Writeup Exploits

62,853 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15277 WRITEUP MEDIUM
GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS 6.5
CVE-2017-15278 WRITEUP MEDIUM
TeamPass < 2.1.27.9 - Cross-Site Scripting in Folders Queries
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 5.4
CVE-2017-15284 WRITEUP MEDIUM
OctoberCMS < 1.0.426 - Stored Cross-Site Scripting via SVG Avatar Upload
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
CVSS 5.4
CVE-2017-15303 WRITEUP HIGH
CPUID CPU-Z < 1.42 - Unauthenticated Arbitrary Memory Write via ioctl 0x9C402430
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
CVSS 7.8
CVE-2017-15361 WRITEUP MEDIUM
Infineon RSA library <1.02.013 - RCE
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVSS 5.9
CVE-2017-15361 WRITEUP MEDIUM
Infineon RSA library <1.02.013 - RCE
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVSS 5.9
CVE-2017-15364 WRITEUP MEDIUM
Ccsv - Use-After-Free in foreach Function
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
CVSS 5.5
CVE-2017-15367 WRITEUP CRITICAL
Bacula-web < 8.0.0-rc2 - SQL Injection
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
CVSS 9.8
CVE-2017-15649 WRITEUP HIGH
Linux Kernel < 4.13.6 - Use-After-Free via Packet Fanout Race Condition
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
CVSS 7.8
CVE-2017-15727 WRITEUP MEDIUM
phpmyfaq < 2.9.8 - Stored Cross-Site Scripting via HTML Attachment
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVSS 5.4
CVE-2017-15730 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVSS 8.8
CVE-2017-15734 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.main.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVSS 8.8
CVE-2017-15735 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Modification
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVSS 8.8
CVE-2017-15808 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVSS 8.8
CVE-2017-15808 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVSS 8.8
CVE-2017-15872 WRITEUP MEDIUM
phpwcms 1.8.9 - Cross-Site Scripting via Username Field
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
CVSS 4.8
CVE-2017-15880 WRITEUP HIGH
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via group_name Parameter
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS 7.2
CVE-2017-16007 WRITEUP MEDIUM
node-jose < 0.9.3 - Exposure of Sensitive Information via Invalid Curve Attack
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
CVSS 5.9
CVE-2017-16244 WRITEUP HIGH
OctoberCMS < 1.0.427 - Cross-Site Request Forgery via _handler Postback Variable
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVSS 8.8
CVE-2017-16359 WRITEUP MEDIUM
radare2 2.0.1 - NULL Pointer Dereference in store_versioninfo_gnu_verdef
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
CVSS 5.5
CVE-2017-16525 WRITEUP MEDIUM
Linux Kernel < 4.13.8 - Use-After-Free in USB Serial Console Disconnect
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
CVSS 6.6
CVE-2017-16546 WRITEUP HIGH
ImageMagick - Denial of Service via Malformed WPG File Colormap Index
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS 8.8
CVE-2017-16642 WRITEUP HIGH
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVSS 7.5
CVE-2017-16642 WRITEUP HIGH
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVSS 7.5
CVE-2017-16759 WRITEUP MEDIUM
LibreNMS <2017-08-18 - Info Disclosure
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVSS 5.9