Writeup Exploits
63,085 exploits tracked across all sources.
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3
FlatPress 1.0.3 - Stored Cross-Site Scripting in Blog Content
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 4.8
FlatPress 1.0.3 - Stored Cross-Site Scripting in Blog Content
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 4.8
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVSS 5.4
WonderCMS 3.1.3 - Authenticated Remote Code Execution via Theme/Plugin Installer
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
CVSS 9.8
WonderCMS 3.1.3 - Code Execution via Theme Installer SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
CVSS 9.8
WonderCMS < 2.5.2 - Session Fixation
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.
CVSS 8.8
WonderCMS 2.4.0 - Stored Cross-Site Scripting via SVG File Upload
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
CVSS 4.4
WonderCMS < 2.0.2 - Cross-Site Request Forgery
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
CVSS 8.8
Beijing Huorong Internet Security <5.0.55.2 - Privilege Escalation
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
CVSS 9.8
kk Star Ratings < 4.1.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.
CVSS 6.1
Oracle Primavera Unifier >=17.7 <17.12 - Path Traversal and Arbitrary File Write via Zip Stream Handler
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVSS 5.3
nxlog < 3.0.2272 - Denial of Service via Crafted Syslog Payload
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
CVSS 7.5
389 Directory Server < 1.4.3.19 - Unauthenticated LDAP Entry Existence Disclosure
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
CVSS 5.3
Envira Gallery Lite < 1.8.3.3 - Stored Cross-Site Scripting via meta[title] Parameter
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
CVSS 5.4
Envira Gallery Lite < 1.8.3.3 - Stored Cross-Site Scripting via Post Title Parameter
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
CVSS 5.4
dart/http < 0.12.2 and Pub/http < 0.13.3 - CRLF Injection via HTTP Method
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.
CVSS 6.1
zonote < 0.4.0 - Stored Cross-Site Scripting via Crafted Note
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
CVSS 9.0
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
CVSS 7.5
CITSmart < 9.1.2.23 - LDAP Injection
CITSmart before 9.1.2.23 allows LDAP Injection.
CVSS 9.8
XCloner Backup and Restore 4.2.1-4.2.12 - Arbitrary File Write & RCE via xcloner_restore.php
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
CVSS 9.9
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
CVSS 7.8
rails_admin < 1.4.3 and 2.x < 2.0.2 - Cross-Site Scripting via Nested Forms
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
CVSS 6.1
Relic relic-toolkit <0.6.0 - Info Disclosure/Privilege Escalation
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
CVSS 8.8
By Source