Publicly Disclosed
PoC Exploits

A security issue has been identified in the code-projects Online Hotel Booking application version 1.0, where an SQL injection vulnerability exists within the /admin/registration.php file. This vulnerability arises from improper handling of the 'uname' argument, allowing attackers to manipulate S...

The TOTOLINK T6 device has a vulnerability in the Form_Login function located in the /formLoginAuth.htm file. This flaw allows an attacker with access to the local network to manipulate parameters such as authCode and goURL, resulting in missing authentication checks. Exploitation could lead to u...

A vulnerability has been identified in PHPGurukul Student Record System 3.2, specifically related to the '/register.php' file. The flaw occurs due to improper validation of the 'session' argument, allowing for SQL injection attacks. This can potentially enable remote attackers to manipulate the u...

A security vulnerability in the PHPGurukul Student Record System 3.2 allows for SQL injection through unvalidated input in the /edit-student.php file. By manipulating the 'fmarks2' argument, remote attackers can execute unauthorized SQL commands, potentially compromising sensitive data. This vuln...

A security flaw has been identified in the PHPGurukul Student Record System version 3.2, specifically located in the admin-profile.php file. This vulnerability arises from improper handling of the 'aemailid' parameter, permitting attackers to execute SQL injection attacks remotely. The exposure o...

Windows Kerberos Elevation of Privilege Vulnerability

A vulnerability was discovered in the PHPGurukul Student Record System version 3.2, specifically affecting the /manage-students.php file. This vulnerability allows for the manipulation of the 'del' argument, which can lead to a SQL injection attack. Attackers may exploit this vulnerability remote...

A SQL injection vulnerability exists in PHPGurukul Student Record System 3.2, particularly affecting the '/manage-subjects.php' file. This vulnerability arises from improper handling of the 'del' argument, allowing remote attackers to manipulate SQL queries. Successful exploitation may enable una...

A vulnerability exists in PHPGurukul Student Record System 3.2, located within the /session.php file, which allows attackers to manipulate session arguments, leading to SQL injection. This flaw enables remote attackers to execute unauthorized database queries, potentially compromising sensitive u...

A security vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically within the functionality of the /admin/add-scdetails.php file. This vulnerability arises due to improper handling of input, allowing an attacker to exploit the 'emeradd' argumen...

A SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically within the /admin/edit-services.php file. The flaw allows an attacker to manipulate the 'sertitle' argument, potentially enabling unauthorized database access. This vulnera...

A vulnerability affecting Code-Projects' Car Rental System 1.0 has been discovered, specifically within the /book_car.php file. The issue arises from improper handling of the 'fname' argument, which allows for remote SQL injection attacks. This security flaw can be exploited by attackers to manip...

A security vulnerability has been identified in the Car Rental System 1.0 developed by Code-Projects, specifically affecting the /login.php file. An improper handling of user input in the 'uname' argument can lead to an SQL injection attack, allowing attackers to manipulate the database remotely....

A SQL injection vulnerability has been discovered in the signup.php file of the Code-Projects Car Rental System (Version 1.0). This flaw allows attackers to manipulate the 'fname' argument to execute unauthorized SQL commands. It can be exploited remotely, putting sensitive data at risk. The vuln...

A severe SQL injection vulnerability has been identified in code-projects' Car Rental System, specifically within the /admin/add_cars.php file. This flaw arises from improper handling of the 'car_name' parameter, allowing attackers to manipulate SQL queries. The vulnerability can be exploited rem...

A security vulnerability has been discovered in the Car Rental System 1.0 developed by Code-Projects, specifically within the file /admin/approve.php. This issue allows an attacker to manipulate the argument ID, potentially leading to unauthorized database queries and data exposure through SQL in...

A SQL injection vulnerability exists in the Inventory Management System developed by Code-Projects, specifically in the editUser.php file. This vulnerability allows remote attackers to manipulate the 'edituserName' parameter, potentially compromising the database by executing arbitrary SQL querie...

A security vulnerability has been identified in the Inventory Management System 1.0 by Code-Projects, wherein improper handling of the 'userid' parameter in /php_action/removeUser.php allows for SQL injection attacks. This flaw could potentially be exploited by malicious actors to execute arbitra...

