|
2016-02-15
|
|
Tiny Tiny RSS - Blind SQL Injection
|
21 |
WEB
|
Kacper Szurek
|
|
2015-08-27
|
|
Oracle GlassFish Server 4.1 - Directory Traversal
|
23 |
WEB
|
Trustwave's SpiderLabs
|
|
2016-02-10
|
|
Yeager CMS 1.2.1 - Multiple Vulnerabilities
|
30 |
WEB
|
SEC Consult
|
|
2016-02-10
|
|
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
|
20 |
WEB
|
Vulnerability-Lab
|
|
2010-03-10
|
|
Employee TimeClock Software 0.99 - SQL Injection
|
25 |
WEB
|
Secunia Research
|
|
2016-02-08
|
|
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities
|
17 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-02-08
|
|
WordPress Plugin WP User Frontend < 2.3.11 - Unrestricted Arbitrary File Upload
|
24 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation
|
20 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
|
19 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
|
20 |
WEB
|
hyp3rlinx
|
|
2016-02-08
|
|
Solr 3.5.0 - Arbitrary Data Deletion
|
20 |
WEB
|
N37
|
|
2016-02-04
|
|
Symphony CMS 2.6.3 - Multiple SQL Injections
|
19 |
WEB
|
Sachin Wagh
|
|
2016-02-04
|
|
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
|
22 |
WEB
|
Curesec Research Team
|
|
2016-02-04
|
|
OpenDocMan 1.3.4 - Cross-Site Request Forgery
|
15 |
WEB
|
Curesec Research Team
|
|
2016-02-04
|
|
UliCMS v9.8.1 - SQL Injection
|
16 |
WEB
|
Manuel García Cárdenas
|
|
2016-02-04
|
|
Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities
|
19 |
WEB
|
Pedro Ribeiro
|
|
2016-02-04
|
|
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
|
17 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-04
|
|
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
|
19 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-04
|
|
D-Link DVGN5402SP - Multiple Vulnerabilities
|
17 |
WEB
|
Karn Ganeshen
|
|
2016-02-04
|
|
GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities
|
18 |
WEB
|
Karn Ganeshen
|
|
2016-02-03
|
|
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting
|
21 |
WEB
|
Portcullis
|
|
2016-02-03
|
|
Jive Forums 5.5.25 - Directory Traversal
|
17 |
WEB
|
ZhaoHuAn
|
|
2016-02-03
|
|
TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections
|
19 |
WEB
|
Benetrix
|
|
2016-02-02
|
|
eClinicalWorks (CCMR) - Multiple Vulnerabilities
|
18 |
WEB
|
Jerold Hoong
|
|
2016-02-02
|
|
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery
|
20 |
WEB
|
Kaustubh G. Padwad
|
|
2016-02-01
|
|
ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation
|
24 |
WEB
|
GraphX
|
|
2016-02-01
|
|
Hippo CMS 10.1 - Multiple Vulnerabilities
|
28 |
WEB
|
LiquidWorm
|
|
2016-02-01
|
|
iScripts EasyCreate 3.0 - Remote Code Execution
|
29 |
WEB
|
Bikramaditya Guha
|
|
2016-02-01
|
|
iScripts EasyCreate 3.0 - Multiple Vulnerabilities
|
22 |
WEB
|
Bikramaditya Guha
|
|
2016-01-29
|
|
ProjectSend r582 - Multiple Vulnerabilities
|
23 |
WEB
|
Filippo Cavallarin
|
|
2016-01-29
|
|
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
|
21 |
WEB
|
ALIREZA_PROMIS
|
|
2016-01-28
|
|
SAP HANA 1.00.095 - hdbindexserver Memory Corruption
|
22 |
WEB
|
ERPScan
|
|
2016-01-28
|
|
Netgear WNR1000v4 - Authentication Bypass
|
20 |
WEB
|
Daniel Haake
|
|
2016-01-28
|
|
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
|
21 |
WEB
|
bd0rk
|
|
2016-01-28
|
|
Ramui Forum Script 9.0 - SQL Injection
|
18 |
WEB
|
bd0rk
|
|
2014-07-17
|
|
Fonality trixbox - 'index.php' Remote Code Execution
|
21 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'endpointcfg.php' Directory Traversal
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'repo.php' Directory Traversal
|
18 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'asterisk_info.php' Directory Traversal
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'index.php' Directory Traversal
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'endpoint_generic.php' SQL Injection
|
21 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection
|
26 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/create_account.php?country' SQL Injection
|
25 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php?affiliate_banner_id' SQL Injection
|
