Text Exploits
31,386 exploits tracked across all sources.
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
by Google Security Research
MobaXterm Personal Edition 9.4 - Path Traversal
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
by hyp3rlinx
CVSS 5.3
Yellow Pages Script 3.2 - 'category_id' SQL Injection
by Ihsan Sencan
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
by rungga_reksya
CVSS 8.8
dnaTools dnaLIMS 4-2015s13 - Insufficiently Protected Credentials in Password Storage
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
by Shorebreak Security
CVSS 8.1
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
by Shorebreak Security
CVSS 7.5
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Remote Code Execution via sysAdmin.cgi
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
by Shorebreak Security
CVSS 9.8
Kinsey Infor-Lawson - SQL Injection via TABLE or QUERY Parameter
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
by Michael Benich
CVSS 9.8
dnaTools dnaLIMS 4-2015s13 - Session Hijacking via UID Parameter Guessing
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
by Shorebreak Security
CVSS 8.8
WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
by Ihsan Sencan
CVSS 7.5
WordPress Plugin PICA Photo Gallery 1.0 SQL Injection
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.
by Ihsan Sencan
CVSS 8.2
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.
by Ihsan Sencan
CVSS 7.5
WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.
by Ihsan Sencan
CVSS 8.2
By Source