# 0DAY

- [ADManager Plus Build < 7230 Elevation Of Privilege Vulnerability (CVE-2025-9435)](/0day/admanager-plus-build-less-than-7230-elevation-of-privilege-vulnerability-cve-2025-9435.md)
- [ADManager Plus Build < 7210 Elevation of Privilege Vulnerability (CVE-2024-24409)](/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409.md)
- [Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets (CVE-2023-48003)](/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003.md)
- [ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure (CVE-2023-31492)](/0day/manageengine-admanager-plus-build-less-than-7183-recovery-password-disclosure-cve-2023-31492.md)
- [Multiple ManageEngine Applications Critical Information Disclosure Vulnerability](/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability.md): The NTLMv2 hash of the domain user or the computer accounts, can be obtained coercing the target server authenticates an arbitrary SMB server. (CVE-2022-29457)
- [Thecus N4800Eco Nas Server Control Panel Comand Injection](/0day/thecus-n4800eco-nas-server-control-panel-comand-injection.md): Command Injection vulnerability that lets attacker for executing command with root privileges.
- [ManageEngine ADSelfService Plus 6.1 CSV Injection (CVE-2021-33256)](/0day/manageengine-adselfservice-plus-6.1-csv-injection.md): Obtain reverse shell in the domain environment exploiting CSV injection vulnerability
- [Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758)](/0day/openlitespeed-web-server-1.7.8-command-injection-to-privilege-escalation-cve-2021-26758.md): Openlitespeed Web Server 1.7.8 - Command Injection to Privilege Escalation (CVE-2021-26758)
- [KLOG Server (Authenticated) Command Injection (CVE-2021-3317)](/0day/klog-server-authenticated-command-injection.md): Klog Server 2.4.1 - Command Injection (Authenticated)
- [Cokpit version 234 - Server Side Request Forgery (CVE-2020-35850)](/0day/cokpit-version-234-server-side-request-forgery-cve-2020-35850.md): Cockpit Version 234 - sshd Service Scanning via Server-Side Request Forgery (Unauthenticated)
- [KLOG Server Unauthenticated Command Injection (CVE-2020-35729)](/0day/klog-server-unauthentication-command-injection.md)
- [Pearson Vue - VUEApplicationWrapper Unquoted Service Path (CVE-2020-36154)](/0day/pearson-vue-vueapplicationwrapper-unquoted-service-path.md): Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path
- [Intel(r) Management and Security Application 5.2 - UNS Unquoted Service Path](/0day/intel-uns-unquoted-service-path.md): Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path Privilege Escalation
- [BRAdmin Professional 3.75 - Unquoted Service Path](/0day/bradmin-professional-3.75-unquoted-service-path.md): BRAdmin Professional 3.75 - BRA\_Scheduler Unquoted Service Path Privilege Escalation