|
2021-03-01
|
|
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
|
45 |
WEB
|
Christian Vierschilling
|
|
2021-03-01
|
|
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
|
31 |
WEB
|
Christian Vierschilling
|
|
2021-03-01
|
|
VMware vCenter Server 7.0 - Unauthenticated File Upload
|
27 |
WEB
|
Photubias
|
|
2021-03-01
|
|
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
|
30 |
WEB
|
Berkan Er
|
|
2021-02-26
|
|
LightCMS 1.3.4 - 'exclusive' Stored XSS
|
30 |
WEB
|
Peithon
|
|
2021-02-26
|
|
Triconsole 3.75 - Reflected XSS
|
31 |
WEB
|
Akash Chathoth
|
|
2021-02-26
|
|
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)
|
31 |
WEB
|
sml
|
|
2021-02-25
|
|
Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
|
30 |
WEB
|
Tushar Vaidya
|
|
2021-02-24
|
|
LayerBB 1.1.4 - 'search_query' SQL Injection
|
29 |
WEB
|
Görkem Haşin
|
|
2021-02-23
|
|
Batflat CMS 1.3.6 - 'multiple' Stored XSS
|
29 |
WEB
|
Tadjmen
|
|
2021-02-23
|
|
Monica 2.19.1 - 'last_name' Stored XSS
|
27 |
WEB
|
BouSalman
|
|
2021-02-19
|
|
Beauty Parlour Management System 1.0 - 'sername' SQL Injection
|
34 |
WEB
|
Thinkland Security Team
|
|
2021-02-19
|
|
OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting
|
35 |
WEB
|
Kamil Breński
|
|
2021-02-19
|
|
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
|
30 |
WEB
|
Suresh Kumar
|
|
2021-02-19
|
|
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
|
34 |
WEB
|
Pintu Solanki
|
|
2021-02-19
|
|
PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting
|
31 |
WEB
|
Anmol K Sachan
|
|
2021-02-18
|
|
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
|
40 |
WEB
|
mari0x00
|
|
2021-02-18
|
|
Gitea 1.12.5 - Remote Code Execution (Authenticated)
|
44 |
WEB
|
Podalirius
|
|
2021-02-17
|
|
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
|
36 |
WEB
|
Pintu Solanki
|
|
2021-02-17
|
|
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
|
28 |
WEB
|
Suresh Kumar
|
|
2021-02-16
|
|
BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
|
24 |
WEB
|
Kamaljeet Kumar
|
|
2021-02-16
|
|
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
|
25 |
WEB
|
Christian Vierschilling
|
|
2021-02-15
|
|
Teachers Record Management System 1.0 - 'searchteacher' SQL Injection
|
29 |
WEB
|
Soham Bakore
|
|
2021-02-15
|
|
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
|
28 |
WEB
|
snovvcrash
|
|
2021-02-12
|
|
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
|
38 |
WEB
|
Suresh Kumar
|
|
2021-02-12
|
|
School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
|
25 |
WEB
|
Pintu Solanki
|
|
2021-02-11
|
|
Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
|
26 |
WEB
|
Ricardo Ruiz
|
|
2021-02-11
|
|
Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)
|
29 |
WEB
|
Metin Yunus Kandemir
|
|
2021-02-11
|
|
b2evolution 6.11.6 - 'tab3' Reflected XSS
|
27 |
WEB
|
Nakul Ratti
|
|
2021-02-11
|
|
b2evolution 6.11.6 - 'redirect_to' Open Redirect
|
30 |
WEB
|
Nakul Ratti
|
|
2021-02-11
|
|
PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
|
28 |
WEB
|
Anmol K Sachan
|
|
2021-02-10
|
|
Node.JS - 'node-serialize' Remote Code Execution (2)
|
25 |
WEB
|
UndeadLarva
|
|
2021-02-10
|
|
b2evolution 6.11.6 - 'plugin name' Stored XSS
|
28 |
WEB
|
Soham Bakore
|
|
2021-02-09
|
|
Adobe Connect 10 - Username Disclosure
|
29 |
WEB
|
h4shur
|
|
2021-02-09
|
|
Online Car Rental System 1.0 - Stored Cross Site Scripting
|
28 |
WEB
|
Naved Shaikh
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
|
30 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
|
35 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
|
31 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
|
30 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
|
23 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
|
31 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
|
26 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
|
24 |
WEB
|
Kailash Bohara
|
|
2021-02-08
|
|
YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
|
23 |
WEB
|
numan türle
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
|
32 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
|
28 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
|
24 |
WEB
|
Erik David Martin
|
|
2021-02-08
|
|
Jenzabar 9.2.2 - 'query' Reflected XSS.
