|
2014-07-09
|
|
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
|
119 |
WEB
|
Redsadic
|
|
2014-07-09
|
|
Wordpress Theme ProjectTheme Shell Upload Vulnerability
|
131 |
WEB
|
Aloulou
|
|
2014-07-09
|
|
Wordpress Theme PricerrTheme Shell Upload Vulnerability
|
139 |
WEB
|
Aloulou
|
|
2014-07-08
|
|
Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability
|
153 |
WEB
|
c1ph04
|
|
2014-07-01
|
|
IBM Algorithmics RICOS Disclosure / XSS / CSRF
|
155 |
WEB
|
F. Lukavsky
|
|
2014-07-01
|
|
Horde Framework Unserialize PHP Code Execution
|
90 |
WEB
|
Akra Macha
|
|
2014-06-30
|
|
WordPress wp-crm Plugin Arbitrary File Upload Vulnerability
|
320 |
WEB
|
brunox
|
|
2014-06-27
|
|
Python CGIHTTPServer File Disclosure / Code Execution
|
278 |
WEB
|
Jens Liebchen
|
|
2014-06-25
|
|
WordPress image-symlinks Plugin Arbitrary File Upload Vulnerability
|
168 |
WEB
|
brunox
|
|
2014-06-25
|
|
Cogent DataHub Command Injection
|
121 |
WEB
|
juan vazquez
|
|
2014-06-24
|
|
Supermicro IPMI/BMC Cleartext Password Scanner
|
222 |
WEB
|
1N3
|
|
2014-06-23
|
|
D-link DSL-2760U-E1 - Persistent XSS
|
93 |
WEB
|
Yuval tisf Nativ
|
|
2014-06-20
|
|
AlienVault OSSIM av-centerd Command Injection
|
71 |
WEB
|
temp66
|
|
2014-06-19
|
|
Ericom AccessNow Server Buffer Overflow
|
104 |
WEB
|
temp66
|
|
2014-06-16
|
|
ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation
|
164 |
WEB
|
Tiago Carvalho
|
|
2014-06-13
|
|
Plesk 10.4.4 / 11.0.9 XXE Injection
|
94 |
WEB
|
z00
|
|
2014-06-10
|
|
Xornic Contact Us Form CAPTCHA Bypass / XSS
|
109 |
WEB
|
Scott Arciszewski
|
|
2014-06-09
|
|
Madness Pro <= 1.14 - SQL Injection
|
88 |
WEB
|
bwall
|
|
2014-06-09
|
|
Madness Pro <= 1.14 - Persistent XSS
|
106 |
WEB
|
bwall
|
|
2014-05-22
|
|
SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation
|
92 |
WEB
|
Gregory DRAPERI
|
|
2014-05-20
|
|
UPS Web/SNMP-Manager CS121 Login Bypass
|
96 |
WEB
|
jkmac
|
|
2014-05-20
|
|
SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 Directory Traver
|
81 |
WEB
|
Matt Schmidt
|
|
2014-05-20
|
|
HP Release Control Authenticated XXE
|
103 |
WEB
|
Brandon Perry
|
|
2014-05-16
|
|
ElasticSearch Remote Code Execution
|
88 |
WEB
|
Jeff Geiger
|
|
2014-05-14
|
|
WordPress Formidable Forms Remote Code Execution
|
101 |
WEB
|
Manish Tanwar
|
|
2014-05-14
|
|
AlienVault OSSIM 4.6.1 - Authenticated SQL Injection
|
116 |
WEB
|
Chris Hebert
|
|
2014-05-09
|
|
F5 iControl Remote Command Execution Vulnerability
|
80 |
WEB
|
Brandon Perry
|
|
2014-05-04
|
|
HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal
|
89 |
WEB
|
@0x00string
|
|
2014-04-25
|
|
Bonefire v.0.7.1 - Reinstall Admin Account Exploit
|
77 |
WEB
|
Mehmet Ince
|
|
2014-04-23
|
|
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key
|
190 |
WEB
|
Mehmet Ince
|
|
2014-04-23
|
|
Sixnet Sixview 2.4.1 - Web Console Directory Traversal
