Publicly Disclosed
PoC Exploits

A SQL injection vulnerability exists in the Projectworlds Travel Management System version 1.0. This flaw is found in the addcategory.php file, where improper handling of the 't1' parameter allows attackers to execute arbitrary SQL queries. Exploitation of this vulnerability can be done remotely,...

A remote SQL injection vulnerability exists in Projectworlds Visitor Management System version 1.0, specifically within the /visitor_out.php file. This issue arises from improper handling of the 'rid' parameter, allowing an attacker to manipulate SQL queries executed by the application. Given tha...

A stack-based buffer overflow vulnerability has been identified in the Tenda AC20 router firmware version 16.03.08.12. The flaw resides in the function sub_46A2AC in the /goform/setMacFilterCfg file, where improper handling of input parameters can lead to potential remote exploitation. Attackers ...

A significant vulnerability has been identified in the Online Medicine Guide version 1.0 by Code-Projects. The flaw exists in the processing of the file /adphar.php, where improper handling of the parameter 'phuname' enables SQL injection attacks. This vulnerability allows attackers to manipulate...

A vulnerability exists in the Online Medicine Guide version 1.0 by Code-Projects, which allows for SQL injection due to insufficient input validation in the /addelivery.php file. An attacker can exploit this vulnerability remotely by manipulating the 'deName' parameter. This flaw poses a signific...

A serious OS command injection vulnerability has been discovered in the D-Link DIR-860L router, specifically within the Simple Service Discovery Protocol component. The flaw is present in the 'ssdpcgi_main' function of the file located at 'htdocs/cgibin' and allows for remote exploitation. Attack...

A security vulnerability has been identified in the Simple Cafe Ordering System, specifically affecting the functionality of the /portal.php file. This issue arises from improper handling of input when manipulating the argument ID, which can lead to unauthorized SQL queries being executed in the ...

A serious SQL injection vulnerability has been identified in the PHPGurukul Beauty Parlour Management System version 1.1, particularly within the /book-appointment.php file. This vulnerability enables attackers to manipulate the Message argument, allowing for unauthorized SQL queries to be execut...

A buffer overflow vulnerability has been identified in the Tenda AC7 and AC18 routers, specifically within the formSetSchedLed function in the SetLEDCfg endpoint. Malicious actors can exploit this vulnerability remotely by manipulating the Time parameter, potentially leading to unauthorized acces...

A vulnerability in tcpreplay version 4.5.1 has been identified, specifically within the mask_cidr6 function located in the cidr.c file of the tcpprep component. This flaw allows for potential heap-based buffer overflow due to inadequate validation of data processed by the application. Although an...

A cross-site scripting vulnerability has been identified in the PHPGurukul Zoo Management System version 2.1. This issue arises from improper handling of the 'visitorname' argument in the file /admin/add-foreigner-ticket.php. Attackers can exploit this vulnerability remotely, potentially allowing...

A SQL injection vulnerability has been identified in the PHPGurukul Online Shopping Portal Project 2.0. This is due to improper handling of the 'emailid' parameter in the '/shopping/password-recovery.php' file, which allows for remote exploitation. Attackers can manipulate this argument to execut...

The PHPGurukul Online Shopping Portal Project 2.0 has been found to have a SQL injection vulnerability in the file shopping/bill-ship-addresses.php. This issue arises from improper handling of the billingpincode argument, allowing attackers to manipulate database queries. The exploit can be execu...

A vulnerability exists in the PHPGurukul Online Shopping Portal Project 2.0, specifically within the '/shopping/signup.php' file. An attacker can manipulate the 'emailid' parameter, resulting in an SQL injection. This flaw allows for unauthorized SQL commands to be executed remotely, posing signi...

A security vulnerability has been identified in the itsourcecode Online Tour and Travel Management System version 1.0, specifically impacting the functionality within the /admin/booking_report.php file. An attacker can exploit this vulnerability via crafted input on the 'from_date' parameter, lea...

A vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0, specifically in the email_setup.php file. This issue stems from improper handling of user inputs in an unspecified function, leading to SQL injection attacks. Attackers can exploit this vulnerability remotely...

A SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System due to improper handling of user input in the /admin/sms_setting.php file. An attacker can exploit this vulnerability by manipulating the 'uname' parameter, potentially allowing unauthorized access t...

A buffer overflow vulnerability exists in the Tenda CH22 router, specifically within the function formeditFileName located in the /goform/editFileName file. This flaw can be exploited remotely, allowing attackers to manipulate system behaviors by injecting excessive data into the buffer. Given th...

A buffer overflow vulnerability has been identified in the Tenda CH22 model 1.0.0.1, specifically within the function formdelFileName of the /goform/delFileName file. This vulnerability allows an attacker to manipulate memory allocation, leading to potential unauthorized access and manipulation o...

A vulnerability exists in mtons mblog, specifically within the /register functionality, which could lead to information exposure via error messages. This vulnerability allows unauthorized access to sensitive information, potentially compromising user data. Attackers can exploit this vulnerability...

A significant vulnerability exists in the mtons mblog application that affects versions up to 3.5.0. This flaw resides in the handling of excessive authentication attempts through the file /settings/password, allowing attackers to initiate actions remotely. The vulnerability permits unauthorized ...

A vulnerability was discovered in the Surbowl dormitory-management-php software, specifically within the login.php file. This issue involves a SQL injection vulnerability where the manipulation of the 'Account' argument can allow remote attackers to execute arbitrary SQL commands. This security f...

A vulnerability exists in the LemonOS HTTP Client affecting versions up to nightly-2024-07-12, found in the HTTPGet function of the main.cpp file. This vulnerability can be exploited via a stack-based buffer overflow, which allows an attacker to manipulate the chunkSize argument. The issue can be...

A vulnerability exists in Mechrevo Control Center GX V2 version 5.56.51.48, specifically within the reg File Handler component. This flaw allows for the manipulation of the system’s search path, potentially leading to unauthorized code execution. Attackers could exploit this vulnerability locally...

A security flaw exists in the itsourcecode Online Tour and Travel Management System version 1.0, specifically within the file /admin/expense_report.php. This vulnerability allows attackers to manipulate the 'from_date' argument to execute SQL injection attacks. By exploiting this weakness, unauth...

A cross-site request forgery vulnerability has been identified in mtons mblog versions up to 3.5.0, which allows attackers to induce users to perform unwanted actions on a web application in which they are authenticated. This flaw can be exploited remotely, threatening user data and application i...

A SQL injection vulnerability exists within the SourceCodester COVID 19 Testing Management System version 1.0, specifically in the /test-details.php file. This issue is triggered through improper handling of input in the 'remark' parameter, allowing remote attackers to execute arbitrary SQL queri...

A vulnerability exists within the SourceCodester COVID 19 Testing Management System version 1.0, specifically in the /search-report-result.php file. An attacker can exploit this issue by manipulating the 'searchdata' argument, leading to unauthorized SQL injection. This flaw allows for remote exe...

A vulnerability has been identified in the SourceCodester COVID 19 Testing Management System version 1.0, which involves the manipulation of the 'mobilenumber' argument within the /profile.php file. This weakness allows attackers to execute SQL injection attacks remotely, potentially compromising...

A vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0 due to improper handling of the 'expense_name' argument in the '/admin/operations/expense_category.php' file. This flaw allows attackers to execute SQL injection attacks remotely, potentially compromising the ...

A vulnerability has been discovered in the itsourcecode Online Tour and Travel Management System 1.0, where improper handling of the 'expense_for' parameter in the '/admin/operations/expense.php' file can lead to SQL injection attacks. This flaw allows attackers to manipulate database queries, po...

A SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0, specifically in the /admin/operations/currency.php file. This flaw allows an attacker to manipulate the 'curr_code' argument, which can lead to unauthorized database access. The attack can be pe...

A SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System version 1.0, specifically in the payment.php file located in the /admin/operations directory. This vulnerability arises from improper handling of the payment_type argument, enabling attackers to exec...

