Exploit Web Applications 2023

Exploit Web Applications 2023() -

Web Applications H 2023 2022 2021 2020 2019 2018

2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking	WebApps	Hardware
2023-04-14	InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal	WebApps	ASP
2023-04-14	Bludit 4.0.0-rc-2 - Account takeover	WebApps	PHP
2023-04-10	Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-10	BrainyCP V1.0 - Remote Code Execution	WebApps	PHP
2023-04-10	Roxy Fileman 1.4.5 - Arbitrary File Upload	WebApps	ASHX
2023-04-10	ever gauzy v0.281.9 - JWT weak HMAC secret	WebApps	TypeScript
2023-04-08	dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-04-08	pfsenseCE v2.6.0 - Anti-brute force protection bypass	WebApps	PHP
2023-04-08	Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	JSP
2023-04-08	WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-08	ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)	WebApps	CGI
2023-04-08	X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-04-08	X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-04-08	Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-08	Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-08	Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-08	Suprema BioStar 2 v2.8.16 - SQL Injection	WebApps	Multiple
2023-04-08	Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)	WebApps	Java
2023-04-08	Medicine Tracker System v1.0 - Sql Injection	WebApps	PHP
2023-04-08	Online Appointment System V1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-08	ENTAB ERP 1.0 - Username PII leak	WebApps	ASP
2023-04-08	Joomla! v4.2.8 - Unauthenticated information disclosure	WebApps	PHP
2023-04-08	Restaurant Management System 1.0 - SQL Injection	WebApps	PHP
2023-04-08	Icinga Web 2.10 - Arbitrary File Disclosure	WebApps	PHP
2023-04-08	Adobe Connect 11.4.5 - Local File Disclosure	WebApps	Multiple
2023-04-08	Altenergy Power Control Software C1.2.5 - OS command injection	WebApps	Hardware
2023-04-07	Snitz Forum v1.0 - Blind SQL Injection	WebApps	ASP
2023-04-07	Rukovoditel 3.3.1 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-07	ChurchCRM 4.5.1 - Authenticated SQL Injection	WebApps	PHP
2023-04-07	NotrinosERP 0.7 - Authenticated Blind SQL Injection	WebApps	PHP
2023-04-07	MAC 1200R - Directory Traversal	WebApps	Hardware
2023-04-06	craftercms 4.x.x - CORS	WebApps	Multiple
2023-04-06	Purchase Order Management-1.0 - Local File Inclusion	WebApps	PHP
2023-04-06	Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI	WebApps	CGI
2023-04-06	Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-06	ChurchCRM v4.5.3-121fcc1 - SQL Injection	WebApps	PHP
2023-04-06	flatnux 2021-03.25 - Remote Code Execution (Authenticated)	WebApps	PHP
2023-04-06	Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on page Master.php	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on page view_music_details.php	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - Broken Access Control	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on music_list.php	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - SQL Injection on edit-task.php	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - Broken Authentication	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection on manage_user.php	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection	WebApps	PHP
2023-04-06	Auto Dealer Management System 1.0 - Broken Access Control Exploit	WebApps	PHP
2023-04-06	Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload	WebApps	PHP
2023-04-06	Best pos Management System v1.0 - SQL Injection	WebApps	PHP
2023-04-06	Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking	WebApps	PHP
2023-04-06	POLR URL 2.3.0 - Shortener Admin Takeover	WebApps	PHP
2023-04-06	modoboa 2.0.4 - Admin TakeOver	WebApps	Python
2023-04-06	LDAP Tool Box Self Service Password v1.5.2 - Account takeover	WebApps	PHP
2023-04-06	Intern Record System v1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-06	Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-06	Art Gallery Management System Project in PHP v 1.0 - SQL injection	WebApps	PHP
2023-04-06	atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE	WebApps	PHP
2023-04-06	Dompdf 1.2.1 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-06	EasyNas 1.1.0 - OS Command Injection	WebApps	Perl
2023-04-05	Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)	WebApps	Multiple
2023-04-05	Froxlor 2.0.3 Stable - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	ImageMagick 7.1.0-49 - Arbitrary File Read	WebApps	PHP
2023-04-05	CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Answerdev 1.0.3 - Account Takeover	WebApps	Go
