Text Exploits
31,341 exploits tracked across all sources.
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
by Rahul Ramakant Singh
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
by Mesut Cetin
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
by Siva Rajendran
Online Shopping Cart System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
Online Movie Streaming 1.0 - Admin Authentication Bypass
by Richard Jones
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
by Richard Jones
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
by Mesut Cetin
Newtarget Custom Global Variables - XSS
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
by Swapnil Subhash Bodekar
CVSS 5.4
Prestashop - SQL Injection
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
by Jaimin Gondaliya
CVSS 9.8
OpenCart 3.0.36 - ATO via Cross Site Request Forgery
by Mahendra Purbia
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
by Mesut Cetin
EyesOfNetwork 5.3 - RCE & PrivEsc
by Audencia Business SCHOOL Red Team
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
by Ramazan Mert GÖKTEN
Online Doctor Appointment System Php Full Source Code - XSS
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
by Mohamed habib Smidi
CVSS 5.4
Life Insurance Management System 1.0 - Multiple Stored XSS
by Arnav Tripathy
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
by Metin Yunus Kandemir
Medicalexpo Ecs Imaging < 6.21.5 - SQL Injection
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer
by shoxxdj
CVSS 9.8
Cockpit <0.6.1 - RCE
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
by Rafael Resende
CVSS 9.8
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
By Source