Exploit Database
144,203 exploits tracked across all sources.
Samsung mTower < 0.3.0 - Denial of Service via TEE_AllocateOperation Heap Layout Manipulation
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
CVSS 7.5
profanity < 1.60 - Use of Cryptographically Weak PRNG
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
CVSS 7.5
D-Link DNR-322L <= 2.60B15 - Authenticated Remote Code Execution via Backup Config
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
CVSS 8.8
Tenda AC15-AC18 Router <V15.03.05.19 - Buffer Overflow
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
CVSS 9.8
Tenda AC15-AC18 <V15.03.05.19 - Buffer Overflow
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
CVSS 9.8
Tenda AC15-AC18 <V15.03.05.19 - Buffer Overflow
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
CVSS 9.8
Tenda AC15-AC18 <V15.03.05.19 - Buffer Overflow
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
CVSS 9.8
Parallels Remote Application Server <18.0 - Command Injection
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
CVSS 8.1
SolarView Compact 6.00 - Command Injection
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
CVSS 9.8
Python Packaging Authority (PyPA) setuptools <65.5.1 - DoS
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
CVSS 5.9
Tiny File Manager <2.4.7 - Session Fixation
Tiny File Manager v2.4.7 and below is vulnerable to session fixation.
CVSS 9.8
Zoo Management System v1.0 - File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
CVSS 7.2
D-Link DIR-819 Firmware 1.06 - Denial of Service via sys_token Parameter
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
CVSS 7.5
cbeust testng <7.5.1,7.7.1 - Path Traversal
A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.
CVSS 5.5
Appsmith < 1.8.2 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.
CVSS 6.5
Apache Hive - Remote Code Execution
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.
In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.
CVSS 8.3
OpenRefine <= 3.5.2 - Server-Side Request Forgery
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
CVSS 6.5
BlogEngine.NET <3.3.8.0 - Path Traversal
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
CVSS 9.8
BlogEngine.NET 3.3.8.0 - Remote Code Execution via Crafted PNG Upload
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVSS 7.2
BlogEngine.NET 3.3.8.0 - Remote Code Execution via Crafted PNG Upload
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVSS 7.2
xzs v3.8.0 - Cross-Site Scripting in Title Text Field
xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVSS 5.4
xzs-mysql >= t3.4.0 - Info Disclosure
xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.
CVSS 7.5
OpenWRT LuCI <git-22.140.66206-02913be - XSS
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
CVSS 5.4
TP-Link AX10v1 V1_211117 - Info Disclosure
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.
CVSS 5.9
Ovidentia 8.3 - Unrestricted Upload of Executable Files Leading to Remote Code Execution
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.
CVSS 9.8
By Source