Text Exploits
31,341 exploits tracked across all sources.
Spiceworks - Open Redirect
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by Ramikan
CVSS 6.1
Xinuos Openserver - XSS
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
by Ramikan
CVSS 6.1
Xinuos Openserver - OS Command Injection
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
by Ramikan
CVSS 9.8
Queue Management System 4.0.0 - _Add User_ Stored XSS
by Kislay Kumar
Online Marriage Registration System 1.0 - SQL Injection
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
by Raffaele Sabato
CVSS 8.8
Flexmonster Pivot Table & Charts - XSS
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts - XSS
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts - XSS
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts - XSS
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Xeroneit Library Management System 3.1 - XSS
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.
by Kislay Kumar
CVSS 6.4
Qdocs Smart Hospital - XSS
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
by Kislay Kumar
CVSS 4.8
Alumni Management System 1.0 - Unrestricted File Upload To RCE
by Aakash Madaan
Alumni Management System 1.0 - _Course Form_ Stored XSS
by Aakash Madaan
FRITZ!OS <7.21 - Auth Bypass
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
by RedTeam Pentesting GmbH
CVSS 7.8
Victor Cms - SQL Injection
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
by Furkan Göksel
CVSS 8.8
Onlineonly Phpjabbers Appointment Scheduler - XSS
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
by Andrea Intilangelo
CVSS 6.1
Online Tours & Travels Management System 1.0 - _id_ SQL Injection
by Saeed Bala Ahmed
Medical Center Portal Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
Interview Management System 1.0 - Stored XSS in Add New Question
by Saeed Bala Ahmed
Interview Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
By Source