Publicly Disclosed
PoC Exploits

A vulnerability exists in the GlobalProtect feature of Palo Alto Networks PAN-OS software, allowing for arbitrary file creation. This issue can be exploited by an unauthenticated attacker to execute code with root privileges on the affected firewall systems. Specific configurations and versions a...

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress suffers from a significant vulnerability due to its improper handling of JSON Web Tokens (JWT). Versions up to and including 6.26.12 do not adequately verify or validate the signatures of incoming tokens in the `get_resource_owner...

The WP Maps Pro plugin contains a vulnerability that allows unauthenticated attackers to escalate their privileges by creating a new administrator account. This occurs due to insufficient protection around a public AJAX action, which can be exploited using a nonce that is easily accessible. By in...

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN co...

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. U...

A security flaw in the Edimax BR-6478AC version 1.23 affects the function formStaDrvSetup within the POST request handler. This vulnerability allows an attacker to inject commands through manipulation of the argument 'rootAPmac'. Due to its nature, the attack can be executed remotely, increasing ...

A security flaw has been identified in Edimax BR-6478AC routers, specifically affecting version 1.23. The issue is rooted in the formQoS function located in the /goform/formQoS file, where improper handling of the selSSID argument can lead to a buffer overflow. This vulnerability allows remote at...

A vulnerability exists within the SourceCodester Pharmacy Sales and Inventory System version 1.0 that allows for remote SQL injection through the delete_supplier function found in the ajax.php file. By manipulating the ID argument, an attacker can execute arbitrary SQL commands, potentially compr...

A stack-based buffer overflow vulnerability has been discovered in the Edimax BR-6478AC router, specifically in the function formPPPoESetup within the POST Request Handler component. The vulnerability arises from improper handling of the 'pppUserName' argument, allowing an attacker to manipulate ...

The Gotenberg API, designed for handling PDF file processing via Docker, suffers from a severe vulnerability prior to version 8.31.0. Specifically, the /forms/pdfengines/metadata/write HTTP endpoint fails to validate JSON metadata object keys before passing them to ExifTool through the go-exiftoo...

A vulnerability exists in Shibby Tomato firmware version 1.28, specifically in the rip_zebra_read_ipv4 function of the Zserv Handler. This issue allows attackers to exploit a stack-based buffer overflow which can be triggered remotely, leading to potential unauthorized access and control over the...

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically affecting the function formSetDomainFilter located in /goform/formSetDomainFilter. By manipulating the arguments for blocked_domain, permitted_domain, blocked_domain_list, or permitted_...

A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router within the formSetProtocolFilter function. Exploiting this vulnerability, an attacker can manipulate the protocol_name argument to potentially execute arbitrary code from a remote location. It is important to not...

A flaw has been discovered in the TRENDnet TEW-432BRP router, specifically within the formSetUrlFilter function located in the /goform/formSetUrlFilter file. This vulnerability arises from improper handling of the 'keyword_list' argument, which can lead to a stack-based buffer overflow. The explo...

WinMTR 0.91 is susceptible to a denial of service vulnerability that can lead to application crashes. By crafting a specific input file that contains a large buffer of repeated characters totaling 238 bytes, attackers are able to trigger a buffer overflow condition. This vulnerability allows for ...

Yot CMS version 3.3.1 is susceptible to an SQL injection vulnerability that enables attackers to execute arbitrary SQL queries. By leveraging crafted HTTP GET requests with malicious input in the 'aid' or 'cid' parameters, unauthorized individuals can extract sensitive database information, inclu...

The Gate Pass Management System 2.1 contains an SQL injection flaw that permits hackers to bypass authentication mechanisms. By crafting specific POST requests to the login-exec.php endpoint with malicious SQL payloads in the login and password fields, attackers can authenticate without valid cre...

The MOGG Web Simulator Script has a security flaw that allows attackers to exploit an SQL injection vulnerability via the 'id' parameter in GET requests to play.php. This flaw can enable unauthorized individuals to execute arbitrary SQL commands, potentially revealing sensitive database informati...

