Writeup Exploits

62,698 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5642 WRITEUP
fail2ban < 0.8.8 - Unsafe Custom Action Execution via Matches Tag Content
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
CVE-2012-5665 WRITEUP
ownCloud <4.0.10-4.5.5 - Info Disclosure
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
CVE-2012-5967 WRITEUP
Centreon 2.3.3-2.3.9-4 - Authenticated SQL Injection via menuXML.php menu Parameter
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
CVE-2012-6109 WRITEUP
Rack < 1.1.4, 1.2.x < 1.2.6, 1.3.x < 1.3.7, 1.4.x < 1.4.2 - Denial of Service via Crafted Content-Disposition Header
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
CVE-2016-3072 WRITEUP HIGH
Katello - Authenticated SQL Injection via Scoped Search Parameters
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
CVSS 8.8
CVE-2012-6116 WRITEUP
katello-configure < 1.3.3.pulpv2 - Unauthenticated Arbitrary File Write via Weak Candlepin Bootstrap RPM Permissions
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
CVE-2012-5561 WRITEUP
Katello 1.1 - Unauthorized Exposure of Sensitive Information via World-Readable Passphrase File
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
CVE-2012-3503 WRITEUP CRITICAL
Katello < 1.0 - Use of Hard-coded Credentials in Installation Script
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVSS 9.8
CVE-2012-6119 WRITEUP
Candlepin < 0.7.24 - Manifest Signature Validation Bypass
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
CVE-2012-6537 WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized Structures in xfrm_user
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6544 WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6546 WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized ATM Structures
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6550 WRITEUP
ZeroClipboard < 1.1.4 - Cross-Site Scripting via Flash Object clipText
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
CVE-2012-6662 WRITEUP
Redhat Enterprise Linux Desktop < 1.10.0 - XSS
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
CVE-2012-6708 WRITEUP MEDIUM
jQuery < 1.9.0 - Cross-Site Scripting via jQuery(strInput) Function
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CVSS 6.1
CVE-2013-0158 WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0183 WRITEUP
Rack 1.3.0-1.3.7 and 1.4.0-1.4.2 - Denial of Service via Long String in Multipart HTTP Packet
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
CVE-2013-0201 WRITEUP
ownCloud < 4.0.10 - Cross-Site Scripting via QUERY_STRING, mime, or token Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
CVE-2013-0208 WRITEUP
OpenStack Compute (Nova) Folsom and Essex - Authenticated Volume Access Bypass via block_device_mapping Parameter
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
CVE-2013-0212 WRITEUP
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2013-0234 WRITEUP
Elgg < 1.7.17 and 1.8.x < 1.8.13 - Cross-Site Scripting via Twitter Widget params[twitter_username] Parameter
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
CVE-2013-0262 WRITEUP
Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
CVE-2013-0262 WRITEUP
Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
CVE-2013-0263 WRITEUP
Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.