|
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
|
|
2019-03-04
|
|
Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)
|
|
2019-03-04
|
|
Linux/x64 - Kill All Processes Shellcode (11 bytes)
|
|
2019-03-04
|
|
Linux/x86 - iptables -F Shellcode (43 bytes)
|
|
2019-03-04
|
|
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
|
|
2019-03-04
|
|
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
|
|
2019-03-04
|
|
Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)
|
|
2019-03-04
|
|
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)
|
|
2019-03-04
|
|
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
|
|
2019-03-04
|
|
FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)
|
|
2019-03-04
|
|
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
|
|
2019-03-04
|
|
OOP CMS BLOG 1.0 - Multiple SQL Injection
|
|
2019-03-04
|
|
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
|
|
2019-03-04
|
|
CMSsite 1.0 - Multiple Cross-Site Request Forgery
|
|
2019-03-04
|
|
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
|
|
2019-03-04
|
|
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
|
|
2019-03-01
|
|
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
|
|
2019-03-01
|
|
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
|
|
2019-03-01
|
|
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
|
|
2019-03-01
|
|
Google Chrome < M72 - FileWriterImpl Use-After-Free
|
|
2019-03-01
|
|
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
|
|
2019-03-01
|
|
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
|
|
2019-03-01
|
|
Google Chrome < M72 - PaymentRequest Service Use-After-Free
|
|
2019-03-01
|
|
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
|
|
2019-02-28
|
|
TransMac 12.3 - Denial of Service (PoC)
|
|
2019-02-28
|
|
Usermin 1.750 - Remote Command Execution (Metasploit)
|
|
2019-02-28
|
|
Joomla! Component J2Store < 3.3.7 - SQL Injection
|
|
2019-02-28
|
|
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
|
|
2019-02-28
|
|
FTP Server 1.32 - Denial of Service
|
|
2019-02-28
|
|
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
|
|
2019-02-28
|
|
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
|
|
2019-02-28
|
|
Simple Online Hotel Reservation System - SQL Injection
|
|
2019-02-28
|
|
Drupal < 8.6.9 - REST Module Remote Code Execution
|
|
2019-02-25
|
|
Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)
|
|
2019-02-25
|
|
Advance Gift Shop Pro Script 2.0.3 - SQL Injection
|
|
2019-02-25
|
|
News Website Script 2.0.5 - SQL Injection
|
|
2019-02-25
|
|
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
|
|
2019-02-25
|
|
zzzphp CMS 1.6.1 - Remote Code Execution
|
|
2019-02-25
|
|
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
|
|
2019-02-25
|
|
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
|
|
2019-02-23
|
|
Teracue ENC-400 - Command Injection / Missing Authentication
|
|
2019-02-22
|
|
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
|
|
2019-02-22
|
|
Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)
|
|
2019-02-22
|
|
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
|
|
2019-02-22
|
|
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
|
|
2019-02-22
|
|
AirDrop 2.0 - Denial of Service (DoS)
|
|
2019-02-21
|
|
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
|
|
2019-02-21
|
|
ScreenStream 3.0.15 - Denial of Service
|
|
2019-02-21
|
|
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)
|
|
2019-02-21
|
|
RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)
|
|
2019-02-21
|
|
EI-Tube 3 - SQL Injection
|
|
2019-02-21
|
|
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
|
|
2019-02-21
|
|
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection
|
|
2019-02-21
|
|
Memu Play 6.0.7 - Privilege Escalation
|
|
2019-02-21
|
|
Belkin Wemo UPnP - Remote Code Execution (Metasploit)
|
|
2019-02-20
|
|
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
|
|
2019-02-20
|
|
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
|
|
2019-02-20
|
|
FaceTime - Texture Processing Memory Corruption
|
|
2019-02-20
|
|
WinRAR 5.61 - '.lng' Denial of Service
|
|
2019-02-20
|
|
webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection
|
|
2019-02-20
|
|
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
|
|
2019-02-20
|
|
HotelDruid 2.3 - Cross-Site Scripting
|
|
2019-02-20
|
|
Apple macOS 10.13.5 - Local Privilege Escalation
|
|
2019-02-20
|
|
Jenkins - Remote Code Execution
|
|
2019-02-19
|
|
Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection
|
|
2019-02-19
|
|
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
|
|
2019-02-19
|
|
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
|
|
2019-02-19
|
|
eDirectory - SQL Injection
|
|
2019-02-19
|
|
BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)
|
|
2019-02-19
|
|
Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)
|
|
2019-02-19
|
|
Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting
|
|
2019-02-19
|
|
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
|
|
2019-02-19
|
|
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection
|
|
2019-02-19
|
|
NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)
|
|
2019-02-19
|
|
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - File Permissions SYSTEM Privilege Escalation
|
|
2019-02-19
|
|
WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
|
|
2019-02-18
|
|
Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload
|
|
2019-02-18
|
|
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process
|
|
2019-02-18
|
|
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass
|
|
2019-02-18
|
|
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions
|
|
2019-02-18
|
|
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour
|
|
2019-02-18
|
|
Comodo Dome Firewall 2.7.0 - Cross-Site Scripting
|
|
2019-02-18
|
|
ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting
|
|
2019-02-18
|
|
Apache CouchDB 2.3.0 - Cross-Site Scripting
|
|
2019-02-18
|
|
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
|
|
2019-02-18
|
|
M/Monit 3.7.2 - Privilege Escalation
|
|
2019-02-18
|
|
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
|
|
2019-02-18
|
|
CMSsite 1.0 - 'post' SQL Injection
|
|
2019-02-18
|
|
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
|
|
2019-02-18
|
|
Master IP CAM 01 3.3.4.2103 - Remote Command Execution
|
|
2019-02-18
|
|
qdPM 9.1 - 'search[keywords]' Cross-Site Scripting
|
|
2019-02-18
|
|
qdPM 9.1 - 'type' Cross-Site Scripting
|
|
2019-02-18
|
|
macOS - execve(/bin/sh) + Null-Free Shellcode (31 bytes)
|
|
2019-02-18
|
|
macOS - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)
|
|
2019-02-18
|
|
macOS - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
|
|
2019-02-18
|
|
macOS - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)
|
|
2019-02-18
|
|
macOS - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)
|
|
2019-02-18
|
|
mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers
|
|
2019-02-18
|
|
Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)
|
|
2019-02-18
|
|
Realterm Serial Terminal 2.0.0.70 - Denial of Service
|
|
2019-02-18
|
|
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
|
|
2019-02-15
|
|
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
|
|
2019-02-15
|
|
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
|
|
2019-02-15
|
|
Jinja2 2.10 - 'from_string' Server Side Template Injection
|
|
2019-02-15
|
|
VSCO 1.1.1.0 - Denial of Service (PoC)
|
|
2019-02-15
|
|
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
|
|
2019-02-15
|
|
Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)
|
|
2019-02-15
|
|
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
|
|
2019-02-15
|
|
AirMore 1.6.1 - Denial of Service (PoC)
|
|
2019-02-15
|
|
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)
|
|
2019-02-14
|
|
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
|
|
2019-02-14
