Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2018-08-14   cgit 1.2.1 - Directory Traversal (Metasploit) 38 WEB Dhiraj Mishra
2018-08-13   IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting 34 WEB Vikas Khanna
2018-08-10   MyBB Like Plugin 3.0.0 - Cross-Site Scripting 40 WEB 0xB9
2018-08-10   MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting 34 WEB 0xB9
2018-08-10   Zimbra 8.6.0_GA_1153 - Cross-Site Scripting 34 WEB Dino Barlattani
2018-08-09   TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure) 37 WEB Wadeek
2018-08-09   TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) 33 WEB Wadeek
2018-08-08   osTicket 1.10.1 - Arbitrary File Upload 37 WEB Rajwinder Singh
2018-08-08   LG-Ericsson iPECS NMS 30M - Directory Traversal 46 WEB Safak Aslan
2018-08-07   Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) 36 WEB Nainsi Gupta
2018-08-07   OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated) 35 WEB Cody Zacharias
2018-08-06   Open-AudIT Community 2.2.6 - Cross-Site Scripting 36 WEB Ranjeet Jaiswal
2018-08-06   Wavemaker Studio 6.6 - Server-Side Request Forgery 37 WEB Gionathan Reale
2018-08-06   CMS ISWEB 3.5.3 - Directory Traversal 33 WEB Thiago Sena
2018-08-06   onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) 34 WEB r3m0t3nu11
2018-08-06   LAMS < 3.1 - Cross-Site Scripting 34 WEB Nikola Kojic
2018-08-06   Sitecore.Net 8.1 - Directory Traversal 38 WEB Chris
2018-08-06   Subrion CMS 4.2.1 - Cross-Site Scripting 36 WEB Zeel Chavda
2018-08-03   cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal 35 WEB Google Security Research
2018-08-03   Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection 39 WEB Chris Moberly
2018-08-03   Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection 36 WEB Chris Moberly
2018-08-03   PHP Template Store Script 3.0.6 - Cross-Site Scripting 36 WEB Sarafraz Khan
2018-08-02   Seq 4.2.476 - Authentication Bypass 35 WEB Daniel Chactoura
2018-08-02   ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution 40 WEB Fakhri Zulkifli
2018-08-02   Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection 35 WEB Chris Moberly
2018-08-02   CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection 39 WEB 0x09AL
2018-08-02   PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection 38 WEB AkkuS
2018-08-02   TI Online Examination System v2 - Arbitrary File Download 35 WEB AkkuS
2018-08-02   WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change) 38 WEB Porhai Eung
2018-07-31   LG NAS 3718.510.a0 - Remote Command Execution 37 WEB 0x616163
2018-07-31   Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection 37 WEB 0xB455
2018-07-30   H2 Database 1.4.197 - Information Disclosure 36 WEB owodelta
2018-07-30   Responsive Filemanager 9.13.1 - Server-Side Request Forgery 36 WEB GUIA BRAHIM FOUAD
2018-07-27   SoftNAS Cloud < 4.0.3 - OS Command Injection 37 WEB Core Security
2018-07-27   Online Trade 1 - Information Disclosure 34 WEB Dhamotharan
2018-07-26   Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) 48 WEB Zaran Shaikh
2018-07-26   Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass) 42 WEB vulnc0d3
2018-07-24   D-link DAP-1360 - Path Traversal / Cross-Site Scripting 34 WEB r3m0t3nu11
2018-07-24   D-link DAP-1360 - Path Traversal / Cross-Site Scripting 36 WEB r3m0t3nu11
2018-07-24   Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit) 37 WEB Mehmet Ince
2018-07-24   Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit) 36 WEB Mehmet Ince
2018-07-23   Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) 38 WEB Nathu Nandwani
2018-07-23   Davolink DVW 3200 Router - Password Disclosure 35 WEB Ankit Anubhav
2018-07-23   Synology DiskStation Manager 4.1 - Directory Traversal 35 WEB Berk Dusunur
2018-07-23   NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution 36 WEB Berk Dusunur
2018-07-23   Kirby CMS 2.5.12 - Cross-Site Scripting 38 WEB Zaran Shaikh
2018-07-22   GeoVision GV-SNVR0811 - Directory Traversal 36 WEB Berk Dusunur
2018-07-20   Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass 34 WEB vulnc0d3
2018-07-20   MSVOD 10 - 'cid' SQL Injection 33 WEB Hzllaga
2018-07-19   MyBB New Threads Plugin 1.1 - Cross-Site Scripting 34 WEB 0xB9
2018-07-19   WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting 33 WEB Javier Olmedo
2018-07-18   Modx Revolution < 2.6.4 - Remote Code Execution 32 WEB Vitalii Rudnykh
2018-07-18   FTP2FTP 1.0 - Arbitrary File Download 34 WEB AkkuS
2018-07-18   Open-AudIT Community 2.1.1 - Cross-Site Scripting 36 WEB Ranjeet Jaiswal
2018-07-18   Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection 35 WEB AkkuS
2018-07-16   PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation 30 WEB Charles Fol
2018-07-16   PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation 32 WEB Charles Fol
2018-07-17   Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root 32 WEB LiquidWorm
2018-07-17   Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation 31 WEB LiquidWorm
2018-07-17   Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download 29 WEB LiquidWorm
2018-07-17   Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery 32 WEB LiquidWorm
