Exploit Database

145,801 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-7185 WRITEUP HIGH
Cesanta Mongoose Library <6.7 & OS <1.2 Use-After-Free via Multipart POST
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
CVSS 7.5
CVE-2017-7185 WRITEUP HIGH
Cesanta Mongoose Library <6.7 & OS <1.2 Use-After-Free via Multipart POST
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
CVSS 7.5
CVE-2017-7215 WRITEUP MEDIUM
MISP < 2.4.68 - Cross-Site Scripting in Index Filter Tool and Organisation Landing Page
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2017-7228 WRITEUP HIGH
Xen 4.4.x-4.8.x - Improper Validation of Array Index in XENMEM_exchange
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
CVSS 8.2
CVE-2017-7243 WRITEUP HIGH
Eclipse tinydtls 0.8.2 - Denial of Service via Change Cipher Spec Packet
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.
CVSS 7.5
CVE-2017-7269 WRITEUP CRITICAL
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVSS 9.8
CVE-2017-7269 WRITEUP CRITICAL
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVSS 9.8
CVE-2017-7277 WRITEUP HIGH
Linux kernel <4.10.6 - Info Disclosure/DoS
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
CVSS 7.1
CVE-2017-7374 WRITEUP HIGH
Linux kernel < 4.10.7 - Use After Free
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
CVSS 7.8
CVE-2017-7412 WRITEUP HIGH
NixOS 17.03 <17.03.887 - Privilege Escalation
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
CVSS 7.8
CVE-2017-7418 WRITEUP MEDIUM
ProFTPD <1.3.5e, <1.3.6rc5 - Privilege Escalation
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
CVSS 5.5
CVE-2017-7458 WRITEUP HIGH
ntopng < 2.4 - Denial of Service via Empty Hostname Field in NetworkInterface::getHost
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
CVSS 7.5
CVE-2017-7472 WRITEUP MEDIUM
Linux kernel < 4.10.13 - Denial of Service via KEY_REQKEY_DEFL_THREAD_KEYRING Keyctl Calls
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
CVSS 5.5
CVE-2017-7500 WRITEUP HIGH
rpm 4.13.0.0-4.13.0.1 - Improper Link Resolution Before File Access
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
CVSS 7.3
CVE-2017-7533 WRITEUP HIGH
Linux Kernel <4.12.4 - Privilege Escalation
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
CVSS 7.0
CVE-2017-7586 WRITEUP MEDIUM
Libsndfile <1.0.28 - Buffer Overflow
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVSS 5.5
CVE-2017-7642 WRITEUP HIGH
HashiCorp Vagrant VMware Fusion <4.0.21 - Privilege Escalation
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS 7.8
CVE-2017-7679 WRITEUP CRITICAL
Apache httpd <2.2.33, <2.4.26 - Buffer Overflow
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVSS 9.8
CVE-2017-12149 WRITEUP CRITICAL
Jboss Application Server - Code Injection
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
CVSS 9.8
CVE-2017-7981 WRITEUP HIGH
Tuleap < 9.7 - Authenticated OS Command Injection via PhpWiki SyntaxHighlighter Plugin
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command.
CVSS 8.8
CVE-2017-7991 WRITEUP CRITICAL
Exponent CMS < 2.4.1 - SQL Injection via Base64 Serialized API Key
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS 9.8
CVE-2017-8116 WRITEUP CRITICAL
Teltonika RUT9XX Firmware < 00.03.265 - Unauthenticated Remote Code Execution via Username Parameter
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
CVSS 9.8
CVE-2017-8342 WRITEUP HIGH
Radicale < 1.1.2 and 2.x < 2.0.0rc2 - Timing Attack via htpasswd Authentication
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
CVSS 8.1
CVE-2017-8367 WRITEUP HIGH
Ether Software Easy MOV Converter 1.4.24 - Buffer Overflow via Long Username
Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.
CVSS 7.8
CVE-2017-8570 WRITEUP HIGH
Microsoft Office - Remote Code Execution
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
CVSS 7.8