|
2018-09-13
|
|
Seagate Personal Cloud Information Disclosure
|
161 |
WEB
|
Yorick Koster
|
|
2018-09-12
|
|
Tor Browser 7.x NoScript Bypass
|
126 |
WEB
|
x0rz
|
|
2018-09-11
|
|
phpMyAdmin Credential Stealer
|
267 |
WEB
|
Dhiraj Mishra
|
|
2018-09-11
|
|
LW-N605R 12.20.2.1486 - Remote Code Execution
|
156 |
WEB
|
Nassim Asrir
|
|
2018-09-11
|
|
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
|
148 |
WEB
|
Reigning Shells
|
|
2018-09-07
|
|
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
|
192 |
WEB
|
Marko Jokic
|
|
2018-08-30
|
|
Episerver 7 patch 4 - XML External Entity Injection
|
152 |
WEB
|
Jonas Lejon
|
|
2018-08-28
|
|
LiteCart 2.1.2 - Arbitrary File Upload
|
108 |
WEB
|
Haboob Team
|
|
2018-08-27
|
|
KingMedia 4.1 - Remote Code Execution
|
228 |
WEB
|
Efrén Díaz
|
|
2018-08-27
|
|
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
|
317 |
WEB
|
Alfie
|
|
2018-08-27
|
|
ADM 3.1.2RHG1 - Remote Code Execution
|
101 |
WEB
|
Matthew Fulton
|
|
2018-08-27
|
|
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
|
100 |
WEB
|
Maxim Yefimenko
|
|
2018-08-16
|
|
cPanel 76 Cross Site Scripting
|
162 |
WEB
|
Numan OZDEMIR
|
|
2018-08-15
|
|
cgit 1.2.1 - Directory Traversal (Metasploit)
|
108 |
WEB
|
Dhiraj Mishra
|
|
2018-08-10
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
|
112 |
WEB
|
Wadeek
|
|
2018-08-10
|
|
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
|
112 |
WEB
|
Wadeek
|
|
2018-08-07
|
|
OpenEMR < 5.0.1 - Remote Code Execution
|
155 |
WEB
|
Cody Zacharias
|
|
2018-08-03
|
|
Seq 4.2.476 Authentication Bypass
|
135 |
WEB
|
Daniel Chactoura
|
|
2018-08-03
|
|
CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection
|
98 |
WEB
|
0x09AL
|
|
2018-08-01
|
|
SonicWall Global Management System XMLRPC
|
129 |
WEB
|
Michael Flanders
|
|
2018-08-01
|
|
Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution
|
153 |
WEB
|
Touhid M.Shaikh
|
|
2018-07-31
|
|
H2 Database 1.4.197 Information Disclosure
|
140 |
WEB
|
owodelta
|
|
2018-07-25
|
|
Cisco Adaptive Security Appliance Path Traversal
|
154 |
WEB
|
Angelo Ruwantha
|
|
2018-07-25
|
|
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
|
113 |
WEB
|
Mehmet Ince
|
|
2018-07-25
|
|
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
|
140 |
WEB
|
Nathu Nandwani
|
|
2018-07-25
|
|
Davolink DVW 3200 Router - Password Disclosure
|
116 |
WEB
|
Ankit Anubhav
|
|
2018-07-20
|
|
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
|
154 |
WEB
|
Jacob Robles
|
|
2018-07-19
|
|
PrestaShop < 1.6.1.19 - AES CBC Privilege Escalation Exploit
|
111 |
WEB
|
Charles Fol
|
|
2018-07-19
|
|
PrestaShop < 1.6.1.19 - BlowFish ECD Privilege Escalation Exploit
|
143 |
WEB
|
Charles Fol
|
|
2018-07-19
|
|
Modx Revolution Remote Code Execution
|
106 |
WEB
|
Vitalii Rudnykh
|
|
2018-07-17
|
|
QNAP Q'Center change_passwd Command Execution
|
119 |
WEB
|
Brendan Coles
|
|
2018-07-13
|
|
Apache CouchDB Arbitrary Command Execution
|
120 |
WEB
|
Green-m
|
|
2018-07-13
|
|
phpMyAdmin Authenticated Remote Code Execution
|
198 |
WEB
|
Jacob Robles
|
|
2018-07-12
|
|
Instagram Clone Script 2.0 Cross Site Scripting
|
128 |
WEB
|
Borna Nematzadeh
|
|
2018-07-11
|
|
Monstra CMS Authenticated Arbitrary File Upload
|
181 |
WEB
|
Touhid M.Shaikh
|
|
2018-07-11
|
|
D-Link DIR601 2.02 - Credential Disclosure
|
143 |
WEB
|
Richard Rogerson
|
|
2018-07-11
|
|
Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
|
166 |
WEB
|
bobsecq
|
|
2018-07-11
|
|
Gitea 1.4.0 - Remote Code Execution
|
118 |
WEB
|
Kacper Szurek
|
|
2018-07-09
|
|
GitList 0.6.0 Argument Injection
|
134 |
WEB
|
Shelby Pace
|
|
2018-07-05
|
|
CMS Made Simple 2.2.5 - Remote Code Execution
|
215 |
WEB
|
Mustafa Hasan
|
|
2018-07-03
|
|
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
|
149 |
WEB
|
ParagonSec
|
|
2018-07-03
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
|
110 |
WEB
|
RandoriSec
|
|
2018-06-29
|
|
Cisco Adaptive Security Appliance - Path Traversal
|
154 |
WEB
|
Yassine Aboukir
|
|
2018-06-28
|
|
HPE VAN SDN 2.7.18.0503 - Remote Root
|
114 |
WEB
|
KoreLogic
|
|
2018-06-28
|
|
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
|
111 |
WEB
|
Sanjiv Kawa
|
|
2018-06-28
|
|
Apache CouchDB < 2.1.0 - Remote Code Execution
|
126 |
WEB
|
Cody Zacharias
|
|
2018-06-28
|
|
TP-Link TL-WA850RE - Remote Command Execution
|
130 |
WEB
|
yoresongo
|
|
2018-06-11
|
|
userSpice 4.3.24 - Username Enumeration
|
161 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting
|
109 |
