Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2023-04-05   Froxlor 2.0.3 Stable - Remote Code Execution (RCE) 5 WEB Askar
2023-04-05   CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) 6 WEB Manish Pathak
2023-04-05   Answerdev 1.0.3 - Account Takeover 12 WEB Eduardo Pérez-Malumbres Cervera
2023-04-05   ERPNext 12.29 - Cross-Site Scripting (XSS) 4 WEB Patrick Dean Ramos / Nathu Nandwani / Junnair Manl
2023-04-05   BTCPay Server v1.7.4 - HTML Injection 4 WEB Manojkumar J
2023-04-05   itech TrainSmart r1044 - SQL injection 4 WEB Adrian Bondocea
2023-04-05   Responsive FileManager 9.9.5 - Remote Code Execution (RCE) 4 WEB Galoget Latorre
2023-04-05   Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) 3 WEB Mayank Deshmukh
2023-04-05   Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) 3 WEB Muhammad Navaid Zafar Ansari
2023-04-05   bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) 2 WEB nu11secur1ty
2023-04-05   Liferay Portal 6.2.5 - Insecure Permissions 2 WEB Fu2x2000
2023-04-05   Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) 3 WEB Matteo Conti
2023-04-05   Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting 2 WEB Mostafa Farzaneh
2023-04-05   zstore 6.6.0 - Cross-Site Scripting (XSS) 2 WEB nu11secur1ty
2023-04-05   projectSend r1605 - Remote Code Exectution RCE 2 WEB Mirabbas Ağalarov
2023-04-05   Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) 2 WEB RedTeam Pentesting GmbH
2023-04-05   PhotoShow 3.0 - Remote Code Execution 2 WEB LSCP Responsible Disclosure Lab
2023-04-03   Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection 2 WEB r3nt0n
2023-04-03   GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE) 2 WEB Nuri Çilengir
2023-04-03   GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) 2 WEB Nuri Çilengir
2023-04-03   GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin 2 WEB Nuri Çilengir
2023-04-03   GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion 2 WEB Nuri Çilengir
2023-04-03   GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin 3 WEB Nuri Çilengir
2023-04-03   Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload 3 WEB Nuri Çilengir
2023-04-03   Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) 4 WEB Nuri Çilengir
2023-04-03   Roxy WI v6.1.0.0 - Improper Authentication Control 5 WEB Nuri Çilengir
2023-04-03   WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE 5 WEB BLY
2023-04-03   ManageEngin AMP 4.3.0 - File-path-traversal 4 WEB nu11secur1ty
2023-04-03   Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS) 2 WEB Sajibe Kanti
2023-04-03   ERPGo SaaS 3.9 - CSV Injection 4 WEB Sajibe Kanti
2023-04-03   AmazCart CMS 3.4 - Cross-Site-Scripting (XSS) 3 WEB Sajibe Kanti
2023-04-03   SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) 5 WEB geeklinuxman
2023-04-03   Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated 2 WEB Rahul Patwari
2023-04-03   Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated 2 WEB Rahul Patwari
2023-04-03   Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS) 4 WEB Rahul Patwari
2023-04-03   MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated) 5 WEB lUc1f3r11
2023-04-03   SLIMSV 9.5.2 - Cross-Site Scripting (XSS) 6 WEB nu11secur1ty
2023-04-03   Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) 11 WEB nu11secur1ty
2023-04-03   Nacos 2.0.3 - Access Control vulnerability 4 WEB Jenson Zhao
2023-04-03   Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS) 3 WEB Mohammed Chemouri
2023-04-03   ChiKoi v1.0 - SQL Injection 3 WEB nu11secur1ty
