Exploit Database

145,709 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15198 WRITEUP MEDIUM
Kanboard - Authenticated Private Project Category Modification
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS 4.3
CVE-2017-15199 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Metadata Modification via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVSS 4.3
CVE-2017-15200 WRITEUP MEDIUM
Kanboard - Authenticated Authorization Bypass via Task Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVSS 4.3
CVE-2017-15201 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Tag Editing
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVSS 4.3
CVE-2017-15202 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVSS 4.3
CVE-2017-15203 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVSS 4.3
CVE-2017-15204 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Automatic Action Form Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVSS 4.3
CVE-2017-15206 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Internal Link Injection
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVSS 4.3
CVE-2017-15207 WRITEUP MEDIUM
Kanboard - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVSS 4.3
CVE-2017-15208 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVSS 4.3
CVE-2017-15211 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Authorization Bypass via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVSS 4.3
CVE-2017-15212 WRITEUP MEDIUM
Kanboard < 1.0.47 - Authenticated Exposure of Sensitive Information via Form Data Manipulation
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVSS 4.3
CVE-2017-15277 WRITEUP MEDIUM
GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS 6.5
CVE-2017-15277 WRITEUP MEDIUM
GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS 6.5
CVE-2017-15278 WRITEUP MEDIUM
TeamPass < 2.1.27.9 - Cross-Site Scripting in Folders Queries
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 5.4
CVE-2017-15284 WRITEUP MEDIUM
OctoberCMS < 1.0.426 - Stored Cross-Site Scripting via SVG Avatar Upload
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
CVSS 5.4
CVE-2017-15303 WRITEUP HIGH
CPUID CPU-Z < 1.42 - Unauthenticated Arbitrary Memory Write via ioctl 0x9C402430
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
CVSS 7.8
CVE-2017-15361 WRITEUP MEDIUM
Infineon RSA library <1.02.013 - RCE
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVSS 5.9
CVE-2017-15361 WRITEUP MEDIUM
Infineon RSA library <1.02.013 - RCE
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVSS 5.9
CVE-2017-15364 WRITEUP MEDIUM
Ccsv - Use-After-Free in foreach Function
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
CVSS 5.5
CVE-2017-15367 WRITEUP CRITICAL
Bacula-web < 8.0.0-rc2 - SQL Injection
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
CVSS 9.8
CVE-2017-15649 WRITEUP HIGH
Linux Kernel < 4.13.6 - Use-After-Free via Packet Fanout Race Condition
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
CVSS 7.8
CVE-2017-15727 WRITEUP MEDIUM
phpmyfaq < 2.9.8 - Stored Cross-Site Scripting via HTML Attachment
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
CVSS 5.4
CVE-2017-15730 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVSS 8.8
CVE-2017-15734 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.main.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVSS 8.8