|
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InitClass' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
|
|
2019-01-18
|
|
Webmin 1.900 - Remote Command Execution (Metasploit)
|
|
2019-01-18
|
|
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
|
|
2019-01-18
|
|
FastTube 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
7 Tik 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Eco Search 1.0.2.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
One Search 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Watchr 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
|
|
2019-01-18
|
|
phpTransformer 2016.9 - Directory Traversal
|
|
2019-01-18
|
|
phpTransformer 2016.9 - SQL Injection
|
|
2019-01-18
|
|
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
|
|
2019-01-18
|
|
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
|
|
2019-01-17
|
|
Microsoft Windows CONTACT - Remote Code Execution
|
|
2019-01-17
|
|
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
|
|
2019-01-17
|
|
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
|
|
2019-01-16
|
|
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
|
|
2019-01-16
|
|
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
|
|
2019-01-16
|
|
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
|
|
2019-01-16
|
|
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
|
|
2019-01-16
|
|
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
|
|
2019-01-16
|
|
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
|
|
2019-01-16
|
|
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
|
|
2019-01-16
|
|
doorGets CMS 7.0 - Arbitrary File Download
|
|
2019-01-16
|
|
Roxy Fileman 1.4.5 - Arbitrary File Download
|
|
2019-01-16
|
|
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
|
|
2019-01-16
|
|
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
|
|
2019-01-16
|
|
Windows Debugging 101
|
|
2019-01-15
|
|
[Portuguese] Reverse Engineering 101 using Radare2
|
|
2019-01-15
|
|
Windows Privilege Escalations
|
|
2019-01-15
|
|
An Internal Pentest Audit Against Active Directory
|
|
2019-01-15
|
|
PHP Source Code Analysis
|
|
2019-01-15
|
|
PoC || GTFO 0x16
|
|
2019-01-15
|
|
PoC || GTFO 0x15
|
|
2019-01-15
|
|
PoC || GTFO 0x14
|
|
2019-01-15
|
|
PoC || GTFO 0x13
|
|
2019-01-15
|
|
PoC || GTFO 0x12
|
|
2019-01-15
|
|
PoC || GTFO 0x11
|
|
2019-01-15
|
|
PoC || GTFO 0x10
|
|
2019-01-15
|
|
ownDMS 4.7 - SQL Injection
|
|
2019-01-15
|
|
Microsoft Windows VCF - Remote Code Execution
|
|
2019-01-15
|
|
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)
|
|
2019-01-15
|
|
1Password < 7.0 - Denial of Service
|
|
2019-01-15
|
|
AudioCode 400HD - Command Injection
|
|
2019-01-14
|
|
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
|
|
2019-01-14
|
|
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
|
|
2019-01-14
|
|
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
|
|
2019-01-14
|
|
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
|
|
2019-01-14
|
|
Job Portal Platform 1.0 - SQL Injection
|
|
2019-01-14
|
|
Real Estate Custom Script 2.0 - SQL Injection
|
|
2019-01-14
|
|
ThinkPHP 5.X - Remote Command Execution
|
|
2019-01-14
|
|
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
|
|
2019-01-14
|
|
HealthNode Hospital Management System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
|
|
2019-01-14
|
|
Cleanto 5.0 - SQL Injection
|
|
2019-01-14
|
|
Find a Place CMS Directory 1.5 - SQL Injection
|
|
2019-01-14
|
|
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
|
|
2019-01-14
|
|
Hootoo HT-05 - Remote Code Execution (Metasploit)
|
|
2019-01-14
|
|
xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
|
|
2019-01-14
|
|
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - Arbitrary File Download
|
|
2019-01-14
|
|
Horde Imp - 'imap_open' Remote Command Execution
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - SQL Injection
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - Arbitrary File Download
|
|
