Text Exploits
31,386 exploits tracked across all sources.
Solari di Udine TTServer 3.24.0.2 - Path Traversal
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
by Fabiano Golluscio
CVSS 7.5
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
by Gaetano Perrone
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
by Milad karimi
SAFARI Montage 8.3 and 8.5 - Reflected Cross-Site Scripting
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
by Momen Eldawakhly
CVSS 6.1
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
by Oscar Gil Gutierrez
openSIS Student Information System 8.0 - 'multiple' SQL Injection
by securityforeveryone.com
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
by Momen Eldawakhly
CVSS 9.8
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
by Akash Patil
Hospitals Patient Records Management System 1.0 - Account TakeOver
by twseptian
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
by twseptian
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Malcrove
Exponent CMS 2.6 Text Editing Endpoint - Stored Cross-Site Scripting
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary JavaScript. The application also exposes database credentials in responses and lacks brute-force protection on authentication endpoints.
by heinjame
CVSS 6.4
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Enes Özeser
Thinfinity VirtualUI < 3.0 - User Enumeration via Password Change Response Discrepancy
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
by Daniel Morales
CVSS 5.3
Oliver v5 Library Server < 5.00.008.053 - Arbitrary File Download via FileServlet
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
by Mandeep Singh
CVSS 7.5
Oliver Library Server < 8.00.008.053 - Unauthenticated Path Traversal via FileServlet fileName Parameter
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
by Mandeep Singh
CVSS 7.5
meterN 1.2.3 - Authenticated Remote Code Execution via COMMANDx and LIVECOMMANDx Parameters
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.
by LiquidWorm
CVSS 8.8
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
by LiquidWorm
CVSS 3.5
Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
by Yehia Elghaly
CVSS 9.8
Microsoft Internet Explorer / ActiveX Control - Security Bypass
by hyp3rlinx
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
by Mansi Singh
HD-Network Real-time Monitoring System 2.0 - Path Traversal via Language Parameter
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
by Momen Eldawakhly
CVSS 7.5
Sourcecodester Free school management software 1.0 - RCE
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
by fuzzyap1
CVSS 9.8
By Source