2023-04-05	ERPNext 12.29 - Cross-Site Scripting (XSS)	WebApps	Java
2023-04-05	BTCPay Server v1.7.4 - HTML Injection.	WebApps	Multiple
2023-04-05	itech TrainSmart r1044 - SQL injection	WebApps	PHP
2023-04-05	Responsive FileManager 9.9.5 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-05	bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Liferay Portal 6.2.5 - Insecure Permissions	WebApps	Java
2023-04-05	Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	zstore 6.6.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	projectSend r1605 - Remote Code Exectution RCE	WebApps	PHP
2023-04-05	Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-05	PhotoShow 3.0 - Remote Code Execution	WebApps	PHP
2023-04-03	Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection	WebApps	PHP
2023-04-03	GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)	WebApps	PHP
2023-04-03	GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)	WebApps	PHP
2023-04-03	GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin	WebApps	PHP
2023-04-03	GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion	WebApps	PHP
2023-04-03	GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin	WebApps	PHP
2023-04-03	Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload	WebApps	Python
2023-04-03	Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)	WebApps	Python
2023-04-03	Roxy WI v6.1.0.0 - Improper Authentication Control	WebApps	Python
2023-04-03	WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE	WebApps	PHP
2023-04-03	ManageEngin AMP 4.3.0 - File-path-traversal	WebApps	Multiple
2023-04-03	Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-03	ERPGo SaaS 3.9 - CSV Injection	WebApps	PHP
2023-04-03	AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)	WebApps	PHP
2023-04-03	SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-03	Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated	WebApps	PHP
2023-04-03	Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated	WebApps	PHP
2023-04-03	Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-04-03	SLIMSV 9.5.2 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	Nacos 2.0.3 - Access Control vulnerability	WebApps	Java
2023-04-03	Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	ChiKoi v1.0 - SQL Injection	WebApps	PHP
2023-04-03	pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute	WebApps	PHP
2023-04-01	ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)	WebApps	ASPX
2023-04-01	Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)	WebApps	PHP
2023-04-01	Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)	WebApps	Linux
2023-04-01	Apache 2.4.x - Buffer Overflow	WebApps	Multiple
2023-04-01	Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)	WebApps	Windows
2023-04-01	SugarCRM 12.2.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-01	perfSONAR v4.4.5 - Partial Blind CSRF	WebApps	Multiple
2023-04-01	Prizm Content Connect v10.5.1030.8315 - XXE	WebApps	PHP
2023-04-01	XCMS v1.83 - Remote Command Execution (RCE)	WebApps	PHP
2023-04-01	GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)	WebApps	Ruby
2023-04-01	GeoVision Camera GV-ADR2701 - Authentication Bypass	WebApps	Hardware
2023-03-31	Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-31	Bangresto 1.0 - SQL Injection	WebApps	PHP
2023-03-31	Cacti v1.2.22 - Remote Command Execution (RCE)	WebApps	PHP
2023-03-31	Judging Management System v1.0 - Authentication Bypass	WebApps	PHP
2023-03-31	Judging Management System v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-31	rconfig 3.9.7 - Sql Injection (Authenticated)	WebApps	PHP
2023-03-31	Spitfire CMS 1.0.475 - PHP Object Injection	WebApps	PHP
2023-03-31	Senayan Library Management System v9.0.0 - SQL Injection	WebApps	PHP
2023-03-31	Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-31	WooCommerce v7.1.0 - Remote Code Execution(RCE)	WebApps	PHP
2023-03-31	EQ Enterprise management system v2.2.0 - SQL Injection	WebApps	ASP
2023-03-30	Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	WPForms 1.7.8 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-03-30	LISTSERV 17 - Insecure Direct Object Reference (IDOR)	WebApps	CGI
2023-03-30	LISTSERV 17 - Reflected Cross Site Scripting (XSS)	WebApps	CGI
2023-03-30	4images 1.9 - Remote Command Execution (RCE)	WebApps	PHP
2023-03-30	Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-30	Concrete5 CME v9.1.3 - Xpath injection	WebApps	PHP
2023-03-30	Virtual Reception v1.0 - Web Server Directory Traversal	WebApps	Multiple
2023-03-30	Covenant v0.5 - Remote Code Execution (RCE)	WebApps	Multiple