|
29 |
WEB
|
y0ung_dst
|
|
2021-02-08
|
|
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
|
26 |
WEB
|
LiquidWorm
|
|
2021-02-05
|
|
SEO Panel 4.6.0 - Remote Code Execution (2)
|
29 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
PhreeBooks 5.2.3 ERP - Remote Code Execution (2)
|
29 |
WEB
|
Kr0ff
|
|
2021-02-05
|
|
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
|
29 |
WEB
|
SunCSR
|
|
2021-02-03
|
|
Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution
|
27 |
WEB
|
Jannick Tiger
|
|
2021-02-03
|
|
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
|
28 |
WEB
|
Noth
|
|
2021-02-02
|
|
Student Record System 4.0 - 'cid' SQL Injection
|
29 |
WEB
|
Jannick Tiger
|
|
2021-02-01
|
|
WordPress 5.0.0 - Image Remote Code Execution
|
27 |
WEB
|
OUSSAMA RAHALI
|
|
2021-02-01
|
|
Klog Server 2.4.1 - Command Injection (Authenticated)
|
27 |
WEB
|
Metin Yunus Kandemir
|
|
2021-02-01
|
|
Roundcube Webmail 1.2 - File Disclosure
|
27 |
WEB
|
stonepresto
|
|
2021-02-01
|
|
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
|
25 |
WEB
|
Anmol K Sachan
|
|
2021-02-01
|
|
H8 SSRMS - 'id' IDOR
|
28 |
WEB
|
Mohammed Farhan
|
|
2021-02-01
|
|
bloofoxCMS 0.5.2.1 - CSRF (Add user)
|
25 |
WEB
|
LiPeiYi
|
|
2021-02-01
|
|
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
|
27 |
WEB
|
0xB9
|
|
2021-02-01
|
|
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
|
24 |
WEB
|
0xB9
|
|
2021-02-01
|
|
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
|
28 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
User Management System 1.0 - 'uid' SQL Injection
|
25 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
Zoo Management System 1.0 - 'anid' SQL Injection
|
31 |
WEB
|
Zeyad Azima
|
|
2021-02-01
|
|
MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
|
27 |
WEB
|
0xB9
|
|
2021-01-29
|
|
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)
|
32 |
WEB
|
Darren Martyn
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
|
27 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
|
26 |
WEB
|
Richard Jones
|
|
2021-01-29
|
|
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
|
26 |
WEB
|
0xB9
|
|
2021-01-29
|
|
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
|
29 |
WEB
|
Lyghtnox
|
|
2021-01-29
|
|
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
|
27 |
WEB
|
mari0x00
|
|
2021-01-29
|
|
Online Grading System 1.0 - 'uname' SQL Injection
|
29 |
WEB
|
Ruchi Tiwari
|
|
2021-01-29
|
|
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
|
35 |
WEB
|
LiPeiYi
|
|
2021-01-28
|
|
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
|
34 |
WEB
|
ABDO10
|
|
2021-01-28
|
|
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
|
28 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
Fuel CMS 1.4.1 - Remote Code Execution (2)
|
29 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
|
26 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
|
21 |
WEB
|
Alexandre ZANNI
|
|
2021-01-28
|
|
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
|
20 |
WEB
|
Mahendra Purbia
|
|
2021-01-27
|
|
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
|
23 |
WEB
|
SunCSR
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
|
22 |
WEB
|
LiquidWorm
|
|
2021-01-27
|
|
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
|
24 |
WEB
|
LiquidWorm
|
|
2021-01-26
|
|
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
|
24 |
WEB
|
CHackA0101
|
|
2021-01-26
|
|
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
|
23 |
WEB
|
Chiragh Arora
