Writeup Exploits

60,737 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-20376 WRITEUP MEDIUM
Electronic Logbook 3.1.4 - Cross-Site Scripting via SVG Document
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c.
CVSS 6.1
CVE-2019-5471 WRITEUP MEDIUM
GitLab 11.11.0-11.11.6 - Stored Cross-Site Scripting in Email Notification Feature
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVSS 5.4
CVE-2019-5461 WRITEUP LOW
GitLab 11.11.0-11.11.6 - Server-Side Request Forgery via GitHub Integration
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS 3.5
CVE-2019-6128 WRITEUP HIGH
libtiff 4.0.10 - Memory Leak in TIFFFdOpen
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVSS 8.8
CVE-2019-7663 WRITEUP MEDIUM
libtiff 4.0.10 - Denial of Service via TIFFWriteDirectoryTagTransferfunction
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
CVSS 6.5
CVE-2019-9890 WRITEUP CRITICAL
GitLab <11.6.10-11.8.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVSS 9.1
CVE-2019-9866 WRITEUP MEDIUM
GitLab <11.7.7, <11.8.3 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
CVSS 6.5
CVE-2019-9756 WRITEUP CRITICAL
GitLab Community and Enterprise Edition <11.6.10/11.7.6 - Incorrect Access Control
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
CVSS 9.8
CVE-2019-9732 WRITEUP CRITICAL
GitLab <11.6.10-11.8.1 - Incorrect Access Control
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
CVSS 9.8
CVE-2019-9485 WRITEUP CRITICAL
GitLab <11.6.10-11.8.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVSS 9.8
CVE-2019-9225 WRITEUP MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Exposure of Sensitive Information via Incorrect Access Control
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
CVSS 5.3
CVE-2019-9224 WRITEUP MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Missing Authorization
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).
CVSS 5.3
CVE-2019-9223 WRITEUP HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure via Error Message
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.
CVSS 7.5
CVE-2019-9222 WRITEUP HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Path Traversal
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVSS 8.1
CVE-2019-9221 WRITEUP MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Incorrect Access Control
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).
CVSS 5.5
CVE-2019-9220 WRITEUP HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Uncontrolled Resource Consumption
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.
CVSS 7.5
CVE-2019-9219 WRITEUP LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Authorization Bypass Through User-Controlled Key
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
CVSS 3.7
CVE-2019-9217 WRITEUP CRITICAL
GitLab <11.6.10-11.8.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
CVSS 9.8
CVE-2019-9179 WRITEUP LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
CVSS 3.7
CVE-2019-9178 WRITEUP MEDIUM
GitLab <11.6.10-11.8.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).
CVSS 5.3
CVE-2019-9176 WRITEUP MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Cross-Site Request Forgery
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
CVSS 6.5
CVE-2019-9175 WRITEUP MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
CVSS 5.3
CVE-2019-9174 WRITEUP CRITICAL
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Server-Side Request Forgery
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
CVSS 10.0
CVE-2019-9172 WRITEUP MEDIUM
GitLab <11.6.10-11.8.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).
CVSS 5.9
CVE-2019-9171 WRITEUP LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
CVSS 3.7
By Source
All 60,737 Writeup 60,737 Exploitdb 50,017 Nomisec 22,011 Metasploit 3,235 Github 3,037 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,348 python 6,253 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24