|
2012-12-04
|
|
WordPress Theme Nest - 'codigo' SQL Injection
|
12 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-12-30
|
|
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
|
13 |
WEB
|
Amirh03in
|
|
2012-12-01
|
|
TinyMCPUK - 'test' Cross-Site Scripting
|
17 |
WEB
|
eidelweiss
|
|
2015-09-07
|
|
JSPMySQL Administrador - Multiple Vulnerabilities
|
14 |
WEB
|
hyp3rlinx
|
|
2015-09-07
|
|
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
|
15 |
WEB
|
Elliott Lewis
|
|
2015-09-06
|
|
Elastix < 2.5 - PHP Code Injection
|
14 |
WEB
|
i-Hmx
|
|
2015-09-06
|
|
FireEye Appliance - Unauthorized File Disclosure
|
16 |
WEB
|
Kristian Erik Hermansen
|
|
2015-09-06
|
|
WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
12 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2015-09-04
|
|
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
|
18 |
WEB
|
Ken Smith
|
|
2015-09-04
|
|
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
|
17 |
WEB
|
Vulnerability-Lab
|
|
2012-11-29
|
|
Elastix - 'page' Cross-Site Scripting
|
19 |
WEB
|
cheki
|
|
2012-11-29
|
|
WordPress Theme Toolbox - 'mls' SQL Injection
|
14 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-28
|
|
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
|
14 |
WEB
|
Ur0b0r0x
|
|
2015-09-02
|
|
Cerb 7.0.3 - Cross-Site Request Forgery
|
13 |
WEB
|
High-Tech Bridge SA
|
|
2015-09-02
|
|
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution
|
14 |
WEB
|
Phan Thanh Duy
|
|
2015-09-02
|
|
YesWiki 0.2 - 'squelette' Directory Traversal
|
11 |
WEB
|
HaHwul
|
|
2015-09-02
|
|
Mantis Bug Tracker 1.2.19 - Host Header
|
11 |
WEB
|
Pier-Luc Maltais
|
|
2015-09-02
|
|
Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass
|
13 |
WEB
|
Orwelllabs
|
|
2012-11-29
|
|
WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting
|
14 |
WEB
|
Aditya Balapure
|
|
2012-11-27
|
|
WordPress Theme CStar Design - 'id' SQL Injection
|
16 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
WordPress Theme Wp-ImageZoom - 'id' SQL Injection
|
14 |
WEB
|
Amirh03in
|
|
2012-11-26
|
|
Forescout CounterACT - 'a' Open Redirection
|
13 |
WEB
|
Joseph Sheridan
|
|
2012-11-24
|
|
Beat Websites - 'id' SQL Injection
|
13 |
WEB
|
Metropolis
|
|
2012-11-26
|
|
WordPress Plugin Ads Box - 'count' SQL Injection
|
14 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Theme Magazine Basic - 'id' SQL Injection
|
19 |
WEB
|
Novin hack
|
|
2015-09-01
|
|
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
|
14 |
WEB
|
smash
|
|
2015-09-01
|
|
Bedita 3.5.1 - Cross-Site Scripting
|
13 |
WEB
|
Sébastien Morin
|
|
2012-11-22
|
|
WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload
|
18 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-22
|
|
WordPress Plugin Plg Novana - 'id' SQL Injection
|
14 |
WEB
|
sil3nt
|
|
2012-11-22
|
|
WordPress Plugin Webplayer - 'id' SQL Injection
|
13 |
WEB
|
Novin hack
|
|
2012-11-22
|
|
WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload
|
13 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-21
|
|
XiVO - Cross-Site Request Forgery
|
14 |
WEB
|
Francis Provencher
|
|
2012-11-21
|
|
Feng Office - Security Bypass / HTML Injection
|
12 |
WEB
|
Ur0b0r0x
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge
|
|
2012-11-21
|
|
dotProject 2.1.x - 'index.php' Multiple SQL Injections
|
14 |
WEB
|
High-Tech Bridge
|
|
2012-11-20
|
|
WordPress Theme Madebymilk - 'id' SQL Injection
|
12 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-16
|
|
ATutor 2.1 - 'tool_file' Local File Inclusion
|
11 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-20
|
|
openSIS 5.1 - 'ajax.php' Local File Inclusion
|
10 |
WEB
|
Julian Horoszkiewicz
|
|
2012-11-16
|
|
Open-Realty 2.5.8 - Cross-Site Request Forgery
|
11 |
WEB
|
Aung Khant
|
|
2015-08-31
|
|
Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
|
14 |
WEB
|
Dharmendra Kumar Singh
|
|
2015-08-31
|
|
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
|
12 |
WEB
|
Andrei Costin
|
|
2015-08-31
|
|
Edimax PS-1206MF - Web Admin Authentication Bypass
