|
2017-04-18
|
|
Huawei HG532n Command Injection
|
147 |
WEB
|
Ahmed S. Darwish
|
|
2017-04-14
|
|
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
|
170 |
WEB
|
Peter Lapp
|
|
2017-04-13
|
|
PCMAN FTP Server 2.0.7 ACCT Buffer Overflow
|
108 |
WEB
|
Cybernetic
|
|
2017-04-13
|
|
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
|
152 |
WEB
|
Project Insecurity
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li
|
104 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
|
173 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Brother MFC-J6520DW - Authentication Bypass / Password Change
|
181 |
WEB
|
Patryk Bogdan
|
|
2017-04-12
|
|
Adobe Multiple Products - XML Injection File Content Disclosure
|
169 |
WEB
|
Thomas Sluyter
|
|
2017-04-11
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
208 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
225 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
152 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
141 |
WEB
|
Harry Sintonen
|
|
2017-04-11
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
124 |
WEB
|
dxw
|
|
2017-04-11
|
|
Wordpress webplayer Plugins SQL Injection Vulnerability
|
352 |
WEB
|
Hassan Shakeri
|
|
2017-04-07
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
189 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Moodle 2.x/3.x - SQL Injection
|
168 |
WEB
|
Marko Belzetski
|
|
2017-04-06
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
196 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confu
|
149 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
98 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
183 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
203 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
196 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Splunk Enterprise - Information Disclosure
|
166 |
WEB
|
hyp3rlinx
|
|
2017-03-30
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
209 |
WEB
|
Dany Bach
|
|
2017-03-21
|
|
D-Link DGS-1510 - Multiple Vulnerabilities
|
127 |
WEB
|
Varang Amin
|
|
2017-03-20
|
|
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
|
168 |
WEB
|
The Martian
|
|
2017-03-20
|
|
Microsoft Internet Information Services Cross Site Scripting
|
120 |
WEB
|
David Fernandez
|
|
2017-03-16
|
|
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
|
146 |
WEB
|
iblue
|
|
2017-03-15
|
|
Microsoft Edge Fetch API Arbitrary Header Setting
|
207 |
WEB
|
Securify B.V.
|
|
2017-03-13
|
|
e107 <= 2.1.4 - 'keyword' Blind SQL Injection
|
228 |
WEB
|
StAkeR
|
|
2017-03-13
|
|
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
|
241 |
WEB
|
KoreLogic
|
|
2017-03-10
|
|
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
|
340 |
WEB
|
hyp3rlinx
|
|
2017-03-10
|
|
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
|
296 |
WEB
|
Bruno Bierbaumer
|
|
2017-03-10
|
|
Drupal 7.x Module Services - Remote Code Execution
|
322 |
WEB
|
Charles Fol
|
|
2017-03-09
|
|
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
|
196 |
WEB
|
SEC Consult
|
|
2017-03-08
|
|
Western Digital My Cloud Command Injection
|
321 |
WEB
|
Remco Vermeulen
|
|
2017-03-07
|
|
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
|
239 |
WEB
|
Kyle Neideck
|
|
2017-03-07
|
|
WordPress Multiple Plugins - Arbitrary File Upload
|
331 |
WEB
|
The Martian
|
|
2017-03-06
|
|
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
|
212 |
WEB
|
Yann CAM
|
|
2017-03-06
|
|
WordPress Username Enumeration
|
282 |
WEB
|
Dctor
|
|
2017-03-01
|
|
NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
|
209 |
WEB
|
SivertPL
|
|
2017-03-01
|
|
Blizard BB 1.7 (privtmsg) MD5 Hash Retrieve Blind sql injection Exploit
|
357 |
WEB
|
StAkeR
|
|
2017-02-28
|
|
Grails PDF Plugin 0.6 - XML External Entity Injection
|
246 |
WEB
|
Charles Fol
|
|