2019-01-14
|
|
Across DR-810 ROM-0 - Backup File Disclosure
|
|
2019-01-14
|
|
Luminance Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Blob Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Liquid Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Pixel Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Paint Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Tree Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Selfie Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Windows/x86 - Download With Tftp And Execute Shellcode (51-60 bytes)(msvcrt.system)(Generator)
|
|
2019-01-11
|
|
Joomla! Component JoomCRM 1.1.1 - SQL Injection
|
|
2019-01-11
|
|
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
|
|
2019-01-11
|
|
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
|
|
2019-01-11
|
|
Adapt Inventory Management System 1.0 - SQL Injection
|
|
2019-01-11
|
|
OpenSource ERP 6.3.1. - SQL Injection
|
|
2019-01-10
|
|
eBrigade ERP 4.5 - SQL Injection
|
|
2019-01-10
|
|
Event Locations 1.0.1 - 'id' SQL Injection
|
|
2019-01-10
|
|
Event Calendar 3.7.4 - 'id' SQL Injection
|
|
2019-01-10
|
|
MLMPro 1.0 - SQL Injection
|
|
2019-01-10
|
|
Architectural 1.0 - 'email' SQL Injection
|
|
2019-01-10
|
|
Shield CMS 2.2 - 'email' SQL Injection
|
|
2019-01-10
|
|
doitX 1.0 - 'search' SQL Injection
|
|
2019-01-10
|
|
Matrix MLM Script 1.0 - Information Disclosure
|
|
2019-01-10
|
|
eBrigade ERP 4.5 - Arbitrary File Download
|
|
2019-01-10
|
|
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
|
|
2019-01-10
|
|
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
|
|
2019-01-10
|
|
BlogEngine 3.3 - XML External Entity Injection
|
|
2019-01-09
|
|
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
|
|
2019-01-09
|
|
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
|
|
2019-01-09
|
|
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
|
|
2019-01-09
|
|
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
|
|
2019-01-09
|
|
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
|
|
2019-01-09
|
|
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
|
|
2019-01-09
|
|
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
|
|
2019-01-09
|
|
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
|
|
2019-01-09
|
|
MDwiki < 0.6.2 - Cross-Site Scripting
|
|
2019-01-09
|
|
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read
|
|
2019-01-08
|
|
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection
|
|
2019-01-08
|
|
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
|
|
2019-01-08
|
|
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
|
|
2019-01-07
|
|
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
|
|
2019-01-07
|
|
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
|
|
2019-01-07
|
|
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
|
|
2019-01-07
|
|
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
|
|
2019-01-07
|
|
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
|
|
2019-01-07
|
|
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
|
|
2019-01-07
|
|
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
|
|
2019-01-07
|
|
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
|
|
2019-01-07
|
|
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
|
|
2019-01-07
|
|
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
|
|
2019-01-07
|
|
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
|
|
2019-01-07
|
|
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
|
|
2019-01-07
|
|
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
LayerBB 1.1.1 - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
|
|
2019-01-07
|
|
All in One Video Downloader 1.2 - Authenticated SQL Injection
|
|
2019-01-07
|
|
Embed Video Scripts - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
Mailcleaner - Authenticated Remote Code Execution (Metasploit)
|
|
2019-01-07
|
|
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
|
|
2019-01-02
|
|
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
