Text Exploits
31,386 exploits tracked across all sources.
Intelbras Wireless N 150Mbps router WRN 240 - XSS
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.
by Elber Tavares
CVSS 6.1
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
by 8bitsec
FiberHome User End Router AN1020-25 - Info Disclosure
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
by Ibad Shah
CVSS 9.8
Mongoose Embedded Web Server Library < 6.8 - Cross-Site Request Forgery via __mg_admin?save
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
by hyp3rlinx
CVSS 8.8
A2billing 2.x - Backup File Download / Remote Code Execution
by 0x4148
CodeMeter < 6.50a - Cross-Site Scripting via Time Server Configuration
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
by Vulnerability-Lab
CVSS 5.4
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
by mame
CVSS 7.5
T&W WIFI Repeater BE126 - Authenticated Remote Code Execution via User Parameter
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
by Hay Mizrachi
CVSS 8.8
Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
By Source