Text Exploits
31,386 exploits tracked across all sources.
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
by Mohammad Koochaki
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
by Mohammad Koochaki
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
by Akshay Khanna
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
by LiquidWorm
Denver SHO-110 - Unauthenticated Snapshot Access via Secondary HTTP Service
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
by Ivan Nikolsky
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
by LiquidWorm
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
by LiquidWorm
Care2x Hospital Information Management System < 2.7 - SQL Injection via pday/pmonth/pyear Parameters
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
by securityforeveryone.com
CVSS 9.8
Oracle Fatwire 6.3 - Multiple Vulnerabilities
by J. Francisco Bolivar
Denver SHC-150 Smart Wifi Camera - RCE
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
by Ivan Nikolsky
CVSS 9.8
TripSpark VEO Transportation - Blind SQL Injection
by Sedric Louissaint
Sourcecodester CRM 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
by Shafique_Wasta
CVSS 9.8
XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
by faisalfs10x
WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)
by LiquidWorm
WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
by Aakash Choudhary
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
by nhattruong
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
by nhattruong
CVSS 8.8
PEEL Shopping 9.4.0 - Unauthenticated SQL Injection
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
by faisalfs10x
CVSS 9.1
WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting
by Vikas Srivastava
By Source