|
2015-10-13
|
|
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
|
19 |
WEB
|
Karn Ganeshen
|
|
2015-10-13
|
|
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
|
20 |
WEB
|
Karn Ganeshen
|
|
2015-10-11
|
|
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Exec
|
22 |
WEB
|
LiquidWorm
|
|
2015-10-11
|
|
Joomla! Component com_realestatemanager 3.7 - SQL Injection
|
25 |
WEB
|
Omer Ramić
|
|
2015-10-11
|
|
Liferay 6.1.0 CE - Privilege Escalation
|
21 |
WEB
|
Massimo De Luca
|
|
2013-04-10
|
|
WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-04-09
|
|
phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
|
21 |
WEB
|
waraxe
|
|
2013-04-09
|
|
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
|
22 |
WEB
|
Beni_Vanda
|
|
2013-04-09
|
|
EasyPHP - '/index.php' Authentication Bypass / Remote PHP Code Injection
|
22 |
WEB
|
KedAns-Dz
|
|
2013-04-05
|
|
Zimbra - 'aspell.php' Cross-Site Scripting
|
19 |
WEB
|
Michael Scherer
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/admin_index.php?q' SQL Injection
|
21 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/checklogin.php?Username' SQL Injection
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/user_add_save.php?email' SQL Injection
|
17 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/traffic.php?var' SQL Injection
|
19 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/router.php?BasicLogin' Cookie SQL Injection
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple SQL Injections
|
16 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/reset_password.php' Multiple SQL Injections
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/linktick.php?site' SQL Injection
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple SQL Injections
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/edit_user.php?id' SQL Injection
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2013-04-05
|
|
PHP Address Book - '/addressbook/register/delete_user.php?id' SQL Injection
|
18 |
WEB
|
Jurgen Voorneveld
|
|
2015-10-08
|
|
Kallithea 0.2.9 - 'came_from' HTTP Response Splitting
|
19 |
WEB
|
LiquidWorm
|
|
2013-04-03
|
|
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
|
18 |
WEB
|
High-Tech Bridge
|
|
2013-04-03
|
|
Symphony - 'sort' SQL Injection
|
18 |
WEB
|
High-Tech Bridge
|
|
2013-04-03
|
|
e107 - 'content_preset.php' Cross-Site Scripting
|
19 |
WEB
|
Simon Bieber
|
|
2013-04-03
|
|
C2 WebResource - 'File' Cross-Site Scripting
|
18 |
WEB
|
anonymous
|
|
2013-03-30
|
|
WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting
|
19 |
WEB
|
Stefan Schurtz
|
|
2013-03-27
|
|
OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities
|
24 |
WEB
|
3spi0n
|
|
2015-10-07
|
|
Zope Management Interface 4.3.7 - Cross-Site Request Forgery
|
22 |
WEB
|
hyp3rlinx
|
|
2013-03-25
|
|
WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection
|
19 |
WEB
|
Fernando A. Lagos B
|
|
2015-10-06
|
|
ZTE ZXHN H108N Router - Configuration Disclosure
|
19 |
WEB
|
Todor Donev
|
|
2013-03-23
|
|
Jaow CMS - 'add_ons' Cross-Site Scripting
|
23 |
WEB
|
Metropolis
|
|
2015-10-06
|
|
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
|
25 |
WEB
|
Raffaele Forte
|
|
2015-10-06
|
|
PHP-Fusion 7.02.07 - Blind SQL Injection
|
20 |
WEB
|
Manuel García Cárdenas
|
|
2015-10-05
|
|
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
|
23 |
WEB
|
MohamadReza Mohajerani
|
|
2015-10-05
|
|
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal
|
20 |
WEB
|
xistence
|
|
2013-03-19
|
|
WordPress Plugin Occasions - Cross-Site Request Forgery
|
27 |
WEB
|
m3tamantra
|
|
2013-03-14
|
|
Petite Annonce - Cross-Site Scripting
|
22 |
WEB
|
Metropolis
|
|
2013-03-11
|
|
PHPBoost - Arbitrary File Upload / Information Disclosure
|
24 |
WEB
|
KedAns-Dz
|
|
2013-03-11
|
|
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
|
21 |
WEB
|
KedAns-Dz
|
|
2015-10-02
|
|
ElasticSearch 1.6.0 - Arbitrary File Download
|
20 |
WEB
|
Pedro Andujar
|
|
2015-10-02
|
|
