|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
|
8 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting
|
7 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting
|
10 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-03-30
|
|
JamWiki 1.1.5 - 'num' Cross-Site Scripting
|
7 |
WEB
|
Sooraj K.S
|
|
2012-03-29
|
|
Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting
|
8 |
WEB
|
Am!r
|
|
2012-03-30
|
|
e107 1.0 - 'view' SQL Injection
|
9 |
WEB
|
Am!r
|
|
2012-03-30
|
|
PHP Designer 2007 Personal - Multiple SQL Injections
|
7 |
WEB
|
MR.XpR
|
|
2012-03-29
|
|
EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
|
7 |
WEB
|
Yann MICHARD
|
|
2012-03-29
|
|
EasyPHP - 'main.php' SQL Injection
|
7 |
WEB
|
Skote Vahshat
|
|
2012-03-28
|
|
ocPortal 7.1.5 - 'code_editor.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge
|
|
2012-03-28
|
|
TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion
|
7 |
WEB
|
Canberk BOLAT
|
|
2013-03-27
|
|
MyBB 1.6.6 - 'index.php?conditions[usergroup][]' Cross-Site Scripting
|
8 |
WEB
|
Aditya Modha
|
|
2013-03-27
|
|
MyBB 1.6.6 - 'index.php?conditions[usergroup][]' SQL Injection
|
8 |
WEB
|
Aditya Modha
|
|
2012-03-28
|
|
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting
|
8 |
WEB
|
sonyy
|
|
2012-03-28
|
|
WordPress Plugin Integrator 1.32 - 'redirect_to' Cross-Site Scripting
|
6 |
WEB
|
Stefan Schurtz
|
|
2012-03-27
|
|
Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
demonalex
|
|
2012-03-27
|
|
NextBBS 0.6 - 'index.php?do' Cross-Site Scripting
|
7 |
WEB
|
waraxe
|
|
2012-03-27
|
|
NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections
|
7 |
WEB
|
waraxe
|
|
2012-03-27
|
|
Geeklog 1.8.1 - 'index.php' SQL Injection
|
8 |
WEB
|
HELLBOY
|
|
2012-03-25
|
|
Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting
|
6 |
WEB
|
Crim3R
|
|
2012-03-23
|
|
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
|
5 |
WEB
|
voidloafer
|
|
2012-03-24
|
|
Event Calendar PHP - 'cal_year' Cross-Site Scripting
|
7 |
WEB
|
3spi0n
|
|
2012-03-21
|
|
Minify 2.1.x - 'g' Cross-Site Scripting
|
8 |
WEB
|
Ayoub Aboukir
|
|
2015-05-13
|
|
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
|
6 |
WEB
|
Wadeek
|
|
2015-05-13
|
|
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
|
8 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation
|
10 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload
|
10 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()'
|
7 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
|
5 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
CMSimple 3.3 - 'index.php' Cross-Site Scripting
|
9 |
WEB
|
Stefan Schurtz
|
|
2009-04-17
|
|
WebGlimpse 2.18.7 - 'DOC' Directory Traversal
|
8 |
WEB
|
MustLive
|
|
2015-05-11
|
|
SQLBuddy 1.3.3 - Directory Traversal
|
8 |
WEB
|
hyp3rlinx
|
|
2015-05-11
|
|
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
|
9 |
WEB
|
hyp3rlinx
|
|
2015-05-11
|
|
eFront 3.6.15 - PHP Object Injection
|
8 |
WEB
|
Filippo Roncari
|
|
2015-05-11
|
|
eFront 3.6.15 - Directory Traversal
|
9 |
WEB
|
Filippo Roncari
|
|
2015-05-11
|
|
eFront 3.6.15 - Multiple SQL Injections
|
10 |
WEB
|
Filippo Roncari
|
|
2015-05-11
|
|
D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting
|
10 |
WEB
|
XLabs Security
|
|
2015-05-11
|
|
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting
|
8 |
WEB
|
XLabs Security
|
|
2015-05-11
|
|
Pluck CMS 4.7 - Directory Traversal
|
6 |
WEB
|
Wadeek
|
|
2015-05-11
|
|
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)
|
9 |
WEB
|
Claudio Viviani & F17.c0de
|
|
2015-05-11
|
|
ZTE F660 - Remote Configuration Download
|
10 |
WEB
|
Daniel Cisa
|
|
2012-03-11
|
|
CreateVision CMS - 'id' SQL Injection
|
9 |
WEB
|
Zwierzchowski Oskar
|
|
2012-03-18
|
|
WebGlimpse 2.x - 'wgarcmin.cgi' Full Path Disclosure
|
10 |
WEB
|
Websecurity
|
|
2012-03-19
|
|
ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection
