Text Exploits
31,386 exploits tracked across all sources.
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.
by LiquidWorm
CVSS 8.2
SOCA Access Control System 180612 - Cross-Site Request Forgery
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
by LiquidWorm
CVSS 5.3
OpenProject 5.0.0-8.3.1 - SQL Injection via Activities API ID Parameter
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
by SEC Consult
CVSS 8.1
CyberArk Enterprise Password Vault <=10.7 - XXE
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
by Marcelo Toran
CVSS 9.8
TheHive Project UnshortenLink analyzer <1.1 - SSRF
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.
by Alexandre Basquin
CVSS 7.7
ManageEngine ADSelfService Plus 5.7 - Cross-Site Scripting in Employee Search Feature
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
by Ibrahim Raafat
CVSS 6.1
MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
by strider
CVSS 8.4
NetNumber Titan Master 7.9.1 Path Traversal via drp
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow.
by MobileNetworkSecurity
CVSS 6.5
Heidelberg Prinect Archiver v2013 release 1.0 - Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
by alt3kx
CVSS 6.1
PHPads 2.0 - Unauthenticated SQL Injection via click.php3 bannerID Parameter
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.
by felipe andrian
CVSS 7.1
microASP Portal+ CMS - SQL Injection
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name.
by felipe andrian
CVSS 8.2
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API.
This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by bzyo
CVSS 7.8
SmartBear ReadyAPI 2.5.0-2.6.0 - Remote Code Execution via WSDL Import
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Gilson Camelo
CVSS 8.8
Microsoft Windows PowerShell ISE - Remote Code Execution
by hyp3rlinx
SolarWinds DameWare Mini Remote Control 10.0 - Buffer Overflow via Machine Name Size Field
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
by Dino Barlattani
CVSS 7.5
Zotonic < 0.47.0 - Cross-Site Scripting in mod_admin
Zotonic before version 0.47 has mod_admin XSS.
by Ramòn Janssen
CVSS 4.8
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
by Jacob Baines
CVSS 9.8
CentOS-WebPanel.com <0.9.8.793,0.9.8.753,0.9.8.807 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
by DKM
CVSS 4.8
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
by Mr Winst0n
By Source