Publicly Disclosed
PoC Exploits

A vulnerability exists in Microsoft Office that allows attackers to manipulate untrusted inputs, enabling them to bypass critical security measures locally. This flaw can expose systems to unauthorized actions, compromising the integrity of sensitive data. It is crucial for users to apply the lat...

Hikvision network camera devices suffer from an improper authentication vulnerability, which arises when the system fails to adequately authenticate users. This deficiency could enable an attacker to escalate privileges and obtain sensitive information, risking the integrity and confidentiality o...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

Fortinet products, including FortiAnalyzer and FortiManager, are susceptible to a vulnerability that allows an attacker with a FortiCloud account to bypass authentication, granting unauthorized access to devices linked with different accounts. This issue can be exploited if FortiCloud SSO authent...

A vulnerability exists in the itsourcecode School Management System version 1.0, specifically within the /ramonsys/course/controller.php file. This weakness allows an attacker to manipulate the ID argument, leading to a potential SQL injection. Remote execution of the attack is possible, increasi...

An undocumented and unsafe feature in the PLY library version 3.11 presents a significant security risk, allowing remote code execution via the `picklefile` parameter in the `yacc()` function. This parameter accepts `.pkl` files, which are deserialized using `pickle.load()` without any form of va...

The PHPGurukul Hospital Management System version 1.0 contains a security flaw located in the Admin Dashboard Page file (/hms/hospital/docappsystem/adminviews.py) that allows for improper authorization. This vulnerability can be exploited remotely, leading to unauthorized access to sensitive func...

A security vulnerability has been discovered in jishenghua's jshERP, impacting versions up to 3.6. This flaw arises from a weakness in the PluginController component, specifically in the file uploadPluginConfigFile. An unauthorized manipulation of the configFile parameter can lead to path travers...

A significant command injection vulnerability has been identified in the Totolink A7000R router, specifically within the CloudACMunualUpdateUserdata function in the /cgi-bin/cstecgi.cgi file. This flaw allows remote attackers to manipulate the 'url' parameter, potentially enabling them to execute...

A significant command injection vulnerability has been identified in the Totolink A7000R router, specifically within the CloudACMunualUpdateUserdata function in the /cgi-bin/cstecgi.cgi file. This flaw allows remote attackers to manipulate the 'url' parameter, potentially enabling them to execute...

A vulnerability exists in the Totolink A7000R Router, specifically in the function setUnloadUserData located in /cgi-bin/cstecgi.cgi. This vulnerability allows an attacker to manipulate the argument plugin_name, leading to command injection capabilities. The exploitation of this vulnerability can...

A vulnerability exists in the Totolink A7000R Router, specifically in the function setUnloadUserData located in /cgi-bin/cstecgi.cgi. This vulnerability allows an attacker to manipulate the argument plugin_name, leading to command injection capabilities. The exploitation of this vulnerability can...

A serious SQL injection vulnerability has been identified in the jishenghua jshERP software, specifically within the getBillItemByParam function located in the DepotItemMapperEx component. This vulnerability allows for the manipulation of the barCodes argument, potentially enabling an attacker to...

A vulnerability exists in OpenSSL when parsing CMS AuthEnvelopedData structures that employ AEAD ciphers like AES-GCM. This flaw arises from the improper handling of oversized Initialization Vectors (IVs) crafted within ASN.1 parameters, leading to a stack buffer overflow. An attacker can exploit...

A vulnerability exists in the itsourcecode School Management System 1.0 that allows attackers to manipulate the argument ID in the /course/index.php file, potentially leading to SQL injection. This weakness can be exploited remotely, presenting a significant risk as the exploit code is publicly a...

A security vulnerability has been identified in the D-Link DIR-823X 250416 router. Specifically, a flaw exists in the sub_41E2A0 function of the /goform/set_mode file. By manipulating the lan_gateway argument, an attacker can execute arbitrary OS commands. This attack can be executed remotely and...

A security vulnerability exists in Code-Projects Online Music Site 1.0, specifically in the /Administrator/PHP/AdminReply.php file. This vulnerability allows an attacker to manipulate the ID argument, potentially leading to SQL injection. The exploit can be executed remotely, posing a significant...

