|
2015-09-23
|
|
refbase 0.9.6 - Multiple Vulnerabilities
|
4 |
WEB
|
Mohab Ali
|
|
2013-02-04
|
|
EasyITSP - 'voicemail.php' Directory Traversal
|
3 |
WEB
|
Michal Blaszczak
|
|
2013-02-02
|
|
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
|
4 |
WEB
|
MustLive
|
|
2015-09-22
|
|
SAP NetWeaver < 7.01 - XML External Entity Injection
|
4 |
WEB
|
Lukasz Miedzinski
|
|
2015-09-22
|
|
Air Drive Plus 2.4 - Arbitrary File Upload
|
3 |
WEB
|
Vulnerability-Lab
|
|
2015-09-22
|
|
h5ai < 0.25.0 - Unrestricted Arbitrary File Upload
|
4 |
WEB
|
rTheory
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Authentication Bypass
|
5 |
WEB
|
Dawid Golunski
|
|
2013-01-24
|
|
WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting
|
5 |
WEB
|
hiphop
|
|
2013-01-25
|
|
iCart Pro - 'section' SQL Injection
|
5 |
WEB
|
n3tw0rk
|
|
2015-09-20
|
|
ADH-Web Server IP-Cameras - Multiple Vulnerabilities
|
3 |
WEB
|
Orwelllabs
|
|
2015-09-18
|
|
Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection
|
3 |
WEB
|
jsass
|
|
2013-01-25
|
|
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
|
3 |
WEB
|
AkaStep
|
|
2013-01-23
|
|
WordPress Theme Chocolate WP - Multiple Vulnerabilities
|
4 |
WEB
|
Eugene Dokukin
|
|
2013-01-23
|
|
gpEasy CMS - 'section' Cross-Site Scripting
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2013-01-22
|
|
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
|
5 |
WEB
|
Christy Philip Mathew
|
|
2013-01-22
|
|
DigiLIBE - Execution-After-Redirect Information Disclosure
|
5 |
WEB
|
Robert Gilbert
|
|
2013-01-20
|
|
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
|
5 |
WEB
|
3spi0n
|
|
2013-01-17
|
|
IP.Gallery - 'img' SQL Injection
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-01-15
|
|
phpLiteAdmin - 'table' SQL Injection
|
5 |
WEB
|
KedAns-Dz
|
|
2015-09-17
|
|
ZeusCart 4.0 - SQL Injection
|
4 |
WEB
|
Curesec Research Team
|
|
2015-09-17
|
|
ZeusCart 4.0 - Cross-Site Request Forgery
|
3 |
WEB
|
Curesec Research Team
|
|
2015-09-16
|
|
FAROL - SQL Injection
|
4 |
WEB
|
Thierry Fernandes Faria
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution
|
3 |
WEB
|
Dawid Golunski
|
|
2013-01-10
|
|
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
|
3 |
WEB
|
Beni_Vanda
|
|
2013-01-09
|
|
Quick.CMS / Quick.Cart - Cross-Site Scripting
|
5 |
WEB
|
High-Tech Bridge
|
|
2013-01-09
|
|
Prizm Content Connect - Arbitrary File Upload
|
5 |
WEB
|
Include Security Research
|
|
2015-09-15
|
|
Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities
|
6 |
WEB
|
Security-Assessment.com
|
|
2015-09-15
|
|
Openfire 3.10.2 - Cross-Site Request Forgery
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Privilege Escalation
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Remote File Inclusion
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Unrestricted Arbitrary File Upload
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection
|
5 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2013-01-09
|
|
TinyBrowser - 'edit.php' Directory Listing
|
3 |
WEB
|
MustLive
|
|
2013-01-09
|
|
TinyBrowser - 'tinybrowser.php' Directory Listing
|
4 |
WEB
|
MustLive
|
|
2013-01-09
|
|
tinybrowser - 'type' Cross-Site Scripting
|
4 |
WEB
|
MustLive
|
|
2013-01-08
|
|
WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting
|
3 |
WEB
|
Am!r
|
|
2015-09-14
|
|
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
|
4 |
WEB
|
Felipe Molina
|
|
2015-09-14
|
|
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
|
4 |
WEB
|
xistence
|
|
2015-09-14
|
|
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
|
4 |
WEB
|
xistence
|
|
2013-01-08
|
|
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
|
5 |
WEB
|
Gjoko Krstic
|
|
2013-01-06
|
|
Havalite CMS - 'comment' HTML Injection
|
6 |
WEB
|
Henri Salo
|
|
2013-01-04
