|
2017-02-10
|
|
WordPress wp-json Content Injection
|
258 |
WEB
|
Larry W. Cashdollar
|
|
2017-02-09
|
|
POSNIC 1.03 Shell Upload Exploit
|
159 |
WEB
|
Rony Das
|
|
2017-02-06
|
|
Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection
|
100 |
WEB
|
Ihsan Sencan
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
|
344 |
WEB
|
Harsh Jaiswal
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
|
226 |
WEB
|
leonjza
|
|
2017-02-03
|
|
Multiple Netgear Routers - Password Disclosure
|
210 |
WEB
|
Trustwave's SpiderLabs
|
|
2017-02-03
|
|
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
|
209 |
WEB
|
Mariusz Poplawski
|
|
2017-02-03
|
|
Joomla! < 3.6.4 - Admin TakeOver
|
330 |
WEB
|
Charles Fol
|
|
2017-02-03
|
|
Joomla! < 2.5.2 - Admin Creation
|
109 |
WEB
|
Charles Fol
|
|
2017-01-23
|
|
PageKit 1.0.10 - Password Reset
|
107 |
WEB
|
Saurabh Banawar
|
|
2017-01-22
|
|
Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change
|
192 |
WEB
|
Todor Donev
|
|
2017-01-22
|
|
Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change
|
289 |
WEB
|
Todor Donev
|
|
2017-01-18
|
|
BoZoN 2.4 - Remote Code Execution
|
253 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
dirLIST 0.3.0 - Arbitrary File Upload
|
219 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
WordPress WooCommerce Direct Download Local File Inclusion
|
238 |
WEB
|
Diego Celdran Morell
|
|
2017-01-17
|
|
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
|
237 |
WEB
|
Todor Donev
|
|
2017-01-17
|
|
Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change
|
230 |
WEB
|
Todor Donev
|
|
2017-01-13
|
|
iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection
|
309 |
WEB
|
v3n0m
|
|
2017-01-11
|
|
Freepbx < 2.11.1.5 - Remote Code Execution
|
214 |
WEB
|
inj3ctor3
|
|
2017-01-04
|
|
PHPMailer Sendmail Argument Injection
|
199 |
WEB
|
Spencer McIntyre
|
|
2017-01-03
|
|
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScri
|
161 |
WEB
|
Dawid Golunski
|
|
2017-01-03
|
|
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery
|
213 |
WEB
|
Ayushman Dutta
|
|
2017-01-03
|
|
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
|
227 |
WEB
|
Dawid Golunski
|
|
2016-12-30
|
|
PHPMailer < 5.2.18 - Remote Code Execution (Python)
|
470 |
WEB
|
anarc0der
|
|
2016-12-29
|
|
SwiftMailer < 5.4.5-DEV - Remote Code Execution
|
113 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
|
214 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.20 - Remote Code Execution
|
120 |
WEB
|
Dawid Golunski
|
|
2016-12-27
|
|
PHPMailer 5.2.17 - Remote Code Execution
|
108 |
WEB
|
Dawid Golunski
|
|
2016-12-26
|
|
Apache mod_session_crypto - Padding Oracle
|
117 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-12-20
|
|
ntop-ng 2.5.160805 - Username Enumeration
|
199 |
WEB
|
Dolev Farhi
|
|
2016-12-13
|
|
ARG-W4 ADSL Router - Multiple Vulnerabilities
|
182 |
WEB
|
Persian Hack Team
|
|
2016-12-12
|
|
