Publicly Disclosed
PoC Exploits

This vulnerability in BIND software allows attackers to inject malicious data into the cache due to overly lenient acceptance of records from responses. This flaw affects multiple versions of BIND 9, posing a risk of cache poisoning, which could potentially lead to compromised network integrity a...

GCafé 3.0 is susceptible to an unquoted service path vulnerability in the gbClientService. This flaw allows local attackers the potential to execute arbitrary code with elevated privileges. By exploiting the incorrect configuration of the service path, attackers can inject malicious executables t...

The Shrew Soft VPN Client version 2.2.2 has a significant flaw due to the presence of an unquoted service path. This vulnerability permits local users to execute arbitrary code with elevated privileges by placing malicious executables within the unquoted service path. An attacker can exploit this...

Wacom WTabletService version 6.6.7-3 is susceptible to an unquoted service path vulnerability, which presents a significant risk for local attackers. This flaw allows an attacker to place a malicious executable file within the service path, granting them the ability to execute unauthorized code w...

Adaware Web Companion version 4.8.2078.3950 is susceptible to an unquoted service path vulnerability within its WCAssistantService. This flaw allows local users to exploit the unquoted path located in 'C:\Program Files (x86)\Lavasoft\Web Companion\Application\', potentially enabling them to execu...

The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability within the ApHidMonitorService component. This flaw enables local attackers to execute arbitrary code with elevated privileges by placing malicious executables in the service's path. As a re...

The NCP Secure Entry Client 9.2 features an unquoted service path vulnerability affecting several Windows services, including ncprwsnt, rwsrsu, ncpclcfg, and NcpSec. This flaw allows local users to execute arbitrary code by injecting malicious commands into these unquoted service paths. During se...

The FactoryTalk Activation Service in Studio 5000 Logix Designer 30.01.00 is vulnerable due to an unquoted service path issue. This flaw permits local users to execute arbitrary code with elevated permissions, potentially compromising system integrity. Attackers can exploit this vulnerability by ...

ProShow Producer 9.0.3797 is vulnerable to an unquoted service path issue in the ScsiAccess service. This vulnerability enables local attackers to potentially execute arbitrary code. By exploiting the unquoted binary path, attackers may inject malicious executables that are executed with LocalSys...

BartVPN 1.2.2 is susceptible to an unquoted service path vulnerability within the BartVPNService. This flaw enables local attackers to potentially execute arbitrary code with elevated privileges. By inserting malicious executables into predetermined file system locations, attackers can exploit th...

The Easy-Hide-IP application version 5.0.0.3 is vulnerable due to an unquoted service path in the EasyRedirect service. This vulnerability allows local attackers to potentially execute arbitrary code by injecting malicious executables using the unquoted path found in 'C:\Program Files\Easy-Hide-I...

TexasSoft CyberPlanet 6.4.131 contains a vulnerability in the CCSrvProxy service due to an unquoted service path. This issue allows local attackers to exploit the executable path at 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious code. As a result, attackers can ob...

The NETGATE Data Backup 3.0.620 version contains a vulnerability in its NGDatBckpSrv Windows service configuration due to an unquoted service path. This misconfiguration allows attackers to potentially exploit the vulnerability by placing malicious executable files in specific directory locations...

Amiti Antivirus 25.0.640 has a vulnerability related to unquoted service paths in its Windows service configuration. This flaw allows attackers to exploit the unquoted path to insert and execute harmful code with elevated LocalSystem privileges by placing malicious executable files in predetermin...

Wing FTP Server version 6.0.7 is susceptible to an unquoted service path vulnerability, which could enable local attackers to exploit the binary path in the service configuration. By injecting malicious executables, attackers can gain elevated system privileges that allow them to execute arbitrar...

A vulnerability has been found in ZenTao affecting versions up to 21.7.6-85642. The issue lies in the fetchHook function within the Webhook Module's model.php file. This weakness can lead to server-side request forgery, allowing attackers to initiate unauthorized requests remotely. Exploits have ...

A remote code execution vulnerability has been identified in the TP-Link Omada ER605 router due to a buffer overflow flaw in its DNS name handling. This weakness stems from inadequate validation of user-supplied data length before copying it to a buffer, enabling network-adjacent attackers to pot...

