Text Exploits
31,386 exploits tracked across all sources.
Moodle 3.11.0-3.11.4 - SQL Injection via H5P Activity Web Service
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
by lavclash75
CVSS 9.8
Chamilo LMS 1.11.0-1.11.14 - Stored Cross-Site Scripting via Social Network Invitation Feature
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
by sirpedrotavares
CVSS 5.4
Huawei DG8045 Router 1.0 - Credential Disclosure
by Abdalrahman Gamal
Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 - Unauthenticated Path Traversal via HTTP
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
by Jonah Tan
CVSS 7.5
Mortgage Calculators WP <1.56 - XSS
The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
by Ceylan BOZOĞULLARINDAN
CVSS 4.8
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by Lance Biggerstaff
CVSS 7.8
Online Project Time Management System v1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
by Felipe Alcantara
CVSS 5.4
Online Project Time Management System v1.0 - SQL Injection
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
by Felipe Alcantara
CVSS 9.8
Landa Driving School Management System 2.0.1 - Arbitrary File Upload
by Sohel Yousef
Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browsers of other users viewing the message history, enabling session hijacking and phishing attacks.
by Vulnerability-Lab
CVSS 6.4
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
by Vulnerability-Lab
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
by Vulnerability-Lab
Nyron 1.0 - SQL Injection via thes1 Parameter
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.
by Miguel Santareno
CVSS 9.8
Archeevo <5.0 - Local File Inclusion
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.
by Miguel Santareno
CVSS 7.5
OpenBMCS 2.4 - Unauthenticated Information Disclosure via Directory Listing
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
by LiquidWorm
CVSS 7.5
OpenBMCS 2.4 - Authenticated SQL Injection via obix_test.php id Parameter
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.
by LiquidWorm
CVSS 6.5
OpenBMCS 2.4 phpQuery.php - ip Parameter Server-Side Request Forgery
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
by LiquidWorm
CVSS 7.2
OpenBMCS 2.4 - Cross-Site Request Forgery via sendFeedback.php Endpoint
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
by LiquidWorm
CVSS 4.3
OpenBMCS 2.4 - Privilege Escalation via User Permissions Update Script
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
by LiquidWorm
CVSS 8.8
Sourcecodester Simple Chatbot App <1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
by Saud Alenazi
CVSS 9.8
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
by Saud Alenazi
CVSS 9.8
Online Resort Management System 1.0 - SQLi (Authenticated)
by Gaurav Grover
Crestron HD-MD4X2-4K-E Firmware 1.0.0.2159 - Unauthenticated Credential Disclosure via aj.html
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
by RedTeam Pentesting GmbH
CVSS 9.8
Online Diagnostic Lab Management System 1.0 - RCE
An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.
by Himash
CVSS 6.3
By Source