2024-04-22 |
[webapps] Laravel Framework 11 - Credential Leakage |
|
|
2024-04-22 |
[webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated) |
|
|
2024-04-22 |
[webapps] Flowise 1.6.5 - Authentication Bypass |
|
|
2024-04-21 |
[remote] Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation |
|
|
2024-04-21 |
[webapps] FlatPress v1.3 - Remote Command Execution |
|
|
2024-04-21 |
[webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution |
|
|
2024-04-15 |
[webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure |
|
|
2024-04-15 |
[webapps] Jenkins 2.441 - Local File Inclusion |
|
|
2024-04-15 |
[webapps] OpenClinic GA 5.247.01 - Information Disclosure |
|
|
2024-04-15 |
[webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated) |
|
|
2024-04-14 |
[webapps] Stock Management System v1.0 - Unauthenticated SQL Injection |
|
|
2024-04-14 |
[webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass |
|
|
2024-04-14 |
[webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE |
|
|
2024-04-14 |
[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS |
|
|
2024-04-13 |
[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS) |
|
|
2024-04-13 |
[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution |
|
|
2024-04-13 |
[local] PrusaSlicer 2.6.1 - Arbitrary code execution |
|
|
2024-04-13 |
[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter |
|
|
2024-04-13 |
[webapps] WBCE 1.6.0 - Unauthenticated SQL injection |
|
|
2024-04-13 |
[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated) |
|
|
2024-04-12 |
[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS) |
|
|
2024-04-12 |
[webapps] HTMLy Version v2.9.6 - Stored XSS |
|
|
2024-04-12 |
[local] Terratec dmx_6fire USB - Unquoted Service Path |
|
|
2024-04-12 |
[webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized) |
|
|
2024-04-12 |
[webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload |
|
|
2024-04-12 |
[remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation |
|
|
2024-04-09 |
[webapps] Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload |
|
|
2024-04-09 |
[local] AnyDesk 7.0.15 - Unquoted Service Path |
|
|
2024-04-09 |
[remote] Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass |
|
|
2024-04-09 |
[webapps] Human Resource Management System v1.0 - Multiple SQLi |
|
|
2024-04-09 |
[webapps] Best Student Result Management System v1.0 - Multiple SQLi |
|
|
2024-04-09 |
[webapps] Daily Expense Manager 1.0 - 'term' SQLi |
|
|
2024-04-09 |
[webapps] Open Source Medicine Ordering System v1.0 - SQLi |
|
|
2024-04-03 |
[local] ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path |
|
|
2024-04-03 |
[webapps] Computer Laboratory Management System v1.0 - Multiple-SQLi |
|
|
2024-04-03 |
[webapps] Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS) |
|
|
2024-04-03 |
[webapps] Quick CMS v6.7 en 2023 - 'password' SQLi |
|
|
2024-04-03 |
[webapps] Casdoor < v1.331.0 - '/api/set-password' CSRF |
|
|
2024-04-03 |
[webapps] Gibbon LMS v26.0.00 - SSTI vulnerability |
|
|
2024-04-03 |
[webapps] Axigen < 10.5.7 - Persistent Cross-Site Scripting |
|
|
2024-04-03 |
[local] Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G |
|
|
2024-04-03 |
[webapps] Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated) |
|
|
2024-04-03 |
[webapps] Smart School 6.4.1 - SQL Injection |
|
|
2024-04-03 |
[webapps] CE Phoenix v1.0.8.20 - Remote Code Execution |
|
|
2024-04-03 |
[webapps] Elementor Website Builder < 3.12.2 - Admin+ SQLi |
|
|
2024-04-03 |
[webapps] Blood Bank v1.0 - Stored Cross Site Scripting (XSS) |
|
|
2024-04-02 |
[webapps] Petrol Pump Management Software v1.0 - Remote Code Execution (RCE) |
|
|
2024-04-02 |
[webapps] Hospital Management System v1.0 - Stored Cross Site Scripting (XSS) |
|
|
2024-04-02 |
[webapps] E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS) |
|
|
2024-04-02 |
[webapps] FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI) |
|
|
2024-04-02 |
[local] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation |
