Types webapps - 体验盒子 - 不再关注网络安全

日期	标题	类别	作者
2020-11-05	iDS6 DSSPro Digital Signage System 6.2 – Improper Access Control Privilege Escalation	webapps	LiquidWorm
2020-11-05	iDS6 DSSPro Digital Signage System 6.2 – CAPTCHA Security Bypass	webapps	LiquidWorm
2020-11-05	iDS6 DSSPro Digital Signage System 6.2 – Cross-Site Request Forgery (CSRF)	webapps	LiquidWorm
2020-11-04	Student Attendance Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution	webapps	Mosaaed
2020-11-04	School Log Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution	webapps	Mosaaed
2020-11-04	PDW File Browser 1.3 – Remote Code Execution	webapps	David Bimmel
2020-11-04	Processwire CMS 2.4.0 – ‘download’ Local File Inclusion	webapps	Y1LD1R1M
2020-11-03	Complaints Report Management System 1.0 – ‘username’ SQL Injection / Remote Code Execution	webapps	Mosaaed
2020-11-03	Multi Restaurant Table Reservation System 1.0 – ‘table_id’ Unauthenticated SQL Injection	webapps	yunaranyancat
2020-11-02	Monitorr 1.7.6m – Authorization Bypass	webapps	Lyhin\'s Lab
2020-11-02	Monitorr 1.7.6m – Remote Code Execution (Unauthenticated)	webapps	Lyhin\'s Lab
2020-11-02	WordPress Plugin Simple File List 4.2.2 – Arbitrary File Upload	webapps	H4rk3nz0
2020-11-02	Apache Flink 1.9.x – File Upload RCE (Unauthenticated)	webapps	bigger.wing
2020-10-30	DedeCMS v.5.8 – “keyword” Cross-Site Scripting	webapps	Noth
2020-10-30	CSE Bookstore 1.0 – ‘quantity’ Persistent Cross-site Scripting	webapps	Vyshnav nk
2020-10-30	Simple College Website 1.0 – ‘username’ SQL Injection / Remote Code Execution	webapps	yunaranyancat
2020-10-30	Online Job Portal 1.0 – ‘userid’ SQL Injection	webapps	Akıner Kısa
2020-10-30	Citadel WebCit < 926 - Session Hijacking Exploit	webapps	Simone Quatrini
2020-10-29	Genexis Platinum-4410 P4410-V2-1.28 – Cross Site Request Forgery to Reboot	webapps	Mohammed Farhan
2020-10-29	WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request	webapps	Mohammed Althibyani
2020-10-29	Mailman 1.x > 2.1.23 – Cross Site Scripting (XSS)	webapps	Valerio Alessandroni
2020-10-29	Online Examination System 1.0 – ‘name’ Stored Cross Site Scripting	webapps	Nikhil Kumar
2020-10-28	Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 – ‘getPreviewImage’ Directory Traversal/Local File Inclusion	webapps	Ivo Palazzolo
2020-10-28	CSE Bookstore 1.0 – Authentication Bypass	webapps	Alper Basaran