|
2019-08-02
|
|
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
|
21 |
WEB
|
n1x_
|
|
2019-08-02
|
|
Sar2HTML 3.2.1 - Remote Command Execution
|
25 |
WEB
|
Cemal Cihad ÇİFTÇİ
|
|
2019-08-01
|
|
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
|
29 |
WEB
|
Alperen Soydan
|
|
2019-08-01
|
|
WebIncorp ERP - SQL injection
|
23 |
WEB
|
n1x_
|
|
2019-08-01
|
|
Ultimate Loan Manager 2.0 - Cross-Site Scripting
|
28 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-31
|
|
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
|
24 |
WEB
|
Lucas Dinucci
|
|
2019-07-30
|
|
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
|
27 |
WEB
|
Jacob Baines
|
|
2019-07-29
|
|
GigToDo 1.3 - Cross-Site Scripting
|
26 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
|
26 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
|
26 |
WEB
|
rubyman
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
|
26 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploi
|
25 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
|
25 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Moodle Filepicker 3.5.2 - Server Side Request Forgery
|
23 |
WEB
|
Fabian Mosch_ Nick Theisinger
|
|
2019-07-25
|
|
MyBB < 1.8.21 - Remote Code Execution
|
25 |
WEB
|
Giovanni Chhatta
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - SQL Injection
|
24 |
WEB
|
UserX
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - Cross-Site Scripting
|
27 |
WEB
|
n3k00n3
|
|
2019-07-24
|
|
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
|
23 |
WEB
|
yasin
|
|
2019-07-24
|
|
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
|
27 |
WEB
|
Mehmet Onder
|
|
2019-07-24
|
|
NoviSmart CMS - SQL injection
|
28 |
WEB
|
n1x_
|
|
2019-07-22
|
|
Axway SecureTransport 5 - Unauthenticated XML Injection
|
33 |
WEB
|
Dominik Penner
|
|
2019-07-19
|
|
REDCap < 9.1.2 - Cross-Site Scripting
|
25 |
WEB
|
Alexandre ZANNI
|
|
2019-07-19
|
|
Web Ofisi Firma 13 - 'oz' SQL Injection
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
|
18 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
|
16 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 2 - 'ara' SQL Injection
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
|
24 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
|
24 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
fuel CMS 1.4.1 - Remote Code Execution (1)
|
35 |
WEB
|
0xd0ff9
|
|
2019-07-18
|
|
WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
|
28 |
WEB
|
LiquidWorm
|
|
2019-07-17
|
|
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
|
32 |
WEB
|
Sarath Nair
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.838 - User Enumeration
|
28 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
|
23 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
|
19 |
WEB
|
Pongtorn Angsuchotmetee
|
|
2019-07-15
|
|
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
|
20 |
WEB
|
Mohammed Althibyani
|
|
2019-07-15
|
|
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
|
22 |
WEB
|
Ramikan
|
|
2019-07-15
|
|
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
|
28 |
WEB
|
Wadeek
|
|
2019-07-12
|
|
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
|
25 |
WEB
|
Chris Lyne
|
|
2019-07-12
|
|
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
|
26 |
WEB
|
Ishaq Mohammed
|
|
2019-07-12
|
|
Sahi Pro 8.0.0 - Remote Command Execution
|
28 |
WEB
|
AkkuS
|
|
2019-07-12
|
|
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
|
29 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-12
|
|
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
|
25 |
WEB
|
ABDO10
|
|
2019-07-11
|
|
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
|
24 |
WEB
|
Owais Mehtab
|
|
2019-07-08
|
|
