Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2014-12-09   Flat Calendar 1.1 HTML Injection 141 WEB ZoRLu
2014-11-27   Device42 Embedded Credentials 116 WEB Brandon Perry
2014-11-27   Slider Revolution/Showbiz Pro Shell Upload Exploit 101 WEB Simo Ben Youssef
2014-11-27   Device42 WAN Emulator 2.3 Ping Command Injection 77 WEB Brandon Perry
2014-11-27   Device42 WAN Emulator 2.3 Traceroute Command Injection 95 WEB Brandon Perry
2014-11-26   All-in-One WP Migration 2.0.2 Remote Code Execution Vulnerability 104 WEB Kacper Szurek
2014-11-26   Arris VAP2500 Authentication Bypass 119 WEB HeadlessZeke
2014-11-26   phpMyRecipes 1.2.2 (dosearch.php, words_exact param) - SQL Injection 162 WEB bard
2014-11-25   WordPress WP-DB-Backup 2.2.4 Backup Theft 131 WEB Larry W. Cashdollar
2014-11-25   FluxBB 1.5.6 SQL Injection 108 WEB secthrowaway
2014-11-25   Atrax Botnet Shell Upload Vulnerability 103 WEB Xylitol
2014-11-24   Wordpress wpDataTables 1.5.3 shell Upload Exploit 93 WEB Claudio Viviani
2014-11-18   MantisBT XmlImportExport Plugin PHP Code Injection 80 WEB EgiX
2014-11-18   Joomla HD FLV 2.1.0.1 Arbitrary File Download 118 WEB Claudio Viviani
2014-11-18   PHP 5.x - Bypass Disable Functions Vulnerability 171 WEB Ryan King
2014-11-18   Proticaret E-Commerce Script 3.0 - SQL Injection Vulnerability 86 WEB Onur Alanbel
2014-11-18   ZTE ZXHN H108L - Authentication Bypass 225 WEB Project Zero Labs
2014-11-18   ZTE ZXHN H108L - Authentication Bypass 73 WEB Project Zero Labs
2014-11-14   Who's Who Script Cross Site Request Forgery 104 WEB ZoRLu
2014-11-14   Joomla HD FLV 2.1.0.1 SQL Injection 110 WEB Claudio Viviani
2014-11-11   IP.Board 3.4.7 SQL Injection 104 WEB secthrowaway
2014-11-05   Drupal < 7.32 Pre Auth SQL Injection 172 WEB Stefan Horst
2014-10-31   Joomla RD Download SQL Injection 149 WEB Claudio Viviani
2014-10-30   MAARCH 1.4 - Arbitrary File Upload 98 WEB Adrien Thierry
2014-10-29   vBulletin Tapatalk - Blind SQL Injection 208 WEB tintinweb
2014-10-28   vBulletin 4.x Tapatalk Blind SQL Injection 121 WEB tintinweb
2014-10-28   Incredible PBX 2.0.6.5.0 - Remote Command Execution Exploit 103 WEB Simo Ben Youssef
2014-10-28   HP Operations Agent Remote XSS iFrame Injection 118 WEB Matt Schmidt
2014-10-28   Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability 106 WEB Claudio Viviani
2014-10-24   Centreon SQL / Command Injection 115 WEB MaZ
2014-10-24   WordPress / Joomla Creative Contact Form 0.9.7 Shell Upload 116 WEB Claudio Viviani
2014-10-24   Feng Office 1.7.4 - Arbitrary File Upload 90 WEB AutoSec Tools
2014-10-23   DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload 182 WEB Glafkos Charalambous
2014-10-21   ZTE ZXDSL-931VII - Unauthenticated Configuration Dump 269 WEB L0ukanik0-s S0kniaku0l
2014-10-20   Fonality Trixbox CE 2.8.0.4 Command Execution Vulnerability 103 WEB Simo Ben
2014-10-20   NETIS DL4322D Multiple Vulnerabilities 98 WEB AkaStep
2014-10-20   Wordpress Theme Dazzling Shell Upload Vulnerability 119 WEB king_cobra
2014-10-20   Drupal Core <= 7.32 - SQL Injection (PHP) 106 WEB Dustin Dörr
2014-10-20   Drupal Core <= 7.32 - SQL Injection 97 WEB fyukyuk
2014-10-17   Drupal 7.X SQL Injection 211 WEB Claudio Viviani
2014-10-15   SEO Control Panel 3.6.0 - Authenticated SQL Injection 98 WEB Tiago Carvalho
2014-10-14   Croogo 2.0.0 Arbitrary PHP Code Execution / Cross Site Scripting Vulnerabilities 104 WEB LiquidWorm
