Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2018-02-16   Joomla! Component Fastball 2.5 - 'season' SQL Injection 42 WEB Ihsan Sencan
2018-02-16   Joomla! Component DT Register 3.2.7 - 'id' SQL Injection 35 WEB Ihsan Sencan
2018-02-16   Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection 33 WEB Ihsan Sencan
2018-02-16   Joomla! Component Aist 2.0 - 'id' SQL Injection 33 WEB Ihsan Sencan
2018-02-16   Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection 37 WEB Ihsan Sencan
2018-02-16   Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting 37 WEB Alwin Peppels
2018-02-16   Twig < 2.4.4 - Server Side Template Injection 33 WEB JameelNabbo
2018-02-16   UserSpice 4.3 - Blind SQL Injection 38 WEB Dolev Farhi
2018-02-16   TV - Video Subscription - Authentication Bypass SQL Injection 36 WEB L0RD
2018-02-16   EPIC MyChart - X-Path Injection 35 WEB Shayan S
2017-12-06   Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Exec 46 WEB SecuriTeam
2017-07-16   Geneko Routers - Path Traversal 45 WEB SecuriTeam
2017-06-08   IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities 47 WEB SecuriTeam
2017-05-10   Cisco DPC3928 Router - Arbitrary File Disclosure 43 WEB SecuriTeam
2017-06-19   Sophos XG Firewall 16.05.4 MR-4 - Path Traversal 37 WEB SecuriTeam
2017-09-07   McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution 41 WEB SecuriTeam
2017-09-11   Hanbanggaoke IP Camera - Arbitrary Password Change 35 WEB SecuriTeam
2017-10-09   QNAP HelpDesk < 1.1.12 - SQL Injection 33 WEB SecuriTeam
2017-08-03   Horde Groupware 5.2.21 - Unauthorized File Download 37 WEB SecuriTeam
2017-08-03   Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure 39 WEB SecuriTeam
2017-10-09   PHP Melody 2.7.3 - Multiple Vulnerabilities 32 WEB SecuriTeam
2017-10-13   FiberHome - Directory Traversal 35 WEB SecuriTeam
2017-11-21   DblTek - Multiple Vulnerabilities 36 WEB SecuriTeam
2017-11-07   Ametys CMS 4.0.2 - Password Reset 37 WEB SecuriTeam
2018-01-15   GitStack - Remote Code Execution 37 WEB SecuriTeam
2018-01-29   iBall WRA150N - Multiple Vulnerabilities 35 WEB SecuriTeam
2017-03-17   Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution 35 WEB SecuriTeam
2018-02-14   Dell EMC Isilon OneFS - Multiple Vulnerabilities 36 WEB Core Security
2018-02-14   userSpice 4.3 - Cross-Site Scripting 32 WEB Dolev Farhi
2018-02-14   SOA School Management - 'access_login' SQL Injection 34 WEB L0RD
2018-02-14   Social Oauth Login PHP - Authentication Bypass 33 WEB L0RD
2018-02-14   NAT32 2.2 Build 22284 - Cross-Site Request Forgery 40 WEB hyp3rlinx
2018-02-14   NAT32 2.2 Build 22284 - Remote Command Execution 53 WEB hyp3rlinx
2018-02-13   News Website Script 2.0.4 - 'search' SQL Injection 35 WEB Varun Bagaria
2018-02-13   TypeSetter CMS 5.1 - Cross-Site Request Forgery 40 WEB Navina Asrani
2018-02-13   TypeSetter CMS 5.1 - 'Host' Header Injection 45 WEB Navina Asrani
2018-02-12   LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution 43 WEB LiquidWorm
2018-02-12   LogicalDOC Enterprise 7.7.4 - User Enumeration 39 WEB LiquidWorm
2018-02-12   LogicalDOC Enterprise 7.7.4 - Directory Traversal 34 WEB LiquidWorm
2018-02-11   Readymade Video Sharing Script 3.2 - 'search' SQL Injection 40 WEB Varun Bagaria
2018-02-11   Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection 32 WEB L0RD
2018-02-10   Multi Language Olx Clone Script - Cross-Site Scripting 37 WEB Varun Bagaria
2018-02-10   Naukri Clone Script 3.0.3 - 'indus' SQL Injection 39 WEB L0RD