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
|
150 |
WEB
|
Security-Assessment.com
|
|
2016-12-02
|
|
MS Edge CMarkup::EnsureDeleteCFState Use-After-Free
|
197 |
WEB
|
SkyLined
|
|
2016-11-30
|
|
Google Chrome Accessibility blink::Node Corruption
|
130 |
WEB
|
SkyLined
|
|
2016-11-28
|
|
Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
|
189 |
WEB
|
Joaquin Ramirez Martinez
|
|
2016-11-24
|
|
Chrome Blink SpeechRecognitionController Use-After-Free
|
94 |
WEB
|
SkyLined
|
|
2016-11-18
|
|
Microsoft Internet Explorer 8 Javascript RegExpBase::FBadHeader Use-After-Free
|
143 |
WEB
|
SkyLined
|
|
2016-11-16
|
|
phpWebAdmin 1.0 SQL Injection
|
164 |
WEB
|
N_A
|
|
2016-11-15
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
|
173 |
WEB
|
0x4148
|
|
2016-11-14
|
|
Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection
|
213 |
WEB
|
0x4148
|
|
2016-11-14
|
|
InvoicePlane 1.4.8 - Password Reset
|
225 |
WEB
|
feedersec
|
|
2016-11-11
|
|
e107 CMS 2.1.2 - Privilege Escalation
|
165 |
WEB
|
Kacper Szurek
|
|
2016-11-10
|
|
Adobe Connect 9.5.7 - Cross-Site Scripting
|
86 |
WEB
|
Vulnerability-Lab
|
|
2016-11-04
|
|
SweetRice 1.5.1 - Arbitrary File Download
|
194 |
WEB
|
Ehsan Hosseini
|
|
2016-11-04
|
|
Mini Notice Board 1.1 SQL Injection
|
145 |
WEB
|
N_A
|
|
2016-11-01
|
|
ASP Gateway 1.0.0 Database Disclosure
|
107 |
WEB
|
indoushka
|
|
2016-11-01
|
|
Angelo Emlak Scripti 1.0 Database Disclosure
|
93 |
WEB
|
indoushka
|
|
2016-10-31
|
|
InfraPower PPS-02-S Q213V1 - Local File Disclosure
|
113 |
WEB
|
LiquidWorm
|
|
2016-10-26
|
|
EC-CUBE 2.12.6 - Server-Side Request Forgery
|
170 |
WEB
|
Wadeek
|
|
2016-10-25
|
|
Event Calendar PHP 1.5 Cross Site Request Forgery
|
107 |
WEB
|
Ehsan Hosseini
|
|
2016-10-25
|
|
WordPress Userpro Remote File Upload
|
156 |
WEB
|
T3rm!nat0r5
|
|
2016-10-24
|
|
Zenbership 107 - Multiple Vulnerabilities
|
204 |
WEB
|
Zenbership
|
|
2016-10-24
|
|
FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation
|
220 |
WEB
|
Christopher Davis
|
|
2016-10-19
|
|
Cgiemail 1.6 - Source Code Disclosure
|
227 |
WEB
|
Finbar Crago
|
|
2016-10-19
|
|
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
|
218 |
WEB
|
Ahsan Tahir
|
|
2016-10-17
|
|
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
446 |
WEB
|
Arbin Godar
|
|
2016-10-17
|
|
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
|
136 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
|
155 |
WEB
|
Besim
|
|
2016-10-12
|
|
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
|
106 |
WEB
|
Besim
|
|
2016-10-12
|
|
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
|
116 |
WEB
|
Besim
|
|
2016-10-12
|
|
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
|
120 |
WEB
|
Besim
|
|
2016-10-12
|
|
Spacemarc News - Cross-Site Request Forgery (Add New Post)
|
79 |
WEB
|
Besim
|
|
2016-10-08
|
|
Witbe - Remote Code Execution
|
134 |
WEB
|
BeLmar
|
|
2016-09-27
|
|
VenShop System 2010 Database Disclosure
|
205 |
WEB
