|
2017-10-13
|
|
Tomcat JSP Upload Bypass Remote Code Execution
|
304 |
WEB
|
peewpw
|
|
2017-10-12
|
|
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
|
152 |
WEB
|
Mehmet Ince
|
|
2017-10-10
|
|
ERS Data System 1.8.1 Java Deserialization
|
138 |
WEB
|
West Shepherd
|
|
2017-10-10
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
289 |
WEB
|
intx0x80
|
|
2017-10-10
|
|
ClipBucket 2.8.3 - Remote Code Execution
|
146 |
WEB
|
Meisam Monsef
|
|
2017-10-10
|
|
FileRun < 2017.09.18 - SQL Injection
|
169 |
WEB
|
SPARC
|
|
2017-09-28
|
|
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
|
148 |
WEB
|
forsec
|
|
2017-09-26
|
|
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
|
158 |
WEB
|
LiquidWorm
|
|
2017-09-26
|
|
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
|
133 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
Cash Back Comparison Script 1.0 - SQL Injection
|
141 |
WEB
|
Ihsan Sencan
|
|
2017-09-25
|
|
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
|
144 |
WEB
|
Mehmet Ince
|
|
2017-09-22
|
|
Stock Photo Selling 1.0 - SQL Injection
|
156 |
WEB
|
Ihsan Sencan
|
|
2017-09-21
|
|
Disk Pulse Enterprise 9.9.16 GET Buffer Overflow
|
134 |
WEB
|
Chance Johnson
|
|
2017-09-19
|
|
Apache - HTTP OPTIONS Memory Leak
|
188 |
WEB
|
Hanno Bock
|
|
2017-09-19
|
|
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
|
147 |
WEB
|
Ihsan Sencan
|
|
2017-09-19
|
|
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
|
151 |
WEB
|
Ihsan Sencan
|
|
2017-09-19
|
|
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
|
149 |
WEB
|
Ihsan Sencan
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Local Firmware Upload
|
251 |
WEB
|
embedi
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Root Remote Code Execution
|
174 |
WEB
|
embedi
|
|
2017-09-18
|
|
D-Link DIR8xx Routers - Leak Credentials
|
149 |
WEB
|
embedi
|
|
2017-09-11
|
|
Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin)
|
165 |
WEB
|
Ihsan Sencan
|
|
2017-09-11
|
|
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection
|
140 |
WEB
|
Ihsan Sencan
|
|
2017-08-31
|
|
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
|
269 |
WEB
|
Ali BawazeEer
|
|
2017-08-24
|
|
Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
|
158 |
WEB
|
LiquidWorm
|
|
2017-08-11
|
|
DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration
|
172 |
WEB
|
LiquidWorm
|
|
2017-08-09
|
|
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
|
137 |
WEB
|
Kacper Szurek
|
|
2017-08-02
|
|
Advantech SUSIAccess <= 3.0 - 'RecoveryMgmt' File Upload
|
152 |
WEB
|
James Fitts
|
|
2017-08-02
|
|
Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure (Metasploit)
|
135 |
WEB
|
James Fitts
|
|
2017-07-31
|
|
GitHub Enterprise < 2.8.7 - Remote Code Execution
|
146 |
WEB
|
orange
|
|
2017-07-27
|
|
WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting
|
117 |
WEB
|
Google Security Research
|
|
2017-07-25
|
|
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
|
223 |
WEB
|
Kacper Szurek
|
|
2017-07-21
|
|
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
|
159 |
WEB
|
xort
|
|
2017-07-21
|
|
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
|
143 |
WEB
|
xort
|
|
2017-07-21
|
|
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
|
130 |
WEB
|
xort
|
|
2017-07-19
|
|
Easy File Sharing Web Server 7.2 Buffer Overflow
|
172 |
WEB
|
N_A
|
|
2017-07-18
|
|
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)
|
167 |
WEB
|
xort
|
|
2017-07-18
|
|
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
|
145 |
WEB
|
xort
|
|
2017-07-17
|
|
WDTV Live SMP 2.03.20 - Remote Password Reset
|
210 |
WEB
|
Sw1tCh
|
|
2017-07-17
|
|
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC)
|
311 |
WEB
|
Vex Woo
|
|
2017-07-13
|
|
RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting
|
128 |
