Writeup Exploits

63,677 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-24066 WRITEUP HIGH
simple-git <3.5.0 - Command Injection
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.
CVSS 8.1
CVE-2022-24122 WRITEUP HIGH
Linux kernel <5.16.4 - Privilege Escalation
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
CVSS 7.8
CVE-2022-24128 WRITEUP HIGH
TimescaleDB <2.5.2 - Privilege Escalation
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)
CVSS 8.0
CVE-2022-24226 WRITEUP HIGH
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVSS 7.5
CVE-2022-24227 WRITEUP MEDIUM
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 6.1
CVE-2022-24227 WRITEUP MEDIUM
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 6.1
CVE-2022-24263 WRITEUP CRITICAL
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS 9.8
CVE-2022-23873 WRITEUP HIGH
Victor CMS 1.0 - SQL Injection via user_firstname Parameter
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
CVSS 8.8
CVE-2022-23871 WRITEUP MEDIUM
Gibbon CMS 22.0.01 - Stored Cross-Site Scripting via Name, Category, or Description Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
CVSS 5.4
CVE-2022-23357 WRITEUP CRITICAL
mozilocms 2.0 - Path Traversal via curent_dir Parameter
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.
CVSS 9.1
CVE-2022-22868 WRITEUP MEDIUM
Gibbon CMS v22.0.01 - Cross-Site Scripting via Name Parameters
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
CVSS 4.8
CVE-2022-24375 WRITEUP HIGH
node-opcua < 2.74.0 - Denial of Service via Multiple CloseSession Requests
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS 7.5
CVE-2022-24437 WRITEUP CRITICAL
git-pull-or-clone <2.0.2 - Command Injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.
CVSS 9.8
CVE-2022-24439 WRITEUP HIGH
GitPython <3.1.30 - Remote Code Execution via Malicious Clone URL
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
CVSS 8.1
CVE-2022-24448 WRITEUP LOW
Linux kernel <5.16.5 - Info Disclosure
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
CVSS 3.3
CVE-2022-24563 WRITEUP MEDIUM
Genixcms 1.1.11 - Stored Cross-Site Scripting via intro_title and intro_image Parameters
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.
CVSS 5.4
CVE-2022-24585 WRITEUP MEDIUM
PluXml 5.8.7 - Stored Cross-Site Scripting via Author Parameter
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVSS 5.4
CVE-2022-24586 WRITEUP MEDIUM
PluXml 5.8.7 - Stored Cross-Site Scripting via Categories Content and Thumbnail Parameters
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVSS 5.4
CVE-2022-24587 WRITEUP MEDIUM
PluXml 5.8.7 - Stored Cross-Site Scripting in Media Management Component
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVSS 5.4
CVE-2022-24588 WRITEUP MEDIUM
Flatpress v1.2.1 - Stored Cross-Site Scripting via SVG File Upload
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
CVSS 5.4
CVE-2022-24589 WRITEUP MEDIUM
burden v3.0 - Stored Cross-Site Scripting in Add Category Function via Task Parameter
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.
CVSS 6.1
CVE-2022-24590 WRITEUP MEDIUM
BackdropCMS 1.21.1 - Stored Cross-Site Scripting in Add Link Function
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.
CVSS 5.4
CVE-2022-24644 WRITEUP HIGH
ZZ Inc. KeyMouse <=3.08 - Unauthenticated Update Code Execution
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
CVSS 8.8
CVE-2022-24707 WRITEUP HIGH
Anuko Time Tracker <1.20.0.5642 - SQL Injection
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.
CVSS 7.4
CVE-2022-24710 WRITEUP MEDIUM
Weblate < 4.11 - Stored Cross-Site Scripting via User Name and Language Fields
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
CVSS 5.4