Writeup Exploits

62,786 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-10504 WRITEUP MEDIUM
OpenJPEG < 2.2.0 - Heap-Based Buffer Overflow in opj_mqc_byteout
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
CVSS 6.5
CVE-2016-10717 WRITEUP HIGH
Malwarebytes Anti-Malware <= 2.2.1 - Unauthenticated Whitelisting Bypass via Exclusions.dat
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
CVSS 7.8
CVE-2016-10761 WRITEUP MEDIUM
Logitech Unifying Receiver Firmware - Keystroke Injection via Encryption Bypass
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
CVSS 6.5
CVE-2016-15045 WRITEUP HIGH
lastore-daemon <0.9.66-1 - Privilege Escalation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
CVE-2016-1583 WRITEUP HIGH
Linux kernel <4.6.3 - Privilege Escalation
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
CVSS 7.8
CVE-2016-1709 WRITEUP HIGH
Google sfntly <2016-06-10 - Buffer Overflow
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.
CVSS 8.8
CVE-2016-1927 WRITEUP HIGH
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - Info Disclosure
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
CVSS 7.5
CVE-2016-1938 WRITEUP MEDIUM
Mozilla NSS <3.21 - Memory Corruption
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
CVSS 6.5
CVE-2016-2038 WRITEUP MEDIUM
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - Info Disclosure
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVSS 5.3
CVE-2016-2039 WRITEUP MEDIUM
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - CSRF
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CVSS 5.3
CVE-2016-2040 WRITEUP MEDIUM
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
CVSS 5.4
CVE-2016-2045 WRITEUP MEDIUM
phpMyAdmin 4.5.x < 4.5.4 - Authenticated Cross-Site Scripting via SQL Editor
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
CVSS 5.4
CVE-2016-2228 WRITEUP MEDIUM
Debian Linux < 5.2.11 - XSS
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
CVSS 6.1
CVE-2016-2315 WRITEUP CRITICAL
Suse Linux Enterprise Debuginfo - Memory Corruption
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVSS 9.8
CVE-2016-2384 WRITEUP MEDIUM
Linux Kernel < 4.4.8 - Use-After-Free in USB MIDI Descriptor Handling
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVSS 4.6
CVE-2016-2384 WRITEUP MEDIUM
Linux Kernel < 4.4.8 - Use-After-Free in USB MIDI Descriptor Handling
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVSS 4.6
CVE-2016-2385 WRITEUP CRITICAL
Debian Linux < 4.3.4 - Memory Corruption
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
CVSS 9.8
CVE-2016-2510 WRITEUP HIGH
BeanShell < 2.0b6 - Remote Code Execution via Crafted Serialized Data
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVSS 8.1
CVE-2016-2533 WRITEUP MEDIUM
Pillow < 3.1.1 - Buffer Overflow in ImagingPcdDecode
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
CVSS 6.5
CVE-2016-2560 WRITEUP MEDIUM
phpMyAdmin 4.0.x < 4.0.10.15, 4.4.x < 4.4.15.5, 4.5.x < 4.5.5.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
CVSS 6.1
CVE-2016-2561 WRITEUP MEDIUM
phpMyAdmin 4.4.x < 4.4.15.5 and 4.5.x < 4.5.5.1 - Authenticated Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
CVSS 5.4
CVE-2016-2782 WRITEUP MEDIUM
Linux Kernel < 4.5 - Denial of Service via USB Device with Missing Endpoints
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
CVSS 4.6
CVE-2016-3074 WRITEUP CRITICAL
libgd 2.1.1 - Denial of Service and Potential Remote Code Execution via Crafted Compressed GD2 Data
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVSS 9.8
CVE-2016-3078 WRITEUP CRITICAL
PHP < 7.0.6 - Integer Overflow in ZipArchive getFromIndex and getFromName
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
CVSS 9.8
CVE-2016-3079 WRITEUP MEDIUM
Red Hat Satellite 5.7 - Stored Cross-Site Scripting via PATH_INFO or Label Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
CVSS 6.1