|
|
2019-01-02
|
|
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
|
|
2019-01-02
|
|
WebKit JSC - 'AbstractValue::set' Use-After-Free
|
|
2019-01-02
|
|
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
|
|
2019-01-02
|
|
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
|
|
2019-01-02
|
|
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
|
|
2019-01-02
|
|
Frog CMS 0.9.5 - Cross-Site Scripting
|
|
2019-01-02
|
|
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
|
|
2019-01-02
|
|
Vtiger CRM 7.1.0 - Remote Code Execution
|
|
2019-01-02
|
|
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
|
|
2019-01-02
|
|
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability
|
|
2018-12-27
|
|
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
bludit Pages Editor 3.0.0 - Arbitrary File Upload Vulnerability
|
|
2018-12-27
|
|
Craft CMS 3.0.25 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
ShareAlarmPro 2.1.4 - Denial of Service Exploit
|
|
2018-12-27
|
|
NetShareWatcher 1.5.8 - Denial of Service Exploit
|
|
2018-12-27
|
|
Product Key Explorer 4.0.9 - Denial of Service Exploit
|
|
2018-12-27
|
|
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability
|
|
2018-12-27
|
|
WordPress Baggage Freight Shipping Australia 0.1.0 Plugin - Arbitrary File Upload
|
|
2018-12-27
|
|
Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
|
|
2018-12-27
|
|
Linux/x86 - Kill All Processes Shellcode (14 bytes)
|
|
2018-12-27
|
|
Google Chrome 70 - SQLite Magellan Crash Exploit
|
|
2018-12-27
|
|
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Copy/Read Exploit
|
|
2018-12-27
|
|
FrontAccounting 2.4.5 - SubmitUser SQL Injection Vulnerability
|
|
2018-12-27
|
|
WSTMart 2.0.8 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-12-27
|
|
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability
|
|
2018-12-27
|
|
Kubernetes - (Unauthenticated) Arbitrary Requests Exploit
|
|
2018-12-27
|
|
Kubernetes - (Authenticated) Arbitrary Requests Exploit
|
|
2018-12-27
|
|
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit
|
|
2018-12-27
|
|
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit
|
|
2018-12-27
|
|
Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit
|
|
2018-12-27
|
|
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit
|
|
2018-12-27
|
|
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability
|
|
2018-12-27
|
|
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) Vulnerability
|
|
2018-12-27
|
|
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit
|
|
2018-12-27
|
|
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit
|
|
2018-12-27
|
|
VBScript - MSXML Execution Policy Bypass Exploit
|
|
2018-12-27
|
|
VBScript - VbsErase Reference Leak Use-After-Free Exploit
|
|
2018-12-27
|
|
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution Exploit
|
|
2018-12-27
|
|
AnyBurn 4.3 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Netatalk < 3.1.12 - Authentication Bypass Exploit
|
|
2018-12-27
|
|
SQLScan 1.0 - Denial of Service Exploit
|
|
2018-12-27
|
|
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit
|
|
2018-12-27
|
|
IBM Operational Decision Manager 8.x - XML External Entity Injection
|
|
2018-12-27
|
|
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure Exploit
|
|
2018-12-27
|
|
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Exploit
|
|
2018-12-27
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit
|
|
2018-12-27
|
|
Yeswiki Cercopitheque - id SQL Injection Vulnerability
|
|
2018-12-27
|
|
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
Integria IMS 5.0.83 - search_string Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
Integria IMS 5.0.83 - Cross-Site Request Forgery Vulnerability
|
|
2018-12-27
|
|
Hotel Booking Script 3.4 - CSRF (Change Admin Password) Vulnerability
|
|
2018-12-27
|
|
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit
|
|
2018-12-27
|
|
Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit
|
|
2018-12-27
|
