Writeup Exploits

62,915 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-13574 WRITEUP HIGH
MiniMagick < 4.9.4 - Remote Code Execution via Image.open Kernel#open Command Injection
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
CVSS 7.8
CVE-2019-13575 WRITEUP CRITICAL
WPEverest Everest Forms <1.4.9 - SQL Injection
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php
CVSS 9.8
CVE-2019-13578 WRITEUP CRITICAL
Impress GiveWP Give <2.5.0 - SQL Injection
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
CVSS 9.8
CVE-2019-13605 WRITEUP HIGH
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
CVSS 8.8
CVE-2019-13615 WRITEUP MEDIUM
VLC Media Player < 3.0.3 - Out-of-bounds Read in MKV Module
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
CVSS 5.5
CVE-2019-13977 WRITEUP MEDIUM
Ovidentia 8.4.3 - Cross-Site Scripting via Multiple Parameters
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVSS 5.4
CVE-2019-14206 WRITEUP HIGH
Nevma Adaptive Images <0.6.67 - Privilege Escalation
An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.
CVSS 7.5
CVE-2019-14221 WRITEUP MEDIUM
1CRM On-Premise Software 8.5.7 - XSS
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
CVSS 5.4
CVE-2019-14267 WRITEUP HIGH
PDFResurrect 0.15 - Buffer Overflow
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
CVSS 7.8
CVE-2019-14280 WRITEUP MEDIUM
Craft <2.7.10-3.2.6 - Info Disclosure
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
CVSS 5.3
CVE-2019-14312 WRITEUP MEDIUM
Aptana Jaxer 1.0.3.4547 - Info Disclosure
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
CVSS 6.5
CVE-2019-14319 WRITEUP MEDIUM
TikTok 12.2.0 - Cleartext Transmission of Sensitive Information
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
CVSS 6.5
CVE-2019-14345 WRITEUP CRITICAL
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
CVSS 9.8
CVE-2019-14343 WRITEUP MEDIUM
TemaTres 3.0 - Stored Cross-Site Scripting via value Parameter
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
CVSS 5.4
CVE-2019-14347 WRITEUP HIGH
Schben Adive < 2.0.7 - Privilege Escalation via User Addition
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
CVSS 8.8
CVE-2019-14367 WRITEUP HIGH
Slack-Chat <1.5.5 - Info Disclosure
Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
CVSS 7.5
CVE-2019-14430 WRITEUP MEDIUM
YouPHPTube < 7.2 - SQL Injection in AuditTable.php
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
CVSS 5.3
CVE-2019-14439 WRITEUP HIGH
FasterXML jackson-databind <2.9.9.2 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS 7.5
CVE-2019-14452 WRITEUP HIGH
Sigil < 0.9.16 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVSS 7.5
CVE-2019-14462 WRITEUP CRITICAL
libmodbus <3.0.7, <3.1.5 - Info Disclosure
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
CVSS 9.1
CVE-2019-14470 WRITEUP MEDIUM
cosenary Instagram-PHP-API <4.9.32 - XSS
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
CVSS 6.1
CVE-2019-14512 WRITEUP MEDIUM
LimeSurvey 3.17.7+190627 - Cross-Site Scripting via Boxes or Label Title
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
CVSS 6.1
CVE-2019-14521 WRITEUP HIGH
EMCA Energy Logserver 6.1.2 - Path Traversal
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
CVSS 7.5
CVE-2019-14530 WRITEUP HIGH
OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS 8.8
CVE-2020-27388 WRITEUP MEDIUM
YOURLS 1.5-1.7.10 - Authenticated Stored Cross-Site Scripting via Plugin Upload
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVSS 5.4