Exploit Database

145,874 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1000559 WRITEUP MEDIUM
qutebrowser 0.11.0-1.3.2 - Stored Cross-Site Scripting via History Page Title Attribute
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).
CVSS 6.1
CVE-2018-1000613 WRITEUP CRITICAL
Bouncy Castle Java Cryptography APIs <1.60 - Unsafe Reflection in XMSS/XMSS^MT Private Key Deserialization
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVSS 9.8
CVE-2018-1000658 WRITEUP HIGH
LimeSurvey < 3.14.4 - Authenticated Remote Code Execution via Malicious ZIP Archive Upload
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.
CVSS 8.8
CVE-2018-1000850 WRITEUP HIGH
Square Retrofit <2.5.0 - Path Traversal
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
CVSS 7.5
CVE-2018-1002200 WRITEUP MEDIUM
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002200 WRITEUP MEDIUM
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002201 WRITEUP MEDIUM
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002201 WRITEUP MEDIUM
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002202 WRITEUP MEDIUM
zip4j < 1.3.3 - Path Traversal via Zip Archive Entry Extraction
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 6.5
CVE-2018-1002209 WRITEUP MEDIUM
QuaZIP < 0.7.6 - Path Traversal via Zip Archive Entry Extraction
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-10088 WRITEUP CRITICAL
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
CVSS 9.8
CVE-2018-10094 WRITEUP CRITICAL
Dolibarr < 7.0.2 - SQL Injection via Integer Parameter
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS 9.8
CVE-2018-10095 WRITEUP MEDIUM
Dolibarr < 7.0.2 - Cross-Site Scripting via foruserlogin Parameter
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVSS 6.1
CVE-2018-10285 WRITEUP CRITICAL
Ericsson-LG iPECS NMS A.1Ac - Auth Bypass
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
CVSS 9.8
CVE-2018-10286 WRITEUP HIGH
Ericsson-LG iPECS NMS A.1Ac - Info Disclosure
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
CVSS 8.8
CVE-2018-10306 WRITEUP MEDIUM
ILIAS 5.1.0-5.3.3 - Cross-Site Scripting via Invalid Date Input
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS 6.1
CVE-2018-10309 WRITEUP MEDIUM
Responsive Cookie Consent <1.8 - XSS
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
CVSS 5.4
CVE-2018-10310 WRITEUP MEDIUM
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
CVSS 5.4
CVE-2018-10364 WRITEUP MEDIUM
BigTree CMS < 4.2.22 - Stored Cross-Site Scripting via Users Management Page
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
CVSS 5.4
CVE-2018-10366 WRITEUP MEDIUM
user_project/user and rainlab/user-plugin < 1.5.0 - Stored Cross-Site Scripting in Name Field
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
CVSS 6.1
CVE-2018-10371 WRITEUP MEDIUM
wunderfarm WF Cookie Consent 1.1.3 - Stored Cross-Site Scripting via Page Title
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.
CVSS 6.1
CVE-2018-10517 WRITEUP HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
CVSS 7.2
CVE-2018-10665 WRITEUP MEDIUM
ILIAS 5.3.4 - Cross-Site Scripting via PHP_SELF in shib_logout.php
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS 6.1
CVE-2018-10718 WRITEUP CRITICAL
Call of Duty Modern Warfare 2 < 2018-04-26 - Remote Code Execution via Stack-Based Buffer Overflow
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
CVSS 10.0
CVE-2018-10734 WRITEUP CRITICAL
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
CVSS 9.8