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
|
37 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
|
27 |
WEB
|
Marco Catalano
|
|
2021-01-26
|
|
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
|
23 |
WEB
|
Marco Catalano
|
|
2021-01-25
|
|
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
|
22 |
WEB
|
Metin Yunus Kandemir
|
|
2021-01-25
|
|
Library System 1.0 - 'category' SQL Injection
|
27 |
WEB
|
Aitor Herrero
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'route' Stored XSS
|
27 |
WEB
|
Richard Jones
|
|
2021-01-25
|
|
CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
|
32 |
WEB
|
Anita Gaud
|
|
2021-01-25
|
|
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
|
30 |
WEB
|
Deha Berkin Bir
|
|
2021-01-25
|
|
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
|
27 |
WEB
|
0xB9
|
|
2021-01-22
|
|
Atlassian Confluence Widget Connector Macro - SSTI
|
25 |
WEB
|
46o60
|
|
2021-01-22
|
|
ERPNext 12.14.0 - SQL Injection (Authenticated)
|
28 |
WEB
|
Hodorsec
|
|
2021-01-22
|
|
CASAP Automated Enrollment System 1.0 - Authentication Bypass
|
33 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Library System 1.0 - Authentication Bypass
|
27 |
WEB
|
Himanshu Shukla
|
|
2021-01-22
|
|
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
|
25 |
WEB
|
Photubias
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
|
26 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa 512 IP OCR-ANPR Camera - Stream Disclosure (Unauthenticated)
|
25 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
|
26 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
|
28 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
|
36 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
|
29 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
|
23 |
WEB
|
LiquidWorm
|
|
2021-01-22
|
|
Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
|
29 |
WEB
|
LiquidWorm
|
|
2021-01-21
|
|
Anchor CMS 0.12.7 - CSRF (Delete user)
|
38 |
WEB
|
Ninad Mishra
|
|
2021-01-21
|
|
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
|
39 |
WEB
|
SunCSR Team
|
|
2021-01-21
|
|
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
|
35 |
WEB
|
Matthew Aberegg
|
|
2021-01-21
|
|
Apartment Visitors Management System 1.0 - 'email' SQL Injection
|
30 |
WEB
|
CANKAT ÇAKMAK
|
|
2021-01-21
|
|
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
|
27 |
WEB
|
CANKAT ÇAKMAK
|
|
2021-01-20
|
|
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
|
26 |
WEB
|
Richard Jones
|
|
2021-01-20
|
|
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
|
29 |
WEB
|
omurugur
|
|
2021-01-20
|
|
ChurchRota 2.6.4 - RCE (Authenticated)
|
26 |
WEB
|
Rob McCarthy
|
|
2021-01-19
|
|
osTicket 1.14.2 - SSRF
|
24 |
WEB
|
Talat Mehmood
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
|
25 |
WEB
|
Aitor Herrero
|
|
2021-01-18
|
|
Life Insurance Management System 1.0 - 'client_id' SQL Injection
|
22 |
WEB
|
Aitor Herrero
|
|
2021-01-18
|
|
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
|
21 |
WEB
|
Karan Keswani
|
|
2021-01-18
|
|
Cisco UCS Manager 2.2(1d) - Remote Command Execution
|
29 |
WEB
|
liquidsky
|
|
2021-01-15
|
|
Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)
|
21 |
WEB
|
AkkuS
|
|
2021-01-15
|
|
E-Learning System 1.0 - Authentication Bypass
|
24 |
WEB
|
Himanshu Shukla
|
|
2021-01-15
|
|
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
|
26 |
WEB
|
Siva Rajendran
|
|
2021-01-15
|
|
EyesOfNetwork 5.3 - File Upload Remote Code Execution
|
27 |
WEB
|
Audencia Business SCHOOL Red Team
|
