Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2014-01-18   WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload 28 WEB Ashiyane Digital Security Team
2014-01-21   Imageview - 'upload.php' Arbitrary File Upload 30 WEB TUNISIAN CYBER
2014-01-13   Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections 30 WEB Rohan Stelling
2015-12-18   pfSense 2.2.5 - Directory Traversal 27 WEB R-73eN
2015-12-18   Ovidentia maillist Module 4.0 - Remote File Inclusion 27 WEB bd0rk
2015-12-18   Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution 30 WEB Andrew McNicol
2014-01-17   BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion 27 WEB AtT4CKxT3rR0r1ST
2014-01-17   BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin) 25 WEB AtT4CKxT3rR0r1ST
2014-01-17   BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection 30 WEB AtT4CKxT3rR0r1ST
2014-01-17   BloofoxCMS - '/bloofox/index.php?Username' SQL Injection 25 WEB AtT4CKxT3rR0r1ST
2014-01-16   Joomla! Component Sexy polling 1.0.8 - 'answer_id' SQL Injection 27 WEB High-Tech Bridge
2015-12-17   Zen Cart 1.5.4 - Local File Inclusion 30 WEB High-Tech Bridge SA
2014-01-10   Joomla! Component Almond Classifieds - Arbitrary File Upload 29 WEB DevilScreaM
2014-01-14   Atmail Webmail Server - Email Body HTML Injection 26 WEB Zhao Liang
2014-01-08   EZGenerator - Local File Disclosure / Cross-Site Request Forgery 29 WEB AtT4CKxT3rR0r1ST
2014-01-08   Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password) 26 WEB AtT4CKxT3rR0r1ST
2014-01-08   UAEPD Shopping Script - 'news.php?id' SQL Injection 29 WEB AtT4CKxT3rR0r1ST
2014-01-08   UAEPD Shopping Script - 'products.php' Multiple SQL Injections 31 WEB AtT4CKxT3rR0r1ST
2015-12-16   Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion 30 WEB bd0rk
2015-12-15   ArticleSetup Article Script 1.00 - SQL Injection 34 WEB Linux Zone Research Team
2015-12-15   Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions 30 WEB bd0rk
2014-01-07   Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Di 37 WEB AtT4CKxT3rR0r1ST
2014-01-07   Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Ma 31 WEB AtT4CKxT3rR0r1ST
2014-01-07   Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure 28 WEB AtT4CKxT3rR0r1ST
2014-01-07   Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection 27 WEB AtT4CKxT3rR0r1ST
2015-12-15   Tequila File Hosting 1.5 - Multiple Vulnerabilities 35 WEB Ashiyane Digital Security Team
2015-12-15   Ovidentia absences Module 2.64 - Remote File Inclusion 27 WEB bd0rk
2015-12-15   Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution 29 WEB Sec-1
2015-12-14   Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal 36 WEB High-Tech Bridge SA
2015-12-14   Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion 32 WEB High-Tech Bridge SA
2015-12-14   Polycom VVX-Series Business Media Phones - Directory Traversal 31 WEB Jake Reynolds
2015-12-14   WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation 41 WEB Kacper Szurek
2015-12-14   ECommerceMajor - 'productdtl.php?prodid' SQL Injection 29 WEB Rahul Pratap Singh
2014-01-07   Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Cre 30 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forger 29 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Reque 33 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection 33 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection 26 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection 32 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection 26 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection 29 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection 29 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection 31 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection 29 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection 27 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection 33 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection 34 WEB AtT4CKxT3rR0r1ST
2014-01-07   Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection 32 WEB AtT4CKxT3rR0r1ST
2014-01-07   Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload 31 WEB TUNISIAN CYBER
2013-10-03   SPAMINA Cloud Email Firewall - Directory Traversal 32 WEB Sisco Barrera
2015-12-12   GoAutoDial CE 3.3 - Multiple SQL Injections / Command Injection 34 WEB R-73eN
2013-12-24   xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion 31 WEB TUNISIAN CYBER
2013-12-30   WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal 36 WEB Henri Salo
2013-12-30   CMS Afroditi - 'id' SQL Injection 36 WEB projectzero labs
2015-12-10   Skybox Platform < 7.0.611 - Multiple Vulnerabilities 41 WEB SEC Consult
2015-12-10   Gökhan Balbal Script 2.0 - Cross-Site Request Forgery 37 WEB KnocKout
2015-12-10   iy10 Dizin Scripti - Multiple Vulnerabilities 39 WEB KnocKout
2013-12-17   WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery 35 WEB MustLive
2013-12-25   AFCommerce - 'controlheader.php' Remote File Inclusion 37 WEB NoGe
2013-12-25   AFCommerce - 'adminpassword.php' Remote File Inclusion 33 WEB NoGe
2013-12-25   AFCommerce - 'adblock.php' Remote File Inclusion 34 WEB NoGe
2013-12-26   JForum 'adminUsers' Module - Cross-Site Request Forgery 35 WEB arno
2015-12-09   WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery 33 WEB Mysticism