A critical issue in Camaleon CMS's UsersController, specifically in the 'updated_ajax' method, enables privilege escalation due to the improper handling of parameters. The vulnerability arises from the use of the permit! method, which fails to filter input, allowing all parameters to be processed...

A vulnerability has been identified in the Android Framework that allows potential code execution through unsafe deserialization in multiple functions of ZygoteProcess.java. This flaw enables local privilege escalation, requiring user execution privileges but eliminating the need for user interac...

A missing XML validation vulnerability exists in Apache Struts, affecting numerous versions. This flaw could be exploited to compromise the integrity of the applications relying on these frameworks. Users are urged to upgrade to version 6.1.1, which addresses the security concern and enhances ove...

The ThrottleStop driver, a legitimate component from TechPowerUp, presents a vulnerability due to insecure IOCTL interfaces that permit arbitrary read and write access to the physical memory through the MmMapIoSpace function. This flaw can be exploited by malicious applications running in user mo...

A cross-site request forgery vulnerability exists in lcg0124 BootDo that allows an attacker to manipulate user requests without their knowledge. This vulnerability affects versions up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb and enables remote attackers to exploit the flaw, potentially comprom...

Camaleon CMS, a robust content management system built on Ruby on Rails, has a path traversal vulnerability in the MediaController's download_private_file method. This flaw permits authenticated users to potentially download any file stored on the web server, depending on file permissions configu...

A vulnerability exists in the Bolo-Solo application affecting versions up to 2.6.4. An issue within the FreeMarker Template Handler's PicUploadProcessor.java file allows remote attackers to upload arbitrary files. This flaw can be exploited without restriction, posing significant risks to the sys...

A vulnerability exists in the Bolo-Solo platform, specifically within the importFromCnblogs function of the BackupService.java file. This flaw allows for a path traversal attack, enabling unauthorized access to files on the server. An attacker can exploit this vulnerability remotely, manipulating...

The Easy Transfer application version 1.7 for iOS exhibits a persistent cross-site scripting vulnerability that enables remote attackers to inject harmful scripts. By manipulating the parameters such as oldPath, newPath, and path during Create Folder and Move/Edit operations, attackers can levera...

The Easy Transfer application version 1.7 for iOS exhibits a persistent cross-site scripting vulnerability that enables remote attackers to inject harmful scripts. By manipulating the parameters such as oldPath, newPath, and path during Create Folder and Move/Edit operations, attackers can levera...

The Edimax EW-7438RPn 1.13 contains a vulnerability that allows unauthorized access to sensitive WiFi network configuration details. Through the wlencrypt_wiz.asp file, attackers can exploit this issue to retrieve critical information, including the WiFi network name and plaintext passwords store...

The Edimax EW-7438RPn version 1.13 Wi-Fi range extender is susceptible to a cross-site request forgery vulnerability through its MAC filtering configuration interface. This weakness allows attackers to create malicious web pages designed to trick users into unintentionally adding unauthorized MAC...

EspoCRM version 5.8.5 is susceptible to an authentication vulnerability that enables attackers to gain unauthorized access to other user accounts. By manipulating authorization headers, including Basic Authorization and Espo-Authorization tokens, an attacker can decode and alter these tokens, pot...

The Netis E1+ version 1.2.32533 is subject to an information disclosure vulnerability that permits unauthenticated attackers to extract WiFi credentials, including SSID and passwords, via a specific endpoint. By sending a crafted GET request to the netcore_get.cgi endpoint, attackers can gain una...

The Netis E1+ version 1.2.32533 is vulnerable due to a hardcoded root account that exposes the device to unauthorized access. This flaw allows attackers to utilize a predefined username and password to gain full administrative privileges on the device. This poses significant risks, as intruders c...

Maian Support Helpdesk version 4.3 is vulnerable to cross-site request forgery, allowing attackers to create administrative accounts without authentication. By exploiting this vulnerability, attackers can craft malicious HTML forms that facilitate the addition of admin users and enable unrestrict...

