|
2020-04-13
|
|
TVT NVMS 1000 - Directory Traversal
|
20 |
WEB
|
Mohin Paramasivam
|
|
2020-04-13
|
|
Huawei HG630 2 Router - Authentication Bypass
|
22 |
WEB
|
Eslam Medhat
|
|
2020-04-10
|
|
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
|
23 |
WEB
|
Basim Alabdullah
|
|
2020-04-10
|
|
WordPress Plugin Helpful 2.4.11 - SQL Injection
|
22 |
WEB
|
numan türle
|
|
2020-04-08
|
|
Django 3.0 - Cross-Site Request Forgery Token Bypass
|
29 |
WEB
|
Spad Security Group
|
|
2020-04-06
|
|
pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
|
28 |
WEB
|
Matthew Aberegg
|
|
2020-04-06
|
|
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
|
25 |
WEB
|
Matthew Aberegg
|
|
2020-04-06
|
|
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
|
16 |
WEB
|
r3m0t3nu11
|
|
2020-04-06
|
|
WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
|
25 |
WEB
|
Gal Weizman
|
|
2020-04-06
|
|
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
|
21 |
WEB
|
Mehmet Ince
|
|
2020-04-06
|
|
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
|
26 |
WEB
|
Matthew Aberegg
|
|
2020-04-03
|
|
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
|
22 |
WEB
|
Basim Alabdullah
|
|
2020-04-02
|
|
PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution
|
22 |
WEB
|
Unkn0wn
|
|
2020-03-31
|
|
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
|
25 |
WEB
|
Jacob Baines
|
|
2020-03-31
|
|
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
|
26 |
WEB
|
Jacob Baines
|
|
2020-03-30
|
|
Zen Load Balancer 3.10.1 - Remote Code Execution
|
23 |
WEB
|
Cody Sixteen
|
|
2020-03-30
|
|
Joomla! com_fabrik 3.9.11 - Directory Traversal
|
21 |
WEB
|
qw3rTyTy
|
|
2020-03-27
|
|
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
|
24 |
WEB
|
vikingfr
|
|
2020-03-27
|
|
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
|
26 |
WEB
|
hongphukt
|
|
2020-03-27
|
|
ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
|
26 |
WEB
|
Mustafa Emre Gül
|
|
2020-03-26
|
|
Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution
|
22 |
WEB
|
Engin Demirbilek
|
|
2020-03-25
|
|
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
|
24 |
WEB
|
SunCSR
|
|
2020-03-25
|
|
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
|
26 |
WEB
|
ThelastVvV
|
|
2020-03-24
|
|
UCM6202 1.0.18.13 - Remote Command Injection
|
21 |
WEB
|
Jacob Baines
|
|
2020-03-24
|
|
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
|
22 |
WEB
|
Jinson Varghese Behanan
|
|
2020-03-24
|
|
UliCMS 2020.1 - Persistent Cross-Site Scripting
|
24 |
WEB
|
SunCSR
|
|
2020-03-23
|
|
Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection
|
24 |
WEB
|
qw3rTyTy
|
|
2020-03-23
|
|
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
|
24 |
WEB
|
Matthew Aberegg
|
|
2020-03-23
|
|
FIBARO System Home Center 5.021 - Remote File Include
|
24 |
WEB
|
LiquidWorm
|
|
2020-03-23
|
|
Wordpress Plugin PicUploader 1.0 - Remote File Upload
|
33 |
WEB
|
Milad karimi
|
|
2020-03-20
|
|
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
|
24 |
WEB
|
Metin Yunus Kandemir
|
|
2020-03-18
|
|
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
|
29 |
WEB
|
qw3rTyTy
|
|
2020-03-18
|
|
Netlink GPON Router 1.0.11 - Remote Code Execution
|
24 |
WEB
|
shellord
|
|
2020-03-17
|
|
UADMIN Botnet 1.0 - 'link' SQL Injection
|
28 |
WEB
|
n4pst3r
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
|
20 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - Authenticated Directory Traversal
|
24 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
|
24 |
WEB
|
Antonio Cannito
|
|
2020-03-16
|
|
MiladWorkShop VIP System 1.0 - 'lang' SQL Injection
|
21 |
WEB
|
AYADI Mohamed
|
|
2020-03-16
|
|
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Miguel Mendez Z
|
|
2020-03-10
|
|
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
|
24 |
WEB
|
Andrea Cardaci
|
|
2020-03-13
|
|
WordPress Plugin Custom Searchable Data System - Unauthenticated Data M]odification
|
25 |
WEB
|
Nawaf Alkeraithe
