Text Exploits
31,386 exploits tracked across all sources.
Edimax EW-7438RPn <1.13 - Info Disclosure
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.
by Besim
CVSS 7.5
Edimax EW-7438RPn 1.13 - Cross-Site Request Forgery in MAC Filtering Configuration
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
by Besim
CVSS 5.3
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
NSClient++ <0.5.2.35 - Authenticated RCE
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port 8443), inject arbitrary commands as external scripts via the /settings/query.json API, save the configuration, and trigger the script via the /query/{name} endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise.
This capability is an intended feature, but the lack of safeguards or privilege separation makes it risky when exposed to untrusted actors.
by kindredsec
CVSS 7.8
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API.
This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by kindredsec
CVSS 7.8
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
by LiquidWorm
CVSS 3.5
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 3.5
jizhicms 1.6.7 - Authenticated Arbitrary File Download via Admin Plugins Update Endpoint
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
by jizhicms
CVSS 8.8
PMB 5.6 - Authenticated SQL Injection via logid Parameter
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
by 41-trk
CVSS 7.1
CSZ CMS 1.2.7 - Stored Cross-Site Scripting via Private Message User-Agent Header
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
by Metin Yunus Kandemir
CVSS 5.4
CSZ CMS 1.2.7 - Authenticated HTML Injection via Member Messaging System
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
by Metin Yunus Kandemir
CVSS 5.4
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
by LiquidWorm
CVSS 4.3
Atomic Alarm Clock 6.3 - Privilege Escalation
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.
by boku
CVSS 7.8
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
by Vulnerability-Lab
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
by Vulnerability-Lab
Playable 9.18 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
Cisco IP Phone Multiple Models Firmware - Unauthenticated RCE or DoS via HTTP
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
by Jacob Baines
CVSS 9.8
Pinger 1.0 - Remote Code Execution via Ping and Socket Parameter Injection
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
by Milad karimi
CVSS 9.8
Xeroneit Library Management System 3.0 - 'category' SQL Injection
by Sohel Yousef
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
By Source