2014-10-09   Nessus Web UI 2.3.3 Cross Site Scripting Vulnerability 84 WEB Frank Lycops
2014-10-09   Wordpress InfusionSoft Upload 140 WEB us3r777
2014-10-08   Toast Forums Database Disclosure 115 WEB indoushka
2014-10-08   Snitz Forums 2000 3.4.07 Database Disclosure 105 WEB indoushka
2014-10-08   AutoWeb 3.0 SQL Injection 275 WEB ZoRLu
2014-10-08   Wordpress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit) 88 WEB Claudio Viviani
2014-10-08   IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit 112 WEB Claudio Viviani
2014-09-30   Microsoft Exchange IIS HTTP Internal IP Address Disclosure 95 WEB Nate Power
2014-09-30   OpenFiler 2.99.1 - CSRF Vulnerability 104 WEB Dolev Farhi
2014-09-28   Comersus Sophisticated Cart Database Disclosure 102 WEB indoushka
2014-09-26   Nucom ADSL ADSLR5000UN ISP Credentials Disclosure 91 WEB Sebastián Magof
2014-09-25   ZyXEL Prestig P-660HNU-T1 ISP Credentials Disclosure Exploit 105 WEB Sebastián Magof
2014-09-23   Joomla Face Gallery 1.0 Multiple Vulnerabilities 111 WEB Claudio Viviani
2014-09-23   Joomla Mac Gallery <= 1.5 Arbitrary File Download Exploit 101 WEB Claudio Viviani
2014-09-22   GetSimpleCMS PHP File Upload 91 WEB Ahmed Elhady Mohamed
2014-09-19   Briefcase 4.0 iOS - Code Execution & File Include Vulnerability 113 WEB Vulnerability-Lab
2014-09-18   ZTE ZXDSL-931VII Unauthenticated Configuration Dump 364 WEB L0ukanik0s
2014-09-17   WordPress Slideshow Gallery 1.4.6 Shell Upload 93 WEB Claudio Viviani
2014-09-16   ALCASAR <= 2.8.1 - Remote Root Code Execution Vulnerability 147 WEB eF
2014-09-15   EGYWEB (Mantrac) <= Remote File Disclosure Exploit 126 WEB KnocKout
2014-09-12   Onlineon E-Ticaret Database Disclosure 106 WEB ZoRLu
2014-09-12   Joomla Spider Contacts 1.3.6 (index.php, contacts_id param) - SQL Injection 108 WEB Claudio Viviani
2014-08-29   DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS 94 WEB Haider Mahmood
2014-08-29   XRMS - Blind SQL Injection and Command Execution 128 WEB Benjamin Harris
2014-08-29   PhpWiki - Remote Command Execution 73 WEB Benjamin Harris
2014-08-29   ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution 94 WEB Benjamin Harris
2014-08-29   Plogger 1.0-RC1 - Authenticated Arbitrary File Upload 95 WEB b0z
2014-08-20   HybridAuth install.php PHP Code Execution 107 WEB Pichaya Morimoto
2014-08-14   WordPress Disqus 2.7.5 CSRF / Cross Site Scripting Vulnerabilities 134 WEB Nik Cubrilovic
2014-08-13   CS-Cart 4.2.0 Session Hijacking 86 WEB Nik Cubrilovic
2014-08-04   TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities 113 WEB Vulnerability-Lab
2014-07-31   D-Link AP 3200 Multiple Vulnerabilities 121 WEB pws
2014-07-31   SkaDate Lite 2.0 - Remote Code Execution Exploit 203 WEB LiquidWorm
2014-07-29   Oxwall 1.7.0 - Remote Code Execution Exploit 155 WEB LiquidWorm
2014-07-29   Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities 108 WEB LiquidWorm
2014-07-28   Pligg 2.0.1 - Multiple Vulnerabilities 100 WEB BlackHawk
2014-07-25   NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure vulnerability 109 WEB Dolev Farhi
2014-07-22   vBulletin 5.1.2 SQL Injection 109 WEB Nytro
2014-07-22   MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities 95 WEB Ajin Abraham
2014-07-16   Wordpress WPTouch Authenticated File Upload 85 WEB Marc-Alexandre Montpas
2014-07-09   Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow 125 WEB Redsadic
2014-07-09   Wordpress Theme ProjectTheme Shell Upload Vulnerability 137 WEB Aloulou
