Writeup Exploits
62,891 exploits tracked across all sources.
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVSS 9.8
Openswan < 2.6.50.1 - Improper Verification of Cryptographic Signature in PKCS#1 v1.5 RSA Implementation
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
CVSS 7.5
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
CVSS 8.8
e107 2.1.8 - Cross-Site Request Forgery in usersettings.php
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVSS 8.8
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
CVSS 5.3
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVSS 6.1
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVSS 9.8
tcpdump < 4.9.3 - Out-of-bounds Read in IEEE 802.11 Mesh Flags Parser
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
CVSS 7.5
tcpdump < 4.9.3 - Out-of-bounds Read in HNCP Parser
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
CVSS 7.5
tcpdump < 4.9.3 - Out-of-bounds Read in DCCP Parser
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
CVSS 7.5
tcpdump < 4.9.3 - Out-of-bounds Read in BGP MP_REACH_NLRI Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
CVSS 7.5
tcpdump < 4.9.3 - Denial of Service via BGP Parser Uncontrolled Recursion
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
CVSS 7.5
ImageMagick < 6.9.10-9 - Information Exposure via XBM Image Processing
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS 6.5
e107 2.1.8 - Unauthenticated Arbitrary PHP File Upload via plupload
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS 7.2
e107 2.1.8 - SQL Injection via banlist.php old_ip Parameter
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS 6.5
D-Link DIR-846 Firmware 100.26 - Authenticated Remote Code Execution via SetNetworkTomographySettings
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
CVSS 7.2
tcpdump < 4.9.3 - Out-of-bounds Read in SMB Parser
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
CVSS 7.5
tcpdump < 4.9.3 - Stack Exhaustion via SMB Parser Recursion
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
CVSS 7.5
Open Ticket Request System 4.0.0-4.0.31 - Cross-Site Request Forgery via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
CVSS 4.3
Open Ticket Request System 4.0.0-4.0.31 - Arbitrary File Deletion via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVSS 6.5
wpForo Forum <1.5.2 - Privilege Escalation
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS 9.8
Sonatype Nexus Repository Manager <3.14 - Code Injection
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS 7.2
ImageMagick 7.0.8-11 - Denial of Service via Crafted Image in DCM and PICT Coders
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVSS 6.5
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVSS 5.3
CIRCONTROL OCPP <1.5.0 - Info Disclosure
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVSS 9.8
By Source