Publicly Disclosed
PoC Exploits

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A vulnerability exists in Dromara UJCMS 10.0.2 affecting the importChanel function within the ImportDataController component. By manipulating the driverClassName or URL arguments, an attacker can perform injection attacks remotely. This exploitation vector has been publicly disclosed, leading to ...

Web Ofisi Platinum E-Ticaret v5 is affected by an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries. By using malicious input through the 'q' parameter, specifically with POST requests sent to the ajax/productsFilterSearch endpoint, an attacker can p...

The Web Ofisi Rent a Car v3 software is susceptible to an SQL injection vulnerability that allows unauthenticated users to manipulate database queries by injecting malicious SQL code through the 'klima' parameter. By crafting specific GET requests with harmful values for 'klima', attackers can ex...

Web Ofisi Emlak V2 is susceptible to multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through GET parameters. By exploiting these weaknesses, unauthenticated attackers can inject malicious SQL code into parameters such as emlak_durumu, emlak_tipi, il, ilc...

Web Ofisi Firma Rehberi v1 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to exploit database queries. By manipulating GET parameters, particularly 'il', 'kat', or 'kelime', attackers can inject malicious SQL code. This exploitation can lead to unauthorize...

The Web Ofisi Firma v13 software suffers from an SQL injection vulnerability due to improper validation of the 'oz' array parameter. This allows attackers to send specially crafted GET requests containing malicious values that exploit time-based blind SQL injection techniques. Successfully execut...

The Web Ofisi Emlak v2 product is susceptible to an SQL injection vulnerability that enables attackers without authentication to execute malicious SQL commands through the 'ara' GET parameter. By exploiting this vulnerability, attackers can manipulate database queries, potentially extracting sens...

Web Ofisi E-Ticaret v3 has a significant SQL injection vulnerability that allows unauthorized attackers to execute malicious SQL queries via the 'a' parameter. By manipulating this parameter within GET requests, attackers can extract sensitive information from the database, potentially leading to...

A path traversal vulnerability has been identified in Dromara UJCMS 101.2 that affects the deleteDirectory function within the Template Handler component. This flaw allows remote attackers to manipulate directory paths, potentially leading to unauthorized access or deletion of sensitive files. Th...

A vulnerability has been identified in Vaelsys 4.1.0 located in the file /tree/tree_server.php concerning the HTTP POST Request Handler component. This flaw enables attackers to manipulate the xajaxargs argument, leading to OS command injection. The exploitation can be executed remotely, putting ...

The Ashop Shopping Cart Software is susceptible to a time-based blind SQL injection vulnerability that impacts the handling of the 'blacklistitemid' parameter. By sending malicious POST requests to the admin/bannedcustomers.php endpoint, an attacker can execute crafted SQL payloads. This techniqu...

microASP Portal+ CMS is susceptible to an SQL injection flaw due to inadequate input validation in the explode_tree parameter. This vulnerability allows unauthenticated attackers to craft specific requests to pagina.phtml, enabling them to execute arbitrary SQL queries using malicious payloads. B...

WebIncorp ERP is susceptible to an SQL injection flaw that enables unauthenticated attackers to manipulate database queries. By injecting malicious SQL code through the 'prod_id' parameter in GET requests to the 'product_detail.php' script, an attacker can extract sensitive information from the d...

NoviSmart CMS exposes an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands by manipulating the Referer HTTP header. This vulnerability enables malicious users to send crafted requests containing time-based SQL injection payloads, potentially allowing them to extr...

XOOPS CMS version 2.5.9 is susceptible to SQL injection attacks through the 'cid' parameter in the gerar_pdf.php endpoint. This vulnerability enables unauthenticated attackers to manipulate database queries, allowing them to inject malicious SQL code. By sending crafted GET requests with rogue ci...

A cross site scripting vulnerability has been identified in rymcu forest versions up to 0.0.5, specifically within the updateUserInfo function of the UserInfoController.java file. This vulnerability allows attackers to remotely manipulate the system, potentially leading to unauthorized access or ...

