Kevin

5 exploits Active since Oct 2001
CVE-2019-18850 WRITEUP HIGH WRITEUP
TrevorC2 <1.1/1.2 - Info Disclosure
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
CVSS 7.5
CVE-2021-44032 WRITEUP HIGH WRITEUP
TP-Link Omada SDN Software Controller <5.0.15 - Auth Bypass
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
CVSS 7.5
CVE-2024-9094 WRITEUP MEDIUM WRITEUP
code-projects Blood Bank System 1.0 - SQL Injection via bloodname Parameter
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2026-22789 WRITEUP MEDIUM WRITEUP
Wem - Unrestricted File Upload
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19.
CVSS 5.4
CVE-2001-0731 EXPLOITDB text WRITEUP
Apache HTTP Server 1.3.20 - Directory Listing Exposure via Multiviews M=D Query String
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.