[remote] Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution

[remote] Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

[webapps] Faculty Evaluation System v1.0 - SQL Injection

Faculty Evaluation System v1.0 - SQL Injection

[webapps] Lost and Found Information System v1.0 - SQL Injection

Lost and Found Information System v1.0 - SQL Injection

[webapps] Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

[webapps] Beauty Salon Management System v1.0 - SQLi

Beauty Salon Management System v1.0 - SQLi

[webapps] GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] FuguHub 8.1 - Remote Code Execution

FuguHub 8.1 - Remote Code Execution

[webapps] WebsiteBaker v2.13.3 - Stored XSS

WebsiteBaker v2.13.3 - Stored XSS

[webapps] Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

[webapps] D-Link DAP-1325 - Broken Access Control

D-Link DAP-1325 - Broken Access Control

[webapps] WP AutoComplete 1.0.4 - Unauthenticated SQLi

WP AutoComplete 1.0.4 - Unauthenticated SQLi

[webapps] WebsiteBaker v2.13.3 - Directory Traversal

WebsiteBaker v2.13.3 - Directory Traversal

[webapps] WBCE CMS 1.6.1 - Open Redirect & CSRF

WBCE CMS 1.6.1 - Open Redirect & CSRF

[webapps] spip v4.1.10 - Spoofing Admin account

spip v4.1.10 - Spoofing Admin account

[dos] TP-Link TL-WR940N V4 - Buffer OverFlow

TP-Link TL-WR940N V4 - Buffer OverFlow

[webapps] Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

[webapps] Rukovoditel 3.4.1 - Multiple Stored XSS

Rukovoditel 3.4.1 - Multiple Stored XSS

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

[webapps] Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

[webapps] PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

[webapps] POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

[local] Windows 11 22h2 - Kernel Privilege Elevation

Windows 11 22h2 - Kernel Privilege Elevation

[webapps] Microsoft SharePoint Enterprise Server 2016 - Spoofing

Microsoft SharePoint Enterprise Server 2016 - Spoofing

[webapps] Xenforo Version 2.2.13 - Authenticated Stored XSS

Xenforo Version 2.2.13 - Authenticated Stored XSS

[remote] Azure Apache Ambari 2302250400 - Spoofing

Azure Apache Ambari 2302250400 - Spoofing

[webapps] PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory

PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory

[webapps] Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated)

Bludit

[local] NCH Express Invoice - Clear Text Password Storage and Account Takeover

NCH Express Invoice - Clear Text Password Storage and Account Takeover

[webapps] MCL-Net 4.3.5.8788 - Information Disclosure

MCL-Net 4.3.5.8788 - Information Disclosure

[webapps] Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)

Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)

[remote] Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing

Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing

[webapps] HiSecOS 04.0.01 - Privilege Escalation

HiSecOS 04.0.01 - Privilege Escalation

[webapps] Super Socializer 7.13.52 - Reflected XSS

Super Socializer 7.13.52 - Reflected XSS

[webapps] WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

[webapps] SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

[remote] Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

[webapps] Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

[webapps] Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

[webapps] The Shop v2.5 - SQL Injection

The Shop v2.5 - SQL Injection

[webapps] Jobpilot v2.61 - SQL Injection

Jobpilot v2.61 - SQL Injection

[webapps] Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

[webapps] Groomify v1.0 - SQL Injection

Groomify v1.0 - SQL Injection

[webapps] WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

[webapps] Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

[webapps] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

[webapps] Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] projectSend r1605 - Stored XSS

projectSend r1605 - Stored XSS

[webapps] Online Thesis Archiving System v1.0 - Multiple-SQLi

Online Thesis Archiving System v1.0 - Multiple-SQLi

[remote] Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak

Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak

[webapps] projectSend r1605 - CSV injection

projectSend r1605 - CSV injection

[remote] Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution

[webapps] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

[webapps] Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)