|
2018-10-05
|
|
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
|
9 |
WEB
|
cakes
|
|
2018-10-04
|
|
LayerBB Forum 1.1.1 - 'search_query' SQL Injection
|
15 |
WEB
|
Ihsan Sencan
|
|
2018-10-03
|
|
RICOH MP C1803 JPN Printer - Cross-Site Scripting
|
11 |
WEB
|
Ismail Tasdelen
|
|
2018-10-03
|
|
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
|
13 |
WEB
|
Ismail Tasdelen
|
|
2018-10-03
|
|
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-10-03
|
|
Zechat 1.5 - 'uname' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-10-02
|
|
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-10-02
|
|
Coaster CMS 5.5.0 - Cross-Site Scripting
|
8 |
WEB
|
Ismail Tasdelen
|
|
2018-10-02
|
|
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
|
12 |
WEB
|
Dino Barlattani
|
|
2018-10-01
|
|
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
|
9 |
WEB
|
cakes
|
|
2018-10-01
|
|
WUZHICMS 2.0 - Cross-Site Scripting
|
9 |
WEB
|
Renzi
|
|
2018-10-01
|
|
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Binary MLM Software 1.0 - 'pid' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Education Website 1.0 - 'subject' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Fork CMS 5.4.0 - Cross-Site Scripting
|
16 |
WEB
|
Ismail Tasdelen
|
|
2018-10-01
|
|
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
|
11 |
WEB
|
Ismail Tasdelen
|
|
2018-10-01
|
|
H2 Database 1.4.196 - Remote Code Execution
|
10 |
WEB
|
h4ckNinja
|
|
2018-09-27
|
|
Rausoft ID.prove 2.95 - 'Username' SQL injection
|
11 |
WEB
|
Ilya Timchenko
|
|
2018-09-27
|
|
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
|
11 |
WEB
|
Ismail Tasdelen
|
|
2018-09-27
|
|
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
|
10 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-09-25
|
|
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
|
11 |
WEB
|
AkkuS
|
|
2018-09-25
|
|
RICOH MP C406Z Printer - Cross-Site Scripting
|
10 |
WEB
|
Ismail Tasdelen
|
|
2018-09-25
|
|
RICOH MP 305+ Printer - Cross-Site Scripting
|
11 |
WEB
|
Ismail Tasdelen
|
|
2018-09-25
|
|
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Collection Factory 4.1.9 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Swap Factory 2.2.1 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
|
9 |
WEB
|
AkkuS
|
|
2018-09-25
|
|
RICOH MP C6503 Plus Printer - Cross-Site Scripting
|
7 |
WEB
|
Ismail Tasdelen
|
|
2018-09-25
|
|
Joomla! Component Social Factory 3.8.3 - SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Questions 1.4.3 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Music Collection 3.0.3 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Super Cms Blog Pro 1.0 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
RICOH MP C2003 Printer - Cross-Site Scripting
|
13 |
WEB
|
Ismail Tasdelen
|
|
2018-09-24
|
|
RICOH MP C6003 Printer - Cross-Site Scripting
|
15 |
WEB
|
Ismail Tasdelen
|
|
2018-09-24
|
|
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-09-24
|
|
RICOH Aficio MP 301 Printer - Cross-Site Scripting
|
9 |
WEB
|
Ismail Tasdelen
|
|
2018-09-24
|
|
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-09-24
|
|
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-09-24
|
|
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
|
11 |
WEB
|
Numan OZDEMIR
|
|
2018-09-24
|
|
LG SuperSign EZ CMS 2.5 - Remote Code Execution
|
12 |
WEB
|
Alejandro Fanjul
|
|
2018-09-24
|
|
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
|
10 |
WEB
|
Haboob Team
|
|
2018-09-21
|
|
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