|
13 |
WEB
|
smash
|
|
2015-08-31
|
|
PhpWiki 1.5.4 - Multiple Vulnerabilities
|
16 |
WEB
|
smash
|
|
2012-11-16
|
|
Friends in War The FAQ Manager - 'question' SQL Injection
|
11 |
WEB
|
unsuprise
|
|
2012-11-19
|
|
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
|
10 |
WEB
|
HaCkeR_EgY
|
|
2012-07-19
|
|
WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
|
13 |
WEB
|
Tushar Dalvi
|
|
2012-11-16
|
|
WordPress Plugin Tagged Albums - 'id' SQL Injection
|
13 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-16
|
|
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
|
13 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Plugin Eco-annu - 'eid' SQL Injection
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Plugin PHP Event Calendar - 'cid' SQL Injection
|
14 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-09
|
|
WordPress Theme Kakao - 'ID' SQL Injection
|
18 |
WEB
|
sil3nt
|
|
2012-11-09
|
|
ESRI ArcGIS for Server - 'where' SQL Injection
|
21 |
WEB
|
anonymous
|
|
2012-11-08
|
|
AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation
|
16 |
WEB
|
Sooel Son
|
|
2012-11-07
|
|
WordPress Plugin FLV Player - 'id' SQL Injection
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-11-07
|
|
OrangeHRM - 'sortField' SQL Injection
|
14 |
WEB
|
High-Tech Bridge
|
|
2012-11-06
|
|
VeriCentre - Multiple SQL Injections
|
19 |
WEB
|
Cory Eubanks
|
|
2012-11-04
|
|
AWAuctionScript CMS - Multiple Remote Vulnerabilities
|
17 |
WEB
|
X-Cisadane
|
|
2012-11-03
|
|
Joomla! Component Parcoauto - 'idVeicolo' SQL Injection
|
15 |
WEB
|
Andrea Bocchetti
|
|
2012-11-02
|
|
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
|
15 |
WEB
|
r45c4l
|
|
2012-10-31
|
|
BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
|
17 |
WEB
|
Canberk BOLAT
|
|
2015-08-29
|
|
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
|
14 |
WEB
|
Shad Malloy
|
|
2015-08-28
|
|
Pluck CMS 4.7.3 - Multiple Vulnerabilities
|
16 |
WEB
|
smash
|
|
2015-08-28
|
|
Wolf CMS - Arbitrary File Upload / Execution
|
13 |
WEB
|
Narendra Bhati
|
|
2015-08-28
|
|
Jenkins 1.626 - Cross-Site Request Forgery / Code Execution
|
11 |
WEB
|
smash
|
|
2015-08-28
|
|
WordPress Plugin Responsive Thumbnail Slider 1.0 - Arbitrary File Upload
|
12 |
WEB
|
Arash Khazaei
|
|
2012-10-31
|
|
SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting
|
12 |
WEB
|
Anthony Trummer
|
|
2012-10-31
|
|
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities
|
12 |
WEB
|
Security Effect Team
|
|
2012-10-30
|
|
Joomla! Component com_quiz - SQL Injection
|
13 |
WEB
|
Daniel Barragan
|
|
2012-10-28
|
|
CorePlayer - 'callback' Cross-Site Scripting
|
14 |
WEB
|
MustLive
|
|
2012-10-16
|
|
WANem - Multiple Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
Brendan Coles
|
|
2015-08-27
|
|
Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting
|
14 |
WEB
|
snop
|
|
2012-10-26
|
|
EasyITSP - 'customers_edit.php' Authentication Bypass
|
11 |
WEB
|
Michal Blaszczak
|
|
2012-10-29
|
|
TP-Link TL-WR841N Router - Local File Inclusion
|
9 |
WEB
|
Matan Azugi
|
|
2012-10-26
|
|
VicBlog - Multiple SQL Injections
|
12 |
WEB
|
Geek
|
|
2012-10-25
|
|
Gramophone - 'rs' Cross-Site Scripting
|
11 |
WEB
|
G13
|
|
2015-08-26
|
|
Magento eCommerce - Remote Code Execution
|
14 |
WEB
|
Manish Tanwar
|
|
2012-10-26
|
|
Inventory - Multiple Cross-Site Scripting / SQL Injections
|
10 |
WEB
|
G13
|
|
2012-10-23
|
|
SMF - 'view' Cross-Site Scripting
|
12 |
WEB
|
Am!r
|
|
2012-10-22
|
|
WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection
|
13 |
WEB
|
Starware Security Team
|
|
2012-10-18
|
|
WordPress Plugin Wordfence Security - Cross-Site Scripting
|
14 |
WEB
|
MustLive
|
|
2012-10-19
|
|
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
|
12 |
WEB
|
Netsparker
|
|
2015-08-25
|
|
Keeper IP Camera 3.2.2.10 - Authentication Bypass
|
12 |
WEB
|
RAT - ThiefKing
|
|
2012-10-18
|
|
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
|
9 |
WEB
|
cr4wl3r
|
|
2012-10-18
|
|