Arm Whois 3.11 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By providing excessively large input strings, typically around 700 bytes, an attacker can trigger a denial of service condition that crashes the application. This flaw critically undermines ...

The Open STA Manager 2.3 is susceptible to a path traversal vulnerability that can be exploited by authenticated users. By crafting specific GET requests to the 'modules/backup/actions.php' endpoint, attackers can manipulate the file parameter to navigate through directories using '../' sequences...

AiOPMSD Final 1.0.0 is subjected to a SQL injection vulnerability through the 'id' parameter in watch.php, enabling attackers to manipulate SQL queries. By sending specially crafted GET requests, unauthenticated attackers can extract sensitive data including usernames, database names, and version...

Delta SQL version 1.8.2 is vulnerable to an arbitrary file upload, which allows unauthenticated attackers to exploit the system. By sending specifically crafted POST requests to the 'docs_upload.php' endpoint, attackers can upload malicious files, including PHP scripts, to the server's upload dir...

MGB OpenSource Guestbook version 0.7.0.2 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to craft GET requests with malicious SQL payloads via the 'id' parameter in email.php. This allows attackers to execute arbitrary SQL queries, potentially leading to th...

The SIM-PKH 2.4.1 version is vulnerable to an SQL injection flaw that allows authenticated users to execute arbitrary SQL commands via the 'id' parameter. By crafting GET requests to /admin/media.php with specific parameters (module=pengurus and act=editpengurus), attackers can inject SQL UNION s...

SIM-PKH version 2.4.1 is susceptible to an arbitrary file upload vulnerability. Authenticated users can exploit this flaw by uploading malicious files through the 'fupload' parameter. This can occur via the 'aksi_pengurus.php' endpoint when the 'module' and 'act' parameters are set to 'pengurus' ...

The Open ISES Project version 3.30A is susceptible to a path traversal vulnerability in the ajax/download.php endpoint. This flaw enables unauthenticated attackers to download arbitrary files by manipulating the filename parameter. By injecting directory traversal sequences such as ../, an attack...

The eNdonesia Portal 8.7 is susceptible to multiple SQL injection vulnerabilities that enable unauthenticated attackers to execute arbitrary SQL queries. Through manipulating parameters in mod.php, such as artid, cid, did, contid, and aboutid, an attacker can inject malicious SQL code. This can l...

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router within the 'formSetFirewallRule' function of the '/goform/formSetFirewallRule' file. The issue arises from improper handling of the 'firewall_name' argument, allowing for remote manipulation and pote...

A security vulnerability has been identified in the TRENDnet TEW-432BRP version 3.10B20, specifically within the formSetMACFilter function of the /goform/formSetMACFilter file. This issue allows for a stack-based buffer overflow when the filter_name argument is manipulated, which can be exploited...

A vulnerability exists in Open5GS versions up to 2.7.7, specifically in the function ogs_pool_id_calloc within /lib/sbi/nghttp2-server.c. This weakness can be exploited remotely, leading to a denial of service condition. Attackers may manipulate the function, causing the affected system to become...

A race condition has been identified in the Linux kernel's handling of POSIX CPU timers. When a non-autoreaping task reaches the exit_notify() state and subsequently calls handle_posix_cpu_timers() from an interrupt request (IRQ), it may be reaped by its parent or debugger immediately after unloc...

A vulnerability has been identified in versions of Open5GS up to 2.7.7, specifically in the function ogs_sbi_xact_add within the /lib/core/ogs-timer.c library of the ue-authentications Endpoint. This flaw allows for a denial of service condition, where an attacker can exploit the vulnerability re...

A vulnerability exists in Open5GS’s Shared NF-profile Parser component located in lib/sbi/nnrf-handler.c, allowing remote attackers to cause a denial of service. The vulnerability is present in versions up to 2.7.7, and the exploit is publicly accessible. Implementing the recommended patches is e...

