|
2018-04-18
|
|
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
|
17 |
WEB
|
Keerati T.
|
|
2018-04-18
|
|
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
|
20 |
WEB
|
Keerati T.
|
|
2018-04-17
|
|
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
|
16 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-16
|
|
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
|
16 |
WEB
|
Frogy
|
|
2018-04-16
|
|
Cobub Razor 0.8.0 - SQL injection
|
21 |
WEB
|
Kyhvedn
|
|
2018-04-13
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
|
21 |
WEB
|
Hans Topo & g0tmi1k
|
|
2018-04-13
|
|
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
|
16 |
WEB
|
Vitalii Rudnykh
|
|
2018-04-12
|
|
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
|
20 |
WEB
|
Sairam Jetty
|
|
2018-04-10
|
|
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
|
19 |
WEB
|
ManhNho
|
|
2018-04-10
|
|
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
|
19 |
WEB
|
ManhNho
|
|
2018-04-10
|
|
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Contr
|
15 |
WEB
|
SlidingWindow
|
|
2018-04-10
|
|
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
|
20 |
WEB
|
taoge
|
|
2018-04-10
|
|
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
|
19 |
WEB
|
taoge
|
|
2018-04-10
|
|
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
|
17 |
WEB
|
Stefan Broeder
|
|
2018-04-10
|
|
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
|
19 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WordPress Plugin Google Drive 2.2 - Remote Code Execution
|
15 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
|
17 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
|
13 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
|
16 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
|
13 |
WEB
|
LiquidWorm
|
|
2018-04-09
|
|
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
|
16 |
WEB
|
LiquidWorm
|
|
2018-04-09
|
|
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
|
17 |
WEB
|
RedTeam Pentesting
|
|
2018-04-09
|
|
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
|
23 |
WEB
|
Graeme Robinson
|
|
2018-04-09
|
|
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
|
19 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WolfCMS 0.8.3.1 - Open Redirection
|
19 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-09
|
|
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
|
13 |
WEB
|
Perileos
|
|
2018-04-09
|
|
Cobub Razor 0.7.2 - Add New Superuser Account
|
18 |
WEB
|
ppb
|
|
2018-04-09
|
|
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
|
19 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-09
|
|
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
|
16 |
WEB
|
Colette Chamberland
|
|
2018-04-06
|
|
Cobub Razor 0.7.2 - Cross-Site Request Forgery
|
18 |
WEB
|
ppb
|
|
2018-04-06
|
|
DotNetNuke DNNarticle Module 11 - Directory Traversal
|
19 |
WEB
|
Esmaeil Rahimian
|
|
2018-04-06
|
|
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
|
21 |
WEB
|
Noman Riffat
|
|
2018-04-05
|
|
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
|
15 |
WEB
|
Stefan Broeder
|
|
2018-04-05
|
|
GetSimple CMS 3.3.13 - Cross-Site Scripting
|
14 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-05
|
|
Z-Blog 1.5.1.1740 - Full Path Disclosure
|
11 |
WEB
|
zzw
|
|
2018-04-05
|
|
Z-Blog 1.5.1.1740 - Cross-Site Scripting
|
13 |
WEB
|
zzw
|
|
2018-04-05
|
|
YzmCMS 3.6 - Cross-Site Scripting
|
13 |
WEB
|
zzw
|
|
2018-04-05
|
|
WebRTC - Private IP Leakage (Metasploit)
|
16 |
WEB
|
Dhiraj Mishra
|
|
2018-04-05
|
|
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
|
16 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-05
|
|
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting
|
18 |
WEB
|
0xB9
|
|
2018-04-04
|
|
ProcessMaker - Plugin Upload (Metasploit)
|
22 |
WEB
|
Metasploit
|
|
2018-04-02
|
|
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
|
16 |
WEB
|
Todor Donev
|
|
2018-04-02
|
|