|
|
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)
|
|
2019-02-14
|
|
WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection
|
|
2019-02-14
|
|
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting
|
|
2019-02-14
|
|
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting
|
|
2019-02-14
|
|
DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting
|
|
2019-02-14
|
|
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting
|
|
2019-02-14
|
|
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
|
|
2019-02-14
|
|
Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)
|
|
2019-02-14
|
|
exacqVision ESM 5.12.2 - Privilege Escalation
|
|
2019-02-14
|
|
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
|
|
2019-02-14
|
|
PilusCart 1.4.1 - 'send' SQL Injection
|
|
2019-02-13
|
|
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
|
|
2019-02-13
|
|
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting
|
|
2019-02-13
|
|
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
|
|
2019-02-13
|
|
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)
|
|
2019-02-13
|
|
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
|
|
2019-02-13
|
|
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)
|
|
2019-02-13
|
|
snapd < 2.37.0 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
|
|
2019-02-13
|
|
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
|
|
2019-02-12
|
|
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
|
|
2019-02-12
|
|
Android - binder Use-After-Free via fdget() Optimization
|
|
2019-02-12
|
|
runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
|
|
2019-02-12
|
|
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
|
|
2019-02-12
|
|
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
|
|
2019-02-12
|
|
LayerBB 1.1.2 - Cross-Site Scripting
|
|
2019-02-12
|
|
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
|
|
2019-02-12
|
|
OPNsense < 19.1.1 - Cross-Site Scripting
|
|
2019-02-12
|
|
Webiness Inventory 2.3 - 'email' SQL Injection
|
|
2019-02-11
|
|
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
|
|
2019-02-11
|
|
VA MAX 8.3.4 - Authenticated Remote Code Execution
|
|
2019-02-11
|
|
MyBB Bans List 1.0 - Cross-Site Scripting
|
|
2019-02-11
|
|
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
|
|
2019-02-11
|
|
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
|
|
2019-02-11
|
|
IPFire 2.21 - Cross-Site Scripting
|
|
2019-02-11
|
|
NordVPN 6.19.6 - Denial of Service (PoC)
|
|
2019-02-11
|
|
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
|
|
2019-02-11
|
|
Evince - CBT File Command Injection (Metasploit)
|
|
2019-02-11
|
|
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
|
|
2019-02-11
|
|
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
|
|
2019-02-11
|
|
FutureDj Pro 1.7.2.0 - Denial of Service
|
|
2019-02-11
|
|
AirDroid 4.2.1.6 - Denial of Service
|
|
2019-02-11
|
|
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
|
|
2019-02-11
|
|
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
|
|
2019-02-11
|
|
IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
|
|
2019-02-11
|
|
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
|
|
2019-02-11
|
|
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
|
|
2019-02-06
|
|
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
|
|
2019-02-06
|
|
osCommerce 2.3.4.1 - 'reviews_id' SQL Injection
|
|
2019-02-06
|
|
osCommerce 2.3.4.1 - 'products_id' SQL Injection
|
|
2019-02-06
|
|
osCommerce 2.3.4.1 - 'currency' SQL Injection
|
|
2019-02-06
|
|
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
|
|
2019-02-05
|
|
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
|
|
2019-02-05
|
|
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
|
|
2019-02-05
|
|
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
|
|
2019-02-05
|
|
Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)
|
|
2019-02-05
|
|
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
|
|
2019-02-05
|
|
Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
|
|
2019-02-05
|
|
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
|
|
2019-02-05
|
|
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
|
|
2019-02-05
|
|
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
|
|
2019-02-05
|
|
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
|
|
2019-02-05
|
|
pfSense 2.4.4-p1 - Cross-Site Scripting
|
|
2019-02-05
|
|
Nessus 8.2.1 - Cross-Site Scripting
|
|
2019-02-05
|
|
TaskInfo 8.2.0.280 - Denial of Service (PoC)
|
|
2019-02-05
|
|
SpotAuditor 3.6.7 - Denial of Service (PoC)
|
|
2019-02-05
|
|
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
|
|
2019-02-05
|
|
SuiteCRM 7.10.7 - 'record' SQL Injection
|
|
2019-02-05
|
|
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
|
|
2019-02-05
|
|
MyVideoConverter Pro 3.14 - Denial of Service
|
|
2019-02-05
|
|
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
|
|
2019-02-05
|
|
LibSSH 0.7.6 / 0.8.4 - Unauthorized Access
|
|
2019-02-05
|
|
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
|
|
2019-02-05
|
|
Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)
|
|
2019-02-05
|
|
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)
|
|
2019-02-05
|
|
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
|
|
2019-02-05
|
|
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
|
|
2019-02-05
|
|
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
|
|
2019-02-05
|
|
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
|
|
2019-02-05
|
|
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
|
|
2019-02-05
|
|
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
|
|
2019-02-05
|
|
LanHelper 1.74 - Denial of Service (PoC)
|
|
2019-02-05
|
|
FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)
|
|
2019-02-05
|
|
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
|
|
2019-02-05
|
|
AMAC Address Change 5.4 - Denial of Service (PoC)
|
|
2019-02-05
|
|
Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)
|
|
2019-02-05
|
|
UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)
|
|
2019-02-05
|
|
Anyburn 4.3 - 'Convert image to file format' Denial of Service
|
|
2019-02-05
|
|
R 3.5.0 - Local Buffer Overflow (SEH)
|
|
2019-02-05
|
|
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)
|
|
2019-02-05
|
|
IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)
|
|
2019-02-05
|
|
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
|
|
2019-02-05
|
|
Advanced File Manager 3.4.1 - Denial of Service (PoC)
|
|
2019-02-05
|
|
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)
|
|
2019-02-05
|
|
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection
|
|
2019-02-05
|
|
Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)
|
|
2019-02-05
|
|
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
|
|
2019-02-05
|
|
MiniUPnPd 2.1 - Out-of-Bounds Read
|
|
2019-02-05
|
|
Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)
|
|
2019-02-05
|
|
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
|
|
2019-02-05
|
|
Linux/x86 - execve() - Terminal Calculator (bc) Shellcode (53 bytes)
|
|
2019-02-05
|
|
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
|
|
2019-02-05
|
|
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
|
|
2019-02-05
|
|
Smart VPN 1.1.3.0 - Denial of Service (PoC)
|
|
2019-02-05
|
|
Mess Management System 1.0 - SQL Injection
|
|
2019-02-05
|
|
Teameyo Project Management System 1.0 - SQL Injection
|
|
2019-02-05
|
|
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
|
|
2019-02-05
|
|
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
|
|
2019-02-05
|
|
BEWARD Intercom 2.3.1 - Credentials Disclosure
|
|
2019-02-05
|
|
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
|
|
2019-02-05
|
|
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
|
|
2019-02-05
|
|
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
|
|
2019-02-05
|
|
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
