Publicly Disclosed
PoC Exploits

The Business Directory Plugin for WordPress is prone to a time-based SQL Injection vulnerability through the 'payment' parameter. This flaw arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL query. It permits attackers without authentication to inject a...

An OS command injection vulnerability is present in various E-Series Linksys routers, specifically through the /tmUnblock.cgi and /hndUnblock.cgi endpoints accessed over HTTP on port 8080. This security flaw arises from the failure to properly sanitize user-supplied input sent to the ttcp_ip para...

ThingsBoard versions prior to 4.2.1 are susceptible to a server-side request forgery (SSRF) vulnerability within the Image Upload Gallery feature. This security issue arises when an attacker uploads a malicious SVG file that contains references to remote URLs. If the server processes these SVG fi...

A vulnerability exists in the management web interface of Palo Alto Networks PAN-OS software that allows an authenticated administrator to bypass crucial system restrictions and execute arbitrary commands. While this issue can lead to unauthorized actions, the security implications are notably re...

A security vulnerability has been identified in the Streamax Crocus product by Shenzhen Ruiming Technology, specifically within the /RemoteFormat.do file of the Endpoint component. This vulnerability arises from improper manipulation of an argument within the function, enabling an attacker to exe...

A security weakness has been identified in the Exam Form Submission software, specifically within the file /admin/update_s7.php. The vulnerability arises due to improper handling of user inputs, allowing an attacker to manipulate the 'sname' argument. This exploitation can lead to cross site scri...

A security flaw has been identified in the Simple Laundry System version 1.0, specifically affecting the modstaffinfo.php file in the Parameter Handler component. This vulnerability allows for SQL injection through improper handling of the userid argument, enabling attackers to manipulate databas...

A server-side request forgery (SSRF) vulnerability has been discovered in Page Replica, specifically within the sitemap.fetch function of the Endpoint component. This flaw can be exploited by manipulating the argument 'url', allowing attackers to send requests from the server to unintended locati...

A stack-based buffer overflow vulnerability exists within the Tenda AC5 router, specifically in the 'decodePwd' function of the '/goform/WizardHandle' component. This security flaw allows attackers to manipulate the 'WANT/WANS' argument via a crafted POST request, potentially enabling remote code...

A critical security flaw exists in the Tenda AC5 router due to a stack-based buffer overflow in the 'formWifiWpsOOB' function. This vulnerability is triggered by manipulating specific arguments in the POST Request Handler. If exploited, attackers could execute arbitrary code remotely. As the deta...

A vulnerability has been identified in the Tenda AC5 router affecting the function formSetCfm found in the POST Request Handler component. This flaw allows for manipulation of the argument funcpara1, potentially leading to a stack-based buffer overflow. The issue can be exploited remotely, posing...

A vulnerability in the Tenda AC5 router, specifically in version 15.03.06.47, allows for a stack-based buffer overflow via the formQuickIndex function of the /goform/QuickIndex component. This issue arises from improper handling of the PPPOEPassword argument in POST requests, which can be exploit...

A vulnerability exists in Tenda's AC5 router that allows for a stack-based buffer overflow through improper handling of a POST request in the addressNat component. This flaw occurs when the argument 'page' is manipulated by an attacker, potentially leading to unauthorized remote access and system...

A vulnerability has been detected in the Online Food Ordering System 1.0 developed by code-projects. The issue resides in the file /dbfood/localhost.sql, where improper access controls allow for the potential manipulation of sensitive files and directories. This vulnerability can be exploited rem...

A security flaw has been identified in the Online Food Ordering System (version 1.0) developed by Code-Projects. This vulnerability involves an improper handling of user-supplied input within the /dbfood/food.php file, specifically targeting the argument 'cuisines'. This oversight allows for cros...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A vulnerability exists in the Online Food Ordering System 1.0 developed by Code-Projects, specifically within the /dbfood/contact.php file. This weakness allows for the exploitation of user-supplied input in the 'Name' parameter, enabling attackers to execute cross-site scripting (XSS) attacks re...

An elevation of privilege vulnerability in Microsoft Edge arises from improper enforcement of cross-domain policies. This flaw could allow an attacker to obtain sensitive information from one domain and inject it into another, potentially compromising users' security. If exploited through a malic...

