Writeup Exploits
62,925 exploits tracked across all sources.
Suricata 5.0.0 - TCP Signature Bypass via Overlapping FIN Packet
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.
CVSS 9.1
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
ACRN < 2019w25.5-140000p - Denial of Service via Assertion Failure in PCI Core
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.
CVSS 7.5
Patriot Viper RGB <1.1 - Memory Corruption
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
CVSS 7.1
Digi AnywhereUSB 14 Firmware - Cross-Site Scripting via Digi Page Link
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
CVSS 6.1
Linux Kernel < 5.1 - NULL Pointer Dereference in btrfs_verify_dev_extents
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVSS 5.5
Western Digital My Cloud EX2 Ultra <2.31.183 - RCE
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVSS 8.8
Western Digital My Cloud EX2 Ultra 2.31.183 - RCE
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVSS 8.8
Western Digital My Cloud EX2 Ultra <2.31.195 - Buffer Overflow
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
CVSS 8.8
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
CVSS 7.5
autotrace 0.31.1 - Integer Overflow in input-bmp.c
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
CVSS 3.3
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
CVSS 9.8
D-Link DSL-2680 Firmware EU_1.03 - XSS
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
CVSS 5.4
D-Link DSL-2680 Firmware EU_1.03 - Unauthenticated Denial of Service via Reboot Request
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
CVSS 7.5
D-Link DSL-2680 Firmware EU_1.03 - Info Disclosure
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
CVSS 7.5
D-Link DSL-2680 Firmware EU_1.03 - Broken Access Control
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.
CVSS 7.5
D-Link DSL-2680 Firmware EU_1.03 - Broken Access Control
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.
CVSS 7.5
typed_ast <1.3.2 - Memory Corruption
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
typed_ast <1.3.2 - Memory Corruption
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
typed_ast 1.3.0-1.3.1 - Out-of-bounds Read in ast_for_arguments
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS 7.5
SQLite 3.30.1 - Denial of Service via Generated Column Bitmask Handling
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
FusionPBX 4.4.1 - Cross-Site Scripting via Redirect Parameter in xml_cdr_search.php
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVSS 6.1
FusionPBX 4.4.1 - Stored Cross-Site Scripting via Fax Files ID Parameter
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS 6.1
By Source