Writeup Exploits
59,833 exploits tracked across all sources.
PHPJabbers Limo Booking Software 1.0 - CSRF
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
CVSS 8.8
CrushFTP Unauthenticated RCE
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
CVSS 9.8
SpringbootCMS 1.0 - SQL Injection
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.
CVSS 8.8
70mai a500s <1.2.119 - Info Disclosure
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.
CVSS 9.1
Nothings Stb Image.h <2.28 - Memory Corruption
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
CVSS 6.5
Coign CRM Portal <6.06 - Privilege Escalation
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.
CVSS 8.8
TP-Link JetStream Smart Switch TL-SG2210P 5.0 - Privilege Escalation
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
CVSS 8.8
cmsmadesimple <2.2.18 - XSS
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
cmsmadesimple <2.2.18 - XSS
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
Evolution <3.2.3 - XSS
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
CVSS 5.2
Evolution Evo <3.2.3 - XSS
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
CVSS 6.1
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
CVSS 5.4
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
CVSS 5.4
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
CVSS 5.4
CMSmadesimple <2.2.18 - RCE
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVSS 7.8
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVSS 5.4
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVSS 5.4
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVSS 5.4
Vorbis-tools <1.4.2 - RCE
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVSS 7.8
Vorbis-tools <1.4.2 - RCE
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVSS 7.8
Searchor <2.4.2 - Code Injection
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
Searchor <2.4.2 - Code Injection
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
Searchor <2.4.2 - Code Injection
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
CVSS 9.8
Tianchoy Blog <1.8.8 - Info Disclosure
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php
CVSS 7.5
Janobe Online Job Portal <2020 - SQL Injection
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 9.8
By Source