Text Exploits
31,383 exploits tracked across all sources.
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
by Mohammad Reza Omrani
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS
by Vincent McRae_ Mesut Cetin
R Radio Network FM Transmitter 1.07 - Info Disclosure
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
by LiquidWorm
Obi08 Enrollment System 1.0 - SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.
by Gnanaraj Mauviel
Windows PowerShell - Event Log Bypass Single Quote Code Execution
by hyp3rlinx
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection
by Gnanaraj Mauviel
Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection
by Gnanaraj Mauviel
Real Estate Management System v1.0 - Remote Code Execution via File Upload
by Diyar Saadi
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
by Shubham Pandey
CVSS 9.8
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
by Shubham Pandey
CVSS 6.1
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
by Shubham Pandey
CVSS 6.1
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
by Shubham Pandey
CVSS 9.8
AC Repair and Services System v1.0 - Multiple SQL Injection
by Gnanaraj Mauviel
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
by Alok kumar
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
by Meryem Taşkın
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
by Rachit Arora
perl2exe <= V30.10C - Authenticated Arbitrary Code Execution via Packed Executable Argument
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
by decrazyo
dawa-pharma 1.0-2022 - Unauthenticated SQL Injection via Email Parameter
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
by nu11secur1ty
Zoo Management System v1.0 - File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
by Çağatay Ceyhan
CVSS 7.2
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
by Marcin Kozlowski
By Source