Writeup Exploits
63,730 exploits tracked across all sources.
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVSS 9.8
taocms 3.0.2 - Arbitrary File Deletion via Admin File Deletion Endpoint
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS 9.1
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CVSS 9.8
OSU Open Source Lab VNCAuthProxy <1.1.1 - Auth Bypass
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.
CVSS 9.8
Frrouting 8.3.0 - Denial of Service via Malicious BGP Open Packet
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
CVSS 7.5
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CVSS 9.8
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_AllocateTransientObject
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
CVSS 7.5
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_GetObjectInfo1
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
CVSS 7.5
Teleport <= 17.5.1 - Unauthenticated Remote Authentication Bypass
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
CVSS 9.8
Teleport < 10.1.2 and < 8.3.17 - Unauthenticated Remote Code Execution via SSH Agent Installation Link
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
CVSS 8.8
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Hospital Information System 1.0 - SQL Injection
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
png2webp 1.0.4 - Out-of-bounds Write via w2p Function
png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.
CVSS 5.5
FRRouting < 8.4 - Out-of-bounds Read in BGP Capability Message Parser
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
CVSS 9.1
By Source