Writeup Exploits

62,992 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-9592 WRITEUP MEDIUM
ShoreTel Connect ONSITE <19.45.1602.0 - XSS
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS 6.1
CVE-2019-9593 WRITEUP MEDIUM
ShoreTel Connect ONSITE <18.82.2000.0 - XSS
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS 6.1
CVE-2019-9596 WRITEUP MEDIUM
Darktrace Enterprise Immune System <3.1 - CSRF
Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.
CVSS 6.5
CVE-2019-9625 WRITEUP HIGH
DirectAdmin 1.55 - Cross-Site Request Forgery via CMD_ACCOUNT_ADMIN URI
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVSS 8.8
CVE-2019-9719 WRITEUP HIGH
Libav < 12.3 - Stack-based Buffer Overflow in Subtitle Decoder
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
CVSS 8.8
CVE-2019-9729 WRITEUP HIGH
Shanda MapleStory Online V160 - Privilege Escalation
In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.
CVSS 7.8
CVE-2019-9745 WRITEUP HIGH
CloudCTI HIP Integrator Recognition Configuration Tool - Privilege Escalation
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user.
CVSS 7.8
CVE-2019-9760 WRITEUP CRITICAL
FTPGetter Standard <5.97.0.177 - RCE
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
CVSS 9.8
CVE-2019-9787 WRITEUP HIGH
WordPress < 5.1.1 - Unauthenticated Remote Code Execution via CSRF and XSS in Comment Handling
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
CVSS 8.8
CVE-2019-9843 WRITEUP HIGH
DiffPlug Spotless <1.20.0/<3.20.0 - Info Disclosure
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file.
CVSS 7.5
CVE-2019-9881 WRITEUP MEDIUM
WPGraphQL 0.2.3 - Unauthenticated Comment Posting via createComment Mutation
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
CVSS 5.3
CVE-2019-9960 WRITEUP CRITICAL
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
CVSS 9.8
CVE-2020-10213 WRITEUP HIGH
D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 - OS Command Injection via wps_sta_enrollee_pin Parameter
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS 8.8
CVE-2020-10215 WRITEUP HIGH
D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 - OS Command Injection via dns_query_name Parameter
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS 8.8
CVE-2020-10216 WRITEUP HIGH
D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 - OS Command Injection via Date Parameter
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVSS 8.8
CVE-2023-29770 WRITEUP HIGH
Sentrifugo 3.5 - Authenticated Unrestricted File Upload via AssetsController
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
CVSS 8.8
CVE-2020-10218 WRITEUP MEDIUM
Sapplica Sentrifugo 3.2 - Blind SQL Injection via HolidaydatesController addAction Function
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
CVSS 6.5
CVE-2020-10220 WRITEUP CRITICAL
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2020-10221 WRITEUP HIGH
rconfig < 3.9.4 - Authenticated Remote Code Execution via fileName POST Parameter
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
CVSS 8.8
CVE-2020-10235 WRITEUP HIGH
Froxlor < 0.10.14 - Remote Code Execution via Database Configuration Options
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
CVSS 8.8
CVE-2020-10378 WRITEUP MEDIUM
Pillow < 7.1.0 - Out-of-bounds Read in PCX Image Decoder
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
CVSS 5.5
CVE-2020-10379 WRITEUP HIGH
Pillow < 7.1.0 - Buffer Overflow in libImaging/TiffDecode.c
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS 7.8
CVE-2020-10560 WRITEUP MEDIUM
Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
CVSS 5.9
CVE-2020-10587 WRITEUP HIGH
antiX and MX Linux - Privilege Escalation
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
CVSS 7.8
CVE-2020-10659 WRITEUP MEDIUM
Entrust Entelligence Security Provider <10.0.60 - Info Disclosure
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.
CVSS 4.3