[webapps] E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

April 2^nd 2024 at 00:00

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Gibbon LMS v26.0.00 - SSTI vulnerability

April 2^nd 2024 at 00:00

Gibbon LMS v26.0.00 - SSTI vulnerability

Exploit-DB Updates

[webapps] Smart School 6.4.1 - SQL Injection

April 2^nd 2024 at 00:00

Smart School 6.4.1 - SQL Injection

Exploit-DB Updates

[webapps] Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

April 2^nd 2024 at 00:00

Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

Exploit-DB Updates

[webapps] Casdoor < v1.331.0 - '/api/set-password' CSRF

April 2^nd 2024 at 00:00

Casdoor

Exploit-DB Updates

[webapps] Daily Habit Tracker 1.0 - SQL Injection

April 2^nd 2024 at 00:00

Daily Habit Tracker 1.0 - SQL Injection

Exploit-DB Updates

[local] ASUS Control Center Express 01.06.15 - Unquoted Service Path

April 2^nd 2024 at 00:00

ASUS Control Center Express 01.06.15 - Unquoted Service Path

Exploit-DB Updates

[webapps] Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

April 2^nd 2024 at 00:00

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi

April 2^nd 2024 at 00:00

OpenCart Core 4.0.2.3 - 'search' SQLi

Exploit-DB Updates

[webapps] FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

April 2^nd 2024 at 00:00

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit-DB Updates

[local] Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

April 2^nd 2024 at 00:00

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Exploit-DB Updates

[local] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

April 2^nd 2024 at 00:00

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Exploit-DB Updates

[local] Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

April 2^nd 2024 at 00:00

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

Exploit-DB Updates

[webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

April 2^nd 2024 at 00:00

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Exploit-DB Updates

[webapps] Axigen < 10.5.7 - Persistent Cross-Site Scripting

April 2^nd 2024 at 00:00

Axigen

Exploit-DB Updates

[webapps] Elementor Website Builder < 3.12.2 - Admin+ SQLi

April 2^nd 2024 at 00:00

Elementor Website Builder

Exploit-DB Updates

[remote] GL-iNet MT6000 4.5.5 - Arbitrary File Download

April 2^nd 2024 at 00:00

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Exploit-DB Updates

[webapps] Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

April 2^nd 2024 at 00:00

Wordpress Plugin - Membership For WooCommerce

Exploit-DB Updates

[webapps] Daily Habit Tracker 1.0 - Broken Access Control

April 2^nd 2024 at 00:00

Daily Habit Tracker 1.0 - Broken Access Control

Exploit-DB Updates

[webapps] LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

April 2^nd 2024 at 00:00

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[remote] Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