|
|
2024-04-02 |
[webapps] LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated) |
|
|
2024-04-02 |
[webapps] FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI) |
|
|
2024-04-02 |
[webapps] Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection |
|
|
2024-04-02 |
[webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login) |
|
|
2024-04-02 |
[webapps] Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS) |
|
|
2024-04-02 |
[remote] GL-iNet MT6000 4.5.5 - Arbitrary File Download |
|
|
2024-04-02 |
[local] Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path |
|
|
2024-04-02 |
[webapps] Daily Habit Tracker 1.0 - SQL Injection |
|
|
2024-04-02 |
[webapps] Daily Habit Tracker 1.0 - Broken Access Control |
|
|
2024-04-02 |
[webapps] Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated) |
|
|
2024-04-02 |
[local] ASUS Control Center Express 01.06.15 - Unquoted Service Path |
|
|
2024-04-02 |
[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi |
|
|
2024-04-02 |
[webapps] Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal |
|
|
2024-03-28 |
[remote] WinRAR version 6.22 - Remote Code Execution via ZIP archive |
|
|
2024-03-28 |
[local] Dell Security Management Server <1.9.0 - Local Privilege Escalation |
|
|
2024-03-28 |
[webapps] liveSite Version 2019.1 - Remote Code Execution |
|
|
2024-03-28 |
[remote] Asterisk AMI - Partial File Content & Path Disclosure (Authenticated) |
|
|
2024-03-28 |
[dos] RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service |
|
|
2024-03-28 |
[webapps] Workout Journal App 1.0 - Stored XSS |
|
|
2024-03-28 |
[webapps] Purei CMS 1.0 - SQL Injection |
|
|
2024-03-28 |
[webapps] Broken Access Control - on NodeBB v3.6.7 |
|
|
2024-03-28 |
[remote] Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure |
|
|
2024-03-26 |
[webapps] Nagios XI Version 2024R1.01 - SQL Injection |
|
|
2024-03-26 |
[webapps] SPA-CART CMS - Stored XSS |
|
|
2024-03-26 |
[webapps] Craft CMS 4.4.14 - Unauthenticated Remote Code Execution |
|
|
2024-03-26 |
[webapps] MobileShop master v1.0 - SQL Injection Vuln. |
|
|
2024-03-26 |
[webapps] Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS |
|
|
2024-03-26 |
[remote] LBT-T300-mini1 - Remote Buffer Overflow |
|
|
2024-03-26 |
[webapps] Tourism Management System v2.0 - Arbitrary File Upload |
|
|
2024-03-26 |
[webapps] Wallos < 1.11.2 - File Upload RCE |
|
|
2024-03-26 |
[webapps] LimeSurvey Community 5.3.32 - Stored XSS |
|
|
2020-04-01 |
[local] 10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH) |
|
|
2020-04-01 |
[dos] DiskBoss 7.7.14 - Denial of Service (PoC) |
|
|
2020-03-31 |
[remote] DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit) |
|
|
2020-03-31 |
[remote] Redis - Replication Code Execution (Metasploit) |
|
|
2020-03-31 |
[remote] IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit) |
|
|
2020-03-31 |
[remote] SharePoint Workflows - XOML Injection (Metasploit) |
|
|
2020-03-31 |
[webapps] Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection |
|
|
2020-03-31 |
[webapps] Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection |
|
|
2020-03-31 |
[dos] FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC) |
|
|
2020-03-31 |
[remote] Multiple DrayTek Products - Pre-authentication Remote Root Code Execution |
|
|
2020-03-31 |
[local] Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation |
|
|
2020-03-30 |
[webapps] Zen Load Balancer 3.10.1 - Remote Code Execution |
|
|
2020-03-30 |
[local] 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP) |
|
|
2020-03-30 |
[webapps] Joomla! com_fabrik 3.9.11 - Directory Traversal |
|
|
2020-03-30 |
[dos] Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service (PoC) |
|
|
2020-03-27 |
[webapps] rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution |
|
|
2020-03-27 |
[webapps] Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal |
|
|
2020-03-27 |
[webapps] ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin) |
|
|