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
|
30 |
WEB
|
Benjamin Lim
|
|
2019-07-08
|
|
Karenderia Multiple Restaurant System 5.3 - SQL Injection
|
27 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-05
|
|
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
|
27 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-03
|
|
Symantec DLP 15.5 MP1 - Cross-Site Scripting
|
23 |
WEB
|
Chapman Schleiss
|
|
2019-07-02
|
|
Centreon 19.04 - Remote Code Execution
|
23 |
WEB
|
Askar
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
|
27 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
|
24 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Command Injection
|
26 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
CyberPanel 1.8.4 - Cross-Site Request Forgery
|
24 |
WEB
|
Bilgi Birikim Sistemleri
|
|
2019-07-01
|
|
Sahi pro 8.x - Directory Traversal
|
22 |
WEB
|
Operat0r
|
|
2019-07-01
|
|
SAP Crystal Reports - Information Disclosure
|
22 |
WEB
|
Mohamed M.Fouad
|
|
2019-07-01
|
|
ZoneMinder 1.32.3 - Cross-Site Scripting
|
24 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
PowerPanel Business Edition - Cross-Site Scripting
|
26 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
Varient 1.6.1 - SQL Injection
|
23 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
CiuisCRM 1.6 - 'eventType' SQL Injection
|
28 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
WorkSuite PRM 2.4 - 'password' SQL Injection
|
26 |
WEB
|
Mehmet EMIROGLU
|
|
2019-06-28
|
|
LibreNMS 1.46 - 'addhost' Remote Code Execution
|
32 |
WEB
|
Askar
|
|
2019-06-25
|
|
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
|
22 |
WEB
|
m0ze
|
|
2019-06-25
|
|
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
|
27 |
WEB
|
m0ze
|
|
2019-06-25
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
|
24 |
WEB
|
Aaron Bishop
|
|
2019-06-25
|
|
AZADMIN CMS 1.0 - SQL Injection
|
30 |
WEB
|
felipe andrian
|
|
2019-06-25
|
|
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
|
26 |
WEB
|
XORcat
|
|
2019-06-24
|
|
GrandNode 4.40 - Path Traversal / Arbitrary File Download
|
28 |
WEB
|
Corey Robinson
|
|
2019-06-24
|
|
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
|
30 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
|
22 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
SeedDMS versions < 5.1.11 - Remote Command Execution
|
25 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
dotProject 2.1.9 - SQL Injection
|
21 |
WEB
|
Metin Yunus Kandemir
|
|
2019-06-20
|
|
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
|
27 |
WEB
|
Aaron Bishop
|
|
2019-06-20
|
|
WebERP 4.15 - SQL injection
|
22 |
WEB
|
Semen Alexandrovich Lyhin
|
|
2019-06-19
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
|
24 |
WEB
|
Aaron Bishop
|
|
2019-06-19
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
|
27 |
WEB
|
Aaron Bishop
|
|
2019-06-18
|
|
Sahi pro 8.x - Cross-Site Scripting
|
30 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-18
|
|
Sahi pro 8.x - SQL Injection
|
30 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-18
|
|
Sahi pro 7.x/8.x - Directory Traversal
|
28 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-17
|
|
Spring Security OAuth - Open Redirector
|
30 |
WEB
|
Riemann
|
|
2019-06-17
|
|
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
|
24 |
WEB
|
Alex Akinbi
|
|
2019-06-17
|
|
RedwoodHQ 2.5.5 - Authentication Bypass
|
25 |
WEB
|
EthicalHCOP
|
|
2019-06-13
|
|
Sitecore 8.x - Deserialization Remote Code Execution
|
26 |
WEB
|
Jarad Kopf
|
|
2019-06-12
|
|
FusionPBX 4.4.3 - Remote Command Execution
|
28 |
WEB
|
Dustin Cobb
|
|
2019-06-11
|
|
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
|
21 |
WEB
|
Valerio Brussani
|
|
