Publicly Disclosed
PoC Exploits

A vulnerability exists in the itsourcecode Agri-Trading Online Shopping System 1.0, specifically within the HTTP POST Request Handler's productcontroller.php file. This vulnerability allows for SQL injection via manipulation of the Product argument, enabling attackers to execute remote exploits. ...

A path traversal vulnerability has been identified in the Megagao ERP and Production SSM solutions, specifically within the pictureDelete function of the PictureController.java file. This vulnerability can be exploited remotely through manipulation of the picName argument, allowing unauthorized a...

A path traversal vulnerability exists in the deleteFile function of FileServiceImpl.java within both Megagao SSM-ERP and Production_SSM products. This flaw allows attackers to manipulate file paths, potentially enabling them to access unauthorized files on the server. The attack can be initiated ...

A critical issue in Camaleon CMS's UsersController, specifically in the 'updated_ajax' method, enables privilege escalation due to the improper handling of parameters. The vulnerability arises from the use of the permit! method, which fails to filter input, allowing all parameters to be processed...

A security vulnerability has been identified in the SSM ERP and Production SSM systems from Feng_Ha_Ha, specifically within the EmployeeController.java file. This flaw allows for improper authorization, which may be exploited remotely, potentially leading to unauthorized access. The issue has bee...

phpMoAdmin version 1.1.5 is affected by a stored cross-site scripting vulnerability, enabling unauthorized users to inject harmful scripts into the application. By exploiting this vulnerability, attackers can manipulate the collection parameter in GET requests to moadmin.php, allowing them to exe...

OrientDB 3.0.17 is susceptible to a reflected cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts into web applications. By crafting specific JSON payloads and submitting them via POST requests to the document endpoint, attackers can execute arbitrary...

The thesystem 1.0 is vulnerable to command injection through its run_command endpoint, which permits unauthenticated attackers to execute arbitrary system commands. By sending crafted POST requests containing shell commands in the command parameter, attackers can gain unauthorized access and exec...

LabCollector version 5.423 is susceptible to multiple SQL injection vulnerabilities that can be exploited by unauthenticated attackers. By manipulating POST parameters, such as those found in login.php and retrieve_password.php, attackers can inject malicious SQL queries. This could lead to unaut...

The Foscam Video Management System version 1.1.6.6 is susceptible to a buffer overflow vulnerability in the UID field. This allows local attackers to exploit the system by submitting an excessively long string (up to 5000 characters) into the UID parameter while attempting to add a device. When t...

The Sricam DeviceViewer 3.12.0.1 is vulnerable to a password change security bypass. This issue enables authenticated users to change passwords without validating the original password. Attackers can exploit this vulnerability by injecting a malicious payload into the old password field during th...

Sricam DeviceViewer 3.12.0.1 is vulnerable to a local buffer overflow in the user management section, specifically when adding a new user. This flaw allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. By injecting a malicious payload into the Username ...

SpotAuditor version 5.3.1.0 has a denial of service vulnerability that can be exploited by unauthenticated attackers. By submitting excessively large strings (5000 bytes or more) in the registration name field, attackers can cause the application to crash due to unhandled exceptions. This vulnera...

Part-DB 0.4 is susceptible to an authentication bypass vulnerability that enables unauthenticated attackers to gain access by exploiting SQL injection flaws in the login mechanism. By injecting malicious SQL syntax, specifically a single quote followed by 'or', into the authentication parameters,...

The Blue-Smiley-Organizer 1.32 application by delpino73 contains a vulnerability that allows unauthenticated attackers to exploit SQL injection through the datetime parameter. By crafting specific POST requests, attackers can manipulate database queries to extract sensitive information using vari...

Chamilo LMS version 1.11.8 has a vulnerability that allows authenticated users to upload files through the elfinder filemanager module. By taking advantage of this flaw, attackers can upload files disguised as images, rename them to PHP extensions, and execute arbitrary code by accessing these fi...

