|
2000-11-17
|
|
ListMail 112 - Command Execution
|
8 |
WEB
|
teleh0r
|
|
2000-11-15
|
|
News Update 1.1 - Change Admin Password
|
8 |
WEB
|
morpheus[bd]
|
|
2000-11-15
|
|
Poll It CGI 2.0 - Multiple Vulnerabilities
|
8 |
WEB
|
keelis
|
|
2003-12-21
|
|
PHP-Nuke 6.9 - 'cid' SQL Injection
|
8 |
WEB
|
RusH
|
|
2003-12-21
|
|
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
|
8 |
WEB
|
RusH
|
|
2003-07-10
|
|
CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution
|
8 |
WEB
|
knight420
|
|
2003-06-30
|
|
phpBB 2.0.4 - PHP Remote File Inclusion
|
8 |
WEB
|
Spoofed
|
|
2003-06-20
|
|
phpBB 2.0.5 - SQL Injection Password Disclosure
|
9 |
WEB
|
Rick Patel
|
|
2006-05-25
|
|
WordPress Core 2.0.2 - 'cache' Remote Shell Injection
|
12 |
WEB
|
rgod
|
|
2021-03-12
|
|
Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
|
1639 |
WEB
|
Richard Jones
|
|
2021-03-12
|
|
Atlassian JIRA 8.11.1 - User Enumeration
|
566 |
WEB
|
Dolev Farhi
|
|
2021-03-12
|
|
Joomla JCK Editor 6.4.4 - 'parent' SQL Injection
|
713 |
WEB
|
Nicholas Ferreira
|
|
2021-03-12
|
|
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
|
657 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
|
384 |
WEB
|
Mucahit Saratar
|
|
2021-03-03
|
|
Tiny Tiny RSS - Remote Code Execution
|
373 |
WEB
|
Daniel Neagaru
|
|
2021-03-03
|
|
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
|
324 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
|
350 |
WEB
|
Christian Vierschilling
|
|
2021-03-03
|
|
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
|
577 |
WEB
|
Berkan Er
|
|
2020-01-22
|
|
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
|
762 |
WEB
|
TheCyberGeek
|
|
2019-01-04
|
|
Apache CouchDB 2.3.0 Cross Site Request Forgery
|
1047 |
WEB
|
Ozer Goker
|
|
2019-01-03
|
|
Vtiger CRM 7.1.0 Remote Code Execution
|
580 |
WEB
|
Ozkan Mustafa Akkus
|
|
2018-12-25
|
|
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
|
1140 |
WEB
|
VulnSpy
|
|
2018-12-17
|
|
Huawei Router HG532e Command Execution
|
611 |
WEB
|
Rebellion
|
|
2018-12-12
|
|
ThinkPHP 5.x Remote Code Execution
|
1547 |
WEB
|
VulnSpy
|
|
2018-12-12
|
|
WordPress Snap Creek Duplicator Code Injection
|
627 |
WEB
|
Julien Legras
|
|
2018-12-12
|
|
PrestaShop 1.6.x / 1.7.x Remote Code Execution
|
376 |
WEB
|
farisv
|
|
2018-12-10
|
|
i-doit CMDB 1.11.2 - Remote Code Execution
|
283 |
WEB
|
AkkuS
|
|
2018-12-06
|
|
HasanMWB 1.0 SQL Injection
|
371 |
WEB
|
Ihsan Sencan
|
|
2018-12-05
|
|
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
|
193 |
WEB
|
Artem Metla
|
|
2018-12-04
|
|
Apache Superset 0.23 - Remote Code Execution
|
259 |
WEB
|
David May
|
|
2018-12-04
|
|
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
|
229 |
WEB
|
Ihsan Sencan
|
|
2018-12-04
|
|
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
|
143 |
WEB
|
ParagonSec
|
|
2018-12-04
|
|
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
|
149 |
WEB
|
AkkuS
|
|
2018-12-03
|
|
Joomla JCE 2.6.33 Arbitrary File Upload
|
540 |
WEB
|
KingSkrupellos
|
|
2018-12-03
|
|
Schneider Electric PLC - Session Calculation Authentication Bypass
|
173 |
WEB
|
Deneut Tijl
|
|
2018-11-16
|
|
PHP-Proxy 5.1.0 - Local File Inclusion
|
423 |
WEB
|
Ameer Pornillos
|
|
2018-11-14
|
|
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosur
|
190 |
WEB
|
Wadeek
|
|
2018-11-07
|
|
CMS Made Simple 2.2.7 - Remote Code Execution
|
236 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-11-06
|
|
blueimp jQuery Arbitrary File Upload
|
261 |
WEB
|
wvu
|
|
2018-11-06
|
|
PHP Proxy 3.0.3 - Local File Inclusion
|
204 |
WEB
|
AkkuS
|
|
2018-11-06
|
|
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
|
138 |
WEB
|
Ross Inman
|
|
2018-11-06
|
|
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
|
190 |
WEB
|
Chris Lyne
|
|
2018-11-01
|
|
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
|
163 |
