|
2016-07-27
|
|
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
|
92 |
WEB
|
Gergely Eberhardt
|
|
2016-07-27
|
|
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
|
89 |
WEB
|
kmkz
|
|
2016-07-27
|
|
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
|
82 |
WEB
|
Mehmet Ince
|
|
2016-07-22
|
|
Technicolor TC7200 Modem / Router Session Management / Fixed Password
|
173 |
WEB
|
Gergely Eberhardt
|
|
2016-07-22
|
|
Cisco EPC3925 UPC Modem / Router Default Passphrase
|
152 |
WEB
|
Gergely Eberhardt
|
|
2016-07-21
|
|
WordPress Video Player Plugin 1.5.16 - SQL Injection
|
133 |
WEB
|
David Vaartjes
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Multiple XSS
|
127 |
WEB
|
LiquidWorm
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
|
115 |
WEB
|
LiquidWorm
|
|
2016-07-21
|
|
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
|
98 |
WEB
|
LiquidWorm
|
|
2016-07-19
|
|
vBulletin 4.x - SQLi in breadcrumbs via xmlrpc API (Post-Auth)
|
111 |
WEB
|
tintinweb
|
|
2016-07-19
|
|
vBulletin 5.x/4.x - Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth)
|
87 |
WEB
|
tintinweb
|
|
2016-07-13
|
|
Prestashop vtermslidesshow module Arbitrary File Upload Exploit
|
329 |
WEB
|
PentesterDesk
|
|
2016-07-12
|
|
Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
|
121 |
WEB
|
Gregory Smiley
|
|
2016-07-11
|
|
CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
|
226 |
WEB
|
LiquidWorm
|
|
2016-07-11
|
|
php Real Estate Script 3 - Arbitrary File Disclosure
|
79 |
WEB
|
Meisam Monsef
|
|
2016-07-11
|
|
WordPress WP-DownloadManager Plugin 1.68.1 - Arbitrary File Upload Vulnerability
|
241 |
WEB
|
Mojtaba MobhaM
|
|
2016-07-07
|
|
PrinceXML Wrapper Class Command Injection
|
237 |
WEB
|
Brandon Perry
|
|
2016-07-06
|
|
Nagios XI Chained Remote Code Execution
|
226 |
WEB
|
wvu
|
|
2016-07-05
|
|
WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
|
155 |
WEB
|
Mukarram Khalid
|
|
2016-07-01
|
|
Ubiquiti Administration Portal - CSRF to Remote Command Execution
|
114 |
WEB
|
KoreLogic
|
|
2016-07-01
|
|
WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection
|
159 |
WEB
|
wp0Day
|
|
2016-07-01
|
|
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
|
115 |
WEB
|
hyp3rlinx
|
|
2016-06-29
|
|
Prestashop Attribute Wizard Pro module Arbitrary File Upload Exploit
|
737 |
WEB
|
PentesterDesk
|
|
2016-06-28
|
|
Untangle NGFW 12.1.0 Beta execEvil() Command Injection
|
207 |
WEB
|
Matt Bush
|
|
2016-06-28
|
|
Ruby HTTP Header Injection
|
125 |
WEB
|
rootredrain
|
|
2016-06-28
|
|
MyLittleForum 2.3.5 - PHP Command Injection
|
94 |
WEB
|
hyp3rlinx
|
|
2016-06-23
|
|
Prestashop modules Arbitrary File Upload Vulnerability
|
831 |
WEB
|
PentesterDesk Team
|
|
2016-06-21
|
|
Airia - Webshell Upload Exploit
|
133 |
WEB
|
HaHwul
|
|
2016-06-21
|
|
Airia - (Add Content) CSRF
|
117 |
WEB
|
HaHwul
|
|
2016-06-21
|
|
WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation Exploit
|
122 |
WEB
|
Joaquin Ramirez Martinez
|
|
2016-06-21
|
|
WordPress Premium SEO Pack 1.9.1.3 wp_options Overwrite
|
109 |
WEB
|
wp0Day.com
|
|
2016-06-20
|
|
