Text Exploits
31,386 exploits tracked across all sources.
NoviWare < 400.2.6 - Authenticated Buffer Overflow via 'show log cli' Command
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
by François Goichon
CVSS 9.8
SOA School Management 3.0 - SQL Injection
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
Joomla! Component Appointment 1.1 - SQL Injection
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
by Ihsan Sencan
CVSS 9.8
Ambit Technologies iTech Scripts - SQL Injection
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
OSNEXUS QuantaStor < 4.3.0 - Cross-Site Scripting via REST Error Response
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
by VVVSecurity
CVSS 6.1
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
by Arvind V
CVSS 7.5
iTech Business Networking Script 8.26 - SQL Injection
by Ihsan Sencan
Symantec Messaging Gateway < 10.6.3-267 - Remote Code Execution
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
by Philip Pettersson
CVSS 8.8
By Source