[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

— April 12^th 2024 at 00:00

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

Exploit-DB Updates

[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

— April 12^th 2024 at 00:00

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

— April 12^th 2024 at 00:00

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution

— April 12^th 2024 at 00:00

PopojiCMS Version 2.0.1 - Remote Command Execution

Exploit-DB Updates

[local] PrusaSlicer 2.6.1 - Arbitrary code execution

— April 12^th 2024 at 00:00

PrusaSlicer 2.6.1 - Arbitrary code execution

Exploit-DB Updates

[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

— April 12^th 2024 at 00:00

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter

Exploit-DB Updates

[webapps] WBCE 1.6.0 - Unauthenticated SQL injection

— April 12^th 2024 at 00:00

WBCE 1.6.0 - Unauthenticated SQL injection

Exploit-DB Updates

[local] Terratec dmx_6fire USB - Unquoted Service Path

— April 12^th 2024 at 00:00

Terratec dmx_6fire USB - Unquoted Service Path

Exploit-DB Updates

[webapps] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

— April 12^th 2024 at 00:00

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit-DB Updates

[webapps] HTMLy Version v2.9.6 - Stored XSS

— April 12^th 2024 at 00:00

HTMLy Version v2.9.6 - Stored XSS

Exploit-DB Updates

[webapps] GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

— April 12^th 2024 at 00:00

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

Exploit-DB Updates

[remote] MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

— April 12^th 2024 at 00:00

MinIO

Exploit-DB Updates

[webapps] Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

— April 8^th 2024 at 00:00

Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload

Exploit-DB Updates

[local] AnyDesk 7.0.15 - Unquoted Service Path

— April 8^th 2024 at 00:00

AnyDesk 7.0.15 - Unquoted Service Path

Exploit-DB Updates

[remote] Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

— April 8^th 2024 at 00:00

Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass

Exploit-DB Updates

[webapps] Human Resource Management System v1.0 - Multiple SQLi

— April 8^th 2024 at 00:00

Human Resource Management System v1.0 - Multiple SQLi

Exploit-DB Updates

[webapps] Best Student Result Management System v1.0 - Multiple SQLi

— April 8^th 2024 at 00:00

Best Student Result Management System v1.0 - Multiple SQLi

Exploit-DB Updates

[webapps] Daily Expense Manager 1.0 - 'term' SQLi

— April 8^th 2024 at 00:00

Daily Expense Manager 1.0 - 'term' SQLi

Exploit-DB Updates

[webapps] Open Source Medicine Ordering System v1.0 - SQLi

— April 8^th 2024 at 00:00

Open Source Medicine Ordering System v1.0 - SQLi

Exploit-DB Updates

[local] ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

— April 3^rd 2024 at 00:00

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

Exploit-DB Updates

[webapps] Computer Laboratory Management System v1.0 - Multiple-SQLi

— April 3^rd 2024 at 00:00

Computer Laboratory Management System v1.0 - Multiple-SQLi

Exploit-DB Updates

[webapps] Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

— April 3^rd 2024 at 00:00

Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Quick CMS v6.7 en 2023 - 'password' SQLi

