WEB

<<共17/238页首页上页 [14] [15] [16] 17 [18] [19] [20] 下页末页 >>

Date	Description		Plat.	Author
2021-01-28	Fuel CMS 1.4.1 - Remote Code Execution (2)	12	WEB	Alexandre ZANNI
2021-01-28	OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)	11	WEB	Alexandre ZANNI
2021-01-28	CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)	8	WEB	Alexandre ZANNI
2021-01-28	EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting	8	WEB	Mahendra Purbia
2021-01-27	Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)	9	WEB	SunCSR
2021-01-27	STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)	8	WEB	LiquidWorm
2021-01-27	STVS ProVision 5.9.10 - File Disclosure (Authenticated)	9	WEB	LiquidWorm
2021-01-26	Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)	11	WEB	CHackA0101
2021-01-26	Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting	10	WEB	Chiragh Arora
2021-01-26	Simple College Website 1.0 - 'full' Stored Cross Site Scripting	10	WEB	Marco Catalano
2021-01-26	Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)	11	WEB	Marco Catalano
2021-01-26	Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)	10	WEB	Marco Catalano
2021-01-25	Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)	10	WEB	Metin Yunus Kandemir
2021-01-25	Library System 1.0 - 'category' SQL Injection	13	WEB	Aitor Herrero
2021-01-25	CASAP Automated Enrollment System 1.0 - 'route' Stored XSS	12	WEB	Richard Jones
2021-01-25	CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS	14	WEB	Anita Gaud
2021-01-25	Collabtive 3.1 - 'address' Persistent Cross-Site Scripting	14	WEB	Deha Berkin Bir
2021-01-25	MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting	12	WEB	0xB9
2021-01-22	Atlassian Confluence Widget Connector Macro - SSTI	11	WEB	46o60
2021-01-22	ERPNext 12.14.0 - SQL Injection (Authenticated)	10	WEB	Hodorsec
2021-01-22	CASAP Automated Enrollment System 1.0 - Authentication Bypass	14	WEB	Himanshu Shukla
2021-01-22	Library System 1.0 - Authentication Bypass	9	WEB	Himanshu Shukla
2021-01-22	Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)	10	WEB	Photubias
2021-01-22	Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)	11	WEB	LiquidWorm
2021-01-22	Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)	8	WEB	LiquidWorm
2021-01-22	Selea Targa IP OCR-ANPR Camera - CSRF Add Admin	8	WEB	LiquidWorm
2021-01-22	Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)	7	WEB	LiquidWorm
2021-01-22	Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)	16	WEB	LiquidWorm
2021-01-22	Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite	9	WEB	LiquidWorm
2021-01-22	Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS	10	WEB	LiquidWorm
2021-01-22	Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution	15	WEB	LiquidWorm
2021-01-21	Anchor CMS 0.12.7 - CSRF (Delete user)	12	WEB	Ninad Mishra
2021-01-21	Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)	14	WEB	SunCSR Team
2021-01-21	Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting	12	WEB	Matthew Aberegg
2021-01-21	Apartment Visitors Management System 1.0 - 'email' SQL Injection	11	WEB	CANKAT ÇAKMAK
2021-01-21	Online Documents Sharing Platform 1.0 - 'user' SQL Injection	9	WEB	CANKAT ÇAKMAK
2021-01-20	Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)	11	WEB	Richard Jones
2021-01-20	Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS	10	WEB	omurugur
2021-01-20	ChurchRota 2.6.4 - RCE (Authenticated)	9	WEB	Rob McCarthy
2021-01-19	osTicket 1.14.2 - SSRF	8	WEB	Talat Mehmood
2021-01-18	Life Insurance Management System 1.0 - File Upload RCE (Authenticated)	9	WEB	Aitor Herrero
