Writeup Exploits
60,754 exploits tracked across all sources.
demokratian - Privilege Escalation in install/install3.php
A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 7.3
Google guest-oslogin 20190304-20200507 - Privilege Escalation via lxd Group Membership
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.
CVSS 7.8
Google guest-oslogin 20190304-20200507 - Privilege Escalation via Docker Group Membership
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
CVSS 7.8
Google guest-oslogin 20190304-20200507 - Privilege Escalation via DHCP XID Manipulation
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
CVSS 7.8
eramba c2.8.1 and Enterprise < e2.19.3 - Weak Password Recovery Token
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
CVSS 9.8
eramba c2.8.1 and Enterprise < e2.19.3 - Stored Cross-Site Scripting via Attached Filename
eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.
CVSS 5.4
Git <2.20.2-2.24.1 - Command Injection
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVSS 7.8
libnbd < 1.7.3 - Denial of Service via Assertion Failure in nbd_unlocked_opt_go
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
CVSS 2.7
GitLab 13.7.0-13.7.1 - Denial of Service via Malformed HTTP Method
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVSS 5.3
GitLab 11.6.0-13.5.5 - Use of a Broken or Risky Cryptographic Algorithm
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
CVSS 6.2
Wireshark 3.4.0-3.4.2 - Denial of Service via USB HID Dissector Memory Leak
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
CVSS 3.7
Wireshark 3.4.0-3.4.2 - Denial of Service in USB HID Dissector
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
CVSS 3.7
GitLab 13.7.0-13.7.8 - Path Traversal via GitLab Workhorse
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVSS 8.5
Wireshark 3.2.0-3.2.11 and 3.4.0-3.4.3 - Remote Code Execution via Packet Injection or Crafted Capture File
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
CVSS 6.3
Wireshark 3.2.0-3.2.12 and 3.4.0-3.4.4 - Denial of Service via MS-WSP Dissector Memory Consumption
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
CVSS 5.5
ntpsec - Use of a Broken or Risky Cryptographic Algorithm via Key Generation with '#' Characters
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.
CVSS 4.0
GitLab 13.11.0-13.11.4 - Information Disclosure via On-Call Rotation Data
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
CVSS 7.5
GitLab < 13.10.5 - Denial of Service via Specially Crafted Issue or Merge Request
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
CVSS 6.5
GitLab 13.10-13.10.5 - Stored Cross-Site Scripting in Blob Viewer of Notebooks
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
CVSS 6.1
Wireshark 3.4.0-3.4.5 - Denial of Service via DVB-S2-BB Dissector Infinite Loop
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
CVSS 7.5
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
CVSS 7.1
GitLab < 13.11.6 - Reflected Cross-Site Scripting
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
CVSS 6.1
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
CVSS 4.3
Wireshark 3.2.0-3.2.14 and 3.4.0-3.4.6 - Denial of Service in DNP Dissector
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
CVSS 7.5
baserow 0.6.0-1.1.0 - Authenticated Server-Side Request Forgery via URL File Upload
SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.
CVSS 7.7
By Source