|
73 |
WEB
|
daniel svartman
|
|
2014-04-22
|
|
Comtrend CT 5361T Cross Site Request Forgery / Cross Site Scripting
|
99 |
WEB
|
TUNISIAN CYBER
|
|
2014-04-22
|
|
ATSEngine credential disclosure vulnerability
|
67 |
WEB
|
Xylitol
|
|
2014-04-21
|
|
CU3ER 1.24 Cross Site Scripting / Content Spoofing
|
89 |
WEB
|
MustLive
|
|
2014-04-16
|
|
NETGEAR N600 WIRELESS DUAL BAND WNDR3400 - Multiple Vulnerabilities
|
96 |
WEB
|
Santhosh Kumar
|
|
2014-04-15
|
|
Madss Software Solution SQL Injection
|
141 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-04-14
|
|
Plex Media Server 0.9.9.10 CSRF / Disclosure
|
192 |
WEB
|
S. Viehbock
|
|
2014-04-14
|
|
eScan Web Management Console Command Injection
|
82 |
WEB
|
juan vazquez
|
|
2014-04-10
|
|
Sophos Web Protection Appliance Command Execution
|
79 |
WEB
|
Brandon Perry
|
|
2014-04-10
|
|
RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection Vulnerabilities
|
129 |
WEB
|
The:Paradox
|
|
2014-04-09
|
|
Vtiger Install Unauthenticated Remote Command Execution
|
54 |
WEB
|
Jonathan Borgeaud
|
|
2014-04-08
|
|
PHPFox 3.7.5 Authorization Bypass
|
113 |
WEB
|
Wesley Henrique Leite
|
|
2014-04-04
|
|
Kyocera FS5250 Cross Site Scripting
|
73 |
WEB
|
Jeff Sergeant
|
|
2014-04-04
|
|
Kloxo-MR 6.5.0 - CSRF Vulnerability
|
107 |
WEB
|
Necmettin COSKUN
|
|
2014-04-04
|
|
Kloxo 6.1.18 Stable - CSRF Vulnerability
|
88 |
WEB
|
Necmettin COSKUN
|
|
2014-04-03
|
|
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
|
60 |
WEB
|
Vulnerability-Lab
|
|
2014-04-03
|
|
ICOMM 610 Wireless Modem - CSRF Vulnerability
|
112 |
WEB
|
Blessen Thomas
|
|
2014-04-01
|
|
AlienVault 4.5.0 SQL Injection
|
98 |
WEB
|
Brandon Perry
|
|
2014-04-01
|
|
EMC Cloud Tiering Appliance v10.0 Unauthenticated XXE Arbitrary File Read
|
197 |
WEB
|
Brandon Perry
|
|
2014-03-31
|
|
WordPress Business Intelligence 1.0.6 Shell Upload
|
115 |
WEB
|
Manish Tanwar
|
|
2014-03-27
|
|
IBM Tealeaf CX 8.8 - Remote OS Command Injection
|
72 |
WEB
|
drone
|
|
2014-03-26
|
|
qEngine CMS 6.0.0 - Multiple Vulnerabilities
|
93 |
WEB
|
LiquidWorm
|
|
2014-03-26
|
|
Kemana Directory 1.5.6 (qvc_init()) Cookie Poisoning CAPTCHA Bypass Exploit
|
88 |
WEB
|
LiquidWorm
|
|
2014-03-26
|
|
Kemana Directory 1.5.6 Database Backup Disclosure Exploit
|
104 |
WEB
|
LiquidWorm
|
|
2014-03-26
|
|
Cart Engine 3.0.0 Database Backup Disclosure Exploit
|
93 |
WEB
|
LiquidWorm
|
|
2014-03-18
|
|
osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability
|
89 |
WEB
|
TUNISIAN CYBER
|
|
2014-03-17
|
|
OpenSupports v2.x AuthBypass/CSRF Vulnerabilities
|
87 |
WEB
|
TUNISIAN CYBER
|
|
2014-03-11
|
|
Herpes Net 3.0 SQL Injection
|
97 |
WEB
|
bwall
|
|
2014-03-06
|
|
Ganib 2.3 SQL Injection
|
102 |
WEB
|
drone
|
|
2014-02-14
|
|
Dexter CasinoLoader SQL Injection
|
115 |
WEB
|
bwall
|
|
2014-02-11
|
|
ZTE ZXV10 W300 Hardcoded Credentials
