webraybtl

62 exploits Active since Mar 2022
CVE-2022-24934 NOMISEC CRITICAL WORKING POC
Kingsoft WPS Office < 11.2.0.10382 - Remote Code Execution via Registry Modification
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
20 stars
CVSS 9.8
CVE-2023-40031 NOMISEC HIGH WRITEUP
Notepad++ < 8.5.6 - Heap-based Buffer Overflow in Utf8_16_Read::convert
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.
15 stars
CVSS 7.8
CVE-2023-27363 NOMISEC HIGH WRITEUP
Foxit PDF Reader < 12.1.1.15289 and PDF Editor < 10.1.11.37866 - Remote Code Execution via exportXFAData Method
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
11 stars
CVSS 7.8
CVE-2022-25943 NOMISEC HIGH WORKING POC
WPS Office < 11.2.0.10258 - Incorrect Default Permissions in Service Directory
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
6 stars
CVSS 7.8
CVE-2022-1068 NOMISEC MEDIUM STUB
modbustools/modbus_slave < 7.4.3 - Stack-based Buffer Overflow in Registration Field
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
3 stars
CVSS 5.5
CVE-2022-4856 WRITEUP MEDIUM WRITEUP
Modbus Tools Modbus Slave <7.5.1 - Buffer Overflow
A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.
CVSS 6.3
CVE-2022-4857 WRITEUP MEDIUM WRITEUP
Modbus Tools Modbus Poll <9.10.0 - Buffer Overflow
A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-1086 WRITEUP LOW WRITEUP
DolphinPHP < 1.5.0 - Cross-Site Scripting in User Management Page
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-1087 WRITEUP LOW WRITEUP
htmly 5.3 - Authenticated Stored Cross-Site Scripting in Edit Profile Module
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-1503 WRITEUP LOW WRITEUP
GetSimple CMS - Authenticated Stored Cross-Site Scripting in Content Module via post-content Argument
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.
CVSS 3.5
CVE-2022-1590 WRITEUP LOW WRITEUP
Bludit 3.13.1 - Authenticated Stored Cross-Site Scripting via New Content Endpoint
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-1817 WRITEUP LOW WRITEUP
Badminton Center Management System - Authenticated Cross-Site Scripting in Userlist Module
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.
CVSS 3.5
CVE-2022-2017 WRITEUP MEDIUM WRITEUP
SourceCodester Prison Management System 1.0 - SQL Injection via Visit Handler id Parameter
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.7
CVE-2022-2018 WRITEUP MEDIUM WRITEUP
SourceCodester Prison Management System 1.0 - SQL Injection via Inmate Handler id Parameter
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.7
CVE-2022-2019 WRITEUP HIGH WRITEUP
SourceCodester Prison Management System 1.0 - Improper Authorization in New User Creation
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2022-2020 WRITEUP LOW WRITEUP
SourceCodester Prison Management System 1.0 - Cross-Site Scripting in System Name Handler
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 2.4
CVE-2022-2086 WRITEUP MEDIUM WRITEUP
SourceCodester Bank Management System 1.0 - SQL Injection via login.php Password Parameter
A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2022-2087 WRITEUP LOW WRITEUP
SourceCodester Bank Management System 1.0 - Cross-Site Scripting via mnotice.php id Parameter
A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2022-2418 WRITEUP HIGH WRITEUP
eveo urve_web_manager - Unrestricted File Upload via img_upload.php
A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2419 WRITEUP HIGH WRITEUP
eveo urve_web_manager - Unrestricted File Upload in upload.php
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2420 WRITEUP HIGH WRITEUP
eveo urve_web_manager - Unrestricted File Upload via _internal/uploader.php
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2486 WRITEUP HIGH WRITEUP
WAVLINK WN535K2 and WN535K3 - OS Command Injection via mesh.cgi Upgrade Key Parameter
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2487 WRITEUP HIGH WRITEUP
WAVLINK WN535K2 and WN535K3 - OS Command Injection via nightled.cgi start_hour Parameter
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2488 WRITEUP HIGH WRITEUP
WAVLINK WN535K2 and WN535K3 - OS Command Injection via touchlist_sync.cgi IP Parameter
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.
CVSS 8.0
CVE-2022-2577 WRITEUP MEDIUM WRITEUP
SourceCodester Garage Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3