2015-12-09   WIMAX MT711x - Multiple Vulnerabilities 39 WEB alimp5
2015-12-09   WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities 35 WEB alimp5
2013-12-18   Leed - 'id' SQL Injection 32 WEB Alexandre Herzog
2013-12-14   Osclass - Multiple Input Validation Vulnerabilities 31 WEB R3d-D3V!L
2015-12-08   dotCMS 3.2.4 - Multiple Vulnerabilities 32 WEB LiquidWorm
2015-12-08   WordPress Plugin Polls Widget 1.0.7 - SQL Injection 35 WEB WICS
2015-12-08   PHP Utility Belt - Remote Code Execution 37 WEB WICS
2015-12-08   OpenMRS 2.3 (1.11.4) - Local File Disclosure 39 WEB LiquidWorm
2015-12-08   OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities 33 WEB LiquidWorm
2015-12-08   OpenMRS 2.3 (1.11.4) - Expression Language Injection 30 WEB LiquidWorm
2015-12-08   OpenMRS 2.3 (1.11.4) - XML External Entity Processing 46 WEB LiquidWorm
2015-12-08   SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities 31 WEB HaHwul
2013-12-15   iScripts AutoHoster - 'id' Local File Inclusion 31 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'fname' Local File Inclusion 31 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'tmpid' Local File Inclusion 33 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'main_smtp.php' Traversal 32 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'invno' SQL Injection 32 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'additionalsettings.php' SQL Injection 30 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection 34 WEB i-Hmx
2013-12-15   iScripts AutoHoster - 'checktransferstatus.php' SQL Injection 33 WEB i-Hmx
2013-12-13   Dynamic Biz Website Builder 'QuickWeb' 1.0 - '/login.asp' Multiple Field SQL Injections / Authentica 34 WEB R3d-D3V!L
2013-12-13   Dynamic Biz Website Builder (QuickWeb) 1.0 - '/apps/news-events/newdetail.asp?id' SQL Injection 30 WEB R3d-D3V!L
2013-12-17   Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation) 30 WEB sajith
2013-12-11   Veno File Manager - 'q' Arbitrary File Download 28 WEB Daniel Godoy
2013-12-14   Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections 33 WEB R3d-D3V!L
2013-12-16   C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass) 30 WEB R3d-D3V!L
2013-12-16   C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp?pa' SQL Injection 27 WEB R3d-D3V!L
2013-12-09   osCMax - Arbitrary File Upload / Full Path Information Disclosure 29 WEB KedAns-Dz
2013-12-13   BoastMachine - 'blog' SQL Injection 34 WEB Omar Kurt
2013-12-11   eduTrac - 'showmask' Directory Traversal 33 WEB High-Tech Bridge
2013-12-08   WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload 30 WEB Ashiyane Digital Security Team
2013-12-06   WordPress Plugin Easy Career Openings - 'jobid' SQL Injection 28 WEB Iranian_Dark_Coders_Team
2015-12-04   WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities 32 WEB KedAns-Dz
2015-12-04   WordPress Plugin Sell Download 1.0.16 - Local File Disclosure 32 WEB KedAns-Dz
2015-12-04   WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities 29 WEB KedAns-Dz
2013-12-06   NeoBill 0.9-alpha - 'language' Local File Inclusion 30 WEB KedAns-Dz
2013-12-06   NeoBill - '/install/include/solidstate.php' Multiple SQL Injections 26 WEB KedAns-Dz
2013-12-06   NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution 31 WEB KedAns-Dz
2013-12-06   Enorth Webpublisher CMS - 'thisday' SQL Injection 30 WEB xin.wang
2015-12-03   WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion 33 WEB High-Tech Bridge SA
2015-12-03   WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting 29 WEB Panagiotis Vagenas
2015-12-03   WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection 31 WEB Panagiotis Vagenas
2013-12-02   D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure 33 WEB tytusromekiatomek
2013-12-01   PHPThumb - 'PHPThumb.php' Arbitrary File Upload 35 WEB DevilScreaM
2013-11-20   WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload 37 WEB DevilScreaM
2013-11-23   WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery 31 WEB Haider Mahmood
2013-11-18   TomatoCart 1.1.8.2 - 'class' Local File Inclusion 31 WEB Esac
2013-11-13   Testa OTMS - Multiple SQL Injections 27 WEB Ashiyane Digital Security Team
2015-12-01   ZenPhoto 1.4.10 - Local File Inclusion 28 WEB hyp3rlinx
2015-12-01   Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities 29 WEB Rahul Pratap Singh
2015-12-01   Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting 31 WEB Mehdi Alouache
2015-12-01   ntop-ng 2.0.151021 - Privilege Escalation 30 WEB Dolev Farhi
2015-12-01   Kodi 15 - Web Interface Arbitrary File Access 28 WEB Machiel Pronk
2015-11-30   HumHub 0.11.2/0.20.0-beta.2 - SQL Injection 31 WEB LSE Leading Security Experts GmbH
2015-11-30   MyCustomers CMS 1.3.873 - SQL Injection 33 WEB Persian Hack Team
2013-11-17   Limonade Framework - 'limonade.php' Local File Disclosure 37 WEB Yashar shahinzadeh
2015-11-28   SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit) 30 WEB hland
2013-11-01   WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload 38 WEB Bet0
2013-10-21   Course Registration Management System - Cross-Site Scripting / SQL Injection 39 WEB Omar Kurt
2013-10-25   JReport - 'dealSchedules.jsp' Cross-Site Request Forgery 38 WEB Poonam Singh
2013-10-20   Joomla! Component Maian15 - 'name' Arbitrary File Upload 33 WEB SultanHaikal
2013-10-23   WordPress Theme Daily Deal - Arbitrary File Upload 32 WEB DevilScreaM