|
2021-03-10
|
|
Atlassian JIRA 8.11.1 - User Enumeration
|
6 |
WEB
|
Dolev Farhi
|
|
2021-03-08
|
|
GLPI 9.5.3 - 'fromtype' Unsafe Reflection
|
6 |
WEB
|
Vadym Soroka
|
|
2021-03-08
|
|
Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)
|
5 |
WEB
|
Nicholas Ferreira
|
|
2021-03-08
|
|
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
|
5 |
WEB
|
Christian Vierschilling
|
|
2021-03-05
|
|
Fluig 1.7.0 - Path Traversal
|
5 |
WEB
|
Lucas Souza
|
|
2021-03-04
|
|
Textpattern 4.8.3 - Remote code execution (Authenticated) (2)
|
5 |
WEB
|
Ricardo Ruiz
|
|
2021-03-04
|
|
Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
|
6 |
WEB
|
Deepak Kumar Bharti
|
|
2021-03-04
|
|
Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
|
7 |
WEB
|
Suraj Bhosale
|
|
2021-03-04
|
|
Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
|
5 |
WEB
|
Tushar Vaidya
|
|
2021-03-04
|
|
Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)
|
5 |
WEB
|
Tushar Vaidya
|
|
2021-03-04
|
|
Online Ordering System 1.0 - Arbitrary File Upload
|
6 |
WEB
|
Suraj Bhosale
|
|
2021-03-04
|
|
e107 CMS 2.3.0 - CSRF
|
7 |
WEB
|
Tadjmen
|
|
2021-03-03
|
|
Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Aut
|
7 |
WEB
|
Tushar Vaidya
|
|
2021-03-03
|
|
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting
|
6 |
WEB
|
Tushar Vaidya
|
|
2021-03-02
|
|
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
|
7 |
WEB
|
Mücahit Saratar
|
|
2021-03-02
|
|
Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting
|
5 |
WEB
|
P.Naveen Kumar
|
|
2021-03-02
|
|
Tiny Tiny RSS - Remote Code Execution
|
5 |
WEB
|
Daniel Neagaru
|
|
2021-03-02
|
|
Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting
|
6 |
WEB
|
Praharsh Kumar Singh
|
|
2021-03-01
|
|
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
|
6 |
WEB
|
Christian Vierschilling
|
|
2021-03-01
|
|
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
|
5 |
WEB
|
Christian Vierschilling
|
|
2021-03-01
|
|
VMware vCenter Server 7.0 - Unauthenticated File Upload
|
7 |
WEB
|
Photubias
|
|
2021-03-01
|
|
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
|
6 |
WEB
|
Berkan Er
|
|
2021-02-26
|
|
LightCMS 1.3.4 - 'exclusive' Stored XSS
|
6 |
WEB
|
Peithon
|
|
2021-02-26
|
|
Triconsole 3.75 - Reflected XSS
|
6 |
WEB
|
Akash Chathoth
|
|
2021-02-26
|
|
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
|
6 |
WEB
|
sml
|
|
2021-02-25
|
|
Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
|
5 |
WEB
|
Tushar Vaidya
|
|
2021-02-24
|
|
LayerBB 1.1.4 - 'search_query' SQL Injection
|
6 |
WEB
|
Görkem Haşin
|
|
2021-02-23
|
|
Batflat CMS 1.3.6 - 'multiple' Stored XSS
|
7 |
WEB
|
Tadjmen
|
|
2021-02-23
|
|
Monica 2.19.1 - 'last_name' Stored XSS
|
8 |
WEB
|
BouSalman
|
|
2021-02-19
|
|
Beauty Parlour Management System 1.0 - 'sername' SQL Injection
|
5 |
WEB
|
Thinkland Security Team
|
|
2021-02-19
|
|
OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting
|
3 |
WEB
|
Kamil Breński
|
|
2021-02-19
|
|
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
|
6 |
WEB
|
Suresh Kumar
|
|
2021-02-19
|
|
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
|
6 |
WEB
|
Pintu Solanki
|
|
2021-02-19
|
|
PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting
|
7 |
WEB
|
Anmol K Sachan
|
|
2021-02-18
|
|
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
|
5 |
WEB
|
mari0x00
|
|
2021-02-18
|
|
Gitea 1.12.5 - Remote Code Execution (Authenticated)
|
14 |
WEB
|
Podalirius
|
|
2021-02-17
|
|
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
|
7 |
WEB
|
Pintu Solanki
|
|
2021-02-17
|
|
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
|
6 |
WEB
|
Suresh Kumar
|
|
2021-02-16
|
|
BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
|
5 |
WEB
|
Kamaljeet Kumar
|
|
2021-02-16
|
|
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
|
4 |
WEB
|
Christian Vierschilling
|
|
2021-02-15
|
|
Teachers Record Management System 1.0 - 'searchteacher' SQL Injection
|
5 |
WEB
|
Soham Bakore
|
|
2021-02-15
|
|
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
|
6 |
WEB
|
snovvcrash
|
|
2021-02-12
|
|
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
|
5 |
WEB
|
Suresh Kumar
|
|
2021-02-12
|
|
School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
|
4 |
WEB
|
Pintu Solanki
|
|
2021-02-11
|
|
Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
|
4 |
WEB
|
Ricardo Ruiz
|
|
2021-02-11
|
|
Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)
|
7 |
WEB
|
Metin Yunus Kandemir
|
|
2021-02-11
|
|
b2evolution 6.11.6 - 'tab3' Reflected XSS
|
6 |
WEB
|
Nakul Ratti
|
|
2021-02-11
|
|
b2evolution 6.11.6 - 'redirect_to' Open Redirect
|
7 |
WEB
|
Nakul Ratti
|
|
2021-02-11
|
|
PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
|
6 |
WEB
|
Anmol K Sachan
|
|
2021-02-10
|
|
Node.JS - 'node-serialize' Remote Code Execution (2)
|
5 |
WEB
|
UndeadLarva
|
|
2021-02-10
|
|
b2evolution 6.11.6 - 'plugin name' Stored XSS
|
5 |
WEB
|
Soham Bakore
|
|
2021-02-09
|
|
Adobe Connect 10 - Username Disclosure
|
6 |
WEB
|
h4shur
|
|
2021-02-09
|
|
Online Car Rental System 1.0 - Stored Cross Site Scripting
|
4 |
WEB
|
Naved Shaikh
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
|
6 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
|
5 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
|
4 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
|
4 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
|
3 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
|
5 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
|
4 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
|
3 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
|
3 |
WEB
|
numan türle
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
|
5 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
|
5 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
|
3 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Jenzabar 9.2.2 - 'query' Reflected XSS.
