Text Exploits
31,346 exploits tracked across all sources.
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Simple Job Script - SQL Injection
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authentication and extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Titan FTP Server 2019 Build 3505 - Path Traversal
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
by Kevin Randall
CVSS 6.5
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
by ze0r
CVSS 7.8
Rukovoditel <2.4.1 - XSS
Rukovoditel before 2.4.1 allows XSS.
by Javier Olmedo
CVSS 6.1
Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Zeeways Matrimony CMS Lastest SQL Injection via profile_list
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
by Ahmet Ümit BAYRAM
CVSS 7.5
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 8.2
F5 BIG-IP <13.1.0.3 - Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
by Google Security Research
CVSS 7.2
VMware Workstation <15.0.3-14.1.6 - Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
by Google Security Research
CVSS 8.8
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
Inout Article Base CMS Lastest SQL Injection via portalLogin.php
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.
by Ahmet Ümit BAYRAM
CVSS 8.2
By Source