Writeup Exploits

60,933 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-42226 WRITEUP HIGH
HelpdeskAdvanced <= 11.0.33 - Path Traversal via Email/SaveAttachment Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.
CVSS 7.5
CVE-2023-42227 WRITEUP HIGH
HelpdeskAdvanced <= 11.0.33 - Path Traversal via WSCView/Save Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.
CVSS 7.5
CVE-2023-42228 WRITEUP HIGH
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.
CVSS 8.8
CVE-2023-42229 WRITEUP MEDIUM
HelpdeskAdvanced <= 11.0.33 - Authenticated Path Traversal via WSConnector SOAP Requests
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.
CVSS 6.5
CVE-2023-42230 WRITEUP MEDIUM
HelpdeskAdvanced <= 11.0.33 - Cross-Site Scripting via WSCView/Save Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
CVSS 6.1
CVE-2023-42231 WRITEUP HIGH
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.
CVSS 8.1
CVE-2023-42232 WRITEUP HIGH
HelpdeskAdvanced <= 11.0.33 - Path Traversal via Navigator/Index Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.
CVSS 7.5
CVE-2023-42233 WRITEUP MEDIUM
HelpdeskAdvanced <= 11.0.33 - Cross-Site Scripting via Filter/FilterEditor Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
CVSS 6.1
CVE-2023-42234 WRITEUP MEDIUM
HelpdeskAdvanced <= 11.0.33 - Cross-Site Request Forgery via WSCView Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
CVSS 5.4
CVE-2023-42235 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_normalizedtrans.php Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
CVSS 3.8
CVE-2023-42236 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
CVSS 3.8
CVE-2023-42237 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_i_command.php GET Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
CVSS 3.8
CVE-2023-42238 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_eps.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
CVSS 3.8
CVE-2023-42239 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_ep.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
CVSS 3.8
CVE-2023-42240 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_scheduledfile.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
CVSS 3.8
CVE-2023-42241 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_anagraphic.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
CVSS 3.8
CVE-2023-42242 WRITEUP LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
CVSS 3.8
CVE-2023-42243 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via Administrative Page
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVSS 5.4
CVE-2023-42244 WRITEUP HIGH
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_visits.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
CVSS 8.8
CVE-2023-42245 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via monitor/s_scheduledfile.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
CVSS 6.1
CVE-2023-42246 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via /vam/vam_ep.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
CVSS 6.1
CVE-2023-42247 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via monitor/s_monitor_map.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
CVSS 6.1
CVE-2023-42248 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Authenticated Arbitrary File Write via vam_Sql.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
CVSS 6.5
CVE-2023-42249 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via vam/vam_visits.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
CVSS 6.1
CVE-2023-42250 WRITEUP MEDIUM
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via Autocomplete Endpoint
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVSS 6.1
By Source
All 60,933 Writeup 60,933 Exploitdb 50,023 Nomisec 22,029 Metasploit 3,243 Github 3,050 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,262 ruby 5,933 c 3,602 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24