[webapps] Employee Management System v1 - 'email' SQL Injection

Employee Management System v1 - 'email' SQL Injection

[webapps] JFrog Artifactory < 7.25.4 - Blind SQL Injection

JFrog Artifactory

[local] Microsoft Windows Defender - VBScript Detection Bypass

Microsoft Windows Defender - VBScript Detection Bypass

[webapps] Wondercms 4.3.2 - XSS to RCE

Wondercms 4.3.2 - XSS to RCE

[dos] XAMPP - Buffer Overflow POC

XAMPP - Buffer Overflow POC

[local] Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

[webapps] Metabase 0.46.6 - Pre-Auth Remote Code Execution

Metabase 0.46.6 - Pre-Auth Remote Code Execution

[local] DS Wireless Communication - Remote Code Execution

DS Wireless Communication - Remote Code Execution

[webapps] SISQUALWFM 7.1.319.103 - Host Header Injection

SISQUALWFM 7.1.319.103 - Host Header Injection

[webapps] Splunk 9.0.4 - Information Disclosure

Splunk 9.0.4 - Information Disclosure

[webapps] ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure

ManageEngine ADManager Plus Build

[webapps] Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

[dos] VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

[webapps] Wordpress Seotheme - Remote Code Execution Unauthenticated

Wordpress Seotheme - Remote Code Execution Unauthenticated

[webapps] Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

[dos] Elasticsearch - StackOverflow DoS

Elasticsearch - StackOverflow DoS

[webapps] Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

[remote] Zyxel zysh - Format string

Zyxel zysh - Format string

[webapps] Rail Pass Management System 1.0 - Time-Based SQL Injection

Rail Pass Management System 1.0 - Time-Based SQL Injection

[webapps] Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Wordpress 'simple urls' Plugin < 115 - XSS

Wordpress 'simple urls' Plugin

[webapps] Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

[webapps] GYM MS - GYM Management System - Cross Site Scripting (Stored)

GYM MS - GYM Management System - Cross Site Scripting (Stored)

[remote] Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

[webapps] TASKHUB-2.8.8 - XSS-Reflected

TASKHUB-2.8.8 - XSS-Reflected

[webapps] WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

[webapps] MISP 2.4.171 - Stored XSS

MISP 2.4.171 - Stored XSS

[webapps] Clinic's Patient Management System 1.0 - Unauthenticated RCE

Clinic's Patient Management System 1.0 - Unauthenticated RCE

[webapps] Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

[webapps] Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

[webapps] TP-Link TL-WR740N - UnAuthenticated Directory Transversal

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

[webapps] TP-LINK TL-WR740N - Multiple HTML Injection

TP-LINK TL-WR740N - Multiple HTML Injection

[webapps] mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

[remote] PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

[webapps] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

[dos] Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

[webapps] Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

[webapps] Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

[remote] WebCatalog 48.4 - Arbitrary Protocol Execution

WebCatalog 48.4 - Arbitrary Protocol Execution

[webapps] Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

[remote] RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

[remote] Proxmox VE - TOTP Brute Force

Proxmox VE - TOTP Brute Force

[webapps] 101 News 1.0 - Multiple-SQLi

101 News 1.0 - Multiple-SQLi

[webapps] Academy LMS 6.2 - SQL Injection

Academy LMS 6.2 - SQL Injection

[webapps] Academy LMS 6.2 - Reflected XSS

Academy LMS 6.2 - Reflected XSS

[webapps] Grocy <=4.0.2 - CSRF

Grocy

[remote] Equipment Rental Script-1.0 - SQLi

Equipment Rental Script-1.0 - SQLi

[remote] Ricoh Printer - Directory and File Exposure

Ricoh Printer - Directory and File Exposure

[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS

Blood Bank & Donor Management System using v2.2 - Stored XSS

[webapps] Fundraising Script 1.0 - SQLi

Fundraising Script 1.0 - SQLi

[webapps] PHP Shopping Cart 4.2 - Multiple-SQLi

PHP Shopping Cart 4.2 - Multiple-SQLi

[local] Typora v1.7.4 - OS Command Injection

Typora v1.7.4 - OS Command Injection

[local] 7 Sticky Notes v1.9 - OS Command Injection

7 Sticky Notes v1.9 - OS Command Injection

[webapps] Bank Locker Management System - SQL Injection

Bank Locker Management System - SQL Injection

[remote] Atcom 2.7.x.x - Authenticated Command Injection

Atcom 2.7.x.x - Authenticated Command Injection

[webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi

Shuttle-Booking-Software v1.0 - Multiple-SQLi

[webapps] Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

[webapps] GLPI GZIP(Py3) 9.4.5 - RCE

GLPI GZIP(Py3) 9.4.5 - RCE

[webapps] Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Wordpress Sonaar Music Plugin 4.7 - Stored XSS