Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2020-06-22   Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload 41 WEB BKpatron
2020-06-22   Odoo 12.0 - Local File Inclusion 40 WEB Emre ÖVÜNÇ
2020-06-22   Student Enrollment 1.0 - Unauthenticated Remote Code Execution 40 WEB Enesdex
2020-06-22   FileRun 2019.05.21 - Reflected Cross-Site Scripting 37 WEB Emre ÖVÜNÇ
2020-06-18   Beauty Parlour Management System 1.0 - Authentication Bypass 36 WEB Prof. Kailas PATIL
2020-06-17   OpenCTI 3.3.1 - Directory Traversal 35 WEB Raif Berkay Dincel
2020-06-17   College-Management-System-Php 1.0 - Authentication Bypass 36 WEB BLAY ABU SAFIAN
2020-06-16   Gila CMS 1.11.8 - 'query' SQL Injection 38 WEB BillyV4
2020-06-15   Netgear R7000 Router - Remote Code Execution 38 WEB grimm-co
2020-06-12   Sysax MultiServer 6.90 - Reflected Cross Site Scripting 38 WEB Luca Epifanio
2020-06-12   Avaya IP Office 11 - Password Disclosure 35 WEB hyp3rlinx
2020-06-12   SmarterMail 16 - Arbitrary File Upload 41 WEB vvhack.org
2020-06-10   Virtual Airlines Manager 2.6.2 - 'id' SQL Injection 32 WEB Mosaaed
2020-06-10   Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection 30 WEB Mehmet Kelepçe
2020-06-10   Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin) 34 WEB Extinction
2020-06-09   Bludit 3.9.12 - Directory Traversal 40 WEB Luis Vacacas
2020-06-09   Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection 36 WEB Kostadin Tonev
2020-06-08   Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection 31 WEB Pankaj Kumar Thakur
2020-06-08   Kyocera Printer d-COPIA253MF - Directory Traversal (PoC) 31 WEB Hakan Eren ŞAN
2020-06-05   Online-Exam-System 2015 - 'feedback' SQL Injection 35 WEB Gus Ralph
2020-06-05   Online Course Registration 1.0 - Authentication Bypass 31 WEB BKpatron
2020-06-04   Cayin Digital Signage System xPost 2.5 - Remote Command Injection 31 WEB LiquidWorm
2020-06-04   Cayin Signage Media Player 3.0 - Remote Command Injection (root) 30 WEB LiquidWorm
2020-06-04   Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read 34 WEB LiquidWorm
2020-06-04   SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User) 31 WEB LiquidWorm
2020-06-04   Cayin Content Management Server 11.0 - Remote Command Injection (root) 30 WEB LiquidWorm
2020-06-04   Online Marriage Registration System 1.0 - Remote Code Execution (1) 31 WEB Enesdex
2020-06-04   D-Link DIR-615 T1 20.10 - CAPTCHA Bypass 31 WEB huzaifa hussain
2020-06-04   Navigate CMS 2.8.7 - Authenticated Directory Traversal 33 WEB Gus Ralph
2020-06-04   VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution 30 WEB Tomas Melicher
2020-06-04   Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) 32 WEB Gus Ralph
2020-06-04   Clinic Management System 1.0 - Authenticated Arbitrary File Upload 31 WEB BKpatron
2020-06-04   Oriol Espinal CMS 1.0 - 'id' SQL Injection 27 WEB TSAR
2020-06-04   Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated) 33 WEB Gus Ralph
2020-06-04   Clinic Management System 1.0 - Unauthenticated Remote Code Execution 32 WEB BKpatron
2020-06-04   Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated) 34 WEB Enesdex
2020-06-04   AirControl 1.4.2 - PreAuth Remote Code Execution 36 WEB 0xd0ff9
2020-06-02   OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) 31 WEB Kailash Bohara
2020-06-02   Clinic Management System 1.0 - Authentication Bypass 53 WEB BKpatron
2020-06-01   QuickBox Pro 2.1.8 - Authenticated Remote Code Execution 33 WEB s1gh
2020-06-01   VMware vCenter Server 6.7 - Authentication Bypass 36 WEB Photubias
2020-06-01   WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation 38 WEB Raphael Karger