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
|
13 |
WEB
|
cr4wl3r
|
|
2012-10-18
|
|
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
|
10 |
WEB
|
cr4wl3r
|
|
2012-10-18
|
|
Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
|
10 |
WEB
|
cr4wl3r
|
|
2012-10-18
|
|
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
|
13 |
WEB
|
cr4wl3r
|
|
2015-08-24
|
|
WordPress Theme GeoPlaces3 - Arbitrary File Upload
|
12 |
WEB
|
Mdn_Newbie
|
|
2015-08-24
|
|
Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)
|
12 |
WEB
|
Arash Khazaei
|
|
2012-10-17
|
|
jCore - '/admin/index.php?path' Cross-Site Scripting
|
13 |
WEB
|
High-Tech Bridge
|
|
2012-10-17
|
|
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
waraxe
|
|
2012-10-15
|
|
WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion
|
10 |
WEB
|
Charlie Eriksen
|
|
2012-10-15
|
|
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
|
12 |
WEB
|
Aung Khant
|
|
2012-06-16
|
|
vBSEO - 'u' Cross-Site Scripting
|
7 |
WEB
|
MegaMan
|
|
2012-10-20
|
|
WebTitan - 'logs-x.php' Directory Traversal
|
11 |
WEB
|
Richard Conner
|
|
2012-01-06
|
|
SenseSites CommonSense CMS - 'article.php?id' SQL Injection
|
10 |
WEB
|
H4ckCity Security Team
|
|
2012-01-06
|
|
SenseSites CommonSense CMS - 'special.php?id' SQL Injection
|
11 |
WEB
|
H4ckCity Security Team
|
|
2012-01-06
|
|
SenseSites CommonSense CMS - 'id' SQL Injection
|
9 |
WEB
|
H4ckCity Security Team
|
|
2012-08-11
|
|
FileContral - Local File Inclusion / Local File Disclosure
|
11 |
WEB
|
Ashiyane Digital Security Team
|
|
2012-10-10
|
|
OpenX 2.8.10 - 'plugin-index.php' Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge
|
|
2012-10-06
|
|
Open Realty - 'select_users_lang' Local File Inclusion
|
9 |
WEB
|
L0n3ly-H34rT
|
|
2012-10-08
|
|
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
|
9 |
WEB
|
Ibrahim El-Sayed
|
|
2012-10-05
|
|
WordPress Plugin Shopp - Multiple Vulnerabilities
|
10 |
WEB
|
T0x!c
|
|
2015-08-21
|
|
Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)
|
8 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 4.0.8 - Arbitrary File Upload / Execution
|
10 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 3.0.6 - Authentication Bypass
|
10 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
|
11 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)
|
9 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 4.0.8 - SQL Injection / Authentication Bypass
|
10 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 4.0.4 - SQL Injection
|
8 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
Netsweeper 2.6.29.8 - SQL Injection
|
10 |
WEB
|
Anastasios Monachos
|
|
2015-08-21
|
|
WordPress Plugin MDC Private Message 1.0.0 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Chris Kellum
|
|
2015-08-21
|
|
WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
13 |
WEB
|
Ehsan Hosseini
|
|
2012-10-01
|
|
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
|
14 |
WEB
|
Vulnerability Laboratory
|
|
2012-10-02
|
|
ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting
|
12 |
WEB
|
Scott Herbert
|
|
2012-10-01
|
|
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities
|
14 |
WEB
|
Tapco Security
|
|
2012-09-30
|
|
AlamFifa CMS - 'user_name_cookie' SQL Injection
|
16 |
WEB
|
L0n3ly-H34rT
|
|
2012-10-02
|
|
Switchvox - Multiple HTML Injection Vulnerabilities
|
13 |
WEB
|
Ibrahim El-Sayed
|
|
2012-09-26
|
|
WordPress Plugin ABC Test - 'id' Cross-Site Scripting
|
15 |
WEB
|
Scott Herbert
|
|
2015-08-20
|
|
Pligg CMS 2.0.2 - Arbitrary Code Execution
|
16 |
WEB
|
Arash Khazaei
|
|
2015-08-20
|
|
Vifi Radio 1.0 - Cross-Site Request Forgery
|
12 |
WEB
|
KnocKout
|
|
2015-08-20
|
|
Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities
|
12 |
WEB
|
Itzik Chen
|
|
2015-08-19
|
|
up.time 7.5.0 - Upload and Execute
|
11 |
WEB
|
LiquidWorm
|
|
2015-08-19
|
|
up.time 7.5.0 - Arbitrary File Disclose and Delete
|
12 |
WEB
|
LiquidWorm
|
|
2015-08-19
|
|
up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
|
10 |
WEB
|
LiquidWorm
|