|
|
2019-02-05
|
|
Cisco RV300 / RV320 - Information Disclosure
|
|
2019-02-05
|
|
Sricam gSOAP 2.8 - Denial of Service
|
|
2019-02-05
|
|
CMSsite 1.0 - 'search' SQL Injection
|
|
2019-02-05
|
|
CMSsite 1.0 - 'cat_id' SQL Injection
|
|
2019-02-05
|
|
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
|
|
2019-02-05
|
|
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
|
|
2019-02-05
|
|
Linux/x86 - exit(0) Shellcode (5 bytes)
|
|
2019-02-05
|
|
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
|
|
2019-02-05
|
|
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
|
|
2019-02-05
|
|
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
|
|
2019-02-05
|
|
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
|
|
2019-02-05
|
|
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
|
|
2019-02-05
|
|
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
|
|
2019-02-05
|
|
MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation
|
|
2019-02-05
|
|
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
|
|
2019-02-05
|
|
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
|
|
2019-02-05
|
|
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
|
|
2019-02-05
|
|
GreenCMS 2.x - Arbitrary File Download
|
|
2019-02-05
|
|
GreenCMS 2.x - SQL Injection
|
|
2019-02-05
|
|
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
|
|
2019-02-05
|
|
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
|
|
2019-02-05
|
|
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
|
|
2019-02-05
|
|
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
|
|
2019-02-05
|
|
ImpressCMS 1.3.11 - 'bid' SQL Injection
|
|
2019-02-05
|
|
Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
|
|
2019-02-05
|
|
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
|
|
2019-02-05
|
|
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
|
|
2019-02-05
|
|
SimplePress CMS 1.0.7 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection
|
|
2019-02-05
|
|
Joomla! Component VMap 1.9.6 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component vRestaurant 1.9.4 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component vReview 1.9.11 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection
|
|
2019-02-05
|
|
Joomla! Component vWishlist 1.0.1 - SQL Injection
|
|
2019-02-05
|
|
Joomla! Component vBizz 1.0.7 - Remote Code Execution
|
|
2019-01-23
|
|
Joomla! Component vBizz 1.0.7 - SQL Injection
|
|
2019-01-23
|
|
Microsoft Windows CONTACT - HTML Injection / Remote Code Execution
|
|
2019-01-23
|
|
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
|
|
2019-01-23
|
|
Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution
|
|
2019-01-22
|
|
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
|
|
2019-01-22
|
|
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
|
|
2019-01-22
|
|
Adianti Framework 5.5.0 - SQL Injection
|
|
2019-01-22
|
|
Echo Mirage 3.1 - Buffer Overflow (PoC)
|
|
2019-01-22
|
|
GattLib 0.2 - Stack Buffer Overflow
|
|
2019-01-22
|
|
PHP Uber-style GeoTracking 1.1 - SQL Injection
|
|
2019-01-22
|
|
PHP Dashboards NEW 5.8 - Local File Inclusion
|
|
2019-01-22
|
|
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
|
|
2019-01-22
|
|
MoneyFlux 1.0 - 'id' SQL Injection
|
|
2019-01-22
|
|
Reservic 1.0 - 'id' SQL Injection
|
|
2019-01-22
|
|
Coman 1.0 - 'id' SQL Injection
|
|
2019-01-22
|
|
Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
|
|
2019-01-22
|
|
Kepler Wallpaper Script 1.1 - SQL Injection
|
|
2019-01-22
|
|
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InitClass' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
|
|
2019-01-18
|
|
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
|
|
2019-01-18
|
|
Webmin 1.900 - Remote Command Execution (Metasploit)
|
|
2019-01-18
|
|
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
|
|
2019-01-18
|
|
FastTube 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
7 Tik 1.0.1.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Eco Search 1.0.2.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
One Search 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
Watchr 1.1.0.0 - Denial of Service (PoC)
|
|
2019-01-18
|
|
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
|
|
2019-01-18
|
|
phpTransformer 2016.9 - Directory Traversal
|
|
2019-01-18
|
|
phpTransformer 2016.9 - SQL Injection
|
|
2019-01-18
|
|
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
|
|
2019-01-18
|
|
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
|
|
2019-01-17
|
|
Microsoft Windows CONTACT - Remote Code Execution
|
|
2019-01-17
|
|
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
|
|
2019-01-17
|
|
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
|
|
2019-01-16
|
|
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
|
|
2019-01-16
|
|
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
|
|
2019-01-16
|
|
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
|
|
2019-01-16
|
|
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
|
|
2019-01-16
|
|
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
|
|
2019-01-16
|
|
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
|
|
2019-01-16
|
|
GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
|
|
2019-01-16
|
|
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
|
|
2019-01-16
|
|
doorGets CMS 7.0 - Arbitrary File Download
|
|
2019-01-16
|
|
Roxy Fileman 1.4.5 - Arbitrary File Download
|
|
2019-01-16
|
|
FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
|
|
2019-01-16
|
|
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
|
|
2019-01-16
|
|
Windows Debugging 101
|
|
2019-01-15
|
|
[Portuguese] Reverse Engineering 101 using Radare2
|
|
2019-01-15
|
|
Windows Privilege Escalations
|
|
2019-01-15
|
|
An Internal Pentest Audit Against Active Directory
|
|
2019-01-15
|
|
PHP Source Code Analysis
|
|
2019-01-15
|
|
PoC || GTFO 0x16
|
|
2019-01-15
|
|
PoC || GTFO 0x15
|
|
2019-01-15
|
|
PoC || GTFO 0x14
|
|
2019-01-15
|
|
PoC || GTFO 0x13
|
|
2019-01-15
|
|
PoC || GTFO 0x12
|
|
2019-01-15
|
|
PoC || GTFO 0x11
|
|
2019-01-15
|
|
PoC || GTFO 0x10
|
|
2019-01-15
|
|
ownDMS 4.7 - SQL Injection
|
|
2019-01-15
|
|
Microsoft Windows VCF - Remote Code Execution
|
|
2019-01-15
|
|
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)
|
|
2019-01-15
|
|
1Password < 7.0 - Denial of Service
|
|
2019-01-15
|
|
AudioCode 400HD - Command Injection
|
|
2019-01-14
|
|
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
|
|
2019-01-14
|
|
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
|
|
2019-01-14
|
|
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
|
|
2019-01-14
|
|
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
|
|
2019-01-14
|
|
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
|
|
2019-01-14
|
|
Job Portal Platform 1.0 - SQL Injection
|
|
2019-01-14
|
|
Real Estate Custom Script 2.0 - SQL Injection
|
|
2019-01-14
|
|
ThinkPHP 5.X - Remote Command Execution
|
|
2019-01-14
|
|
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
|
|
2019-01-14
|
|
HealthNode Hospital Management System 1.0 - SQL Injection
|
|
2019-01-14
|
|
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
|
|
2019-01-14
|
|
Cleanto 5.0 - SQL Injection
|
|
2019-01-14
|
|
Find a Place CMS Directory 1.5 - SQL Injection
|
|
2019-01-14
|
|
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
|
|
2019-01-14
|
|
Hootoo HT-05 - Remote Code Execution (Metasploit)
|
|
2019-01-14
|
|
xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
|
|
2019-01-14
|
|
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
|
|
2019-01-14
|
|
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - SQL Injection
|
|
2019-01-14
|
|
Modern POS 1.3 - Arbitrary File Download
|
|
2019-01-14
|
|
Horde Imp - 'imap_open' Remote Command Execution
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - SQL Injection
|
|
2019-01-14
|
|
i-doit CMDB 1.12 - Arbitrary File Download
