Writeup Exploits

63,358 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-15488 WRITEUP MEDIUM
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
CVE-2019-15488 WRITEUP MEDIUM
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
CVE-2018-11688 WRITEUP MEDIUM
Ignite Realtime Openfire < 3.9.2 - Cross-Site Scripting via Crafted URL
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS 6.1
CVE-2020-36964 WRITEUP CRITICAL
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVSS 9.8
CVE-2020-36973 WRITEUP MEDIUM
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS 6.5
CVE-2020-36988 WRITEUP MEDIUM
PDW File Browser < 1.3 - Authenticated Stored and Reflected Cross-Site Scripting via File Rename and Path Parameters
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVSS 5.4
CVE-2020-36993 WRITEUP MEDIUM
LimeSurvey < 4.3.10 - Stored Cross-Site Scripting in Survey Menu via Surveymenu Parameters
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
CVSS 5.4
CVE-2020-36999 WRITEUP HIGH
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS 8.2
CVE-2026-40178 WRITEUP MEDIUM
ajenti.plugin.core <0.112 2FA - Race Condition
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.
CVSS 5.9
CVE-2026-40177 WRITEUP HIGH
Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
CVSS 7.5
CVE-2026-35175 WRITEUP MEDIUM
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
CVE-2026-35175 WRITEUP MEDIUM
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
CVE-2026-27975 WRITEUP CRITICAL
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
CVE-2026-27975 WRITEUP CRITICAL
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
CVE-2020-37002 WRITEUP CRITICAL
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS 9.8
CVE-2019-25066 WRITEUP MEDIUM
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
CVSS 6.3
CVE-2020-37012 WRITEUP CRITICAL
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
CVSS 9.8
CVE-2020-37019 WRITEUP MEDIUM
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
CVE-2020-37019 WRITEUP MEDIUM
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
CVE-2020-37023 WRITEUP HIGH
Koken CMS 0.22.24 - Authenticated Unrestricted Upload of File with Dangerous Type via File Extension Manipulation
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.
CVSS 8.8
CVE-2020-37027 WRITEUP CRITICAL
Sickbeard alpha - Command Injection
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.
CVSS 9.8
CVE-2020-37026 WRITEUP MEDIUM
Sickbeard alpha - Cross-Site Request Forgery via Crafted Configuration Parameters
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection.
CVSS 5.3
CVE-2020-37035 WRITEUP HIGH
e-Learning PHP Script 0.1.0 - SQL Injection
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
CVSS 8.2
CVE-2019-25320 WRITEUP MEDIUM
E Learning Script 1.0 - Auth Bypass
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthorized access to the system.
CVSS 6.5
CVE-2020-37036 WRITEUP HIGH
RM Downloader 2.50.60 - Buffer Overflow
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
CVSS 8.4