23 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/affiliate_signup.php?a_country' SQL Injection
|
23 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2016-01-27
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection
|
20 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-27
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities
|
19 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-27
|
|
BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities
|
24 |
WEB
|
Rahul Pratap Singh
|
|
2016-01-27
|
|
Secure Item Hub 1.0 iOS - Multiple Vulnerabilities
|
23 |
WEB
|
Vulnerability-Lab
|
|
2014-06-12
|
|
Yealink VoIP Phones - '/servlet' HTTP Response Splitting
|
23 |
WEB
|
Jesus Oquendo
|
|
2014-06-08
|
|
WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
|
21 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-05-19
|
|
Wiser Backup - Information Disclosure
|
29 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2016-01-26
|
|
Gongwalker API Manager 1.1 - Blind SQL Injection
|
23 |
WEB
|
HaHwul
|
|
2016-01-26
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
|
27 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2014-09-14
|
|
WordPress Plugin Wordfence Security - Multiple Vulnerabilities
|
23 |
WEB
|
Voxel@Night
|
|
2014-09-12
|
|
Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery
|
28 |
WEB
|
KnocKout
|
|
2016-01-25
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
|
18 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-25
|
|
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
|
22 |
WEB
|
Aatif Shahdad
|
|
2014-09-08
|
|
WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery
|
21 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery
|
20 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin WP to Twitter - Authentication Bypass
|
17 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
|
21 |
WEB
|
Voxel@Night
|
|
2014-09-07
|
|
WordPress Plugin Spider Facebook - 'facebook.php' SQL Injection
|
18 |
WEB
|
Claudio Viviani
|
|
2014-09-08
|
|
WordPress Theme Antioch - 'download.php' Arbitrary File Download
|
22 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Epic - 'download.php' Arbitrary File Download
|
20 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Authentic - 'download.php' Arbitrary File Download
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Urban City - 'download.php' Arbitrary File Download
|
25 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-08-26
|
|
Joomla! Component spidervideoplayer - 'theme' SQL Injection
|
25 |
WEB
|
Claudio Viviani
|
|
2014-08-24
|
|
WordPress Plugin KenBurner Slider - 'admin-ajax.php' Arbitrary File Download
|
20 |
WEB
|
MF0x
|
|
2014-08-22
|
|
MyAwards MyBB Module - Cross-Site Request Forgery
|
20 |
WEB
|
Vagineer
|
|
2014-08-20
|
|
ArticleFR - 'id' SQL Injection
|
18 |
WEB
|
High-Tech Bridge
|
|
2014-08-20
|
|
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
|
21 |
WEB
|
Pedro Ribeiro
|
|
2014-08-19
|
|
WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal
|
24 |
WEB
|
Henri Salo
|
|
2014-07-28
|
|
WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection
|
23 |
WEB
|
Amirh03in
|
|
2014-08-11
|
|
WordPress Plugin GB Gallery Slideshow - '/wp-admin/admin-ajax.php' SQL Injection
|
19 |
WEB
|
Claudio Viviani
|
|
2014-08-08
|
|
VoipSwitch - 'user.php' Local File Inclusion
|
24 |
WEB
|
0x4148
|
|
2014-05-28
|
|
WordPress Plugin HDW Player - '/wp-admin/admin.php' SQL Injection
|
23 |
WEB
|
Anant Shrivastava
|
|
2014-08-06
|
|
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
|
28 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-07-28
|
|
CMSimple 4.4.4 - 'color' Remote Code Execution
|
24 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
CMSimple 4.4.4 - Remote File Inclusion
|
21 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
CMSimple - Default Administrator Credentials
|
21 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
WordPress Plugin WhyDoWork AdSense - 'options-general.php' Cross-Site Request Forgery (Option Manipu
|
23 |
WEB
|
Dylan Irzi
|
|
2014-07-28
|
|
WordPress Plugin Lead Octopus Power - 'id' SQL Injection
|
21 |
