Writeup Exploits
60,754 exploits tracked across all sources.
RosarioSIS 6.7.2 - Cross-Site Scripting via Search.inc.php Advanced Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
CVSS 6.1
RosarioSIS < 6.8 - Cross-Site Scripting via NotifyParents.php href Attributes
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVSS 6.1
Tiki < 21.2 - Cross-Site Scripting via Improper Input Neutralization in PreventXss.php
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
CVSS 6.1
SpringBlade < 2.7.1 - SQL Injection via ORDER BY Clause in Log API
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
CVSS 9.8
Avast Antivirus < 19.7 - Denial of Service via Crafted Request to aswSnx.sys Driver
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
CVSS 5.5
Wireshark <3.2.7, <3.0.14, <2.6.21 - DoS
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
CVSS 7.5
Wireshark <3.2.7, <3.0.14, <2.6.21 - Buffer Overflow
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
CVSS 7.5
Wireshark 3.0.0-3.0.13 and 3.2.0-3.2.6 - Denial of Service via BLIP Protocol Dissector NULL Pointer Dereference
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
CVSS 7.5
RKCMS - Path Traversal via filename Parameter
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.
CVSS 5.5
Sectona Spectra < 3.4.0 - Unauthenticated Sensitive Information Disclosure via SOAP API Endpoint
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.
CVSS 7.5
GitLab 12.4-13.4.6, 13.5-13.5.4, 13.6-13.6.1 - Stored Cross-Site Scripting via Malicious Project Import
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
CVSS 5.5
GitLab 12.2.0-13.4.6, 13.5.0-13.5.4, 13.6.0-13.6.1 - Limited Information Disclosure in Private Profile
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
CVSS 5.3
Gitlab <13.4.7, <13.5.5, <13.6.2 - DoS
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
CVSS 4.3
GitLab 12.4.0-13.5.5 - Denial of Service via Malicious Package Name Input
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVSS 4.3
GitLab 8.4.0-13.4.6 13.5.0-13.5.4 13.6.0-13.6.1 - Information Disclosure in Advanced Search
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVSS 4.0
Wireshark <3.4.0, 3.2.0-3.2.8 - DoS
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
CVSS 3.1
Wireshark 3.4.0 - Denial of Service via Memory Leak in Dissection Engine
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
CVSS 3.1
Wireshark <3.4.0, 3.2.0-3.2.8 - DoS
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
CVSS 3.1
Wireshark <3.4.0, 3.2.0-3.2.8 - DoS
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
CVSS 4.2
Wireshark 3.4.0-3.4.1 - Denial of Service via QUIC Dissector Buffer Overflow
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
CVSS 3.7
Wireshark < 3.2.7 - Denial of Service via Infinite Loop in FBZERO Dissector
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
CVSS 7.5
Wireshark 3.2.0-3.2.7 - Denial of Service in GQUIC Dissector
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
CVSS 7.5
libtiff < 4.2.0 - Integer Overflow in tif_getimage.c
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 7.8
libtiff < 4.2.0 - Heap-Based Buffer Overflow in TIFF2PDF Tool
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 7.8
demokratian - SQL Injection via id_provincia Parameter in basicos_php/genera_select.php
A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 7.3
By Source