Text Exploits
31,341 exploits tracked across all sources.
RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC
by LiquidWorm
Atcom 100M IP Phones <2.7.x.x - Command Injection
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.
by Mohammed Adel
CVSS 8.8
WEBIGniter 28.7.23 - RCE
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
by nu11secur1ty
Coppermine Gallery 1.6.25 - Authenticated RCE
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
by Mirabbas Ağalarov
CVSS 8.8
Tinycontrol LAN Controller <1.58a - DoS
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
by LiquidWorm
Tinycontrol Lan Controller Firmware < 1.58a - Missing Authorization
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
by LiquidWorm
CVSS 9.8
Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
by Moein Shahabi
Online ID Generator 1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Media Library Assistant <3.09 - RCE
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.
by Florent MONTEL
CVSS 9.8
Infosoftbd Clcknshop - SQL Injection
A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 6.3
Cacti < 1.2.25 - Command Injection
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by Antonio Francesco Sardella
CVSS 7.2
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
by Riyan Firmansyah of Seclab
Soosyze 2.0.0 - Code Injection
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
by nu11secur1ty
CVSS 9.8
Jorani 1.0.3 - XSS
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
by nu11secur1ty
Elementor Website Builder <3.5.5 - XSS
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
by Miguel Santareno
CVSS 6.1
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.
by CraCkEr
CVSS 6.3
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
by nu11secur1ty
Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
by AmirZargham
CVSS 6.1
By Source