Writeup Exploits
63,671 exploits tracked across all sources.
Qt <5.15.2,6.2.1 - Buffer Overflow
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
CVSS 5.5
Grok 9.5.0 - Heap-Based Buffer Overflow in T1OpenHTJ2K Decompression
Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).
CVSS 5.5
OpenEXR 3.1.0-3.1.3 - Heap-Based Buffer Overflow in LineCompositeTask
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
CVSS 5.5
Roundcube < 1.4.13 and 1.5.x < 1.5.2 - Cross-Site Scripting via Crafted CSS Token Sequences
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
CVSS 6.1
Composr-CMS <10.0.39 - Authenticated RCE
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.
CVSS 8.8
Magnolia CMS <6.2.3 - CSRF,Open Redirect
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
CVSS 8.8
Magnolia CMS < 6.2.4 - XML External Entity Injection via XLF File
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVSS 7.8
Magnolia CMS < 6.2.4 - Remote Code Execution via Snake YAML Deserialization
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
CVSS 7.8
Magnolia CMS < 6.2.4 - Formula Injection via CSV/XLS Export
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
CVSS 7.8
Magnolia CMS < 6.2.4 - Server-Side Template Injection via Registration and Forgotten Password Forms
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
CVSS 9.8
Magnolia CMS <6.2.11 - Code Injection
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
CVSS 9.8
MITRE Caldera < 2.8.1 - Improper Privilege Management
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.
CVSS 8.1
MITRE Caldera < 2.8.1 - OS Command Injection via Human Plugin Name Parameter
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
CVSS 8.8
MITRE Caldera 2.9.0 - XML External Entity Injection via Debrief Plugin SVG Parameter
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).
CVSS 8.8
MITRE Caldera < 2.8.1 - Authenticated Command Injection via Startup Requirements
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.
CVSS 8.8
MITRE Caldera < 2.8.1 - Cross-Site Scripting
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.
CVSS 6.1
Roundcube Webmail < 1.3.12 and 1.4.x < 1.4.5 - Stored Cross-Site Scripting via XML Attachment Preview
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVSS 6.1
Roundcube Webmail < 1.4.4 - Remote Code Execution via Shell Metacharacters in Image Configuration
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
CVSS 9.8
Roundcube Webmail <1.4.4 - Path Traversal
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVSS 9.8
Roundcube Webmail < 1.4.4 - Stored Cross-Site Scripting via HTML Message CDATA
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVSS 6.1
SAS XML Mapper 9.45 - XML External Entity Injection
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
CVSS 10.0
Alfresco Community Edition 5.2 - RCE
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.
CVSS 7.2
Alfresco Community Edition <5.2.6, 6.0.N, 6.1.N - Open Redirect
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
CVSS 6.1
Alfresco Community Edition <=6.0 - Auth Bypass
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.
CVSS 9.8
Microsoft SQL Server Reporting Services - XSS
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
CVSS 6.1
By Source