Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2020-06-15   Netgear R7000 Router - Remote Code Execution 5 WEB grimm-co
2020-06-12   Sysax MultiServer 6.90 - Reflected Cross Site Scripting 4 WEB Luca Epifanio
2020-06-12   Avaya IP Office 11 - Password Disclosure 4 WEB hyp3rlinx
2020-06-12   SmarterMail 16 - Arbitrary File Upload 8 WEB vvhack.org
2020-06-10   Virtual Airlines Manager 2.6.2 - 'id' SQL Injection 3 WEB Mosaaed
2020-06-10   Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection 3 WEB Mehmet Kelepçe
2020-06-10   Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin) 4 WEB Extinction
2020-06-09   Bludit 3.9.12 - Directory Traversal 5 WEB Luis Vacacas
2020-06-09   Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection 6 WEB Kostadin Tonev
2020-06-08   Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection 5 WEB Pankaj Kumar Thakur
2020-06-08   Kyocera Printer d-COPIA253MF - Directory Traversal (PoC) 4 WEB Hakan Eren ŞAN
2020-06-05   Online-Exam-System 2015 - 'feedback' SQL Injection 5 WEB Gus Ralph
2020-06-05   Online Course Registration 1.0 - Authentication Bypass 5 WEB BKpatron
2020-06-04   Cayin Digital Signage System xPost 2.5 - Remote Command Injection 4 WEB LiquidWorm
2020-06-04   Cayin Signage Media Player 3.0 - Remote Command Injection (root) 3 WEB LiquidWorm
2020-06-04   Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read 6 WEB LiquidWorm
2020-06-04   SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User) 4 WEB LiquidWorm
2020-06-04   Cayin Content Management Server 11.0 - Remote Command Injection (root) 3 WEB LiquidWorm
2020-06-04   Online Marriage Registration System 1.0 - Remote Code Execution (1) 3 WEB Enesdex
2020-06-04   D-Link DIR-615 T1 20.10 - CAPTCHA Bypass 3 WEB huzaifa hussain
2020-06-04   Navigate CMS 2.8.7 - Authenticated Directory Traversal 3 WEB Gus Ralph
2020-06-04   VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution 3 WEB Tomas Melicher
2020-06-04   Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) 5 WEB Gus Ralph
2020-06-04   Clinic Management System 1.0 - Authenticated Arbitrary File Upload 3 WEB BKpatron
2020-06-04   Oriol Espinal CMS 1.0 - 'id' SQL Injection 3 WEB TSAR
2020-06-04   Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated) 2 WEB Gus Ralph
2020-06-04   Clinic Management System 1.0 - Unauthenticated Remote Code Execution 3 WEB BKpatron
2020-06-04   Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated) 3 WEB Enesdex
2020-06-04   AirControl 1.4.2 - PreAuth Remote Code Execution 5 WEB 0xd0ff9
2020-06-02   OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) 5 WEB Kailash Bohara
2020-06-02   Clinic Management System 1.0 - Authentication Bypass 4 WEB BKpatron
2020-06-01   QuickBox Pro 2.1.8 - Authenticated Remote Code Execution 5 WEB s1gh
2020-06-01   VMware vCenter Server 6.7 - Authentication Bypass 4 WEB Photubias
2020-06-01   WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation 5 WEB Raphael Karger
2020-05-29   Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass 4 WEB Halis Duraki
2020-05-29   WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) 4 WEB UnD3sc0n0c1d0
2020-05-28   QNAP QTS and Photo Station 6.0.3 - Remote Command Execution 4 WEB Th3GundY
2020-05-28   EyouCMS 1.4.6 - Persistent Cross-Site Scripting 5 WEB China Banking and Insurance Information Technology
2020-05-28   Online-Exam-System 2015 - 'fid' SQL Injection 4 WEB Berk Dusunur
2020-05-28   NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection 4 WEB Berk Dusunur
2020-05-27   OXID eShop 6.3.4 - 'sorting' SQL Injection 5 WEB VulnSpy