March 28^th 2024 at 00:00

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Exploit-DB Updates

[local] Dell Security Management Server <1.9.0 - Local Privilege Escalation

March 28^th 2024 at 00:00

Dell Security Management Server

Exploit-DB Updates

[remote] Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

March 28^th 2024 at 00:00

Siklu MultiHaul TG series

Exploit-DB Updates

[webapps] Workout Journal App 1.0 - Stored XSS

March 28^th 2024 at 00:00

Workout Journal App 1.0 - Stored XSS

Exploit-DB Updates

[dos] RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

March 28^th 2024 at 00:00

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Exploit-DB Updates

[remote] WinRAR version 6.22 - Remote Code Execution via ZIP archive

March 28^th 2024 at 00:00

WinRAR version 6.22 - Remote Code Execution via ZIP archive

Exploit-DB Updates

[webapps] Purei CMS 1.0 - SQL Injection

March 28^th 2024 at 00:00

Purei CMS 1.0 - SQL Injection

Exploit-DB Updates

[webapps] Broken Access Control - on NodeBB v3.6.7

March 28^th 2024 at 00:00

Broken Access Control - on NodeBB v3.6.7

Exploit-DB Updates

[webapps] liveSite Version 2019.1 - Remote Code Execution

March 28^th 2024 at 00:00

liveSite Version 2019.1 - Remote Code Execution

Exploit-DB Updates

[webapps] Wallos < 1.11.2 - File Upload RCE

March 25^th 2024 at 00:00

Wallos

Exploit-DB Updates

[webapps] Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

March 25^th 2024 at 00:00

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

Exploit-DB Updates

[webapps] Tourism Management System v2.0 - Arbitrary File Upload

March 25^th 2024 at 00:00

Tourism Management System v2.0 - Arbitrary File Upload

Exploit-DB Updates

[webapps] SPA-CART CMS - Stored XSS

March 25^th 2024 at 00:00

SPA-CART CMS - Stored XSS

Exploit-DB Updates

[webapps] Nagios XI Version 2024R1.01 - SQL Injection

March 25^th 2024 at 00:00

Nagios XI Version 2024R1.01 - SQL Injection

Exploit-DB Updates

[remote] LBT-T300-mini1 - Remote Buffer Overflow

March 25^th 2024 at 00:00

LBT-T300-mini1 - Remote Buffer Overflow

Exploit-DB Updates

[webapps] Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

March 25^th 2024 at 00:00

Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

Exploit-DB Updates

[webapps] LimeSurvey Community 5.3.32 - Stored XSS

March 25^th 2024 at 00:00

LimeSurvey Community 5.3.32 - Stored XSS

Exploit-DB Updates

[webapps] MobileShop master v1.0 - SQL Injection Vuln.

March 25^th 2024 at 00:00

MobileShop master v1.0 - SQL Injection Vuln.

Exploit-DB Updates

[remote] minaliC 2.0.0 - Denied of Service

March 22^nd 2024 at 00:00

minaliC 2.0.0 - Denied of Service

Exploit-DB Updates

[webapps] Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi

March 20^th 2024 at 00:00

Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi

Exploit-DB Updates

[webapps] Employee Management System 1.0 - 'admin_id' SQLi

March 20^th 2024 at 00:00

Employee Management System 1.0 - 'admin_id' SQLi

Exploit-DB Updates

[webapps] Simple Task List 1.0 - 'status' SQLi

March 20^th 2024 at 00:00

Simple Task List 1.0 - 'status' SQLi

Exploit-DB Updates

[webapps] Blood Bank 1.0 - 'bid' SQLi

March 20^th 2024 at 00:00

Blood Bank 1.0 - 'bid' SQLi

Exploit-DB Updates

[webapps] CSZCMS v1.3.0 - SQL Injection (Authenticated)

March 20^th 2024 at 00:00

CSZCMS v1.3.0 - SQL Injection (Authenticated)

Exploit-DB Updates

[remote] HNAS SMU 14.8.7825 - Information Disclosure

March 20^th 2024 at 00:00

HNAS SMU 14.8.7825 - Information Disclosure

Exploit-DB Updates

[remote] TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password

March 18^th 2024 at 00:00

TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password

Exploit-DB Updates

[webapps] ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE

March 18^th 2024 at 00:00

ZoneMinder Snapshots

Exploit-DB Updates

[remote] TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure

March 18^th 2024 at 00:00

TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure

Exploit-DB Updates

[webapps] Gibbon LMS < v26.0.00 - Authenticated RCE

March 18^th 2024 at 00:00

Gibbon LMS

Exploit-DB Updates

[remote] TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection

March 18^th 2024 at 00:00

TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection

Exploit-DB Updates

[webapps] WEBIGniter v28.7.23 - Stored XSS

March 18^th 2024 at 00:00

WEBIGniter v28.7.23 - Stored XSS

Exploit-DB Updates

[webapps] Quick.CMS 6.7 - SQL Injection Login Bypass

March 18^th 2024 at 00:00

Quick.CMS 6.7 - SQL Injection Login Bypass

Exploit-DB Updates

[webapps] Atlassian Confluence < 8.5.3 - Remote Code Execution

March 18^th 2024 at 00:00

Atlassian Confluence

Exploit-DB Updates

[webapps] xbtitFM 4.1.18 - Multiple Vulnerabilities

March 18^th 2024 at 00:00

xbtitFM 4.1.18 - Multiple Vulnerabilities

Exploit-DB Updates

[webapps] TYPO3 11.5.24 - Path Traversal (Authenticated)

March 18^th 2024 at 00:00

TYPO3 11.5.24 - Path Traversal (Authenticated)

Exploit-DB Updates

[webapps] Backdrop CMS 1.23.0 - Stored XSS

March 18^th 2024 at 00:00

Backdrop CMS 1.23.0 - Stored XSS

Exploit-DB Updates

[webapps] WordPress File Upload Plugin < 4.23.3 - Stored XSS

March 18^th 2024 at 00:00

WordPress File Upload Plugin

Exploit-DB Updates

[webapps] Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

March 16^th 2024 at 00:00

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit-DB Updates

[webapps] Karaf v4.4.3 Console - RCE

March 16^th 2024 at 00:00

Karaf v4.4.3 Console - RCE

Exploit-DB Updates

[local] LaborOfficeFree 19.10 - MySQL Root Password Calculator

March 16^th 2024 at 00:00

LaborOfficeFree 19.10 - MySQL Root Password Calculator