Skype For Business 2013 User Enumeration
|
83 |
WEB
|
nyxgeek
|
|
2016-06-20
|
|
Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion
|
89 |
WEB
|
SkyLined
|
|
2016-06-20
|
|
phpATM 1.32 - Remote Command Execution (Shell Upload) on Windows Servers
|
104 |
WEB
|
Paolo Massenio
|
|
2016-06-20
|
|
WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload
|
337 |
WEB
|
Abk Khan
|
|
2016-06-16
|
|
PHPLive 4.4.8 - 4.5.4 - Password Recovery SQL Injection
|
119 |
WEB
|
Tiago Carvalho
|
|
2016-06-15
|
|
WordPress Social Stream Plugin 1.5.15 - wp_options Overwrite
|
131 |
WEB
|
wp0Day.com
|
|
2016-06-14
|
|
Viart Shopping Cart 5.0 CSRF / Shell Upload
|
214 |
WEB
|
Ali Ghanbari
|
|
2016-06-14
|
|
Zabbix 2.2 - 3.0.3 - RCE with API JSON-RPC
|
162 |
WEB
|
Alexander Gurin
|
|
2016-06-12
|
|
Mobiketa 1.0 - CSRF Add Admin Exploit
|
88 |
WEB
|
Murat Yilmazlar
|
|
2016-06-12
|
|
Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit
|
275 |
WEB
|
hantwister
|
|
2016-06-08
|
|
Apache Continuum 1.4.2 Command Injection / Cross Site Scripting
|
98 |
WEB
|
David Shanahan
|
|
2016-06-07
|
|
WordPress Uncode Theme 1.3.1 - Arbitrary File Upload
|
182 |
WEB
|
wp0Day.com
|
|
2016-06-07
|
|
WordPress Newspaper Theme 6.7.1 - Privilege Escalation
|
193 |
WEB
|
wp0Day.com
|
|
2016-06-07
|
|
WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection
|
225 |
WEB
|
wp0Day.com
|
|
2016-06-07
|
|
WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS
|
239 |
WEB
|
wp0Day.com
|
|
2016-06-01
|
|
FlatPress 1.0.3 - CSRF Arbitrary File Upload
|
294 |
WEB
|
LiquidWorm
|
|
2016-05-30
|
|
WordPress Ninja Forms Unauthenticated File Upload
|
157 |
WEB
|
Rob Carr
|
|
2016-05-30
|
|
Linknat VOS3000/VOS2009 SQL Injection Exploit
|
281 |
WEB
|
Osama Khalid
|
|
2016-05-24
|
|
Job Script by Scubez - Remote Code Execution
|
123 |
WEB
|
Bikramaditya Guha
|
|
2016-05-19
|
|
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
|
199 |
WEB
|
agix
|
|
2016-05-17
|
|
TP-Link SC2020n Authenticated Telnet Injection
|
125 |
WEB
|
Nicholas Starke
|
|
2016-05-17
|
|
Meteocontrol WEB’log - Admin Password Disclosure
|
133 |
WEB
|
Karn Ganeshen
|
|
2016-05-17
|
|
eXtplorer 2.1.9 - Archive Path Traversal
|
191 |
WEB
|
hyp3rlinx
|
|
2016-05-17
|
|
Web interface for DNSmasq / Mikrotik - SQL Injection
|
292 |
WEB
|
hyp3rlinx
|
|
2016-05-06
|
|
ImageMagick < 6.9.3-9 - Multiple Vulnerabilities
|
252 |
WEB
|
Nikolay Ermishkin
|
|
2016-05-05
|
|
PHP Imagick 3.3.0 - disable_functions Bypass
|
591 |
WEB
|
RicterZ
|
|
2016-04-28
|
|
Multiple Vendors (RomPager <= 4.34) - Misfortune Cookie Router Authentication Bypass
|
145 |
WEB
|
Milad Doorbash
|
|
2016-04-26
|
|
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (MSF)
|
113 |
WEB
|
Federico Scalco
|
|
2016-04-26
|
|
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (MSF)
|
160 |
WEB
|
Federico Scalco
|
|
2016-04-22
|
|
Gemtek CPE7000 / WLTCS-106 - Multiple Vulnerabilities
|
256 |
WEB
|
Federico Ramondino
|
|
2016-04-22
|
|
Symantec Brightmail 10.6.0-7- LDAP Credentials Disclosure
|
132 |
WEB
|
Fakhir Karim Reda
|
|
2016-04-21
|
|
PHPBack 1.3.0 - SQL Injection
