|
2019-09-03
|
|
FileThingie 2.5.7 - Arbitrary File Upload
|
5 |
WEB
|
cakes
|
|
2019-09-02
|
|
Craft CMS 2.7.9/3.2.5 - Information Disclosure
|
6 |
WEB
|
Mohammed Abdul Raheem
|
|
2019-09-02
|
|
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
|
6 |
WEB
|
Bhadresh Patel
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Local File inclusion
|
4 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
|
4 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
|
3 |
WEB
|
Aetsu
|
|
2019-09-02
|
|
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection
|
6 |
WEB
|
MTK
|
|
2019-09-02
|
|
Opencart 3.x - Cross-Site Scripting
|
5 |
WEB
|
Nipun Somani
|
|
2019-09-02
|
|
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
|
5 |
WEB
|
James Bercegay
|
|
2019-08-30
|
|
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
|
5 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
YouPHPTube 7.4 - Remote Code Execution
|
5 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
DomainMod 4.13 - Cross-Site Scripting
|
6 |
WEB
|
Damian Ebelties
|
|
2019-08-30
|
|
Sentrifugo 3.2 - Persistent Cross-Site Scripting
|
6 |
WEB
|
creosote
|
|
2019-08-30
|
|
Sentrifugo 3.2 - File Upload Restriction Bypass
|
8 |
WEB
|
creosote
|
|
2019-08-29
|
|
PilusCart 1.4.1 - Local File Disclosure
|
6 |
WEB
|
Damian Ebelties
|
|
2019-08-29
|
|
Jobberbase 2.0 - 'subscribe' SQL Injection
|
5 |
WEB
|
Damian Ebelties
|
|
2018-10-31
|
|
WordPress Plugin GoURL.io < 1.4.14 - File Upload
|
7 |
WEB
|
Pouya Darabi
|
|
2019-08-28
|
|
Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
|
5 |
WEB
|
Suvadip Kar
|
|
2019-08-28
|
|
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
|
5 |
WEB
|
Rafael Pedrero
|
|
2019-08-27
|
|
Tableau - XML External Entity
|
5 |
WEB
|
Jarad Kopf
|
|
2019-08-26
|
|
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
|
6 |
WEB
|
Julian Rittweger
|
|
2019-08-26
|
|
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
|
6 |
WEB
|
Damian Ebelties
|
|
2019-08-26
|
|
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
|
5 |
WEB
|
Javier Olmedo
|
|
2019-08-26
|
|
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
|
5 |
WEB
|
MTK
|
|
2019-08-23
|
|
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
|
6 |
WEB
|
MaYaSeVeN
|
|
2019-08-21
|
|
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
|
6 |
WEB
|
Jak Gibb
|
|
2019-08-21
|
|
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
|
5 |
WEB
|
Alyssa Herrera
|
|
2019-08-20
|
|
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
|
6 |
WEB
|
Princy Edward
|
|
2019-08-19
|
|
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection
|
6 |
WEB
|
Fabian Mosch
|
|
2019-08-19
|
|
Webmin 1.920 - Remote Code Execution
|
5 |
WEB
|
Fernando A. Lagos B
|
|
2019-08-19
|
|
Neo Billing 3.5 - Persistent Cross-Site Scripting
|
5 |
WEB
|
n1x_
|
|
2019-08-19
|
|
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
|
7 |
WEB
|
Carlos E. Vieira
|
|
2019-08-19
|
|
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
|
5 |
WEB
|
Carlos E. Vieira
|
|
2019-08-19
|
|
Kimai 2 - Persistent Cross-Site Scripting
|
6 |
WEB
|
osamaalaa
|
|
2019-08-16
|
|
Web Wiz Forums 12.01 - 'PF' SQL Injection
|
6 |
WEB
|
n1x_
|
|
2019-08-16
|
|
Integria IMS 5.0.86 - Arbitrary File Upload
|
5 |
WEB
|
Greg.Priest
|
|
2019-08-16
|
|
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
|
10 |
WEB
|
qw3rTyTy
|
|
2019-08-16
|
|
EyesOfNetwork 5.1 - Authenticated Remote Command Execution
|
5 |
WEB
|
Nassim Asrir
|
|
2019-08-14
|
|
ManageEngine opManager 12.3.150 - Authenticated Code Execution
|
7 |
WEB
|
kindredsec
|
|
2019-08-14
|
|
TortoiseSVN 1.12.1 - Remote Code Execution
|
4 |
WEB
|
Vulnerability-Lab
|
|
2019-08-14
|
|
WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery
|
8 |
WEB
|
Princy Edward
|
|
2019-08-14
|
|
D-Link DIR-600M - Authentication Bypass (Metasploit)
|
5 |
WEB
|
Devendra Singh Solanki
|
|
2019-08-14
|
|
D-Link DIR-600M - Authentication Bypass (Metasploit)
|
5 |
WEB
|
Devendra Singh Solanki
|
|
2019-08-14
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
|
5 |
WEB
|
qw3rTyTy
|
|
2019-08-14
|
|
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
5 |
WEB
|
Ilca Lucian Florin
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
|
6 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
|
5 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
|
5 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting
|
5 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Formula Injection
|
5 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
|
5 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deleti
|
5 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
|
6 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
|
4 |
WEB
|
Greg.Priest
|
|
2019-08-12
|
|
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
|
4 |
WEB
|
Angelo Ruwantha
|
|
2019-08-12
|
|
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
|
4 |
WEB
|
Angelo Ruwantha
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
|
4 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Adive Framework 2.0.7 - Cross-Site Request Forgery
|
4 |
WEB
|
Pablo Santiago
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
|
4 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Aptana Jaxer 1.0.3.4547 - Local File inclusion
|
5 |
WEB
|
Steph Jensen
|
|
2019-08-08
|
|
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
