Publicly Disclosed
PoC Exploits

A vulnerability has been identified within the Vehicle Showroom Management System, specifically related to the processing of the file /util/StaffAddingFunction.php. This issue arises from improper handling of the STAFF_ID argument, enabling a potential SQL injection attack. The vulnerability allo...

A SQL injection vulnerability exists in the code of the Vehicle Showroom Management System 1.0, specifically in the file /util/PaymentStatusFunction.php. By manipulating the CUSTOMER_ID parameter, attackers can execute arbitrary SQL commands, potentially compromising the database. This vulnerabil...

A cross-site scripting vulnerability has been identified in Simple Laundry System version 1.0, specifically within the /checkupdatestatus.php file. This issue arises due to improper handling of the serviceId parameter, enabling attackers to execute arbitrary scripts in the context of user session...

A security vulnerability has been identified in the Vehicle Showroom Management System version 1.0, where improper handling of the BRANCH_ID parameter in the /util/BookVehicleFunction.php file can lead to SQL injection. This flaw allows attackers to manipulate SQL queries, potentially compromisin...

A vulnerability exists in the Vehicle Showroom Management System 1.0, specifically within the /util/MonthTotalReportUpdateFunction.php file. This flaw arises due to inadequate validation of the BRANCH_ID parameter, allowing remote attackers to execute arbitrary SQL commands. The remote exploitati...

A security flaw has been identified in Farion1231's CC-Switch, specifically in the ProxyServer component found in the file src-tauri/src/proxy/server.rs. This vulnerability allows for a permissive cross-domain policy, potentially exposing sensitive functionalities to untrusted domains. The vulner...

A vulnerability exists in the tushar-2223 Hotel Management System within the /admin/roomdelete.php file, which allows for SQL injection via manipulation of the ID parameter. This weakness could enable remote attackers to execute arbitrary SQL commands, potentially compromising the security of the...

An OS command injection vulnerability exists in the UploadFirmwareFile function located in the /cgi-bin/cstecgi.cgi file of the Totolink A7100RU. This flaw allows attackers to manipulate the FileName parameter, enabling remote execution of arbitrary commands on the affected device. Given that the...

A security vulnerability has been identified in the Totolink A7100RU router, particularly affecting the UploadOpenVpnCert function located in the /cgi-bin/cstecgi.cgi. This flaw allows attackers to manipulate the FileName argument, which can lead to OS command injection, enabling unauthorized rem...

A security flaw has been identified in the Tenda F451 device version 1.0.0.7_cn_svn7958, specifically within the 'fromAdvSetWan' function located in the '/goform/AdvSetWan' file. This vulnerability allows an attacker to manipulate the 'wanmode' or 'PPPOEPassword' arguments, potentially leading to...

A vulnerability has been identified within the Tenda F451 1.0.0.7_cn_svn7958 product, specifically in the frmL7ImForm function located in the /goform/L7Im file. This weakness can be exploited by manipulating the 'page' argument, leading to a stack-based buffer overflow condition. Given the remote...

A vulnerability has been discovered in the Tenda F451 router that affects the SetIpBind function. Specifically, improper handling of arguments in the /goform/SetIpBind file can lead to a stack-based buffer overflow. Attackers may exploit this weakness remotely, allowing them to manipulate the sys...

A critical security flaw has been identified in the Tenda F451 router, specifically in the /goform/qossetting function, which leads to a stack-based buffer overflow. This vulnerability arises from improper handling of the qos argument, allowing potential attackers to execute remote exploits. Give...

A stack-based buffer overflow vulnerability exists in the Tenda F451 router, specifically in the fromSafeUrlFilter function located in the /goform/SafeUrlFilter file. This flaw arises from improper handling of the 'page' argument, enabling an attacker to execute arbitrary code remotely. Given tha...

A security vulnerability was discovered in the Totolink A7100RU router, specifically in the setLedCfg function of the /cgi-bin/cstecgi.cgi component. This issue allows for an OS command injection when an argument is manipulated, enabling remote attackers to execute arbitrary commands on the affec...

