|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
|
19 |
WEB
|
LiquidWorm
|
|
2016-10-28
|
|
InfraPower PPS-02-S Q213V1 - Remote Command Execution
|
19 |
WEB
|
LiquidWorm
|
|
2016-10-27
|
|
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation
|
21 |
WEB
|
Xiphos Research Ltd
|
|
2016-10-26
|
|
Boonex Dolphin 7.3.2 - Authentication Bypass
|
24 |
WEB
|
Saadi Siddiqui
|
|
2016-10-24
|
|
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
|
19 |
WEB
|
Sniper Pex
|
|
2016-10-24
|
|
EC-CUBE 2.12.6 - Server-Side Request Forgery
|
22 |
WEB
|
Wadeek
|
|
2016-10-24
|
|
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
|
24 |
WEB
|
BlackMamba
|
|
2016-10-23
|
|
Zenbership 107 - Multiple Vulnerabilities
|
23 |
WEB
|
Besim
|
|
2016-10-21
|
|
FreePBX 13 - Remote Command Execution / Privilege Escalation
|
21 |
WEB
|
Christopher Davis
|
|
2016-10-21
|
|
Just Dial Clone Script - 'srch' SQL Injection
|
26 |
WEB
|
Arbin Godar
|
|
2016-10-20
|
|
SPIP 3.1.2 - Cross-Site Request Forgery
|
19 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal
|
20 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution
|
20 |
WEB
|
Sysdream
|
|
2016-10-20
|
|
Event Calendar PHP 1.5 - SQL Injection
|
20 |
WEB
|
Ehsan Hosseini
|
|
2016-10-20
|
|
Classifieds Rental Script - SQL Injection
|
21 |
WEB
|
Arbin Godar
|
|
2016-10-20
|
|
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection
|
18 |
WEB
|
Jakub Palaczynski
|
|
2016-10-19
|
|
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
|
25 |
WEB
|
Joey Lane
|
|
2016-10-19
|
|
XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
17 |
WEB
|
Ahsan Tahir
|
|
2016-10-19
|
|
CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload
|
17 |
WEB
|
Besim
|
|
2016-10-18
|
|
Cgiemail 1.6 - Source Code Disclosure
|
24 |
WEB
|
Finbar Crago
|
|
2016-10-18
|
|
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
|
20 |
WEB
|
p0z
|
|
2016-10-18
|
|
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
|
21 |
WEB
|
Ahsan Tahir
|
|
2016-10-17
|
|
PHP Business Directory - Multiple Vulnerabilities
|
22 |
WEB
|
larrycompress
|
|
2016-10-14
|
|
School Full CBT 0.1 - SQL Injection
|
22 |
WEB
|
lahilote
|
|
2016-10-16
|
|
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
|
20 |
WEB
|
Meryem AKDOĞAN
|
|
2016-10-14
|
|
Simple Shopping Cart Application 0.1 - SQL Injection
|
22 |
WEB
|
lahilote
|
|
2016-10-16
|
|
PHP Image Database - Multiple Vulnerabilities
|
23 |
WEB
|
larrycompress
|
|
2016-10-17
|
|
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
|
21 |
WEB
|
Ahsan Tahir
|
|
2016-10-16
|
|
PHP Telephone Directory - Multiple Vulnerabilities
|
24 |
WEB
|
larrycompress
|
|
2016-10-14
|
|
Health Record System 0.1 - Authentication Bypass
|
26 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Fashion Shopping Cart 0.1 - SQL Injection
|
25 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Learning Management System 0.1 - Authentication Bypass
|
21 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Simple Dynamic Web 0.1 - SQL Injection
|
19 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Web Based Alumni Tracking System 0.1 - SQL Injection
|
20 |
WEB
|
lahilote
|
|
2016-10-14
|
|
Student Information System (SIS) 0.1 - Authentication Bypass
|
26 |
WEB
|
lahilote
|
|
2016-10-14
|
|
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
21 |
WEB
|
Arbin Godar
|
|
2016-10-14
|
|
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
|
21 |
WEB
|
Ehsan Hosseini
|
|
2016-10-14
|
|
Simple Forum PHP 2.4 - SQL Injection
|
22 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
JonhCMS 4.5.1 - SQL Injection
|
21 |
WEB
|
Besim
|
|
2016-10-13
|
|
RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass
|
18 |
WEB
|
Arbin Godar
|
|
2016-10-13
|
|
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
|
23 |
WEB
|
Besim
|
|
2016-10-13
|
|
