|
2016-07-06
|
|
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
|
3 |
REMOTE
|
Dawid Golunski
|
|
2016-06-29
|
|
Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution
|
3 |
REMOTE
|
Rémi ROCHER
|
|
2016-06-22
|
|
Wolf CMS 0.8.2 - Arbitrary File Upload (Metasploit)
|
3 |
REMOTE
|
s0nk3y
|
|
2016-06-22
|
|
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
|
2 |
REMOTE
|
quanyechavshuo
|
|
2016-06-21
|
|
DarkComet Server - Arbitrary File Download (Metasploit)
|
4 |
REMOTE
|
Jos Wetzels
|
|
2016-06-17
|
|
op5 7.1.9 - Configuration Command Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-06-15
|
|
Bomgar Remote Support - Code Execution (Metasploit)
|
4 |
REMOTE
|
Markus Wulftange
|
|
2016-06-14
|
|
Apache Continuum - Arbitrary Command Execution (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-06-10
|
|
Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-06-10
|
|
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-06-10
|
|
IPFire - 'proxy.cgi' Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-06-10
|
|
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
|
2 |
REMOTE
|
Jos Wetzels
|
|
2016-06-10
|
|
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
|
3 |
REMOTE
|
Jos Wetzels
|
|
2016-05-31
|
|
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
|
3 |
REMOTE
|
Ian Lovering
|
|
2016-05-26
|
|
HP Data Protector A.09.00 - Arbitrary Command Execution
|
2 |
REMOTE
|
Ian Lovering
|
|
2016-05-25
|
|
PowerFolder Server 10.4.321 - Remote Code Execution
|
3 |
REMOTE
|
Hans-Martin Muench
|
|
2016-05-25
|
|
Ubiquiti airOS - Arbitrary File Upload (Metasploit)
|
2 |
REMOTE
|
Metasploit
|
|
2016-05-25
|
|
Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)
|
2 |
REMOTE
|
Metasploit
|
|
2016-05-17
|
|
Dell SonicWALL Scrutinizer 11.01 - methodDetail SQL Injection (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-05-17
|
|
Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow
|
3 |
REMOTE
|
Exodus Intelligence
|
|
2016-05-12
|
|
Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
|
3 |
REMOTE
|
Eduardo Braun Prado
|
|
2016-05-09
|
|
Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-05-09
|
|
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
|
3 |
REMOTE
|
mr_me
|
|
2016-05-02
|
|
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit)
|
5 |
REMOTE
|
Metasploit
|
|
2016-05-02
|
|
Acunetix WVS 10 - Remote Command Execution
|
4 |
REMOTE
|
Daniele Linguaglossa
|
|
2016-04-28
|
|
PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow
|
3 |
REMOTE
|
Hans Jerry Illikainen
|
|
2016-04-26
|
|
libgd 2.1.1 - Signedness Heap Overflow
|
4 |
REMOTE
|
Hans Jerry Illikainen
|
|
2016-04-26
|
|
Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-04-25
|
|
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)
|
5 |
REMOTE
|
Jonathan Smith
|
|
2016-04-18
|
|
Novell ServiceDesk - (Authenticated) Arbitrary File Upload (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-04-14
|
|
Microsoft Internet Explorer 9/10/11 - 'CDOMStringDataList::InitFromString' Out-of-Bounds Read (MS15-
|
5 |
REMOTE
|
Ashfaq Ansari
|
|
2016-04-13
|
|
Dell KACE K1000 - Arbitrary File Upload (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-04-05
|
|
PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-04-05
|
|
Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-04-01
|
|
PHP 5.5.33/7.0.4 - SNMP Format String
|
4 |
REMOTE
|
Andrew Kramer
|
|
2016-03-31
|
|
Apache Jetspeed - Arbitrary File Upload (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-03-30
|
|
Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass)
|
3 |
REMOTE
|
NorthBit
|
|
2016-03-30
|
|
ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2012-12-30
|
|
LShell 0.9.15 - Remote Code Execution
|
3 |
REMOTE
|
drone
|
|
2016-03-29
|
|
Adobe Flash - Object.unwatch Use-After-Free
|
4 |
REMOTE
|
Google Security Research
|
|
2016-03-23
|
|
Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans
|
5 |
REMOTE
|
Google Security Research
|
|
2016-03-23
|
|
Multiple CCTV-DVR Vendors - Remote Code Execution
|
5 |
REMOTE
|
K1P0D
|
|
2016-03-21
|
|
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)
|
4 |
REMOTE
|
Paul Purcell
|
|
2016-03-16
|
|
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
|
3 |
