|
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)
|
|
2021-02-03
|
|
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)
|
|
2021-02-03
|
|
Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
|
|
2021-02-03
|
|
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
|
|
2021-02-03
|
|
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
|
|
2021-02-02
|
|
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
|
|
2021-02-02
|
|
Solaris 10 1/13 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
|
|
2021-02-02
|
|
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
|
|
2021-02-02
|
|
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
|
|
2021-02-02
|
|
Student Record System 4.0 - 'cid' SQL Injection
|
|
2021-02-02
|
|
WordPress 5.0.0 - Image Remote Code Execution
|
|
2021-02-01
|
|
Klog Server 2.4.1 - Command Injection (Authenticated)
|
|
2021-02-01
|
|
Roundcube Webmail 1.2 - File Disclosure
|
|
2021-02-01
|
|
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
|
|
2021-02-01
|
|
H8 SSRMS - 'id' IDOR
|
|
2021-02-01
|
|
bloofoxCMS 0.5.2.1 - CSRF (Add user)
|
|
2021-02-01
|
|
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
|
|
2021-02-01
|
|
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
|
|
2021-02-01
|
|
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
|
|
2021-02-01
|
|
User Management System 1.0 - 'uid' SQL Injection
|
|
2021-02-01
|
|
Zoo Management System 1.0 - 'anid' SQL Injection
|
|
2021-02-01
|
|
MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
|
|
2021-02-01
|
|
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
|
|
2021-01-29
|
|
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
|
|
2021-01-29
|
|
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
|
|
2021-01-29
|
|
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
|
|
2021-01-29
|
|
Online Grading System 1.0 - 'uname' SQL Injection
|
|
2021-01-29
|
|
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
|
|
2021-01-29
|
|
Metasploit Framework 6.0.11 - msfvenom APK template command injection
|
|
2021-01-28
|
|
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
|
|
2021-01-28
|
|
jQuery UI 1.12.1 - Denial of Service (DoS)
|
|
2021-01-28
|
|
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
|
|
2021-01-28
|
|
Fuel CMS 1.4.1 - Remote Code Execution (2)
|
|
2021-01-28
|
|
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
|
|
2021-01-28
|
|
CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)
|
|
2021-01-28
|
|
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
|
|
2021-01-28
|
|
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
|
|
2021-01-27
|
|
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
|
|
2021-01-26
|
|
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
|
|
2021-01-26
|
|
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
|
|
2021-01-26
|
|
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
|
|
2021-01-25
|
|
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
|
|
2021-01-25
|
|
Library System 1.0 - 'category' SQL Injection
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
|
|
2021-01-25
|
|
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
|
|
2021-01-25
|
|
MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
|
|
2021-01-25
|
|
Windows/x86 - Stager Generic MSHTA Shellcode (143 bytes)
|
|
2021-01-22
|
|
Atlassian Confluence Widget Connector Macro - SSTI
|
|
2021-01-22
|
|
ERPNext 12.14.0 - SQL Injection (Authenticated)
|
|
2021-01-22
|
|
CASAP Automated Enrollment System 1.0 - Authentication Bypass
|
|
2021-01-22
|
|
Library System 1.0 - Authentication Bypass Via SQL Injection
|
|
2021-01-22
|
|
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
|
|
2021-01-22
|
|
Anchor CMS 0.12.7 - CSRF (Delete user)
|
|
2021-01-21
|
|
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
|
|
2021-01-21
|
|
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
|
|
2021-01-21
|
|
Apartment Visitors Management System 1.0 - 'email' SQL Injection
|
|
2021-01-21
|
|
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
|
|
2021-01-21
|
|
Linux/x86 - Socat Bind Shellcode (113 bytes)
|
|
2021-01-20
|
|
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
|
|
2021-01-20
|
|
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
|
|
2021-01-20
|
|
ChurchRota 2.6.4 - RCE (Authenticated)
|
|
2021-01-20
|
|
Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
|
|
2021-01-19
|
|
osTicket 1.14.2 - SSRF
|
|
2021-01-19
|
|
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - 'client_id' SQL Injection
|
|
2021-01-18
|
|
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
|
|
2021-01-18
|
|
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
|
|
2021-01-18
|
|
Cisco UCS Manager 2.2(1d) - Remote Command Execution
|
|
2021-01-18
|
|
Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)
|
|
2021-01-15
|
|
E-Learning System 1.0 - Authentication Bypass & RCE POC
|
|
2021-01-15
|
|
Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS
|
|
2021-01-15
|
|
EyesOfNetwork 5.3 - File Upload Remote Code Execution
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
|
|
2021-01-15
|
|
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
|
|
2021-01-15
|
|
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
|
|
2021-01-15
|
|
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
|
|
2021-01-14
|
|
Laravel 8.4.2 debug mode - Remote code execution
|
|
2021-01-14
|
|
Online Shopping Cart System 1.0 - 'id' SQL Injection
|
|
2021-01-14
|
|
Nagios XI 5.7.X - Remote Code Exection RCE (Authenticated)
|
|
2021-01-14
|
|
Online Movie Streaming 1.0 - Admin Authentication Bypass
|
|
2021-01-14
|
|
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
|
|
2021-01-13
|