2017-02-28
|
|
NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
|
222 |
WEB
|
SivertPL
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
|
169 |
WEB
|
Google Security Research
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
|
238 |
WEB
|
Google Security Research
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
|
225 |
WEB
|
Google Security Research
|
|
2017-02-23
|
|
Teradici Management Console 2.2.0 - Privilege Escalation
|
368 |
WEB
|
hantwister
|
|
2017-02-22
|
|
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
|
142 |
WEB
|
Mehmet Ince
|
|
2017-02-22
|
|
Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)
|
210 |
WEB
|
xort
|
|
2017-02-22
|
|
Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)
|
179 |
WEB
|
xort
|
|
2017-02-22
|
|
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
|
185 |
WEB
|
xort
|
|
2017-02-22
|
|
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
|
232 |
WEB
|
xort
|
|
2017-02-20
|
|
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
|
237 |
WEB
|
SivertPL
|
|
2017-02-20
|
|
TI Online Examination System 2.0 Admin Password Changer Exploit
|
261 |
WEB
|
StAkeR
|
|
2017-02-17
|
|
dotCMS 3.6.1 - Blind Boolean SQL Injection
|
254 |
WEB
|
Ben Nott
|
|
2017-02-16
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
|
185 |
WEB
|
Davy Douhine
|
|
2017-02-14
|
|
PHP Marketplace Script - SQL Injection
|
219 |
WEB
|
Th3GundY
|
|
2017-02-10
|
|
WordPress wp-json Content Injection
|
269 |
WEB
|
Larry W. Cashdollar
|
|
2017-02-09
|
|
POSNIC 1.03 Shell Upload Exploit
|
169 |
WEB
|
Rony Das
|
|
2017-02-06
|
|
Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection
|
113 |
WEB
|
Ihsan Sencan
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
|
354 |
WEB
|
Harsh Jaiswal
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
|
237 |
WEB
|
leonjza
|
|
2017-02-03
|
|
Multiple Netgear Routers - Password Disclosure
|
218 |
WEB
|
Trustwave's SpiderLabs
|
|
2017-02-03
|
|
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
|
217 |
WEB
|
Mariusz Poplawski
|
|
2017-02-03
|
|
Joomla! < 3.6.4 - Admin TakeOver
|
345 |
WEB
|
Charles Fol
|
|
2017-02-03
|
|
Joomla! < 2.5.2 - Admin Creation
|
118 |
WEB
|
Charles Fol
|
|
2017-01-23
|
|
PageKit 1.0.10 - Password Reset
|
116 |
WEB
|
Saurabh Banawar
|
|
2017-01-22
|
|
Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change
|
205 |
WEB
|
Todor Donev
|
|
2017-01-22
|
|
Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change
|
299 |
WEB
|
Todor Donev
|
|
2017-01-18
|
|
BoZoN 2.4 - Remote Code Execution
|
264 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
dirLIST 0.3.0 - Arbitrary File Upload
|
231 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
WordPress WooCommerce Direct Download Local File Inclusion
|
246 |
WEB
|
Diego Celdran Morell
|
|
2017-01-17
|
|
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
|
247 |
WEB
|
Todor Donev
|
|
2017-01-17
|
|
Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change
|
240 |
WEB
|
Todor Donev
|
|
2017-01-13
|
|
iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection
|
333 |
WEB
|
v3n0m
|
|
2017-01-11
|
|
Freepbx < 2.11.1.5 - Remote Code Execution
|
222 |
WEB
|
inj3ctor3
|
|
2017-01-04
|
|
PHPMailer Sendmail Argument Injection
|
210 |
WEB
|
Spencer McIntyre
|
|
2017-01-03
|
|
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScri
|
172 |
WEB
|
Dawid Golunski
|
|
2017-01-03
|
|
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery
|
221 |
WEB
|
Ayushman Dutta
|
|
2017-01-03
|
|
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
|
234 |
WEB
|
Dawid Golunski
|
|
2016-12-30
|
|
PHPMailer < 5.2.18 - Remote Code Execution (Python)
|
477 |
WEB
|
anarc0der
|
|
2016-12-29
|
|
SwiftMailer < 5.4.5-DEV - Remote Code Execution
|
121 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
|
