Exploit-DB Updates

[remote] Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Exploit-DB Updates

[webapps] Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Exploit-DB Updates

[webapps] Teachers Record Management System 1.0 - File Upload Type Validation

Teachers Record Management System 1.0 - File Upload Type Validation

Exploit-DB Updates

[webapps] Online Examination System Project 1.0 - Cross-site request forgery (CSRF)

Online Examination System Project 1.0 - Cross-site request forgery (CSRF)

Exploit-DB Updates

[webapps] Thruk Monitoring Web Interface 3.06 - Path Traversal

Thruk Monitoring Web Interface 3.06 - Path Traversal

Exploit-DB Updates

[webapps] WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit-DB Updates

[local] USB Flash Drives Control 4.1.0.0 - Unquoted Service Path

USB Flash Drives Control 4.1.0.0 - Unquoted Service Path

Exploit-DB Updates

[webapps] Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)

Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)

Exploit-DB Updates

[local] Macro Expert 4.9 - Unquoted Service Path

Macro Expert 4.9 - Unquoted Service Path

Exploit-DB Updates

[webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Exploit-DB Updates

[webapps] MotoCMS Version 3.4.3 - SQL Injection

MotoCMS Version 3.4.3 - SQL Injection

Exploit-DB Updates

[webapps] Total CMS 1.7.4 - Remote Code Execution (RCE)

Total CMS 1.7.4 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible

STARFACE 7.3.0.10 - Authentication with Password Hash Possible

Exploit-DB Updates

[webapps] Rukovoditel 3.3.1 - CSV injection

Rukovoditel 3.3.1 - CSV injection

Exploit-DB Updates

[remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

Exploit-DB Updates

[webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery

Pydio Cells 4.1.2 - Server-Side Request Forgery

Exploit-DB Updates

[webapps] Online Security Guards Hiring System 1.0 - Reflected XSS

Online Security Guards Hiring System 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download

Exploit-DB Updates

[webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

Exploit-DB Updates

[webapps] SCRMS 2023-05-27 1.0 - Multiple SQL Injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

Exploit-DB Updates

[webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments

Pydio Cells 4.1.2 - Unauthorised Role Assignments

Exploit-DB Updates

[webapps] unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

Exploit-DB Updates

[webapps] Faculty Evaluation System 1.0 - Unauthenticated File Upload

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Exploit-DB Updates

[webapps] Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)

Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)

Exploit-DB Updates

[webapps] WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)

WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Exploit-DB Updates

[local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation

Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation

Exploit-DB Updates

[webapps] SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

Exploit-DB Updates

[webapps] Ulicms 2023.1 - create admin user via mass assignment

Ulicms 2023.1 - create admin user via mass assignment

Exploit-DB Updates

[webapps] Zenphoto 1.6 - Multiple stored XSS

Zenphoto 1.6 - Multiple stored XSS

Exploit-DB Updates

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Exploit-DB Updates

[webapps] Service Provider Management System v1.0 - SQL Injection

Service Provider Management System v1.0 - SQL Injection

Exploit-DB Updates

[webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

Exploit-DB Updates

[webapps] eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

Exploit-DB Updates

[webapps] PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] thrsrossi Millhouse-Project 1.414 - Remote Code Execution

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

Exploit-DB Updates

[webapps] WBiz Desk 1.2 - SQL Injection

WBiz Desk 1.2 - SQL Injection

Exploit-DB Updates

[webapps] SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

Exploit-DB Updates

[local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Exploit-DB Updates

[webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[webapps] LeadPro CRM v1.0 - SQL Injection

LeadPro CRM v1.0 - SQL Injection

Exploit-DB Updates

[local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Exploit-DB Updates

[webapps] eScan Management Console 14.0.1400.2281 - Cross Site Scripting

eScan Management Console 14.0.1400.2281 - Cross Site Scripting

Exploit-DB Updates

[webapps] Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Exploit-DB Updates

[webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

Exploit-DB Updates

[webapps] WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

Exploit-DB Updates

[webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Authentication Bypass Account Creation

Screen SFT DAB 600/C - Authentication Bypass Account Creation

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Authentication Bypass Password Change

Screen SFT DAB 600/C - Authentication Bypass Password Change

Exploit-DB Updates

[remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account

Screen SFT DAB 600/C - Authentication Bypass Erase Account

Exploit-DB Updates

[webapps] Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

Exploit-DB Updates

[local] MobileTrans 4.0.11 - Weak Service Privilege Escalation

MobileTrans 4.0.11 - Weak Service Privilege Escalation

Exploit-DB Updates

[webapps] Quicklancer v1.0 - SQL Injection

Quicklancer v1.0 - SQL Injection