Publicly Disclosed
PoC Exploits

The Vendure open-source headless commerce platform has a vulnerability in the `NativeAuthenticationStrategy.authenticate()` method, which is susceptible to timing attacks. This flaw allows malicious actors to differentiate between valid and invalid usernames by exploiting the timing discrepancies...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

Wing FTP Server versions prior to 6.2.7 are susceptible to a cross-site request forgery (CSRF) vulnerability within its web administration interface. This security flaw enables an attacker to create a malicious HTML page that triggers unintended actions, such as deleting administrative user accou...

In TapinRadio version 2.12.3, a denial of service vulnerability exists due to improper validation of the application proxy address configuration. Local attackers can exploit this weakness by injecting 3000 bytes of arbitrary data into the address field, which may lead to a crash of the applicatio...

The application TapinRadio 2.12.3 is vulnerable to a denial of service attack due to improper handling of the proxy username configuration. Local attackers may exploit this vulnerability by inputting 10,000 bytes of arbitrary data into the username field, leading to an application crash and disru...

AbsoluteTelnet 11.12 is vulnerable to a denial of service attack that can be exploited by a local attacker. By supplying an oversized license name, specifically a payload of up to 2500 characters, an attacker can trigger an application crash, leading to service disruption. This vulnerability high...

AbsoluteTelnet 11.12 is susceptible to a denial of service vulnerability in the SSH2 username input field. This flaw allows local attackers to exploit the application by overwriting the username field with a 1000-byte buffer, leading to application crashes and unresponsiveness. It is critical for...

AbsoluteTelnet 11.12 is susceptible to a denial of service vulnerability, allowing local attackers to crash the application. By inputting an oversized license name, attackers can send a payload of up to 2500 characters into the license entry field, leading to application instability and crashes. ...

Wedding Slideshow Studio 1.36 contains a vulnerability that allows an attacker to exploit a buffer overflow via the registration key input. This can be achieved by crafting a malicious payload of 1608 bytes that targets the application's stack memory, enabling the execution of arbitrary code. The...

QuickDate version 1.3.2 is susceptible to a SQL injection vulnerability that enables remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. This flaw permits the injection of UNION-based SQL queries, potentially giving attackers access to se...

SprintWork 2.3.1 presents multiple local privilege escalation vulnerabilities due to improper file, service, and folder permissions in Windows environments. Unprivileged local users can exploit these weaknesses, including missing executable files and misconfigured services, enabling them to creat...

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability in its alarm scheduling feature, which can be exploited by attackers to execute arbitrary code by manipulating memory registers. By crafting a payload larger than 260 bytes, an attacker can overwrite critical registers, such as ...

Wedding Slideshow Studio version 1.36 is susceptible to a buffer overflow vulnerability that enables attackers to execute arbitrary code. By manipulating the registration name field with specially crafted input, an attacker can overwrite critical memory locations, which could lead to unauthorized...

Core FTP Lite 1.3 is susceptible to a buffer overflow vulnerability in the username input field. By supplying an oversized payload, such as a 7000-byte string of repeated 'A' characters, attackers can exploit this flaw to crash the application. This vulnerability does not require any additional i...

The DBPower C300 HD Camera is susceptible to a configuration disclosure vulnerability that enables unauthorized users to access sensitive information. The flaw arises from an exposed configuration backup endpoint that can be accessed without authentication. By targeting the /tmpfs/config_backup.b...

The DBPower C300 HD Camera is susceptible to a configuration disclosure vulnerability that enables unauthorized users to access sensitive information. The flaw arises from an exposed configuration backup endpoint that can be accessed without authentication. By targeting the /tmpfs/config_backup.b...

eLection 2.0 contains an authenticated SQL injection vulnerability within its candidate management endpoint. By manipulating the 'id' parameter, attackers can execute arbitrary SQL commands, potentially resulting in unauthorized data access or alterations. This flaw can be exploited using tools l...