|
119 |
WEB
|
Cesar Neira
|
|
2014-02-11
|
|
WordPress Kidoo Shell Upload
|
100 |
WEB
|
TUNISIAN CYBER
|
|
2014-01-21
|
|
WordPress Global Flash Galleries File Upload
|
91 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-01-20
|
|
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
|
168 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
SmarterMail 11.x Cross Site Scripting
|
173 |
WEB
|
Saeed reza Zamanian
|
|
2014-01-09
|
|
Eyou Mail System Remote Code Execution
|
85 |
WEB
|
conqu3r.zeng
|
|
2014-01-08
|
|
Command School Student Management System 1.06.01 SQL Injection / CSRF / XSS
|
103 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
|
101 |
WEB
|
EgiX
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross Site Scripting Vulnerabilities
|
96 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Cross Site Request Forgery
|
79 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
|
207 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor - Root Exploit
|
122 |
WEB
|
Jeroen - IT Nerdbox
|
|
2013-12-31
|
|
PhotoStore 4.0.7. Shell Upload
|
92 |
WEB
|
Gabby
|
|
2013-12-24
|
|
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
|
86 |
WEB
|
Markus Wulftange
|
|
2013-12-24
|
|
OpenSIS 'modname' PHP Code Execution
|
99 |
WEB
|
EgiX
|
|
2013-12-24
|
|
Zimbra Collaboration Server LFI
|
121 |
WEB
|
rubina119
|
|
2013-12-24
|
|
Song Exporter 2.1.1 RS Local File Inclusion
|
75 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-12-24
|
|
WordPress Persuasion Theme File Download / Deletion
|
87 |
WEB
|
Interference Security
|
|
2013-12-23
|
|
USP Secure Entry Server URL Redirection
|
75 |
WEB
|
Alexandre Herzog
|
|
2013-12-18
|
|
iScripts Support Desk 4.1 SQL Injection
|
155 |
WEB
|
i-Hmx
|
|
2013-12-18
|
|
Traidnt Upload 3 Add Administrator
|
88 |
WEB
|
i-Hmx
|
|
2013-12-16
|
|
PHP openssl_x509_parse() Memory Corruption
|
137 |
WEB
|
Stefan Esser
|
|
2013-12-16
|
|
iScripts AutoHoster PHP Code Injection
|
83 |
WEB
|
i-Hmx
|
|
2013-12-11
|
|
vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
|
99 |
WEB
|
Orestis Kourides
|
|
2013-12-09
|
|
Up.Time Monitoring Station post2file.php Arbitrary File Upload
|
101 |
WEB
|
Denis Andzakovic
|
|
2013-12-09
|
|
Eaton Network Shutdown Module 3.21 PHP Code Injection
|
96 |
WEB
|
Filip Waeytens
|
|
2013-12-06
|
|
Joomla Hotornot2 Shell Upload
|
111 |
WEB
|
DevilScreaM
|
|
2013-12-05
|
|
Kaseya uploadImage Arbitrary File Upload
|
109 |
WEB
|
Thomas Hibbert
|
|
2013-12-03
|
|
WordPress OptimizePress Theme File Upload
|
105 |
WEB
|
Mekanismen
|
|
2013-12-02
|
|
Joomla JMultimedia Command Execution
|
108 |
WEB
|
Deepankar Arora
|
|
2013-11-29
|
|
Kimai 0.9.2 db_restore.php SQL Injection
|
92 |
WEB
|
drone
|
|
2013-11-26
|
|
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
|
108 |
WEB
|
LiquidWorm
|
|
2013-11-11
|
|
