Writeup Exploits

64,419 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-41316 WRITEUP CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8
CVE-2024-41317 WRITEUP HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS 8.0
CVE-2024-41318 WRITEUP CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8
CVE-2024-41319 WRITEUP CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8
CVE-2024-41319 WRITEUP CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8
CVE-2024-41320 WRITEUP HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVSS 8.8
CVE-2024-41348 WRITEUP MEDIUM
openflights - Cross-Site Scripting via php/alsearch.php
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php
CVSS 6.1
CVE-2024-41357 WRITEUP HIGH
phpipam 1.6 - Cross-Site Scripting via PowerDNS Record Edit Page
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
CVSS 7.1
CVE-2024-41358 WRITEUP MEDIUM
phpipam 1.6 - Cross-Site Scripting via Import Load Data
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVSS 6.1
CVE-2024-41358 WRITEUP MEDIUM
phpipam 1.6 - Cross-Site Scripting via Import Load Data
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
CVSS 6.1
CVE-2024-41437 WRITEUP MEDIUM
hicolor 0.5.0 - Heap-based Buffer Overflow in cp_unfilter() via Crafted PNG File
A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS 5.5
CVE-2024-41438 WRITEUP MEDIUM
hicolor 0.5.0 - Heap-based Buffer Overflow in cp_stored Function
A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS 6.2
CVE-2024-41439 WRITEUP MEDIUM
hicolor 0.5.0 - Heap Buffer Overflow in cp_block Function via Crafted PNG File
A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS 5.5
CVE-2024-41440 WRITEUP MEDIUM
hicolor 0.5.0 - Heap-based Buffer Overflow in png_quantize()
A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS 6.2
CVE-2024-41443 WRITEUP MEDIUM
hicolor 0.5.0 - Stack Overflow in cp_dynamic Function via Crafted PNG File
A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
CVSS 5.5
CVE-2024-41453 WRITEUP MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - XSS
A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVSS 4.8
CVE-2024-41453 WRITEUP MEDIUM
Process Maker pm4core-docker <4.1.21-RC7 - XSS
A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVSS 4.8
CVE-2024-41565 WRITEUP MEDIUM
JustEnoughItems < 11.6.0.1021 - Item Duplication via Unvalidated Slot Index
JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.
CVSS 4.3
CVE-2024-41616 WRITEUP CRITICAL
D-Link DIR-300 REVA - Info Disclosure
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
CVSS 9.8
CVE-2024-41651 WRITEUP HIGH
PrestaShop < 8.1.7 - Server-Side Request Forgery via Module Upgrade Functionality
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).
CVSS 8.1
CVE-2024-41666 WRITEUP MEDIUM
Argo CD 2.6.0-2.9.21 - Privilege Escalation via Web Terminal Permission Revocation Bypass
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD has a Web-based terminal that allows users to get a shell inside a running pod, just as they would with kubectl exec. Starting in version 2.6.0, when the administrator enables this function and grants permission to the user `p, role:myrole, exec, create, */*, allow`, even if the user revokes this permission, the user can still perform operations in the container, as long as the user keeps the terminal view open for a long time. Although the token expiration and revocation of the user are fixed, however, the fix does not address the situation of revocation of only user `p, role:myrole, exec, create, */*, allow` permissions, which may still lead to the leakage of sensitive information. A patch for this vulnerability has been released in Argo CD versions 2.11.7, 2.10.16, and 2.9.21.
CVSS 4.7
CVE-2024-41809 WRITEUP HIGH
OpenObserve 0.4.4-0.10.0 - Stored Cross-Site Scripting in MemberSubscription.vue
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.
CVSS 7.2
CVE-2024-41817 WRITEUP HIGH
ImageMagick 7.0.11-13-7.1.1-36 - Uncontrolled Search Path Element via MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
CVSS 7.0
CVE-2024-41818 WRITEUP HIGH
fast-xml-parser >=4.3.5 <4.4.1 - Uncontrolled Resource Consumption via ReDOS in Currency Parser
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
CVSS 7.5
CVE-2024-41947 WRITEUP CRITICAL
XWiki 11.8-15.10.7 - Stored Cross-Site Scripting via Edit Conflict
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.
CVSS 9.0