[webapps] CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution

CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution

[webapps] elFinder Web file manager Version - 2.1.53 Remote Command Execution

elFinder Web file manager Version - 2.1.53 Remote Command Execution

[webapps] Lot Reservation Management System - Unauthenticated File Disclosure

Lot Reservation Management System - Unauthenticated File Disclosure

[webapps] CVE-2023-50071 - Multiple SQL Injection

CVE-2023-50071 - Multiple SQL Injection

[webapps] Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution

Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution

[webapps] Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

[webapps] kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

kk Star Ratings

[webapps] Neontext Wordpress Plugin - Stored XSS

Neontext Wordpress Plugin - Stored XSS

[remote] TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

[remote] Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

[webapps] Easywall 0.3.1 - Authenticated Remote Command Execution

Easywall 0.3.1 - Authenticated Remote Command Execution

[local] A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

[remote] TPC-110W - Missing Authentication for Critical Function

TPC-110W - Missing Authentication for Critical Function

[remote] Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

[remote] GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

[remote] Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

[local] Windows PowerShell - Event Log Bypass Single Quote Code Execution

Windows PowerShell - Event Log Bypass Single Quote Code Execution

[webapps] Magento ver. 2.4.6 - XSLT Server Side Injection

Magento ver. 2.4.6 - XSLT Server Side Injection

[remote] R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

[remote] Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

[remote] AC Repair and Services System v1.0 - Multiple SQL Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

[remote] Enrollment System v1.0 - SQL Injection

Enrollment System v1.0 - SQL Injection

[remote] Real Estate Management System v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload

[remote] GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

[remote] GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

[remote] Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

[remote] Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

[remote] Petrol Pump Management Software v.1.0 - SQL Injection

Petrol Pump Management Software v.1.0 - SQL Injection

[webapps] Boss Mini 1.4.0 - local file inclusion

Boss Mini 1.4.0 - local file inclusion

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

[webapps] Blood Bank v1.0 - Multiple SQL Injection

Blood Bank v1.0 - Multiple SQL Injection

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

WP Rocket

[local] Saflok - Key Derication Function Exploit

Saflok - Key Derication Function Exploit

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

[remote] TEM Opera Plus FM Family Transmitter 35.45 - XSRF

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

[webapps] Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

[remote] TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

[webapps] Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Wordpress Plugin Canto

[webapps] Moodle 4.3 - Reflected XSS

Moodle 4.3 - Reflected XSS

[remote] Executables Created with perl2exe < V30.10C - Arbitrary Code Execution

Executables Created with perl2exe

[webapps] Zoo Management System 1.0 - Unauthenticated RCE

Zoo Management System 1.0 - Unauthenticated RCE

[webapps] Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

[webapps] dawa-pharma 1.0-2022 - Multiple-SQLi

dawa-pharma 1.0-2022 - Multiple-SQLi

[webapps] Moodle 4.3 - Insecure Direct Object Reference

Moodle 4.3 - Insecure Direct Object Reference

[webapps] Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Automatic-Systems SOC FL9600 FastLine - Directory Transversal

[webapps] SuperStoreFinder - Multiple Vulnerabilities

SuperStoreFinder - Multiple Vulnerabilities

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Wyrestorm Apollo VX20

[webapps] Online Shopping System Advanced - Sql Injection

Online Shopping System Advanced - Sql Injection

[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

comments-like-dislike

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Wyrestorm Apollo VX20

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

Flashcard Quiz App v1.0 - 'card' SQL Injection

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Wyrestorm Apollo VX20

[webapps] taskhub 2.8.7 - SQL Injection

taskhub 2.8.7 - SQL Injection

[remote] FAQ Management System v1.0 - 'faq' SQL Injection

FAQ Management System v1.0 - 'faq' SQL Injection

[remote] Simple Inventory Management System v1.0 - 'email' SQL Injection

Simple Inventory Management System v1.0 - 'email' SQL Injection

[webapps] WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

[webapps] phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit

phpFox

[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

SureMDM On-premise