Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2018-05-21   Merge PACS 7.0 - Cross-Site Request Forgery 30 WEB Safak Aslan
2018-05-21   Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities 32 WEB L0RD
2018-05-21   Schneider Electric PLCs - Cross-Site Request Forgery 32 WEB t4rkd3vilz
2018-05-21   Teradek Slice 7.3.15 - Cross-Site Request Forgery 35 WEB LiquidWorm
2018-05-21   Teradek Cube 7.3.6 - Cross-Site Request Forgery 27 WEB LiquidWorm
2018-05-21   Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery 31 WEB LiquidWorm
2018-05-21   Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery 30 WEB LiquidWorm
2018-05-21   GitBucket 4.23.1 - Remote Code Execution 29 WEB Kacper Szurek
2018-05-21   Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery 31 WEB t4rkd3vilz
2018-05-21   ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting 31 WEB Ahmet Gurel
2018-05-21   Zenar Content Management System - Cross-Site Scripting 31 WEB Berk Dusunur
2018-05-21   Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request 33 WEB L0RD
2018-05-21   Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request 31 WEB L0RD
2018-05-21   Private Message PHP Script 2.0 - Cross-Site Scripting 31 WEB L0RD
2018-05-21   Superfood 1.0 - Multiple Vulnerabilities 33 WEB L0RD
2018-05-20   Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection 27 WEB Sina Kheirkhah
2018-05-20   D-Link DSL-3782 - Authentication Bypass 35 WEB Giulio Comi
2018-05-18   SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion 33 WEB Richard Alviarez
2018-05-18   Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery 30 WEB L0RD
2018-05-18   Cisco SA520W Security Appliance - Path Traversal 35 WEB Nassim Asrir
2018-05-18   SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure 37 WEB Richard Alviarez
2018-05-18   Monstra CMS < 3.0.4 - Cross-Site Scripting (2) 32 WEB Berk Dusunur
2018-05-18   Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery 36 WEB L0RD
2018-05-17   Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery 34 WEB t4rkd3vilz
2018-05-17   SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request for 38 WEB L0RD
2018-05-17   SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request for 36 WEB L0RD
2018-05-17   Intelbras NCLOUD 300 1.0 - Authentication bypass 35 WEB Pedro Aguiar
2018-05-17   NodAPS 4.0 - SQL injection / Cross-Site Request Forgery 38 WEB L0RD
2018-05-17   NodAPS 4.0 - SQL injection / Cross-Site Request Forgery 34 WEB L0RD
2018-05-16   RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross 35 WEB SEC Consult
2018-05-16   RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross 42 WEB SEC Consult
2018-05-16   WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery 34 WEB dxw
2018-05-16   totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery 32 WEB Compass Security
2018-05-16   Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery 30 WEB L0RD
2018-05-16   Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting 33 WEB L0RD
2018-05-16   Rockwell Scada System 27.011 - Cross-Site Scripting 33 WEB t4rkd3vilz
2018-05-16   VirtueMart 3.1.14 - Persistent Cross-Site Scripting 34 WEB Mattia Furlani
2018-05-16   MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery 35 WEB 0xB9
2018-05-03   JasperReports - (Authenticated) File Read 35 WEB Hector Monsegur
2018-05-14   XATABoost 1.0.0 - SQL Injection 36 WEB MgThuraMoeMyint
2018-05-13   WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting 35 WEB jiguang
2018-05-13   WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting 41 WEB jiguang
2018-05-11   Open-AudIT Community 2.2.0 - Cross-Site Scripting 38 WEB Tejesh Kolisetty
2018-05-11   Open-AudIT Professional - 2.1.1 - Cross-Site Scripting 34 WEB Tejesh Kolisetty
2018-05-10   MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting 38 WEB 0xB9
2018-05-10   ModbusPal 1.6b - XML External Entity Injection 32 WEB Trent Gordon
2018-05-10   Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery 33 WEB Raffaele Sabato
2018-05-06   WordPress Plugin User Role Editor < 4.25 - Privilege Escalation 38 WEB Tomislav Paskalev
2018-05-06   CSP MySQL User Manager 2.3.1 - Authentication Bypass 41 WEB Youssef Mami
2018-05-04   IceWarp Mail Server < 11.1.1 - Directory Traversal 31 WEB Trustwave's SpiderLabs
2018-05-04   WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting 36 WEB B0UG
2014-01-14   Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection 41 WEB Takeshi Terada
2018-03-27   DLINK DCS-5020L - Remote Code Execution (PoC) 36 WEB Fidus InfoSecurity
2018-05-02   Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery 44 WEB Qian Wu_ Bo Wang_ Jiawang Zhang
2018-05-01   WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site S 34 WEB B0UG
2018-04-30   Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root 38 WEB Jared Arave
2018-04-30   Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root 31 WEB Jared Arave
2018-04-30   WordPress Plugin Form Maker 1.12.20 - CSV Injection 35 WEB Sairam Jetty
2018-04-30   Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit) 33 WEB SixP4ck3r
2018-04-30   Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit) 41 WEB SixP4ck3r
2018-04-26   Frog CMS 0.9.5 - Persistent Cross-Site Scripting 36 WEB Wenming Jiang
2018-04-26   TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot 36 WEB Wadeek