|
4 |
WEB
|
Mr Winst0n
|
|
2019-08-08
|
|
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
|
4 |
WEB
|
Greg.Priest
|
|
2019-08-07
|
|
WordPress Plugin JoomSport 3.3 - SQL Injection
|
5 |
WEB
|
Pablo Santiago
|
|
2019-08-02
|
|
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Kusol Watchara-Apanukorn
|
|
2019-08-02
|
|
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
|
4 |
WEB
|
n1x_
|
|
2019-08-02
|
|
Sar2HTML 3.2.1 - Remote Command Execution
|
4 |
WEB
|
Cemal Cihad ÇİFTÇİ
|
|
2019-08-01
|
|
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
|
3 |
WEB
|
Alperen Soydan
|
|
2019-08-01
|
|
WebIncorp ERP - SQL injection
|
4 |
WEB
|
n1x_
|
|
2019-08-01
|
|
Ultimate Loan Manager 2.0 - Cross-Site Scripting
|
4 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-31
|
|
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
|
4 |
WEB
|
Lucas Dinucci
|
|
2019-07-30
|
|
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
|
5 |
WEB
|
Jacob Baines
|
|
2019-07-29
|
|
GigToDo 1.3 - Cross-Site Scripting
|
5 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
|
4 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
|
5 |
WEB
|
rubyman
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
|
5 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploi
|
4 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
|
5 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Moodle Filepicker 3.5.2 - Server Side Request Forgery
|
5 |
WEB
|
Fabian Mosch_ Nick Theisinger
|
|
2019-07-25
|
|
MyBB < 1.8.21 - Remote Code Execution
|
4 |
WEB
|
Giovanni Chhatta
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - SQL Injection
|
5 |
WEB
|
UserX
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - Cross-Site Scripting
|
4 |
WEB
|
n3k00n3
|
|
2019-07-24
|
|
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
|
6 |
WEB
|
yasin
|
|
2019-07-24
|
|
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
|
2 |
WEB
|
Mehmet Onder
|
|
2019-07-24
|
|
NoviSmart CMS - SQL injection
|
3 |
WEB
|
n1x_
|
|
2019-07-22
|
|
Axway SecureTransport 5 - Unauthenticated XML Injection
|
3 |
WEB
|
Dominik Penner
|
|
2019-07-19
|
|
REDCap < 9.1.2 - Cross-Site Scripting
|
5 |
WEB
|
Alexandre ZANNI
|
|
2019-07-19
|
|
Web Ofisi Firma 13 - 'oz' SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
|
3 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 2 - 'ara' SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
|
3 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
fuel CMS 1.4.1 - Remote Code Execution (1)
|
5 |
WEB
|
0xd0ff9
|
|
2019-07-18
|
|
WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
|
5 |
WEB
|
LiquidWorm
|
|
2019-07-17
|
|
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Sarath Nair
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.838 - User Enumeration
|
4 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
|
4 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
|
4 |
WEB
|
Pongtorn Angsuchotmetee
|
|
2019-07-15
|
|
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
|
3 |
WEB
|
Mohammed Althibyani
|
|
2019-07-15
|
|
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
|
4 |
WEB
|
Ramikan
|
|
2019-07-15
|
|
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
|
4 |
WEB
|
Wadeek
|
|
2019-07-12
|
|
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
|
5 |
WEB
|
Chris Lyne
|
|
2019-07-12
|
|
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Ishaq Mohammed
|
|
2019-07-12
|
|
Sahi Pro 8.0.0 - Remote Command Execution
|
4 |
WEB
|
AkkuS
|
|
2019-07-12
|
|
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
|
3 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-12
|
|
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
|
3 |
WEB
|
ABDO10
|
|
2019-07-11
|
|
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Owais Mehtab
|
|
2019-07-08
|
|
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
|
4 |
WEB
|
Benjamin Lim
|
|
2019-07-08
|
|
Karenderia Multiple Restaurant System 5.3 - SQL Injection
|
4 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-05
|
|
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
|
4 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-03
|
|
Symantec DLP 15.5 MP1 - Cross-Site Scripting
|
4 |
WEB
|
Chapman Schleiss
|
|
2019-07-02
|
|
Centreon 19.04 - Remote Code Execution
|
3 |
WEB
|
Askar
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
|
4 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
|
5 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Command Injection
|
4 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
CyberPanel 1.8.4 - Cross-Site Request Forgery
|
5 |
WEB
|
Bilgi Birikim Sistemleri
|
|
2019-07-01
|
|
Sahi pro 8.x - Directory Traversal
|
4 |
WEB
|
Operat0r
|
|
2019-07-01
|
|
SAP Crystal Reports - Information Disclosure
|
4 |
WEB
|
Mohamed M.Fouad
|
|
2019-07-01
|
|
ZoneMinder 1.32.3 - Cross-Site Scripting
|
4 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
PowerPanel Business Edition - Cross-Site Scripting
|
4 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
Varient 1.6.1 - SQL Injection
|
3 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
CiuisCRM 1.6 - 'eventType' SQL Injection
|
5 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
WorkSuite PRM 2.4 - 'password' SQL Injection
|
4 |
WEB
|
Mehmet EMIROGLU
|
|
2019-06-28
|
|
LibreNMS 1.46 - 'addhost' Remote Code Execution
|
3 |
WEB
|
Askar
|
