Exploit-Database.net

Exploits (Total: 98512)


Erlang Cookie - Remote Code Execution				2021-01-13
Practical Insight Into Injections - Paper				2021-01-13
Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)				2021-01-12
SmartAgent 3.1.0 - Privilege Escalation				2021-01-12
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections				2021-01-12
Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)				2021-01-12
Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection				2021-01-11
PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval				2021-01-11
OpenCart 3.0.36 - ATO via Cross Site Request Forgery				2021-01-11
WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)				2021-01-11
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting				2021-01-11
EyesOfNetwork 5.3 - LFI				2021-01-11
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting				2021-01-11
EyesOfNetwork 5.3 - RCE & PrivEsc				2021-01-11
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)				2021-01-08
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)				2021-01-08
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)				2021-01-08
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)				2021-01-08
Online Doctor Appointment System 1.0 - Multiple Stored XSS				2021-01-08
Life Insurance Management System 1.0 - Multiple Stored XSS				2021-01-08
dnsrecon 0.10.0 - CSV Injection				2021-01-08
CRUD Operation 1.0 - Multiple Stored XSS				2021-01-07
ECSIMAGING PACS 6.21.5 - SQL injection				2021-01-07
Curfew e-Pass Management System 1.0 - Stored XSS				2021-01-07
Cockpit CMS 0.6.1 - Remote Code Execution				2021-01-07
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution				2021-01-07
ECSIMAGING PACS 6.21.5 - Remote code execution				2021-01-07
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)				2021-01-07
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)				2021-01-06
H2 Database 1.4.199 - JNI Code Execution				2021-01-06
Gitea 1.7.5 - Remote Code Execution				2021-01-06
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation				2021-01-06
Resumes Management and Job Application Website 1.0 - Multiple Stored XSS				2021-01-06
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)				2021-01-06
WinAVR Version 20100110 - Insecure Folder Permissions				2021-01-06
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR				2021-01-06
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting				2021-01-06
Responsive E-Learning System 1.0 - Stored Cross Site Scripting				2021-01-06
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE				2021-01-06
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting				2021-01-06
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting				2021-01-06
IPeakCMS 3.5 - Boolean-based blind SQLi				2021-01-06
IObit Uninstaller 10 Pro - Unquoted Service Path				2021-01-06
dirsearch 0.4.1 - CSV Injection				2021-01-06
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)				2021-01-06
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting				2021-01-05
Klog Server 2.4.1 - Command Injection (Unauthenticated)				2021-01-05
Online Learning Management System 1.0 - RCE (Authenticated)				2021-01-05
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting				2021-01-05
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission				2021-01-05
Cassandra Web 0.5.0 - Remote File Read				2021-01-05
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities				2021-01-05
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)				2021-01-05
Responsive FileManager 9.13.4 - 'path' Path Traversal				2021-01-05
Baby Care System 1.0 - 'Post title' Stored XSS				2021-01-05
Responsive ELearning System 1.0 - 'id' Sql Injection				2021-01-05
Online Movie Streaming 1.0 - Authentication Bypass				2021-01-05
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS				2021-01-05
WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS				2021-01-05
Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)				2021-01-05
House Rental and Property Listing 1.0 - Multiple Stored XSS				2021-01-05
IncomCMS 2.0 - Insecure File Upload				2021-01-05
Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path				2021-01-05
Parallels Remote Application Server (RAS) 18 IP Disclosure - Paper				2021-01-04
Arteco Web Client DVR/NVR - 'SessionId' Brute Force				2021-01-04
Click2Magic 1.1.5 - Stored Cross-Site Scripting				2021-01-04
Subrion CMS 4.2.1 - 'avatar[path]' XSS				2021-01-04
CMS Made Simple 2.2.15 - RCE (Authenticated)				2021-01-04
sar2html 3.2.1 - 'plot' Remote Code Execution				2021-01-04
Advanced Comment System 1.0 - 'ACS_path' Path Traversal				2021-01-04
Knockpy 4.1.1 - CSV Injection				2021-01-04
A Hands-On Introduction to Insecure Deserialization - Paper				2021-01-04
Mantis Bug Tracker 2.24.3 - 'access' SQL Injection				2021-01-04
4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting				2021-01-04
Wordpress Core 5.2.2 - 'post previews' XSS				2021-01-04
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)				2021-01-04
MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path				2021-01-04
Apartment Visitors Management System 1.0 - Authentication Bypass				2020-12-24
GitLab 11.4.7 - RCE (Authenticated)				2020-12-24
WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting				2020-12-24
WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload				2020-12-24
Baby Care System 1.0 - 'roleid' SQL Injection				2020-12-23
TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)				2020-12-23
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS				2020-12-23
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection				2020-12-23
Online Learning Management System 1.0 - 'id' SQL Injection				2020-12-23
Online Learning Management System 1.0 - Multiple Stored XSS				2020-12-23
Online Learning Management System 1.0 - Authentication Bypass				2020-12-23
Class Scheduling System 1.0 - Multiple Stored XSS				2020-12-23
10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)				2020-12-22
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)				2020-12-22
Faculty Evaluation System 1.0 - Stored XSS				2020-12-22
Artworks Gallery Management System 1.0 - 'id' SQL Injection				2020-12-22
Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)				2020-12-22
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)				2020-12-22
Multi Branch School Management System 3.5 - "Create Branch" Stored XSS				2020-12-22
Library Management System 3.0 - "Add Category" Stored XSS				2020-12-22
CSE Bookstore 1.0 - Multiple SQL Injection				2020-12-22
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)				2020-12-22
Victor CMS 1.0 - File Upload To RCE				2020-12-22
Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)				2020-12-21
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)				2020-12-21
Online Marriage Registration System 1.0 - 'searchdata' SQL Injection				2020-12-21
Point of Sale System 1.0 - Multiple Stored XSS				2020-12-21
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS				2020-12-21
Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS				2020-12-21
Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS				2020-12-21
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS				2020-12-21
SCO Openserver 5.0.7 - 'outputform' Command Injection				2020-12-21
SCO Openserver 5.0.7 - 'section' Reflected XSS				2020-12-21
Spiceworks 7.5 - HTTP Header Injection				2020-12-21
Academy-LMS 4.3 - Stored XSS				2020-12-21
Spotweb 1.4.9 - 'search' SQL Injection				2020-12-21
Queue Management System 4.0.0 - "Add User" Stored XSS				2020-12-21
Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload				2020-12-21
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass				2020-12-19
Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS				2020-12-19
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)				2020-12-19
Smart Hospital 3.1 - "Add Patient" Stored XSS				2020-12-19