|
|
2019-01-14
|
|
Across DR-810 ROM-0 - Backup File Disclosure
|
|
2019-01-14
|
|
Luminance Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Blob Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Liquid Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Pixel Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Paint Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Tree Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Selfie Studio 2.17 - Denial of Service (PoC)
|
|
2019-01-11
|
|
Windows/x86 - Download With Tftp And Execute Shellcode (51-60 bytes)(msvcrt.system)(Generator)
|
|
2019-01-11
|
|
Joomla! Component JoomCRM 1.1.1 - SQL Injection
|
|
2019-01-11
|
|
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
|
|
2019-01-11
|
|
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
|
|
2019-01-11
|
|
Adapt Inventory Management System 1.0 - SQL Injection
|
|
2019-01-11
|
|
OpenSource ERP 6.3.1. - SQL Injection
|
|
2019-01-10
|
|
eBrigade ERP 4.5 - SQL Injection
|
|
2019-01-10
|
|
Event Locations 1.0.1 - 'id' SQL Injection
|
|
2019-01-10
|
|
Event Calendar 3.7.4 - 'id' SQL Injection
|
|
2019-01-10
|
|
MLMPro 1.0 - SQL Injection
|
|
2019-01-10
|
|
Architectural 1.0 - 'email' SQL Injection
|
|
2019-01-10
|
|
Shield CMS 2.2 - 'email' SQL Injection
|
|
2019-01-10
|
|
doitX 1.0 - 'search' SQL Injection
|
|
2019-01-10
|
|
Matrix MLM Script 1.0 - Information Disclosure
|
|
2019-01-10
|
|
eBrigade ERP 4.5 - Arbitrary File Download
|
|
2019-01-10
|
|
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
|
|
2019-01-10
|
|
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
|
|
2019-01-10
|
|
BlogEngine 3.3 - XML External Entity Injection
|
|
2019-01-09
|
|
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
|
|
2019-01-09
|
|
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
|
|
2019-01-09
|
|
Linux/x86 - wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)
|
|
2019-01-09
|
|
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
|
|
2019-01-09
|
|
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
|
|
2019-01-09
|
|
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
|
|
2019-01-09
|
|
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
|
|
2019-01-09
|
|
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
|
|
2019-01-09
|
|
MDwiki < 0.6.2 - Cross-Site Scripting
|
|
2019-01-09
|
|
Wireshark - 'get_t61_string' Heap Out-of-Bounds Read
|
|
2019-01-08
|
|
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection
|
|
2019-01-08
|
|
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
|
|
2019-01-08
|
|
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
|
|
2019-01-07
|
|
Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
|
|
2019-01-07
|
|
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
|
|
2019-01-07
|
|
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery
|
|
2019-01-07
|
|
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
|
|
2019-01-07
|
|
SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)
|
|
2019-01-07
|
|
BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)
|
|
2019-01-07
|
|
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
|
|
2019-01-07
|
|
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
|
|
2019-01-07
|
|
MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection
|
|
2019-01-07
|
|
Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
|
|
2019-01-07
|
|
phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting
|
|
2019-01-07
|
|
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
|
|
2019-01-07
|
|
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
LayerBB 1.1.1 - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
|
|
2019-01-07
|
|
All in One Video Downloader 1.2 - Authenticated SQL Injection
|
|
2019-01-07
|
|
Embed Video Scripts - Persistent Cross-Site Scripting
|
|
2019-01-07
|
|
Mailcleaner - Authenticated Remote Code Execution (Metasploit)
|
|
2019-01-07
|
|
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
|
|
2019-01-02
|
|
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
|
|
2019-01-02
|
|
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
|
|
2019-01-02
|
|
WebKit JSC - 'AbstractValue::set' Use-After-Free
|
|
2019-01-02
|
|
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
|
|
2019-01-02
|
|
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
|
|
2019-01-02
|
|
EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
|
|
2019-01-02
|
|
Frog CMS 0.9.5 - Cross-Site Scripting
|
|
2019-01-02
|
|
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
|
|
2019-01-02
|
|
Vtiger CRM 7.1.0 - Remote Code Execution
|
|
2019-01-02
|
|
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
|
|
2019-01-02
|
|
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability
|
|
2018-12-27
|
|
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
bludit Pages Editor 3.0.0 - Arbitrary File Upload Vulnerability
|
|
2018-12-27
|
|
Craft CMS 3.0.25 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
ShareAlarmPro 2.1.4 - Denial of Service Exploit
|
|
2018-12-27
|
|
NetShareWatcher 1.5.8 - Denial of Service Exploit
|
|
2018-12-27
|
|
Product Key Explorer 4.0.9 - Denial of Service Exploit
|
|
2018-12-27
|
|
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability
|
|
2018-12-27
|
|
WordPress Baggage Freight Shipping Australia 0.1.0 Plugin - Arbitrary File Upload
|
|
2018-12-27
|
|
Iperius Backup 5.8.1 - Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
|
|
2018-12-27
|
|
Linux/x86 - Kill All Processes Shellcode (14 bytes)
|
|
2018-12-27
|
|
Google Chrome 70 - SQLite Magellan Crash Exploit
|
|
2018-12-27
|
|
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Copy/Read Exploit
|
|
2018-12-27
|
|
FrontAccounting 2.4.5 - SubmitUser SQL Injection Vulnerability
|
|
2018-12-27
|
|
WSTMart 2.0.8 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-12-27
|
|
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability
|
|
2018-12-27
|
|
Kubernetes - (Unauthenticated) Arbitrary Requests Exploit
|
|
2018-12-27
|
|
Kubernetes - (Authenticated) Arbitrary Requests Exploit
|
|
2018-12-27
|
|
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit
|
|
2018-12-27
|
|
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit
|
|
2018-12-27
|
|
Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit
|
|
2018-12-27
|
|
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit
|
|
2018-12-27
|
|
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability
|
|
2018-12-27
|
|
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) Vulnerability
|
|
2018-12-27
|
|
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit
|
|
2018-12-27
|
|
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit
|
|
2018-12-27
|
|
VBScript - MSXML Execution Policy Bypass Exploit
|
|
2018-12-27
|
|
VBScript - VbsErase Reference Leak Use-After-Free Exploit
|
|
2018-12-27
|
|
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution Exploit
|
|
2018-12-27
|
|
AnyBurn 4.3 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Exploit
|
|
2018-12-27
|
|
Netatalk < 3.1.12 - Authentication Bypass Exploit
|
|
2018-12-27
|
|
SQLScan 1.0 - Denial of Service Exploit
|
|
2018-12-27
|
|
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit
|
|
2018-12-27
|
|
IBM Operational Decision Manager 8.x - XML External Entity Injection
|
|
2018-12-27
|
|
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure Exploit
|
|
2018-12-27
|
|
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Exploit
|
|
2018-12-27
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit
|
|
2018-12-27
|
|
Yeswiki Cercopitheque - id SQL Injection Vulnerability
|
|
2018-12-27
|
|
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
Integria IMS 5.0.83 - search_string Cross-Site Scripting Vulnerability
|
|
2018-12-27
|
|
Integria IMS 5.0.83 - Cross-Site Request Forgery Vulnerability
|
|
2018-12-27
|
|
Hotel Booking Script 3.4 - CSRF (Change Admin Password) Vulnerability
