Writeup Exploits

62,915 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-10871 WRITEUP MEDIUM
OpenWrt LuCI git-20.x - Info Disclosure
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVSS 5.3
CVE-2019-12272 WRITEUP CRITICAL
OpenWrt LuCI <0.10 - Command Injection
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
CVSS 9.8
CVE-2019-12272 WRITEUP CRITICAL
OpenWrt LuCI <0.10 - Command Injection
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
CVSS 9.8
CVE-2019-12276 WRITEUP HIGH
GrandNode 4.40 - Unauthenticated Path Traversal via LetsEncrypt Controller
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
CVSS 7.5
CVE-2019-12279 WRITEUP CRITICAL
Nagios XI 5.6.1 - SQL Injection via Username Parameter in Password Reset Form
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
CVSS 9.8
CVE-2019-12290 WRITEUP HIGH
GNU libidn2 < 2.2.0 - Domain Impersonation via Punycode Unicode Conversion Bypass
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVSS 7.5
CVE-2019-12314 WRITEUP CRITICAL
Deltek Maconomy 2.2.5 - Path Traversal
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
CVSS 9.8
CVE-2019-12347 WRITEUP MEDIUM
pfSense 2.4.4-p3 - Stored Cross-Site Scripting via ACME Account Name or Description Field
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
CVSS 6.1
CVE-2019-12460 WRITEUP MEDIUM
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
CVSS 6.1
CVE-2019-12461 WRITEUP MEDIUM
WebPort 1.19.1 - Cross-Site Scripting via Log Type Parameter
Web Port 1.19.1 allows XSS via the /log type parameter.
CVSS 6.1
CVE-2019-12476 WRITEUP MEDIUM
ManageEngine ADSelfService Plus < 5.0.6 - Authentication Bypass via Password Reset Keyboard Input Sequence
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboard input.
CVSS 6.8
CVE-2019-12593 WRITEUP HIGH
IceWarp Mail Server <= 10.4.4 - Local File Inclusion via Webmail Calendar Minimizer
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVSS 7.5
CVE-2019-12735 WRITEUP HIGH
Vim < 8.1.1365 and Neovim < 0.3.6 - OS Command Injection via Modeline :source! Command
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
CVSS 8.6
CVE-2019-12788 WRITEUP HIGH
Photodex ProShow Producer 9.0.3797 - Out-of-bounds Write via Crafted File
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
CVSS 7.8
CVE-2019-12823 WRITEUP MEDIUM
Craft CMS < 3.1.31 - Cross-Site Scripting via XML Feed
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS 6.1
CVE-2019-12836 WRITEUP HIGH
Bobronix JEditor < 3.0.6 - Cross-Site Request Forgery via URL/Link in Issue
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.
CVSS 8.8
CVE-2019-12904 WRITEUP MEDIUM
Libgcrypt 1.8.4 - Information Exposure via Flush-and-Reload Side-Channel Attack
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
CVSS 5.9
CVE-2019-12905 WRITEUP MEDIUM
FileRun 2019.05.21 - Cross-Site Scripting via Filename Upload Parameter
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVSS 6.1
CVE-2019-12922 WRITEUP MEDIUM
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery in Setup Page
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
CVSS 6.5
CVE-2019-12937 WRITEUP HIGH
ToaruOS < 1.10.9 - Local Privilege Escalation via gsudo DISPLAY Environment Variable
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
CVSS 7.8
CVE-2019-12968 WRITEUP MEDIUM
Doomseeker 1.1-1.2 - Denial of Service via SRB2 Plugin IP Packet Length Handling
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.
CVSS 5.3
CVE-2024-38359 WRITEUP MEDIUM
Lightning Network Daemon <0.17.0 - DoS
The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation.
CVSS 6.5
CVE-2024-38359 WRITEUP MEDIUM
Lightning Network Daemon <0.17.0 - DoS
The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation.
CVSS 6.5
CVE-2022-44797 WRITEUP CRITICAL
btcd < 0.23.2 - Denial of Service via Witness Size Check Mishandling
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
CVSS 9.8
CVE-2022-44797 WRITEUP CRITICAL
btcd < 0.23.2 - Denial of Service via Witness Size Check Mishandling
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
CVSS 9.8