Text Exploits
31,386 exploits tracked across all sources.
Vianeos OctoPUS 5 - Time-Based Blind SQL Injection via Login User Parameter
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extract information.
by Audencia Business SCHOOL Red Team
CVSS 8.2
Online Voting System 1.0 - Remote Code Execution (Authenticated)
by Salman Asad
Online Voting System 1.0 - Authentication Bypass (SQLi)
by Salman Asad
Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)
by Murat DEMİRCİ
Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)
by Barış Yıldızoğlu
WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)
by Toby Jackson
Atlassian Jira < 8.5.14, 8.6.0-8.13.6, 8.14.0-8.16.0 - Cross-Site Scripting in Number Range Searcher
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
by Captain_hook
CVSS 6.1
Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.
by Brian Rodriguez
CVSS 7.8
Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)
by Barış Yıldızoğlu
WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting in Map List
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
by Mohammed Adam
CVSS 5.4
WordPress Plugin Poll_ Survey_ Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection
by Toby Jackson
Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
by Rinku Kumar
Online Library Management System 1.0 - 'Search' SQL Injection
by Berk Can Geyikci
Phone Shop Sales Management System 1.0 - Insecure Direct Object Reference via ID Parameter
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
by Pratik Khalane
CVSS 4.3
Wise Care 365 <5.6.7.568 - Code Injection
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.
by Julio Aviña
CVSS 7.8
iFunbox 4.2 - Unquoted Search Path Privilege Escalation via Apple Mobile Device Service
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts.
by Julio Aviña
CVSS 7.8
Customer Relationship Management System - Unrestricted File Upload
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .
by Ishan Saha
CVSS 8.8
Emote Interactive Remote Mouse 3.008 - RCE
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.
by Salman Asad
CVSS 7.8
Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path
by Julio Aviña
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
by Riadh Benlamine
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
by Piyush Patil
VX Search 13.5.28 Unquoted Service Path Privilege Escalation
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.
by Brian Rodriguez
CVSS 7.8
Sync Breeze 13.6.18 - Code Injection
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Dup Scout 13.5.28 - Unquoted Service Path Privilege Escalation via Windows Service Configuration
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
By Source