Text Exploits
31,383 exploits tracked across all sources.
Online ID Generator 1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Media Library Assistant <3.09 - RCE
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.
by Florent MONTEL
CVSS 9.8
Clcknshop 1.0.0 - SQL Injection via GET Parameter Handler
A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 6.3
Cacti < 1.2.25 - Authenticated Remote Code Execution via SNMP Device Options
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by Antonio Francesco Sardella
CVSS 7.2
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
by Riyan Firmansyah of Seclab
Soosyze 2.0.0 - Unrestricted Upload of File with Dangerous Type via Broken Upload Logic
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
by nu11secur1ty
CVSS 9.8
Jorani 1.0.3 - Reflected Cross-Site Scripting via Language Parameter
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
by nu11secur1ty
Elementor Website Builder <3.5.5 - XSS
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
by Miguel Santareno
CVSS 6.1
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.
by CraCkEr
CVSS 6.3
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
by nu11secur1ty
Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
by AmirZargham
CVSS 6.1
Kingo ROOT <1.5.8.3353 - Privilege Escalation
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
by Anish Feroz
CVSS 7.8
NVClient 5.0 - Stack-based Buffer Overflow via User Configuration Contact Field
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.
by Ahmet Ümit BAYRAM
CVSS 5.5
Member Login Script 3.3 - HTTP Request Smuggling via Content-Length Header Parsing
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.
by nu11secur1ty
Bus Reservation System 1.1 - SQL Injection
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database.
by nu11secur1ty
CVSS 9.8
Academy LMS 6.1 - Authenticated Stored Cross-Site Scripting via Profile Avatar Upload
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.
by CraCkEr
CVSS 5.4
DLink DPH-400SE FRU <2.2.15.8 - Privilege Escalation
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
by tahaafarooq
CVSS 8.8
Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow
by Waqas Ahmed Faroouqi
SPA-Cart eCommerce CMS 1.9.0.3 - XSS
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.
by CraCkEr
CVSS 3.5
tdevs hyip_rio 2.1 - Cross-Site Scripting via Profile Settings Avatar Parameter
A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 3.5
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
by Daniel González
By Source