|
2019-09-19
|
|
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
|
11 |
WEB
|
Noman Riffat
|
|
2019-09-18
|
|
Hospital-Management 1.26 - 'fname' SQL Injection
|
13 |
WEB
|
cakes
|
|
2019-09-16
|
|
CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection
|
12 |
WEB
|
cakes
|
|
2019-09-16
|
|
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
|
12 |
WEB
|
Pankaj Kumar Thakur
|
|
2019-09-16
|
|
NetGain EM Plus 10.1.68 - Remote Command Execution
|
11 |
WEB
|
azams
|
|
2019-09-14
|
|
College-Management-System 1.2 - Authentication Bypass
|
10 |
WEB
|
cakes
|
|
2019-09-14
|
|
Ticket-Booking 1.4 - Authentication Bypass
|
14 |
WEB
|
cakes
|
|
2019-09-13
|
|
LimeSurvey 3.17.13 - Cross-Site Scripting
|
11 |
WEB
|
SEC Consult
|
|
2019-09-13
|
|
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
|
12 |
WEB
|
Manuel García Cárdenas
|
|
2019-09-13
|
|
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
|
12 |
WEB
|
Metin Yunus Kandemir
|
|
2019-09-11
|
|
eWON Flexy - Authentication Bypass
|
15 |
WEB
|
Photubias
|
|
2019-09-11
|
|
AVCON6 systems management platform - OGNL Remote Command Execution
|
17 |
WEB
|
Nassim Asrir
|
|
2019-09-10
|
|
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
|
12 |
WEB
|
MTK
|
|
2019-09-10
|
|
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
|
10 |
WEB
|
MTK
|
|
2019-09-10
|
|
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
|
9 |
WEB
|
MTK
|
|
2019-09-09
|
|
Dolibarr ERP-CRM 10.0.1 - SQL Injection
|
9 |
WEB
|
Metin Yunus Kandemir
|
|
2019-09-09
|
|
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
|
13 |
WEB
|
Mr Winst0n
|
|
2019-09-09
|
|
Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure
|
13 |
WEB
|
LiquidWorm
|
|
2019-09-09
|
|
Online Appointment - SQL Injection
|
16 |
WEB
|
mohammad zaheri
|
|
2019-09-09
|
|
Enigma NMS 65.0.0 - SQL Injection
|
11 |
WEB
|
xerubus
|
|
2019-09-09
|
|
Enigma NMS 65.0.0 - OS Command Injection
|
10 |
WEB
|
xerubus
|
|
2019-09-09
|
|
Enigma NMS 65.0.0 - Cross-Site Request Forgery
|
10 |
WEB
|
xerubus
|
|
2019-09-09
|
|
Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
|
10 |
WEB
|
Metin Yunus Kandemir
|
|
2019-09-09
|
|
WordPress Core 5.2.3 - Cross-Site Host Modification
|
12 |
WEB
|
Todor Donev
|
|
2019-09-06
|
|
Publisure Hybrid - Multiple Vulnerabilities
|
14 |
WEB
|
Jean-Marie Bourbon
|
|
2019-09-06
|
|
Inventory Webapp - 'itemquery' SQL injection
|
12 |
WEB
|
mohammad zaheri
|
|
2019-09-04
|
|
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
|
14 |
WEB
|
Adam Ziaja
|
|
2019-09-04
|
|
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
|
11 |
WEB
|
MgThuraMoeMyint
|
|
2019-09-03
|
|
FileThingie 2.5.7 - Arbitrary File Upload
|
14 |
WEB
|
cakes
|
|
2019-09-02
|
|
Craft CMS 2.7.9/3.2.5 - Information Disclosure
|
15 |
WEB
|
Mohammed Abdul Raheem
|
|
2019-09-02
|
|
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
|
16 |
WEB
|
Bhadresh Patel
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Local File inclusion
|
15 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
|
14 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
|
13 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection
|
15 |
WEB
|
MTK
|
|
2019-09-02
|
|
Opencart 3.x - Cross-Site Scripting
|
14 |
WEB
|
Nipun Somani
|
|
2019-09-02
|
|
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
|
13 |
WEB
|
James Bercegay
|
|
2019-08-30
|
|
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
|
13 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
YouPHPTube 7.4 - Remote Code Execution
|
15 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
DomainMod 4.13 - Cross-Site Scripting
|
14 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
Sentrifugo 3.2 - Persistent Cross-Site Scripting