A vulnerability exists in the Code-Projects Library System 1.0 that permits an attacker to exploit unrestricted file uploads via manipulation of the image argument in the /add-book.php file. This vulnerability allows remote attackers to upload arbitrary files, potentially leading to unauthorized ...

A security flaw exists in the D-Link DI-7300G+ and DI-8200G routers, specifically within the msp_info.htm file. This vulnerability allows attackers to manipulate several arguments, including flag, cmd, and iface, leading to unauthorized command execution on the operating system level. The exploit...

A significant OS command injection vulnerability exists in the D-Link DI-7300G+ router, specifically within the 'proxy_client.asp' file. This weak point allows attackers to manipulate key arguments including proxy_srv, proxy_lanport, proxy_lanip, and proxy_srvport. As a result, malicious actors c...

A vulnerability exists in the D-Link DI-7300G+ router that allows for OS command injection through the manipulation of the 'Time' argument in the httpd_debug.asp file. This vulnerability exposes the device to potential exploitation, enabling unauthorized command execution on the operating system....

A security flaw has been identified in the D-Link DI-7300G+ router, particularly in the wget_test.asp file. This vulnerability allows attackers to manipulate the 'url' argument, leading to potential OS command injection. The vulnerability can be exploited remotely, allowing malicious actors to ex...

A vulnerability has been identified in the Inventory Management System from Code-Projects, specifically within the /php_action/createUser.php file. This flaw arises from improper handling of the 'Username' argument, allowing attackers to execute SQL injection attacks remotely. The exploit has bee...

A SQL injection vulnerability exists in the Code-Projects Movie Ticketing System version 1.0, specifically within the file /ticketConfirmation.php. This weakness allows attackers to manipulate the 'Date' argument, potentially enabling remote exploitation of the application. The exploit has been m...

The Contact Form Plugin for WordPress prior to version 1.1.29 suffers from a vulnerability where it fails to adequately sanitize and escape user-defined settings. This oversight allows high-privilege users, such as contributors, to exploit the flaw by performing stored Cross-Site Scripting (XSS) ...

The WP Lightbox 2 plugin for WordPress has a vulnerability that arises from improper sanitization of the title attribute in links. This oversight allows attackers to inject malicious scripts, potentially leading to Cross-Site Scripting (XSS) attacks. When a user clicks on the compromised link, th...

A vulnerability exists in the Movie Ticketing System (version 1.0) developed by Code-Projects, specifically within the login functionality (logIn.php). This security flaw allows an attacker to manipulate the 'postName' argument, potentially leading to unauthorized SQL queries being executed on th...

An SQL injection vulnerability has been identified in the PHPGurukul Teachers Record Management System version 2.1, specifically in the /admin/changeimage.php file. This weakness allows attackers to manipulate the 'tid' parameter, potentially enabling them to execute arbitrary SQL statements. As ...

The Tenda AC5 router contains a vulnerability that allows for stack-based buffer overflow via the '/goform/SetSysTimeCfg' endpoint. The issue is triggered when manipulating the 'time' or 'timeZone' parameters, leading to potential remote exploitation. Attackers could exploit this vulnerability to...

RARLAB WinRAR contains a vulnerability that allows remote attackers to execute arbitrary code by exploiting improper handling of file paths within archive files. When a user visits a malicious page or opens a crafted archive, it can lead the application to traverse directories inappropriately. Th...

A stack-based buffer overflow vulnerability has been identified in the Tenda AC5 router, particularly within the openSchedWifi function associated with the arguments schedStartTime and schedEndTime. This flaw allows an attacker to manipulate these arguments, potentially leading to a denial of ser...

A vulnerability identified in the PHPGurukul Teachers Record Management System allows for SQL injection through the manipulation of the 'tid' parameter within the 'edit-teacher-detail.php' file. This issue can be exploited remotely, which exposes the system to potential unauthorized access and da...

A SQL Injection vulnerability has been identified in the Staff Audit System 1.0 by Code-Projects, specifically within the search functionality implemented in the /search_index.php file. This vulnerability arises from improper handling of user-supplied parameters, which allows attackers to execute...

