[remote] TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

[remote] Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

[webapps] Easywall 0.3.1 - Authenticated Remote Command Execution

Easywall 0.3.1 - Authenticated Remote Command Execution

[local] A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

[remote] TPC-110W - Missing Authentication for Critical Function

TPC-110W - Missing Authentication for Critical Function

[remote] Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

[remote] GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

[remote] Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

[local] Windows PowerShell - Event Log Bypass Single Quote Code Execution

Windows PowerShell - Event Log Bypass Single Quote Code Execution

[webapps] Magento ver. 2.4.6 - XSLT Server Side Injection

Magento ver. 2.4.6 - XSLT Server Side Injection

[remote] R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

[remote] Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

[remote] AC Repair and Services System v1.0 - Multiple SQL Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

[remote] Enrollment System v1.0 - SQL Injection

Enrollment System v1.0 - SQL Injection

[remote] Real Estate Management System v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload

[remote] GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

[remote] GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

[remote] Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

[remote] Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

[remote] Petrol Pump Management Software v.1.0 - SQL Injection

Petrol Pump Management Software v.1.0 - SQL Injection

[webapps] Boss Mini 1.4.0 - local file inclusion

Boss Mini 1.4.0 - local file inclusion

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

[webapps] Blood Bank v1.0 - Multiple SQL Injection

Blood Bank v1.0 - Multiple SQL Injection

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

WP Rocket

[local] Saflok - Key Derication Function Exploit

Saflok - Key Derication Function Exploit

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

[remote] TEM Opera Plus FM Family Transmitter 35.45 - XSRF

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

[webapps] Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

[remote] TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

[webapps] Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Wordpress Plugin Canto

[webapps] Moodle 4.3 - Reflected XSS

Moodle 4.3 - Reflected XSS

[remote] Executables Created with perl2exe < V30.10C - Arbitrary Code Execution

Executables Created with perl2exe

[webapps] Zoo Management System 1.0 - Unauthenticated RCE

Zoo Management System 1.0 - Unauthenticated RCE

[webapps] Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

[webapps] dawa-pharma 1.0-2022 - Multiple-SQLi

dawa-pharma 1.0-2022 - Multiple-SQLi

[webapps] Moodle 4.3 - Insecure Direct Object Reference

Moodle 4.3 - Insecure Direct Object Reference

[webapps] Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Automatic-Systems SOC FL9600 FastLine - Directory Transversal

[webapps] SuperStoreFinder - Multiple Vulnerabilities

SuperStoreFinder - Multiple Vulnerabilities

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Wyrestorm Apollo VX20

[webapps] Online Shopping System Advanced - Sql Injection

Online Shopping System Advanced - Sql Injection

[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

comments-like-dislike

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Wyrestorm Apollo VX20

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

Flashcard Quiz App v1.0 - 'card' SQL Injection

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Wyrestorm Apollo VX20

[webapps] taskhub 2.8.7 - SQL Injection

taskhub 2.8.7 - SQL Injection

[remote] FAQ Management System v1.0 - 'faq' SQL Injection

FAQ Management System v1.0 - 'faq' SQL Injection

[remote] Simple Inventory Management System v1.0 - 'email' SQL Injection

Simple Inventory Management System v1.0 - 'email' SQL Injection

[webapps] WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

[webapps] phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit

phpFox

[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

SureMDM On-premise

[webapps] Employee Management System v1 - 'email' SQL Injection

Employee Management System v1 - 'email' SQL Injection

[webapps] JFrog Artifactory < 7.25.4 - Blind SQL Injection

JFrog Artifactory

[local] Microsoft Windows Defender - VBScript Detection Bypass

Microsoft Windows Defender - VBScript Detection Bypass

[webapps] Wondercms 4.3.2 - XSS to RCE

Wondercms 4.3.2 - XSS to RCE

[dos] XAMPP - Buffer Overflow POC

XAMPP - Buffer Overflow POC

[local] Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

[webapps] Metabase 0.46.6 - Pre-Auth Remote Code Execution

Metabase 0.46.6 - Pre-Auth Remote Code Execution

[local] DS Wireless Communication - Remote Code Execution

DS Wireless Communication - Remote Code Execution