|
2016-12-06
|
|
AbanteCart 1.2.7 - Cross-Site Scripting
|
4 |
WEB
|
Kacper Szurek
|
|
2016-12-05
|
|
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
|
5 |
WEB
|
Lenon Leite
|
|
2016-12-02
|
|
Xfinity Gateway - Remote Code Execution
|
5 |
WEB
|
Gregory Smiley
|
|
2016-11-30
|
|
Xfinity Gateway - Cross-Site Request Forgery
|
5 |
WEB
|
Pabstersac
|
|
2016-09-16
|
|
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
|
4 |
WEB
|
Larry W. Cashdollar
|
|
2016-09-16
|
|
Joomla! Component Catalog 1.0.7 - SQL Injection
|
4 |
WEB
|
Larry W. Cashdollar
|
|
2016-11-30
|
|
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
|
4 |
WEB
|
Lenon Leite
|
|
2016-11-28
|
|
Red Hat JBoss EAP - Deserialization of Untrusted Data
|
4 |
WEB
|
Mediaservice.net Srl.
|
|
2016-11-28
|
|
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
|
4 |
WEB
|
Vulnerability-Lab
|
|
2016-11-24
|
|
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
|
5 |
WEB
|
Joaquin Ramirez Martinez
|
|
2016-11-22
|
|
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
|
5 |
WEB
|
Julien Ahrens
|
|
2016-11-22
|
|
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection
|
4 |
WEB
|
ERPScan
|
|
2016-11-22
|
|
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution
|
4 |
WEB
|
hyp3rlinx
|
|
2016-11-21
|
|
WordPress Plugin Olimometer 2.56 - SQL Injection
|
3 |
WEB
|
TAD GROUP
|
|
2016-11-21
|
|
FUDforum 3.0.6 - Local File Inclusion
|
4 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
|
3 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
LEPTON 2.2.2 - Remote Code Execution
|
4 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
LEPTON 2.2.2 - SQL Injection
|
4 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
Mezzanine 4.2.0 - Cross-Site Scripting
|
5 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
|
3 |
WEB
|
Sipke Mellema
|
|
2016-11-21
|
|
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
|
5 |
WEB
|
Julien Ahrens
|
|
2016-11-20
|
|
ScriptCase 8.1.053 - Multiple Vulnerabilities
|
4 |
WEB
|
hyp3rlinx
|
|
2016-11-12
|
|
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
|
6 |
WEB
|
Lenon Leite
|
|
2016-11-12
|
|
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
|
5 |
WEB
|
Lenon Leite
|
|
2016-11-18
|
|
EditMe CMS - Cross-Site Request Forgery (Add Admin)
|
5 |
WEB
|
Vulnerability-Lab
|
|
2016-11-17
|
|
WordPress Plugin Sirv 1.3.1 - SQL Injection
|
3 |
WEB
|
Lenon Leite
|
|
2016-11-17
|
|
WordPress Plugin Answer My Question 1.3 - SQL Injection
|
3 |
WEB
|
Lenon Leite
|
|
2016-11-16
|
|
CS-Cart 4.3.10 - XML External Entity Injection
|
4 |
WEB
|
0x4148
|
|
2016-11-14
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
|
4 |
WEB
|
0x4148
|
|
2016-11-13
|
|
ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course)
|
4 |
WEB
|
Saravana Kumar
|
|
2016-11-13
|
|
Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection
|
3 |
WEB
|
0x4148
|
|
2016-11-11
|
|
InvoicePlane 1.4.8 - Password Reset
|
4 |
WEB
|
feedersec
|
|
2015-08-25
|
|
vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection
|
4 |
WEB
|
Manish Tanwar
|
|
2016-11-10
|
|
4Images 1.7.13 - SQL Injection
|
3 |
WEB
|
0x4148
|
|
2016-11-10
|
|
MyBB 1.8.6 - Cross-Site Scripting
|
5 |
WEB
|
Curesec Research Team
|
|
2016-11-09
|
|
e107 CMS 2.1.2 - Privilege Escalation
|
5 |
WEB
|
Kacper Szurek
|
|
2016-11-09
|
|
Adobe Connect 9.5.7 - Cross-Site Scripting
|
4 |
WEB
|
Vulnerability-Lab
|
|
2016-11-08
|
|
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
|
5 |
WEB
|
Burak Kelebek
|
|
2016-11-08
|
|
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
|
5 |
WEB
|
Alyssa Milburn
|
|
2016-11-07
|
|
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
|
5 |
WEB
|
KoreLogic
|
|
2016-11-07
|
|
Piwik 2.16.0 - 'layout' PHP Object Injection
|
4 |
WEB
|
Egidio Romano
|
|
2016-11-07
