[webapps] Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)

Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)

[webapps] pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute

[webapps] ERPGo SaaS 3.9 - CSV Injection

ERPGo SaaS 3.9 - CSV Injection

[webapps] GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure

[webapps] Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated

Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated

[webapps] perfSONAR v4.4.5 - Partial Blind CSRF

perfSONAR v4.4.5 - Partial Blind CSRF

[local] NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

[remote] Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion

Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion

[webapps] Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)

[remote] AD Manager Plus 7122 - Remote Code Execution (RCE)

AD Manager Plus 7122 - Remote Code Execution (RCE)

[remote] TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)

TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)

[dos] AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)

AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)

[webapps] SugarCRM 12.2.0 - Remote Code Execution (RCE)

SugarCRM 12.2.0 - Remote Code Execution (RCE)

[remote] Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)

Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)

[webapps] XCMS v1.83 - Remote Command Execution (RCE)

XCMS v1.83 - Remote Command Execution (RCE)

[webapps] Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)

Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)

[webapps] Apache 2.4.x - Buffer Overflow

Apache 2.4.x - Buffer Overflow

[local] Splashtop 8.71.12001.0 - Unquoted Service Path

Splashtop 8.71.12001.0 - Unquoted Service Path

[webapps] Prizm Content Connect v10.5.1030.8315 - XXE

Prizm Content Connect v10.5.1030.8315 - XXE

[webapps] Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)

Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)

[webapps] ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)

ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)

[webapps] Ecommerse v1.0 - Cross-Site Scripting (XSS)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

[webapps] ClicShopping v3.402 - Cross-Site Scripting (XSS)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

[webapps] Virtual Reception v1.0 - Web Server Directory Traversal

Virtual Reception v1.0 - Web Server Directory Traversal

[webapps] WPForms 1.7.8 - Cross-Site Scripting (XSS)

WPForms 1.7.8 - Cross-Site Scripting (XSS)

[webapps] Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

[local] CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token

CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token

[webapps] Dreamer CMS v4.0.0 - SQL Injection

Dreamer CMS v4.0.0 - SQL Injection

[webapps] LISTSERV 17 - Insecure Direct Object Reference (IDOR)

LISTSERV 17 - Insecure Direct Object Reference (IDOR)

[local] Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

[webapps] Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

[webapps] 4images 1.9 - Remote Command Execution (RCE)

4images 1.9 - Remote Command Execution (RCE)

[webapps] Concrete5 CME v9.1.3 - Xpath injection

Concrete5 CME v9.1.3 - Xpath injection

[dos] Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

[remote] Router ZTE-H108NS - Authentication Bypass

Router ZTE-H108NS - Authentication Bypass

[webapps] LISTSERV 17 - Reflected Cross Site Scripting (XSS)

LISTSERV 17 - Reflected Cross Site Scripting (XSS)

[webapps] Boa Web Server v0.94.14 - Authentication Bypass

Boa Web Server v0.94.14 - Authentication Bypass

[webapps] Covenant v0.5 - Remote Code Execution (RCE)

Covenant v0.5 - Remote Code Execution (RCE)

[webapps] myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

[webapps] Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

[local] Zillya Total Security 3.0.2367.0 - Local Privilege Escalation

Zillya Total Security 3.0.2367.0 - Local Privilege Escalation

[webapps] Helmet Store Showroom v1.0 - SQL Injection

Helmet Store Showroom v1.0 - SQL Injection

[remote] Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow

Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow

[remote] Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)

Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)

[webapps] Human Resource Management System 1.0 - SQL Injection (unauthenticated)

Human Resource Management System 1.0 - SQL Injection (unauthenticated)

[webapps] Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)

Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)

[webapps] Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

[local] Outline V1.6.0 - Unquoted Service Path

Outline V1.6.0 - Unquoted Service Path

[remote] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

[webapps] WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)

WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)

[webapps] Revenue Collection System v1.0 - Remote Code Execution (RCE)

Revenue Collection System v1.0 - Remote Code Execution (RCE)

[remote] Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)

[webapps] BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

BoxBilling

[webapps] Jetpack 11.4 - Cross Site Scripting (XSS)

Jetpack 11.4 - Cross Site Scripting (XSS)

[dos] VMware Workstation 15 Pro - Denial of Service

VMware Workstation 15 Pro - Denial of Service

[webapps] OPSWAT Metadefender Core - Privilege Escalation

OPSWAT Metadefender Core - Privilege Escalation

[webapps] Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)

Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)

[webapps] ZKTeco ZEM/ZMM 8.88 - Missing Authentication

ZKTeco ZEM/ZMM 8.88 - Missing Authentication

[remote] Hashicorp Consul v1.0 - Remote Command Execution (RCE)

Hashicorp Consul v1.0 - Remote Command Execution (RCE)

[webapps] Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)

Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)