|
2018-08-20
|
|
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
|
11 |
WEB
|
ManhNho
|
|
2018-08-20
|
|
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
|
11 |
WEB
|
0xB9
|
|
2018-08-20
|
|
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
|
11 |
WEB
|
Çlirim Emini
|
|
2018-08-17
|
|
ADM 3.1.2RHG1 - Remote Code Execution
|
10 |
WEB
|
Matthew Fulton
|
|
2018-08-17
|
|
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
|
10 |
WEB
|
Maxim Yefimenko
|
|
2018-08-16
|
|
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
|
10 |
WEB
|
SEC Consult
|
|
2018-08-16
|
|
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
|
8 |
WEB
|
SEC Consult
|
|
2018-08-16
|
|
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
|
10 |
WEB
|
SEC Consult
|
|
2018-08-16
|
|
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
|
12 |
WEB
|
Javier Olmedo
|
|
2018-08-16
|
|
OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions
|
13 |
WEB
|
Joshua Fam
|
|
2018-08-15
|
|
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
|
11 |
WEB
|
AmnBAN
|
|
2018-08-15
|
|
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
|
10 |
WEB
|
Kyle Lovett
|
|
2018-08-14
|
|
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)
|
10 |
WEB
|
Dhiraj Mishra
|
|
2018-08-14
|
|
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)
|
10 |
WEB
|
Metasploit
|
|
2018-08-14
|
|
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)
|
10 |
WEB
|
Metasploit
|
|
2018-08-14
|
|
cgit 1.2.1 - Directory Traversal (Metasploit)
|
12 |
WEB
|
Dhiraj Mishra
|
|
2018-08-13
|
|
IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
|
15 |
WEB
|
Vikas Khanna
|
|
2018-08-10
|
|
MyBB Like Plugin 3.0.0 - Cross-Site Scripting
|
12 |
WEB
|
0xB9
|
|
2018-08-10
|
|
MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting
|
10 |
WEB
|
0xB9
|
|
2018-08-10
|
|
Zimbra 8.6.0_GA_1153 - Cross-Site Scripting
|
12 |
WEB
|
Dino Barlattani
|
|
2018-08-09
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
|
13 |
WEB
|
Wadeek
|
|
2018-08-09
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
|
12 |
WEB
|
Wadeek
|
|
2018-08-08
|
|
osTicket 1.10.1 - Arbitrary File Upload
|
13 |
WEB
|
Rajwinder Singh
|
|
2018-08-08
|
|
LG-Ericsson iPECS NMS 30M - Directory Traversal
|
13 |
WEB
|
Safak Aslan
|
|
2018-08-07
|
|
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)
|
13 |
WEB
|
Nainsi Gupta
|
|
2018-08-07
|
|
OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)
|
13 |
WEB
|
Cody Zacharias
|
|
2018-08-06
|
|
Open-AudIT Community 2.2.6 - Cross-Site Scripting
|
12 |
WEB
|
Ranjeet Jaiswal
|
|
2018-08-06
|
|
Wavemaker Studio 6.6 - Server-Side Request Forgery
|
12 |
WEB
|
Gionathan Reale
|
|
2018-08-06
|
|
CMS ISWEB 3.5.3 - Directory Traversal
|
12 |
WEB
|
Thiago Sena
|
|
2018-08-06
|
|
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
|
13 |
WEB
|
r3m0t3nu11
|
|
2018-08-06
|
|
LAMS < 3.1 - Cross-Site Scripting
|
12 |
WEB
|
Nikola Kojic
|
|
2018-08-06
|
|
Sitecore.Net 8.1 - Directory Traversal
|
15 |
WEB
|
Chris
|
|
2018-08-06
|
|
Subrion CMS 4.2.1 - Cross-Site Scripting
|
15 |
WEB
|
Zeel Chavda
|
|
2018-08-03
|
|
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal
|
15 |
WEB
|
Google Security Research
|
|
2018-08-03
|
|
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
|
17 |
WEB
|
Chris Moberly
|
|
2018-08-03
|
|
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
|
15 |
WEB
|
Chris Moberly
|
|
2018-08-03
|
|
PHP Template Store Script 3.0.6 - Cross-Site Scripting
|
13 |
WEB
|
Sarafraz Khan
|
|
2018-08-02
|
|
Seq 4.2.476 - Authentication Bypass
|
12 |
WEB
|
Daniel Chactoura
|
|
2018-08-02
|
|
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
|
15 |
WEB
|
Fakhri Zulkifli
|
|
2018-08-02
|
|
Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection
|
13 |
WEB
|
Chris Moberly
|
|
2018-08-02
|
|
CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection
|
17 |
WEB
|
0x09AL
|
