Exploit Database
146,719 exploits tracked across all sources.
Dolibarr < 8.0.4 - Authenticated Stored Cross-Site Scripting via User Address or Town Parameter
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
CVSS 5.4
Dolibarr 8.0.2 - Authenticated SQL Injection via Employee Parameter
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
CVSS 8.8
Zenphoto 1.4.14 - Cross-Site Scripting via URL Parameters
Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
CVSS 6.1
Eclipse Mosquitto <1.5.5 - Auth Bypass
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
CVSS 7.5
uaparser/user_agent_parser-core < 0.6.0 - Regular Expression Denial of Service via User-Agent Header
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)
CVSS 5.3
OpenText Portal 7.4.4 - Cross-Site Scripting via vgnextoid Parameter
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVSS 6.1
THEHIVE PROJECT Cortex <2.1.3 - Privilege Escalation
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
CVSS 7.2
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
CVSS 7.8
WellinTech KingSCADA < 3.7.0.0.1 - Stack-Based Buffer Overflow via Crafted Packet to AlarmServer
WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401.
CVSS 7.5
Craft CMS 3.0.25 - Stored Cross-Site Scripting via Entry Title Field
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
CVSS 4.8
Craft CMS 3.0.25 - Stored Cross-Site Scripting via Entry Title Field
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
CVSS 4.8
Mchange C3p0 < 0.9.5.3 - XXE
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
CVSS 9.8
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVSS 9.8
mrbird febs-shiro < 2018.11.05 - Path Traversal via CommonController File Download
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data
CVSS 7.5
Booking Calendar 8.4.3 - SQL Injection via booking_id Parameter
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
CVSS 8.8
Mini-XML v2.12 - Use-After-Free in mxmlAdd Function
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVSS 5.5
Mini-XML v2.12 - Stack-based Buffer Overflow in scan_file Function
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVSS 5.5
gitolite < 3.6.11 - Command Injection via rsync Command Line
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
CVSS 8.1
uriparser < 0.9.1 - Out-of-bounds Read in URI_FUNC
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
CVSS 9.8
Cacti < 1.2.0 - Stored Cross-Site Scripting in Color Name Field
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVSS 4.8
Cacti < 1.2.0 - Stored Cross-Site Scripting in Website Hostname for Data Collectors
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVSS 4.8
Cacti < 1.2.0 - Stored Cross-Site Scripting in Graph Vertical Label
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVSS 4.8
Cacti < 1.2.0 - Stored Cross-Site Scripting via Website Hostname Field
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVSS 5.4
LibVNC < 0.9.12 - Heap Out-of-Bounds Write in rfbproto.c
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
CVSS 9.8
GNOME Keyring < 3.27.2 - Insufficiently Protected Credentials via Session-Child Process
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
CVSS 7.8
By Source