Writeup Exploits

63,530 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-3844 WRITEUP LOW
Webmin 2.001 - Cross-Site Scripting in xterm/index.cgi
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
CVSS 3.5
CVE-2022-36446 WRITEUP CRITICAL
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-30708 WRITEUP HIGH
Webmin < 1.991 - Remote Code Execution via Authentic Theme File Parameter
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS 8.8
CVE-2022-30708 WRITEUP HIGH
Webmin < 1.991 - Remote Code Execution via Authentic Theme File Parameter
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS 8.8
CVE-2021-31762 WRITEUP HIGH
Webmin 1.973 - Cross-Site Request Forgery via User Addition Feature
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
CVSS 8.8
CVE-2021-31761 WRITEUP CRITICAL
Webmin 1.973 - Reflected Cross-Site Scripting to Remote Command Execution via Running Process Feature
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
CVSS 9.6
CVE-2021-31760 WRITEUP HIGH
Webmin 1.973 - Cross-Site Request Forgery to Remote Command Execution via Running Process Feature
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
CVSS 8.8
CVE-2019-15642 WRITEUP HIGH
Webmin < 1.920 - Authenticated Remote Code Execution via unserialise_variable Eval Call
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
CVSS 8.8
CVE-2019-15642 WRITEUP HIGH
Webmin < 1.920 - Authenticated Remote Code Execution via unserialise_variable Eval Call
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
CVSS 8.8
CVE-2017-9313 WRITEUP MEDIUM
Webmin < 1.850 - Cross-Site Scripting via sec Parameter to view_man.cgi
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
CVSS 6.1
CVE-2017-15646 WRITEUP MEDIUM
Webmin < 1.860 - Stored Cross-Site Scripting and Remote Code Execution via File Manager Download from Remote URL
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
CVSS 6.1
CVE-2012-2983 WRITEUP
Webmin < 1.590 - Unauthenticated Arbitrary File Read via file/edit_html.cgi
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
CVE-2012-2982 WRITEUP
Webmin < 1.590 - Authenticated Remote Command Execution via Invalid Pathname Character
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
CVE-2021-31800 WRITEUP CRITICAL
Impacket < 0.9.22 - Path Traversal and Arbitrary File Write via SMB Server
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
CVSS 9.8
CVE-2021-31862 WRITEUP MEDIUM
SysAid 20.4.74 - Unauthenticated Stored Cross-Site Scripting via KeepAlive.jsp stamp Parameter
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
CVSS 6.1
CVE-2021-3111 WRITEUP MEDIUM
Concrete CMS < 8.5.5 - Stored Cross-Site Scripting via Express Entries Dashboard Name Field
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
CVSS 4.8
CVE-2021-3122 WRITEUP CRITICAL
NCR Command Center Agent 16.3 - Unauthenticated Remote Code Execution via runCommand Parameter
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration."
CVSS 9.8
CVE-2021-3138 WRITEUP HIGH
Discourse 2.7.0-beta1 - Two-Factor Authentication Bypass via Rate-Limit Bypass
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
CVSS 7.5
CVE-2021-3155 WRITEUP LOW
snapd < 2.54.3 - Unprotected User Data Exposure via Home Directory Permissions
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS 3.8
CVE-2021-3164 WRITEUP HIGH
ChurchRota 2.6.4 - Authenticated Remote Code Execution via File Upload
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
CVSS 8.8
CVE-2021-3166 WRITEUP HIGH
ASUS DSL-N14U-B1 1.1.2.3_805 - Unrestricted Firmware Upload via Settings_DSL-N14U-B1.trx
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.
CVSS 7.5
CVE-2021-3181 WRITEUP MEDIUM
Mutt < 2.0.4 - Denial of Service via Semicolon Sequence in RFC822 Address Fields
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
CVSS 6.5
CVE-2021-32055 WRITEUP CRITICAL
Mutt 1.11.0-2.0.6 and NeoMutt 20191025-20210504 - Out-of-bounds Read in IMAP Sequence Set Handling
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
CVSS 9.1
CVE-2021-32172 WRITEUP CRITICAL
Maian Cart 3.8 - Unauthenticated Remote Code Execution via Elfinder Plugin
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.
CVSS 9.8
CVE-2021-32399 WRITEUP HIGH
Linux Kernel < 5.12.2 - Race Condition in HCI Controller Removal
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVSS 7.0