Exploit 2022(417)- H 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000
2022 - January February March April May June July August September October November December
2022-06-03
SolarView Compact 6.00 - Directory Traversal
Remote
Hardware
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)
Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
Microweber CMS 1.2.15 - Account Takeover
WebApps
PHP
Zyxel USG FLEX 5.21 - OS Command Injection
Contao 4.13.2 - Cross-Site Scripting (XSS)
2022-05-25
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
2022-05-23
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
OpenCart v3.x Newsletter Module - Blind SQLi
2022-05-17
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
SolarView Compact 6.0 - OS Command Injection
T-Soft E-Commerce 4 - SQLi (Authenticated)
Multiple
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
SDT-CW3B1 1.1.0 - OS Command Injection
2022-05-12
TLR-2005KSH - Arbitrary File Delete
Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
2022-05-11
TLR-2005KSH - Arbitrary File Upload
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
Joomla Plugin SexyPolling 2.1.7 - SQLi
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
Beehive Forum - Account Takeover
PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
Explore CMS 1.0 - SQL Injection
DLINK DAP-1620 A1 v1.01 - Directory Traversal
PyScript - Read Remote Python Source Code
Python
Google Chrome 78.0.3904.70 - Remote Code Execution
Tenda HG6 v3.3.0 - Remote Command Injection
Anuko Time Tracker - SQLi (Authenticated)
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
Linux
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService)
Local
Windows
Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
ExifTool 12.23 - Arbitrary Code Execution
e107 CMS v3.2.1 - Multiple Vulnerabilities
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)
DLINK DIR850 - Open Redirect
DLINK DIR850 - Insecure Access Control
Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path
UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
CSZ CMS 1.3.0 - 'Multiple' Blind SQLi
Bitrix24 - Remote Code Execution (RCE) (Authenticated)
Bookeen Notea - Directory Traversal
Android
Magento eCommerce CE v2.3.5-p2 - Blind SQLi
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor
WebTareas 2.4 - Blind SQLi (Authenticated)
Akka HTTP 10.1.14 - Denial of Service
Microfinance Management System 1.0 - 'customer_number' SQLi
ImpressCMS v1.4.4 - Unrestricted File Upload
2022-04-26
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
Ruby
Gitlab 14.9 - Authentication Bypass
2022-04-19
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
PTPublisher v2.3.4 - Unquoted Service Path
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
REDCap 11.3.9 - Stored Cross Site Scripting
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
Verizon 4G LTE Network Extender - Weak Credentials Algorithm
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
ManageEngine ADSelfService Plus 6.1 - User Enumeration
Scriptcase 9.7 - Remote Code Execution (RCE)
Easy Appointments 1.4.2 - Information Disclosure
Zyxel NWA-1100-NH - Command Injection
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection
Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
2022-04-11
Razer Sila - Command Injection
Razer Sila - Local File Inclusion (LFI)
Telesquare TLR-2855KS6 - Arbitrary File Deletion
Telesquare TLR-2855KS6 - Arbitrary File Creation
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
MiniTool Partition Wizard - Unquoted Service Path
2022-04-07
binutils 2.37 - Objdump Segmentation Fault
Opmon 9.11 - Cross-site Scripting
Kramer VIAware - Remote Code Execution (RCE) (Root)
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
qdPM 9.2 - Cross-site Request Forgery (CSRF)
minewebcms 1.15.2 - Cross-site Scripting (XSS)
Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
KLiK Social Media Website 1.0 - 'Multiple' SQLi
Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)
2022-03-30
WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS
Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)
PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)
CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)
WordPress Plugin admin-word-count-column 2.2 - Local File Read
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
Atom CMS 2.0 - Remote Code Execution (RCE)
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
2022-03-23
WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
ProtonVPN 1.26.0 - Unquoted Service Path
2022-03-22
ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
Sysax FTP Automation 6.9.0 - Privilege Escalation
Ivanti Endpoint Manager 4.6 - Remote Code Execution (RCE)
iRZ Mobile Router - CSRF to RCE
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover
2022-03-21
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
2022-03-16
Apache APISIX 2.12.1 - Remote Code Execution (RCE)
Tiny File Manager 2.4.6 - Remote Code Execution (RCE)
Hikvision IP Camera - Backdoor
Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)
Moodle 3.11.5 - SQLi (Authenticated)
2022-03-14
VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path
Baixar GLPI Project 9.4.6 - SQLi
2022-03-11
Tdarr 2.00.15 - Command Injection
Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)
2022-03-10
Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
BattlEye 0.9 - 'BEService' Unquoted Service Path
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
2022-03-09
Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path
Printix Client 1.3.1106.0 - Privilege Escalation
Audio Conversion Wizard v2.01 - Buffer Overflow
Cobian Backup 0.9 - Unquoted Service Path
Webmin 1.984 - Remote Code Execution (Authenticated)
2022-03-08
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)
2022-03-07
Foxit PDF Reader 11.0 - Unquoted Service Path
Malwarebytes 4.5 - Unquoted Service Path
Cloudflare WARP 1.4 - Unquoted Service Path
Private Internet Access 3.3 - 'pia-service' Unquoted Service Path
Hasura GraphQL 2.2.0 - Information Disclosure
