Writeup Exploits

62,891 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1160 WRITEUP CRITICAL
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVSS 9.8
CVE-2018-15836 WRITEUP HIGH
Openswan < 2.6.50.1 - Improper Verification of Cryptographic Signature in PKCS#1 v1.5 RSA Implementation
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
CVSS 7.5
CVE-2018-15877 WRITEUP HIGH
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
CVSS 8.8
CVE-2018-15901 WRITEUP HIGH
e107 2.1.8 - Cross-Site Request Forgery in usersettings.php
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVSS 8.8
CVE-2018-16133 WRITEUP MEDIUM
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
CVSS 5.3
CVE-2018-16134 WRITEUP MEDIUM
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVSS 6.1
CVE-2018-16158 WRITEUP CRITICAL
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVSS 9.8
CVE-2018-16227 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in IEEE 802.11 Mesh Flags Parser
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
CVSS 7.5
CVE-2018-16228 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in HNCP Parser
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
CVSS 7.5
CVE-2018-16229 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in DCCP Parser
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
CVSS 7.5
CVE-2018-16230 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in BGP MP_REACH_NLRI Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
CVSS 7.5
CVE-2018-16300 WRITEUP HIGH
tcpdump < 4.9.3 - Denial of Service via BGP Parser Uncontrolled Recursion
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
CVSS 7.5
CVE-2018-16323 WRITEUP MEDIUM
ImageMagick < 6.9.10-9 - Information Exposure via XBM Image Processing
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS 6.5
CVE-2018-16388 WRITEUP HIGH
e107 2.1.8 - Unauthenticated Arbitrary PHP File Upload via plupload
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS 7.2
CVE-2018-16389 WRITEUP MEDIUM
e107 2.1.8 - SQL Injection via banlist.php old_ip Parameter
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS 6.5
CVE-2018-16408 WRITEUP HIGH
D-Link DIR-846 Firmware 100.26 - Authenticated Remote Code Execution via SetNetworkTomographySettings
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
CVSS 7.2
CVE-2018-16451 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in SMB Parser
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
CVSS 7.5
CVE-2018-16452 WRITEUP HIGH
tcpdump < 4.9.3 - Stack Exhaustion via SMB Parser Recursion
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
CVSS 7.5
CVE-2018-16586 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Cross-Site Request Forgery via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
CVSS 4.3
CVE-2018-16587 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Arbitrary File Deletion via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVSS 6.5
CVE-2018-16613 WRITEUP CRITICAL
wpForo Forum <1.5.2 - Privilege Escalation
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS 9.8
CVE-2018-16621 WRITEUP HIGH
Sonatype Nexus Repository Manager <3.14 - Code Injection
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS 7.2
CVE-2018-16644 WRITEUP MEDIUM
ImageMagick 7.0.8-11 - Denial of Service via Crafted Image in DCM and PICT Coders
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVSS 6.5
CVE-2018-16668 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVSS 5.3
CVE-2018-16669 WRITEUP CRITICAL
CIRCONTROL OCPP <1.5.0 - Info Disclosure
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVSS 9.8