Exploit Database

146,695 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-14881 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in BGP Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVSS 7.5
CVE-2018-14882 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in ICMPv6 Parser
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
CVSS 7.5
CVE-2018-15120 WRITEUP MEDIUM
Pango 1.40.8-1.42.3 - Denial of Service via Invalid Unicode Sequences
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
CVSS 6.5
CVE-2018-15139 WRITEUP HIGH
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
CVSS 8.8
CVE-2018-15152 WRITEUP CRITICAL
OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
CVSS 9.1
CVE-2018-15365 WRITEUP MEDIUM
Trend Micro Deep Discovery Inspector <3.85 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
CVSS 5.4
CVE-2018-15473 WRITEUP MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVSS 5.3
CVE-2018-15582 WRITEUP MEDIUM
gnuboard < 5.3.1.6 - Cross-Site Scripting in SMS Admin Number Book
Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2018-15583 WRITEUP MEDIUM
GNUBOARD5 < 5.3.1.6 - Cross-Site Scripting via Popup Title Parameter
Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS 6.1
CVE-2018-15584 WRITEUP MEDIUM
gnuboard < 5.3.1.6 - Cross-Site Scripting in Board Group Management
Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2018-15585 WRITEUP MEDIUM
GNUBOARD5 < 5.3.1.6 - Cross-Site Scripting via Popup Title Parameter
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS 6.1
CVE-2018-15586 WRITEUP MEDIUM
Enigmail < 2.0.6 - Cryptographic Signature Spoofing via Multipart HTML Email
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
CVSS 6.5
CVE-2018-15587 WRITEUP MEDIUM
GNOME Evolution < 3.28.2 - OpenPGP Signature Spoofing via Crafted Email Attachment
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVSS 6.5
CVE-2018-15588 WRITEUP HIGH
MailMate < 1.11.3 - Authentication Bypass via Spoofed HTML/MIME Structure
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
CVSS 7.5
CVE-2018-15716 WRITEUP HIGH
NUUO NVRMini2 3.9.1 - Authenticated Remote Command Injection via upgrade_handle.php
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
CVSS 8.8
CVE-2018-1160 WRITEUP CRITICAL
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVSS 9.8
CVE-2018-15836 WRITEUP HIGH
Openswan < 2.6.50.1 - Improper Verification of Cryptographic Signature in PKCS#1 v1.5 RSA Implementation
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
CVSS 7.5
CVE-2018-15877 WRITEUP HIGH
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
CVSS 8.8
CVE-2018-15901 WRITEUP HIGH
e107 2.1.8 - Cross-Site Request Forgery in usersettings.php
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
CVSS 8.8
CVE-2018-16133 WRITEUP MEDIUM
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
CVSS 5.3
CVE-2018-16134 WRITEUP MEDIUM
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVSS 6.1
CVE-2018-16158 WRITEUP CRITICAL
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVSS 9.8
CVE-2018-16227 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in IEEE 802.11 Mesh Flags Parser
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.
CVSS 7.5
CVE-2018-16228 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in HNCP Parser
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
CVSS 7.5
CVE-2018-16229 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in DCCP Parser
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
CVSS 7.5