ADLab of VenusTech - Security Researcher - Exploit Intelligence Platform

CVE-2017-12977 WRITEUP HIGH WRITEUP

Photo Gallery by WD < 1.3.50 - Authenticated SQL Injection via tag_id Parameter

The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.

CVSS 7.2

View Code

CVE-2017-17821 WRITEUP CRITICAL WRITEUP

Safari - Buffer Overflow in WTF FastBitVector

WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.

CVSS 9.8

View Code

CVE-2018-5953 WRITEUP MEDIUM WRITEUP

Linux kernel <4.14.14 - Info Disclosure

The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

CVSS 5.5

View Code

CVE-2018-5995 WRITEUP MEDIUM WRITEUP

Linux kernel <4.14.14 - Info Disclosure

The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.

CVSS 5.5

View Code

CVE-2018-6548 WRITEUP CRITICAL WRITEUP

libwebm < 1.0.0.27 - Use-After-Free in Vp9HeaderParser

A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc.

CVSS 9.8

View Code

CVE-2018-7754 WRITEUP MEDIUM WRITEUP

Linux kernel <4.16.4rc4 - Info Disclosure

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.

CVSS 5.5

View Code