[remote] R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

March 3^rd 2024 at 00:00

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

Exploit-DB Updates

[remote] Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

March 3^rd 2024 at 00:00

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Exploit-DB Updates

[remote] AC Repair and Services System v1.0 - Multiple SQL Injection

March 3^rd 2024 at 00:00

AC Repair and Services System v1.0 - Multiple SQL Injection

Exploit-DB Updates

[remote] Enrollment System v1.0 - SQL Injection

March 3^rd 2024 at 00:00

Enrollment System v1.0 - SQL Injection

Exploit-DB Updates

[remote] Real Estate Management System v1.0 - Remote Code Execution via File Upload

March 3^rd 2024 at 00:00

Real Estate Management System v1.0 - Remote Code Execution via File Upload

Exploit-DB Updates

[remote] GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

March 3^rd 2024 at 00:00

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

Exploit-DB Updates

[remote] GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

March 3^rd 2024 at 00:00

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

Exploit-DB Updates

[remote] Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

March 3^rd 2024 at 00:00

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

Exploit-DB Updates

[remote] Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

March 3^rd 2024 at 00:00

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Exploit-DB Updates

[remote] Petrol Pump Management Software v.1.0 - SQL Injection

March 3^rd 2024 at 00:00

Petrol Pump Management Software v.1.0 - SQL Injection

Exploit-DB Updates

[webapps] Boss Mini 1.4.0 - local file inclusion

March 3^rd 2024 at 00:00

Boss Mini 1.4.0 - local file inclusion

Exploit-DB Updates

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

February 28^th 2024 at 00:00

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

Exploit-DB Updates

[webapps] Blood Bank v1.0 - Multiple SQL Injection

February 28^th 2024 at 00:00

Blood Bank v1.0 - Multiple SQL Injection

Exploit-DB Updates

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

February 28^th 2024 at 00:00

WP Rocket

Exploit-DB Updates

[local] Saflok - Key Derication Function Exploit

February 28^th 2024 at 00:00

Saflok - Key Derication Function Exploit

Exploit-DB Updates

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

February 28^th 2024 at 00:00

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

Exploit-DB Updates

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

February 28^th 2024 at 00:00

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - XSRF

February 27^th 2024 at 00:00

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

Exploit-DB Updates

[webapps] Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

February 27^th 2024 at 00:00

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

February 27^th 2024 at 00:00

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

Exploit-DB Updates

[webapps] Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

February 27^th 2024 at 00:00

Wordpress Plugin Canto

Exploit-DB Updates

[webapps] Moodle 4.3 - Reflected XSS

February 27^th 2024 at 00:00

Moodle 4.3 - Reflected XSS

Exploit-DB Updates

[remote] Executables Created with perl2exe < V30.10C - Arbitrary Code Execution

February 27^th 2024 at 00:00

Executables Created with perl2exe

Exploit-DB Updates

[webapps] Zoo Management System 1.0 - Unauthenticated RCE

February 27^th 2024 at 00:00

Zoo Management System 1.0 - Unauthenticated RCE

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

February 27^th 2024 at 00:00

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit-DB Updates

[webapps] dawa-pharma 1.0-2022 - Multiple-SQLi

February 27^th 2024 at 00:00

dawa-pharma 1.0-2022 - Multiple-SQLi

Exploit-DB Updates

[webapps] Moodle 4.3 - Insecure Direct Object Reference

February 27^th 2024 at 00:00

Moodle 4.3 - Insecure Direct Object Reference

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - Directory Transversal

February 27^th 2024 at 00:00

Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Exploit-DB Updates

[webapps] SuperStoreFinder - Multiple Vulnerabilities

February 27^th 2024 at 00:00

SuperStoreFinder - Multiple Vulnerabilities

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

February 26^th 2024 at 00:00

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] Online Shopping System Advanced - Sql Injection

