Text Exploits
31,386 exploits tracked across all sources.
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
by emaragkos
CVSS 6.5
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
by emaragkos
CVSS 4.3
GUnet OpenEclass 1.7.3 - Auth Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
by emaragkos
CVSS 8.8
GUnet OpenEclass 1.7.3 - SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
by emaragkos
CVSS 7.1
Alfresco < 5.2.7 and < 6.2.0 - Authenticated Stored Cross-Site Scripting via Uploaded Document
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
by Alexandre ZANNI
CVSS 5.4
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
by Olga Villagran
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
by Paulina Girón
Tutor LMS < 1.5.3 - Cross-Site Request Forgery
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
by Jinson Varghese Behanan
CVSS 6.5
Joplin < 1.0.184 - Stored Cross-Site Scripting and Arbitrary File Read
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
by Javier Olmedo
CVSS 5.4
TP-LINK TL-WR849N 0.9.1 4.16 - Unauthenticated Firmware Replacement via cgi/softup POST Request
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.
by Elber Tavares
CVSS 6.1
Intelbras WRN 240 Firmware - Unauthenticated Firmware Replacement via Firmware.cfg URI
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
by Elber Tavares
CVSS 7.5
Business Live Chat Software 1.0 - CSRF
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
by Meisam Monsef
CVSS 5.3
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m - OS Command Injection via ping.cgi
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
by Raki Ben Hamouda
CVSS 8.8
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
by indoushka
CVSS 7.1
eLection 2.0 - Authenticated SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
by J3rryBl4nks
CVSS 7.1
ATutor 2.2.4 - Authenticated SQL Injection via Admin User Deletion ID Parameter
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
by Andrey Stoykov
CVSS 7.1
AMSS++ 4.31 - SQL Injection via Mail Module id Parameter
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
by indoushka
CVSS 8.2
AMSS++ 4.7 - Authentication Bypass via Hardcoded Credentials
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
by indoushka
CVSS 7.5
DotNetNuke < 9.5.0 - Persistent Cross-Site Scripting via Journal XML File Upload
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.
by Sajjad Pourali
CVSS 6.4
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
by emaragkos
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
by J3rryBl4nks
Real Web Pentesting Tutorial Step by Step - [Persian]
by Meisam Monsef
Zoho ManageEngine EventLog Analyzer <10.0 SP1 Build 12110 - Information Disclosure
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
by Scott Goodwin
CVSS 8.8
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
by Todor Donev
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
by Todor Donev
By Source