Writeup Exploits

60,656 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4103 WRITEUP
Django Piston <0.2.3 or <0.2.2.1 - Code Injection
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
CVE-2011-4617 WRITEUP
virtualenv < 1.5 - Arbitrary File Overwrite via Symlink Attack
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
CVE-2012-0878 WRITEUP
Paste Script <1.7.5 - Privilege Escalation
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
CVE-2012-0878 WRITEUP
Paste Script <1.7.5 - Privilege Escalation
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
CVE-2012-2451 WRITEUP
Perl Config::IniFiles <2.71 - Local Privilege Escalation
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
CVE-2012-5577 WRITEUP HIGH
Python keyring lib <0.10 - Info Disclosure
Python keyring lib before 0.10 created keyring files with world-readable permissions.
CVSS 7.5
CVE-2012-5577 WRITEUP HIGH
Python keyring lib <0.10 - Info Disclosure
Python keyring lib before 0.10 created keyring files with world-readable permissions.
CVSS 7.5
CVE-2013-4546 WRITEUP
GitLab <1.7.4 - Authenticated Command Injection
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
CVE-2013-4583 WRITEUP HIGH
GitLab <5.4.2/6.2.4/6.2.1 - Privilege Escalation
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
CVSS 8.8
CVE-2013-4582 WRITEUP MEDIUM
GitLab <5.4.2, <6.2.4, <6.2.1 - Info Disclosure
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
CVSS 6.5
CVE-2013-4581 WRITEUP
GitLab < 6.2.3 - Remote Code Execution via SSH
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
CVE-2013-4580 WRITEUP
GitLab <5.4.2, <6.2.4, <6.2.1 - Auth Bypass
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
CVE-2013-4546 WRITEUP
GitLab <1.7.4 - Authenticated Command Injection
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
CVE-2013-4490 WRITEUP
GitLab <5.4.1, <6.2.3 - Command Injection
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
CVE-2013-4489 WRITEUP
GitLab 5.2-5.4.1 and 6.x-6.2.3 - Authenticated Remote Code Execution via Grit Gem Search Feature
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
CVE-2013-6409 WRITEUP
Debian adequate < 0.8.1 - Local Privilege Escalation via TIOCSTI ioctl
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
CVE-2014-0485 WRITEUP
S3QL <1.18.1 - Code Injection
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
CVE-2014-2527 WRITEUP
KDirStat 2.7.0 - Remote Code Execution via Directory Name with Double Quote Character
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
CVE-2014-2528 WRITEUP
KDirStat <2.7.3 - Command Injection
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
CVE-2014-3207 WRITEUP
SKS Keyserver < 1.1.5 - Cross-Site Scripting via PATH_INFO to pks/lookup/undefined1
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
CVE-2014-3207 WRITEUP
SKS Keyserver < 1.1.5 - Cross-Site Scripting via PATH_INFO to pks/lookup/undefined1
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
CVE-2014-8540 WRITEUP MEDIUM
GitLab 6.0.0-6.9.2 and 7.x < 7.4.3 - Authenticated Arbitrary Group Ownership Modification via Groups API
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVSS 6.5
CVE-2014-9130 WRITEUP
LibYAML 0.1.5 and 0.1.6 - Denial of Service via Line-Wrapping Assertion Failure
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
CVE-2014-9130 WRITEUP
LibYAML 0.1.5 and 0.1.6 - Denial of Service via Line-Wrapping Assertion Failure
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
CVE-2014-2525 WRITEUP
LibYAML < 0.1.6 - Heap-Based Buffer Overflow via Percent-Encoded URI
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
By Source
All 60,656 Writeup 60,656 Exploitdb 50,056 Nomisec 21,999 Metasploit 3,233 Github 3,028 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,263 ruby 5,923 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24