[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

September 4^th 2023 at 00:00

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

Exploit-DB Updates

[local] Kingo ROOT 1.5.8 - Unquoted Service Path

September 4^th 2023 at 00:00

Kingo ROOT 1.5.8 - Unquoted Service Path

Exploit-DB Updates

[remote] Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

September 4^th 2023 at 00:00

Ivanti Avalanche

Exploit-DB Updates

[webapps] Hyip Rio 2.1 - Arbitrary File Upload

September 4^th 2023 at 00:00

Hyip Rio 2.1 - Arbitrary File Upload

Exploit-DB Updates

[webapps] Blood Donor Management System v1.0 - Stored XSS

September 4^th 2023 at 00:00

Blood Donor Management System v1.0 - Stored XSS

Exploit-DB Updates

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

September 4^th 2023 at 00:00

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

Exploit-DB Updates

[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

September 4^th 2023 at 00:00

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Exploit-DB Updates

[webapps] FileMage Gateway 1.10.9 - Local File Inclusion

September 4^th 2023 at 00:00

FileMage Gateway 1.10.9 - Local File Inclusion

Exploit-DB Updates

[local] NVClient v5.0 - Stack Buffer Overflow (DoS)

September 4^th 2023 at 00:00

NVClient v5.0 - Stack Buffer Overflow (DoS)

Exploit-DB Updates

[webapps] WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

September 4^th 2023 at 00:00

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Exploit-DB Updates

[webapps] Credit Lite 1.5.4 - SQL Injection

September 4^th 2023 at 00:00

Credit Lite 1.5.4 - SQL Injection

Exploit-DB Updates

[webapps] AdminLTE PiHole 5.18 - Broken Access Control

September 4^th 2023 at 00:00

AdminLTE PiHole 5.18 - Broken Access Control

Exploit-DB Updates

[webapps] Member Login Script 3.3 - Client-side desync

September 4^th 2023 at 00:00

Member Login Script 3.3 - Client-side desync

Exploit-DB Updates

[webapps] Uvdesk 1.1.4 - Stored XSS (Authenticated)

August 24^th 2023 at 00:00

Uvdesk 1.1.4 - Stored XSS (Authenticated)

Exploit-DB Updates

[webapps] User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

August 24^th 2023 at 00:00

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

Exploit-DB Updates

[webapps] User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

August 24^th 2023 at 00:00

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

August 21^st 2023 at 00:00

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Exploit-DB Updates

[webapps] Dolibarr Version 17.0.1 - Stored XSS

August 21^st 2023 at 00:00

Dolibarr Version 17.0.1 - Stored XSS

Exploit-DB Updates

[webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

August 21^st 2023 at 00:00

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Exploit-DB Updates

[webapps] Global - Multi School Management System Express v1.0- SQL Injection

August 21^st 2023 at 00:00

Global - Multi School Management System Express v1.0- SQL Injection

Exploit-DB Updates

[webapps] OVOO Movie Portal CMS v3.3.3 - SQL Injection

August 21^st 2023 at 00:00

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit-DB Updates

[remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

August 21^st 2023 at 00:00

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

Exploit-DB Updates

[remote] EuroTel ETL3100 - Transmitter Default Credentials

August 21^st 2023 at 00:00

EuroTel ETL3100 - Transmitter Default Credentials

Exploit-DB Updates

[webapps] Color Prediction Game v1.0 - SQL Injection

August 21^st 2023 at 00:00

Color Prediction Game v1.0 - SQL Injection

Exploit-DB Updates

[webapps] Taskhub CRM Tool 2.8.6 - SQL Injection

August 21^st 2023 at 00:00

Taskhub CRM Tool 2.8.6 - SQL Injection

Exploit-DB Updates

[remote] EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

August 21^st 2023 at 00:00

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

Exploit-DB Updates

[webapps] Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

August 21^st 2023 at 00:00

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Exploit-DB Updates

[local] Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

August 21^st 2023 at 00:00

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Exploit-DB Updates

[remote] TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

August 21^st 2023 at 00:00

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

Exploit-DB Updates

[remote] EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

August 21^st 2023 at 00:00

EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Exploit-DB Updates

[webapps] Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

August 10^th 2023 at 00:00

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Exploit-DB Updates

[local] OutSystems Service Studio 11.53.30 - DLL Hijacking

August 10^th 2023 at 00:00

OutSystems Service Studio 11.53.30 - DLL Hijacking

Exploit-DB Updates

[remote] TP-Link Archer AX21 - Unauthenticated Command Injection

August 10^th 2023 at 00:00

TP-Link Archer AX21 - Unauthenticated Command Injection

Exploit-DB Updates

[webapps] Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

August 10^th 2023 at 00:00

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)

