Text Exploits
31,386 exploits tracked across all sources.
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
by Google Security Research
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
by Google Security Research
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
by Google Security Research
PHP-SHOP 1.0 Cross-Site Request Forgery via users.php
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.
by Alireza Norkazemi
CVSS 5.3
OwnTicket 2018-05-23 - SQL Injection via showTicketId or editTicketStatusId Parameter
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
by Ihsan Sencan
CVSS 9.8
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
by LiquidWorm
CVSS 9.8
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Time and Expense Management System 3.0 - 'table' SQL Injection
by Ihsan Sencan
BigTree CMS 4.2.23 - Stored Cross-Site Scripting in Image Upload Area
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
by Ismail Tasdelen
CVSS 6.1
TP-Link TL-SC3130 1.6.18P12_121101 - Unauthenticated Exposure of Sensitive Information via RTSP Stream
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
by LiquidWorm
CVSS 7.5
Kados R10 GreenBee SQL Injection via update_feature.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
by Ihsan Sencan
CVSS 6.5
Windows NTFS - Elevation of Privilege via Improper Access Check
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
by Ismail Tasdelen
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
by Ihsan Sencan
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
by Ihsan Sencan
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
by Ihsan Sencan
MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with malicious SQL code in these parameters to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 7.1
By Source