FTGate 7 - Cross-Site Request Forgery
|
20 |
WEB
|
hyp3rlinx
|
|
2015-10-02
|
|
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities
|
20 |
WEB
|
hyp3rlinx
|
|
2013-03-11
|
|
Privoxy Proxy - Authentication Information Disclosure
|
18 |
WEB
|
Chris John Riley
|
|
2013-03-11
|
|
WordPress Plugin podPress - 'playerID' Cross-Site Scripting
|
22 |
WEB
|
hiphop
|
|
2013-03-10
|
|
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
|
21 |
WEB
|
Manuel García Cárdenas
|
|
2013-03-10
|
|
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
|
20 |
WEB
|
MustLive
|
|
2013-03-08
|
|
WordPress Plugin Terillion Reviews - Profile Id HTML Injection
|
21 |
WEB
|
Aditya Balapure
|
|
2013-03-01
|
|
Question2Answer - Cross-Site Request Forgery
|
21 |
WEB
|
MustLive
|
|
2015-10-01
|
|
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
|
23 |
WEB
|
neom22
|
|
2013-03-08
|
|
Your Own Classifieds - Cross-Site Scripting
|
18 |
WEB
|
Rafay Baloch
|
|
2013-02-06
|
|
Verax NMS - Multiple Method Authentication Bypass
|
21 |
WEB
|
Andrew Brooks
|
|
2013-02-23
|
|
File Manager - HTML Injection / Local File Inclusion
|
24 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-03-05
|
|
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
|
20 |
WEB
|
alejandr0.m0f0
|
|
2013-03-04
|
|
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
|
21 |
WEB
|
Julien Ahrens
|
|
2013-03-01
|
|
WordPress Plugin Uploader - 'blog' Cross-Site Scripting
|
25 |
WEB
|
CodeV
|
|
2013-03-02
|
|
Plogger - Multiple Input Validation Vulnerabilities
|
20 |
WEB
|
Saadat Ullah
|
|
2015-09-29
|
|
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
|
28 |
WEB
|
Pedro Ribeiro
|
|
2015-09-29
|
|
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
|
18 |
WEB
|
absane
|
|
2015-09-28
|
|
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
|
25 |
WEB
|
Benjamin Daniel Mussler
|
|
2015-09-28
|
|
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload
|
16 |
WEB
|
Vulnerability-Lab
|
|
2015-09-28
|
|
My.WiFi USB Drive 1.0 iOS - Local File Inclusion
|
23 |
WEB
|
Vulnerability-Lab
|
|
2015-09-28
|
|
Centreon 2.6.1 - Multiple Vulnerabilities
|
28 |
WEB
|
LiquidWorm
|
|
2015-09-28
|
|
Mango Automation 2.6.0 - Multiple Vulnerabilities
|
22 |
WEB
|
LiquidWorm
|
|
2013-02-27
|
|
Geeklog - Cross-Site Scripting
|
17 |
WEB
|
High-Tech Bridge
|
|
2013-02-26
|
|
JForum - 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities
|
20 |
WEB
|
ZeroDayLab
|
|
2013-02-25
|
|
phpMyRecipes - Multiple HTML Injection Vulnerabilities
|
22 |
WEB
|
PDS
|
|
2013-03-01
|
|
Batavi - 'index.php' Cross-Site Scripting
|
22 |
WEB
|
Dognaedis
|
|
2013-02-25
|
|
WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities
|
22 |
WEB
|
Henri Salo
|
|
2013-02-20
|
|
ZeroClipboard 1.9.x - 'id' Cross-Site Scripting
|
22 |
WEB
|
MustLive
|
|
2013-02-21
|
|
OpenEMR - 'site' Cross-Site Scripting
|
22 |
WEB
|
Gjoko Krstic
|
|
2013-02-21
|
|
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
|
19 |
WEB
|
TheMirkin
|
|
2013-02-20
|
|
ZenPhoto - 'index.php' SQL Injection
|
20 |
WEB
|
HosseinNsn
|
|
2013-02-20
|
|
WordPress Plugin Pretty Link - Cross-Site Scripting
|
23 |
WEB
|
hiphop
|
|
2015-09-25
|
|
X2Engine 4.2 - Arbitrary File Upload
|
18 |
WEB
|
Portcullis
|
|
2013-02-19
|
|
CKEditor - 'posteddata.php' Cross-Site Scripting
|
15 |
WEB
|
AkaStep
|
|
2015-09-25
|
|
X2Engine 4.2 - Cross-Site Request Forgery
|
18 |
WEB
|
Portcullis
|
|
2013-02-19
|
|
Squirrelcart - 'table' Cross-Site Scripting
|
23 |
WEB
|
Gjoko Krstic
|
|
2013-02-18
|
|
MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities
|
20 |
WEB
|
Anastasios Monachos
|
|
2015-09-25
|
|
FortiManager 5.2.2 - Persistent Cross-Site Scripting
|
20 |
WEB
|
hyp3rlinx
|
|
2013-02-12
|
|
Sonar - Multiple Cross-Site Scripting Vulnerabilities
|
23 |
WEB
|
DevilTeam
|
|
2013-02-14
|
|
WordPress Plugin NextGEN Gallery - Full Path Disclosure
|
20 |
WEB
|
Henrique Montenegro
|
|
2013-02-12
|
|
BlackNova Traders - 'news.php' SQL Injection
|
22 |
WEB
|
ITTIHACK
|
|
