|
2017-10-30
|
|
Protected Links - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
AROX School ERP PHP Script - 'id' SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Shareet - 'photo' SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
US Zip Codes Database - 'state' SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Newspaper 1.0 - SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
News 1.0 - SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
MyMagazine 1.0 - 'id' SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
CmsLite 1.4 - 'S' SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Basic B2B Script - SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
CPA Lead Reward Script - SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Fake Magazine Cover Script - SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Nice PHP FAQ Script - 'nice_theme' SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Online Exam Test Application - 'sort' SQL Injection
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Php Inventory - Arbitrary File Upload
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Website Broker Script - 'status_id' SQL Injection
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
Zomato Clone Script - 'resid' SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-10-30
|
|
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
|
23 |
WEB
|
tomplixsee
|
|
2017-10-27
|
|
phpMyFAQ 2.9.8 - Cross-Site Request Forgery
|
29 |
WEB
|
Nikhil Mittal
|
|
2017-10-28
|
|
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
|
25 |
WEB
|
Nikhil Mittal
|
|
2017-10-28
|
|
PHP Melody 2.6.1 - SQL Injection
|
26 |
WEB
|
Venkat Rajgor
|
|
2017-10-25
|
|
PHPMailer < 5.2.21 - Local File Disclosure
|
26 |
WEB
|
Maciek Krupa
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
|
26 |
WEB
|
Ishaq Mohammed
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
|
26 |
WEB
|
Ishaq Mohammed
|
|
2017-10-24
|
|
FS Realtor Clone - 'id' SQL Injection
|
23 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Crowdfunding Script - 'id' SQL Injection
|
33 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Care Clone - 'sitterService' SQL Injection
|
25 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Monster Clone - 'id' SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Trademe Clone - 'id' SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Thumbtack Clone - 'ser' SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Shutter Stock Clone - 'keywords' SQL Injection
|
30 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
|
26 |
WEB
|
Anthony Cole
|
|
2017-10-23
|
|
FS OLX Clone - 'catg_id' SQL Injection
|
29 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Lynda Clone - 'category' SQL Injection
|
26 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Indiamart Clone - 'keywords' SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Groupon Clone - 'category' SQL Injection
|
29 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Freelancer Clone - 'sk' SQL Injection
|
29 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Expedia Clone - 'hid' SQL Injection
|
25 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Food Delivery Script - 'keywords' SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Ebay Clone - 'pd_maincat_id' SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Book Store Script - 'category' SQL Injection
|
28 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Amazon Clone - 'category_id' SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Car Rental Script - 'pickup_location' SQL Injection
|
26 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
Kaltura < 13.2.0 - Remote Code Execution
|
28 |
WEB
|
Robin Verton
|
|
2017-10-22
|
|
CometChat < 6.2.0 BETA 1 - Local File Inclusion
|
26 |
WEB
|
Paradoxis
|
|
2017-10-14
|
|
Logitech Media Server - Cross-Site Scripting
|
27 |
WEB
|
Thiago Sena
|
|
2017-10-12
|
|
TP-Link TL-MR3220 - Cross-Site Scripting
|
24 |
WEB
|
Thiago Sena
|
|
2017-10-17
|
|
TP-Link WR940N - (Authenticated) Remote Code
|
27 |
WEB
|
Fidus InfoSecurity
|
|
2017-10-18
|
|
Check_MK 1.2.8p25 - Information Disclosure
|
29 |
WEB
|
Julien Ahrens
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Improper Access Restrictions
|
27 |
WEB
|
Arvind V
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Cross-Site Request Forgery
|
26 |
WEB
|
Arvind V
|
|
2017-10-18
|
|
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
|
28 |
WEB
|
SEC Consult
|
|
2017-10-18
|
|
Linksys E Series - Multiple Vulnerabilities
|
30 |
WEB
|
SEC Consult
|
|
2017-10-17
|
|
WordPress Plugin Car Park Booking - SQL Injection
|
31 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Career Portal 1.0 - SQL Injection
|
28 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
|
25 |
WEB
|
Michael Stepankin & Olga Barinova
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download
|
26 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
|
29 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
|
26 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Privilege Escalation
|
43 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
|
31 |
WEB
|
Pavel Suprunyuk
|
|
2017-10-16
|
|
3CX Phone System 15.5.3554.1 - Directory Traversal
|
33 |
WEB
|
Jens Regel
|
|
2017-10-15
|
|
Webmin 1.850 - Multiple Vulnerabilities
|
24 |
WEB
|
hyp3rlinx
|
|
2017-10-13
|
|
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
