Exploit Database

146,695 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-16230 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in BGP MP_REACH_NLRI Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
CVSS 7.5
CVE-2018-16300 WRITEUP HIGH
tcpdump < 4.9.3 - Denial of Service via BGP Parser Uncontrolled Recursion
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
CVSS 7.5
CVE-2018-16323 WRITEUP MEDIUM
ImageMagick < 6.9.10-9 - Information Exposure via XBM Image Processing
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS 6.5
CVE-2018-16388 WRITEUP HIGH
e107 2.1.8 - Unauthenticated Arbitrary PHP File Upload via plupload
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS 7.2
CVE-2018-16389 WRITEUP MEDIUM
e107 2.1.8 - SQL Injection via banlist.php old_ip Parameter
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS 6.5
CVE-2018-16408 WRITEUP HIGH
D-Link DIR-846 Firmware 100.26 - Authenticated Remote Code Execution via SetNetworkTomographySettings
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
CVSS 7.2
CVE-2018-16451 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in SMB Parser
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
CVSS 7.5
CVE-2018-16452 WRITEUP HIGH
tcpdump < 4.9.3 - Stack Exhaustion via SMB Parser Recursion
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
CVSS 7.5
CVE-2018-16586 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Cross-Site Request Forgery via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
CVSS 4.3
CVE-2018-16587 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Arbitrary File Deletion via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVSS 6.5
CVE-2018-16613 WRITEUP CRITICAL
wpForo Forum <1.5.2 - Privilege Escalation
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
CVSS 9.8
CVE-2018-16621 WRITEUP HIGH
Sonatype Nexus Repository Manager <3.14 - Code Injection
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS 7.2
CVE-2018-16644 WRITEUP MEDIUM
ImageMagick 7.0.8-11 - Denial of Service via Crafted Image in DCM and PICT Coders
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVSS 6.5
CVE-2018-16668 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVSS 5.3
CVE-2018-16669 WRITEUP CRITICAL
CIRCONTROL OCPP <1.5.0 - Info Disclosure
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVSS 9.8
CVE-2018-16670 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVSS 5.3
CVE-2018-16671 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVSS 5.3
CVE-2018-16672 WRITEUP MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVSS 6.5
CVE-2018-16836 WRITEUP CRITICAL
Rubedo < 3.4.0 - Unauthenticated Path Traversal via Theme Component
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
CVSS 9.8
CVE-2018-16946 WRITEUP HIGH
LG Smart Network Camera Firmware 1310250-1508190 - Unauthenticated Sensitive Information Exposure
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
CVSS 7.5
CVE-2018-17057 WRITEUP CRITICAL
TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS 9.8
CVE-2018-17057 WRITEUP CRITICAL
TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS 9.8
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5
CVE-2018-17144 WRITEUP HIGH
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVSS 7.5