February 26^th 2024 at 00:00

Online Shopping System Advanced - Sql Injection

Exploit-DB Updates

[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

February 26^th 2024 at 00:00

comments-like-dislike

Exploit-DB Updates

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

February 26^th 2024 at 00:00

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Exploit-DB Updates

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

February 26^th 2024 at 00:00

Wyrestorm Apollo VX20

Exploit-DB Updates

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

February 26^th 2024 at 00:00

Flashcard Quiz App v1.0 - 'card' SQL Injection

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

February 26^th 2024 at 00:00

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] taskhub 2.8.7 - SQL Injection

February 26^th 2024 at 00:00

taskhub 2.8.7 - SQL Injection

Exploit-DB Updates

[remote] FAQ Management System v1.0 - 'faq' SQL Injection

February 26^th 2024 at 00:00

FAQ Management System v1.0 - 'faq' SQL Injection

Exploit-DB Updates

[remote] Simple Inventory Management System v1.0 - 'email' SQL Injection

February 26^th 2024 at 00:00

Simple Inventory Management System v1.0 - 'email' SQL Injection

Exploit-DB Updates

[webapps] WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

February 21^st 2024 at 00:00

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit

February 19^th 2024 at 00:00

phpFox

Exploit-DB Updates

[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

February 19^th 2024 at 00:00

SureMDM On-premise

Exploit-DB Updates

[webapps] Employee Management System v1 - 'email' SQL Injection

February 19^th 2024 at 00:00

Employee Management System v1 - 'email' SQL Injection

Exploit-DB Updates

[webapps] JFrog Artifactory < 7.25.4 - Blind SQL Injection

February 19^th 2024 at 00:00

JFrog Artifactory

Exploit-DB Updates

[local] Microsoft Windows Defender - VBScript Detection Bypass

February 19^th 2024 at 00:00

Microsoft Windows Defender - VBScript Detection Bypass

Exploit-DB Updates

[webapps] Wondercms 4.3.2 - XSS to RCE

February 19^th 2024 at 00:00

Wondercms 4.3.2 - XSS to RCE

Exploit-DB Updates

[dos] XAMPP - Buffer Overflow POC

February 19^th 2024 at 00:00

XAMPP - Buffer Overflow POC

Exploit-DB Updates

[local] Microsoft Windows Defender Bypass - Detection Mitigation Bypass

February 19^th 2024 at 00:00

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Exploit-DB Updates

[webapps] Metabase 0.46.6 - Pre-Auth Remote Code Execution

February 15^th 2024 at 00:00

Metabase 0.46.6 - Pre-Auth Remote Code Execution

Exploit-DB Updates

[local] DS Wireless Communication - Remote Code Execution

February 15^th 2024 at 00:00

DS Wireless Communication - Remote Code Execution

Exploit-DB Updates

[webapps] SISQUALWFM 7.1.319.103 - Host Header Injection

February 15^th 2024 at 00:00

SISQUALWFM 7.1.319.103 - Host Header Injection

Exploit-DB Updates

[webapps] Splunk 9.0.4 - Information Disclosure

February 13^th 2024 at 00:00

Splunk 9.0.4 - Information Disclosure

Exploit-DB Updates

[webapps] ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure

February 13^th 2024 at 00:00

ManageEngine ADManager Plus Build

Exploit-DB Updates

[webapps] Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

February 13^th 2024 at 00:00

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over

Exploit-DB Updates

[dos] VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

February 13^th 2024 at 00:00

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

Exploit-DB Updates

[webapps] Wordpress Seotheme - Remote Code Execution Unauthenticated

February 9^th 2024 at 00:00

Wordpress Seotheme - Remote Code Execution Unauthenticated

Exploit-DB Updates

[webapps] Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

February 9^th 2024 at 00:00

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit-DB Updates

[dos] Elasticsearch - StackOverflow DoS

February 9^th 2024 at 00:00

Elasticsearch - StackOverflow DoS

Exploit-DB Updates

[webapps] Online Nurse Hiring System 1.0 - Time-Based SQL Injection

February 9^th 2024 at 00:00

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Exploit-DB Updates

[remote] Zyxel zysh - Format string

February 9^th 2024 at 00:00

Zyxel zysh - Format string