0 ratings0% found this document useful (0 votes)
1K viewsNykaa
Uploaded by
rohit.chaudharycs.csf20Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
1K viewsNykaa
Uploaded by
rohit.chaudharycs.csf20Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 306
┌─[✗]─[parrot@parrot]─[~]
└──╼ $sudo nuclei -u https://cdnr.nykaa.com/ -vv
[sudo] password for parrot:
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.8
projectdiscovery.io
[INF] Your current nuclei-templates v9.8.7 are outdated. Latest is v9.8.9
### 🔥 Release Highlights 🔥
[CVE-2024-4577] PHP CGI - Argument Injection (@Hüseyin TINTAŞ, @sw0rk17, @s4e-
garage, @pdresearch) [critical]
## What's Changed
• Lorex Favicon Hash by @rxerium in
https://github.com/projectdiscovery/nuclei-templates/pull/10001
• add cve-2024-4577 by @Kazgangap in
https://github.com/projectdiscovery/nuclei-templates/pull/9997
Full Changelog: https://github.com/projectdiscovery/nuclei-
templates/compare/v9.8.8...v9.8.9
[INF] Successfully updated nuclei-templates (v9.8.9) to /root/nuclei-templates.
GoodLuck!
[INF] Current nuclei version: v3.2.8 (outdated)
[INF] Current nuclei-templates version: v9.8.9 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 1
[INF] Templates loaded for current scan: 8089
[INF] Executing 8088 signed templates from projectdiscovery/nuclei-templates
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[aws-app-enum] AWS Apps - Cloud Enumeration (@initstring) [info]
[aws-s3-bucket-enum] AWS S3 Buckets - Cloud Enumeration (@initstring) [info]
[azure-db-enum] Azure Databases - Cloud Enumeration (@initstring) [info]
[azure-website-enum] Azure Websites - Cloud Enumeration (@initstring) [info]
[gcp-app-engine-enum] GCP App Engine (Appspot) - Cloud Enumeration (@initstring)
[info]
[gcp-bucket-enum] GCP Buckets - Cloud Enumeration (@initstring) [info]
[gcp-firebase-app-enum] GCP Firebase Apps - Cloud Enumeration (@initstring) [info]
[gcp-firebase-rtdb-enum] GCP Firebase Realtime Database - Cloud Enumeration
(@initstring) [info]
[azure-takeover-detection] Microsoft Azure Takeover Detection (@pdteam) [high]
[bimi-record-detect] BIMI Record - Detection (@rxerium) [info]
[caa-fingerprint] CAA Record (@pdteam) [info]
[detect-dangling-cname] CNAME Detect Dangling (@pdteam,@nytr0gen) [info]
[dmarc-detect] DNS DMARC - Detect (@juliosmelo) [info]
[dns-rebinding] DNS Rebinding Attack (@ricardomaia) [unknown]
[dns-saas-service-detection] DNS SaaS Service Detection (@noah
@thesubtlety,@pdteam) [info]
[dns-waf-detect] DNS WAF Detection (@lu4nx) [info]
[dnssec-detection] DNSSEC Detection (@pdteam) [info]
[ec2-detection] AWS EC2 Detection (@melbadry9) [info]
[elasticbeanstalk-takeover] ElasticBeanstalk Subdomain Takeover Detection
(@philippedelteil,@rotemreiss,@zy9ard3,@joaonevess) [high]
[mx-fingerprint] MX Record Detection (@pdteam) [info]
[mx-service-detector] Email Service Detector (@binaryfigments) [info]
[nameserver-fingerprint] NS Record Detection (@pdteam) [info]
[ptr-fingerprint] PTR Detected (@pdteam) [info]
[servfail-refused-hosts] DNS Servfail Host Finder (@pdteam) [info]
[spf-record-detect] SPF Record - Detection (@rxerium) [info]
[spoofable-spf-records-ptr] Spoofable SPF Records with PTR Mechanism
(@binaryfigments) [info]
[txt-fingerprint] DNS TXT Record Detected (@pdteam) [info]
[detect-worksites] Worksites.net Service Detection (@melbadry9) [info]
[adb-backup-enabled] ADB Backup Enabled (@gaurang) [low]
[biometric-detect] Android Biometric/Fingerprint - Detect (@gaurang) [info]
[improper-certificate-validation] Android Improper Certificate Validation - Detect
(@gaurang) [medium]
[content-scheme] Android Content Scheme - Detect (@gaurang) [info]
[android-debug-enabled] Android Debug Enabled (@gaurang) [low]
[deep-link-detect] Android Deep Link - Detect (@hardik-solanki) [info]
[dynamic-registered-broadcast-receiver] Android Dynamic Broadcast Receiver Register
- Detect (@gaurang) [info]
[file-scheme] Android File Scheme - Detect (@gaurang) [info]
[google-storage-bucket] Google Storage Bucket - Detection (@thabisocn) [info]
[insecure-provider-path] Android Insecure Provider Path - Detect (@gaurang)
[medium]
[webview-addjavascript-interface] Android WebView Add Javascript Interface - Detect
(@gaurang) [info]
[webview-javascript-enabled] WebView JavaScript - Detect (@gaurang) [info]
[webview-load-url] WebView loadUrl - Detect (@gaurang) [info]
[webview-universal-access] Android WebView Universal Access - Detect (@gaurang)
[medium]
[configure-aaa-service] Cisco AAA Service Configuration - Detect (@pussycat0x)
[info]
[configure-service-timestamps-debug] Cisco Configure Service Timestamps for Debug -
Detect (@pussycat0x) [info]
[configure-service-timestamps-logmessages] Cisco Configure Service Timestamps Log
Messages - Detect (@pussycat0x) [info]
[disable-ip-source-route] Cisco Disable IP Source-Route - Detect (@pussycat0x)
[info]
[disable-pad-service] Cisco Disable PAD - Detect (@pussycat0x) [info]
[enable-secret-for-user-and-password] Enable and User Password with Secret
(@pussycat0x) [info]
[logging-enable] Cisco Logging Enable - Detect (@pussycat0x) [info]
[set-and-secure-passwords] Cisco Set and Secure Password - Detect (@pussycat0x)
[info]
[auto-usb-install] Fortinet Auto USB Installation Enabled - Detect (@pussycat0x)
[info]
[heuristic-scan] Fortinet Heuristic Scanning not Configured - Detect (@pussycat0x)
[info]
[inactivity-timeout] Fortinet Inactivity Timeout Not Implemented - Detect
(@pussycat0x) [info]
[maintainer-account] Fortinet Maintainer Account Not Implemented - Detect
(@pussycat0x) [info]
[password-policy] Fortinet Password Policy Not Set - Detect (@pussycat0x) [info]
[remote-auth-timeout] Fortinet Remote Authentication Timeout Not Set - Detect
(@pussycat0x) [info]
[scp-admin] Fortinet Admin-SCP Disabled - Detect (@pussycat0x) [info]
[strong-ciphers] HTTPS/SSH Strong Ciphers Not Enabled (@pussycat0x) [info]
[configure-dns-server] DNS Server Not Implemented - Detect (@pussycat0x) [info]
[configure-session-timeout] PfSense Configure Sessions Timeout Not Set - Detect
(@pussycat0x) [info]
[enable-https-protocol] Pfsense Web Admin Management Portal HTTPS Not Set - Detect
(@pussycat0x) [info]
[known-default-account] PfSense Known Default Account - Detect (@pussycat0x) [info]
[password-protected-consolemenu] PfSense Consolemenu Password Protection Not
Implememnted - Detect (@pussycat0x) [info]
[set-hostname] PfSense Hostname Not Set - Detect (@pussycat0x) [info]
[bash-scanner] Bash Scanner (@ransomsec) [info]
[electron-version-detect] Electron Version - Detect (@me9187) [info]
[node-integration-enabled] Electron Applications - Cross-Site Scripting & Remote
Code Execution (@me9187) [critical]
[js-analyse] JS Analyse (@ayadim) [info]
[adafruit-key] Adafruit API Key (@dhiyaneshdk) [info]
[adobe-client] Adobe Client ID (@dhiyaneshdk) [info]
[adobe-secret] Adobe OAuth Client Secret (@dhiyaneshdk) [info]
[age-identity-secret-key] Age Identity (X22519 secret key) (@dhiyaneshdk) [info]
[age-recipient-public-key] Age Recipient (X25519 public key) (@dhiyaneshdk) [info]
[airtable-key] Airtable API Key (@dhiyaneshdk) [info]
[algolia-key] Algolia API Key (@dhiyaneshdk) [info]
[alibaba-key-id] Alibaba Access Key ID (@dhiyaneshdk) [info]
[alibaba-secret-id] Alibaba Secret Key ID (@dhiyaneshdk) [info]
[amazon-account-id] Amazon Web Services Account ID - Detect (@dhiyaneshdk) [info]
[amazon-mws-auth-token-value] Amazon MWS Authentication Token - Detect (@gaurang)
[medium]
[amazon-session-token] Amazon Session Token - Detect (@dhiyaneshdk) [info]
[amazon-sns-token] Amazon SNS Token - Detect (@thebinitghimire) [info]
[aws-access-key] Amazon Web Services Access Key ID - Detect (@gaurang) [info]
[aws-cognito-pool] Amazon Web Services Cognito Pool ID - Detect (@gaurang) [info]
[asana-clientid] Asana Client ID (@dhiyaneshdk) [info]
[asana-clientsecret] Asana Client Secret (@dhiyaneshdk) [info]
[atlassian-api-token] Atlassian API Token (@dhiyaneshdk) [info]
[azure-connection-string] Azure Connection String (@dhiyaneshdk) [info]
[beamer-api-token] Beamer API Token (@dhiyaneshdk) [info]
[bitbucket-client-id] BitBucket Client ID (@dhiyaneshdk) [info]
[bitbucket-client-secret] BitBucket Client Secret (@dhiyaneshdk) [info]
[bittrex-access-key] Bittrex Access Key (@dhiyaneshdk) [info]
[bittrex-secret-key] Bittrex Secret Key (@dhiyaneshdk) [info]
[branch-key] Branch.io Live Key - Detect (@0xh7ml) [info]
[clojars-api-token] Clojars API Token (@dhiyaneshdk) [info]
[cloudinary-basic-auth] Cloudinary Basic Authorization - Detect (@gaurang) [high]
[code-climate-token] Code Climate Token - Detect (@dhiyaneshdk) [info]
[codecov-access-token] Codecov Access Token (@dhiyaneshdk) [info]
[coinbase-access-token] Coinbase Access Token (@dhiyaneshdk) [info]
[confluent-access-token] Confluent Access Token (@dhiyaneshdk) [info]
[confluent-secret-token] Confluent Secret Token (@dhiyaneshdk) [info]
[contentful-api-token] Contentful Delivery API Token (@dhiyaneshdk) [info]
[cratesio-api-key] Crates.io API Key - Detect (@dhiyaneshdk) [info]
[credentials-disclosure-file] Credentials Disclosure Check
(@sy3omda,@geeknik,@forgedhallpass,@ayadi) [unknown]
[basic-auth-creds] Basic Authorization Credentials Check (@gaurang) [high]
[databricks-api-token] Databricks API Token (@dhiyaneshdk) [info]
[datadog-access-token] Datadog Access Token (@dhiyaneshdk) [info]
[dependency-track] Dependency Track API Key (@dhiyaneshdk) [info]
[digitalocean-personal-token] DigitalOcean Personal Access Token (@dhiyaneshdk)
[info]
[digitalocean-personal-access] DigitalOcean Personal Access Token (@dhiyaneshdk)
[info]
[digitalocean-refresh-token] DigitalOcean Refresh Token (@dhiyaneshdk) [info]
[discord-api-token] Discord API Token (@dhiyaneshdk) [info]
[discord-client-secret] Discord Client Secret (@dhiyaneshdk) [info]
[discord-client-id] Discord Client ID (@dhiyaneshdk) [info]
[dockerhub-pat] Docker Hub Personal Access Token (@dhiyaneshdk) [info]
[doppler-api-token] Doppler API Token (@dhiyaneshdk) [info]
[doppler-audit] Doppler Audit Token (@dhiyaneshdk) [info]
[doppler-cli] Doppler CLI Token (@dhiyaneshdk) [info]
[doppler-scim] Doppler SCIM Token (@dhiyaneshdk) [info]
[doppler-service-account] Doppler Service Account Token (@dhiyaneshdk) [info]
[doppler-service] Doppler Service (@dhiyaneshdk) [info]
[droneci-access-token] Droneci Access Token (@dhiyaneshdk) [info]
[dropbox-access] Dropbox Access Token (@dhiyaneshdk) [info]
[dropbox-api-token] Dropbox API Token (@dhiyaneshdk) [info]
[dropbox-longlived-token] Dropbox Long Lived API Token (@dhiyaneshdk) [info]
[dropbox-shortlived-token] Dropbox Short Lived API Token (@dhiyaneshdk) [info]
[duffel-api-token] Duffel API Token (@dhiyaneshdk) [info]
[dynatrace-token] Dynatrace Token - Detect (@gaurang) [high]
[easypost-api-token] Easypost Test API Token (@dhiyaneshdk) [info]
[easypost-test-token] Easypost Test API Token (@dhiyaneshdk) [info]
[etsy-access-token] Etsy Access Token (@dhiyaneshdk) [info]
[facebook-api-token] Facebook API Token (@dhiyaneshdk) [info]
[facebook-client-id] Facebook Client ID - Detect (@gaurang) [info]
[facebook-secret-key] Facebook Secret Key - Detect (@gaurang) [low]
[fb-access-token] Facebook Access Token (@dhiyaneshdk) [info]
[fastly-api-token] Fastly API Token (@dhiyaneshdk) [info]
[fcm-api-key] Firebase Cloud Messaging Token (@devang-solanki) [medium]
[figma-access-token] Figma Personal Access Token (@dhiyaneshdk) [info]
[finicity-api-token] Finicity API Token (@dhiyaneshdk) [info]
[finicity-client-secret] Finicity Client Secret (@dhiyaneshdk) [info]
[finnhub-access-token] Finnhub Access Token (@dhiyaneshdk) [info]
[firebase-database] Firebase Database Detect (@gaurang) [info]
[flickr-access-token] Flickr Access Token (@dhiyaneshdk) [info]
[flutterwave-encryption-key] Flutterwave Encryption Key (@dhiyaneshdk) [info]
[flutterwave-public-key] Flutterwave Public Key (@dhiyaneshdk) [info]
[flutterwave-secret-key] Flutterwave Secret Key (@dhiyaneshdk) [info]
[frameio-api-token] Frameio API Token (@dhiyaneshdk) [info]
[freshbooks-access-token] Freshbooks Access Token (@dhiyaneshdk) [info]
[gcp-service-account] Google (GCP) Service-account (@gaurang) [low]
[github-app-token] Github App Token (@tanq16,@dhiyaneshdk) [medium]
[github-oauth-token] Github OAuth Access Token (@tanq16) [high]
[github-outdated-key] GitHub Outdated RSA SSH Host key (@naglis) [info]
[github-personal-token] Github Personal Token (@geeknik) [high]
[github-refresh-token] Github Refresh Token (@tanq16) [high]
[gitlab-personal-accesstoken] GitLab Personal Access Token (@dhiyaneshdk) [info]
[gitlab-pipeline-triggertoken] GitLab Pipeline Trigger Token (@dhiyaneshdk) [info]
[gitlab-runner-regtoken] GitLab Runner Registration Token (@dhiyaneshdk) [info]
[gitter-access-token] Gitter Access Token (@dhiyaneshdk) [info]
[gocardless-api-token] Gocardless API Token (@dhiyaneshdk) [info]
[google-api-key-file] Google API key (@gaurang) [info]
[google-clientid] Google Client ID (@dhiyaneshdk) [info]
[google-oauth-clientsecret] Google OAuth Client Secret (prefixed) (@dhiyaneshdk)
[info]
[grafana-api-key] Grafana API Key (@dhiyaneshdk) [info]
[grafana-cloud-api-token] Grafana Cloud API Key (@dhiyaneshdk) [info]
[grafana-service-account-token] Grafana Service Account Token (@dhiyaneshdk) [info]
[hashicorp-api-token] Hashicorp API Token (@dhiyaneshdk) [info]
[heroku-key] Heroku API Key (@dhiyaneshdk) [info]
[huggingface-user-access] HuggingFace User Access Token (@dhiyaneshdk) [info]
[jenkins-token] Jenkins Token or Crumb (@dhiyaneshdk) [info]
[kubernetes-dockercfg-secret] kubernetes.io/dockercfg Secret (@dwisiswant0) [info]
[kubernetes-dockerconfigjson-secret] kubernetes.io/dockerconfigjson Secret
(@dwisiswant0) [info]
[linkedin-id] Linkedin Client ID (@gaurang) [low]
[linkedin-client] LinkedIn Client ID (@dhiyaneshdk) [info]
[linkedin-secret] LinkedIn Secret Key (@dhiyaneshdk) [info]
[mailchimp-api-key] Mailchimp API Key (@gaurang) [high]
[mailgun-api-key] Mailgun API Key (@gaurang) [high]
[mapbox-token] Mapbox Token (@devang-solanki) [medium]
[newrelic-api-service] New Relic API Service Key (@dhiyaneshdk) [info]
[newrelic-license-non] New Relic License Key (non-suffixed) (@dhiyaneshdk) [info]
[newrelic-license] New Relic License Key (@dhiyaneshdk) [info]
[newrelic-pixie-apikey] New Relic Pixie API Key (@dhiyaneshdk) [info]
[newrelic-pixie-deploykey] New Relic Pixie Deploy Key (@dhiyaneshdk) [info]
[npm-accesstoken] NPM Access Token (fine-grained) (@dhiyaneshdk) [info]
[nuget-key] NuGet API Key (@dhiyaneshdk) [info]
[odbc-connection] ODBC Connection String (@dhiyaneshdk) [info]
[okta-api] Okta API Token (@dhiyaneshdk) [info]
[openai-key] OpenAI API Key (@dhiyaneshdk) [info]
[particle-access] particle.io Access Token (@dhiyaneshdk) [info]
[paypal-braintree-token] Paypal Braintree Access Token (@gaurang) [high]
[pictatic-api-key] Pictatic API Key (@gaurang) [high]
[postman-api-key] Postman API Key (@dhiyaneshdk) [info]
[private-key] Private Key Detect (@gaurang,@geeknik) [high]
[pypi-token] PyPI Upload Token (@dhiyaneshdk) [info]
[razorpay-client-id] Razorpay Client ID (@devang-solanki) [high]
[reactapp-password] React App Password (@dhiyaneshdk) [info]
[reactapp-username] React App Username (@dhiyaneshdk) [info]
[rubygems-key] RubyGems API Key (@dhiyaneshdk) [info]
[s3-bucket] S3 Bucket Detect (@gaurang) [info]
[salesforce-access] Salesforce Access Token (@dhiyaneshdk) [info]
[sauce-access-token] Sauce Access Token (@dhiyaneshdk) [info]
[segment-public-api] Segment Public API Token (@dhiyaneshdk) [info]
[sendgrid-api-key-file] Sendgrid API Key (@gaurang) [high]
[shopify-custom-token] Shopify Custom App Access Token (@gaurang) [high]
[shopify-private-token] Shopify Private App Access Token (@gaurang) [high]
[shopify-public-access] Shopify Access Token (Public App) (@dhiyaneshdk) [info]
[shopify-shared-secret] Shopify Shared Secret (@gaurang) [high]
[shopify-access-token] Shopify Access Token (@gaurang) [high]
[slack-api] Slack API Key (@gaurang) [high]
[slack-webhook] Slack Webhook (@gaurang) [high]
[square-access-token] Square Access Token (@gaurang,@daffainfo) [high]
[square-oauth-secret] Square OAuth Secret (@gaurang) [high]
[stackhawk-api-key] StackHawk API Key (@hazana) [medium]
[stripe-api-key] Stripe API Key (@gaurang) [high]
[telegram-token] Telegram Bot Token (@dhiyaneshdk) [info]
[thingsboard-access] ThingsBoard Access Token (@dhiyaneshdk) [info]
[truenas-api] TrueNAS API Key (WebSocket) (@dhiyaneshdk) [info]
[twilio-api] Twilio API Key (@gaurang) [high]
[twitter-client] Twitter Client ID (@dhiyaneshdk) [info]
[twitter-secret] Twitter Secret Key (@dhiyaneshdk,@gaurang,@daffainfo) [info]
[wireguard-preshared] WireGuard Preshared Key (@dhiyaneshdk) [info]
[wireguard-private] WireGuard Private Key (@dhiyaneshdk) [info]
[zapier-webhook] Zapier Webhook (@devang-solanki) [high]
[zendesk-secret-key] Zendesk Secret Key (@dhiyaneshdk) [info]
[django-framework-exceptions] Django Framework Exceptions (@geeknik) [medium]
[python-app-sql-exceptions] Python App - SQL Exception (@geeknik) [medium]
[ruby-on-rails-framework-exceptions] Ruby on Rails Framework Exceptions (@geeknik)
[medium]
[spring-framework-exceptions] Spring Framework Exceptions (@geeknik) [medium]
[suspicious-sql-error-messages] SQL - Error Messages (@geeknik) [critical]
[aar-malware] AAR Malware - Detect (@daffainfo) [info]
[adzok-malware] Adzok Malware - Detect (@daffainfo) [info]
[alfa-malware] Alfa Malware - Detect (@daffainfo) [info]
[alienspy-malware] AlienSpy Malware - Detect (@daffainfo) [info]
[alina-malware] Alina Malware - Detect (@daffainfo) [info]
[alpha-malware] Alpha Malware - Detect (@daffainfo) [info]
[andromeda-malware] Andromeda Malware - Detect (@daffainfo) [info]
[ap0calypse-malware] Ap0calypse Malware - Detect (@daffainfo) [info]
[arcom-malware] Arcom Malware - Detect (@daffainfo) [info]
[arkei-malware] Arkei Malware - Detect (@daffainfo) [info]
[backoff-malware] Backoff Malware - Detect (@daffainfo) [info]
[bandook-malware] Bandook Malware - Detect (@daffainfo) [info]
[basicrat-malware] BasicRAT Malware - Detect (@daffainfo) [info]
[blacknix-malware] BlackNix Malware - Detect (@daffainfo) [info]
[blackworm-malware] Blackworm Malware - Detect (@daffainfo) [info]
[bluebanana-malware] BlueBanana Malware - Detect (@daffainfo) [info]
[bozok-malware] Bozok Malware - Detect (@daffainfo) [info]
[bublik-malware] Bublik Malware Detector (@daffainfo) [info]
[cap-hookexkeylogger-malware] CAP HookExKeylogger Malware - Detect (@daffainfo)
[info]
[cerber-malware] Cerber Malware - Detect (@daffainfo) [info]
[cerberus-malware] Cerberus Malware - Detect (@daffainfo) [info]
[clientmesh-malware] ClientMesh Malware - Detect (@daffainfo) [info]
[crimson-malware] Crimson Malware - Detect (@daffainfo) [info]
[crunchrat-malware] CrunchRAT Malware - Detect (@daffainfo) [info]
[cryptxxx-dropper-malware] CryptXXX Dropper Malware - Detect (@daffainfo) [info]
[cryptxxx-malware] CryptXXX Malware - Detect (@daffainfo) [info]
[cxpid-malware] Cxpid Malware - Detect (@daffainfo) [info]
[cythosia-malware] Cythosia Malware - Detect (@daffainfo) [info]
[darkrat-malware] DarkRAT Malware - Detect (@daffainfo) [info]
[ddostf-malware] DDoSTf Malware - Detect (@daffainfo) [info]
[derkziel-malware] Derkziel Malware - Detect (@daffainfo) [info]
[dexter-malware] Dexter Malware - Detect (@daffainfo) [info]
[diamondfox-malware] DiamondFox Malware - Detect (@daffainfo) [info]
[dmalocker-malware] DMA Locker Malware - Detect (@daffainfo) [info]
[doublepulsar-malware] DoublePulsar Malware - Detect (@daffainfo) [info]
[eicar-malware] Eicar Malware - Detect (@daffainfo) [info]
[erebus-malware] Erebus Malware - Detect (@daffainfo) [info]
[ezcob-malware] Ezcob Malware - Detect (@daffainfo) [info]
[fudcrypt-malware] FUDCrypt Malware - Detect (@daffainfo) [info]
[gafgyt-bash-malware] Gafgyt Malware - Detect (@daffainfo) [info]
[gafgyt-generic-malware] Gafgyt Malware - Detect (@daffainfo) [info]
[gafgyt-hihi-malware] Gafgyt Malware - Detect (@daffainfo) [info]
[gafgyt-hoho-malware] Gafgyt Malware - Detect (@daffainfo) [info]
[gafgyt-jackmy-malware] Gafgyt Malware - Detect (@daffainfo) [info]
[gafgyt-oh-malware] Gafgyt Oh Malware - Detect (@daffainfo) [info]
[genome-malware] Genome Malware - Detect (@daffainfo) [info]
[glass-malware] Glass Malware - Detect (@daffainfo) [info]
[glasses-malware] Glasses Malware - Detect (@daffainfo) [info]
[gozi-malware] Gozi Malware - Detect (@daffainfo) [info]
[gpgqwerty-malware] GPGQwerty Malware - Detect (@daffainfo) [info]
[greame-malware] Greame Malware - Detect (@daffainfo) [info]
[grozlex-malware] Grozlex Malware - Detect (@daffainfo) [info]
[hawkeye-malware] HawkEye Malware - Detect (@daffainfo) [info]
[ransomware_windows_hydracrypt] Hydracrypt Malware - Detect (@daffainfo) [info]
[imminent-malware] Imminent Malware - Detect (@daffainfo) [info]
[infinity-malware] Infinity Malware - Detect (@daffainfo) [info]
[insta11-malware] Insta11 Malware - Detect (@daffainfo) [info]
[intel-virtualization-malware] Intel Virtualization Malware - Detect (@daffainfo)
[info]
[iotreaper-malware] IotReaper Malware - Detect (@daffainfo) [info]
[linux-aesddos-malware] Linux AESDDOS Malware - Detect (@daffainfo) [info]
[linux-billgates-malware] Linux BillGates Malware - Detect (@daffainfo) [info]
[linux-elknot-malware] Linux Elknot Malware - Detect (@daffainfo) [info]
[linux-mrblack-malware] Linux MrBlack Malware - Detect (@daffainfo) [info]
[linux-tsunami-malware] Linux Tsunami Malware - Detect (@daffainfo) [info]
[locky-malware] Locky Malware - Detect (@daffainfo) [info]
[lostdoor-malware] LostDoor Malware - Detect (@daffainfo) [info]
[luminositylink-malware] LuminosityLink Malware - Detect (@daffainfo) [info]
[luxnet-malware] LuxNet Malware - Detect (@daffainfo) [info]
[macgyver-installer-malware] MacGyver.cap Installer Malware - Detect (@daffainfo)
[info]
[macgyver-malware] MacGyver.cap Malware - Detect (@daffainfo) [info]
[macos-bella-malware] Bella Malware - Detect (@daffainfo) [info]
[madness-malware] Madness DDOS Malware - Detect (@daffainfo) [info]
[miner-malware] Miner Malware - Detect (@daffainfo) [info]
[miniasp3-malware] MiniASP3 Malware - Detect (@daffainfo) [info]
[naikon-malware] Naikon Malware - Detect (@daffainfo) [info]
[naspyupdate-malware] nAspyUpdate Malware - Detect (@daffainfo) [info]
[notepad-malware] Notepad v1.1 Malware - Detect (@daffainfo) [info]
[olyx-malware] Olyx Malware - Detect (@daffainfo) [info]
[osx-leverage-malware] OSX Leverage Malware - Detect (@daffainfo) [info]
[paradox-malware] Paradox Malware - Detect (@daffainfo) [info]
[petya-malware-variant-1] Petya Malware (Variant 1) - Detect (@daffainfo) [info]
[petya-malware-variant-3] Petya Malware (Variant 3) - Detect (@daffainfo) [info]
[petya-malware-variant-bitcoin] Petya Malware (Variant Bitcoin) - Detect
(@daffainfo) [info]
[plasma-malware] Plasma Malware - Detect (@daffainfo) [info]
[poetrat-malware] PoetRat Malware - Detect (@daffainfo) [info]
[pony-malware] Pony Malware - Detect (@daffainfo) [info]
[pony-stealer-malware] Windows Pony Stealer Malware - Detect (@daffainfo) [info]
[powerware-malware] PowerWare Malware - Detect (@daffainfo) [info]
[pubsab-malware] PubSab Malware - Detect (@daffainfo) [info]
[punisher-malware] Punisher Malware - Detect (@daffainfo) [info]
[pypi-malware] Fake PyPI Malware - Detect (@daffainfo) [info]
[pythorat-malware] PythoRAT Malware - Detect (@daffainfo) [info]
[qrat-malware] QRat Malware - Detect (@daffainfo) [info]
[satana-dropper-malware] Satana Dropper Malware - Detect (@daffainfo) [info]
[satana-malware] Satana Malware - Detect (@daffainfo) [info]
[shimrat-malware] ShimRat Malware - Detect (@daffainfo) [info]
[shimratreporter-malware] ShimRatReporter Malware - Detect (@daffainfo) [info]
[sigma-malware] Sigma Malware - Detect (@daffainfo) [info]
[smallnet-malware] SmallNet Malware - Detect (@daffainfo) [info]
[snake-malware] Snake Malware - Detect (@daffainfo) [info]
[sub7nation-malware] Sub7Nation Malware - Detect (@daffainfo) [info]
[t5000-malware] T5000 Malware - Detect (@daffainfo) [info]
[tedroo-malware] Tedroo Malware - Detect (@daffainfo) [info]
[terminator-malware] Terminator Malware - Detect (@daffainfo) [info]
[teslacrypt-malware] TeslaCrypt Malware - Detect (@daffainfo) [info]
[tox-malware] Tox Malware - Detect (@daffainfo) [info]
[treasurehunt-malware] Trickbot Malware - Detect (@daffainfo) [info]
[trickbot-malware] Trickbot Malware - Detect (@daffainfo) [info]
[trumpbot-malware] TrumpBot Malware - Detect (@daffainfo) [info]
[universal-1337-malware] Universal 1337 Stealer Malware - Detect (@daffainfo)
[info]
[unrecom-malware] Unrecom Malware - Detect (@daffainfo) [info]
[urausy-malware] Urausy Skype Malware - Detect (@daffainfo) [info]
[vertex-malware] Vertex Malware - Detect (@daffainfo) [info]
[virusrat-malware] VirusRat Malware - Detect (@daffainfo) [info]
[wabot-malware] Warp Malware - Detect (@daffainfo) [info]
[wannacry-malware] WannaCry Malware - Detect (@daffainfo) [info]
[warp-malware] Warp Malware - Detect (@daffainfo) [info]
[xhide-malware] xHide Malware - Detect (@daffainfo) [info]
[xor-ddos-malware] XOR_DDosv1 Malware - Detect (@daffainfo) [info]
[yayih-malware] Yayih Malware - Detect (@daffainfo) [info]
[zeghost-malware] Zegost Malware - Detect (@daffainfo) [info]
[zoxpng-malware] ZoxPNG Malware - Detect (@daffainfo) [info]
[zrypt-malware] Zcrypt Malware - Detect (@daffainfo) [info]
[admzip-path-overwrite] Admzip Path Overwrite (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[express-lfr] Express - Local File Read (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[generic-path-traversal] Generic - Path Traversal (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[tar-extraction] Path Injection Vulnerability in TAR Extraction (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[xss-disable-mustache-escape] XSS Disable Mustache Escape (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[xss-serialize-javascript] XSS Serialize Javascript (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[zip-path-overwrite] Zip Path Overwrite (@me_dheeraj
(https://twitter.com/dheerajmadhukar)) [info]
[perl-scanner] Perl File Scanner (@geeknik) [info]
[php-scanner] PHP Scanner (@geeknik) [info]
[python-scanner] Python Scanner (@majidmc2) [info]
[url-extension-inspector] URL Extension Inspector (@ayadim) [unknown]
[asp-webshell] ASP/ASP.NET Webshell - Detect (@lu4nx) [high]
[jsp-webshell] JSP Webshell - Detect (@lu4nx) [high]
[php-webshell] PHP Webshell - Detect (@lu4nx) [high]
[dom-invader-xss] DOM Invader - Cross-Site Scripting (@geeknik) [high]
[CNVD-2017-03561] Fanwei eMobile - OGNL Injection (@ritikchaddha) [high]
[CNVD-2017-06001] Dahua DSS - SQL Injection (@napgh0st,@ritikchaddha) [high]
[CNVD-2018-13393] Metinfo - Local File Inclusion (@ritikchaddha) [high]
[CNVD-2019-01348] Xiuno BBS CNVD-2019-01348 (@princechaddha) [high]
[CNVD-2019-06255] CatfishCMS - Remote Command Execution (@lark-lab) [critical]
[CNVD-2019-19299] Zhiyuan A8 - Remote Code Execution (@daffainfo) [critical]
[CNVD-2019-32204] Fanwei e-cology <=9.0 - Remote Code Execution (@daffainfo)
[critical]
[CNVD-2020-23735] Xxunchi CMS - Local File Inclusion (@princechaddha) [high]
[CNVD-2020-26585] Showdoc <2.8.6 - File Uploads (@pikpikcu,@co5mos) [critical]
[CNVD-2020-46552] Sangfor EDR - Remote Code Execution (@ritikchaddha) [critical]
[CNVD-2020-56167] Ruijie Smartweb - Default Password (@pikpikcu) [low]
[CNVD-2020-62422] Seeyon - Local File Inclusion (@pikpikcu) [medium]
[CNVD-2020-63964] jshERP - Information Disclosure (@brucelsone) [high]
[CNVD-2020-67113] H5S CONSOLE - Unauthorized Access (@ritikchaddha) [medium]
[CNVD-2020-68596] WeiPHP 5.0 - Path Traversal (@pikpikcu) [high]
[CNVD-2021-01931] Ruoyi Management System - Local File Inclusion
(@daffainfo,@ritikchaddha) [high]
[CNVD-2021-09650] Ruijie Networks-EWEB Network Management System - Remote Code
Execution (@daffainfo,@pikpikcu) [critical]
[CNVD-2021-10543] EEA - Information Disclosure (@pikpikcu) [high]
[CNVD-2021-14536] Ruijie RG-UAC Unified Internet Behavior Management Audit System -
Information Disclosure (@daffainfo) [high]
[CNVD-2021-15822] ShopXO Download File Read (@pikpikcu) [high]
[CNVD-2021-15824] EmpireCMS DOM Cross Site-Scripting (@daffainfo) [high]
[CNVD-2021-17369] Ruijie Smartweb Management System Password Information Disclosure
(@pikpikcu) [high]
[CNVD-2021-26422] eYouMail - Remote Code Execution (@daffainfo) [critical]
[CNVD-2021-28277] Landray-OA - Local File Inclusion (@pikpikcu,@daffainfo) [high]
[CNVD-2021-30167] UFIDA NC BeanShell Remote Command Execution (@pikpikcu)
[critical]
[CNVD-2021-32799] 360 Xintianqing - SQL Injection (@sleepingbag945) [high]
[CNVD-2021-33202] OA E-Cology LoginSSO.jsp - SQL Injection (@sleepingbag945) [high]
[CNVD-2021-41972] AceNet AceReporter Report - Arbitrary File Download
(@dhiyaneshdk) [high]
[CNVD-2021-43984] MPSec ISG1000 Security Gateway - Arbitrary File Download
(@dhiyaneshdk) [high]
[CNVD-2021-49104] Pan Micro E-office File Uploads (@pikpikcu) [critical]
[CNVD-2022-03672] Sunflower Simple and Personal - Remote Code Execution
(@daffainfo) [critical]
[CNVD-2022-42853] ZenTao CMS - SQL Injection (@ling) [critical]
[CNVD-2022-43245] Weaver OA XmlRpcServlet - Arbitary File Read (@sleepingbag945)
[high]
[CNVD-2022-86535] ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE)
(@arliya,@ritikchaddha) [high]
[CNVD-2023-08743] Hongjing Human Resource Management System - SQL Injection
(@sleepingbag945) [critical]
[CNVD-2023-12632] E-Cology V9 - SQL Injection (@daffainfo) [high]
[CNVD-2023-96945] McVie Safety Digital Management Platform - Arbitrary File Upload
(@dhiyaneshdk) [high]
[CNVD-C-2023-76801] UFIDA NC uapjs - RCE vulnerability (@sleepingbag945) [critical]
[CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution
(@pussycat0x) [high]
[atechmedia-codebase-login-check] Atechmedia/Codebase Login Check
(@parthmalhotra,@pdresearch) [critical]
[atlassian-login-check] Atlassian Login Check (@parthmalhotra,@pdresearch)
[critical]
[avnil-pdf-generator-check] useanvil.com Login Check (@parthmalhotra,@pdresearch)
[critical]
[chefio-login-check] Chef.io Login Check (@parthmalhotra,@pdresearch) [critical]
[codepen-login-check] codepen.io Login Check (@parthmalhotra,@pdresearch)
[critical]
[datadog-login-check] Datadog Login Check (@parthmalhotra,@pdresearch) [critical]
[docker-hub-login-check] Docker Hub Login Check (@parthmalhotra,@pdresearch)
[critical]
[gitea-login-check] gitea.com Login Check (@parthmalhotra,@pdresearch) [critical]
[github-login-check] Github Login Check (@parthmalhotra,@pdresearch) [critical]
[postman-login-check] Postman Login Check (@parthmalhotra,@pdresearch) [critical]
[pulmi-login-check] pulmi.com Login Check (@parthmalhotra,@pdresearch) [critical]
[gitlab-login-check-self-hosted] Gitlab Login Check Self Hosted
(@parthmalhotra,@pdresearch) [critical]
[grafana-login-check] Grafana Login Check (@parthmalhotra,@pdresearch) [critical]
[jira-login-check] Jira Login Check (@parthmalhotra,@pdresearch) [critical]
[CVE-2000-0114] Microsoft FrontPage Extensions Check (shtml.dll) (@r3naissance)
[medium]
[CVE-2001-0537] Cisco IOS HTTP Configuration - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2002-1131] SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[CVE-2004-0519] SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2004-1965] Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
(@ctflearner) [medium]
[CVE-2005-2428] Lotus Domino R5 and R6 WebMail - Information Disclosure (@caspergn)
[medium]
[CVE-2005-3344] Horde Groupware Unauthenticated Admin Access (@pikpikcu) [critical]
[CVE-2005-3634] SAP Web Application Server 6.x/7.0 - Open Redirect (@ctflearner)
[medium]
[CVE-2005-4385] Cofax <=2.0RC3 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2006-2842] Squirrelmail <=1.4.6 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2007-0885] Jira Rainbow.Zen - Cross-Site Scripting (@geeknik) [medium]
[CVE-2007-3010] Alcatel-Lucent OmniPCX - Remote Command Execution (@king-alexander)
[critical]
[CVE-2007-4504] Joomla! RSfiles <=1.0.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2007-4556] OpenSymphony XWork/Apache Struts2 - Remote Code Execution
(@pikpikcu) [medium]
[CVE-2007-5728] phpPgAdmin <=4.1.1 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2008-1059] WordPress Sniplets 1.1.2 - Local File Inclusion (@dhiyaneshdk)
[high]
[CVE-2008-1061] WordPress Sniplets <=1.2.2 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2008-1547] Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
(@ctflearner) [medium]
[CVE-2008-2398] AppServ Open Project <=2.5.10 - Cross-Site Scripting (@unstabl3)
[medium]
[CVE-2008-2650] CMSimple 3.1 - Local File Inclusion (@pussycat0x) [medium]
[CVE-2008-4668] Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion (@daffainfo)
[critical]
[CVE-2008-4764] Joomla! <=2.0.0 RC2 - Local File Inclusion (@daffainfo) [medium]
[CVE-2008-5587] phpPgAdmin <=4.2.1 - Local File Inclusion (@dhiyaneshdk) [medium]
[CVE-2008-6080] Joomla! ionFiles 4.4.2 - Local File Inclusion (@daffainfo) [medium]
[CVE-2008-6172] Joomla! Component RWCards 3.0.11 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2008-6222] Joomla! ProDesk 1.0/1.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2008-6465] Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2008-6668] nweb2fax <=0.2.7 - Local File Inclusion (@geeknik) [medium]
[CVE-2008-6982] Devalcms 1.4a - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2008-7269] UC Gateway Investment SiteEngine v5.0 - Open Redirect (@ctflearner)
[medium]
[CVE-2009-0347] Autonomy Ultraseek - Open Redirect (@ctflearner) [medium]
[CVE-2009-0545] ZeroShell <= 1.0beta11 Remote Code Execution (@geeknik) [critical]
[CVE-2009-0932] Horde/Horde Groupware - Local File Inclusion (@pikpikcu) [medium]
[CVE-2009-1151] PhpMyAdmin Scripts - Remote Code Execution (@princechaddha) [high]
[CVE-2009-1496] Joomla! Cmimarketplace 0.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2009-1558] Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-1872] Adobe Coldfusion <=8.0.1 - Cross-Site Scripting (@princechaddha)
[medium]
[CVE-2009-2015] Joomla! MooFAQ 1.0 - Local File Inclusion (@daffainfo) [high]
[CVE-2009-2100] Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2009-3053] Joomla! Agora 3.0.0b - Local File Inclusion (@daffainfo) [medium]
[CVE-2009-3318] Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-4202] Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-4223] KR-Web <=1.1b2 - Remote File Inclusion (@geeknik) [high]
[CVE-2009-4679] Joomla! Portfolio Nexus - Remote File Inclusion (@daffainfo) [high]
[CVE-2009-5020] AWStats < 6.95 - Open Redirect (@pdteam) [medium]
[CVE-2009-5114] WebGlimpse 2.18.7 - Directory Traversal (@daffainfo) [medium]
[CVE-2010-0157] Joomla! Component com_biblestudy - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0219] Apache Axis2 Default Login (@pikpikcu) [critical]
[CVE-2010-0467] Joomla! Component CCNewsLetter - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-0696] Joomla! Component Jw_allVideos - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-0759] Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0942] Joomla! Component com_jvideodirect - Directory Traversal
(@daffainfo) [medium]
[CVE-2010-0943] Joomla! Component com_jashowcase - Directory Traversal (@daffainfo)
[medium]
[CVE-2010-0944] Joomla! Component com_jcollection - Directory Traversal
(@daffainfo) [medium]
[CVE-2010-0972] Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0982] Joomla! Component com_cartweberp - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-0985] Joomla! Component com_abbrev - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1056] Joomla! Component com_rokdownloads - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1081] Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1217] Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1219] Joomla! Component com_janews - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1302] Joomla! Component DW Graph - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1304] Joomla! Component User Status - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1305] Joomla! Component JInventory 1.23.02 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1306] Joomla! Component Picasa 2.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1307] Joomla! Component Magic Updater - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1308] Joomla! Component SVMap 1.1.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1312] Joomla! Component News Portal 1.5.x - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1313] Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1314] Joomla! Component Highslide 1.5 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1315] Joomla! Component webERPcustomer - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1340] Joomla! Component com_jresearch - 'Controller' Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1345] Joomla! Component Cookex Agency CKForms - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1352] Joomla! Component Juke Box 1.7 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1353] Joomla! Component LoginBox - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1354] Joomla! Component VJDEO 1.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1429] Red Hat JBoss Enterprise Application Platform - Sensitive
Information Disclosure (@r12w4n) [medium]
[CVE-2010-1461] Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1469] Joomla! Component JProject Manager 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1470] Joomla! Component Web TV 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1471] Joomla! Component Address Book 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1472] Joomla! Component Horoscope 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1473] Joomla! Component Advertising 0.25 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1474] Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1475] Joomla! Component Preventive And Reservation 1.0.5 - Local File
Inclusion (@daffainfo) [medium]
[CVE-2010-1476] Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1478] Joomla! Component Jfeedback 1.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1491] Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1494] Joomla! Component AWDwall 1.5.4 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1495] Joomla! Component Matamko 1.01 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1531] Joomla! Component redSHOP 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1532] Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1533] Joomla! Component TweetLA 1.0.1 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1534] Joomla! Component Shoutbox Pro - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1535] Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1540] Joomla! Component com_blog - Directory Traversal (@daffainfo)
[medium]
[CVE-2010-1586] HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
(@ctflearner) [medium]
[CVE-2010-1601] Joomla! Component JA Comment - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1602] Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1603] Joomla! Component ZiMBCore 0.1 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1607] Joomla! Component WMI 1.5.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1653] Joomla! Component Graphics 1.0.6 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1657] Joomla! Component SmartSite 1.0.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1658] Joomla! Component NoticeBoard 1.3 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1659] Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1714] Joomla! Component Arcade Games 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1715] Joomla! Component Online Exam 1.5.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1717] Joomla! Component iF surfALERT 1.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1718] Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1719] Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1722] Joomla! Component Online Market 2.x - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1723] Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local
File Inclusion (@daffainfo) [medium]
[CVE-2010-1858] Joomla! Component SMEStorage - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1870] ListSERV Maestro <= 9.0-8 RCE (@b0yd) [medium]
[CVE-2010-1875] Joomla! Component Property - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1878] Joomla! Component OrgChart 1.0.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1952] Joomla! Component BeeHeard 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1953] Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1954] Joomla! Component iNetLanka Multiple root 1.0 - Local File
Inclusion (@daffainfo) [high]
[CVE-2010-1955] Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1956] Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1957] Joomla! Component Love Factory 1.3.4 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1977] Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1979] Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1980] Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1981] Joomla! Component Fabrik 2.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1982] Joomla! Component JA Voice 2.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1983] Joomla! Component redTWITTER 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2033] Joomla! Percha Categories Tree 0.6 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2034] Joomla! Component Percha Image Attach 1.1 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2035] Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2036] Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2037] Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2045] Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2050] Joomla! Component MS Comment 0.8.0b - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2122] Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-2128] Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2259] Joomla! Component com_bfsurvey - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-2307] Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM
- Directory Traversal (@daffainfo) [medium]
[CVE-2010-2507] Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-2680] Joomla! Component jesectionfinder - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-2682] Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2857] Joomla! Component Music Manager - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-2861] Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI (@pikpikcu) [high]
[CVE-2010-2918] Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File
Inclusion (@daffainfo) [high]
[CVE-2010-2920] Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-3203] Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-3426] Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-4231] Camtron CMNC-200 IP Camera - Directory Traversal (@daffainfo)
[high]
[CVE-2010-4239] Tiki Wiki CMS Groupware 5.2 - Local File Inclusion (@0x_akoko)
[critical]
[CVE-2010-4282] phpShowtime 2.0 - Directory Traversal (@daffainfo) [high]
[CVE-2010-4617] Joomla! Component JotLoader 2.2.1 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-4719] Joomla! Component JRadio - Local File Inclusion (@daffainfo) [high]
[CVE-2010-4769] Joomla! Component Jimtawl 1.0.2 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-4977] Joomla! Component Canteen 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-5028] Joomla! Component JE Job 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-5278] MODx manager - Local File Inclusion (@daffainfo) [medium]
[CVE-2010-5286] Joomla! Component Jstore - 'Controller' Local File Inclusion
(@daffainfo) [critical]
[CVE-2011-0049] Majordomo2 - SMTP/HTTP Directory Traversal (@pikpikcu) [medium]
[CVE-2011-1669] WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) (@daffainfo)
[medium]
[CVE-2011-2744] Chyrp 2.x - Local File Inclusion (@daffainfo) [medium]
[CVE-2011-2780] Chyrp 2.x - Local File Inclusion (@daffainfo) [medium]
[CVE-2011-3315] Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
(@daffainfo) [high]
[CVE-2011-4336] Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2011-4618] Advanced Text Widget < 2.0.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2011-4624] GRAND FlAGallery 1.57 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-4640] WebTitan < 3.60 - Local File Inclusion (@ctflearner) [medium]
[CVE-2011-4804] Joomla! Component com_kp - 'Controller' Local File Inclusion
(@daffainfo) [medium]
[CVE-2011-4926] Adminimize 1.7.22 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-5106] WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2011-5107] Alert Before Your Post <= 0.1.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2011-5179] Skysa App Bar 1.04 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-5181] ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2011-5252] Orchard 'ReturnUrl' Parameter URI - Open Redirect (@ctflearner)
[medium]
[CVE-2011-5265] Featurific For WordPress 1.6.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-0392] Apache Struts2 S2-008 RCE (@pikpikcu) [medium]
[CVE-2012-0394] Apache Struts <2.3.1.1 - Remote Code Execution (@tess) [medium]
[CVE-2012-0896] Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary
File Access (@daffainfo) [medium]
[CVE-2012-0901] YouSayToo auto-publishing 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-0981] phpShowtime 2.0 - Directory Traversal (@daffainfo) [medium]
[CVE-2012-0991] OpenEMR 4.1 - Local File Inclusion (@daffainfo) [low]
[CVE-2012-0996] 11in1 CMS 1.2.1 - Local File Inclusion (LFI) (@daffainfo) [medium]
[CVE-2012-1226] Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal
Vulnerabilities (@daffainfo) [high]
[CVE-2012-1823] PHP CGI v5.3.12/5.4.2 Remote Code Execution (@pikpikcu) [high]
[CVE-2012-1835] WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2012-2371] WP-FaceThumb 0.1 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2012-3153] Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) (@sid
ahmed malaoui @ realistic security) [medium]
[CVE-2012-4032] WebsitePanel before v1.2.2.1 - Open Redirect (@ctflearner) [medium]
[CVE-2012-4242] WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4253] MySQLDumper 1.24.4 - Directory Traversal (@daffainfo) [medium]
[CVE-2012-4273] 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4547] AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2012-4768] WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4878] FlatnuX CMS - Directory Traversal (@daffainfo) [medium]
[CVE-2012-4889] ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4940] Axigen Mail Server Filename Directory Traversal (@dhiyaneshdk)
[medium]
[CVE-2012-4982] Forescout CounterACT 6.3.4.1 - Open Redirect (@ctflearner) [medium]
[CVE-2012-5321] TikiWiki CMS Groupware v8.3 - Open Redirect (@ctflearner) [medium]
[CVE-2012-5913] WordPress Integrator 1.32 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-6499] WordPress Plugin Age Verification v0.4 - Open Redirect
(@ctflearner) [medium]
[CVE-2013-1965] Apache Struts2 S2-012 RCE (@pikpikcu) [critical]
[CVE-2013-2248] Apache Struts - Multiple Open Redirection Vulnerabilities
(@0x_akoko) [medium]
[CVE-2013-2251] Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
(@exploitation,@dwisiswant0,@alex) [critical]
[CVE-2013-2287] WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2013-2621] Telaen => v1.3.1 - Open Redirect (@ctflearner) [medium]
[CVE-2013-3526] WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2013-3827] Javafaces LFI (@random-robbie) [medium]
[CVE-2013-4117] WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2013-4625] WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2013-5528] Cisco Unified Communications Manager 7/8/9 - Directory Traversal
(@daffainfo) [medium]
[CVE-2013-5979] Xibo 1.2.2/1.4.1 - Directory Traversal (@daffainfo) [medium]
[CVE-2013-6281] WordPress Spreadsheet - Cross-Site Scripting (@random-robbie)
[medium]
[CVE-2013-7091] Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
(@rubina119) [medium]
[CVE-2013-7240] WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
(@daffainfo) [medium]
[CVE-2013-7285] XStream <1.4.6/1.4.10 - Remote Code Execution (@pwnhxl,@vicrack)
[critical]
[CVE-2014-10037] DomPHP 0.83 - Directory Traversal (@daffainfo) [high]
[CVE-2014-1203] Eyou E-Mail <3.6 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2014-2321] ZTE Cable Modem Web Shell (@geeknik) [critical]
[CVE-2014-2323] Lighttpd 1.4.34 SQL Injection and Path Traversal (@geeknik)
[critical]
[CVE-2014-2383] Dompdf < v0.6.0 - Local File Inclusion
(@0x_akoko,@akincibor,@ritikchaddha) [medium]
[CVE-2014-2908] Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-2962] Belkin N150 Router 1.00.08/1.00.09 - Path Traversal (@daffainfo)
[high]
[CVE-2014-3120] ElasticSearch v1.1.1/1.2 RCE (@pikpikcu) [medium]
[CVE-2014-3206] Seagate BlackArmor NAS - Command Injection (@gy741) [critical]
[CVE-2014-3704] Drupal SQL Injection (@princechaddha) [high]
[CVE-2014-3744] Node.js st module Directory Traversal (@geeknik) [high]
[CVE-2014-4210] Oracle Weblogic - Server-Side Request Forgery (@princechaddha)
[medium]
[CVE-2014-4513] ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2014-4535] Import Legacy Media <= 0.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4536] Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2014-4539] Movies <= 0.6 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4544] Podcast Channels < 0.28 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4550] Shortcode Ninja <= 1.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4558] WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4561] Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4592] WP Planet <= 0.1 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4940] WordPress Plugin Tera Charts - Local File Inclusion (@daffainfo)
[medium]
[CVE-2014-4942] WordPress EasyCart <2.0.6 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2014-5111] Fonality trixbox - Local File Inclusion (@daffainfo) [medium]
[CVE-2014-5258] webEdition 6.3.8.0 - Directory Traversal (@daffainfo) [medium]
[CVE-2014-5368] WordPress Plugin WP Content Source Control - Directory Traversal
(@daffainfo) [medium]
[CVE-2014-6271] ShellShock - Remote Code Execution (@pentest_swissky,@0xelkomy)
[critical]
[CVE-2014-6287] HTTP File Server <2.3c - Remote Command Execution (@j4vaovo)
[critical]
[CVE-2014-6308] Osclass Security Advisory 3.4.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2014-8676] Simple Online Planning Tool <1.3.2 - Local File Inclusion
(@0x_akoko) [medium]
[CVE-2014-8682] Gogs (Go Git Service) - SQL Injection (@dhiyaneshdk,@daffainfo)
[high]
[CVE-2014-8799] WordPress Plugin DukaPress 2.5.2 - Directory Traversal (@daffainfo)
[medium]
[CVE-2014-9094] WordPress DZS-VideoGallery Plugin Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-9119] WordPress DB Backup <=4.5 - Local File Inclusion (@dhiyaneshdk)
[medium]
[CVE-2014-9180] Eleanor CMS - Open Redirect (@shankar acharya) [medium]
[CVE-2014-9444] Frontend Uploader <= 0.9.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-9606] Netsweeper 4.0.8 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9607] Netsweeper 4.0.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9608] Netsweeper 4.0.3 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9609] Netsweeper 4.0.8 - Directory Traversal (@daffainfo) [medium]
[CVE-2014-9614] Netsweeper 4.0.5 - Default Weak Account (@daffainfo) [critical]
[CVE-2014-9615] Netsweeper 4.0.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9617] Netsweeper 3.0.6 - Open Redirection (@daffainfo) [medium]
[CVE-2014-9618] Netsweeper - Authentication Bypass (@daffainfo) [critical]
[CVE-2015-0554] ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information
Disclosure (@daffainfo) [critical]
[CVE-2015-1000005] WordPress Candidate Application Form <= 1.3 - Local File
Inclusion (@dhiyaneshdk) [high]
[CVE-2015-1000010] WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
(@dhiyaneshdk) [high]
[CVE-2015-1000012] WordPress MyPixs <=0.3 - Local File Inclusion (@daffainfo)
[high]
[CVE-2015-1427] ElasticSearch - Remote Code Execution (@pikpikcu) [high]
[CVE-2015-1503] IceWarp Mail Server <11.1.1 - Directory Traversal (@0x_akoko)
[high]
[CVE-2015-1579] WordPress Slider Revolution - Local File Disclosure (@pussycat0x)
[medium]
[CVE-2015-1635] Microsoft Windows 'HTTP.sys' - Remote Code Execution (@phillipo)
[critical]
[CVE-2015-1880] Fortinet FortiOS <=5.2.3 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2015-20067] WP Attachment Export < 0.2.4 - Unrestricted File Download
(@r3y3r53) [high]
[CVE-2015-2067] Magento Server MAGMI - Directory Traversal (@daffainfo) [medium]
[CVE-2015-2068] Magento Server Mass Importer - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-2080] Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
(@pikpikcu) [high]
[CVE-2015-2166] Ericsson Drutt MSDP - Local File Inclusion (@daffainfo) [medium]
[CVE-2015-2196] WordPress Spider Calendar <=1.4.9 - SQL Injection (@theamanrawat)
[high]
[CVE-2015-2755] WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2015-2794] DotNetNuke 07.04.00 - Administration Authentication Bypass (@0xr2r)
[critical]
[CVE-2015-2807] Navis DocumentCloud <0.1.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-2863] Kaseya Virtual System Administrator - Open Redirect
(@0x_akoko,@amirhossein raeisi) [medium]
[CVE-2015-2996] SysAid Help Desk <15.2 - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-3035] TP-LINK - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-3224] Ruby on Rails Web Console - Remote Code Execution (@pdteam)
[medium]
[CVE-2015-3337] Elasticsearch - Local File Inclusion (@pdteam) [medium]
[CVE-2015-3648] ResourceSpace - Local File inclusion (@pikpikcu) [high]
[CVE-2015-3897] Bonita BPM Portal <6.5.3 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-4050] Symfony - Authentication Bypass (@elsfa7110,@meme-lord) [medium]
[CVE-2015-4062] WordPress NewStatPress 0.9.8 - SQL Injection (@r3y3r53) [medium]
[CVE-2015-4063] NewStatPress <0.9.9 - Cross-Site Scripting (@r3y3r53) [low]
[CVE-2015-4074] Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2015-4127] WordPress Church Admin <0.810 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-4414] WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
(@daffainfo) [medium]
[CVE-2015-4455] WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0
Beta - Arbitrary File Upload (@mastercho) [critical]
[CVE-2015-4632] Koha 3.20.1 - Directory Traversal (@daffainfo) [high]
[CVE-2015-4666] Xceedium Xsuite <=2.4.4.5 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-4668] Xsuite <=2.4.4.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-4694] WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2015-5354] Novius OS 5.0.1-elche - Open Redirect (@0x_akoko) [medium]
[CVE-2015-5461] WordPress StageShow <5.0.9 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-5469] WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2015-5471] Swim Team <= v1.44.10777 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-5531] ElasticSearch <1.6.1 - Local File Inclusion (@princechaddha)
[medium]
[CVE-2015-5688] Geddy <13.0.8 - Local File Inclusion (@pikpikcu) [medium]
[CVE-2015-6477] Nordex NC2 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2015-6544] Combodo iTop <2.2.0-2459 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2015-6920] WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-7245] D-Link DVG-N5402SP - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-7297] Joomla! Core SQL Injection (@princechaddha) [high]
[CVE-2015-7377] WordPress Pie-Register <2.0.19 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-7450] IBM WebSphere Java Object Deserialization - Remote Code Execution
(@wdahlenb) [critical]
[CVE-2015-7780] ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2015-7823] Kentico CMS 8.2 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-8349] SourceBans <2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2015-8399] Atlassian Confluence <5.8.17 - Information Disclosure
(@princechaddha) [medium]
[CVE-2015-8813] Umbraco <7.4.0- Server-Side Request Forgery (@emadshanab) [high]
[CVE-2015-9312] NewStatPress <=1.0.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2015-9323] 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection (@harsh)
[critical]
[CVE-2015-9414] WordPress Symposium <=15.8.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-9480] WordPress RobotCPA 5 - Directory Traversal (@daffainfo) [high]
[CVE-2016-0957] Adobe AEM Dispatcher <4.15 - Rules Bypass (@geeknik) [high]
[CVE-2016-1000126] WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000127] WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000128] WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000129] WordPress defa-online-image-protector <=3.3 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000130] WordPress e-search <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000131] WordPress e-search <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000132] WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000133] WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000134] WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000135] WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000136] WordPress heat-trackr 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000137] WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000138] WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000139] WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000140] WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000141] WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000142] WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000143] WordPress Photoxhibit 2.1.8 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000146] WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000148] WordPress S3 Video <=0.983 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000149] WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000152] WordPress Tidio-form <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000153] WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000154] WordPress WHIZZ <=1.0.7 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000155] WordPress WPSOLR <=8.6 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-10033] WordPress PHPMailer < 5.2.18 - Remote Code Execution
(@princechaddha) [critical]
[CVE-2016-10108] Western Digital MyCloud NAS - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2016-10134] Zabbix - SQL Injection (@princechaddha) [critical]
[CVE-2016-10367] Opsview Monitor Pro - Local File Inclusion (@0x_akoko) [high]
[CVE-2016-10368] Opsview Monitor Pro - Open Redirect (@0x_akoko) [medium]
[CVE-2016-10924] Wordpress Zedna eBook download <1.2 - Local File Inclusion
(@idealphase) [high]
[CVE-2016-10940] WordPress zm-gallery plugin 1.0 SQL Injection
(@cckuailong,@daffainfo) [high]
[CVE-2016-10956] WordPress Mail Masta 1.0 - Local File Inclusion
(@daffainfo,@0x240x23elu) [high]
[CVE-2016-10960] WordPress wSecure Lite < 2.4 - Remote Code Execution (@daffainfo)
[high]
[CVE-2016-10973] Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting (@harsh)
[medium]
[CVE-2016-10993] ScoreMe Theme - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2016-1555] NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
(@gy741) [critical]
[CVE-2016-2389] SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
(@daffainfo) [high]
[CVE-2016-3081] Apache S2-032 Struts - Remote Code Execution (@dhiyaneshdk) [high]
[CVE-2016-3088] Apache ActiveMQ Fileserver - Arbitrary File Write (@fq_hsu)
[critical]
[CVE-2016-3978] Fortinet FortiOS - Open Redirect/Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2016-4437] Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code
Execution Vulnerability (@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2016-4975] Apache mod_userdir CRLF injection (@melbadry9,@nadino,@xelkomy)
[medium]
[CVE-2016-4977] Spring Security OAuth2 Remote Command Execution (@princechaddha)
[high]
[CVE-2016-5649] NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (@suman_kar)
[critical]
[CVE-2016-5674] NUUO NVR camera `debugging_center_utils_.php` - Command Execution
(@dhiyaneshdk) [critical]
[CVE-2016-6195] vBulletin <= 4.2.3 - SQL Injection (@mastercho) [critical]
[CVE-2016-6277] NETGEAR Routers - Remote Code Execution (@pikpikcu) [high]
[CVE-2016-6601] ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2016-7552] Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication
Bypass (@dwisiswant0) [critical]
[CVE-2016-7834] Sony IPELA Engine IP Camera - Hardcoded Account (@af001) [high]
[CVE-2016-7981] SPIP <3.1.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2016-8527] Aruba Airwave <8.2.3.1 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-0929] DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
(@charanrayudu,@meme-lord) [high]
[CVE-2017-1000028] Oracle GlassFish Server Open Source Edition 4.1 - Local File
Inclusion (@pikpikcu,@daffainfo) [high]
[CVE-2017-1000029] Oracle GlassFish Server Open Source Edition 3.0.1 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2017-1000163] Phoenix Framework - Open Redirect (@0x_akoko) [medium]
[CVE-2017-1000170] WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local
File Inclusion (@dwisiswant0) [high]
[CVE-2017-1000486] Primetek Primefaces 5.x - Remote Code Execution (@moritz
nentwig) [critical]
[CVE-2017-10075] Oracle Content Server - Cross-Site Scripting (@madrobot) [high]
[CVE-2017-10271] Oracle WebLogic Server - Remote Command Execution
(@dr_set,@imnightmaree,@true13) [high]
[CVE-2017-10974] Yaws 1.91 - Local File Inclusion (@0x_akoko) [high]
[CVE-2017-11165] DataTaker DT80 dEX 1.50.012 - Information Disclosure
(@theabhinavgaur) [critical]
[CVE-2017-11444] Subrion CMS <4.1.5.10 - SQL Injection (@dwisiswant0) [critical]
[CVE-2017-11512] ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2017-11586] FineCMS <5.0.9 - Open Redirect (@0x_akoko) [medium]
[CVE-2017-11610] XML-RPC Server - Remote Code Execution (@notnotnotveg) [high]
[CVE-2017-11629] FineCMS <=5.0.10 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-12138] XOOPS Core 2.5.8 - Open Redirect (@0x_akoko) [medium]
[CVE-2017-12149] Jboss Application Server - Remote Code Execution (@fopina,@s0obi)
[critical]
[CVE-2017-12542] HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
(@pikpikcu) [critical]
[CVE-2017-12544] HPE System Management - Cross-Site Scripting (@divya_mudgal)
[medium]
[CVE-2017-12583] DokuWiki - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2017-12611] Apache Struts2 S2-053 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2017-12615] Apache Tomcat Servers - Remote Code Execution (@pikpikcu) [high]
[CVE-2017-12617] Apache Tomcat - Remote Code Execution (@pussycat0x) [high]
[CVE-2017-12629] Apache Solr <= 7.1 - XML Entity Injection (@dwisiswant0)
[critical]
[CVE-2017-12635] Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
(@pikpikcu) [critical]
[CVE-2017-12637] SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
(@apt-mirror) [high]
[CVE-2017-12794] Django Debug Page - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-14135] OpenDreambox 2.0.0 - Remote Code Execution (@alph4byt3) [critical]
[CVE-2017-14186] FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
(@johnk3r) [medium]
[CVE-2017-14524] OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
(@0x_akoko) [medium]
[CVE-2017-14535] Trixbox - 2.8.0.4 OS Command Injection (@pikpikcu) [high]
[CVE-2017-14537] Trixbox 2.8.0 - Path Traversal (@pikpikcu) [medium]
[CVE-2017-14622] WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2017-14651] WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (@mass0ma)
[medium]
[CVE-2017-14849] Node.js <8.6.0 - Directory Traversal (@random_robbie) [high]
[CVE-2017-15287] Dreambox WebControl 2.0.0 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2017-15363] Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2017-15647] FiberHome Routers - Local File Inclusion (@daffainfo) [high]
[CVE-2017-15715] Apache httpd <=2.4.29 - Arbitrary File Upload (@geeknik) [high]
[CVE-2017-15944] Palo Alto Network PAN-OS - Remote Code Execution
(@emadshanab,@milo2012) [critical]
[CVE-2017-16806] Ulterius Server < 1.9.5.0 - Directory Traversal (@geeknik) [high]
[CVE-2017-16877] Nextjs <2.4.1 - Local File Inclusion (@pikpikcu) [high]
[CVE-2017-16894] Laravel <5.5.21 - Information Disclosure (@j4vaovo) [high]
[CVE-2017-17043] WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-17059] WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-17451] WordPress Mailster <=1.5.4 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2017-17731] DedeCMS 5.7 - SQL Injection (@j4vaovo) [critical]
[CVE-2017-17736] Kentico - Installer Privilege Escalation (@shiar) [critical]
[CVE-2017-18024] AvantFAX 3.3.3 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-18487] AdPush < 1.44 - Cross-Site Scripting (@luisfelipe146) [medium]
[CVE-2017-18490] Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18491] Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18492] Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18493] Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18494] Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18496] Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18500] Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18501] Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18502] Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18505] BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18516] LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18517] Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18518] SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18527] Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18528] PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18529] PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18530] Rating by BestWebSoft < 0.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18532] Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18536] WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-18537] Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18542] Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18556] Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18557] Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18558] Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18562] Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18564] Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18565] Updater by BestWebSoft < 1.35 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18566] User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18598] WordPress Qards - Cross-Site Scripting (@pussycat0x) [medium]
[CVE-2017-18638] Graphite <=1.1.5 - Server-Side Request Forgery (@huowuzhao) [high]
[CVE-2017-3506] Oracle Fusion Middleware Weblogic Server - Remote OS Command
Execution (@pdteam) [high]
[CVE-2017-3528] Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect (@0x_akoko)
[medium]
[CVE-2017-4011] McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
(@geeknik) [medium]
[CVE-2017-5521] NETGEAR Routers - Authentication Bypass (@princechaddha) [high]
[CVE-2017-5631] KMCIS CaseAware - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2017-5638] Apache Struts 2 - Remote Command Execution (@random_robbie)
[critical]
[CVE-2017-5689] Intel Active Management - Authentication Bypass (@pdteam)
[critical]
[CVE-2017-5982] Kodi 17.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2017-6090] PhpColl 2.5.1 Arbitrary File Upload (@pikpikcu) [high]
[CVE-2017-7269] Windows Server 2003 & IIS 6.0 - Remote Code Execution
(@thomas_from_offensity,@geeknik) [critical]
[CVE-2017-7391] Magmi 0.7.22 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-7615] MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
(@bp0lr,@dwisiswant0) [high]
[CVE-2017-7855] IceWarp WebMail 11.3.1.5 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2017-7921] Hikvision - Authentication Bypass (@princechaddha) [critical]
[CVE-2017-7925] Dahua Security - Configuration File Disclosure (@e1a,@none)
[critical]
[CVE-2017-8229] Amcrest IP Camera Web Management - Data Exposure (@pussycat0x)
[critical]
[CVE-2017-8917] Joomla! <3.7.1 - SQL Injection (@princechaddha) [critical]
[CVE-2017-9140] Reflected XSS - Telerik Reporting Module (@dhiyaneshdk) [medium]
[CVE-2017-9288] WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2017-9416] Odoo 8.0/9.0/10.0 - Local File Inclusion (@co5mos) [medium]
[CVE-2017-9506] Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side
Request Forgery (@pdteam) [medium]
[CVE-2017-9791] Apache Struts2 S2-053 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2017-9805] Apache Struts2 S2-052 - Remote Code Execution (@pikpikcu) [high]
[CVE-2017-9822] DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code
Execution (@milo2012) [high]
[CVE-2017-9833] BOA Web Server 0.94.14 - Arbitrary File Access (@0x_akoko) [high]
[CVE-2017-9841] PHPUnit - Remote Code Execution (@random_robbie,@pikpikcu)
[critical]
[CVE-2018-0127] Cisco RV132W/RV134W Router - Information Disclosure (@jrolf)
[critical]
[CVE-2018-0296] Cisco ASA - Local File Inclusion (@organiccrap) [high]
[CVE-2018-1000129] Jolokia 1.3.7 - Cross-Site Scripting
(@mavericknerd,@0h1in9e,@daffainfo) [medium]
[CVE-2018-1000130] Jolokia Agent - JNDI Code Injection (@milo2012) [high]
[CVE-2018-1000226] Cobbler - Authentication Bypass (@c-sh0) [critical]
[CVE-2018-1000533] GitList < 0.6.0 Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-1000600] Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
(@geeknik) [high]
[CVE-2018-1000671] Sympa version =>6.2.16 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2018-1000856] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-1000861] Jenkins - Remote Command Injection (@dhiyaneshdk,@pikpikcu)
[critical]
[CVE-2018-10093] AudioCodes 420HD - Remote Code Execution (@wisnupramoedya) [high]
[CVE-2018-10095] Dolibarr <7.0.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-10141] Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2018-10201] Ncomputing vSPace Pro 10 and 11 - Directory Traversal (@0x_akoko)
[high]
[CVE-2018-10230] Zend Server <9.13 - Cross-Site Scripting (@marcos_iaf) [medium]
[CVE-2018-10562] Dasan GPON Devices - Remote Code Execution (@gy741) [critical]
[CVE-2018-10735] NagiosXI <= 5.4.12 `commandline.php` SQL injection (@dhiyaneshdk)
[high]
[CVE-2018-10736] NagiosXI <= 5.4.12 - SQL injection (@dhiyaneshdk) [high]
[CVE-2018-10737] NagiosXI <= 5.4.12 logbook.php SQL injection (@dhiyaneshdk) [high]
[CVE-2018-10738] NagiosXI <= 5.4.12 menuaccess.php - SQL injection (@dhiyaneshdk)
[high]
[CVE-2018-10818] LG NAS Devices - Remote Code Execution (@gy741) [critical]
[CVE-2018-10822] D-Link Routers - Local File Inclusion (@daffainfo) [high]
[CVE-2018-10823] D-Link Routers - Remote Command Injection (@wisnupramoedya) [high]
[CVE-2018-10942] Prestashop AttributeWizardPro Module - Arbitrary File Upload
(@mastercho) [critical]
[CVE-2018-10956] IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2018-11227] Monstra CMS <=3.0.4 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2018-11231] Opencart Divido - Sql Injection (@ritikchaddha) [high]
[CVE-2018-11409] Splunk <=7.0.1 - Information Disclosure (@harshbothra_) [medium]
[CVE-2018-11473] Monstra CMS 3.0.4 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-11709] WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2018-11759] Apache Tomcat JK Connect <=1.2.44 - Manager Access (@harshbothra_)
[high]
[CVE-2018-11776] Apache Struts2 S2-057 - Remote Code Execution (@pikpikcu) [high]
[CVE-2018-11784] Apache Tomcat - Open Redirect (@geeknik) [medium]
[CVE-2018-12031] Eaton Intelligent Power Manager 1.6 - Directory Traversal
(@daffainfo) [critical]
[CVE-2018-12054] Schools Alert Management Script - Arbitrary File Read
(@wisnupramoedya) [high]
[CVE-2018-1207] Dell iDRAC7/8 Devices - Remote Code Injection (@dwisiswant0)
[critical]
[CVE-2018-12095] OEcms 3.1 - Cross-Site Scripting (@logicalhunter) [medium]
[CVE-2018-12296] Seagate NAS OS 4.3.15.1 - Server Information Disclosure
(@princechaddha) [high]
[CVE-2018-12300] Seagate NAS OS 4.3.15.1 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-12613] PhpMyAdmin <4.8.2 - Local File Inclusion (@pikpikcu) [high]
[CVE-2018-12634] CirCarLife Scada <4.3 - System Log Exposure (@geeknik) [critical]
[CVE-2018-12675] SV3C HD Camera L Series - Open Redirect (@0x_akoko) [medium]
[CVE-2018-1271] Spring MVC Framework - Local File Inclusion (@hetroublemakr)
[medium]
[CVE-2018-1273] Spring Data Commons - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2018-12909] Webgrind <= 1.5 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2018-12998] Zoho manageengine - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-1335] Apache Tika <1.1.8- Header Command Injection (@pikpikcu) [high]
[CVE-2018-13379] Fortinet FortiOS - Credentials Disclosure (@organiccrap)
[critical]
[CVE-2018-13380] Fortinet FortiOS - Cross-Site Scripting (@shelld3v,@aaronchen0)
[medium]
[CVE-2018-13980] Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
(@wisnupramoedya) [medium]
[CVE-2018-14013] Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-
Site Scripting (@pikpikcu) [medium]
[CVE-2018-14064] VelotiSmart Wifi - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-14474] Orange Forum 1.4.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-14574] Django - Open Redirect (@pikpikcu) [medium]
[CVE-2018-14728] Responsive filemanager 9.13.1 Server-Side Request Forgery
(@madrobot) [critical]
[CVE-2018-14912] cgit < 1.2.1 - Directory Traversal (@0x_akoko) [high]
[CVE-2018-14916] Loytec LGATE-902 <6.4.2 - Local File Inclusion (@0x_akoko)
[critical]
[CVE-2018-14918] LOYTEC LGATE-902 6.3.2 - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-14931] Polarisft Intellect Core Banking Software Version 9.7.1 - Open
Redirect (@0x_akoko) [medium]
[CVE-2018-15138] LG-Ericsson iPECS NMS 30M - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-15517] D-Link Central WifiManager - Server-Side Request Forgery (@gy741)
[high]
[CVE-2018-15535] Responsive FileManager <9.13.4 - Local File Inclusion (@daffainfo)
[high]
[CVE-2018-15745] Argus Surveillance DVR 4.0.0.0 - Local File Inclusion (@gy741)
[high]
[CVE-2018-15917] Jorani Leave Management System 0.6.5 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2018-15961] Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
(@skylark-lab,@imnightmaree) [critical]
[CVE-2018-16059] WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2018-16133] Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2018-16139] BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting (@atomiczsec)
[medium]
[CVE-2018-16159] WordPress Gift Voucher <4.1.8 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2018-16167] LogonTracer <=1.2.0 - Remote Command Injection (@gy741) [critical]
[CVE-2018-16283] WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
(@0x240x23elu) [critical]
[CVE-2018-16288] LG SuperSign EZ CMS 2.5 - Local File Inclusion (@daffainfo) [high]
[CVE-2018-16299] WordPress Localize My Post 1.0 - Local File Inclusion
(@0x_akoko,@0x240x23elu) [high]
[CVE-2018-16341] Nuxeo <10.3 - Remote Code Execution (@madrobot) [high]
[CVE-2018-16668] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16670] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16671] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16716] NCBI ToolBox - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-16761] Eventum <3.4.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-16763] FUEL CMS 1.4.1 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-16836] Rubedo CMS <=3.4.0 - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-16979] Monstra CMS 3.0.4 - HTTP Header Injection (@0x_akoko) [medium]
[CVE-2018-17153] Western Digital MyCloud NAS - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2018-17246] Kibana - Local File Inclusion (@princechaddha,@thelicato)
[critical]
[CVE-2018-17254] Joomla! JCK Editor SQL Injection (@suman_kar) [critical]
[CVE-2018-17422] DotCMS < 5.0.2 - Open Redirect (@0x_akoko,@daffainfo) [medium]
[CVE-2018-17431] Comodo Unified Threat Management Web Console - Remote Code
Execution (@dwisiswant0) [critical]
[CVE-2018-18069] WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
(@nadino) [medium]
[CVE-2018-18264] Kubernetes Dashboard <1.10.1 - Authentication Bypass (@edoardottt)
[high]
[CVE-2018-18323] Centos Web Panel 0.9.8.480 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-18570] Planon <Live Build 41 - Cross-Site Scripting (@emadshanab)
[medium]
[CVE-2018-18608] DedeCMS 5.7 SP2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-18775] Microstrategy Web 7 - Cross-Site Scripting (@0x_akoko) [medium]
[CVE-2018-18777] Microstrategy Web 7 - Local File Inclusion (@0x_akoko) [medium]
[CVE-2018-18778] ACME mini_httpd <1.30 - Local File Inclusion
(@dhiyaneshdk,@dogasantos) [medium]
[CVE-2018-18809] TIBCO JasperReports Library - Directory Traversal (@dhiyaneshdk)
[medium]
[CVE-2018-18925] Gogs (Go Git Service) 0.11.66 - Remote Code Execution
(@princechaddha) [critical]
[CVE-2018-19136] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19137] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19287] WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2018-19326] Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-19365] Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
(@0x_akoko) [critical]
[CVE-2018-19386] SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site
Scripting (@pikpikcu) [medium]
[CVE-2018-19439] Oracle Secure Global Desktop Administration Console 4.4 - Cross-
Site Scripting (@madrobot,@dwisiswant0) [medium]
[CVE-2018-19458] PHP Proxy 3.0.3 - Local File Inclusion (@daffainfo) [high]
[CVE-2018-19749] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19751] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19752] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19753] Tarantella Enterprise <3.11 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-19877] Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-19892] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19914] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19915] DomainMOD <=4.11.01 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-20009] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20010] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20011] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20462] WordPress JSmol2WP <=1.07 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2018-20463] WordPress JSmol2WP <=1.07 - Local File Inclusion (@vinit989)
[high]
[CVE-2018-20470] Tyto Sahi pro 7.x/8.x - Local File Inclusion (@daffainfo) [high]
[CVE-2018-20526] Roxy Fileman 1.4.5 - Unrestricted File Upload (@dhiyaneshdk)
[critical]
[CVE-2018-20608] Imcat 4.4 - Phpinfo Configuration (@ritikchaddha) [high]
[CVE-2018-20824] Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2018-20985] WordPress Payeezy Pay <=2.97 - Local File Inclusion (@daffainfo)
[critical]
[CVE-2018-2392] SAP Internet Graphics Server (IGS) - XML External Entity Injection
(@_generic_human_) [high]
[CVE-2018-2791] Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
(@madrobot,@leovalcante) [high]
[CVE-2018-2894] Oracle WebLogic Server - Remote Code Execution (@geeknik,@pdteam)
[critical]
[CVE-2018-3167] Oracle E-Business Suite - Blind SSRF (@geeknik) [medium]
[CVE-2018-3238] Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site
Scripting (@leovalcante) [medium]
[CVE-2018-3714] node-srv - Local File Inclusion (@madrobot) [medium]
[CVE-2018-3760] Ruby On Rails - Local File Inclusion (@0xrudra,@pikpikcu) [high]
[CVE-2018-3810] Oturia WordPress Smart Google Code Inserter <3.5 - Authentication
Bypass (@princechaddha) [critical]
[CVE-2018-5230] Atlassian Jira Confluence - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2018-5233] Grav CMS <1.3.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-5316] WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-
Site Scripting (@daffainfo) [medium]
[CVE-2018-5715] SugarCRM 3.5.1 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2018-6008] Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
(@daffainfo) [high]
[CVE-2018-6184] Zeit Next.js <4.2.3 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2018-6200] vBulletin - Open Redirect (@0x_akoko,@daffainfo) [medium]
[CVE-2018-6530] D-Link - Unauthenticated Remote Code Execution (@gy741) [critical]
[CVE-2018-6605] Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
(@dhiyaneshdk) [critical]
[CVE-2018-6910] DedeCMS 5.7 - Path Disclosure (@pikpikcu) [high]
[CVE-2018-7251] Anchor CMS 0.12.3 - Error Log Exposure (@pdteam) [critical]
[CVE-2018-7282] TITool PrintMonitor - Blind SQL Injection (@theamanrawat)
[critical]
[CVE-2018-7314] Joomla! Component PrayerCenter 3.0.2 - SQL Injection (@dhiyaneshdk)
[critical]
[CVE-2018-7422] WordPress Site Editor <=1.1.1 - Local File Inclusion
(@luskabol,@0x240x23elu) [high]
[CVE-2018-7467] AxxonSoft Axxon Next - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-7490] uWSGI PHP Plugin Local File Inclusion (@madrobot) [high]
[CVE-2018-7600] Drupal - Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-7602] Drupal - Remote Code Execution (@princechaddha) [critical]
[CVE-2018-7653] YzmCMS v3.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7662] CouchCMS <= 2.0 - Path Disclosure (@ritikchaddha) [medium]
[CVE-2018-7700] DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
(@pikpikcu) [high]
[CVE-2018-7719] Acrolinx Server <5.2.5 - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-8006] Apache ActiveMQ <=5.15.5 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2018-8033] Apache OFBiz 16.11.04 - XML Entity Injection (@pikpikcu) [high]
[CVE-2018-8715] AppWeb - Authentication Bypass (@milo2012) [high]
[CVE-2018-8719] WordPress WP Security Audit Log 3.1.1 - Information Disclosure
(@logicalhunter) [medium]
[CVE-2018-8727] Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2018-8770] Cobub Razor 0.8.0 - Information Disclosure (@princechaddha)
[medium]
[CVE-2018-8823] PrestaShop Responsive Mega Menu Module - Remote Code Execution
(@mastercho) [critical]
[CVE-2018-9118] WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 -
Local File Inclusion (@0x_akoko) [high]
[CVE-2018-9161] PrismaWEB - Credentials Disclosure (@gy741) [critical]
[CVE-2018-9205] Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
(@daffainfo) [high]
[CVE-2018-9845] Etherpad Lite <1.6.4 - Admin Authentication Bypass
(@philippedelteil) [critical]
[CVE-2018-9995] TBK DVR4104/DVR4216 Devices - Authentication Bypass
(@princechaddha) [critical]
[CVE-2019-0193] Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
(@pdteam) [high]
[CVE-2019-0221] Apache Tomcat - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-0230] Apache Struts <=2.5.20 - Remote Code Execution (@geeknik)
[critical]
[CVE-2019-10068] Kentico CMS Insecure Deserialization Remote Code Execution
(@davidmckennirey) [critical]
[CVE-2019-10092] Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site
Scripting (@pdteam) [medium]
[CVE-2019-10098] Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (@ctflearner)
[medium]
[CVE-2019-1010287] Timesheet Next Gen <=1.5.3 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2019-1010290] Babel - Open Redirect (@0x_akoko) [medium]
[CVE-2019-10232] Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
(@redteambrasil) [critical]
[CVE-2019-10405] Jenkins <=2.196 - Cookie Exposure (@c-sh0) [medium]
[CVE-2019-10475] Jenkins build-metrics 1.3 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2019-10692] WordPress Google Maps <7.11.18 - SQL Injection (@pussycat0x)
[critical]
[CVE-2019-10717] BlogEngine.NET 3.3.7.0 - Local File Inclusion (@arafatansari)
[high]
[CVE-2019-10758] mongo-express Remote Code Execution (@princechaddha) [critical]
[CVE-2019-11013] Nimble Streamer <=3.5.4-9 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2019-11248] Debug Endpoint pprof - Exposure Detection (@0xceeb,@ritikchaddha)
[high]
[CVE-2019-11370] Carel pCOWeb <B1.2.4 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2019-11510] Pulse Connect Secure SSL VPN Arbitrary File Read (@organiccrap)
[critical]
[CVE-2019-11580] Atlassian Crowd and Crowd Data Center - Unauthenticated Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2019-11581] Atlassian Jira Server-Side Template Injection (@ree4pwn)
[critical]
[CVE-2019-11869] WordPress Yuzo <5.12.94 - Cross-Site Scripting (@ganofins)
[medium]
[CVE-2019-12276] GrandNode 4.40 - Local File Inclusion (@daffainfo) [high]
[CVE-2019-12314] Deltek Maconomy 2.2.5 - Local File Inclusion (@madrobot)
[critical]
[CVE-2019-12461] WebPort 1.19.1 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-12581] Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting (@n-thumann)
[medium]
[CVE-2019-12583] Zyxel ZyWall UAG/USG - Account Creation Access (@n-
thumann,@daffainfo) [critical]
[CVE-2019-12593] IceWarp Mail Server <=10.4.4 - Local File Inclusion (@pikpikcu)
[high]
[CVE-2019-12616] phpMyAdmin <4.9.0 - Cross-Site Request Forgery
(@mohammedsaneem,@philippedelteil,@daffainfo) [medium]
[CVE-2019-12725] Zeroshell 3.9.0 - Remote Command Execution
(@dwisiswant0,@akincibor) [critical]
[CVE-2019-12962] LiveZilla Server 8.0.1.0 - Cross-Site Scripting (@clment cruchet)
[medium]
[CVE-2019-12985] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12986] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12987] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12988] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12990] Citrix SD-WAN Center - Local File Inclusion (@gy741) [critical]
[CVE-2019-13101] D-Link DIR-600M - Authentication Bypass (@suman_kar) [critical]
[CVE-2019-13392] MindPalette NateMail 3.0.15 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2019-13396] FlightPath - Local File Inclusion (@0x_akoko,@daffainfo) [medium]
[CVE-2019-13462] Lansweeper Unauthenticated SQL Injection (@divya_mudgal)
[critical]
[CVE-2019-14205] WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion
(@pikpikcu) [high]
[CVE-2019-14223] Alfresco Share - Open Redirect (@pdteam) [medium]
[CVE-2019-14251] T24 Web Server - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-14312] Aptana Jaxer 1.0.3.4547 - Local File inclusion (@daffainfo)
[medium]
[CVE-2019-14322] Pallets Werkzeug <0.15.5 - Local File Inclusion (@madrobot) [high]
[CVE-2019-14470] WordPress UserPro 4.9.32 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2019-14530] OpenEMR <5.0.2 - Local File Inclusion (@tenbird) [high]
[CVE-2019-14750] osTicket < 1.12.1 - Cross-Site Scripting (@tenbird) [medium]
[CVE-2019-14789] Custom 404 Pro < 3.2.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2019-14974] SugarCRM Enterprise 9.0.0 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2019-15107] Webmin <= 1.920 - Unauthenticated Remote Command Execution
(@bp0lr) [critical]
[CVE-2019-15501] L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
(@logicalhunter,@arafatansari) [medium]
[CVE-2019-15642] Webmin < 1.920 - Authenticated Remote Code Execution (@pussycat0x)
[high]
[CVE-2019-15713] WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
(@daffainfo,@dhiyaneshdk) [medium]
[CVE-2019-15811] DomainMOD <=4.13.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2019-15829] Gallery Photoblocks < 1.1.43 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2019-15858] WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote
Code Execution (@dwisiswant0,@fmunozs,@patralos) [high]
[CVE-2019-15859] Socomec DIRIS A-40 Devices Password Disclosure (@geeknik)
[critical]
[CVE-2019-15889] WordPress Download Manager <2.9.94 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-16057] D-Link DNS-320 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2019-16097] Harbor <=1.82.0 - Privilege Escalation (@pikpikcu) [medium]
[CVE-2019-16123] PilusCart <=1.4.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-16278] nostromo 1.9.6 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-16313] ifw8 Router ROM v4.31 - Credential Discovery (@pikpikcu) [high]
[CVE-2019-16332] WordPress API Bearer Auth <20190907 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-16469] Adobe Experience Manager - Expression Language Injection
(@domenicoveneziano) [high]
[CVE-2019-16525] WordPress Checklist <1.1.9 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2019-1653] Cisco Small Business WAN VPN Routers - Sensitive Information
Disclosure (@dwisiswant0) [high]
[CVE-2019-16662] rConfig 3.9.2 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-16759] vBulletin 5.0.0-5.5.4 - Remote Command Execution (@madrobot)
[critical]
[CVE-2019-16920] D-Link Routers - Remote Code Execution (@dwisiswant0) [critical]
[CVE-2019-16931] WordPress Visualizer <3.3.1 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2019-16932] Visualizer <3.3.1 - Blind Server-Side Request Forgery (@akincibor)
[critical]
[CVE-2019-16996] Metinfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-16997] Metinfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-17270] Yachtcontrol Webapplication 1.0 - Remote Command Injection
(@pikpikcu) [critical]
[CVE-2019-17418] MetInfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-17444] Jfrog Artifactory <6.17.0 - Default Admin Password (@pdteam)
[critical]
[CVE-2019-17503] Kirona Dynamic Resource Scheduler - Information Disclosure
(@logicalhunter) [medium]
[CVE-2019-17506] D-Link DIR-868L/817LW - Information Disclosure (@pikpikcu)
[critical]
[CVE-2019-17538] Jiangnan Online Judge 0.8.0 - Local File Inclusion (@pussycat0x)
[high]
[CVE-2019-17558] Apache Solr <=8.3.1 - Remote Code Execution (@pikpikcu,@madrobot)
[high]
[CVE-2019-17574] Popup-Maker < 1.8.12 - Broken Authentication (@dhiyaneshdk)
[critical]
[CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical]
[CVE-2019-1821] Cisco Prime Infrastructure and Cisco Evolved Programmable Network
Manager - Remote Code Execution (@_0xf4n9x_) [critical]
[CVE-2019-18371] Xiaomi Mi WiFi R3G Routers - Local file Inclusion (@ritikchaddha)
[high]
[CVE-2019-18393] Ignite Realtime Openfire <4.42 - Local File Inclusion (@pikpikcu)
[medium]
[CVE-2019-18394] Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
(@pdteam) [critical]
[CVE-2019-18665] DOMOS 5.5 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-18818] strapi CMS <3.0.0-beta.17.5 - Admin Password Reset (@idealphase)
[critical]
[CVE-2019-18922] Allied Telesis AT-GS950/8 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-18957] MicroStrategy Library <11.1.3 - Cross-Site Scripting (@tess)
[medium]
[CVE-2019-1898] Cisco RV110W RV130W RV215W Router - Information leakage
(@sleepingbag945) [medium]
[CVE-2019-19134] WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-19368] Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2019-1943] Cisco Small Business 200,300 and 500 Series Switches - Open
Redirect (@bhutch) [medium]
[CVE-2019-19781] Citrix ADC and Gateway - Directory Traversal
(@organiccrap,@geeknik) [critical]
[CVE-2019-19824] TOTOLINK Realtek SD Routers - Remote Command Injection (@gy741)
[high]
[CVE-2019-19908] phpMyChat-Plus 1.98 - Cross-Site Scripting (@madrobot) [medium]
[CVE-2019-19985] WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File
Retrieval (@kba@sogeti_esec,@madrobot,@dwisiswant0) [medium]
[CVE-2019-20085] TVT NVMS 1000 - Local File Inclusion (@daffainfo) [high]
[CVE-2019-20141] WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
(@knassar702) [medium]
[CVE-2019-20183] Simple Employee Records System 1.0 - Unrestricted File Upload
(@pikpikcu,@j4vaovo) [high]
[CVE-2019-20210] WordPress CTHthemes - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2019-20224] Pandora FMS 7.0NG - Remote Command Injection (@ritikchaddha)
[high]
[CVE-2019-20933] InfluxDB <1.7.6 - Authentication Bypass (@pussycat0x,@c-sh0)
[critical]
[CVE-2019-2578] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken
Access Control (@leovalcante) [high]
[CVE-2019-2579] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
(@leovalcante) [medium]
[CVE-2019-2588] Oracle Business Intelligence - Path Traversal (@madrobot) [medium]
[CVE-2019-2616] Oracle Business Intelligence/XML Publisher - XML External Entity
Injection (@pdteam) [high]
[CVE-2019-2725] Oracle WebLogic Server - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2019-2729] Oracle WebLogic Server Administration Console - Remote Code
Execution (@igibanez) [critical]
[CVE-2019-2767] Oracle Business Intelligence Publisher - XML External Entity
Injection (@madrobot) [high]
[CVE-2019-3396] Atlassian Confluence Server - Path Traversal (@harshbothra_)
[critical]
[CVE-2019-3398] Atlassian Confluence Download Attachments - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2019-3401] Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
(@techbrunchfr,@milo2012) [medium]
[CVE-2019-3402] Jira < 8.1.1 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2019-3403] Jira - Incorrect Authorization (@ganofins) [medium]
[CVE-2019-3799] Spring Cloud Config Server - Local File Inclusion (@madrobot)
[medium]
[CVE-2019-3911] LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
(@princechaddha) [medium]
[CVE-2019-3912] LabKey Server Community Edition <18.3.0 - Open Redirect (@0x_akoko)
[medium]
[CVE-2019-3929] Barco/AWIND OEM Presentation Platform - Remote Command Injection
(@_0xf4n9x_) [critical]
[CVE-2019-5127] YouPHPTube Encoder 2.3 - Remote Command Injection (@pikpikcu)
[critical]
[CVE-2019-5418] Rails File Content Disclosure (@omarkurt) [high]
[CVE-2019-5434] Revive Adserver 4.2 - Remote Code Execution (@omarjezi) [critical]
[CVE-2019-6112] WordPress Sell Media 2.4.1 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2019-6340] Drupal - Remote Code Execution (@madrobot) [high]
[CVE-2019-6715] W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read /
Directory Traversal (@randomrobbie) [high]
[CVE-2019-6799] phpMyAdmin <4.8.5 - Local File Inclusion (@pwnhxl) [medium]
[CVE-2019-6802] Pypiserver <1.2.5 - Carriage Return Line Feed Injection (@0x_akoko)
[medium]
[CVE-2019-7139] Magento - SQL Injection (@mastercho) [critical]
[CVE-2019-7192] QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
(@dhiyaneshdk) [critical]
[CVE-2019-7219] Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting (@pdteam)
[medium]
[CVE-2019-7238] Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
(@pikpikcu) [critical]
[CVE-2019-7254] eMerge E3 1.00-06 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-7255] Linear eMerge E3 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2019-7256] eMerge E3 1.00-06 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-7275] Optergy Proton/Enterprise Building Management System - Open
Redirect (@0x_akoko) [medium]
[CVE-2019-7315] Genie Access WIP3BVAF IP Camera - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-7481] SonicWall SRA 4600 VPN - SQL Injection (@_darrenmartyn) [high]
[CVE-2019-7543] KindEditor 4.1.11 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-7609] Kibana Timelion - Arbitrary Code Execution (@dwisiswant0)
[critical]
[CVE-2019-8086] Adobe Experience Manager - XML External Entity Injection
(@dhiyaneshdk) [high]
[CVE-2019-8390] qdPM 9.1 - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2019-8442] Jira - Local File Inclusion (@kishore krishna (sillydaddy)) [high]
[CVE-2019-8446] Jira Improper Authorization (@dhiyaneshdk) [medium]
[CVE-2019-8449] Jira <8.4.0 - Information Disclosure (@harshbothra_) [medium]
[CVE-2019-8451] Jira <8.4.0 - Server-Side Request Forgery (@techbrunchfr) [medium]
[CVE-2019-8903] Totaljs <3.2.3 - Local File Inclusion (@madrobot) [high]
[CVE-2019-8937] HotelDruid 2.3.0 - Cross-Site Scripting (@logicalhunter) [medium]
[CVE-2019-8982] Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request
Forgery (@madrobot) [critical]
[CVE-2019-9041] ZZZCMS 1.6.1 - Remote Code Execution (@pikpikcu) [high]
[CVE-2019-9618] WordPress GraceMedia Media Player 1.0 - Local File Inclusion
(@daffainfo) [critical]
[CVE-2019-9632] ESAFENET CDG - Arbitrary File Download (@pdteam) [high]
[CVE-2019-9670] Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity
Injection (@ree4pwn) [critical]
[CVE-2019-9726] Homematic CCU3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-9733] JFrog Artifactory 6.7.3 - Admin Login Bypass (@akshansh) [critical]
[CVE-2019-9915] GetSimple CMS 3.3.13 - Open Redirect (@0x_akoko) [medium]
[CVE-2019-9922] Joomla! Harmis Messenger 1.2.2 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-9955] Zyxel - Cross-Site Scripting (@pdteam) [medium]
[CVE-2019-9978] WordPress Social Warfare <3.5.3 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2020-0618] Microsoft SQL Server Reporting Services - Remote Code Execution
(@joeldeleep) [high]
[CVE-2020-10148] SolarWinds Orion API - Auth Bypass (@dwisiswant0) [critical]
[CVE-2020-10199] Sonatype Nexus Repository Manager 3 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2020-10220] rConfig 3.9 - SQL Injection (@ritikchaddha,@theamanrawat)
[critical]
[CVE-2020-10546] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10547] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10548] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10549] rConfig <=3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10770] Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery
(SSRF) (@dhiyaneshdk) [medium]
[CVE-2020-10973] WAVLINK - Access Control (@arafatansari) [high]
[CVE-2020-11034] GLPI <9.4.6 - Open Redirect (@pikpikcu) [medium]
[CVE-2020-11110] Grafana <= 6.7.1 - Cross-Site Scripting (@emadshanab) [medium]
[CVE-2020-11450] MicroStrategy Web 10.4 - Information Disclosure (@tess) [high]
[CVE-2020-11455] LimeSurvey 4.1.11 - Local File Inclusion (@daffainfo) [critical]
[CVE-2020-11529] Grav <1.7 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-11530] WordPress Chop Slider 3 - Blind SQL Injection (@theamanrawat)
[critical]
[CVE-2020-11546] SuperWebmailer 7.21.0.01526 - Remote Code Execution
(@official_blackhat13) [critical]
[CVE-2020-11547] PRTG Network Monitor <20.1.57.1745 - Information Disclosure
(@x6263) [medium]
[CVE-2020-11710] Kong Admin <=2.03 - Admin API Access (@pikpikcu) [critical]
[CVE-2020-11738] WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
(@dwisiswant0) [high]
[CVE-2020-11798] Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
(@ritikchaddha) [medium]
[CVE-2020-11853] Micro Focus Operations Bridge Manager <=2020.05 - Remote Code
Execution (@dwisiswant0) [high]
[CVE-2020-11854] Micro Focus UCMDB - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-11930] WordPress GTranslate <2.8.52 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2020-11978] Apache Airflow <=1.10.10 - Remote Code Execution (@pdteam) [high]
[CVE-2020-11991] Apache Cocoon 2.1.12 - XML Injection (@pikpikcu) [high]
[CVE-2020-12054] WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2020-12116] Zoho ManageEngine OpManger - Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2020-12124] WAVLINK WN530H4 live_api.cgi - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2020-12127] WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
(@arafatansari) [high]
[CVE-2020-12256] rConfig 3.9.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-12259] rConfig 3.9.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-12447] Onkyo TX-NR585 Web Interface - Directory Traversal (@0x_akoko)
[high]
[CVE-2020-12478] TeamPass 2.1.27.36 - Improper Authentication (@arafatansari)
[high]
[CVE-2020-12720] vBulletin SQL Injection (@pdteam) [critical]
[CVE-2020-12800] WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
(@dwisiswant0) [critical]
[CVE-2020-13117] Wavlink Multiple AP - Remote Command Injection (@gy741) [critical]
[CVE-2020-13121] Submitty <= 20.04.01 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-13158] Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2020-13167] Netsweeper <=6.4.3 - Python Code Injection (@dwisiswant0)
[critical]
[CVE-2020-13258] Contentful <=2020-05-21 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2020-13379] Grafana 3.0.1-7.0.1 - Server-Side Request Forgery (@joshua rogers)
[high]
[CVE-2020-13405] Microweber <1.1.20 - Information Disclosure (@ritikchaddha,@amit-
jd) [high]
[CVE-2020-13483] Bitrix24 <=20.0.0 - Cross-Site Scripting (@pikpikcu,@3th1c_yuk1)
[medium]
[CVE-2020-13638] rConfig 3.9 - Authentication Bypass(Admin Login) (@theamanrawat)
[critical]
[CVE-2020-13700] WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object
Reference (@pikpikcu) [high]
[CVE-2020-13820] Extreme Management Center 8.4.1.24 - Cross-Site Scripting (@tess)
[medium]
[CVE-2020-13851] Artica Pandora FMS 7.44 - Remote Code Execution (@theamanrawat)
[high]
[CVE-2020-13927] Airflow Experimental <1.10.11 - REST API Auth Bypass (@pdteam)
[critical]
[CVE-2020-13937] Apache Kylin - Exposed Configuration File (@pikpikcu) [medium]
[CVE-2020-13942] Apache Unomi <1.5.2 - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-13945] Apache APISIX - Insufficiently Protected Credentials (@pdteam)
[medium]
[CVE-2020-14092] WordPress PayPal Pro <1.1.65 - SQL Injection (@princechaddha)
[critical]
[CVE-2020-14144] Gitea 1.1.0 - 1.12.5 - Remote Code Execution (@theamanrawat)
[high]
[CVE-2020-14179] Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 -
Information Disclosure (@x1m_martijn) [medium]
[CVE-2020-14181] Jira Server and Data Center - Information Disclosure (@bjhulst)
[medium]
[CVE-2020-14408] Agentejo Cockpit 0.10.2 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2020-14413] NeDi 1.9C - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-14750] Oracle WebLogic Server - Remote Command Execution
(@princechaddha,@dhiyaneshdk) [critical]
[CVE-2020-14864] Oracle Fusion - Directory Traversal/Local File Inclusion (@ivo
palazzolo (@palaziv)) [high]
[CVE-2020-14882] Oracle Weblogic Server - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-14883] Oracle Fusion Middleware WebLogic Server Administration Console -
Remote Code Execution (@pdteam,@vicrack) [high]
[CVE-2020-15050] Suprema BioStar <2.8.2 - Local File Inclusion (@gy741) [high]
[CVE-2020-15129] Traefik - Open Redirect (@dwisiswant0) [medium]
[CVE-2020-15148] Yii 2 < 2.0.38 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-15227] Nette Framework - Remote Code Execution (@becivells) [critical]
[CVE-2020-15500] TileServer GL <=3.0.0 - Cross-Site Scripting (@akash.c) [medium]
[CVE-2020-15505] MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2020-15568] TerraMaster TOS <.1.29 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-15867] Gogs 0.5.5 - 0.12.2 - Remote Code Execution (@theamanrawat) [high]
[CVE-2020-15895] D-Link DIR-816L 2.x - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-15920] Mida eFramework <=2.9.0 - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-16846] SaltStack <=3002 - Shell Injection (@dwisiswant0) [critical]
[CVE-2020-16952] Microsoft SharePoint - Remote Code Execution (@dwisiswant0) [high]
[CVE-2020-17362] Nova Lite < 1.3.9 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2020-17453] WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2020-17456] SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code
Execution (@gy741,@edoardottt) [critical]
[CVE-2020-17463] Fuel CMS 1.4.7 - SQL Injection (@thirukrishnan) [critical]
[CVE-2020-17496] vBulletin 5.5.4 - 5.6.2- Remote Command Execution (@pussycat0x)
[critical]
[CVE-2020-17505] Artica Web Proxy 4.30 - OS Command Injection (@dwisiswant0) [high]
[CVE-2020-17506] Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
(@dwisiswant0) [critical]
[CVE-2020-17518] Apache Flink 1.5.1 - Local File Inclusion (@pdteam) [high]
[CVE-2020-17519] Apache Flink - Local File Inclusion (@pdteam) [high]
[CVE-2020-17526] Apache Airflow <1.10.14 - Authentication Bypass
(@piyushchhiroliya) [high]
[CVE-2020-17530] Apache Struts 2.0.0-2.5.25 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-18268] Z-Blog <=1.5.2 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-19282] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19283] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19295] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19360] FHEM 6.0 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-1943] Apache OFBiz <=16.11.07 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2020-19515] qdPM 9.1 - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2020-1956] Apache Kylin 3.0.1 - Command Injection Vulnerability
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2020-19625] Gridx 1.3 - Remote Code Execution (@geeknik) [critical]
[CVE-2020-20285] ZZcms - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-20300] WeiPHP 5.0 - SQL Injection (@pikpikcu) [critical]
[CVE-2020-2096] Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2020-20982] shadoweb wdja v1.5.1 - Cross-Site Scripting
(@pikpikcu,@ritikchaddha) [critical]
[CVE-2020-20988] DomainMOD 4.13.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2020-21012] Sourcecodester Hotel and Lodge Management System 2.0 - SQL
Injection (@edoardottt) [critical]
[CVE-2020-2103] Jenkins <=2.218 - Information Disclosure (@c-sh0) [medium]
[CVE-2020-21224] Inspur ClusterEngine 4.0 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-2140] Jenkin Audit Trail <=3.2 - Cross-Site Scripting
(@j3ssie/geraldino2) [medium]
[CVE-2020-22208] 74cms - ajax_street.php 'x' SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22209] 74cms - ajax_common.php SQL Injection (@ritikchaddha) [critical]
[CVE-2020-22210] 74cms - ajax_officebuilding.php SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22211] 74cms - ajax_street.php 'key' SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22840] b2evolution CMS <6.11.6 - Open Redirect (@geeknik) [medium]
[CVE-2020-23015] OPNsense <=20.1.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-23517] Aryanic HighMail (High CMS) - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2020-23575] Kyocera Printer d-COPIA253MF - Directory Traversal (@0x_akoko)
[high]
[CVE-2020-23697] Monstra CMS 3.0.4 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-23972] Joomla! Component GMapFP 3.5 - Arbitrary File Upload
(@dwisiswant0) [high]
[CVE-2020-24148] Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side
Request Forgery (@dwisiswant0) [critical]
[CVE-2020-24186] WordPress wpDiscuz <=7.0.4 - Remote Code Execution (@ganofins)
[critical]
[CVE-2020-24223] Mara CMS 7.5 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-24312] WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
(@x1m_martijn) [high]
[CVE-2020-24391] Mongo-Express - Remote Code Execution (@leovalcante) [critical]
[CVE-2020-24550] EpiServer Find <13.2.7 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2020-24571] NexusDB <4.50.23 - Local File Inclusion (@pikpikcu) [high]
[CVE-2020-24579] D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
(@pikpikcu) [high]
[CVE-2020-24589] WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
(@lethargynavigator) [critical]
[CVE-2020-24701] OX Appsuite - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2020-24902] Quixplorer <=2.4.1 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-24903] Cute Editor for ASP.NET 6.4 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2020-24912] QCube Cross-Site-Scripting (@pikpikcu) [medium]
[CVE-2020-24949] PHP-Fusion 9.03.50 - Remote Code Execution (@geeknik) [high]
[CVE-2020-25078] D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
(@pikpikcu) [high]
[CVE-2020-25213] WordPress File Manager Plugin - Remote Code Execution (@foulenzer)
[critical]
[CVE-2020-25223] Sophos UTM Preauth - Remote Code Execution (@gy741) [critical]
[CVE-2020-25495] Xinuo Openserver 5/6 - Cross-Site scripting (@0x_akoko) [medium]
[CVE-2020-25506] D-Link DNS-320 - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2020-2551] Oracle WebLogic Server - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-25540] ThinkAdmin 6 - Local File Inclusion (@geeknik) [high]
[CVE-2020-25780] Commvault CommCell - Local File Inclusion (@pdteam) [high]
[CVE-2020-25864] HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
(@c-sh0) [medium]
[CVE-2020-26073] Cisco SD-WAN vManage Software - Local File Inclusion (@madrobot)
[high]
[CVE-2020-26153] Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
(@pikpikcu) [medium]
[CVE-2020-26214] Alerta < 8.1.0 - Authentication Bypass (@caspergn,@daffainfo)
[critical]
[CVE-2020-26217] XStream <1.4.14 - Remote Code Execution (@pwnhxl,@vicrack) [high]
[CVE-2020-26248] PrestaShop Product Comments <4.2.0 - SQL Injection (@edoardottt)
[high]
[CVE-2020-26258] XStream <1.4.15 - Server-Side Request Forgery (@pwnhxl) [high]
[CVE-2020-26413] Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
(@_0xf4n9x_,@pikpikcu) [medium]
[CVE-2020-26876] WordPress WP Courses Plugin Information Disclosure (@dwisiswant0)
[high]
[CVE-2020-26919] NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
(@gy741) [critical]
[CVE-2020-26948] Emby Server Server-Side Request Forgery (@dwisiswant0) [critical]
[CVE-2020-27191] LionWiki <3.2.12 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-2733] JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
(@dhiyaneshdk,@pussycat0x) [critical]
[CVE-2020-27361] Akkadian Provisioning Manager 4.50.02 - Sensitive Information
Disclosure (@gy741) [high]
[CVE-2020-27467] Processwire CMS <2.7.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-27481] Good Layers LMS Plugin <= 2.1.4 - SQL Injection (@edoardottt)
[critical]
[CVE-2020-27735] Wing FTP 6.4.4 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-27838] KeyCloak - Information Exposure (@mchklt) [medium]
[CVE-2020-27866] NETGEAR - Authentication Bypass (@gy741) [high]
[CVE-2020-27982] IceWarp WebMail 11.4.5.0 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2020-27986] SonarQube - Authentication Bypass (@pikpikcu) [high]
[CVE-2020-28185] TerraMaster TOS < 4.2.06 - User Enumeration (@pussycat0x) [medium]
[CVE-2020-28188] TerraMaster TOS - Unauthenticated Remote Command Execution
(@gy741) [critical]
[CVE-2020-28208] Rocket.Chat <3.9.1 - Information Disclosure (@pdteam) [medium]
[CVE-2020-28871] Monitorr 1.7.6m - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2020-28976] WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
(@logicalhunter) [medium]
[CVE-2020-29164] PacsOne Server <7.1.1 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2020-29227] Car Rental Management System 1.0 - Local File Inclusion
(@daffainfo) [critical]
[CVE-2020-29284] Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL
Injection (@edoardottt) [critical]
[CVE-2020-29395] Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2020-29453] Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-
INF) (@dwisiswant0) [medium]
[CVE-2020-29583] ZyXel USG - Hardcoded Credentials (@canberbamber) [critical]
[CVE-2020-29597] IncomCMS 2.0 - Arbitrary File Upload (@princechaddha) [critical]
[CVE-2020-3187] Cisco Adaptive Security Appliance Software/Cisco Firepower Threat
Defense - Directory Traversal (@kareemse1im) [critical]
[CVE-2020-3452] Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense
(FTD) - Local File Inclusion (@pdteam) [high]
[CVE-2020-35234] SMTP WP Plugin Directory Listing (@pr3r00t) [high]
[CVE-2020-35338] Wireless Multiplex Terminal Playout Server <=20.2.8 - Default
Credential Detection (@jeya seelan) [critical]
[CVE-2020-35476] OpenTSDB <=2.4.0 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-35489] WordPress Contact Form 7 - Unrestricted File Upload (@soyelmago)
[critical]
[CVE-2020-35580] SearchBlox <9.2.2 - Local File Inclusion (@daffainfo) [high]
[CVE-2020-35598] Advanced Comment System 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2020-35713] Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
(@gy741) [critical]
[CVE-2020-35729] Klog Server <=2.41 - Unauthenticated Command Injection
(@dwisiswant0) [critical]
[CVE-2020-35736] GateOne 1.1 - Local File Inclusion (@pikpikcu) [high]
[CVE-2020-35749] WordPress Simple Job Board <2.9.4 - Local File Inclusion
(@cckuailong) [high]
[CVE-2020-35774] twitter-server Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-3580] Cisco ASA/FTD Software - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-35846] Agentejo Cockpit < 0.11.2 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35847] Agentejo Cockpit <0.11.2 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35848] Agentejo Cockpit <0.12.0 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35951] Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
(@princechaddha) [critical]
[CVE-2020-35984] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35985] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35986] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35987] Rukovoditel <= 2.7.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-36112] CSE Bookstore 1.0 - SQL Injection (@geeknik) [critical]
[CVE-2020-36289] Jira Server and Data Center - Information Disclosure
(@dhiyaneshdk) [medium]
[CVE-2020-36365] Smartstore <4.1.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-36510] WordPress 15Zine <3.3.0 - Cross-Site Scripting (@veshraj) [medium]
[CVE-2020-4463] IBM Maximo Asset Management Information Disclosure - XML External
Entity Injection (@dwisiswant0) [high]
[CVE-2020-5191] PHPGurukul Hospital Management System - Cross-Site Scripting
(@tenbird) [medium]
[CVE-2020-5192] Hospital Management System 4.0 - SQL Injection (@tenbird) [high]
[CVE-2020-5284] Next.js <9.3.2 - Local File Inclusion
(@rootxharsh,@iamnoooob,@dwisiswant0) [medium]
[CVE-2020-5307] PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
(@gy741) [critical]
[CVE-2020-5405] Spring Cloud Config - Local File Inclusion (@harshbothra_) [medium]
[CVE-2020-5410] Spring Cloud Config Server - Local File Inclusion (@mavericknerd)
[high]
[CVE-2020-5412] Spring Cloud Netflix - Server-Side Request Forgery (@dwisiswant0)
[medium]
[CVE-2020-5775] Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
(@alph4byt3) [medium]
[CVE-2020-5776] MAGMI - Cross-Site Request Forgery (@dwisiswant0) [high]
[CVE-2020-5777] Magento Mass Importer <0.7.24 - Remote Auth Bypass (@dwisiswant0)
[critical]
[CVE-2020-5847] UnRaid <=6.80 - Remote Code Execution (@madrobot) [critical]
[CVE-2020-5902] F5 BIG-IP TMUI - Remote Code Execution
(@madrobot,@dwisiswant0,@ringo) [critical]
[CVE-2020-6171] CLink Office 2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-6207] SAP Solution Manager 7.2 - Remote Command Execution
(@_generic_human_) [critical]
[CVE-2020-6287] SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
(@dwisiswant0) [critical]
[CVE-2020-6308] SAP BusinessObjects Business Intelligence Platform - Blind Server-
Side Request Forgery (@madrobot) [medium]
[CVE-2020-6637] OpenSIS 7.3 - SQL Injection (@pikpikcu) [critical]
[CVE-2020-6950] Eclipse Mojarra - Local File Read (@iamnoooob,@pdresearch) [medium]
[CVE-2020-7107] WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2020-7136] HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
(@gy741) [critical]
[CVE-2020-7209] LinuxKI Toolset <= 6.01 - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-7318] McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
(@dwisiswant0) [medium]
[CVE-2020-7796] Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request
Forgery (@gy741) [critical]
[CVE-2020-7943] Puppet Server/PuppetDB - Sensitive Information Disclosure (@c-sh0)
[high]
[CVE-2020-7961] Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code
Execution (@dwisiswant0) [critical]
[CVE-2020-7980] Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
(@ritikchaddha) [critical]
[CVE-2020-8115] Revive Adserver <=5.0.3 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2020-8163] Ruby on Rails <5.0.1 - Remote Code Execution (@tim_koopmans) [high]
[CVE-2020-8191] Citrix ADC/Gateway - Cross-Site Scripting (@dwisiswant0) [medium]
[CVE-2020-8193] Citrix - Local File Inclusion (@pdteam) [medium]
[CVE-2020-8194] Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
(@dwisiswant0) [medium]
[CVE-2020-8209] Citrix XenMobile Server - Local File Inclusion (@dwisiswant0)
[high]
[CVE-2020-8497] Artica Pandora FMS <=7.42 - Arbitrary File Read (@gy741) [medium]
[CVE-2020-8512] IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
(@pdteam,@dwisiswant0) [medium]
[CVE-2020-8515] DrayTek - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-8615] Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
(@r3y3r53) [medium]
[CVE-2020-8641] Lotus Core CMS 1.0.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-8644] playSMS <1.4.3 - Remote Code Execution (@dbrwsky) [critical]
[CVE-2020-8654] EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
(@praetorian-thendrickson) [high]
[CVE-2020-8771] WordPress Time Capsule < 1.21.16 - Authentication Bypass
(@princechaddha) [critical]
[CVE-2020-8772] WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
(@princechaddha,@scent2d) [critical]
[CVE-2020-8813] Cacti v1.2.8 - Remote Code Execution (@gy741) [high]
[CVE-2020-8982] Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
(@dwisiswant0) [high]
[CVE-2020-9036] Jeedom <=4.0.38 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-9043] WordPress wpCentral <1.5.1 - Information Disclosure (@scent2d)
[high]
[CVE-2020-9047] exacqVision Web Service - Remote Code Execution (@dwisiswant0)
[high]
[CVE-2020-9054] Zyxel NAS Firmware 5.21- Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2020-9315] Oracle iPlanet Web Server 7.0.x - Authentication Bypass
(@dhiyaneshdk) [high]
[CVE-2020-9344] Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2020-9376] D-Link DIR-610 Devices - Information Disclosure (@whynotke) [high]
[CVE-2020-9402] Django SQL Injection (@geeknik) [high]
[CVE-2020-9425] rConfig <3.9.4 - Sensitive Information Disclosure (@madrobot)
[high]
[CVE-2020-9483] SkyWalking SQLI (@pikpikcu) [high]
[CVE-2020-9484] Apache Tomcat Remote Command Execution (@dwisiswant0) [high]
[CVE-2020-9496] Apache OFBiz 17.12.03 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2020-9757] Craft CMS < 3.3.0 - Server-Side Template Injection (@dwisiswant0)
[critical]
[CVE-2021-1472] Cisco Small Business RV Series - OS Command Injection (@gy741)
[critical]
[CVE-2021-1497] Cisco HyperFlex HX Data Platform - Remote Command Execution
(@gy741) [critical]
[CVE-2021-1498] Cisco HyperFlex HX Data Platform - Remote Command Execution
(@gy741) [critical]
[CVE-2021-1499] Cisco HyperFlex HX Data Platform - Arbitrary File Upload (@gy741)
[medium]
[CVE-2021-20031] SonicWall SonicOS 7.0 - Open Redirect (@gy741) [medium]
[CVE-2021-20038] SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
(@dwisiswant0,@jbaines-r7) [critical]
[CVE-2021-20090] Buffalo WSR-2533DHPL2 - Path Traversal (@gy741) [critical]
[CVE-2021-20091] Buffalo WSR-2533DHPL2 - Configuration File Injection
(@gy741,@pdteam,@parth) [high]
[CVE-2021-20092] Buffalo WSR-2533DHPL2 - Improper Access Control
(@gy741,@pdteam,@parth) [high]
[CVE-2021-20114] TCExam <= 14.8.1 - Sensitive Information Exposure (@push4d) [high]
[CVE-2021-20123] Draytek VigorConnect 1.6.0-B - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-20124] Draytek VigorConnect 6.0-B3 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-20137] Gryphon Tower - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2021-20150] Trendnet AC2600 TEW-827DRU - Credentials Disclosure (@gy741)
[medium]
[CVE-2021-20158] Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
(@gy741) [critical]
[CVE-2021-20167] Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass
Buffer Overrun (@gy741) [high]
[CVE-2021-20323] Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
(@ndmalc,@incogbyte) [medium]
[CVE-2021-20792] WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-20837] MovableType - Remote Command Injection
(@dhiyaneshdk,@hackergautam) [critical]
[CVE-2021-21087] Adobe ColdFusion - Cross-Site Scripting (@daviey) [medium]
[CVE-2021-21234] Spring Boot Actuator Logview Directory Traversal
(@gy741,@pikpikcu) [high]
[CVE-2021-21287] MinIO Browser API - Server-Side Request Forgery (@pikpikcu) [high]
[CVE-2021-21307] Lucee Admin - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2021-21311] Adminer <4.7.9 - Server-Side Request Forgery (@adam
crosser,@pwnhxl) [high]
[CVE-2021-21315] Node.JS System Information Library <5.3.1 - Remote Command
Injection (@pikpikcu) [high]
[CVE-2021-21345] XStream <1.4.16 - Remote Code Execution (@pwnhxl,@vicrack)
[critical]
[CVE-2021-21351] XStream <1.4.16 - Remote Code Execution (@pwnhxl) [critical]
[CVE-2021-21389] BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code
Execution (@lotusdll) [high]
[CVE-2021-21402] Jellyfin <10.7.0 - Local File Inclusion (@dwisiswant0) [medium]
[CVE-2021-21479] SCIMono <0.0.19 - Remote Code Execution (@dwisiswant0) [critical]
[CVE-2021-21745] ZTE MF971R - Referer authentication bypass (@gy741) [medium]
[CVE-2021-21799] Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-21800] Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-21801] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21802] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21803] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21805] Advantech R-SeeNet 2.4.12 - OS Command Injection (@arafatansari)
[critical]
[CVE-2021-21816] D-Link DIR-3040 1.13B03 - Information Disclosure (@gy741) [medium]
[CVE-2021-21881] Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
(@gy741) [critical]
[CVE-2021-21972] VMware vSphere Client (HTML5) - Remote Code Execution
(@dwisiswant0) [critical]
[CVE-2021-21973] VMware vSphere - Server-Side Request Forgery (@pdteam) [medium]
[CVE-2021-21975] vRealize Operations Manager API - Server-Side Request Forgery
(@luci) [high]
[CVE-2021-21978] VMware View Planner <4.6 SP1- Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2021-21985] VMware vSphere Client (HTML5) - Remote Code Execution
(@d0rkerdevil) [critical]
[CVE-2021-22005] VMware vCenter Server - Arbitrary File Upload (@pr3r00t)
[critical]
[CVE-2021-22053] Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code
Execution (@forgedhallpass) [high]
[CVE-2021-22054] VMWare Workspace ONE UEM - Server-Side Request Forgery (@h1ei1)
[high]
[CVE-2021-22122] FortiWeb - Cross Site Scripting (@dwisiswant0) [medium]
[CVE-2021-22145] Elasticsearch 7.10.0-7.13.3 - Information Disclosure
(@dhiyaneshdk) [medium]
[CVE-2021-22205] GitLab CE/EE - Remote Code Execution (@gitlab red team) [critical]
[CVE-2021-22214] Gitlab CE/EE 10.5 - Server-Side Request Forgery
(@suman_kar,@gitlab red team) [high]
[CVE-2021-22502] Micro Focus Operations Bridge Reporter - Remote Code Execution
(@pikpikcu) [critical]
[CVE-2021-22707] EVlink City < R8 V3.4.0.1 - Authentication Bypass
(@ritikchaddha,@dorkerdevil) [critical]
[CVE-2021-22873] Revive Adserver <5.1.0 - Open Redirect (@pudsec) [medium]
[CVE-2021-22911] Rocket.Chat <=3.13 - NoSQL Injection (@tess,@sullo) [critical]
[CVE-2021-22986] F5 iControl REST - Remote Command Execution
(@rootxharsh,@iamnoooob) [critical]
[CVE-2021-23241] MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
(@daffainfo) [medium]
[CVE-2021-24145] WordPress Modern Events Calendar Lite <5.16.5 - Authenticated
Arbitrary File Upload (@theamanrawat) [high]
[CVE-2021-24146] WordPress Modern Events Calendar Lite <5.16.5 - Sensitive
Information Disclosure (@random_robbie) [high]
[CVE-2021-24150] WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
(@theamanrawat) [high]
[CVE-2021-24155] WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
(@theamanrawat) [high]
[CVE-2021-24165] WordPress Ninja Forms <3.4.34 - Open Redirect
(@dhiyaneshdk,@daffainfo) [medium]
[CVE-2021-24169] WordPress Advanced Order Export For WooCommerce <3.1.8 -
Authenticated Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2021-24176] WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (@ganofins)
[medium]
[CVE-2021-24210] WordPress PhastPress <1.111 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-24214] WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site
Scripting (@tess) [medium]
[CVE-2021-24215] Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper
Access Control & Privilege Escalation (@r3y3r53) [critical]
[CVE-2021-24226] AccessAlly <3.5.7 - Sensitive Information Leakage (@dhiyaneshdk)
[high]
[CVE-2021-24227] Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
(@theamanrawat) [high]
[CVE-2021-24235] WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24236] WordPress Imagements <=1.2.5 - Arbitrary File Upload (@pussycat0x)
[critical]
[CVE-2021-24237] WordPress Realteo <=1.2.3 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2021-24239] WordPress Pie Register <3.7.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-24245] WordPress Stop Spammers <2021.9 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2021-24274] WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24275] Popup by Supsystic <1.10.5 - Cross-Site scripting (@dhiyaneshdk)
[medium]
[CVE-2021-24276] WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24278] WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
(@2rs3c) [high]
[CVE-2021-24284] WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
(@lamscun,@pussycat0x,@pdteam) [critical]
[CVE-2021-24285] WordPress Car Seller - Auto Classifieds Script - SQL Injection
(@shreyapohekar) [critical]
[CVE-2021-24286] WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2021-24287] WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2021-24288] WordPress AcyMailing <7.5.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-24291] WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
(@geeknik) [medium]
[CVE-2021-24298] WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24300] WordPress WooCommerce <1.13.22 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-24316] WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
(@0x_akoko) [medium]
[CVE-2021-24320] WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2021-24335] WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-
Site Scripting (@daffainfo) [medium]
[CVE-2021-24340] WordPress Statistics <13.0.8 - Blind SQL Injection
(@lotusdll,@j4vaovo) [high]
[CVE-2021-24342] WordPress JNews Theme <8.0.6 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24347] WordPress SP Project & Document Manager <4.22 - Authenticated
Shell Upload (@theamanrawat) [high]
[CVE-2021-24351] WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site
Scripting (@maximus decimus) [medium]
[CVE-2021-24358] Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
(@dhiyaneshdk) [medium]
[CVE-2021-24364] WordPress Jannah Theme <5.4.4 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24370] WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
(@pikpikcu) [critical]
[CVE-2021-24387] WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
(@suman_kar) [medium]
[CVE-2021-24389] WordPress FoodBakery <2.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2021-24406] WordPress wpForo Forum < 1.9.7 - Open Redirect (@0x_akoko)
[medium]
[CVE-2021-24407] WordPress Jannah Theme <5.4.5 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24409] Prismatic < 2.8 - Cross-Site Scripting (@harsh) [medium]
[CVE-2021-24435] WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
(@xcapri,@ritikchaddha) [medium]
[CVE-2021-24436] WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-24442] Wordpress Polls Widget < 1.5.3 - SQL Injection (@ritikchaddha)
[critical]
[CVE-2021-24452] WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-24472] Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File
Inclusion/Server-Side Request Forgery (@suman_kar) [critical]
[CVE-2021-24488] WordPress Post Grid <2.1.8 - Cross-Site Scripting (@cckuailong)
[medium]
[CVE-2021-24495] Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
(@johnjhacking) [medium]
[CVE-2021-24498] WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
(@suman_kar) [medium]
[CVE-2021-24499] WordPress Workreap - Remote Code Execution (@daffainfo) [critical]
[CVE-2021-24510] WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24554] WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
(@theamanrawat) [high]
[CVE-2021-24627] G Auto-Hyperlink <= 1.0.1 - SQL Injection (@theamanrawat) [high]
[CVE-2021-24647] Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
(@dhiyaneshdk) [high]
[CVE-2021-24666] WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
(@theamanrawat) [critical]
[CVE-2021-24731] Pie Register < 3.7.1.6 - SQL Injection (@theamanrawat) [critical]
[CVE-2021-24746] WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
(@supras) [medium]
[CVE-2021-24750] WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL
Injection (@cckuakilong) [high]
[CVE-2021-24762] WordPress Perfect Survey <1.5.2 - SQL Injection (@cckuailong)
[critical]
[CVE-2021-24791] Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection
(@r3y3r53) [high]
[CVE-2021-24827] WordPress Asgaros Forum <1.15.13 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-24838] WordPress AnyComment <0.3.5 - Open Redirect (@noobexploiter)
[medium]
[CVE-2021-24849] WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
(@ritikchaddha) [critical]
[CVE-2021-24862] WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
(@theamanrawat) [high]
[CVE-2021-24875] WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2021-24891] WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24910] WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