2021-01-18	Life Insurance Management System 1.0 - 'client_id' SQL Injection	8	WEB	Aitor Herrero
2021-01-18	Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)	9	WEB	Karan Keswani
2021-01-18	Cisco UCS Manager 2.2(1d) - Remote Command Execution	9	WEB	liquidsky
2021-01-15	Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)	8	WEB	AkkuS
2021-01-15	E-Learning System 1.0 - Authentication Bypass	10	WEB	Himanshu Shukla
2021-01-15	Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS	11	WEB	Siva Rajendran
2021-01-15	EyesOfNetwork 5.3 - File Upload Remote Code Execution	11	WEB	Audencia Business SCHOOL Red Team
2021-01-15	Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection	10	WEB	Mesut Cetin
2021-01-15	Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)	9	WEB	Mesut Cetin
2021-01-15	Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection	8	WEB	Mesut Cetin
2021-01-15	Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting	9	WEB	Mesut Cetin
2021-01-15	WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)	11	WEB	Rahul Ramakant Singh
2021-01-15	PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)	9	WEB	Mohamed Oosman
2021-01-14	Laravel 8.4.2 debug mode - Remote code execution	10	WEB	SunCSR Team
2021-01-14	Online Shopping Cart System 1.0 - 'id' SQL Injection	11	WEB	Aydın Baran Ertemir
2021-01-14	Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)	8	WEB	Haboob Team
2021-01-14	Online Movie Streaming 1.0 - Admin Authentication Bypass	9	WEB	Richard Jones
2021-01-13	Online Hotel Reservation System 1.0 - Admin Authentication Bypass	12	WEB	Richard Jones
2021-01-12	SmartAgent 3.1.0 - Privilege Escalation	12	WEB	Orion Hridoy
2021-01-12	Cemetry Mapping and Information System 1.0 - Multiple SQL Injections	12	WEB	Mesut Cetin
2021-01-12	Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)	13	WEB	Enesdex
2021-01-11	Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection	11	WEB	Jaimin Gondaliya
2021-01-11	OpenCart 3.0.36 - ATO via Cross Site Request Forgery	11	WEB	Mahendra Purbia
2021-01-11	WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)	9	WEB	Swapnil Subhash Bodekar
2021-01-11	Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting	10	WEB	Mesut Cetin
2021-01-11	EyesOfNetwork 5.3 - LFI	11	WEB	Audencia Business SCHOOL Red Team
2021-01-11	Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting	11	WEB	Ramazan Mert GÖKTEN
2021-01-11	EyesOfNetwork 5.3 - RCE & PrivEsc	10	WEB	Audencia Business SCHOOL Red Team
2021-01-08	Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)	12	WEB	SunCSR Team
2021-01-08	WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)	6	WEB	SunCSR Team
2021-01-08	Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)	8	WEB	SunCSR Team
2021-01-08	Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)	8	WEB	Metin Yunus Kandemir
2021-01-08	Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS	8	WEB	Mohamed habib Smidi
2021-01-08	Life Insurance Management System 1.0 - Multiple Stored XSS	9	WEB	Arnav Tripathy
2021-01-07	CRUD Operation 1.0 - Multiple Stored XSS	8	WEB	Arnav Tripathy
2021-01-07	ECSIMAGING PACS 6.21.5 - SQL injection	8	WEB	shoxxdj
2021-01-07	Curfew e-Pass Management System 1.0 - Stored XSS	8	WEB	Arnav Tripathy
2021-01-07	Cockpit CMS 0.6.1 - Remote Code Execution	9	WEB	Rafael Resende
2021-01-07	Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution	10	WEB	Saeed Bala Ahmed
2021-01-07	ECSIMAGING PACS 6.21.5 - Remote code execution	10	WEB	shoxxdj
2021-01-07	iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)	10	WEB	h4cks1n
2021-01-06	Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)	13	WEB	1F98D