|
|
2020-03-13
|
|
Centos WebPanel 7 - 'term' SQL Injection
|
24 |
WEB
|
Berke YILMAZ
|
|
2020-03-11
|
|
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
|
22 |
WEB
|
Andrea Cardaci
|
|
2020-03-11
|
|
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
|
22 |
WEB
|
Andrea Cardaci
|
|
2020-03-12
|
|
rConfig 3.9 - 'searchColumn' SQL Injection
|
23 |
WEB
|
vikingfr
|
|
2020-03-12
|
|
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
|
21 |
WEB
|
Engin Demirbilek
|
|
2020-03-12
|
|
HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
|
19 |
WEB
|
Ismail Akıcı
|
|
2020-03-12
|
|
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
|
27 |
WEB
|
Daniel Monzón
|
|
2020-03-12
|
|
WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure
|
21 |
WEB
|
RedTeam Pentesting GmbH
|
|
2020-03-12
|
|
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
|
23 |
WEB
|
Milad karimi
|
|
2020-03-11
|
|
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
|
19 |
WEB
|
1F98D
|
|
2020-03-11
|
|
Wing FTP Server - Authenticated CSRF (Delete Admin)
|
19 |
WEB
|
Dhiraj Mishra
|
|
2020-03-11
|
|
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
|
20 |
WEB
|
Touhid M.Shaikh
|
|
2020-03-11
|
|
Joomla! 3.9.0 < 3.9.7 - CSV Injection
|
18 |
WEB
|
i4bdullah
|
|
2020-03-11
|
|
WordPress Plugin Search Meter 2.13.2 - CSV injection
|
28 |
WEB
|
Daniel Monzón
|
|
2020-03-10
|
|
Persian VIP Download Script 1.0 - 'active' SQL Injection
|
23 |
WEB
|
Amir Hossein Vafifar
|
|
2020-03-10
|
|
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
|
21 |
WEB
|
En_dust
|
|
2020-03-10
|
|
Sysaid 20.1.11 b26 - Remote Command Execution
|
21 |
WEB
|
Ahmed Sherif
|
|
2020-03-09
|
|
Sentrifugo HRMS 3.2 - 'id' SQL Injection
|
25 |
WEB
|
minhnb
|
|
2020-03-09
|
|
60CycleCMS - 'news.php' SQL Injection
|
18 |
WEB
|
Unkn0wn
|
|
2019-12-12
|
|
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote
|
25 |
WEB
|
mr_me
|
|
2020-03-04
|
|
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
|
27 |
WEB
|
NgoAnhDuc
|
|
2020-03-03
|
|
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
|
23 |
WEB
|
Olga Villagran
|
|
2020-03-03
|
|
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
|
19 |
WEB
|
emaragkos
|
|
2020-03-03
|
|
Alfresco 5.2.4 - Persistent Cross-Site Scripting
|
25 |
WEB
|
Alexandre ZANNI
|
|
2020-03-03
|
|
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
|
24 |
WEB
|
Paulina Girón
|
|
2020-03-02
|
|
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
|
21 |
WEB
|
Lucas Amorim
|
|
2020-03-02
|
|
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
|
26 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
TP LINK TL-WR849N - Remote Code Execution
|
26 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
Wing FTP Server 6.2.5 - Privilege Escalation
|
24 |
WEB
|
Cary Hooper
|
|
2020-03-02
|
|
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
|
24 |
WEB
|
Elber Tavares
|
|
2020-03-02
|
|
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
|
25 |
WEB
|
Jinson Varghese Behanan
|
|
2020-03-02
|
|
Netis WF2419 2.2.36123 - Remote Code Execution
|
24 |
WEB
|
Elias Issa
|
|
2020-03-02
|
|
Joplin Desktop 1.0.184 - Cross-Site Scripting
|
20 |
WEB
|
Javier Olmedo
|
|
2020-02-28
|
|
qdPM < 9.1 - Remote Code Execution
|
25 |
WEB
|
Tobin Shields
|
|
2020-02-03
|
|
Cacti 1.2.8 - Unauthenticated Remote Code Execution
|
20 |
WEB
|
Askar
|
|
2020-02-03
|
|
Cacti 1.2.8 - Authenticated Remote Code Execution
|
18 |
WEB
|
Askar
|
|
2020-02-20
|
|
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
|
21 |
WEB
|
YDHCUI
|
|
2020-02-27
|
|
Comtrend VR-3033 - Command Injection
|
23 |
WEB
|
Raki Ben Hamouda
|
|
2020-02-27
|
|
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Meisam Monsef
|
|
2020-02-26
|
|
PhpIX 2012 Professional - 'id' SQL Injection
|
26 |
WEB
|
indoushka
|
|
2020-02-25
|
|
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
|
26 |
WEB
|
GeekHack
|
|
2020-02-25
|
|
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
