Publicly Disclosed
PoC Exploits

A vulnerability in lKinderBueno Streamity Xtream IPTV Player versions up to 2.8 allows for server-side request forgery due to flaws in the public/proxy.php file. Attackers can remotely exploit this weakness, resulting in unauthorized server requests. To mitigate this risk, users should upgrade to...

A vulnerability exists in the SourceCodester Online Student Clearance System 1.0 that can be exploited through the hidden functionality in the /Admin/changepassword.php file. By manipulating the input argument 'txtconfirm_password', attackers can execute SQL injection attacks remotely, compromisi...

The Broken Link Manager plugin for WordPress versions up to 0.6.5 is vulnerable to Reflected Cross-Site Scripting (XSS) due to improper sanitization and escaping of parameters before they are output back to the web page. This weakness could be exploited by attackers to inject malicious scripts, p...

The Frontend Posting plugin for WordPress, prior to version 5.0.0, contains an Open Redirect vulnerability due to inadequate validation of user parameters. This flaw allows attackers to manipulate redirect URLs, potentially leading users to malicious domains without their knowledge. Such vulnerab...

The Backup Migration WordPress plugin suffers from a critical issue where it improperly generates the backup path under certain server configurations. This flaw permits unauthenticated users to access and download sensitive log files that disclose the backup filename. As a result, backup archives...

The WordPress eCommerce Plugin prior to version 2.9.0 is prone to a reflected cross-site scripting vulnerability due to improper sanitization and escaping of a user-supplied parameter. This flaw enables attackers to inject malicious scripts into web pages viewed by users, particularly affecting h...

A security flaw has been identified in the COVID Tracking System 1.0 developed by Code-Projects, affecting the file /login.php. The vulnerability allows remote attackers to manipulate the 'code' parameter, resulting in SQL injection. This exploitation may lead to unauthorized access and potential...

A security vulnerability has been identified in Eigenfocus software, specifically affecting versions up to 1.4.0. This issue arises from the improper handling of input in the Description Handler component, allowing malicious users to manipulate the 'entry.description' and 'time_entry.description'...

A vulnerability exists in the code-projects Question Paper Generator 1.0 related to the POST Parameter Handler. Specifically, the file /signupscript.php is susceptible to SQL injection attacks when the argument Fname is manipulated. This vulnerability allows for remote attackers to execute unauth...

A security flaw has been identified in Jonnys Liquor 1.0 that allows for SQL injection through improper handling of GET parameters. Specifically, manipulating the 'Product' argument in the /detail.php file can lead to remote code execution vulnerabilities. This flaw poses a significant risk as it...

A vulnerability exists in the itsourcecode Student Information System 1.0 related to the manipulation of the 'schedule_id' parameter in the file /schedule_edit1.php. This flaw enables an attacker to execute SQL injection attacks, potentially compromising the database. The exploit can be conducted...

A vulnerability exists in the Code-Projects Library System 1.0, specifically in the mail.php file, where improper handling of the argument ID can lead to SQL injection attacks. This flaw allows attackers to manipulate SQL queries, potentially compromising sensitive data. The attack can be initiat...

A vulnerability exists in Code-Projects Library System version 1.0, specifically in the /return.php file’s handling of the argument ID. This flaw allows attackers to manipulate SQL queries, leading to potential unauthorized data access and compromise. The SQL injection can be executed remotely, p...

A security flaw exists in code-projects Library System version 1.0 that allows attackers to exploit the Login component via the /index.php file. Malicious manipulation of the Username argument can lead to SQL injection, which permits unauthorized access to the database. This vulnerability can be ...

A vulnerability exists in code-projects Blog Site 1.0, specifically within a function in the /admin.php file, leading to improper authorization. This vulnerability allows attackers to manipulate requests for unauthenticated access to sensitive endpoints, potentially compromising the integrity and...

A security issue has been identified in Code-Projects Blog Site 1.0, specifically within the Category Handler component. The vulnerability resides in the function 'category_exists' in the file '/resources/functions/blog.php'. An attacker can manipulate the argument name or field, leading to SQL i...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

A vulnerability has been identified in the Simple Food Ordering System version 1.0, specifically within the functionality of the file /listorder.php. By manipulating the input argument ID, attackers can execute an SQL injection, potentially allowing them to compromise the database. The risk of th...

