Text Exploits
31,386 exploits tracked across all sources.
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
by Manuel Alvarez
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Menu Component
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
Pharmacy Store Management System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
Car Rental Management System 1.0 - SQL Injection / Local File include
by Mosaaed
Anuko Time Tracker <1.19.23.5311 - Info Disclosure
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.
by Mufaddal Masalawala
CVSS 9.8
Anuko Time Tracker <1.19.23.5311 - DoS
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox
by Mufaddal Masalawala
CVSS 7.5
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
by Parshwa Bhavsar
Local Service Search Engine Management System 1.0 - Auth Bypass
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
by Aditya Wakhlu
CVSS 9.8
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
by Mufaddal Masalawala
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Edit Profile
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Add Artwork
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Mitel ICP VoIP 3100 - Info Disclosure
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.
by Andrea Intilangelo
CVSS 5.6
Acer Global Registration Service 1.0.0.3 - Code Injection
Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup.
by Emmanuel Lujan
CVSS 7.8
EPSON Status Monitor 3 8.0 - Unquoted Service Path Privilege Escalation via E_S60RPB.EXE
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
Tendenci 12.3.1 - CSV Formula Injection via Contact Form Message Field
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
by Mufaddal Masalawala
CVSS 9.8
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Area Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Cross-Site Scripting via Made Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Item Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Table Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
by yunaranyancat
CVSS 5.4
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
by Jok3r
CVSS 7.8
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
by yunaranyancat
CVSS 5.4
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
By Source