|
2018-07-05
|
|
SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
|
29 |
WEB
|
Seren PORSUK
|
|
2018-07-04
|
|
ShopNx - Arbitrary File Upload
|
25 |
WEB
|
L0RD
|
|
2018-07-04
|
|
Online Trade - Information Disclosure
|
20 |
WEB
|
L0RD
|
|
2018-07-04
|
|
CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
|
22 |
WEB
|
Mustafa Hasan
|
|
2018-07-04
|
|
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
|
20 |
WEB
|
Kacper Szurek
|
|
2018-07-03
|
|
ntop-ng < 3.4.180617 - Authentication Bypass
|
24 |
WEB
|
Ioannis Profetis
|
|
2018-07-02
|
|
Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection
|
27 |
WEB
|
om3rcitak
|
|
2018-07-02
|
|
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
|
26 |
WEB
|
bay0net
|
|
2018-07-02
|
|
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
|
22 |
WEB
|
ParagonSec
|
|
2018-07-02
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
|
25 |
WEB
|
RandoriSec
|
|
2018-06-28
|
|
Cisco Adaptive Security Appliance - Path Traversal
|
23 |
WEB
|
Yassine Aboukir
|
|
2018-06-28
|
|
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
|
24 |
WEB
|
Adipta Basu
|
|
2018-06-28
|
|
hycus CMS 1.0.4 - Authentication Bypass
|
19 |
WEB
|
Berk Dusunur
|
|
2018-06-28
|
|
HongCMS 3.0.0 - (Authenticated) SQL Injection
|
20 |
WEB
|
Hzllaga
|
|
2018-06-28
|
|
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)
|
25 |
WEB
|
bay0net
|
|
2018-06-27
|
|
HPE VAN SDN 2.7.18.0503 - Remote Root
|
23 |
WEB
|
KoreLogic
|
|
2018-06-27
|
|
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
|
22 |
WEB
|
VulnSpy
|
|
2018-06-26
|
|
Liferay Portal < 7.0.4 - Server-Side Request Forgery
|
21 |
WEB
|
Mehmet Ince
|
|
2018-06-25
|
|
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
|
25 |
WEB
|
Çlirim Emini
|
|
2018-06-25
|
|
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
|
34 |
WEB
|
Bhushan B. Patil
|
|
2018-06-25
|
|
Intex Router N-150 - Arbitrary File Upload
|
28 |
WEB
|
Samrat Das
|
|
2018-06-25
|
|
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
23 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
|
22 |
WEB
|
Wadeek
|
|
2018-06-25
|
|
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
22 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
DIGISOL DG-BR4000NG - Cross-Site Scripting
|
24 |
WEB
|
Adipta Basu
|
|
2018-06-25
|
|
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
|
23 |
WEB
|
Samrat Das
|
|
2018-06-25
|
|
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
|
24 |
WEB
|
LiquidWorm
|
|
2018-06-25
|
|
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
|
22 |
WEB
|
Bhushan B. Patil
|
|
2018-06-22
|
|
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
|
28 |
WEB
|
VulnSpy
|
|
2018-06-22
|
|
phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)
|
26 |
WEB
|
Berk Dusunur
|
|
2018-06-21
|
|
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
|
25 |
WEB
|
ChaMd5
|
|
2018-06-22
|
|
GreenCMS 2.3.0603 - Information Disclosure
|
25 |
WEB
|
vr_system
|
|
2018-06-21
|
|
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)
|
25 |
WEB
|
bay0net
|
|
2018-06-21
|
|
LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)
|
22 |
WEB
|
bay0net
|
|
2018-06-20
|
|
VideoInsight WebClient 5 - SQL Injection
|
23 |
WEB
|
vosec
|
|
2018-06-20
|
|
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
|
25 |
WEB
|
Nettitude
|
|
2018-06-20
|
|
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
|
25 |
WEB
|
Nettitude
|
|
2018-06-20
|
|
Apache CouchDB < 2.1.0 - Remote Code Execution
|
25 |
WEB
|
Cody Zacharias
|
|
2018-06-20
|
|
TP-Link TL-WA850RE - Remote Command Execution
|
24 |
WEB
|
yoresongo
|
|
2018-06-20
|
|
NewMark CMS 2.1 - 'sec_id' SQL Injection
|
22 |
WEB
|
Berk Dusunur
|
|
2018-06-20
|
|
MaDDash 2.0.2 - Directory Listing
|
23 |
WEB
|
ManhNho
|
|
2018-06-20
|
|
Mirasys DVMS Workstation 5.12.6 - Path Traversal
