Writeup Exploits

63,085 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36316 WRITEUP MEDIUM
RELIC < 2021-04-03 - Buffer Overflow in PKCS#1 v1.5 Signature Verification
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
CVSS 5.5
CVE-2020-36316 WRITEUP MEDIUM
RELIC < 2021-04-03 - Buffer Overflow in PKCS#1 v1.5 Signature Verification
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
CVSS 5.5
CVE-2020-36316 WRITEUP MEDIUM
RELIC < 2021-04-03 - Buffer Overflow in PKCS#1 v1.5 Signature Verification
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
CVSS 5.5
CVE-2020-36315 WRITEUP MEDIUM
RELIC < 2020-08-01 - RSA PKCS#1 v1.5 Signature Forgery via Inadequate Padding Validation
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
CVSS 5.3
CVE-2020-36315 WRITEUP MEDIUM
RELIC < 2020-08-01 - RSA PKCS#1 v1.5 Signature Forgery via Inadequate Padding Validation
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
CVSS 5.3
CVE-2020-36315 WRITEUP MEDIUM
RELIC < 2020-08-01 - RSA PKCS#1 v1.5 Signature Forgery via Inadequate Padding Validation
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
CVSS 5.3
CVE-2020-36550 WRITEUP MEDIUM
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Table Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
CVSS 5.4
CVE-2020-36551 WRITEUP MEDIUM
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Item Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36552 WRITEUP MEDIUM
Multi Restaurant Table Reservation System 1.0 - Cross-Site Scripting via Made Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36553 WRITEUP MEDIUM
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Area Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36603 WRITEUP MEDIUM
Genshin Impact <1.0.0.0 - Code Injection
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
CVSS 6.5
CVE-2020-36603 WRITEUP MEDIUM
Genshin Impact <1.0.0.0 - Code Injection
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
CVSS 6.5
CVE-2020-36881 WRITEUP HIGH
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
CVSS 7.8
CVE-2020-36939 WRITEUP HIGH
Cassandra Web 0.5.0 - Path Traversal
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.
CVSS 7.5
CVE-2020-36941 WRITEUP CRITICAL
Knockpy 4.1.1 - CSV Injection via Server Header Manipulation
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
CVSS 9.8
CVE-2020-36951 WRITEUP HIGH
Phpscript-sgh 0.1.0 - SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.
CVSS 8.2
CVE-2025-59154 WRITEUP MEDIUM
Org.igniterealtime.openfire Xmppserver < 5.0.2 - Authentication Bypass by Spoofing
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls X509Certificate.getSubjectDN().getName() and applies a regex to look for CN=. This method produces a provider-dependent string that does not escape special characters. In SunJSSE (sun.security.x509.X500Name), for example, commas and equals signs inside attribute values are not escaped. As a result, a malicious certificate can embed CN= inside another attribute value (e.g. OU="CN=admin,"). The regex will incorrectly interpret this as a legitimate Common Name and extract admin. If SASL EXTERNAL is enabled and configured to map CNs to user accounts, this allows the attacker to impersonate another user. The fix is included in Openfire 5.0.2 and 5.1.0.
CVSS 5.9
CVE-2024-25420 WRITEUP HIGH
Ignite Realtime Openfire <4.8.1 - Privilege Escalation
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
CVSS 7.2
CVE-2024-25420 WRITEUP HIGH
Ignite Realtime Openfire <4.8.1 - Privilege Escalation
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
CVSS 7.2
CVE-2023-32315 WRITEUP HIGH
Openfire authentication bypass with RCE plugin
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
CVSS 8.6
CVE-2020-36956 WRITEUP MEDIUM
Openfire < 4.6.0 - Stored Cross-Site Scripting via NodeJS Plugin Path Parameter
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
CVSS 6.4
CVE-2019-20366 WRITEUP MEDIUM
Openfire < 4.5.0 - Stored Cross-Site Scripting via isTrustStore Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVSS 6.1
CVE-2019-20365 WRITEUP MEDIUM
Ignite Realtime Openfire 4.4.4 - Stored Cross-Site Scripting via Users/Group Search Page
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
CVSS 6.1
CVE-2019-20364 WRITEUP MEDIUM
Openfire 4.4.4 - Stored Cross-Site Scripting via SystemCacheDetails.jsp cacheName Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
CVSS 6.1
CVE-2019-20363 WRITEUP MEDIUM
Openfire 4.4.4 - Stored Cross-Site Scripting via Manage Store Contents Alias
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
CVSS 6.1