|
2017-01-13
|
|
Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution
|
24 |
WEB
|
Ozer Goker
|
|
2017-01-11
|
|
ECommerce-Multi-Vendor Software - Arbitrary File Upload
|
20 |
WEB
|
Ihsan Sencan
|
|
2017-01-11
|
|
ECommerce-TIBSECART - Arbitrary File Upload
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-01-11
|
|
Penny Auction Script - Arbitrary File Upload
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-01-11
|
|
Airbnb Clone Script - Arbitrary File Upload
|
21 |
WEB
|
Ihsan Sencan
|
|
2017-01-11
|
|
School Management Software 2.75 - SQL Injection
|
18 |
WEB
|
Ihsan Sencan
|
|
2017-01-10
|
|
D-Link DIR-615 - Multiple Vulnerabilities
|
18 |
WEB
|
Osanda Malith Jayathissa
|
|
2017-01-11
|
|
iTechscripts Freelancer Script 5.11 - 'sk' SQL Injection
|
25 |
WEB
|
v3n0m
|
|
2017-01-12
|
|
Online Food Delivery 2.04 - Authentication Bypass
|
25 |
WEB
|
Dawid Morawski
|
|
2017-01-12
|
|
Itech Job Portal Script 9.11 - Authentication Bypass
|
20 |
WEB
|
Dawid Morawski
|
|
2017-01-11
|
|
Dating Script 3.25 - SQL Injection
|
23 |
WEB
|
Dawid Morawski
|
|
2017-01-11
|
|
Itech Movie Portal Script 7.35 - SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-01-11
|
|
Itech Travel Portal Script 9.33 - SQL Injection
|
22 |
WEB
|
Ihsan Sencan
|
|
2017-01-10
|
|
Huawei Flybox B660 - Cross-Site Request Forgery (1)
|
23 |
WEB
|
Vulnerability-Lab
|
|
2017-01-09
|
|
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
|
21 |
WEB
|
Vulnerability-Lab
|
|
2016-12-29
|
|
b2evolution 6.8.2 - Arbitrary File Upload
|
24 |
WEB
|
Li Fei
|
|
2017-01-11
|
|
My Link Trader 1.1 - 'id' SQL Injection
|
26 |
WEB
|
Dawid Morawski
|
|
2017-01-11
|
|
Starting Page 1.3 - 'category' SQL Injection
|
21 |
WEB
|
Ben Lee
|
|
2017-01-10
|
|
FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-01-10
|
|
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation
|
21 |
WEB
|
Kacper Szurek
|
|
2016-12-23
|
|
Freepbx < 2.11.1.5 - Remote Code Execution
|
21 |
WEB
|
inj3ctor3
|
|
2017-01-10
|
|
Starting Page 1.3 - 'linkid' SQL Injection
|
22 |
WEB
|
JaMbA
|
|
2017-01-09
|
|
Friends in War Make or Break 1.7 - 'imgid' SQL Injection
|
26 |
WEB
|
v3n0m
|
|
2017-01-09
|
|
My PHP Dating 2.0 - 'id' SQL Injection
|
21 |
WEB
|
Sniper Pex
|
|
2017-01-09
|
|
My PHP Dating 2.0 - 'path' SQL Injection
|
23 |
WEB
|
Ihsan Sencan
|
|
2017-01-07
|
|
My Link Trader 1.1 - Authentication Bypass
|
24 |
WEB
|
Ihsan Sencan
|
|
2017-01-07
|
|
Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
|
25 |
WEB
|
justpentest
|
|
2017-01-04
|
|
Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting
|
24 |
WEB
|
Jodson Santos
|
|
2017-01-03
|
|
My Click Counter 1.0 - Authentication Bypass
|
27 |
WEB
|
Adam
|
|
2017-01-02
|
|
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScrip
|
26 |
WEB
|
Dawid Golunski
|
|
2016-12-09
|
|
D-Link DI-524 - Cross-Site Request Forgery
|
29 |
WEB
|
Felipe Soares de Souza
|
|
2016-08-09
|
|
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery
|
24 |
WEB
|
Ayushman Dutta
|
|
2016-12-30
|
|
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
|
28 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
27 |
WEB
|
LiquidWorm
|
|
2016-12-29
|
|
Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection
