|
2016-06-16
|
|
Tiki Wiki CMS Calendar 6.15/9.11 LTS/12.5 LTS/14.2 - Remote Code Execution
|
8 |
WEB
|
Dany Ouellet
|
|
2016-06-16
|
|
SlimCMS 0.1 - Cross-Site Request Forgery (Change Admin Password)
|
8 |
WEB
|
Avinash Thapa
|
|
2016-06-16
|
|
Roxy Fileman 1.4.4 - Arbitrary File Upload
|
7 |
WEB
|
Tyrell Sassen
|
|
2016-06-16
|
|
ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass
|
7 |
WEB
|
i-Hmx
|
|
2016-06-15
|
|
PHPLive 4.4.8 < 4.5.4 - Password Recovery SQL Injection
|
10 |
WEB
|
Tiago Carvalho
|
|
2016-06-15
|
|
jbFileManager - Directory Traversal
|
9 |
WEB
|
HaHwul
|
|
2016-06-15
|
|
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
|
8 |
WEB
|
Mehmet Ince
|
|
2016-06-15
|
|
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection
|
7 |
WEB
|
Hamed Izadi
|
|
2016-06-15
|
|
Dokeos 2.2.1 - Blind SQL Injection
|
9 |
WEB
|
Mormoroth
|
|
2016-06-15
|
|
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
|
7 |
WEB
|
LiquidWorm
|
|
2016-06-15
|
|
w2wiki - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
HaHwul
|
|
2016-06-15
|
|
Ultrabenosaurus ChatBoard - Cross-Site Request Forgery (Send Message)
|
7 |
WEB
|
HaHwul
|
|
2016-06-15
|
|
Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting
|
9 |
WEB
|
HaHwul
|
|
2016-06-14
|
|
WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite
|
12 |
WEB
|
wp0Day.com
|
|
2016-06-13
|
|
Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution
|
9 |
WEB
|
Alexander Gurin
|
|
2016-06-13
|
|
Joomla! Component com_payplans 3.3.6 - SQL Injection
|
9 |
WEB
|
Persian Hack Team
|
|
2016-06-13
|
|
Grid Gallery 1.0 - Admin Panel Authentication Bypass
|
9 |
WEB
|
Ali BawazeEer
|
|
2016-06-13
|
|
Dream Gallery 2.0 - Admin Panel Authentication Bypass
|
8 |
WEB
|
Ali BawazeEer
|
|
2016-06-13
|
|
Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload
|
7 |
WEB
|
Ali Ghanbari
|
|
2016-06-13
|
|
FRticket Ticket System - Persistent Cross-Site Scripting
|
8 |
WEB
|
Hamit Abis
|
|
2016-06-10
|
|
phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting
|
11 |
WEB
|
Kacper Szurek
|
|
2016-06-10
|
|
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
|
10 |
WEB
|
HaHwul
|
|
2016-06-10
|
|
Mobiketa 1.0 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
Murat Yilmazlar
|
|
2016-06-10
|
|
Dell OpenManage Server Administrator 8.3 - XML External Entity
|
6 |
WEB
|
hantwister
|
|
2016-06-08
|
|
Drale DBTableViewer 100123 - Blind SQL Injection
|
9 |
WEB
|
HaHwul
|
|
2016-06-07
|
|
Cisco EPC 3928 - Multiple Vulnerabilities
|
6 |
WEB
|
Patryk Bogdan
|
|
2016-06-06
|
|
Nagios XI 5.2.7 - Multiple Vulnerabilities
|
9 |
WEB
|
Security-Assessment.com
|
|
2016-06-06
|
|
rConfig 3.1.1 - Local File Inclusion
|
8 |
WEB
|
Gregory Pickett
|
|
2016-06-06
|
|
Notilus Travel Solution Software 2012 R3 - SQL Injection
|
8 |
WEB
|
Alex Haynes
|
|
2016-06-06
|
|
WordPress Plugin Double Opt-In for Download 2.0.9 - SQL Injection
|
7 |
WEB
|
Kacper Szurek
|
|
2016-06-06
|
|
WordPress Theme Uncode 1.3.1 - Arbitrary File Upload
|
9 |
WEB
|
wp0Day.com
|
|
2016-06-06
|
|
WordPress Theme Newspaper 6.7.1 - Privilege Escalation
|
8 |
WEB
|
wp0Day.com
|
|
2016-06-06
|
|
WordPress Plugin WP PRO Advertising System 4.6.18 - SQL Injection
|
7 |
WEB
|
