Exploit Web Applications 2020 - Úvod  Remote  Web App  Local&Privilege Escalation  DoS & PoC  ShellCode  Exploit  Exploit prog.  Ex. Techniky  Exp. kit  Typy Exploitù  Exploit Articles 

Web Applications  H  2020  2019  2018

 

2020-12-24Apartment Visitors Management System 1.0 - Authentication BypassWebAppsPHP
2020-12-24GitLab 11.4.7 - RCE (Authenticated)WebAppsRuby
2020-12-24WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site ScriptingWebAppsPHP
2020-12-24WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File UploadWebAppsPHP
2020-12-23Baby Care System 1.0 - 'roleid' SQL InjectionWebAppsPHP
2020-12-23TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)WebAppsLinux
2020-12-23Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-23Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function InjectionWebAppsPHP
2020-12-23Online Learning Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-23Online Learning Management System 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-23Online Learning Management System 1.0 - Authentication BypassWebAppsPHP
2020-12-23Class Scheduling System 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-22TerraMaster TOS 4.2.06 - RCE (Unauthenticated)WebAppsLinux
2020-12-22Faculty Evaluation System 1.0 - Stored XSSWebAppsPHP
2020-12-22Artworks Gallery Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-22Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)WebAppsLinux
2020-12-22WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)WebAppsPHP
2020-12-22Multi Branch School Management System 3.5 - "Create Branch" Stored XSSWebAppsPHP
2020-12-22Library Management System 3.0 - "Add Category" Stored XSSWebAppsPHP
2020-12-22CSE Bookstore 1.0 - Multiple SQL InjectionWebAppsPHP
2020-12-22Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)WebAppsPHP
2020-12-22Victor CMS 1.0 - File Upload To RCEWebAppsPHP
2020-12-16Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)WebAppsHardware
2020-11-12Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)WebAppsHardware
2020-12-21Online Marriage Registration System 1.0 - 'searchdata' SQL InjectionWebAppsPHP
2020-12-21Point of Sale System 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-21Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSSWebAppsMultiple
2020-12-21Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSSWebAppsMultiple
2020-12-21Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSSWebAppsMultiple
2020-12-21Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSSWebAppsMultiple
2020-12-21SCO Openserver 5.0.7 - 'outputform' Command InjectionWebAppsSCO
2020-12-21SCO Openserver 5.0.7 - 'section' Reflected XSSWebAppsSCO
2020-12-21Spiceworks 7.5 - HTTP Header InjectionWebAppsWindows
2020-12-21Academy-LMS 4.3 - Stored XSSWebAppsMultiple
2020-12-21Spotweb 1.4.9 - 'search' SQL InjectionWebAppsMultiple
2020-12-21Queue Management System 4.0.0 - "Add User" Stored XSSWebAppsPHP
2020-12-18Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSSWebAppsPHP
2020-12-18SyncBreeze 10.0.28 - 'login' Denial of Service (Poc)WebAppsWindows
2020-12-18Smart Hospital 3.1 - "Add Patient" Stored XSSWebAppsPHP
2020-12-18Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)WebAppsPHP
2020-12-18Alumni Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-18Alumni Management System 1.0 - "Course Form" Stored XSSWebAppsPHP
2020-12-18Alumni Management System 1.0 - Unrestricted File Upload To RCEWebAppsPHP
2020-12-18Point of Sale System 1.0 - Authentication BypassWebAppsPHP
2020-12-17Victor CMS 1.0 - Multiple SQL Injection (Authenticated)WebAppsPHP
2020-12-17PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)WebAppsPHP
2020-12-17Employee Record System 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-17Interview Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-17Interview Management System 1.0 - Stored XSS in Add New QuestionWebAppsPHP
2020-12-17Online Tours & Travels Management System 1.0 - "id" SQL InjectionWebAppsPHP
2020-12-17Customer Support System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-17Customer Support System 1.0 - "First Name" & "Last Name" Stored XSSWebAppsPHP
2020-12-17Medical Center Portal Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-17Content Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-17Content Management System 1.0 - 'email' SQL InjectionWebAppsPHP
2020-12-17Content Management System 1.0 - 'First Name' Stored XSSWebAppsPHP
2020-12-17Linksys RE6500 1.0.11.001 - Unauthenticated RCEWebAppsHardware
2020-12-17Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)WebAppsPHP
2020-12-16Seotoaster 3.2.0 - Stored XSS on Edit page propertiesWebAppsPHP
2020-12-16PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL InjectionWebAppsPHP
2020-12-16Magic Home Pro 1.5.1 - Authentication BypassWebAppsAndroid
2020-12-16Raysync 3.3.3.8 - RCEWebAppsLinux
2020-12-16Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site ScriptingWebAppsPHP
2020-12-16GitLab 11.4.7 - Remote Code Execution (Authenticated)WebAppsRuby
2020-12-15Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)WebAppsHardware
2020-12-15Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (Authenticated)WebAppsPHP
2020-12-15Task Management System 1.0 - 'page' Local File InclusionWebAppsPHP
2020-12-14Gitlab 11.4.7 - Remote Code ExecutionWebAppsRuby
2020-12-14Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege EscalationWebAppsHardware
2020-12-14Rumble Mail Server 0.51.3135 - 'username' Stored XSSWebAppsMultiple
2020-12-14Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSSWebAppsMultiple
2020-12-14Rumble Mail Server 0.51.3135 - 'servername' Stored XSSWebAppsMultiple
2020-12-14WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup DownloadWebAppsMultiple
2020-12-14Seacms 11.1 - 'checkuser' Stored XSSWebAppsMultiple
2020-12-14Seacms 11.1 - 'file' Local File InclusionWebAppsMultiple
2020-12-14Seacms 11.1 - 'ip and weburl' Remote Command ExecutionWebAppsMultiple
2020-12-14MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)WebAppsMultiple
2020-12-14LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL InjectionWebAppsMultiple
2020-12-14Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)WebAppsPHP
2020-12-11Courier Management System 1.0 - 'ref_no' SQL InjectionWebAppsPHP
2020-12-11Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL InjectionWebAppsPHP
2020-12-11Courier Management System 1.0 - 'First Name' Stored XSSWebAppsPHP
2020-12-11Dolibarr 12.0.3 - SQLi to RCEWebAppsPHP
2020-12-11Supply Chain Management System - Auth Bypass SQL InjectionWebAppsPHP
2020-12-11Rukovoditel 2.6.1 - RCEWebAppsPHP
2020-12-11Jenkins 2.235.3 - 'Description' Stored XSSWebAppsJava
2020-12-11Medical Center Portal Management System 1.0 - Multiple Stored XSSWebAppsPHP
2020-12-11Openfire 4.6.0 - 'sql' Stored XSSWebAppsJSP
2020-12-11Openfire 4.6.0 - 'users' Stored XSSWebAppsJSP
2020-12-11Openfire 4.6.0 - 'groupchatJID' Stored XSSWebAppsJSP
2020-12-11Jenkins 2.235.3 - 'tooltip' Stored Cross-Site ScriptingWebAppsJava
2020-12-10WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site ScriptingWebAppsPHP
2020-12-10Library Management System 2.0 - Auth Bypass SQL InjectionWebAppsPHP
2020-12-10Openfire 4.6.0 - 'path' Stored XSSWebAppsJSP
2020-12-10OpenCart 3.0.3.6 - Cross Site Request ForgeryWebAppsPHP
2020-12-10Barcodes generator 1.0 - 'name' Stored Cross Site ScriptingWebAppsPHP
2020-12-09Task Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-09Task Management System 1.0 - Unrestricted File Upload to Remote Code ExecutionWebAppsPHP
2020-12-09Task Management System 1.0 - 'First Name and Last Name' Stored XSSWebAppsPHP
2020-12-09VestaCP 0.9.8-26 - 'backup' Information DisclosureWebAppsMultiple
2020-12-09VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session ValidationWebAppsMultiple
2020-12-08Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site ScriptingWebAppsPHP
2020-12-08Online Bus Ticket Reservation 1.0 - SQL InjectionWebAppsPHP
2020-12-07vBulletin 5.6.3 - 'group' Cross Site ScriptingWebAppsPHP
2020-12-07Savsoft Quiz 5 - 'Skype ID' Stored XSSWebAppsPHP
2020-12-07Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-12-04Zabbix 5.0.0 - Stored XSS via URL Widget IframeWebAppsPHP
2020-12-04CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)WebAppsPHP
2020-12-04Laravel Nova 3.7.0 - 'range' DoSWebAppsPHP
2020-12-04Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site ScriptingWebAppsPHP
2020-12-04Savsoft Quiz 5 - 'field_title' Stored Cross-Site ScriptingWebAppsPHP
2020-12-04Testa Online Test Management System 3.4.7 - 'q' SQL InjectionWebAppsMultiple
2020-12-04MiniCMS 1.10 - 'content box' Stored XSSWebAppsPHP
2020-12-04Phpscript-sgh 0.1.0 - Time Based Blind SQL InjectionWebAppsMultiple
2020-12-04Composr CMS 10.0.34 - 'banners' Persistent Cross Site ScriptingWebAppsPHP
2020-12-04Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)WebAppsMultiple