|
16 |
WEB
|
creosote
|
|
2019-08-30
|
|
Sentrifugo 3.2 - File Upload Restriction Bypass
|
21 |
WEB
|
creosote
|
|
2019-08-29
|
|
PilusCart 1.4.1 - Local File Disclosure
|
15 |
WEB
|
Damian Ebelties
|
|
2019-08-29
|
|
Jobberbase 2.0 - 'subscribe' SQL Injection
|
13 |
WEB
|
Damian Ebelties
|
|
2018-10-31
|
|
WordPress Plugin GoURL.io < 1.4.14 - File Upload
|
20 |
WEB
|
Pouya Darabi
|
|
2019-08-28
|
|
Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
|
14 |
WEB
|
Suvadip Kar
|
|
2019-08-28
|
|
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
|
13 |
WEB
|
Rafael Pedrero
|
|
2019-08-27
|
|
Tableau - XML External Entity
|
13 |
WEB
|
Jarad Kopf
|
|
2019-08-26
|
|
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
|
13 |
WEB
|
Julian Rittweger
|
|
2019-08-26
|
|
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
|
12 |
WEB
|
Damian Ebelties
|
|
2019-08-26
|
|
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
|
13 |
WEB
|
Javier Olmedo
|
|
2019-08-26
|
|
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
|
13 |
WEB
|
MTK
|
|
2019-08-23
|
|
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
|
14 |
WEB
|
MaYaSeVeN
|
|
2019-08-21
|
|
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
|
12 |
WEB
|
Jak Gibb
|
|
2019-08-21
|
|
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
|
14 |
WEB
|
Alyssa Herrera
|
|
2019-08-20
|
|
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
|
18 |
WEB
|
Princy Edward
|
|
2019-08-19
|
|
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection
|
13 |
WEB
|
Fabian Mosch
|
|
2019-08-19
|
|
Webmin 1.920 - Remote Code Execution
|
13 |
WEB
|
Fernando A. Lagos B
|
|
2019-08-19
|
|
Neo Billing 3.5 - Persistent Cross-Site Scripting
|
15 |
WEB
|
n1x_
|
|
2019-08-19
|
|
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
|
13 |
WEB
|
Carlos E. Vieira
|
|
2019-08-19
|
|
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
|
14 |
WEB
|
Carlos E. Vieira
|
|
2019-08-19
|
|
Kimai 2 - Persistent Cross-Site Scripting
|
13 |
WEB
|
osamaalaa
|
|
2019-08-16
|
|
Web Wiz Forums 12.01 - 'PF' SQL Injection
|
15 |
WEB
|
n1x_
|
|
2019-08-16
|
|
Integria IMS 5.0.86 - Arbitrary File Upload
|
14 |
WEB
|
Greg.Priest
|
|
2019-08-16
|
|
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
|
21 |
WEB
|
qw3rTyTy
|
|
2019-08-16
|
|
EyesOfNetwork 5.1 - Authenticated Remote Command Execution
|
12 |
WEB
|
Nassim Asrir
|
|
2019-08-14
|
|
ManageEngine opManager 12.3.150 - Authenticated Code Execution
|
15 |
WEB
|
kindredsec
|
|
2019-08-14
|
|
TortoiseSVN 1.12.1 - Remote Code Execution
|
12 |
WEB
|
Vulnerability-Lab
|
|
2019-08-14
|
|
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
|
14 |
WEB
|
Princy Edward
|
|
2019-08-14
|
|
D-Link DIR-600M - Authentication Bypass (Metasploit)
|
8 |
WEB
|
Devendra Singh Solanki
|
|
2019-08-14
|
|
D-Link DIR-600M - Authentication Bypass (Metasploit)
|
10 |
WEB
|
Devendra Singh Solanki
|
|
2019-08-14
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
|
12 |
WEB
|
qw3rTyTy
|
|
2019-08-14
|
|
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
15 |
WEB
|
Ilca Lucian Florin
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
|
15 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
|
12 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
|
15 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting
|
14 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Formula Injection
|
11 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
|
12 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deleti
|
8 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
|
8 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
|
6 |
WEB
|
Greg.Priest
|
|
2019-08-12
|
|
