|
2022-03-30
|
|
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
|
26 |
WEB
|
Milad karimi
|
|
2022-03-30
|
|
Atom CMS 2.0 - Remote Code Execution (RCE)
|
29 |
WEB
|
Ashish Koli
|
|
2022-03-30
|
|
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
|
25 |
WEB
|
Egidio Romano
|
|
2022-03-23
|
|
WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
|
25 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-22
|
|
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover
|
25 |
WEB
|
Devansh Bordia
|
|
2022-03-21
|
|
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
|
23 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-03-16
|
|
Tiny File Manager 2.4.6 - Remote Code Execution (RCE)
|
29 |
WEB
|
FEBIN MON SAJI
|
|
2022-03-16
|
|
Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)
|
32 |
WEB
|
Ashish Koli
|
|
2022-03-16
|
|
Moodle 3.11.5 - SQLi (Authenticated)
|
24 |
WEB
|
Chris Anastasio
|
|
2022-03-14
|
|
Baixar GLPI Project 9.4.6 - SQLi
|
26 |
WEB
|
Prof. Joas Antonio
|
|
2022-03-10
|
|
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
Hussien Misbah
|
|
2022-03-09
|
|
Webmin 1.984 - Remote Code Execution (Authenticated)
|
28 |
WEB
|
faisalfs10x
|
|
2022-03-07
|
|
Hasura GraphQL 2.2.0 - Information Disclosure
|
26 |
WEB
|
Dolev Farhi
|
|
2022-03-07
|
|
Attendance and Payroll System v1.0 - SQLi Authentication Bypass
|
26 |
WEB
|
pr0z
|
|
2022-03-07
|
|
Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
|
30 |
WEB
|
pr0z
|
|
2022-03-07
|
|
part-db 0.5.11 - Remote Code Execution (RCE)
|
30 |
WEB
|
Chetanya Sharma
|
|
2022-03-07
|
|
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
|
31 |
WEB
|
Carlos E. Vieira
|
|
2022-03-02
|
|
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
|
27 |
WEB
|
Momen Eldawakhly
|
|
2022-03-02
|
|
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
|
27 |
WEB
|
Rik Lutz
|
|
2022-03-02
|
|
Xerte 3.10.3 - Directory Traversal (Authenticated)
|
29 |
WEB
|
Rik Lutz
|
|
2022-02-28
|
|
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
|
26 |
WEB
|
Mayank Deshmukh
|
|
2022-02-28
|
|
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
27 |
WEB
|
Ghuliev
|
|
2022-02-23
|
|
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
|
30 |
WEB
|
Talha Karakumru
|
|
2022-02-23
|
|
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
|
25 |
WEB
|
Antonio Cuomo
|
|
2022-02-23
|
|
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
|
30 |
WEB
|
Antonio Cuomo
|
|
2022-02-23
|
|
Student Record System 1.0 - 'cid' SQLi (Authenticated)
|
27 |
WEB
|
Mohd. Anees
|
|
2022-02-23
|
|
aaPanel 6.8.21 - Directory Traversal (Authenticated)
|
24 |
WEB
|
Ghuliev
|
|
2022-02-23
|
|
Air Cargo Management System v1.0 - SQLi
|
29 |
WEB
|
nu11secur1ty
|
|
2022-02-23
|
|
Simple Real Estate Portal System 1.0 - 'id' SQLi
|
25 |
WEB
|
Mosaaed
|
|
2022-02-21
|
|
Dbltek GoIP - Local File Inclusion
|
25 |
WEB
|
Valtteri Lehtinen
|
|
2022-02-21
|
|
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
|
22 |
WEB
|
Masashi Fujiwara
|
|
2022-02-21
|
|
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
|
24 |
WEB
|
Ron Jost
|
|
2022-02-21
|
|
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
|
33 |
WEB
|
Daniel Morales
|
|
2022-02-21
|
|
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
|
32 |
WEB
|
Daniel Morales
|
|
2022-02-21
|
|
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
|
36 |
WEB
|
Alperen Ergel
|
|
2022-02-21
|
|
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
|
38 |
WEB
|
Chetanya Sharma
|
|
2022-02-21
|
|
Cab Management System 1.0 - 'id' SQLi (Authenticated)
|
27 |
WEB
|
Alperen Ergel
|
|
2022-02-21
|
|
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
|
29 |
WEB
|
Ron Jost
|
|
2022-02-18
|
|
Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)
|
21 |
WEB
|
Braiant Giraldo Villa
|
|
2022-02-18
|
|
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
|
29 |
WEB
|
0z09e
|
|
2022-02-18
|
|
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
|
38 |
WEB
|
Overthinker1877
|
|
2022-02-18
|
|
WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
|
29 |
WEB
|
numan türle
|
|
2022-02-16
|
|
WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)
|
39 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-02-16
|
|
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
|
24 |
WEB
|
Luis Martínez
|
|
2022-02-16
|
|
ServiceNow - Username Enumeration
|
27 |
WEB
|
Victor Hanna
|
|
2022-02-16
|
|
Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
|
29 |
WEB
|
Saud Alenazi
|
|
2022-02-16
|
|
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
|
27 |
WEB
|
Saud Alenazi
|
|
2022-02-11
|
|
Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
|
26 |
WEB
|
Luis Martínez
|
|
2022-02-11
|
|
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
|
25 |
WEB
|
Aryan Chehreghani
|
|
2022-02-11
|
|
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
|
34 |
WEB
|
Alperen Ergel
|
|
2022-02-10
|
|
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
|
27 |
WEB
|
Milad karimi
|
|
2022-02-10
|
|
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
|
28 |
WEB
|
Milad karimi
|
|
2022-02-10
|
|
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthent
|
28 |
WEB
|
Ron Jost
|
|
2022-02-10
|
|
Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection
|
31 |
WEB
|
Saud Alenazi
|
|
2022-02-10
|
|
Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
|
33 |
WEB
|
Saud Alenazi
|
|
2022-02-10
|
|
Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)
|
33 |
WEB
|
Saud Alenazi
|
|
2022-02-10
|
|
Hospital Management Startup 1.0 - 'Multiple' SQLi
|
21 |
WEB
|
nu11secur1ty
|
|
2022-02-09
|
|
AtomCMS v2.0 - SQLi
|
21 |
WEB
|
Luca Cuzzolin
|
|
2022-02-09
|
|
Exam Reviewer Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
|
21 |
WEB
|
Juli Agarwal
|
|
2022-02-09
|
|
Exam Reviewer Management System 1.0 - ‘id’ SQL Injection
|
33 |
WEB
|
Juli Agarwal
|
|
2022-02-08
|
|
WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
|
29 |
WEB
|
Shweta Mahajan
|
|
2022-02-08
|
|
WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
|
29 |
WEB
|
Shweta Mahajan
|
|
2022-02-08
|
|
Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion
|
25 |
WEB
|
Ven3xy
|
|
2022-02-08
|
|
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS)
|
25 |
WEB
|
Milad karimi
|
|
2022-02-08
|
|
Hospital Management System 4.0 - 'multiple' SQL Injection
|
21 |
WEB
|
nu11secur1ty
|
|
2022-02-08
|
|
FileBrowser 2.17.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)
|
32 |
WEB
|
FEBIN MON SAJI
|
|
2022-02-08
|
|
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit)
|
30 |
WEB
|
WackyH4cker
|
|
2022-02-08
|
|
Hotel Reservation System 1.0 - SQLi (Unauthenticated)
|
27 |
WEB
|
Nefrit ID
|
|
2022-02-04
|
|
Servisnet Tessa - Add sysAdmin User (Unauthenticated) (Metasploit)
|
24 |
WEB
|
AkkuS
|
|
2022-02-04
|
|
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)
|
25 |
WEB
|
AkkuS
|
|
2022-02-04
|
|
Servisnet Tessa - Privilege Escalation (Metasploit)
|
24 |
WEB
|
AkkuS
|
|
2022-02-04
|
|
WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticat
|
35 |
WEB
|
Ahmet Serkan Ari
|
|
2022-02-04
|
|
WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
|
23 |
WEB
|
Antonio Cuomo
|
|
2022-02-02
|
|
WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming
|
31 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-02-02
|
|
WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting (XSS)
|
27 |
WEB
|
0xB9
|
|
2022-02-02
|
|
WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
|
22 |
WEB
|
0xB9
|
|
2022-02-02
|
|
WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control
|
28 |
WEB
|
0xB9
|
|
2022-02-02
|
|
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
|
36 |
WEB
|
souzo
|
|
2022-02-02
|
|
Huawei DG8045 Router 1.0 - Credential Disclosure
|
32 |
WEB
|
Abdalrahman Gamal
|
|
2022-02-02
|
|
Moodle 3.11.4 - SQL Injection
|
26 |
WEB
|
lavclash75
|
|
2022-02-02
|
|
PHP Restaurants 1.0 - SQLi (Unauthenticated)
|
24 |
WEB
|
Nefrit ID
|
|
2022-02-02
|
|
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
|
33 |
WEB
|
Ron Jost
|
|
2022-02-02
|
|
WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
|
26 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-02-02
|
|
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
|
22 |
