Text Exploits
31,346 exploits tracked across all sources.
Part-DB 0.4 - Auth Bypass
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application.
by Marvoloo
CVSS 7.5
Blue-Smiley-Organizer 1.32 - SQL Injection
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.
by cakes
CVSS 8.2
JumpStart 0.6.0.0 - Code Injection
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
by Roberto Escamilla
CVSS 7.8
Intelbras WRN 150 1.0.18 - CSRF
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
by cakes
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
by cakes
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
by Google Security Research
AUO Sunveillance Monitoring System & Data Recorder - SQL Injection
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
by Luca.Chiou
CVSS 7.5
AUO Sunveillance Monitoring System & ... - Unrestricted File Upload
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
by Luca.Chiou
CVSS 9.8
WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection
by Lucian Ioan Nitescu
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
by Sainadh Jamalpur
Rocket.chat < 2.1.0 - XSS
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
by 3H34N
CVSS 6.1
Moxa Edr-810 Firmware < 5.1 - Improper Input Validation
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
by RandoriSec
CVSS 7.2
Trend Micro ATTK <1.62.0.1218 - RCE
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
by hyp3rlinx
CVSS 7.8
Adobe Acrobat DC < 15.006.30504 - Out-of-Bounds Write
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
WorkgroupMail 7.5.1 - Code Injection
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by cakes
CVSS 7.8
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
by Debashis Pal
CVSS 7.8
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
by Debashis Pal
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
by Unk9vvN
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
by Unk9vvN
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
by Unk9vvN
Zilab Remote Console Server 3.2.9 - Privilege Escalation
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by cakes
CVSS 7.8
By Source