Text Exploits
31,346 exploits tracked across all sources.
Pisignage < 2.6.4 - Path Traversal
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
by JunYeong Ko
CVSS 4.3
Ftpgetter - Out-of-Bounds Write
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
by FULLSHADE
CVSS 7.5
Voyager 1.3.0 - Path Traversal
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
by NgoAnhDuc
CVSS 7.5
Adaware Web Companion 4.9.2159 - Code Injection
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
Codoforum 4.8.3 - XSS
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
by Prasanth
CVSS 6.1
PHPGurukul Small CRM v2.0 - Auth Bypass
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
by FULLSHADE
CVSS 8.8
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
by FULLSHADE
CVSS 9.8
Phpgurukul Dairy Farm Shop Management System - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
by Chris Inzinga
CVSS 9.8
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Complaint Management System 4.0 - 'cid' SQL injection
by FULLSHADE
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
by Ismail Tasdelen
Plantronics Hub 3.13.2 - Local Privilege Escalation
by Markus
Online Course Registration 2.0 - Remote Code Execution
by Metin Yunus Kandemir
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
by Hakan TAŞKÖPRÜ
BloodX 1.0 - Auth Bypass
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.
by riamloo
CVSS 6.5
Phpgurukul Hospital Management System - XSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
by FULLSHADE
CVSS 6.1
Phpgurukul Hospital Management System - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
by FULLSHADE
CVSS 8.8
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
by Raif Berkay Dincel
NextVPN 4.10 - Privilege Escalation
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.
by SajjadBnd
CVSS 7.8
Thrive Smart Home 1.1 - SQL Injection
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
by LiquidWorm
CVSS 8.2
RICOH Web Image Monitor 1.09 - XSS
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.
by Ismail Tasdelen
CVSS 6.1
Heatmiser Netmonitor v3.03 - XSS
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.
by Ismail Tasdelen
CVSS 6.1
By Source