Dolibarr ERP/CRM version 10.0.1 is vulnerable to an SQL injection attack through the elemid POST parameter of the viewcat.php endpoint. This flaw allows unauthenticated attackers to execute arbitrary SQL queries by sending specially crafted POST requests containing malicious SQL payloads. Utilizi...

Dolibarr ERP/CRM 10.0.1 is affected by multiple SQL injection vulnerabilities that can be exploited by authenticated users. Attackers can manipulate database queries by injecting malicious SQL code via POST parameters such as actioncode, demand_reason_id, and availability_id within the card.php e...

The Inventory Webapp is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to execute arbitrary SQL commands. By manipulating GET parameters in the add-item.php script, such as name, description, quantity, or cat_id, attackers can inject malicious SQL payloads th...

DIGIT CENTRIS ERP is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to manipulate database queries. By injecting SQL code through the parameters datum1, datum2, KID, and PID in POST requests to /korisnikinfo.php, attackers can potentially extract or alter sen...

Web Wiz Forums 12.01 is susceptible to an SQL injection vulnerability through the PF parameter, enabling unauthenticated attackers to craft malicious GET requests to member_profile.asp. By injecting SQL code, attackers can manipulate database queries, gaining unauthorized access to sensitive info...

A security flaw has been identified in rymcu forest, specifically within the XssUtils.replaceHtmlCode function of the Article Content/Comments/Portfolio component. This vulnerability allows for cross-site scripting (XSS), enabling attackers to inject malicious scripts into web pages viewed by use...

A critical security weakness has been found in JeecgBoot version 3.9.0, specifically in the file located at /sys/common/uploadImgByHttp. This vulnerability allows attackers to exploit the system through manipulated arguments of the 'fileUrl'. Such exploitation could lead to server-side request fo...

A security flaw has been identified in the Tosei Online Store Management System (version 1.01), specifically within the HTTP POST Request Handler's /cgi-bin/monitor.php file. This weakness allows remote attackers to exploit the application by manipulating the DevId argument, potentially leading t...

A cross-site scripting vulnerability has been identified in the SapneshNaik Student Management System affecting an unspecified function in the file index.php. This weakness arises from manipulation of the Error argument, allowing attackers to inject malicious scripts. Due to the lack of versionin...

A vulnerability in Zaher1307 Tiny Web Server allows for an out-of-bounds write due to improper handling in the URL Handler component of the application. This vulnerability can be exploited remotely, potentially allowing an attacker to manipulate the server and impact its functionality. The issue ...

A vulnerability has been identified in the itsourcecode Student Management System version 1.0, specifically within the Add Student Module. An unknown function in the /add_student/ file allows for cross-site scripting attacks, which can be executed remotely. This security flaw poses a significant ...

A vulnerability has been identified in SourceCodester's Student Result Management System 1.0, specifically in the /srms/script/admin/core/update_smtp.php file. This vulnerability allows for improper access controls, presenting a significant threat as it can be exploited remotely. The lack of prop...

A vulnerability exists in UTT HiPER 810G prior to version 1.7.7-171114, specifically within the function strcpy in the /goform/ConfigExceptMSN file. This weakness can be exploited by manipulating the argument 'remark', leading to a buffer overflow condition. The nature of this vulnerability allow...

A security issue in the YiFang CMS up to version 2.0.5 has been identified, specifically within the Extended Management Module's D_friendLinkGroup.php file. This vulnerability enables attackers to conduct cross site scripting (XSS) attacks by manipulating the 'Name' argument during an update func...

An identified weakness in YiFang CMS versions up to 2.0.5 involves the update function in the D_adManage.php file within the Extended Management Module. This vulnerability allows remote attackers to manipulate the 'Name' argument, leading to cross-site scripting (XSS) conditions. As the exploit h...

A security flaw has been identified in YiFang CMS versions up to 2.0.5, specifically within the Extended Management Module. This vulnerability involves a manipulation of the 'name' or 'index' parameter in the app/db/admin/D_adPosition.php file, leading to potential cross-site scripting exploits. ...