REMOTE
|
tintinweb
|
|
2016-03-16
|
|
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)
|
5 |
REMOTE
|
thatchriseckert
|
|
2016-03-11
|
|
PHP Utility Belt - Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-03-03
|
|
Schneider Electric SBO / AS - Multiple Vulnerabilities
|
4 |
REMOTE
|
Karn Ganeshen
|
|
2016-03-01
|
|
Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-03-01
|
|
ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2016-02-26
|
|
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
|
3 |
REMOTE
|
Sysdream
|
|
2016-02-17
|
|
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
|
3 |
REMOTE
|
LiquidWorm
|
|
2016-02-11
|
|
File Replication Pro 7.2.0 - Multiple Vulnerabilities
|
3 |
REMOTE
|
Vantage Point Security
|
|
2016-02-10
|
|
D-Link DCS-930L - (Authenticated) Remote Command Execution (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2016-01-26
|
|
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
|
5 |
REMOTE
|
Metasploit
|
|
2014-09-16
|
|
Laravel - 'Hash::make()' Password Truncation Security
|
3 |
REMOTE
|
Pichaya Morimoto
|
|
2014-09-15
|
|
Aztech Modem Routers - Session Hijacking
|
3 |
REMOTE
|
Eric Fajardo
|
|
2014-09-15
|
|
Aztech Modem Routers - Information Disclosure
|
4 |
REMOTE
|
Eric Fajardo
|
|
2014-09-02
|
|
Mozilla Firefox 9.0.1 / Thunderbird 3.1.20 - Information Disclosure
|
4 |
REMOTE
|
Michal Zalewski
|
|
2014-08-26
|
|
Granding MA300 - Weak Pin Encryption Brute Force
|
4 |
REMOTE
|
Eric Sesterhenn
|
|
2014-08-26
|
|
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
|
5 |
REMOTE
|
Eric Sesterhenn
|
|
2014-08-04
|
|
Barracuda Web Application Firewall - Authentication Bypass
|
5 |
REMOTE
|
Nick Hayes
|
|
2014-07-16
|
|
Alfresco - '/cmisbrowser?url' Server-Side Request Forgery
|
4 |
REMOTE
|
V. Paulikas
|
|
2014-07-16
|
|
Alfresco - '/proxy?endpoint' Server-Side Request Forgery
|
4 |
REMOTE
|
V. Paulikas
|
|
2016-01-12
|
|
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
|
4 |
REMOTE
|
Daniel Lawson
|
|
2014-06-05
|
|
Foreman Smart-Proxy - Remote Command Injection
|
4 |
REMOTE
|
Lukas Zapletal
|
|
2016-01-11
|
|
Trend Micro - node.js HTTP Server Listening on localhost Can Execute Commands
|
5 |
REMOTE
|
Google Security Research
|
|
2016-01-11
|
|
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)
|
5 |
REMOTE
|
TOMIWA
|
|
2014-05-30
|
|
Huawei E303 Router - Cross-Site Request Forgery
|
3 |
REMOTE
|
Benjamin Daniel Mussler
|
|
2014-05-27
|
|
Castor Library - XML External Entity Information Disclosure
|
4 |
REMOTE
|
Ron Gutierrez
|
|
2014-05-21
|
|
Apache mod_wsgi - Information Disclosure
|
3 |
REMOTE
|
Buck Golemon
|
|
2014-05-08
|
|
Foscam IP Camera - Predictable Credentials Security Bypass
|
5 |
REMOTE
|
Sergey Shekyan
|
|
2016-01-07
|
|
AVM FRITZ!Box < 6.30 - Remote Buffer Overflow
|
3 |
REMOTE
|
RedTeam Pentesting
|
|
2014-05-15
|
|
UPS Web/SNMP-Manager CS121 - Authentication Bypass
|
5 |
REMOTE
|
jkmac
|
|
2014-05-05
|
|
AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities
|
4 |
REMOTE
|
bhamb
|
|
2016-01-04
|
|
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
|
4 |
REMOTE
|
Avinash Thapa
|
|
2014-04-15
|
|
lxml - 'clean_html' Security Bypass
|
4 |
REMOTE
|
Maksim Kochkin
|
|
2014-04-21
|
|
COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation)
|
4 |
REMOTE
|
TUNISIAN CYBER
|
|
2014-04-12
|
|
ICOMM 610 Wireless Modem - Cross-Site Request Forgery
|
4 |
REMOTE
|
Blessen Thomas
|
|
2015-12-29
|
|
KiTTY Portable 0.65.0.2p (Windows XP/7/10) - Chat Remote Buffer Overflow (SEH)
|
4 |
REMOTE
|
Guillaume Kaddouch
|
|
2014-03-09
|
|
ET - Chat Password Reset Security Bypass
|
2 |
REMOTE
|
IRH
|
|
2014-03-10
|
|
Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass
|
3 |
REMOTE
|
Guillaume Ross
|
|
2014-02-19
|
|
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Remote Stack Buffer Overflow
|
3 |
REMOTE
|
Julien Ahrens
|
|
2014-02-19
|
|
Dassault Systemes Catia - Remote Stack Buffer Overflow
|
5 |
REMOTE
|
Mohamed Shetta
|
|
2015-12-26
|
|
EasyCafe Server 2.2.14 - Remote File Read
|
4 |
REMOTE
|
R-73eN
|
|
2013-12-11
|
|
RedHat Piranha - Remote Security Bypass
|
3 |
REMOTE
|
Andreas Schiermeier
|
|
2014-02-05
|
|
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
|
4 |
REMOTE
|
