Writeup Exploits

62,967 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-19470 WRITEUP HIGH
TinyWall <2.1.12 - Privilege Escalation
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.
CVSS 7.8
CVE-2019-19494 WRITEUP HIGH
Broadcom based cable modems - Buffer Overflow
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVSS 8.8
CVE-2019-19509 WRITEUP HIGH
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2019-19550 WRITEUP HIGH
Senior Rubiweb <6.2.34.28,6.2.34.37 - Auth Bypass
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL.
CVSS 7.5
CVE-2019-19576 WRITEUP CRITICAL
verot.net class.upload <2.0.4 - Info Disclosure
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
CVSS 9.8
CVE-2019-19576 WRITEUP CRITICAL
verot.net class.upload <2.0.4 - Info Disclosure
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
CVSS 9.8
CVE-2019-19634 WRITEUP CRITICAL
verot.net class.upload <2.0.4 - Info Disclosure
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
CVSS 9.8
CVE-2019-19646 WRITEUP CRITICAL
SQLite < 3.30.1 - Denial of Service via Integrity Check PRAGMA with Generated Columns
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVSS 9.8
CVE-2019-19659 WRITEUP HIGH
Rumpus FTP Server 8.2.9.1 - Cross-Site Request Forgery in Web File Manager Edit Accounts
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
CVSS 8.8
CVE-2019-19661 WRITEUP MEDIUM
Rumpus FTP Server 8.2.9.1 - Unauthenticated Reflected Cross-Site Scripting via Cookie
A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp.
CVSS 6.1
CVE-2019-19662 WRITEUP MEDIUM
Rumpus FTP Server 8.2.9.1 - Cross-Site Request Forgery via Web File Manager Account Management
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.
CVSS 6.5
CVE-2019-19663 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Folder Sets Settings
A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
CVSS 6.5
CVE-2019-19664 WRITEUP HIGH
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Web Settings
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.
CVSS 7.1
CVE-2019-19665 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in FTP Settings
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
CVSS 6.5
CVE-2019-19666 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Event Notices Settings
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.
CVSS 4.3
CVE-2019-19667 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in Block Clients Component
A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.
CVSS 5.4
CVE-2019-19668 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in File Types Component
A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.
CVSS 4.3
CVE-2019-19669 WRITEUP MEDIUM
Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery via Upload Center Forms Component
A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.
CVSS 6.5
CVE-2019-19670 WRITEUP MEDIUM
Rumpus FTP Server 8.2.9.1 - HTTP Response Splitting via ExtraHTTPHeader
A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.
CVSS 6.1
CVE-2019-19740 WRITEUP CRITICAL
Octeth Oempro 4.7-4.8 - SQL Injection via CampaignID Parameter
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVSS 9.8
CVE-2019-19774 WRITEUP HIGH
Zoho ManageEngine EventLog Analyzer <10.0 SP1 Build 12110 - Information Disclosure
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
CVSS 8.8
CVE-2019-19782 WRITEUP CRITICAL
Aceaxe Plus 1.0 - Buffer Overflow via Long EHLO Response
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
CVSS 9.8
CVE-2019-19800 WRITEUP MEDIUM
Zoho ManageEngine Applications Manager 14 < 14520 - Unauthenticated OS File Name Disclosure via FailOverHelperServlet
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
CVSS 5.3
CVE-2019-19905 WRITEUP CRITICAL
NetHack 3.6.0-3.6.3 - Buffer Overflow via Long Configuration File Lines
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.
CVSS 9.8
CVE-2019-19927 WRITEUP MEDIUM
Linux Kernel 5.0.0-rc7 - Out-of-bounds Read in ttm_put_pages
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.
CVSS 6.0