(@screamy) [medium]
[CVE-2021-24915] Contest Gallery < 13.1.0.6 - SQL injection (@r3y3r53) [critical]
[CVE-2021-24917] WordPress WPS Hide Login <1.9.1 - Information Disclosure
(@akincibor) [high]
[CVE-2021-24926] WordPress Domain Check <1.0.17 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-24931] WordPress Secure Copy Content Protection and Content Locking
<2.8.2 - SQL Injection (@theamanrawat) [critical]
[CVE-2021-24940] WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24943] Registrations for the Events Calendar < 2.7.6 - SQL Injection
(@ritikchaddha) [critical]
[CVE-2021-24946] WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2021-24947] WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
(@cckuailong) [medium]
[CVE-2021-24956] Blog2Social < 6.8.7 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2021-24970] WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
(@r3y3r53) [high]
[CVE-2021-24979] Paid Memberships Pro < 2.6.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-24987] WordPress Super Socializer <7.13.30 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2021-24991] WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5
- Cross-Site Scripting (@cckuailong) [medium]
[CVE-2021-24997] WordPress Guppy <=1.1 - Information Disclosure (@evan rubinstein)
[medium]
[CVE-2021-25003] WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2021-25008] The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-25016] Chaty < 2.8.2 - Cross-Site Scripting (@luisfelipe146) [medium]
[CVE-2021-25028] WordPress Event Tickets < 5.2.2 - Open Redirect (@dhiyaneshdk)
[medium]
[CVE-2021-25033] Noptin < 1.6.5 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2021-25052] WordPress Button Generator <2.3.3 - Remote File Inclusion
(@cckuailong) [high]
[CVE-2021-25055] WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2021-25063] WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-25065] Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected
Cross-Site Scripting (@harsh) [medium]
[CVE-2021-25067] Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-25074] WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open
Redirect (@dhiyaneshdk) [medium]
[CVE-2021-25075] WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
(@dhiyaneshdk) [low]
[CVE-2021-25078] Affiliates Manager < 2.9.0 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2021-25079] Contact Form Entries < 1.2.4 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-25085] WOOF WordPress plugin - Cross-Site Scripting (@maximus decimus)
[medium]
[CVE-2021-25099] WordPress GiveWP <2.17.3 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2021-25104] WordPress Ocean Extra <1.9.5 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2021-25111] WordPress English Admin <1.5.2 - Open Redirect (@akincibor)
[medium]
[CVE-2021-25112] WordPress WHMCS Bridge <6.4b - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-25114] WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2021-25118] Yoast SEO 16.7-17.2 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2021-25120] Easy Social Feed < 6.2.7 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-25281] SaltStack Salt <3002.5 - Auth Bypass (@madrobot) [critical]
[CVE-2021-25296] Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25297] Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25298] Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25299] Nagios XI 5.7.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-25646] Apache Druid - Remote Code Execution (@pikpikcu) [high]
[CVE-2021-25864] Hue Magic 3.0.0 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-25899] Void Aural Rec Monitor 9.0.0.1 - SQL Injection (@edoardottt)
[high]
[CVE-2021-26084] Confluence Server - Remote Code Execution
(@dhiyaneshdk,@philippedelteil) [critical]
[CVE-2021-26085] Atlassian Confluence Server - Local File Inclusion
(@princechaddha) [medium]
[CVE-2021-26086] Atlassian Jira Limited - Local File Inclusion (@cocxanh) [medium]
[CVE-2021-26247] Cacti - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2021-26292] AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
(@johnk3r) [low]
[CVE-2021-26294] AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
(@johnk3r) [high]
[CVE-2021-26295] Apache OFBiz <17.12.06 - Arbitrary Code Execution (@madrobot)
[critical]
[CVE-2021-26475] EPrints 3.4.2 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-26598] ImpressCMS <1.4.3 - Incorrect Authorization (@gy741,@pdteam)
[medium]
[CVE-2021-26702] EPrints 3.4.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-26710] Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
(@pikpikcu) [medium]
[CVE-2021-26723] Jenzabar 9.2x-9.2.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-26812] Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting (@aceseven
(digisec360)) [medium]
[CVE-2021-26855] Microsoft Exchange Server SSRF Vulnerability (@madrobot)
[critical]
[CVE-2021-27124] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[medium]
[CVE-2021-27132] Sercomm VD625 Smart Modems - CRLF Injection (@geeknik) [critical]
[CVE-2021-27309] Clansphere CMS 2011.4 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2021-27310] Clansphere CMS 2011.4 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-27314] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-27315] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27316] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27319] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27320] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27330] Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
(@pikpikcu,@daffainfo) [medium]
[CVE-2021-27358] Grafana Unauthenticated Snapshot Creation (@pdteam,@bing0o) [high]
[CVE-2021-27519] FUDForum 3.1.0 - Cross-Site Scripting (@kh4sh3i) [medium]
[CVE-2021-27520] FUDForum 3.1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2021-27561] YeaLink DM 3.6.0.20 - Remote Command Injection
(@shifacyclewala,@hackergautam) [critical]
[CVE-2021-27651] Pega Infinity - Authentication Bypass (@idealphase,@daffainfo)
[critical]
[CVE-2021-27670] Appspace 6.2.4 - Server-Side Request Forgery (@ritikchaddha)
[critical]
[CVE-2021-27748] IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
(@pdteam) [high]
[CVE-2021-27850] Apache Tapestry - Remote Code Execution (@pdteam) [critical]
[CVE-2021-27905] Apache Solr <=8.8.1 - Server-Side Request Forgery (@hackergautam)
[critical]
[CVE-2021-27909] Mautic <3.3.4 - Cross-Site Scripting (@kiransau) [medium]
[CVE-2021-27931] LumisXP <10.0.0 - Blind XML External Entity Attack (@alph4byt3)
[critical]
[CVE-2021-28073] Ntopng Authentication Bypass (@z3bd) [critical]
[CVE-2021-28149] Hongdian H8922 3.0.5 Devices - Local File Inclusion (@gy741)
[medium]
[CVE-2021-28150] Hongdian H8922 3.0.5 - Information Disclosure (@gy741) [medium]
[CVE-2021-28151] Hongdian H8922 3.0.5 - Remote Command Injection (@gy741) [high]
[CVE-2021-28169] Eclipse Jetty ConcatServlet - Information Disclosure (@pikpikcu)
[medium]
[CVE-2021-28377] Joomla! ChronoForums 2.0.11 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2021-28419] SEO Panel 4.8.0 - Blind SQL Injection (@theamanrawat) [high]
[CVE-2021-28854] VICIdial Sensitive Information Disclosure (@pdteam) [high]
[CVE-2021-28918] Netmask NPM Package - Server-Side Request Forgery (@johnjhacking)
[critical]
[CVE-2021-28937] Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password
Disclosure (@geeknik) [high]
[CVE-2021-29006] rConfig 3.9.6 - Local File Inclusion (@r3y3r53) [medium]
[CVE-2021-29156] LDAP Injection In OpenAM (@melbadry9,@xelkomy) [high]
[CVE-2021-29200] Apache OFBiz < 17.12.07 - Arbitrary Code Execution (@your3cho)
[critical]
[CVE-2021-29203] HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
(@madrobot) [critical]
[CVE-2021-29441] Nacos <1.4.1 - Authentication Bypass (@dwisiswant0) [critical]
[CVE-2021-29442] Nacos <1.4.1 - Authentication Bypass (@dwisiswant0) [high]
[CVE-2021-29484] Ghost CMS <=4.32 - Cross-Site Scripting (@rootxharsh,@iamnoooob)
[medium]
[CVE-2021-29490] Jellyfin 10.7.2 - Server Side Request Forgery (@alph4byt3)
[medium]
[CVE-2021-29505] XStream <1.4.17 - Remote Code Execution (@pwnhxl) [high]
[CVE-2021-29622] Prometheus - Open Redirect (@geeknik) [medium]
[CVE-2021-29625] Adminer <=4.8.0 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2021-3002] Seo Panel 4.8.0 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2021-30049] SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-30128] Apache OFBiz <17.12.07 - Arbitrary Code Execution (@for3stco1d)
[critical]
[CVE-2021-30134] Php-mod/curl Library <2.3.2 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2021-30151] Sidekiq <=6.2.0 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2021-3017] Intelbras WIN 300/WRN 342 - Credentials Disclosure (@pikpikcu)
[high]
[CVE-2021-30175] ZEROF Web Server 1.0 - SQL Injection (@edoardottt) [critical]
[CVE-2021-3019] ffay lanproxy Directory Traversal (@pikpikcu) [high]
[CVE-2021-30213] Knowage Suite 7.3 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-30461] VoipMonitor <24.61 - Remote Code Execution
(@shifacyclewala,@hackergautam) [critical]
[CVE-2021-30497] Ivanti Avalanche 6.3.2 - Local File Inclusion (@gy741) [high]
[CVE-2021-3110] PrestaShop 1.7.7.0 - SQL Injection (@jaimin gondaliya) [critical]
[CVE-2021-31195] Microsoft Exchange Server - Cross-Site Scripting (@infosecsanyam)
[medium]
[CVE-2021-31249] CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
(@geeknik) [medium]
[CVE-2021-31250] CHIYU TCP/IP Converter - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-3129] Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
(@z3bd,@pdteam) [critical]
[CVE-2021-31537] SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2021-31581] Akkadian Provisioning Manager - Information Disclosure (@geeknik)
[medium]
[CVE-2021-31589] BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site
Scripting (@ahmed abou-ela) [medium]
[CVE-2021-31602] Hitachi Vantara Pentaho/Business Intelligence Server -
Authentication Bypass (@pussycat0x) [high]
[CVE-2021-31682] WebCTRL OEM <= 6.5 - Cross-Site Scripting (@gy741,@dhiyaneshdk)
[medium]
[CVE-2021-31755] Tenda Router AC11 - Remote Command Injection (@gy741) [critical]
[CVE-2021-31805] Apache Struts2 S2-062 - Remote Code Execution (@taielab)
[critical]
[CVE-2021-31856] Layer5 Meshery 0.5.2 - SQL Injection (@princechaddha) [critical]
[CVE-2021-31862] SysAid 20.4.74 - Cross-Site Scripting (@jas37) [medium]
[CVE-2021-32030] ASUS GT-AC2900 - Authentication Bypass (@gy741) [critical]
[CVE-2021-32172] Maian Cart <=3.8 - Remote Code Execution (@pdteam) [critical]
[CVE-2021-3223] Node RED Dashboard <2.26.2 - Local File Inclusion
(@gy741,@pikpikcu) [high]
[CVE-2021-32305] Websvn <2.6.1 - Remote Code Execution (@gy741) [critical]
[CVE-2021-32618] Python Flask-Security - Open Redirect (@0x_akoko) [medium]
[CVE-2021-32682] elFinder 2.1.58 - Remote Code Execution (@smaranchand) [critical]
[CVE-2021-32789] WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
(@rootxharsh,@iamnoooob,@s1r1u5_,@cookiehanhoan,@madrobot) [high]
[CVE-2021-32819] Nodejs Squirrelly - Remote Code Execution (@pikpikcu) [high]
[CVE-2021-32820] Express-handlebars - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2021-32853] Erxes <0.23.0 - Cross-Site Scripting (@dwisiswant0) [critical]
[CVE-2021-3293] emlog 5.3.1 Path Disclosure (@h1ei1) [medium]
[CVE-2021-3297] Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass (@gy741)
[high]
[CVE-2021-33044] Dahua IPC/VTH/VTO - Authentication Bypass (@gy741) [critical]
[CVE-2021-33221] CommScope Ruckus IoT Controller - Information Disclosure
(@geeknik) [critical]
[CVE-2021-33357] RaspAP <=2.6.5 - Remote Command Injection (@pikpikcu,@pdteam)
[critical]
[CVE-2021-33544] Geutebruck - Remote Command Injection (@gy741) [high]
[CVE-2021-33564] Ruby Dragonfly <1.4.0 - Remote Code Execution (@0xsapra)
[critical]
[CVE-2021-33690] SAP NetWeaver Development Infrastructure - Server Side Request
Forgery (@dhiyaneshdk) [critical]
[CVE-2021-3374] Rstudio Shiny Server <1.5.16 - Local File Inclusion (@geeknik)
[medium]
[CVE-2021-3377] npm ansi_up v4 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-3378] FortiLogger 4.4.2.2 - Arbitrary File Upload (@dwisiswant0)
[critical]
[CVE-2021-33807] Cartadis Gespage 8.2.1 - Directory Traversal (@daffainfo) [high]
[CVE-2021-33851] WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
(@8authur) [medium]
[CVE-2021-33904] Accela Civic Platform <=21.1 - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2021-34370] Accela Civic Platform <=21.1 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2021-34429] Eclipse Jetty - Information Disclosure (@bernardofsr,@am0nt31r0)
[medium]
[CVE-2021-34473] Exchange Server - Remote Code Execution
(@arcc,@intx0x80,@dwisiswant0,@r3dg33k) [critical]
[CVE-2021-34621] WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
(@0xsapra) [critical]
[CVE-2021-34640] WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-34643] WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-34805] FAUST iServer 9.0.018.018.4 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-35250] SolarWinds Serv-U 15.3 - Directory Traversal (@johnk3r,@pdteam)
[high]
[CVE-2021-35265] MaxSite CMS > V106 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-35323] Bludit 3.13.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2021-35336] Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin
Panel Access (@pratik khalane) [critical]
[CVE-2021-35380] TermTalk Server 3.24.0.2 - Local File Inclusion (@fxploit) [high]
[CVE-2021-35395] RealTek Jungle SDK - Arbitrary Command Injection (@king-alexander)
[critical]
[CVE-2021-35464] ForgeRock OpenAM <7.0 - Remote Code Execution (@madrobot)
[critical]
[CVE-2021-35488] Thruk 2.40-2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2021-35587] Oracle Access Manager - Remote Code Execution (@cckuailong)
[critical]
[CVE-2021-3577] Motorola Baby Monitors - Remote Command Execution (@gy741) [high]
[CVE-2021-36260] Hikvision IP camera/NVR - Remote Command Execution
(@pdteam,@gy741,@johnk3r) [critical]
[CVE-2021-36356] Kramer VIAware - Remote Code Execution (@gy741) [critical]
[CVE-2021-36380] Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command
Injection (@gy741) [critical]
[CVE-2021-36450] Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
(@atomiczsec) [medium]
[CVE-2021-3654] Nova noVNC - Open Redirect (@geeknik) [medium]
[CVE-2021-36580] IceWarp Mail Server - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2021-36748] PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection (@whoever)
[high]
[CVE-2021-36749] Apache Druid - Local File Inclusion (@_0xf4n9x_) [medium]
[CVE-2021-36873] WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-37216] QSAN Storage Manager <3.3.3 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2021-37304] Jeecg Boot <= 2.4.5 - Information Disclosure (@ritikchaddha)
[high]
[CVE-2021-37305] Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
(@ritikchaddha) [high]
[CVE-2021-37416] Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2021-37538] PrestaShop SmartBlog <4.0.6 - SQL Injection (@whoever) [critical]
[CVE-2021-37573] Tiny Java Web Server - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-37580] Apache ShenYu Admin JWT - Authentication Bypass (@pdteam)
[critical]
[CVE-2021-37589] Virtua Software Cobranca <12R - Blind SQL Injection
(@princechaddha) [high]
[CVE-2021-37704] phpfastcache - phpinfo Resource Exposure (@whoever) [medium]
[CVE-2021-37833] Hotel Druid 3.0.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-38314] WordPress Redux Framework <=4.2.11 - Information Disclosure
(@meme-lord) [medium]
[CVE-2021-38540] Apache Airflow - Unauthenticated Variable Import (@pdteam)
[critical]
[CVE-2021-38647] Microsoft Open Management Infrastructure - Remote Code Execution
(@daffainfo,@xstp) [critical]
[CVE-2021-38702] Cyberoam NetGenie Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-38704] ClinicCases 7.3.3 Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-38751] ExponentCMS <= 2.6 - Host Header Injection (@dwisiswant0) [medium]
[CVE-2021-39141] XStream 1.4.18 - Remote Code Execution (@pwnhxl) [high]
[CVE-2021-39144] XStream 1.4.18 - Remote Code Execution (@pwnhxl,@vicrack) [high]
[CVE-2021-39146] XStream 1.4.18 - Arbitrary Code Execution (@pwnhxl) [high]
[CVE-2021-39152] XStream <1.4.18 - Server-Side Request Forgery (@pwnhxl) [high]
[CVE-2021-39165] Cachet <=2.3.18 - SQL Injection (@tess) [medium]
[CVE-2021-39211] GLPI 9.2/<9.5.6 - Information Disclosure (@dogasantos,@noraj)
[medium]
[CVE-2021-39226] Grafana Snapshot - Authentication Bypass (@evan rubinstein) [high]
[CVE-2021-39312] WordPress True Ranker <2.2.4 - Local File Inclusion (@dhiyaneshdk)
[high]
[CVE-2021-39316] WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
(@daffainfo) [high]
[CVE-2021-39320] WordPress Under Construction <1.19 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-39322] WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-39327] WordPress BulletProof Security 5.1 Information Disclosure
(@geeknik) [medium]
[CVE-2021-39350] FV Flowplayer Video Player WordPress plugin - Authenticated
Cross-Site Scripting (@gy741) [medium]
[CVE-2021-39433] BIQS IT Biqs-drive v1.83 Local File Inclusion (@veshraj) [high]
[CVE-2021-39501] EyouCMS 1.5.4 Open Redirect (@0x_akoko) [medium]
[CVE-2021-40149] Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
(@for3stco1d) [medium]
[CVE-2021-40150] Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
(@for3stco1d) [high]
[CVE-2021-40323] Cobbler <3.3.0 - Remote Code Execution (@c-sh0) [critical]
[CVE-2021-40438] Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery (@pdteam)
[critical]
[CVE-2021-40539] Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated
Remote Command Execution (@daffainfo,@pdteam) [critical]
[CVE-2021-40542] Opensis-Classic 8.0 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-40651] OS4Ed OpenSIS Community 8.0 - Local File Inclusion (@ctflearner)
[medium]
[CVE-2021-40661] IND780 - Local File Inclusion (@for3stco1d) [high]
[CVE-2021-40822] Geoserver - Server-Side Request Forgery (@for3stco1d,@aringo-bf)
[high]
[CVE-2021-40856] Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
(@gy741) [high]
[CVE-2021-40859] Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
(@pussycat0x) [critical]
[CVE-2021-40868] Cloudron 6.2 Cross-Site Scripting (@daffainfo) [medium]
[CVE-2021-40870] Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command
Execution (@pikpikcu) [critical]
[CVE-2021-40875] Gurock TestRail Application files.md5 Exposure (@oscarintherocks)
[high]
[CVE-2021-40908] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-40960] Galera WebTemplate 1.0 Directory Traversal (@daffainfo) [critical]
[CVE-2021-40968] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40969] Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2021-40970] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40971] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40972] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40973] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40978] MKdocs 1.2.2 - Directory Traversal (@pikpikcu) [high]
[CVE-2021-41174] Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site
Scripting (@pdteam) [medium]
[CVE-2021-41192] Redash Setup Configuration - Default Secrets Disclosure
(@bananabr) [medium]
[CVE-2021-41266] MinIO Operator Console Authentication Bypass (@alevsk) [critical]
[CVE-2021-41277] Metabase - Local File Inclusion (@0x_akoko,@dhiyaneshdk) [high]
[CVE-2021-41282] pfSense - Arbitrary File Write (@cckuailong) [high]
[CVE-2021-41291] ECOA Building Automation System - Directory Traversal Content
Disclosure (@gy741) [high]
[CVE-2021-41293] ECOA Building Automation System - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2021-41349] Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
(@rootxharsh,@iamnoooob) [medium]
[CVE-2021-41381] Payara Micro Community 5.2021.6 Directory Traversal (@pikpikcu)
[high]
[CVE-2021-41432] FlatPress 1.2.1 - Stored Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-41460] ECShop 4.1.0 - SQL Injection (@sleepingbag945) [high]
[CVE-2021-41467] JustWriting - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-41569] SAS/Internet 9.4 1520 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-41648] PuneethReddyHC action.php SQL Injection (@daffainfo) [high]
[CVE-2021-41649] PuneethReddyHC Online Shopping System homeaction.php SQL Injection
(@daffainfo) [critical]
[CVE-2021-41653] TP-Link - OS Command Injection (@gy741) [critical]
[CVE-2021-41691] openSIS Student Information System 8.0 SQL Injection (@bartu utku
sarp) [high]
[CVE-2021-41749] CraftCMS SEOmatic - Server-Side Template Injection
(@iamnoooob,@ritikchaddha) [critical]
[CVE-2021-41773] Apache 2.4.49 - Path Traversal and Remote Code Execution
(@daffainfo,@666asd) [high]
[CVE-2021-41826] PlaceOS 1.2109.1 - Open Redirection (@geeknik) [medium]
[CVE-2021-41878] i-Panel Administration System 2.0 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2021-4191] GitLab GraphQL API User Enumeration (@zsusac) [medium]
[CVE-2021-41951] Resourcespace - Cross-Site Scripting (@coldfish) [medium]
[CVE-2021-42013] Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
(@nvn1729,@0xd0ff9,@666asd) [critical]
[CVE-2021-42063] SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting (@pdteam)
[medium]
[CVE-2021-42071] Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command
Injection (@gy741) [critical]
[CVE-2021-42192] KONGA 0.14.9 - Privilege Escalation (@rschio) [high]
[CVE-2021-42237] Sitecore Experience Platform Pre-Auth RCE (@pdteam) [critical]
[CVE-2021-42258] BillQuick Web Suite SQL Injection (@dwisiswant0) [critical]
[CVE-2021-42551] NetBiblio WebOPAC - Cross-Site Scripting (@compr00t) [medium]
[CVE-2021-42565] myfactory FMS - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-42566] myfactory FMS - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-42567] Apereo CAS Cross-Site Scripting (@pdteam) [medium]
[CVE-2021-42627] D-Link DIR-615 - Unauthorized Access (@for3stco1d) [critical]
[CVE-2021-42663] Sourcecodester Online Event Booking and Reservation System 2.3.0 -
Cross-Site Scripting (@fxploit) [medium]
[CVE-2021-42667] Online Event Booking and Reservation System 2.3.0 - SQL Injection
(@fxploit) [critical]
[CVE-2021-42887] TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass (@gy741)
[critical]
[CVE-2021-43062] Fortinet FortiMail 7.0.1 - Cross-Site Scripting (@ajaysenr)
[medium]
[CVE-2021-43287] Pre-Auth Takeover of Build Pipelines in GoCD (@dhiyaneshdk) [high]
[CVE-2021-43421] Studio-42 elFinder <2.1.60 - Arbitrary File Upload (@akincibor)
[critical]
[CVE-2021-43495] AlquistManager Local File Inclusion (@pikpikcu) [high]
[CVE-2021-43496] Clustering Local File Inclusion (@evan rubinstein) [high]
[CVE-2021-43510] Sourcecodester Simple Client Management System 1.0 - SQL Injection
(@edoardottt) [critical]
[CVE-2021-43574] Atmail 6.5.0 - Cross-Site Scripting (@arafatansari,@ritikchaddha)
[medium]
[CVE-2021-43725] Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2021-43734] kkFileview v4.0.0 - Local File Inclusion (@arafatansari) [high]
[CVE-2021-43778] GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
(@cckuailong) [high]
[CVE-2021-43798] Grafana v8.x - Arbitrary File Read (@z0ne,@dhiyaneshdk,@j4vaovo)
[high]
[CVE-2021-43810] Admidio - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-44077] Zoho ManageEngine ServiceDesk Plus - Remote Code Execution (@adam
crosser,@gy741) [critical]
[CVE-2021-44138] Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal (@carrot2)
[high]
[CVE-2021-44139] Alibaba Sentinel - Server-side request forgery (SSRF)
(@dhiyaneshdk) [high]
[CVE-2021-44152] Reprise License Manager 14.2 - Authentication Bypass (@akincibor)
[critical]
[CVE-2021-44228] Apache Log4j2 Remote Code Injection
(@melbadry9,@dhiyaneshdk,@daffainfo,@anon-artist,@0xceba,@tea,@j4vaovo) [critical]
[CVE-2021-44427] Rosario Student Information System Unauthenticated SQL Injection
(@furkansayim,@xshuden) [critical]
[CVE-2021-44451] Apache Superset <=1.3.2 - Default Login (@dhiyaneshdk) [medium]
[CVE-2021-44515] Zoho ManageEngine Desktop Central - Remote Code Execution (@adam
crosser) [critical]
[CVE-2021-44528] Open Redirect in Host Authorization Middleware (@geeknik) [medium]
[CVE-2021-44529] Ivanti EPM Cloud Services Appliance Code Injection
(@duty_1g,@phyr3wall,@tirtha) [critical]
[CVE-2021-44848] Thinfinity VirtualUI User Enumeration (@danielmofer) [medium]
[CVE-2021-44910] SpringBlade - Information Leakage (@lbb) [high]
[CVE-2021-45043] HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
(@momen eldawakhly,@evan rubinstein) [high]
[CVE-2021-45046] Apache Log4j2 - Remote Code Injection (@imnightmaree) [critical]
[CVE-2021-45092] Thinfinity Iframe Injection (@danielmofer) [critical]
[CVE-2021-45232] Apache APISIX Dashboard <2.10.1 - API Unauthorized Access (@mr-xn)
[critical]
[CVE-2021-45380] AppCMS - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-45382] D-Link - Remote Command Execution (@king-alexander) [critical]
[CVE-2021-45422] Reprise License Manager 14.2 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2021-45428] Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload (@gy741)
[critical]
[CVE-2021-45967] Pascom CPS Server-Side Request Forgery (@dwisiswant0) [critical]
[CVE-2021-45968] Pascom CPS - Local File Inclusion (@dwisiswant0) [high]
[CVE-2021-46005] Sourcecodester Car Rental Management System 1.0 - Stored Cross-
Site Scripting (@cckuailong) [medium]
[CVE-2021-46068] Vehicle Service Management System - Stored Cross-Site Scripting
(@tenbird) [medium]
[CVE-2021-46069] Vehicle Service Management System 1.0 - Stored Cross Site
Scripting (@tenbird) [medium]
[CVE-2021-46071] ehicle Service Management System 1.0 - Cross-Site Scripting
(@tenbird) [medium]
[CVE-2021-46072] Vehicle Service Management System 1.0 - Stored Cross Site
Scripting (@tenbird) [medium]
[CVE-2021-46073] Vehicle Service Management System 1.0 - Cross Site Scripting
(@tenbird) [medium]
[CVE-2021-46107] Ligeo Archives Ligeo Basics - Server Side Request Forgery
(@ritikchaddha) [high]
[CVE-2021-46379] D-Link DIR850 ET850-1.08TRb03 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-46381] D-Link DAP-1620 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-46387] Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2021-46417] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 -
Local File Inclusion (@for3stco1d) [high]
[CVE-2021-46418] Telesquare TLR-2855KS6 - Arbitrary File Creation (@dhiyaneshdk)
[high]
[CVE-2021-46419] Telesquare TLR-2855KS6 - Arbitrary File Deletion (@dhiyaneshdk)
[critical]
[CVE-2021-46422] SDT-CW3B1 1.1.0 - OS Command Injection
(@badboycxcc,@prajiteshsingh) [critical]
[CVE-2021-46424] Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete (@gy741)
[critical]
[CVE-2021-46704] GenieACS => 1.2.8 - OS Command Injection (@dhiyaneshdk) [critical]
[CVE-2022-0087] Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
(@shivanshkhari) [medium]
[CVE-2022-0140] WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting
(@random-robbie) [medium]
[CVE-2022-0147] WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 -
Cross-Site Scripting (@8arthur) [medium]
[CVE-2022-0148] WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0149] WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0150] WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2022-0165] WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
(@akincibor) [medium]
[CVE-2022-0169] Photo Gallery by 10Web < 1.6.0 - SQL Injection
(@ritikchaddha,@princechaddha) [critical]
[CVE-2022-0189] WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0201] WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-0206] WordPress NewStatPress <1.3.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-0208] WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-0212] WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2022-0218] HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
(@hexcat) [medium]
[CVE-2022-0220] WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2022-0228] Popup Builder < 4.0.7 - SQL Injection (@r3y3r53) [high]
[CVE-2022-0234] WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-0271] LearnPress <4.1.6 - Cross-Site Scripting (@akincibor) [medium]
[CVE-2022-0281] Microweber Information Disclosure (@pikpikcu) [high]
[CVE-2022-0288] WordPress Ad Inserter <2.7.10 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2022-0342] Zyxel - Authentication Bypass (@sleepingbag945,@powerexploit)
[critical]
[CVE-2022-0346] WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site
Scripting/Remote Code Execution (@akincibor,@theamanrawat) [medium]
[CVE-2022-0349] WordPress NotificationX <2.3.9 - SQL Injection (@edoardottt)
[critical]
[CVE-2022-0378] Microweber Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-0381] WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-0412] WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
(@edoardottt) [critical]
[CVE-2022-0415] Gogs <0.12.6 - Remote Command Execution (@theamanrawat) [high]
[CVE-2022-0422] WordPress White Label CMS <2.2.9 - Cross-Site Scripting (@random-
robbie) [medium]
[CVE-2022-0424] Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
(@kazgangap) [medium]
[CVE-2022-0432] Mastodon Prototype Pollution Vulnerability (@pikpikcu) [medium]
[CVE-2022-0434] WordPress Page Views Count <2.4.15 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0437] karma-runner DOM-based Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-0441] MasterStudy LMS <2.7.6 - Improper Access Control
(@dwisiswant0,@theamanrawat) [critical]
[CVE-2022-0482] Easy!Appointments <1.4.3 - Broken Access Control
(@francescocarlucci,@opencirt) [critical]
[CVE-2022-0533] Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-0535] WordPress E2Pdf <1.16.45 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-0540] Atlassian Jira Seraph - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2022-0591] Formcraft3 <3.8.28 - Server-Side Request Forgery
(@akincibor,@j4vaovo) [critical]
[CVE-2022-0594] WordPress Shareaholic <9.7.6 - Information Disclosure (@atomiczsec)
[medium]
[CVE-2022-0595] WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-0597] Microweber < 1.2.11 - Open Redirection (@farish) [medium]
[CVE-2022-0599] WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-
Site Scripting (@scent2d) [medium]
[CVE-2022-0651] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [high]
[CVE-2022-0653] Wordpress Profile Builder Plugin Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2022-0656] uDraw <3.3.3 - Local File Inclusion (@akincibor) [high]
[CVE-2022-0658] CommonsBooking < 2.6.8 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0660] Microweber <1.2.11 - Information Disclosure (@amit-jd) [high]
[CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
[CVE-2022-0678] Microweber <1.2.11 - Cross-Site Scripting (@tess,@co5mos) [medium]
[CVE-2022-0679] WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion
(@veshraj) [critical]
[CVE-2022-0692] Rudloff alltube prior to 3.0.1 - Open Redirect (@0x_akoko) [medium]
[CVE-2022-0693] WordPress Master Elements <=8.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0735] GitLab CE/EE - Information Disclosure (@gitlab red team) [critical]
[CVE-2022-0747] Infographic Maker iList < 4.3.8 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0760] WordPress Simple Link Directory <7.7.2 - SQL injection
(@theamanrawat) [critical]
[CVE-2022-0769] Users Ultra <= 3.1.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0773] Documentor <= 1.5.3 - Unauthenticated SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0781] WordPress Nirweb Support <2.8.2 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0784] WordPress Title Experiments Free <9.0.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0785] WordPress Daily Prayer Time <2022.03.01 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0786] WordPress KiviCare <2.3.9 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0787] Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0788] WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0
- SQL Injection (@theamanrawat) [critical]
[CVE-2022-0814] Ubigeo de Peru < 3.6.4 - SQL Injection (@r3y3r53) [critical]
[CVE-2022-0817] WordPress BadgeOS <=3.7.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0824] Webmin <1.990 - Improper Access Control (@cckuailong) [high]
[CVE-2022-0826] WordPress WP Video Gallery <=1.7.1 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0827] WordPress Best Books <=2.6.3 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0846] SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0864] UpdraftPlus < 1.22.9 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0867] WordPress ARPrice <3.6.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0869] nitely/spirit 0.12.3 - Open Redirect (@ctflearner) [medium]
[CVE-2022-0870] Gogs <0.12.5 - Server-Side Request Forgery
(@theamanrawat,@akincibor) [medium]
[CVE-2022-0885] Member Hero <=1.0.9 - Remote Code Execution (@theamanrawat)
[critical]
[CVE-2022-0899] Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-0928] Microweber < 1.2.12 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0948] WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0949] WordPress Stop Bad Bots <6.930 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0952] WordPress Sitemap by click5 <1.0.36 - Missing Authorization
(@random-robbie) [high]
[CVE-2022-0954] Microweber <1.2.11 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0963] Microweber <1.2.12 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0968] Microweber <1.2.12 - Integer Overflow (@amit-jd) [medium]
[CVE-2022-1007] WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting
(@8arthur) [medium]
[CVE-2022-1013] WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2022-1020] WordPress WooCommerce <3.1.2 - Arbitrary Function Call (@akincibor)
[critical]
[CVE-2022-1040] Sophos Firewall <=18.5 MR3 - Remote Code Execution (@for3stco1d)
[critical]
[CVE-2022-1054] WordPress RSVP and Event Management <2.7.8 - Missing Authorization
(@akincibor) [medium]
[CVE-2022-1057] WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-1058] Gitea <1.16.5 - Open Redirect (@theamanrawat) [medium]
[CVE-2022-1119] WordPress Simple File List <3.2.8 - Local File Inclusion (@random-
robbie) [high]
[CVE-2022-1162] GitLab CE/EE - Hard-Coded Credentials (@gitlab red team) [critical]
[CVE-2022-1168] WordPress WP JobSearch <1.5.1 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-1170] JobMonster < 4.5.2.9 - Cross-Site Scripting
(@akincibor,@ritikchaddha) [medium]
[CVE-2022-1221] WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
(@veshraj) [medium]
[CVE-2022-1329] Elementor Website Builder - Remote Code Execution (@theamanrawat)
[high]
[CVE-2022-1386] WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
(@akincibor,@mantissts,@calumjelrick) [critical]
[CVE-2022-1388] F5 BIG-IP iControl - REST Auth Bypass RCE (@dwisiswant0,@ph33r)
[critical]
[CVE-2022-1390] WordPress Admin Word Count Column 2.2 - Local File Inclusion
(@daffainfo,@splint3r7) [critical]
[CVE-2022-1391] WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
(@splint3r7) [critical]
[CVE-2022-1392] WordPress Videos sync PDF <=1.7.4 - Local File Inclusion (@veshraj)
[high]
[CVE-2022-1398] External Media without Import <=1.1.2 - Authenticated Blind Server-
Side Request Forgery (@theamanrawat) [medium]
[CVE-2022-1439] Microweber <1.2.15 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-1442] WordPress Metform <=2.1.3 - Information Disclosure (@theamanrawat)
[high]
[CVE-2022-1574] WordPress HTML2WP <=1.0.0 - Arbitrary File Upload (@theamanrawat)
[critical]
[CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@kazgangap)
[medium]
[CVE-2022-1595] WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
(@theamanrawat) [medium]
[CVE-2022-1597] WordPress WPQA <5.4 - Cross-Site Scripting (@veshraj) [medium]
[CVE-2022-1598] WordPress WPQA <5.5 - Improper Access Control (@veshraj) [medium]
[CVE-2022-1609] The School Management < 9.9.7 - Remote Code Execution (@for3stco1d)
[critical]
[CVE-2022-1713] Drawio <18.0.4 - Server-Side Request Forgery (@pikpikcu) [high]
[CVE-2022-1724] WordPress Simple Membership <4.1.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-1756] Newsletter < 7.4.5 - Cross-Site Scripting (@harsh) [medium]
[CVE-2022-1768] WordPress RSVPMaker <=9.3.2 - SQL Injection (@edoardottt) [high]
[CVE-2022-1815] Drawio <18.1.2 - Server-Side Request Forgery (@amit-jd) [high]
[CVE-2022-1883] Terraboard <2.2.0 - SQL Injection (@edoardottt) [high]
[CVE-2022-1903] ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
(@theamanrawat) [high]
[CVE-2022-1904] WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-1906] WordPress Copyright Proof <=4.16 - Cross-Site-Scripting (@random-
robbie) [medium]
[CVE-2022-1910] WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-
Site Scripting (@akincibor) [medium]
[CVE-2022-1916] WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-
Site Scripting (@akincibor) [medium]
[CVE-2022-1933] WordPress CDI <5.1.9 - Cross Site Scripting (@akincibor) [medium]
[CVE-2022-1937] WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
(@akincibor,@dhiyaneshdk) [medium]
[CVE-2022-1946] WordPress Gallery <2.0.0 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-1952] WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-21371] Oracle WebLogic Server Local File Inclusion (@paradessia,@narluin)
[high]
[CVE-2022-21500] Oracle E-Business Suite <=12.2 - Authentication Bypass
(@3th1c_yuk1,@tess,@0xpugazh) [high]
[CVE-2022-21587] Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2022-21661] WordPress <5.8.3 - SQL Injection (@marcio mendes) [high]
[CVE-2022-21705] October CMS - Remote Code Execution (@iphantasmic) [high]
[CVE-2022-2174] microweber 1.2.18 - Cross-site Scripting (@r3y3r53) [medium]
[CVE-2022-2185] GitLab CE/EE - Remote Code Execution (@gitlab red team) [high]
[CVE-2022-2187] WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
(@for3stco1d) [medium]
[CVE-2022-2219] Unyson < 2.7.27 - Cross Site Scripting (@r3y3r53) [high]
[CVE-2022-22242] Juniper Web Device Manager - Cross-Site Scripting
(@evergreencartoons) [medium]
[CVE-2022-22536] SAP Memory Pipes (MPI) Desynchronization (@pdteam) [critical]
[CVE-2022-22733] Apache ShardingSphere ElasticJob-UI privilege escalation (@zeyad
azima) [medium]
[CVE-2022-22897] PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection (@mastercho)
[critical]
[CVE-2022-2290] Trilium <0.52.4 - Cross-Site Scripting (@dbrwsky) [medium]
[CVE-2022-22947] Spring Cloud Gateway Code Injection (@pdteam) [critical]
[CVE-2022-22954] VMware Workspace ONE Access - Server-Side Template Injection
(@sherlocksecurity) [critical]
[CVE-2022-22963] Spring Cloud - Remote Code Execution (@mr-xn,@adam crosser)
[critical]
[CVE-2022-22965] Spring - Remote Code Execution
(@justmumu,@arall,@dhiyaneshdk,@akincibor) [critical]
[CVE-2022-22972] VMware Workspace ONE Access/Identity Manager/vRealize Automation -
Authentication Bypass (@for3stco1d,@princechaddha) [critical]
[CVE-2022-23102] SINEMA Remote Connect Server < V2.0 - Open Redirect
(@ctflearner,@ritikchaddha) [medium]
[CVE-2022-23131] Zabbix - SAML SSO Authentication Bypass (@for3stco1d,@spac3wh1te)
[critical]
[CVE-2022-23134] Zabbix Setup Configuration Authentication Bypass (@bananabr)
[medium]
[CVE-2022-2314] WordPress VR Calendar <=2.3.2 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2022-23178] Crestron Device - Credentials Disclosure (@gy741) [critical]
[CVE-2022-23347] BigAnt Server v5.6.06 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-23348] BigAnt Server 5.6.06 - Improper Access Control (@arafatansari)
[medium]
[CVE-2022-23544] MeterSphere < 2.5.0 SSRF (@j4vaovo) [medium]
[CVE-2022-2373] WordPress Simply Schedule Appointments <1.5.7.7 - Information
Disclosure (@theamanrawat,@theabhinavgaur) [medium]
[CVE-2022-2376] WordPress Directorist <7.3.1 - Information Disclosure (@random-
robbie) [medium]
[CVE-2022-23779] Zoho ManageEngine - Internal Hostname Disclosure (@cckuailong)
[medium]
[CVE-2022-2379] WordPress Easy Student Results <=2.2.8 - Improper Authorization
(@theamanrawat) [high]
[CVE-2022-23808] phpMyAdmin < 5.1.2 - Cross-Site Scripting (@cckuailong,@daffainfo)
[medium]
[CVE-2022-2383] WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-23854] AVEVA InTouch Access Anywhere Secure Gateway - Local File
Inclusion (@for3stco1d) [high]
[CVE-2022-23881] ZZZCMS zzzphp 2.1.0 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2022-23898] MCMS 5.2.5 - SQL Injection (@co5mos) [critical]
[CVE-2022-23944] Apache ShenYu Admin Unauth Access (@cckuakilong) [critical]
[CVE-2022-24112] Apache APISIX - Remote Code Execution (@mr-xn) [critical]
[CVE-2022-24124] Casdoor 1.13.0 - Unauthenticated SQL Injection (@cckuailong)
[high]
[CVE-2022-24129] Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
(@0x_akoko) [high]
[CVE-2022-2414] FreeIPA - XML Entity Injection (@dhiyaneshdk) [high]
[CVE-2022-24181] PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
(@lucasljm2001,@ekrause) [medium]
[CVE-2022-24223] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-24260] VoipMonitor - Pre-Auth SQL Injection (@gy741) [critical]
[CVE-2022-24264] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24265] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24266] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24288] Apache Airflow OS Command Injection (@xeldax) [high]
[CVE-2022-24384] SmarterTools SmarterTrack - Cross-Site Scripting (@e1a) [medium]
[CVE-2022-2462] WordPress Transposh <=1.0.8.1 - Information Disclosure
(@dwisiswant0) [medium]
[CVE-2022-24627] AudioCodes Device Manager Express - SQL Injection (@geeknik)
[critical]
[CVE-2022-2467] Garage Management System 1.0 - SQL Injection (@edoardottt)
[critical]
[CVE-2022-24681] ManageEngine ADSelfService Plus <6121 - Stored Cross-Site
Scripting (@open-sec) [medium]
[CVE-2022-24716] Icinga Web 2 - Arbitrary File Disclosure (@dhiyaneshdk) [high]
[CVE-2022-24816] GeoServer <1.2.2 - Remote Code Execution (@mukundbhuva) [critical]
[CVE-2022-24856] Flyte Console <0.52.0 - Server-Side Request Forgery (@pdteam)
[high]
[CVE-2022-2486] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-2487] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-2488] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-24899] Contao <4.13.3 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-24900] Piano LED Visualizer 1.3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-24990] TerraMaster TOS < 4.2.30 Server Information Disclosure
(@dwisiswant0) [high]
[CVE-2022-25082] TOTOLink - Unauthenticated Command Injection (@gy741) [critical]
[CVE-2022-25125] MCMS 5.2.4 - SQL Injection (@co5mos) [critical]
[CVE-2022-25148] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-25149] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [high]
[CVE-2022-25216] DVDFab 12 Player/PlayerFab - Local File Inclusion (@0x_akoko)
[high]
[CVE-2022-25323] ZEROF Web Server 2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-2535] SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post
Title Disclosure (@r3y3r53) [medium]
[CVE-2022-25356] Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection
(@akincibor) [medium]
[CVE-2022-25369] Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
(@pdteam) [critical]
[CVE-2022-2544] WordPress Ninja Job Board < 1.3.3 - Direct Request (@tess) [high]
[CVE-2022-2546] WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2022-25481] ThinkPHP 5.0.24 - Information Disclosure (@caon) [high]
[CVE-2022-25485] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [high]
[CVE-2022-25486] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [high]
[CVE-2022-25487] Atom CMS v2.0 - Remote Code Execution (@theamanrawat) [critical]
[CVE-2022-25488] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-25489] Atom CMS v2.0 - Cross-Site Scripting (@theamanrawat) [medium]
[CVE-2022-25497] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [medium]
[CVE-2022-2551] WordPress Duplicator <1.4.7 - Authentication Bypass (@lrtk-coder)
[high]
[CVE-2022-25568] MotionEye Config Info Disclosure (@dhiyaneshdk) [high]
[CVE-2022-2599] WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 -
Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-26134] Confluence - Remote Code Execution (@pdteam,@jbertman) [critical]
[CVE-2022-26138] Atlassian Questions For Confluence - Hardcoded Credentials
(@httpvoid) [critical]
[CVE-2022-26148] Grafana & Zabbix Integration - Credentials Disclosure (@geekby)
[critical]
[CVE-2022-26159] Ametys CMS Information Disclosure (@remi gascou (podalirius))
[medium]
[CVE-2022-26233] Barco Control Room Management Suite <=2.9 Build 0275 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2022-2627] WordPress Newspaper < 12 - Cross-Site Scripting
(@ramondunker,@c4sper0) [medium]
[CVE-2022-2633] All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
(@theamanrawat) [high]
[CVE-2022-26352] DotCMS - Arbitrary File Upload (@h1ei1) [critical]
[CVE-2022-26564] HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
(@alexrydzak) [medium]
[CVE-2022-26833] Open Automation Software OAS Platform V16.00.0121 - Missing
Authentication (@true13) [critical]
[CVE-2022-26960] elFinder <=2.1.60 - Local File Inclusion (@pikpikcu) [critical]
[CVE-2022-2733] Openemr < 7.0.0.1 - Cross-Site Scripting (@ctflearner) [medium]
[CVE-2022-2756] Kavita <0.5.4.1 - Server-Side Request Forgery (@theamanrawat)
[medium]
[CVE-2022-27593] QNAP QTS Photo Station External Reference - Local File Inclusion
(@allenwest24) [critical]
[CVE-2022-27849] WordPress Simple Ajax Chat <20220116 - Sensitive Information
Disclosure vulnerability (@random-robbie) [high]
[CVE-2022-27926] Zimbra Collaboration (ZCS) - Cross Site Scripting
(@rootxharsh,@iamnoooob,@pdresearch) [medium]
[CVE-2022-27927] Microfinance Management System 1.0 - SQL Injection
(@lucasljm2001,@ekrause) [critical]
[CVE-2022-27984] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [critical]
[CVE-2022-27985] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [critical]
[CVE-2022-28022] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-28023] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-28032] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-28079] College Management System 1.0 - SQL Injection (@ritikchaddha)
[high]
[CVE-2022-28080] Royal Event - SQL Injection (@lucasljm2001,@ekrause,@ritikchaddha)
[high]
[CVE-2022-28117] Navigate CMS 2.9.4 - Server-Side Request Forgery (@theabhinavgaur)
[medium]
[CVE-2022-28219] Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2022-28290] WordPress Country Selector <1.6.6 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-28363] Reprise License Manager 14.2 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-28365] Reprise License Manager 14.2 - Information Disclosure (@akincibor)
[medium]
[CVE-2022-2863] WordPress WPvivid Backup <0.9.76 - Local File Inclusion (@tehtbl)
[medium]
[CVE-2022-28923] Caddy 2.4.6 - Open Redirect (@sascha brendel,@dhiyaneshdk)
[medium]
[CVE-2022-28955] D-Link DIR-816L - Improper Access Control (@arafatansari) [high]
[CVE-2022-29004] Diary Management System 1.0 - Cross-Site Scripting (@tenbird)
[medium]
[CVE-2022-29005] Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
(@tenbird) [medium]
[CVE-2022-29006] Directory Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29007] Dairy Farm Shop Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29009] Cyber Cafe Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29013] Razer Sila Gaming Router - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2022-29014] Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File
Inclusion (@edoardottt) [high]
[CVE-2022-29078] Node.js Embedded JavaScript 3.1.6 - Template Injection
(@for3stco1d) [critical]
[CVE-2022-29153] HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
(@c-sh0) [high]
[CVE-2022-29272] Nagios XI <5.8.5 - Open Redirect (@ritikchaddha) [medium]
[CVE-2022-29298] SolarView Compact 6.00 - Local File Inclusion (@ritikchaddha)
[high]
[CVE-2022-29299] SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
(@for3stco1d) [medium]
[CVE-2022-29301] SolarView Compact 6.00 - 'pow' Cross-Site Scripting (@for3stco1d)
[high]
[CVE-2022-29303] SolarView Compact 6.00 - OS Command Injection (@badboycxcc)
[critical]
[CVE-2022-29349] kkFileView 4.0.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-29383] NETGEAR ProSafe SSL VPN firmware - SQL Injection (@elitebaz)
[critical]
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site
Scripting (@rotembar,@daffainfo) [medium]
[CVE-2022-29464] WSO2 Management - Arbitrary File Upload & Remote Code Execution
(@luci,@dhiyaneshdk) [critical]
[CVE-2022-29548] WSO2 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-29775] iSpy 7.2.2.0 - Authentication Bypass (@arafatansari) [critical]
[CVE-2022-30073] WBCE CMS 1.5.2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-30489] Wavlink WN-535G3 - Cross-Site Scripting (@for3stco1d) [medium]
[CVE-2022-30512] School Dormitory Management System 1.0 - SQL Injection (@tess)
[critical]
[CVE-2022-30513] School Dormitory Management System 1.0 - Authenticated Cross-Site
Scripting (@tess) [medium]
[CVE-2022-30514] School Dormitory Management System 1.0 - Authenticated Cross-Site
Scripting (@tess) [medium]
[CVE-2022-30525] Zyxel Firewall - OS Command Injection (@h1ei1,@prajiteshsingh)
[critical]
[CVE-2022-3062] Simple File List < 4.4.12 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2022-30776] Atmail 6.5.0 - Cross-Site Scripting (@3th1c_yuk1) [medium]
[CVE-2022-30777] Parallels H-Sphere 3.6.1713 - Cross-Site Scripting (@3th1c_yuk1)
[medium]
[CVE-2022-31126] Roxy-WI <6.1.1.0 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2022-31268] Gitblit 1.9.3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-31269] Linear eMerge E3-Series - Information Disclosure (@for3stco1d)
[high]
[CVE-2022-31299] Haraj 3.7 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-31373] SolarView Compact 6.00 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2022-3142] NEX-Forms Plugin < 7.9.7 - SQL Injection (@r3y3r53) [high]
[CVE-2022-31474] BackupBuddy - Local File Inclusion (@aringo) [high]
[CVE-2022-31499] Nortek Linear eMerge E3-Series <0.32-08f - Remote Command
Injection (@pikpikcu) [critical]
[CVE-2022-31656] VMware - Local File Inclusion (@dhiyaneshdk) [critical]
[CVE-2022-31798] Nortek Linear eMerge E3-Series - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2022-31814] pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection
(@evergreencartoons) [critical]
[CVE-2022-31845] WAVLINK WN535 G3 - Information Disclosure (@arafatansari) [high]
[CVE-2022-31846] WAVLINK WN535 G3 - Information Disclosure (@arafatansari) [high]
[CVE-2022-31847] WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure
(@arafatansari) [high]
[CVE-2022-31854] Codoforum 5.1 - Arbitrary File Upload (@theamanrawat) [high]
[CVE-2022-31879] Online Fire Reporting System v1.0 - SQL injection
(@theamanrawat,@j4vaovo) [high]
[CVE-2022-31974] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31975] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31976] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31977] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31978] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31980] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31981] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31982] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31983] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31984] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-32007] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32015] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32018] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32022] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32024] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32025] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32026] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32028] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32094] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[CVE-2022-32195] Open edX <2022-06-06 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-32409] Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File
Inclusion (@pikpikcu) [critical]
[CVE-2022-3242] Microweber <1.3.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-32429] MSNSwitch Firmware MNT.2408 - Authentication Bypass
(@theabhinavgaur) [critical]
[CVE-2022-32430] Lin CMS Spring Boot - Default JWT Token (@dhiyaneshdk) [high]
[CVE-2022-32444] u5cms v8.3.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2022-32770] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-32771] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-32772] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-33119] NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
(@arafatansari) [medium]
[CVE-2022-33174] Powertek Firmware <3.30.30 - Authorization Bypass (@pikpikcu)
[high]
[CVE-2022-33891] Apache Spark UI - Remote Command Injection (@princechaddha) [high]
[CVE-2022-33901] WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File
Read (@theamanrawat) [high]
[CVE-2022-33965] WordPress Visitor Statistics <=5.7 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-34045] WAVLINK WN530HG4 - Improper Access Control (@arafatansari)
[critical]
[CVE-2022-34046] WAVLINK WN533A8 - Improper Access Control (@for3stco1d) [high]
[CVE-2022-34047] WAVLINK WN530HG4 - Improper Access Control (@for3stco1d) [high]
[CVE-2022-34048] Wavlink WN-533A8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-34049] WAVLINK WN530HG4 - Improper Access Control (@for3stco1d) [medium]
[CVE-2022-34093] Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-34094] Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-34121] CuppaCMS v1.0 - Local File Inclusion (@edoardottt) [high]
[CVE-2022-34328] PMB 7.3.10 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information
Disclosure (@ritikchaddha) [high]
[CVE-2022-34576] WAVLINK WN535 G3 - Improper Access Control (@arafatansari) [high]
[CVE-2022-34590] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-34753] SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command
Execution (@gy741) [high]
[CVE-2022-3484] WordPress WPB Show Core - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-3506] WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
(@arafatansari) [medium]
[CVE-2022-35151] kkFileView 4.1.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-35405] Zoho ManageEngine - Remote Code Execution
(@viniciuspereiras,@true13) [critical]
[CVE-2022-35413] WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
(@for3stco1d) [critical]
[CVE-2022-35416] H3C SSL VPN <=2022-07-10 - Cross-Site Scripting (@0x240x23elu)
[medium]
[CVE-2022-35493] eShop 3.0.4 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-35653] Moodle LTI module Reflected - Cross-Site Scripting
(@iamnoooob,@pdresearch) [medium]
[CVE-2022-3578] WordPress ProfileGrid <5.1.1 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-35914] GLPI <=10.0.2 - Remote Command Execution (@for3stco1d) [critical]
[CVE-2022-36446] Webmin <1.997 - Authenticated Remote Code Execution (@gy741)
[critical]
[CVE-2022-36537] ZK Framework - Information Disclosure (@theamanrawat) [high]
[CVE-2022-36553] Hytec Inter HWL-2511-SS - Remote Command Execution (@huta0)
[critical]
[CVE-2022-36642] Omnia MPX 1.5.0+r1 - Local File Inclusion
(@arafatansari,@ritikchaddha,@for3stco1d) [critical]
[CVE-2022-36804] Atlassian Bitbucket - Remote Command Injection
(@dhiyaneshdk,@tess,@sullo) [high]
[CVE-2022-36883] Jenkins Git <=4.11.3 - Missing Authorization (@c-sh0) [high]
[CVE-2022-37042] Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
(@_0xf4n9x_,@for3stco1d) [critical]
[CVE-2022-37153] Artica Proxy 4.30.000000 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-37190] Cuppa CMS v1.0 - Remote Code Execution (@theamanrawat) [high]
[CVE-2022-37191] Cuppa CMS v1.0 - Authenticated Local File Inclusion
(@theamanrawat) [medium]
[CVE-2022-37299] Shirne CMS 1.2.0 - Local File Inclusion (@pikpikcu) [medium]
[CVE-2022-3768] WordPress WPSmartContracts <1.3.12 - SQL Injection (@hardik-
solanki) [high]
[CVE-2022-3800] IBAX - SQL Injection (@jc175) [high]
[CVE-2022-38131] RStudio Connect - Open Redirect (@xxcdd) [medium]
[CVE-2022-38295] Cuppa CMS v1.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2022-38296] Cuppa CMS v1.0 - Arbitrary File Upload (@theamanrawat) [critical]
[CVE-2022-38463] ServiceNow - Cross-Site Scripting (@amanrawat) [medium]
[CVE-2022-38467] CRM Perks Forms < 1.1.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-38553] Academy Learning Management System <5.9.1 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-38637] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[CVE-2022-38794] Zaver - Local File Inclusion (@pikpikcu) [high]
[CVE-2022-38817] Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
(@for3stco1d) [high]
[CVE-2022-38870] Free5gc 3.2.1 - Information Disclosure (@for3stco1d) [high]
[CVE-2022-39048] ServiceNow - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2022-3908] WordPress Helloprint <1.4.7 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-39195] LISTSERV 17 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-3933] WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2022-3934] WordPress FlatPM <3.0.13 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-3980] Sophos Mobile managed on-premises - XML External Entity Injection
(@dabla) [critical]
[CVE-2022-3982] WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-39952] Fortinet FortiNAC - Arbitrary File Write (@dwisiswant0) [critical]
[CVE-2022-39960] Jira Netic Group Export <1.0.3 - Missing Authorization
(@for3stco1d) [medium]
[CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk)
[critical]
[CVE-2022-40022] Symmetricom SyncServer Unauthenticated - Remote Command Execution
(@dhiyaneshdk) [critical]
[CVE-2022-40032] Simple Task Managing System v1.0 - SQL Injection (@r3y3r53)
[critical]
[CVE-2022-40047] Flatpress < v1.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-40083] Labstack Echo 4.8.0 - Open Redirect (@pdteam) [critical]
[CVE-2022-40127] AirFlow < 2.4.0 - Remote Code Execution
(@dhiyaneshdk,@ritikchaddha) [high]
[CVE-2022-40359] Kae's File Manager <=1.4.7 - Cross-Site Scripting
(@edoardottt,@daffainfo) [medium]
[CVE-2022-4049] WP User <= 7.0 - Unauthenticated SQLi (@theamanrawat) [critical]
[CVE-2022-4050] WordPress JoomSport <5.2.8 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-4057] Autoptimize < 3.1.0 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2022-4059] Cryptocurrency Widgets Pack < 2.0 - SQL Injection (@r3y3r53)
[critical]
[CVE-2022-4060] WordPress User Post Gallery <=2.19 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2022-4063] WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
(@theamanrawat) [critical]
[CVE-2022-40684] Fortinet - Authentication Bypass (@shockwave,@nagli,@carlosvieira)
[critical]
[CVE-2022-40734] Laravel Filemanager v2.5.1 - Local File Inclusion (@arafatansari)
[medium]
[CVE-2022-40843] Tenda AC1200 V-W15Ev2 - Authentication Bypass (@gy741) [medium]
[CVE-2022-40879] kkFileView 4.1.0 - Cross-Site Scripting (@arafatansari,@co5mos)
[medium]
[CVE-2022-40881] SolarView 6.00 - Remote Command Execution (@for3stco1d) [critical]
[CVE-2022-4117] WordPress IWS Geo Form Fields <=1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-4140] WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
(@theamanrawat) [high]
[CVE-2022-41412] perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery
(@null_hypothesis) [high]
[CVE-2022-41441] ReQlogic v11.3 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-41473] RPCMS 3.0.2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-41840] Welcart eCommerce <=2.7.7 - Local File Inclusion (@theamanrawat)
[critical]
[CVE-2022-42094] Backdrop CMS version 1.23.0 - Stored Cross Site Scripting
(@theamanrawat) [medium]
[CVE-2022-42095] Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
(@theamanrawat) [medium]
[CVE-2022-42096] Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
(@theamanrawat) [medium]
[CVE-2022-42233] Tenda 11N - Authentication Bypass (@for3stco1d) [critical]
[CVE-2022-4260] WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting (@hardik-
solanki) [medium]
[CVE-2022-42746] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42747] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42748] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42749] CandidATS 3.0.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-4301] WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-43014] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43015] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43016] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43017] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43018] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-4305] Login as User or Customer < 3.3 - Privilege Escalation (@r3y3r53)
[critical]
[CVE-2022-4306] WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-43140] kkFileView 4.1.0 - Server-Side Request Forgery (@co5mos) [high]
[CVE-2022-43164] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43165] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43166] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43167] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43169] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-43170] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43185] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-4320] WordPress Events Calendar <1.4.5 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-4321] PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
(@r3y3r53,@huta0) [medium]
[CVE-2022-4325] WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-4328] WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-43769] Hitachi Pentaho Business Analytics Server - Remote Code Execution
(@dwbzn) [high]
[CVE-2022-44290] WebTareas 2.4p5 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-44291] WebTareas 2.4p5 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-4447] WordPress Fontsy <=1.8.6 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-44877] CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
(@for3stco1d) [critical]
[CVE-2022-44944] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44946] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-44947] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44948] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-44949] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44950] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44951] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44952] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44957] WebTareas 2.4p5 - Cross-Site Scripting (@theamanrawat) [medium]
[CVE-2022-45037] WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (@theamanrawat)
[medium]
[CVE-2022-45038] WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (@theamanrawat)
[medium]
[CVE-2022-45354] Download Monitor <= 4.7.60 - Sensitive Information Exposure
(@dhiyaneshdk) [high]
[CVE-2022-45362] WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request
Forgery (@theamanrawat) [medium]
[CVE-2022-45365] Stock Ticker <= 3.23.2 - Cross-Site-Scripting (@theamanrawat)
[medium]
[CVE-2022-45805] WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-45835] WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request
Forgery (@theamanrawat) [high]
[CVE-2022-45917] ILIAS eLearning <7.16 - Open Redirect (@arafatansari) [medium]
[CVE-2022-45933] KubeView <=0.1.31 - Information Disclosure (@for3stco1d)
[critical]
[CVE-2022-46020] WBCE CMS v1.5.4 - Remote Code Execution (@theamanrawat)
[critical]
[CVE-2022-46071] Helmet Store Showroom v1.0 - SQL Injection (@harsh) [critical]
[CVE-2022-46073] Helmet Store Showroom - Cross Site Scripting (@harsh) [medium]
[CVE-2022-46169] Cacti <=1.2.22 - Remote Command Injection (@hardik-
solanki,@j4vaovo) [critical]
[CVE-2022-46381] Linear eMerge E3-Series - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-46443] Bangresto - SQL Injection (@harsh) [high]
[CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high]
[CVE-2022-46888] NexusPHP <1.7.33 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-46934] kkFileView 4.1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-47002] Masa CMS - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2022-47003] Mura CMS <10.0.580 - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2022-47075] Smart Office Web 20.28 - Information Disclosure (@r3y3r53) [high]
[CVE-2022-47501] Apache OFBiz < 18.12.07 - Local File Inclusion (@your3cho) [high]
[CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk)
[critical]
[CVE-2022-47945] Thinkphp Lang - Local File Inclusion (@kagamigawa) [critical]
[CVE-2022-47966] ManageEngine - Remote Command Execution
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2022-47986] IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution (@coldfish)
[critical]
[CVE-2022-48012] OpenCATS 0.9.7 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-48165] Wavlink - Improper Access Control (@for3stco1d) [high]
[CVE-2022-48197] Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site
Scripting (@ctflearner) [medium]
[CVE-2022-4897] WordPress BackupBuddy <8.8.3 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0099] Simple URLs < 115 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-0126] SonicWall SMA1000 LFI (@tess) [high]
[CVE-2023-0159] Extensive VC Addons for WPBakery page builder < 1.9.1 -
Unauthenticated RCE (@c4sper0) [high]
[CVE-2023-0236] WordPress Tutor LMS <2.0.10 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0261] WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL
Injection (@theamanrawat) [high]
[CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
(@mrharshvardhan,@dhiyaneshdk) [critical]
[CVE-2023-0334] ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0448] WP Helper Lite < 4.3 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-0514] Membership Database <= 1.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0527] Online Security Guards Hiring System - Cross-Site Scripting
(@harsh) [medium]
[CVE-2023-0552] WordPress Pie Register <3.8.2.3 - Open Redirect (@r3y3r53) [medium]
[CVE-2023-0562] Bank Locker Management System v1.0 - SQL Injection (@harsh)
[critical]
[CVE-2023-0563] Bank Locker Management System - Cross-Site Scripting (@harsh)
[medium]
[CVE-2023-0600] WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection
(@r3y3r53,@j4vaovo) [critical]
[CVE-2023-0602] Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0630] Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
(@dhiyaneshdk) [high]
[CVE-2023-0669] Fortra GoAnywhere MFT - Remote Code Execution
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [high]
[CVE-2023-0678] PHPIPAM <v1.5.1 - Missing Authorization
(@princechaddha,@ritikchaddha) [medium]
[CVE-2023-0777] modoboa 2.0.4 - Admin TakeOver (@r3y3r53) [critical]
[CVE-2023-0900] AP Pricing Tables Lite <= 1.1.6 - SQL Injection (@r3y3r53) [high]
[CVE-2023-0942] WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0947] Flatpress < 1.3 - Path Traversal (@r3y3r53) [critical]
[CVE-2023-0948] WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0968] WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-1020] Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
(@theamanrawat) [critical]
[CVE-2023-1080] WordPress GN Publisher <1.5.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-1177] Mlflow <2.2.1 - Local File Inclusion (@iamnoooob,@pdresearch)
[critical]
[CVE-2023-1263] Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page
Access (@r3y3r53) [medium]
[CVE-2023-1362] unilogies/bumsys < v2.0.2 - Clickjacking (@ctflearner) [medium]
[CVE-2023-1408] Video List Manager <= 1.7 - SQL Injection (@r3y3r53) [high]
[CVE-2023-1434] Odoo - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-1454] Jeecg-boot 3.5.0 qurestSql - SQL Injection (@dhiyaneshdk)
[critical]
[CVE-2023-1496] Imgproxy < 3.14.0 - Cross-site Scripting (XSS) (@pdteam) [medium]
[CVE-2023-1546] MyCryptoCheckout < 2.124 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-1671] Sophos Web Appliance - Remote Code Execution (@co5mos) [critical]
[CVE-2023-1698] WAGO - Remote Command Execution (@xianke) [critical]
[CVE-2023-1719] Bitrix Component - Cross-Site Scripting (@dhiyaneshdk) [critical]
[CVE-2023-1730] SupportCandy < 3.1.5 - Unauthenticated SQL Injection
(@theamanrawat) [critical]
[CVE-2023-1780] Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-1835] Ninja Forms < 3.6.22 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1880] Phpmyfaq v3.1.11 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1890] Tablesome < 1.0.9 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1892] Sidekiq < 7.0.8 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [critical]
[CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload
(@princechaddha,@ritikchaddha) [critical]
[CVE-2023-2009] Pretty Url <= 1.5.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-20198] Cisco IOS XE - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-2023] Custom 404 Pro < 3.7.3 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
[CVE-2023-20864] VMware Aria Operations for Logs - Unauthenticated Remote Code
Execution (@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-20887] VMware VRealize Network Insight - Remote Code Execution
(@sinsinology) [critical]
[CVE-2023-20888] VMware Aria Operations for Networks - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-20889] VMware Aria Operations for Networks - Code Injection Information
Disclosure Vulnerability (@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-2122] Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-2130] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2023-2178] Aajoda Testimonials < 2.2.2 - Cross-Site Scripting (@farish)
[medium]
[CVE-2023-22232] Adobe Connect < 12.1.5 - Local File Disclosure (@0xr2r) [medium]
[CVE-2023-2224] Seo By 10Web < 1.2.7 - Cross-Site Scripting (@luisfelipe146)
[medium]
[CVE-2023-2227] Modoboa < 2.1.0 - Improper Authorization
(@ritikchaddha,@princechaddha) [critical]
[CVE-2023-22432] Web2py URL - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2023-22463] KubePi JwtSigKey - Admin Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-22478] KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
(@dhiyaneshdk) [high]
[CVE-2023-22480] KubeOperator Foreground `kubeconfig` - File Download
(@dhiyaneshdk) [critical]
[CVE-2023-22515] Atlassian Confluence - Privilege Escalation
(@s1r1us,@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-22518] Atlassian Confluence Server - Improper Authorization
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-2252] Directorist < 7.5.4 - Local File Inclusion (@r3y3r53) [low]
[CVE-2023-22527] Atlassian Confluence - Remote Code Execution
(@iamnooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-22620] SecurePoint UTM 12.x Session ID Leak (@dhiyaneshdk) [high]
[CVE-2023-2272] Tiempo.com <= 0.1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-22897] Securepoint UTM - Leaking Remote Memory Contents (@dhiyaneshdk)
[medium]
[CVE-2023-23161] Art Gallery Management System Project v1.0 - Cross-Site Scripting
(@ctflearner) [medium]
[CVE-2023-23333] SolarView Compact 6.00 - OS Command Injection (@mr-xn) [critical]
[CVE-2023-23488] WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
(@dwisiswant0) [critical]
[CVE-2023-23489] WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
(@theamanrawat) [critical]
[CVE-2023-23491] Quick Event Manager < 9.7.5 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-23492] Login with Phone Number - Cross-Site Scripting (@r3y3r53) [high]
[CVE-2023-2356] Mlflow <2.3.0 - Local File Inclusion (@co5mos) [high]
[CVE-2023-23752] Joomla! Webservice - Password Disclosure (@badboycxcc,@sascha
brendel) [medium]
[CVE-2023-24044] Plesk Obsidian <=18.0.49 - Open Redirect (@pikpikcu) [medium]
[CVE-2023-24243] CData RSB Connect v22.0.8336 - Server Side Request Forgery
(@ritikchaddha) [high]
[CVE-2023-24278] Squidex <7.4.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24322] mojoPortal 2.7.0.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2023-24367] Temenos T24 R20 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24488] Citrix Gateway and Citrix ADC - Cross-Site Scripting
(@johnk3r,@dhiyaneshdk) [medium]
[CVE-2023-24657] phpIPAM - 1.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24733] PMB 7.4.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24735] PMB 7.4.6 - Open Redirect (@r3y3r53) [medium]
[CVE-2023-24737] PMB v7.4.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2479] Appium Desktop Server - Remote Code Execution (@zn9988) [critical]
[CVE-2023-25135] vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-25157] GeoServer OGC Filter - SQL Injection
(@ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical]
[CVE-2023-25194] Apache Druid Kafka Connect - Remote Code Execution (@j4vaovo)
[high]
[CVE-2023-25346] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-25573] Metersphere - Arbitrary File Read (@dhiyaneshdk) [high]
[CVE-2023-25717] Ruckus Wireless Admin - Remote Code Execution
(@parthmalhotra,@pdresearch) [critical]
[CVE-2023-26035] ZoneMinder Snapshots - Command Injection (@unblvr1,@whotwagner)
[critical]
[CVE-2023-26067] Lexmark Printers - Command Injection (@dhiyaneshdk) [high]
[CVE-2023-26255] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File
Inclusion (@dhiyaneshdk) [high]
[CVE-2023-26256] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File
Inclusion (@pikpikcu) [high]
[CVE-2023-26347] Adobe Coldfusion - Authentication Bypass (@salts) [high]
[CVE-2023-26360] Unauthenticated File Read Adobe ColdFusion (@dhiyaneshdk) [high]
[CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical]
[CVE-2023-2648] Weaver E-Office 9.5 - Remote Code Execution (@ritikchaddha)
[critical]
[CVE-2023-26842] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-26843] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-27008] ATutor < 2.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-27032] PrestaShop AdvancedPopupCreator - SQL Injection (@mastercho)
[critical]
[CVE-2023-27034] Blind SQL injection vulnerability in Jms Blog (@mastercho)
[critical]
[CVE-2023-27159] Appwrite <=1.2.1 - Server-Side Request Forgery (@dhiyaneshdk)
[high]
[CVE-2023-27179] GDidees CMS v3.9.1 - Arbitrary File Download (@theamanrawat)
[high]
[CVE-2023-27292] OpenCATS - Open Redirect (@r3y3r53) [medium]
[CVE-2023-2732] MStore API <= 3.9.2 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-27350] PaperCut - Unauthenticated Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-27372] SPIP - Remote Command Execution (@dhiyaneshdk,@nuts7) [critical]
[CVE-2023-27482] Home Assistant Supervisor - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-27524] Apache Superset - Authentication Bypass (@dhiyaneshdk,@_0xf4n9x_)
[critical]
[CVE-2023-27587] ReadToMyShoe - Generation of Error Message Containing Sensitive
Information (@vagnerd) [medium]
[CVE-2023-27639] PrestaShop TshirteCommerce - Directory Traversal (@mastercho)
[high]
[CVE-2023-27640] PrestaShop tshirtecommerce - Directory Traversal (@mastercho)
[high]
[CVE-2023-2766] Weaver OA 9.5 - Information Disclosure (@dhiyaneshdk) [high]
[CVE-2023-2779] Super Socializer < 7.13.52 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-2780] Mlflow <2.3.1 - Local File Inclusion Bypass
(@iamnoooob,@pdresearch) [critical]
[CVE-2023-27922] Newsletter < 7.6.9 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2796] EventON <= 2.1 - Missing Authorization (@randomrobbie) [medium]
[CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk)
[critical]
[CVE-2023-2813] Wordpress Multiple Themes - Reflected Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1)
[medium]
[CVE-2023-2825] GitLab 16.0.0 - Path Traversal
(@dhiyaneshdk,@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2023-28343] Altenergy Power Control Software C1.2.5 - Remote Command Injection
(@pikpikcu) [critical]
[CVE-2023-28432] MinIO Cluster Deployment - Information Disclosure (@mr-xn) [high]
[CVE-2023-28662] Wordpress Gift Cards <= 4.3.1 - SQL Injection (@xxcdd) [critical]
[CVE-2023-28665] Woo Bulk Price Update <2.2.2 - Cross-Site Scripting (@aaban
solutions,@harsh) [medium]
[CVE-2023-29084] ManageEngine ADManager Plus - Command Injection
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2023-29298] Adobe ColdFusion - Access Control Bypass
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [high]
[CVE-2023-29300] Adobe ColdFusion - Pre-Auth Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-29357] Microsoft SharePoint - Authentication Bypass (@pdteam) [critical]
[CVE-2023-29439] FooGallery plugin <= 2.2.35 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2023-2948] OpenEMR < 7.0.1 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-29489] cPanel < 11.109.9999.116 - Cross-Site Scripting
(@dhiyaneshdk,@0xkayala) [medium]
[CVE-2023-2949] OpenEMR < 7.0.1 - Cross-site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-29622] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2023-29623] Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2023-2982] Miniorange Social Login and Register <= 7.6.3 - Authentication
Bypass (@ritikchaddha) [critical]
[CVE-2023-29827] Embedded JavaScript(EJS) 3.1.6 - Template Injection
(@ritikchaddha) [critical]
[CVE-2023-29887] Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion
(@ctflearner) [high]
[CVE-2023-29919] SolarView Compact <= 6.00 - Local File Inclusion (@for3stco1d)
[critical]
[CVE-2023-29922] PowerJob V4.3.1 - Authentication Bypass (@co5mos) [medium]
[CVE-2023-29923] PowerJob <=4.3.2 - Unauthenticated Access (@for3stco1d) [medium]
[CVE-2023-30013] TOTOLink - Unauthenticated Command Injection (@gy741) [critical]
[CVE-2023-30019] Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
(@dhiyaneshdk) [medium]
[CVE-2023-30150] PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection (@mastercho)
[critical]
[CVE-2023-30210] OURPHP <= 7.2.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2023-30212] OURPHP <= 7.2.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2023-30256] Webkul QloApps 1.5.2 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-30258] MagnusBilling - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2023-30534] Cacti < 1.2.25 Insecure Deserialization (@k0pak4) [medium]
[CVE-2023-30625] Rudder Server < 1.3.0-rc.1 - SQL Injection (@gy741) [high]
[CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-30868] Tree Page View Plugin < 1.6.7 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-30943] Moodle - Cross-Site Scripting/Remote Code Execution
(@ritikchaddha) [medium]
[CVE-2023-31059] Repetier Server - Directory Traversal (@parthmalhotra,@pdresearch)
[high]
[CVE-2023-31446] Cassia Gateway Firmware - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2023-31465] TimeKeeper by FSMLabs - Remote Code Execution (@ritikchaddha)
[critical]
[CVE-2023-31548] ChurchCRM v4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-32077] Netmaker - Hardcoded DNS Secret Key
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-32117] Integrate Google Drive <= 1.1.99 - Missing Authorization via REST
API Endpoints (@dhiyaneshdk) [high]
[CVE-2023-3219] EventON Lite < 2.1.2 - Arbitrary File Download (@r3y3r53) [medium]
[CVE-2023-32235] Ghost CMS < 5.42.1 - Path Traversal (@j3ssie) [high]
[CVE-2023-32243] WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
(@dhiyaneshdk,@vikas kundu) [critical]
[CVE-2023-32315] Openfire Administration Console - Authentication Bypass (@vsh00t)
[high]
[CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha)
[critical]
[CVE-2023-33338] Old Age Home Management System v1.0 - SQL Injection (@harsh)
[critical]
[CVE-2023-33405] BlogEngine CMS - Open Redirect (@shankar acharya) [medium]
[CVE-2023-33439] Faculty Evaluation System v1.0 - SQL Injection (@harsh) [high]
[CVE-2023-33440] Faculty Evaluation System v1.0 - Remote Code Execution (@harsh)
[high]
[CVE-2023-3345] LMS by Masteriyo < 1.6.8 - Information Exposure (@dhiyaneshdk)
[medium]
[CVE-2023-33510] Jeecg P3 Biz Chat - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2023-33568] Dolibarr Unauthenticated Contacts Database Theft (@dhiyaneshdk)
[high]
[CVE-2023-33584] Enrollment System Project v1.0 - SQL Injection Authentication
Bypass (@r3y3r53) [critical]
[CVE-2023-33629] H3C Magic R300-2100M - Remote Code Execution (@dhiyaneshdk) [high]
[CVE-2023-3368] Chamilo LMS <= v1.11.20 Unauthenticated Command Injection
(@dwisiswant0) [critical]
[CVE-2023-33831] FUXA - Unauthenticated Remote Code Execution (@gy741) [critical]
[CVE-2023-34020] Uncanny Toolkit for LearnDash - Open Redirection (@ledoubletake)
[medium]
[CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-34192] Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
(@ritikchaddha) [critical]
[CVE-2023-34259] Kyocera TASKalfa printer - Path Traversal (@gy741) [medium]
[CVE-2023-34362] MOVEit Transfer - Remote Code Execution
(@princechaddha,@rootxharsh,@ritikchaddha,@pdresearch) [critical]
[CVE-2023-34537] Hoteldruid 3.0.5 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-34598] Gibbon v25.0.0 - Local File Inclusion (@dhiyaneshdk) [critical]
[CVE-2023-34599] Gibbon v25.0.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-3460] Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
(@dhiyaneshdk) [critical]
[CVE-2023-34659] JeecgBoot 3.5.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-34751] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34752] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34753] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34755] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34756] Bloofox v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-3479] Hestiacp <= 1.7.7 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2023-34843] Traggo Server - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2023-34960] Chamilo Command Injection (@dhiyaneshdk) [critical]
[CVE-2023-34993] Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
(@dwisiswant0) [critical]
[CVE-2023-35078] Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
(@parth,@pdresearch) [critical]
[CVE-2023-35082] MobileIron Core - Remote Unauthenticated API Access (@dhiyaneshdk)
[critical]
[CVE-2023-35158] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35813] Sitecore - Remote Code Execution (@dhiyaneshdk,@iamnoooob)
[critical]
[CVE-2023-35843] NocoDB version <= 0.106.1 - Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2023-35844] Lightdash version <= 0.510.3 Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2023-35885] Cloudpanel 2 < 2.3.1 - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2023-36144] Intelbras Switch - Information Disclosure (@gy741) [high]
[CVE-2023-36284] QloApps 1.6.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2023-36287] Webkul QloApps 1.6.0 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-36289] Webkul QloApps 1.6.0 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-36306] Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-36346] POS Codekop v2.0 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-36347] POS Codekop v2.0 - Broken Authentication (@princechaddha) [high]
[CVE-2023-36844] Juniper Devices - Remote Code Execution
(@princechaddha,@ritikchaddha) [medium]
[CVE-2023-36845] Juniper J-Web - Remote Code Execution (@yaser_s) [critical]
[CVE-2023-36934] MOVEit Transfer - SQL Injection
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-3710] Honeywell PM43 Printers - Command Injection (@win3zz) [critical]
[CVE-2023-37265] CasaOS < 0.4.4 - Authentication Bypass via Internal IP
(@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2023-37266] CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token
(@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2023-37270] Piwigo 13.7.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2023-37462] XWiki Platform - Remote Code Execution
(@parthmalhotra,@pdresearch) [high]
[CVE-2023-37474] Copyparty <= 1.8.2 - Directory Traversal (@shankar
acharya,@theamanrawat) [high]
[CVE-2023-37580] Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2023-37629] Online Piggery Management System v1.0 - Unauthenticated File
Upload (@harsh) [critical]
[CVE-2023-3765] MLflow Absolute Path Traversal (@dhiyaneshdk) [critical]
[CVE-2023-37679] NextGen Mirth Connect - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-37728] IceWarp Webmail Server v10.2.1 - Cross Site Scripting
(@technicaljunkie,@r3y3r53) [medium]
[CVE-2023-37979] Ninja Forms < 3.6.26 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-38035] Ivanti Sentry - Authentication Bypass
(@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical]
[CVE-2023-38203] Adobe ColdFusion - Deserialization of Untrusted Data (@yiran)
[critical]
[CVE-2023-38205] Adobe ColdFusion - Access Control Bypass (@dhiyaneshdk) [high]
[CVE-2023-3836] Dahua Smart Park Management - Arbitrary File Upload (@huta0)
[critical]
[CVE-2023-3843] mooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-38433] Fujitsu IP Series - Hardcoded Credentials (@adnanekhan) [high]
[CVE-2023-3844] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3845] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3846] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3847] MooDating 1.2 - Cross-Site scripting (@r3y3r53) [medium]
[CVE-2023-3848] MooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-3849] mooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-38501] CopyParty v1.8.6 - Cross Site Scripting (@ctflearner,@r3y3r53)
[medium]
[CVE-2023-38646] Metabase < 0.46.6.1 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-38964] Academy LMS 6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-39002] OPNsense - Cross-Site Scripting (@herry) [medium]
[CVE-2023-39026] FileMage Gateway - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2023-39108] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39109] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39110] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39120] Nodogsplash - Directory Traversal (@numan türle) [high]
[CVE-2023-39141] Aria2 WebUI - Path traversal (@dhiyaneshdk) [high]
[CVE-2023-39143] PaperCut < 22.1.3 - Path Traversal (@pdteam) [critical]
[CVE-2023-3936] Blog2Social < 7.2.1 - Cross-Site Scripting (@luisfelipe146)
[medium]
[CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-39598] IceWarp Email Client - Cross Site Scripting (@imjust0) [medium]
[CVE-2023-39600] IceWarp 11.4.6.0 - Cross-Site Scripting (@imjust0) [medium]
[CVE-2023-39676] PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
(@meme-lord) [medium]
[CVE-2023-39677] PrestaShop MyPrestaModules - PhpInfo Disclosure (@meme-lord)
[high]
[CVE-2023-39700] IceWarp Mail Server v10.4.5 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-39796] WBCE 1.6.0 - SQL Injection (@youngpope) [critical]
[CVE-2023-40208] Stock Ticker <= 3.23.2 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2023-40355] Axigen WebMail - Cross-Site Scripting (@amir-h-fallahi) [medium]
[CVE-2023-40779] IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect
(@r3y3r53) [medium]
[CVE-2023-4110] PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-41109] SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway -
Command Injection (@princechaddha) [critical]
[CVE-2023-4111] PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4112] PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4113] PHPJabbers Service Booking Script 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4114] PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4115] PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-4116] PHPJabbers Taxi Booking 2.0 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-41265] Qlik Sense Enterprise - HTTP Request Smuggling (@adamcrosser)
[critical]
[CVE-2023-41266] Qlik Sense Enterprise - Path Traversal (@adamcrosser) [medium]
[CVE-2023-4148] Ditty < 3.1.25 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-41538] PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-41642] RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2023-4168] Adlisting Classified Ads 2.14.0 - Information Disclosure (@r3y3r53)
[high]
[CVE-2023-4169] Ruijie RG-EW1200G Router - Password Reset (@dhiyaneshdk) [high]
[CVE-2023-4173] mooSocial 3.1.8 - Reflected XSS (@momika233) [medium]
[CVE-2023-4174] mooSocial 3.1.6 - Reflected Cross Site Scripting (@momika233)
[medium]
[CVE-2023-41763] Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
(@hateshape) [medium]
[CVE-2023-41892] CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-42343] OpenCMS - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-42344] OpenCMS - XML external entity (XXE) (@0xr2r) [high]
[CVE-2023-42442] JumpServer > 3.6.4 - Information Disclosure (@xianke) [medium]
[CVE-2023-42793] JetBrains TeamCity < 2023.05.4 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-43177] CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-43187] NodeBB XML-RPC Request xmlrpc.php - XML Injection (@0xparth)
[critical]
[CVE-2023-43208] NextGen Healthcare Mirth Connect - Remote Code Execution
(@princechaddha) [critical]
[CVE-2023-43261] Milesight Routers - Information Disclosure (@gy741) [high]
[CVE-2023-43325] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-43326] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-43795] GeoServer WPS - Server Side Request Forgery (@dhiyaneshdk)
[critical]
[CVE-2023-4415] Ruijie RG-EW1200G Router Background - Login Bypass (@dhiyaneshdk)
[high]
[CVE-2023-44352] Adobe Coldfusion - Cross-Site Scripting (@pwnwithlove) [medium]
[CVE-2023-44353] Adobe ColdFusion WDDX Deserialization Gadgets (@salts) [critical]
[CVE-2023-4451] Cockpit - Cross-Site Scripting (@iamnoooob,@pdresearch) [medium]
[CVE-2023-44812] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-44813] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-4521] Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
(@princechaddha) [critical]
[CVE-2023-45375] PrestaShop PireosPay - SQL Injection (@mastercho) [high]
[CVE-2023-4542] D-Link DAR-8000-10 - Command Injection (@pussycat0x) [critical]
[CVE-2023-4547] SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
(@theamanrawat,@sospiro) [medium]
[CVE-2023-45542] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-45671] Frigate < 0.13.0 Beta 3 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-4568] PaperCut NG Unauthenticated XMLRPC Functionality (@dhiyaneshdk)
[medium]
[CVE-2023-45852] Viessmann Vitogate 300 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-45855] qdPM 9.2 - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2023-4596] WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload (@e1a)
[critical]
[CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File
Inclusion (@pepitoh,@ritikchaddha) [critical]
[CVE-2023-46347] PrestaShop Step by Step products Pack - SQL Injection (@mastercho)
[critical]
[CVE-2023-46359] cPH2 Charging Station v1.87.0 - OS Command Injection (@mlec)
[critical]
[CVE-2023-46574] TOTOLINK A3700R - Command Injection (@dhiyaneshdk) [critical]
[CVE-2023-46747] F5 BIG-IP - Unauthenticated RCE via AJP Smuggling
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-46805] Ivanti ICS - Authentication Bypass
(@dhiyaneshdk,@daffainfo,@geeknik) [high]
[CVE-2023-47115] Label Studio - Cross-Site Scripting (@isacaya) [high]
[CVE-2023-4714] PlayTube 3.0.1 - Information Disclosure (@farish) [high]
[CVE-2023-47211] ManageEngine OpManager - Directory Traversal (@gy741) [high]
[CVE-2023-47218] QNAP QTS and QuTS Hero - OS Command Injection (@ritikchaddha)
[medium]
[CVE-2023-47246] SysAid Server - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-47643] SuiteCRM Unauthenticated Graphql Introspection (@isacaya) [medium]
[CVE-2023-48023] Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
(@cookiehanhoan,@harryha) [high]
[CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-48777] WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
(@dhiyaneshdk) [critical]
[CVE-2023-49070] Apache OFBiz < 18.12.10 - Arbitrary Code Execution (@your3cho)
[critical]
[CVE-2023-49103] OwnCloud - Phpinfo Configuration (@ritikchaddha) [high]
[CVE-2023-4966] Citrix Bleed - Leaking Session Tokens (@dhiyaneshdk) [high]
[CVE-2023-4973] Academy LMS 6.2 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-4974] Academy LMS 6.2 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS (@high) [critical]
[CVE-2023-5003] Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
(@kazgangap) [high]
[CVE-2023-50290] Apache Solr - Host Environment Variables Leak via Metrics API
(@banana69,@dhiyaneshdk) [medium]
[CVE-2023-5074] D-Link D-View 8 v2.0.1.28 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-5089] Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
(@jpg0mez) [medium]
[CVE-2023-50917] MajorDoMo thumb.php - OS Command Injection (@dhiyaneshdk)
[critical]
[CVE-2023-50968] Apache OFBiz < 18.12.11 - Server Side Request Forgery (@your3cho)
[high]
[CVE-2023-51467] Apache OFBiz < 18.12.11 - Remote Code Execution (@your3cho)
[critical]
[CVE-2023-52085] Winter CMS Local File Inclusion - (LFI) (@sanineng) [medium]
[CVE-2023-5244] Microweber < V.2.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-5360] WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File
Upload (@theamanrawat) [critical]
[CVE-2023-5375] Mosparo < 1.0.2 - Open Redirect (@shankaracharya) [medium]
[CVE-2023-5556] Structurizr on-premises - Cross Site Scripting (@shankaracharya)
[medium]
[CVE-2023-5830] ColumbiaSoft DocumentLocator - Improper Authentication (@gonski)
[critical]
[CVE-2023-5914] Citrix StoreFront - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-5991] Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
(@kazgangap) [critical]
[CVE-2023-6018] Mlflow - Arbitrary File Write (@byt3bl33d3r) [critical]
[CVE-2023-6020] Ray Static File - Local File Inclusion (@byt3bl33d3r) [high]
[CVE-2023-6021] Ray API - Local File Inclusion (@byt3bl33d3r) [high]
[CVE-2023-6023] VertaAI ModelDB - Path Traversal (@m0ck3d,@cookiehanhoan) [high]
[CVE-2023-6038] H2O ImportFiles - Local File Inclusion (@danmcinerney,@byt3bl33d3r)
[high]
[CVE-2023-6063] WP Fastest Cache 1.2.2 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2023-6065] Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
(@kazgangap) [medium]
[CVE-2023-6114] Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated
Sensitive Data Exposure (@dhiyaneshdk) [high]
[CVE-2023-6360] WordPress My Calendar <3.4.22 - SQL Injection (@xxcdd) [critical]
[CVE-2023-6379] OpenCMS 14 & 15 - Cross Site Scripting (@msegoviag) [medium]
[CVE-2023-6380] OpenCms 14 & 15 - Open Redirect (@miguelsegoviagil) [medium]
[CVE-2023-6389] WordPress Toolbar <= 2.2.6 - Open Redirect (@kazgangap) [medium]
[CVE-2023-6553] Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code
Execution (@flx) [critical]
[CVE-2023-6567] LearnPress <= 4.2.5.7 - SQL Injection
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-6623] Essential Blocks < 4.4.3 - Local File Inclusion
(@iamnoooob,@rootxharsh,@pdresearch,@coldfish) [critical]
[CVE-2023-6634] LearnPress < 4.2.5.8 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-6831] mlflow - Path Traversal (@byobin) [high]
[CVE-2023-6875] WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-6895] Hikvision IP ping.php - Command Execution (@dhiyaneshdk,@archer)
[critical]
[CVE-2023-6909] Mlflow <2.9.2 - Path Traversal (@hyunsoo-ds) [high]
[CVE-2023-6977] Mlflow <2.8.0 - Local File Inclusion (@gy741) [high]
[CVE-2023-6989] Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
(@kazgangap) [critical]
[CVE-2023-7028] GitLab - Account Takeover via Password Reset
(@dhiyaneshdk,@rootxharsh,@iamnooob,@pdresearch) [high]
[CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x)
[critical]
[CVE-2024-0200] Github Enterprise Authenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-0204] Fortra GoAnywhere MFT - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2024-0235] EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
(@princechaddha) [medium]
[CVE-2024-0305] Ncast busiFacade - Remote Command Execution (@bmcel) [high]
[CVE-2024-0337] Travelpayouts <= 1.1.16 - Open Redirect (@kazgangap) [medium]
[CVE-2024-0352] Likeshop < 2.5.7.20210311 - Arbitrary File Upload
(@cookiehanhoan,@babybash,@samuelsamuelsamuel) [critical]
[CVE-2024-0713] Monitorr Services Configuration - Arbitrary File Upload
(@dhiyaneshdk) [high]
[CVE-2024-0881] Combo Blocks < 2.2.76 - Improper Access Control (@kazgangap)
[medium]
[CVE-2024-1021] Rebuild <= 3.5.5 - Server-Side Request Forgery (@bmcel) [critical]
[CVE-2024-1061] WordPress HTML5 Video Player - SQL Injection (@xxcdd) [critical]
[CVE-2024-1071] WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
(@dhiyaneshdk,@iamnooob) [critical]
[CVE-2024-1183] Gradio - Server Side Request Forgery (@dhiyaneshdk) [medium]
[CVE-2024-1208] LearnDash LMS < 4.10.3 - Sensitive Information Exposure
(@ritikchaddha) [medium]
[CVE-2024-1209] LearnDash LMS < 4.10.2 - Sensitive Information Exposure via
assignments (@ritikchaddha) [medium]
[CVE-2024-1210] LearnDash LMS < 4.10.2 - Sensitive Information Exposure
(@ritikchaddha) [medium]
[CVE-2024-1212] Progress Kemp LoadMaster - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@flx)
[medium]
[CVE-2024-1561] Gradio Applications - Local File Read (@diablo) [high]
[CVE-2024-1698] NotificationX <= 2.8.2 - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2024-1709] ConnectWise ScreenConnect 23.9.7 - Authentication Bypass (@johnk3r)
[critical]
[CVE-2024-20767] Adobe ColdFusion - Arbitrary File Read
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2024-21644] pyLoad Flask Config - Access Control (@west-wise) [high]
[CVE-2024-21645] pyload - Log Injection (@isacaya) [medium]
[CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code
Execution (@pdresearch) [high]
[CVE-2024-21887] Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
22.x) - Command Injection (@pdresearch,@parthmalhotra,@iamnoooob) [critical]
[CVE-2024-21893] Ivanti SAML - Server Side Request Forgery (SSRF) (@dhiyaneshdk)
[high]
[CVE-2024-22024] Ivanti Connect Secure - XXE (@watchtowr) [high]
[CVE-2024-22319] IBM Operational Decision Manager - JNDI Injection (@dhiyaneshdk)
[critical]
[CVE-2024-22320] IBM Operational Decision Manager - Java Deserialization
(@dhiyaneshdk) [high]
[CVE-2024-22927] eyoucms v.1.6.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-23334] aiohttp - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2024-2340] Avada < 7.11.7 - Information Disclosure (@t3l3machus) [medium]
[CVE-2024-2389] Progress Kemp Flowmon - Command Injection
(@pdresearch,@parthmalhotra) [critical]
[CVE-2024-23917] JetBrains TeamCity > 2023.11.3 - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-24131] SuperWebMailer 9.31.0.01799 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r)
[high]
[CVE-2024-25600] Unauthenticated Remote Code Execution – Bricks <= 1.9.6
(@christbowel) [critical]
[CVE-2024-25669] CaseAware a360inc - Cross-Site Scripting (@r3naissance) [medium]
[CVE-2024-25735] WyreStorm Apollo VX20 - Information Disclosure (@johnk3r) [high]
[CVE-2024-26331] ReCrystallize Server - Authentication Bypass (@carson chan) [high]
[CVE-2024-27198] TeamCity < 2023.11.4 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2024-27199] TeamCity < 2023.11.4 - Authentication Bypass (@dhiyaneshdk) [high]
[CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk)
[high]
[CVE-2024-27497] Linksys E2000 1.0.06 position.js Improper Authentication
(@dhiyaneshdk) [high]
[CVE-2024-27564] ChatGPT 个人专用版 - Server Side Request Forgery (@dhiyaneshdk)
[high]
[CVE-2024-27954] WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and
SSRF (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-27956] WordPress Automatic Plugin <= 3.92.0 - SQL Injection
(@dhiyaneshdk) [critical]
[CVE-2024-28255] OpenMetadata - Authentication Bypass (@dhiyaneshdk,@iamnooob)
[critical]
[CVE-2024-28734] Coda v.2024Q1 - Cross-Site Scripting (@kazgangap) [medium]
[CVE-2024-2876] Wordpress Email Subscribers by Icegram Express - SQL Injection
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-2879] WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection (@d4ly)
[high]
[CVE-2024-29059] .NET Framework - Leaking ObjRefs via HTTP .NET Remoting
(@iamnoooob,@rootxharsh,@dhiyaneshdk,@pdresearch) [high]
[CVE-2024-29269] Telesquare TLR-2005KSH - Remote Command Execution (@ritikchaddha)
[critical]
[CVE-2024-3097] NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated
Information Disclosure (@dhiyanesdk) [medium]
[CVE-2024-3136] MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via
template (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-31621] Flowise 1.6.5 - Authentication Bypass (@dhiyaneshdk) [high]
[CVE-2024-31848] CData API Server < 23.4.8844 - Path Traversal (@pussycat0x)
[critical]
[CVE-2024-31849] CData Connect < 23.4.8846 - Path Traversal (@dhiyaneshdk)
[critical]
[CVE-2024-31850] CData Arc < 23.4.8839 - Path Traversal (@dhiyaneshdk) [high]
[CVE-2024-31851] CData Sync < 23.4.8843 - Path Traversal (@dhiyaneshdk) [high]
[CVE-2024-32399] RaidenMAILD Mail Server v.4.9.4 - Path Traversal (@dhiyaneshdk)
[high]
[CVE-2024-32640] Mura/Masa CMS - SQL Injection (@iamnoooob,@rootxharsh,@pdresearch)
[critical]
[CVE-2024-32651] Change Detection - Server Side Template Injection (@edoardottt)
[critical]
[CVE-2024-3273] D-Link Network Attached Storage - Command Injection and Backdoor
Account (@pussycat0x) [critical]
[CVE-2024-33288] Prison Management System - SQL Injection Authentication Bypass
(@kazgangap) [high]
[CVE-2024-33575] User Meta WP Plugin < 3.1 - Sensitive Information Exposure
(@kazgangap) [medium]
[CVE-2024-33724] SOPlanning 1.52.00 Cross Site Scripting (@kazgangap) [medium]
[CVE-2024-3400] GlobalProtect - OS Command Injection (@salts,@parthmalhotra)
[critical]
[CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
(@topscoder) [high]
[CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
(@apple) [critical]
[CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting
(@omranisecurity) [medium]
[CVE-2024-4040] CrushFTP VFS - Sandbox Escape LFR (@dhiyaneshdk,@pussycat0x)
[critical]
[CVE-2024-4348] osCommerce v4.0 - Cross-site Scripting (@kazgangap) [medium]
[CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass
(@dhiyaneshdk) [critical]
[CVE-2024-4577] PHP CGI - Argument Injection (@hüseyin
tintaş,@sw0rk17,@securityforeveryone,@pdresearch) [critical]
[CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion
(@ritikchaddha) [high]
[CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@securityforeveryone)
[medium]
[3Com-wireless-default-login] 3Com Wireless 8760 Dual Radio - Default Login
(@ritikchaddha) [high]
[3com-nj2000-default-login] 3COM NJ2000 - Default Login (@daffainfo) [high]
[3ware-default-login] 3ware Controller 3DM2 - Default Login (@ritikchaddha) [high]
[ucmdb-default-login] Micro Focus Universal CMDB Default Login (@dwisiswant0)
[high]
[cs141-default-login] UPS Adapter CS141 SNMP Module Default Login (@socketz)
[medium]
[activemq-default-login] Apache ActiveMQ Default Login (@pdteam) [high]
[adminer-default-login] Adminer Default Login - Detect (@j4vaovo) [high]
[aem-default-login] Adobe AEM Default Login (@random-robbie) [high]
[aem-felix-console] Adobe Experience Manager Felix Console - Default Login
(@dhiyaneshdk) [high]
[canal-default-login] Alibaba Canal Default Login (@pdteam) [high]
[allnet-default-login] Allnet - Default Login (@ritikchaddha) [high]
[alphaweb-default-login] AlphaWeb XE Default Login (@lark lab) [medium]
[ambari-default-login] Apache Ambari Default Login (@pdteam) [high]
[ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
[airflow-default-login] Apache Airflow Default Login (@pdteam) [high]
[apisix-default-login] Apache Apisix Default Admin Login (@pdteam) [high]
[dolphinscheduler-default-login] Apache DolphinScheduler Default Login
(@for3stco1d) [high]
[dubbo-admin-default-login] Apache Dubbo - Default Admin Discovery (@ritikchaddha)
[high]
[kafka-center-default-login] Apache Kafka Center Default Login (@dhiyaneshdk)
[high]
[karaf-default-login] Apache Karaf - Default Login (@s0obi) [high]
[kylin-default-login] Apache Kylin Console - Default Login (@sleepingbag945) [high]
[ranger-default-login] Apache Ranger - Default Login (@for3stco1d) [high]
[tomcat-default-login] Apache Tomcat Manager Default Login
(@pdteam,@sinkettu,@nybble04) [high]
[tomcat-examples-login] Apache Tomcat - Default Login Discovery (@0xelkomy &
c0nqr0r) [info]
[apollo-default-login] Apollo Default Login (@paperpen) [high]
[arl-default-login] ARL Default Admin Login (@pikpikcu) [high]
[asus-rtn16-default-login] ASUS RT-N16 - Default Login (@ritikchaddha) [high]
[asus-wl500g-default-login] ASUS WL-500G - Default Login (@ritikchaddha) [high]
[asus-wl520GU-default-login] ASUS WL-520GU - Default Login (@ritikchaddha) [high]
[audiocodes-default-login] AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default
Login (@d4vy) [high]
[azkaban-default-login] Azkaban Web Client Default Credential (@pussycat0x) [high]
[barco-clickshare-default-login] Barco ClickShare - Default Login (@ritikchaddha)
[high]
[batflat-default-login] Batflat CMS - Default Login (@r3y3r53) [high]
[bloofoxcms-default-login] bloofoxCMS - Default Login (@theamanrawat) [high]
[caimore-default-login] CAIMORE Gateway Default Login - Detect (@pussycat0x)
[high]
[cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login
(@defektive) [high]
[camunda-default-login] Camunda - Default Login (@bhutch) [high]
[chinaunicom-default-login] China Unicom Modem Default Login (@princechaddha)
[high]
[cobbler-default-login] Cobbler Default Login (@c-sh0) [high]
[hue-default-credential] Cloudera Hue Default Admin Login (@for3stco1d) [high]
[crushftp-anonymous-login] CrushFTP - Anonymous Login (@pussycat0x) [high]
[crushftp-default-login] CrushFTP - Default Login (@pussycat0x) [high]
[dlink-centralized-default-login] D-Link AC Centralized Management System - Default
Login (@sleepingbag945) [high]
[dataease-default-login] Dataease - Default Login (@dhiyaneshdk) [high]
[datahub-metadata-default-login] DataHub Metadata - Default Login (@queencitycyber)
[high]
[dataiku-default-login] Dataiku - Default Login (@random-robbie) [high]
[dell-dpi-default-login] Dell DPI Remote Power Management - Default Login
(@megamansec) [medium]
[dell-idrac-default-login] Dell iDRAC6/7/8 Default Login
(@kophjager007,@megamansec) [high]
[dell-idrac9-default-login] DELL iDRAC9 Default Login (@kophjager007,@milo2012)
[high]
[emcecom-default-login] Dell EMC ECOM - Default Login (@techryptic (@tech)) [high]
[digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity)
[high]
[digitalrebar-default-login] RackN Digital Rebar Default Login (@c-sh0) [high]
[druid-default-login] Alibaba Druid Monitor Default Login (@pikpikcu,@j4vaovo)
[high]
[dvwa-default-login] DVWA Default Login (@pdteam) [critical]
[easyreport-default-login] EasyReport - Default Login (@sleepingbag945) [high]
[elasticsearch-default-login] ElasticSearch - Default Login (@mohammad reza omrani
| @omranisecurity) [high]
[empirec2-default-login] Empire C2 / Starkiller Interface - Default Login
(@clem9669,@parzival) [high]
[emqx-default-login] Emqx Default Admin Login (@for3stco1d) [high]
[esafenet-cdg-default-login] Esafenet CDG - Default Login (@chesterblue) [high]
[etl3100-default-login] EuroTel ETL3100 - Default Login (@r3y3r53) [high]
[exacqvision-default-login] ExacqVision Default Login (@elsfa7110) [high]
[feiyuxing-default-login] Feiyuxing Enterprise-Level Management System - Default
Login (@sleepingbag945) [high]
[flir-default-login] Flir Default Login (@pikpikcu) [medium]
[franklin-fueling-default-login] Franklin Fueling System - Default Login (@r3y3r53)
[high]
[frp-default-login] FRP Default Login (@pikpikcu) [high]
[fuelcms-default-login] Fuel CMS - Default Admin Discovery (@adam crosser) [high]
[geoserver-default-login] Geoserver Admin - Default Login
(@for3stco1d,@professorabhay,@ritikchaddha) [high]
[gitlab-weak-login] Gitlab Default Login (@suman_kar,@dwisiswant0) [high]
[glpi-default-login] GLPI Default Login (@andysvints) [high]
[goip-default-login] GoIP GSM VoIP Gateway - Default Password (@drfabiocastro)
[high]
[google-earth-dlogin] Google Earth Enterprise Default Login
(@orpheus,@johnjhacking) [high]
[gophish-default-login] Gophish < v0.10.1 Default Credentials (@arcc,@dhiyaneshdk)
[high]
[grafana-default-login] Grafana Default Login (@pdteam) [high]
[guacamole-default-login] Guacamole Default Login (@r3dg33k) [high]
[hongdian-default-login] Hongdian Default Login (@gy741) [high]
[smartsense-default-login] HortonWorks SmartSense Default Login (@techryptic
(@tech)) [high]
[hp-switch-default-login] HP 1820-8G Switch J9979A Default Login (@pussycat0x)
[high]
[huawei-HG532e-default-login] Huawei HG532e Default Credential (@pussycat0x) [high]
[hybris-default-login] Hybris - Default Login (@princechaddha) [high]
[ibm-dcbc-default-login] IBM Decision Center Business Console - Default Login
(@dhiyaneshdk) [high]
[ibm-dcec-default-login] IBM Decision Center Enterprise Console - Default Login
(@dhiyaneshdk) [high]
[ibm-dsc-default-login] IBM Decision Server Console - Default Login (@dhiyaneshdk)
[high]
[ibm-hmc-default-login] IBM Power HMC - Default Login (@r3s ost) [high]
[ibm-mqseries-default-login] IBM MQSeries Web Console Default Login (@righettod)
[high]
[ibm-storage-default-login] IBM Storage Management Default Login (@madrobot) [high]
[imm-default-login] Integrated Management Module - Default Login (@jpg0mez) [high]
[idemia-biometrics-default-login] IDEMIA BIOMetrics Default Login (@techryptic
(@tech)) [medium]
[iptime-default-login] ipTIME Default Login (@gy741) [high]
[ispconfig-default-login] ISPConfig - Default Password (@pussycat0x) [high]
[jboss-jbpm-default-login] JBoss jBPM Administration Console Default Login - Detect
(@dhiyaneshdk) [high]
[jmx-default-login] JBoss JMX Console Weak Credential Discovery (@paradessia)
[high]
[jenkins-weak-password] Jenkins Default Login (@zandros0) [high]
[jinher-oa-default-login] Jinher-OA C6 - Default Admin Discovery (@ritikchaddha)
[high]
[jupyterhub-default-login] Jupyterhub - Default Admin Discovery (@for3stco1d)
[high]
[kanboard-default-login] Kanboard - Default Login (@shelled) [high]
[kettle-default-login] Kettle - Default Login (@for3stco1d) [medium]
[leostream-default-login] Leostream Default Login (@bhutch) [high]
[lucee-default-login] Lucee - Default Login (@jpg0mez) [high]
[lutron-default-login] Lutron - Default Account (@geeknik) [critical]
[magnolia-default-login] Magnolia CMS Default Login - Detect (@pussycat0x) [high]
[mantisbt-default-credential] MantisBT Default Admin Login (@for3stco1d) [high]
[minio-default-login] Minio Default Login (@pikpikcu) [high]
[mobotix-default-credentials] Mobotix - Default Login (@robotshell) [high]
[mofi4500-default-login] MOFI4500-4GXeLTE-V2 Default Login (@pikpikcu) [high]
[nacos-default-login] Alibaba Nacos - Default Login (@sleepingbag945) [high]
[nagios-default-login] Nagios Default Login (@iamthefrogy) [high]
[nagiosxi-default-login] Nagios XI Default Admin Login - Detect (@ritikchaddha)
[critical]
[netsus-default-login] NetSUS Server Default Login (@princechaddha) [high]
[next-terminal-default-login] Next Terminal - Default Login (@ritikchaddha) [high]
[nexus-default-login] Nexus Default Login (@pikpikcu) [high]
[nodered-default-login] Node-Red - Default Login (@savik) [critical]
[nps-default-login] NPS Default Login (@pikpikcu) [high]
[nsicg-default-login] Netentsec NS-ICG - Default Login (@pikpikcu) [high]
[o2oa-default-login] O2OA - Default Login (@sleepingbag945) [high]
[octobercms-default-login] OctoberCMS - Default Admin Discovery (@princechaddha)
[high]
[ofbiz-default-login] Apache OfBiz Default Login (@pdteam) [high]
[openemr-default-login] OpenEMR - Default Admin Discovery (@geekby) [high]
[openmediavault-default-login] OpenMediaVault - Default Login (@dhiyaneshdk) [high]
[oracle-business-intelligence-login] Oracle Business Intelligence Default Login
(@milo2012) [high]
[aruba-instant-default-login] Aruba Instant - Default Login (@sleepingbag945)
[high]
[ciphertrust-default-login] Ciphertrust - Default Login (@sleepingbag945) [high]
[cnzxsoft-default-login] Cnzxsoft System - Default Login (@sleepingbag945) [high]
[inspur-clusterengine-default-login] Inspur Clusterengine 4 - Default Admin Login
(@ritikchaddha) [high]
[kingsoft-v8-default-login] Kingsoft 8 - Default Login (@ritikchaddha) [high]
[opencats-default-login] OpenCATS - Default Login (@arafatansari) [high]
[panabit-ixcache-default-login] Panabit iXCache - Default Admin Login
(@ritikchaddha) [high]
[secnet-ac-default-password] secnet ac - Default Admin Login (@ritikchaddha) [high]
[supershell-default-login] Supershell - Default Login (@sleepingbag945) [high]
[telecom-gateway-default-login] Telecom Gateway - Default Admin Login
(@ritikchaddha) [high]
[panos-default-login] Palo Alto Networks PAN-OS Default Login (@techryptic (@tech))
[high]
[panabit-default-login] Panabit Gateway - Default Login (@pikpikcu,@ritikchaddha)
[critical]
[pentaho-default-login] Pentaho Default Login (@pussycat0x) [high]
[phpmyadmin-default-login] phpMyAdmin - Default Login (@natto97,@notwhy) [high]
[powerjob-default-login] PowerJob - Default Login (@j4vaovo) [high]
[powershell-default-login] PowerShell Universal - Default Login (@ap3r) [high]
[prtg-default-login] PRTG Network Monitor - Hardcoded Credentials (@johnk3r) [high]
[pyload-default-login] PyLoad Default Login (@dhiyaneshdk) [high]
[rabbitmq-default-login] RabbitMQ Default Login (@fyoorer,@dwisiswant0) [high]
[rainloop-default-login] Rainloop WebMail - Default Admin Login (@for3stco1d)
[high]
[rancher-default-login] Rancher Default Login (@princechaddha) [high]
[rconfig-default-login] rConfig - Default Login (@theamanrawat) [high]
[ricoh-default-login] Ricoh Default Login (@gy741) [high]
[netman-default-login] Riello UPS NetMan 204 Network Card - Default Login
(@mabdullah22) [high]
[rockmongo-default-login] Rockmongo Default Login (@pikpikcu) [high]
[rseenet-default-login] Advantech R-SeeNet Default Login (@princechaddha) [high]
[ruckus-wireless-default-login] Ruckus Wireless - Default Login (@pussycat0x)
[critical]
[samsung-printer-default-login] Samsung Printer - Default Login (@gy741) [high]
[samsung-wlan-default-login] Samsung Wlan AP (WEA453e) Default Login (@pikpikcu)
[high]
[seeddms-default-login] SeedDMS Default Login (@alifathi-h1) [high]
[seeyon-a8-default-login] Seeyon OA A8 - Default Login (@sleepingbag945) [high]
[seeyon-monitor-default-login] Seeyon A8 Management Monitor - Default Login
(@sleepingbag945) [high]
[sequoiadb-default-login] SequoiaDB Default Login (@dhiyaneshdk) [high]
[showdoc-default-login] Showdoc Default Login (@pikpikcu) [medium]
[smartbi-default-login] SmartBI - Default Login (@sleepingbag945) [high]
[softether-vpn-default-login] SoftEther VPN Admin Console - Default Login (@bhutch)
[high]
[solarwinds-default-admin] SolarWinds Orion Default Login (@dwisiswant0) [high]
[sonarqube-default-login] SonarQube Default Login - Detect (@ep1csage) [high]
[soplanning-default-login] SOPlanning - Default Login (@kazgangap) [high]
[spectracom-default-login] Spectracom Default Login (@madrobot) [high]
[splunk-default-login] Splunk - Default Password (@pussycat0x) [high]
[stackstorm-default-login] StackStorm Default Login (@paperpen) [high]
[steve-default-login] SteVe Login Panel - Detect (@clem9669) [info]
[structurizr-default-login] Structurizr - Default Login (@dhiyaneshdk) [high]
[supermicro-default-login] Supermicro Ipmi - Default Admin Login (@for3stco1d)
[high]
[szhe-default-login] Szhe Default Login (@pikpikcu) [medium]
[timekeeper-default-login] TimeKeeper - Default Login (@theamanrawat) [high]
[tiny-filemanager-default-login] Tiny File Manager - Default Login (@shelled)
[high]
[tooljet-default-login] ToolJet - Default Login (@random-robbie) [high]
[trassir-default-login] Trassir WebView Default Login - Detect (@gtrrnr,@metascan)
[high]
[umami-default-login] Umami Default Login (@barthy.koeln) [high]
[versa-default-login] Versa Networks SD-WAN Application Default Login
(@davidmckennirey) [high]
[versa-flexvnf-default-login] Versa FlexVNF - Default Login (@c-sh0) [high]
[vidyo-default-login] Vidyo Default Login (@izn0u) [medium]
[trilithic-viewpoint-default] Trilithic Viewpoint Default Login (@davidmckennirey)
[high]
[visionhub-default-login] VisionHub Default Login (@techryptic (@tech)) [high]
[ac-default-login] AC Centralized Management System - Default password
(@sleepingbag945) [high]
[wazuh-default-login] Wazuh - Default Login
(@theamanrawat,@denandz,@pulsesecurity.co.nz) [high]
[weblogic-weak-login] WebLogic Default Login (@pdteam) [high]
[webmethod-integration-default-login] WebMethod Integration Server Default Login
(@christianpoeschl,@olewagner,@usdag) [high]
[webmin-default-login] Webmin - Default Login (@pussycat0x) [high]
[wifisky-default-login] Wifisky Default Login (@pikpikcu) [high]
[wildfly-default-login] Wildfly - Default Admin Login (@s0obi) [high]
[wso2-default-login] WSO2 Management Console Default Login (@cocxanh) [high]
[xerox7-default-login] Xerox WorkCentre 7xxx Printer Default Login (@miroslavsotak)
[high]
[xnat-default-login] XNAT - Default Login (@0x_akoko) [high]
[xploitspy-default-login] XploitSPY - Default Login (@andreluna) [high]
[xui-weak-login] X-UI - Default Login (@dali) [high]
[xxljob-default-login] XXL-JOB Default Login (@pdteam,@ritikchaddha) [high]
[yealink-default-login] Yealink CTP18 - Default Login (@parzival) [high]
[zabbix-default-login] Zabbix Default Login (@pdteam) [high]
[zmanda-default-login] Zmanda Default Login (@techryptic (@tech)) [high]
[3cx-phone-management-panel] 3CX Phone System Management Console - Panel Detect
(@idealphase) [info]
[3cx-phone-webclient-management-panel] 3CX Phone System Web Client Management
Console - Panel Detect (@idealphase) [info]
[3g-wireless-gateway] 3G Wireless Gateway Detection (@pussycat0x) [info]
[acemanager-login] ACEmanager Detection (@pussycat0x) [info]
[acenet-panel] AceNet AceReporter Report Panel - Detect (@dhiyaneshdk) [info]
[achecker-panel] AChecker Login - Panel Detect (@princechaddha) [info]
[ackee-panel] Ackee Panel - Detect (@userdehghani) [info]
[acrolinx-dashboard] Acrolinx Dashboard (@ffffffff0x) [info]
[acti-panel] ACTi Video Monitoring Panel - Detection (@dhiyaneshdk) [info]
[active-admin-exposure] ActiveAdmin Admin Dasboard Exposure (@pdteam) [info]
[activemq-panel] Apache ActiveMQ Exposure (@pdteam) [info]
[acunetix-login] Acunetix Login Panel - Detect (@tess) [info]
[acunetix-panel-detect] Acunetix Login Panel (@joanbono) [info]
[addonfinance-portal] AddOnFinance Portal - Detect (@ritikchaddha) [info]
[adhoc-transfer-panel] WS-FTP Ad Hoc Transfer Panel - Detect (@johnk3r) [info]
[adiscon-loganalyzer] Adiscon LogAnalyzer - Information Disclosure (@geeknik)
[high]
[adminer-panel] Adminer Login Panel - Detect (@random_robbie,@meme-
lord,@ritikchaddha) [info]
[adminset-panel] Adminset Login Panel (@ffffffff0x) [info]
[adobe-coldfusion-login] Adobe ColdFusion Component Browser Login Panel
(@dhiyaneshdk) [info]
[adobe-connect-central-login] Adobe Connect Central Login Panel (@dhiyaneshdk)
[info]
[adobe-experience-manager-login] Adobe Experience Manager Login Panel
(@dhiyaneshdk) [info]
[adobe-media-server] Adobe Media Server Login Panel (@dhiyaneshdk) [info]
[aem-crx-package-manager] Adobe AEM CRX Package Manager - Panel Detect
(@dhiyaneshdk) [info]
[aem-sling-login] Adobe Experience Manager Sling User Login - Detect (@dhiyaneshdk)
[info]
[advanced-setup-login] ActionTec Modem Advanced Setup Login Panel (@dhiyaneshdk)
[info]
[aerohive-netconfig-ui] Aerohive NetConfig UI (@pussycat0x) [info]
[afterlogic-webmail-login] AfterLogic WebMail Login Panel - Detect (@johnk3r)
[info]
[aircube-dashboard-panel] airCube Dashboard Login Panel - Detect (@theamanrawat)
[info]
[aircube-login] airCube Login - Detect (@dhiyaneshdk) [info]
[airflow-admin-login-panel] Apache Airflow Admin Login Panel (@pdteam) [info]
[airnotifier-panel] AirNotifier Login Panel - Detect (@tess) [info]
[akamai-cloudtest] Akamai CloudTest Panel (@emadshanab) [info]
[akhq-panel] AKHQ Panel - Detect (@dhiyaneshdk) [info]
[alfresco-detect] Alfresco CMS Detection (@pathtaga) [info]
[algonomia-panel] Algonomia Leaf Platform Panel - Detect (@righettod) [info]
[alienVault-usm] AlienVault USM Login Panel (@dhiyaneshdk) [info]
[allied-telesis-login] Allied Telesis Device GUI Login Panel - Detect
(@prajiteshsingh) [info]
[ambari-exposure] Apache Ambari Exposure Admin Login Panel (@pdteam) [info]
[amcrest-login] Amcrest Login (@dhiyaneshdk) [info]
[ametys-admin-login] Ametys Admin Login Panel (@pathtaga) [info]
[amp-application-panel] Application Management Panel - Detect (@dhiyaneshdk) [info]
[ampache-panel] Ampache Login Panel - Detect (@ritikchaddha) [info]
[ampps-admin-panel] AMPPS Admin Login Panel (@defr0ggy) [info]
[ampps-panel] AMPPS Login Panel (@defr0ggy) [info]
[amprion-gridloss-panel] Amprion Grid Loss Login Panel - Detect (@righettod) [info]
[anaqua-login-panel] Anaqua Login - Panel (@ep1csage) [info]
[ansible-semaphore-panel] Ansible Semaphore Panel Detect (@yuzhe-zhang-0) [info]
[ansible-tower-exposure] Ansible Tower - Detect (@pdteam,@idealphase) [info]
[apache-jmeter-dashboard] Apache JMeter Dashboard Login Panel - Detect (@tess)
[info]
[apache-apisix-panel] Apache APISIX Login Panel - Detect (@pikpikcu,@righettod)
[info]
[apache-mesos-panel] Apache Mesos - Panel Detect (@pikpikcu) [info]
[public-tomcat-manager] Apache Tomcat Manager Login Panel - Detect (@ahmed
sherif,@geeknik,@sinkettu) [info]
[apigee-panel] Apigee Login Panel - Detect (@righettod) [info]
[apiman-panel] Apiman Login Panel (@righettod) [info]
[appsmith-web-login] Appsmith User Login - Panel Detect (@powerexploit) [info]
[appspace-panel] Appspace Login Panel - Detect (@ritikchaddha) [info]
[appsuite-panel] Appsuite Login Panel - Detect (@dhiyaneshdk) [info]
[appwrite-panel] Appwrite Login Panel - Detect (@ritikchaddha) [info]
[aptus-panel] Aptus Login - Panel Detect (@princechaddha) [info]
[aqua-enterprise-panel] Aqua Enterprise - Panel Detect (@idealphase) [info]
[arangodb-web-interface] ArangoDB Web Interface - Detect (@pussycat0x) [info]
[arcgis-panel] ArcGIS Enterprise Panel (@podalirius) [info]
[arcgis-api-service] ArcGIS REST Services Directory - Detect (@heeress) [info]
[archibus-webcentral-panel] Archibus Web Central Login - Panel Detect
(@righettod,@pjborah,@hardik-rathod) [info]
[arcserve-panel] ArcServe Panel - Detect (@dhiyaneshdk) [info]
[argocd-detect] Argo CD Login Panel (@adam crosser,@daffainfo,@aringo) [info]
[arris-modem-detect] ARRIS Touchstone Telephony Modem - Panel Detect (@gy741)
[info]
[aspcms-backend-panel] Aspcms Backend Panel - Detect (@sleepingbag945) [info]
[aspect-control-panel] ASPECT Control Panel Login - Detect (@justaacat) [info]
[asus-aicloud-panel] ASUS AiCloud Panel - Detect (@ritikchaddha) [info]
[asus-router-panel] Asus Router Login Panel - Detect (@arafatansari) [info]
[atlantis-detect] Atlantis Panel - Detect (@jonathanwalker) [info]
[atlassian-bamboo-panel] Atlassian Bamboo Login Panel - Detect (@righettod) [info]
[atlassian-crowd-panel] Atlassian Crowd Login Panel (@organiccrap,@adamcrosser)
[info]
[atvise-login] Atvise Login Panel (@idealphase) [info]
[audiobookshelf-panel] Audiobookshelf Login Panel - Detect (@ritikchaddha) [info]
[audiocodes-detect] AudioCodes Login - Panel Detect (@princechaddha) [info]
[authelia-panel] Authelia Panel - Detect (@rxerium) [info]
[automatisch-panel] Automatisch Panel - Detect (@rxerium) [info]
[autoset-detect] AutoSet Page - Detect (@mastercho) [info]
[avantfax-panel] AvantFAX Login Panel (@pikpikcu,@daffainfo) [info]
[avatier-password-management] Avatier Password Management Panel (@praetorian-
thendrickson,@iamthefrogy,@dhiyaneshdk) [info]
[avayaaura-cm-panel] Avaya Aura Communication Manager Login - Panel Detect
(@princechaddha) [info]
[avayaaura-system-manager-panel] Avaya Aura System Manager Login - Panel Detect
(@princechaddha) [info]
[aviatrix-panel] Aviatrix Cloud Controller Panel
(@pikpikcu,@philippedelteil,@daffainfo) [info]
[avigilon-panel] Avigilon Login Panel - Detect (@robotshell) [info]
[avtech-avn801-camera-panel] Avtech AVN801 Network Camera Admin Panel - Detect
(@idealphase) [info]
[avtech-dvr-exposure] AVTECH AVC798HA DVR - Information Exposure (@geeknik) [low]
[aws-ec2-autoscale] AWS EC2 Auto Scaling Lab (@dhiyaneshdk) [info]
[aws-opensearch-login] AWS OpenSearch Login - Detect (@higor melgaço (eremit4))
[info]
[axel-webserver] Axel WebServer - Panel Detect (@pikpikcu) [info]
[axigen-webadmin] Axigen Web Admin Detection (@dhiyaneshdk) [info]
[axigen-webmail] Axigen WebMail PanelDetection (@dhiyaneshdk,@idealphase) [info]
[axway-api-manager-panel] Axway API Manager Panel - Detect (@johnk3r) [info]
[axway-securetransport-panel] Axway SecureTransport Login Panel - Detect
(@righettod) [info]
[axway-securetransport-webclient] Axway SecureTransport Web Client Panel - Detect
(@righettod) [info]
[axxon-client-panel] Axxon Next Client Login - Detect (@irshadahamed) [info]
[azkaban-web-client] Azkaban Web Client (@dhiyaneshdk) [info]
[backpack-admin-panel] Laravel Backpack Admin Login Panel - Detect (@shine) [info]
[barracuda-panel] Barracuda SSL VPN Log In (@dhiyaneshdk) [info]
[bazarr-login-detect] Bazarr Login - Detect (@r3dg33k) [info]
[bedita-panel] BEdita Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[beego-admin-dashboard] Beego Admin Dashboard Panel- Detect (@dhiyaneshdk) [medium]
[beyondtrust-login-server] BeyondTrust Privileged Access Management Login - Detect
(@r3dg33k,@nuk3s3c) [info]
[beyondtrust-panel] BeyondTrust Login Panel - Detect (@r3dg33k,@nuk3s3c) [info]
[beyondtrust-priv-panel] BeyondTrust Privileged Remote Access - Panel (@righettod)
[info]
[bigant-login-panel] BigAnt Admin Login Panel - Detect (@princechaddha) [info]
[bigbluebutton-login] BigBlueButton Login Panel (@myztique) [info]
[bigfix-login] HCL BigFix Login Panel - Detect (@idealphase) [info]
[bigip-icontrol-rest] F5 BIG-IP iControl REST Panel - Detect (@mrcl0wnlab) [info]
[biotime-panel] BioTime Web Login Panel - Detect (@robotshell) [info]
[bitdefender-gravityzone] Bitdefender GravityZone Panel - Detect (@dhiyaneshdk)
[info]
[bitrix-login] Bitrix Login Panel (@juicypotato1) [info]
[bitwarden-vault-panel] Bitwarden Web Vault Login Panel - Detect (@ritikchaddha)
[info]
[black-duck-panel] Black Duck Login Panel - Detect (@idealphase,@ritikchaddha)
[info]
[bloofoxcms-login-panel] bloofoxCMS Login Panel - Detect (@theamanrawat) [info]
[blue-iris-login] Blue Iris Login Panel - Detect (@dhiyaneshdk,@idealphase) [info]
[bmc-panel-detect] BMC Discovery Outpost Admin Panel - Detect (@pikpikcu) [info]
[bmc-discovery-panel] BMC Discovery Login Panel - Detect (@daffainfo) [info]
[bmc-remedy-sso-panel] BMC Remedy SSO Login Panel - Detect (@righettod) [info]
[bolt-cms-panel] BoltCMS Login Panel - Detect (@cyllective,@daffainfo) [info]
[bomgar-login-panel] Bomgar Login Panel - Detect (@pdteam) [info]
[bonobo-server-panel] Bonobo Git Server Login Panel - Detect (@bhutch) [info]
[bookstack-panel] BookStack Login Panel - Detect (@cyllective,@daffainfo) [info]
[buddy-panel] Buddy Panel - Detect (@thardt-praetorian) [info]
[buildbot-panel] Buildbot Panel - Detect (@thardt-praetorian,@daffainfo) [info]
[busybox-repository-browser] Busybox Repository Browser - Detect (@ritikchaddha)
[info]
[bynder-panel] Bynder Login Panel - Detect (@righettod) [info]
[ares-rat-c2] Area Rat C2 - Detect (@pussycat0x) [info]
[brute-ratel-c4] Brute Ratel C4 - Detect (@pussycat0x) [info]
[caldera-c2] Caldera C2 - Detect (@pussycat0x) [info]
[covenant-c2] Covenant C2 - Detect (@pussycat0x) [info]
[deimos-c2] Deimos C2 - Detect (@pussycat0x) [info]
[empire-c2] Empire C2 - Detect (@pussycat0x) [info]
[evilginx] EvilGinx - Detect (@pussycat0x) [info]
[hack5-cloud-c2] Hack5 Cloud C2 - Detect (@pussycat0x) [info]
[hookbot-rat] Hookbot Rat Panel - Detect (@pussycat0x) [info]
[meduza-stealer] Meduza Stealer Panel - Detect (@dwisiswant0) [info]
[mystic-stealer] Mystic Stealer Panel - Detect (@pussycat0x) [info]
[mythic-c2] Mythic C2 - Detect (@pussycat0x) [info]
[nh-c2] NH C2 Server - Detect (@pussycat0) [info]
[pupyc2] PupyC2 - Detect (@pussycat0x) [info]
[rhadamanthys-stealer-panel] Rhadamanthys Stealer C2 Panel - Detect (@ritikchaddha)
[info]
[supershell-c2] Supershell C2 - Detect (@pussycat0x) [info]
[viper-c2] Viper C2 - Detect (@pussycat0x) [info]
[cacti-panel] Cacti Login Panel - Detect (@geeknik,@daffainfo) [info]
[calendarix-panel] Calendarix Admin Login Panel - Detect (@r3dg33k) [info]
[call-break-cms] Call Break CMS Panel - Detect (@dhiyaneshdk) [info]
[camunda-login-panel] Camunda Login Panel - Detect (@alifathi-h1) [info]
[cas-login] CAS Login Panel - Detect (@pdteam) [info]
[casaos-panel] CasaOS Login Panel - Detect (@dhiyaneshdk) [info]
[casdoor-login] Casdoor Login Panel - Detect (@princechaddha) [info]
[casemanager-panel] CaseManager Login Panel - Detect (@ffffffff0x) [info]
[cassia-bluetooth-gateway-panel] Cassia Bluetooth Gateway Panel - Detect
(@dhiyaneshdk) [info]
