Writeup Exploits

64,321 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-3272 WRITEUP CRITICAL
D-Link DNS-320L, DNS-325, DNS-327L, DNS-340L <20240403 - Hard-coded Credentials in nas_sharing.cgi
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS 9.8
CVE-2024-3273 WRITEUP HIGH
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS 7.3
CVE-2024-33111 WRITEUP MEDIUM
D-Link DIR-845L Firmware <= 1.01KRb03 - Cross-Site Scripting via bsc_sms_inbox.php
D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.
CVSS 5.4
CVE-2024-33112 WRITEUP HIGH
D-Link DIR-845L Firmware < 1.01krb03 - OS Command Injection via hnap_main() Function
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
CVSS 7.5
CVE-2024-33113 WRITEUP MEDIUM
D-LINK DIR-845L <=1.01KRb03 - Information Disclosure via bsc_sms_inbox.php
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
CVSS 5.3
CVE-2024-33309 WRITEUP HIGH
TVS Motor Company Limited TVS Connet <4.5.1, 5.0.0 - Info Disclosure
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 7.5
CVE-2024-33309 WRITEUP HIGH
TVS Motor Company Limited TVS Connet <4.5.1, 5.0.0 - Info Disclosure
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 7.5
CVE-2024-33308 WRITEUP CRITICAL
TVS Motor Company Limited TVS Connet <5.0.0 - Privilege Escalation
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 9.1
CVE-2024-33308 WRITEUP CRITICAL
TVS Motor Company Limited TVS Connet <5.0.0 - Privilege Escalation
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 9.1
CVE-2024-33368 WRITEUP HIGH
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via DownloadPromptScreen Build Method
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen
CVSS 8.8
CVE-2024-33369 WRITEUP HIGH
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via getFileNameFromConnection Path Traversal
Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask
CVSS 8.8
CVE-2024-33398 WRITEUP HIGH
piraeus-operator <= 2.5.0 - Improper Privilege Management via ClusterRole Secrets Access
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.
CVSS 7.5
CVE-2024-33403 WRITEUP CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via event_id Parameter
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.
CVSS 9.8
CVE-2024-33405 WRITEUP HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via add_friends.php friend_index Parameter
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
CVSS 8.6
CVE-2024-33406 WRITEUP HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
CVSS 7.3
CVE-2024-33408 WRITEUP CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
CVSS 9.8
CVE-2024-33409 WRITEUP CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Name Parameter
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.
CVSS 9.8
CVE-2024-33410 WRITEUP HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
CVSS 8.1
CVE-2024-33411 WRITEUP CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
CVSS 9.8
CVE-2024-33428 WRITEUP HIGH
stsaz phiola v2.0-rc22 - Heap-based Buffer Overflow via Crafted WAV File
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
CVSS 8.8
CVE-2024-33429 WRITEUP HIGH
phiola v2.0-rc22 - Heap-based Buffer Overflow in pcm_convert.h
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.
CVSS 7.1
CVE-2024-33430 WRITEUP HIGH
phiola v2.0-rc22 - Remote Code Execution via Crafted WAV File
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
CVSS 8.8
CVE-2024-33431 WRITEUP MEDIUM
phiola v2.0-rc22 - Denial of Service via Crafted WAV File
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.
CVSS 6.5
CVE-2024-33438 WRITEUP HIGH
CubeCart < 6.5.5 - Authenticated Arbitrary Code Execution via PHAR File Upload
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
CVSS 8.0
CVE-2024-33444 WRITEUP CRITICAL
onethink 1.1 - SQL Injection via ModelModel.class.php
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVSS 9.8