A SQL injection vulnerability exists in the itsourcecode COVID Tracking System 1.0. The flaw arises from improper handling of user-supplied input in the /admin/?page=state file, particularly when manipulating the ID argument. This issue allows attackers to execute arbitrary SQL commands. Exploits...

A vulnerability exists in the itsourcecode COVID Tracking System 1.0 that allows for remote SQL injection through manipulation of the ID argument in the /admin/?page=city file. This weakness could be exploited by attackers to execute arbitrary SQL commands, potentially compromising the confidenti...

A security flaw has been identified in the itsourcecode COVID Tracking System 1.0, specifically within an unspecified function of the /admin/?page=people endpoint. This vulnerability allows an attacker to manipulate the ID parameter, leading to a SQL injection. The issue can be exploited remotely...

An SQL injection vulnerability has been identified in version 1.0 of the itsourcecode COVID Tracking System. The flaw resides in an undisclosed function located at /admin/?page=establishment, where improper handling of the input argument ID can be exploited. This vulnerability allows remote attac...

A vulnerability has been identified in the SourceCodester Inventory Management System 1.0. This issue relates to an unknown function within the file /model/user/resetPassword.php, leading to a potential weakness in the password recovery process. Attackers may exploit this vulnerability remotely, ...

A security flaw has been identified in the SourceCodester Pre-School Management System 1.0, specifically within the 'removefile' function located in app/controllers/FilehelperController.php. This flaw allows attackers to manipulate the 'filepath' argument, potentially leading to a denial of servi...

A command injection vulnerability exists in the D-Link DIR-852 1.00, specifically affecting the processing of the /gena.cgi file. This flaw allows attackers to manipulate the 'service' argument and execute arbitrary commands remotely. The exploit is publicly available, posing a significant threat...

A security flaw exists in SourceCodester Company Website CMS 1.0 that allows for SQL injection via manipulation of the 'Username' argument in the /admin/index.php file. This vulnerability enables remote attackers to execute arbitrary SQL commands, potentially compromising sensitive data and leadi...

An SQL injection vulnerability exists in SourceCodester Company Website CMS version 1.0, specifically within the reset-password.php file. This security flaw allows remote attackers to manipulate the email parameter, potentially leading to unauthorized access and data exposure. The exploit has bee...

A security flaw has been identified in Campcodes Online Polling System version 1.0, specifically within the /registeracc.php file. The vulnerability arises from insufficient input validation on the email parameter, allowing attackers to execute arbitrary SQL code. This SQL injection vulnerability...

A vulnerability has been identified in the Campcodes Online Polling System 1.0, specifically in the /admin/checklogin.php file. This flaw involves a manipulation of the 'myusername' argument, which can result in SQL injection. This type of attack can be executed remotely, making it a significant ...

The Campcodes School File Management System 1.0 has a vulnerability in its login component found in the file /index.php. This issue arises from improper handling of the stud_no argument, allowing for SQL injection attacks. Attackers can manipulate input remotely, making the system susceptible to ...

The Linux kernel's Transparent Inter-Process Communication (TIPC) functionality presents a security concern wherein remote attackers can exploit the system through insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. This flaw could potentially allow unauthorized access...

A security vulnerability has been identified in the Campcodes Supplier Management System (version 1.0). This flaw occurs within an unspecified function of the /index.php file related to the Login component. Attackers can exploit this vulnerability to manipulate the 'txtUsername' argument, which c...

A vulnerability has been discovered in the D-Link DWR-M920 router, specifically in the function sub_41C7FC located in the /boafrm/formPinManageSetup file. This issue arises due to inadequate validation of the submit-url argument, leading to a potential buffer overflow condition. An attacker could...

A security flaw has been identified in D-Link DIR-822K and DWR-M920 routers, specifically related to an unknown function in the /boafrm/formWlEncrypt file. The flaw arises when the argument submit-url is manipulated, leading to a buffer overflow condition. This vulnerability can be exploited remo...

