Text Exploits
31,386 exploits tracked across all sources.
Softros LAN Messenger 9.6.4 - Code Injection
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
by Victor Mondragón
CVSS 7.8
Monica 2.19.1 - Stored Cross-Site Scripting via Last Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
by BouSalman
CVSS 5.4
OpenText Content Server <20.3 - XSS
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
by Kamil Breński
CVSS 5.4
PEEL Shopping 9.3.0 - Stored Cross-Site Scripting via Comments / Special Instructions Parameter
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution.
by Anmol K Sachan
CVSS 7.2
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
by Thinkland Security Team
CVSS 6.5
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
by Suresh Kumar
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
by Pintu Solanki
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
by Suresh Kumar
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
by Pintu Solanki
Nsauditor 3.2.2.0 - Denial of Service via Event Description Buffer Overflow
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
by Ismael Nava
CVSS 7.5
Managed Switch Port Mapping Tool <2.85.2 - DoS
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash.
by Ismael Nava
CVSS 7.5
AgataSoft PingMaster Pro 2.1 - Denial of Service via Trace Route Host Name Overflow
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
by Ismael Nava
CVSS 7.5
BlackCat CMS 1.3.6 - Stored Cross-Site Scripting via Display Name Field
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
by Kamaljeet Kumar
CVSS 4.8
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
by Christian Vierschilling
Tasks <9.7.3 - Privilege Escalation
"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
by Lyhin\'s Lab
CVSS 6.8
Sourcecodester School File Mgmt 1.0 - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
by Pintu Solanki
CVSS 5.4
PDF Complete Corporate Edition 4.1.45 - Code Injection
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
by Ismael Nava
CVSS 7.8
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
by Suresh Kumar
PEEL Shopping 9.3.0 - Stored Cross-Site Scripting via Address Parameter
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.
by Anmol K Sachan
CVSS 7.2
b2evolution CMS <6.11.6 - Open Redirect
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
by Nakul Ratti
CVSS 6.1
b2evolution CMS 6.11.6 - Reflected Cross-Site Scripting via evoadm.php tab3 Parameter
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
by Nakul Ratti
CVSS 6.1
b2evolution < 6.11.6 - Stored Cross-Site Scripting via Plugin Name Input Field
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
by Soham Bakore
CVSS 4.8
AnyTXT Searcher <1.2.394 - Buffer Overflow
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
by Mohammed Alshehri
CVSS 7.8
By Source