Publicly Disclosed
PoC Exploits

An authentication bypass vulnerability exists in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1, enabling remote unauthenticated attackers to create arbitrary administrative accounts. This flaw compromises the security model of the application, allowing malicious users full adminis...

The BetterDocs Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit a Local File Inclusion (LFI) flaw through the 'doc_style' parameter. This security issue affects versions up to and including 3.8.0, enabling attackers to include and execute arbitrar...

Joomla JHotelReservation version 6.0.7 is susceptible to an SQL injection flaw that enables unauthenticated attackers to execute arbitrary SQL queries through the 'rooms' parameter. By sending specially crafted POST requests to the 'search-hotels' endpoint, attackers can manipulate the SQL execut...

The jCart component for OpenCart version 2.0, developed by Joomla!, is susceptible to an SQL injection vulnerability that permits unauthenticated attackers to manipulate database queries. By sending specially crafted GET requests to the index.php endpoint with the option=com_jcart&route=product/p...

The Joomla! Component Extra Search version 2.2.8 is susceptible to an SQL injection flaw, allowing attackers who are not authenticated to execute unauthorized SQL code. By sending specially crafted GET requests to index.php with the option=com_extrasearch parameter, they can manipulate the establ...

The Myportfolio component for Joomla version 3.0.2 contains a significant SQL injection vulnerability, allowing attackers to exploit the pid parameter. By sending specially crafted GET requests to index.php with malicious pid values at the task=project&view=grid endpoint, unauthorized individuals...

The Joomla Payage 2.05 version is affected by a SQL injection vulnerability that occurs through the 'aid' parameter in the make_payment task. This flaw enables unauthenticated attackers to inject malicious SQL code via crafted GET requests to index.php. By manipulating these requests, attackers c...

The JoomRecipe component version 1.0.3 for Joomla is affected by an SQL injection vulnerability that can be exploited by unauthenticated attackers. By sending specially-crafted GET requests to the all-recipes endpoint, attackers can inject malicious SQL code through the category parameter, enabli...

The Joomla JoomRecipe 1.0.4 component is susceptible to a blind SQL injection vulnerability via the search_author parameter on the search results page. This flaw allows attackers to send specially crafted POST requests that can manipulate SQL queries, enabling them to retrieve sensitive database ...

The SIMGenealogy component for Joomla! version 2.1.5 is susceptible to an SQL injection vulnerability. Malicious actors can exploit this flaw by sending crafted GET requests to index.php, allowing them to manipulate database queries through the vulnerable type parameter. This could lead to unauth...

The PHP-Bridge component for Joomla! version 1.2.3 is susceptible to an SQL injection vulnerability. This flaw enables unauthenticated attackers to execute arbitrary SQL commands by exploiting the 'id' parameter in GET requests directed at index.php with specific options. By injecting malicious S...

The Joomla LMS King Professional version 3.2.4.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to alter database queries. By injecting malicious SQL code through the cp_id parameter, an attacker can issue crafted GET requests to index.php, exploiting spec...

Joomla Event Registration Pro Calendar version 4.1.3 contains a vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands. By crafting specific GET requests that manipulate the id parameter, attackers can inject malicious SQL code. This exposes the database to unauthor...

The Joomla Ultimate Property Listing version 1.0.2 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to execute arbitrary SQL commands. By manipulating the sf_selectuser_id parameter in the request, attackers can send specially crafted GET requests to index.p...

The Joomla StreetGuessr Game version 1.1.8 is susceptible to an SQL injection vulnerability that permits unauthenticated users to perform arbitrary SQL commands. By manipulating the 'catid' parameter within GET requests directed at 'index.php' with the parameters 'option=com_streetguess&view=maps...

The Twitch TV Component for Joomla! version 1.1 is susceptible to SQL injection, allowing attackers to execute arbitrary SQL queries by manipulating the 'username' and 'id' parameters. By sending specially crafted GET requests to index.php with the parameters 'option=com_twitchtv' and 'view', att...

The Joomla! Component KissGallery 1.0.0 has a significant SQL injection vulnerability that enables unauthorized attackers to inject SQL statements through the component's URL. This flaw allows malicious users to manipulate database queries, potentially leading to unauthorized data extraction and ...

