Exploit Database
144,752 exploits tracked across all sources.
streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params eval Injection
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsanitized Palette Input
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsanitized Palette Input in eval()
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params Eval Injection
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Remote Code Execution via vis_params eval Injection
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_🌍_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Server-Side Request Forgery via Web Map Service URL Parameter
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 7.5
streamlit-geospatial < 2024-07-19 - Remote Code Execution via Unsafe eval() on vis_params Input
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
streamlit-geospatial < 2024-07-19 - Server-Side Request Forgery via URL Parameter in Vector Data Visualization
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_🔲_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVSS 9.8
Rubygems Actionpack < 6.1.7.9 - Resource Allocation Without Limits
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
ImageSharp 2.1.0-2.1.8 - Out-of-bounds Write in GIF Decoder
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVSS 7.5
ImageSharp < 2.1.9 - Denial of Service via Gif Decoder
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVSS 5.3
FAST FW300R v1.3.13 Build 141023 Rel.61347n - Buffer Overflow via Crafted File Path
A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path.
CVSS 9.8
libheif 1.17.6 - Out-of-bounds Read and Write in ImageOverlay::parse()
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
CVSS 8.1
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via iface Parameter in vif_disable Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS 6.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pin_wps
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS 6.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVSS 8.8
openflights - Cross-Site Scripting via php/alsearch.php
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php
CVSS 6.1
phpipam 1.6 - Cross-Site Scripting via PowerDNS Record Edit Page
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
CVSS 7.1
phpipam 1.6 - Cross-Site Scripting via Import Load Data
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVSS 6.1
phpipam 1.6 - Cross-Site Scripting via Import Load Data
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVSS 6.1
By Source