|
2017-10-25
|
|
PHPMailer < 5.2.21 - Local File Disclosure
|
21 |
WEB
|
Maciek Krupa
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
|
21 |
WEB
|
Ishaq Mohammed
|
|
2017-10-25
|
|
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
|
21 |
WEB
|
Ishaq Mohammed
|
|
2017-10-24
|
|
FS Realtor Clone - 'id' SQL Injection
|
18 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Crowdfunding Script - 'id' SQL Injection
|
26 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Care Clone - 'sitterService' SQL Injection
|
19 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Monster Clone - 'id' SQL Injection
|
19 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Trademe Clone - 'id' SQL Injection
|
22 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Thumbtack Clone - 'ser' SQL Injection
|
21 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
FS Shutter Stock Clone - 'keywords' SQL Injection
|
23 |
WEB
|
8bitsec
|
|
2017-10-24
|
|
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
|
21 |
WEB
|
Anthony Cole
|
|
2017-10-23
|
|
FS OLX Clone - 'catg_id' SQL Injection
|
23 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Lynda Clone - 'category' SQL Injection
|
21 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Indiamart Clone - 'keywords' SQL Injection
|
20 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Groupon Clone - 'category' SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Freelancer Clone - 'sk' SQL Injection
|
23 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Expedia Clone - 'hid' SQL Injection
|
20 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Food Delivery Script - 'keywords' SQL Injection
|
21 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Ebay Clone - 'pd_maincat_id' SQL Injection
|
17 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Book Store Script - 'category' SQL Injection
|
23 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Amazon Clone - 'category_id' SQL Injection
|
21 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
FS Car Rental Script - 'pickup_location' SQL Injection
|
22 |
WEB
|
8bitsec
|
|
2017-10-23
|
|
Kaltura < 13.2.0 - Remote Code Execution
|
22 |
WEB
|
Robin Verton
|
|
2017-10-22
|
|
CometChat < 6.2.0 BETA 1 - Local File Inclusion
|
22 |
WEB
|
Paradoxis
|
|
2017-10-14
|
|
Logitech Media Server - Cross-Site Scripting
|
23 |
WEB
|
Thiago Sena
|
|
2017-10-12
|
|
TP-Link TL-MR3220 - Cross-Site Scripting
|
19 |
WEB
|
Thiago Sena
|
|
2017-10-17
|
|
TP-Link WR940N - (Authenticated) Remote Code
|
21 |
WEB
|
Fidus InfoSecurity
|
|
2017-10-18
|
|
Check_MK 1.2.8p25 - Information Disclosure
|
24 |
WEB
|
Julien Ahrens
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Improper Access Restrictions
|
22 |
WEB
|
Arvind V
|
|
2017-08-18
|
|
ZKTime Web Software 2.0 - Cross-Site Request Forgery
|
18 |
WEB
|
Arvind V
|
|
2017-10-18
|
|
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
|
22 |
WEB
|
SEC Consult
|
|
2017-10-18
|
|
Linksys E Series - Multiple Vulnerabilities
|
24 |
WEB
|
SEC Consult
|
|
2017-10-17
|
|
WordPress Plugin Car Park Booking - SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Career Portal 1.0 - SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-10-17
|
|
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
|
20 |
WEB
|
Michael Stepankin & Olga Barinova
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download
|
22 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
|
23 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
|
21 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
OpenText Documentum Content Server - Privilege Escalation
|
37 |
WEB
|
Andrey B. Panfilov
|
|
2017-10-17
|
|
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
|
27 |
WEB
|
Pavel Suprunyuk
|
|
2017-10-16
|
|
3CX Phone System 15.5.3554.1 - Directory Traversal
|