|
10 |
WEB
|
r45c4l
|
|
2012-03-20
|
|
WebGlimpse 2.14.1/2.18.8 - 'webglimpse.cgi' Remote Command Injection
|
11 |
WEB
|
Kevin Perry
|
|
2012-03-20
|
|
GNUBoard 4.34.20 - 'download.php' HTML Injection
|
10 |
WEB
|
wh1ant
|
|
2012-03-18
|
|
JavaBB 0.99 - 'userId' Cross-Site Scripting
|
10 |
WEB
|
sonyy
|
|
2012-03-16
|
|
JPM Article Script 6 - 'page2' SQL Injection
|
8 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-03-14
|
|
Max's PHP Photo Album 1.0 - 'id' Local File Inclusion
|
11 |
WEB
|
n0tch
|
|
2012-03-14
|
|
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
|
9 |
WEB
|
n0tch
|
|
2012-03-13
|
|
Omnistar Live - Cross-Site Scripting / SQL Injection
|
10 |
WEB
|
sonyy
|
|
2015-05-08
|
|
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities
|
9 |
WEB
|
Peter Lapp
|
|
2015-05-08
|
|
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery
|
11 |
WEB
|
Kaustubh G. Padwad
|
|
2015-05-08
|
|
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery
|
7 |
WEB
|
Kaustubh G. Padwad
|
|
2015-05-08
|
|
WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery
|
9 |
WEB
|
Kaustubh G. Padwad
|
|
2015-05-08
|
|
WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery
|
9 |
WEB
|
Kaustubh G. Padwad
|
|
2015-05-08
|
|
WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
|
9 |
WEB
|
Evex
|
|
2015-05-08
|
|
SynTail 1.5 Build 566 - Multiple Vulnerabilities
|
7 |
WEB
|
Marlow Tannhauser
|
|
2015-05-08
|
|
WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion
|
8 |
WEB
|
T3N38R15
|
|
2015-05-08
|
|
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
|
10 |
WEB
|
Marlow Tannhauser
|
|
2015-05-08
|
|
Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities
|
9 |
WEB
|
Marlow Tannhauser
|
|
2015-05-08
|
|
Xeams 4.5 Build 5755 - Multiple Vulnerabilities
|
9 |
WEB
|
Marlow Tannhauser
|
|
2012-03-12
|
|
Wikidforum 2.10 - Advanced Search Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Stefan Schurtz
|
|
2012-03-12
|
|
Wikidforum 2.10 - Search Field Cross-Site Scripting
|
8 |
WEB
|
Stefan Schurtz
|
|
2012-03-12
|
|
Wikidforum 2.10 - Advanced Search Multiple Field SQL Injections
|
9 |
WEB
|
Stefan Schurtz
|
|
2012-03-12
|
|
Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting
|
9 |
WEB
|
Simon Ganiere
|
|
2015-05-07
|
|
Album Streamer 2.0 iOS - Directory Traversal
|
8 |
WEB
|
Vulnerability-Lab
|
|
2015-05-07
|
|
WordPress Plugin Freshmail 1.5.8 - 'shortcode.php' SQL Injection
|
10 |
WEB
|
Felipe Molina
|
|
2015-05-07
|
|
IBM Websphere Portal - Persistent Cross-Site Scripting
|
10 |
WEB
|
Filippo Roncari
|
|
2015-05-07
|
|
Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery
|
9 |
WEB
|
Veit Hailperin
|
|
2012-03-11
|
|
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
|
9 |
WEB
|
MustLive
|
|
2012-03-11
|
|
Singapore 0.10.1 - 'gallery' Cross-Site Scripting
|
10 |
WEB
|
T0xic
|
|
2012-03-09
|
|
PHPMyVisites 2.4 - 'PHPmv2/index.php' Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
AkaStep
|
|
2012-03-08
|
|
SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting
|
9 |
WEB
|
vulns@dionach.com
|
|
2012-03-08
|
|
SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting
|
10 |
WEB
|
vulns@dionach.com
|
|
2012-03-08
|
|
SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting
|
7 |
WEB
|
vulns@dionach.com
|
|
2015-05-07
|
|
WordPress Plugin Freshmail 1.5.8 - SQL Injection
|
8 |
WEB
|
Felipe Molina
|
|
2012-03-08
|
|
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
8 |
WEB
|
Julien Ahrens
|
|
2012-03-08
|
|
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
|
11 |
WEB
|
AkaStep
|
|
2012-03-08
|
|
LeKommerce - 'id' SQL Injection
|
8 |
WEB
|
Mazt0r
|
|
2015-05-06
|
|
elFinder 2 - Remote Command Execution (via File Creation)
|
9 |
WEB
|
TUNISIAN CYBER
|
|
2015-05-06
|
|
PDF Converter & Editor 2.1 iOS - Local File Inclusion
|
10 |
WEB
|
Vulnerability-Lab
|
|
