[remote] Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

[webapps] Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

[remote] Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

[webapps] flatnux 2021-03.25 - Remote Code Execution (Authenticated)

flatnux 2021-03.25 - Remote Code Execution (Authenticated)

[remote] Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

[webapps] Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

[webapps] Music Gallery Site v1.0 - SQL Injection on page Master.php

Music Gallery Site v1.0 - SQL Injection on page Master.php

[webapps] Auto Dealer Management System 1.0 - Broken Access Control Exploit

Auto Dealer Management System 1.0 - Broken Access Control Exploit

[webapps] Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

[webapps] craftercms 4.x.x - CORS

craftercms 4.x.x - CORS

[webapps] Employee Task Management System v1.0 - SQL Injection on edit-task.php

Employee Task Management System v1.0 - SQL Injection on edit-task.php

[remote] Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

[remote] ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

[webapps] Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

[remote] Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

[webapps] modoboa 2.0.4 - Admin TakeOver

modoboa 2.0.4 - Admin TakeOver

[webapps] Art Gallery Management System Project in PHP v 1.0 - SQL injection

Art Gallery Management System Project in PHP v 1.0 - SQL injection

[webapps] LDAP Tool Box Self Service Password v1.5.2 - Account takeover

LDAP Tool Box Self Service Password v1.5.2 - Account takeover

[webapps] EasyNas 1.1.0 - OS Command Injection

EasyNas 1.1.0 - OS Command Injection

[remote] Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

[webapps] Intern Record System v1.0 - SQL Injection (Unauthenticated)

Intern Record System v1.0 - SQL Injection (Unauthenticated)

[webapps] Dompdf 1.2.1 - Remote Code Execution (RCE)

Dompdf 1.2.1 - Remote Code Execution (RCE)

[webapps] Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

[local] FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

[webapps] POLR URL 2.3.0 - Shortener Admin Takeover

POLR URL 2.3.0 - Shortener Admin Takeover

[webapps] atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

[remote] TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

[local] GNU screen v4.9.0 - Privilege Escalation

GNU screen v4.9.0 - Privilege Escalation

[remote] D-Link DIR-846 - Remote Command Execution (RCE) vulnerability

D-Link DIR-846 - Remote Command Execution (RCE) vulnerability

[webapps] PhotoShow 3.0 - Remote Code Execution

PhotoShow 3.0 - Remote Code Execution

[webapps] Answerdev 1.0.3 - Account Takeover

Answerdev 1.0.3 - Account Takeover

[webapps] Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)

Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)

[remote] Binwalk v2.3.2 - Remote Command Execution (RCE)

Binwalk v2.3.2 - Remote Command Execution (RCE)

[remote] Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

[webapps] itech TrainSmart r1044 - SQL injection

itech TrainSmart r1044 - SQL injection

[webapps] ImageMagick 7.1.0-49 - Arbitrary File Read

ImageMagick 7.1.0-49 - Arbitrary File Read

[webapps] projectSend r1605 - Remote Code Exectution RCE

projectSend r1605 - Remote Code Exectution RCE

[webapps] Liferay Portal 6.2.5 - Insecure Permissions

Liferay Portal 6.2.5 - Insecure Permissions

[remote] SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

[dos] XWorm Trojan 2.1 - Null Pointer Derefernce DoS

XWorm Trojan 2.1 - Null Pointer Derefernce DoS

[webapps] Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

[webapps] BTCPay Server v1.7.4 - HTML Injection.

BTCPay Server v1.7.4 - HTML Injection.

[webapps] bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)

[webapps] Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)

[webapps] zstore 6.6.0 - Cross-Site Scripting (XSS)

zstore 6.6.0 - Cross-Site Scripting (XSS)

[webapps] Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

[dos] Apache Tomcat 10.1 - Denial Of Service

Apache Tomcat 10.1 - Denial Of Service

[webapps] Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)

[remote] PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

[dos] ImageMagick 7.1.0-49 - DoS

ImageMagick 7.1.0-49 - DoS

[webapps] ERPNext 12.29 - Cross-Site Scripting (XSS)

ERPNext 12.29 - Cross-Site Scripting (XSS)

[webapps] CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

[webapps] Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)

Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)

[remote] Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure

Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure

[webapps] Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

[webapps] Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

Froxlor 2.0.3 Stable - Remote Code Execution (RCE)

[webapps] Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

[local] Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

[webapps] SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

[webapps] Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)