wp0Day.com
|
|
2016-06-06
|
|
WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting
|
6 |
WEB
|
wp0Day.com
|
|
2016-06-06
|
|
WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload
|
7 |
WEB
|
Aaditya Purani
|
|
2016-06-06
|
|
Electroweb Online Examination System 1.0 - SQL Injection
|
6 |
WEB
|
Ali Ghanbari
|
|
2016-06-06
|
|
ArticleSetup 1.00 - Cross-Site Request Forgery (Change Admin Password)
|
5 |
WEB
|
Ali Ghanbari
|
|
2016-06-06
|
|
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)
|
5 |
WEB
|
lastc0de
|
|
2016-06-06
|
|
Apache Continuum 1.4.2 - Multiple Vulnerabilities
|
6 |
WEB
|
David Shanahan
|
|
2016-06-06
|
|
Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
Ali Ghanbari
|
|
2016-06-06
|
|
WordPress Plugin Simple Backup 2.7.11 - Multiple Vulnerabilities
|
8 |
WEB
|
PizzaHatHacker
|
|
2016-06-02
|
|
Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload
|
10 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-06-02
|
|
Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
|
7 |
WEB
|
Fernando Câmara
|
|
2016-06-02
|
|
Joomla! Component SecurityCheck 2.8.9 - Multiple Vulnerabilities
|
11 |
WEB
|
ADEO Security
|
|
2016-06-01
|
|
AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities
|
10 |
WEB
|
hyp3rlinx
|
|
2016-05-31
|
|
ProcessMaker 3.0.1.7 - Multiple Vulnerabilities
|
8 |
WEB
|
Mickael Dorigny
|
|
2016-05-31
|
|
AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities
|
9 |
WEB
|
Pablo Rebolini
|
|
2016-05-31
|
|
Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload
|
9 |
WEB
|
LiquidWorm
|
|
2016-05-30
|
|
Open Source Real Estate Script 3.6.0 - SQL Injection
|
12 |
WEB
|
Meisam Monsef
|
|
2016-05-27
|
|
PHP Realestate Script Script 4.9.0 - SQL Injection
|
9 |
WEB
|
Meisam Monsef
|
|
2016-05-26
|
|
EduSec 4.2.5 - SQL Injection
|
8 |
WEB
|
Bikramaditya Guha
|
|
2016-05-26
|
|
Real Estate Portal 4.1 - Multiple Vulnerabilities
|
9 |
WEB
|
Bikramaditya Guha
|
|
2016-05-24
|
|
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Inje
|
9 |
WEB
|
Mehmet Ince
|
|
2016-05-23
|
|
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
|
10 |
WEB
|
Julien Ahrens
|
|
2016-05-23
|
|
WordPress Plugin Job Script by Scubez - Remote Code Execution
|
9 |
WEB
|
Bikramaditya Guha
|
|
2016-05-19
|
|
SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure
|
7 |
WEB
|
ERPScan
|
|
2016-05-19
|
|
SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection
|
8 |
WEB
|
ERPScan
|
|
2016-05-18
|
|
Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File
|
11 |
WEB
|
agix
|
|
2016-05-17
|
|
SAP xMII 15.0 - Directory Traversal
|
11 |
WEB
|
ERPScan
|
|
2016-05-17
|
|
Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)
|
8 |
WEB
|
Karn Ganeshen
|
|
2016-05-16
|
|
Web2py 2.14.5 - Multiple Vulnerabilities
|
8 |
WEB
|
Narendra Bhati
|
|
2016-05-16
|
|
Web Interface for DNSmasq / Mikrotik - SQL Injection
|
9 |
WEB
|
hyp3rlinx
|
|
2016-05-16
|
|
eXtplorer 2.1.9 - '.ZIP' Directory Traversal
|
10 |
WEB
|
hyp3rlinx
|
|
2016-05-16
|
|
CakePHP Framework 3.2.4 - IP Spoofing
|
8 |
WEB
|
Dawid Golunski
|
|
2016-05-12
|
|
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s
|
9 |
WEB
|
Google Security Research
|
|
2016-05-12
|
|
WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities
|
8 |
WEB
|
Gwendal Le Coguic
|
|
2016-05-12
|
|
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
|
8 |
WEB
|
Gwendal Le Coguic
|
|
2016-05-10
|
|
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
|
10 |
WEB
|
Orwelllabs
|
|
2016-05-09
|
|
ZeewaysCMS - Multiple Vulnerabilities
|
14 |
WEB
|
Bikramaditya Guha
|
|
2016-05-09
|
|
Ajaxel CMS 8.0 - Multiple Vulnerabilities
|
12 |
WEB
|
DizzyDuck
|
|
2016-05-06
|
|
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
|
11 |
WEB
|
Saif El-Sherei
|
|
2016-05-06
|
|
DotNetNuke 07.04.00 - Administration Authentication Bypass
|
11 |
WEB
|
Marios Nicolaides
|
|
2016-05-04
|
|
Imagick 3.3.0 (PHP 5.4) - disable_functions Bypass
|
6 |
WEB
|
RicterZ
|
|
2016-05-04
|
|
IPFire < 2.19 Core Update 101 - Remote Command Execution
|
7 |
WEB
|
Yann CAM
|
|
2016-05-04
|
|
NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities
|
8 |
WEB
|
Bhadresh Patel
|
|
2016-05-04
|
|
WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
|
8 |
WEB
|
Johto Robbie
|
|
2016-05-04
|
|
CMS Made Simple < 1.12.1 / < 2.1.3 - Web Server Cache Poisoning
|
8 |
WEB
|
Mickaël Walter
|
|
2016-05-04
|
|
Alibaba Clone B2B Script - Admin Authentication Bypass
|
9 |
WEB
|
Meisam Monsef
|
|
2016-05-02
|
|
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download
|
9 |
WEB
|
Josh Brody
|
|
2016-04-29
|
|
GLPi 0.90.2 - SQL Injection
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2016-04-29
|
|
Merit Lilin IP Cameras - Multiple Vulnerabilities
|
8 |
WEB
|
Orwelllabs
|
|
2016-04-29
|
|
Observium 0.16.7533 - (Authenticated) Arbitrary Command Execution
|
8 |
WEB
|
Dolev Farhi
|
|
2016-04-29
|
|
Observium 0.16.7533 - Cross-Site Request Forgery
|
11 |
WEB
|
Dolev Farhi
|
|
2016-04-27
|
|
RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass
|
6 |
WEB
|
Milad Doorbash
|
|
2016-04-27
|
|
EMC ViPR SRM - Cross-Site Request Forgery
|
8 |
WEB
|
Han Sahin
|
|
2016-04-26
|
|
ImpressCMS 1.3.9 - SQL Injection
|
8 |
WEB
|
Manuel García Cárdenas
|
|
2016-04-25
|
|
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
12 |
WEB
|
LiquidWorm
|
|
2016-04-25
|
|
Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)
|
8 |
WEB
|
Federico Scalco
|
|
2016-04-25
|
|
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)
|
9 |
WEB
|
Federico Scalco
|
|
2016-04-25
|
|
C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting
|
7 |
WEB
|
Vulnerability-Lab
|
|
2016-04-25
|
|
Totemomail 4.x/5.x - Persistent Cross-Site Scripting
|
7 |
WEB
|
Vulnerability-Lab
|
|
2016-04-21
|
|
Gemtek CPE7000 / WLTCS-106 - Multiple Vulnerabilities
|
12 |
WEB
|
Federico Ramondino
|
|
2016-04-21
|
|
Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
|
8 |
WEB
|
Fakhir Karim Reda
|
|
2016-04-21
|
|
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities
|
7 |
WEB
|
Ozer Goker
|
|
2016-04-20
|
|
PHPBack 1.3.0 - SQL Injection
|
8 |
WEB
|
hyp3rlinx
|
|
2016-04-19
|
|
modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection
|
7 |
WEB
|
Felix Maduakor
|
|
2016-04-18
|
|
pfSense Community Edition 2.2.6 - Multiple Vulnerabilities
|
10 |
WEB
|
Security-Assessment.com
|
|
2016-04-18
|
|
Webutler CMS 3.2 - Cross-Site Request Forgery
|
9 |
WEB
|
Keerati T.
