|
2013-03-11
|
|
Privoxy Proxy - Authentication Information Disclosure
|
13 |
WEB
|
Chris John Riley
|
|
2013-03-11
|
|
WordPress Plugin podPress - 'playerID' Cross-Site Scripting
|
15 |
WEB
|
hiphop
|
|
2013-03-10
|
|
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
|
11 |
WEB
|
Manuel García Cárdenas
|
|
2013-03-10
|
|
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
MustLive
|
|
2013-03-08
|
|
WordPress Plugin Terillion Reviews - Profile Id HTML Injection
|
14 |
WEB
|
Aditya Balapure
|
|
2013-03-01
|
|
Question2Answer - Cross-Site Request Forgery
|
14 |
WEB
|
MustLive
|
|
2015-10-01
|
|
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
|
16 |
WEB
|
neom22
|
|
2013-03-08
|
|
Your Own Classifieds - Cross-Site Scripting
|
12 |
WEB
|
Rafay Baloch
|
|
2013-02-06
|
|
Verax NMS - Multiple Method Authentication Bypass
|
12 |
WEB
|
Andrew Brooks
|
|
2013-02-23
|
|
File Manager - HTML Injection / Local File Inclusion
|
15 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-03-05
|
|
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
|
13 |
WEB
|
alejandr0.m0f0
|
|
2013-03-04
|
|
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
|
10 |
WEB
|
Julien Ahrens
|
|
2013-03-01
|
|
WordPress Plugin Uploader - 'blog' Cross-Site Scripting
|
16 |
WEB
|
CodeV
|
|
2013-03-02
|
|
Plogger - Multiple Input Validation Vulnerabilities
|
14 |
WEB
|
Saadat Ullah
|
|
2015-09-29
|
|
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
|
18 |
WEB
|
Pedro Ribeiro
|
|
2015-09-29
|
|
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
|
13 |
WEB
|
absane
|
|
2015-09-28
|
|
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
|
17 |
WEB
|
Benjamin Daniel Mussler
|
|
2015-09-28
|
|
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload
|
11 |
WEB
|
Vulnerability-Lab
|
|
2015-09-28
|
|
My.WiFi USB Drive 1.0 iOS - Local File Inclusion
|
15 |
WEB
|
Vulnerability-Lab
|
|
2015-09-28
|
|
Centreon 2.6.1 - Multiple Vulnerabilities
|
16 |
WEB
|
LiquidWorm
|
|
2015-09-28
|
|
Mango Automation 2.6.0 - Multiple Vulnerabilities
|
10 |
WEB
|
LiquidWorm
|
|
2013-02-27
|
|
Geeklog - Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge
|
|
2013-02-26
|
|
JForum - 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
ZeroDayLab
|
|
2013-02-25
|
|
phpMyRecipes - Multiple HTML Injection Vulnerabilities
|
15 |
WEB
|
PDS
|
|
2013-03-01
|
|
Batavi - 'index.php' Cross-Site Scripting
|
11 |
WEB
|
Dognaedis
|
|
2013-02-25
|
|
WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities
|
15 |
WEB
|
Henri Salo
|
|
2013-02-20
|
|
ZeroClipboard 1.9.x - 'id' Cross-Site Scripting
|
16 |
WEB
|
MustLive
|
|
2013-02-21
|
|
OpenEMR - 'site' Cross-Site Scripting
|
16 |
WEB
|
Gjoko Krstic
|
|
2013-02-21
|
|
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
|
15 |
WEB
|
TheMirkin
|
|
2013-02-20
|
|
ZenPhoto - 'index.php' SQL Injection
|
13 |
WEB
|
HosseinNsn
|
|
2013-02-20
|
|
WordPress Plugin Pretty Link - Cross-Site Scripting
|
18 |
WEB
|
hiphop
|
|
2015-09-25
|
|
X2Engine 4.2 - Arbitrary File Upload
|
13 |
WEB
|
Portcullis
|
|
2013-02-19
|
|
CKEditor - 'posteddata.php' Cross-Site Scripting
|
11 |
WEB
|
AkaStep
|
|
2015-09-25
|
|
X2Engine 4.2 - Cross-Site Request Forgery
|
13 |
WEB
|
Portcullis
|
|
2013-02-19
|
|
Squirrelcart - 'table' Cross-Site Scripting
|
16 |
WEB
|
Gjoko Krstic
|
|
2013-02-18
|
|
MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
Anastasios Monachos
|
|
2015-09-25
|
|
FortiManager 5.2.2 - Persistent Cross-Site Scripting
|
14 |
WEB
|
hyp3rlinx
|
|
2013-02-12
|
|
Sonar - Multiple Cross-Site Scripting Vulnerabilities
|
12 |
WEB
|
DevilTeam
|
|
2013-02-14
|
|
WordPress Plugin NextGEN Gallery - Full Path Disclosure
|
16 |
WEB
|
Henrique Montenegro
|
|
2013-02-12
|
|
BlackNova Traders - 'news.php' SQL Injection
|
19 |
WEB
|
ITTIHACK
|
|
2013-02-12
|
|
osCommerce - Cross-Site Request Forgery
|
17 |
WEB
|
Jakub Galczyk
|
|
2015-09-24
|
|
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
