Text Exploits
31,386 exploits tracked across all sources.
WPForms < 1.7.8 - Stored Cross-Site Scripting via Slider Import Search Feature
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
by Milad karimi
CVSS 6.1
Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
by P4p4 M4n3
virtualreception Digital Receptie win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 - Path Traversal via Crafted GET Request
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
by Spinae
CVSS 7.5
LISTSERV 17 - Cross-Site Scripting via c Parameter
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
by Shaunt Der-Grigorian
CVSS 6.1
LISTSERV 17 - Unauthenticated Account Modification via IDOR in wa.exe Email Parameter
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
by Shaunt Der-Grigorian
CVSS 7.5
D-Link DSL-124 ME_1.00 - Info Disclosure
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
by Aryan Chehreghani
CVSS 7.5
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
by Milad karimi
CVSS 7.8
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
by M. Akil Gündoğan
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
by Matthijs van der Vaart (eMVee)
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
by Rajeshwar Singh
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
by Bleron Rrustemi
Moodle LMS 4.0 Cross-Site Scripting via course search.php
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
by Saud Alenazi
CVSS 6.1
Social-Share-Buttons 2.2.3 - SQL Injection
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents.
by nu11secur1ty
CVSS 8.2
Jetpack 11.4 - Cross-Site Scripting via Contact Form post_id Parameter
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.
by Behrouz Mansoori
CVSS 6.1
YouPHPTube <= 7.8 - Cross-Site Scripting via Signup RedirectUri Parameter
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page.
by Rafael Pedrero
CVSS 6.1
YouPHPTube <= 7.8 - Unauthenticated Path Traversal via Lang Parameter
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.
by Rafael Pedrero
CVSS 5.5
SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path
by Jorge Manuel Lozano Gómez
HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path
by Jorge Manuel Lozano Gómez
By Source