|
2015-11-30
|
|
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
|
8 |
WEB
|
LSE Leading Security Experts GmbH
|
|
2015-11-30
|
|
MyCustomers CMS 1.3.873 - SQL Injection
|
9 |
WEB
|
Persian Hack Team
|
|
2013-11-17
|
|
Limonade Framework - 'limonade.php' Local File Disclosure
|
11 |
WEB
|
Yashar shahinzadeh
|
|
2015-11-28
|
|
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)
|
10 |
WEB
|
hland
|
|
2013-11-01
|
|
WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload
|
10 |
WEB
|
Bet0
|
|
2013-10-21
|
|
Course Registration Management System - Cross-Site Scripting / SQL Injection
|
13 |
WEB
|
Omar Kurt
|
|
2013-10-25
|
|
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
|
10 |
WEB
|
Poonam Singh
|
|
2013-10-20
|
|
Joomla! Component Maian15 - 'name' Arbitrary File Upload
|
10 |
WEB
|
SultanHaikal
|
|
2013-10-23
|
|
WordPress Theme Daily Deal - Arbitrary File Upload
|
11 |
WEB
|
DevilScreaM
|
|
2013-10-08
|
|
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
|
7 |
WEB
|
Napsterakos
|
|
2013-10-09
|
|
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
|
7 |
WEB
|
Mateusz Goik
|
|
2013-10-09
|
|
Bugzilla - 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Mateusz Goik
|
|
2015-11-24
|
|
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
|
11 |
WEB
|
Pier-Luc Maltais
|
|
2013-09-27
|
|
FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Sarahma Security
|
|
2013-09-27
|
|
FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection
|
5 |
WEB
|
Sarahma Security
|
|
2013-10-11
|
|
Bilboplanet - 'auth.php' SQL Injection
|
8 |
WEB
|
Omar Kurt
|
|
2015-11-23
|
|
vBulletin 5.x - Remote Code Execution
|
10 |
WEB
|
Mohammad Reza Espargham
|
|
2013-10-10
|
|
Ziteman CMS - Login Page SQL Injection
|
7 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-10-13
|
|
vBulletin 4.1.x - '/install/upgrade.php' Security Bypass
|
8 |
WEB
|
Joshua Rogers
|
|
2013-10-08
|
|
Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal
|
7 |
WEB
|
Ding Yu-Chi
|
|
2013-10-07
|
|
WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution
|
7 |
WEB
|
wantexz
|
|
2013-10-03
|
|
WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution
|
6 |
WEB
|
wantexz
|
|
2013-10-02
|
|
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
|
8 |
WEB
|
Yu-Chi Ding
|
|
2013-09-23
|
|
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
|
9 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-09-21
|
|
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
|
9 |
WEB
|
SixP4ck3r
|
|
2015-11-20
|
|
Cambium ePMP 1000 - Multiple Vulnerabilities
|
9 |
WEB
|
Karn Ganeshen
|
|
2015-11-20
|
|
ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
|
9 |
WEB
|
Karn Ganeshen
|
|
2015-11-20
|
|
ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
|
8 |
WEB
|
Karn Ganeshen
|
|
2013-09-20
|
|
MentalJS - Sandbox Security Bypass
|
9 |
WEB
|
Rafay Baloch
|
|
2013-09-20
|
|
Monstra CMS 1.2.0 - 'login' SQL Injection
|
9 |
WEB
|
linc0ln.dll
|
|
2013-09-19
|
|
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
|
9 |
WEB
|
MustLive
|
|
2013-09-19
|
|
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
|
12 |
WEB
|
MustLive
|
|
2015-11-19
|
|
Horde Groupware 5.2.10 - Cross-Site Request Forgery
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2015-11-19
|
|
Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Un_N0n
|
|
2013-09-17
|
|
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
|
7 |
WEB
|
MustLive
|
|
2013-09-18
|
|
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
|
8 |
WEB
|
MustLive
|
|
2013-09-13
|
|
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-09-10
|
|
eTransfer Lite - 'file name' HTML Injection
|
9 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-09-07
|
|
WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
anonymous
|
|
2015-11-18
|
|
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
|
9 |
WEB
|
Panagiotis Vagenas
|
|
2013-09-03
|
|
Flo CMS - 'archivem' SQL Injection
|
10 |
WEB
|
ACC3SS
|
|
2013-09-03
