|
2018-05-07
|
|
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
|
209 |
WEB
|
Takeshi Terada
|
|
2018-05-03
|
|
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
|
155 |
WEB
|
Jared Arave
|
|
2018-05-03
|
|
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code
|
194 |
WEB
|
SixP4ck3r
|
|
2018-05-03
|
|
osCommerce Installer Unauthenticated Code Execution
|
135 |
WEB
|
Daniel Teixeira
|
|
2018-04-27
|
|
GitList 0.6 - Unauthenticated Remote Code Execution
|
138 |
WEB
|
Kacper Szurek
|
|
2018-04-27
|
|
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
|
113 |
WEB
|
Sven Fassbender
|
|
2018-04-25
|
|
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
|
151 |
WEB
|
Berk Cem Göksel
|
|
2018-04-25
|
|
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
|
154 |
WEB
|
devcoinfet
|
|
2018-04-24
|
|
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
|
108 |
WEB
|
Sebastián Castro
|
|
2018-04-19
|
|
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
|
142 |
WEB
|
SadFud
|
|
2018-04-16
|
|
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
|
148 |
WEB
|
FarazPajohan
|
|
2018-04-16
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
|
189 |
WEB
|
Hans Topo
|
|
2018-04-16
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
|
185 |
WEB
|
Vitalii Rudnykh
|
|
2018-04-10
|
|
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
|
104 |
WEB
|
RedTeam Pentesting
|
|
2018-04-04
|
|
ProcessMaker Plugin Code Execution
|
126 |
WEB
|
Brendan Coles
|
|
2018-04-04
|
|
DuckDuckGo 4.2.0 WebRTC Private IP Leakage
|
151 |
WEB
|
Brendan Coles
|
|
2018-04-02
|
|
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
|
153 |
WEB
|
Touhid M.Shaikh
|
|
2018-04-02
|
|
osCommerce 2.3.4.1 - Remote Code Execution
|
158 |
WEB
|
Simon Scannell
|
|
2018-04-02
|
|
Homematic CCU2 2.29.23 - Remote Command Execution
|
158 |
WEB
|
Gregor Kopf
|
|
2018-04-02
|
|
Homematic CCU2 2.29.23 - Arbitrary File Write
|
172 |
WEB
|
Gregor Kopf
|
|
2018-03-30
|
|
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
|
191 |
WEB
|
luisco100
|
|
2018-03-30
|
|
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
|
149 |
WEB
|
Stefan Horst
|
|
2018-03-30
|
|
Square 9 GlobalForms 6.2.x Blind SQL Injection
|
145 |
WEB
|
Darrell Damstedt
|
|
2018-03-29
|
|
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
|
149 |
WEB
|
Sven Fassbender
|
|
2018-03-27
|
|
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
|
119 |
WEB
|
Touhid M.Shaikh
|
|
2018-03-26
|
|
XenForo 2 - CSS Loader Denial of Service
|
145 |
WEB
|
LockedByte
|
|
2018-03-26
|
|
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
|
159 |
WEB
|
Mans van Someren
|
|
2018-03-26
|
|
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
|
321 |
WEB
|
Matamorphosis
|
|
2018-03-22
|
|
Cisco node-jos < 0.11.0 - Re-sign Tokens
|
171 |
WEB
|
zioBlack
|
|
2018-03-21
|
|
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
|
134 |
WEB
|
anhax0r
|
|
2018-03-16
|
|
Spring Data REST < 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
|
197 |
WEB
|
Antonio Francesco Sardella
|
|
2018-03-13
|
|
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
|
142 |
WEB
|
Chris Lyne
|
|
2018-03-13
|
|
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
|
132 |
WEB
|
Mehmet Ince
|
|
2018-03-07
|
|
Bravo Tejari Web Portal Cross Site Scripting
|
130 |
WEB
|
Arvind V.