|
24 |
WEB
|
LiquidWorm
|
|
2016-12-29
|
|
WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload
|
28 |
WEB
|
r3m1ck
|
|
2016-12-29
|
|
PHPMailer < 5.2.18 - Remote Code Execution
|
24 |
WEB
|
anarc0der
|
|
2016-12-28
|
|
Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection
|
23 |
WEB
|
qemm
|
|
2016-12-28
|
|
SwiftMailer < 5.4.5-DEV - Remote Code Execution
|
21 |
WEB
|
Dawid Golunski
|
|
2016-12-28
|
|
WordPress Plugin Simply Poll 1.4.1 - SQL Injection
|
19 |
WEB
|
TAD GROUP
|
|
2016-12-25
|
|
PHPMailer < 5.2.18 - Remote Code Execution
|
20 |
WEB
|
Dawid Golunski
|
|
2016-12-27
|
|
PHPMailer < 5.2.20 - Remote Code Execution
|
21 |
WEB
|
Dawid Golunski
|
|
2016-12-26
|
|
PHPMailer < 5.2.18 - Remote Code Execution
|
21 |
WEB
|
Dawid Golunski
|
|
2016-12-26
|
|
Joomla! Component Blog Calendar - SQL Injection
|
20 |
WEB
|
X-Cisadane
|
|
2016-12-23
|
|
Apache mod_session_crypto - Padding Oracle
|
27 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-08-04
|
|
ntop-ng 2.5.160805 - Username Enumeration
|
22 |
WEB
|
Dolev Farhi
|
|
2016-12-19
|
|
WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
|
18 |
WEB
|
Ahmed Sherif
|
|
2016-12-16
|
|
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
|
22 |
WEB
|
Lenon Leite
|
|
2016-12-16
|
|
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
|
21 |
WEB
|
Lenon Leite
|
|
2016-12-16
|
|
WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery
|
25 |
WEB
|
dxw
|
|
2016-12-16
|
|
WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection
|
22 |
WEB
|
ZwX
|
|
2016-12-13
|
|
Joomla! Component DT Register - 'cat' SQL Injection
|
22 |
WEB
|
Elar Lang
|
|
2016-12-12
|
|
WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery
|
21 |
WEB
|
dxw
|
|
2016-12-03
|
|
Smart Guard Network Manager 6.3.2 - SQL Injection
|
22 |
WEB
|
Rahul Raz
|
|
2016-12-11
|
|
ARG-W4 ADSL Router - Multiple Vulnerabilities
|
22 |
WEB
|
Persian Hack Team
|
|
2016-12-11
|
|
Netgear R7000 - Cross-Site Scripting
|
23 |
WEB
|
Vincent Yiu
|
|
2016-12-09
|
|
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
|
19 |
WEB
|
Security-Assessment.com
|
|
2016-12-09
|
|
Roundcube 1.2.2 - Remote Code Execution
|
26 |
WEB
|
Robin Peraglie
|
|
2016-12-07
|
|
Netgear R7000 - Command Injection
|
25 |
WEB
|
Acew0rm
|
|
2016-12-07
|
|
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
|
24 |
WEB
|
justpentest
|
|
2016-12-06
|
|
Edge SkateShop - Authentication bypass
|
22 |
WEB
|
Delilah
|
|
2016-12-06
|
|
AbanteCart 1.2.7 - Cross-Site Scripting
|
23 |
WEB
|
Kacper Szurek
|
|
2016-12-05
|
|
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
|
27 |
WEB
|
Lenon Leite
|
|
2016-12-02
|
|
Xfinity Gateway - Remote Code Execution
|
26 |
WEB
|
Gregory Smiley
|
|
2016-11-30
|
|
Xfinity Gateway - Cross-Site Request Forgery
|
21 |
WEB
|
Pabstersac
|
|
2016-09-16
|
|
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
|
24 |
WEB
|
Larry W. Cashdollar
|
|
2016-09-16
|
|
Joomla! Component Catalog 1.0.7 - SQL Injection
|
24 |
WEB
|
Larry W. Cashdollar
|
|
2016-11-30
|
|
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
|
22 |
WEB
|
Lenon Leite
|
|
2016-11-28
|
|
Red Hat JBoss EAP - Deserialization of Untrusted Data
|
31 |
WEB
|
Mediaservice.net Srl.