2020-12-03Invision Community 4.5.4 - 'Field Name' Stored Cross-Site ScriptingWebAppsMultiple
2020-12-03Sony BRAVIA Digital Signage 1.7.8 - System API Information DisclosureWebAppsHardware
2020-12-03Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File InclusionWebAppsHardware
2020-12-03mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site ScriptingWebAppsMultiple
2020-12-03Online Matrimonial Project 1.0 - Authenticated Remote Code ExecutionWebAppsPHP
2020-12-03EgavilanMedia Address Book 1.0 Exploit - SQLi Auth BypassWebAppsMultiple
2020-12-03Coastercms 5.8.18 - Stored XSSWebAppsPHP
2020-12-03User Registration & Login and User Management System 2.1 - Cross Site Request ForgeryWebAppsPHP
2020-12-02WordPress Plugin Wp-FileManager 6.8 - RCEWebAppsPHP
2020-12-02Car Rental Management System 1.0 - SQL Injection / Local File includeWebAppsPHP
2020-12-02Simple College Website 1.0 - 'page' Local File InclusionWebAppsPHP
2020-12-02Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account TakeoverWebAppsPHP
2020-12-02Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionalityWebAppsPHP
2020-12-02ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)WebAppsMultiple
2020-12-02ChurchCRM 4.2.0 - CSV/Formula InjectionWebAppsMultiple
2020-12-02WebDamn User Registration & Login System with User Panel - SQLi Auth BypassWebAppsMultiple
2020-12-02DotCMS 20.11 - Stored Cross-Site ScriptingWebAppsMultiple
2020-12-02Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit ProfileWebAppsMultiple
2020-12-02Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add ArtworkWebAppsMultiple
2020-12-02Employee Record Management System 1.1 - Login Bypass SQL InjectionWebAppsMultiple
2020-12-02WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site ScriptingWebAppsPHP
2020-12-02Local Service Search Engine Management System 1.0 - SQLi Authentication BypassWebAppsMultiple
2020-12-02Online News Portal System 1.0 - 'Title' Stored Cross Site ScriptingWebAppsMultiple
2020-12-02Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scriptingWebAppsMultiple
2020-12-02NewsLister - Authenticated Persistent Cross-Site ScriptingWebAppsMultiple
2020-12-02Online Voting System Project in PHP - 'username' Persistent Cross-Site ScriptingWebAppsMultiple
2020-12-02PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSSWebAppsWindows
2020-12-02WonderCMS 3.1.3 - Authenticated Remote Code ExecutionWebAppsPHP
2020-12-02WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code ExecutionWebAppsPHP
2020-12-02EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site ScriptingWebAppsMultiple
2020-12-02Student Result Management System 1.0 - Authentication Bypass SQL InjectionWebAppsMultiple
2020-12-02EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRFWebAppsMultiple
2020-12-02Under Construction Page with CPanel 1.0 - SQL injectionWebAppsMultiple
2020-12-02Pharmacy Store Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-12-02ILIAS Learning Management System 4.3 - SSRFWebAppsMultiple
2020-12-02Expense Management System - 'description' Stored Cross Site ScriptingWebAppsMultiple
2020-12-01Tendenci 12.3.1 - CSV/ Formula InjectionWebAppsMultiple
2020-12-01Social Networking Site - Authentication Bypass (SQli)WebAppsPHP
2020-12-01Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting VulnerabilitiesWebAppsPHP
2020-12-01Medical Center Portal Management System 1.0 - 'login' SQL InjectionWebAppsPHP
2020-12-01LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site ScriptingWebAppsPHP
2020-12-01Tailor Management System 1.0 - Unrestricted File Upload to Remote Code ExecutionWebAppsPHP
2020-12-01Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSSWebAppsPHP
2020-12-01Setelsa Conacwin 3.7.1.2 - Local File InclusionWebAppsMultiple
2020-12-01Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL InjectionWebAppsPHP
2020-12-01Online Shopping Alphaware 1.0 - Error Based SQL injectionWebAppsPHP
2020-12-01Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site ScriptingWebAppsPHP
2020-12-01Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File UploadWebAppsPHP
2020-12-01TypeSetter 5.1 - CSRF (Change admin e-mail)WebAppsPHP
2020-11-30Intelbras Router RF 301K 1.1.2 - Authentication BypassWebAppsHardware
2020-11-30Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)WebAppsWindows
2020-11-30ATX MiniCMTS200a Broadband Gateway 2.0 - Credential DisclosureWebAppsHardware
2020-11-27Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)WebAppsPHP
2020-11-27ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site ScriptingWebAppsPHP
2020-11-27House Rental 1.0 - 'keywords' SQL InjectionWebAppsPHP
2020-11-27Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)WebAppsPHP
2020-11-27Moodle 3.8 - Unrestricted File UploadWebAppsPHP
2020-11-27Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRFWebAppsMultiple
2020-11-27Laravel Administrator 4 - Unrestricted File Upload (Authenticated)WebAppsPHP
2020-11-27Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code ExecutionWebAppsHardware
2020-11-27WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site ScriptingWebAppsPHP
2020-11-27Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site ScriptingWebAppsPHP
2020-11-25SyncBreeze 10.0.28 - 'password' Remote Buffer OverflowWebAppsWindows
2020-11-25osCommerce 2.3.4.1 - 'title' Persistent Cross-Site ScriptingWebAppsPHP
2020-11-25WonderCMS 3.1.3 - 'page' Persistent Cross-Site ScriptingWebAppsPHP
2020-11-24OpenCart 3.0.3.6 - 'subject' Stored Cross-Site ScriptingWebAppsPHP
2020-11-24OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated)WebAppsPHP
2020-11-24Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)WebAppsHardware
2020-11-24ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)WebAppsLinux
2020-11-24Apache OpenMeetings 5.0.0 - 'hostname' Denial of ServiceWebAppsMultiple
2020-11-24nopCommerce Store 4.30 - 'name' Stored Cross-Site ScriptingWebAppsMultiple
2020-11-23TP-Link TL-WA855RE V5_200415 - Device Reset Auth BypassWebAppsHardware
2020-11-23LifeRay 7.2.1 GA2 - Stored XSSWebAppsMultiple
2020-11-23VTiger v7.0 CRM - 'To' Persistent XSSWebAppsPHP
2020-11-20WonderCMS 3.1.3 - 'content' Persistent Cross-Site ScriptingWebAppsPHP
2020-11-19Nagios Log Server 2.1.7 - Persistent Cross-Site ScriptingWebAppsMultiple
2020-11-19M/Monit 3.7.4 - Password DisclosureWebAppsMultiple
2020-11-19M/Monit 3.7.4 - Privilege EscalationWebAppsMultiple
2020-11-19Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command InjectionWebAppsCGI
2020-11-19TestBox CFML Test Framework 4.1.0 - Directory TraversalWebAppsMultiple
2020-11-19TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code ExecutionWebAppsMultiple
2020-11-19Gitlab 12.9.0 - Arbitrary File Read (Authenticated)WebAppsRuby
2020-11-19Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password ModificationWebAppsHardware
2020-11-19xuucms 3 - 'keywords' SQL InjectionWebAppsMultiple
2020-11-19PESCMS TEAM 2.3.2 - Multiple Reflected XSSWebAppsMultiple
2020-11-18BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request ForgeryWebAppsMultiple
2020-11-18Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)WebAppsPHP
2020-11-17Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple VulnerabilitiesWebAppsPHP
2020-11-17Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site ScriptingWebAppsPHP
2020-11-17WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-11-17SugarCRM 6.5.18 - Persistent Cross-Site ScriptingWebAppsPHP
2020-11-17Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL InjectionWebAppsPHP
2020-11-17EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth BypassWebAppsPHP
2020-11-16Car Rental Management System 1.0 - 'car_id' Sql InjectionWebAppsPHP
2020-11-16Car Rental Management System 1.0 - Remote Code Execution (Authenticated)WebAppsPHP
2020-11-16PMB 5.6 - 'chemin' Local File DisclosureWebAppsPHP
2020-11-16User Registration & Login and User Management System 2.1 - Login Bypass SQL InjectionWebAppsPHP
2020-11-16Water Billing System 1.0 - 'id' SQL Injection (Authenticated)WebAppsPHP
2020-11-16Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)WebAppsPHP
2020-11-13October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)WebAppsPHP
2020-11-13OpenCart Theme Journal 3.1.0 - Sensitive Data ExposureWebAppsPHP
2020-11-13Touchbase.io 1.10 - Stored Cross Site ScriptingWebAppsMultiple
2020-11-13Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)WebAppsMultiple
2020-11-13Citrix ADC NetScaler - Local File Inclusion (Metasploit)WebAppsHardware
2020-11-13Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)WebAppsPHP
2020-11-13ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)WebAppsHardware
2020-11-12Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL InjectionWebAppsPHP
2020-11-12Water Billing System 1.0 - 'username' and 'password' parameters SQL InjectionWebAppsPHP
2020-11-11CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)WebAppsPHP
2020-11-11Customer Support System 1.0 - 'username' Authentication BypassWebAppsPHP
