Text Exploits
31,386 exploits tracked across all sources.
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
by Core Security
CVSS 8.8
News Website Script 2.0.4 - SQL Injection via Search Term
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
by Varun Bagaria
CVSS 9.8
Typesetter 5.1 - Host Header Injection
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
by Navina Asrani
CVSS 8.8
LogicalDOC Enterprise 7.7.4 - Info Disclosure
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
by LiquidWorm
CVSS 7.5
LogicalDOC Enterprise 7.7.4 - Command Injection
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
by LiquidWorm
CVSS 6.5
Readymade Video Sharing Script 3.2 - 'search' SQL Injection
by Varun Bagaria
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 - Stored Cross-Site Scripting via Leave Comment Field
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
by Varun Bagaria
CVSS 6.1
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
by L0RD
Android 8.0-8.1 - Incorrect Permission Assignment for Critical Resource in KeyStore Service
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
by Google Security Research
CVSS 7.8
WonderCMS 2.3.1 - Unrestricted Upload of File with Dangerous Type
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
by Samrat Das
CVSS 8.8
WonderCMS 2.3.1 - HTTP Host Header Injection
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
by Samrat Das
CVSS 7.5
Student Profile Management System Script 2.0.6 - Authentication Bypass
by L0RD
Zh GoogleMap 8.4.0.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
Zh BaiduMap 3.0.0.1 - SQL Injection via id Parameter
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
jsp_tickets 1.1 - SQL Injection via Ticketcode or ID Parameter
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
by Ihsan Sencan
CVSS 9.8
Claymore Dual Miner < 10.5 - Unauthenticated Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
by res1n
CVSS 9.1
Netis WF2419 V3.2.41381 - Stored Cross-Site Scripting via MAC Filtering Description Field
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
by Sajibe Kanti
CVSS 5.4
By Source