|
12 |
WEB
|
Simon Brannstrom
|
|
2018-09-24
|
|
Navigate CMS 2.8 - Cross-Site Scripting
|
14 |
WEB
|
Renzi
|
|
2018-09-19
|
|
LG SuperSign EZ CMS 2.5 - Local File Inclusion
|
13 |
WEB
|
Alejandro Fanjul
|
|
2018-09-19
|
|
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
|
16 |
WEB
|
Manuel García Cárdenas
|
|
2018-09-19
|
|
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
|
12 |
WEB
|
Manuel García Cárdenas
|
|
2018-09-19
|
|
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
|
10 |
WEB
|
Fahimeh Rezaei
|
|
2018-09-18
|
|
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Si
|
13 |
WEB
|
Larry W. Cashdollar
|
|
2018-09-18
|
|
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Si
|
11 |
WEB
|
Larry W. Cashdollar
|
|
2018-09-17
|
|
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection
|
12 |
WEB
|
Hamza Megahed
|
|
2018-09-17
|
|
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
|
15 |
WEB
|
cakes
|
|
2018-09-14
|
|
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
|
14 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2018-09-14
|
|
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
|
10 |
WEB
|
Stephen Shkardoon
|
|
2018-09-14
|
|
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
|
9 |
WEB
|
Stephen Shkardoon
|
|
2018-09-13
|
|
Apache Syncope 2.0.7 - Remote Code Execution
|
11 |
WEB
|
Che-Chun Kuo
|
|
2018-09-13
|
|
Apache Portals Pluto 3.0.0 - Remote Code Execution
|
11 |
WEB
|
Che-Chun Kuo
|
|
2018-09-12
|
|
LG Smart IP Camera 1508190 - Backup File Download
|
9 |
WEB
|
Ege Balci
|
|
2018-09-12
|
|
MyBB 1.8.17 - Cross-Site Scripting
|
10 |
WEB
|
0xB9
|
|
2018-09-12
|
|
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
|
11 |
WEB
|
Mohamed Sayed
|
|
2018-09-12
|
|
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
|
9 |
WEB
|
bzyo
|
|
2018-09-12
|
|
SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting
|
10 |
WEB
|
bzyo
|
|
2018-09-12
|
|
Rubedo CMS 3.4.0 - Directory Traversal
|
9 |
WEB
|
Marouene Boubakri
|
|
2018-09-12
|
|
CirCarLife SCADA 4.3.0 - Credential Disclosure
|
10 |
WEB
|
SadFud
|
|
2018-09-11
|
|
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
|
11 |
WEB
|
Gokhan Sagoglu
|
|
2018-09-04
|
|
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
|
8 |
WEB
|
Reigning Shells
|
|
2018-09-10
|
|
LW-N605R 12.20.2.1486 - Remote Code Execution
|
10 |
WEB
|
Nassim Asrir
|
|
2018-09-07
|
|
QNAP Photo Station 5.7.0 - Cross-Site Scripting
|
13 |
WEB
|
Mitsuaki Shiraishi
|
|
2018-09-07
|
|
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
|
11 |
WEB
|
Carlos Avila
|
|
2018-09-07
|
|
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
|
8 |
WEB
|
Carlos Avila
|
|
2018-09-06
|
|
D-Link Dir-600M N150 - Cross-Site Scripting
|
7 |
WEB
|
PUNIT DARJI
|
|
2018-09-06
|
|
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
|
9 |
WEB
|
Hamit CİBO
|
|
2018-09-06
|
|
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
|
8 |
WEB
|
Marko Jokic
|
|
2018-09-06
|
|
Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection
|
12 |
WEB
|
Javier Olmedo
|
|
2018-09-06
|
|
Jorani Leave Management 0.6.5 - Cross-Site Scripting
|
11 |
WEB
|
Javier Olmedo
|
|
2018-09-06
|
|
NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)
|
12 |
WEB
|
LiquidWorm
|
|
2018-09-05
|
|
Tenda ADSL Router D152 - Cross-Site Scripting
|
10 |
WEB
|
Sandip Dey
|
|
2018-09-04
|
|
mooSocial Store Plugin 2.6 - SQL Injection
|
11 |
WEB
|
Andrea Bocchetti
|
|
2018-09-04
|
|
Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection
|
