|
2020-03-25
|
|
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
|
15 |
WEB
|
ThelastVvV
|
|
2020-03-24
|
|
UCM6202 1.0.18.13 - Remote Command Injection
|
12 |
WEB
|
Jacob Baines
|
|
2020-03-24
|
|
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Jinson Varghese Behanan
|
|
2020-03-24
|
|
UliCMS 2020.1 - Persistent Cross-Site Scripting
|
15 |
WEB
|
SunCSR
|
|
2020-03-23
|
|
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection
|
17 |
WEB
|
qw3rTyTy
|
|
2020-03-23
|
|
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
|
13 |
WEB
|
Matthew Aberegg
|
|
2020-03-23
|
|
FIBARO System Home Center 5.021 - Remote File Include
|
15 |
WEB
|
LiquidWorm
|
|
2020-03-23
|
|
Wordpress Plugin PicUploader 1.0 - Remote File Upload
|
21 |
WEB
|
Milad karimi
|
|
2020-03-20
|
|
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
|
16 |
WEB
|
Metin Yunus Kandemir
|
|
2020-03-18
|
|
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
|
20 |
WEB
|
qw3rTyTy
|
|
2020-03-18
|
|
Netlink GPON Router 1.0.11 - Remote Code Execution
|
17 |
WEB
|
shellord
|
|
2020-03-17
|
|
UADMIN Botnet 1.0 - 'link' SQL Injection
|
16 |
WEB
|
n4pst3r
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
|
13 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - Authenticated Directory Traversal
|
13 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
|
13 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
|
13 |
WEB
|
AYADI Mohamed
|
|
2020-03-16
|
|
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
|
18 |
WEB
|
Miguel Mendez Z
|
|
2020-03-10
|
|
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
|
16 |
WEB
|
Andrea Cardaci
|
|
2020-03-13
|
|
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification
|
17 |
WEB
|
Nawaf Alkeraithe
|
|
2020-03-13
|
|
Centos WebPanel 7 - 'term' SQL Injection
|
13 |
WEB
|
Berke YILMAZ
|
|
2020-03-11
|
|
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
|
11 |
WEB
|
Andrea Cardaci
|
|
2020-03-11
|
|
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
|
12 |
WEB
|
Andrea Cardaci
|
|
2020-03-12
|
|
rConfig 3.9 - 'searchColumn' SQL Injection
|
13 |
WEB
|
vikingfr
|
|
2020-03-12
|
|
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
|
13 |
WEB
|
Engin Demirbilek
|
|
2020-03-12
|
|
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
|
12 |
WEB
|
Ismail Akıcı
|
|
2020-03-12
|
|
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
|
14 |
WEB
|
Daniel Monzón
|
|
2020-03-12
|
|
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
|
14 |
WEB
|
RedTeam Pentesting GmbH
|
|
2020-03-12
|
|
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
|
12 |
WEB
|
Milad karimi
|
|
2020-03-11
|
|
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
|
13 |
WEB
|
1F98D
|
|
2020-03-11
|
|
Wing FTP Server - Authenticated CSRF (Delete Admin)
|
11 |
WEB
|
Dhiraj Mishra
|
|
2020-03-11
|
|
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
|
12 |
WEB
|
Touhid M.Shaikh
|
|
2020-03-11
|
|
Joomla! 3.9.0 < 3.9.7 - CSV Injection
|
12 |
WEB
|
i4bdullah
|
|
2020-03-11
|
|
WordPress Plugin Search Meter 2.13.2 - CSV injection
|
20 |
WEB
|
Daniel Monzón
|
|
2020-03-10
|
|
Persian VIP Download Script 1.0 - 'active' SQL Injection
|
15 |
WEB
|
Amir Hossein Vafifar
|
|
2020-03-10
|
|
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
|
13 |
WEB
|
En_dust
|
|
2020-03-10
|
|
Sysaid 20.1.11 b26 - Remote Command Execution
|
12 |
WEB
|
Ahmed Sherif
|
|
2020-03-09
|
|
Sentrifugo HRMS 3.2 - 'id' SQL Injection
|
14 |
WEB
|
minhnb
|
|
2020-03-09
|
|
60CycleCMS - 'news.php' SQL Injection
|
11 |
WEB
|
Unkn0wn
|
|
2019-12-12
|
|
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote
|
14 |
WEB
|
mr_me
|
|
2020-03-04
|
|
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
|
17 |
WEB
|
NgoAnhDuc
|
|
2020-03-03
|
|
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
|
16 |
WEB
|
Olga Villagran
|
|
2020-03-03
|
|