|
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit
|
|
2018-12-27
|
|
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit
|
|
2018-12-27
|
|
SDL Web Content Manager 8.5.0 - XML External Entity Injection Vulnerability
|
|
2018-12-27
|
|
PDF Explorer 1.5.66.2 - SEH Local Exploit
|
|
2018-12-27
|
|
GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit
|
|
2018-12-27
|
|
Windows Persistent Service Installer Exploit
|
|
2018-12-27
|
|
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability
|
|
2018-12-27
|
|
Razer Cortex Debugger Remote Command Execution Vulnerability
|
|
2018-12-27
|
|
KARMA 6.0.0 SQL Injection Vulnerability
|
|
2018-12-27
|
|
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal Vulnerabilities
|
|
2018-12-27
|
|
ShareAlarmPro 2.1.4 - Denial of Service (PoC)
|
|
2018-12-27
|
|
NetShareWatcher 1.5.8 - Denial of Service (PoC)
|
|
2018-12-27
|
|
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
bludit Pages Editor 3.0.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
Iperius Backup 5.8.1 - Buffer Overflow (SEH)
|
|
2018-12-27
|
|
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)
|
|
2018-12-27
|
|
Product Key Explorer 4.0.9 - Denial of Service (PoC)
|
|
2018-12-27
|
|
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)
|
|
2018-12-27
|
|
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
Craft CMS 3.0.25 - Cross-Site Scripting
|
|
2018-12-27
|
|
Kubernetes - (Authenticated) Arbitrary Requests
|
|
2018-12-24
|
|
Kubernetes - (Unauthenticated) Arbitrary Requests
|
|
2018-12-24
|
|
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
|
|
2018-12-24
|
|
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
|
|
2018-12-24
|
|
Netatalk - Bypass Authentication
|
|
2018-12-24
|
|
Searching systematically for PHP disable_functions bypasses
|
|
2018-12-24
|
|
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
|
|
2018-12-24
|
|
Pure In-Memory (Shell)Code Injection In Linux Userland
|
|
2018-12-24
|
|
Google Chrome 70 - SQLite Magellan Crash (PoC)
|
|
2018-12-24
|
|
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
|
|
2018-12-24
|
|
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
|
|
2018-12-24
|
|
Linux/x86 - Kill All Processes Shellcode (14 bytes)
|
|
2018-12-24
|
|
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
|
|
2018-12-24
|
|
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
|
|
2018-12-24
|
|
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
|
|
2018-12-24
|
|
WSTMart 2.0.8 - Cross-Site Scripting
|
|
2018-12-24
|
|
Netatalk < 3.1.12 - Authentication Bypass
|
|
2018-12-21
|
|
SQLScan 1.0 - Denial of Service (PoC)
|
|
2018-12-21
|
|
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
|
|
2018-12-21
|
|
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
|
|
2018-12-21
|
|
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
|
|
2018-12-21
|
|
AnyBurn 4.3 - Local Buffer Overflow (SEH)
|
|
2018-12-21
|
|
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
|
|
2018-12-20
|
|
VBScript - MSXML Execution Policy Bypass
|
|
2018-12-20
|
|
VBScript - VbsErase Reference Leak Use-After-Free
|
|
2018-12-20
|
|
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
|
|
2018-12-20
|
|
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
|
|
2018-12-20
|
|
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
|
|
2018-12-20
|
|
IBM Operational Decision Manager 8.x - XML External Entity Injection
|
|
2018-12-19
|
|
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)
|
|
2018-12-19
|
|
Yeswiki Cercopitheque - 'id' SQL Injection
|
|
2018-12-19
|
|
Bolt CMS < 3.6.2 - Cross-Site Scripting
|
|
2018-12-19
|
|
Integria IMS 5.0.83 - Cross-Site Request Forgery
|
|
2018-12-19
|
|
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
|
|
2018-12-19
|
|
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
|
|
2018-12-19
|
|
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
|
|
2018-12-19
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow
|
|
2018-12-19
|
|
