[webapps] mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

[remote] PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

[webapps] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

[dos] Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

[webapps] Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

[webapps] Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

[remote] WebCatalog 48.4 - Arbitrary Protocol Execution

WebCatalog 48.4 - Arbitrary Protocol Execution

[webapps] Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

[remote] RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

[remote] Proxmox VE - TOTP Brute Force

Proxmox VE - TOTP Brute Force

[webapps] 101 News 1.0 - Multiple-SQLi

101 News 1.0 - Multiple-SQLi

[webapps] Academy LMS 6.2 - SQL Injection

Academy LMS 6.2 - SQL Injection

[webapps] Academy LMS 6.2 - Reflected XSS

Academy LMS 6.2 - Reflected XSS

[webapps] Grocy <=4.0.2 - CSRF

Grocy

[remote] Equipment Rental Script-1.0 - SQLi

Equipment Rental Script-1.0 - SQLi

[remote] Ricoh Printer - Directory and File Exposure

Ricoh Printer - Directory and File Exposure

[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS

Blood Bank & Donor Management System using v2.2 - Stored XSS

[webapps] Fundraising Script 1.0 - SQLi

Fundraising Script 1.0 - SQLi

[webapps] PHP Shopping Cart 4.2 - Multiple-SQLi

PHP Shopping Cart 4.2 - Multiple-SQLi

[local] Typora v1.7.4 - OS Command Injection

Typora v1.7.4 - OS Command Injection

[local] 7 Sticky Notes v1.9 - OS Command Injection

7 Sticky Notes v1.9 - OS Command Injection

[webapps] Bank Locker Management System - SQL Injection

Bank Locker Management System - SQL Injection

[remote] Atcom 2.7.x.x - Authenticated Command Injection

Atcom 2.7.x.x - Authenticated Command Injection

[webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi

Shuttle-Booking-Software v1.0 - Multiple-SQLi

[webapps] Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

[webapps] GLPI GZIP(Py3) 9.4.5 - RCE

GLPI GZIP(Py3) 9.4.5 - RCE

[webapps] Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

[webapps] Limo Booking Software v1.0 - CORS

Limo Booking Software v1.0 - CORS

[dos] OpenPLC WebServer 3 - Denial of Service

OpenPLC WebServer 3 - Denial of Service

[webapps] Clcknshop 1.0.0 - SQL Injection

Clcknshop 1.0.0 - SQL Injection

[dos] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

[webapps] WEBIGniter v28.7.23 File Upload - Remote Code Execution

WEBIGniter v28.7.23 File Upload - Remote Code Execution

[webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)

Online ID Generator 1.0 - Remote Code Execution (RCE)

[webapps] Webedition CMS v2.9.8.8 - Blind SSRF

Webedition CMS v2.9.8.8 - Blind SSRF

[webapps] Cacti 1.2.24 - Authenticated command injection when using SNMP options

Cacti 1.2.24 - Authenticated command injection when using SNMP options

[webapps] Splunk 9.0.5 - admin account take over

Splunk 9.0.5 - admin account take over

[remote] Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

[webapps] Media Library Assistant Wordpress Plugin - RCE and LFI

Media Library Assistant Wordpress Plugin - RCE and LFI

[local] Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

[webapps] BoidCMS v2.0.0 - authenticated file upload vulnerability

BoidCMS v2.0.0 - authenticated file upload vulnerability

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

[webapps] Coppermine Gallery 1.6.25 - RCE

Coppermine Gallery 1.6.25 - RCE

[webapps] Minio 2022-07-29T19-40-48Z - Path traversal

Minio 2022-07-29T19-40-48Z - Path traversal

[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

[remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

[webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

[local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

[webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

[webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

Axigen

[webapps] Wp2Fac - OS Command Injection

Wp2Fac - OS Command Injection

[remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

[dos] SyncBreeze 15.2.24 - 'login' Denial of Service

SyncBreeze 15.2.24 - 'login' Denial of Service

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

[webapps] soosyze 2.0.0 - File Upload

soosyze 2.0.0 - File Upload

[webapps] Academy LMS 6.1 - Arbitrary File Upload

Academy LMS 6.1 - Arbitrary File Upload

[local] Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

[webapps] DLINK DPH-400SE - Exposure of Sensitive Information

DLINK DPH-400SE - Exposure of Sensitive Information

[webapps] Bus Reservation System 1.1 - Multiple-SQLi

Bus Reservation System 1.1 - Multiple-SQLi