12 |
WEB
|
Renos Nikolaou
|
|
2018-09-04
|
|
PHP File Browser Script 1 - Directory Traversal
|
9 |
WEB
|
AkkuS
|
|
2018-09-04
|
|
Logicspice FAQ Script 2.9.7 - Remote Code Execution
|
10 |
WEB
|
AkkuS
|
|
2018-09-03
|
|
Online Quiz Maker 1.0 - 'catid' SQL Injection
|
8 |
WEB
|
AkkuS
|
|
2018-09-03
|
|
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
|
8 |
WEB
|
Nawaf Alkeraithe
|
|
2018-09-03
|
|
FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
|
13 |
WEB
|
hyp3rlinx
|
|
2018-08-31
|
|
DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
|
10 |
WEB
|
Autism_JH
|
|
2018-08-31
|
|
Vox TG790 ADSL Router - Cross-Site Scripting
|
14 |
WEB
|
cakes
|
|
2018-08-30
|
|
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
|
14 |
WEB
|
Emre ÖVÜNÇ
|
|
2018-08-30
|
|
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
|
13 |
WEB
|
Renos Nikolaou
|
|
2018-08-30
|
|
DLink DIR-601 - Credential Disclosure
|
8 |
WEB
|
Kevin Randall
|
|
2018-08-30
|
|
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
|
9 |
WEB
|
Renos Nikolaou
|
|
2018-08-30
|
|
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
|
9 |
WEB
|
Emre ÖVÜNÇ
|
|
2018-08-29
|
|
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
|
12 |
WEB
|
hyp3rlinx
|
|
2018-08-29
|
|
Episerver 7 patch 4 - XML External Entity Injection
|
12 |
WEB
|
Jonas Lejon
|
|
2018-08-29
|
|
phpMyAdmin 4.7.x - Cross-Site Request Forgery
|
11 |
WEB
|
VulnSpy
|
|
2018-08-27
|
|
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
|
12 |
WEB
|
Lydéric Lefebvre
|
|
2018-08-27
|
|
Responsive FileManager < 9.13.4 - Directory Traversal
|
9 |
WEB
|
Simon Uvarov
|
|
2018-08-27
|
|
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
|
11 |
WEB
|
Yorick Koster
|
|
2018-08-27
|
|
LiteCart 2.1.2 - Arbitrary File Upload
|
11 |
WEB
|
Haboob Team
|
|
2018-08-27
|
|
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
|
11 |
WEB
|
Javier Olmedo
|
|
2018-08-27
|
|
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
|
12 |
WEB
|
Ismail Tasdelen
|
|
2018-08-27
|
|
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
|
11 |
WEB
|
GunEggWang
|
|
2018-08-26
|
|
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
|
11 |
WEB
|
Ismail Tasdelen
|
|
2018-08-26
|
|
WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection
|
9 |
WEB
|
Renos Nikolaou
|
|
2018-08-25
|
|
ManageEngine ADManager Plus 6.5.7 - HTML Injection
|
10 |
WEB
|
Ismail Tasdelen
|
|
2018-08-25
|
|
UltimatePOS 2.5 - Remote Code Execution
|
11 |
WEB
|
Renos Nikolaou
|
|
2018-08-24
|
|
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
|
13 |
WEB
|
cakes
|
|
2018-08-23
|
|
PCViewer vt1000 - Directory Traversal
|
12 |
WEB
|
Berk Dusunur
|
|
2018-08-23
|
|
Twitter-Clone 1 - 'code' SQL Injection
|
13 |
WEB
|
L0RD
|
|
2018-08-22
|
|
Geutebrueck re_porter 16 - Cross-Site Scripting
|
11 |
WEB
|
Kamil Suska
|
|
2018-08-22
|
|
Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
|
10 |
WEB
|
Kamil Suska
|
|
2018-08-22
|
|
KingMedia 4.1 - File Upload
|
11 |
WEB
|
Efrén Díaz
|
|
2018-08-22
|
|
ZyXEL VMG3312-B10B - Cross-Site Scripting
|
13 |
WEB
|
Samet ŞAHİN
|
|
2018-08-21
|
|
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection
|
12 |
WEB
|
Mostafa Gharzi
|
|
2018-08-21
|
|
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
|
8 |
WEB
|
L0RD
|
|
2018-08-21
|
|
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
|
12 |
WEB
|
Alfie
|
|
2018-08-21
|
|
Twitter-Clone 1 - 'userid' SQL Injection
|
10 |
WEB
|
L0RD
|
|
2018-08-20
|
|
Countly - Cross-Site Scripting
|
10 |
WEB
|
Sleepy
|
