Writeup Exploits

63,017 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-15904 WRITEUP HIGH
bsdiff4 < 1.2.0 - Out-of-bounds Write via Crafted Patch File
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
CVSS 7.8
CVE-2020-16125 WRITEUP HIGH
gnome_display_manager < 3.36.2 - Local Privilege Escalation via Unresponsive Accounts Daemon
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVSS 7.2
CVE-2020-16126 WRITEUP LOW
accountsservice < 0.6.55 - Denial of Service via Improper Privilege Management
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
CVSS 3.3
CVE-2020-16145 WRITEUP MEDIUM
Roundcube Webmail < 1.3.15 and 1.4.8 - Stored Cross-Site Scripting via SVG in HTML Messages
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVSS 6.1
CVE-2020-16161 WRITEUP HIGH
GoPro gpmf-parser 1.5 - Denial of Service via Division By Zero in GPMF_ScaledData()
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
CVSS 7.5
CVE-2020-17453 WRITEUP MEDIUM
WSO2 Management Console <5.10 - XSS
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVSS 6.1
CVE-2020-17456 WRITEUP CRITICAL
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
CVSS 9.8
CVE-2020-17494 WRITEUP MEDIUM
Untangle Firewall NG <16.0 - Info Disclosure
Untangle Firewall NG before 16.0 uses MD5 for passwords.
CVSS 5.3
CVE-2020-1712 WRITEUP HIGH
systemd < 245-rc1 - Use-After-Free via Asynchronous Polkit Queries
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVSS 7.8
CVE-2020-18418 WRITEUP HIGH
FeiFeiCMS v4.1.190209 - Cross-Site Request Forgery via Admin Account Creation
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
CVSS 8.8
CVE-2020-18662 WRITEUP CRITICAL
Gnuboard5 <=5.3.2.8 - SQL Injection
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
CVSS 9.8
CVE-2020-19360 WRITEUP HIGH
FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
CVSS 7.5
CVE-2020-19586 WRITEUP CRITICAL
Yellowfin Business Intelligence 7.3 - Stored Cross-Site Scripting via MIAdminStyles.i4 Admin UI
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVSS 9.0
CVE-2020-19587 WRITEUP MEDIUM
Yellowfin Business Intelligence 7.3 - Stored Cross-Site Scripting via MIAdminStyles.i4 Admin UI
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVSS 5.4
CVE-2020-20277 WRITEUP CRITICAL
uftpd 2.7-2.10 - Unauthenticated Directory Traversal via FTP Command Chroot Bypass
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.
CVSS 9.8
CVE-2020-20584 WRITEUP MEDIUM
baigo CMS v4.0-beta-1 - Cross-Site Scripting via Profile Info Submission Form
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
CVSS 6.1
CVE-2020-20584 WRITEUP MEDIUM
baigo CMS v4.0-beta-1 - Cross-Site Scripting via Profile Info Submission Form
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
CVSS 6.1
CVE-2019-10015 WRITEUP HIGH
baigoSSO 3.0.1 - Remote Code Execution via Configuration Screen Form Field
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.
CVSS 7.2
CVE-2020-20969 WRITEUP HIGH
Pluck 4.7.10 - Remote Code Execution via Trashcan Restore Item File Upload
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
CVSS 7.2
CVE-2020-21048 WRITEUP MEDIUM
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
CVE-2020-21048 WRITEUP MEDIUM
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
CVE-2020-21049 WRITEUP MEDIUM
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
CVE-2020-21049 WRITEUP MEDIUM
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
CVE-2020-21050 WRITEUP MEDIUM
libsixel < 1.8.3 - Stack Buffer Overflow in gif_process_raster Function
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
CVSS 6.5
CVE-2020-21050 WRITEUP MEDIUM
libsixel < 1.8.3 - Stack Buffer Overflow in gif_process_raster Function
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
CVSS 6.5