|
|
2016-04-18
|
|
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery / Cross-Site Scripting
|
9 |
WEB
|
cor3sm4sh3r
|
|
2016-04-18
|
|
WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery / Cross-Site Scripting
|
7 |
WEB
|
cor3sm4sh3r
|
|
2016-04-15
|
|
AirOS 6.x - Arbitrary File Upload
|
11 |
WEB
|
93c08539
|
|
2016-04-14
|
|
PHPmongoDB 1.0.0 - Multiple Vulnerabilities
|
11 |
WEB
|
Ozer Goker
|
|
2016-04-14
|
|
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
|
7 |
WEB
|
Orwelllabs
|
|
2016-04-14
|
|
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery
|
7 |
WEB
|
Aatif Shahdad
|
|
2016-04-13
|
|
Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload
|
8 |
WEB
|
Zhou Yu
|
|
2016-04-12
|
|
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion
|
7 |
WEB
|
bd0rk
|
|
2016-04-11
|
|
Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
|
7 |
WEB
|
Pedro Ribeiro
|
|
2016-04-11
|
|
Axis Network Cameras - Multiple Vulnerabilities
|
10 |
WEB
|
Orwelllabs
|
|
2016-04-11
|
|
RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities
|
9 |
WEB
|
Ozer Goker
|
|
2016-04-11
|
|
OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution
|
7 |
WEB
|
Naser Farhadi
|
|
2016-04-11
|
|
WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery
|
7 |
WEB
|
hyp3rlinx
|
|
2016-04-11
|
|
Hikvision Digital Video Recorder - Cross-Site Request Forgery
|
7 |
WEB
|
LiquidWorm
|
|
2016-04-08
|
|
op5 7.1.9 - Remote Command Execution
|
6 |
WEB
|
hyp3rlinx
|
|
2016-04-07
|
|
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
|
6 |
WEB
|
Orwelllabs
|
|
2016-04-06
|
|
SocialEngine 4.8.9 - SQL Injection
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2016-04-06
|
|
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2016-04-05
|
|
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
|
8 |
WEB
|
S3ba
|
|
2016-04-04
|
|
PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities
|
8 |
WEB
|
Orwelllabs
|
|
2016-04-01
|
|
WordPress Plugin Advanced Video 1.0 - Local File Inclusion
|
9 |
WEB
|
evait security GmbH
|
|
2016-03-31
|
|
Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal
|
10 |
WEB
|
Andreas Lindh
|
|
2016-03-31
|
|
MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)
|
11 |
WEB
|
LiquidWorm
|
|
2016-03-30
|
|
CubeCart 6.0.10 - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2016-03-28
|
|
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting
|
9 |
WEB
|
Sarim Kiani
|
|
2016-03-27
|
|
WordPress Plugin Photocart Link 1.6 - Local File Inclusion
|
7 |
WEB
|
CrashBandicot
|
|
2016-03-27
|
|
Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery
|
7 |
WEB
|
hyp3rlinx
|