28 |
WEB
|
Jens Regel
|
|
2017-10-15
|
|
Webmin 1.850 - Multiple Vulnerabilities
|
17 |
WEB
|
hyp3rlinx
|
|
2017-10-13
|
|
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
|
16 |
WEB
|
Julien Ahrens
|
|
2017-10-13
|
|
phpMyFAQ 2.9.8 - Cross-Site Scripting (2)
|
18 |
WEB
|
Ishaq Mohammed
|
|
2017-10-12
|
|
Dreambox Plugin BouquetEditor - Cross-Site Scripting
|
19 |
WEB
|
Thiago Sena
|
|
2017-10-13
|
|
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
|
27 |
WEB
|
CrashBandicot
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Cross Site Scripting
|
21 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'f' SQL Injection
|
22 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'cpfcnpj' SQL Injection
|
20 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - Autentication Bypass
|
21 |
WEB
|
Elber Tavares
|
|
2017-10-12
|
|
E-Sic Software livre CMS - 'q' SQL Injection
|
21 |
WEB
|
Guilherme Assmann
|
|
2017-10-12
|
|
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
|
26 |
WEB
|
Ishaq Mohammed
|
|
2017-10-11
|
|
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
|
26 |
WEB
|
Leonardo Duarte
|
|
2017-10-11
|
|
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Me
|
28 |
WEB
|
Mehmet Ince
|
|
2017-10-11
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)
|
27 |
WEB
|
Mehmet Ince
|
|
2017-10-10
|
|
Complain Management System - Hard-Coded Credentials / Blind SQL injection
|
24 |
WEB
|
havysec
|
|
2017-10-09
|
|
ClipShare 7.0 - SQL Injection
|
28 |
WEB
|
8bitsec
|
|
2017-10-09
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
26 |
WEB
|
intx0x80
|
|
2017-08-30
|
|
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery
|
26 |
WEB
|
Dhiraj Mishra
|
|
2017-08-08
|
|
Unitrends UEB 9.1 - Privilege Escalation
|
25 |
WEB
|
Jared Arave
|
|
2017-09-27
|
|
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
|
27 |
WEB
|
Kacper Szurek
|
|
2017-10-04
|
|
ClipBucket 2.8.3 - Remote Code Execution
|
27 |
WEB
|
Meisam Monsef
|
|
2017-09-20
|
|
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execu
|
21 |
WEB
|
xxlegend
|
|
2017-10-03
|
|
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
|
25 |
WEB
|
Zeeshan Shaikh
|
|
2017-10-03
|
|
Fiberhome AN5506-04-F - Command Injection
|
25 |
WEB
|
Tauco
|
|
2017-10-02
|
|
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
|
28 |
WEB
|
Marcin Woloszyn
|
|
2017-10-02
|
|
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
|
27 |
WEB
|
Marcin Woloszyn
|
|
2017-10-02
|
|
phpCollab 2.5.1 - SQL Injection
|
28 |
WEB
|
Sysdream
|
|
2017-10-02
|
|
phpCollab 2.5.1 - Arbitrary File Upload
|
21 |
WEB
|
Sysdream
|
|
2017-10-02
|
|
NPM-V (Network Power Manager) 2.4.1 - Password Reset
|
26 |
WEB
|
Saeed reza Zamanian
|
|
2017-09-24
|
|
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
|
27 |
WEB
|
RAT - ThiefKing
|
|
2017-09-29
|
|
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-09-28
|
|
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
|
25 |
WEB
|
8bitsec
|
|
2017-09-28
|
|
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
|
27 |
WEB
|
8bitsec
|
|
2017-09-29
|
|
WordPress Plugin WPHRM - SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2017-09-27
|
|
SmarterStats 11.3.6347 - Cross-Site Scripting
|
22 |
WEB
|
sqlhacker
|
|
2017-09-29
|
|
FileRun < 2017.09.18 - SQL Injection
|
21 |
WEB
|
SPARC
|
|
2017-09-28
|
|
Easy Blog PHP Script 1.3a - 'id' SQL Injection
|
31 |
WEB
|
8bitsec
|
|
2017-09-28
|
|
Roteador Wireless Intelbras WRN150 - Autentication Bypass
|
25 |
WEB
|
Elber Tavares
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
|
28 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
|
21 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
|
23 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
|
28 |
WEB
|
hyp3rlinx
|
|
2017-09-28
|
|
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
