Publicly Disclosed
PoC Exploits

A stack-based buffer overflow vulnerability in the Apache httpd server's mod_cgi module on SonicWall's SMA100 appliances could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the 'nobody' user. This issue affects multiple SMA appliance models, specificall...

This vulnerability arises from the improper handling of special elements in command execution within Windows PowerShell. An attacker could exploit this flaw to execute arbitrary code locally on affected systems, potentially leading to unauthorized access and system compromise. Users of Windows Po...

A cross-site scripting vulnerability exists in the Article Sidebar Module of xingfuggz BaykeShop, specifically in the file located at src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html. This issue arises from improper handling of the sidebar.content argument, allowing attackers...

A vulnerability exists in the DrayTek Vigor 300B's web management interface, specifically within the cgiGetFile function of the /cgi-bin/mainfunction.cgi/uploadlangs component. This security flaw allows for OS command injection through the manipulation of the File parameter, enabling remote attac...

A cross-site scripting vulnerability exists in the erzhongxmu JEEWMS web application, specifically in the 'doAdd' function of the JeecgListDemoController.java file. This flaw allows an attacker to manipulate the 'Name' argument, enabling the execution of malicious scripts in the context of users'...

A cross site scripting vulnerability has been identified in the erzhongxmu JEEWMS platform, specifically within the UEditor component. This vulnerability resides in the 'getContent.jsp' file, where improper handling of the 'myEditor' argument can lead to the execution of arbitrary JavaScript in t...

A vulnerability exists in the erzhongxmu JEEWMS version 3.7, specifically in the UEditor component via the file /plug-in/ueditor/jsp/getRemoteImage.jsp. This security flaw allows attackers to manipulate the 'upfile' argument, which can lead to unauthorized server-side request forgery (SSRF). Expl...

A buffer overflow vulnerability exists in the UTT HiPER 810G device, specifically in the strcpy function of the /goform/formP2PLimitConfig file. This flaw arises when an attacker manipulates the input parameters, leading to potential remote exploitation. The vulnerability is known to be actively ...

A buffer overflow vulnerability exists in the UTT HiPER 810G product, specifically affecting the 'strcpy' function located in the /goform/formPolicyRouteConf file. This vulnerability is exploitable through remote attacks by manipulating the GroupName argument. Given that details about this exploi...

In the Tiandy Video Surveillance System version 7.17.0, a vulnerability has been identified within the downloadImage function of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. This flaw allows an attacker to manipulate the urlPath argument, leading to server-side request forgery (SSRF). T...

A denial of service vulnerability has been discovered in the SourceCodester Student Result Management System 1.0. The issue arises due to improper handling of the ID argument in the file /admin/core/drop_user.php. An attacker can exploit this vulnerability remotely, leading to service unavailabil...

A vulnerability exists in the SourceCodester Student Result Management System version 1.0, specifically within the Bulk Import functionality found in /admin/core/import_users.php. This flaw arises due to inadequate access controls, allowing unauthorized users to manipulate the file import process...

A buffer overflow vulnerability exists in the UTT HiPER 810G, specifically within the strcpy function located in the '/goform/formTaskEdit_ap' file. By manipulating the 'txtMin2' argument, an attacker can exploit this vulnerability remotely, potentially compromising the integrity and security of ...

A deserialization vulnerability exists in the LevelDB component of Apache Camel, allowing attackers to inject crafted serialized Java objects. This occurs when the DefaultLevelDBSerializer class deserializes data from the LevelDB repository using java.io.ObjectInputStream without proper filtering...

The KeycloakSecurityPolicy in the Apache Camel Keycloak component is vulnerable to a bypass that allows JWT tokens from one Keycloak realm to be accepted by policies configured for different realms, thus compromising tenant isolation. This results in the potential for unauthorized access and acti...

A buffer overflow vulnerability exists in the UTT HiPER 810G device, specifically within the strcpy function in the /goform/setSysAdm file. Malicious users can exploit this vulnerability by manipulating the passwd1 argument, potentially leading to unauthorized access or control over the affected ...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0, where the function user_avatar_upload_controller, located in /backend/app/api/v1/module_system/user/controller.py, is susceptible to unrestricted file uploads. This flaw allows an attacker to manipulate the upload functiona...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 which affects the upload_file_controller function found in the Scheduled Task API. This flaw allows attackers to perform unrestricted file uploads, enabling potential remote exploitation. The vulnerability is now public and ...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 within the Scheduled Task API, specifically in the upload_controller function located in the controller.py file. This issue allows for unrestricted file uploads, permitting attackers to exploit this vulnerability remotely. A...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 that allows attackers to disclose sensitive information. This issue exists due to improper handling of the argument file_path in the download_controller function located in /backend/app/api/v1/module_common/file/controller.p...

A security flaw in FastApiAdmin versions up to 2.2.0 affects the reset_api_docs function located in the /backend/app/plugin/init_app.py file. This vulnerability allows unauthorized access to sensitive system information via the Custom Documentation Endpoint. Attackers can exploit this vulnerabili...

A vulnerability has been identified in the AliasVault App versions up to 0.25.3 for Android and iOS, originating from inadequate handling of sensitive information in the backup process. Specifically, this flaw involves the manipulation of the accessToken, refreshToken, metadata, and key derivatio...

A cross-site scripting vulnerability has been identified in the a466350665 Smart-SSO product, specifically affecting the Save function within the UserController of the Role Edit Page. This flaw allows attackers to manipulate input fields, which can be exploited remotely to execute arbitrary scrip...

A cross-site scripting vulnerability exists in the Smart-SSO product from a466350665, specifically within the login.html template. The flaw allows for manipulation of the redirectUri parameter, which can enable remote attackers to execute arbitrary JavaScript in the context of a user's session. T...