[caton-network-manager-system] Caton Network Manager System Login Panel - Detect
(@pussycat0x) [info]
[ccm-detect] Clear-Com Core Configuration Manager Panel - Detect (@failopen) [info]
[centreon-panel] Centreon Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[cerebro-panel] Cerebro Login Panel - Detect (@huowuzhao,@elder tao) [info]
[changedetection-panel] Changedetection.io Panel - Detect (@rxerium) [info]
[checkmarx-panel-detect] Checkmarx WebClient Login Panel - Detect (@joanbono)
[info]
[checkmk-login] Checkmk Login Panel - Detect (@princechaddha) [info]
[checkpoint-panel] Checkpoint Login Panel - Detect (@0x240x23elu) [info]
[ssl-network-extender] CheckPoint SSL Network Extender Login Panel - Detect
(@idealphase) [info]
[chemotargets-clarityvista-panel] Chemotargets Clarity Vista Login Panel - Detect
(@righettod) [info]
[chronos-panel] Chronos Panel - Detect (@righettod) [info]
[cisco-firepower-panel] Cisco Firepower Management Center login - Detect (@charles
d) [info]
[cisco-unity-panel] Cisco Unity Connection Panel - Detect (@heeress) [info]
[cisco-ace-device-manager] Cisco ACE 4710 Device Manager Login Panel - Detect
(@dhiyaneshdk) [info]
[cisco-anyconnect-vpn] Cisco AnyConnect VPN Panel - Detect (@pdteam) [info]
[cisco-asa-panel-detect] Cisco ASA VPN Panel - Detect (@organiccrap) [info]
[cisco-edge-340] Cisco Edge 340 Panel - Detect (@dhiyaneshdk) [info]
[cisco-expressway-panel] CISCO Expressway Login Panel - Detect (@righettod) [info]
[cisco-finesse-login] Cisco Finesse Login Panel - Detect (@dhiyaneshdk) [info]
[cisco-integrated-login] Cisco Integrated Management Controller Login Panel -
Detect (@dhiyaneshdk) [info]
[cisco-ios-xe-panel] Cisco IOS XE - Detect (@bhutch) [info]
[cisco-meraki-exposure] Cisco Meraki Cloud Security Appliance Panel - Detect
(@dhiyaneshdk,@r3naissance) [info]
[cisco-onprem-panel] Cisco Smart Software Manager On-Prem Panel - Detect (@irshad
ahamed) [info]
[cisco-prime-infrastructure] Cisco Prime Infrastructure Panel - Detect
(@dhiyaneshdk) [info]
[cisco-sd-wan] Cisco SD-WAN Login Panel - Detect (@z3bd) [info]
[cisco-secure-cn] Cisco Secure CN Login Panel - Detect (@dhiyaneshdk) [info]
[cisco-secure-desktop] Cisco Secure Desktop Installation Panel - Detect (@pdteam)
[info]
[cisco-sendgrid] Cisco ServiceGrid Login Panel - Detect (@dhiyaneshdk) [info]
[cisco-systems-login] Cisco Systems Login Panel - Detect (@dhiyaneshdk,@idealphase)
[info]
[cisco-telepresence] Cisco TelePresence Login Panel - Detect (@dhiyaneshdk) [info]
[cisco-ucs-kvm-login] Cisco UCS Manager KVM Login Panel - Detect (@idealphase)
[info]
[cisco-vmanage-login] Cisco vManage Login Panel - Detect (@dhiyaneshdk) [info]
[cisco-webvpn-detect] Cisco WebVPN Panel - Detect (@ricardomaia) [info]
[citrix-adc-gateway-panel] Citrix ADC Gateway Login Panel - Detect (@organiccrap)
[info]
[citrix-vpn-detect] Citrix VPN Panel - Detect (@pdteam) [info]
[claris-filemaker-webdirect] Claris FileMaker WebDirect Panel - Detect
(@dhiyaneshdk) [info]
[clave-login-panel] Clave Login Panel - Detect (@__fazal) [info]
[cleanweb-panel] CleanWeb Login Panel - Detect (@righettod) [info]
[clearpass-policy-manager] ClearPass Policy Manager Login Panel - Detect
(@dhiyaneshdk) [info]
[cloudpanel-login] CloudPanel Login - Detect (@dhiyaneshdk) [info]
[cloudphysician-radar] Cloudphysician RADAR Login Panel - Detect (@dhiyaneshdk)
[info]
[cobbler-webgui] Cobbler WebGUI Login Panel - Detect (@c-sh0) [info]
[code-server-login] Code-Server Login Panel - Detect (@tess) [info]
[code42-panel] Code42 Panel - Detect (@adam crosser) [info]
[codemeter-webadmin-panel] CodeMeter - WebAdmin Panel Access (@techryptic (@tech))
[info]
[cofense-vision-panel] Cofense Vision Login Panel - Detect (@adam crosser) [info]
[coldfusion-administrator-login] ColdFusion Administrator Login Panel - Detect
(@dhiyaneshdk) [info]
[compal-panel-detect] Compal CH7465LG Login Panel - Detect (@fabaff) [info]
[compalex-panel-detect] Compalex Panel - Detect (@mastercho) [medium]
[completeview-web-panel] CompleteView Panel - Detect (@tess) [info]
[concourse-ci-panel] Concourse CI Login Panel - Detect (@praetorian-thendrickson)
[info]
[concrete5-install] Concrete5 Install Panel (@osamahamad,@princechaddha) [critical]
[concrete5-panel] Concrete5 Login Panel - Detect (@dhiyaneshdk) [info]
[connectbox-panel] Connect Box Login Panel - Detect (@fabaff) [info]
[connectwise-backup-manager] ConnectWise Server Backup Manager SE Panel - Detect
(@prajiteshsingh) [info]
[connectwise-panel] ConnectWise Control Remote Support Software Panel - Detect
(@johnk3r) [info]
[contao-login-panel] Contao Login Panel - Detect (@princechaddha) [info]
[content-central-login] Content Central Login Panel - Detect (@theabhinavgaur)
[info]
[contentkeeper-detect] ContentKeeper Cloud Panel - Detect (@geeknik) [info]
[corebos-panel] coreBOS Panel - Detect (@arafatansari) [info]
[cortex-xsoar-login] Cortex XSOAR Login Panel - Detect (@dhiyaneshdk) [info]
[couchdb-exposure] Apache CouchDB Panel - Detect (@organiccrap) [info]
[couchdb-fauxton] Apache CouchDB Fauxton Panel - Detect (@pdteam) [info]
[cox-business-panel] Cox Business Dominion Gateway Login Panel - Detect
(@dhiyaneshdk) [info]
[cpanel-api-codes] cPanel API Codes Panel - Detect (@dhiyaneshdk) [info]
[craftcms-admin-panel] Craft CMS Admin Login Panel - Detect (@supr4s) [info]
[craftercms-panel] CrafterCMS Login Panel - Detect (@righettod) [info]
[creatio-login-panel] Creatio Login Panel - Detect (@theamanrawat) [info]
[crontab-ui] Crontab UI - Dashboard Exposure (@dhiyaneshdk) [high]
[crushftp-login] CrushFTP WebInterface Panel - Detect (@dhiyaneshdk) [info]
[crxde-lite] CRXDE Lite Panel - Detect (@nadino) [info]
[cryptobox-panel] Cryptobox Panel - Detect (@righettod) [info]
[csod-panel] Cornerstone OnDemand Panel - Detect (@righettod) [info]
[cudatel-panel] CudaTel Login Panel - Detect (@arafatansari) [info]
[cvent-panel-detect] Cvent Login Panel - Detect (@tess) [info]
[cwp-webpanel] Control Web Panel Login Panel - Detect (@ffffffff0x) [info]
[cx-cloud-login] CX Cloud Panel - Detect (@dhiyaneshdk) [info]
[cyberchef-panel] Cyber Chef Panel - Detect (@rxerium) [info]
[cyberoam-ssl-vpn-panel] Cyberoam SSL VPN Panel - Detect (@idealphase) [info]
[dlink-wireless] D-Link Wireless Router Panel - Detect (@dhiyaneshdk) [info]
[dahua-web-panel] Dahua Web Service Panel - Detect (@dhiyaneshdk,@rxerium) [info]
[darktrace-threat-visualizer] Darktrace Threat Visualizer Login Panel - Detect
(@dhiyaneshdk) [info]
[dashy-panel] Dashy Panel - Detect (@ritikchaddha) [info]
[datadog-login] Datadog Login Panel - Detect (@dhiyaneshdk) [info]
[dataease-panel] Dataease - Login Panel (@dhiyaneshdk) [info]
[dataiku-panel] Dataiku Panel - Detect (@dhiyaneshdk) [info]
[davantis-panel] Davantis Video Analytics Panel - Detect (@robotshell) [info]
[daybyday-panel] DaybydayCRM Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[dbgate-panel] DbGate Web Client Management - Panel Detect (@h0j3n) [info]
[defectdojo-panel] DefectDojo Login Panel - Detect (@adam crosser) [info]
[dell-bmc-panel] Dell BMC Panel - Detect (@megamansec) [info]
[dell-idrac] Dell IDRAC Panel - Detect (@kazet) [info]
[dell-openmanager-login] Dell OpenManage Switch Administrator Login Panel - Detect
(@dhiyaneshdk) [info]
[dell-wyse-login] Dell Wyse Management Suite Login Panel - Detect (@gy741) [info]
[delta-login-panel] Delta Controls Admin Login Panel - Detect (@gy741) [info]
[deluge-webui-panel] Deluge WebUI Login Panel - Detect (@tess) [info]
[dericam-login] Dericam Login Panel - Detect (@dhiyaneshdk) [info]
[digital-watchdog-panel] Digital Watchdog - Detect (@ritikchaddha) [info]
[digitalrebar-login] RackN Digital Rebar Login Panel - Detect (@c-sh0) [info]
[directadmin-login-panel] DirectAdmin Login Panel - Detect (@idealphase) [info]
[directum-login] Directum Login Panel - Detect (@pikpikcu) [info]
[discuz-panel] Discuz Panel - Detection (@ritikchaddha) [info]
[django-admin-panel] Python Django Admin Login Panel - Detect (@pdteam) [info]
[docebo-elearning-panel] Docebo eLearning Login Panel - Detect (@pikpikcu) [info]
[dockge-panel] Dockge Panel - Detect (@rxerium) [info]
[dokuwiki-panel] Dokuwiki Login Panel - Detect (@righettod) [info]
[dolibarr-panel] Dolibarr Login Panel - Detect (@pikpikcu,@daffainfo,@righettod)
[info]
[doris-panel] Doris Panel - Detect (@ritikchaddha) [info]
[dotclear-panel] Dotclear Admin Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[dotcms-admin-panel] dotAdmin Login Panel- Detect (@impramodsargar) [info]
[dplus-dashboard] DPLUS Dashboard Panel - Detect (@tess) [info]
[dqs-superadmin-panel] DQS Superadmin Login Panel - Detect (@hardik-solanki) [info]
[dradis-pro-panel] Dradis Professional Edition Login Panel - Detect (@righettod)
[info]
[drawio-flowchartmaker-panel] draw.io Flowchart Maker Panel - Detect
(@princechaddha) [info]
[drone-ci-panel] Drone CI Login Panel - Detect (@yuzhe-zhang-0) [info]
[druid-console-exposure] Alibaba Druid Panel - Detect (@pdteam) [info]
[druid-panel] Druid Monitor Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[drupal-login] Drupal Login Panel - Detect (@pathtaga) [info]
[dxplanning-panel] DXPlanning Panel - Detect (@righettod) [info]
[dynamicweb-panel] Dynamicweb Login Panel - Detect (@pdteam) [info]
[dynatrace-login] Dynatrace Login Panel - Detect (@ja1sh) [info]
[dzzoffice-install] DzzOffice Installation Panel - Detect (@ritikchaddha) [high]
[dzzoffice-panel] DzzOffice Login Panel - Detect (@ritikchaddha) [info]
[e-mobile-panel] E-mobile Panel - Detect (@ritikchaddha) [info]
[eMerge-panel] Nortek Linear eMerge Panel - Detect (@arafatansari) [info]
[earcu-panel] eArcu Panel - Detect (@righettod) [info]
[easyjob-panel] EasyJOB Login Panel - Detect (@righettod) [info]
[easyvista-panel] EasyVista Login Panel - Detect (@righettod) [info]
[eclipse-birt-panel] Eclipse BIRT Panel - Detect (@shiva (strobes security)) [info]
[ecosys-command-center] ECOSYS Command Center RX Panel - Detect (@princechaddha)
[info]
[edgeos-login] EdgeOS Login Panel - Detect (@princechaddha) [info]
[efak-login-panel] Eagle For Apache Kakfa Login - Detect (@irshad ahamed) [info]
[eko-management-console-login] Eko Charger Management Console Login Panel - Detect
(@clem9669) [info]
[eko-software-update-panel] Eko Software Update Panel - Detect (@clem9669) [info]
[elemiz-network-manager] Elemiz Network Manager Login Panel - Detect (@pussycat0x)
[info]
[emby-panel] Emby Login Panel - Detect (@idealphase) [info]
[emerson-power-panel] Emerson Network Power IntelliSlot Web Card Panel - Detect
(@princechaddha) [info]
[emessage-panel] eMessage Login Panel - Detect (@ffffffff0x) [info]
[emqx-panel] EMQX Login Panel - Detect (@righettod) [info]
[ems-login-panel] EMS Login Panel - Detect (@__fazal) [info]
[ems-webclient-panel] EMS Web Client Login Panel - Detect (@pussycat0x,@daffainfo)
[info]
[identityguard-selfservice-entrust] Entrust IdentityGuard Self-Service Login Panel
- Detect (@nodauf) [info]
[eos-http-browser] EOS HTTP Browser (@dhiyaneshdk) [medium]
[episerver-panel] Episerver Login Panel (@william söderberg @ withsecure) [info]
[epson-access-detect] Epson Device Unauthorized Access Detect (@pussycat0x) [info]
[epson-projector-detect] Epson Projector Login Panel - Detect (@gy741) [info]
[epson-web-control-detect] Epson Printer (@pussycat0x) [info]
[eset-protect-panel] Eset Protect Login Panel - Detect (@charles d.) [info]
[esphome-panel] ESPHome Login Panel - Detect (@fabaff) [info]
[esxi-system] ESXi System Login Panel - Detect (@dhiyaneshdk) [info]
[eventum-panel] Eventum Login Panel - Detect (@princechaddha) [info]
[evlink-panel] EVlink Local Controller - Detection (@ritikchaddha) [info]
[evse-web-panel] EVSE Web Interface Panel - Detection (@ritikchaddha) [info]
[ewm-manager-panel] EWM Manager Login Panel - Detect (@pussycat0x) [info]
[exagrid-manager-panel] ExaGrid Manager Login Panel - Detect (@pussycat0x) [info]
[exolis-engage-panel] Exolis Engage Panel - Detect (@righettod) [info]
[exposed-webalizer] Webalizer Panel - Detect (@pdteam) [info]
[extreme-netconfig-ui] Extreme NetConfig UI Panel - Detect (@pussycat0x) [info]
[ektron-cms-panel] Ektron CMS Login Panel - Detect (@pikpikcu) [info]
[ez-publish-panel] eZ Publish Login Panel - Detect (@ritikchaddha) [info]
[f-secure-policy-manager] F-Secure Policy Manager Server Login Panel - Detect
(@dhiyaneshdk) [info]
[f5-admin-interface] F5 Admin Interface - Detect (@drewvravick) [info]
[faraday-login] Faraday Login Panel - Detect (@dhiyaneshdk) [info]
[fastapi-docs] FastAPI Docs Panel - Detect (@github.com/its0x08) [info]
[fastpanel-hosting-control-panel] FASTPANEL Login Panel - Detect (@pikpikcu) [info]
[fatpipe-ipvpn-panel] FatPipe IPVPN® Panel - Detect (@dwisiswant0) [info]
[fatpipe-mpvpn-panel] FatPipe MPVPN - Panel Detect (@princechaddha) [info]
[fatpipe-warp-panel] FatPipe WARP - Panel Detect (@princechaddha) [info]
[femtocell-panel] Femtocell Access Point Panel - Detect (@dhiyaneshdk) [info]
[filebrowser-login-panel] File Browser Login Panel - Detect (@ritikchaddha) [info]
[fiori-launchpad] Fiori Launchpad Login Panel - Detect (@dhiyaneshdk) [info]
[fiorilaunchpad-logon] Fiori Launchpad Login Panel - Detect (@dhiyaneshdk) [info]
[fireware-xtm-user-authentication] Fireware XTM Login Panel - Detect (@dhiyaneshdk)
[info]
[flahscookie-superadmin-panel] Flahscookie Superadmin Login Panel - Detect
(@hardik-solanki) [info]
[flightpath-panel] FlightPath Login Panel - Detect (@princechaddha) [info]
[flink-exposure] Apache Flink Login Panel - Detect (@pdteam) [info]
[flip-cms-panel] FlipCMS Login Panel - Detect (@idealphase) [info]
[flowci-panel] FlowCI Panel - Detect (@adam crosser) [info]
[flureedb-admin-console] FlureeDB Admin Console Login Panel - Detect (@dhiyaneshdk)
[info]
[footprints-panel] FootPrints Service Core Login Panel - Detect (@tess) [info]
[forcepoint-applicance] Forcepoint Appliance (@dhiyaneshdk) [info]
[forcepoint-login-panel] Forcepoint Login panel (@husain) [info]
[fortiadc-panel] FortiADC Login Panel - Detect (@dhiyaneshdk) [info]
[f5-next-central-manager] F5 Next Central Manager Panel - Detect
(@egemenkochisarli) [info]
[fortiap-panel] FortiAP Login Panel - Detect (@dhiyaneshdk) [info]
[fortiauthenticator-detect] FortiAuthenticator - Detect (@johnk3r) [info]
[forticlientems-panel] FortiClient Endpoint Management Server Panel - Detect
(@h4sh5) [info]
[fortimail-login] Fortinet FortiMail Login Panel - Detect (@johnk3r) [info]
[fortinet-fortiddos-panel] Fortinet FortiDDoS Panel (@johnk3r) [info]
[fortinet-fortigate-panel] Fortinet FortiGate SSL VPN Login Panel - Detect
(@bsysop) [info]
[fortinet-fortimanager-panel] Fortinet FortiManager Panel - Detect (@johnk3r)
[info]
[fortinet-fortinac-panel] Fortinet FortiNAC Login Panel - Detect (@johnk3r) [info]
[fortinet-panel] Fortinet Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[fortinet-fortios-management-panel] Fortinet FortiOS Management Interface Panel -
Detect (@mbmy) [info]
[fortios-panel] FortiOS Admin Login Panel - Detect (@canberbamber,@jna1) [info]
[fortisiem-panel] FortiSIEM Login Panel - Detect (@pussycat0x) [info]
[fortitester-login-panel] Fortinet FortiTester Login Panel - Detect (@dhiyaneshdk)
[info]
[fortiweb-login] Fortinet FortiWeb Login Panel - Detect (@pr3r00t,@daffainfo)
[info]
[fortiwlm-panel] Fortinet FortiWLM Login Panel - Detect (@egemenkochisarli) [info]
[freeipa-panel] FreeIPA Identity Management Login Panel - Detect (@dhiyaneshdk)
[info]
[freepbx-administration-panel] FreePBX Admin Panel - Detect (@tess) [info]
[friendica-panel] Friendica Panel - Detect (@righettod) [info]
[froxlor-management-panel] Froxlor Server Management Login Panel - Detect
(@dhiyaneshdk) [info]
[ftm-manager-panel] Financial Transaction Manager Login Panel - Detect
(@idealphase) [info]
[fuelcms-panel] Fuel CMS Login Panel - Detect (@adam crosser) [info]
[fuji-xerox-printer-detect] Fuji Xerox Printer Panel - Detect (@gy741) [info]
[fusionauth-admin-panel] FusionAuth Admin Panel - Detect (@ritikchaddha) [info]
[gargoyle-router] Gargoyle Router Management Utility Admin Login Panel - Detect
(@dhiyaneshdk) [info]
[gemweb-plus-panel] GEMweb Plus 500 Login Panel - Detect (@princechaddha) [info]
[geoserver-login-panel] GeoServer Login Panel - Detect (@ritikchaddha) [info]
[gerapy-detect] Gerapy Panel - Detect (@pikpikcu) [info]
[gespage-panel] Gespage Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[ghost-panel] Ghost Panel - Detect (@userdehghani) [info]
[gira-homeserver-homepage] Gira HomeServer 4 Login Panel - Detect (@tess) [info]
[git-repository-browser] Git Repository Browser Panel - Detect (@tess) [info]
[gitblit-panel] Gitblit Login Panel - Detect (@tess) [info]
[gitea-login] Gitea Login Panel - Detect (@dhiyaneshdk) [info]
[github-enterprise-detect] Github Enterprise Login Panel - Detect (@ehsahil) [info]
[gitlab-detect] Gitlab Login Panel - Detect (@ehsahil) [info]
[globalprotect-panel] Palo Alto Networks GlobalProtect Login Panel - Detect
(@organiccrap) [info]
[glowroot-panel] Glowroot - Panel (@dhiyaneshdk) [info]
[glpi-project_glpi] GLPI Panel - Detect
(@dogasantos,@daffainfo,@ricardomaia,@dhiyaneshdk) [info]
[gnu-mailman] GNU Mailman Panel - Detect (@matt galligan) [info]
[go-anywhere-client] GoAnywhere Web Client Login Panel - Detect (@iamthefrogy)
[info]
[goanywhere-mft-login] GoAnywhere Managed File Transfer Login Panel - Detect
(@ritikchaddha,@righettod) [info]
[gocd-login] GoCD Login Panel - Detect (@dhiyaneshdk) [info]
[gocron-panel] Gocron Panel - Detect (@ffffffff0x) [info]
[gogs-panel] Gogs Login Panel - Detect (@dhiyaneshdk,@daffainfo) [info]
[goodjob-dashboard] goodjob-dashboard (@hahwul) [medium]
[gophish-login] Gophish Login Panel - Detect (@dhiyaneshdk) [info]
[gotify-panel] Gotify Login Panel - Detect (@righettod) [info]
[gradle-cache-node-detect] Gradle Enterprise Build Cache Node Login Panel - Detect
(@adam crosser) [info]
[gradle-enterprise-panel] Gradle Enterprise Login Panel - Detect (@adam crosser)
[info]
[grafana-detect] Grafana Login Panel - Detect (@organiccrap,@adamcrosser,@bhutch)
[info]
[grails-database-admin-console] Grails Admin Console Panel - Detect (@emadshanab)
[medium]
[graphite-browser] Graphite Browser Login Panel - Detect (@0x_akoko) [info]
[graylog-panel] Graylog Login Panel - Detect (@righettod) [info]
[greenbone-panel] Greenbone Security Assistant Panel - Detect (@pbuff07) [info]
[group-ib-panel] Group-IB Managed XDR Login Panel - Detect (@dhiyaneshdk) [info]
[gryphon-login] Gryphon Panel - Detect (@pdteam) [info]
[gyra-master-admin] GYRA Master Admin Login Panel - Detect (@hardik-solanki) [info]
[h2console-panel] H2 Console Web Login Panel - Detect (@righettod) [info]
[hadoop-exposure] Apache Hadoop Panel - Detect (@pdteam) [info]
[haivision-gateway-panel] Haivision Gateway Login Panel - Detect (@righettod)
[info]
[haivision-media-platform-panel] Haivision Media Platform Login Panel - Detect
(@righettod) [info]
[hangfire-dashboard] Hangfire Dashboard Panel - Detect (@dhiyaneshdk) [info]
[harbor-panel] Harbor Login Panel - Detect (@daffainfo) [info]
[hashicorp-consul-agent] Hashicorp Consul Agent - Detect (@c-sh0) [info]
[hashicorp-consul-webgui] HashiCorp Consul Web UI Login Panel - Detect (@c-sh0)
[info]
[hestia-panel] Hestia Control Panel Login - Detect (@justaacat) [info]
[highmail-admin-panel] HighMail Admin Login Panel - Detect (@ritikchaddha) [info]
[hitron-technologies-detect] Hitron Technologies Router Login Panel - Detect
(@pussycat0x) [info]
[hivemanager-login-panel] HiveManager Login Panel - Detect
(@binaryfigments,@daffainfo) [info]
[hmc-hybris-panel] Hybris Management Console Login Panel - Detect (@dogasantos)
[info]
[home-assistant-panel] Home Assistant Panel (@fabaff,@daffainfo,@lum8rjack) [info]
[homebridge-panel] Homebridge Panel - Detect (@rxerium) [info]
[homematic-panel] Homematic Panel - Detect (@princechaddha) [info]
[homer-panel] Homer Panel - Detect (@rxerium) [info]
[honeywell-web-controller] Honeywell Excel Web Control Login Panel - Detect
(@dhiyaneshdk) [info]
[honeywell-xl-web-controller] Honeywell Excel Web Control Login Panel - Detect
(@dhiyaneshdk) [info]
[horde-login-panel] Horde Login Panel - Detect (@ritikchaddha) [info]
[horde-webmail-login] Horde Webmail Login Panel - Detect (@ritikchaddha) [info]
[hospital-management-panel] Hospital Management System Login Panel - Detect
(@arafatansari) [info]
[hp-ilo-5] Hewlett Packard Integrated Lights Out 5 Login Panel - Detect (@geeknik)
[info]
[hp-service-manager] HP Service Manager Login Panel - Detect (@dhiyaneshdk) [info]
[hp-virtual-connect-manager] HP Virtual Connect Manager Login Panel - Detect
(@dhiyaneshdk) [info]
[hpe-system-management-login] Hewlett Packard Enterprise System Management Login
Panel - Detect (@divya_mudgal) [info]
[httpbin-panel] HTTPBin Login Panel - Detect (@adam crosser) [info]
[huawei-hg532e-panel] Huawei HG532e Router Panel - Detect (@idealphase) [info]
[hybris-administration-console] Hybris Administration Console Login Panel - Detect
(@princechaddha) [info]
[hydra-dashboard] Hydra Router Dashboard - Detect (@tess) [info]
[hypertest-dashboard] HyperTest Common Dashboard - Detect (@dhiyaneshdk) [info]
[i-mscp-panel] Internet Multi Server Control Panel - Detect (@justaacat) [info]
[ibm-openadmin-panel] IBM OpenAdmin Tool - Panel (@dhiyaneshdk) [info]
[ibm-advanced-system-management] IBM Advanced System Management Panel - Detect
(@dhiyaneshdk) [info]
[ibm-dcec-panel] IBM Decision Center Enterprise Console - Panel Detection
(@dhiyaneshdk) [info]
[ibm-decision-server-console] IBM Decision Server Console Panel - Detect
(@dhiyaneshdk) [info]
[ibm-maximo-login] IBM Maximo Login Panel - Detect (@ritikchaddha) [info]
[ibm-mqseries-web-console] IBM MQ Web Console Login Panel - Detect (@righettod)
[info]
[ibm-note-login] IBM iNotes Login Panel - Detect (@dhiyaneshdk) [info]
[ibm-odm-panel] IBM Operational Decision Manager Panel - Detect (@dhiyaneshdk)
[info]
[ibm-security-access-manager] IBM Security Access Manager Login Panel - Detect
(@geeknik) [info]
[ibm-service-assistant] IBM Service Assistant Login Panel - Detect (@dhiyaneshdk)
[info]
[ibm-websphere-admin-panel] IBM WebSphere Application Server Community Edition
Admin Login Panel - Detect (@ritikchaddha) [info]
[ibm-websphere-panel] IBM WebSphere Portal Login Panel - Detect (@pdteam) [info]
[icc-pro-login] ICC PRO Login Panel - Detect (@dhiyaneshdk) [info]
[icewarp-panel-detect] IceWarp Login Panel - Detect (@ritikchaddha) [info]
[icinga-web-login] Icinga Web 2 Login Panel - Detect (@dhiyaneshdk) [info]
[iclock-admin-panel] iClock Automatic Data Master Server Admin Panel - Detect
(@defr0ggy) [info]
[ictprotege-login-panel] ICT Protege WX Login Panel - Detect (@ritikchaddha) [info]
[identity-services-engine] Cisco Identity Services Engine Admin Login Panel -
Detect (@dhiyaneshdk) [info]
[ilch-admin-panel] Ilch CMS Admin Login Panel - Detect (@ritikchaddha) [info]
[ilias-panel] ILIAS Login Panel - Detect (@arafatansari) [info]
[immich-panel] Immich Panel - Detect (@rxerium) [info]
[incapptic-connect-panel] Ivanti Incapptic Connect Panel - Detect (@righettod)
[info]
[influxdb-panel] InfluxDB Admin Interface Panel - Detect (@pikpikcu,@idealphase)
[info]
[intelbras-login] Intelbras Router Login Panel - Detect (@dhiyaneshdk) [info]
[intelbras-panel] Intelbras Router Panel - Detect (@pikpikcu) [info]
[intellian-aptus-panel] Intellian Aptus Web Login Panel - Detect (@princechaddha)
[info]
[intelliflash-login-panel] IntelliFlash Login Panel - Detect (@princechaddha)
[info]
[interactsoftware-panel] Interact Software Panel - Detect (@righettod) [info]
[iomega-emc-shared-nas] Iomega LenovoEMC NAS Login Panel - Detect (@e_schultze_)
[info]
[ipdiva-mediation-panel] IPdiva Mediation Login Panel - Detect (@ritikchaddha)
[info]
[iptime-router] ipTIME Router Login Panel - Detect (@gy741) [info]
[isams-panel] iSAMS Panel - Detect (@righettod) [info]
[issabel-login] Issabel Login Panel - Detect (@pikpikcu) [info]
[istat-panel-detect] Abbott i-STAT Login Panel - Detect (@princechaddha) [info]
[itop-panel] Combodo iTop Login Panel - Detect (@righettod) [info]
[ivanti-connect-secure-panel] Ivanti Connect Secure Panel - Detect (@rxerium)
[info]
[ixbusweb-panel] iXBus Login Panel - Detect (@podalirius) [info]
[ixcache-panel] iXCache Login Panel - Detect (@ffffffff0x) [info]
[jamf-login] Jamf Pro Login Panel - Detect (@dhiyaneshdk) [info]
[jamf-panel] Jamf MDM Login Panel - Detect (@pdteam,@idealphase) [info]
[jamf-setup-assistant] Jamf Pro Setup Assistant Panel - Detect (@ritikchaddha)
[info]
[jaspersoft-panel] TIBCO Jaspersoft Login Panel - Detect (@koti2,@daffainfo) [info]
[jboss-jbpm-admin] JBoss jBPM Administration Console Login Panel - Detect
(@dhiyaneshdk) [info]
[jboss-juddi-panel] JBoss WS JUDDI Console Panel - Detect (@dhiyaneshdk) [info]
[jboss-soa-platform] JBoss SOA Platform Login Panel - Detect (@ritikchaddha) [info]
[jmx-console] JBoss JMX Management Console Login Panel - Detect (@yashanand155)
[info]
[wildfly-panel] WildFly Welcome Page - Tech Detect (@righettod) [info]
[jalios-jcms-panel] Jalios JCMS Login Panel - Detect (@righettod) [info]
[jedox-web-panel] Jedox Web Login Panel - Detect (@team syslifters / christoph
mahrl,@aron molnar,@patrick pirker,@michael wedl) [info]
[jeedom-panel] Jeedom Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[jellyseerr-login-panel] Jellyseerr Login Panel - Detect (@ritikchaddha) [info]
[jenkins-api-panel] Jenkins API Panel - Detect (@righettod) [info]
[jenkins-login] Jenkins Login Detected (@pdteam) [info]
[jfrog-login] JFrog Login Panel - Detect (@dhiyaneshdk) [info]
[joget-panel] Joget Panel - Detect (@podalirius) [info]
[joomla-panel] Joomla! Panel (@its0x08) [info]
[jorani-panel] Jorani Login Panel - Detect (@dhiyaneshdk) [info]
[jsherp-boot-panel] JshERP Boot Panel - Detect (@dhiyaneshdk) [info]
[jumpserver-panel] JumpServer Login Panel - Detect (@lu4nx) [info]
[juniper-panel] Juniper J-Web Panel - Detect (@bhutch) [info]
[jupyter-notebook] Jupyter Notebook Login Panel - Detect (@hakimkt,@arafatansari)
[info]
[kafka-center-login] Apache Kafka Control Center Login Panel - Detect
(@dhiyaneshdk) [info]
[kafka-connect-ui] Apache Kafka Connect UI Login Panel - Detect (@pdteam) [info]
[kafka-consumer-monitor] Apache Kafka Consumer Offset Monitor Panel - Detect
(@dhiyaneshdk) [info]
[kafka-monitoring] Apache Kafka Monitor Login Panel - Detect (@pdteam) [info]
[kafka-topics-ui] Apache Kafka Topics Panel - Detect (@pdteam,@righettod) [info]
[kanboard-login] Kanboard Login Panel - Detect (@dhiyaneshdk) [info]
[kasm-login-panel] Kasm Login Panel - Detect (@lum8rjack) [info]
[kavita-panel-detect] Kavita Login Panel - Detect (@ritikchaddha) [info]
[keenetic-web-login] Keenetic Web Login Panel - Detect (@dhiyaneshdk) [info]
[kenesto-login] Kenesto - Login Detect (@pussycat0x) [info]
[kentico-login] Kentico Login Panel - Detect (@d4vy) [info]
[kerio-connect-client] Kerio Connect Login Panel - Detect (@dhiyaneshdk) [info]
[kettle-panel] Kettle Panel - Detect (@for3stco1d) [info]
[keycloak-admin-panel] Keycloak Admin Login Panel - Detect
(@incogbyte,@righettod,@daffainfo) [info]
[kaes-file-manager] Kae's File Manager Login Panel - Detect (@princechaddha) [info]
[kfm-login-panel] Kae's File Manager Admin Login Panel - Detect (@princechaddha)
[info]
[kibana-panel] Kibana Login Panel - Detect (@petruknisme,@daffainfo,@c-sh0) [info]
[kiteworks-pcn-panel] Kiteworks PCN Panel - Detect (@righettod) [info]
[kiwitcms-login] Kiwi TCMS Login Panel - Detect (@pdteam) [info]
[kkfileview-panel] kkFileView Panel - Detect (@arafatansari) [info]
[klr300n-panel] KLR 300N Router Panel - Detect (@andreluna) [info]
[kedacom-network-panel] Kedacom Network Keyboard Console Panel - Detect
(@dhiyaneshdk) [info]
[koel-panel] Koel Panel - Detect (@rxerium) [info]
[konga-panel] Konga Panel - Detect (@princechaddha) [info]
[kopano-webapp-panel] Kopano WebApp Login Panel - Detect (@righettod) [info]
[kraken-cluster-monitoring] Kraken Cluster Monitoring Dashboard - Detect
(@pussycat0x) [info]
[kronos-workforce-central] Kronos Workforce Central Login Panel - Detect
(@emadshanab) [info]
[kubernetes-dashboard] Kubernetes Dashboard Panel - Detect (@pdteam) [info]
[kubernetes-enterprise-manager] Kubernetes Enterprise Manager Panel - Detect
(@pussycat0x) [info]
[kubernetes-mirantis] Mirantis Kubernetes Engine Panel - Detect (@pussycat0x)
[info]
[kubernetes-web-view] Kubernetes Local Cluster Web View Panel- Detect (@tess)
[medium]
[kubeview-dashboard] KubeView Dashboard - Detect (@ja1sh) [info]
[labkey-server-login] LabKey Server Login Panel - Detect (@tess) [info]
[labtech-panel] LabTech Web Portal Login Panel - Detect (@defr0ggy) [info]
[lacie-panel] LaCie Login Panel - Detect (@dhiyaneshdk) [info]
[lancom-router-panel] Lancom Router Login Panel - Detect (@__fazal,@daffainfo)
[info]
[landrayoa-panel] Landray Login Panel - Detect (@yanyun) [info]
[lansweeper-login] Lansweeper Login Panel - Detect (@divya_mudgal) [info]
[lantronix-webmanager-panel] Lantronix Web Manager Login Panel- Detect
(@princechaddha) [info]
[laravel-filemanager] Laravel File Manager - Panel Detect (@princechaddha) [info]
[ldap-account-manager-panel] LDAP Account Manager Login Panel - Detect
(@dhiyaneshdk) [info]
[lenovo-fp-panel] Lenovo Fan Power Controller Login Panel - Detect (@megamansec)
[info]
[lenovo-thinkserver-panel] Lenovo ThinkServer System Manager Login Panel - Detect
(@princechaddha) [info]
[leostream-panel] Leostream Login Panel - Detect (@praetorian-thendrickson) [info]
[librenms-login] LibreNMS Login Panel - Detect (@pikpikcu) [info]
[librephotos-panel] LibrePhotos Panel - Detect (@ritikchaddha) [info]
[librespeed-panel] LibreSpeed Panel - Detect (@ritikchaddha) [info]
[liferay-portal] Liferay Login Panel - Detect
(@organiccrap,@dwisiswant0,@ricardomaia) [info]
[linkerd-panel] Linkerd Panel - Detect (@tess) [info]
[linksys-wifi-login] Linksys Smart Wi-Fi Login Panel - Detect (@pussycat0x) [info]
[linshare-panel] LinShare Login Panel - Detect (@righettod) [info]
[livehelperchat-admin-panel] Live Helper Chat Admin Login Panel - Detect
(@ritikchaddha) [info]
[livezilla-login-panel] LiveZilla Login Panel - Detect (@__fazal) [info]
[locklizard-webviewer-panel] Locklizard Web Viewer Login Panel - Detect
(@righettod) [info]
[lockself-panel] LockSelf Login Panel - Detect (@righettod) [info]
[logitech-harmony-portal] Logitech Harmony Pro Installer Portal Login Panel -
Detect (@ritikchaddha) [info]
[lomnido-panel] Lomnido Panel - Detect (@righettod) [info]
[looker-panel] Looker Login Panel - Detect (@ritikchaddha,@daffainfo) [info]
[loxone-panel] Loxone Intercom Video Panel - Detect (@theabhinavgaur) [info]
[lucee-login] Lucee Web and Lucee Server Admin Login Panel - Detect
(@dhiyaneshdk,@unp4ck) [info]
[luci-login-detection] LuCi Login Panel - Detect (@aashiq) [info]
[mach-proweb-login] MACH-ProWeb Login Panel - Detect (@jaskaran) [info]
[machform-admin-panel] MachForm Admin Panel - Detect (@ritikchaddha) [info]
[maestro-login-panel] Maestro LuCI Login Panel - Detect (@tess) [info]
[mag-dashboard-panel] MAG Dashboard Login Panel - Detect (@theamanrawat) [info]
[magento-admin-panel] Magento Admin Login Panel - Detect
(@techbrunchfr,@ritikchaddha) [info]
[magento-downloader-panel] Magento Connect Manager Installer - Detect
(@5up3r541y4n) [info]
[magnolia-panel] Magnolia CMS Login Panel - Detect (@pussycat0x) [info]
[mailhog-panel] MailHog Panel - Detect (@kh4sh3i) [info]
[mailwatch-login] MailWatch Login Panel - Detect (@oppsec) [info]
[maltrail-panel] Maltrail Panel - Detect (@ritikchaddha) [info]
[mantisbt-panel] MantisBT Login Panel - Detect (@makyotox,@daffainfo) [info]
[matomo-panel] Matomo Panel - Detect (@arr0way,@userdehghani) [info]
[mautic-crm-panel] Mautic CRM Login Panel - Detect (@cyllective,@daffainfo) [info]
[memos-panel] Memos Panel - Detect (@rxerium) [info]
[meshcentral-login] MeshCentral Login Panel - Detect (@dhiyaneshdk) [info]
[metabase-panel] Metabase Login Panel - Detect (@revblock,@daffainfo) [info]
[metasploit-panel] Metasploit Panel - Detect (@lu4nx) [info]
[metasploit-setup-page] Metasploit Setup and Configuration Page - Detect
(@ritikchaddha) [info]
[metersphere-login] MeterSphere Login Panel - Detect (@pdteam) [info]
[mfiles-web-detect] M-Files Web Login Panel - Detect (@nodauf) [info]
[microfocus-admin-server] Micro Focus Enterprise Server Admin Panel - Detect
(@theabhinavgaur,@righettod) [info]
[microfocus-filr-panel] Micro Focus Filr Login Panel - Detect
(@ritikchaddha,@righettod) [info]
[microfocus-lifecycle-panel] Micro Focus Application Lifecycle Management - Panel
(@righettod) [info]
[microfocus-vibe-panel] Micro Focus Vibe Login Panel - Detect
(@ritikchaddha,@righettod) [info]
[microsoft-exchange-panel] Microsoft Exchange Admin Center Login Panel - Detect
(@r3dg33k) [info]
[mikrotik-routeros-old] MikroTik RouterOS Admin Login Panel - Detect
(@its0x08,@dhiyaneshdk) [info]
[mikrotik-routeros] MikroTik Router OS Login Panel - Detect (@gy741) [info]
[mini-start-page] Miniweb Start Page Login Panel - Detect (@dhiyaneshdk) [info]
[minio-browser] MinIO Browser Login Panel - Detect (@pikpikcu) [info]
[minio-console] MinIO Console Login Panel - Detect (@pussycat0x) [info]
[misp-panel] MISP Threat Intelligence Sharing Platform Panel - Detect (@johnk3r)
[info]
[mitel-micollab-panel] Mitel MiCollab Login Panel - Detect (@righettod) [info]
[mitel-panel-detect] Mitel Login Panel - Detect (@ritikchaddha) [info]
[mitric-checker-panel] Mitric Checker Login Panel - Detect (@righettod) [info]
[mobile-management-panel] Mobile Management Platform Panel - Detect (@ritikchaddha)
[info]
[mobileiron-login] MobileIron Login Panel - Detect (@dhiyaneshdk,@dwisiswant0)
[info]
[mobileiron-sentry] MobileIron Sentry Panel - Detect (@pdteam) [info]
[modoboa-panel] Modoboa Login Panel - Detect (@kh4sh3i) [info]
[mongodb-ops-manager] MongoDB Ops Manager Login Panel - Detect (@dhiyaneshdk)
[info]
[monitorix-exposure] Monitorix Panel - Detect (@geeknik) [info]
[monitorr-panel] Monitorr Panel - Detect (@ritikchaddha) [info]
[monstra-admin-panel] Monstra Admin Panel - Detect (@ritikchaddha) [info]
[moodle-workplace-panel] Moodle Workplace Login Panel - Detect (@righettod) [info]
[movable-type-login] Movable Type Pro Login Panel - Detect (@dhiyaneshdk) [info]
[mpftvc-admin-panel] MPFTVC Admin Login Panel - Detect (@hardik-solanki) [info]
[mpsec-isg1000-panel] MPSec ISG1000 Security Gateway Panel - Detect (@dhiyaneshdk)
[info]
[ms-adcs-detect] Microsoft Active Directory Certificate Services Panel - Detect
(@divya_mudgal) [info]
[ms-exchange-web-service] Microsoft Exchange Web Service - Detect
(@bhutch,@userdehghani) [info]
[mspcontrol-login] MSPControl Login Panel - Detect (@idealphase) [info]
[mybb-forum-detect] MyBB Login Panel - Detect (@ritikchaddha) [info]
[mybb-forum-install] MyBB Installation Panel - Detect (@ritikchaddha) [high]
[mylittleadmin-panel] myLittleAdmin Login Panel - Detect (@nullfuzz) [info]
[mylittlebackup-panel] myLittleBackup Panel - Detect (@nullfuzz) [info]
[mystrom-panel] MyStrom Panel - Detect (@fabaff) [info]
[n8n-panel] n8n Panel - Detect (@userdehghani) [info]
[nagios-panel] Nagios Login Panel - Detect (@ritikchaddha) [info]
[nagios-xi-panel] Nagios XI Login Panel - Detect (@ritikchaddha) [info]
[nagvis-panel] NagVis Login Panel - Detect (@ritikchaddha) [info]
[navicat-server-panel] Navicat On-Prem Server Panel - Detect (@ritikchaddha) [info]
[ncentral-panel] N-central Login Panel - Detect (@theabhinavgaur) [info]
[nconf-panel] NConf Login Panel - Detect (@ritikchaddha) [info]
[neo4j-browser] Neo4j Browser - Detect (@dhiyaneshdk) [info]
[neobox-panel] Neobox Web Server Login Panel - Detect (@pikpikcu) [info]
[neocase-hrportal-panel] Neocase HR Portal Login Panel - Detect (@righettod) [info]
[neos-panel] Neos CMS Login Panel - Detect (@k11h-de) [info]
[nessus-panel] Tenable Nessus Panel - Detect (@joanbono,@tess) [info]
[netdata-dashboard-detect] Netdata Dashboard Panel - Detect (@pussycat0x) [info]
[netdata-panel] Netdata Panel - Detect (@techbrunchfr) [info]
[netflix-conductor-ui] Netflix Conductor UI Panel - Detect (@c-sh0) [info]
[netgear-version-detect] NETGEAR Router Panel - Detect (@dwisiswant0) [info]
[netis-router] Netis Router Login Panel - Detect (@gy741) [info]
[netlify-cms] Netlify CMS Admin Login Panel - Detect (@sullo) [info]
[netris-dashboard-panel] Netris Dashboard Panel - Detect (@theamanrawat) [info]
[netscaler-aaa-login] NetScaler AAA Login Panel - Detect (@dhiyaneshdk,@righettod)
[info]
[netscaler-gateway] Netscaler Gateway (@joeldeleep) [info]
[netsparker-panel] Netsparker Login Panel - Detect (@pussycat0x) [info]
[netsus-server-login] NetSUS Server Login Panel - Detect (@dhiyaneshdk) [info]
[nexus-panel] Nexus Login Panel - Detect (@righettod) [info]
[nginx-admin-panel] Nginx Admin Manager Login Panel - Detect (@ritikchaddha) [info]
[nginx-proxy-manager] Nginx Proxy Manager Login Panel - Detect (@dhiyaneshdk)
[info]
[nginx-ui-dashboard] Nginx UI Panel - Detect (@gy741) [info]
[ni-web-based-panel] NI Web-based Configuration & Monitoring - Panel (@dhiyaneshdk)
[info]
[nocodb-panel] NocoDB Panel - Detect (@userdehghani) [info]
[noescape-login] NoEscape Login Panel - Detect (@dhiyaneshdk) [info]
[nordex-wind-farm-portal] Nordex Control Wind Farm Portal Login Panel - Detect
(@geeknik) [info]
[normhost-backup-server-manager] Normhost Backup Server Manager Panel - Detect
(@pussycat0x) [info]
[novnc-login-panel] noVNC Login Panel - Detect (@tess) [info]
[nozomi-panel] Nozomi Guardian Login Panel - Detect (@robotshell) [info]
[np-data-cache] NP Data Cache Panel - Detect (@tess) [info]
[nport-web-console] NPort Web Console Login Panel - Detect (@prajiteshsingh) [info]
[nsq-admin-panel] NSQ Admin Panel - Detect (@random-robbie) [medium]
[nutanix-web-console-login] Nutanix Web Console Login Panel - Detect (@gy741)
[info]
[nuxeo-platform-panel] Nuxeo Platform Login Panel - Detect (@kishore-hariram)
[info]
[nzbget-panel] NZBGet Login Panel - Detect (@dhiyaneshdk) [info]
[o2-easy-panel] O2 Router Setup Panel - Detect (@ritikchaddha) [info]
[ocomon-panel] OcoMon Login Panel - Detect (@dogasantos) [info]
[ocs-inventory-login] OCS Inventory Login Panel - Detect (@pikpikcu,@ritikchaddha)
[info]
[octoprint-panel] OctoPrint Login Panel - Detect (@affix) [info]
[odoo-database-manager] Odoo - Database Manager Discovery (@__fazal,@r3dg33k) [low]
[odoo-panel] Odoo - Panel Detect (@dhiyaneshdk,@righettod) [info]
[office-webapps-panel] Office Web Apps Server Panel - Detect (@dhiyaneshdk) [info]
[officekeeper-admin-login] OfficeKeeper Admin Login Panel - Detect (@gy741) [info]
[oipm-detect] One Identity Password Manager Detection (@nodauf) [info]
[oki-data-corporation] OKI Data Panel - Detect (@dhiyaneshdk) [info]
[okiko-sfiler-portal] OKIOK S-Filer Portal Login Panel - Detect (@johnk3r) [info]
[okta-panel] Okta Login Panel - Detect (@pussycat0x) [info]
[ollama-llm-panel] Ollama LLM Panel - Detect (@pbuff07) [info]
[olt-web-interface] OLT Web Management Interface Login Panel - Detect
(@dhiyaneshdk) [info]
[omniampx-panel] Omnia MPX Node Login Panel - Detect (@arafatansari) [info]
[onlyoffice-login-panel] ONLYOFFICE Login Panel - Detect (@eremit4) [info]
[open-game-panel] Open Game Panel Login Panel - Detect (@dhiyaneshdk) [info]
[open-stack-dashboard-login] OpenStack Dashboard Login Panel - Detect
(@dhiyaneshdk,@hackergautam) [info]
[open-virtualization-manager-panel] Open Virtualization Userportal & Webadmin Panel
Detection (@idealphase) [info]
[openam-panel] OpenAM Login Panel - Detect (@philippedelteil) [info]
[openbmcs-detect] OpenBMCS Login Panel - Detect (@ffffffff0x) [info]
[openbullet2-panel] OpenBullet 2 - Panel (@mastercho) [info]
[opencart-panel] OpenCart Login Panel - Detect (@ricardomaia) [info]
[opencast-panel] Opencast Admin Panel Discovery (@cyllective,@daffainfo) [info]
[opencats-panel] OpenCATS Login Panel - Detect (@arafatansari) [info]
[opencpu-panel] OpenCPU Panel - Detect (@wa1tf0rme) [info]
[openemr-detect] OpenEMR Product Registration Panel - Detect (@pussycat0x) [info]
[openerp-database] Odoo OpenERP Database Selector Panel - Detect (@impramodsargar)
[info]
[openfire-admin-panel] Openfire Admin Console Login Panel - Detect (@theamanrawat)
[info]
[opengear-panel] Opengear Management Console Login Panel - Detect
(@ffffffff0x,@daffainfo) [info]
[opennebula-panel] OpenNebula Login Panel - Detect (@kh4sh3i) [info]
[opennms-web-console] OpenNMS Web Console Login Panel - Detect (@dhiyaneshdk)
[info]
[opensis-detect] OpenSIS Login Panel - Detect (@pikpikcu) [info]
[opentouch-multimediaservices-panel] OpenTouch Multimedia Services - Detect
(@righettod) [info]
[openvas-panel] OpenVas Login Panel - Detect (@rxerium) [info]
[openvpn-admin] OpenVPN Admin Login Panel - Detect (@ritikchaddha) [info]
[openvpn-connect] OpenVPN Connect Panel - Detect (@ritikchaddha) [info]
[openvpn-monitor] OpenVPN Monitor - Detect (@geeknik) [info]
[openvpn-router-management] OpenVPN Server Router Management Panel - Detect
(@ritikchaddha) [info]
[openvz-web-login] OpenVZ Web Panel Login Panel - Detect (@nullfuzz) [info]
[openwebui-panel] Openweb UI Panel - Detect (@rxerium) [info]
[openwrt-login] Opentwrt Login / Configuration Interface
(@for3stco1d,@techbrunchfr) [info]
[openwrt-luci-panel] Opentwrt luCI - Admin Login Page (@for3stco1d) [info]
[openx-panel] OpenX/Revive Adserver Login Panel - Detect (@pikpikcu,@righettod)
[info]
[opinio-panel] Opinio Login Panel - Detect (@righettod) [info]
[oracle-access-management] Oracle Access Management Login Panel - Detect
(@righettod) [info]
[oracle-business-control] Oracle Commerce Business Control Center Login Panel -
Detect (@dhiyaneshdk,@righettod) [info]
[oracle-business-intelligence] Oracle Business Intelligence Login Panel - Detect
(@dhiyaneshdk,@righettod) [info]
[oracle-containers-panel] Oracle Containers for J2EE 10g Panel - Detect
(@dogasantos) [info]
[oracle-ebusiness-panel] Oracle E-Business Suite Login Panel - Detect (@righettod)
[info]
[oracle-enterprise-manager-login] Oracle Enterprise Manager Login Panel - Detect
(@dogasantos) [info]
[oracle-integrated-manager] Oracle Integrated Lights Out Manager Login Panel -
Detect (@dhiyaneshdk) [info]
[oracle-opera-login] Oracle Opera Login - Detect (@dhiyaneshdk,@righettod) [info]
[oracle-people-enterprise] Oracle PeopleSoft Enterprise Login Panel - Detect
(@dhiyaneshdk) [info]
[oracle-people-sign-in] Oracle PeopleSoft Login Panel - Detect (@idealphase) [info]
[oracle-peoplesoft-panel] Oracle PeopleSoft Login Panel - Detect
(@idealphase,@righettod) [info]
[orchid-vms-panel] Orchid Core VMS Panel - Detect (@princechaddha) [info]
[osnexus-panel] OSNEXUS QuantaStor Manager Panel - Detect (@charles d.) [info]
[osticket-panel] osTicket Login Panel - Detect (@ritikchaddha) [info]
[osticket-install] osTicket Installer Panel - Detect (@ritikchaddha) [critical]
[otobo-panel] OTOBO Login Panel - Detect (@princechaddha) [info]
[ourmgmt3-panel] OurMGMT3 Admin Login Panel - Detect (@ritikchaddha) [info]
[outsystems-servicecenter-panel] OutSystems Service Center Login Panel - Detect
(@righettod) [info]
[overseerr-panel] Overseerr Panel - Detect (@rxerium) [info]
[gxd5-pacs-connexion-utilisateur] GXD5 Pacs Connexion Login Panel - Detect
(@dhiyaneshdk) [info]
[pagespeed-global-admin] Pagespeed Global Admin - Detect (@geeknik) [info]
[pahtool-panel] PAHTool Login Panel - Detect (@righettod) [info]
[pair-drop-panel] Pair Drop Panel - Detect (@rxerium) [info]
[panabit-panel] Panabit Login Panel - Detect (@ffffffff0x) [info]
[pandora-fms-console] Pandora FMS Mobile Console Login Panel - Detect
(@dhiyaneshdk) [info]
[papercut-login-panel] PaperCut Panel - Detect (@ritikchaddha) [info]
[parallels-html-client] Parallels HTML5 Client Login Panel - Detect (@pdteam)
[info]
[parallels-hsphere-detect] Parallels H-Sphere Login Panel - Detect (@ritikchaddha)
[info]
[parse-dashboard] Parse Dashboard Login Panel - Detect (@tess) [info]
[passbolt-panel] Passbolt Login Panel (@righettod) [info]
[payroll-management-system-panel] Payroll Management System Web Login Panel -
Detect (@idealphase) [info]
[pdi-device-page] PDI Intellifuel - Device Page (@dhiyaneshdk) [low]
[pega-web-panel] Pega Infinity Login Panel - Detect (@powerexploit,@righettod)
[info]
[pentaho-panel] Pentaho User Console Login Panel - Detect
(@princechaddha,@dhiyaneshdk) [info]
[persis-panel] Persis Panel - Detect (@righettod) [info]
[pfsense-login] pfSense Login Panel - Detect (@idealphase) [info]
[pgadmin-exposure] PostgreSQL pgAdmin Dashboard Panel - Detect (@princechaddha)
[info]
[phabricator-login] Phabricator Login Panel - Detect (@dhiyaneshdk) [info]
[phoronix-panel] Phoronix Test Suite Panel - Detect (@pikpikcu) [info]
[php-mailer] PHPMailer Panel - Detect (@ritikchaddha) [info]
[phpcollab-panel] phpCollab Login Panel - Detect (@pikpikcu) [info]
[phpldapadmin-panel] PHP LDAP Admin Panel - Detect (@ritikchaddha,@dhiyaneshdk)
[info]
[phpminiadmin-panel] phpMiniAdmin Login Panel - Detect (@nullfuzz) [info]
[phpmyadmin-panel] phpMyAdmin Panel - Detect (@pdteam,@righettod) [info]
[phppgadmin-panel] phpPgAdmin Login Panel - Detect (@ganofins,@nullfuzz) [info]
[pichome-panel] Pichome Login Panel - Detect (@ritikchaddha) [info]
[piwigo-panel] Piwigo Login Panel - Detect (@daffainfo) [info]
[planet-estream-panel] Planet eStream Login Panel - Detect (@arafatansari) [info]
[plastic-scm-login] Unity Plastic SCM Login Panel - Detect (@dhiyaneshdk) [info]
[plausible-panel] Plausible Panel - Detect (@rxerium) [info]
[plesk-obsidian-login] Plesk Obsidian Login Panel - Detect
(@dhiyaneshdk,@daffainfo) [info]
[plesk-onyx-login] Plesk Login Panel - Detect (@dhiyaneshdk,@daffainfo,@righettod)
[info]
[pocketbase-panel] PocketBase Panel - Detect (@userdehghani) [info]
[polycom-admin-detect] Polycom Admin Panel - Detect (@e_schultze_) [info]
[polycom-login] Polycom Login Panel - Detect (@dhiyaneshdk) [info]
[portainer-panel] Portainer Login Panel - Detect (@ritikchaddha) [info]
[posteio-admin-panel] Poste.io Admin Panel - Detect (@ritikchaddha) [info]
[posthog-admin-panel] PostHog Login Panel - Detect (@theabhinavgaur) [info]
[powerchute-network-panel] PowerChute Network Shutdown Panel - Detect
(@dhiyaneshdk) [info]
[powercom-network-manager] PowerCom Network Manager (@pussycat0x) [info]
[powerjob-panel] PowerJob Login Panel - Detect (@pikpikcu) [info]
[powerlogic-ion] PowerLogic ION Panel - Detect (@dhiyaneshdk) [info]
[pritunl-panel] Pritunl - Panel (@irshad ahamed) [info]
[privx-panel] SSH PrivX Login Panel - Detect (@korteke) [info]
[processwire-login] ProcessWire Login - Panel Detect (@ramkrishna sawant) [info]
[project-insight-login] Project Insight Login Panel - Detect (@dhiyaneshdk) [info]
[projectsend-login] ProjectSend Login Panel - Detect (@idealphase) [info]
[prometheus-exposed-panel] Prometheus Panel - Detect (@organiccrap,@jfbes) [info]
[prometheus-pushgateway-exposed-panel] Prometheus Pushgateway Panel - Detect
(@codexlynx) [info]
[proofpoint-protection-server-panel] Proofpoint Protection Server Panel - Detect
(@johnk3r) [info]
[proxmox-panel] Proxmox Virtual Environment Login Panel - Detect (@lum8rjack)
[info]
[pulsar-admin-console] Pulsar Admin Console Panel - Detect (@ritikchaddha) [info]
[pulsar-adminui-panel] Pulsar Admin UI Panel - Detect (@ritikchaddha) [info]
[pulsar360-admin-panel] Pulsar360 Admin Panel - Detect (@tess) [info]
[pulse-secure-panel] Pulse Secure VPN Login Panel - Detect (@bsysop) [info]
[pulse-secure-version] Pulse Secure Version (@dadevel) [info]
[puppetboard-panel] Puppetboard Panel - Detect (@c-sh0,@daffainfo) [info]
[pure-storage-login] Pure Storage Login Panel - Detect (@dhiyaneshdk) [info]
[pyload-panel] PyLoad Login - Panel (@dhiyaneshdk) [info]
[pypicloud-panel] PyPICloud Login Panel - Detect (@supras) [info]
[qBittorrent-panel] qBittorrent Web UI Panel - Detect (@ritikchaddha) [info]
[qdpm-login-panel] qdPM Login Panel (@theamanrawat) [info]
[qlik-sense-server] Qlik Sense Server Panel - Detect (@ricardomaia) [info]
[qlikview-accesspoint-panel] QlikView AccessPoint Login Panel - Detect (@righettod)
[info]
[qmail-admin-login] QmailAdmin Login Panel - Detect (@ritikchaddha) [info]
[qnap-photostation-panel] QNAP Photo Station Panel - Detect (@idealphase) [info]
[qnap-qts-panel] QNAP Turbo NAS Login Panel - Detect (@idealphase,@daffainfo)
[info]
[qualcomm-voip-router] Qualcomm 4G LTE WiFi VoIP Router Panel - Detect
(@pussycat0x) [info]
[qualtrics-login] Qualtrics Login Panel - Detect (@tess) [info]
[quantum-scalar-detect] Quantum Scalar i500 Login Panel - Detect (@princechaddha)
[info]
[quilium-panel] Quilium Panel - Detect (@righettod) [info]
[r-webserver-login] R WebServer Login Panel - Detect (@pussycat0x) [info]
[rabbitmq-dashboard] RabbitMQ Management Panel - Detect (@fyoorer) [info]
[racksnet-login] Racksnet Login Panel - Detect (@idealphase) [info]
[radius-manager-login] Radius Manager Admininstration Control Panel Login Panel -
Detect (@dhiyaneshdk) [info]
[rancher-dashboard] Rancher Dashboard Panel - Detect (@ritikchaddha,@righettod)
[info]
[rancher-panel] Rancher Login Panel - Detect
(@princechaddha,@idealphase,@ritikchaddha) [info]
[raspberrymatic-panel] RaspberryMatic Login Panel - Detect (@princechaddha) [info]
[rcdevs-webadm-panel] RCDevs WebADM Panel - Detect (@righettod) [info]
[rdweb-panel] RD Web Access Panel - Detect (@rxerium,@sorrowx3) [info]
[red-lion-panel] Red Lion Control Panel - Detect (@ritikchaddha) [info]
[redash-panel] Redash Login Panel - Detect (@princechaddha) [info]
[redhat-satellite-panel] Red Hat Satellite Panel - Detect (@princechaddha) [info]
[redis-commander-exposure] Redis Commander Panel - Detect (@dahse89) [info]
[redis-enterprise-panel] Redis Enterprise - Detect (@tess) [info]
[redmine-panel] Redmine Login Panel - Detect (@righettod) [info]
[regify-panel] Regify Login Panel - Detect (@righettod) [info]
[remedy-axis-login] Remedy Axis Login Panel - Detect (@tess) [info]
[remkon-manager-panel] RemKon Device Manager Login Panel - Detect
(@pikpikcu,@daffainfo) [info]
[remote-ui-login] Canon Remote UI Login Panel - Detect (@dhiyaneshdk) [info]
[repetier-server-panel] Repetier Server Panel - Detect (@ritikchaddha) [info]
[reportico-admin-panel] Reportico Administration Page - Detect (@geeknik) [info]
[residential-gateway-login] Residential Gateway Login Panel - Detect (@idealphase)
[info]
[retool-login] Retool Login Panel - Detect (@dhiyaneshdk) [info]
[riseup-panel] Rise Up Login Panel - Detect (@righettod) [info]
[rocketchat-panel] RocketChat Login Panel - Detect (@righettod) [info]
[rocketmq-console-exposure] Apache RocketMQ Console Panel - Detect (@pdteam) [info]
[room-alert-detect] AVTECH Room Alert Login Panel - Detect (@gy741) [info]
[roxy-fileman] Roxy File Manager - Panel Detect (@liquidsec,@dhiyaneshdk) [info]
[royalevent-management-panel] Royal Event Management System Admin Panel - Detect
(@ritikchaddha) [info]
[rsa-self-service] RSA Self-Service Login Panel - Detect (@pr3r00t) [info]
[rstudio-detect] RStudio Panel - Detect (@philippedelteil) [info]
[rtm-web-panel] RTM WEB - Panel (@dhiyaneshdk) [info]
[ruckus-unleashed-panel] Ruckus Wireless Unleashed Login Panel - Detect
(@idealphase) [info]
[ruckus-wireless-admin-login] Ruckus Wireless Admin Login Panel - Detect
(@pussycat0x) [info]
[rg-uac-panel] Ruijie RG-UAC Login Panel - Detect (@princechaddha) [info]
[rundeck-login] Rundeck Login Panel - Detect (@dhiyaneshdk,@daffainfo) [info]
[rustici-content-controller] Rustici Content Controller Panel - Detect
(@dhiyaneshdk) [info]
[safenet-authentication-panel] SafeNet Authentication Login Panel - Detect
(@righettod) [info]
[saferoads-vms-login] Saferoads VMS Login Panel - Detect (@dhiyaneshdk) [info]
[sage-panel] Sage X3 Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[saltgui-panel] SaltGUI Login Panel - Detect (@ritikchaddha) [info]
[saltstack-config-panel] SaltStack Config Panel - Detect (@pussycat0x) [info]
[samba-swat-panel] Samba SWAT Panel - Detect (@pr3r00t) [info]
[samsung-printer-detect] Samsung Printer Panel - Detect (@pussycat0x) [info]
[sap-cloud-analytics] SAP Analytics Cloud Panel - Detect (@righettod) [info]
[sap-hana-xsengine-panel] SAP HANA XS Engine Admin Login Panel - Detect (@pr3r00t)
[info]
[sap-netweaver-portal] SAP NetWeaver Portal - Detect (@organiccrap) [info]
[sap-successfactors-detect] SAP SuccessFactors Login Panel - Detect (@tess) [info]
[sapfiori-panel] SAP Fiori Login Panel - Detect (@righettod) [info]
[sas-login-panel] SAS Login Panel - Detect (@ritikchaddha) [info]
[satis-repository] Satis Composer Repository - Detect (@florianmaak) [info]
[sauter-login] Sauter moduWeb Login Panel - Detect (@dhiyaneshdk) [info]
[sauter-moduwebvision-panel] SAUTER moduWeb Vision Panel - Detect (@righettod)
[info]
[scribble-diffusion-panel] Scribble Diffusion Panel - Detect (@rxerium) [info]
[scriptcase-panel] ScriptCase Panel Detect (@ricardo maia (brainfork)) [info]
[scriptcase-prod-login] ScriptCase Production Environment Login (@ricardo maia
(brainfork)) [info]
[scs-landfill-control] SCS Remote Monitoring and Control Login Panel - Detect
(@geeknik) [info]
[seafile-panel] Seafile Panel - Detect (@techbrunchfr,@righettod) [info]
[seagate-nas-login] Seagate NAS Login - Detect (@justaacat) [info]
[seats-login] Seats Login Panel - Detect (@dhiyaneshdk) [info]
[secmail-detect] SecMail Login Panel - Detect (@johnk3r) [info]
[secnet-ac-panel] SecNet Login Panel - Detect (@ritikchaddha) [info]
[secure-login-panel] Secure Login Service Login Panel - Detect (@dhiyaneshdk)
[info]
[securenvoy-panel] SecurEnvoy Login Panel - Detect (@0xrod,@righettod) [info]
[securepoint-utm] Securepoint UTM Admin Panel - Detect (@pussycat0x) [info]
[security-onion-panel] Security Onion Panel - Detect (@rxerium) [info]
[securityspy-detect] SecuritySpy Camera Panel - Detect (@pussycat0x) [info]
[seeddms-panel] SeedDMS Login Panel - Detect (@pussycat0x,@daffainfo) [info]
[selenium-grid] Selenium Grid Panel - Detect (@pussycat0x) [info]
[selenoid-ui-exposure] Selenoid UI Login Panel - Detect (@pdteam) [info]
[selfcheck-panel] SelfCheck System Manager - Panel (@dhiyaneshdk) [info]
[sensu-panel] Sensu by Sumo Logic Login Panel - Detect (@ja1sh) [info]
[sentinelone-console] SentinelOne Management Console Login Panel - Detect
(@dhiyaneshdk) [info]
[sentry-panel] Sentry Login Panel (@righettod) [info]
[sequoiadb-login] SequoiaDB Login Panel - Detect (@dhiyaneshdk) [info]
[server-backup-login] Server Backup Manager SE Login Panel - Detect
(@dhiyaneshdk,@pathtaga) [info]
[server-backup-manager-se] Server Backup Manager SE Panel - Detect (@dhiyaneshdk)
[info]
[servicedesk-login-panel] Jira Service Desk Login Panel - Detect (@aashiq) [info]
[servicenow-panel] ServiceNow Login Panel - Detect (@righettod) [info]
[sevone-nms-network-manager] SevOne NMS Network Manager (@pussycat0x) [info]
[sgp-login-panel] SGP Login Panel - Detect (@dhiyaneshdk) [info]
[shardingsphere-panel] ShardingSphere ElasticJob UI Panel (@dhiyaneshdk) [info]
[sharecenter-login] ShareCenter Login Panel - Detect (@dhiyaneshdk) [info]
[sharefile-panel] Sharefile Login - Panel (@irshad ahamed) [info]
[shell-box] Shell In A Box - Detect (@irshad ahamed) [info]
[shoutcast-server] SHOUTcast Server Panel - Detect (@dhiyaneshdk) [info]
[sicom-mgrng-login] Sicom MGRNG - Administrative Login Found (@sullo) [info]
[sidekiq-dashboard] Sidekiq Dashboard Panel - Detect (@dhiyaneshdk,@amirmsafari)
[medium]
[signet-explorer-dashboard] Signet Explorer Dashboard - Detect (@ritikchaddha)
[info]
[sitecore-login-panel] Sitecore Admin Login Panel - Detect (@b4uh0lz) [info]
[sitecore-login] Sitecore Login Panel - Detect (@dhiyaneshdk) [info]
[sitefinity-login] Sitefinity Login (@dhiyaneshdk) [info]
[siteomat-loader] Orpak SiteOmat Login Panel - Detect (@dhiyaneshdk) [info]
[skeepers-panel] Skeepers Login Panel - Detect (@righettod) [info]
[skycaiji-admin-panel] SkyCaiji Admin Panel - Detect (@princechaddha) [info]
[slocum-login] Slocum Fleet Mission Control Login Panel - Detect (@pussycat0x)
[info]
[smartping-dashboard] SmartPing Dashboard Panel - Detect (@dhiyaneshdk) [info]
[snapcomms-panel] SnapComms Content Manager Panel - Detect (@righettod) [info]
[softether-vpn-panel] SoftEther VPN Panel - Detect (@bhutch) [info]
[solarview-compact-panel] SolarView Compact Panel - Detect (@princechaddha) [info]
[solarwinds-arm-panel] SolarWinds ARM (Access Rights Manager) - Detect (@bhutch)
[info]
[solarwinds-orion] SolarWinds Orion Login Panel - Detect (@puzzlepeaches) [info]
[solarwinds-servuftp-detect] SolarWinds Serv-U File Server Panel - Detect
(@johnk3r) [info]
[solr-panel-exposure] Apache Solr Admin Panel - Detect (@pdteam) [info]
[somansa-dlp-detect] Somansa DLP Login Panel - Detect (@gy741,@ritikchaddha) [info]
[somfy-login] Somfy Login Panel - Detect (@dhiyaneshdk) [info]
[sonarqube-login] SonarQube Panel - Detect (@dhiyaneshdk) [info]
[sonic-wall-application] SonicWall Appliance Management Console Login Panel -
Detect (@dhiyaneshdk,@tess) [info]
[sonicwall-security-login] SonicWall Network Security Login - Detect (@justaacat)
[info]
[sonicwall-analyzer-login] SonicWall Analyzer Login Panel - Detect (@dhiyaneshdk)
[info]
[sonicwall-management-panel] SonicWall Management Admin Login Panel - Detect
(@pr3r00t) [info]
[sonicwall-sslvpn-panel] SonicWall Virtual Office SSL VPN Login Panel - Detect
(@pr3r00t,@johnk3r) [info]
[sophos-fw-version-detect] Sophos Firewall Login Panel - Detect
(@organiccrap,@daffainfo) [info]
[sophos-mobile-panel] Sophos Mobile Panel - Detect (@adam crosser,@idealphase)
[info]
[sophos-web-appliance] Sophos Web Appliance (@dhiyaneshdk) [info]
[spacelogic-cbus-panel] SpaceLogic C-Bus Home Panel - Detect (@ritikchaddha) [info]
[spark-panel] Apache Spark Panel - Detect (@righettod) [info]
[speedtest-panel] Speedtest Panel - Detection (@rxerium) [info]
[sphider-login] Sphider Admin Login Panel - Detect (@dhiyaneshdk) [info]
[sphinxonline-panel] SphinxOnline Panel - Detect (@righettod) [info]
[spiderfoot] SpiderFoot Login Panel - Detect (@geeknik) [info]
[splunk-enterprise-panel] Splunk Enterprise Login Panel - Detect (@praetorian-
thendrickson) [info]
[splunk-login] Splunk SOAR Login Panel - Detect (@dhiyaneshdk) [info]
[spotweb-login-panel] SpotWeb Login Panel - Detect (@theamanrawat) [info]
[sql-monitor] SQL Monitor - Discovery (@dhiyaneshdk) [info]
[sqlbuddy-panel] SQL Buddy Login Panel - Detect (@nullfuzz) [info]
[squirrelmail-login] SquirrelMail Login Panel - Detect (@dhiyaneshdk,@ritikchaddha)
[info]
[sqwebmail-login-panel] SqWebMail Login Panel - Detect (@ritikchaddha) [info]
[star-network-utility] Star Micronics Network Utility Panel - Detect
(@ritikchaddha) [info]
[start-element-manager-panel] Start Element Manager Panel - Detect (@princechaddha)
[info]
[steve-login-panel] SteVe Login Panel - Detect (@clem9669) [info]
[storybook-panel] Storybook Panel - Detect (@kh4sh3i) [info]
[strapi-documentation] Strapi CMS Documentation Login Panel - Detect (@idealphase)
[info]
[strapi-panel] Strapi Admin Login Panel - Detect (@idealphase) [info]
[stridercd-panel] Strider CD Panel - Detect (@adam crosser) [info]
[structurizr-panel] Structurizr Panel - Detect (@dhiyaneshdk) [info]
[submitty-login] Submitty Login Panel - Detect (@princechaddha) [info]
[subrion-login] Subrion Admin Panel Login Panel - Detect (@princechaddha) [info]
[sugarcrm-panel] SugarCRM Login Panel - Detect (@johnk3r) [info]
[sunbird-dcim-panel] Sunbird DCIM - Detect (@bhutch) [info]
[sungrow-logger1000-detect] SUNGROW Logger1000 Panel - Detect (@gy741) [info]
[superadmin-ui-panel] SuperAdmin Login Panel - Detect (@hardik-solanki) [info]
[supermicro-bmc-panel] Supermicro BMC Login Panel - Detect (@idealphase) [info]
[superset-login] Apache Superset Login Panel - Detect (@dhiyaneshdk,@righettod)
[info]
[supervpn-detect] SuperVPN Login Panel - Detect (@organiccrap) [info]
[suprema-biostar-panel] Suprema BioStar 2 Panel - Detect (@ritikchaddha) [info]
[syfadis-xperience-panel] Syfadis Xperience Login Panel - Detect (@righettod)
[info]
[symantec-dlp-login] Symantec Data Loss Prevention Login Panel - Detect
(@princechaddha) [info]
[symantec-epm-login] Symantec Endpoint Protection Manager Login Panel - Detect
(@princechaddha) [info]
[symantec-ewep-login] Symantec Encryption Server Login Panel - Detect (@johnk3r)
[info]
[symantec-iam-console] Symantec Identity Manager Management Console
(@therealtoastycat) [info]
[symantec-pgp-global-directory] Symantec PGP Global Directory Panel - Detect
(@princechaddha) [info]
[symantec-phishing-panel] Symantec Phishing Readiness Platform Console (@andreluna)
[info]
[synapse-mobility-panel] Synapse Mobility Login Panel - Detect (@idealphase) [info]
[syncserver-panel] Symmetricom SyncServer Panel - Detect (@dhiyaneshdk) [info]
[syncthru-web-service] SyncThru Web Service Panel - Detect (@dhiyaneshdk) [info]
[synnefo-admin-panel] Synnefo Admin Login Panel - Detect (@impramodsargar) [info]
[synology-rackstation-login] Synology RackStation Login Detect (@princechaddha)
[info]
[synopsys-coverity-panel] Synopsys Coverity Panel (@idealphase) [info]
[sysaid-panel] SysAid Login Panel - Detect (@pdteam) [info]
[tableau-panel] Tableau Python Server Panel - Detect (@pussycat0x) [info]
[tableau-service-manager] Tableau Services Manager Login Panel - Detect
(@dhiyaneshdk) [info]
[tailon-panel] Tailon Panel - Detect (@ritikchaddha) [unknown]
[tautulli-panel] Tautulli Panel - Detect (@rxerium) [info]
[teamcity-login-panel] TeamCity Login Panel - Detect (@princechaddha) [info]
[teamforge-panel] TeamForge Panel - Detection (@lstatro) [info]
[teampass-panel] TeamPass Panel - Detect (@arafatansari) [info]
[tectuus-scada-monitor] Tectuus SCADA Monitor Panel - Detect (@geeknik) [info]
[tekton-dashboard] Tekton Dashboard Panel - Detect (@dhiyaneshdk) [info]
[telerik-server-login] Telerik Report Server Login Panel - Detect (@ritikchaddha)
[info]
[tlr-2005ksh-login] Telesquare TLR-2005KSH Login Panel - Detect (@princechaddha)
[info]
[teltonika-login] Teltonika Login Panel - Detect (@idealphase) [info]
[tembosocial-panel] TemboSocial Admin Panel - Detect (@dhiyaneshdk) [info]
[temenos-t24-login] Temenos Transact Login Panel - Detect (@korteke) [info]
[tenda-11n-wireless-router-panel] Tenda 11n Wireless Router - Admin Panel
(@idealphase) [info]
[tenda-web-master] Tenda Web Master Login Panel - Detect (@dhiyaneshdk) [info]
[teradek-panel] Teradek Cube Administrative Console - Panel (@dhiyaneshdk) [info]
[teradici-pcoip-panel] Teradici PCoIP Zero Client Login Panel - Detect
(@princechaddha) [info]
[terraform-enterprise-panel] Terraform Enterprise Panel - Detect (@adam
crosser,@idealphase) [info]
[terramaster-login] Terramaster Login Panel - Detect (@gy741) [info]
[thinfinity-virtualui-panel] Thinfinity VirtualUI Panel - Detect (@princechaddha)
[info]
[threatq-login] ThreatQ Login Panel - Detect (@idealphase) [info]
[thruk-login] Thruk Monitoring Panel - Detect (@ffffffff0x) [info]
[tibco-spotfire-panel] TIBCO Spotfire Login Panel - Detect (@righettod) [info]
[tigase-xmpp-server] Tigase XMPP Server - Exposure (@dhiyaneshdk) [info]
[tikiwiki-cms] Tiki Wiki CMS Groupware Login Panel - Detect (@chron0x) [info]
[tiny-file-manager] Tiny File Manager Panel - Detect (@dhiyaneshdk,@huta0) [info]
[tiny-rss-panel] Tiny RSS Panel - Detect (@userdehghani) [info]
[tixeo-panel] Tixeo Login Panel - Detect (@righettod) [info]
[tomcat-exposed-docs] Tomcat exposed docs (@podalirius) [info]
[tooljet-panel] ToolJet Login Panel - Detect (@dhiyaneshdk) [info]
[total-web-solutions-panel] Total Web Solutions Panel - Detect (@dhiyaneshdk)
[info]
[totemomail-panel] Totemomail Login Panel - Detect (@johnk3r,@daffainfo) [info]
[tracer-sc-login] Tracer SC Login Panel - Detect (@geeknik) [info]
[traefik-dashboard-detect] Traefik Dashboard Panel - Detect
(@schniggie,@streetofhackerr007) [info]
[trendnet-tew827dru-login] TRENDnet TEW-827DRU Login Panel - Detect
(@princechaddha) [info]
[truenas-panel] TrueNAS Panel - Detect (@rxerium) [info]
[tufin-securetrack-login] Tufin SecureTrack Login Panel - Detect (@idealphase)
[info]
[tup-openframe] T-Up OpenFrame (@dhiyaneshdk) [info]
[turnkey-openvpn] TurnKey OpenVPN Panel - Detect (@ritikchaddha) [info]
[tuxedo-connected-controller] Tuxedo Connected Controller Login Panel - Detect
(@dhiyaneshdk) [info]
[typo3-login] TYPO3 Login Panel - Detect (@dadevel) [info]
[uipath-orchestrator-panel] UiPath Orchestrator Login Panel - Detect (@righettod)
[info]
[umami-panel] Umami Panel - Detect (@userdehghani) [info]
[umbraco-login] Umbraco Login Panel - Detect (@ola456) [info]
[unauth-xproxy-dashboard] X-Proxy Dashboard Panel - Detect (@pussycat0x) [info]
[tautulli-unauth] Tautulli Panel - Unauthenticated Access (@ritikchaddha) [medium]
[unauthenticated-frp] FRPS Dashboard - Detect (@pikpikcu) [info]
[unibox-panel] Unibox Panel - Detect (@theamanrawat) [info]
[unifi-panel] UniFi Network Login Panel - Detect (@techbrunchfr) [info]
[unleash-panel] Unleash Panel - Detect (@userdehghani) [info]
[untangle-admin-login] Untangle Administrator Login Panel - Detect (@irshad ahamed)
[info]
[uptime-kuma-panel] Uptime Kuma - Panel (@irshad ahamed) [info]
[urbackup-panel] UrBackup Panel - Detect (@dhiyaneshdk) [info]
[user-control-panel] User Control Panel - Detect (@dhiyaneshdk) [info]
[v2924-admin-panel] V2924 Admin Login Panel - Detect (@dhiyaneshdk) [info]
[vault-panel] Vault Login Panel - Detect (@dhiyaneshdk) [info]
[veeam-backup-azure-panel] Veeam Backup for Microsoft Azure Panel - Detect
(@dhiyaneshdk) [info]
[veeam-backup-gcp] Veeam Backup for Google Cloud Platform Panel - Detect
(@dhiyaneshdk) [info]
[veeam-panel] Veeam Login Panel - Detect (@dhiyaneshdk) [info]
[veriz0wn-osint] Veriz0wn OSINT - Detect (@pussycat0x) [info]
[verizon-router-panel] Verizon Router Panel - Detect (@theamanrawat) [info]
[versa-director-login] Versa Director Login Panel - Detect (@c-sh0) [info]
[versa-flexvnf-panel] Versa FlexVNF Panel - Detect (@c-sh0) [info]
[versa-sdwan] Versa SD-WAN Login Panel - Detect (@pdteam) [info]
[vertex-tax-panel] Vertex Tax Installer Panel - Detect (@ritikchaddha) [info]
[vidyo-login] Vidyo Admin Login Panel - Detect (@johnk3r) [info]
[vigor-login] Vigor Login Panel - Detect (@dhiyaneshdk) [info]
[vinchin-panel] Vinchin Backup & Recovery Panel - Detect (@pussycat0x) [info]
[virtua-software-panel] Virtua Software Panel - Detect (@princechaddha) [info]
[virtual-ema-detect] Virtual EMS Login Panel - Detect (@iamthefrogy) [info]
[vistaweb-panel] Vista Web Login Panel (@righettod) [info]
[vmware-carbon-black-edr] VMware Carbon Black EDR Panel - Detect (@dhiyaneshdk)
[info]
[vmware-cloud-availability] VMware Cloud Director Availability Login Panel - Detect
(@dhiyaneshdk) [info]
[vmware-cloud-director] VMware Cloud Director Login Panel - Detect (@dhiyaneshdk)
[info]
[vmware-ftp-server] VMware FTP Server Login Panel - Detect (@dhiyaneshdk) [info]
[vmware-hcx-login] VMware HCX Login Panel - Detect (@dhiyaneshdk) [info]
[vmware-horizon-daas] Desktop Portal VMware Horizon DaaS Trade Platform
(@dhiyaneshdk) [info]
[vmware-horizon-panel] VMware Horizon Login Panel - Detect (@dhiyaneshdk,@pdteam)
[info]
[vmware-nsx-login] VMware NSX Login Panel - Detect (@dhiyaneshdk) [info]
[vmware-vcenter-converter-standalone] VMware vCenter Converter Panel - Detect
(@dhiyaneshdk) [info]
[vmware-vcloud-director] VMware vCloud Director Panel - Detect (@dhiyaneshdk)
[info]
[vodafone-voxui-panel] Vodafone Vox UI Login Panel - Detect (@hardik-solanki)
[info]
[voipmonitor-panel] VoIPmonitor Login Panel - Detect (@yanyun) [info]
[vrealize-hyperic-panel] vRealize Hyperic Login Panel - Detect (@charles d) [info]
[vrealize-loginsight-panel] vRealize Log Insight - Panel Detect (@pussycat0x)
[info]
[vue-pacs-panel] Vue PACS - Panel (@righettod) [info]
[wago-plc-panel] WAGO PLC Panel - Detect (@github.com/its0x08) [info]
[wagtail-login] Wagtail Login - Detect (@kishore-hariram) [info]
[wallix-accessmanager-panel] Wallix Access Manager Panel - Detect (@righettod)
[info]
[wampserver-homepage] WampServer Panel - Detect (@dhiyaneshdk) [info]
[watcher-panel] Watcher Panel - Detect (@dhiyaneshdk) [info]
[watchguard-panel] Watchguard Login Panel - Detect (@ahmetpergamum) [info]
[watershed-panel] Watershed Login Panel - Detect (@tess) [info]
[wazuh-panel] Wazuh Login Panel (@cyllective,@daffainfo) [info]
[wd-mycloud-panel] WD My Cloud Panel - Detect (@dhiyaneshdk) [info]
[weatherlink-configuration] WeatherLinkIP Configuration Panel - Detect
(@dhiyaneshdk) [info]
[weave-scope-dashboard] Weave Scope Panel - Detect (@e_schultze_) [info]
[web-file-manager] Web File Manager Login Panel - Detect (@dhiyaneshdk) [info]
[weblocal-craft-login] Web Local Craft Terminal Login Panel - Detect (@dhiyaneshdk)
[info]
[web-viewer-panel] Web Viewer for Samsung DVR - Detect (@justaacat) [info]
[webcomco-panel] WebcomCo - Panel (@dhiyaneshdk) [info]
[webeditors-check-detect] Web Editor Check - Detect
(@princechaddha,@bernardofsr,@gy741) [info]
[weblogic-login] Oracle WebLogic Login Panel - Detect (@bing0o,@meme-lord) [info]
[weblogic-uddiexplorer] Oracle WebLogic UDDI Explorer Panel - Detect (@pdteam)
[info]
[webmin-panel] Webmin Admin Login Panel - Detect (@pr3r00t) [info]
[webmodule-ee-panel] Webmodule Login Panel - Detect (@pussycat0x,@daffainfo) [info]
[webpagetest-panel] WebPageTest Login Panel - Detect (@pdteam) [info]
[webroot-login] Webroot Login Panel - Detect (@dhiyaneshdk) [info]
[webshell4-login-panel] WebShell4 Login Panel - Detect (@ritikchaddha) [info]
[webtitan-cloud-panel] WebTitan Cloud Panel - Detect (@ritikchaddha) [info]
[webtransfer-client-panel] Web Transfer Client Login Panel - Detect (@righettod)
[info]
[webuzo-admin-panel] Webuzo Admin Login Panel - Detect (@theamanrawat) [info]
[weiphp-panel] Weiphp Panel - Detect (@ritikchaddha) [info]
[whm-login-detect] WHM Login Panel - Detect (@pussycat0x) [info]
[wiren-board-webui] Wiren Board WebUI Panel - Detect (@tess) [medium]
[wmw-enterprise-panel] WMW Enterprise Login Panel - Detect (@matt galligan) [info]
[woodwing-panel] Woodwing Studio Server Panel - Detect (@pdteam,@righettod) [info]
[wordpress-login] WordPress Login Panel - Detect (@its0x08) [info]
[workresources-rdp] RDWeb RemoteApp and Desktop Connections - Web Access
(@dhiyaneshdk) [info]
[workspace-one-uem] VMware Workspace ONE UEM Airwatch Login Panel - Detect
(@gevakun,@hanlaomo) [info]
[wowza-streaming-engine] Wowza Streaming Engine Manager Panel - Detect
(@dhiyaneshdk) [info]
[ws_ftp-server-web-transfer] WS_FTP Server Web Transfer - Panel Detect (@johnk3r)
[info]
[wso2-management-console] WSO2 Management Console Login Panel - Detect
(@dhiyaneshdk,@johnk3r) [info]
[xds-amr-status] XDS-AMR Status Login Panel - Detect (@pussycat0x) [info]
[xeams-admin-console] Xeams Admin Console Login Panel - Detect (@theamanrawat)
[info]
[xenmobile-login] Xenmobile Console Login Panel - Detect (@dhiyaneshdk) [info]
[xfinity-panel] Xfinity Panel - Detect (@hardik-solanki) [info]
[xiaomi-wireless-router-login] Xiaomi Wireless Router Admin Panel - Detect (@lu4nx)
[info]
[xibocms-login] Xibo CMS Login Panel - Detect (@ritikchaddha,@daffainfo) [info]
[xnat-login] XNAT Login Panel - Detect (@0x_akoko) [info]
[xoops-installation-wizard] XOOPS Installation Wizard Panel - Detect
(@princechaddha) [low]
[xvr-login] XVR Login Panel - Detect (@dhiyaneshdk) [info]
[xweb500-panel] Xweb500 Login Panel - Detect (@princechaddha) [info]
[xxljob-panel] XXLJOB Admin Login Panel - Detect (@pdteam,@daffainfo,@ritikchaddha)
[info]
[yarn-manager-exposure] Apache YARN ResourceManager Panel - Detect (@pdteam) [low]
[yellowfin-panel] Yellowfin Information Collaboration - Detect (@dhiyaneshdk)
[info]
[yopass-panel] Yopass Panel - Detect (@adam crosser) [info]
[yzmcms-panel] YzmCMS Login Panel - Detect (@pikpikcu,@daffainfo) [info]
[zabbix-server-login] Zabbix Login Panel - Detect (@dhiyaneshdk) [info]
[zblog-admin-panel] Z-BlogPHP Admin Login Panel - Detect (@aayush vishnoi) [info]
[zblogphp-panel] Z-BlogPHP Panel - Detect (@princechaddha) [info]
[zenario-login-panel] Zenario Admin Login Panel - Detect (@__fazal) [info]
[zenml-dashboard-panel] ZenML Dashboard Panel - Detect (@dhiyaneshdk) [info]
[zentao-detect] Zentao Panel - Detect (@pikpikcu) [info]
[zentral-panel] Zentral Panel - Detect (@adam crosser) [info]
[zeroshell-login] ZeroShell Panel - Detect (@dhiyaneshdk) [info]
[zimbra-web-client] Zimbra Panel - Detect (@dhiyaneshdk,@idealphase) [info]
[zimbra-web-login] Zimbra Collaboration Suite Login Panel - Detect (@powerexploit)
[info]
[zipkin-exposure] Zipkin Login Panel - Detect (@pdteam) [info]
[manageengine-adaudit] ZOHO ManageEngine ADAudit/ADManager Panel - Detect
(@dhiyaneshdk,@pr3r00t,@idealphase) [info]
[manageengine-adselfservice] ZOHO ManageEngine ADSelfService Plus - Detect
(@dhiyaneshdk,@sak1) [info]
[manageengine-analytics] ZOHO ManageEngine Analytics Plus Panel - Detect
(@dhiyaneshdk) [info]
[manageengine-apex-helpdesk] ZOHO ManageEngine APEX IT Help-Desk Panel - Detect
(@dhiyaneshdk) [info]
[manageengine-applications-manager] ZOHO ManageEngine Applications Manager Panel -
Detected (@dhiyaneshdk) [info]
[manageengine-assetexplorer] ZOHO ManageEngine AssetExplorer Panel - Detect
(@dhiyaneshdk) [info]
[manageengine-desktop] ZOHO ManageEngine Desktop Panel - Detect (@dhiyaneshdk)
[info]
[manageengine-keymanagerplus] ZOHO ManageEngine KeyManagerPlus Panel - Detect
(@righettod) [info]
[manageengine-network-config] Zoho ManageEngine Network Configuration Manager Panel
- Detect (@righettod) [info]
[manageengine-opmanager] ZOHO ManageEngine OpManager Panel - Detect
(@dhiyaneshdk,@daffainfo) [info]
[manageengine-servicedesk] ZOHO ManageEngine ServiceDesk Panel - Detect
(@dhiyaneshdk,@righettod) [info]
[manageengine-supportcenter] ZOHO ManageEngine SupportCenter Panel - Detect
(@dhiyaneshdk) [info]
[zoneminder-login] ZoneMinder Login Panel - Detect (@princechaddha) [info]
[zte-panel] ZTE Panel - Detect (@its0x08,@idealphase) [info]
[zuul-panel] Zuul Panel - Detect (@yuzhe-zhang-0) [info]
[zyxel-router-panel] ZyXel Router Login Panel - Detect (@arafatansari) [info]
[zyxel-firewall-panel] Zyxel Firewall Panel - Detect (@0x240x23elu) [info]
[zyxel-vmg1312b10d-login] Zyxel VMG1312-B10D - Login Detection (@princechaddha)
[info]
[zyxel-vsg1432b101-login] Zyxel VSG1432-B101 - Login Detection (@princechaddha)
[info]
[aspnet-soap-webservices-asmx] SOAP-based ASP.NET web services ASMX - Detect
(@righettod) [info]
[couchbase-buckets-api] Couchbase Buckets Unauthenticated REST API - Detect
(@geeknik) [medium]
[drupal-jsonapi-user-listing] Drupal JSON:API Username Listing - Detect (@lixts)
[medium]
[jeecg-boot-swagger] Jeecg Boot Swagger Bootstrap UI - Detect (@ritikchaddha)
[info]
[openapi] OpenAPI - Detect (@pdteam,@ynnirc) [info]
[redfish-api] Redfish API - Detect (@righettod) [info]
[seafile-api] Seafile API - Detect (@righettod) [info]
[strapi-page] Strapi API - Detect (@dhiyaneshdk) [info]
[swagger-api] Public Swagger API - Detect (@pdteam,@c-sh0) [info]
[wadl-api] WADL API - Detect (@0xrudra,@manuelbua) [info]
[wsdl-api] WSDL API - Detect (@jarijaas) [info]
[exposed-mysql-initial] mysql.initial Config - Detect (@elsfa7110) [info]
[froxlor-database-backup] Froxlor Server Management Backup File - Detect (@tess)
[medium]
[settings-php-files] settings.php - Information Disclosure (@sheikhrishad) [medium]
[default-sql-dump] MySQL - Dump Files (@geeknik,@dwisiswant0,@elsfa7110,@mastercho)
[medium]
[zip-backup-files] Compressed Backup File - Detect (@toufik-
airane,@dwisiswant0,@ffffffff0x,@pwnhxl,@mastercho) [medium]
[accueil-wampserver] Accueil WAMPSERVER Configuration Page - Detect (@tess)
[medium]
[airflow-configuration-exposure] Apache Airflow Configuration Page - Detect
(@pdteam) [medium]
[alibaba-canal-info-leak] Alibaba Canal Config - Detect (@pikpikcu) [info]
[amazon-docker-config] Dockerrun AWS Configuration Page - Detect (@pdteam) [medium]
[ansible-config-disclosure] Ansible Configuration Page - Detect (@pdteam) [medium]
[apache-config] Apache Configuration File - Detect (@sheikhrishad) [medium]
[appspec-yml-disclosure] Appspec YML/YAML - Detect (@dhiyaneshdk) [medium]
[appveyor-configuration-file] AppVeyor Configuration Page - Detect (@dhiyaneshdk)
[medium]
[aws-config] AWS Configuration - Detect (@m4lwhere) [medium]
[aws-credentials] AWS Credentials - Detect (@m4lwhere) [high]
[awstats-config] AWStats Config - Detect (@sheikhrishad) [info]
[awstats-script] AWStats Script Config - Detect (@sheikhrishad,@msegoviag) [info]
[azure-domain-tenant] Microsoft Azure Domain Tenant ID - Detect (@v0idc0de) [info]
[babel-config-exposure] Babel Configuration - Detect (@dhiyaneshdk) [info]
[behat-config] Behat Configuration File - Detect (@dhiyaneshdk) [medium]
[blazor-boot] Blazor Boot File Disclosure (@freakyclown) [info]
[cakephp-config] CakePHP Configuration File - Detect (@dhiyaneshdk) [medium]
[cgi-printenv] Test CGI Script - Detect (@emadshanab) [medium]
[circleci-config] CircleCI Configuration File - Detect (@geeknik) [medium]
[circleci-ssh-config] CircleCI SSH Configuration - Detect (@geeknik) [medium]
[cisco-network-config] Cisco System Network Configuration Page - Detect
(@dhiyaneshdk) [info]
[codeception-config] Codeception YAML Configuration File - Detect (@dhiyaneshdk)
[low]
[codeigniter-env] Codeigniter - .env File Discovery (@emenalf) [high]
[collibra-properties] Collibra Properties Exposure (@0xpugazh) [high]
[composer-config] Composer Config - Detect (@mahendra purbia (mah3sec_)) [info]
[config-json] Configuration File - Detect (@geeknik) [medium]
[config-properties] Config Properties Exposure (@j4vaovo,@dhiyaneshdk) [high]
[config-rb] Ruby Configuration File - Detect (@dhiyaneshdk) [unknown]
[configuration-listing] Sensitive Configuration Files Listing - Detect (@j33n1k4)
[medium]
[coremail-config-disclosure] Coremail - Config Discovery (@princechaddha) [high]
[cypress-web-config] Cypress Oxygen Configuration Page - Detect (@tess) [info]
[dbeaver-credentials] DBeaver - Credentials Discovery (@geeknik,@j4vaovo) [medium]
[debug-vars] Golang Expvar - Detect (@luqman) [low]
[deployment-ini] FTP Deployment Config File - Exposure (@michal mikolas (nanuqcz))
[medium]
[detect-drone-config] Drone - Configuration Detection (@geeknik) [high]
[django-variables-exposed] Django Config - Detect (@nobody) [info]
[docker-compose-config] Docker Compose - Detect (@meme-lord,@blckraven,@geeknik)
[medium]
[dockercfg-config] Detect .dockercfg (@geeknik) [high]
[dockerfile-hidden-disclosure] Dockerfile - Detect (@dhiyaneshdk) [medium]
[dompdf-config] DomPDF - Configuration Page (@kazet) [low]
[editor-exposure] Editor Configuration File - Detect (@dhiyaneshdk,@daffainfo)
[low]
[esmtprc-config] eSMTP - Config Discovery (@geeknik) [high]
[exposed-authentication-asmx] Authentication.asmx - Detect (@dhiyaneshdk) [info]
[exposed-bitkeeper] BitKeeper Configuration - Detect (@daffainfo) [low]
[exposed-bzr] Bazaar Configuration - Detect (@daffainfo) [info]
[exposed-darcs] Darcs Configuration - Detect (@daffainfo) [info]
[exposed-gitignore] Gitignore Config - Detect (@thezakman,@geeknik) [info]
[exposed-hg] HG Configuration - Detect (@daffainfo) [medium]
[exposed-sharepoint-list] Sharepoint List - Detect (@elsfa7110) [medium]
[exposed-svn] SVN Configuration - Detect (@udit_thakkur,@dwisiswant0) [medium]
[exposed-vscode] Visual Studio Code Directories - Detect (@aashiq) [medium]
[firebase-config-exposure] Firebase Configuration File - Detect (@geeknik) [medium]
[ftp-credentials-exposure] FTP Credentials Exposure (@pikpikcu) [high]
[gcloud-config-default] Google Cloud Default Config - Detect (@dhiyaneshdk) [info]
[git-config-nginxoffbyslash] Nginx - Git Configuration Exposure (@organiccrap)
[medium]
[git-config] Git Configuration - Detect (@pdteam,@pikpikcu,@mah3sec_,@m4lwhere)
[medium]
[git-credentials-disclosure] Git Credentials - Detect (@dhiyaneshdk) [medium]
[github-workflows-disclosure] Github Workflow Disclosure (@dhiyaneshdk,@geeknik)
[medium]
[gmail-api-client-secrets] GMail API - Detect (@geeknik) [info]
[golangci-config] GolangCI-Lint Configuration File - Detect (@hardik-solanki)
[info]
[gruntfile-exposure] Gruntfile Config - Detect (@sbani) [info]
[guard-config] Guardfile Config - Detect (@dhiyaneshdk) [info]
[hikvision-info-leak] Hikvision Configuration File - Detect (@pikpikcu) [medium]
[honeywell-scada-config] Honeywell Scada Configuration File - Detect (@alperenkesk)
[low]
[hp-ilo-serial-key-disclosure] HP iLO Serial Key - Detect (@dhiyaneshdk) [medium]
[htpasswd-detection] Apache htpasswd Config - Detect (@geeknik) [high]
[httpd-config] Apache httpd Config File - Detect (@sheikhrishad) [info]
[javascript-env] JavaScript Environment Configuration - Detect (@pdp,@geeknik)
[low]
[jetbrains-datasource] Jetbrains IDE DataSources Config - Detect (@florianmaak)
[info]
[jkstatus-manager] JK Status Manager - Detect (@pdteam,@dhiyaneshdk) [low]
[joomla-config-dist-file] Joomla! Configuration File - Detect (@oppsec) [low]
[jsconfig-json] Visual Studio Code jsconfig.json - Detect (@dhiyaneshdk) [info]
[karma-config-js] Karma Configuration File - Detect (@dhiyaneshdk) [medium]
[keycloak-openid-config] Keycloak OpenID Configuration - Detect (@rodnt) [info]
[kubernetes-kustomization-disclosure] Kubernetes Kustomize Configuration - Detect
(@dhiyaneshdk) [medium]
[kyan-credential-exposure] Kyan Credential - Exposure (@pikpikcu) [medium]
[laravel-env] Laravel - Sensitive Information Disclosure
(@pxmme1337,@dwisiswant0,@geeknik,@emenalf,@adrianmf) [high]
[lvmeng-uts-disclosure] Lvmeng - UTS Disclosure (@pikpikcu) [high]
[magento-config-disclosure] Magento Configuration Panel - Detect
(@ptonewreckin,@danigoland,@geeknik) [high]
[mercurial-hgignore] Mercurial Ignore - File Disclosure (@dhiyaneshdk) [info]
[msmtp-config] Msmtp - Config Exposure (@geeknik) [high]
[nagios-status-page] Nagios Current Status Page - Detect (@dhiyaneshdk) [medium]
[netbeans-config] Netbeans Config - Detect (@sbani) [info]
[netrc] Netrc - Config File Discovery (@geeknik) [high]
[nginx-config] Nginx Config - Detect (@sheikhrishad,@geeknik) [info]
[opcache-status-exposure] OPcache Status Page - Detect (@pdteam) [medium]
[oracle-cgi-printenv] Oracle CGI printenv - Information Disclosure (@dhiyaneshdk)
[medium]
[oracle-ebs-credentials] Oracle E-Business System Credentials Page - Detect
(@dhiyaneshdk) [high]
[ovpn-config-exposed] OVPN Configuration Download Page - Detect (@tess) [low]
[owncloud-config] owncloud Config - Detect (@mahendra purbia (mah3sec_)) [info]
[package-json] NPM package.json Disclosure (@geeknik,@afaq,@noraj) [info]
[parameters-config] Parameters.yml - File Discovery (@dhiyaneshdk) [high]
[perl-status] Apache Mod_perl Status Page - Detect (@pdteam) [medium]
[phalcon-framework-source] Phalcon Framework - Source Code Leakage
(@philippedelteil) [high]
[phinx-config] Phinx Configuration Exposure (@dhiyaneshdk) [medium]
[php-fpm-config] PHP-FPM Configuration Page - Detect (@sheikhrishad) [info]
[phpcs-config] PHP_CodeSniffer Configuration Exposure - Detect (@dhiyaneshdk)
[info]
[phpinfo-files] PHPinfo Page - Detect (@pdteam,@daffainfo,@meme-
lord,@dhiyaneshdk,@wabafet,@mastercho) [low]
[phpsec-config] phpspec Config - Detect (@dhiyaneshdk) [info]
[phpstan-config] PHPStan Configuration Page - Detect (@dhiyaneshdk) [info]
[phpsys-info] phpSysInfo Exposure (@fpatrik) [low]
[pipfile-config] Pipfile Config - Detect (@dhiyaneshdk) [info]
[platformio-ini] Platformio Config File Disclosure (@dhiyaneshdk) [low]
[plesk-stat] Webalizer Log Analyzer Configuration - Detect (@th3.d1p4k) [medium]
[pre-commit-config] Pre-commit Configuration File - Detect (@dhiyaneshdk) [info]
[procfile-config] Procfile Config - Detect (@dhiyaneshdk) [info]
[proftpd-config] ProFTPD Configuration File - Detect (@sheikhrishad) [info]
[prometheus-metrics] Prometheus Metrics - Detect (@dhiyaneshdk,@philippedelteil)
[medium]
[protractor-config] Protractor Configuration Exposure (@dhiyaneshdk) [low]
[proxy-wpad-exposure] Web Proxy Auto-Discovery Configuration File - Detect
(@dhiyaneshdk) [info]
[psalm-config] Psalm Configuration Exposure - Detect (@dhiyaneshdk) [low]
[pubspec-config] Pubspec YAML Configuration File - Detect (@dhiyaneshdk) [info]
[pyproject-toml] pyproject.toml Configuration - Detect (@dhiyaneshdk) [info]
[qdpm-info-leak] qdPM 9.2 - DB Credentials Exposure (@gy741) [high]
[rackup-config-ru] Rackup Configuration - Detect (@dhiyaneshdk) [info]
[rails-database-config] Ruby on Rails Database Configuration File - Detect
(@pdteam,@geeknik) [high]
[rakefile-disclosure] Rakefile - File Disclosure (@dhiyaneshdk) [info]
[redis-config] Redis Configuration File - Detect (@geeknik) [medium]
[robomongo-credential] RoboMongo Credential - Exposure (@geeknik) [high]
[rollup-js-config] Rollup.js Configuration - Detect (@dhiyaneshdk) [info]
[rubocop-config] Rubocop Configuration - Detect (@dhiyaneshdk) [info]
[ruijie-information-disclosure] Ruijie Login Panel - Detect (@pikpikcu) [high]
[ruijie-nbr1300g-exposure] Ruijie NBR1300G Cli Password Leak - Detect (@pikpikcu)
[high]
[ruijie-phpinfo] Ruijie Phpinfo Configuration - Detect (@pikpikcu) [low]
[s3cfg-config] S3CFG Configuration - Detect (@geeknik,@dhiyaneshdk) [high]
[s3cmd-config] S3CMD Configuration - Detect (@ice3man) [info]
[saia-web-server] Saia PCD Web-Server Configuration Page - Detect (@dhiyaneshdk)
[info]
[samba-config] Samba Config - Detect (@sheikhrishad) [info]
[scrutinizer-config] Scrutinizer Config - Detect (@dhiyaneshdk) [info]
[server-private-keys] SSL/SSH/TLS/JWT Keys - Detect (@geeknik,@r12w4n,@j4vaovo)
[high]
[sftp-credentials-exposure] SFTP Configuration File - Credentials Exposure
(@geeknik,@sheikhrishad) [high]
[sftp-deployment-config] Atom SFTP Configuration File - Detect (@geeknik) [high]
[sphinxsearch-config] Sphinx Search Config - Exposure (@gtrrnr) [high]
[ssh-authorized-keys] SSH Authorized Keys File - Detect (@geeknik) [medium]
[ssh-known-hosts] SSH Known Hosts File - Detect (@geeknik) [info]
[stestr-config] Stestr Configuration File - Detect (@hardik-solanki) [info]
[svnserve-config] Svnserve Configuration File - Detect (@sheikhrishad) [info]
[symfony-database-config] Symfony Database Configuration File - Detect
(@pdteam,@geeknik) [high]
[symfony-profiler] Symfony Profiler - Detect (@pdteam) [high]
[symfony-security-config] Symfony Security Configuration File - Detect (@dahse89)
[info]
[tox-ini] Tox Configuration File - Detect (@geeknik) [info]
[vbulletin-path-disclosure] vBulletin - Full Path Disclosure (@mastercho) [info]
[ventrilo-config] Ventrilo Configuration File - Detect (@geeknik) [high]
[vite-config] Vite Configuration - File Exposure (@dhiyaneshdk) [low]
[web-config] Web Configuration File - Detect (@yash anand
@yashanand155,@dhiyaneshdk) [info]
[webpack-config] Webpack Configuration File - Detect (@ambassify) [info]
[websheets-config] Websheets Configuration File - Detect (@geeknik) [high]
[wgetrc-config] Wgetrc Configuration File - Detect (@dhiyaneshdk) [info]
[wpconfig-aws-keys] AWS S3 keys Leak (@r12w4n) [high]
[xprober-service] X Prober Server - Information Disclosure (@pdteam) [medium]
[yii-debugger] View Yii Debugger Information (@geeknik,@rumble773) [low]
[zend-config-file] Zend Configuration File (@pdteam,@geeknik,@akokonunes) [high]
[angular-json] Angular JSON File Exposure (@dhiyaneshdk) [info]
[apache-licenserc] Apache License File (@dhiyaneshdk) [low]
[apdisk-disclosure] Apdisk - File Disclosure (@dhiyaneshdk) [low]
[appsettings-file-disclosure] Application Setting file disclosure
(@dhiyaneshdk,@tess) [high]
[atom-sync-remote] Atom Synchronization Exposure (@geeknik) [high]
[auth-json] Auth.json File - Disclosure (@dhiyaneshdk) [high]
[axis-happyaxis] Axis Happyaxis Exposure (@dogasantos) [info]
[azure-pipelines-exposed] Azure Pipelines Configuration File Disclosure
(@dhiyaneshdk) [medium]
[azuredeploy-json] Azure Resource Manager Template - File Exposure (@dhiyaneshdk)
[medium]
[bitbucket-pipelines] BitBucket Pipelines Configuration Exposure (@dhiyaneshdk)
[info]
[bower-json] bower.json File Disclosure (@oppsec,@noraj) [info]
[build-properties] Build Properties File Exposure (@dhiyaneshdk) [info]
[bun-lock] Bun Lock File Disclosure (@noraj) [info]
[cargo-lock-package] Cargo Lock Packages Disclosure (@dhiyaneshdk) [info]
[cargo-toml-file] Cargo TOML File Disclosure (@dhiyaneshdk) [info]
[cloud-config] Cloud Config File Exposure (@dhiyaneshdk,@hardik-solanki) [medium]
[cold-fusion-cfcache-map] Discover Cold Fusion cfcache.map Files (@geeknik) [low]
[composer-auth-json] Composer-auth Json File Disclosure (@dhiyaneshdk) [low]
[core-dump] Exposed Core Dump - File Disclosure (@kazet) [medium]
[credentials-json] Credentials File Disclosure (@ritikchaddha) [medium]
[insecure-crossdomain] Insecure cross-domain.xml file (@borna nematzadeh,@nadino)
[info]
[database-credentials] Database Credentials File Exposure (@hardik-
solanki,@geeknik) [low]
[db-schema] Discover db schema files (@geeknik) [info]
[db-xml-file] db.xml File - Detect (@tess) [medium]
[dbeaver-database-connections] DBeaver Database Connections - Detect (@geeknik)
[info]
[desktop-ini-exposure] desktop.ini exposure (@dhiyaneshdk) [info]
[django-secret-key] Django Secret Key Exposure (@geeknik,@dhiyaneshdk) [high]
[docker-cloud] Docker Cloud Yaml - File Disclosure (@dhiyaneshdk) [medium]
[domcfg-page] Lotus Domino Configuration Page (@gevakun) [low]
[ds-store-file] Exposed DS_Store File (@0w4ys,@pwnhxl) [info]
[dwsync-exposure] Dreamweaver Dwsync.xml Exposure (@kaizensecurity) [info]
[environment-rb] Environment Ruby File Disclosure (@dhiyaneshdk) [medium]
[exposed-alps-spring] Exposed Spring Data REST Application-Level Profile Semantics
(ALPS) (@dwisiswant0) [medium]
[filezilla-exposed] Filezilla (@amsda) [medium]
[ftpconfig] Atom remote-ssh ftpconfig Exposure (@geeknik,@dhiyaneshdk) [high]
[gcloud-access-token] Google Cloud Access Token (@dhiyaneshdk) [medium]
[gcloud-credentials] Google Cloud Credentials (@dhiyaneshdk) [medium]
[get-access-token-json] Get Access Token Json (@dhiyaneshdk) [low]
[git-mailmap] Git Mailmap File Disclosure (@geeknik,@dhiyaneshdk) [low]
[github-gemfile-files] Github Gemfiles (@hahwul) [info]
[github-page-config] Github pages config file (@hahwul) [info]
[glpi-status-domain-disclosure] GLPI Status Domain Disclosure (@dogasantos) [info]
[go-mod-disclosure] Go.mod Disclosure (@dhiyaneshdk) [low]
[google-api-private-key] Google Api Private Key (@dhiyaneshdk) [medium]
[google-services-json] Google Service Json (@dhiyaneshdk) [low]
[gradle-libs] Gradle Library Version Disclosure (@dhiyaneshdk) [info]
[ht-deployment] .htdeployment - Files Tree Cache File (@michal-mikolas) [medium]
[iceflow-vpn-disclosure] ICEFlow VPN Disclosure (@pikpikcu) [low]
[idea-folder-exposure] Public .idea Folder containing files with sensitive data
(@martincodes-de) [info]
[ioncube-loader-wizard] ioncube Loader Wizard Disclosure (@mubassirpatel) [medium]
[jetbrains-webservers] JetBrains WebServers File - Detect (@geeknik) [info]
[joomla-file-listing] Joomla! Database File List (@iampritam) [medium]
[jsapi-ticket-json] JsAPI Ticket Json (@dhiyaneshdk) [low]
[keycloak-json] Keycloak JSON File (@oppsec) [info]
[kubernetes-etcd-keys] Kubernetes etcd Keys - Exposure (@hardik-solanki) [medium]
[lazy-file-manager] Lazy File Manager (@amsda) [medium]
[npm-anonymous-cli] NPM Anonymous CLI Metrics Exposure (@dhiyaneshdk) [info]
[npm-cli-metrics-json] NPM Anonymous CLI Metrics Json (@dhiyaneshdk) [low]
[npm-shrinkwrap-exposure] Node Shrinkwrap Exposure (@dhiyaneshdk,@noraj) [info]
[npmrc-authtoken] Hardcoded .npmrc AuthToken (@geeknik) [info]
[nuget-package-config] NuGet Package.config File Disclosure (@dhiyaneshdk) [info]
[oauth-credentials-json] Oauth Credentials Json (@dhiyaneshdk) [low]
[openstack-user-secrets] OpenStack User Secrets Exposure (@geeknik) [high]
[oracle-test-cgi] Oracle Application Server test-cgi Page (@dhiyaneshdk) [info]
[pantheon-upstream] Pantheon upstream.yml Disclosure (@dhiyaneshdk) [low]
[php-cs-cache] PHP-CS-Fixer Cache - File Disclosure (@dhiyaneshdk) [medium]
[php-ini] Php.ini File Disclosure (@geeknik,@dhiyaneshdk) [low]
[php-user-ini-disclosure] Php User.ini Disclosure (@dhiyaneshdk) [medium]
[phpunit-result-cache-exposure] PHPUnit Result Cache File Exposure (@dhiyaneshdk)
[low]
[phpunit] phpunit.xml File Disclosure (@pikpikcu) [info]
[pipeline-configuration] Pipeline Configuration Exposure (@dhiyaneshdk) [info]
[pipfile-lock] Pipfile.lock Disclosure (@dhiyaneshdk) [info]
[pnpm-lock] PNPM Lock Yaml File Disclosure (@noraj) [info]
[putty-private-key-disclosure] Putty Private Key Disclosure (@dhiyaneshdk,@geeknik)
[medium]
[pyproject-disclosure] Pyproject Disclosure (@dhiyaneshdk) [info]
[rails-secret-token-disclosure] Ruby on Rails Secret Token Disclosure
(@dhiyaneshdk) [medium]
[reactapp-env-js] React App Environment Js (@random-robbie,@rinolock) [unknown]
[readme-md] README.md file disclosure (@ambassify) [info]
[redmine-config] Redmine Configuration File - Detect (@dhiyaneshdk) [high]
[redmine-settings] Redmine settings.yml File Disclosure (@dhiyaneshdk) [info]
[routes-ini] routes.ini File Exposure (@geeknik) [info]
[ruby-rail-storage] Ruby on Rails storage.yml File Disclosure (@dhiyaneshdk) [low]
[salesforce-credentials] Salesforce Credentials - Detect (@geeknik) [high]
[sass-lint] Sass Lint File Exposure (@dhiyaneshdk) [info]
[secret-token-rb] Secret Token Ruby - File Disclosure (@dhiyaneshdk) [medium]
[ruby-secrets-file] Ruby on Rails secrets.yml File Exposure (@dhiyaneshdk) [high]
[sendgrid-env] SendGrid Env File Exposure (@dhiyaneshdk) [medium]
[sensitive-storage-data-expose] Sensitive Storage Data - Detect (@pussycat0x)
[medium]
[service-account-credentials] Service Account Credentials File Disclosure
(@ritikchaddha) [medium]
[shellscripts] Public shellscripts (@panch0r3d) [low]
[snyk-ignore-file-disclosure] Snyk Ignore File Disclosure (@dhiyaneshdk) [info]
[socks5-vpn-config] Socks5 VPN - Sensitive File Disclosure (@dhiyaneshdk) [high]
[styleci-yml-disclosure] StyleCi Yaml File Disclosure (@dhiyaneshdk) [info]
[svn-wc-db] SVN wc.db File Exposure (@hardik-solanki,@r12w4n) [medium]
[symfony-properties-ini] Symfony properties.ini File Disclosure (@dhiyaneshdk)
[info]
[symfony-security] Symfony security.yml File Disclosure (@dhiyaneshdk) [info]
[thumbs-db-disclosure] Thumbs DB Disclosure (@dhiyaneshdk) [info]
[token-info-json] Token Info Json File (@dhiyaneshdk) [info]
[token-json] Token Json File Disclosure (@dhiyaneshdk) [low]
[travis-ci-disclosure] Travis CI Disclosure (@dhiyaneshdk) [high]
[uwsgi-ini] uwsgi.ini File Exposure (@dhiyaneshdk) [info]
[vagrantfile-exposure] Vagrantfile Exposure (@dhiyaneshdk) [low]
[viminfo-disclosure] Viminfo - File Disclosure (@dhiyaneshdk) [low]
[vscode-sftp] VSCode SFTP File Exposure (@geeknik) [high]
[webpack-mix-js] Webpack Mix File Disclosure (@dhiyaneshdk) [info]
[webpack-sourcemap-disclosure] Webpack Sourcemap Disclosure (@dhiyaneshdk) [info]
[wget-hsts-list-exposure] WGET HSTS List Exposure (@dhiyaneshdk) [info]
[wordpress-readme-file] WordPress Readme File (@tess) [info]
[wp-cli-exposure] WP-CLI Yaml File Exposure (@dhiyaneshdk) [info]
[ws-ftp-ini] WS FTP File Disclosure (@dhiyaneshdk) [low]
[xampp-environment-variables] XAMPP Environment Variables Exposure
(@melbadry9,@dhiyaneshdk) [low]
[yarn-lock] Yarn Lock File Disclosure (@oppsec,@noraj) [info]
[access-log-file] Publicly accessible access-log file (@sheikhrishad) [low]
[badarg-log] Badarg Log File Exposure (@hardik-solanki) [low]
[clockwork-php-page] Clockwork PHP page exposure (@organiccrap) [high]
[darkstat-detect] Detect Darkstat Reports (@geeknik) [high]
[development-logs] Discover development log files (@geeknik) [info]
[django-debug-exposure] Django Debug Exposure (@geeknik) [high]
[dozzle-container-logs] Dozzle - Logs Exposure (@theabhinavgaur) [medium]
[elmah-log-file] ELMAH Exposure (@shine,@idealphase) [high]
[error-logs] Common Error Log Files (@geeknik,@daffainfo,@elsfa7110,@hardik-
solanki) [low]
[event-debug-server-status] Event Debug Server Status (@pussycat0x) [low]
[exposed-glances-api] Exposed Glances API (@princechaddha) [low]
[fastcgi-echo] FastCGI Echo Endpoint Script - Detect (@powerexploit) [info]
[ffserver-status] FFserver Status Detect (@notnotnotveg,@tess) [low]
[firebase-debug-log] Firebase Debug Log File Exposure (@hardik-solanki) [low]
[git-exposure] Git Metadata Directory Exposure (@tess) [medium]
[git-logs-exposure] Git Logs Disclosure (@nullfuzz) [info]
[go-pprof-debug] Go pprof Debug Page (@w8ay) [low]
[idea-logs-exposure] Public .idea Folder containing http logs (@martincodes-de)
[info]
[jboss-seam-debug-page] Jboss Seam Debug Page Enabled (@dhiyaneshdk) [medium]
[laravel-log-file] Laravel log file publicly accessible (@sheikhrishad,@geeknik)
[high]
[laravel-telescope] Laravel Telescope Disclosure (@geeknik) [medium]
[lucee-stack-trace] Lucee Stack Trace Error (@dhiyaneshdk) [low]
[milesight-system-log] Milesight Industrial Cellular Routers - Information
Disclosure (@ritikchaddha) [high]
[nginx-shards] NGINX Shards Disclosure (@dhiyaneshdk) [medium]
[npm-debug-log] NPM Debug Log Disclosure (@hardik-solanki) [low]
[npm-log-file] Publicly accessible NPM Log file (@sheikhrishad,@dhiyaneshdk) [low]
[opentsdb-status] OpenTSDB - Detect (@pussycat0x) [low]
[oracle-ebs-sqllog-disclosure] Oracle EBS - SQL Log Disclosure (@dhiyaneshdk)
[medium]
[production-log] Production Log File Disclosure (@geeknik) [low]
[production-logs] Discover production log files (@geeknik) [info]
[pyramid-debug-toolbar] Pyramid Debug Toolbar (@geeknik) [medium]
[rails-debug-mode] Rails Debug Mode (@pdteam) [medium]
[redis-exception-error] Redis Exception Connection Error Page (@dhiyaneshdk) [low]
[redv-super-logs] RED-V Super Digital Signage System RXV-A740R - Log Information
Disclosure (@r3y3r53) [medium]
[roundcube-log-disclosure] Roundcube Log Disclosure (@dhiyaneshdk,@kazet) [medium]
[squid-analysis-report-generator] Squid Analysis Report Generator (@geeknik) [high]
[struts-debug-mode] Apache Struts setup in Debug-Mode (@pdteam) [low]
[struts-problem-report] Apache Struts Dev Mode - Detect (@dhiyaneshdk) [low]
[teampass-ldap] Teampass LDAP Debug Config - Detect (@josecosta) [medium]
[trace-axd-detect] ASP.NET Trace.AXD Information Leak (@dhiyaneshdk) [low]
[webalizer-xtended-stats] Webalizer Xtended Statistics Exposed (@ritikchaddha)
[low]
[wp-app-log] Discover wp-app.log Files (@geeknik) [info]
[ws-ftp-log] WS FTP File Disclosure (@hardik-solanki) [low]
[yii-error-page] Yii Error Page - Detct (@dhiyaneshdk) [unknown]
[zm-system-log-detect] zm-system-log-detect (@pussycat0x) [low]
[adafruit-api-key] Adafruit API Key (@dhiyaneshdk) [info]
[adobe-client-id] Adobe Client ID (@dhiyaneshdk) [info]
[adobe-oauth-secret] Adobe OAuth Client Secret (@dhiyaneshdk) [info]
[age-public-key] Age Recipient (X25519 public key) (@dhiyaneshdk) [info]
[age-secret-key] Age Identity (X22519 secret key) (@dhiyaneshdk) [info]
[airtable-api-key] Airtable API Key (@dhiyaneshdk) [info]
[algolia-api-key] Algolia API Key (@dhiyaneshdk) [info]
[alibaba-accesskey-id] Alibaba Access Key ID (@dhiyaneshdk) [info]
[alibaba-secretkey-id] Alibaba Secret Key ID (@dhiyaneshdk) [info]
[amazon-mws-auth-token] Amazon MWS Auth Token (@puzzlepeaches) [info]
[amazon-sns-topic] Amazon SNS Topic Disclosure (@ice3man) [info]
[aws-access-key-value] AWS Access Key ID Value (@swissky) [info]
[aws-access-secret-key] AWS Access/Secret Key Disclosure (@tess) [unknown]
[aws-account-id] AWS Account ID (@dhiyaneshdk) [info]
[aws-api-key] AWS API Key (@dhiyaneshdk) [info]
[aws-session-token] AWS Session Token (@dhiyaneshdk) [info]
[artifactory-api-password] Artifactory Password Disclosure (@ice3man) [info]
[artifactory-api-token] Artifactory API Token Disclosure (@ice3man) [info]
[asana-client-id] Asana Client ID (@dhiyaneshdk) [info]
[asana-client-secret] Asana Client Secret (@dhiyaneshdk) [info]
[atlassian-token] Atlassian API Token (@dhiyaneshdk) [info]
[azure-apim-secretkey] Azure - APIM Secret Key (@israel comazzetto dos reis) [info]
[azure-connection] Azure Connection String (@dhiyaneshdk) [info]
[beamer-token] Beamer API Token (@dhiyaneshdk) [info]
[bitbucket-clientid] BitBucket Client ID (@dhiyaneshdk) [info]
[bitbucket-clientsecret] BitBucket Client Secret (@dhiyaneshdk) [info]
[bitly-secret-key] Bitly Secret Key Disclosure (@ice3man) [info]
[bittrex-accesskey] Bittrex Access Key (@dhiyaneshdk) [info]
[bittrex-secretkey] Bittrex Secret Key (@dhiyaneshdk) [info]
[clojars-token] Clojars Token (@dhiyaneshdk) [info]
[cloudinary-credentials] Cloudinary Credentials Disclosure (@ice3man) [info]
[codeclimate-token] CodeClimate Token (@dhiyaneshdk) [info]
[codecov-accesstoken] Codecov Access Token (@dhiyaneshdk) [info]
[coinbase-accesstoken] Coinbase Access Token (@dhiyaneshdk) [info]
[confluent-accesstoken] Confluent Access Token (@dhiyaneshdk) [info]
[confluent-secretkey] Confluent Secret Key (@dhiyaneshdk) [info]
[contentful-token] Contentful Delivery API Token (@dhiyaneshdk) [info]
[crates-api-key] Crates.io API Key (@dhiyaneshdk) [info]
[databricks-token] Databricks API Token (@dhiyaneshdk) [info]
[datadog-accesstoken] Datadog Access Token (@dhiyaneshdk) [info]
[dependency-track-api] Dependency Track API Key (@dhiyaneshdk) [info]
[axiom-digitalocean-key-exposure] DigitalOcean Key Exposure via Axiom (@geeknik)
[critical]
[digital-ocean-personal-token] DigitalOcean Personal Access Token (@dhiyaneshdk)
[info]
[digitalocean-app-token] DigitalOcean Application Access Token (@dhiyaneshdk)
[info]
[digitalocean-refresh] DigitalOcean Refresh Token (@dhiyaneshdk) [info]
[tugboat-config-exposure] Tugboat Configuration File Exposure (@geeknik) [critical]
[discord-clientid] Discord Client ID (@dhiyaneshdk) [info]
[discord-clientsecret] Discord Client Secret (@dhiyaneshdk) [info]
[discord-token] Discord API Token (@dhiyaneshdk) [info]
[discord-webhook] Discord Webhook Disclosure (@ice3man) [info]
[docker-hub-pat] Docker Hub Personal Access Token (@dhiyaneshdk) [info]
[doppler-audit-token] Doppler Audit Token (@dhiyaneshdk) [info]
[doppler-cli-token] Doppler CLI Token (@dhiyaneshdk) [info]
[doppler-scim-token] Doppler SCIM Token (@dhiyaneshdk) [info]
[doppler-service-account-token] Doppler Service Account Token (@dhiyaneshdk) [info]
[doppler-service-token] Doppler Service Token (@dhiyaneshdk) [info]
[doppler-token] Doppler API Token (@dhiyaneshdk) [info]
[droneci-accesstoken] Droneci Access Token (@dhiyaneshdk) [info]
[dropbox-access-token] Dropbox Access Token (@dhiyaneshdk) [info]
[dropbox-long-token] Dropbox Long Lived API Token (@dhiyaneshdk) [info]
[dropbox-short-token] Dropbox Short Lived API Token (@dhiyaneshdk) [info]
[dropbox-token] Dropbox API Token (@dhiyaneshdk) [info]
[duffel-token] Duffel API Token (@dhiyaneshdk) [info]
[dynatrace-api-token] Dynatrace API Token (@dhiyaneshdk) [info]
[easypost-testtoken] Easypost Test API Token (@dhiyaneshdk) [info]
[easypost-token] Easypost API Token (@dhiyaneshdk) [info]
[etsy-accesstoken] Etsy Access Token (@dhiyaneshdk) [info]
[facebook-access-token] Facebook Access Token (@dhiyaneshdk) [info]
[facebook-token] Facebook API Token (@dhiyaneshdk) [info]
[fastly-token] Fastly API Token (@dhiyaneshdk) [info]
[figma-personal-token] Figma Personal Access Token (@dhiyaneshdk) [info]
[finicity-clientsecret] Finicity Client Secret (@dhiyaneshdk) [info]
[finicity-token] Finicity API Token (@dhiyaneshdk) [info]
[finnhub-accesstoken] finnhub Access Token (@dhiyaneshdk) [info]
[flickr-accesstoken] Flickr Access Token (@dhiyaneshdk) [info]
[flutterwave-encryptionkey] Flutterwave Encryption Key (@dhiyaneshdk) [info]
[flutterwave-publickey] Flutterwave Public Key (@dhiyaneshdk) [info]
[flutterwave-secretkey] Flutterwave Secret Key (@dhiyaneshdk) [info]
[frameio-token] Frameio API Token (@dhiyaneshdk) [info]
[freshbooks-accesstoken] Freshbooks Access Token (@dhiyaneshdk) [info]
[credentials-disclosure] Credentials Disclosure Check
(@sy3omda,@forgedhallpass,@geeknik) [unknown]
[generic-tokens] Generic Tokens (@nadino,@geeknik) [unknown]
[jdbc-connection-string] JDBC Connection String Disclosure (@ice3man) [unknown]
[jwt-token] JWT Token Disclosure (@ice3man) [unknown]
[shoppable-token] Shoppable Service Auth Token (@philippedelteil) [unknown]
[github-app] GitHub App Token (@dhiyaneshdk) [info]
[github-oauth-access] GitHub OAuth Access Token (@dhiyaneshdk) [info]
[github-personal-access] GitHub Personal Access Token (@dhiyaneshdk) [info]
[github-refresh] GitHub Refresh Token (@dhiyaneshdk) [info]
[gitlab-personal-token] GitLab Personal Access Token (@dhiyaneshdk) [info]
[gitlab-pipeline-token] GitLab Pipeline Trigger Token (@dhiyaneshdk) [info]
[gitlab-runner-token] GitLab Runner Registration Token (@dhiyaneshdk) [info]
[gitter-token] Gitter Access Token (@dhiyaneshdk) [info]
[gocardless-token] Gocardless API Token (@dhiyaneshdk) [info]
[fcm-server-key] FCM Server Key (@absshax) [high]
[google-api-key] Google API Key (@swissky) [info]
[google-calendar-link] Google Calendar URI Disclosure (@ice3man) [info]
[google-client-id] Google Client ID (@dhiyaneshdk) [info]
[google-oauth-prefixed] Google OAuth Client Secret (prefixed) (@dhiyaneshdk) [info]
[google-oauth-access-key] Google OAuth Access Key Disclosure (@ice3man) [info]
[grafana-cloud-token] Grafana Cloud API Key (@dhiyaneshdk) [info]
[grafana-key] Grafana API Key (@dhiyaneshdk) [info]
[grafana-serviceaccount-token] Grafana Service Account Token (@dhiyaneshdk) [info]
[hashicorp-token] Hashicorp API Token (@dhiyaneshdk) [info]
[heroku-api-key] Heroku API Key (@dhiyaneshdk) [info]
[huggingface-user-access-token] HuggingFace User Access Token (@dhiyaneshdk) [info]
[jenkins-crumb-token] Jenkins Token or Crumb (@dhiyaneshdk) [info]
[jotform-api-key] Jotform API Key (@shankar acharya) [info]
[linkedin-client-id] LinkedIn Client ID (@dhiyaneshdk) [info]
[linkedin-secret-key] LinkedIn Secret Key (@dhiyaneshdk) [info]
[loqate-api-key] Loqate API Key (@realexp3rt) [low]
[mailchimp-access-key-value] Mailchimp API Value (@puzzlepeaches) [info]
[mailgun-api-token] Mailgun API Key (@dhiyaneshdk) [info]
[mapbox-token-disclosure] Mapbox Token Disclosure (@devang-solanki) [medium]
[microsoft-teams-webhook] Microsoft Teams Webhook Disclosure (@ice3man) [info]
[newrelic-admin-api-key] Admin API Key Disclosure (@ice3man) [info]
[newrelic-api-service-key] New Relic API Service Key (@dhiyaneshdk) [info]
[newrelic-insights-key] Insights Keys Disclosure (@ice3man) [info]
[newrelic-license-key-non] New Relic License Key (non-suffixed) (@dhiyaneshdk)
[info]
[newrelic-license-key] New Relic License Key (@dhiyaneshdk) [info]
[newrelic-pixie-api-key] New Relic Pixie API Key (@dhiyaneshdk) [info]
[newrelic-pixie-deploy-key] New Relic Pixie Deploy Key (@dhiyaneshdk) [info]
[newrelic-rest-api-key] REST API Key Disclosure (@ice3man) [info]
[newrelic-synthetics-location-key] Synthetics Location Key Disclosure (@ice3man)
[info]
[cipher-secret-key] Cipher Secret Key Exposure (@israel comazzetto dos reis) [info]
[npm-access-token] NPM Access Token (fine-grained) (@dhiyaneshdk) [info]
[nuget-api-key] NuGet API Key (@dhiyaneshdk) [info]
[odbc-connection-string] ODBC Connection String (@dhiyaneshdk) [info]
[okta-api-token] Okta API Token (@dhiyaneshdk) [info]
[openai-api-key] OpenAI API Key (@dhiyaneshdk) [info]
[particle-access-token] particle.io Access Token (@dhiyaneshdk) [info]
[braintree-access-token] PayPal Braintree Access Token Disclosure (@ice3man) [info]
[picatic-api-key] Picatic API Key Disclosure (@ice3man) [info]
[postman-key] Postman API Key (@dhiyaneshdk) [info]
[pypi-upload-token] PyPI Upload Token (@dhiyaneshdk) [info]
[razorpay-clientid-disclosure] Razorpay Client ID Disclosure (@devang-solanki)
[high]
[react-app-password] React App Password (@dhiyaneshdk) [info]
[react-app-username] React App Username (@dhiyaneshdk) [info]
[rubygems-api-key] RubyGems API Key (@dhiyaneshdk) [info]
[salesforce-access-token] Salesforce Access Token (@dhiyaneshdk) [info]
[sauce-token] Sauce Token (@dhiyaneshdk) [info]
[segment-public-token] Segment Public API Token (@dhiyaneshdk) [info]
[sendgrid-api-key] Sendgrid API Key Disclosure (@ice3man) [info]
[shopify-app-secret] Shopify App Secret (@dhiyaneshdk) [info]
[shopify-customapp-token] Shopify Access Token (Custom App) (@dhiyaneshdk) [info]
[shopify-legacy-token] Shopify Access Token (Legacy Private App) (@dhiyaneshdk)
[info]
[shopify-public-token] Shopify Access Token (Public App) (@dhiyaneshdk) [info]
[slack-bot-token] Slack access token (@nadino) [info]
[slack-user-token] Slack User token disclosure (@ice3man) [info]
[slack-webhook-token] Slack Webhook Disclosure (@ice3man) [info]
[sonarqube-token] SonarQube Token Disclosure (@ice3man) [info]
[square-access] Square Access Token (@dhiyaneshdk) [info]
[square-oauth-secret-token] Square OAuth Secret (@dhiyaneshdk) [info]
[stackhawk-api] StackHawk API Key (@dhiyaneshdk) [info]
[stripe-restricted-key] Stripe Restricted Key Disclosure (@ice3man) [info]
[stripe-secret-key] Stripe Secret Key Disclosure (@ice3man) [info]
[telegram-bot-token] Telegram Bot Token (@dhiyaneshdk) [info]
[thingsboard-access-token] ThingsBoard Access Token (@dhiyaneshdk) [info]
[truenas-api-key] TrueNAS API Key (WebSocket) (@dhiyaneshdk) [info]
[twilio-api-key] Twilio API Key (@dhiyaneshdk) [info]
[twitter-client-id] Twitter Client ID (@dhiyaneshdk) [info]
[twitter-secret-key] Twitter Secret Key (@dhiyaneshdk) [info]
[wechat-corpsecret-key] Enterprise WeChat Corpsecret Key (@n0el4kls) [info]
[wireguard-preshared-key] WireGuard Preshared Key (@dhiyaneshdk) [info]
[wireguard-private-key] WireGuard Private Key (@dhiyaneshdk) [info]
[zapier-webhook-token] Zapier Webhook Disclosure (@ice3man) [info]
[zendesk-key] Zendesk Secret Key (@dhiyaneshdk) [info]
[zenscrape-api-key] Zenscrape API Key (@ritikchaddha) [info]
[zenserp-api-key] Zenserp Api Key (@ritikchaddha) [info]
[zoho-webhook-token] Zoho Webhook Disclosure (@ice3man) [info]
[valid-gmail-checker] Valid Google Mail Checker (@dievus,@dwisiswant0) [info]
[citrix-honeypot-detect] Citrix Honeypot - Detect (@unapibageek) [info]
[dionaea-http-honeypot-detect] Dionaea HTTP Honeypot - Detect (@unapibageek) [info]
[elasticpot-honeypot-detect] ElasticPot Honeypot - Detect (@unapibageek) [info]
[snare-honeypot-detect] Snare Honeypot - Detect (@unapibageek) [info]
[tpot-honeypot-detect] T-Pot Honeypot - Detect (@rxerium) [info]
[ampguard-wifi-setup] AmpGuard Wifi Setup (@pussycat0x) [info]
[apc-ups-login] APC UPS Login - Detect (@droberson) [info]
[automation-direct] AutomationDirect Panel - Detect (@dhiyaneshdk) [info]
[brother-printer-detect] Brother Printer (@pussycat0x) [low]
[brother-unauthorized-access] Brother Printer (@pussycat0x) [medium]
[carel-plantvisor-panel] CAREL Pl@ntVisor Panel (@hardik-solanki) [info]
[codian-mcu-login] Codian MCU Login Panel - Detect (@dhiyaneshdk) [info]
[contacam] ContaCam Snapshot Images - Detect (@dhiyaneshdk) [medium]
[envision-gateway] EnvisionGateway Scheduler Panel - Detect (@dhiyaneshdk) [info]
[epmp-login] ePMP 2000 Login Panel - Detect (@dhiyaneshdk) [info]
[epson-wf-series] Epson WF Series Detection (@aashiq) [info]
[grandstream-device-configuration] Grandstream Device Configuration (@dhiyaneshdk)
[info]
[heatmiser-wifi-thermostat] Heatmiser Wifi Thermostat Panel - Detect (@dhiyaneshdk)
[info]
[homeworks-illumination] HomeWorks Illumination Web Keypad (@geeknik) [low]
[honeywell-building-control] Honeywell Building Control (@dhiyaneshdk) [info]
[hp-color-laserjet-detect] HP Color LaserJet Detection (@idealphase,@gy741) [info]
[hp-device-info-detect] HP Device Info Detection (@pussycat0x) [low]
[hp-laserjet-detect] HP LaserJet Professional Panel - Detect (@dhiyaneshdk) [info]
[huawei-home-gateway] HUAWEI Home Gateway HG658d (@dhiyaneshdk) [info]
[hue-personal-wireless-panel] HUE Personal Wireless Lighting Panel (@hardik-
solanki) [info]
[internet-service] Fuji Xerox Internet Services Panel - Detect (@dhiyaneshdk)
[info]
[iotawatt-app-exposure] IoTaWatt Configuration App Exposure (@pussycat0x) [high]
[kevinlab-device-detect] KevinLAB Devices Detection (@gy741) [info]
[kyocera-printer-panel] Kyocera Printer Panel - Detect (@gy741) [info]
[liveview-axis-camera] AXIS Network Camera Live View - Detect
(@dhiyaneshdk,@f1she3) [info]
[loytec-device] Loytec Device Info Detection (@pussycat0x) [info]
[mobotix-guest-camera] MOBOTIX Guest Camera Live View - Detect (@dhiyaneshdk)
[info]
[netgear-boarddataww-rce] Netgear Devices boardDataWW.php Unauthenticated Remote
Command Execution (@pussycat0x) [critical]
[netsurveillance-web] NETSurveillance Web Panel - Detect (@dhiyaneshdk) [info]
[network-camera-detect] Various Online Devices Detection (Network Camera)
(@iamthefrogy) [info]
[novus-ip-camera] NoVus IP Login Panel - Detect (@dhiyaneshdk) [info]
[nuuno-network-login] NUUO Network Video Recorder Login Panel - Detect
(@dhiyaneshdk) [info]
[octoprint-3dprinter] Octoprint 3D Printer Panel - Detect (@matthew nickerson
(b0than) @ layer 8 security) [info]
[open-mjpg-streamer] open-mjpg-streamer (@gboddin) [medium]
[panasonic-network-management] Panasonic Network Camera Management System - Detect
(@dhiyaneshdk) [medium]
[pqube-power-analyzers] PQube 3 Power Analyzers (@pussycat0x) [low]
[qvisdvr-deserialization-rce] QVISDVR JSF Deserialization - Remote Code Execution
(@me9187) [critical]
[raspberry-shake-config] Raspberry Shake Config Detection (@pussycat0x) [medium]
[routeros-login] RouterOS Router Login - Detect (@dhiyaneshdk,@idealphase) [info]
[selea-ip-camera] Detect Selea Targa IP OCR-ANPR Camera (@geeknik) [info]
[snapdrop-detect] Snapdrop Detect (@tess) [info]
[stem-audio-table-private-keys] Detect Private Key on STEM Audio Table (@gy741)
[high]
[targa-camera-lfi] Selea Targa IP OCR-ANPR Camera - Local File Inclusion (@gy741)
[high]
[targa-camera-ssrf] Selea Targa IP OCR-ANPR Camera - Unauthenticated SSRF (@gy741)
[high]
[ulanzi-clock] Ulanzi Clock Detect (@fabaff) [info]
[upnp-device-detect] Detect Basic uPNP Device (@geeknik) [info]
[webcamxp-5] WebcamXP 5 Login Panel - Detect (@dhiyaneshdk) [info]
[webtools-home] Webtools Home (@dhiyaneshdk) [info]
[xp-webcam] XP Webcam Viewer Page (@aashiq) [medium]
[zebra-printer-detect] Zebra Printer Detect (@gy741) [info]
[addeventlistener-detect] DOM EventListener - Cross-Site Scripting
(@yavolo,@dwisiswant0) [info]
[apple-app-site-association] Apple app site association for harvesting end points
(@panch0r3d) [info]
[aws-ecs-container-agent-tasks] aws-ecs-container-agent-tasks (@dogasantos) [info]
[balada-injector-malware] Balada Injector Malware - Detect (@kazet) [high]
[clientaccesspolicy] Silverlight cross-domain policy (@emadshanab) [info]
[cloudflare-rocketloader-htmli] Cloudflare Rocket Loader - HTML Injection (@j3ssie)
[unknown]
[crypto-mining-malware] Crypto Mining Malware - Detect (@geeknik) [info]
[defaced-website-detect] Defaced Website - Detection (@ggranjus) [info]
[detect-dns-over-https] Detect DNS over HTTPS (@geeknik) [info]
[dir-listing] Directory listing enabled (@_harleo,@pentest_swissky,@hczdmr) [info]
[email-extractor] Email Extractor (@panch0r3d) [info]
[exposed-file-upload-form] Exposed File Upload Form (@geeknik) [info]
[external-service-interaction] External Service Interaction (@andreluna) [info]
[firebase-database-extractor] Firebase Database Extract Check (@rafaelwdornelas)
[info]
[form-detection] Form Detection (@pdteam) [info]
[google-floc-disabled] Google FLoC Disabled (@geeknik) [info]
[gpc-json] Global Privacy Control (GPC) File Disclosure (@mihhailsokolov) [info]
[htaccess-config] HTaccess config file (@yash anand @yashanand155) [info]
[http-trace] HTTP TRACE method enabled (@nodauf) [info]
[joomla-htaccess-file] Joomla! htaccess file disclosure (@oppsec) [info]
[joomla-manifest-file] Joomla! Manifest File - Disclosure (@oppsec) [medium]
[maxforwards-headers-detect] Max-Forwards Header - Detect (@righettod) [info]
[microsoft-azure-error] Microsoft Azure Web App - Error 404 (@dhiyaneshdk) [info]
[moodle-changelog-file] Moodle Changelog File (@oppsec) [info]
[netflix-conductor-version] Netflix Conductor Version Detection (@c-sh0) [info]
[old-copyright] Find Pages with Old Copyright Dates (@geeknik) [info]
[options-method] Allowed Options Method (@pdteam) [info]
[rdap-whois] RDAP WHOIS (@ricardomaia,@sttlr) [info]
[robots-txt-endpoint] robots.txt endpoint prober (@caspergn,@pdteam) [info]
[robots-txt] robots.txt file (@caspergn,@thezakman) [info]
[security-txt] security.txt File (@bad5ect0r,@noraj) [info]
[sitemap-detect] Sitemap Detection (@houdinis) [info]
[spnego-detect] SPNEGO - Detect (@lady_bug,@ruppde) [info]
[x-recruiting-header] X-Recruiting Header (@geeknik) [info]
[xml-schema-detect] XML Schema Detection (@alph4byt3) [info]
[ace-admin-dashboard] Ace Admin Dashboard - Detect (@tess) [medium]
[adobe-connect-username-exposure] Adobe Connect Username Exposure (@dhiyaneshdk)
[low]
[adobe-connect-version] Adobe Connect Central Version (@dhiyaneshdk) [info]
[aem-acs-common] Adobe AEM ACS Common Exposure (@dhiyaneshdk) [medium]
[aem-bg-servlet] AEM BG-Servlets (@dhiyaneshdk) [info]
[aem-bulkeditor] AEM BulkEditor (@dhiyaneshdk) [unknown]
[aem-cached-pages] Invalidate / Flush Cached Pages on AEM (@hetroublemakr) [low]
[aem-xss-childlist] Adobe Experience Manager Childlist Selector - Cross-Site
Scripting (@theabhinavgaur) [medium]
[aem-crx-browser] Adobe AEM CRX Browser Exposure (@dhiyaneshdk) [unknown]
[aem-crx-bypass] AEM Package Manager - Authentication Bypass (@dhiyaneshdk)
[critical]
[aem-crx-namespace] Adobe AEM CRX Namespace Editor Exposure (@dhiyaneshdk) [low]
[aem-crx-search] Adobe AEM CRX Search Exposed (@dhiyaneshdk) [unknown]
[aem-custom-script] Adobe AEM Custom Scripts Exposure (@dhiyaneshdk) [unknown]
[aem-debugging-libraries] Adobe AEM Debugging Client Libraries (@dhiyaneshdk)
[info]
[aem-default-get-servlet] AEM DefaultGetServlet (@dhiyaneshdk) [low]
[aem-disk-usage] Adobe AEM Disk Usage Information Disclosure (@dhiyaneshdk) [low]
[aem-dump-contentnode] AEM Dump Content Node Properties (@dhiyaneshdk) [medium]
[aem-explorer-nodetypes] Adobe AEM Explorer NodeTypes Exposure (@dhiyaneshdk)
[high]
[aem-external-link-checker] Adobe AEM External Link Checker Exposure (@dhiyaneshdk)
[unknown]
[aem-gql-servlet] AEM GQLServlet (@dhiyaneshdk,@prettyboyaaditya) [low]
[aem-groovyconsole] AEM Groovy Console Discovery (@dheerajmadhukar) [critical]
[aem-hash-querybuilder] Query hashed password via QueryBuilder Servlet
(@dhiyaneshdk) [medium]
[aem-jcr-querybuilder] Query JCR role via QueryBuilder Servlet (@dhiyaneshdk)
[info]
[aem-login-status] AEM Login Status (@dhiyaneshdk) [info]
[aem-merge-metadata-servlet] AEM MergeMetadataServlet (@dhiyaneshdk) [info]
[aem-misc-admin] Adobe AEM Misc Admin Dashboard Exposure (@dhiyaneshdk) [high]
[aem-offloading-browser] Adobe AEM Offloading Browser (@dhiyaneshdk) [medium]
[aem-osgi-bundles] Adobe AEM Installed OSGI Bundles (@dhiyaneshdk) [low]
[aem-querybuilder-feed-servlet] AEM QueryBuilder Feed Servlet (@dhiyaneshdk) [info]
[aem-querybuilder-internal-path-read] AEM QueryBuilder Internal Path Read
(@dhiyaneshdk) [medium]
[aem-querybuilder-json-servlet] AEM QueryBuilder Json Servlet (@dhiyaneshdk) [info]
[aem-secrets] AEM Secrets - Sensitive Information Disclosure (@booboohq,@j3ssie)
[high]
[aem-security-users] Adobe AEM Security Users Exposure (@dhiyaneshdk) [medium]
[aem-setpreferences-xss] Adobe Experience Manager - Cross-Site Scripting
(@zinminphy0,@dhiyaneshdk) [high]
[aem-sling-userinfo] Adobe AEM Sling User Info Servlet Exposure (@dhiyaneshdk)
[info]
[aem-userinfo-servlet] AEM UserInfo Servlet Credentials Exposure (@dhiyaneshdk)
[info]
[aem-wcm-suggestions-servlet] AEM WCM Suggestions Servlet (@dhiyaneshdk) [low]
[aem-xss-childlist-selector] Adobe Experience Manager - Cross-Site Scripting
(@dhiyaneshdk) [high]
[airflow-debug] Airflow Debug Trace (@pdteam) [low]
[unauthenticated-airflow-instance] Unauthenticated Airflow Instance (@dhiyaneshdk)
[high]
[akamai-arl-xss] Open Akamai ARL - Cross-Site Scripting (@pdteam) [high]
[akamai-s3-cache-poisoning] Akamai/Amazon S3 - Cache Poisoning (@dhiyaneshdk)
[high]
[alibaba-mongoshake-unauth] Alibaba Mongoshake Unauth (@pikpikcu) [info]
[ampache-update-exposure] Ampache Update Page Exposure (@ritikchaddha) [low]
[ampps-dirlisting] AMPPS by Softaculous Panel - Directory Listing - Detect
(@defr0ggy) [info]
[android-debug-database-exposed] Android Debug Manager (@dhiyaneshdk) [low]
[apache-drill-exposure] Apache Drill Exposure (@dhiyaneshdk) [low]
[apache-druid-unauth] Apache Druid Unauth (@dhiyaneshdk) [low]
[apache-impala] Apache Impala - Exposure (@dhiyaneshdk) [medium]
[apache-struts-showcase] Apache Struts - ShowCase Application Exposure
(@dhiyaneshdk) [low]
[apache-couchdb-unauth] Apache CouchDB - Unauthenticated Access (@sleepingbag945)
[high]
[apache-filename-enum] Apache Filename Enumeration (@geeknik) [low]
[apache-hbase-unauth] Apache Hbase Unauth (@pikpikcu) [medium]
[apache-nifi-unauth] Apache NiFi - Unauthenticated Access (@pwnhxl) [high]
[apache-server-status] Apache Server Status Disclosure (@thabisocn) [low]
[apache-storm-unauth] Apache Storm Unauth (@pikpikcu) [medium]
[apache-zeppelin-unauth] Apache Zeppelin - Unauthenticated Access (@j4vaovo) [high]
[kafka-manager-unauth] Kafka Manager Panel - Unauthorized Access (@paper-pen) [low]
[tomcat-manager-pathnormalization] Apache Tomcat Manager Path Normalization Panel -
Detect (@brenocss,@organiccrap) [info]
[apcu-service] APCu service information leakage (@koti2) [low]
[apollo-adminservice-unauth] Apollo Admin Service - Unauthenticated Access
(@j4vaovo) [medium]
[apple-cups-exposure] Apple CUPS Sources - Exposure (@dhiyaneshdk) [high]
[application-yaml] application.yaml detection (@cristi vlad (@cristivlad25)) [info]
[artifactory-anonymous-deploy] Artifactory anonymous deploy (@panch0r3d) [high]
[aspx-debug-mode] ASP.NET Debugging Enabled (@dhiyaneshdk) [info]
[atlassian-bamboo-build] Atlassian Bamboo Build Dashboard (@dhiyaneshdk) [unknown]
[aws-ec2-status] Amazon EC2 Status (@dhiyaneshdk) [info]
[aws-object-listing] AWS bucket with Object listing (@pdteam) [low]
[aws-redirect] Subdomain takeover AWS S3 (@manikanta a.k.a @secureitmania) [info]
[aws-s3-explorer] Amazon Web Services S3 Explorer - Detect (@dhiyaneshdk) [medium]
[aws-xray-application] AWS X-Ray Sample Application (@dhiyaneshdk) [info]
[awstats-listing] AWStats Listing (@tess) [low]
[cdn-cache-poisoning] Misconfigured CDN Cache Poisoning via X-Amz-Server-Side-
Encryption Header (@0xcharan) [unknown]
[bitbucket-auth-bypass] Bitbucket Server > 4.8 - Authentication Bypass
(@dhiyaneshdk) [critical]
[bitbucket-public-repository] Atlassian Bitbucket Public Repository Exposure
(@dhiyaneshdk) [low]
[blackbox-exporter-metrics] Blackbox Exporter Metrics Exposed (@dhiyaneshdk) [info]
[bootstrap-admin-panel-template] Bootstrap Admin Panel Template Panel - Detect
(@tess) [info]
[bravia-signage] BRAVIA Signage - Exposure (@dhiyaneshdk) [medium]
[browserless-debugger] Exposed Browserless debugger (@ggranjus) [medium]
[cadvisor-exposure] cAdvisor - Detect (@dhiyaneshdk) [medium]
[casdoor-users-password] Casdoor get-users Account Password Disclosure
(@dhiyaneshdk) [high]
[cgi-test-page] CGI Test page (@yash anand @yashanand155) [info]
[chatgpt-web-unauth] ChatGPT Web - Unauthorized Access (@sleepingbag945) [high]
[clickhouse-unauth-api] ClickHouse API Database Interface - Improper Authorization
(@dhiyaneshdk) [high]
[clockwork-dashboard-exposure] Clockwork Dashboard Exposure (@dhiyaneshdk) [high]
[cloud-metadata] GCP/AWS Metadata Disclosure (@dhiyaneshdk) [low]
[cloudflare-external-image-resize] Cloudflare External Image Resizing
Misconfiguration (@vavkamil) [info]
[unauth-cluster-trino] Cluster Overview - Unauthenticated Dashboard Exposure
(@tess) [medium]
[cobbler-exposed-directory] Exposed Cobbler Directories (@c-sh0) [medium]
[codeigniter-errorpage] CodeIgniter - Error Page (@j4vaovo) [low]
[codemeter-webadmin] CodeMeter Webadmin Dashboard (@dhiyaneshdk) [low]
[codis-dashboard] Codis Dashboard Exposure (@tess) [low]
[collectd-exporter-metrics] Collectd Exporter Metrics (@dhiyaneshdk) [low]
[command-api-explorer] Command API Explorer Panel - Detect (@dhiyaneshdk) [info]
[confluence-dashboard] Confluence Dashboard Exposed (@tess) [low]
[confluence-oauth-admin] Confluence OAuth Administration Endpoint (@dhiyaneshdk)
[info]
[cookies-without-httponly-secure] Cookies without HttpOnly or Secure attribute -
Detect (@princechaddha,@mr.bobo hp) [info]
[corebos-htaccess] CoreBos - .htaccess File Exposure (@arafatansari) [info]
[cx-cloud-upload-detect] CX Cloud Unauthenticated Upload - Detect (@dhiyaneshdk)
[info]
[dlink-file-read] D-Link - Local File Inclusion (@dhiyaneshdk) [high]
[database-error] Database Error (@dhiyaneshdk) [info]
[ampache-debug] Ampache Debug Page (@ritikchaddha) [info]
[bottle-debug] Bottle debug mode enabled (@viondexd) [info]
[flask-werkzeug-debug] Flask Werkzeug Debugger Exposure (@dhiyaneshdk) [low]
[github-debug] GitHub Debug Page (@ritikchaddha) [info]
[default-spx-key] SPX PHP Profiler - Default Key (@vagnerd) [high]
[deos-openview-panel] DEOS OPENview Admin Panel Unauthenticated Access (@sullo)
[high]
[dgraph-dashboard-exposure] Dgraph Ratel Dashboard Exposure Panel - Detect
(@dhiyaneshdk) [info]
[django-debug] Django Debug Configuration Enabled (@dhiyaneshdk,@hackergautam)
[medium]
[dlink-config-dump] D-Link DAP-1325 - Information Disclosure (@gy741) [critical]
[dlink-unauth-cgi-script] D-Link DNS Series CGI Script - Unauthenticated
(@pussycat0x) [low]
[docker-daemon-exposed] Docker Daemon Exposed (@arm!tage) [critical]
[docker-registry] Docker Registry Listing (@puzzlepeaches) [medium]
[docmosis-tornado-server] Docmosis Tornado Server Exposure (@tess) [low]
[dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
[doris-dashboard] Doris Dashboard - Exposed (@ritikchaddha) [medium]
[druid-monitor] Alibaba Druid Monitor Unauthorized Access (@ohlinge) [high]
[drupal-user-enum-ajax] Drupal User Enumration [Ajax] (@0w4ys) [info]
[drupal-user-enum-redirect] Drupal User Enumeration [Redirect] (@0w4ys) [info]
[dynamic-container-host] Dynamics Container Host - Detect (@dhiyaneshdk) [low]
[ec2-instance-information] EC2 Instance Information (@dhiyaneshdk) [low]
[ecology-info-leak] Ecology - Information Exposure (@qianbenhyu) [high]
[elastic-hd-dashboard] Elastic HD Dashboard Exposure (@tess) [low]
[elasticsearch] ElasticSearch Information Disclosure (@shine,@c-sh0,@geeknik) [low]
[encompass-cm1-homepage] Encompass CM1 Home Page - Detect (@tess) [info]
[envoy-admin-exposure] Envoy Admin Exposure (@dhiyaneshdk) [medium]
[espeasy-mega-exposure] ESPEasy Mega Panel Exposure (@ritikchaddha) [high]
[esphome-dashboard] ESPHome Dashboard Exposure (@ritikchaddha) [medium]
[http-etcd-unauthenticated-api-data-leak] etcd Unauthenticated HTTP API Leak
(@dhiyaneshdk) [high]
[everything-listing] Everything Server Exposure (@pussycat0x) [high]
[exposed-docker-api] Exposed Docker API (@furkansenan,@dwisiswant0) [info]
[exposed-jquery-file-upload] BlueImp jQuery-File-Upload - Arbitrary File Upload
(@dhiyaneshdk) [critical]
[exposed-kafdrop] Publicly exposed Kafdrop Interface (@dhiyaneshdk) [low]
[exposed-kibana] Exposed Kibana (@shine) [medium]
[exposed-service-now] ITMS-Misconfigured (@dhiyaneshdk) [info]
[exposed-sqlite-manager] SQLiteManager - Text Display (@dhiyaneshdk) [medium]
[express-stack-trace] Express Stack Trace (@dhiyaneshdk) [low]
[feiyuxing-info-leak] Feiyuxing Information - Exposure (@sleepingbag945) [high]
[filebrowser-unauth] File Browser Dashboard - Unauthenticated Access
(@ritikchaddha) [medium]
[flask-redis-docker] Flask Redis Queue Docker - Exposure (@dhiyaneshdk) [low]
[formalms-install] Formalms Exposed Installation (@princechaddha) [high]
[front-page-misconfig] FrontPage configuration information discloure
(@jteles,@pikpikcu) [info]
[fusionauth-admin-setup] FusionAuth Exposed Admin Setup (@ritikchaddha) [high]
[ganglia-cluster-dashboard] Ganglia Cluster Dashboard - Detect (@ritikchaddha)
[low]
[genieacs-default-jwt] GenieACS - Authentication Bypass (Default JWT Secret)
(@dhiyaneshdk,@pussycat0x) [high]
[git-web-interface] Git web interface (@dhiyaneshdk) [low]
[gitea-public-signup] Gitea Public Registration Enabled (@edoardottt) [high]
[gitlab-api-user-enum] GitLab - User Information Disclosure Via Open API
(@suman_kar) [medium]
[gitlab-public-repos] GitLab public repositories (@ldionmarcil) [info]
[gitlab-public-signup] GitLab public signup (@pdteam,@axrk) [info]
[gitlab-public-snippets] GitLab public snippets (@pdteam) [info]
[gitlab-uninitialized-password] Uninitialized GitLab instances (@gitlab red team)
[high]
[gitlist-disclosure] GitList Disclosure (@dhiyaneshdk) [low]
[global-traffic-statistics] Global Traffic Statistics Exposure (@tess) [low]
[glpi-directory-listing] GLPI Directory Listing (@redteambrasil,@imnightmaree)
[low]
[gocd-cruise-configuration] GoCd Cruise Configuration disclosure (@dhiyaneshdk)
[high]
[gocd-encryption-key] GoCd Encryption Key (@dhiyaneshdk) [low]
[gocd-unauth-dashboard] GoCd Unauth Dashboard (@dhiyaneshdk) [medium]
[insecure-firebase-database] Insecure Firebase Database (@rafaelwdornelas) [high]
[gopher-server] Gopher Server - Exposure (@dhiyaneshdk) [medium]
[grafana-public-signup] Grafana Public Signup (@pdteam) [medium]
[graphql-alias-batching] GraphQL Alias-based Batching (@dolev farhi) [info]
[graphql-array-batching] GraphQL Array-based Batching (@dolev farhi) [info]
[graphql-field-suggestion] GraphQL Field Suggestion Information Disclosure (@dolev
farhi) [info]
[graphql-get-method] GraphQL CSRF / GET method (@dolev farhi) [info]
[graphql-playground] GraphQL Playground (@dhiyaneshdk) [unknown]
[grav-register-admin] Grav Register Admin User - Detect (@dhiyaneshdk) [high]
[h2o-arbitary-file-read] H2O - Arbitrary Path Lookup (@danmcinerney,@byt3bl33d3r)
[medium]
[h2o-dashboard] H2O Dashboard - Exposure (@byt3bl33d3r) [high]
[hadoop-unauth-rce] Apache Hadoop YARN ResourceManager - Remote Code Execution
(@pdteam,@couskito) [critical]
[haproxy-exporter-metrics] Detect Haproxy Exporter (@pussycat0x) [low]
[haproxy-status] HAProxy Statistics Page - Detect (@dhiyaneshdk) [medium]
[healthchecks-ui-exposure] Healthchecks UI Exposure (@tess) [low]