|
22 |
WEB
|
Julien Ahrens
|
|
2017-10-13
|
|
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
|
24 |
WEB
|
Ishaq Mohammed
|
|
2017-10-12
|
|
Dreambox Plugin BouquetEditor - Cross-Site Scripting
|
23 |
WEB
|
Thiago Sena
|
|
2017-10-13
|
|
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
|
33 |
WEB
|
CrashBandicot
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Cross Site Scripting
|
27 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'f' SQL Injection
|
28 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'cpfcnpj' SQL Injection
|
25 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Autentication Bypass
|
26 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'q' SQL Injection
|
25 |
WEB
|
Guilherme Assmann
|
|
2017-10-12
|
|
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
|
31 |
WEB
|
Ishaq Mohammed
|
|
2017-10-11
|
|
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
|
30 |
WEB
|
Leonardo Duarte
|
|
2017-10-11
|
|
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Me
|
34 |
WEB
|
Mehmet Ince
|
|
2017-10-11
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
|
31 |
WEB
|
Mehmet Ince
|
|
2017-10-10
|
|
Complain Management System - Hard-Coded Credentials / Blind SQL injection
|
31 |
WEB
|
havysec
|
|
2017-10-09
|
|
ClipShare 7.0 - SQL Injection
|
32 |
WEB
|
8bitsec
|
|
2017-10-09
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
30 |
WEB
|
intx0x80
|
|
2017-08-30
|
|
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery
|
30 |
WEB
|
Dhiraj Mishra
|
|
2017-08-08
|
|
Unitrends UEB 9.1 - Privilege Escalation
|
29 |
WEB
|
Jared Arave
|
|
2017-09-27
|
|
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
|
33 |
WEB
|
Kacper Szurek
|
|
2017-10-04
|
|
ClipBucket 2.8.3 - Remote Code Execution
|
32 |
WEB
|
Meisam Monsef
|
|
2017-09-20
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
27 |
WEB
|
xxlegend
|
|
2017-10-03
|
|
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
|
30 |
WEB
|
Zeeshan Shaikh
|
|
2017-10-03
|
|
Fiberhome AN5506-04-F - Command Injection
|
30 |
WEB
|
Tauco
|
|
2017-10-02
|
|
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
|
32 |
WEB
|
Marcin Woloszyn
|
|
2017-10-02
|
|
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
|
32 |
WEB
|
Marcin Woloszyn
|
|
2017-10-02
|
|
phpCollab 2.5.1 - SQL Injection
|
32 |
WEB
|
Sysdream
|
|
2017-10-02
|
|
phpCollab 2.5.1 - Arbitrary File Upload
|
26 |
WEB
|
Sysdream
|
|
2017-10-02
|
|
NPM-V (Network Power Manager) 2.4.1 - Password Reset
|
30 |
WEB
|
Saeed reza Zamanian
|
|
2017-09-24
|
|
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
|
32 |
WEB
|
RAT - ThiefKing
|
|
2017-09-29
|
|
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
|
29 |
WEB
|
Ihsan Sencan
|
|
2017-09-28
|
|
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
|
31 |
WEB
|
8bitsec
|
|
2017-09-28
|
|
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
|
33 |
WEB
|
8bitsec
|
|
2017-09-29
|
|
WordPress Plugin WPHRM - SQL Injection
|
29 |
WEB
|
Ihsan Sencan
|
|
2017-09-27
|
|
SmarterStats 11.3.6347 - Cross-Site Scripting
|
28 |
WEB
|
sqlhacker
|
|
2017-09-29
|
|
FileRun < 2017.09.18 - SQL Injection
|
26 |
WEB
|
SPARC
|
|
2017-09-28
|
|
Easy Blog PHP Script 1.3a - 'id' SQL Injection
|
35 |
WEB
|
8bitsec
|
|
2017-09-28
|
|
Roteador Wireless Intelbras WRN150 - Autentication Bypass
|
30 |
WEB
|
Elber Tavares
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
|
33 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
|
26 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
|
30 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
|
34 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
|
26 |
WEB
|
hyp3rlinx
|
|
2017-02-22
|
|
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
|
23 |
WEB
|
forsec
|
|
2017-09-26
|
|
WordPress Plugin WPAMS - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin School Management System - SQL Injection
|
35 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin Hospital Management System - SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin WPGYM - SQL Injection
|
30 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin WPCHURCH - SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
AMC Master - Arbitrary File Upload
|
25 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
SMSmaster - SQL Injection
|
28 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
Photo Fusion - Arbitrary File Upload
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
TicketPlus - Arbitrary File Upload
|
27 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
Job Links - Arbitrary File Upload
|
26 |
WEB
|
Ihsan Sencan
|
|
2017-09-16
|
|
WordPress Plugin Content Timeline - SQL Injection
|
29 |
WEB
|
Jeroen - IT Nerdbox
|
|
2017-08-31
|
|
Sitefinity CMS 9.2 - Cross-Site Scripting
|
28 |
WEB
|
Pralhad Chaskar
|
|
2017-09-25
|
|
FLIR Thermal Camera F/FC/PT/D - Stream Disclosure
|
31 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera FC-S/PT - Command Injection
|
29 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera F/FC/PT/D - Information Disclosure
|
28 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
|
31 |
WEB
|
LiquidWorm
|
|
2017-09-22
|
|
JitBit HelpDesk < 9.0.2 - Authentication Bypass
|
35 |
WEB
|
Kc57
|
|
2017-09-22
|
|
PHP Auction Ecommerce Script 1.6 - SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-09-22
|
|
Secure E-commerce Script 1.02 - 'sid' SQL Injection
|
25 |
WEB
|
8bitsec
|
