Writeup Exploits

62,967 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25016 WRITEUP HIGH
OpenDoas <6.9 - Privilege Escalation
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
CVSS 8.8
CVE-2019-25024 WRITEUP CRITICAL
OpenRepeater <2.2 - Command Injection
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
CVSS 9.8
CVE-2019-25050 WRITEUP HIGH
GDAL 2.4.2-3.0.4 - Stack-based Buffer Overflow in netCDF Dataset Handling
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
CVSS 7.8
CVE-2019-25050 WRITEUP HIGH
GDAL 2.4.2-3.0.4 - Stack-based Buffer Overflow in netCDF Dataset Handling
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
CVSS 7.8
CVE-2019-25137 WRITEUP HIGH
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
CVSS 7.2
CVE-2019-25260 WRITEUP HIGH
OXID eShop 6.x < 6.3.4 - SQL Injection via Sorting Parameter
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
CVSS 8.2
CVE-2019-25294 WRITEUP MEDIUM
html5_snmp 1.11 - Stored Cross-Site Scripting via Remark Parameter
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victim browsers when the page is loaded.
CVSS 6.1
CVE-2019-25298 WRITEUP CRITICAL
html5_snmp 1.11 - SQL Injection via Router_ID and Router_IP Parameters
html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.
CVSS 9.1
CVE-2019-25299 WRITEUP HIGH
RimbaLinux AhadPOS 1.11 - SQL Injection
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database.
CVSS 7.1
CVE-2019-25301 WRITEUP MEDIUM
Millhouse Project 1.414 - Stored Cross-Site Scripting via Comment Content Parameter
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute arbitrary scripts in victim browsers.
CVSS 6.4
CVE-2019-25303 WRITEUP HIGH
TheJshen ContentManagementSystem 1.04 - SQL Injection
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information by crafting malicious query payloads.
CVSS 7.1
CVE-2019-25300 WRITEUP HIGH
Globitek CMS 1.4 - SQL Injection via 'id' GET Parameter
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information.
CVSS 7.1
CVE-2019-25311 WRITEUP MEDIUM
thesystem 1.0 - Stored Cross-Site Scripting via Operating System Parameter
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
CVSS 6.4
CVE-2019-25312 WRITEUP MEDIUM
InoERP 0.7.2 - Unauthenticated Stored Cross-Site Scripting in Comment Section
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
CVSS 5.4
CVE-2019-25315 WRITEUP MEDIUM
WordPress Server Log Viewer 1.0 - XSS
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
CVSS 6.4
CVE-2020-19825 WRITEUP CRITICAL
kimai < 1.1 - Cross-Site Scripting in MarkdownExtension
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.
CVSS 9.6
CVE-2019-25317 WRITEUP MEDIUM
Kimai < 1.1 - Stored Cross-Site Scripting via Timesheet Description
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
CVSS 6.4
CVE-2019-25317 WRITEUP MEDIUM
Kimai < 1.1 - Stored Cross-Site Scripting via Timesheet Description
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
CVSS 6.4
CVE-2019-15481 WRITEUP MEDIUM
Kimai v2 < 1.1 - Stored Cross-Site Scripting via Timesheet Description
Kimai v2 before 1.1 has XSS via a timesheet description.
CVSS 6.1
CVE-2019-15481 WRITEUP MEDIUM
Kimai v2 < 1.1 - Stored Cross-Site Scripting via Timesheet Description
Kimai v2 before 1.1 has XSS via a timesheet description.
CVSS 6.1
CVE-2019-25346 WRITEUP HIGH
TheSystem 1.0 - SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
CVSS 7.5
CVE-2019-25347 WRITEUP HIGH
thesystem App 1.0 - SQL Injection
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.
CVSS 7.5
CVE-2019-3553 WRITEUP HIGH
Facebook Thrift < 2020.02.03.00 - Denial of Service via Oversized Container Declaration
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
CVSS 7.5
CVE-2019-5489 WRITEUP MEDIUM
Linux Kernel < 4.19.13 - Information Disclosure via mincore() Page Cache Access
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
CVSS 5.5
CVE-2019-5736 WRITEUP HIGH
Docker Container Escape Via runC Overwrite
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVSS 8.6