|
24 |
WEB
|
Onvio
|
|
2018-06-18
|
|
Redatam Web Server < 7 - Directory Traversal
|
26 |
WEB
|
Berk Dusunur
|
|
2018-06-18
|
|
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
|
27 |
WEB
|
Dolev Farhi
|
|
2018-06-18
|
|
Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)
|
26 |
WEB
|
L0RD
|
|
2018-06-15
|
|
Dimofinf CMS 3.0.0 - Cross-Site Scripting
|
28 |
WEB
|
Renzi
|
|
2018-06-15
|
|
OEcms 3.1 - Cross-Site Scripting
|
22 |
WEB
|
Renzi
|
|
2018-06-14
|
|
Joomla! Component Ek Rishta 2.10 - SQL Injection
|
27 |
WEB
|
Guilherme Assmann
|
|
2018-06-13
|
|
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload
|
31 |
WEB
|
h0n1gsp3cht
|
|
2018-06-13
|
|
MACCMS 10 - Cross-Site Request Forgery (Add User)
|
25 |
WEB
|
bay0net
|
|
2018-06-12
|
|
WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection
|
19 |
WEB
|
defensecode
|
|
2018-06-12
|
|
WordPress Plugin Google Map < 4.0.4 - SQL Injection
|
23 |
WEB
|
defensecode
|
|
2018-06-12
|
|
Canon PrintMe EFI - Cross-Site Scripting
|
21 |
WEB
|
Huy Kha
|
|
2018-06-12
|
|
OX App Suite 7.8.4 - Multiple Vulnerabilities
|
22 |
WEB
|
Open-Xchange
|
|
2018-06-12
|
|
OX App Suite 7.8.4 - Multiple Vulnerabilities
|
22 |
WEB
|
Open-Xchange
|
|
2018-06-11
|
|
Siaberry 1.2.2 - Command Injection
|
21 |
WEB
|
Space Duck
|
|
2018-06-12
|
|
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
|
22 |
WEB
|
L0RD
|
|
2018-06-11
|
|
Schools Alert Management Script - Arbitrary File Read
|
18 |
WEB
|
M3@Pandas
|
|
2018-06-11
|
|
Schools Alert Management Script - 'get_sec.php' SQL Injection
|
17 |
WEB
|
M3@Pandas
|
|
2018-06-11
|
|
userSpice 4.3.24 - Username Enumeration
|
18 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
|
20 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
Schools Alert Management Script - Arbitrary File Deletion
|
17 |
WEB
|
M3@Pandas
|
|
2018-06-11
|
|
Joomla! Component EkRishta 2.10 - 'cid' SQL Injection
|
21 |
WEB
|
41!kh4224rDz
|
|
2018-06-11
|
|
Event Manager Admin panel - 'events_new.php' SQL injection
|
16 |
WEB
|
telahdihapus
|
|
2018-06-11
|
|
WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection
|
22 |
WEB
|
Manuel García Cárdenas
|
|
2018-06-11
|
|
Schools Alert Management Script - SQL Injection
|
21 |
WEB
|
M3@Pandas
|
|
2018-06-08
|
|
Splunk < 7.0.1 - Information Disclosure
|
24 |
WEB
|
KoF2002
|
|
2018-06-08
|
|
XiongMai uc-httpd 1.0.0 - Buffer Overflow
|
28 |
WEB
|
Andrew Watson
|
|
2018-06-07
|
|
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
|
23 |
WEB
|
DEEPIN2
|
|
2018-06-07
|
|
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
|
28 |
WEB
|
defensecode
|
|
2018-06-07
|
|
WordPress Plugin Form Maker 1.12.24 - SQL Injection
|
25 |
WEB
|
defensecode
|
|
2018-06-07
|
|
WampServer 3.0.6 - Cross-Site Request Forgery
|
27 |
WEB
|
L0RD
|
|
2018-06-05
|
|
Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)
|
26 |
WEB
|
Kl3_GMjq6
|
|
2018-06-04
|
|
Brother HL Series Printers 1.15 - Cross-Site Scripting
|
27 |
WEB
|
Huy Kha
|
|
2018-06-05
|
|
Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
|
32 |
WEB
|
DEEPIN2
|
|
2018-06-05
|
|
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting
|
28 |
WEB
|
0xB9
|
|
2018-06-04
|
|
EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting
|
23 |
WEB
|
Chris Barretto
|
|
2018-06-04
|
|
SearchBlox 8.6.7 - XML External Entity Injection
|
25 |
WEB
|
Ahmet Gurel
|
|
2018-06-03
|
|
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
|
22 |
WEB
|
xichao
|
|
2018-06-03
|
|
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
|
24 |
WEB
|
xichao
|
|
2018-06-03
|
|
Smartshop 1 - Cross-Site Request Forgery
|
22 |
WEB
|
L0RD
|
|
2018-06-03
|
|
Smartshop 1 - 'id' SQL Injection
|
27 |
WEB
|
L0RD
|
|
2018-05-31
|
|
Grid Pro Big Data 1.0 - SQL Injection
|
22 |
WEB
|
Kağan Çapar
|
|
2018-05-31
