Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution 213 WEB Hans Topo
2018-04-16   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) 204 WEB Vitalii Rudnykh
2018-04-10   CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution 124 WEB RedTeam Pentesting
2018-04-04   ProcessMaker Plugin Code Execution 147 WEB Brendan Coles
2018-04-04   DuckDuckGo 4.2.0 WebRTC Private IP Leakage 172 WEB Brendan Coles
2018-04-02   Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) 181 WEB Touhid M.Shaikh
2018-04-02   osCommerce 2.3.4.1 - Remote Code Execution 188 WEB Simon Scannell
2018-04-02   Homematic CCU2 2.29.23 - Remote Command Execution 182 WEB Gregor Kopf
2018-04-02   Homematic CCU2 2.29.23 - Arbitrary File Write 198 WEB Gregor Kopf
2018-03-30   Joomla Component Fields - SQLi Remote Code Execution (Metasploit) 212 WEB luisco100
2018-03-30   Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session) 172 WEB Stefan Horst
2018-03-30   Square 9 GlobalForms 6.2.x Blind SQL Injection 164 WEB Darrell Damstedt
2018-03-29   TwonkyMedia Server 7.0.11-8.5 - Directory Traversal 175 WEB Sven Fassbender
2018-03-27   ClipBucket beats_uploader Unauthenticated Arbitrary File Upload 138 WEB Touhid M.Shaikh
2018-03-26   XenForo 2 - CSS Loader Denial of Service 164 WEB LockedByte
2018-03-26   TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery 175 WEB Mans van Someren
2018-03-26   Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass 343 WEB Matamorphosis
2018-03-22   Cisco node-jos < 0.11.0 - Re-sign Tokens 187 WEB zioBlack
2018-03-21   Intelbras Telefone IP TIP200 LITE - Local File Disclosure 153 WEB anhax0r
2018-03-16   Spring Data REST < 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution 218 WEB Antonio Francesco Sardella
2018-03-13   Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution 163 WEB Chris Lyne
2018-03-13   ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit) 151 WEB Mehmet Ince
2018-03-07   Bravo Tejari Web Portal Cross Site Scripting 146 WEB Arvind V.
2018-02-28   Concrete5 < 8.3.0 - Username / Comments Enumeration 197 WEB Chapman Schleiss
2018-02-26   AsusWRT LAN Unauthenticated Remote Code Execution 186 WEB Pedro Ribeiro
2018-02-26   UserSpice 4.3 - Blind SQL Injection 205 WEB Dolev Farhi
2018-02-07   Hava Tahmin 1.0 Database Disclosure 186 WEB indoushka
2018-02-07   Hazir Site 2.2 Database Disclosure 213 WEB indoushka
2018-02-07   Gateway 1.0 Database Disclosure 191 WEB indoushka
2018-02-07   iPortalx Portal Scripti Database Disclosure 207 WEB indoushka
2018-02-06   Online Voting System - Authentication Bypass 224 WEB Giulio Comi
2018-02-05   Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal 189 WEB Dmitry Chastuhin
2018-01-31   BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure 213 WEB Paul Taylor
2018-01-30   Advantech WebAccess < 8.3 - SQL Injection 178 WEB Chris Lyne
2018-01-29   Asus Router Cross Site Script / Authentication Bypass 189 WEB 4TT4CK3R
2018-01-29   ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password 198 WEB Víctor Calvo
2018-01-24   Kaltura Remote PHP Code Execution 175 WEB Robin Verton
2018-01-24   GoAhead Web Server LD_PRELOAD Arbitrary Module Load 188 WEB h00die
2018-01-24   Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin) 170 WEB Ihsan Sencan
2018-01-22   Simple ASC CMS 1.2 Database Disclosure 163 WEB indoushka
2018-01-22   PHPFreeChat 1.7 - Denial of Service 167 WEB A. Pakbaz
2018-01-19   Primefaces 5.x - Remote Code Execution (Metasploit) 229 WEB Bjoern Schuette
2018-01-16   Adminer 4.3.1 - Server-Side Request Forgery 191 WEB hyp3rlinx
2018-01-16   pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection 160 WEB absolomb
2018-01-12   D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution 183 WEB Cr0n1c
2018-01-12   SAP NetWeaver J2EE Engine 7.40 - SQL Injection 160 WEB Vahagn Vardanyan
2018-01-11   Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload 162 WEB Algeria
2018-01-11   phpCollab 2.5.1 Unauthenticated File Upload 170 WEB Nick Marcoccio
2018-01-10   Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) 188 WEB James Bercegay
2018-01-09   FiberHome LM53Q1 - Multiple Vulnerabilities 174 WEB Ibad Shah
2018-01-05   D-Link DNS-320L 'mydlinkBRionyg' Backdoor 168 WEB James Bercegay
2018-01-05   Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor 158 WEB James Bercegay
2018-01-04   Linksys WVBR0-25 User-Agent Command Execution 161 WEB HeadlessZeke
2018-01-02   Huawei Router HG532 - Arbitrary Command Execution 195 WEB anonymous
2017-12-28   DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download 150 WEB Glafkos Charalambous
2017-12-27   Sendroid < 6.5.0 - SQL Injection 159 WEB Onwuka Gideon
2017-12-21   Ability Mail Server 3.3.2 - Cross-Site Scripting 115 WEB Aloyce J. Makalanga
2017-12-19   Linksys WVBR0 - 'User-Agent' Remote Command Injection 149 WEB nixawk
2017-12-18   ITGuard-Manager 0.0.0.1 - Remote Code Execution 143 WEB Nassim Asrir
2017-12-18   Western Digital MyCloud multi_uploadify File Upload 138 WEB Zenofex
2017-12-14   Microsoft Office DDE Payload Delivery 346 WEB mumbai
2017-12-14   Dup Scout Enterprise 10.0.18 Buffer Overflow 358 WEB Chris Higgins