[helm-dashboard-exposure] Helm Dashboard - Exposure (@dhiyaneshdk) [medium]
[hfs-exposure] HFS Exposure (@tess) [unknown]
[hikvision-env] Hikvision Springboot Env Actuator - Detect (@sleepingbag945) [high]
[hivequeue-agent] HiveQueue Agent (@dhiyaneshdk) [low]
[unauthorized-hp-printer] Unauthorized HP Printer (@pussycat0x) [high]
[unauthorized-printer-hp] Unauthorized HP office pro printer
(@pussycat0x,@r3naissance) [high]
[hpe-system-management-anonymous-access] HPE System Management Anonymous Access
(@divya_mudgal) [low]
[http-missing-security-headers] HTTP Missing Security Headers
(@socketz,@geeknik,@g4l1t0,@convisoappsec,@kurohost,@dawid-
czarnecki,@forgedhallpass,@jub0bs) [info]
[https-to-http-redirect] HTTPS to HTTP redirect Misconfiguration
(@kazet,@idealphase) [info]
[ibm-friendly-path-exposure] IBM Websphere Friendly Path Exposure (@clarkvoss)
[medium]
[ibm-websphere-xml] IBM WebSphere Application - Source File Exposure (@r3nz0)
[medium]
[imgproxy-unauth] Imgproxy Unauthorized Access (@userdehghani) [low]
[activecollab-installer] ActiveCollab Installation Page - Exposure (@dhiyaneshdk)
[high]
[acunetix-360-installer] Acunetix 360 Installer (@pussycat0x) [info]
[akeeba-installer] Akeeba Backup Installer - Exposure (@dhiyaneshdk) [high]
[alma-installer] Alma Installation Exposure (@dhiyaneshdk) [high]
[ampache-music-installer] Ampache Music Installer (@tess) [high]
[atlassian-bamboo-setup] Atlassian Bamboo Setup Wizard (@pussycat0x) [info]
[avideo-install] AVideo Installer - Detect (@ritikchaddha) [high]
[bagisto-installer] Bagisto Installer Exposure (@ritikchaddha) [high]
[binom-installer] Binom Installer Exposure (@tess) [high]
[bitrix24-installer] Bitrix24 Installation Exposure (@dhiyaneshdk) [high]
[blesta-installer] Blesta Installer Exposure (@dhiyaneshdk) [high]
[businesso-installer] Businesso Installer Exposure (@ritikchaddha) [high]
[call-com-installer] Call.com Setup Page - Exposure (@dhiyaneshdk) [high]
[chamilo-installer] Chamilo Installer Exposure (@dhiyaneshdk) [high]
[circarlife-installer] CirCarLife - Installer (@geeknik) [critical]
[clipbucket-installer] ClipBucket Installer - Exposure (@dhiyaneshdk) [high]
[cloudcenter-installer] CloudCenter Installer Exposure (@pussycat0x) [unknown]
[cms-made-simple-installer] CMS Made Simple Installation Page - Exposure
(@dhiyaneshdk) [high]
[codeigniter-installer] Codeigniter Application Installer Exposure (@ritikchaddha)
[unknown]
[combodo-itop-installer] Combodo iTop Installer/Upgrade - Exposure (@dhiyaneshdk)
[high]
[concrete-installer] Concrete Installer (@pussycat0x) [high]
[confluence-installer] Confluence Installation Page - Exposure (@dhiyaneshdk)
[high]
[connectwise-setup] ConnectWise Setup Wizard - Exposure (@dhiyaneshdk) [high]
[contentify-installer] Contentify Installer Exposure (@ritikchaddha) [high]
[cube-105-install] Cube-105 - Exposed Installation (@ritikchaddha) [high]
[cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@dhiyaneshdk) [high]
[custom-xoops-installer] XOOPS Custom - Installation (@dhiyaneshdk) [high]
[discourse-installer] Discourse Installer Exposure (@dhiyaneshdk) [unknown]
[dokuwiki-installer] DokuWiki Install Exposure (@dhiyaneshdk) [high]
[dolibarr-installer] Dolibarr Installer (@pussycat0x) [high]
[dolphin-installer] Dolphin Installer - Exposure (@dhiyaneshdk) [high]
[drupal-install] Drupal Install (@nkxxkn) [high]
[easy-viserlabs-installer] Easy Installer by ViserLab - Exposure (@dhiyaneshdk)
[high]
[easy-wi-installer] Easy-WI Installation Page - Exposure (@dhiyaneshdk) [high]
[easyscripts-installer] Easyscripts Installer (@theamanrawat) [high]
[ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure
(@dhiyaneshdk) [high]
[eshop-installer] EShop Installer Exposure (@dhiyaneshdk) [high]
[espeasy-installer] ESPEasy Installation Exposure (@ritikchaddha) [medium]
[espocrm-installer] Espocrm Installer (@dhiyaneshdk) [high]
[eyoucms-installer] EyouCMS - Installation (@ritikchaddha) [high]
[facturascripts-installer] FacturaScripts Installer Exposure (@dhiyaneshdk) [high]
[flarum-installer] Flarum Installation Page - Exposure (@dhiyaneshdk) [high]
[fleetcart-installer] FleetCart Installation Page - Exposure (@dhiyaneshdk) [high]
[forgejo-installer] Forgejo Installation Page - Exposure (@dhiyaneshdk) [high]
[froxlor-installer] Froxlor Server Management - Installer (@dhiyaneshdk) [high]
[geniusocean-installer] GeniusOcean Installer Exposure (@dhiyaneshdk) [high]
[getsimple-installation] GetSimple CMS - Installer (@princechaddha) [critical]
[gibbon-installer] Gibbon Installer - Exposure (@dhiyaneshdk) [high]
[gitea-installer] Gitea Installer Exposure (@dhiyaneshdk) [medium]
[glpi-installer] GLPI Installation Page - Exposure (@dhiyaneshdk) [high]
[gogs-installer] Gogs (Go Git Service) - Installer (@dhiyaneshdk) [critical]
[growi-installer] GROWI Installer - Exposure (@dhiyaneshdk) [high]
[ids-skills-installer] IDP Skills Installer - Exposure (@dhiyaneshdk) [high]
[impresspages-installer] ImpressPages Installer (@pussycat0x) [low]
[imprivata-installer] Imprivata Appliance Installation Exposure (@ritikchaddha)
[medium]
[indegy-sensor-installer] Indegy Sensor Setup - Installer (@ritikchaddha) [high]
[invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure
(@dhiyaneshdk) [high]
[invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@dhiyaneshdk) [high]
[jfa-go-installer] jfa-go Setup Page - Exposure (@dhiyaneshdk) [high]
[jira-setup] Atlassian JIRA Setup - Installer (@ritikchaddha) [high]
[joomla-installer] Joomla! Installer Exposure (@dhiyaneshdk) [high]
[justfans-installer] JustFans Installation Page - Exposure (@dhiyaneshdk) [high]
[klr300n-install] KLR 300N Router - Exposed Installation (@andreluna) [high]
[knowledgetree-installer] KnowledgeTree Installer Exposure (@ritikchaddha) [high]
[librenms-installer] LibreNMS Installation Page - Exposure (@dhiyaneshdk) [high]
[limesurvey-installer] Limesurvey Installer Exposure (@dhiyaneshdk) [high]
[lmszai-installer] LMSZAI Installer Exposure (@dhiyaneshdk) [high]
[lychee-installer] Lychee Installer (@dhiyaneshdk) [high]
[magento-installer] Magento Installation Wizard (@dhiyaneshdk) [high]
[magnolia-installer] Magnolia CMS Installer (@pussycat0x) [info]
[mantisbt-installer] MantisBT Installation Exposure (@dhiyaneshdk) [high]
[matomo-installer] Matomo Installer Exposure (@dhiyaneshdk) [high]
[mautic-installer] Mautic Installer Exposure (@dhiyaneshdk) [high]
[mcloud-installer] mCloud Panel - Installer (@ritikchaddha) [critical]
[metaview-explorer-installer] MetaView Explorer Installer (@theamanrawat) [info]
[monstra-installer] Monstra Installation Exposure (@ritikchaddha) [high]
[moodle-installer] Moodle Installation Exposure (@tess) [high]
[moosocial-installer] mooSocial Installation - Exposure (@ritikchaddha) [high]
[mosparo-install] mosparo Exposed Installation (@dhiyaneshdk) [high]
[mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@dhiyaneshdk) [high]
[nagiosxi-installer] Nagios XI Installer (@ritikchaddha) [high]
[netsparker-enterprise-installer] Netsparker Enterprise Installer (@pussycat0x)
[info]
[nginx-auto-installer] NginX Auto Installer Exposure (@pussycat0x) [low]
[nodebb-installer] NodeBB Web Installer (@dhiyaneshdk) [high]
[nopcommerce-installer] nopCommerce Installer - Detect (@dhiyaneshdk) [critical]
[octoprint-installer] OctoPrint Installation Page - Exposure (@dhiyaneshdk) [high]
[ojs-installer] Open Journal Systems Installer - Exposure (@dhiyaneshdk) [high]
[onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@dhiyaneshdk) [high]
[openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@dhiyaneshdk)
[high]
[openfire-setup] Openfire Setup - Exposure (@dhiyaneshdk) [high]
[openmage-install] OpenMage Installation Wizard (@dhiyaneshdk) [high]
[openshift-installer-panel] OpenShift Assisted Installer Panel - Detect
(@dhiyaneshdk) [medium]
[opensis-installer] openSIS Installation Wizard (@dhiyaneshdk) [high]
[orangehrm-installer] OrangeHrm Installer (@pussycat0x) [high]
[orangescrum-install] Orangescrum Exposed Installation (@ritikchaddha) [high]
[orchard-installer] Orchard Setup Wizard - Exposure (@dhiyaneshdk) [high]
[owncloud-installer-exposure] OwnCloud Installer Exposure (@dhiyaneshdk) [high]
[oxid-eshop-installer] Oxid EShop Installer Exposure (@ritikchaddha) [high]
[pagekit-installer] Pagekit Installer Exposure (@dhiyaneshdk) [high]
[pandora-fms-installer] Pandora FMS Installation Page - Exposure (@dhiyaneshdk)
[high]
[permissions-installer] Permissions Installer Exposure (@pussycat0x) [high]
[phpbb-installer] phpBB Installation File Exposure (@dhiyaneshdk) [high]
[phpgedview-installer] PhpGedView Installer Exposure (@ritikchaddha) [high]
[phpipam-installer] PHP IPAM Installation Page - Exposed (@dhiyaneshdk) [high]
[phpmyfaq-installer] phpMyFAQ Installation - Exposure (@ritikchaddha) [high]
[phpwind-installer] phpwind Installer Exposure (@tess) [high]
[piwik-installer] Piwik Installer Exposure (@dhiyaneshdk) [low]
[pmm-installer] PMM Installation Wizard (@pussycat0x) [high]
[posteio-installer] First Poste.io Configuration Installation Wizard
(@ritikchaddha) [high]
[prestashop-installer] Prestashop Installer Exposure (@tess) [high]
[processwire-installer] ProcessWire 3.x Installer Exposure (@pussycat0x) [unknown]
[profittrailer-installer] ProfitTrailer Setup Page - Exposure (@dhiyaneshdk) [high]
[projectsend-installer] ProjectSend Installation Page - Exposure (@dhiyaneshdk)
[high]
[qloapps-installer] QloApps - Installation (@ritikchaddha) [high]
[redash-installer] Redash Installer Exposure (@dhiyaneshdk) [high]
[ruckus-smartzone-install] Ruckus SmartZone Exposed Installation (@ritikchaddha)
[high]
[ruckus-unleashed-install] Ruckus Unleashed Exposed Installation (@ritikchaddha)
[high]
[sabnzbd-installer] SABnzbd Quick-Start Wizard - Exposure (@dhiyaneshdk) [high]
[server-monitor-installer] Server Monitor Installer (@tess) [high]
[setup-github-enterprise] Setup GitHub Enterprise - Detect (@tess) [unknown]
[shopify-app-installer] SEO King - Shopify App — Installer (@tess) [info]
[shopware-installer] Shopware Installer (@dhiyaneshdk) [high]
[smf-installer] SMF Installer (@dhiyaneshdk) [high]
[sms-installer] SMS Gateway Installation (@ritikchaddha) [high]
[snipe-it-installer] Snipe-IT Setup Page - Exposure (@dhiyaneshdk) [high]
[spa-cart-installer] SPA Cart - Installer (@pussycat0x) [high]
[spip-install] SPIP Install - Exposure (@dhiyaneshdk) [high]
[stackposts-installer] StackPosts Installation Page - Exposure (@dhiyaneshdk)
[high]
[sugarcrm-install] SugarCRM Exposed Installation (@ritikchaddha) [high]
[suitecrm-installer] SuiteCRM Installer Exposure (@dhiyaneshdk) [high]
[sumowebtools-installer] SumoWebTools Installer Exposure (@dhiyaneshdk) [high]
[tasmota-install] Tasmota Installer Exposure (@ritikchaddha) [high]
[tastyigniter-installer] TastyIgniter Setup Page - Exposure (@dhiyaneshdk) [high]
[tautulli-install] Tautulli - Exposed Installation (@ritikchaddha) [high]
[testrail-install] TestRail Installation Wizard (@dhiyaneshdk) [high]
[tiny-rss-installer] Tiny Tiny RSS Installer Exposure (@dhiyaneshdk) [high]
[trilium-notes-installer] Trilium Notes Installer - Exposure (@dhiyaneshdk) [high]
[turbo-website-installer] Turbo Website Reviewer Installer Panel (@tess) [high]
[typo3-installer] TYPO3 Installer (@dhiyaneshdk) [medium]
[ubersmith-installer] Ubersmith Setup Page - Exposure (@dhiyaneshdk) [high]
[umbraco-installer] Umbraco Install Exposure (@dhiyaneshdk) [high]
[unifi-wizard-install] UniFi Wizard Installer (@dhiyaneshdk) [high]
[uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure
(@dhiyaneshdk) [high]
[uvdesk-install] UVDesk Installation Wizard (@dhiyaneshdk) [high]
[vironeer-installer] Vironeer Installer - Exposure (@dhiyaneshdk) [high]
[virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure
(@dhiyaneshdk) [high]
[vtiger-installer] Vtiger CRM Installer Exposure (@dhiyaneshdk) [high]
[webasyst-installer] Webasyst Installer Exposure (@ritikchaddha) [high]
[webcalendar-install] WebCalendar Exposed Installation (@ritikchaddha) [high]
[webtrees-install] WebTrees Exposed Installation (@ritikchaddha) [high]
[webuzo-installer] Webuzo Installer (@dhiyaneshdk) [high]
[wiki-js-installer] Wiki.js Setup - Exposure (@dhiyaneshdk) [high]
[wowcms-installer] WoW CMS Installer Exposure (@ritikchaddha) [high]
[wowonder-installer] WoWonder Installation Page - Exposure (@dhiyaneshdk) [high]
[wp-install] WordPress Exposed Installation (@princechaddha,@0xpugazh) [critical]
[xbackbone-installer] XBackBone Installer - Exposure (@dhiyaneshdk) [high]
[yzmcms-installer] YzmCMS - Installer (@ritikchaddha) [high]
[zabbix-installer] Zabbix Installation Exposure (@dhiyaneshdk) [high]
[zencart-installer] Zen Cart Installer (@dhiyaneshdk) [high]
[zenphoto-setup] Zenphoto <1.5 Installer - Detect (@pdteam) [critical]
[intelbras-dvr-unauth] Intelbras DVR - Unrestricted Access (@pussycat0x) [low]
[internal-ip-disclosure] Internal IP Disclosure (@willd96) [info]
[iot-vdme-simulator] IoT vDME Simulator Panel - Detect (@tess) [medium]
[jaeger-ui-dashboard] Jaeger UI (@dhiyaneshdk) [low]
[java-melody-exposed] JavaMelody Monitoring Exposed
(@dhiyaneshdk,@thomas_from_offensity) [medium]
[jboss-web-console] JBoss Management Console Server Information Page - Detect
(@dhiyaneshdk) [info]
[jboss-web-service] JBoss Web Service Console - Detect (@dhiyaneshdk) [low]
[jenkins-openuser-register] Jenkins Open User registration (@dhiyaneshdk) [medium]
[jetty-showcontexts-enable] Jetty showContexts Enable in DefaultHandler
(@dhiyaneshdk) [low]
[jolokia-info-disclosure] Jolokia - Information disclosure (@pussycat0x) [medium]
[jolokia-list] Jolokia - List (@pussycat0x) [low]
[jolokia-mbean-search] Jolokia - Searching MBeans (@pussycat0x) [low]
[jolokia-unauthenticated-lfi] Jolokia - Local File Inclusion (@dhiyaneshdk) [high]
[jupyter-ipython-unauth] Jupyter ipython - Authorization Bypass (@pentest_swissky)
[critical]
[unauth-jupyter-lab] Jupyter Lab - Unauthenticated Access (@j4vaovo) [critical]
[jupyter-notebooks-exposed] Jupyter notebooks exposed to reading and writing
(@johnk3r) [high]
[kafka-cruise-control] Kafka Cruise Control UI (@dhiyaneshdk) [medium]
[kubeflow-dashboard-unauth] Kubeflow Unauth (@dhiyaneshdk) [high]
[kube-state-metrics] Kube State Metrics Exposure (@ja1sh) [low]
[kubernetes-metrics] Detect Kubernetes Exposed Metrics (@pussycat0x) [low]
[kubernetes-pods-api] Kubernetes Pods - API Discovery & Remote Code Execution
(@ilovebinbash,@geeknik,@0xtavian) [critical]
[kubernetes-resource-report] Detect Overview Kubernetes Resource Report
(@pussycat0x) [medium]
[unauth-etcd-server] Etcd Server - Unauthenticated Access (@sharath,@pussycat0x)
[high]
[laravel-debug-enabled] Laravel Debug Enabled (@notsoevilweasel) [medium]
[laravel-debug-error] Larvel Debug Method Enabled (@dhiyaneshdk) [medium]
[laravel-debug-infoleak] Laravel Debug Info Leak (@pwnhxl) [medium]
[laravel-horizon-unauth] Laravel Horizon Dashboard - Unauthenticated (@vagnerd)
[medium]
[lesshst-history] Less History - File Disclosure (@kazet) [low]
[libvirt-exporter-metrics] Libvirt Exporter Metrics (@dhiyaneshdk) [low]
[liferay-api] Liferay /api/liferay - API Exposed (@dhiyaneshdk) [info]
[liferay-axis] Liferay /api/axis - API Exposed (@dhiyaneshdk) [info]
[liferay-jsonws] Liferay /api/jsonws - API Exposed (@dhiyaneshdk) [low]
[linkerd-ssrf-detection] Linkerd SSRF detection (@dudez) [high]
[linktap-gateway-exposure] LinkTap Gateway Exposure (@dhiyaneshdk) [low]
[locust-exposure] Locust Exposure (@dhiyaneshdk,@bhutch) [medium]
[lvm-exporter-metrics] LVM Exporter Metrics (@dhiyaneshdk) [low]
[manage-engine-ad-search] Manage Engine AD Search (@pr3r00t) [high]
[ms-exchange-local-domain] Microsoft Exchange Autodiscover - Local Domain Exposure
(@userdehghani) [info]
[mingyu-xmlrpc-sock-adduser] Mingyu Operation xmlrpc.sock - User Addition
(@sleepingbag945) [high]
[misconfigured-concrete5] Misconfigured Concrete5 (@pdteam) [low]
[misconfigured-docker] Docker Container - Misconfiguration Exposure (@dhiyaneshdk)
[critical]
[missing-sri] Missing Subresource Integrity (@lucky0x0d,@pulsesecurity.co.nz)
[info]
[mixed-active-content] Mixed Active Content (@liwermor) [info]
[mixed-passive-content] Mixed Passive Content (@liwermor) [info]
[mlflow-unauth] Mlflow - Unauthenticated Access (@pussycat0x) [high]
[mobiproxy-dashboard] MobiProxy Dashboard - Detect (@tess) [medium]
[mobsf-framework-exposure] MobSF Framework - Exposure (@shine) [high]
[moleculer-microservices] Moleculer Microservices Project (@pussycat0x) [low]
[mongodb-exporter-metrics] MongoDB Exporter - Detect (@pussycat0x) [medium]
[ms-exchange-user-enum] Microsoft Exchange Autodiscover - User Enumeration
(@righettod) [info]
[multilaser-pro-setup] Multilaser Pro Setup Page - Detect (@ritikchaddha) [high]
[mysql-history] Mysql History - File Disclosure (@kazet) [low]
[mysqld-exporter-metrics] MySQL Exporter Panel - Detect (@dhiyaneshdk) [info]
[nacos-authentication-bypass] Nacos < 2.2.0 - Authentication Bypass (@esonhugh)
[critical]
[nacos-create-user] Alibaba Nacos - Unauthorized Account Creation (@sleepingbag945)
[high]
[namedprocess-exporter-metrics] Named Process Exporter (@dhiyaneshdk) [low]
[nextcloud-install] Nextcloud Exposed Installation (@skeltavik) [high]
[nginx-status] Nginx Status Page (@dhiyaneshdk) [info]
[nginx-vhost-traffic-status] Nginx Vhost Traffic Status (@geeknik) [low]
[ngrok-status-page] Ngrok Status Page (@pussycat0x) [low]
[node-exporter-metrics] Detect Node Exporter Metrics (@pussycat0x) [low]
[node-express-dev-env] Node.js Express NODE_ENV Development Mode (@flx) [medium]
[node-express-status] Node Express Status - Detect (@dhiyaneshdk) [low]
[exposed-nomad] Nomad - Exposed Jobs (@pdteam) [medium]
[ntop-panel-exposed] ntop Network Traffix Exposed (@tess) [unknown]
[ntopng-traffic-dashboard] Ntopng Traffic Dashboard - Detect (@theamanrawat)
[medium]
[odoo-unprotected-database] Odoo - Unprotected Database (@pdteam) [critical]
[office365-open-redirect] Office365 Autodiscover - Open Redirect (@dhiyaneshdk)
[medium]
[oneinstack-control-center] OneinStack Control Center Dashboard - Detect
(@theabhinavgaur) [medium]
[openbmcs-secret-disclosure] OpenBMCS 2.4 - Information Disclosure (@dhiyaneshdk)
[high]
[openbmcs-ssrf] OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
(@dhiyaneshdk) [medium]
[openstack-config] Openstack - Infomation Disclosure (@mayankpandey01) [low]
[oracle-reports-services] Oracle Reports Services - Servlet (@dogasantos) [info]
[pa11y-dashboard] Pa11y Dashboard Exposure (@tess) [low]
[pcdn-cache-node] PCDN Cache Node Dataset (@dhiyaneshdk) [low]
[perfsonar-toolkit] perfSONAR Toolkit - Exposure (@dhiyaneshdk) [medium]
[pghero-dashboard-exposure] PgHero Dashboard Exposure Panel - Detect (@dhiyaneshdk)
[medium]
[php-debugbar-exposure] Php Debug Bar - Exposure
(@ritikchaddha,@pdteam,@dhiyaneshdk) [high]
[php-errors] PHP errors (@w4cky_,@geeknik,@dhiyaneshdk) [info]
[php-fpm-status] PHP-FPM Status (@geeknik) [unknown]
[php-src-diclosure] PHP Development Server <= 7.4.21 - Remote Source Disclosure
(@pdteam) [high]
[php-composer-binary] PHP Composer Binary - Exposure (@mayank_pandey01) [info]
[phpcli-stack-trace] PHP CLI Server Stack Trace (@dhiyaneshdk) [info]
[phpmemcached-admin-panel] phpMemcachedAdmin Panel (@tess) [medium]
[phpmyadmin-misconfiguration] phpmyadmin Data Exposure (@pussycat0x) [medium]
[pma-server-import] PhpMyAdmin Server Import Page - Detect (@cristi vlad
(@cristivlad25)) [high]
[phpmyadmin-setup] PhpMyAdmin Setup File - Detect
(@sheikhrishad,@thevillagehacker,@kr1shna4garwal,@arjunchandarana,@0xpugazh)
[medium]
[phpnow-works] PHPnow works - Exposure (@dhiyaneshdk) [low]
[pinpoint-unauth] PinPoint Unauth (@dhiyaneshdk) [high]
[postgres-exporter-metrics] Postgres Exporter Metrics (@dhiyaneshdk) [low]
[private-key-exposure] Private key exposure via helper detector (@aashiq) [high]
[prometheus-promtail] Prometheus Promtail - Exposure (@irshad ahamed) [medium]
[prometheus-config] Prometheus Config API Endpoint Discovery (@geeknik) [info]
[prometheus-exporter] Prometheus exporter detect (@jarijaas) [info]
[prometheus-flags] Prometheus flags API endpoint (@geeknik) [info]
[prometheus-log] Exposed Prometheus (@dhiyaneshdk,@thevillagehacker) [low]
[prometheus-targets] Prometheus targets API endpoint (@geeknik) [info]
[metadata-service-alibaba] Alibaba Metadata Service Check (@sullo) [critical]
[metadata-service-aws] Amazon AWS Metadata Service Check (@sullo,@dhiyaneshdk)
[critical]
[metadata-service-azure] Microsoft Azure Cloud Metadata Service Check (@sullo)
[critical]
[metadata-service-digitalocean] DigitalOcean Metadata Service Check (@sullo)
[critical]
[metadata-service-gcp] Google GCP Metadata Service Check (@sullo) [critical]
[metadata-service-hetzner] Hetzner Cloud Metadata Service Check (@sullo) [critical]
[metadata-service-openstack] Openstack Metadata Service Check (@sullo) [critical]
[metadata-service-oracle] Oracle Cloud Metadata Service Check (@sullo) [critical]
[open-proxy-external] Open Proxy To External Network (@gtrrnr) [medium]
[puppetdb-dashboard] PuppetDB Dashboard - Detect (@dhiyaneshdk) [info]
[put-method-enabled] PUT Method Enabled (@xelkomy) [high]
[python-metrics] Detect Python Exposed Metrics (@dhiyaneshdk) [low]
[questdb-console] QuestDB Console - Detect (@tess) [medium]
[qvidium-management-system-exposed] QVidium Management System Exposed (@tess)
[medium]
[rabbitmq-exporter-metrics] RabbitMQ Exporter (@dhiyaneshdk) [low]
[rack-mini-profiler] rack-mini-profiler - Environment Information Disclosure
(@vzamanillo) [high]
[ray-dashboard] Ray Dashboard Exposure (@dhiyaneshdk) [critical]
[rekognition-image-validation] Rekognition Image Validation Debug UI Panel - Detect
(@tess) [info]
[request-baskets-exposure] Request Baskets - Exposure (@dhiyaneshdk) [low]
[rethinkdb-admin-console] RethinkDB Administration Console - Detect (@tess)
[medium]
[roxyfileman-fileupload] Roxy Fileman 1.4.4 - Arbitrary File Upload (@dhiyaneshdk)
[high]
[s3-torrent] Amazon S3 Torrent Download - Detect (@ambassify) [info]
[salesforce-aura] Salesforce Lightning - API Detection (@aaron_costello
(@conspiracyproof),@ph33rr) [info]
[sap-directory-listing] SAP Directory Listing (@dhiyaneshdk) [medium]
[sap-netweaver-info-leak] SAP NetWeaver ICM Info page leak (@randomstr1ng) [medium]
[sap-public-admin] SAP ICM Admin Web Interface (@t3l3machus) [low]
[searchreplacedb2-exposure] Safe Search Replace Exposure (@kazet) [high]
[secnet-info-leak] Secnet Intelligent Routing System actpt_5g.data - Information
Leak (@dhiyaneshdk) [high]
[seeyon-unauth] Seeyon Unauthorised Access (@pikpikcu) [high]
[selenium-exposure] Selenium - Node Exposure (@w0tx) [high]
[sentinel-license-monitor] Sentinel License Monitor - Detect (@dhiyaneshdk)
[unknown]
[server-status-localhost] Server Status Disclosure (@pdteam,@geeknik) [low]
[server-status] Server Status Panel - Detect (@dhiyaneshdk) [info]
[service-pwd] service.pwd - Sensitive Information Disclosure (@pussycat0x) [high]
[servicenow-widget-misconfig] ServiceNow Widget-Simple-List - Misconfiguration
(@dhiyaneshdk) [unknown]
[shell-history] Shell History (@pentest_swissky,@geeknik) [low]
[sitecore-debug-page] SiteCore Debug Page (@dhiyaneshdk) [low]
[sitecore-lfi] Sitecore 9.3 - Webroot File Read (@dhiyaneshdk) [high]
[skycaiji-install] SkyCaiji - Exposed Installation (@pikpikcu) [high]
[slurm-hpc-dashboard] Slurm HPC Dashboard - Detect (@ritikchaddha) [medium]
[smarterstats-setup] SmarterStats Setup Exposure (@tess) [high]
[smokeping-grapher] SmokePing Latency Page for Network Latency Grapher
(@dhiyaneshdk) [low]
[solr-admin-query] Solr - Admin Page Access (@dhiyaneshdk) [high]
[sonarqube-projects-disclosure] SonarQube - Information Disclosure (@dhiyaneshdk)
[medium]
[sonarqube-public-projects] Sonarqube with public projects (@sickwell) [low]
[sony-bravia-disclosure] Sony BRAVIA Digital Signage 1.7.8 System API Information
Disclosure (@geeknik) [low]
[sound4-directory-listing] SOUND4 Impact/Pulse/First/Eco <=2.x - Information
Disclosure (@arafatansari) [medium]
[spidercontrol-scada-server-info] SpiderControl SCADA Web Server - Sensitive
Information Exposure (@geeknik) [high]
[spring-eureka] Spring Eureka Exposure (@tess) [low]
[springboot-auditevents] Spring Boot AuditEvents Actuator Panel - Detect
(@dhiyaneshdk) [info]
[springboot-autoconfig] Detect Springboot autoconfig Actuator (@pussycat0x) [low]
[springboot-beans] Detect Springboot Beans Actuator (@ajaysenr) [low]
[springboot-caches] Springboot Actuator Caches (@elsfa7110) [low]
[springboot-conditions] Detect Springboot Conditions Actuator (@dhiyaneshdk) [low]
[springboot-configprops] Detect Springboot Configprops Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-dump] Detect Springboot Dump Actuator (@pussycat0x) [low]
[springboot-env] Springboot Env Actuator - Detect
(@that_juan_,@dwisiswant0,@wdahlenb,@philippedelteil,@stupidfish) [low]
[springboot-features] Detects Springboot Features Actuator (@dhiyaneshdk) [low]
[springboot-flyway] Springboot Flyway API (@elsfa7110) [low]
[springboot-gateway] Detect Spring Gateway Actuator (@wdahlenb) [medium]
[springboot-health] Spring Boot Health Actuator Panel - Detect (@pussycat0x) [info]
[springboot-heapdump] Spring Boot Actuator - Heap Dump Detection
(@that_juan_,@dwisiswant0,@wdahlenb) [critical]
[springboot-httptrace] Detect Springboot httptrace
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-info] Spring Boot Information Panel - Detect (@philippedelteil) [info]
[springboot-integrationgraph] Springboot Actuator integrationgraph (@elsfa7110)
[low]
[springboot-jolokia] Detects Springboot Jolokia Actuator (@dhiyaneshdk) [low]
[springboot-liquidbase] Springboot Liquidbase API (@elsfa7110) [low]
[springboot-logfile] Detects Springboot Logfile Actuator (@dhiyaneshdk) [low]
[springboot-loggerconfig] Spring Boot LoggerConfig Actuator Panel - Detect
(@dhiyaneshdk) [info]
[springboot-loggers] Detect Springboot Loggers (@that_juan_,@dwisiswant0,@wdahlenb)
[low]
[springboot-mappings] Detect Springboot Mappings Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-metrics] Detect Springboot metrics Actuator (@pussycat0x) [low]
[springboot-scheduledtasks] Spring Boot Scheduledtasks Actuator Panel - Detect
(@elsfa7110) [info]
[springboot-startup] Springboot Actuator startup (@elsfa7110) [low]
[springboot-status] Spring Boot Status Actuator Panel - Detect (@dhiyaneshdk)
[info]
[springboot-threaddump] Detect Springboot Thread Dump page (@philippedelteil) [low]
[springboot-trace] Detect Springboot Trace Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[sql-server-reportviewer] SQL Server ReportViewer - Exposure (@kazet) [high]
[ssrf-via-oauth-misconfig] SSRF due to misconfiguration in OAuth (@kabirsuda)
[medium]
[struts-ognl-console] Apache Struts - OGNL Console (@dhiyaneshdk) [unknown]
[symfony-debug] Symfony Debug Mode (@organiccrap,@pdteam) [high]
[symfony-fosjrouting-bundle] Symfony FOSJsRoutingBundle (@dhiyaneshdk) [info]
[symfony-fragment] Symfony _fragment - Detect (@palanichamy_perumal,@techbrunchfr)
[unknown]
[syncthing-dashboard] Syncthing Dashboard Exposure (@fabaff) [medium]
[system-properties-exposure] System Properties Exposure (@dhiyaneshdk) [low]
[tasmota-config-webui] Tasmota Configuration Exposure (@ritikchaddha) [medium]
[tcpconfig] Rockwell Automation TCP/IP Configuration Information - Detect
(@dhiyaneshdk) [medium]
[teamcity-guest-login-enabled] JetBrains TeamCity - Guest User Access Enabled
(@ph33r) [high]
[teamcity-registration-enabled] JetBrains TeamCity - Registration Enabled (@ph33r)
[high]
[teslamate-unauth-access] TeslaMate - Unauthenticated Access (@for3stco1d) [medium]
[thanos-prometheus-exposure] Thanos Prometheus Setup - Exposure (@dhiyaneshdk)
[high]
[thinkphp-errors] ThinkPHP Errors - Sensitive Information Exposure (@j4vaovo)
[medium]
[tiny-file-manager-unauth] Tiny File Manager - Unauthorized Access
(@ritikchaddha,@huta0) [medium]
[titannit-web-exposure] TitanNit Web Control - Exposure (@dhiyaneshdk) [medium]
[tls-sni-proxy] TLS SNI Proxy Detection (@pdteam) [info]
[tomcat-cookie-exposed] Tomcat Cookie Exposed (@tess,@dk999) [low]
[tomcat-scripts] Apache Tomcat Example Scripts - Detect (@co0nan,@higor melgaço)
[info]
[tomcat-stacktraces] Tomcat Stack Traces Enabled (@lucky0x0d) [info]
[transmission-dashboard] Transmission Dashboard - Detect (@fabaff) [medium]
[typo3-composer] Typo3 composer.json Exposure (@0x_akoko) [low]
[typo3-debug-mode] TYPO3 Debug Mode Enabled (@tess) [low]
[unauth-apache-kafka-ui] Apache Kafka - Unauthorized UI Exposure (@theamanrawat)
[medium]
[unauth-axyom-network-manager] Unauthenticated Axyom Network Manager (@pussycat0x)
[high]
[unauth-celery-flower] Celery Flower - Unauthenticated Access (@dhiyaneshdk) [high]
[unauth-etherpad] Unauthenticated Etherpad (@philippedelteil) [low]
[unauth-fastvue-dashboard] Fastvue Dashboard Panel - Unauthenticated Detect
(@dhiyaneshdk) [medium]
[unauth-kubecost] KubeCost - Unauthenticated Dashboard Exposure (@pussycat0x)
[medium]
[unauth-ldap-account-manager] Unauthenticated LDAP Account Manager (@tess) [medium]
[unauth-mautic-upgrade] Unauthenticated Mautic Upgrade.php Exposure (@huowuzhao)
[high]
[unauth-mercurial] Unauthenticated Mercurial Detect (@pussycat0x) [high]
[opache-control-panel] Opache control Panel - Unauthenticated Access (@pussycat0x)
[medium]
[unauth-redis-insight] RedisInsight - Unauthenticated Access (@ggranjus) [high]
[unauth-selenium-grid-console] Selenium Grid Console - Detect (@pussycat0x) [info]
[unauth-temporal-web-ui] Temporal Web UI - Unauthenticated Access (@ggranjus)
[high]
[unauth-wavink-panel] Wavlink Panel - Unauthenticated Access (@princechaddha)
[high]
[unauth-zwave-mqtt] Unauthenticated ZWave To MQTT Console (@geeknik) [low]
[unauthenticated-alert-manager] Alert Manager - Unauthenticated Access
(@dhiyaneshdk) [high]
[unauthenticated-glances] Glances Unauthenticated Panel (@remonsec) [low]
[unauthenticated-glowroot] Glowroot Anonymous User (@pussycat0x) [high]
[unauthenticated-lansweeper] Unauthenticated Lansweeper Instance (@divya_mudgal)
[high]
[unauthenticated-mongo-express] Mongo Express - Unauthenticated Access
(@dhiyaneshdk,@b0rn2r00t) [high]
[unauthenticated-netdata] Unauthenticated Netdata (@dhiyaneshdk) [medium]
[unauthenticated-nginx-dashboard] Nginx Dashboard (@bibeksapkota (sar00n)) [low]
[unauthenticated-popup-upload] Unauthenticated Popup File Upload - Detect
(@dhiyaneshdk) [info]
[unauthenticated-prtg] PRTG Traffic Grapher - Unauthenticated Access (@dhiyaneshdk)
[high]
[unauthenticated-tensorboard] Tensorflow Tensorboard - Unauthenticated Access
(@dhiyaneshdk) [high]
[unauthenticated-varnish-cache-purge] Varnish Unauthenticated Cache Purge
(@0xelkomy) [low]
[unauthenticated-zipkin] Zipkin Discovery (@dhiyaneshdk) [high]
[unauthorized-h3csecparh-login] H3C Server - Unauthenticated Access (@ritikchaddha)
[high]
[unauthorized-plastic-scm] Plastic Admin Console - Authentication Bypass (@deena)
[critical]
[unauthorized-puppet-node-manager] Puppet Node Manager - Unauthorized Access
(@pussycat0x) [medium]
[unigui-server-monitor-exposure] UniGUI Server Monitor Panel - Exposure (@serrapa)
[low]
[untangle-admin-setup] Untangle Exposed Admin Signup (@ritikchaddha) [medium]
[ups-status] APC UPC Multimon Status Page - Detect (@dhiyaneshdk) [info]
[v2x-control] V2X Control - Dashboard Exposure (@dhiyaneshdk) [low]
[vercel-source-exposure] Vercel Source Code Exposure (@hlop) [medium]
[vernemq-status-page] VerneMQ Status Page (@geeknik) [low]
[viewpoint-system-status] ViewPoint System Status (@dhiyaneshdk) [low]
[wamp-server-configuration] default-wamp-server-page (@pussycat0x) [medium]
[wamp-xdebug-detect] WAMP Xdebug - Detect (@e_schultze_) [info]
[webalizer-statistics] Webalizer Statistics Information Disclosure (@0x_akoko)
[low]
[webdav-enabled] WebDAV Protocol - Detect (@tess) [info]
[wildcard-postmessage] postMessage - Cross-Site Scripting (@pdteam) [unknown]
[woodwing-git] Woodwing Studio Server - Git Config (@pdteam) [medium]
[woodwing-phpinfo] Woodwing Studio Server - Phpinfo Config (@pdteam) [medium]
[wp-registration-enabled] WordPress User Registration Panel - Detect
(@tess,@dhiyaneshdk) [info]
[xss-deprecated-header] XSS-Protection Header - Cross-Site Scripting (@joshlarsen)
[info]
[zabbix-dashboards-access] zabbix-dashboards-access (@pussycat0x,@vsh00t) [medium]
[zabbix-error] Zabbix Panel - Detect (@dhiyaneshdk) [info]
[zenphoto-sensitive-info] Zenphoto Installation Sensitive Information (@qlkwej)
[medium]
[zhiyuan-oa-unauthorized] Zhiyuan Oa Unauthorized (@pikpikcu) [low]
[1password-phish] 1password phishing Detection (@rxerium) [info]
[adobe-phish] adobe phishing Detection (@rxerium) [info]
[aliexpress-phish] aliexpress phishing Detection (@rxerium) [info]
[amazon-phish] Amazon phishing Detection (@rxerium) [info]
[amazon-web-services-phish] amazon web services phishing Detection (@rxerium)
[info]
[american-express-phish] american-express phishing Detection (@rxerium) [info]
[anydesk-phish] anydesk phishing Detection (@rxerium) [info]
[avast-phish] avast phishing Detection (@rxerium) [info]
[avg-phish] avg phishing Detection (@rxerium) [info]
[bank-of-america-phish] Bank Of America phishing Detection (@rxerium) [info]
[battlenet-phish] battlenet phishing Detection (@rxerium) [info]
[best-buy-phish] best buy phishing Detection (@rxerium) [info]
[bitdefender-phish] bitdefender phishing Detection (@rxerium) [info]
[bitwarden-phish] bitwarden phishing Detection (@rxerium) [info]
[blender-phish] blender phishing Detection (@rxerium) [info]
[booking-phish] booking phishing Detection (@rxerium) [info]
[box-phish] box phishing Detection (@rxerium) [info]
[brave-phish] brave phishing Detection (@rxerium) [info]
[brighthr-phish] brighthr phishing Detection (@rxerium) [info]
[ccleaner-phish] ccleaner phishing Detection (@rxerium) [info]
[Chase-phish] Chase phishing Detection (@rxerium) [info]
[chrome-phish] chrome phishing Detection (@rxerium) [info]
[costa-phish] costa phishing Detection (@rxerium) [info]
[dashlane-phish] dashlane phishing Detection (@rxerium) [info]
[deezer-phish] deezer phishing Detection (@rxerium) [info]
[deliveroo-phish] deliveroo phishing Detection (@rxerium) [info]
[digital-ocean-phish] digital ocean phishing Detection (@rxerium) [info]
[Discord-phish] Discord phishing Detection (@rxerium) [info]
[disneyplus-phish] disneyplus phishing Detection (@rxerium) [info]
[dropbox-phish] dropbox phishing Detection (@rxerium) [info]
[duckduckgo-phish] duckduckgo phishing Detection (@rxerium) [info]
[ebay-phish] ebay phishing Detection (@rxerium) [info]
[edge-phish] edge phishing Detection (@rxerium) [info]
[ee-mobile-phish] ee phishing Detection (@rxerium) [info]
[eset-phish] eset phishing Detection (@rxerium) [info]
[evernote-phish] evernote phishing Detection (@rxerium) [info]
[facebook-phish] Facebook phishing Detection (@rxerium) [info]
[figma-phish] figma phishing Detection (@rxerium) [info]
[filezilla-phish] filezilla phishing Detection (@rxerium) [info]
[firefox-phish] firefox phishing Detection (@rxerium) [info]
[gimp-phish] gimp phishing Detection (@rxerium) [info]
[github-phish] github phishing Detection (@rxerium) [info]
[google-phish] Google phishing Detection (@rxerium) [info]
[iCloud-phish] iCloud phishing Detection (@rxerium) [info]
[instagram-phish] instagram phishing Detection (@rxerium) [info]
[kakao-login-phish] kakao login phishing Detection (@hahwul) [info]
[kaspersky-phish] kaspersky phishing Detection (@rxerium) [info]
[kayak-phish] kayak phishing Detection (@rxerium) [info]
[keepass-phish] keepass phishing Detection (@rxerium) [info]
[keepersecurity-phish] keepersecurity phishing Detection (@rxerium) [info]
[keybase-phish] keybase phishing Detection (@rxerium) [info]
[lastpass-phish] lastpass phishing Detection (@rxerium) [info]
[libre-office-phish] libre office phishing Detection (@rxerium) [info]
[linkedin-phish] linkedin phishing Detection (@rxerium) [info]
[malwarebytes-phish] malwarebytes phishing Detection (@rxerium) [info]
[mcafee-phish] mcafee phishing Detection (@rxerium) [info]
[mega-phish] mega phishing Detection (@rxerium) [info]
[messenger-phish] messenger phishing Detection (@rxerium) [info]
[microcenter-phish] microcenter phishing Detection (@rxerium) [info]
[microsoft-phish] Microsoft phishing Detection (@rxerium) [info]
[microsoft-teams-phish] microsoft teams phishing Detection (@rxerium) [info]
[naver-login-phish] naver login phishing Detection (@hahwul) [info]
[netflix-phish] netflix phishing Detection (@rxerium) [info]
[nordpass-phish] nordpass phishing Detection (@rxerium) [info]
[norton-phish] norton phishing Detection (@rxerium) [info]
[notion-phish] notion phishing Detection (@rxerium) [info]
[o2-mobile-phish] o2 phishing Detection (@rxerium) [info]
[openai-phish] openai phishing Detection (@rxerium) [info]
[opera-phish] opera phishing Detection (@rxerium) [info]
[paramountplus-phish] paramountplus phishing Detection (@rxerium) [info]
[Paypal-phish] Paypal phishing Detection (@rxerium) [info]
[pcloud-phish] pcloud phishing Detection (@rxerium) [info]
[pinterest-phish] pinterest phishing Detection (@rxerium) [info]
[plusnet-phish] plusnet phishing Detection (@rxerium) [info]
[proton-phish] proton phishing Detection (@rxerium) [info]
[putty-phish] putty phishing Detection (@rxerium) [info]
[python-phish] python phishing Detection (@rxerium) [info]
[quora-phish] quora phishing Detection (@rxerium) [info]
[reddit-phish] reddit phishing Detection (@rxerium) [info]
[roblox-phish] roblox phishing Detection (@rxerium) [info]
[roboform-phish] roboform phishing Detection (@rxerium) [info]
[royal-mail-phish] royal-mail phishing Detection (@rxerium) [info]
[samsung-phish] samsung phishing Detection (@rxerium) [info]
[signal-phish] signal phishing Detection (@rxerium) [info]
[sky-phish] sky phishing Detection (@rxerium) [info]
[skype-phish] skype phishing Detection (@rxerium) [info]
[skyscanner-phish] skyscanner phishing Detection (@rxerium) [info]
[slack-phish] slack phishing Detection (@rxerium) [info]
[sophos-phish] sophos phishing Detection (@rxerium) [info]
[spotify-phish] spotify phishing Detection (@rxerium) [info]
[steam-phish] steam phishing Detection (@rxerium) [info]
[sync-phish] sync storage phishing Detection (@rxerium) [info]
[target-phish] target phishing Detection (@rxerium) [info]
[teamviewer-phish] teamviewer phishing Detection (@rxerium) [info]
[telegram-phish] telegram phishing Detection (@rxerium) [info]
[three-mobile-phish] three phishing Detection (@rxerium) [info]
[thunderbird-phish] thunderbird phishing Detection (@rxerium) [info]
[ticket-master-phish] ticket master phishing Detection (@rxerium) [info]
[tiktok-phish] tiktok phishing Detection (@rxerium) [info]
[trading212-phish] trading212 phishing Detection (@rxerium) [info]
[trend-micro-phish] trend micro phishing Detection (@rxerium) [info]
[trip-phish] trip phishing Detection (@rxerium) [info]
[twitch-phish] Twitch phishing Detection (@rxerium) [info]
[uber-phish] uber phishing Detection (@rxerium) [info]
[visual-studio-code-phish] visual studio code phishing Detection (@rxerium) [info]
[vlc-media-phish] vlc media phishing Detection (@rxerium) [info]
[vodafone-phish] vodafone phishing Detection (@rxerium) [info]
[vultr-phish] vultr phishing Detection (@rxerium) [info]
[walmart-phish] walmart phishing Detection (@rxerium) [info]
[wetransfer-phish] wetransfer phishing Detection (@rxerium) [info]
[Whatsapp-phish] Whatsapp phishing Detection (@rxerium) [info]
[Wikipedia-phish] Wikipedia phishing Detection (@rxerium) [info]
[winscp-phish] winscp phishing Detection (@rxerium) [info]
[yahoo-phish] Yahoo phishing Detection (@rxerium) [info]
[zoom-phish] zoom phishing Detection (@rxerium) [info]
[1001mem] 1001mem User Name Information - Detect (@dwisiswant0) [info]
[21buttons] 21buttons User Name Information - Detect (@dwisiswant0) [info]
[247sports] 247sports User Name Information - Detect (@dwisiswant0) [info]
[3dnews] 3DNews User Name Information - Detect (@dwisiswant0) [info]
[3dtoday] 3dtoday User Name Information - Detect (@dwisiswant0) [info]
[7cup] 7cup User Name Information - Detect (@dwisiswant0) [info]
[7dach] 7dach User Name Information - Detect (@dwisiswant0) [info]
[aaha-chat] Aaha chat User Name Information - Detect (@dwisiswant0) [info]
[aboutme] About.me User Name Information - Detect (@dwisiswant0) [info]
[acf] ACF User Name Information - Detect (@dwisiswant0) [info]
[admire-me] Admire me User Name Information - Detect (@dwisiswant0) [info]
[adult-forum] Adult Forum User Name Information - Detect (@dwisiswant0) [info]
[adultism] Adultism User Name Information - Detect (@dwisiswant0) [info]
[advfn] ADVFN User Name Information - Detect (@dwisiswant0) [info]
[aflam] Aflam User Name Information - Detect (@dwisiswant0) [info]
[airline-pilot-life] Airline Pilot Life User Name Information - Detect
(@dwisiswant0) [info]
[airliners] Airliners User Name Information - Detect (@dwisiswant0) [info]
[akniga] Akniga User Name Information - Detect (@dwisiswant0) [info]
[albicla] Albicla User Name Information - Detect (@dwisiswant0) [info]
[alik] Alik User Name Information - Detect (@dwisiswant0) [info]
[allesovercrypto] Allesovercrypto User Name Information - Detect (@dwisiswant0)
[info]
[allmylinks] Allmylinks User Name Information - Detect (@dwisiswant0) [info]
[alloannonces] Alloannonces User Name Information - Detect (@dwisiswant0) [info]
[alltrails] AllTrails User Name Information - Detect (@dwisiswant0) [info]
[ameblo] Ameblo User Name Information - Detect (@dwisiswant0) [info]
[americanthinker] AmericanThinker User Name Information - Detect (@dwisiswant0)
[info]
[animeplanet] AnimePlanet User Name Information - Detect (@dwisiswant0) [info]
[anobii] ANobii User Name Information - Detect (@dwisiswant0) [info]
[anonup] Anonup User Name Information - Detect (@dwisiswant0) [info]
[apex-legends] Apex Legends User Name Information - Detect (@dwisiswant0) [info]
[appian] Appian User Name Information - Detect (@dwisiswant0) [info]
[apteka] Apteka User Name Information - Detect (@dwisiswant0) [info]
[archive-of-our-own-account] Archive Of Our Own Account User Name Information -
Detect (@dwisiswant0) [info]
[arduino] Arduino User Name Information - Detect (@dwisiswant0) [info]
[armorgames] ArmorGames User Name Information - Detect (@dwisiswant0) [info]
[artbreeder] ArtBreeder User Name Information - Detect (@dwisiswant0) [info]
[artists-clients] Artists & Clients User Name Information - Detect (@dwisiswant0)
[info]
[artstation] ArtStation User Name Information - Detect (@dwisiswant0) [info]
[asciinema] Asciinema User Name Information - Detect (@dwisiswant0) [info]
[askfm] Ask.fm User Name Information - Detect (@dwisiswant0) [info]
[audiojungle] Audiojungle User Name Information - Detect (@dwisiswant0) [info]
[auru] Au.ru User Name Information - Detect (@dwisiswant0) [info]
[authorstream] AuthorSTREAM User Name Information - Detect (@dwisiswant0) [info]
[avid-community] Avid Community User Name Information - Detect (@dwisiswant0)
[info]
[babepedia] Babepedia User Name Information - Detect (@dwisiswant0) [info]
[babypips] BabyPips User Name Information - Detect (@dwisiswant0) [info]
[bandcamp] Bandcamp User Name Information - Detect (@dwisiswant0) [info]
[bandlab] Bandlab User Name Information - Detect (@dwisiswant0) [info]
[bblog-ru] Bblog ru User Name Information - Detect (@dwisiswant0) [info]
[bdsmlr] BDSMLR User Name Information - Detect (@dwisiswant0) [info]
[bdsmsingles] Bdsmsingles User Name Information - Detect (@dwisiswant0) [info]
[behance] Behance User Name Information - Detect (@dwisiswant0) [info]
[bentbox] Bentbox User Name Information - Detect (@dwisiswant0) [info]
[biggerpockets] BiggerPockets User Name Information - Detect (@dwisiswant0) [info]
[bigo-live] BIGO Live User Name Information - Detect (@dwisiswant0) [info]
[bikemap] Bikemap User Name Information - Detect (@dwisiswant0) [info]
[bimpos] Bimpos User Name Information - Detect (@dwisiswant0) [info]
[biolink] Biolink User Name Information - Detect (@dwisiswant0) [info]
[bitbucket] Bitbucket User Name Information - Detect (@dwisiswant0) [info]
[bitchute] Bitchute User Name Information - Detect (@dwisiswant0) [info]
[bitcoin-forum] Bitcoin forum User Name Information - Detect (@dwisiswant0) [info]
[bittube] Bittube User Name Information - Detect (@dwisiswant0) [info]
[blipfm] BLIP.fm User Name Information - Detect (@dwisiswant0) [info]
[blogger] Blogger User Name Information - Detect (@dwisiswant0) [info]
[blogipl] Blogi.pl User Name Information - Detect (@dwisiswant0) [info]
[blogmarks] Blogmarks User Name Information - Detect (@dwisiswant0) [info]
[blogspot] Blogspot User Name Information - Detect (@dwisiswant0) [info]
[bodybuildingcom] BodyBuilding.com User Name Information - Detect (@dwisiswant0)
[info]
[bonga-cams] Bonga cams User Name Information - Detect (@dwisiswant0) [info]
[bookcrossing] Bookcrossing User Name Information - Detect (@dwisiswant0) [info]
[boosty] Boosty User Name Information - Detect (@dwisiswant0) [info]
[booth] Booth User Name Information - Detect (@dwisiswant0) [info]
[breach-forums] Breach Forums User Name Information - Detect (@dwisiswant0) [info]
[brickset] Brickset User Name Information - Detect (@dwisiswant0) [info]
[bugcrowd] Bugcrowd User Name Information - Detect (@dwisiswant0) [info]
[bunpro] Bunpro User Name Information - Detect (@dwisiswant0) [info]
[buymeacoffee] Buymeacoffee User Name Information - Detect (@dwisiswant0) [info]
[buzzfeed] BuzzFeed User Name Information - Detect (@dwisiswant0) [info]
[buzznet] Buzznet User Name Information - Detect (@dwisiswant0) [info]
[cafecito] Cafecito User Name Information - Detect (@dwisiswant0) [info]
[cal] Cal User Name Information - Detect (@olearycrew) [info]
[calendy] Calendy User Name Information - Detect (@dwisiswant0) [info]
[cameo] Cameo User Name Information - Detect (@dwisiswant0) [info]
[carbonmade] Carbonmade User Name Information - Detect (@dwisiswant0) [info]
[careerhabr] Career.habr User Name Information - Detect (@dwisiswant0) [info]
[caringbridge] CaringBridge User Name Information - Detect (@dwisiswant0) [info]
[carrdco] Carrd.co User Name Information - Detect (@dwisiswant0) [info]
[cashapp] Cash.app User Name Information - Detect (@dwisiswant0) [info]
[castingcallclub] CastingCallClub User Name Information - Detect (@dwisiswant0)
[info]
[cd-action] CD-Action User Name Information - Detect (@dwisiswant0) [info]
[cdapl] Cda.pl User Name Information - Detect (@dwisiswant0) [info]
[championat] Championat User Name Information - Detect (@dwisiswant0) [info]
[chamsko] Chamsko User Name Information - Detect (@dwisiswant0) [info]
[chaturbate] Chaturbate User Name Information - Detect (@dwisiswant0) [info]
[cheezburger] CHEEZburger User Name Information - Detect (@dwisiswant0) [info]
[chesscom] Chess.com User Name Information - Detect (@dwisiswant0) [info]
[chomikujpl] Chomikuj.pl User Name Information - Detect (@dwisiswant0) [info]
[chyoa] Chyoa User Name Information - Detect (@dwisiswant0) [info]
[climatejusticerocks-mastodon-instance] Climatejustice.rocks (Mastodon Instance)
User Name Information - Detect (@dwisiswant0) [info]
[cloudflare] Cloudflare User Name Information - Detect (@dwisiswant0) [info]
[clubhouse] Clubhouse User Name Information - Detect (@dwisiswant0) [info]
[clusterdafrica] Clusterdafrica User Name Information - Detect (@dwisiswant0)
[info]
[cnet] Cnet User Name Information - Detect (@dwisiswant0) [info]
[codeberg] Codeberg User Name Information - Detect (@dwisiswant0) [info]
[codecademy] Codecademy User Name Information - Detect (@dwisiswant0) [info]
[codeforces] Codeforces User Name Information - Detect (@dwisiswant0) [info]
[codementor] Codementor User Name Information - Detect (@dwisiswant0) [info]
[coderwall] Coderwall User Name Information - Detect (@dwisiswant0) [info]
[codewars] Codewars User Name Information - Detect (@dwisiswant0) [info]
[cohost] Cohost User Name Information - Detect (@dwisiswant0) [info]
[colourlovers] COLOURlovers User Name Information - Detect (@dwisiswant0) [info]
[contactossex] Contactos.sex User Name Information - Detect (@dwisiswant0) [info]
[coroflot] Coroflot User Name Information - Detect (@dwisiswant0) [info]
[couchsurfing] Couchsurfing User Name Information - Detect (@philippedelteil)
[info]
[cowboys4angels] Cowboys4angels User Name Information - Detect (@dwisiswant0)
[info]
[cracked-io] Cracked io User Name Information - Detect (@dwisiswant0) [info]
[cracked] Cracked User Name Information - Detect (@dwisiswant0) [info]
[crevado] Crevado User Name Information - Detect (@dwisiswant0) [info]
[crowdin] Crowdin User Name Information - Detect (@dwisiswant0) [info]
[ctflearn] CTFLearn User Name Information - Detect (@olearycrew) [info]
[cults3d] Cults3D User Name Information - Detect (@dwisiswant0) [info]
[curiouscat] Curiouscat User Name Information - Detect (@dwisiswant0) [info]
[cytoid] Cytoid User Name Information - Detect (@dwisiswant0) [info]
[dailymotion] Dailymotion User Name Information - Detect (@dwisiswant0) [info]
[darudar] Darudar User Name Information - Detect (@dwisiswant0) [info]
[dateinasia] Dateinasia User Name Information - Detect (@dwisiswant0) [info]
[datezone] Datezone User Name Information - Detect (@dwisiswant0) [info]
[datingru] Dating.ru User Name Information - Detect (@dwisiswant0) [info]
[demotywatory] Demotywatory User Name Information - Detect (@dwisiswant0) [info]
[depop] Depop User Name Information - Detect (@dwisiswant0) [info]
[designspriation] Designspriation User Name Information - Detect (@dwisiswant0)
[info]
[destructoid] Destructoid User Name Information - Detect (@dwisiswant0) [info]
[deviantart] DeviantArt User Name Information - Detect (@dwisiswant0) [info]
[devrant] DevRant User Name Information - Detect (@dwisiswant0) [info]
[devto] Dev.to User Name Information - Detect (@dwisiswant0) [info]
[dfgames] Dfgames User Name Information - Detect (@dwisiswant0) [info]
[diablo] Diablo User Name Information - Detect (@dwisiswant0) [info]
[dibiz] DIBIZ User Name Information - Detect (@dwisiswant0) [info]
[digitalspy] Digitalspy User Name Information - Detect (@dwisiswant0) [info]
[diigo] Diigo User Name Information - Detect (@dwisiswant0) [info]
[disabledrocks-mastodon-instance] Disabled.rocks (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[discogs] Discogs User Name Information - Detect (@dwisiswant0) [info]
[discourse] Discourse User Name Information - Detect (@dwisiswant0) [info]
[discusselasticco] Discuss.elastic.co User Name Information - Detect (@dwisiswant0)
[info]
[discusssocial-mastodon-instance] Discuss.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[disqus] Disqus User Name Information - Detect (@dwisiswant0) [info]
[dissenter] Dissenter User Name Information - Detect (@dwisiswant0) [info]
[dockerhub] DockerHub User Name Information - Detect (@dwisiswant0) [info]
[dojoverse] Dojoverse User Name Information - Detect (@dwisiswant0) [info]
[donation-alerts] Donation Alerts User Name Information - Detect (@dwisiswant0)
[info]
[dotcards] Dot.cards User Name Information - Detect (@dwisiswant0) [info]
[dribbble] Dribbble User Name Information - Detect (@dwisiswant0) [info]
[droners] Droners User Name Information - Detect (@dwisiswant0) [info]
[drum] Drum User Name Information - Detect (@dwisiswant0) [info]
[duolingo] Duolingo User Name Information - Detect (@dwisiswant0) [info]
[easyen] Easyen User Name Information - Detect (@dwisiswant0) [info]
[ebay-stores] Ebay stores User Name Information - Detect (@dwisiswant0) [info]
[ebay] EBay User Name Information - Detect (@dwisiswant0) [info]
[elloco] Ello.co User Name Information - Detect (@dwisiswant0) [info]
[engadget] Engadget User Name Information - Detect (@dwisiswant0) [info]
[eporner] EPORNER User Name Information - Detect (@dwisiswant0) [info]
[etoro] EToro User Name Information - Detect (@dwisiswant0) [info]
[etsy] Etsy User Name Information - Detect (@dwisiswant0) [info]
[expressionalsocial-mastodon-instance] Expressional.social (Mastodon Instance) User
Name Information - Detect (@dwisiswant0) [info]
[extralunchmoney] ExtraLunchMoney User Name Information - Detect (@dwisiswant0)
[info]
[eyeem] Eyeem User Name Information - Detect (@dwisiswant0) [info]
[f3] F3 User Name Information - Detect (@dwisiswant0) [info]
[fabswingers] Fabswingers User Name Information - Detect (@dwisiswant0) [info]
[facebook-page] Facebook Page Name Information - Detect (@gpiechnik2) [info]
[faktopedia] Faktopedia User Name Information - Detect (@dwisiswant0) [info]
[fancentro] FanCentro User Name Information - Detect (@dwisiswant0) [info]
[fandalism] Fandalism User Name Information - Detect (@dwisiswant0) [info]
[fandom] Fandom User Name Information - Detect (@dwisiswant0) [info]
[fanpop] Fanpop User Name Information - Detect (@dwisiswant0) [info]
[fansly] Fansly User Name Information - Detect (@dwisiswant0) [info]
[fark] Fark User Name Information - Detect (@dwisiswant0) [info]
[farkascity] Farkascity User Name Information - Detect (@dwisiswant0) [info]
[fatsecret] FatSecret User Name Information - Detect (@dwisiswant0) [info]
[fcv] Fcv User Name Information - Detect (@dwisiswant0) [info]
[federatedpress-mastodon-instance] Federated.press (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[figma] Figma User Name Information - Detect (@dwisiswant0) [info]
[filmweb] Filmweb User Name Information - Detect (@dwisiswant0) [info]
[fine-art-america] Fine art america User Name Information - Detect (@dwisiswant0)
[info]
[fiverr] Fiverr User Name Information - Detect (@dwisiswant0) [info]
[flickr] Flickr User Name Information - Detect (@dwisiswant0) [info]
[flipboard] Flipboard User Name Information - Detect (@dwisiswant0) [info]
[flowcode] Flowcode User Name Information - Detect (@dwisiswant0) [info]
[fodors-forum] Fodors Forum User Name Information - Detect (@dwisiswant0) [info]
[fortnite-tracker] Fortnite Tracker User Name Information - Detect (@dwisiswant0)
[info]
[forumprawneorg] Forumprawne.org User Name Information - Detect (@dwisiswant0)
[info]
[fosstodonorg-mastodon-instance] Fosstodon.org (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[fotka] Fotka User Name Information - Detect (@dwisiswant0) [info]
[foursquare] Foursquare User Name Information - Detect (@dwisiswant0) [info]
[freelancer] Freelancer User Name Information - Detect (@dwisiswant0) [info]
[freesound] Freesound User Name Information - Detect (@dwisiswant0) [info]
[friendfinder-x] FriendFinder-X User Name Information - Detect (@dwisiswant0)
[info]
[friendfinder] FriendFinder User Name Information - Detect (@dwisiswant0) [info]
[friendweb] Friendweb User Name Information - Detect (@dwisiswant0) [info]
[furaffinity] FurAffinity User Name Information - Detect (@dwisiswant0) [info]
[furiffic] Furiffic User Name Information - Detect (@dwisiswant0) [info]
[gab] Gab User Name Information - Detect (@dwisiswant0) [info]
[game-debate] Game debate User Name Information - Detect (@dwisiswant0) [info]
[gamespot] Gamespot User Name Information - Detect (@dwisiswant0) [info]
[garmin-connect] Garmin connect User Name Information - Detect (@dwisiswant0)
[info]
[geocaching] Geocaching User Name Information - Detect (@dwisiswant0) [info]
[getmonero] Getmonero User Name Information - Detect (@dwisiswant0) [info]
[gettr] Gettr User Name Information - Detect (@dwisiswant0) [info]
[gfycat] Gfycat User Name Information - Detect (@dwisiswant0) [info]
[gigapan] Gigapan User Name Information - Detect (@dwisiswant0) [info]
[giphy] Giphy User Name Information - Detect (@dwisiswant0) [info]
[girlfriendsmeet] Girlfriendsmeet User Name Information - Detect (@dwisiswant0)
[info]
[gist] Gist User Name Information - Detect (@philippedelteil) [info]
[gitea] Gitea User Name Information - Detect (@dwisiswant0) [info]
[gitee] Gitee User Name Information - Detect (@dwisiswant0) [info]
[giters] Giters User Name Information - Detect (@dwisiswant0) [info]
[github] GitHub User Name Information - Detect (@dwisiswant0) [info]
[gitlab] GitLab User Name Information - Detect (@dwisiswant0) [info]
[gloriatv] Gloria.tv User Name Information - Detect (@dwisiswant0) [info]
[gnome-extensions] Gnome extensions User Name Information - Detect (@dwisiswant0)
[info]
[gpoddernet] Gpodder.net User Name Information - Detect (@dwisiswant0) [info]
[grandprof] Grandprof User Name Information - Detect (@dwisiswant0) [info]
[graphicssocial-mastodon-instance] Graphics.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[gravatar] Gravatar User Name Information - Detect (@dwisiswant0) [info]
[gumroad] Gumroad User Name Information - Detect (@dwisiswant0) [info]
[hackaday] Hackaday User Name Information - Detect (@dwisiswant0) [info]
[hackenproof] Hackenproof User Name Information - Detect (@philippedelteil) [info]
[hacker-news] Hacker News User Name Information - Detect (@dwisiswant0) [info]
[hackerearth] Hackerearth User Name Information - Detect (@dwisiswant0) [info]
[hackernoon] Hackernoon User Name Information - Detect (@dwisiswant0) [info]
[hackerone] HackerOne User Name Information - Detect (@dwisiswant0) [info]
[hackerrank] HackerRank User Name Information - Detect (@dwisiswant0) [info]
[hackster] Hackster User Name Information - Detect (@dwisiswant0) [info]
[hamaha] Hamaha User Name Information - Detect (@dwisiswant0) [info]
[hanime] Hanime User Name Information - Detect (@dwisiswant0) [info]
[hashnode] Hashnode User Name Information - Detect (@cheesymoon) [info]
[hcommonssocial-mastodon-instance] Hcommons.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[heylink] Heylink User Name Information - Detect (@dwisiswant0) [info]
[hiberworld] Hiberworld User Name Information - Detect (@dwisiswant0) [info]
[hihello] HiHello User Name Information - Detect (@dwisiswant0) [info]
[historianssocial-mastodon-instance] Historians.social (Mastodon Instance) User
Name Information - Detect (@dwisiswant0) [info]
[homedesign3d] HomeDesign3D User Name Information - Detect (@dwisiswant0) [info]
[hometechsocial-mastodon-instance] Hometech.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[hoobe] Hoo.be User Name Information - Detect (@dwisiswant0) [info]
[hostuxsocial-mastodon-instance] Hostux.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[houzz] Houzz User Name Information - Detect (@dwisiswant0) [info]
[hubpages] HubPages User Name Information - Detect (@dwisiswant0) [info]
[hubski] Hubski User Name Information - Detect (@dwisiswant0) [info]
[hugging-face] Hugging face User Name Information - Detect (@dwisiswant0) [info]
[iconfinder] Iconfinder User Name Information - Detect (@dwisiswant0) [info]
[icq-chat] Icq-chat User Name Information - Detect (@dwisiswant0) [info]
[ifttt] IFTTT User Name Information - Detect (@dwisiswant0) [info]
[ifunny] Ifunny User Name Information - Detect (@dwisiswant0) [info]
[igromania] Igromania User Name Information - Detect (@dwisiswant0) [info]
[ilovegrowingmarijuana] Ilovegrowingmarijuana User Name Information - Detect
(@dwisiswant0) [info]
[imagefap] Imagefap User Name Information - Detect (@dwisiswant0) [info]
[imageshack] ImageShack User Name Information - Detect (@dwisiswant0) [info]
[imgbb] ImgBB User Name Information - Detect (@cheesymoon) [info]
[imgsrcru] IMGSRC.RU User Name Information - Detect (@dwisiswant0) [info]
[imgur] Imgur User Name Information - Detect (@dwisiswant0) [info]
[inaturalist] Inaturalist User Name Information - Detect (@dwisiswant0) [info]
[independent-academia] Independent academia User Name Information - Detect
(@dwisiswant0) [info]
[inkbunny] InkBunny User Name Information - Detect (@dwisiswant0) [info]
[insanejournal] InsaneJournal User Name Information - Detect (@dwisiswant0) [info]
[instagram] Instagram User Name Information - Detect (@dwisiswant0) [info]
[instructables] Instructables User Name Information - Detect (@dwisiswant0) [info]
[internet-archive-account] Internet Archive Account User Name Information - Detect
(@dwisiswant0) [info]
[internet-archive-user-search] Internet Archive User Search User Name Information -
Detect (@dwisiswant0) [info]
[interpals] Interpals User Name Information - Detect (@dwisiswant0) [info]
[intigriti] Intigriti User Name Information - Detect (@philippedelteil) [info]
[ismygirl] IsMyGirl User Name Information - Detect (@dwisiswant0) [info]
[issuu] Issuu User Name Information - Detect (@dwisiswant0) [info]
[itchio] Itch.io User Name Information - Detect (@dwisiswant0) [info]
[japandict] Japandict User Name Information - Detect (@dwisiswant0) [info]
[jbzd] JBZD User Name Information - Detect (@dwisiswant0) [info]
[jejapl] Jeja.pl User Name Information - Detect (@dwisiswant0) [info]
[jeuxvideo] Jeuxvideo User Name Information - Detect (@dwisiswant0) [info]
[joe-monster] Joe Monster User Name Information - Detect (@dwisiswant0) [info]
[jsfiddle] JSFiddle User Name Information - Detect (@dwisiswant0) [info]
[justforfans] Justforfans User Name Information - Detect (@dwisiswant0) [info]
[kaggle] Kaggle User Name Information - Detect (@dwisiswant0) [info]
[karabin] Karab.in User Name Information - Detect (@dwisiswant0) [info]
[keybase] Keybase User Name Information - Detect (@dwisiswant0) [info]
[kickstarter] Kickstarter User Name Information - Detect (@dwisiswant0) [info]
[kik] Kik User Name Information - Detect (@dwisiswant0) [info]
[kipin] Kipin User Name Information - Detect (@dwisiswant0) [info]
[knowyourmeme] KnowYourMeme User Name Information - Detect (@dwisiswant0) [info]
[ko-fi] Ko-Fi User Name Information - Detect (@dwisiswant0) [info]
[kongregate] Kongregate User Name Information - Detect (@dwisiswant0) [info]
[kotburger] Kotburger User Name Information - Detect (@dwisiswant0) [info]
[kwejkpl] Kwejk.pl User Name Information - Detect (@dwisiswant0) [info]
[librarything] LibraryThing User Name Information - Detect (@dwisiswant0) [info]
[libretoothgr-mastodon-instance] Libretooth.gr (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[lichess] Lichess User Name Information - Detect (@dwisiswant0) [info]
[likeevideo] Likeevideo User Name Information - Detect (@dwisiswant0) [info]
[line] LINE User Name Information - Detect (@dwisiswant0) [info]
[linktree] Linktree User Name Information - Detect (@dwisiswant0) [info]
[linuxorgru] Linux.org.ru User Name Information - Detect (@dwisiswant0) [info]
[litmindclub-mastodon-instance] Litmind.club (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[livejournal] Livejournal User Name Information - Detect (@dwisiswant0) [info]
[livemasterru] Livemaster.ru User Name Information - Detect (@dwisiswant0) [info]
[lobsters] Lobste.rs User Name Information - Detect (@dwisiswant0) [info]
[lorsh-mastodon-instance] Lor.sh (Mastodon Instance) User Name Information - Detect
(@dwisiswant0) [info]
[love-ru] Love ru User Name Information - Detect (@dwisiswant0) [info]
[lowcygierpl] Lowcygier.pl User Name Information - Detect (@dwisiswant0) [info]
[maga-chat] MAGA-CHAT User Name Information - Detect (@dwisiswant0) [info]
[magabook] MAGABOOK User Name Information - Detect (@dwisiswant0) [info]
[magix] Magix User Name Information - Detect (@dwisiswant0) [info]
[mail-archive] The Mail Archive Information (@lu4nx) [info]
[manyvids] MANYVIDS User Name Information - Detect (@dwisiswant0) [info]
[mapmytracks] MapMyTracks User Name Information - Detect (@dwisiswant0) [info]
[mapstodonspace-mastodon-instance] Mapstodon.space (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[maroc-nl] Maroc nl User Name Information - Detect (@dwisiswant0) [info]
[marshmallow] Marshmallow User Name Information - Detect (@dwisiswant0) [info]
[martech] Martech User Name Information - Detect (@dwisiswant0) [info]
[massage-anywhere] Massage Anywhere User Name Information - Detect (@dwisiswant0)
[info]
[mastoai] Masto.ai User Name Information - Detect (@dwisiswant0) [info]
[mastodon-101010pl] Mastodon-101010.pl User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-api] Mastodon-API User Name Information - Detect (@dwisiswant0) [info]
[mastodon-chaossocial] Mastodon-Chaos.social User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-climatejusticerocks] Mastodon-climatejustice.rocks User Name Information
- Detect (@dwisiswant0) [info]
[mastodon-countersocial] Mastodon-counter.social User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-defcon] Mastodon-Defcon User Name Information - Detect (@dwisiswant0)
[info]
[mastodon-eu-voice] Mastodon-EU Voice User Name Information - Detect (@dwisiswant0)
[info]
[mastodon-mastodon] Mastodon-mastodon User Name Information - Detect (@dwisiswant0)
[info]
[mastodon-meowsocial] Mastodon-meow.social User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-mstdnio] Mastodon-mstdn.io User Name Information - Detect (@dwisiswant0)
[info]
[mastodon-polsocial] Mastodon-pol.social User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-rigczclub] Mastodon-rigcz.club User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-social-tchncs] Mastodon-social tchncs User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-tflnetpl] Mastodon-tfl.net.pl User Name Information - Detect
(@dwisiswant0) [info]
[mastodon-tootcommunity] Mastodon-Toot.Community User Name Information - Detect
(@dwisiswant0) [info]
[mastodonbooksnet-mastodon-instance] Mastodonbooks.net (Mastodon Instance) User
Name Information - Detect (@dwisiswant0) [info]
[mastodonchasedemdev-mastodon-instance] Mastodon.chasedem.dev (Mastodon Instance)
User Name Information - Detect (@dwisiswant0) [info]
[mastodononline] Mastodon.online User Name Information - Detect (@dwisiswant0)
[info]
[mastonyc-mastodon-instance] Masto.nyc (Mastodon Instance) User Name Information -
Detect (@dwisiswant0) [info]
[mastown-mastodon-instance] Mas.town (Mastodon Instance) User Name Information -
Detect (@dwisiswant0) [info]
[mcname-minecraft] MCName (Minecraft) User Name Information - Detect (@dwisiswant0)
[info]
[mcuuid-minecraft] MCUUID (Minecraft) User Name Information - Detect (@dwisiswant0)
[info]
[mediakits] Mediakits User Name Information - Detect (@dwisiswant0) [info]
[medium] Medium User Name Information - Detect (@dwisiswant0) [info]
[medyczkapl] Medyczka.pl User Name Information - Detect (@dwisiswant0) [info]
[meet-me] Meet me User Name Information - Detect (@dwisiswant0) [info]
[megamodelspl] Megamodels.pl User Name Information - Detect (@dwisiswant0) [info]
[memrise] Memrise User Name Information - Detect (@dwisiswant0) [info]
[message-me] Message me User Name Information - Detect (@dwisiswant0) [info]
[metacritic] Metacritic User Name Information - Detect (@dwisiswant0) [info]
[microsoft-technet-community] Microsoft Technet Community User Name Information -
Detect (@dwisiswant0) [info]
[minds] Minds User Name Information - Detect (@dwisiswant0) [info]
[minecraft-list] Minecraft List User Name Information - Detect (@dwisiswant0)
[info]
[mintme] Mintme User Name Information - Detect (@dwisiswant0) [info]
[mistrzowie] Mistrzowie User Name Information - Detect (@dwisiswant0) [info]
[mix] Mix User Name Information - Detect (@dwisiswant0) [info]
[mixi] Mixi User Name Information - Detect (@dwisiswant0) [info]
[mixlr] Mixlr User Name Information - Detect (@dwisiswant0) [info]
[mmorpg] Mmorpg User Name Information - Detect (@dwisiswant0) [info]
[mod-db] Mod DB User Name Information - Detect (@dwisiswant0) [info]
[moneysavingexpert] Moneysavingexpert User Name Information - Detect (@dwisiswant0)
[info]
[motokiller] Motokiller User Name Information - Detect (@dwisiswant0) [info]
[moxfield] Moxfield User Name Information - Detect (@dwisiswant0) [info]
[muck-rack] Muck Rack User Name Information - Detect (@dwisiswant0) [info]
[musiciansocial-mastodon-instance] Musician.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[musictraveler] Musictraveler User Name Information - Detect (@dwisiswant0) [info]
[my-instants] My instants User Name Information - Detect (@dwisiswant0) [info]
[myanimelist] MyAnimeList User Name Information - Detect (@dwisiswant0) [info]
[mybuildercom] MyBuilder.com User Name Information - Detect (@dwisiswant0) [info]
[myfitnesspal-author] MyFitnessPal Author User Name Information - Detect
(@dwisiswant0) [info]
[myfitnesspal-community] MyFitnessPal Community User Name Information - Detect
(@dwisiswant0) [info]
[mylot] MyLot User Name Information - Detect (@dwisiswant0) [info]
[mymfans] Mym.fans User Name Information - Detect (@dwisiswant0) [info]
[myportfolio] Myportfolio User Name Information - Detect (@dwisiswant0) [info]
[myspace] MySpace User Name Information - Detect (@dwisiswant0) [info]
[myspreadshop] Myspreadshop User Name Information - Detect (@dwisiswant0) [info]
[naija-planet] Naija planet User Name Information - Detect (@dwisiswant0) [info]
[nairaland] Nairaland User Name Information - Detect (@dwisiswant0) [info]
[naturalnews] NaturalNews User Name Information - Detect (@dwisiswant0) [info]
[naver] Naver User Name Information - Detect (@dwisiswant0) [info]
[netvibes] Netvibes User Name Information - Detect (@dwisiswant0) [info]
[newgrounds] Newgrounds User Name Information - Detect (@dwisiswant0) [info]
[newmeet] Newmeet User Name Information - Detect (@dwisiswant0) [info]
[nihbuatjajan] Nihbuatjajan User Name Information - Detect (@dwisiswant0) [info]
[nitecrew-mastodon-instance] Nitecrew (Mastodon Instance) User Name Information -
Detect (@dwisiswant0) [info]
[nnru] Nnru User Name Information - Detect (@dwisiswant0) [info]
[notabug] NotABug User Name Information - Detect (@dwisiswant0) [info]
[note] Note User Name Information - Detect (@dwisiswant0) [info]
[npmjs] NPMjs User Name Information - Detect (@olearycrew) [info]
[oglaszamy24hpl] Oglaszamy24h.pl User Name Information - Detect (@dwisiswant0)
[info]
[ogugg] Ogu.gg User Name Information - Detect (@dwisiswant0) [info]
[okidoki] Okidoki User Name Information - Detect (@dwisiswant0) [info]
[okru] Ok.ru User Name Information - Detect (@dwisiswant0) [info]
[olx] Olx User Name Information - Detect (@dwisiswant0) [info]
[omlet] Omlet User Name Information - Detect (@dwisiswant0) [info]
[opencollective] Opencollective User Name Information - Detect (@dwisiswant0)
[info]
[opensource] Opensource User Name Information - Detect (@dwisiswant0) [info]
[openstreetmap] OpenStreetMap User Name Information - Detect (@dwisiswant0) [info]
[opgg] OPGG User Name Information - Detect (@dwisiswant0) [info]
[orbys] Orbys User Name Information - Detect (@dwisiswant0) [info]
[osu] Osu! User Name Information - Detect (@dwisiswant0) [info]
[our-freedom-book] Our Freedom Book User Name Information - Detect (@dwisiswant0)
[info]
[owly] Ow.ly User Name Information - Detect (@dwisiswant0) [info]
[palnet] Palnet User Name Information - Detect (@dwisiswant0) [info]
[parler-archived-posts] Parler archived posts User Name Information - Detect
(@dwisiswant0) [info]
[parler-archived-profile] Parler archived profile User Name Information - Detect
(@dwisiswant0) [info]
[parler] Parler User Name Information - Detect (@dwisiswant0) [info]
[pastebin] Pastebin User Name Information - Detect (@dwisiswant0) [info]
[patch] Patch User Name Information - Detect (@dwisiswant0) [info]
[patientslikeme] PatientsLikeMe User Name Information - Detect (@dwisiswant0)
[info]
[patreon] Patreon User Name Information - Detect (@dwisiswant0) [info]
[patriots-win] Patriots Win User Name Information - Detect (@dwisiswant0) [info]
[patronite] Patronite User Name Information - Detect (@dwisiswant0) [info]
[paypal] Paypal User Name Information - Detect (@dwisiswant0) [info]
[pcgamer] PCGamer User Name Information - Detect (@dwisiswant0) [info]
[pcpartpicker] PCPartPicker User Name Information - Detect (@dwisiswant0) [info]
[peing] Peing User Name Information - Detect (@dwisiswant0) [info]
[periscope] Periscope User Name Information - Detect (@dwisiswant0) [info]
[pettingzooco-mastodon-instance] Pettingzoo.co (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[pewex] Pewex User Name Information - Detect (@dwisiswant0) [info]
[picsart] Picsart User Name Information - Detect (@dwisiswant0) [info]
[piekielni] Piekielni User Name Information - Detect (@dwisiswant0) [info]
[pikabu] Pikabu User Name Information - Detect (@dwisiswant0) [info]
[pillowfort] Pillowfort User Name Information - Detect (@dwisiswant0) [info]
[pinkbike] PinkBike User Name Information - Detect (@dwisiswant0) [info]
[pinterest] Pinterest User Name Information - Detect (@dwisiswant0) [info]
[pixelfedsocial] Pixelfed.social User Name Information - Detect (@dwisiswant0)
[info]
[platzi] Platzi service User Name Information - Detect (@philippedelteil) [info]
[playstation-network] Playstation Network User Name Information - Detect
(@dwisiswant0) [info]
[plurk] Plurk User Name Information - Detect (@dwisiswant0) [info]
[pokec] Pokec User Name Information - Detect (@dwisiswant0) [info]
[pokemonshowdown] Pokemonshowdown User Name Information - Detect (@dwisiswant0)
[info]
[pokerstrategy] Pokerstrategy User Name Information - Detect (@dwisiswant0) [info]
[polchatpl] Polchat.pl User Name Information - Detect (@dwisiswant0) [info]
[policja2009] Policja2009 User Name Information - Detect (@dwisiswant0) [info]
[poll-everywhere] Poll Everywhere User Name Information - Detect (@dwisiswant0)
[info]
[polygon] Polygon User Name Information - Detect (@dwisiswant0) [info]
[polywork] Polywork User Name Information - Detect (@olearycrew) [info]
[popl] Popl User Name Information - Detect (@dwisiswant0) [info]
[pornhub-porn-stars] Pornhub Porn Stars User Name Information - Detect
(@dwisiswant0) [info]
[pornhub-users] Pornhub Users User Name Information - Detect (@dwisiswant0) [info]
[poshmark] Poshmark User Name Information - Detect (@dwisiswant0) [info]
[postcrossing] Postcrossing User Name Information - Detect (@dwisiswant0) [info]
[postnews] Postnews User Name Information - Detect (@olearycrew) [info]
[poweredbygaysocial-mastodon-instance] Poweredbygay.social (Mastodon Instance) User
Name Information - Detect (@dwisiswant0) [info]
[producthunt] Producthunt User Name Information - Detect (@dwisiswant0) [info]
[promodj] Promodj User Name Information - Detect (@dwisiswant0) [info]
[pronounspage] Pronouns.Page User Name Information - Detect (@dwisiswant0) [info]
[pronouny] Pronouny User Name Information - Detect (@dwisiswant0) [info]
[prose] Prose User Name Information - Detect (@dwisiswant0) [info]
[prvpl] Prv.pl User Name Information - Detect (@dwisiswant0) [info]
[psstaudio] Psstaudio User Name Information - Detect (@dwisiswant0) [info]
[public] Public User Name Information - Detect (@dwisiswant0) [info]
[pypi] Pypi User Name Information - Detect (@dwisiswant0) [info]
[queer] QUEER User Name Information - Detect (@dwisiswant0) [info]
[quitterpl] Quitter.pl User Name Information - Detect (@dwisiswant0) [info]
[quora] Quora User Name Information - Detect (@dwisiswant0) [info]
[raddleme] Raddle.me User Name Information - Detect (@dwisiswant0) [info]
[rantli] Rant.li User Name Information - Detect (@dwisiswant0) [info]
[reblogme] ReblogMe User Name Information - Detect (@dwisiswant0) [info]
[redbubble] Redbubble User Name Information - Detect (@dwisiswant0) [info]
[reddit] Reddit User Name Information - Detect (@dwisiswant0) [info]
[redgifs] REDGIFS User Name Information - Detect (@dwisiswant0) [info]
[refsheet] Refsheet User Name Information - Detect (@dwisiswant0) [info]
[researchgate] Researchgate User Name Information - Detect (@dwisiswant0) [info]
[resumes-actorsaccess] Resumes actorsaccess User Name Information - Detect
(@dwisiswant0) [info]
[revolut] Revolut User Name Information - Detect (@dwisiswant0) [info]
[riskru] Risk.ru User Name Information - Detect (@dwisiswant0) [info]
[roblox] Roblox User Name Information - Detect (@dwisiswant0) [info]
[rsi] Rsi User Name Information - Detect (@dwisiswant0) [info]
[ru-123rf] Ru 123rf User Name Information - Detect (@dwisiswant0) [info]
[rubygems] RubyGems User Name Information - Detect (@cheesymoon) [info]
[rumblechannel] RumbleChannel User Name Information - Detect (@dwisiswant0) [info]
[rumbleuser] RumbleUser User Name Information - Detect (@dwisiswant0) [info]
[salon24] Salon24 User Name Information - Detect (@dwisiswant0) [info]
[saracartershow] SaraCarterShow User Name Information - Detect (@dwisiswant0)
[info]
[scoutwiki] ScoutWiki User Name Information - Detect (@dwisiswant0) [info]
[scratch] Scratch User Name Information - Detect (@dwisiswant0) [info]
[secure-donation] Secure donation User Name Information - Detect (@dwisiswant0)
[info]
[seneporno] Seneporno User Name Information - Detect (@dwisiswant0) [info]
[sentimente] Sentimente User Name Information - Detect (@dwisiswant0) [info]
[seoclerks] SEOClerks User Name Information - Detect (@dwisiswant0) [info]
[setlistfm] Setlist.fm User Name Information - Detect (@dwisiswant0) [info]
[sexworker] Sexworker User Name Information - Detect (@dwisiswant0) [info]
[sfd] SFD User Name Information - Detect (@dwisiswant0) [info]
[shanii-writes] Shanii Writes User Name Information - Detect (@dwisiswant0) [info]
[shesfreaky] Shesfreaky User Name Information - Detect (@dwisiswant0) [info]
[shopify] Shopify User Name Information - Detect (@dwisiswant0) [info]
[shutterstock] Shutterstock User Name Information - Detect (@dwisiswant0) [info]
[skeb] Skeb User Name Information - Detect (@dwisiswant0) [info]
[skillshare] Skill Share User Name Information - Detect (@olearycrew) [info]
[skyrock] Skyrock User Name Information - Detect (@dwisiswant0) [info]
[slackholes] SlackHoles User Name Information - Detect (@dwisiswant0) [info]
[slant] Slant User Name Information - Detect (@dwisiswant0) [info]
[slides] Slides User Name Information - Detect (@dwisiswant0) [info]
[slideshare] Slideshare User Name Information - Detect (@dwisiswant0) [info]
[smashrun] SmashRun User Name Information - Detect (@dwisiswant0) [info]
[smelsy] Smelsy User Name Information - Detect (@dwisiswant0) [info]
[smugmug] SmugMug User Name Information - Detect (@dwisiswant0) [info]
[smule] Smule User Name Information - Detect (@dwisiswant0) [info]
[snapchat-stories] Snapchat Stories User Name Information - Detect (@dwisiswant0)
[info]
[snapchat] Snapchat User Name Information - Detect (@dwisiswant0) [info]
[snipfeed] Snipfeed User Name Information - Detect (@dwisiswant0) [info]
[soccitizen4eu] Soc.citizen4.eu User Name Information - Detect (@dwisiswant0)
[info]
[social-msdn] Social msdn User Name Information - Detect (@dwisiswant0) [info]
[socialbundde] Social.bund.de User Name Information - Detect (@dwisiswant0) [info]
[sofurry] Sofurry User Name Information - Detect (@dwisiswant0) [info]
[solikick] SoliKick User Name Information - Detect (@dwisiswant0) [info]
[soloby] Soloby User Name Information - Detect (@dwisiswant0) [info]
[soloto] Solo.to User Name Information - Detect (@dwisiswant0) [info]
[soundcloud] SoundCloud User Name Information - Detect (@dwisiswant0) [info]
[soup] Soup User Name Information - Detect (@dwisiswant0) [info]
[sourceforge] Sourceforge User Name Information - Detect (@dwisiswant0) [info]
[speaker-deck] Speaker Deck User Name Information - Detect (@dwisiswant0) [info]
[speedrun] Speedrun User Name Information - Detect (@dwisiswant0) [info]
[spiceworks] SpiceWorks User Name Information - Detect (@dwisiswant0) [info]
[sporcle] Sporcle User Name Information - Detect (@dwisiswant0) [info]
[spotify] Spotify User Name Information - Detect (@dwisiswant0) [info]
[stackoverflow] StackOverflow User Name Information - Detect (@lu4nx) [info]
[steam] Steam User Name Information - Detect (@dwisiswant0) [info]
[steemit] Steemit User Name Information - Detect (@dwisiswant0) [info]
[steller] Steller User Name Information - Detect (@dwisiswant0) [info]
[stonerssocial-mastodon-instance] Stoners.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[storycorps] StoryCorps User Name Information - Detect (@dwisiswant0) [info]
[streamelements] StreamElements User Name Information - Detect (@dwisiswant0)
[info]
[streamlabs] StreamLabs User Name Information - Detect (@dwisiswant0) [info]
[stripchat] Stripchat User Name Information - Detect (@dwisiswant0) [info]
[subscribestar] Subscribestar User Name Information - Detect (@dwisiswant0) [info]
[sukebeinyaasi] Sukebei.nyaa.si User Name Information - Detect (@dwisiswant0)
[info]
[suzuri] Suzuri User Name Information - Detect (@dwisiswant0) [info]
[szmerinfo] Szmer.info User Name Information - Detect (@dwisiswant0) [info]
[tabletoptournament] Tabletoptournament User Name Information - Detect
(@dwisiswant0) [info]
[tagged] Tagged User Name Information - Detect (@dwisiswant0) [info]
[tamtam] TamTam User Name Information - Detect (@dwisiswant0) [info]
[tanukipl] Tanuki.pl User Name Information - Detect (@dwisiswant0) [info]
[tapitag] TAPiTAG User Name Information - Detect (@dwisiswant0) [info]
[tappy] Tappy User Name Information - Detect (@dwisiswant0) [info]
[taringa] Taringa User Name Information - Detect (@dwisiswant0) [info]
[taskrabbit] Taskrabbit User Name Information - Detect (@dwisiswant0) [info]
[teamtreehouse] Teamtreehouse User Name Information - Detect (@dwisiswant0) [info]
[teddygirls] Teddygirls User Name Information - Detect (@dwisiswant0) [info]
[teespring] Teespring User Name Information - Detect (@dwisiswant0) [info]
[teknik] Teknik User Name Information - Detect (@dwisiswant0) [info]
[telegram] Telegram User Name Information - Detect (@dwisiswant0) [info]
[tellonym] Tellonym User Name Information - Detect (@dwisiswant0) [info]
[tenor] Tenor User Name Information - Detect (@dwisiswant0) [info]
[tf2-backpack-examiner] TF2 Backpack Examiner User Name Information - Detect
(@dwisiswant0) [info]
[thegatewaypundit] Thegatewaypundit User Name Information - Detect (@dwisiswant0)
[info]
[theguardian] Theguardian User Name Information - Detect (@dwisiswant0) [info]
[themeforest] Themeforest User Name Information - Detect (@dwisiswant0) [info]
[thetattooforum] Thetattooforum User Name Information - Detect (@dwisiswant0)
[info]
[threads] Threads User Name Information - Detect (@olearycrew) [info]
[tiktok] TikTok User Name Information - Detect (@dwisiswant0) [info]
[tildezone-mastodon-instance] Tilde.zone (Mastodon Instance) User Name Information
- Detect (@dwisiswant0) [info]
[tinder] Tinder User Name Information - Detect (@dwisiswant0) [info]
[tmdb] TMDB User Name Information - Detect (@olearycrew) [info]
[tootingch-mastodon-instance] Tooting.ch (Mastodon Instance) User Name Information
- Detect (@dwisiswant0) [info]
[totalwar] TotalWar User Name Information - Detect (@dwisiswant0) [info]
[toyhouse] Toyhou.se User Name Information - Detect (@dwisiswant0) [info]
[trackmanialadder] TrackmaniaLadder User Name Information - Detect (@dwisiswant0)
[info]
[tradingview] Tradingview User Name Information - Detect (@dwisiswant0) [info]
[trakt] Trakt User Name Information - Detect (@dwisiswant0) [info]
[trello] Trello User Name Information - Detect (@dwisiswant0) [info]
[tripadvisor] Tripadvisor User Name Information - Detect (@dwisiswant0) [info]
[truth-social] Truth Social User Name Information - Detect (@dwisiswant0) [info]
[tryhackme] TryHackMe User Name Information - Detect (@olearycrew) [info]
[tumblr] Tumblr User Name Information - Detect (@dwisiswant0) [info]
[tunefind] Tunefind User Name Information - Detect (@dwisiswant0) [info]
[twitcasting] Twitcasting User Name Information - Detect (@dwisiswant0) [info]
[twitch] Twitch User Name Information - Detect (@dwisiswant0) [info]
[twitter-archived-profile] Twitter archived profile User Name Information - Detect
(@dwisiswant0) [info]
[twitter-archived-tweets] Twitter archived tweets User Name Information - Detect
(@dwisiswant0) [info]
[twitter] Twitter User Name Information - Detect (@dwisiswant0) [info]
[twpro] Twpro User Name Information - Detect (@dwisiswant0) [info]
[ubisoft] Ubisoft User Name Information - Detect (@dwisiswant0) [info]
[udemy] Udemy User Name Information - Detect (@dwisiswant0) [info]
[uefconnect] Uefconnect User Name Information - Detect (@dwisiswant0) [info]
[uid] Uid User Name Information - Detect (@dwisiswant0) [info]
[uiuxdevsocial-mastodon-instance] Uiuxdev.social (Mastodon Instance) User Name
Information - Detect (@dwisiswant0) [info]
[ultras-diary] Ultras Diary User Name Information - Detect (@dwisiswant0) [info]
[ulubpl] Ulub.pl User Name Information - Detect (@dwisiswant0) [info]
[unsplash] Unsplash User Name Information - Detect (@dwisiswant0) [info]
[untappd] Untappd User Name Information - Detect (@dwisiswant0) [info]
[usa-life] USA Life User Name Information - Detect (@dwisiswant0) [info]
[utipio] Utip.io User Name Information - Detect (@dwisiswant0) [info]
[uwuai] Uwu.ai User Name Information - Detect (@dwisiswant0) [info]
[uwumarket] Uwumarket User Name Information - Detect (@dwisiswant0) [info]
[vampr] Vampr User Name Information - Detect (@millermedia) [info]
[venmo] Venmo User Name Information - Detect (@dwisiswant0) [info]
[vero] Vero User Name Information - Detect (@dwisiswant0) [info]
[vibilagare] Vibilagare User Name Information - Detect (@dwisiswant0) [info]
[viddler] Viddler User Name Information - Detect (@dwisiswant0) [info]
[vimeo] Vimeo User Name Information - Detect (@dwisiswant0) [info]
[vine] Vine User Name Information - Detect (@dwisiswant0) [info]
[vip-blog] VIP-blog User Name Information - Detect (@dwisiswant0) [info]
[virustotal] Virustotal User Name Information - Detect (@dwisiswant0) [info]
[visnesscard] Visnesscard User Name Information - Detect (@dwisiswant0) [info]
[vivino] Vivino User Name Information - Detect (@dwisiswant0) [info]
[vk] VK User Name Information - Detect (@dwisiswant0) [info]
[vklworld-mastodon-instance] Vkl.world (Mastodon Instance) User Name Information -
Detect (@dwisiswant0) [info]
[vmstio-mastodon-instance] Vmst.io (Mastodon Instance) User Name Information -
Detect (@dwisiswant0) [info]
[voice123] Voice123 User Name Information - Detect (@dwisiswant0) [info]
[voicescom] Voices.com User Name Information - Detect (@dwisiswant0) [info]
[vsco] Vsco User Name Information - Detect (@dwisiswant0) [info]
[wanelo] Wanelo User Name Information - Detect (@dwisiswant0) [info]
[warriorforum] Warriorforum User Name Information - Detect (@dwisiswant0) [info]
[watchmemorecom] Watchmemore.com User Name Information - Detect (@dwisiswant0)
[info]
[watchmyfeed] Watchmyfeed User Name Information - Detect (@dwisiswant0) [info]
[wattpad] Wattpad User Name Information - Detect (@dwisiswant0) [info]
[weasyl] Weasyl User Name Information - Detect (@dwisiswant0) [info]
[weebly] Weebly User Name Information - Detect (@dwisiswant0) [info]
[wego] Wego User Name Information - Detect (@dwisiswant0) [info]
[weheartit] Weheartit User Name Information - Detect (@dwisiswant0) [info]
[weibo] Weibo User Name Information - Detect (@dwisiswant0) [info]
[wetransfer] WeTransfer User Name Information - Detect (@dwisiswant0) [info]
[wikidot] Wikidot User Name Information - Detect (@dwisiswant0) [info]
[wikipedia] Wikipedia User Name Information - Detect (@dwisiswant0) [info]
[wimkin-publicprofile] Wimkin-PublicProfile User Name Information - Detect
(@dwisiswant0) [info]
[wireclub] Wireclub User Name Information - Detect (@dwisiswant0) [info]
[wishlistr] Wishlistr User Name Information - Detect (@dwisiswant0) [info]
[wolni-slowianie] Wolni Słowianie User Name Information - Detect (@dwisiswant0)
[info]
[wordnik] Wordnik User Name Information - Detect (@dwisiswant0) [info]
[wordpress-support] WordPress Support User Name Information - Detect (@dwisiswant0)
[info]
[wordpress] WordPress User Name Information - Detect (@dwisiswant0) [info]
[wowhead] Wowhead User Name Information - Detect (@dwisiswant0) [info]
[wykop] Wykop User Name Information - Detect (@dwisiswant0) [info]
[xanga] Xanga User Name Information - Detect (@dwisiswant0) [info]
[xbox-gamertag] Xbox Gamertag User Name Information - Detect (@dwisiswant0) [info]
[xhamster] XHamster User Name Information - Detect (@dwisiswant0) [info]
[xing] Xing User Name Information - Detect (@dwisiswant0) [info]
[xvideos-models] XVIDEOS-models User Name Information - Detect (@dwisiswant0)
[info]
[xvideos-profiles] XVIDEOS-profiles User Name Information - Detect (@dwisiswant0)
[info]
[yahoo-japan-auction] Yahoo! JAPAN Auction User Name Information - Detect
(@dwisiswant0) [info]
[yapishu] Yapishu User Name Information - Detect (@dwisiswant0) [info]
[yazawaj] Yazawaj User Name Information - Detect (@dwisiswant0) [info]
[yelp] Yelp User Name Information - Detect (@dwisiswant0) [info]
[yeswehack] Yeswehack User Name Information - Detect (@philippedelteil) [info]
[youpic] Youpic User Name Information - Detect (@dwisiswant0) [info]
[youtube] YouTube User Name Information - Detect (@dwisiswant0) [info]
[zatrybipl] Zatrybi.pl User Name Information - Detect (@dwisiswant0) [info]
[zbiornik] Zbiornik User Name Information - Detect (@dwisiswant0) [info]
[zhihu] Zhihu User Name Information - Detect (@dwisiswant0) [info]
[zillow] Zillow User Name Information - Detect (@dwisiswant0) [info]
[zmarsacom] Zmarsa.com User Name Information - Detect (@dwisiswant0) [info]
[zomato] Zomato User Name Information - Detect (@dwisiswant0) [info]
[zoomitir] Zoomitir User Name Information - Detect (@dwisiswant0) [info]
[aftership-takeover] Aftership - Subdomain Takeover Detection (@pdteam) [high]
[agilecrm-takeover] AgileCRM Takeover Detection (@pdteam) [high]
[aha-takeover] Aha - Subdomain Takeover Detection (@pdteam) [high]
[airee-takeover] Airee Takeover Detection (@pdteam) [high]
[anima-takeover] Anima Takeover Detection (@pdteam) [high]
[announcekit-takeover] Announcekit Takeover Detection (@melbadry9) [high]
[aws-bucket-takeover] AWS Bucket Takeover Detection (@pdteam,@pwnhxl,@zy9ard3)
[high]
[bigcartel-takeover] Bigcartel Takeover Detection (@pdteam) [high]
[bitbucket-takeover] Bitbucket Takeover Detection (@pdteam) [high]
[campaignmonitor-takeover] CampaignMonitor Takeover Detection (@pdteam) [high]
[canny-takeover] Canny Takeover Detection (@pdteam) [high]
[cargo-takeover] cargo takeover detection (@pdteam) [high]
[cargocollective-takeover] CargoCollective Takeover Detection (@pdteam) [high]
[clever-takeover] Clever Cloud - Subdomain Takeover Detection (@supr4s) [high]
[flexbe-takeover] Flexbe Subdomain Takeover (@0x_akoko) [high]
[frontify-takeover] frontify takeover detection (@pdteam) [high]
[gemfury-takeover] Gemfury Takeover Detection (@pdteam,@daffainfo) [high]
[getresponse-takeover] Getresponse Takeover Detection (@pdteam) [high]
[ghost-takeover] ghost takeover detection (@pdteam) [high]
[gitbook-takeover] gitbook takeover detection (@philippedelteil) [high]
[github-takeover] Github Takeover Detection (@pdteam,@th3r4id) [high]
[gohire-takeover] GoHire Takeover Detection (@philippedelteil) [high]
[hatenablog-takeover] Hatenablog Takeover Detection (@pdteam) [high]
[helpdocs-takeover] HelpDocs Takeover Detection (@philippedelteil) [high]
[helpjuice-takeover] helpjuice takeover detection (@pdteam) [high]
[helprace-takeover] Helprace Takeover Detection (@pdteam) [high]
[helpscout-takeover] helpscout takeover detection (@pdteam) [high]
[hubspot-takeover] hubspot takeover detection (@pdteam) [high]
[intercom-takeover] Intercom Takeover Detection (@pdteam) [high]
[jazzhr-takeover] jazzhr takeover detection (@pdteam) [high]
[jetbrains-takeover] Jetbrains Takeover Detection (@pdteam) [high]
[kinsta-takeover] kinsta takeover detection (@pdteam) [high]
[launchrock-takeover] Launchrock Takeover Detection (@pdteam) [high]
[leadpages-takeover] Leadpages takeover detection (@philippedelteil) [high]
[lemlist-takeover] Lemlist - Subdomain Takeover Detection (@kresec) [high]
[mashery-takeover] mashery takeover detection (@pdteam) [high]
[meteor-takeover] Meteor subdomain takeover (@rivalsec) [high]
[netlify-takeover] netlify takeover detection (@0xprial,@pdteam) [high]
[ngrok-takeover] Ngrok Takeover Detection (@pdteam) [high]
[pagewiz-takeover] Pagewiz subdomain takeover (@brabbit10) [high]
[pantheon-takeover] Pantheon Takeover Detection (@pdteam) [high]
[pingdom-takeover] Pingdom Takeover Detection (@pdteam) [high]
[proposify-takeover] proposify takeover detection (@pdteam) [high]
[readme-takeover] Readme.io Takeover Detection (@pdteam) [high]
[readthedocs-takeover] Read the Docs Takeover Detection (@pdteam) [high]
[shopify-takeover] shopify takeover detection (@pdteam,@philippedelteil,@imjust0)
[high]
[short-io-takeover] Short.io takeover detection (@philippedelteil) [high]
[simplebooklet-takeover] simplebooklet takeover detection (@pdteam) [high]
[smartjob-takeover] Smartjob Takeover Detection (@pdteam) [high]
[smugmug-takeover] Smugmug Takeover Detection (@pdteam) [high]
[softr-takeover] Softr.io Takeover Detection (@philippedelteil) [high]
[sprintful-takeover] Sprintful Takeover (@mhdsamx) [high]
[squadcast-takeover] Squadcast Takeover Detection (@philippedelteil) [high]
[strikingly-takeover] Strikingly Takeover Detection (@pdteam) [high]
[surge-takeover] surge takeover detection (@pdteam) [high]
[surveygizmo-takeover] surveygizmo takeover detection (@pdteam) [high]
[surveysparrow-takeover] SurveySparrow takeover detection (@philippedelteil) [high]
[tave-takeover] tave takeover detection (@pdteam) [high]
[teamwork-takeover] Teamwork Takeover Detection (@pdteam) [high]
[tilda-takeover] tilda takeover detection (@pdteam) [high]
[tumblr-takeover] tumblr takeover detection (@pdteam,@philippedelteil) [high]
[uberflip-takeover] Uberflip Takeover Detection (@pdteam) [high]
[uptime-takeover] Uptime Takeover Detection (@philippedelteil) [high]
[uptimerobot-takeover] uptimerobot takeover detection (@pdteam) [low]
[uservoice-takeover] Uservoice Takeover Detection (@miryangjung) [high]
[vend-takeover] vend takeover detection (@pdteam) [high]
[vercel-takeover] Vercel Takeover Detection (@brianlam38) [high]
[wishpond-takeover] Wishpond Takeover Detection (@pdteam) [high]
[wix-takeover] Wix Takeover Detection (@harshinsecurity,@philippedelteil) [high]
[wordpress-takeover] WordPress takeover detection (@pdteam,@geeknik) [high]
[worksites-takeover] Worksites Takeover Detection (@melbadry9,@dogasantos) [high]
[wufoo-takeover] wufoo takeover detection (@pdteam) [high]
[zendesk-takeover] Zendesk Takeover Detection (@pdteam) [high]
[4D-detect] 4D Detection (@righettod) [info]
[abyss-web-server] Detect Abyss Web Server (@pussycat0x) [info]
[acontent-detect] AContent Detect (@pikpikcu) [info]
[activecollab-detect] activecollab detect (@ffffffff0x) [info]
[adfs-detect] ADFS Detect (@adam crosser) [info]
[admiralcloud-detect] AdmiralCloud - Detect (@righettod) [info]
[adobe-coldfusion-detect] Adobe ColdFusion Detector (@philippedelteil) [info]
[adobe-coldfusion-error-detect] Adobe ColdFusion Detector (@philippedelteil) [info]
[aem-cms] AEM Finder (@swissky) [info]
[aem-detect] Favicon based AEM Detection (@shifacyclewala,@hackergautam) [info]
[aerocms-detect] AeroCMS Detect (@pikpikcu) [info]
[airtame-device-detect] Airtame Device Detect (@princechaddha) [info]
[akamai-cache-detect] Akamai Cache Detection (@nybble04) [info]
[akamai-detect] akamai cdn detection (@pdteam) [info]
[ambassador-edgestack-detect] Ambassador Edge Stack - Detect (@ja1sh) [info]
[angular-detect] Angular detect (@techbrunchfr) [info]
[ansible-awx-detect] Ansible AWX Detection (@adam crosser) [info]
[airflow-detect] Apache Airflow (@pdteam) [info]
[apache-answer-detect] Apache Answer - Detection (@omranisecurity) [info]
[apache-axis-detect] apache-axis-detect (@dogasantos) [info]
[apache-cocoon-detect] Apache Cocoon detect (@ffffffff0x) [info]
[apache-detect] Apache Detection (@philippedelteil) [info]
[apache-dubbo-detect] Apache dubbo detect (@ffffffff0x) [info]
[apache-guacamole] Apache Guacamole Login Page and version detection (@r3dg33k)
[info]
[apache-karaf-panel] Apache Karaf Detect (@s0obi) [info]
[apache-tapestry-detect] Apache Tapestry Framework detect (@pikpikcu) [info]
[apache-zeppelin-detect] Apache Zeppelin detect (@pikpikcu) [info]
[default-apache-test-all] Apache HTTP Server Test Page (@andydoering) [info]
[default-apache-test-page] Apache HTTP Server Test Page (@dhiyaneshdk) [info]
[default-apache2-page] Apache2 Default Test Page (@dhiyaneshdk) [info]
[default-apache2-ubuntu-page] Apache2 Ubuntu Default Page (@dhiyaneshdk) [info]
[kafka-manager-panel] Kafka Manager Panel (@ritikchaddha) [info]
[ranger-detection] Apache Ranger Detection (@for3stco1d) [info]
[tomcat-detect] Tomcat Detection (@philippedelteil,@dhiyaneshdk,@adamcrosser)
[info]
[xampp-default-page] XAMPP Default Page (@dhiyaneshdk) [info]
[apollo-server-detect] Apollo Server GraphQL Introspection - Detect (@idealphase)
[info]
[appcms-detect] AppCms Detect (@princechaddha) [info]
[apple-httpserver] Apple HttpServer Detect (@pikpikcu) [info]
[aqua-enterprise-detect] Aqua Enterprise Detect (@daffainfo) [info]
[arcgis-rest-api] ArcGIS Exposed REST API documentation (@podalirius) [info]
[arcgis-token-service] ArcGIS Token Service - Detect (@heeress) [info]
[artica-web-proxy-detect] Artica Web Proxy Detect (@dwisiswant0) [info]
[atlassian-connect-descriptor] Atlassian Connect Descriptor - Detect (@pussycat0x)
[info]
[autobahn-python-detect] Autobahn-Python Webserver Detect (@pussycat0x) [info]
[avideo-detect] Avideo Detect (@pikpikcu) [info]
[elastic-beanstalk-detect] AWS Elastic Beanstalk Detect (@pussycat0x) [info]
[amazon-ec2-detect] Amazon EC2 Server Detect (@ritikchaddha) [info]
[aws-bucket-service] Detect websites using AWS bucket storage (@pdteam) [info]
[aws-cloudfront-service] AWS Cloudfront service detection (@jiheon-dev) [info]
[aws-detect] AWS Service - Detect (@6mile) [info]
[azure-kubernetes-service] Detect Azure Kubernetes Service (@dhiyaneshdk) [info]
[b2b-builder-detect] B2BBuilder Detect (@ffffffff0x) [info]
[bamboo-detect] Bamboo - Detection (@bhutch) [info]
[basic-auth-detect] Basic Auth Detection (@w4cky_,@bhutch) [info]
[besu-server-detect] Besu JSON-RPC HTTP Server - Detect (@nullfuzz) [info]
[bigbluebutton-detect] BigBlueButton Detect (@pikpikcu) [info]
[bigip-config-utility] BIG-IP Configuration Utility detected (@dwisiswant0) [info]
[bigip-detect] BIGIP - Detection (@pr3r00t,@0x240x23elu) [info]
[blazor-webassembly-detect] Blazor WebAssembly - Detect (@righettod) [info]
[boa-web-server] Boa Web Server - Detect (@johnk3r) [info]
[burp-rest-api-detect] Burp Rest API Server Running (@joanbono) [info]
[burp-collaborator-detect] Burp Collaborator Server - Detect (@lum8rjack) [info]
[carestream-vue-detect] CARESTREAM Vue Motion Detector (@philippedelteil) [info]
[casaos-detection] CasaOS Detection (@pdteam) [info]
[catalog-creator-detect] CATALOGcreator Page Login Panel - Detect (@ritikchaddha)
[info]
[celebrus-detect] Celebrus - Detect (@righettod) [info]
[checkpoint-mobile-detect] Check Point Mobile SSL VPN - Detect (@righettod) [info]
[chevereto-detect] Chevereto detect (@pikpikcu) [info]
[cisco-asa-detect] Cisco ASA - Detect (@sdcampbell) [info]
[citrix-hypervisor-page] Citrix Hypervisor Page Detection (@pussycat0x) [info]
[citrix-xenmobile-version] Citrix XenMobile Version - Detect (@puben) [info]
[cloudflare-nginx-detect] Cloudflare Nginx Detect (@idealphase) [info]
[cloudfoundry-detect] Cloudfoundry Detect (@uomogrande) [info]
[cobbler-version] Cobbler Version Detection (@c-sh0) [info]
[cockpit-detect] Detect Agentejo Cockpit (@dwisiswant0) [info]
[coming-soon-page-detect] Coming Soon Page Detect (@tess) [info]
[confluence-detect] Confluence Detection (@philippedelteil,@adamcrosser,@6mile)
[info]
[connectwise-control-detect] ConnectWise Control Detect (@pikpikcu) [info]
[couchbase-sync-gateway] Couchbase Sync Gateway (@dhiyaneshdk) [info]
[cowboy-detect] Cowboy - Detect (@sechunt3r) [info]
[craft-cms-detect] Craft CMS Detect (@skeltavik) [info]
[craftercms-detect] CrafterCMS - Detect (@righettod) [info]
[csrf-guard-detect] OWASP CSRFGuard 3.x/4.x - Detect (@forgedhallpass) [info]
[cvsweb-detect] CVSweb - Detect (@lu4nx) [info]
[dash-panel-detect] Dash Panel Detect (@tess) [info]
[dedecms-detect] DedeCMS Detect (@ritikchaddha,@pphuahua) [info]
[default-amazon-cognito] Amazon Cognito Developer Authentication Sample - Detect
(@pussycat0x) [info]
[default-apache-miracle] Default Apache Miracle Linux Web Server Page
(@dhiyaneshdk) [info]
[default-apache-shiro] Apache Shiro Default Page (@dhiyaneshdk) [info]
[default-asp-net-page] ASP.Net Test Page (@dhiyaneshdk) [info]
[default-cakephp-page] CakePHP Default Page (@dhiyaneshdk) [info]
[default-centos-test-page] CentOs-WebPanel Test Page (@dhiyaneshdk) [info]
[default-codeigniter-page] Default CodeIgniter Page (@dhiyaneshdk) [info]
[default-detect-generic] Default Web Application Detection (@andydoering) [info]
[default-django-page] Django Default Page (@dhiyaneshdk) [info]
[default-fastcgi-page] Fastcgi Default Test Page (@dhiyaneshdk) [info]
[default-fedora-page] Fedora Default Test Page (@dhiyaneshdk) [info]
[default-glassfish-server-page] GlassFish Server Default Page
(@dhiyaneshdk,@righettod) [info]
[default-jetty-page] Jetty Default Page (@dhiyaneshdk) [info]
[lighttpd-default] lighttpd Default Page (@dhiyaneshdk) [info]
[lighttpd-placeholder-page] Lighttpd Placeholder Page (@idealphase) [info]
[default-lucee-page] Lucee Default Page (@dhiyaneshdk) [info]
[default-movable-page] Movable Default Page (@dhiyaneshdk) [info]
[default-openresty] OpenResty Default Page (@dhiyaneshdk) [info]
[default-page-azure-container] Azure Container Instance Default Page (@dhiyaneshdk)
[info]
[default-parallels-plesk] Default Parallels Plesk Panel Page (@dhiyaneshdk) [info]
[default-payara-server-page] Payara Server Default Page (@dhiyaneshdk) [info]
[default-plesk-page] Plesk Default Test Page (@dhiyaneshdk) [info]
[default-redhat-test-page] Red Hat Enterprise Linux Test Page (@dhiyaneshdk) [info]
[default-runcloud-page] RunCloud Default Page (@pussycat0x) [info]
[sitecore-default-page] Sitecore Default Page - Detect (@dhiyaneshdk,@randomdhiraj)
[info]
[default-ssltls-test-page] SSL/TLS-aware Test Page (@dhiyaneshdk) [info]
[default-symfony-page] Symfony Default Page (@pussycat0x) [info]
[default-tengine-page] Tengine Default Page (@pussycat0x) [info]
[default-websphere-liberty] WebSphere Liberty Default Page (@oppsec) [info]
[dell-dpi-panel] Dell DPI Remote Power Management - Detect (@megamansec) [info]
[dell-idrac6-detect] Detect Dell iDRAC6 (@kophjager007) [info]
[dell-idrac7-detect] Detect Dell iDRAC7 (@kophjager007) [info]
[dell-idrac8-detect] Detect Dell iDRAC8 (@kophjager007) [info]
[dell-idrac9-detect] Detect Dell iDRAC9 (@kophjager007) [info]
[detect-sentry] Detect Sentry Instance (@sicksec) [info]
[devexpress-detect] DevExpress - Detect (@cravaterouge) [info]
[directus-detect] Directus - Detect (@ricardomaia) [info]
[dreambox-detect] DreamBox Detect (@pikpikcu) [info]
[drupal-detect] Drupal Detection (@1nf1n7y) [info]
[dwr-index-detect] DWR detect test page detection (@pussycat0x) [low]
[ecology-detect] Ecology Detection (@ritikchaddha) [info]
[eg-manager-detect] eG Manager Detect (@pikpikcu) [info]
[elasticsearch-sql-client-detect] Elasticsearch - SQL Client Detection
(@pussycat0x) [low]
[element-web-detect] Element Web - Detect (@davidegirardi) [info]
[elfinder-detect] elFinder - Install Detection (@pikpikcu) [info]
[elfinder-version] elFinder 2.1.58 - Remote Code Execution (@idealphase) [critical]
[empirecms-detect] EmpireCMS Detect (@princechaddha) [info]
[emqx-detect] Emqx Detection (@for3stco1d) [info]
[erigon-server-detect] Erigon JSON-RPC HTTP Server - Detect (@nullfuzz) [info]
[erxes-detect] Erxes Detect (@princechaddha) [info]
[express-default-page] Express Default Page (@dhiyaneshdk) [info]
[eyesofnetwork-detect] EyesOfNetwork Detect (@praetorian-thendrickson) [info]
[fanruanoa-detect] FanRuanOA-detect (@yanyun) [info]
[fanruanoa2012-detect] FanRuanOA2012-detect (@yanyun) [info]
[fastjson-version] Fastjson Version Detection (@yuansec) [info]
[favicon-detect] favicon-detection (@un-fmunozs,@dhiyaneshdk,@idealphase) [info]
[fingerprinthub-web-fingerprints] FingerprintHub Technology Fingerprint
(@pdteam,@righettod) [info]
[froxlor-detect] Froxlor Detect (@pikpikcu) [info]
[gabia-server-detect] Gabia Server - Detection (@jadu101) [info]
[geo-webserver-detect] GeoWebServer Detector Panel - Detect
(@dhiyaneshdk,@daffainfo) [info]
[geth-server-detect] Go Ethereum JSON-RPC HTTP Server - Detect (@nullfuzz) [info]
[getsimple-cms-detect] GetSimple CMS Detection (@pikpikcu,@philippedelteil) [info]
[gilacms-detect] GilaCMS Detect (@pikpikcu) [info]
[gitbook-detect] GitBook Detect (@ffffffff0x,@daffainfo) [info]
[gitea-detect] Gitea Detect (@pikpikcu) [info]
[glpi-status-page] GLPI Status Page - Detect (@canberbamber) [info]
[gnuboard-detect] Gnuboard CMS - Detect (@gy741) [info]
[goliath-detect] Goliath Detection (@geeknik) [info]
[google-frontend-httpserver] Google frontend HttpServer (@pikpikcu) [info]
[chromecast-detect] Google Chromecast - Detect (@luciannitescu) [info]
[cloud-run-default-page] Google Cloud Run Default Page (@dhiyaneshdk) [info]
[firebase-detect] firebase detect (@organiccrap) [low]
[firebase-urls] Google Firebase DB URL Finder (@panch0r3d) [info]
[google-bucket-service] Detect websites using Google bucket storage (@pdteam)
[info]
[gstorage-detect] Google Bucket detection (@0xteles) [info]
[gotweb-detect] GotWeb Detect (@lu4nx) [info]
[graphiql-detect] GraphiQL Detect (@adam crosser) [info]
[graphql-detect] GraphQL API Detection (@nkxxkn,@elsfa7110,@ofjaaah,@exceed) [info]
[grav-cms-detect] Grav CMS Detect (@cyllective) [info]
[graylog-api-browser] Detect Graylog REST API (@pr3r00t) [info]
[gunicorn-detect] Detect Gunicorn Server (@joanbono) [info]
[hanwang-detect] hanwang-detect (@ffffffff0x) [info]
[harbor-detect] Harbor Detect (@pikpikcu,@daffainfo) [info]
[hashicorp-boundary-detect] HashiCorp Boundary Detect (@codexlynx) [info]
[hashicorp-vault-detect] HashiCorp Vault Detect (@adam crosser) [info]
[hcpanywhere-detect] HCP Anywhere - Detect (@righettod) [info]
[herokuapp-detect] Detect websites using Herokuapp endpoints (@alifathi-
h1,@righettod) [info]
[hetzner-cloud-detect] Hetzner Cloud Detect (@dhiyaneshdk) [info]
[hikvision-detect] Hikvision Panel (@pdteam,@its0x08) [info]
[honeypot-detect] Honeypot Detection (@j4vaovo) [info]
[hp-blade-system] HP BladeSystem Onboard Administrator Panel - Detector
(@pussycat0x) [info]
[hp-media-vault-detect] HP Media Vault Detect (@pussycat0x) [info]
[hugo-detect] Hugo Detect (@daffainfo) [info]
[ibm-decision-runner] IBM Decision Runner - Detect (@dhiyaneshdk) [info]
[ibm-decision-server-runtime] IBM Decision Server Runtime Panel- Detect
(@dhiyaneshdk) [info]
[ibm-http-server] Default IBM HTTP Server (@dhiyaneshdk,@pussycat0x) [info]
[ibm-odm-detect] IBM Operational Decision Manager - Detect (@dhiyaneshdk) [info]
[ibm-sterling-detect] IBM Sterling File Gateway Detect (@princechaddha) [info]
[icecast-mediaserver-detect] Icecast Streaming Media Server Information Panel -
Detect (@pussycat0x) [info]
[icecast-server-detect] Icecast Streaming Media Server Detection (@theamanrawat)
[info]
[identity-server-v3-detect] Identity Server V3 - Detect (@righettod) [info]
[ilo-detect] HP iLO (@milo2012) [info]
[imgproxy-detect] Imgproxy Detect (@userdehghani) [info]
[impresscms-detect] ImpressCMS Detect (@princechaddha) [info]
[influxdb-version-detect] InfluxDB Version Information - Detect (@c-sh0) [info]
[interactsh-server] Interactsh Server (@pdteam) [info]
[intercom] Intercom widget detection (@tess) [info]
[iparapheur-detect] Iparapheur - Detect (@righettod) [info]
[iplanet-web-server] Detect iPlanet Webserver Detection (@pussycat0x) [info]
[ispyconnect-detect] iSpyConnect - Detect (@arafatansari) [info]
[jboss-detect] JBoss detected (@daffainfo,@idealphase) [info]
[jeecg-boot-detect] Jeecg-Boot Detect (@pikpikcu) [info]
[jellyfin-detect] Jellyfin detected (@dwisiswant0) [info]
[jenkins-detect] Jenkins Detection (@philippdelteil,@daffainfo,@c-sh0,@adamcrosser)
[info]
[jhipster-detect] JHipster Detect (@righettod) [info]
[jira-detect] Jira Detect (@pdteam,@philippedelteil,@adamcrosser) [info]
[jira-serverinfo] Jira Rest API Server Information (@pdteam) [info]
[jitsi-meet-detect] Jitsi Meet Page Detect (@dhiyaneshdk) [info]
[jolokia-detect] Jolokia Version Disclosure (@mavericknerd,@dwisiswant0) [info]
[joomla-detect] Joomla! Detect (@ricardomaia) [info]
[jsf-detect] JavaServer Faces Detection (@brenocss,@moritz nentwig) [info]
[json-server] Json Server (@dhiyaneshdk) [low]
[jspxcms-detect] Jspxcms Detect (@princechaddha) [info]
[kingsoft-webserver-detect] Kingsoft Web Server Detect (@princechaddha) [info]
[kodexplorer-detect] KodExplorer-detect (@ffffffff0x) [info]
[kong-detect] Detect Kong (@geeknik,@joshlarsen) [info]
[kubernetes-operational-view-detect] Kubernetes Operational View Detect
(@idealphase) [info]
[etcd-version] Etcd Version - Detect (@pussycat0x) [info]
[kube-api-deployments] Kube API Deployments (@sharath) [info]
[kube-api-namespaces] Kube API Namespaces (@sharath) [info]
[kube-api-nodes] Kube API Nodes (@sharath,@ritikchaddha) [info]
[kube-api-pods] Kube API Pods (@sharath) [info]
[kube-api-secrets] Kube API Secrets (@sharath) [info]
[kube-api-services] Kube API Services (@sharath) [info]
[kube-api-version] Kube API Version (@sharath,@raesene) [info]
[kubelet-healthz] Kubelet Healthz (@sharath) [info]
[kubelet-metrics] Kubelet Metrics (@sharath) [info]
[kubelet-pods] Kubelet Scan (@sharath) [info]
[kubelet-scan] Kubelet Running Pods (@sharath) [info]
[kubelet-stats] Kubelet Stats (@sharath) [info]
[kubernetes-version] Kubernetes Version Exposure (@raesene,@idealphase) [info]
[landesk-csa] LANDESK(R) Cloud Services Appliance Detect (@0xnirvana) [info]
[landesk-ma] LANDESK(R) Management Agent Detect (@0xnirvana) [info]
[lexmark-detect] Lexmark Device Detect (@princechaddha) [info]
[limesurvey-detect] LimeSurvey Survey Software - Detect (@matt galligan) [info]
[linkerd-badrule-detect] Linkerd detection via bad rule (@dudez) [info]
[livehelperchat-detect] Live Helper Chat Detect (@pikpikcu,@ricardomaia) [info]
[lotus-domino-version] Lotus Domino Version Extractor (@caspergn) [info]
[lucee-detect] Detect Lucee (@geeknik,@dhiyaneshdk) [info]
[lucy-admin-panel] Lucy Security Admin Panel (@ritikchaddha) [info]
[magento-detect] Magento Detect (@techbrunchfr) [info]
[eol-magento] Magento End-of-life Detect (@dogancanbakir) [info]
[magento-version-detect] Magento Version Detect (@sullo,@dogancanbakir) [info]
[magmi-detect] MAGMI (Magento Mass Importer) Plugin Detect (@dwisiswant0) [info]
[maian-cart-detect] Maian Cart Detection (@pdteam) [info]
[mappproxy-detect] Mapproxy - Detect (@philippedelteil) [info]
[matrix-detect] Matrix Server Detect (@erethon) [info]
[matrix-homeserver-detect] Matrix Homeserver - Version Detection (@davidegirardi)
[info]
[meilisearch-detect] Meilisearch - Detect (@userdehghani) [info]
[metatag-cms] Metatag CMS Detection (@dadevel) [info]
[microfocus-iprint-detect] Micro Focus iPrint Appliance - Detect (@righettod)
[info]
[microsoft-iis-8] Microsoft Internet Information Services 8 (@dhiyaneshdk) [info]
[aspnet-version-detect] AspNet Version Disclosure - Detect
(@lucky0x0d,@pulsesecurity.co.nz) [info]
[aspnetmvc-version-disclosure] AspNetMvc Version - Detect
(@lucky0x0d,@pulsesecurity.co.nz) [info]
[default-iis7-page] IIS-7 Default Page (@dhiyaneshdk) [info]
[default-microsoft-azure-page] Microsoft Azure Default Page (@dhiyaneshdk) [info]
[default-windows-server-page] IIS Windows Server Default Page (@dhiyaneshdk) [info]
[microsoft-iis-version] Microsoft IIS version detect (@wlayzz) [info]
[microsoft-sharepoint-detect] Microsoft SharePoint Detect (@p-l-) [info]
[ms-exchange-server] Microsoft Exchange Server Detect (@pikpikcu,@dhiyaneshdk)
[info]
[sql-server-reporting] Detect Microsoft SQL Server Reporting (@puzzlepeaches)
[info]
[microstrategy-detect] MicroStrategy Instances Detection Template
(@philippedelteil,@retr02332) [info]
[microweber-detect] Microweber Detect (@princechaddha) [info]
[mikrotik-httpproxy] MikroTik httpproxy (@its0x08,@dhiyaneshdk) [info]
[moinmoin-detect] MoinMoin wiki detect (@cyllective) [info]
[mojoportal-detect] Mojoportal - Detect (@pikpikcu) [info]
[mongoose-server] Mongoose Server (@lu4nx) [info]
[monstracms-detect] MonstraCMS Detection (@ritikchaddha) [info]
[moveit-transfer-detect] Moveit File Transfer - Detect (@tess) [info]
[mrtg-detect] Detect MRTG (@geeknik) [info]
[nacos-version] Nacos - Detect (@arm!tage) [info]
[neos-detect] Neos CMS detection (@k11h-de) [info]
[nethermind-server-detect] Nethermind JSON-RPC HTTP Server - Detect (@nullfuzz)
[info]
[netsweeper-webadmin-detect] Netsweeper WebAdmin - Detect (@dwisiswant0) [info]
[nextcloud-detect] Nextcloud Detect (@skeltavik) [info]
[owncloud-status-page] Owncloud StatusPage detection (@myztique,@invisiblethreat)
[info]
[nexus-detect] Nexus Repository Manager (NRM) Instance Detection Template
(@righettod) [info]
[default-nginx-page] Nginx Default Test Page (@dhiyaneshdk) [info]
[nginx-linux-page] Nginx HTTP Server Amazon Linux (@dhiyaneshdk) [info]
[nginx-version] Nginx version detect (@philippedelteil,@daffainfo) [info]
[apache-nifi-detect] Apache NiFi detect (@dwisiswant0) [info]
[nimplant-c2] NimPlant C2 Server - Detect (@ja1sh) [info]
[nimsoft-wasp] Nimsoft Wasp Detection (@nullfuzz) [info]
[node-red-detect] Node-RED Dashboard - Detect (@pikpikcu) [info]
[notion-detect] Notion Detect (@tess) [info]
[ntop-detect] Ntop Detect Panel - Detect (@pussycat0x) [info]
[oauth2-detect] OAuth 2.0 Authorization Server Detection Template (@righettod)
[info]
[octobercms-detect] OctoberCMS detect (@cyllective) [info]
[oidc-detect] Detect OpenID Connect provider (@jarijaas) [info]
[olivetti-crf-detect] Olivetti CRF Detect (@pussycat0x) [info]
[omni-commerce-connect-detect] Omni Commerce Connect (OCC) Rest APIs
(@techbrunchfr) [info]
[oneblog-detect] OneBlog Detect (@pikpikcu,@daffainfo) [info]
[open-journal-systems] Open Journal Systems Detect (@ricardomaia) [info]
[open-virtualization-manager-detect] Open Virtualization Manager Detection
(@idealphase) [info]
[openai-plugin] OpenAI Plugin Detection (@pdteam) [info]
[openethereum-server] OpenEthereum JSON-RPC HTTP Server Detect (@nullfuzz) [info]
[opnhap-detect] OpenHAP Detection (@fabaff) [info]
[openproject-detect] OpenProject - Detect (@ricardomaia) [info]
[openresty-detect] OpenResty detection (@jcockhren) [info]
[openssl-detect] Openssl Detect (@h4kux,@princechaddha) [info]
[operations-automation-default-page] Operations Automation Default Page
(@dhiyaneshdk) [info]
[oracle-httpserver12c] Oracle HTTPServer12c (@tess,@dhiyaneshdk) [info]
[default-oracle-application-page] Oracle Application Server Containers
(@dhiyaneshdk,@righettod) [info]
[oracle-access-manager-detect] Oracle Access Manager Detect (@tess) [info]
[oracle-atg-commerce] Oracle ATG Commerce Panel - Detect (@dale clarke) [info]
[oracle-dbass-detect] Oracle DBaaS Monitor Detect (@pussycat0x) [info]
[oracle-dbcs] Oracle Database as a Service (@pussycat0x) [info]
[oracle-iplanet-web-server] Detect Oracle-iPlanet-Web-Server (@pussycat0x) [info]
[oracle-webcenter-sites] Oracle WebCenter Sites (@leovalcante) [info]
[orbit-telephone-detect] Orbit Telephone System - Detect (@heeress) [info]
[osquery-fleet-detect] OSQuery Fleet Detection Panel - Detect (@adam crosser)
[info]
[owasp-juice-shop-detect] OWASP Juice Shop (@pikpikcu) [info]
[pagespeed-detect] Pagespeed Detection (@geeknik) [info]
[payara-micro-detect] Payara Micro Detect (@pikpikcu) [info]
[pbootcms-detect] PbootCMS Detect (@princechaddha,@daffainfo) [info]
[pega-detect] Pega Infinity Detection (@sshell) [info]
[pexip-detect] Pexip - Detect (@righettod) [info]
[php-detect] PHP Detect (@y0no) [info]
[php-fusion-detect] PHP Fusion Detect (@pikpikcu) [info]
[php-proxy-detect] PHP Proxy Detect (@pikpikcu) [info]
[phplist-detect] phpList - Detect (@ricardomaia) [info]
[phppgadmin-version] PhpPgAdmin Version Information - Detect (@dr0pd34d) [info]
[pi-hole-panel] Pi-hole Login Panel - Detect (@geeknik) [info]
[piwigo-detect] Piwigo Detect (@pikpikcu) [info]
[plone-cms-detect] Plone CMS detect (@cyllective) [info]
[prestashop-detect] PrestaShop Tech Detection (@pdteam) [info]
[privatebin-detect] PrivateBin - Detect (@righettod) [info]
[projectsend-detect] ProjectSend Login Panel - Detect (@idealphase) [info]
[prtg-detect] Detect PRTG (@geeknik) [info]
[puppet-node-manager-detect] Puppet Node Manager (@pussycat0x) [info]
[puppetdb-detect] PuppetDB Detection (@c-sh0) [info]
[puppetserver-detect] Puppetserver Detection (@c-sh0) [info]
[pypiserver-detect] PyPI Server Detect (@ritikchaddha) [info]
[redcap-detector] REDCap detector (@philippedelteil,@retr0) [info]
[redmine-cli-detect] Detect Redmine CLI Configuration File (@geeknik) [info]
[rhymix-cms-detect] Rhymix CMS Detect (@gy741) [info]
[rosariosis-detect] Rosariosis Detect (@princechaddha) [info]
[roundcube-webmail-portal] Roundcube webmail (@ritikchaddha) [info]
[rseenet-detect] Advantech R-SeeNet Detection (@pdteam) [info]
[rsshub-detect] RSSHub Detect (@ritikchaddha) [info]
[s3-detect] Detect Amazon-S3 Bucket (@melbadry9) [info]
[samsung-smarttv-debug] Samsung SmartTV Debug Config (@pussycat0x) [info]
[sap-spartacus-detect] SAP Spartacus detect (@techbrunchfr) [info]
[sap-igs-detect] SAP Internet Graphics Server (IGS) Detection (@_generic_human_)
[info]
[sap-netweaver-detect] SAP NetWeaver ICM - Detect (@randomstr1ng,@righettod) [info]
[sap-nw-webgui] SAP NetWeaver WebGUI Detection (@randomstr1ng) [info]
[sap-web-dispatcher-admin-portal] SAP Web Dispatcher admin portal detection
(@randomstr1ng) [info]
[sap-web-dispatcher-detection] SAP Web Dispatcher detection (@randomstr1ng) [info]
[sceditor-detect] SCEditor Detect (@pikpikcu) [info]
[secui-waf-detect] SECUI WAF Panel - Detect (@gy741) [info]
[sharefile-storage-server] ShareFile Storage Server - Detect (@dhiyaneshdk) [info]
[shiro-detect] Detect Shiro Framework (@aresx) [info]
[shopizer-detect] Shopizer Detection (@pikpikcu) [info]
[shopware-detect] Shopware CMS detect (@cyllective,@pascalheidmann) [info]
[silverback-detect] Silverback MDM - Detection (@nodauf) [info]
[simplesamlphp-detect] SimpleSAMLphp - Detect (@righettod) [info]
[sitecore-cms] Sitecore CMS - Detect (@randomdhiraj) [info]
[sitecore-version] Sitecore version detection (@bernardofsr) [info]
[smartstore-detect] SmartStore Detect (@princechaddha) [info]
[smtp2go-detect] SMTP2GO Detect (@pikpikcu,@righettod) [info]
[snipeit-panel] Snipe-IT Panel - Detect (@pikpikcu) [info]
[sogo-detect] SOGo Detect (@righettod) [info]
[sonicwall-email-security-detect] SonicWall Email Security Panel - Detect (@gy741)
[info]
[sparklighter-detect] Spark Lighter Detection (@icarot) [info]
[spinnaker-detect] Spinnaker Detect (@adam crosser) [info]
[splash-rendering-service] Splash - Detect (@pussycat0x) [info]
[splunk-hec-detect] Splunk HEC - Detect (@idealphase) [info]
[spring-detect] Java Spring Detection (@adam crosser) [info]
[springboot-actuator] Detect Springboot Actuators
(@that_juan_,@dwisiswant0,@wdahlenb,@dr0pd34d) [info]
[springboot-whitelabel] SpringBoot WhiteLabel Error Page - Detect (@matt miller)
[info]
[statamic-detect] Statamic - Detect (@geeknik) [info]
[strapi-cms-detect] Strapi CMS detect (@cyllective,@daffainfo,@idealphase) [info]
[subrion-cms-detect] Subrion CMS Detect (@pikpikcu) [info]
[sucuri-firewall] Sucuri Website Firewall - Not Configured (@pussycat0x) [info]
[swag-instance-default-page] Swag Instance Default Page Panel - Detect
(@dhiyaneshdk) [info]
[switch-protocol] Switching Protocol Detection (@pdteam) [info]
[synology-web-station] Synology Web Station Page - Detect (@dhiyaneshdk) [info]
[tableau-server-detect] Detect Tableau Server (@techbrunchfr,@aringo) [info]
[tech-detect] Wappalyzer Technology Detection (@hakluke,@righettod) [info]
[telerik-dialoghandler-detect] Detect Telerik Web UI Dialog Handler
(@organiccrap,@zhenwarx,@nielsing) [info]
[telerik-fileupload-detect] Detect Telerik Web UI Fileupload Handler (@organiccrap)
[info]
[teradici-pcoip] Teradici PCoIP Detection (@pdteam) [info]
[terraform-detect] Detect Terraform Provider (@geeknik) [info]
[thinkcmf-detection] ThinkCMF Panel - Detect (@pikpikcu,@daffainfo) [info]
[thinkphp-detect] ThinkPHP - Detect (@pwnhxl) [info]
[tibco-businessconnect-detect] TIBCO BusinessConnect - Detect (@righettod) [info]
[tibco-spotfire-services-detect] TIBCO Spotfire Statistics Services - Detect
(@righettod) [info]
[tileserver-gl] TileServer GL Page - Detect (@dhiyaneshdk) [info]
[tinyproxy-detect] Tinyproxy - Detect (@bhutch) [info]
[tor-socks-proxy] Detect tor SOCKS proxy (@geeknik) [info]
[tornado-server-login] Tornado Server Panel - Detect (@tess) [info]
[typo3-detect] TYPO3 Detection (@dadevel) [info]
[uni-gui-framework] UniGUI Framework - Detect (@serrapa) [info]
[utility-service-detect] Utility Services Administration - Detect (@dhiyaneshdk)
[info]
[vbulletin-detect] vBulletin Detect (@ricardomaia) [info]
[versa-flexvnf-server] Versa FlexVNF Server (@c-sh0) [info]
[versa-analytics-server] Versa Analytics Server Detection (@c-sh0) [info]
[versa-director-api] Versa Director API Endpoint Detection (@c-sh0) [info]
[versa-networks-detect] Versa Networks Detection (@c-sh0) [info]
[vivotex-web-console-detect] VIVOTEK Web Console Detect (@pikpikcu) [info]
[vmware-detect] VMware Detection (@elouhi) [info]
[vmware-horizon-version] Vmware Horizon Version Detect (@veshraj) [info]
[vmware-site-recovery-manager] VMware Site Recovery Manager Panel - Detect
(@dhiyaneshdk) [info]
[vmware-vrealize] VMware vRealize (@milo2012) [info]
[waf-detect] WAF Detection (@dwisiswant0,@lu4nx) [info]
[web-ftp-detect] Web FTP Detection (@pussycat0x) [info]
[web-suite-detect] Web Suite Detect (@pikpikcu) [info]
[weblogic-detect] Detect Weblogic (@pdteam) [info]
[werkzeug-debugger-detect] Werkzeug debugger console (@pdteam) [info]
[wing-ftp-service-detect] Wing FTP Service - Detect (@ritikchaddha) [info]
[wms-server-detect] Wms-Server detect (@pikpikcu) [info]
[wondercms-detect] WonderCMS Detect (@pikpikcu) [info]
[wordpress-detect] WordPress Detect
(@pdteam,@daffainfo,@ricardomaia,@topscoder,@adamcrosser) [info]
[wordpress-ad-inserter] Ad Inserter – Ad Manager & AdSense Ads Detection
(@ricardomaia) [info]
[wordpress-add-to-any] AddToAny Share Buttons Detection (@ricardomaia) [info]
[wordpress-admin-menu-editor] Admin Menu Editor Detection (@ricardomaia) [info]
[wordpress-adminimize] Adminimize Detection (@ricardomaia) [info]
[wordpress-advanced-custom-fields] Advanced Custom Fields (ACF) Detection
(@ricardomaia) [info]
[wordpress-akismet] Akismet Anti-spam' Spam Protection Detection (@ricardomaia)
[info]
[wordpress-all-404-redirect-to-homepage] All 404 Redirect to Homepage Detection
(@ricardomaia) [info]
[wordpress-all-in-one-seo-pack] All in One SEO – Best WordPress SEO Plugin – Easily
Improve SEO Rankings & Increase Traffic Detection (@ricardomaia) [info]
[wordpress-all-in-one-wp-migration] All-in-One WP Migration Detection
(@ricardomaia) [info]
[wordpress-all-in-one-wp-security-and-firewall] All-In-One Security (AIOS) –
Security and Firewall Detection (@ricardomaia) [info]
[wordpress-amp] AMP Detection (@ricardomaia) [info]
[wordpress-antispam-bee] Antispam Bee Detection (@ricardomaia) [info]
[wordpress-astra-sites] Starter Templates — Elementor, WordPress & Beaver Builder
Templates Detection (@ricardomaia) [info]
[wordpress-astra-widgets] Astra Widgets Detection (@ricardomaia) [info]
[wordpress-autoptimize] Autoptimize Detection (@ricardomaia) [info]
[wordpress-backwpup] BackWPup – WordPress Backup Plugin Detection (@ricardomaia)
[info]
[wordpress-better-search-replace] Better Search Replace Detection (@ricardomaia)
[info]
[wordpress-better-wp-security] Solid Security – Password, Two Factor
Authentication, and Brute Force Protection Detection (@ricardomaia) [info]
[wordpress-black-studio-tinymce-widget] Black Studio TinyMCE Widget Detection
(@ricardomaia) [info]
[wordpress-breadcrumb-navxt] Breadcrumb NavXT Detection (@ricardomaia) [info]
[wordpress-breeze] Breeze – WordPress Cache Plugin Detection (@ricardomaia) [info]
[wordpress-broken-link-checker] Broken Link Checker Detection (@ricardomaia) [info]
[wordpress-child-theme-configurator] Child Theme Configurator Detection
(@ricardomaia) [info]
[wordpress-classic-editor] Classic Editor Detection (@ricardomaia) [info]
[wordpress-classic-widgets] Classic Widgets Detection (@ricardomaia) [info]
[wordpress-click-to-chat-for-whatsapp] Click to Chat – HoliThemes Detection
(@ricardomaia) [info]
[wordpress-cloudflare] Cloudflare Detection (@ricardomaia) [info]
[wordpress-cmb2] CMB2 Detection (@ricardomaia) [info]
[wordpress-coblocks] Page Builder Gutenberg Blocks – CoBlocks Detection
(@ricardomaia) [info]
[wordpress-code-snippets] Code Snippets Detection (@ricardomaia) [info]
[wordpress-coming-soon] Website Builder by SeedProd — Theme Builder, Landing Page
Builder, Coming Soon Page, Maintenance Mode Detection (@ricardomaia) [info]
[wordpress-complianz-gdpr] Complianz – GDPR/CCPA Cookie Consent Detection
(@ricardomaia) [info]
[wordpress-contact-form-7-honeypot] Honeypot for Contact Form 7 Detection
(@ricardomaia) [info]
[wordpress-contact-form-7] Contact Form 7 Detection (@ricardomaia) [info]
[wordpress-contact-form-cfdb7] Contact Form 7 Database Addon – CFDB7 Detection
(@ricardomaia) [info]
[wordpress-cookie-law-info] CookieYes | GDPR Cookie Consent & Compliance Notice
(CCPA Ready) Detection (@ricardomaia) [info]
[wordpress-cookie-notice] Cookie Notice & Compliance for GDPR / CCPA Detection
(@ricardomaia) [info]
[wordpress-creame-whatsapp-me] Joinchat Detection (@ricardomaia) [info]
[wordpress-creative-mail-by-constant-contact] Creative Mail – Easier WordPress &
WooCommerce Email Marketing Detection (@ricardomaia) [info]
[wordpress-custom-css-js] Simple Custom CSS and JS Detection (@ricardomaia) [info]
[wordpress-custom-fonts] Custom Fonts – Host Your Fonts Locally Detection
(@ricardomaia) [info]
[wordpress-custom-post-type-ui] Custom Post Type UI Detection (@ricardomaia) [info]
[wordpress-disable-comments] Disable Comments – Remove Comments & Stop Spam [Multi-
Site Support] Detection (@ricardomaia) [info]
[wordpress-disable-gutenberg] Disable Gutenberg Detection (@ricardomaia) [info]
[wordpress-duplicate-page] Duplicate Page Detection (@ricardomaia) [info]
[wordpress-duplicate-post] Yoast Duplicate Post Detection (@ricardomaia) [info]
[wordpress-duplicator] Duplicator – WordPress Migration & Backup Plugin Detection
(@ricardomaia) [info]
[wordpress-duracelltomi-google-tag-manager] GTM4WP Detection (@ricardomaia) [info]
[wordpress-easy-fancybox] Easy FancyBox Detection (@ricardomaia) [info]
[wordpress-easy-google-fonts] Easy Google Fonts Detection (@ricardomaia) [info]
[wordpress-easy-table-of-contents] Easy Table of Contents Detection (@ricardomaia)
[info]
[wordpress-easy-wp-smtp] Easy WP SMTP by SendLayer – WordPress SMTP and Email Log
Plugin Detection (@ricardomaia) [info]
[wordpress-elementor] Elementor Website Builder – More than Just a Page Builder
Detection (@ricardomaia) [info]
[wordpress-elementskit-lite] ElementsKit Elementor addons Detection (@ricardomaia)
[info]
[wordpress-enable-media-replace] Enable Media Replace Detection (@ricardomaia)
[info]
[wordpress-envato-elements] Envato Elements – Photos & Elementor Templates
Detection (@ricardomaia) [info]
[wordpress-essential-addons-for-elementor-lite] Essential Addons for Elementor –
Best Elementor Widgets With Kits, Templates & WooCommerce Builders Detection
(@ricardomaia) [info]
[wordpress-ewww-image-optimizer] EWWW Image Optimizer Detection (@ricardomaia)
[info]
[wordpress-facebook-for-woocommerce] Facebook for WooCommerce Detection
(@ricardomaia) [info]
[wordpress-fast-indexing-api] Instant Indexing for Google Detection (@ricardomaia)
[info]
[wordpress-favicon-by-realfavicongenerator] Favicon by RealFaviconGenerator
Detection (@ricardomaia) [info]
[wordpress-flamingo] Flamingo Detection (@ricardomaia) [info]
[wordpress-fluentform] Contact Form Plugin – Fastest Contact Form Builder Plugin
for WordPress by Fluent Forms Detection (@ricardomaia) [info]
[wordpress-font-awesome] Font Awesome Detection (@ricardomaia) [info]
[wordpress-force-regenerate-thumbnails] Force Regenerate Thumbnails Detection
(@ricardomaia) [info]
[wordpress-formidable] Formidable Forms – Contact Form, Survey, Quiz, Payment,
Calculator Form & Custom Form Builder Detection (@ricardomaia) [info]
[wordpress-forminator] Forminator – Contact Form, Payment Form & Custom Form
Builder Detection (@ricardomaia) [info]
[wordpress-ga-google-analytics] GA Google Analytics – Connect Google Analytics to
WordPress Detection (@ricardomaia) [info]
[wordpress-gdpr-cookie-compliance] GDPR Cookie Compliance (CCPA, DSGVO, Cookie
Consent) Detection (@ricardomaia) [info]
[wordpress-google-analytics-dashboard-for-wp] ExactMetrics – Google Analytics
Dashboard for WordPress (Website Stats Plugin) Detection (@ricardomaia) [info]
[wordpress-google-analytics-for-wordpress] MonsterInsights – Google Analytics
Dashboard for WordPress (Website Stats Made Easy) Detection (@ricardomaia) [info]
[wordpress-google-listings-and-ads] Google Listings & Ads Detection (@ricardomaia)
[info]
[wordpress-google-site-kit] Site Kit by Google – Analytics, Search Console,
AdSense, Speed Detection (@ricardomaia) [info]
[wordpress-google-sitemap-generator] XML Sitemap Generator for Google Detection
(@ricardomaia) [info]
[wordpress-gtranslate] Translate WordPress with GTranslate Detection (@ricardomaia)
[info]
[wordpress-gutenberg] Gutenberg Detection (@ricardomaia) [info]
[wordpress-happy-elementor-addons] Happy Addons for Elementor Detection
(@ricardomaia) [info]
[wordpress-header-and-footer-scripts] Header and Footer Scripts Detection
(@ricardomaia) [info]
[wordpress-header-footer-code-manager] Header Footer Code Manager Detection
(@ricardomaia) [info]
[wordpress-header-footer-elementor] Elementor Header & Footer Builder Detection
(@ricardomaia) [info]
[wordpress-header-footer] Head, Footer and Post Injections Detection (@ricardomaia)
[info]
[wordpress-health-check] Health Check & Troubleshooting Detection (@ricardomaia)
[info]
[wordpress-hello-dolly] Hello Dolly Detection (@ricardomaia) [info]
[wordpress-host-webfonts-local] OMGF | GDPR/DSGVO Compliant, Faster Google Fonts.