Attendance and Payroll System v1.0 - SQLi Authentication Bypass
Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
part-db 0.5.11 - Remote Code Execution (RCE)
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
Java
2022-03-02
Printix Client 1.3.1106.0 - Remote Code Execution (RCE)
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
Prowise Reflect v1.0.9 - Remote Keystroke Injection
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
Xerte 3.10.3 - Directory Traversal (Authenticated)
2022-02-28
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path
Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC)
Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC)
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
2022-02-24
Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
2022-02-23
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Student Record System 1.0 - 'cid' SQLi (Authenticated)
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
aaPanel 6.8.21 - Directory Traversal (Authenticated)
Air Cargo Management System v1.0 - SQLi
Simple Real Estate Portal System 1.0 - 'id' SQLi
2022-02-21
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
Dbltek GoIP - Local File Inclusion
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
Cab Management System 1.0 - 'id' SQLi (Authenticated)
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
HMA VPN 5.3 - Unquoted Service Path
2022-02-18
Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path
Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path
Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
2022-02-16
WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)
Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
TeamSpeak 3.5.6 - Insecure File Permissions
H3C SSL VPN - Username Enumeration
ServiceNow - Username Enumeration
Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
2022-02-11
Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
2022-02-10
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection
Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)
Hospital Management Startup 1.0 - 'Multiple' SQLi
Cain & Abel 4.9.56 - Unquoted Service Path
2022-02-09
AtomCMS v2.0 - SQLi
Exam Reviewer Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Exam Reviewer Management System 1.0 - ‘id’ SQL Injection
2022-02-08
WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion
Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS)
Hospital Management System 4.0 - 'multiple' SQL Injection
FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit)
NodeJS
Hotel Reservation System 1.0 - SQLi (Unauthenticated)
2022-02-04
Servisnet Tessa - Add sysAdmin User (Unauthenticated) (Metasploit)
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)
Servisnet Tessa - Privilege Escalation (Metasploit)
WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated)
FLAME II MODEM USB - Unquoted Service Path
WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
2022-02-02
WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
Huawei DG8045 Router 1.0 - Credential Disclosure
Moodle 3.11.4 - SQL Injection
PHP Restaurants 1.0 - SQLi (Unauthenticated)
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)
macOS
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
Chamilo LMS 1.11.14 - Account Takeover
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
Mozilla Firefox 67 - Array.pop JIT Type Confusion
CONTPAQi(R) AdminPAQ 14.0.0 - Unquoted Service Path
2022-01-27
PolicyKit-1 0.105-31 - Privilege Escalation
Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)
WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
2022-01-25
PHPIPAM 1.4.4 - SQLi (Authenticated)
Online Project Time Management System 1.0 - Multiple Stored Cross Site Scripting (XSS) (Authenticated)
Online Project Time Management System 1.0 - SQLi (Authenticated)
2022-01-24
Landa Driving School Management System 2.0.1 - Arbitrary File Upload
2022-01-19
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
2022-01-18
Creston Web Interface 1.0.0.2159 - Credential Disclosure
Nyron 1.0 - SQLi (Unauthenticated)
ASPX
Simple Chatbot Application 1.0 - 'message' Blind SQLi
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
OpenBMCS 2.4 - Information Disclosure
OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
Online Resort Management System 1.0 - SQLi (Authenticated)
Archeevo 5.0 - Local File Inclusion
WorkTime 10.20 Build 4967 - Unquoted Service Path
2022-01-13
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)
Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)
SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)
Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS)
2022-01-12
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
Microsoft Windows Defender - Detections Bypass
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass
2022-01-10
CoreFTP Server build 725 - Directory Traversal (Authenticated)
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
2022-01-07
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
2022-01-05
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
Automox Agent 32 - Local Privilege Escalation
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
Dixell XWEB 500 - Arbitrary File Write
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
TRIGONE Remote System Monitor 3.61 - Unquoted Service Path
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Hospitals Patient Records Management System 1.0 - Account TakeOver
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
AWebServer GhostBuilding 18 - Denial of Service (DoS)
Hostel Management System 2.1 - Cross Site Scripting (XSS)
Nettmp NNT 5.1 - SQLi Authentication Bypass
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
ConnectWise Control 19.2.24707 - Username Enumeration
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)
RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated)
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Siemens S7 Layer 2 - Denial of Service (DoS)
DoS
CMSimple 5.4 - Cross Site Scripting (XSS)