[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

February 26^th 2024 at 00:00

comments-like-dislike

Exploit-DB Updates

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

February 26^th 2024 at 00:00

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Exploit-DB Updates

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

February 26^th 2024 at 00:00

Wyrestorm Apollo VX20

Exploit-DB Updates

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

February 26^th 2024 at 00:00

Flashcard Quiz App v1.0 - 'card' SQL Injection

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

February 26^th 2024 at 00:00

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] taskhub 2.8.7 - SQL Injection

February 26^th 2024 at 00:00

taskhub 2.8.7 - SQL Injection

Exploit-DB Updates

[remote] FAQ Management System v1.0 - 'faq' SQL Injection

February 26^th 2024 at 00:00

FAQ Management System v1.0 - 'faq' SQL Injection

Exploit-DB Updates

[remote] Simple Inventory Management System v1.0 - 'email' SQL Injection

February 26^th 2024 at 00:00

Simple Inventory Management System v1.0 - 'email' SQL Injection

Exploit-DB Updates

[webapps] WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

February 21^st 2024 at 00:00

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit

February 19^th 2024 at 00:00

phpFox

Exploit-DB Updates

[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

February 19^th 2024 at 00:00

SureMDM On-premise

Exploit-DB Updates

[webapps] Employee Management System v1 - 'email' SQL Injection

February 19^th 2024 at 00:00

Employee Management System v1 - 'email' SQL Injection

Exploit-DB Updates

[webapps] JFrog Artifactory < 7.25.4 - Blind SQL Injection

February 19^th 2024 at 00:00

JFrog Artifactory

Exploit-DB Updates

[local] Microsoft Windows Defender - VBScript Detection Bypass

February 19^th 2024 at 00:00

Microsoft Windows Defender - VBScript Detection Bypass

Exploit-DB Updates

[webapps] Wondercms 4.3.2 - XSS to RCE

February 19^th 2024 at 00:00

Wondercms 4.3.2 - XSS to RCE

Exploit-DB Updates

[dos] XAMPP - Buffer Overflow POC

February 19^th 2024 at 00:00

XAMPP - Buffer Overflow POC

Exploit-DB Updates

[local] Microsoft Windows Defender Bypass - Detection Mitigation Bypass

February 19^th 2024 at 00:00

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Exploit-DB Updates

[webapps] Metabase 0.46.6 - Pre-Auth Remote Code Execution

February 15^th 2024 at 00:00

Metabase 0.46.6 - Pre-Auth Remote Code Execution

Exploit-DB Updates

[local] DS Wireless Communication - Remote Code Execution

February 15^th 2024 at 00:00

DS Wireless Communication - Remote Code Execution

Exploit-DB Updates

[webapps] SISQUALWFM 7.1.319.103 - Host Header Injection

February 15^th 2024 at 00:00

SISQUALWFM 7.1.319.103 - Host Header Injection

Exploit-DB Updates

[webapps] Splunk 9.0.4 - Information Disclosure

February 13^th 2024 at 00:00

Splunk 9.0.4 - Information Disclosure

Exploit-DB Updates

[webapps] ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure

February 13^th 2024 at 00:00

ManageEngine ADManager Plus Build

Exploit-DB Updates

[webapps] Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

February 13^th 2024 at 00:00

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Exploit-DB Updates

[dos] VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

February 13^th 2024 at 00:00

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

Exploit-DB Updates

[webapps] Wordpress Seotheme - Remote Code Execution Unauthenticated

February 9^th 2024 at 00:00

Wordpress Seotheme - Remote Code Execution Unauthenticated

Exploit-DB Updates

[webapps] Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

February 9^th 2024 at 00:00

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit-DB Updates

[dos] Elasticsearch - StackOverflow DoS

February 9^th 2024 at 00:00

Elasticsearch - StackOverflow DoS

Exploit-DB Updates

[webapps] Online Nurse Hiring System 1.0 - Time-Based SQL Injection

February 9^th 2024 at 00:00

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Exploit-DB Updates

[remote] Zyxel zysh - Format string

February 9^th 2024 at 00:00

Zyxel zysh - Format string

Exploit-DB Updates

[webapps] Rail Pass Management System 1.0 - Time-Based SQL Injection

February 9^th 2024 at 00:00

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit-DB Updates

[webapps] Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

February 9^th 2024 at 00:00

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[webapps] Wordpress 'simple urls' Plugin < 115 - XSS

February 5^th 2024 at 00:00

Wordpress 'simple urls' Plugin

Exploit-DB Updates

[webapps] Curfew e-Pass Management System 1.0 - FromDate SQL Injection

February 5^th 2024 at 00:00

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Exploit-DB Updates

[webapps] GYM MS - GYM Management System - Cross Site Scripting (Stored)

February 5^th 2024 at 00:00

GYM MS - GYM Management System - Cross Site Scripting (Stored)

Exploit-DB Updates

[remote] Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

February 5^th 2024 at 00:00

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

Exploit-DB Updates

[webapps] TASKHUB-2.8.8 - XSS-Reflected

February 5^th 2024 at 00:00

TASKHUB-2.8.8 - XSS-Reflected

Exploit-DB Updates

[webapps] WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

February 5^th 2024 at 00:00

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit-DB Updates

[webapps] MISP 2.4.171 - Stored XSS

February 5^th 2024 at 00:00

MISP 2.4.171 - Stored XSS

Exploit-DB Updates

[webapps] Clinic's Patient Management System 1.0 - Unauthenticated RCE

February 5^th 2024 at 00:00

Clinic's Patient Management System 1.0 - Unauthenticated RCE

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Exploit-DB Updates

[webapps] TP-Link TL-WR740N - UnAuthenticated Directory Transversal

February 2^nd 2024 at 00:00

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Exploit-DB Updates

[webapps] TP-LINK TL-WR740N - Multiple HTML Injection

February 2^nd 2024 at 00:00

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit-DB Updates

[webapps] mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

February 2^nd 2024 at 00:00

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit-DB Updates

[remote] PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

February 2^nd 2024 at 00:00

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploit-DB Updates

[dos] Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Exploit-DB Updates

[webapps] Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

February 2^nd 2024 at 00:00

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Exploit-DB Updates

[remote] WebCatalog 48.4 - Arbitrary Protocol Execution

February 2^nd 2024 at 00:00

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit-DB Updates

[webapps] Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

February 2^nd 2024 at 00:00

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Exploit-DB Updates

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

January 31^st 2024 at 00:00

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit-DB Updates

[remote] RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

January 31^st 2024 at 00:00

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

Exploit-DB Updates

[remote] Proxmox VE - TOTP Brute Force

January 31^st 2024 at 00:00

Proxmox VE - TOTP Brute Force

Exploit-DB Updates

[webapps] 101 News 1.0 - Multiple-SQLi

January 31^st 2024 at 00:00

101 News 1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Academy LMS 6.2 - SQL Injection

January 31^st 2024 at 00:00

Academy LMS 6.2 - SQL Injection

Exploit-DB Updates

[webapps] Academy LMS 6.2 - Reflected XSS

January 31^st 2024 at 00:00

Academy LMS 6.2 - Reflected XSS

Exploit-DB Updates

[webapps] Grocy <=4.0.2 - CSRF

January 31^st 2024 at 00:00

Grocy

Exploit-DB Updates

[remote] Equipment Rental Script-1.0 - SQLi

January 29^th 2024 at 00:00

Equipment Rental Script-1.0 - SQLi

Exploit-DB Updates

[remote] Ricoh Printer - Directory and File Exposure

January 29^th 2024 at 00:00

Ricoh Printer - Directory and File Exposure