Colorful Blog - Persistent Cross-Site Scripting
|
21 |
WEB
|
Besim
|
|
2016-10-13
|
|
Thatware 0.4.6 - SQL Injection
|
19 |
WEB
|
Besim
|
|
2016-10-13
|
|
Simple Blog PHP 2.0 - SQL Injection
|
22 |
WEB
|
Ehsan Hosseini
|
|
2016-10-13
|
|
Simple Blog PHP 2.0 - Multiple Vulnerabilities
|
19 |
WEB
|
Ehsan Hosseini
|
|
2016-10-12
|
|
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
|
18 |
WEB
|
Besim
|
|
2016-10-12
|
|
ApPHP MicroCMS 3.9.5 - Persistent Cross-Site Scripting
|
22 |
WEB
|
Besim
|
|
2016-10-12
|
|
OpenCimetiere 3.0.0-a5 - Blind SQL Injection
|
21 |
WEB
|
Wadeek
|
|
2016-10-12
|
|
NetBilletterie 2.8 - Multiple Vulnerabilities
|
20 |
WEB
|
Wadeek
|
|
2016-10-12
|
|
Categorizator 0.3.1 - SQL Injection
|
24 |
WEB
|
Wadeek
|
|
2016-10-11
|
|
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
|
24 |
WEB
|
Besim
|
|
2016-10-11
|
|
ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting
|
19 |
WEB
|
Besim
|
|
2016-10-11
|
|
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
|
22 |
WEB
|
SEC Consult
|
|
2016-10-11
|
|
AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities
|
21 |
WEB
|
Gergely Eberhardt
|
|
2016-10-11
|
|
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
|
22 |
WEB
|
Besim
|
|
2016-10-11
|
|
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
|
20 |
WEB
|
Besim
|
|
2016-10-10
|
|
Spacemarc News - Cross-Site Request Forgery (Add New Post)
|
23 |
WEB
|
Besim
|
|
2016-10-10
|
|
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
|
18 |
WEB
|
Besim
|
|
2016-10-09
|
|
PHP Press Release - Persistent Cross-Site Scripting
|
23 |
WEB
|
Besim
|
|
2016-10-09
|
|
PHP Press Release - Cross-Site Request Forgery (Add Admin)
|
22 |
WEB
|
Besim
|
|
2016-09-19
|
|
ShoreTel Connect ONSITE - Blind SQL Injection
|
31 |
WEB
|
Iraklis Mathiopoulos
|
|
2016-10-09
|
|
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
|
27 |
WEB
|
Besim
|
|
2016-10-07
|
|
Entrepreneur Job Portal Script 2.06 - SQL Injection
|
18 |
WEB
|
OoN_Boy
|
|
2016-10-07
|
|
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)
|
24 |
WEB
|
Besim
|
|
2016-10-06
|
|
Just Dial Clone Script - 'fid' SQL Injection
|
21 |
WEB
|
OoN_Boy
|
|
2016-10-06
|
|
MLM Unilevel Plan Script 1.0.2 - SQL Injection
|
22 |
WEB
|
N4TuraL
|
|
2016-10-06
|
|
B2B Portal Script - Blind SQL Injection
|
33 |
WEB
|
OoN_Boy
|
|
2016-10-06
|
|
PHP Classifieds Rental Script - Blind SQL Injection
|
20 |
WEB
|
OoN_Boy
|
|
2016-10-06
|
|
Advance MLM Script - SQL Injection
|
20 |
WEB
|
OoN_Boy
|
|
2016-10-05
|
|
Cisco Firepower Threat Management Console 6.0.1 - Local File Inclusion
|
17 |
WEB
|
KoreLogic
|
|
2016-10-05
|
|
Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution
|
18 |
WEB
|
KoreLogic
|
|
2016-10-05
|
|
Witbe - Remote Code Execution
|
21 |
WEB
|
BeLmar
|
|
2016-10-05
|
|
Picosafe Web GUI - Multiple Vulnerabilities
|
22 |
WEB
|
Shahab Shamsi
|
|
2016-09-28
|
|
Symantec Messaging Gateway 10.6.1 - Directory Traversal
|
23 |
WEB
|
R-73eN
|
|
2016-09-27
|
|
TP-Link Archer CR-700 - Cross-Site Scripting
|
20 |
WEB
|
Ayushman Dutta
|
|
2016-09-26
|
|
Joomla! Component Event Booking 2.10.1 - SQL Injection
|
21 |
WEB
|
Persian Hack Team
|
|
2016-09-22
|
|
Matrimonial Website Script 1.0.2 - SQL Injection
|
26 |
WEB
|
N4TuraL
|
|
2016-09-22
|
|
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities
|
28 |
WEB
|
SEC Consult
|
|
2016-09-22
|
|
Joomla! Component com_videogallerylite 1.0.9 - SQL Injection
|
22 |
WEB
|
Larry W. Cashdollar
|
|
2016-09-22
|
|
Exponent CMS 2.3.9 - Blind SQL Injection
|
25 |
WEB
|
Manuel García Cárdenas
|
|
2016-09-22
|
|
Microix Timesheet Module - SQL Injection
|
27 |
WEB
|
Anthony Cole
|
|
2016-09-20
|
|
Dolphin 7.3.0 - Error-Based SQL Injection
|
23 |
WEB
|
Kacper Szurek
|
|
2016-09-20
|
|
VegaDNS 0.13.2 - Remote Command Injection
|
26 |
WEB
|
Wireghoul
|
|
2016-09-19
|
|
ZineBasic 1.1 - Arbitrary File Disclosure