2018-02-07   Entrepreneur Dating Script 2.0.2 - Authentication Bypass 37 WEB L0RD
2018-02-07   Online Test Script 2.0.7 - 'cid' SQL Injection 39 WEB L0RD
2018-02-05   Netis WF2419 Router - Cross-Site Scripting 41 WEB Sajibe Kanti
2018-02-05   Student Profile Management System Script 2.0.6 - Authentication Bypass 36 WEB L0RD
2018-02-05   Joomla! Component JSP Tickets 1.1 - SQL Injection 33 WEB Ihsan Sencan
2018-02-05   Joomla! Component jLike 1.0 - Information Leak 35 WEB Ihsan Sencan
2018-02-05   Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection 32 WEB Ihsan Sencan
2018-02-05   Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection 36 WEB Ihsan Sencan
2018-02-05   Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection 38 WEB Ihsan Sencan
2018-02-05   Online Voting System - Authentication Bypass 37 WEB Giulio Comi
2018-02-05   NixCMS 1.0 - 'category_id' SQL Injection 34 WEB Bora Bozdogan
2018-02-05   Matrimonial Website Script 2.1.6 - 'uid' SQL Injection 34 WEB L0RD
2018-02-05   Wonder CMS 2.3.1 - 'Host' Header Injection 33 WEB Samrat Das
2018-02-05   Wonder CMS 2.3.1 - Unrestricted File Upload 38 WEB Samrat Das
2018-02-02   FiberHome AN5506 - Remote DNS Change 35 WEB r0ots3c
2018-02-02   Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal 35 WEB Dmitry Chastuhin
2018-02-02   Joomla! Component JMS Music 1.1.1 - SQL Injection 31 WEB Ihsan Sencan
2018-02-02   Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload 35 WEB Ihsan Sencan
2018-02-02   Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection 31 WEB Ihsan Sencan
2018-02-02   Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection 37 WEB Ihsan Sencan
2018-02-02   Event Manager 1.0 - SQL Injection 37 WEB Ihsan Sencan
2018-02-02   Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection 30 WEB Ihsan Sencan
2018-02-02   IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting 33 WEB 1n3
2018-02-02   Advance Loan Management System - 'id' SQL Injection 29 WEB 8bitsec
2018-02-02   Real Estate Custom Script - 'route' SQL Injection 32 WEB 8bitsec
2018-02-02   Fancy Clone Script - 'search_browse_product' SQL Injection 32 WEB 8bitsec
2018-02-02   Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection 38 WEB Ihsan Sencan
2018-01-30   BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure 33 WEB Paul Taylor
2018-01-30   Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection 33 WEB Ihsan Sencan
2018-01-30   Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection 35 WEB Ihsan Sencan
2018-01-30   Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal 32 WEB Ihsan Sencan
2018-01-30   Advantech WebAccess < 8.3 - SQL Injection 39 WEB Chris Lyne
2018-01-28   KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery 32 WEB Saurabh Banawar
2018-01-28   Netis WF2419 Router - Cross-Site Request Forgery 38 WEB Sajibe Kanti
2018-01-28   Buddy Zone 2.9.9 - SQL Injection 34 WEB Ihsan Sencan
2018-01-28   Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection 34 WEB Ihsan Sencan
2018-01-28   Hot Scripts Clone - 'subctid' SQL Injection 33 WEB Ihsan Sencan
2018-01-28   TSiteBuilder 1.0 - SQL Injection 31 WEB Ihsan Sencan
2018-01-28   Task Rabbit Clone 1.0 - 'id' SQL Injection 30 WEB Ihsan Sencan
2018-01-28   Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download 30 WEB Ihsan Sencan
2018-01-28   Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery 31 WEB Ihsan Sencan