2013-02-12
|
|
osCommerce - Cross-Site Request Forgery
|
21 |
WEB
|
Jakub Galczyk
|
|
2015-09-24
|
|
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
|
21 |
WEB
|
Filippo Roncari
|
|
2013-02-09
|
|
WordPress Theme Pinboard - 'tab' Cross-Site Scripting
|
22 |
WEB
|
Henrique Montenegro
|
|
2013-01-31
|
|
WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting
|
18 |
WEB
|
hiphop
|
|
2013-02-06
|
|
WordPress Plugin Wysija Newsletters - Multiple SQL Injections
|
17 |
WEB
|
High-Tech Bridge
|
|
2013-02-06
|
|
WordPress Plugin CommentLuv - '_ajax_nonce' Cross-Site Scripting
|
20 |
WEB
|
High-Tech Bridge
|
|
2013-02-06
|
|
ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Cross-Site Scripting Vulnerabilities
|
17 |
WEB
|
L0n3ly-H34rT
|
|
2013-02-06
|
|
ezStats2 - 'style.php' Local File Inclusion
|
19 |
WEB
|
L0n3ly-H34rT
|
|
2015-09-23
|
|
refbase 0.9.6 - Multiple Vulnerabilities
|
19 |
WEB
|
Mohab Ali
|
|
2013-02-04
|
|
EasyITSP - 'voicemail.php' Directory Traversal
|
17 |
WEB
|
Michal Blaszczak
|
|
2013-02-02
|
|
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
|
20 |
WEB
|
MustLive
|
|
2015-09-22
|
|
SAP NetWeaver < 7.01 - XML External Entity Injection
|
22 |
WEB
|
Lukasz Miedzinski
|
|
2015-09-22
|
|
Air Drive Plus 2.4 - Arbitrary File Upload
|
20 |
WEB
|
Vulnerability-Lab
|
|
2015-09-22
|
|
h5ai < 0.25.0 - Unrestricted Arbitrary File Upload
|
20 |
WEB
|
rTheory
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Authentication Bypass
|
23 |
WEB
|
Dawid Golunski
|
|
2013-01-24
|
|
WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting
|
23 |
WEB
|
hiphop
|
|
2013-01-25
|
|
iCart Pro - 'section' SQL Injection
|
22 |
WEB
|
n3tw0rk
|
|
2015-09-20
|
|
ADH-Web Server IP-Cameras - Multiple Vulnerabilities
|
19 |
WEB
|
Orwelllabs
|
|
2015-09-18
|
|
Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection
|
24 |
WEB
|
jsass
|
|
2013-01-25
|
|
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
|
22 |
WEB
|
AkaStep
|
|
2013-01-23
|
|
WordPress Theme Chocolate WP - Multiple Vulnerabilities
|
24 |
WEB
|
Eugene Dokukin
|
|
2013-01-23
|
|
gpEasy CMS - 'section' Cross-Site Scripting
|
19 |
WEB
|
High-Tech Bridge SA
|
|
2013-01-22
|
|
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
|
22 |
WEB
|
Christy Philip Mathew
|
|
2013-01-22
|
|
DigiLIBE - Execution-After-Redirect Information Disclosure
|
32 |
WEB
|
Robert Gilbert
|
|
2013-01-20
|
|
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
|
24 |
WEB
|
3spi0n
|
|
2013-01-17
|
|
IP.Gallery - 'img' SQL Injection
|
24 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-01-15
|
|
phpLiteAdmin - 'table' SQL Injection
|
31 |
WEB
|
KedAns-Dz
|
|
2015-09-17
|
|
ZeusCart 4.0 - SQL Injection
|
23 |
WEB
|
Curesec Research Team
|
|
2015-09-17
|
|
ZeusCart 4.0 - Cross-Site Request Forgery
|
20 |
WEB
|
Curesec Research Team
|
|
2015-09-16
|
|
FAROL - SQL Injection
|
22 |
WEB
|
Thierry Fernandes Faria
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution
|
20 |
WEB
|
Dawid Golunski
|
|
2013-01-10
|
|
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
|
20 |
WEB
|
Beni_Vanda
|
|
2013-01-09
|
|
Quick.CMS / Quick.Cart - Cross-Site Scripting
|
23 |
WEB
|
High-Tech Bridge
|
|
2013-01-09
|
|
Prizm Content Connect - Arbitrary File Upload
|
23 |
WEB
|
Include Security Research
|
|
2015-09-15
|
|
Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities
|
22 |
WEB
|
Security-Assessment.com
|
|
2015-09-15
|
|
Openfire 3.10.2 - Cross-Site Request Forgery
|
23 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
|
27 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Privilege Escalation
|
21 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Remote File Inclusion
|
21 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Unrestricted Arbitrary File Upload
|
29 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection
|
28 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2013-01-09
|
|
TinyBrowser - 'edit.php' Directory Listing
|
21 |
WEB
|
MustLive
|
