Publicly Disclosed
PoC Exploits

The xml-crypto library, utilized for digital signatures and encryption in Node.js, has a vulnerability that allows attackers to manipulate signed XML documents. This manipulation can bypass authentication or authorization checks, potentially enabling privilege escalation or user impersonation for...

An authenticated Cacti user can exploit vulnerabilities in the graph creation and graph template features to execute arbitrary PHP scripts within the web root of the application. This unauthorized script execution can lead to significant security breaches, allowing attackers to compromise the ser...

The NBMonitor software version 1.6.8 is susceptible to a denial of service vulnerability. An attacker can exploit this weakness by inputting a lengthy 256-character buffer into the registration code field. This action can lead to a crash of the application, resulting in system instability. Such v...

Nsauditor version 3.2.3 is affected by a denial of service vulnerability that can be exploited via an oversized input in the registration code field. An attacker can trigger an application crash by pasting a large buffer of repeated characters into the 'Key' field, thus rendering the application ...

Backup Key Recovery version 2.2.7 is susceptible to a denial of service vulnerability where an attacker can exploit a buffer overflow in the registration code input field. By inputting a long sequence of repeated characters, malicious actors can destabilize the application, leading to potential c...

GravCMS version 1.10.7 is vulnerable to an unauthenticated flaw that enables remote attackers to exploit the scheduler endpoint. By manipulating the admin-nonce parameter, attackers can inject base64-encoded payloads to create malicious custom jobs. This compromise permits the execution of arbitr...

WibuKey Runtime version 6.51 is susceptible to a local code execution vulnerability due to an unquoted service path in the WkSvW32.exe service. This flaw allows local attackers to potentially execute arbitrary code through the exploitation of the unquoted executable path located at 'C:\PROGRAM FI...

The Grocery Crud version 1.6.4 is vulnerable to SQL injection via the 'order_by' parameter in POST requests at the ajax_list endpoint. This flaw enables remote attackers to craft malicious SQL queries, which can manipulate database operations, allowing unauthorized access to or modification of se...

Disk Sorter Enterprise 13.6.12 has an unquoted service path in its Windows service configuration, which can be exploited by local attackers. This vulnerability allows users with local access to inject malicious executables into the unquoted path located at 'C:\Program Files\Disk Sorter Enterprise...

Sync Breeze 13.6.18 is susceptible to an unquoted service path vulnerability in its Windows service configuration. This flaw exposes the software to local attackers who can exploit the improperly configured service paths in 'Program Files' directories. By injecting malicious executables, an attac...

Cotonti Siena version 0.9.19 is susceptible to a stored cross-site scripting flaw within its admin configuration panel. The vulnerability arises when an attacker manipulates the 'maintitle' parameter to inject malicious JavaScript code. This code triggers when an administrator views the affected ...

Disk Savvy version 13.6.14 contains a vulnerability in its Windows service configuration due to the use of an unquoted service path. This flaw can allow local attackers to exploit the service path, leading to the execution of arbitrary code with elevated LocalSystem privileges. By injecting malic...

Dup Scout 13.5.28 presents a security flaw stemming from an unquoted service path in its Windows service configuration. This loophole allows local attackers to potentially execute arbitrary code by exploiting the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe'. By injecting m...

Wise Care 365 version 5.6.7.568 contains a vulnerability related to an unquoted service path in the WiseBootAssistant service. This flaw allows attackers to place a malicious executable within the service path, which, upon service restart, executes with elevated LocalSystem privileges, potentiall...

iFunbox 4.2 is susceptible to an unquoted service path vulnerability in the Apple Mobile Device Service. This flaw allows local attackers to execute arbitrary code with elevated privileges by inserting a malicious executable into the unquoted service path. When the service restarts, the malicious...

Vianeos OctoPUS 5 is susceptible to a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication processes. This flaw allows attackers to launch specially crafted POST requests containing malicious SQL payloads, which can manipulate database sleep functions t...

b2evolution version 7.2.2 is susceptible to a cross-site request forgery vulnerability, which enables attackers to alter administrator account details without the need for authentication. By creating a malicious HTML form and enticing users to load a specifically designed webpage, attackers can s...

