Writeup Exploits
63,933 exploits tracked across all sources.
openSIS 8.0 - SQL Injection via ForgotPassUserName.php
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
CVSS 9.8
Opensis-Classic <8.0 - SQL Injection
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
CVSS 9.8
Opensis-Classic 8.0 - Unauthenticated Cross-Site Scripting via Ajax_url_encode.php link_url Parameter
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
CVSS 6.1
OpenSIS Community Edition 8.0 - Cross-Site Scripting via TakeAttendance.php cp_id_miss_attn Parameter
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
CVSS 5.4
OpenSIS 8.0 - Authenticated SQL Injection via cp_id_miss_attn Parameter
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
CVSS 8.8
openSIS 8.0 - SQL Injection via ResetUserInfo.php password_stn_id Parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the ResetUserInfo.php password_stn_id parameter.
CVSS 9.8
openSIS 8.0 - SQL Injection via NamesList.php str Parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the NamesList.php str parameter.
CVSS 9.8
openSIS 8.0 - SQL Injection via index.php username parameter
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.
CVSS 9.8
OpenSIS CE <7.6 - Local File Inclusion
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS 9.8
OpenSIS CE <7.6 - Local File Inclusion
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVSS 9.8
OpenSIS <= 7.6 - Reflected Cross-Site Scripting via EmailCheck.php opt Parameter
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS 6.1
OpenSIS <= 7.6 - Reflected Cross-Site Scripting via EmailCheck.php opt Parameter
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVSS 6.1
anirbandutta9 NEWS-BUZZ 1.0 - SQL Injection
SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVSS 5.3
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
CVSS 9.8
Dahua Smart Park Management <20230713 - Unrestricted Upload
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
Campcodes Beauty Salon Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243.
CVSS 6.3
html2pdf < 5.2.8 - Cross-Site Scripting via forms.php
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.
CVSS 6.1
ziahamza/webui-aria2 - Path Traversal via Node Server File Handling
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
CVSS 7.5
ConEmu < 23.07.24 - Remote Code Execution via Title Control Character Injection
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
CVSS 9.8
FreeRDP < 2.11.0 - Out-of-Bounds Read in gdi_multi_opaque_rect
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.3
PrestaShop <1.7.8.10, 8.0.5, <8.1.1 - Remote Code Execution via SQL Injection and Arbitrary File Write
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
CVSS 9.1
go-libp2p < 0.27.8 - Resource Exhaustion via Large RSA Key Signature Verification
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.
CVSS 7.5
eprosima Fast DDS < 2.10.0, < 2.9.2, < 2.6.5 - Denial of Service via Malformed GAP Submessage
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.
CVSS 7.5
CSZ CMS 1.3.0 - Stored Cross-Site Scripting via Social Settings Parameter
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
CVSS 5.4
node_email_check 1.0.4 - Denial of Service via ReDos in scpSyntax Component
ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.
CVSS 7.5
By Source