|
2018-08-02
|
|
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
|
15 |
WEB
|
AkkuS
|
|
2018-08-02
|
|
TI Online Examination System v2 - Arbitrary File Download
|
14 |
WEB
|
AkkuS
|
|
2018-08-02
|
|
WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)
|
12 |
WEB
|
Porhai Eung
|
|
2018-07-31
|
|
LG NAS 3718.510.a0 - Remote Command Execution
|
13 |
WEB
|
0x616163
|
|
2018-07-31
|
|
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
|
16 |
WEB
|
0xB455
|
|
2018-07-30
|
|
H2 Database 1.4.197 - Information Disclosure
|
13 |
WEB
|
owodelta
|
|
2018-07-30
|
|
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
|
14 |
WEB
|
GUIA BRAHIM FOUAD
|
|
2018-07-27
|
|
SoftNAS Cloud < 4.0.3 - OS Command Injection
|
14 |
WEB
|
Core Security
|
|
2018-07-27
|
|
Online Trade 1 - Information Disclosure
|
10 |
WEB
|
Dhamotharan
|
|
2018-07-26
|
|
Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
|
14 |
WEB
|
Zaran Shaikh
|
|
2018-07-26
|
|
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
|
15 |
WEB
|
vulnc0d3
|
|
2018-07-24
|
|
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
|
11 |
WEB
|
r3m0t3nu11
|
|
2018-07-24
|
|
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
|
14 |
WEB
|
r3m0t3nu11
|
|
2018-07-24
|
|
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
|
11 |
WEB
|
Mehmet Ince
|
|
2018-07-24
|
|
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
|
12 |
WEB
|
Mehmet Ince
|
|
2018-07-23
|
|
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
|
15 |
WEB
|
Nathu Nandwani
|
|
2018-07-23
|
|
Davolink DVW 3200 Router - Password Disclosure
|
12 |
WEB
|
Ankit Anubhav
|
|
2018-07-23
|
|
Synology DiskStation Manager 4.1 - Directory Traversal
|
13 |
WEB
|
Berk Dusunur
|
|
2018-07-23
|
|
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
|
12 |
WEB
|
Berk Dusunur
|
|
2018-07-23
|
|
Kirby CMS 2.5.12 - Cross-Site Scripting
|
12 |
WEB
|
Zaran Shaikh
|
|
2018-07-22
|
|
GeoVision GV-SNVR0811 - Directory Traversal
|
12 |
WEB
|
Berk Dusunur
|
|
2018-07-20
|
|
Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
|
14 |
WEB
|
vulnc0d3
|
|
2018-07-20
|
|
MSVOD 10 - 'cid' SQL Injection
|
12 |
WEB
|
Hzllaga
|
|
2018-07-19
|
|
MyBB New Threads Plugin 1.1 - Cross-Site Scripting
|
12 |
WEB
|
0xB9
|
|
2018-07-19
|
|
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
|
12 |
WEB
|
Javier Olmedo
|
|
2018-07-18
|
|
Modx Revolution < 2.6.4 - Remote Code Execution
|
11 |
WEB
|
Vitalii Rudnykh
|
|
2018-07-18
|
|
FTP2FTP 1.0 - Arbitrary File Download
|
10 |
WEB
|
AkkuS
|
|
2018-07-18
|
|
Open-AudIT Community 2.1.1 - Cross-Site Scripting
|
11 |
WEB
|
Ranjeet Jaiswal
|
|
2018-07-18
|
|
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
|
11 |
WEB
|
AkkuS
|
|
2018-07-16
|
|
PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation
|
11 |
WEB
|
Charles Fol
|
|
2018-07-16
|
|
PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation
|
10 |
WEB
|
Charles Fol
|
|
2018-07-17
|
|
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root
|
11 |
WEB
|
LiquidWorm
|
|
2018-07-17
|
|
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation
|
9 |
WEB
|
LiquidWorm
|
|
2018-07-17
|
|
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download
|
8 |
WEB
|
LiquidWorm
|
|
2018-07-17
|
|
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery
|
9 |
WEB
|
LiquidWorm
|
|
2018-07-16
|
|
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
|
11 |
WEB
|
Berk Dusunur
|
|
2018-07-16
|
|
VelotiSmart WiFi B-380 Camera - Directory Traversal
|
11 |
WEB
|
Miguel Mendez Z
|
|
2018-07-16
|
|
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
|
15 |
WEB
|
alt3kx
|
|
2018-07-13
|
|
Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
|
12 |
WEB
|
t4rkd3vilz
|
|
2018-07-13
|
|
Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload
|
9 |
WEB
|
Safak Aslan
|
|
2018-07-13
|
|
Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure
|
8 |
WEB
|
SEC Consult
