Writeup Exploits
63,078 exploits tracked across all sources.
FUEL CMS 1.4.8 - SQL Injection via fuel_replace_id Parameter
FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS 9.8
FruityWifi <= 2.4 - Authenticated Remote Code Execution via page_config_adv.php Shell Metacharacter Injection
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
CVSS 8.8
osTicket < 1.14.3 - Server-Side Request Forgery
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
CVSS 9.8
Yaws 1.81-2.0.7 - OS Command Injection via CGI Implementation
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVSS 9.8
Yaws 1.81-2.0.7 - XML External Entity Injection via WebDAV Implementation
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
CVSS 9.8
Yaws <2.0.2-2.0.7 - Buffer Overflow
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
CVSS 5.5
Yaws <2.0.2-2.0.7 - Buffer Overflow
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
CVSS 5.5
Observium 20.8.10631 - Path Traversal and Local File Inclusion via Settings URI
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.
CVSS 8.8
Pritunl 1.29.2145.25 - Username Enumeration via Login Attempt Error Code Discrepancy
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
CVSS 5.3
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
CVSS 10.0
PyroCMS 3.7 - Cross-Site Request Forgery via Admin Pages Delete Endpoint
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
CVSS 4.3
PyroCMS 3.7 - Cross-Site Request Forgery via Admin Addons Uninstall Endpoint
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVSS 7.1
Xinuos OpenServer 5-6 - OS Command Injection via printbook cgi-bin Parameters
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
CVSS 9.8
Xinuos OpenServer 5 and 6 - Reflected Cross-Site Scripting via Section Parameter
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
CVSS 6.1
Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVSS 7.5
MantisBT < 2.24.3 - Missing Authorization for Private Attachment Download
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVSS 4.3
Accfly 720p_firmware 3.10.73-4.15.77 - Stack-Based Buffer Overflow in CNetClientManage::ServerIP_Proto_Set
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
CVSS 9.8
BigBlueButton < 2.2.27 - Authenticated Server-Side Request Forgery via ODF xlink Field
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
CVSS 6.5
Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
CVSS 6.1
Genexis Platinum 4410 V2.1 (P4410-V2-1.34H) - Cleartext Sensitive Info via UPnP X_GetAccess
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
CVSS 6.5
TigerVNC < 1.11.0 - Improper Certificate Validation
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
CVSS 8.1
openmediavault < 4.1.36 and 5.x < 5.5.12 - Authenticated PHP Code Injection via rpc.php sortfield Parameter
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
CVSS 8.8
Dual DHCP DNS Server 7.40 - Privilege Escalation via Executable Replacement
An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary.
CVSS 7.8
Home DNS Server 0.10 - Unauthenticated Privilege Escalation via Binary Replacement
An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary.
CVSS 7.8
Open DHCP Server 1.75 and Open DHCP Server (LDAP Based) 0.1Beta - Privilege Escalation via Binary Replacement
Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.
CVSS 7.8
By Source