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)				2020-12-19
Alumni Management System 1.0 - 'id' SQL Injection				2020-12-19
Alumni Management System 1.0 - "Course Form" Stored XSS				2020-12-19
Alumni Management System 1.0 - Unrestricted File Upload To RCE				2020-12-19
Point of Sale System 1.0 - Authentication Bypass				2020-12-19
Nxlog Community Edition 2.10.2150 - DoS (Poc)				2020-12-19
Victor CMS 1.0 - Multiple SQL Injection (Authenticated)				2020-12-19
PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)				2020-12-19
Employee Record System 1.0 - Multiple Stored XSS				2020-12-19
Interview Management System 1.0 - 'id' SQL Injection				2020-12-19
Interview Management System 1.0 - Stored XSS in Add New Question				2020-12-19
Online Tours & Travels Management System 1.0 - "id" SQL Injection				2020-12-19
Customer Support System 1.0 - 'id' SQL Injection				2020-12-19
Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS				2020-12-19
Medical Center Portal Management System 1.0 - 'id' SQL Injection				2020-12-19
Content Management System 1.0 - 'id' SQL Injection				2020-12-19
Content Management System 1.0 - 'email' SQL Injection				2020-12-19
Content Management System 1.0 - 'First Name' Stored XSS				2020-12-19
Linksys RE6500 1.0.11.001 - Unauthenticated RCE				2020-12-19
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)				2020-12-19
Seotoaster 3.2.0 - Stored XSS on Edit page properties				2020-12-19
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection				2020-12-19
Magic Home Pro 1.5.1 - Authentication Bypass				2020-12-19
Raysync 3.3.3.8 - RCE				2020-12-19
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting				2020-12-19
GitLab 11.4.7 - Remote Code Execution (Authenticated)				2020-12-19
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)				2020-12-19
Solaris SunSSH 11.0 x86 - libpam Remote Root				2020-12-19
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Authenticated)				2020-12-19
libbabl 0.1.62 - Broken Double Free Detection (PoC)				2020-12-19
Task Management System 1.0 - 'page' Local File Inclusion				2020-12-19
Gitlab 11.4.7 - Remote Code Execution				2020-12-19
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation				2020-12-19
Rumble Mail Server 0.51.3135 - 'username' Stored XSS				2020-12-19
Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS				2020-12-19
Rumble Mail Server 0.51.3135 - 'servername' Stored XSS				2020-12-19
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download				2020-12-19
Seacms 11.1 - 'checkuser' Stored XSS				2020-12-19
Seacms 11.1 - 'file' Local File Inclusion				2020-12-19
Seacms 11.1 - 'ip and weburl' Remote Command Execution				2020-12-19
System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path				2020-12-19
MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)				2020-12-19
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection				2020-12-19
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)				2020-12-19
Courier Management System 1.0 - 'ref_no' SQL Injection				2020-12-19
Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection				2020-12-19
Courier Management System 1.0 - 'First Name' Stored XSS				2020-12-19
Dolibarr 12.0.3 - SQLi to RCE				2020-12-19
Supply Chain Management System - Auth Bypass SQL Injection				2020-12-19
Rukovoditel 2.6.1 - RCE				2020-12-19
Jenkins 2.235.3 - 'Description' Stored XSS				2020-12-19
Medical Center Portal Management System 1.0 - Multiple Stored XSS				2020-12-19
Openfire 4.6.0 - 'sql' Stored XSS				2020-12-19
Openfire 4.6.0 - 'users' Stored XSS				2020-12-19
Openfire 4.6.0 - 'groupchatJID' Stored XSS				2020-12-19
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting				2020-12-19
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting				2020-12-19
Library Management System 2.0 - Auth Bypass SQL Injection				2020-12-19
Openfire 4.6.0 - 'path' Stored XSS				2020-12-19
OpenCart 3.0.3.6 - Cross Site Request Forgery				2020-12-19
Barcodes generator 1.0 - 'name' Stored Cross Site Scripting				2020-12-19
PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path				2020-12-19
Task Management System 1.0 - 'id' SQL Injection				2020-12-19
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution				2020-12-19
Task Management System 1.0 - 'First Name and Last Name' Stored XSS				2020-12-19
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption				2020-12-19
VestaCP 0.9.8-26 - 'backup' Information Disclosure				2020-12-19
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation				2020-12-19
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal				2020-12-19
Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)				2020-12-19
SmarterMail Build 6985 - Remote Code Execution				2020-12-19
Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting				2020-12-08
Online Bus Ticket Reservation 1.0 - SQL Injection				2020-12-08
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)				2020-12-07
Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow				2020-12-07
vBulletin 5.6.3 - 'group' Cross Site Scripting				2020-12-07
Savsoft Quiz 5 - 'Skype ID' Stored XSS				2020-12-07
RarmaRadio 2.72.5 - Denial of Service (PoC)				2020-12-07
TapinRadio 2.13.7 - Denial of Service (PoC)				2020-12-07
Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path				2020-12-07
User Registration & Login and User Management System 2.1 - Cross Site Request Forgery				2020-12-07
Employee Record Management System 1.1 - Login Bypass SQL Injection				2020-12-07
Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path				2020-12-07
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities				2020-12-07
Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path				2020-12-07
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting				2020-12-07
Eaton Intelligent Power Manager 1.6 - Directory Traversal				2020-12-07
Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting				2020-12-07
Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path				2020-12-07
Zabbix 5.0.0 - Stored XSS via URL Widget Iframe				2020-12-04
CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)				2020-12-04
Laravel Nova 3.7.0 - 'range' DoS				2020-12-04
Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting				2020-12-04
Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting				2020-12-04
Chromium 83 - Full CSP Bypass				2020-12-04
Testa Online Test Management System 3.4.7 - 'q' SQL Injection				2020-12-04
MiniCMS 1.10 - 'content box' Stored XSS				2020-12-04
Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection				2020-12-04
IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path				2020-12-04
Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting				2020-12-04
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)				2020-12-04
Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting				2020-12-03
Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure				2020-12-03
Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion				2020-12-03
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting				2020-12-03
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution				2020-12-03
EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass				2020-12-03
Coastercms 5.8.18 - Stored XSS				2020-12-03
Microsoft Windows - Win32k Elevation of Privilege				2020-12-02
WordPress Plugin Wp-FileManager 6.8 - RCE				2020-12-02
Car Rental Management System 1.0 - SQL Injection / Local File include				2020-12-02
Mitel mitel-cs018 - Call Data Information Disclosure				2020-12-02
Simple College Website 1.0 - 'page' Local File Inclusion				2020-12-02
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover				2020-12-02
Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality				2020-12-02
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)				2020-12-02
ChurchCRM 4.2.0 - CSV/Formula Injection				2020-12-02
WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass				2020-12-02
