| 48261 | rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
WEBAPPS Author: ikingf | 2020/03/27 | |
| 48260 | Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
WEBAPPS Author: ongphuk | 2020/03/27 | |
| 48259 | Everest 5.50.2100 - 'Open File' Denial of Service (PoC)
DOS Author: Ivan Marmolejo | 2020/03/27 | |
| 48258 | ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
WEBAPPS Author: Alperen Soydan | 2020/03/27 | |
| 48257 | Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
LOCAL Author: Felipe Winsnes | 2020/03/27 | |
| 48256 | Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution
WEBAPPS Author: Engin Demirbilek | 2020/03/26 | |
| 48255 | TP-Link Archer C50 3 - Denial of Service (PoC)
WEBAPPS Author: hewhiteh4 | 2020/03/26 | |
| 48253 | 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
LOCAL Author: Felipe Winsnes | 2020/03/25 | |
| 48251 | 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path
LOCAL Author: Felipe Winsnes | 2020/03/25 | |
| 48250 | LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
WEBAPPS Author: unCS | 2020/03/25 | |
| 48249 | AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
LOCAL Author: Roberto Piña | 2020/03/25 | |
| 48248 | Joomla! Component GMapFP 3.30 - Arbitrary File Upload
WEBAPPS Author: helastVv | 2020/03/25 | |
| 48247 | UCM6202 1.0.18.13 - Remote Command Injection
WEBAPPS Author: Jacob Baines | 2020/03/24 | |
| 48246 | Veyon 4.3.4 - 'VeyonService' Unquoted Service Path
LOCAL Author: Víctor García | 2020/03/24 | |
| 48245 | Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting
WEBAPPS Author: Jinson Varghese Behanan | 2020/03/24 | |
| 48244 | UliCMS 2020.1 - Persistent Cross-Site Scripting
WEBAPPS Author: unCS | 2020/03/24 | |
| 48242 | Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection
WEBAPPS Author: w3rTyT | 2020/03/23 | |
| 48241 | rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
WEBAPPS Author: Matthew Aberegg | 2020/03/23 | |
| 48240 | FIBARO System Home Center 5.021 - Remote File Include
WEBAPPS Author: iquidWor | 2020/03/23 | |
| 48239 | CyberArk PSMP 10.9.1 - Policy Restriction Bypass
REMOTE Author: LAHBAL Said | 2020/03/23 | |
| 48237 | Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
DOS Author: Cem Onat Karagun | 2020/03/23 | |
| 48236 | ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
DOS Author: Ivan Marmolejo | 2020/03/23 | |
| 48235 | VMware Fusion 11.5.2 - Privilege Escalation
LOCAL Author: Rich Mirch | 2020/03/20 | |
| 48234 | Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
WEBAPPS Author: Metin Yunus Kandemir | 2020/03/20 | |
| 48233 | Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
REMOTE Author: Maurizio S | 2020/03/18 | |
| 48228 | Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
REMOTE Author: arazPajoha | 2020/03/18 | |
| 48227 | NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
LOCAL Author: El Masas | 2020/03/18 | |
| 48225 | Netlink GPON Router 1.0.11 - Remote Code Execution
WEBAPPS Author: hellor | 2020/03/18 | |
| 48232 | VMWare Fusion - Local Privilege Escalation
LOCAL Author: rim | 2020/03/17 | |
| 48231 | Microsoft VSCode Python Extension - Code Execution
LOCAL Author: oyense | 2020/03/17 | |
| 48224 | ManageEngine Desktop Central - Java Deserialization (Metasploit)
REMOTE Author: etasploi | 2020/03/17 | |
| 48223 | Rconfig 3.x - Chained Remote Code Execution (Metasploit)
REMOTE Author: etasploi | 2020/03/17 | |
| 48221 | PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
WEBAPPS Author: Antonio Cannito | 2020/03/16 | |
