Text Exploits
31,386 exploits tracked across all sources.
Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating accommodation types, which execute in the browser when visitors access the accommodations page.
by Sanjay Singh
CVSS 6.4
microweber < 1.2.15 - Unauthenticated Account Takeover via Email Registration
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.
by Manojkumar J
CVSS 8.8
Zyxel Firewall SUID Binary Privilege Escalation
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
by Valentin Lobstein
CVSS 9.8
SolarView Compact <6.00 - Path Traversal
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
by Ahmed Alroky
CVSS 7.5
Newsletter Module v3.x - SQL Injection via zemez_newsletter_email Parameter
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
by Saud Alenazi
CVSS 9.8
T-Soft E-Commerce 4 - SQL Injection
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.
by Alperen Ergel
CVSS 7.2
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
by Akshay Ravi
CVSS 5.4
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
by Alperen Ergel
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting via Signup Parameter
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
by Pankaj Kumar Thakur
CVSS 5.4
SolarView Compact 6.00 - Command Injection
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
by Ahmed Alroky
CVSS 9.8
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
by Ahmed Alroky
CVSS 9.8
Royal Event Management System 1.0 - SQL Injection via todate Parameter
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
by Eren Gozaydin
CVSS 8.8
College Management System 1.0 - SQL Injection via course_code Parameter
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
by Eren Gozaydin
CVSS 8.8
Telesquare TLR-2005KSH 1.0.0 - File Deletion
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
by Ahmed Alroky
CVSS 9.1
e107 CMS 3.2.1 - Authenticated Path Traversal and Arbitrary File Write via Media Manager Upload Caption
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface.
by Hubert Wojciechowski
CVSS 7.2
e107 CMS 3.2.1 - Authenticated Arbitrary File Write via Media Manager Import URL Parameter
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.
by Hubert Wojciechowski
CVSS 7.2
ITEC ITeCProteccioAppServer - Code Injection
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.
by Edgar Carrillo Egea
CVSS 8.4
ImpressCMS 1.4.4 - Unrestricted File Upload via Weak Extension Sanitization Bypass
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
by Ünsal Furkan Harani
CVSS 9.8
e107 CMS <3.2.1 - Authenticated RCE
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.
by Hubert Wojciechowski
CVSS 7.2
e107 CMS 3.2.1 - Authenticated Stored Cross-Site Scripting via SVG Upload Bypass
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads that can execute arbitrary scripts when viewed.
by Hubert Wojciechowski
CVSS 4.8
e107 CMS 3.2.1 - Authenticated Reflected Cross-Site Scripting via News Comment URL Parameter
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.
by Hubert Wojciechowski
CVSS 9.8
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
by AkuCyberSec
UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
by Edgar Carrillo Egea
PyScript <2022-05-04 - Info Disclosure
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
by Momen Eldawakhly
CVSS 7.5
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
by Hassan Khan Yusufzai
By Source