|
2013-01-09
|
|
TinyBrowser - 'tinybrowser.php' Directory Listing
|
19 |
WEB
|
MustLive
|
|
2013-01-09
|
|
tinybrowser - 'type' Cross-Site Scripting
|
19 |
WEB
|
MustLive
|
|
2013-01-08
|
|
WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting
|
28 |
WEB
|
Am!r
|
|
2015-09-14
|
|
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
|
22 |
WEB
|
Felipe Molina
|
|
2015-09-14
|
|
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
|
18 |
WEB
|
xistence
|
|
2015-09-14
|
|
ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
|
22 |
WEB
|
xistence
|
|
2013-01-08
|
|
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
|
19 |
WEB
|
Gjoko Krstic
|
|
2013-01-06
|
|
Havalite CMS - 'comment' HTML Injection
|
26 |
WEB
|
Henri Salo
|
|
2013-01-04
|
|
TomatoCart - 'json.php' Security Bypass
|
17 |
WEB
|
Aung Khant
|
|
2013-01-04
|
|
Multiple WordPress WPScientist Themes - Arbitrary File Upload
|
18 |
WEB
|
JingoBD
|
|
2012-12-31
|
|
WHMCS 5.0 - Insecure Cookie Authentication Bypass
|
17 |
WEB
|
Agd_Scorp
|
|
2013-01-03
|
|
WordPress Plugin Uploader - Arbitrary File Upload
|
19 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
osTicket - 'tickets.php?status' Cross-Site Scripting
|
20 |
WEB
|
AkaStep
|
|
2013-01-02
|
|
osTicket - 'l.php?url' Arbitrary Site Redirect
|
22 |
WEB
|
AkaStep
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
21 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
21 |
WEB
|
Sammy FORGIT
|
|
2013-01-01
|
|
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/admi
|
19 |
WEB
|
Sammy FORGIT
|
|
2013-01-02
|
|
WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload
|
25 |
WEB
|
Sammy FORGIT
|
|
2012-12-26
|
|
cPanel - 'dir' Cross-Site Scripting
|
21 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
WHM - 'filtername' Cross-Site Scripting
|
22 |
WEB
|
Rafay Baloch
|
|
2012-12-27
|
|
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
|
17 |
WEB
|
Christy Philip Mathew
|
|
2012-12-27
|
|
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
|
17 |
WEB
|
Christy Philip Mathew
|
|
2013-01-08
|
|
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure
|
22 |
WEB
|
AkaStep
|
|
2015-09-11
|
|
Monsta FTP 1.6.2 - Multiple Vulnerabilities
|
24 |
WEB
|
hyp3rlinx
|
|
2012-12-22
|
|
City Reviewer - 'search.php' Script SQL Injection
|
21 |
WEB
|
3spi0n
|
|
2012-12-24
|
|
cPanel - 'account' Cross-Site Scripting
|
22 |
WEB
|
Rafay Baloch
|
|
2012-12-24
|
|
Hero Framework - users/login 'Username' Cross-Site Scripting
|
27 |
WEB
|
Stefan Schurtz
|
|
2012-12-24
|
|
Hero Framework - 'search?q' Cross-Site Scripting
|
30 |
WEB
|
Stefan Schurtz
|
|
2012-12-21
|
|
VoipNow Service Provider Edition - Arbitrary Command Execution
|
26 |
WEB
|
i-Hmx
|
|
2012-12-18
|
|
MyBB Transactions Plugin - 'transaction' SQL Injection
|
27 |
WEB
|
limb0
|
|
2012-12-19
|
|
Joomla! Component com_bit - 'Controller' Local File Inclusion
|
25 |
WEB
|
Xr0b0t
|
|
2012-12-19
|
|
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
|
24 |
WEB
|
Xr0b0t
|
|
2012-12-17
|
|
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cro
|
21 |
WEB
|
MustLive
|
|
2012-12-13
|
|
PHP Address Book - 'group' Cross-Site Scripting
|
20 |
WEB
|
Kenneth F. Belva
|
|
2012-12-13
|
|
N-able N-central - Cross-Site Request Forgery
|
19 |
WEB
|
Cartel
|
|
2015-09-10
|
|
Octogate UTM 3.0.12 - Admin Interface Directory Traversal
|
23 |
WEB
|
Oliver Karow
|
|
2015-09-10
|
|
Synology Video Station 1.5-0757 - Multiple Vulnerabilities
|
20 |
WEB
|
Han Sahin
|
|
2015-09-10
|
|
PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load D
|
26 |
WEB
|
ylbhz
|
|
2015-09-09
|
|
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery
|
21 |
WEB
|
Aryan Bayaninejad
|
|
2015-09-09
|
|
Qlikview 11.20 SR11 - Blind XML External Entity Injection
|
22 |
WEB
|
Alex Haynes
|
|
2012-12-10
|
|
SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
|
23 |
WEB
|
tommccredie
|
|
2012-12-10
|
|
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
|
21 |
WEB
|
High-Tech Bridge