2020-05-29   Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass 32 WEB Halis Duraki
2020-05-29   WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) 37 WEB UnD3sc0n0c1d0
2020-05-28   QNAP QTS and Photo Station 6.0.3 - Remote Command Execution 35 WEB Th3GundY
2020-05-28   EyouCMS 1.4.6 - Persistent Cross-Site Scripting 36 WEB China Banking and Insurance Information Technology
2020-05-28   Online-Exam-System 2015 - 'fid' SQL Injection 35 WEB Berk Dusunur
2020-05-28   NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection 35 WEB Berk Dusunur
2020-05-27   OXID eShop 6.3.4 - 'sorting' SQL Injection 41 WEB VulnSpy
2020-05-27   Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting 31 WEB China Banking and Insurance Information Technology
2020-05-27   osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting 37 WEB Matthew Aberegg
2020-05-27   osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting 37 WEB Matthew Aberegg
2020-05-27   LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting 29 WEB Matthew Aberegg
2020-05-27   Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting 32 WEB that faceless coder
2020-05-26   WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution 38 WEB Austin Martin
2020-05-26   Pi-hole 4.4.0 - Remote Code Execution (Authenticated) 30 WEB Photubias
2020-05-26   Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated) 33 WEB Mehmet Kelepçe
2020-05-26   Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated) 47 WEB Kamaljeet Kumar
2020-05-26   OpenEMR 5.0.1 - Remote Code Execution (1) 48 WEB Musyoka Ian
2020-05-25   Online Discussion Forum Site 1.0 - Remote Code Execution 34 WEB Enesdex
2020-05-25   Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting 25 WEB Nitya Nand
2020-05-25   WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated) 37 WEB SunCSR
2020-05-22   Gym Management System 1.0 - Unauthenticated Remote Code Execution 34 WEB boku
2020-05-22   Dolibarr 11.0.3 - Persistent Cross-Site Scripting 35 WEB Mehmet Kelepçe
2020-05-21   OpenEDX platform Ironwood 2.5 - Remote Code Execution 34 WEB Daniel Monzón
2020-05-21   PHPFusion 9.03.50 - Persistent Cross-Site Scripting 36 WEB coiffeur
2020-05-21   Composr CMS 10.0.30 - Persistent Cross-Site Scripting 35 WEB Manuel García Cárdenas
2020-05-21   forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email) 41 WEB Daniel Ortiz
2020-05-20   CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution 36 WEB Wade Guest
2020-05-19   Victor CMS 1.0 - Authenticated Arbitrary File Upload 38 WEB Kishan Lal Choudhary
2020-05-19   NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password) 31 WEB JEBARAJ
2020-05-19   Submitty 20.04.01 - Persistent Cross-Site Scripting 33 WEB humblelad
2020-05-19   php-fusion 9.03.50 - 'ctype' SQL Injection 28 WEB SunCSR
2020-05-19   qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting 26 WEB Kishan Lal Choudhary
2020-05-19   Victor CMS 1.0 - 'cat_id' SQL Injection 30 WEB Kishan Lal Choudhary
2020-05-19   Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting 33 WEB Kishan Lal Choudhary
2020-05-18   Online Healthcare management system 1.0 - Authentication Bypass 34 WEB BKpatron
2020-05-18   Online Healthcare Patient Record Management System 1.0 - Authentication Bypass 51 WEB Daniel Monzón
2020-05-18   online Chatting System 1.0 - 'id' SQL Injection 30 WEB BKpatron
2020-05-18   Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload 29 WEB Kishan Lal Choudhary
2020-05-18   forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting 29 WEB Daniel Ortiz
2020-05-18   Oracle Hospitality RES 3700 5.7 - Remote Code Execution 32 WEB Walid Faour
