|
Windows/x86 - Stager Generic MSHTA Shellcode (143 bytes)
|
|
2021-01-22
|
|
Atlassian Confluence Widget Connector Macro - SSTI
|
|
2021-01-22
|
|
ERPNext 12.14.0 - SQL Injection (Authenticated)
|
|
2021-01-22
|
|
CASAP Automated Enrollment System 1.0 - Authentication Bypass
|
|
2021-01-22
|
|
Library System 1.0 - Authentication Bypass Via SQL Injection
|
|
2021-01-22
|
|
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
|
|
2021-01-22
|
|
Anchor CMS 0.12.7 - CSRF (Delete user)
|
|
2021-01-21
|
|
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
|
|
2021-01-21
|
|
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
|
|
2021-01-21
|
|
Apartment Visitors Management System 1.0 - 'email' SQL Injection
|
|
2021-01-21
|
|
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
|
|
2021-01-21
|
|
Linux/x86 - Socat Bind Shellcode (113 bytes)
|
|
2021-01-20
|
|
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
|
|
2021-01-20
|
|
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
|
|
2021-01-20
|
|
ChurchRota 2.6.4 - RCE (Authenticated)
|
|
2021-01-20
|
|
Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
|
|
2021-01-19
|
|
osTicket 1.14.2 - SSRF
|
|
2021-01-19
|
|
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - 'client_id' SQL Injection
|
|
2021-01-18
|
|
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
|
|
2021-01-18
|
|
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
|
|
2021-01-18
|
|
Cisco UCS Manager 2.2(1d) - Remote Command Execution
|
|
2021-01-18
|
|
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
|
|
2021-01-15
|
|
E-Learning System 1.0 - Authentication Bypass & RCE POC
|
|
2021-01-15
|
|
Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS
|
|
2021-01-15
|
|
EyesOfNetwork 5.3 - File Upload Remote Code Execution
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
|
|
2021-01-15
|
|
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
|
|
2021-01-15
|
|
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
|
|
2021-01-15
|
|
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
|
|
2021-01-14
|
|
Laravel 8.4.2 debug mode - Remote code execution
|
|
2021-01-14
|
|
Online Shopping Cart System 1.0 - 'id' SQL Injection
|
|
2021-01-14
|
|
Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
|
|
2021-01-14
|
|
Online Movie Streaming 1.0 - Admin Authentication Bypass
|
|
2021-01-14
|
|
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
|
|
2021-01-13
|
|
Erlang Cookie - Remote Code Execution
|
|
2021-01-13
|
|
Practical Insight Into Injections - Paper
|
|
2021-01-13
|
|
Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
|
|
2021-01-12
|
|
SmartAgent 3.1.0 - Privilege Escalation
|
|
2021-01-12
|
|
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
|
|
2021-01-12
|
|
Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
|
|
2021-01-12
|
|
Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
|
|
2021-01-11
|
|
PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
|
|
2021-01-11
|
|
OpenCart 3.0.36 - ATO via Cross Site Request Forgery
|
|
2021-01-11
|
|
WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
|
|
2021-01-11
|
|
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
|
|
2021-01-11
|
|
EyesOfNetwork 5.3 - LFI
|
|
2021-01-11
|
|
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
|
|
2021-01-11
|
|
EyesOfNetwork 5.3 - RCE & PrivEsc
|
|
2021-01-11
|
|
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
|
|
2021-01-08
|
|
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
|
|
2021-01-08
|
|
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
|
|
2021-01-08
|
|
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
|
|
2021-01-08
|
|
Online Doctor Appointment System 1.0 - Multiple Stored XSS
|
|
2021-01-08
|
|
Life Insurance Management System 1.0 - Multiple Stored XSS
|
|
2021-01-08
|
|
dnsrecon 0.10.0 - CSV Injection
|
|
2021-01-08
|
|
CRUD Operation 1.0 - Multiple Stored XSS
|
|
2021-01-07
|
|
ECSIMAGING PACS 6.21.5 - SQL injection
|
|
2021-01-07
|
|
Curfew e-Pass Management System 1.0 - Stored XSS
|
|
2021-01-07
|
|
Cockpit CMS 0.6.1 - Remote Code Execution
|
|
2021-01-07
|
|
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
|
|
2021-01-07
|
|
ECSIMAGING PACS 6.21.5 - Remote code execution
|
|
2021-01-07
|
|
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
|
|
2021-01-07
|
|
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
|
|
2021-01-06
|
|
H2 Database 1.4.199 - JNI Code Execution
|
|
2021-01-06
|
|
Gitea 1.7.5 - Remote Code Execution
|
|
2021-01-06
|
|
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
|
|
2021-01-06
|
|
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS
|
|
2021-01-06
|
|
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
|
|
2021-01-06
|
|
WinAVR Version 20100110 - Insecure Folder Permissions
|
|
2021-01-06
|
|
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
|
|
2021-01-06
|
|
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
|
|
2021-01-06
|
|
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
|
|
2021-01-06
|
|
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
|
|
2021-01-06
|
|
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
|
|
2021-01-06
|
|
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
|
|
2021-01-06
|
|
IPeakCMS 3.5 - Boolean-based blind SQLi
|
|
2021-01-06
|
|
IObit Uninstaller 10 Pro - Unquoted Service Path
|
|
2021-01-06
|
|
dirsearch 0.4.1 - CSV Injection
|
|
2021-01-06
|
|
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
|
|
2021-01-06
|
|
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting
|
|
2021-01-05
|
|
Klog Server 2.4.1 - Command Injection (Unauthenticated)
|
|
2021-01-05
|
|
Online Learning Management System 1.0 - RCE (Authenticated)
|
|
2021-01-05
|
|
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
|
|
2021-01-05
|
|
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
|
|
2021-01-05
|
|
Cassandra Web 0.5.0 - Remote File Read
|
|
2021-01-05
|
|
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
|
|
2021-01-05
|
|
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
|
|
2021-01-05
|