Writeup Exploits

62,925 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-18792 WRITEUP CRITICAL
Suricata 5.0.0 - TCP Signature Bypass via Overlapping FIN Packet
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.
CVSS 9.1
CVE-2019-18841 WRITEUP HIGH
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
CVE-2019-18844 WRITEUP HIGH
ACRN < 2019w25.5-140000p - Denial of Service via Assertion Failure in PCI Core
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.
CVSS 7.5
CVE-2019-18845 WRITEUP HIGH
Patriot Viper RGB <1.1 - Memory Corruption
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
CVSS 7.1
CVE-2019-18859 WRITEUP MEDIUM
Digi AnywhereUSB 14 Firmware - Cross-Site Scripting via Digi Page Link
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
CVSS 6.1
CVE-2019-18885 WRITEUP MEDIUM
Linux Kernel < 5.1 - NULL Pointer Dereference in btrfs_verify_dev_extents
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVSS 5.5
CVE-2019-18929 WRITEUP HIGH
Western Digital My Cloud EX2 Ultra <2.31.183 - RCE
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVSS 8.8
CVE-2019-18930 WRITEUP HIGH
Western Digital My Cloud EX2 Ultra 2.31.183 - RCE
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVSS 8.8
CVE-2019-18931 WRITEUP HIGH
Western Digital My Cloud EX2 Ultra <2.31.195 - Buffer Overflow
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
CVSS 8.8
CVE-2019-18951 WRITEUP HIGH
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
CVSS 7.5
CVE-2019-19004 WRITEUP LOW
autotrace 0.31.1 - Integer Overflow in input-bmp.c
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
CVSS 3.3
CVE-2019-19208 WRITEUP CRITICAL
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8
CVE-2019-19208 WRITEUP CRITICAL
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8
CVE-2019-19222 WRITEUP MEDIUM
D-Link DSL-2680 Firmware EU_1.03 - XSS
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
CVSS 5.4
CVE-2019-19223 WRITEUP HIGH
D-Link DSL-2680 Firmware EU_1.03 - Unauthenticated Denial of Service via Reboot Request
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
CVSS 7.5
CVE-2019-19224 WRITEUP HIGH
D-Link DSL-2680 Firmware EU_1.03 - Info Disclosure
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
CVSS 7.5
CVE-2019-19225 WRITEUP HIGH
D-Link DSL-2680 Firmware EU_1.03 - Broken Access Control
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.
CVSS 7.5
CVE-2019-19226 WRITEUP HIGH
D-Link DSL-2680 Firmware EU_1.03 - Broken Access Control
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.
CVSS 7.5
CVE-2019-19274 WRITEUP HIGH
typed_ast <1.3.2 - Memory Corruption
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
CVE-2019-19274 WRITEUP HIGH
typed_ast <1.3.2 - Memory Corruption
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
CVE-2019-19275 WRITEUP HIGH
typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
CVE-2019-19275 WRITEUP HIGH
typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
CVE-2019-19317 WRITEUP CRITICAL
SQLite 3.30.1 - Denial of Service via Generated Column Bitmask Handling
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
CVE-2019-19366 WRITEUP MEDIUM
FusionPBX 4.4.1 - Cross-Site Scripting via Redirect Parameter in xml_cdr_search.php
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVSS 6.1
CVE-2019-19367 WRITEUP MEDIUM
FusionPBX 4.4.1 - Stored Cross-Site Scripting via Fax Files ID Parameter
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS 6.1