|
PlaceOS 1.2109.1 - Open Redirection
|
|
2021-09-30
|
|
Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)
|
|
2021-09-30
|
|
Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-30
|
|
Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass
|
|
2021-09-30
|
|
Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation
|
|
2021-09-30
|
|
Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-29
|
|
OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)
|
|
2021-09-29
|
|
Mitrastar GPT-2541GNAC-N1 - Privilege escalation
|
|
2021-09-29
|
|
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-29
|
|
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-29
|
|
Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-29
|
|
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
|
|
2021-09-28
|
|
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-28
|
|
WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-28
|
|
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-28
|
|
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
|
2021-09-28
|
|
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
|
|
2021-09-28
|
|
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
|
|
2021-09-28
|
|
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
|
|
2021-09-28
|
|
FatPipe Networks WARP 10.2.2 - Authorization Bypass
|
|
2021-09-28
|
|
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
|
|
2021-09-28
|
|
XAMPP 7.4.3 - Local Privilege Escalation
|
|
2021-09-27
|
|
Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)
|
|
2021-09-27
|
|
Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers
|
|
2021-09-27
|
|
Library System 1.0 - 'student_id' SQL injection (Authenticated)
|
|
2021-09-27
|
|
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)
|
|
2021-09-27
|
|
Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)
|
|
2021-09-27
|
|
Microsoft Windows cmd.exe - Stack Buffer Overflow
|
|
2021-09-24
|
|
Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass
|
|
2021-09-24
|
|
SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure
|
|
2021-09-24
|
|
Police Crime Record Management Project 1.0 - Time Based SQLi
|
|
2021-09-23
|
|
Budget and Expense Tracker System 1.0 - Arbitrary File Upload
|
|
2021-09-23
|
|
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
|
|
2021-09-23
|
|
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
|
|
2021-09-23
|
|
Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
|
|
2021-09-23
|
|
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
|
|
2021-09-23
|
|
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
|
|
2021-09-23
|
|
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
|
|
2021-09-23
|
|
Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-22
|
|
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-22
|
|
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
|
|
2021-09-22
|
|
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
|
|
2021-09-22
|
|
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-22
|
|
TotalAV 5.15.69 - Unquoted Service Path
|
|
2021-09-22
|
|
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-22
|
|
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
|
|
2021-09-22
|
|
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)
|
|
2021-09-21
|
|
WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-21
|
|
Securing Authentication and Authorization - Paper
|
|
2021-09-21
|
|
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-21
|
|
Budget and Expense Tracker System 1.0 - Authenticated Bypass
|
|
2021-09-21
|
|
Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-21
|
|
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
|
|
2021-09-21
|
|
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
|
|
2021-09-21
|
|
Church Management System 1.0 - 'search' SQL Injection (Unauthenticated)
|
|
2021-09-21
|
|
T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)
|
|
2021-09-21
|
|
Simple Attendance System 1.0 - Authenticated bypass
|
|
2021-09-21
|
|
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
|
|
2021-09-21
|
|
WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass
|
|
2021-09-21
|
|
ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-21
|
|
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-21
|
|
Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-21
|
|
Seowon 130-SLC router - 'queriesCnt' Remote Code Execution (Unauthenticated)
|
|
2021-09-21
|
|
Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)
|
|
2021-09-21
|
|
Purchase Order Management System 1.0 - Remote File Upload
|
|
2021-09-14
|
|
Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
|
|
2021-09-13
|
|
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
|
|
2021-09-13
|
|
Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE
|
|
2021-09-13
|
|
Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload
|
|
2021-09-13
|
|
ECOA Building Automation System - Arbitrary File Deletion
|
|
2021-09-13
|
|
ECOA Building Automation System - Local File Disclosure
|
|
2021-09-13
|
|
ECOA Building Automation System - Remote Privilege Escalation
|
|
2021-09-13
|
|
ECOA Building Automation System - Missing Encryption Of Sensitive Information
|
|
2021-09-13
|
|
ECOA Building Automation System - Hard-coded Credentials SSH Access
|
|
2021-09-13
|
|
ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function
|
|
2021-09-13
|
|
ECOA Building Automation System - Configuration Download Information Disclosure
|
|
2021-09-13
|
|
ECOA Building Automation System - Cookie Poisoning Authentication Bypass
|
|
2021-09-13
|
|
ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)
|
|
2021-09-13
|
|
ECOA Building Automation System - Directory Traversal Content Disclosure
|
|
2021-09-13
|
|
ECOA Building Automation System - Path Traversal Arbitrary File Upload
|
|
2021-09-13
|
|
ECOA Building Automation System - Weak Default Credentials
|
|
2021-09-13
|
|
Men Salon Management System 1.0 - Multiple Vulnerabilities
|
|
2021-09-13
|
|
Active WebCam 11.5 - Unquoted Service Path
|
|
2021-09-13
|
|
Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)
|
|
2021-09-09
|
|
Backdooring Wordpress to get text-clear passwords - Paper (Brazilian-Portuguese)
|
|
2021-09-08
|
|
WordPress Plugin TablePress 1.14 - CSV Injection
|
|
2021-09-08
|
|
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)
|
|
2021-09-07
|
|
WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)
|
|
2021-09-07
|
|
Antminer Monitor 0.5.0 - Authentication Bypass
|
|
2021-09-06
|
|
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
|
|
2021-09-06
|
|
Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS
|
|
2021-09-06
|
|
Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE)
|
|
2021-09-06
|
|
Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)
|
|
2021-09-06
|
|
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
|
|
2021-09-06
|
|
Argus Surveillance DVR 4.0 - Unquoted Service Path
|
|
2021-09-06
|
|
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
|
|
2021-09-06
|
|
OpenSIS 8.0 'modname' - Directory/Path Traversal
|
|
2021-09-03
|
|
Remote Mouse 4.002 - Unquoted Service Path
|
|
2021-09-03
|
|
CRACKING WiFi WPA2 HANDSHAKE - Paper (Turkish)
|
|
2021-09-02
|
|
WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)
|
|
2021-09-02
|