Writeup Exploits

62,891 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-14721 WRITEUP CRITICAL
FasterXML jackson-databind <2.9.7 - SSRF
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVSS 10.0
CVE-2018-14729 WRITEUP HIGH
Discuz! 1.5-2.5 - Remote Code Execution via Database Backup Feature
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
CVSS 8.8
CVE-2018-14733 WRITEUP HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
CVSS 7.5
CVE-2018-14733 WRITEUP HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
CVSS 7.5
CVE-2018-14733 WRITEUP HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
CVSS 7.5
CVE-2018-14733 WRITEUP HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
CVSS 7.5
CVE-2018-14847 WRITEUP CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVSS 9.1
CVE-2018-14847 WRITEUP CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVSS 9.1
CVE-2018-14879 WRITEUP HIGH
tcpdump <4.9.3 - Buffer Overflow
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
CVSS 7.0
CVE-2018-14880 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in OSPFv3 Parser
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVSS 7.5
CVE-2018-14881 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in BGP Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVSS 7.5
CVE-2018-14882 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in ICMPv6 Parser
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
CVSS 7.5
CVE-2018-15120 WRITEUP MEDIUM
Pango 1.40.8-1.42.3 - Denial of Service via Invalid Unicode Sequences
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
CVSS 6.5
CVE-2018-15139 WRITEUP HIGH
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
CVE-2018-15152 WRITEUP CRITICAL
OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVSS 9.1
CVE-2018-15365 WRITEUP MEDIUM
Trend Micro Deep Discovery Inspector <3.85 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
CVSS 5.4
CVE-2018-15473 WRITEUP MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVSS 5.3
CVE-2018-15582 WRITEUP MEDIUM
gnuboard < 5.3.1.6 - Cross-Site Scripting in SMS Admin Number Book
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2018-15583 WRITEUP MEDIUM
GNUBOARD5 < 5.3.1.6 - Cross-Site Scripting via Popup Title Parameter
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS 6.1
CVE-2018-15584 WRITEUP MEDIUM
gnuboard < 5.3.1.6 - Cross-Site Scripting in Board Group Management
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2018-15585 WRITEUP MEDIUM
GNUBOARD5 < 5.3.1.6 - Cross-Site Scripting via Popup Title Parameter
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS 6.1
CVE-2018-15586 WRITEUP MEDIUM
Enigmail < 2.0.6 - Cryptographic Signature Spoofing via Multipart HTML Email
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
CVSS 6.5
CVE-2018-15587 WRITEUP MEDIUM
GNOME Evolution < 3.28.2 - OpenPGP Signature Spoofing via Crafted Email Attachment
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVSS 6.5
CVE-2018-15588 WRITEUP HIGH
MailMate < 1.11.3 - Authentication Bypass via Spoofed HTML/MIME Structure
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
CVSS 7.5
CVE-2018-15716 WRITEUP HIGH
NUUO NVRMini2 3.9.1 - Authenticated Remote Command Injection via upgrade_handle.php
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
CVSS 8.8