Writeup Exploits
63,090 exploits tracked across all sources.
Openfire < 4.6.0 - Stored Cross-Site Scripting via NodeJS Plugin Path Parameter
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
CVSS 6.4
Openfire < 4.5.0 - Stored Cross-Site Scripting via isTrustStore Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVSS 6.1
Ignite Realtime Openfire 4.4.4 - Stored Cross-Site Scripting via Users/Group Search Page
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
CVSS 6.1
Openfire 4.4.4 - Stored Cross-Site Scripting via SystemCacheDetails.jsp cacheName Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
CVSS 6.1
Openfire 4.4.4 - Stored Cross-Site Scripting via Manage Store Contents Alias
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
CVSS 6.1
Ignite Realtime Openfire < 4.4.2 - Server-Side Request Forgery via FaviconServlet
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
CVSS 9.8
Openfire < 4.4.2 - Path Traversal via PluginServlet.java
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
CVSS 5.3
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
Ignite Realtime Openfire < 3.9.2 - Cross-Site Scripting via Crafted URL
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS 6.1
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVSS 9.8
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS 6.5
PDW File Browser < 1.3 - Authenticated Stored and Reflected Cross-Site Scripting via File Rename and Path Parameters
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVSS 5.4
LimeSurvey < 4.3.10 - Stored Cross-Site Scripting in Survey Menu via Surveymenu Parameters
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
CVSS 5.4
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS 8.2
ajenti.plugin.core <0.112 2FA - Race Condition
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.
CVSS 5.9
Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
CVSS 7.5
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS 9.8
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
CVSS 6.3
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
CVSS 9.8
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
By Source