A security vulnerability has been identified in the Totolink A7100RU specifically within the CGI Handler's setTracerouteCfg function. This issue arises from improper handling of the command argument which allows for OS command injection. Attackers can exploit this vulnerability remotely, potentia...

A vulnerability exists in Chatbox AI Chatbox versions up to 1.20.0 that allows remote attackers to perform OS command injection through the StdioClientTransport function in the Model Context Protocol Server Management System. This issue arises from improper handling of the arguments in the src/ma...

A significant vulnerability has been identified in the Zhayujie ChatGPT-on-WeChat CowAgent, affecting versions up to 2.0.4. This vulnerability arises from a flaw in the Agent Mode Service, where missing authentication allows unauthorized remote access and potential exploitation. Although the issu...

The Flowise platform contains a significant vulnerability in its `forgot-password` endpoint, which can return sensitive information, including a valid password reset token, without the necessary authentication or verification. This flaw allows attackers to generate reset tokens for arbitrary user...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

MyT-PM version 1.5.1 has a vulnerability that enables authenticated attackers to execute arbitrary SQL queries via the Charge[group_total] parameter. This can be achieved through crafted POST requests directed at the /charge/admin endpoint. Attackers exploiting this flaw may leverage error-based,...

BlueAuditor 1.7.2.0 features a critical security flaw characterized by a buffer overflow in the registration key field. This vulnerability can be exploited by local attackers who input an excessively large key value, specifically a 256-byte buffer filled with repeated characters. Successfully exp...

SpotFTP Password Recover version 2.4.2 is susceptible to a denial of service vulnerability that allows local attackers to cause the application to crash by inputting an oversized buffer in the Name field during the registration process. By crafting a payload of 256 bytes and submitting it through...

CF Image Hosting Script version 1.6.5 exposes a critical vulnerability that allows unauthorized users to access the application database. By exploiting this flaw, attackers can download the imgdb.db file located in the upload/data directory, obtaining sensitive information such as plaintext delet...

Dolibarr ERP-CRM version 8.0.4 is susceptible to an SQL injection vulnerability via the rowid parameter in the admin dict.php endpoint. This vulnerability enables attackers to execute arbitrary SQL queries, allowing them to potentially extract sensitive information from the database. By leveragin...

The Heatmiser Wifi Thermostat 1.7 contains a vulnerability that allows attackers to exploit cross-site request forgery (CSRF) to change administrator credentials without consent. This is achieved by deceiving authenticated users into submitting crafted malicious requests targeting the networkSetu...

The eBrigade ERP 4.5 web application is susceptible to an SQL injection vulnerability through the 'id' parameter in pdf.php. This security flaw allows authenticated attackers to inject malicious SQL code via crafted GET requests, enabling them to execute arbitrary SQL queries. Consequently, attac...

Across DR-810 contains a vulnerability that enables remote attackers to exploit an unauthenticated file disclosure issue. By sending a simple GET request, unauthorized individuals can access the rom-0 endpoint, which allows them to download a backup file containing sensitive information, such as ...

Echo Mirage 3.1 suffers from a stack buffer overflow vulnerability that enables local attackers to crash the application or execute arbitrary code. This occurs when oversized strings are inserted into the Rules action field. By creating a carefully crafted payload and pasting it into the Rules di...

ImpressCMS version 1.3.11 is vulnerable to a time-based blind SQL injection. This allows authenticated attackers to send crafted POST requests to the admin.php endpoint, injecting malicious SQL commands through the 'bid' parameter. By exploiting this vulnerability, attackers can manipulate databa...

The Newsbull Haber Script version 1.0.0 is susceptible to multiple SQL injection vulnerabilities that exploit the search parameter in various endpoints, including /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs. Authenticated attackers can perform time...

Easy Video to iPod Converter version 1.6.20 is vulnerable to a local buffer overflow due to improper handling of user input in the registration field. An attacker can exploit this vulnerability by entering a crafted payload exceeding 996 bytes in the username field, causing a structured exception...

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries. By injecting SQL code through the 'cat_id' parameter in requests to 'category.php', attackers can gain unauthorized access to sensitive database information, including user cr...