2021-01-06	Gitea 1.7.5 - Remote Code Execution	22	WEB	1F98D
2021-01-06	Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)	13	WEB	Arnav Tripathy
2021-01-06	Newgen Correspondence Management System (corms) eGov 12.0 - IDOR	9	WEB	ALI AL SINAN
2021-01-06	WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting	11	WEB	Mehmet Kelepçe
2021-01-06	Responsive E-Learning System 1.0 - Stored Cross Site Scripting	10	WEB	Kshitiz Raj
2021-01-06	Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE	10	WEB	Kshitiz Raj
2021-01-06	WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting	10	WEB	Nhat Ha
2021-01-06	Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting	10	WEB	Shivam Verma
2021-01-06	IPeakCMS 3.5 - Boolean-based blind SQLi	12	WEB	MoeAlBarbari
2021-01-06	Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)	11	WEB	Rahul Ramakant Singh
2021-01-05	EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scriptin	12	WEB	Mesut Cetin
2021-01-05	Klog Server 2.4.1 - Command Injection (Unauthenticated)	11	WEB	B3KC4T
2021-01-05	Online Learning Management System 1.0 - RCE (Authenticated)	12	WEB	Bedri Sertkaya
2021-01-05	CSZ CMS 1.2.9 - Multiple Cross-Site Scripting	12	WEB	SunCSR
2021-01-05	Cassandra Web 0.5.0 - Remote File Read	12	WEB	Jeremy Brown
2021-01-05	HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities	11	WEB	Jeremy Brown
2021-01-05	Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)	12	WEB	Jeremy Brown
2021-01-05	Responsive FileManager 9.13.4 - 'path' Path Traversal	10	WEB	Sun* Cyber Security Research Team
2021-01-05	Baby Care System 1.0 - 'Post title' Stored XSS	9	WEB	Hardik Solanki
2021-01-05	Responsive E-Learning System 1.0 - 'id' Sql Injection	8	WEB	Kshitiz Raj
2021-01-05	Online Movie Streaming 1.0 - Authentication Bypass	9	WEB	Kshitiz Raj
2021-01-05	WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS	10	WEB	Park Won Seok
2021-01-05	WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS	11	WEB	Park Won Seok
2021-01-05	Resumes Management and Job Application Website 1.0 - Authentication Bypass	11	WEB	Kshitiz Raj
2021-01-05	IncomCMS 2.0 - Insecure File Upload	12	WEB	MoeAlBarbari
2021-01-04	Arteco Web Client DVR/NVR - 'SessionId' Brute Force	12	WEB	LiquidWorm
2021-01-04	Click2Magic 1.1.5 - Stored Cross-Site Scripting	12	WEB	Shivam Verma
2021-01-04	Subrion CMS 4.2.1 - 'avatar[path]' XSS	9	WEB	icekam
2021-01-04	CMS Made Simple 2.2.15 - RCE (Authenticated)	7	WEB	Andrey Stoykov
2021-01-04	sar2html 3.2.1 - 'plot' Remote Code Execution	11	WEB	Musyoka Ian
2021-01-04	Advanced Comment System 1.0 - 'ACS_path' Path Traversal	10	WEB	Francisco Javier Santiago Vázquez
2021-01-04	Mantis Bug Tracker 2.24.3 - 'access' SQL Injection	12	WEB	EthicalHCOP
2021-01-04	4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting	12	WEB	Ritesh Gohil
2021-01-04	Wordpress Core 5.2.2 - 'post previews' XSS	12	WEB	gx1
2020-12-24	Apartment Visitors Management System 1.0 - Authentication Bypass	10	WEB	Kshitiz Raj
2020-12-24	GitLab 11.4.7 - RCE (Authenticated) (2)	10	WEB	Norbert Hofmann
2020-12-24	WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting	12	WEB	Park Won Seok
2020-12-24	WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload	12	WEB	spacehen
2020-12-23	Baby Care System 1.0 - 'roleid' SQL Injection	8	WEB	Vijay Sachdeva
2020-12-23	TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)	11	WEB	AkkuS
2020-12-23	Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS	8	WEB	Vijay Sachdeva
2020-12-23	Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection	16	WEB	gx1

<<共17/238页首页上页 [14] [15] [16] 17 [18] [19] [20] 下页末页 >>