2017-12-14   pfSense 2.4.1 CSRF Error Page Clickjacking 413 WEB Yorick Koster
2017-12-06   WinduCMS 3.1 - Local File Disclosure 275 WEB Maciek Krupa
2017-12-04   Artica Web Proxy 3.06 - Remote Code Execution 233 WEB hyp3rlinx
2017-12-04   MistServer 2.12 - Cross-Site Scripting 226 WEB hyp3rlinx
2017-12-04   WinduCMS 3.1 Local File Disclosure 217 WEB Maciej Krupa
2017-11-30   osCommerce 2.3.4.1 - Arbitrary File Upload 264 WEB Simon Scannell
2017-11-29   Synology StorageManager 5.2 - Remote Root Command Execution 261 WEB SecuriTeam
2017-11-20   phpMyFAQ 2.9.9 Code Injection 397 WEB tomplixsee
2017-11-15   Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting 162 WEB LiquidWorm
2017-11-14   Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload 415 WEB Omar Mezrag
2017-11-09   Geutebrueck GCore GCoreServer.exe Buffer Overflow 220 WEB Luca Cappiello
2017-11-09   Mako Server 2.5 Command Injection 167 WEB Steven Patterson
2017-11-06   WordPress WP Mobile Detector 3.5 Shell Upload 220 WEB h00die
2017-11-06   Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entit 174 WEB Charles Fol
2017-10-31   Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure 244 WEB mr_me
2017-10-26   PHPMailer 5.2.21 Local File Disclosure 172 WEB Maciej Krupa
2017-10-24   Kaltura < 13.1.0 - Remote Code Execution 177 WEB Robin Verton
2017-10-23   TP-Link WR940N Remote Code Execution 195 WEB Tim Carrington
2017-10-23   Check_MK 1.2.8p25 - Information Disclosure 173 WEB Julien Ahrens
2017-10-17   Webmin 1.850 SSRF / CSRF / Cross Site Scripting 194 WEB hyp3rlinx
2017-10-13   Tomcat JSP Upload Bypass Remote Code Execution 315 WEB peewpw
2017-10-12   Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) 163 WEB Mehmet Ince
2017-10-10   ERS Data System 1.8.1 Java Deserialization 147 WEB West Shepherd
2017-10-10   Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu 298 WEB intx0x80
2017-10-10   ClipBucket 2.8.3 - Remote Code Execution 155 WEB Meisam Monsef
2017-10-10   FileRun < 2017.09.18 - SQL Injection 180 WEB SPARC
2017-09-28   Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation 155 WEB forsec
2017-09-26   FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures 165 WEB LiquidWorm
2017-09-26   FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution 141 WEB LiquidWorm
2017-09-25   Cash Back Comparison Script 1.0 - SQL Injection 151 WEB Ihsan Sencan
2017-09-25   DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit) 154 WEB Mehmet Ince
2017-09-22   Stock Photo Selling 1.0 - SQL Injection 166 WEB Ihsan Sencan
2017-09-21   Disk Pulse Enterprise 9.9.16 GET Buffer Overflow 143 WEB Chance Johnson
2017-09-19   Apache - HTTP OPTIONS Memory Leak 198 WEB Hanno Bock
2017-09-19   DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin) 158 WEB Ihsan Sencan
2017-09-19   Digileave 1.2 - Cross-Site Request Forgery (Update Admin) 159 WEB Ihsan Sencan
2017-09-19   Digirez 3.4 - Cross-Site Request Forgery (Update Admin) 157 WEB Ihsan Sencan
2017-09-18   D-Link DIR8xx Routers - Local Firmware Upload 258 WEB embedi
2017-09-18   D-Link DIR8xx Routers - Root Remote Code Execution 182 WEB embedi
2017-09-18   D-Link DIR8xx Routers - Leak Credentials 157 WEB embedi
2017-09-11   Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin) 172 WEB Ihsan Sencan
2017-09-11   Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection 149 WEB Ihsan Sencan
2017-08-31   Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin) 278 WEB Ali BawazeEer
2017-08-24   Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution 167 WEB LiquidWorm
2017-08-11   DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration 180 WEB LiquidWorm
2017-08-09   Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution 147 WEB Kacper Szurek
2017-08-02   Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload 163 WEB James Fitts
2017-08-02   Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit) 149 WEB James Fitts
2017-07-31   GitHub Enterprise < 2.8.7 - Remote Code Execution 155 WEB orange
2017-07-27   WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting 127 WEB Google Security Research
2017-07-25   ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit) 231 WEB Kacper Szurek
2017-07-21   Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit) 166 WEB xort
2017-07-21   Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit) 150 WEB xort
2017-07-21   Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit) 143 WEB xort
2017-07-19   Easy File Sharing Web Server 7.2 Buffer Overflow 181 WEB N_A
2017-07-18   Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) 176 WEB xort
2017-07-18   Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit) 156 WEB xort
2017-07-17   WDTV Live SMP 2.03.20 - Remote Password Reset 219 WEB Sw1tCh
2017-07-17   Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) 320 WEB Vex Woo
2017-07-13   RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting 137 WEB sultan albalawi
2017-07-12   NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection 200 WEB Paul Taylor
2017-07-03   Humax HG100R 2.0.6 - Backup File Download 222 WEB gambler
2017-06-29   Easy File Sharing Web Server 7.2 - Unrestricted File Upload 274 WEB Chako