— April 3^rd 2024 at 00:00

Quick CMS v6.7 en 2023 - 'password' SQLi

Exploit-DB Updates

[webapps] Axigen < 10.5.7 - Persistent Cross-Site Scripting

— April 2^nd 2024 at 00:00

Axigen

Exploit-DB Updates

[webapps] Casdoor < v1.331.0 - '/api/set-password' CSRF

— April 2^nd 2024 at 00:00

Casdoor

Exploit-DB Updates

[webapps] Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

— April 2^nd 2024 at 00:00

Wordpress Plugin - Membership For WooCommerce

Exploit-DB Updates

[local] Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

— April 2^nd 2024 at 00:00

Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G

Exploit-DB Updates

[webapps] Gibbon LMS v26.0.00 - SSTI vulnerability

— April 2^nd 2024 at 00:00

Gibbon LMS v26.0.00 - SSTI vulnerability

Exploit-DB Updates

[webapps] Elementor Website Builder < 3.12.2 - Admin+ SQLi

— April 2^nd 2024 at 00:00

Elementor Website Builder

Exploit-DB Updates

[webapps] Smart School 6.4.1 - SQL Injection

— April 2^nd 2024 at 00:00

Smart School 6.4.1 - SQL Injection

Exploit-DB Updates

[webapps] CE Phoenix v1.0.8.20 - Remote Code Execution

— April 2^nd 2024 at 00:00

CE Phoenix v1.0.8.20 - Remote Code Execution

Exploit-DB Updates

[webapps] Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

— April 2^nd 2024 at 00:00

Blood Bank v1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

— April 2^nd 2024 at 00:00

Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection

Exploit-DB Updates

[webapps] Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

— April 2^nd 2024 at 00:00

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Exploit-DB Updates

[webapps] Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

— April 2^nd 2024 at 00:00

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Daily Habit Tracker 1.0 - SQL Injection

— April 2^nd 2024 at 00:00

Daily Habit Tracker 1.0 - SQL Injection

Exploit-DB Updates

[webapps] Daily Habit Tracker 1.0 - Broken Access Control

— April 2^nd 2024 at 00:00

Daily Habit Tracker 1.0 - Broken Access Control

Exploit-DB Updates

[remote] GL-iNet MT6000 4.5.5 - Arbitrary File Download

— April 2^nd 2024 at 00:00

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Exploit-DB Updates

[local] Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

— April 2^nd 2024 at 00:00

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

Exploit-DB Updates

[webapps] E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

— April 2^nd 2024 at 00:00

E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

— April 2^nd 2024 at 00:00

Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

— April 2^nd 2024 at 00:00

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[local] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

— April 2^nd 2024 at 00:00

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

Exploit-DB Updates

[webapps] FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

— April 2^nd 2024 at 00:00

FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

Exploit-DB Updates

[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi

— April 2^nd 2024 at 00:00

OpenCart Core 4.0.2.3 - 'search' SQLi

Exploit-DB Updates

[local] ASUS Control Center Express 01.06.15 - Unquoted Service Path

— April 2^nd 2024 at 00:00

ASUS Control Center Express 01.06.15 - Unquoted Service Path

Exploit-DB Updates

[webapps] LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

— April 2^nd 2024 at 00:00

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

— April 2^nd 2024 at 00:00

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit-DB Updates

[webapps] Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

— April 2^nd 2024 at 00:00

Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

Exploit-DB Updates

[webapps] Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

— April 2^nd 2024 at 00:00

Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal

Exploit-DB Updates

[remote] WinRAR version 6.22 - Remote Code Execution via ZIP archive

— March 28^th 2024 at 00:00

WinRAR version 6.22 - Remote Code Execution via ZIP archive

Exploit-DB Updates

[dos] RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

— March 28^th 2024 at 00:00

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Exploit-DB Updates

[remote] Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

— March 28^th 2024 at 00:00

Siklu MultiHaul TG series

Exploit-DB Updates

[local] Dell Security Management Server <1.9.0 - Local Privilege Escalation

— March 28^th 2024 at 00:00

Dell Security Management Server

Exploit-DB Updates

[webapps] liveSite Version 2019.1 - Remote Code Execution

— March 28^th 2024 at 00:00

liveSite Version 2019.1 - Remote Code Execution

Exploit-DB Updates

[webapps] Purei CMS 1.0 - SQL Injection

— March 28^th 2024 at 00:00

Purei CMS 1.0 - SQL Injection

Exploit-DB Updates

[remote] Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

— March 28^th 2024 at 00:00

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Exploit-DB Updates

[webapps] Workout Journal App 1.0 - Stored XSS

— March 28^th 2024 at 00:00

Workout Journal App 1.0 - Stored XSS

Exploit-DB Updates

[webapps] Broken Access Control - on NodeBB v3.6.7

— March 28^th 2024 at 00:00

Broken Access Control - on NodeBB v3.6.7

Exploit-DB Updates

[webapps] Nagios XI Version 2024R1.01 - SQL Injection

— March 25^th 2024 at 00:00

Nagios XI Version 2024R1.01 - SQL Injection