School ERP Pro version 1.0 exhibits a SQL injection weakness in the 'es_messagesid' parameter, which is vulnerable to manipulation through GET requests. This flaw allows attackers to inject malicious SQL statements that can lead to unauthorized access to sensitive data, alteration of database ent...

School ERP Pro 1.0 contains a file upload vulnerability that permits unauthorized users to upload arbitrary PHP files through its messaging system. This exposure enables attackers to execute malicious PHP scripts on the server, potentially compromising the security of the entire application and i...

School ERP Pro 1.0 has a file disclosure vulnerability that enables unauthorized users to read sensitive files by manipulating the 'document' parameter in download.php. This exploitation can lead to unauthorized access to critical system configuration files and sensitive credentials through direc...

VirtualTablet Server version 3.0.2 is susceptible to a denial of service vulnerability, which can be exploited by attackers sending oversized string payloads via the Thrift protocol. By invoking the send_say() method with a lengthy string, attackers may render the server unresponsive, disrupting ...

PHP AddressBook version 9.0.0.1 is vulnerable to a time-based blind SQL injection. This vulnerability enables remote attackers to exploit the 'id' parameter, allowing them to craft SQL queries with time delays. By analyzing the response times from the application, attackers can gain unauthorized ...

webERP version 4.15.1 contains a vulnerability that permits unauthorized access to sensitive database backup files. Remote attackers can exploit this issue by directly requesting backup files located in the companies/weberp/ directory, compromising the confidentiality of the stored data. The vuln...

The Fishing Reservation System 7.5 is susceptible to multiple remote SQL injection vulnerabilities prevalent in files such as admin.php, cart.php, and calendar.php. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to execute arbitrary SQL commands, potentially leadi...

The Fishing Reservation System 7.5 is susceptible to multiple remote SQL injection vulnerabilities prevalent in files such as admin.php, cart.php, and calendar.php. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to execute arbitrary SQL commands, potentially leadi...

The webTareas 2.0.p8 application contains a vulnerability in the print_layout.php administration component that allows unauthorized users to delete arbitrary files from the server. This vulnerability is exploited through manipulating the 'atttmp1' parameter, enabling attackers to specify which fi...

The version 2.7.7 of Booked Scheduler is susceptible to a directory traversal vulnerability in the manage_email_templates.php script. This flaw permits authenticated administrators to access files that they should not normally be able to read, exposing sensitive data. Attackers can exploit the vu...

The i-doit Open Source CMDB version 1.14.1 is susceptible to a file deletion vulnerability within its import module. This security flaw permits authenticated attackers to exploit the 'delete_import' parameter, allowing them to send crafted POST requests to remove files from the server's filesyste...

Victor CMS version 1.0 is susceptible to a SQL injection vulnerability that occurs in the 'post' parameter on post.php. This flaw enables remote attackers to craft and send malicious UNION SELECT payloads, thereby compromising the integrity of database queries. Exploitation of this vulnerability ...

The LanSend 3.2 application contains a buffer overflow vulnerability in its Add Computers Wizard file import functionality. This vulnerability allows remote attackers to craft malicious payload files that, when imported, can trigger a structured exception handler (SEH) overwrite, enabling the exe...

Victor CMS 1.0 contains a vulnerability that enables authenticated users, specifically administrators, to upload PHP files with arbitrary content via the user_image parameter. This flaw allows attackers to upload a malicious PHP shell to the /img/ directory. Once an attacker has successfully uplo...

The Remote Desktop Audit version 2.3.0.157 is susceptible to a buffer overflow vulnerability during the Add Computers Wizard file import. By exploiting this flaw, an attacker can craft a specialized payload that triggers a structured exception handler (SEH) bypass. This manipulation allows arbitr...

The CraftCMS vCard Plugin version 1.0.0 has a deserialization vulnerability that may allow unauthenticated attackers to execute arbitrary PHP code. This exploit is possible through a specially crafted payload that targets the plugin's vCard download functionality, enabling remote code execution. ...

The CraftCMS vCard Plugin version 1.0.0 has a deserialization vulnerability that may allow unauthenticated attackers to execute arbitrary PHP code. This exploit is possible through a specially crafted payload that targets the plugin's vCard download functionality, enabling remote code execution. ...