Text Exploits
31,386 exploits tracked across all sources.
Microstrategy Web 7 - Cross-Site Scripting via ShowAll Parameter
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
Microstrategy Web 7 - Cross-Site Scripting via Login.asp Msg Parameter
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
by Ihsan Sencan
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
by Boumediene KADDOUR
CI User Login and Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
by Ihsan Sencan
Microstrategy Web 7 - Authenticated Path Traversal via subpage Parameter
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 4.3
MOGG web simulator Script All Version SQL Injection via play.php
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
by Meisam Monsef
CVSS 8.2
Grapixel New Media v2.0 - SQL Injection via pages.aspx pageref Parameter
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
by Berk Dusunur
CVSS 9.8
Welcome to our Resort 1.0 - Cross-Site Request Forgery via User Edit Action
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
Open Faculty Evaluation System 7 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
by Ihsan Sencan
CVSS 9.8
Open Faculty Evaluation System 5.6 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
by Ihsan Sencan
CVSS 9.8
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Ring-0 Code Execution via MSR
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
by SecureAuth
CVSS 7.8
By Source