|
2014-01-21
|
|
WordPress Global Flash Galleries File Upload
|
78 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-01-20
|
|
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
|
150 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
SmarterMail 11.x Cross Site Scripting
|
157 |
WEB
|
Saeed reza Zamanian
|
|
2014-01-09
|
|
Eyou Mail System Remote Code Execution
|
70 |
WEB
|
conqu3r.zeng
|
|
2014-01-08
|
|
Command School Student Management System 1.06.01 SQL Injection / CSRF / XSS
|
83 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
|
86 |
WEB
|
EgiX
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross Site Scripting Vulnerabilities
|
80 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Cross Site Request Forgery
|
65 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
|
195 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-01-07
|
|
Seagate BlackArmor - Root Exploit
|
107 |
WEB
|
Jeroen - IT Nerdbox
|
|
2013-12-31
|
|
PhotoStore 4.0.7. Shell Upload
|
79 |
WEB
|
Gabby
|
|
2013-12-24
|
|
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
|
70 |
WEB
|
Markus Wulftange
|
|
2013-12-24
|
|
OpenSIS 'modname' PHP Code Execution
|
86 |
WEB
|
EgiX
|
|
2013-12-24
|
|
Zimbra Collaboration Server LFI
|
107 |
WEB
|
rubina119
|
|
2013-12-24
|
|
Song Exporter 2.1.1 RS Local File Inclusion
|
63 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-12-24
|
|
WordPress Persuasion Theme File Download / Deletion
|
74 |
WEB
|
Interference Security
|
|
2013-12-23
|
|
USP Secure Entry Server URL Redirection
|
59 |
WEB
|
Alexandre Herzog
|
|
2013-12-18
|
|
iScripts Support Desk 4.1 SQL Injection
|
141 |
WEB
|
i-Hmx
|
|
2013-12-18
|
|
Traidnt Upload 3 Add Administrator
|
74 |
WEB
|
i-Hmx
|
|
2013-12-16
|
|
PHP openssl_x509_parse() Memory Corruption
|
121 |
WEB
|
Stefan Esser
|
|
2013-12-16
|
|
iScripts AutoHoster PHP Code Injection
|
71 |
WEB
|
i-Hmx
|
|
2013-12-11
|
|
vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
|
83 |
WEB
|
Orestis Kourides
|
|
2013-12-09
|
|
Up.Time Monitoring Station post2file.php Arbitrary File Upload
|
87 |
WEB
|
Denis Andzakovic
|
|
2013-12-09
|
|
Eaton Network Shutdown Module 3.21 PHP Code Injection
|
80 |
WEB
|
Filip Waeytens
|
|
2013-12-06
|
|
Joomla Hotornot2 Shell Upload
|
97 |
WEB
|
DevilScreaM
|
|
2013-12-05
|
|
Kaseya uploadImage Arbitrary File Upload
|
95 |
WEB
|
Thomas Hibbert
|
|
2013-12-03
|
|
WordPress OptimizePress Theme File Upload
|
93 |
WEB
|
Mekanismen
|
|
2013-12-02
|
|
Joomla JMultimedia Command Execution
|
93 |
WEB
|
Deepankar Arora
|
|
2013-11-29
|
|
Kimai 0.9.2 db_restore.php SQL Injection
|
77 |
WEB
|
drone
|
|
2013-11-26
|
|
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
|
91 |
WEB
|
LiquidWorm
|
|
2013-11-11
|
|
RASPcalendar 1.01 SQL Injection
|
65 |
WEB
|
Hackeri-AL
|
|
