Text Exploits
31,341 exploits tracked across all sources.
Kingo ROOT <1.5.8.3353 - Privilege Escalation
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
by Anish Feroz
CVSS 7.8
NVClient 5.0 - Buffer Overflow
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.
by Ahmet Ümit BAYRAM
CVSS 5.5
Member Login Script 3.3 - SSRF
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.
by nu11secur1ty
Bus Reservation System 1.1 - SQL Injection
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database.
by nu11secur1ty
CVSS 9.8
Academy LMS 6.1 - XSS
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.
by CraCkEr
CVSS 5.4
DLink DPH-400SE FRU <2.2.15.8 - Privilege Escalation
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
by tahaafarooq
CVSS 8.8
Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow
by Waqas Ahmed Faroouqi
SPA-Cart eCommerce CMS 1.9.0.3 - XSS
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.
by CraCkEr
CVSS 3.5
tdevs Hyip Rio 2.1 - XSS
A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 3.5
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
by Daniel González
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
by Daniel González
Credit Lite - SQL Injection
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.
by CraCkEr
CVSS 6.3
Blood Donor Management System v1.0 - Stored XSS
by Ehlullah Albayrak
Pi-hole Adminlte < 5.17 - Improper Access Control
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path:
`/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.
by kv1to
CVSS 5.3
Phpgurukul <3.0 - SQL Injection
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.
by Ashutosh Singh Umath
CVSS 9.8
Phpgurukul <3.0 - XSS
Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.
by Ashutosh Singh Umath
CVSS 5.4
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
by shinnai
CVSS 9.8
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
by shinnai
CVSS 9.8
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
by shinnai
CVSS 9.8
Inosoft VisiWin <2022-2.1 - Privilege Escalation
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
by shinnai
CVSS 7.8
PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
by Kerimcan Ozturk
Global - Multi School Management System Express v1.0- SQL Injection
by Ahmet Ümit BAYRAM
By Source