WEB
|
sultan albalawi
|
|
2017-07-12
|
|
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
|
191 |
WEB
|
Paul Taylor
|
|
2017-07-03
|
|
Humax HG100R 2.0.6 - Backup File Download
|
215 |
WEB
|
gambler
|
|
2017-06-29
|
|
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
|
264 |
WEB
|
Chako
|
|
2017-06-26
|
|
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
|
98 |
WEB
|
Marco Rivoli
|
|
2017-06-26
|
|
Symantec Messaging Gateway Remote Code Execution
|
147 |
WEB
|
Mehmet Ince
|
|
2017-06-26
|
|
Netgear DGN2200 dnslookup.cgi Command Injection
|
122 |
WEB
|
thecarterb
|
|
2017-06-22
|
|
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
|
171 |
WEB
|
phackt_ul
|
|
2017-06-20
|
|
D-Link ADSL DSL-2640B SEA_1.01 Unauthenticated Remote DNS Changer
|
303 |
WEB
|
Todor Donev
|
|
2017-06-20
|
|
D-Link DSL-2640B - Unauthenticated Remote DNS Change
|
135 |
WEB
|
Todor Donev
|
|
2017-06-20
|
|
D-Link DSL-2640U - Unauthenticated DNS Change
|
197 |
WEB
|
Todor Donev
|
|
2017-06-20
|
|
Beetel BCM96338 Router - Unauthenticated DNS Change
|
217 |
WEB
|
Todor Donev
|
|
2017-06-20
|
|
UTstarcom WA3002G4 - Unauthenticated DNS Change
|
154 |
WEB
|
Todor Donev
|
|
2017-06-20
|
|
iBall Baton iB-WRA150N - Unauthenticated DNS Change
|
198 |
WEB
|
Todor Donev
|
|
2017-06-16
|
|
Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution
|
251 |
WEB
|
Ike-Clinton
|
|
2017-06-14
|
|
MyBB 1.8.12 Stored XSS / File Enumeration
|
235 |
WEB
|
MLT
|
|
2017-06-13
|
|
EFS Easy Chat Server 3.1 - Password Reset
|
305 |
WEB
|
Aitezaz Mohsin
|
|
2017-06-13
|
|
EFS Easy Chat Server 3.1 - Password Disclosure
|
123 |
WEB
|
Aitezaz Mohsin
|
|
2017-06-13
|
|
IPFire 2.19 - Remote Code Execution
|
153 |
WEB
|
0x09AL
|
|
2017-06-07
|
|
Kronos Telestaff < 2.92EU29 - SQL Injection
|
143 |
WEB
|
Goran Tuzovic
|
|
2017-06-06
|
|
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
|
183 |
WEB
|
LiquidWorm
|
|
2017-06-02
|
|
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
|
148 |
WEB
|
Gregory Draperi
|
|
2017-06-01
|
|
WebKit CachedFrameBase::restore Universal Cross Site Scripting
|
102 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit Element::setAttributeNodeNS Use-After-Free
|
119 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit CachedFrame Universal Cross Site Scripting
|
132 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check
|
127 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit JSC JSObject::ensureLength Failure Check
|
119 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit Document::prepareForDestruction / CachedFrame Universal XSS
|
121 |
WEB
|
lokihardt
|
|
2017-05-31
|
|
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
|
199 |
WEB
|
Simone Margaritelli
|
|
2017-05-31
|
|
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
|
111 |
WEB
|
SecuriTeam
|
|
2017-05-31
|
|
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
|
145 |
WEB
|
SecuriTeam
|
|
2017-05-31
|
|
uc-http Daemon - Local File Inclusion / Directory Traversal
|
116 |
WEB
|
Project Insecurity
|
|
2017-05-31
|
|
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site S
|
92 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
|
111 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
|
97 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
|
83 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scriptin
|
107 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
133 |
WEB
|
f3ci
|
|
2017-05-23
|
|
VX Search Enterprise GET Buffer Overflow
|
173 |
WEB
|
Daniel Teixeira
|
|
2017-05-23
|
|
Sync Breeze Enterprise GET Buffer Overflow
|
132 |
WEB
|
Daniel Teixeira
|
|
2017-05-23
|
|
MediaWiki SyntaxHighlight Extension Option Injection
|
247 |
WEB
|
Yorick Koster
|
|
2017-05-22
|
|
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
|
78 |
WEB
|
hyp3rlinx
|
|
2017-05-15
