Writeup Exploits
60,534 exploits tracked across all sources.
Chamilo < 1.11.30 - Reflected Cross-Site Scripting via keyword_active Parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. This issue has been patched in version 1.11.30.
CVSS 6.1
Chamilo LMS < 1.11.30 - Authenticated Stored Cross-Site Scripting in Glossary Function
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
CVSS 8.3
Chamilo LMS < 1.11.30 - Cross-Site Scripting via help.php Open Parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.
CVSS 6.1
Chamilo LMS < 1.11.30 - Deserialization of Untrusted Data
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.
CVSS 9.8
Skrol29 TbsZip <= 2.17 - Reflected Cross-Site Scripting via Filename Parameter
A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.
CVSS 6.1
Skrol29 TbsZip <= 2.17 - Reflected Cross-Site Scripting via Filename Parameter
A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.
CVSS 6.1
Skrol29 TbsZip <= 2.17 - Reflected Cross-Site Scripting via Filename Parameter
A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter (e.g., to the FileRead function). This occurs because the error message is not properly sanitized before being output to the user. This vulnerability is fixed in version 2.18.
CVSS 6.1
Wethink 720yun pano-sdk 0.5.877 - XSS
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules.
CVSS 6.1
Tenda AC15V1.0 V15.03.05.18 - Command Injection
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Command Injection
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
CVSS 9.8
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
CVSS 9.8
Simple Student Alumni System 1.0 - SQL Injection
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
CVSS 9.8
Simple Student Alumni System 1.0 - SQL Injection
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
CVSS 9.8
Simple Student Alumni System 1.0 - SQL Injection
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
CVSS 9.8
Simple Student Alumni System 1.0 - SQL Injection
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
CVSS 4.9
Simple Student Alumni System 1.0 - SQL Injection
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
CVSS 4.9
SourceCodester Personnel Property Equipment System 1.0 - Arbitrary Code Execution
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
CVSS 7.2
Personnel Property Equipment System 1.0 - SQL Injection
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
CVSS 9.8
By Source