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
|
|
2018-12-19
|
|
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
|
|
2018-12-19
|
|
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
|
|
2018-12-19
|
|
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow
|
|
2018-12-18
|
|
MegaPing - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
|
|
2018-12-18
|
|
SDL Web Content Manager 8.5.0 - XML External Entity Injection
|
|
2018-12-18
|
|
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
|
|
2018-12-18
|
|
PassFab RAR Password Recovery SEH Local Exploit
|
|
2018-12-18
|
|
Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability
|
|
2018-12-18
|
|
MegaPing Denial of Service Exploit
|
|
2018-12-18
|
|
Excel Password Recovery Professional Denial of Service Exploit
|
|
2018-12-18
|
|
AnyBurn Local Buffer Overflow Exploit
|
|
2018-12-18
|
|
Nsauditor Local SEH Buffer Overflow Exploit
|
|
2018-12-18
|
|
Safari - Proxy Object Type Confusion Exploit
|
|
2018-12-18
|
|
Cisco RV110W - Password Disclosure / Command Execution Exploit
|
|
2018-12-18
|
|
Huawei Router HG532e - Command Execution Exploit
|
|
2018-12-18
|
|
Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Vulnerability
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses - CSRF (Change Admin Password)
|
|
2018-12-18
|
|
Angry IP Scanner 3.5.3 - Denial of Service Exploit
|
|
2018-12-18
|
|
UltraISO 9.7.1.3519 - Output FileName Denial of Service
|
|
2018-12-18
|
|
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow Exploit
|
|
2018-12-18
|
|
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
|
|
2018-12-18
|
|
GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)
|
|
2018-12-17
|
|
Safari - Proxy Object Type Confusion (Metasploit)
|
|
2018-12-16
|
|
Double Your Bitcoin Script Automatic - Authentication Bypass
|
|
2018-12-16
|
|
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
|
|
2018-12-16
|
|
Angry IP Scanner 3.5.3 - Denial of Service (PoC)
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
|
|
2018-12-16
|
|
Huawei Router HG532e - Command Execution
|
|
2018-12-16
|
|
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
|
|
2018-12-16
|
|
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
|
|
2018-12-16
|
|
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
|
|
2018-12-16
|
|
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
|
|
2018-12-16
|
|
Cisco RV110W - Password Disclosure / Command Execution
|
|
2018-12-16
|
|
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
|
|
2018-12-16
|
|
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains
|
|
2018-12-16
|
|
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
|
|
2018-12-16
|
|
Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)
|
|
2018-12-16
|
|
Adobe ColdFusion 2018 - Arbitrary File Upload
|
|
2018-12-16
|
|
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
|
|
2018-12-16
|
|
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
|
|
2018-12-16
|
|
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
|
|
2018-12-16
|
|
Apache OFBiz 16.11.05 - Cross-Site Scripting
|
|
2018-12-16
|
|
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
|
|
2018-12-16
|
|
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
|
|
2018-12-16
|
|
ZTE ZXHN H168N - Improper Access Restrictions
|
|
2018-12-16
|
|
Huawei B315s-22 - Information Leak
|
|
2018-12-16
|
|
TP-Link wireless router Archer C1200 - Cross-Site Scripting
|
|
2018-12-16
|
|
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
|
|
2018-12-16
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
|
|
2018-12-16
|
|
DomainMOD 4.11.01 - Cross-Site Scripting
|
|
2018-12-16
|
|
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
|
|
2018-12-16
|
|
PrestaShop 1.6.x/1.7.x - Remote Code Execution
|
|
2018-12-16
|
|
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
|
|
2018-12-16
|
|
Tourism Website Blog - Remote Code Execution / SQL Injection
|
|
2018-12-16
|
|
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
