[remote] pfsenseCE v2.6.0 - Anti-brute force protection bypass

pfsenseCE v2.6.0 - Anti-brute force protection bypass

[webapps] Joomla! v4.2.8 - Unauthenticated information disclosure

Joomla! v4.2.8 - Unauthenticated information disclosure

[webapps] ENTAB ERP 1.0 - Username PII leak

ENTAB ERP 1.0 - Username PII leak

[local] Wondershare Dr Fone 12.9.6 - Privilege Escalation

Wondershare Dr Fone 12.9.6 - Privilege Escalation

[remote] Schneider Electric v1.0 - Directory traversal & Broken Authentication

Schneider Electric v1.0 - Directory traversal & Broken Authentication

[remote] IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)

IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)

[remote] Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

[remote] Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

[remote] Franklin Fueling Systems TS-550 - Exploit and Default Password

Franklin Fueling Systems TS-550 - Exploit and Default Password

[webapps] MAC 1200R - Directory Traversal

MAC 1200R - Directory Traversal

[webapps] ChurchCRM 4.5.1 - Authenticated SQL Injection

ChurchCRM 4.5.1 - Authenticated SQL Injection

[webapps] Snitz Forum v1.0 - Blind SQL Injection

Snitz Forum v1.0 - Blind SQL Injection

[webapps] NotrinosERP 0.7 - Authenticated Blind SQL Injection

NotrinosERP 0.7 - Authenticated Blind SQL Injection

[webapps] Rukovoditel 3.3.1 - Remote Code Execution (RCE)

Rukovoditel 3.3.1 - Remote Code Execution (RCE)

[webapps] Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

[remote] Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure

Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure

[remote] Unified Remote 3.13.0 - Remote Code Execution (RCE)

Unified Remote 3.13.0 - Remote Code Execution (RCE)

[remote] Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit

Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit

[local] pdfkit v0.8.7.2 - Command Injection

pdfkit v0.8.7.2 - Command Injection

[webapps] Purchase Order Management-1.0 - Local File Inclusion

Purchase Order Management-1.0 - Local File Inclusion

[webapps] Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php

Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php

[webapps] Music Gallery Site v1.0 - SQL Injection on music_list.php

Music Gallery Site v1.0 - SQL Injection on music_list.php

[remote] Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

[webapps] Auto Dealer Management System v1.0 - SQL Injection

Auto Dealer Management System v1.0 - SQL Injection

[local] HospitalRun 1.0.0-beta - Local Root Exploit for macOS

HospitalRun 1.0.0-beta - Local Root Exploit for macOS

[webapps] Music Gallery Site v1.0 - Broken Access Control

Music Gallery Site v1.0 - Broken Access Control

[remote] Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification

Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification

[remote] WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

[remote] Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection

Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection

[webapps] Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI

[webapps] Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

[webapps] Best pos Management System v1.0 - SQL Injection

Best pos Management System v1.0 - SQL Injection

[webapps] Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking

Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking

[webapps] ChurchCRM v4.5.3-121fcc1 - SQL Injection

ChurchCRM v4.5.3-121fcc1 - SQL Injection

[webapps] Employee Task Management System v1.0 - Broken Authentication

Employee Task Management System v1.0 - Broken Authentication

[remote] Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection

[webapps] Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

[remote] Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

Osprey Pump Controller 1.0.1 - (userName) Blind Command Injection

[webapps] flatnux 2021-03.25 - Remote Code Execution (Authenticated)

flatnux 2021-03.25 - Remote Code Execution (Authenticated)

[remote] Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

[webapps] Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

[webapps] Music Gallery Site v1.0 - SQL Injection on page Master.php

Music Gallery Site v1.0 - SQL Injection on page Master.php

[webapps] Auto Dealer Management System 1.0 - Broken Access Control Exploit

Auto Dealer Management System 1.0 - Broken Access Control Exploit

[webapps] Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

[webapps] craftercms 4.x.x - CORS

craftercms 4.x.x - CORS

[webapps] Employee Task Management System v1.0 - SQL Injection on edit-task.php

Employee Task Management System v1.0 - SQL Injection on edit-task.php

[remote] Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack

[remote] ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

[webapps] Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)

[remote] Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS

[webapps] modoboa 2.0.4 - Admin TakeOver

modoboa 2.0.4 - Admin TakeOver

[webapps] Art Gallery Management System Project in PHP v 1.0 - SQL injection

Art Gallery Management System Project in PHP v 1.0 - SQL injection

[webapps] LDAP Tool Box Self Service Password v1.5.2 - Account takeover

LDAP Tool Box Self Service Password v1.5.2 - Account takeover

[webapps] EasyNas 1.1.0 - OS Command Injection

EasyNas 1.1.0 - OS Command Injection

[remote] Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

[webapps] Intern Record System v1.0 - SQL Injection (Unauthenticated)

Intern Record System v1.0 - SQL Injection (Unauthenticated)

[webapps] Dompdf 1.2.1 - Remote Code Execution (RCE)

Dompdf 1.2.1 - Remote Code Execution (RCE)

[webapps] Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)

[local] FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking

[webapps] POLR URL 2.3.0 - Shortener Admin Takeover

POLR URL 2.3.0 - Shortener Admin Takeover