Writeup Exploits

62,633 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3150 WRITEUP HIGH
abrt-dbus - Local Privilege Escalation
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
CVSS 7.1
CVE-2015-3151 WRITEUP HIGH
Automatic Bug Reporting Tool - Path Traversal via NewProblem GetInfo SetElement or DeleteElement Methods
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
CVSS 7.8
CVE-2015-3156 WRITEUP MEDIUM
OpenStack Trove < 2014.2.4 - Symlink Attack via Temporary File in Configuration Functions
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
CVSS 5.5
CVE-2015-3315 WRITEUP HIGH
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
CVSS 7.8
CVE-2015-3649 WRITEUP HIGH
open-uri-cached RubyGem - Local Cache Directory Ruby Code Execution
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
CVSS 7.8
CVE-2015-5659 WRITEUP
Network Applied Communication Laboratory Pref Shimane CMS <2.0.1 - ...
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7326 WRITEUP CRITICAL
Milton Webdav < 2.7.0.1 - XML External Entity Injection
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.
CVSS 9.8
CVE-2015-7545 WRITEUP CRITICAL
Git < 2.3.10, 2.4.x < 2.4.10, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Remote Code Execution via Remote Helper Protocols
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CVSS 9.8
CVE-2016-0721 WRITEUP HIGH
pcs < 0.9.157 - Session Fixation
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS 8.1
CVE-2016-10156 WRITEUP HIGH
systemd <v229 - Privilege Escalation
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
CVSS 7.8
CVE-2016-2038 WRITEUP MEDIUM
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - Info Disclosure
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
CVSS 5.3
CVE-2016-2040 WRITEUP MEDIUM
phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
CVSS 5.4
CVE-2016-2560 WRITEUP MEDIUM
phpMyAdmin 4.0.x < 4.0.10.15, 4.4.x < 4.4.15.5, 4.5.x < 4.5.5.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
CVSS 6.1
CVE-2016-2561 WRITEUP MEDIUM
phpMyAdmin 4.4.x < 4.4.15.5 and 4.5.x < 4.5.5.1 - Authenticated Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.
CVSS 5.4
CVE-2016-3079 WRITEUP MEDIUM
Red Hat Satellite 5.7 - Stored Cross-Site Scripting via PATH_INFO or Label Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
CVSS 6.1
CVE-2016-5097 WRITEUP MEDIUM
Opensuse < 4.6.1 - Information Disclosure
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
CVSS 5.3
CVE-2016-5705 WRITEUP MEDIUM
phpMyAdmin 4.4.x-4.6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.
CVSS 6.1
CVE-2016-5730 WRITEUP MEDIUM
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - Info Disclosure
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
CVSS 5.3
CVE-2016-5733 WRITEUP MEDIUM
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.
CVSS 6.1
CVE-2016-9461 WRITEUP MEDIUM
Nextcloud Server < 9.0.52 & ownCloud Server < 9.0.4 - Authenticated Arbitrary File Write via WebDAV COPY
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
CVSS 4.3
CVE-2016-9462 WRITEUP MEDIUM
Nextcloud Server < 9.0.52 & ownCloud Server < 9.0.4 - Unauthenticated File Restore Privilege Bypass
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
CVSS 4.3
CVE-2016-9464 WRITEUP MEDIUM
Nextcloud Server < 9.0.54 and 10.0.0 - Improper Authorization in Sharing Backend
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.
CVSS 4.3
CVE-2016-9467 WRITEUP MEDIUM
Nextcloud Server < 9.0.54 and 10.0.1 & ownCloud Server < 9.0.6 and 9.1.2 - Content Spoofing in Files App Location Bar
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
CVSS 5.3
CVE-2017-14267 WRITEUP HIGH
EE 4GEE WiFi MBB < EE60_00_05.00_31 - CSRF
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
CVSS 8.8
CVE-2017-4952 WRITEUP HIGH
VMware Xenon <1.5.4-1.5.7 - Auth Bypass
VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
CVSS 7.5
By Source
All 62,633 Writeup 62,633 Exploitdb 50,076 Nomisec 22,505 Github 3,761 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,641 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,335 bash 462 java 371 c++ 261 javascript 231 shell 140 go 75 postscript 25 typescript 25