Text Exploits
31,386 exploits tracked across all sources.
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
by Nassim Asrir
Professional Bus Booking Script - 'hid_Busid' SQL Injection
by Ihsan Sencan
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
Samba < 4.4.12 - Symlink Race Condition
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
by Google Security Research
CVSS 7.5
QNAP QTS < 4.2.4 - Unauthenticated Sensitive Information Exposure via uLinux.conf
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
by Pasquale Fiorillo
CVSS 7.5
D-Link DCS-936L < 1.05.07 - Cross-Site Request Forgery via Referer Header Validation Bypass
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
by SlidingWindow
CVSS 8.8
Miele Professional PST10 - Path Traversal
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.
by Jens Regel
CVSS 7.5
Scriptzee Flippa Marketplace Clone 1.0 - SQL Injection
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
by Hamed Izadi
By Source