|
|
dBlog CMS - 'm' SQL Injection
|
8 |
WEB
|
ACC3SS
|
|
2013-08-21
|
|
Xibo - Cross-Site Request Forgery
|
9 |
WEB
|
Jacob Holcomb
|
|
2013-08-21
|
|
Xibo - 'layout' HTML Injection
|
7 |
WEB
|
Jacob Holcomb
|
|
2013-08-29
|
|
appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities
|
9 |
WEB
|
Yashar shahinzadeh
|
|
2013-08-26
|
|
cm3 Acora CMS - 'top.aspx' Information Disclosure
|
8 |
WEB
|
Pedro Andujar
|
|
2013-08-23
|
|
SearchBlox - Multiple Information Disclosure Vulnerabilities
|
9 |
WEB
|
Ricky Roane Jr
|
|
2013-07-31
|
|
Plone - 'in_portal.py' < 4.1.3 Session Hijacking
|
9 |
WEB
|
Cyrill Bannwart
|
|
2013-08-21
|
|
Twilight CMS - DeWeS Web Server Directory Traversal
|
7 |
WEB
|
High-Tech Bridge
|
|
2015-11-16
|
|
ClipperCMS 1.3.0 - Multiple SQL Injections
|
9 |
WEB
|
Curesec Research Team
|
|
2015-11-16
|
|
AlegroCart 1.2.8 - Local/Remote File Inclusion
|
9 |
WEB
|
Curesec Research Team
|
|
2015-11-16
|
|
AlegroCart 1.2.8 - Multiple SQL Injections
|
9 |
WEB
|
Curesec Research Team
|
|
2013-08-20
|
|
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-07-16
|
|
MCImageManager - Multiple Vulnerabilities
|
9 |
WEB
|
MustLive
|
|
2015-11-16
|
|
D-Link DIR-816L Wireless Router - Cross-Site Request Forgery
|
8 |
WEB
|
Bhadresh Patel
|
|
2015-11-16
|
|
VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting
|
7 |
WEB
|
Andrea Sindoni
|
|
2015-11-16
|
|
CF Image Host 1.65 - PHP Command Injection
|
8 |
WEB
|
hyp3rlinx
|
|
2015-11-16
|
|
CF Image Host 1.65 - Cross-Site Request Forgery
|
6 |
WEB
|
hyp3rlinx
|
|
2013-08-15
|
|
ACal 2.2.6 - 'view' Local File Inclusion
|
6 |
WEB
|
ICheer_No0M
|
|
2013-08-13
|
|
DotNetNuke 6.1.x - Cross-Site Scripting
|
8 |
WEB
|
Sajjad Pourali
|
|
2013-08-13
|
|
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
|
11 |
WEB
|
Takeshi Terada
|
|
2013-08-08
|
|
Advanced Guestbook - 'addentry.php' Arbitrary File Upload
|
9 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-08-07
|
|
Kwok Information Server - Multiple SQL Injections
|
7 |
WEB
|
Yogesh Phadtare
|
|
2013-08-01
|
|
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
|
10 |
WEB
|
Fara Rustein
|
|
2015-11-13
|
|
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection
|
10 |
WEB
|
hyp3rlinx
|
|
2015-11-12
|
|
R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2013-07-31
|
|
Jahia xCM - '/administration/' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge
|
|
2013-07-31
|
|
Jahia xCM - '/engines/manager.jsp?site' Cross-Site Scripting
|
9 |
WEB
|
High-Tech Bridge
|
|
2013-07-25
|
|
Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
xistence
|
|
2015-11-11
|
|
WordPress Plugin WP Fastest Cache 0.8.4.8 - Blind SQL Injection
|
9 |
WEB
|
Kacper Szurek
|
|
2013-07-24
|
|
vBulletin 4.0.2 - 'update_order' SQL Injection
|
10 |
WEB
|
n3tw0rk
|
|
2013-07-24
|
|
WordPress Plugin Duplicator - Cross-Site Scripting
|
10 |
WEB
|
High-Tech Bridge
|
|
2013-07-24
|
|
Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge
|
|
2013-07-22
|
|
WordPress Plugin FlagEm - 'cID' Cross-Site Scripting
|
9 |
WEB
|
IeDb ir
|
|
2013-07-22
|
|
Collabtive - Multiple Vulnerabilities
|
10 |
WEB
|
Enrico Cinquini
|
|
2015-11-10
|
|
YesWiki 0.2 - 'template' Directory Traversal
|
11 |
WEB
|
HaHwul
|
|
2015-11-10
|
|
Jenkins 1.633 - Credential Recovery
|
9 |
WEB
|
The Repo
|
|
2015-11-09
|
|
TestLink 1.9.14 - Cross-Site Request Forgery
|
10 |
WEB
|
Aravind C Ajayan_ Balagopal N
|
|
2015-11-09
|
|
Arris TG1682G Modem - Persistent Cross-Site Scripting
|
9 |
WEB
|
Nu11By73
|
|
2013-07-11
|
|
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
|
9 |
WEB
|
EntPro Cyber Security Research Group
|
|
2013-07-12
|
|
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
|
8 |
WEB
|
Adam Willard
|
|
2013-07-12
|
|
OpenEMR 4.1 - 'note' HTML Injection
|
8 |
WEB
|
Nate Drier
|
|
2013-07-12
|
|
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
|
7 |
WEB
|
Adam Willard
|
|
2015-11-07
|
|
Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection
|
