Writeup Exploits

62,994 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-15480 WRITEUP HIGH
PassMark BurnInTest, OSForensics, and PerformanceTest <9.1 <7.1 <10 - Arbitrary Ring-0 Code Execution
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
CVSS 8.8
CVE-2020-15532 WRITEUP MEDIUM
Silicon Labs Bluetooth Low Energy SDK < 2.13.3.0 - Buffer Overflow via Packet Data
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
CVSS 6.5
CVE-2020-15531 WRITEUP HIGH
Silicon Labs Bluetooth Low Energy SDK < 2.13.3.0 - Remote Code Execution via Packet Data Buffer Overflow
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
CVSS 8.8
CVE-2019-15948 WRITEUP HIGH
Texas Instruments CC256x/WL18xx - Buffer Overflow
Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.
CVSS 8.8
CVE-2020-15570 WRITEUP MEDIUM
whoopsie < 0.2.69 - Denial of Service via Malformed Crash File
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVSS 5.5
CVE-2020-15690 WRITEUP CRITICAL
nim < 1.2.6 - CRLF Injection in asyncftpclient
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
CVSS 9.8
CVE-2017-8798 WRITEUP CRITICAL
MiniUPnP MiniUPnPc 1.4.20101221-2.0 - Denial of Service via Integer Signedness Error
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
CVE-2017-18016 WRITEUP MEDIUM
Parity Browser <= 1.6.10 - Origin Validation Error via Web Proxy Engine
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
CVSS 5.3
CVE-2017-16930 WRITEUP CRITICAL
Claymore Dual GPU Miner 10.1 - Remote Code Execution via Stack-Based Buffer Overflow
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
CVSS 9.8
CVE-2017-16929 WRITEUP HIGH
Claymore Dual GPU miner 10.1 - Path Traversal
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
CVSS 8.1
CVE-2016-5725 WRITEUP MEDIUM
JCraft JSch <0.1.54 - Path Traversal
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVSS 5.9
CVE-2016-3116 WRITEUP MEDIUM
Dropbear SSH <2016.72 - Auth Bypass
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVSS 6.4
CVE-2016-3115 WRITEUP MEDIUM
OpenSSH < 7.2 - Authenticated Command Restriction Bypass via X11 Forwarding CRLF Injection
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVSS 6.4
CVE-2016-2563 WRITEUP CRITICAL
9bis kitty < 0.66.6.3 - Stack-based Buffer Overflow via SCP-SINK File-Size Response
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
CVSS 9.8
CVE-2014-2023 WRITEUP CRITICAL
Tapatalk plugin <4.9.0, 5.x-5.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVSS 9.8
CVE-2014-2022 WRITEUP
vBulletin < 4.2.2 - Authenticated SQL Injection via XMLRPC API conceptid Argument
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVE-2014-2021 WRITEUP
vBulletin < 4.2.2 and 5.0.x-5.0.5 - Authenticated Stored Cross-Site Scripting via XMLRPC API Client Name
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.
CVE-2020-15716 WRITEUP MEDIUM
RosarioSIS 6.7.2 - Cross-Site Scripting via Preferences.php Tab Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
CVSS 6.1
CVE-2020-15716 WRITEUP MEDIUM
RosarioSIS 6.7.2 - Cross-Site Scripting via Preferences.php Tab Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
CVSS 6.1
CVE-2020-15717 WRITEUP MEDIUM
RosarioSIS 6.7.2 - Cross-Site Scripting via Search.inc.php Advanced Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
CVSS 6.1
CVE-2020-15718 WRITEUP MEDIUM
RosarioSIS 6.7.2 - Cross-Site Scripting via PrintSchedules.php include_inactive Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS 6.1
CVE-2020-15718 WRITEUP MEDIUM
RosarioSIS 6.7.2 - Cross-Site Scripting via PrintSchedules.php include_inactive Parameter
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS 6.1
CVE-2020-15721 WRITEUP MEDIUM
RosarioSIS < 6.8 - Cross-Site Scripting via NotifyParents.php href Attributes
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVSS 6.1
CVE-2020-15778 WRITEUP HIGH
OpenSSH <= 8.3p1 - OS Command Injection via scp Destination Argument
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVSS 7.4
CVE-2020-15873 WRITEUP MEDIUM
LibreNMS < 1.65.1 - Authenticated SQL Injection via device_id POST Parameter
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS 6.5