223 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.20 - Remote Code Execution
|
130 |
WEB
|
Dawid Golunski
|
|
2016-12-27
|
|
PHPMailer 5.2.17 - Remote Code Execution
|
118 |
WEB
|
Dawid Golunski
|
|
2016-12-26
|
|
Apache mod_session_crypto - Padding Oracle
|
128 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-12-20
|
|
ntop-ng 2.5.160805 - Username Enumeration
|
207 |
WEB
|
Dolev Farhi
|
|
2016-12-13
|
|
ARG-W4 ADSL Router - Multiple Vulnerabilities
|
192 |
WEB
|
Persian Hack Team
|
|
2016-12-12
|
|
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
|
160 |
WEB
|
Security-Assessment.com
|
|
2016-12-02
|
|
MS Edge CMarkup::EnsureDeleteCFState Use-After-Free
|
208 |
WEB
|
SkyLined
|
|
2016-11-30
|
|
Google Chrome Accessibility blink::Node Corruption
|
144 |
WEB
|
SkyLined
|
|
2016-11-28
|
|
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
|
198 |
WEB
|
Joaquin Ramirez Martinez
|
|
2016-11-24
|
|
Chrome Blink SpeechRecognitionController Use-After-Free
|
103 |
WEB
|
SkyLined
|
|
2016-11-18
|
|
Microsoft Internet Explorer 8 Javascript RegExpBase::FBadHeader Use-After-Free
|
153 |
WEB
|
SkyLined
|
|
2016-11-16
|
|
phpWebAdmin 1.0 SQL Injection
|
171 |
WEB
|
N_A
|
|
2016-11-15
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
|
182 |
WEB
|
0x4148
|
|
2016-11-14
|
|
Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection
|
225 |
WEB
|
0x4148
|
|
2016-11-14
|
|
InvoicePlane 1.4.8 - Password Reset
|
236 |
WEB
|
feedersec
|
|
2016-11-11
|
|
e107 CMS 2.1.2 - Privilege Escalation
|
175 |
WEB
|
Kacper Szurek
|
|
2016-11-10
|
|
Adobe Connect 9.5.7 - Cross-Site Scripting
|
98 |
WEB
|
Vulnerability-Lab
|
|
2016-11-04
|
|
SweetRice 1.5.1 - Arbitrary File Download
|
206 |
WEB
|
Ehsan Hosseini
|
|
2016-11-04
|
|
Mini Notice Board 1.1 SQL Injection
|
155 |
WEB
|
N_A
|
|
2016-11-01
|
|
ASP Gateway 1.0.0 Database Disclosure
|
116 |
WEB
|
indoushka
|
|
2016-11-01
|
|
Angelo Emlak Scripti 1.0 Database Disclosure
|
102 |
WEB
|
indoushka
|
|
2016-10-31
|
|
InfraPower PPS-02-S Q213V1 - Local File Disclosure
|
121 |
WEB
|
LiquidWorm
|
|
2016-10-26
|
|
EC-CUBE 2.12.6 - Server-Side Request Forgery
|
182 |
WEB
|
Wadeek
|
|
2016-10-25
|
|
Event Calendar PHP 1.5 Cross Site Request Forgery
|
119 |
WEB
|
Ehsan Hosseini
|
|
2016-10-25
|
|
WordPress Userpro Remote File Upload
|
170 |
WEB
|
T3rm!nat0r5
|
|
2016-10-24
|
|
Zenbership 107 - Multiple Vulnerabilities
|
218 |
WEB
|
Zenbership
|
|
2016-10-24
|
|
FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation
|
233 |
WEB
|
Christopher Davis
|
|
2016-10-19
|
|
Cgiemail 1.6 - Source Code Disclosure
|
238 |
WEB
|
Finbar Crago
|
|
2016-10-19
|
|
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
|
227 |
WEB
|
Ahsan Tahir
|
|
2016-10-17
|
|
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
453 |
WEB
|
Arbin Godar
|
|
2016-10-17
|
|
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
|
144 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
|
165 |
WEB
|
Besim
|
|
2016-10-12
|
|
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
|
117 |
WEB
|
Besim
|
|
2016-10-12
|
|
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
|
127 |
WEB
|
Besim
|
|
2016-10-12
|
|
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
|
132 |
WEB
|
Besim
|
|
2016-10-12
|
|
Spacemarc News - Cross-Site Request Forgery (Add New Post)
|
90 |
WEB
|
Besim
|
|
2016-10-08
|
|
Witbe - Remote Code Execution
|
144 |
WEB
|
BeLmar
|
|
2016-09-27
|
|
VenShop System 2010 Database Disclosure
|
215 |
WEB
|
indoushka
|
|
2016-09-23
|
|
Kerio Control Unified Threat Management 9.1.0 build 1087, 9.1.1 build 1324 - Multiple Vulnerabilitie
|
157 |
WEB
|
SEC Consult
|
|
2016-09-21
|
|
VegaDNS 0.13.2 - Remote Command Injection
|
157 |
WEB
|
Wireghoul
|
|
2016-09-20
|
|
ZineBasic 1.1 - Arbitrary File Disclosure
|
138 |
WEB
|
bd0rk
|