WEB
|
Jakub Palaczynski
|
|
2018-10-29
|
|
WordPress Arforms 3.5.1 Arbitrary File Delete
|
259 |
WEB
|
Amir Hossein Mahboubi
|
|
2018-10-25
|
|
Apache OFBiz 16.11.04 - XML External Entity Injection
|
200 |
WEB
|
Jamie Parfet
|
|
2018-10-17
|
|
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
|
102 |
WEB
|
d0wnp0ur
|
|
2018-10-16
|
|
Academic Timetable Final Build 7.0 - Information Disclosure
|
126 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
FLIR Brickstream 3D+ - RTSP Stream Disclosure
|
171 |
WEB
|
LiquidWorm
|
|
2018-10-16
|
|
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
|
191 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FluxBB < 1.5.6 - SQL Injection
|
145 |
WEB
|
secthrowaway
|
|
2018-10-15
|
|
Phoenix Contact WebVisit 2985725 - Authentication Bypass
|
155 |
WEB
|
Photubias
|
|
2018-10-12
|
|
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
|
135 |
WEB
|
Photubias
|
|
2018-10-09
|
|
Imperva SecureSphere 13 - Remote Command Execution
|
197 |
WEB
|
rsp3ar
|
|
2018-10-09
|
|
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
|
178 |
WEB
|
LiquidWorm
|
|
2018-10-08
|
|
Navigate CMS Unauthenticated Remote Code Execution
|
156 |
WEB
|
Pyriphlegethon
|
|
2018-10-08
|
|
Easy File Sharing Web Server 7.2 Domain Name Buffer Overflow
|
123 |
WEB
|
ZwX
|
|
2018-10-08
|
|
ISPConfig < 3.1.13 - Remote Command Execution
|
229 |
WEB
|
0x09AL
|
|
2018-10-08
|
|
H2 Database 1.4.196 - Remote Code Execution
|
235 |
WEB
|
h4ckNinja
|
|
2018-09-25
|
|
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
|
173 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
LG SuperSign EZ CMS 2.5 - Remote Code Execution
|
152 |
WEB
|
Alejandro Fanjul
|
|
2018-09-20
|
|
LG SuperSign EZ CMS 2.5 - Local File Inclusion
|
177 |
WEB
|
Alejandro Fanjul
|
|
2018-09-17
|
|
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
|
166 |
WEB
|
Stephen Shkardoon
|
|
2018-09-13
|
|
LG Smart IP Camera 1508190 - Backup File Download
|
173 |
WEB
|
Ege Balci
|
|
2018-09-13
|
|
CirCarLife SCADA 4.3.0 - Credential Disclosure
|
175 |
WEB
|
SadFud
|
|
2018-09-13
|
|
Seagate Personal Cloud Information Disclosure
|
168 |
WEB
|
Yorick Koster
|
|
2018-09-12
|
|
Tor Browser 7.x NoScript Bypass
|
135 |
WEB
|
x0rz
|
|
2018-09-11
|
|
phpMyAdmin Credential Stealer
|
276 |
WEB
|
Dhiraj Mishra
|
|
2018-09-11
|
|
LW-N605R 12.20.2.1486 - Remote Code Execution
|
166 |
WEB
|
Nassim Asrir
|
|
2018-09-11
|
|
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
|
157 |
WEB
|
Reigning Shells
|
|
2018-09-07
|
|
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
|
201 |
WEB
|
Marko Jokic
|
|
2018-08-30
|
|
Episerver 7 patch 4 - XML External Entity Injection
|
161 |
WEB
|
Jonas Lejon
|
|
2018-08-28
|
|
LiteCart 2.1.2 - Arbitrary File Upload
|
116 |
WEB
|
Haboob Team
|
|
2018-08-27
|
|
KingMedia 4.1 - Remote Code Execution
|
237 |
WEB
|
Efrén Díaz
|
|
2018-08-27
|
|
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
|
325 |
WEB
|
Alfie
|
|
2018-08-27
|
|
ADM 3.1.2RHG1 - Remote Code Execution
|
112 |
WEB
|
Matthew Fulton
|
|
2018-08-27
|
|
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
|
109 |
WEB
|
Maxim Yefimenko
|
|
2018-08-16
|
|
cPanel 76 Cross Site Scripting
|
173 |
WEB
|
Numan OZDEMIR
|
|
2018-08-15
|
|
cgit 1.2.1 - Directory Traversal (Metasploit)
|
116 |
WEB
|
Dhiraj Mishra
|
|
2018-08-10
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
|
122 |
WEB
|
Wadeek
|
|
2018-08-10
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
|
120 |
WEB
|
Wadeek
|
|
2018-08-07
|
|
OpenEMR < 5.0.1 - Remote Code Execution
|
163 |
WEB
|
Cody Zacharias
|
|
2018-08-03
|
|
Seq 4.2.476 Authentication Bypass
|
141 |
WEB
|
Daniel Chactoura
|
|
2018-08-03
|
|
CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
|
105 |
WEB
|
0x09AL
|
|
2018-08-01
|
|
SonicWall Global Management System XMLRPC
|
136 |
WEB
|
