Exploit Database
144,108 exploits tracked across all sources.
diffy < 3.4.1 - OS Command Injection via Filename with Double Quotes
The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.
CVSS 9.8
web2py < 2.22.5 - Open Redirect via Crafted URL
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVSS 6.1
de.fac2 1.34 - User Presence Protection Bypass
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.
CVSS 5.5
Barangay Management System v1.0 - File Upload
Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.
CVSS 7.2
ICEcoder 8.1 - Path Traversal
ICEcoder v8.1 allows attackers to execute a directory traversal.
CVSS 7.5
ICEcoder 8.1 - Path Traversal
ICEcoder v8.1 allows attackers to execute a directory traversal.
CVSS 7.5
HTMLDoc 1.9.15 - Heap Overflow in write_header Function
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
CVSS 7.5
htmldoc < 1.9.12 - Heap Overflow via e_node in html.cxx
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
CVSS 7.5
Yii Yii2 Gii < 2.2.4 - Stored Cross-Site Scripting via Input Field Injection
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
CVSS 5.4
D-Link DSL-3782 <= v1.03 - OS Command Injection via byte_4C0160 Function
D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.
CVSS 8.8
Carel Boss Mini 1.5.0 - Improper Access Control
Carel Boss Mini 1.5.0 has Improper Access Control.
CVSS 9.9
Crow < 1.0+4 - Remote Code Execution via Heap-Based Buffer Overflow in qs_parse
Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.
CVSS 9.8
FusionPBX 5.0.1 - OS Command Injection via Fax Send Endpoint
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
CVSS 9.8
Bus Pass Management System 1.0 - Reflected Cross-Site Scripting via Searchdata Parameter
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.
CVSS 6.1
TestLink 1.9.20 - SQL Injection via execNavigator.php
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVSS 7.2
TestLink 1.9.20 - Stored Cross-Site Scripting via inventoryView.php
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
CVSS 5.4
TestLink 1.9.20 - Broken Access Control in Attachment Download Endpoint
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
CVSS 7.2
TestLink 1.9.20 - Cross-Site Request Forgery via planView.php
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVSS 8.8
rpc.py < 0.6.0 - Unauthenticated Remote Code Execution via Pickle Deserialization
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
CVSS 9.8
rpc.py < 0.6.0 - Unauthenticated Remote Code Execution via Pickle Deserialization
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
CVSS 9.8
QEMU 4.1.50-7.0.0 - Use-After-Free in softmmu/physmem.c
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
CVSS 8.8
H3C SSL VPN < 2022-07-10 - Cross-Site Scripting via wnm/login/login.json svpnlang Cookie
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
CVSS 6.1
ASUSTeK Aura Ready Game SDK <1.0.0.4 - Privilege Escalation
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
CVSS 7.8
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
CVSS 9.8
Solana Pay <0.2.1 - Info Disclosure
Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.
CVSS 5.3
By Source