CCCCCrash

9 exploits Active since Oct 2018
CVE-2018-18751 WRITEUP CRITICAL WORKING POC
GNU gettext 0.19.8 - Use-After-Free in po_gram_parse
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVSS 9.8
CVE-2018-18751 WRITEUP CRITICAL WRITEUP
GNU gettext 0.19.8 - Use-After-Free in po_gram_parse
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVSS 9.8
CVE-2018-19353 WRITEUP MEDIUM WRITEUP
libansilove 1.0.0 - Denial of Service via Crafted File in ansilove_ansi Function
The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
CVSS 6.5
CVE-2018-19609 WRITEUP MEDIUM WRITEUP
ShowDoc 2.4.1 - Exposure of Sensitive Information via Page ID Manipulation
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
CVSS 6.5
CVE-2018-19620 WRITEUP MEDIUM WRITEUP
showdoc < 2.4.2 - Unauthenticated Incorrect Access Control via Modified page_id
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
CVSS 4.3
CVE-2018-19621 WRITEUP MEDIUM WORKING POC
showdoc 2.4.2 - Cross-Site Request Forgery in Team Member Save Endpoint
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
CVSS 6.5
CVE-2018-20136 WRITEUP MEDIUM WORKING POC
FUEL CMS 1.4.3 - Stored Cross-Site Scripting via Layout Variables
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
CVSS 4.8
CVE-2018-20137 WRITEUP MEDIUM WORKING POC
FUEL CMS 1.4.3 - Stored Cross-Site Scripting via Page Metadata Fields
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
CVSS 4.8
CVE-2019-9785 WRITEUP HIGH WRITEUP
gitnote 3.1.0 - Remote Code Execution via Crafted Markdown File
gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.
CVSS 7.8