[remote] Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation

Palo Alto PAN-OS

[webapps] Flowise 1.6.5 - Authentication Bypass

Flowise 1.6.5 - Authentication Bypass

[webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)

SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)

[webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution

[webapps] FlatPress v1.3 - Remote Command Execution

FlatPress v1.3 - Remote Command Execution

[webapps] Laravel Framework 11 - Credential Leakage

Laravel Framework 11 - Credential Leakage

[webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure

djangorestframework-simplejwt 5.3.1 - Information Disclosure

[webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

OpenClinic GA 5.247.01 - Path Traversal (Authenticated)

[webapps] OpenClinic GA 5.247.01 - Information Disclosure

OpenClinic GA 5.247.01 - Information Disclosure

[webapps] Jenkins 2.441 - Local File Inclusion

Jenkins 2.441 - Local File Inclusion

[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS

Savsoft Quiz v6.0 Enterprise - Stored XSS

[webapps] Stock Management System v1.0 - Unauthenticated SQL Injection

Stock Management System v1.0 - Unauthenticated SQL Injection

[webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

[webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

[local] Terratec dmx_6fire USB - Unquoted Service Path

Terratec dmx_6fire USB - Unquoted Service Path

[local] PrusaSlicer 2.6.1 - Arbitrary code execution

PrusaSlicer 2.6.1 - Arbitrary code execution

[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution

PopojiCMS Version 2.0.1 - Remote Command Execution

[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

[webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

[webapps] HTMLy Version v2.9.6 - Stored XSS

HTMLy Version v2.9.6 - Stored XSS

[remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

MinIO

[webapps] WBCE 1.6.0 - Unauthenticated SQL injection

WBCE 1.6.0 - Unauthenticated SQL injection

[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

[webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

[webapps] Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

[webapps] Daily Expense Manager 1.0 - 'term' SQLi

Daily Expense Manager 1.0 - 'term' SQLi

[webapps] Human Resource Management System v1.0 - Multiple SQLi

Human Resource Management System v1.0 - Multiple SQLi

[webapps] Best Student Result Management System v1.0 - Multiple SQLi

Best Student Result Management System v1.0 - Multiple SQLi

[remote] Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

[webapps] Open Source Medicine Ordering System v1.0 - SQLi

Open Source Medicine Ordering System v1.0 - SQLi

[local] AnyDesk 7.0.15 - Unquoted Service Path

AnyDesk 7.0.15 - Unquoted Service Path

[webapps] Quick CMS v6.7 en 2023 - 'password' SQLi

Quick CMS v6.7 en 2023 - 'password' SQLi

[webapps] Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

[webapps] Computer Laboratory Management System v1.0 - Multiple-SQLi

Computer Laboratory Management System v1.0 - Multiple-SQLi

[local] ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

[webapps] Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

[webapps] Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

[webapps] Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

[webapps] CE Phoenix v1.0.8.20 - Remote Code Execution

CE Phoenix v1.0.8.20 - Remote Code Execution

[webapps] Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

[webapps] FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

[webapps] Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

[webapps] E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

[webapps] Gibbon LMS v26.0.00 - SSTI vulnerability

Gibbon LMS v26.0.00 - SSTI vulnerability

[webapps] Smart School 6.4.1 - SQL Injection

Smart School 6.4.1 - SQL Injection

[webapps] Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

[webapps] Casdoor < v1.331.0 - '/api/set-password' CSRF

Casdoor

[webapps] Daily Habit Tracker 1.0 - SQL Injection

Daily Habit Tracker 1.0 - SQL Injection

[local] ASUS Control Center Express 01.06.15 - Unquoted Service Path

ASUS Control Center Express 01.06.15 - Unquoted Service Path

[webapps] Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi

OpenCart Core 4.0.2.3 - 'search' SQLi

[webapps] FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

[local] Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

[local] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

[local] Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

[webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

[webapps] Axigen < 10.5.7 - Persistent Cross-Site Scripting

Axigen

[webapps] Elementor Website Builder < 3.12.2 - Admin+ SQLi

Elementor Website Builder