|
2012-06-16
|
|
Webify (Multiple Products) - Multiple HTML Injection / Local File Inclusions
|
8 |
WEB
|
snup
|
|
2012-06-16
|
|
Simple Document Management System 1.1.5 - Multiple SQL Injections
|
7 |
WEB
|
JosS
|
|
2012-06-15
|
|
Joomla! Component JCal Pro Calendar - SQL Injection
|
8 |
WEB
|
Taurus Omar
|
|
2012-06-16
|
|
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-15
|
|
WordPress Plugin ORGanizer - Multiple Vulnerabilities
|
7 |
WEB
|
MustLive
|
|
2012-06-17
|
|
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
|
6 |
WEB
|
Sammy FORGIT
|
|
2012-06-14
|
|
NetArt Media Jobs Portal - SQL Injection
|
7 |
WEB
|
Ibrahim El-Sayed
|
|
2012-06-14
|
|
Simple Forum PHP - Multiple SQL Injections
|
7 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-06-15
|
|
ADICO - 'index.php' Script SQL Injection
|
6 |
WEB
|
Ibrahim El-Sayed
|
|
2012-06-14
|
|
WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload
|
6 |
WEB
|
Sammy FORGIT
|
|
2012-06-17
|
|
MediaWiki 1.x - 'uselang' Cross-Site Scripting
|
7 |
WEB
|
anonymous
|
|
2012-06-14
|
|
WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload
|
7 |
WEB
|
Sammy FORGIT
|
|
2012-01-14
|
|
WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-13
|
|
Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload
|
6 |
WEB
|
KedAns-Dz
|
|
2012-06-13
|
|
SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities
|
6 |
WEB
|
anonymous
|
|
2015-06-26
|
|
ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting
|
6 |
WEB
|
Suraj Krishnaswami
|
|
2015-06-26
|
|
Thycotic Secret Server 8.8.000004 - Persistent Cross-Site Scripting
|
6 |
WEB
|
Marco Delai
|
|
2015-06-26
|
|
Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Di
|
|
2015-06-26
|
|
Koha 3.20.1 - Directory Traversal
|
8 |
WEB
|
Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Di
|
|
2015-06-26
|
|
Koha 3.20.1 - Multiple SQL Injections
|
8 |
WEB
|
Raschin Tavakoli_ Bernhard Garn_ Peter Aufner & Di
|
|
2012-06-12
|
|
Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-13
|
|
Joomla! Component mod_jfancy - 'script.php' Arbitrary File Upload
|
10 |
WEB
|
Sammy FORGIT
|
|
2012-06-13
|
|
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
|
7 |
WEB
|
Sammy FORGIT
|
|
2012-06-12
|
|
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload
|
9 |
WEB
|
Sammy FORGIT
|
|
2012-06-12
|
|
Joomla! Component mod_artuploader - 'upload.php' Arbitrary File Upload
|
9 |
WEB
|
Sammy FORGIT
|
|
2012-06-12
|
|
Joomla! Component com_simpleswfupload - 'uploadhandler.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-13
|
|
WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-12
|
|
XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload
|
7 |
WEB
|
KedAns-Dz
|
|
2012-06-11
|
|
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
|
9 |
WEB
|
KedAns-Dz
|
|
2012-06-10
|
|
Joomla! Component com_alphacontent - 'limitstart' SQL Injection
|
7 |
WEB
|
xDarkSton3x
|
|
2012-06-12
|
|
WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-11
|
|
BMC Identity Management - Cross-Site Request Forgery
|
7 |
WEB
|
Travis Lee
|
|
2012-06-03
|
|
WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload
|
8 |
WEB
|
Sammy FORGIT
|
|
2012-06-07
|
|
WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload
|
7 |
WEB
|
Sammy FORGIT
|
|
2015-06-24
|
|
Vesta Control Panel 0.9.8 - OS Command Injection
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2015-06-24
|
|
Joomla! Component com_simpleimageupload - Arbitrary File Upload
|
7 |
WEB
|
CrashBandicot
|
|
2015-06-24
|
|
GeniXCMS 0.0.3 - 'register.php' SQL Injection
|
9 |
WEB
|
cfreer
|
|
2015-06-24
|
|
WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities
|
10 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2015-06-24
|
|
GeniXCMS 0.0.3 - Cross-Site Scripting
|
9 |
WEB
|
hyp3rlinx
|
|
2012-06-07
|
|
WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload
|
10 |
WEB
|
Sammy FORGIT
|
|
2012-06-07
|
|
WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure
|
9 |
WEB
|
Sammy FORGIT
|
|
2012-06-06
|
|
MyBB 1.6.8 - 'member.php' SQL Injection
|
9 |
WEB
|
MR.XpR
|
|
2012-06-05
|
|
Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
|
6 |
WEB
|
rwenzel
|
|
2015-06-05
|
|
WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload
|
9 |
WEB
|
Sammy FORGIT
|
|
2012-06-03
|
|
Ignite Solutions CMS - 'car-details.php' SQL Injection
|
7 |
WEB
|
Am!r
|
|
2012-06-03
|
|
AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple SQL Injections
|
8 |
WEB
|
KedAns-Dz
|
|
2012-06-03
|
|
AdaptCMS 2.0.2 TinyURL Plugin - 'index.php?id' SQL Injection
|
7 |
WEB
|
KedAns-Dz
|
|
2012-06-03
|
|
TinyCMS 1.3 - '/admin/admin.php?do' Traversal Local File Inclusion
|
8 |
WEB
|
KedAns-Dz
|
|
2012-06-03
|
|
TinyCMS 1.3 - 'index.php?page' Traversal Local File Inclusion
|
7 |
WEB
|
KedAns-Dz
|
|
2012-06-03
|
|
TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery
|
8 |
WEB
|
KedAns-Dz
|
|
2012-06-01
|
|
VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting
|
8 |
WEB
|
Aboud-el
|
|
2012-05-31
|
|
WHMCompleteSolution (WHMCS) 5.0 - 'KnowledgeBase.php?search' Cross-Site Scripting
|
8 |
WEB
|
Shadman Tanjim
|
|
2012-05-31
|
|
WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)
|
8 |
WEB
|
Shadman Tanjim
|
|
2012-05-29
|
|
WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection
|
7 |
WEB
|
dex
|
|
2012-05-28
|
|
Yamamah Photo Gallery 1.1 - Database Information Disclosure
|
8 |
WEB
|
L3b-r1'z
|
|
2012-05-27
|
|
Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion
|
8 |
WEB
|
n4ss1m
|
|
2012-05-26
|
|
Small-Cms - 'hostname' Remote PHP Code Injection
|
8 |
WEB
|
L3b-r1'z
|
|
2015-06-19
|
|
Lively Cart - SQL Injection
|
7 |
WEB
|
Manish Tanwar
|
|
2015-06-19
|
|
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete
|
7 |
WEB
|
Vulnerability-Lab
|
|
2015-06-19
|
|
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
|
7 |
WEB
|
Vulnerability-Lab
|
|
2012-05-25
|
|
DynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
|
8 |
WEB
|
KedAns-Dz
|
|
2015-06-19
|
|
Tango FTP 1.0 (Build 136) - Activex HeapSpray
|
9 |
WEB
|
metacom
|
|
2015-06-19
|
|
Tango DropBox 3.1.5 + PRO - Activex HeapSpray
|
9 |
WEB
|
metacom
|
|
2012-05-26
|
|
phpList 2.10.9 - 'Sajax.php' PHP Code Injection
|
7 |
WEB
|
L3b-r1'z
|
|
2012-05-27
|
|
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
|
8 |
WEB
|
AkaStep
|
|
2012-05-24
|
|
phpCollab 2.5 - Direct Request Multiple Protected Page Access
|
7 |
WEB
|
team ' & 1=1--
|
|
2012-05-24
|
|
PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload
|
8 |
WEB
|
team ' & 1=1--
|
|
2012-05-23
|
|
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
|
8 |
WEB
|
L3b-r1'z
|
|
2012-05-23
|
|
pragmaMx 1.12.1 - '/includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php?img_url' Cross-Site
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-23
|
|
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-23
|
|
Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities
|
6 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-23
|
|
Ajaxmint Gallery 1.0 - Local File Inclusion
|
6 |
WEB
|
AkaStep
|
|
2012-05-23
|
|
phpCollab 2.5 - Database Backup Information Disclosure
|
6 |
WEB
|
team ' & 1=1--
|
|
2012-05-23
|
|
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
|
8 |
WEB
|
AkaStep
|
|
2012-05-21
|
|
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
|
7 |
WEB
|
Eyup CELIK
|
|
2012-05-22
|
|
Plogger Photo Gallery - SQL Injection
|
7 |
WEB
|
Eyup CELIK
|
|
2015-06-17
|
|
BlackCat CMS 1.1.1 - Arbitrary File Download
|
7 |
WEB
|
d4rkr0id
|
|
2015-06-16
|
|
E-Detective Lawful Interception System - Multiple Vulnerabilities
|
8 |
WEB
|
Mustafa Al-Bassam
|
|
2015-06-16
|
|
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection
|
7 |
WEB
|
RedTeam Pentesting
|
|
2015-06-16
|
|
Apexis IP CAM - Information Disclosure
|
9 |
WEB
|
Sunplace Solutions
|
|
2015-06-16
|
|
Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - Cross-Site Request Forgery
|
9 |
WEB
|
Jerold Hoong
|
|
2015-06-15
|
|
Milw0rm Clone Script 1.0 - '/admin/login.php' Authentication Bypass
|
9 |
WEB
|
walid naceri
|
|
2012-05-20
|
|
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
|
8 |
WEB
|
Eyup CELIK
|
|
2015-06-12
|
|
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
