KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass
>> TAG: #remote exploit
KevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass
KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated)
CSZ CMS 1.2.9 – ‘Multiple’ Arbitrary File Deletion
WordPress Plugin KN Fix Your Title 1.0.1 – ‘Separator’ Stored Cross-Site Scripting (XSS)
WordPress Plugin LearnPress 3.2.6.8 – Privilege Escalation
WordPress Plugin LearnPress 3.2.6.7 – ‘current_items’ SQL Injection (Authenticated)
WordPress Plugin Mimetic Books 0.2.13 – ‘Default Publisher ID field’ Stored Cross-Site Scripting (XSS)
Dolibarr ERP/CRM 10.0.6 – Login Brute Force
PEEL Shopping 9.3.0 – ‘id’ Time-based SQL Injection
Seagate BlackArmor NAS sg2000-2000.1331 – Command Injection