Writeup Exploits

63,730 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-35598 WRITEUP CRITICAL
inventorymanagementsystem 1.0 - SQL Injection via Username Parameter
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVSS 9.8
CVE-2022-36261 WRITEUP CRITICAL
taocms 3.0.2 - Arbitrary File Deletion via Admin File Deletion Endpoint
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS 9.1
CVE-2022-36267 WRITEUP CRITICAL
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CVSS 9.8
CVE-2022-36436 WRITEUP CRITICAL
OSU Open Source Lab VNCAuthProxy <1.1.1 - Auth Bypass
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.
CVSS 9.8
CVE-2022-36440 WRITEUP HIGH
Frrouting 8.3.0 - Denial of Service via Malicious BGP Open Packet
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
CVSS 7.5
CVE-2022-36446 WRITEUP CRITICAL
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-36446 WRITEUP CRITICAL
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-36553 WRITEUP CRITICAL
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CVSS 9.8
CVE-2022-36621 WRITEUP HIGH
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_AllocateTransientObject
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
CVSS 7.5
CVE-2022-36622 WRITEUP HIGH
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_GetObjectInfo1
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
CVSS 7.5
CVE-2025-49825 WRITEUP CRITICAL
Teleport <= 17.5.1 - Unauthenticated Remote Authentication Bypass
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
CVSS 9.8
CVE-2022-36633 WRITEUP HIGH
Teleport < 10.1.2 and < 8.3.17 - Unauthenticated Remote Code Execution via SSH Agent Installation Link
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
CVSS 8.8
CVE-2021-41395 WRITEUP MEDIUM
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
CVE-2021-41395 WRITEUP MEDIUM
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
CVE-2021-41394 WRITEUP MEDIUM
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
CVE-2021-41394 WRITEUP MEDIUM
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
CVE-2021-41394 WRITEUP MEDIUM
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
CVE-2021-41394 WRITEUP MEDIUM
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
CVE-2021-41393 WRITEUP CRITICAL
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
CVE-2021-41393 WRITEUP CRITICAL
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
CVE-2021-41393 WRITEUP CRITICAL
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
CVE-2021-41393 WRITEUP CRITICAL
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
CVE-2022-36669 WRITEUP CRITICAL
Hospital Information System 1.0 - SQL Injection
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
CVE-2022-36752 WRITEUP MEDIUM
png2webp 1.0.4 - Out-of-bounds Write via w2p Function
png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.
CVSS 5.5
CVE-2022-37032 WRITEUP CRITICAL
FRRouting < 8.4 - Out-of-bounds Read in BGP Capability Message Parser
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
CVSS 9.1