json

日期	标题	类别	作者
2023-04-20	Swagger UI 4.1.3 – User Interface (UI) Misrepresentation of Critical Information	webapps	Rafael Cintra Lopes
2020-10-09	openMAINT 1.1-2.4.2 – Arbitrary File Upload	webapps	mrb3n
2020-10-06	EasyPMS 1.0.0 – Authentication Bypass	webapps	Jok3r
2020-04-21	NSClient++ 0.5.2.35 – Authenticated Remote Code Execution	webapps	kindredsec
2020-02-05	AVideo Platform 8.1 – Cross Site Request Forgery (Password Reset)	webapps	Ihsan Sencan
2020-02-05	Verodin Director Web Console 3.5.4.0 – Remote Authenticated Password Disclosure (PoC)	webapps	nxkennedy
2020-02-05	AVideo Platform 8.1 – Information Disclosure (User Enumeration)	webapps	Ihsan Sencan
2019-10-30	Ajenti 2.1.31 – Remote Code Exection (Metasploit)	webapps	Onur ER
2019-09-25	NPMJS gitlabhook 0.0.17 – ‘repository’ Remote Command Execution	webapps	Semen Alexandrovich Lyhin
2018-11-05	Royal TS/X – Information Disclosure	webapps	Jakub Palaczynski
2018-04-09	CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution	webapps	RedTeam Pentesting
2018-01-21	Shopware 5.2.5/5.3 – Cross-Site Scripting	webapps	Vulnerability-Lab
2017-08-28	NethServer 7.3.1611 – Cross-Site Request Forgery (Create User / Enable SSH Access)	webapps	LiquidWorm
2017-08-28	NethServer 7.3.1611 – Cross-Site Request Forgery / Cross-Site Scripting	webapps	LiquidWorm
2017-07-24	REDDOXX Appliance Build 2032 / 2.0.625 – Arbitrary File Disclosure	webapps	RedTeam Pentesting
2017-07-24	REDDOXX Appliance Build 2032 / 2.0.625 – Remote Command Execution	webapps	RedTeam Pentesting
2017-07-18	Sophos Web Appliance 4.3.0.2 – ‘trafficType’ Remote Command Injection (Metasploit)	webapps	xort
2017-06-02	Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection	webapps	Goran Tuzovic
2017-03-06	Deluge Web UI 1.3.13 – Cross-Site Request Forgery	webapps	Kyle Neideck
2016-06-28	Untangle NGFW 12.1.0 Beta – ‘execEvil()’ Command Injection	webapps	Matt Bush
2016-02-23	Ubiquiti Networks UniFi 3.2.10 – Cross-Site Request Forgery	webapps	Julien Ahrens