[remote] Atcom 2.7.x.x - Authenticated Command Injection

October 9^th 2023 at 00:00

Atcom 2.7.x.x - Authenticated Command Injection

Exploit-DB Updates

[webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi

October 9^th 2023 at 00:00

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

October 9^th 2023 at 00:00

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Exploit-DB Updates

[webapps] GLPI GZIP(Py3) 9.4.5 - RCE

October 9^th 2023 at 00:00

GLPI GZIP(Py3) 9.4.5 - RCE

Exploit-DB Updates

[webapps] Wordpress Sonaar Music Plugin 4.7 - Stored XSS

October 9^th 2023 at 00:00

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit-DB Updates

[webapps] Limo Booking Software v1.0 - CORS

October 9^th 2023 at 00:00

Limo Booking Software v1.0 - CORS

Exploit-DB Updates

[dos] OpenPLC WebServer 3 - Denial of Service

October 9^th 2023 at 00:00

OpenPLC WebServer 3 - Denial of Service

Exploit-DB Updates

[webapps] Clcknshop 1.0.0 - SQL Injection

October 9^th 2023 at 00:00

Clcknshop 1.0.0 - SQL Injection

Exploit-DB Updates

[dos] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Exploit-DB Updates

[webapps] WEBIGniter v28.7.23 File Upload - Remote Code Execution

October 9^th 2023 at 00:00

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Exploit-DB Updates

[webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)

October 9^th 2023 at 00:00

Online ID Generator 1.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Webedition CMS v2.9.8.8 - Blind SSRF

October 9^th 2023 at 00:00

Webedition CMS v2.9.8.8 - Blind SSRF

Exploit-DB Updates

[webapps] Cacti 1.2.24 - Authenticated command injection when using SNMP options

October 9^th 2023 at 00:00

Cacti 1.2.24 - Authenticated command injection when using SNMP options

Exploit-DB Updates

[webapps] Splunk 9.0.5 - admin account take over

October 9^th 2023 at 00:00

Splunk 9.0.5 - admin account take over

Exploit-DB Updates

[remote] Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

October 9^th 2023 at 00:00

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Media Library Assistant Wordpress Plugin - RCE and LFI

October 9^th 2023 at 00:00

Media Library Assistant Wordpress Plugin - RCE and LFI

Exploit-DB Updates

[local] Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

October 9^th 2023 at 00:00

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

Exploit-DB Updates

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

Exploit-DB Updates

[webapps] BoidCMS v2.0.0 - authenticated file upload vulnerability

October 9^th 2023 at 00:00

BoidCMS v2.0.0 - authenticated file upload vulnerability

Exploit-DB Updates

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

Exploit-DB Updates

[webapps] Coppermine Gallery 1.6.25 - RCE

October 9^th 2023 at 00:00

Coppermine Gallery 1.6.25 - RCE

Exploit-DB Updates

[webapps] Minio 2022-07-29T19-40-48Z - Path traversal

October 9^th 2023 at 00:00

Minio 2022-07-29T19-40-48Z - Path traversal

Exploit-DB Updates

[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

September 8^th 2023 at 00:00

Exploit-DB Updates

[remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

September 8^th 2023 at 00:00

GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

September 8^th 2023 at 00:00

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Exploit-DB Updates

[local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

September 8^th 2023 at 00:00

GOM Player 2.3.90.5360 - Buffer Overflow (PoC)