RASPcalendar 1.01 SQL Injection
|
81 |
WEB
|
Hackeri-AL
|
|
2013-11-01
|
|
Joomla Joomleague Shell Upload
|
103 |
WEB
|
wantexz
|
|
2013-11-01
|
|
Unicorn WB-3300NR Cross Site Request Forgery
|
101 |
WEB
|
absane
|
|
2013-10-31
|
|
ProcessMaker Open Source Authenticated PHP Code Execution
|
87 |
WEB
|
Brendan Coles
|
|
2013-10-28
|
|
WordPress GeoPlaces 4.x Shell Upload
|
83 |
WEB
|
DevilScreaM
|
|
2013-10-28
|
|
WebCollab 3.30 HTTP Response Splitting
|
94 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-24
|
|
Joomla Component com_maianmedia Remote Code Execution
|
116 |
WEB
|
indexphp
|
|
2013-10-23
|
|
Apache Shindig 2.5.0 XXE Injection
|
92 |
WEB
|
Kousuke Ebihara
|
|
2013-10-21
|
|
Bluetooth U 1.2.0 Directory Traversal
|
90 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-10-21
|
|
WebTester 5.x Command Execution
|
80 |
WEB
|
Brendan Coles
|
|
2013-10-18
|
|
Oracle Portal Demo Organization Chart PL/SQL Injection
|
127 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-18
|
|
Level One Enterprise Access Points Password Disclosure
|
85 |
WEB
|
Richard Weinberger
|
|
2013-10-15
|
|
Zabbix 2.0.8 SQL Injection / Remote Code Execution
|
113 |
WEB
|
Lincoln
|
|
2013-10-08
|
|
WordPress Woopra Remote Code Execution
|
116 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress Slimstat Ex Code Execution
|
84 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress SEO Watcher Remote Code Execution
|
97 |
WEB
|
wantexz
|
|
2013-09-27
|
|
Astium Remote Code Execution
|
154 |
WEB
|
xistence
|
|
2013-09-26
|
|
Nodejs js-yaml load() Code Execution
|
131 |
WEB
|
joev
|
|
2013-09-24
|
|
Raidsonic NAS Devices Unauthenticated Remote Command Execution
|
138 |
WEB
|
juan vazquez
|
|
2013-08-29
|
|
SPIP Connect Parameter PHP Injection
|
101 |
WEB
|
Frederic Cikala
|
|
2013-08-15
|
|
Struts2 2.3.15 Open Redirect
|
97 |
WEB
|
Takeshi Terada
|
|
2013-08-15
|
|
Struts2 2.3.15 OGNL Injection
|
372 |
WEB
|
Takeshi Terada
|
|
2013-08-12
|
|
Sybase EAServer XXE Injection
|
82 |
WEB
|
MustLive
|
|
2013-08-08
|
|
MyBB 1.6.10 Open Redirection
|
75 |
WEB
|
LiquidWorm
|
|
2013-07-30
|
|
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
|
81 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
|
88 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
|
99 |
WEB
|
temp66
|
|
2013-07-26
|
|
Powershell Payload Web Delivery
|
88 |
WEB
|
Chris Campbell
|
|
2013-06-24
|
|
HP System Management Homepage JustGetSNMPQueue Command Injection
|
104 |
WEB
|
sinn3r
|
|
2013-06-24
|
|
LibrettoCMS File Manager Arbitrary File Upload
|
125 |
WEB
|
sinn3r
|
|
2013-06-19
|
|
MoinMoin twikidraw Action Traversal File Upload
|
95 |
WEB
|
HTP
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Cross Site Scripting
|
88 |
WEB
|
LiquidWorm
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Source Code Disclosure
|
92 |
WEB
|
LiquidWorm
|
