Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2017-06-26   Easy File Sharing HTTP Server 7.2 POST Buffer Overflow 104 WEB Marco Rivoli
2017-06-26   Symantec Messaging Gateway Remote Code Execution 154 WEB Mehmet Ince
2017-06-26   Netgear DGN2200 dnslookup.cgi Command Injection 129 WEB thecarterb
2017-06-22   PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution 180 WEB phackt_ul
2017-06-20   D-Link ADSL DSL-2640B SEA_1.01 Unauthenticated Remote DNS Changer 312 WEB Todor Donev
2017-06-20   D-Link DSL-2640B - Unauthenticated Remote DNS Change 142 WEB Todor Donev
2017-06-20   D-Link DSL-2640U - Unauthenticated DNS Change 206 WEB Todor Donev
2017-06-20   Beetel BCM96338 Router - Unauthenticated DNS Change 223 WEB Todor Donev
2017-06-20   UTstarcom WA3002G4 - Unauthenticated DNS Change 160 WEB Todor Donev
2017-06-20   iBall Baton iB-WRA150N - Unauthenticated DNS Change 205 WEB Todor Donev
2017-06-16   Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution 258 WEB Ike-Clinton
2017-06-14   MyBB 1.8.12 Stored XSS / File Enumeration 241 WEB MLT
2017-06-13   EFS Easy Chat Server 3.1 - Password Reset 314 WEB Aitezaz Mohsin
2017-06-13   EFS Easy Chat Server 3.1 - Password Disclosure 130 WEB Aitezaz Mohsin
2017-06-13   IPFire 2.19 - Remote Code Execution 160 WEB 0x09AL
2017-06-07   Kronos Telestaff < 2.92EU29 - SQL Injection 153 WEB Goran Tuzovic
2017-06-06   EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution 208 WEB LiquidWorm
2017-06-02   Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read 159 WEB Gregory Draperi
2017-06-01   WebKit CachedFrameBase::restore Universal Cross Site Scripting 109 WEB lokihardt
2017-06-01   WebKit Element::setAttributeNodeNS Use-After-Free 126 WEB lokihardt
2017-06-01   WebKit CachedFrame Universal Cross Site Scripting 139 WEB lokihardt
2017-06-01   WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check 135 WEB lokihardt
2017-06-01   WebKit JSC JSObject::ensureLength Failure Check 125 WEB lokihardt
2017-06-01   WebKit Document::prepareForDestruction / CachedFrame Universal XSS 127 WEB lokihardt
2017-05-31   TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root 207 WEB Simone Margaritelli
2017-05-31   IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea 121 WEB SecuriTeam
2017-05-31   KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution 151 WEB SecuriTeam
2017-05-31   uc-http Daemon - Local File Inclusion / Directory Traversal 124 WEB Project Insecurity
2017-05-31   Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site S 100 WEB Google Security Research
2017-05-31   WebKit - Stealing Variables via Page Navigation in FrameLoader::clear 119 WEB Google Security Research
2017-05-31   WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting 105 WEB Google Security Research
2017-05-31   WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting 89 WEB Google Security Research
2017-05-31   Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scriptin 114 WEB Google Security Research
2017-05-25   NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion 141 WEB f3ci
2017-05-23   VX Search Enterprise GET Buffer Overflow 181 WEB Daniel Teixeira
2017-05-23   Sync Breeze Enterprise GET Buffer Overflow 142 WEB Daniel Teixeira
2017-05-23   MediaWiki SyntaxHighlight Extension Option Injection 256 WEB Yorick Koster
2017-05-22   Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery 86 WEB hyp3rlinx
2017-05-15   miniupnpc 2.0.20170421 Denial Of Service 271 WEB oststrom
2017-05-11   ASUS Routers CSRF / Information Disclosure 234 WEB Yakov Shafranovich
2017-05-10   LogRhythm Network Monitor - Authentication Bypass / Command Injection 139 WEB Francesco Oddo
2017-05-05   WordPress 4.6 - Unauthenticated Remote Code Execution 255 WEB Dawid Golunski
2017-05-05   Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution 112 WEB LiquidWorm
2017-05-05   Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change 207 WEB LiquidWorm
2017-05-05   Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure 124 WEB LiquidWorm
2017-05-05   Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities 120 WEB David Tomaschik
2017-04-28   Simple File Uploader - Arbitrary File Download 228 WEB Daniel Godoy
2017-04-28   TYPO3 News Module - SQL Injection 149 WEB Charles Fol
2017-04-26   OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution 236 WEB Andrey B. Panfilov
2017-04-21   Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scrip 114 WEB Google Security Research
2017-04-21   Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cros 147 WEB Google Security Research
2017-04-19   WebKit operationSpreadGeneric Universal Cross Site Scripting 137 WEB lokihardt
2017-04-18   Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset 134 WEB hyp3rlinx
2017-04-18   Huawei HG532n Command Injection 156 WEB Ahmed S. Darwish
2017-04-14   Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit) 177 WEB Peter Lapp
2017-04-13   PCMAN FTP Server 2.0.7 ACCT Buffer Overflow 116 WEB Cybernetic
2017-04-13   XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal 159 WEB Project Insecurity
2017-04-12   Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li 111 WEB Google Security Research
2017-04-12   Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting 180 WEB Google Security Research
2017-04-12   Brother MFC-J6520DW - Authentication Bypass / Password Change 188 WEB Patryk Bogdan
2017-04-12   Adobe Multiple Products - XML Injection File Content Disclosure 176 WEB Thomas Sluyter
