Writeup Exploits

63,090 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36956 WRITEUP MEDIUM
Openfire < 4.6.0 - Stored Cross-Site Scripting via NodeJS Plugin Path Parameter
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
CVSS 6.4
CVE-2019-20366 WRITEUP MEDIUM
Openfire < 4.5.0 - Stored Cross-Site Scripting via isTrustStore Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVSS 6.1
CVE-2019-20365 WRITEUP MEDIUM
Ignite Realtime Openfire 4.4.4 - Stored Cross-Site Scripting via Users/Group Search Page
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
CVSS 6.1
CVE-2019-20364 WRITEUP MEDIUM
Openfire 4.4.4 - Stored Cross-Site Scripting via SystemCacheDetails.jsp cacheName Parameter
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
CVSS 6.1
CVE-2019-20363 WRITEUP MEDIUM
Openfire 4.4.4 - Stored Cross-Site Scripting via Manage Store Contents Alias
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
CVSS 6.1
CVE-2019-18394 WRITEUP CRITICAL
Ignite Realtime Openfire < 4.4.2 - Server-Side Request Forgery via FaviconServlet
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
CVSS 9.8
CVE-2019-18393 WRITEUP MEDIUM
Openfire < 4.4.2 - Path Traversal via PluginServlet.java
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
CVSS 5.3
CVE-2019-15488 WRITEUP MEDIUM
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
CVE-2019-15488 WRITEUP MEDIUM
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
CVE-2018-11688 WRITEUP MEDIUM
Ignite Realtime Openfire < 3.9.2 - Cross-Site Scripting via Crafted URL
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS 6.1
CVE-2020-36964 WRITEUP CRITICAL
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVSS 9.8
CVE-2020-36973 WRITEUP MEDIUM
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS 6.5
CVE-2020-36988 WRITEUP MEDIUM
PDW File Browser < 1.3 - Authenticated Stored and Reflected Cross-Site Scripting via File Rename and Path Parameters
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVSS 5.4
CVE-2020-36993 WRITEUP MEDIUM
LimeSurvey < 4.3.10 - Stored Cross-Site Scripting in Survey Menu via Surveymenu Parameters
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
CVSS 5.4
CVE-2020-36999 WRITEUP HIGH
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS 8.2
CVE-2026-40178 WRITEUP MEDIUM
ajenti.plugin.core <0.112 2FA - Race Condition
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.
CVSS 5.9
CVE-2026-40177 WRITEUP HIGH
Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
CVSS 7.5
CVE-2026-35175 WRITEUP MEDIUM
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
CVE-2026-35175 WRITEUP MEDIUM
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
CVE-2026-27975 WRITEUP CRITICAL
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
CVE-2026-27975 WRITEUP CRITICAL
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
CVE-2020-37002 WRITEUP CRITICAL
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS 9.8
CVE-2019-25066 WRITEUP MEDIUM
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
CVSS 6.3
CVE-2020-37012 WRITEUP CRITICAL
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
CVSS 9.8
CVE-2020-37019 WRITEUP MEDIUM
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4