2023-03-30	Ecommerse v1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Boa Web Server v0.94.14 - Authentication Bypass	WebApps	Linux
2023-03-30	myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	ClicShopping v3.402 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Dreamer CMS v4.0.0 - SQL Injection	WebApps	Multiple
2023-03-29	Revenue Collection System v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-29	Helmet Store Showroom v1.0 - SQL Injection	WebApps	PHP
2023-03-29	Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)	WebApps	Hardware
2023-03-29	Human Resource Management System 1.0 - SQL Injection (unauthenticated)	WebApps	PHP
2023-03-29	Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-29	WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-28	rukovoditel 3.2.1 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	Senayan Library Management System v9.5.0 - SQL Injection	WebApps	PHP
2023-03-28	iBooking v1.0.8 - Arbitrary File Upload	WebApps	PHP
2023-03-28	ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)	WebApps	ASPX
2023-03-28	Social-Share-Buttons v2.2.3 - SQL Injection	WebApps	PHP
2023-03-28	Moodle LMS 4.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	OPSWAT Metadefender Core - Privilege Escalation	WebApps	Multiple
2023-03-28	ZKTeco ZEM/ZMM 8.88 - Missing Authentication	WebApps	JSP
2023-03-28	Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)	WebApps	Python
2023-03-28	BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-28	Jetpack 11.4 - Cross Site Scripting (XSS)	WebApps	PHP
2023-03-28	Online shopping system advanced 1.0 - Multiple Vulnerabilities	WebApps	PHP
2023-03-28	YouPHPTube<= 7.8 - Multiple Vulnerabilities	WebApps	PHP
2023-03-28	Pega Platform 8.1.0 - Remote Code Execution (RCE)	WebApps	Multiple
2023-03-28	Beauty-salon v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	FortiOS, FortiProxy, FortiSwitchManager v7.2.1 - Authentication Bypass	WebApps	Multiple
2023-03-27	WebTareas 2.4 - RCE (Authorized)	WebApps	PHP
2023-03-27	WebTareas 2.4 - Reflected XSS (Unauthorised)	WebApps	PHP
2023-03-27	WebTareas 2.4 - SQL Injection (Unauthorised)	WebApps	PHP
2023-03-27	Atom CMS v2.0 - SQL Injection (no auth)	WebApps	PHP
2023-03-27	Aero CMS v0.0.1 - PHP Code Injection (auth)	WebApps	PHP
2023-03-27	Aero CMS v0.0.1 - SQL Injection (no auth)	WebApps	PHP
2023-03-27	Desktop Central 9.1.0 - Multiple Vulnerabilities	WebApps	JSP
2023-03-27	WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities	WebApps	PHP
2023-03-27	Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)	WebApps	PHP
2023-03-27	Grafana <=6.2.4 - HTML Injection	WebApps	TypeScript
2023-03-27	Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass	WebApps	PHP
2023-03-27	Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-27	Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-27	eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	Canteen-Management v1.0 - SQL Injection	WebApps	PHP
2023-03-27	Canteen-Management v1.0 - XSS-Reflected	WebApps	PHP
2023-03-25	PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS	WebApps	PHP
2023-03-25	Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	Abantecart v1.3.2 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	ImpressCMS v1.4.3 - Authenticated SQL Injection	WebApps	PHP
2023-03-25	Password Manager for IIS v2.0 - XSS	WebApps	ASP
2023-03-25	Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-25	GuppY CMS v6.00.10 - Remote Code Execution	WebApps	PHP
2023-03-25	Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal	WebApps	PHP
2023-03-25	Employee Performance Evaluation System v1.0 - File Inclusion and RCE	WebApps	PHP
2023-03-25	Yoga Class Registration System v1.0 - Multiple SQLi	WebApps	PHP
2023-03-25	Human Resources Management System v1.0 - Multiple SQLi	WebApps	PHP
2023-03-25	Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2023-03-25	Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection	WebApps	PHP
2023-03-25	NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi	WebApps	PHP
2023-03-25	"camp" Raspberry Pi camera server 1.0 - Authentication Bypass	WebApps	Python
2023-03-23	Bitbucket v7.0.0 - RCE	WebApps	Python
2023-03-23	wkhtmltopdf 0.12.6 - Server Side Request Forgery	WebApps	ASP
2023-03-23	WorkOrder CMS 0.1.0 - SQL Injection	WebApps	PHP
2023-03-23	MAN-EAM-0003 V3.2.4 - XXE	WebApps	XML
2023-03-23	Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities	WebApps	iOS
2023-03-22	Linksys AX3200 V1.1.00 - Command Injection	WebApps	Hardware
2023-03-22	VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities	WebApps	PHP
2023-02-20	pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)	WebApps	PHP