Text Exploits
31,386 exploits tracked across all sources.
NUUO NVRmini 2 Firmware < 3.6.5 - Arbitrary File Upload via upload.php
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
by M3@Pandas
CVSS 9.8
TP-Link TL-WR840N/TL-WR841N <5 - Info Disclosure
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
by BlackFog Team
CVSS 9.8
wityCMS 0.6.1 - Authenticated Stored Cross-Site Scripting via Website Name Field
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
by Nathu Nandwani
CVSS 4.8
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
by L0RD
DomainMod 4.09.03 - Cross-Site Scripting via SSL Provider Account Parameter
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
by longer
CVSS 6.1
DomainMod 4.09.03 - Cross-Site Scripting via Account Owner OID Parameter
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
by longer
CVSS 5.4
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
by AkkuS
Ingenious School Management System - 'id' SQL Injection
by Meisam Monsef
ClipperCMS 1.3.3 - Stored Cross-Site Scripting via Site Name Field
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
by Nathu Nandwani
CVSS 4.8
Bitmain Antminer D3, L3+, and S9 Firmware - Remote Command Execution via System Restore Function
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
by CorryL
CVSS 8.8
Werewolf Online 0.8.8 - Exposure of Firebase Token via Logcat Output
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
by ManhNho
CVSS 7.5
EasyService Billing 1.0 - Cross-Site Scripting via jobcard-ongoing.php q Parameter
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 6.1
EasyService Billing 1.0 - SQL Injection via jobcard-ongoing.php q Parameter
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 9.8
By Source