Text Exploits
31,386 exploits tracked across all sources.
Best POS Management System 1.0 - Unrestricted File Upload via Image Handler
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.
by Ahmed Ismail
CVSS 4.7
Auto Dealer Management System 1.0 - SQL Injection via Manage User ID Parameter
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
Auto Dealer Management System 1.0 - SQL Injection via Sell Vehicle ID Parameter
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System 1.0 - SQL Injection via id Parameter in view_transaction Page
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 4.7
Auto Dealer Management System 1.0 - Improper Access Control in Users.php
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
by nu11secur1ty
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
by LiquidWorm
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
by LiquidWorm
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
by LiquidWorm
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
by LiquidWorm
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
by LiquidWorm
Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection
by LiquidWorm
Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection
by LiquidWorm
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
by LiquidWorm
ABUS TVIP 20000-21150 Firmware - Remote Code Execution via Wireless MFT AP Field
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
CVSS 7.2
Mitel MiCollab AWV < 8.1.2.4 and 9.x < 9.1.3 - Path Traversal via Crafted URL
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
by Kahvi-0
CVSS 5.3
ProjectSend r1605 - Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
by Mirabbas Ağalarov
CVSS 9.8
SOUND4 LinkAndShare Transmitter 1.1.2 - Memory Corruption
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.
by LiquidWorm
CVSS 9.8
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
by Muhammad Navaid Zafar Ansari
I-Tech Trainsmart r1044 - SQL Injection
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
by Adrian Bondocea
CVSS 7.5
By Source