|
2017-05-25
|
|
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
|
7 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
|
8 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
Sophos Cyberoam - Cross-site scripting
|
9 |
WEB
|
Bhadresh Patel
|
|
2017-05-24
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
9 |
WEB
|
f3ci
|
|
2017-05-24
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
9 |
WEB
|
f3ci
|
|
2017-05-21
|
|
PlaySMS 1.4 - 'import.php' Remote Code Execution
|
8 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-20
|
|
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
|
9 |
WEB
|
hyp3rlinx
|
|
2017-05-20
|
|
KMCIS CaseAware - Cross-Site Scripting
|
7 |
WEB
|
justpentest
|
|
2017-05-19
|
|
D-Link DIR-600M Wireless N 150 - Authentication Bypass
|
9 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-19
|
|
PlaySMS 1.4 - Remote Code Execution
|
9 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-19
|
|
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
|
9 |
WEB
|
ByteM3
|
|
2017-05-19
|
|
SAP Business One for Android 1.2.3 - XML External Entity Injection
|
9 |
WEB
|
Ravindra Singh Rathore
|
|
2017-05-19
|
|
Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption
|
9 |
WEB
|
David Tomaschik
|
|
2017-05-19
|
|
Oracle PeopleSoft - Server-Side Request Forgery
|
9 |
WEB
|
ERPScan
|
|
2017-05-19
|
|
Joomla! 3.7.0 - 'com_fields' SQL Injection
|
9 |
WEB
|
Mateus Lino
|
|
2017-05-17
|
|
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
|
7 |
WEB
|
Yoroi
|
|
2017-05-17
|
|
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
|
8 |
WEB
|
Yoroi
|
|
2017-01-12
|
|
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
|
10 |
WEB
|
SlidingWindow
|
|
2017-02-28
|
|
Sophos Web Appliance 4.3.1.1 - Session Fixation
|
8 |
WEB
|
SlidingWindow
|
|
2017-04-28
|
|
Admidio 3.2.8 - Cross-Site Request Forgery
|
9 |
WEB
|
Faiz Ahmed Zaidi
|
|
2017-05-15
|
|
Mailcow 0.14 - Cross-Site Request Forgery
|
9 |
WEB
|
hyp3rlinx
|
|
2017-05-14
|
|
PlaySMS 1.4 - '/sendfromfile.php' Remote Code Execution / Unrestricted File Upload
|
10 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-02
|
|
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
|
11 |
WEB
|
ReverseBrain
|
|
2017-05-10
|
|
CMS Made Simple 2.1.6 - Multiple Vulnerabilities
|
8 |
WEB
|
Osanda Malith Jayathissa
|
|
2017-05-10
|
|
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
|
7 |
WEB
|
HaHwul
|
|
2017-05-10
|
|
BanManager WebUI 1.5.8 - PHP Code Injection
|
9 |
WEB
|
HaHwul
|
|
2017-05-10
|
|
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
|
8 |
WEB
|
Kacper Szurek
|
|
2017-05-09
|
|
Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions
|
9 |
WEB
|
Pesach Zirkind
|
|
2017-05-09
|
|
Personify360 7.5.2/7.6.1 - Improper Access Restrictions
|
8 |
WEB
|
Pesach Zirkind
|
|
2017-05-09
|
|
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cro
|
7 |
WEB
|
SEC Consult
|
|
2017-05-09
|
|
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cro
|
9 |
WEB
|
SEC Consult
|
|
2017-04-24
|
|
LogRhythm Network Monitor - Authentication Bypass / Command Injection
|
8 |
WEB
|
Francesco Oddo
|
|
2017-05-05
|
|
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities
|
14 |
WEB
|
Sysdream
|
|
2017-05-05
|
|
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
|
10 |
WEB
|
defensecode
|
|
2017-05-03
|
|
WordPress Core < 4.7.4 - Unauthorized Password Reset
|
10 |
WEB
|
Dawid Golunski
|
|
2017-05-03
|
|
WordPress Core 4.6 - Remote Code Execution
|
9 |
WEB
|
Dawid Golunski
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
|
9 |
WEB
|
LiquidWorm
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
|
12 |
WEB
|
LiquidWorm
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
|
13 |
WEB
|
LiquidWorm
|
|
2017-05-01
|
|
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
|
12 |
WEB
|
Ben Nott
|
|
2017-05-01
|
|
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities
|
13 |
WEB
|
David Tomaschik
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - Directory Traversal
|
12 |
WEB
|
LiquidWorm
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - Password Reset
|
11 |
WEB
|
LiquidWorm
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - SQL Injection
|
11 |
WEB
|
LiquidWorm
|
|
2017-04-27
|
|
Easy File Uploader - Arbitrary File Upload
|
12 |
WEB
|
Daniel Godoy
|
|
2017-04-27
|
|
Simple File Uploader - Arbitrary File Download
|
11 |
WEB
|
Daniel Godoy
|
|
2017-04-27
|
|
TYPO3 Extension News - SQL Injection
|
12 |
WEB
|
Charles Fol
|
|
2017-04-26
|
|
Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
10 |
WEB
|
Cyril Vallicari
|
|
2017-04-25
|
|
October CMS 1.0.412 - Multiple Vulnerabilities
|
12 |
WEB
|
Anti Räis
|
|
2017-04-24
|
|
Joomla! Component Myportfolio 3.0.2 - 'pid' SQL Injection
|
10 |
WEB
|
Persian Hack Team
|
|
2017-04-25
|
|
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
|
9 |
WEB
|
Andrey B. Panfilov
|
|
2017-04-25
|
|
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
|
10 |
WEB
|
Paolo Stagno
|
|
2017-04-25
|
|
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
|
10 |
WEB
|
Paolo Stagno
|
|
2017-04-25
|
|
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
|
10 |
WEB
|
ERPScan
|
|
2017-04-25
|
|
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
|
8 |
WEB
|
ERPScan
|
|
2017-04-25
|
|
WordPress Plugin Wow Forms 2.1 - SQL Injection
|
9 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
|
9 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin Car Rental System 2.5 - SQL Injection
|
8 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin KittyCatfish 2.2 - SQL Injection
