Writeup Exploits
62,633 exploits tracked across all sources.
CVE-2012-0976
WRITEUP
SilverStripe 2.4.6 - Authenticated Cross-Site Scripting via Title Parameter
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
Kloxo <6.1.12 - Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
Kodi < 19.5 - Denial of Service via Crafted MP3 File
A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.
CVSS 5.5
Kodi < 19.5 - Denial of Service via Crafted MP3 File
A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.
CVSS 5.5
Kodi < 19.5 - Denial of Service via Heap Buffer Overflow
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVSS 4.6
Kodi < 19.5 - Denial of Service via Heap Buffer Overflow
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVSS 4.6
Kodi < 19.5 - Denial of Service via Heap Buffer Overflow
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVSS 4.6
Kodi < 19.5 - Denial of Service via Heap Buffer Overflow
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
CVSS 4.6
Kodi < 19.0 - Denial of Service via istream Length Mismatch
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
CVSS 5.5
Kodi < 19.0 - Denial of Service via istream Length Mismatch
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
CVSS 5.5
JACK2 1.9.1-1.9.12 - Double File Descriptor Close Leading to Information Disclosure or Denial of Service
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
CVSS 8.1
Kodi <= 17.1 - Path Traversal and Arbitrary File Write via Zip Extraction
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVSS 5.5
XBMC/Media Center < 11.0 - Authenticated Path Traversal via HTTP Server URI
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
XBMC/Media Center < 11.0 - Authenticated Path Traversal via HTTP Server URI
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
CVE-2012-4267
WRITEUP
Sockso < 1.5 - Stored Cross-Site Scripting via User Registration Name Parameter
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2012-4267
WRITEUP
Sockso < 1.5 - Stored Cross-Site Scripting via User Registration Name Parameter
Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Sockso Music Host Server <=1.5 - Path Traversal
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVSS 6.1
CVE-2012-1059
WRITEUP
OSCommerce Online Merchant 3.0.2 - XSS
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
CVE-2012-1119
WRITEUP
MantisBT < 1.2.9 - Unauthenticated Bug Report Copy Without Audit Log
MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection.
CVE-2012-1171
WRITEUP
PHP 5.x - Unauthenticated Arbitrary File Read via libxml Custom Stream Wrapper
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
CVE-2012-1188
WRITEUP
Fork CMS < 3.2.7 - Cross-Site Scripting via Type, Querystring, or Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
CVE-2012-1208
WRITEUP
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
CVE-2012-1209
WRITEUP
fork-cms < 3.2.5 - Cross-Site Scripting via Highlight Parameter
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
By Source