Writeup Exploits

62,769 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-8807 WRITEUP MEDIUM
Fedora - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.
CVSS 6.1
CVE-2015-8852 WRITEUP HIGH
Varnish 3.x <3.0.7 - HTTP Response Splitting
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
CVSS 7.5
CVE-2015-8871 WRITEUP CRITICAL
Debian Linux < 2.1.0 - Use After Free
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 9.8
CVE-2015-8952 WRITEUP MEDIUM
Linux Kernel < 4.5.7 - Denial of Service via mbcache Xattr Block Caching
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
CVSS 5.5
CVE-2015-9231 WRITEUP HIGH
iTerm2 3.x < 3.1.1 - Unauthenticated Exposure of Sensitive Information via DNS Queries
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
CVSS 7.5
CVE-2015-9235 WRITEUP CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
CVSS 9.8
CVE-2015-9251 WRITEUP MEDIUM
jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVSS 6.1
CVE-2015-9253 WRITEUP MEDIUM
PHP < 7.1.20 - Uncontrolled Resource Consumption via Non-Blocking STDIN Stream
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
CVSS 6.5
CVE-2015-9323 WRITEUP CRITICAL
404_to_301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVSS 9.8
CVE-2015-9499 WRITEUP CRITICAL
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
CVSS 9.8
CVE-2016-0721 WRITEUP HIGH
pcs < 0.9.157 - Session Fixation
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS 8.1
CVE-2016-0728 WRITEUP HIGH
Linux kernel <4.4.1 - Privilege Escalation/DoS
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
CVSS 7.8
CVE-2016-0740 WRITEUP MEDIUM
Pillow < 3.1.1 - Buffer Overflow in TIFF Image Decoding
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
CVSS 6.5
CVE-2016-0775 WRITEUP MEDIUM
Pillow < 3.1.1 - Buffer Overflow in FLI File Decoder
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
CVSS 6.5
CVE-2016-1000003 WRITEUP CRITICAL
mirror_manager < 0.7.2 - Remote Code Execution in Checkin Code
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
CVSS 9.8
CVE-2016-1000232 WRITEUP MEDIUM
tough-cookie < 2.3.0 - Denial of Service via HTTP Cookie Header Parsing
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVSS 5.3
CVE-2016-1000339 WRITEUP MEDIUM
Bouncy Castle JCE Provider <1.55 - Info Disclosure
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
CVSS 5.3
CVE-2016-10009 WRITEUP HIGH
OpenSSH < 7.3 - Remote Code Execution via Forwarded SSH-Agent PKCS#11 Module Loading
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVSS 7.3
CVE-2016-10010 WRITEUP HIGH
OpenSSH <7.4 - Privilege Escalation
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
CVSS 7.0
CVE-2016-10027 WRITEUP MEDIUM
Smack <4.1.9 - Privilege Escalation
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVSS 5.9
CVE-2016-10074 WRITEUP CRITICAL
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
CVSS 9.8
CVE-2016-10105 WRITEUP CRITICAL
Piwigo < 2.8.3 - Unauthenticated Exposure of Sensitive Information via admin/plugin.php
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
CVSS 9.8
CVE-2016-10114 WRITEUP CRITICAL
aWeb Cart Watching System <2.6.1 - SQL Injection
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
CVSS 9.8
CVE-2016-10128 WRITEUP CRITICAL
libgit2 <0.24.6, <0.25.1 - Buffer Overflow
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
CVSS 9.8
CVE-2016-10129 WRITEUP HIGH
libgit2 < 0.24.6 and 0.25.x < 0.25.1 - Denial of Service via Empty Packet Line
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
CVSS 7.5