Writeup Exploits

63,671 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-24832 WRITEUP HIGH
GoCD 17.5.0-22.1.0 - LDAP Injection via Username Parameter
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144.
CVSS 8.2
CVE-2022-24832 WRITEUP HIGH
GoCD 17.5.0-22.1.0 - LDAP Injection via Username Parameter
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144.
CVSS 8.2
CVE-2021-44659 WRITEUP CRITICAL
GoCD 21.3.0 - Server-Side Request Forgery via Pipeline Configuration
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests
CVSS 9.8
CVE-2021-43290 WRITEUP CRITICAL
ThoughtWorks GoCD <21.3.0 - Code Injection
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
CVSS 9.8
CVE-2021-43289 WRITEUP HIGH
ThoughtWorks GoCD <21.3.0 - Code Injection
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
CVSS 7.5
CVE-2021-43287 WRITEUP HIGH
ThoughtWorks GoCD <21.3.0 - Info Disclosure
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
CVSS 7.5
CVE-2021-43286 WRITEUP HIGH
ThoughtWorks GoCD <21.3.0 - Command Injection
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.
CVSS 8.8
CVE-2021-44664 WRITEUP HIGH
Xerte < 3.9 - Authenticated Remote Code Execution via Language File Upload
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
CVSS 8.8
CVE-2021-44665 WRITEUP MEDIUM
Xerte < 3.10.3 - Path Traversal via Project File Download
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
CVSS 6.5
CVE-2021-44673 WRITEUP HIGH
Croogo 3.0.2 - Remote Code Execution via Admin File Manager Attachments Upload
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
CVSS 8.8
CVE-2021-44733 WRITEUP HIGH
Linux Kernel < 5.15.11 - Use-After-Free in TEE Shared Memory Handling
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVSS 7.0
CVE-2021-44833 WRITEUP CRITICAL
Amazon AWS OpenSearch CLI 1.0.0 - Incorrect Default Permissions
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
CVSS 9.8
CVE-2021-44906 WRITEUP CRITICAL
Minimist <=1.2.5 - Prototype Pollution via setKey Function
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVSS 9.8
CVE-2021-44906 WRITEUP CRITICAL
Minimist <=1.2.5 - Prototype Pollution via setKey Function
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVSS 9.8
CVE-2021-44916 WRITEUP MEDIUM
Open-AudIT < 4.2.0 - Cross-Site Scripting via URL Parameter
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
CVSS 6.1
CVE-2021-44967 WRITEUP HIGH
LimeSurvey 5.2.4 - Authenticated Remote Code Execution via Plugin Upload
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be installed by a superadmin, and therefore the security model is not violated by this finding.
CVSS 8.8
CVE-2021-4428 WRITEUP LOW
what3words Autosuggest Plugin < 4.0.1 - Information Disclosure in Setting Handler
A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.
CVSS 2.7
CVE-2021-45010 WRITEUP HIGH
Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
CVSS 8.8
CVE-2021-45010 WRITEUP HIGH
Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
CVSS 8.8
CVE-2021-45268 WRITEUP HIGH
Backdrop CMS 1.20 - Cross-Site Request Forgery to Remote Code Execution via Malicious Add-on Upload
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
CVSS 8.8
CVE-2021-45338 WRITEUP HIGH
Avast Antivirus < 20.4 - Privilege Escalation via Unnecessarily Powerful Internal Methods
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
CVSS 7.8
CVE-2021-45338 WRITEUP HIGH
Avast Antivirus < 20.4 - Privilege Escalation via Unnecessarily Powerful Internal Methods
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
CVSS 7.8
CVE-2021-45394 WRITEUP HIGH
html2pdf < 5.2.4 - Deserialization of Untrusted Data via Malicious Link Tag
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
CVSS 8.8
CVE-2021-45783 WRITEUP MEDIUM
Bookeen Notea Firmware BK_R_1.0.5_20210608 - Path Traversal
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.
CVSS 4.6
CVE-2021-45835 WRITEUP CRITICAL
Online Admission System 1.0 - Code Injection
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.
CVSS 9.8