Exploits (Total: 98598)

    
    
    
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
2021-09-28
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
2021-09-28
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
2021-09-28
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
2021-09-28
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
2021-09-28
FatPipe Networks WARP 10.2.2 - Authorization Bypass
2021-09-28
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
2021-09-28
XAMPP 7.4.3 - Local Privilege Escalation
2021-09-27
Cyberfox Web Browser 52.9.1 - Denial-of-Service (PoC)
2021-09-27
Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers
2021-09-27
Library System 1.0 - 'student_id' SQL injection (Authenticated)
2021-09-27
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)
2021-09-27
Ether_MP3_CD_Burner 1.3.8 - Buffer Overflow (SEH)
2021-09-27
Microsoft Windows cmd.exe - Stack Buffer Overflow
2021-09-24
Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass
2021-09-24
SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure
2021-09-24
Police Crime Record Management Project 1.0 - Time Based SQLi
2021-09-23
Budget and Expense Tracker System 1.0 - Arbitrary File Upload
2021-09-23
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
2021-09-23
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
2021-09-23
Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
2021-09-23
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC)
2021-09-23
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
2021-09-23
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
2021-09-23
Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-22
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
2021-09-22
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
2021-09-22
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
2021-09-22
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
2021-09-22
TotalAV 5.15.69 - Unquoted Service Path
2021-09-22
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
2021-09-22
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
2021-09-22
Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service (PoC)
2021-09-21
WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)
2021-09-21
Securing Authentication and Authorization - Paper
2021-09-21
Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-21
Budget and Expense Tracker System 1.0 - Authenticated Bypass
2021-09-21
Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-21
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-21
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
2021-09-21
Church Management System 1.0 - 'search' SQL Injection (Unauthenticated)
2021-09-21
T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)
2021-09-21
Simple Attendance System 1.0 - Authenticated bypass
2021-09-21
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
2021-09-21
WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass
2021-09-21
ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)
2021-09-21
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
2021-09-21
Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)
2021-09-21
Seowon 130-SLC router - 'queriesCnt' Remote Code Execution (Unauthenticated)
2021-09-21
Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)
2021-09-21
Purchase Order Management System 1.0 - Remote File Upload
2021-09-14
Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
2021-09-13
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
2021-09-13
Apartment Visitor Management System (AVMS) 1.0 - SQLi to RCE
2021-09-13
Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload
2021-09-13
ECOA Building Automation System - Arbitrary File Deletion
2021-09-13
ECOA Building Automation System - Local File Disclosure
2021-09-13
ECOA Building Automation System - Remote Privilege Escalation
2021-09-13
ECOA Building Automation System - Missing Encryption Of Sensitive Information
2021-09-13
ECOA Building Automation System - Hard-coded Credentials SSH Access
2021-09-13
ECOA Building Automation System - Hidden Backdoor Accounts and backdoor() Function
2021-09-13
ECOA Building Automation System - Configuration Download Information Disclosure
2021-09-13
ECOA Building Automation System - Cookie Poisoning Authentication Bypass
2021-09-13
ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)
2021-09-13
ECOA Building Automation System - Directory Traversal Content Disclosure
2021-09-13
ECOA Building Automation System - Path Traversal Arbitrary File Upload
2021-09-13
ECOA Building Automation System - Weak Default Credentials
2021-09-13
Men Salon Management System 1.0 - Multiple Vulnerabilities
2021-09-13
Active WebCam 11.5 - Unquoted Service Path
2021-09-13
Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)
2021-09-09
Backdooring Wordpress to get text-clear passwords - Paper (Brazilian-Portuguese)
2021-09-08
WordPress Plugin TablePress 1.14 - CSV Injection
2021-09-08
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)
2021-09-07
WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)
2021-09-07
Antminer Monitor 0.5.0 - Authentication Bypass
2021-09-06
SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
2021-09-06
Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS
2021-09-06
Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution (RCE)
2021-09-06
Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)
2021-09-06
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
2021-09-06
Argus Surveillance DVR 4.0 - Unquoted Service Path
2021-09-06
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
2021-09-06
OpenSIS 8.0 'modname' - Directory/Path Traversal
2021-09-03
Remote Mouse 4.002 - Unquoted Service Path
2021-09-03
CRACKING WiFi WPA2 HANDSHAKE - Paper (Turkish)
2021-09-02
WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)
2021-09-02
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
2021-09-02
Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure
2021-09-02
Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure
2021-09-02
Compro Technology IP Camera - 'Multiple' Credential Disclosure
2021-09-02
Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)
2021-09-02
Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)
2021-09-02
OpenSIS Community 8.0 - 'cp_id_miss_attn' SQL Injection
2021-09-02
Dolibarr ERP/CRM 14.0.1 - Privilege Escalation
2021-09-02
Telegram Desktop 2.9.2 - Denial of Service (PoC)
2021-09-01
WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection
2021-09-01
Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated)
2021-09-01
Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
2021-09-01
WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)
2021-08-31
Umbraco CMS 8.9.1 - Path traversal and Arbitrary File Write (Authenticated)
2021-08-31
Exploits/page:


Page:
1-4-2 (www01)