Text Exploits
31,346 exploits tracked across all sources.
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
by Daniel Monzón
Online Healthcare management system 1.0 - Authentication Bypass
by BKpatron
HP Linuxki < 6.0-2 - Remote Code Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
by Cody Winkler
CVSS 9.8
Oracle Food and Beverage Apps <5.7 - RCE
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Walid Faour
CVSS 9.0
Mikrotik Router Monitoring System <2018-10-22 - SQL Injection
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
by jul10l1r4
CVSS 9.8
Zohocorp Manageengine Servicedesk Plus - XSS
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
by Felipe Molina
CVSS 6.1
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
by SunCSR
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
by Seecko Das
Tryton 5.4 - XSS
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
by Vulnerability-Lab
CVSS 6.4
Sellacious eCommerce 4.6 - XSS
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.
by Vulnerability-Lab
CVSS 6.4
Orchard Core RC1 - XSS
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
by SunCSR
CVSS 6.4
Idangero Chop Slider - SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
by SunCSR
CVSS 9.8
Cisco Catalyst Center < 1.3.0.6 - XSS
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.
by Dylan Garnaud
CVSS 4.8
Victor CMS 1.0 - SQL Injection
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.
by BKpatron
CVSS 8.2
OpenZ ERP 3.6.60 - XSS
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.
by Vulnerability-Lab
CVSS 6.4
SolarWinds MSP PME <1.1.15 - Code Execution
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
by Jens Regel
CVSS 7.8
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
by Tarun Sehgal
By Source