Publicly Disclosed
PoC Exploits

The Sudo software, prior to version 1.9.17p1, contains a vulnerability that enables local users to gain root access through improper handling of configuration files. Specifically, when the optional --chroot command is used, the software incorrectly processes the /etc/nsswitch.conf file from a use...

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially ma...

The vulnerability arises from inadequate input validation in the NetScaler Management Interface, potentially allowing attackers to exploit memory overread conditions. This could lead to unauthorized access or exposure of sensitive information within the NetScaler ADC and NetScaler Gateway product...

A buffer overflow vulnerability in the WinaXe FTP Client version 7.7 occurs when the software processes an excessively long '220 Server Ready' response during FTP banner parsing. This flaw, found in the WCMDPA10.dll component, enables an attacker to execute arbitrary code, potentially compromisin...

A buffer overflow vulnerability in the WinaXe FTP Client version 7.7 occurs when the software processes an excessively long '220 Server Ready' response during FTP banner parsing. This flaw, found in the WCMDPA10.dll component, enables an attacker to execute arbitrary code, potentially compromisin...

A buffer overflow vulnerability in the WinaXe FTP Client version 7.7 occurs when the software processes an excessively long '220 Server Ready' response during FTP banner parsing. This flaw, found in the WCMDPA10.dll component, enables an attacker to execute arbitrary code, potentially compromisin...

An unauthenticated command injection vulnerability exists in the WePresent WiPG-1000 firmware due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The vulnerable Client parameter is not properly sanitized before being passed to a system call, enabling an unauthenticated ...

An unauthenticated command injection vulnerability exists in the WePresent WiPG-1000 firmware due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The vulnerable Client parameter is not properly sanitized before being passed to a system call, enabling an unauthenticated ...

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware, specifically in versions up to 15.1, through the ELFinder component's default connector. This flaw allows remote attackers to upload and execute malicious PHP scripts on the server. The vulnerability stems f...

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware, specifically in versions up to 15.1, through the ELFinder component's default connector. This flaw allows remote attackers to upload and execute malicious PHP scripts on the server. The vulnerability stems f...

An authenticated command injection vulnerability exists in Tiki Wiki CMS that allows attackers to execute arbitrary PHP code via the `viewmode` GET parameter in `tiki-calendar.php` when the calendar module is active. This issue arises when an authenticated user with appropriate permissions access...

An authenticated command injection vulnerability exists in Tiki Wiki CMS that allows attackers to execute arbitrary PHP code via the `viewmode` GET parameter in `tiki-calendar.php` when the calendar module is active. This issue arises when an authenticated user with appropriate permissions access...

An authenticated multi-stage vulnerability affects Riverbed SteelCentral NetProfiler and NetExpress virtual appliances. It begins with a SQL injection in the '/api/common/1.0/login' endpoint, allowing attackers to create unauthorized user accounts in the appliance database. This unauthorized user...

An authenticated multi-stage vulnerability affects Riverbed SteelCentral NetProfiler and NetExpress virtual appliances. It begins with a SQL injection in the '/api/common/1.0/login' endpoint, allowing attackers to create unauthorized user accounts in the appliance database. This unauthorized user...

An authenticated remote code execution vulnerability allows users with Superuser privileges to upload and activate malicious plugins in Matomo versions before 3.0.3. This enables arbitrary PHP code execution on the host system due to the inadequate validation of uploaded ZIP archives. As a precau...

A buffer overflow vulnerability has been identified in PDF Shaper versions 3.5 and 3.6. This flaw occurs when users utilize the 'Convert PDF to Image' feature with specially crafted PDF files. Through social engineering tactics, an attacker can trick users into opening such files, potentially all...

A buffer overflow vulnerability has been identified in PDF Shaper versions 3.5 and 3.6. This flaw occurs when users utilize the 'Convert PDF to Image' feature with specially crafted PDF files. Through social engineering tactics, an attacker can trick users into opening such files, potentially all...