WEB
|
Ron Jost
|
|
2022-02-02
|
|
Chamilo LMS 1.11.14 - Account Takeover
|
28 |
WEB
|
sirpedrotavares
|
|
2022-02-02
|
|
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
|
25 |
WEB
|
Vulnerability-Lab
|
|
2022-02-02
|
|
Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
|
22 |
WEB
|
Vulnerability-Lab
|
|
2022-01-27
|
|
WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
|
29 |
WEB
|
Ron Jost
|
|
2022-01-27
|
|
WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)
|
27 |
WEB
|
Ron Jost
|
|
2022-01-27
|
|
WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
29 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-01-25
|
|
PHPIPAM 1.4.4 - SQLi (Authenticated)
|
33 |
WEB
|
Rodolfo Tavares
|
|
2022-01-25
|
|
Online Project Time Management System 1.0 - Multiple Stored Cross Site Scripting (XSS) (Authenticate
|
25 |
WEB
|
Felipe Alcantara
|
|
2022-01-25
|
|
Online Project Time Management System 1.0 - SQLi (Authenticated)
|
25 |
WEB
|
Felipe Alcantara
|
|
2022-01-24
|
|
Landa Driving School Management System 2.0.1 - Arbitrary File Upload
|
28 |
WEB
|
Sohel Yousef
|
|
2022-01-19
|
|
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
|
27 |
WEB
|
Vulnerability-Lab
|
|
2022-01-19
|
|
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
|
25 |
WEB
|
Vulnerability-Lab
|
|
2022-01-19
|
|
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
|
25 |
WEB
|
Vulnerability-Lab
|
|
2022-01-18
|
|
Creston Web Interface 1.0.0.2159 - Credential Disclosure
|
24 |
WEB
|
RedTeam Pentesting GmbH
|
|
2022-01-18
|
|
Nyron 1.0 - SQLi (Unauthenticated)
|
27 |
WEB
|
Miguel Santareno
|
|
2022-01-18
|
|
Simple Chatbot Application 1.0 - 'message' Blind SQLi
|
27 |
WEB
|
Saud Alenazi
|
|
2022-01-18
|
|
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
|
34 |
WEB
|
Saud Alenazi
|
|
2022-01-18
|
|
OpenBMCS 2.4 - Information Disclosure
|
26 |
WEB
|
LiquidWorm
|
|
2022-01-18
|
|
OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)
|
34 |
WEB
|
LiquidWorm
|
|
2022-01-18
|
|
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
|
24 |
WEB
|
LiquidWorm
|
|
2022-01-18
|
|
OpenBMCS 2.4 - SQLi (Authenticated)
|
35 |
WEB
|
LiquidWorm
|
|
2022-01-18
|
|
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
|
27 |
WEB
|
LiquidWorm
|
|
2022-01-18
|
|
Online Resort Management System 1.0 - SQLi (Authenticated)
|
26 |
WEB
|
Gaurav Grover
|
|
2022-01-13
|
|
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
|
36 |
WEB
|
Aryan Chehreghani
|
|
2022-01-13
|
|
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
|
25 |
WEB
|
Himash
|
|
2022-01-13
|
|
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)
|
25 |
WEB
|
Himash
|
|
2022-01-13
|
|
Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)
|
24 |
WEB
|
Himash
|
|
2022-01-13
|
|
SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)
|
31 |
WEB
|
Betul Denizler
|
|
2022-01-13
|
|
Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS)
|
29 |
WEB
|
Sant268
|
|
2022-01-13
|
|
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
|
31 |
WEB
|
Sant268
|
|
2022-01-13
|
|
Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS)
|
28 |
WEB
|
Sant268
|
|
2022-01-12
|
|
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
|
21 |
WEB
|
Veshraj Ghimire
|
|
2022-01-10
|
|
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
|
22 |
WEB
|
Dominic Clark
|
|
2022-01-10
|
|
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticate
|
28 |
WEB
|
Zachary Asher
|
|
2022-01-10
|
|
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
|
25 |
WEB
|
Zachary Asher
|
|
2022-01-10
|
|
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
36 |
WEB
|
Zachary Asher
|
|
2022-01-10
|
|
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
|
25 |
WEB
|
twseptian
|
|
2022-01-10
|
|
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
|
26 |
WEB
|
Oscar Sandén
|
|
2022-01-07
|
|
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
|
30 |
WEB
|
twseptian
|
|
2022-01-05
|
|
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
|
24 |
WEB
|
Andrea Bocchetti
|
|
2022-01-05
|
|
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
|
22 |
WEB
|
Oscar Gil Gutierrez
|