Exploit-DB Updates

[webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection

September 8^th 2023 at 00:00

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Exploit-DB Updates

[webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS

September 8^th 2023 at 00:00

Axigen

Exploit-DB Updates

[webapps] Wp2Fac - OS Command Injection

September 8^th 2023 at 00:00

Wp2Fac - OS Command Injection

Exploit-DB Updates

[remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

September 8^th 2023 at 00:00

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Exploit-DB Updates

[dos] SyncBreeze 15.2.24 - 'login' Denial of Service

September 8^th 2023 at 00:00

SyncBreeze 15.2.24 - 'login' Denial of Service

Exploit-DB Updates

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

September 8^th 2023 at 00:00

SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection

Exploit-DB Updates

[webapps] soosyze 2.0.0 - File Upload

September 8^th 2023 at 00:00

soosyze 2.0.0 - File Upload

Exploit-DB Updates

[webapps] Academy LMS 6.1 - Arbitrary File Upload

September 4^th 2023 at 00:00

Academy LMS 6.1 - Arbitrary File Upload

Exploit-DB Updates

[local] Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

September 4^th 2023 at 00:00

Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow

Exploit-DB Updates

[webapps] DLINK DPH-400SE - Exposure of Sensitive Information

September 4^th 2023 at 00:00

DLINK DPH-400SE - Exposure of Sensitive Information

Exploit-DB Updates

[webapps] Bus Reservation System 1.1 - Multiple-SQLi

September 4^th 2023 at 00:00

Bus Reservation System 1.1 - Multiple-SQLi

Exploit-DB Updates

[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

September 4^th 2023 at 00:00

CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )

Exploit-DB Updates

[local] Kingo ROOT 1.5.8 - Unquoted Service Path

September 4^th 2023 at 00:00

Kingo ROOT 1.5.8 - Unquoted Service Path

Exploit-DB Updates

[remote] Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

September 4^th 2023 at 00:00

Ivanti Avalanche

Exploit-DB Updates

[webapps] Hyip Rio 2.1 - Arbitrary File Upload

September 4^th 2023 at 00:00

Hyip Rio 2.1 - Arbitrary File Upload

Exploit-DB Updates

[webapps] Blood Donor Management System v1.0 - Stored XSS

September 4^th 2023 at 00:00

Blood Donor Management System v1.0 - Stored XSS

Exploit-DB Updates

[webapps] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

September 4^th 2023 at 00:00

SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS

Exploit-DB Updates

[webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

September 4^th 2023 at 00:00

CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')

Exploit-DB Updates

[webapps] FileMage Gateway 1.10.9 - Local File Inclusion

September 4^th 2023 at 00:00

FileMage Gateway 1.10.9 - Local File Inclusion

Exploit-DB Updates

[local] NVClient v5.0 - Stack Buffer Overflow (DoS)

September 4^th 2023 at 00:00

NVClient v5.0 - Stack Buffer Overflow (DoS)

Exploit-DB Updates

[webapps] WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

September 4^th 2023 at 00:00

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Exploit-DB Updates

[webapps] Credit Lite 1.5.4 - SQL Injection

September 4^th 2023 at 00:00

Credit Lite 1.5.4 - SQL Injection

Exploit-DB Updates

[webapps] AdminLTE PiHole 5.18 - Broken Access Control

September 4^th 2023 at 00:00

AdminLTE PiHole 5.18 - Broken Access Control

Exploit-DB Updates

[webapps] Member Login Script 3.3 - Client-side desync

September 4^th 2023 at 00:00

Member Login Script 3.3 - Client-side desync

Exploit-DB Updates

[webapps] Uvdesk 1.1.4 - Stored XSS (Authenticated)

August 24^th 2023 at 00:00

Uvdesk 1.1.4 - Stored XSS (Authenticated)

Exploit-DB Updates

[webapps] User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

August 24^th 2023 at 00:00

User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)

Exploit-DB Updates

[webapps] User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

August 24^th 2023 at 00:00

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

August 21^st 2023 at 00:00

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Exploit-DB Updates

[webapps] Dolibarr Version 17.0.1 - Stored XSS

August 21^st 2023 at 00:00

Dolibarr Version 17.0.1 - Stored XSS

Exploit-DB Updates

[webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

August 21^st 2023 at 00:00

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Exploit-DB Updates

[webapps] Global - Multi School Management System Express v1.0- SQL Injection

August 21^st 2023 at 00:00

Global - Multi School Management System Express v1.0- SQL Injection

Exploit-DB Updates

[webapps] OVOO Movie Portal CMS v3.3.3 - SQL Injection

August 21^st 2023 at 00:00

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit-DB Updates

[remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

August 21^st 2023 at 00:00

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

Exploit-DB Updates

[remote] EuroTel ETL3100 - Transmitter Default Credentials

August 21^st 2023 at 00:00

EuroTel ETL3100 - Transmitter Default Credentials