Text Exploits
31,386 exploits tracked across all sources.
Netartmedia Deals Portal - SQL Injection
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.
by Ahmet Ümit BAYRAM
CVSS 8.2
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN - Privilege Escalation
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
by Kumar Saurav
CVSS 8.8
ChinaMobile GPN2.4P21-C-CN Firmware W2001EN-00 - Cross-Site Request Forgery via Wireless Security Page
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
by Kumar Saurav
CVSS 8.8
eNdonesia Portal v8.7 SQL Injection via banners.php
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.
by Mehmet EMIROGLU
CVSS 8.2
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data.
by Ahmet Ümit BAYRAM
CVSS 8.2
Netartmedia Event Portal 2.0 - SQL Injection
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Microsoft Edge - Security Feature Bypass via Click2Play Flash Handling
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
by Google Security Research
CVSS 5.3
upcoming_events < 1.33 - Cross-Site Scripting via Event Name
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
by 0xB9
CVSS 6.1
Gila CMS 1.9.1 - Cross-Site Scripting
Gila CMS 1.9.1 has XSS.
by Ahmet Ümit BAYRAM
CVSS 6.1
Chrome < 73.0.3683.75 - Use-After-Free via WebMIDI Integer Overflow
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
by Google Security Research
CVSS 8.8
Google Chrome < 73.0.3683.75 - Use-After-Free via Blink Storage Integer Overflow
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
by Google Security Research
CVSS 8.8
Chrome < 73.0.3683.75 - Use-After-Free in DOMStorage
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Google Security Research
CVSS 7.5
Google Chrome < 73.0.3683.75 - Data Race in Extensions Guest View
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Google Security Research
CVSS 7.5
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
by Google Security Research
Vembu StoreGrid 4.4.x - Cross-Site Scripting in Registration Failure/Success Pages
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
by Gionathan Reale
CVSS 6.1
Vembu StoreGrid 4.4.x - Exposure of Sensitive Information via Index Page Hidden Form Value
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
by Gionathan Reale
CVSS 5.3
netdata < 1.13.0 - HTML Injection via Snapshot Import
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
by s4vitar
CVSS 6.1
Internet Explorer - Remote Code Execution via MSHTML Engine Input Validation
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
by Eduardo Braun Prado
CVSS 8.8
Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
by hyp3rlinx
By Source