Text Exploits
31,368 exploits tracked across all sources.
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.
by AkkuS
CVSS 8.2
Wecodex Restaurant CMS 1.0 SQL Injection via Login
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.
by AkkuS
CVSS 8.2
Shipping System CMS 1.0 SQL Injection via admin login
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.
by AkkuS
CVSS 8.2
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
by AkkuS
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
by AkkuS
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS
MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting
by AkkuS
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
by L0RD
EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting
by AkkuS
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
by Safak Aslan
Samsung Mobile - Integer Overflow
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
by Google Security Research
CVSS 5.3
Intel 64 and IA-32 Architectures - Privilege Escalation
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
by Can Bölük
CVSS 7.8
By Source