2020-11-11Customer Support System 1.0 - Cross-Site Request ForgeryWebAppsPHP
2020-11-11Customer Support System 1.0 - 'description' Stored XSS in The Admin PanelWebAppsPHP
2020-11-10Anuko Time Tracker 1.19.23.5325 - CSV/Formula InjectionWebAppsPHP
2020-11-10ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site ScriptingWebAppsPHP
2020-11-10Car Rental Management System 1.0 - SQL injection + Arbitrary File UploadWebAppsPHP
2020-11-09Joplin 1.2.6 - 'link' Cross Site ScriptingWebAppsMultiple
2020-11-09SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)WebAppsPHP
2020-11-09Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRFWebAppsHardware
2020-11-06BlogEngine 3.3.8 - 'Content' Stored XSSWebAppsASPX
2020-11-06Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)WebAppsPHP
2020-11-06Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)WebAppsPHP
2020-11-06CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)WebAppsPHP
2020-11-06SmartBlog 2.0.1 - 'id_post' Blind SQL injectionWebAppsPHP
2020-11-05iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege EscalationWebAppsHardware
2020-11-05iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security BypassWebAppsHardware
2020-11-05iDS6 DSSPro Digital Signage System 6.2 - Cross-Site Request Forgery (CSRF)WebAppsHardware
2020-11-04Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code ExecutionWebAppsPHP
2020-11-04School Log Management System 1.0 - 'username' SQL Injection / Remote Code ExecutionWebAppsPHP
2020-11-04PDW File Browser 1.3 - Remote Code ExecutionWebAppsPHP
2020-11-04Processwire CMS 2.4.0 - 'download' Local File InclusionWebAppsPHP
2020-11-03Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code ExecutionWebAppsPHP
2020-11-03Multi Restaurant Table Reservation System 1.0 - 'table_id' Unauthenticated SQL InjectionWebAppsPHP
2020-11-02Monitorr 1.7.6m - Authorization BypassWebAppsPHP
2020-11-02Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-11-02WordPress Plugin Simple File List 4.2.2 - Arbitrary File UploadWebAppsPHP
2020-11-02Apache Flink 1.9.x - File Upload RCE (Unauthenticated)WebAppsJava
2020-10-30Simple College Website 1.0 - 'username' SQL Injection / Remote Code ExecutionWebAppsPHP
2020-10-30Online Job Portal 1.0 - 'userid' SQL InjectionWebAppsPHP
2020-10-30Citadel WebCit < 926 - Session Hijacking ExploitWebAppsMultiple
2020-10-30DedeCMS v.5.8 - "keyword" Cross-Site ScriptingWebAppsPHP
2020-10-30CSE Bookstore 1.0 - 'quantity' Persistent Cross-site ScriptingWebAppsPHP
2020-10-29Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to RebootWebAppsHardware
2020-10-29WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET requestWebAppsJava
2020-10-29Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)WebAppsCGI
2020-10-29Online Examination System 1.0 - 'name' Stored Cross Site ScriptingWebAppsPHP
2020-10-28Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File InclusionWebAppsLinux
2020-10-28CSE Bookstore 1.0 - Authentication BypassWebAppsPHP
2020-10-28Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)WebAppsPHP
2020-10-27Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)WebAppsPHP
2020-10-27Client Management System 1.0 - 'searchdata' SQL injectionWebAppsPHP
2020-10-27Sentrifugo 3.2 - File Upload Restriction Bypass (Authenticated)WebAppsPHP
2020-10-26ReQuest Serious Play F3 Media Server 7.0.3 - Remote Code Execution (Unauthenticated)WebAppsHardware
2020-10-26ReQuest Serious Play F3 Media Server 7.0.3 - Remote Denial of ServiceWebAppsHardware
2020-10-26ReQuest Serious Play F3 Media Server 7.0.3 - Debug Log DisclosureWebAppsHardware
2020-10-26ReQuest Serious Play Media Player 3.0 - Directory Traversal File DisclosureWebAppsHardware
2020-10-26Genexis Platinum-4410 - 'SSID' Persistent XSSWebAppsHardware
2020-10-26PDW File Browser 1.3 - 'new_filename' Cross-Site Scripting (XSS)WebAppsPHP
2020-10-26InoERP 0.7.2 - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-10-26Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)WebAppsPHP
2020-10-26CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template InjectionWebAppsPHP
2020-10-23TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)WebAppsPHP
2020-10-23Bludit 3.9.2 - Auth Bruteforce BypassWebAppsPHP
2020-10-23Gym Management System 1.0 - Stored Cross Site ScriptingWebAppsPHP
2020-10-23Gym Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-23School Faculty Scheduling System 1.0 - 'username' SQL InjectionWebAppsPHP
2020-10-23School Faculty Scheduling System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-10-23Point of Sales 1.0 - 'username' SQL InjectionWebAppsPHP
2020-10-23Gym Management System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-10-23Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)WebAppsPHP
2020-10-23Lot Reservation Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-23Point of Sales 1.0 - 'id' SQL InjectionWebAppsPHP
2020-10-23User Registration & Login and User Management System 2.1 - SQL InjectionWebAppsPHP
2020-10-23Car Rental Management System 1.0 - Arbitrary File UploadWebAppsPHP
2020-10-23Stock Management System 1.0 - 'brandId and categoriesId' SQL InjectionWebAppsPHP
2020-10-23Ajenti 2.1.36 - Remote Code Execution (Authenticated)WebAppsPython
2020-10-23Online Library Management System 1.0 - Arbitrary File UploadWebAppsPHP
2020-10-21Tiki Wiki CMS Groupware 21.1 - Authentication BypassWebAppsPHP
2020-10-21Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-21Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-21Stock Management System 1.0 - 'Product Name' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-21GOautodial 4.0 - Authenticated Shell UploadWebAppsPHP
2020-10-21School Faculty Scheduling System 1.0 - Authentication Bypass POCWebAppsPHP
2020-10-21School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POCWebAppsPHP
2020-10-21Hrsale 2.0.0 - Local File InclusionWebAppsPHP
2020-10-20WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)WebAppsMultiple
2020-10-20WordPress Plugin Rest Google Maps < 7.11.18 - SQL InjectionWebAppsPHP
2020-10-20Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code ExecutionWebAppsJava
2020-10-20Mobile Shop System v1.0 - SQL Injection Authentication BypassWebAppsPHP
2020-10-20RiteCMS 2.2.1 - Remote Code Execution (Authenticated)WebAppsPHP
2020-10-20User Registration & Login and User Management System With admin panel 2.1 - Persistent XSSWebAppsPHP
2020-10-20WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File UploadWebAppsPHP
2020-10-20Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)WebAppsPHP
2020-10-20Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)WebAppsPHP
2020-10-20Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content DisclosureWebAppsPHP
2020-10-20Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)WebAppsPHP
2020-10-20Comtrend AR-5387un router - Persistent XSS (Authenticated)WebAppsHardware
2020-10-19Textpattern CMS 4.6.2 - Cross-site Request ForgeryWebAppsPHP
2020-10-19Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)WebAppsPHP
2020-10-19Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)WebAppsPHP
2020-10-19Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-inWebAppsJava
2020-10-19HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)WebAppsHardware
2020-10-19HiSilicon Video Encoders - Full admin access via backdoor passwordWebAppsHardware
2020-10-19HiSilicon video encoders - RCE via unauthenticated upload of malicious firmwareWebAppsHardware
2020-10-19HiSilicon Video Encoders - RCE via unauthenticated command injectionWebAppsHardware
2020-10-19HiSilicon Video Encoders - Unauthenticated file disclosure via path traversalWebAppsHardware
2020-10-19Online Job Portal 1.0 - Cross Site Scripting (Stored)WebAppsPHP
2020-10-19Online Discussion Forum Site 1.0 - XSS in Messaging SystemWebAppsPHP
2020-10-19Online Student's Management System 1.0 - Remote Code Execution (Authenticated)WebAppsPHP
2020-10-19Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL InjectionWebAppsPHP
2020-10-19Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL InjectionWebAppsPHP
2020-10-19Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-19Tourism Management System 1.0 - Arbitrary File UploadWebAppsPHP
2020-10-16CS-Cart 1.3.3 - authenticated RCEWebAppsPHP
2020-10-16CS-Cart 1.3.3 - 'classes_dir' LFIWebAppsPHP
2020-10-16Seat Reservation System 1.0 - Unauthenticated SQL InjectionWebAppsPHP
2020-10-16Hotel Management System 1.0 - Remote Code Execution (Authenticated)WebAppsPHP
2020-10-16Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-10-16aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)WebAppsPython
2020-10-16Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)WebAppsPHP
2020-10-16Company Visitor Management System (CVMS) 1.0 - Authentication BypassWebAppsPHP
2020-10-16Alumni Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-16Employee Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-16Employee Management System 1.0 - Cross Site Scripting (Stored)WebAppsPHP