A security flaw has been identified in the AdminEditUser.php file within the Code-Projects Online Music Site version 1.0. This vulnerability arises from improper handling of user input, specifically within the ID argument. Attackers can exploit this weakness to perform SQL injection attacks, whic...

A security flaw has been identified in the Code-Projects Online Music Site version 1.0. The vulnerability is located in an undisclosed function of the file /Administrator/PHP/AdminAddCategory.php, which allows for SQL injection attacks. This manipulation can be executed remotely, posing a signifi...

A path traversal vulnerability has been identified in the D-Link DCS-700L version 1.03.09, specifically within the Music File Upload Service. This flaw allows an attacker to manipulate the UploadMusic argument in the /setUploadMusic function, facilitating unauthorized access to files outside the ...

The vulnerability in the TLS and DTLS implementations of OpenSSL versions prior to 1.0.1g allows remote attackers to exploit crafted Heartbeat Extension packets. This exploitation results in a buffer over-read, potentially revealing sensitive information from the memory of the affected process. A...

Microsoft Exchange Server Remote Code Execution Vulnerability

PDW File Browser version 1.3 is susceptible to a remote code execution vulnerability, allowing authenticated users to exploit path traversal techniques to upload and rename malicious webshell files. By double-encoding path segments, an attacker can craft a file upload request that leads to unauth...

PMB 5.6 has a vulnerability that enables attackers to read unauthorized system files by exploiting the 'chemin' parameter in the getgif.php script. By sending specially crafted requests, attackers can leverage the improper sanitization of file path inputs to access sensitive system files, such as...

SmartBlog version 2.0.1 contains a vulnerability in the 'id_post' parameter of its details controller, which is susceptible to blind SQL injection. This allows attackers to execute crafted SQL queries that can sequentially extract sensitive data from the database by comparing each character retur...

Nidesoft 3GP Video Converter version 2.6.18 is susceptible to a local stack buffer overflow vulnerability. This flaw is triggered when an attacker inputs a crafted payload into the 'License Code' field during the license registration process. Successfully exploiting this vulnerability may allow a...

M/Monit version 3.7.4 is exposed to an authentication vulnerability that permits authenticated attackers to extract user password hashes through an administrative API endpoint. By sending crafted requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints, attackers can obtain MD...

M/Monit version 3.7.4 is susceptible to a privilege escalation vulnerability that enables authenticated users to alter user permissions by exploiting the admin parameter. Attackers can execute a crafted POST request targeting the /api/1/admin/users/update endpoint, thereby granting standard user ...

Zortam Mp3 Media Studio 27.60 has a critical buffer overflow vulnerability that arises during the file selection process in the library creation feature. This flaw enables attackers to create a malicious text file that contains shellcode, leading to a structured exception handler (SEH) overwrite....

docPrint Pro 8.0 contains a vulnerability in the 'Add URL' input field that allows attackers to exploit a local buffer overflow. By crafting a malicious payload, an attacker can overwrite memory and trigger a structured exception handler (SEH) overwrite, enabling the execution of arbitrary code. ...

YATinyWinFTP is susceptible to a denial of service attack whereby an attacker can crash the FTP service by sending a specially crafted 272-byte buffer with a trailing space. This exploits a buffer overflow vulnerability, which can be triggered by executing a malformed command. By connecting to th...

Tendenci 12.3.1 is susceptible to a CSV formula injection vulnerability that arises in the contact form's message field. This vulnerability permits attackers to inject malicious payloads containing executable commands, leading to potential arbitrary command execution once the CSV file is processe...

The Intelbras Router RF 301K with firmware version 1.1.2 has a vulnerability that allows attackers to bypass authentication. By exploiting this flaw, unauthorized individuals can issue a specific HTTP GET request to access sensitive router configuration files without needing valid credentials. Th...

The 10-Strike Network Inventory Explorer 8.65 is susceptible to a buffer overflow vulnerability that arises from improper exception handling. This flaw permits remote attackers to craft a malicious file with specific padding that, when processed, can lead to arbitrary code execution on the vulner...