|
|
NodCMS - PHP Code Execution
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-07
|
|
Schoolhos CMS 2.29 - 'kelas' SQL Injection
|
5 |
WEB
|
Vulnerability-Lab
|
|
2016-11-06
|
|
SweetRice 1.5.1 - Backup Disclosure
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-06
|
|
SweetRice 1.5.1 - Arbitrary File Upload
|
3 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-03
|
|
Redaxo 5.2.0 - Cross-Site Request Forgery
|
4 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
nodCMS - Cross-Site Request Forgery
|
4 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
sNews 1.7.1 - Arbitrary File Upload
|
4 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
sNews 1.7.1 - Cross-Site Request Forgery
|
5 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
ETchat 3.7 - Cross-Site Request Forgery
|
4 |
WEB
|
Hesam Bazvand
|
|
2016-11-03
|
|
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
|
6 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-03
|
|
SweetRice 1.5.1 - Arbitrary File Download
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-02
|
|
SweetRice 1.5.1 - Cross-Site Request Forgery
|
4 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-02
|
|
LifeSize Room 5.0.9 - Multiple Vulnerabilities
|
5 |
WEB
|
Xiphos Research Ltd
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - SQL Injection
|
4 |
WEB
|
Peter Lapp
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting
|
3 |
WEB
|
Peter Lapp
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection
|
2 |
WEB
|
Peter Lapp
|
|
2016-11-01
|
|
My Little Forum 2.3.7 - Multiple Vulnerabilities
|
4 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-01
|
|
School Registration and Fee System - Authentication Bypass
|
3 |
WEB
|
opt1lc
|
|
2016-10-31
|
|
S9Y Serendipity 2.0.4 - Cross-Site Scripting
|
5 |
WEB
|
Besim
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
|
5 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Authentication Bypass
|
4 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
|
4 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Local File Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Remote Command Execution
|
4 |
WEB
|
LiquidWorm
|
|
2016-10-27
|
|
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
|
5 |
WEB
|
Xiphos Research Ltd
|
|
2016-10-26
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass
|
5 |
WEB
|
Saadi Siddiqui
|
|
2016-10-24
|
|
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
|
4 |
WEB
|
Sniper Pex
|
|
2016-10-24
|
|
EC-CUBE 2.12.6 - Server-Side Request Forgery
|
5 |
WEB
|
Wadeek
|
|
2016-10-24
|
|
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
|
5 |
WEB
|
BlackMamba
|
|
2016-10-23
|
|
Zenbership 107 - Multiple Vulnerabilities
|
3 |
WEB
|
Besim
|
|
2016-10-21
|
|
FreePBX 13 - Remote Command Execution / Privilege Escalation
|
4 |
WEB
|
Christopher Davis
|
|
2016-10-21
|
|
Just Dial Clone Script - 'srch' SQL Injection
|
4 |
WEB
|
Arbin Godar
|
|
2016-10-20
|
|
SPIP 3.1.2 - Cross-Site Request Forgery
|
4 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal
|
4 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution
|
4 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
Event Calendar PHP 1.5 - SQL Injection
|
4 |
WEB
|
Ehsan Hosseini
|
|
2016-10-20
|
|
Classifieds Rental Script - SQL Injection
|
4 |
WEB
|
Arbin Godar
|
|
2016-10-20
|
|
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection
|
4 |
WEB
|
Jakub Palaczynski
|
|
2016-10-19
|
|
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
|
3 |
WEB
|
Joey Lane
|
|
2016-10-19
|
|
XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
4 |
WEB
|
Ahsan Tahir
|
|
2016-10-19
|
|
CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload
|
4 |
WEB
|
Besim
|
|
2016-10-18
|
|
Cgiemail 1.6 - Source Code Disclosure
|
5 |
WEB