2020-10-15Zoo Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-15Simple Grocery Store Sales And Inventory System 1.0 - Authentication BypassWebAppsPHP
2020-10-15rConfig 3.9.5 - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-10-15Vehicle Parking Management System 1.0 - Authentication BypassWebAppsPHP
2020-10-14NodeBB Forum 1.12.2-1.14.2 - Account TakeoverWebAppsMultiple
2020-07-23TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL InjectionWebAppsPHP
2020-10-13berliCRM 1.0.24 - 'src_record' SQL InjectionWebAppsPHP
2020-10-12Cisco ASA and FTD 9.6.4.42 - Path TraversalWebAppsHardware
2020-10-12Online Students Management System 1.0 - 'username' SQL InjectionsWebAppsPHP
2020-10-12Liman 0.7 - Cross-Site Request Forgery (Change Password)WebAppsMultiple
2020-10-12MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-10-12Small CRM 2.0 - 'email' SQL InjectionWebAppsPHP
2020-10-09openMAINT 1.1-2.4.2 - Arbitrary File UploadWebAppsJSON
2020-10-09DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-10-09Kentico CMS 9.0-12.0.49 - Persistent Cross Site ScriptingWebAppsPHP
2020-10-08D-Link DSR-250N 3.12 - Denial of Service (PoC)WebAppsHardware
2020-10-08SEO Panel 4.6.0 - Remote Code ExecutionWebAppsPHP
2020-10-07Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-06EasyPMS 1.0.0 - Authentication BypassWebAppsJSON
2020-10-06Karel IP Phone IP1211 Web Management Panel - Directory TraversalWebAppsHardware
2020-10-05SpamTitan 7.07 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-10-05MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL InjectionWebAppsMultiple
2020-10-02Photo Share Website 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-10-02MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)WebAppsPHP
2020-10-01Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site ScriptingWebAppsPHP
2020-10-01CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-10-01GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-10-01WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)WebAppsPHP
2020-10-01MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)WebAppsPHP
2020-10-01SpinetiX Fusion Digital Signage 3.4.8 - Username EnumerationWebAppsHardware
2020-10-01SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-10-01SpinetiX Fusion Digital Signage 3.4.8 - Database Backup DisclosureWebAppsHardware
2020-10-01BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path TraversalWebAppsHardware
2020-10-01BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)WebAppsHardware
2020-09-29WebsiteBaker 2.12.2 - Remote Code ExecutionWebAppsPHP
2020-09-28Joplin 1.0.245 - Arbitrary Code Execution (PoC)WebAppsMultiple
2020-09-28Mida eFramework 2.8.9 - Remote Code ExecutionWebAppsHardware
2020-09-25B-swiss 3 Digital Signage System 3.6.5 - Database DisclosureWebAppsMultiple
2020-09-25B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin)WebAppsMultiple
2020-09-25Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-09-25BigTree CMS 4.4.10 - Remote Code ExecutionWebAppsPHP
2020-09-24Visitor Management System in PHP 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-09-24Simple Online Food Ordering System 1.0 - 'id' SQL Injection (Unauthenticated)WebAppsPHP
2020-09-23Online Food Ordering System 1.0 - Remote Code ExecutionWebAppsPHP
2020-09-22Flatpress Add Blog 1.0.3 - Persistent Cross-Site ScriptingWebAppsPHP
2020-09-22Comodo Unified Threat Management Web Console 2.7.0 - Remote Code ExecutionWebAppsMultiple
2020-09-21B-swiss 3 Digital Signage System 3.6.5 - Remote Code ExecutionWebAppsMultiple
2020-09-21Mida eFramework 2.9.0 - Back Door AccessWebAppsHardware
2020-09-21Seat Reservation System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-09-21BlackCat CMS 1.3.6 - Cross-Site Request ForgeryWebAppsPHP
2020-09-21Online Shop Project 1.0 - 'p' SQL InjectionWebAppsPHP
2020-09-18Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)WebAppsPHP
2020-09-18SpamTitan 7.07 - Remote Code Execution (Authenticated)WebAppsMultiple
2020-09-16Piwigo 2.10.1 - Cross Site ScriptingWebAppsPHP
2020-09-15Tailor MS 1.0 - Reflected Cross-Site ScriptingWebAppsPHP
2020-09-15ThinkAdmin 6 - Arbitrarily File ReadWebAppsPHP
2020-09-14Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)WebAppsPHP
2020-09-14RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)WebAppsHardware
2020-09-14RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site ScriptingWebAppsHardware
2020-09-11Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)WebAppsMultiple
2020-09-11VTENEXT 19 CE - Remote Code ExecutionWebAppsMultiple
2020-09-10ZTE Router F602W - Captcha BypassWebAppsHardware
2020-09-10CuteNews 2.1.2 - Remote Code ExecutionWebAppsPHP
2020-09-10Tiandy IPC and NVR 9.12.7 - Credential DisclosureWebAppsHardware
2020-09-09Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)WebAppsJava
2020-09-09Tailor Management System - 'id' SQL InjectionWebAppsPHP
2020-09-07ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)WebAppsJava
2020-09-07grocy 2.7.1 - Persistent Cross-Site ScriptingWebAppsPHP
2020-09-07Cabot 0.11.12 - Persistent Cross-Site ScriptingWebAppsMultiple
2020-09-03SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)WebAppsPHP
2020-09-03Daily Tracker System 1.0 - Authentication BypassWebAppsPHP
2020-09-03BloodX CMS 1.0 - Authentication BypassWebAppsPHP
2020-09-03Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site ScriptingWebAppsPHP
2020-09-02Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)WebAppsPHP
2020-09-01moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-09-01Mara CMS 7.5 - Remote Code Execution (Authenticated)WebAppsPHP
2020-08-31CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)WebAppsPHP
2020-08-31Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated)WebAppsPHP
2020-08-31Mara CMS 7.5 - Reflective Cross-Site ScriptingWebAppsPHP
2020-08-31Online Book Store 1.0 - 'id' SQL InjectionWebAppsPHP
2020-08-28Eibiz i-Media Server Digital Signage 3.8.0 - Privilege EscalationWebAppsHardware
2020-08-28SymphonyCMS 3.0.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-08-28Nagios Log Server 2.1.6 - Persistent Cross-Site ScriptingWebAppsMultiple
2020-08-28Online Shopping Alphaware 1.0 - 'id' SQL InjectionWebAppsPHP
2020-08-27Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)WebAppsPHP
2020-08-27Mida eFramework 2.9.0 - Remote Code ExecutionWebAppsMultiple
2020-08-26Eibiz i-Media Server Digital Signage 3.8.0 - Directory TraversalWebAppsMultiple
2020-08-26Ericom Access Server x64 9.2.0 - Server-Side Request ForgeryWebAppsMultiple
2020-08-24Eibiz i-Media Server Digital Signage 3.8.0 - Configuration DisclosureWebAppsHardware
2020-08-24Eibiz i-Media Server Digital Signage 3.8.0 - Authentication BypassWebAppsHardware
2020-08-24LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site ScriptingWebAppsPHP
2017-07-24vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution (Metasploit)WebAppsPHP
2020-08-21Seowon SlC 130 Router - Remote Code ExecutionWebAppsHardware
2020-08-21Complaint Management System 1.0 - 'cid' SQL InjectionWebAppsPHP
2020-08-20PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)WebAppsHardware
2020-08-20ElkarBackup 1.3.3 - Persistent Cross-Site ScriptingWebAppsPHP
2020-08-19Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory TraversalWebAppsHardware
2020-08-18Savsoft Quiz 5 - Stored Cross-Site ScriptingWebAppsPHP
2020-08-18Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL InjectionWebAppsPHP
2020-08-17QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)WebAppsHardware
2020-08-17QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File DisclosureWebAppsHardware
2020-08-17QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File DeletionWebAppsHardware
2020-08-17QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential DisclosureWebAppsHardware
2020-08-17Microsoft SharePoint Server 2019 - Remote Code ExecutionWebAppsASPX
2020-08-17Bludit 3.9.2 - Authentication Bruteforce Mitigation BypassWebAppsPHP
2020-08-13GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-08-13Artica Proxy 4.3.0 - Authentication BypassWebAppsHardware
2020-08-12vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code ExecutionWebAppsPHP
2020-08-12CMS Made Simple 2.2.14 - Authenticated Arbitrary File UploadWebAppsPHP
2020-08-11Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)WebAppsPHP
2020-08-10ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)WebAppsJava
2020-08-10Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)WebAppsPHP
2020-08-07Daily Expenses Management System 1.0 - 'item' SQL InjectionWebAppsPHP
2020-08-07All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-08-06Victor CMS 1.0 - 'Search' SQL InjectionWebAppsPHP
2020-08-05Stock Management System 1.0 - Authentication BypassWebAppsPHP
2020-08-04Daily Expenses Management System 1.0 - 'username' SQL InjectionWebAppsPHP