|
23 |
WEB
|
bd0rk
|
|
2016-09-19
|
|
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
|
21 |
WEB
|
Paul Baade & Sven Krewitt
|
|
2016-09-19
|
|
MyBB 1.8.6 - SQL Injection
|
22 |
WEB
|
Curesec Research Team
|
|
2016-09-19
|
|
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
|
25 |
WEB
|
Curesec Research Team
|
|
2016-09-19
|
|
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
|
29 |
WEB
|
david-peltier
|
|
2016-09-19
|
|
BuilderEngine 3.5.0 - Arbitrary File Upload
|
20 |
WEB
|
metanubix
|
|
2016-09-16
|
|
AnoBBS 1.0.1 - Remote File Inclusion
|
19 |
WEB
|
bd0rk
|
|
2016-09-15
|
|
Cisco EPC 3925 - Multiple Vulnerabilities
|
24 |
WEB
|
Patryk Bogdan
|
|
2016-09-13
|
|
Open-Xchange App Suite 7.8.2 - Cross-Site Scripting
|
18 |
WEB
|
Jakub A>>oczek
|
|
2016-09-13
|
|
Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities
|
23 |
WEB
|
Benjamin Daniel Mussler
|
|
2016-09-13
|
|
ASUS DSL-X11 ADSL Router - DNS Change
|
24 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - DNS Change
|
23 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
Tenda ADSL2/2+ Modem 963281TAN - DNS Change
|
29 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
PLANET VDR-300NU ADSL Router - DNS Change
|
30 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
PIKATEL 96338WS_ 96338L-2M-8M - DNS Change
|
22 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
Inteno EG101R1 VoIP Router - DNS Change
|
24 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
Exper EWM-01 ADSL/MODEM - DNS Change
|
28 |
WEB
|
Todor Donev
|
|
2016-09-13
|
|
Contrexx CMS egov Module 1.0.0 - SQL Injection
|
27 |
WEB
|
hamidreza borghei
|
|
2016-09-13
|
|
wdCalendar 2 - SQL Injection
|
30 |
WEB
|
Alfonso Castillo Angel
|
|
2016-09-13
|
|
Cherry Music 0.35.1 - Arbitrary File Disclosure
|
30 |
WEB
|
feedersec
|
|
2016-09-09
|
|
Airmail 3.0.2 - Cross-Site Scripting
|
25 |
WEB
|
redrain
|
|
2016-09-09
|
|
Vodafone Mobile Wifi - Reset Admin Password
|
23 |
WEB
|
Daniele Linguaglossa
|
|
2016-09-08
|
|
Zabbix 2.0 < 3.0.3 - SQL Injection
|
24 |
WEB
|
Zzzians
|
|
2016-09-08
|
|
Jobberbase 2.0 - Multiple Vulnerabilities
|
29 |
WEB
|
Ross Marks
|
|
2016-09-07
|
|
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
|
25 |
WEB
|
Dawid Golunski
|
|
2016-09-07
|
|
FreePBX 13.0.x < 13.0.154 - Remote Command Execution
|
24 |
WEB
|
i-Hmx
|
|
2016-09-07
|
|
CumulusClips 2.4.1 - Multiple Vulnerabilities
|
22 |
WEB
|
kor3k
|
|
2016-09-06
|
|
PHPIPAM 1.2.1 - Multiple Vulnerabilities
|
20 |
WEB
|
Saeed reza Zamanian
|
|
2016-09-05
|
|
WordPress Plugin RB Agency 2.4.7 - Local File Disclosure
|
30 |
WEB
|
Persian Hack Team
|
|
2016-09-04
|
|
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
|
25 |
WEB
|
b1ack0wl
|
|
2016-08-31
|
|
ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting
|
24 |
WEB
|
LiquidWorm
|
|
2016-08-31
|
|
ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass
|
25 |
WEB
|
LiquidWorm
|
|
2016-08-31
|
|
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
|
23 |
WEB
|
LiquidWorm
|
|
2016-08-31
|
|
ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)
|
28 |
WEB
|
LiquidWorm
|
|
2016-08-31
|
|
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution
|
28 |
WEB
|
LiquidWorm
|
|
2016-08-29
|
|
FreePBX 13.0.35 - SQL Injection
|
30 |
WEB
|
i-Hmx
|
|
2016-08-29
|
|
PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure
|
27 |
WEB
|
Rahul Raz
|
|
2016-08-29
|
|
Intellinet IP Camera INT-L100M20N - Unauthorized Admin Credential Change
|
24 |
WEB
|
Todor Donev
|
|
2016-08-29
|
|
HelpDeskZ 1.0.2 - Arbitrary File Upload
|
22 |
WEB
|
Lars Morgenroth
|
|
2016-08-29
|
|
FreePBX 13.0.35 - Remote Command Execution
|
22 |
WEB
|
0x4148
|
|
2016-08-24
|
|
WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload
|
21 |
WEB
|
T0w3ntum
|
|
2016-08-23
|
|
chatNow - Multiple Vulnerabilities
|
24 |
WEB
|
HaHwul
|
