Writeup Exploits
63,358 exploits tracked across all sources.
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVSS 6.1
Ignite Realtime Openfire < 3.9.2 - Cross-Site Scripting via Crafted URL
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS 6.1
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVSS 9.8
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS 6.5
PDW File Browser < 1.3 - Authenticated Stored and Reflected Cross-Site Scripting via File Rename and Path Parameters
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVSS 5.4
LimeSurvey < 4.3.10 - Stored Cross-Site Scripting in Survey Menu via Surveymenu Parameters
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
CVSS 5.4
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS 8.2
ajenti.plugin.core <0.112 2FA - Race Condition
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.
CVSS 5.9
Password bypass when 2FA is activated
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
CVSS 7.5
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
Ajenti <2.2.15 Custom Package Installation - Authorization Bypass
Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.
CVSS 6.5
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
ajenti < 2.2.13 - Unauthenticated Remote Code Execution
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
CVSS 9.8
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS 9.8
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
CVSS 6.3
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
CVSS 9.8
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS 6.4
Koken CMS 0.22.24 - Authenticated Unrestricted Upload of File with Dangerous Type via File Extension Manipulation
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.
CVSS 8.8
Sickbeard alpha - Command Injection
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.
CVSS 9.8
Sickbeard alpha - Cross-Site Request Forgery via Crafted Configuration Parameters
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection.
CVSS 5.3
e-Learning PHP Script 0.1.0 - SQL Injection
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
CVSS 8.2
E Learning Script 1.0 - Auth Bypass
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthorized access to the system.
CVSS 6.5
RM Downloader 2.50.60 - Buffer Overflow
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
CVSS 8.4
By Source