|
Finbar Crago
|
|
2016-10-18
|
|
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
|
4 |
WEB
|
p0z
|
|
2016-10-18
|
|
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
|
4 |
WEB
|
Ahsan Tahir
|
|
2016-10-17
|
|
PHP Business Directory - Multiple Vulnerabilities
|
4 |
WEB
|
larrycompress
|
|
2016-10-14
|
|
School Full CBT 0.1 - SQL Injection
|
4 |
WEB
|
lahilote
|
|
2016-10-16
|
|
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Meryem AKDOĞAN
|
|
2016-10-14
|
|
Simple Shopping Cart Application 0.1 - SQL Injection
|
4 |
WEB
|
lahilote
|
|
2016-10-16
|
|
PHP Image Database - Multiple Vulnerabilities
|
4 |
WEB
|
larrycompress
|
|
2016-10-17
|
|
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
|
4 |
WEB
|
Ahsan Tahir
|
|
2016-10-16
|
|
PHP Telephone Directory - Multiple Vulnerabilities
|
4 |
WEB
|
larrycompress
|
|
2016-10-14
|
|
Health Record System 0.1 - Authentication Bypass
|
5 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Fashion Shopping Cart 0.1 - SQL Injection
|
4 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Learning Management System 0.1 - Authentication Bypass
|
3 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Simple Dynamic Web 0.1 - SQL Injection
|
3 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Web Based Alumni Tracking System 0.1 - SQL Injection
|
4 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Student Information System (SIS) 0.1 - Authentication Bypass
|
5 |
WEB
|
lahilote
|
|
2016-10-14
|
|
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
4 |
WEB
|
Arbin Godar
|
|
2016-10-14
|
|
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
|
4 |
WEB
|
Ehsan Hosseini
|
|
2016-10-14
|
|
Simple Forum PHP 2.4 - SQL Injection
|
3 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
JonhCMS 4.5.1 - SQL Injection
|
4 |
WEB
|
Besim
|
|
2016-10-13
|
|
RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass
|
4 |
WEB
|
Arbin Godar
|
|
2016-10-13
|
|
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
|
4 |
WEB
|
Besim
|
|
2016-10-13
|
|
Colorful Blog - Persistent Cross-Site Scripting
|
4 |
WEB
|
Besim
|
|
2016-10-13
|
|
Thatware 0.4.6 - SQL Injection
|
4 |
WEB
|
Besim
|
|
2016-10-13
|
|
Simple Blog PHP 2.0 - SQL Injection
|
4 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
Simple Blog PHP 2.0 - Multiple Vulnerabilities
|
3 |
WEB
|
Ehsan Hosseini
|
|
2016-10-12
|
|
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Besim
|
|
2016-10-12
|
|
ApPHP MicroCMS 3.9.5 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Besim
|
|
2016-10-12
|
|
OpenCimetiere 3.0.0-a5 - Blind SQL Injection
|
4 |
WEB
|
Wadeek
|
|
2016-10-12
|
|
NetBilletterie 2.8 - Multiple Vulnerabilities
|
5 |
WEB
|
Wadeek
|
|
2016-10-12
|
|
Categorizator 0.3.1 - SQL Injection
|
4 |
WEB
|
Wadeek
|
|
2016-10-11
|
|
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
|
4 |
WEB
|
Besim
|
|
2016-10-11
|
|
ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Besim
|
|
2016-10-11
|
|
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
|
4 |
WEB
|
SEC Consult
|
|
2016-10-11
|
|
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
|
4 |
WEB
|
Gergely Eberhardt
|
|
2016-10-11
|
|
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
|
4 |
WEB
|
Besim
|
|
2016-10-11
|
|
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
|
4 |
WEB
|
Besim
|
|
2016-10-10
|
|
Spacemarc News - Cross-Site Request Forgery (Add New Post)
|
4 |
WEB
|
Besim
|
|
2016-10-10
|
|
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
|
4 |
WEB
|
Besim
|
|
2016-10-09
|
|
PHP Press Release - Persistent Cross-Site Scripting
|
4 |
WEB
|
Besim
|
|
2016-10-09
|
|
PHP Press Release - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Besim
|
|
2016-09-19
|
|
ShoreTel Connect ONSITE - Blind SQL Injection
|
4 |
WEB
|
Iraklis Mathiopoulos
|