|
8 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
|
8 |
WEB
|
Cyril Vallicari
|
|
2017-04-20
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripti
|
9 |
WEB
|
Google Security Research
|
|
2017-04-20
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-
|
12 |
WEB
|
Google Security Research
|
|
2017-04-16
|
|
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
|
10 |
WEB
|
hyp3rlinx
|
|
2017-04-14
|
|
Concrete5 CMS 8.1.0 - 'Host' Header Injection
|
9 |
WEB
|
hyp3rlinx
|
|
2017-04-13
|
|
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
|
10 |
WEB
|
Peter Lapp
|
|
2017-04-13
|
|
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
|
9 |
WEB
|
SySS GmbH
|
|
2017-04-13
|
|
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
|
9 |
WEB
|
SySS GmbH
|
|
2016-01-11
|
|
SedSystems D3 Decimator - Multiple Vulnerabilities
|
9 |
WEB
|
prdelka
|
|
2017-02-15
|
|
Coppermine Gallery < 1.5.44 - Directory Traversal
|
7 |
WEB
|
Hacker Fantastic
|
|
2017-04-11
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li
|
8 |
WEB
|
Google Security Research
|
|
2017-04-11
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
|
7 |
WEB
|
Google Security Research
|
|
2017-04-11
|
|
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
|
9 |
WEB
|
SecuriTeam
|
|
2017-04-11
|
|
Brother MFC-J6520DW - Authentication Bypass / Password Change
|
7 |
WEB
|
Patryk Bogdan
|
|
2017-04-11
|
|
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
|
6 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
|
6 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
FAQ Script 3.1.3 - 'category_id' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
Social Directory Script 2.0 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
|
7 |
WEB
|
Manuel García Cárdenas
|
|
2017-04-11
|
|
MyClassifiedScript 5.1 - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Adobe (Multiple Products) - XML Injection File Content Disclosure
|
6 |
WEB
|
Tess Sluyter
|
|
2017-04-08
|
|
Jobscript4Web 4.5 - Authentication Bypass
|
7 |
WEB
|
TurkCyberArmy
|
|
2017-04-07
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
7 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
7 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
7 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
7 |
WEB
|
Harry Sintonen
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
6 |
WEB
|
dxw
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
6 |
WEB
|
dxw
|
|
2017-04-07
|
|
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download
|
6 |
WEB
|
Patryk Bogdan
|
|
2017-04-07
|
|
Ladder System 6.0 - 'faqid' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
My Gaming Ladder Combo System 7.5 - SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Survey Template 1.1 - 'masterkey1' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Quiz Template 1.0 - 'testid' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Forum Template 1.0 - SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Calendar Template 2.0 - 'editid1' SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Shopping Cart Template - 'item' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Document Management Template - 'hash' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Invoice Template - 'hash' SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
|
7 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Intellinet NFC-30IR Camera - Multiple Vulnerabilities
|
8 |
WEB
|
Dimitri Fousekis
|
|
2017-04-06
|
|
Moodle 2.x/3.x - SQL Injection
|
9 |
WEB
|
Marko Belzetski
|
|
2017-04-05
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
9 |
WEB
|
rungga_reksya
|
|
2017-04-03
|
|
GeoMoose < 2.9.2 - Directory Traversal
|
8 |
WEB
|
Sander Ferdinand
|
|
2017-04-05
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
8 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Appointment Script - SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Sweepstakes Pro Software - SQL Injection
|
7 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Premium Penny Auction Script - SQL Injection
|
6 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Airbnb Crashpadder Clone Script - SQL Injection
|
8 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
ImagePro Lazygirls Clone Script - SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confus
|
10 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
9 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
9 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
10 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
9 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Maian Greetings 2.1 - 'cat' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Survey 1.1 - 'survey' SQL Injection
|
11 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Uploader 4.0 - 'user' SQL Injection
|
9 |
WEB
|
Ihsan Sencan
|
|
2017-04-02
|
|
Pixie 1.0.4 - Arbitrary File Upload
|
10 |
WEB
|
rungga_reksya
|
|
2017-04-02
|
|
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
|
9 |
WEB
|
trevor Hough
|
|
2017-03-31
|
|
Membership Formula - 'order' SQL Injection
|
10 |
WEB
|
Ihsan Sencan
|
|
2017-03-31
|
|
Splunk Enterprise - Information Disclosure
|
9 |
WEB
|
hyp3rlinx
|
|
2017-03-29
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
8 |
WEB
|
Dany Bach
|
|
2017-03-29
|
|
Opensource Classified Ads Script - 'keyword' SQL Injection
|
12 |
WEB
|
Ihsan Sencan
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
8 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
7 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
7 |
WEB
|
Tim Herres
|
