[webapps] atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

[remote] TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

[local] GNU screen v4.9.0 - Privilege Escalation

GNU screen v4.9.0 - Privilege Escalation

[remote] D-Link DIR-846 - Remote Command Execution (RCE) vulnerability

D-Link DIR-846 - Remote Command Execution (RCE) vulnerability

[webapps] PhotoShow 3.0 - Remote Code Execution

PhotoShow 3.0 - Remote Code Execution

[webapps] Answerdev 1.0.3 - Account Takeover

Answerdev 1.0.3 - Account Takeover

[webapps] Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)

Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)

[remote] Binwalk v2.3.2 - Remote Command Execution (RCE)

Binwalk v2.3.2 - Remote Command Execution (RCE)

[remote] Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

[webapps] itech TrainSmart r1044 - SQL injection

itech TrainSmart r1044 - SQL injection

[webapps] ImageMagick 7.1.0-49 - Arbitrary File Read

ImageMagick 7.1.0-49 - Arbitrary File Read

[webapps] projectSend r1605 - Remote Code Exectution RCE

projectSend r1605 - Remote Code Exectution RCE

[webapps] Liferay Portal 6.2.5 - Insecure Permissions

Liferay Portal 6.2.5 - Insecure Permissions

[remote] SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

[dos] XWorm Trojan 2.1 - Null Pointer Derefernce DoS

XWorm Trojan 2.1 - Null Pointer Derefernce DoS

[webapps] Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

[webapps] BTCPay Server v1.7.4 - HTML Injection.

BTCPay Server v1.7.4 - HTML Injection.

[webapps] bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

[webapps] Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

[webapps] zstore 6.6.0 - Cross-Site Scripting (XSS)

zstore 6.6.0 - Cross-Site Scripting (XSS)

[webapps] Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

[dos] Apache Tomcat 10.1 - Denial Of Service

Apache Tomcat 10.1 - Denial Of Service

[webapps] Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

[remote] PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

[dos] ImageMagick 7.1.0-49 - DoS

ImageMagick 7.1.0-49 - DoS

[webapps] ERPNext 12.29 - Cross-Site Scripting (XSS)

ERPNext 12.29 - Cross-Site Scripting (XSS)

[webapps] CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

[webapps] Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)

Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)

[remote] Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure

Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure

[webapps] Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

[webapps] Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

[webapps] Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

[local] Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

[webapps] SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

[webapps] Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)

[webapps] Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated

Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated

[webapps] GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin

GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin

[local] HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

[local] sleuthkit 4.11.1 - Command Injection

sleuthkit 4.11.1 - Command Injection

[webapps] ChiKoi v1.0 - SQL Injection

ChiKoi v1.0 - SQL Injection

[local] Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow

Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow

[local] Windows 11 10.0.22000 - Backup service Privilege Escalation

Windows 11 10.0.22000 - Backup service Privilege Escalation

[webapps] Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)

Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)

[webapps] GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)

GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)

[webapps] GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion

GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion

[local] sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

[webapps] GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)

GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)

[webapps] AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)

AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)

[webapps] MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

[local] Solaris 10 libXm - Buffer overflow Local privilege escalation

Solaris 10 libXm - Buffer overflow Local privilege escalation

[local] Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path

Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path

[webapps] SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)

SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)

[webapps] GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin

GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin

[webapps] Roxy WI v6.1.0.0 - Improper Authentication Control

Roxy WI v6.1.0.0 - Improper Authentication Control

[webapps] Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

[webapps] Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

[webapps] WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE

WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE

[webapps] Nacos 2.0.3 - Access Control vulnerability

Nacos 2.0.3 - Access Control vulnerability

[webapps] ManageEngin AMP 4.3.0 - File-path-traversal

ManageEngin AMP 4.3.0 - File-path-traversal