SQL Injection
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
CVSS 8.8
Emerson GE Automation Proficy Machine Edition v8.0 - Buffer Overflow in FrameworX.exe via MITM Traffic
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
CVSS 5.3
Emerson GE Automation Proficy Machine Edition v8.0 - Denial of Service via Crafted Traffic to FrameworX.exe
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
CVSS 5.3
By Source