Exploits

日期	标题	类型	平台	作者
2020-04-21	jizhi CMS 1.6.7 – Arbitrary File Download	webapps	php	jizhicms
2020-04-21	NSClient++ 0.5.2.35 – Authenticated Remote Code Execution	webapps	json	kindredsec
2020-04-21	Oracle Solaris Common Desktop Environment 1.6 – Local Privilege Escalation	local	solaris	Marco Ivaldi
2020-04-21	IQrouter 3.3.1 Firmware – Remote Code Execution	webapps	hardware	drakylar
2020-04-21	CSZ CMS 1.2.7 – ‘title’ HTML Injection	webapps	php	Metin Yunus Kandemir
2020-04-21	PMB 5.6 – ‘logid’ SQL Injection	webapps	php	41-trk
2020-04-21	CSZ CMS 1.2.7 – Persistent Cross-Site Scripting	webapps	php	Metin Yunus Kandemir
2020-04-20	Centreon 19.10.5 – ‘id’ SQL Injection	webapps	php	Basim Alabdullah
2020-04-20	Unraid 6.8.0 – Auth Bypass PHP Code Execution (Metasploit)	remote	linux	Metasploit
2020-04-20	Atomic Alarm Clock x86 6.3 – ‘AtomicAlarmClock’ Unquoted Service Path	local	windows_x86	boku
2020-04-20	Rubo DICOM Viewer 2.0 – Buffer Overflow (SEH)	local	windows	bzyo
2020-04-20	Nsauditor 3.2.1.0 – Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))	local	windows	Cervoise
2020-04-20	Fork CMS 5.8.0 – Persistent Cross-Site Scripting	webapps	php	Vulnerability-Lab
2020-04-20	Prestashop 1.7.6.4 – Cross-Site Request Forgery	webapps	php	Sivanesh Ashok
2020-04-20	Atomic Alarm Clock 6.3 – Stack Overflow (Unicode+SEH)	local	windows	boku
2020-04-17	Code Blocks 16.01 – Buffer Overflow (SEH) UNICODE	local	windows	T3jv1l
2020-04-17	Nexus Repository Manager – Java EL Injection RCE (Metasploit)	remote	linux	Metasploit
2020-04-17	Cisco IP Phone 11.7 – Denial of service (PoC)	dos	hardware	Jacob Baines
2020-04-17	TAO Open Source Assessment Platform 3.3.0 RC02 – HTML Injection	webapps	php	Vulnerability-Lab
2020-04-17	Playable 9.18 iOS – Persistent Cross-Site Scripting	webapps	ios	Vulnerability-Lab
2020-04-17	Easy MPEG to DVD Burner 1.7.11 – Buffer Overflow (SEH + DEP)	local	windows	Bailey Belisario
2020-04-16	Apache Solr – Remote Code Execution via Velocity Template (Metasploit)	remote	multiple	Metasploit
2020-04-16	VMware Fusion – USB Arbitrator Setuid Privilege Escalation (Metasploit)	local	macos	Metasploit
2020-04-16	DotNetNuke – Cookie Deserialization Remote Code Execution (Metasploit)	remote	windows	Metasploit
2020-04-16	PlaySMS – index.php Unauthenticated Template Injection Code Execution (Metasploit)	remote	php	Metasploit
2020-04-16	Pandora FMS – Ping Authenticated Remote Code Execution (Metasploit)	remote	linux	Metasploit
2020-04-16	ThinkPHP – Multiple PHP Injection RCEs (Metasploit)	remote	linux	Metasploit
2020-04-16	Liferay Portal – Java Unmarshalling via JSONWS RCE (Metasploit)	remote	java	Metasploit
2020-04-16	TP-Link Archer A7/C7 – Unauthenticated LAN Remote Code Execution (Metasploit)	remote	linux_mips	Metasploit
2020-04-15	Xeroneit Library Management System 3.0 – ‘category’ SQL Injection	webapps	php	Sohel Yousef
2020-04-15	File Transfer iFamily 2.1 – Directory Traversal	webapps	ios	Vulnerability-Lab
2020-04-15	DedeCMS 7.5 SP2 – Persistent Cross-Site Scripting	webapps	php	Vulnerability Research Laboratory
2020-04-15	Macs Framework 1.14f CMS – Persistent Cross-Site Scripting	webapps	php	Vulnerability-Lab
2020-04-15	SeedDMS 5.1.18 – Persistent Cross-Site Scripting	webapps	php	Vulnerability-Lab
2020-04-15	Pinger 1.0 – Remote Code Execution	webapps	php	Milad karimi
2020-04-15	SuperBackup 2.0.5 for iOS – Persistent Cross-Site Scripting	webapps	ios	Vulnerability-Lab
2020-04-15	AirDisk Pro 5.5.3 for iOS – Persistent Cross-Site Scripting	webapps	ios	Vulnerability-Lab
2020-04-15	BlazeDVD 7.0.2 – Buffer Overflow (SEH)	local	windows	areyou1or0
2020-04-14	Oracle WebLogic Server 12.2.1.4.0 – Remote Code Execution	webapps	java	nu11secur1ty
2020-04-14	WSO2 3.1.0 – Persistent Cross-Site Scripting	webapps	java	Raki Ben Hamouda
2020-04-14	Edimax Technology EW-7438RPn-v3 Mini 1.27 – Remote Code Execution	webapps	hardware	Wadeek
2020-04-14	B64dec 1.1.2 – Buffer Overflow (SEH Overflow + EggHunter)	local	windows	Andy Bowden
2020-04-13	Webtateas 2.0 – Arbitrary File Read	webapps	php	China Banking and Insurance Information Technology Management Co.
2020-04-13	TVT NVMS 1000 – Directory Traversal	webapps	hardware	Mohin Paramasivam
2020-04-13	Huawei HG630 2 Router – Authentication Bypass	webapps	hardware	Eslam Medhat
2020-04-13	MOVEit Transfer 11.1.1 – ‘token’ Unauthenticated SQL Injection	webapps	php	Aviv Beniash
2020-04-13	WordPress Plugin Media Library Assistant 2.81 – Local File Inclusion	webapps	php	Daniel Monzón
2020-04-13	Free Desktop Clock x86 Venetian Blinds Zipper 3.0 – Unicode Stack Overflow (SEH)	local	windows_x86	boku
2020-04-13	WSO2 3.1.0 – Arbitrary File Delete	webapps	java	Raki Ben Hamouda
2020-04-10	Zen Load Balancer 3.10.1 – ‘index.cgi’ Directory Traversal	webapps	cgi	Basim Alabdullah