A buffer overflow vulnerability has been discovered in the D-Link DIR-822K and DWR-M920 routers, specifically within the file /boafrm/formWanConfigSetup. This vulnerability can be exploited remotely by manipulating the submit-url argument, potentially allowing an unauthorized user to execute arbi...

A buffer overflow vulnerability has been identified in the D-Link DIR-822K and DWR-M920 routers, primarily affecting the submission of URLs via the /boafrm/formVpnConfigSetup interface. An attacker can exploit this vulnerability remotely by manipulating the 'submit-url' argument, potentially lead...

A buffer overflow vulnerability exists in the D-Link DIR-822K router, specifically within the /boafrm/formNtp file. This flaw arises from improper handling of the 'submit-url' argument in the function 'sub_455524'. An attacker can exploit this weakness remotely, potentially leading to unauthorize...

A significant buffer overflow vulnerability has been identified in D-Link DIR-822K and DWR-M920 devices. This vulnerability exists in the code handling the /boafrm/formFirewallAdv file, specifically related to an argument known as submit-url. Attackers can exploit this weakness remotely, potentia...

A critical vulnerability has been identified in D-Link DIR-822K and DWR-M920 routers that can lead to memory corruption through an exploit in the /boafrm/formDdns component. The flaw is triggered by a manipulation of the submit-url argument, potentially allowing attackers to execute remote exploi...

A vulnerability exists in the ashraf-kabir travel-agency web application, specifically within the /results.php file associated with the Search component. The flaw arises from improper handling of the 'user_query' parameter, allowing for SQL injection attacks. This vulnerability enables attackers ...

A significant vulnerability has been identified in the Ashraf-Kabir Travel Agency product that could expose users to potential SQL injection attacks. This vulnerability is linked to the manipulation of the 'edit_pack' argument in the '/admin_area/index.php' file, enabling remote attackers to exec...

A vulnerability has been discovered in the ashraf-kabir travel-agency software that allows for unrestricted file uploads through the /customer_register.php script. Malicious actors can exploit this weakness to upload unauthorized files remotely, potentially compromising the integrity and confiden...

A directory traversal vulnerability exists in 7-Zip, allowing remote attackers to execute arbitrary code by exploiting symbolic link handling in ZIP files. By crafting specific data within ZIP files, hackers can manipulate the application to navigate to unintended directories. Successfully levera...

Atlassian has identified a vulnerability in its Confluence Data Center and Server products that allows external attackers to create unauthorized administrator accounts. This issue could enable malicious actors to gain unrestricted access to Confluence instances that are publicly accessible. It is...

An SQL injection vulnerability exists in specific versions of Django prior to 5.1.14, 4.2.26, and 5.2.8. Through the use of specially crafted dictionaries, attackers can exploit the `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()` methods, as well as the `Q()` class, when utilizing...

A deserialization vulnerability in on-premises Microsoft SharePoint Server can be exploited by unauthorized attackers, allowing them to execute arbitrary code over a network. Microsoft is aware of exploits being used in the wild and is actively working on a comprehensive update to address this se...

A vulnerability has been identified in the Android Framework that allows potential code execution through unsafe deserialization in multiple functions of ZygoteProcess.java. This flaw enables local privilege escalation, requiring user execution privileges but eliminating the need for user interac...

A security flaw in Grafana versions 12.x with SCIM provisioning enabled could allow malicious clients to provision users with numeric external IDs. If certain conditions are met, including the `enableSCIM` flag being true and the user sync option configured, this could lead to internal user ID ov...

This vulnerability in Oracle Fusion Middleware's Identity Manager could allow an unauthenticated attacker with network access through HTTP to exploit the system. By leveraging this flaw, attackers may gain the capability to take control of the Identity Manager, posing serious risks to the integri...

The Mstoreapp Mobile App and Mstoreapp Mobile Multivendor plugins have a critical security flaw that fails to properly verify user identities during AJAX actions. This vulnerability enables unauthenticated individuals to gain access to valid user sessions simply by providing a known email address...