Easy. Detection (@ricardomaia) [info]
[wordpress-hostinger] Hostinger Detection (@ricardomaia) [info]
[wordpress-imagify] Imagify – Optimize Images & Convert WebP | Compress Images
Easily Detection (@ricardomaia) [info]
[wordpress-imsanity] Imsanity Detection (@ricardomaia) [info]
[wordpress-insert-headers-and-footers] WPCode – Insert Headers and Footers + Custom
Code Snippets – WordPress Code Manager Detection (@ricardomaia) [info]
[wordpress-instagram-feed] Smash Balloon Social Photo Feed – Best Social Feed
Plugin for WordPress Detection (@ricardomaia) [info]
[wordpress-intuitive-custom-post-order] Intuitive Custom Post Order Detection
(@ricardomaia) [info]
[wordpress-iwp-client] InfiniteWP Client Detection (@ricardomaia) [info]
[wordpress-jetpack-boost] Jetpack Boost – Website Speed, Performance and Critical
CSS Detection (@ricardomaia) [info]
[wordpress-jetpack] Jetpack – WP Security, Backup, Speed, & Growth Detection
(@ricardomaia) [info]
[wordpress-kadence-blocks] Gutenberg Blocks by Kadence Blocks – Page Builder
Features Detection (@ricardomaia) [info]
[wordpress-kirki] Kirki Customizer Framework Detection (@ricardomaia) [info]
[wordpress-leadin] HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics
Detection (@ricardomaia) [info]
[wordpress-limit-login-attempts-reloaded] Limit Login Attempts Reloaded Detection
(@ricardomaia) [info]
[wordpress-limit-login-attempts] Limit Login Attempts Detection (@ricardomaia)
[info]
[wordpress-litespeed-cache] LiteSpeed Cache Detection (@ricardomaia) [info]
[wordpress-loco-translate] Loco Translate Detection (@ricardomaia) [info]
[wordpress-loginizer] Loginizer Detection (@ricardomaia) [info]
[wordpress-loginpress] LoginPress | wp-login Custom Login Page Customizer Detection
(@ricardomaia) [info]
[wordpress-mailchimp-for-woocommerce] Mailchimp for WooCommerce Detection
(@ricardomaia) [info]
[wordpress-mailchimp-for-wp] MC4WP' Mailchimp for WordPress Detection
(@ricardomaia) [info]
[wordpress-mailpoet] MailPoet – Newsletters, Email Marketing, and Automation
Detection (@ricardomaia) [info]
[wordpress-maintenance] Maintenance Detection (@ricardomaia) [info]
[wordpress-mainwp-child] MainWP Child – Securely Connects Sites to the MainWP
WordPress Manager Dashboard Detection (@ricardomaia) [info]
[wordpress-malcare-security] MalCare WordPress Security Plugin – Malware Scanner,
Cleaner, Security Firewall Detection (@ricardomaia) [info]
[wordpress-megamenu] Max Mega Menu Detection (@ricardomaia) [info]
[wordpress-members] Members – Membership & User Role Editor Plugin Detection
(@ricardomaia) [info]
[wordpress-meta-box] Meta Box – WordPress Custom Fields Framework Detection
(@ricardomaia) [info]
[wordpress-metform] Metform Elementor Contact Form Builder Detection (@ricardomaia)
[info]
[wordpress-ml-slider] Slider, Gallery, and Carousel by MetaSlider – Responsive
WordPress Slideshows Detection (@ricardomaia) [info]
[wordpress-newsletter] Newsletter – Send awesome emails from WordPress Detection
(@ricardomaia) [info]
[wordpress-nextend-facebook-connect] Nextend Social Login and Register Detection
(@ricardomaia) [info]
[wordpress-nextgen-gallery] WordPress Gallery Plugin – NextGEN Gallery Detection
(@ricardomaia) [info]
[wordpress-ninja-forms] Ninja Forms Contact Form – The Drag and Drop Form Builder
for WordPress Detection (@ricardomaia) [info]
[wordpress-ocean-extra] Ocean Extra Detection (@ricardomaia) [info]
[wordpress-official-facebook-pixel] Meta pixel for WordPress Detection
(@ricardomaia) [info]
[wordpress-one-click-demo-import] One Click Demo Import Detection (@ricardomaia)
[info]
[wordpress-optinmonster] Popup Builder by OptinMonster – WordPress Popups for
Optins, Email Newsletters and Lead Generation Detection (@ricardomaia) [info]
[wordpress-otter-blocks] Otter Blocks – Gutenberg Blocks, Page Builder for
Gutenberg Editor & FSE Detection (@ricardomaia) [info]
[wordpress-password-protected] Password Protected – Ultimate Plugin to Password
Protect Your WordPress Content with Ease Detection (@ricardomaia) [info]
[wordpress-pdf-embedder] PDF Embedder Detection (@ricardomaia) [info]
[wordpress-photo-gallery] Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Detection (@ricardomaia) [info]
[wordpress-php-compatibility-checker] PHP Compatibility Checker Detection
(@ricardomaia) [info]
[wordpress-pinterest-for-woocommerce] Pinterest for WooCommerce Detection
(@ricardomaia) [info]
[wordpress-pixelyoursite] PixelYourSite – Your smart PIXEL (TAG) Manager Detection
(@ricardomaia) [info]
[wordpress-polylang] Polylang Detection (@ricardomaia) [info]
[wordpress-popup-builder] Popup Builder – Create highly converting, mobile friendly
marketing popups. Detection (@ricardomaia) [info]
[wordpress-popup-maker] Popup Maker – Popup for opt-ins, lead gen, & more Detection
(@ricardomaia) [info]
[wordpress-post-smtp] POST SMTP Mailer – Email log, Delivery Failure Notifications
and Best Mail SMTP for WordPress Detection (@ricardomaia) [info]
[wordpress-post-types-order] Post Types Order Detection (@ricardomaia) [info]
[wordpress-premium-addons-for-elementor] Premium Addons for Elementor Detection
(@ricardomaia) [info]
[wordpress-pretty-link] Pretty Links – Affiliate Links, Link Branding, Link
Tracking & Marketing Plugin Detection (@ricardomaia) [info]
[wordpress-really-simple-captcha] Really Simple CAPTCHA Detection (@ricardomaia)
[info]
[wordpress-really-simple-ssl] Really Simple SSL Detection (@ricardomaia) [info]
[wordpress-redirection] Redirection Detection (@ricardomaia) [info]
[wordpress-redux-framework] Redux Framework Detection (@ricardomaia) [info]
[wordpress-regenerate-thumbnails] Regenerate Thumbnails Detection (@ricardomaia)
[info]
[wordpress-safe-svg] Safe SVG Detection (@ricardomaia) [info]
[wordpress-seo-by-rank-math] Rank Math SEO Detection (@ricardomaia) [info]
[wordpress-sg-cachepress] Speed Optimizer – The All-In-One WordPress Performance-
Boosting Plugin Detection (@ricardomaia) [info]
[wordpress-sg-security] Security Optimizer – The All-In-One WordPress Protection
Plugin Detection (@ricardomaia) [info]
[wordpress-shortcodes-ultimate] WP Shortcodes Plugin — Shortcodes Ultimate
Detection (@ricardomaia) [info]
[wordpress-shortpixel-image-optimiser] ShortPixel Image Optimizer – Optimize
Images, Convert WebP & AVIF Detection (@ricardomaia) [info]
[wordpress-simple-custom-post-order] Simple Custom Post Order Detection
(@ricardomaia) [info]
[wordpress-simple-page-ordering] Simple Page Ordering Detection (@ricardomaia)
[info]
[wordpress-siteguard] SiteGuard WP Plugin Detection (@ricardomaia) [info]
[wordpress-siteorigin-panels] Page Builder by SiteOrigin Detection (@ricardomaia)
[info]
[wordpress-smart-slider-3] Smart Slider 3 Detection (@ricardomaia) [info]
[wordpress-so-widgets-bundle] SiteOrigin Widgets Bundle Detection (@ricardomaia)
[info]
[wordpress-ssl-insecure-content-fixer] SSL Insecure Content Fixer Detection
(@ricardomaia) [info]
[wordpress-stops-core-theme-and-plugin-updates] Easy Updates Manager Detection
(@ricardomaia) [info]
[wordpress-sucuri-scanner] Sucuri Security – Auditing, Malware Scanner and Security
Hardening Detection (@ricardomaia) [info]
[wordpress-svg-support] SVG Support Detection (@ricardomaia) [info]
[wordpress-table-of-contents-plus] Table of Contents Plus Detection (@ricardomaia)
[info]
[wordpress-tablepress] TablePress – Tables in WordPress made easy Detection
(@ricardomaia) [info]
[wordpress-taxonomy-terms-order] Category Order and Taxonomy Terms Order Detection
(@ricardomaia) [info]
[wordpress-templately] Templately – Gutenberg & Elementor Template Library' 5000+
Free & Pro Ready Templates & Cloud! Detection (@ricardomaia) [info]
[wordpress-the-events-calendar] The Events Calendar Detection (@ricardomaia) [info]
[wordpress-themeisle-companion] Orbit Fox by ThemeIsle Detection (@ricardomaia)
[info]
[wordpress-tinymce-advanced] Advanced Editor Tools Detection (@ricardomaia) [info]
[wordpress-translatepress-multilingual] Translate Multilingual sites –
TranslatePress Detection (@ricardomaia) [info]
[wordpress-ultimate-addons-for-gutenberg] Spectra – WordPress Gutenberg Blocks
Detection (@ricardomaia) [info]
[wordpress-under-construction-page] Under Construction Detection (@ricardomaia)
[info]
[wordpress-unyson] Unyson Detection (@ricardomaia) [info]
[wordpress-updraftplus] UpdraftPlus' WordPress Backup & Migration Plugin Detection
(@ricardomaia) [info]
[wordpress-use-any-font] Use Any Font | Custom Font Uploader Detection
(@ricardomaia) [info]
[wordpress-user-role-editor] User Role Editor Detection (@ricardomaia) [info]
[wordpress-velvet-blues-update-urls] Velvet Blues Update URLs Detection
(@ricardomaia) [info]
[wordpress-w3-total-cache] W3 Total Cache Detection (@ricardomaia) [info]
[wordpress-webp-converter-for-media] Converter for Media – Optimize images |
Convert WebP & AVIF Detection (@ricardomaia) [info]
[wordpress-webp-express] WebP Express Detection (@ricardomaia) [info]
[wordpress-widget-importer-exporter] Widget Importer & Exporter Detection
(@ricardomaia) [info]
[wordpress-woo-cart-abandonment-recovery] WooCommerce Cart Abandonment Recovery
Detection (@ricardomaia) [info]
[wordpress-woo-checkout-field-editor-pro] Checkout Field Editor (Checkout Manager)
for WooCommerce Detection (@ricardomaia) [info]
[wordpress-woo-variation-swatches] Variation Swatches for WooCommerce Detection
(@ricardomaia) [info]
[wordpress-woocommerce-gateway-paypal-express-checkout] WooCommerce PayPal Checkout
Payment Gateway Detection (@ricardomaia) [info]
[wordpress-woocommerce-gateway-stripe] WooCommerce Stripe Payment Gateway Detection
(@ricardomaia) [info]
[wordpress-woocommerce-payments] WooPayments – Fully Integrated Solution Built and
Supported by Woo Detection (@ricardomaia) [info]
[wordpress-woocommerce-paypal-payments] WooCommerce PayPal Payments Detection
(@ricardomaia) [info]
[wordpress-woocommerce-pdf-invoices-packing-slips] PDF Invoices & Packing Slips for
WooCommerce Detection (@ricardomaia) [info]
[wordpress-woocommerce-services] WooCommerce Shipping & Tax Detection
(@ricardomaia) [info]
[wordpress-woocommerce] WooCommerce Detection (@ricardomaia) [info]
[wordpress-wordfence] Wordfence Security – Firewall, Malware Scan, and Login
Security Detection (@ricardomaia) [info]
[wordpress-wordpress-importer] WordPress Importer Detection (@ricardomaia) [info]
[wordpress-wordpress-seo] Yoast SEO Detection (@ricardomaia) [info]
[wordpress-woosidebars] WooSidebars Detection (@ricardomaia) [info]
[wordpress-worker] ManageWP Worker Detection (@ricardomaia) [info]
[wordpress-wp-fastest-cache] WP Fastest Cache Detection (@ricardomaia) [info]
[wordpress-wp-file-manager] File Manager Detection (@ricardomaia) [info]
[wordpress-wp-google-maps] WP Go Maps (formerly WP Google Maps) Detection
(@ricardomaia) [info]
[wordpress-wp-mail-smtp] WP Mail SMTP by WPForms – The Most Popular SMTP and Email
Log Plugin Detection (@ricardomaia) [info]
[wordpress-wp-maintenance-mode] LightStart – Maintenance Mode, Coming Soon and
Landing Page Builder Detection (@ricardomaia) [info]
[wordpress-wp-migrate-db] WP Migrate Lite – WordPress Migration Made Easy Detection
(@ricardomaia) [info]
[wordpress-wp-multibyte-patch] WP Multibyte Patch Detection (@ricardomaia) [info]
[wordpress-wp-optimize] WP-Optimize – Cache, Compress images, Minify & Clean
database to boost page speed & performance Detection (@ricardomaia) [info]
[wordpress-wp-pagenavi] WP-PageNavi Detection (@ricardomaia) [info]
[wordpress-wp-reset] WP Reset – Most Advanced WordPress Reset Tool Detection
(@ricardomaia) [info]
[wordpress-wp-reviews-plugin-for-google] Widgets for Google Reviews Detection
(@ricardomaia) [info]
[wordpress-wp-rollback] WP Rollback Detection (@ricardomaia) [info]
[wordpress-wp-seopress] SEOPress – On-site SEO Detection (@ricardomaia) [info]
[wordpress-wp-sitemap-page] WP Sitemap Page Detection (@ricardomaia) [info]
[wordpress-wp-smushit] Smush – Optimize, Compress and Lazy Load Images Detection
(@ricardomaia) [info]
[wordpress-wp-statistics] WP Statistics Detection (@ricardomaia) [info]
[wordpress-wp-super-cache] WP Super Cache Detection (@ricardomaia) [info]
[wordpress-wp-user-avatar] Paid Membership Plugin, Ecommerce, Registration Form,
Login Form, User Profile & Restrict Content – ProfilePress Detection (@ricardomaia)
[info]
[wordpress-wpcf7-recaptcha] ReCaptcha v2 for Contact Form 7 Detection
(@ricardomaia) [info]
[wordpress-wpcf7-redirect] Redirection for Contact Form 7 Detection (@ricardomaia)
[info]
[wordpress-wpforms-lite] Contact Form by WPForms – Drag & Drop Form Builder for
WordPress Detection (@ricardomaia) [info]
[wordpress-wps-hide-login] WPS Hide Login Detection (@ricardomaia) [info]
[wordpress-wpvivid-backuprestore] Migration, Backup, Staging – WPvivid Detection
(@ricardomaia) [info]
[wordpress-yith-woocommerce-compare] YITH WooCommerce Compare Detection
(@ricardomaia) [info]
[wordpress-yith-woocommerce-wishlist] YITH WooCommerce Wishlist Detection
(@ricardomaia) [info]
[wp-bricks-builder-theme] WordPress Bricks Builder Theme Version (@anonymous)
[info]
[workerman-websocket-detect] Workerman Websocket Detection (@geeknik) [info]
[wso2-products-detect] WSO2 Products - Detect (@righettod) [info]
[wuzhicms-detect] Wuzhicms Detected (@pikpikcu) [info]
[xenforo-detect] XenForo Forum Detection (@dhiyaneshdk,@daffainfo) [info]
[xerox-workcentre-detect] Xerox Workcentre Detect (@pussycat0x) [info]
[yapi-detect] YApi Detect (@pikpikcu) [info]
[yeswiki-detect] YesWiki Panel - Detect (@ritikchaddha) [info]
[ymhome-detect] Ymhome-detect (@ffffffff0x) [info]
[yourls-detect] YOURLS - Detection (@lstatro) [info]
[zap-rest-api-detect] ZAP Rest API Server Running (@hahwul) [info]
[zend-server-test-page] Zend Server Test Page (@dhiyaneshdk) [info]
[zerof-webserver-detect] ZEROF Web Server Detect (@princechaddha) [info]
[zimbra-detect] Zimbra Detect (@udinchan) [info]
[zope-detect] Zope Quick Start Detect (@pikpikcu) [info]
[api-1forge] 1Forge API Test (@daffainfo) [info]
[api-abstract-company-enrichment] Abstract Api Company Enrichment Test (@daffainfo)
[info]
[api-abstract-email-validation] Abstract Api Email Validation Test (@daffainfo)
[info]
[api-abstract-exchange-rates] Abstract Api Exchange Rates Test (@daffainfo) [info]
[api-abstract-iban-validation] Abstract Api IBAN Validation Test (@daffainfo)
[info]
[api-abstract-image-processing] Abstract Api Image Processing Test (@daffainfo)
[info]
[api-abstract-ip-geolocation] Abstract Api IP Geolocation Test (@daffainfo) [info]
[api-abstract-phone-validation] Abstract Api Phone Validation Test (@daffainfo)
[info]
[api-abstract-public-holidays] Abstract Api Public Holidays Test (@daffainfo)
[info]
[api-abstract-timezone] Abstract Api Timezone Test (@daffainfo) [info]
[api-abstract-user-avatars] Abstract Api User Avatars Test (@daffainfo) [info]
[api-abstract-vat-validation-rates] Abstract Api VAT Validation Rates Test
(@daffainfo) [info]
[api-abstract-website-scraping] Abstract Api Web Scraping Test (@daffainfo) [info]
[api-abstract-website-screenshot] Abstract Api Website Screenshot Test (@daffainfo)
[info]
[api-abuseipdb] AbuseIPDB API - Test (@daffainfo) [info]
[api-accuweather] AccuWeather API Test (@zzeitlin) [info]
[api-adafruit-io] Adafruit IO API Test (@dwisiswant0) [info]
[api-adoptapet] AdoptAPet API Test (@daffainfo) [info]
[api-airtable] Airtable API Test (@daffainfo) [info]
[api-alchemy] Alchemy API Test (@daffainfo) [info]
[api-alienvault] AlienVault Open Threat Exchange (OTX) API Test (@daffainfo) [info]
[api-amdoren] Amdoren API Test (@daffainfo) [info]
[api-aniapi] AniAPI API Test (@daffainfo) [info]
[api-api2convert] Api2Convert API Test (@daffainfo) [info]
[api-apiflash] ApiFlash API Test (@daffainfo) [info]
[api-apigee-edge] Apigee Edge API Test (@dwisiswant0) [info]
[api-appveyor] AppVeyor API Test (@dwisiswant0) [info]
[api-asana] Asana API Test (@zzeitlin) [info]
[api-bhagavadgita] Bhagavad Gita API Test (@daffainfo) [info]
[api-bible] API.Bible API Test (@daffainfo) [info]
[api-binance] Binance REST API (@geeknik) [info]
[api-binaryedge] BinaryEdge API Test (@0ri2n) [info]
[api-bingmaps] Bing Maps API Test (@zzeitlin) [info]
[api-bitcoinaverage] BitcoinAverage API Test (@daffainfo) [info]
[api-bitly] Bitly API Test (@zzeitlin,@geeknik) [info]
[api-bitquery] Bitquery API Test (@daffainfo) [info]
[api-bitrise] Bitrise API Test (@daffainfo) [info]
[api-blitapp] Blitapp API Test (@daffainfo) [info]
[api-block] block.io API Test (@daffainfo) [info]
[api-blockchain] Blockchain API Test (@daffainfo) [info]
[api-blockfrost] Blockfrost API Test (@daffainfo) [info]
[api-box] Box API Test (@daffainfo) [info]
[api-bravenewcoin] Brave New Coin API Test (@daffainfo) [info]
[api-browshot] Browshot API Test (@daffainfo) [info]
[api-buildkite] Buildkite API Test (@zzeitlin) [info]
[api-buttercms] ButterCMS API Test (@zzeitlin) [info]
[api-c99] C99 API Test (@0ri2n) [info]
[api-calendarific] Calendarific API Test (@daffainfo) [info]
[api-calendly] Calendly API Test (@zzeitlin) [info]
[api-chaos] Chaos API Test (@0ri2n) [info]
[api-charity] Charity Search API Test (@daffainfo) [info]
[api-circleci] CircleCI API Test (@zzeitlin) [info]
[api-clearbit] Clearbit API Test (@daffainfo) [info]
[api-clickup] ClickUp API Test (@daffainfo) [info]
[api-clockify] Clockify API Test (@daffainfo) [info]
[api-cloudconvert] CloudConvert API Test (@daffainfo) [info]
[api-cloudflare] Cloudflare API Test (@ffffffff0x) [info]
[api-codestats] CodeStats API Test (@daffainfo) [info]
[api-coinapi] CoinAPI API Test (@daffainfo) [info]
[api-coinlayer] Coinlayer API Test (@daffainfo) [info]
[api-coinmarketcap] CoinMarketCap API Test (@daffainfo) [info]
[api-coinranking] Coinranking API Test (@daffainfo) [info]
[api-cooperhewitt] Cooper Hewitt API (@daffainfo) [info]
[api-covalent] Covalent API Test (@daffainfo) [info]
[api-craftmypdf] CraftMyPDF API Test (@daffainfo) [info]
[api-currencyfreaks] CurrencyFreaks API Test (@daffainfo) [info]
[api-currencylayer] Currencylayer API Test (@daffainfo) [info]
[api-currencyscoop] CurrencyScoop API Test (@daffainfo) [info]
[api-dbt] dbt Cloud API - Test (@dwisiswant0) [info]
[api-ddownload] ddownload API Test (@daffainfo) [info]
[api-debounce] DeBounce API Test (@0ri2n) [info]
[api-deviantart] DeviantArt API Test (@zzeitlin) [info]
[api-digitalocean] DigitalOcean API Test (@geeknik) [info]
[api-dribbble] Dribbble API Test (@daffainfo) [info]
[api-dropbox] Dropbox API Test (@zzeitlin) [info]
[api-ebird] eBird API Test (@daffainfo) [info]
[api-etherscan] Etherscan API Test (@daffainfo) [info]
[api-europeana] Europeana API Test (@daffainfo) [info]
[api-exchangerateapi] ExchangeRate-API API Test (@daffainfo) [info]
[api-facebook] Facebook API Test (@dwisiswant0) [info]
[api-fastly] Fastly API Test (@adam crosser) [info]
[api-festivo] Festivo API Test (@daffainfo) [info]
[api-flickr] Flickr API Test (@geeknik) [info]
[api-flowdash] Flowdash API Test (@daffainfo) [info]
[api-fontawesome] FontAwesome API Test (@dwisiswant0) [info]
[api-fortitoken-cloud] FortiToken Cloud API Test (@dwisiswant0) [info]
[api-front] Frontapp API (@luqmaan hadia [luqiih](https://github.com/luqiih))
[info]
[api-fullhunt] FullHunt API Test (@0ri2n) [info]
[api-giphy] Giphy API Test (@geeknik) [info]
[api-github] GitHub API Test (@zzeitlin) [info]
[api-gitlab] Gitlab API Test (@adam crosser) [info]
[api-gofile] GoFile API Test (@daffainfo) [info]
[api-google-drive] Google Drive API Test (@geeknik) [info]
[api-gorest] Gorest API Test (@daffainfo) [info]
[api-harvardart] Harvard Art Museums API Test (@daffainfo) [info]
[api-heroku] Heroku API Test (@zzeitlin) [info]
[api-hirak-rates] Hirak Exchange Rates API Test (@daffainfo) [info]
[api-holidayapi] Holiday API Test (@daffainfo) [info]
[api-host-io] host.io API Test (@daffainfo) [info]
[api-html2pdf] Html2PDF API Test (@daffainfo) [info]
[api-hubspot] HubSpot API Test (@zzeitlin) [info]
[api-hunter] Hunter API Test (@daffainfo) [info]
[api-iconfinder] IconFinder API Test (@daffainfo) [info]
[api-improvmx] ImprovMX API Test (@daffainfo) [info]
[api-instagramgraph] Instagram Graph API Test (@zzeitlin) [info]
[api-instatus] Instatus API Test (@daffainfo) [info]
[api-intelx] Intelligence X API Test (@0ri2n) [info]
[api-intercom] Intercom API Test (@dwisiswant0) [info]
[api-ip2whois] IP2WHOIS API Test (@daffainfo) [info]
[api-ipdata] IP Data API Test (@0xpugazh) [info]
[api-ipfind] IPFind API Test (@daffainfo) [info]
[api-ipinfo] IPinfo API Test (@0xpugazh) [info]
[api-ipstack] IPStack API Test (@zzeitlin) [info]
[api-iterable] Iterable API Test (@zzeitlin) [info]
[api-iucn] IUCN API Test (@daffainfo) [info]
[api-jsonbin] JSONBin API Test (@daffainfo) [info]
[api-jumpcloud] JumpCloud API Test (@zzeitlin) [info]
[api-launchdarkly] LaunchDarkly REST API (@luqmaan hadia) [info]
[api-leanix] LeanIX API Test (@dwisiswant0) [info]
[api-linkedin] LinkedIn API Test (@dwisiswant0) [info]
[api-lob] Lob API Test (@daffainfo) [info]
[api-lokalise] Lokalise API Test (@zzeitlin) [info]
[api-loqate] Loqate API Test (@zzeitlin) [info]
[api-mac-address-lookup] MAC Address Lookup API Test (@daffainfo) [info]
[api-mailboxvalidator] MailboxValidator API Test (@daffainfo) [info]
[api-mailchimp] Mailchimp API Test (@zzeitlin) [info]
[api-mailgun] Mailgun API Test (@zzeitlin) [info]
[api-malshare] MalShare API Test (@daffainfo) [info]
[api-malwarebazaar] MalwareBazaar API Test (@daffainfo) [info]
[api-mapbox] Mapbox API Test (@zzeitlin) [info]
[api-micro-user-service] Micro User Service API Test (@daffainfo) [info]
[api-mojoauth] MojoAuth API Test (@daffainfo) [info]
[api-monday] Monday API Test (@daffainfo) [info]
[api-moonpay] MoonPay API Test (@0ri2n) [info]
[api-myanimelist] MyAnimeList API Test (@daffainfo) [info]
[api-mywot] My Web of Trust API (@daffainfo) [info]
[api-nerdgraph] New Relic NerdGraph API Test (@zzeitlin) [info]
[api-netlify] Netlify API Test (@dwisiswant0) [info]
[api-networksdb] NetworksDB API Test (@0xpugazh) [info]
[api-newrelic] New Relic Rest API (@0xpugazh) [info]
[api-notolytix] Notolytix API Test (@0xpugazh) [info]
[api-nownodes] Nownodes API Test (@daffainfo) [info]
[api-npm] NPM API Test (@zzeitlin) [info]
[api-nytimes] NYTimes API Test (@daffainfo) [info]
[api-onelogin] OneLogin API Test (@dwisiswant0) [info]
[api-onyphe] Onyphe API Test (@0xpugazh) [info]
[api-open-page-rank] Open Page Rank API Test (@daffainfo) [info]
[api-openai] OpenAI API Test (@geeknik) [info]
[api-opengraphr] OpenGraphr API Test (@daffainfo) [info]
[api-openweather] OpenWeather API Test (@zzeitlin) [info]
[api-opsgenie] OpsGenie API Test (@0xpugazh) [info]
[api-optimizely] Optimizely API Test (@dwisiswant0) [info]
[api-orbintelligence] ORB Intelligence API Test (@daffainfo) [info]
[api-pagecdn] PageCDN API Test (@daffainfo) [info]
[api-pagerduty] Pagerduty API Test (@zzeitlin) [info]
[api-particle] Particle Cloud API Test (@dwisiswant0) [info]
[api-pastebin] Pastebin API Test (@daffainfo) [info]
[api-paypal] PayPal API Test (@dwisiswant0) [info]
[api-pdflayer] pdflayer API Test (@daffainfo) [info]
[api-pendo] Pendo API Test (@zzeitlin) [info]
[api-petfinder] Petfinder API Test (@daffainfo) [info]
[api-pinata] Pinata API Test (@daffainfo) [info]
[api-pivotaltracker] PivotalTracker API Test (@zzeitlin) [info]
[api-postmark] PostMark API Test (@zzeitlin) [info]
[api-prexview] PrexView API Test (@daffainfo) [info]
[api-proxycrawl] ProxyCrawl API Test (@daffainfo) [info]
[api-proxykingdom] ProxyKingdom API Test (@daffainfo) [info]
[api-quip] Quip API Test (@daffainfo) [info]
[api-rijksmuseum] Rijksmuseum API Test (@daffainfo) [info]
[api-savepage] SavePage API Test (@daffainfo) [info]
[api-scanii] Scanii API Test (@daffainfo) [info]
[api-scraperapi] ScraperAPI API Test (@daffainfo) [info]
[api-scraperbox] ScraperBox API Test (@daffainfo) [info]
[api-scrapestack] Scrapestack API Test (@daffainfo) [info]
[api-scrapingant] ScrapingAnt API Test (@daffainfo) [info]
[api-scrapingdog] ScrapingDog API Test (@daffainfo) [info]
[api-screenshotapi] ScreenshotAPI API Test (@daffainfo,@geeknik) [info]
[api-securitytrails] SecurityTrails API Test (@0ri2n) [info]
[api-segment] Segment API Test (@geeknik) [info]
[api-sendgrid] Sendgrid API Test (@zzeitlin) [info]
[api-sentry] Sentry API Test (@0ri2n) [info]
[api-serpstack] serpstack API Test (@daffainfo) [info]
[api-shodan] Shodan API Test (@0ri2n) [info]
[api-slack] Slack API Test (@zzeitlin) [info]
[api-smartsheet] Smartsheet API Test (@daffainfo) [info]
[api-sonarcloud] SonarCloud API Test (@zzeitlin) [info]
[api-spotify] Spotify API Test (@zzeitlin) [info]
[api-square] Square API Test (@zzeitlin) [info]
[api-sslmate] SSLMate API Test (@0ri2n) [info]
[api-strava] Strava API Test (@dwisiswant0) [info]
[api-stripe] Stripe API Test (@zzeitlin) [info]
[api-stytch] Stytch API Test (@daffainfo) [info]
[api-supportivekoala] Supportivekoala API Test (@daffainfo) [info]
[api-taiga] Taiga API Test (@dwisiswant0) [info]
[api-tatum] Tatum API Test (@0ri2n) [info]
[api-thecatapi] TheCatApi API Test (@daffainfo) [info]
[api-thedogapi] TheDogApi API Test (@daffainfo) [info]
[api-ticketmaster] Ticket Master API Test (@0xpugazh) [info]
[api-tink] Tink API Test (@dwisiswant0) [info]
[api-tinypng] TinyPNG API Test (@zzeitlin) [info]
[api-todoist] Todoist API Test (@daffainfo) [info]
[api-travisci] Travis CI API Test (@zzeitlin) [info]
[api-trello] Trello API Test (@daffainfo) [info]
[api-twitter] Twitter API Test (@zzeitlin) [info]
[api-urlscan] URLScan API Test (@daffainfo) [info]
[api-userstack] User Stack API Test (@0xpugazh) [info]
[api-vercel] Vercel - API Detection (@dwisiswant0) [info]
[api-virustotal] VirusTotal API Test (@daffainfo) [info]
[api-visualstudio] Visual Studio API Test (@zzeitlin) [info]
[api-wakatime] WakaTime CI API Test (@zzeitlin) [info]
[api-web3storage] Web3 Storage API Test (@daffainfo) [info]
[api-webex] Cisco Webex API Test (@dwisiswant0) [info]
[api-weglot] WeGlot API Test (@zzeitlin) [info]
[api-wordcloud] Word Cloud API Test (@daffainfo) [info]
[api-wordnik] Wordnik API Test (@daffainfo) [info]
[api-youtube] YouTube API Test (@zzeitlin) [info]
[api-zenrows] ZenRows API Test (@daffainfo) [info]
[api-zerobounce] Zerobounce API Test (@0xpugazh) [info]
[api-zoomeye] ZoomEye API Test (@0ri2n) [info]
[api-googleautocomplete] Google Autocomplete API Test (@zzeitlin) [info]
[api-googlebooks] Google Books API Test (@daffainfo) [info]
[api-googlecustomsearch] Google Custom Search API Test (@zzeitlin) [info]
[api-googledirections] Google Directions API Test (@zzeitlin) [info]
[api-googleelevation] Google Elevation API Test (@zzeitlin) [info]
[api-googlefcm] Google FCM API Test (@zzeitlin) [info]
[api-googlefindplacefromtext] Google Find Place From Text API Test (@zzeitlin)
[info]
[api-googledistancematrix] Google Distance Matrix API Test (@zzeitlin) [info]
[api-googlegeocode] Google Geocode API Test (@zzeitlin) [info]
[api-googlegeolocation] Google Geolocation API Test (@zzeitlin) [info]
[api-googlemapsembed] Google Maps Embed API Test (@zzeitlin) [info]
[api-googlemapsembedadvanced] Google Maps Embed (Advanced) API Test (@zzeitlin)
[info]
[api-googlenearbysearch] Google Nearby Search API Test (@zzeitlin) [info]
[api-googlenearestroads] Google Nearest Roads API Test (@zzeitlin) [info]
[api-google-place-details] Google Place Details API Test (@zzeitlin) [info]
[api-googleplacesphoto] Google Places Photo API Test (@zzeitlin) [info]
[api-googleplayablelocations] Google Playable Locations API Test (@zzeitlin) [info]
[api-googleroutetotraveled] Google Route to Traveled API Test (@zzeitlin) [info]
[api-safebrowsing] Google Safe Browsing API Test (@daffainfo) [info]
[api-googlespeedlimit] Google Speed Limit API Test (@zzeitlin) [info]
[api-googlestaticmaps] Google Static Maps API Test (@zzeitlin) [info]
[api-googlestreetview] Google Static Streetview API Test (@zzeitlin) [info]
[api-googletextsearchplaces] Google Places Text Search API Test (@zzeitlin) [info]
[api-googletimezone] Google Timezone API Test (@zzeitlin) [info]
[74cms-weixin-sqli] 74CMS weixin.php - SQL Injection (@sleepingbag945) [high]
[amazon-ec2-ssrf] Amazon EC2 - Server-side request forgery (SSRF) (@dhiyaneshdk)
[critical]
[apache-flink-unauth-rce] Apache Flink - Remote Code Execution (@pikpikcu)
[critical]
[apache-nifi-rce] Apache NiFi - Remote Code Execution (@arliya) [critical]
[apache-ofbiz-log4j-rce] Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)
(@pdteam) [critical]
[apache-solr-file-read] Apache Solr <=8.8.1 - Local File Inclusion
(@dhiyaneshdk,@philippedelteil) [high]
[apache-solr-log4j-rce] Apache Solr 7+ - Remote Code Execution (Apache Log4j)
(@evan rubinstein,@nvn1729,@j4vaovo) [critical]
[apache-solr-rce] Apache Solr 9.1 - Remote Code Execution (@j4vaovo) [critical]
[jamf-pro-log4j-rce] JamF Pro - Remote Code Execution (Apache Log4j)
(@dhiyaneshdk,@pdteam) [critical]
[shiro-deserialization-detection] Shiro <= 1.2.4 Deserialization Detection
(@hotpot,@j4vaovo) [unknown]
[avaya-aura-rce] Avaya Aura Utility Services Administration - Remote Code Execution
(@dhiyaneshdk) [critical]
[avaya-aura-xss] Avaya Aura Utility Services Administration - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[avtech-auth-bypass] AVTECH Video Surveillance Product - Authentication Bypass
(@ritikchaddha) [high]
[avtech-dvr-ssrf] AVTECH DVR - SSRF (@ritikchaddha) [medium]
[avtech-unauth-file-download] AVTECH Video Surveillance Product - Unauthenticated
File Download (@ritikchaddha) [high]
[avtech-verification-bypass] AVTECH DVR - Login Verification Code Bypass
(@ritikchaddha) [low]
[antsword-backdoor] AntSword Backdoor Detection (@ffffffff0x) [critical]
[cisco-implant-detect] Cisco IOS XE - Impant Detection (@dhiyaneshdk,@rxerium)
[critical]
[fatpipe-backdoor] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Authorization Bypass
(@gy741) [high]
[jexboss-backdoor] JexBoss - Remote Code Execution (@unkl4b) [critical]
[kevinlab-bems-backdoor] KevinLAB BEMS (Building Energy Management System) -
Backdoor Detection (@gy741) [critical]
[kevinlab-hems-backdoor] KevinLAB HEMS - Backdoor Detection (@gy741) [critical]
[maccmsv10-backdoor] Maccmsv10 - Backdoor Remote Code Execution (@princechaddha)
[critical]
[php-zerodium-backdoor-rce] PHP 8.1.0-dev - Backdoor Remote Code Execution
(@dhiyaneshdk) [critical]
[bsphp-info] BSPHP - Information Disclosure (@ritikchaddha) [low]
[chanjet-tplus-rce] Chanjet TPlus GetStoreWarehouseByStore - Remote Command
Execution (@sleepingbag945) [critical]
[chanjet-tplus-unauth-passreset] Chanjet Tplus - Unauthorized Password Reset
(@0xr2r) [high]
[cisco-broadworks-log4j-rce] Cisco BroadWorks - Remote Code Execution (Apache
Log4j) (@shaikhyaser) [critical]
[cisco-cloudcenter-suite-log4j-rce] Cisco CloudCenter Suite (Log4j) - Remote Code
Execution (@pwnhxl) [critical]
[cisco-unified-communications-log4j] Cisco Unified Communications - Remote Code
Execution (Apache Log4j) (@dhiyaneshdk) [critical]
[cisco-vmanage-log4j] Cisco vManage (Log4j) - Remote Code Execution (@dhiyaneshdk)
[critical]
[cisco-webex-log4j-rce] Cisco WebEx - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[cucm-username-enumeration] Cisco Unified Call Manager Username Enumeration
(@manasmbellani) [medium]
[citrix-oob-memory-read] Citrix Netscaler ADC & Gateway v13.1-50.23 - Out-Of-Bounds
Memory Read (@ice3man) [critical]
[code42-log4j-rce] Apache Code42 - Remote Code Execution (Apache Log4j) (@adam
crosser) [critical]
[concrete-xss] Concrete CMS <8.5.2 - Cross-Site Scripting
(@shifacyclewla,@hackergautam,@djoevanka) [high]
[confluence-ssrf-sharelinks] Atlassian Confluence < 5.8.6 Server-Side Request
Forgery (@techbrunchfr) [medium]
[copyparty-xss] Copyparty v1.8.6 - Cross-Site Scripting (@theamanrawat) [medium]
[dahua-bitmap-fileupload] Dahua Bitmap - File Upload Remote Code Execution
(@dhiyaneshdk) [critical]
[dahua-eims-rce] Dahua EIMS - Remote Command Execution (@dhiyaneshdk) [critical]
[dahua-icc-backdoor-user] Dahua Intelligent IoT - Information Disclosure
(@dhiyaneshdk) [high]
[dahua-wpms-lfi] Dahua Smart Park Management Platform - Arbitary File Read
(@dhiyaneshdk) [high]
[dahua-wpms-rce] Dahua Smart Park Integrated Management Platform - Remote Command
Execution (@dhiyaneshdk) [critical]
[dbgate-unauth-rce] DbGate Web Client - Unauthenticated Remote Command Execution
(@h0j3n) [critical]
[dedecms-carbuyaction-fileinclude] DedeCmsV5.6 Carbuyaction Fileinclude (@pikpikcu)
[high]
[dedecms-config-xss] DedeCMS 5.7 - Cross-Site Scripting (@ritikchaddha) [high]
[dedecms-membergroup-sqli] Dede CMS - SQL Injection (@pikpikcu) [critical]
[dedecms-openredirect] DedeCMS - Open Redirect (@pikpikcu) [medium]
[dedecms-rce] DedeCMS 5.8.1-beta - Remote Code Execution (@ritikchaddha) [critical]
[deos-open500ems-panel] DEOS OPEN 500EMS Controller - Admin Exposure (@sullo)
[high]
[discuz-api-pathinfo] Discuz! X2.5 - Path Disclosure (@ritikchaddha) [low]
[dlink-netgear-xss] Dlink DSR-250 and Netgear Prosafe - Cross-Site Scripting
(@gtrrnr,@vulnspace) [medium]
[drupal-avatar-xss] Drupal Avatar Uploader - Cross-Site Scripting (@bywalks) [high]
[node-ecstatic-internal-path] Node ecstatic Internal Path - Exposure (@dhiyaneshdk)
[low]
[node-ecstatic-listing] Node ecstatic Directory Listing (@dhiyaneshdk) [low]
[esafenet-mysql-fileread] Esafenet CDG mysql - File Read (@dhiyaneshdk) [high]
[fastjson-1-2-24-rce] Fastjson 1.2.24 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-41-rce] Fastjson 1.2.41 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-42-rce] Fastjson 1.2.42 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-43-rce] Fastjson 1.2.43 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-47-rce] Fastjson 1.2.47 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-62-rce] Fastjson 1.2.62 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-67-rce] Fastjson 1.2.67 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-68-rce] Fastjson 1.2.68 - Remote Code Execution (@zh) [critical]
[fine-report-v9-file-upload] FineReport v9 Arbitrary File Overwrite
(@sleepingbag945) [critical]
[finereport-path-traversal] FineReport 8.0 - Local File Inclusion (@pikpikcu)
[high]
[froxlor-xss] Froxlor Server Management - Cross-Site Scripting (@tess) [medium]
[basic-xss-prober] Basic XSS Prober - Cross-Site Scripting (@nadino,@geeknik) [low]
[cache-poisoning-xss] Cache Poisoning - Stored XSS (@melbadry9,@xelkomy,@akincibor)
[high]
[cache-poisoning] Cache Poisoning Detection
(@melbadry9,@xelkomy,@akincibor,@dogasantos) [low]
[cors-misconfig] CORS Misconfiguration
(@nadino,@g4l1t0,@convisoappsec,@pdteam,@breno_css,@nodauf) [info]
[crlf-injection-generic] CRLF - Injection Detection (@melbadry9,@nadino,@xelkomy)
[low]
[error-based-sql-injection] Error based SQL injection (@geeknik) [critical]
[generic-blind-xxe] Generic Blind XXE (@geeknik) [high]
[generic-env] Generic Env File Disclosure (@kazet) [high]
[generic-j2ee-lfi] Generic J2EE LFI Scan Panel - Detect (@davidfegyver) [high]
[generic-linux-lfi] Generic Linux - Local File Inclusion
(@geeknik,@unstabl3,@pentest_swissky,@sushantkamble,@0xsmiley,@dhiyaneshdk) [high]
[generic-windows-lfi] Windows - Local File Inclusion
(@mesaglio,@sushantkamble,@ritikchaddha) [high]
[host-header-injection] Host Header Injection (@princechaddha) [info]
[oob-header-based-interaction] Header Based Generic OOB Interaction (@pdteam)
[info]
[oob-param-based-interaction] Parameter Based Generic OOB Interaction (@pdteam)
[info]
[open-redirect-generic] Open Redirect - Detection
(@afaq,@melbadry9,@elmahdi,@pxmme1337,@regala_,@andirrahmani1,@geeknik) [medium]
[request-based-interaction] OOB Request Based Interaction (@pdteam) [info]
[top-xss-params] Top 38 Parameters - Cross-Site Scripting (@foulenzer,@geeknik)
[high]
[xmlrpc-pingback-ssrf] XMLRPC Pingback SSRF (@geeknik) [high]
[xss-fuzz] Fuzzing Parameters - Cross-Site Scripting (@kazet) [medium]
[gitea-rce] Gitea 1.4.0 - Remote Code Execution (@theamanrawat) [critical]
[gitlab-rce] GitLab CE/EE Unauthenticated RCE Using ExifTool (@pdteam) [critical]
[gnuboard-sms-xss] Gnuboard CMS - Cross-Site Scripting (@gy741) [medium]
[gnuboard5-rxss] Gnuboard 5 - Cross-Site Scripting (@arafatansari) [medium]
[gnuboard5-xss] Gnuboard 5 - Cross-Site Scripting (@arafatansari) [medium]
[grafana-file-read] Grafana 8.x - Local File Inclusion
(@z0ne,@dhiyaneshdk,@jeya.seelan,@dwisiswant0,@j4vaovo) [high]
[hikvision-fastjson-rce] HIKVISION applyCT Fastjson - Remote Command Execution
(@sleepingbag945) [critical]
[hikvision-ivms-file-upload-bypass] Hikvison iVMS - File Upload Bypass
(@sleepingbag945) [critical]
[hikvision-ivms-file-upload-rce] Hikvision iVMS-8700 - File Upload Remote Code
Execution (@brucelsone) [critical]
[hikvision-js-files-upload] Hikvision iSecure Center - File Upload (@xc1ym)
[critical]
[httpbin-open-redirect] HTTPBin - Open Redirect (@adam crosser) [medium]
[httpbin-xss] HTTPBin - Cross-Site Scripting (@adam crosser) [high]
[huatian-oa-sqli] Huatian Power OA 8000 - SQL Injection (@ritikchaddha) [high]
[huawei-authhttp-lfi] Huawei Auth Http Server - Arbitrary File Read (@dhiyaneshdk)
[high]
[huawei-firewall-lfi] Huawei Firewall - Local File Inclusion (@taielab) [high]
[huawei-hg255s-lfi] Huawei HG255s - Local File Inclusion (@0x_akoko) [high]
[eclipse-help-system-xss] IBM Eclipse Help System - Cross-Site Scripting
(@pikpikcu) [high]
[ibm-infoprint-lfi] IBM InfoPrint 4247-Z03 Impact Matrix Printer - Local File
Inclusion (@harshbothra_) [high]
[idocview-2word-fileupload] IDoc View /html/2word - Arbitrary File Upload
(@dhiyaneshdk) [high]
[idocview-lfi] IDoc View - Arbitrary File Read (@dhiyaneshdk) [high]
[liferay-resource-leak] Liferay - Local File Inclusion (@dhiyaneshdk) [high]
[jamf-blind-xxe] JAMF Blind XXE / SSRF (@pdteam) [medium]
[jamf-log4j-jndi-rce] JamF (Log4j) - Remote Code Execution (@pdteam) [critical]
[jenkins-async-people] Jenkins panel async-people (@nadino) [info]
[jenkins-script] Jenkins - Remote Code Execution (@philippedelteil,@dhiyaneshdk)
[critical]
[jenkins-stack-trace] Detect Jenkins in Debug Mode with Stack Traces Enabled
(@dheerajmadhukar) [low]
[unauthenticated-jenkins] Jenkins Dashboard - Unauthenticated Access (@dhiyaneshdk)
[high]
[jinhe-jc6-sqli] Jinhe OA - SQL Injection (@ky9oss) [high]
[jinhe-oa-c6-lfi] Jinhe OA C6 download.jsp - Arbitary File Read (@sleepingbag945)
[high]
[jira-servicedesk-signup] Atlassian Jira Service Desk Signup (@techbrunchfr)
[medium]
[jira-unauthenticated-adminprojects] Jira Unauthenticated Admin Projects (@tess)
[info]
[jira-unauthenticated-dashboards] Jira Unauthenticated Dashboards (@techbrunchfr)
[info]
[jira-unauthenticated-installed-gadgets] Jira Unauthenticated Installed gadgets
(@philippedelteil) [info]
[jira-unauthenticated-projectcategories] Jira Unauthenticated Project Categories
(@tess) [info]
[jira-unauthenticated-projects] Jira Unauthenticated Projects (@techbrunchfr)
[info]
[jira-unauthenticated-resolutions] Jira Unauthenticated Resolutions (@tess) [info]
[jira-unauthenticated-screens] Jira Unauthenticated Access to screens (@tess)
[info]
[jira-unauthenticated-user-picker] Jira Unauthenticated User Picker (@techbrunchfr)
[info]
[jolokia-heap-info-disclosure] Jolokia Java Heap Information Disclosure (@milo2012)
[info]
[joomla-com-booking-component] Joomla! com_booking component 2.4.9 - Information
Leak (@r3y3r53) [high]
[joomla-department-sqli] Joomla `departments` - SQL Injection (@ritikchaddha)
[high]
[joomla-easyshop-lfi] Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
(@ritikchaddha) [high]
[joomla-iproperty-xss] Joomla iProperty Real Estate 4.1.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-joombri-careers-xss] Joomla JoomBri Careers 3.3.0 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-jvehicles-lfi] Joomla! Component com_sef - Local File Inclusion
(@daffainfo) [high]
[joomla-jvtwitter-xss] Joomla JVTwitter - Cross-Site Scripting (@r3y3r53) [medium]
[joomla-marvikshop-sqli] Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
(@r3y3r53) [high]
[joomla-marvikshop-xss] Joomla MarvikShop ShoppingCart 3.4 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-solidres-xss] Joomla Solidres 2.13.3 - Cross-Site Scripting (@r3y3r53)
[medium]
[rusty-joomla] Joomla! CMS <=3.4.6 - Remote Code Execution (@leovalcante,@kiks7)
[critical]
[jorani-benjamin-xss] Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting
(@ritikchaddha) [medium]
[junos-xss] JunOS - Cross-Site Scripting (@dhiyaneshdk) [medium]
[jupyter-notebook-rce] Jupyter Notebook - Remote Command Execution (@huta0) [high]
[kkfileview-ssrf] kkFileView 4.0.0 - Server-Side Request Forgery (@arm!tage) [high]
[landray-eis-sqli] Landray EIS - SQL Injection (@dhiyaneshdk) [high]
[landray-eis-ws-infoleak] Landray EIS WS_getAllInfos - Information Disclosure
(@fur1na) [high]
[landray-oa-sysSearchMain-editParam-rce] Landray-OA - Remote code Execution
(@sleepingbag945) [critical]
[landray-oa-treexml-rce] Landray OA Treexml.tmpl - Remote Code Execution
(@tangxiaofeng7,@sleepingbag945) [high]
[laravel-ignition-xss] Laravel Ignition - Cross-Site Scripting (@0x_akoko) [high]
[linkerd-service-detect] Linkerd Service detection (@dudez) [info]
[lucee-rce] Lucee < 6.0.1.59 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[magento-2-exposed-api] Exposed Magento 2 API (@techbrunchfr) [info]
[magento-cacheleak] Magento Cacheleak (@techbrunchfr) [high]
[magento-unprotected-dev-files] Magento Unprotected development files
(@techbrunchfr) [high]
[metersphere-plugin-rce] MeterSphere - Remote Code Execution
(@pdteam,@y4er,@pdresearch,@rootxharsh,@iamnoooob) [critical]
[office-webapps-ssrf] Office Web Apps Server Full Read - Server Side Request
Forgery (@dhiyaneshdk) [high]
[mobileiron-log4j-jndi-rce] Ivanti MobileIron (Log4j) - Remote Code Execution
(@meme-lord) [critical]
[moodle-filter-jmol-lfi] Moodle Jmol Filter 6.1 - Local File Inclusion (@madrobot)
[high]
[moodle-filter-jmol-xss] Moodle Jsmol - Cross-Site Scripting (@madrobot) [medium]
[moodle-xss] Moodle - Cross-Site Scripting (@hackergautam) [medium]
[netmizer-cmd-rce] NetMizer LogManagement System cmd.php - Remote Code Execution
(@dhiyaneshdk) [critical]
[netmizer-data-listing] NetMizer LogManagement System Data - Directory Exposure
(@dhiyaneshdk) [high]
[netsweeper-open-redirect] Netsweeper 4.0.9 - Open Redirect (@daffainfo) [medium]
[netsweeper-rxss] Netsweeper 4.0.9 - Cross-Site Scripting (@daffainfo) [high]
[nps-auth-bypass] NPS - Authentication Bypass (@sleepingbag945) [high]
[nuxt-js-lfi] Arbitrary File Read in Dev Mode - Nuxt.js (@dhiyaneshdk) [high]
[nuxt-js-semi-lfi] Semi Arbitrary File Read in Dev Mode - Nuxt.js (@dhiyaneshdk)
[medium]
[nuxt-js-xss] Error Page XSS - Nuxt.js (@dhiyaneshdk) [medium]
[opencpu-rce] OpenCPU - Remote Code Execution (@wa1tf0rme) [critical]
[oracle-ebs-bispgrapgh-file-read] Oracle eBusiness Suite - Improper File Access
(@emenalf,@tirtha_mandal,@thomas_from_offensity) [critical]
[oracle-siebel-xss] Oracle Siebel Loyalty 8.1 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[oscommerce-rce] osCommerce 2.3.4.1 - Remote Code Execution (@suman_kar) [high]
[3cx-management-console] 3CX Management Console - Local File Inclusion (@random-
robbie) [high]
[74cms-sqli] 74cms Sql Injection (@princechaddha) [critical]
[WSO2-2019-0598] WSO2 <5.8.0 - Server Side Request Forgery (@amnotacat) [medium]
[accent-microcomputers-lfi] Accent Microcomputers LFI (@0x_akoko) [high]
[acme-xss] Let's Encrypt - Cross-Site Scripting (@pdteam) [high]
[acti-video-lfi] ACTi-Video Monitoring - Local File Inclusion (@dhiyaneshdk) [high]
[aerocms-sqli] AeroCMS 0.0.1 - SQL Injection (@shivampand3y) [critical]
[aic-intelligent-password-exposure] AIC Intelligent Campus System - Password
Exposure (@sleepingbag945) [medium]
[alibaba-anyproxy-lfi] Alibaba Anyproxy fetchBody File - Path Traversal
(@dhiyaneshdk) [high]
[alumni-management-sqli] Alumni Management System 1.0 - SQL Injection
(@arafatansari) [critical]
[apache-druid-log4j] Apache Druid - Remote Code Execution (Apache Log4j)
(@sleepingbag945) [critical]
[applezeed-sqli] Applezeed - SQL Injection (@r3y3r53) [high]
[aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure
(@securityforeveryone) [high]
[array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x)
[high]
[asanhamayesh-lfi] Asanhamayesh CMS 3.4.6 - Local File Inclusion (@0x_akoko) [high]
[aspcms-commentlist-sqli] AspCMS commentList.asp - SQL Injection (@sleepingbag945)
[high]
[aspnuke-openredirect] ASP-Nuke - Open Redirect (@pdteam) [medium]
[avada-xss] WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
(@akincibor) [high]
[avcon6-execl-lfi] AVCON6 org_execl_download.action - Arbitrary File Download
(@dhiyaneshdk) [high]
[avcon6-lfi] AVCON6 - Arbitrary File Download (@dhiyaneshdk) [high]
[bems-api-lfi] Longjing Technology BEMS API 1.21 - Local File Inclusion (@gy741)
[high]
[beward-ipcamera-disclosure] BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary
File Disclosure (@geeknik) [high]
[beyond-trust-xss] BeyondTrust Remote Support 6.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[bitrix-open-redirect] Bitrix Site Management Russia 2.0 - Open Redirect
(@pikpikcu,@gtrrnr) [medium]
[blue-ocean-excellence-lfi] Blue Ocean Excellence - Local File Inclusion
(@pikpikcu) [high]
[brightsign-dsdws-ssrf] BrightSign Digital Signage Diagnostic Web Server 8.2.26
Unauthenticated - SSRF (@0x_akoko) [medium]
[bullwark-momentum-lfi] Bullwark Momentum Series JAWS 1.0 - Local File Inclusion
(@pikpikcu) [high]
[cacti-weathermap-file-write] Cacti Weathermap File Write (@pikpikcu) [medium]
[caimore-gateway-rce] CAIMORE Gateway - Remote Code Execution (@momika233) [high]
[carel-bacnet-gateway-traversal] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local
File Inclusion (@gy741) [high]
[carrental-xss] Car Rental Management System 1.0 - Cross-Site Scripting
(@arafatansari) [medium]
[castel-digital-sqli] Castel Digital - Authentication Bypass (@kazgangap) [high]
[caucho-resin-info-disclosure] Caucho Resin - Information Disclosure (@pikpikcu)
[info]
[cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
[chamilo-lms-sqli] Chamilo 1.11.14 - SQL Injection (@undefl0w) [critical]
[chamilo-lms-xss] Chamilo LMS 1.11.14 Cross-Site Scripting (@geeknik) [high]
[citrix-xenapp-log4j-rce] Citrix XenApp - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[ckan-dom-based-xss] CKAN - DOM Cross-Site Scripting (@dhiyaneshdk) [high]
[clodop-printer-lfi] C-Lodop Printer - Arbitrary File Read (@dhiyaneshdk) [high]
[cloud-oa-system-sqli] Cloud OA System - SQL Injection (@sleepingbag945) [high]
[cmseasy-crossall-sqli] CmsEasy crossall_act - SQL Injection (@sleepingbag945)
[high]
[coldfusion-debug-xss] Adobe ColdFusion - Cross-Site Scripting (@dhiyaneshdk)
[high]
[comai-ras-cookie-bypass] Comai RAS System Cookie - Authentication Override
(@sleepingbag945) [high]
[commax-biometric-auth-bypass] COMMAX Biometric Access Control System 1.0.0 -
Authentication Bypass (@gy741) [critical]
[commax-credentials-disclosure] COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP
Credentials Disclosure (@gy741) [critical]
[comtrend-password-exposure] Comtrend ADSL - Remote Code Execution (@geeknik)
[high]
[core-chuangtian-cloud-rce] Core Chuangtian Cloud Desktop System - Remote Code
Execution (@pikpikcu) [critical]
[couchdb-adminparty] CouchDB Admin Default - Detect (@organiccrap) [high]
[crawlab-lfi] Crawlab - Arbitrary File Read (@pussycat0x) [high]
[crystal-live-server-lfi] Crystal Live HTTP Server 6.01 - Local File Inclusion
(@0x_akoko) [high]
[cs-cart-unauthenticated-lfi] CS-Cart - Local File Inclusion (@0x_akoko) [high]
[csz-cms-sqli] CSZ CMS 1.3.0 - SQL Injection (@r3y3r53) [high]
[cvms-sqli] Company Visitor Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[dicoogle-pacs-lfi] Dicoogle PACS 2.5.0 - Local File Inclusion (@0x_akoko) [high]
[digital-ocean-ssrf] Digital Ocean - Server-side request forgery (SSRF)
(@dhiyaneshdk) [critical]
[digitalrebar-traversal] Digital Rebar - Local File Inclusion (@c-sh0) [high]
[discourse-xss] Discourse - Cross-Site Scripting (@madrobot) [high]
[dixell-xweb500-filewrite] Emerson Dixell XWEB-500 - Arbitrary File Write
(@hackerarpan) [critical]
[dlink-850L-info-leak] Dlink Dir-850L Info Leak (@pikpikcu) [info]
[doorgets-info-disclosure] DoorGets CMS v7.0 - Information Disclosure (@r3y3r53)
[high]
[dotnetcms-sqli] Dotnet CMS - SQL Injection (@ritikchaddha) [critical]
[dss-download-fileread] DSS Download - Local File Inclusion (@ritikchaddha) [high]
[duomicms-sql-injection] Duomi CMS - SQL Injection (@pikpikcu) [critical]
[dzzoffice-xss] Dzzoffice 2.02.1 - Cross-Site Scripting (@arafatansari) [high]
[eaa-app-lfi] EAA Application Access System - Arbitary File Read (@momika233)
[high]
[easycvr-info-leak] EasyCVR video management - Users Information Exposure
(@pussycat0x) [high]
[easyimage-downphp-lfi] EasyImage down.php - Arbitrary File Read (@dhiyaneshdk)
[high]
[ecology-oa-file-sqli] E-cology FileDownloadForOutDocSQL - SQL Injection
(@momika233) [high]
[ecshop-sqli] ECShop 2.x/3.x - SQL Injection (@lark-
lab,@imnightmaree,@ritikchaddha) [critical]
[ecsimagingpacs-rce] ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File
Inclusion (@ritikchaddha) [critical]
[eibiz-lfi] Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
(@0x_akoko) [high]
[elFinder-path-traversal] elFinder <=2.1.12 - Local File Inclusion (@ritikchaddha)
[high]
[elasticsearch5-log4j-rce] Elasticsearch 5 - Remote Code Execution (Apache Log4j)
(@akincibor) [critical]
[empirecms-xss] EmpireCMS 7.5 - Cross-Site Scripting (@pikpikcu) [high]
[ems-sqli] Employee Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[ep-web-cms-xss] EP Web Solutions CMS - Cross Site Scripting (@r3y3r53) [medium]
[epp-server-lfi] EPP Server - Local File Inclusion (@dhiyaneshdk) [high]
[erensoft-sqli] ErenSoft - SQL Injection (@r3y3r53) [high]
[eris-xss] Complete Online Job Search System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[etouch-v2-sqli] ECTouch 2 - SQL Injection (@princechaddha) [critical]
[ewebs-arbitrary-file-reading] EWEBS - Local File Inclusion (@pikpikcu) [high]
[eyelock-nano-lfd] EyeLock nano NXT 3.5 - Arbitrary File Retrieval (@geeknik)
[high]
[f-secure-policymanager-log4j-rce] F-Secure Policy Manager - Remote Code Execution
(Apache Log4j) (@shaikhyaser) [critical]
[fanruanoa2012-disclosure] Fanruan Report 2012 Information Disclosure (@yanyun)
[high]
[fatpipe-auth-bypass] FatPipe WARP 10.2.2 - Authorization Bypass (@gy741) [high]
[feifeicms-lfr] FeiFeiCms - Local File Inclusion (@princechaddha) [high]
[finecms-sqli] FineCMS 5.0.10 - SQL Injection (@ritikchaddha) [critical]
[flatpress-xss] FlatPress 1.2.1 - Stored Cross-Site Scripting (@arafatansari)
[medium]
[flexnet-log4j-rce] Flexnet - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[flir-ax8-rce] FLIR-AX8 res.php - Remote Code Execution (@momika233) [critical]
[flir-path-traversal] Flir - Local File Inclusion (@pikpikcu) [high]
[fortiportal-log4j-rce] FortiPortal - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[geowebserver-lfi] GeoVision Geowebserver 5.3.3 - Local File Inclusion (@madrobot)
[high]
[geowebserver-xss] GeoVision Geowebserver 5.3.3 - Cross-Site Scripting (@madrobot)
[high]
[global-domains-lfi] Global Domains International - Local File Inclusion
(@0x_akoko) [high]
[global-domains-xss] Global Domains International - Cross-Site Scripting
(@princechaddha) [high]
[glodon-linkworks-sqli] Glodon Linkworks GWGdWebService - SQL injection
(@dhiyaneshdk) [high]
[gloo-unauth] Unauthenticated Gloo UI (@dhiyaneshdk) [high]
[goanywhere-mft-log4j-rce] GoAnywhere Managed File Transfer - Remote Code
Execution (Apache Log4j) (@pussycat0x) [critical]
[goip-1-lfi] GoIP-1 GSM - Local File Inclusion (@gy741) [high]
[graylog-log4j] Graylog (Log4j) - Remote Code Execution (@dhiyaneshdk) [critical]
[groomify-sqli] Groomify v1.0 - SQL Injection Vulnerability (@theamanrawat) [high]
[groupoffice-lfi] Groupoffice 3.4.21 - Local File Inclusion (@0x_akoko) [high]
[gsoap-lfi] gSOAP 2.8 - Local File Inclusion (@0x_akoko) [high]
[gz-forum-script-xss] GZ Forum Script 1.8 - Cross-Site Scripting (@r3y3r53)
[medium]
[h3c-cvm-arbitrary-file-upload] H3C CVM - Arbitrary File Upload (@sleepingbag945)
[critical]
[h3c-imc-rce] H3c IMC - Remote Code Execution (@pikpikcu) [critical]
[hanming-lfr] Hanming Video Conferencing - Local File Inclusion (@ritikchaddha)
[high]
[hanta-rce] Hanta Internet Behavior Management System - Remote Code Execution
(@momika233) [high]
[hashicorp-consul-rce] Hashicorp Consul Services API - Remote Code Execution
(@pikpikcu) [critical]
[hasura-graphql-psql-exec] Hasura GraphQL Engine - Remote Code Execution (@udyz)
[critical]
[hasura-graphql-ssrf] Hasura GraphQL Engine - Server Side Request Forgery
(@princechaddha) [high]
[hiboss-rce] Hiboss - Remote Code Execution (@pikpikcu) [critical]
[hikvision-isecure-center-rce] HIKVISION iSecure Center - Remote Code Execution
(@sleepingbag945) [critical]
[hjtcloud-arbitrary-file-read] HJTcloud - Local File Inclusion (@pikpikcu) [high]
[hjtcloud-rest-arbitrary-file-read] HJTcloud - Local File Inclusion (@pikpikcu)
[high]
[homeautomation-v3-openredirect] HomeAutomation 3.3.2 - Open Redirect (@0x_akoko)
[medium]
[hongfan-ioffice-lfi] Hongfan OA ioFileExport.aspx - Arbitrary File Read
(@sleepingbag945) [medium]
[hongfan-ioffice-rce] Hongfan OA ioAssistance.asmx - Remote Code Execution
(@sleepingbag945) [high]
[hongfan-ioffice-sqli] Hongfan OA udfmr.asmx - SQL injection (@sleepingbag945)
[high]
[hospital-management-xss] Hospital Management System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[hospital-management-xss2] Hospital Management System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[hrsale-unauthenticated-lfi] Hrsale 2.0.0 - Local File Inclusion (@0x_akoko) [high]
[huatian-oa8000-sqli] Huatian Power OA 8000 workFlowService - SQL injection
(@sleepingbag945) [critical]
[huawei-hg659-lfi] HUAWEI HG659 - Local File Inclusion (@pikpikcu) [high]
[huawei-router-auth-bypass] Huawei Router - Authentication Bypass (@gy741)
[critical]
[huijietong-cloud-fileread] Huijietong - Local File Inclusion
(@princechaddha,@ritikchaddha) [high]
[huiwen-bibliographic-info-leak] Huiwen library bibliographic Retrieval System -
Information Exposure (@sleepingbag945) [high]
[icewarp-open-redirect] IceWarp - Open Redirect (@uomogrande) [medium]
[icewarp-webclient-rce] IceWarp WebClient - Remote Code Execution (@gy741)
[critical]
[indonasia-toko-cms-sql] Indonasia Toko CMS - SQL Injection (@r3y3r53) [high]
[inspur-clusterengine-rce] Inspur Clusterengine V4 SYSshell - Remote Command
Execution (@ritikchaddha) [critical]
[interlib-fileread] Interlib - Local File Inclusion (@pikpikcu) [high]
[java-melody-xss] JavaMelody - Cross-Site Scripting (@kailashbohara) [high]
[jeewms-lfi] JEEWMS - Local File Inclusion (@pikpikcu) [high]
[jfrog-unauth-build-exposed] JFrog Unauthentication Builds (@dhiyaneshdk) [medium]
[jinfornet-jreport-lfi] Jinfornet Jreport 15.6 - Local File Inclusion (@0x_akoko)
[high]
[jitsi-meet-log4j-rce] Jitsi Meet - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[joomla-com-fabrik-lfi] Joomla! com_fabrik 3.9.11 - Local File Inclusion
(@dhiyaneshdk) [high]
[joomla-jlex-xss] Joomla JLex Review 6.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[joomla-jmarket-xss] Joomla jMarket 5.15 - Cross-Site Scripting (@r3y3r53) [medium]
[kafdrop-xss] KafDrop - Cross-Site Scripting (@dhiyaneshdk) [high]
[karel-ip-phone-lfi] Karel IP Phone IP1211 Web Management Panel - Local File
Inclusion (@0x_akoko) [high]
[kavita-lfi] Kavita - Local File Inclusion (@arafatansari) [high]
[kevinlab-bems-sqli] KevinLAB BEMS 1.0 - SQL Injection (@gy741) [critical]
[khodrochi-cms-xss] Khodrochi CMS - Cross Site Scripting (@r3y3r53) [medium]
[kingdee-eas-directory-traversal] Kingdee EAS - Local File Inclusion
(@ritikchaddha) [high]
[kingdee-erp-rce] Kingdee OA Yunxingkong kdsvc - Remote Code Execution
(@sleepingbag945) [critical]
[kingsoft-v8-file-read] Kingsoft 8 - Local File Inclusion (@ritikchaddha) [high]
[kingsoft-vgm-lfi] Kingsoft VGM Antivirus - Arbitrary File Read (@abbas.heybati)
[high]
[kiwitcms-json-rpc] Kiwi TCMS Information Disclosure (@act1on3) [high]
[kedacom-network-lfi] Kedacom Network Keyboard Console - Arbitrary File Read
(@dhiyaneshdk) [high]
[kyocera-m2035dn-lfi] Kyocera Command Center RX ECOSYS M2035dn - Local File
Inclusion (@0x_akoko) [high]
[landray-oa-datajson-rce] Landray OA Datajson S Bean - Remote Code Execution
(@sleepingbag945) [critical]
[landray-oa-erp-data-rce] Landray-OA - Remote Code Execution (@sleepingbag945)
[critical]
[laravel-filemanager-lfi] UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
(@hackerarpan) [high]
[lean-value-listing] LVS Lean Value Management System Business - Directory Listing
(@pussycat0x) [low]
[livebos-file-read] LiveBOS ShowImage.do - Arbitrary File Read (@yusakie) [high]
[loancms-sqli] Loan Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[logstash-log4j-rce] Logstash - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[lokomedia-cms-lfi] Lokomedia CMS - LFI Vulnerability (@r3y3r53) [high]
[lotuscms-rce] LotusCMS 3.0 - Remote Code Execution (@pikpikcu) [critical]
[lucee-unset-credentials] Lucee - Unset Credentials (@jpg0mez) [high]
[lucee-xss] Lucee - Cross-Site Scripting (@incogbyte) [high]
[luftguitar-arbitrary-file-upload] Luftguitar CMS Arbitrary File Upload (@pikpikcu)
[high]
[magicflow-lfi] MagicFlow - Local File Inclusion (@gy741) [high]
[maltrail-rce] Maltrail <= v0.54 - Unauthenticated OS Command Injection
(@pussycat0x) [critical]
[manage-engine-dc-log4j-rce] Manage Engine Desktop Central - Remote Code Execution
(Apache Log4j) (@shaikhyaser) [critical]
[mcafee-epo-rce] McAfee ePolicy Orchestrator - Arbitrary File Upload (@dwisiswant0)
[high]
[metabase-log4j] Metabase - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[metinfo-lfi] MetInfo <=6.1.0 - Local File Inclusion (@pikpikcu) [high]
[microstrategy-ssrf] MicroStrategy tinyurl - Server-Side Request Forgery (Blind)
(@organiccrap) [high]
[microweber-xss] Microweber Cross-Site Scripting (@gy741) [high]
[mida-eframework-xss] Mida eFramework - Cross-Site Scripting (@pikpikcu) [high]
[minimouse-lfi] Mini Mouse 9.2.0 - Local File Inclusion (@0x_akoko) [high]
[mirai-unknown-rce] Mirai - Remote Command Injection (@gy741) [critical]
[mpsec-lfi] MPSec ISG1000 - Local File Inclusion (@pikpikcu) [high]
[myucms-lfr] MyuCMS - Local File Inclusion (@princechaddha) [high]
[nacos-auth-bypass] Nacos 1.x - Authentication Bypass
(@taielab,@pikpikcu,@sleepingbag945) [critical]
[natshell-path-traversal] NatShell - Local File Inclusion (@pikpikcu) [high]
[natshell-rce] NatShell Debug File - Remote Code Execution (@pikpikcu) [critical]
[netgear-router-auth-bypass] NETGEAR DGN2200v1 - Authentication Bypass (@gy741)
[high]
[netgear-router-exposure] NETGEAR Routers - Serial Number Disclosure (@geeknik)
[medium]
[netgear-wac124-router-auth-bypass] NETGEAR WAC124 - Authentication Bypass (@gy741)
[high]
[netis-info-leak] Netis E1+ V1.2.32533 - WiFi Password Disclosure (@gy741) [high]
[news-script-xss] News Script Pro 2.4 - Cross-Site Scripting (@r3y3r53) [medium]
[nextjs-redirect] Next.js <1.2.3 - Open Redirect (@dhiyaneshdk) [medium]
[nginx-merge-slashes-path-traversal] Nginx Server - Local File Inclusion
(@dhiyaneshdk) [high]
[nginx-module-vts-xss] Nginx Virtual Host Traffic Status Module - Cross-Site
Scripting (@madrobot,@j4vaovo) [high]
[nginxwebui-runcmd-rce] nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution
(@dhiyaneshdk) [critical]
[nsasg-arbitrary-file-read] NS ASG - Local File Inclusion (@pikpikcu,@ritikchaddha)
[high]
[nuuo-file-inclusion] NUUO NVRmini 2 3.0.8 - Local File Inclusion (@princechaddha)
[high]
[nuuo-nvrmini2-rce] NUUO NVRmini 2 3.0.8 - Remote Code Execution (@berkdusunur)
[critical]
[odoo-cms-redirect] Odoo CMS - Open Redirect (@0x_akoko) [medium]
[office-suite-xss] Office Suite Premium < 10.9.1.42602 - Cross-Site Scripting
(@r3y3r53) [medium]
[office365-indexs-fileread] OfficeWeb365 Indexs Interface - Arbitary File Read
(@dhiyaneshdk) [high]
[okta-log4j-rce] Okta - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[oliver-library-lfi] Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
(@gy741) [high]
[onlinefarm-management-xss] Online Farm Management System 0.1.0 - Cross-Site
Scripting (@arafatansari) [high]
[opencart-core-sqli] OpenCart Core 4.0.2.3 'search' - SQL Injection (@kazgangap)
[high]
[opencti-lfi] OpenCTI 3.3.1 - Local File Inclusion (@0x_akoko) [high]
[opennms-log4j-jndi-rce] OpenNMS - JNDI Remote Code Execution (Apache Log4j)
(@johnk3r) [critical]
[openshift-log4j-rce] OpenShift - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[opensis-lfi] openSIS 5.1 - Local File Inclusion (@pikpikcu) [high]
[opensns-rce] OpenSNS - Remote Code Execution (@gy741) [critical]
[openvpn-hhi] OpenVPN Host Header Injection (@twitter.com/dheerajmadhukar) [info]
[optilink-ont1gew-gpon-rce] OptiLink ONT1GEW GPON Remote Code Execution (@gy741)
[critical]
[oracle-fatwire-lfi] Oracle Fatwire 6.3 - Path Traversal (@bernardo rodrigues
@bernardofsr) [high]
[orbiteam-bscw-server-lfi] OrbiTeam BSCW Server - Local File Inclusion (@0x_akoko)
[high]
[otobo-open-redirect] Otobo - Open Redirect (@0x_akoko) [medium]
[ozeki-10-sms-gateway] Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read
(@r3y3r53) [high]
[pacsone-server-lfi] PACSOne Server 6.6.2 - Local File Inclusion (@0x_akoko) [high]
[panabit-ixcache-rce] Panabit iXCache date_config - Remote Code Execution
(@momika233) [critical]
[papercut-log4j-rce] Papercut - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[parallels-hsphere-xss] Parallels H-Sphere - Cross-Site Scripting (@ritikchaddha)
[high]
[parentlink-xss] Blackboard - Cross-Site Scripting (@r3naissance) [high]
[pbootcms-database-file-download] PbootCMS 2.0.7 - SQL Injection (@ritikchaddha)
[critical]
[pdf-signer-ssti-to-rce] PDF Signer 3.0 - Template Injection (@madrobot) [critical]
[pega-log4j-rce] Pega - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[php-timeclock-xss] PHP Timeclock <=1.04 - Cross-Site Scripting (@pikpikcu) [high]
[phpldapadmin-xss] PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
(@godfatherorwa,@herry) [medium]
[phpok-sqli] PHPOK - SQL Injection (@ritikchaddha) [critical]
[phpwiki-lfi] phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion (@0x_akoko)
[high]
[phuket-cms-sqli] Phuket Solution CMS - SQL Injection (@r3y3r53) [high]
[phuket-cms-xss] Phuket Solution CMS - Cross Site Scripting (@r3y3r53) [medium]
[pmb-directory-traversal] PMB 5.6 - Local File Inclusion (@geeknik) [high]
[pmb-local-file-disclosure] PMB 5.6 - Local File Inclusion (@dhiyaneshdk) [high]
[pmb-sqli] PMB <= 7.4.6 - SQL Injection (@r3y3r53) [high]
[pmb-xss] PMB v7.4.1 - Cross Site Scripting (@r3y3r53) [medium]
[podcast-generator-ssrf] PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
(@ritikchaddha,@mrharshvardhan) [high]
[pollbot-redirect] Mozilla Pollbot - Open Redirect (@evan rubinstien) [medium]
[powercreator-cms-rce] PowerCreator CMS - Remote Code Execution (@pikpikcu)
[critical]
[processmaker-lfi] ProcessMaker <=3.5.4 - Local File Inclusion (@kre80r) [high]
[pyspider-unauthorized-access] Pyspider Unauthorized Access (@ritikchaddha) [high]
[qcubed-xss] Qcubed - Cross-Site Scripting (@pikpikcu) [high]
[qi-anxin-netkang-next-generation-firewall-rce] Qi'anxin Netkang Next Generation
Firewall - Remote Code Execution (@pikpikcu) [critical]
[qihang-media-disclosure] QiHang Media Web Digital Signage 3.0.9 - Cleartext
Credentials Disclosure (@gy741) [high]
[qihang-media-lfi] QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary
File Disclosure (@gy741) [high]
[qizhi-fortressaircraft-unauth] Qizhi Fortressaircraft Unauthorized Access
(@ritikchaddha) [high]
[quick-cms-sqli] Quick.CMS v6.7 - SQL Injection (@kazgangap) [high]
[rconfig-file-upload] rConfig 3.9.5 - Arbitrary File Upload (@dwisiswant0) [high]
[reddittop-rss-xss] Reddit Top RSS - Cross-Site Scripting (@arafatansari) [high]
[rentequip-xss] RentEquip Multipurpose Rental 1.0 - Cross Site Scripting (@r3y3r53)
[medium]
[resin-cnnvd-200705-315] Caucho Resin Information Disclosure (@princechaddha)
[high]
[resin-inputfile-fileread] Caucho Resin LFR (@princechaddha) [high]
[resin-viewfile-lfr] Caucho Resin LFR (@princechaddha) [high]
[rockmongo-xss] RockMongo 1.1.8 - Cross-Site Scripting (@pikpikcu) [high]
[rundeck-log4j] Rundeck - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[sangfor-cphp-rce] Sangfor Log Center - Remote Command Execution (@dhiyaneshdk)
[critical]
[sangfor-download-lfi] Sangfor Application download.php - Arbitary File Read
(@dhiyaneshdk) [high]
[sangfor-sysuser-conf] Sangfor Application sys_user.conf Account Password Leakage
(@dhiyaneshdk) [high]
[sanhui-smg-file-read] Synway SMG Gateway down.php - Arbitrary File Read
(@sleepingbag945) [high]
[sap-redirect] SAP Solution Manager - Open Redirect (@gal nagli) [medium]
[sar2html-rce] sar2html 3.2.1 - Remote Command Injection (@gy741) [critical]
[seacms-rce] SeaCMS V6.4.5 RCE (@pikpikcu) [high]
[seacms-sqli] SeaCMS 8.7 - SQL Injection (@ritikchaddha) [critical]
[seeyon-oa-log4j] Seeyon OA (Log4j) - Remote Code Execution (@sleepingbag945)
[critical]
[seowon-router-rce] Seowon 130-SLC router - Remote Code Execution (@gy741)
[critical]
[servicenow-helpdesk-credential] ServiceNow Helpdesk Credential Exposure
(@ok_bye_now) [high]
[shoowbiz-xss] SHOOWBIZ - Cross Site Scripting (@r3y3r53) [medium]
[sick-beard-xss] Sickbeard - Cross-Site Scripting (@pikpikcu) [high]
[sitemap-sql-injection] Sitemap - SQL Injection (@aravind,@j4vaovo) [high]
[siteminder-dom-xss] SiteMinder - DOM Cross-Site Scripting (@clarkvoss) [high]
[sl-studio-lfi] Webbdesign SL-Studio - Local File Inclusion (@0x_akoko) [high]
[slims-xss] Senayan Library Management System v9.4.0(SLIMS 9) - Cross Site
Scripting (@arafatansari) [medium]
[sofneta-mecdream-pacs-lfi] Softneta MedDream PACS Server Premium 6.7.1.1 - Local
File Inclusion (@0x_akoko) [high]
[solar-log-authbypass] Solar-Log 500 2.8.2 - Incorrect Access Control (@geeknik)
[high]
[solarview-compact-xss] SolarView Compact 6.00 - Cross-Site Scripting
(@ritikchaddha) [high]
[sonicwall-nsm-log4j-rce] Sonicwall NSM - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[sonicwall-sslvpn-shellshock] Sonicwall SSLVPN - Remote Code Execution (ShellShock)
(@pr3r00t) [critical]
[sound4-file-disclosure] SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail)
Unauthenticated File Disclosure (@arafatansari) [medium]
[sound4-impact-auth-bypass] SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x - Authentication
Bypass (@r3y3r53) [high]
[sound4-password-auth-bypass] Sound4 IMPACT/FIRST/PULSE/Eco <=2.x - Authentication
Bypass (@r3y3r53) [high]
[spark-webui-unauth] Unauthenticated Spark WebUI (@princechaddha) [medium]
[splunk-enterprise-log4j-rce] Splunk Enterprise - Remote Code Execution (Apache
Log4j) (@shaikhyaser) [critical]
[sponip-network-system-ping-rce] Sponip Network System Ping - Remote Code Execution
(@pikpikcu) [critical]
[sslvpn-client-rce] SSL VPN Client - Remote Code Execution (@dhiyaneshdk)
[critical]
[stackposts-sqli] Stackposts Social Marketing Tool v1.0 - SQL Injection (@r3y3r53)
[high]
[steve-xss] SteVe - Cross-Site Scripting (@clem9669) [medium]
[surrealtodo-lfi] Surreal ToDo 0.6.1.2 - Local File Inclusion (@arafatansari)
[high]
[symantec-messaging-gateway] Symantec Messaging Gateway <=10.6.1 - Local File
Inclusion (@random_robbie) [high]
[symantec-sepm-log4j-rce] Symantec SEPM - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[taiwanese-travel-lfi] Taiwanese Travel - Local File Inclusion (@r3y3r53) [high]
[talroo-jobs-xss] Talroo Jobs Script 1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[tamronos-rce] TamronOS IPTV/VOD - Remote Command Execution (@pikpikcu) [critical]
[tamronos-user-creation] TamronOS IPTV - Arbitrary User Creation (@pussycat0x)
[high]
[tekon-info-leak] Tekon - Unauthenticated Log Leak (@gy741) [low]
[tendat-credential] Tendat Router Credential - Exposure (@pussycat0x) [high]
[thinkific-redirect] Thinkific - Open Redirect (@gal nagli) [medium]
[thruk-xss] Thruk Monitoring Webinterface - Cross-Site Scripting
(@pikpikcu,@ritikchaddha) [high]
[tianqing-info-leak] Tianqing Info Leak (@ritikchaddha) [medium]
[tikiwiki-reflected-xss] Tiki Wiki CMS Groupware 5.2 - Cross-Site Scripting
(@madrobot) [high]
[tikiwiki-xss] Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting (@arafatansari)
[medium]
[tpshop-directory-traversal] TPshop - Local File Inclusion (@pikpikcu) [high]
[turbocrm-xss] TurboCRM - Cross-Site Scripting (@pikpikcu) [high]
[twig-php-ssti] Twig PHP <2.4.4 template engine - SSTI (@madrobot) [high]
[ueditor-file-upload] UEditor - Arbitrary File Upload (@princechaddha) [high]
[umbraco-base-ssrf] Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
(@dhiyaneshdk) [medium]
[unauth-hoteldruid-panel] Hoteldruid Management Panel Access (@princechaddha)
[high]
[unauth-spark-api] Unauthenticated Spark REST API (@princechaddha) [critical]
[unifi-network-log4j-rce] UniFi Network Application - Remote Code Execution (Apache
Log4j) (@kre80r) [critical]
[universal-media-xss] Universal Media Server v13.2.1 - Cross Site Scripting
(@r3y3r53) [medium]
[ups-network-lfi] UPS Network Management Card 4 Path Traversal (@kazgangap) [high]
[user-management-system-sqli] User Management/Registration & Login v3.0 - SQL
Injection (@f0xy) [high]
[vanguard-post-xss] Vanguard Marketplace CMS 2.1 - Cross-Site Scripting
(@imnightmaree) [high]
[viewlinc-crlf-injection] viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
(@geeknik) [low]
[vmware-siterecovery-log4j-rce] VMware Site Recovery Manager - Remote Code
Execution (Apache Log4j) (@akincibor) [critical]
[voyager-lfi] Voyager 1.3.0 - Directory Traversal (@mammad_rahimzada) [high]
[vpms-auth-bypass] Vehicle Parking Management System 1.0 - SQL Injection
(@dwisiswant0) [critical]
[wapples-firewall-lfi] Wapples Web Application Firewall - Local File Inclusion
(@for3stco1d) [high]
[watchguard-credentials-disclosure] WatchGuard Fireware AD Helper Component -
Credentials Disclosure (@gy741) [critical]
[webigniter-xss] Webigniter 28.7.23 - Cross-Site Scripting (@theamanrawat) [medium]
[webpagetest-ssrf] Web Page Test - Server Side Request Forgery (SSRF) (@pdteam)
[high]
[webui-rce] WebUI 1.5b6 - Remote Code Execution (@pikpikcu) [critical]
[wems-manager-xss] WEMS Enterprise Manager - Cross-Site Scripting (@pikpikcu)
[high]
[wisegiga-nas-lfi] WiseGiga NAS - Arbitrary File Read (@pussycat0x) [high]
[wuzhicms-sqli] Wuzhicms 4.1.0 - SQL Injection (@princechaddha) [critical]
[xdcms-sqli] XdCMS - SQL Injection (@pikpikcu) [critical]
[xenmobile-server-log4j] Citrix XenMobile Server - Remote Code Execution (Apache
Log4j) (@dhiyaneshdk) [critical]
[xerox-efi-lfi] Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File
Inclusion (@gy741) [high]
[xxljob-executor-unauth] XXL-JOB executor - Unauthorized Access (@k3rwin)
[critical]
[yapi-rce] Yapi - Remote Code Execution (@pikpikcu) [critical]
[yarn-resourcemanager-rce] Apache Hadoop YARN ResourceManager - Remote Code
Execution (@pdteam) [low]
[yeswiki-sql] YesWiki <2022-07-07 - SQL Injection (@arafatansari) [critical]
[yeswiki-stored-xss] YesWiki - Stored Cross-Site Scripting (@arafatansari) [high]
[yeswiki-xss] YesWiki <2022-07-07 - Cross-Site Scripting (@arafatansari) [medium]
[yibao-sqli] Yibao OA System - SQL Injection (@dhiyaneshdk) [high]
[yishaadmin-lfi] yishaadmin - Local File Inclusion (@evan rubinstein) [high]
[yunanbao-rce] Yunanbao Cloud Box FastJson - Deserialization Remote Code Execution
(@dhiyaneshdk) [critical]
[zcms-v3-sqli] ZCMS - SQL Injection (@princechaddha) [critical]
[zhixiang-oa-msglog-sqli] Zhixiang OA msglog.aspx - SQL injection (@sleepingbag945)
[high]
[zimbra-preauth-ssrf] Zimbra Collaboration Suite - Server-Side Request Forgery
(@gy741) [critical]
[zms-auth-bypass] Zoo Management System 1.0 - SQL Injection (@dwisiswant0)
[critical]
[zms-sqli] Zoo Management System 1.0 - SQL Injection (@arafatansari) [critical]
[zzcms-xss] ZZCMS - Cross-Site Scripting (@ritikchaddha) [high]
[php-xdebug-rce] Xdebug remote code execution via xdebug.remote_connect_back
(@pwnhxl) [high]
[phpmyadmin-unauth-access] PhpMyAdmin - Unauthenticated Access (@pwnhxl) [high]
[portainer-init-deploy] Portainer - Init Deploy Discovery (@princechaddha) [medium]
[prestashop-apmarketplace-sqli] PrestaShop Ap Marketplace SQL Injection
(@mastercho) [high]
[prestashop-blocktestimonial-file-upload] Prestashop Blocktestimonial Modules -
File Upload Vulnerability (@mastercho) [critical]
[prestashop-cartabandonmentpro-file-upload] Prestashop Cart Abandonment Pro File
Upload (@mastercho) [critical]
[secsslvpn-auth-bypass] Secure Access Gateway SecSSLVPN - Authentication Bypass
(@sleepingbag945) [high]
[qibocms-file-download] Qibocms - Arbitrary File Download (@theabhinavgaur) [high]
[rails6-xss] Ruby on Rails - CRLF Injection and Cross-Site Scripting
(@ooooooo_q,@rootxharsh,@iamnoooob) [medium]
[deadbolt-ransomware] Deadbolt Ransomware Detection (@pdteam) [info]
[realor-gwt-system-sqli] Realor GWT System SQL injection (@sleepingbag945) [high]
[rocketchat-unauth-access] RocketChat Live Chat - Unauthenticated Read Access
(@rojanrijal) [high]
[royalevent-management-xss] Royal Event Management System - Cross-Site Scripting
(@ritikchaddha) [high]
[royalevent-stored-xss] Royal Event Management System - Stored Cross-Site Scripting
(@ritikchaddha) [high]
[ruijie-eg-login-rce] Ruijie EG Easy Gateway - Remote Command Execution
(@pikpikcu,@pdteam) [critical]
[ruijie-eg-rce] Ruijie EG - Remote Code Execution (@pikpikcu) [critical]
[ruijie-excu-shell] Ruijie Switch Web Management System EXCU_SHELL - Information
Disclosure (@momika233) [high]
[ruijie-nbr-fileupload] Ruijie NBR fileupload.php - Arbitrary File Upload
(@sleepingbag945) [critical]
[ruijie-networks-lfi] Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File
Inclusion (@pikpikcu) [high]
[ruijie-nmc-sync-rce] Ruijie RG-UAC nmc_sync.php - Remote Code Execution
(@dhiyaneshdk) [critical]
[ruijie-password-leak] RG-UAC Ruijie - Password Hashes Leak
(@ritikchaddha,@galoget) [high]
[ruijie-rg-eg-web-mis-rce] Ruijie RG-EG - Remote Code Execution (@dhiyaneshdk)
[critical]
[samsung-wlan-ap-lfi] Samsung WLAN AP WEA453e - Local File Inclusion (@pikpikcu)
[high]
[samsung-wlan-ap-rce] Samsung WLAN AP WEA453e - Remote Code Execution (@pikpikcu)
[critical]
[samsung-wlan-ap-xss] Samsung WLAN AP WEA453e - Cross-Site Scripting (@pikpikcu)
[high]
[sangfor-ba-rce] Sangfor BA - Remote Code Execution (@ritikchaddha) [critical]
[sangfor-edr-auth-bypass] Sangfor EDR - Authentication Bypass (@princechaddha)
[high]
[sangfor-edr-rce] Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution (@pikpikcu)
[critical]
[sangfor-login-rce] Sangfor Application Login - Remote Command Execution
(@sleepingbag945) [critical]
[sangfor-nextgen-lfi] Sangfor Next Gen Application Firewall - Arbitary File Read
(@dhiyaneshdk) [high]
[secgate-3600-file-upload] SecGate 3600 Firewall obj_app_upfile - Arbitrary File
Upload (@sleepingbag945) [critical]
[seeyon-config-exposure] Seeyon OA A6 config.jsp - Information Disclosure
(@sleepingbag945) [medium]
[seeyon-createmysql-exposure] Seeyon OA A6 createMysql.jsp Database - Information
Disclosure (@sleepingbag945) [medium]
[seeyon-initdata-exposure] Seeyon OA A6 initDataAssess.jsp - Information Disclosure
(@sleepingbag945) [medium]
[seeyon-oa-fastjson-rce] Seeyon OA Fastjson Remote Code Execution (@sleepingbag945)
[critical]
[seeyon-oa-setextno-sqli] Seeyon OA A6 setextno.jsp - SQL Injection
(@sleepingbag945) [high]
[seeyon-oa-sp2-file-upload] Seeyon OA wpsAssistServlet - Arbitrary File Upload
(@sleepingbag945) [critical]
[wooyun-2015-148227] Seeyon WooYun - Local File Inclusion (@princechaddha) [high]
[zhiyuan-file-upload] Zhiyuan OA Arbitrary File Upload Vulnerability (@gy741)
[critical]
[zhiyuan-oa-info-leak] Zhiyuan Oa A6-s info Leak (@pikpikcu) [info]
[zhiyuan-oa-session-leak] Zhiyuan OA Session Leak (@pikpikcu) [medium]
[shiziyu-cms-apicontroller-sqli] Shiziyu CMS Api Controller - SQL Injection
(@sleepingbag945) [high]
[simple-crm-sql-injection] Simple CRM 3.0 SQL Injection and Authentication Bypass
(@geeknik) [critical]
[sitecore-xml-xss] SiteCore XML Control Script Insertion (@dhiyaneshdk) [medium]
[smartbi-deserialization] Smartbi windowunloading Interface - Deserialization
(@sleepingbag945) [high]
[splash-render-ssrf] Splash Render - SSRF (@pwnhxl) [high]
[jolokia-logback-jndi-rce] Jolokia Logback JNDI - Remote Code Execution
(@sleepingbag945) [high]
[springboot-actuators-jolokia-xxe] Spring Boot Actuators (Jolokia) XXE
(@dwisiswant0,@ipanda) [high]
[springboot-h2-db-rce] Spring Boot H2 Database - Remote Command Execution
(@dwisiswant0) [critical]
[springboot-log4j-rce] Spring Boot - Remote Code Execution (Apache Log4j) (@pdteam)
[critical]
[squirrelmail-address-xss] SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[squirrelmail-lfi] SquirrelMail 1.2.11 - Local File Inclusion (@dhiyaneshdk) [high]
[squirrelmail-vkeyboard-xss] SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[thinkcmf-arbitrary-code-execution] ThinkCMF - Remote Code Execution (@pikpikcu)
[high]
[thinkcmf-lfi] ThinkCMF - Local File Inclusion (@pikpikcu) [high]
[thinkcmf-rce] ThinkCMF - Remote Code Execution (@pikpikcu) [critical]
[thinkphp-2-rce] ThinkPHP 2/3 - Remote Code Execution (@dr_set) [critical]
[thinkphp-501-rce] ThinkPHP 5.0.1 - Remote Code Execution (@lark-lab) [critical]
[thinkphp-5022-rce] ThinkPHP - Remote Code Execution (@dr_set) [critical]
[thinkphp-5023-rce] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical]
[thinkphp-509-information-disclosure] ThinkPHP 5.0.9 - Information Disclosure
(@dr_set) [critical]
[titannit-web-rce] TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code
Execution (@dhiyaneshdk) [high]
[tongda-action-uploadfile] Tongda OA v2017 action_upload - Arbitrary File Upload
(@sleepingbag945) [critical]
[tongda-api-file-upload] Tongda OA v11.8 api.ali.php - Arbitrary File Upload
(@sleepingbag945) [critical]
[tongda-arbitrary-login] Tongda OA header.inc.php - Authentication Bypass
(@sleepingbag945) [high]
[tongda-contact-list-exposure] Tongda OA v2014 Get Contactlistt - Sensitive
Information Disclosure (@sleepingbag945) [medium]
[tongda-getdata-rce] Tongda OA v11.9 getadata - Remote Code Execution
(@sleepingbag945) [critical]
[tongda-getway-rfi] Tongda OA v11.8 getway.php - Remote File Inclution
(@sleepingbag945,@pussycat0x) [critical]
[tongda-insert-sqli] Tongda OA v11.6 Insert Parameter - SQL Injection
(@sleepingbag945) [high]
[tongda-login-code-authbypass] Tongda OA v11.8 logincheck_code.php - Authentication
Bypass (@sleepingbag945) [high]
[tongda-meeting-unauth] Tongda OA Meeting - Unauthorized Access (@sleepingbag945)
[medium]
[tongda-oa-swfupload-sqli] Tongda OA v11.5 swfupload_new.php - SQL Injection
(@sleepingbag945) [high]
[tongda-path-traversal] Office Anywhere TongDa - Path Traversal (@pikpikcu)
[critical]
[tongda-report-func-sqli] Tongda OA v11.6 report_bi.func.php - SQL injection
(@sleepingbag945) [high]
[tongda-session-disclosure] Tongda User Session Disclosure (@ritikchaddha) [medium]
[tongda-video-file-read] Tongda OA V2017 Video File - Arbitrary File Read
(@sleepingbag945) [medium]
[topsec-topacm-rce] Topsec Topacm - Remote Code Execution (@sleepingbag945)
[critical]
[topsec-topapplb-auth-bypass] Topsec TopAppLB - Authentication Bypass
(@sleepingbag945) [high]
[ueditor-ssrf] UEditor - Server Side Request Forgery (@pwnhxl) [medium]
[ueditor-xss] ueditor - Cross Site Scripting (@pwnhxl) [high]
[arcade-php-sqli] Arcade.php - SQL Injection (@mastercho) [high]
[vbulletin-ajaxreg-sqli] vBulletin 3.x / 4.x AjaxReg - SQL Injection (@mastercho)
[critical]
[vbulletin-backdoor] vBulletin Backdoor - Detect (@mastercho) [high]
[vbulletin-search-sqli] vBulletin `Search.php` - SQL Injection (@mastercho) [high]
[videoxpert-lfi] Schneider Electric Pelco VideoXpert Core Admin Portal - Local File
Inclusion (@0x_akoko) [high]
[vmware-cloud-xss] VMWare Cloud - Cross Site Scripting (@tess) [medium]
[vmware-hcx-log4j] VMware HCX - Remote Code Execution (Apache Log4j)
(@pussycat0x,@dhiyaneshdk) [critical]
[vmware-horizon-log4j-jndi-rce] VMware Horizon - JNDI Remote Code Execution (Apache
Log4j) (@johnk3r) [critical]
[vmware-nsx-log4j] VMware NSX - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[vmware-nsx-stream-rce] VMware NSX Manager XStream Pre-authenticated Remote Code
Execution (@_0xf4n9x_) [high]
[vmware-operation-manager-log4j] VMware Operations Manager - Remote Code Execution
(Apache Log4j) (@dhiyaneshdk) [critical]
[vmware-vcenter-lfi-linux] Linux Vmware Vcenter - Local File Inclusion (@pr3r00t)
[high]
[vmware-vcenter-lfi] VMware vCenter - Local File Inclusion (@dwisiswant0) [high]
[vmware-vcenter-log4j-jndi-rce] VMware VCenter - Remote Code Execution (Apache
Log4j) (@_0xf4n9x_) [critical]
[vmware-vcenter-ssrf] VMware vCenter - Server-Side Request Forgery/Local File
Inclusion/Cross-Site Scripting (@pdteam) [critical]
[vrealize-operations-log4j-rce] VMware vRealize Operations Tenant - JNDI Remote
Code Execution (Apache Log4j) (@bughuntersurya) [critical]
[wanhu-documentedit-sqli] WanhuOA DocumentEdit.jsp - SQL Injection
(@sleepingbag945) [high]
[wanhu-download-ftp-file-read] Wanhu OA download_ftp.jsp - Arbitrary File Read
(@sleepingbag945) [high]
[wanhu-download-old-file-read] Wanhu OA download_old.jsp - Arbitrary File Read
(@sleepingbag945) [high]
[wanhu-oa-fileupload-controller] Wanhu OA Fileupload Controller - Arbitrary File
Upload (@sleepingbag945) [critical]
[wanhu-teleconferenceservice-xxe] Wanhu OA TeleConferenceService Interface - XML
External Entity Injection (@sleepingbag945) [high]
[wanhuoa-downloadservlet-lfi] Wanhu OA DownloadServlet - Remote File Disclosure
(@wpsec) [high]
[wanhuoa-officeserverservlet-file-upload] Wanhu OA OfficeServerServlet - Arbitrary
File Upload (@sleepingbag945) [critical]
[wanhuoa-smartupload-file-upload] Wanhu OA smartUpload.jsp - Arbitrary File Upload
(@sleepingbag945) [critical]
[ecology-jqueryfiletree-traversal] Weaver E-Cology JqueryFileTree - Directory
Traversal (@sleepingbag945) [medium]
[ecology-verifyquicklogin-auth-bypass] Weaver e-cology verifyquicklogin.jsp - Auth
Bypass (@sleepingbag945) [high]
[ecology-arbitrary-file-upload] Ecology - Arbitrary File Upload (@ritikchaddha)
[critical]
[ecology-filedownload-directory-traversal] Ecology - Local File Inclusion
(@princechaddha) [high]
[ecology-mysql-config] Fanwei OA E-Office - Information Disclosure (@ritikchaddha)
[medium]
[ecology-oa-byxml-xxe] EcologyOA deleteUserRequestInfoByXml - XML External Entity
Injection (@sleepingbag945) [high]
[ecology-springframework-directory-traversal] Ecology Springframework - Local File
Inclusion (@princechaddha) [high]
[ecology-syncuserinfo-sqli] Ecology Syncuserinfo - SQL Injection (@ritikchaddha)
[critical]
[ecology-v8-sqli] Ecology 8 - SQL Injection (@ritikchaddha) [critical]
[weaver-eoffice-file-upload] Weaver E-Office v9.5 - Arbitrary File Upload
(@princechaddha) [high]
[oa-v9-uploads-file] OA 9 - Arbitrary File Upload (@pikpikcu) [high]
[weaver-checkserver-sqli] Ecology OA CheckServer - SQL Injection (@sleepingbag945)
[high]
[weaver-e-cology-validate-sqli] Weaver e-cology Validate.JSP - SQL Injection
(@sleepingbag945) [high]
[weaver-e-mobile-rce] Weaver E-mobile client.do - Remote Code Execution
(@sleepingbag945) [critical]
[weaver-ebridge-lfi] Weaver E-Bidge saveYZJFile - Local File Read (@sleepingbag945)
[high]
[weaver-ecology-bshservlet-rce] Weaver E-Cology BeanShell - Remote Command
Execution (@sleepingbag945) [critical]
[weaver-ecology-getsqldata-sqli] Weaver E-Cology `getsqldata` - SQL Injection
(@sleepingbag945) [high]
[weaver-ecology-hrmcareer-sqli] Weaver E-Cology HrmCareerApplyPerView - SQL
Injection (@sleepingbag945) [high]
[weaver-group-xml-sqli] OA E-Office group_xml.php - SQL Injection (@sleepingbag945)
[critical]
[weaver-jquery-file-upload] OA E-Office jQuery - Arbitrary File Upload
(@sleepingbag945) [critical]
[weaver-ktreeuploadaction-file-upload] Weaver E-Cology KtreeUploadAction -
Arbitrary File Upload (@sleepingbag945) [critical]
[weaver-lazyuploadify-file-upload] OA E-Office LazyUploadify - Arbitrary File
Upload (@sleepingbag945) [critical]
[weaver-login-sessionkey] OA E-Mobile login_quick.php - Login SessionKey
(@sleepingbag945) [high]
[weaver-mysql-config-exposure] OA E-Office mysql_config.ini - Information
Disclosure (@sleepingbag945) [high]
[weaver-office-server-file-upload] OA E-Office OfficeServer.php Arbitrary File
Upload (@sleepingbag945) [critical]
[weaver-officeserver-lfi] OA E-Office officeserver.php Arbitrary File Read
(@sleepingbag945) [high]
[weaver-signaturedownload-lfi] OA E-Weaver SignatureDownLoad - Arbitrary File Read
(@sleepingbag945) [high]
[weaver-sptmforportalthumbnail-lfi] OA E-Weaver SptmForPortalThumbnail - Arbitrary
File Read (@sleepingbag945) [high]
[weaver-uploadify-file-upload] OA E-Office Uploadify - Arbitrary File Upload
(@sleepingbag945) [critical]
[weaver-uploadoperation-file-upload] Weaver OA Workrelate - Arbitary File Upload
(@sleepingbag945) [critical]
[weaver-userselect-unauth] OA E-Office UserSelect Unauthorized Access
(@sleepingbag945) [high]
[webp-server-go-lfi] Webp server go - Local File Inclusion (@pikpikcu) [high]
[wechat-info-leak] WeChat agentinfo - Information Exposure (@sleepingbag945)
[high]
[3d-print-lite-xss] 3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting
(@r3y3r53) [medium]
[3dprint-arbitrary-file-upload] WordPress 3DPrint Lite <1.9.1.5 - Arbitrary File
Upload (@secthebit) [high]
[404-to-301-xss] WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
(@akincibor) [medium]
[ad-widget-lfi] WordPress Ad Widget 2.11.0 - Local File Inclusion (@0x_akoko)
[high]
[advanced-access-manager-lfi] WordPress Advanced Access Manager < 5.9.9 - Local
File Inclusion (@0x_akoko) [high]
[advanced-booking-calendar-sqli] Advanced Booking Calendar < 1.6.2 - SQL Injection
(@theamanrawat) [critical]
[age-gate-open-redirect] WordPress Age Gate <2.13.5 - Open Redirect (@akincibor)
[medium]
[age-gate-xss] WordPress Age Gate <2.20.4 - Cross-Site Scripting
(@akincibor,@daffainfo) [high]
[ait-csv-import-export-rce] WordPress AIT CSV Import Export - Unauthenticated
Remote Code Execution (@gy741) [critical]
[alfacgiapi-wordpress] alfacgiapi (@pussycat0x) [low]
[amministrazione-aperta-lfi] WordPress Amministrazione Aperta 3.7.3 - Local File
Inclusion (@daffainfo,@splint3r7) [high]
[analytify-plugin-xss] Analytify <4.2.1 - Cross-Site Scripting (@akincibor)
[medium]
[aspose-file-download] Wordpress Aspose Cloud eBook Generator - Local File
Inclusion (@0x_akoko) [high]
[aspose-ie-file-download] WordPress Aspose Importer & Exporter 1.0 - Local File
Inclusion (@0x_akoko) [high]
[aspose-pdf-file-download] WordPress Aspose PDF Exporter - Local File Inclusion
(@0x_akoko) [high]
[aspose-words-file-download] WordPress Aspose Words Exporter <2.0 - Local File
Inclusion (@0x_akoko) [high]
[attitude-theme-open-redirect] WordPress Attitude 1.1.1 - Open Redirect (@0x_akoko)
[medium]
[avchat-video-chat-xss] WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[blog-designer-pack-rce] News & Blog Designer Pack < 3.4.2 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[booked-export-csv] Booked < 2.2.6 - Broken Authentication (@random-robbie) [high]
[brandfolder-lfi] Wordpress Brandfolder - Remote/Local File Inclusion (@0x_akoko)
[high]
[brandfolder-open-redirect] WordPress Brandfolder - Open Redirect (RFI & LFI)
(@0x_akoko) [medium]
[calameo-publications-xss] WordPress Manage Calameo Publications 1.1.0 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[checkout-fields-manager-xss] WordPress Checkout Fields Manager for WooCommerce
<5.5.7 - Cross-Site Scripting (@akincibor) [medium]
[cherry-file-download] Cherry Plugin < 1.2.7 - Arbitrary File Retrieval and File
Upload (@0x_akoko) [high]
[cherry-lfi] WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and
Download (@dhiyaneshdk) [high]
[church-admin-lfi] WordPress Church Admin 0.33.2.1 - Local File Inclusion
(@0x_akoko) [high]
[churchope-lfi] WordPress ChurcHope Theme <= 2.1 - Local File Inclusion
(@dhiyaneshdk) [high]
[clearfy-cache-xss] WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
(@akincibor) [medium]
[contus-video-gallery-sqli] WordPress Video Gallery <= 2.8 - SQL Injection
(@theamanrawat) [critical]
[curcy-xss] WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site
Scripting (@akincibor) [medium]
[diarise-theme-lfi] WordPress Diarise 1.5.9 - Arbitrary File Retrieval (@0x_akoko)
[high]
[dzs-zoomsounds-listing] WordPress Plugin dzs zoomsounds (@pussycat0x) [info]
[easy-media-gallery-pro-listing] WordPress Plugin Media Gallery Pro Listing
(@pussycat0x) [info]
[eatery-restaurant-open-redirect] WordPress Eatery 2.2 - Open Redirect (@0x_akoko)
[medium]
[elex-woocommerce-xss] WordPress WooCommerce Google Shopping < 1.2.4 - Cross-Site
Scripting (@dhiyaneshdk) [high]
[flow-flow-social-stream-xss] WordPress Flow-Flow Social Stream <=3.0.71 - Cross-
Site Scripting (@alph4byt3) [medium]
[hb-audio-lfi] Wordpress HB Audio Gallery Lite - Local File Inclusion
(@dhiyaneshdk) [high]
[health-check-lfi] WordPress Health Check & Troubleshooting <1.24 - Local File
Inclusion (@dhiyaneshdk) [high]
[hide-security-enhancer-lfi] WordPress Hide Security Enhancer 1.3.9.2 Local File
Inclusion (@dhiyaneshdk) [high]
[issuu-panel-lfi] Wordpress Plugin Issuu Panel Remote/Local File Inclusion
(@0x_akoko) [high]
[knr-widget-xss] KNR Author List Widget - Cross-site Scripting (@theamanrawat)
[medium]
[ldap-wp-login-xss] Ldap WP Login / Active Directory Integration < 3.0.2 - Cross-
Site Scripting (@r3y3r53) [medium]
[leaguemanager-sql-injection] LeagueManager <= 3.9.11 - SQL Injection
(@theamanrawat) [critical]
[members-list-xss] WordPress Members List <4.3.7 - Cross-Site Scripting
(@akincibor) [medium]
[modula-image-gallery-xss] WordPress Modula Image Gallery <2.6.7 - Cross-Site
Scripting (@akincibor) [medium]
[mthemeunus-lfi] WordPress mTheme-Unus Theme - Local File Inclusion (@dhiyaneshdk)
[high]
[music-store-open-redirect] WordPress eCommerce Music Store <=1.0.14 - Open
Redirect (@dhiyaneshdk) [medium]
[my-chatbot-xss] WordPress My Chatbot <= 1.1 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[nativechurch-wp-theme-lfd] WordPress NativeChurch Theme - Local File Inclusion
(@0x_akoko) [high]
[new-user-approve-xss] WordPress New User Approve <2.4.1 - Cross-Site Scripting
(@akincibor) [medium]
[newsletter-open-redirect] WordPress Newsletter Manager < 1.5 - Unauthenticated
Open Redirect (@dhiyaneshdk) [medium]
[notificationx-sqli] NotificationX < 2.3.12 - SQL Injection (@theamanrawat) [high]
[photo-gallery-xss] Photo Gallery < 1.7.1 - Cross-Site Scripting (@ritikchaddha)
[medium]
[photoblocks-grid-gallery-xss] Gallery Photoblocks < 1.1.41 - Cross-Site Scripting
(@r3y3r53) [medium]
[pieregister-open-redirect] WordPress Pie Register < 3.7.2.4 - Open Redirect
(@0x_akoko) [low]
[sassy-social-share-xss] Sassy Social Share <=3.3.3 - Cross-Site Scripting
(@random_robbie) [medium]
[seatreg-redirect] WordPress Plugin ‘SeatReg’ - Open Redirect (@mariam tariq)
[medium]
[seo-redirection-xss] WordPress SEO Redirection <7.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[shortcode-lfi] WordPress Download Shortcode 0.2.3 - Local File Inclusion
(@dhiyaneshdk) [high]
[shortpixel-image-optimizer-xss] WordPress ShortPixel Image Optimizer <4.22.10 -
Cross-Site Scripting (@akincibor) [medium]
[ultimatemember-open-redirect] WordPress Ultimate Member <2.1.7 - Open Redirect
(@0x_akoko) [medium]
[unauthenticated-duplicator-disclosure] WordPress Duplicator Plugin - Information
disclosure (@tess) [medium]
[w3c-total-cache-ssrf] Wordpress W3C Total Cache <= 0.9.4 - Server Side Request
Forgery (SSRF) (@random_robbie) [medium]
[watu-xss] Watu Quiz < 3.1.2.6 - Cross Site Scripting (@r3y3r53) [medium]
[weekender-newspaper-open-redirect] WordPress Weekender Newspaper 9.0 - Open
Redirect (@0x_akoko) [medium]
[woocommerce-pdf-invoices-xss] WordPress WooCommerce PDF Invoices & Packing Slips
<2.15.0 - Cross-Site Scripting (@akincibor) [medium]
[wordpress-accessible-wpconfig] WordPress wp-config Detection
(@kiblyn11,@zomsop82,@madrobot,@geeknik,@daffainfo,@r12w4n,@tess,@0xpugazh,@masterc
ho,@c4sper0) [high]
[wordpress-affiliatewp-log] WordPress Plugin "AffiliateWP -- Allowed Products" Log
Disclosure (@dhiyaneshdk) [low]
[wordpress-bbpress-plugin-listing] WordPress bbPress Plugin Directory Listing
(@dhiyaneshdk) [info]
[wordpress-db-backup-listing] WordPress DB Backup (@suman_kar) [medium]
[wordpress-db-backup] WordPress DB Backup (@dwisiswant0) [medium]
[wordpress-db-repair] Wordpress DB Repair Exposed (@_c0wb0y_) [low]
[wp-debug-log] WordPress Debug Log - Exposure
(@geraldino2,@dwisiswant0,@philippedelteil) [low]
[wordpress-directory-listing] Wordpress directory listing (@manas_harsh) [info]
[wordpress-elementor-plugin-listing] WordPress Elementor Plugin Directory Listing
(@dhiyaneshdk) [info]
[wordpress-emergency-script] WordPress Emergency Script (@dwisiswant0) [info]
[wordpress-git-config] Wordpress Git Config (@nerrorsec) [info]
[wordpress-gtranslate-plugin-listing] WordPress gtranslate Plugin Directory Listing
(@dhiyaneshdk) [info]
[wordpress-installer-log] WordPress Installer Log (@dwisiswant0) [info]
[wordpress-rce-simplefilelist] WordPress SimpleFilelist - Remote Code Execution
(@princechaddha) [critical]
[wordpress-rdf-user-enum] Wordpress RDF User Enumeration (@r3dg33k) [info]
[wordpress-redirection-plugin-listing] WordPress Redirection Plugin Directory
Listing (@dhiyaneshdk) [info]
[wordpress-social-metrics-tracker] Social Metrics Tracker <= 1.6.8 - Unauthorised
Data Export (@randomrobbie) [medium]
[wordpress-ssrf-oembed] Wordpress Oembed Proxy - Server-side request forgery
(@dhiyaneshdk) [medium]
[wordpress-tmm-db-migrate] WordPress ThemeMarkers DB Migration File (@dwisiswant0)
[info]
[wordpress-total-upkeep-backup-download] WordPress Total Upkeep Database and Files
Backup Download (@princechaddha) [high]
[updraftplus-pem-keys] UpdraftPlus Plugin Pem Key (@dhiyaneshdk) [info]
[wordpress-user-enum] Wordpress User Enumeration (@r3dg33k) [info]
[wordpress-woocommerce-listing] WordPress WooCommerce - Directory Search
(@dhiyaneshdk) [info]
[wordpress-wordfence-lfi] WordPress Wordfence 7.4.5 - Local File Inclusion
(@0x_akoko) [high]
[wordpress-wordfence-waf-bypass-xss] Wordpress Wordfence - Cross-Site Scripting
(@hackergautam) [medium]
[wordpress-wordfence-xss] WordPress Wordfence 7.4.6 - Cross0Site Scripting
(@madrobot) [medium]
[wordpress-xmlrpc-listmethods] Wordpress XML-RPC List System Methods (@0ut0fb4nd)
[info]
[wordpress-zebra-form-xss] Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
(@madrobot) [medium]
[wp-123contactform-plugin-listing] WordPress 123ContactForm Plugin Directory
Listing (@pussycat0x) [info]
[wp-adaptive-xss] WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting
(@dhiyaneshdk) [high]
[wp-adivaha-sqli] WordPress adivaha Travel Plugin 2.3 - SQL Injection
(@theamanrawat) [high]
[wp-adivaha-xss] WordPress Adivaha Travel Plugin 2.3 - Cross-Site Scripting
(@r3y3r53) [medium]
[wp-all-export-xss] WordPress All Export <1.3.6 - Cross-Site Scripting (@akincibor)
[medium]
[wp-altair-listing] Altair WordPress theme v4.8 - Directory Listing (@pussycat0x)
[info]
[wp-ambience-xss] WordPress Ambience Theme <=1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[wp-arforms-listing] WordPress Plugin Arforms Listing (@pussycat0x) [info]
[wp-autosuggest-sql-injection] WP AutoSuggest 0.24 - SQL Injection (@theamanrawat)
[critical]
[wp-blogroll-fun-xss] WordPress Blogroll Fun-Show Last Post and Last Update Time
0.8.4 - Cross-Site Scripting (@dhiyaneshdk) [high]
[wp-code-snippets-xss] WordPress Code Snippets - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[wp-config-setup] WordPress Setup Configuration (@princechaddha) [high]
[wp-custom-tables-xss] WordPress Custom Tables 3.4.4 - Cross-Site Scripting
(@daffainfo) [high]
[wp-ellipsis-xss] Ellipsis Human Presence Technology <= 2.0.8 - Cross Site
Scripting (@r3y3r53) [medium]
[wp-email-subscribers-listing] WordPress Plugin Email Subscribers Listing
(@pussycat0x) [low]
[wp-enabled-registration] WordPress user registration enabled (@ratnadip gajbhiye)
[info]
[wp-finder-xss] WordPress Finder - Cross-Site Scripting (@daffainfo) [high]
[wp-flagem-xss] WordPress FlagEm - Cross-Site Scripting (@daffainfo) [high]
[wp-full-path-disclosure] Wordpress - Path Disclosure (@arcc) [info]
[wp-gallery-file-upload] WordPress Plugin Gallery 3.06 - Arbitrary File Upload
(@r3y3r53) [high]
[wp-googlemp3-lfi] WordPress Plugin CodeArt Google MP3 Player - File Disclosure
Download (@theamanrawat) [critical]
[wp-grimag-open-redirect] WordPress Grimag <1.1.1 - Open Redirection (@0x_akoko)
[medium]
[wp-gtranslate-open-redirect] WordPress GTranslate <2.8.11 - Open Redirect
(@dhiyaneshdk) [medium]
[wp-haberadam-idor] WordPress Themes Haberadam JSON API - IDOR and Path Disclosure
(@pussycat0x) [low]
[wp-idx-broker-platinum-listing] WordPress Plugin Idx Broker Platinum Listing
(@pussycat0x) [info]
[wp-insert-php-xss] WordPress Woody Code Snippets <2.4.6 - Cross-Site Scripting
(@akincibor,@dhiyaneshdk) [high]
[wp-iwp-client-listing] WordPress Plugin Iwp-client Listing (@pussycat0x) [info]
[wp-javospot-lfi] WordPress Javo Spot Premium Theme - Local File Inclusion
(@0x_akoko) [high]
[wp-kadence-blocks-rce] WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary
File Upload (@theamanrawat) [critical]
[wp-knews-xss] WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site
Scripting (@daffainfo) [high]
[wp-license-file] WordPress license file disclosure (@yashgoti) [info]
[wp-mailchimp-log-exposure] WordPress Mailchimp 4 Debug Log Exposure (@aashiq)
[medium]
[wp-mega-theme] Mega Wordpress Theme - Cross site scripting (@r3y3r53) [medium]
[wp-memphis-documents-library-lfi] WordPress Memphis Document Library 3.1.5 - Local
File Inclusion (@0x_akoko) [high]
[wp-mstore-plugin-listing] Wordpress Plugin MStore API (@pussycat0x) [low]
[wp-multiple-theme-ssrf] WordPress Themes - Code Injection (@madrobot) [critical]
[wp-nextgen-xss] WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting
(@daffainfo) [high]
[wp-oxygen-theme-lfi] WordPress Oxygen-Theme - Local File Inclusion (@0x_akoko)
[high]
[wp-phpfreechat-xss] WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting
(@daffainfo) [high]
[wp-plugin-1-flashgallery-listing] WordPress 1 flash gallery listing (@pussycat0x)
[info]
[wordpress-plugins-lifterlms] WordPress Plugin lifterlms Listing (@pussycat0x)
[info]
[wordpress-plugins-ultimate-member] WordPress Plugin Ultimate Member (@pussycat0x)
[info]
[wordpress-popup-listing] WordPress Popup Plugin Directory Listing (@aashiq) [info]
[wp-portrait-archiv-xss] WordPress Portrait-Archiv.com Photostore 5.0.4 - Reflected
Cross Site Scripting (@r3y3r53) [medium]
[wp-prostore-open-redirect] WordPress ProStore <1.1.3 - Open Redirect (@0x_akoko)
[low]
[wp-qards-listing] WordPress Plugin Qards (@pussycat0x) [info]
[wp-qwiz-online-xss] Qwiz Online Quizzes And Flashcards <= 3.36 - Cross-Site
Scripting (@r3y3r53) [medium]
[wp-real-estate-xss] WordPress Real Estate 7 Theme <= 3.3.4 - Cross-Site Scripting
(@harsh) [medium]
[wp-reality-estate-theme] Reality Estate Multipurpose WP-Theme < 2.5.3 - Cross-Site
Scripting (@r3y3r53) [medium]
[wp-related-post-xss] WordPress Related Posts <= 2.1.1 - Cross Site Scripting
(@arafatansari) [medium]
[wp-securimage-xss] WordPress Securimage-WP 3.2.4 - Cross-Site Scripting
(@daffainfo) [high]
[wp-security-open-redirect] WordPress All-in-One Security <=4.4.1 - Open Redirect
(@akincibor) [medium]
[wp-sfwd-lms-listing] WordPress Plugin Sfwd-lms Listing (@pussycat0x) [info]
[wp-simple-fields-lfi] WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
(@0x240x23elu) [high]
[wp-slideshow-xss] WordPress Slideshow - Cross-Site Scripting (@daffainfo) [high]
[wp-smart-manager-sqli] Smart Manager for WooCommerce & WPeC <= 3.9.6 - SQL
Injection (@r3y3r53) [critical]
[wp-social-warfare-rce] Social Warfare <= 3.5.2 - Remote Code Execution
(@theamanrawat) [critical]
[wp-socialfit-xss] WordPress SocialFit - Cross-Site Scripting (@daffainfo) [high]
[wp-spot-premium-lfi] WordPress Javo Spot Premium Theme - Unauthenticated Directory
Traversal (@dhiyaneshdk) [high]
[wp-statistics-sqli] WordPress WP Statistics Plugin 13.0.7 - SQL Injection
(@r3y3r53) [high]
[wordpress-super-forms] WordPress super-forms Plugin Directory Listing
(@pussycat0x) [low]
[wp-superstorefinder-misconfig] Superstorefinder WP-plugin - Security
Misconfigurations (@r3y3r53) [medium]
[wp-sym404] Wordpress sym404 directory (@pussycat0x) [high]
[wp-tinymce-lfi] Tinymce Thumbnail Gallery <=1.0.7 - Local File Inclusion
(@0x_akoko) [high]
[wp-touch-redirect] WordPress WPtouch 3.7.5 - Open Redirect (@r3y3r53) [medium]
[wp-tutor-lfi] WordPress tutor 1.5.3 - Local File Inclusion (@0x240x23elu) [high]
[wp-under-construction-ssrf] Under Construction, Coming Soon & Maintenance Mode <
1.1.2 - Server Side Request Forgery (SSRF) (@akincibor) [high]
[wordpress-upload-data] wordpress-upload-data (@pussycat0x) [medium]
[wp-upward-theme-redirect] WordPress Upward Themes <1.5 - Open Redirect (@r3y3r53)
[medium]
[wp-user-enum] WordPress REST API User Enumeration
(@manas_harsh,@daffainfo,@geeknik,@dr0pd34d) [low]
[wp-vault-local-file-inclusion] WordPress Vault 0.8.6.6 - Local File Inclusion
(@0x_akoko) [high]
[wp-woocommerce-email-verification] Email Verification for WooCommerce < 1.8.2 -
Loose Comparison to Authentication Bypass (@random_robbie,@daffianfo) [critical]
[wp-woocommerce-file-download] Product Input Fields for WooCommerce < 1.2.7 -
Unauthenticated File Download (@0x_akoko) [high]
[wp-woocommerce-pdf-invoice-listing] Woocommerce - PDF Invoice Exposure
(@mohammedsaneem,@sec_hawk) [medium]
[wp-xmlrpc-pingback-detection] Wordpress XMLRPC Pingback detection (@pdteam) [info]
[wordpress-xmlrpc-file] WordPress xmlrpc (@udit_thakkur) [info]
[wp-yoast-user-enumeration] WordPress Yoast SEO Plugin - User Enumeration (@flx)
[info]
[wpdm-cache-session] Wpdm-Cache Session (@dhiyaneshdk) [medium]
[wpify-woo-czech-xss] WordPress WPify Woo Czech <3.5.7 - Cross-Site Scripting
(@akincibor) [high]
[wpml-xss] WordPress Plugin WPML Version < 4.6.1 Cross-Site Scripting (@bugvsme)
[medium]
[wpmudev-pub-keys] Wpmudev Dashboard Pub Key (@dhiyaneshdk) [medium]
[wptouch-open-redirect] WordPress WPtouch 3.x - Open Redirect (@0x_akoko) [medium]
[wptouch-xss] WordPress WPtouch <4.3.44 - Cross-Site Scripting (@akincibor)
[medium]
[zero-spam-sql-injection] WordPress Zero Spam <= 2.1.1 - Blind SQL Injection
(@theamanrawat) [critical]
[chanjet-gnremote-sqli] Changjietong Remote Communication GNRemote.dll - SQL
Injection (@sleepingbag945) [high]
[chanjet-tplus-checkmutex-sqli] Chanjet Tplus CheckMutex - SQL Injection (@unknown)
[high]
[chanjet-tplus-file-read] Chanjet TPlus DownloadProxy.aspx - Arbitrary File Read
(@sleepingbag945) [high]
[chanjet-tplus-fileupload] UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
(@sleepingbag945) [high]
[chanjet-tplus-ufida-sqli] Chanjet TPluse Ufida.T.SM.Login.UIP - SQL injection
(@sleepingbag945) [high]
[erp-nc-directory-traversal] ERP-NC - Local File Inclusion (@pikpikcu) [high]
[grp-u8-uploadfiledata] UFIDA GRP-U8 UploadFileData - Arbitrary File Upload
(@sleepingbag945) [critical]
[wooyun-path-traversal] Wooyun - Local File Inclusion (@pikpikcu) [high]
[yonyou-fe-directory-traversal] FE collaborative Office
templateOfTaohong_manager.jsp - Path Traversal (@sleepingbag945) [medium]
[yonyou-filereceiveservlet-fileupload] Yonyou NC FileReceiveServlet - Aribitrary
File Upload (@bjxsec) [critical]
[yonyou-grp-u8-xxe] Yonyou UFIDA GRP-u8 - XXE (@sleepingbag945) [critical]
[yonyou-ksoa-dept-sqli] YonYou KSOA common/dept.jsp - SQL injection (@dhiyaneshdk)
[critical]
[yonyou-nc-accept-fileupload] YonYou NC Accept Upload - Arbitray File Upload
(@sleepingbag945) [critical]
[yonyou-nc-baseapp-deserialization] Yonyou NC BaseApp UploadServlet -
Deserialization Detect (@sleepingbag945) [high]
[yonyou-nc-dispatcher-fileupload] Yonyou NC ServiceDispatcher Servlet - Arbitrary
File Upload (@sleepingbag945) [critical]
[yonyou-nc-grouptemplet-fileupload] UFIDA NC Grouptemplet Interface -
Unauthenticated File Upload (@sleepingbag945) [critical]
[yonyou-nc-info-leak] Yonyou UFIDA NC - Information Exposure (@sleepingbag945)
[medium]
[yonyou-nc-ncmessageservlet-rce] UFIDA NC NCMessageServlet - Deserialization RCE
Detection (@sleepingbag945) [critical]
[yonyou-u8-crm-fileupload] UFIDA U8-CRM getemaildata - Arbitary File Upload
(@sleepingbag945,@pussycat0x) [critical]
[yonyou-u8-crm-lfi] UFIDA U8 CRM getemaildata.php - Arbitrary File Read
(@sleepingbag945) [high]
[yonyou-u8-oa-sqli] Yonyou U8 - SQL Injection (@ritikchaddha) [critical]
[yonyou-u8-sqli] Yonyou U8 bx_historyDataCheck - SQL Injection (@xianke) [high]
[yonyou-ufida-nc-lfi] UFIDA NC Portal - Arbitrary File Read (@dhiyaneshdk) [high]
[zend-v1-xss] ZendFramework 1.12.2 - Cross-Site Scripting (@c3l3si4n) [medium]
[unauth-lfd-zhttpd] zhttpd - Local File Inclusion (@evergreencartoons) [high]
[unauth-ztp-ping] Unauthenticated ZyXEL USG ZTP - Detect (@dmartyn) [high]
[zzzcms-info-disclosure] Zzzcms 1.75 - Information Disclosure (@ritikchaddha) [low]
[zzzcms-ssrf] ZzzCMS 1.75 - Server-Side Request Forgery (@ritikchaddha) [high]
[zzzcms-xss] Zzzcms 1.75 - Cross-Site Scripting (@ritikchaddha) [medium]
[mysql-load-file] MySQL LOAD_FILE - Enable (@pussycat0x) [high]
[proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x)
[critical]
[CVE-2016-8706] Memcached Server SASL Authentication - Remote Code Execution
(@pussycat0x) [high]
[CVE-2019-9193] PostgreSQL 9.3-12.3 Authenticated Remote Code Execution
(@pussycat0x) [high]
[CVE-2020-7247] OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution (@princechaddha)
[critical]
[CVE-2023-46604] Apache ActiveMQ - Remote Code Execution
(@ice3man,@mzack9999,@pdresearch) [critical]
[CVE-2023-48795] OpenSSH Terrapin Attack - Detection (@pussycat0x) [medium]
[CVE-2024-23897] Jenkins < 2.441 - Arbitrary File Read
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[mssql-default-logins] Microsoft Sql - Default Logins (@ice3man543,@tarunkoyalwar)
[high]
[postgres-default-logins] Postgres - Default Logins (@ice3man) [high]
[redis-default-logins] Redis - Default Logins (@tarunkoyalwar) [high]
[mssql-detect] Microsoft SQL(mssql) - Detect (@ice3man543,@tarunkoyalwar) [info]
[oracle-tns-listener] Oracle TNS Listener - Detect (@pussycat0x) [info]
[samba-detect] Samba - Detection (@pussycat0x) [info]
[ssh-auth-methods] SSH Auth Methods - Detection (@ice3man543) [info]
[checkpoint-firewall-enum] Check Point Firewall - Detect (@pussycat0x) [info]
[minecraft-enum] Minecraft - enum (@pussycat0x) [info]
[mysql-info] MySQL Info - Enumeration (@pussycat0x) [info]
[mysql-show-databases] MySQL - Show Databases (@dhiyaneshdk) [high]
[mysql-show-variables] MySQL - Show Variables (@dhiyaneshdk) [high]
[mysql-user-enum] MySQL - User Enumeration (@pussycat0x) [high]
[pgsql-default-db] Postgresql Default Database - Enumeration (@pussycat0x) [high]
[pgsql-file-read] PostgreSQL File Read (@pussycat0x) [high]
[pgsql-list-database] PostgreSQL List Database (@pussycat0x) [high]
[pgsql-list-password-hashes] PostgreSQL List Password Hashes (@pussycat0x) [high]
[pgsql-list-users] PostgreSQL List Users (@pussycat0x) [high]
[pgsql-version-detect] Postgresql Version - Detect (@pussycat0x) [high]
[redis-info] Redis Info - Detect (@dhiyaneshdk) [info]
[rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
[rsync-version] Rsync Version - Detect (@dhiyaneshdk) [info]
[smb-enum-domains] SMB - Enum Domains (@dhiyaneshdk) [info]
[smb-enum] SMB - Enumeration (@pussycat0x) [info]
[smb-os-detect] SMB Operating System - Detect (@pussycat0x) [info]
[smb-version-detect] SMB Version - Detection (@pussycat0x) [info]
[smb2-capabilities] smb2-capabilities - Enumeration (@pussycat0x) [info]
[smb2-server-time] SMB2 Server Time - Detection (@dhiyaneshdk) [info]
[obsolete-ssh-version] Obsolete and less secure SSH Version (@pussycat0x) [info]
[ssh-diffie-hellman-logjam] SSH Diffie-Hellman Modulus <= 1024 Bits (@pussycat0x)
[low]
[ssh-password-auth] SSH Password-based Authentication (@princechaddha) [info]
[ssh-server-enumeration] SSH Server Software Enumeration
(@ice3man543,@tarunkoyalwar) [info]
[ssh-sha1-hmac-algo] SSH SHA-1 HMAC Algorithms Enabled (@pussycat0x) [info]
[mysql-empty-password] MySQL - Empty Password (@dhiyaneshdk) [high]
[pgsql-empty-password] Postgresql Empty Password - Detect (@pussycat0x) [critical]
[pgsql-extensions-rce] PostgreSQL 8.1 Extensions - Remote Code Execution
(@pussycat0x) [high]
[smb-anonymous-access] SMB Anonymous Access Detection (@pussycat0x) [high]
[smb-shares] SMB Shares - Enumeration (@pussycat0x) [low]
[smb-signing-not-required] SMB Signing Not Required (@pussycat0x) [medium]
[ssh-cbc-mode-ciphers] SSH Server CBC Mode Ciphers Enabled (@pussycat0x) [low]
[ssh-weak-algo-supported] SSH Weak Algorithms Supported (@pussycat0x) [medium]
[ssh-weak-mac-algo] SSH Weak MAC Algorithms Enabled (@pussycat0x) [low]
[ssh-weak-public-key] SSH Host Keys < 2048 Bits Considered Weak (@pussycat0x) [low]
[ssh-weakkey-exchange-algo] SSH Weak Key Exchange Algorithms Enabled (@pussycat0x)
[low]
[tftp-detect] TFTP Service - Detection (@pussycat0x) [info]
[backdoored-zte] ZTE Router Panel - Detect (@its0x08) [critical]
[darkcomet-trojan] DarkComet Trojan - Detect (@pussycat0x) [info]
[darktrack-rat-trojan] DarkTrack RAT Trojan - Detect (@pussycat0x) [info]
[orcus-rat-trojan] Orcus RAT Trojan - Detect (@pussycat0x) [info]
[xtremerat-trojan] XtremeRAT Trojan - Detect (@pussycat0x) [info]
[CVE-2001-1473] Deprecated SSHv1 Protocol Detection (@iamthefrogy) [high]
[CVE-2011-2523] VSFTPD 2.3.4 - Backdoor Command Execution (@pussycat0x) [critical]
[CVE-2015-3306] ProFTPd - Remote Code Execution (@pdteam) [critical]
[CVE-2016-2004] HP Data Protector - Arbitrary Command Execution (@pussycat0x)
[critical]
[CVE-2016-3510] Oracle WebLogic Server Java Object Deserialization - Remote Code
Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2017-3881] Cisco IOS 12.2(55)SE11 - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2017-5645] Apache Log4j Server - Deserialization Command Execution
(@princechaddha) [critical]
[CVE-2018-2628] Oracle WebLogic Server Deserialization - Remote Code Execution
(@milo2012) [critical]
[CVE-2018-2893] Oracle WebLogic Server - Remote Code Execution (@milo2012)
[critical]
[CVE-2020-11981] Apache Airflow <=1.10.10 - Command Injection (@pussycat0x)
[critical]
[CVE-2020-1938] Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability
(@milo2012) [critical]
[CVE-2021-44521] Apache Cassandra Load UDF RCE (@y4er) [critical]
[CVE-2022-0543] Redis Sandbox Escape - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2022-24706] CouchDB Erlang Distribution - Remote Command Execution
(@mzack9999,@pussycat0x) [critical]
[CVE-2022-31793] muhttpd <=1.1.5 - Local Inclusion (@scent2d) [high]
[CVE-2023-33246] RocketMQ <= 5.1.0 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[ftp-anonymous-login] FTP Anonymous Login (@c3l3si4n,@pussycat0x) [medium]
[ftp-weak-credentials] FTP Service - Credential Weakness (@pussycat0x) [high]
[ldap-anonymous-login] LDAP Server NULL Bind Connection Information Disclosure
(@s0obi) [medium]
[activemq-openwire-transport-detect] ActiveMQ OpenWire Transport Detection
(@pussycat0x) [info]
[aix-websm-detect] AIX WebSM - Detect (@righettod) [info]
[apache-activemq-detect] Apache ActiveMQ Detection (@pussycat0x) [info]
[aws-sftp-detect] AWS SFTP Service - Detect (@johnk3r) [info]
[axigen-mail-server-detect] Axigen Mail Server Detection (@pikpikcu) [info]
[bgp-detect] BGP Detection (@danfaizer) [info]
[bitvise-detect] SSH Bitvise Service - Detect (@abdullahisik) [info]
[bluecoat-telnet-proxy-detect] BlueCoat Telnet Proxy - Detect (@righettod) [info]
[cisco-finger-detect] Cisco Finger Daemon Detection (@pussycat0x) [low]
[clamav-detect] ClamAV Server Detect (@pussycat0x) [info]
[cql-native-transport] CQL Native Transport Detect (@pussycat0x) [info]
[detect-addpac-voip-gateway] AddPac GSM VoIP Gateway Panel - Detect (@geeknik)
[info]
[detect-jabber-xmpp] Jabber XMPP Protocol - Detect (@geeknik) [info]
[dotnet-remoting-service-detect] Microsoft .NET Remoting httpd - Detect
(@pussycat0x) [info]
[esmtp-detect] ESMTP - Detect (@pussycat0x,@userdehghani) [info]
[exim-detect] Exim - Detect (@ricardomaia,@userdehghani) [info]
[expn-mail-detect] EXPN Mail Server Detect (@r3dg33k,@userdehghani) [info]
[finger-detect] Finger Daemon Detection (@dhiyaneshdk) [info]
[gnu-inetutils-ftpd-detect] GNU Inetutils FTPd Detect (@pussycat0x) [info]
[gopher-detect] Gopher Service - Detect (@pry0cc) [info]
[ibm-d2b-database-server] IBM DB2 Database Server - Detect (@pussycat0x) [info]
[imap-detect] IMAP - Detect (@pussycat0x) [info]
[iplanet-imap-detect] iPlanet Messaging Server IMAP Protocol - Detection
(@pussycat0x) [info]
[java-rmi-detect] Java Remote Method Invocation Protocol - Detect (@f1tz) [info]
[microsoft-ftp-service] Microsoft FTP Service Detect (@pussycat0x) [info]
[mikrotik-ftp-server-detect] MikroTik FTP server Detect (@pussycat0x) [info]
[mikrotik-routeros-api] MikroTik RouterOS API - Detect (@pussycat0x) [info]
[mongodb-detect] MongoDB Service - Detect (@pdteam) [info]
[moveit-sftp-detect] MOVEit Transfer SFTP - Detect (@johnk3r) [info]
[msmq-detect] MSMQ (Microsoft Message Queuing Service) Remote - Detect (@bhutch)
[info]
[mysql-detect] MySQL - Detect (@pussycat0x) [info]
[openssh-detect] OpenSSH Service - Detect (@r3dg33k,@daffainfo,@iamthefrogy) [info]
[pgsql-detect] PostgreSQL Authentication - Detect (@nybble04,@geeknik) [info]
[pop3-detect] POP3 Protocol - Detect (@pussycat0x) [info]
[proftpd-server-detect] ProFTPD Server Detect (@pussycat0x) [info]
[rabbitmq-detect] RabbitMQ Detection (@pussycat0x) [info]
[rdp-detect] Windows Remote Desktop Protocol - Detect (@princechaddha) [info]
[redis-detect] Redis Service - Detect (@pussycat0x) [info]
[riak-detect] Riak Detection (@pussycat0x) [info]
[rpcbind-portmapper-detect] Rpcbind Portmapper - Detect (@geeknik) [info]
[rsyncd-service-detect] Rsyncd Service - Detect (@vsh00t,@geeknik) [info]
[rtsp-detect] RTSP - Detect (@pussycat0x) [info]
[sap-router] SAPRouter Detection (@randomstr1ng) [info]
[smb-detect] SMB Detection (@pussycat0x) [low]
[smtp-service-detect] SMTP Service Detection (@pussycat0x,@userdehghani) [info]
[sshd-dropbear-detect] Dropbear sshd Detection (@pussycat0x) [info]
[starttls-mail-detect] STARTTLS Mail Server Detection (@r3dg33k,@userdehghani)
[info]
[teamspeak3-detect] TeamSpeak 3 ServerQuery Detection (@pussycat0x) [info]
[telnet-detect] Telnet Detection (@pussycat0x) [info]
[totemomail-smtp-detect] Totemomail SMTP Server Detection
(@princechaddha,@userdehghani) [info]
[vmware-authentication-daemon] VMware Authentication Daemon Detection (@pussycat0x)
[info]
[vnc-service-detect] VNC Service Detection (@pussycat0x) [info]
[weblogic-iiop-detect] Weblogic IIOP Protocol Detection (@f1tz) [info]
[weblogic-t3-detect] Weblogic T3 Protocol Detection (@f1tz,@milo2012,@wdahlenb)
[info]
[wing-ftp-detect] Wing FTP Service - Detect (@ritikchaddha) [info]
[ws_ftp-ssh-detect] WS_FTP-SSH Service - Detect (@johnk3r) [info]
[xlight-ftp-service-detect] Xlight FTP Service Detect (@pussycat0x) [info]
[beanstalk-service] Beanstalk Service - Detect (@pussycat0x) [info]
[kafka-topics-list] Kafka Topics Enumeration (@pussycat0x) [info]
[mongodb-info-enum] MongoDB Information - Detect (@pussycat0x) [info]
[niagara-fox-info-enum] Niagara Fox Protocol Information Enumeration (@pussycat0x)
[info]
[psql-user-enum] PostgreSQL - User Enumeration (@pussycat0x) [low]
[smtp-commands-enum] SMTP Commands Enumeration (@pussycat0x,@userdehghani) [info]
[smtp-user-enum] SMTP User Enumeration (@pussycat0x,@userdehghani) [medium]
[cisco-smi-exposure] Cisco Smart Install Endpoints Exposure (@dwisiswant0) [medium]
[exposed-adb] Exposed Android Debug Bridge (@pdteam,@pikpikcu) [critical]
[exposed-dockerd] Docker Daemon Exposed (@arafatansari) [critical]
[exposed-redis] Redis Server - Unauthenticated Access (@pdteam) [high]
[exposed-zookeeper] Apache ZooKeeper - Unauthenticated Access (@pdteam) [high]
[adbhoney-honeypot-cnxn-detect] ADBHoney Honeypot - Detect (@unapibageek) [info]
[adbhoney-honeypot-shell-detect] ADBHoney Honeypot (shell probe) - Detect
(@unapibageek) [info]
[conpot-siemens-honeypot-detect] Conpot (Siemens) Honeypot - Detect (@unapibageek)
[info]
[cowrie-ssh-honeypot-detect] Cowrie SSH Honeypot - Detect (@unapibageek) [info]
[dionaea-ftp-honeypot-detect] Dionaea FTP Honeypot - Detect (@unapibageek) [info]
[dionaea-mqtt-honeypot-detect] Dionaea MQTT Honeypot - Detect (@unapibageek) [info]
[dionaea-mysql-honeypot-detect] Dionaea MySQL Honeypot - Detect (@unapibageek)
[info]
[dionaea-smb-honeypot-detect] Dionaea SMB Honeypot - Detect (@unapibageek) [info]
[gaspot-honeypot-detect] GasPot Honeypot - Detect (@unapibageek) [info]
[mailoney-honeypot-detect] Mailoney Honeypot - Detect (@unapibageek) [info]
[redis-honeypot-detect] Redis Honeypot - Detect (@unapibageek) [info]
[cobalt-strike-c2-jarm] Cobalt Strike C2 JARM - Detect (@pussycat0x) [info]
[covenant-c2-jarm] Covenant C2 JARM - Detect (@pussycat0x) [info]
[deimos-c2-jarm] Deimos C2 JARM - Detect (@pussycat0x) [info]
[evilginx2-jarm] EvilGinx2 JARM - Detect (@pussycat0x) [info]
[generic-c2-jarm] Generic C2 JARM - Detect (@pussycat0x) [info]
[grat-c2-jarm] Grat2 C2 JARM - Detect (@pussycat0x) [info]
[havoc-c2-jarm] Havoc C2 Jarm - Detect (@pussycat0x) [info]
[mac-c2-jarm] MacC2 JARM - Detect (@pussycat0x) [info]
[macshell-c2-jarm] Macshell C2 JARM - Detect (@pussycat0x) [info]
[merlin-c2-jarm] Merlin C2 JARM - Detect (@pussycat0x) [info]
[metasploit-c2-jarm] Metasploit C2 JARM - Detect (@pussycat0x) [info]
[mythic-c2-jarm] Mythic C2 JARM - Detect (@pussycat0x) [info]
[posh-c2-jarm] Posh C2 JARM - Detect (@pussycat0x) [info]
[shad0w-c2-jarm] Shad0w C2 JARM - Detect (@pussycat0x) [info]
[silenttrinity-c2-jarm] SILENTTRINITY C2 JARM - Detect (@pussycat0x) [info]
[sliver-c2-jarm] Sliver C2 JARM - Detect (@pussycat0x) [info]
[apache-dubbo-unauth] Apache Dubbo - Unauthenticated Access (@j4vaovo) [high]
[apache-rocketmq-broker-unauth] Apache Rocketmq Broker - Unauthenticated Access
(@j4vaovo) [high]
[clamav-unauth] ClamAV Server - Unauthenticated Access (@dwisiswant0) [high]
[clickhouse-unauth] ClickHouse - Unauthorized Access (@lu4nx) [high]
[erlang-daemon] Erlang Port Mapper Daemon (@pussycat0x) [low]
[ganglia-xml-grid-monitor] Ganglia XML Grid Monitor (@geeknik) [low]
[memcached-stats] Memcached stats disclosure (@pdteam) [low]
[mongodb-unauth] MongoDB - Unauthenticated Access (@pdteam) [high]
[mysql-native-password] MySQL - Password Vulnerability (@iamthefrogy) [info]
[printers-info-leak] Unauthorized Printer Access (@pussycat0x) [info]
[sap-router-info-leak] SAPRouter - Routing information leak (@randomstr1ng)
[critical]
[tidb-native-password] TiDB - Password Vulnerability (@lu4nx) [info]
[tidb-unauth] TiDB - Unauthenticated Access (@lu4nx) [high]
[unauth-psql] PostgreSQL - Unauthenticated Access (@pussycat0x) [high]
[clockwatch-enterprise-rce] ClockWatch Enterprise - Remote Code Execution (@gy741)
[critical]
[CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@david botelho
mariano) [critical]
[asyncrat-c2] AsyncRAT C2 - Detect (@johnk3r) [info]
[bitrat-c2] Bitrat C2 - Detect (@pussycat0x) [info]
[cobalt-strike-c2] Cobalt Strike C2 - Detect (@pussycat0x) [info]
[covenant-c2-ssl] Covenant C2 SSL - Detect (@pussycat0x) [info]
[dcrat-server-c2] DcRat Server C2 - Detect (@pussycat0x) [info]
[gozi-malware-c2] Gozi Malware C2 - Detect (@pussycat0x) [info]
[havoc-c2] Havoc C2 - Detect (@pussycat0x) [info]
[icedid] IcedID Infrastructure - Detect (@pussycat0x) [info]
[metasploit-c2] Metasploit C2 - Detect (@pussycat0x) [info]
[mythic-c2-ssl] Mythic C2 SSL - Detect (@johnk3r) [info]
[orcus-rat-c2] OrcusRAT - Detect (@pussycat0x) [info]
[posh-c2] Posh C2 - Detect (@pussycat0x) [info]
[quasar-rat-c2] Quasar RAT C2 SSL Certificate - Detect
(@johnk3r,@pussycat0x,@adilsoybali) [info]
[shadowpad-c2] ShadowPad C2 Infrastructure - Detect (@pussycat0x) [info]
[sliver-c2] Sliver C2 - Detect (@johnk3r) [info]
[venomrat] VenomRAT - Detect (@pussycat0x) [info]
[deprecated-tls] Deprecated TLS Detection (@righettod,@forgedhallpass) [info]
[ssl-issuer] Detect SSL Certificate Issuer (@lingtren) [info]
[expired-ssl] Expired SSL Certificate (@pdteam) [low]
[insecure-cipher-suite-detect] Insecure Cipher Suite Detection (@pussycat0x) [info]
[kubernetes-fake-certificate] Kubernetes Fake Ingress Certificate - Detect
(@kchason) [low]
[mismatched-ssl-certificate] Mismatched SSL Certificate (@pdteam) [low]
[revoked-ssl-certificate] Revoked SSL Certificate - Detect (@pussycat0x) [low]
[self-signed-ssl] Self Signed SSL Certificate (@righettod,@pdteam) [low]
[ssl-dns-names] SSL DNS Names (@pdteam) [info]
[tls-version] TLS Version - Detect (@pdteam,@pussycat0x) [info]
[untrusted-root-certificate] Untrusted Root Certificate - Detect (@pussycat0x)
[low]
[weak-cipher-suites] Weak Cipher Suites Detection (@pussycat0x) [low]
[wildcard-tls] Wildcard TLS Certificate (@lucky0x0d) [info]
[INF] Templates clustered: 1546 (Reduced 1455 Requests)
[dns-saas-service-detection:amazon-cloudfront] [dns] [info] cdnr.nykaa.com
["d2ri1wq4phekpt.cloudfront.net"]
[caa-fingerprint] [dns] [info] cdnr.nykaa.com
[nameserver-fingerprint] [dns] [info] cdnr.nykaa.com ["ns-1028.awsdns-00.org.","ns-
1976.awsdns-55.co.uk.","ns-457.awsdns-57.com.","ns-536.awsdns-03.net."]