2020-05-27   Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting 3 WEB China Banking and Insurance Information Technology
2020-05-27   osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting 4 WEB Matthew Aberegg
2020-05-27   osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting 4 WEB Matthew Aberegg
2020-05-27   LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting 4 WEB Matthew Aberegg
2020-05-27   Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting 3 WEB that faceless coder
2020-05-26   WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution 5 WEB Austin Martin
2020-05-26   Pi-hole 4.4.0 - Remote Code Execution (Authenticated) 4 WEB Photubias
2020-05-26   Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated) 3 WEB Mehmet Kelepçe
2020-05-26   Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated) 4 WEB Kamaljeet Kumar
2020-05-26   OpenEMR 5.0.1 - Remote Code Execution (1) 5 WEB Musyoka Ian
2020-05-25   Online Discussion Forum Site 1.0 - Remote Code Execution 3 WEB Enesdex
2020-05-25   Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting 3 WEB Nitya Nand
2020-05-25   WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) 4 WEB SunCSR
2020-05-22   Gym Management System 1.0 - Unauthenticated Remote Code Execution 6 WEB boku
2020-05-22   Dolibarr 11.0.3 - Persistent Cross-Site Scripting 2 WEB Mehmet Kelepçe
2020-05-21   OpenEDX platform Ironwood 2.5 - Remote Code Execution 4 WEB Daniel Monzón
2020-05-21   PHPFusion 9.03.50 - Persistent Cross-Site Scripting 4 WEB coiffeur
2020-05-21   Composr CMS 10.0.30 - Persistent Cross-Site Scripting 5 WEB Manuel García Cárdenas
2020-05-21   forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email) 5 WEB Daniel Ortiz
2020-05-20   CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution 5 WEB Wade Guest
2020-05-19   Victor CMS 1.0 - Authenticated Arbitrary File Upload 4 WEB Kishan Lal Choudhary
2020-05-19   NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password) 4 WEB JEBARAJ
2020-05-19   Submitty 20.04.01 - Persistent Cross-Site Scripting 4 WEB humblelad
2020-05-19   php-fusion 9.03.50 - 'ctype' SQL Injection 5 WEB SunCSR
2020-05-19   qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting 4 WEB Kishan Lal Choudhary
2020-05-19   Victor CMS 1.0 - 'cat_id' SQL Injection 4 WEB Kishan Lal Choudhary
2020-05-19   Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting 4 WEB Kishan Lal Choudhary
2020-05-18   Online Healthcare management system 1.0 - Authentication Bypass 4 WEB BKpatron
2020-05-18   Online Healthcare Patient Record Management System 1.0 - Authentication Bypass 4 WEB Daniel Monzón
2020-05-18   online Chatting System 1.0 - 'id' SQL Injection 4 WEB BKpatron
2020-05-18   Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload 4 WEB Kishan Lal Choudhary
2020-05-18   forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting 4 WEB Daniel Ortiz
2020-05-18   Oracle Hospitality RES 3700 5.7 - Remote Code Execution 4 WEB Walid Faour
2020-05-18   Online Examination System 1.0 - 'eid' SQL Injection 4 WEB BKpatron
2020-05-18   WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection 4 WEB Nguyen Khang
2020-05-18   Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection 5 WEB jul10l1r4
2020-05-15   ManageEngine Service Desk 10.0 - Cross-Site Scripting 4 WEB Felipe Molina
2020-05-15   vBulletin 5.6.1 - 'nodeId' SQL Injection 4 WEB Photubias
2020-05-14   E-Commerce System 1.0 - Unauthenticated Remote Code Execution 3 WEB SunCSR
2020-05-14   Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution 3 WEB Seecko Das
