Text Exploits
31,364 exploits tracked across all sources.
Cpa Lead Reward Script - SQL Injection
CPA Lead Reward Script allows SQL Injection via the username parameter.
by Ihsan Sencan
CVSS 9.8
Bekirk Creative Management System Lite - SQL Injection
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
by Ihsan Sencan
CVSS 9.8
Readymadeb2bscript Basic B2b Script - SQL Injection
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
by Ihsan Sencan
CVSS 9.8
Yourarticlesdirectory Article Directory Script - SQL Injection
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
by Ihsan Sencan
CVSS 9.8
Arox School Erp Php Script - SQL Injection
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
by Ihsan Sencan
CVSS 9.8
Adultscriptpro - SQL Injection
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
by Ihsan Sencan
CVSS 9.8
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Hardcoded Password
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
by j0lama
CVSS 9.8
Mitrastar Gpt-2541gnac Firmware - Incorrect Default Permissions
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
by j0lama
CVSS 8.8
Phpmyfaq < 2.9.8 - XSS
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
by Nikhil Mittal
CVSS 5.4
Phpsugar Php Melody - SQL Injection
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
by Venkat Rajgor
CVSS 9.8
Phpmyfaq < 2.9.8 - CSRF
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
by Nikhil Mittal
CVSS 8.8
Sophos Hitmanpro < 3.7.20 - Memory Corruption
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
by cbayet
CVSS 7.8
Keystone < 4.0.0 - Improper Input Validation
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
by Ishaq Mohammed
CVSS 8.8
Keystone < 4.0.0 - XSS
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
by Ishaq Mohammed
CVSS 6.1
Getmura Mura Cms < 6.1 - XXE
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
by Anthony Cole
CVSS 6.5
By Source