R 3.4.4 is susceptible to a local buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code. By manipulating input in the GUI Preferences language field, an attacker can craft a payload that utilizes a 292-byte offset along with the JMP ESP instruction. This all...

ResourceSpace 8.6 is susceptible to SQL injection, whereby authenticated attackers can manipulate SQL queries through the keywords parameter in collection_edit.php. This vulnerability allows attackers to send specially crafted POST requests containing malicious SQL payloads, which can result in u...

HTML5 Video Player version 1.2.5 is susceptible to a local buffer overflow vulnerability that enables attackers to execute arbitrary code. By providing an excessively long key code string, exceeding 997 bytes, an attacker can input a crafted payload in the KEY CODE field within the Help Register ...

Faleemi Desktop Software version 1.8 features a local buffer overflow vulnerability within its System Setup dialog. This security flaw allows attackers to exploit structured exception handling to bypass Data Execution Prevention (DEP). By injecting a specially crafted payload into the Save Path f...

RGui version 3.5.0 is vulnerable to a local buffer overflow, specifically in its GUI preferences dialog. This vulnerability allows attackers to exploit structured exception handling, bypassing Data Execution Prevention (DEP) protections. By crafting malicious input within the 'Language for menus ...

Adianti Framework versions 5.5.0 and 5.6.0 are susceptible to SQL injection, enabling authenticated users to manipulate database queries through the name field in SystemProfileForm. By exploiting this vulnerability, attackers can submit specially crafted SQL statements via the profile edit endpoi...

MDwiki is prone to a cross-site scripting vulnerability that allows attackers to execute malicious JavaScript on a victim's browser. This vulnerability arises when attackers create crafted URLs that contain JavaScript payloads in the location hash. Since the application lacks adequate sanitizatio...

BitLocker Security Feature Bypass Vulnerability

A vulnerability has been discovered in zhayujie chatgpt-on-wechat CowAgent version 2.0.4, specifically in the Administrative HTTP Endpoint. This weakness allows for the possibility of unauthenticated access, enabling potential attackers to execute operations without proper credentials. The exploi...

The Flowise platform contains a significant vulnerability in its `forgot-password` endpoint, which can return sensitive information, including a valid password reset token, without the necessary authentication or verification. This flaw allows attackers to generate reset tokens for arbitrary user...

A security flaw exists in the Dromara warm-flow product affecting versions up to 1.8.4. Specifically, the vulnerability resides in the SpelHelper.parseExpression function located in the /warm-flow/save-json file. The manipulation of parameters such as listenerPath, skipCondition, and permissionFl...

The Tenda F451 firmware version 1.0.0.7 contains a stack-based buffer overflow vulnerability within the fromSafeMacFilter function of the httpd component. By manipulating the argument 'page/manufacturer', an attacker can execute arbitrary code remotely, leading to potential unauthorized access an...

A vulnerability has been identified in the Tenda F451 router version 1.0.0.7, specifically within the fromAddressNat function in the httpd component. This issue arises from inadequate validation of the input arguments, leading to a stack-based buffer overflow. An attacker could exploit this vulne...

A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router version 1.0.0.7, specifically in the frmL7ProtForm function of the /goform/L7Prot component. Malicious actors may exploit this vulnerability remotely by manipulating the 'page' argument, leading to potential ...

A flaw exists in the Tenda F451 router, specifically in the WrlclientSet function of the /goform/WrlclientSet file associated with the httpd component. This vulnerability allows an attacker to manipulate the GO argument, potentially leading to a stack-based buffer overflow. The nature of this fla...

A vulnerability in Roundcube Webmail prior to version 1.5.10 and 1.6.x before 1.6.11 allows authenticated users to exploit the _from parameter in the URL. This issue arises from a lack of validation in program/actions/settings/upload.php, leading to the potential for PHP Object Deserialization at...

A stack-based buffer overflow vulnerability exists in the Tenda F451 product, specifically within the fromDhcpListClient function of the /goform/DhcpListClient component. This issue arises due to improper handling of the 'page' argument, allowing remote exploitation. The vulnerability could enabl...