Publicly Disclosed
PoC Exploits

The PHPGurukul Auto Taxi Stand Management System 1.0 has been identified as vulnerable to an SQL injection flaw affecting the handling of input parameters in the file /admin/auto-taxi-entry-detail.php. This vulnerability enables remote attackers to manipulate the price argument to execute arbitra...

The PHPGurukul Auto Taxi Stand Management System 1.0 contains a vulnerability that allows for SQL injection through the 'email' parameter in the /admin/forgot-password.php file. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized data access or alteration. A...

The Ninja Forms WordPress plugin prior to version 3.10.1 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to properly sanitize and escape certain settings, allowing high privilege users, such as administrators, to execute malicious scripts. This risk persists ...

The Ninja Forms plugin for WordPress is vulnerable to stored cross-site scripting due to inadequate sanitization and escaping of specific settings. This vulnerability affects high privilege users, such as administrators, especially within multisite configurations, allowing them to inject maliciou...

The Ninja Forms plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability in versions prior to 3.10.1. This flaw arises due to insufficient sanitization and escaping of certain settings, potentially allowing high privilege users, such as administrators, to execute X...

The Qi Blocks WordPress plugin, prior to version 1.4, is vulnerable to stored cross-site scripting (XSS) due to inadequate validation and escaping of certain Countdown block options. This flaw could be exploited by users with contributor roles and higher, allowing them to inject malicious scripts...

The Qi Blocks WordPress plugin, prior to version 1.4, fails to validate and escape certain block options before rendering them in pages or posts. This oversight can lead to stored cross-site scripting (XSS) vulnerabilities, allowing users with contributor roles and above to inject malicious scrip...

The Qi Blocks plugin for WordPress, up to version 1.4, contains a security flaw that fails to properly validate and escape certain Counter block options. This vulnerability allows users with contributor roles and above to manipulate the output, potentially leading to stored cross-site scripting a...

A SQL injection vulnerability exists in the PHPGurukul Auto Taxi Stand Management System 1.0, specifically in the file /admin/index.php. An attacker can manipulate the 'Username' argument to execute arbitrary SQL code, potentially compromising the database. This vulnerability allows for remote ex...

A path traversal vulnerability exists in the SourceCodester Student Result Management System 1.0, specifically in the /admin/core/update_student.php file related to the Image File Handler component. This vulnerability arises from improper validation of input, allowing attackers to manipulate the ...

A SQL injection vulnerability has been identified in the PHPGurukul Zoo Management System 2.1. This flaw resides in the /admin/view-foreigner-ticket.php file, where the manipulation of the 'viewid' argument allows an attacker to execute arbitrary SQL queries. The vulnerability can be exploited re...

A security flaw has been identified in version 2.1 of the PHPGurukul Zoo Management System, specifically within the /admin/edit-animal-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'aname' argument, potentially enabling remote attackers to execute u...

A vulnerability was identified within the SourceCodester Client Database Management System 1.0 that allows for unauthorized information exposure via directory listing. This issue can be exploited remotely, potentially allowing attackers to gain access to sensitive data that should be protected. T...

A SQL Injection vulnerability has been identified in PHPGurukul's Daily Expense Tracker System version 1.1, specifically affecting the /expense-datewise-reports-detailed.php file. This flaw arises from improper handling of input parameters such as 'fromdate' and 'todate', allowing remote attacker...

A vulnerability exists in the PHPGurukul Daily Expense Tracker System, specifically in the forgot-password.php file. This security flaw allows an attacker to manipulate the email argument, leading to potential SQL injection attacks. Such vulnerabilities can be exploited remotely, enabling unautho...

The PHPGurukul Notice Board System version 1.0 is susceptible to a SQL injection vulnerability via the /login.php file. An attacker can exploit this weakness by manipulating the Username parameter, allowing for remote execution of unauthorized SQL commands. This vulnerability exposes sensitive da...