2013-11-01
|
|
Joomla Joomleague Shell Upload
|
87 |
WEB
|
wantexz
|
|
2013-11-01
|
|
Unicorn WB-3300NR Cross Site Request Forgery
|
87 |
WEB
|
absane
|
|
2013-10-31
|
|
ProcessMaker Open Source Authenticated PHP Code Execution
|
70 |
WEB
|
Brendan Coles
|
|
2013-10-28
|
|
WordPress GeoPlaces 4.x Shell Upload
|
67 |
WEB
|
DevilScreaM
|
|
2013-10-28
|
|
WebCollab 3.30 HTTP Response Splitting
|
78 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-24
|
|
Joomla Component com_maianmedia Remote Code Execution
|
99 |
WEB
|
indexphp
|
|
2013-10-23
|
|
Apache Shindig 2.5.0 XXE Injection
|
76 |
WEB
|
Kousuke Ebihara
|
|
2013-10-21
|
|
Bluetooth U 1.2.0 Directory Traversal
|
76 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-10-21
|
|
WebTester 5.x Command Execution
|
67 |
WEB
|
Brendan Coles
|
|
2013-10-18
|
|
Oracle Portal Demo Organization Chart PL/SQL Injection
|
116 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-18
|
|
Level One Enterprise Access Points Password Disclosure
|
74 |
WEB
|
Richard Weinberger
|
|
2013-10-15
|
|
Zabbix 2.0.8 SQL Injection / Remote Code Execution
|
96 |
WEB
|
Lincoln
|
|
2013-10-08
|
|
WordPress Woopra Remote Code Execution
|
99 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress Slimstat Ex Code Execution
|
70 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress SEO Watcher Remote Code Execution
|
80 |
WEB
|
wantexz
|
|
2013-09-27
|
|
Astium Remote Code Execution
|
140 |
WEB
|
xistence
|
|
2013-09-26
|
|
Nodejs js-yaml load() Code Execution
|
119 |
WEB
|
joev
|
|
2013-09-24
|
|
Raidsonic NAS Devices Unauthenticated Remote Command Execution
|
118 |
WEB
|
juan vazquez
|
|
2013-08-29
|
|
SPIP Connect Parameter PHP Injection
|
86 |
WEB
|
Frederic Cikala
|
|
2013-08-15
|
|
Struts2 2.3.15 Open Redirect
|
82 |
WEB
|
Takeshi Terada
|
|
2013-08-15
|
|
Struts2 2.3.15 OGNL Injection
|
354 |
WEB
|
Takeshi Terada
|
|
2013-08-12
|
|
Sybase EAServer XXE Injection
|
69 |
WEB
|
MustLive
|
|
2013-08-08
|
|
MyBB 1.6.10 Open Redirection
|
61 |
WEB
|
LiquidWorm
|
|
2013-07-30
|
|
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
|
69 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
|
77 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
|
85 |
WEB
|
temp66
|
|
2013-07-26
|
|
Powershell Payload Web Delivery
|
73 |
WEB
|
Chris Campbell
|
|
2013-06-24
|
|
HP System Management Homepage JustGetSNMPQueue Command Injection
|
90 |
WEB
|
sinn3r
|
|
2013-06-24
|
|
LibrettoCMS File Manager Arbitrary File Upload
|
112 |
WEB
|
sinn3r
|
|
2013-06-19
|
|
MoinMoin twikidraw Action Traversal File Upload
|
80 |
WEB
|
HTP
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Cross Site Scripting
|
70 |
WEB
|
LiquidWorm
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Source Code Disclosure
|
70 |
WEB
|
LiquidWorm
|
|
2013-06-08