|
12 |
WEB
|
Filippo Roncari
|
|
2013-02-09
|
|
WordPress Theme Pinboard - 'tab' Cross-Site Scripting
|
18 |
WEB
|
Henrique Montenegro
|
|
2013-01-31
|
|
WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting
|
13 |
WEB
|
hiphop
|
|
2013-02-06
|
|
WordPress Plugin Wysija Newsletters - Multiple SQL Injections
|
12 |
WEB
|
High-Tech Bridge
|
|
2013-02-06
|
|
WordPress Plugin CommentLuv - '_ajax_nonce' Cross-Site Scripting
|
13 |
WEB
|
High-Tech Bridge
|
|
2013-02-06
|
|
ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Cross-Site Scripting Vulnerabilities
|
13 |
WEB
|
L0n3ly-H34rT
|
|
2013-02-06
|
|
ezStats2 - 'style.php' Local File Inclusion
|
13 |
WEB
|
L0n3ly-H34rT
|
|
2015-09-23
|
|
refbase 0.9.6 - Multiple Vulnerabilities
|
13 |
WEB
|
Mohab Ali
|
|
2013-02-04
|
|
EasyITSP - 'voicemail.php' Directory Traversal
|
10 |
WEB
|
Michal Blaszczak
|
|
2013-02-02
|
|
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
|
12 |
WEB
|
MustLive
|
|
2015-09-22
|
|
SAP NetWeaver < 7.01 - XML External Entity Injection
|
15 |
WEB
|
Lukasz Miedzinski
|
|
2015-09-22
|
|
Air Drive Plus 2.4 - Arbitrary File Upload
|
12 |
WEB
|
Vulnerability-Lab
|
|
2015-09-22
|
|
h5ai < 0.25.0 - Unrestricted Arbitrary File Upload
|
14 |
WEB
|
rTheory
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Authentication Bypass
|
16 |
WEB
|
Dawid Golunski
|
|
2013-01-24
|
|
WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting
|
14 |
WEB
|
hiphop
|
|
2013-01-25
|
|
iCart Pro - 'section' SQL Injection
|
17 |
WEB
|
n3tw0rk
|
|
2015-09-20
|
|
ADH-Web Server IP-Cameras - Multiple Vulnerabilities
|
13 |
WEB
|
Orwelllabs
|
|
2015-09-18
|
|
Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection
|
15 |
WEB
|
jsass
|
|
2013-01-25
|
|
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
|
17 |
WEB
|
AkaStep
|
|
2013-01-23
|
|
WordPress Theme Chocolate WP - Multiple Vulnerabilities
|
18 |
WEB
|
Eugene Dokukin
|
|
2013-01-23
|
|
gpEasy CMS - 'section' Cross-Site Scripting
|
14 |
WEB
|
High-Tech Bridge SA
|
|
2013-01-22
|
|
Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
|
18 |
WEB
|
Christy Philip Mathew
|
|
2013-01-22
|
|
DigiLIBE - Execution-After-Redirect Information Disclosure
|
21 |
WEB
|
Robert Gilbert
|
|
2013-01-20
|
|
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
|
16 |
WEB
|
3spi0n
|
|
2013-01-17
|
|
IP.Gallery - 'img' SQL Injection
|
19 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-01-15
|
|
phpLiteAdmin - 'table' SQL Injection
|
21 |
WEB
|
KedAns-Dz
|
|
2015-09-17
|
|
ZeusCart 4.0 - SQL Injection
|
18 |
WEB
|
Curesec Research Team
|
|
2015-09-17
|
|
ZeusCart 4.0 - Cross-Site Request Forgery
|
14 |
WEB
|
Curesec Research Team
|
|
2015-09-16
|
|
FAROL - SQL Injection
|
14 |
WEB
|
Thierry Fernandes Faria
|
|
2015-09-22
|
|
Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution
|
15 |
WEB
|
Dawid Golunski
|
|
2013-01-10
|
|
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
|
15 |
WEB
|
Beni_Vanda
|
|
2013-01-09
|
|
Quick.CMS / Quick.Cart - Cross-Site Scripting
|
17 |
WEB
|
High-Tech Bridge
|
|
2013-01-09
|
|
Prizm Content Connect - Arbitrary File Upload
|
16 |
WEB
|
Include Security Research
|
|
2015-09-15
|
|
Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities
|
17 |
WEB
|
Security-Assessment.com
|
|
2015-09-15
|
|
Openfire 3.10.2 - Cross-Site Request Forgery
|
17 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities
|
18 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Privilege Escalation
|
13 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Remote File Inclusion
|
15 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
Openfire 3.10.2 - Unrestricted Arbitrary File Upload
|
23 |
WEB
|
hyp3rlinx
|
|
2015-09-15
|
|
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection
|
18 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2013-01-09
|
|
TinyBrowser - 'edit.php' Directory Listing
|
17 |
WEB
|
MustLive
|
|