A vulnerability exists in the Datapizza Labs' Datapizza-AI product that affects the RedisCache function within the cache.py file. This issue allows for deserialization manipulation, which could compromise local network security. Exploiting this vulnerability requires an attacker to be on the same...

A significant flaw has been identified within the Datapizza Labs Datapizza-AI product, specifically in the ChatPromptTemplate function located in the 'datapizza-ai-core/datapizza/modules/prompt/prompt.py' module. This vulnerability arises from improper neutralization of special elements within th...

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

A vulnerability exists in Cesanta Mongoose versions up to 7.20 that affects the mg_chacha20_poly1305_decrypt function within the Poly1305 Authentication Tag Handler. This issue leads to improper verification of cryptographic signatures, potentially allowing an attacker to exploit this flaw remote...

A significant security flaw exists in Cesanta Mongoose versions up to 7.20, identified within the getpeer function of the TCP Sequence Number Handler. This vulnerability allows for improper verification of the source of communication channels, potentially enabling remote attackers to exploit the ...

A vulnerability has been detected in the DNS Transaction ID handler of Cesanta Mongoose, specifically in the function mg_sendnsreq located in /src/dns.c. This weakness stems from an inability to generate sufficiently random values due to manipulation of the argument 'random'. As a result, this ma...

A security flaw has been identified in 07FLYCMS, 07FLY-CMS, and 07FlyCRM prior to version 1.2.9. The vulnerability resides in a yet unidentified function within the file /admin/SysModule/edit.html of the System Extension Module. By manipulating the 'Title' parameter, attackers can execute cross-s...

A SQL injection vulnerability exists in Jinher OA C6 due to improper handling of the 'id' and 'offsnum' parameters within the OfficeSupplyTypeRight.aspx file. This security flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access and manipulation of the d...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960 device, specifically affecting the Scheduled Reboot Configuration Endpoint. This issue arises in the function sub_460F30 of the /boafrm/formDateReboot file due to improper handling of the submit-url argument. An attacker ca...

A stack-based buffer overflow vulnerability exists in the D-Link DWR-M960's VPN Configuration Endpoint, specifically in the function sub_4196C4 within the formVpnConfigSetup file. An attacker could exploit this weakness by manipulating the submit-url argument, which may allow for remote code exec...

A vulnerability has been identified in the D-Link DWR-M960 router, specifically in the sub_468D64 function of the file /boafrm/formDhcpv6s. An attacker can manipulate the 'submit-url' argument, leading to a stack-based buffer overflow which can be exploited remotely. This flaw exposes devices to ...

A stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960, specifically within the sub_44E0F8 function of the /boafrm/formNewSchedule file. The flaw allows for manipulation of the 'url' argument, potentially leading to remote exploitation by an attacker. The exploit d...

A security vulnerability has been discovered in the D-Link DWR-M960 router, specifically affecting version 1.01.07. The vulnerability resides in the function sub_457C5C within the /boafrm/formWsc file, where manipulation of the 'save_apply' argument can lead to a stack-based buffer overflow. This...

A weakness exists in the qinming99 dst-admin product, specifically within the deleteBackup function in the BackupController.java file. This vulnerability allows remote attackers to manipulate the file handler, resulting in a denial of service. The exploitation of this vulnerability can cause sign...

A command injection vulnerability exists in the qinming99 dst-admin application due to improper validation of user-supplied input in the revertBackup function. An attacker can exploit this flaw by manipulating the 'Name' argument within the /home/restore file, allowing them to execute arbitrary c...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A vulnerability exists in Dromara UJCMS 10.0.2 affecting the importChanel function within the ImportDataController component. By manipulating the driverClassName or URL arguments, an attacker can perform injection attacks remotely. This exploitation vector has been publicly disclosed, leading to ...

Web Ofisi Platinum E-Ticaret v5 is affected by an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries. By using malicious input through the 'q' parameter, specifically with POST requests sent to the ajax/productsFilterSearch endpoint, an attacker can p...

The Web Ofisi Rent a Car v3 software is susceptible to an SQL injection vulnerability that allows unauthenticated users to manipulate database queries by injecting malicious SQL code through the 'klima' parameter. By crafting specific GET requests with harmful values for 'klima', attackers can ex...

Web Ofisi Emlak V2 is susceptible to multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through GET parameters. By exploiting these weaknesses, unauthenticated attackers can inject malicious SQL code into parameters such as emlak_durumu, emlak_tipi, il, ilc...

Web Ofisi Firma Rehberi v1 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to exploit database queries. By manipulating GET parameters, particularly 'il', 'kat', or 'kelime', attackers can inject malicious SQL code. This exploitation can lead to unauthorize...

The Web Ofisi Firma v13 software suffers from an SQL injection vulnerability due to improper validation of the 'oz' array parameter. This allows attackers to send specially crafted GET requests containing malicious values that exploit time-based blind SQL injection techniques. Successfully execut...

The Web Ofisi Emlak v2 product is susceptible to an SQL injection vulnerability that enables attackers without authentication to execute malicious SQL commands through the 'ara' GET parameter. By exploiting this vulnerability, attackers can manipulate database queries, potentially extracting sens...

Web Ofisi E-Ticaret v3 has a significant SQL injection vulnerability that allows unauthorized attackers to execute malicious SQL queries via the 'a' parameter. By manipulating this parameter within GET requests, attackers can extract sensitive information from the database, potentially leading to...

A path traversal vulnerability has been identified in Dromara UJCMS 101.2 that affects the deleteDirectory function within the Template Handler component. This flaw allows remote attackers to manipulate directory paths, potentially leading to unauthorized access or deletion of sensitive files. Th...