|
244 |
WEB
|
hyp3rlinx
|
|
2016-04-15
|
|
Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass and Arbitrary File Upload Exploi
|
214 |
WEB
|
Zhou Yu
|
|
2016-04-06
|
|
WordPress Advanced Video Plugin 1.0 - Local File Inclusion Exploit
|
233 |
WEB
|
evait security GmbH
|
|
2016-03-18
|
|
Zenphoto 1.4.11 - Remote File Inclusion Vulnerability
|
146 |
WEB
|
curesec
|
|
2016-03-08
|
|
ATutor LMS install_modules.php CSRF Remote Code Execution Vulnerability
|
191 |
WEB
|
mr_me
|
|
2016-03-04
|
|
WordPress Bulk Delete Plugin 5.5.3 - Privilege Escalation
|
166 |
WEB
|
Panagiotis Vagenas
|
|
2016-03-01
|
|
Pulse CMS 4.5.2 Local File Inclusion
|
381 |
WEB
|
Ehsan Hosseini
|
|
2016-02-26
|
|
IBM Lotus Domino <= R8 Password Hash Extraction Exploit
|
349 |
WEB
|
Jonathan Broche
|
|
2016-02-25
|
|
WordPress Extra User Details Plugin 0.4.2 - Privilege Escalation
|
129 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-18
|
|
Cisco ASA VPN Portal Cross Site Scripting
|
166 |
WEB
|
Juan Sacco
|
|
2016-02-17
|
|
phpMyBackupPro 2.5 - Remote Command Execution / CSRF
|
146 |
WEB
|
hyp3rlinx
|
|
2016-02-17
|
|
Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers
|
235 |
WEB
|
LiquidWorm
|
|
2016-02-14
|
|
Wordpress Smallbiz Themes Remote File Uploads Vulnerability
|
395 |
WEB
|
Milad Hacking
|
|
2016-02-14
|
|
WordPress WooCommerce Store Toolkit Plugin 1.5.5 - Privilege Escalation Exploit
|
119 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-14
|
|
WordPress WP User Frontend Plugin < 2.3.11 - Unrestricted File Upload Exploit
|
335 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-14
|
|
JiveForums 5.5.25 Directory Traversal Exploit
|
235 |
WEB
|
Zhaohuan
|
|
2016-01-27
|
|
Glassfish Server - Arbitrary File Read Vulnerability
|
372 |
WEB
|
bingbing
|
|
2016-01-26
|
|
pfSense Firewall <= 2.2.5 - Config File CSRF
|
151 |
WEB
|
Aatif Shahdad
|
|
2016-01-22
|
|
Joomla com_forum Remote SQL Injection Exploit
|
242 |
WEB
|
Dz MinD Injector
|
|
2016-01-15
|
|
Manage Engine Application Manager 12.5 - Arbitrary Command Execution Vulnerability
|
383 |
WEB
|
Bikramaditya Guha
|
|
2016-01-15
|
|
SevOne NMS <= 5.3.6.0 - Remote Root Exploit
|
198 |
WEB
|
iamsecurity
|
|
2016-01-14
|
|
WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution
|
126 |
WEB
|
Matt Buzanowski
|
|
2016-01-07
|
|
D-Link DCS-931L Arbitrary File Upload
|
177 |
WEB
|
Brendan Coles
|
|
2016-01-04
|
|
Joomla 3.4.5 Object Injection
|
246 |
WEB
|
Khashayar Fereidani
|
|
2016-01-04
|
|
WordPress Simple Ads Manager 2.9.4.116 SQL Injection
|
245 |
WEB
|
Kacper Szurek
|
|
2016-01-04
|
|
Simple Ads Manager 2.9.4.116 - SQL Injection
|
228 |
WEB
|
Kacper Szurek
|
|
2015-12-23
|
|
phpMyFAQ 2.7.9 PHP Code Injection
|
175 |
WEB
|
indoushka
|
|
2015-12-22
|
|
Ovidentia Widgets 1.0.61 - Remote Command Execution Exploit
|
158 |
WEB
|
bd0rk
|
|
2015-12-16
|
|
Article Script 1.00 SQL Injection
|
120 |
WEB
|
Linux Zone Research Team
|
|
2015-12-16
|
|
WordPress Tierra Billboard Manager 1.14 SQL Injection
|
151 |
WEB
|
Linux Zone Research Team
|
|
2015-12-15
|
|
Joomla MyDynGallery SQL Injection