|
|
2018-12-16
|
|
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
|
|
2018-12-16
|
|
Windows UAC Protection Bypass Exploit
|
|
2018-12-13
|
|
Linux - userfaultfd Bypasses tmpfs File Permissions Exploit
|
|
2018-12-13
|
|
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit
|
|
2018-12-13
|
|
CyberLink LabelPrint 2.5 - Stack Buffer Overflow Exploit
|
|
2018-12-13
|
|
MixPad v4.40 - Unicode Buffer Overflow Exploit
|
|
2018-12-13
|
|
WordPress Snap Creek Duplicator Code Injection Exploit
|
|
2018-12-13
|
|
PrestaShop 1.6.x/1.7.x - Remote Code Execution Exploit
|
|
2018-12-12
|
|
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Vulnerability
|
|
2018-12-12
|
|
Tourism Website Blog - Remote Code Execution / SQL Injection Vulnerabilities
|
|
2018-12-12
|
|
Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
|
|
2018-12-12
|
|
Adobe ColdFusion 2018 - Arbitrary File Upload Vulnerability
|
|
2018-12-12
|
|
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation Vulnerability
|
|
2018-12-12
|
|
HotelDruid 2.3.0 - id_utente_mod SQL Injection Vulnerability
|
|
2018-12-12
|
|
WordPress AutoSuggest 0.24 Plugin - wpas_keys SQL Injection Vulnerability
|
|
2018-12-12
|
|
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Vulnerabilities
|
|
2018-12-12
|
|
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure Vulnerabilities
|
|
2018-12-12
|
|
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Huawei B315s-22 - Information Leak Vulnerability
|
|
2018-12-12
|
|
TP-Link wireless router Archer C1200 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Apache OFBiz 16.11.05 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Vulnerability
|
|
2018-12-12
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit
|
|
2018-12-12
|
|
SmartFTP Client 9.0.2623.0 - Denial of Service Exploit
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass Vulnerability
|
|
2018-12-12
|
|
XNU POSIX Shared Memory Mapping Issue Exploit
|
|
2018-12-12
|
|
Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle Vulnerability
|
|
2018-12-12
|
|
Textpad 8.1.2 - Denial Of Service Exploit
|
|
2018-12-12
|
|
i-doit CMDB 1.11.2 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
FutureNet NXR-G240 Series ShellShock Command Injection Exploit
|
|
2018-12-12
|
|
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
|
|
2018-12-12
|
|
macOS 10.14.1 Carbon Core Memory corruption Vulnerability
|
|
2018-12-12
|
|
Chrome V8 Math.expm1 Incorrect Type Information Vulnerability
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A Cross Site Scripting Vulnerability
|
|
2018-12-12
|
|
HasanMWB 1.0 - SQL Injection Vulnerability
|
|
2018-12-12
|
|
CubeCart 6.2.2 Cross Site Scripting Vulnerability
|
|
2018-12-12
|
|
FreshRSS 1.11.1 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Wireshark - cdma2k_message_ACTIVE_SET_RECORD_FIELDS Stack Corruption Vulnerability
|
|
2018-12-12
|
|
Wireshark - find_signature Heap Out-of-Bounds Read Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Registrar Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit
|
|
2018-12-12
|
|
HP Intelligent Management Java Deserialization Remote Code Execution Exploit
|
|
2018-12-12
|
|
Emacs - movemail Privilege Escalation Exploit
|
|
2018-12-12
|
|
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Exploit
|
|
2018-12-12
|
|
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
|
|
2018-12-12
|
|
Xorg X11 Server (AIX) - Local Privilege Escalation Exploit
|
|
2018-12-12
|
|
OpenSSH < 7.7 - User Enumeration Exploit (2)
|
|
2018-12-12
|
|
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Vulnerability
|
|
2018-12-12
|
|
Apache Superset 0.23 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
Wordpress Advanced-Custom-Fields 5.7.7 Plugins - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Joomla JE Photo Gallery 1.1 Component - categoryid SQL Injection Exploit
|
|
2018-12-12
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Exploit
|
|
2018-12-12
|
|
