strider

6 exploits Active since Jan 2026
CVE-2021-47962 EXPLOITDB MEDIUM text WORKING POC
Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit_user endpoint, which execute in the browsers of users viewing the affected profile after submission.
CVSS 6.4
CVE-2019-25611 EXPLOITDB HIGH text WORKING POC
MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
CVSS 8.4
CVE-2020-36964 EXPLOITDB CRITICAL python WORKING POC
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
CVSS 9.8
CVE-2019-25315 EXPLOITDB MEDIUM text WORKING POC
WordPress Server Log Viewer 1.0 - XSS
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
CVSS 6.4
CVE-2019-25312 EXPLOITDB MEDIUM text WORKING POC
InoERP 0.7.2 - Unauthenticated Stored Cross-Site Scripting in Comment Section
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
CVSS 5.4
EIP-2026-102669 EXPLOITDB text WORKING POC
MariaDB Client 10.1.26 - Denial of Service (PoC)