|
218 |
WEB
|
D35m0nd142
|
|
2015-12-08
|
|
DMarket 1.0 Remote PHP Code Injection
|
137 |
WEB
|
indoushka
|
|
2015-12-07
|
|
Atlassian HipChat for Jira Plugin Velocity Template Injection
|
229 |
WEB
|
sinn3r
|
|
2015-12-02
|
|
Advantech Switch Bash Environment Variable Code Injection
|
169 |
WEB
|
hdm
|
|
2015-11-26
|
|
Dimofinf 3.0.0 SQL Injection
|
108 |
WEB
|
D35m0nd142
|
|
2015-11-24
|
|
vBulletin 5.x - Remote Code Execution Exploit
|
124 |
WEB
|
Mohammad Reza
|
|
2015-11-18
|
|
WordPress Users Ultra 1.5.50 Unrestricted File Upload
|
184 |
WEB
|
panVagenas
|
|
2015-11-17
|
|
D-Link DIR-816L Cross Site Request Forgery
|
200 |
WEB
|
Bhadresh Patel
|
|
2015-11-17
|
|
D-Link SSDP Command Injection
|
221 |
WEB
|
Samuel Huntley
|
|
2015-11-17
|
|
D-Link DIR-890L/R Buffer Overflow
|
367 |
WEB
|
Samuel Huntley
|
|
2015-11-17
|
|
D-Link DIR-866L Buffer Overflow
|
139 |
WEB
|
Samuel Huntley
|
|
2015-11-17
|
|
D-Link DIR-825 Buffer Overflow / Directory Traversal
|
99 |
WEB
|
Samuel Huntley
|
|
2015-11-17
|
|
D-Link DIR-818W Buffer Overflow / Command Injection
|
94 |
WEB
|
Samuel Huntley
|
|
2015-11-17
|
|
D-Link DGL5500 - HNAP Buffer Overflow Vulnerability
|
103 |
WEB
|
Samuel Huntley
|
|
2015-11-16
|
|
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload Version 1
|
196 |
WEB
|
Denis Andzakovic
|
|
2015-11-16
|
|
Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2
|
188 |
WEB
|
Denis Andzakovic
|
|
2015-11-16
|
|
vBulletin 5.1.2 Unserialize Code Execution
|
278 |
WEB
|
cutz
|
|
2015-11-11
|
|
Google AdWords <= 6.2.0 API client libraries - XML eXternal Entity Injection (XXE)
|
154 |
WEB
|
Dawid Golunski
|
|
2015-11-11
|
|
Google AdWords API PHP client library <= 6.2.0 - Arbitrary PHP Code Execution
|
72 |
WEB
|
Dawid Golunski
|
|
2015-11-11
|
|
Jenkins 1.633 - Unauthenticated Credential Recovery
|
227 |
WEB
|
The Repo
|
|
2015-11-10
|
|
Google AdWords API PHP Client Library 6.2.0 XXE Injection
|
197 |
WEB
|
Dawid Golunski
|
|
2015-11-10
|
|
Google AdWords API PHP Client Library 6.2.0 Code Execution
|
178 |
WEB
|
Dawid Golunski
|
|
2015-11-10
|
|
Arris TG1682G Modem - Stored XSS Vulnerability
|
309 |
WEB
|
Nu11By73
|
|
2015-11-09
|
|
vBulletin 5.1.x - PreAuth 0day Remote Code Execution Exploit
|
273 |
WEB
|
hhjj
|
|
2015-11-06
|
|
OpenSSL Alternative Chains Certificate Forgery
|
238 |
WEB
|
Ramon de C Valle
|
|
2015-11-06
|
|
Java Secure Socket Extension (JSSE) SKIP-TLS
|
216 |
WEB
|
Ramon de C Valle
|
|
2015-11-02
|
|
eBay Magento <= 1.9.2.1 - PHP FPM XML eXternal Entity Injection
|
147 |
WEB
|
Dawid Golunski
|
|
2015-11-02
|
|
PHP Server Monitor 3.1.1- CSRF Privilege Escalation
|
94 |
WEB
|
hyp3rlinx
|
|
2015-10-27
|
|
articleFR 3.0.7 Arbitrary File Read
|
187 |
WEB
|
0keeteam
|
|
2015-10-27
|
|
SiteWIX SQL Injection
|
218 |
WEB
|
ZoRLu
|
|
2015-10-27
|
|
Beckhoff CX9020 CPU Module - Remote Code Execution Exploit
|
334 |
WEB
|
Photubias
|
|
2015-10-20
|
|
RealtyScript 4.0.2 SQL Injection
|
181 |
WEB
|
LiquidWorm
|
|
2015-10-20
|
|
RealtyScript 4.0.2 Cross Site Request Forgery / Cross Site Scripting
|
185 |
WEB
|
LiquidWorm
|