|
28 |
WEB
|
GeekHack
|
|
2020-02-24
|
|
Cacti 1.2.8 - Remote Code Execution
|
23 |
WEB
|
Askar
|
|
2020-02-24
|
|
Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
|
29 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
DotNetNuke 9.5 - File Upload Restrictions Bypass
|
32 |
WEB
|
Sajjad Pourali
|
|
2020-02-24
|
|
DotNetNuke 9.5 - Persistent Cross-Site Scripting
|
28 |
WEB
|
Sajjad Pourali
|
|
2020-02-24
|
|
eLection 2.0 - 'id' SQL Injection
|
25 |
WEB
|
J3rryBl4nks
|
|
2020-02-24
|
|
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
|
30 |
WEB
|
Scott Goodwin
|
|
2020-02-24
|
|
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
|
25 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
ATutor 2.2.4 - 'id' SQL Injection
|
23 |
WEB
|
Andrey Stoykov
|
|
2020-02-24
|
|
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
|
26 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
AMSS++ 4.7 - Backdoor Admin Account
|
26 |
WEB
|
indoushka
|
|
2020-02-24
|
|
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
|
29 |
WEB
|
J3rryBl4nks
|
|
2020-02-24
|
|
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
|
28 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
AMSS++ v 4.31 - 'id' SQL Injection
|
28 |
WEB
|
indoushka
|
|
2020-02-24
|
|
Real Web Pentesting Tutorial Step by Step - [Persian]
|
23 |
WEB
|
Meisam Monsef
|
|
2020-02-24
|
|
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
|
27 |
WEB
|
Todor Donev
|
|
2020-02-24
|
|
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
|
24 |
WEB
|
emaragkos
|
|
2020-02-24
|
|
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
|
26 |
WEB
|
Scott Goodwin
|
|
2020-02-20
|
|
Easy2Pilot 7 - Cross-Site Request Forgery (Add User)
|
28 |
WEB
|
indoushka
|
|
2020-02-19
|
|
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
|
20 |
WEB
|
byteGoblin
|
|
2020-02-19
|
|
DBPower C300 HD Camera - Remote Configuration Disclosure
|
21 |
WEB
|
Todor Donev
|
|
2020-02-19
|
|
Virtual Freer 1.58 - Remote Command Execution
|
20 |
WEB
|
SajjadBnd
|
|
2020-02-18
|
|
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
|
21 |
WEB
|
Ultra Security Team
|
|
2020-02-17
|
|
LabVantage 8.3 - Information Disclosure
|
23 |
WEB
|
Joel Aviad Ossi
|
|
2020-02-17
|
|
SOPlanning 1.45 - 'users' SQL Injection
|
23 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting
|
25 |
WEB
|
Shahab.ra.9
|
|
2020-02-17
|
|
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
|
23 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
|
21 |
WEB
|
Ultra Security Team
|
|
2020-02-17
|
|
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
|
18 |
WEB
|
J3rryBl4nks
|
|
2020-02-17
|
|
Avaya Aura Communication Manager 5.2 - Remote Code Execution
|
25 |
WEB
|
Sarang Tumne
|
|
2020-02-17
|
|
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
|
18 |
WEB
|
Jinson Varghese Behanan
|
|
2020-02-17
|
|
SOPlanning 1.45 - 'by' SQL Injection
|
23 |
WEB
|
J3rryBl4nks
|
|
2020-02-14
|
|
phpMyChat Plus 1.98 - 'pmc_username' SQL Injection
|
27 |
WEB
|
J3rryBl4nks
|
|
2020-02-13
|
|
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
|
24 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
PANDORAFMS 7.0 - Authenticated Remote Code Execution
|
23 |
WEB
|
Engin Demirbilek
|
|
2020-02-13
|
|
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
|
34 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
|
26 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
|
25 |
WEB
|
Mehran Feizi
|
|
2020-02-13
|
|
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
|
24 |
WEB
|
Mehran Feizi
|
|
2020-02-11
|
|
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
|
22 |
WEB
|
Metasploit
|
|
2020-02-11
|
|
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
|
23 |
WEB
|
Sayak Naskar
|
|
2020-02-11
|
|
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
|
26 |
WEB
|
Luca.Chiou
|
|
2020-02-10
|
|
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
|
24 |
WEB
|
Jinson Varghese Behanan
|
