|
2017-11-16
|
|
Zeta Components Mail 1.8.1 - Remote Code Execution
|
9 |
WEB
|
MalwareBenchmark
|
|
2017-11-16
|
|
Vonage VDV23 - Cross-Site Scripting
|
9 |
WEB
|
Nu11By73
|
|
2017-11-16
|
|
LanSweeper 6.0.100.75 - Cross-Site Scripting
|
9 |
WEB
|
Miguel Mendez Z
|
|
2017-11-16
|
|
TP-Link TL-WR740N - Cross-Site Scripting
|
10 |
WEB
|
bl00dy
|
|
2017-03-26
|
|
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
|
11 |
WEB
|
SlidingWindow
|
|
2017-11-13
|
|
Kirby CMS < 2.5.7 - Cross-Site Scripting
|
9 |
WEB
|
Ishaq Mohammed
|
|
2017-11-13
|
|
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
|
10 |
WEB
|
0xFFFFFF
|
|
2017-11-11
|
|
MyBB 1.8.13 - Cross-Site Scripting
|
7 |
WEB
|
Pabstersac
|
|
2017-11-11
|
|
MyBB 1.8.13 - Remote Code Execution
|
9 |
WEB
|
Pabstersac
|
|
2017-11-07
|
|
ManageEngine Applications Manager 13 - SQL Injection
|
10 |
WEB
|
Cody Sixteen
|
|
2017-11-07
|
|
pfSense 2.3.1_1 - Command Execution
|
9 |
WEB
|
s4squatch
|
|
2017-11-03
|
|
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
|
11 |
WEB
|
Dewank Pant
|
|
2017-11-03
|
|
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
|
8 |
WEB
|
Dewank Pant
|
|
2017-11-04
|
|
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass
|
9 |
WEB
|
Colette Chamberland
|
|
2017-05-17
|
|
Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entit
|
10 |
WEB
|
Charles Fol
|
|
2017-11-03
|
|
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
|
9 |
WEB
|
RedTeam Pentesting
|
|
2017-11-03
|
|
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
|
10 |
WEB
|
Lenon Leite
|
|
2017-11-01
|
|
Ingenious School Management System 2.3.0 - 'friend_index' SQL injection
|
10 |
WEB
|
Giulio Comi
|
|
2017-11-01
|
|
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
|
9 |
WEB
|
Zain Sabahat
|
|
2017-10-30
|
|
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
|
11 |
WEB
|
mr_me
|
|
2017-10-30
|
|
Ingenious 2.3.0 - Arbitrary File Upload
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
D-Park Pro 1.0 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Adult Script Pro 2.2.4 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Article Directory Script 3.0 - 'id' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
iProject Management System 1.0 - 'ID' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
iStock Management System 1.0 - Arbitrary File Upload
|
11 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
iTech Gigs Script 1.21 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Job Board Script - 'nice_theme' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Mailing List Manager Pro 3.0 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
MyBuilder Clone 1.0 - 'subcategory' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
PG All Share Video 1.0 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
PHP CityPortal 2.0 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Same Sex Dating Software Pro 1.0 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
SoftDatepro Dating Social Network 1.3 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Sokial Social Network Script 1.0 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
tPanel 2009 - Authentication Bypass
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
ZeeBuddy 2x - 'groupid' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Protected Links - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
AROX School ERP PHP Script - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Shareet - 'photo' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
US Zip Codes Database - 'state' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Newspaper 1.0 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
News 1.0 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
MyMagazine 1.0 - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
CmsLite 1.4 - 'S' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Basic B2B Script - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
CPA Lead Reward Script - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Fake Magazine Cover Script - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Nice PHP FAQ Script - 'nice_theme' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Online Exam Test Application - 'sort' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Php Inventory - Arbitrary File Upload
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Website Broker Script - 'status_id' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Zomato Clone Script - 'resid' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
|
7 |
WEB
|
tomplixsee
|
|
2017-10-27
|
|
phpMyFAQ 2.9.8 - Cross-Site Request Forgery
|
12 |
WEB
|
Nikhil Mittal
|
|
2017-10-28
|
|
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
|
9 |
WEB
|
Nikhil Mittal
|
|
2017-10-28
|
|
PHP Melody 2.6.1 - SQL Injection
|
8 |
WEB
|
Venkat Rajgor
|
|
2017-10-25
|
|
PHPMailer < 5.2.21 - Local File Disclosure
|
8 |
WEB
|
Maciek Krupa
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
|
7 |
WEB
|
Ishaq Mohammed
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
|
8 |
WEB
|
Ishaq Mohammed
|
|
2017-10-24
|
|
FS Realtor Clone - 'id' SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Crowdfunding Script - 'id' SQL Injection