|
|
TomatoCart - 'json.php' Security Bypass
|
4 |
WEB
|
Aung Khant
|
|
2013-01-04
|
|
Multiple WordPress WPScientist Themes - Arbitrary File Upload
|
4 |
WEB
|
JingoBD
|
|
2012-12-31
|
|
WHMCS 5.0 - Insecure Cookie Authentication Bypass
|
4 |
WEB
|
Agd_Scorp
|
|
2013-01-03
|
|
WordPress Plugin Uploader - Arbitrary File Upload
|
4 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
osTicket - 'tickets.php?status' Cross-Site Scripting
|
4 |
WEB
|
AkaStep
|
|
2013-01-02
|
|
osTicket - 'l.php?url' Arbitrary Site Redirect
|
4 |
WEB
|
AkaStep
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
4 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
4 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
3 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload
|
4 |
WEB
|
Sammy FORGIT
|
|
2012-12-26
|
|
cPanel - 'dir' Cross-Site Scripting
|
4 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
WHM - 'filtername' Cross-Site Scripting
|
4 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Christy Philip Mathew
|
|
2012-12-27
|
|
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
|
4 |
WEB
|
Christy Philip Mathew
|
|
2013-01-08
|
|
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
|
5 |
WEB
|
AkaStep
|
|
2015-09-11
|
|
Monsta FTP 1.6.2 - Multiple Vulnerabilities
|
4 |
WEB
|
hyp3rlinx
|
|
2012-12-22
|
|
City Reviewer - 'search.php' Script SQL Injection
|
3 |
WEB
|
3spi0n
|
|
2012-12-24
|
|
cPanel - 'account' Cross-Site Scripting
|
3 |
WEB
|
Rafay Baloch
|
|
2012-12-24
|
|
Hero Framework - users/login 'Username' Cross-Site Scripting
|
4 |
WEB
|
Stefan Schurtz
|
|
2012-12-24
|
|
Hero Framework - 'search?q' Cross-Site Scripting
|
4 |
WEB
|
Stefan Schurtz
|
|
2012-12-21
|
|
VoipNow Service Provider Edition - Arbitrary Command Execution
|
5 |
WEB
|
i-Hmx
|
|
2012-12-18
|
|
MyBB Transactions Plugin - 'transaction' SQL Injection
|
4 |
WEB
|
limb0
|
|
2012-12-19
|
|
Joomla! Component com_bit - 'Controller' Local File Inclusion
|
3 |
WEB
|
Xr0b0t
|
|
2012-12-19
|
|
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
|
4 |
WEB
|
Xr0b0t
|
|
2012-12-17
|
|
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cro
|
4 |
WEB
|
MustLive
|
|
2012-12-13
|
|
PHP Address Book - 'group' Cross-Site Scripting
|
4 |
WEB
|
Kenneth F. Belva
|
|
2012-12-13
|
|
N-able N-central - Cross-Site Request Forgery
|
4 |
WEB
|
Cartel
|
|
2015-09-10
|
|
Octogate UTM 3.0.12 - Admin Interface Directory Traversal
|
4 |
WEB
|
Oliver Karow
|
|
2015-09-10
|
|
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
|
4 |
WEB
|
Han Sahin
|
|
2015-09-10
|
|
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load D
|
4 |
WEB
|
ylbhz
|
|
2015-09-09
|
|
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery
|
4 |
WEB
|
Aryan Bayaninejad
|
|
2015-09-09
|
|
Qlikview 11.20 SR11 - Blind XML External Entity Injection
|
4 |
WEB
|
Alex Haynes
|
|
2012-12-10
|
|
SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
|
4 |
WEB
|
tommccredie
|
|
2012-12-10
|
|
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge
|
|
2012-12-08
|
|
vBulletin ajaxReg Module - SQL Injection
|
4 |
WEB
|
Cold Zero
|
|
2012-12-07
|
|
FOOT Gestion - 'id' SQL Injection
|
4 |
WEB
|
Emmanuel Farcy
|
|
2012-12-07
|
|
WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure
|
4 |
WEB
|
Aditya Balapure
|
|
2015-09-08
|
|
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-09-08
|
|
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
|
3 |
WEB
|
Outlasted
|
|
2012-12-04
|
|
Sourcefabric Newscoop - 'f_email' SQL Injection
|
4 |
WEB
|
AkaStep
|
|
2012-12-04
|
|
WordPress Theme Nest - 'codigo' SQL Injection
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-12-30
|
|
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
|
4 |
WEB
|
Amirh03in
|
|
2012-12-01
|
|
TinyMCPUK - 'test' Cross-Site Scripting