A critical vulnerability exists in Open5GS versions up to 2.7.7, specifically in the function handle_scp_info within the shared NF-profile parser component. This vulnerability allows remote attackers to exploit the system through an out-of-bounds write, potentially leading to data corruption or s...

A vulnerability has been identified in the Open5GS networking software, specifically within the shared NF-profile parser component in lib/sbi/nnrf-handler.c. This flaw allows attackers to execute a denial of service attack remotely, potentially impacting system availability. An exploit for this v...

A cross-site scripting vulnerability exists in the Dashboard Page of sambitraj's STUDENT-MANAGEMENT-SYSTEM 1.0 due to improper handling of user-supplied input. This flaw allows attackers to manipulate the 'Name' argument, potentially executing malicious scripts in the context of the user's sessio...

A vulnerability in the sambitraj Student Management System version 1.0 has been identified, specifically affecting the login page functionality. An attacker can exploit this weakness through parameter manipulation of the email argument, potentially leading to unauthorized database access via SQL ...

A SQL injection vulnerability has been discovered in the Student Details Management System version 1.0. This flaw exists in an unspecified function within the '/index.php' file, allowing attackers to manipulate the 'roll' parameter to execute arbitrary SQL commands. This vulnerability can be expl...

A vulnerability exists in CMS Made Simple version 2.2.8, where the News module can be exploited through a specially crafted URL, allowing an unauthenticated attacker to perform blind time-based SQL injection utilizing the m1_idlist parameter. This can potentially expose sensitive information and ...

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN co...

Active Directory Domain Services Elevation of Privilege Vulnerability

A vulnerability has been identified in the Android Framework that allows potential code execution through unsafe deserialization in multiple functions of ZygoteProcess.java. This flaw enables local privilege escalation, requiring user execution privileges but eliminating the need for user interac...

A Server-Side Request Forgery (SSRF) vulnerability exists in the Apache Flink Kubernetes Operator that allows users with create permissions to access sensitive files on the operator pod's filesystem. The flaw arises from the lack of validation of the FlinkSessionJob jarURI, enabling the potential...

The Open ISES Project 3.30A contains a vulnerability that permits unauthenticated attackers to inject malicious SQL code via the ticket_id parameter in add_facnote.php. By sending specially crafted GET requests, an attacker can execute arbitrary SQL queries, potentially exposing sensitive databas...

PHP-SHOP 1.0 is vulnerable to a Cross-Site Request Forgery (CSRF) attack, enabling unauthenticated attackers to create unauthorized administrative accounts. By tricking authenticated users into visiting a web page containing a maliciously crafted HTML form, an attacker can exploit the users.php e...

The Heatmiser Wifi Thermostat 1.7 has a significant vulnerability which permits unauthenticated attackers to access sensitive administrative credentials through the networkSetup.htm page. By sending a request to this endpoint, attackers can extract plaintext username and password values from HTML...

The Kados R10 GreenBee product is exposed to an SQL injection vulnerability through the feature_id parameter in the boards_buttons/update_feature.php endpoint. Attackers can exploit this flaw to send maliciously crafted GET requests that manipulate SQL queries, enabling them to extract sensitive ...

Navigate CMS version 2.8.5 is affected by a path traversal vulnerability that enables authenticated users to exploit it. By manipulating the 'id' parameter in GET requests sent to navigate_download.php, attackers can inject directory traversal sequences, such as '../../../cfg/globals.php'. This e...

MaxOn ERP Software versions 8.x to 9.x contain an SQL injection vulnerability that enables authenticated users to execute arbitrary SQL queries. This can be achieved by manipulating the nomor, user, and jenis parameters in the log_activity function. Attackers can exploit this vulnerability by sen...

The HaPe PKH 1.1 software component contains a vulnerability that allows unauthorized deletion of records. Specifically, the application fails to enforce proper authorization checks within its record deletion endpoints. This oversight enables attackers to exploit the system by crafting specific r...