|
9 |
WEB
|
Larry W. Cashdollar
|
|
2015-06-12
|
|
WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
|
8 |
WEB
|
Larry W. Cashdollar
|
|
2015-06-12
|
|
ZCMS 1.1 - Multiple Vulnerabilities
|
6 |
WEB
|
hyp3rlinx
|
|
2015-06-12
|
|
Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Dolev Farhi
|
|
2015-06-12
|
|
Nakid CMS - Multiple Vulnerabilities
|
6 |
WEB
|
hyp3rlinx
|
|
2015-06-12
|
|
ClickHeat 1.14 - Cross-Site Request Forgery (Change Admin Password)
|
6 |
WEB
|
David Shanahan
|
|
2015-06-10
|
|
WordPress Plugin Encrypted Contact Form 1.0.4 - Cross-Site Request Forgery
|
6 |
WEB
|
Nitin Venkatesh
|
|
2015-06-10
|
|
AnimaGallery 2.6 - Local File Inclusion
|
8 |
WEB
|
d4rkr0id
|
|
2015-06-10
|
|
Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery
|
7 |
WEB
|
RedTeam Pentesting
|
|
2015-06-10
|
|
Bonita BPM 6.5.1 - Multiple Vulnerabilities
|
6 |
WEB
|
High-Tech Bridge SA
|
|
2015-06-10
|
|
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2015-06-10
|
|
GeoVision (GeoHttpServer) Webcams - Remote File Disclosure
|
7 |
WEB
|
Viktor Minin
|
|
2015-06-10
|
|
FiverrScript - Cross-Site Request Forgery (Add Admin)
|
6 |
WEB
|
Mahmoud Gamal
|
|
2015-06-10
|
|
Pandora FMS 5.0/5.1 - Authentication Bypass
|
7 |
WEB
|
Manuel Mancera
|
|
2015-06-10
|
|
WordPress Plugin History Collection 1.1.1 - Arbitrary File Download
|
6 |
WEB
|
Kuroi'SH
|
|
2015-06-10
|
|
WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read
|
6 |
WEB
|
Kuroi'SH
|
|
2015-06-10
|
|
WordPress Plugin RobotCPA V5 - Local File Inclusion
|
8 |
WEB
|
T3N38R15
|
|
2015-06-10
|
|
HP WebInspect 10.4 - XML External Entity Injection
|
10 |
WEB
|
Jakub Palaczynski
|
|
2015-06-09
|
|
Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection
|
6 |
WEB
|
Pancaker
|
|
2015-06-08
|
|
Pasworld - 'detail.php' Blind SQL Injection
|
6 |
WEB
|
Sebastian khan
|
|
2015-06-08
|
|
WordPress Plugin WP Mobile Edition - Local File Inclusion
|
7 |
WEB
|
Ali Khalil
|
|
2015-06-08
|
|
WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
|
5 |
WEB
|
T3N38R15
|
|
2015-06-08
|
|
D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change
|
6 |
WEB
|
Todor Donev
|
|
2015-06-08
|
|
D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
|
7 |
WEB
|
Todor Donev
|
|
2015-06-08
|
|
TP-Link TD-W8950ND ADSL2+ - Remote DNS Change
|
6 |
WEB
|
Todor Donev
|
|
2015-06-08
|
|
D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change
|
7 |
WEB
|
Todor Donev
|
|
2012-05-20
|
|
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
|
6 |
WEB
|
AkaStep
|
|
2012-05-20
|
|
Concrete CMS < 5.5.21 - Multiple Vulnerabilities
|
6 |
WEB
|
AkaStep
|
|
2012-05-21
|
|
Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting
|
8 |
WEB
|
MustLive
|
|
2012-05-21
|
|
Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access
|
6 |
WEB
|
Aung Khant
|
|
2012-05-21
|
|
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Cod
|
7 |
WEB
|
Aung Khant
|
|
2012-05-17
|
|
Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security
|
7 |
WEB
|
anonymous
|
|
2012-05-03
|
|
OpenKM 5.1.7 - Cross-Site Request Forgery
|
7 |
WEB
|
Cyrill Brunschwiler
|
|
2012-05-17
|
|
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Stefan Schurtz
|
|
2012-05-17
|
|
ArtiPHP 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
6 |
WEB
|
Gjoko Krstic
|
|
2012-05-16
|
|
Unijimpe Captcha - 'captchademo.php' Cross-Site Scripting
|
6 |
WEB
|
Daniel Godoy
|
|
2015-06-06
|
|
Broadlight Residential Gateway DI3124 - Remote DNS Change
|
6 |
WEB
|
Todor Donev
|
|
2015-06-06
|
|
WiFi HD 8.1 - Directory Traversal / Denial of Service
|
5 |
WEB
|
Wh1t3Rh1n0 (Michael Allen)
|
|
2015-06-05
|
|
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
|
6 |
WEB
|
Kuroi'SH
|
|
2012-05-16
|
|
backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting
|
7 |
WEB
|
LiquidWorm
|
|
2012-05-16
|
|
SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.random.php?dir' Cross-Site Script
|
6 |
WEB
|
Gjoko Krstic
|
|
2012-05-16
|
|
SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.showpic.php?title' Cross-Site Scr
|
6 |
WEB
|
Gjoko Krstic
|