2015-05-06
|
|
vPhoto-Album 4.2 iOS - Local File Inclusion
|
12 |
WEB
|
Vulnerability-Lab
|
|
2012-03-07
|
|
OSClass 2.3.x - Directory Traversal / Arbitrary File Upload
|
11 |
WEB
|
Filippo Cavallarin
|
|
2012-03-07
|
|
Exponent CMS 2.0 - 'src' SQL Injection
|
9 |
WEB
|
Rob Miller
|
|
2012-03-06
|
|
Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
9 |
WEB
|
Gjoko Krstic
|
|
2012-03-05
|
|
Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
|
8 |
WEB
|
Colin Wong
|
|
2012-03-05
|
|
11in1 CMS 1.2.1 - 'admin/tps?id' SQL Injection
|
9 |
WEB
|
Chokri B.A
|
|
2012-03-05
|
|
11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection
|
8 |
WEB
|
Chokri B.A
|
|
2012-03-05
|
|
Open Realty 2.5.x - 'select_users_template' Local File Inclusion
|
9 |
WEB
|
Aung Khant
|
|
2015-05-04
|
|
WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross
|
12 |
WEB
|
Felipe Molina
|
|
2015-05-04
|
|
PhotoWebsite 3.1 iOS - Local File Inclusion
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'photo_view.php?return' Cross-Site Scripting
|
7 |
WEB
|
Aung Khant
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'photo_search.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Aung Khant
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Aung Khant
|
|
2012-03-04
|
|
LastGuru ASP Guestbook - 'View.asp' SQL Injection
|
9 |
WEB
|
demonalex
|
|
2012-03-02
|
|
starCMS - 'q' URI Cross-Site Scripting
|
12 |
WEB
|
Am!r
|
|
2012-02-28
|
|
Fork CMS 3.x - '/backend/modules/error/actions/index.php?parse()' Multiple Error Display Cross-Site
|
14 |
WEB
|
anonymous
|
|
2012-02-28
|
|
Fork CMS 3.x - '/private/en/locale/index?name' Cross-Site Scripting
|
10 |
WEB
|
anonymous
|
|
2012-02-29
|
|
Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery
|
12 |
WEB
|
Green Hornet
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/plugin.php?page' Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/blogs.php?nb' Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/auth.php?login_data' Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-27
|
|
OSQA's CMS - Multiple HTML Injection Vulnerabilities
|
11 |
WEB
|
Ucha Gobejishvili
|
|
2012-02-27
|
|
Bontq - 'user/' URI Cross-Site Scripting
|
11 |
WEB
|
sonyy
|
|
2012-02-26
|
|
Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
MustLive
|
|
2012-02-26
|
|
MyJobList 0.1.3 - 'eid' SQL Injection
|
9 |
WEB
|
Red Security TEAM
|
|
2012-02-23
|
|
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
|
11 |
WEB
|
Corrado Liotta
|
|
2012-02-22
|
|
Oxwall 1.1.1 - 'plugin' Cross-Site Scripting
|
8 |
WEB
|
Ariko-Security
|
|
2012-02-22
|
|
Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-22
|
|
Chyrp 2.1.1 - 'ajax.php' HTML Injection
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-22
|
|
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
|
14 |
WEB
|
Benjamin Kunz Mejri
|
|
2012-02-22
|
|
ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting
|
12 |
WEB
|
Stefan Schurtz
|
|
2012-02-21
|
|
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Ariko-Security
|
|
2012-02-21
|
|
Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Sit
|
10 |
WEB
|
Busindre
|
|
2012-02-20
|
|
Joomla! Component Machine - Multiple SQL Injections
|
9 |
WEB
|
the_cyber_nuxbie
|
|
2015-04-29
|
|
OS Solution OSProperty 2.8.0 - SQL Injection
|
9 |
WEB
|
Brandon Perry
|
|
2015-04-29
|
|
Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
|
7 |
WEB
|
hyp3rlinx
|
|
2015-04-29
|
|
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-18
|
|
Joomla! Component com_xvs - 'Controller' Local File Inclusion
|
10 |
WEB
|
KedAns-Dz
|
|
2012-02-21
|
|
Dolphin 7.0.x - 'explanation.php?explain' Cross-Site Scripting
|
8 |
WEB
|
Aung Khant
|
|
2012-02-21
|
|
Dolphin 7.0.x - 'viewFriends.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Aung Khant
|
|
2012-02-20
|
|
TestLink - Multiple SQL Injections
|
8 |
WEB
|
Juan M. Natal
|