NoteBurner 2.35 has a vulnerability in its license code input field that allows for a buffer overflow. Malicious actors can exploit this flaw by entering a crafted payload of up to 6000 bytes into the 'Name' and 'Code' fields, leading to an unexpected application crash. This poses a risk of Denia...

Leawo Prof. Media version 11.0.0.1 is vulnerable to a Denial of Service due to improper handling of input in the activation keycode field. An attacker can exploit this vulnerability by sending an oversized payload, specifically a 6000-byte buffer filled with repeated characters. When this payload...

GeoVision GeoWebServer version 5.3.3 is susceptible to multiple vulnerabilities that can lead to local file inclusion, cross-site scripting (XSS), and remote code execution. Attackers can exploit the WebStrings.srf endpoint by leveraging improper input sanitization, allowing for path traversal an...

The Denver SHC-150 Smart Wifi Camera suffers from a significant vulnerability due to hardcoded telnet credentials. This issue enables unauthorized attackers to connect to the camera via port 23, allowing them to execute arbitrary commands on the device's Linux operating system. This risk can lead...

ZesleCP version 3.1.9 is susceptible to an authenticated remote code execution vulnerability that allows malicious users to create FTP accounts embedding shell injection payloads. This exploitation occurs through the FTP account creation endpoint, where attackers can inject reverse shell commands...

Telegram Desktop version 2.9.2 is susceptible to a denial of service vulnerability that enables attackers to crash the application. This vulnerability is exploited by sending an oversized message payload, with the capability to generate a buffer of up to 9 million bytes, effectively causing the a...

ZesleCP version 3.1.9 is susceptible to an authenticated remote code execution vulnerability that allows malicious users to create FTP accounts embedding shell injection payloads. This exploitation occurs through the FTP account creation endpoint, where attackers can inject reverse shell commands...

Remote Mouse 4.002 has a significant vulnerability stemming from an unquoted service path, which can be exploited by local attackers. This weakness enables unauthorized users to execute arbitrary code with elevated system privileges. By leveraging the unquoted service path in the RemoteMouseServi...

Active WebCam 11.5 suffers from an unquoted service path vulnerability that may allow local attackers to execute arbitrary code with elevated privileges. By leveraging the misconfiguration in the service path, attackers can place malicious executables in designated directories, thus gaining unaut...

The SmartFTP Client version 10.0.2909.0 has multiple vulnerabilities that allow attackers to exploit the application through denial of service attacks. By manipulating specific inputs, such as entering malformed file paths, using invalid IP addresses, or altering the connection history, attackers...

WebsiteBaker version 2.13.0 is affected by a vulnerability that allows users with language editing permissions to execute arbitrary code on the server. This flaw is exploitated through the language installation endpoint, which can be manipulated via specially crafted language installation paramet...

The Yenkee Hornet Gaming Mouse driver, GM312Fltr.sys, is susceptible to a buffer overrun vulnerability that can lead to a system crash. This vulnerability enables attackers to exploit the driver's functionality by sending oversized input (up to 2000 bytes) via the DeviceIoControl API. When the ov...

The Yenkee Hornet Gaming Mouse driver, GM312Fltr.sys, is susceptible to a buffer overrun vulnerability that can lead to a system crash. This vulnerability enables attackers to exploit the driver's functionality by sending oversized input (up to 2000 bytes) via the DeviceIoControl API. When the ov...

The Redragon Gaming Mouse driver is susceptible to a denial of service attack due to a kernel-level vulnerability. Attackers may exploit this flaw by sending malformed IOCTL requests containing a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device. Such an attack can...

The TotalAV version 5.15.69 is affected by an unquoted service path vulnerability, which allows an attacker to exploit service path configuration due to improperly specified service paths. This can potentially lead to the execution of malicious executables with SYSTEM-level privileges, putting th...

The Redragon Gaming Mouse driver is susceptible to a denial of service attack due to a kernel-level vulnerability. Attackers may exploit this flaw by sending malformed IOCTL requests containing a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device. Such an attack can...

Phpwcms version 1.9.30 has a vulnerability that permits authenticated users to upload malicious SVG files containing embedded JavaScript through its multiple file upload feature. This can lead to potential cross-site scripting (XSS) attacks, enabling attackers to execute arbitrary scripts in the ...

