Writeup Exploits

62,702 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-1967 WRITEUP
mediaelement.js < 2.11.2 - Cross-Site Scripting via flashmediaelement.swf File Parameter
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2013-2006 WRITEUP
OpenStack Keystone 2013.1.1 - Sensitive Information Exposure via DEBUG Mode Logging
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-2012 WRITEUP HIGH
autojump < 21.5.8 - Privilege Escalation via Trojan Horse Custom Install Directory
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
CVSS 7.3
CVE-2013-2023 WRITEUP
jPlayer < 2.3.0 - Cross-Site Scripting in Flash SWF Component
Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.
CVE-2013-2094 WRITEUP HIGH
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
CVSS 8.4
CVE-2013-2138 WRITEUP
Gallery < 3.0.8 - Unspecified Impact via SWF Query Parameter Replay
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVE-2013-2145 WRITEUP
Canonical Ubuntu Linux < 0.72 - Improper Input Validation
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
CVE-2013-2182 WRITEUP
monkey-project/monkey < 1.4.0 - Remote Access Restriction Bypass via Crafted URI
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
CVE-2013-2492 WRITEUP
Firebird <2.1.5-2.5.3 - Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
CVE-2013-2559 WRITEUP
Symphony CMS <2.3.2 - SQL Injection
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2013-2596 WRITEUP HIGH
Linux kernel <3.8.9 - Privilege Escalation
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
CVSS 7.8
CVE-2013-2653 WRITEUP
SilverStripe 3.0.3 - Phishing Attack via GET Request Login
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.
CVE-2013-2765 WRITEUP
ModSecurity < 2.7.4 - Denial of Service via Crafted Content-Type Header
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2023-24021 WRITEUP HIGH
ModSecurity <2.9.7 - Buffer Overflow
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVSS 7.5
CVE-2023-24021 WRITEUP HIGH
ModSecurity <2.9.7 - Buffer Overflow
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVSS 7.5
CVE-2023-24021 WRITEUP HIGH
ModSecurity <2.9.7 - Buffer Overflow
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVSS 7.5
CVE-2022-48279 WRITEUP HIGH
ModSecurity < 2.9.6 and 3.0.0-3.0.7 - Web Application Firewall Bypass via HTTP Multipart Request Parsing
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVSS 7.5
CVE-2022-48279 WRITEUP HIGH
ModSecurity < 2.9.6 and 3.0.0-3.0.7 - Web Application Firewall Bypass via HTTP Multipart Request Parsing
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVSS 7.5
CVE-2022-48279 WRITEUP HIGH
ModSecurity < 2.9.6 and 3.0.0-3.0.7 - Web Application Firewall Bypass via HTTP Multipart Request Parsing
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVSS 7.5
CVE-2022-48279 WRITEUP HIGH
ModSecurity < 2.9.6 and 3.0.0-3.0.7 - Web Application Firewall Bypass via HTTP Multipart Request Parsing
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVSS 7.5
CVE-2019-25043 WRITEUP MEDIUM
ModSecurity <3.0.4 - Buffer Overflow
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVSS 5.3
CVE-2018-13065 WRITEUP MEDIUM
ModSecurity 3.0.0 - Cross-Site Scripting via IMG onerror Attribute
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
CVSS 6.1
CVE-2013-2765 WRITEUP
ModSecurity < 2.7.4 - Denial of Service via Crafted Content-Type Header
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2013-2765 WRITEUP
ModSecurity < 2.7.4 - Denial of Service via Crafted Content-Type Header
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2013-1915 WRITEUP
ModSecurity < 2.7.3 - XML External Entity Injection
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.