Writeup Exploits

62,906 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-9989 WRITEUP HIGH
ARM mbed TLS < 2.1.11, < 2.7.2, < 2.8.0 - Out-of-bounds Read in ssl_parse_server_psk_hint
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
CVSS 7.5
CVE-2019-10061 WRITEUP CRITICAL
node-opencv <6.1.0 - Command Injection
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
CVSS 9.8
CVE-2019-1010054 WRITEUP HIGH
Dolibarr 7.0.0 - Cross-Site Request Forgery in User Management Functions
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.
CVSS 8.8
CVE-2019-1010200 WRITEUP CRITICAL
Google Voice Builder - OS Command Injection via /tts and /alignment Endpoints
Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the servers. The component is: Two web servers in the projects expose three vulnerable endpoints that can be accessed remotely. The endpoints are defined at: - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/merlin_model_server/api.js#L34 - /alignment: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L28 - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L65. The attack vector is: Attacker sends a GET request to the vulnerable endpoint with a specially formatted query parameter. The fixed version is: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36.
CVSS 9.8
CVE-2019-1010209 WRITEUP HIGH
GoUrl.io GoURL Wordpress Plugin <1.4.14 - Unauthenticated RCE
GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14.
CVSS 7.5
CVE-2019-1010220 WRITEUP LOW
tcpdump.org tcpdump <4.9.2 - Buffer Over-read
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.
CVSS 3.3
CVE-2019-1010237 WRITEUP MEDIUM
ILIAS 5.2.0-5.2.20 - Stored Cross-Site Scripting in Assessment TestQuestionPool
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
CVSS 6.1
CVE-2019-1010268 WRITEUP CRITICAL
Ladon 0.6.1-0.9.39 - XML External Entity Injection in SOAP Request Handlers
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.
CVSS 9.8
CVE-2019-1010298 WRITEUP CRITICAL
Linaro/OP-TEE OP-TEE <3.4.0 - Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS 9.8
CVE-2019-1010308 WRITEUP CRITICAL
Aquaverde GmbH Aquarius CMS <4.1.1 - Info Disclosure
Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.
CVSS 9.8
CVE-2019-10160 WRITEUP CRITICAL
Python 2.7.0-2.7.16, 3.5, 3.6, 3.7, 3.8.0a4-3.8.0b1 - URL Parsing Security Regression
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
CVSS 9.8
CVE-2019-1020017 WRITEUP MEDIUM
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
CVSS 5.3
CVE-2019-1020018 WRITEUP HIGH
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVSS 7.3
CVE-2019-10219 WRITEUP MEDIUM
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-10219 WRITEUP MEDIUM
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-10219 WRITEUP MEDIUM
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-10226 WRITEUP MEDIUM
Fat Free CRM v0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
CVSS 5.4
CVE-2019-10255 WRITEUP MEDIUM
JupyterHub < 0.9.5 and Jupyter Notebook < 5.7.7 - Open Redirect via Login Page
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVSS 6.1
CVE-2019-10260 WRITEUP MEDIUM
Total.js CMS 12.0.0 - Stored Cross-Site Scripting in Admin Theme Message and Column Format
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
CVSS 6.1
CVE-2019-10638 WRITEUP MEDIUM
Linux Kernel < 5.1.7 - Information Exposure via IP ID Hash Collision
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
CVSS 6.5
CVE-2019-10655 WRITEUP CRITICAL
Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 < 1.0.3.219 - Unauthenticated RCE via getlogcat
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
CVSS 9.8
CVE-2019-10664 WRITEUP CRITICAL
domoticz < 4.10578 - Unauthenticated SQL Injection via idx Parameter in CWebServer::GetFloorplanImage
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
CVSS 9.8
CVE-2019-10678 WRITEUP HIGH
Domoticz <4.10579 - Info Disclosure
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
CVSS 7.5
CVE-2019-10682 WRITEUP HIGH
django-nopassword < 5.0.0 - Cleartext Storage of Sensitive Information
django-nopassword before 5.0.0 stores cleartext secrets in the database.
CVSS 7.5
CVE-2019-10714 WRITEUP MEDIUM
ImageMagick < 6.9.10-32 - Out-of-bounds Read in LocaleLowercase
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
CVSS 6.5