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
|
12 |
WEB
|
emaragkos
|
|
2020-03-03
|
|
Alfresco 5.2.4 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Alexandre ZANNI
|
|
2020-03-03
|
|
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
|
13 |
WEB
|
Paulina Girón
|
|
2020-03-02
|
|
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
|
14 |
WEB
|
Lucas Amorim
|
|
2020-03-02
|
|
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
|
18 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
TP LINK TL-WR849N - Remote Code Execution
|
16 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
Wing FTP Server 6.2.5 - Privilege Escalation
|
15 |
WEB
|
Cary Hooper
|
|
2020-03-02
|
|
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
|
14 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
|
13 |
WEB
|
Jinson Varghese Behanan
|
|
2020-03-02
|
|
Netis WF2419 2.2.36123 - Remote Code Execution
|
14 |
WEB
|
Elias Issa
|
|
2020-03-02
|
|
Joplin Desktop 1.0.184 - Cross-Site Scripting
|
13 |
WEB
|
Javier Olmedo
|
|
2020-02-28
|
|
qdPM < 9.1 - Remote Code Execution
|
19 |
WEB
|
Tobin Shields
|
|
2020-02-03
|
|
Cacti 1.2.8 - Unauthenticated Remote Code Execution
|
15 |
WEB
|
Askar
|
|
2020-02-03
|
|
Cacti 1.2.8 - Authenticated Remote Code Execution
|
12 |
WEB
|
Askar
|
|
2020-02-20
|
|
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
|
13 |
WEB
|
YDHCUI
|
|
2020-02-27
|
|
Comtrend VR-3033 - Command Injection
|
14 |
WEB
|
Raki Ben Hamouda
|
|
2020-02-27
|
|
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
|
16 |
WEB
|
Meisam Monsef
|
|
2020-02-26
|
|
PhpIX 2012 Professional - 'id' SQL Injection
|
17 |
WEB
|
indoushka
|
|
2020-02-25
|
|
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
|
16 |
WEB
|
GeekHack
|
|
2020-02-25
|
|
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
|
19 |
WEB
|
GeekHack
|
|
2020-02-24
|
|
Cacti 1.2.8 - Remote Code Execution
|
16 |
WEB
|
Askar
|
|
2020-02-24
|
|
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
|
16 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
DotNetNuke 9.5 - File Upload Restrictions Bypass
|
23 |
WEB
|
Sajjad Pourali
|
|
2020-02-24
|
|
DotNetNuke 9.5 - Persistent Cross-Site Scripting
|
14 |
WEB
|
Sajjad Pourali
|
|
2020-02-24
|
|
eLection 2.0 - 'id' SQL Injection
|
14 |
WEB
|
J3rryBl4nks
|
|
2020-02-24
|
|
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
|
17 |
WEB
|
Scott Goodwin
|
|
2020-02-24
|
|
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
|
18 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
ATutor 2.2.4 - 'id' SQL Injection
|
13 |
WEB
|
Andrey Stoykov
|
|
2020-02-24
|
|
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
|
18 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
AMSS++ 4.7 - Backdoor Admin Account
|
16 |
WEB
|
indoushka
|
|
2020-02-24
|
|
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
|
18 |
WEB
|
J3rryBl4nks
|
|
2020-02-24
|
|
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
|
17 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
AMSS++ v 4.31 - 'id' SQL Injection
|
17 |
WEB
|
indoushka
|
|
2020-02-24
|
|
Real Web Pentesting Tutorial Step by Step - [Persian]
|
16 |
WEB
|
Meisam Monsef
|
|
2020-02-24
|
|
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
|
19 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
|
15 |
WEB
|
emaragkos
|
|
2020-02-24
|
|
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
|
18 |
WEB
|
Scott Goodwin
|
|
2020-02-20
|
|
Easy2Pilot 7 - Cross-Site Request Forgery (Add User)
|
19 |
WEB
|
indoushka
|
|
2020-02-19
|
|
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
|
16 |
WEB
|
byteGoblin
|
|
2020-02-19
|
|
DBPower C300 HD Camera - Remote Configuration Disclosure
|
16 |
WEB
|
Todor Donev
|
|
2020-02-19
|
|
Virtual Freer 1.58 - Remote Command Execution
|
12 |
WEB
|
SajjadBnd
|
|
2020-02-18
|
|
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Ultra Security Team
|
|