|
3 |
WEB
|
y0ung_dst
|
|
2021-02-08
|
|
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
|
3 |
WEB
|
LiquidWorm
|
|
2021-02-05
|
|
SEO Panel 4.6.0 - Remote Code Execution (2)
|
3 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
PhreeBooks 5.2.3 ERP - Remote Code Execution (2)
|
4 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
|
4 |
WEB
|
SunCSR
|
|
2021-02-03
|
|
Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
|
4 |
WEB
|
Jannick Tiger
|
|
2021-02-03
|
|
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
|
4 |
WEB
|
Noth
|
|
2021-02-02
|
|
Student Record System 4.0 - 'cid' SQL Injection
|
3 |
WEB
|
Jannick Tiger
|
|
2021-02-01
|
|
WordPress 5.0.0 - Image Remote Code Execution
|
5 |
WEB
|
OUSSAMA RAHALI
|
|
2021-02-01
|
|
Klog Server 2.4.1 - Command Injection (Authenticated)
|
4 |
WEB
|
Metin Yunus Kandemir
|
|
2021-02-01
|
|
Roundcube Webmail 1.2 - File Disclosure
|
4 |
WEB
|
stonepresto
|
|
2021-02-01
|
|
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
|
4 |
WEB
|
Anmol K Sachan
|
|
2021-02-01
|
|
H8 SSRMS - 'id' IDOR
|
5 |
WEB
|
Mohammed Farhan
|
|
2021-02-01
|
|
bloofoxCMS 0.5.2.1 - CSRF (Add user)
|
5 |
WEB
|
LiPeiYi
|
|
2021-02-01
|
|
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
|
4 |
WEB
|
0xB9
|
|
2021-02-01
|
|
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
|
3 |
WEB
|
0xB9
|
|
2021-02-01
|
|
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
|
6 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
User Management System 1.0 - 'uid' SQL Injection
|
4 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
Zoo Management System 1.0 - 'anid' SQL Injection
|
4 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
|
4 |
WEB
|
0xB9
|
|
2021-01-29
|
|
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)
|
5 |
WEB
|
Darren Martyn
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
|
5 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
|
3 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
|
3 |
WEB
|
0xB9
|
|
2021-01-29
|
|
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
|
4 |
WEB
|
Lyghtnox
|
|
2021-01-29
|
|
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
|
4 |
WEB
|
mari0x00
|
|
2021-01-29
|
|
Online Grading System 1.0 - 'uname' SQL Injection
|
5 |
WEB
|
Ruchi Tiwari
|
|
2021-01-29
|
|
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
|
6 |
WEB
|
LiPeiYi
|
|
2021-01-28
|
|
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
|
6 |
WEB
|
ABDO10
|
|
2021-01-28
|
|
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
|
6 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
Fuel CMS 1.4.1 - Remote Code Execution (2)
|
5 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
|
5 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
|
4 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
|
4 |
WEB
|
Mahendra Purbia
|
|
2021-01-27
|
|
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
|
4 |
WEB
|
SunCSR
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
|
3 |
WEB
|
LiquidWorm
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
|
4 |
WEB
|
LiquidWorm
|
|
2021-01-26
|
|
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
|
4 |
WEB
|
CHackA0101
|
|
2021-01-26
|
|
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
|
5 |
WEB
|
Chiragh Arora
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
|
5 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
|
5 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
|
4 |
WEB
|
Marco Catalano
|
|
2021-01-25
|
|
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
|
3 |
WEB
|
Metin Yunus Kandemir
|
|
2021-01-25
|
|
Library System 1.0 - 'category' SQL Injection
|
3 |
WEB
|
Aitor Herrero
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
|
5 |
WEB
|
Richard Jones
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
|
6 |
WEB
|
Anita Gaud
|
|
2021-01-25
|
|
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
|
5 |
WEB
|
Deha Berkin Bir
|
|
2021-01-25
|
|
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
|
4 |
WEB
|
0xB9
|
|
2021-01-22
|
|
Atlassian Confluence Widget Connector Macro - SSTI
|
2 |
WEB
|
46o60
|
|
2021-01-22
|
|
ERPNext 12.14.0 - SQL Injection (Authenticated)
|
4 |
WEB
|
Hodorsec
|
|
2021-01-22
|
|
CASAP Automated Enrollment System 1.0 - Authentication Bypass
|
8 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Library System 1.0 - Authentication Bypass
|
4 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
|
3 |
WEB
|
Photubias
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
|
3 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)
|
3 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
|
4 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
|
3 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
|
5 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
|
4 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
|
4 |
WEB
|
LiquidWorm
|