2023-04-03   pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute 4 WEB nu11secur1ty
2023-04-01   ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS) 2 WEB Rob_ CTRL Group
2023-04-01   Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) 5 WEB SITE Team
2023-04-01   PMB 7.4.6 - SQL Injection 5 WEB str0xo DZ
2023-04-01   Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE) 5 WEB numan türle
2023-04-01   Apache 2.4.x - Buffer Overflow 5 WEB Sunil Iyengar
2023-04-01   Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS) 4 WEB Mohammed A.Siledar
2023-04-01   SugarCRM 12.2.0 - Remote Code Execution (RCE) 5 WEB sw33t.0day
2023-04-01   perfSONAR v4.4.5 - Partial Blind CSRF 4 WEB Ryan Moore
2023-04-01   Prizm Content Connect v10.5.1030.8315 - XXE 3 WEB xhzeem
2023-04-01   XCMS v1.83 - Remote Command Execution (RCE) 3 WEB Onurcan
2023-04-01   GitLab v15.3 - Remote Code Execution (RCE) (Authenticated) 4 WEB Antonio Francesco Sardella
2023-04-01   GeoVision Camera GV-ADR2701 - Authentication Bypass 2 WEB Chan Nyein Wai
2023-03-31   Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated) 2 WEB Alperen Ergel
2023-03-31   Bangresto 1.0 - SQL Injection 4 WEB nu11secur1ty
2023-03-31   Cacti v1.2.22 - Remote Command Execution (RCE) 5 WEB Riadh Bouchahoua
2023-03-31   Judging Management System v1.0 - Authentication Bypass 3 WEB Angelo Pio Amirante
2023-03-31   Judging Management System v1.0 - Remote Code Execution (RCE) 2 WEB Angelo Pio Amirante
2023-03-31   rconfig 3.9.7 - Sql Injection (Authenticated) 3 WEB azhen
2023-03-31   Spitfire CMS 1.0.475 - PHP Object Injection 3 WEB LiquidWorm
2023-03-31   Senayan Library Management System v9.0.0 - SQL Injection 4 WEB nu11secur1ty
2023-03-31   Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated) 4 WEB Alperen Ergel
2023-03-31   WooCommerce v7.1.0 - Remote Code Execution(RCE) 4 WEB Milad karimi
2023-03-31   EQ Enterprise management system v2.2.0 - SQL Injection 3 WEB TLF
2023-03-30   Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS) 4 WEB @casp3r0x0 hassan ali al-khafaji
2023-03-30   WPForms 1.7.8 - Cross-Site Scripting (XSS) 11 WEB Milad karimi
2023-03-30   Shoplazza 1.1 - Stored Cross-Site Scripting (XSS) 4 WEB Andrey Stoykov
2023-03-30   LISTSERV 17 - Insecure Direct Object Reference (IDOR) 4 WEB Shaunt Der-Grigorian
2023-03-30   LISTSERV 17 - Reflected Cross Site Scripting (XSS) 6 WEB Shaunt Der-Grigorian
2023-03-30   4images 1.9 - Remote Command Execution (RCE) 1 WEB Andrey Stoykov
2023-03-30   Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE) 1 WEB Eric Flokstra
2023-03-30   Concrete5 CME v9.1.3 - Xpath injection 2 WEB nu11secur1ty
2023-03-30   Virtual Reception v1.0 - Web Server Directory Traversal 3 WEB Spinae
2023-03-30   Covenant v0.5 - Remote Code Execution (RCE) 4 WEB xThaz
2023-03-30   Ecommerse v1.0 - Cross-Site Scripting (XSS) 3 WEB nu11secur1ty
2023-03-30   Boa Web Server v0.94.14 - Authentication Bypass 10 WEB George Tsimpidas
2023-03-30   myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS) 4 WEB Andrey Stoykov
2023-03-30   ClicShopping v3.402 - Cross-Site Scripting (XSS) 3 WEB nu11secur1ty
2023-03-30   Dreamer CMS v4.0.0 - SQL Injection 3 WEB lvren
2023-03-29   Revenue Collection System v1.0 - Remote Code Execution (RCE) 3 WEB Joe Pollock
2023-03-29   Helmet Store Showroom v1.0 - SQL Injection 3 WEB Ameer Hamza
2023-03-29   Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS) 3 WEB Bleron Rrustemi