The Joomla! Component Zap Calendar Lite version 4.3.4 is impacted by an SQL injection vulnerability that permits unauthenticated attackers to execute arbitrary SQL commands. By exploiting the 'eid' parameter via crafted GET requests targeting the RSVP plugin endpoint, attackers can inject malicio...

The Joomla! Component Calendar Planner version 1.0.1 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to execute arbitrary SQL queries via the category_id parameter. By manipulating this parameter in GET requests to the events view, attackers can potentially...

The Joomla SP Movie Database version 1.3 contains a SQL injection vulnerability that can be exploited by unauthenticated attackers. By injecting malicious SQL code through the searchword parameter, attackers can manipulate search queries and potentially access sensitive information stored in the ...

The Joomla! Component Flip Wall version 8.0 is affected by an SQL injection vulnerability that enables unauthorized attackers to conduct arbitrary SQL queries by exploiting the wallid parameter. By sending specifically crafted GET requests to the index.php file with the parameters option=com_flip...

The Joomla! Component Sponsor Wall version 8.0 is susceptible to an SQL injection vulnerability. This flaw allows attackers, without authentication, to craft malicious GET requests targeting the wallid parameter. By including SQL injection payloads in the request, attackers can execute arbitrary ...

The Joomla! Component FocalPoint Pro/Free 1.2.3 is susceptible to SQL injection attacks via the 'id' parameter. This flaw allows unauthenticated assailants to manipulate SQL queries, potentially leading to the extraction of sensitive information from the database. Attackers can exploit this vulne...

The Joomla! Component Ajax Quiz 1.8 is susceptible to an SQL injection vulnerability. This security issue enables unauthorized attackers to execute arbitrary SQL queries by manipulating the 'cid' parameter in GET requests. By exploiting the vulnerability, an attacker can leverage the 'option=com_...

The Joomla! Component Bargain Product VM3 1.0 is susceptible to SQL injection, which allows unauthenticated attackers to execute arbitrary SQL commands through the product_id parameter. By manipulating GET requests to specific views, such as brainy and alice, attackers can extract sensitive infor...

The Joomla! Component Price Alert version 3.0.2 is susceptible to an SQL injection vulnerability that can be exploited by unauthenticated attackers. By manipulating the product_id parameter in requests sent to the subscribeajax view, attackers can inject malicious SQL code. This could allow them ...

Joomla OSDownloads 1.7.4 is susceptible to an SQL injection vulnerability, enabling unauthorized attackers to inject and execute arbitrary SQL commands via the 'id' parameter. By constructing a specific GET request to index.php with parameters such as option=com_osdownloads&view=item&id=[SQL], at...

The RPC Responsive Portfolio component for Joomla! version 1.6.1 is susceptible to an SQL injection vulnerability. This weakness allows unauthorized attackers to manipulate SQL queries through malicious code injection via the 'id' parameter. By sending specially crafted GET requests to the index....

The Joomla! Component Quiz Deluxe version 3.7.4 is prone to an SQL injection vulnerability that enables unauthorized attackers to execute arbitrary SQL commands through specific parameters in the ajaxaction.flag_question task. By injecting malicious SQL code into the 'stu_quiz_id' or 'flag_quest'...

Joomla Survey Force Deluxe version 3.2.4 is susceptible to an SQL injection vulnerability that allows attackers to send crafted GET requests. By manipulating the 'invite' parameter with malicious SQL code, unauthorized users can execute arbitrary SQL queries, compromising the security of sensitiv...

The JB Visa component for Joomla! version 1.0 contains a SQL injection vulnerability that allows attackers to execute arbitrary SQL queries without authentication. By manipulating the 'visatype' parameter in GET requests directed to index.php with specified options, attackers can successfully inj...

The Joomla! Component User Bench version 1.0 is susceptible to an SQL injection vulnerability that permits unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious payloads into the userid parameter of GET requests directed to index.php with the option=c...

The Joomla! Component My Projects version 2.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to execute arbitrary SQL commands. By exploiting this flaw via the VerAyari parameter, attackers can inject harmful payloads into requests directed at the componen...

