1337day-Exploits

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems. View the full article

Online Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability. View the full article

Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload. View the full article

Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability. View the full article

Small CRM version 3.0 suffers from a persistent cross site scripting vulnerability. View the full article

NIMax version 5.3.1f0 suffers from multiple denial of service vulnerabilities. View the full article

Easy Chat Server version 3.1 suffers from a directory traversal vulnerability. View the full article

SonicWall SMA version 10.2.1.0-17sv suffers from a remote password reset vulnerability. View the full article

Macro Expert version 4.7 suffers from an unquoted service path vulnerability. View the full article

WordPress Enfold theme version 4.8.3 suffers from a cross site scripting vulnerability. View the full article

Online Motorcycle (Bike) Rental System version 1.0 suffers from a remote SQL injection vulnerability. View the full article

Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation. View the full article

Backdoor.Win32.LanaFTP.k malware suffers from a heap corruption vulnerability. View the full article

Backdoor.Win32.LanFiltrator.11.b malware suffers from a code execution vulnerability. View the full article

Mitsubishi Electric and INEA SmartRTU suffer from a source code disclosure vulnerability. View the full article