A local deserialization vulnerability exists in the iop-apl-uw basestation3 that affects the function load_qc_pickl within the file basestation3/QC.py. By manipulating the qc_file argument, an attacker can exploit this vulnerability. Although the issue has been reported and publicly disclosed, th...

A vulnerability in the D-Link DI-7003GV2 router allows remote attackers to manipulate the function sub_41F0FC in the webgl.data file, leading to unauthorized access to sensitive system information. This flaw could potentially expose confidential data to attackers, emphasizing the need for immedia...

A significant vulnerability has been identified in the D-Link DI-7003GV2 router's remote management capabilities. The flaw allows unauthorized users to change the router's password without verification, potentially giving them control over the device. This issue arises from improper access contro...

A security flaw has been identified in Campcodes Sales and Inventory System version 1.0, where improper handling of the 'ID' argument in the /pages/transaction_update.php file allows for SQL injection. This vulnerability can potentially enable remote attackers to manipulate database queries, posi...

A security flaw has been identified in the SourceCodester Student Result Management System version 1.0, specifically within the unlink function of the update_system.php file related to the Logo File Handler. This vulnerability allows an attacker to manipulate the old_logo argument, leading to una...

A security vulnerability has been identified in the SourceCodester Doctors Appointment System version 1.0, specifically in the handling of the /admin/delete-session.php file. This issue arises from improper validation of the ID argument, allowing an attacker to execute SQL injection attacks remot...

A path traversal vulnerability has been identified in the CoinExchange CryptoExchange Java application that affects its file upload functionality. The vulnerability lies within the uploadLocalImage method located in UploadFileUtil.java. An attacker can manipulate the 'filename' argument, allowing...

A buffer overflow vulnerability has been identified in the function criminal::remove of the Police Station Management System (version 1.0). This flaw, which resides in the source.cpp file, allows manipulation of the No argument, leading to a stack-based overflow. The attack must be conducted loca...

A stack-based buffer overflow vulnerability exists within Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera products, allowing remote, unauthenticated attackers to execute arbitrary code or commands. This security flaw is triggered by sending specially crafted HTTP requests...

A buffer overflow vulnerability exists in the display function of the Police Station Management System's source code. This issue arises from improper handling of user-supplied input, specifically the argument N within the criminal::display function located in source.cpp. An attacker can exploit t...

A stack-based buffer overflow vulnerability exists in the LoginUser function of the Tourism Management System version 1.0, developed by Code-Projects. The flaw allows an attacker to manipulate the username and password input parameters, potentially leading to unauthorized access. This vulnerabili...

A buffer overflow vulnerability was discovered in the User Registration component of the Tourism Management System version 1.0. This issue arises from improper handling of user inputs, specifically in the AddUser function, where the manipulation of the username and password arguments can lead to ...

The Pharmacy Management System 1.0 from Code-Projects contains a buffer overflow vulnerability in the take_order function of the Add Order Details component. This issue allows local attackers to manipulate input, potentially leading to unexpected behaviors or system crashes, as the exploit is pub...

A cross-site request forgery vulnerability has been identified in the SourceCodester Online Student Clearance System version 1.0. This vulnerability allows attackers to manipulate requests made by users, potentially compromising user data and actions without their consent. Remote exploitation of ...

A vulnerability has been identified in the itsourcecode Sales and Inventory System version 1.0. This vulnerability arises from improper handling of input parameters in the /pages/product_update.php file, specifically targeting the 'serial' argument. By exploiting this flaw, attackers can execute ...

A significant SQL injection vulnerability has been identified in itsourcecode's Sales and Inventory System version 1.0. This vulnerability resides within the '/pages/product_add.php' file, where an attacker can manipulate the 'serial' parameter to execute arbitrary SQL commands. The exploitation ...

A vulnerability exists within the itSourceCode Restaurant Management System 1.0 that allows for SQL injection through the manipulation of parameters in the /admin/assign_save.php file. This security flaw enables attackers to execute unauthorized SQL code, potentially compromising the database and...