A vulnerability has been identified in the Staff Audit System 1.0 by Code-Projects, specifically located in the /update_index.php file. This issue arises from improper handling of the 'updateid' parameter, which can be exploited to conduct SQL injection attacks. Attackers can exploit this vulnera...

A SQL injection vulnerability exists in the SourceCodester Best Salon Management System version 1.0, specifically in the /panel/edit-tax.php file. This issue arises from incorrect handling of the editid parameter, which allows remote attackers to manipulate SQL queries, potentially compromising t...

A SQL injection vulnerability exists in the SourceCodester Best Salon Management System version 1.0, specifically within the file /panel/edit-subscription.php. This issue arises from improper handling of the 'editid' parameter, which allows remote attackers to manipulate SQL queries. The flaw cou...

A security vulnerability has been identified in the SourceCodester Best Salon Management System version 1.0, specifically in the '/panel/add_subscribe.php' file. The issue arises due to improper handling of user inputs for the 'user_id' and 'plan_id' parameters, allowing attackers to execute SQL ...

An unrestricted file upload vulnerability has been identified in SourceCodester's Simple Company Website version 1.0. This vulnerability arises from inadequate validation in the processing of the 'img' argument in the file /classes/Users.php?f=save, allowing attackers to upload arbitrary files. T...

A vulnerability exists in SourceCodester Simple Company Website version 1.0 that allows unauthorized users to upload files without restrictions. This occurs due to inadequate validation in the img argument of the SystemSettings.php file. As a result, attackers can remotely exploit this flaw to up...

A security vulnerability identified in version 1.0 of the SourceCodester Simple Company Website affects the Login.php file. Attackers can exploit this vulnerability by manipulating the Username argument, allowing for SQL injection attacks that can be initiated remotely. This vulnerability poses a...

A vulnerability in SourceCodester's Simple Company Website, specifically in the functionality of the file /classes/Content.php?f=service, allows attackers to manipulate the argument img leading to unrestricted file uploads. This exposure permits remote exploitation, where an attacker can potentia...

A vulnerability exists in the SourceCodester Simple Company Website 1.0, specifically in the admin panel's testimonials management functionality. The vulnerability stems from improper validation of the argument ID within the /admin/testimonials/manage.php file, enabling unauthorized SQL injection...

A significant SQL injection vulnerability has been identified in the SourceCodester Simple Company Website version 1.0, particularly affecting an unknown function in the /admin/clients/manage.php file. The flaw allows attackers to manipulate the ID argument, facilitating unauthorized access to th...

A vulnerability exists within the SourceCodester Simple Company Website 1.0, specifically affecting the processing of the file /admin/services/manage.php. An attacker can exploit this vulnerability through a manipulation of the argument ID, enabling SQL injection attacks. This issue poses a risk ...

A path traversal vulnerability exists in Simple Forum 1.0 that can be exploited via the /forum_downloadfile.php script. This security flaw arises from the unsanitized manipulation of the 'filename' argument, allowing an attacker to access files outside of the intended directory structure. The exp...

A vulnerability in DaiCuo CMS, specifically affecting versions up to 1.3.13, has been identified that allows remote attackers to exploit the file /admin.php/addon/index via cross-site request forgery (CSRF). This weakness enables unauthorized actions to be executed in the context of an authentica...

A vulnerability has been discovered in SeaCMS up to version 13.2, where improper handling of requests in the /admin_type.php file allows for cross-site request forgery. Attackers can exploit this vulnerability remotely, potentially manipulating actions on behalf of authenticated users without the...

A security flaw has been identified in PHPGurukul's Local Services Search Engine Management System version 2.1, specifically within the /admin/edit-category-detail.php file. This flaw allows attackers to manipulate the 'editid' argument, facilitating unauthorized SQL queries. The vulnerability ca...

A critical SQL injection vulnerability has been identified in the SourceCodester Best Salon Management System version 1.0. This issue arises from an insecure function in the file /panel/edit_plan.php, specifically due to insufficient validation of the 'editid' argument. Attackers can exploit this...