Budabot 4.0 - Denial of Service Exploit
|
|
2018-12-12
|
|
Mozilla Firefox 63.0.1 - Denial of Service Exploit
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
CyberArk 9.7 - Memory Disclosure Exploit
|
|
2018-12-12
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
KeyBase Botnet v1.5 - SQL Injection Vulnerability
|
|
2018-12-12
|
|
Tarantella Enterprise Security Bypass Vulnerability
|
|
2018-12-12
|
|
Tarantella Enterprise Directory Traversal Vulnerability
|
|
2018-12-12
|
|
ATool 1.0.0.22 Stack Buffer Overflow Vulnerability
|
|
2018-12-12
|
|
Apache Spark - Unauthenticated Command Execution Exploit
|
|
2018-12-12
|
|
KPOT Botnet - File Download/Source Code Disclosure Vulnerability
|
|
2018-12-12
|
|
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer Exploit
|
|
2018-12-12
|
|
xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit
|
|
2018-12-12
|
|
HTML5 Video Player 1.2.5 - Buffer Overflow Exploit
|
|
2018-12-12
|
|
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass Vulnerability
|
|
2018-12-12
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass Exploit
|
|
2018-12-12
|
|
Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability
|
|
2018-12-12
|
|
knc (Kerberized NetCat) Denial Of Service Exploit
|
|
2018-12-12
|
|
Microsoft VBScript rtFilter Out-Of-Bounds Read Exploit
|
|
2018-12-12
|
|
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
|
|
2018-12-09
|
|
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
|
|
2018-12-09
|
|
i-doit CMDB 1.11.2 - Remote Code Execution
|
|
2018-12-09
|
|
Textpad 8.1.2 - Denial Of Service (PoC)
|
|
2018-12-09
|
|
HasanMWB 1.0 - SQL Injection
|
|
2018-12-08
|
|
FreshRSS 1.11.1 - Cross-Site Scripting
|
|
2018-12-08
|
|
Emacs - movemail Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
HP Intelligent Management - Java Deserialization RCE (Metasploit)
|
|
2018-12-08
|
|
Wireshark - 'find_signature' Heap Out-of-Bounds Read
|
|
2018-12-08
|
|
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
|
|
2018-12-08
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
|
|
2018-12-08
|
|
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
|
|
2018-12-08
|
|
KeyBase Botnet 1.5 - SQL Injection
|
|
2018-12-08
|
|
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
|
|
2018-12-08
|
|
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
|
|
2018-12-08
|
|
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
|
|
2018-12-08
|
|
OpenSSH < 7.7 - User Enumeration (2)
|
|
2018-12-08
|
|
Xorg X11 Server (AIX) - Local Privilege Escalation
|
|
2018-12-08
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
|
|
2018-12-08
|
|
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
|
|
2018-12-08
|
|
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
|
|
2018-12-08
|
|
Budabot 4.0 - Denial of Service (PoC)
|
|
2018-12-08
|
|
Apache Superset < 0.23 - Remote Code Execution
|
|
2018-12-08
|
|
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
|
|
2018-12-08
|
|
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
|
|
2018-12-08
|
|
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
|
|
2018-12-08
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
|
|
2018-12-08
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
|
|
2018-12-08
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
|
|
2018-12-08
|
|
CyberArk 9.7 - Memory Disclosure
|
|
2018-12-08
|
|
Apache Spark - Unauthenticated Command Execution (Metasploit)
|
|
2018-12-08
|
|
VBScript - 'rtFilter' Out-of-Bounds Read
|
|
2018-12-08
|
|
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
|
|
2018-12-08
|
|
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
|
|
2018-12-08
|
|
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
|
|
2018-12-08
|
|
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
|
|
2018-12-08
|
|
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
|
|
2018-12-08
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass
|
|
2018-12-08
|
|
TeamCity Agent - XML-RPC Command Execution (Metasploit)
|
|
