[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

— November 15^th 2024 at 00:00

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)

— October 1^st 2024 at 00:00

dizqueTV 1.5.3 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] openSIS 9.1 - SQLi (Authenticated)

— October 1^st 2024 at 00:00

openSIS 9.1 - SQLi (Authenticated)

Exploit-DB Updates

[webapps] reNgine 2.2.0 - Command Injection (Authenticated)

— October 1^st 2024 at 00:00

reNgine 2.2.0 - Command Injection (Authenticated)

Exploit-DB Updates

[dos] Windows TCP/IP - RCE Checker and Denial of Service

— August 28^th 2024 at 00:00

Windows TCP/IP - RCE Checker and Denial of Service

Exploit-DB Updates

[webapps] Gitea 1.22.0 - Stored XSS

— August 28^th 2024 at 00:00

Gitea 1.22.0 - Stored XSS

Exploit-DB Updates

[webapps] Invesalius3 - Remote Code Execution

— August 28^th 2024 at 00:00

Invesalius3 - Remote Code Execution

Exploit-DB Updates

[webapps] NoteMark < 0.13.0 - Stored XSS

— August 28^th 2024 at 00:00

NoteMark

Exploit-DB Updates

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

— August 24^th 2024 at 00:00

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

Exploit-DB Updates

[webapps] HughesNet HT2000W Satellite Modem - Password Reset

— August 24^th 2024 at 00:00

HughesNet HT2000W Satellite Modem - Password Reset

Exploit-DB Updates

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

— August 24^th 2024 at 00:00

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

Exploit-DB Updates

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

— August 24^th 2024 at 00:00

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Exploit-DB Updates

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

— August 24^th 2024 at 00:00

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

Exploit-DB Updates

[webapps] Aurba 501 - Authenticated RCE

— August 24^th 2024 at 00:00

Aurba 501 - Authenticated RCE

Exploit-DB Updates

[webapps] Calibre-web 0.6.21 - Stored XSS

— August 23^rd 2024 at 00:00

Calibre-web 0.6.21 - Stored XSS

Exploit-DB Updates

[webapps] Helpdeskz v2.0.2 - Stored XSS

— August 23^rd 2024 at 00:00

Helpdeskz v2.0.2 - Stored XSS

Exploit-DB Updates

[webapps] Ivanti vADC 9.9 - Authentication Bypass

— August 4^th 2024 at 00:00

Ivanti vADC 9.9 - Authentication Bypass

Exploit-DB Updates

[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

— August 4^th 2024 at 00:00

Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

Exploit-DB Updates

[local] Oracle Database 12c Release 1 - Unquoted Service Path

— August 4^th 2024 at 00:00

Oracle Database 12c Release 1 - Unquoted Service Path

Exploit-DB Updates

[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

— August 4^th 2024 at 00:00

SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

Exploit-DB Updates

[webapps] Devika v1 - Path Traversal via 'snapshot_path'

— August 4^th 2024 at 00:00

Devika v1 - Path Traversal via 'snapshot_path'

Exploit-DB Updates

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

— July 16^th 2024 at 00:00

Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

Exploit-DB Updates

[webapps] Customer Support System 1.0 - Stored XSS

— July 1^st 2024 at 00:00

Customer Support System 1.0 - Stored XSS

Exploit-DB Updates

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

— July 1^st 2024 at 00:00

Azon Dominator Affiliate Marketing Script - SQL Injection

Exploit-DB Updates

[webapps] Microweber 2.0.15 - Stored XSS

— July 1^st 2024 at 00:00

Microweber 2.0.15 - Stored XSS

Exploit-DB Updates

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

— July 1^st 2024 at 00:00

Xhibiter NFT Marketplace 1.10.2 - SQL Injection

Exploit-DB Updates

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

— June 26^th 2024 at 00:00

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

— June 26^th 2024 at 00:00

Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

— June 26^th 2024 at 00:00

SolarWinds Platform 2024.1 SR1 - Race Condition

Exploit-DB Updates

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

— June 26^th 2024 at 00:00

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

— June 14^th 2024 at 00:00

WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit-DB Updates

[remote] Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

— June 14^th 2024 at 00:00

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit-DB Updates

[webapps] ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

— June 14^th 2024 at 00:00

ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)

Exploit-DB Updates

[webapps] Boelter Blue System Management 1.3 - SQL Injection

— June 14^th 2024 at 00:00

Boelter Blue System Management 1.3 - SQL Injection

Exploit-DB Updates

[webapps] Rebar3 3.13.2 - Command Injection

— June 14^th 2024 at 00:00

Rebar3 3.13.2 - Command Injection

Exploit-DB Updates

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

— June 14^th 2024 at 00:00

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

Exploit-DB Updates

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

— June 14^th 2024 at 00:00

AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

Exploit-DB Updates

[webapps] Carbon Forum 5.9.0 - Stored XSS

— June 14^th 2024 at 00:00

Carbon Forum 5.9.0 - Stored XSS

Exploit-DB Updates

[webapps] XMB 1.9.12.06 - Stored XSS

— June 14^th 2024 at 00:00

XMB 1.9.12.06 - Stored XSS

Exploit-DB Updates

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

— June 14^th 2024 at 00:00

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

— June 14^th 2024 at 00:00

PHP

Exploit-DB Updates

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

— June 3^rd 2024 at 00:00

Serendipity 2.5.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

— June 3^rd 2024 at 00:00

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

— June 3^rd 2024 at 00:00

Sitefinity 15.0 - Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

— June 3^rd 2024 at 00:00

Dotclear 2.29 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

— June 3^rd 2024 at 00:00

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

— June 3^rd 2024 at 00:00

WBCE CMS v1.6.2 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

— June 3^rd 2024 at 00:00

appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

— June 1^st 2024 at 00:00

FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

— June 1^st 2024 at 00:00

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit-DB Updates

[remote] Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

— June 1^st 2024 at 00:00

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

Exploit-DB Updates

[remote] ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

— June 1^st 2024 at 00:00

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

Exploit-DB Updates

[webapps] Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

— June 1^st 2024 at 00:00

Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)

Exploit-DB Updates

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

— May 31^st 2024 at 00:00

Aquatronica Control System 5.1.6 - Information Disclosure

Exploit-DB Updates

[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

— May 31^st 2024 at 00:00

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

Exploit-DB Updates

[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

— May 31^st 2024 at 00:00

iMLog

Exploit-DB Updates

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

— May 31^st 2024 at 00:00

ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

— May 31^st 2024 at 00:00

changedetection

Exploit-DB Updates

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

— May 31^st 2024 at 00:00

Check Point Security Gateway - Information Disclosure (Unauthenticated)

Exploit-DB Updates

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

— May 19^th 2024 at 00:00

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)