Weblate, a web-based localization tool, has a security vulnerability in its SSH management console prior to version 5.16.0. The console does not correctly validate user input when adding SSH host keys, which can lead to an argument injection vulnerability, allowing potentially unauthorized action...

A security vulnerability in PyMySQL versions up to 1.1.0 exposes applications to SQL injection attacks when untrusted JSON input is utilized. This occurs because the keys within the input are not properly escaped by the escape_dict function, potentially allowing malicious users to manipulate SQL ...

River Past CamDo version 3.7.6 is vulnerable to a structured exception handler buffer overflow. This vulnerability allows local attackers to execute arbitrary code by providing a specially crafted string in the Lame_enc.dll name field. By manipulating a 280-byte buffer with a non-sequential excep...

River Past Audio Converter version 7.7.16 is susceptible to a local buffer overflow vulnerability that can be exploited by attackers. By entering an excessively long string into the 'E-Mail and Activation Code' field, an attacker can trigger a denial of service condition, causing the application ...

MyVideoConverter Pro version 3.14 suffers from a local buffer overflow vulnerability, which can be exploited by attackers to crash the application. By entering an excessively long string of up to 10,000 bytes into the 'Copy and Paste Registration Code' field, malicious users can trigger a denial ...

The vulnerability in PassFab RAR Password Recovery 9.3.2 is due to a structured exception handler (SEH) buffer overflow, which can be exploited by local attackers. By crafting a malicious payload that includes a buffer overflow, NSEH jump, and shellcode, attackers can manipulate the software duri...

The vulnerability in PassFab Excel Password Recovery 8.3.1 is attributed to a structured exception handling (SEH) buffer overflow, which can be exploited by local attackers. By inputting a specially crafted payload into the Licensed E-mail and Registration Code fields during the registration proc...

PDF Explorer version 1.5.66.2 is susceptible to an SEH overflow vulnerability that enables local attackers to execute arbitrary code. By exploiting this vulnerability, attackers can manipulate the structured exception handling records, allowing them to overwrite critical data. The attack involves...

AnyBurn version 4.3 is susceptible to a local buffer overflow vulnerability that can be triggered by an attacker providing an excessively long string in the 'Image file name' field. During the 'Copy disk to Image' operation, an attacker can input a 10000-byte payload, leading to a denial of servi...

MegaPing is susceptible to a local buffer overflow vulnerability that can lead to a denial-of-service condition. When an attacker supplies a payload that exceeds the expected limits in the Destination Address List field during the Finger function, it can lead to a crash of the application. This f...

Excel Password Recovery Professional version 8.2.0.0 is susceptible to a local buffer overflow vulnerability that can lead to denial of service. By inputting a maliciously crafted string of 5000 bytes or more into the 'E-Mail and Registrations Code' field, an attacker can trigger a crash of the a...

Nsauditor 3.0.28.0 is affected by a buffer overflow vulnerability due to inadequate handling of input in the DNS Lookup tool. This allows local attackers to execute arbitrary code by crafting a malicious payload that overwrites the structured exception handling (SEH) chain. By injecting shellcode...

Allok Video Splitter version 3.1.1217 has a buffer overflow vulnerability that can be exploited by local attackers. By inputting an oversized string (exceeding 780 bytes) into the License Name field during registration, an attacker can trigger the overflow when they click the Register button. Thi...

Boxoft Wav-WMA Converter version 1.0 is susceptible to a local buffer overflow vulnerability within its structured exception handling routines. This flaw enables attackers to execute arbitrary code on affected Windows systems by crafting malicious WAV files. By supplying a specially formatted WAV...

A cross-site scripting (XSS) vulnerability has been identified in the itsourcecode Payroll Management System versions up to 1.0. This security flaw resides in the /index.php file, where improper handling of the 'page' argument allows malicious actors to execute arbitrary scripts in the context of...

A vulnerability has been discovered in the itsourcecode Free Hotel Reservation System version 1.0, particularly in the file /admin/mod_amenities/index.php?view=editpic. This issue can be exploited by manipulating the argument ID, leading to SQL injection attacks. The vulnerability allows unauthor...

