|
2005-03-05
|
|
phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)
|
1 |
WEB
|
PPC
|
|
2005-03-05
|
|
PHP Form Mail 2.3 - Arbitrary File Inclusion
|
1 |
WEB
|
Filip Groszynski
|
|
2005-03-02
|
|
AWStats 5.7 < 6.2 - Multiple Remote s
|
1 |
WEB
|
omin0us
|
|
2005-02-24
|
|
AWStats 5.7 < 6.2 - Multiple Remote
|
2 |
WEB
|
Silentium
|
|
2005-02-22
|
|
vBulletin 3.0.6 - PHP Code Injection
|
2 |
WEB
|
pokley
|
|
2005-02-15
|
|
vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)
|
2 |
WEB
|
AL3NDALEEB
|
|
2005-02-14
|
|
vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)
|
2 |
WEB
|
AL3NDALEEB
|
|
2005-02-12
|
|
MercuryBoard 1.1.1 - SQL Injection
|
2 |
WEB
|
Zeelock
|
|
2005-02-10
|
|
Chipmunk Forums - SQL Injection
|
2 |
WEB
|
GHC
|
|
2005-02-10
|
|
CMScore - SQL Injection
|
2 |
WEB
|
GHC
|
|
2005-02-10
|
|
MyPHP Forum 1.0 - SQL Injection
|
2 |
WEB
|
GHC
|
|
2005-02-09
|
|
PHP-Nuke 7.4 - Admin
|
2 |
WEB
|
Silentium
|
|
2005-02-08
|
|
PostNuke PostWrap Module - Remote File Inclusion / Code Execution
|
2 |
WEB
|
ALBANIA SECURITY
|
|
2005-02-05
|
|
PerlDesk 1.x - SQL Injection
|
2 |
WEB
|
deluxe89
|
|
2005-02-04
|
|
LiteForum 2.1.1 - SQL Injection
|
1 |
WEB
|
RusH
|
|
2005-01-25
|
|
Siteman 1.1.10 - Remote Administrative Account Addition
|
1 |
WEB
|
Noam Rathaus
|
|
2005-01-25
|
|
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution
|
2 |
WEB
|
GHC
|
|
2005-01-25
|
|
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution
|
1 |
WEB
|
THUNDER
|
|
2005-01-13
|
|
ITA Forum 1.49 - SQL Injection
|
1 |
WEB
|
RusH
|
|
2005-01-04
|
|
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista
|
2 |
WEB
|
Severino Honorato
|
|
2005-01-04
|
|
QwikiWiki - Directory Traversal
|
1 |
WEB
|
Madelman
|
|
2004-12-25
|
|
PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
|
2 |
WEB
|
anonymous
|
|
2004-12-25
|
|
Sanity.b - phpBB 2.0.10 Bot Install (AOL/Yahoo Search)
|
2 |
WEB
|
anonymous
|
|
2004-12-22
|
|
e107 - 'include()' Remote File Upload
|
2 |
WEB
|
sysbug
|
|
2004-12-22
|
|
phpMyChat 0.14.5 - Remote Improper File Permissions
|
1 |
WEB
|
sysbug
|
|
2004-12-22
|
|
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload
|
2 |
WEB
|
anonymous
|
|
2004-12-17
|
|
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak
|
1 |
WEB
|
overdose
|
|
2004-12-05
|
|
phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Code Execution
|
2 |
WEB
|
evilrabbi
|
|
2004-12-03
|
|
phpBB 2.0.10 - Remote Command Execution (CGI)
|
1 |
WEB
|
ZzagorR
|
|
2004-11-25
|
|
Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal
|
1 |
WEB
|
Zero X
|
|
2004-11-22
|
|
Invision Power Board 2.0.0 < 2.0.2 - SQL Injection
|
2 |
WEB
|
RusH
|
|
2004-11-22
|
|
phpBB 2.0.10 - Remote Command Execution
|
2 |
WEB
|
RusH
|
|
2004-11-21
|
|
GFHost PHP GMail - Remote Command Execution
|
2 |
WEB
|
spabam
|
|
2004-11-20
|
|
TWiki 20030201 - 'search.pm' Remote Command Execution
|
2 |
WEB
|
RoMaNSoFt
|
|
2004-11-16
|
|
MiniBB 1.7f - 'user' SQL Injection
|
2 |
WEB
|
anonymous
|
|
2004-11-15
|
|
vBulletin - 'LAST.php' SQL Injection
|
2 |
WEB
|
anonymous
|
|
2004-11-15
|
|
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force
|
2 |
WEB
|
RusH
|
|
2004-10-13
|
|
ocPortal 1.0.3 - Remote File Inclusion
|
1 |
WEB
|
Exoduks
|
|
2004-10-10
|
|
WordPress Core 1.2 - HTTP Splitting
|
1 |
WEB
|
Tenable NS
|
|
2004-09-30
|
|
Silent Storm Portal - Multiple Vulnerabilities
|
1 |
WEB
|
CHT Security Research
|
|
2004-09-28
|
|
S9Y Serendipity 0.7-beta1 - SQL Injection
|
2 |
WEB
|
aCiDBiTS
|
|
2004-09-16
|
|
PHP-Nuke - SQL Injection Edit/Save Messages
|
2 |
WEB
|
iko94
|
|
2004-09-13
|
|
Turbo Seek - Null Byte Error Discloses Files
|
2 |
WEB
|
durito
|
|
2004-09-08
|
|