| 48220 | PHPKB Multi-Language 9 - Authenticated Directory Traversal
WEBAPPS Author: Antonio Cannito | 2020/03/16 | |
| 48219 | PHPKB Multi-Language 9 - Authenticated Remote Code Execution
WEBAPPS Author: Antonio Cannito | 2020/03/16 | |
| 48218 | MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
WEBAPPS Author: AYADI Mohamed | 2020/03/16 | |
| 48217 | Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
WEBAPPS Author: Miguel Mendez Z | 2020/03/16 | |
| 48216 | Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
DOS Author: erykitt | 2020/03/14 | |
| 48214 | Drobo 5N2 4.1.1 - Remote Command Injection
REMOTE Author: Ian Sindermann | 2020/03/13 | |
| 48212 | Centos WebPanel 7 - 'term' SQL Injection
WEBAPPS Author: Berke YILMAZ | 2020/03/13 | |
| 48211 | AnyBurn 4.8 - Buffer Overflow (SEH)
LOCAL Author: Richard Davy | 2020/03/13 | |
| 48208 | rConfig 3.9 - 'searchColumn' SQL Injection
WEBAPPS Author: ikingf | 2020/03/12 | |
| 48207 | rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
WEBAPPS Author: Engin Demirbilek | 2020/03/12 | |
| 48206 | ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path
LOCAL Author: Roberto Piña | 2020/03/12 | |
| 48205 | HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
WEBAPPS Author: Ismail Akıcı | 2020/03/12 | |
| 48204 | Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WEBAPPS Author: Daniel Monzón | 2020/03/12 | |
| 48203 | WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
WEBAPPS Author: RedTeam Pentesting GmbH | 2020/03/12 | |
| 48202 | Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
WEBAPPS Author: Milad karimi | 2020/03/12 | |
| 48210 | Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
WEBAPPS Author: Andrea Cardaci | 2020/03/11 | |
| 48209 | Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
WEBAPPS Author: Andrea Cardaci | 2020/03/11 | |
| 48197 | Wordpress Plugin Search Meter 2.13.2 - CSV injection
WEBAPPS Author: Daniel Monzón | 2020/03/11 | |
| 48193 | ASUS AXSP 1.02.00 - 'asComSvc' Unquoted Service Path
LOCAL Author: Roberto Piña | 2020/03/11 | |
| 48215 | Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
WEBAPPS Author: Andrea Cardaci | 2020/03/10 | |
| 48192 | PHPStudy - Backdoor Remote Code execution (Metasploit)
REMOTE Author: etasploi | 2020/03/10 | |
| 48191 | Nagios XI - Authenticated Remote Command Execution (Metasploit)
REMOTE Author: etasploi | 2020/03/10 | |
| 48190 | Persian VIP Download Script 1.0 - 'active' SQL Injection
WEBAPPS Author: 3FF | 2020/03/10 | |
| 48189 | YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
WEBAPPS Author: n_dus | 2020/03/10 | |
| 48188 | Sysaid 20.1.11 b26 - Remote Command Execution
WEBAPPS Author: Ahmed Sherif | 2020/03/10 | |
| 48187 | Counter Strike: GO - '.bsp' Memory Control (PoC)
LOCAL Author: 0day enthusiast | 2020/03/09 | |
| 48186 | Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
REMOTE Author: etasploi | 2020/03/09 | |
| 48185 | OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
LOCAL Author: etasploi | 2020/03/09 | |
| 48184 | Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
REMOTE Author: etasploi | 2020/03/09 | |
| 48183 | Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
REMOTE Author: etasploi | 2020/03/09 | |
| 48182 | PHP-FPM - Underflow Remote Code Execution (Metasploit)
REMOTE Author: etasploi | 2020/03/09 | |
| 48181 | Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
REMOTE Author: etasploi | 2020/03/09 | |
| 48179 | Sentrifugo HRMS 3.2 - 'id' SQL Injection
WEBAPPS Author: inhn | 2020/03/09 | |
| 48177 | 60CycleCMS - 'news.php' SQL Injection