WEB
|
Dolev Farhi
|
|
2018-06-11
|
|
XiongMai uc-httpd 1.0.0 - Buffer Overflow
|
189 |
WEB
|
Andrew Watson
|
|
2018-06-11
|
|
Monstra CMS < 3.0.4 - Cross-Site Scripting
|
142 |
WEB
|
DEEPIN2
|
|
2018-06-11
|
|
Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)
|
160 |
WEB
|
Kl3_GMjq6
|
|
2018-06-11
|
|
Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
|
143 |
WEB
|
DEEPIN2
|
|
2018-05-28
|
|
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
|
129 |
WEB
|
J. Carrillo Lencina
|
|
2018-05-22
|
|
GitBucket 4.23.1 - Remote Code Execution
|
118 |
WEB
|
Kacper Szurek
|
|
2018-05-18
|
|
Intelbras NCLOUD 300 1.0 - Authentication bypass
|
142 |
WEB
|
Pedro Aguiar
|
|
2018-05-10
|
|
Mantis manage_proj_page PHP Code Execution
|
153 |
WEB
|
Lars Sorenson
|
|
2018-05-08
|
|
Palo Alto Networks readSessionVarsFromFile() Session Corruption
|
142 |
WEB
|
hdm
|
|
2018-05-08
|
|
PlaySMS import.php Code Execution
|
127 |
WEB
|
Touhid M.Shaikh
|
|
2018-05-08
|
|
PlaySMS sendfromfile.php Code Execution
|
127 |
WEB
|
DarkS3curity
|
|
2018-05-07
|
|
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
|
169 |
WEB
|
Tomislav Paskalev
|
|
2018-05-07
|
|
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
|
199 |
WEB
|
Takeshi Terada
|
|
2018-05-03
|
|
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
|
144 |
WEB
|
Jared Arave
|
|
2018-05-03
|
|
Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code
|
184 |
WEB
|
SixP4ck3r
|
|
2018-05-03
|
|
osCommerce Installer Unauthenticated Code Execution
|
126 |
WEB
|
Daniel Teixeira
|
|
2018-04-27
|
|
GitList 0.6 - Unauthenticated Remote Code Execution
|
127 |
WEB
|
Kacper Szurek
|
|
2018-04-27
|
|
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
|
105 |
WEB
|
Sven Fassbender
|
|
2018-04-25
|
|
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
|
141 |
WEB
|
Berk Cem Göksel
|
|
2018-04-25
|
|
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
|
144 |
WEB
|
devcoinfet
|
|
2018-04-24
|
|
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
|
100 |
WEB
|
Sebastián Castro
|
|
2018-04-19
|
|
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
|
132 |
WEB
|
SadFud
|
|
2018-04-16
|
|
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
|
138 |
WEB
|
FarazPajohan
|
|
2018-04-16
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
|
178 |
WEB
|
Hans Topo
|
|
2018-04-16
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
|
178 |
WEB
|
Vitalii Rudnykh
|
|
2018-04-10
|
|
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
|
96 |
WEB
|
RedTeam Pentesting
|
|
2018-04-04
|
|
ProcessMaker Plugin Code Execution
|
116 |
WEB
|
Brendan Coles
|
|
2018-04-04
|
|
DuckDuckGo 4.2.0 WebRTC Private IP Leakage
|
141 |
WEB
|
Brendan Coles
|
|
2018-04-02
|
|
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
|
143 |
WEB
|
Touhid M.Shaikh
|
|
2018-04-02
|
|
osCommerce 2.3.4.1 - Remote Code Execution
|
147 |
WEB
|
Simon Scannell
|
|
2018-04-02
|
|
Homematic CCU2 2.29.23 - Remote Command Execution
|
148 |
WEB
|
Gregor Kopf
|
|
2018-04-02
|
|
Homematic CCU2 2.29.23 - Arbitrary File Write
|
162 |
WEB
|
Gregor Kopf
|
|
2018-03-30
|
|
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
|
181 |
WEB
|
luisco100
|
|
2018-03-30
|
|
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
|
137 |
WEB
|
Stefan Horst
|
|
2018-03-30
|
|
Square 9 GlobalForms 6.2.x Blind SQL Injection
|
133 |
WEB
|
Darrell Damstedt
|
|
2018-03-29
|
|
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
|
137 |
WEB
|
Sven Fassbender
|
|
2018-03-27
|
|
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
|
106 |
WEB
|
Touhid M.Shaikh
|
|
2018-03-26
|
|
XenForo 2 - CSS Loader Denial of Service
|
135 |
WEB
|
LockedByte
|
|
2018-03-26
|
|
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
|
148 |
WEB
|
Mans van Someren
|
|
2018-03-26
|
|
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
|
309 |
WEB
|
Matamorphosis
|
|
2018-03-22
|
|
Cisco node-jos < 0.11.0 - Re-sign Tokens
|
159 |
WEB
|
zioBlack
|
|
2018-03-21
|
|
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
|
125 |
WEB
|
anhax0r
|
|
2018-03-16
|
|
Spring Data REST < 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
|
187 |
WEB
|
Antonio Francesco Sardella
|
|
2018-03-13
|
|
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
|
133 |
WEB
|
Chris Lyne
|
|
2018-03-13
|
|
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
|
120 |
WEB
|
Mehmet Ince
|
|
2018-03-07
|
|
Bravo Tejari Web Portal Cross Site Scripting
|
120 |
WEB
|
Arvind V.