|
|
2018-12-27
|
|
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit
|
|
2018-12-27
|
|
Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit
|
|
2018-12-27
|
|
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit
|
|
2018-12-27
|
|
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit
|
|
2018-12-27
|
|
SDL Web Content Manager 8.5.0 - XML External Entity Injection Vulnerability
|
|
2018-12-27
|
|
PDF Explorer 1.5.66.2 - SEH Local Exploit
|
|
2018-12-27
|
|
GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit
|
|
2018-12-27
|
|
Windows Persistent Service Installer Exploit
|
|
2018-12-27
|
|
Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability
|
|
2018-12-27
|
|
Razer Cortex Debugger Remote Command Execution Vulnerability
|
|
2018-12-27
|
|
KARMA 6.0.0 SQL Injection Vulnerability
|
|
2018-12-27
|
|
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal Vulnerabilities
|
|
2018-12-27
|
|
ShareAlarmPro 2.1.4 - Denial of Service (PoC)
|
|
2018-12-27
|
|
NetShareWatcher 1.5.8 - Denial of Service (PoC)
|
|
2018-12-27
|
|
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
bludit Pages Editor 3.0.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
Iperius Backup 5.8.1 - Buffer Overflow (SEH)
|
|
2018-12-27
|
|
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)
|
|
2018-12-27
|
|
Product Key Explorer 4.0.9 - Denial of Service (PoC)
|
|
2018-12-27
|
|
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)
|
|
2018-12-27
|
|
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
|
|
2018-12-27
|
|
Craft CMS 3.0.25 - Cross-Site Scripting
|
|
2018-12-27
|
|
Kubernetes - (Authenticated) Arbitrary Requests
|
|
2018-12-24
|
|
Kubernetes - (Unauthenticated) Arbitrary Requests
|
|
2018-12-24
|
|
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
|
|
2018-12-24
|
|
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
|
|
2018-12-24
|
|
Netatalk - Bypass Authentication
|
|
2018-12-24
|
|
Searching systematically for PHP disable_functions bypasses
|
|
2018-12-24
|
|
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
|
|
2018-12-24
|
|
Pure In-Memory (Shell)Code Injection In Linux Userland
|
|
2018-12-24
|
|
Google Chrome 70 - SQLite Magellan Crash (PoC)
|
|
2018-12-24
|
|
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
|
|
2018-12-24
|
|
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
|
|
2018-12-24
|
|
Linux/x86 - Kill All Processes Shellcode (14 bytes)
|
|
2018-12-24
|
|
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
|
|
2018-12-24
|
|
FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection
|
|
2018-12-24
|
|
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
|
|
2018-12-24
|
|
WSTMart 2.0.8 - Cross-Site Scripting
|
|
2018-12-24
|
|
Netatalk < 3.1.12 - Authentication Bypass
|
|
2018-12-21
|
|
SQLScan 1.0 - Denial of Service (PoC)
|
|
2018-12-21
|
|
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
|
|
2018-12-21
|
|
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
|
|
2018-12-21
|
|
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
|
|
2018-12-21
|
|
AnyBurn 4.3 - Local Buffer Overflow (SEH)
|
|
2018-12-21
|
|
Erlang - Port Mapper Daemon Cookie RCE (Metasploit)
|
|
2018-12-20
|
|
VBScript - MSXML Execution Policy Bypass
|
|
2018-12-20
|
|
VBScript - VbsErase Reference Leak Use-After-Free
|
|
2018-12-20
|
|
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
|
|
2018-12-20
|
|
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
|
|
2018-12-20
|
|
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
|
|
2018-12-20
|
|
IBM Operational Decision Manager 8.x - XML External Entity Injection
|
|
2018-12-19
|
|
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)
|
|
2018-12-19
|
|
Yeswiki Cercopitheque - 'id' SQL Injection
|
|
2018-12-19
|
|
Bolt CMS < 3.6.2 - Cross-Site Scripting
|
|
2018-12-19
|
|
Integria IMS 5.0.83 - Cross-Site Request Forgery
|
|
2018-12-19
|
|
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
|
|
2018-12-19
|
|
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
|
|
2018-12-19
|
|
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
|
|
2018-12-19
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow
|
|
2018-12-19
|
|
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
|
|
2018-12-19
|
|
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
|
|
2018-12-19
|
|
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
|
|
2018-12-19
|
|
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow
|
|
2018-12-18
|
|
MegaPing - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
|
|
2018-12-18
|
|
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
|
|
2018-12-18
|
|
SDL Web Content Manager 8.5.0 - XML External Entity Injection
|
|
2018-12-18
|
|
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
|
|
2018-12-18
|
|
PassFab RAR Password Recovery SEH Local Exploit
|
|
2018-12-18
|
|
Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability
|
|
2018-12-18
|
|
MegaPing Denial of Service Exploit
|
|
2018-12-18
|
|
Excel Password Recovery Professional Denial of Service Exploit
|
|
2018-12-18
|
|
AnyBurn Local Buffer Overflow Exploit
|
|
2018-12-18
|
|
Nsauditor Local SEH Buffer Overflow Exploit
|
|
2018-12-18
|
|
Safari - Proxy Object Type Confusion Exploit
|
|
2018-12-18
|
|
Cisco RV110W - Password Disclosure / Command Execution Exploit
|
|
2018-12-18
|
|
Huawei Router HG532e - Command Execution Exploit
|
|
2018-12-18
|
|
Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Vulnerability
|
|
2018-12-18
|
|
Facebook And Google Reviews System For Businesses - CSRF (Change Admin Password)
|
|
2018-12-18
|
|
Angry IP Scanner 3.5.3 - Denial of Service Exploit
|
|
2018-12-18
|
|
UltraISO 9.7.1.3519 - Output FileName Denial of Service
|
|
2018-12-18
|
|
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow Exploit
|
|
2018-12-18
|
|
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
|
|
2018-12-18
|
|
GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)
|
|
2018-12-17
|
|
Safari - Proxy Object Type Confusion (Metasploit)
|
|
2018-12-16
|
|
Double Your Bitcoin Script Automatic - Authentication Bypass
|
|
2018-12-16
|
|
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
|
|
2018-12-16
|
|
Angry IP Scanner 3.5.3 - Denial of Service (PoC)
|
|
2018-12-16
|
|
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
|
|
2018-12-16
|
|
Huawei Router HG532e - Command Execution
|
|
2018-12-16
|
|
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
|
|
2018-12-16
|
|
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
|
|
2018-12-16
|
|
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
|
|
2018-12-16
|
|
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
|
|
2018-12-16
|
|
Cisco RV110W - Password Disclosure / Command Execution
|
|
2018-12-16
|
|
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
|
|
2018-12-16
|
|
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains
|
|
2018-12-16
|
|
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
|
|
2018-12-16
|
|
Linux/x86 - Bind (1337/TCP) Ncat (/usr/bin/ncat) Shell (/bin/bash) + Null-Free Shellcode (95 bytes)
|
|
2018-12-16
|
|
Adobe ColdFusion 2018 - Arbitrary File Upload
|
|
2018-12-16
|
|
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution
|
|
2018-12-16
|
|
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
|
|
2018-12-16
|
|
HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection
|
|
2018-12-16
|
|
Apache OFBiz 16.11.05 - Cross-Site Scripting
|
|
2018-12-16
|
|
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting
|
|
2018-12-16
|
|
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
|
|
2018-12-16
|
|
ZTE ZXHN H168N - Improper Access Restrictions
|
|
2018-12-16
|
|
Huawei B315s-22 - Information Leak
|
|
2018-12-16
|
|
TP-Link wireless router Archer C1200 - Cross-Site Scripting
|
|
2018-12-16
|
|
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
|
|
2018-12-16
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