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
|
6 |
WEB
|
Angelo Ruwantha
|
|
2019-08-12
|
|
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
|
7 |
WEB
|
Angelo Ruwantha
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
|
11 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Adive Framework 2.0.7 - Cross-Site Request Forgery
|
12 |
WEB
|
Pablo Santiago
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
|
10 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Aptana Jaxer 1.0.3.4547 - Local File inclusion
|
12 |
WEB
|
Steph Jensen
|
|
2019-08-08
|
|
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
|
12 |
WEB
|
Mr Winst0n
|
|
2019-08-08
|
|
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
|
12 |
WEB
|
Greg.Priest
|
|
2019-08-07
|
|
WordPress Plugin JoomSport 3.3 - SQL Injection
|
12 |
WEB
|
Pablo Santiago
|
|
2019-08-02
|
|
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Kusol Watchara-Apanukorn
|
|
2019-08-02
|
|
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
|
9 |
WEB
|
n1x_
|
|
2019-08-02
|
|
Sar2HTML 3.2.1 - Remote Command Execution
|
9 |
WEB
|
Cemal Cihad ÇİFTÇİ
|
|
2019-08-01
|
|
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
|
13 |
WEB
|
Alperen Soydan
|
|
2019-08-01
|
|
WebIncorp ERP - SQL injection
|
12 |
WEB
|
n1x_
|
|
2019-08-01
|
|
Ultimate Loan Manager 2.0 - Cross-Site Scripting
|
13 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-31
|
|
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
|
12 |
WEB
|
Lucas Dinucci
|
|
2019-07-30
|
|
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
|
14 |
WEB
|
Jacob Baines
|
|
2019-07-29
|
|
GigToDo 1.3 - Cross-Site Scripting
|
13 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
|
11 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
|
15 |
WEB
|
rubyman
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
|
11 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploi
|
8 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
|
11 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Moodle Filepicker 3.5.2 - Server Side Request Forgery
|
11 |
WEB
|
Fabian Mosch_ Nick Theisinger
|
|
2019-07-25
|
|
MyBB < 1.8.21 - Remote Code Execution
|
12 |
WEB
|
Giovanni Chhatta
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - SQL Injection
|
10 |
WEB
|
UserX
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - Cross-Site Scripting
|
13 |
WEB
|
n3k00n3
|
|
2019-07-24
|
|
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
|
13 |
WEB
|
yasin
|
|
2019-07-24
|
|
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
|
11 |
WEB
|
Mehmet Onder
|
|
2019-07-24
|
|
NoviSmart CMS - SQL injection
|
13 |
WEB
|
n1x_
|
|
2019-07-22
|
|
Axway SecureTransport 5 - Unauthenticated XML Injection
|
13 |
WEB
|
Dominik Penner
|
|
2019-07-19
|
|
REDCap < 9.1.2 - Cross-Site Scripting
|
10 |
WEB
|
Alexandre ZANNI
|
|
2019-07-19
|
|
Web Ofisi Firma 13 - 'oz' SQL Injection
|
7 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
|
6 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
|
5 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
|
7 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 2 - 'ara' SQL Injection
|
9 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
|
8 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
|
11 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
fuel CMS 1.4.1 - Remote Code Execution (1)
|
18 |
WEB
|
0xd0ff9
|
|
2019-07-18
|
|
WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
|
15 |
WEB
|
LiquidWorm
|
|
2019-07-17
|
|
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Sarath Nair
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.838 - User Enumeration
|
12 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
