المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : قسم الثغرات

الصفحات : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 [61] 62
  1. [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
  2. [dos] Windows TCP/IP - RCE Checker and Denial of Service
  3. [webapps] NoteMark < 0.13.0 - Stored XSS
  4. [webapps] Gitea 1.22.0 - Stored XSS
  5. [webapps] Invesalius3 - Remote Code Execution
  6. [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
  7. [webapps] openSIS 9.1 - SQLi (Authenticated)
  8. [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
  9. [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (R
  10. [webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
  11. [webapps] TeamPass 3.0.0.21 - SQL Injection
  12. [remote] Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthentic
  13. [remote] Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
  14. [webapps] Jasmin Ransomware - SQL Injection Login Bypass
  15. [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
  16. [webapps] JUX Real Estate 3.4.0 - SQL Injection
  17. [local] VeeVPN 1.6.1 - Unquoted Service Path
  18. [webapps] Gitea 1.24.0 - HTML Injection
  19. [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
  20. [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution
  21. [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)
  22. [webapps] Sonatype Nexus Repository 3.53.0-01 - Path Traversal
  23. [webapps] CodeCanyon RISE CRM 3.7.0 - SQL Injection
  24. [webapps] Litespeed Cache 6.5.0.1 - Authentication Bypass
  25. [webapps] X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
  26. [webapps] KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
  27. [webapps] MoziloCMS 3.0 - Remote Code Execution (RCE)
  28. [local] NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
  29. [webapps] XWiki Standard 14.10 - Remote Code Execution (RCE)
  30. [local] Solstice Pod 6.2 - API Session Key Extraction via API Endpoint
  31. [webapps] Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypas
  32. [webapps] Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
  33. [webapps] Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary Fil
  34. [webapps] Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
  35. [webapps] Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
  36. [webapps] Next.js Middleware 15.2.2 - Authorization Bypass
  37. [webapps] IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
  38. [remote] Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Inje
  39. [remote] Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
  40. [remote] Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stor
  41. [remote] Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injec
  42. [webapps] AppSmith 1.47 - Remote Code Execution (RCE)
  43. [webapps] Nagios Log Server 2024R1.3.1 - Stored XSS
  44. [local] ollama 0.6.4 - Server Side Request Forgery (SSRF)
  45. [webapps] ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)
  46. [webapps] Webmin Usermin 2.100 - Username Enumeration
  47. [remote] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
  48. [webapps] ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
  49. [remote] Vite 6.2.2 - Arbitrary File Read
  50. [remote] SAP NetWeaver - 7.53 - HTTP Request Smuggling
  51. [webapps] ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
  52. [webapps] ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
  53. [webapps] Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
  54. [webapps] DocsGPT 0.12.0 - Remote Code Execution
  55. [webapps] GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
  56. [remote] Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE
  57. [remote] InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation
  58. [webapps] jQuery 3.3.1 - Prototype Pollution & XSS Exploit
  59. [webapps] Jasmin Ransomware - Arbitrary File Download (Authenticated)
  60. [webapps] UNA CMS 14.0.0-RC - PHP Object Injection
  61. [webapps] Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
  62. [webapps] WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Pri
  63. [webapps] XWiki Platform 15.10.10 - Remote Code Execution
  64. [webapps] YesWiki 4.5.1 - Unauthenticated Path Traversal
  65. [webapps] Apache Tomcat 11.0.3 - Remote Code Execution
  66. [webapps] Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
  67. [webapps] WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)
  68. [webapps] Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary F
  69. [webapps] Watcharr 1.43.0 - Remote Code Execution (RCE)
  70. [webapps] Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
  71. [webapps] DataEase 2.4.0 - Database Configuration Information Exposure
  72. [webapps] phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
  73. [webapps] MiniCMS 1.1 - Cross Site Scripting (XSS)
  74. [webapps] NEWS-BUZZ News Management System 1.0 - SQL Injection
  75. [webapps] Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
  76. [webapps] CyberPanel 2.3.6 - Remote Code Execution (RCE)
  77. [webapps] LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
  78. [webapps] MagnusSolution magnusbilling 7.3.0 - Command Injection
  79. [webapps] RosarioSIS 7.6 - SQL Injection
  80. [webapps] GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
  81. [webapps] Gnuboard5 5.3.2.8 - SQL Injection
  82. [webapps] flatCore 1.5 - Cross Site Request Forgery (CSRF)
  83. [webapps] flatCore 1.5.5 - Arbitrary File Upload
  84. [webapps] AquilaCMS 1.409.20 - Remote Command Execution (RCE)
  85. [webapps] Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
  86. [webapps] Typecho 1.3.0 - Race Condition
  87. [hardware] Cosy+ firmware 21.2s7 - Command Injection
  88. [webapps] CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS
  89. [remote] K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
  90. [webapps] PandoraFMS 7.0NG.772 - SQL Injection
  91. [webapps] Centron 19.04 - Remote Code Execution (RCE)
  92. [webapps] Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
  93. [webapps] Feng Office 3.11.1.2 - SQL Injection
  94. [webapps] PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CS
  95. [webapps] ChurchCRM 5.9.1 - SQL Injection
  96. [webapps] Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RC
  97. [webapps] ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)
  98. [webapps] Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
  99. [webapps] Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege
  100. [webapps] Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
  101. [webapps] Artica Proxy 4.50 - Remote Code Execution (RCE)
  102. [local] qBittorrent 5.0.1 - MITM RCE
  103. [webapps] GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
  104. [hardware] ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
  105. [webapps] GeoVision GV-ASManager 6.1.1.0 - CSRF
  106. [hardware] ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
  107. [webapps] WebFileSys 2.31.0 - Directory Path Traversal
  108. [hardware] ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning
  109. [hardware] Netman 204 - Remote command without authentication
  110. [hardware] ABB Cylon Aspect 3.08.02 - PHP Session Fixation
  111. [webapps] CMU CERT/CC VINCE 2.0.6 - Stored XSS
  112. [hardware] ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
  113. [hardware] ABB Cylon FLXeon 9.3.4 - Default Credentials
  114. [hardware] ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
  115. [webapps] Nagios Log Server 2024R1.3.1 - API Key Exposure
  116. [webapps] OpenPanel 0.3.4 - OS Command Injection
  117. [webapps] OpenPanel 0.3.4 - Incorrect Access Control
  118. [webapps] OpenPanel 0.3.4 - Directory Traversal
  119. [webapps] Pimcore 11.4.2 - Stored cross site scripting
  120. [webapps] Pimcore customer-data-framework 4.2.0 - SQL injection
  121. [webapps] Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
  122. [hardware] ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
  123. [remote] GestioIP 3.5.7 - Remote Command Execution (RCE)
  124. [remote] GestioIP 3.5.7 - Cross-Site Scripting (XSS)
  125. [remote] GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