Ksix Zigbee Devices - Playback Protection Bypass (PoC)				2020-12-02
DotCMS 20.11 - Stored Cross-Site Scripting				2020-12-02
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile				2020-12-02
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork				2020-12-02
WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting				2020-12-02
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass				2020-12-02
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting				2020-12-02
Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting				2020-12-02
NewsLister - Authenticated Persistent Cross-Site Scripting				2020-12-02
Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting				2020-12-02
IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path				2020-12-02
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS				2020-12-02
WonderCMS 3.1.3 - Authenticated Remote Code Execution				2020-12-02
WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution				2020-12-02
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting				2020-12-02
Student Result Management System 1.0 - Authentication Bypass SQL Injection				2020-12-02
User Registration & Login System with Admin Panel - CSRF				2020-12-02
Under Construction Page with CPanel 1.0 - SQL injection				2020-12-02
Pharmacy Store Management System 1.0 - 'id' SQL Injection				2020-12-02
ILIAS Learning Management System 4.3 - SSRF				2020-12-02
aSc TimeTables 2021.6.2 - Denial of Service (PoC)				2020-12-02
Expense Management System - 'description' Stored Cross Site Scripting				2020-12-02
Tendenci 12.3.1 - CSV/ Formula Injection				2020-12-01
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path				2020-12-01
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path				2020-12-01
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path				2020-12-01
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path				2020-12-01
Social Networking Site - Authentication Bypass (SQli)				2020-12-01
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020				2020-12-01
Medical Center Portal Management System 1.0 - 'login' SQL Injection				2020-12-01
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting				2020-12-01
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution				2020-12-01
Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS				2020-12-01
10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)				2020-12-01
Setelsa Conacwin 3.7.1.2 - Local File Inclusion				2020-12-01
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection				2020-12-01
Online Shopping Alphaware 1.0 - Error Based SQL injection				2020-12-01
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting				2020-12-01
Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload				2020-12-01
TypeSetter 5.1 - CSRF (Change admin e-mail)				2020-12-01
YATinyWinFTP - Denial of Service (PoC)				2020-11-30
Intelbras Router RF 301K 1.1.2 - Authentication Bypass				2020-11-30
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)				2020-11-30
ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure				2020-11-30
Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)				2020-11-27
ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting				2020-11-27
libupnp 1.6.18 - Stack-based buffer overflow (DoS)				2020-11-27
House Rental 1.0 - 'keywords' SQL Injection				2020-11-27
Foxit Reader 9.0.1.1049 - Arbitrary Code Execution				2020-11-27
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)				2020-11-27
Moodle 3.8 - Unrestricted File Upload				2020-11-27
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF				2020-11-27
FrozenNode Laravel-Administrator 4 - Unrestricted File Upload (Authenticated)				2020-11-27
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution				2020-11-27
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting				2020-11-27
SAP Lumira 1.31 - Stored Cross-Site Scripting				2020-11-27
Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting				2020-11-27
Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution				2020-11-26
Pure-FTPd 1.0.48 - Remote Denial of Service				2020-11-26
SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow				2020-11-25
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting				2020-11-25
WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting				2020-11-25
Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path				2020-11-25
OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting				2020-11-24
OpenCart 3.0.3.6 - 'Profile Image' Stored Cross Site Scripting (Authenticated)				2020-11-24
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)				2020-11-24
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)				2020-11-24
Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service				2020-11-24
nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting				2020-11-24
TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass				2020-11-23
LifeRay 7.2.1 GA2 - Stored XSS				2020-11-23
VTiger v7.0 CRM - 'To' Persistent XSS				2020-11-23
Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)				2020-11-23
Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit				2020-11-20
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)				2020-11-20
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow				2020-11-20
WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting				2020-11-20
Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)				2020-11-20
Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)				2020-11-19
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting				2020-11-19
M/Monit 3.7.4 - Password Disclosure				2020-11-19
M/Monit 3.7.4 - Privilege Escalation				2020-11-19
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection				2020-11-19
TestBox CFML Test Framework 4.1.0 - Directory Traversal				2020-11-19
TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution				2020-11-19
Gitlab 12.9.0 - Arbitrary File Read (Authenticated)				2020-11-19
Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure				2020-11-19
Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification				2020-11-19
xuucms 3 - 'keywords' SQL Injection				2020-11-19
PESCMS TEAM 2.3.2 - Multiple Reflected XSS				2020-11-19
ZeroLogon - Netlogon Elevation of Privilege				2020-11-18
BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery				2020-11-18
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)				2020-11-18
Apache Struts 2.5.20 - Double OGNL evaluation				2020-11-17
Aerospike Database 5.1.0.3 - OS Command Execution				2020-11-17
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path				2020-11-17
Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting				2020-11-17
Microsoft Internet Explorer 11 - Use-After-Free				2020-11-17
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting				2020-11-17
SugarCRM 6.5.18 - Persistent Cross-Site Scripting				2020-11-17
Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection				2020-11-17
EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass				2020-11-17
Cisco 7937G - DoS/Privilege Escalation				2020-11-16
Car Rental Management System 1.0 - 'car_id' Sql Injection				2020-11-16
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)				2020-11-16
PMB 5.6 - 'chemin' Local File Disclosure				2020-11-16
Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path				2020-11-16
User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection				2020-11-16
Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated)				2020-11-16
Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path				2020-11-16
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path				2020-11-16
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)				2020-11-16
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path				2020-11-16
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)				2020-11-16
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)				2020-11-13
OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure				2020-11-13
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path				2020-11-13
SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path				2020-11-13
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path				2020-11-13
Touchbase.io 1.10 - Stored Cross Site Scripting				2020-11-13
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)				2020-11-13
Citrix ADC NetScaler - Local File Inclusion (Metasploit)				2020-11-13
Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)				2020-11-13
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)				2020-11-13
Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow				2020-11-12
Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection				2020-11-12
Water Billing System 1.0 - 'username' and 'password' parameters SQL Injection				2020-11-12
WordPress Plugin Simple File List 4.2.2 - Remote Code Execution				2020-11-12
CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)				2020-11-11
Customer Support System 1.0 - 'username' Authentication Bypass				2020-11-11
Customer Support System 1.0 - Cross-Site Request Forgery				2020-11-11
Customer Support System 1.0 - 'description' Stored XSS in The Admin Panel				2020-11-11
Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection				2020-11-10
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting				2020-11-10
Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload				2020-11-10
Joplin 1.2.6 - 'link' Cross Site Scripting				2020-11-09
Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path				2020-11-09
DiskBoss v11.7.28 - Multiple Services Unquoted Service Path				2020-11-09
RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path				2020-11-09
Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path				2020-11-09
Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path				2020-11-09
iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path				2020-11-09
Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path				2020-11-09
MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path				2020-11-09
Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path				2020-11-09
Motorola Device Manager 2.5.4 - 'ForwardDaemon.exe ' Unquoted Service Path				2020-11-09
Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path				2020-11-09
Motorola Device Manager 2.4.5 - 'ForwardDaemon.exe ' Unquoted Service Path				2020-11-09
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path				2020-11-09
Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path				2020-11-09
DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path				2020-11-09
Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path				2020-11-09
IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path				2020-11-09
OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path				2020-11-09
Winstep 18.06.0096 - 'Xtreme Service' Unquoted Service Path				2020-11-09
KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path				2020-11-09
HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path				2020-11-09
SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)				2020-11-09
Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF				2020-11-09
BlogEngine 3.3.8 - 'Content' Stored XSS				2020-11-06
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)				2020-11-06
Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)				2020-11-06
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)				2020-11-06
SmartBlog 2.0.1 - 'id_post' Blind SQL injection				2020-11-06
TP-Link WDR4300 - Remote Code Execution (Authenticated)				2020-11-05
Amarok 2.8.0 - Denial-of-Service				2020-11-05
iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation				2020-11-05
iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass				2020-11-05
iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery (CSRF)				2020-11-05
Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution				2020-11-04
School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution				2020-11-04
PDW File Browser < v1.3 - Remote Code Execution				2020-11-04
Processwire CMS 2.4.0 - 'download' Local File Inclusion				2020-11-04
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution				2020-11-03
Multi Restaurant Table Reservation System 1.0 - 'table_id' Unauthenticated SQL Injection				2020-11-03
Quick N Easy FTP Service 3.2 - Unquoted Service Path				2020-11-02
Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)				2020-11-02
Monitorr 1.7.6m - Authorization Bypass				2020-11-02
Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)				2020-11-02
WordPress Plugin Simple File List 5.4 - Arbitrary File Upload				2020-11-02
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)				2020-11-02
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution				2020-10-30
Online Job Portal 1.0 - 'userid' SQL Injection				2020-10-30
Citadel WebCit < 926 - Session Hijacking Exploit				2020-10-30
DedeCMS v.5.8 - "keyword" Cross-Site Scripting				2020-10-30
CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting				2020-10-30
Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot				2020-10-29
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request				2020-10-29
Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)				2020-10-29
Online Examination System 1.0 - 'name' Stored Cross Site Scripting				2020-10-29
IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path				2020-10-28
Prey 1.9.6 - "CronService" Unquoted Service Path				2020-10-28
Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path				2020-10-28
Exploit - EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path				2020-10-28
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion				2020-10-28
Blueman < 2.1.4 - Local Privilege Escalation				2020-10-28
aptdaemon < 1.1.1 - File Existence Disclosure				2020-10-28
PackageKit < 1.1.13 - File Existence Disclosure				2020-10-28
CSE Bookstore 1.0 - Authentication Bypass				2020-10-28
Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)				2020-10-28
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse				2020-10-27
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)				2020-10-27
Client Management System 1.0 - 'searchdata' SQL injection				2020-10-27
Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated)				2020-10-27
Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root				2020-10-27
TDM Digital Signage PC Player 4.1 - Insecure File Permissions				2020-10-27
ReQuest Serious Play F3 Media Server 7.0.3 - Remote Code Execution (Unauthenticated)				2020-10-26
ReQuest Serious Play F3 Media Server 7.0.3 - Remote Denial of Service				2020-10-26
ReQuest Serious Play F3 Media Server 7.0.3 - Debug Log Disclosure				2020-10-26
ReQuest Serious Play Media Player 3.0 - Directory Traversal File Disclosure				2020-10-26
Genexis Platinum-4410 - 'SSID' Persistent XSS				2020-10-26
PDW File Browser 1.3 - 'new_filename' Cross-Site Scripting (XSS)				2020-10-26
InoERP 0.7.2 - Remote Code Execution (Unauthenticated)				2020-10-26
Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)				2020-10-26
CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection				2020-10-26
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)				2020-10-23
Bludit 3.9.2 - Auth Bruteforce Bypass				2020-10-23
Gym Management System 1.0 - Stored Cross Site Scripting				2020-10-23
Gym Management System 1.0 - Authentication Bypass				2020-10-23
School Faculty Scheduling System 1.0 - 'username' SQL Injection				2020-10-23
School Faculty Scheduling System 1.0 - 'id' SQL Injection				2020-10-23
Point of Sales 1.0 - 'username' SQL Injection				2020-10-23
Gym Management System 1.0 - 'id' SQL Injection				2020-10-23
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)				2020-10-23
Lot Reservation Management System 1.0 - Authentication Bypass				2020-10-23
Point of Sales 1.0 - 'id' SQL Injection				2020-10-23
User Registration & Login and User Management System 2.1 - SQL Injection				2020-10-23