2013-01-09
|
|
TinyBrowser - 'tinybrowser.php' Directory Listing
|
16 |
WEB
|
MustLive
|
|
2013-01-09
|
|
tinybrowser - 'type' Cross-Site Scripting
|
16 |
WEB
|
MustLive
|
|
2013-01-08
|
|
WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting
|
18 |
WEB
|
Am!r
|
|
2015-09-14
|
|
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
|
15 |
WEB
|
Felipe Molina
|
|
2015-09-14
|
|
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
|
14 |
WEB
|
xistence
|
|
2015-09-14
|
|
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
|
19 |
WEB
|
xistence
|
|
2013-01-08
|
|
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
|
15 |
WEB
|
Gjoko Krstic
|
|
2013-01-06
|
|
Havalite CMS - 'comment' HTML Injection
|
15 |
WEB
|
Henri Salo
|
|
2013-01-04
|
|
TomatoCart - 'json.php' Security Bypass
|
12 |
WEB
|
Aung Khant
|
|
2013-01-04
|
|
Multiple WordPress WPScientist Themes - Arbitrary File Upload
|
15 |
WEB
|
JingoBD
|
|
2012-12-31
|
|
WHMCS 5.0 - Insecure Cookie Authentication Bypass
|
12 |
WEB
|
Agd_Scorp
|
|
2013-01-03
|
|
WordPress Plugin Uploader - Arbitrary File Upload
|
16 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
osTicket - 'tickets.php?status' Cross-Site Scripting
|
15 |
WEB
|
AkaStep
|
|
2013-01-02
|
|
osTicket - 'l.php?url' Arbitrary Site Redirect
|
18 |
WEB
|
AkaStep
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
15 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
17 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
14 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload
|
19 |
WEB
|
Sammy FORGIT
|
|
2012-12-26
|
|
cPanel - 'dir' Cross-Site Scripting
|
13 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
WHM - 'filtername' Cross-Site Scripting
|
16 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
|
13 |
WEB
|
Christy Philip Mathew
|
|
2012-12-27
|
|
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
|
12 |
WEB
|
Christy Philip Mathew
|
|
2013-01-08
|
|
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
|
18 |
WEB
|
AkaStep
|
|
2015-09-11
|
|
Monsta FTP 1.6.2 - Multiple Vulnerabilities
|
19 |
WEB
|
hyp3rlinx
|
|
2012-12-22
|
|
City Reviewer - 'search.php' Script SQL Injection
|
15 |
WEB
|
3spi0n
|
|
2012-12-24
|
|
cPanel - 'account' Cross-Site Scripting
|
14 |
WEB
|
Rafay Baloch
|
|
2012-12-24
|
|
Hero Framework - users/login 'Username' Cross-Site Scripting
|
21 |
WEB
|
Stefan Schurtz
|
|
2012-12-24
|
|
Hero Framework - 'search?q' Cross-Site Scripting
|
20 |
WEB
|
Stefan Schurtz
|
|
2012-12-21
|
|
VoipNow Service Provider Edition - Arbitrary Command Execution
|
16 |
WEB
|
i-Hmx
|
|
2012-12-18
|
|
MyBB Transactions Plugin - 'transaction' SQL Injection
|
23 |
WEB
|
limb0
|
|
2012-12-19
|
|
Joomla! Component com_bit - 'Controller' Local File Inclusion
|
17 |
WEB
|
Xr0b0t
|
|
2012-12-19
|
|
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
|
18 |
WEB
|
Xr0b0t
|
|
2012-12-17
|
|
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cro
|
15 |
WEB
|
MustLive
|
|
2012-12-13
|
|
PHP Address Book - 'group' Cross-Site Scripting
|
14 |
WEB
|
Kenneth F. Belva
|
|
2012-12-13
|
|
N-able N-central - Cross-Site Request Forgery
|
14 |
WEB
|
Cartel
|
|
2015-09-10
|
|
Octogate UTM 3.0.12 - Admin Interface Directory Traversal
|
16 |
WEB
|
Oliver Karow
|
|
2015-09-10
|
|
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
|
12 |
WEB
|
Han Sahin
|
|
2015-09-10
|
|
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load D
|
18 |
WEB
|
ylbhz
|
|
2015-09-09
|
|
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery
|
16 |
WEB
|
Aryan Bayaninejad
|
|
2015-09-09
|
|
Qlikview 11.20 SR11 - Blind XML External Entity Injection
|
16 |
WEB
|
Alex Haynes
|
|
2012-12-10
|
|
SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
|
18 |
WEB
|
tommccredie
|
|
2012-12-10
|
|
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
|
18 |
WEB
|
High-Tech Bridge
|
|
2012-12-08
|
|
vBulletin ajaxReg Module - SQL Injection
|
17 |
WEB
|
Cold Zero
|
