Writeup Exploits

63,783 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-33185 WRITEUP MEDIUM
django-ses < 3.5.0 - Improper Verification of Cryptographic Signature in SESEventWebhookView
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.
CVSS 4.6
CVE-2023-33186 WRITEUP HIGH
Zulip Server - Stored Cross-Site Scripting in Message Feed Tooltips
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.
CVSS 8.2
CVE-2023-33242 WRITEUP CRITICAL
lindell17 - Private Key Extraction via Abort Handling in Lindell17 TSS Protocol
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
CVSS 9.6
CVE-2023-33242 WRITEUP CRITICAL
lindell17 - Private Key Extraction via Abort Handling in Lindell17 TSS Protocol
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
CVSS 9.6
CVE-2023-33246 WRITEUP CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
CVSS 9.8
CVE-2023-33289 WRITEUP HIGH
urlnorm < 0.1.4 - Regular Expression Denial of Service via Crafted URL
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."
CVSS 7.5
CVE-2023-33362 WRITEUP CRITICAL
Piwigo 13.6.0 - SQL Injection via Profile Function
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
CVSS 9.8
CVE-2023-33381 WRITEUP HIGH
MitraStar GPT-2741GNAC - Command Injection
A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.
CVSS 7.2
CVE-2023-33440 WRITEUP HIGH
Sourcecodester Faculty Evaluation System v1.0 - RCE
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
CVSS 7.2
CVE-2023-33443 WRITEUP CRITICAL
BES-6024PB-I50H1 VideoPlayTool <2.0.1.0 - Command Injection
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints.
CVSS 9.8
CVE-2023-33517 WRITEUP HIGH
carRental 1.0 - Arbitrary File Read via Incorrect Access Control
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
CVSS 7.5
CVE-2023-33538 WRITEUP HIGH
TP-Link TL-WR940N TL-WR841N TL-WR740N - OS Command Injection via WlanNetworkRpm Endpoint
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
CVSS 8.8
CVE-2023-33558 WRITEUP HIGH
ocomon < 4.0.1 - Information Disclosure via users-grid-data.php
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
CVSS 7.5
CVE-2023-33559 WRITEUP HIGH
OcoMon < 4.0.1 - Local File Inclusion via Lang Parameter
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.
CVSS 8.8
CVE-2023-33568 WRITEUP HIGH
Dolibarr 16.0.0-16.0.4 - Unauthenticated Database Dump via Contact File Access
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVSS 7.5
CVE-2023-33580 WRITEUP MEDIUM
Phpgurukul Student Study Center Management System V1.0 - XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
CVSS 4.8
CVE-2023-33584 WRITEUP CRITICAL
Sourcecodester Enrollment System Project V1.0 - SQL Injection
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS 9.8
CVE-2023-33592 WRITEUP CRITICAL
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
CVSS 9.8
CVE-2023-33617 WRITEUP HIGH
Parks Fiberlink 210 <V2.1.14_X000 - Command Injection
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
CVSS 7.2
CVE-2023-33626 WRITEUP CRITICAL
D-Link DIR-600 <2.18 - Buffer Overflow
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
CVSS 9.8
CVE-2023-33625 WRITEUP CRITICAL
D-Link DIR-600 <2.18 - Command Injection
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
CVSS 9.8
CVE-2023-33675 WRITEUP CRITICAL
Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function.
CVSS 9.8
CVE-2023-33673 WRITEUP CRITICAL
Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS 9.8
CVE-2023-33672 WRITEUP HIGH
Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.
CVSS 7.5
CVE-2023-33671 WRITEUP CRITICAL
Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
CVSS 9.8