|
Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
|
|
2020-12-21
|
|
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
|
|
2020-12-19
|
|
Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
|
|
2020-12-19
|
|
SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)
|
|
2020-12-19
|
|
Smart Hospital 3.1 - "Add Patient" Stored XSS
|
|
2020-12-19
|
|
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
|
|
2020-12-19
|
|
Alumni Management System 1.0 - 'id' SQL Injection
|
|
2020-12-19
|
|
Alumni Management System 1.0 - "Course Form" Stored XSS
|
|
2020-12-19
|
|
Alumni Management System 1.0 - Unrestricted File Upload To RCE
|
|
2020-12-19
|
|
Point of Sale System 1.0 - Authentication Bypass
|
|
2020-12-19
|
|
Nxlog Community Edition 2.10.2150 - DoS (Poc)
|
|
2020-12-19
|
|
Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
|
|
2020-12-19
|
|
PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)
|
|
2020-12-19
|
|
Employee Record System 1.0 - Multiple Stored XSS
|
|
2020-12-19
|
|
Interview Management System 1.0 - 'id' SQL Injection
|
|
2020-12-19
|
|
Interview Management System 1.0 - Stored XSS in Add New Question
|
|
2020-12-19
|
|
Online Tours & Travels Management System 1.0 - "id" SQL Injection
|
|
2020-12-19
|
|
Customer Support System 1.0 - 'id' SQL Injection
|
|
2020-12-19
|
|
Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS
|
|
2020-12-19
|
|
Medical Center Portal Management System 1.0 - 'id' SQL Injection
|
|
2020-12-19
|
|
Content Management System 1.0 - 'id' SQL Injection
|
|
2020-12-19
|
|
Content Management System 1.0 - 'email' SQL Injection
|
|
2020-12-19
|
|
Content Management System 1.0 - 'First Name' Stored XSS
|
|
2020-12-19
|
|
Linksys RE6500 1.0.11.001 - Unauthenticated RCE
|
|
2020-12-19
|
|
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
|
|
2020-12-19
|
|
Seotoaster 3.2.0 - Stored XSS on Edit page properties
|
|
2020-12-19
|
|
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
|
|
2020-12-19
|
|
Magic Home Pro 1.5.1 - Authentication Bypass
|
|
2020-12-19
|
|
Raysync 3.3.3.8 - RCE
|
|
2020-12-19
|
|
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
|
|
2020-12-19
|
|
GitLab 11.4.7 - Remote Code Execution (Authenticated)
|
|
2020-12-19
|
|
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
|
|
2020-12-19
|
|
Solaris SunSSH 11.0 x86 - libpam Remote Root
|
|
2020-12-19
|
|
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Authenticated)
|
|
2020-12-19
|
|
libbabl 0.1.62 - Broken Double Free Detection (PoC)
|
|
2020-12-19
|
|
Task Management System 1.0 - 'page' Local File Inclusion
|
|
2020-12-19
|
|
Gitlab 11.4.7 - Remote Code Execution
|
|
2020-12-19
|
|
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
|
|
2020-12-19
|
|
Rumble Mail Server 0.51.3135 - 'username' Stored XSS
|
|
2020-12-19
|
|
Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
|
|
2020-12-19
|
|
Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
|
|
2020-12-19
|
|
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
|
|
2020-12-19
|
|
Seacms 11.1 - 'checkuser' Stored XSS
|
|
2020-12-19
|
|
Seacms 11.1 - 'file' Local File Inclusion
|
|
2020-12-19
|
|
Seacms 11.1 - 'ip and weburl' Remote Command Execution
|
|
2020-12-19
|
|
System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
|
|
2020-12-19
|
|
MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
|
|
2020-12-19
|
|
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
|
|
2020-12-19
|
|
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
|
|
2020-12-19
|
|
Courier Management System 1.0 - 'ref_no' SQL Injection
|
|
2020-12-19
|