Exploit Database

145,709 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15735 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Modification
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVSS 8.8
CVE-2017-15808 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVSS 8.8
CVE-2017-15808 WRITEUP HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVSS 8.8
CVE-2017-15872 WRITEUP MEDIUM
phpwcms 1.8.9 - Cross-Site Scripting via Username Field
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
CVSS 4.8
CVE-2017-15880 WRITEUP HIGH
EyesOfNetwork 5.1-0 - Authenticated SQL Injection via group_name Parameter
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
CVSS 7.2
CVE-2017-16007 WRITEUP MEDIUM
node-jose < 0.9.3 - Exposure of Sensitive Information via Invalid Curve Attack
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
CVSS 5.9
CVE-2017-16244 WRITEUP HIGH
OctoberCMS < 1.0.427 - Cross-Site Request Forgery via _handler Postback Variable
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVSS 8.8
CVE-2017-16359 WRITEUP MEDIUM
radare2 2.0.1 - NULL Pointer Dereference in store_versioninfo_gnu_verdef
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
CVSS 5.5
CVE-2017-16525 WRITEUP MEDIUM
Linux Kernel < 4.13.8 - Use-After-Free in USB Serial Console Disconnect
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
CVSS 6.6
CVE-2017-16546 WRITEUP HIGH
ImageMagick - Denial of Service via Malformed WPG File Colormap Index
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS 8.8
CVE-2017-16642 WRITEUP HIGH
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVSS 7.5
CVE-2017-16642 WRITEUP HIGH
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
CVSS 7.5
CVE-2017-16759 WRITEUP MEDIUM
LibreNMS <2017-08-18 - Info Disclosure
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVSS 5.9
CVE-2017-16792 WRITEUP MEDIUM
geminabox < 0.13.10 - Stored Cross-Site Scripting via Gemspec Homepage Value
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
CVSS 6.1
CVE-2017-16806 WRITEUP HIGH
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
CVSS 7.5
CVE-2017-16876 WRITEUP MEDIUM
mistune < 0.8.1 - Cross-Site Scripting via _keyify Function
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
CVSS 6.1
CVE-2017-16939 WRITEUP HIGH
Linux kernel <4.13.11 - Privilege Escalation/DoS
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVSS 7.8
CVE-2017-16943 WRITEUP CRITICAL
Exim 4.88-4.89 - Remote Code Execution via BDAT Command Use-After-Free
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
CVSS 9.8
CVE-2017-16994 WRITEUP MEDIUM
Linux Kernel <4.14.2 - Info Disclosure
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
CVSS 5.5
CVE-2017-16995 WRITEUP HIGH
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
CVSS 7.8
CVE-2017-17097 WRITEUP CRITICAL
GPS Tracking Software 2.x - Info Disclosure
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
CVSS 9.8
CVE-2017-17098 WRITEUP CRITICAL
GPS Tracking Software <3.0 - Code Injection
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.
CVSS 9.8
CVE-2017-17476 WRITEUP HIGH
OTRS 4.0.x < 4.0.28, 5.0.x < 5.0.26, 6.0.x < 6.0.3 - Session Hijacking via Crafted Email
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
CVSS 8.8
CVE-2017-17485 WRITEUP CRITICAL
jackson-databind < 2.6.7.3, 2.9.0-2.9.3 - Unauthenticated Remote Code Execution via Malicious JSON Input
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CVSS 9.8
CVE-2017-17499 WRITEUP CRITICAL
ImageMagick 7.0.0-0-7.0.7-12 - Use-After-Free in Magick::Image::read
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVSS 9.8