ATutor version 2.2.4 features a SQL injection vulnerability that exists within the admin user deletion page. This flaw permits authenticated users to manipulate SQL queries via the 'id' parameter in the admin_delete.php script. Attackers can leverage this vulnerability to inject harmful SQL comma...

eLection 2.0 contains an authenticated SQL injection vulnerability within its candidate management endpoint. By manipulating the 'id' parameter, attackers can execute arbitrary SQL commands, potentially resulting in unauthorized data access or alterations. This flaw can be exploited using tools l...

The AMSS++ application version 4.31 contains a SQL injection vulnerability within the mail module's maildetail.php script. This vulnerability arises due to improper handling of the 'id' parameter, allowing attackers to craft malicious SQL queries. By exploiting this flaw, attackers could gain una...

The ACE Security WiP-90113 HD Camera is affected by a configuration disclosure vulnerability that enables attackers, without authentication, to access sensitive configuration files. By exploiting an endpoint vulnerability, attackers can send a GET request to /config_backup.bin, which allows them ...

AMSS++ 4.7 is vulnerable to an authentication bypass, enabling attackers to gain unauthorized access to administrative accounts by exploiting hardcoded credentials. Specifically, the default admin login details, ‘1234’ as both username and password, allow unauthorized users to access sensitive ad...

SpotFTP-FTP Password Recover version 2.4.8 is susceptible to a denial of service attack due to a buffer overflow vulnerability. Attackers can exploit this weakness by providing a specially crafted registration code comprising 1000 'Z' characters, leading the application to crash. This vulnerabili...

aSc TimeTables 2020.11.4 is vulnerable to a Denial of Service attack that can be exploited by an attacker through the manipulation of the Subject title field. By inputting an excessively long 1000-character string into this field, the attacker can cause the application to crash, resulting in pote...

Core FTP LE 2.2 is susceptible to a denial of service attack that can render the application inoperable. By exploiting this vulnerability, an attacker can enter an excessively large buffer into the account field, causing the application to freeze and necessitate reinstallation to restore function...

The Business Live Chat Software 1.0 is susceptible to a cross-site request forgery (CSRF) vulnerability that permits attackers to alter user account roles without the need for proper authentication. By crafting a malicious HTML form, an attacker can send a POST request to modify user privileges, ...

The Cyberoam Authentication Client version 2.1.2.7 is susceptible to a buffer overflow vulnerability, enabling remote attackers to exploit the 'Cyberoam Server Address' input field. By crafting malicious input, attackers can overwrite memory associated with the Structured Exception Handler (SEH),...

A buffer overflow vulnerability exists in the UTT 进取 520W router, specifically in the strcpy function located in the /goform/formPolicyRouteConf file. This flaw allows an attacker to manipulate the GroupName argument, potentially leading to unauthorized access and exploitation. The vulnerability ...

A significant vulnerability has been identified in the ggml-org llama.cpp, specifically in the function llama_grammar_advance_stack found in the GBNF Grammar Handler component. This vulnerability allows an attacker to exploit a stack-based buffer overflow, necessitating local access for successfu...

A vulnerability exists in the UTT 进取 520W version 1.7.7-180627 that allows an attacker to exploit the strcpy function in the /goform/formSyslogConf file. By manipulating the ServerIp argument, an attacker can trigger a buffer overflow, posing a significant risk of remote exploitation. This vulner...

A security vulnerability has been identified in the UTT 进取 520W router with version 1.7.7-180627. This flaw specifically lies within the strcpy function in the /goform/formTimeGroupConfig file, where improper handling of the 'year1' argument leads to a buffer overflow. This vulnerability can be e...

A vulnerability has been found in the UTT 进取 520W device version 1.7.7-180627. The flaw resides in the strcpy function implemented in the /goform/formIpGroupConfig file. By manipulating the groupName argument, an attacker can trigger a buffer overflow, enabling a potential remote exploitation of ...

The calibre e-book manager, developed by Kovid Goyal, is vulnerable to a Server-Side Template Injection (SSTI) issue in versions prior to 9.2.0. This flaw arises from its Templite templating engine, where users can execute arbitrary code by utilizing a malicious custom template file during ebook ...

A significant security flaw has been identified in the Flycatcher Toys smART Pixelator 2.0 related to its Bluetooth Low Energy Interface. This vulnerability allows attackers on the local network to exploit functionalities that lack proper authentication measures. The potential for unauthorized ac...

