[remote] Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)

[local] KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

[remote] JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)

JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)

[remote] Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)

Honeywell PM43

[local] KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow

KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow

[remote] GitLab CE/EE < 16.7.2 - Password Reset

GitLab CE/EE

[remote] Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)

Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)

[local] KiTTY 0.76.1.13 - Command Injection

KiTTY 0.76.1.13 - Command Injection

[remote] SolarView Compact 6.00 - Command Injection

SolarView Compact 6.00 - Command Injection

[remote] VMware Cloud Director 10.5 - Bypass identity verification

VMware Cloud Director 10.5 - Bypass identity verification

[webapps] OSGi v3.8-3.18 Console - RCE

OSGi v3.8-3.18 Console - RCE

[webapps] SnipeIT 6.2.1 - Stored Cross Site Scripting

SnipeIT 6.2.1 - Stored Cross Site Scripting

[webapps] Client Details System 1.0 - SQL Injection

Client Details System 1.0 - SQL Injection

[webapps] OSGi v3.7.2 (and below) Console - RCE

OSGi v3.7.2 (and below) Console - RCE

[webapps] Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE

Cisco Firepower Management Center

[webapps] Human Resource Management System 1.0 - 'employeeid' SQL Injection

Human Resource Management System 1.0 - 'employeeid' SQL Injection

[webapps] Sitecore - Remote Code Execution v8.2

Sitecore - Remote Code Execution v8.2

[webapps] WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

WordPress Plugin Duplicator

[local] Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

[webapps] Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore

[webapps] Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read

[webapps] DataCube3 v1.0 - Unrestricted file upload 'RCE'

DataCube3 v1.0 - Unrestricted file upload 'RCE'

[webapps] Ladder v0.0.21 - Server-side request forgery (SSRF)

Ladder v0.0.21 - Server-side request forgery (SSRF)

[webapps] Akaunting < 3.1.3 - RCE

Akaunting

[webapps] Numbas < v7.3 - Remote Code Execution

Numbas

[webapps] Hide My WP < 6.2.9 - Unauthenticated SQLi

Hide My WP

[webapps] TP-Link TL-WR740N - Buffer Overflow 'DOS'

TP-Link TL-WR740N - Buffer Overflow 'DOS'

[webapps] GLiNet - Router Authentication Bypass

GLiNet - Router Authentication Bypass

[webapps] CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution

CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution

[webapps] elFinder Web file manager Version - 2.1.53 Remote Command Execution

elFinder Web file manager Version - 2.1.53 Remote Command Execution

[webapps] Lot Reservation Management System - Unauthenticated File Disclosure

Lot Reservation Management System - Unauthenticated File Disclosure

[webapps] CVE-2023-50071 - Multiple SQL Injection

CVE-2023-50071 - Multiple SQL Injection

[webapps] Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution

Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution

[webapps] Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

[webapps] kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

kk Star Ratings

[webapps] Neontext Wordpress Plugin - Stored XSS

Neontext Wordpress Plugin - Stored XSS

[remote] TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

[remote] Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

[webapps] Easywall 0.3.1 - Authenticated Remote Command Execution

Easywall 0.3.1 - Authenticated Remote Command Execution

[local] A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

[remote] TPC-110W - Missing Authentication for Critical Function

TPC-110W - Missing Authentication for Critical Function

[remote] Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

[remote] GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

[remote] Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

[local] Windows PowerShell - Event Log Bypass Single Quote Code Execution

Windows PowerShell - Event Log Bypass Single Quote Code Execution

[webapps] Magento ver. 2.4.6 - XSLT Server Side Injection

Magento ver. 2.4.6 - XSLT Server Side Injection

[remote] R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

[remote] Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

[remote] AC Repair and Services System v1.0 - Multiple SQL Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

[remote] Enrollment System v1.0 - SQL Injection

Enrollment System v1.0 - SQL Injection

[remote] Real Estate Management System v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload

[remote] GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

[remote] GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

[remote] Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

[remote] Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

[remote] Petrol Pump Management Software v.1.0 - SQL Injection

Petrol Pump Management Software v.1.0 - SQL Injection

[webapps] Boss Mini 1.4.0 - local file inclusion

Boss Mini 1.4.0 - local file inclusion

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

[webapps] Blood Bank v1.0 - Multiple SQL Injection

Blood Bank v1.0 - Multiple SQL Injection

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

WP Rocket