2023-03-29   Human Resource Management System 1.0 - SQL Injection (unauthenticated) 2 WEB Matthijs van der Vaart (eMVee)
2023-03-29   Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS) 3 WEB Rajeshwar Singh
2023-03-29   WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated) 1 WEB AkuCyberSec
2023-03-28   rukovoditel 3.2.1 - Cross-Site Scripting (XSS) 3 WEB nu11secur1ty
2023-03-28   Senayan Library Management System v9.5.0 - SQL Injection 2 WEB nu11secur1ty
2023-03-28   iBooking v1.0.8 - Arbitrary File Upload 2 WEB d1z1n370/oPty
2023-03-28   ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) 4 WEB Okan Kurtulus
2023-03-28   Social-Share-Buttons v2.2.3 - SQL Injection 4 WEB nu11secur1ty
2023-03-28   Moodle LMS 4.0 - Cross-Site Scripting (XSS) 3 WEB Saud Alenazi
2023-03-28   OPSWAT Metadefender Core - Privilege Escalation 3 WEB Ulascan Yildirim
2023-03-28   ZKTeco ZEM/ZMM 8.88 - Missing Authentication 4 WEB RedTeam Pentesting GmbH
2023-03-28   Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS) 3 WEB Sinem Şahin
2023-03-28   Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF) 3 WEB Ryan Smith
2023-03-28   BoxBilling<=4.22.1.5 - Remote Code Execution (RCE) 2 WEB zetc0de
2023-03-28   Jetpack 11.4 - Cross Site Scripting (XSS) 3 WEB Behrouz Mansoori
2023-03-28   Online shopping system advanced 1.0 - Multiple Vulnerabilities 2 WEB Rafael Pedrero
2023-03-28   YouPHPTube<= 7.8 - Multiple Vulnerabilities 2 WEB Rafael Pedrero
2023-03-28   Pega Platform 8.1.0 - Remote Code Execution (RCE) 3 WEB Marcin Wolak
2023-03-28   Beauty-salon v1.0 - Remote Code Execution (RCE) 3 WEB nu11secur1ty
2023-03-27   FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass 3 WEB Felipe Alcantara
2023-03-27   WebTareas 2.4 - RCE (Authorized) 2 WEB Hubert Wojciechowski
2023-03-27   WebTareas 2.4 - Reflected XSS (Unauthorised) 2 WEB Hubert Wojciechowski
2023-03-27   WebTareas 2.4 - SQL Injection (Unauthorised) 2 WEB Hubert Wojciechowski
2023-03-27   Atom CMS v2.0 - SQL Injection (no auth) 2 WEB Hubert Wojciechowski
2023-03-27   Aero CMS v0.0.1 - PHP Code Injection (auth) 2 WEB Hubert Wojciechowski
2023-03-27   Aero CMS v0.0.1 - SQL Injection (no auth) 2 WEB Hubert Wojciechowski
2023-03-27   Desktop Central 9.1.0 - Multiple Vulnerabilities 4 WEB Rafael Pedrero
2023-03-27   WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities 1 WEB Rafael Pedrero
2023-03-27   Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE) 2 WEB Rafael Pedrero
2023-03-27   Grafana <=6.2.4 - HTML Injection 2 WEB SimranJeet Singh
2023-03-27   Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass 2 WEB Trenches of IT
2023-03-27   Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS) 1 WEB Sinem Şahin
2023-03-27   Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE) 4 WEB mister0xf
2023-03-27   FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS) 3 WEB Sinem Şahin
2023-03-27   eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE) 3 WEB ErPaciocco
2023-03-27   Canteen-Management v1.0 - SQL Injection 3 WEB nu11secur1ty
2023-03-27   Canteen-Management v1.0 - XSS-Reflected 3 WEB nu11secur1ty
2023-03-25   PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS 3 WEB Prasheek Kamble
2023-03-25   Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution 3 WEB Sarang Tumne
2023-03-25   MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution 2 WEB Sarang Tumne
2023-03-25   Abantecart v1.3.2 - Authenticated Remote Code Execution 4 WEB Sarang Tumne
2023-03-25   SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution 4 WEB Sarang Tumne