2017-04-11   WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery 215 WEB Zhiyang Zeng
2017-04-11   WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery 231 WEB Zhiyang Zeng
2017-04-11   e107 CMS 2.1.4 - Cross-Site Request Forgery 158 WEB Zhiyang Zeng
2017-04-11   QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection 147 WEB Harry Sintonen
2017-04-11   WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting 130 WEB dxw
2017-04-11   Wordpress webplayer Plugins SQL Injection Vulnerability 360 WEB Hassan Shakeri
2017-04-07   HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution 196 WEB rungga_reksya
2017-04-07   Moodle 2.x/3.x - SQL Injection 177 WEB Marko Belzetski
2017-04-06   D-Link DIR-615 - Cross-Site Request Forgery 203 WEB Pratik S. Shah
2017-04-05   Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confu 155 WEB Google Security Research
2017-04-05   Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting 104 WEB Google Security Research
2017-04-05   Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window 190 WEB Google Security Research
2017-04-05   Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting 211 WEB Google Security Research
2017-04-05   Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting 204 WEB Google Security Research
2017-04-05   Splunk Enterprise - Information Disclosure 177 WEB hyp3rlinx
2017-03-30   EyesOfNetwork (EON) 5.1 - SQL Injection 216 WEB Dany Bach
2017-03-21   D-Link DGS-1510 - Multiple Vulnerabilities 134 WEB Varang Amin
2017-03-20   Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download 175 WEB The Martian
2017-03-20   Microsoft Internet Information Services Cross Site Scripting 127 WEB David Fernandez
2017-03-16   GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution 153 WEB iblue
2017-03-15   Microsoft Edge Fetch API Arbitrary Header Setting 215 WEB Securify B.V.
2017-03-13   e107 <= 2.1.4 - 'keyword' Blind SQL Injection 235 WEB StAkeR
2017-03-13   WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery 249 WEB KoreLogic
2017-03-10   FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery 345 WEB hyp3rlinx
2017-03-10   ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution 302 WEB Bruno Bierbaumer
2017-03-10   Drupal 7.x Module Services - Remote Code Execution 329 WEB Charles Fol
2017-03-09   Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery 203 WEB SEC Consult
2017-03-08   Western Digital My Cloud Command Injection 327 WEB Remco Vermeulen
2017-03-07   Deluge Web UI 1.3.13 - Cross-Site Request Forgery 245 WEB Kyle Neideck
2017-03-07   WordPress Multiple Plugins - Arbitrary File Upload 341 WEB The Martian
2017-03-06   pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting 219 WEB Yann CAM
2017-03-06   WordPress Username Enumeration 288 WEB Dctor
2017-03-01   NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery 215 WEB SivertPL
2017-03-01   Blizard BB 1.7 (privtmsg) MD5 Hash Retrieve Blind sql injection Exploit 364 WEB StAkeR
2017-02-28   Grails PDF Plugin 0.6 - XML External Entity Injection 252 WEB Charles Fol
2017-02-28   NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution 228 WEB SivertPL
2017-02-27   Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting 176 WEB Google Security Research
2017-02-27   Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass 245 WEB Google Security Research
2017-02-27   Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting 233 WEB Google Security Research
2017-02-23   Teradici Management Console 2.2.0 - Privilege Escalation 374 WEB hantwister
2017-02-22   AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit) 148 WEB Mehmet Ince
2017-02-22   Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit) 217 WEB xort
2017-02-22   Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit) 187 WEB xort
2017-02-22   Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) 193 WEB xort
2017-02-22   Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) 239 WEB xort
2017-02-20   NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution 243 WEB SivertPL
2017-02-20   TI Online Examination System 2.0 Admin Password Changer Exploit 269 WEB StAkeR
2017-02-17   dotCMS 3.6.1 - Blind Boolean SQL Injection 263 WEB Ben Nott
2017-02-16   Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) 194 WEB Davy Douhine
2017-02-14   PHP Marketplace Script - SQL Injection 229 WEB Th3GundY
2017-02-10   WordPress wp-json Content Injection 276 WEB Larry W. Cashdollar
2017-02-09   POSNIC 1.03 Shell Upload Exploit 175 WEB Rony Das
2017-02-06   Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection 120 WEB Ihsan Sencan
2017-02-03   WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby) 363 WEB Harsh Jaiswal
2017-02-03   WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python) 243 WEB leonjza
2017-02-03   Multiple Netgear Routers - Password Disclosure 227 WEB Trustwave's SpiderLabs
2017-02-03   HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download 223 WEB Mariusz Poplawski
2017-02-03   Joomla! < 3.6.4 - Admin TakeOver 352 WEB Charles Fol
2017-02-03   Joomla! < 2.5.2 - Admin Creation 125 WEB Charles Fol
2017-01-23   PageKit 1.0.10 - Password Reset 124 WEB Saurabh Banawar
2017-01-22   Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change 212 WEB Todor Donev
2017-01-22   Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change 307 WEB Todor Donev
2017-01-18   BoZoN 2.4 - Remote Code Execution 271 WEB hyp3rlinx
2017-01-18   dirLIST 0.3.0 - Arbitrary File Upload 237 WEB hyp3rlinx