CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-53701

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG XSS via groupname 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageViewGroups.php and create a new group .\ During creation put bellow xss payload in...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via invoice-comment 💥 VERSION TESTED latest version as of 3/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/invoicesview.php and create a new invoice .\ During creation put bellow xss payload in...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via unit description 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/unitsview.php and create a new unit .\ During creation put bellow xss payload in...

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

Restaurant Website Script 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Restaurant Website Script 1.0 - SQL Injection Dork: N/A Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/small-business/restaurant-website-script Demo: http://restaurant.scriptzee.com/ Version: 1.0...

WordPress Theme Persuasion 2.x - Arbitrary File Download File Deletion

WordPress Theme Persuasion 2.x - Arbitrary File Download File Deletion Exploit Title: Persuasion Wordpress Theme - Arbitrary File Download and File Deletion Exploit Date: 19 December 2013 Exploit Author: Interference Security Vendor Homepage: http://mysitemyway.com/ Software Link:...

google-exhaust.txt

Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos. window.open"\r\n\r\n"; window.refresh; window.open"\r\n\r\n"; Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service.Proof of Concept Note:: Keep an eye on the memory consumption in Task Manager...

netbeans.java.txt

Reply-To: Halcyon Skinner Vulnerable Application: Sun Microsystems NetBeans recently renamed to Forte' Java IDE Versions tested: Netbeans Developer 3.0 Beta Forte Community Edition 1.0 Beta unknown if earlier versions have vulnerability Platform tested: Windows NT 4.0 unknown if other platforms...