|
indoushka
|
|
2016-09-23
|
|
Kerio Control Unified Threat Management 9.1.0 build 1087, 9.1.1 build 1324 - Multiple Vulnerabilitie
|
147 |
WEB
|
SEC Consult
|
|
2016-09-21
|
|
VegaDNS 0.13.2 - Remote Command Injection
|
144 |
WEB
|
Wireghoul
|
|
2016-09-20
|
|
ZineBasic 1.1 - Arbitrary File Disclosure
|
120 |
WEB
|
bd0rk
|
|
2016-09-18
|
|
AnoBBS 1.0.1 - Remote File Inclusion
|
105 |
WEB
|
bd0rk
|
|
2016-09-14
|
|
wdCalendar 2 - SQL Injection
|
201 |
WEB
|
Alfonso Castillo Angel
|
|
2016-09-14
|
|
Cherry Music 0.35.1 - Arbitrary File Disclosure
|
210 |
WEB
|
feedersec
|
|
2016-09-12
|
|
Vodafone Mobile Wifi - Reset Admin Password
|
280 |
WEB
|
Daniele Linguaglossa
|
|
2016-09-09
|
|
Zabbix 2.0 - 3.0.3 - SQL Injection
|
147 |
WEB
|
Zzzians
|
|
2016-09-08
|
|
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
|
265 |
WEB
|
Dawid Golunski
|
|
2016-09-05
|
|
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
|
221 |
WEB
|
b1ack0wl
|
|
2016-09-05
|
|
Easy File Sharing Web Server 7.2 SEH Buffer Overflow
|
184 |
WEB
|
Iran Cyber Security Group
|
|
2016-09-01
|
|
CactuShop 7 Database Disclosure
|
180 |
WEB
|
indoushka
|
|
2016-08-31
|
|
Arabportal 2.x RCE Vulnerability
|
90 |
WEB
|
Team Uruk
|
|
2016-08-30
|
|
HelpDeskZ 1.0.2 - Unauthenticated Shell Upload
|
238 |
WEB
|
Lars Morgenroth
|
|
2016-08-29
|
|
Prestashop VtermSlideShow Module Arbitrary File Upload Exploit
|
146 |
WEB
|
PentesterDesk
|
|
2016-08-29
|
|
Prestashop Attributewizardpro Module Arbitrary File Upload Exploit
|
144 |
WEB
|
PentesterDesk
|
|
2016-08-29
|
|
Prestashop Multi Modules Arbitrary File Upload Exploit
|
231 |
WEB
|
PentesterDesk
|
|
2016-08-23
|
|
WordPress 4.5.3 - Directory Traversal / Denial of Service
|
209 |
WEB
|
Yorick Koster
|
|
2016-08-23
|
|
VideoIQ Camera - Local File Disclosure
|
149 |
WEB
|
Yakir Wizman
|
|
2016-08-23
|
|
MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change
|
93 |
WEB
|
Todor Donev
|
|
2016-08-23
|
|
ZYCOO IP Phone System - Remote Command Execution
|
114 |
WEB
|
0x4148
|
|
2016-08-19
|
|
SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change
|
120 |
WEB
|
Todor Donev
|
|
2016-08-11
|
|
EyeLock nano NXT 3.5 - Remote Root Exploit
|
223 |
WEB
|
LiquidWorm
|
|
2016-08-11
|
|
EyeLock nano NXT 3.5 - Local File Disclosure
|
81 |
WEB
|
LiquidWorm
|
|
2016-08-11
|
|
vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)
|
345 |
WEB
|
Dawid Golunski
|
|
2016-08-11
|
|
Nagios Network Analyzer 2.2.1 - Multiple CSRF
|
191 |
WEB
|
hyp3rlinx
|
|
2016-08-09
|
|
NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF
|
331 |
WEB
|
LiquidWorm
|
|
2016-08-09
|
|
NUUO NVRmini 2 3.0.8 - Remote Root Exploit
|
347 |
WEB
|
LiquidWorm
|
|
2016-08-09
|
|
PhpMyAdmin 4.6.2 - Post-Auth Remote Code Execution
|
129 |
WEB
|
iamsecurity
|
|
2016-07-27
|
|
PHP File Vault 0.9 - Directory Traversal
|
105 |
WEB
|
N_A
|
|
2016-07-27
|
|
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
|
100 |
WEB
|
