Text Exploits
31,383 exploits tracked across all sources.
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
by Marcin Kozlowski
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
by LiquidWorm
Online Shopping System Advanced 1.0 - SQL Injection via Payment Success Parameter
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
by Furkan Gedik
CVSS 7.5
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
by SoSPiro
CVSS 9.8
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
by hyp3rlinx
CVSS 5.1
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
by hyp3rlinx
CVSS 9.1
WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated User Enumeration via TELNET Service
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
by hyp3rlinx
CVSS 7.5
WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated Denial of Service via Reboot Endpoint
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
by hyp3rlinx
CVSS 7.5
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
by Sagar Banwa
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
by hyp3rlinx
SureMDM On-premise <6.31 - Info Disclosure
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.
This issue affects SureMDM On-premise: 6.31 and below version
by Jonas Benjamin Friedli
CVSS 4.8
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
by LiquidWorm
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by yozgatalperen1
CVSS 7.3
Online Nurse Hiring System 1.0 - Time-Based SQL Injection
by yozgatalperen1
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
by Furkan ÖZER
By Source