2018-04-26   GitList 0.6 - Remote Code Execution 35 WEB Kacper Szurek
2018-04-26   MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting 34 WEB 0xB9
2018-04-26   October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting 31 WEB 0xB9
2018-04-26   SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response 29 WEB Sven Fassbender
2018-04-26   WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion 31 WEB Wadeek
2018-04-26   Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution 35 WEB Alessio Sergi
2018-04-25   Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC) 31 WEB Blaklis
2018-04-25   HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion 30 WEB 8bitsec
2018-04-25   HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting 36 WEB 8bitsec
2018-04-25   HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection 29 WEB 8bitsec
2018-04-25   HRSALE The Ultimate HRM 1.0.2 - CSV Injection 34 WEB 8bitsec
2018-04-25   Blog Master Pro 1.0 - CSV Injection 35 WEB 8bitsec
2018-04-25   Shopy Point of Sale 1.0 - CSV Injection 34 WEB 8bitsec
2018-04-24   WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting 31 WEB SEC Consult
2018-04-24   WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion 34 WEB Lenon Leite
2018-04-24   Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure 30 WEB Berk Cem Göksel
2018-04-24   Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass 30 WEB devcoinfet
2018-04-24   Monstra CMS 3.0.4 - Arbitrary Folder Deletion 35 WEB Wenming Jiang
2018-04-24   Open-AudIT 2.1 - CSV Macro Injection 33 WEB Sureshbabu Narvaneni
2018-04-24   WUZHI CMS 4.1.0 - Cross-Site Request Forgery 37 WEB jiguang
2018-04-24   UK Cookie Consent - Persistent Cross-Site Scripting 35 WEB B0UG
2018-04-23   Monstra cms 3.0.4 - Persitent Cross-Site Scripting 30 WEB Wenming Jiang
2018-04-23   Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure 35 WEB Larry W. Cashdollar
2018-04-23   Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation 33 WEB r4wd3r
2018-04-23   Ncomputing vSpace Pro 10/11 - Directory Traversal 32 WEB Javier Bernardo
2018-04-23   phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery 32 WEB revengsh
2018-04-20   Cobub Razor 0.8.0 - Physical Path Leakage 35 WEB Kyhvedn
2018-04-18   Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities 39 WEB bzyo
2018-04-18   Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities 33 WEB bzyo
2018-04-18   Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery 34 WEB Sureshbabu Narvaneni
2018-04-18   WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting 32 WEB Federico Scalco
2018-04-18   Lutron Quantum 2.0 - 3.2.243 - Information Disclosure 33 WEB SadFud
2018-04-18   Kodi 17.6 - Persistent Cross-Site Scripting 42 WEB Manuel García Cárdenas
2018-04-18   Match Clone Script 1.0.4 - Cross-Site Scripting 43 WEB ManhNho
2018-04-18   Rvsitebuilder CMS - Database Backup Download 33 WEB Hesam Bazvand
2018-04-18   MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting 34 WEB Keerati T.
2018-04-18   MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting 37 WEB Keerati T.
2018-04-17   Joomla! Component jDownloads 3.2.58 - Cross Site Scripting 33 WEB Sureshbabu Narvaneni
2018-04-16   Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference 37 WEB Frogy
2018-04-16   Cobub Razor 0.8.0 - SQL injection 38 WEB Kyhvedn
2018-04-13   Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution 35 WEB Hans Topo & g0tmi1k
2018-04-13   Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) 37 WEB Vitalii Rudnykh
2018-04-12   Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) 42 WEB Sairam Jetty
2018-04-10   WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC) 38 WEB ManhNho
2018-04-10   WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting 34 WEB ManhNho
2018-04-10   Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Contr 33 WEB SlidingWindow
2018-04-10   WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) 36 WEB taoge
2018-04-10   WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin) 38 WEB taoge
2018-04-10   WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting 33 WEB Stefan Broeder
2018-04-10   iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting 34 WEB ManhNho
2018-04-09   WordPress Plugin Google Drive 2.2 - Remote Code Execution 32 WEB Lenon Leite
2018-04-09   iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC) 37 WEB ManhNho
2018-04-09   WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution 28 WEB Lenon Leite
2018-04-09   Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution 33 WEB Lenon Leite
2018-04-09   KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin) 31 WEB LiquidWorm
2018-04-09   KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection 32 WEB LiquidWorm
2018-04-09   CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution 35 WEB RedTeam Pentesting
2018-04-09   WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution 36 WEB Graeme Robinson
2018-04-09   Yahei PHP Prober 0.4.7 - Cross-Site Scripting 35 WEB ManhNho
2018-04-09   WolfCMS 0.8.3.1 - Open Redirection 36 WEB Sureshbabu Narvaneni
2018-04-09   MyBB Plugin Recent Threads On Index - Cross-Site Scripting 31 WEB Perileos
2018-04-09   Cobub Razor 0.7.2 - Add New Superuser Account 33 WEB ppb
2018-04-09   WolfCMS 0.8.3.1 - Cross-Site Request Forgery 36 WEB Sureshbabu Narvaneni