|
2021-02-09
|
|
Adobe Connect 10 - Username Disclosure
|
1 |
WEB
|
h4shur
|
|
2021-02-09
|
|
Online Car Rental System 1.0 - Stored Cross Site Scripting
|
1 |
WEB
|
Naved Shaikh
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
|
2 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
|
2 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
|
2 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
|
1 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
|
1 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
|
2 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
|
1 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
|
1 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
|
1 |
WEB
|
numan türle
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
|
1 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
|
2 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
|
1 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Jenzabar 9.2.2 - 'query' Reflected XSS.
|
1 |
WEB
|
y0ung_dst
|
|
2021-02-08
|
|
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
|
0 |
WEB
|
LiquidWorm
|
|
2021-02-05
|
|
SEO Panel 4.6.0 - Remote Code Execution (2)
|
1 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
PhreeBooks 5.2.3 ERP - Remote Code Execution (2)
|
2 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
|
1 |
WEB
|
SunCSR
|
|
2021-02-03
|
|
Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
|
1 |
WEB
|
Jannick Tiger
|
|
2021-02-03
|
|
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
|
1 |
WEB
|
Noth
|
|
2021-02-02
|
|
Student Record System 4.0 - 'cid' SQL Injection
|
1 |
WEB
|
Jannick Tiger
|
|
2021-02-01
|
|
WordPress 5.0.0 - Image Remote Code Execution
|
2 |
WEB
|
OUSSAMA RAHALI
|
|
2021-02-01
|
|
Klog Server 2.4.1 - Command Injection (Authenticated)
|
1 |
WEB
|
Metin Yunus Kandemir
|
|
2021-02-01
|
|
Roundcube Webmail 1.2 - File Disclosure
|
2 |
WEB
|
stonepresto
|
|
2021-02-01
|
|
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
|
2 |
WEB
|
Anmol K Sachan
|
|
2021-02-01
|
|
H8 SSRMS - 'id' IDOR
|
1 |
WEB
|
Mohammed Farhan
|
|
2021-02-01
|
|
bloofoxCMS 0.5.2.1 - CSRF (Add user)
|
1 |
WEB
|
LiPeiYi
|
|
2021-02-01
|
|
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
|
1 |
WEB
|
0xB9
|
|
2021-02-01
|
|
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
|
1 |
WEB
|
0xB9
|
|
2021-02-01
|
|
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
|
1 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
User Management System 1.0 - 'uid' SQL Injection
|
1 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
Zoo Management System 1.0 - 'anid' SQL Injection
|
1 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
|
1 |
WEB
|
0xB9
|
|
2021-01-29
|
|
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)
|
1 |
WEB
|
Darren Martyn
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
|
1 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
|
1 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
|
1 |
WEB
|
0xB9
|
|
2021-01-29
|
|
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
|
1 |
WEB
|
Lyghtnox
|
|
2021-01-29
|
|
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
|
1 |
WEB
|
mari0x00
|
|
2021-01-29
|
|
Online Grading System 1.0 - 'uname' SQL Injection
|
2 |
WEB
|
Ruchi Tiwari
|
|
2021-01-29
|
|
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
|
2 |
WEB
|
LiPeiYi
|
|
2021-01-28
|
|
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
|
1 |
WEB
|
ABDO10
|
|
2021-01-28
|
|
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
|
1 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
Fuel CMS 1.4.1 - Remote Code Execution (2)
|
1 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
|
1 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
|
0 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
|
0 |
WEB
|
Mahendra Purbia
|
|
2021-01-27
|
|
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
|
0 |
WEB
|
SunCSR
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
|
0 |
WEB
|
LiquidWorm
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-26
|
|
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
|
1 |
WEB
|
CHackA0101
|
|
2021-01-26
|
|
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
|
1 |
WEB
|
Chiragh Arora
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
|
1 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
|
1 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
|
2 |
WEB
|
Marco Catalano
|
|
2021-01-25
|
|
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
|
1 |
WEB
|
Metin Yunus Kandemir
|
|
2021-01-25
|
|
Library System 1.0 - 'category' SQL Injection
|
1 |
WEB
|
Aitor Herrero
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
|
2 |
WEB
|
Richard Jones
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
|
1 |
WEB
|
Anita Gaud
|
|
2021-01-25
|
|
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
|
2 |
WEB
|
Deha Berkin Bir
|
|
2021-01-25
|
|
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
|
1 |
WEB
|
0xB9
|
|
2021-01-22
|
|
Atlassian Confluence Widget Connector Macro - SSTI
|
0 |
WEB
|
46o60
|
|
2021-01-22
|
|
ERPNext 12.14.0 - SQL Injection (Authenticated)
|
1 |
WEB
|
Hodorsec
|
|
2021-01-22
|
|