The Joomla NextGen Editor version 2.1.0 is susceptible to an SQL injection flaw. This vulnerability arises when attackers exploit the plname parameter within GET requests directed at index.php, specifically with the option=com_nge&view=config. Unauthenticated individuals can inject malicious SQL ...

AVAST Antivirus 25.11 is susceptible to an unquoted service path vulnerability in its SecureLine service. This flaw allows local non-privileged users to execute arbitrary code with elevated SYSTEM permissions. By exploiting the improperly configured binary path, attackers can execute malicious ex...

Chromacam versions prior to 4.0.3.0 are susceptible to an unquoted service path vulnerability in the PsyFrameGrabberService. This flaw allows local attackers with write access to critical directories like C:\ or C:\Program Files (x86)\Personify\ to execute arbitrary code by placing malicious exec...

Malwarebytes 4.5 contains a vulnerability in its MBAMService executable related to unquoted service paths. This allows local attackers to escalate their privileges by injecting malicious code into designated system directories. When service startup or system reboot occurs, executables placed in t...

Wondershare PDFelement 5.2.9 has a security flaw resulting from an unquoted service path in the WsAppService Windows service. This vulnerability enables local attackers to exploit the service path and insert a malicious executable. When the service restarts or the system reboots, the malicious co...

The SAPSprint service in Brother's SAPSprint 7.60 product is susceptible to an unquoted service path vulnerability, which permits local attackers to gain elevated privileges. By placing a malicious executable within the Program Files directory, attackers can have this executable run with LocalSys...

The Winstep Xtreme Service version 18.06.0096 is susceptible to an unquoted service path vulnerability. This issue allows local attackers to escalate privileges by placing malicious executables in the Program Files directory. When the Winstep Xtreme Service starts, it may inadvertently execute th...

The RealTimes Desktop Service version 18.1.4 contains a security flaw due to an unquoted service path in the rpdsvc.exe binary. This vulnerability allows local attackers to exploit the service by placing malicious executables in directories included in the unquoted path. As a result, during servi...

The Realtek Audio Service version 1.0.0.55 is susceptible to an unquoted service path vulnerability. This flaw allows local attackers to escalate their privileges by leveraging the RtkAudioService64.exe executable. By placing malicious files in the unquoted service path, an attacker can execute a...

The TFTP Broadband 4.3.0.1465 version suffers from an unquoted service path vulnerability within the tftpt.exe service binary. This flaw enables local attackers to exploit the service by placing a malicious executable in the Program Files directory path, allowing it to be executed with LocalSyste...

Network Inventory Advisor 5.0.26.0 is susceptible to a privilege escalation vulnerability due to the installation of the niaservice service with an unquoted binary path. This design flaw enables local attackers to place malicious executables in intermediate directories, allowing them to execute a...

AnyDesk version 2.5.0 is affected by an unquoted service path vulnerability, allowing local users to execute arbitrary code with SYSTEM privileges. By exploiting this flaw, attackers can place malicious executables into the system root path, enabling them to run with elevated privileges whenever ...

Matrix42 Remote Control Host version 3.20.0031 is vulnerable to an unquoted service path issue in its FastViewerRemoteService and FastViewerRemoteProxy services. This vulnerability allows local users to execute arbitrary code with SYSTEM privileges. By placing a malicious executable within the Pr...

The vulnerability in Wise Care 365 and Wise Disk Cleaner stems from unquoted service paths within the WiseBootAssistant and SpyHunter 4 Service. Local users can exploit this flaw to execute arbitrary code with elevated SYSTEM privileges. By inserting malicious executables into the system root pat...

NetDrive 2.6.12 contains a vulnerability in its service that allows local users to exploit an unquoted service path. This flaw enables attackers to place malicious executables in the system root path, which can be executed with SYSTEM privileges during the service startup or upon system reboot. S...

Windows Firewall Control version 4.8.6.0 is affected by an unquoted service path vulnerability that could allow local attackers to escalate privileges. By inserting malicious executables into unquoted directories within the service path, an attacker can execute these files with LocalSystem privil...

The Comodo Dragon Browser versions up to 52.15.25.663 are susceptible to a privilege escalation issue stemming from the DragonUpdater service. This vulnerability is caused by an unquoted service path running with SYSTEM privileges, allowing local attackers to place malicious executables within th...