[webapps] Rail Pass Management System 1.0 - Time-Based SQL Injection

February 9^th 2024 at 00:00

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit-DB Updates

[webapps] Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

February 9^th 2024 at 00:00

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[webapps] Wordpress 'simple urls' Plugin < 115 - XSS

February 5^th 2024 at 00:00

Wordpress 'simple urls' Plugin

Exploit-DB Updates

[webapps] Curfew e-Pass Management System 1.0 - FromDate SQL Injection

February 5^th 2024 at 00:00

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Exploit-DB Updates

[webapps] GYM MS - GYM Management System - Cross Site Scripting (Stored)

February 5^th 2024 at 00:00

GYM MS - GYM Management System - Cross Site Scripting (Stored)

Exploit-DB Updates

[remote] Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

February 5^th 2024 at 00:00

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

Exploit-DB Updates

[webapps] TASKHUB-2.8.8 - XSS-Reflected

February 5^th 2024 at 00:00

TASKHUB-2.8.8 - XSS-Reflected

Exploit-DB Updates

[webapps] WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

February 5^th 2024 at 00:00

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit-DB Updates

[webapps] MISP 2.4.171 - Stored XSS

February 5^th 2024 at 00:00

MISP 2.4.171 - Stored XSS

Exploit-DB Updates

[webapps] Clinic's Patient Management System 1.0 - Unauthenticated RCE

February 5^th 2024 at 00:00

Clinic's Patient Management System 1.0 - Unauthenticated RCE

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Exploit-DB Updates

[webapps] TP-Link TL-WR740N - UnAuthenticated Directory Transversal

February 2^nd 2024 at 00:00

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Exploit-DB Updates

[webapps] TP-LINK TL-WR740N - Multiple HTML Injection

February 2^nd 2024 at 00:00

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit-DB Updates

[webapps] mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

February 2^nd 2024 at 00:00

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit-DB Updates

[remote] PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

February 2^nd 2024 at 00:00

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploit-DB Updates

[dos] Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Exploit-DB Updates

[webapps] Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

February 2^nd 2024 at 00:00

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Exploit-DB Updates

[remote] WebCatalog 48.4 - Arbitrary Protocol Execution

February 2^nd 2024 at 00:00

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Exploit-DB Updates

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

January 31^st 2024 at 00:00

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit-DB Updates

[remote] RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

January 31^st 2024 at 00:00

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

Exploit-DB Updates

[remote] Proxmox VE - TOTP Brute Force

January 31^st 2024 at 00:00

Proxmox VE - TOTP Brute Force

Exploit-DB Updates

[webapps] 101 News 1.0 - Multiple-SQLi

January 31^st 2024 at 00:00

101 News 1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Academy LMS 6.2 - SQL Injection

January 31^st 2024 at 00:00

Academy LMS 6.2 - SQL Injection

Exploit-DB Updates

[webapps] Academy LMS 6.2 - Reflected XSS

January 31^st 2024 at 00:00

Academy LMS 6.2 - Reflected XSS

Exploit-DB Updates

[webapps] Grocy <=4.0.2 - CSRF

January 31^st 2024 at 00:00

Grocy

Exploit-DB Updates

[remote] Equipment Rental Script-1.0 - SQLi

January 29^th 2024 at 00:00

Equipment Rental Script-1.0 - SQLi

Exploit-DB Updates

[remote] Ricoh Printer - Directory and File Exposure

January 29^th 2024 at 00:00

Ricoh Printer - Directory and File Exposure

Exploit-DB Updates

[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS

January 29^th 2024 at 00:00