|
|
2018-12-16
|
|
DomainMOD 4.11.01 - Cross-Site Scripting
|
|
2018-12-16
|
|
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
|
|
2018-12-16
|
|
PrestaShop 1.6.x/1.7.x - Remote Code Execution
|
|
2018-12-16
|
|
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
|
|
2018-12-16
|
|
Tourism Website Blog - Remote Code Execution / SQL Injection
|
|
2018-12-16
|
|
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
|
|
2018-12-16
|
|
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
|
|
2018-12-16
|
|
Windows UAC Protection Bypass Exploit
|
|
2018-12-13
|
|
Linux - userfaultfd Bypasses tmpfs File Permissions Exploit
|
|
2018-12-13
|
|
WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit
|
|
2018-12-13
|
|
CyberLink LabelPrint 2.5 - Stack Buffer Overflow Exploit
|
|
2018-12-13
|
|
MixPad v4.40 - Unicode Buffer Overflow Exploit
|
|
2018-12-13
|
|
WordPress Snap Creek Duplicator Code Injection Exploit
|
|
2018-12-13
|
|
PrestaShop 1.6.x/1.7.x - Remote Code Execution Exploit
|
|
2018-12-12
|
|
ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Vulnerability
|
|
2018-12-12
|
|
Tourism Website Blog - Remote Code Execution / SQL Injection Vulnerabilities
|
|
2018-12-12
|
|
Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)
|
|
2018-12-12
|
|
Adobe ColdFusion 2018 - Arbitrary File Upload Vulnerability
|
|
2018-12-12
|
|
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation Vulnerability
|
|
2018-12-12
|
|
HotelDruid 2.3.0 - id_utente_mod SQL Injection Vulnerability
|
|
2018-12-12
|
|
WordPress AutoSuggest 0.24 Plugin - wpas_keys SQL Injection Vulnerability
|
|
2018-12-12
|
|
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Vulnerabilities
|
|
2018-12-12
|
|
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure Vulnerabilities
|
|
2018-12-12
|
|
IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Huawei B315s-22 - Information Leak Vulnerability
|
|
2018-12-12
|
|
TP-Link wireless router Archer C1200 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Apache OFBiz 16.11.05 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Vulnerability
|
|
2018-12-12
|
|
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit
|
|
2018-12-12
|
|
SmartFTP Client 9.0.2623.0 - Denial of Service Exploit
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass Vulnerability
|
|
2018-12-12
|
|
XNU POSIX Shared Memory Mapping Issue Exploit
|
|
2018-12-12
|
|
Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle Vulnerability
|
|
2018-12-12
|
|
Textpad 8.1.2 - Denial Of Service Exploit
|
|
2018-12-12
|
|
i-doit CMDB 1.11.2 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
FutureNet NXR-G240 Series ShellShock Command Injection Exploit
|
|
2018-12-12
|
|
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
|
|
2018-12-12
|
|
macOS 10.14.1 Carbon Core Memory corruption Vulnerability
|
|
2018-12-12
|
|
Chrome V8 Math.expm1 Incorrect Type Information Vulnerability
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A Cross Site Scripting Vulnerability
|
|
2018-12-12
|
|
HasanMWB 1.0 - SQL Injection Vulnerability
|
|
2018-12-12
|
|
CubeCart 6.2.2 Cross Site Scripting Vulnerability
|
|
2018-12-12
|
|
FreshRSS 1.11.1 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Wireshark - cdma2k_message_ACTIVE_SET_RECORD_FIELDS Stack Corruption Vulnerability
|
|
2018-12-12
|
|
Wireshark - find_signature Heap Out-of-Bounds Read Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Registrar Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit
|
|
2018-12-12
|
|
HP Intelligent Management Java Deserialization Remote Code Execution Exploit
|
|
2018-12-12
|
|
Emacs - movemail Privilege Escalation Exploit
|
|
2018-12-12
|
|
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Exploit
|
|
2018-12-12
|
|
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
|
|
2018-12-12
|
|
Xorg X11 Server (AIX) - Local Privilege Escalation Exploit
|
|
2018-12-12
|
|
OpenSSH < 7.7 - User Enumeration Exploit (2)
|
|
2018-12-12
|
|
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Vulnerability
|
|
2018-12-12
|
|
Apache Superset 0.23 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
Wordpress Advanced-Custom-Fields 5.7.7 Plugins - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
Joomla JE Photo Gallery 1.1 Component - categoryid SQL Injection Exploit
|
|
2018-12-12
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Exploit
|
|
2018-12-12
|
|
Budabot 4.0 - Denial of Service Exploit
|
|
2018-12-12
|
|
Mozilla Firefox 63.0.1 - Denial of Service Exploit
|
|
2018-12-12
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Vulnerability
|
|
2018-12-12
|
|
CyberArk 9.7 - Memory Disclosure Exploit
|
|
2018-12-12
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit
|
|
2018-12-12
|
|
KeyBase Botnet v1.5 - SQL Injection Vulnerability
|
|
2018-12-12
|
|
Tarantella Enterprise Security Bypass Vulnerability
|
|
2018-12-12
|
|
Tarantella Enterprise Directory Traversal Vulnerability
|
|
2018-12-12
|
|
ATool 1.0.0.22 Stack Buffer Overflow Vulnerability
|
|
2018-12-12
|
|
Apache Spark - Unauthenticated Command Execution Exploit
|
|
2018-12-12
|
|
KPOT Botnet - File Download/Source Code Disclosure Vulnerability
|
|
2018-12-12
|
|
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer Exploit
|
|
2018-12-12
|
|
xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit
|
|
2018-12-12
|
|
HTML5 Video Player 1.2.5 - Buffer Overflow Exploit
|
|
2018-12-12
|
|
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass Vulnerability
|
|
2018-12-12
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass Exploit
|
|
2018-12-12
|
|
Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability
|
|
2018-12-12
|
|
knc (Kerberized NetCat) Denial Of Service Exploit
|
|
2018-12-12
|
|
Microsoft VBScript rtFilter Out-Of-Bounds Read Exploit
|
|
2018-12-12
|
|
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
|
|
2018-12-12
|
|
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
|
|
2018-12-09
|
|
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
|
|
2018-12-09
|
|
i-doit CMDB 1.11.2 - Remote Code Execution
|
|
2018-12-09
|
|
Textpad 8.1.2 - Denial Of Service (PoC)
|
|
2018-12-09
|
|
HasanMWB 1.0 - SQL Injection
|
|
2018-12-08
|
|
FreshRSS 1.11.1 - Cross-Site Scripting
|
|
2018-12-08
|
|
Emacs - movemail Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
HP Intelligent Management - Java Deserialization RCE (Metasploit)
|
|
2018-12-08
|
|
Wireshark - 'find_signature' Heap Out-of-Bounds Read
|
|
2018-12-08
|
|
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
|
|
2018-12-08
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
|
|
2018-12-08
|
|
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
|
|
2018-12-08
|
|
KeyBase Botnet 1.5 - SQL Injection
|
|
2018-12-08
|
|
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
|
|
2018-12-08
|
|
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
|
|
2018-12-08
|
|
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
|
|
2018-12-08
|
|
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
|
|
2018-12-08
|
|
OpenSSH < 7.7 - User Enumeration (2)
|
|
2018-12-08
|
|
Xorg X11 Server (AIX) - Local Privilege Escalation
|
|
2018-12-08
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
|
|
2018-12-08
|
|
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
|
|
2018-12-08
|
|
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
|
|
2018-12-08
|
|
Budabot 4.0 - Denial of Service (PoC)
|
|
2018-12-08
|
|
Apache Superset < 0.23 - Remote Code Execution
|
|
2018-12-08
|
|
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
|
|
2018-12-08
|
|
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
|
|
2018-12-08
|
|
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
|
|
2018-12-08
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
|
|
2018-12-08
|
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
|
|
2018-12-08
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