OpenCMS 10.5.3 - Cross-Site Scripting
|
17 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-02
|
|
OpenCMS 10.5.3 - Cross-Site Request Forgery
|
19 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-02
|
|
LifeSize ClearSea 3.1.4 - Directory Traversal
|
19 |
WEB
|
rsp3ar
|
|
2018-04-02
|
|
DLink DIR-601 - Admin Password Disclosure
|
20 |
WEB
|
Kevin Randall
|
|
2018-04-02
|
|
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
|
19 |
WEB
|
LiquidWorm
|
|
2018-04-02
|
|
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
|
20 |
WEB
|
LiquidWorm
|
|
2018-04-02
|
|
WampServer 3.1.2 - Cross-Site Request Forgery
|
20 |
WEB
|
Vipin Chaudhary
|
|
2018-04-02
|
|
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
19 |
WEB
|
Vipin Chaudhary
|
|
2018-04-02
|
|
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
|
18 |
WEB
|
Samrat Das
|
|
2018-03-30
|
|
Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change
|
19 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)
|
18 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
|
14 |
WEB
|
Touhid M.Shaikh
|
|
2018-03-30
|
|
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
|
16 |
WEB
|
Gem George
|
|
2018-03-30
|
|
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
|
17 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
osCommerce 2.3.4.1 - Remote Code Execution
|
13 |
WEB
|
Simon Scannell
|
|
2018-03-30
|
|
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change
|
14 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
|
13 |
WEB
|
Colette Chamberland
|
|
2018-03-30
|
|
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
|
17 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-03-30
|
|
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
|
17 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-03-30
|
|
Homematic CCU2 2.29.23 - Remote Command Execution
|
14 |
WEB
|
Patrick Muench and Gregor Kopf
|
|
2018-03-30
|
|
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
|
18 |
WEB
|
Stefan Broeder
|
|
2018-03-30
|
|
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
|
16 |
WEB
|
Stefan Broeder
|
|
2018-03-30
|
|
MiniCMS 1.10 - Cross-Site Request Forgery
|
16 |
WEB
|
zixian
|
|
2018-03-30
|
|
Homematic CCU2 2.29.23 - Arbitrary File Write
|
15 |
WEB
|
Patrick Muench and Gregor Kopf
|
|
2018-03-30
|
|
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
|
13 |
WEB
|
Nilesh Sapariya
|
|
2018-03-29
|
|
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
|
12 |
WEB
|
Metasploit
|
|
2018-03-29
|
|
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
|
15 |
WEB
|
Metasploit
|
|
2014-11-03
|
|
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
|
12 |
WEB
|
Stefan Horst
|
|
2018-03-28
|
|
Open-AuditIT Professional 2.1 - Cross-Site Scripting
|
11 |
WEB
|
Nilesh Sapariya
|
|
2018-03-28
|
|
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
|
11 |
WEB
|
Todor Donev
|
|
2018-03-28
|
|
Microsoft Windows Remote Assistance - XML External Entity Injection
|
14 |
WEB
|
Nabeel Ahmed
|
|
2018-03-28
|
|
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Sven Fassbender
|
|
2018-03-28
|
|
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
|
19 |
WEB
|
Sven Fassbender
|
|
2018-03-27
|
|
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
|
17 |
WEB
|
Metasploit
|
|
2018-03-27
|
|
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
|
19 |
WEB
|
Metasploit
|
|
2018-03-26
|
|
Laravel Log Viewer < 0.13.0 - Local File Download
|
19 |
WEB
|
Haboob Team
|
|
2018-03-23
|
|
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
|
20 |
WEB
|
Nicolas Buzy-Debat
|
|
2018-03-23
|
|
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
|
19 |
WEB
|
0xB9
|
|
2018-03-23
|
|
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
|
19 |
WEB
|
Mans van Someren
|
|
2018-03-23
|
|
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass
|
20 |
WEB
|
Matamorphosis
|
|
2018-03-20
|
|
Cisco node-jos < 0.11.0 - Re-sign Tokens
|
19 |
WEB
|
zioBlack
