Writeup Exploits

63,702 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-36085 WRITEUP HIGH
Open Policy Agent 0.40.0-0.43.0 - Unsafe Builtin Bypass via 'with' Keyword
Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function (a feature introduced in OPA v0.40.0), isn’t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead.
CVSS 7.4
CVE-2022-36087 WRITEUP MEDIUM
oauthlib 3.1.1-3.2.1 - Open Redirect via URI Validation Bypass
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
CVSS 5.7
CVE-2022-36092 WRITEUP HIGH
XWiki Platform Old Core <14.2-13.10.4 - Auth Bypass
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first.
CVSS 7.5
CVE-2022-36098 WRITEUP HIGH
XWiki Platform <13.10.6, <14.4 - RCE
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject.
CVSS 8.9
CVE-2022-36123 WRITEUP HIGH
Linux kernel <5.18.13 - DoS/Privilege Escalation
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVSS 7.8
CVE-2022-36193 WRITEUP CRITICAL
School Management System 1.0 - SQL Injection
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVSS 9.8
CVE-2022-36259 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVSS 7.5
CVE-2022-36259 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVSS 7.5
CVE-2022-36258 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36258 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36257 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
CVSS 7.5
CVE-2022-36257 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.
CVSS 7.5
CVE-2022-36256 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
CVSS 7.5
CVE-2022-36256 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".
CVSS 7.5
CVE-2022-36255 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-36255 WRITEUP HIGH
sazanrjb InventoryManagementSystem 1.0 - SQL Injection
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS 7.5
CVE-2022-35606 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via CustomerDAO.java customerCode Parameter
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVSS 9.8
CVE-2022-35605 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via UserDAO.java Parameters
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
CVSS 9.8
CVE-2022-35603 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via searchTxt Parameter
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVSS 9.8
CVE-2022-35602 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via User Parameter
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
CVSS 9.8
CVE-2022-35601 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via SupplierDAO.java searchTxt Parameter
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVSS 9.8
CVE-2022-35599 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via productcode Parameter
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVSS 9.8
CVE-2022-35598 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVSS 9.8
CVE-2022-36261 WRITEUP CRITICAL
taocms 3.0.2 - Arbitrary File Deletion via Admin File Deletion Endpoint
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS 9.1
CVE-2022-36267 WRITEUP CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CVSS 9.8