Text Exploits
31,386 exploits tracked across all sources.
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
by ZwX
Digi AnywhereUSB 14 Firmware - Cross-Site Scripting via Digi Page Link
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
by Raspina Net Pars Group
CVSS 6.1
ASTPP 4.0.1 - Unauthenticated Sensitive Information Disclosure via Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
by Fabien AUNAY
CVSS 7.5
TotalAV 2020 4.14.31 - Privilege Escalation via Quarantine NTFS Directory Junction
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
by Kusol Watchara-Apanukorn
CVSS 7.8
MSN Password Recovery 1.30 - Info Disclosure
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
by ZwX
CVSS 6.2
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
by Fabien AUNAY
CVSS 9.8
Codoforum 4.8.3 - Stored Cross-Site Scripting via Display Name, Title, or Content Parameters
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
by Vyshnav nk
CVSS 4.8
JetBrains TeamCity 2018.2.4 - Remote Code Execution
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
by hantwister
CVSS 9.8
Cisco Data Center Network Manager < 11.3(1) - Authenticated Unauthorized Access to JBoss EAP
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
by hantwister
CVSS 6.3
AnyDesk 5.4.0 - Unquoted Service Path Privilege Escalation
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
by SajjadBnd
CVSS 7.8
piSignage < 2.6.4 - Authenticated Path Traversal via Log Download API
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
by JunYeong Ko
CVSS 4.3
FTPGetter Professional 5.97.0.223 - Denial of Service via Crafted String
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
by FULLSHADE
CVSS 7.5
Voyager 1.3.0 - Path Traversal via Asset Path Parameter
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
by NgoAnhDuc
CVSS 7.5
Adaware Web Companion 4.9.2159 - Code Injection
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
Codoforum 4.8.3 - Stored Cross-Site Scripting via User Registration Username Field
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
by Prasanth
CVSS 6.1
PHPGurukul Small CRM v2.0 - Auth Bypass
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
by FULLSHADE
CVSS 8.8
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
by FULLSHADE
CVSS 9.8
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection via Username Parameter
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
by Chris Inzinga
CVSS 9.8
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Complaint Management System 4.0 - 'cid' SQL injection
by FULLSHADE
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
by Ismail Tasdelen
Plantronics Hub 3.13.2 - Local Privilege Escalation
by Markus
By Source