|
|
miniupnpc 2.0.20170421 Denial Of Service
|
263 |
WEB
|
oststrom
|
|
2017-05-11
|
|
ASUS Routers CSRF / Information Disclosure
|
227 |
WEB
|
Yakov Shafranovich
|
|
2017-05-10
|
|
LogRhythm Network Monitor - Authentication Bypass / Command Injection
|
130 |
WEB
|
Francesco Oddo
|
|
2017-05-05
|
|
WordPress 4.6 - Unauthenticated Remote Code Execution
|
246 |
WEB
|
Dawid Golunski
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
|
103 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
|
199 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
|
116 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
|
113 |
WEB
|
David Tomaschik
|
|
2017-04-28
|
|
Simple File Uploader - Arbitrary File Download
|
221 |
WEB
|
Daniel Godoy
|
|
2017-04-28
|
|
TYPO3 News Module - SQL Injection
|
138 |
WEB
|
Charles Fol
|
|
2017-04-26
|
|
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
|
227 |
WEB
|
Andrey B. Panfilov
|
|
2017-04-21
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scrip
|
106 |
WEB
|
Google Security Research
|
|
2017-04-21
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cros
|
137 |
WEB
|
Google Security Research
|
|
2017-04-19
|
|
WebKit operationSpreadGeneric Universal Cross Site Scripting
|
127 |
WEB
|
lokihardt
|
|
2017-04-18
|
|
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
|
123 |
WEB
|
hyp3rlinx
|
|
2017-04-18
|
|
Huawei HG532n Command Injection
|
147 |
WEB
|
Ahmed S. Darwish
|
|
2017-04-14
|
|
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
|
170 |
WEB
|
Peter Lapp
|
|
2017-04-13
|
|
PCMAN FTP Server 2.0.7 ACCT Buffer Overflow
|
107 |
WEB
|
Cybernetic
|
|
2017-04-13
|
|
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
|
152 |
WEB
|
Project Insecurity
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li
|
104 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
|
172 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Brother MFC-J6520DW - Authentication Bypass / Password Change
|
181 |
WEB
|
Patryk Bogdan
|
|
2017-04-12
|
|
Adobe Multiple Products - XML Injection File Content Disclosure
|
169 |
WEB
|
Thomas Sluyter
|
|
2017-04-11
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
208 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
223 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
151 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
139 |
WEB
|
Harry Sintonen
|
|
2017-04-11
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
122 |
WEB
|
dxw
|
|
2017-04-11
|
|
Wordpress webplayer Plugins SQL Injection Vulnerability
|
351 |
WEB
|
Hassan Shakeri
|
|
2017-04-07
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
189 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Moodle 2.x/3.x - SQL Injection
|
167 |
WEB
|
Marko Belzetski
|
|
2017-04-06
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
196 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confu
|
146 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
97 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
181 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
202 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
195 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Splunk Enterprise - Information Disclosure
|
166 |
WEB
|
hyp3rlinx
|
|
2017-03-30
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
209 |
WEB
|
Dany Bach
|
|
2017-03-21
|
|
D-Link DGS-1510 - Multiple Vulnerabilities
|
127 |
WEB
|
Varang Amin
|
|
2017-03-20
|
|
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
|
167 |
WEB
|
The Martian
|
|
2017-03-20
|
|
Microsoft Internet Information Services Cross Site Scripting
|
120 |
WEB
|
David Fernandez
|
|
2017-03-16
|
|
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
|
146 |
WEB
|
iblue
|
|
2017-03-15
|
|
Microsoft Edge Fetch API Arbitrary Header Setting
|
206 |
WEB
|
Securify B.V.
|