|
11 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Care Clone - 'sitterService' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Monster Clone - 'id' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Trademe Clone - 'id' SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Thumbtack Clone - 'ser' SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Shutter Stock Clone - 'keywords' SQL Injection
|
10 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
|
9 |
WEB
|
Anthony Cole
|
|
2017-10-23
|
|
FS OLX Clone - 'catg_id' SQL Injection
|
9 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Lynda Clone - 'category' SQL Injection
|
9 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Indiamart Clone - 'keywords' SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Groupon Clone - 'category' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Freelancer Clone - 'sk' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Expedia Clone - 'hid' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Food Delivery Script - 'keywords' SQL Injection
|
9 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Ebay Clone - 'pd_maincat_id' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Book Store Script - 'category' SQL Injection
|
10 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Amazon Clone - 'category_id' SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Car Rental Script - 'pickup_location' SQL Injection
|
8 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
Kaltura < 13.2.0 - Remote Code Execution
|
10 |
WEB
|
Robin Verton
|
|
2017-10-22
|
|
CometChat < 6.2.0 BETA 1 - Local File Inclusion
|
9 |
WEB
|
Paradoxis
|
|
2017-10-14
|
|
Logitech Media Server - Cross-Site Scripting
|
8 |
WEB
|
Thiago Sena
|
|
2017-10-12
|
|
TP-Link TL-MR3220 - Cross-Site Scripting
|
7 |
WEB
|
Thiago Sena
|
|
2017-10-17
|
|
TP-Link WR940N - (Authenticated) Remote Code
|
8 |
WEB
|
Fidus InfoSecurity
|
|
2017-10-18
|
|
Check_MK 1.2.8p25 - Information Disclosure
|
9 |
WEB
|
Julien Ahrens
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Improper Access Restrictions
|
8 |
WEB
|
Arvind V
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Cross-Site Request Forgery
|
8 |
WEB
|
Arvind V
|
|
2017-10-18
|
|
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
|
10 |
WEB
|
SEC Consult
|
|
2017-10-18
|
|
Linksys E Series - Multiple Vulnerabilities
|
10 |
WEB
|
SEC Consult
|
|
2017-10-17
|
|
WordPress Plugin Car Park Booking - SQL Injection
|
10 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Career Portal 1.0 - SQL Injection
|
10 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
|
8 |
WEB
|
Michael Stepankin & Olga Barinova
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download
|
8 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
|
9 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
|
8 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Privilege Escalation
|
12 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
|
10 |
WEB
|
Pavel Suprunyuk
|
|
2017-10-16
|
|
3CX Phone System 15.5.3554.1 - Directory Traversal
|
9 |
WEB
|
Jens Regel
|
|
2017-10-15
|
|
Webmin 1.850 - Multiple Vulnerabilities
|
6 |
WEB
|
hyp3rlinx
|
|
2017-10-13
|
|
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
|
6 |
WEB
|
Julien Ahrens
|
|
2017-10-13
|
|
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
|
8 |
WEB
|
Ishaq Mohammed
|
|
2017-10-12
|
|
Dreambox Plugin BouquetEditor - Cross-Site Scripting
|
8 |
WEB
|
Thiago Sena
|
|
2017-10-13
|
|
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
|
8 |
WEB
|
CrashBandicot
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Cross Site Scripting
|
8 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'f' SQL Injection
|
9 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'cpfcnpj' SQL Injection
|
8 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Autentication Bypass
|
9 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'q' SQL Injection
|
9 |
WEB
|
Guilherme Assmann
|
|
2017-10-12
|
|
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
|
11 |
WEB
|
Ishaq Mohammed
|
|
2017-10-11
|
|
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
|
11 |
WEB
|
Leonardo Duarte
|
|
2017-10-11
|
|
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Me
|
10 |
WEB
|
Mehmet Ince
|
|
2017-10-11
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
|
9 |
WEB
|
Mehmet Ince
|
|
2017-10-10
|
|
Complain Management System - Hard-Coded Credentials / Blind SQL injection
|
9 |
WEB
|
havysec
|
|
2017-10-09
|
|
ClipShare 7.0 - SQL Injection
|
7 |
WEB
|
8bitsec
|
|
2017-10-09
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
9 |
WEB
|
intx0x80
|
|
2017-08-30
|
|
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery
|
9 |
WEB
|
Dhiraj Mishra
|
|
2017-08-08
|
|
Unitrends UEB 9.1 - Privilege Escalation
|
9 |
WEB
|
Jared Arave
|
|
2017-09-27
|
|
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
|
9 |
WEB
|
Kacper Szurek
|
|
2017-10-04
|
|
ClipBucket 2.8.3 - Remote Code Execution
|
11 |
WEB
|
Meisam Monsef
|
|
2017-09-20
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
9 |
WEB
|
xxlegend
|
|
2017-10-03
|
|
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
|
7 |
WEB
|
Zeeshan Shaikh
|
