|
2018-02-16
|
|
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component NeoRecruit 4.1 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JTicketing 2.0.16 - SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JS Jobs 1.1.9 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JS Autoz 1.0.9 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component jGive 2.0.9 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Gallery WD 1.3.6 - SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Form Maker 3.6.12 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component File Download Tracker 3.0 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Fastball 2.5 - 'season' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Aist 2.0 - 'id' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
|
13 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
|
13 |
WEB
|
Alwin Peppels
|
|
2018-02-16
|
|
Twig < 2.4.4 - Server Side Template Injection
|
14 |
WEB
|
JameelNabbo
|
|
2018-02-16
|
|
UserSpice 4.3 - Blind SQL Injection
|
13 |
WEB
|
Dolev Farhi
|
|
2018-02-16
|
|
TV - Video Subscription - Authentication Bypass SQL Injection
|
13 |
WEB
|
L0RD
|
|
2018-02-16
|
|
EPIC MyChart - X-Path Injection
|
13 |
WEB
|
Shayan S
|
|
2017-12-06
|
|
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Exec
|
16 |
WEB
|
SecuriTeam
|
|
2017-07-16
|
|
Geneko Routers - Path Traversal
|
19 |
WEB
|
SecuriTeam
|
|
2017-06-08
|
|
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
|
13 |
WEB
|
SecuriTeam
|
|
2017-05-10
|
|
Cisco DPC3928 Router - Arbitrary File Disclosure
|
14 |
WEB
|
SecuriTeam
|
|
2017-06-19
|
|
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
|
11 |
WEB
|
SecuriTeam
|
|
2017-09-07
|
|
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
|
13 |
WEB
|
SecuriTeam
|
|
2017-09-11
|
|
Hanbanggaoke IP Camera - Arbitrary Password Change
|
9 |
WEB
|
SecuriTeam
|
|
2017-10-09
|
|
QNAP HelpDesk < 1.1.12 - SQL Injection
|
10 |
WEB
|
SecuriTeam
|
|
2017-08-03
|
|
Horde Groupware 5.2.21 - Unauthorized File Download
|
10 |
WEB
|
SecuriTeam
|
|
2017-08-03
|
|
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
|
12 |
WEB
|
SecuriTeam
|
|
2017-10-09
|
|
PHP Melody 2.7.3 - Multiple Vulnerabilities
|
13 |
WEB
|
SecuriTeam
|
|
2017-10-13
|
|
FiberHome - Directory Traversal
|
14 |
WEB
|
SecuriTeam
|
|
2017-11-21
|
|
DblTek - Multiple Vulnerabilities
|
14 |
WEB
|
SecuriTeam
|
|
2017-11-07
|
|
Ametys CMS 4.0.2 - Password Reset
|
14 |
WEB
|
SecuriTeam
|
|
2018-01-15
|
|
GitStack - Remote Code Execution
|
14 |
WEB
|
SecuriTeam
|
|
2018-01-29
|
|
iBall WRA150N - Multiple Vulnerabilities
|
12 |
WEB
|
SecuriTeam
|
|
2017-03-17
|
|
Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution
|
9 |
WEB
|
SecuriTeam
|
|
2018-02-14
|
|
Dell EMC Isilon OneFS - Multiple Vulnerabilities
|
11 |
WEB
|
Core Security
|
|
2018-02-14
|
|
userSpice 4.3 - Cross-Site Scripting
|
11 |
WEB
|
Dolev Farhi
|
|
2018-02-14
|
|
SOA School Management - 'access_login' SQL Injection
|
11 |
WEB
|
L0RD
|
|
2018-02-14
|
|
Social Oauth Login PHP - Authentication Bypass
|
12 |
WEB
|
L0RD
|
|
2018-02-14
|
|
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
|
11 |
WEB
|
hyp3rlinx
|
|
2018-02-14
|
|
NAT32 2.2 Build 22284 - Remote Command Execution
|
18 |
WEB
|
hyp3rlinx
|
|
2018-02-13
|
|
News Website Script 2.0.4 - 'search' SQL Injection
|
14 |
WEB
|
Varun Bagaria
|
|
2018-02-13
|
|
TypeSetter CMS 5.1 - Cross-Site Request Forgery
|
11 |
WEB
|
Navina Asrani
|
|
2018-02-13
|
|
TypeSetter CMS 5.1 - 'Host' Header Injection
|
13 |
WEB
|
Navina Asrani
|
|
2018-02-12
|
|
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
|
14 |
WEB
|
LiquidWorm
|
|
2018-02-12
|
|
LogicalDOC Enterprise 7.7.4 - User Enumeration
|
12 |
WEB
|
LiquidWorm
|
|
2018-02-12
|
|
LogicalDOC Enterprise 7.7.4 - Directory Traversal
|
10 |
WEB
|
LiquidWorm
|
|
2018-02-11
|
|
Readymade Video Sharing Script 3.2 - 'search' SQL Injection
|
13 |
WEB
|
Varun Bagaria
|
|
2018-02-11
|
|
Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection
|
10 |
WEB
|
L0RD
|
|
2018-02-10
|
|
Multi Language Olx Clone Script - Cross-Site Scripting
|
12 |
WEB
|
Varun Bagaria
|
|
2018-02-10
|
|
Naukri Clone Script 3.0.3 - 'indus' SQL Injection
|
14 |
WEB
|
L0RD
|
|
2018-02-07
|
|
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
|
13 |
WEB
|
L0RD
|
|
2018-02-07
|
|
Online Test Script 2.0.7 - 'cid' SQL Injection
|
12 |
WEB
|
L0RD
|
|
2018-02-05
|
|
Netis WF2419 Router - Cross-Site Scripting
|
12 |
WEB
|
Sajibe Kanti
|
|
2018-02-05
|
|
Student Profile Management System Script 2.0.6 - Authentication Bypass
|
12 |
WEB
|
L0RD
|
|
2018-02-05
|
|
Joomla! Component JSP Tickets 1.1 - SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2018-02-05
|
|
Joomla! Component jLike 1.0 - Information Leak
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-02-05
|
|
Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-02-05