|
|
JBoss AS Administrative Console Password Disclosure
|
239 |
WEB
|
amroot
|
|
2013-06-04
|
|
Seowonintech Routers Remote Root File Dumper
|
59 |
WEB
|
Todor Donev
|
|
2013-06-03
|
|
PhpTax 0.8 - File Manipulation(newvalue,field) Remote Code Execution
|
104 |
WEB
|
CWH Underground
|
|
2013-05-31
|
|
HP LaserJet Pro P1606dn Password Reset
|
93 |
WEB
|
m3tamantra
|
|
2013-05-29
|
|
Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload
|
76 |
WEB
|
KedAns-Dz
|
|
2013-05-20
|
|
D-Link DIR615h OS Command Injection
|
199 |
WEB
|
juan vazquez
|
|
2013-04-26
|
|
phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities
|
78 |
WEB
|
waraxe
|
|
2013-04-26
|
|
Hornbill Supportworks ITSM 1.0.0 - SQL Injection Vulnerability
|
79 |
WEB
|
Joseph Sheridan
|
|
2013-04-25
|
|
CiviCRM for Joomla 4.2.2 - Remote Code Injection
|
86 |
WEB
|
iskorpitx
|
|
2013-04-25
|
|
SMF 2.0.4 PHP Code Injection
|
185 |
WEB
|
Jakub Galczyk
|
|
2013-04-23
|
|
Janissaries Joomla Civicrm Shell Upload
|
71 |
WEB
|
miyachung
|
|
2013-04-22
|
|
nginx 0.6.x Arbitrary Code Execution NullByte Injection
|
85 |
WEB
|
Neal Poole
|
|
2013-04-22
|
|
Netgear DGN2200B pppoe.cgi Remote Command Execution
|
192 |
WEB
|
juan vazquez
|
|
2013-04-18
|
|
Java Web Start Launcher Memory Corruption
|
183 |
WEB
|
A. Antukh
|
|
2013-04-03
|
|
Aspen 0.8 Directory Traversal
|
76 |
WEB
|
Daniel Ricardo dos Santos
|
|
2013-04-03
|
|
Netgear WNR1000 Authentication Bypass
|
107 |
WEB
|
Roberto Paleari
|
|
2013-03-29
|
|
PsychoStats 3.2.2b Blind SQL Injection
|
66 |
WEB
|
Mohamed from ALG
|
|
2013-03-29
|
|
McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X
|
84 |
WEB
|
High-Tech Bridge SA
|
|
2013-03-29
|
|
AWS XMS 2.5 Path Traversal
|
84 |
WEB
|
High-Tech Bridge SA
|
|
2013-03-21
|
|
TP-Link TL-WR740N Wireless Router Remote Denial Of Service
|
103 |
WEB
|
LiquidWorm
|
|
2013-03-15
|
|
QuinStreet Database ID Spoofing
|
85 |
WEB
|
Henry Garrison
|
|
2013-03-14
|
|
LCG Disk Pool Manager SQL Injection
|
63 |
WEB
|
Adam Zabrocki
|
|
2013-03-14
|
|
Apache Rave User Exposure
|
64 |
WEB
|
Andreas Guth
|
|
2013-03-13
|
|
Web Cookbook SQL Injection
|
77 |
WEB
|
Saadat Ullah
|
|
2013-02-20
|
|
OpenEMR PHP File Upload
|
81 |
WEB
|
juan vazquez
|
|
2013-01-29
|
|
PHP Weby Directory Software 1.2 Multiple Vulnerabilities
|
144 |
WEB
|
AkaStep
|
|
2013-01-21
|
|
PHP-Charts 1.0 PHP Code Execution
|
62 |
WEB
|
Akastep
|
|
2013-01-18
|
|
PHP Chart 1.0 Code Execution
|
87 |
WEB
|
Akastep
|
|
2013-01-16
|
|
Oracle Application Framework Diagnostic Mode Bypass
|
111 |
WEB
|
David Byrne
|
|
2013-01-09
|
|
GetSimple 3.1.2 Code Execution
|
56 |
WEB
|
Jakub Galczyk
|
|
2013-01-05
|
|
Elastix 2.3 PHP Code Injection
|
82 |
WEB
|
Faris AKA i-Hmx
|
|
2013-01-05
|
|
Simple Webserver 2.3-rc1 Directory Traversal
|
83 |
WEB
|
