Text Exploits
31,386 exploits tracked across all sources.
Online Students Management System 1.0 - 'username' SQL Injections
by George Tsimpidas
Cisco ASA 9.6-9.6.4.42 & FTD 6.2.3-6.2.3.16 Unauthenticated Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by 3ndG4me
CVSS 7.5
openMAINT <1.1-2.4.2 - Command Injection
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
by mrb3n
CVSS 8.8
DynPG 4.9.1 - Authenticated Cross-Site Scripting via Groupname
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
by Enes Özeser
CVSS 5.4
Kentico Xperience 9.0-12.0.49 - Cross-Site Scripting via Inconsistent Content-Type Header
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
by Ataberk YAVUZER
CVSS 5.4
D-Link DSR-250N < 3.17b - Unauthenticated Denial of Service via upgradeStatusReboot.cgi
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
by RedTeam Pentesting GmbH
CVSS 5.5
BACnet Test Server <= 1.01 - Unauthenticated Denial of Service via Malformed BVLC Length Field
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
by LiquidWorm
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
by Alperen Ergel
Karel IP Phone IP1211 - Authenticated Path Traversal via CGI Server Page Parameter
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by berat isler
EasyPMS 1.0.0 - Unauthenticated Authorization Bypass via SQL Query Manipulation
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
by Jok3r
CVSS 7.5
Typesetter CMS < 5.1 - Authenticated Stored Cross-Site Scripting via Site Title Configuration
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
by Alperen Ergel
CVSS 4.8
GetSimple CMS 3.3.16 - Stored Cross-Site Scripting via Permalink Parameter
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
by Roel van Beurden
CVSS 5.4
CMS Made Simple 2.2.14 - Authenticated Stored Cross-Site Scripting in Content Manager
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
by Roel van Beurden
CVSS 5.4
SpinetiX Fusion Digital Signage 3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.
by LiquidWorm
CVSS 5.3
SpinetiX Fusion Digital Signage <3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
by LiquidWorm
CVSS 7.5
SpinetiX Fusion Digital Signage 3.4.8 - CSRF
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.
by LiquidWorm
SpinetiX Fusion Digital Signage <3.4.8 - Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
by LiquidWorm
CVSS 8.1
WebsiteBaker 2.12.2 - SQL Injection via Display Name Parameter
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
by Roel van Beurden
CVSS 9.8
MonoCMS Blog 1.0 - Authenticated Arbitrary File Deletion
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted).
by Shahrukh Iqbal Mirza
CVSS 8.1
Joplin 1.0.190-1.0.245 - Cross-Site Scripting via HTML Embed Tag
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
by Ademar Nowasky Junior
CVSS 6.1
BigTree CMS <4.4.10 - Command Injection
A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.
by SunCSR
CVSS 8.8
BigTree CMS < 4.4.10 - Authenticated Stored Cross-Site Scripting via Page Content
A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.
by SunCSR
CVSS 5.4
BigTree CMS <4.4.10 - SQL Injection
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function.
by SunCSR
CVSS 8.8
By Source