Writeup Exploits

63,466 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-23362 WRITEUP MEDIUM
hosted-git-info < 2.8.9 - Regular Expression Denial of Service via shortcutMatch
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
CVSS 5.3
CVE-2021-23363 WRITEUP MEDIUM
kill-by-port < 0.0.2 - OS Command Injection via Unsanitized Input to killByPort Function
This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVSS 6.3
CVE-2021-23364 WRITEUP MEDIUM
browserslist 4.0.0-4.16.5 - Regular Expression Denial of Service
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
CVSS 5.3
CVE-2021-23365 WRITEUP MEDIUM
tyk-identity-broker < 1.1.1 - Authentication Bypass via Go XML Parser
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
CVSS 4.8
CVE-2021-23368 WRITEUP MEDIUM
postcss 7.0.0-7.0.35 - Regular Expression Denial of Service in Source Map Parsing
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
CVSS 5.3
CVE-2021-23369 WRITEUP MEDIUM
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
CVE-2021-23383 WRITEUP MEDIUM
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
CVE-2021-23387 WRITEUP MEDIUM
trailing-slash < 2.0.1 - Open Redirect via Trailing Double Slashes
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web server uses relative URLs instead of absolute URLs.
CVSS 5.4
CVE-2021-23389 WRITEUP CRITICAL
total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2021-23390 WRITEUP CRITICAL
total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2026-41247 WRITEUP CRITICAL
elFinder: Command injection in resize background color parameter when using ImageMagick CLI
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background color) parameter is accepted from user input and passed through image resize/rotate processing. In configurations that use the ImageMagick CLI backend, this value is incorporated into shell command strings without sufficient escaping. An attacker able to invoke the resize command with a crafted bg value may achieve arbitrary command execution as the web server process user. This vulnerability is fixed in 2.1.67.
CVSS 9.8
CVE-2023-52045 WRITEUP MEDIUM
Studio-42 elFinder 2.1.62 - Stored Cross-Site Scripting via Filename Restriction Bypass
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.
CVSS 6.1
CVE-2023-52044 WRITEUP CRITICAL
Studio-42 elFinder 2.1.62 - Remote Code Execution via Unrestricted .php8 File Upload
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.
CVSS 9.8
CVE-2023-35840 WRITEUP MEDIUM
elFinder < 2.1.62 - Path Traversal via LocalVolumeDriver Connector
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVSS 6.5
CVE-2022-27115 WRITEUP CRITICAL
Studio-42 elFinder < 2.1.61 - Remote Code Execution via File Upload
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVSS 9.8
CVE-2021-43421 WRITEUP CRITICAL
Studio-42 elFinder 2.0.4-2.1.59 - Unauthenticated Arbitrary File Upload via connector.minimal.php
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
CVSS 9.8
CVE-2021-32682 WRITEUP CRITICAL
elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
CVSS 9.8
CVE-2021-23394 WRITEUP HIGH
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
CVE-2021-23394 WRITEUP HIGH
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
CVE-2021-23394 WRITEUP HIGH
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
CVE-2019-9194 WRITEUP CRITICAL
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
CVE-2019-9194 WRITEUP CRITICAL
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
CVE-2019-9194 WRITEUP CRITICAL
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
CVE-2019-6257 WRITEUP HIGH
elFinder < 2.1.46 - Server-Side Request Forgery via get_remote_contents()
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
CVSS 7.7
CVE-2019-5884 WRITEUP MEDIUM
elFinder < 2.1.45 - Information Exposure via PHP curl Extension
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
CVSS 5.9