|
|
2018-02-28
|
|
Concrete5 < 8.3.0 - Username / Comments Enumeration
|
172 |
WEB
|
Chapman Schleiss
|
|
2018-02-26
|
|
AsusWRT LAN Unauthenticated Remote Code Execution
|
160 |
WEB
|
Pedro Ribeiro
|
|
2018-02-26
|
|
UserSpice 4.3 - Blind SQL Injection
|
180 |
WEB
|
Dolev Farhi
|
|
2018-02-07
|
|
Hava Tahmin 1.0 Database Disclosure
|
154 |
WEB
|
indoushka
|
|
2018-02-07
|
|
Hazir Site 2.2 Database Disclosure
|
181 |
WEB
|
indoushka
|
|
2018-02-07
|
|
Gateway 1.0 Database Disclosure
|
162 |
WEB
|
indoushka
|
|
2018-02-07
|
|
iPortalx Portal Scripti Database Disclosure
|
173 |
WEB
|
indoushka
|
|
2018-02-06
|
|
Online Voting System - Authentication Bypass
|
198 |
WEB
|
Giulio Comi
|
|
2018-02-05
|
|
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
|
158 |
WEB
|
Dmitry Chastuhin
|
|
2018-01-31
|
|
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
|
179 |
WEB
|
Paul Taylor
|
|
2018-01-30
|
|
Advantech WebAccess < 8.3 - SQL Injection
|
147 |
WEB
|
Chris Lyne
|
|
2018-01-29
|
|
Asus Router Cross Site Script / Authentication Bypass
|
160 |
WEB
|
4TT4CK3R
|
|
2018-01-29
|
|
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
|
162 |
WEB
|
Víctor Calvo
|
|
2018-01-24
|
|
Kaltura Remote PHP Code Execution
|
150 |
WEB
|
Robin Verton
|
|
2018-01-24
|
|
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
|
163 |
WEB
|
h00die
|
|
2018-01-24
|
|
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
|
147 |
WEB
|
Ihsan Sencan
|
|
2018-01-22
|
|
Simple ASC CMS 1.2 Database Disclosure
|
137 |
WEB
|
indoushka
|
|
2018-01-22
|
|
PHPFreeChat 1.7 - Denial of Service
|
131 |
WEB
|
A. Pakbaz
|
|
2018-01-19
|
|
Primefaces 5.x - Remote Code Execution (Metasploit)
|
204 |
WEB
|
Bjoern Schuette
|
|
2018-01-16
|
|
Adminer 4.3.1 - Server-Side Request Forgery
|
162 |
WEB
|
hyp3rlinx
|
|
2018-01-16
|
|
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection
|
132 |
WEB
|
absolomb
|
|
2018-01-12
|
|
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
|
158 |
WEB
|
Cr0n1c
|
|
2018-01-12
|
|
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
|
133 |
WEB
|
Vahagn Vardanyan
|
|
2018-01-11
|
|
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
|
134 |
WEB
|
Algeria
|
|
2018-01-11
|
|
phpCollab 2.5.1 Unauthenticated File Upload
|
138 |
WEB
|
Nick Marcoccio
|
|
2018-01-10
|
|
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
|
164 |
WEB
|
James Bercegay
|
|
2018-01-09
|
|
FiberHome LM53Q1 - Multiple Vulnerabilities
|
146 |
WEB
|
Ibad Shah
|
|
2018-01-05
|
|
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
|
140 |
WEB
|
James Bercegay
|
|
2018-01-05
|
|
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
|
131 |
WEB
|
James Bercegay
|
|
2018-01-04
|
|
Linksys WVBR0-25 User-Agent Command Execution
|
125 |
WEB
|
HeadlessZeke
|