A vulnerability identified in the Tenda G1 firmware update handler arises from insufficient verification of data authenticity within the 'check_upload_file' function. This flaw may allow remote attackers to manipulate firmware updates without adequate checks, potentially leading to unauthorized a...

A security flaw has been identified in the Tenda AC15's firmware update mechanism, specifically within the functions check_fw_type, split_fireware, and check_fw. This vulnerability arises from insufficient verification of data authenticity, potentially allowing remote attackers to modify firmware...

A vulnerability exists in the D-Link DIR-619L router's firmware upgrade function, specifically concerning inadequate verification of data authenticity. This flaw could be exploited remotely, allowing attackers to manipulate firmware updates without proper validation. The complexity of successfull...

A cross-site scripting vulnerability has been identified in Givanz Vvveb version 1.0.5. The issue resides in an unspecified section of the file /vadmin123/index.php?module=content/post&type=post, which can be exploited remotely. Attackers may use this vulnerability to execute malicious scripts in...

A vulnerability in the givanz Vvveb application up to version 1.0.5 allows an attacker to exploit an unknown segment of the file admin/template/content/edit.tpl through manipulation of the argument slug. This can lead to cross site scripting (XSS) attacks that may be initiated remotely, potential...

A vulnerability exists in Linlinjava's Litemall, specifically within the JSON Web Token handler located in the JwtHelper.java file. This issue allows an attacker to manipulate the SECRET argument using input from the X-Litemall-Token, leading to the potential exposure of hard-coded credentials. T...

A vulnerability exists in the SourceCodester Cashier Queuing System 1.0, specifically within the /Actions.php file. This flaw allows attackers to manipulate the Username argument, potentially facilitating SQL injection attacks. Since the exploitation can be conducted remotely, it poses a signific...

A deserialization vulnerability in on-premises Microsoft SharePoint Server can be exploited by unauthorized attackers, allowing them to execute arbitrary code over a network. Microsoft is aware of exploits being used in the wild and is actively working on a comprehensive update to address this se...

A vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0 within the file /admin/page-login.php. This vulnerability allows remote attackers to manipulate the email parameter, leading to unauthorized SQL queries being executed in the database. This could expose sensit...

A vulnerability exists in the itsourcecode Online Tour and Travel Management System version 1.0, specifically within the /admin/operations/travellers.php file. This security flaw allows remote attackers to manipulate the 'val-username' parameter, leading to SQL injection vulnerabilities. Successf...

A vulnerability has been identified in the itsourcecode Online Tour and Travel Management System 1.0, specifically within the /admin/operations/booking.php file. Malicious actors can manipulate the argument ID, resulting in an SQL injection attack. This type of vulnerability allows attackers to e...

A significant SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0. The flaw is found within the /admin/approve_user.php file, where the manipulation of the ID parameter can allow an attacker to execute arbitrary SQL commands. This vulnerability is e...

A SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0, specifically in the /admin/disapprove_user.php file. This flaw allows remote attackers to manipulate the ID parameter, leading to unauthorized access to the underlying database. The public discl...

A SQL injection vulnerability exists in the itsourcecode Online Tour and Travel Management System 1.0, specifically in the '/admin/operations/packages.php' file. This issue arises from improper handling of the 'pname' argument, allowing attackers to exploit the vulnerability remotely. Following t...

A security flaw exists in the itsourcecode Online Tour and Travel Management System, specifically in the processing of the 'tname' argument within the /admin/operations/tax.php file. This vulnerability allows for SQL injection attacks that can be exploited remotely. Given that the exploit has bee...

A vulnerability in the linlinjava litemall application allows for unrestricted file uploads via the create function in the AdminStorageController.java file. This flaw can be exploited remotely, enabling malicious actors to upload potentially dangerous files without proper validation. The vulnerab...

A vulnerability has been discovered in the Hostel Management System 1.0 developed by code-projects. This issue resides within the login component, specifically the hostel_manage.exe file, leading to improper authentication. As a result, attackers can potentially exploit this flaw on the local hos...