8 |
WEB
|
Dawid Golunski
|
|
2015-11-07
|
|
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)
|
8 |
WEB
|
Dawid Golunski
|
|
2015-11-07
|
|
Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution
|
8 |
WEB
|
Dawid Golunski
|
|
2015-11-06
|
|
WordPress Plugin My Calendar 2.4.10 - Multiple Vulnerabilities
|
8 |
WEB
|
Mysticism
|
|
2015-11-06
|
|
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
hyp3rlinx
|
|
2015-11-06
|
|
NXFilter 3.0.3 - Cross-Site Request Forgery
|
8 |
WEB
|
hyp3rlinx
|
|
2013-07-12
|
|
WordPress Plugin Pie Register - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
gravitylover
|
|
2013-07-12
|
|
S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting
|
8 |
WEB
|
Omar Kurt
|
|
2015-11-05
|
|
JSSE - SKIP-TLS
|
7 |
WEB
|
Ramon de C Valle
|
|
2015-11-05
|
|
OpenSSL - Alternative Chains Certificate Forgery
|
7 |
WEB
|
Ramon de C Valle
|
|
2013-07-11
|
|
WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Netsparker
|
|
2013-07-10
|
|
Mintboard - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Canberk BOLAT
|
|
2013-07-10
|
|
iVote - 'details.php' SQL Injection
|
10 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-07-06
|
|
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
|
8 |
WEB
|
indoushka
|
|
2015-11-05
|
|
vBulletin 5.1.x - Remote Code Execution
|
8 |
WEB
|
hhjj
|
|
2013-05-29
|
|
HostBill - 'cpupdate.php' Authentication Bypass
|
8 |
WEB
|
localhost.re
|
|
2013-07-02
|
|
WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting
|
9 |
WEB
|
Iranian Exploit DataBase
|
|
2013-07-02
|
|
WordPress Plugin WP Feed - 'nid' SQL Injection
|
8 |
WEB
|
Iranian Exploit DataBase
|
|
2013-06-30
|
|
WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting
|
8 |
WEB
|
Prakhar Prasad
|
|
2013-06-30
|
|
WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Cross-Site Scripting
|
8 |
WEB
|
Prakhar Prasad
|
|
2013-06-30
|
|
Atomy Maxsite - 'index.php' Arbitrary File Upload
|
8 |
WEB
|
Iranian_Dark_Coders_Team
|
|
2013-06-29
|
|
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
|
8 |
WEB
|
IeDb ir
|
|
2013-06-29
|
|
Nameko - 'nameko.php' Cross-Site Scripting
|
6 |
WEB
|
Andrea Menin
|
|
2012-06-28
|
|
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
|
8 |
WEB
|
Benjamin Kunz Mejri
|
|
2015-11-02
|
|
actiTIME 2015.2 - Multiple Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2013-06-15
|
|
ZamFoo - 'date' Remote Command Injection
|
10 |
WEB
|
localhost.re
|
|
2013-06-26
|
|
Xaraya - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge
|
|
2013-06-25
|
|
Barnraiser Prairie - 'get_file.php' Directory Traversal
|
9 |
WEB
|
prairie
|
|
2013-06-24
|
|
FtpLocate - HTML Injection
|
8 |
WEB
|
Chako
|
|
2013-06-19
|
|
Joomla! Component com_rokdownloads - Arbitrary File Upload
|
10 |
WEB
|
Am!r
|
|
2013-06-18
|
|
et-chat - Privilege Escalation / Arbitrary File Upload
|
9 |
WEB
|
MR.XpR
|
|
2013-06-17
|
|
BloofoxCMS - 'index.php' Arbitrary File Upload
|
11 |
WEB
|
CWH Underground
|
|
2013-06-12
|
|
WordPress Plugin NextGEN Gallery - 'upload.php' Arbitrary File Upload
|
8 |
WEB
|
Marcos Garcia
|
|
2015-10-30
|
|
Oxwall 1.7.4 - Cross-Site Request Forgery
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2015-10-30
|
|
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
|
9 |
WEB
|
Curesec Research Team
|
|
2015-10-30
|
|
Pligg CMS 2.0.2 - Directory Traversal
|
9 |
WEB
|
Curesec Research Team
|
|
2015-10-30
|
|
Pligg CMS 2.0.2 - Multiple SQL Injections
|
9 |
WEB
|
Curesec Research Team
|
|
2015-10-30
|
|
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
|
7 |
WEB
|
Dolev Farhi
|
|
2015-10-30
|
|
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery / Privilege Escalation
|
8 |
WEB
|
hyp3rlinx
|
|
2015-10-30
|
|
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
|
6 |
WEB
|
Dawid Golunski
|
|
2015-10-30
|
|
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
hyp3rlinx
|
|
2013-06-11
|
|
mkCMS - 'index.php' Arbitrary PHP Code Execution
|
9 |
WEB
|
CWH Underground
|
