|
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
|
|
2020-02-24
|
|
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
|
|
2020-02-24
|
|
Android Binder - Use-After-Free (Metasploit)
|
|
2020-02-24
|
|
Cacti 1.2.8 - Remote Code Execution
|
|
2020-02-24
|
|
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
|
|
2020-02-24
|
|
DotNetNuke 9.5 - File Upload Restrictions Bypass
|
|
2020-02-24
|
|
DotNetNuke 9.5 - Persistent Cross-Site Scripting
|
|
2020-02-24
|
|
eLection 2.0 - 'id' SQL Injection
|
|
2020-02-24
|
|
Go SSH servers 0.0.2 - Denial of Service (PoC)
|
|
2020-02-24
|
|
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
|
|
2020-02-24
|
|
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
|
|
2020-02-24
|
|
ATutor 2.2.4 - 'id' SQL Injection
|
|
2020-02-24
|
|
Windows\x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
|
|
2020-02-24
|
|
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
|
|
2020-02-24
|
|
AMSS++ 4.7 - Backdoor Admin Account
|
|
2020-02-24
|
|
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
|
|
2020-02-24
|
|
Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)
|
|
2020-02-24
|
|
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
|
|
2020-02-24
|
|
AMSS++ v 4.31 - 'id' SQL Injection
|
|
2020-02-24
|
|
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
|
|
2020-02-24
|
|
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
|
|
2020-02-24
|
|
Core FTP Lite 1.3 - Denial of Service (PoC)
|
|
2020-02-20
|
|
Easy2Pilot 7 - Cross-Site Request Forgery (Add User)
|
|
2020-02-20
|
|
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
|
|
2020-02-20
|
|
DBPower C300 HD Camera - Remote Configuration Disclosure
|
|
2020-02-20
|
|
Virtual Freer 1.58 - Remote Command Execution
|
|
2020-02-20
|
|
Anviz CrossChex - Buffer Overflow (Metasploit)
|
|
2020-02-20
|
|
LabVantage 8.3 - Information Disclosure
|
|
2020-02-20
|
|
SOPlanning 1.45 - 'users' SQL Injection
|
|
2020-02-20
|
|
Cuckoo Clock v5.0 - Buffer Overflow
|
|
2020-02-20
|
|
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
|
|
2020-02-20
|
|
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
|
|
2020-02-20
|
|
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
|
|
2020-02-20
|
|
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
|
|
2020-02-20
|
|
DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
|
|
2020-02-20
|
|
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
|
|
2020-02-20
|
|
BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
|
|
2020-02-20
|
|
Avaya Aura Communication Manager 5.2 - Remote Code Execution
|
|
2020-02-20
|
|
Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
|
|
2020-02-20
|
|
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
|
|
2020-02-20
|
|
SOPlanning 1.45 - 'by' SQL Injection
|
|
2020-02-20
|
|
Hypervisor Necromancy; Reanimating Kernel Protectors
|
|
2020-02-20
|
|
PHP 7.0 < 7.4 (Unix) - 'debug_backtrace' disable_functions Bypass
|
|
2020-02-20
|
|
Windows Kernel - Information Disclosure
|
|
2020-02-20
|
|
SprintWork 2.3.1 - Local Privilege Escalation
|
|
2020-02-20
|
|
EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
|
|
2020-02-20
|
|
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
|
|
2020-02-20
|
|
phpMyChat Plus 1.98 - 'pmc_username' SQL Injection
|
|
2020-02-20
|
|
PANDORAFMS 7.0 - Authenticated Remote Code Execution
|
|
2020-02-20
|
|
OpenTFTP 1.66 - Local Privilege Escalation
|
|
2020-02-20
|
|
HP System Event Utility - Local Privilege Escalation
|
|
2020-02-12
|
|
MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow
|
|
2020-02-12
|
|
MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow
|
|
2020-02-12
|
|
MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
|
|
2020-02-12
|
|
Microsoft SharePoint - Deserialization Remote Code Execution
|
|
2020-02-11
|
|
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
|
|
2020-02-11
|
|
OpenSMTPD 6.6.1 - Local Privilege Escalation
|
|
2020-02-11
|
|
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
|
|
2020-02-11
|
|
Disk Savvy Enterprise 12.3.18 - Unquoted Service Path
|
|
2020-02-11
|
|
Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
|
|
2020-02-11
|
|
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
|
|
2020-02-11
|
|
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
|
|
2020-02-11
|
|
Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path
|
|
2020-02-11
|
|
FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path
|
|
2020-02-11
|
|
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
|
|
2020-02-11
|
|
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
|
|
2020-02-11
|
|
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
|
|
2020-02-11
|
|
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
|
|
2020-02-11
|
|
Torrent iPod Video Converter 1.51 - Stack Overflow
|
|
2020-02-11
|
|
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
|
|
2020-02-10
|
|
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
|
|
2020-02-10
|
|
Ricoh Driver - Privilege Escalation (Metasploit)
|
|
2020-02-10
|
|
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
|
|
2020-02-10
|
|
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
|
|
2020-02-10
|
|
Linux/x86 - Bind Shell Generator Shellcode (114 bytes)
|
|
2020-02-10
|
|
Dota 2 7.23f - Denial of Service (PoC)
|
|
2020-02-10
|
|
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
|
|
2020-02-10
|
|
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
|
|
2020-02-10
|
|
Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
|
|
2020-02-10
|
|
Google Invisible RECAPTCHA 3 - Spoof Bypass
|
|
2020-02-07
|
|
ExpertGPS 6.38 - XML External Entity Injection
|
|
2020-02-07
|
|
EyesOfNetwork 5.3 - Remote Code Execution
|
|
2020-02-07
|
|
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
|
|
2020-02-07
|
|
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
|
|
2020-02-07
|
|
QuickDate 1.3.2 - SQL Injection
|
|
2020-02-07
|
|
Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
|
|
2020-02-07
|
|
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
|
|
2020-02-06
|
|
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
|
|
2020-02-06
|
|
Cisco Data Center Network Manager 11.2 - Remote Code Execution
|
|
2020-02-06
|
|
Ecommerce Systempay 1.0 - Production KEY Brute Force
|
|
2020-02-06
|
|
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
|
|
2020-02-06
|
|
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)
|
|
2020-02-06
|
|
RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
|
|
2020-02-06
|
|
TapinRadio 2.12.3 - 'username' Denial of Service (PoC)
|
|
2020-02-06
|
|
Online Job Portal 1.0 - Remote Code Execution
|
|
2020-02-06
|
|
TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
|
|
2020-02-06
|
|
AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)
|
|
2020-02-06
|
|
ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
|
|
2020-02-06
|
|
VIM 8.2 - Denial of Service (PoC)
|
|
2020-02-06
|
|
Online Job Portal 1.0 - 'user_email' SQL Injection
|
|
2020-02-06
|