2020-08-04Pi-hole 4.3.2 - Remote Code Execution (Authenticated)WebAppsPython
2020-07-30Online Shopping Alphaware 1.0 - Authentication BypassWebAppsPHP
2020-07-29Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-29Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File DeletionWebAppsHardware
2020-07-28Cisco Adaptive Security Appliance Software 9.11 - Local File InclusionWebAppsHardware
2020-07-27eGroupWare 1.14 - 'spellchecker.php' Remote Command ExecutionWebAppsPHP
2020-07-26Rails 5.0.1 - Remote Code ExecutionWebAppsRuby
2020-07-26Virtual Airlines Manager 2.6.2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-26pfSense 2.4.4-p3 - Cross-Site Request ForgeryWebAppsPHP
2020-07-26Socket.io-file 2.0.31 - Arbitrary File UploadWebAppsMultiple
2020-07-26Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)WebAppsMultiple
2020-07-26F5 Big-IP 13.1.3 Build 0.0.6 - Local File InclusionWebAppsHardware
2020-07-26Webtareas 2.1p - Arbitrary File Upload (Authenticated)WebAppsPHP
2020-07-26Bio Star 2.8.2 - Local File InclusionWebAppsMultiple
2020-07-26PandoraFMS 7.0 NG 746 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-26Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)WebAppsPHP
2020-07-26elaniin CMS - Authentication BypassWebAppsPHP
2020-07-26Online Course Registration 1.0 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-07-26LibreHealth 2.0.0 - Authenticated Remote Code ExecutionWebAppsPHP
2020-07-26Bludit 3.9.2 - Directory TraversalWebAppsMultiple
2020-07-26WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)WebAppsPHP
2020-07-26WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File DownloadWebAppsPHP
2020-07-26UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-07-26INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code ExecutionWebAppsMultiple
2020-07-26ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL InjectionWebAppsJava
2020-07-26GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)WebAppsPHP
2020-07-23UBICOD Medivision Digital Signage 1.5.1 - Authorization BypassWebAppsHardware
2020-07-22Sophos VPN Web Panel 2020 - Denial of Service (Poc)WebAppsMultiple
2020-07-22WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL InjectionWebAppsPHP
2020-07-22Docsify.js 4.11.4 - Reflective Cross-Site ScriptingWebAppsMultiple
2020-07-17CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)WebAppsPHP
2020-07-16Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)WebAppsLua
2020-07-15Infor Storefront B2B 1.0 - 'usr_name' SQL InjectionWebAppsPHP
2020-07-15Online Farm Management System 0.1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-15Web Based Online Hotel Booking System 0.1.0 - Authentication BypassWebAppsPHP
2020-07-15Online Polling System 1.0 - Authentication BypassWebAppsPHP
2020-07-15Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL InjectionWebAppsPHP
2020-07-15Zyxel Armor X1 WAP6806 - Directory TraversalWebAppsHardware
2020-07-15SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-07-14Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)WebAppsMultiple
2020-07-14BSA Radar 1.6.7234.24750 - Local File InclusionWebAppsMultiple
2020-07-13Park Ticketing Management System 1.0 - Authentication BypassWebAppsPHP
2020-07-13Park Ticketing Management System 1.0 - 'viewid' SQL InjectionWebAppsPHP
2020-07-10Barangay Management System 1.0 - Authentication BypassWebAppsPHP
2020-07-10HelloWeb 2.0 - Arbitrary File DownloadWebAppsASP
2020-07-09Savsoft Quiz 5 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-09Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-07PHP 7.4 FFI - 'disable_functions' BypassWebAppsPHP
2020-07-08BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)WebAppsHardware
2020-07-08SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-07-07BSA Radar 1.6.7234.24750 - Authenticated Privilege EscalationWebAppsMultiple
2020-07-07Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL InjectionWebAppsPHP
2020-07-07Online Shopping Portal 3.1 - 'email' SQL InjectionWebAppsPHP
2020-07-07Sickbeard 0.1 - Remote Command InjectionWebAppsHardware
2020-07-05BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)WebAppsLinux
2020-07-06BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code ExecutionWebAppsLinux
2020-07-06Nagios XI 5.6.12 - 'export-rrd.php' Remote Code ExecutionWebAppsPHP
2020-07-06RSA IG&L Aveksa 7.1.1 - Remote Code ExecutionWebAppsMultiple
2020-07-06RiteCMS 2.2.1 - Authenticated Remote Code ExecutionWebAppsPHP
2020-07-06File Management System 1.1 - Persistent Cross-Site ScriptingWebAppsPHP
2020-07-02OCS Inventory NG 2.7 - Remote Code ExecutionWebAppsMultiple
2020-07-02ZenTao Pro 8.8.2 - Command InjectionWebAppsPHP
2020-07-01Online Shopping Portal 3.1 - Authentication BypassWebAppsPHP
2020-07-01PHP-Fusion 9.03.60 - PHP Object InjectionWebAppsPHP
2020-07-01e-learning Php Script 0.1.0 - 'search' SQL InjectionWebAppsPHP
2020-06-30Reside Property Management 3.0 - 'profile' SQL InjectionWebAppsPHP
2020-06-30Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site ScriptingWebAppsPHP
2020-06-26OpenEMR 5.0.1 - 'controller' Remote Code ExecutionWebAppsPHP
2020-06-25FHEM 6.0 - Local File InclusionWebAppsPHP
2020-06-24BSA Radar 1.6.7234.24750 - Persistent Cross-Site ScriptingWebAppsMultiple
2020-06-23Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)WebAppsPHP
2020-06-23Responsive Online Blog 1.0 - 'id' SQL InjectionWebAppsPHP
2020-06-22WebPort 1.19.1 - 'setup' Reflected Cross-Site ScriptingWebAppsPHP
2020-06-22WebPort 1.19.1 - Reflected Cross-Site ScriptingWebAppsMultiple
2020-06-22Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File UploadWebAppsPHP
2020-06-22Odoo 12.0 - Local File InclusionWebAppsMultiple
2020-06-22Student Enrollment 1.0 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-06-22FileRun 2019.05.21 - Reflected Cross-Site ScriptingWebAppsMultiple
2020-06-18Beauty Parlour Management System 1.0 - Authentication BypassWebAppsPHP
2020-06-17OpenCTI 3.3.1 - Directory TraversalWebAppsMultiple
2020-06-17College-Management-System-Php 1.0 - Authentication BypassWebAppsPHP
2020-06-16Gila CMS 1.11.8 - 'query' SQL InjectionWebAppsPHP
2020-06-15Netgear R7000 Router - Remote Code ExecutionWebAppsHardware
2020-06-12Sysax MultiServer 6.90 - Reflected Cross Site ScriptingWebAppsMultiple
2020-06-12Avaya IP Office 11 - Password DisclosureWebAppsMultiple
2020-06-12SmarterMail 16 - Arbitrary File UploadWebAppsMultiple
2020-06-10Virtual Airlines Manager 2.6.2 - 'id' SQL InjectionWebAppsPHP
2020-06-10Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL InjectionWebAppsPHP
2020-06-10Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-06-09Bludit 3.9.12 - Directory TraversalWebAppsPHP
2020-06-09Virtual Airlines Manager 2.6.2 - 'airport' SQL InjectionWebAppsPHP
2020-06-08Virtual Airlines Manager 2.6.2 - 'notam' SQL InjectionWebAppsPHP
2020-06-08Kyocera Printer d-COPIA253MF - Directory Traversal (PoC)WebAppsHardware
2020-06-05Online-Exam-System 2015 - 'feedback' SQL InjectionWebAppsPHP
2020-06-05Online Course Registration 1.0 - Authentication BypassWebAppsPHP
2020-06-04Cayin Digital Signage System xPost 2.5 - Remote Command InjectionWebAppsMultiple
2020-06-04Cayin Signage Media Player 3.0 - Remote Command Injection (root)WebAppsMultiple
2020-06-04Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File ReadWebAppsHardware
2020-06-04SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)WebAppsHardware
2020-06-04Cayin Content Management Server 11.0 - Remote Command Injection (root)WebAppsMultiple
2020-06-04Online Marriage Registration System 1.0 - Remote Code ExecutionWebAppsPHP
2020-06-04D-Link DIR-615 T1 20.10 - CAPTCHA BypassWebAppsHardware
2020-06-04Navigate CMS 2.8.7 - Authenticated Directory TraversalWebAppsPHP
2020-06-04VMWAre vCloud Director 9.7.0.15498291 - Remote Code ExecutionWebAppsJava
2020-06-04Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-06-04Clinic Management System 1.0 - Authenticated Arbitrary File UploadWebAppsPHP
2020-06-04Oriol Espinal CMS 1.0 - 'id' SQL InjectionWebAppsPHP
2020-06-04Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)WebAppsPHP
2020-06-04Clinic Management System 1.0 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-06-04Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)WebAppsPHP
2020-06-04AirControl 1.4.2 - PreAuth Remote Code ExecutionWebAppsHardware
2020-06-02OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)WebAppsPHP
2020-06-02Clinic Management System 1.0 - Authentication BypassWebAppsPHP
2020-06-01QuickBox Pro 2.1.8 - Authenticated Remote Code ExecutionWebAppsPHP
2020-06-01VMware vCenter Server 6.7 - Authentication BypassWebAppsMultiple
2020-06-01WordPress Plugin BBPress 2.5 - Unauthenticated Privilege EscalationWebAppsPHP
2020-05-29Crystal Shard http-protection 0.2.0 - IP Spoofing BypassWebAppsMultiple
2020-05-29WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)WebAppsPHP