The ILIAS Learning Management System version 4.3 is susceptible to a server-side request forgery vulnerability. This flaw permits attackers to exploit the portfolio PDF export functionality, allowing them to craft a malicious script that initiates an XMLHttpRequest. By doing so, they may gain una...

The WebDamn User Registration Login System is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to bypass login authentication. By injecting a crafted payload, such as '<email>' OR '1'='1', into the username and password fields, an attacker can gain unauthorized...

aSc TimeTables version 2021.6.2 contains a vulnerability that enables denial of service attacks. Attackers can exploit this flaw by inserting an excessively large string, up to 10,000 characters, into the subject title fields. This action can destabilize the application, leading to potential cras...

A vulnerability has been identified in Open5GS, where an issue in the SGWC component can lead to denial of service. Specifically, the problem exists in the function sgwc_s5c_handle_modify_bearer_response located in the source file src/sgwc/s5c-handler.c. This vulnerability can be exploited remote...

A security flaw in Open5GS, specifically in the SGWC component, allows remote attackers to trigger a denial of service by exploiting the function sgwc_s5c_handle_bearer_resource_failure_indication within the source file src/sgwc/s5c-handler.c. This vulnerability can lead to service disruptions fo...

A noteworthy vulnerability exists in the Secondary Index Handler of RethinkDB, affecting all versions up to 2.4.3. This flaw allows for remote exploitation through cross site scripting (XSS), enabling attackers to manipulate data and execute malicious scripts in the context of the user's session....

The Serverless Framework features a command injection vulnerability within the MCP server package, affecting versions before 4.29.3. It allows attackers to exploit unsanitized input parameters to inject arbitrary system commands through the 'child_process.exec' function. This flaw particularly im...

A significant use-after-free vulnerability has been identified in Apple’s iOS and macOS products, impacting versions prior to the latest updates. This flaw arises due to improper memory management, allowing maliciously crafted web content to trigger arbitrary code execution. Apple has acknowledge...

NordVPN version 6.31.13.0 is susceptible to an unquoted service path vulnerability found in its nordvpn-service component. This security flaw allows local attackers to execute arbitrary code with elevated privileges by exploiting the unquoted binary path during system startup or reboot. If succes...

LimeSurvey version 4.3.10 is susceptible to a stored cross-site scripting vulnerability found in the Survey Menu of the administration panel. This issue allows attackers to inject malicious SVG scripts by manipulating the Surveymenu[title] and Surveymenu[parent_id] parameters. If successful, this...

Input Director version 1.4.3 is vulnerable to an unquoted service path issue, allowing local attackers to exploit the service configuration during system startup or reboot. By carefully manipulating the unquoted path, attackers can execute malicious executables with LocalSystem permissions, leadi...

ShareMouse 5.0.43 is susceptible to a vulnerability that involves an unquoted service path. This flaw allows local users to leverage the improper configuration of the service path to execute arbitrary code with elevated privileges. Malicious actors can exploit this vulnerability by placing harmfu...

The ForensiT AppX Management Service version 2.2.0.4 has a vulnerability due to an unquoted service path that can be exploited by local users. This allows potential execution of arbitrary code with elevated system privileges. The flaw can be leveraged during the service startup process, enabling ...

The Program Access Controller version 1.2.0.0 is affected by an unquoted service path vulnerability in the PACService.exe file. This flaw allows local attackers to exploit the unquoted service path during system startup or reboot, potentially enabling them to execute arbitrary code with elevated ...

The PDW File Browser version 1.3 contains both stored and reflected cross-site scripting vulnerabilities. Authenticated attackers can exploit these vulnerabilities by injecting malicious scripts through file rename and path parameters. By crafting specific URLs or renaming files with XSS payloads...

IP Watcher version 3.0.0.30 contains a vulnerability in its service configuration due to an unquoted service path. This flaw allows local attackers to inject malicious executables into the service's startup process. When the service is initialized, these executables can execute with elevated Loca...