2018-12-08
|
|
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
PHP imap_open - Remote Code Execution (Metasploit)
|
|
2018-12-08
|
|
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
|
|
2018-12-08
|
|
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
|
|
2018-12-08
|
|
WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
|
|
2018-12-08
|
|
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
|
|
2018-12-08
|
|
Xorg X11 Server - SUID privilege escalation (Metasploit)
|
|
2018-12-08
|
|
WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit
|
|
2018-12-01
|
|
WebKit JSC JIT - ByteCodeParser::handleIntrinsicCall Type Confusion Exploit
|
|
2018-12-01
|
|
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Exploit
|
|
2018-12-01
|
|
TeamCity Agent XML-RPC Command Execution Exploit
|
|
2018-12-01
|
|
PHP imap_open Remote Code Execution Exploit
|
|
2018-12-01
|
|
Mac OS X libxpc MITM Privilege Escalation Exploit
|
|
2018-12-01
|
|
Linux Nested User Namespace idmap Limit Local Privilege Escalation Exploit
|
|
2018-12-01
|
|
Unitrends Enterprise Backup bpserverd Privilege Escalation Exploit
|
|
2018-12-01
|
|
Cisco WebEx Meetings Privilege Escalation Vulnerability
|
|
2018-12-01
|
|
SonarSource SonarQube 7.3 Information Disclosure Vulnerability
|
|
2018-12-01
|
|
Avahi 0.7 Denial Of Service Vulnerability
|
|
2018-12-01
|
|
BMC Remedy 7.1 User Impersonation Vulnerability
|
|
2018-12-01
|
|
Netgear Unauthenticated Remote Command Execution Exploit
|
|
2018-12-01
|
|
phpMyAdmin 4.8.1 Authenticated Local File Inclusion Vulnerability
|
|
2018-12-01
|
|
ELBA5 5.8.0 - Remote Code Execution Exploit
|
|
2018-12-01
|
|
Arm Whois 3.11 - Buffer Overflow (ASLR) Exploit
|
|
2018-12-01
|
|
Ticketly 1.0 - kind_id SQL Injection Vulnerability
|
|
2018-12-01
|
|
No-Cms 1.0 - order_by SQL Injection Vulnerability
|
|
2018-12-01
|
|
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Vulnerability
|
|
2018-12-01
|
|
MariaDB Client 10.1.26 - Denial of Service Exploit
|
|
2018-12-01
|
|
Arm Whois 3.11 - Buffer Overflow (ASLR)
|
|
2018-11-26
|
|
ELBA5 5.8.0 - Remote Code Execution
|
|
2018-11-26
|
|
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
|
|
2018-11-26
|
|
Wordpress Easy Testimonials 3.2 Plugins - Cross-Site Scripting Vulnerability
|
|
2018-11-26
|
|
No-Cms 1.0 - 'order_by' SQL Injection
|
|
2018-11-26
|
|
Ticketly 1.0 - 'kind_id' SQL Injection
|
|
2018-11-26
|
|
MariaDB Client 10.1.26 - Denial of Service (PoC)
|
|
2018-11-26
|
|
Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
|
|
2018-11-26
|
|
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
|
|
2018-11-26
|
|
Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting Vulnerability
|
|
2018-11-26
|
|
Consona Password Reset Security Bypass Vulnerability
|
|
2018-11-26
|
|
Cory Support 1.0 SQL Injection Vulnerability
|
|
2018-11-26
|
|
Xorg X11 Server SUID Privilege Escalation Exploit
|
|
2018-11-26
|
|
Joomla Admin 3.7.4 Database Disclosure Vulnerability
|
|
2018-11-26
|
|
Joomla MacGallery Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Absolutely Glamorous Custom Admin 6.4.1 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Pods 2.7.9 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Universal Post Manager 1.5.0 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
Miss Marple Enterprise Edition File Upload / Hardcoded AES Key Vulnerability
|
|
2018-11-23
|
|
Governikus Autent SDK 3.8.1 Signature Bypass Vulnerability
|
|
2018-11-23
|
|
WordPress CherryFramework Themes 3.1.4 - Backup File Download Vulnerability
|
|
2018-11-23
|
|
WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability
|
|
2018-11-23
|
|
Ticketly 1.0 - name SQL Injection Vulnerability
|
|
2018-11-23
|
|
Richfaces 3.x Remote Code Execution Vulnerability
|
|
2018-11-23
|
|
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit
|
|
2018-11-23
|
|
macOS 10.13 - workq_kernreturn Denial of Service Exploit
|
|
2018-11-23
|
|
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-11-23
|