James McLean
|
|
2016-07-27
|
|
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
|
163 |
WEB
|
Gergely Eberhardt
|
|
2016-07-27
|
|
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
|
83 |
WEB
|
Gergely Eberhardt
|
|
2016-07-27
|
|
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
|
79 |
WEB
|
kmkz
|
|
2016-07-27
|
|
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
|
75 |
WEB
|
Mehmet Ince
|
|
2016-07-22
|
|
Technicolor TC7200 Modem / Router Session Management / Fixed Password
|
166 |
WEB
|
Gergely Eberhardt
|
|
2016-07-22
|
|
Cisco EPC3925 UPC Modem / Router Default Passphrase
|
143 |
WEB
|
Gergely Eberhardt
|
|
2016-07-21
|
|
WordPress Video Player Plugin 1.5.16 - SQL Injection
|
126 |
WEB
|
David Vaartjes
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Multiple XSS
|
119 |
WEB
|
LiquidWorm
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
|
105 |
WEB
|
LiquidWorm
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
|
92 |
WEB
|
LiquidWorm
|
|
2016-07-19
|
|
vBulletin 4.x - SQLi in breadcrumbs via xmlrpc API (Post-Auth)
|
101 |
WEB
|
tintinweb
|
|
2016-07-19
|
|
vBulletin 5.x/4.x - Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth)
|
78 |
WEB
|
tintinweb
|
|
2016-07-13
|
|
Prestashop vtermslidesshow module Arbitrary File Upload Exploit
|
321 |
WEB
|
PentesterDesk
|
|
2016-07-12
|
|
Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
|
107 |
WEB
|
Gregory Smiley
|
|
2016-07-11
|
|
CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
|
216 |
WEB
|
LiquidWorm
|
|
2016-07-11
|
|
php Real Estate Script 3 - Arbitrary File Disclosure
|
72 |
WEB
|
Meisam Monsef
|
|
2016-07-11
|
|
WordPress WP-DownloadManager Plugin 1.68.1 - Arbitrary File Upload Vulnerability
|
231 |
WEB
|
Mojtaba MobhaM
|
|
2016-07-07
|
|
PrinceXML Wrapper Class Command Injection
|
227 |
WEB
|
Brandon Perry
|
|
2016-07-06
|
|
Nagios XI Chained Remote Code Execution
|
219 |
WEB
|
wvu
|
|
2016-07-05
|
|
WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
|
147 |
WEB
|
Mukarram Khalid
|
|
2016-07-01
|
|
Ubiquiti Administration Portal - CSRF to Remote Command Execution
|
105 |
WEB
|
KoreLogic
|
|
2016-07-01
|
|
WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection
|
150 |
WEB
|
wp0Day
|
|
2016-07-01
|
|
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
|
106 |
WEB
|
hyp3rlinx
|
|
2016-06-29
|
|
Prestashop Attribute Wizard Pro module Arbitrary File Upload Exploit
|
725 |
WEB
|
PentesterDesk
|
|
2016-06-28
|
|
Untangle NGFW 12.1.0 Beta execEvil() Command Injection
|
199 |
WEB
|
Matt Bush
|
|
2016-06-28
|
|
Ruby HTTP Header Injection
|
116 |
WEB
|
rootredrain
|
|
2016-06-28
|
|
MyLittleForum 2.3.5 - PHP Command Injection
|
86 |
WEB
|
hyp3rlinx
|
|
2016-06-23
|
|
Prestashop modules Arbitrary File Upload Vulnerability
|
824 |
WEB
|
PentesterDesk Team
|
|
2016-06-21
|
|
Airia - Webshell Upload Exploit
|
120 |
WEB
|
HaHwul
|
|
2016-06-21
|
|
Airia - (Add Content) CSRF
|
109 |
WEB
|
HaHwul
|
