|
2018-11-15
|
|
2-Plan Team 1.0.4 - Arbitrary File Upload
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Simple E-Document 1.31 - 'username' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Meneame English Pligg 5.8 - 'search' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
EverSync 0.5 - Arbitrary File Download
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Net-Billetterie 2.9 - 'login' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
BitZoom 1.0 - 'rollno' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
PHP-Proxy 5.1.0 - Local File Inclusion
|
29 |
WEB
|
Ameer Pornillos
|
|
2018-11-15
|
|
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
|
24 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
|
26 |
WEB
|
Nawaf Alkeraithe
|
|
2018-11-14
|
|
Pedidos 1.0 - SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Rmedia SMS 1.0 - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Advanced Comment System 1.0 - SQL Injection
|
27 |
WEB
|
Rafael Pedrero
|
|
2018-11-14
|
|
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
|
35 |
WEB
|
KoreLogic
|
|
2018-11-14
|
|
EdTv 2 - 'id' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
|
30 |
WEB
|
Nawaf Alkeraithe
|
|
2018-11-14
|
|
Helpdezk 1.1.1 - 'query' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
iServiceOnline 1.0 - 'r' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
SIPve 0.0.2-R19 - SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - 'order' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
|
25 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
|
31 |
WEB
|
Ameer Pornillos
|
|
2018-11-13
|
|
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Gumbo CMS 0.99 - SQL Injection
|
33 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Easyndexer 1.0 - Arbitrary File Download
|
24 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Musicco 2.0.0 - Arbitrary Directory Download
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Alienor Web Libre 2.0 - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - Local File Inclusion
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
|
27 |
WEB
|
InfinitumIT
|
|
2018-11-13
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
|
32 |
WEB
|
InfinitumIT
|
|
2018-11-12
|
|
Nominas 0.27 - 'username' SQL Injection
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
|
26 |
WEB
|
hyp3rlinx
|
|
2018-11-12
|
|
ServerZilla 1.0 - 'email' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
GPS Tracking System 2.12 - 'username' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
Facturation System 1.0 - 'modid' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
The Don 1.0.1 - 'login' SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosur
|
34 |
WEB
|
Wadeek
|
|
2018-11-12
|
|
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
|
31 |
WEB
|
Pasquale Turi
|
|
2018-11-12
|
|
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
|
31 |
WEB
|
Pasquale Turi
|
|
2018-11-12
|
|
TufinOS 2.17 Build 1193 - XML External Entity Injection
|
32 |
WEB
|
Konstantinos Alexiou
|
|
2018-11-12
|
|
Data Center Audit 2.6.2 - 'username' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-07
|
|
PlayJoom 0.10.1 - 'catid' SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
|
37 |
WEB
|
Carlos Avila
|
|
2018-11-06
|
|
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
|
27 |
WEB
|
AkkuS
|
|
2018-11-06
|
|
OOP CMS BLOG 1.0 - 'search' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
Grocery crud 1.6.1 - 'search_field' SQL Injection
|
25 |
WEB
|
Loading Kura Kura
|
|
2018-11-06
|
|
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
|
31 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-11-05
|
|
Voovi Social Networking Script 1.0 - 'user' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Royal TS/X - Information Disclosure
|
30 |
WEB
|
Jakub Palaczynski
|
|
2018-11-05
|
|
PHP Proxy 3.0.3 - Local File Inclusion
|
27 |
WEB
|
AkkuS
|
|
2018-11-05
|
|
Mongo Web Admin 6.0 - Information Disclosure
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
|
33 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
WebVet 0.1a - 'id' SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
|
25 |
WEB
|
Chris Lyne
|
|
2018-11-05
|
|
SiAdmin 1.1 - 'id' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
Yot CMS 3.3.1 - 'aid' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
qdPM 9.1 - 'filter_by' SQL Injection
|
25 |
WEB
|
AkkuS
|
|
2018-11-02
|
|
Gate Pass Management System 2.1 - 'login' SQL Injection
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
Jelastic 5.4 - 'host' SQL Injection
|
26 |
WEB
|
Procode701
|
|
2018-11-02
|
|
Fantastic Blog CMS 1.0 - 'id' SQL Injection
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-31
|
|
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
|
32 |
WEB
|
Jakub Palaczynski
|
|
2018-10-30
|
|
CI User Login and Management 1.0 - Arbitrary File Upload
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
28 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
27 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Instagram Clone 1.0 - Arbitrary File Upload
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Notes Manager 1.0 - Arbitrary File Upload
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Expense Management 1.0 - Arbitrary File Upload
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
MyBB Downloads 2.0.3 - SQL Injection
|
35 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-10-30
|
|
Netgear WiFi Router R6120 - Credential Disclosure
|
31 |
WEB
|
Wadeek
|
|
2018-10-30
|
|
Webiness Inventory 2.9 - Arbitrary File Upload
|
31 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
|
26 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
Electricks eCommerce 1.0 - 'prodid' SQL Injection
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
K-iwi Framework 1775 - SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - Database File Download
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
E-Negosyo System 1.0 - SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
RhinOS CMS 3.x - Arbitrary File Download
|
37 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
|
45 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Arbitrary File Upload
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Arbitrary File Upload
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Curriculum Evaluation System 1.0 - SQL Injection
|
47 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
MTGAS MOGG Web Simulator Script - SQL Injection
|
26 |
WEB
|
Meisam Monsef
|
|
2018-10-29
|
|
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Library Management System 1.0 - 'frmListBooks' SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Grapixel New Media 2 - 'pageref' SQL Injection
|
32 |
WEB
|
Berk Dusunur
|
|
2018-10-29
|
|
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Delta Sql 1.8.2 - 'id' SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
MPS Box 0.1.8.0 - Arbitrary File Upload
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Quick Count 2.0 - 'txtInstID' SQL Injection
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Open STA Manager 2.3 - Arbitrary File Download
|
32 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
MPS Box 0.1.8.0 - 'uuid' SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
AjentiCP 1.2.23.13 - Cross-Site Scripting
|
26 |
WEB
|
Numan OZDEMIR
|
|
2018-10-25
|
|
AiOPMSD Final 1.0.0 - 'q' SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple POS and Inventory 1.0 - 'cat' SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
ClipBucket 2.8 - 'id' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
User Management 1.1 - Cross-Site Scripting
|
27 |
WEB
|
Ismail Tasdelen
|
|
2018-10-25
|
|
Delta Sql 1.8.2 - Arbitrary File Upload
|
28 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple Chat System 1.0 - 'id' SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