Marcel Mangold
|
|
2014-02-03
|
|
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi?ping_ipaddr' Remote Code Execution
|
4 |
REMOTE
|
Josue Rojas
|
|
2014-01-14
|
|
Oracle Supply Chain Products Suite - Remote Security
|
4 |
REMOTE
|
Oracle
|
|
2015-12-16
|
|
Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)
|
2 |
REMOTE
|
ArminCyber
|
|
2015-12-16
|
|
Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)
|
3 |
REMOTE
|
ArminCyber
|
|
2015-12-16
|
|
FireEye - Wormable Remote Code Execution in MIP JAR Analysis
|
3 |
REMOTE
|
Tavis Ormandy & Natalie Silvanovich
|
|
2015-12-15
|
|
Jenkins CLI - RMI Java Deserialization (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2015-12-15
|
|
ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2015-12-14
|
|
Xdh / LinuxNet Perlbot / fBot IRC Bot - Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2015-12-14
|
|
Xdh / LinuxNet Perlbot / fBot IRC Bot - Remote Code Execution (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2015-12-14
|
|
Legend Perl IRC Bot - Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2015-12-14
|
|
Legend Perl IRC Bot - Remote Code Execution (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2015-12-14
|
|
Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)
|
4 |
REMOTE
|
Google Security Research
|
|
2015-12-14
|
|
Siemens Simatic S7 1200 - CPU Command Module (Metasploit)
|
3 |
REMOTE
|
Nguyen Manh Hung
|
|
2013-12-07
|
|
Apple Safari For Windows - PhishingAlert Security Bypass
|
5 |
REMOTE
|
Jackmasa
|
|
2015-12-09
|
|
Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)
|
4 |
REMOTE
|
Google Security Research
|
|
2015-12-09
|
|
Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)
|
5 |
REMOTE
|
Core Security
|
|
2015-12-09
|
|
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka 'self-executing' MCL File
|
4 |
REMOTE
|
Eduardo Braun Prado
|
|
2013-12-19
|
|
Hancom Office - '.hml' File Processing Heap Buffer Overflow
|
4 |
REMOTE
|
diroverflow
|
|
2015-12-08
|
|
Atlassian HipChat for Jira Plugin - Velocity Template Injection (Metasploit)
|
6 |
REMOTE
|
Metasploit
|
|
2015-12-08
|
|
phpFileManager 0.9.8 - Remote Code Execution (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2015-12-03
|
|
Oracle BeeHive 2 - 'voice-servlet prepareAudioToPlay()' Arbitrary File Upload (Metasploit)
|
4 |
REMOTE
|
Metasploit
|
|
2015-12-03
|
|
Oracle BeeHive 2 - 'voice-servlet processEvaluation()' Write File (Metasploit)
|
3 |
REMOTE
|
Metasploit
|
|
2013-11-15
|
|
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
|
4 |
REMOTE
|
Yakir Wizman
|
|
2013-11-22
|
|
Thomson Reuters Velocity Analytics - Remote Code Injection
|
4 |
REMOTE
|
Eduardo Gonzalez
|
|
2015-12-02
|
|
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)
|
1 |
REMOTE
|
Metasploit
|
|
2013-11-19
|
|
Nginx 1.1.17 - URI Processing SecURIty Bypass
|
3 |
REMOTE
|
Ivan Fratric
|
|
2013-11-19
|
|
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
|
3 |
REMOTE
|
Dennis Kelly
|
|
2015-11-30
|
|
Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass + ROP)
|
3 |
REMOTE
|
Knaps
|
|
2013-12-13
|
|
Nagios XI - 'tfPassword' SQL Injection
|
3 |
REMOTE
|
Denis Andzakovic
|
|
2013-12-10
|
|
Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
|
3 |
REMOTE
|
Mathy Vanhoef
|
|
2013-10-11
|
|
IBM Cognos Business Intelligence - XML External Entity Information Disclosure
|
3 |
REMOTE
|
IBM
|
|
2013-10-12
|
|
Fortinet FortiAnalyzer - Cross-Site Request Forgery
|
4 |
REMOTE
|
William Costa
|
|
2013-11-04
|
|
Google Android - Signature Verification Security Bypass
|
4 |
REMOTE
|
Jay Freeman
|
|
2013-10-30
|
|
Openbravo ERP - XML External Entity Information Disclosure
|
4 |
REMOTE
|
Tod Beardsley
|
|
2013-10-21
|
|
Apache Shindig - XML External Entity Information Disclosure
|
4 |
REMOTE
|
Kousuke Ebihara
|
|
2011-10-21
|
|
DELL Quest One Password Manager - CAPTCHA Security Bypass
|
4 |
REMOTE
|
Johnny Bravo
|
|
2013-10-14
|
|
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Remote Stack Buffer Overflow
|
2 |
REMOTE
|
Craig Heffner
|
|
2013-10-18
|
|
PHP Point Of Sale - 'ofc_upload_image.php' Remote Code Execution
|
4 |
REMOTE
|
Gabby
|
|
2015-11-25
|
|
SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure
|
6 |
REMOTE
|
Igor Bulatenko
|
