Writeup Exploits

63,687 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-43616 WRITEUP CRITICAL
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
CVE-2021-43616 WRITEUP CRITICAL
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
CVE-2021-43616 WRITEUP CRITICAL
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
CVE-2020-15095 WRITEUP MEDIUM
npm < 6.14.6 - Information Exposure via Log File
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
CVSS 4.4
CVE-2020-15095 WRITEUP MEDIUM
npm < 6.14.6 - Information Exposure via Log File
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
CVSS 4.4
CVE-2019-16777 WRITEUP HIGH
npm < 6.13.4 - Arbitrary File Overwrite via Global Binary Installation
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
CVE-2019-16776 WRITEUP HIGH
npm < 6.13.3 - Arbitrary File Write via package.json bin Field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
CVE-2019-16775 WRITEUP HIGH
npm CLI <6.13.3 - Arbitrary File Write
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
CVE-2022-29272 WRITEUP MEDIUM
Nagios XI <= 5.8.5 - Open Redirect via Login Function
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVSS 6.1
CVE-2022-29271 WRITEUP MEDIUM
Nagios XI <5.8.5 - Privilege Escalation
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVSS 6.5
CVE-2022-29270 WRITEUP MEDIUM
Nagios XI <= 5.8.5 - Unauthenticated Email Address Change
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVSS 4.3
CVE-2022-29269 WRITEUP MEDIUM
Nagios XI <= 5.8.5 - Authenticated Cross-Site Scripting in Schedule Report Function
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVSS 6.5
CVE-2022-29351 WRITEUP CRITICAL
TiddlyWiki5 v5.2.2 - Arbitrary File Upload via Crafted SVG File
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here.
CVSS 9.8
CVE-2022-29361 WRITEUP CRITICAL
Werkzeug < 2.1.0 - HTTP Request Smuggling via Crafted Request Body
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
CVSS 9.8
CVE-2022-29376 WRITEUP HIGH
Xampp for Windows <8.1.4 - Code Injection
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVSS 8.8
CVE-2022-29383 WRITEUP CRITICAL
NETGEAR ProSafe SSL VPN - SQL Injection
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVSS 9.8
CVE-2022-29528 WRITEUP CRITICAL
MISP < 2.4.158 - Deserialization of Untrusted Data via PHAR
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVSS 9.8
CVE-2022-29577 WRITEUP MEDIUM
OWASP AntiSamy < 1.6.7 - Cross-Site Scripting via HTML Tag Smuggling in STYLE Content
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
CVSS 6.1
CVE-2022-29582 WRITEUP HIGH
Linux Kernel < 5.17.3 - Use-After-Free via io_uring Timeout Race Condition
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
CVSS 7.0
CVE-2022-29727 WRITEUP MEDIUM
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting via Signup Parameter
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
CVSS 5.4
CVE-2022-29774 WRITEUP CRITICAL
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
CVE-2022-29774 WRITEUP CRITICAL
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
CVE-2022-29775 WRITEUP CRITICAL
iSpyConnect iSpy 7.2.2.0 - Unauthenticated Authentication Bypass via Crafted URL
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVSS 9.8
CVE-2022-29806 WRITEUP CRITICAL
ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
CVSS 9.8
CVE-2022-29932 WRITEUP HIGH
PRIMEUR SPAZIO 2.5.1.954 - Unauthenticated Sensitive Data Exposure via HTTP Request
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.
CVSS 7.5