Writeup Exploits

63,449 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-7729 WRITEUP HIGH
grunt < 1.3.0 - Arbitrary Code Execution via Insecure YAML Deserialization
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVSS 7.1
CVE-2020-7740 WRITEUP HIGH
node-pdf-generator - Server-Side Request Forgery via Unsanitized URL Content
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
CVSS 8.2
CVE-2020-7741 WRITEUP CRITICAL
hello.js < 1.18.6 - Cross-Site Scripting via oauth_redirect URL Parameter
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
CVSS 9.9
CVE-2020-7743 WRITEUP HIGH
mathjs < 7.5.1 - Prototype Pollution via deepExtend Function
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
CVSS 7.3
CVE-2020-7747 WRITEUP MEDIUM
lightning-server - Cross-Site Scripting in Session Controller
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
CVSS 6.3
CVE-2020-7748 WRITEUP MEDIUM
Ts.ed < 5.65.7 - Prototype Pollution
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVSS 5.6
CVE-2020-7750 WRITEUP CRITICAL
scratch-svg-renderer < 0.2.0-prerelease.20201019174008 - Cross-Site Scripting via SVG Injection in loadString
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
CVSS 9.6
CVE-2020-7752 WRITEUP HIGH
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVSS 8.8
CVE-2020-7758 WRITEUP HIGH
browserless/chrome < 1.40.2 - Path Traversal via Workspace Endpoint
This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.
CVSS 7.5
CVE-2020-7769 WRITEUP HIGH
nodemailer <6.4.16 - Command Injection
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
CVSS 8.6
CVE-2020-7772 WRITEUP HIGH
doc-path < 2.1.2 - Remote Code Execution via Untrusted Input
This affects the package doc-path before 2.1.2.
CVSS 7.5
CVE-2020-7776 WRITEUP HIGH
phpoffice/phpspreadsheet <0.0.0 - XSS
This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch.
CVSS 7.1
CVE-2020-7778 WRITEUP HIGH
Package Systeminformation <4.30.2 - Code Injection
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS 7.3
CVE-2020-7778 WRITEUP HIGH
Package Systeminformation <4.30.2 - Code Injection
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS 7.3
CVE-2020-7792 WRITEUP HIGH
mout < 1.2.3 - Prototype Pollution via deepFillIn and deepMixIn Functions
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.
CVSS 7.5
CVE-2020-7795 WRITEUP HIGH
get-npm-package-version <1.0.7 - Command Injection
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
CVSS 7.3
CVE-2020-7931 WRITEUP HIGH
JFrog Artifactory <5.11.8 and 6.8.0-6.8.17 - Remote Code Execution via FreeMarker Template Processing
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
CVSS 8.8
CVE-2020-7949 WRITEUP HIGH
Dota 2 < 7.23f - Remote Code Execution via Crafted Map in GetValue Call
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
CVSS 7.8
CVE-2019-16294 WRITEUP HIGH
Notepad++ < 7.7 - Remote Code Execution or Denial of Service via Crafted .ml File
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVSS 7.8
CVE-2019-15943 WRITEUP HIGH
Counter-Strike: Global Offensive <1.37.1.1 - RCE/DoS
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
CVSS 8.8
CVE-2020-7959 WRITEUP MEDIUM
LabVantage LIMS 8.3 - Info Disclosure
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
CVSS 5.3
CVE-2020-7989 WRITEUP MEDIUM
Adive Framework 2.0.8 - Stored Cross-Site Scripting via userUsername Parameter
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
CVSS 6.1
CVE-2020-7990 WRITEUP MEDIUM
Adive Framework 2.0.8 - Stored Cross-Site Scripting via User Add Function
Adive Framework 2.0.8 has admin/user/add userName XSS.
CVSS 6.1
CVE-2020-7991 WRITEUP HIGH
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
CVSS 8.8
CVE-2020-8034 WRITEUP MEDIUM
Gollem < 3.0.13 - Reflected Cross-Site Scripting via HTTP GET dir Parameter
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVSS 6.1