|
|
2018-03-20
|
|
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting
|
17 |
WEB
|
Sayan Chatterjee
|
|
2018-03-20
|
|
Vehicle Sales Management System - Multiple Vulnerabilities
|
19 |
WEB
|
Sing
|
|
2018-03-20
|
|
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
|
16 |
WEB
|
anhax0r
|
|
2018-03-16
|
|
Contec Smart Home 4.15 - Unauthorized Password Reset
|
16 |
WEB
|
Z3ro0ne
|
|
2018-03-15
|
|
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
|
23 |
WEB
|
Antonio Francesco Sardella
|
|
2018-03-15
|
|
WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting
|
12 |
WEB
|
Stefan Broeder
|
|
2018-03-13
|
|
Tuleap 9.17.99.189 - Blind SQL Injection
|
18 |
WEB
|
Cristiano Maruti
|
|
2018-03-13
|
|
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
|
18 |
WEB
|
SEC Consult
|
|
2018-03-12
|
|
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
|
21 |
WEB
|
Clutchisback1
|
|
2018-03-12
|
|
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
|
19 |
WEB
|
Chris Lyne
|
|
2018-03-12
|
|
TextPattern 4.6.2 - 'qty' SQL Injection
|
19 |
WEB
|
Manuel García Cárdenas
|
|
2018-03-12
|
|
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
|
20 |
WEB
|
LiquidWorm
|
|
2018-03-12
|
|
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
|
20 |
WEB
|
Mehmet Ince
|
|
2018-03-09
|
|
Bacula-Web < 8.0.0-rc2 - SQL Injection
|
19 |
WEB
|
Gustavo Sorondo
|
|
2018-03-07
|
|
antMan 0.9.0c - Authentication Bypass
|
20 |
WEB
|
Joshua Bowser
|
|
2018-03-07
|
|
Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection
|
16 |
WEB
|
h0n1gsp3cht
|
|
2018-03-06
|
|
Bravo Tejari Web Portal - Cross-Site Request Forgery
|
14 |
WEB
|
Arvind V
|
|
2017-07-01
|
|
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download
|
17 |
WEB
|
Luth1er
|
|
2018-03-05
|
|
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
|
19 |
WEB
|
SEC Consult
|
|
2018-03-05
|
|
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
|
19 |
WEB
|
SEC Consult
|
|
2018-02-22
|
|
Parallels Remote Application Server 15.5 - Path Traversal
|
24 |
WEB
|
Nicolas Markitanis
|
|
2018-03-02
|
|
uWSGI < 2.0.17 - Directory Traversal
|
19 |
WEB
|
Marios Nicolaides
|
|
2018-03-02
|
|
antMan < 0.9.1a - Authentication Bypass
|
21 |
WEB
|
Joshua Bowser
|
|
2018-03-02
|
|
D-Link DIR-600M Wireless - Cross-Site Scripting
|
23 |
WEB
|
Prasenjit Kanti Paul
|
|
2018-02-28
|
|
Routers2 2.24 - Cross-Site Scripting
|
22 |
WEB
|
Lorenzo Di Fuccia
|
|
2018-02-27
|
|
Concrete5 CMS < 8.3.0 - Username / Comments Enumeration
|
17 |
WEB
|
Chapman Schleiss
|
|
2018-02-27
|
|
CMS Made Simple 2.1.6 - Remote Code Execution
|
17 |
WEB
|
Keerati T.
|
|
2018-02-27
|
|
School Management Script 3.0.4 - Authentication Bypass
|
17 |
WEB
|
Samiran Santra
|
|
2018-02-27
|
|
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting
|
19 |
WEB
|
0xB9
|
|
2018-02-22
|
|
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
|
21 |
WEB
|
Core Security
|
|
2018-02-22
|
|
Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection
|
17 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
|
18 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component CheckList 1.1.1 - SQL Injection
|
17 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection
|
19 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Ek Rishta 2.9 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection
|
16 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Proclaim 9.1.1 - Backup File Download
|
17 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component CW Tags 2.0.6 - SQL Injection
|
17 |
WEB
|
Ihsan Sencan
|
|
2018-02-19
|
|
October CMS < 1.0.431 - Cross-Site Scripting
|
18 |
WEB
|
Samrat Das
|
|
2018-02-16
|
|
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
|
28 |
WEB
|
Marios Nicolaides
|
|
2018-02-16
|
|
PSNews Website 1.0.0 - 'Keywords' SQL Injection
|
23 |
WEB
|
L0RD
|
|
2018-02-16
|
|
PHIMS - Hospital Management Information System - 'Password' SQL Injection
|
16 |
WEB
|
L0RD
|