A stack-based buffer overflow vulnerability has been identified in Tenda A18, specifically within the webCgiGetUploadFile function of the /cgi-bin/UploadCfg. This flaw allows for manipulation of the argument boundary, potentially leading to remote code execution if exploited. It is critical for u...

The Conditional CAPTCHA plugin for WordPress, up to version 4.0.0, exposes users to an open redirect vulnerability due to improper validation of redirect parameters. This flaw allows attackers to manipulate redirection requests, potentially leading users to malicious sites without their awareness...

A stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960 wireless router, specifically within the Wireless Access Control Endpoint. This security flaw occurs due to improper handling of the 'submit-url' argument in the function sub_453140, potentially allowing remote...

A noteworthy stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960 router, specifically in the WLAN Encryption Configuration Endpoint function sub_452CCC. This weakness is triggered by improper handling of the submit-url argument, allowing an attacker to execute mal...

A vulnerability has been identified in the D-Link DWR-M960 router firmware version 1.01.07. This issue resides in the Operation Mode Configuration Endpoint, specifically within the function sub_462590 located in the /boafrm/formOpMode file. The vulnerability arises from improper handling of the s...

A vulnerability discovered in the D-Link DWR-M960 version 1.01.07 pertains to the LTE Configuration Endpoint's processing of the submit-url argument. This flaw allows for a stack-based buffer overflow, enabling an attacker to execute arbitrary code remotely. The vulnerability is not only technica...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960 product, specifically in the Bridge VLAN Configuration Endpoint. This issue arises in the sub_42B5A0 function within the /boafrm/formBridgeVlan file, where an attack can exploit a manipulated argument, submit-url. The explo...

A vulnerability in libvips affects the function vips_source_read_to_memory, leading to a heap-based buffer overflow. This issue is present in libvips versions up to 8.19.0 and can be exploited on the local host. Although it requires a specific input, primarily involving custom seekable sources la...

A vulnerability exists in the Online Reviewer System developed by Code-Projects, specifically in the /system/system/students/assessments/results/studentresult-view.php file. This issue arises from insufficient input validation of the 'test_id' argument, leading to a SQL injection vulnerability th...

A buffer overflow vulnerability has been identified in the Tenda FH451 router affecting versions up to 1.0.0.9. This security issue involves improper handling of the file '/goform/GstDhcpSetSer', allowing for potential remote attacks. The vulnerability exposes the device to exploitations that can...

A vulnerability in the Tenda HG9 device has been discovered, specifically in the /boaform/formPing6 code. This flaw allows for a stack-based buffer overflow when the pingAddr argument is manipulated. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized access o...

ZoneMinder, an open-source closed-circuit television software, is affected by a second-order SQL Injection vulnerability. Found in versions 1.36.37 and below, as well as 1.37.61 through 1.38.0, the flaw exists in the getNearEvents() function within web/ajax/status.php. While event field values li...

A stack-based buffer overflow vulnerability exists in the Tenda HG9 (version 300001138) within the Diagnostic Ping Endpoint, specifically in the /boaform/formPing file. This vulnerability can be exploited remotely by manipulating the pingAddr argument, potentially allowing an attacker to execute ...

A security vulnerability has been identified in the Tenda HG9 300001138, specifically within the Loopback Detection Configuration Endpoint. The issue arises from inadequate handling of the Ethtype argument in the file /boaform/formLoopBack, leading to a stack-based buffer overflow. This flaw allo...

A vulnerability has been discovered in the Tenda HG9's GPON Configuration Endpoint, specifically within the file /boaform/formgponConf. This vulnerability, stemming from improper handling of user-provided arguments (specifically fmgpon_loid and fmgpon_loid_password), can lead to a stack-based buf...

A security flaw exists in the Tenda HG9 300001138 affecting the Samba Configuration Endpoint found at /boaform/formSamba. This vulnerability allows an attacker to manipulate the sambaCap argument, leading to a stack-based buffer overflow condition. The exploitation of this vulnerability can be co...