Writeup Exploits

63,085 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-35236 WRITEUP MEDIUM
amazee.io Lagoon <1.12.3 - Info Disclosure
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
CVSS 5.3
CVE-2020-35241 WRITEUP MEDIUM
FlatPress 1.0.3 - Stored Cross-Site Scripting in Blog Content
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-35241 WRITEUP MEDIUM
FlatPress 1.0.3 - Stored Cross-Site Scripting in Blog Content
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-35261 WRITEUP MEDIUM
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVSS 5.4
CVE-2020-35314 WRITEUP CRITICAL
WonderCMS 3.1.3 - Authenticated Remote Code Execution via Theme/Plugin Installer
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
CVSS 9.8
CVE-2020-35313 WRITEUP CRITICAL
WonderCMS 3.1.3 - Code Execution via Theme Installer SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
CVSS 9.8
CVE-2018-14387 WRITEUP HIGH
WonderCMS < 2.5.2 - Session Fixation
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.
CVSS 8.8
CVE-2018-1000062 WRITEUP MEDIUM
WonderCMS 2.4.0 - Stored Cross-Site Scripting via SVG File Upload
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
CVSS 4.4
CVE-2017-7951 WRITEUP HIGH
WonderCMS < 2.0.2 - Cross-Site Request Forgery
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
CVSS 8.8
CVE-2020-35364 WRITEUP CRITICAL
Beijing Huorong Internet Security <5.0.55.2 - Privilege Escalation
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
CVSS 9.8
CVE-2020-35438 WRITEUP MEDIUM
kk Star Ratings < 4.1.5 - Cross-Site Scripting
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.
CVSS 6.1
CVE-2020-35460 WRITEUP MEDIUM
Oracle Primavera Unifier >=17.7 <17.12 - Path Traversal and Arbitrary File Write via Zip Stream Handler
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVSS 5.3
CVE-2020-35488 WRITEUP HIGH
nxlog < 3.0.2272 - Denial of Service via Crafted Syslog Payload
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
CVSS 7.5
CVE-2020-35518 WRITEUP MEDIUM
389 Directory Server < 1.4.3.19 - Unauthenticated LDAP Entry Existence Disclosure
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
CVSS 5.3
CVE-2020-35581 WRITEUP MEDIUM
Envira Gallery Lite < 1.8.3.3 - Stored Cross-Site Scripting via meta[title] Parameter
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
CVSS 5.4
CVE-2020-35582 WRITEUP MEDIUM
Envira Gallery Lite < 1.8.3.3 - Stored Cross-Site Scripting via Post Title Parameter
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
CVSS 5.4
CVE-2020-35669 WRITEUP MEDIUM
dart/http < 0.12.2 and Pub/http < 0.13.3 - CRLF Injection via HTTP Method
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request.
CVSS 6.1
CVE-2020-35717 WRITEUP CRITICAL
zonote < 0.4.0 - Stored Cross-Site Scripting via Crafted Note
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
CVSS 9.0
CVE-2020-35729 WRITEUP CRITICAL
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
CVE-2020-35737 WRITEUP HIGH
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
CVSS 7.5
CVE-2020-35775 WRITEUP CRITICAL
CITSmart < 9.1.2.23 - LDAP Injection
CITSmart before 9.1.2.23 allows LDAP Injection.
CVSS 9.8
CVE-2020-35948 WRITEUP CRITICAL
XCloner Backup and Restore 4.2.1-4.2.12 - Arbitrary File Write & RCE via xcloner_restore.php
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
CVSS 9.9
CVE-2020-36154 WRITEUP HIGH
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
CVSS 7.8
CVE-2020-36190 WRITEUP MEDIUM
rails_admin < 1.4.3 and 2.x < 2.0.2 - Cross-Site Scripting via Nested Forms
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
CVSS 6.1
CVE-2023-51939 WRITEUP HIGH
Relic relic-toolkit <0.6.0 - Info Disclosure/Privilege Escalation
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
CVSS 8.8