Tag: 0day

[webapps] Anote 1.0 – XSS to RCE

[webapps] Internship Portal Management System 1.0 – Remote Code Execution Via File Upload (Unauthenticated)

[webapps] Voting System 1.0 – Time based SQLI (Unauthenticated SQL injection)

[webapps] GetSimple CMS Custom JS 0.1 – CSRF to XSS to RCE

[webapps] Piwigo 11.3.0 – 'language' SQL

[webapps] GitLab Community Edition (CE) 13.10.3 – 'Sign_Up' User Enumeration

[webapps] Moodle 3.6.1 – Persistent Cross-Site Scripting (XSS)

[webapps] Cacti 1.2.12 – 'filter' SQL Injection / Remote Code Execution

[webapps] FOGProject 1.5.9 – File Upload RCE (Authenticated)

[webapps] Kirby CMS 3.5.3.1 – 'file' Cross-Site Scripting (XSS)