|
|
2018-02-28
|
|
Concrete5 < 8.3.0 - Username / Comments Enumeration
|
180 |
WEB
|
Chapman Schleiss
|
|
2018-02-26
|
|
AsusWRT LAN Unauthenticated Remote Code Execution
|
169 |
WEB
|
Pedro Ribeiro
|
|
2018-02-26
|
|
UserSpice 4.3 - Blind SQL Injection
|
187 |
WEB
|
Dolev Farhi
|
|
2018-02-07
|
|
Hava Tahmin 1.0 Database Disclosure
|
163 |
WEB
|
indoushka
|
|
2018-02-07
|
|
Hazir Site 2.2 Database Disclosure
|
191 |
WEB
|
indoushka
|
|
2018-02-07
|
|
Gateway 1.0 Database Disclosure
|
169 |
WEB
|
indoushka
|
|
2018-02-07
|
|
iPortalx Portal Scripti Database Disclosure
|
184 |
WEB
|
indoushka
|
|
2018-02-06
|
|
Online Voting System - Authentication Bypass
|
208 |
WEB
|
Giulio Comi
|
|
2018-02-05
|
|
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
|
169 |
WEB
|
Dmitry Chastuhin
|
|
2018-01-31
|
|
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
|
190 |
WEB
|
Paul Taylor
|
|
2018-01-30
|
|
Advantech WebAccess < 8.3 - SQL Injection
|
158 |
WEB
|
Chris Lyne
|
|
2018-01-29
|
|
Asus Router Cross Site Script / Authentication Bypass
|
168 |
WEB
|
4TT4CK3R
|
|
2018-01-29
|
|
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
|
171 |
WEB
|
Víctor Calvo
|
|
2018-01-24
|
|
Kaltura Remote PHP Code Execution
|
158 |
WEB
|
Robin Verton
|
|
2018-01-24
|
|
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
|
171 |
WEB
|
h00die
|
|
2018-01-24
|
|
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
|
155 |
WEB
|
Ihsan Sencan
|
|
2018-01-22
|
|
Simple ASC CMS 1.2 Database Disclosure
|
143 |
WEB
|
indoushka
|
|
2018-01-22
|
|
PHPFreeChat 1.7 - Denial of Service
|
140 |
WEB
|
A. Pakbaz
|
|
2018-01-19
|
|
Primefaces 5.x - Remote Code Execution (Metasploit)
|
212 |
WEB
|
Bjoern Schuette
|
|
2018-01-16
|
|
Adminer 4.3.1 - Server-Side Request Forgery
|
170 |
WEB
|
hyp3rlinx
|
|
2018-01-16
|
|
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection
|
138 |
WEB
|
absolomb
|
|
2018-01-12
|
|
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
|
166 |
WEB
|
Cr0n1c
|
|
2018-01-12
|
|
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
|
140 |
WEB
|
Vahagn Vardanyan
|
|
2018-01-11
|
|
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
|
142 |
WEB
|
Algeria
|
|
2018-01-11
|
|
phpCollab 2.5.1 Unauthenticated File Upload
|
148 |
WEB
|
Nick Marcoccio
|
|
2018-01-10
|
|
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
|
170 |
WEB
|
James Bercegay
|
|
2018-01-09
|
|
FiberHome LM53Q1 - Multiple Vulnerabilities
|
154 |
WEB
|
Ibad Shah
|
|
2018-01-05
|
|
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
|
147 |
WEB
|
James Bercegay
|
|
2018-01-05
|
|
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
|
140 |
WEB
|
James Bercegay
|
|
2018-01-04
|
|
Linksys WVBR0-25 User-Agent Command Execution
|
136 |
WEB
|
HeadlessZeke
|
|
2018-01-02
|
|
Huawei Router HG532 - Arbitrary Command Execution
|
173 |
WEB
|
anonymous
|
|
2017-12-28
|
|
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download
|
131 |
WEB
|
Glafkos Charalambous
|
|
2017-12-27
|
|
Sendroid < 6.5.0 - SQL Injection
|
138 |
WEB
|
Onwuka Gideon
|
|
2017-12-21
|
|
Ability Mail Server 3.3.2 - Cross-Site Scripting
|
96 |
WEB
|
Aloyce J. Makalanga
|
|
2017-12-19
|
|
Linksys WVBR0 - 'User-Agent' Remote Command Injection
|
130 |
WEB
|
nixawk
|
|
2017-12-18
|
|
ITGuard-Manager 0.0.0.1 - Remote Code Execution
|
123 |
WEB
|
Nassim Asrir
|
|
2017-12-18
|
|
Western Digital MyCloud multi_uploadify File Upload
|
115 |
WEB
|
Zenofex
|
|
2017-12-14
|
|
Microsoft Office DDE Payload Delivery
|
324 |
WEB
|
mumbai
|
|
2017-12-14
|
|
Dup Scout Enterprise 10.0.18 Buffer Overflow
|
337 |
WEB
|
Chris Higgins
|
|
2017-12-14
|
|
pfSense 2.4.1 CSRF Error Page Clickjacking
|
395 |
WEB
|
Yorick Koster
|
|
2017-12-06
|
|
WinduCMS 3.1 - Local File Disclosure
|
257 |
WEB
|
Maciek Krupa
|
|
2017-12-04
|
|
Artica Web Proxy 3.06 - Remote Code Execution
|
216 |
WEB
|
hyp3rlinx
|
|
2017-12-04
|
|
MistServer 2.12 - Cross-Site Scripting
|
207 |
WEB
|
hyp3rlinx
|
|
2017-12-04
|
|
WinduCMS 3.1 Local File Disclosure
|
195 |
WEB
|
Maciej Krupa
|
|
2017-11-30
|
|
osCommerce 2.3.4.1 - Arbitrary File Upload
|
245 |
WEB
|
Simon Scannell
|
|
2017-11-29
|
|
Synology StorageManager 5.2 - Remote Root Command Execution
|
240 |
WEB
|
SecuriTeam
|
|
2017-11-20