WEBAPPS Author: nkn0w | 2020/03/09 | |
| 48174 | Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
LOCAL Author: Oscar Flores | 2020/03/06 | |
| 48173 | ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
LOCAL Author: Oscar Flores | 2020/03/06 | |
| 48172 | SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
LOCAL Author: Alejandro Reyes | 2020/03/06 | |
| 48171 | Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
LOCAL Author: Alejandro Reyes | 2020/03/06 | |
| 48169 | EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
REMOTE Author: etasploi | 2020/03/05 | |
| 48168 | Exchange Control Panel - Viewstate Deserialization (Metasploit)
REMOTE Author: etasploi | 2020/03/05 | |
| 48166 | UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
WEBAPPS Author: goAnhDu | 2020/03/04 | |
| 48180 | Microsoft Windows - 'WizardOpium' Local Privilege Escalation
LOCAL Author: iotrflorczy | 2020/03/03 | |
| 48164 | RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
WEBAPPS Author: Olga Villagran | 2020/03/03 | |
| 48163 | GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
WEBAPPS Author: maragko | 2020/03/03 | |
| 48162 | Alfresco 5.2.4 - Persistent Cross-Site Scripting
WEBAPPS Author: Alexandre ZANNI | 2020/03/03 | |
| 48161 | RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
WEBAPPS Author: Paulina Girón | 2020/03/03 | |
| 48170 | netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
REMOTE Author: mmunit | 2020/03/02 | |
| 48160 | Wing FTP Server 6.2.3 - Privilege Escalation
LOCAL Author: Cary Hooper | 2020/03/02 | |
| 48159 | Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
WEBAPPS Author: Lucas Amorim | 2020/03/02 | |
| 48158 | Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
WEBAPPS Author: Elber Tavares | 2020/03/02 | |
| 48156 | CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
REMOTE Author: etw0r | 2020/03/02 | |
| 48155 | TP LINK TL-WR849N - Remote Code Execution
WEBAPPS Author: Elber Tavares | 2020/03/02 | |
| 48154 | Wing FTP Server 6.2.5 - Privilege Escalation
WEBAPPS Author: Cary Hooper | 2020/03/02 | |
| 48153 | Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
REMOTE Author: hotubia | 2020/03/02 | |
| 48152 | TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
WEBAPPS Author: Elber Tavares | 2020/03/02 | |
| 48151 | Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WEBAPPS Author: Jinson Varghese Behanan | 2020/03/02 | |
| 48149 | Netis WF2419 2.2.36123 - Remote Code Execution
WEBAPPS Author: Elias Issa | 2020/03/02 | |
| 48148 | Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
LOCAL Author: Andrey Stoykov | 2020/03/02 | |
| 48147 | Joplin Desktop 1.0.184 - Cross-Site Scripting
WEBAPPS Author: Javier Olmedo | 2020/03/02 | |
| 48146 | qdPM < 9.1 - Remote Code Execution
WEBAPPS Author: Tobin Shields | 2020/02/28 | |
| 48142 | Comtrend VR-3033 - Command Injection
WEBAPPS Author: Raki Ben Hamouda | 2020/02/27 | |
| 48141 | Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
WEBAPPS Author: Meisam Monsef | 2020/02/27 | |
| 48140 | OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
REMOTE Author: Qualys Corporation | 2020/02/26 | |
| 48139 | OpenSMTPD 6.6.3 - Arbitrary File Read
REMOTE Author: Qualys Corporation | 2020/02/26 | |
| 48138 | PhpIX 2012 Professional - 'id' SQL Injection
WEBAPPS Author: ndoushk | 2020/02/26 | |
| 48137 | Core FTP LE 2.2 - Denial of Service (PoC)
DOS Author: Ismael Nava | 2020/02/26 | |
| 48136 | Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC)
DOS Author: berat isler | 2020/02/25 | |