  126. [remote] GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
  127. [remote] GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
  128. [webapps] SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
  129. [webapps] OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Tra
  130. [webapps] Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
  131. [hardware] ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
  132. [webapps] ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
  133. [webapps] ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
  134. [hardware] ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
  135. [hardware] ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection
  136. [hardware] ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config P
  137. [hardware] ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
  138. [hardware] ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
  139. [hardware] ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
  140. [hardware] ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
  141. [hardware] ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scr
  142. [remote] Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
  143. [webapps] IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
  144. [webapps] Plane 0.23.1 - Server side request forgery (SSRF)
  145. [webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass
  146. [webapps] OpenCMS 17.0 - Stored Cross Site Scripting (XSS)
  147. [webapps] Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
  148. [webapps] Really Simple Security 9.1.1.1 - Authentication Bypass
  149. [webapps] Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
  150. [remote] Pymatgen 2024.1 - Remote Code Execution (RCE)
  151. [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
  152. [webapps] Drupal 11.x-dev - Full Path Disclosure
  153. [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated S
  154. [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
  155. [webapps] Inventio Lite 4 - SQL Injection
  156. [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
  157. [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
  158. [webapps] Tatsu 3.3.11 - Unauthenticated RCE
  159. [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
  160. [local] AnyDesk 9.0.1 - Unquoted Service Path
  161. [webapps] compop.ca 3.5.3 - Arbitrary code Execution
  162. [webapps] Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation
  163. [webapps] Usermin 2.100 - Username Enumeration
  164. [webapps] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Executio
  165. [hardware] ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traver
  166. [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execu
  167. [remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
  168. [remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
  169. [webapps] WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
  170. [webapps] Smart Manager 8.27.0 - Post-Authenticated SQL Injection
  171. [remote] Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)
  172. [webapps] KodExplorer 4.52 - Open Redirect
  173. [local] ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)
  174. [webapps] Car Rental Project 1.0 - Remote Code Execution
  175. [local] Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account
  176. [webapps] Ethercreative Logs 3.0.3 - Path Traversal
  177. [webapps] FLIR AX8 1.46.16 - Remote Command Injection
  178. [remote] Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication
  179. [webapps] Garage Management System 1.0 (categoriesName) - Stored XSS
  180. [remote] WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login P
  181. [webapps] ProConf 6.0 - Insecure Direct Object Reference (IDOR)
  182. [webapps] phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames
  183. [hardware] ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write Do
  184. [hardware] ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS
  185. [hardware] ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution
  186. [hardware] ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)
  187. [webapps] Zabbix 7.0.0 - SQL Injection
  188. [webapps] NagVis 1.9.33 - Arbitrary File Read
  189. [webapps] Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)
  190. [remote] Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)
  191. [webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
  192. [local] Microsoft Windows 11 - Kernel Privilege Escalation
  193. [webapps] WordPress Core 6.2 - Directory Traversal
  194. [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
  195. [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Script
  196. [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
  197. [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
  198. [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
  199. [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
  200. [local] unzip-stream 0.3.1 - Arbitrary File Write
  201. [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
  202. [local] ZTE ZXV10 H201L - RCE via authentication bypass
  203. [local] Daikin Security Gateway 14 - Remote Password Reset
  204. [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
  205. [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
  206. [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
  207. [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
  208. [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
  209. [local] VirtualBox 7.0.16 - Privilege Escalation
  210. [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
  211. [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
  212. [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privile
  213. [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
  214. [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege E
  215. [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
  216. [local] RDPGuard 9.9.9 - Privilege Escalation
  217. [remote] CrushFTP 11.3.1 - Authentication Bypass
  218. [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
  219. [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
  220. [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
  221. [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
  222. [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
  223. [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
  224. [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
  225. [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypa
  226. [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
  227. [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
  228. [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
  229. [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
  230. [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
  231. [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
  232. [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
  233. [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcin
  234. [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
  235. [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
  236. [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
  237. [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
  238. [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
  239. [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
  240. [local] TightVNC 2.8.83 - Control Pipe Manipulation
  241. [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
  242. [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privile
  243. [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
  244. [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
  245. [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
  246. [local] Microsoft Excel Use After Free - Local Code Execution
  247. [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
  248. [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
  249. [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
  250. [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation