Text Exploits
31,341 exploits tracked across all sources.
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
by h4cks1n
Dirsearch 0.4.1 - Code Injection
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
by Dolev Farhi
CVSS 9.8
IObit Uninstaller 10 Pro - Privilege Escalation
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
by Mayur Parmar
CVSS 7.8
WinAVR <20100110 - Privilege Escalation
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
by Mohammed Alshehri
CVSS 8.8
Totalonlinesolutions Advanced Webhost Billing System - CSRF
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.
by Rahul Ramakant Singh
CVSS 4.3
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
by Mehmet Kelepçe
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
by Nhat Ha
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
by Arnav Tripathy
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
by Kshitiz Raj
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
by Kshitiz Raj
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
by Shivam Verma
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
by ALI AL SINAN
CVSS 7.5
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
by MoeAlBarbari
CVSS 9.8
Janobe Baby Care System - XSS
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
by Hardik Solanki
CVSS 5.4
Jkev Responsive E-learning System - SQL Injection
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
by Kshitiz Raj
CVSS 9.8
Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
by Geovanni Ruiz
Td-agent-builder < 2020-12-18 - Incorrect Permission Assignment
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
by Adrian Bondocea
CVSS 7.0
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
by Park Won Seok
WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS
by Park Won Seok
Resumes Management and Job Application Website 1.0 - Authentication Bypass
by Kshitiz Raj
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting
by Mesut Cetin
By Source