Text Exploits
31,386 exploits tracked across all sources.
froxlor < 0.10.30 - SQL Injection via Custom DB Name
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
by Martin Cernac
CVSS 9.8
ImportExportTools NG 10.0.4 - Stored Cross-Site Scripting in Email Export Module
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.
by Vulnerability-Lab
CVSS 6.1
10-Strike Network Inventory Explorer Pro 9.31 - Unquoted Service Path Privilege Escalation via srvInventoryWebServer
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.
by Brian Rodriguez
CVSS 7.8
Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)
by Vulnerability-Lab
RDP Manager 4.9.9.3 - Denial of Service via Oversized Connection Input Fields
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full reinstallation.
by Vulnerability-Lab
CVSS 5.5
Isshue Shopping Cart 3.5 - Stored Cross-Site Scripting in Title Input Fields
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.
by Vulnerability-Lab
CVSS 4.8
WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Luca Schembri
WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
by Vulnerability-Lab
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
by Vulnerability-Lab
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
by Vulnerability-Lab
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Vulnerability-Lab
Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
by Vulnerability-Lab
PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)
by Vulnerability-Lab
PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
by Vulnerability-Lab
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
by Vulnerability-Lab
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5 - Directory Traversal & Security Bypass via Encoded URI
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
by Mayank Deshmukh
CVSS 5.3
Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
by Vulnerability-Lab
PHPGURUKUL Employee Record Management System 1.2 - SQL Injection
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
by Anubhav Singh
CVSS 9.8
Dynojet Power Core 2.3.0 - Code Injection
Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.
by Pedro Sousa Rodrigues
CVSS 7.8
i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw
by LiquidWorm
Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
by P4p4_M4n3
Umbraco CMS 8.14.1 - Server-Side Request Forgery via Dashboard and Help Controller Endpoints
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
by NgoAnhDuc
CVSS 5.3
Automated Logic WebCTRL < 6.5 - Reflected Cross-Site Scripting via operatorlocale Parameter
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
by 3ndG4me
CVSS 6.1
By Source