|
|
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting
|
28 |
WEB
|
Kağan Çapar
|
|
2018-05-31
|
|
PHP Dashboards NEW 5.5 - 'email' SQL Injection
|
29 |
WEB
|
Kağan Çapar
|
|
2018-05-31
|
|
New STAR 2.1 - SQL Injection / Cross-Site Scripting
|
26 |
WEB
|
Kağan Çapar
|
|
2018-05-31
|
|
TAC Xenta 511/911 - Directory Traversal
|
27 |
WEB
|
Marek Cybul
|
|
2018-05-30
|
|
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
|
22 |
WEB
|
Sysdream
|
|
2018-05-30
|
|
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
|
24 |
WEB
|
Amine Taouirsa
|
|
2018-05-30
|
|
Yosoro 1.0.4 - Remote Code Execution
|
21 |
WEB
|
Carlo Pelliccioni
|
|
2018-05-30
|
|
SearchBlox 8.6.6 - Cross-Site Request Forgery
|
21 |
WEB
|
Ahmet Gurel
|
|
2018-05-29
|
|
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
|
26 |
WEB
|
L0RD
|
|
2018-05-29
|
|
Facebook Clone Script 1.0.5 - 'search' SQL Injection
|
22 |
WEB
|
L0RD
|
|
2018-05-29
|
|
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
|
23 |
WEB
|
0xB9
|
|
2018-05-29
|
|
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
|
23 |
WEB
|
M3@Pandas
|
|
2018-05-29
|
|
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection
|
25 |
WEB
|
Divya Jain
|
|
2018-05-29
|
|
IssueTrak 7.0 - SQL Injection
|
28 |
WEB
|
Chris Anastasio
|
|
2018-05-28
|
|
wityCMS 0.6.1 - Cross-Site Scripting
|
23 |
WEB
|
Nathu Nandwani
|
|
2018-05-28
|
|
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
|
26 |
WEB
|
L0RD
|
|
2018-05-28
|
|
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
|
28 |
WEB
|
L0RD
|
|
2018-05-28
|
|
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
|
25 |
WEB
|
L0RD
|
|
2018-05-28
|
|
WordPress Plugin Events Calendar - SQL Injection
|
27 |
WEB
|
AkkuS
|
|
2018-05-28
|
|
DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting
|
28 |
WEB
|
longer
|
|
2018-05-28
|
|
DomainMod 4.09.03 - 'oid' Cross-Site Scripting
|
27 |
WEB
|
longer
|
|
2018-05-28
|
|
TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass
|
26 |
WEB
|
BlackFog Team
|
|
2018-05-27
|
|
Baby Names Search Engine 1.0 - 'a' SQL Injection
|
28 |
WEB
|
AkkuS
|
|
2018-05-27
|
|
My Directory 2.0 - SQL Injection / Cross-Site Scripting
|
28 |
WEB
|
AkkuS
|
|
2018-05-27
|
|
ClipperCMS 1.3.3 - Cross-Site Scripting
|
22 |
WEB
|
Nathu Nandwani
|
|
2018-05-27
|
|
Listing Hub CMS 1.0 - SQL Injection
|
28 |
WEB
|
AkkuS
|
|
2018-05-27
|
|
BookingWizz Booking System 5.5 - 'id' SQL Injection
|
20 |
WEB
|
AkkuS
|
|
2018-05-27
|
|
Lyrist - 'id' SQL Injection
|
21 |
WEB
|
Meisam Monsef
|
|
2018-05-27
|
|
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
|
20 |
WEB
|
Hesam Bazvand
|
|
2018-05-27
|
|
Ingenious School Management System - 'id' SQL Injection
|
17 |
WEB
|
Meisam Monsef
|
|
2018-05-27
|
|
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
|
18 |
WEB
|
AkkuS
|
|
2018-05-26
|
|
easyLetters 1.0 - 'id' SQL Injection
|
21 |
WEB
|
AkkuS
|
|
2018-05-26
|
|
mySurvey 1.0 - 'id' SQL Injection
|
19 |
WEB
|
AkkuS
|
|
2018-05-26
|
|
EasyService Billing 1.0 - 'q' SQL Injection
|
18 |
WEB
|
Divya Jain
|
|
2018-05-26
|
|
EasyService Billing 1.0 - Cross-Site Scripting
|
18 |
WEB
|
Divya Jain
|
|
2018-05-26
|
|
EasyService Billing 1.0 - Cross-Site Request Forgery
|
19 |
WEB
|
Divya Jain
|
|
2018-05-26
|
|
Ajax Full Featured Calendar 2.0 - 'search' SQL Injection
|
23 |
WEB
|
AkkuS
|
|
2018-05-26
|
|
Employee Work Schedule 5.9 - 'cal_id' SQL Injection
|
26 |
WEB
|
AkkuS
|
|
2018-05-25
|
|
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
|
21 |
WEB
|
Sebastian Cornejo
|
|
2018-05-25
|
|
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
|
19 |
WEB
|
J. Carrillo Lencina
|
|
2018-05-25
|
|
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
|
22 |
WEB
|
0xB9
|
|
2018-05-25
|
|
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
|
19 |
WEB
|
AkkuS
|