A cross site scripting vulnerability exists in Portabilis i-Educar versions up to 2.10, specifically in the User Data Page component located at /intranet/meusdadod.php. An attacker can exploit this vulnerability by manipulating file argument inputs, which allows for the execution of arbitrary scr...

A significant security flaw has been identified in the D-Link DIR-823X router's web management interface, specifically within the /goform/set_ac_server file. This vulnerability allows attackers to manipulate the ac_server argument, leading to unauthorized OS command injection. Remote exploitation...

A vulnerability identified in the Open5GS PGW S5U Address Handler can lead to a null pointer dereference through the functions sgwc_s5c_handle_modify_bearer_response and sgwc_sxa_handle_session_modification_response. This issue can be exploited remotely, potentially allowing attackers to cause a ...

The D-Link DIR-823X router contains a vulnerability within the function sub_424D20 located in the /goform/set_ipv6 file. This issue allows an attacker to perform OS command injection remotely, potentially compromising the device and the network it connects to. The exploit has been publicly disclo...

An SQL injection vulnerability has been identified in the Simple Blood Donor Management System, specifically in the file /simpleblooddonor/editcampaignform.php. By manipulating the argument ID, an attacker can execute unauthorized SQL commands, potentially compromising the database. This vulnerab...

A SQL injection vulnerability was identified in the Medical Center Portal Management System 1.0, specifically within the emp_edit1.php file. This vulnerability arises from inadequacies in input validation, allowing attackers to manipulate the 'ID' argument remotely, leading to unauthorized access...

The BlueStacks App Player version 2.4.44.62.57 is susceptible to an unquoted service path vulnerability within the BstHdLogRotatorSvc service. This flaw allows local attackers to exploit the unquoted service path located in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe. By doing so, ...

JumpStart 0.6.0.0 contains a significant security flaw due to an unquoted service path in the jswpbapi service, which operates with LocalSystem privileges. This vulnerability allows attackers to craft a path that injects and executes malicious code under elevated system permissions, potentially c...

SecurOS Enterprise 10.2 by Intelligent Security System exposes an unquoted service path vulnerability in its SecurosCtrlService. This flaw enables local users to potentially execute arbitrary code with elevated privileges by exploiting the unquoted service path located in C:\Program Files (x86)\I...

TheJshen Content Management System version 1.04 is susceptible to an SQL injection vulnerability due to improper handling of the 'id' GET parameter. This flaw allows attackers to execute various SQL injection techniques, including boolean-based, time-based, and UNION-based methods, potentially co...

Acer Launch Manager version 6.1.7600.16385 has a vulnerability in the DsiWMIService that stems from an unquoted service path. This oversight allows local users to exploit the unquoted path located at C:\Program Files (x86)\Launch Manager\dsiwmis.exe, enabling them to execute arbitrary code with e...

The Millhouse-Project version 1.414 is susceptible to a persistent cross-site scripting (XSS) vulnerability, primarily found in the comment submission feature. This flaw enables attackers to inject malicious JavaScript code via the 'content' parameter in the add_comment_sql.php file. As a result,...

RimbaLinux AhadPOS 1.11 is susceptible to SQL injection through the 'alamatCustomer' parameter. This vulnerability allows attackers to craft specific POST requests that can manipulate database queries. By leveraging time-based and boolean-based blind SQL injection techniques, attackers may extrac...

The Globitek CMS version 1.4 developed by thejshen is susceptible to SQL injection via the 'id' GET parameter, allowing attackers to execute unauthorized database queries. This vulnerability enables the use of various techniques such as boolean-based, time-based, and UNION-based SQL injections, p...

html5_snmp version 1.11 is vulnerable to a persistent cross-site scripting (XSS) attack. This flaw allows attackers to inject malicious JavaScript through the 'Remark' parameter in the 'add_router_operation.php' file. By crafting a specific POST request containing a script payload in the Remark f...

The html5_snmp 1.11 product by LolyPop is susceptible to multiple SQL injection vulnerabilities that can be exploited via the Router_ID and Router_IP parameters. These vulnerabilities allow attackers to manipulate database queries using various techniques, including error-based, time-based, and u...