Text Exploits
31,386 exploits tracked across all sources.
Koken CMS 0.22.24 - Authenticated Unrestricted Upload of File with Dangerous Type via File Extension Manipulation
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.
by V1n1v131r4
CVSS 8.8
GOautodial 4.0 - Authenticated Stored Cross-Site Scripting via Message Subject
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks.
by Balzabu
CVSS 6.4
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
by BKpatron
CVSS 8.2
LibreHealth EHR <2.0.0 - Authenticated RCE
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
by boku
CVSS 8.8
UBICOD Medivision Digital Signage 1.5.1 - CSRF
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.
by LiquidWorm
CVSS 8.8
Email Subscribers & Newsletters < 4.2.3 - Unauthenticated File Download and User Information Disclosure
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
by KBA@SOGETI_ESEC
CVSS 5.3
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
by Peter Blue
pfSense 2.4.4-p3 - Cross-Site Request Forgery via diag_command.php
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
by ghost_fh
CVSS 8.8
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
by Emre ÖVÜNÇ
Pandora FMS 7.0_ng-746 - Stored Cross-Site Scripting in SNMP Device Scan View
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
by AppleBois
CVSS 9.0
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by James Green
CVSS 8.8
Suprema BioStar 2 <2.8.2 - Path Traversal
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
by SITE Team
CVSS 7.5
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
by LiquidWorm
CVSS 9.8
nexos < 1.7 - Cross-Site Scripting via search_location Parameter
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
by Vlad Vector
CVSS 6.1
docsify < 4.11.4 - Cross-Site Scripting via Fragment Identifier
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.
by Amin Sharifi
CVSS 6.1
SonarQube 8.3.1 - Privilege Escalation
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.
by Velayutham Selvaraj
CVSS 7.8
CMSUno < 1.6.1 - Cross-Site Request Forgery via Admin Password Change
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
by Noth
CVSS 6.5
Wing FTP Server 6.3.8 - Authenticated Remote Code Execution via Lua Web Console os.execute()
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
by V1n1v131r4
CVSS 8.8
Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools.
by Mehmet Kelepçe
CVSS 7.1
Infor Storefront B2B 1.0 - SQL Injection
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
by ratboy
CVSS 8.2
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass
by KeopssGroup0day_Inc
Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
by KeopssGroup0day_Inc
By Source