|
|
2012-12-08
|
|
vBulletin ajaxReg Module - SQL Injection
|
21 |
WEB
|
Cold Zero
|
|
2012-12-07
|
|
FOOT Gestion - 'id' SQL Injection
|
20 |
WEB
|
Emmanuel Farcy
|
|
2012-12-07
|
|
WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure
|
20 |
WEB
|
Aditya Balapure
|
|
2015-09-08
|
|
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
|
25 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-09-08
|
|
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
|
23 |
WEB
|
Outlasted
|
|
2012-12-04
|
|
Sourcefabric Newscoop - 'f_email' SQL Injection
|
17 |
WEB
|
AkaStep
|
|
2012-12-04
|
|
WordPress Theme Nest - 'codigo' SQL Injection
|
22 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-12-30
|
|
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
|
24 |
WEB
|
Amirh03in
|
|
2012-12-01
|
|
TinyMCPUK - 'test' Cross-Site Scripting
|
29 |
WEB
|
eidelweiss
|
|
2015-09-07
|
|
JSPMySQL Administrador - Multiple Vulnerabilities
|
21 |
WEB
|
hyp3rlinx
|
|
2015-09-07
|
|
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
|
22 |
WEB
|
Elliott Lewis
|
|
2015-09-06
|
|
Elastix < 2.5 - PHP Code Injection
|
22 |
WEB
|
i-Hmx
|
|
2015-09-06
|
|
FireEye Appliance - Unauthorized File Disclosure
|
22 |
WEB
|
Kristian Erik Hermansen
|
|
2015-09-06
|
|
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
21 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2015-09-04
|
|
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
|
26 |
WEB
|
Ken Smith
|
|
2015-09-04
|
|
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
|
24 |
WEB
|
Vulnerability-Lab
|
|
2012-11-29
|
|
Elastix - 'page' Cross-Site Scripting
|
26 |
WEB
|
cheki
|
|
2012-11-29
|
|
WordPress Theme Toolbox - 'mls' SQL Injection
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-28
|
|
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
|
21 |
WEB
|
Ur0b0r0x
|
|
2015-09-02
|
|
Cerb 7.0.3 - Cross-Site Request Forgery
|
23 |
WEB
|
High-Tech Bridge SA
|
|
2015-09-02
|
|
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution
|
27 |
WEB
|
Phan Thanh Duy
|
|
2015-09-02
|
|
YesWiki 0.2 - 'squelette' Directory Traversal
|
18 |
WEB
|
HaHwul
|
|
2015-09-02
|
|
Mantis Bug Tracker 1.2.19 - Host Header
|
19 |
WEB
|
Pier-Luc Maltais
|
|
2015-09-02
|
|
Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass
|
20 |
WEB
|
Orwelllabs
|
|
2012-11-29
|
|
WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting
|
23 |
WEB
|
Aditya Balapure
|
|
2012-11-27
|
|
WordPress Theme CStar Design - 'id' SQL Injection
|
24 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
WordPress Theme Wp-ImageZoom - 'id' SQL Injection
|
24 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
Forescout CounterACT - 'a' Open Redirection
|
20 |
WEB
|
Joseph Sheridan
|
|
2012-11-24
|
|
Beat Websites - 'id' SQL Injection
|
20 |
WEB
|
Metropolis
|
|
2012-11-26
|
|
WordPress Plugin Ads Box - 'count' SQL Injection
|
19 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Theme Magazine Basic - 'id' SQL Injection
|
27 |
WEB
|
Novin hack
|
|
2015-09-01
|
|
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
|
28 |
WEB
|
smash
|
|
2015-09-01
|
|
Bedita 3.5.1 - Cross-Site Scripting
|
19 |
WEB
|
Sébastien Morin
|
|
2012-11-22
|
|
WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload
|
25 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Plugin Plg Novana - 'id' SQL Injection
|
21 |
WEB
|
sil3nt
|
|
2012-11-22
|
|
WordPress Plugin Webplayer - 'id' SQL Injection
|
25 |
WEB
|
Novin hack
|
|
2012-11-22
|
|
WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload
|
22 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-21
|
|
XiVO - Cross-Site Request Forgery
|
24 |
WEB
|
Francis Provencher
|
|
2012-11-21
|
|
Feng Office - Security Bypass / HTML Injection
|
22 |
WEB
|
Ur0b0r0x
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
18 |
WEB
|
High-Tech Bridge
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple SQL Injections
|
20 |
WEB
|
High-Tech Bridge
|
|
2012-11-20
|
|
