Text Exploits
31,386 exploits tracked across all sources.
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via Image Save Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
by Fariskhi Vidyan
CVSS 7.5
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via paths[0] Bypass
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter in get_file Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
by Fariskhi Vidyan
CVSS 7.5
tecrail Responsive FileManager 9.13.4 - Cross-Site Scripting via Media File Upload
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
by Fariskhi Vidyan
CVSS 6.1
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Deletion via paths[0] Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
tecrail Responsive FileManager 9.13.4 - Path Traversal & Directory Deletion via execute.php
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
by Ihsan Sencan
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
by Ihsan Sencan
Double Your Bitcoin Script Automatic - Authentication Bypass
by Veyselxan
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
by alt3kx
CVSS 6.5
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
by alt3kx
CVSS 6.5
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
by Google Security Research
WP AutoSuggest 0.24 - Unauthenticated SQL Injection via wpas_keys Parameter
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.
by Kaimi
CVSS 8.2
ThinkPHP 5.0.23 Remote Code Execution via invokefunction
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.
by VulnSpy
CVSS 9.8
McAfee True Key <5.1.230.7 - Privilege Escalation
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
by Google Security Research
CVSS 7.8
McAfee True Key < 5.1.230.7 - Unauthenticated Arbitrary Code Execution via Weak Directory Permissions
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
by Google Security Research
CVSS 7.2
Junos OS - Stack-based Buffer Overflow in Telnet Client via Environment Variable Handling
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
by Hacker Fantastic
CVSS 7.8
ZTE ZXHN H168N Firmware <= V2.2.0_PK1.2T5 - Unauthenticated Critical Function Access
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
by Usman Saeed
CVSS 6.5
HotelDruid HotelDruid <2.3.0 - SQL Injection
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.
by Sainadh Jamalpur
CVSS 9.8
PrinterOn Enterprise 4.1.4 - Info Disclosure
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
by bzyo
CVSS 6.5
McAfee True Key < 5.1.230.7 - Privilege Escalation via Malware Execution
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
by Google Security Research
CVSS 7.5
Tourism Website Blog - Remote Code Execution / SQL Injection
by Ihsan Sencan
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Registrar Account Fields
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
by Mohammed Abdul Raheem
CVSS 4.8
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
By Source