Writeup Exploits
50,618 exploits tracked across all sources.
Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS 8.8
B1 Free Archiver 1.5.86 - Auth Bypass
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS 8.8
Cockpit <0.12.2 - XSS
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
CVSS 6.1
Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS 8.8
Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS 8.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Cockpit <0.6.1 - RCE
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
Cockpit <0.6.1 - RCE
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
Agentejo Cockpit - XSS
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
CVSS 6.1
NousResearch hermes-agent file_tools.py _check_sensitive_path symlink
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.
CVSS 4.4
geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
UTT HiPER 1250GW NTP strcpy buffer overflow
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
By Source