|
19 |
WEB
|
hyp3rlinx
|
|
2017-02-22
|
|
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
|
19 |
WEB
|
forsec
|
|
2017-09-26
|
|
WordPress Plugin WPAMS - SQL Injection
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin School Management System - SQL Injection
|
31 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin Hospital Management System - SQL Injection
|
20 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin WPGYM - SQL Injection
|
25 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
WordPress Plugin WPCHURCH - SQL Injection
|
18 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
AMC Master - Arbitrary File Upload
|
20 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
SMSmaster - SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
Photo Fusion - Arbitrary File Upload
|
19 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
TicketPlus - Arbitrary File Upload
|
21 |
WEB
|
Ihsan Sencan
|
|
2017-09-26
|
|
Job Links - Arbitrary File Upload
|
20 |
WEB
|
Ihsan Sencan
|
|
2017-09-16
|
|
WordPress Plugin Content Timeline - SQL Injection
|
25 |
WEB
|
Jeroen - IT Nerdbox
|
|
2017-08-31
|
|
Sitefinity CMS 9.2 - Cross-Site Scripting
|
23 |
WEB
|
Pralhad Chaskar
|
|
2017-09-25
|
|
FLIR Thermal Camera F/FC/PT/D - Stream Disclosure
|
27 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera FC-S/PT - Command Injection
|
24 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera F/FC/PT/D - Information Disclosure
|
24 |
WEB
|
LiquidWorm
|
|
2017-09-25
|
|
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
|
26 |
WEB
|
LiquidWorm
|
|
2017-09-22
|
|
JitBit HelpDesk < 9.0.2 - Authentication Bypass
|
28 |
WEB
|
Kc57
|
|
2017-09-22
|
|
PHP Auction Ecommerce Script 1.6 - SQL Injection
|
22 |
WEB
|
8bitsec
|
|
2017-09-22
|
|
Secure E-commerce Script 1.02 - 'sid' SQL Injection
|
21 |
WEB
|
8bitsec
|
|
2017-09-22
|
|
Claydip Airbnb Clone 1.0 - Arbitrary File Upload
|
20 |
WEB
|
Ihsan Sencan
|
|
2017-09-22
|
|
Cash Back Comparison Script 1.0 - SQL Injection
|
19 |
WEB
|
Ihsan Sencan
|
|
2017-09-22
|
|
Multi Level Marketing - SQL Injection
|
19 |
WEB
|
Ihsan Sencan
|
|
2017-09-22
|
|
Lending And Borrowing - 'pid' SQL Injection
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-09-19
|
|
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
|
25 |
WEB
|
Mehmet Ince
|
|
2017-09-22
|
|
Stock Photo Selling 1.0 - SQL Injection
|
27 |
WEB
|
Ihsan Sencan
|
|
2017-09-21
|
|
PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)
|
24 |
WEB
|
Ishaq Mohammed
|
|
2017-05-19
|
|
Tecnovision DLX Spot - Arbitrary File Upload
|
22 |
WEB
|
Simon Brannstrom
|
|
2017-05-19
|
|
Tecnovision DLX Spot - Authentication Bypass
|
23 |
WEB
|
Simon Brannstrom
|
|
2017-09-15
|
|
iTech Gigs Script 1.20 - 'cat' SQL Injection
|
25 |
WEB
|
8bitsec
|
|
2017-09-13
|
|
Foodspotting Clone 1.0 - SQL Injection
|
24 |
WEB
|
8bitsec
|
|
2017-09-18
|
|
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
|
20 |
WEB
|
Hanno Bock
|
|
2017-09-18
|
|
iBall ADSL2+ Home Router - Authentication Bypass
|
22 |
WEB
|
Gem George
|
|
2017-09-15
|
|
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
|
23 |
WEB
|
Gem George
|
|
2017-09-18
|
|
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
|
21 |
WEB
|
Ihsan Sencan
|
|
2017-09-18
|
|
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
|
19 |
WEB
|
Ihsan Sencan
|
|
2017-09-18
|
|
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
|
21 |
WEB
|
Ihsan Sencan
|
|
2017-09-15
|
|
Contact Manager 1.0 - 'femail' SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-09-15
|
|
PTCEvolution 5.50 - SQL Injection
|
26 |
WEB
|
Ihsan Sencan
|
|
2017-09-14
|
|
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass
|
23 |
WEB
|
Kivson
|
|
2017-09-12
|
|
D-Link DIR-8xx Routers - Local Firmware Upload
|
25 |
WEB
|
embedi
|
