[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

[remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

[webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

[local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

[webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

[webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

Axigen

[webapps] Wp2Fac - OS Command Injection

Wp2Fac - OS Command Injection

[remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

[dos] SyncBreeze 15.2.24 - 'login' Denial of Service

SyncBreeze 15.2.24 - 'login' Denial of Service

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

[webapps] soosyze 2.0.0 - File Upload

soosyze 2.0.0 - File Upload

[webapps] Academy LMS 6.1 - Arbitrary File Upload

Academy LMS 6.1 - Arbitrary File Upload

[local] Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

[webapps] DLINK DPH-400SE - Exposure of Sensitive Information

DLINK DPH-400SE - Exposure of Sensitive Information

[webapps] Bus Reservation System 1.1 - Multiple-SQLi

Bus Reservation System 1.1 - Multiple-SQLi

[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

[local] Kingo ROOT 1.5.8 - Unquoted Service Path

Kingo ROOT 1.5.8 - Unquoted Service Path

[remote] Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

Ivanti Avalanche

[webapps] Hyip Rio 2.1 - Arbitrary File Upload

Hyip Rio 2.1 - Arbitrary File Upload

[webapps] Blood Donor Management System v1.0 - Stored XSS

Blood Donor Management System v1.0 - Stored XSS

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

[webapps] FileMage Gateway 1.10.9 - Local File Inclusion

FileMage Gateway 1.10.9 - Local File Inclusion

[local] NVClient v5.0 - Stack Buffer Overflow (DoS)

NVClient v5.0 - Stack Buffer Overflow (DoS)

[webapps] WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

[webapps] Credit Lite 1.5.4 - SQL Injection

Credit Lite 1.5.4 - SQL Injection

[webapps] AdminLTE PiHole 5.18 - Broken Access Control

AdminLTE PiHole 5.18 - Broken Access Control

[webapps] Member Login Script 3.3 - Client-side desync

Member Login Script 3.3 - Client-side desync

[webapps] Uvdesk 1.1.4 - Stored XSS (Authenticated)

Uvdesk 1.1.4 - Stored XSS (Authenticated)

[webapps] User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

[webapps] User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

[remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

[webapps] Dolibarr Version 17.0.1 - Stored XSS

Dolibarr Version 17.0.1 - Stored XSS

[webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

[webapps] Global - Multi School Management System Express v1.0- SQL Injection

Global - Multi School Management System Express v1.0- SQL Injection

[webapps] OVOO Movie Portal CMS v3.3.3 - SQL Injection

OVOO Movie Portal CMS v3.3.3 - SQL Injection

[remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

[remote] EuroTel ETL3100 - Transmitter Default Credentials

EuroTel ETL3100 - Transmitter Default Credentials

[webapps] Color Prediction Game v1.0 - SQL Injection

Color Prediction Game v1.0 - SQL Injection

[webapps] Taskhub CRM Tool 2.8.6 - SQL Injection

Taskhub CRM Tool 2.8.6 - SQL Injection

[remote] EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

[webapps] Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

[local] Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

[remote] TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

[remote] EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

[webapps] Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

[local] OutSystems Service Studio 11.53.30 - DLL Hijacking

OutSystems Service Studio 11.53.30 - DLL Hijacking

[remote] TP-Link Archer AX21 - Unauthenticated Command Injection

TP-Link Archer AX21 - Unauthenticated Command Injection

[webapps] Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

[local] systemd 246 - Local Privilege Escalation

systemd 246 - Local Privilege Escalation

[webapps] PHPJabbers Vacation Rental Script 4.0 - CSRF

PHPJabbers Vacation Rental Script 4.0 - CSRF

[webapps] Social-Commerce 3.1.6 - Reflected XSS

Social-Commerce 3.1.6 - Reflected XSS

[webapps] Emagic Data Center Management Suite v6.0 - OS Command Injection

Emagic Data Center Management Suite v6.0 - OS Command Injection

[webapps] mooSocial 3.1.8 - Reflected XSS

mooSocial 3.1.8 - Reflected XSS

[webapps] Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

[webapps] Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

[webapps] Lucee 5.4.2.17 - Authenticated Reflected XSS

Lucee 5.4.2.17 - Authenticated Reflected XSS

[webapps] JLex GuestBook 1.6.4 - Reflected XSS

JLex GuestBook 1.6.4 - Reflected XSS

[webapps] Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

[webapps] Webedition CMS v2.9.8.8 - Stored XSS

Webedition CMS v2.9.8.8 - Stored XSS