PHP-Nuke 7.4 - Privilege Escalation
|
2 |
WEB
|
mantra
|
|
2004-09-01
|
|
TorrentTrader 1.0 RC2 - SQL Injection
|
1 |
WEB
|
aCiDBiTS
|
|
2004-08-21
|
|
AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution
|
1 |
WEB
|
Johnathan Bat
|
|
2004-08-20
|
|
phpMyWebhosting - SQL Injection
|
1 |
WEB
|
Noam Rathaus
|
|
2004-08-08
|
|
PHP 4.3.7 - 'php-exec-dir' Patch Command Access Restriction Bypass
|
1 |
WEB
|
VeNoMouS
|
|
2004-07-04
|
|
phpMyAdmin 2.5.7 - Remote code Injection
|
1 |
WEB
|
Nasir Simbolon
|
|
2001-03-04
|
|
sendtemp.pl - Read Access to Files
|
2 |
WEB
|
Tom Parker
|
|
2001-01-12
|
|
Fastgraf's whois.cgi - Remote Command Execution
|
2 |
WEB
|
Marco van Berkum
|
|
2000-11-17
|
|
UtilMind Mail List 1.7 - Users Can Execute Commands
|
2 |
WEB
|
teleh0r
|
|
2000-11-17
|
|
ListMail 112 - Command Execution
|
2 |
WEB
|
teleh0r
|
|
2000-11-15
|
|
News Update 1.1 - Change Admin Password
|
2 |
WEB
|
morpheus[bd]
|
|
2000-11-15
|
|
Poll It CGI 2.0 - Multiple Vulnerabilities
|
3 |
WEB
|
keelis
|
|
2003-12-21
|
|
PHP-Nuke 6.9 - 'cid' SQL Injection
|
2 |
WEB
|
RusH
|
|
2003-12-21
|
|
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
|
1 |
WEB
|
RusH
|
|
2003-07-10
|
|
CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution
|
2 |
WEB
|
knight420
|
|
2003-06-30
|
|
phpBB 2.0.4 - PHP Remote File Inclusion
|
2 |
WEB
|
Spoofed
|
|
2003-06-20
|
|
phpBB 2.0.5 - SQL Injection Password Disclosure
|
2 |
WEB
|
Rick Patel
|
|
2006-05-25
|
|
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
|
2 |
WEB
|
rgod
|
|
2021-03-12
|
|
Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
|
1630 |
WEB
|
Richard Jones
|
|
2021-03-12
|
|
Atlassian JIRA 8.11.1 - User Enumeration
|
558 |
WEB
|
Dolev Farhi
|
|
2021-03-12
|
|
Joomla JCK Editor 6.4.4 - 'parent' SQL Injection
|
704 |
WEB
|
Nicholas Ferreira
|
|
2021-03-12
|
|
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
|
644 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
|
373 |
WEB
|
Mucahit Saratar
|
|
2021-03-03
|
|
Tiny Tiny RSS - Remote Code Execution
|
365 |
WEB
|
Daniel Neagaru
|
|
2021-03-03
|
|
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
|
316 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
|
339 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
|
570 |
WEB
|
Berkan Er
|
|
2020-01-22
|
|
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
|
744 |
WEB
|
TheCyberGeek
|
|
2019-01-04
|
|
Apache CouchDB 2.3.0 Cross Site Request Forgery
|
1035 |
WEB
|
Ozer Goker
|
|
2019-01-03
|
|
Vtiger CRM 7.1.0 Remote Code Execution
|
570 |
WEB
|
Ozkan Mustafa Akkus
|
|
2018-12-25
|
|
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
|
1131 |
WEB
|
VulnSpy
|
|
2018-12-17
|
|
Huawei Router HG532e Command Execution
|
596 |
WEB
|
Rebellion
|
|
2018-12-12
|
|
ThinkPHP 5.x Remote Code Execution
|
1539 |
WEB
|
VulnSpy
|
|
2018-12-12
|
|
WordPress Snap Creek Duplicator Code Injection
|
620 |
WEB
|
Julien Legras
|
|
2018-12-12
|
|
PrestaShop 1.6.x / 1.7.x Remote Code Execution
|
364 |
WEB
|
farisv
|
|
2018-12-10
|
|
i-doit CMDB 1.11.2 - Remote Code Execution
|
276 |
WEB
|
AkkuS
|
|
2018-12-06
|
|
HasanMWB 1.0 SQL Injection
|
364 |
WEB
|
Ihsan Sencan
|
|
2018-12-05
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
|
186 |
WEB
|
Artem Metla
|
|
2018-12-04
|
|
Apache Superset 0.23 - Remote Code Execution
|
249 |
WEB
|
David May
|
|
2018-12-04
|
|
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
|
218 |
WEB
|
Ihsan Sencan
|
|
2018-12-04
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
|
134 |
WEB
|
ParagonSec
|
|
2018-12-04
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
|
139 |
WEB
|
AkkuS
|
|
2018-12-03
|
|
Joomla JCE 2.6.33 Arbitrary File Upload
|
529 |
WEB
|
KingSkrupellos