Blood Bank & Donor Management System using v2.2 - Stored XSS

Exploit-DB Updates

[webapps] Fundraising Script 1.0 - SQLi

January 29^th 2024 at 00:00

Fundraising Script 1.0 - SQLi

Exploit-DB Updates

[webapps] PHP Shopping Cart 4.2 - Multiple-SQLi

January 29^th 2024 at 00:00

PHP Shopping Cart 4.2 - Multiple-SQLi

Exploit-DB Updates

[local] Typora v1.7.4 - OS Command Injection

January 29^th 2024 at 00:00

Typora v1.7.4 - OS Command Injection

Exploit-DB Updates

[local] 7 Sticky Notes v1.9 - OS Command Injection

January 29^th 2024 at 00:00

7 Sticky Notes v1.9 - OS Command Injection

Exploit-DB Updates

[webapps] Bank Locker Management System - SQL Injection

January 29^th 2024 at 00:00

Bank Locker Management System - SQL Injection

Exploit-DB Updates

[remote] Atcom 2.7.x.x - Authenticated Command Injection

October 9^th 2023 at 00:00

Atcom 2.7.x.x - Authenticated Command Injection

Exploit-DB Updates

[webapps] Shuttle-Booking-Software v1.0 - Multiple-SQLi

October 9^th 2023 at 00:00

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

October 9^th 2023 at 00:00

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Exploit-DB Updates

[webapps] GLPI GZIP(Py3) 9.4.5 - RCE

October 9^th 2023 at 00:00

GLPI GZIP(Py3) 9.4.5 - RCE

Exploit-DB Updates

[webapps] Wordpress Sonaar Music Plugin 4.7 - Stored XSS

October 9^th 2023 at 00:00

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit-DB Updates

[webapps] Limo Booking Software v1.0 - CORS

October 9^th 2023 at 00:00

Limo Booking Software v1.0 - CORS

Exploit-DB Updates

[dos] OpenPLC WebServer 3 - Denial of Service

October 9^th 2023 at 00:00

OpenPLC WebServer 3 - Denial of Service

Exploit-DB Updates

[webapps] Clcknshop 1.0.0 - SQL Injection

October 9^th 2023 at 00:00

Clcknshop 1.0.0 - SQL Injection

Exploit-DB Updates

[dos] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Exploit-DB Updates

[webapps] WEBIGniter v28.7.23 File Upload - Remote Code Execution

October 9^th 2023 at 00:00

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Exploit-DB Updates

[webapps] Online ID Generator 1.0 - Remote Code Execution (RCE)

October 9^th 2023 at 00:00

Online ID Generator 1.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Webedition CMS v2.9.8.8 - Blind SSRF

October 9^th 2023 at 00:00

Webedition CMS v2.9.8.8 - Blind SSRF

Exploit-DB Updates

[webapps] Cacti 1.2.24 - Authenticated command injection when using SNMP options

October 9^th 2023 at 00:00

Cacti 1.2.24 - Authenticated command injection when using SNMP options

Exploit-DB Updates

[webapps] Splunk 9.0.5 - admin account take over

October 9^th 2023 at 00:00

Splunk 9.0.5 - admin account take over

Exploit-DB Updates

[remote] Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

October 9^th 2023 at 00:00

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Media Library Assistant Wordpress Plugin - RCE and LFI

October 9^th 2023 at 00:00

Media Library Assistant Wordpress Plugin - RCE and LFI

Exploit-DB Updates

[local] Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

October 9^th 2023 at 00:00

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)

Exploit-DB Updates

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

Exploit-DB Updates

[webapps] BoidCMS v2.0.0 - authenticated file upload vulnerability

October 9^th 2023 at 00:00

BoidCMS v2.0.0 - authenticated file upload vulnerability

Exploit-DB Updates

[remote] Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

October 9^th 2023 at 00:00

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

Exploit-DB Updates

[webapps] Coppermine Gallery 1.6.25 - RCE

October 9^th 2023 at 00:00

Coppermine Gallery 1.6.25 - RCE

Exploit-DB Updates

[webapps] Minio 2022-07-29T19-40-48Z - Path traversal

October 9^th 2023 at 00:00

Minio 2022-07-29T19-40-48Z - Path traversal

Exploit-DB Updates

[webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure

September 8^th 2023 at 00:00