The PSEvents.exe component in several Panda Security applications operates with elevated SYSTEM privileges and is susceptible to loading DLL files from directories that can be modified by users. This vulnerability allows attackers with limited access to exploit the situation by placing malicious ...

The PSEvents.exe component in several Panda Security applications operates with elevated SYSTEM privileges and is susceptible to loading DLL files from directories that can be modified by users. This vulnerability allows attackers with limited access to exploit the situation by placing malicious ...

An authenticated command injection flaw exists in OP5 Monitor through version 7.1.9. This vulnerability arises from improper handling of the 'cmd_str' parameter in the command_test.php endpoint, allowing a user with valid access to the web interface to leverage the 'Test this command' feature to ...

An authenticated command injection flaw exists in OP5 Monitor through version 7.1.9. This vulnerability arises from improper handling of the 'cmd_str' parameter in the command_test.php endpoint, allowing a user with valid access to the web interface to leverage the 'Test this command' feature to ...

A remote command execution vulnerability exists in IPFire prior to version 2.19 Core Update 101. This security flaw allows authenticated attackers to inject arbitrary shell commands through crafted inputs in the NCSA user creation form fields accessed via the 'proxy.cgi' CGI interface. Successful...

A remote command execution vulnerability exists in IPFire prior to version 2.19 Core Update 101. This security flaw allows authenticated attackers to inject arbitrary shell commands through crafted inputs in the NCSA user creation form fields accessed via the 'proxy.cgi' CGI interface. Successful...

A remote command execution vulnerability exists in IPFire prior to version 2.19 Core Update 101. This security flaw allows authenticated attackers to inject arbitrary shell commands through crafted inputs in the NCSA user creation form fields accessed via the 'proxy.cgi' CGI interface. Successful...

A stack-based buffer overflow vulnerability is present in the built-in web interface of DiskBoss Enterprise. This issue stems from insufficient bounds checking on the URI component of HTTP GET requests. An attacker can exploit this vulnerability by crafting an unusually long URI that may lead to ...

A stack-based buffer overflow vulnerability is present in the built-in web interface of DiskBoss Enterprise. This issue stems from insufficient bounds checking on the URI component of HTTP GET requests. An attacker can exploit this vulnerability by crafting an unusually long URI that may lead to ...

A stack-based buffer overflow vulnerability is present in the built-in web interface of DiskBoss Enterprise. This issue stems from insufficient bounds checking on the URI component of HTTP GET requests. An attacker can exploit this vulnerability by crafting an unusually long URI that may lead to ...

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker could exploit this flaw by sending a specially crafted HTTP POST request to the /login endpoint, containing an excessively long username parameter which triggers the ...

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker could exploit this flaw by sending a specially crafted HTTP POST request to the /login endpoint, containing an excessively long username parameter which triggers the ...

A directory traversal vulnerability in ColoradoFTP Server for Windows allows unauthenticated users to access and manipulate files outside the designated FTP root directory. This flaw arises from inadequate validation of user-supplied file paths during FTP GET and PUT operations. By exploiting thi...

A directory traversal vulnerability in ColoradoFTP Server for Windows allows unauthenticated users to access and manipulate files outside the designated FTP root directory. This flaw arises from inadequate validation of user-supplied file paths during FTP GET and PUT operations. By exploiting thi...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A path traversal vulnerability exists in YiJiuSmile's kkFileViewOfficeEdit, affecting the deleteFile function located in the /deleteFile endpoint. An attacker can exploit this vulnerability by manipulating the fileName argument, enabling unauthorized access to sensitive files on the server. This ...

A security flaw has been identified in YiJiuSmile's kkFileViewOfficeEdit product, specifically within the 'fileUpload' function. This vulnerability allows remote attackers to upload malicious files without proper restrictions, potentially leading to harmful exploits. The software employs a rollin...