2018-01-28   Nexpose < 6.4.66 - Cross-Site Request Forgery 31 WEB Shwetabh Vishnoi
2018-01-28   Gnew 2018.1 - Cross-Site Request Forgery 32 WEB Cyril Vallicari
2018-01-28   PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection 39 WEB Carlos Avila
2018-01-28   PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal 37 WEB Carlos Avila
2018-01-26   WordPress Plugin Learning Management System - 'course_id' SQL Injection 35 WEB Esecurity.ir
2018-01-25   ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password 34 WEB Víctor Calvo
2018-01-26   Dodocool DC38 N300 - Cross-site Request Forgery 35 WEB Raffaele Sabato
2014-11-09   ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities 33 WEB Pedro Ribeiro
2014-12-03   ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download 33 WEB Pedro Ribeiro
2015-02-09   ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities 42 WEB Pedro Ribeiro
2014-11-05   ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2) 34 WEB Pedro Ribeiro
2015-01-15   ManageEngine Desktop Central - Create Administrator 34 WEB Pedro Ribeiro
2014-10-12   CMS Made Simple 1.11.9 - Multiple Vulnerabilities 38 WEB Pedro Ribeiro
2014-10-12   GetSimple CMS 3.3.1 - Cross-Site Scripting 34 WEB Pedro Ribeiro
2014-10-12   Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities 33 WEB Pedro Ribeiro
2015-06-10   SysAid Help Desk 14.4 - Multiple Vulnerabilities 34 WEB Pedro Ribeiro
2017-01-31   Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities 30 WEB Pedro Ribeiro
2015-09-28   BMC Track-It! 11.4 - Multiple Vulnerabilities 44 WEB Pedro Ribeiro
2015-09-28   Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload 36 WEB Pedro Ribeiro
2018-01-24   Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload 34 WEB Paul Taylor
2018-01-24   Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure 31 WEB Paul Taylor
2018-01-24   WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure 37 WEB ThreatPress Security
2018-01-24   Professional Local Directory Script 1.0 - SQL Injection 35 WEB Ihsan Sencan
2018-01-23   Flexible Poll 1.2 - SQL Injection 31 WEB Ihsan Sencan
2018-01-23   Quickad 4.0 - SQL Injection 35 WEB Ihsan Sencan
2018-01-23   Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin) 32 WEB Ihsan Sencan
2018-01-23   Tumder 2.1 - SQL Injection 34 WEB Ihsan Sencan
2018-01-23   Zechat 1.5 - SQL Injection 35 WEB Ihsan Sencan
2018-01-23   Wchat 1.5 - SQL Injection 35 WEB Ihsan Sencan
2018-01-23   Easy Car Script 2014 - SQL Injection 36 WEB Ihsan Sencan
2018-01-23   RSVP Invitation Online 1.0 - Cross-Site Request Forgery (Update Admin) 30 WEB Ihsan Sencan
2018-01-23   Affiligator 2.1.0 - SQL Injection 33 WEB Ihsan Sencan
2018-01-23   LiveCRM SaaS Cloud 1.0 - SQL Injection 32 WEB Ihsan Sencan
2018-01-23   NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download 38 WEB LiquidWorm
2018-01-23   CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection 38 WEB Vulnerability-Lab
2018-01-21   OTRS 5.0.x/6.0.x - Remote Command Execution (1) 36 WEB Bæln0rn
2018-01-21   CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities 34 WEB Vulnerability-Lab
2018-01-21   Shopware 5.2.5/5.3 - Cross-Site Scripting 36 WEB Vulnerability-Lab
2018-01-21   Oracle JDeveloper 11.1.x/12.x - Directory Traversal 34 WEB hyp3rlinx
2018-01-15   DarkComet (C2 Server) - File Upload 34 WEB Pseudo Laboratories
2018-01-15   D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities 31 WEB GulfTech Security