Text Exploits

EIP-2026-110576 EXPLOITDB text

Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)

by Murat

View

CVE-2021-24287 EXPLOITDB MEDIUM text

Select All Categories and Taxonomies < 1.3.2 - Reflected XSS via Tab Parameter

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

by 0xB9

CVSS 6.1

View

CVE-2021-24286 EXPLOITDB MEDIUM text

Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting via Tab Parameter

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

by 0xB9

CVSS 6.1

View

EIP-2026-110319 EXPLOITDB text

OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)

by Eric Salario

View

CVE-2021-42165 EXPLOITDB HIGH text

MitraStar GPT-2541GNAC-N1 Firmware - Authenticated OS Command Injection via DeviceInfo Path Parameter

MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".

by Leonardo Nicolas Servalli

CVSS 8.8

View

CVE-2021-24274 EXPLOITDB MEDIUM text

Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site Scripting via Tab Parameter

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

by 0xB9

CVSS 6.1

View

CVE-2021-24610 EXPLOITDB MEDIUM text

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting via Insufficient String Sanitization

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.

by Nosa Shandy

CVSS 4.8

View

CVE-2021-24275 EXPLOITDB MEDIUM text

Popup by Supsystic < 1.10.5 - Reflected Cross-Site Scripting via Tab Parameter

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

by 0xB9

CVSS 6.1

View

CVE-2021-24276 EXPLOITDB MEDIUM text

Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site Scripting via Tab Parameter

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

by 0xB9

CVSS 6.1

View

EIP-2026-101728 EXPLOITDB text

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)

by LiquidWorm

View

EIP-2026-101727 EXPLOITDB text

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)

by LiquidWorm

View

EIP-2026-101726 EXPLOITDB text

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

by LiquidWorm

View

EIP-2026-101725 EXPLOITDB text

FatPipe Networks WARP 10.2.2 - Authorization Bypass

by LiquidWorm

View

EIP-2026-114182 EXPLOITDB text

WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)

by Renos Nikolaou

View

EIP-2026-109113 EXPLOITDB text

Library System 1.0 - 'student_id' SQL injection (Authenticated)

by Vinay Bhuria

View

CVE-2020-36926 EXPLOITDB HIGH text

SmarterTrack 7922 - Info Disclosure

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.

by Andrei Manole

CVSS 7.5

View

EIP-2026-117561 EXPLOITDB text

Microsoft Windows cmd.exe - Stack Buffer Overflow

by hyp3rlinx

View

EIP-2026-110577 EXPLOITDB text

Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass

by Janik Wehrli

View

CVE-2021-24169 EXPLOITDB MEDIUM text

Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting via Admin Panel Tab Parameter

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

by 0xB9

CVSS 6.1

View

EIP-2026-111394 EXPLOITDB text

Police Crime Record Management Project 1.0 - Time Based SQLi

by ()t/\\/\\1

View

EIP-2026-105638 EXPLOITDB text

Budget and Expense Tracker System 1.0 - Arbitrary File Upload

by ()t/\\/\\1

View

CVE-2021-47787 EXPLOITDB HIGH text

TotalAV <5.15.69 - Privilege Escalation

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

by Andrea Intilangelo

CVSS 7.8

View

EIP-2026-112063 EXPLOITDB text

Simple Attendance System 1.0 - Unauthenticated Blind SQLi

by ()t/\\/\\1

View

CVE-2021-40868 EXPLOITDB MEDIUM text

Cloudron 6.2 - Reflected Cross-Site Scripting via Login Page returnTo Parameter

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

by Akıner Kısa

CVSS 6.1

View

CVE-2021-41645 EXPLOITDB HIGH text

Sourcecodester Budget and Expense Tracker System 1.0 - Remote Code Execution via Image Upload

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .

by Abdullah Khawaja

CVSS 8.8

View