2020-05-28QNAP QTS and Photo Station 6.0.3 - Remote Command ExecutionWebAppsPHP
2020-05-28EyouCMS 1.4.6 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-28Online-Exam-System 2015 - 'fid' SQL InjectionWebAppsPHP
2020-05-28NOKIA VitalSuite SPM 2020 - 'UserName' SQL InjectionWebAppsMultiple
2020-05-27OXID eShop 6.3.4 - 'sorting' SQL InjectionWebAppsPHP
2020-05-27Kuicms PHP EE 2.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-27osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-27osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-27LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-27Online Marriage Registration System 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-26WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code ExecutionWebAppsPHP
2020-05-26Pi-hole 4.4.0 - Remote Code Execution (Authenticated)WebAppsLinux
2020-05-26Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)WebAppsPHP
2020-05-26Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)WebAppsPHP
2020-05-26OpenEMR 5.0.1 - Remote Code ExecutionWebAppsPHP
2020-05-25Online Discussion Forum Site 1.0 - Remote Code ExecutionWebAppsPHP
2020-05-25Victor CMS 1.0 - 'add_user' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-25WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)WebAppsPHP
2020-05-22Gym Management System 1.0 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-05-22Dolibarr 11.0.3 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-21OpenEDX platform Ironwood 2.5 - Remote Code ExecutionWebAppsMultiple
2020-05-21PHPFusion 9.03.50 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-21Composr CMS 10.0.30 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-21forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)WebAppsPHP
2020-05-20CraftCMS 3 vCard Plugin 1.0.0 - Remote Code ExecutionWebAppsPHP
2020-05-19Victor CMS 1.0 - Authenticated Arbitrary File UploadWebAppsPHP
2020-05-19NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password)WebAppsPHP
2020-05-19Submitty 20.04.01 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-19php-fusion 9.03.50 - 'ctype' SQL InjectionWebAppsPHP
2020-05-19qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-19Victor CMS 1.0 - 'cat_id' SQL InjectionWebAppsPHP
2020-05-19Victor CMS 1.0 - 'comment_author' Persistent Cross-Site ScriptingWebAppsPHP
2020-05-18Online Healthcare management system 1.0 - Authentication BypassWebAppsPHP
2020-05-18Online Healthcare Patient Record Management System 1.0 - Authentication BypassWebAppsPHP
2020-05-18online Chatting System 1.0 - 'id' SQL InjectionWebAppsPHP
2020-05-18Monstra CMS 3.0.4 - Authenticated Arbitrary File UploadWebAppsPHP
2020-05-18forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-18Oracle Hospitality RES 3700 5.7 - Remote Code ExecutionWebAppsJava
2020-05-18Online Examination System 1.0 - 'eid' SQL InjectionWebAppsPHP
2020-05-18Wordpress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL InjectionWebAppsPHP
2020-05-18Mikrotik Router Monitoring System 1.2.3 - 'community' SQL InjectionWebAppsHardware
2020-05-15ManageEngine Service Desk 10.0 - Cross-Site ScriptingWebAppsJava
2020-05-15vBulletin 5.6.1 - 'nodeId' SQL InjectionWebAppsPHP
2020-05-14E-Commerce System 1.0 - Unauthenticated Remote Code ExecutionWebAppsPHP
2020-05-14Netlink XPON 1GE WiFi V2801RGW - Remote Command ExecutionWebAppsHardware
2020-05-14Complaint Management System 1.0 - 'username' SQL InjectionWebAppsPHP
2020-05-13Sellacious eCommerce 4.6 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-13Tryton 5.4 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-12TylerTech Eagle 2018.3.11 - Remote Code ExecutionWebAppsJava
2020-05-12qdPM 9.1 - Arbitrary File UploadWebAppsPHP
2020-05-12Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site ScriptingWebAppsJava
2020-05-12CuteNews 2.1.2 - Authenticated Arbitrary File UploadWebAppsPHP
2020-05-12ChopSlider3 Wordpress Plugin3.4 - 'id' SQL InjectionWebAppsPHP
2020-05-12Orchard Core RC1 - Persistent Cross-Site ScriptingWebAppsASPX
2014-12-23Phase Botnet - Blind SQL InjectionWebAppsLinux
2020-05-11LibreNMS 1.46 - 'search' SQL InjectionWebAppsMultiple
2020-05-11Complaint Management System 1.0 - Authentication BypassWebAppsPHP
2020-05-11Victor CMS 1.0 - 'post' SQL InjectionWebAppsPHP
2020-05-11OpenZ ERP 3.6.60 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-11CuteNews 2.1.2 - Arbitrary File DeletionWebAppsPHP
2020-05-11Sentrifugo CMS 3.2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-11Kartris 1.6 - Arbitrary File UploadWebAppsASPX
2020-05-11Online AgroCulture Farm Management System 1.0 - 'uname' SQL InjectionWebAppsPHP
2020-05-10Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges EscalationWebAppsLinux
2020-05-10Pi-hole < 4.4 - Authenticated Remote Code ExecutionWebAppsLinux
2020-05-07Online AgroCulture Farm Management System 1.0 - 'pid' SQL InjectionWebAppsPHP
2020-05-07Pisay Online E-Learning System 1.0 - Remote Code ExecutionWebAppsPHP
2020-05-07Online Clothing Store 1.0 - Arbitrary File UploadWebAppsPHP
2020-05-07School File Management System 1.0 - 'username' SQL InjectionWebAppsPHP
2020-05-07Draytek VigorAP 1000C - Persistent Cross-Site ScriptingWebAppsHardware
2020-05-07Car Park Management System 1.0 - Authentication BypassWebAppsPHP
2020-05-06MPC Sharj 3.11.1 - Arbitrary File DownloadWebAppsPHP
2020-05-06YesWiki cercopitheque 2020.04.18.1 - 'id' SQL InjectionWebAppsPHP
2020-05-06GitLab 12.9.0 - Arbitrary File ReadWebAppsRuby
2020-05-06webTareas 2.0.p8 - Arbitrary File DeletionWebAppsPHP
2020-05-06Online Clothing Store 1.0 - 'username' SQL InjectionWebAppsPHP
2020-05-06Booked Scheduler 2.7.7 - Authenticated Directory TraversalWebAppsPHP
2020-05-06i-doit Open Source CMDB 1.14.1 - Arbitrary File DeletionWebAppsPHP
2020-05-06Online Clothing Store 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-05NEC Electra Elite IPK II WebPro 01.03.01 - Session EnumerationWebAppsHardware
2020-05-05SimplePHPGal 0.7 - Remote File InclusionWebAppsPHP
2020-05-05PhreeBooks ERP 5.2.5 - Remote Command ExecutionWebAppsPHP
2020-05-05BlogEngine 3.3 - 'syndication.axd' XML External Entity InjectionWebAppsXML
2020-05-05webERP 4.15.1 - Unauthenticated Backup File AccessWebAppsPHP
2020-05-05Online Scheduling System 1.0 - 'username' SQL InjectionWebAppsPHP
2020-05-05Fishing Reservation System 7.5 - 'uid' SQL InjectionWebAppsPHP
2020-05-04addressbook 9.0.0.1 - 'id' SQL InjectionWebAppsPHP
2020-05-04osTicket 1.14.1 - Persistent Authenticated Cross-Site ScriptingWebAppsPHP
2020-05-04BoltWire 6.03 - Local File InclusionWebAppsPHP
2020-05-01Online Scheduling System 1.0 - Authentication BypassWebAppsPHP
2020-05-01Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)WebAppsJava
2020-05-01HardDrive 2.1 for iOS - Arbitrary File UploadWebAppsiOS
2020-05-01Super Backup 2.0.5 for iOS - Directory TraversalWebAppsiOS
2020-05-01php-fusion 9.03.50 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-01Online Scheduling System 1.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-05-01ChemInv 1.0 - Authenticated Persistent Cross-Site ScriptingWebAppsPHP
2020-04-29hits script 1.0 - 'item_name' SQL InjectionWebAppsPHP
2020-04-29Easy Transfer 1.7 for iOS - Directory TraversalWebAppsiOS
2020-04-29School ERP Pro 1.0 - Arbitrary File ReadWebAppsPHP
2020-04-29Open-AudIT Professional 3.3.1 - Remote Code ExecutionWebAppsPHP
2020-04-28School ERP Pro 1.0 - Remote Code ExecutionWebAppsPHP
2020-04-28School ERP Pro 1.0 - 'es_messagesid' SQL InjectionWebAppsPHP
2020-04-27Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-04-27Online Course Registration 2.0 - Authentication BypassWebAppsPHP
2020-04-27Netis E1+ V1.2.32533 - Unauthenticated WiFi Password LeakWebAppsHardware
2020-04-27Online shopping system advanced 1.0 - 'p' SQL InjectionWebAppsPHP
2020-04-27Netis E1+ 1.2.32533 - Backdoor Account (root)WebAppsHardware
2020-04-27PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File UploadWebAppsPHP
2020-04-24Furukawa Electric ConsciusMAP 2.8.1 - Remote Code ExecutionWebAppsJava
2020-04-24Edimax EW-7438RPn 1.13 - Remote Code ExecutionWebAppsHardware
2020-04-24EspoCRM 5.8.5 - Privilege EscalationWebAppsMultiple
2020-04-23Sky File 2.1.0 iOS - Directory TraversalWebAppsiOS
2020-04-23Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)WebAppsCGI
2020-04-23Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)WebAppsPHP
2020-04-23Complaint Management System 4.2 - Authentication BypassWebAppsPHP
2020-04-23Complaint Management System 4.2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-23User Management System 2.0 - Authentication BypassWebAppsPHP
2020-04-23User Management System 2.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-22Mahara 19.10.2 CMS - Persistent Cross-Site ScriptingWebAppsLinux
2020-04-22Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)WebAppsHardware
2020-04-22Edimax EW-7438RPn - Information Disclosure (WiFi Password)WebAppsHardware
