Exploit Database

146,737 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-12108 WRITEUP HIGH
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
CVSS 7.5
CVE-2019-12109 WRITEUP HIGH
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
CVSS 7.5
CVE-2019-12189 WRITEUP MEDIUM
Zoho ManageEngine ServiceDesk Plus 9.3 - XSS
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVSS 6.1
CVE-2019-12252 WRITEUP MEDIUM
Zoho ManageEngine ServiceDesk Plus <10.5 - Info Disclosure
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
CVSS 6.5
CVE-2026-32721 WRITEUP HIGH
LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b.
CVSS 8.6
CVE-2020-10871 WRITEUP MEDIUM
OpenWrt LuCI git-20.x - Info Disclosure
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVSS 5.3
CVE-2020-10871 WRITEUP MEDIUM
OpenWrt LuCI git-20.x - Info Disclosure
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVSS 5.3
CVE-2020-10871 WRITEUP MEDIUM
OpenWrt LuCI git-20.x - Info Disclosure
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVSS 5.3
CVE-2019-12272 WRITEUP CRITICAL
OpenWrt LuCI <0.10 - Command Injection
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
CVSS 9.8
CVE-2019-12272 WRITEUP CRITICAL
OpenWrt LuCI <0.10 - Command Injection
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
CVSS 9.8
CVE-2019-12276 WRITEUP HIGH
GrandNode 4.40 - Unauthenticated Path Traversal via LetsEncrypt Controller
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
CVSS 7.5
CVE-2019-12279 WRITEUP CRITICAL
Nagios XI 5.6.1 - SQL Injection via Username Parameter in Password Reset Form
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
CVSS 9.8
CVE-2019-12290 WRITEUP HIGH
GNU libidn2 < 2.2.0 - Domain Impersonation via Punycode Unicode Conversion Bypass
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVSS 7.5
CVE-2019-12314 WRITEUP CRITICAL
Deltek Maconomy 2.2.5 - Path Traversal
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
CVSS 9.8
CVE-2019-12347 WRITEUP MEDIUM
pfSense 2.4.4-p3 - Stored Cross-Site Scripting via ACME Account Name or Description Field
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
CVSS 6.1
CVE-2019-12460 WRITEUP MEDIUM
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
CVSS 6.1
CVE-2019-12461 WRITEUP MEDIUM
WebPort 1.19.1 - Cross-Site Scripting via Log Type Parameter
Web Port 1.19.1 allows XSS via the /log type parameter.
CVSS 6.1
CVE-2019-12476 WRITEUP MEDIUM
ManageEngine ADSelfService Plus < 5.0.6 - Authentication Bypass via Password Reset Keyboard Input Sequence
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
CVSS 6.8
CVE-2019-12593 WRITEUP HIGH
IceWarp Mail Server <= 10.4.4 - Local File Inclusion via Webmail Calendar Minimizer
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVSS 7.5
CVE-2019-12735 WRITEUP HIGH
Vim < 8.1.1365 and Neovim < 0.3.6 - OS Command Injection via Modeline :source! Command
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
CVSS 8.6
CVE-2019-12788 WRITEUP HIGH
Photodex ProShow Producer 9.0.3797 - Out-of-bounds Write via Crafted File
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
CVSS 7.8
CVE-2019-12823 WRITEUP MEDIUM
Craft CMS < 3.1.31 - Cross-Site Scripting via XML Feed
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS 6.1
CVE-2019-12836 WRITEUP HIGH
Bobronix JEditor < 3.0.6 - Cross-Site Request Forgery via URL/Link in Issue
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.
CVSS 8.8
CVE-2019-12904 WRITEUP MEDIUM
Libgcrypt 1.8.4 - Information Exposure via Flush-and-Reload Side-Channel Attack
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
CVSS 5.9
CVE-2019-12905 WRITEUP MEDIUM
FileRun 2019.05.21 - Cross-Site Scripting via Filename Upload Parameter
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVSS 6.1