Car Rental Management System 1.0 - Arbitrary File Upload				2020-10-23
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection				2020-10-23
Ajenti 2.1.36 - Remote Code Execution (Authenticated)				2020-10-23
Online Library Management System 1.0 - Arbitrary File Upload				2020-10-23
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass				2020-10-21
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting				2020-10-21
Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting				2020-10-21
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting				2020-10-21
GOautodial 4.0 - Authenticated Shell Upload				2020-10-21
School Faculty Scheduling System 1.0 - Authentication Bypass POC				2020-10-21
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC				2020-10-21
Hrsale 2.0.0 - Local File Inclusion				2020-10-21
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)				2020-10-20
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection				2020-10-20
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution				2020-10-20
Mobile Shop System v1.0 - SQL Injection Authentication Bypass				2020-10-20
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)				2020-10-20
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS				2020-10-20
WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload				2020-10-20
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)				2020-10-20
Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)				2020-10-20
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure				2020-10-20
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)				2020-10-20
Comtrend AR-5387un router - Persistent XSS (Authenticated)				2020-10-20
Textpattern CMS 4.6.2 - Cross-site Request Forgery				2020-10-19
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)				2020-10-19
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)				2020-10-19
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in				2020-10-19
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)				2020-10-19
HiSilicon Video Encoders - Full admin access via backdoor password				2020-10-19
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware				2020-10-19
HiSilicon Video Encoders - RCE via unauthenticated command injection				2020-10-19
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal				2020-10-19
Online Job Portal 1.0 - Cross Site Scripting (Stored)				2020-10-19
Online Discussion Forum Site 1.0 - XSS in Messaging System				2020-10-19
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)				2020-10-19
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection				2020-10-19
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection				2020-10-19
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting				2020-10-19
Tourism Management System 1.0 - Arbitrary File Upload				2020-10-19
CS-Cart 1.3.3 - authenticated RCE				2020-10-19
CS-Cart 1.3.3 - 'classes_dir' LFI				2020-10-19
Seat Reservation System 1.0 - Unauthenticated SQL Injection				2020-10-19
Hotel Management System 1.0 - Remote Code Execution (Authenticated)				2020-10-19
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)				2020-10-19
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)				2020-10-19
Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)				2020-10-19
Company Visitor Management System (CVMS) 1.0 - Authentication Bypass				2020-10-19
Alumni Management System 1.0 - Authentication Bypass				2020-10-19
Employee Management System 1.0 - Authentication Bypass				2020-10-19
Employee Management System 1.0 - Cross Site Scripting (Stored)				2020-10-19
Zoo Management System 1.0 - Authentication Bypass				2020-10-19
Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass				2020-10-19
rConfig 3.9.5 - Remote Code Execution (Unauthenticated)				2020-10-19
Vehicle Parking Management System 1.0 - Authentication Bypass				2020-10-19
Guild Wars 2 - Insecure Folder Permissions				2020-10-19
NodeBB Forum 1.12.2-1.14.2 - Account Takeover				2020-10-19
TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection				2020-10-19
Battle.Net 1.27.1.12428 - Insecure File Permissions				2020-10-19
berliCRM 1.0.24 - 'src_record' SQL Injection				2020-10-19
Cisco ASA and FTD 9.6.4.42 - Path Traversal				2020-10-19
Online Students Management System 1.0 - 'username' SQL Injections				2020-10-19
Liman 0.7 - Cross-Site Request Forgery (Change Password)				2020-10-19
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)				2020-10-19
Small CRM 2.0 - 'email' SQL Injection				2020-10-19
openMAINT 1.1-2.4.2 - Arbitrary File Upload				2020-10-09
DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)				2020-10-09
Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting				2020-10-09
D-Link DSR-250N 3.12 - Denial of Service (PoC)				2020-10-08
SEO Panel 4.6.0 - Remote Code Execution				2020-10-08
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting				2020-10-07
BACnet Test Server 1.01 - Remote Denial of Service (PoC)				2020-10-07
EasyPMS 1.0.0 - Authentication Bypass				2020-10-06
Karel IP Phone IP1211 Web Management Panel - Directory Traversal				2020-10-06
Qmail SMTP 1.03 - Bash Environment Variable Injection				2020-10-06
SpamTitan 7.07 - Unauthenticated Remote Code Execution				2020-10-05
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection				2020-10-05
Photo Share Website 1.0 - Persistent Cross-Site Scripting				2020-10-02
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)				2020-10-02
Exhibitor Web UI 1.7.1 - Remote Code Execution				2020-10-01
Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting				2020-10-01
CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)				2020-10-01
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)				2020-10-01
WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)				2020-10-01
MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)				2020-10-01
SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration				2020-10-01
SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)				2020-10-01
SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure				2020-10-01
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal				2020-10-01
BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)				2020-10-01
Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow				2020-10-01
CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)				2020-09-29
BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)				2020-09-29
WebsiteBaker 2.12.2 - Remote Code Execution				2020-09-29
Joplin 1.0.245 - Arbitrary Code Execution (PoC)				2020-09-29
MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation				2020-09-29
Mida eFramework 2.8.9 - Remote Code Execution				2020-09-29
B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure				2020-09-25
B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin)				2020-09-25
Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)				2020-09-25
BigTree CMS 4.4.10 - Remote Code Execution				2020-09-25
Visitor Management System in PHP 1.0 - Persistent Cross-Site Scripting				2020-09-24
Simple Online Food Ordering System 1.0 - 'id' SQL Injection (Unauthenticated)				2020-09-24
Online Food Ordering System 1.0 - Remote Code Execution				2020-09-23
Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting				2020-09-22
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution				2020-09-22
B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution				2020-09-21
Mida eFramework 2.9.0 - Back Door Access				2020-09-21
Seat Reservation System 1.0 - 'id' SQL Injection				2020-09-21
ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path				2020-09-21
BlackCat CMS 1.3.6 - Cross-Site Request Forgery				2020-09-21
Online Shop Project 1.0 - 'p' SQL Injection				2020-09-21
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)				2020-09-18
SpamTitan 7.07 - Remote Code Execution (Authenticated)				2020-09-18
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution				2020-09-17
Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software				2020-09-16
Piwigo 2.10.1 - Cross Site Scripting				2020-09-16
Tailor MS 1.0 - Reflected Cross-Site Scripting				2020-09-16
ThinkAdmin 6 - Arbitrarily File Read				2020-09-16
Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)				2020-09-16
Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path				2020-09-16
RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)				2020-09-16
Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path				2020-09-16
RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting				2020-09-16
Internet Explorer 11 - Use-After-Free				2020-09-16
Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)				2020-09-16
VTENEXT 19 CE - Remote Code Execution				2020-09-16
Gnome Fonts Viewer 3.34.0 - Heap Corruption				2020-09-16
ZTE Router F602W - Captcha Bypass				2020-09-16
CuteNews 2.1.2 - Remote Code Execution				2020-09-16
Tiandy IPC and NVR 9.12.7 - Credential Disclosure				2020-09-16
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)				2020-09-16
Tailor Management System - 'id' SQL Injection				2020-09-16
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)				2020-09-16
Input Director 1.4.3 - 'Input Director' Unquoted Service Path				2020-09-16
ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path				2020-09-08
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)				2020-09-07
grocy 2.7.1 - Persistent Cross-Site Scripting				2020-09-07
Cabot 0.11.12 - Persistent Cross-Site Scripting				2020-09-07
Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path				2020-09-04
BarracudaDrive v6.5 - Insecure Folder Permissions				2020-09-03
SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)				2020-09-03
Daily Tracker System 1.0 - Authentication Bypass				2020-09-03
BloodX CMS 1.0 - Authentication Bypass				2020-09-03
Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting				2020-09-03
Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)				2020-09-02
moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)				2020-09-01
Mara CMS 7.5 - Remote Code Execution (Authenticated)				2020-09-01
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)				2020-08-31
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated)				2020-08-31
Mara CMS 7.5 - Reflective Cross-Site Scripting				2020-08-31
BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow (SEH,ASLR,DEP)				2020-08-31
Online Book Store 1.0 - 'id' SQL Injection				2020-08-31
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation				2020-08-28
SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting				2020-08-28
Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting				2020-08-28
Online Shopping Alphaware 1.0 - 'id' SQL Injection				2020-08-28
Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)				2020-08-27
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)				2020-08-27
Mida eFramework 2.9.0 - Remote Code Execution				2020-08-27
Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal				2020-08-26
Ericom Access Server x64 9.2.0 - Server-Side Request Forgery				2020-08-26
Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure				2020-08-24
Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass				2020-08-24
LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting				2020-08-24
vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution (Metasploit)				2020-08-23
Seowon SlC 130 Router - Remote Code Execution				2020-08-23
Complaint Management System 1.0 - 'cid' SQL Injection				2020-08-23
PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)				2020-08-23
ElkarBackup 1.3.3 - Persistent Cross-Site Scripting				2020-08-23
Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal				2020-08-19
Savsoft Quiz 5 - Stored Cross-Site Scripting				2020-08-18
Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection				2020-08-18
QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)				2020-08-17
QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Disclosure				2020-08-17
QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion				2020-08-17
QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential Disclosure				2020-08-17
Microsoft SharePoint Server 2019 - Remote Code Execution				2020-08-17
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass				2020-08-17
GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)				2020-08-14
Artica Proxy 4.3.0 - Authentication Bypass				2020-08-14
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution				2020-08-14
CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload				2020-08-14
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)				2020-08-14
BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path				2020-08-14
ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)				2020-08-14
Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)				2020-08-14
Daily Expenses Management System 1.0 - 'item' SQL Injection				2020-08-14
All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)				2020-08-14
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path				2020-08-14
Victor CMS 1.0 - 'Search' SQL Injection				2020-08-14
Stock Management System 1.0 - Authentication Bypass				2020-08-14
QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)				2020-08-14
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)				2020-08-14
Daily Expenses Management System 1.0 - 'username' SQL Injection				2020-08-14
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)				2020-08-14
Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)				2020-08-14
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)				2020-08-14
Online Shopping Alphaware 1.0 - Authentication Bypass				2020-07-30
Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting				2020-07-29
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion				2020-07-29
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion				2020-07-29
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution				2020-07-29
docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)				2020-07-29
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)				2020-07-29
Rails 5.0.1 - Remote Code Execution				2020-07-29
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting				2020-07-29
pfSense 2.4.4-p3 - Cross-Site Request Forgery				2020-07-29
Socket.io-file 2.0.31 - Arbitrary File Upload				2020-07-29
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)				2020-07-29
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion				2020-07-29
Webtareas 2.1p - Arbitrary File Upload (Authenticated)				2020-07-29
Bio Star 2.8.2 - Local File Inclusion				2020-07-29
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting				2020-07-29
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)				2020-07-29
elaniin CMS - Authentication Bypass				2020-07-29
Online Course Registration 1.0 - Unauthenticated Remote Code Execution				2020-07-29
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)				2020-07-29
LibreHealth 2.0.0 - Authenticated Remote Code Execution				2020-07-29
Bludit 3.9.2 - Directory Traversal				2020-07-29
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)				2020-07-29
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download				2020-07-29
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)				2020-07-29
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)				2020-07-29
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)				2020-07-29
UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)				2020-07-29
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution				2020-07-29
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection				2020-07-29
Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)				2020-07-29
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)				2020-07-29
DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)				2020-07-29
Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)				2020-07-29
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)				2020-07-29
Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)				2020-07-29
FTPDummy 4.80 - Local Buffer Overflow (SEH)				2020-07-29
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass				2020-07-29
Sophos VPN Web Panel 2020 - Denial of Service (Poc)				2020-07-29
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection				2020-07-29
Docsify.js 4.11.4 - Reflective Cross-Site Scripting				2020-07-29
NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)				2020-07-29
CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)				2020-07-29
Simple Startup Manager 1.17 - 'File' Local Buffer Overflow (PoC)				2020-07-29
Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path				2020-07-29
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)				2020-07-29
Infor Storefront B2B 1.0 - 'usr_name' SQL Injection				2020-07-29
Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting				2020-07-29
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass				2020-07-29
Online Polling System 1.0 - Authentication Bypass				2020-07-29
Zyxel Armor X1 WAP6806 - Directory Traversal				2020-07-29
SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)				2020-07-29
Linux/x86 - ASLR deactivation polymorphic Shellcode (124 bytes)				2020-07-29
TeamCity Agent XML-RPC 10.0 - Remote Code Execution				2020-07-29
Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)				2020-07-14
BSA Radar 1.6.7234.24750 - Local File Inclusion				2020-07-14
Park Ticketing Management System 1.0 - Authentication Bypass				2020-07-13
Park Ticketing Management System 1.0 - 'viewid' SQL Injection				2020-07-13
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution				2020-07-10
Barangay Management System 1.0 - Authentication Bypass				2020-07-10
HelloWeb 2.0 - Arbitrary File Download				2020-07-10
Savsoft Quiz 5 - Persistent Cross-Site Scripting				2020-07-09
FrootVPN 4.8 - 'frootvpn' Unquoted Service Path				2020-07-09
Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting				2020-07-09
PHP 7.4 FFI - 'disable_functions' Bypass				2020-07-09
BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)				2020-07-08
SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)				2020-07-08
Microsoft Windows mshta.exe 2019 - XML External Entity Injection				2020-07-07
BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation				2020-07-07
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection				2020-07-07
Online Shopping Portal 3.1 - 'email' SQL Injection				2020-07-07
Sickbeard 0.1 - Remote Command Injection				2020-07-07
Sony Playstation 2 (PS2): FreeDVDBoot - Hacking the PlayStation 2 through its DVD player				2020-07-07
Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)				2020-07-07
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)				2020-07-07
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution				2020-07-07
Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution				2020-07-06
RSA IG&L Aveksa 7.1.1 - Remote Code Execution				2020-07-06
Grafana 7.0.1 - Denial of Service (PoC)				2020-07-06
Fire Web Server 0.1 - Remote Denial of Service (PoC)				2020-07-06
RiteCMS 2.2.1 - Authenticated Remote Code Execution				2020-07-06
File Management System 1.1 - Persistent Cross-Site Scripting				2020-07-06
OCS Inventory NG 2.7 - Remote Code Execution				2020-07-02
ZenTao Pro 8.8.2 - Command Injection				2020-07-02
Online Shopping Portal 3.1 - Authentication Bypass				2020-07-01
PHP-Fusion 9.03.60 - PHP Object Injection				2020-07-01
e-learning Php Script 0.1.0 - 'search' SQL Injection				2020-07-01
RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC)				2020-07-01
Reside Property Management 3.0 - 'profile' SQL Injection				2020-06-30
Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting				2020-06-30
KiteService 1.2020.618.0 - Unquoted Service Path				2020-06-28
Windscribe 1.83 - 'WindscribeService' Unquoted Service Path				2020-06-28
OpenEMR 5.0.1 - 'controller' Remote Code Execution				2020-06-28
FHEM 6.0 - Local File Inclusion				2020-06-28
mySCADA myPRO 7 - Hardcoded Credentials				2020-06-28
BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting				2020-06-28
Lansweeper 7.2 - Incorrect Access Control				2020-06-28
Code Blocks 20.03 - Denial Of Service (PoC)				2020-06-28
Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)				2020-06-28
Responsive Online Blog 1.0 - 'id' SQL Injection				2020-06-28
Frigate 2.02 - Denial Of Service (PoC)				2020-06-28
WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting				2020-06-28
WebPort 1.19.1 - Reflected Cross-Site Scripting				2020-06-28
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload				2020-06-28
Odoo 12.0 - Local File Inclusion				2020-06-28
Student Enrollment 1.0 - Unauthenticated Remote Code Execution				2020-06-28
FileRun 2019.05.21 - Reflected Cross-Site Scripting				2020-06-28
Beauty Parlour Management System 1.0 - Authentication Bypass				2020-06-28
OpenCTI 3.3.1 - Directory Traversal				2020-06-28
Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)				2020-06-28
College-Management-System-Php 1.0 - Authentication Bypass				2020-06-28
Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path				2020-06-28
Gila CMS 1.11.8 - 'query' SQL Injection				2020-06-28
Netgear R7000 Router - Remote Code Execution				2020-06-28
SOS JobScheduler 1.13.3 - Stored Password Decryption				2020-06-28
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)				2020-06-28
Linux/ARM - execve /bin/dash Shellcode (32 bytes)				2020-06-28
Sysax MultiServer 6.90 - Reflected Cross Site Scripting				2020-06-28
Avaya IP Office 11 - Password Disclosure				2020-06-28
SmarterMail 16 - Arbitrary File Upload				2020-06-28
Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)				2020-06-28
Virtual Airlines Manager 2.6.2 - 'id' SQL Injection				2020-06-28
WinGate 9.4.1.5998 - Insecure Folder Permissions				2020-06-28
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection				2020-06-28
Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)				2020-06-28
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH,DEP,ASLR)				2020-06-28
HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)				2020-06-28
Library CMS Powerful Book Management System 2.2.0 - Session Fixation				2020-06-28
WordPress Plugin Simple File List 5.4 - Remote Code Execution				2020-06-28
Prestashop 1.7.6.4 - Cross-Site Request Forgery				2020-06-28
WordPress Plugin Helpful 2.4.11 - SQL Injection				2020-06-28
PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution				2020-06-28
Wordpress Plugin PicUploader 1.0 - Remote File Upload				2020-06-28
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload				2020-06-28
UADMIN Botnet 1.0 - 'link' SQL Injection				2020-06-28
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification				2020-06-28
Wing FTP Server - Authenticated CSRF (Delete Admin)				2020-06-28
PlaySMS 1.4.3 - Template Injection / Remote Code Execution				2020-06-28
Joomla! 3.9.0 < 3.9.7 - CSV Injection				2020-06-28
CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)				2020-06-28
CoreFTP 2.0 Build 674 MDTM - Directory Traversal (Metasploit)				2020-06-28
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)				2020-06-28
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting				2020-06-28
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting				2020-06-28
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion				2020-06-28
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload				2020-06-28
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure				2020-06-28
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting				2020-06-28
WordPress Plugin Tutor.1.5.3 - Local File Inclusion				2020-06-28
Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution				2020-06-28
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)				2020-06-28
SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)				2020-06-28
SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)				2020-06-28
XnConvert 1.82 - Denial of Service (PoC)				2020-06-28
SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)				2020-06-28
DeviceViewer 3.12.0.1 - Arbitrary Password Change				2020-06-28
DotNetNuke 9.3.2 - Cross-Site Scripting				2020-06-28
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion				2020-06-28
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation				2020-06-28
InputMapper 1.6.10 - Denial of Service				2020-06-28
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service				2020-06-28
Notepad++ < 7.7 (x64) - Denial of Service				2020-06-28
NetGain EM Plus 10.1.68 - Remote Command Execution				2020-06-28
Publisure Hybrid - Multiple Vulnerabilities				2020-06-28
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery				2020-06-28
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)				2020-06-28
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation				2020-06-28
MyBB < 1.8.21 - Remote Code Execution				2020-06-28
Android 7 < 9 - Remote Code Execution				2020-06-28
Siemens TIA Portal - Remote Command Execution				2020-06-28
FreeBSD 12.0 - 'fd' Local Privilege Escalation				2020-06-28
Bludit 3.9.12 - Directory Traversal				2020-06-09
Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection				2020-06-09
Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)				2020-06-08
Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)				2020-06-08
Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection				2020-06-08
Kyocera Printer d-COPIA253MF - Directory Traversal (PoC)				2020-06-08
Online-Exam-System 2015 - 'feedback' SQL Injection				2020-06-05
Online Course Registration 1.0 - Authentication Bypass				2020-06-05
Cayin Digital Signage System xPost 2.5 - Remote Command Injection				2020-06-04
Cayin Signage Media Player 3.0 - Remote Command Injection (root)				2020-06-04
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read				2020-06-04
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)				2020-06-04
Cayin Content Management Server 11.0 - Remote Command Injection (root)				2020-06-04
Online Marriage Registration System 1.0 - Remote Code Execution				2020-06-04
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass				2020-06-04
Navigate CMS 2.8.7 - Authenticated Directory Traversal				2020-06-04
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution				2020-06-04
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)				2020-06-04
Clinic Management System 1.0 - Authenticated Arbitrary File Upload				2020-06-04
Oriol Espinal CMS 1.0 - 'id' SQL Injection				2020-06-04
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)				2020-06-04
Clinic Management System 1.0 - Unauthenticated Remote Code Execution				2020-06-04
IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path				2020-06-04
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)				2020-06-04
AirControl 1.4.2 - PreAuth Remote Code Execution				2020-06-04
vCloud Director 9.7.0.15498291 - Remote Code Execution				2020-06-03
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)				2020-06-02
Clinic Management System 1.0 - Authentication Bypass				2020-06-02
Microsoft Windows - 'SMBGhost' Remote Code Execution				2020-06-02
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution				2020-06-01
VMware vCenter Server 6.7 - Authentication Bypass				2020-06-01
Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation				2020-06-01
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass				2020-05-29
WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)				2020-05-29
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution				2020-05-28
EyouCMS 1.4.6 - Persistent Cross-Site Scripting				2020-05-28
Online-Exam-System 2015 - 'fid' SQL Injection				2020-05-28
NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection				2020-05-28
OXID eShop 6.3.4 - 'sorting' SQL Injection				2020-05-27
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting				2020-05-27
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting				2020-05-27
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting				2020-05-27
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting				2020-05-27
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting				2020-05-27
BIND - 'TSIG' Denial of Service				2020-05-27
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution				2020-05-26
Pi-hole 4.4.0 - Remote Code Execution (Authenticated)				2020-05-26
Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)				2020-05-26
StreamRipper32 2.6 - Buffer Overflow (PoC)				2020-05-26
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)				2020-05-26
OpenEMR 5.0.1 - Remote Code Execution				2020-05-26
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)				2020-05-25
Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)				2020-05-25
Online Discussion Forum Site 1.0 - Remote Code Execution				2020-05-25
Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting				2020-05-25
GoldWave - Buffer Overflow (SEH Unicode)				2020-05-25
Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)				2020-05-25
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)				2020-05-23
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP,ASLR)				2020-05-23
Gym Management System 1.0 - Unauthenticated Remote Code Execution				2020-05-23
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation				2020-05-23
Dolibarr 11.0.3 - Persistent Cross-Site Scripting				2020-05-23
Filetto 1.0 - 'FEAT' Denial of Service (PoC)				2020-05-23
Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)				2020-05-23
Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)				2020-05-23
OpenEDX platform Ironwood 2.5 - Remote Code Execution				2020-05-23
CloudMe 1.11.2 - Buffer Overflow (SEH,DEP,ASLR)				2020-05-23
PHPFusion 9.03.50 - Persistent Cross-Site Scripting				2020-05-23
Composr CMS 10.0.30 - Persistent Cross-Site Scripting				2020-05-23
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)				2020-05-23
AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)				2020-05-23
CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution				2020-05-23
Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)				2020-05-23
Victor CMS 1.0 - Authenticated Arbitrary File Upload				2020-05-23
NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password)				2020-05-23
Submitty 20.04.01 - Persistent Cross-Site Scripting				2020-05-23
php-fusion 9.03.50 - 'ctype' SQL Injection				2020-05-23
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting				2020-05-23
Victor CMS 1.0 - 'cat_id' SQL Injection				2020-05-23
Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting				2020-05-23
HP LinuxKI 6.01 - Remote Command Injection				2020-05-23
Online Healthcare management system 1.0 - Authentication Bypass				2020-05-23
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass				2020-05-23
online Chatting System 1.0 - 'id' SQL Injection				2020-05-23
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload				2020-05-23
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting				2020-05-23
Oracle Hospitality RES 3700 5.7 - Remote Code Execution				2020-05-23
Online Examination System 1.0 - 'eid' SQL Injection				2020-05-23
Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection				2020-05-23
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection				2020-05-23
ManageEngine Service Desk 10.0 - Cross-Site Scripting				2020-05-23
vBulletin 5.6.1 - 'nodeId' SQL Injection				2020-05-23
E-Commerce System 1.0 - Unauthenticated Remote Code Execution				2020-05-23
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution				2020-05-23
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)				2020-05-23
Complaint Management System 1.0 - 'username' SQL Injection				2020-05-23
Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting				2020-05-13