2014-07-09   Wordpress Theme PricerrTheme Shell Upload Vulnerability 145 WEB Aloulou
2014-07-08   Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability 163 WEB c1ph04
2014-07-01   IBM Algorithmics RICOS Disclosure / XSS / CSRF 163 WEB F. Lukavsky
2014-07-01   Horde Framework Unserialize PHP Code Execution 99 WEB Akra Macha
2014-06-30   WordPress wp-crm Plugin Arbitrary File Upload Vulnerability 326 WEB brunox
2014-06-27   Python CGIHTTPServer File Disclosure / Code Execution 307 WEB Jens Liebchen
2014-06-25   WordPress image-symlinks Plugin Arbitrary File Upload Vulnerability 180 WEB brunox
2014-06-25   Cogent DataHub Command Injection 131 WEB juan vazquez
2014-06-24   Supermicro IPMI/BMC Cleartext Password Scanner 230 WEB 1N3
2014-06-23   D-link DSL-2760U-E1 - Persistent XSS 101 WEB Yuval tisf Nativ
2014-06-20   AlienVault OSSIM av-centerd Command Injection 77 WEB temp66
2014-06-19   Ericom AccessNow Server Buffer Overflow 110 WEB temp66
2014-06-16   ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation 169 WEB Tiago Carvalho
2014-06-13   Plesk 10.4.4 / 11.0.9 XXE Injection 99 WEB z00
2014-06-10   Xornic Contact Us Form CAPTCHA Bypass / XSS 117 WEB Scott Arciszewski
2014-06-09   Madness Pro <= 1.14 - SQL Injection 94 WEB bwall
2014-06-09   Madness Pro <= 1.14 - Persistent XSS 114 WEB bwall
2014-05-22   SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation 98 WEB Gregory DRAPERI
2014-05-20   UPS Web/SNMP-Manager CS121 Login Bypass 104 WEB jkmac
2014-05-20   SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 Directory Traver 89 WEB Matt Schmidt
2014-05-20   HP Release Control Authenticated XXE 111 WEB Brandon Perry
2014-05-16   ElasticSearch Remote Code Execution 96 WEB Jeff Geiger
2014-05-14   WordPress Formidable Forms Remote Code Execution 108 WEB Manish Tanwar
2014-05-14   AlienVault OSSIM 4.6.1 - Authenticated SQL Injection 124 WEB Chris Hebert
2014-05-09   F5 iControl Remote Command Execution Vulnerability 87 WEB Brandon Perry
2014-05-04   HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal 97 WEB @0x00string
2014-04-25   Bonefire v.0.7.1 - Reinstall Admin Account Exploit 83 WEB Mehmet Ince
2014-04-23   No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key 196 WEB Mehmet Ince
2014-04-23   Sixnet Sixview 2.4.1 - Web Console Directory Traversal 81 WEB daniel svartman
2014-04-22   Comtrend CT 5361T Cross Site Request Forgery / Cross Site Scripting 105 WEB TUNISIAN CYBER
2014-04-22   ATSEngine credential disclosure vulnerability 74 WEB Xylitol
2014-04-21   CU3ER 1.24 Cross Site Scripting / Content Spoofing 94 WEB MustLive
2014-04-16   NETGEAR N600 WIRELESS DUAL BAND WNDR3400 - Multiple Vulnerabilities 101 WEB Santhosh Kumar
2014-04-15   Madss Software Solution SQL Injection 147 WEB Ashiyane Digital Security Team
2014-04-14   Plex Media Server 0.9.9.10 CSRF / Disclosure 198 WEB S. Viehbock
2014-04-14   eScan Web Management Console Command Injection 89 WEB juan vazquez
2014-04-10   Sophos Web Protection Appliance Command Execution 85 WEB Brandon Perry
2014-04-10   RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injection Vulnerabilities 135 WEB The:Paradox
2014-04-09   Vtiger Install Unauthenticated Remote Command Execution 60 WEB Jonathan Borgeaud
2014-04-08   PHPFox 3.7.5 Authorization Bypass 120 WEB Wesley Henrique Leite
2014-04-04   Kyocera FS5250 Cross Site Scripting 79 WEB Jeff Sergeant