Ether MP3 CD Burner version 1.3.8 suffers from a buffer overflow vulnerability in its registration name field. This weakness can be exploited by attackers to perform remote code execution. By crafting a malicious input, an attacker can overwrite Structured Exception Handling (SEH) handlers, there...

A SQL injection vulnerability exists in Odine Solutions GateKeeper 1.0, specifically within the trafficCycle API endpoint. This flaw enables remote attackers to execute unauthorized SQL queries via crafted payloads sent to the /rass/api/v1/trafficCycle/ endpoint. If exploited, this vulnerability ...

Macro Expert 4.7 is susceptible to an unquoted service path vulnerability, where local users can exploit the misconfigured service path. This vulnerability enables attackers to execute arbitrary code with elevated privileges by injecting malicious executables that are executed with LocalSystem pe...

The Dolibarr ERP-CRM version 14.0.2 features a stored cross-site scripting vulnerability within its ticket creation module. This flaw enables low-privilege users to embed malicious JavaScript within ticket messages. When an administrator copies the message text, the embedded script executes, pote...

Laravel Valet versions 1.1.4 to 2.0.3 are susceptible to a local privilege escalation vulnerability. This flaw allows attackers to manipulate the symlinked valet command, enabling them to execute arbitrary code with root privileges without requiring further authentication. Such unauthorized acces...

The SysGauge Server 7.9.18 application is exposed to an unquoted service path vulnerability that can be exploited by local attackers. This vulnerability resides in the binary path configuration found in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe'. By taking advantage of the improperly form...

The Brother BRAgent version 1.38 contains a vulnerability characterized by an unquoted service path in the WBA_Agent_Client service. This service operates with LocalSystem privileges, which allows potential attackers to exploit the unquoted path located in C:\Program Files (x86)\Brother\BRAgent\....

The Brother BRPrint Auditor 3.0.7 is vulnerable due to improper configuration of its Windows service paths. This unquoted service path issue can allow local attackers to exploit the affected services - namely BrAuSvc and BRPA_Agent. By injecting malicious executables into these unquoted file path...

DiskPulse Enterprise 13.6.14 is vulnerable due to an unquoted service path in its Windows service configuration. This flaw can be exploited by local attackers to execute arbitrary code on the system. By manipulating the service path found at 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe...

SmarterTrack 7922 has a vulnerability in its Chat Management search form that exposes sensitive agent information. Through the compromised /Management/Chat/frmChatSearch.aspx endpoint, attackers can retrieve the first and last names of agents, as well as their unique identifiers, posing a risk to...

The Changjetong T+ application exhibits a deserialization vulnerability in its AjaxPro endpoint, allowing remote attackers to send specially crafted requests. By exploiting the deserialization of attacker-controlled .NET types, an adversary can invoke arbitrary methods, such as System.Diagnostics...

The Uploadify plugin for WordPress, up to version 1.0, is susceptible to an arbitrary file upload vulnerability due to inadequate file type validation in the process_upload.php script. This flaw allows unauthenticated remote attackers to upload malicious files to the affected WordPress site. By e...

A local information disclosure vulnerability exists in the Ludashi driver prior to version 5.1025 due to insufficient access controls in the IOCTL handler. This weakness allows normal users to gain unauthorized access to a device interface that exposes lower 4GB of physical memory, enabling the m...

A vulnerability in the file session storage mechanism of React Router and Remix allows potential attackers to manipulate session data if an unsigned cookie is utilized with createFileSessionStorage(). This could lead to unauthorized attempts to read or write session data from locations outside th...

The News and Blog Designer Bundle plugin for WordPress presents a serious Local File Inclusion vulnerability, impacting all versions up to and including 1.1. By exploiting the template parameter, unauthenticated attackers can include and execute arbitrary .php files from the server. This vulnerab...

Tagstoo version 2.0.1 has a stored cross-site scripting flaw that allows attackers to inject malicious scripts through files or custom tags. This vulnerability can be exploited to execute arbitrary JavaScript code, potentially leading to unauthorized system processes, file access, and remote code...