A path traversal vulnerability exists in the YiJiuSmile kkFileViewOfficeEdit product's onlinePreview function. This issue arises from inadequate input validation in the argument 'url', allowing remote attackers to manipulate file paths and potentially access sensitive files on the server. The vul...

A path traversal vulnerability exists in the YiJiuSmile kkFileViewOfficeEdit application, specifically affecting the download function. By manipulating the 'url' argument in the /download endpoint, an attacker could potentially access files outside the intended directory, leading to exposure of s...

The Nuxt framework, an open-source tool designed for building Vue.js applications, has a vulnerability that allows for cache poisoning. This issue arises when a specially crafted HTTP request is sent to a server using a CDN. If the CDN improperly caches responses, it can serve poisoned data to su...

A vulnerability has been identified in the gmg137 Snap7-rs product, specifically within the Public API's pthread_cond_destroy function. This flaw allows for potential memory corruption, which can be exploited by malicious actors. Public disclosures of this exploit highlight its significance, emph...

A command injection vulnerability exists in the TOTOLINK T6 version 4.1.5cu.748, specifically within the HTTP POST Request Handler. The issue arises from improper handling of the 'ip' argument in the function clearPairCfg in the file /cgi-bin/cstecgi.cgi. This vulnerability enables an attacker to...

A command injection vulnerability exists in the TOTOLINK T6 product, specifically within the delDevice function in the cgi-bin/cstecgi.cgi file. An attacker can exploit this weakness by manipulating the ipAddr argument through crafted HTTP POST requests, allowing for remote command execution. The...

A command injection vulnerability exists in the TOTOLINK T6 router's HTTP POST Request Handler, specifically within the CloudSrvVersionCheck function. An unauthorized attacker can exploit this vulnerability by manipulating the 'ip' argument in the /cgi-bin/cstecgi.cgi file. This allows for arbitr...

A vulnerability exists in the code of Code-Projects Mobile Shop version 1.0, where an erroneous handling of the 'email' argument in the /login.php file allows for SQL injection. This vulnerability can be exploited remotely, potentially granting unauthorized access to sensitive data. Public disclo...

A SQL injection vulnerability has been identified in the Wedding Reservation application version 1.0 developed by Code-Projects. This flaw resides in the /global.php file, where improper handling of the 'lu' argument allows an attacker to manipulate database queries. The exploitation of this vuln...

A serious SQL injection vulnerability has been identified in the Electricity Billing System by Code-Projects, specifically within the file /user/change_password.php. This flaw exists due to insufficient validation of the user-supplied input in the new_password parameter. Attackers can exploit thi...

An SQL injection vulnerability has been discovered in the Simple Shopping Cart version 1.0. The issue resides in the processing of user input within the register.php file, specifically the ruser_email parameter. An attacker can exploit this flaw to execute arbitrary SQL queries, potentially leadi...

A SQL injection vulnerability exists in the Simple Shopping Cart 1.0 application, specifically within the /userlogin.php file. This flaw allows an attacker to manipulate the 'user_email' argument, which can lead to unauthorized access and data exposure. The exploit can be initiated remotely, ampl...

A security flaw has been identified in the Code-Projects Simple Shopping Cart version 1.0, where improper handling of the argument 'order_price' in the '/Customers/save_order.php' file allows for SQL injection attacks. This vulnerability can be exploited remotely, enabling attackers to manipulate...

A serious SQL injection vulnerability has been identified in AVL Rooms 1.0, specifically in the handling of the 'city' parameter within the /city.php file. This flaw allows an attacker to manipulate SQL queries through crafted inputs, leading to unauthorized access to the database. The issue can ...

A security vulnerability exists in Code-Projects AVL Rooms 1.0 within the /profile.php file due to improper handling of the first_name parameter, which allows for SQL injection attacks. This vulnerability can be exploited remotely by attackers, enabling them to manipulate database queries and pot...