2019-06-11
|
|
phpMyAdmin 4.8 - Cross-Site Request Forgery
|
25 |
WEB
|
Riemann
|
|
2019-06-11
|
|
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
|
27 |
WEB
|
xulchibalraa
|
|
2019-06-10
|
|
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
|
25 |
WEB
|
Unk9vvN
|
|
2019-06-06
|
|
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
|
28 |
WEB
|
Dhiraj Mishra
|
|
2019-06-05
|
|
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
|
27 |
WEB
|
k8gege
|
|
2019-06-05
|
|
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
|
19 |
WEB
|
k8gege
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
|
22 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
|
25 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
|
22 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
|
22 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
IceWarp 10.4.4 - Local File Inclusion
|
29 |
WEB
|
JameelNabbo
|
|
2019-06-03
|
|
WordPress Plugin Form Maker 1.13.3 - SQL Injection
|
23 |
WEB
|
Daniele Scanu
|
|
2019-06-03
|
|
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
|
22 |
WEB
|
Luca.Chiou
|
|
2019-06-03
|
|
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
|
29 |
WEB
|
SlidingWindow
|
|
2019-05-29
|
|
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
|
26 |
WEB
|
Chi Tran
|
|
2019-05-28
|
|
Phraseanet < 4.0.7 - Cross-Site Scripting
|
25 |
WEB
|
Krzysztof Szulski
|
|
2019-05-27
|
|
Deltek Maconomy 2.2.5 - Local File Inclusion
|
28 |
WEB
|
JameelNabbo
|
|
2019-05-23
|
|
Nagios XI 5.6.1 - SQL injection
|
25 |
WEB
|
JameelNabbo
|
|
2019-05-22
|
|
Horde Webmail 5.2.22 - Multiple Vulnerabilities
|
30 |
WEB
|
InfinitumIT
|
|
2019-05-22
|
|
Carel pCOWeb < B1.2.1 - Credentials Disclosure
|
17 |
WEB
|
Luca.Chiou
|
|
2019-05-22
|
|
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
|
19 |
WEB
|
Luca.Chiou
|
|
2019-05-22
|
|
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
|
16 |
WEB
|
Luca.Chiou
|
|
2019-05-22
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
|
15 |
WEB
|
Vingroup
|
|
2019-05-22
|
|
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
|
18 |
WEB
|
Vingroup
|
|
2019-05-21
|
|
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
|
21 |
WEB
|
Jakub Palaczynski
|
|
2019-05-21
|
|
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
|
22 |
WEB
|
Simone Quatrini
|
|
2019-05-21
|
|
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
|
19 |
WEB
|
omurugur
|
|
2019-05-21
|
|
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
|
23 |
WEB
|
purnendu ghosh
|
|
2019-05-21
|
|
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
|
26 |
WEB
|
Dionach Ltd
|
|
2019-05-21
|
|
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
|
25 |
WEB
|
Dionach Ltd
|
|
2019-05-20
|
|
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution
|
27 |
WEB
|
liquidsky
|
|
2019-05-17
|
|
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
|
24 |
WEB
|
numan türle
|
|
2019-05-16
|
|
DeepSound 1.0.4 - SQL Injection
|
29 |
WEB
|
Mehmet EMIROGLU
|
|
2019-05-15
|
|
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
|
21 |
WEB
|
LiquidWorm
|
|
2019-05-15
|
|
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
|
25 |
WEB
|
LiquidWorm
|
|
2019-05-15
|
|
CommSy 8.6.5 - SQL injection
|
25 |
WEB
|
Jens Regel
|
|
2019-05-14
|
|
PasteShr 1.6 - Multiple SQL Injection
|
22 |
WEB
|
Mehmet EMIROGLU
|
|
2019-05-14
|
|
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Comm
|
23 |
WEB
|
Julien Ahrens
|
|
2019-05-14
|
|
D-Link DWL-2600AP - Multiple OS Command Injection
|
27 |
WEB
|
Raki Ben Hamouda
|
|
2019-05-14
|
|
Sales ERP 8.1 - Multiple SQL Injection
|
28 |
WEB
|
Mehmet EMIROGLU
|
|
2019-05-13
|
|
OpenProject 5.0.0 - 8.3.1 - SQL Injection
|
24 |
WEB
|
SEC Consult
|