2020-05-18   Online Examination System 1.0 - 'eid' SQL Injection 31 WEB BKpatron
2020-05-18   WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection 30 WEB Nguyen Khang
2020-05-18   Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection 29 WEB jul10l1r4
2020-05-15   ManageEngine Service Desk 10.0 - Cross-Site Scripting 25 WEB Felipe Molina
2020-05-15   vBulletin 5.6.1 - 'nodeId' SQL Injection 28 WEB Photubias
2020-05-14   E-Commerce System 1.0 - Unauthenticated Remote Code Execution 33 WEB SunCSR
2020-05-14   Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution 27 WEB Seecko Das
2020-05-14   Complaint Management System 1.0 - 'username' SQL Injection 31 WEB Daniel Ortiz
2020-05-13   Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting 34 WEB Vulnerability-Lab
2020-05-13   Tryton 5.4 - Persistent Cross-Site Scripting 28 WEB Vulnerability-Lab
2020-05-12   TylerTech Eagle 2018.3.11 - Remote Code Execution 28 WEB Anthony Cole
2020-05-12   qdPM 9.1 - Arbitrary File Upload 31 WEB Besim
2020-05-12   Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting 27 WEB Dylan Garnaud
2020-05-12   CuteNews 2.1.2 - Authenticated Arbitrary File Upload 31 WEB Nhat Ha
2020-05-12   WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection 31 WEB SunCSR
2020-05-12   Orchard Core RC1 - Persistent Cross-Site Scripting 26 WEB SunCSR
2014-12-23   Phase Botnet - Blind SQL Injection 26 WEB MalwareTech
2020-05-11   LibreNMS 1.46 - 'search' SQL Injection 28 WEB Punt
2020-05-11   Complaint Management System 1.0 - Authentication Bypass 40 WEB BKpatron
2020-05-11   Victor CMS 1.0 - 'post' SQL Injection 26 WEB BKpatron
2020-05-11   OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting 40 WEB Vulnerability-Lab
2020-05-11   WordPress Plugin Simple File List 4.2.2 - Remote Code Execution 38 WEB coiffeur
2020-05-11   CuteNews 2.1.2 - Arbitrary File Deletion 32 WEB Besim
2020-05-11   Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting 32 WEB Vulnerability-Lab
2020-05-11   Kartris 1.6 - Arbitrary File Upload 31 WEB Nhat Ha
2020-05-11   Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection 30 WEB Tarun Sehgal
2020-05-10   Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation 34 WEB Nick Frichette
2020-05-10   Pi-hole < 4.4 - Authenticated Remote Code Execution 33 WEB Nick Frichette
2020-05-07   Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection 34 WEB BKpatron
2020-05-07   Pisay Online E-Learning System 1.0 - Remote Code Execution 30 WEB boku
2020-05-07   Online Clothing Store 1.0 - Arbitrary File Upload 36 WEB Sushant Kamble
2020-05-07   School File Management System 1.0 - 'username' SQL Injection 38 WEB Tarun Sehgal
2020-05-07   Draytek VigorAP 1000C - Persistent Cross-Site Scripting 36 WEB Vulnerability-Lab
2020-05-07   Car Park Management System 1.0 - Authentication Bypass 31 WEB Tarun Sehgal
2020-05-06   MPC Sharj 3.11.1 - Arbitrary File Download 31 WEB SajjadBnd
2020-05-06   YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection 35 WEB coiffeur
2020-05-06   GitLab 12.9.0 - Arbitrary File Read 29 WEB KouroshRZ
2020-05-06   webTareas 2.0.p8 - Arbitrary File Deletion 30 WEB Besim
2020-05-06   Online Clothing Store 1.0 - 'username' SQL Injection 33 WEB Sushant Kamble
2020-05-06   Booked Scheduler 2.7.7 - Authenticated Directory Traversal 29 WEB Besim
2020-05-06   i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion 27 WEB Besim
2020-05-06   Online Clothing Store 1.0 - Persistent Cross-Site Scripting 34 WEB Sushant Kamble
2020-05-05   NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration 26 WEB Cold z3ro