Text Exploits
31,341 exploits tracked across all sources.
e107 <2.3.0 - Info Disclosure
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
by Tadjmen
CVSS 8.8
Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)
by Tushar Vaidya
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)
by Tushar Vaidya
Web Based Quiz System 1.0 - XSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.
by P.Naveen Kumar
CVSS 6.1
Web Based Quiz System 1.0 - XSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
by Praharsh Kumar Singh
CVSS 6.1
Skittles Employee Records System - Unrestricted File Upload
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
by sml
CVSS 9.8
Triconsole Datepicker Calendar <3.77 - XSS
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
by Akash Chathoth
CVSS 6.1
Lightcms - XSS
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
by Peithon
CVSS 5.4
Vehicle Parking Management System 1.0 - XSS
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.
by Tushar Vaidya
CVSS 4.8
LogonExpert 8.1 - Privilege Escalation
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
by Victor Mondragón
CVSS 7.8
Softros LAN Messenger 9.6.4 - Code Injection
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
by Victor Mondragón
CVSS 7.8
Monica 2.19.1 - XSS
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
by BouSalman
CVSS 5.4
OpenText Content Server <20.3 - XSS
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
by Kamil Breński
CVSS 5.4
PEEL Shopping 9.3.0 - XSS
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution.
by Anmol K Sachan
CVSS 7.2
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
by Thinkland Security Team
CVSS 6.5
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
by Suresh Kumar
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
by Pintu Solanki
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
by Suresh Kumar
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
by Pintu Solanki
Nsasoft Nsauditor - Resource Allocation Without Limits
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
by Ismael Nava
CVSS 7.5
Managed Switch Port Mapping Tool <2.85.2 - DoS
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash.
by Ismael Nava
CVSS 7.5
AgataSoft PingMaster Pro 2.1 - DoS
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
by Ismael Nava
CVSS 7.5
By Source