|
|
Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-02-05
|
|
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-02-05
|
|
Online Voting System - Authentication Bypass
|
11 |
WEB
|
Giulio Comi
|
|
2018-02-05
|
|
NixCMS 1.0 - 'category_id' SQL Injection
|
12 |
WEB
|
Bora Bozdogan
|
|
2018-02-05
|
|
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
|
9 |
WEB
|
L0RD
|
|
2018-02-05
|
|
Wonder CMS 2.3.1 - 'Host' Header Injection
|
10 |
WEB
|
Samrat Das
|
|
2018-02-05
|
|
Wonder CMS 2.3.1 - Unrestricted File Upload
|
15 |
WEB
|
Samrat Das
|
|
2018-02-02
|
|
FiberHome AN5506 - Remote DNS Change
|
10 |
WEB
|
r0ots3c
|
|
2018-02-02
|
|
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
|
9 |
WEB
|
Dmitry Chastuhin
|
|
2018-02-02
|
|
Joomla! Component JMS Music 1.1.1 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload
|
12 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
Event Manager 1.0 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-02-02
|
|
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
|
7 |
WEB
|
1n3
|
|
2018-02-02
|
|
Advance Loan Management System - 'id' SQL Injection
|
6 |
WEB
|
8bitsec
|
|
2018-02-02
|
|
Real Estate Custom Script - 'route' SQL Injection
|
9 |
WEB
|
8bitsec
|
|
2018-02-02
|
|
Fancy Clone Script - 'search_browse_product' SQL Injection
|
11 |
WEB
|
8bitsec
|
|
2018-02-02
|
|
Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2018-01-30
|
|
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
|
8 |
WEB
|
Paul Taylor
|
|
2018-01-30
|
|
Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-01-30
|
|
Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-30
|
|
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-30
|
|
Advantech WebAccess < 8.3 - SQL Injection
|
12 |
WEB
|
Chris Lyne
|
|
2018-01-28
|
|
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
|
12 |
WEB
|
Saurabh Banawar
|
|
2018-01-28
|
|
Netis WF2419 Router - Cross-Site Request Forgery
|
12 |
WEB
|
Sajibe Kanti
|
|
2018-01-28
|
|
Buddy Zone 2.9.9 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Hot Scripts Clone - 'subctid' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
TSiteBuilder 1.0 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Task Rabbit Clone 1.0 - 'id' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
|
7 |
WEB
|
Ihsan Sencan
|
|
2018-01-28
|
|
Nexpose < 6.4.66 - Cross-Site Request Forgery
|
8 |
WEB
|
Shwetabh Vishnoi
|
|
2018-01-28
|
|
Gnew 2018.1 - Cross-Site Request Forgery
|
10 |
WEB
|
Cyril Vallicari
|
|
2018-01-28
|
|
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
|
8 |
WEB
|
Carlos Avila
|
|
2018-01-28
|
|
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal
|
12 |
WEB
|
Carlos Avila
|
|
2018-01-26
|
|
WordPress Plugin Learning Management System - 'course_id' SQL Injection
|
12 |
WEB
|
Esecurity.ir
|
|
2018-01-25
|
|
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
|
9 |
WEB
|
Víctor Calvo
|
|
2018-01-26
|
|
Dodocool DC38 N300 - Cross-site Request Forgery
|
10 |
WEB
|
Raffaele Sabato
|
|
2014-11-09
|
|
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
|
9 |
WEB
|
Pedro Ribeiro
|
|
2014-12-03
|
|
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
|
8 |
WEB
|
Pedro Ribeiro
|
|
2015-02-09
|
|
ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities
|
7 |
WEB
|
Pedro Ribeiro
|
|
2014-11-05
|
|
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
|
7 |
WEB
|
Pedro Ribeiro
|
|
2015-01-15
|
|
ManageEngine Desktop Central - Create Administrator
|
8 |
WEB
|
Pedro Ribeiro
|
|
2014-10-12
|
|
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
|
10 |
WEB
|
Pedro Ribeiro
|
|
2014-10-12
|
|
GetSimple CMS 3.3.1 - Cross-Site Scripting
|
9 |
WEB
|
Pedro Ribeiro
|
|
2014-10-12
|
|
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
|
9 |
WEB
|
Pedro Ribeiro
|
|
2015-06-10
|
|
SysAid Help Desk 14.4 - Multiple Vulnerabilities
|
10 |
WEB
|
Pedro Ribeiro
|
|
2017-01-31
|
|
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
|
6 |
WEB
|
Pedro Ribeiro
|
|
2015-09-28
|
|
BMC Track-It! 11.4 - Multiple Vulnerabilities
|
9 |
WEB
|
Pedro Ribeiro
|
|
2015-09-28
|
|
Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload
|
10 |
WEB
|
Pedro Ribeiro
|
|
2018-01-24
|
|
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
|
9 |
WEB
|
Paul Taylor
|
|
2018-01-24
|
|
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
|
8 |
WEB
|
Paul Taylor
|
|
2018-01-24
|
|
WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure
|
10 |
WEB
|
ThreatPress Security
|
|
2018-01-24
|
|
Professional Local Directory Script 1.0 - SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2018-01-23
|
|
Flexible Poll 1.2 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-01-23
|
|
Quickad 4.0 - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2018-01-23
|
|
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
Ihsan Sencan
|