WEB
|
Amirh03in
|
|
2014-07-23
|
|
Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass
|
18 |
WEB
|
Seth Art
|
|
2014-07-23
|
|
Ilya Birman E2 - '/@actions/comment-process' SQL Injection
|
21 |
WEB
|
High-Tech Bridge
|
|
2016-01-18
|
|
SeaWell Networks Spectrum - Multiple Vulnerabilities
|
22 |
WEB
|
Karn Ganeshen
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery
|
20 |
WEB
|
hyp3rlinx
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting
|
19 |
WEB
|
hyp3rlinx
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
|
22 |
WEB
|
hyp3rlinx
|
|
2014-05-28
|
|
WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal
|
23 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal
|
22 |
WEB
|
Anant Shrivastava
|
|
2014-07-14
|
|
WEBMIS CMS - Arbitrary File Upload
|
20 |
WEB
|
Jagriti Sahu
|
|
2014-07-14
|
|
WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload
|
22 |
WEB
|
Jagriti Sahu
|
|
2014-05-28
|
|
WordPress Plugin ENL NewsLetter - '/wp-admin/admin.php' SQL Injection
|
18 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin WP Rss Poster - '/wp-admin/admin.php' SQL Injection
|
21 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion
|
16 |
WEB
|
Anant Shrivastava
|
|
2014-07-13
|
|
WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection
|
17 |
WEB
|
MustLive
|
|
2014-07-10
|
|
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities
|
20 |
WEB
|
Govind Singh
|
|
2016-01-15
|
|
mcart.xls Bitrix Module 6.5.2 - SQL Injection
|
22 |
WEB
|
High-Tech Bridge SA
|
|
2016-01-15
|
|
Roundcube Webmail 1.1.3 - Directory Traversal
|
24 |
WEB
|
High-Tech Bridge SA
|
|
2016-01-15
|
|
phpDolphin 2.0.5 - Multiple Vulnerabilities
|
22 |
WEB
|
WhiteCollarGroup
|
|
2016-01-15
|
|
GlassFish Server - Arbitrary File Read
|
18 |
WEB
|
bingbing
|
|
2014-07-09
|
|
WordPress Plugin BSK PDF Manager - '/wp-admin/admin.php' Multiple SQL Injections
|
18 |
WEB
|
Claudio Viviani
|
|
2014-07-07
|
|
xClassified - 'ads.php' SQL Injection
|
23 |
WEB
|
Lazmania61
|
|
2014-07-07
|
|
AtomCMS - SQL Injection / Arbitrary File Upload
|
24 |
WEB
|
Jagriti Sahu
|
|
2014-05-19
|
|
WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload
|
19 |
WEB
|
SANTHO
|
|
2016-01-14
|
|
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
|
18 |
WEB
|
Bikramaditya Guha
|
|
2016-01-14
|
|
Manage Engine Applications Manager 12 - Multiple Vulnerabilities
|
24 |
WEB
|
Bikramaditya Guha
|
|
2016-01-14
|
|
SevOne NMS 5.3.6.0 - Remote Command Execution
|
22 |
WEB
|
@iamsecurity
|
|
2016-01-13
|
|
WhatsUp Gold 16.3 - Remote Code Execution
|
19 |
WEB
|
Matt Buzanowski
|
|
2014-06-24
|
|
ZeusCart - 'prodid' SQL Injection
|
25 |
WEB
|
Kenny Mathis
|
|
2014-06-10
|
|
WordPress Plugin Featured Comments - Cross-Site Request Forgery
|
24 |
WEB
|
Tom Adams
|
|
2014-06-10
|
|
WordPress Plugin JW Player for Flash & HTML5 Video - Cross-Site Request Forgery
|
25 |
WEB
|
Tom Adams
|
|
2014-06-08
|
|
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
|
24 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-05-15
|
|
Seo Panel - 'file' Directory Traversal
|
24 |
WEB
|
Eric Sesterhenn
|
|
2014-05-28
|
|
webEdition CMS - 'we_fs.php' SQL Injection
|
26 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-01-08
|
|
WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities
|
30 |
WEB
|
Rahul Pratap Singh
|
|
2014-05-24
|
|
PHP-Nuke 'Submit_News' Component - SQL Injection
|
25 |
WEB
|
ali ahmady
|
|
2014-05-23
|
|
Pyplate - 'addScript.py' Cross-Site Request Forgery
|
22 |
WEB
|
Henri Salo
|
|
2014-05-25
|
|
User Cake - Cross-Site Request Forgery
|
21 |
WEB
|
Dolev Farhi
|
|
2014-05-21
|
|
WordPress Plugin Booking System (Booking Calendar) - 'booking_form_id' SQL Injection
|
24 |
WEB
|
maodun
|
|
2016-01-07
|
|
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
|
22 |
WEB
|
Brian D. Hysell
|
|
2016-01-07
|
|
D-Link DCS-931L - Arbitrary File Upload (Metasploit)
|
23 |
WEB
|
Metasploit
|
|
2014-05-20
|
|
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
|
24 |
WEB
|
Manish Tanwar
|
|
2014-05-18
|
|
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
|
19 |
WEB
|
Ashiyane Digital Security Team
|
