Writeup Exploits

62,915 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-13223 WRITEUP MEDIUM
stb_vorbis < 2019-03-04 - Denial of Service via Crafted Ogg Vorbis File
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
CVSS 5.5
CVE-2019-13235 WRITEUP MEDIUM
Alkacon OpenCms Apollo Template 10.5.4-10.5.5 - Cross-Site Scripting in Login Form
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
CVSS 6.1
CVE-2023-31544 WRITEUP MEDIUM
alkacon OpenCMS 11.0.0.0 - Stored Cross-Site Scripting via Upload Image Title Field
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
CVSS 5.4
CVE-2021-3312 WRITEUP MEDIUM
Alkacon OpenCms 11.0-11.0.2 - Authenticated XML External Entity Injection via SVG Upload
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
CVSS 6.5
CVE-2021-3312 WRITEUP MEDIUM
Alkacon OpenCms 11.0-11.0.2 - Authenticated XML External Entity Injection via SVG Upload
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
CVSS 6.5
CVE-2019-13237 WRITEUP MEDIUM
Alkacon OpenCms 10.5.4-10.5.5 - Local File Inclusion via Multiple Admin Endpoints
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
CVSS 4.3
CVE-2019-13236 WRITEUP MEDIUM
Alkacon OpenCms 10.5.4-10.5.5 - Reflected and Stored Cross-Site Scripting in Management Interface
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
CVSS 6.1
CVE-2019-11819 WRITEUP HIGH
Alkacon OpenCMS <10.5.4 - Code Injection
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
CVSS 7.8
CVE-2019-11818 WRITEUP MEDIUM
Alkacon OpenCMS < 10.5.4 - Stored Cross-Site Scripting in New User Module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
CVSS 6.1
CVE-2018-8815 WRITEUP MEDIUM
Alkacon OpenCMS 10.5.3 - Cross-Site Scripting via SVG Image in Gallery Function
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVSS 4.6
CVE-2018-8811 WRITEUP HIGH
OpenCMS 10.5.3 - Cross-Site Request Forgery in User Role Management
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content manager
CVSS 8.8
CVE-2015-2351 WRITEUP
Alkacon OpenCms < 9.5.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp.
CVE-2013-4600 WRITEUP
OpenCms < 8.5.2 - Cross-Site Scripting via Title or RequestedResource Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.
CVE-2019-13240 WRITEUP MEDIUM
GLPI < 9.4.1 - Weak Password Recovery Mechanism for Forgotten Password
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
CVSS 5.9
CVE-2019-13272 WRITEUP HIGH
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVSS 7.8
CVE-2019-13288 WRITEUP MEDIUM
Glyphandcog Xpdfreader - Denial of Service
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
CVSS 5.5
CVE-2019-13343 WRITEUP HIGH
Butor Portal < 1.0.27 - Path Traversal & Arbitrary File Download via WhiteLabelingServlet
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.
CVSS 7.5
CVE-2019-13359 WRITEUP HIGH
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
CVSS 7.5
CVE-2019-13361 WRITEUP MEDIUM
Smanos W100 1.0.0 - Improper Authentication
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.
CVSS 6.5
CVE-2019-13372 WRITEUP CRITICAL
D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CVSS 9.8
CVE-2019-13373 WRITEUP CRITICAL
D-Link Central WiFiManager - SQL Injection via dbSQL Parameter
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
CVSS 9.8
CVE-2019-13383 WRITEUP MEDIUM
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
CVSS 5.3
CVE-2019-13403 WRITEUP HIGH
Temenos CWX 8.9 - Broken Access Control in EmployeeEdit2.aspx
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.
CVSS 7.5
CVE-2019-13568 WRITEUP HIGH
CImg < 2.6.7 - Heap-Based Buffer Overflow in BMP Image Loading
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
CVSS 8.8
CVE-2019-13571 WRITEUP CRITICAL
Vsourz Digital Advanced CF7 DB <1.6.1 - SQL Injection
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVSS 9.8