Company’s Recruitment Management System 1.0 – ‘Multiple’ SQL Injection (Unauthenticated)
>> TAG: #remote exploit
Company’s Recruitment Management System 1.0 – ‘Multiple’ SQL Injection (Unauthenticated)
Keycloak 12.0.1 – ‘request_uri ‘ Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Cypress Solutions CTM-200/CTM-ONE – Hard-coded Credentials Remote Root (Telnet/SSH)
Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE)
Pharmacy Point of Sale System 1.0 – ‘Add New User’ Cross-Site Request Forgery (CSRF)
Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection
Online Learning System 2.0 – ‘Multiple’ SQLi Authentication Bypass
Simple Issue Tracker System 1.0 – SQLi Authentication Bypass
Student Quarterly Grading System 1.0 – ‘grade’ Stored Cross-Site Scripting (XSS)
Logitech Media Server 8.2.0 – ‘Title’ Cross-Site Scripting (XSS)