|
|
2018-12-03
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass
|
163 |
WEB
|
Deneut Tijl
|
|
2018-11-16
|
|
PHP-Proxy 5.1.0 - Local File Inclusion
|
412 |
WEB
|
Ameer Pornillos
|
|
2018-11-14
|
|
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosur
|
182 |
WEB
|
Wadeek
|
|
2018-11-07
|
|
CMS Made Simple 2.2.7 - Remote Code Execution
|
228 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-11-06
|
|
blueimp jQuery Arbitrary File Upload
|
249 |
WEB
|
wvu
|
|
2018-11-06
|
|
PHP Proxy 3.0.3 - Local File Inclusion
|
193 |
WEB
|
AkkuS
|
|
2018-11-06
|
|
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
|
129 |
WEB
|
Ross Inman
|
|
2018-11-06
|
|
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
|
181 |
WEB
|
Chris Lyne
|
|
2018-11-01
|
|
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
|
154 |
WEB
|
Jakub Palaczynski
|
|
2018-10-29
|
|
WordPress Arforms 3.5.1 Arbitrary File Delete
|
251 |
WEB
|
Amir Hossein Mahboubi
|
|
2018-10-25
|
|
Apache OFBiz 16.11.04 - XML External Entity Injection
|
190 |
WEB
|
Jamie Parfet
|
|
2018-10-17
|
|
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
|
97 |
WEB
|
d0wnp0ur
|
|
2018-10-16
|
|
Academic Timetable Final Build 7.0 - Information Disclosure
|
113 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
FLIR Brickstream 3D+ - RTSP Stream Disclosure
|
159 |
WEB
|
LiquidWorm
|
|
2018-10-16
|
|
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
|
183 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FluxBB < 1.5.6 - SQL Injection
|
131 |
WEB
|
secthrowaway
|
|
2018-10-15
|
|
Phoenix Contact WebVisit 2985725 - Authentication Bypass
|
143 |
WEB
|
Photubias
|
|
2018-10-12
|
|
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
|
122 |
WEB
|
Photubias
|
|
2018-10-09
|
|
Imperva SecureSphere 13 - Remote Command Execution
|
186 |
WEB
|
rsp3ar
|
|
2018-10-09
|
|
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
|
169 |
WEB
|
LiquidWorm
|
|
2018-10-08
|
|
Navigate CMS Unauthenticated Remote Code Execution
|
146 |
WEB
|
Pyriphlegethon
|
|
2018-10-08
|
|
Easy File Sharing Web Server 7.2 Domain Name Buffer Overflow
|
114 |
WEB
|
ZwX
|
|
2018-10-08
|
|
ISPConfig < 3.1.13 - Remote Command Execution
|
218 |
WEB
|
0x09AL
|
|
2018-10-08
|
|
H2 Database 1.4.196 - Remote Code Execution
|
223 |
WEB
|
h4ckNinja
|
|
2018-09-25
|
|
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
|
166 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
LG SuperSign EZ CMS 2.5 - Remote Code Execution
|
144 |
WEB
|
Alejandro Fanjul
|
|
2018-09-20
|
|
LG SuperSign EZ CMS 2.5 - Local File Inclusion
|
166 |
WEB
|
Alejandro Fanjul
|
|
2018-09-17
|
|
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
|
155 |
WEB
|
Stephen Shkardoon
|
|
2018-09-13
|
|
LG Smart IP Camera 1508190 - Backup File Download
|
161 |
WEB
|
Ege Balci
|
|
2018-09-13
|
|
CirCarLife SCADA 4.3.0 - Credential Disclosure
|
165 |
WEB
|
SadFud
|
|
2018-09-13
|
|
Seagate Personal Cloud Information Disclosure
|
161 |
WEB
|
Yorick Koster
|
|
2018-09-12
|
|
Tor Browser 7.x NoScript Bypass
|
125 |
WEB
|
x0rz
|
|
2018-09-11
|
|
phpMyAdmin Credential Stealer
|
266 |
WEB
|
Dhiraj Mishra
|
|
2018-09-11
|
|
LW-N605R 12.20.2.1486 - Remote Code Execution
|
156 |
WEB
|
Nassim Asrir
|
|
2018-09-11
|
|
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
|
146 |
WEB
|
Reigning Shells
|
|
2018-09-07
|
|
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
|
191 |
WEB
|
Marko Jokic
|
|
2018-08-30
|
|
Episerver 7 patch 4 - XML External Entity Injection
|
152 |
WEB
|
Jonas Lejon
|
|
2018-08-28
|
|
LiteCart 2.1.2 - Arbitrary File Upload
|
108 |
WEB
|
Haboob Team
|
|
2018-08-27
|
|
KingMedia 4.1 - Remote Code Execution
|
228 |
WEB
|
Efrén Díaz
|
