Text Exploits
31,386 exploits tracked across all sources.
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access
by GulfTech Security
PHP Melody 2.7.1 - SQL Injection via Playlist Parameter
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
by Ahmad Mahfouz
CVSS 9.8
Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
by LiquidWorm
CVSS 9.8
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
by LiquidWorm
SilverStripe < 3.5.6, 3.6.x < 3.6.3, 4.x < 4.0.1 - CSV Injection via User Profile Fields
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.
by Ishaq Mohammed
CVSS 5.5
UniFi Video < 3.8.0 - Local Privilege Escalation via Weak Installation Directory Permissions
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
by Julien Ahrens
CVSS 7.8
JEXTN FAQ Pro 4.0.0 - SQL Injection via id Parameter
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
by Ihsan Sencan
CVSS 9.8
Biometric Shift EMS 3.0 - Auth Bypass
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
by Ihsan Sencan
CVSS 7.5
Vitek - Remote Command Execution / Information Disclosure (PoC)
by bashis
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 - SQL Injection via Multiple Parameters
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
by Rajwinder Singh
CVSS 9.8
Conarc iChannel - Unauthenticated Sensitive Information Exposure and Denial of Service via wc.dll EditConfig Request
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).
by Information Paradox
CVSS 9.8
Joomla NextGen Editor 2.1.0 SQL Injection via plname Parameter
Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
BrightSign Digital Signage <4k242 - Path Traversal
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
by Information Paradox
CVSS 7.5
BrightSign 4K242 Firmware < 6.2.63 - Cross-Site Scripting via REF Parameter
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
by Information Paradox
CVSS 6.1
Intel Graphics Driver - Privilege Escalation
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
by Google Security Research
CVSS 7.8
BrightSign 4k242 Firmware < 6.2.63 - Path Traversal and Arbitrary File Write via /storage.html rp Parameter
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
by Information Paradox
CVSS 9.8
Joomla! Component JB Visa 1.0 SQL Injection via visatype
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.
by Ihsan Sencan
CVSS 8.2
Joomla! Component User Bench 1.0 SQL Injection via userid
Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=com_userbench&view=detail&userid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
Joomla! Component My Projects 2.0 SQL Injection
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.
by Ihsan Sencan
CVSS 8.2
Monstra CMS 3.0.4 - Unrestricted Upload of File with Dangerous Type via Case Bypass
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
by Ishaq Mohammed
CVSS 8.8
Joomla! Component Guru Pro - 'promocode' SQL Injection
by Ihsan Sencan
Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection
by Ihsan Sencan
By Source