| 03-02-2024 |
CVE |
CVE-2023-39297 - QTS 5.1.x, 4.5.x; QuTS hero h5.1.x, h4.5.x; QuTScloud 5.x OS Command Injection |
| 03-02-2024 |
CVE |
CVE-2023-39303 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x Improper Authentication |
| 03-02-2024 |
CVE |
CVE-2023-39302 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection |
| 03-02-2024 |
CVE |
CVE-2023-41281 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection |
| 03-02-2024 |
CVE |
CVE-2023-41282 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection |
| 03-02-2024 |
CVE |
CVE-2023-41283 - QTS 5.1.x, QuTS hero h5.1.x, QuTScloud 5.x OS Command Injection |
| 06-01-2024 |
CVE |
CVE-2023-39294 - QTS 5.1.x, QuTS hero h5.1.x OS Command Injection |
| 24-12-2023 |
POST |
Remedy Invitational Challenge Writeup |
| 10-11-2023 |
CVE |
CVE-2023-41285 - QNAP Qumagie < 2.1.4 SQL Injection |
| 10-11-2023 |
CVE |
CVE-2023-41284 - QNAP Qumagie < 2.1.4 SQL Injection |
| 10-11-2023 |
CVE |
CVE-2023-39295 - QNAP Qumagie < 2.1.3 OS command injection |
| 27-04-2023 |
CVE |
CVE-2023-2336 - Pimcore Path Traversal in Asset "import from server" option |
| 27-04-2023 |
CVE |
CVE-2023-2338 - Pimcore SQL Injection in AssetController |
| 13-04-2023 |
CVE |
CVE-2023-29506 - XWIKI RXSS with authenticate endpoints |
| 13-12-2022 |
CVE |
CVE-2022-46391 - Awstats hostinfo reflected XSS |
| 22-11-2022 |
CVE |
CVE-2022-45152 - Moodle Blind SSRF in LTI provider library |
| 13-08-2022 |
CVE |
CVE-2022-3967 - VestaCP func/main.sh argument injection |
| 18-07-2022 |
CVE |
CVE-2022-35651 - Moodle Stored XSS and blind SSRF possible via SCORM track |
| 18-05-2022 |
EXPLOIT |
VestaCP Multiple vulnerabilities |
| 26-04-2022 |
POST |
VestaCP Multiple Vulnerabilities |
| 15-02-2022 |
EXPLOIT |
CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE |
| 15-02-2022 |
CVE |
CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE |
| 12-02-2022 |
POST |
impressCMS - unauthenticated code execution |
| 07-12-2021 |
EXPLOIT |
CVE-2020-36474 - Vanilla SSRF |
| 05-12-2021 |
POST |
HITCON CTF 2021 Metamon-Verse Writeup |
| 23-11-2021 |
POST |
Moodle Blind SQL injection via MNet authentication |
| 22-10-2021 |
POST |
Moodle - Stored XSS and blind SSRF possible via feedback answer text |
| 20-08-2021 |
POST |
Vanilla - SSRF via media scrape API through dns rebinding |
| 09-08-2021 |
POST |
Roxy-WI through 5.2.2.0 pre-auth RCE |
| 07-08-2021 |
CVE |
CVE-2021-38169 - Roxy-WI through 5.2.2.0 allows authenticated cmd Injection |
| 07-08-2021 |
CVE |
CVE-2021-38168 - Roxy-WI through 5.2.2.0 allows authenticated SQL injection |
| 07-08-2021 |
CVE |
CVE-2021-38167 - Roxy-WI through 5.2.2.0 allows unauthenticated SQL Injection |
| 22-07-2021 |
CVE |
CVE-2021-36396 - Moodle Blind SSRF possible against cURL blocked hosts |
| 17-05-2021 |
CVE |
CVE-2021-32474 - Moodle Blind SQL injection via MNet authentication |
| 17-05-2021 |
EXPLOIT |
3kCTF-2021 - babyrtos exploit |
| 17-05-2021 |
EXPLOIT |
3kCTF-2021 - telnet exploit |
| 17-05-2021 |
POST |
3kCTF-2021 - ppaste writeup |
| 16-03-2021 |
CVE |
CVE-2021-20280 - Moodle Stored XSS and blind SSRF via feedback answer text |
| 11-01-2021 |
POST |
h1CTF - HackyHolidays walkthrough |
| 31-12-2020 |
POST |
iceCTF-2020 - krouter writeup |
| 31-12-2020 |
CVE |
CVE-2020-36474 - safecurl <= 3.3, vanilla forum <= 0.9.2 dns rebind to ssrf |
| 29-09-2020 |
CVE |
CVE-2020-26134 - Live Helper Chat before 3.44v - stored xss |
| 25-07-2020 |
POST |
3kCTF-2020 - babym1ps writeup |
| 25-07-2020 |
EXPLOIT |
3kCTF-2020 - babym1ps exploit |
| 25-07-2020 |
POST |
3kCTF-2020 - reporter writeup |
| 25-07-2020 |
POST |
3kCTF-2020 - Glitch writeup |
| 25-07-2020 |
EXPLOIT |
3kCTF-2020 - Glitch exploit |
| 14-05-2020 |
EXPLOIT |
CVE-2020-12720 - Vbulletin RCE |