WordPress Theme Madebymilk - 'id' SQL Injection
|
19 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-16
|
|
ATutor 2.1 - 'tool_file' Local File Inclusion
|
21 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-20
|
|
openSIS 5.1 - 'ajax.php' Local File Inclusion
|
16 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-16
|
|
Open-Realty 2.5.8 - Cross-Site Request Forgery
|
19 |
WEB
|
Aung Khant
|
|
2015-08-31
|
|
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
|
21 |
WEB
|
Dharmendra Kumar Singh
|
|
2015-08-31
|
|
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
|
18 |
WEB
|
Andrei Costin
|
|
2015-08-31
|
|
Edimax PS-1206MF - Web Admin Authentication Bypass
|
21 |
WEB
|
smash
|
|
2015-08-31
|
|
PhpWiki 1.5.4 - Multiple Vulnerabilities
|
24 |
WEB
|
smash
|
|
2012-11-16
|
|
Friends in War The FAQ Manager - 'question' SQL Injection
|
18 |
WEB
|
unsuprise
|
|
2012-11-19
|
|
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
|
22 |
WEB
|
HaCkeR_EgY
|
|
2012-07-19
|
|
WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
|
21 |
WEB
|
Tushar Dalvi
|
|
2012-11-16
|
|
WordPress Plugin Tagged Albums - 'id' SQL Injection
|
23 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-16
|
|
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Plugin Eco-annu - 'eid' SQL Injection
|
35 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Plugin PHP Event Calendar - 'cid' SQL Injection
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Theme Kakao - 'ID' SQL Injection
|
30 |
WEB
|
sil3nt
|
|
2012-11-09
|
|
ESRI ArcGIS for Server - 'where' SQL Injection
|
27 |
WEB
|
anonymous
|
|
2012-11-08
|
|
AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation
|
31 |
WEB
|
Sooel Son
|
|
2012-11-07
|
|
WordPress Plugin FLV Player - 'id' SQL Injection
|
31 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-07
|
|
OrangeHRM - 'sortField' SQL Injection
|
28 |
WEB
|
High-Tech Bridge
|
|
2012-11-06
|
|
VeriCentre - Multiple SQL Injections
|
31 |
WEB
|
Cory Eubanks
|
|
2012-11-04
|
|
AWAuctionScript CMS - Multiple Remote Vulnerabilities
|
29 |
WEB
|
X-Cisadane
|
|
2012-11-03
|
|
Joomla! Component Parcoauto - 'idVeicolo' SQL Injection
|
23 |
WEB
|
Andrea Bocchetti
|
|
2012-11-02
|
|
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
|
23 |
WEB
|
r45c4l
|
|
2012-10-31
|
|
BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
|
26 |
WEB
|
Canberk BOLAT
|
|
2015-08-29
|
|
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
|
25 |
WEB
|
Shad Malloy
|
|
2015-08-28
|
|
Pluck CMS 4.7.3 - Multiple Vulnerabilities
|
27 |
WEB
|
smash
|
|
2015-08-28
|
|
Wolf CMS - Arbitrary File Upload / Execution
|
21 |
WEB
|
Narendra Bhati
|
|
2015-08-28
|
|
Jenkins 1.626 - Cross-Site Request Forgery / Code Execution
|
20 |
WEB
|
smash
|
|
2015-08-28
|
|
WordPress Plugin Responsive Thumbnail Slider 1.0 - Arbitrary File Upload
|
22 |
WEB
|
Arash Khazaei
|
|
2012-10-31
|
|
SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
|
21 |
WEB
|
Anthony Trummer
|
|
2012-10-31
|
|
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities
|
22 |
WEB
|
Security Effect Team
|
|
2012-10-30
|
|
Joomla! Component com_quiz - SQL Injection
|
19 |
WEB
|
Daniel Barragan
|
|
2012-10-28
|
|
CorePlayer - 'callback' Cross-Site Scripting
|
22 |
WEB
|
MustLive
|
|
2012-10-16
|
|
WANem - Multiple Cross-Site Scripting Vulnerabilities
|
24 |
WEB
|
Brendan Coles
|
|
2015-08-27
|
|
Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting
|
20 |
WEB
|
snop
|
|
2012-10-26
|
|
EasyITSP - 'customers_edit.php' Authentication Bypass
|
18 |
WEB
|
Michal Blaszczak
|
|
2012-10-29
|
|
TP-Link TL-WR841N Router - Local File Inclusion
|
19 |
WEB
|
Matan Azugi
|
|
2012-10-26
|
|
VicBlog - Multiple SQL Injections
|
20 |
WEB
|
Geek
|
|
2012-10-25
|
|
Gramophone - 'rs' Cross-Site Scripting
|
17 |
WEB
|
G13
|
|
2015-08-26
|
|
Magento eCommerce - Remote Code Execution
|
20 |
WEB
|
Manish Tanwar
|
|
2012-10-26
|
|
Inventory - Multiple Cross-Site Scripting / SQL Injections
|
19 |
WEB
|
G13
|