Exploit-DB Updates

[local] systemd 246 - Local Privilege Escalation

August 10^th 2023 at 00:00

systemd 246 - Local Privilege Escalation

Exploit-DB Updates

[webapps] PHPJabbers Vacation Rental Script 4.0 - CSRF

August 8^th 2023 at 00:00

PHPJabbers Vacation Rental Script 4.0 - CSRF

Exploit-DB Updates

[webapps] Social-Commerce 3.1.6 - Reflected XSS

August 8^th 2023 at 00:00

Social-Commerce 3.1.6 - Reflected XSS

Exploit-DB Updates

[webapps] Emagic Data Center Management Suite v6.0 - OS Command Injection

August 8^th 2023 at 00:00

Emagic Data Center Management Suite v6.0 - OS Command Injection

Exploit-DB Updates

[webapps] mooSocial 3.1.8 - Reflected XSS

August 8^th 2023 at 00:00

mooSocial 3.1.8 - Reflected XSS

Exploit-DB Updates

[webapps] Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

August 8^th 2023 at 00:00

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit-DB Updates

[webapps] Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

August 8^th 2023 at 00:00

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure

Exploit-DB Updates

[webapps] Lucee 5.4.2.17 - Authenticated Reflected XSS

August 8^th 2023 at 00:00

Lucee 5.4.2.17 - Authenticated Reflected XSS

Exploit-DB Updates

[webapps] JLex GuestBook 1.6.4 - Reflected XSS

August 4^th 2023 at 00:00

JLex GuestBook 1.6.4 - Reflected XSS

Exploit-DB Updates

[webapps] Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

August 4^th 2023 at 00:00

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Exploit-DB Updates

[webapps] Webedition CMS v2.9.8.8 - Stored XSS

August 4^th 2023 at 00:00

Webedition CMS v2.9.8.8 - Stored XSS

Exploit-DB Updates

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

August 4^th 2023 at 00:00

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Exploit-DB Updates

[webapps] WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

August 4^th 2023 at 00:00

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Exploit-DB Updates

[dos] Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

August 4^th 2023 at 00:00

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Exploit-DB Updates

[webapps] Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

August 4^th 2023 at 00:00

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] WordPress adivaha Travel Plugin 2.3 - SQL Injection

August 4^th 2023 at 00:00

WordPress adivaha Travel Plugin 2.3 - SQL Injection

Exploit-DB Updates

[webapps] PHPJabbers Night Club Booking 1.0 - Reflected XSS

August 4^th 2023 at 00:00

PHPJabbers Night Club Booking 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] Joomla JLex Review 6.0.1 - Reflected XSS

August 4^th 2023 at 00:00

Joomla JLex Review 6.0.1 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Taxi Booking 2.0 - Reflected XSS

August 4^th 2023 at 00:00

PHPJabbers Taxi Booking 2.0 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Service Booking Script 1.0 - Reflected XSS

August 4^th 2023 at 00:00

PHPJabbers Service Booking Script 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

August 4^th 2023 at 00:00

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

Exploit-DB Updates

[webapps] Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

August 4^th 2023 at 00:00

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit-DB Updates

[webapps] PHPJabbers Rental Property Booking 2.0 - Reflected XSS

August 4^th 2023 at 00:00

PHPJabbers Rental Property Booking 2.0 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

August 4^th 2023 at 00:00

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

Exploit-DB Updates

[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

August 4^th 2023 at 00:00

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Academy LMS 6.0 - Reflected XSS

August 4^th 2023 at 00:00

Academy LMS 6.0 - Reflected XSS