|
|
phpMyFAQ 2.9.9 Code Injection
|
378 |
WEB
|
tomplixsee
|
|
2017-11-15
|
|
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
|
145 |
WEB
|
LiquidWorm
|
|
2017-11-14
|
|
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
|
392 |
WEB
|
Omar Mezrag
|
|
2017-11-09
|
|
Geutebrueck GCore GCoreServer.exe Buffer Overflow
|
202 |
WEB
|
Luca Cappiello
|
|
2017-11-09
|
|
Mako Server 2.5 Command Injection
|
148 |
WEB
|
Steven Patterson
|
|
2017-11-06
|
|
WordPress WP Mobile Detector 3.5 Shell Upload
|
202 |
WEB
|
h00die
|
|
2017-11-06
|
|
Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entit
|
156 |
WEB
|
Charles Fol
|
|
2017-10-31
|
|
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
|
227 |
WEB
|
mr_me
|
|
2017-10-26
|
|
PHPMailer 5.2.21 Local File Disclosure
|
151 |
WEB
|
Maciej Krupa
|
|
2017-10-24
|
|
Kaltura < 13.1.0 - Remote Code Execution
|
159 |
WEB
|
Robin Verton
|
|
2017-10-23
|
|
TP-Link WR940N Remote Code Execution
|
177 |
WEB
|
Tim Carrington
|
|
2017-10-23
|
|
Check_MK 1.2.8p25 - Information Disclosure
|
157 |
WEB
|
Julien Ahrens
|
|
2017-10-17
|
|
Webmin 1.850 SSRF / CSRF / Cross Site Scripting
|
173 |
WEB
|
hyp3rlinx
|
|
2017-10-13
|
|
Tomcat JSP Upload Bypass Remote Code Execution
|
293 |
WEB
|
peewpw
|
|
2017-10-12
|
|
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
|
142 |
WEB
|
Mehmet Ince
|
|
2017-10-10
|
|
ERS Data System 1.8.1 Java Deserialization
|
128 |
WEB
|
West Shepherd
|
|
2017-10-10
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
276 |
WEB
|
intx0x80
|
|
2017-10-10
|
|
ClipBucket 2.8.3 - Remote Code Execution
|
136 |
WEB
|
Meisam Monsef
|
|
2017-10-10
|
|
FileRun < 2017.09.18 - SQL Injection
|
157 |
WEB
|
SPARC
|
|
2017-09-28
|
|
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
|
134 |
WEB
|
forsec
|
|
2017-09-26
|
|
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
|
145 |
WEB
|
LiquidWorm
|
|
2017-09-26
|
|
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
|
125 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
Cash Back Comparison Script 1.0 - SQL Injection
|
134 |
WEB
|
Ihsan Sencan
|
|
2017-09-25
|
|
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
|
136 |
WEB
|
Mehmet Ince
|
|
2017-09-22
|
|
Stock Photo Selling 1.0 - SQL Injection
|
146 |
WEB
|
Ihsan Sencan
|
|
2017-09-21
|
|
Disk Pulse Enterprise 9.9.16 GET Buffer Overflow
|
125 |
WEB
|
Chance Johnson
|
|
2017-09-19
|
|
Apache - HTTP OPTIONS Memory Leak
|
180 |
WEB
|
Hanno Bock
|
|
2017-09-19
|
|
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
|
138 |
WEB
|
Ihsan Sencan
|
|
2017-09-19
|
|
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
|
143 |
WEB
|
Ihsan Sencan
|
|
2017-09-19
|
|
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
|
140 |
WEB
|
Ihsan Sencan
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Local Firmware Upload
|
238 |
WEB
|
embedi
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Root Remote Code Execution
|
164 |
WEB
|
embedi
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Leak Credentials
|
141 |
WEB
|
embedi
|
|
2017-09-11
|
|
Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin)
|
153 |
WEB
|
Ihsan Sencan
|
|
2017-09-11
|
|
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection
|
132 |
WEB
|
Ihsan Sencan
|
|
2017-08-31
|
|
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
|
257 |
WEB
|
Ali BawazeEer
|
|
2017-08-24
|
|
Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
|
151 |
WEB
|
LiquidWorm
|
|
2017-08-11
|
|
DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration
|
162 |
WEB
|
LiquidWorm
|
|
2017-08-09
|
|
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
|
130 |
WEB
|
Kacper Szurek
|
|
2017-08-02
|
|
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
|
142 |
WEB
|
James Fitts
|
|
2017-08-02
|
|
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
|
125 |
WEB
|
James Fitts
|
|
2017-07-31
|
|
GitHub Enterprise < 2.8.7 - Remote Code Execution
|
139 |
WEB
|
orange
|
|
2017-07-27
|
|
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
|
110 |
WEB
|
Google Security Research
|
|
2017-07-25
|
|
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
|
213 |
WEB
|
Kacper Szurek
|
|
2017-07-21
|
|
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
|
152 |
WEB
|
xort
|