|
|
2018-07-13
|
|
QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
|
10 |
WEB
|
Core Security
|
|
2018-07-13
|
|
WAGO e!DISPLAY 7300T - Multiple Vulnerabilities
|
10 |
WEB
|
SEC Consult
|
|
2018-07-11
|
|
Dicoogle PACS 2.5.0 - Directory Traversal
|
10 |
WEB
|
Carlos Avila
|
|
2018-07-11
|
|
Instagram-Clone Script 2.0 - Cross-Site Scripting
|
9 |
WEB
|
L0RD
|
|
2018-07-10
|
|
D-Link DIR601 2.02 - Credential Disclosure
|
9 |
WEB
|
Thomas Zuk
|
|
2018-07-10
|
|
Elektronischer Leitz-Ordner 10 - SQL Injection
|
10 |
WEB
|
Jens Regel
|
|
2018-07-07
|
|
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
|
10 |
WEB
|
bobsecq
|
|
2018-07-10
|
|
WolfSight CMS 3.2 - SQL Injection
|
10 |
WEB
|
Berk Dusunur
|
|
2018-07-04
|
|
Gitea 1.4.0 - Remote Code Execution
|
10 |
WEB
|
Kacper Szurek
|
|
2018-07-09
|
|
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
|
12 |
WEB
|
Ahmed Elhady Mohamed
|
|
2018-07-06
|
|
Airties AIR5444TT - Cross-Site Scripting
|
11 |
WEB
|
Raif Berkay Dincel
|
|
2018-07-05
|
|
ADB Broadband Gateways / Routers - Authorization Bypass
|
10 |
WEB
|
SEC Consult
|
|
2018-07-05
|
|
SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
|
9 |
WEB
|
Seren PORSUK
|
|
2018-07-04
|
|
ShopNx - Arbitrary File Upload
|
9 |
WEB
|
L0RD
|
|
2018-07-04
|
|
Online Trade - Information Disclosure
|
8 |
WEB
|
L0RD
|
|
2018-07-04
|
|
CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
|
8 |
WEB
|
Mustafa Hasan
|
|
2018-07-04
|
|
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
|
8 |
WEB
|
Kacper Szurek
|
|
2018-07-03
|
|
ntop-ng < 3.4.180617 - Authentication Bypass
|
9 |
WEB
|
Ioannis Profetis
|
|
2018-07-02
|
|
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection
|
14 |
WEB
|
om3rcitak
|
|
2018-07-02
|
|
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
|
11 |
WEB
|
bay0net
|
|
2018-07-02
|
|
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
|
9 |
WEB
|
ParagonSec
|
|
2018-07-02
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
|
9 |
WEB
|
RandoriSec
|
|
2018-06-28
|
|
Cisco Adaptive Security Appliance - Path Traversal
|
7 |
WEB
|
Yassine Aboukir
|
|
2018-06-28
|
|
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
|
9 |
WEB
|
Adipta Basu
|
|
2018-06-28
|
|
hycus CMS 1.0.4 - Authentication Bypass
|
8 |
WEB
|
Berk Dusunur
|
|
2018-06-28
|
|
HongCMS 3.0.0 - (Authenticated) SQL Injection
|
7 |
WEB
|
Hzllaga
|
|
2018-06-28
|
|
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
|
9 |
WEB
|
bay0net
|
|
2018-06-27
|
|
HPE VAN SDN 2.7.18.0503 - Remote Root
|
10 |
WEB
|
KoreLogic
|
|
2018-06-27
|
|
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
|
9 |
WEB
|
VulnSpy
|
|
2018-06-26
|
|
Liferay Portal < 7.0.4 - Server-Side Request Forgery
|
10 |
WEB
|
Mehmet Ince
|
|
2018-06-25
|
|
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
|
10 |
WEB
|
Çlirim Emini
|
|
2018-06-25
|
|
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
|
10 |
WEB
|
Bhushan B. Patil
|
|
2018-06-25
|
|
Intex Router N-150 - Arbitrary File Upload
|
10 |
WEB
|
Samrat Das
|
|
2018-06-25
|
|
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
10 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
|
9 |
WEB
|
Wadeek
|
|
2018-06-25
|
|
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
8 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
DIGISOL DG-BR4000NG - Cross-Site Scripting
|
8 |
WEB
|
Adipta Basu
|
|
2018-06-25
|
|
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
Samrat Das
|
|
2018-06-25
|
|
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
7 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
|
9 |
WEB
|
Bhushan B. Patil
|
|
2018-06-22
|
|
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
|
10 |
WEB
|
VulnSpy
|
|
2018-06-22
|
|
phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)
|
9 |
WEB
|
Berk Dusunur
|
|
2018-06-21
|
|
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
|
10 |
WEB
|
ChaMd5
|