2020-02-17
|
|
LabVantage 8.3 - Information Disclosure
|
13 |
WEB
|
Joel Aviad Ossi
|
|
2020-02-17
|
|
SOPlanning 1.45 - 'users' SQL Injection
|
11 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting
|
15 |
WEB
|
Shahab.ra.9
|
|
2020-02-17
|
|
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
|
15 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
|
12 |
WEB
|
Ultra Security Team
|
|
2020-02-17
|
|
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
|
12 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
Avaya Aura Communication Manager 5.2 - Remote Code Execution
|
14 |
WEB
|
Sarang Tumne
|
|
2020-02-17
|
|
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
|
14 |
WEB
|
Jinson Varghese Behanan
|
|
2020-02-17
|
|
SOPlanning 1.45 - 'by' SQL Injection
|
13 |
WEB
|
J3rryBl4nks
|
|
2020-02-14
|
|
phpMyChat Plus 1.98 - 'pmc_username' SQL Injection
|
19 |
WEB
|
J3rryBl4nks
|
|
2020-02-13
|
|
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
|
17 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
PANDORAFMS 7.0 - Authenticated Remote Code Execution
|
15 |
WEB
|
Engin Demirbilek
|
|
2020-02-13
|
|
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
|
24 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
|
13 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
|
16 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
|
13 |
WEB
|
Mehran Feizi
|
|
2020-02-11
|
|
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
|
16 |
WEB
|
Metasploit
|
|
2020-02-11
|
|
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Sayak Naskar
|
|
2020-02-11
|
|
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
|
18 |
WEB
|
Luca.Chiou
|
|
2020-02-10
|
|
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
|
17 |
WEB
|
Jinson Varghese Behanan
|
|
2020-02-10
|
|
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
|
14 |
WEB
|
Prasenjit Kanti Paul
|
|
2020-02-07
|
|
Google Invisible RECAPTCHA 3 - Spoof Bypass
|
16 |
WEB
|
Matamorphosis
|
|
2020-02-07
|
|
ExpertGPS 6.38 - XML External Entity Injection
|
15 |
WEB
|
Trent Gordon
|
|
2020-02-07
|
|
EyesOfNetwork 5.3 - Remote Code Execution
|
13 |
WEB
|
Clément Billac
|
|
2020-02-07
|
|
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
|
15 |
WEB
|
Amel BOUZIANE-LEBLOND
|
|
2020-02-07
|
|
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
|
14 |
WEB
|
Mehran Feizi
|
|
2020-02-07
|
|
QuickDate 1.3.2 - SQL Injection
|
17 |
WEB
|
Ihsan Sencan
|
|
2020-02-06
|
|
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
|
15 |
WEB
|
mr_me
|
|
2020-02-06
|
|
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
|
13 |
WEB
|
mr_me
|
|
2020-02-06
|
|
Cisco Data Center Network Manager 11.2 - Remote Code Execution
|
11 |
WEB
|
mr_me
|
|
2020-02-06
|
|
Ecommerce Systempay 1.0 - Production KEY Brute Force
|
12 |
WEB
|
live3
|
|
2020-02-06
|
|
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
|
18 |
WEB
|
Ihsan Sencan
|
|
2020-02-06
|
|
Online Job Portal 1.0 - Remote Code Execution
|
16 |
WEB
|
Ihsan Sencan
|
|
2020-02-06
|
|
Online Job Portal 1.0 - 'user_email' SQL Injection
|
17 |
WEB
|
Ihsan Sencan
|
|
2020-02-05
|
|
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
|
14 |
WEB
|
Ihsan Sencan
|
|
2020-02-05
|
|
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
|
13 |
WEB
|
nxkennedy
|
|
2020-02-05
|
|
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
|
18 |
WEB
|
nxkennedy
|
|
2020-02-05
|
|
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
|
13 |
WEB
|
0x483d
|
|
2020-02-05
|
|
AVideo Platform 8.1 - Information Disclosure (User Enumeration)
|
13 |
WEB
|
Ihsan Sencan
|
|
2020-02-04
|
|
F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
|
16 |
WEB
|
Kevin Joensen
|
|
2020-02-04
|
|
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
|
15 |
WEB
|
mekhalleh
|
|
2020-02-03
|
|
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
|
14 |
WEB
|
J3rryBl4nks
|