[INF] Using Interactsh Server: oast.online
[tls-version] [ssl] [info] cdnr.nykaa.com:443 ["tls12"]
[tls-version] [ssl] [info] cdnr.nykaa.com:443 ["tls13"]
[aws-cloudfront-service] [http] [info] https://cdnr.nykaa.com/
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:cross-origin-opener-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:cross-origin-resource-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:content-security-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:permissions-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:referrer-policy] [http] [info]
https://cdnr.nykaa.com/
[http-missing-security-headers:clear-site-data] [http] [info]
https://cdnr.nykaa.com/
[aws-detect:aws-cloudfront] [http] [info] https://cdnr.nykaa.com/
[magento-version-detect:magento-1.8] [http] [info]
https://cdnr.nykaa.com/skin/frontend/default/default/css/styles.css
[waf-detect:cloudfront] [http] [info] https://cdnr.nykaa.com/
[ssl-issuer] [ssl] [info] cdnr.nykaa.com:443 ["Amazon"]
[ssl-dns-names] [ssl] [info] cdnr.nykaa.com:443 ["*.nykaa.com"]
[wildcard-tls] [ssl] [info] cdnr.nykaa.com:443 ["CN: *.nykaa.com","SAN:
[*.nykaa.com]"]
┌─[parrot@parrot]─[~]
└──╼ $
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.8
projectdiscovery.io
[INF] Current nuclei version: v3.2.8 (outdated)
[INF] Current nuclei-templates version: v9.8.9 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 1
[INF] Templates loaded for current scan: 4382
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Executing 4381 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[azure-takeover-detection] Microsoft Azure Takeover Detection (@pdteam) [high]
[elasticbeanstalk-takeover] ElasticBeanstalk Subdomain Takeover Detection
(@philippedelteil,@rotemreiss,@zy9ard3,@joaonevess) [high]
[adb-backup-enabled] ADB Backup Enabled (@gaurang) [low]
[improper-certificate-validation] Android Improper Certificate Validation - Detect
(@gaurang) [medium]
[android-debug-enabled] Android Debug Enabled (@gaurang) [low]
[insecure-provider-path] Android Insecure Provider Path - Detect (@gaurang)
[medium]
[webview-universal-access] Android WebView Universal Access - Detect (@gaurang)
[medium]
[node-integration-enabled] Electron Applications - Cross-Site Scripting & Remote
Code Execution (@me9187) [critical]
[amazon-mws-auth-token-value] Amazon MWS Authentication Token - Detect (@gaurang)
[medium]
[cloudinary-basic-auth] Cloudinary Basic Authorization - Detect (@gaurang) [high]
[basic-auth-creds] Basic Authorization Credentials Check (@gaurang) [high]
[dynatrace-token] Dynatrace Token - Detect (@gaurang) [high]
[facebook-secret-key] Facebook Secret Key - Detect (@gaurang) [low]
[fcm-api-key] Firebase Cloud Messaging Token (@devang-solanki) [medium]
[gcp-service-account] Google (GCP) Service-account (@gaurang) [low]
[github-app-token] Github App Token (@tanq16,@dhiyaneshdk) [medium]
[github-oauth-token] Github OAuth Access Token (@tanq16) [high]
[github-personal-token] Github Personal Token (@geeknik) [high]
[github-refresh-token] Github Refresh Token (@tanq16) [high]
[linkedin-id] Linkedin Client ID (@gaurang) [low]
[mailchimp-api-key] Mailchimp API Key (@gaurang) [high]
[mailgun-api-key] Mailgun API Key (@gaurang) [high]
[mapbox-token] Mapbox Token (@devang-solanki) [medium]
[paypal-braintree-token] Paypal Braintree Access Token (@gaurang) [high]
[pictatic-api-key] Pictatic API Key (@gaurang) [high]
[private-key] Private Key Detect (@gaurang,@geeknik) [high]
[razorpay-client-id] Razorpay Client ID (@devang-solanki) [high]
[sendgrid-api-key-file] Sendgrid API Key (@gaurang) [high]
[shopify-custom-token] Shopify Custom App Access Token (@gaurang) [high]
[shopify-private-token] Shopify Private App Access Token (@gaurang) [high]
[shopify-shared-secret] Shopify Shared Secret (@gaurang) [high]
[shopify-access-token] Shopify Access Token (@gaurang) [high]
[slack-api] Slack API Key (@gaurang) [high]
[slack-webhook] Slack Webhook (@gaurang) [high]
[square-access-token] Square Access Token (@gaurang,@daffainfo) [high]
[square-oauth-secret] Square OAuth Secret (@gaurang) [high]
[stackhawk-api-key] StackHawk API Key (@hazana) [medium]
[stripe-api-key] Stripe API Key (@gaurang) [high]
[twilio-api] Twilio API Key (@gaurang) [high]
[zapier-webhook] Zapier Webhook (@devang-solanki) [high]
[django-framework-exceptions] Django Framework Exceptions (@geeknik) [medium]
[python-app-sql-exceptions] Python App - SQL Exception (@geeknik) [medium]
[ruby-on-rails-framework-exceptions] Ruby on Rails Framework Exceptions (@geeknik)
[medium]
[spring-framework-exceptions] Spring Framework Exceptions (@geeknik) [medium]
[suspicious-sql-error-messages] SQL - Error Messages (@geeknik) [critical]
[asp-webshell] ASP/ASP.NET Webshell - Detect (@lu4nx) [high]
[jsp-webshell] JSP Webshell - Detect (@lu4nx) [high]
[php-webshell] PHP Webshell - Detect (@lu4nx) [high]
[dom-invader-xss] DOM Invader - Cross-Site Scripting (@geeknik) [high]
[CNVD-2017-03561] Fanwei eMobile - OGNL Injection (@ritikchaddha) [high]
[CNVD-2017-06001] Dahua DSS - SQL Injection (@napgh0st,@ritikchaddha) [high]
[CNVD-2018-13393] Metinfo - Local File Inclusion (@ritikchaddha) [high]
[CNVD-2019-01348] Xiuno BBS CNVD-2019-01348 (@princechaddha) [high]
[CNVD-2019-06255] CatfishCMS - Remote Command Execution (@lark-lab) [critical]
[CNVD-2019-19299] Zhiyuan A8 - Remote Code Execution (@daffainfo) [critical]
[CNVD-2019-32204] Fanwei e-cology <=9.0 - Remote Code Execution (@daffainfo)
[critical]
[CNVD-2020-23735] Xxunchi CMS - Local File Inclusion (@princechaddha) [high]
[CNVD-2020-26585] Showdoc <2.8.6 - File Uploads (@pikpikcu,@co5mos) [critical]
[CNVD-2020-46552] Sangfor EDR - Remote Code Execution (@ritikchaddha) [critical]
[CNVD-2020-56167] Ruijie Smartweb - Default Password (@pikpikcu) [low]
[CNVD-2020-62422] Seeyon - Local File Inclusion (@pikpikcu) [medium]
[CNVD-2020-63964] jshERP - Information Disclosure (@brucelsone) [high]
[CNVD-2020-67113] H5S CONSOLE - Unauthorized Access (@ritikchaddha) [medium]
[CNVD-2020-68596] WeiPHP 5.0 - Path Traversal (@pikpikcu) [high]
[CNVD-2021-01931] Ruoyi Management System - Local File Inclusion
(@daffainfo,@ritikchaddha) [high]
[CNVD-2021-09650] Ruijie Networks-EWEB Network Management System - Remote Code
Execution (@daffainfo,@pikpikcu) [critical]
[CNVD-2021-10543] EEA - Information Disclosure (@pikpikcu) [high]
[CNVD-2021-14536] Ruijie RG-UAC Unified Internet Behavior Management Audit System -
Information Disclosure (@daffainfo) [high]
[CNVD-2021-15822] ShopXO Download File Read (@pikpikcu) [high]
[CNVD-2021-15824] EmpireCMS DOM Cross Site-Scripting (@daffainfo) [high]
[CNVD-2021-17369] Ruijie Smartweb Management System Password Information Disclosure
(@pikpikcu) [high]
[CNVD-2021-26422] eYouMail - Remote Code Execution (@daffainfo) [critical]
[CNVD-2021-28277] Landray-OA - Local File Inclusion (@pikpikcu,@daffainfo) [high]
[CNVD-2021-30167] UFIDA NC BeanShell Remote Command Execution (@pikpikcu)
[critical]
[CNVD-2021-32799] 360 Xintianqing - SQL Injection (@sleepingbag945) [high]
[CNVD-2021-33202] OA E-Cology LoginSSO.jsp - SQL Injection (@sleepingbag945) [high]
[CNVD-2021-41972] AceNet AceReporter Report - Arbitrary File Download
(@dhiyaneshdk) [high]
[CNVD-2021-43984] MPSec ISG1000 Security Gateway - Arbitrary File Download
(@dhiyaneshdk) [high]
[CNVD-2021-49104] Pan Micro E-office File Uploads (@pikpikcu) [critical]
[CNVD-2022-03672] Sunflower Simple and Personal - Remote Code Execution
(@daffainfo) [critical]
[CNVD-2022-42853] ZenTao CMS - SQL Injection (@ling) [critical]
[CNVD-2022-43245] Weaver OA XmlRpcServlet - Arbitary File Read (@sleepingbag945)
[high]
[CNVD-2022-86535] ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE)
(@arliya,@ritikchaddha) [high]
[CNVD-2023-08743] Hongjing Human Resource Management System - SQL Injection
(@sleepingbag945) [critical]
[CNVD-2023-12632] E-Cology V9 - SQL Injection (@daffainfo) [high]
[CNVD-2023-96945] McVie Safety Digital Management Platform - Arbitrary File Upload
(@dhiyaneshdk) [high]
[CNVD-C-2023-76801] UFIDA NC uapjs - RCE vulnerability (@sleepingbag945) [critical]
[CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution
(@pussycat0x) [high]
[atechmedia-codebase-login-check] Atechmedia/Codebase Login Check
(@parthmalhotra,@pdresearch) [critical]
[atlassian-login-check] Atlassian Login Check (@parthmalhotra,@pdresearch)
[critical]
[avnil-pdf-generator-check] useanvil.com Login Check (@parthmalhotra,@pdresearch)
[critical]
[chefio-login-check] Chef.io Login Check (@parthmalhotra,@pdresearch) [critical]
[codepen-login-check] codepen.io Login Check (@parthmalhotra,@pdresearch)
[critical]
[datadog-login-check] Datadog Login Check (@parthmalhotra,@pdresearch) [critical]
[docker-hub-login-check] Docker Hub Login Check (@parthmalhotra,@pdresearch)
[critical]
[gitea-login-check] gitea.com Login Check (@parthmalhotra,@pdresearch) [critical]
[github-login-check] Github Login Check (@parthmalhotra,@pdresearch) [critical]
[postman-login-check] Postman Login Check (@parthmalhotra,@pdresearch) [critical]
[pulmi-login-check] pulmi.com Login Check (@parthmalhotra,@pdresearch) [critical]
[gitlab-login-check-self-hosted] Gitlab Login Check Self Hosted
(@parthmalhotra,@pdresearch) [critical]
[grafana-login-check] Grafana Login Check (@parthmalhotra,@pdresearch) [critical]
[jira-login-check] Jira Login Check (@parthmalhotra,@pdresearch) [critical]
[CVE-2000-0114] Microsoft FrontPage Extensions Check (shtml.dll) (@r3naissance)
[medium]
[CVE-2001-0537] Cisco IOS HTTP Configuration - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2002-1131] SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[CVE-2004-0519] SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2004-1965] Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
(@ctflearner) [medium]
[CVE-2005-2428] Lotus Domino R5 and R6 WebMail - Information Disclosure (@caspergn)
[medium]
[CVE-2005-3344] Horde Groupware Unauthenticated Admin Access (@pikpikcu) [critical]
[CVE-2005-3634] SAP Web Application Server 6.x/7.0 - Open Redirect (@ctflearner)
[medium]
[CVE-2005-4385] Cofax <=2.0RC3 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2006-2842] Squirrelmail <=1.4.6 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2007-0885] Jira Rainbow.Zen - Cross-Site Scripting (@geeknik) [medium]
[CVE-2007-3010] Alcatel-Lucent OmniPCX - Remote Command Execution (@king-alexander)
[critical]
[CVE-2007-4504] Joomla! RSfiles <=1.0.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2007-4556] OpenSymphony XWork/Apache Struts2 - Remote Code Execution
(@pikpikcu) [medium]
[CVE-2007-5728] phpPgAdmin <=4.1.1 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2008-1059] WordPress Sniplets 1.1.2 - Local File Inclusion (@dhiyaneshdk)
[high]
[CVE-2008-1061] WordPress Sniplets <=1.2.2 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2008-1547] Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
(@ctflearner) [medium]
[CVE-2008-2398] AppServ Open Project <=2.5.10 - Cross-Site Scripting (@unstabl3)
[medium]
[CVE-2008-2650] CMSimple 3.1 - Local File Inclusion (@pussycat0x) [medium]
[CVE-2008-4668] Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion (@daffainfo)
[critical]
[CVE-2008-4764] Joomla! <=2.0.0 RC2 - Local File Inclusion (@daffainfo) [medium]
[CVE-2008-5587] phpPgAdmin <=4.2.1 - Local File Inclusion (@dhiyaneshdk) [medium]
[CVE-2008-6080] Joomla! ionFiles 4.4.2 - Local File Inclusion (@daffainfo) [medium]
[CVE-2008-6172] Joomla! Component RWCards 3.0.11 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2008-6222] Joomla! ProDesk 1.0/1.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2008-6465] Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2008-6668] nweb2fax <=0.2.7 - Local File Inclusion (@geeknik) [medium]
[CVE-2008-6982] Devalcms 1.4a - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2008-7269] UC Gateway Investment SiteEngine v5.0 - Open Redirect (@ctflearner)
[medium]
[CVE-2009-0347] Autonomy Ultraseek - Open Redirect (@ctflearner) [medium]
[CVE-2009-0545] ZeroShell <= 1.0beta11 Remote Code Execution (@geeknik) [critical]
[CVE-2009-0932] Horde/Horde Groupware - Local File Inclusion (@pikpikcu) [medium]
[CVE-2009-1151] PhpMyAdmin Scripts - Remote Code Execution (@princechaddha) [high]
[CVE-2009-1496] Joomla! Cmimarketplace 0.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2009-1558] Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-1872] Adobe Coldfusion <=8.0.1 - Cross-Site Scripting (@princechaddha)
[medium]
[CVE-2009-2015] Joomla! MooFAQ 1.0 - Local File Inclusion (@daffainfo) [high]
[CVE-2009-2100] Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2009-3053] Joomla! Agora 3.0.0b - Local File Inclusion (@daffainfo) [medium]
[CVE-2009-3318] Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-4202] Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
(@daffainfo) [high]
[CVE-2009-4223] KR-Web <=1.1b2 - Remote File Inclusion (@geeknik) [high]
[CVE-2009-4679] Joomla! Portfolio Nexus - Remote File Inclusion (@daffainfo) [high]
[CVE-2009-5020] AWStats < 6.95 - Open Redirect (@pdteam) [medium]
[CVE-2009-5114] WebGlimpse 2.18.7 - Directory Traversal (@daffainfo) [medium]
[CVE-2010-0157] Joomla! Component com_biblestudy - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0219] Apache Axis2 Default Login (@pikpikcu) [critical]
[CVE-2010-0467] Joomla! Component CCNewsLetter - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-0696] Joomla! Component Jw_allVideos - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-0759] Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0942] Joomla! Component com_jvideodirect - Directory Traversal
(@daffainfo) [medium]
[CVE-2010-0943] Joomla! Component com_jashowcase - Directory Traversal (@daffainfo)
[medium]
[CVE-2010-0944] Joomla! Component com_jcollection - Directory Traversal
(@daffainfo) [medium]
[CVE-2010-0972] Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-0982] Joomla! Component com_cartweberp - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-0985] Joomla! Component com_abbrev - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1056] Joomla! Component com_rokdownloads - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1081] Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1217] Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1219] Joomla! Component com_janews - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1302] Joomla! Component DW Graph - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1304] Joomla! Component User Status - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1305] Joomla! Component JInventory 1.23.02 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1306] Joomla! Component Picasa 2.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1307] Joomla! Component Magic Updater - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1308] Joomla! Component SVMap 1.1.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1312] Joomla! Component News Portal 1.5.x - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1313] Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1314] Joomla! Component Highslide 1.5 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1315] Joomla! Component webERPcustomer - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1340] Joomla! Component com_jresearch - 'Controller' Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1345] Joomla! Component Cookex Agency CKForms - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1352] Joomla! Component Juke Box 1.7 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1353] Joomla! Component LoginBox - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1354] Joomla! Component VJDEO 1.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1429] Red Hat JBoss Enterprise Application Platform - Sensitive
Information Disclosure (@r12w4n) [medium]
[CVE-2010-1461] Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1469] Joomla! Component JProject Manager 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1470] Joomla! Component Web TV 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1471] Joomla! Component Address Book 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1472] Joomla! Component Horoscope 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1473] Joomla! Component Advertising 0.25 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1474] Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1475] Joomla! Component Preventive And Reservation 1.0.5 - Local File
Inclusion (@daffainfo) [medium]
[CVE-2010-1476] Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1478] Joomla! Component Jfeedback 1.2 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1491] Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1494] Joomla! Component AWDwall 1.5.4 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1495] Joomla! Component Matamko 1.01 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1531] Joomla! Component redSHOP 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1532] Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1533] Joomla! Component TweetLA 1.0.1 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1534] Joomla! Component Shoutbox Pro - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1535] Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1540] Joomla! Component com_blog - Directory Traversal (@daffainfo)
[medium]
[CVE-2010-1586] HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
(@ctflearner) [medium]
[CVE-2010-1601] Joomla! Component JA Comment - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1602] Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1603] Joomla! Component ZiMBCore 0.1 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1607] Joomla! Component WMI 1.5.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1653] Joomla! Component Graphics 1.0.6 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1657] Joomla! Component SmartSite 1.0.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1658] Joomla! Component NoticeBoard 1.3 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1659] Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1714] Joomla! Component Arcade Games 1.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1715] Joomla! Component Online Exam 1.5.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1717] Joomla! Component iF surfALERT 1.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1718] Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1719] Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1722] Joomla! Component Online Market 2.x - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1723] Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local
File Inclusion (@daffainfo) [medium]
[CVE-2010-1858] Joomla! Component SMEStorage - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1870] ListSERV Maestro <= 9.0-8 RCE (@b0yd) [medium]
[CVE-2010-1875] Joomla! Component Property - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1878] Joomla! Component OrgChart 1.0.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1952] Joomla! Component BeeHeard 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-1953] Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1954] Joomla! Component iNetLanka Multiple root 1.0 - Local File
Inclusion (@daffainfo) [high]
[CVE-2010-1955] Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1956] Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1957] Joomla! Component Love Factory 1.3.4 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1977] Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1979] Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-1980] Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-1981] Joomla! Component Fabrik 2.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1982] Joomla! Component JA Voice 2.0 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-1983] Joomla! Component redTWITTER 1.0 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2033] Joomla! Percha Categories Tree 0.6 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2034] Joomla! Component Percha Image Attach 1.1 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2035] Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2036] Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2037] Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
(@daffainfo) [high]
[CVE-2010-2045] Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2050] Joomla! Component MS Comment 0.8.0b - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2122] Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-2128] Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2259] Joomla! Component com_bfsurvey - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-2307] Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM
- Directory Traversal (@daffainfo) [medium]
[CVE-2010-2507] Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-2680] Joomla! Component jesectionfinder - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-2682] Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-2857] Joomla! Component Music Manager - Local File Inclusion (@daffainfo)
[medium]
[CVE-2010-2861] Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI (@pikpikcu) [high]
[CVE-2010-2918] Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File
Inclusion (@daffainfo) [high]
[CVE-2010-2920] Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-3203] Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
(@daffainfo) [medium]
[CVE-2010-3426] Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
(@daffainfo) [high]
[CVE-2010-4231] Camtron CMNC-200 IP Camera - Directory Traversal (@daffainfo)
[high]
[CVE-2010-4239] Tiki Wiki CMS Groupware 5.2 - Local File Inclusion (@0x_akoko)
[critical]
[CVE-2010-4282] phpShowtime 2.0 - Directory Traversal (@daffainfo) [high]
[CVE-2010-4617] Joomla! Component JotLoader 2.2.1 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2010-4719] Joomla! Component JRadio - Local File Inclusion (@daffainfo) [high]
[CVE-2010-4769] Joomla! Component Jimtawl 1.0.2 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-4977] Joomla! Component Canteen 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-5028] Joomla! Component JE Job 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2010-5278] MODx manager - Local File Inclusion (@daffainfo) [medium]
[CVE-2010-5286] Joomla! Component Jstore - 'Controller' Local File Inclusion
(@daffainfo) [critical]
[CVE-2011-0049] Majordomo2 - SMTP/HTTP Directory Traversal (@pikpikcu) [medium]
[CVE-2011-1669] WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) (@daffainfo)
[medium]
[CVE-2011-2744] Chyrp 2.x - Local File Inclusion (@daffainfo) [medium]
[CVE-2011-2780] Chyrp 2.x - Local File Inclusion (@daffainfo) [medium]
[CVE-2011-3315] Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
(@daffainfo) [high]
[CVE-2011-4336] Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2011-4618] Advanced Text Widget < 2.0.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2011-4624] GRAND FlAGallery 1.57 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-4640] WebTitan < 3.60 - Local File Inclusion (@ctflearner) [medium]
[CVE-2011-4804] Joomla! Component com_kp - 'Controller' Local File Inclusion
(@daffainfo) [medium]
[CVE-2011-4926] Adminimize 1.7.22 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-5106] WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2011-5107] Alert Before Your Post <= 0.1.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2011-5179] Skysa App Bar 1.04 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2011-5181] ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2011-5252] Orchard 'ReturnUrl' Parameter URI - Open Redirect (@ctflearner)
[medium]
[CVE-2011-5265] Featurific For WordPress 1.6.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-0392] Apache Struts2 S2-008 RCE (@pikpikcu) [medium]
[CVE-2012-0394] Apache Struts <2.3.1.1 - Remote Code Execution (@tess) [medium]
[CVE-2012-0896] Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary
File Access (@daffainfo) [medium]
[CVE-2012-0901] YouSayToo auto-publishing 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-0981] phpShowtime 2.0 - Directory Traversal (@daffainfo) [medium]
[CVE-2012-0991] OpenEMR 4.1 - Local File Inclusion (@daffainfo) [low]
[CVE-2012-0996] 11in1 CMS 1.2.1 - Local File Inclusion (LFI) (@daffainfo) [medium]
[CVE-2012-1226] Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal
Vulnerabilities (@daffainfo) [high]
[CVE-2012-1823] PHP CGI v5.3.12/5.4.2 Remote Code Execution (@pikpikcu) [high]
[CVE-2012-1835] WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2012-2371] WP-FaceThumb 0.1 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2012-3153] Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) (@sid
ahmed malaoui @ realistic security) [medium]
[CVE-2012-4032] WebsitePanel before v1.2.2.1 - Open Redirect (@ctflearner) [medium]
[CVE-2012-4242] WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4253] MySQLDumper 1.24.4 - Directory Traversal (@daffainfo) [medium]
[CVE-2012-4273] 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4547] AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2012-4768] WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4878] FlatnuX CMS - Directory Traversal (@daffainfo) [medium]
[CVE-2012-4889] ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2012-4940] Axigen Mail Server Filename Directory Traversal (@dhiyaneshdk)
[medium]
[CVE-2012-4982] Forescout CounterACT 6.3.4.1 - Open Redirect (@ctflearner) [medium]
[CVE-2012-5321] TikiWiki CMS Groupware v8.3 - Open Redirect (@ctflearner) [medium]
[CVE-2012-5913] WordPress Integrator 1.32 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2012-6499] WordPress Plugin Age Verification v0.4 - Open Redirect
(@ctflearner) [medium]
[CVE-2013-1965] Apache Struts2 S2-012 RCE (@pikpikcu) [critical]
[CVE-2013-2248] Apache Struts - Multiple Open Redirection Vulnerabilities
(@0x_akoko) [medium]
[CVE-2013-2251] Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
(@exploitation,@dwisiswant0,@alex) [critical]
[CVE-2013-2287] WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2013-2621] Telaen => v1.3.1 - Open Redirect (@ctflearner) [medium]
[CVE-2013-3526] WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2013-3827] Javafaces LFI (@random-robbie) [medium]
[CVE-2013-4117] WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2013-4625] WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2013-5528] Cisco Unified Communications Manager 7/8/9 - Directory Traversal
(@daffainfo) [medium]
[CVE-2013-5979] Xibo 1.2.2/1.4.1 - Directory Traversal (@daffainfo) [medium]
[CVE-2013-6281] WordPress Spreadsheet - Cross-Site Scripting (@random-robbie)
[medium]
[CVE-2013-7091] Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
(@rubina119) [medium]
[CVE-2013-7240] WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
(@daffainfo) [medium]
[CVE-2013-7285] XStream <1.4.6/1.4.10 - Remote Code Execution (@pwnhxl,@vicrack)
[critical]
[CVE-2014-10037] DomPHP 0.83 - Directory Traversal (@daffainfo) [high]
[CVE-2014-1203] Eyou E-Mail <3.6 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2014-2321] ZTE Cable Modem Web Shell (@geeknik) [critical]
[CVE-2014-2323] Lighttpd 1.4.34 SQL Injection and Path Traversal (@geeknik)
[critical]
[CVE-2014-2383] Dompdf < v0.6.0 - Local File Inclusion
(@0x_akoko,@akincibor,@ritikchaddha) [medium]
[CVE-2014-2908] Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-2962] Belkin N150 Router 1.00.08/1.00.09 - Path Traversal (@daffainfo)
[high]
[CVE-2014-3120] ElasticSearch v1.1.1/1.2 RCE (@pikpikcu) [medium]
[CVE-2014-3206] Seagate BlackArmor NAS - Command Injection (@gy741) [critical]
[CVE-2014-3704] Drupal SQL Injection (@princechaddha) [high]
[CVE-2014-3744] Node.js st module Directory Traversal (@geeknik) [high]
[CVE-2014-4210] Oracle Weblogic - Server-Side Request Forgery (@princechaddha)
[medium]
[CVE-2014-4513] ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2014-4535] Import Legacy Media <= 0.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4536] Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2014-4539] Movies <= 0.6 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4544] Podcast Channels < 0.28 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4550] Shortcode Ninja <= 1.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4558] WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4561] Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-4592] WP Planet <= 0.1 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-4940] WordPress Plugin Tera Charts - Local File Inclusion (@daffainfo)
[medium]
[CVE-2014-4942] WordPress EasyCart <2.0.6 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2014-5111] Fonality trixbox - Local File Inclusion (@daffainfo) [medium]
[CVE-2014-5258] webEdition 6.3.8.0 - Directory Traversal (@daffainfo) [medium]
[CVE-2014-5368] WordPress Plugin WP Content Source Control - Directory Traversal
(@daffainfo) [medium]
[CVE-2014-6271] ShellShock - Remote Code Execution (@pentest_swissky,@0xelkomy)
[critical]
[CVE-2014-6287] HTTP File Server <2.3c - Remote Command Execution (@j4vaovo)
[critical]
[CVE-2014-6308] Osclass Security Advisory 3.4.1 - Local File Inclusion (@daffainfo)
[medium]
[CVE-2014-8676] Simple Online Planning Tool <1.3.2 - Local File Inclusion
(@0x_akoko) [medium]
[CVE-2014-8682] Gogs (Go Git Service) - SQL Injection (@dhiyaneshdk,@daffainfo)
[high]
[CVE-2014-8799] WordPress Plugin DukaPress 2.5.2 - Directory Traversal (@daffainfo)
[medium]
[CVE-2014-9094] WordPress DZS-VideoGallery Plugin Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-9119] WordPress DB Backup <=4.5 - Local File Inclusion (@dhiyaneshdk)
[medium]
[CVE-2014-9180] Eleanor CMS - Open Redirect (@shankar acharya) [medium]
[CVE-2014-9444] Frontend Uploader <= 0.9.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2014-9606] Netsweeper 4.0.8 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9607] Netsweeper 4.0.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9608] Netsweeper 4.0.3 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9609] Netsweeper 4.0.8 - Directory Traversal (@daffainfo) [medium]
[CVE-2014-9614] Netsweeper 4.0.5 - Default Weak Account (@daffainfo) [critical]
[CVE-2014-9615] Netsweeper 4.0.4 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2014-9617] Netsweeper 3.0.6 - Open Redirection (@daffainfo) [medium]
[CVE-2014-9618] Netsweeper - Authentication Bypass (@daffainfo) [critical]
[CVE-2015-0554] ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information
Disclosure (@daffainfo) [critical]
[CVE-2015-1000005] WordPress Candidate Application Form <= 1.3 - Local File
Inclusion (@dhiyaneshdk) [high]
[CVE-2015-1000010] WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
(@dhiyaneshdk) [high]
[CVE-2015-1000012] WordPress MyPixs <=0.3 - Local File Inclusion (@daffainfo)
[high]
[CVE-2015-1427] ElasticSearch - Remote Code Execution (@pikpikcu) [high]
[CVE-2015-1503] IceWarp Mail Server <11.1.1 - Directory Traversal (@0x_akoko)
[high]
[CVE-2015-1579] WordPress Slider Revolution - Local File Disclosure (@pussycat0x)
[medium]
[CVE-2015-1635] Microsoft Windows 'HTTP.sys' - Remote Code Execution (@phillipo)
[critical]
[CVE-2015-1880] Fortinet FortiOS <=5.2.3 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2015-20067] WP Attachment Export < 0.2.4 - Unrestricted File Download
(@r3y3r53) [high]
[CVE-2015-2067] Magento Server MAGMI - Directory Traversal (@daffainfo) [medium]
[CVE-2015-2068] Magento Server Mass Importer - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-2080] Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
(@pikpikcu) [high]
[CVE-2015-2166] Ericsson Drutt MSDP - Local File Inclusion (@daffainfo) [medium]
[CVE-2015-2196] WordPress Spider Calendar <=1.4.9 - SQL Injection (@theamanrawat)
[high]
[CVE-2015-2755] WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2015-2794] DotNetNuke 07.04.00 - Administration Authentication Bypass (@0xr2r)
[critical]
[CVE-2015-2807] Navis DocumentCloud <0.1.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-2863] Kaseya Virtual System Administrator - Open Redirect
(@0x_akoko,@amirhossein raeisi) [medium]
[CVE-2015-2996] SysAid Help Desk <15.2 - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-3035] TP-LINK - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-3224] Ruby on Rails Web Console - Remote Code Execution (@pdteam)
[medium]
[CVE-2015-3337] Elasticsearch - Local File Inclusion (@pdteam) [medium]
[CVE-2015-3648] ResourceSpace - Local File inclusion (@pikpikcu) [high]
[CVE-2015-3897] Bonita BPM Portal <6.5.3 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-4050] Symfony - Authentication Bypass (@elsfa7110,@meme-lord) [medium]
[CVE-2015-4062] WordPress NewStatPress 0.9.8 - SQL Injection (@r3y3r53) [medium]
[CVE-2015-4063] NewStatPress <0.9.9 - Cross-Site Scripting (@r3y3r53) [low]
[CVE-2015-4074] Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2015-4127] WordPress Church Admin <0.810 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-4414] WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
(@daffainfo) [medium]
[CVE-2015-4455] WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0
Beta - Arbitrary File Upload (@mastercho) [critical]
[CVE-2015-4632] Koha 3.20.1 - Directory Traversal (@daffainfo) [high]
[CVE-2015-4666] Xceedium Xsuite <=2.4.4.5 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-4668] Xsuite <=2.4.4.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-4694] WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2015-5354] Novius OS 5.0.1-elche - Open Redirect (@0x_akoko) [medium]
[CVE-2015-5461] WordPress StageShow <5.0.9 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-5469] WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2015-5471] Swim Team <= v1.44.10777 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2015-5531] ElasticSearch <1.6.1 - Local File Inclusion (@princechaddha)
[medium]
[CVE-2015-5688] Geddy <13.0.8 - Local File Inclusion (@pikpikcu) [medium]
[CVE-2015-6477] Nordex NC2 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2015-6544] Combodo iTop <2.2.0-2459 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2015-6920] WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-7245] D-Link DVG-N5402SP - Local File Inclusion (@0x_akoko) [high]
[CVE-2015-7297] Joomla! Core SQL Injection (@princechaddha) [high]
[CVE-2015-7377] WordPress Pie-Register <2.0.19 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-7450] IBM WebSphere Java Object Deserialization - Remote Code Execution
(@wdahlenb) [critical]
[CVE-2015-7780] ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2015-7823] Kentico CMS 8.2 - Open Redirect (@0x_akoko) [medium]
[CVE-2015-8349] SourceBans <2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2015-8399] Atlassian Confluence <5.8.17 - Information Disclosure
(@princechaddha) [medium]
[CVE-2015-8813] Umbraco <7.4.0- Server-Side Request Forgery (@emadshanab) [high]
[CVE-2015-9312] NewStatPress <=1.0.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2015-9323] 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection (@harsh)
[critical]
[CVE-2015-9414] WordPress Symposium <=15.8.1 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2015-9480] WordPress RobotCPA 5 - Directory Traversal (@daffainfo) [high]
[CVE-2016-0957] Adobe AEM Dispatcher <4.15 - Rules Bypass (@geeknik) [high]
[CVE-2016-1000126] WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000127] WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000128] WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000129] WordPress defa-online-image-protector <=3.3 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000130] WordPress e-search <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000131] WordPress e-search <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000132] WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000133] WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000134] WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000135] WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000136] WordPress heat-trackr 1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000137] WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000138] WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000139] WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2016-1000140] WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000141] WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000142] WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000143] WordPress Photoxhibit 2.1.8 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000146] WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000148] WordPress S3 Video <=0.983 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000149] WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000152] WordPress Tidio-form <=1.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000153] WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2016-1000154] WordPress WHIZZ <=1.0.7 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-1000155] WordPress WPSOLR <=8.6 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2016-10033] WordPress PHPMailer < 5.2.18 - Remote Code Execution
(@princechaddha) [critical]
[CVE-2016-10108] Western Digital MyCloud NAS - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2016-10134] Zabbix - SQL Injection (@princechaddha) [critical]
[CVE-2016-10367] Opsview Monitor Pro - Local File Inclusion (@0x_akoko) [high]
[CVE-2016-10368] Opsview Monitor Pro - Open Redirect (@0x_akoko) [medium]
[CVE-2016-10924] Wordpress Zedna eBook download <1.2 - Local File Inclusion
(@idealphase) [high]
[CVE-2016-10940] WordPress zm-gallery plugin 1.0 SQL Injection
(@cckuailong,@daffainfo) [high]
[CVE-2016-10956] WordPress Mail Masta 1.0 - Local File Inclusion
(@daffainfo,@0x240x23elu) [high]
[CVE-2016-10960] WordPress wSecure Lite < 2.4 - Remote Code Execution (@daffainfo)
[high]
[CVE-2016-10973] Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting (@harsh)
[medium]
[CVE-2016-10993] ScoreMe Theme - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2016-1555] NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
(@gy741) [critical]
[CVE-2016-2389] SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
(@daffainfo) [high]
[CVE-2016-3081] Apache S2-032 Struts - Remote Code Execution (@dhiyaneshdk) [high]
[CVE-2016-3088] Apache ActiveMQ Fileserver - Arbitrary File Write (@fq_hsu)
[critical]
[CVE-2016-3978] Fortinet FortiOS - Open Redirect/Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2016-4437] Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code
Execution Vulnerability (@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2016-4975] Apache mod_userdir CRLF injection (@melbadry9,@nadino,@xelkomy)
[medium]
[CVE-2016-4977] Spring Security OAuth2 Remote Command Execution (@princechaddha)
[high]
[CVE-2016-5649] NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (@suman_kar)
[critical]
[CVE-2016-5674] NUUO NVR camera `debugging_center_utils_.php` - Command Execution
(@dhiyaneshdk) [critical]
[CVE-2016-6195] vBulletin <= 4.2.3 - SQL Injection (@mastercho) [critical]
[CVE-2016-6277] NETGEAR Routers - Remote Code Execution (@pikpikcu) [high]
[CVE-2016-6601] ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2016-7552] Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication
Bypass (@dwisiswant0) [critical]
[CVE-2016-7834] Sony IPELA Engine IP Camera - Hardcoded Account (@af001) [high]
[CVE-2016-7981] SPIP <3.1.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2016-8527] Aruba Airwave <8.2.3.1 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-0929] DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
(@charanrayudu,@meme-lord) [high]
[CVE-2017-1000028] Oracle GlassFish Server Open Source Edition 4.1 - Local File
Inclusion (@pikpikcu,@daffainfo) [high]
[CVE-2017-1000029] Oracle GlassFish Server Open Source Edition 3.0.1 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2017-1000163] Phoenix Framework - Open Redirect (@0x_akoko) [medium]
[CVE-2017-1000170] WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local
File Inclusion (@dwisiswant0) [high]
[CVE-2017-1000486] Primetek Primefaces 5.x - Remote Code Execution (@moritz
nentwig) [critical]
[CVE-2017-10075] Oracle Content Server - Cross-Site Scripting (@madrobot) [high]
[CVE-2017-10271] Oracle WebLogic Server - Remote Command Execution
(@dr_set,@imnightmaree,@true13) [high]
[CVE-2017-10974] Yaws 1.91 - Local File Inclusion (@0x_akoko) [high]
[CVE-2017-11165] DataTaker DT80 dEX 1.50.012 - Information Disclosure
(@theabhinavgaur) [critical]
[CVE-2017-11444] Subrion CMS <4.1.5.10 - SQL Injection (@dwisiswant0) [critical]
[CVE-2017-11512] ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2017-11586] FineCMS <5.0.9 - Open Redirect (@0x_akoko) [medium]
[CVE-2017-11610] XML-RPC Server - Remote Code Execution (@notnotnotveg) [high]
[CVE-2017-11629] FineCMS <=5.0.10 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-12138] XOOPS Core 2.5.8 - Open Redirect (@0x_akoko) [medium]
[CVE-2017-12149] Jboss Application Server - Remote Code Execution (@fopina,@s0obi)
[critical]
[CVE-2017-12542] HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
(@pikpikcu) [critical]
[CVE-2017-12544] HPE System Management - Cross-Site Scripting (@divya_mudgal)
[medium]
[CVE-2017-12583] DokuWiki - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2017-12611] Apache Struts2 S2-053 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2017-12615] Apache Tomcat Servers - Remote Code Execution (@pikpikcu) [high]
[CVE-2017-12617] Apache Tomcat - Remote Code Execution (@pussycat0x) [high]
[CVE-2017-12629] Apache Solr <= 7.1 - XML Entity Injection (@dwisiswant0)
[critical]
[CVE-2017-12635] Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
(@pikpikcu) [critical]
[CVE-2017-12637] SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
(@apt-mirror) [high]
[CVE-2017-12794] Django Debug Page - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-14135] OpenDreambox 2.0.0 - Remote Code Execution (@alph4byt3) [critical]
[CVE-2017-14186] FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
(@johnk3r) [medium]
[CVE-2017-14524] OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
(@0x_akoko) [medium]
[CVE-2017-14535] Trixbox - 2.8.0.4 OS Command Injection (@pikpikcu) [high]
[CVE-2017-14537] Trixbox 2.8.0 - Path Traversal (@pikpikcu) [medium]
[CVE-2017-14622] WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2017-14651] WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (@mass0ma)
[medium]
[CVE-2017-14849] Node.js <8.6.0 - Directory Traversal (@random_robbie) [high]
[CVE-2017-15287] Dreambox WebControl 2.0.0 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2017-15363] Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2017-15647] FiberHome Routers - Local File Inclusion (@daffainfo) [high]
[CVE-2017-15715] Apache httpd <=2.4.29 - Arbitrary File Upload (@geeknik) [high]
[CVE-2017-15944] Palo Alto Network PAN-OS - Remote Code Execution
(@emadshanab,@milo2012) [critical]
[CVE-2017-16806] Ulterius Server < 1.9.5.0 - Directory Traversal (@geeknik) [high]
[CVE-2017-16877] Nextjs <2.4.1 - Local File Inclusion (@pikpikcu) [high]
[CVE-2017-16894] Laravel <5.5.21 - Information Disclosure (@j4vaovo) [high]
[CVE-2017-17043] WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-17059] WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-17451] WordPress Mailster <=1.5.4 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2017-17731] DedeCMS 5.7 - SQL Injection (@j4vaovo) [critical]
[CVE-2017-17736] Kentico - Installer Privilege Escalation (@shiar) [critical]
[CVE-2017-18024] AvantFAX 3.3.3 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-18487] AdPush < 1.44 - Cross-Site Scripting (@luisfelipe146) [medium]
[CVE-2017-18490] Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18491] Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18492] Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18493] Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18494] Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18496] Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18500] Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18501] Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18502] Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18505] BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18516] LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18517] Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18518] SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18527] Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18528] PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18529] PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18530] Rating by BestWebSoft < 0.2 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18532] Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18536] WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2017-18537] Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18542] Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18556] Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18557] Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18558] Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18562] Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18564] Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18565] Updater by BestWebSoft < 1.35 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18566] User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
(@luisfelipe146) [medium]
[CVE-2017-18598] WordPress Qards - Cross-Site Scripting (@pussycat0x) [medium]
[CVE-2017-18638] Graphite <=1.1.5 - Server-Side Request Forgery (@huowuzhao) [high]
[CVE-2017-3506] Oracle Fusion Middleware Weblogic Server - Remote OS Command
Execution (@pdteam) [high]
[CVE-2017-3528] Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect (@0x_akoko)
[medium]
[CVE-2017-4011] McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
(@geeknik) [medium]
[CVE-2017-5521] NETGEAR Routers - Authentication Bypass (@princechaddha) [high]
[CVE-2017-5631] KMCIS CaseAware - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2017-5638] Apache Struts 2 - Remote Command Execution (@random_robbie)
[critical]
[CVE-2017-5689] Intel Active Management - Authentication Bypass (@pdteam)
[critical]
[CVE-2017-5982] Kodi 17.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2017-6090] PhpColl 2.5.1 Arbitrary File Upload (@pikpikcu) [high]
[CVE-2017-7269] Windows Server 2003 & IIS 6.0 - Remote Code Execution
(@thomas_from_offensity,@geeknik) [critical]
[CVE-2017-7391] Magmi 0.7.22 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2017-7615] MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
(@bp0lr,@dwisiswant0) [high]
[CVE-2017-7855] IceWarp WebMail 11.3.1.5 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2017-7921] Hikvision - Authentication Bypass (@princechaddha) [critical]
[CVE-2017-7925] Dahua Security - Configuration File Disclosure (@e1a,@none)
[critical]
[CVE-2017-8229] Amcrest IP Camera Web Management - Data Exposure (@pussycat0x)
[critical]
[CVE-2017-8917] Joomla! <3.7.1 - SQL Injection (@princechaddha) [critical]
[CVE-2017-9140] Reflected XSS - Telerik Reporting Module (@dhiyaneshdk) [medium]
[CVE-2017-9288] WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2017-9416] Odoo 8.0/9.0/10.0 - Local File Inclusion (@co5mos) [medium]
[CVE-2017-9506] Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side
Request Forgery (@pdteam) [medium]
[CVE-2017-9791] Apache Struts2 S2-053 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2017-9805] Apache Struts2 S2-052 - Remote Code Execution (@pikpikcu) [high]
[CVE-2017-9822] DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code
Execution (@milo2012) [high]
[CVE-2017-9833] BOA Web Server 0.94.14 - Arbitrary File Access (@0x_akoko) [high]
[CVE-2017-9841] PHPUnit - Remote Code Execution (@random_robbie,@pikpikcu)
[critical]
[CVE-2018-0127] Cisco RV132W/RV134W Router - Information Disclosure (@jrolf)
[critical]
[CVE-2018-0296] Cisco ASA - Local File Inclusion (@organiccrap) [high]
[CVE-2018-1000129] Jolokia 1.3.7 - Cross-Site Scripting
(@mavericknerd,@0h1in9e,@daffainfo) [medium]
[CVE-2018-1000130] Jolokia Agent - JNDI Code Injection (@milo2012) [high]
[CVE-2018-1000226] Cobbler - Authentication Bypass (@c-sh0) [critical]
[CVE-2018-1000533] GitList < 0.6.0 Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-1000600] Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
(@geeknik) [high]
[CVE-2018-1000671] Sympa version =>6.2.16 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2018-1000856] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-1000861] Jenkins - Remote Command Injection (@dhiyaneshdk,@pikpikcu)
[critical]
[CVE-2018-10093] AudioCodes 420HD - Remote Code Execution (@wisnupramoedya) [high]
[CVE-2018-10095] Dolibarr <7.0.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-10141] Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2018-10201] Ncomputing vSPace Pro 10 and 11 - Directory Traversal (@0x_akoko)
[high]
[CVE-2018-10230] Zend Server <9.13 - Cross-Site Scripting (@marcos_iaf) [medium]
[CVE-2018-10562] Dasan GPON Devices - Remote Code Execution (@gy741) [critical]
[CVE-2018-10735] NagiosXI <= 5.4.12 `commandline.php` SQL injection (@dhiyaneshdk)
[high]
[CVE-2018-10736] NagiosXI <= 5.4.12 - SQL injection (@dhiyaneshdk) [high]
[CVE-2018-10737] NagiosXI <= 5.4.12 logbook.php SQL injection (@dhiyaneshdk) [high]
[CVE-2018-10738] NagiosXI <= 5.4.12 menuaccess.php - SQL injection (@dhiyaneshdk)
[high]
[CVE-2018-10818] LG NAS Devices - Remote Code Execution (@gy741) [critical]
[CVE-2018-10822] D-Link Routers - Local File Inclusion (@daffainfo) [high]
[CVE-2018-10823] D-Link Routers - Remote Command Injection (@wisnupramoedya) [high]
[CVE-2018-10942] Prestashop AttributeWizardPro Module - Arbitrary File Upload
(@mastercho) [critical]
[CVE-2018-10956] IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2018-11227] Monstra CMS <=3.0.4 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2018-11231] Opencart Divido - Sql Injection (@ritikchaddha) [high]
[CVE-2018-11409] Splunk <=7.0.1 - Information Disclosure (@harshbothra_) [medium]
[CVE-2018-11473] Monstra CMS 3.0.4 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-11709] WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2018-11759] Apache Tomcat JK Connect <=1.2.44 - Manager Access (@harshbothra_)
[high]
[CVE-2018-11776] Apache Struts2 S2-057 - Remote Code Execution (@pikpikcu) [high]
[CVE-2018-11784] Apache Tomcat - Open Redirect (@geeknik) [medium]
[CVE-2018-12031] Eaton Intelligent Power Manager 1.6 - Directory Traversal
(@daffainfo) [critical]
[CVE-2018-12054] Schools Alert Management Script - Arbitrary File Read
(@wisnupramoedya) [high]
[CVE-2018-1207] Dell iDRAC7/8 Devices - Remote Code Injection (@dwisiswant0)
[critical]
[CVE-2018-12095] OEcms 3.1 - Cross-Site Scripting (@logicalhunter) [medium]
[CVE-2018-12296] Seagate NAS OS 4.3.15.1 - Server Information Disclosure
(@princechaddha) [high]
[CVE-2018-12300] Seagate NAS OS 4.3.15.1 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-12613] PhpMyAdmin <4.8.2 - Local File Inclusion (@pikpikcu) [high]
[CVE-2018-12634] CirCarLife Scada <4.3 - System Log Exposure (@geeknik) [critical]
[CVE-2018-12675] SV3C HD Camera L Series - Open Redirect (@0x_akoko) [medium]
[CVE-2018-1271] Spring MVC Framework - Local File Inclusion (@hetroublemakr)
[medium]
[CVE-2018-1273] Spring Data Commons - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2018-12909] Webgrind <= 1.5 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2018-12998] Zoho manageengine - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-1335] Apache Tika <1.1.8- Header Command Injection (@pikpikcu) [high]
[CVE-2018-13379] Fortinet FortiOS - Credentials Disclosure (@organiccrap)
[critical]
[CVE-2018-13380] Fortinet FortiOS - Cross-Site Scripting (@shelld3v,@aaronchen0)
[medium]
[CVE-2018-13980] Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
(@wisnupramoedya) [medium]
[CVE-2018-14013] Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-
Site Scripting (@pikpikcu) [medium]
[CVE-2018-14064] VelotiSmart Wifi - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-14474] Orange Forum 1.4.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-14574] Django - Open Redirect (@pikpikcu) [medium]
[CVE-2018-14728] Responsive filemanager 9.13.1 Server-Side Request Forgery
(@madrobot) [critical]
[CVE-2018-14912] cgit < 1.2.1 - Directory Traversal (@0x_akoko) [high]
[CVE-2018-14916] Loytec LGATE-902 <6.4.2 - Local File Inclusion (@0x_akoko)
[critical]
[CVE-2018-14918] LOYTEC LGATE-902 6.3.2 - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-14931] Polarisft Intellect Core Banking Software Version 9.7.1 - Open
Redirect (@0x_akoko) [medium]
[CVE-2018-15138] LG-Ericsson iPECS NMS 30M - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-15517] D-Link Central WifiManager - Server-Side Request Forgery (@gy741)
[high]
[CVE-2018-15535] Responsive FileManager <9.13.4 - Local File Inclusion (@daffainfo)
[high]
[CVE-2018-15745] Argus Surveillance DVR 4.0.0.0 - Local File Inclusion (@gy741)
[high]
[CVE-2018-15917] Jorani Leave Management System 0.6.5 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2018-15961] Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
(@skylark-lab,@imnightmaree) [critical]
[CVE-2018-16059] WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
(@daffainfo) [medium]
[CVE-2018-16133] Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2018-16139] BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting (@atomiczsec)
[medium]
[CVE-2018-16159] WordPress Gift Voucher <4.1.8 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2018-16167] LogonTracer <=1.2.0 - Remote Command Injection (@gy741) [critical]
[CVE-2018-16283] WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
(@0x240x23elu) [critical]
[CVE-2018-16288] LG SuperSign EZ CMS 2.5 - Local File Inclusion (@daffainfo) [high]
[CVE-2018-16299] WordPress Localize My Post 1.0 - Local File Inclusion
(@0x_akoko,@0x240x23elu) [high]
[CVE-2018-16341] Nuxeo <10.3 - Remote Code Execution (@madrobot) [high]
[CVE-2018-16668] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16670] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16671] CirCarLife <4.3 - Improper Authentication (@geeknik) [medium]
[CVE-2018-16716] NCBI ToolBox - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-16761] Eventum <3.4.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2018-16763] FUEL CMS 1.4.1 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-16836] Rubedo CMS <=3.4.0 - Directory Traversal (@0x_akoko) [critical]
[CVE-2018-16979] Monstra CMS 3.0.4 - HTTP Header Injection (@0x_akoko) [medium]
[CVE-2018-17153] Western Digital MyCloud NAS - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2018-17246] Kibana - Local File Inclusion (@princechaddha,@thelicato)
[critical]
[CVE-2018-17254] Joomla! JCK Editor SQL Injection (@suman_kar) [critical]
[CVE-2018-17422] DotCMS < 5.0.2 - Open Redirect (@0x_akoko,@daffainfo) [medium]
[CVE-2018-17431] Comodo Unified Threat Management Web Console - Remote Code
Execution (@dwisiswant0) [critical]
[CVE-2018-18069] WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
(@nadino) [medium]
[CVE-2018-18264] Kubernetes Dashboard <1.10.1 - Authentication Bypass (@edoardottt)
[high]
[CVE-2018-18323] Centos Web Panel 0.9.8.480 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-18570] Planon <Live Build 41 - Cross-Site Scripting (@emadshanab)
[medium]
[CVE-2018-18608] DedeCMS 5.7 SP2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-18775] Microstrategy Web 7 - Cross-Site Scripting (@0x_akoko) [medium]
[CVE-2018-18777] Microstrategy Web 7 - Local File Inclusion (@0x_akoko) [medium]
[CVE-2018-18778] ACME mini_httpd <1.30 - Local File Inclusion
(@dhiyaneshdk,@dogasantos) [medium]
[CVE-2018-18809] TIBCO JasperReports Library - Directory Traversal (@dhiyaneshdk)
[medium]
[CVE-2018-18925] Gogs (Go Git Service) 0.11.66 - Remote Code Execution
(@princechaddha) [critical]
[CVE-2018-19136] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19137] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19287] WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2018-19326] Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-19365] Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
(@0x_akoko) [critical]
[CVE-2018-19386] SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site
Scripting (@pikpikcu) [medium]
[CVE-2018-19439] Oracle Secure Global Desktop Administration Console 4.4 - Cross-
Site Scripting (@madrobot,@dwisiswant0) [medium]
[CVE-2018-19458] PHP Proxy 3.0.3 - Local File Inclusion (@daffainfo) [high]
[CVE-2018-19749] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19751] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19752] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19753] Tarantella Enterprise <3.11 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2018-19877] Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-19892] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19914] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-19915] DomainMOD <=4.11.01 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2018-20009] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20010] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20011] DomainMOD 4.11.01 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2018-20462] WordPress JSmol2WP <=1.07 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2018-20463] WordPress JSmol2WP <=1.07 - Local File Inclusion (@vinit989)
[high]
[CVE-2018-20470] Tyto Sahi pro 7.x/8.x - Local File Inclusion (@daffainfo) [high]
[CVE-2018-20526] Roxy Fileman 1.4.5 - Unrestricted File Upload (@dhiyaneshdk)
[critical]
[CVE-2018-20608] Imcat 4.4 - Phpinfo Configuration (@ritikchaddha) [high]
[CVE-2018-20824] Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2018-20985] WordPress Payeezy Pay <=2.97 - Local File Inclusion (@daffainfo)
[critical]
[CVE-2018-2392] SAP Internet Graphics Server (IGS) - XML External Entity Injection
(@_generic_human_) [high]
[CVE-2018-2791] Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
(@madrobot,@leovalcante) [high]
[CVE-2018-2894] Oracle WebLogic Server - Remote Code Execution (@geeknik,@pdteam)
[critical]
[CVE-2018-3167] Oracle E-Business Suite - Blind SSRF (@geeknik) [medium]
[CVE-2018-3238] Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site
Scripting (@leovalcante) [medium]
[CVE-2018-3714] node-srv - Local File Inclusion (@madrobot) [medium]
[CVE-2018-3760] Ruby On Rails - Local File Inclusion (@0xrudra,@pikpikcu) [high]
[CVE-2018-3810] Oturia WordPress Smart Google Code Inserter <3.5 - Authentication
Bypass (@princechaddha) [critical]
[CVE-2018-5230] Atlassian Jira Confluence - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2018-5233] Grav CMS <1.3.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2018-5316] WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-
Site Scripting (@daffainfo) [medium]
[CVE-2018-5715] SugarCRM 3.5.1 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2018-6008] Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
(@daffainfo) [high]
[CVE-2018-6184] Zeit Next.js <4.2.3 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2018-6200] vBulletin - Open Redirect (@0x_akoko,@daffainfo) [medium]
[CVE-2018-6530] D-Link - Unauthenticated Remote Code Execution (@gy741) [critical]
[CVE-2018-6605] Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
(@dhiyaneshdk) [critical]
[CVE-2018-6910] DedeCMS 5.7 - Path Disclosure (@pikpikcu) [high]
[CVE-2018-7251] Anchor CMS 0.12.3 - Error Log Exposure (@pdteam) [critical]
[CVE-2018-7282] TITool PrintMonitor - Blind SQL Injection (@theamanrawat)
[critical]
[CVE-2018-7314] Joomla! Component PrayerCenter 3.0.2 - SQL Injection (@dhiyaneshdk)
[critical]
[CVE-2018-7422] WordPress Site Editor <=1.1.1 - Local File Inclusion
(@luskabol,@0x240x23elu) [high]
[CVE-2018-7467] AxxonSoft Axxon Next - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-7490] uWSGI PHP Plugin Local File Inclusion (@madrobot) [high]
[CVE-2018-7600] Drupal - Remote Code Execution (@pikpikcu) [critical]
[CVE-2018-7602] Drupal - Remote Code Execution (@princechaddha) [critical]
[CVE-2018-7653] YzmCMS v3.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7662] CouchCMS <= 2.0 - Path Disclosure (@ritikchaddha) [medium]
[CVE-2018-7700] DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
(@pikpikcu) [high]
[CVE-2018-7719] Acrolinx Server <5.2.5 - Local File Inclusion (@0x_akoko) [high]
[CVE-2018-8006] Apache ActiveMQ <=5.15.5 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2018-8033] Apache OFBiz 16.11.04 - XML Entity Injection (@pikpikcu) [high]
[CVE-2018-8715] AppWeb - Authentication Bypass (@milo2012) [high]
[CVE-2018-8719] WordPress WP Security Audit Log 3.1.1 - Information Disclosure
(@logicalhunter) [medium]
[CVE-2018-8727] Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2018-8770] Cobub Razor 0.8.0 - Information Disclosure (@princechaddha)
[medium]
[CVE-2018-8823] PrestaShop Responsive Mega Menu Module - Remote Code Execution
(@mastercho) [critical]
[CVE-2018-9118] WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 -
Local File Inclusion (@0x_akoko) [high]
[CVE-2018-9161] PrismaWEB - Credentials Disclosure (@gy741) [critical]
[CVE-2018-9205] Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
(@daffainfo) [high]
[CVE-2018-9845] Etherpad Lite <1.6.4 - Admin Authentication Bypass
(@philippedelteil) [critical]
[CVE-2018-9995] TBK DVR4104/DVR4216 Devices - Authentication Bypass
(@princechaddha) [critical]
[CVE-2019-0193] Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
(@pdteam) [high]
[CVE-2019-0221] Apache Tomcat - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-0230] Apache Struts <=2.5.20 - Remote Code Execution (@geeknik)
[critical]
[CVE-2019-10068] Kentico CMS Insecure Deserialization Remote Code Execution
(@davidmckennirey) [critical]
[CVE-2019-10092] Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site
Scripting (@pdteam) [medium]
[CVE-2019-10098] Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (@ctflearner)
[medium]
[CVE-2019-1010287] Timesheet Next Gen <=1.5.3 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2019-1010290] Babel - Open Redirect (@0x_akoko) [medium]
[CVE-2019-10232] Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection
(@redteambrasil) [critical]
[CVE-2019-10405] Jenkins <=2.196 - Cookie Exposure (@c-sh0) [medium]
[CVE-2019-10475] Jenkins build-metrics 1.3 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2019-10692] WordPress Google Maps <7.11.18 - SQL Injection (@pussycat0x)
[critical]
[CVE-2019-10717] BlogEngine.NET 3.3.7.0 - Local File Inclusion (@arafatansari)
[high]
[CVE-2019-10758] mongo-express Remote Code Execution (@princechaddha) [critical]
[CVE-2019-11013] Nimble Streamer <=3.5.4-9 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2019-11248] Debug Endpoint pprof - Exposure Detection (@0xceeb,@ritikchaddha)
[high]
[CVE-2019-11370] Carel pCOWeb <B1.2.4 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2019-11510] Pulse Connect Secure SSL VPN Arbitrary File Read (@organiccrap)
[critical]
[CVE-2019-11580] Atlassian Crowd and Crowd Data Center - Unauthenticated Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2019-11581] Atlassian Jira Server-Side Template Injection (@ree4pwn)
[critical]
[CVE-2019-11869] WordPress Yuzo <5.12.94 - Cross-Site Scripting (@ganofins)
[medium]
[CVE-2019-12276] GrandNode 4.40 - Local File Inclusion (@daffainfo) [high]
[CVE-2019-12314] Deltek Maconomy 2.2.5 - Local File Inclusion (@madrobot)
[critical]
[CVE-2019-12461] WebPort 1.19.1 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-12581] Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting (@n-thumann)
[medium]
[CVE-2019-12583] Zyxel ZyWall UAG/USG - Account Creation Access (@n-
thumann,@daffainfo) [critical]
[CVE-2019-12593] IceWarp Mail Server <=10.4.4 - Local File Inclusion (@pikpikcu)
[high]
[CVE-2019-12616] phpMyAdmin <4.9.0 - Cross-Site Request Forgery
(@mohammedsaneem,@philippedelteil,@daffainfo) [medium]
[CVE-2019-12725] Zeroshell 3.9.0 - Remote Command Execution
(@dwisiswant0,@akincibor) [critical]
[CVE-2019-12962] LiveZilla Server 8.0.1.0 - Cross-Site Scripting (@clment cruchet)
[medium]
[CVE-2019-12985] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12986] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12987] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12988] Citrix SD-WAN Center - Remote Command Injection (@gy741)
[critical]
[CVE-2019-12990] Citrix SD-WAN Center - Local File Inclusion (@gy741) [critical]
[CVE-2019-13101] D-Link DIR-600M - Authentication Bypass (@suman_kar) [critical]
[CVE-2019-13392] MindPalette NateMail 3.0.15 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2019-13396] FlightPath - Local File Inclusion (@0x_akoko,@daffainfo) [medium]
[CVE-2019-13462] Lansweeper Unauthenticated SQL Injection (@divya_mudgal)
[critical]
[CVE-2019-14205] WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion
(@pikpikcu) [high]
[CVE-2019-14223] Alfresco Share - Open Redirect (@pdteam) [medium]
[CVE-2019-14251] T24 Web Server - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-14312] Aptana Jaxer 1.0.3.4547 - Local File inclusion (@daffainfo)
[medium]
[CVE-2019-14322] Pallets Werkzeug <0.15.5 - Local File Inclusion (@madrobot) [high]
[CVE-2019-14470] WordPress UserPro 4.9.32 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2019-14530] OpenEMR <5.0.2 - Local File Inclusion (@tenbird) [high]
[CVE-2019-14750] osTicket < 1.12.1 - Cross-Site Scripting (@tenbird) [medium]
[CVE-2019-14789] Custom 404 Pro < 3.2.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2019-14974] SugarCRM Enterprise 9.0.0 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2019-15107] Webmin <= 1.920 - Unauthenticated Remote Command Execution
(@bp0lr) [critical]
[CVE-2019-15501] L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
(@logicalhunter,@arafatansari) [medium]
[CVE-2019-15642] Webmin < 1.920 - Authenticated Remote Code Execution (@pussycat0x)
[high]
[CVE-2019-15713] WordPress My Calendar <= 3.1.9 - Cross-Site Scripting
(@daffainfo,@dhiyaneshdk) [medium]
[CVE-2019-15811] DomainMOD <=4.13.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2019-15829] Gallery Photoblocks < 1.1.43 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2019-15858] WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote
Code Execution (@dwisiswant0,@fmunozs,@patralos) [high]
[CVE-2019-15859] Socomec DIRIS A-40 Devices Password Disclosure (@geeknik)
[critical]
[CVE-2019-15889] WordPress Download Manager <2.9.94 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-16057] D-Link DNS-320 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2019-16097] Harbor <=1.82.0 - Privilege Escalation (@pikpikcu) [medium]
[CVE-2019-16123] PilusCart <=1.4.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-16278] nostromo 1.9.6 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-16313] ifw8 Router ROM v4.31 - Credential Discovery (@pikpikcu) [high]
[CVE-2019-16332] WordPress API Bearer Auth <20190907 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-16469] Adobe Experience Manager - Expression Language Injection
(@domenicoveneziano) [high]
[CVE-2019-16525] WordPress Checklist <1.1.9 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2019-1653] Cisco Small Business WAN VPN Routers - Sensitive Information
Disclosure (@dwisiswant0) [high]
[CVE-2019-16662] rConfig 3.9.2 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-16759] vBulletin 5.0.0-5.5.4 - Remote Command Execution (@madrobot)
[critical]
[CVE-2019-16920] D-Link Routers - Remote Code Execution (@dwisiswant0) [critical]
[CVE-2019-16931] WordPress Visualizer <3.3.1 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2019-16932] Visualizer <3.3.1 - Blind Server-Side Request Forgery (@akincibor)
[critical]
[CVE-2019-16996] Metinfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-16997] Metinfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-17270] Yachtcontrol Webapplication 1.0 - Remote Command Injection
(@pikpikcu) [critical]
[CVE-2019-17418] MetInfo 7.0.0 beta - SQL Injection (@ritikchaddha) [high]
[CVE-2019-17444] Jfrog Artifactory <6.17.0 - Default Admin Password (@pdteam)
[critical]
[CVE-2019-17503] Kirona Dynamic Resource Scheduler - Information Disclosure
(@logicalhunter) [medium]
[CVE-2019-17506] D-Link DIR-868L/817LW - Information Disclosure (@pikpikcu)
[critical]
[CVE-2019-17538] Jiangnan Online Judge 0.8.0 - Local File Inclusion (@pussycat0x)
[high]
[CVE-2019-17558] Apache Solr <=8.3.1 - Remote Code Execution (@pikpikcu,@madrobot)
[high]
[CVE-2019-17574] Popup-Maker < 1.8.12 - Broken Authentication (@dhiyaneshdk)
[critical]
[CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical]
[CVE-2019-1821] Cisco Prime Infrastructure and Cisco Evolved Programmable Network
Manager - Remote Code Execution (@_0xf4n9x_) [critical]
[CVE-2019-18371] Xiaomi Mi WiFi R3G Routers - Local file Inclusion (@ritikchaddha)
[high]
[CVE-2019-18393] Ignite Realtime Openfire <4.42 - Local File Inclusion (@pikpikcu)
[medium]
[CVE-2019-18394] Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
(@pdteam) [critical]
[CVE-2019-18665] DOMOS 5.5 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-18818] strapi CMS <3.0.0-beta.17.5 - Admin Password Reset (@idealphase)
[critical]
[CVE-2019-18922] Allied Telesis AT-GS950/8 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-18957] MicroStrategy Library <11.1.3 - Cross-Site Scripting (@tess)
[medium]
[CVE-2019-1898] Cisco RV110W RV130W RV215W Router - Information leakage
(@sleepingbag945) [medium]
[CVE-2019-19134] WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2019-19368] Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2019-1943] Cisco Small Business 200,300 and 500 Series Switches - Open
Redirect (@bhutch) [medium]
[CVE-2019-19781] Citrix ADC and Gateway - Directory Traversal
(@organiccrap,@geeknik) [critical]
[CVE-2019-19824] TOTOLINK Realtek SD Routers - Remote Command Injection (@gy741)
[high]
[CVE-2019-19908] phpMyChat-Plus 1.98 - Cross-Site Scripting (@madrobot) [medium]
[CVE-2019-19985] WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File
Retrieval (@kba@sogeti_esec,@madrobot,@dwisiswant0) [medium]
[CVE-2019-20085] TVT NVMS 1000 - Local File Inclusion (@daffainfo) [high]
[CVE-2019-20141] WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
(@knassar702) [medium]
[CVE-2019-20183] Simple Employee Records System 1.0 - Unrestricted File Upload
(@pikpikcu,@j4vaovo) [high]
[CVE-2019-20210] WordPress CTHthemes - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2019-20224] Pandora FMS 7.0NG - Remote Command Injection (@ritikchaddha)
[high]
[CVE-2019-20933] InfluxDB <1.7.6 - Authentication Bypass (@pussycat0x,@c-sh0)
[critical]
[CVE-2019-2578] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken
Access Control (@leovalcante) [high]
[CVE-2019-2579] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
(@leovalcante) [medium]
[CVE-2019-2588] Oracle Business Intelligence - Path Traversal (@madrobot) [medium]
[CVE-2019-2616] Oracle Business Intelligence/XML Publisher - XML External Entity
Injection (@pdteam) [high]
[CVE-2019-2725] Oracle WebLogic Server - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2019-2729] Oracle WebLogic Server Administration Console - Remote Code
Execution (@igibanez) [critical]
[CVE-2019-2767] Oracle Business Intelligence Publisher - XML External Entity
Injection (@madrobot) [high]
[CVE-2019-3396] Atlassian Confluence Server - Path Traversal (@harshbothra_)
[critical]
[CVE-2019-3398] Atlassian Confluence Download Attachments - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2019-3401] Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
(@techbrunchfr,@milo2012) [medium]
[CVE-2019-3402] Jira < 8.1.1 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2019-3403] Jira - Incorrect Authorization (@ganofins) [medium]
[CVE-2019-3799] Spring Cloud Config Server - Local File Inclusion (@madrobot)
[medium]
[CVE-2019-3911] LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
(@princechaddha) [medium]
[CVE-2019-3912] LabKey Server Community Edition <18.3.0 - Open Redirect (@0x_akoko)
[medium]
[CVE-2019-3929] Barco/AWIND OEM Presentation Platform - Remote Command Injection
(@_0xf4n9x_) [critical]
[CVE-2019-5127] YouPHPTube Encoder 2.3 - Remote Command Injection (@pikpikcu)
[critical]
[CVE-2019-5418] Rails File Content Disclosure (@omarkurt) [high]
[CVE-2019-5434] Revive Adserver 4.2 - Remote Code Execution (@omarjezi) [critical]
[CVE-2019-6112] WordPress Sell Media 2.4.1 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2019-6340] Drupal - Remote Code Execution (@madrobot) [high]
[CVE-2019-6715] W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read /
Directory Traversal (@randomrobbie) [high]
[CVE-2019-6799] phpMyAdmin <4.8.5 - Local File Inclusion (@pwnhxl) [medium]
[CVE-2019-6802] Pypiserver <1.2.5 - Carriage Return Line Feed Injection (@0x_akoko)
[medium]
[CVE-2019-7139] Magento - SQL Injection (@mastercho) [critical]
[CVE-2019-7192] QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
(@dhiyaneshdk) [critical]
[CVE-2019-7219] Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting (@pdteam)
[medium]
[CVE-2019-7238] Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
(@pikpikcu) [critical]
[CVE-2019-7254] eMerge E3 1.00-06 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-7255] Linear eMerge E3 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2019-7256] eMerge E3 1.00-06 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2019-7275] Optergy Proton/Enterprise Building Management System - Open
Redirect (@0x_akoko) [medium]
[CVE-2019-7315] Genie Access WIP3BVAF IP Camera - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-7481] SonicWall SRA 4600 VPN - SQL Injection (@_darrenmartyn) [high]
[CVE-2019-7543] KindEditor 4.1.11 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2019-7609] Kibana Timelion - Arbitrary Code Execution (@dwisiswant0)
[critical]
[CVE-2019-8086] Adobe Experience Manager - XML External Entity Injection
(@dhiyaneshdk) [high]
[CVE-2019-8390] qdPM 9.1 - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2019-8442] Jira - Local File Inclusion (@kishore krishna (sillydaddy)) [high]
[CVE-2019-8446] Jira Improper Authorization (@dhiyaneshdk) [medium]
[CVE-2019-8449] Jira <8.4.0 - Information Disclosure (@harshbothra_) [medium]
[CVE-2019-8451] Jira <8.4.0 - Server-Side Request Forgery (@techbrunchfr) [medium]
[CVE-2019-8903] Totaljs <3.2.3 - Local File Inclusion (@madrobot) [high]
[CVE-2019-8937] HotelDruid 2.3.0 - Cross-Site Scripting (@logicalhunter) [medium]
[CVE-2019-8982] Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request
Forgery (@madrobot) [critical]
[CVE-2019-9041] ZZZCMS 1.6.1 - Remote Code Execution (@pikpikcu) [high]
[CVE-2019-9618] WordPress GraceMedia Media Player 1.0 - Local File Inclusion
(@daffainfo) [critical]
[CVE-2019-9632] ESAFENET CDG - Arbitrary File Download (@pdteam) [high]
[CVE-2019-9670] Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity
Injection (@ree4pwn) [critical]
[CVE-2019-9726] Homematic CCU3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2019-9733] JFrog Artifactory 6.7.3 - Admin Login Bypass (@akshansh) [critical]
[CVE-2019-9915] GetSimple CMS 3.3.13 - Open Redirect (@0x_akoko) [medium]
[CVE-2019-9922] Joomla! Harmis Messenger 1.2.2 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2019-9955] Zyxel - Cross-Site Scripting (@pdteam) [medium]
[CVE-2019-9978] WordPress Social Warfare <3.5.3 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2020-0618] Microsoft SQL Server Reporting Services - Remote Code Execution
(@joeldeleep) [high]
[CVE-2020-10148] SolarWinds Orion API - Auth Bypass (@dwisiswant0) [critical]
[CVE-2020-10199] Sonatype Nexus Repository Manager 3 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2020-10220] rConfig 3.9 - SQL Injection (@ritikchaddha,@theamanrawat)
[critical]
[CVE-2020-10546] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10547] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10548] rConfig 3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10549] rConfig <=3.9.4 - SQL Injection (@madrobot) [critical]
[CVE-2020-10770] Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery
(SSRF) (@dhiyaneshdk) [medium]
[CVE-2020-10973] WAVLINK - Access Control (@arafatansari) [high]
[CVE-2020-11034] GLPI <9.4.6 - Open Redirect (@pikpikcu) [medium]
[CVE-2020-11110] Grafana <= 6.7.1 - Cross-Site Scripting (@emadshanab) [medium]
[CVE-2020-11450] MicroStrategy Web 10.4 - Information Disclosure (@tess) [high]
[CVE-2020-11455] LimeSurvey 4.1.11 - Local File Inclusion (@daffainfo) [critical]
[CVE-2020-11529] Grav <1.7 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-11530] WordPress Chop Slider 3 - Blind SQL Injection (@theamanrawat)
[critical]
[CVE-2020-11546] SuperWebmailer 7.21.0.01526 - Remote Code Execution
(@official_blackhat13) [critical]
[CVE-2020-11547] PRTG Network Monitor <20.1.57.1745 - Information Disclosure
(@x6263) [medium]
[CVE-2020-11710] Kong Admin <=2.03 - Admin API Access (@pikpikcu) [critical]
[CVE-2020-11738] WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion
(@dwisiswant0) [high]
[CVE-2020-11798] Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal
(@ritikchaddha) [medium]
[CVE-2020-11853] Micro Focus Operations Bridge Manager <=2020.05 - Remote Code
Execution (@dwisiswant0) [high]
[CVE-2020-11854] Micro Focus UCMDB - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-11930] WordPress GTranslate <2.8.52 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2020-11978] Apache Airflow <=1.10.10 - Remote Code Execution (@pdteam) [high]
[CVE-2020-11991] Apache Cocoon 2.1.12 - XML Injection (@pikpikcu) [high]
[CVE-2020-12054] WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2020-12116] Zoho ManageEngine OpManger - Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2020-12124] WAVLINK WN530H4 live_api.cgi - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2020-12127] WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
(@arafatansari) [high]
[CVE-2020-12256] rConfig 3.9.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-12259] rConfig 3.9.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-12447] Onkyo TX-NR585 Web Interface - Directory Traversal (@0x_akoko)
[high]
[CVE-2020-12478] TeamPass 2.1.27.36 - Improper Authentication (@arafatansari)
[high]
[CVE-2020-12720] vBulletin SQL Injection (@pdteam) [critical]
[CVE-2020-12800] WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
(@dwisiswant0) [critical]
[CVE-2020-13117] Wavlink Multiple AP - Remote Command Injection (@gy741) [critical]
[CVE-2020-13121] Submitty <= 20.04.01 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-13158] Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
(@0x_akoko) [high]
[CVE-2020-13167] Netsweeper <=6.4.3 - Python Code Injection (@dwisiswant0)
[critical]
[CVE-2020-13258] Contentful <=2020-05-21 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2020-13379] Grafana 3.0.1-7.0.1 - Server-Side Request Forgery (@joshua rogers)
[high]
[CVE-2020-13405] Microweber <1.1.20 - Information Disclosure (@ritikchaddha,@amit-
jd) [high]
[CVE-2020-13483] Bitrix24 <=20.0.0 - Cross-Site Scripting (@pikpikcu,@3th1c_yuk1)
[medium]
[CVE-2020-13638] rConfig 3.9 - Authentication Bypass(Admin Login) (@theamanrawat)
[critical]
[CVE-2020-13700] WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object
Reference (@pikpikcu) [high]
[CVE-2020-13820] Extreme Management Center 8.4.1.24 - Cross-Site Scripting (@tess)
[medium]
[CVE-2020-13851] Artica Pandora FMS 7.44 - Remote Code Execution (@theamanrawat)
[high]
[CVE-2020-13927] Airflow Experimental <1.10.11 - REST API Auth Bypass (@pdteam)
[critical]
[CVE-2020-13937] Apache Kylin - Exposed Configuration File (@pikpikcu) [medium]
[CVE-2020-13942] Apache Unomi <1.5.2 - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-13945] Apache APISIX - Insufficiently Protected Credentials (@pdteam)
[medium]
[CVE-2020-14092] WordPress PayPal Pro <1.1.65 - SQL Injection (@princechaddha)
[critical]
[CVE-2020-14144] Gitea 1.1.0 - 1.12.5 - Remote Code Execution (@theamanrawat)
[high]
[CVE-2020-14179] Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 -
Information Disclosure (@x1m_martijn) [medium]
[CVE-2020-14181] Jira Server and Data Center - Information Disclosure (@bjhulst)
[medium]
[CVE-2020-14408] Agentejo Cockpit 0.10.2 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2020-14413] NeDi 1.9C - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-14750] Oracle WebLogic Server - Remote Command Execution
(@princechaddha,@dhiyaneshdk) [critical]
[CVE-2020-14864] Oracle Fusion - Directory Traversal/Local File Inclusion (@ivo
palazzolo (@palaziv)) [high]
[CVE-2020-14882] Oracle Weblogic Server - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-14883] Oracle Fusion Middleware WebLogic Server Administration Console -
Remote Code Execution (@pdteam,@vicrack) [high]
[CVE-2020-15050] Suprema BioStar <2.8.2 - Local File Inclusion (@gy741) [high]
[CVE-2020-15129] Traefik - Open Redirect (@dwisiswant0) [medium]
[CVE-2020-15148] Yii 2 < 2.0.38 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-15227] Nette Framework - Remote Code Execution (@becivells) [critical]
[CVE-2020-15500] TileServer GL <=3.0.0 - Cross-Site Scripting (@akash.c) [medium]
[CVE-2020-15505] MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2020-15568] TerraMaster TOS <.1.29 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-15867] Gogs 0.5.5 - 0.12.2 - Remote Code Execution (@theamanrawat) [high]
[CVE-2020-15895] D-Link DIR-816L 2.x - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-15920] Mida eFramework <=2.9.0 - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-16846] SaltStack <=3002 - Shell Injection (@dwisiswant0) [critical]
[CVE-2020-16952] Microsoft SharePoint - Remote Code Execution (@dwisiswant0) [high]
[CVE-2020-17362] Nova Lite < 1.3.9 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2020-17453] WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2020-17456] SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code
Execution (@gy741,@edoardottt) [critical]
[CVE-2020-17463] Fuel CMS 1.4.7 - SQL Injection (@thirukrishnan) [critical]
[CVE-2020-17496] vBulletin 5.5.4 - 5.6.2- Remote Command Execution (@pussycat0x)
[critical]
[CVE-2020-17505] Artica Web Proxy 4.30 - OS Command Injection (@dwisiswant0) [high]
[CVE-2020-17506] Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
(@dwisiswant0) [critical]
[CVE-2020-17518] Apache Flink 1.5.1 - Local File Inclusion (@pdteam) [high]
[CVE-2020-17519] Apache Flink - Local File Inclusion (@pdteam) [high]
[CVE-2020-17526] Apache Airflow <1.10.14 - Authentication Bypass
(@piyushchhiroliya) [high]
[CVE-2020-17530] Apache Struts 2.0.0-2.5.25 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-18268] Z-Blog <=1.5.2 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-19282] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19283] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19295] Jeesns 1.4.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-19360] FHEM 6.0 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-1943] Apache OFBiz <=16.11.07 - Cross-Site Scripting (@pdteam) [medium]
[CVE-2020-19515] qdPM 9.1 - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2020-1956] Apache Kylin 3.0.1 - Command Injection Vulnerability
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2020-19625] Gridx 1.3 - Remote Code Execution (@geeknik) [critical]
[CVE-2020-20285] ZZcms - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-20300] WeiPHP 5.0 - SQL Injection (@pikpikcu) [critical]
[CVE-2020-2096] Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2020-20982] shadoweb wdja v1.5.1 - Cross-Site Scripting
(@pikpikcu,@ritikchaddha) [critical]
[CVE-2020-20988] DomainMOD 4.13.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2020-21012] Sourcecodester Hotel and Lodge Management System 2.0 - SQL
Injection (@edoardottt) [critical]
[CVE-2020-2103] Jenkins <=2.218 - Information Disclosure (@c-sh0) [medium]
[CVE-2020-21224] Inspur ClusterEngine 4.0 - Remote Code Execution (@pikpikcu)
[critical]
[CVE-2020-2140] Jenkin Audit Trail <=3.2 - Cross-Site Scripting
(@j3ssie/geraldino2) [medium]
[CVE-2020-22208] 74cms - ajax_street.php 'x' SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22209] 74cms - ajax_common.php SQL Injection (@ritikchaddha) [critical]
[CVE-2020-22210] 74cms - ajax_officebuilding.php SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22211] 74cms - ajax_street.php 'key' SQL Injection (@ritikchaddha)
[critical]
[CVE-2020-22840] b2evolution CMS <6.11.6 - Open Redirect (@geeknik) [medium]
[CVE-2020-23015] OPNsense <=20.1.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-23517] Aryanic HighMail (High CMS) - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2020-23575] Kyocera Printer d-COPIA253MF - Directory Traversal (@0x_akoko)
[high]
[CVE-2020-23697] Monstra CMS 3.0.4 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-23972] Joomla! Component GMapFP 3.5 - Arbitrary File Upload
(@dwisiswant0) [high]
[CVE-2020-24148] Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side
Request Forgery (@dwisiswant0) [critical]
[CVE-2020-24186] WordPress wpDiscuz <=7.0.4 - Remote Code Execution (@ganofins)
[critical]
[CVE-2020-24223] Mara CMS 7.5 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-24312] WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
(@x1m_martijn) [high]
[CVE-2020-24391] Mongo-Express - Remote Code Execution (@leovalcante) [critical]
[CVE-2020-24550] EpiServer Find <13.2.7 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2020-24571] NexusDB <4.50.23 - Local File Inclusion (@pikpikcu) [high]
[CVE-2020-24579] D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
(@pikpikcu) [high]
[CVE-2020-24589] WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
(@lethargynavigator) [critical]
[CVE-2020-24701] OX Appsuite - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2020-24902] Quixplorer <=2.4.1 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2020-24903] Cute Editor for ASP.NET 6.4 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2020-24912] QCube Cross-Site-Scripting (@pikpikcu) [medium]
[CVE-2020-24949] PHP-Fusion 9.03.50 - Remote Code Execution (@geeknik) [high]
[CVE-2020-25078] D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure
(@pikpikcu) [high]
[CVE-2020-25213] WordPress File Manager Plugin - Remote Code Execution (@foulenzer)
[critical]
[CVE-2020-25223] Sophos UTM Preauth - Remote Code Execution (@gy741) [critical]
[CVE-2020-25495] Xinuo Openserver 5/6 - Cross-Site scripting (@0x_akoko) [medium]
[CVE-2020-25506] D-Link DNS-320 - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2020-2551] Oracle WebLogic Server - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2020-25540] ThinkAdmin 6 - Local File Inclusion (@geeknik) [high]
[CVE-2020-25780] Commvault CommCell - Local File Inclusion (@pdteam) [high]
[CVE-2020-25864] HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
(@c-sh0) [medium]
[CVE-2020-26073] Cisco SD-WAN vManage Software - Local File Inclusion (@madrobot)
[high]
[CVE-2020-26153] Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
(@pikpikcu) [medium]
[CVE-2020-26214] Alerta < 8.1.0 - Authentication Bypass (@caspergn,@daffainfo)
[critical]
[CVE-2020-26217] XStream <1.4.14 - Remote Code Execution (@pwnhxl,@vicrack) [high]
[CVE-2020-26248] PrestaShop Product Comments <4.2.0 - SQL Injection (@edoardottt)
[high]
[CVE-2020-26258] XStream <1.4.15 - Server-Side Request Forgery (@pwnhxl) [high]
[CVE-2020-26413] Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
(@_0xf4n9x_,@pikpikcu) [medium]
[CVE-2020-26876] WordPress WP Courses Plugin Information Disclosure (@dwisiswant0)
[high]
[CVE-2020-26919] NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
(@gy741) [critical]
[CVE-2020-26948] Emby Server Server-Side Request Forgery (@dwisiswant0) [critical]
[CVE-2020-27191] LionWiki <3.2.12 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-2733] JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
(@dhiyaneshdk,@pussycat0x) [critical]
[CVE-2020-27361] Akkadian Provisioning Manager 4.50.02 - Sensitive Information
Disclosure (@gy741) [high]
[CVE-2020-27467] Processwire CMS <2.7.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-27481] Good Layers LMS Plugin <= 2.1.4 - SQL Injection (@edoardottt)
[critical]
[CVE-2020-27735] Wing FTP 6.4.4 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-27838] KeyCloak - Information Exposure (@mchklt) [medium]
[CVE-2020-27866] NETGEAR - Authentication Bypass (@gy741) [high]
[CVE-2020-27982] IceWarp WebMail 11.4.5.0 - Cross-Site Scripting (@madrobot)
[medium]
[CVE-2020-27986] SonarQube - Authentication Bypass (@pikpikcu) [high]
[CVE-2020-28185] TerraMaster TOS < 4.2.06 - User Enumeration (@pussycat0x) [medium]
[CVE-2020-28188] TerraMaster TOS - Unauthenticated Remote Command Execution
(@gy741) [critical]
[CVE-2020-28208] Rocket.Chat <3.9.1 - Information Disclosure (@pdteam) [medium]
[CVE-2020-28871] Monitorr 1.7.6m - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2020-28976] WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
(@logicalhunter) [medium]
[CVE-2020-29164] PacsOne Server <7.1.1 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2020-29227] Car Rental Management System 1.0 - Local File Inclusion
(@daffainfo) [critical]
[CVE-2020-29284] Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL
Injection (@edoardottt) [critical]
[CVE-2020-29395] Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2020-29453] Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-
INF) (@dwisiswant0) [medium]
[CVE-2020-29583] ZyXel USG - Hardcoded Credentials (@canberbamber) [critical]
[CVE-2020-29597] IncomCMS 2.0 - Arbitrary File Upload (@princechaddha) [critical]
[CVE-2020-3187] Cisco Adaptive Security Appliance Software/Cisco Firepower Threat
Defense - Directory Traversal (@kareemse1im) [critical]
[CVE-2020-3452] Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense
(FTD) - Local File Inclusion (@pdteam) [high]
[CVE-2020-35234] SMTP WP Plugin Directory Listing (@pr3r00t) [high]
[CVE-2020-35338] Wireless Multiplex Terminal Playout Server <=20.2.8 - Default
Credential Detection (@jeya seelan) [critical]
[CVE-2020-35476] OpenTSDB <=2.4.0 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-35489] WordPress Contact Form 7 - Unrestricted File Upload (@soyelmago)
[critical]
[CVE-2020-35580] SearchBlox <9.2.2 - Local File Inclusion (@daffainfo) [high]
[CVE-2020-35598] Advanced Comment System 1.0 - Local File Inclusion (@daffainfo)
[high]
[CVE-2020-35713] Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
(@gy741) [critical]
[CVE-2020-35729] Klog Server <=2.41 - Unauthenticated Command Injection
(@dwisiswant0) [critical]
[CVE-2020-35736] GateOne 1.1 - Local File Inclusion (@pikpikcu) [high]
[CVE-2020-35749] WordPress Simple Job Board <2.9.4 - Local File Inclusion
(@cckuailong) [high]
[CVE-2020-35774] twitter-server Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-3580] Cisco ASA/FTD Software - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-35846] Agentejo Cockpit < 0.11.2 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35847] Agentejo Cockpit <0.11.2 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35848] Agentejo Cockpit <0.12.0 - NoSQL Injection (@dwisiswant0)
[critical]
[CVE-2020-35951] Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
(@princechaddha) [critical]
[CVE-2020-35984] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35985] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35986] Rukovoditel <= 2.7.2 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2020-35987] Rukovoditel <= 2.7.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2020-36112] CSE Bookstore 1.0 - SQL Injection (@geeknik) [critical]
[CVE-2020-36289] Jira Server and Data Center - Information Disclosure
(@dhiyaneshdk) [medium]
[CVE-2020-36365] Smartstore <4.1.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2020-36510] WordPress 15Zine <3.3.0 - Cross-Site Scripting (@veshraj) [medium]
[CVE-2020-4463] IBM Maximo Asset Management Information Disclosure - XML External
Entity Injection (@dwisiswant0) [high]
[CVE-2020-5191] PHPGurukul Hospital Management System - Cross-Site Scripting
(@tenbird) [medium]
[CVE-2020-5192] Hospital Management System 4.0 - SQL Injection (@tenbird) [high]
[CVE-2020-5284] Next.js <9.3.2 - Local File Inclusion
(@rootxharsh,@iamnoooob,@dwisiswant0) [medium]
[CVE-2020-5307] PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
(@gy741) [critical]
[CVE-2020-5405] Spring Cloud Config - Local File Inclusion (@harshbothra_) [medium]
[CVE-2020-5410] Spring Cloud Config Server - Local File Inclusion (@mavericknerd)
[high]
[CVE-2020-5412] Spring Cloud Netflix - Server-Side Request Forgery (@dwisiswant0)
[medium]
[CVE-2020-5775] Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
(@alph4byt3) [medium]
[CVE-2020-5776] MAGMI - Cross-Site Request Forgery (@dwisiswant0) [high]
[CVE-2020-5777] Magento Mass Importer <0.7.24 - Remote Auth Bypass (@dwisiswant0)
[critical]
[CVE-2020-5847] UnRaid <=6.80 - Remote Code Execution (@madrobot) [critical]
[CVE-2020-5902] F5 BIG-IP TMUI - Remote Code Execution
(@madrobot,@dwisiswant0,@ringo) [critical]
[CVE-2020-6171] CLink Office 2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-6207] SAP Solution Manager 7.2 - Remote Command Execution
(@_generic_human_) [critical]
[CVE-2020-6287] SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition
(@dwisiswant0) [critical]
[CVE-2020-6308] SAP BusinessObjects Business Intelligence Platform - Blind Server-
Side Request Forgery (@madrobot) [medium]
[CVE-2020-6637] OpenSIS 7.3 - SQL Injection (@pikpikcu) [critical]
[CVE-2020-6950] Eclipse Mojarra - Local File Read (@iamnoooob,@pdresearch) [medium]
[CVE-2020-7107] WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2020-7136] HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access
(@gy741) [critical]
[CVE-2020-7209] LinuxKI Toolset <= 6.01 - Remote Command Execution (@dwisiswant0)
[critical]
[CVE-2020-7318] McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
(@dwisiswant0) [medium]
[CVE-2020-7796] Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request
Forgery (@gy741) [critical]
[CVE-2020-7943] Puppet Server/PuppetDB - Sensitive Information Disclosure (@c-sh0)
[high]
[CVE-2020-7961] Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code
Execution (@dwisiswant0) [critical]
[CVE-2020-7980] Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
(@ritikchaddha) [critical]
[CVE-2020-8115] Revive Adserver <=5.0.3 - Cross-Site Scripting
(@madrobot,@dwisiswant0) [medium]
[CVE-2020-8163] Ruby on Rails <5.0.1 - Remote Code Execution (@tim_koopmans) [high]
[CVE-2020-8191] Citrix ADC/Gateway - Cross-Site Scripting (@dwisiswant0) [medium]
[CVE-2020-8193] Citrix - Local File Inclusion (@pdteam) [medium]
[CVE-2020-8194] Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
(@dwisiswant0) [medium]
[CVE-2020-8209] Citrix XenMobile Server - Local File Inclusion (@dwisiswant0)
[high]
[CVE-2020-8497] Artica Pandora FMS <=7.42 - Arbitrary File Read (@gy741) [medium]
[CVE-2020-8512] IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
(@pdteam,@dwisiswant0) [medium]
[CVE-2020-8515] DrayTek - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-8615] Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
(@r3y3r53) [medium]
[CVE-2020-8641] Lotus Core CMS 1.0.1 - Local File Inclusion (@0x_akoko) [high]
[CVE-2020-8644] playSMS <1.4.3 - Remote Code Execution (@dbrwsky) [critical]
[CVE-2020-8654] EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
(@praetorian-thendrickson) [high]
[CVE-2020-8771] WordPress Time Capsule < 1.21.16 - Authentication Bypass
(@princechaddha) [critical]
[CVE-2020-8772] WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
(@princechaddha,@scent2d) [critical]
[CVE-2020-8813] Cacti v1.2.8 - Remote Code Execution (@gy741) [high]
[CVE-2020-8982] Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read
(@dwisiswant0) [high]
[CVE-2020-9036] Jeedom <=4.0.38 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2020-9043] WordPress wpCentral <1.5.1 - Information Disclosure (@scent2d)
[high]
[CVE-2020-9047] exacqVision Web Service - Remote Code Execution (@dwisiswant0)
[high]
[CVE-2020-9054] Zyxel NAS Firmware 5.21- Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2020-9315] Oracle iPlanet Web Server 7.0.x - Authentication Bypass
(@dhiyaneshdk) [high]
[CVE-2020-9344] Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2020-9376] D-Link DIR-610 Devices - Information Disclosure (@whynotke) [high]
[CVE-2020-9402] Django SQL Injection (@geeknik) [high]
[CVE-2020-9425] rConfig <3.9.4 - Sensitive Information Disclosure (@madrobot)
[high]
[CVE-2020-9483] SkyWalking SQLI (@pikpikcu) [high]
[CVE-2020-9484] Apache Tomcat Remote Command Execution (@dwisiswant0) [high]
[CVE-2020-9496] Apache OFBiz 17.12.03 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2020-9757] Craft CMS < 3.3.0 - Server-Side Template Injection (@dwisiswant0)
[critical]
[CVE-2021-1472] Cisco Small Business RV Series - OS Command Injection (@gy741)
[critical]
[CVE-2021-1497] Cisco HyperFlex HX Data Platform - Remote Command Execution
(@gy741) [critical]
[CVE-2021-1498] Cisco HyperFlex HX Data Platform - Remote Command Execution
(@gy741) [critical]
[CVE-2021-1499] Cisco HyperFlex HX Data Platform - Arbitrary File Upload (@gy741)
[medium]
[CVE-2021-20031] SonicWall SonicOS 7.0 - Open Redirect (@gy741) [medium]
[CVE-2021-20038] SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
(@dwisiswant0,@jbaines-r7) [critical]
[CVE-2021-20090] Buffalo WSR-2533DHPL2 - Path Traversal (@gy741) [critical]
[CVE-2021-20091] Buffalo WSR-2533DHPL2 - Configuration File Injection
(@gy741,@pdteam,@parth) [high]
[CVE-2021-20092] Buffalo WSR-2533DHPL2 - Improper Access Control
(@gy741,@pdteam,@parth) [high]
[CVE-2021-20114] TCExam <= 14.8.1 - Sensitive Information Exposure (@push4d) [high]
[CVE-2021-20123] Draytek VigorConnect 1.6.0-B - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-20124] Draytek VigorConnect 6.0-B3 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-20137] Gryphon Tower - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2021-20150] Trendnet AC2600 TEW-827DRU - Credentials Disclosure (@gy741)
[medium]
[CVE-2021-20158] Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change
(@gy741) [critical]
[CVE-2021-20167] Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass
Buffer Overrun (@gy741) [high]
[CVE-2021-20323] Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
(@ndmalc,@incogbyte) [medium]
[CVE-2021-20792] WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-20837] MovableType - Remote Command Injection
(@dhiyaneshdk,@hackergautam) [critical]
[CVE-2021-21087] Adobe ColdFusion - Cross-Site Scripting (@daviey) [medium]
[CVE-2021-21234] Spring Boot Actuator Logview Directory Traversal
(@gy741,@pikpikcu) [high]
[CVE-2021-21287] MinIO Browser API - Server-Side Request Forgery (@pikpikcu) [high]
[CVE-2021-21307] Lucee Admin - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2021-21311] Adminer <4.7.9 - Server-Side Request Forgery (@adam
crosser,@pwnhxl) [high]
[CVE-2021-21315] Node.JS System Information Library <5.3.1 - Remote Command
Injection (@pikpikcu) [high]
[CVE-2021-21345] XStream <1.4.16 - Remote Code Execution (@pwnhxl,@vicrack)
[critical]
[CVE-2021-21351] XStream <1.4.16 - Remote Code Execution (@pwnhxl) [critical]
[CVE-2021-21389] BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code
Execution (@lotusdll) [high]
[CVE-2021-21402] Jellyfin <10.7.0 - Local File Inclusion (@dwisiswant0) [medium]
[CVE-2021-21479] SCIMono <0.0.19 - Remote Code Execution (@dwisiswant0) [critical]
[CVE-2021-21745] ZTE MF971R - Referer authentication bypass (@gy741) [medium]
[CVE-2021-21799] Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-21800] Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-21801] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21802] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21803] Advantech R-SeeNet - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-21805] Advantech R-SeeNet 2.4.12 - OS Command Injection (@arafatansari)
[critical]
[CVE-2021-21816] D-Link DIR-3040 1.13B03 - Information Disclosure (@gy741) [medium]
[CVE-2021-21881] Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
(@gy741) [critical]
[CVE-2021-21972] VMware vSphere Client (HTML5) - Remote Code Execution
(@dwisiswant0) [critical]
[CVE-2021-21973] VMware vSphere - Server-Side Request Forgery (@pdteam) [medium]
[CVE-2021-21975] vRealize Operations Manager API - Server-Side Request Forgery
(@luci) [high]
[CVE-2021-21978] VMware View Planner <4.6 SP1- Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2021-21985] VMware vSphere Client (HTML5) - Remote Code Execution
(@d0rkerdevil) [critical]
[CVE-2021-22005] VMware vCenter Server - Arbitrary File Upload (@pr3r00t)
[critical]
[CVE-2021-22053] Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code
Execution (@forgedhallpass) [high]
[CVE-2021-22054] VMWare Workspace ONE UEM - Server-Side Request Forgery (@h1ei1)
[high]
[CVE-2021-22122] FortiWeb - Cross Site Scripting (@dwisiswant0) [medium]
[CVE-2021-22145] Elasticsearch 7.10.0-7.13.3 - Information Disclosure
(@dhiyaneshdk) [medium]
[CVE-2021-22205] GitLab CE/EE - Remote Code Execution (@gitlab red team) [critical]
[CVE-2021-22214] Gitlab CE/EE 10.5 - Server-Side Request Forgery
(@suman_kar,@gitlab red team) [high]
[CVE-2021-22502] Micro Focus Operations Bridge Reporter - Remote Code Execution
(@pikpikcu) [critical]
[CVE-2021-22707] EVlink City < R8 V3.4.0.1 - Authentication Bypass
(@ritikchaddha,@dorkerdevil) [critical]
[CVE-2021-22873] Revive Adserver <5.1.0 - Open Redirect (@pudsec) [medium]
[CVE-2021-22911] Rocket.Chat <=3.13 - NoSQL Injection (@tess,@sullo) [critical]
[CVE-2021-22986] F5 iControl REST - Remote Command Execution
(@rootxharsh,@iamnoooob) [critical]
[CVE-2021-23241] MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
(@daffainfo) [medium]
[CVE-2021-24145] WordPress Modern Events Calendar Lite <5.16.5 - Authenticated
Arbitrary File Upload (@theamanrawat) [high]
[CVE-2021-24146] WordPress Modern Events Calendar Lite <5.16.5 - Sensitive
Information Disclosure (@random_robbie) [high]
[CVE-2021-24150] WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery
(@theamanrawat) [high]
[CVE-2021-24155] WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
(@theamanrawat) [high]
[CVE-2021-24165] WordPress Ninja Forms <3.4.34 - Open Redirect
(@dhiyaneshdk,@daffainfo) [medium]
[CVE-2021-24169] WordPress Advanced Order Export For WooCommerce <3.1.8 -
Authenticated Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2021-24176] WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (@ganofins)
[medium]
[CVE-2021-24210] WordPress PhastPress <1.111 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-24214] WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site
Scripting (@tess) [medium]
[CVE-2021-24215] Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper
Access Control & Privilege Escalation (@r3y3r53) [critical]
[CVE-2021-24226] AccessAlly <3.5.7 - Sensitive Information Leakage (@dhiyaneshdk)
[high]
[CVE-2021-24227] Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
(@theamanrawat) [high]
[CVE-2021-24235] WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24236] WordPress Imagements <=1.2.5 - Arbitrary File Upload (@pussycat0x)
[critical]
[CVE-2021-24237] WordPress Realteo <=1.2.3 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2021-24239] WordPress Pie Register <3.7.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-24245] WordPress Stop Spammers <2021.9 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2021-24274] WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24275] Popup by Supsystic <1.10.5 - Cross-Site scripting (@dhiyaneshdk)
[medium]
[CVE-2021-24276] WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24278] WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
(@2rs3c) [high]
[CVE-2021-24284] WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
(@lamscun,@pussycat0x,@pdteam) [critical]
[CVE-2021-24285] WordPress Car Seller - Auto Classifieds Script - SQL Injection
(@shreyapohekar) [critical]
[CVE-2021-24286] WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2021-24287] WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2021-24288] WordPress AcyMailing <7.5.0 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-24291] WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
(@geeknik) [medium]
[CVE-2021-24298] WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24300] WordPress WooCommerce <1.13.22 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-24316] WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
(@0x_akoko) [medium]
[CVE-2021-24320] WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site
Scripting (@daffainfo) [medium]
[CVE-2021-24335] WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-
Site Scripting (@daffainfo) [medium]
[CVE-2021-24340] WordPress Statistics <13.0.8 - Blind SQL Injection
(@lotusdll,@j4vaovo) [high]
[CVE-2021-24342] WordPress JNews Theme <8.0.6 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24347] WordPress SP Project & Document Manager <4.22 - Authenticated
Shell Upload (@theamanrawat) [high]
[CVE-2021-24351] WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site
Scripting (@maximus decimus) [medium]
[CVE-2021-24358] Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
(@dhiyaneshdk) [medium]
[CVE-2021-24364] WordPress Jannah Theme <5.4.4 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24370] WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
(@pikpikcu) [critical]
[CVE-2021-24387] WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
(@suman_kar) [medium]
[CVE-2021-24389] WordPress FoodBakery <2.2 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2021-24406] WordPress wpForo Forum < 1.9.7 - Open Redirect (@0x_akoko)
[medium]
[CVE-2021-24407] WordPress Jannah Theme <5.4.5 - Cross-Site Scripting (@pikpikcu)
[medium]
[CVE-2021-24409] Prismatic < 2.8 - Cross-Site Scripting (@harsh) [medium]
[CVE-2021-24435] WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting
(@xcapri,@ritikchaddha) [medium]
[CVE-2021-24436] WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-24442] Wordpress Polls Widget < 1.5.3 - SQL Injection (@ritikchaddha)
[critical]
[CVE-2021-24452] WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-24472] Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File
Inclusion/Server-Side Request Forgery (@suman_kar) [critical]
[CVE-2021-24488] WordPress Post Grid <2.1.8 - Cross-Site Scripting (@cckuailong)
[medium]
[CVE-2021-24495] Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
(@johnjhacking) [medium]
[CVE-2021-24498] WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
(@suman_kar) [medium]
[CVE-2021-24499] WordPress Workreap - Remote Code Execution (@daffainfo) [critical]
[CVE-2021-24510] WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24554] WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
(@theamanrawat) [high]
[CVE-2021-24627] G Auto-Hyperlink <= 1.0.1 - SQL Injection (@theamanrawat) [high]
[CVE-2021-24647] Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
(@dhiyaneshdk) [high]
[CVE-2021-24666] WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
(@theamanrawat) [critical]
[CVE-2021-24731] Pie Register < 3.7.1.6 - SQL Injection (@theamanrawat) [critical]
[CVE-2021-24746] WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
(@supras) [medium]
[CVE-2021-24750] WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL
Injection (@cckuakilong) [high]
[CVE-2021-24762] WordPress Perfect Survey <1.5.2 - SQL Injection (@cckuailong)
[critical]
[CVE-2021-24791] Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection
(@r3y3r53) [high]
[CVE-2021-24827] WordPress Asgaros Forum <1.15.13 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-24838] WordPress AnyComment <0.3.5 - Open Redirect (@noobexploiter)
[medium]
[CVE-2021-24849] WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
(@ritikchaddha) [critical]
[CVE-2021-24862] WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
(@theamanrawat) [high]
[CVE-2021-24875] WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2021-24891] WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-24910] WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
(@screamy) [medium]
[CVE-2021-24915] Contest Gallery < 13.1.0.6 - SQL injection (@r3y3r53) [critical]
[CVE-2021-24917] WordPress WPS Hide Login <1.9.1 - Information Disclosure
(@akincibor) [high]
[CVE-2021-24926] WordPress Domain Check <1.0.17 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-24931] WordPress Secure Copy Content Protection and Content Locking
<2.8.2 - SQL Injection (@theamanrawat) [critical]
[CVE-2021-24940] WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-24943] Registrations for the Events Calendar < 2.7.6 - SQL Injection
(@ritikchaddha) [critical]
[CVE-2021-24946] WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2021-24947] WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
(@cckuailong) [medium]
[CVE-2021-24956] Blog2Social < 6.8.7 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2021-24970] WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion
(@r3y3r53) [high]
[CVE-2021-24979] Paid Memberships Pro < 2.6.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-24987] WordPress Super Socializer <7.13.30 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2021-24991] WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5
- Cross-Site Scripting (@cckuailong) [medium]
[CVE-2021-24997] WordPress Guppy <=1.1 - Information Disclosure (@evan rubinstein)
[medium]
[CVE-2021-25003] WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2021-25008] The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting
(@cckuailong) [medium]
[CVE-2021-25016] Chaty < 2.8.2 - Cross-Site Scripting (@luisfelipe146) [medium]
[CVE-2021-25028] WordPress Event Tickets < 5.2.2 - Open Redirect (@dhiyaneshdk)
[medium]
[CVE-2021-25033] Noptin < 1.6.5 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2021-25052] WordPress Button Generator <2.3.3 - Remote File Inclusion
(@cckuailong) [high]
[CVE-2021-25055] WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2021-25063] WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-25065] Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected
Cross-Site Scripting (@harsh) [medium]
[CVE-2021-25067] Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-25074] WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open
Redirect (@dhiyaneshdk) [medium]
[CVE-2021-25075] WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
(@dhiyaneshdk) [low]
[CVE-2021-25078] Affiliates Manager < 2.9.0 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2021-25079] Contact Form Entries < 1.2.4 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2021-25085] WOOF WordPress plugin - Cross-Site Scripting (@maximus decimus)
[medium]
[CVE-2021-25099] WordPress GiveWP <2.17.3 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2021-25104] WordPress Ocean Extra <1.9.5 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2021-25111] WordPress English Admin <1.5.2 - Open Redirect (@akincibor)
[medium]
[CVE-2021-25112] WordPress WHMCS Bridge <6.4b - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-25114] WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2021-25118] Yoast SEO 16.7-17.2 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2021-25120] Easy Social Feed < 6.2.7 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-25281] SaltStack Salt <3002.5 - Auth Bypass (@madrobot) [critical]
[CVE-2021-25296] Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25297] Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25298] Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
(@k0pak4) [high]
[CVE-2021-25299] Nagios XI 5.7.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-25646] Apache Druid - Remote Code Execution (@pikpikcu) [high]
[CVE-2021-25864] Hue Magic 3.0.0 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-25899] Void Aural Rec Monitor 9.0.0.1 - SQL Injection (@edoardottt)
[high]
[CVE-2021-26084] Confluence Server - Remote Code Execution
(@dhiyaneshdk,@philippedelteil) [critical]
[CVE-2021-26085] Atlassian Confluence Server - Local File Inclusion
(@princechaddha) [medium]
[CVE-2021-26086] Atlassian Jira Limited - Local File Inclusion (@cocxanh) [medium]
[CVE-2021-26247] Cacti - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2021-26292] AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
(@johnk3r) [low]
[CVE-2021-26294] AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
(@johnk3r) [high]
[CVE-2021-26295] Apache OFBiz <17.12.06 - Arbitrary Code Execution (@madrobot)
[critical]
[CVE-2021-26475] EPrints 3.4.2 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-26598] ImpressCMS <1.4.3 - Incorrect Authorization (@gy741,@pdteam)
[medium]
[CVE-2021-26702] EPrints 3.4.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-26710] Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
(@pikpikcu) [medium]
[CVE-2021-26723] Jenzabar 9.2x-9.2.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-26812] Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting (@aceseven
(digisec360)) [medium]
[CVE-2021-26855] Microsoft Exchange Server SSRF Vulnerability (@madrobot)
[critical]
[CVE-2021-27124] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[medium]
[CVE-2021-27132] Sercomm VD625 Smart Modems - CRLF Injection (@geeknik) [critical]
[CVE-2021-27309] Clansphere CMS 2011.4 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2021-27310] Clansphere CMS 2011.4 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-27314] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-27315] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27316] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27319] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27320] Doctor Appointment System 1.0 - SQL Injection (@theamanrawat)
[high]
[CVE-2021-27330] Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
(@pikpikcu,@daffainfo) [medium]
[CVE-2021-27358] Grafana Unauthenticated Snapshot Creation (@pdteam,@bing0o) [high]
[CVE-2021-27519] FUDForum 3.1.0 - Cross-Site Scripting (@kh4sh3i) [medium]
[CVE-2021-27520] FUDForum 3.1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2021-27561] YeaLink DM 3.6.0.20 - Remote Command Injection
(@shifacyclewala,@hackergautam) [critical]
[CVE-2021-27651] Pega Infinity - Authentication Bypass (@idealphase,@daffainfo)
[critical]
[CVE-2021-27670] Appspace 6.2.4 - Server-Side Request Forgery (@ritikchaddha)
[critical]
[CVE-2021-27748] IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
(@pdteam) [high]
[CVE-2021-27850] Apache Tapestry - Remote Code Execution (@pdteam) [critical]
[CVE-2021-27905] Apache Solr <=8.8.1 - Server-Side Request Forgery (@hackergautam)
[critical]
[CVE-2021-27909] Mautic <3.3.4 - Cross-Site Scripting (@kiransau) [medium]
[CVE-2021-27931] LumisXP <10.0.0 - Blind XML External Entity Attack (@alph4byt3)
[critical]
[CVE-2021-28073] Ntopng Authentication Bypass (@z3bd) [critical]
[CVE-2021-28149] Hongdian H8922 3.0.5 Devices - Local File Inclusion (@gy741)
[medium]
[CVE-2021-28150] Hongdian H8922 3.0.5 - Information Disclosure (@gy741) [medium]
[CVE-2021-28151] Hongdian H8922 3.0.5 - Remote Command Injection (@gy741) [high]
[CVE-2021-28169] Eclipse Jetty ConcatServlet - Information Disclosure (@pikpikcu)
[medium]
[CVE-2021-28377] Joomla! ChronoForums 2.0.11 - Local File Inclusion (@0x_akoko)
[medium]
[CVE-2021-28419] SEO Panel 4.8.0 - Blind SQL Injection (@theamanrawat) [high]
[CVE-2021-28854] VICIdial Sensitive Information Disclosure (@pdteam) [high]
[CVE-2021-28918] Netmask NPM Package - Server-Side Request Forgery (@johnjhacking)
[critical]
[CVE-2021-28937] Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password
Disclosure (@geeknik) [high]
[CVE-2021-29006] rConfig 3.9.6 - Local File Inclusion (@r3y3r53) [medium]
[CVE-2021-29156] LDAP Injection In OpenAM (@melbadry9,@xelkomy) [high]
[CVE-2021-29200] Apache OFBiz < 17.12.07 - Arbitrary Code Execution (@your3cho)
[critical]
[CVE-2021-29203] HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
(@madrobot) [critical]
[CVE-2021-29441] Nacos <1.4.1 - Authentication Bypass (@dwisiswant0) [critical]
[CVE-2021-29442] Nacos <1.4.1 - Authentication Bypass (@dwisiswant0) [high]
[CVE-2021-29484] Ghost CMS <=4.32 - Cross-Site Scripting (@rootxharsh,@iamnoooob)
[medium]
[CVE-2021-29490] Jellyfin 10.7.2 - Server Side Request Forgery (@alph4byt3)
[medium]
[CVE-2021-29505] XStream <1.4.17 - Remote Code Execution (@pwnhxl) [high]
[CVE-2021-29622] Prometheus - Open Redirect (@geeknik) [medium]
[CVE-2021-29625] Adminer <=4.8.0 - Cross-Site Scripting (@daffainfo) [medium]
[CVE-2021-3002] Seo Panel 4.8.0 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2021-30049] SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
(@daffainfo) [medium]
[CVE-2021-30128] Apache OFBiz <17.12.07 - Arbitrary Code Execution (@for3stco1d)
[critical]
[CVE-2021-30134] Php-mod/curl Library <2.3.2 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2021-30151] Sidekiq <=6.2.0 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2021-3017] Intelbras WIN 300/WRN 342 - Credentials Disclosure (@pikpikcu)
[high]
[CVE-2021-30175] ZEROF Web Server 1.0 - SQL Injection (@edoardottt) [critical]
[CVE-2021-3019] ffay lanproxy Directory Traversal (@pikpikcu) [high]
[CVE-2021-30213] Knowage Suite 7.3 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-30461] VoipMonitor <24.61 - Remote Code Execution
(@shifacyclewala,@hackergautam) [critical]
[CVE-2021-30497] Ivanti Avalanche 6.3.2 - Local File Inclusion (@gy741) [high]
[CVE-2021-3110] PrestaShop 1.7.7.0 - SQL Injection (@jaimin gondaliya) [critical]
[CVE-2021-31195] Microsoft Exchange Server - Cross-Site Scripting (@infosecsanyam)
[medium]
[CVE-2021-31249] CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
(@geeknik) [medium]
[CVE-2021-31250] CHIYU TCP/IP Converter - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-3129] Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
(@z3bd,@pdteam) [critical]
[CVE-2021-31537] SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2021-31581] Akkadian Provisioning Manager - Information Disclosure (@geeknik)
[medium]
[CVE-2021-31589] BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site
Scripting (@ahmed abou-ela) [medium]
[CVE-2021-31602] Hitachi Vantara Pentaho/Business Intelligence Server -
Authentication Bypass (@pussycat0x) [high]
[CVE-2021-31682] WebCTRL OEM <= 6.5 - Cross-Site Scripting (@gy741,@dhiyaneshdk)
[medium]
[CVE-2021-31755] Tenda Router AC11 - Remote Command Injection (@gy741) [critical]
[CVE-2021-31805] Apache Struts2 S2-062 - Remote Code Execution (@taielab)
[critical]
[CVE-2021-31856] Layer5 Meshery 0.5.2 - SQL Injection (@princechaddha) [critical]
[CVE-2021-31862] SysAid 20.4.74 - Cross-Site Scripting (@jas37) [medium]
[CVE-2021-32030] ASUS GT-AC2900 - Authentication Bypass (@gy741) [critical]
[CVE-2021-32172] Maian Cart <=3.8 - Remote Code Execution (@pdteam) [critical]
[CVE-2021-3223] Node RED Dashboard <2.26.2 - Local File Inclusion
(@gy741,@pikpikcu) [high]
[CVE-2021-32305] Websvn <2.6.1 - Remote Code Execution (@gy741) [critical]
[CVE-2021-32618] Python Flask-Security - Open Redirect (@0x_akoko) [medium]
[CVE-2021-32682] elFinder 2.1.58 - Remote Code Execution (@smaranchand) [critical]
[CVE-2021-32789] WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
(@rootxharsh,@iamnoooob,@s1r1u5_,@cookiehanhoan,@madrobot) [high]
[CVE-2021-32819] Nodejs Squirrelly - Remote Code Execution (@pikpikcu) [high]
[CVE-2021-32820] Express-handlebars - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2021-32853] Erxes <0.23.0 - Cross-Site Scripting (@dwisiswant0) [critical]
[CVE-2021-3293] emlog 5.3.1 Path Disclosure (@h1ei1) [medium]
[CVE-2021-3297] Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass (@gy741)
[high]
[CVE-2021-33044] Dahua IPC/VTH/VTO - Authentication Bypass (@gy741) [critical]
[CVE-2021-33221] CommScope Ruckus IoT Controller - Information Disclosure
(@geeknik) [critical]
[CVE-2021-33357] RaspAP <=2.6.5 - Remote Command Injection (@pikpikcu,@pdteam)
[critical]
[CVE-2021-33544] Geutebruck - Remote Command Injection (@gy741) [high]
[CVE-2021-33564] Ruby Dragonfly <1.4.0 - Remote Code Execution (@0xsapra)
[critical]
[CVE-2021-33690] SAP NetWeaver Development Infrastructure - Server Side Request
Forgery (@dhiyaneshdk) [critical]
[CVE-2021-3374] Rstudio Shiny Server <1.5.16 - Local File Inclusion (@geeknik)
[medium]
[CVE-2021-3377] npm ansi_up v4 - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-3378] FortiLogger 4.4.2.2 - Arbitrary File Upload (@dwisiswant0)
[critical]
[CVE-2021-33807] Cartadis Gespage 8.2.1 - Directory Traversal (@daffainfo) [high]
[CVE-2021-33851] WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
(@8authur) [medium]
[CVE-2021-33904] Accela Civic Platform <=21.1 - Cross-Site Scripting (@geeknik)
[medium]
[CVE-2021-34370] Accela Civic Platform <=21.1 - Cross-Site Scripting (@0x_akoko)
[medium]
[CVE-2021-34429] Eclipse Jetty - Information Disclosure (@bernardofsr,@am0nt31r0)
[medium]
[CVE-2021-34473] Exchange Server - Remote Code Execution
(@arcc,@intx0x80,@dwisiswant0,@r3dg33k) [critical]
[CVE-2021-34621] WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
(@0xsapra) [critical]
[CVE-2021-34640] WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-34643] WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2021-34805] FAUST iServer 9.0.018.018.4 - Local File Inclusion (@0x_akoko)
[high]
[CVE-2021-35250] SolarWinds Serv-U 15.3 - Directory Traversal (@johnk3r,@pdteam)
[high]
[CVE-2021-35265] MaxSite CMS > V106 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-35323] Bludit 3.13.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2021-35336] Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin
Panel Access (@pratik khalane) [critical]
[CVE-2021-35380] TermTalk Server 3.24.0.2 - Local File Inclusion (@fxploit) [high]
[CVE-2021-35395] RealTek Jungle SDK - Arbitrary Command Injection (@king-alexander)
[critical]
[CVE-2021-35464] ForgeRock OpenAM <7.0 - Remote Code Execution (@madrobot)
[critical]
[CVE-2021-35488] Thruk 2.40-2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2021-35587] Oracle Access Manager - Remote Code Execution (@cckuailong)
[critical]
[CVE-2021-3577] Motorola Baby Monitors - Remote Command Execution (@gy741) [high]
[CVE-2021-36260] Hikvision IP camera/NVR - Remote Command Execution
(@pdteam,@gy741,@johnk3r) [critical]
[CVE-2021-36356] Kramer VIAware - Remote Code Execution (@gy741) [critical]
[CVE-2021-36380] Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command
Injection (@gy741) [critical]
[CVE-2021-36450] Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
(@atomiczsec) [medium]
[CVE-2021-3654] Nova noVNC - Open Redirect (@geeknik) [medium]
[CVE-2021-36580] IceWarp Mail Server - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2021-36748] PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection (@whoever)
[high]
[CVE-2021-36749] Apache Druid - Local File Inclusion (@_0xf4n9x_) [medium]
[CVE-2021-36873] WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2021-37216] QSAN Storage Manager <3.3.3 - Cross-Site Scripting (@dwisiswant0)
[medium]
[CVE-2021-37304] Jeecg Boot <= 2.4.5 - Information Disclosure (@ritikchaddha)
[high]
[CVE-2021-37305] Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
(@ritikchaddha) [high]
[CVE-2021-37416] Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2021-37538] PrestaShop SmartBlog <4.0.6 - SQL Injection (@whoever) [critical]
[CVE-2021-37573] Tiny Java Web Server - Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-37580] Apache ShenYu Admin JWT - Authentication Bypass (@pdteam)
