Text Exploits
31,386 exploits tracked across all sources.
Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)
by Aniket Deshmane
Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)
by Aniket Deshmane
Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)
by Aniket Deshmane
Plastic SCM <10.0.16.5622 - Info Disclosure
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
by Basavaraj Banakar
CVSS 7.5
Mitsubishi Electric Europe B.V. SmartRTU - Info Disclosure
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
by Hamit CİBO
CVSS 7.5
Mitsubishi Electric SmartRTU Firmware - Cross-Site Scripting via Login Username Parameter or PATH_INFO
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
by Hamit CİBO
CVSS 6.1
i-Panel Administration System 2.0 - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.
by Forster Chiu
CVSS 6.1
TextPattern CMS 4.8.7 Remote Code Execution via File Upload
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system function.
by Mert Daş
CVSS 8.8
Simple Payroll System with Dynamic Tax Bracket - SQL Injection via Login Username Parameter
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
by Yash Mahajan
CVSS 9.8
Cypress Solutions CTM-200 2.7.1 - Command Injection
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.
by LiquidWorm
CVSS 8.8
Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)
by Hüseyin Serkan Balkanli
Simple Issue Tracker System 1.0 - SQLi Authentication Bypass
by Bekir Bugra TURKOGLU
Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass
by Blackhan
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
by Yash Mahajan
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
by Mert Daş
SonicOS < 7.0.1-r1262 - Host Header Redirection
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
by Ramikan
CVSS 6.1
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
by Lotfi13-DZ
IFSC Code Finder Project 1.0 - SQL Injection via searchifsccode Parameter
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
by Yash Mahajan
CVSS 9.8
Cmder Console Emulator 1.3.18 - DoS
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer and crash the application.
by Aryan Chehreghani
CVSS 9.8
django-unicorn < 0.36.0 - Cross-Site Scripting via Component Name
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
by Raven Security Associates
CVSS 5.4
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
by Amine ismail
Simple Online College Entrance Exam System 1.0 - Account Takeover
by Amine ismail
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
by Amine ismail
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
by snup
By Source