Text Exploits
31,386 exploits tracked across all sources.
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
by SecureAuth
CVSS 7.1
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via CR Register
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
Modbus Slave 7.0.0 - Buffer Overflow
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via IO Port
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
School Event Management System 1.0 - SQL Injection via id Parameter
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
by Ihsan Sencan
CVSS 9.8
School Event Management System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
School Event Management System 1.0 - Arbitrary File Upload via Event Controller
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
by Ihsan Sencan
CVSS 9.8
School Attendance Monitoring System 1.0 - SQL Injection via ID Parameter
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
by Ihsan Sencan
CVSS 9.8
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via User Edit Endpoint
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
by Ihsan Sencan
CVSS 8.8
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via event/controller.php
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
by Ihsan Sencan
CVSS 8.8
SaltOS 3.1 r8126 - SQL Injection via action2 Parameter
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
by Ihsan Sencan
CVSS 9.8
SaltOS 3.1 r8126 - SQL Injection via Login Action Parameter
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
by Ihsan Sencan
CVSS 9.8
SaltOS 3.1 r8126 - Unauthenticated Database Download
SaltOS 3.1 r8126 contains a database download vulnerability.
by Ihsan Sencan
CVSS 6.5
RhinOS 3.0 build 1190 - Cross-Site Request Forgery
RhinOS 3.0 build 1190 allows CSRF.
by Ihsan Sencan
CVSS 6.5
Pointofsales - SQL Injection
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
by Ihsan Sencan
CVSS 9.8
Tubigan Welcome to our Resort 1.0 - SQL Injection via index.php or admin/login.php Parameters
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
by Ihsan Sencan
CVSS 9.8
K-iwi Framework 1775 - SQL Injection via user_group_id or user_id Parameter
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
by Ihsan Sencan
CVSS 9.8
BSEN Ordering Software 1.0 - SQL Injection via ID Parameter
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
by Ihsan Sencan
CVSS 9.8
Curriculum Evaluation System 1.0 - SQL Injection via Login Screen
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
by Ihsan Sencan
CVSS 9.8
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
by Ihsan Sencan
Bakeshop Inventory System 1.0 - SQL Injection via Login Screen
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
by Ihsan Sencan
CVSS 9.8
Canonical Ubuntu Linux < 240 - Race Condition
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
by Google Security Research
CVSS 7.0
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
by Ihsan Sencan
By Source