[critical]
[CVE-2021-37589] Virtua Software Cobranca <12R - Blind SQL Injection
(@princechaddha) [high]
[CVE-2021-37704] phpfastcache - phpinfo Resource Exposure (@whoever) [medium]
[CVE-2021-37833] Hotel Druid 3.0.2 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-38314] WordPress Redux Framework <=4.2.11 - Information Disclosure
(@meme-lord) [medium]
[CVE-2021-38540] Apache Airflow - Unauthenticated Variable Import (@pdteam)
[critical]
[CVE-2021-38647] Microsoft Open Management Infrastructure - Remote Code Execution
(@daffainfo,@xstp) [critical]
[CVE-2021-38702] Cyberoam NetGenie Cross-Site Scripting (@geeknik) [medium]
[CVE-2021-38704] ClinicCases 7.3.3 Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-38751] ExponentCMS <= 2.6 - Host Header Injection (@dwisiswant0) [medium]
[CVE-2021-39141] XStream 1.4.18 - Remote Code Execution (@pwnhxl) [high]
[CVE-2021-39144] XStream 1.4.18 - Remote Code Execution (@pwnhxl,@vicrack) [high]
[CVE-2021-39146] XStream 1.4.18 - Arbitrary Code Execution (@pwnhxl) [high]
[CVE-2021-39152] XStream <1.4.18 - Server-Side Request Forgery (@pwnhxl) [high]
[CVE-2021-39165] Cachet <=2.3.18 - SQL Injection (@tess) [medium]
[CVE-2021-39211] GLPI 9.2/<9.5.6 - Information Disclosure (@dogasantos,@noraj)
[medium]
[CVE-2021-39226] Grafana Snapshot - Authentication Bypass (@evan rubinstein) [high]
[CVE-2021-39312] WordPress True Ranker <2.2.4 - Local File Inclusion (@dhiyaneshdk)
[high]
[CVE-2021-39316] WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
(@daffainfo) [high]
[CVE-2021-39320] WordPress Under Construction <1.19 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-39322] WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2021-39327] WordPress BulletProof Security 5.1 Information Disclosure
(@geeknik) [medium]
[CVE-2021-39350] FV Flowplayer Video Player WordPress plugin - Authenticated
Cross-Site Scripting (@gy741) [medium]
[CVE-2021-39433] BIQS IT Biqs-drive v1.83 Local File Inclusion (@veshraj) [high]
[CVE-2021-39501] EyouCMS 1.5.4 Open Redirect (@0x_akoko) [medium]
[CVE-2021-40149] Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
(@for3stco1d) [medium]
[CVE-2021-40150] Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
(@for3stco1d) [high]
[CVE-2021-40323] Cobbler <3.3.0 - Remote Code Execution (@c-sh0) [critical]
[CVE-2021-40438] Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery (@pdteam)
[critical]
[CVE-2021-40539] Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated
Remote Command Execution (@daffainfo,@pdteam) [critical]
[CVE-2021-40542] Opensis-Classic 8.0 - Cross-Site Scripting (@alph4byt3) [medium]
[CVE-2021-40651] OS4Ed OpenSIS Community 8.0 - Local File Inclusion (@ctflearner)
[medium]
[CVE-2021-40661] IND780 - Local File Inclusion (@for3stco1d) [high]
[CVE-2021-40822] Geoserver - Server-Side Request Forgery (@for3stco1d,@aringo-bf)
[high]
[CVE-2021-40856] Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
(@gy741) [high]
[CVE-2021-40859] Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor
(@pussycat0x) [critical]
[CVE-2021-40868] Cloudron 6.2 Cross-Site Scripting (@daffainfo) [medium]
[CVE-2021-40870] Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command
Execution (@pikpikcu) [critical]
[CVE-2021-40875] Gurock TestRail Application files.md5 Exposure (@oscarintherocks)
[high]
[CVE-2021-40908] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2021-40960] Galera WebTemplate 1.0 Directory Traversal (@daffainfo) [critical]
[CVE-2021-40968] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40969] Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2021-40970] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40971] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40972] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40973] Spotweb <= 1.5.1 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2021-40978] MKdocs 1.2.2 - Directory Traversal (@pikpikcu) [high]
[CVE-2021-41174] Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site
Scripting (@pdteam) [medium]
[CVE-2021-41192] Redash Setup Configuration - Default Secrets Disclosure
(@bananabr) [medium]
[CVE-2021-41266] MinIO Operator Console Authentication Bypass (@alevsk) [critical]
[CVE-2021-41277] Metabase - Local File Inclusion (@0x_akoko,@dhiyaneshdk) [high]
[CVE-2021-41282] pfSense - Arbitrary File Write (@cckuailong) [high]
[CVE-2021-41291] ECOA Building Automation System - Directory Traversal Content
Disclosure (@gy741) [high]
[CVE-2021-41293] ECOA Building Automation System - Arbitrary File Retrieval
(@0x_akoko) [high]
[CVE-2021-41349] Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
(@rootxharsh,@iamnoooob) [medium]
[CVE-2021-41381] Payara Micro Community 5.2021.6 Directory Traversal (@pikpikcu)
[high]
[CVE-2021-41432] FlatPress 1.2.1 - Stored Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2021-41460] ECShop 4.1.0 - SQL Injection (@sleepingbag945) [high]
[CVE-2021-41467] JustWriting - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-41569] SAS/Internet 9.4 1520 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-41648] PuneethReddyHC action.php SQL Injection (@daffainfo) [high]
[CVE-2021-41649] PuneethReddyHC Online Shopping System homeaction.php SQL Injection
(@daffainfo) [critical]
[CVE-2021-41653] TP-Link - OS Command Injection (@gy741) [critical]
[CVE-2021-41691] openSIS Student Information System 8.0 SQL Injection (@bartu utku
sarp) [high]
[CVE-2021-41749] CraftCMS SEOmatic - Server-Side Template Injection
(@iamnoooob,@ritikchaddha) [critical]
[CVE-2021-41773] Apache 2.4.49 - Path Traversal and Remote Code Execution
(@daffainfo,@666asd) [high]
[CVE-2021-41826] PlaceOS 1.2109.1 - Open Redirection (@geeknik) [medium]
[CVE-2021-41878] i-Panel Administration System 2.0 - Cross-Site Scripting
(@madrobot) [medium]
[CVE-2021-4191] GitLab GraphQL API User Enumeration (@zsusac) [medium]
[CVE-2021-41951] Resourcespace - Cross-Site Scripting (@coldfish) [medium]
[CVE-2021-42013] Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
(@nvn1729,@0xd0ff9,@666asd) [critical]
[CVE-2021-42063] SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting (@pdteam)
[medium]
[CVE-2021-42071] Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command
Injection (@gy741) [critical]
[CVE-2021-42192] KONGA 0.14.9 - Privilege Escalation (@rschio) [high]
[CVE-2021-42237] Sitecore Experience Platform Pre-Auth RCE (@pdteam) [critical]
[CVE-2021-42258] BillQuick Web Suite SQL Injection (@dwisiswant0) [critical]
[CVE-2021-42551] NetBiblio WebOPAC - Cross-Site Scripting (@compr00t) [medium]
[CVE-2021-42565] myfactory FMS - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-42566] myfactory FMS - Cross-Site Scripting (@madrobot) [medium]
[CVE-2021-42567] Apereo CAS Cross-Site Scripting (@pdteam) [medium]
[CVE-2021-42627] D-Link DIR-615 - Unauthorized Access (@for3stco1d) [critical]
[CVE-2021-42663] Sourcecodester Online Event Booking and Reservation System 2.3.0 -
Cross-Site Scripting (@fxploit) [medium]
[CVE-2021-42667] Online Event Booking and Reservation System 2.3.0 - SQL Injection
(@fxploit) [critical]
[CVE-2021-42887] TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass (@gy741)
[critical]
[CVE-2021-43062] Fortinet FortiMail 7.0.1 - Cross-Site Scripting (@ajaysenr)
[medium]
[CVE-2021-43287] Pre-Auth Takeover of Build Pipelines in GoCD (@dhiyaneshdk) [high]
[CVE-2021-43421] Studio-42 elFinder <2.1.60 - Arbitrary File Upload (@akincibor)
[critical]
[CVE-2021-43495] AlquistManager Local File Inclusion (@pikpikcu) [high]
[CVE-2021-43496] Clustering Local File Inclusion (@evan rubinstein) [high]
[CVE-2021-43510] Sourcecodester Simple Client Management System 1.0 - SQL Injection
(@edoardottt) [critical]
[CVE-2021-43574] Atmail 6.5.0 - Cross-Site Scripting (@arafatansari,@ritikchaddha)
[medium]
[CVE-2021-43725] Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2021-43734] kkFileview v4.0.0 - Local File Inclusion (@arafatansari) [high]
[CVE-2021-43778] GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
(@cckuailong) [high]
[CVE-2021-43798] Grafana v8.x - Arbitrary File Read (@z0ne,@dhiyaneshdk,@j4vaovo)
[high]
[CVE-2021-43810] Admidio - Cross-Site Scripting (@gy741) [medium]
[CVE-2021-44077] Zoho ManageEngine ServiceDesk Plus - Remote Code Execution (@adam
crosser,@gy741) [critical]
[CVE-2021-44138] Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal (@carrot2)
[high]
[CVE-2021-44139] Alibaba Sentinel - Server-side request forgery (SSRF)
(@dhiyaneshdk) [high]
[CVE-2021-44152] Reprise License Manager 14.2 - Authentication Bypass (@akincibor)
[critical]
[CVE-2021-44228] Apache Log4j2 Remote Code Injection
(@melbadry9,@dhiyaneshdk,@daffainfo,@anon-artist,@0xceba,@tea,@j4vaovo) [critical]
[CVE-2021-44427] Rosario Student Information System Unauthenticated SQL Injection
(@furkansayim,@xshuden) [critical]
[CVE-2021-44451] Apache Superset <=1.3.2 - Default Login (@dhiyaneshdk) [medium]
[CVE-2021-44515] Zoho ManageEngine Desktop Central - Remote Code Execution (@adam
crosser) [critical]
[CVE-2021-44528] Open Redirect in Host Authorization Middleware (@geeknik) [medium]
[CVE-2021-44529] Ivanti EPM Cloud Services Appliance Code Injection
(@duty_1g,@phyr3wall,@tirtha) [critical]
[CVE-2021-44848] Thinfinity VirtualUI User Enumeration (@danielmofer) [medium]
[CVE-2021-44910] SpringBlade - Information Leakage (@lbb) [high]
[CVE-2021-45043] HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
(@momen eldawakhly,@evan rubinstein) [high]
[CVE-2021-45046] Apache Log4j2 - Remote Code Injection (@imnightmaree) [critical]
[CVE-2021-45092] Thinfinity Iframe Injection (@danielmofer) [critical]
[CVE-2021-45232] Apache APISIX Dashboard <2.10.1 - API Unauthorized Access (@mr-xn)
[critical]
[CVE-2021-45380] AppCMS - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2021-45382] D-Link - Remote Command Execution (@king-alexander) [critical]
[CVE-2021-45422] Reprise License Manager 14.2 - Cross-Site Scripting (@edoardottt)
[medium]
[CVE-2021-45428] Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload (@gy741)
[critical]
[CVE-2021-45967] Pascom CPS Server-Side Request Forgery (@dwisiswant0) [critical]
[CVE-2021-45968] Pascom CPS - Local File Inclusion (@dwisiswant0) [high]
[CVE-2021-46005] Sourcecodester Car Rental Management System 1.0 - Stored Cross-
Site Scripting (@cckuailong) [medium]
[CVE-2021-46068] Vehicle Service Management System - Stored Cross-Site Scripting
(@tenbird) [medium]
[CVE-2021-46069] Vehicle Service Management System 1.0 - Stored Cross Site
Scripting (@tenbird) [medium]
[CVE-2021-46071] ehicle Service Management System 1.0 - Cross-Site Scripting
(@tenbird) [medium]
[CVE-2021-46072] Vehicle Service Management System 1.0 - Stored Cross Site
Scripting (@tenbird) [medium]
[CVE-2021-46073] Vehicle Service Management System 1.0 - Cross Site Scripting
(@tenbird) [medium]
[CVE-2021-46107] Ligeo Archives Ligeo Basics - Server Side Request Forgery
(@ritikchaddha) [high]
[CVE-2021-46379] D-Link DIR850 ET850-1.08TRb03 - Open Redirect (@0x_akoko) [medium]
[CVE-2021-46381] D-Link DAP-1620 - Local File Inclusion (@0x_akoko) [high]
[CVE-2021-46387] Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2021-46417] Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 -
Local File Inclusion (@for3stco1d) [high]
[CVE-2021-46418] Telesquare TLR-2855KS6 - Arbitrary File Creation (@dhiyaneshdk)
[high]
[CVE-2021-46419] Telesquare TLR-2855KS6 - Arbitrary File Deletion (@dhiyaneshdk)
[critical]
[CVE-2021-46422] SDT-CW3B1 1.1.0 - OS Command Injection
(@badboycxcc,@prajiteshsingh) [critical]
[CVE-2021-46424] Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete (@gy741)
[critical]
[CVE-2021-46704] GenieACS => 1.2.8 - OS Command Injection (@dhiyaneshdk) [critical]
[CVE-2022-0087] Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
(@shivanshkhari) [medium]
[CVE-2022-0140] WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting
(@random-robbie) [medium]
[CVE-2022-0147] WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 -
Cross-Site Scripting (@8arthur) [medium]
[CVE-2022-0148] WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0149] WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0150] WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2022-0165] WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
(@akincibor) [medium]
[CVE-2022-0169] Photo Gallery by 10Web < 1.6.0 - SQL Injection
(@ritikchaddha,@princechaddha) [critical]
[CVE-2022-0189] WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site
Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0201] WordPress Permalink Manager <2.2.15 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-0206] WordPress NewStatPress <1.3.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-0208] WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-0212] WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2022-0218] HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
(@hexcat) [medium]
[CVE-2022-0220] WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting (@daffainfo)
[medium]
[CVE-2022-0228] Popup Builder < 4.0.7 - SQL Injection (@r3y3r53) [high]
[CVE-2022-0234] WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-0271] LearnPress <4.1.6 - Cross-Site Scripting (@akincibor) [medium]
[CVE-2022-0281] Microweber Information Disclosure (@pikpikcu) [high]
[CVE-2022-0288] WordPress Ad Inserter <2.7.10 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2022-0342] Zyxel - Authentication Bypass (@sleepingbag945,@powerexploit)
[critical]
[CVE-2022-0346] WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site
Scripting/Remote Code Execution (@akincibor,@theamanrawat) [medium]
[CVE-2022-0349] WordPress NotificationX <2.3.9 - SQL Injection (@edoardottt)
[critical]
[CVE-2022-0378] Microweber Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-0381] WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-0412] WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
(@edoardottt) [critical]
[CVE-2022-0415] Gogs <0.12.6 - Remote Command Execution (@theamanrawat) [high]
[CVE-2022-0422] WordPress White Label CMS <2.2.9 - Cross-Site Scripting (@random-
robbie) [medium]
[CVE-2022-0424] Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure
(@kazgangap) [medium]
[CVE-2022-0432] Mastodon Prototype Pollution Vulnerability (@pikpikcu) [medium]
[CVE-2022-0434] WordPress Page Views Count <2.4.15 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0437] karma-runner DOM-based Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-0441] MasterStudy LMS <2.7.6 - Improper Access Control
(@dwisiswant0,@theamanrawat) [critical]
[CVE-2022-0482] Easy!Appointments <1.4.3 - Broken Access Control
(@francescocarlucci,@opencirt) [critical]
[CVE-2022-0533] Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-0535] WordPress E2Pdf <1.16.45 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-0540] Atlassian Jira Seraph - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2022-0591] Formcraft3 <3.8.28 - Server-Side Request Forgery
(@akincibor,@j4vaovo) [critical]
[CVE-2022-0594] WordPress Shareaholic <9.7.6 - Information Disclosure (@atomiczsec)
[medium]
[CVE-2022-0595] WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-0597] Microweber < 1.2.11 - Open Redirection (@farish) [medium]
[CVE-2022-0599] WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-
Site Scripting (@scent2d) [medium]
[CVE-2022-0651] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [high]
[CVE-2022-0653] Wordpress Profile Builder Plugin Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2022-0656] uDraw <3.3.3 - Local File Inclusion (@akincibor) [high]
[CVE-2022-0658] CommonsBooking < 2.6.8 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0660] Microweber <1.2.11 - Information Disclosure (@amit-jd) [high]
[CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
[CVE-2022-0678] Microweber <1.2.11 - Cross-Site Scripting (@tess,@co5mos) [medium]
[CVE-2022-0679] WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion
(@veshraj) [critical]
[CVE-2022-0692] Rudloff alltube prior to 3.0.1 - Open Redirect (@0x_akoko) [medium]
[CVE-2022-0693] WordPress Master Elements <=8.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0735] GitLab CE/EE - Information Disclosure (@gitlab red team) [critical]
[CVE-2022-0747] Infographic Maker iList < 4.3.8 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0760] WordPress Simple Link Directory <7.7.2 - SQL injection
(@theamanrawat) [critical]
[CVE-2022-0769] Users Ultra <= 3.1.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0773] Documentor <= 1.5.3 - Unauthenticated SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0781] WordPress Nirweb Support <2.8.2 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0784] WordPress Title Experiments Free <9.0.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0785] WordPress Daily Prayer Time <2022.03.01 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0786] WordPress KiviCare <2.3.9 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0787] Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0788] WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0
- SQL Injection (@theamanrawat) [critical]
[CVE-2022-0814] Ubigeo de Peru < 3.6.4 - SQL Injection (@r3y3r53) [critical]
[CVE-2022-0817] WordPress BadgeOS <=3.7.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0824] Webmin <1.990 - Improper Access Control (@cckuailong) [high]
[CVE-2022-0826] WordPress WP Video Gallery <=1.7.1 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0827] WordPress Best Books <=2.6.3 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0846] SpeakOut Email Petitions < 2.14.15.1 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0864] UpdraftPlus < 1.22.9 - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2022-0867] WordPress ARPrice <3.6.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-0869] nitely/spirit 0.12.3 - Open Redirect (@ctflearner) [medium]
[CVE-2022-0870] Gogs <0.12.5 - Server-Side Request Forgery
(@theamanrawat,@akincibor) [medium]
[CVE-2022-0885] Member Hero <=1.0.9 - Remote Code Execution (@theamanrawat)
[critical]
[CVE-2022-0899] Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-0928] Microweber < 1.2.12 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0948] WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-0949] WordPress Stop Bad Bots <6.930 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-0952] WordPress Sitemap by click5 <1.0.36 - Missing Authorization
(@random-robbie) [high]
[CVE-2022-0954] Microweber <1.2.11 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0963] Microweber <1.2.12 - Stored Cross-Site Scripting (@amit-jd)
[medium]
[CVE-2022-0968] Microweber <1.2.12 - Integer Overflow (@amit-jd) [medium]
[CVE-2022-1007] WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting
(@8arthur) [medium]
[CVE-2022-1013] WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
(@theamanrawat) [critical]
[CVE-2022-1020] WordPress WooCommerce <3.1.2 - Arbitrary Function Call (@akincibor)
[critical]
[CVE-2022-1040] Sophos Firewall <=18.5 MR3 - Remote Code Execution (@for3stco1d)
[critical]
[CVE-2022-1054] WordPress RSVP and Event Management <2.7.8 - Missing Authorization
(@akincibor) [medium]
[CVE-2022-1057] WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-1058] Gitea <1.16.5 - Open Redirect (@theamanrawat) [medium]
[CVE-2022-1119] WordPress Simple File List <3.2.8 - Local File Inclusion (@random-
robbie) [high]
[CVE-2022-1162] GitLab CE/EE - Hard-Coded Credentials (@gitlab red team) [critical]
[CVE-2022-1168] WordPress WP JobSearch <1.5.1 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-1170] JobMonster < 4.5.2.9 - Cross-Site Scripting
(@akincibor,@ritikchaddha) [medium]
[CVE-2022-1221] WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
(@veshraj) [medium]
[CVE-2022-1329] Elementor Website Builder - Remote Code Execution (@theamanrawat)
[high]
[CVE-2022-1386] WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery
(@akincibor,@mantissts,@calumjelrick) [critical]
[CVE-2022-1388] F5 BIG-IP iControl - REST Auth Bypass RCE (@dwisiswant0,@ph33r)
[critical]
[CVE-2022-1390] WordPress Admin Word Count Column 2.2 - Local File Inclusion
(@daffainfo,@splint3r7) [critical]
[CVE-2022-1391] WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
(@splint3r7) [critical]
[CVE-2022-1392] WordPress Videos sync PDF <=1.7.4 - Local File Inclusion (@veshraj)
[high]
[CVE-2022-1398] External Media without Import <=1.1.2 - Authenticated Blind Server-
Side Request Forgery (@theamanrawat) [medium]
[CVE-2022-1439] Microweber <1.2.15 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-1442] WordPress Metform <=2.1.3 - Information Disclosure (@theamanrawat)
[high]
[CVE-2022-1574] WordPress HTML2WP <=1.0.0 - Arbitrary File Upload (@theamanrawat)
[critical]
[CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@kazgangap)
[medium]
[CVE-2022-1595] WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
(@theamanrawat) [medium]
[CVE-2022-1597] WordPress WPQA <5.4 - Cross-Site Scripting (@veshraj) [medium]
[CVE-2022-1598] WordPress WPQA <5.5 - Improper Access Control (@veshraj) [medium]
[CVE-2022-1609] The School Management < 9.9.7 - Remote Code Execution (@for3stco1d)
[critical]
[CVE-2022-1713] Drawio <18.0.4 - Server-Side Request Forgery (@pikpikcu) [high]
[CVE-2022-1724] WordPress Simple Membership <4.1.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-1756] Newsletter < 7.4.5 - Cross-Site Scripting (@harsh) [medium]
[CVE-2022-1768] WordPress RSVPMaker <=9.3.2 - SQL Injection (@edoardottt) [high]
[CVE-2022-1815] Drawio <18.1.2 - Server-Side Request Forgery (@amit-jd) [high]
[CVE-2022-1883] Terraboard <2.2.0 - SQL Injection (@edoardottt) [high]
[CVE-2022-1903] ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
(@theamanrawat) [high]
[CVE-2022-1904] WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-1906] WordPress Copyright Proof <=4.16 - Cross-Site-Scripting (@random-
robbie) [medium]
[CVE-2022-1910] WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-
Site Scripting (@akincibor) [medium]
[CVE-2022-1916] WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-
Site Scripting (@akincibor) [medium]
[CVE-2022-1933] WordPress CDI <5.1.9 - Cross Site Scripting (@akincibor) [medium]
[CVE-2022-1937] WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
(@akincibor,@dhiyaneshdk) [medium]
[CVE-2022-1946] WordPress Gallery <2.0.0 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-1952] WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-21371] Oracle WebLogic Server Local File Inclusion (@paradessia,@narluin)
[high]
[CVE-2022-21500] Oracle E-Business Suite <=12.2 - Authentication Bypass
(@3th1c_yuk1,@tess,@0xpugazh) [high]
[CVE-2022-21587] Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2022-21661] WordPress <5.8.3 - SQL Injection (@marcio mendes) [high]
[CVE-2022-21705] October CMS - Remote Code Execution (@iphantasmic) [high]
[CVE-2022-2174] microweber 1.2.18 - Cross-site Scripting (@r3y3r53) [medium]
[CVE-2022-2185] GitLab CE/EE - Remote Code Execution (@gitlab red team) [high]
[CVE-2022-2187] WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
(@for3stco1d) [medium]
[CVE-2022-2219] Unyson < 2.7.27 - Cross Site Scripting (@r3y3r53) [high]
[CVE-2022-22242] Juniper Web Device Manager - Cross-Site Scripting
(@evergreencartoons) [medium]
[CVE-2022-22536] SAP Memory Pipes (MPI) Desynchronization (@pdteam) [critical]
[CVE-2022-22733] Apache ShardingSphere ElasticJob-UI privilege escalation (@zeyad
azima) [medium]
[CVE-2022-22897] PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection (@mastercho)
[critical]
[CVE-2022-2290] Trilium <0.52.4 - Cross-Site Scripting (@dbrwsky) [medium]
[CVE-2022-22947] Spring Cloud Gateway Code Injection (@pdteam) [critical]
[CVE-2022-22954] VMware Workspace ONE Access - Server-Side Template Injection
(@sherlocksecurity) [critical]
[CVE-2022-22963] Spring Cloud - Remote Code Execution (@mr-xn,@adam crosser)
[critical]
[CVE-2022-22965] Spring - Remote Code Execution
(@justmumu,@arall,@dhiyaneshdk,@akincibor) [critical]
[CVE-2022-22972] VMware Workspace ONE Access/Identity Manager/vRealize Automation -
Authentication Bypass (@for3stco1d,@princechaddha) [critical]
[CVE-2022-23102] SINEMA Remote Connect Server < V2.0 - Open Redirect
(@ctflearner,@ritikchaddha) [medium]
[CVE-2022-23131] Zabbix - SAML SSO Authentication Bypass (@for3stco1d,@spac3wh1te)
[critical]
[CVE-2022-23134] Zabbix Setup Configuration Authentication Bypass (@bananabr)
[medium]
[CVE-2022-2314] WordPress VR Calendar <=2.3.2 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2022-23178] Crestron Device - Credentials Disclosure (@gy741) [critical]
[CVE-2022-23347] BigAnt Server v5.6.06 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-23348] BigAnt Server 5.6.06 - Improper Access Control (@arafatansari)
[medium]
[CVE-2022-23544] MeterSphere < 2.5.0 SSRF (@j4vaovo) [medium]
[CVE-2022-2373] WordPress Simply Schedule Appointments <1.5.7.7 - Information
Disclosure (@theamanrawat,@theabhinavgaur) [medium]
[CVE-2022-2376] WordPress Directorist <7.3.1 - Information Disclosure (@random-
robbie) [medium]
[CVE-2022-23779] Zoho ManageEngine - Internal Hostname Disclosure (@cckuailong)
[medium]
[CVE-2022-2379] WordPress Easy Student Results <=2.2.8 - Improper Authorization
(@theamanrawat) [high]
[CVE-2022-23808] phpMyAdmin < 5.1.2 - Cross-Site Scripting (@cckuailong,@daffainfo)
[medium]
[CVE-2022-2383] WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-23854] AVEVA InTouch Access Anywhere Secure Gateway - Local File
Inclusion (@for3stco1d) [high]
[CVE-2022-23881] ZZZCMS zzzphp 2.1.0 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2022-23898] MCMS 5.2.5 - SQL Injection (@co5mos) [critical]
[CVE-2022-23944] Apache ShenYu Admin Unauth Access (@cckuakilong) [critical]
[CVE-2022-24112] Apache APISIX - Remote Code Execution (@mr-xn) [critical]
[CVE-2022-24124] Casdoor 1.13.0 - Unauthenticated SQL Injection (@cckuailong)
[high]
[CVE-2022-24129] Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
(@0x_akoko) [high]
[CVE-2022-2414] FreeIPA - XML Entity Injection (@dhiyaneshdk) [high]
[CVE-2022-24181] PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
(@lucasljm2001,@ekrause) [medium]
[CVE-2022-24223] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-24260] VoipMonitor - Pre-Auth SQL Injection (@gy741) [critical]
[CVE-2022-24264] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24265] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24266] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [high]
[CVE-2022-24288] Apache Airflow OS Command Injection (@xeldax) [high]
[CVE-2022-24384] SmarterTools SmarterTrack - Cross-Site Scripting (@e1a) [medium]
[CVE-2022-2462] WordPress Transposh <=1.0.8.1 - Information Disclosure
(@dwisiswant0) [medium]
[CVE-2022-24627] AudioCodes Device Manager Express - SQL Injection (@geeknik)
[critical]
[CVE-2022-2467] Garage Management System 1.0 - SQL Injection (@edoardottt)
[critical]
[CVE-2022-24681] ManageEngine ADSelfService Plus <6121 - Stored Cross-Site
Scripting (@open-sec) [medium]
[CVE-2022-24716] Icinga Web 2 - Arbitrary File Disclosure (@dhiyaneshdk) [high]
[CVE-2022-24816] GeoServer <1.2.2 - Remote Code Execution (@mukundbhuva) [critical]
[CVE-2022-24856] Flyte Console <0.52.0 - Server-Side Request Forgery (@pdteam)
[high]
[CVE-2022-2486] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-2487] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-2488] Wavlink WN535K2/WN535K3 - OS Command Injection (@for3stco1d)
[critical]
[CVE-2022-24899] Contao <4.13.3 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-24900] Piano LED Visualizer 1.3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-24990] TerraMaster TOS < 4.2.30 Server Information Disclosure
(@dwisiswant0) [high]
[CVE-2022-25082] TOTOLink - Unauthenticated Command Injection (@gy741) [critical]
[CVE-2022-25125] MCMS 5.2.4 - SQL Injection (@co5mos) [critical]
[CVE-2022-25148] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-25149] WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
(@theamanrawat) [high]
[CVE-2022-25216] DVDFab 12 Player/PlayerFab - Local File Inclusion (@0x_akoko)
[high]
[CVE-2022-25323] ZEROF Web Server 2.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2022-2535] SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post
Title Disclosure (@r3y3r53) [medium]
[CVE-2022-25356] Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection
(@akincibor) [medium]
[CVE-2022-25369] Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
(@pdteam) [critical]
[CVE-2022-2544] WordPress Ninja Job Board < 1.3.3 - Direct Request (@tess) [high]
[CVE-2022-2546] WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
(@theamanrawat) [medium]
[CVE-2022-25481] ThinkPHP 5.0.24 - Information Disclosure (@caon) [high]
[CVE-2022-25485] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [high]
[CVE-2022-25486] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [high]
[CVE-2022-25487] Atom CMS v2.0 - Remote Code Execution (@theamanrawat) [critical]
[CVE-2022-25488] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-25489] Atom CMS v2.0 - Cross-Site Scripting (@theamanrawat) [medium]
[CVE-2022-25497] Cuppa CMS v1.0 - Local File Inclusion (@theamanrawat) [medium]
[CVE-2022-2551] WordPress Duplicator <1.4.7 - Authentication Bypass (@lrtk-coder)
[high]
[CVE-2022-25568] MotionEye Config Info Disclosure (@dhiyaneshdk) [high]
[CVE-2022-2599] WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 -
Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-26134] Confluence - Remote Code Execution (@pdteam,@jbertman) [critical]
[CVE-2022-26138] Atlassian Questions For Confluence - Hardcoded Credentials
(@httpvoid) [critical]
[CVE-2022-26148] Grafana & Zabbix Integration - Credentials Disclosure (@geekby)
[critical]
[CVE-2022-26159] Ametys CMS Information Disclosure (@remi gascou (podalirius))
[medium]
[CVE-2022-26233] Barco Control Room Management Suite <=2.9 Build 0275 - Local File
Inclusion (@0x_akoko) [high]
[CVE-2022-2627] WordPress Newspaper < 12 - Cross-Site Scripting
(@ramondunker,@c4sper0) [medium]
[CVE-2022-2633] All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
(@theamanrawat) [high]
[CVE-2022-26352] DotCMS - Arbitrary File Upload (@h1ei1) [critical]
[CVE-2022-26564] HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
(@alexrydzak) [medium]
[CVE-2022-26833] Open Automation Software OAS Platform V16.00.0121 - Missing
Authentication (@true13) [critical]
[CVE-2022-26960] elFinder <=2.1.60 - Local File Inclusion (@pikpikcu) [critical]
[CVE-2022-2733] Openemr < 7.0.0.1 - Cross-Site Scripting (@ctflearner) [medium]
[CVE-2022-2756] Kavita <0.5.4.1 - Server-Side Request Forgery (@theamanrawat)
[medium]
[CVE-2022-27593] QNAP QTS Photo Station External Reference - Local File Inclusion
(@allenwest24) [critical]
[CVE-2022-27849] WordPress Simple Ajax Chat <20220116 - Sensitive Information
Disclosure vulnerability (@random-robbie) [high]
[CVE-2022-27926] Zimbra Collaboration (ZCS) - Cross Site Scripting
(@rootxharsh,@iamnoooob,@pdresearch) [medium]
[CVE-2022-27927] Microfinance Management System 1.0 - SQL Injection
(@lucasljm2001,@ekrause) [critical]
[CVE-2022-27984] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [critical]
[CVE-2022-27985] Cuppa CMS v1.0 - SQL injection (@theamanrawat) [critical]
[CVE-2022-28022] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-28023] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-28032] Atom CMS v2.0 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-28079] College Management System 1.0 - SQL Injection (@ritikchaddha)
[high]
[CVE-2022-28080] Royal Event - SQL Injection (@lucasljm2001,@ekrause,@ritikchaddha)
[high]
[CVE-2022-28117] Navigate CMS 2.9.4 - Server-Side Request Forgery (@theabhinavgaur)
[medium]
[CVE-2022-28219] Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote
Code Execution (@dwisiswant0) [critical]
[CVE-2022-28290] WordPress Country Selector <1.6.6 - Cross-Site Scripting
(@akincibor) [medium]
[CVE-2022-28363] Reprise License Manager 14.2 - Cross-Site Scripting (@akincibor)
[medium]
[CVE-2022-28365] Reprise License Manager 14.2 - Information Disclosure (@akincibor)
[medium]
[CVE-2022-2863] WordPress WPvivid Backup <0.9.76 - Local File Inclusion (@tehtbl)
[medium]
[CVE-2022-28923] Caddy 2.4.6 - Open Redirect (@sascha brendel,@dhiyaneshdk)
[medium]
[CVE-2022-28955] D-Link DIR-816L - Improper Access Control (@arafatansari) [high]
[CVE-2022-29004] Diary Management System 1.0 - Cross-Site Scripting (@tenbird)
[medium]
[CVE-2022-29005] Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
(@tenbird) [medium]
[CVE-2022-29006] Directory Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29007] Dairy Farm Shop Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29009] Cyber Cafe Management System 1.0 - SQL Injection (@tenbird)
[critical]
[CVE-2022-29013] Razer Sila Gaming Router - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2022-29014] Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File
Inclusion (@edoardottt) [high]
[CVE-2022-29078] Node.js Embedded JavaScript 3.1.6 - Template Injection
(@for3stco1d) [critical]
[CVE-2022-29153] HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
(@c-sh0) [high]
[CVE-2022-29272] Nagios XI <5.8.5 - Open Redirect (@ritikchaddha) [medium]
[CVE-2022-29298] SolarView Compact 6.00 - Local File Inclusion (@ritikchaddha)
[high]
[CVE-2022-29299] SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
(@for3stco1d) [medium]
[CVE-2022-29301] SolarView Compact 6.00 - 'pow' Cross-Site Scripting (@for3stco1d)
[high]
[CVE-2022-29303] SolarView Compact 6.00 - OS Command Injection (@badboycxcc)
[critical]
[CVE-2022-29349] kkFileView 4.0.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-29383] NETGEAR ProSafe SSL VPN firmware - SQL Injection (@elitebaz)
[critical]
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site
Scripting (@rotembar,@daffainfo) [medium]
[CVE-2022-29464] WSO2 Management - Arbitrary File Upload & Remote Code Execution
(@luci,@dhiyaneshdk) [critical]
[CVE-2022-29548] WSO2 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-29775] iSpy 7.2.2.0 - Authentication Bypass (@arafatansari) [critical]
[CVE-2022-30073] WBCE CMS 1.5.2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-30489] Wavlink WN-535G3 - Cross-Site Scripting (@for3stco1d) [medium]
[CVE-2022-30512] School Dormitory Management System 1.0 - SQL Injection (@tess)
[critical]
[CVE-2022-30513] School Dormitory Management System 1.0 - Authenticated Cross-Site
Scripting (@tess) [medium]
[CVE-2022-30514] School Dormitory Management System 1.0 - Authenticated Cross-Site
Scripting (@tess) [medium]
[CVE-2022-30525] Zyxel Firewall - OS Command Injection (@h1ei1,@prajiteshsingh)
[critical]
[CVE-2022-3062] Simple File List < 4.4.12 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2022-30776] Atmail 6.5.0 - Cross-Site Scripting (@3th1c_yuk1) [medium]
[CVE-2022-30777] Parallels H-Sphere 3.6.1713 - Cross-Site Scripting (@3th1c_yuk1)
[medium]
[CVE-2022-31126] Roxy-WI <6.1.1.0 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2022-31268] Gitblit 1.9.3 - Local File Inclusion (@0x_akoko) [high]
[CVE-2022-31269] Linear eMerge E3-Series - Information Disclosure (@for3stco1d)
[high]
[CVE-2022-31299] Haraj 3.7 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-31373] SolarView Compact 6.00 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2022-3142] NEX-Forms Plugin < 7.9.7 - SQL Injection (@r3y3r53) [high]
[CVE-2022-31474] BackupBuddy - Local File Inclusion (@aringo) [high]
[CVE-2022-31499] Nortek Linear eMerge E3-Series <0.32-08f - Remote Command
Injection (@pikpikcu) [critical]
[CVE-2022-31656] VMware - Local File Inclusion (@dhiyaneshdk) [critical]
[CVE-2022-31798] Nortek Linear eMerge E3-Series - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2022-31814] pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection
(@evergreencartoons) [critical]
[CVE-2022-31845] WAVLINK WN535 G3 - Information Disclosure (@arafatansari) [high]
[CVE-2022-31846] WAVLINK WN535 G3 - Information Disclosure (@arafatansari) [high]
[CVE-2022-31847] WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure
(@arafatansari) [high]
[CVE-2022-31854] Codoforum 5.1 - Arbitrary File Upload (@theamanrawat) [high]
[CVE-2022-31879] Online Fire Reporting System v1.0 - SQL injection
(@theamanrawat,@j4vaovo) [high]
[CVE-2022-31974] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31975] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31976] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31977] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31978] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[critical]
[CVE-2022-31980] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31981] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31982] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31983] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-31984] Online Fire Reporting System v1.0 - SQL injection (@theamanrawat)
[high]
[CVE-2022-32007] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32015] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32018] Complete Online Job Search System 1.0 - SQL Injection
(@arafatansari) [high]
[CVE-2022-32022] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32024] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32025] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32026] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32028] Car Rental Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-32094] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[CVE-2022-32195] Open edX <2022-06-06 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-32409] Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File
Inclusion (@pikpikcu) [critical]
[CVE-2022-3242] Microweber <1.3.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-32429] MSNSwitch Firmware MNT.2408 - Authentication Bypass
(@theabhinavgaur) [critical]
[CVE-2022-32430] Lin CMS Spring Boot - Default JWT Token (@dhiyaneshdk) [high]
[CVE-2022-32444] u5cms v8.3.5 - Open Redirect (@0x_akoko) [medium]
[CVE-2022-32770] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-32771] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-32772] WWBN AVideo 11.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-33119] NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
(@arafatansari) [medium]
[CVE-2022-33174] Powertek Firmware <3.30.30 - Authorization Bypass (@pikpikcu)
[high]
[CVE-2022-33891] Apache Spark UI - Remote Command Injection (@princechaddha) [high]
[CVE-2022-33901] WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File
Read (@theamanrawat) [high]
[CVE-2022-33965] WordPress Visitor Statistics <=5.7 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-34045] WAVLINK WN530HG4 - Improper Access Control (@arafatansari)
[critical]
[CVE-2022-34046] WAVLINK WN533A8 - Improper Access Control (@for3stco1d) [high]
[CVE-2022-34047] WAVLINK WN530HG4 - Improper Access Control (@for3stco1d) [high]
[CVE-2022-34048] Wavlink WN-533A8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-34049] WAVLINK WN530HG4 - Improper Access Control (@for3stco1d) [medium]
[CVE-2022-34093] Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-34094] Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-34121] CuppaCMS v1.0 - Local File Inclusion (@edoardottt) [high]
[CVE-2022-34328] PMB 7.3.10 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information
Disclosure (@ritikchaddha) [high]
[CVE-2022-34576] WAVLINK WN535 G3 - Improper Access Control (@arafatansari) [high]
[CVE-2022-34590] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[high]
[CVE-2022-34753] SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command
Execution (@gy741) [high]
[CVE-2022-3484] WordPress WPB Show Core - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-3506] WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
(@arafatansari) [medium]
[CVE-2022-35151] kkFileView 4.1.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-35405] Zoho ManageEngine - Remote Code Execution
(@viniciuspereiras,@true13) [critical]
[CVE-2022-35413] WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
(@for3stco1d) [critical]
[CVE-2022-35416] H3C SSL VPN <=2022-07-10 - Cross-Site Scripting (@0x240x23elu)
[medium]
[CVE-2022-35493] eShop 3.0.4 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-35653] Moodle LTI module Reflected - Cross-Site Scripting
(@iamnoooob,@pdresearch) [medium]
[CVE-2022-3578] WordPress ProfileGrid <5.1.1 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-35914] GLPI <=10.0.2 - Remote Command Execution (@for3stco1d) [critical]
[CVE-2022-36446] Webmin <1.997 - Authenticated Remote Code Execution (@gy741)
[critical]
[CVE-2022-36537] ZK Framework - Information Disclosure (@theamanrawat) [high]
[CVE-2022-36553] Hytec Inter HWL-2511-SS - Remote Command Execution (@huta0)
[critical]
[CVE-2022-36642] Omnia MPX 1.5.0+r1 - Local File Inclusion
(@arafatansari,@ritikchaddha,@for3stco1d) [critical]
[CVE-2022-36804] Atlassian Bitbucket - Remote Command Injection
(@dhiyaneshdk,@tess,@sullo) [high]
[CVE-2022-36883] Jenkins Git <=4.11.3 - Missing Authorization (@c-sh0) [high]
[CVE-2022-37042] Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
(@_0xf4n9x_,@for3stco1d) [critical]
[CVE-2022-37153] Artica Proxy 4.30.000000 - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-37190] Cuppa CMS v1.0 - Remote Code Execution (@theamanrawat) [high]
[CVE-2022-37191] Cuppa CMS v1.0 - Authenticated Local File Inclusion
(@theamanrawat) [medium]
[CVE-2022-37299] Shirne CMS 1.2.0 - Local File Inclusion (@pikpikcu) [medium]
[CVE-2022-3768] WordPress WPSmartContracts <1.3.12 - SQL Injection (@hardik-
solanki) [high]
[CVE-2022-3800] IBAX - SQL Injection (@jc175) [high]
[CVE-2022-38131] RStudio Connect - Open Redirect (@xxcdd) [medium]
[CVE-2022-38295] Cuppa CMS v1.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2022-38296] Cuppa CMS v1.0 - Arbitrary File Upload (@theamanrawat) [critical]
[CVE-2022-38463] ServiceNow - Cross-Site Scripting (@amanrawat) [medium]
[CVE-2022-38467] CRM Perks Forms < 1.1.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-38553] Academy Learning Management System <5.9.1 - Cross-Site Scripting
(@edoardottt) [medium]
[CVE-2022-38637] Hospital Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[CVE-2022-38794] Zaver - Local File Inclusion (@pikpikcu) [high]
[CVE-2022-38817] Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
(@for3stco1d) [high]
[CVE-2022-38870] Free5gc 3.2.1 - Information Disclosure (@for3stco1d) [high]
[CVE-2022-39048] ServiceNow - Cross-site Scripting (@theamanrawat) [medium]
[CVE-2022-3908] WordPress Helloprint <1.4.7 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2022-39195] LISTSERV 17 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-3933] WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site
Scripting (@r3y3r53) [medium]
[CVE-2022-3934] WordPress FlatPM <3.0.13 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-3980] Sophos Mobile managed on-premises - XML External Entity Injection
(@dabla) [critical]
[CVE-2022-3982] WordPress Booking Calendar <3.2.2 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-39952] Fortinet FortiNAC - Arbitrary File Write (@dwisiswant0) [critical]
[CVE-2022-39960] Jira Netic Group Export <1.0.3 - Missing Authorization
(@for3stco1d) [medium]
[CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk)
[critical]
[CVE-2022-40022] Symmetricom SyncServer Unauthenticated - Remote Command Execution
(@dhiyaneshdk) [critical]
[CVE-2022-40032] Simple Task Managing System v1.0 - SQL Injection (@r3y3r53)
[critical]
[CVE-2022-40047] Flatpress < v1.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-40083] Labstack Echo 4.8.0 - Open Redirect (@pdteam) [critical]
[CVE-2022-40127] AirFlow < 2.4.0 - Remote Code Execution
(@dhiyaneshdk,@ritikchaddha) [high]
[CVE-2022-40359] Kae's File Manager <=1.4.7 - Cross-Site Scripting
(@edoardottt,@daffainfo) [medium]
[CVE-2022-4049] WP User <= 7.0 - Unauthenticated SQLi (@theamanrawat) [critical]
[CVE-2022-4050] WordPress JoomSport <5.2.8 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-4057] Autoptimize < 3.1.0 - Information Disclosure (@dhiyaneshdk)
[medium]
[CVE-2022-4059] Cryptocurrency Widgets Pack < 2.0 - SQL Injection (@r3y3r53)
[critical]
[CVE-2022-4060] WordPress User Post Gallery <=2.19 - Remote Code Execution
(@theamanrawat) [critical]
[CVE-2022-4063] WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
(@theamanrawat) [critical]
[CVE-2022-40684] Fortinet - Authentication Bypass (@shockwave,@nagli,@carlosvieira)
[critical]
[CVE-2022-40734] Laravel Filemanager v2.5.1 - Local File Inclusion (@arafatansari)
[medium]
[CVE-2022-40843] Tenda AC1200 V-W15Ev2 - Authentication Bypass (@gy741) [medium]
[CVE-2022-40879] kkFileView 4.1.0 - Cross-Site Scripting (@arafatansari,@co5mos)
[medium]
[CVE-2022-40881] SolarView 6.00 - Remote Command Execution (@for3stco1d) [critical]
[CVE-2022-4117] WordPress IWS Geo Form Fields <=1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2022-4140] WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access
(@theamanrawat) [high]
[CVE-2022-41412] perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery
(@null_hypothesis) [high]
[CVE-2022-41441] ReQlogic v11.3 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-41473] RPCMS 3.0.2 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-41840] Welcart eCommerce <=2.7.7 - Local File Inclusion (@theamanrawat)
[critical]
[CVE-2022-42094] Backdrop CMS version 1.23.0 - Stored Cross Site Scripting
(@theamanrawat) [medium]
[CVE-2022-42095] Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
(@theamanrawat) [medium]
[CVE-2022-42096] Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
(@theamanrawat) [medium]
[CVE-2022-42233] Tenda 11N - Authentication Bypass (@for3stco1d) [critical]
[CVE-2022-4260] WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting (@hardik-
solanki) [medium]
[CVE-2022-42746] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42747] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42748] CandidATS 3.0.0 - Cross-Site Scripting. (@arafatansari) [medium]
[CVE-2022-42749] CandidATS 3.0.0 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-4301] WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-43014] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43015] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43016] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43017] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-43018] OpenCATS 0.9.6 - Cross-Site Scripting (@arafatansari) [medium]
[CVE-2022-4305] Login as User or Customer < 3.3 - Privilege Escalation (@r3y3r53)
[critical]
[CVE-2022-4306] WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-43140] kkFileView 4.1.0 - Server-Side Request Forgery (@co5mos) [high]
[CVE-2022-43164] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43165] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43166] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43167] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43169] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-43170] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-43185] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-4320] WordPress Events Calendar <1.4.5 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2022-4321] PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
(@r3y3r53,@huta0) [medium]
[CVE-2022-4325] WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2022-4328] WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
(@theamanrawat) [critical]
[CVE-2022-43769] Hitachi Pentaho Business Analytics Server - Remote Code Execution
(@dwbzn) [high]
[CVE-2022-44290] WebTareas 2.4p5 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-44291] WebTareas 2.4p5 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-4447] WordPress Fontsy <=1.8.6 - SQL Injection (@theamanrawat) [critical]
[CVE-2022-44877] CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
(@for3stco1d) [critical]
[CVE-2022-44944] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44946] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-44947] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44948] Rukovoditel <= 3.2.1 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-44949] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44950] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44951] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44952] Rukovoditel <= 3.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2022-44957] WebTareas 2.4p5 - Cross-Site Scripting (@theamanrawat) [medium]
[CVE-2022-45037] WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (@theamanrawat)
[medium]
[CVE-2022-45038] WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (@theamanrawat)
[medium]
[CVE-2022-45354] Download Monitor <= 4.7.60 - Sensitive Information Exposure
(@dhiyaneshdk) [high]
[CVE-2022-45362] WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request
Forgery (@theamanrawat) [medium]
[CVE-2022-45365] Stock Ticker <= 3.23.2 - Cross-Site-Scripting (@theamanrawat)
[medium]
[CVE-2022-45805] WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
(@theamanrawat) [critical]
[CVE-2022-45835] WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request
Forgery (@theamanrawat) [high]
[CVE-2022-45917] ILIAS eLearning <7.16 - Open Redirect (@arafatansari) [medium]
[CVE-2022-45933] KubeView <=0.1.31 - Information Disclosure (@for3stco1d)
[critical]
[CVE-2022-46020] WBCE CMS v1.5.4 - Remote Code Execution (@theamanrawat)
[critical]
[CVE-2022-46071] Helmet Store Showroom v1.0 - SQL Injection (@harsh) [critical]
[CVE-2022-46073] Helmet Store Showroom - Cross Site Scripting (@harsh) [medium]
[CVE-2022-46169] Cacti <=1.2.22 - Remote Command Injection (@hardik-
solanki,@j4vaovo) [critical]
[CVE-2022-46381] Linear eMerge E3-Series - Cross-Site Scripting (@arafatansari)
[medium]
[CVE-2022-46443] Bangresto - SQL Injection (@harsh) [high]
[CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high]
[CVE-2022-46888] NexusPHP <1.7.33 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-46934] kkFileView 4.1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-47002] Masa CMS - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2022-47003] Mura CMS <10.0.580 - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2022-47075] Smart Office Web 20.28 - Information Disclosure (@r3y3r53) [high]
[CVE-2022-47501] Apache OFBiz < 18.12.07 - Local File Inclusion (@your3cho) [high]
[CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk)
[critical]
[CVE-2022-47945] Thinkphp Lang - Local File Inclusion (@kagamigawa) [critical]
[CVE-2022-47966] ManageEngine - Remote Command Execution
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2022-47986] IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution (@coldfish)
[critical]
[CVE-2022-48012] OpenCATS 0.9.7 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2022-48165] Wavlink - Improper Access Control (@for3stco1d) [high]
[CVE-2022-48197] Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site
Scripting (@ctflearner) [medium]
[CVE-2022-4897] WordPress BackupBuddy <8.8.3 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0099] Simple URLs < 115 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-0126] SonicWall SMA1000 LFI (@tess) [high]
[CVE-2023-0159] Extensive VC Addons for WPBakery page builder < 1.9.1 -
Unauthenticated RCE (@c4sper0) [high]
[CVE-2023-0236] WordPress Tutor LMS <2.0.10 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0261] WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL
Injection (@theamanrawat) [high]
[CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
(@mrharshvardhan,@dhiyaneshdk) [critical]
[CVE-2023-0334] ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0448] WP Helper Lite < 4.3 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-0514] Membership Database <= 1.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0527] Online Security Guards Hiring System - Cross-Site Scripting
(@harsh) [medium]
[CVE-2023-0552] WordPress Pie Register <3.8.2.3 - Open Redirect (@r3y3r53) [medium]
[CVE-2023-0562] Bank Locker Management System v1.0 - SQL Injection (@harsh)
[critical]
[CVE-2023-0563] Bank Locker Management System - Cross-Site Scripting (@harsh)
[medium]
[CVE-2023-0600] WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection
(@r3y3r53,@j4vaovo) [critical]
[CVE-2023-0602] Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-0630] Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
(@dhiyaneshdk) [high]
[CVE-2023-0669] Fortra GoAnywhere MFT - Remote Code Execution
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [high]
[CVE-2023-0678] PHPIPAM <v1.5.1 - Missing Authorization
(@princechaddha,@ritikchaddha) [medium]
[CVE-2023-0777] modoboa 2.0.4 - Admin TakeOver (@r3y3r53) [critical]
[CVE-2023-0900] AP Pricing Tables Lite <= 1.1.6 - SQL Injection (@r3y3r53) [high]
[CVE-2023-0942] WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0947] Flatpress < 1.3 - Path Traversal (@r3y3r53) [critical]
[CVE-2023-0948] WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-0968] WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-1020] Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
(@theamanrawat) [critical]
[CVE-2023-1080] WordPress GN Publisher <1.5.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-1177] Mlflow <2.2.1 - Local File Inclusion (@iamnoooob,@pdresearch)
[critical]
[CVE-2023-1263] Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page
Access (@r3y3r53) [medium]
[CVE-2023-1362] unilogies/bumsys < v2.0.2 - Clickjacking (@ctflearner) [medium]
[CVE-2023-1408] Video List Manager <= 1.7 - SQL Injection (@r3y3r53) [high]
[CVE-2023-1434] Odoo - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-1454] Jeecg-boot 3.5.0 qurestSql - SQL Injection (@dhiyaneshdk)
[critical]
[CVE-2023-1496] Imgproxy < 3.14.0 - Cross-site Scripting (XSS) (@pdteam) [medium]
[CVE-2023-1546] MyCryptoCheckout < 2.124 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-1671] Sophos Web Appliance - Remote Code Execution (@co5mos) [critical]
[CVE-2023-1698] WAGO - Remote Command Execution (@xianke) [critical]
[CVE-2023-1719] Bitrix Component - Cross-Site Scripting (@dhiyaneshdk) [critical]
[CVE-2023-1730] SupportCandy < 3.1.5 - Unauthenticated SQL Injection
(@theamanrawat) [critical]
[CVE-2023-1780] Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-1835] Ninja Forms < 3.6.22 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1880] Phpmyfaq v3.1.11 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1890] Tablesome < 1.0.9 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-1892] Sidekiq < 7.0.8 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [critical]
[CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload
(@princechaddha,@ritikchaddha) [critical]
[CVE-2023-2009] Pretty Url <= 1.5.4 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-20198] Cisco IOS XE - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-2023] Custom 404 Pro < 3.7.3 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
[CVE-2023-20864] VMware Aria Operations for Logs - Unauthenticated Remote Code
Execution (@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-20887] VMware VRealize Network Insight - Remote Code Execution
(@sinsinology) [critical]
[CVE-2023-20888] VMware Aria Operations for Networks - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-20889] VMware Aria Operations for Networks - Code Injection Information
Disclosure Vulnerability (@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-2122] Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-2130] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2023-2178] Aajoda Testimonials < 2.2.2 - Cross-Site Scripting (@farish)
[medium]
[CVE-2023-22232] Adobe Connect < 12.1.5 - Local File Disclosure (@0xr2r) [medium]
[CVE-2023-2224] Seo By 10Web < 1.2.7 - Cross-Site Scripting (@luisfelipe146)
[medium]
[CVE-2023-2227] Modoboa < 2.1.0 - Improper Authorization
(@ritikchaddha,@princechaddha) [critical]
[CVE-2023-22432] Web2py URL - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2023-22463] KubePi JwtSigKey - Admin Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-22478] KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access
(@dhiyaneshdk) [high]
[CVE-2023-22480] KubeOperator Foreground `kubeconfig` - File Download
(@dhiyaneshdk) [critical]
[CVE-2023-22515] Atlassian Confluence - Privilege Escalation
(@s1r1us,@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-22518] Atlassian Confluence Server - Improper Authorization
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-2252] Directorist < 7.5.4 - Local File Inclusion (@r3y3r53) [low]
[CVE-2023-22527] Atlassian Confluence - Remote Code Execution
(@iamnooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-22620] SecurePoint UTM 12.x Session ID Leak (@dhiyaneshdk) [high]
[CVE-2023-2272] Tiempo.com <= 0.1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-22897] Securepoint UTM - Leaking Remote Memory Contents (@dhiyaneshdk)
[medium]
[CVE-2023-23161] Art Gallery Management System Project v1.0 - Cross-Site Scripting
(@ctflearner) [medium]
[CVE-2023-23333] SolarView Compact 6.00 - OS Command Injection (@mr-xn) [critical]
[CVE-2023-23488] WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection
(@dwisiswant0) [critical]
[CVE-2023-23489] WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection
(@theamanrawat) [critical]
[CVE-2023-23491] Quick Event Manager < 9.7.5 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-23492] Login with Phone Number - Cross-Site Scripting (@r3y3r53) [high]
[CVE-2023-2356] Mlflow <2.3.0 - Local File Inclusion (@co5mos) [high]
[CVE-2023-23752] Joomla! Webservice - Password Disclosure (@badboycxcc,@sascha
brendel) [medium]
[CVE-2023-24044] Plesk Obsidian <=18.0.49 - Open Redirect (@pikpikcu) [medium]
[CVE-2023-24243] CData RSB Connect v22.0.8336 - Server Side Request Forgery
(@ritikchaddha) [high]
[CVE-2023-24278] Squidex <7.4.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24322] mojoPortal 2.7.0.0 - Cross-Site Scripting (@pikpikcu) [medium]
[CVE-2023-24367] Temenos T24 R20 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24488] Citrix Gateway and Citrix ADC - Cross-Site Scripting
(@johnk3r,@dhiyaneshdk) [medium]
[CVE-2023-24657] phpIPAM - 1.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24733] PMB 7.4.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-24735] PMB 7.4.6 - Open Redirect (@r3y3r53) [medium]
[CVE-2023-24737] PMB v7.4.6 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2479] Appium Desktop Server - Remote Code Execution (@zn9988) [critical]
[CVE-2023-25135] vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-25157] GeoServer OGC Filter - SQL Injection
(@ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical]
[CVE-2023-25194] Apache Druid Kafka Connect - Remote Code Execution (@j4vaovo)
[high]
[CVE-2023-25346] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-25573] Metersphere - Arbitrary File Read (@dhiyaneshdk) [high]
[CVE-2023-25717] Ruckus Wireless Admin - Remote Code Execution
(@parthmalhotra,@pdresearch) [critical]
[CVE-2023-26035] ZoneMinder Snapshots - Command Injection (@unblvr1,@whotwagner)
[critical]
[CVE-2023-26067] Lexmark Printers - Command Injection (@dhiyaneshdk) [high]
[CVE-2023-26255] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File
Inclusion (@dhiyaneshdk) [high]
[CVE-2023-26256] STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File
Inclusion (@pikpikcu) [high]
[CVE-2023-26347] Adobe Coldfusion - Authentication Bypass (@salts) [high]
[CVE-2023-26360] Unauthenticated File Read Adobe ColdFusion (@dhiyaneshdk) [high]
[CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical]
[CVE-2023-2648] Weaver E-Office 9.5 - Remote Code Execution (@ritikchaddha)
[critical]
[CVE-2023-26842] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-26843] ChurchCRM 4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-27008] ATutor < 2.2.1 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-27032] PrestaShop AdvancedPopupCreator - SQL Injection (@mastercho)
[critical]
[CVE-2023-27034] Blind SQL injection vulnerability in Jms Blog (@mastercho)
[critical]
[CVE-2023-27159] Appwrite <=1.2.1 - Server-Side Request Forgery (@dhiyaneshdk)
[high]
[CVE-2023-27179] GDidees CMS v3.9.1 - Arbitrary File Download (@theamanrawat)
[high]
[CVE-2023-27292] OpenCATS - Open Redirect (@r3y3r53) [medium]
[CVE-2023-2732] MStore API <= 3.9.2 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-27350] PaperCut - Unauthenticated Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-27372] SPIP - Remote Command Execution (@dhiyaneshdk,@nuts7) [critical]
[CVE-2023-27482] Home Assistant Supervisor - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-27524] Apache Superset - Authentication Bypass (@dhiyaneshdk,@_0xf4n9x_)
[critical]
[CVE-2023-27587] ReadToMyShoe - Generation of Error Message Containing Sensitive
Information (@vagnerd) [medium]
[CVE-2023-27639] PrestaShop TshirteCommerce - Directory Traversal (@mastercho)
[high]
[CVE-2023-27640] PrestaShop tshirtecommerce - Directory Traversal (@mastercho)
[high]
[CVE-2023-2766] Weaver OA 9.5 - Information Disclosure (@dhiyaneshdk) [high]
[CVE-2023-2779] Super Socializer < 7.13.52 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-2780] Mlflow <2.3.1 - Local File Inclusion Bypass
(@iamnoooob,@pdresearch) [critical]
[CVE-2023-27922] Newsletter < 7.6.9 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-2796] EventON <= 2.1 - Missing Authorization (@randomrobbie) [medium]
[CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk)
[critical]
[CVE-2023-2813] Wordpress Multiple Themes - Reflected Cross-Site Scripting
(@dhiyaneshdk) [medium]
[CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1)
[medium]
[CVE-2023-2825] GitLab 16.0.0 - Path Traversal
(@dhiyaneshdk,@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2023-28343] Altenergy Power Control Software C1.2.5 - Remote Command Injection
(@pikpikcu) [critical]
[CVE-2023-28432] MinIO Cluster Deployment - Information Disclosure (@mr-xn) [high]
[CVE-2023-28662] Wordpress Gift Cards <= 4.3.1 - SQL Injection (@xxcdd) [critical]
[CVE-2023-28665] Woo Bulk Price Update <2.2.2 - Cross-Site Scripting (@aaban
solutions,@harsh) [medium]
[CVE-2023-29084] ManageEngine ADManager Plus - Command Injection
(@rootxharsh,@iamnoooob,@pdresearch) [high]
[CVE-2023-29298] Adobe ColdFusion - Access Control Bypass
(@rootxharsh,@iamnoooob,@dhiyaneshdk,@pdresearch) [high]
[CVE-2023-29300] Adobe ColdFusion - Pre-Auth Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-29357] Microsoft SharePoint - Authentication Bypass (@pdteam) [critical]
[CVE-2023-29439] FooGallery plugin <= 2.2.35 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2023-2948] OpenEMR < 7.0.1 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-29489] cPanel < 11.109.9999.116 - Cross-Site Scripting
(@dhiyaneshdk,@0xkayala) [medium]
[CVE-2023-2949] OpenEMR < 7.0.1 - Cross-site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-29622] Purchase Order Management v1.0 - SQL Injection (@theamanrawat)
[critical]
[CVE-2023-29623] Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
(@theamanrawat) [medium]
[CVE-2023-2982] Miniorange Social Login and Register <= 7.6.3 - Authentication
Bypass (@ritikchaddha) [critical]
[CVE-2023-29827] Embedded JavaScript(EJS) 3.1.6 - Template Injection
(@ritikchaddha) [critical]
[CVE-2023-29887] Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion
(@ctflearner) [high]
[CVE-2023-29919] SolarView Compact <= 6.00 - Local File Inclusion (@for3stco1d)
[critical]
[CVE-2023-29922] PowerJob V4.3.1 - Authentication Bypass (@co5mos) [medium]
[CVE-2023-29923] PowerJob <=4.3.2 - Unauthenticated Access (@for3stco1d) [medium]
[CVE-2023-30013] TOTOLink - Unauthenticated Command Injection (@gy741) [critical]
[CVE-2023-30019] Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
(@dhiyaneshdk) [medium]
[CVE-2023-30150] PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection (@mastercho)
[critical]
[CVE-2023-30210] OURPHP <= 7.2.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2023-30212] OURPHP <= 7.2.0 - Cross Site Scripting (@theamanrawat) [medium]
[CVE-2023-30256] Webkul QloApps 1.5.2 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-30258] MagnusBilling - Unauthenticated Remote Code Execution (@gy741)
[critical]
[CVE-2023-30534] Cacti < 1.2.25 Insecure Deserialization (@k0pak4) [medium]
[CVE-2023-30625] Rudder Server < 1.3.0-rc.1 - SQL Injection (@gy741) [high]
[CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-30868] Tree Page View Plugin < 1.6.7 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-30943] Moodle - Cross-Site Scripting/Remote Code Execution
(@ritikchaddha) [medium]
[CVE-2023-31059] Repetier Server - Directory Traversal (@parthmalhotra,@pdresearch)
[high]
[CVE-2023-31446] Cassia Gateway Firmware - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2023-31465] TimeKeeper by FSMLabs - Remote Code Execution (@ritikchaddha)
[critical]
[CVE-2023-31548] ChurchCRM v4.5.3 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-32077] Netmaker - Hardcoded DNS Secret Key
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-32117] Integrate Google Drive <= 1.1.99 - Missing Authorization via REST
API Endpoints (@dhiyaneshdk) [high]
[CVE-2023-3219] EventON Lite < 2.1.2 - Arbitrary File Download (@r3y3r53) [medium]
[CVE-2023-32235] Ghost CMS < 5.42.1 - Path Traversal (@j3ssie) [high]
[CVE-2023-32243] WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset
(@dhiyaneshdk,@vikas kundu) [critical]
[CVE-2023-32315] Openfire Administration Console - Authentication Bypass (@vsh00t)
[high]
[CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha)
[critical]
[CVE-2023-33338] Old Age Home Management System v1.0 - SQL Injection (@harsh)
[critical]
[CVE-2023-33405] BlogEngine CMS - Open Redirect (@shankar acharya) [medium]
[CVE-2023-33439] Faculty Evaluation System v1.0 - SQL Injection (@harsh) [high]
[CVE-2023-33440] Faculty Evaluation System v1.0 - Remote Code Execution (@harsh)
[high]
[CVE-2023-3345] LMS by Masteriyo < 1.6.8 - Information Exposure (@dhiyaneshdk)
[medium]
[CVE-2023-33510] Jeecg P3 Biz Chat - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2023-33568] Dolibarr Unauthenticated Contacts Database Theft (@dhiyaneshdk)
[high]
[CVE-2023-33584] Enrollment System Project v1.0 - SQL Injection Authentication
Bypass (@r3y3r53) [critical]
[CVE-2023-33629] H3C Magic R300-2100M - Remote Code Execution (@dhiyaneshdk) [high]
[CVE-2023-3368] Chamilo LMS <= v1.11.20 Unauthenticated Command Injection
(@dwisiswant0) [critical]
[CVE-2023-33831] FUXA - Unauthenticated Remote Code Execution (@gy741) [critical]
[CVE-2023-34020] Uncanny Toolkit for LearnDash - Open Redirection (@ledoubletake)
[medium]
[CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-34192] Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
(@ritikchaddha) [critical]
[CVE-2023-34259] Kyocera TASKalfa printer - Path Traversal (@gy741) [medium]
[CVE-2023-34362] MOVEit Transfer - Remote Code Execution
(@princechaddha,@rootxharsh,@ritikchaddha,@pdresearch) [critical]
[CVE-2023-34537] Hoteldruid 3.0.5 - Cross-Site Scripting (@harsh) [medium]
[CVE-2023-34598] Gibbon v25.0.0 - Local File Inclusion (@dhiyaneshdk) [critical]
[CVE-2023-34599] Gibbon v25.0.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-3460] Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
(@dhiyaneshdk) [critical]
[CVE-2023-34659] JeecgBoot 3.5.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-34751] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34752] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34753] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34755] bloofoxCMS v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-34756] Bloofox v0.5.2.1 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-3479] Hestiacp <= 1.7.7 - Cross-Site Scripting (@edoardottt) [medium]
[CVE-2023-34843] Traggo Server - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2023-34960] Chamilo Command Injection (@dhiyaneshdk) [critical]
[CVE-2023-34993] Fortinet FortiWLM Unauthenticated Command Injection Vulnerability
(@dwisiswant0) [critical]
[CVE-2023-35078] Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass
(@parth,@pdresearch) [critical]
[CVE-2023-35082] MobileIron Core - Remote Unauthenticated API Access (@dhiyaneshdk)
[critical]
[CVE-2023-35158] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35813] Sitecore - Remote Code Execution (@dhiyaneshdk,@iamnoooob)
[critical]
[CVE-2023-35843] NocoDB version <= 0.106.1 - Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2023-35844] Lightdash version <= 0.510.3 Arbitrary File Read (@dwisiswant0)
[high]
[CVE-2023-35885] Cloudpanel 2 < 2.3.1 - Remote Code Execution (@dhiyaneshdk)
[critical]
[CVE-2023-36144] Intelbras Switch - Information Disclosure (@gy741) [high]
[CVE-2023-36284] QloApps 1.6.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2023-36287] Webkul QloApps 1.6.0 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-36289] Webkul QloApps 1.6.0 - Cross-site Scripting (@theamanrawat)
[medium]
[CVE-2023-36306] Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-36346] POS Codekop v2.0 - Cross Site Scripting (@r3y3r53) [medium]
[CVE-2023-36347] POS Codekop v2.0 - Broken Authentication (@princechaddha) [high]
[CVE-2023-36844] Juniper Devices - Remote Code Execution
(@princechaddha,@ritikchaddha) [medium]
[CVE-2023-36845] Juniper J-Web - Remote Code Execution (@yaser_s) [critical]
[CVE-2023-36934] MOVEit Transfer - SQL Injection
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-3710] Honeywell PM43 Printers - Command Injection (@win3zz) [critical]
[CVE-2023-37265] CasaOS < 0.4.4 - Authentication Bypass via Internal IP
(@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2023-37266] CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token
(@iamnoooob,@dhiyaneshdk,@pdresearch) [critical]
[CVE-2023-37270] Piwigo 13.7.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2023-37462] XWiki Platform - Remote Code Execution
(@parthmalhotra,@pdresearch) [high]
[CVE-2023-37474] Copyparty <= 1.8.2 - Directory Traversal (@shankar
acharya,@theamanrawat) [high]
[CVE-2023-37580] Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2023-37629] Online Piggery Management System v1.0 - Unauthenticated File
Upload (@harsh) [critical]
[CVE-2023-3765] MLflow Absolute Path Traversal (@dhiyaneshdk) [critical]
[CVE-2023-37679] NextGen Mirth Connect - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-37728] IceWarp Webmail Server v10.2.1 - Cross Site Scripting
(@technicaljunkie,@r3y3r53) [medium]
[CVE-2023-37979] Ninja Forms < 3.6.26 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-38035] Ivanti Sentry - Authentication Bypass
(@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical]
[CVE-2023-38203] Adobe ColdFusion - Deserialization of Untrusted Data (@yiran)
[critical]
[CVE-2023-38205] Adobe ColdFusion - Access Control Bypass (@dhiyaneshdk) [high]
[CVE-2023-3836] Dahua Smart Park Management - Arbitrary File Upload (@huta0)
[critical]
[CVE-2023-3843] mooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-38433] Fujitsu IP Series - Hardcoded Credentials (@adnanekhan) [high]
[CVE-2023-3844] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3845] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3846] MooDating 1.2 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-3847] MooDating 1.2 - Cross-Site scripting (@r3y3r53) [medium]
[CVE-2023-3848] MooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-3849] mooDating 1.2 - Cross-site scripting (@r3y3r53) [medium]
[CVE-2023-38501] CopyParty v1.8.6 - Cross Site Scripting (@ctflearner,@r3y3r53)
[medium]
[CVE-2023-38646] Metabase < 0.46.6.1 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[CVE-2023-38964] Academy LMS 6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-39002] OPNsense - Cross-Site Scripting (@herry) [medium]
[CVE-2023-39026] FileMage Gateway - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2023-39108] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39109] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39110] rConfig 3.9.4 - Server-Side Request Forgery (@theamanrawat) [high]
[CVE-2023-39120] Nodogsplash - Directory Traversal (@numan türle) [high]
[CVE-2023-39141] Aria2 WebUI - Path traversal (@dhiyaneshdk) [high]
[CVE-2023-39143] PaperCut < 22.1.3 - Path Traversal (@pdteam) [critical]
[CVE-2023-3936] Blog2Social < 7.2.1 - Cross-Site Scripting (@luisfelipe146)
[medium]
[CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-39598] IceWarp Email Client - Cross Site Scripting (@imjust0) [medium]
[CVE-2023-39600] IceWarp 11.4.6.0 - Cross-Site Scripting (@imjust0) [medium]
[CVE-2023-39676] PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
(@meme-lord) [medium]
[CVE-2023-39677] PrestaShop MyPrestaModules - PhpInfo Disclosure (@meme-lord)
[high]
[CVE-2023-39700] IceWarp Mail Server v10.4.5 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-39796] WBCE 1.6.0 - SQL Injection (@youngpope) [critical]
[CVE-2023-40208] Stock Ticker <= 3.23.2 - Cross-Site Scripting (@theamanrawat)
[medium]
[CVE-2023-40355] Axigen WebMail - Cross-Site Scripting (@amir-h-fallahi) [medium]
[CVE-2023-40779] IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect
(@r3y3r53) [medium]
[CVE-2023-4110] PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-41109] SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway -
Command Injection (@princechaddha) [critical]
[CVE-2023-4111] PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4112] PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4113] PHPJabbers Service Booking Script 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4114] PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting
(@r3y3r53) [medium]
[CVE-2023-4115] PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-4116] PHPJabbers Taxi Booking 2.0 - Cross Site Scripting (@r3y3r53)
[medium]
[CVE-2023-41265] Qlik Sense Enterprise - HTTP Request Smuggling (@adamcrosser)
[critical]
[CVE-2023-41266] Qlik Sense Enterprise - Path Traversal (@adamcrosser) [medium]
[CVE-2023-4148] Ditty < 3.1.25 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-41538] PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[CVE-2023-41642] RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting
(@ritikchaddha) [medium]
[CVE-2023-4168] Adlisting Classified Ads 2.14.0 - Information Disclosure (@r3y3r53)
[high]
[CVE-2023-4169] Ruijie RG-EW1200G Router - Password Reset (@dhiyaneshdk) [high]
[CVE-2023-4173] mooSocial 3.1.8 - Reflected XSS (@momika233) [medium]
[CVE-2023-4174] mooSocial 3.1.6 - Reflected Cross Site Scripting (@momika233)
[medium]
[CVE-2023-41763] Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
(@hateshape) [medium]
[CVE-2023-41892] CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-42343] OpenCMS - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-42344] OpenCMS - XML external entity (XXE) (@0xr2r) [high]
[CVE-2023-42442] JumpServer > 3.6.4 - Information Disclosure (@xianke) [medium]
[CVE-2023-42793] JetBrains TeamCity < 2023.05.4 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-43177] CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-43187] NodeBB XML-RPC Request xmlrpc.php - XML Injection (@0xparth)
[critical]
[CVE-2023-43208] NextGen Healthcare Mirth Connect - Remote Code Execution
(@princechaddha) [critical]
[CVE-2023-43261] Milesight Routers - Information Disclosure (@gy741) [high]
[CVE-2023-43325] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-43326] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-43795] GeoServer WPS - Server Side Request Forgery (@dhiyaneshdk)
[critical]
[CVE-2023-4415] Ruijie RG-EW1200G Router Background - Login Bypass (@dhiyaneshdk)
[high]
[CVE-2023-44352] Adobe Coldfusion - Cross-Site Scripting (@pwnwithlove) [medium]
[CVE-2023-44353] Adobe ColdFusion WDDX Deserialization Gadgets (@salts) [critical]
[CVE-2023-4451] Cockpit - Cross-Site Scripting (@iamnoooob,@pdresearch) [medium]
[CVE-2023-44812] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-44813] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-4521] Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
(@princechaddha) [critical]
[CVE-2023-45375] PrestaShop PireosPay - SQL Injection (@mastercho) [high]
[CVE-2023-4542] D-Link DAR-8000-10 - Command Injection (@pussycat0x) [critical]
[CVE-2023-4547] SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
(@theamanrawat,@sospiro) [medium]
[CVE-2023-45542] MooSocial 3.1.8 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-45671] Frigate < 0.13.0 Beta 3 - Cross-Site Scripting (@ritikchaddha)
[medium]
[CVE-2023-4568] PaperCut NG Unauthenticated XMLRPC Functionality (@dhiyaneshdk)
[medium]
[CVE-2023-45852] Viessmann Vitogate 300 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-45855] qdPM 9.2 - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2023-4596] WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload (@e1a)
[critical]
[CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File
Inclusion (@pepitoh,@ritikchaddha) [critical]
[CVE-2023-46347] PrestaShop Step by Step products Pack - SQL Injection (@mastercho)
[critical]
[CVE-2023-46359] cPH2 Charging Station v1.87.0 - OS Command Injection (@mlec)
[critical]
[CVE-2023-46574] TOTOLINK A3700R - Command Injection (@dhiyaneshdk) [critical]
[CVE-2023-46747] F5 BIG-IP - Unauthenticated RCE via AJP Smuggling
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-46805] Ivanti ICS - Authentication Bypass
(@dhiyaneshdk,@daffainfo,@geeknik) [high]
[CVE-2023-47115] Label Studio - Cross-Site Scripting (@isacaya) [high]
[CVE-2023-4714] PlayTube 3.0.1 - Information Disclosure (@farish) [high]
[CVE-2023-47211] ManageEngine OpManager - Directory Traversal (@gy741) [high]
[CVE-2023-47218] QNAP QTS and QuTS Hero - OS Command Injection (@ritikchaddha)
[medium]
[CVE-2023-47246] SysAid Server - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-47643] SuiteCRM Unauthenticated Graphql Introspection (@isacaya) [medium]
[CVE-2023-48023] Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
(@cookiehanhoan,@harryha) [high]
[CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-48777] WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
(@dhiyaneshdk) [critical]
[CVE-2023-49070] Apache OFBiz < 18.12.10 - Arbitrary Code Execution (@your3cho)
[critical]
[CVE-2023-49103] OwnCloud - Phpinfo Configuration (@ritikchaddha) [high]
[CVE-2023-4966] Citrix Bleed - Leaking Session Tokens (@dhiyaneshdk) [high]
[CVE-2023-4973] Academy LMS 6.2 - Cross-Site Scripting
(@ritikchaddha,@princechaddha) [medium]
[CVE-2023-4974] Academy LMS 6.2 - SQL Injection (@theamanrawat) [critical]
[CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS (@high) [critical]
[CVE-2023-5003] Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
(@kazgangap) [high]
[CVE-2023-50290] Apache Solr - Host Environment Variables Leak via Metrics API
(@banana69,@dhiyaneshdk) [medium]
[CVE-2023-5074] D-Link D-View 8 v2.0.1.28 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2023-5089] Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
(@jpg0mez) [medium]
[CVE-2023-50917] MajorDoMo thumb.php - OS Command Injection (@dhiyaneshdk)
[critical]
[CVE-2023-50968] Apache OFBiz < 18.12.11 - Server Side Request Forgery (@your3cho)
[high]
[CVE-2023-51467] Apache OFBiz < 18.12.11 - Remote Code Execution (@your3cho)
[critical]
[CVE-2023-52085] Winter CMS Local File Inclusion - (LFI) (@sanineng) [medium]
[CVE-2023-5244] Microweber < V.2.0 - Cross-Site Scripting (@r3y3r53) [medium]
[CVE-2023-5360] WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File
Upload (@theamanrawat) [critical]
[CVE-2023-5375] Mosparo < 1.0.2 - Open Redirect (@shankaracharya) [medium]
[CVE-2023-5556] Structurizr on-premises - Cross Site Scripting (@shankaracharya)
[medium]
[CVE-2023-5830] ColumbiaSoft DocumentLocator - Improper Authentication (@gonski)
[critical]
[CVE-2023-5914] Citrix StoreFront - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2023-5991] Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
(@kazgangap) [critical]
[CVE-2023-6018] Mlflow - Arbitrary File Write (@byt3bl33d3r) [critical]
[CVE-2023-6020] Ray Static File - Local File Inclusion (@byt3bl33d3r) [high]
[CVE-2023-6021] Ray API - Local File Inclusion (@byt3bl33d3r) [high]
[CVE-2023-6023] VertaAI ModelDB - Path Traversal (@m0ck3d,@cookiehanhoan) [high]
[CVE-2023-6038] H2O ImportFiles - Local File Inclusion (@danmcinerney,@byt3bl33d3r)
[high]
[CVE-2023-6063] WP Fastest Cache 1.2.2 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2023-6065] Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
(@kazgangap) [medium]
[CVE-2023-6114] Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated
Sensitive Data Exposure (@dhiyaneshdk) [high]
[CVE-2023-6360] WordPress My Calendar <3.4.22 - SQL Injection (@xxcdd) [critical]
[CVE-2023-6379] OpenCMS 14 & 15 - Cross Site Scripting (@msegoviag) [medium]
[CVE-2023-6380] OpenCms 14 & 15 - Open Redirect (@miguelsegoviagil) [medium]
[CVE-2023-6389] WordPress Toolbar <= 2.2.6 - Open Redirect (@kazgangap) [medium]
[CVE-2023-6553] Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code
Execution (@flx) [critical]
[CVE-2023-6567] LearnPress <= 4.2.5.7 - SQL Injection
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2023-6623] Essential Blocks < 4.4.3 - Local File Inclusion
(@iamnoooob,@rootxharsh,@pdresearch,@coldfish) [critical]
[CVE-2023-6634] LearnPress < 4.2.5.8 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-6831] mlflow - Path Traversal (@byobin) [high]
[CVE-2023-6875] WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2023-6895] Hikvision IP ping.php - Command Execution (@dhiyaneshdk,@archer)
[critical]
[CVE-2023-6909] Mlflow <2.9.2 - Path Traversal (@hyunsoo-ds) [high]
[CVE-2023-6977] Mlflow <2.8.0 - Local File Inclusion (@gy741) [high]
[CVE-2023-6989] Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
(@kazgangap) [critical]
[CVE-2023-7028] GitLab - Account Takeover via Password Reset
(@dhiyaneshdk,@rootxharsh,@iamnooob,@pdresearch) [high]
[CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x)
[critical]
[CVE-2024-0200] Github Enterprise Authenticated Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-0204] Fortra GoAnywhere MFT - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2024-0235] EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
(@princechaddha) [medium]
[CVE-2024-0305] Ncast busiFacade - Remote Command Execution (@bmcel) [high]
[CVE-2024-0337] Travelpayouts <= 1.1.16 - Open Redirect (@kazgangap) [medium]
[CVE-2024-0352] Likeshop < 2.5.7.20210311 - Arbitrary File Upload
(@cookiehanhoan,@babybash,@samuelsamuelsamuel) [critical]
[CVE-2024-0713] Monitorr Services Configuration - Arbitrary File Upload
(@dhiyaneshdk) [high]
[CVE-2024-0881] Combo Blocks < 2.2.76 - Improper Access Control (@kazgangap)
[medium]
[CVE-2024-1021] Rebuild <= 3.5.5 - Server-Side Request Forgery (@bmcel) [critical]
[CVE-2024-1061] WordPress HTML5 Video Player - SQL Injection (@xxcdd) [critical]
[CVE-2024-1071] WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
(@dhiyaneshdk,@iamnooob) [critical]
[CVE-2024-1183] Gradio - Server Side Request Forgery (@dhiyaneshdk) [medium]
[CVE-2024-1208] LearnDash LMS < 4.10.3 - Sensitive Information Exposure
(@ritikchaddha) [medium]
[CVE-2024-1209] LearnDash LMS < 4.10.2 - Sensitive Information Exposure via
assignments (@ritikchaddha) [medium]
[CVE-2024-1210] LearnDash LMS < 4.10.2 - Sensitive Information Exposure
(@ritikchaddha) [medium]
[CVE-2024-1212] Progress Kemp LoadMaster - Command Injection (@dhiyaneshdk)
[critical]
[CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@flx)
[medium]
[CVE-2024-1561] Gradio Applications - Local File Read (@diablo) [high]
[CVE-2024-1698] NotificationX <= 2.8.2 - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2024-1709] ConnectWise ScreenConnect 23.9.7 - Authentication Bypass (@johnk3r)
[critical]
[CVE-2024-20767] Adobe ColdFusion - Arbitrary File Read
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[CVE-2024-21644] pyLoad Flask Config - Access Control (@west-wise) [high]
[CVE-2024-21645] pyload - Log Injection (@isacaya) [medium]
[CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code
Execution (@pdresearch) [high]
[CVE-2024-21887] Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
22.x) - Command Injection (@pdresearch,@parthmalhotra,@iamnoooob) [critical]
[CVE-2024-21893] Ivanti SAML - Server Side Request Forgery (SSRF) (@dhiyaneshdk)
[high]
[CVE-2024-22024] Ivanti Connect Secure - XXE (@watchtowr) [high]
[CVE-2024-22319] IBM Operational Decision Manager - JNDI Injection (@dhiyaneshdk)
[critical]
[CVE-2024-22320] IBM Operational Decision Manager - Java Deserialization
(@dhiyaneshdk) [high]
[CVE-2024-22927] eyoucms v.1.6.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-23334] aiohttp - Directory Traversal (@dhiyaneshdk) [high]
[CVE-2024-2340] Avada < 7.11.7 - Information Disclosure (@t3l3machus) [medium]
[CVE-2024-2389] Progress Kemp Flowmon - Command Injection
(@pdresearch,@parthmalhotra) [critical]
[CVE-2024-23917] JetBrains TeamCity > 2023.11.3 - Authentication Bypass
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-24131] SuperWebMailer 9.31.0.01799 - Cross-Site Scripting (@dhiyaneshdk)
[medium]
[CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r)
[high]
[CVE-2024-25600] Unauthenticated Remote Code Execution – Bricks <= 1.9.6
(@christbowel) [critical]
[CVE-2024-25669] CaseAware a360inc - Cross-Site Scripting (@r3naissance) [medium]
[CVE-2024-25735] WyreStorm Apollo VX20 - Information Disclosure (@johnk3r) [high]
[CVE-2024-26331] ReCrystallize Server - Authentication Bypass (@carson chan) [high]
[CVE-2024-27198] TeamCity < 2023.11.4 - Authentication Bypass (@dhiyaneshdk)
[critical]
[CVE-2024-27199] TeamCity < 2023.11.4 - Authentication Bypass (@dhiyaneshdk) [high]
[CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk)
[high]
[CVE-2024-27497] Linksys E2000 1.0.06 position.js Improper Authentication
(@dhiyaneshdk) [high]
[CVE-2024-27564] ChatGPT 个人专用版 - Server Side Request Forgery (@dhiyaneshdk)
[high]
[CVE-2024-27954] WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and
SSRF (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-27956] WordPress Automatic Plugin <= 3.92.0 - SQL Injection
(@dhiyaneshdk) [critical]
[CVE-2024-28255] OpenMetadata - Authentication Bypass (@dhiyaneshdk,@iamnooob)
[critical]
[CVE-2024-28734] Coda v.2024Q1 - Cross-Site Scripting (@kazgangap) [medium]
[CVE-2024-2876] Wordpress Email Subscribers by Icegram Express - SQL Injection
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-2879] WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection (@d4ly)
[high]
[CVE-2024-29059] .NET Framework - Leaking ObjRefs via HTTP .NET Remoting
(@iamnoooob,@rootxharsh,@dhiyaneshdk,@pdresearch) [high]
[CVE-2024-29269] Telesquare TLR-2005KSH - Remote Command Execution (@ritikchaddha)
[critical]
[CVE-2024-3097] NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated
Information Disclosure (@dhiyanesdk) [medium]
[CVE-2024-3136] MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via
template (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2024-31621] Flowise 1.6.5 - Authentication Bypass (@dhiyaneshdk) [high]
[CVE-2024-31848] CData API Server < 23.4.8844 - Path Traversal (@pussycat0x)
[critical]
[CVE-2024-31849] CData Connect < 23.4.8846 - Path Traversal (@dhiyaneshdk)
[critical]
[CVE-2024-31850] CData Arc < 23.4.8839 - Path Traversal (@dhiyaneshdk) [high]
[CVE-2024-31851] CData Sync < 23.4.8843 - Path Traversal (@dhiyaneshdk) [high]
[CVE-2024-32399] RaidenMAILD Mail Server v.4.9.4 - Path Traversal (@dhiyaneshdk)
[high]
[CVE-2024-32640] Mura/Masa CMS - SQL Injection (@iamnoooob,@rootxharsh,@pdresearch)
[critical]
[CVE-2024-32651] Change Detection - Server Side Template Injection (@edoardottt)
[critical]
[CVE-2024-3273] D-Link Network Attached Storage - Command Injection and Backdoor
Account (@pussycat0x) [critical]
[CVE-2024-33288] Prison Management System - SQL Injection Authentication Bypass
(@kazgangap) [high]
[CVE-2024-33575] User Meta WP Plugin < 3.1 - Sensitive Information Exposure
(@kazgangap) [medium]
[CVE-2024-33724] SOPlanning 1.52.00 Cross Site Scripting (@kazgangap) [medium]
[CVE-2024-3400] GlobalProtect - OS Command Injection (@salts,@parthmalhotra)
[critical]
[CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion
(@topscoder) [high]
[CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection
(@apple) [critical]
[CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting
(@omranisecurity) [medium]
[CVE-2024-4040] CrushFTP VFS - Sandbox Escape LFR (@dhiyaneshdk,@pussycat0x)
[critical]
[CVE-2024-4348] osCommerce v4.0 - Cross-site Scripting (@kazgangap) [medium]
[CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass
(@dhiyaneshdk) [critical]
[CVE-2024-4577] PHP CGI - Argument Injection (@hüseyin
tintaş,@sw0rk17,@securityforeveryone,@pdresearch) [critical]
[CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion
(@ritikchaddha) [high]
[CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@securityforeveryone)
[medium]
[3Com-wireless-default-login] 3Com Wireless 8760 Dual Radio - Default Login
(@ritikchaddha) [high]
[3com-nj2000-default-login] 3COM NJ2000 - Default Login (@daffainfo) [high]
[3ware-default-login] 3ware Controller 3DM2 - Default Login (@ritikchaddha) [high]
[ucmdb-default-login] Micro Focus Universal CMDB Default Login (@dwisiswant0)
[high]
[cs141-default-login] UPS Adapter CS141 SNMP Module Default Login (@socketz)
[medium]
[activemq-default-login] Apache ActiveMQ Default Login (@pdteam) [high]
[adminer-default-login] Adminer Default Login - Detect (@j4vaovo) [high]
[aem-default-login] Adobe AEM Default Login (@random-robbie) [high]
[aem-felix-console] Adobe Experience Manager Felix Console - Default Login
(@dhiyaneshdk) [high]
[canal-default-login] Alibaba Canal Default Login (@pdteam) [high]
[allnet-default-login] Allnet - Default Login (@ritikchaddha) [high]
[alphaweb-default-login] AlphaWeb XE Default Login (@lark lab) [medium]
[ambari-default-login] Apache Ambari Default Login (@pdteam) [high]
[ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
[airflow-default-login] Apache Airflow Default Login (@pdteam) [high]
[apisix-default-login] Apache Apisix Default Admin Login (@pdteam) [high]
[dolphinscheduler-default-login] Apache DolphinScheduler Default Login
(@for3stco1d) [high]
[dubbo-admin-default-login] Apache Dubbo - Default Admin Discovery (@ritikchaddha)
[high]
[kafka-center-default-login] Apache Kafka Center Default Login (@dhiyaneshdk)
[high]
[karaf-default-login] Apache Karaf - Default Login (@s0obi) [high]
[kylin-default-login] Apache Kylin Console - Default Login (@sleepingbag945) [high]
[ranger-default-login] Apache Ranger - Default Login (@for3stco1d) [high]
[tomcat-default-login] Apache Tomcat Manager Default Login
(@pdteam,@sinkettu,@nybble04) [high]
[apollo-default-login] Apollo Default Login (@paperpen) [high]
[arl-default-login] ARL Default Admin Login (@pikpikcu) [high]
[asus-rtn16-default-login] ASUS RT-N16 - Default Login (@ritikchaddha) [high]
[asus-wl500g-default-login] ASUS WL-500G - Default Login (@ritikchaddha) [high]
[asus-wl520GU-default-login] ASUS WL-520GU - Default Login (@ritikchaddha) [high]
[audiocodes-default-login] AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default
Login (@d4vy) [high]
[azkaban-default-login] Azkaban Web Client Default Credential (@pussycat0x) [high]
[barco-clickshare-default-login] Barco ClickShare - Default Login (@ritikchaddha)
[high]
[batflat-default-login] Batflat CMS - Default Login (@r3y3r53) [high]
[bloofoxcms-default-login] bloofoxCMS - Default Login (@theamanrawat) [high]
[caimore-default-login] CAIMORE Gateway Default Login - Detect (@pussycat0x)
[high]
[cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login
(@defektive) [high]
[camunda-default-login] Camunda - Default Login (@bhutch) [high]
[chinaunicom-default-login] China Unicom Modem Default Login (@princechaddha)
[high]
[cobbler-default-login] Cobbler Default Login (@c-sh0) [high]
[hue-default-credential] Cloudera Hue Default Admin Login (@for3stco1d) [high]
[crushftp-anonymous-login] CrushFTP - Anonymous Login (@pussycat0x) [high]
[crushftp-default-login] CrushFTP - Default Login (@pussycat0x) [high]
[dlink-centralized-default-login] D-Link AC Centralized Management System - Default
Login (@sleepingbag945) [high]
[dataease-default-login] Dataease - Default Login (@dhiyaneshdk) [high]
[datahub-metadata-default-login] DataHub Metadata - Default Login (@queencitycyber)
[high]
[dataiku-default-login] Dataiku - Default Login (@random-robbie) [high]
[dell-dpi-default-login] Dell DPI Remote Power Management - Default Login
(@megamansec) [medium]
[dell-idrac-default-login] Dell iDRAC6/7/8 Default Login
(@kophjager007,@megamansec) [high]
[dell-idrac9-default-login] DELL iDRAC9 Default Login (@kophjager007,@milo2012)
[high]
[emcecom-default-login] Dell EMC ECOM - Default Login (@techryptic (@tech)) [high]
[digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity)
[high]
[digitalrebar-default-login] RackN Digital Rebar Default Login (@c-sh0) [high]
[druid-default-login] Alibaba Druid Monitor Default Login (@pikpikcu,@j4vaovo)
[high]
[dvwa-default-login] DVWA Default Login (@pdteam) [critical]
[easyreport-default-login] EasyReport - Default Login (@sleepingbag945) [high]
[elasticsearch-default-login] ElasticSearch - Default Login (@mohammad reza omrani
| @omranisecurity) [high]
[empirec2-default-login] Empire C2 / Starkiller Interface - Default Login
(@clem9669,@parzival) [high]
[emqx-default-login] Emqx Default Admin Login (@for3stco1d) [high]
[esafenet-cdg-default-login] Esafenet CDG - Default Login (@chesterblue) [high]
[etl3100-default-login] EuroTel ETL3100 - Default Login (@r3y3r53) [high]
[exacqvision-default-login] ExacqVision Default Login (@elsfa7110) [high]
[feiyuxing-default-login] Feiyuxing Enterprise-Level Management System - Default
Login (@sleepingbag945) [high]
[flir-default-login] Flir Default Login (@pikpikcu) [medium]
[franklin-fueling-default-login] Franklin Fueling System - Default Login (@r3y3r53)
[high]
[frp-default-login] FRP Default Login (@pikpikcu) [high]
[fuelcms-default-login] Fuel CMS - Default Admin Discovery (@adam crosser) [high]
[geoserver-default-login] Geoserver Admin - Default Login
(@for3stco1d,@professorabhay,@ritikchaddha) [high]
[gitlab-weak-login] Gitlab Default Login (@suman_kar,@dwisiswant0) [high]
[glpi-default-login] GLPI Default Login (@andysvints) [high]
[goip-default-login] GoIP GSM VoIP Gateway - Default Password (@drfabiocastro)
[high]
[google-earth-dlogin] Google Earth Enterprise Default Login
(@orpheus,@johnjhacking) [high]
[gophish-default-login] Gophish < v0.10.1 Default Credentials (@arcc,@dhiyaneshdk)
[high]
[grafana-default-login] Grafana Default Login (@pdteam) [high]
[guacamole-default-login] Guacamole Default Login (@r3dg33k) [high]
[hongdian-default-login] Hongdian Default Login (@gy741) [high]
[smartsense-default-login] HortonWorks SmartSense Default Login (@techryptic
(@tech)) [high]
[hp-switch-default-login] HP 1820-8G Switch J9979A Default Login (@pussycat0x)
[high]
[huawei-HG532e-default-login] Huawei HG532e Default Credential (@pussycat0x) [high]
[hybris-default-login] Hybris - Default Login (@princechaddha) [high]
[ibm-dcbc-default-login] IBM Decision Center Business Console - Default Login
(@dhiyaneshdk) [high]
[ibm-dcec-default-login] IBM Decision Center Enterprise Console - Default Login
(@dhiyaneshdk) [high]
[ibm-dsc-default-login] IBM Decision Server Console - Default Login (@dhiyaneshdk)
[high]
[ibm-hmc-default-login] IBM Power HMC - Default Login (@r3s ost) [high]
[ibm-mqseries-default-login] IBM MQSeries Web Console Default Login (@righettod)
[high]
[ibm-storage-default-login] IBM Storage Management Default Login (@madrobot) [high]
[imm-default-login] Integrated Management Module - Default Login (@jpg0mez) [high]
[idemia-biometrics-default-login] IDEMIA BIOMetrics Default Login (@techryptic
(@tech)) [medium]
[iptime-default-login] ipTIME Default Login (@gy741) [high]
[ispconfig-default-login] ISPConfig - Default Password (@pussycat0x) [high]
[jboss-jbpm-default-login] JBoss jBPM Administration Console Default Login - Detect
(@dhiyaneshdk) [high]
[jmx-default-login] JBoss JMX Console Weak Credential Discovery (@paradessia)
[high]
[jenkins-weak-password] Jenkins Default Login (@zandros0) [high]
[jinher-oa-default-login] Jinher-OA C6 - Default Admin Discovery (@ritikchaddha)
[high]
[jupyterhub-default-login] Jupyterhub - Default Admin Discovery (@for3stco1d)
[high]
[kanboard-default-login] Kanboard - Default Login (@shelled) [high]
[kettle-default-login] Kettle - Default Login (@for3stco1d) [medium]
[leostream-default-login] Leostream Default Login (@bhutch) [high]
[lucee-default-login] Lucee - Default Login (@jpg0mez) [high]
[lutron-default-login] Lutron - Default Account (@geeknik) [critical]
[magnolia-default-login] Magnolia CMS Default Login - Detect (@pussycat0x) [high]
[mantisbt-default-credential] MantisBT Default Admin Login (@for3stco1d) [high]
[minio-default-login] Minio Default Login (@pikpikcu) [high]
[mobotix-default-credentials] Mobotix - Default Login (@robotshell) [high]
[mofi4500-default-login] MOFI4500-4GXeLTE-V2 Default Login (@pikpikcu) [high]
[nacos-default-login] Alibaba Nacos - Default Login (@sleepingbag945) [high]
[nagios-default-login] Nagios Default Login (@iamthefrogy) [high]
[nagiosxi-default-login] Nagios XI Default Admin Login - Detect (@ritikchaddha)
[critical]
[netsus-default-login] NetSUS Server Default Login (@princechaddha) [high]
[next-terminal-default-login] Next Terminal - Default Login (@ritikchaddha) [high]
[nexus-default-login] Nexus Default Login (@pikpikcu) [high]
[nodered-default-login] Node-Red - Default Login (@savik) [critical]
[nps-default-login] NPS Default Login (@pikpikcu) [high]
[nsicg-default-login] Netentsec NS-ICG - Default Login (@pikpikcu) [high]
[o2oa-default-login] O2OA - Default Login (@sleepingbag945) [high]
[octobercms-default-login] OctoberCMS - Default Admin Discovery (@princechaddha)
[high]
[ofbiz-default-login] Apache OfBiz Default Login (@pdteam) [high]
[openemr-default-login] OpenEMR - Default Admin Discovery (@geekby) [high]
[openmediavault-default-login] OpenMediaVault - Default Login (@dhiyaneshdk) [high]
[oracle-business-intelligence-login] Oracle Business Intelligence Default Login
(@milo2012) [high]
[aruba-instant-default-login] Aruba Instant - Default Login (@sleepingbag945)
[high]
[ciphertrust-default-login] Ciphertrust - Default Login (@sleepingbag945) [high]
[cnzxsoft-default-login] Cnzxsoft System - Default Login (@sleepingbag945) [high]
[inspur-clusterengine-default-login] Inspur Clusterengine 4 - Default Admin Login
(@ritikchaddha) [high]
[kingsoft-v8-default-login] Kingsoft 8 - Default Login (@ritikchaddha) [high]
[opencats-default-login] OpenCATS - Default Login (@arafatansari) [high]
[panabit-ixcache-default-login] Panabit iXCache - Default Admin Login
(@ritikchaddha) [high]
[secnet-ac-default-password] secnet ac - Default Admin Login (@ritikchaddha) [high]
[supershell-default-login] Supershell - Default Login (@sleepingbag945) [high]
[telecom-gateway-default-login] Telecom Gateway - Default Admin Login
(@ritikchaddha) [high]
[panos-default-login] Palo Alto Networks PAN-OS Default Login (@techryptic (@tech))
[high]
[panabit-default-login] Panabit Gateway - Default Login (@pikpikcu,@ritikchaddha)
[critical]
[pentaho-default-login] Pentaho Default Login (@pussycat0x) [high]
[phpmyadmin-default-login] phpMyAdmin - Default Login (@natto97,@notwhy) [high]
[powerjob-default-login] PowerJob - Default Login (@j4vaovo) [high]
[powershell-default-login] PowerShell Universal - Default Login (@ap3r) [high]
[prtg-default-login] PRTG Network Monitor - Hardcoded Credentials (@johnk3r) [high]
[pyload-default-login] PyLoad Default Login (@dhiyaneshdk) [high]
[rabbitmq-default-login] RabbitMQ Default Login (@fyoorer,@dwisiswant0) [high]
[rainloop-default-login] Rainloop WebMail - Default Admin Login (@for3stco1d)
[high]
[rancher-default-login] Rancher Default Login (@princechaddha) [high]
[rconfig-default-login] rConfig - Default Login (@theamanrawat) [high]
[ricoh-default-login] Ricoh Default Login (@gy741) [high]
[netman-default-login] Riello UPS NetMan 204 Network Card - Default Login
(@mabdullah22) [high]
[rockmongo-default-login] Rockmongo Default Login (@pikpikcu) [high]
[rseenet-default-login] Advantech R-SeeNet Default Login (@princechaddha) [high]
[ruckus-wireless-default-login] Ruckus Wireless - Default Login (@pussycat0x)
[critical]
[samsung-printer-default-login] Samsung Printer - Default Login (@gy741) [high]
[samsung-wlan-default-login] Samsung Wlan AP (WEA453e) Default Login (@pikpikcu)
[high]
[seeddms-default-login] SeedDMS Default Login (@alifathi-h1) [high]
[seeyon-a8-default-login] Seeyon OA A8 - Default Login (@sleepingbag945) [high]
[seeyon-monitor-default-login] Seeyon A8 Management Monitor - Default Login
(@sleepingbag945) [high]
[sequoiadb-default-login] SequoiaDB Default Login (@dhiyaneshdk) [high]
[showdoc-default-login] Showdoc Default Login (@pikpikcu) [medium]
[smartbi-default-login] SmartBI - Default Login (@sleepingbag945) [high]
[softether-vpn-default-login] SoftEther VPN Admin Console - Default Login (@bhutch)
[high]
[solarwinds-default-admin] SolarWinds Orion Default Login (@dwisiswant0) [high]
[sonarqube-default-login] SonarQube Default Login - Detect (@ep1csage) [high]
[soplanning-default-login] SOPlanning - Default Login (@kazgangap) [high]
[spectracom-default-login] Spectracom Default Login (@madrobot) [high]
[splunk-default-login] Splunk - Default Password (@pussycat0x) [high]
[stackstorm-default-login] StackStorm Default Login (@paperpen) [high]
[structurizr-default-login] Structurizr - Default Login (@dhiyaneshdk) [high]
[supermicro-default-login] Supermicro Ipmi - Default Admin Login (@for3stco1d)
[high]
[szhe-default-login] Szhe Default Login (@pikpikcu) [medium]
[timekeeper-default-login] TimeKeeper - Default Login (@theamanrawat) [high]
[tiny-filemanager-default-login] Tiny File Manager - Default Login (@shelled)
[high]
[tooljet-default-login] ToolJet - Default Login (@random-robbie) [high]
[trassir-default-login] Trassir WebView Default Login - Detect (@gtrrnr,@metascan)
[high]
[umami-default-login] Umami Default Login (@barthy.koeln) [high]
[versa-default-login] Versa Networks SD-WAN Application Default Login
(@davidmckennirey) [high]
[versa-flexvnf-default-login] Versa FlexVNF - Default Login (@c-sh0) [high]
[vidyo-default-login] Vidyo Default Login (@izn0u) [medium]
[trilithic-viewpoint-default] Trilithic Viewpoint Default Login (@davidmckennirey)
[high]
[visionhub-default-login] VisionHub Default Login (@techryptic (@tech)) [high]
[ac-default-login] AC Centralized Management System - Default password
(@sleepingbag945) [high]
[wazuh-default-login] Wazuh - Default Login
(@theamanrawat,@denandz,@pulsesecurity.co.nz) [high]
[weblogic-weak-login] WebLogic Default Login (@pdteam) [high]
[webmethod-integration-default-login] WebMethod Integration Server Default Login
(@christianpoeschl,@olewagner,@usdag) [high]
[webmin-default-login] Webmin - Default Login (@pussycat0x) [high]
[wifisky-default-login] Wifisky Default Login (@pikpikcu) [high]
[wildfly-default-login] Wildfly - Default Admin Login (@s0obi) [high]
[wso2-default-login] WSO2 Management Console Default Login (@cocxanh) [high]
[xerox7-default-login] Xerox WorkCentre 7xxx Printer Default Login (@miroslavsotak)
[high]
[xnat-default-login] XNAT - Default Login (@0x_akoko) [high]
[xploitspy-default-login] XploitSPY - Default Login (@andreluna) [high]
[xui-weak-login] X-UI - Default Login (@dali) [high]
[xxljob-default-login] XXL-JOB Default Login (@pdteam,@ritikchaddha) [high]
[yealink-default-login] Yealink CTP18 - Default Login (@parzival) [high]
[zabbix-default-login] Zabbix Default Login (@pdteam) [high]
[zmanda-default-login] Zmanda Default Login (@techryptic (@tech)) [high]
[adiscon-loganalyzer] Adiscon LogAnalyzer - Information Disclosure (@geeknik)
[high]
[avtech-dvr-exposure] AVTECH AVC798HA DVR - Information Exposure (@geeknik) [low]
[beego-admin-dashboard] Beego Admin Dashboard Panel- Detect (@dhiyaneshdk) [medium]
[compalex-panel-detect] Compalex Panel - Detect (@mastercho) [medium]
[concrete5-install] Concrete5 Install Panel (@osamahamad,@princechaddha) [critical]
[crontab-ui] Crontab UI - Dashboard Exposure (@dhiyaneshdk) [high]
[dzzoffice-install] DzzOffice Installation Panel - Detect (@ritikchaddha) [high]
[eos-http-browser] EOS HTTP Browser (@dhiyaneshdk) [medium]
[goodjob-dashboard] goodjob-dashboard (@hahwul) [medium]
[grails-database-admin-console] Grails Admin Console Panel - Detect (@emadshanab)
[medium]
[kubernetes-web-view] Kubernetes Local Cluster Web View Panel- Detect (@tess)
[medium]
[mybb-forum-install] MyBB Installation Panel - Detect (@ritikchaddha) [high]
[nsq-admin-panel] NSQ Admin Panel - Detect (@random-robbie) [medium]
[odoo-database-manager] Odoo - Database Manager Discovery (@__fazal,@r3dg33k) [low]
[osticket-install] osTicket Installer Panel - Detect (@ritikchaddha) [critical]
[pdi-device-page] PDI Intellifuel - Device Page (@dhiyaneshdk) [low]
[sidekiq-dashboard] Sidekiq Dashboard Panel - Detect (@dhiyaneshdk,@amirmsafari)
[medium]
[tautulli-unauth] Tautulli Panel - Unauthenticated Access (@ritikchaddha) [medium]
[wiren-board-webui] Wiren Board WebUI Panel - Detect (@tess) [medium]
[xoops-installation-wizard] XOOPS Installation Wizard Panel - Detect
(@princechaddha) [low]
[yarn-manager-exposure] Apache YARN ResourceManager Panel - Detect (@pdteam) [low]
[couchbase-buckets-api] Couchbase Buckets Unauthenticated REST API - Detect
(@geeknik) [medium]
[drupal-jsonapi-user-listing] Drupal JSON:API Username Listing - Detect (@lixts)
[medium]
[froxlor-database-backup] Froxlor Server Management Backup File - Detect (@tess)
[medium]
[settings-php-files] settings.php - Information Disclosure (@sheikhrishad) [medium]
[default-sql-dump] MySQL - Dump Files (@geeknik,@dwisiswant0,@elsfa7110,@mastercho)
[medium]
[zip-backup-files] Compressed Backup File - Detect (@toufik-
airane,@dwisiswant0,@ffffffff0x,@pwnhxl,@mastercho) [medium]
[accueil-wampserver] Accueil WAMPSERVER Configuration Page - Detect (@tess)
[medium]
[airflow-configuration-exposure] Apache Airflow Configuration Page - Detect
(@pdteam) [medium]
[amazon-docker-config] Dockerrun AWS Configuration Page - Detect (@pdteam) [medium]
[ansible-config-disclosure] Ansible Configuration Page - Detect (@pdteam) [medium]
[apache-config] Apache Configuration File - Detect (@sheikhrishad) [medium]
[appspec-yml-disclosure] Appspec YML/YAML - Detect (@dhiyaneshdk) [medium]
[appveyor-configuration-file] AppVeyor Configuration Page - Detect (@dhiyaneshdk)
[medium]
[aws-config] AWS Configuration - Detect (@m4lwhere) [medium]
[aws-credentials] AWS Credentials - Detect (@m4lwhere) [high]
[behat-config] Behat Configuration File - Detect (@dhiyaneshdk) [medium]
[cakephp-config] CakePHP Configuration File - Detect (@dhiyaneshdk) [medium]
[cgi-printenv] Test CGI Script - Detect (@emadshanab) [medium]
[circleci-config] CircleCI Configuration File - Detect (@geeknik) [medium]
[circleci-ssh-config] CircleCI SSH Configuration - Detect (@geeknik) [medium]
[codeception-config] Codeception YAML Configuration File - Detect (@dhiyaneshdk)
[low]
[codeigniter-env] Codeigniter - .env File Discovery (@emenalf) [high]
[collibra-properties] Collibra Properties Exposure (@0xpugazh) [high]
[config-json] Configuration File - Detect (@geeknik) [medium]
[config-properties] Config Properties Exposure (@j4vaovo,@dhiyaneshdk) [high]
[configuration-listing] Sensitive Configuration Files Listing - Detect (@j33n1k4)
[medium]
[coremail-config-disclosure] Coremail - Config Discovery (@princechaddha) [high]
[dbeaver-credentials] DBeaver - Credentials Discovery (@geeknik,@j4vaovo) [medium]
[debug-vars] Golang Expvar - Detect (@luqman) [low]
[deployment-ini] FTP Deployment Config File - Exposure (@michal mikolas (nanuqcz))
[medium]
[detect-drone-config] Drone - Configuration Detection (@geeknik) [high]
[docker-compose-config] Docker Compose - Detect (@meme-lord,@blckraven,@geeknik)
[medium]
[dockercfg-config] Detect .dockercfg (@geeknik) [high]
[dockerfile-hidden-disclosure] Dockerfile - Detect (@dhiyaneshdk) [medium]
[dompdf-config] DomPDF - Configuration Page (@kazet) [low]
[editor-exposure] Editor Configuration File - Detect (@dhiyaneshdk,@daffainfo)
[low]
[esmtprc-config] eSMTP - Config Discovery (@geeknik) [high]
[exposed-bitkeeper] BitKeeper Configuration - Detect (@daffainfo) [low]
[exposed-hg] HG Configuration - Detect (@daffainfo) [medium]
[exposed-sharepoint-list] Sharepoint List - Detect (@elsfa7110) [medium]
[exposed-svn] SVN Configuration - Detect (@udit_thakkur,@dwisiswant0) [medium]
[exposed-vscode] Visual Studio Code Directories - Detect (@aashiq) [medium]
[firebase-config-exposure] Firebase Configuration File - Detect (@geeknik) [medium]
[ftp-credentials-exposure] FTP Credentials Exposure (@pikpikcu) [high]
[git-config-nginxoffbyslash] Nginx - Git Configuration Exposure (@organiccrap)
[medium]
[git-config] Git Configuration - Detect (@pdteam,@pikpikcu,@mah3sec_,@m4lwhere)
[medium]
[git-credentials-disclosure] Git Credentials - Detect (@dhiyaneshdk) [medium]
[github-workflows-disclosure] Github Workflow Disclosure (@dhiyaneshdk,@geeknik)
[medium]
[hikvision-info-leak] Hikvision Configuration File - Detect (@pikpikcu) [medium]
[honeywell-scada-config] Honeywell Scada Configuration File - Detect (@alperenkesk)
[low]
[hp-ilo-serial-key-disclosure] HP iLO Serial Key - Detect (@dhiyaneshdk) [medium]
[htpasswd-detection] Apache htpasswd Config - Detect (@geeknik) [high]
[javascript-env] JavaScript Environment Configuration - Detect (@pdp,@geeknik)
[low]
[jkstatus-manager] JK Status Manager - Detect (@pdteam,@dhiyaneshdk) [low]
[joomla-config-dist-file] Joomla! Configuration File - Detect (@oppsec) [low]
[karma-config-js] Karma Configuration File - Detect (@dhiyaneshdk) [medium]
[kubernetes-kustomization-disclosure] Kubernetes Kustomize Configuration - Detect
(@dhiyaneshdk) [medium]
[kyan-credential-exposure] Kyan Credential - Exposure (@pikpikcu) [medium]
[laravel-env] Laravel - Sensitive Information Disclosure
(@pxmme1337,@dwisiswant0,@geeknik,@emenalf,@adrianmf) [high]
[lvmeng-uts-disclosure] Lvmeng - UTS Disclosure (@pikpikcu) [high]
[magento-config-disclosure] Magento Configuration Panel - Detect
(@ptonewreckin,@danigoland,@geeknik) [high]
[msmtp-config] Msmtp - Config Exposure (@geeknik) [high]
[nagios-status-page] Nagios Current Status Page - Detect (@dhiyaneshdk) [medium]
[netrc] Netrc - Config File Discovery (@geeknik) [high]
[opcache-status-exposure] OPcache Status Page - Detect (@pdteam) [medium]
[oracle-cgi-printenv] Oracle CGI printenv - Information Disclosure (@dhiyaneshdk)
[medium]
[oracle-ebs-credentials] Oracle E-Business System Credentials Page - Detect
(@dhiyaneshdk) [high]
[ovpn-config-exposed] OVPN Configuration Download Page - Detect (@tess) [low]
[parameters-config] Parameters.yml - File Discovery (@dhiyaneshdk) [high]
[perl-status] Apache Mod_perl Status Page - Detect (@pdteam) [medium]
[phalcon-framework-source] Phalcon Framework - Source Code Leakage
(@philippedelteil) [high]
[phinx-config] Phinx Configuration Exposure (@dhiyaneshdk) [medium]
[phpinfo-files] PHPinfo Page - Detect (@pdteam,@daffainfo,@meme-
lord,@dhiyaneshdk,@wabafet,@mastercho) [low]
[phpsys-info] phpSysInfo Exposure (@fpatrik) [low]
[platformio-ini] Platformio Config File Disclosure (@dhiyaneshdk) [low]
[plesk-stat] Webalizer Log Analyzer Configuration - Detect (@th3.d1p4k) [medium]
[prometheus-metrics] Prometheus Metrics - Detect (@dhiyaneshdk,@philippedelteil)
[medium]
[protractor-config] Protractor Configuration Exposure (@dhiyaneshdk) [low]
[psalm-config] Psalm Configuration Exposure - Detect (@dhiyaneshdk) [low]
[qdpm-info-leak] qdPM 9.2 - DB Credentials Exposure (@gy741) [high]
[rails-database-config] Ruby on Rails Database Configuration File - Detect
(@pdteam,@geeknik) [high]
[redis-config] Redis Configuration File - Detect (@geeknik) [medium]
[robomongo-credential] RoboMongo Credential - Exposure (@geeknik) [high]
[ruijie-information-disclosure] Ruijie Login Panel - Detect (@pikpikcu) [high]
[ruijie-nbr1300g-exposure] Ruijie NBR1300G Cli Password Leak - Detect (@pikpikcu)
[high]
[ruijie-phpinfo] Ruijie Phpinfo Configuration - Detect (@pikpikcu) [low]
[s3cfg-config] S3CFG Configuration - Detect (@geeknik,@dhiyaneshdk) [high]
[server-private-keys] SSL/SSH/TLS/JWT Keys - Detect (@geeknik,@r12w4n,@j4vaovo)
[high]
[sftp-credentials-exposure] SFTP Configuration File - Credentials Exposure
(@geeknik,@sheikhrishad) [high]
[sftp-deployment-config] Atom SFTP Configuration File - Detect (@geeknik) [high]
[sphinxsearch-config] Sphinx Search Config - Exposure (@gtrrnr) [high]
[ssh-authorized-keys] SSH Authorized Keys File - Detect (@geeknik) [medium]
[symfony-database-config] Symfony Database Configuration File - Detect
(@pdteam,@geeknik) [high]
[symfony-profiler] Symfony Profiler - Detect (@pdteam) [high]
[ventrilo-config] Ventrilo Configuration File - Detect (@geeknik) [high]
[vite-config] Vite Configuration - File Exposure (@dhiyaneshdk) [low]
[websheets-config] Websheets Configuration File - Detect (@geeknik) [high]
[wpconfig-aws-keys] AWS S3 keys Leak (@r12w4n) [high]
[xprober-service] X Prober Server - Information Disclosure (@pdteam) [medium]
[yii-debugger] View Yii Debugger Information (@geeknik,@rumble773) [low]
[zend-config-file] Zend Configuration File (@pdteam,@geeknik,@akokonunes) [high]
[apache-licenserc] Apache License File (@dhiyaneshdk) [low]
[apdisk-disclosure] Apdisk - File Disclosure (@dhiyaneshdk) [low]
[appsettings-file-disclosure] Application Setting file disclosure
(@dhiyaneshdk,@tess) [high]
[atom-sync-remote] Atom Synchronization Exposure (@geeknik) [high]
[auth-json] Auth.json File - Disclosure (@dhiyaneshdk) [high]
[azure-pipelines-exposed] Azure Pipelines Configuration File Disclosure
(@dhiyaneshdk) [medium]
[azuredeploy-json] Azure Resource Manager Template - File Exposure (@dhiyaneshdk)
[medium]
[cloud-config] Cloud Config File Exposure (@dhiyaneshdk,@hardik-solanki) [medium]
[cold-fusion-cfcache-map] Discover Cold Fusion cfcache.map Files (@geeknik) [low]
[composer-auth-json] Composer-auth Json File Disclosure (@dhiyaneshdk) [low]
[core-dump] Exposed Core Dump - File Disclosure (@kazet) [medium]
[credentials-json] Credentials File Disclosure (@ritikchaddha) [medium]
[database-credentials] Database Credentials File Exposure (@hardik-
solanki,@geeknik) [low]
[db-xml-file] db.xml File - Detect (@tess) [medium]
[django-secret-key] Django Secret Key Exposure (@geeknik,@dhiyaneshdk) [high]
[docker-cloud] Docker Cloud Yaml - File Disclosure (@dhiyaneshdk) [medium]
[domcfg-page] Lotus Domino Configuration Page (@gevakun) [low]
[environment-rb] Environment Ruby File Disclosure (@dhiyaneshdk) [medium]
[exposed-alps-spring] Exposed Spring Data REST Application-Level Profile Semantics
(ALPS) (@dwisiswant0) [medium]
[filezilla-exposed] Filezilla (@amsda) [medium]
[ftpconfig] Atom remote-ssh ftpconfig Exposure (@geeknik,@dhiyaneshdk) [high]
[gcloud-access-token] Google Cloud Access Token (@dhiyaneshdk) [medium]
[gcloud-credentials] Google Cloud Credentials (@dhiyaneshdk) [medium]
[get-access-token-json] Get Access Token Json (@dhiyaneshdk) [low]
[git-mailmap] Git Mailmap File Disclosure (@geeknik,@dhiyaneshdk) [low]
[go-mod-disclosure] Go.mod Disclosure (@dhiyaneshdk) [low]
[google-api-private-key] Google Api Private Key (@dhiyaneshdk) [medium]
[google-services-json] Google Service Json (@dhiyaneshdk) [low]
[ht-deployment] .htdeployment - Files Tree Cache File (@michal-mikolas) [medium]
[iceflow-vpn-disclosure] ICEFlow VPN Disclosure (@pikpikcu) [low]
[ioncube-loader-wizard] ioncube Loader Wizard Disclosure (@mubassirpatel) [medium]
[joomla-file-listing] Joomla! Database File List (@iampritam) [medium]
[jsapi-ticket-json] JsAPI Ticket Json (@dhiyaneshdk) [low]
[kubernetes-etcd-keys] Kubernetes etcd Keys - Exposure (@hardik-solanki) [medium]
[lazy-file-manager] Lazy File Manager (@amsda) [medium]
[npm-cli-metrics-json] NPM Anonymous CLI Metrics Json (@dhiyaneshdk) [low]
[oauth-credentials-json] Oauth Credentials Json (@dhiyaneshdk) [low]
[openstack-user-secrets] OpenStack User Secrets Exposure (@geeknik) [high]
[pantheon-upstream] Pantheon upstream.yml Disclosure (@dhiyaneshdk) [low]
[php-cs-cache] PHP-CS-Fixer Cache - File Disclosure (@dhiyaneshdk) [medium]
[php-ini] Php.ini File Disclosure (@geeknik,@dhiyaneshdk) [low]
[php-user-ini-disclosure] Php User.ini Disclosure (@dhiyaneshdk) [medium]
[phpunit-result-cache-exposure] PHPUnit Result Cache File Exposure (@dhiyaneshdk)
[low]
[putty-private-key-disclosure] Putty Private Key Disclosure (@dhiyaneshdk,@geeknik)
[medium]
[rails-secret-token-disclosure] Ruby on Rails Secret Token Disclosure
(@dhiyaneshdk) [medium]
[redmine-config] Redmine Configuration File - Detect (@dhiyaneshdk) [high]
[ruby-rail-storage] Ruby on Rails storage.yml File Disclosure (@dhiyaneshdk) [low]
[salesforce-credentials] Salesforce Credentials - Detect (@geeknik) [high]
[secret-token-rb] Secret Token Ruby - File Disclosure (@dhiyaneshdk) [medium]
[ruby-secrets-file] Ruby on Rails secrets.yml File Exposure (@dhiyaneshdk) [high]
[sendgrid-env] SendGrid Env File Exposure (@dhiyaneshdk) [medium]
[sensitive-storage-data-expose] Sensitive Storage Data - Detect (@pussycat0x)
[medium]
[service-account-credentials] Service Account Credentials File Disclosure
(@ritikchaddha) [medium]
[shellscripts] Public shellscripts (@panch0r3d) [low]
[socks5-vpn-config] Socks5 VPN - Sensitive File Disclosure (@dhiyaneshdk) [high]
[svn-wc-db] SVN wc.db File Exposure (@hardik-solanki,@r12w4n) [medium]
[token-json] Token Json File Disclosure (@dhiyaneshdk) [low]
[travis-ci-disclosure] Travis CI Disclosure (@dhiyaneshdk) [high]
[vagrantfile-exposure] Vagrantfile Exposure (@dhiyaneshdk) [low]
[viminfo-disclosure] Viminfo - File Disclosure (@dhiyaneshdk) [low]
[vscode-sftp] VSCode SFTP File Exposure (@geeknik) [high]
[ws-ftp-ini] WS FTP File Disclosure (@dhiyaneshdk) [low]
[xampp-environment-variables] XAMPP Environment Variables Exposure
(@melbadry9,@dhiyaneshdk) [low]
[access-log-file] Publicly accessible access-log file (@sheikhrishad) [low]
[badarg-log] Badarg Log File Exposure (@hardik-solanki) [low]
[clockwork-php-page] Clockwork PHP page exposure (@organiccrap) [high]
[darkstat-detect] Detect Darkstat Reports (@geeknik) [high]
[django-debug-exposure] Django Debug Exposure (@geeknik) [high]
[dozzle-container-logs] Dozzle - Logs Exposure (@theabhinavgaur) [medium]
[elmah-log-file] ELMAH Exposure (@shine,@idealphase) [high]
[error-logs] Common Error Log Files (@geeknik,@daffainfo,@elsfa7110,@hardik-
solanki) [low]
[event-debug-server-status] Event Debug Server Status (@pussycat0x) [low]
[exposed-glances-api] Exposed Glances API (@princechaddha) [low]
[ffserver-status] FFserver Status Detect (@notnotnotveg,@tess) [low]
[firebase-debug-log] Firebase Debug Log File Exposure (@hardik-solanki) [low]
[git-exposure] Git Metadata Directory Exposure (@tess) [medium]
[go-pprof-debug] Go pprof Debug Page (@w8ay) [low]
[jboss-seam-debug-page] Jboss Seam Debug Page Enabled (@dhiyaneshdk) [medium]
[laravel-log-file] Laravel log file publicly accessible (@sheikhrishad,@geeknik)
[high]
[laravel-telescope] Laravel Telescope Disclosure (@geeknik) [medium]
[lucee-stack-trace] Lucee Stack Trace Error (@dhiyaneshdk) [low]
[milesight-system-log] Milesight Industrial Cellular Routers - Information
Disclosure (@ritikchaddha) [high]
[nginx-shards] NGINX Shards Disclosure (@dhiyaneshdk) [medium]
[npm-debug-log] NPM Debug Log Disclosure (@hardik-solanki) [low]
[npm-log-file] Publicly accessible NPM Log file (@sheikhrishad,@dhiyaneshdk) [low]
[opentsdb-status] OpenTSDB - Detect (@pussycat0x) [low]
[oracle-ebs-sqllog-disclosure] Oracle EBS - SQL Log Disclosure (@dhiyaneshdk)
[medium]
[production-log] Production Log File Disclosure (@geeknik) [low]
[pyramid-debug-toolbar] Pyramid Debug Toolbar (@geeknik) [medium]
[rails-debug-mode] Rails Debug Mode (@pdteam) [medium]
[redis-exception-error] Redis Exception Connection Error Page (@dhiyaneshdk) [low]
[redv-super-logs] RED-V Super Digital Signage System RXV-A740R - Log Information
Disclosure (@r3y3r53) [medium]
[roundcube-log-disclosure] Roundcube Log Disclosure (@dhiyaneshdk,@kazet) [medium]
[squid-analysis-report-generator] Squid Analysis Report Generator (@geeknik) [high]
[struts-debug-mode] Apache Struts setup in Debug-Mode (@pdteam) [low]
[struts-problem-report] Apache Struts Dev Mode - Detect (@dhiyaneshdk) [low]
[teampass-ldap] Teampass LDAP Debug Config - Detect (@josecosta) [medium]
[trace-axd-detect] ASP.NET Trace.AXD Information Leak (@dhiyaneshdk) [low]
[webalizer-xtended-stats] Webalizer Xtended Statistics Exposed (@ritikchaddha)
[low]
[ws-ftp-log] WS FTP File Disclosure (@hardik-solanki) [low]
[zm-system-log-detect] zm-system-log-detect (@pussycat0x) [low]
[axiom-digitalocean-key-exposure] DigitalOcean Key Exposure via Axiom (@geeknik)
[critical]
[tugboat-config-exposure] Tugboat Configuration File Exposure (@geeknik) [critical]
[fcm-server-key] FCM Server Key (@absshax) [high]
[loqate-api-key] Loqate API Key (@realexp3rt) [low]
[mapbox-token-disclosure] Mapbox Token Disclosure (@devang-solanki) [medium]
[razorpay-clientid-disclosure] Razorpay Client ID Disclosure (@devang-solanki)
[high]
[brother-printer-detect] Brother Printer (@pussycat0x) [low]
[brother-unauthorized-access] Brother Printer (@pussycat0x) [medium]
[contacam] ContaCam Snapshot Images - Detect (@dhiyaneshdk) [medium]
[homeworks-illumination] HomeWorks Illumination Web Keypad (@geeknik) [low]
[hp-device-info-detect] HP Device Info Detection (@pussycat0x) [low]
[iotawatt-app-exposure] IoTaWatt Configuration App Exposure (@pussycat0x) [high]
[netgear-boarddataww-rce] Netgear Devices boardDataWW.php Unauthenticated Remote
Command Execution (@pussycat0x) [critical]
[open-mjpg-streamer] open-mjpg-streamer (@gboddin) [medium]
[panasonic-network-management] Panasonic Network Camera Management System - Detect
(@dhiyaneshdk) [medium]
[pqube-power-analyzers] PQube 3 Power Analyzers (@pussycat0x) [low]
[qvisdvr-deserialization-rce] QVISDVR JSF Deserialization - Remote Code Execution
(@me9187) [critical]
[raspberry-shake-config] Raspberry Shake Config Detection (@pussycat0x) [medium]
[stem-audio-table-private-keys] Detect Private Key on STEM Audio Table (@gy741)
[high]
[targa-camera-lfi] Selea Targa IP OCR-ANPR Camera - Local File Inclusion (@gy741)
[high]
[targa-camera-ssrf] Selea Targa IP OCR-ANPR Camera - Unauthenticated SSRF (@gy741)
[high]
[xp-webcam] XP Webcam Viewer Page (@aashiq) [medium]
[balada-injector-malware] Balada Injector Malware - Detect (@kazet) [high]
[joomla-manifest-file] Joomla! Manifest File - Disclosure (@oppsec) [medium]
[ace-admin-dashboard] Ace Admin Dashboard - Detect (@tess) [medium]
[adobe-connect-username-exposure] Adobe Connect Username Exposure (@dhiyaneshdk)
[low]
[aem-acs-common] Adobe AEM ACS Common Exposure (@dhiyaneshdk) [medium]
[aem-cached-pages] Invalidate / Flush Cached Pages on AEM (@hetroublemakr) [low]
[aem-xss-childlist] Adobe Experience Manager Childlist Selector - Cross-Site
Scripting (@theabhinavgaur) [medium]
[aem-crx-bypass] AEM Package Manager - Authentication Bypass (@dhiyaneshdk)
[critical]
[aem-crx-namespace] Adobe AEM CRX Namespace Editor Exposure (@dhiyaneshdk) [low]
[aem-default-get-servlet] AEM DefaultGetServlet (@dhiyaneshdk) [low]
[aem-disk-usage] Adobe AEM Disk Usage Information Disclosure (@dhiyaneshdk) [low]
[aem-dump-contentnode] AEM Dump Content Node Properties (@dhiyaneshdk) [medium]
[aem-explorer-nodetypes] Adobe AEM Explorer NodeTypes Exposure (@dhiyaneshdk)
[high]
[aem-gql-servlet] AEM GQLServlet (@dhiyaneshdk,@prettyboyaaditya) [low]
[aem-groovyconsole] AEM Groovy Console Discovery (@dheerajmadhukar) [critical]
[aem-hash-querybuilder] Query hashed password via QueryBuilder Servlet
