Writeup Exploits

62,891 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-16670 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVSS 5.3
CVE-2018-16671 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVSS 5.3
CVE-2018-16672 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVSS 6.5
CVE-2018-16836 WRITEUP CRITICAL
Rubedo < 3.4.0 - Unauthenticated Path Traversal via Theme Component
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
CVSS 9.8
CVE-2018-16946 WRITEUP HIGH
LG Smart Network Camera Firmware 1310250-1508190 - Unauthenticated Sensitive Information Exposure
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
CVSS 7.5
CVE-2018-17057 WRITEUP CRITICAL
TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS 9.8
CVE-2018-17057 WRITEUP CRITICAL
TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS 9.8
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5
CVE-2018-17179 WRITEUP CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via taskman.php
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
CVSS 9.8
CVE-2018-17182 WRITEUP HIGH
Linux kernel <4.18.8 - Use After Free
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
CVSS 7.8
CVE-2018-17240 WRITEUP HIGH
Netwave IP Camera - Info Disclosure
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).
CVSS 7.5
CVE-2018-17418 WRITEUP HIGH
Monstra CMS 3.0.4 - Remote Code Execution via Mixed-Case File Extension Bypass
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.
CVSS 7.2
CVE-2018-17431 WRITEUP CRITICAL
Comodo Unified Threat Management Firewall < 2.7.0 - Unauthenticated Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
CVSS 9.8
CVE-2018-17456 WRITEUP CRITICAL
Malicious Git HTTP Server For CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
CVSS 9.8
CVE-2018-17538 WRITEUP CRITICAL
Axon Evidence Sync <3.15.89 - Code Injection
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability
CVSS 9.8
CVE-2018-17552 WRITEUP CRITICAL
Naviwebs Navigate CMS 2.8 - SQL Injection
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CVSS 9.8
CVE-2018-17553 WRITEUP HIGH
Navigate CMS 2.8 - Authenticated Remote Code Execution via Directory Traversal in navigate_upload.php
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
CVSS 8.8
CVE-2019-16531 WRITEUP HIGH
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS 8.8
CVE-2019-16531 WRITEUP HIGH
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS 8.8
CVE-2018-17997 WRITEUP MEDIUM
LayerBB 1.1.1 - Stored Cross-Site Scripting via Conversation Title
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
CVSS 6.1
CVE-2018-17996 WRITEUP MEDIUM
LayerBB < 1.1.3 - Cross-Site Request Forgery via Admin and Moderator Endpoints
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVSS 6.5
CVE-2018-17996 WRITEUP MEDIUM
LayerBB < 1.1.3 - Cross-Site Request Forgery via Admin and Moderator Endpoints
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVSS 6.5
CVE-2018-17988 WRITEUP CRITICAL
LayerBB 1.1.1 and 1.1.3 - SQL Injection via search.php search_query Parameter
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
CVSS 9.8