2020-05-14   Complaint Management System 1.0 - 'username' SQL Injection 3 WEB Daniel Ortiz
2020-05-13   Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting 5 WEB Vulnerability-Lab
2020-05-13   Tryton 5.4 - Persistent Cross-Site Scripting 4 WEB Vulnerability-Lab
2020-05-12   TylerTech Eagle 2018.3.11 - Remote Code Execution 5 WEB Anthony Cole
2020-05-12   qdPM 9.1 - Arbitrary File Upload 3 WEB Besim
2020-05-12   Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting 4 WEB Dylan Garnaud
2020-05-12   CuteNews 2.1.2 - Authenticated Arbitrary File Upload 4 WEB Nhat Ha
2020-05-12   WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection 3 WEB SunCSR
2020-05-12   Orchard Core RC1 - Persistent Cross-Site Scripting 3 WEB SunCSR
2014-12-23   Phase Botnet - Blind SQL Injection 4 WEB MalwareTech
2020-05-11   LibreNMS 1.46 - 'search' SQL Injection 3 WEB Punt
2020-05-11   Complaint Management System 1.0 - Authentication Bypass 5 WEB BKpatron
2020-05-11   Victor CMS 1.0 - 'post' SQL Injection 5 WEB BKpatron
2020-05-11   OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting 3 WEB Vulnerability-Lab
2020-05-11   WordPress Plugin Simple File List 4.2.2 - Remote Code Execution 3 WEB coiffeur
2020-05-11   CuteNews 2.1.2 - Arbitrary File Deletion 6 WEB Besim
2020-05-11   Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting 4 WEB Vulnerability-Lab
2020-05-11   Kartris 1.6 - Arbitrary File Upload 4 WEB Nhat Ha
2020-05-11   Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection 5 WEB Tarun Sehgal
2020-05-10   Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation 4 WEB Nick Frichette
2020-05-10   Pi-hole < 4.4 - Authenticated Remote Code Execution 4 WEB Nick Frichette
2020-05-07   Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection 4 WEB BKpatron
2020-05-07   Pisay Online E-Learning System 1.0 - Remote Code Execution 4 WEB boku
2020-05-07   Online Clothing Store 1.0 - Arbitrary File Upload 4 WEB Sushant Kamble
2020-05-07   School File Management System 1.0 - 'username' SQL Injection 5 WEB Tarun Sehgal
2020-05-07   Draytek VigorAP 1000C - Persistent Cross-Site Scripting 4 WEB Vulnerability-Lab
2020-05-07   Car Park Management System 1.0 - Authentication Bypass 4 WEB Tarun Sehgal
2020-05-06   MPC Sharj 3.11.1 - Arbitrary File Download 4 WEB SajjadBnd
2020-05-06   YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection 5 WEB coiffeur
2020-05-06   GitLab 12.9.0 - Arbitrary File Read 2 WEB KouroshRZ
2020-05-06   webTareas 2.0.p8 - Arbitrary File Deletion 4 WEB Besim
2020-05-06   Online Clothing Store 1.0 - 'username' SQL Injection 3 WEB Sushant Kamble
2020-05-06   Booked Scheduler 2.7.7 - Authenticated Directory Traversal 3 WEB Besim
2020-05-06   i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion 3 WEB Besim
2020-05-06   Online Clothing Store 1.0 - Persistent Cross-Site Scripting 3 WEB Sushant Kamble
2020-05-05   NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration 3 WEB Cold z3ro
2020-05-05   SimplePHPGal 0.7 - Remote File Inclusion 2 WEB h4shur
2020-05-05   PhreeBooks ERP 5.2.5 - Remote Command Execution 2 WEB Besim
2020-05-05   BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection 4 WEB Daniel Martinez Adan
2020-05-05   webERP 4.15.1 - Unauthenticated Backup File Access 4 WEB Besim
2020-05-05   Online Scheduling System 1.0 - 'username' SQL Injection 4 WEB Saurav Shukla
2020-05-05   Fishing Reservation System 7.5 - 'uid' SQL Injection 3 WEB Vulnerability-Lab
2020-05-04   addressbook 9.0.0.1 - 'id' SQL Injection 3 WEB David Velazquez
2020-05-04   osTicket 1.14.1 - Persistent Authenticated Cross-Site Scripting 3 WEB Mehmet Kelepçe