Text Exploits
31,386 exploits tracked across all sources.
Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.
by LiquidWorm
CVSS 9.8
PHPOffice PhpSpreadsheet <1.5.0 - XSS
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
by Alex Leahu
CVSS 8.8
Arm Whois 3.11 - Local Buffer Overflow via Structured Exception Handler Overwrite
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
by zephyr
CVSS 8.4
No-Cms 1.0 - Authenticated SQL Injection via order_by Parameter
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious SQL code in the order_by[0] parameter to extract sensitive database information.
by Loading Kura Kura
CVSS 7.1
Easy Testimonials 3.2 - Stored Cross-Site Scripting via _ikcf_client, _ikcf_position, and _ikcf_other Parameters
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
by En_dust
CVSS 6.1
AbiSoft Ticketly 1.0 - SQL Injection via Multiple Parameters
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
by Javier Olmedo
CVSS 9.8
WordPress CherryFramework Themes 3.1.4 Backup File Download
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.
by b1p0l4r
CVSS 7.5
WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.
by AkkuS
CVSS 8.2
Synaccess netBooter NP-0801DU 7.4 - CSRF
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page.
by LiquidWorm
CVSS 4.3
AbiSoft Ticketly 1.0 - Unauthenticated Privilege Escalation via add_user Action
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
by Javier Olmedo
CVSS 9.8
Windows COM Aggregate Marshaler - Privilege Escalation
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Warranty Tracking System 11.06.3 - SQL Injection
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)
by Ihsan Sencan
DomainMOD < 4.11.01 - Cross-Site Scripting via Registrar Account RAID Parameter
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
by Dawood Ansar
CVSS 6.1
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by Google Security Research
CVSS 7.0
Precurio Intranet Portal 2.0 - CSRF
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
by Ihsan Sencan
CVSS 4.3
Net-Billetterie 2.9 - SQL Injection
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, passwords, and system credentials.
by Ihsan Sencan
CVSS 8.2
Meneame English Pligg 5.8 - SQL Injection
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
Galaxy Forces MMORPG 0.5.8 - SQL Injection
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 7.1
EverSync 0.5 - Unauthenticated Arbitrary File Download via Files Directory
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.
by Ihsan Sencan
CVSS 7.5
By Source