Blog Master Pro version 1.0 suffers from a CSV injection vulnerability.
HRSALE The Ultimate HRM 1.0.2 CSV Injection
HRSALE The Ultimate HRM version 1.0.2 suffers from a CSV injection vulnerability.
HRSALE The Ultimate HRM 1.0.2 SQL Injection
HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.
Sitecore.NET 8.1 Directory Traversal
Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.
hik-connect.com / ezvizlife.com Authentication Bypass
A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.
October CMS User 1.4.5 Cross Site Scripting
October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.
SickRage Credential Disclosure
SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.
WordPress WP With Spritz 1.0 File Inclusion
WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.
Jfrog Artifactory Code Execution / Shell Upload
Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.
Drupal drupgeddon3 Remote Code Execution
This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.