Text Exploits
31,341 exploits tracked across all sources.
H3C SSL VPN - Info Disclosure
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
by LiquidWorm
CVSS 7.5
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
by Saud Alenazi
CVSS 9.8
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
by Saud Alenazi
CVSS 9.8
Error Log Viewer <1.1.1 - Privilege Escalation
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
by Ceylan BOZOĞULLARINDAN
CVSS 4.9
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Luis Martínez
Kyocera Command Center RX ECOSYS M2035dn - Path Traversal
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.
by Luis Martínez
CVSS 7.5
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
by Aryan Chehreghani
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
by Alperen Ergel
Cain & Abel 4.9.56 - Code Injection
Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.
by Aryan Chehreghani
CVSS 7.8
Home Owners Collection Management System - SQL Injection
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
by Saud Alenazi
CVSS 9.8
Home Owners Collection Management System v1.0 - Info Disclosure
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
by Saud Alenazi
CVSS 9.8
Home Owners Collection Management System - Remote Code Execution
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
by Saud Alenazi
CVSS 8.8
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
by Milad karimi
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
by Milad karimi
Hms - SQL Injection
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
by nu11secur1ty
CVSS 9.8
Exam Reviewer Management System 1.0 - Authenticated RCE
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
by Juli Agarwal
CVSS 8.8
Exam Reviewer Management System 1.0 - SQL Injection
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
by Juli Agarwal
CVSS 9.8
AtomCMS v2.0 - SQL Injection
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
by Luca Cuzzolin
CVSS 9.8
Security Audit WP <1.0.0 - XSS
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
by Shweta Mahajan
CVSS 4.8
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS)
by Milad karimi
CP Blocks WP <1.0.15 - XSS
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
by Shweta Mahajan
CVSS 4.8
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
by nu11secur1ty
CVSS 9.8
Filebrowser <2.18.0 - CSRF
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
by FEBIN MON SAJI
CVSS 8.8
Flame II HSPA USB Modem - Privilege Escalation
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
by Ismael Nava
CVSS 9.8
By Source