Writeup Exploits

62,994 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-13381 WRITEUP CRITICAL
openSIS <= 7.4 - SQL Injection
openSIS through 7.4 allows SQL Injection.
CVSS 9.8
CVE-2020-13396 WRITEUP HIGH
FreeRDP < 2.1.1 - Out-of-bounds Read in NTLM Challenge Message
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVSS 7.1
CVE-2020-13397 WRITEUP MEDIUM
FreeRDP < 2.1.1 - Out-of-bounds Read in security_fips_decrypt
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
CVSS 5.5
CVE-2020-13398 WRITEUP HIGH
FreeRDP < 2.1.1 - Out-of-bounds Write in crypto_rsa_common
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVSS 8.3
CVE-2020-13405 WRITEUP HIGH
Microweber <1.1.20 - Info Disclosure
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
CVSS 7.5
CVE-2020-13700 WRITEUP HIGH
acf-to-rest-api < 3.1.0 - Insecure Direct Object Reference via Permalinks Manipulation
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
CVSS 7.5
CVE-2020-13702 WRITEUP MEDIUM
The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVSS 4.3
CVE-2020-13702 WRITEUP MEDIUM
The Rolling Proximity Identifier < 2020-05-29 - Exposure of Sensitive Information via Bluetooth LE Discovery
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVSS 4.3
CVE-2020-13756 WRITEUP CRITICAL
sabberworm/php_css_parser < 8.3.1 - Remote Code Execution via eval in allSelectors or getSelectorsBySpecificity
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
CVSS 9.8
CVE-2020-13775 WRITEUP MEDIUM
ZNC 1.8.0-1.8.1-rc1 - Authenticated Denial of Service via NULL Pointer Dereference
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
CVSS 6.5
CVE-2020-13886 WRITEUP MEDIUM
Intelbras TIP 200/TIP 200 LITE 60.61.75.15 & TIP 300 65.61.75.22 - Path Traversal
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
CVSS 5.3
CVE-2020-13898 WRITEUP HIGH
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in SDP Processing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
CVSS 7.5
CVE-2020-13898 WRITEUP HIGH
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in SDP Processing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
CVSS 7.5
CVE-2020-13900 WRITEUP HIGH
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in janus_sdp_preparse
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
CVSS 7.5
CVE-2020-13901 WRITEUP CRITICAL
meetecho janus 0.3.0-0.10.0 - Stack-based Buffer Overflow in janus_sdp_merge
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.
CVSS 9.8
CVE-2020-13900 WRITEUP HIGH
Janus WebRTC Server 0.9.0-0.10.0 - NULL Pointer Dereference in janus_sdp_preparse
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
CVSS 7.5
CVE-2020-13899 WRITEUP HIGH
meetecho janus 0.9.0-0.10.0 - Information Disclosure via Uninitialized Stack Memory
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
CVSS 7.5
CVE-2020-13965 WRITEUP MEDIUM
Roundcube Webmail < 1.3.12 and 1.4.x < 1.4.5 - Stored Cross-Site Scripting via XML Attachment Preview
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVSS 6.1
CVE-2020-14001 WRITEUP CRITICAL
kramdown < 2.3.0 - Unauthenticated Arbitrary File Read and Remote Code Execution via Template Option
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
CVSS 9.8
CVE-2020-14033 WRITEUP CRITICAL
meetecho janus < 0.10.0 - Buffer Overflow via RTSP Server SDP Parsing
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.
CVSS 9.8
CVE-2020-14034 WRITEUP CRITICAL
meetecho janus < 0.10.0 - Buffer Overflow via SDP Offer Packet
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.
CVSS 9.8
CVE-2020-14064 WRITEUP MEDIUM
IceWarp Email Server 12.3.0.1 - Incorrect Access Control
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
CVSS 6.5
CVE-2020-14065 WRITEUP MEDIUM
IceWarp Mail Server 12.3.0.1 - Unrestricted File Upload
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
CVSS 6.5
CVE-2020-14066 WRITEUP HIGH
IceWarp Mail Server 12.3.0.1 - Unrestricted Upload of JavaScript Files
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVSS 8.8
CVE-2020-14073 WRITEUP MEDIUM
PRTG Network Monitor 20.1.56.1574 - Authenticated Stored Cross-Site Scripting via Map Designer Properties
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
CVSS 5.4