|
2018-10-30
|
|
CI User Login and Management 1.0 - Arbitrary File Upload
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
11 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
12 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Instagram Clone 1.0 - Arbitrary File Upload
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Notes Manager 1.0 - Arbitrary File Upload
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Expense Management 1.0 - Arbitrary File Upload
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
MyBB Downloads 2.0.3 - SQL Injection
|
18 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-10-30
|
|
Netgear WiFi Router R6120 - Credential Disclosure
|
17 |
WEB
|
Wadeek
|
|
2018-10-30
|
|
Webiness Inventory 2.9 - Arbitrary File Upload
|
15 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
|
13 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
Electricks eCommerce 1.0 - 'prodid' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
K-iwi Framework 1775 - SQL Injection
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - Database File Download
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
E-Negosyo System 1.0 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
RhinOS CMS 3.x - Arbitrary File Download
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Arbitrary File Upload
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Arbitrary File Upload
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Curriculum Evaluation System 1.0 - SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
MTGAS MOGG Web Simulator Script - SQL Injection
|
12 |
WEB
|
Meisam Monsef
|
|
2018-10-29
|
|
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Library Management System 1.0 - 'frmListBooks' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Grapixel New Media 2 - 'pageref' SQL Injection
|
14 |
WEB
|
Berk Dusunur
|
|
2018-10-29
|
|
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Delta Sql 1.8.2 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
MPS Box 0.1.8.0 - Arbitrary File Upload
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Quick Count 2.0 - 'txtInstID' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Open STA Manager 2.3 - Arbitrary File Download
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
MPS Box 0.1.8.0 - 'uuid' SQL Injection
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
AjentiCP 1.2.23.13 - Cross-Site Scripting
|
12 |
WEB
|
Numan OZDEMIR
|
|
2018-10-25
|
|
AiOPMSD Final 1.0.0 - 'q' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple POS and Inventory 1.0 - 'cat' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
ClipBucket 2.8 - 'id' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
User Management 1.1 - Cross-Site Scripting
|
14 |
WEB
|
Ismail Tasdelen
|
|
2018-10-25
|
|
Delta Sql 1.8.2 - Arbitrary File Upload
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple Chat System 1.0 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
phptpoint Hospital Management System 1.0 - 'user' SQL injection
|
13 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-25
|
|
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
|
13 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-25
|
|
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
|
14 |
WEB
|
Ismail Tasdelen
|
|
2018-10-25
|
|
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
|
14 |
WEB
|
AkkuS
|
|
2018-10-12
|
|
D-Link Routers - Directory Traversal
|
13 |
WEB
|
Blazej Adamczyk
|
|
2018-10-12
|
|
D-Link Routers - Plaintext Password
|
14 |
WEB
|
Blazej Adamczyk
|
|
2018-10-12
|
|
D-Link Routers - Command Injection
|
13 |
WEB
|
Blazej Adamczyk
|
|
2018-10-24
|
|
Apache OFBiz 16.11.04 - XML External Entity Injection
|
15 |
WEB
|
Jamie Parfet
|
|
2018-10-24
|
|
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
|
15 |
WEB
|
Ismail Tasdelen
|
|
2018-10-24
|
|
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
|
13 |
WEB
|
Dino Barlattani
|
|
2018-10-24
|
|
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-24
|
|
SG ERP 1.0 - 'info' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
SIM-PKH 2.4.1 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
School ERP Pro+Responsive 1.0 - Arbitrary File Download
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
|
15 |
WEB
|
hyp3rlinx
|
|
2018-10-23
|
|
SIM-PKH 2.4.1 - Arbitrary File Upload
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
Appsource School Management System 1.0 - 'student_id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
The Open ISES Project 3.30A - Arbitrary File Download
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
eNdonesia Portal 8.7 - 'artid' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
School ERP Ultimate 2018 - 'fid' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
Oracle Siebel CRM 8.1.1 - CSV Injection
|
14 |
WEB
|
Sarath Nair
|
|
2018-10-22
|
|
School ERP Ultimate 2018 - Arbitrary File Download
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
MySQL Edit Table 1.0 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-18
|
|
OwnTicket 1.0 - 'TicketID' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-18
|
|
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
|
12 |
WEB
|
Alireza Norkazemi
|
|
2018-10-18
|
|
Learning with Texts 1.6.2 - 'start' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
Time and Expense Management System 3.0 - 'table' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
|
17 |
WEB
|
LiquidWorm
|
|
2018-10-17
|
|
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
BigTree CMS 4.2.23 - Cross-Site Scripting
|
13 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
|
14 |
WEB
|
d0wnp0ur
|
|
2018-10-16
|
|
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
|
12 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Vishesh Auto Index 3.1 - 'fid' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Kados R10 GreenBee - 'release_id' SQL Injection
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Library CMS 2.1.1 - Cross-Site Scripting
|
14 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Navigate CMS 2.8.5 - Arbitrary File Download
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
HotelDruid 2.2.4 - 'anno' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
KORA 2.7.0 - 'cid' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0 - Information Disclosure
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
|
20 |
WEB
|
seccops
|
|
2018-10-15
|
|
FLIR Brickstream 3D+ - RTSP Stream Disclosure
|
14 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
|
15 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Advanced HRM 1.6 - Remote Code Execution
|
15 |
WEB
|
Renos Nikolaou
|
|
2018-10-15
|
|
College Notes Management System 1.0 - 'user' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
|
16 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
AlchemyCMS 4.1 - Cross-Site Scripting
|
16 |
WEB
|
Ismail Tasdelen
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
|
17 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
|
15 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
|
15 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2014-11-21
|
|
FluxBB < 1.5.6 - SQL Injection
|
14 |
WEB
|
secthrowaway
|
|
2018-10-12
|
|
SugarCRM 6.5.26 - Cross-Site Scripting
|
13 |
WEB
|
Purplemet Security
|
|
2018-10-12
|
|
HaPe PKH 1.1 - Arbitrary File Upload
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-12
|
|
CAMALEON CMS 2.4 - Cross-Site Scripting
|
13 |
WEB
|
Ismail Tasdelen
|
|
2018-10-12
|
|
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-12
|
|
Phoenix Contact WebVisit 2985725 - Authentication Bypass
|
15 |
WEB
|
Photubias
|
|
2018-10-12
|
|
LUYA CMS 1.0.12 - Cross-Site Scripting
|
12 |
WEB
|
Ismail Tasdelen
|
|
2018-10-12
|
|
HaPe PKH 1.1 - 'id' SQL Injection
|
14 |
WEB
|
Ihsan Sencan
|
|
2018-10-11
|
|
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
|
15 |
WEB
|
Photubias
|
|
2018-10-11
|
|
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
|
15 |
WEB
|
Larry W. Cashdollar
|
|
2018-10-11
|
|
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-11
|
|
WAGO 750-881 01.09.18 - Cross-Site Scripting
|
13 |
WEB
|
SecuNinja
|
|
2018-10-11
|
|
Wikidforum 2.20 - Cross-Site Scripting
|
10 |
WEB
|
Amir Hossein Mahboubi
|
|
2018-10-10
|
|
Ektron CMS 9.20 SP2 - Improper Access Restrictions
|
13 |
WEB
|
alt3kx
|
|
2018-10-09
|
|
Wikidforum 2.20 - 'message_id' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