A stack-based buffer overflow vulnerability exists in the D-Link DI-8100 router within the ctxz_asp function of the /ctxz.asp file. The vulnerability can be exploited through manipulation of certain arguments, such as def, defTcp, defUdp, defIcmp, and defOther. This flaw enables an attacker to ex...

A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. The issue arises specifically in the file /admin/team_update.php, where improper handling of the 'team' argument allows an attacker to manipulate SQL queries. This vulnerability can be ...

A critical SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/user_save.php file. By manipulating the username or name parameter, an attacker could execute arbitrary SQL queries, potentially compromising the integrity o...

A security vulnerability exists in PHPGurukul News Portal version 4.1, specifically involving the file /admin/aboutus.php. The vulnerability arises from improper handling of user-supplied input in the 'pagetitle' parameter, allowing an attacker to manipulate SQL queries executed by the applicatio...

A security flaw has been identified in the Campcodes Online Shopping Portal 1.0, particularly affecting the /forgot-password.php file. This vulnerability allows an attacker to manipulate the 'email' parameter, enabling SQL injection attacks. Such attacks can be executed remotely, posing a signifi...

A vulnerability exists in the PHPGurukul News Portal Project version 4.1, characterized by SQL injection in the /admin/contactus.php file. By manipulating the pagetitle argument, an attacker can execute unauthorized SQL commands, potentially leading to data exposure or unauthorized access to sens...

A vulnerability exists in the PHPGurukul News Portal 4.1 within the login component located at /admin/index.php. This flaw allows an attacker to manipulate the 'Username' argument, leading to a SQL injection attack. The issue can be exploited remotely, posing significant risks to the application'...

A remote buffer overflow vulnerability exists in the FreeFloat FTP Server 1.0, specifically within the CCC Command Handler component. This flaw can be exploited by attackers to execute arbitrary code, potentially leading to a complete compromise of the affected system. The exploit has been public...

A buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7, specifically within the REST Command Handler component. This flaw permits attackers to manipulate processing details to execute crashes or arbitrary code execution. Remote exploitation of this vulnerability is ...

A vulnerability in itsourcecode Restaurant Management System 1.0 allows for potential SQL injection through manipulation of the 'menu' argument in the /admin/menu_save.php file. This flaw can be exploited remotely, posing a significant risk to the integrity of the underlying database. Attackers c...

A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. This issue arises from improper validation of the menu argument in the '/admin/member_update.php' file, allowing attackers to manipulate SQL queries. As a result, it is feasible for cyb...

A vulnerability has been identified in the merikbest ecommerce-spring-reactjs product, specifically within the File Upload Endpoint at /api/v1/admin/. An attacker can exploit this flaw by manipulating the 'filename' parameter, potentially leading to unauthorized access to the file system and expo...

A denial of service vulnerability has been identified in the Tenda A15 router at the function formArpNerworkSet within the /goform/ArpNerworkSet file. This vulnerability can be exploited remotely, potentially causing disruptions to the router's service. The exploit details are publicly available,...

A significant code injection vulnerability has been identified in the weibocom rill-flow, specifically within its Management Console component. This flaw allows attackers to manipulate the application remotely, potentially leading to unauthorized code execution. Given that the exploit has been di...

A significant SQL injection vulnerability exists in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/member_save.php file. This flaw allows attackers to manipulate the 'last' parameter, potentially leading to unauthorized access to sensitive data. Exploitation can be ...

A security flaw exists in the itsourcecode Restaurant Management System version 1.0 that allows remote attackers to exploit an SQL injection vulnerability via manipulated arguments in the /admin/finished.php file, potentially exposing sensitive data and compromising database integrity.

A SQL injection vulnerability exists in Advaya Softech's GEMS ERP Portal 2.1 that affects the /studentLogin/studentLogin.action endpoint. This weakness allows an attacker to manipulate the userId parameter, potentially leading to unauthorized access and data manipulation. The exploit can be execu...