Exploit Database

146,737 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-14452 WRITEUP HIGH
Sigil < 0.9.16 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVSS 7.5
CVE-2019-14462 WRITEUP CRITICAL
libmodbus <3.0.7, <3.1.5 - Info Disclosure
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
CVSS 9.1
CVE-2019-14470 WRITEUP MEDIUM
cosenary Instagram-PHP-API <4.9.32 - XSS
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
CVSS 6.1
CVE-2019-14512 WRITEUP MEDIUM
LimeSurvey 3.17.7+190627 - Cross-Site Scripting via Boxes or Label Title
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
CVSS 6.1
CVE-2019-14521 WRITEUP HIGH
EMCA Energy Logserver 6.1.2 - Path Traversal
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
CVSS 7.5
CVE-2019-14530 WRITEUP HIGH
OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS 8.8
CVE-2020-27388 WRITEUP MEDIUM
YOURLS 1.5-1.7.10 - Authenticated Stored Cross-Site Scripting via Plugin Upload
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVSS 5.4
CVE-2019-14537 WRITEUP CRITICAL
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
CVE-2019-14537 WRITEUP CRITICAL
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
CVE-2019-14537 WRITEUP CRITICAL
YOURLS < 1.7.3 - Authentication Bypass via Type Juggling
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVSS 9.8
CVE-2019-14540 WRITEUP CRITICAL
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSS 9.8
CVE-2019-14652 WRITEUP MEDIUM
Amazon AWS JavaScript S3 Explorer <2019-08-02 - XSS
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.
CVSS 6.1
CVE-2019-14667 WRITEUP MEDIUM
Firefly III 4.7.17.4 - Stored Cross-Site Scripting in Transaction Description and Asset Account Name
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action.
CVSS 6.1
CVE-2019-14748 WRITEUP MEDIUM
osTicket <1.10.7/1.12.x<1.12.1 - Unrestricted File Upload & Stored XSS via Ticket Form
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
CVSS 5.4
CVE-2019-14749 WRITEUP HIGH
osTicket <1.10.7, <1.12.1 - Code Injection
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
CVSS 8.8
CVE-2019-14750 WRITEUP MEDIUM
osTicket < 1.10.7 and 1.12.x < 1.12.1 - Stored Cross-Site Scripting in Installer Firstname/Lastname Fields
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
CVSS 6.1
CVE-2019-14751 WRITEUP HIGH
nltk < 3.4.5 - Arbitrary File Write via Directory Traversal in Package Extraction
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVSS 7.5
CVE-2019-14763 WRITEUP MEDIUM
Linux Kernel < 4.16.4 - Denial of Service via Double-Locking in USB DWC3 Gadget Driver
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
CVSS 5.5
CVE-2019-14804 WRITEUP MEDIUM
UNA 10.0.0-RC1 - Stored Cross-Site Scripting via System Name Field in Email Template Editor
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
CVSS 4.8
CVE-2019-14857 WRITEUP MEDIUM
mod_auth_openidc < 2.4.0.1 - Open Redirect via Trailing Slash URL
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
CVSS 6.1
CVE-2019-15029 WRITEUP HIGH
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
CVSS 8.8
CVE-2019-15081 WRITEUP MEDIUM
OpenCart 3.0.0.0-3.0.3.1 - Authenticated Stored Cross-Site Scripting in Source/HTML Editor
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
CVSS 4.8
CVE-2019-15161 WRITEUP MEDIUM
libpcap < 1.9.1 - Buffer Overflow via rpcapd/daemon.c Length Mishandling
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
CVSS 5.3
CVE-2019-15162 WRITEUP MEDIUM
libpcap < 1.9.1 - Information Disclosure via Authentication Error Messages
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
CVSS 5.3
CVE-2019-15163 WRITEUP HIGH
libpcap < 1.9.1 - Denial of Service via NULL Pointer Dereference in rpcapd
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
CVSS 7.5