A vulnerability has been identified in the itsourcecode Free Hotel Reservation System version 1.0 that allows for unrestricted file uploads. This occurs due to improper handling of the file input in the script located at /admin/mod_amenities/index.php?view=add. An attacker can exploit this flaw r...

WebOfisi E-Ticaret 4.0 contains a SQL injection flaw in the 'urun' GET parameter, allowing unauthenticated attackers to execute malicious SQL queries. By manipulating the 'urun' parameter, attackers can perform various SQL injection techniques, including boolean-based blind, error-based, time-bas...

OpenBiz Cubi Lite version 3.0.8 contains a SQL injection flaw in its login form, permitting unauthenticated attackers to manipulate database queries via the username parameter. By sending crafted POST requests to /bin/controller.php with malicious SQL input in the username field, an attacker coul...

qdPM 9.1 contains a vulnerability that enables unauthenticated attackers to exploit the application through SQL injection. By manipulating the filter_by parameters in craftily designed POST requests directed at the timeReport endpoint, attackers can execute arbitrary SQL commands. This exploitati...

Online Quiz Maker 1.0 has been identified to contain SQL injection vulnerabilities specifically in the 'catid' and 'usern' parameters. These vulnerabilities allow authenticated attackers to execute arbitrary SQL commands by submitting specially crafted POST requests to the quiz-system.php or add-...

KomSeo Cart version 1.3 is susceptible to an SQL injection vulnerability that can be exploited by attackers. This flaw allows malicious actors to inject SQL commands via the 'my_item_search' parameter in the edit.php file. By sending carefully crafted POST requests, attackers can perform boolean-...

The ASP.NET jVideo Kit 1.0 is susceptible to an SQL injection flaw that enables unauthenticated attackers to execute arbitrary SQL commands by manipulating the 'query' parameter in the search functionality. This vulnerability allows attackers to send specially crafted SQL payloads via GET or POST...

The Online Store System CMS version 1.0 includes a vulnerability that permits unauthenticated users to execute SQL injection attacks. By exploiting this flaw, attackers can inject malicious SQL code through the email parameter during client access actions. This is achieved by sending crafted POST...

Library CMS version 1.0 contains an SQL injection vulnerability that allows attackers to bypass authentication by sending specially crafted SQL queries through the username parameter in POST requests to the admin login endpoint. This flaw can be exploited through boolean-based blind SQL injection...

The SAT CFDI 3.3 product is susceptible to an SQL injection vulnerability that occurs in its signIn endpoint. This vulnerability enables attackers to execute arbitrary SQL code via the 'id' parameter, allowing them to manipulate database queries. Through the exploitation of this vulnerability, at...

The School Management System CMS 1.0 is susceptible to an SQL injection vulnerability in its admin login interface. This flaw permits hackers to bypass authentication controls by injecting malicious SQL code through the username input. Using boolean-based blind SQL injection techniques, attackers...

Wecodex Restaurant CMS version 1.0 has a vulnerability that allows attackers to exploit SQL injection through the username parameter on the login page. By sending specially crafted POST requests, attackers may execute malicious SQL queries that can manipulate the underlying database. This vulnera...

Wecodex Hotel CMS 1.0 is susceptible to SQL injection via its admin login functionality, enabling unauthenticated attackers to execute SQL commands through the username parameter in POST requests. This weakness allows attackers to bypass authentication measures, potentially accessing sensitive da...

Shipping System CMS version 1.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to bypass normal authentication mechanisms. By exploiting the username parameter, attackers can inject carefully crafted SQL statements through boolean-based blind techniques vi...

A security vulnerability has been identified in the UTT HiPER 1250GW device, specifically within the function strcpy located in the /goform/formConfigDnsFilterGlobal file of the Parameter Handler component. This flaw allows an attacker to manipulate the GroupName argument, triggering a buffer ove...

A vulnerability has been discovered in the Wavlink WL-NU516U1 device, specifically affecting the function ftext located in the /cgi-bin/nas.cgi file. This issue arises due to improper handling of the Content-Length argument, leading to a stack-based buffer overflow. Attackers can exploit this vul...