2020-04-21P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)WebAppsHardware
2020-04-21jizhi CMS 1.6.7 - Arbitrary File DownloadWebAppsPHP
2020-04-21NSClient++ 0.5.2.35 - Authenticated Remote Code ExecutionWebAppsJSON
2020-04-21IQrouter 3.3.1 Firmware - Remote Code ExecutionWebAppsHardware
2020-04-21CSZ CMS 1.2.7 - 'title' HTML InjectionWebAppsPHP
2020-04-21PMB 5.6 - 'logid' SQL InjectionWebAppsPHP
2020-04-21CSZ CMS 1.2.7 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-20Fork CMS 5.8.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-20Centreon 19.10.5 - 'id' SQL InjectionWebAppsPHP
2020-04-17TAO Open Source Assessment Platform 3.3.0 RC02 - HTML InjectionWebAppsPHP
2020-04-17Playable 9.18 iOS - Persistent Cross-Site ScriptingWebAppsiOS
2020-04-15Xeroneit Library Management System 3.0 - 'category' SQL InjectionWebAppsPHP
2020-04-15File Transfer iFamily 2.1 - Directory TraversalWebAppsiOS
2020-04-15DedeCMS 7.5 SP2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-15Macs Framework 1.14f CMS - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-15SeedDMS 5.1.18 - Persistent Cross-Site ScriptingWebAppsPHP
2020-04-15Pinger 1.0 - Remote Code ExecutionWebAppsPHP
2020-04-15SuperBackup 2.0.5 for iOS - Persistent Cross-Site ScriptingWebAppsiOS
2020-04-15AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site ScriptingWebAppsiOS
2020-04-14Oracle WebLogic Server 12.2.1.4.0 - Remote Code ExecutionWebAppsJava
2020-04-14WSO2 3.1.0 - Persistent Cross-Site ScriptingWebAppsJava
2020-04-14Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code ExecutionWebAppsHardware
2020-04-13MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL InjectionWebAppsPHP
2020-04-13Wordpress Plugin Media Library Assistant 2.81 - Local File InclusionWebAppsPHP
2020-04-13WSO2 3.1.0 - Arbitrary File DeleteWebAppsJava
2020-04-13Webtateas 2.0 - Arbitrary File ReadWebAppsPHP
2020-04-13TVT NVMS 1000 - Directory TraversalWebAppsHardware
2020-04-13Huawei HG630 2 Router - Authentication BypassWebAppsHardware
2020-04-10Zen Load Balancer 3.10.1 - 'index.cgi' Directory TraversalWebAppsCGI
2020-04-08Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)WebAppsHardware
2020-04-08Django 3.0 - Cross-Site Request Forgery Token BypassWebAppsPHP
2020-04-06pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site ScriptingWebAppsFreeBSD
2020-04-06LimeSurvey 4.1.11 - 'File Manager' Path TraversalWebAppsPHP
2020-04-06Bolt CMS 3.7.0 - Authenticated Remote Code ExecutionWebAppsPHP
2020-04-06WhatsApp Desktop 0.3.9308 - Persistent Cross-Site ScriptingWebAppsMultiple
2020-04-06Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)WebAppsMultiple
2020-04-06LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site ScriptingWebAppsPHP
2020-04-03Pandora FMS 7.0NG - 'net_tools.php' Remote Code ExecutionWebAppsPHP
2020-03-31Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL InjectionWebAppsHardware
2020-03-31Grandstream UCM6200 Series CTI Interface - 'user_password' SQL InjectionWebAppsHardware
2020-03-30Zen Load Balancer 3.10.1 - Remote Code ExecutionWebAppsCGI
2020-03-30Joomla! com_fabrik 3.9.11 - Directory TraversalWebAppsPHP
2020-03-27rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code ExecutionWebAppsPHP
2020-03-27Jinfornet Jreport 15.6 - Unauthenticated Directory TraversalWebAppsJava
2020-03-27ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-03-26Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code ExecutionWebAppsPHP
2020-03-26TP-Link Archer C50 3 - Denial of Service (PoC)WebAppsHardware
2020-03-25LeptonCMS 4.5.0 - Persistent Cross-Site ScriptingWebAppsPHP
2020-03-25Joomla! Component GMapFP 3.30 - Arbitrary File UploadWebAppsPHP
2020-03-24UCM6202 1.0.18.13 - Remote Command InjectionWebAppsHardware
2020-03-24Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site ScriptingWebAppsPHP
2020-03-24UliCMS 2020.1 - Persistent Cross-Site ScriptingWebAppsPHP
2020-03-23Joomla! com_hdwplayer 4.2 - 'search.php' SQL InjectionWebAppsPHP
2020-03-23rConfig 3.9.4 - 'search.crud.php' Remote Command InjectionWebAppsPHP
2020-03-23FIBARO System Home Center 5.021 - Remote File IncludeWebAppsMultiple
2020-03-20Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-03-18Netlink GPON Router 1.0.11 - Remote Code ExecutionWebAppsHardware
2020-03-16PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code ExecutionWebAppsPHP
2020-03-16PHPKB Multi-Language 9 - Authenticated Directory TraversalWebAppsPHP
2020-03-16PHPKB Multi-Language 9 - Authenticated Remote Code ExecutionWebAppsPHP
2020-03-16MiladWorkShop VIP System 1.0 - 'lang' SQL InjectionWebAppsPHP
2020-03-16Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)WebAppsASP
2020-03-10Horde Groupware Webmail Edition 5.2.22 - Remote Code ExecutionWebAppsPHP
2020-03-13Centos WebPanel 7 - 'term' SQL InjectionWebAppsLinux
2020-03-11Horde Groupware Webmail Edition 5.2.22 - PHAR LoadingWebAppsPHP
2020-03-11Horde Groupware Webmail Edition 5.2.22 - PHP File InclusionWebAppsPHP
2020-03-12rConfig 3.9 - 'searchColumn' SQL InjectionWebAppsPHP
2020-03-12rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code ExecutionWebAppsPHP
2020-03-12HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-03-12Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV InjectionWebAppsPHP
2020-03-12WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential DisclosureWebAppsJava
2020-03-12Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL InjectionWebAppsPHP
2020-03-11Wordpress Plugin Search Meter 2.13.2 - CSV injectionWebAppsPHP
2020-03-10Persian VIP Download Script 1.0 - 'active' SQL InjectionWebAppsPHP
2020-03-10YzmCMS 5.5 - 'url' Persistent Cross-Site ScriptingWebAppsPHP
2020-03-10Sysaid 20.1.11 b26 - Remote Command ExecutionWebAppsJava
2020-03-09Sentrifugo HRMS 3.2 - 'id' SQL InjectionWebAppsPHP
2020-03-0960CycleCMS - 'news.php' SQL InjectionWebAppsPHP
2019-12-12ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code ExecutionWebAppsMultiple
2020-03-04UniSharp Laravel File Manager 2.0.0 - Arbitrary File ReadWebAppsPHP
2020-03-03RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML InjectionWebAppsHardware
2020-03-03GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL InjectionWebAppsPHP
2020-03-03Alfresco 5.2.4 - Persistent Cross-Site ScriptingWebAppsPHP
2020-03-03RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML InjectionWebAppsHardware
2020-03-02Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)WebAppsPHP
2020-03-02Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)WebAppsHardware
2020-03-02TP LINK TL-WR849N - Remote Code ExecutionWebAppsHardware
2020-03-02Wing FTP Server 6.2.5 - Privilege EscalationWebAppsMultiple
2020-03-02TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)WebAppsHardware
2020-03-02Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)WebAppsPHP
2020-03-02Netis WF2419 2.2.36123 - Remote Code ExecutionWebAppsHardware
2020-03-02Joplin Desktop 1.0.184 - Cross-Site ScriptingWebAppsMultiple
2020-02-28qdPM < 9.1 - Remote Code ExecutionWebAppsMultiple
2020-02-03Cacti 1.2.8 - Unauthenticated Remote Code ExecutionWebAppsMultiple
2020-02-03Cacti 1.2.8 - Authenticated Remote Code ExecutionWebAppsMultiple
2020-02-20Apache Tomcat - AJP 'Ghostcat File Read/InclusionWebAppsMultiple
2020-02-27Comtrend VR-3033 - Command InjectionWebAppsHardware
2020-02-27Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-02-26PhpIX 2012 Professional - 'id' SQL InjectionWebAppsPHP
2020-02-25Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process BypassWebAppsPHP
2020-02-25WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process BypassWebAppsPHP
2020-02-24Cacti 1.2.8 - Remote Code ExecutionWebAppsPHP
2020-02-24Aptina AR0130 960P 1.3MP Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-24DotNetNuke 9.5 - File Upload Restrictions BypassWebAppsASPX
2020-02-24DotNetNuke 9.5 - Persistent Cross-Site ScriptingWebAppsASPX
2020-02-24eLection 2.0 - 'id' SQL InjectionWebAppsPHP
2020-02-24ManageEngine EventLog Analyzer 10.0 - Information DisclosureWebAppsJava
2020-02-24I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-24ATutor 2.2.4 - 'id' SQL InjectionWebAppsPHP
2020-02-24SecuSTATION SC-831 HD Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-24AMSS++ 4.7 - Backdoor Admin AccountWebAppsPHP
2020-02-24CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)WebAppsPHP
2020-02-24SecuSTATION IPCAM-130 HD Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-24AMSS++ v 4.31 - 'id' SQL InjectionWebAppsPHP
2020-02-24Real Web Pentesting Tutorial Step by Step - [Persian]WebAppsMultiple
2020-02-24ESCAM QD-900 WIFI HD Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-24GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL InjectionWebAppsPHP
2020-02-24Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site ScriptingWebAppsHardware
2020-02-20Easy2Pilot 7 - Cross-Site Request Forgery (Add User)WebAppsPHP
2020-02-19Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory LeakWebAppsHardware