|
|
2018-12-08
|
|
CyberArk 9.7 - Memory Disclosure
|
|
2018-12-08
|
|
Apache Spark - Unauthenticated Command Execution (Metasploit)
|
|
2018-12-08
|
|
VBScript - 'rtFilter' Out-of-Bounds Read
|
|
2018-12-08
|
|
VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free
|
|
2018-12-08
|
|
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
|
|
2018-12-08
|
|
HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)
|
|
2018-12-08
|
|
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
|
|
2018-12-08
|
|
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer
|
|
2018-12-08
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass
|
|
2018-12-08
|
|
TeamCity Agent - XML-RPC Command Execution (Metasploit)
|
|
2018-12-08
|
|
Mac OS X - libxpc MITM Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
PHP imap_open - Remote Code Execution (Metasploit)
|
|
2018-12-08
|
|
Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)
|
|
2018-12-08
|
|
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object
|
|
2018-12-08
|
|
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
|
|
2018-12-08
|
|
WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
|
|
2018-12-08
|
|
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
|
|
2018-12-08
|
|
Xorg X11 Server - SUID privilege escalation (Metasploit)
|
|
2018-12-08
|
|
WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit
|
|
2018-12-01
|
|
WebKit JSC JIT - ByteCodeParser::handleIntrinsicCall Type Confusion Exploit
|
|
2018-12-01
|
|
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Exploit
|
|
2018-12-01
|
|
TeamCity Agent XML-RPC Command Execution Exploit
|
|
2018-12-01
|
|
PHP imap_open Remote Code Execution Exploit
|
|
2018-12-01
|
|
Mac OS X libxpc MITM Privilege Escalation Exploit
|
|
2018-12-01
|
|
Linux Nested User Namespace idmap Limit Local Privilege Escalation Exploit
|
|
2018-12-01
|
|
Unitrends Enterprise Backup bpserverd Privilege Escalation Exploit
|
|
2018-12-01
|
|
Cisco WebEx Meetings Privilege Escalation Vulnerability
|
|
2018-12-01
|
|
SonarSource SonarQube 7.3 Information Disclosure Vulnerability
|
|
2018-12-01
|
|
Avahi 0.7 Denial Of Service Vulnerability
|
|
2018-12-01
|
|
BMC Remedy 7.1 User Impersonation Vulnerability
|
|
2018-12-01
|
|
Netgear Unauthenticated Remote Command Execution Exploit
|
|
2018-12-01
|
|
phpMyAdmin 4.8.1 Authenticated Local File Inclusion Vulnerability
|
|
2018-12-01
|
|
ELBA5 5.8.0 - Remote Code Execution Exploit
|
|
2018-12-01
|
|
Arm Whois 3.11 - Buffer Overflow (ASLR) Exploit
|
|
2018-12-01
|
|
Ticketly 1.0 - kind_id SQL Injection Vulnerability
|
|
2018-12-01
|
|
No-Cms 1.0 - order_by SQL Injection Vulnerability
|
|
2018-12-01
|
|
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Vulnerability
|
|
2018-12-01
|
|
MariaDB Client 10.1.26 - Denial of Service Exploit
|
|
2018-12-01
|
|
Arm Whois 3.11 - Buffer Overflow (ASLR)
|
|
2018-11-26
|
|
ELBA5 5.8.0 - Remote Code Execution
|
|
2018-11-26
|
|
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
|
|
2018-11-26
|
|
Wordpress Easy Testimonials 3.2 Plugins - Cross-Site Scripting Vulnerability
|
|
2018-11-26
|
|
No-Cms 1.0 - 'order_by' SQL Injection
|
|
2018-11-26
|
|
Ticketly 1.0 - 'kind_id' SQL Injection
|
|
2018-11-26
|
|
MariaDB Client 10.1.26 - Denial of Service (PoC)
|
|
2018-11-26
|
|
Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
|
|
2018-11-26
|
|
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
|
|
2018-11-26
|
|
Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting Vulnerability
|
|
2018-11-26
|
|
Consona Password Reset Security Bypass Vulnerability
|
|
2018-11-26
|
|
Cory Support 1.0 SQL Injection Vulnerability
|
|
2018-11-26
|
|
Xorg X11 Server SUID Privilege Escalation Exploit
|
|
2018-11-26
|
|
Joomla Admin 3.7.4 Database Disclosure Vulnerability
|
|
2018-11-26
|
|
Joomla MacGallery Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Absolutely Glamorous Custom Admin 6.4.1 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Pods 2.7.9 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
WordPress Universal Post Manager 1.5.0 Database Disclosure Vulnerability
|
|
2018-11-25
|
|
Miss Marple Enterprise Edition File Upload / Hardcoded AES Key Vulnerability
|
|
2018-11-23
|
|
Governikus Autent SDK 3.8.1 Signature Bypass Vulnerability
|
|
2018-11-23
|
|
WordPress CherryFramework Themes 3.1.4 - Backup File Download Vulnerability
|
|
2018-11-23
|
|
WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability
|
|
2018-11-23
|
|
Ticketly 1.0 - name SQL Injection Vulnerability
|
|
2018-11-23
|
|
Richfaces 3.x Remote Code Execution Vulnerability
|
|
2018-11-23
|
|
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit
|
|
2018-11-23
|
|
macOS 10.13 - workq_kernreturn Denial of Service Exploit
|
|
2018-11-23
|
|
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-11-23
|
|
Zoho ManageEngine OpManager 12.3 Cross Site Scripting Vulnerability
|
|
2018-11-23
|
|
ImageMagick - Memory Leak Exploit
|
|
2018-11-23
|
|
Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability
|
|
2018-11-23
|
|
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass Vulnerability
|
|
2018-11-23
|
|
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery Vulnerability
|
|
2018-11-23
|
|
Microsoft Edge Chakra - OP_Memset Type Confusion Exploit
|
|
2018-11-23
|
|
HTML Video Player 1.2.5 - Buffer-Overflow (SEH) Exploit
|
|
2018-11-23
|
|
XMPlay 3.8.3 - .m3u Denial of Service Exploit
|
|
2018-11-23
|
|
Budabot 4.0 Denial Of Service Vulnerability
|
|
2018-11-23
|
|
Helpdezk 1.1.1 - Arbitrary File Upload Vulnerability
|
|
2018-11-23
|
|
DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability
|
|
2018-11-23
|
|
PHP Mass Mail 1.0 - Arbitrary File Upload Vulnerability
|
|
2018-11-23
|
|
2-Plan Team 1.0.4 - Arbitrary File Upload Vulnerability
|
|
2018-11-23
|
|
Simple E-Document 1.31 - username SQL Injection Vulnerability
|
|
2018-11-23
|
|
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Vulnerability
|
|
2018-11-23
|
|
Meneame English Pligg 5.8 - search SQL Injection Vulnerability
|
|
2018-11-23
|
|
EverSync 0.5 - Arbitrary File Download Vulnerability
|
|
2018-11-23
|
|
Galaxy Forces MMORPG 0.5.8 - type SQL Injection Vulnerability
|
|
2018-11-23
|
|
Net-Billetterie 2.9 - login SQL Injection Vulnerability
|
|
2018-11-23
|
|
BitZoom 1.0 - rollno SQL Injection Vulnerability
|
|
2018-11-23
|
|
PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability
|
|
2018-11-23
|
|
Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit
|
|
2018-11-23
|
|
PHP 5.2.3 imap (Debian Based) - imap_open Disable Functions Bypass Vulnerability
|
|
2018-11-23
|
|
Easy Outlook Express Recovery 2.0 - Denial of Service Exploit
|
|
2018-11-23
|
|
Notepad3 1.0.2.350 - Denial of Service Exploit
|
|
2018-11-23
|
|
Mumsoft Easy Software 2.0 - Denial of Service Exploit
|
|
2018-11-23
|
|
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability
|
|
2018-11-23
|
|
Wordpress Ninja Forms 3.3.17 Plugin - Cross-Site Scripting Vulnerability
|
|
2018-11-23
|
|
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-11-23
|
|
Pedidos 1.0 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload Vulnerabilities
|
|
2018-11-23
|
|
Rmedia SMS 1.0 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
Bosch Video Management System 8.0 - Configuration Client Denial of Service Exploit
|
|
2018-11-23
|
|
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability
|
|
2018-11-23
|
|
EdTv 2 - id SQL Injection Vulnerability
|
|
2018-11-23
|
|
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
|
|
2018-11-23
|
|
Helpdezk 1.1.1 - query SQL Injection Vulnerability
|
|
2018-11-23
|
|
iServiceOnline 1.0 - r SQL Injection Vulnerability
|
|
2018-11-23
|
|
SIPve 0.0.2-R19 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
Webiness Inventory 2.3 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
|
|
2018-11-23
|
|
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Vulnerabilities
