Text Exploits
31,386 exploits tracked across all sources.
Symfony 2.7.0 < 4.0.10 - Denial of Service
by Federico Stange
KomSeo Cart 1.3 SQL Injection via edit.php
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based injection techniques.
by AkkuS
CVSS 8.2
Moderator Log Notes 1.1 - Stored Cross-Site Scripting in Mod Notes Textarea
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
by 0xB9
CVSS 5.4
Oracle WebCenter Sites <12.2.1.3.0 - Info Disclosure
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
by Richard Alviarez
CVSS 8.2
Oracle WebCenter Sites <12.2.1.2.0 - Unauthorized Update
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Sites executes to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. Note: Please refer to Doc ID <a href="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2318213.1">My Oracle Support Note 2318213.1 for instructions on how to address this issue. CVSS 3.0 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
by Sebastian Cornejo
CVSS 4.0
ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.
by AkkuS
CVSS 8.2
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
by AkkuS
Honeywell FALCON XLWeb Linux Controller < 2.04.01 and XLWebExe < 2.02.11 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
by t4rkd3vilz
EU MRV Regulatory Complete Solution 1 - Authentication Bypass
by Veyselxan
WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.
by Mr.7z
CVSS 9.8
Library CMS 1.0 SQL Injection via admin login
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username field to manipulate database queries and gain unauthorized access.
by AkkuS
CVSS 8.2
Online Store System CMS 1.0 SQL Injection via clientaccess
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.
by AkkuS
CVSS 8.2
SAT CFDI 3.3 SQL Injection via signIn endpoint
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloads to extract sensitive data or compromise the application.
by AkkuS
CVSS 8.2
School Management System CMS 1.0 Admin Login SQL Injection
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques to the processlogin endpoint to authenticate as administrator without valid credentials.
by AkkuS
CVSS 7.1
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.
by AkkuS
CVSS 8.2
Wecodex Restaurant CMS 1.0 SQL Injection via Login
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.
by AkkuS
CVSS 8.2
Shipping System CMS 1.0 SQL Injection via admin login
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.
by AkkuS
CVSS 8.2
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
by AkkuS
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
by AkkuS
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS
By Source