(@dhiyaneshdk) [medium]
[aem-misc-admin] Adobe AEM Misc Admin Dashboard Exposure (@dhiyaneshdk) [high]
[aem-offloading-browser] Adobe AEM Offloading Browser (@dhiyaneshdk) [medium]
[aem-osgi-bundles] Adobe AEM Installed OSGI Bundles (@dhiyaneshdk) [low]
[aem-querybuilder-internal-path-read] AEM QueryBuilder Internal Path Read
(@dhiyaneshdk) [medium]
[aem-secrets] AEM Secrets - Sensitive Information Disclosure (@booboohq,@j3ssie)
[high]
[aem-security-users] Adobe AEM Security Users Exposure (@dhiyaneshdk) [medium]
[aem-setpreferences-xss] Adobe Experience Manager - Cross-Site Scripting
(@zinminphy0,@dhiyaneshdk) [high]
[aem-wcm-suggestions-servlet] AEM WCM Suggestions Servlet (@dhiyaneshdk) [low]
[aem-xss-childlist-selector] Adobe Experience Manager - Cross-Site Scripting
(@dhiyaneshdk) [high]
[airflow-debug] Airflow Debug Trace (@pdteam) [low]
[unauthenticated-airflow-instance] Unauthenticated Airflow Instance (@dhiyaneshdk)
[high]
[akamai-arl-xss] Open Akamai ARL - Cross-Site Scripting (@pdteam) [high]
[akamai-s3-cache-poisoning] Akamai/Amazon S3 - Cache Poisoning (@dhiyaneshdk)
[high]
[ampache-update-exposure] Ampache Update Page Exposure (@ritikchaddha) [low]
[android-debug-database-exposed] Android Debug Manager (@dhiyaneshdk) [low]
[apache-drill-exposure] Apache Drill Exposure (@dhiyaneshdk) [low]
[apache-druid-unauth] Apache Druid Unauth (@dhiyaneshdk) [low]
[apache-impala] Apache Impala - Exposure (@dhiyaneshdk) [medium]
[apache-struts-showcase] Apache Struts - ShowCase Application Exposure
(@dhiyaneshdk) [low]
[apache-couchdb-unauth] Apache CouchDB - Unauthenticated Access (@sleepingbag945)
[high]
[apache-filename-enum] Apache Filename Enumeration (@geeknik) [low]
[apache-hbase-unauth] Apache Hbase Unauth (@pikpikcu) [medium]
[apache-nifi-unauth] Apache NiFi - Unauthenticated Access (@pwnhxl) [high]
[apache-server-status] Apache Server Status Disclosure (@thabisocn) [low]
[apache-storm-unauth] Apache Storm Unauth (@pikpikcu) [medium]
[apache-zeppelin-unauth] Apache Zeppelin - Unauthenticated Access (@j4vaovo) [high]
[kafka-manager-unauth] Kafka Manager Panel - Unauthorized Access (@paper-pen) [low]
[apcu-service] APCu service information leakage (@koti2) [low]
[apollo-adminservice-unauth] Apollo Admin Service - Unauthenticated Access
(@j4vaovo) [medium]
[apple-cups-exposure] Apple CUPS Sources - Exposure (@dhiyaneshdk) [high]
[artifactory-anonymous-deploy] Artifactory anonymous deploy (@panch0r3d) [high]
[aws-object-listing] AWS bucket with Object listing (@pdteam) [low]
[aws-s3-explorer] Amazon Web Services S3 Explorer - Detect (@dhiyaneshdk) [medium]
[awstats-listing] AWStats Listing (@tess) [low]
[bitbucket-auth-bypass] Bitbucket Server > 4.8 - Authentication Bypass
(@dhiyaneshdk) [critical]
[bitbucket-public-repository] Atlassian Bitbucket Public Repository Exposure
(@dhiyaneshdk) [low]
[bravia-signage] BRAVIA Signage - Exposure (@dhiyaneshdk) [medium]
[browserless-debugger] Exposed Browserless debugger (@ggranjus) [medium]
[cadvisor-exposure] cAdvisor - Detect (@dhiyaneshdk) [medium]
[casdoor-users-password] Casdoor get-users Account Password Disclosure
(@dhiyaneshdk) [high]
[chatgpt-web-unauth] ChatGPT Web - Unauthorized Access (@sleepingbag945) [high]
[clickhouse-unauth-api] ClickHouse API Database Interface - Improper Authorization
(@dhiyaneshdk) [high]
[clockwork-dashboard-exposure] Clockwork Dashboard Exposure (@dhiyaneshdk) [high]
[cloud-metadata] GCP/AWS Metadata Disclosure (@dhiyaneshdk) [low]
[unauth-cluster-trino] Cluster Overview - Unauthenticated Dashboard Exposure
(@tess) [medium]
[cobbler-exposed-directory] Exposed Cobbler Directories (@c-sh0) [medium]
[codeigniter-errorpage] CodeIgniter - Error Page (@j4vaovo) [low]
[codemeter-webadmin] CodeMeter Webadmin Dashboard (@dhiyaneshdk) [low]
[codis-dashboard] Codis Dashboard Exposure (@tess) [low]
[collectd-exporter-metrics] Collectd Exporter Metrics (@dhiyaneshdk) [low]
[confluence-dashboard] Confluence Dashboard Exposed (@tess) [low]
[dlink-file-read] D-Link - Local File Inclusion (@dhiyaneshdk) [high]
[flask-werkzeug-debug] Flask Werkzeug Debugger Exposure (@dhiyaneshdk) [low]
[default-spx-key] SPX PHP Profiler - Default Key (@vagnerd) [high]
[deos-openview-panel] DEOS OPENview Admin Panel Unauthenticated Access (@sullo)
[high]
[django-debug] Django Debug Configuration Enabled (@dhiyaneshdk,@hackergautam)
[medium]
[dlink-config-dump] D-Link DAP-1325 - Information Disclosure (@gy741) [critical]
[dlink-unauth-cgi-script] D-Link DNS Series CGI Script - Unauthenticated
(@pussycat0x) [low]
[docker-daemon-exposed] Docker Daemon Exposed (@arm!tage) [critical]
[docker-registry] Docker Registry Listing (@puzzlepeaches) [medium]
[docmosis-tornado-server] Docmosis Tornado Server Exposure (@tess) [low]
[dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
[doris-dashboard] Doris Dashboard - Exposed (@ritikchaddha) [medium]
[druid-monitor] Alibaba Druid Monitor Unauthorized Access (@ohlinge) [high]
[dynamic-container-host] Dynamics Container Host - Detect (@dhiyaneshdk) [low]
[ec2-instance-information] EC2 Instance Information (@dhiyaneshdk) [low]
[ecology-info-leak] Ecology - Information Exposure (@qianbenhyu) [high]
[elastic-hd-dashboard] Elastic HD Dashboard Exposure (@tess) [low]
[elasticsearch] ElasticSearch Information Disclosure (@shine,@c-sh0,@geeknik) [low]
[envoy-admin-exposure] Envoy Admin Exposure (@dhiyaneshdk) [medium]
[espeasy-mega-exposure] ESPEasy Mega Panel Exposure (@ritikchaddha) [high]
[esphome-dashboard] ESPHome Dashboard Exposure (@ritikchaddha) [medium]
[http-etcd-unauthenticated-api-data-leak] etcd Unauthenticated HTTP API Leak
(@dhiyaneshdk) [high]
[everything-listing] Everything Server Exposure (@pussycat0x) [high]
[exposed-jquery-file-upload] BlueImp jQuery-File-Upload - Arbitrary File Upload
(@dhiyaneshdk) [critical]
[exposed-kafdrop] Publicly exposed Kafdrop Interface (@dhiyaneshdk) [low]
[exposed-kibana] Exposed Kibana (@shine) [medium]
[exposed-sqlite-manager] SQLiteManager - Text Display (@dhiyaneshdk) [medium]
[express-stack-trace] Express Stack Trace (@dhiyaneshdk) [low]
[feiyuxing-info-leak] Feiyuxing Information - Exposure (@sleepingbag945) [high]
[filebrowser-unauth] File Browser Dashboard - Unauthenticated Access
(@ritikchaddha) [medium]
[flask-redis-docker] Flask Redis Queue Docker - Exposure (@dhiyaneshdk) [low]
[formalms-install] Formalms Exposed Installation (@princechaddha) [high]
[fusionauth-admin-setup] FusionAuth Exposed Admin Setup (@ritikchaddha) [high]
[ganglia-cluster-dashboard] Ganglia Cluster Dashboard - Detect (@ritikchaddha)
[low]
[genieacs-default-jwt] GenieACS - Authentication Bypass (Default JWT Secret)
(@dhiyaneshdk,@pussycat0x) [high]
[git-web-interface] Git web interface (@dhiyaneshdk) [low]
[gitea-public-signup] Gitea Public Registration Enabled (@edoardottt) [high]
[gitlab-api-user-enum] GitLab - User Information Disclosure Via Open API
(@suman_kar) [medium]
[gitlab-uninitialized-password] Uninitialized GitLab instances (@gitlab red team)
[high]
[gitlist-disclosure] GitList Disclosure (@dhiyaneshdk) [low]
[global-traffic-statistics] Global Traffic Statistics Exposure (@tess) [low]
[glpi-directory-listing] GLPI Directory Listing (@redteambrasil,@imnightmaree)
[low]
[gocd-cruise-configuration] GoCd Cruise Configuration disclosure (@dhiyaneshdk)
[high]
[gocd-encryption-key] GoCd Encryption Key (@dhiyaneshdk) [low]
[gocd-unauth-dashboard] GoCd Unauth Dashboard (@dhiyaneshdk) [medium]
[insecure-firebase-database] Insecure Firebase Database (@rafaelwdornelas) [high]
[gopher-server] Gopher Server - Exposure (@dhiyaneshdk) [medium]
[grafana-public-signup] Grafana Public Signup (@pdteam) [medium]
[grav-register-admin] Grav Register Admin User - Detect (@dhiyaneshdk) [high]
[h2o-arbitary-file-read] H2O - Arbitrary Path Lookup (@danmcinerney,@byt3bl33d3r)
[medium]
[h2o-dashboard] H2O Dashboard - Exposure (@byt3bl33d3r) [high]
[hadoop-unauth-rce] Apache Hadoop YARN ResourceManager - Remote Code Execution
(@pdteam,@couskito) [critical]
[haproxy-exporter-metrics] Detect Haproxy Exporter (@pussycat0x) [low]
[haproxy-status] HAProxy Statistics Page - Detect (@dhiyaneshdk) [medium]
[healthchecks-ui-exposure] Healthchecks UI Exposure (@tess) [low]
[helm-dashboard-exposure] Helm Dashboard - Exposure (@dhiyaneshdk) [medium]
[hikvision-env] Hikvision Springboot Env Actuator - Detect (@sleepingbag945) [high]
[hivequeue-agent] HiveQueue Agent (@dhiyaneshdk) [low]
[unauthorized-hp-printer] Unauthorized HP Printer (@pussycat0x) [high]
[unauthorized-printer-hp] Unauthorized HP office pro printer
(@pussycat0x,@r3naissance) [high]
[hpe-system-management-anonymous-access] HPE System Management Anonymous Access
(@divya_mudgal) [low]
[ibm-friendly-path-exposure] IBM Websphere Friendly Path Exposure (@clarkvoss)
[medium]
[ibm-websphere-xml] IBM WebSphere Application - Source File Exposure (@r3nz0)
[medium]
[imgproxy-unauth] Imgproxy Unauthorized Access (@userdehghani) [low]
[activecollab-installer] ActiveCollab Installation Page - Exposure (@dhiyaneshdk)
[high]
[akeeba-installer] Akeeba Backup Installer - Exposure (@dhiyaneshdk) [high]
[alma-installer] Alma Installation Exposure (@dhiyaneshdk) [high]
[ampache-music-installer] Ampache Music Installer (@tess) [high]
[avideo-install] AVideo Installer - Detect (@ritikchaddha) [high]
[bagisto-installer] Bagisto Installer Exposure (@ritikchaddha) [high]
[binom-installer] Binom Installer Exposure (@tess) [high]
[bitrix24-installer] Bitrix24 Installation Exposure (@dhiyaneshdk) [high]
[blesta-installer] Blesta Installer Exposure (@dhiyaneshdk) [high]
[businesso-installer] Businesso Installer Exposure (@ritikchaddha) [high]
[call-com-installer] Call.com Setup Page - Exposure (@dhiyaneshdk) [high]
[chamilo-installer] Chamilo Installer Exposure (@dhiyaneshdk) [high]
[circarlife-installer] CirCarLife - Installer (@geeknik) [critical]
[clipbucket-installer] ClipBucket Installer - Exposure (@dhiyaneshdk) [high]
[cms-made-simple-installer] CMS Made Simple Installation Page - Exposure
(@dhiyaneshdk) [high]
[combodo-itop-installer] Combodo iTop Installer/Upgrade - Exposure (@dhiyaneshdk)
[high]
[concrete-installer] Concrete Installer (@pussycat0x) [high]
[confluence-installer] Confluence Installation Page - Exposure (@dhiyaneshdk)
[high]
[connectwise-setup] ConnectWise Setup Wizard - Exposure (@dhiyaneshdk) [high]
[contentify-installer] Contentify Installer Exposure (@ritikchaddha) [high]
[cube-105-install] Cube-105 - Exposed Installation (@ritikchaddha) [high]
[cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@dhiyaneshdk) [high]
[custom-xoops-installer] XOOPS Custom - Installation (@dhiyaneshdk) [high]
[dokuwiki-installer] DokuWiki Install Exposure (@dhiyaneshdk) [high]
[dolibarr-installer] Dolibarr Installer (@pussycat0x) [high]
[dolphin-installer] Dolphin Installer - Exposure (@dhiyaneshdk) [high]
[drupal-install] Drupal Install (@nkxxkn) [high]
[easy-viserlabs-installer] Easy Installer by ViserLab - Exposure (@dhiyaneshdk)
[high]
[easy-wi-installer] Easy-WI Installation Page - Exposure (@dhiyaneshdk) [high]
[easyscripts-installer] Easyscripts Installer (@theamanrawat) [high]
[ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure
(@dhiyaneshdk) [high]
[eshop-installer] EShop Installer Exposure (@dhiyaneshdk) [high]
[espeasy-installer] ESPEasy Installation Exposure (@ritikchaddha) [medium]
[espocrm-installer] Espocrm Installer (@dhiyaneshdk) [high]
[eyoucms-installer] EyouCMS - Installation (@ritikchaddha) [high]
[facturascripts-installer] FacturaScripts Installer Exposure (@dhiyaneshdk) [high]
[flarum-installer] Flarum Installation Page - Exposure (@dhiyaneshdk) [high]
[fleetcart-installer] FleetCart Installation Page - Exposure (@dhiyaneshdk) [high]
[forgejo-installer] Forgejo Installation Page - Exposure (@dhiyaneshdk) [high]
[froxlor-installer] Froxlor Server Management - Installer (@dhiyaneshdk) [high]
[geniusocean-installer] GeniusOcean Installer Exposure (@dhiyaneshdk) [high]
[getsimple-installation] GetSimple CMS - Installer (@princechaddha) [critical]
[gibbon-installer] Gibbon Installer - Exposure (@dhiyaneshdk) [high]
[gitea-installer] Gitea Installer Exposure (@dhiyaneshdk) [medium]
[glpi-installer] GLPI Installation Page - Exposure (@dhiyaneshdk) [high]
[gogs-installer] Gogs (Go Git Service) - Installer (@dhiyaneshdk) [critical]
[growi-installer] GROWI Installer - Exposure (@dhiyaneshdk) [high]
[ids-skills-installer] IDP Skills Installer - Exposure (@dhiyaneshdk) [high]
[impresspages-installer] ImpressPages Installer (@pussycat0x) [low]
[imprivata-installer] Imprivata Appliance Installation Exposure (@ritikchaddha)
[medium]
[indegy-sensor-installer] Indegy Sensor Setup - Installer (@ritikchaddha) [high]
[invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure
(@dhiyaneshdk) [high]
[invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@dhiyaneshdk) [high]
[jfa-go-installer] jfa-go Setup Page - Exposure (@dhiyaneshdk) [high]
[jira-setup] Atlassian JIRA Setup - Installer (@ritikchaddha) [high]
[joomla-installer] Joomla! Installer Exposure (@dhiyaneshdk) [high]
[justfans-installer] JustFans Installation Page - Exposure (@dhiyaneshdk) [high]
[klr300n-install] KLR 300N Router - Exposed Installation (@andreluna) [high]
[knowledgetree-installer] KnowledgeTree Installer Exposure (@ritikchaddha) [high]
[librenms-installer] LibreNMS Installation Page - Exposure (@dhiyaneshdk) [high]
[limesurvey-installer] Limesurvey Installer Exposure (@dhiyaneshdk) [high]
[lmszai-installer] LMSZAI Installer Exposure (@dhiyaneshdk) [high]
[lychee-installer] Lychee Installer (@dhiyaneshdk) [high]
[magento-installer] Magento Installation Wizard (@dhiyaneshdk) [high]
[mantisbt-installer] MantisBT Installation Exposure (@dhiyaneshdk) [high]
[matomo-installer] Matomo Installer Exposure (@dhiyaneshdk) [high]
[mautic-installer] Mautic Installer Exposure (@dhiyaneshdk) [high]
[mcloud-installer] mCloud Panel - Installer (@ritikchaddha) [critical]
[monstra-installer] Monstra Installation Exposure (@ritikchaddha) [high]
[moodle-installer] Moodle Installation Exposure (@tess) [high]
[moosocial-installer] mooSocial Installation - Exposure (@ritikchaddha) [high]
[mosparo-install] mosparo Exposed Installation (@dhiyaneshdk) [high]
[mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@dhiyaneshdk) [high]
[nagiosxi-installer] Nagios XI Installer (@ritikchaddha) [high]
[nginx-auto-installer] NginX Auto Installer Exposure (@pussycat0x) [low]
[nodebb-installer] NodeBB Web Installer (@dhiyaneshdk) [high]
[nopcommerce-installer] nopCommerce Installer - Detect (@dhiyaneshdk) [critical]
[octoprint-installer] OctoPrint Installation Page - Exposure (@dhiyaneshdk) [high]
[ojs-installer] Open Journal Systems Installer - Exposure (@dhiyaneshdk) [high]
[onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@dhiyaneshdk) [high]
[openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@dhiyaneshdk)
[high]
[openfire-setup] Openfire Setup - Exposure (@dhiyaneshdk) [high]
[openmage-install] OpenMage Installation Wizard (@dhiyaneshdk) [high]
[openshift-installer-panel] OpenShift Assisted Installer Panel - Detect
(@dhiyaneshdk) [medium]
[opensis-installer] openSIS Installation Wizard (@dhiyaneshdk) [high]
[orangehrm-installer] OrangeHrm Installer (@pussycat0x) [high]
[orangescrum-install] Orangescrum Exposed Installation (@ritikchaddha) [high]
[orchard-installer] Orchard Setup Wizard - Exposure (@dhiyaneshdk) [high]
[owncloud-installer-exposure] OwnCloud Installer Exposure (@dhiyaneshdk) [high]
[oxid-eshop-installer] Oxid EShop Installer Exposure (@ritikchaddha) [high]
[pagekit-installer] Pagekit Installer Exposure (@dhiyaneshdk) [high]
[pandora-fms-installer] Pandora FMS Installation Page - Exposure (@dhiyaneshdk)
[high]
[permissions-installer] Permissions Installer Exposure (@pussycat0x) [high]
[phpbb-installer] phpBB Installation File Exposure (@dhiyaneshdk) [high]
[phpgedview-installer] PhpGedView Installer Exposure (@ritikchaddha) [high]
[phpipam-installer] PHP IPAM Installation Page - Exposed (@dhiyaneshdk) [high]
[phpmyfaq-installer] phpMyFAQ Installation - Exposure (@ritikchaddha) [high]
[phpwind-installer] phpwind Installer Exposure (@tess) [high]
[piwik-installer] Piwik Installer Exposure (@dhiyaneshdk) [low]
[pmm-installer] PMM Installation Wizard (@pussycat0x) [high]
[posteio-installer] First Poste.io Configuration Installation Wizard
(@ritikchaddha) [high]
[prestashop-installer] Prestashop Installer Exposure (@tess) [high]
[profittrailer-installer] ProfitTrailer Setup Page - Exposure (@dhiyaneshdk) [high]
[projectsend-installer] ProjectSend Installation Page - Exposure (@dhiyaneshdk)
[high]
[qloapps-installer] QloApps - Installation (@ritikchaddha) [high]
[redash-installer] Redash Installer Exposure (@dhiyaneshdk) [high]
[ruckus-smartzone-install] Ruckus SmartZone Exposed Installation (@ritikchaddha)
[high]
[ruckus-unleashed-install] Ruckus Unleashed Exposed Installation (@ritikchaddha)
[high]
[sabnzbd-installer] SABnzbd Quick-Start Wizard - Exposure (@dhiyaneshdk) [high]
[server-monitor-installer] Server Monitor Installer (@tess) [high]
[shopware-installer] Shopware Installer (@dhiyaneshdk) [high]
[smf-installer] SMF Installer (@dhiyaneshdk) [high]
[sms-installer] SMS Gateway Installation (@ritikchaddha) [high]
[snipe-it-installer] Snipe-IT Setup Page - Exposure (@dhiyaneshdk) [high]
[spa-cart-installer] SPA Cart - Installer (@pussycat0x) [high]
[spip-install] SPIP Install - Exposure (@dhiyaneshdk) [high]
[stackposts-installer] StackPosts Installation Page - Exposure (@dhiyaneshdk)
[high]
[sugarcrm-install] SugarCRM Exposed Installation (@ritikchaddha) [high]
[suitecrm-installer] SuiteCRM Installer Exposure (@dhiyaneshdk) [high]
[sumowebtools-installer] SumoWebTools Installer Exposure (@dhiyaneshdk) [high]
[tasmota-install] Tasmota Installer Exposure (@ritikchaddha) [high]
[tastyigniter-installer] TastyIgniter Setup Page - Exposure (@dhiyaneshdk) [high]
[tautulli-install] Tautulli - Exposed Installation (@ritikchaddha) [high]
[testrail-install] TestRail Installation Wizard (@dhiyaneshdk) [high]
[tiny-rss-installer] Tiny Tiny RSS Installer Exposure (@dhiyaneshdk) [high]
[trilium-notes-installer] Trilium Notes Installer - Exposure (@dhiyaneshdk) [high]
[turbo-website-installer] Turbo Website Reviewer Installer Panel (@tess) [high]
[typo3-installer] TYPO3 Installer (@dhiyaneshdk) [medium]
[ubersmith-installer] Ubersmith Setup Page - Exposure (@dhiyaneshdk) [high]
[umbraco-installer] Umbraco Install Exposure (@dhiyaneshdk) [high]
[unifi-wizard-install] UniFi Wizard Installer (@dhiyaneshdk) [high]
[uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure
(@dhiyaneshdk) [high]
[uvdesk-install] UVDesk Installation Wizard (@dhiyaneshdk) [high]
[vironeer-installer] Vironeer Installer - Exposure (@dhiyaneshdk) [high]
[virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure
(@dhiyaneshdk) [high]
[vtiger-installer] Vtiger CRM Installer Exposure (@dhiyaneshdk) [high]
[webasyst-installer] Webasyst Installer Exposure (@ritikchaddha) [high]
[webcalendar-install] WebCalendar Exposed Installation (@ritikchaddha) [high]
[webtrees-install] WebTrees Exposed Installation (@ritikchaddha) [high]
[webuzo-installer] Webuzo Installer (@dhiyaneshdk) [high]
[wiki-js-installer] Wiki.js Setup - Exposure (@dhiyaneshdk) [high]
[wowcms-installer] WoW CMS Installer Exposure (@ritikchaddha) [high]
[wowonder-installer] WoWonder Installation Page - Exposure (@dhiyaneshdk) [high]
[wp-install] WordPress Exposed Installation (@princechaddha,@0xpugazh) [critical]
[xbackbone-installer] XBackBone Installer - Exposure (@dhiyaneshdk) [high]
[yzmcms-installer] YzmCMS - Installer (@ritikchaddha) [high]
[zabbix-installer] Zabbix Installation Exposure (@dhiyaneshdk) [high]
[zencart-installer] Zen Cart Installer (@dhiyaneshdk) [high]
[zenphoto-setup] Zenphoto <1.5 Installer - Detect (@pdteam) [critical]
[intelbras-dvr-unauth] Intelbras DVR - Unrestricted Access (@pussycat0x) [low]
[iot-vdme-simulator] IoT vDME Simulator Panel - Detect (@tess) [medium]
[jaeger-ui-dashboard] Jaeger UI (@dhiyaneshdk) [low]
[java-melody-exposed] JavaMelody Monitoring Exposed
(@dhiyaneshdk,@thomas_from_offensity) [medium]
[jboss-web-service] JBoss Web Service Console - Detect (@dhiyaneshdk) [low]
[jenkins-openuser-register] Jenkins Open User registration (@dhiyaneshdk) [medium]
[jetty-showcontexts-enable] Jetty showContexts Enable in DefaultHandler
(@dhiyaneshdk) [low]
[jolokia-info-disclosure] Jolokia - Information disclosure (@pussycat0x) [medium]
[jolokia-list] Jolokia - List (@pussycat0x) [low]
[jolokia-mbean-search] Jolokia - Searching MBeans (@pussycat0x) [low]
[jolokia-unauthenticated-lfi] Jolokia - Local File Inclusion (@dhiyaneshdk) [high]
[jupyter-ipython-unauth] Jupyter ipython - Authorization Bypass (@pentest_swissky)
[critical]
[unauth-jupyter-lab] Jupyter Lab - Unauthenticated Access (@j4vaovo) [critical]
[jupyter-notebooks-exposed] Jupyter notebooks exposed to reading and writing
(@johnk3r) [high]
[kafka-cruise-control] Kafka Cruise Control UI (@dhiyaneshdk) [medium]
[kubeflow-dashboard-unauth] Kubeflow Unauth (@dhiyaneshdk) [high]
[kube-state-metrics] Kube State Metrics Exposure (@ja1sh) [low]
[kubernetes-metrics] Detect Kubernetes Exposed Metrics (@pussycat0x) [low]
[kubernetes-pods-api] Kubernetes Pods - API Discovery & Remote Code Execution
(@ilovebinbash,@geeknik,@0xtavian) [critical]
[kubernetes-resource-report] Detect Overview Kubernetes Resource Report
(@pussycat0x) [medium]
[unauth-etcd-server] Etcd Server - Unauthenticated Access (@sharath,@pussycat0x)
[high]
[laravel-debug-enabled] Laravel Debug Enabled (@notsoevilweasel) [medium]
[laravel-debug-error] Larvel Debug Method Enabled (@dhiyaneshdk) [medium]
[laravel-debug-infoleak] Laravel Debug Info Leak (@pwnhxl) [medium]
[laravel-horizon-unauth] Laravel Horizon Dashboard - Unauthenticated (@vagnerd)
[medium]
[lesshst-history] Less History - File Disclosure (@kazet) [low]
[libvirt-exporter-metrics] Libvirt Exporter Metrics (@dhiyaneshdk) [low]
[liferay-jsonws] Liferay /api/jsonws - API Exposed (@dhiyaneshdk) [low]
[linkerd-ssrf-detection] Linkerd SSRF detection (@dudez) [high]
[linktap-gateway-exposure] LinkTap Gateway Exposure (@dhiyaneshdk) [low]
[locust-exposure] Locust Exposure (@dhiyaneshdk,@bhutch) [medium]
[lvm-exporter-metrics] LVM Exporter Metrics (@dhiyaneshdk) [low]
[manage-engine-ad-search] Manage Engine AD Search (@pr3r00t) [high]
[mingyu-xmlrpc-sock-adduser] Mingyu Operation xmlrpc.sock - User Addition
(@sleepingbag945) [high]
[misconfigured-concrete5] Misconfigured Concrete5 (@pdteam) [low]
[misconfigured-docker] Docker Container - Misconfiguration Exposure (@dhiyaneshdk)
[critical]
[mlflow-unauth] Mlflow - Unauthenticated Access (@pussycat0x) [high]
[mobiproxy-dashboard] MobiProxy Dashboard - Detect (@tess) [medium]
[mobsf-framework-exposure] MobSF Framework - Exposure (@shine) [high]
[moleculer-microservices] Moleculer Microservices Project (@pussycat0x) [low]
[mongodb-exporter-metrics] MongoDB Exporter - Detect (@pussycat0x) [medium]
[multilaser-pro-setup] Multilaser Pro Setup Page - Detect (@ritikchaddha) [high]
[mysql-history] Mysql History - File Disclosure (@kazet) [low]
[nacos-authentication-bypass] Nacos < 2.2.0 - Authentication Bypass (@esonhugh)
[critical]
[nacos-create-user] Alibaba Nacos - Unauthorized Account Creation (@sleepingbag945)
[high]
[namedprocess-exporter-metrics] Named Process Exporter (@dhiyaneshdk) [low]
[nextcloud-install] Nextcloud Exposed Installation (@skeltavik) [high]
[nginx-vhost-traffic-status] Nginx Vhost Traffic Status (@geeknik) [low]
[ngrok-status-page] Ngrok Status Page (@pussycat0x) [low]
[node-exporter-metrics] Detect Node Exporter Metrics (@pussycat0x) [low]
[node-express-dev-env] Node.js Express NODE_ENV Development Mode (@flx) [medium]
[node-express-status] Node Express Status - Detect (@dhiyaneshdk) [low]
[exposed-nomad] Nomad - Exposed Jobs (@pdteam) [medium]
[ntopng-traffic-dashboard] Ntopng Traffic Dashboard - Detect (@theamanrawat)
[medium]
[odoo-unprotected-database] Odoo - Unprotected Database (@pdteam) [critical]
[office365-open-redirect] Office365 Autodiscover - Open Redirect (@dhiyaneshdk)
[medium]
[oneinstack-control-center] OneinStack Control Center Dashboard - Detect
(@theabhinavgaur) [medium]
[openbmcs-secret-disclosure] OpenBMCS 2.4 - Information Disclosure (@dhiyaneshdk)
[high]
[openbmcs-ssrf] OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
(@dhiyaneshdk) [medium]
[openstack-config] Openstack - Infomation Disclosure (@mayankpandey01) [low]
[pa11y-dashboard] Pa11y Dashboard Exposure (@tess) [low]
[pcdn-cache-node] PCDN Cache Node Dataset (@dhiyaneshdk) [low]
[perfsonar-toolkit] perfSONAR Toolkit - Exposure (@dhiyaneshdk) [medium]
[pghero-dashboard-exposure] PgHero Dashboard Exposure Panel - Detect (@dhiyaneshdk)
[medium]
[php-debugbar-exposure] Php Debug Bar - Exposure
(@ritikchaddha,@pdteam,@dhiyaneshdk) [high]
[php-src-diclosure] PHP Development Server <= 7.4.21 - Remote Source Disclosure
(@pdteam) [high]
[phpmemcached-admin-panel] phpMemcachedAdmin Panel (@tess) [medium]
[phpmyadmin-misconfiguration] phpmyadmin Data Exposure (@pussycat0x) [medium]
[pma-server-import] PhpMyAdmin Server Import Page - Detect (@cristi vlad
(@cristivlad25)) [high]
[phpmyadmin-setup] PhpMyAdmin Setup File - Detect
(@sheikhrishad,@thevillagehacker,@kr1shna4garwal,@arjunchandarana,@0xpugazh)
[medium]
[phpnow-works] PHPnow works - Exposure (@dhiyaneshdk) [low]
[pinpoint-unauth] PinPoint Unauth (@dhiyaneshdk) [high]
[postgres-exporter-metrics] Postgres Exporter Metrics (@dhiyaneshdk) [low]
[private-key-exposure] Private key exposure via helper detector (@aashiq) [high]
[prometheus-promtail] Prometheus Promtail - Exposure (@irshad ahamed) [medium]
[prometheus-log] Exposed Prometheus (@dhiyaneshdk,@thevillagehacker) [low]
[metadata-service-alibaba] Alibaba Metadata Service Check (@sullo) [critical]
[metadata-service-aws] Amazon AWS Metadata Service Check (@sullo,@dhiyaneshdk)
[critical]
[metadata-service-azure] Microsoft Azure Cloud Metadata Service Check (@sullo)
[critical]
[metadata-service-digitalocean] DigitalOcean Metadata Service Check (@sullo)
[critical]
[metadata-service-gcp] Google GCP Metadata Service Check (@sullo) [critical]
[metadata-service-hetzner] Hetzner Cloud Metadata Service Check (@sullo) [critical]
[metadata-service-openstack] Openstack Metadata Service Check (@sullo) [critical]
[metadata-service-oracle] Oracle Cloud Metadata Service Check (@sullo) [critical]
[open-proxy-external] Open Proxy To External Network (@gtrrnr) [medium]
[put-method-enabled] PUT Method Enabled (@xelkomy) [high]
[python-metrics] Detect Python Exposed Metrics (@dhiyaneshdk) [low]
[questdb-console] QuestDB Console - Detect (@tess) [medium]
[qvidium-management-system-exposed] QVidium Management System Exposed (@tess)
[medium]
[rabbitmq-exporter-metrics] RabbitMQ Exporter (@dhiyaneshdk) [low]
[rack-mini-profiler] rack-mini-profiler - Environment Information Disclosure
(@vzamanillo) [high]
[ray-dashboard] Ray Dashboard Exposure (@dhiyaneshdk) [critical]
[request-baskets-exposure] Request Baskets - Exposure (@dhiyaneshdk) [low]
[rethinkdb-admin-console] RethinkDB Administration Console - Detect (@tess)
[medium]
[roxyfileman-fileupload] Roxy Fileman 1.4.4 - Arbitrary File Upload (@dhiyaneshdk)
[high]
[sap-directory-listing] SAP Directory Listing (@dhiyaneshdk) [medium]
[sap-netweaver-info-leak] SAP NetWeaver ICM Info page leak (@randomstr1ng) [medium]
[sap-public-admin] SAP ICM Admin Web Interface (@t3l3machus) [low]
[searchreplacedb2-exposure] Safe Search Replace Exposure (@kazet) [high]
[secnet-info-leak] Secnet Intelligent Routing System actpt_5g.data - Information
Leak (@dhiyaneshdk) [high]
[seeyon-unauth] Seeyon Unauthorised Access (@pikpikcu) [high]
[selenium-exposure] Selenium - Node Exposure (@w0tx) [high]
[server-status-localhost] Server Status Disclosure (@pdteam,@geeknik) [low]
[service-pwd] service.pwd - Sensitive Information Disclosure (@pussycat0x) [high]
[shell-history] Shell History (@pentest_swissky,@geeknik) [low]
[sitecore-debug-page] SiteCore Debug Page (@dhiyaneshdk) [low]
[sitecore-lfi] Sitecore 9.3 - Webroot File Read (@dhiyaneshdk) [high]
[skycaiji-install] SkyCaiji - Exposed Installation (@pikpikcu) [high]
[slurm-hpc-dashboard] Slurm HPC Dashboard - Detect (@ritikchaddha) [medium]
[smarterstats-setup] SmarterStats Setup Exposure (@tess) [high]
[smokeping-grapher] SmokePing Latency Page for Network Latency Grapher
(@dhiyaneshdk) [low]
[solr-admin-query] Solr - Admin Page Access (@dhiyaneshdk) [high]
[sonarqube-projects-disclosure] SonarQube - Information Disclosure (@dhiyaneshdk)
[medium]
[sonarqube-public-projects] Sonarqube with public projects (@sickwell) [low]
[sony-bravia-disclosure] Sony BRAVIA Digital Signage 1.7.8 System API Information
Disclosure (@geeknik) [low]
[sound4-directory-listing] SOUND4 Impact/Pulse/First/Eco <=2.x - Information
Disclosure (@arafatansari) [medium]
[spidercontrol-scada-server-info] SpiderControl SCADA Web Server - Sensitive
Information Exposure (@geeknik) [high]
[spring-eureka] Spring Eureka Exposure (@tess) [low]
[springboot-autoconfig] Detect Springboot autoconfig Actuator (@pussycat0x) [low]
[springboot-beans] Detect Springboot Beans Actuator (@ajaysenr) [low]
[springboot-caches] Springboot Actuator Caches (@elsfa7110) [low]
[springboot-conditions] Detect Springboot Conditions Actuator (@dhiyaneshdk) [low]
[springboot-configprops] Detect Springboot Configprops Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-dump] Detect Springboot Dump Actuator (@pussycat0x) [low]
[springboot-env] Springboot Env Actuator - Detect
(@that_juan_,@dwisiswant0,@wdahlenb,@philippedelteil,@stupidfish) [low]
[springboot-features] Detects Springboot Features Actuator (@dhiyaneshdk) [low]
[springboot-flyway] Springboot Flyway API (@elsfa7110) [low]
[springboot-gateway] Detect Spring Gateway Actuator (@wdahlenb) [medium]
[springboot-heapdump] Spring Boot Actuator - Heap Dump Detection
(@that_juan_,@dwisiswant0,@wdahlenb) [critical]
[springboot-httptrace] Detect Springboot httptrace
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-integrationgraph] Springboot Actuator integrationgraph (@elsfa7110)
[low]
[springboot-jolokia] Detects Springboot Jolokia Actuator (@dhiyaneshdk) [low]
[springboot-liquidbase] Springboot Liquidbase API (@elsfa7110) [low]
[springboot-logfile] Detects Springboot Logfile Actuator (@dhiyaneshdk) [low]
[springboot-loggers] Detect Springboot Loggers (@that_juan_,@dwisiswant0,@wdahlenb)
[low]
[springboot-mappings] Detect Springboot Mappings Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[springboot-metrics] Detect Springboot metrics Actuator (@pussycat0x) [low]
[springboot-startup] Springboot Actuator startup (@elsfa7110) [low]
[springboot-threaddump] Detect Springboot Thread Dump page (@philippedelteil) [low]
[springboot-trace] Detect Springboot Trace Actuator
(@that_juan_,@dwisiswant0,@wdahlenb) [low]
[sql-server-reportviewer] SQL Server ReportViewer - Exposure (@kazet) [high]
[ssrf-via-oauth-misconfig] SSRF due to misconfiguration in OAuth (@kabirsuda)
[medium]
[symfony-debug] Symfony Debug Mode (@organiccrap,@pdteam) [high]
[syncthing-dashboard] Syncthing Dashboard Exposure (@fabaff) [medium]
[system-properties-exposure] System Properties Exposure (@dhiyaneshdk) [low]
[tasmota-config-webui] Tasmota Configuration Exposure (@ritikchaddha) [medium]
[tcpconfig] Rockwell Automation TCP/IP Configuration Information - Detect
(@dhiyaneshdk) [medium]
[teamcity-guest-login-enabled] JetBrains TeamCity - Guest User Access Enabled
(@ph33r) [high]
[teamcity-registration-enabled] JetBrains TeamCity - Registration Enabled (@ph33r)
[high]
[teslamate-unauth-access] TeslaMate - Unauthenticated Access (@for3stco1d) [medium]
[thanos-prometheus-exposure] Thanos Prometheus Setup - Exposure (@dhiyaneshdk)
[high]
[thinkphp-errors] ThinkPHP Errors - Sensitive Information Exposure (@j4vaovo)
[medium]
[tiny-file-manager-unauth] Tiny File Manager - Unauthorized Access
(@ritikchaddha,@huta0) [medium]
[titannit-web-exposure] TitanNit Web Control - Exposure (@dhiyaneshdk) [medium]
[tomcat-cookie-exposed] Tomcat Cookie Exposed (@tess,@dk999) [low]
[transmission-dashboard] Transmission Dashboard - Detect (@fabaff) [medium]
[typo3-composer] Typo3 composer.json Exposure (@0x_akoko) [low]
[typo3-debug-mode] TYPO3 Debug Mode Enabled (@tess) [low]
[unauth-apache-kafka-ui] Apache Kafka - Unauthorized UI Exposure (@theamanrawat)
[medium]
[unauth-axyom-network-manager] Unauthenticated Axyom Network Manager (@pussycat0x)
[high]
[unauth-celery-flower] Celery Flower - Unauthenticated Access (@dhiyaneshdk) [high]
[unauth-etherpad] Unauthenticated Etherpad (@philippedelteil) [low]
[unauth-fastvue-dashboard] Fastvue Dashboard Panel - Unauthenticated Detect
(@dhiyaneshdk) [medium]
[unauth-kubecost] KubeCost - Unauthenticated Dashboard Exposure (@pussycat0x)
[medium]
[unauth-ldap-account-manager] Unauthenticated LDAP Account Manager (@tess) [medium]
[unauth-mautic-upgrade] Unauthenticated Mautic Upgrade.php Exposure (@huowuzhao)
[high]
[unauth-mercurial] Unauthenticated Mercurial Detect (@pussycat0x) [high]
[opache-control-panel] Opache control Panel - Unauthenticated Access (@pussycat0x)
[medium]
[unauth-redis-insight] RedisInsight - Unauthenticated Access (@ggranjus) [high]
[unauth-temporal-web-ui] Temporal Web UI - Unauthenticated Access (@ggranjus)
[high]
[unauth-wavink-panel] Wavlink Panel - Unauthenticated Access (@princechaddha)
[high]
[unauth-zwave-mqtt] Unauthenticated ZWave To MQTT Console (@geeknik) [low]
[unauthenticated-alert-manager] Alert Manager - Unauthenticated Access
(@dhiyaneshdk) [high]
[unauthenticated-glances] Glances Unauthenticated Panel (@remonsec) [low]
[unauthenticated-glowroot] Glowroot Anonymous User (@pussycat0x) [high]
[unauthenticated-lansweeper] Unauthenticated Lansweeper Instance (@divya_mudgal)
[high]
[unauthenticated-mongo-express] Mongo Express - Unauthenticated Access
(@dhiyaneshdk,@b0rn2r00t) [high]
[unauthenticated-netdata] Unauthenticated Netdata (@dhiyaneshdk) [medium]
[unauthenticated-nginx-dashboard] Nginx Dashboard (@bibeksapkota (sar00n)) [low]
[unauthenticated-prtg] PRTG Traffic Grapher - Unauthenticated Access (@dhiyaneshdk)
[high]
[unauthenticated-tensorboard] Tensorflow Tensorboard - Unauthenticated Access
(@dhiyaneshdk) [high]
[unauthenticated-varnish-cache-purge] Varnish Unauthenticated Cache Purge
(@0xelkomy) [low]
[unauthenticated-zipkin] Zipkin Discovery (@dhiyaneshdk) [high]
[unauthorized-h3csecparh-login] H3C Server - Unauthenticated Access (@ritikchaddha)
[high]
[unauthorized-plastic-scm] Plastic Admin Console - Authentication Bypass (@deena)
[critical]
[unauthorized-puppet-node-manager] Puppet Node Manager - Unauthorized Access
(@pussycat0x) [medium]
[unigui-server-monitor-exposure] UniGUI Server Monitor Panel - Exposure (@serrapa)
[low]
[untangle-admin-setup] Untangle Exposed Admin Signup (@ritikchaddha) [medium]
[v2x-control] V2X Control - Dashboard Exposure (@dhiyaneshdk) [low]
[vercel-source-exposure] Vercel Source Code Exposure (@hlop) [medium]
[vernemq-status-page] VerneMQ Status Page (@geeknik) [low]
[viewpoint-system-status] ViewPoint System Status (@dhiyaneshdk) [low]
[wamp-server-configuration] default-wamp-server-page (@pussycat0x) [medium]
[webalizer-statistics] Webalizer Statistics Information Disclosure (@0x_akoko)
[low]
[woodwing-git] Woodwing Studio Server - Git Config (@pdteam) [medium]
[woodwing-phpinfo] Woodwing Studio Server - Phpinfo Config (@pdteam) [medium]
[zabbix-dashboards-access] zabbix-dashboards-access (@pussycat0x,@vsh00t) [medium]
[zenphoto-sensitive-info] Zenphoto Installation Sensitive Information (@qlkwej)
[medium]
[zhiyuan-oa-unauthorized] Zhiyuan Oa Unauthorized (@pikpikcu) [low]
[aftership-takeover] Aftership - Subdomain Takeover Detection (@pdteam) [high]
[agilecrm-takeover] AgileCRM Takeover Detection (@pdteam) [high]
[aha-takeover] Aha - Subdomain Takeover Detection (@pdteam) [high]
[airee-takeover] Airee Takeover Detection (@pdteam) [high]
[anima-takeover] Anima Takeover Detection (@pdteam) [high]
[announcekit-takeover] Announcekit Takeover Detection (@melbadry9) [high]
[aws-bucket-takeover] AWS Bucket Takeover Detection (@pdteam,@pwnhxl,@zy9ard3)
[high]
[bigcartel-takeover] Bigcartel Takeover Detection (@pdteam) [high]
[bitbucket-takeover] Bitbucket Takeover Detection (@pdteam) [high]
[campaignmonitor-takeover] CampaignMonitor Takeover Detection (@pdteam) [high]
[canny-takeover] Canny Takeover Detection (@pdteam) [high]
[cargo-takeover] cargo takeover detection (@pdteam) [high]
[cargocollective-takeover] CargoCollective Takeover Detection (@pdteam) [high]
[clever-takeover] Clever Cloud - Subdomain Takeover Detection (@supr4s) [high]
[flexbe-takeover] Flexbe Subdomain Takeover (@0x_akoko) [high]
[frontify-takeover] frontify takeover detection (@pdteam) [high]
[gemfury-takeover] Gemfury Takeover Detection (@pdteam,@daffainfo) [high]
[getresponse-takeover] Getresponse Takeover Detection (@pdteam) [high]
[ghost-takeover] ghost takeover detection (@pdteam) [high]
[gitbook-takeover] gitbook takeover detection (@philippedelteil) [high]
[github-takeover] Github Takeover Detection (@pdteam,@th3r4id) [high]
[gohire-takeover] GoHire Takeover Detection (@philippedelteil) [high]
[hatenablog-takeover] Hatenablog Takeover Detection (@pdteam) [high]
[helpdocs-takeover] HelpDocs Takeover Detection (@philippedelteil) [high]
[helpjuice-takeover] helpjuice takeover detection (@pdteam) [high]
[helprace-takeover] Helprace Takeover Detection (@pdteam) [high]
[helpscout-takeover] helpscout takeover detection (@pdteam) [high]
[hubspot-takeover] hubspot takeover detection (@pdteam) [high]
[intercom-takeover] Intercom Takeover Detection (@pdteam) [high]
[jazzhr-takeover] jazzhr takeover detection (@pdteam) [high]
[jetbrains-takeover] Jetbrains Takeover Detection (@pdteam) [high]
[kinsta-takeover] kinsta takeover detection (@pdteam) [high]
[launchrock-takeover] Launchrock Takeover Detection (@pdteam) [high]
[leadpages-takeover] Leadpages takeover detection (@philippedelteil) [high]
[lemlist-takeover] Lemlist - Subdomain Takeover Detection (@kresec) [high]
[mashery-takeover] mashery takeover detection (@pdteam) [high]
[meteor-takeover] Meteor subdomain takeover (@rivalsec) [high]
[netlify-takeover] netlify takeover detection (@0xprial,@pdteam) [high]
[ngrok-takeover] Ngrok Takeover Detection (@pdteam) [high]
[pagewiz-takeover] Pagewiz subdomain takeover (@brabbit10) [high]
[pantheon-takeover] Pantheon Takeover Detection (@pdteam) [high]
[pingdom-takeover] Pingdom Takeover Detection (@pdteam) [high]
[proposify-takeover] proposify takeover detection (@pdteam) [high]
[readme-takeover] Readme.io Takeover Detection (@pdteam) [high]
[readthedocs-takeover] Read the Docs Takeover Detection (@pdteam) [high]
[shopify-takeover] shopify takeover detection (@pdteam,@philippedelteil,@imjust0)
[high]
[short-io-takeover] Short.io takeover detection (@philippedelteil) [high]
[simplebooklet-takeover] simplebooklet takeover detection (@pdteam) [high]
[smartjob-takeover] Smartjob Takeover Detection (@pdteam) [high]
[smugmug-takeover] Smugmug Takeover Detection (@pdteam) [high]
[softr-takeover] Softr.io Takeover Detection (@philippedelteil) [high]
[sprintful-takeover] Sprintful Takeover (@mhdsamx) [high]
[squadcast-takeover] Squadcast Takeover Detection (@philippedelteil) [high]
[strikingly-takeover] Strikingly Takeover Detection (@pdteam) [high]
[surge-takeover] surge takeover detection (@pdteam) [high]
[surveygizmo-takeover] surveygizmo takeover detection (@pdteam) [high]
[surveysparrow-takeover] SurveySparrow takeover detection (@philippedelteil) [high]
[tave-takeover] tave takeover detection (@pdteam) [high]
[teamwork-takeover] Teamwork Takeover Detection (@pdteam) [high]
[tilda-takeover] tilda takeover detection (@pdteam) [high]
[tumblr-takeover] tumblr takeover detection (@pdteam,@philippedelteil) [high]
[uberflip-takeover] Uberflip Takeover Detection (@pdteam) [high]
[uptime-takeover] Uptime Takeover Detection (@philippedelteil) [high]
[uptimerobot-takeover] uptimerobot takeover detection (@pdteam) [low]
[uservoice-takeover] Uservoice Takeover Detection (@miryangjung) [high]
[vend-takeover] vend takeover detection (@pdteam) [high]
[vercel-takeover] Vercel Takeover Detection (@brianlam38) [high]
[wishpond-takeover] Wishpond Takeover Detection (@pdteam) [high]
[wix-takeover] Wix Takeover Detection (@harshinsecurity,@philippedelteil) [high]
[wordpress-takeover] WordPress takeover detection (@pdteam,@geeknik) [high]
[worksites-takeover] Worksites Takeover Detection (@melbadry9,@dogasantos) [high]
[wufoo-takeover] wufoo takeover detection (@pdteam) [high]
[zendesk-takeover] Zendesk Takeover Detection (@pdteam) [high]
[dwr-index-detect] DWR detect test page detection (@pussycat0x) [low]
[elasticsearch-sql-client-detect] Elasticsearch - SQL Client Detection
(@pussycat0x) [low]
[elfinder-version] elFinder 2.1.58 - Remote Code Execution (@idealphase) [critical]
[firebase-detect] firebase detect (@organiccrap) [low]
[json-server] Json Server (@dhiyaneshdk) [low]
[74cms-weixin-sqli] 74CMS weixin.php - SQL Injection (@sleepingbag945) [high]
[amazon-ec2-ssrf] Amazon EC2 - Server-side request forgery (SSRF) (@dhiyaneshdk)
[critical]
[apache-flink-unauth-rce] Apache Flink - Remote Code Execution (@pikpikcu)
[critical]
[apache-nifi-rce] Apache NiFi - Remote Code Execution (@arliya) [critical]
[apache-ofbiz-log4j-rce] Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)
(@pdteam) [critical]
[apache-solr-file-read] Apache Solr <=8.8.1 - Local File Inclusion
(@dhiyaneshdk,@philippedelteil) [high]
[apache-solr-log4j-rce] Apache Solr 7+ - Remote Code Execution (Apache Log4j)
(@evan rubinstein,@nvn1729,@j4vaovo) [critical]
[apache-solr-rce] Apache Solr 9.1 - Remote Code Execution (@j4vaovo) [critical]
[jamf-pro-log4j-rce] JamF Pro - Remote Code Execution (Apache Log4j)
(@dhiyaneshdk,@pdteam) [critical]
[avaya-aura-rce] Avaya Aura Utility Services Administration - Remote Code Execution
(@dhiyaneshdk) [critical]
[avaya-aura-xss] Avaya Aura Utility Services Administration - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[avtech-auth-bypass] AVTECH Video Surveillance Product - Authentication Bypass
(@ritikchaddha) [high]
[avtech-dvr-ssrf] AVTECH DVR - SSRF (@ritikchaddha) [medium]
[avtech-unauth-file-download] AVTECH Video Surveillance Product - Unauthenticated
File Download (@ritikchaddha) [high]
[avtech-verification-bypass] AVTECH DVR - Login Verification Code Bypass
(@ritikchaddha) [low]
[antsword-backdoor] AntSword Backdoor Detection (@ffffffff0x) [critical]
[cisco-implant-detect] Cisco IOS XE - Impant Detection (@dhiyaneshdk,@rxerium)
[critical]
[fatpipe-backdoor] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Authorization Bypass
(@gy741) [high]
[jexboss-backdoor] JexBoss - Remote Code Execution (@unkl4b) [critical]
[kevinlab-bems-backdoor] KevinLAB BEMS (Building Energy Management System) -
Backdoor Detection (@gy741) [critical]
[kevinlab-hems-backdoor] KevinLAB HEMS - Backdoor Detection (@gy741) [critical]
[maccmsv10-backdoor] Maccmsv10 - Backdoor Remote Code Execution (@princechaddha)
[critical]
[php-zerodium-backdoor-rce] PHP 8.1.0-dev - Backdoor Remote Code Execution
(@dhiyaneshdk) [critical]
[bsphp-info] BSPHP - Information Disclosure (@ritikchaddha) [low]
[chanjet-tplus-rce] Chanjet TPlus GetStoreWarehouseByStore - Remote Command
Execution (@sleepingbag945) [critical]
[chanjet-tplus-unauth-passreset] Chanjet Tplus - Unauthorized Password Reset
(@0xr2r) [high]
[cisco-broadworks-log4j-rce] Cisco BroadWorks - Remote Code Execution (Apache
Log4j) (@shaikhyaser) [critical]
[cisco-cloudcenter-suite-log4j-rce] Cisco CloudCenter Suite (Log4j) - Remote Code
Execution (@pwnhxl) [critical]
[cisco-unified-communications-log4j] Cisco Unified Communications - Remote Code
Execution (Apache Log4j) (@dhiyaneshdk) [critical]
[cisco-vmanage-log4j] Cisco vManage (Log4j) - Remote Code Execution (@dhiyaneshdk)
[critical]
[cisco-webex-log4j-rce] Cisco WebEx - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[cucm-username-enumeration] Cisco Unified Call Manager Username Enumeration
(@manasmbellani) [medium]
[citrix-oob-memory-read] Citrix Netscaler ADC & Gateway v13.1-50.23 - Out-Of-Bounds
Memory Read (@ice3man) [critical]
[code42-log4j-rce] Apache Code42 - Remote Code Execution (Apache Log4j) (@adam
crosser) [critical]
[concrete-xss] Concrete CMS <8.5.2 - Cross-Site Scripting
(@shifacyclewla,@hackergautam,@djoevanka) [high]
[confluence-ssrf-sharelinks] Atlassian Confluence < 5.8.6 Server-Side Request
Forgery (@techbrunchfr) [medium]
[copyparty-xss] Copyparty v1.8.6 - Cross-Site Scripting (@theamanrawat) [medium]
[dahua-bitmap-fileupload] Dahua Bitmap - File Upload Remote Code Execution
(@dhiyaneshdk) [critical]
[dahua-eims-rce] Dahua EIMS - Remote Command Execution (@dhiyaneshdk) [critical]
[dahua-icc-backdoor-user] Dahua Intelligent IoT - Information Disclosure
(@dhiyaneshdk) [high]
[dahua-wpms-lfi] Dahua Smart Park Management Platform - Arbitary File Read
(@dhiyaneshdk) [high]
[dahua-wpms-rce] Dahua Smart Park Integrated Management Platform - Remote Command
Execution (@dhiyaneshdk) [critical]
[dbgate-unauth-rce] DbGate Web Client - Unauthenticated Remote Command Execution
(@h0j3n) [critical]
[dedecms-carbuyaction-fileinclude] DedeCmsV5.6 Carbuyaction Fileinclude (@pikpikcu)
[high]
[dedecms-config-xss] DedeCMS 5.7 - Cross-Site Scripting (@ritikchaddha) [high]
[dedecms-membergroup-sqli] Dede CMS - SQL Injection (@pikpikcu) [critical]
[dedecms-openredirect] DedeCMS - Open Redirect (@pikpikcu) [medium]
[dedecms-rce] DedeCMS 5.8.1-beta - Remote Code Execution (@ritikchaddha) [critical]
[deos-open500ems-panel] DEOS OPEN 500EMS Controller - Admin Exposure (@sullo)
[high]
[discuz-api-pathinfo] Discuz! X2.5 - Path Disclosure (@ritikchaddha) [low]
[dlink-netgear-xss] Dlink DSR-250 and Netgear Prosafe - Cross-Site Scripting
(@gtrrnr,@vulnspace) [medium]
[drupal-avatar-xss] Drupal Avatar Uploader - Cross-Site Scripting (@bywalks) [high]
[node-ecstatic-internal-path] Node ecstatic Internal Path - Exposure (@dhiyaneshdk)
[low]
[node-ecstatic-listing] Node ecstatic Directory Listing (@dhiyaneshdk) [low]
[esafenet-mysql-fileread] Esafenet CDG mysql - File Read (@dhiyaneshdk) [high]
[fastjson-1-2-24-rce] Fastjson 1.2.24 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-41-rce] Fastjson 1.2.41 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-42-rce] Fastjson 1.2.42 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-43-rce] Fastjson 1.2.43 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-47-rce] Fastjson 1.2.47 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-62-rce] Fastjson 1.2.62 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-67-rce] Fastjson 1.2.67 - Remote Code Execution (@zh) [critical]
[fastjson-1-2-68-rce] Fastjson 1.2.68 - Remote Code Execution (@zh) [critical]
[fine-report-v9-file-upload] FineReport v9 Arbitrary File Overwrite
(@sleepingbag945) [critical]
[finereport-path-traversal] FineReport 8.0 - Local File Inclusion (@pikpikcu)
[high]
[froxlor-xss] Froxlor Server Management - Cross-Site Scripting (@tess) [medium]
[basic-xss-prober] Basic XSS Prober - Cross-Site Scripting (@nadino,@geeknik) [low]
[cache-poisoning-xss] Cache Poisoning - Stored XSS (@melbadry9,@xelkomy,@akincibor)
[high]
[cache-poisoning] Cache Poisoning Detection
(@melbadry9,@xelkomy,@akincibor,@dogasantos) [low]
[crlf-injection-generic] CRLF - Injection Detection (@melbadry9,@nadino,@xelkomy)
[low]
[error-based-sql-injection] Error based SQL injection (@geeknik) [critical]
[generic-blind-xxe] Generic Blind XXE (@geeknik) [high]
[generic-env] Generic Env File Disclosure (@kazet) [high]
[generic-j2ee-lfi] Generic J2EE LFI Scan Panel - Detect (@davidfegyver) [high]
[generic-linux-lfi] Generic Linux - Local File Inclusion
(@geeknik,@unstabl3,@pentest_swissky,@sushantkamble,@0xsmiley,@dhiyaneshdk) [high]
[generic-windows-lfi] Windows - Local File Inclusion
(@mesaglio,@sushantkamble,@ritikchaddha) [high]
[open-redirect-generic] Open Redirect - Detection
(@afaq,@melbadry9,@elmahdi,@pxmme1337,@regala_,@andirrahmani1,@geeknik) [medium]
[top-xss-params] Top 38 Parameters - Cross-Site Scripting (@foulenzer,@geeknik)
[high]
[xmlrpc-pingback-ssrf] XMLRPC Pingback SSRF (@geeknik) [high]
[xss-fuzz] Fuzzing Parameters - Cross-Site Scripting (@kazet) [medium]
[gitea-rce] Gitea 1.4.0 - Remote Code Execution (@theamanrawat) [critical]
[gitlab-rce] GitLab CE/EE Unauthenticated RCE Using ExifTool (@pdteam) [critical]
[gnuboard-sms-xss] Gnuboard CMS - Cross-Site Scripting (@gy741) [medium]
[gnuboard5-rxss] Gnuboard 5 - Cross-Site Scripting (@arafatansari) [medium]
[gnuboard5-xss] Gnuboard 5 - Cross-Site Scripting (@arafatansari) [medium]
[grafana-file-read] Grafana 8.x - Local File Inclusion
(@z0ne,@dhiyaneshdk,@jeya.seelan,@dwisiswant0,@j4vaovo) [high]
[hikvision-fastjson-rce] HIKVISION applyCT Fastjson - Remote Command Execution
(@sleepingbag945) [critical]
[hikvision-ivms-file-upload-bypass] Hikvison iVMS - File Upload Bypass
(@sleepingbag945) [critical]
[hikvision-ivms-file-upload-rce] Hikvision iVMS-8700 - File Upload Remote Code
Execution (@brucelsone) [critical]
[hikvision-js-files-upload] Hikvision iSecure Center - File Upload (@xc1ym)
[critical]
[httpbin-open-redirect] HTTPBin - Open Redirect (@adam crosser) [medium]
[httpbin-xss] HTTPBin - Cross-Site Scripting (@adam crosser) [high]
[huatian-oa-sqli] Huatian Power OA 8000 - SQL Injection (@ritikchaddha) [high]
[huawei-authhttp-lfi] Huawei Auth Http Server - Arbitrary File Read (@dhiyaneshdk)
[high]
[huawei-firewall-lfi] Huawei Firewall - Local File Inclusion (@taielab) [high]
[huawei-hg255s-lfi] Huawei HG255s - Local File Inclusion (@0x_akoko) [high]
[eclipse-help-system-xss] IBM Eclipse Help System - Cross-Site Scripting
(@pikpikcu) [high]
[ibm-infoprint-lfi] IBM InfoPrint 4247-Z03 Impact Matrix Printer - Local File
Inclusion (@harshbothra_) [high]
[idocview-2word-fileupload] IDoc View /html/2word - Arbitrary File Upload
(@dhiyaneshdk) [high]
[idocview-lfi] IDoc View - Arbitrary File Read (@dhiyaneshdk) [high]
[liferay-resource-leak] Liferay - Local File Inclusion (@dhiyaneshdk) [high]
[jamf-blind-xxe] JAMF Blind XXE / SSRF (@pdteam) [medium]
[jamf-log4j-jndi-rce] JamF (Log4j) - Remote Code Execution (@pdteam) [critical]
[jenkins-script] Jenkins - Remote Code Execution (@philippedelteil,@dhiyaneshdk)
[critical]
[jenkins-stack-trace] Detect Jenkins in Debug Mode with Stack Traces Enabled
(@dheerajmadhukar) [low]
[unauthenticated-jenkins] Jenkins Dashboard - Unauthenticated Access (@dhiyaneshdk)
[high]
[jinhe-jc6-sqli] Jinhe OA - SQL Injection (@ky9oss) [high]
[jinhe-oa-c6-lfi] Jinhe OA C6 download.jsp - Arbitary File Read (@sleepingbag945)
[high]
[jira-servicedesk-signup] Atlassian Jira Service Desk Signup (@techbrunchfr)
[medium]
[joomla-com-booking-component] Joomla! com_booking component 2.4.9 - Information
Leak (@r3y3r53) [high]
[joomla-department-sqli] Joomla `departments` - SQL Injection (@ritikchaddha)
[high]
[joomla-easyshop-lfi] Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
(@ritikchaddha) [high]
[joomla-iproperty-xss] Joomla iProperty Real Estate 4.1.1 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-joombri-careers-xss] Joomla JoomBri Careers 3.3.0 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-jvehicles-lfi] Joomla! Component com_sef - Local File Inclusion
(@daffainfo) [high]
[joomla-jvtwitter-xss] Joomla JVTwitter - Cross-Site Scripting (@r3y3r53) [medium]
[joomla-marvikshop-sqli] Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
(@r3y3r53) [high]
[joomla-marvikshop-xss] Joomla MarvikShop ShoppingCart 3.4 - Cross-Site Scripting
(@r3y3r53) [medium]
[joomla-solidres-xss] Joomla Solidres 2.13.3 - Cross-Site Scripting (@r3y3r53)
[medium]
[rusty-joomla] Joomla! CMS <=3.4.6 - Remote Code Execution (@leovalcante,@kiks7)
[critical]
[jorani-benjamin-xss] Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting
(@ritikchaddha) [medium]
[junos-xss] JunOS - Cross-Site Scripting (@dhiyaneshdk) [medium]
[jupyter-notebook-rce] Jupyter Notebook - Remote Command Execution (@huta0) [high]
[kkfileview-ssrf] kkFileView 4.0.0 - Server-Side Request Forgery (@arm!tage) [high]
[landray-eis-sqli] Landray EIS - SQL Injection (@dhiyaneshdk) [high]
[landray-eis-ws-infoleak] Landray EIS WS_getAllInfos - Information Disclosure
(@fur1na) [high]
[landray-oa-sysSearchMain-editParam-rce] Landray-OA - Remote code Execution
(@sleepingbag945) [critical]
[landray-oa-treexml-rce] Landray OA Treexml.tmpl - Remote Code Execution
(@tangxiaofeng7,@sleepingbag945) [high]
[laravel-ignition-xss] Laravel Ignition - Cross-Site Scripting (@0x_akoko) [high]
[lucee-rce] Lucee < 6.0.1.59 - Remote Code Execution
(@rootxharsh,@iamnoooob,@pdresearch) [critical]
[magento-cacheleak] Magento Cacheleak (@techbrunchfr) [high]
[magento-unprotected-dev-files] Magento Unprotected development files
(@techbrunchfr) [high]
[metersphere-plugin-rce] MeterSphere - Remote Code Execution
(@pdteam,@y4er,@pdresearch,@rootxharsh,@iamnoooob) [critical]
[office-webapps-ssrf] Office Web Apps Server Full Read - Server Side Request
Forgery (@dhiyaneshdk) [high]
[mobileiron-log4j-jndi-rce] Ivanti MobileIron (Log4j) - Remote Code Execution
(@meme-lord) [critical]
[moodle-filter-jmol-lfi] Moodle Jmol Filter 6.1 - Local File Inclusion (@madrobot)
[high]
[moodle-filter-jmol-xss] Moodle Jsmol - Cross-Site Scripting (@madrobot) [medium]
[moodle-xss] Moodle - Cross-Site Scripting (@hackergautam) [medium]
[netmizer-cmd-rce] NetMizer LogManagement System cmd.php - Remote Code Execution
(@dhiyaneshdk) [critical]
[netmizer-data-listing] NetMizer LogManagement System Data - Directory Exposure
(@dhiyaneshdk) [high]
[netsweeper-open-redirect] Netsweeper 4.0.9 - Open Redirect (@daffainfo) [medium]
[netsweeper-rxss] Netsweeper 4.0.9 - Cross-Site Scripting (@daffainfo) [high]
[nps-auth-bypass] NPS - Authentication Bypass (@sleepingbag945) [high]
[nuxt-js-lfi] Arbitrary File Read in Dev Mode - Nuxt.js (@dhiyaneshdk) [high]
[nuxt-js-semi-lfi] Semi Arbitrary File Read in Dev Mode - Nuxt.js (@dhiyaneshdk)
[medium]
[nuxt-js-xss] Error Page XSS - Nuxt.js (@dhiyaneshdk) [medium]
[opencpu-rce] OpenCPU - Remote Code Execution (@wa1tf0rme) [critical]
[oracle-ebs-bispgrapgh-file-read] Oracle eBusiness Suite - Improper File Access
(@emenalf,@tirtha_mandal,@thomas_from_offensity) [critical]
[oracle-siebel-xss] Oracle Siebel Loyalty 8.1 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[oscommerce-rce] osCommerce 2.3.4.1 - Remote Code Execution (@suman_kar) [high]
[3cx-management-console] 3CX Management Console - Local File Inclusion (@random-
robbie) [high]
[74cms-sqli] 74cms Sql Injection (@princechaddha) [critical]
[WSO2-2019-0598] WSO2 <5.8.0 - Server Side Request Forgery (@amnotacat) [medium]
[accent-microcomputers-lfi] Accent Microcomputers LFI (@0x_akoko) [high]
[acme-xss] Let's Encrypt - Cross-Site Scripting (@pdteam) [high]
[acti-video-lfi] ACTi-Video Monitoring - Local File Inclusion (@dhiyaneshdk) [high]
[aerocms-sqli] AeroCMS 0.0.1 - SQL Injection (@shivampand3y) [critical]
[aic-intelligent-password-exposure] AIC Intelligent Campus System - Password
Exposure (@sleepingbag945) [medium]
[alibaba-anyproxy-lfi] Alibaba Anyproxy fetchBody File - Path Traversal
(@dhiyaneshdk) [high]
[alumni-management-sqli] Alumni Management System 1.0 - SQL Injection
(@arafatansari) [critical]
[apache-druid-log4j] Apache Druid - Remote Code Execution (Apache Log4j)
(@sleepingbag945) [critical]
[applezeed-sqli] Applezeed - SQL Injection (@r3y3r53) [high]
[aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure
(@securityforeveryone) [high]
[array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x)
[high]
[asanhamayesh-lfi] Asanhamayesh CMS 3.4.6 - Local File Inclusion (@0x_akoko) [high]
[aspcms-commentlist-sqli] AspCMS commentList.asp - SQL Injection (@sleepingbag945)
[high]
[aspnuke-openredirect] ASP-Nuke - Open Redirect (@pdteam) [medium]
[avada-xss] WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
(@akincibor) [high]
[avcon6-execl-lfi] AVCON6 org_execl_download.action - Arbitrary File Download
(@dhiyaneshdk) [high]
[avcon6-lfi] AVCON6 - Arbitrary File Download (@dhiyaneshdk) [high]
[bems-api-lfi] Longjing Technology BEMS API 1.21 - Local File Inclusion (@gy741)
[high]
[beward-ipcamera-disclosure] BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary
File Disclosure (@geeknik) [high]
[beyond-trust-xss] BeyondTrust Remote Support 6.0 - Cross-Site Scripting (@r3y3r53)
[medium]
[bitrix-open-redirect] Bitrix Site Management Russia 2.0 - Open Redirect
(@pikpikcu,@gtrrnr) [medium]
[blue-ocean-excellence-lfi] Blue Ocean Excellence - Local File Inclusion
(@pikpikcu) [high]
[brightsign-dsdws-ssrf] BrightSign Digital Signage Diagnostic Web Server 8.2.26
Unauthenticated - SSRF (@0x_akoko) [medium]
[bullwark-momentum-lfi] Bullwark Momentum Series JAWS 1.0 - Local File Inclusion
(@pikpikcu) [high]
[cacti-weathermap-file-write] Cacti Weathermap File Write (@pikpikcu) [medium]
[caimore-gateway-rce] CAIMORE Gateway - Remote Code Execution (@momika233) [high]
[carel-bacnet-gateway-traversal] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local
File Inclusion (@gy741) [high]
[carrental-xss] Car Rental Management System 1.0 - Cross-Site Scripting
(@arafatansari) [medium]
[castel-digital-sqli] Castel Digital - Authentication Bypass (@kazgangap) [high]
[cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
[chamilo-lms-sqli] Chamilo 1.11.14 - SQL Injection (@undefl0w) [critical]
[chamilo-lms-xss] Chamilo LMS 1.11.14 Cross-Site Scripting (@geeknik) [high]
[citrix-xenapp-log4j-rce] Citrix XenApp - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[ckan-dom-based-xss] CKAN - DOM Cross-Site Scripting (@dhiyaneshdk) [high]
[clodop-printer-lfi] C-Lodop Printer - Arbitrary File Read (@dhiyaneshdk) [high]
[cloud-oa-system-sqli] Cloud OA System - SQL Injection (@sleepingbag945) [high]
[cmseasy-crossall-sqli] CmsEasy crossall_act - SQL Injection (@sleepingbag945)
[high]
[coldfusion-debug-xss] Adobe ColdFusion - Cross-Site Scripting (@dhiyaneshdk)
[high]
[comai-ras-cookie-bypass] Comai RAS System Cookie - Authentication Override
(@sleepingbag945) [high]
[commax-biometric-auth-bypass] COMMAX Biometric Access Control System 1.0.0 -
Authentication Bypass (@gy741) [critical]
[commax-credentials-disclosure] COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP
Credentials Disclosure (@gy741) [critical]
[comtrend-password-exposure] Comtrend ADSL - Remote Code Execution (@geeknik)
[high]
[core-chuangtian-cloud-rce] Core Chuangtian Cloud Desktop System - Remote Code
Execution (@pikpikcu) [critical]
[couchdb-adminparty] CouchDB Admin Default - Detect (@organiccrap) [high]
[crawlab-lfi] Crawlab - Arbitrary File Read (@pussycat0x) [high]
[crystal-live-server-lfi] Crystal Live HTTP Server 6.01 - Local File Inclusion
(@0x_akoko) [high]
[cs-cart-unauthenticated-lfi] CS-Cart - Local File Inclusion (@0x_akoko) [high]
[csz-cms-sqli] CSZ CMS 1.3.0 - SQL Injection (@r3y3r53) [high]
[cvms-sqli] Company Visitor Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[dicoogle-pacs-lfi] Dicoogle PACS 2.5.0 - Local File Inclusion (@0x_akoko) [high]
[digital-ocean-ssrf] Digital Ocean - Server-side request forgery (SSRF)
(@dhiyaneshdk) [critical]
[digitalrebar-traversal] Digital Rebar - Local File Inclusion (@c-sh0) [high]
[discourse-xss] Discourse - Cross-Site Scripting (@madrobot) [high]
[dixell-xweb500-filewrite] Emerson Dixell XWEB-500 - Arbitrary File Write
(@hackerarpan) [critical]
[doorgets-info-disclosure] DoorGets CMS v7.0 - Information Disclosure (@r3y3r53)
[high]
[dotnetcms-sqli] Dotnet CMS - SQL Injection (@ritikchaddha) [critical]
[dss-download-fileread] DSS Download - Local File Inclusion (@ritikchaddha) [high]
[duomicms-sql-injection] Duomi CMS - SQL Injection (@pikpikcu) [critical]
[dzzoffice-xss] Dzzoffice 2.02.1 - Cross-Site Scripting (@arafatansari) [high]
[eaa-app-lfi] EAA Application Access System - Arbitary File Read (@momika233)
[high]
[easycvr-info-leak] EasyCVR video management - Users Information Exposure
(@pussycat0x) [high]
[easyimage-downphp-lfi] EasyImage down.php - Arbitrary File Read (@dhiyaneshdk)
[high]
[ecology-oa-file-sqli] E-cology FileDownloadForOutDocSQL - SQL Injection
(@momika233) [high]
[ecshop-sqli] ECShop 2.x/3.x - SQL Injection (@lark-
lab,@imnightmaree,@ritikchaddha) [critical]
[ecsimagingpacs-rce] ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File
Inclusion (@ritikchaddha) [critical]
[eibiz-lfi] Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
(@0x_akoko) [high]
[elFinder-path-traversal] elFinder <=2.1.12 - Local File Inclusion (@ritikchaddha)
[high]
[elasticsearch5-log4j-rce] Elasticsearch 5 - Remote Code Execution (Apache Log4j)
(@akincibor) [critical]
[empirecms-xss] EmpireCMS 7.5 - Cross-Site Scripting (@pikpikcu) [high]
[ems-sqli] Employee Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[ep-web-cms-xss] EP Web Solutions CMS - Cross Site Scripting (@r3y3r53) [medium]
[epp-server-lfi] EPP Server - Local File Inclusion (@dhiyaneshdk) [high]
[erensoft-sqli] ErenSoft - SQL Injection (@r3y3r53) [high]
[eris-xss] Complete Online Job Search System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[etouch-v2-sqli] ECTouch 2 - SQL Injection (@princechaddha) [critical]
[ewebs-arbitrary-file-reading] EWEBS - Local File Inclusion (@pikpikcu) [high]
[eyelock-nano-lfd] EyeLock nano NXT 3.5 - Arbitrary File Retrieval (@geeknik)
[high]
[f-secure-policymanager-log4j-rce] F-Secure Policy Manager - Remote Code Execution
(Apache Log4j) (@shaikhyaser) [critical]
[fanruanoa2012-disclosure] Fanruan Report 2012 Information Disclosure (@yanyun)
[high]
[fatpipe-auth-bypass] FatPipe WARP 10.2.2 - Authorization Bypass (@gy741) [high]
[feifeicms-lfr] FeiFeiCms - Local File Inclusion (@princechaddha) [high]
[finecms-sqli] FineCMS 5.0.10 - SQL Injection (@ritikchaddha) [critical]
[flatpress-xss] FlatPress 1.2.1 - Stored Cross-Site Scripting (@arafatansari)
[medium]
[flexnet-log4j-rce] Flexnet - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[flir-ax8-rce] FLIR-AX8 res.php - Remote Code Execution (@momika233) [critical]
[flir-path-traversal] Flir - Local File Inclusion (@pikpikcu) [high]
[fortiportal-log4j-rce] FortiPortal - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[geowebserver-lfi] GeoVision Geowebserver 5.3.3 - Local File Inclusion (@madrobot)
[high]
[geowebserver-xss] GeoVision Geowebserver 5.3.3 - Cross-Site Scripting (@madrobot)
[high]
[global-domains-lfi] Global Domains International - Local File Inclusion
(@0x_akoko) [high]
[global-domains-xss] Global Domains International - Cross-Site Scripting
(@princechaddha) [high]
[glodon-linkworks-sqli] Glodon Linkworks GWGdWebService - SQL injection
(@dhiyaneshdk) [high]
[gloo-unauth] Unauthenticated Gloo UI (@dhiyaneshdk) [high]
[goanywhere-mft-log4j-rce] GoAnywhere Managed File Transfer - Remote Code
Execution (Apache Log4j) (@pussycat0x) [critical]
[goip-1-lfi] GoIP-1 GSM - Local File Inclusion (@gy741) [high]
[graylog-log4j] Graylog (Log4j) - Remote Code Execution (@dhiyaneshdk) [critical]
[groomify-sqli] Groomify v1.0 - SQL Injection Vulnerability (@theamanrawat) [high]
[groupoffice-lfi] Groupoffice 3.4.21 - Local File Inclusion (@0x_akoko) [high]
[gsoap-lfi] gSOAP 2.8 - Local File Inclusion (@0x_akoko) [high]
[gz-forum-script-xss] GZ Forum Script 1.8 - Cross-Site Scripting (@r3y3r53)
[medium]
[h3c-cvm-arbitrary-file-upload] H3C CVM - Arbitrary File Upload (@sleepingbag945)
[critical]
[h3c-imc-rce] H3c IMC - Remote Code Execution (@pikpikcu) [critical]
[hanming-lfr] Hanming Video Conferencing - Local File Inclusion (@ritikchaddha)
[high]
[hanta-rce] Hanta Internet Behavior Management System - Remote Code Execution
(@momika233) [high]
[hashicorp-consul-rce] Hashicorp Consul Services API - Remote Code Execution
(@pikpikcu) [critical]
[hasura-graphql-psql-exec] Hasura GraphQL Engine - Remote Code Execution (@udyz)
[critical]
[hasura-graphql-ssrf] Hasura GraphQL Engine - Server Side Request Forgery
(@princechaddha) [high]
[hiboss-rce] Hiboss - Remote Code Execution (@pikpikcu) [critical]
[hikvision-isecure-center-rce] HIKVISION iSecure Center - Remote Code Execution
(@sleepingbag945) [critical]
[hjtcloud-arbitrary-file-read] HJTcloud - Local File Inclusion (@pikpikcu) [high]
[hjtcloud-rest-arbitrary-file-read] HJTcloud - Local File Inclusion (@pikpikcu)
[high]
[homeautomation-v3-openredirect] HomeAutomation 3.3.2 - Open Redirect (@0x_akoko)
[medium]
[hongfan-ioffice-lfi] Hongfan OA ioFileExport.aspx - Arbitrary File Read
(@sleepingbag945) [medium]
[hongfan-ioffice-rce] Hongfan OA ioAssistance.asmx - Remote Code Execution
(@sleepingbag945) [high]
[hongfan-ioffice-sqli] Hongfan OA udfmr.asmx - SQL injection (@sleepingbag945)
[high]
[hospital-management-xss] Hospital Management System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[hospital-management-xss2] Hospital Management System 1.0 - Cross-Site Scripting
(@arafatansari) [high]
[hrsale-unauthenticated-lfi] Hrsale 2.0.0 - Local File Inclusion (@0x_akoko) [high]
[huatian-oa8000-sqli] Huatian Power OA 8000 workFlowService - SQL injection
(@sleepingbag945) [critical]
[huawei-hg659-lfi] HUAWEI HG659 - Local File Inclusion (@pikpikcu) [high]
[huawei-router-auth-bypass] Huawei Router - Authentication Bypass (@gy741)
[critical]
[huijietong-cloud-fileread] Huijietong - Local File Inclusion
(@princechaddha,@ritikchaddha) [high]
[huiwen-bibliographic-info-leak] Huiwen library bibliographic Retrieval System -
Information Exposure (@sleepingbag945) [high]
[icewarp-open-redirect] IceWarp - Open Redirect (@uomogrande) [medium]
[icewarp-webclient-rce] IceWarp WebClient - Remote Code Execution (@gy741)
[critical]
[indonasia-toko-cms-sql] Indonasia Toko CMS - SQL Injection (@r3y3r53) [high]
[inspur-clusterengine-rce] Inspur Clusterengine V4 SYSshell - Remote Command
Execution (@ritikchaddha) [critical]
[interlib-fileread] Interlib - Local File Inclusion (@pikpikcu) [high]
[java-melody-xss] JavaMelody - Cross-Site Scripting (@kailashbohara) [high]
[jeewms-lfi] JEEWMS - Local File Inclusion (@pikpikcu) [high]
[jfrog-unauth-build-exposed] JFrog Unauthentication Builds (@dhiyaneshdk) [medium]
[jinfornet-jreport-lfi] Jinfornet Jreport 15.6 - Local File Inclusion (@0x_akoko)
[high]
[jitsi-meet-log4j-rce] Jitsi Meet - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[joomla-com-fabrik-lfi] Joomla! com_fabrik 3.9.11 - Local File Inclusion
(@dhiyaneshdk) [high]
[joomla-jlex-xss] Joomla JLex Review 6.0.1 - Cross-Site Scripting (@r3y3r53)
[medium]
[joomla-jmarket-xss] Joomla jMarket 5.15 - Cross-Site Scripting (@r3y3r53) [medium]
[kafdrop-xss] KafDrop - Cross-Site Scripting (@dhiyaneshdk) [high]
[karel-ip-phone-lfi] Karel IP Phone IP1211 Web Management Panel - Local File
Inclusion (@0x_akoko) [high]
[kavita-lfi] Kavita - Local File Inclusion (@arafatansari) [high]
[kevinlab-bems-sqli] KevinLAB BEMS 1.0 - SQL Injection (@gy741) [critical]
[khodrochi-cms-xss] Khodrochi CMS - Cross Site Scripting (@r3y3r53) [medium]
[kingdee-eas-directory-traversal] Kingdee EAS - Local File Inclusion
(@ritikchaddha) [high]
[kingdee-erp-rce] Kingdee OA Yunxingkong kdsvc - Remote Code Execution
(@sleepingbag945) [critical]
[kingsoft-v8-file-read] Kingsoft 8 - Local File Inclusion (@ritikchaddha) [high]
[kingsoft-vgm-lfi] Kingsoft VGM Antivirus - Arbitrary File Read (@abbas.heybati)
[high]
[kiwitcms-json-rpc] Kiwi TCMS Information Disclosure (@act1on3) [high]
[kedacom-network-lfi] Kedacom Network Keyboard Console - Arbitrary File Read
(@dhiyaneshdk) [high]
[kyocera-m2035dn-lfi] Kyocera Command Center RX ECOSYS M2035dn - Local File
Inclusion (@0x_akoko) [high]
[landray-oa-datajson-rce] Landray OA Datajson S Bean - Remote Code Execution
(@sleepingbag945) [critical]
[landray-oa-erp-data-rce] Landray-OA - Remote Code Execution (@sleepingbag945)
[critical]
[laravel-filemanager-lfi] UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
(@hackerarpan) [high]
[lean-value-listing] LVS Lean Value Management System Business - Directory Listing
(@pussycat0x) [low]
[livebos-file-read] LiveBOS ShowImage.do - Arbitrary File Read (@yusakie) [high]
[loancms-sqli] Loan Management System 1.0 - SQL Injection (@arafatansari)
[critical]
[logstash-log4j-rce] Logstash - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[lokomedia-cms-lfi] Lokomedia CMS - LFI Vulnerability (@r3y3r53) [high]
[lotuscms-rce] LotusCMS 3.0 - Remote Code Execution (@pikpikcu) [critical]
[lucee-unset-credentials] Lucee - Unset Credentials (@jpg0mez) [high]
[lucee-xss] Lucee - Cross-Site Scripting (@incogbyte) [high]
[luftguitar-arbitrary-file-upload] Luftguitar CMS Arbitrary File Upload (@pikpikcu)
[high]
[magicflow-lfi] MagicFlow - Local File Inclusion (@gy741) [high]
[maltrail-rce] Maltrail <= v0.54 - Unauthenticated OS Command Injection
(@pussycat0x) [critical]
[manage-engine-dc-log4j-rce] Manage Engine Desktop Central - Remote Code Execution
(Apache Log4j) (@shaikhyaser) [critical]
[mcafee-epo-rce] McAfee ePolicy Orchestrator - Arbitrary File Upload (@dwisiswant0)
[high]
[metabase-log4j] Metabase - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[metinfo-lfi] MetInfo <=6.1.0 - Local File Inclusion (@pikpikcu) [high]
[microstrategy-ssrf] MicroStrategy tinyurl - Server-Side Request Forgery (Blind)
(@organiccrap) [high]
[microweber-xss] Microweber Cross-Site Scripting (@gy741) [high]
[mida-eframework-xss] Mida eFramework - Cross-Site Scripting (@pikpikcu) [high]
[minimouse-lfi] Mini Mouse 9.2.0 - Local File Inclusion (@0x_akoko) [high]
[mirai-unknown-rce] Mirai - Remote Command Injection (@gy741) [critical]
[mpsec-lfi] MPSec ISG1000 - Local File Inclusion (@pikpikcu) [high]
[myucms-lfr] MyuCMS - Local File Inclusion (@princechaddha) [high]
[nacos-auth-bypass] Nacos 1.x - Authentication Bypass
(@taielab,@pikpikcu,@sleepingbag945) [critical]
[natshell-path-traversal] NatShell - Local File Inclusion (@pikpikcu) [high]
[natshell-rce] NatShell Debug File - Remote Code Execution (@pikpikcu) [critical]
[netgear-router-auth-bypass] NETGEAR DGN2200v1 - Authentication Bypass (@gy741)
[high]
[netgear-router-exposure] NETGEAR Routers - Serial Number Disclosure (@geeknik)
[medium]
[netgear-wac124-router-auth-bypass] NETGEAR WAC124 - Authentication Bypass (@gy741)
[high]
[netis-info-leak] Netis E1+ V1.2.32533 - WiFi Password Disclosure (@gy741) [high]
[news-script-xss] News Script Pro 2.4 - Cross-Site Scripting (@r3y3r53) [medium]
[nextjs-redirect] Next.js <1.2.3 - Open Redirect (@dhiyaneshdk) [medium]
[nginx-merge-slashes-path-traversal] Nginx Server - Local File Inclusion
(@dhiyaneshdk) [high]
[nginx-module-vts-xss] Nginx Virtual Host Traffic Status Module - Cross-Site
Scripting (@madrobot,@j4vaovo) [high]
[nginxwebui-runcmd-rce] nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution
(@dhiyaneshdk) [critical]
[nsasg-arbitrary-file-read] NS ASG - Local File Inclusion (@pikpikcu,@ritikchaddha)
[high]
[nuuo-file-inclusion] NUUO NVRmini 2 3.0.8 - Local File Inclusion (@princechaddha)
[high]
[nuuo-nvrmini2-rce] NUUO NVRmini 2 3.0.8 - Remote Code Execution (@berkdusunur)
[critical]
[odoo-cms-redirect] Odoo CMS - Open Redirect (@0x_akoko) [medium]
[office-suite-xss] Office Suite Premium < 10.9.1.42602 - Cross-Site Scripting
(@r3y3r53) [medium]
[office365-indexs-fileread] OfficeWeb365 Indexs Interface - Arbitary File Read
(@dhiyaneshdk) [high]
[okta-log4j-rce] Okta - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[oliver-library-lfi] Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
(@gy741) [high]
[onlinefarm-management-xss] Online Farm Management System 0.1.0 - Cross-Site
Scripting (@arafatansari) [high]
[opencart-core-sqli] OpenCart Core 4.0.2.3 'search' - SQL Injection (@kazgangap)
[high]
[opencti-lfi] OpenCTI 3.3.1 - Local File Inclusion (@0x_akoko) [high]
[opennms-log4j-jndi-rce] OpenNMS - JNDI Remote Code Execution (Apache Log4j)
(@johnk3r) [critical]
[openshift-log4j-rce] OpenShift - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[opensis-lfi] openSIS 5.1 - Local File Inclusion (@pikpikcu) [high]
[opensns-rce] OpenSNS - Remote Code Execution (@gy741) [critical]
[optilink-ont1gew-gpon-rce] OptiLink ONT1GEW GPON Remote Code Execution (@gy741)
[critical]
[oracle-fatwire-lfi] Oracle Fatwire 6.3 - Path Traversal (@bernardo rodrigues
@bernardofsr) [high]
[orbiteam-bscw-server-lfi] OrbiTeam BSCW Server - Local File Inclusion (@0x_akoko)
[high]
[otobo-open-redirect] Otobo - Open Redirect (@0x_akoko) [medium]
[ozeki-10-sms-gateway] Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read
(@r3y3r53) [high]
[pacsone-server-lfi] PACSOne Server 6.6.2 - Local File Inclusion (@0x_akoko) [high]
[panabit-ixcache-rce] Panabit iXCache date_config - Remote Code Execution
(@momika233) [critical]
[papercut-log4j-rce] Papercut - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[parallels-hsphere-xss] Parallels H-Sphere - Cross-Site Scripting (@ritikchaddha)
[high]
[parentlink-xss] Blackboard - Cross-Site Scripting (@r3naissance) [high]
[pbootcms-database-file-download] PbootCMS 2.0.7 - SQL Injection (@ritikchaddha)
[critical]
[pdf-signer-ssti-to-rce] PDF Signer 3.0 - Template Injection (@madrobot) [critical]
[pega-log4j-rce] Pega - Remote Code Execution (Apache Log4j) (@shaikhyaser)
[critical]
[php-timeclock-xss] PHP Timeclock <=1.04 - Cross-Site Scripting (@pikpikcu) [high]
[phpldapadmin-xss] PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
(@godfatherorwa,@herry) [medium]
[phpok-sqli] PHPOK - SQL Injection (@ritikchaddha) [critical]
[phpwiki-lfi] phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion (@0x_akoko)
[high]
[phuket-cms-sqli] Phuket Solution CMS - SQL Injection (@r3y3r53) [high]
[phuket-cms-xss] Phuket Solution CMS - Cross Site Scripting (@r3y3r53) [medium]
[pmb-directory-traversal] PMB 5.6 - Local File Inclusion (@geeknik) [high]
[pmb-local-file-disclosure] PMB 5.6 - Local File Inclusion (@dhiyaneshdk) [high]
[pmb-sqli] PMB <= 7.4.6 - SQL Injection (@r3y3r53) [high]
[pmb-xss] PMB v7.4.1 - Cross Site Scripting (@r3y3r53) [medium]
[podcast-generator-ssrf] PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
(@ritikchaddha,@mrharshvardhan) [high]
[pollbot-redirect] Mozilla Pollbot - Open Redirect (@evan rubinstien) [medium]
[powercreator-cms-rce] PowerCreator CMS - Remote Code Execution (@pikpikcu)
[critical]
[processmaker-lfi] ProcessMaker <=3.5.4 - Local File Inclusion (@kre80r) [high]
[pyspider-unauthorized-access] Pyspider Unauthorized Access (@ritikchaddha) [high]
[qcubed-xss] Qcubed - Cross-Site Scripting (@pikpikcu) [high]
[qi-anxin-netkang-next-generation-firewall-rce] Qi'anxin Netkang Next Generation
Firewall - Remote Code Execution (@pikpikcu) [critical]
[qihang-media-disclosure] QiHang Media Web Digital Signage 3.0.9 - Cleartext
Credentials Disclosure (@gy741) [high]
[qihang-media-lfi] QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Arbitrary
File Disclosure (@gy741) [high]
[qizhi-fortressaircraft-unauth] Qizhi Fortressaircraft Unauthorized Access
(@ritikchaddha) [high]
[quick-cms-sqli] Quick.CMS v6.7 - SQL Injection (@kazgangap) [high]
[rconfig-file-upload] rConfig 3.9.5 - Arbitrary File Upload (@dwisiswant0) [high]
[reddittop-rss-xss] Reddit Top RSS - Cross-Site Scripting (@arafatansari) [high]
[rentequip-xss] RentEquip Multipurpose Rental 1.0 - Cross Site Scripting (@r3y3r53)
[medium]
[resin-cnnvd-200705-315] Caucho Resin Information Disclosure (@princechaddha)
[high]
[resin-inputfile-fileread] Caucho Resin LFR (@princechaddha) [high]
[resin-viewfile-lfr] Caucho Resin LFR (@princechaddha) [high]
[rockmongo-xss] RockMongo 1.1.8 - Cross-Site Scripting (@pikpikcu) [high]
[rundeck-log4j] Rundeck - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[sangfor-cphp-rce] Sangfor Log Center - Remote Command Execution (@dhiyaneshdk)
[critical]
[sangfor-download-lfi] Sangfor Application download.php - Arbitary File Read
(@dhiyaneshdk) [high]
[sangfor-sysuser-conf] Sangfor Application sys_user.conf Account Password Leakage
(@dhiyaneshdk) [high]
[sanhui-smg-file-read] Synway SMG Gateway down.php - Arbitrary File Read
(@sleepingbag945) [high]
[sap-redirect] SAP Solution Manager - Open Redirect (@gal nagli) [medium]
[sar2html-rce] sar2html 3.2.1 - Remote Command Injection (@gy741) [critical]
[seacms-rce] SeaCMS V6.4.5 RCE (@pikpikcu) [high]
[seacms-sqli] SeaCMS 8.7 - SQL Injection (@ritikchaddha) [critical]
[seeyon-oa-log4j] Seeyon OA (Log4j) - Remote Code Execution (@sleepingbag945)
[critical]
[seowon-router-rce] Seowon 130-SLC router - Remote Code Execution (@gy741)
[critical]
[servicenow-helpdesk-credential] ServiceNow Helpdesk Credential Exposure
(@ok_bye_now) [high]
[shoowbiz-xss] SHOOWBIZ - Cross Site Scripting (@r3y3r53) [medium]
[sick-beard-xss] Sickbeard - Cross-Site Scripting (@pikpikcu) [high]
[sitemap-sql-injection] Sitemap - SQL Injection (@aravind,@j4vaovo) [high]
[siteminder-dom-xss] SiteMinder - DOM Cross-Site Scripting (@clarkvoss) [high]
[sl-studio-lfi] Webbdesign SL-Studio - Local File Inclusion (@0x_akoko) [high]
[slims-xss] Senayan Library Management System v9.4.0(SLIMS 9) - Cross Site
Scripting (@arafatansari) [medium]
[sofneta-mecdream-pacs-lfi] Softneta MedDream PACS Server Premium 6.7.1.1 - Local
File Inclusion (@0x_akoko) [high]
[solar-log-authbypass] Solar-Log 500 2.8.2 - Incorrect Access Control (@geeknik)
[high]
[solarview-compact-xss] SolarView Compact 6.00 - Cross-Site Scripting
(@ritikchaddha) [high]
[sonicwall-nsm-log4j-rce] Sonicwall NSM - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[sonicwall-sslvpn-shellshock] Sonicwall SSLVPN - Remote Code Execution (ShellShock)
(@pr3r00t) [critical]
[sound4-file-disclosure] SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail)
Unauthenticated File Disclosure (@arafatansari) [medium]
[sound4-impact-auth-bypass] SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x - Authentication
Bypass (@r3y3r53) [high]
[sound4-password-auth-bypass] Sound4 IMPACT/FIRST/PULSE/Eco <=2.x - Authentication
Bypass (@r3y3r53) [high]
[spark-webui-unauth] Unauthenticated Spark WebUI (@princechaddha) [medium]
[splunk-enterprise-log4j-rce] Splunk Enterprise - Remote Code Execution (Apache
Log4j) (@shaikhyaser) [critical]
[sponip-network-system-ping-rce] Sponip Network System Ping - Remote Code Execution
(@pikpikcu) [critical]
[sslvpn-client-rce] SSL VPN Client - Remote Code Execution (@dhiyaneshdk)
[critical]
[stackposts-sqli] Stackposts Social Marketing Tool v1.0 - SQL Injection (@r3y3r53)
[high]
[steve-xss] SteVe - Cross-Site Scripting (@clem9669) [medium]
[surrealtodo-lfi] Surreal ToDo 0.6.1.2 - Local File Inclusion (@arafatansari)
[high]
[symantec-messaging-gateway] Symantec Messaging Gateway <=10.6.1 - Local File
Inclusion (@random_robbie) [high]
[symantec-sepm-log4j-rce] Symantec SEPM - Remote Code Execution (Apache Log4j)
(@shaikhyaser) [critical]
[taiwanese-travel-lfi] Taiwanese Travel - Local File Inclusion (@r3y3r53) [high]
[talroo-jobs-xss] Talroo Jobs Script 1.0 - Cross-Site Scripting (@r3y3r53) [medium]
[tamronos-rce] TamronOS IPTV/VOD - Remote Command Execution (@pikpikcu) [critical]
[tamronos-user-creation] TamronOS IPTV - Arbitrary User Creation (@pussycat0x)
[high]
[tekon-info-leak] Tekon - Unauthenticated Log Leak (@gy741) [low]
[tendat-credential] Tendat Router Credential - Exposure (@pussycat0x) [high]
[thinkific-redirect] Thinkific - Open Redirect (@gal nagli) [medium]
[thruk-xss] Thruk Monitoring Webinterface - Cross-Site Scripting
(@pikpikcu,@ritikchaddha) [high]
[tianqing-info-leak] Tianqing Info Leak (@ritikchaddha) [medium]
[tikiwiki-reflected-xss] Tiki Wiki CMS Groupware 5.2 - Cross-Site Scripting
(@madrobot) [high]
[tikiwiki-xss] Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting (@arafatansari)
[medium]
[tpshop-directory-traversal] TPshop - Local File Inclusion (@pikpikcu) [high]
[turbocrm-xss] TurboCRM - Cross-Site Scripting (@pikpikcu) [high]
[twig-php-ssti] Twig PHP <2.4.4 template engine - SSTI (@madrobot) [high]
[ueditor-file-upload] UEditor - Arbitrary File Upload (@princechaddha) [high]
[umbraco-base-ssrf] Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
(@dhiyaneshdk) [medium]
[unauth-hoteldruid-panel] Hoteldruid Management Panel Access (@princechaddha)
[high]
[unauth-spark-api] Unauthenticated Spark REST API (@princechaddha) [critical]
[unifi-network-log4j-rce] UniFi Network Application - Remote Code Execution (Apache
Log4j) (@kre80r) [critical]
[universal-media-xss] Universal Media Server v13.2.1 - Cross Site Scripting
(@r3y3r53) [medium]
[ups-network-lfi] UPS Network Management Card 4 Path Traversal (@kazgangap) [high]
[user-management-system-sqli] User Management/Registration & Login v3.0 - SQL
Injection (@f0xy) [high]
[vanguard-post-xss] Vanguard Marketplace CMS 2.1 - Cross-Site Scripting
(@imnightmaree) [high]
[viewlinc-crlf-injection] viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
(@geeknik) [low]
[vmware-siterecovery-log4j-rce] VMware Site Recovery Manager - Remote Code
Execution (Apache Log4j) (@akincibor) [critical]
[voyager-lfi] Voyager 1.3.0 - Directory Traversal (@mammad_rahimzada) [high]
[vpms-auth-bypass] Vehicle Parking Management System 1.0 - SQL Injection
(@dwisiswant0) [critical]
[wapples-firewall-lfi] Wapples Web Application Firewall - Local File Inclusion
(@for3stco1d) [high]
[watchguard-credentials-disclosure] WatchGuard Fireware AD Helper Component -
Credentials Disclosure (@gy741) [critical]
[webigniter-xss] Webigniter 28.7.23 - Cross-Site Scripting (@theamanrawat) [medium]
[webpagetest-ssrf] Web Page Test - Server Side Request Forgery (SSRF) (@pdteam)
[high]
[webui-rce] WebUI 1.5b6 - Remote Code Execution (@pikpikcu) [critical]
[wems-manager-xss] WEMS Enterprise Manager - Cross-Site Scripting (@pikpikcu)
[high]
[wisegiga-nas-lfi] WiseGiga NAS - Arbitrary File Read (@pussycat0x) [high]
[wuzhicms-sqli] Wuzhicms 4.1.0 - SQL Injection (@princechaddha) [critical]
[xdcms-sqli] XdCMS - SQL Injection (@pikpikcu) [critical]
[xenmobile-server-log4j] Citrix XenMobile Server - Remote Code Execution (Apache
Log4j) (@dhiyaneshdk) [critical]
[xerox-efi-lfi] Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File
Inclusion (@gy741) [high]
[xxljob-executor-unauth] XXL-JOB executor - Unauthorized Access (@k3rwin)
[critical]
[yapi-rce] Yapi - Remote Code Execution (@pikpikcu) [critical]
[yarn-resourcemanager-rce] Apache Hadoop YARN ResourceManager - Remote Code
Execution (@pdteam) [low]
[yeswiki-sql] YesWiki <2022-07-07 - SQL Injection (@arafatansari) [critical]
[yeswiki-stored-xss] YesWiki - Stored Cross-Site Scripting (@arafatansari) [high]
[yeswiki-xss] YesWiki <2022-07-07 - Cross-Site Scripting (@arafatansari) [medium]
[yibao-sqli] Yibao OA System - SQL Injection (@dhiyaneshdk) [high]
[yishaadmin-lfi] yishaadmin - Local File Inclusion (@evan rubinstein) [high]
[yunanbao-rce] Yunanbao Cloud Box FastJson - Deserialization Remote Code Execution
(@dhiyaneshdk) [critical]
[zcms-v3-sqli] ZCMS - SQL Injection (@princechaddha) [critical]
[zhixiang-oa-msglog-sqli] Zhixiang OA msglog.aspx - SQL injection (@sleepingbag945)
[high]
[zimbra-preauth-ssrf] Zimbra Collaboration Suite - Server-Side Request Forgery
(@gy741) [critical]
[zms-auth-bypass] Zoo Management System 1.0 - SQL Injection (@dwisiswant0)
[critical]
[zms-sqli] Zoo Management System 1.0 - SQL Injection (@arafatansari) [critical]
[zzcms-xss] ZZCMS - Cross-Site Scripting (@ritikchaddha) [high]
[php-xdebug-rce] Xdebug remote code execution via xdebug.remote_connect_back
(@pwnhxl) [high]
[phpmyadmin-unauth-access] PhpMyAdmin - Unauthenticated Access (@pwnhxl) [high]
[portainer-init-deploy] Portainer - Init Deploy Discovery (@princechaddha) [medium]
[prestashop-apmarketplace-sqli] PrestaShop Ap Marketplace SQL Injection
(@mastercho) [high]
[prestashop-blocktestimonial-file-upload] Prestashop Blocktestimonial Modules -
File Upload Vulnerability (@mastercho) [critical]
[prestashop-cartabandonmentpro-file-upload] Prestashop Cart Abandonment Pro File
Upload (@mastercho) [critical]
[secsslvpn-auth-bypass] Secure Access Gateway SecSSLVPN - Authentication Bypass
(@sleepingbag945) [high]
[qibocms-file-download] Qibocms - Arbitrary File Download (@theabhinavgaur) [high]
[rails6-xss] Ruby on Rails - CRLF Injection and Cross-Site Scripting
(@ooooooo_q,@rootxharsh,@iamnoooob) [medium]
[realor-gwt-system-sqli] Realor GWT System SQL injection (@sleepingbag945) [high]
[rocketchat-unauth-access] RocketChat Live Chat - Unauthenticated Read Access
(@rojanrijal) [high]
[royalevent-management-xss] Royal Event Management System - Cross-Site Scripting
(@ritikchaddha) [high]
[royalevent-stored-xss] Royal Event Management System - Stored Cross-Site Scripting
(@ritikchaddha) [high]
[ruijie-eg-login-rce] Ruijie EG Easy Gateway - Remote Command Execution
(@pikpikcu,@pdteam) [critical]
[ruijie-eg-rce] Ruijie EG - Remote Code Execution (@pikpikcu) [critical]
[ruijie-excu-shell] Ruijie Switch Web Management System EXCU_SHELL - Information
Disclosure (@momika233) [high]
[ruijie-nbr-fileupload] Ruijie NBR fileupload.php - Arbitrary File Upload
(@sleepingbag945) [critical]
[ruijie-networks-lfi] Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File
Inclusion (@pikpikcu) [high]
[ruijie-nmc-sync-rce] Ruijie RG-UAC nmc_sync.php - Remote Code Execution
(@dhiyaneshdk) [critical]
[ruijie-password-leak] RG-UAC Ruijie - Password Hashes Leak
(@ritikchaddha,@galoget) [high]
[ruijie-rg-eg-web-mis-rce] Ruijie RG-EG - Remote Code Execution (@dhiyaneshdk)
[critical]
[samsung-wlan-ap-lfi] Samsung WLAN AP WEA453e - Local File Inclusion (@pikpikcu)
[high]
[samsung-wlan-ap-rce] Samsung WLAN AP WEA453e - Remote Code Execution (@pikpikcu)
[critical]
[samsung-wlan-ap-xss] Samsung WLAN AP WEA453e - Cross-Site Scripting (@pikpikcu)
[high]
[sangfor-ba-rce] Sangfor BA - Remote Code Execution (@ritikchaddha) [critical]
[sangfor-edr-auth-bypass] Sangfor EDR - Authentication Bypass (@princechaddha)
[high]
[sangfor-edr-rce] Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution (@pikpikcu)
[critical]
[sangfor-login-rce] Sangfor Application Login - Remote Command Execution
(@sleepingbag945) [critical]
[sangfor-nextgen-lfi] Sangfor Next Gen Application Firewall - Arbitary File Read
(@dhiyaneshdk) [high]
[secgate-3600-file-upload] SecGate 3600 Firewall obj_app_upfile - Arbitrary File
Upload (@sleepingbag945) [critical]
[seeyon-config-exposure] Seeyon OA A6 config.jsp - Information Disclosure
(@sleepingbag945) [medium]
[seeyon-createmysql-exposure] Seeyon OA A6 createMysql.jsp Database - Information
Disclosure (@sleepingbag945) [medium]
[seeyon-initdata-exposure] Seeyon OA A6 initDataAssess.jsp - Information Disclosure
(@sleepingbag945) [medium]
[seeyon-oa-fastjson-rce] Seeyon OA Fastjson Remote Code Execution (@sleepingbag945)
[critical]
[seeyon-oa-setextno-sqli] Seeyon OA A6 setextno.jsp - SQL Injection
(@sleepingbag945) [high]
[seeyon-oa-sp2-file-upload] Seeyon OA wpsAssistServlet - Arbitrary File Upload
(@sleepingbag945) [critical]
[wooyun-2015-148227] Seeyon WooYun - Local File Inclusion (@princechaddha) [high]
[zhiyuan-file-upload] Zhiyuan OA Arbitrary File Upload Vulnerability (@gy741)
[critical]
[zhiyuan-oa-session-leak] Zhiyuan OA Session Leak (@pikpikcu) [medium]
[shiziyu-cms-apicontroller-sqli] Shiziyu CMS Api Controller - SQL Injection
(@sleepingbag945) [high]
[simple-crm-sql-injection] Simple CRM 3.0 SQL Injection and Authentication Bypass
(@geeknik) [critical]
[sitecore-xml-xss] SiteCore XML Control Script Insertion (@dhiyaneshdk) [medium]
[smartbi-deserialization] Smartbi windowunloading Interface - Deserialization
(@sleepingbag945) [high]
[splash-render-ssrf] Splash Render - SSRF (@pwnhxl) [high]
[jolokia-logback-jndi-rce] Jolokia Logback JNDI - Remote Code Execution
(@sleepingbag945) [high]
[springboot-actuators-jolokia-xxe] Spring Boot Actuators (Jolokia) XXE
(@dwisiswant0,@ipanda) [high]
[springboot-h2-db-rce] Spring Boot H2 Database - Remote Command Execution
(@dwisiswant0) [critical]
[springboot-log4j-rce] Spring Boot - Remote Code Execution (Apache Log4j) (@pdteam)
[critical]
[squirrelmail-address-xss] SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[squirrelmail-lfi] SquirrelMail 1.2.11 - Local File Inclusion (@dhiyaneshdk) [high]
[squirrelmail-vkeyboard-xss] SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[thinkcmf-arbitrary-code-execution] ThinkCMF - Remote Code Execution (@pikpikcu)
[high]
[thinkcmf-lfi] ThinkCMF - Local File Inclusion (@pikpikcu) [high]
[thinkcmf-rce] ThinkCMF - Remote Code Execution (@pikpikcu) [critical]
[thinkphp-2-rce] ThinkPHP 2/3 - Remote Code Execution (@dr_set) [critical]
[thinkphp-501-rce] ThinkPHP 5.0.1 - Remote Code Execution (@lark-lab) [critical]
[thinkphp-5022-rce] ThinkPHP - Remote Code Execution (@dr_set) [critical]
[thinkphp-5023-rce] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical]
[thinkphp-509-information-disclosure] ThinkPHP 5.0.9 - Information Disclosure
(@dr_set) [critical]
[titannit-web-rce] TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code
Execution (@dhiyaneshdk) [high]
[tongda-action-uploadfile] Tongda OA v2017 action_upload - Arbitrary File Upload
(@sleepingbag945) [critical]
[tongda-api-file-upload] Tongda OA v11.8 api.ali.php - Arbitrary File Upload
(@sleepingbag945) [critical]
[tongda-arbitrary-login] Tongda OA header.inc.php - Authentication Bypass
(@sleepingbag945) [high]
[tongda-contact-list-exposure] Tongda OA v2014 Get Contactlistt - Sensitive
Information Disclosure (@sleepingbag945) [medium]
[tongda-getdata-rce] Tongda OA v11.9 getadata - Remote Code Execution
(@sleepingbag945) [critical]
[tongda-getway-rfi] Tongda OA v11.8 getway.php - Remote File Inclution
(@sleepingbag945,@pussycat0x) [critical]
[tongda-insert-sqli] Tongda OA v11.6 Insert Parameter - SQL Injection
(@sleepingbag945) [high]
[tongda-login-code-authbypass] Tongda OA v11.8 logincheck_code.php - Authentication
Bypass (@sleepingbag945) [high]
[tongda-meeting-unauth] Tongda OA Meeting - Unauthorized Access (@sleepingbag945)
[medium]
[tongda-oa-swfupload-sqli] Tongda OA v11.5 swfupload_new.php - SQL Injection
(@sleepingbag945) [high]
[tongda-path-traversal] Office Anywhere TongDa - Path Traversal (@pikpikcu)
[critical]
[tongda-report-func-sqli] Tongda OA v11.6 report_bi.func.php - SQL injection
(@sleepingbag945) [high]
[tongda-session-disclosure] Tongda User Session Disclosure (@ritikchaddha) [medium]
[tongda-video-file-read] Tongda OA V2017 Video File - Arbitrary File Read
(@sleepingbag945) [medium]
[topsec-topacm-rce] Topsec Topacm - Remote Code Execution (@sleepingbag945)
[critical]
[topsec-topapplb-auth-bypass] Topsec TopAppLB - Authentication Bypass
(@sleepingbag945) [high]
[ueditor-ssrf] UEditor - Server Side Request Forgery (@pwnhxl) [medium]
[ueditor-xss] ueditor - Cross Site Scripting (@pwnhxl) [high]
[arcade-php-sqli] Arcade.php - SQL Injection (@mastercho) [high]
[vbulletin-ajaxreg-sqli] vBulletin 3.x / 4.x AjaxReg - SQL Injection (@mastercho)
[critical]
[vbulletin-backdoor] vBulletin Backdoor - Detect (@mastercho) [high]
[vbulletin-search-sqli] vBulletin `Search.php` - SQL Injection (@mastercho) [high]
[videoxpert-lfi] Schneider Electric Pelco VideoXpert Core Admin Portal - Local File
Inclusion (@0x_akoko) [high]
[vmware-cloud-xss] VMWare Cloud - Cross Site Scripting (@tess) [medium]
[vmware-hcx-log4j] VMware HCX - Remote Code Execution (Apache Log4j)
(@pussycat0x,@dhiyaneshdk) [critical]
[vmware-horizon-log4j-jndi-rce] VMware Horizon - JNDI Remote Code Execution (Apache
Log4j) (@johnk3r) [critical]
[vmware-nsx-log4j] VMware NSX - Remote Code Execution (Apache Log4j) (@dhiyaneshdk)
[critical]
[vmware-nsx-stream-rce] VMware NSX Manager XStream Pre-authenticated Remote Code
Execution (@_0xf4n9x_) [high]
[vmware-operation-manager-log4j] VMware Operations Manager - Remote Code Execution
(Apache Log4j) (@dhiyaneshdk) [critical]
[vmware-vcenter-lfi-linux] Linux Vmware Vcenter - Local File Inclusion (@pr3r00t)
[high]
[vmware-vcenter-lfi] VMware vCenter - Local File Inclusion (@dwisiswant0) [high]
[vmware-vcenter-log4j-jndi-rce] VMware VCenter - Remote Code Execution (Apache
Log4j) (@_0xf4n9x_) [critical]
[vmware-vcenter-ssrf] VMware vCenter - Server-Side Request Forgery/Local File
Inclusion/Cross-Site Scripting (@pdteam) [critical]
[vrealize-operations-log4j-rce] VMware vRealize Operations Tenant - JNDI Remote
Code Execution (Apache Log4j) (@bughuntersurya) [critical]
[wanhu-documentedit-sqli] WanhuOA DocumentEdit.jsp - SQL Injection
(@sleepingbag945) [high]
[wanhu-download-ftp-file-read] Wanhu OA download_ftp.jsp - Arbitrary File Read
(@sleepingbag945) [high]
[wanhu-download-old-file-read] Wanhu OA download_old.jsp - Arbitrary File Read
(@sleepingbag945) [high]
[wanhu-oa-fileupload-controller] Wanhu OA Fileupload Controller - Arbitrary File
Upload (@sleepingbag945) [critical]
[wanhu-teleconferenceservice-xxe] Wanhu OA TeleConferenceService Interface - XML
External Entity Injection (@sleepingbag945) [high]
[wanhuoa-downloadservlet-lfi] Wanhu OA DownloadServlet - Remote File Disclosure
(@wpsec) [high]
[wanhuoa-officeserverservlet-file-upload] Wanhu OA OfficeServerServlet - Arbitrary
File Upload (@sleepingbag945) [critical]
[wanhuoa-smartupload-file-upload] Wanhu OA smartUpload.jsp - Arbitrary File Upload
(@sleepingbag945) [critical]
[ecology-jqueryfiletree-traversal] Weaver E-Cology JqueryFileTree - Directory
Traversal (@sleepingbag945) [medium]
[ecology-verifyquicklogin-auth-bypass] Weaver e-cology verifyquicklogin.jsp - Auth
Bypass (@sleepingbag945) [high]
[ecology-arbitrary-file-upload] Ecology - Arbitrary File Upload (@ritikchaddha)
[critical]
[ecology-filedownload-directory-traversal] Ecology - Local File Inclusion
(@princechaddha) [high]
[ecology-mysql-config] Fanwei OA E-Office - Information Disclosure (@ritikchaddha)
[medium]
[ecology-oa-byxml-xxe] EcologyOA deleteUserRequestInfoByXml - XML External Entity
Injection (@sleepingbag945) [high]
[ecology-springframework-directory-traversal] Ecology Springframework - Local File
Inclusion (@princechaddha) [high]
[ecology-syncuserinfo-sqli] Ecology Syncuserinfo - SQL Injection (@ritikchaddha)
[critical]
[ecology-v8-sqli] Ecology 8 - SQL Injection (@ritikchaddha) [critical]
[weaver-eoffice-file-upload] Weaver E-Office v9.5 - Arbitrary File Upload
(@princechaddha) [high]
[oa-v9-uploads-file] OA 9 - Arbitrary File Upload (@pikpikcu) [high]
[weaver-checkserver-sqli] Ecology OA CheckServer - SQL Injection (@sleepingbag945)
[high]
[weaver-e-cology-validate-sqli] Weaver e-cology Validate.JSP - SQL Injection
(@sleepingbag945) [high]
[weaver-e-mobile-rce] Weaver E-mobile client.do - Remote Code Execution
(@sleepingbag945) [critical]
[weaver-ebridge-lfi] Weaver E-Bidge saveYZJFile - Local File Read (@sleepingbag945)
[high]
[weaver-ecology-bshservlet-rce] Weaver E-Cology BeanShell - Remote Command
Execution (@sleepingbag945) [critical]
[weaver-ecology-getsqldata-sqli] Weaver E-Cology `getsqldata` - SQL Injection
(@sleepingbag945) [high]
[weaver-ecology-hrmcareer-sqli] Weaver E-Cology HrmCareerApplyPerView - SQL
Injection (@sleepingbag945) [high]
[weaver-group-xml-sqli] OA E-Office group_xml.php - SQL Injection (@sleepingbag945)
[critical]
[weaver-jquery-file-upload] OA E-Office jQuery - Arbitrary File Upload
(@sleepingbag945) [critical]
[weaver-ktreeuploadaction-file-upload] Weaver E-Cology KtreeUploadAction -
Arbitrary File Upload (@sleepingbag945) [critical]
[weaver-lazyuploadify-file-upload] OA E-Office LazyUploadify - Arbitrary File
Upload (@sleepingbag945) [critical]
[weaver-login-sessionkey] OA E-Mobile login_quick.php - Login SessionKey
(@sleepingbag945) [high]
[weaver-mysql-config-exposure] OA E-Office mysql_config.ini - Information
Disclosure (@sleepingbag945) [high]
[weaver-office-server-file-upload] OA E-Office OfficeServer.php Arbitrary File
Upload (@sleepingbag945) [critical]
[weaver-officeserver-lfi] OA E-Office officeserver.php Arbitrary File Read
(@sleepingbag945) [high]
[weaver-signaturedownload-lfi] OA E-Weaver SignatureDownLoad - Arbitrary File Read
(@sleepingbag945) [high]
[weaver-sptmforportalthumbnail-lfi] OA E-Weaver SptmForPortalThumbnail - Arbitrary
File Read (@sleepingbag945) [high]
[weaver-uploadify-file-upload] OA E-Office Uploadify - Arbitrary File Upload
(@sleepingbag945) [critical]
[weaver-uploadoperation-file-upload] Weaver OA Workrelate - Arbitary File Upload
(@sleepingbag945) [critical]
[weaver-userselect-unauth] OA E-Office UserSelect Unauthorized Access
(@sleepingbag945) [high]
[webp-server-go-lfi] Webp server go - Local File Inclusion (@pikpikcu) [high]
[wechat-info-leak] WeChat agentinfo - Information Exposure (@sleepingbag945)
[high]
[3d-print-lite-xss] 3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting
(@r3y3r53) [medium]
[3dprint-arbitrary-file-upload] WordPress 3DPrint Lite <1.9.1.5 - Arbitrary File
Upload (@secthebit) [high]
[404-to-301-xss] WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
(@akincibor) [medium]
[ad-widget-lfi] WordPress Ad Widget 2.11.0 - Local File Inclusion (@0x_akoko)
[high]
[advanced-access-manager-lfi] WordPress Advanced Access Manager < 5.9.9 - Local
File Inclusion (@0x_akoko) [high]
[advanced-booking-calendar-sqli] Advanced Booking Calendar < 1.6.2 - SQL Injection
(@theamanrawat) [critical]
[age-gate-open-redirect] WordPress Age Gate <2.13.5 - Open Redirect (@akincibor)
[medium]
[age-gate-xss] WordPress Age Gate <2.20.4 - Cross-Site Scripting
(@akincibor,@daffainfo) [high]
[ait-csv-import-export-rce] WordPress AIT CSV Import Export - Unauthenticated
Remote Code Execution (@gy741) [critical]
[alfacgiapi-wordpress] alfacgiapi (@pussycat0x) [low]
[amministrazione-aperta-lfi] WordPress Amministrazione Aperta 3.7.3 - Local File
Inclusion (@daffainfo,@splint3r7) [high]
[analytify-plugin-xss] Analytify <4.2.1 - Cross-Site Scripting (@akincibor)
[medium]
[aspose-file-download] Wordpress Aspose Cloud eBook Generator - Local File
Inclusion (@0x_akoko) [high]
[aspose-ie-file-download] WordPress Aspose Importer & Exporter 1.0 - Local File
Inclusion (@0x_akoko) [high]
[aspose-pdf-file-download] WordPress Aspose PDF Exporter - Local File Inclusion
(@0x_akoko) [high]
[aspose-words-file-download] WordPress Aspose Words Exporter <2.0 - Local File
Inclusion (@0x_akoko) [high]
[attitude-theme-open-redirect] WordPress Attitude 1.1.1 - Open Redirect (@0x_akoko)
[medium]
[avchat-video-chat-xss] WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[blog-designer-pack-rce] News & Blog Designer Pack < 3.4.2 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[booked-export-csv] Booked < 2.2.6 - Broken Authentication (@random-robbie) [high]
[brandfolder-lfi] Wordpress Brandfolder - Remote/Local File Inclusion (@0x_akoko)
[high]
[brandfolder-open-redirect] WordPress Brandfolder - Open Redirect (RFI & LFI)
(@0x_akoko) [medium]
[calameo-publications-xss] WordPress Manage Calameo Publications 1.1.0 - Cross-Site
Scripting (@dhiyaneshdk) [medium]
[checkout-fields-manager-xss] WordPress Checkout Fields Manager for WooCommerce
<5.5.7 - Cross-Site Scripting (@akincibor) [medium]
[cherry-file-download] Cherry Plugin < 1.2.7 - Arbitrary File Retrieval and File
Upload (@0x_akoko) [high]
[cherry-lfi] WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and
Download (@dhiyaneshdk) [high]
[church-admin-lfi] WordPress Church Admin 0.33.2.1 - Local File Inclusion
(@0x_akoko) [high]
[churchope-lfi] WordPress ChurcHope Theme <= 2.1 - Local File Inclusion
(@dhiyaneshdk) [high]
[clearfy-cache-xss] WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
(@akincibor) [medium]
[contus-video-gallery-sqli] WordPress Video Gallery <= 2.8 - SQL Injection
(@theamanrawat) [critical]
[curcy-xss] WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site
Scripting (@akincibor) [medium]
[diarise-theme-lfi] WordPress Diarise 1.5.9 - Arbitrary File Retrieval (@0x_akoko)
[high]
[eatery-restaurant-open-redirect] WordPress Eatery 2.2 - Open Redirect (@0x_akoko)
[medium]
[elex-woocommerce-xss] WordPress WooCommerce Google Shopping < 1.2.4 - Cross-Site
Scripting (@dhiyaneshdk) [high]
[flow-flow-social-stream-xss] WordPress Flow-Flow Social Stream <=3.0.71 - Cross-
Site Scripting (@alph4byt3) [medium]
[hb-audio-lfi] Wordpress HB Audio Gallery Lite - Local File Inclusion
(@dhiyaneshdk) [high]
[health-check-lfi] WordPress Health Check & Troubleshooting <1.24 - Local File
Inclusion (@dhiyaneshdk) [high]
[hide-security-enhancer-lfi] WordPress Hide Security Enhancer 1.3.9.2 Local File
Inclusion (@dhiyaneshdk) [high]
[issuu-panel-lfi] Wordpress Plugin Issuu Panel Remote/Local File Inclusion
(@0x_akoko) [high]
[knr-widget-xss] KNR Author List Widget - Cross-site Scripting (@theamanrawat)
[medium]
[ldap-wp-login-xss] Ldap WP Login / Active Directory Integration < 3.0.2 - Cross-
Site Scripting (@r3y3r53) [medium]
[leaguemanager-sql-injection] LeagueManager <= 3.9.11 - SQL Injection
(@theamanrawat) [critical]
[members-list-xss] WordPress Members List <4.3.7 - Cross-Site Scripting
(@akincibor) [medium]
[modula-image-gallery-xss] WordPress Modula Image Gallery <2.6.7 - Cross-Site
Scripting (@akincibor) [medium]
[mthemeunus-lfi] WordPress mTheme-Unus Theme - Local File Inclusion (@dhiyaneshdk)
[high]
[music-store-open-redirect] WordPress eCommerce Music Store <=1.0.14 - Open
Redirect (@dhiyaneshdk) [medium]
[my-chatbot-xss] WordPress My Chatbot <= 1.1 - Cross-Site Scripting (@dhiyaneshdk)
[high]
[nativechurch-wp-theme-lfd] WordPress NativeChurch Theme - Local File Inclusion
(@0x_akoko) [high]
[new-user-approve-xss] WordPress New User Approve <2.4.1 - Cross-Site Scripting
(@akincibor) [medium]
[newsletter-open-redirect] WordPress Newsletter Manager < 1.5 - Unauthenticated
Open Redirect (@dhiyaneshdk) [medium]
[notificationx-sqli] NotificationX < 2.3.12 - SQL Injection (@theamanrawat) [high]
[photo-gallery-xss] Photo Gallery < 1.7.1 - Cross-Site Scripting (@ritikchaddha)
[medium]
[photoblocks-grid-gallery-xss] Gallery Photoblocks < 1.1.41 - Cross-Site Scripting
(@r3y3r53) [medium]
[pieregister-open-redirect] WordPress Pie Register < 3.7.2.4 - Open Redirect
(@0x_akoko) [low]
[sassy-social-share-xss] Sassy Social Share <=3.3.3 - Cross-Site Scripting
(@random_robbie) [medium]
[seatreg-redirect] WordPress Plugin ‘SeatReg’ - Open Redirect (@mariam tariq)
[medium]
[seo-redirection-xss] WordPress SEO Redirection <7.4 - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[shortcode-lfi] WordPress Download Shortcode 0.2.3 - Local File Inclusion
(@dhiyaneshdk) [high]
[shortpixel-image-optimizer-xss] WordPress ShortPixel Image Optimizer <4.22.10 -
Cross-Site Scripting (@akincibor) [medium]
[ultimatemember-open-redirect] WordPress Ultimate Member <2.1.7 - Open Redirect
(@0x_akoko) [medium]
[unauthenticated-duplicator-disclosure] WordPress Duplicator Plugin - Information
disclosure (@tess) [medium]
[w3c-total-cache-ssrf] Wordpress W3C Total Cache <= 0.9.4 - Server Side Request
Forgery (SSRF) (@random_robbie) [medium]
[watu-xss] Watu Quiz < 3.1.2.6 - Cross Site Scripting (@r3y3r53) [medium]
[weekender-newspaper-open-redirect] WordPress Weekender Newspaper 9.0 - Open
Redirect (@0x_akoko) [medium]
[woocommerce-pdf-invoices-xss] WordPress WooCommerce PDF Invoices & Packing Slips
<2.15.0 - Cross-Site Scripting (@akincibor) [medium]
[wordpress-accessible-wpconfig] WordPress wp-config Detection
(@kiblyn11,@zomsop82,@madrobot,@geeknik,@daffainfo,@r12w4n,@tess,@0xpugazh,@masterc
ho,@c4sper0) [high]
[wordpress-affiliatewp-log] WordPress Plugin "AffiliateWP -- Allowed Products" Log
Disclosure (@dhiyaneshdk) [low]
[wordpress-db-backup-listing] WordPress DB Backup (@suman_kar) [medium]
[wordpress-db-backup] WordPress DB Backup (@dwisiswant0) [medium]
[wordpress-db-repair] Wordpress DB Repair Exposed (@_c0wb0y_) [low]
[wp-debug-log] WordPress Debug Log - Exposure
(@geraldino2,@dwisiswant0,@philippedelteil) [low]
[wordpress-rce-simplefilelist] WordPress SimpleFilelist - Remote Code Execution
(@princechaddha) [critical]
[wordpress-social-metrics-tracker] Social Metrics Tracker <= 1.6.8 - Unauthorised
Data Export (@randomrobbie) [medium]
[wordpress-ssrf-oembed] Wordpress Oembed Proxy - Server-side request forgery
(@dhiyaneshdk) [medium]
[wordpress-total-upkeep-backup-download] WordPress Total Upkeep Database and Files
Backup Download (@princechaddha) [high]
[wordpress-wordfence-lfi] WordPress Wordfence 7.4.5 - Local File Inclusion
(@0x_akoko) [high]
[wordpress-wordfence-waf-bypass-xss] Wordpress Wordfence - Cross-Site Scripting
(@hackergautam) [medium]
[wordpress-wordfence-xss] WordPress Wordfence 7.4.6 - Cross0Site Scripting
(@madrobot) [medium]
[wordpress-zebra-form-xss] Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
(@madrobot) [medium]
[wp-adaptive-xss] WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting
(@dhiyaneshdk) [high]
[wp-adivaha-sqli] WordPress adivaha Travel Plugin 2.3 - SQL Injection
(@theamanrawat) [high]
[wp-adivaha-xss] WordPress Adivaha Travel Plugin 2.3 - Cross-Site Scripting
(@r3y3r53) [medium]
[wp-all-export-xss] WordPress All Export <1.3.6 - Cross-Site Scripting (@akincibor)
[medium]
[wp-ambience-xss] WordPress Ambience Theme <=1.0 - Cross-Site Scripting
(@daffainfo) [medium]
[wp-autosuggest-sql-injection] WP AutoSuggest 0.24 - SQL Injection (@theamanrawat)
[critical]
[wp-blogroll-fun-xss] WordPress Blogroll Fun-Show Last Post and Last Update Time
0.8.4 - Cross-Site Scripting (@dhiyaneshdk) [high]
[wp-code-snippets-xss] WordPress Code Snippets - Cross-Site Scripting
(@dhiyaneshdk) [medium]
[wp-config-setup] WordPress Setup Configuration (@princechaddha) [high]
[wp-custom-tables-xss] WordPress Custom Tables 3.4.4 - Cross-Site Scripting
(@daffainfo) [high]
[wp-ellipsis-xss] Ellipsis Human Presence Technology <= 2.0.8 - Cross Site
Scripting (@r3y3r53) [medium]
[wp-email-subscribers-listing] WordPress Plugin Email Subscribers Listing
(@pussycat0x) [low]
[wp-finder-xss] WordPress Finder - Cross-Site Scripting (@daffainfo) [high]
[wp-flagem-xss] WordPress FlagEm - Cross-Site Scripting (@daffainfo) [high]
[wp-gallery-file-upload] WordPress Plugin Gallery 3.06 - Arbitrary File Upload
(@r3y3r53) [high]
[wp-googlemp3-lfi] WordPress Plugin CodeArt Google MP3 Player - File Disclosure
Download (@theamanrawat) [critical]
[wp-grimag-open-redirect] WordPress Grimag <1.1.1 - Open Redirection (@0x_akoko)
[medium]
[wp-gtranslate-open-redirect] WordPress GTranslate <2.8.11 - Open Redirect
(@dhiyaneshdk) [medium]
[wp-haberadam-idor] WordPress Themes Haberadam JSON API - IDOR and Path Disclosure
(@pussycat0x) [low]
[wp-insert-php-xss] WordPress Woody Code Snippets <2.4.6 - Cross-Site Scripting
(@akincibor,@dhiyaneshdk) [high]
[wp-javospot-lfi] WordPress Javo Spot Premium Theme - Local File Inclusion
(@0x_akoko) [high]
[wp-kadence-blocks-rce] WordPress Gutenberg Blocks Plugin <= 3.1.10 - Arbitrary
File Upload (@theamanrawat) [critical]
[wp-knews-xss] WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site
Scripting (@daffainfo) [high]
[wp-mailchimp-log-exposure] WordPress Mailchimp 4 Debug Log Exposure (@aashiq)
[medium]
[wp-mega-theme] Mega Wordpress Theme - Cross site scripting (@r3y3r53) [medium]
[wp-memphis-documents-library-lfi] WordPress Memphis Document Library 3.1.5 - Local
File Inclusion (@0x_akoko) [high]
[wp-mstore-plugin-listing] Wordpress Plugin MStore API (@pussycat0x) [low]
[wp-multiple-theme-ssrf] WordPress Themes - Code Injection (@madrobot) [critical]
[wp-nextgen-xss] WordPress NextGEN Gallery 1.9.10 - Cross-Site Scripting
(@daffainfo) [high]
[wp-oxygen-theme-lfi] WordPress Oxygen-Theme - Local File Inclusion (@0x_akoko)
[high]
[wp-phpfreechat-xss] WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting
(@daffainfo) [high]
[wp-portrait-archiv-xss] WordPress Portrait-Archiv.com Photostore 5.0.4 - Reflected
Cross Site Scripting (@r3y3r53) [medium]
[wp-prostore-open-redirect] WordPress ProStore <1.1.3 - Open Redirect (@0x_akoko)
[low]
[wp-qwiz-online-xss] Qwiz Online Quizzes And Flashcards <= 3.36 - Cross-Site
Scripting (@r3y3r53) [medium]
[wp-real-estate-xss] WordPress Real Estate 7 Theme <= 3.3.4 - Cross-Site Scripting
(@harsh) [medium]
[wp-reality-estate-theme] Reality Estate Multipurpose WP-Theme < 2.5.3 - Cross-Site
Scripting (@r3y3r53) [medium]
[wp-related-post-xss] WordPress Related Posts <= 2.1.1 - Cross Site Scripting
(@arafatansari) [medium]
[wp-securimage-xss] WordPress Securimage-WP 3.2.4 - Cross-Site Scripting
(@daffainfo) [high]
[wp-security-open-redirect] WordPress All-in-One Security <=4.4.1 - Open Redirect
(@akincibor) [medium]
[wp-simple-fields-lfi] WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
(@0x240x23elu) [high]
[wp-slideshow-xss] WordPress Slideshow - Cross-Site Scripting (@daffainfo) [high]
[wp-smart-manager-sqli] Smart Manager for WooCommerce & WPeC <= 3.9.6 - SQL
Injection (@r3y3r53) [critical]
[wp-social-warfare-rce] Social Warfare <= 3.5.2 - Remote Code Execution
(@theamanrawat) [critical]
[wp-socialfit-xss] WordPress SocialFit - Cross-Site Scripting (@daffainfo) [high]
[wp-spot-premium-lfi] WordPress Javo Spot Premium Theme - Unauthenticated Directory
Traversal (@dhiyaneshdk) [high]
[wp-statistics-sqli] WordPress WP Statistics Plugin 13.0.7 - SQL Injection
(@r3y3r53) [high]
[wordpress-super-forms] WordPress super-forms Plugin Directory Listing
(@pussycat0x) [low]
[wp-superstorefinder-misconfig] Superstorefinder WP-plugin - Security
Misconfigurations (@r3y3r53) [medium]
[wp-sym404] Wordpress sym404 directory (@pussycat0x) [high]
[wp-tinymce-lfi] Tinymce Thumbnail Gallery <=1.0.7 - Local File Inclusion
(@0x_akoko) [high]
[wp-touch-redirect] WordPress WPtouch 3.7.5 - Open Redirect (@r3y3r53) [medium]
[wp-tutor-lfi] WordPress tutor 1.5.3 - Local File Inclusion (@0x240x23elu) [high]
[wp-under-construction-ssrf] Under Construction, Coming Soon & Maintenance Mode <
1.1.2 - Server Side Request Forgery (SSRF) (@akincibor) [high]
[wordpress-upload-data] wordpress-upload-data (@pussycat0x) [medium]
[wp-upward-theme-redirect] WordPress Upward Themes <1.5 - Open Redirect (@r3y3r53)
[medium]
[wp-user-enum] WordPress REST API User Enumeration
(@manas_harsh,@daffainfo,@geeknik,@dr0pd34d) [low]
[wp-vault-local-file-inclusion] WordPress Vault 0.8.6.6 - Local File Inclusion
(@0x_akoko) [high]
[wp-woocommerce-email-verification] Email Verification for WooCommerce < 1.8.2 -
Loose Comparison to Authentication Bypass (@random_robbie,@daffianfo) [critical]
[wp-woocommerce-file-download] Product Input Fields for WooCommerce < 1.2.7 -
Unauthenticated File Download (@0x_akoko) [high]
[wp-woocommerce-pdf-invoice-listing] Woocommerce - PDF Invoice Exposure
(@mohammedsaneem,@sec_hawk) [medium]
[wpdm-cache-session] Wpdm-Cache Session (@dhiyaneshdk) [medium]
[wpify-woo-czech-xss] WordPress WPify Woo Czech <3.5.7 - Cross-Site Scripting
(@akincibor) [high]
[wpml-xss] WordPress Plugin WPML Version < 4.6.1 Cross-Site Scripting (@bugvsme)
[medium]
[wpmudev-pub-keys] Wpmudev Dashboard Pub Key (@dhiyaneshdk) [medium]
[wptouch-open-redirect] WordPress WPtouch 3.x - Open Redirect (@0x_akoko) [medium]
[wptouch-xss] WordPress WPtouch <4.3.44 - Cross-Site Scripting (@akincibor)
[medium]
[zero-spam-sql-injection] WordPress Zero Spam <= 2.1.1 - Blind SQL Injection
(@theamanrawat) [critical]
[chanjet-gnremote-sqli] Changjietong Remote Communication GNRemote.dll - SQL
Injection (@sleepingbag945) [high]
[chanjet-tplus-checkmutex-sqli] Chanjet Tplus CheckMutex - SQL Injection (@unknown)
[high]
[chanjet-tplus-file-read] Chanjet TPlus DownloadProxy.aspx - Arbitrary File Read
(@sleepingbag945) [high]
[chanjet-tplus-fileupload] UFIDA Chanjet TPluse Upload.aspx - Arbitrary File Upload
(@sleepingbag945) [high]
[chanjet-tplus-ufida-sqli] Chanjet TPluse Ufida.T.SM.Login.UIP - SQL injection
(@sleepingbag945) [high]
[erp-nc-directory-traversal] ERP-NC - Local File Inclusion (@pikpikcu) [high]
[grp-u8-uploadfiledata] UFIDA GRP-U8 UploadFileData - Arbitrary File Upload
(@sleepingbag945) [critical]
[wooyun-path-traversal] Wooyun - Local File Inclusion (@pikpikcu) [high]
[yonyou-fe-directory-traversal] FE collaborative Office
templateOfTaohong_manager.jsp - Path Traversal (@sleepingbag945) [medium]
[yonyou-filereceiveservlet-fileupload] Yonyou NC FileReceiveServlet - Aribitrary
File Upload (@bjxsec) [critical]
[yonyou-grp-u8-xxe] Yonyou UFIDA GRP-u8 - XXE (@sleepingbag945) [critical]
[yonyou-ksoa-dept-sqli] YonYou KSOA common/dept.jsp - SQL injection (@dhiyaneshdk)
[critical]
[yonyou-nc-accept-fileupload] YonYou NC Accept Upload - Arbitray File Upload
(@sleepingbag945) [critical]
[yonyou-nc-baseapp-deserialization] Yonyou NC BaseApp UploadServlet -
Deserialization Detect (@sleepingbag945) [high]
[yonyou-nc-dispatcher-fileupload] Yonyou NC ServiceDispatcher Servlet - Arbitrary
File Upload (@sleepingbag945) [critical]
[yonyou-nc-grouptemplet-fileupload] UFIDA NC Grouptemplet Interface -
Unauthenticated File Upload (@sleepingbag945) [critical]
[yonyou-nc-info-leak] Yonyou UFIDA NC - Information Exposure (@sleepingbag945)
[medium]
[yonyou-nc-ncmessageservlet-rce] UFIDA NC NCMessageServlet - Deserialization RCE
Detection (@sleepingbag945) [critical]
[yonyou-u8-crm-fileupload] UFIDA U8-CRM getemaildata - Arbitary File Upload
(@sleepingbag945,@pussycat0x) [critical]
[yonyou-u8-crm-lfi] UFIDA U8 CRM getemaildata.php - Arbitrary File Read
(@sleepingbag945) [high]
[yonyou-u8-oa-sqli] Yonyou U8 - SQL Injection (@ritikchaddha) [critical]
[yonyou-u8-sqli] Yonyou U8 bx_historyDataCheck - SQL Injection (@xianke) [high]
[yonyou-ufida-nc-lfi] UFIDA NC Portal - Arbitrary File Read (@dhiyaneshdk) [high]
[zend-v1-xss] ZendFramework 1.12.2 - Cross-Site Scripting (@c3l3si4n) [medium]
[unauth-lfd-zhttpd] zhttpd - Local File Inclusion (@evergreencartoons) [high]
[unauth-ztp-ping] Unauthenticated ZyXEL USG ZTP - Detect (@dmartyn) [high]
[zzzcms-info-disclosure] Zzzcms 1.75 - Information Disclosure (@ritikchaddha) [low]
[zzzcms-ssrf] ZzzCMS 1.75 - Server-Side Request Forgery (@ritikchaddha) [high]
[zzzcms-xss] Zzzcms 1.75 - Cross-Site Scripting (@ritikchaddha) [medium]
[mysql-load-file] MySQL LOAD_FILE - Enable (@pussycat0x) [high]
[proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x)
[critical]
[CVE-2016-8706] Memcached Server SASL Authentication - Remote Code Execution
(@pussycat0x) [high]
[CVE-2019-9193] PostgreSQL 9.3-12.3 Authenticated Remote Code Execution
(@pussycat0x) [high]
[CVE-2020-7247] OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution (@princechaddha)
[critical]
[CVE-2023-46604] Apache ActiveMQ - Remote Code Execution
(@ice3man,@mzack9999,@pdresearch) [critical]
[CVE-2023-48795] OpenSSH Terrapin Attack - Detection (@pussycat0x) [medium]
[CVE-2024-23897] Jenkins < 2.441 - Arbitrary File Read
(@iamnoooob,@rootxharsh,@pdresearch) [high]
[mssql-default-logins] Microsoft Sql - Default Logins (@ice3man543,@tarunkoyalwar)
[high]
[postgres-default-logins] Postgres - Default Logins (@ice3man) [high]
[redis-default-logins] Redis - Default Logins (@tarunkoyalwar) [high]
[mysql-show-databases] MySQL - Show Databases (@dhiyaneshdk) [high]
[mysql-show-variables] MySQL - Show Variables (@dhiyaneshdk) [high]
[mysql-user-enum] MySQL - User Enumeration (@pussycat0x) [high]
[pgsql-default-db] Postgresql Default Database - Enumeration (@pussycat0x) [high]
[pgsql-file-read] PostgreSQL File Read (@pussycat0x) [high]
[pgsql-list-database] PostgreSQL List Database (@pussycat0x) [high]
[pgsql-list-password-hashes] PostgreSQL List Password Hashes (@pussycat0x) [high]
[pgsql-list-users] PostgreSQL List Users (@pussycat0x) [high]
[pgsql-version-detect] Postgresql Version - Detect (@pussycat0x) [high]
[rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
[ssh-diffie-hellman-logjam] SSH Diffie-Hellman Modulus <= 1024 Bits (@pussycat0x)
[low]
[mysql-empty-password] MySQL - Empty Password (@dhiyaneshdk) [high]
[pgsql-empty-password] Postgresql Empty Password - Detect (@pussycat0x) [critical]
[pgsql-extensions-rce] PostgreSQL 8.1 Extensions - Remote Code Execution
(@pussycat0x) [high]
[smb-anonymous-access] SMB Anonymous Access Detection (@pussycat0x) [high]
[smb-shares] SMB Shares - Enumeration (@pussycat0x) [low]
[smb-signing-not-required] SMB Signing Not Required (@pussycat0x) [medium]
[ssh-cbc-mode-ciphers] SSH Server CBC Mode Ciphers Enabled (@pussycat0x) [low]
[ssh-weak-algo-supported] SSH Weak Algorithms Supported (@pussycat0x) [medium]
[ssh-weak-mac-algo] SSH Weak MAC Algorithms Enabled (@pussycat0x) [low]
[ssh-weak-public-key] SSH Host Keys < 2048 Bits Considered Weak (@pussycat0x) [low]
[ssh-weakkey-exchange-algo] SSH Weak Key Exchange Algorithms Enabled (@pussycat0x)
[low]
[backdoored-zte] ZTE Router Panel - Detect (@its0x08) [critical]
[CVE-2001-1473] Deprecated SSHv1 Protocol Detection (@iamthefrogy) [high]
[CVE-2011-2523] VSFTPD 2.3.4 - Backdoor Command Execution (@pussycat0x) [critical]
[CVE-2015-3306] ProFTPd - Remote Code Execution (@pdteam) [critical]
[CVE-2016-2004] HP Data Protector - Arbitrary Command Execution (@pussycat0x)
[critical]
[CVE-2016-3510] Oracle WebLogic Server Java Object Deserialization - Remote Code
Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical]
[CVE-2017-3881] Cisco IOS 12.2(55)SE11 - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2017-5645] Apache Log4j Server - Deserialization Command Execution
(@princechaddha) [critical]
[CVE-2018-2628] Oracle WebLogic Server Deserialization - Remote Code Execution
(@milo2012) [critical]
[CVE-2018-2893] Oracle WebLogic Server - Remote Code Execution (@milo2012)
[critical]
[CVE-2020-11981] Apache Airflow <=1.10.10 - Command Injection (@pussycat0x)
[critical]
[CVE-2020-1938] Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability
(@milo2012) [critical]
[CVE-2021-44521] Apache Cassandra Load UDF RCE (@y4er) [critical]
[CVE-2022-0543] Redis Sandbox Escape - Remote Code Execution (@dwisiswant0)
[critical]
[CVE-2022-24706] CouchDB Erlang Distribution - Remote Command Execution
(@mzack9999,@pussycat0x) [critical]
[CVE-2022-31793] muhttpd <=1.1.5 - Local Inclusion (@scent2d) [high]
[CVE-2023-33246] RocketMQ <= 5.1.0 - Remote Code Execution
(@iamnoooob,@rootxharsh,@pdresearch) [critical]
[ftp-anonymous-login] FTP Anonymous Login (@c3l3si4n,@pussycat0x) [medium]
[ftp-weak-credentials] FTP Service - Credential Weakness (@pussycat0x) [high]
[ldap-anonymous-login] LDAP Server NULL Bind Connection Information Disclosure
(@s0obi) [medium]
[cisco-finger-detect] Cisco Finger Daemon Detection (@pussycat0x) [low]
[smb-detect] SMB Detection (@pussycat0x) [low]
[psql-user-enum] PostgreSQL - User Enumeration (@pussycat0x) [low]
[smtp-user-enum] SMTP User Enumeration (@pussycat0x,@userdehghani) [medium]
[cisco-smi-exposure] Cisco Smart Install Endpoints Exposure (@dwisiswant0) [medium]
[exposed-adb] Exposed Android Debug Bridge (@pdteam,@pikpikcu) [critical]
[exposed-dockerd] Docker Daemon Exposed (@arafatansari) [critical]
[exposed-redis] Redis Server - Unauthenticated Access (@pdteam) [high]
[exposed-zookeeper] Apache ZooKeeper - Unauthenticated Access (@pdteam) [high]
[apache-dubbo-unauth] Apache Dubbo - Unauthenticated Access (@j4vaovo) [high]
[apache-rocketmq-broker-unauth] Apache Rocketmq Broker - Unauthenticated Access
(@j4vaovo) [high]
[clamav-unauth] ClamAV Server - Unauthenticated Access (@dwisiswant0) [high]
[clickhouse-unauth] ClickHouse - Unauthorized Access (@lu4nx) [high]
[erlang-daemon] Erlang Port Mapper Daemon (@pussycat0x) [low]
[ganglia-xml-grid-monitor] Ganglia XML Grid Monitor (@geeknik) [low]
[memcached-stats] Memcached stats disclosure (@pdteam) [low]
[mongodb-unauth] MongoDB - Unauthenticated Access (@pdteam) [high]
[sap-router-info-leak] SAPRouter - Routing information leak (@randomstr1ng)
[critical]
[tidb-unauth] TiDB - Unauthenticated Access (@lu4nx) [high]
[unauth-psql] PostgreSQL - Unauthenticated Access (@pussycat0x) [high]
[clockwatch-enterprise-rce] ClockWatch Enterprise - Remote Code Execution (@gy741)
[critical]
[CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@david botelho
mariano) [critical]
[expired-ssl] Expired SSL Certificate (@pdteam) [low]
[kubernetes-fake-certificate] Kubernetes Fake Ingress Certificate - Detect
(@kchason) [low]
[mismatched-ssl-certificate] Mismatched SSL Certificate (@pdteam) [low]
[revoked-ssl-certificate] Revoked SSL Certificate - Detect (@pussycat0x) [low]
[self-signed-ssl] Self Signed SSL Certificate (@righettod,@pdteam) [low]
[untrusted-root-certificate] Untrusted Root Certificate - Detect (@pussycat0x)
[low]
[weak-cipher-suites] Weak Cipher Suites Detection (@pussycat0x) [low]
[INF] Templates clustered: 342 (Reduced 299 Requests)
[INF] Using Interactsh Server: oast.online
[INF] No results found. Better luck next time!
┌─[parrot@parrot]─[~]
└──╼ $
You might also like
- General Cyber Security Interview Questions PDF33% (3)General Cyber Security Interview Questions PDF13 pages
- GitHub - Plandes - Zotsite - Export Zotero To A Stand-Alone Web Site - w1080No ratings yetGitHub - Plandes - Zotsite - Export Zotero To A Stand-Alone Web Site - w10801 page
- 'GitHub - Raphire_Win11Debloat_ A simple, easy to use PowerShell script to remove pre-installed apps from Windows, disable telemetry, r_' - github.comNo ratings yet'GitHub - Raphire_Win11Debloat_ A simple, easy to use PowerShell script to remove pre-installed apps from Windows, disable telemetry, r_' - github.com3 pages
- FreeBSD 10.2 SAMBA (AD Member Server) Richardsonlima - wiki-US Wiki GitHubNo ratings yetFreeBSD 10.2 SAMBA (AD Member Server) Richardsonlima - wiki-US Wiki GitHub1 page
- Bugbounty Cheatsheet - Mohammed Adam (Twitter - Com - Iam - Amdadam)No ratings yetBugbounty Cheatsheet - Mohammed Adam (Twitter - Com - Iam - Amdadam)49 pages
- Bug_Bounty_Arsenal_Tools_Books_Platforms_and_Resources_20250205No ratings yetBug_Bounty_Arsenal_Tools_Books_Platforms_and_Resources_2025020533 pages
- Bug Bytes #71 - 20K Facebook XSS, LevelUp 0x06 & Naffy's NotesNo ratings yetBug Bytes #71 - 20K Facebook XSS, LevelUp 0x06 & Naffy's Notes16 pages
- Blue-Team-Notes at Main Purp1eW0lfBlue-Team-Notes GitHubNo ratings yetBlue-Team-Notes at Main Purp1eW0lfBlue-Team-Notes GitHub157 pages
- GitHub - Dynatrace:Custom-Webhook-PythonNo ratings yetGitHub - Dynatrace:Custom-Webhook-Python1 page
- Bitextor - Bitextor - Bitextor Generates Translation Memories From Multilingual WebsitesNo ratings yetBitextor - Bitextor - Bitextor Generates Translation Memories From Multilingual Websites13 pages
- Pentest Eproc and Apps Whitelist Non IPS WAFNo ratings yetPentest Eproc and Apps Whitelist Non IPS WAF52 pages
- Scan Eproc and APPS With Whitelist Non IPSNo ratings yetScan Eproc and APPS With Whitelist Non IPS49 pages
- Practical Recon Techniques for Bug Hunters & Pen TestersNo ratings yetPractical Recon Techniques for Bug Hunters & Pen Testers38 pages
- PIT - SNMP - File Upload: Enumeration Code Execution Initial Access Privilege EscalationNo ratings yetPIT - SNMP - File Upload: Enumeration Code Execution Initial Access Privilege Escalation23 pages
- To Study The Customer Perceptions of Electronic Food Ordering100% (2)To Study The Customer Perceptions of Electronic Food Ordering72 pages
- GVHD: TS. Phạm Văn Tính SVTH: Đoàn Bảo Trung Phạm Văn Nam Tô Thị Thùy Trang Nguyễn Thị Bích ThủyNo ratings yetGVHD: TS. Phạm Văn Tính SVTH: Đoàn Bảo Trung Phạm Văn Nam Tô Thị Thùy Trang Nguyễn Thị Bích Thủy33 pages
- Amazon Prime Can Be Played at A Time On How Many Devices - Google SearchNo ratings yetAmazon Prime Can Be Played at A Time On How Many Devices - Google Search1 page
- Online Examination System Literature Review100% (2)Online Examination System Literature Review8 pages
- JNTUA R20 B.tech - CSE III IV Year Course Structure SyllabusNo ratings yetJNTUA R20 B.tech - CSE III IV Year Course Structure Syllabus117 pages
- Safelisting PSAT in Proofpoint Protection ServicesNo ratings yetSafelisting PSAT in Proofpoint Protection Services4 pages
- Send PTA syslog Records to SIEM _ CyberArk DocsNo ratings yetSend PTA syslog Records to SIEM _ CyberArk Docs2 pages
- Synopsis ON: "Online Book Management System"No ratings yetSynopsis ON: "Online Book Management System"10 pages
- Unit 2. Getting A Job Act. 3. Writing Task ForumNo ratings yetUnit 2. Getting A Job Act. 3. Writing Task Forum15 pages
- Advantages and Disadvantages of GlobalizationNo ratings yetAdvantages and Disadvantages of Globalization6 pages
- Cloud Computing Security Literature ReviewNo ratings yetCloud Computing Security Literature Review7 pages
- (Onlyfans-Premium-Hack) # (No Human Verification) (NO Password Unlimited Get Unlimited)No ratings yet(Onlyfans-Premium-Hack) # (No Human Verification) (NO Password Unlimited Get Unlimited)2 pages