A significant vulnerability exists in CrushFTP versions prior to 10.8.4 and 11.3.1, enabling attackers to exploit an authentication bypass flaw. This vulnerability allows unauthorized users to gain access to the crushadmin account through a race condition in the AWS4-HMAC authorization method, pa...

A local vulnerability has been identified in the Wren programming language's source file parser component, specifically in the peekChar function of src/vm/wren_compiler.c. This flaw allows attackers to perform out-of-bounds reads, potentially leading to unauthorized access to sensitive data or cr...

A vulnerability exists in the D-Link DWR-M960 router's Port Forwarding Configuration Endpoint that allows for stack-based buffer overflow via the manipulation of the submit-url argument in the function sub_423E00 of the /boafrm/formPortFw file. This weakness potentially enables remote attackers t...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960 1.01.07 specifically in the Filter Configuration Endpoint. The flaw lies within the function sub_424AFC located in the file /boafrm/formFilter. An attacker can manipulate the 'submit-url' argument, potentially allowing for ...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960 router, specifically within the DDNS Settings Handler, triggered by improper handling of user input in the submit-url argument. This vulnerability can be exploited remotely, allowing attackers to manipulate the router's fun...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960 due to improper handling of the argument submit-url within the NTP Configuration Endpoint. This flaw can be exploited remotely, potentially allowing an attacker to manipulate memory and execute arbitrary code. Security upda...

A stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960 router's system log configuration endpoint, specifically in the function sub_462E14 of the /boafrm/formSysLog file. By manipulating the argument submit-url, an attacker can exploit this vulnerability remotely, ...

A vulnerability has been identified in Yeqifu Warehouse, specifically within the Sales Endpoint's SalesController.java file, affecting the addSales, updateSales, and deleteSales functions. This issue allows for improper access controls, which may lead to unauthorized operations on sales data. The...

The Fiverr Clone Script version 1.2.2 has a cross-site scripting (XSS) vulnerability allowing unauthenticated attackers to inject malicious scripts. By manipulating the 'keyword' parameter in the search-results.php file, attackers can craft URLs containing script tags, which enables execution of ...

A vulnerability exists in the yeqifu warehouse affecting the Inport Endpoint, specifically within the addInport, updateInport, and deleteInport functions of the InportController.java file. This issue, tied to inadequate access controls, allows unauthorized access and manipulation remotely. Althou...

A vulnerability was identified in the yeqifu warehouse affecting the Customer Endpoint's addCustomer, updateCustomer, and deleteCustomer functions. This flaw leads to improper access controls, allowing for potential remote exploitation. The vulnerability was made public, and while it has been ack...

A cross-site scripting vulnerability has been detected in the Detronetdip E-commerce platform version 1.0.0, specifically within the get_safe_value function located in utility/function.php. This weakness allows remote attackers to execute crafted scripts, potentially compromising user interaction...

A security flaw in the detronetdip E-commerce version 1.0.0 has been identified, specifically in the Product Management Module's Delete/Update function. This vulnerability allows for an authorization bypass through manipulation of the argument ID, enabling potential unauthorized access to sensiti...

A vulnerability exists in the Cache Sync Handler of the Yeqifu Warehouse that allows attackers to manipulate access controls improperly. The issue lies within the deleteCache/removeAllCache/syncCache functions of the CacheController.java file. Since this vulnerability can be exploited remotely, i...

A vulnerability has been identified in SourceCodester's Simple Responsive Tourism Website version 1.0, specifically within the Registration component's functionality in the Master.php file. The flaw results from improper handling of user input for the Username argument, which can lead to SQL inje...

In the UTT HiPER 520 (version 1.7.7-160105), a vulnerability has been identified in the web management interface located in the function sub_44EFB4 of the file /goform/formReleaseConnect. This flaw allows attackers to manipulate the Isp_Name parameter, leading to OS command injection. The vulnera...

A security vulnerability exists in the UTT HiPER 520 product, particularly in the Web Management Interface. This vulnerability allows remote attackers to manipulate the 'policyNames' argument in the sub_44D264 function of the formPdbUpConfig file. Successful exploitation can lead to OS command in...

The vulnerability in the Python tarfile module allows for arbitrary filesystem writes when extracting untrusted tar archives with the filter parameter set to 'data' or 'tar'. This issue arises specifically in Python 3.12 or later. Users who employ the TarFile.extractall() or TarFile.extract() met...

The SheetJS Community Edition software prior to version 0.19.3 is susceptible to a Prototype Pollution vulnerability, which can be exploited through specially crafted files. This issue allows an attacker to manipulate the properties of JavaScript objects, potentially leading to unauthorized acces...

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

A vulnerability exists in rachelos WeRSS we-mp-rss up to version 1.4.8, specifically in the Article Module's fix_html function located in tools/fix.py. This vulnerability permits attackers to execute remote cross-site scripting attacks, compromising the security of affected installations. The exp...

A command injection vulnerability has been identified in the Comfast CF-E7 router, specifically in the web management component 'webmggnt'. This flaw resides in the function sub_441CF4 located within the configuration file accessed via the endpoint /cgi-bin/mbox-config?method=SET&section=ping_con...

A command injection vulnerability has been identified in the Comfast CF-E7 device, specifically in version 2.6.0.9. The vulnerability exists within the function sub_41ACCC found in the /cgi-bin/mbox-config?method=SET&section=ntp_timezone component of webmggnt. By manipulating the 'timestr' argume...

A SQL injection vulnerability exists in the Backend Interface of JeecgBoot up to version 3.9.1, specifically within the function handling /jeecgboot/sys/dict/loadDict/airag_app,1,create_by. This flaw allows attackers to manipulate the 'keyword' argument, enabling remote execution of SQL commands....

A vulnerability has been discovered within the Fujian Smart Integrated Management Platform System prior to version 7.5, specifically affecting the functionality of /Module/CRXT/Controller/XCamera.ashx. This issue arises from improper handling of the ChannelName argument, allowing attackers to per...

A security flaw exists in the Fujian Smart Integrated Management Platform System prior to version 7.5, specifically affecting the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. This flaw allows for SQL injection through improper handling of the DeviceIDS argument. Remote attackers can l...

The Saisies plugin for SPIP has a significant vulnerability that allows attackers to execute arbitrary code on the server. This critical issue affects SPIP versions from 5.4.0 to 5.11.0. It is crucial for users to update to version 5.11.1 or later to secure their applications and protect against ...

A vulnerability exists in Visual Studio Code Extensions Live Server v5.7.9 that enables malicious actors to exfiltrate sensitive files from users' systems through crafted HTML pages. User interaction is required to initiate the attack, exposing them to potential data breaches. It is crucial for u...

RustFly 2.0.0 is susceptible to a command injection flaw within its remote user interface control mechanism. This vulnerability allows attackers to send specially crafted hex-encoded instructions over UDP port 5005, lacking appropriate input validation. By exploiting this weakness, attackers can ...

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.

Comodo Dome Firewall version 2.7.0 is vulnerable to a reflected cross-site scripting attack. This issue allows unauthenticated attackers to inject harmful scripts into the application by manipulating the 'username' parameter. By sending crafted POST requests to the 'vpn_users' endpoint, an attack...

Mailpit, an email testing tool developed by Axllent, has a vulnerability in its SMTP server that allows attackers to exploit insufficient validation in the regular expression used for validating `RCPT TO` and `MAIL FROM` addresses. This flaw enables attackers to inject arbitrary SMTP headers, pot...

A vulnerability identified in zhutoutoutousan's Worldquant Miner up to version 1.0.9 resides in an obscure function of the 'ssrf_proxy.py' file. This flaw enables attackers to execute a server-side request forgery (SSRF) attack by manipulating the 'make_request' argument. The remote nature of thi...

A vulnerability exists in the Busy application up to version 2.5.5, specifically in the Callback Handler component within the source code file app.js. This flaw allows an attacker to manipulate the state argument, leading to an open redirect. This issue can be exploited remotely, posing a signifi...