Writeup Exploits

63,674 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47882 WRITEUP HIGH
FreeLAN 2.2 - Unquoted Service Path Privilege Escalation
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
CVSS 7.8
CVE-2021-47900 WRITEUP CRITICAL
Gila CMS < 2.0.0 - Unauthenticated Remote Code Execution via User-Agent Header Injection
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
CVSS 9.8
CVE-2021-47901 WRITEUP CRITICAL
dirsearch 0.4.1 - CSV Injection via Redirect Endpoint Path
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
CVSS 9.8
CVE-2021-47904 WRITEUP HIGH
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
CVSS 8.8
CVE-2021-47905 WRITEUP MEDIUM
MyBB Delete Account Plugin 1.4 - XSS
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.
CVSS 6.1
CVE-2022-0072 WRITEUP MEDIUM
OpenLiteSpeed 1.5.11-1.5.12 1.6.5-1.6.20.1 <1.7.16.1 - Path Traversal
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS 5.8
CVE-2022-0073 WRITEUP HIGH
OpenLiteSpeed 1.7.0-1.7.16 - Command Injection via Improper Input Validation
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS 8.8
CVE-2022-0088 WRITEUP HIGH
YOURLS < 1.8.3 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
CVSS 7.4
CVE-2022-0088 WRITEUP HIGH
YOURLS < 1.8.3 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
CVSS 7.4
CVE-2022-0155 WRITEUP MEDIUM
follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVSS 6.5
CVE-2022-0219 WRITEUP MEDIUM
skylot/jadx <1.3.2 - XML External Entity Reference
Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.
CVSS 5.5
CVE-2022-0265 WRITEUP CRITICAL
GitHub hazelcast/hazelcast <5.1-BETA-1 - SSRF
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.
CVSS 9.8
CVE-2022-0336 WRITEUP HIGH
Samba 4.0.0-4.13.17 - Denial of Service and Service Impersonation via SPN Re-addition
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
CVSS 8.8
CVE-2022-0377 WRITEUP MEDIUM
LearnPress <4.1.5 - Info Disclosure
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.
CVSS 4.3
CVE-2022-0482 WRITEUP CRITICAL
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVSS 9.1
CVE-2022-0496 WRITEUP MEDIUM
OpenSCAD < 2022-02-04 - Memory Corruption via DXF Import
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
CVSS 5.5
CVE-2022-0557 WRITEUP HIGH
Packagist microweber/microweber <1.2.11 - Command Injection
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVSS 7.2
CVE-2022-0561 WRITEUP MEDIUM
libtiff 3.9.0-4.3.0 - Denial of Service via TIFFFetchStripThing memcpy Null Pointer
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVSS 5.5
CVE-2022-0562 WRITEUP MEDIUM
libtiff 4.0-4.3.0 - Denial of Service via Crafted TIFF File
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
CVSS 5.5
CVE-2022-0666 WRITEUP HIGH
microweber/microweber <1.2.11 - Stack Trace Exposure
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
CVSS 7.5
CVE-2022-0824 WRITEUP HIGH
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2022-0848 WRITEUP CRITICAL
part-db < 0.5.11 - OS Command Injection
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
CVSS 9.8
CVE-2022-0891 WRITEUP MEDIUM
libtiff 4.3.0 - Heap Buffer Overflow in ExtractImageSection Function
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
CVSS 6.1
CVE-2022-0944 WRITEUP HIGH
sqlpad < 6.10.1 - Remote Code Execution via Template Injection in Connection Test Endpoint
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
CVSS 7.2
CVE-2022-0967 WRITEUP MEDIUM
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
CVSS 5.4