Michael Flanders
|
|
2018-08-01
|
|
Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution
|
161 |
WEB
|
Touhid M.Shaikh
|
|
2018-07-31
|
|
H2 Database 1.4.197 Information Disclosure
|
148 |
WEB
|
owodelta
|
|
2018-07-25
|
|
Cisco Adaptive Security Appliance Path Traversal
|
164 |
WEB
|
Angelo Ruwantha
|
|
2018-07-25
|
|
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
|
121 |
WEB
|
Mehmet Ince
|
|
2018-07-25
|
|
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
|
148 |
WEB
|
Nathu Nandwani
|
|
2018-07-25
|
|
Davolink DVW 3200 Router - Password Disclosure
|
124 |
WEB
|
Ankit Anubhav
|
|
2018-07-20
|
|
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
|
164 |
WEB
|
Jacob Robles
|
|
2018-07-19
|
|
PrestaShop < 1.6.1.19 - AES CBC Privilege Escalation Exploit
|
120 |
WEB
|
Charles Fol
|
|
2018-07-19
|
|
PrestaShop < 1.6.1.19 - BlowFish ECD Privilege Escalation Exploit
|
153 |
WEB
|
Charles Fol
|
|
2018-07-19
|
|
Modx Revolution Remote Code Execution
|
114 |
WEB
|
Vitalii Rudnykh
|
|
2018-07-17
|
|
QNAP Q'Center change_passwd Command Execution
|
128 |
WEB
|
Brendan Coles
|
|
2018-07-13
|
|
Apache CouchDB Arbitrary Command Execution
|
130 |
WEB
|
Green-m
|
|
2018-07-13
|
|
phpMyAdmin Authenticated Remote Code Execution
|
208 |
WEB
|
Jacob Robles
|
|
2018-07-12
|
|
Instagram Clone Script 2.0 Cross Site Scripting
|
137 |
WEB
|
Borna Nematzadeh
|
|
2018-07-11
|
|
Monstra CMS Authenticated Arbitrary File Upload
|
191 |
WEB
|
Touhid M.Shaikh
|
|
2018-07-11
|
|
D-Link DIR601 2.02 - Credential Disclosure
|
156 |
WEB
|
Richard Rogerson
|
|
2018-07-11
|
|
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
|
175 |
WEB
|
bobsecq
|
|
2018-07-11
|
|
Gitea 1.4.0 - Remote Code Execution
|
128 |
WEB
|
Kacper Szurek
|
|
2018-07-09
|
|
GitList 0.6.0 Argument Injection
|
144 |
WEB
|
Shelby Pace
|
|
2018-07-05
|
|
CMS Made Simple 2.2.5 - Remote Code Execution
|
225 |
WEB
|
Mustafa Hasan
|
|
2018-07-03
|
|
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
|
162 |
WEB
|
ParagonSec
|
|
2018-07-03
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
|
127 |
WEB
|
RandoriSec
|
|
2018-06-29
|
|
Cisco Adaptive Security Appliance - Path Traversal
|
167 |
WEB
|
Yassine Aboukir
|
|
2018-06-28
|
|
HPE VAN SDN 2.7.18.0503 - Remote Root
|
124 |
WEB
|
KoreLogic
|
|
2018-06-28
|
|
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
|
123 |
WEB
|
Sanjiv Kawa
|
|
2018-06-28
|
|
Apache CouchDB < 2.1.0 - Remote Code Execution
|
136 |
WEB
|
Cody Zacharias
|
|
2018-06-28
|
|
TP-Link TL-WA850RE - Remote Command Execution
|
140 |
WEB
|
yoresongo
|
|
2018-06-11
|
|
userSpice 4.3.24 - Username Enumeration
|
170 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
|
117 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
XiongMai uc-httpd 1.0.0 - Buffer Overflow
|
199 |
WEB
|
Andrew Watson
|
|
2018-06-11
|
|
Monstra CMS < 3.0.4 - Cross-Site Scripting
|
147 |
WEB
|
DEEPIN2
|
|
2018-06-11
|
|
Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)
|
169 |
WEB
|
Kl3_GMjq6
|
|
2018-06-11
|
|
Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
|
150 |
WEB
|
DEEPIN2
|
|
2018-05-28
|
|
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
|
137 |
WEB
|
J. Carrillo Lencina
|
|
2018-05-22
|
|
GitBucket 4.23.1 - Remote Code Execution
|
126 |
WEB
|
Kacper Szurek
|
|
2018-05-18
|
|
Intelbras NCLOUD 300 1.0 - Authentication bypass
|
151 |
WEB
|
Pedro Aguiar
|
|
2018-05-10
|
|
Mantis manage_proj_page PHP Code Execution
|
164 |
WEB
|
Lars Sorenson
|
|
2018-05-08
|
|
Palo Alto Networks readSessionVarsFromFile() Session Corruption
|
152 |
WEB
|
hdm
|
|
2018-05-08
|
|
PlaySMS import.php Code Execution
|
138 |
WEB
|
Touhid M.Shaikh
|
|
2018-05-08
|
|
PlaySMS sendfromfile.php Code Execution
|
137 |
WEB
|
DarkS3curity
|
|
2018-05-07
|
|
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
|
177 |
WEB
|
Tomislav Paskalev
|