|
5 |
WEB
|
eidelweiss
|
|
2015-09-07
|
|
JSPMySQL Administrador - Multiple Vulnerabilities
|
4 |
WEB
|
hyp3rlinx
|
|
2015-09-07
|
|
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
|
5 |
WEB
|
Elliott Lewis
|
|
2015-09-06
|
|
Elastix < 2.5 - PHP Code Injection
|
4 |
WEB
|
i-Hmx
|
|
2015-09-06
|
|
FireEye Appliance - Unauthorized File Disclosure
|
4 |
WEB
|
Kristian Erik Hermansen
|
|
2015-09-06
|
|
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
4 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2015-09-04
|
|
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
|
5 |
WEB
|
Ken Smith
|
|
2015-09-04
|
|
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
|
4 |
WEB
|
Vulnerability-Lab
|
|
2012-11-29
|
|
Elastix - 'page' Cross-Site Scripting
|
4 |
WEB
|
cheki
|
|
2012-11-29
|
|
WordPress Theme Toolbox - 'mls' SQL Injection
|
4 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-28
|
|
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
|
4 |
WEB
|
Ur0b0r0x
|
|
2015-09-02
|
|
Cerb 7.0.3 - Cross-Site Request Forgery
|
5 |
WEB
|
High-Tech Bridge SA
|
|
2015-09-02
|
|
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution
|
4 |
WEB
|
Phan Thanh Duy
|
|
2015-09-02
|
|
YesWiki 0.2 - 'squelette' Directory Traversal
|
4 |
WEB
|
HaHwul
|
|
2015-09-02
|
|
Mantis Bug Tracker 1.2.19 - Host Header
|
4 |
WEB
|
Pier-Luc Maltais
|
|
2015-09-02
|
|
Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass
|
4 |
WEB
|
Orwelllabs
|
|
2012-11-29
|
|
WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting
|
4 |
WEB
|
Aditya Balapure
|
|
2012-11-27
|
|
WordPress Theme CStar Design - 'id' SQL Injection
|
4 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
WordPress Theme Wp-ImageZoom - 'id' SQL Injection
|
4 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
Forescout CounterACT - 'a' Open Redirection
|
4 |
WEB
|
Joseph Sheridan
|
|
2012-11-24
|
|
Beat Websites - 'id' SQL Injection
|
4 |
WEB
|
Metropolis
|
|
2012-11-26
|
|
WordPress Plugin Ads Box - 'count' SQL Injection
|
5 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Theme Magazine Basic - 'id' SQL Injection
|
6 |
WEB
|
Novin hack
|
|
2015-09-01
|
|
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
|
4 |
WEB
|
smash
|
|
2015-09-01
|
|
Bedita 3.5.1 - Cross-Site Scripting
|
4 |
WEB
|
Sébastien Morin
|
|
2012-11-22
|
|
WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload
|
7 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Plugin Plg Novana - 'id' SQL Injection
|
4 |
WEB
|
sil3nt
|
|
2012-11-22
|
|
WordPress Plugin Webplayer - 'id' SQL Injection
|
4 |
WEB
|
Novin hack
|
|
2012-11-22
|
|
WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload
|
4 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-21
|
|
XiVO - Cross-Site Request Forgery
|
5 |
WEB
|
Francis Provencher
|
|
2012-11-21
|
|
Feng Office - Security Bypass / HTML Injection
|
4 |
WEB
|
Ur0b0r0x
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple SQL Injections
|
4 |
WEB
|
High-Tech Bridge
|
|
2012-11-20
|
|
WordPress Theme Madebymilk - 'id' SQL Injection
|
4 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-16
|
|
ATutor 2.1 - 'tool_file' Local File Inclusion
|
5 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-20
|
|
openSIS 5.1 - 'ajax.php' Local File Inclusion
|
3 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-16
|
|
Open-Realty 2.5.8 - Cross-Site Request Forgery
|
3 |
WEB
|
Aung Khant
|
|
2015-08-31
|
|
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
|
4 |
WEB
|
Dharmendra Kumar Singh
|
|
2015-08-31
|
|
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
|
4 |
WEB
|
Andrei Costin
|
|
2015-08-31
|
|
Edimax PS-1206MF - Web Admin Authentication Bypass
|
4 |
WEB
|
smash
|
|
2015-08-31
|
|
PhpWiki 1.5.4 - Multiple Vulnerabilities
|
4 |
WEB
|
smash
|