CASAP Automated Enrollment System 1.0 - Authentication Bypass
|
1 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Library System 1.0 - Authentication Bypass
|
1 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
|
0 |
WEB
|
Photubias
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
|
0 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
|
2 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
|
1 |
WEB
|
LiquidWorm
|
|
2021-01-21
|
|
Anchor CMS 0.12.7 - CSRF (Delete user)
|
1 |
WEB
|
Ninad Mishra
|
|
2021-01-21
|
|
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
|
3 |
WEB
|
SunCSR Team
|
|
2021-01-21
|
|
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
|
1 |
WEB
|
Matthew Aberegg
|
|
2021-01-21
|
|
Apartment Visitors Management System 1.0 - 'email' SQL Injection
|
1 |
WEB
|
CANKAT ÇAKMAK
|
|
2021-01-21
|
|
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
|
0 |
WEB
|
CANKAT ÇAKMAK
|
|
2021-01-20
|
|
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
|
0 |
WEB
|
Richard Jones
|
|
2021-01-20
|
|
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
|
0 |
WEB
|
omurugur
|
|
2021-01-20
|
|
ChurchRota 2.6.4 - RCE (Authenticated)
|
0 |
WEB
|
Rob McCarthy
|
|
2021-01-19
|
|
osTicket 1.14.2 - SSRF
|
0 |
WEB
|
Talat Mehmood
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
|
0 |
WEB
|
Aitor Herrero
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - 'client_id' SQL Injection
|
0 |
WEB
|
Aitor Herrero
|
|
2021-01-18
|
|
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
|
0 |
WEB
|
Karan Keswani
|
|
2021-01-18
|
|
Cisco UCS Manager 2.2(1d) - Remote Command Execution
|
0 |
WEB
|
liquidsky
|
|
2021-01-15
|
|
Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)
|
0 |
WEB
|
AkkuS
|
|
2021-01-15
|
|
E-Learning System 1.0 - Authentication Bypass
|
0 |
WEB
|
Himanshu Shukla
|
|
2021-01-15
|
|
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
|
0 |
WEB
|
Siva Rajendran
|
|
2021-01-15
|
|
EyesOfNetwork 5.3 - File Upload Remote Code Execution
|
0 |
WEB
|
Audencia Business SCHOOL Red Team
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
|
0 |
WEB
|
Mesut Cetin
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
|
0 |
WEB
|
Mesut Cetin
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
|
0 |
WEB
|
Mesut Cetin
|
|
2021-01-15
|
|
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
|
0 |
WEB
|
Mesut Cetin
|
|
2021-01-15
|
|
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Rahul Ramakant Singh
|
|
2021-01-15
|
|
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
|
1 |
WEB
|
Mohamed Oosman
|
|
2021-01-14
|
|
Laravel 8.4.2 debug mode - Remote code execution
|
1 |
WEB
|
SunCSR Team
|
|
2021-01-14
|
|
Online Shopping Cart System 1.0 - 'id' SQL Injection
|
3 |
WEB
|
Aydın Baran Ertemir
|
|
2021-01-14
|
|
Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)
|
1 |
WEB
|
Haboob Team
|
|
2021-01-14
|
|
Online Movie Streaming 1.0 - Admin Authentication Bypass
|
1 |
WEB
|
Richard Jones
|
|
2021-01-13
|
|
Online Hotel Reservation System 1.0 - Admin Authentication Bypass
|
2 |
WEB
|
Richard Jones
|
|
2021-01-12
|
|
SmartAgent 3.1.0 - Privilege Escalation
|
2 |
WEB
|
Orion Hridoy
|
|
2021-01-12
|
|
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
|
2 |
WEB
|
Mesut Cetin
|
|
2021-01-12
|
|
Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)
|
2 |
WEB
|
Enesdex
|
|
2021-01-11
|
|
Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
|
1 |
WEB
|
Jaimin Gondaliya
|
|
2021-01-11
|
|
OpenCart 3.0.36 - ATO via Cross Site Request Forgery
|
1 |
WEB
|
Mahendra Purbia
|
|
2021-01-11
|
|
WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Swapnil Subhash Bodekar
|
|
2021-01-11
|
|
Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting
|
2 |
WEB
|
Mesut Cetin
|
|
2021-01-11
|
|
EyesOfNetwork 5.3 - LFI
|
2 |
WEB
|
Audencia Business SCHOOL Red Team
|
|
2021-01-11
|
|
Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting
|
2 |
WEB
|
Ramazan Mert GÖKTEN
|
|
2021-01-11
|
|
EyesOfNetwork 5.3 - RCE & PrivEsc
|
1 |
WEB
|
Audencia Business SCHOOL Red Team
|
|
2021-01-08
|
|
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
|
0 |
WEB
|
SunCSR Team
|
|
2021-01-08
|
|
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
|
1 |
WEB
|
SunCSR Team
|
|
2021-01-08
|
|
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
|
1 |
WEB
|
SunCSR Team
|
|
2021-01-08
|
|
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
|
0 |
WEB
|
Metin Yunus Kandemir
|
|
2021-01-08
|
|
Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS
|
0 |
WEB
|
Mohamed habib Smidi
|
|
2021-01-08
|
|
Life Insurance Management System 1.0 - Multiple Stored XSS
|
1 |
WEB
|
Arnav Tripathy
|
|
2021-01-07
|
|
CRUD Operation 1.0 - Multiple Stored XSS
|
1 |
WEB
|
Arnav Tripathy
|
|
2021-01-07
|
|
ECSIMAGING PACS 6.21.5 - SQL injection
|
0 |
WEB
|
shoxxdj
|
|
2021-01-07
|
|
Curfew e-Pass Management System 1.0 - Stored XSS
|
1 |
WEB
|
Arnav Tripathy
|
|
2021-01-07
|
|
Cockpit CMS 0.6.1 - Remote Code Execution
|
1 |
WEB
|
Rafael Resende
|
|
2021-01-07
|
|
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
|
2 |
WEB
|
Saeed Bala Ahmed
|
|
2021-01-07
|
|
ECSIMAGING PACS 6.21.5 - Remote code execution
|
2 |
WEB
|
shoxxdj
|
