Text Exploits
31,341 exploits tracked across all sources.
Phpgurukul Employee Record Management System - SQL Injection
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Anurag Kumar
CVSS 9.8
Egavilanmedia Expense Management System - XSS
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
by Nikhil Kumar
CVSS 6.1
Bakeshop Online Ordering System - XSS
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
by Parshwa Bhavsar
CVSS 4.8
Dotcms - XSS
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
by Hardik Solanki
CVSS 4.8
Egavilanmedia User Registration & Login System With Admin Panel - CSRF
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
by Hardik Solanki
CVSS 8.0
Student Result Management System - SQL Injection
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
by Ritesh Gohil
CVSS 9.1
Egavilanmedia User Registration And L... - XSS
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
by Soushikta Chowdhury
CVSS 6.1
cPanel 1.0 - SQL Injection
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
Online Birth Certificate System Project V 1.0 - XSS
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
by Sagar Banwa
CVSS 6.1
Paessler Prtg Network Monitor - XSS
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
by Amin Rawah
CVSS 5.4
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
by Manuel Alvarez
WonderCMS 3.1.3 - XSS
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
Pharmacy Store Management System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
Car Rental Management System 1.0 - SQL Injection / Local File include
by Mosaaed
Anuko Time Tracker <1.19.23.5311 - Info Disclosure
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
by Mufaddal Masalawala
CVSS 9.8
Anuko Time Tracker <1.19.23.5311 - DoS
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox
by Mufaddal Masalawala
CVSS 7.5
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
by Parshwa Bhavsar
NewsLister - Authenticated Persistent Cross-Site Scripting
by Emre Aslan
Local Service Search Engine Management System 1.0 - Auth Bypass
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
by Aditya Wakhlu
CVSS 9.8
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
by Mufaddal Masalawala
Artworks Gallery IN Php, Css, Javascr... - Unrestricted File Upload
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Artworks Gallery IN Php, Css, Javascr... - Unrestricted File Upload
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Mitel ICP VoIP 3100 - Info Disclosure
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.
by Andrea Intilangelo
CVSS 5.6
By Source