Writeup Exploits

63,773 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-48194 WRITEUP HIGH
TP-Link TL-WR902AC Firmware < 3.0.9.1 - Authenticated Remote Code Execution via Crafted Firmware Update
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
CVSS 8.8
CVE-2022-48197 WRITEUP MEDIUM
YUI 2000-2800 - Reflected Cross-Site Scripting in Sandbox Examples
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.1
CVE-2022-48197 WRITEUP MEDIUM
YUI 2000-2800 - Reflected Cross-Site Scripting in Sandbox Examples
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.1
CVE-2022-48328 WRITEUP CRITICAL
MISP < 2.4.167 - SQL Injection via IndexFilterComponent Parameter Handling
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVSS 9.8
CVE-2022-48329 WRITEUP CRITICAL
MISP < 2.4.166 - Improper Handling of Exceptional Conditions via Order Parameter
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
CVSS 9.8
CVE-2022-48682 WRITEUP MEDIUM
FDUPES <2.2.0 - Privilege Escalation
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.
CVSS 6.0
CVE-2022-4856 WRITEUP MEDIUM
Modbus Tools Modbus Slave <7.5.1 - Buffer Overflow
A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.
CVSS 6.3
CVE-2022-4857 WRITEUP MEDIUM
Modbus Tools Modbus Poll <9.10.0 - Buffer Overflow
A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.
CVSS 6.3
CVE-2022-4953 WRITEUP MEDIUM
Elementor Website Builder <3.5.5 - XSS
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
CVSS 6.1
CVE-2023-29847 WRITEUP MEDIUM
AeroCMS 0.0.1 - Stored Cross-Site Scripting via Comment Parameters
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
CVE-2022-50895 WRITEUP CRITICAL
Aero CMS 0.0.1 - SQL Injection
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
CVSS 9.8
CVE-2022-46137 WRITEUP HIGH
AeroCMS 0.0.1 - Path Traversal
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
CVSS 7.5
CVE-2022-46135 WRITEUP HIGH
AeroCMS v0.0.1 - Arbitrary File Upload via Posts Edit Endpoint
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVSS 7.2
CVE-2022-38305 WRITEUP HIGH
AeroCMS 0.0.1 - Arbitrary File Upload via Profile Admin Endpoint
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 8.8
CVE-2022-50898 WRITEUP HIGH
NanoCMS 0.4 - Remote Code Execution
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.
CVSS 8.8
CVE-2022-50908 WRITEUP HIGH
Mailhog 1.0.1 - Stored Cross-Site Scripting via Email Attachment
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation.
CVSS 7.2
CVE-2023-0266 WRITEUP HIGH
Linux Kernel >=4.14 <4.14.303 - Use-After-Free in ALSA PCM via Missing Locks
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVSS 7.9
CVE-2023-0315 WRITEUP HIGH
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS 8.8
CVE-2023-0455 WRITEUP HIGH
bumsys < 1.0.3-beta - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
CVSS 8.8
CVE-2023-0459 WRITEUP MEDIUM
Linux Kernel < 4.14.307 - Information Disclosure via copy_from_user Access Bypass
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
CVSS 6.5
CVE-2023-0527 WRITEUP LOW
PHPGurukul Online Security Guards Hiring System 1.0 - Cross-Site Scripting via search-request.php searchdata Parameter
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
CVSS 3.5
CVE-2023-0651 WRITEUP MEDIUM
FastCMS 0.1.0 - Unrestricted File Upload in Template Management
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2023-0664 WRITEUP HIGH
QEMU Guest Agent - Privilege Escalation
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
CVSS 7.8
CVE-2023-0744 WRITEUP CRITICAL
answerdev/answer < 1.0.4 - Account Takeover via Improper Access Control
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
CVSS 9.8
CVE-2023-0777 WRITEUP CRITICAL
modoboa < 2.0.4 - Authentication Bypass
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 9.8