|
|
2016-11-28
|
|
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
|
29 |
WEB
|
Vulnerability-Lab
|
|
2016-11-24
|
|
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
|
26 |
WEB
|
Joaquin Ramirez Martinez
|
|
2016-11-22
|
|
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
|
22 |
WEB
|
Julien Ahrens
|
|
2016-11-22
|
|
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection
|
25 |
WEB
|
ERPScan
|
|
2016-11-22
|
|
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution
|
26 |
WEB
|
hyp3rlinx
|
|
2016-11-21
|
|
WordPress Plugin Olimometer 2.56 - SQL Injection
|
21 |
WEB
|
TAD GROUP
|
|
2016-11-21
|
|
FUDforum 3.0.6 - Local File Inclusion
|
21 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
|
20 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
LEPTON 2.2.2 - Remote Code Execution
|
21 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
LEPTON 2.2.2 - SQL Injection
|
23 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
Mezzanine 4.2.0 - Cross-Site Scripting
|
23 |
WEB
|
Curesec Research Team
|
|
2016-11-21
|
|
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
|
24 |
WEB
|
Sipke Mellema
|
|
2016-11-21
|
|
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
|
25 |
WEB
|
Julien Ahrens
|
|
2016-11-20
|
|
ScriptCase 8.1.053 - Multiple Vulnerabilities
|
24 |
WEB
|
hyp3rlinx
|
|
2016-11-12
|
|
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
|
28 |
WEB
|
Lenon Leite
|
|
2016-11-12
|
|
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
|
32 |
WEB
|
Lenon Leite
|
|
2016-11-18
|
|
EditMe CMS - Cross-Site Request Forgery (Add Admin)
|
23 |
WEB
|
Vulnerability-Lab
|
|
2016-11-17
|
|
WordPress Plugin Sirv 1.3.1 - SQL Injection
|
23 |
WEB
|
Lenon Leite
|
|
2016-11-17
|
|
WordPress Plugin Answer My Question 1.3 - SQL Injection
|
20 |
WEB
|
Lenon Leite
|
|
2016-11-16
|
|
CS-Cart 4.3.10 - XML External Entity Injection
|
21 |
WEB
|
0x4148
|
|
2016-11-14
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
|
24 |
WEB
|
0x4148
|
|
2016-11-13
|
|
ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course)
|
21 |
WEB
|
Saravana Kumar
|
|
2016-11-13
|
|
Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection
|
21 |
WEB
|
0x4148
|
|
2016-11-11
|
|
InvoicePlane 1.4.8 - Password Reset
|
20 |
WEB
|
feedersec
|
|
2015-08-25
|
|
vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection
|
17 |
WEB
|
Manish Tanwar
|
|
2016-11-10
|
|
4Images 1.7.13 - SQL Injection
|
18 |
WEB
|
0x4148
|
|
2016-11-10
|
|
MyBB 1.8.6 - Cross-Site Scripting
|
26 |
WEB
|
Curesec Research Team
|
|
2016-11-09
|
|
e107 CMS 2.1.2 - Privilege Escalation
|
22 |
WEB
|
Kacper Szurek
|
|
2016-11-09
|
|
Adobe Connect 9.5.7 - Cross-Site Scripting
|
25 |
WEB
|
Vulnerability-Lab
|
|
2016-11-08
|
|
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
|
27 |
WEB
|
Burak Kelebek
|
|
2016-11-08
|
|
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
|
23 |
WEB
|
Alyssa Milburn
|
|
2016-11-07
|
|
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
|
19 |
WEB
|
KoreLogic
|
|
2016-11-07
|
|
Piwik 2.16.0 - 'layout' PHP Object Injection
|
22 |
WEB
|
Egidio Romano
|
|
2016-11-07
|
|
NodCMS - PHP Code Execution
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-07
|
|
Schoolhos CMS 2.29 - 'kelas' SQL Injection
|
23 |
WEB
|
Vulnerability-Lab
|
|
2016-11-06
|
|
SweetRice 1.5.1 - Backup Disclosure
|
22 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-06
|
|
SweetRice 1.5.1 - Arbitrary File Upload
|
18 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-03
|
|
Redaxo 5.2.0 - Cross-Site Request Forgery
|
23 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
nodCMS - Cross-Site Request Forgery
|
19 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
sNews 1.7.1 - Arbitrary File Upload
|
24 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
sNews 1.7.1 - Cross-Site Request Forgery
|
25 |
WEB
|
Amir.ght
|
|
2016-11-03
|
|
ETchat 3.7 - Cross-Site Request Forgery
|
25 |
WEB
|
Hesam Bazvand
|
|
2016-11-03
|
|
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-03
|
|
SweetRice 1.5.1 - Arbitrary File Download
|
19 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-02
|
|
SweetRice 1.5.1 - Cross-Site Request Forgery
|
22 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-02
|
|
LifeSize Room 5.0.9 - Multiple Vulnerabilities
|
26 |
WEB
|
Xiphos Research Ltd
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - SQL Injection
|
22 |
WEB
|
Peter Lapp
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting
|
18 |
WEB
|
Peter Lapp
|
|
2016-11-02
|
|
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection
|
21 |
WEB
|
Peter Lapp
|
|
2016-11-01
|
|
My Little Forum 2.3.7 - Multiple Vulnerabilities
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2016-11-01
|
|
School Registration and Fee System - Authentication Bypass
|
24 |
WEB
|
opt1lc
|
|
2016-10-31
|
|
S9Y Serendipity 2.0.4 - Cross-Site Scripting
|
27 |
WEB
|
Besim
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
|
18 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Authentication Bypass
|
22 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
|
24 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Local File Disclosure
|
22 |
WEB
|
LiquidWorm
|