2020-02-19DBPower C300 HD Camera - Remote Configuration DisclosureWebAppsHardware
2020-02-19Virtual Freer 1.58 - Remote Command ExecutionWebAppsPHP
2020-02-17LabVantage 8.3 - Information DisclosureWebAppsJava
2020-02-17SOPlanning 1.45 - 'users' SQL InjectionWebAppsPHP
2020-02-17SOPlanning 1.45 - Cross-Site Request Forgery (Add User)WebAppsPHP
2020-02-17WordPress Theme Fruitful 3.8 - Persistent Cross-Site ScriptingWebAppsPHP
2020-02-17Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)WebAppsPHP
2020-02-17Avaya Aura Communication Manager 5.2 - Remote Code ExecutionWebAppsHardware
2020-02-17Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site ScriptingWebAppsPHP
2020-02-17SOPlanning 1.45 - 'by' SQL InjectionWebAppsPHP
2020-02-14phpMyChat Plus 1.98 - 'pmc_username' SQL InjectionWebAppsPHP
2020-02-13WordPress Plugin ultimate-member 2.1.3 - Local File InclusionWebAppsPHP
2020-02-13PANDORAFMS 7.0 - Authenticated Remote Code ExecutionWebAppsPHP
2020-02-13Wordpress Plugin contact-form-7 5.1.6 - Remote File UploadWebAppsPHP
2020-02-13Wordpress Plugin wordfence.7.4.5 - Local File DisclosureWebAppsPHP
2020-02-13Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site ScriptingWebAppsPHP
2020-02-13Wordpress Plugin tutor.1.5.3 - Local File InclusionWebAppsPHP
2020-02-11WordPress InfiniteWP - Client Authentication Bypass (Metasploit)WebAppsPHP
2020-02-11Vanilla Forums 2.6.3 - Persistent Cross-Site ScriptingWebAppsPHP
2020-02-11CHIYU BF430 TCP IP Converter - Stored Cross-Site ScriptingWebAppsCGI
2020-02-10LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site ScriptingWebAppsPHP
2020-02-10Forcepoint WebSecurity 8.5 - Reflective Cross-Site ScriptingWebAppsMultiple
2020-02-07Google Invisible RECAPTCHA 3 - Spoof BypassWebAppsMultiple
2020-02-07ExpertGPS 6.38 - XML External Entity InjectionWebAppsXML
2020-02-07EyesOfNetwork 5.3 - Remote Code ExecutionWebAppsPHP
2020-02-07PackWeb Formap E-learning 1.0 - 'NumCours' SQL InjectionWebAppsPHP
2020-02-07VehicleWorkshop 1.0 - 'bookingid' SQL InjectionWebAppsPHP
2020-02-07QuickDate 1.3.2 - SQL InjectionWebAppsPHP
2020-02-06Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command InjectionWebAppsJava
2020-02-06Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL InjectionWebAppsJava
2020-02-06Cisco Data Center Network Manager 11.2 - Remote Code ExecutionWebAppsJava
2020-02-06Ecommerce Systempay 1.0 - Production KEY Brute ForceWebAppsPHP
2020-02-06Online Job Portal 1.0 - Cross Site Request Forgery (Add User)WebAppsPHP
2020-02-06Online Job Portal 1.0 - Remote Code ExecutionWebAppsPHP
2020-02-06Online Job Portal 1.0 - 'user_email' SQL InjectionWebAppsPHP
2020-02-05AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)WebAppsJSON
2020-02-05Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)WebAppsJSON
2020-02-05Kronos WebTA 4.0 - Authenticated Remote Privilege EscalationWebAppsJava
2020-02-05Wago PFC200 - Authenticated Remote Code Execution (Metasploit)WebAppsHardware
2020-02-05AVideo Platform 8.1 - Information Disclosure (User Enumeration)WebAppsJSON
2020-02-04F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)WebAppsLinux
2020-02-04Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)WebAppsPHP
2020-02-03School ERP System 1.0 - Cross Site Request Forgery (Add Admin)WebAppsPHP
2020-02-03Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command InjectionWebAppsHardware
2020-02-03Jira 8.3.4 - Information Disclosure (Username Enumeration)WebAppsJava
2020-02-03phpList 3.5.0 - Authentication BypassWebAppsPHP
2020-02-03IceWarp WebMail 11.4.4.1 - Reflective Cross-Site ScriptingWebAppsPHP
2020-01-31FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)WebAppsPHP
2020-01-31Lotus Core CMS 1.0.1 - Local File InclusionWebAppsPHP
2020-01-30rConfig 3.9.3 - Authenticated Remote Code ExecutionWebAppsPHP
2020-01-29Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site ScriptingWebAppsHardware
2020-01-29Centreon 19.10.5 - 'centreontrapd' Remote Command ExecutionWebAppsPHP
2020-01-29Centreon 19.10.5 - 'Pollers' Remote Command ExecutionWebAppsPHP
2020-01-29Satellian 1.12 - Remote Code ExecutionWebAppsHardware
2020-01-29Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)WebAppsPHP
2020-01-29Liferay CE Portal 6.0.2 - Remote Command ExecutionWebAppsJava
2020-01-29Kibana 6.6.1 - CSV InjectionWebAppsWindows
2020-01-28Centreon 19.10.5 - Remote Command ExecutionWebAppsPHP
2020-01-28Centreon 19.10.5 - Database Credentials DisclosureWebAppsPHP
2020-01-28Octeth Oempro 4.8 - 'CampaignID' SQL InjectionWebAppsPHP
2020-01-28Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)WebAppsPHP
2020-01-24Genexis Platinum-4410 2.1 - Authentication BypassWebAppsHardware
2020-01-24OLK Web Store 2020 - Cross-Site Request ForgeryWebAppsASP
2020-01-24Webtareas 2.0 - 'id' SQL InjectionWebAppsPHP
2020-01-24TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote RebootWebAppsHardware
2020-01-23qdPM 9.1 - Remote Code ExecutionWebAppsPHP
2020-01-22Citrix XenMobile Server 10.8 - XML External Entity InjectionWebAppsXML
2020-01-21ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL InjectionWebAppsJava
2020-01-20Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)WebAppsPHP
2020-01-20Adive Framework 2.0.8 - Persistent Cross-Site ScriptingWebAppsPHP
2020-01-17Wordpress Time Capsule Plugin 1.21.16 - Authentication BypassWebAppsPHP
2020-01-17Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication BypassWebAppsPHP
2020-01-16Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL InjectionWebAppsPHP
2020-01-16Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL InjectionWebAppsPHP
2020-01-16Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path TraversalWebAppsMultiple
2020-01-16Tautulli 2.1.9 - Denial of Service ( Metasploit )WebAppsMultiple
2020-01-16Online Book Store 1.0 - Arbitrary File UploadWebAppsPHP
2020-01-16Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site ScriptingWebAppsJava
2020-01-16Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL InjectionWebAppsPHP
2020-01-16WordPress Plugin Postie 1.9.40 - Persistent Cross-Site ScriptingWebAppsPHP
2020-01-15Huawei HG255 - Directory Traversal ( Metasploit )WebAppsHardware
2020-01-15Online Book Store 1.0 - 'bookisbn' SQL InjectionWebAppsPHP
2020-01-14IBM RICOH 6400 Printer - HTML InjectionWebAppsHardware
2020-01-14IBM RICOH InfoPrint 6500 Printer - HTML InjectionWebAppsHardware
2020-01-13Digi AnywhereUSB 14 - Reflective Cross-Site ScriptingWebAppsPHP
2020-01-13Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)WebAppsMultiple
2020-01-13Chevereto 3.13.4 Core - Remote Code ExecutionwebappsPHP
2020-01-13Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)webappsMultiple
2020-01-13Digi AnywhereUSB 14 - Reflective Cross-Site ScriptingwebappsPHP
2020-01-11Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)webappsMultiple
2020-01-11Citrix Application Delivery Controller and Citrix Gateway - Remote Code ExecutionwebappsMultiple
2020-01-10Pandora 7.0NG - Remote Code ExecutionwebappsPHP
2020-01-10PixelStor 5000 K:4.0.1580-20150629 - Remote Code ExecutionwebappsPHP
2020-01-10ASTPP 4.0.1 VoIP Billing - Database Backup DownloadwebappsLinux
2020-01-09Oracle Weblogic 10.3.6.0.0 - Remote Command ExecutionwebappsJava
2020-01-08Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site ScriptingwebappsPHP
2020-01-08Online Book Store 1.0 - Unauthenticated Remote Code ExecutionwebappsPHP
2020-01-08Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox EscapewebappsJava
2020-01-07Job Portal 1.0 - Remote Code ExecutionwebappsPHP
2020-01-07piSignage 2.6.4 - Directory TraversalwebappsHardware
2020-01-07Complaint Management System 4.0 - Remote Code ExecutionwebappsPHP
2020-01-06Dairy Farm Shop Management System 1.0 - 'username' SQL InjectionwebappsPHP
2020-01-06Complaint Management System 4.0 - 'cid' SQL injectionwebappsPHP
2020-01-06IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site ScriptingwebappsHardware
2020-01-06Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)webappsPHP
2020-01-06Hostel Management System 2.0 - 'id' SQL InjectionwebappsPHP
2020-01-06elaniin CMS 1.0 - Authentication BypasswebappsPHP
2020-01-06Small CRM 2.0 - Authentication BypasswebappsPHP
2020-01-06Voyager 1.3.0 - Directory TraversalwebappsPHP
2020-01-06Codoforum 4.8.3 - Persistent Cross-Site ScriptingwebappsPHP
2020-01-03Online Course Registration 2.0 - Remote Code ExecutionwebappsPHP
2020-01-03Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL InjectionwebappsPHP
2020-01-02Hospital Management System 4.0 - 'searchdata' SQL InjectionwebappsPHP
2020-01-02Hospital Management System 4.0 - Persistent Cross-Site ScriptingwebappsPHP
2020-01-02BloodX 1.0 - Authentication BypasswebappsPHP
2020-01-01Shopping Portal ProVersion 3.0 - Authentication BypasswebappsPHP
2020-01-01IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory TraversalwebappsHardware
2020-01-01Hospital Management System 4.0 - Authentication BypasswebappsPHP