CwG GeNiuS
|
|
2012-12-18
|
|
phpwcms 1.5.4.6 Remote Code Execution
|
102 |
WEB
|
aeon flux
|
|
2012-12-07
|
|
Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability
|
82 |
WEB
|
Woody Hughes
|
|
2012-11-30
|
|
FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
|
107 |
WEB
|
Soroush Dalili
|
|
2012-11-30
|
|
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
|
91 |
WEB
|
LiquidWorm
|
|
2012-11-14
|
|
Invision IP.Board 3.3.4 unserialize() PHP Code Execution
|
95 |
WEB
|
sinn3r
|
|
2012-11-08
|
|
Invision Power Board 3.3.4 Unserialize REGEX Bypass
|
63 |
WEB
|
webDEViL
|
|
2012-10-31
|
|
TP-LINK TL-WR841N Local File Inclusion Vulnerability
|
53 |
WEB
|
Matan Azugi
|
|
2012-10-30
|
|
OneForum Multiple Vulnerabilities
|
62 |
WEB
|
DaOne aka Mocking Bird
|
|
2012-10-30
|
|
Joomla Component com_jce remote Code Injecion / Execution Exploit (perl)
|
100 |
WEB
|
Caddy-Dz
|
|
2012-10-22
|
|
ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal
|
110 |
WEB
|
xistence
|
|
2012-10-19
|
|
ModSecurity 2.6.8 Bypass
|
84 |
WEB
|
Bernhard Mueller
|
|
2012-10-18
|
|
Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
|
97 |
WEB
|
SEC Consult
|
|
2012-10-16
|
|
AjaXplorer checkInstall.php Remote Command Execution
|
81 |
WEB
|
sinn3r
|
|
2012-10-11
|
|
ServersCheck Monitoring Software v9.0.12 / 9.0.14 - Stored XSS
|
66 |
WEB
|
loneferret
|
|
2012-09-29
|
|
Wordpress phpBAK Red Config Vulnerability
|
65 |
WEB
|
Angel Injection
|
|
2012-09-26
|
|
Auxilium RateMyPet Arbitrary File Upload
|
102 |
WEB
|
sinn3r
|
|
2012-09-24
|
|
ZEN Load Balancer Filelog Command Execution
|
92 |
WEB
|
Brendan Coles
|
|
2012-09-24
|
|
NTR ActiveX Control Check() Method Buffer Overflow
|
107 |
WEB
|
juan vazquez
|
|
2012-09-24
|
|
NTR ActiveX Control StopModule() Remote Code Execution
|
122 |
WEB
|
juan vazquez
|
|
2012-09-17
|
|
Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit
|
183 |
WEB
|
Mattijs van Ommeren
|
|
2012-09-05
|
|
JBoss DeploymentFileRepository WAR Deployment
|
99 |
WEB
|
h0ng10
|
|
2012-09-05
|
|
MobileCartly 1.0 Arbitrary File Creation
|
167 |
WEB
|
sinn3r
|
|
2012-09-04
|
|
Android Mobile 2.6.xx Bypass Security Vulnerability
|
104 |
WEB
|
Taurus Omar
|
|
2012-08-31
|
|
AP NetWeaver HostControl Command Injection
|
50 |
WEB
|
juan vazquez
|
|
2012-08-27
|
|
BusinessWiki 2.5RC3 Stored XSS & Arbitrary File Upload
|
55 |
WEB
|
Shai rod
|
|
2012-08-27
|
|
WebPA <= 1.1.0.1 Multiple Vulnerabilities
|
86 |
WEB
|
dun
|
|
2012-08-24
|
|
XODA 0.4.5 Arbitrary PHP File Upload
|
81 |
WEB
|
Shai rod
|
|
2012-08-24
|
|
Apache Struts2 Remote Code Execution
|
112 |
WEB
|
kxlzx
|
|
2012-08-24
|
|
op5 Monitoring v5.4.2 (VM Applicance) Multiple Vulnerabilities
|
82 |
WEB
|
loneferret
|
|
2012-08-23
|
|
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
|
73 |
WEB
|
iJoo
|