2018-07-16   WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting 36 WEB Berk Dusunur
2018-07-16   VelotiSmart WiFi B-380 Camera - Directory Traversal 33 WEB Miguel Mendez Z
2018-07-16   Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection 42 WEB alt3kx
2018-07-13   Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery 35 WEB t4rkd3vilz
2018-07-13   Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload 35 WEB Safak Aslan
2018-07-13   Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure 33 WEB SEC Consult
2018-07-13   QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities 36 WEB Core Security
2018-07-13   WAGO e!DISPLAY 7300T - Multiple Vulnerabilities 39 WEB SEC Consult
2018-07-11   Dicoogle PACS 2.5.0 - Directory Traversal 37 WEB Carlos Avila
2018-07-11   Instagram-Clone Script 2.0 - Cross-Site Scripting 33 WEB L0RD
2018-07-10   D-Link DIR601 2.02 - Credential Disclosure 38 WEB Thomas Zuk
2018-07-10   Elektronischer Leitz-Ordner 10 - SQL Injection 31 WEB Jens Regel
2018-07-07   Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution 41 WEB bobsecq
2018-07-10   WolfSight CMS 3.2 - SQL Injection 30 WEB Berk Dusunur
2018-07-04   Gitea 1.4.0 - Remote Code Execution 30 WEB Kacper Szurek
2018-07-09   Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting 38 WEB Ahmed Elhady Mohamed
2018-07-06   Airties AIR5444TT - Cross-Site Scripting 36 WEB Raif Berkay Dincel
2018-07-05   ADB Broadband Gateways / Routers - Authorization Bypass 33 WEB SEC Consult
2018-07-05   SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection 36 WEB Seren PORSUK
2018-07-04   ShopNx - Arbitrary File Upload 34 WEB L0RD
2018-07-04   Online Trade - Information Disclosure 32 WEB L0RD
2018-07-04   CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution 31 WEB Mustafa Hasan
2018-07-04   ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution 32 WEB Kacper Szurek
2018-07-03   ntop-ng < 3.4.180617 - Authentication Bypass 34 WEB Ioannis Profetis
2018-07-02   Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection 37 WEB om3rcitak
2018-07-02   DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) 35 WEB bay0net
2018-07-02   VMware NSX SD-WAN Edge < 3.1.2 - Command Injection 33 WEB ParagonSec
2018-07-02   Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) 36 WEB RandoriSec
2018-06-28   Cisco Adaptive Security Appliance - Path Traversal 33 WEB Yassine Aboukir
2018-06-28   DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting 32 WEB Adipta Basu
2018-06-28   hycus CMS 1.0.4 - Authentication Bypass 31 WEB Berk Dusunur
2018-06-28   HongCMS 3.0.0 - (Authenticated) SQL Injection 34 WEB Hzllaga
2018-06-28   BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) 37 WEB bay0net
2018-06-27   HPE VAN SDN 2.7.18.0503 - Remote Root 34 WEB KoreLogic
2018-06-27   WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion 34 WEB VulnSpy
2018-06-26   Liferay Portal < 7.0.4 - Server-Side Request Forgery 32 WEB Mehmet Ince
2018-06-25   WordPress Plugin iThemes Security < 7.0.3 - SQL Injection 35 WEB Çlirim Emini
2018-06-25   WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection 46 WEB Bhushan B. Patil
2018-06-25   Intex Router N-150 - Arbitrary File Upload 38 WEB Samrat Das
2018-06-25   Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) 32 WEB LiquidWorm
2018-06-25   AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) 31 WEB Wadeek
2018-06-25   Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) 31 WEB LiquidWorm
2018-06-25   DIGISOL DG-BR4000NG - Cross-Site Scripting 34 WEB Adipta Basu
2018-06-25   Intex Router N-150 - Cross-Site Request Forgery (Add Admin) 29 WEB Samrat Das
2018-06-25   Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) 30 WEB LiquidWorm
2018-06-25   WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection 34 WEB Bhushan B. Patil
2018-06-22   phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) 38 WEB VulnSpy
2018-06-22   phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username) 35 WEB Berk Dusunur
2018-06-21   phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) 35 WEB ChaMd5
2018-06-22   GreenCMS 2.3.0603 - Information Disclosure 35 WEB vr_system
2018-06-21   LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin) 36 WEB bay0net
2018-06-21   LFCMS 3.7.0 - Cross-Site Request Forgery (Add User) 30 WEB bay0net
2018-06-20   VideoInsight WebClient 5 - SQL Injection 33 WEB vosec
2018-06-20   IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit) 34 WEB Nettitude
2018-06-20   IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit) 35 WEB Nettitude
2018-06-20   Apache CouchDB < 2.1.0 - Remote Code Execution 33 WEB Cody Zacharias
2018-06-20   TP-Link TL-WA850RE - Remote Command Execution 34 WEB yoresongo
2018-06-20   NewMark CMS 2.1 - 'sec_id' SQL Injection 30 WEB Berk Dusunur
2018-06-20   MaDDash 2.0.2 - Directory Listing 30 WEB ManhNho
2018-06-20   Mirasys DVMS Workstation 5.12.6 - Path Traversal 34 WEB Onvio
2018-06-18   Redatam Web Server < 7 - Directory Traversal 34 WEB Berk Dusunur
2018-06-18   RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin) 37 WEB Dolev Farhi
2018-06-18   Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User) 35 WEB L0RD
2018-06-15   Dimofinf CMS 3.0.0 - Cross-Site Scripting 38 WEB Renzi