|
|
2018-11-23
|
|
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Vulnerabilities
|
|
2018-11-23
|
|
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Vulnerability
|
|
2018-11-23
|
|
Silurus Classifieds Script 2.0 - wcategory SQL Injection Vulnerability
|
|
2018-11-23
|
|
Gumbo CMS 0.99 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Vulnerability
|
|
2018-11-23
|
|
Easyndexer 1.0 - Arbitrary File Download Vulnerability
|
|
2018-11-23
|
|
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Vulnerability
|
|
2018-11-23
|
|
Tina4 Stack 1.0.3 - SQL Injection / Database File Download Vulnerabilities
|
|
2018-11-23
|
|
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Vulnerability
|
|
2018-11-23
|
|
Alienor Web Libre 2.0 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
Musicco 2.0.0 - Arbitrary Directory Download Vulnerability
|
|
2018-11-23
|
|
Surreal ToDo 0.6.1.2 - Local File Inclusion Vulnerability
|
|
2018-11-23
|
|
Surreal ToDo 0.6.1.2 - SQL Injection Vulnerability
|
|
2018-11-23
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
|
|
2018-11-23
|
|
Atlassian Jira Authenticated Upload Code Execution Exploit
|
|
2018-11-23
|
|
WebOfisi E-Ticaret V4 - 'urun' SQL Injection
|
|
2018-11-21
|
|
Wordpress CherryFramework Themes 3.1.4 - Backup File Download
|
|
2018-11-21
|
|
Ticketly 1.0 - 'name' SQL Injection
|
|
2018-11-21
|
|
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
|
|
2018-11-21
|
|
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
|
CVE-2018-8550
|
2018-11-20
|
|
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
|
|
2018-11-20
|
|
MacOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
|
|
2018-11-20
|
|
ImageMagick - Memory Leak
|
CVE-2018-16323
|
2018-11-20
|
|
Microsoft Edge Chakra - OP_Memset Type Confusion
|
|
2018-11-19
|
|
HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
|
|
2018-11-19
|
|
XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
|
|
2018-11-19
|
|
Linux - Broken uid/gid Mapping for Nested User Namespaces
|
CVE-2018-18955
|
2018-11-16
|
|
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)
|
|
2018-11-16
|
|
Mumsoft Easy Software 2.0 - Denial of Service (PoC)
|
|
2018-11-16
|
|
DomainMOD 4.11.01 - Cross-Site Scripting
|
CVE-2018-19136
|
2018-11-16
|
|
Helpdezk 1.1.1 - Arbitrary File Upload
|
|
2018-11-16
|
|
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
|
|
2018-11-16
|
|
Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
|
CVE-2018-19287
|
2018-11-15
|
|
PHP Mass Mail 1.0 - Arbitrary File Upload
|
|
2018-11-15
|
|
2-Plan Team 1.0.4 - Arbitrary File Upload
|
|
2018-11-15
|
|
Simple E-Document 1.31 - 'username' SQL Injection
|
|
2018-11-15
|
|
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
|
|
2018-11-15
|
|
Meneame English Pligg 5.8 - 'search' SQL Injection
|
|
2018-11-15
|
|
The Powerful Resource of PHP Stream Wrappers
|
|
2018-11-15
|
|
Notepad3 1.0.2.350 - Denial of Service (PoC)
|
|
2018-11-15
|
|
EverSync 0.5 - Arbitrary File Download
|
|
2018-11-15
|
|
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
|
CVE-2017-5124
|
2018-11-15
|
|
Webkit (Safari) - Universal Cross-site Scripting
|
CVE-2017-7089
|
2018-11-15
|
|
PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass
|
|
2018-11-15
|
|
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
|
|
2018-11-15
|
|
Net-Billetterie 2.9 - 'login' SQL Injection
|
|
2018-11-15
|
|
BitZoom 1.0 - 'rollno' SQL Injection
|
|
2018-11-15
|
|
PHP-Proxy 5.1.0 - Local File Inclusion
|
CVE-2018-19246
|
2018-11-15
|
|
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
|
|
2018-11-15
|
|
SwitchVPN For MacOS 2.1012.03 Privilege Escalation Exploit
|
|
2018-11-14
|
|
SwitchVPN For MacOS / Windows 2.1012.03 Man-In-The-Middle Vulnerability
|
|
2018-11-14
|
|
OCS Inventory NG ocsreports Shell Upload Vulnerability
|
|
2018-11-14
|
|
ntpd 4.2.8p10 - Out-of-Bounds Read Exploit
|
|
2018-11-14
|
|
AMPPS 2.7 - Denial of Service Exploit
|
|
2018-11-14
|
|
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
|
|
2018-11-14
|
|
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
|
|
2018-11-14
|
|
Pedidos 1.0 - SQL Injection
|
|
2018-11-14
|
|
Rmedia SMS 1.0 - SQL Injection
|
|
2018-11-14
|
|
SwitchVPN for macOS 2.1012.03 - Privilege Escalation
|
CVE-2018-18860
|
2018-11-14
|
|
Advanced Comment System 1.0 - SQL Injection
|
CVE-2018-18619
|
2018-11-14
|
|
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
|
CVE-2018-15767
|
2018-11-14
|
|
Atlassian Jira - Authenticated Upload Code Execution (Metasploit)
|
|
2018-11-14
|
|
AMPPS 2.7 - Denial of Service (PoC)
|
|
2018-11-14
|
|
EdTv 2 - 'id' SQL Injection
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
|
|
2018-11-14
|
|
Helpdezk 1.1.1 - 'query' SQL Injection
|
|
2018-11-14
|
|
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)
|
CVE-2018-7182
|
2018-11-14
|
|
iServiceOnline 1.0 - 'r' SQL Injection
|
|
2018-11-14
|
|
Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode 58 bytes
|
|
2018-11-13
|
|
xorg-x11-server < 1.20.1 - Local Privilege Escalation Exploit
|
|
2018-11-13
|
|
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) Exploit
|
|
2018-11-13
|
|
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service Exploit
|
|
2018-11-13
|
|
Evince 3.24.0 - Command Injection Exploit
|
|
2018-11-13
|
|
CuteFTP Mac 3.1 - Denial of Service Exploit
|
|
2018-11-13
|
|
SIPve 0.0.2-R19 - SQL Injection
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - SQL Injection
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
|
|
2018-11-13
|
|
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
|
|
2018-11-13
|
|
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
|
|
2018-11-13
|
|
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
|
CVE-2018-19135
|
2018-11-13
|
|
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
|
|
2018-11-13
|
|
Gumbo CMS 0.99 - SQL Injection
|
|
2018-11-13
|
|
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
|
|
2018-11-13
|
|
Easyndexer 1.0 - Arbitrary File Download
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
|
|
2018-11-13
|
|
xorg-x11-server < 1.20.1 - Local Privilege Escalation
|
CVE-2018-14665
|
2018-11-13
|
|
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
|
|
2018-11-13
|
|
Musicco 2.0.0 - Arbitrary Directory Download
|
|
2018-11-13
|
|
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service
|
CVE-2018-15437
|
2018-11-13
|
|
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
|
|
2018-11-13
|
|
Alienor Web Libre 2.0 - SQL Injection
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - Local File Inclusion
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - SQL Injection
|
|
2018-11-13
|
|
Evince 3.24.0 - Command Injection
|
CVE-2017-1000083
|
2018-11-13
|
|
CuteFTP Mac 3.1 - Denial of Service (PoC)
|
|
2018-11-13
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
|
CVE-2018-18772
|
2018-11-13
|
|
Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)
|
|
2018-11-13
|
|
Cisco Prime Infrastructure Unauthenticated Remote Code Execution Exploit
|
|
2018-11-13
|
|
Android 5.0 Battery Information Broadcast Information Disclosure Vulnerability
|
|
2018-11-13
|
|
Android RSSI Broadcast Information Disclosure Vulnerability
|
|
2018-11-13
|
|
ServerZilla 1.0 - email SQL Injection Vulnerability
|
|
2018-11-12
|
|
Nominas 0.27 - username SQL Injection Vulnerability
|
|
2018-11-12
|
|
GPS Tracking System 2.12 - username SQL Injection Vulnerability
|
|
2018-11-12
|
|
Facturation System 1.0 - modid SQL Injection Vulnerability
|
|
2018-11-12
|
|
The Don 1.0.1 - login SQL Injection Vulnerability
|
|
2018-11-12
|
|
Paroiciel 11.20 - tRecIdListe SQL Injection Vulnerability
|
|
2018-11-12
|
|
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
|
|
2018-11-12
|
|
Vignette Content Management 6 Security Bypass Vulnerability
|
|
2018-11-12
|
|
Advanced Comment System 1.0 SQL Injection Vulnerability
|
|