Text Exploits
31,329 exploits tracked across all sources.
Tracker-software Pdf-xchange Viewer - Improper Input Validation
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.
by Daniele Votta
CVSS 7.8
Phpmywind - XSS
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
by 小雨
CVSS 6.1
Joomla! Component Flip Wall 8.0 - 'wallid' SQL Injection
by Ihsan Sencan
Apache2triad - XSS
Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.
by hyp3rlinx
CVSS 6.1
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
by Ihsan Sencan
Osnexus Quantastor < 4.3.0 - Information Disclosure
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
by VVVSecurity
CVSS 5.3
Noviflow Noviware < 400.2.6 - Memory Corruption
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
by François Goichon
CVSS 9.8
Noviflow Noviware < 400.2.6 - Memory Corruption
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
by François Goichon
CVSS 9.8
Ynetinteractive Soa School Management - SQL Injection
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
Joomlaextensions Component Appointment - SQL Injection
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
by Ihsan Sencan
CVSS 9.8
Ambittechnologies Itech B2b Script - SQL Injection
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
Osnexus Quantastor < 4.3.0 - XSS
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
by VVVSecurity
CVSS 6.1
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
by Arvind V
CVSS 7.5
By Source