|
2017-06-13
|
|
IPFire 2.19 - Remote Code Execution
|
159 |
WEB
|
0x09AL
|
|
2017-06-07
|
|
Kronos Telestaff < 2.92EU29 - SQL Injection
|
152 |
WEB
|
Goran Tuzovic
|
|
2017-06-06
|
|
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
|
207 |
WEB
|
LiquidWorm
|
|
2017-06-02
|
|
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
|
158 |
WEB
|
Gregory Draperi
|
|
2017-06-01
|
|
WebKit CachedFrameBase::restore Universal Cross Site Scripting
|
108 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit Element::setAttributeNodeNS Use-After-Free
|
126 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit CachedFrame Universal Cross Site Scripting
|
139 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check
|
135 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit JSC JSObject::ensureLength Failure Check
|
125 |
WEB
|
lokihardt
|
|
2017-06-01
|
|
WebKit Document::prepareForDestruction / CachedFrame Universal XSS
|
127 |
WEB
|
lokihardt
|
|
2017-05-31
|
|
TerraMaster F2-420 NAS TOS 3.0.30 - Unauthenticated Remote Code Execution as Root
|
207 |
WEB
|
Simone Margaritelli
|
|
2017-05-31
|
|
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
|
121 |
WEB
|
SecuriTeam
|
|
2017-05-31
|
|
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
|
151 |
WEB
|
SecuriTeam
|
|
2017-05-31
|
|
uc-http Daemon - Local File Inclusion / Directory Traversal
|
123 |
WEB
|
Project Insecurity
|
|
2017-05-31
|
|
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site S
|
100 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - Stealing Variables via Page Navigation in FrameLoader::clear
|
119 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - enqueuePageshowEvent and enqueuePopstateEvent Universal Cross-Site Scripting
|
103 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
|
89 |
WEB
|
Google Security Research
|
|
2017-05-31
|
|
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scriptin
|
114 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
141 |
WEB
|
f3ci
|
|
2017-05-23
|
|
VX Search Enterprise GET Buffer Overflow
|
181 |
WEB
|
Daniel Teixeira
|
|
2017-05-23
|
|
Sync Breeze Enterprise GET Buffer Overflow
|
141 |
WEB
|
Daniel Teixeira
|
|
2017-05-23
|
|
MediaWiki SyntaxHighlight Extension Option Injection
|
255 |
WEB
|
Yorick Koster
|
|
2017-05-22
|
|
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
|
85 |
WEB
|
hyp3rlinx
|
|
2017-05-15
|
|
miniupnpc 2.0.20170421 Denial Of Service
|
271 |
WEB
|
oststrom
|
|
2017-05-11
|
|
ASUS Routers CSRF / Information Disclosure
|
234 |
WEB
|
Yakov Shafranovich
|
|
2017-05-10
|
|
LogRhythm Network Monitor - Authentication Bypass / Command Injection
|
138 |
WEB
|
Francesco Oddo
|
|
2017-05-05
|
|
WordPress 4.6 - Unauthenticated Remote Code Execution
|
255 |
WEB
|
Dawid Golunski
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
|
112 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
|
207 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
|
124 |
WEB
|
LiquidWorm
|
|
2017-05-05
|
|
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
|
120 |
WEB
|
David Tomaschik
|
|
2017-04-28
|
|
Simple File Uploader - Arbitrary File Download
|
228 |
WEB
|
Daniel Godoy
|
|
2017-04-28
|
|
TYPO3 News Module - SQL Injection
|
148 |
WEB
|
Charles Fol
|
|
2017-04-26
|
|
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
|
234 |
WEB
|
Andrey B. Panfilov
|
|
2017-04-21
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scrip
|
113 |
WEB
|
Google Security Research
|
|
2017-04-21
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cros
|
146 |
WEB
|
Google Security Research
|
|
2017-04-19
|
|
WebKit operationSpreadGeneric Universal Cross Site Scripting
|
136 |
WEB
|
lokihardt
|
|
2017-04-18
|
|
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
|
133 |
WEB
|
hyp3rlinx
|
|
2017-04-18
|
|
Huawei HG532n Command Injection
|
156 |
WEB
|
Ahmed S. Darwish
|
|
2017-04-14
|
|
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
|
177 |
WEB
|
Peter Lapp
|
|
2017-04-13
|
|
PCMAN FTP Server 2.0.7 ACCT Buffer Overflow
|
116 |
WEB
|
Cybernetic
|
|
2017-04-13
|
|
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
|
159 |
WEB
|
Project Insecurity
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li
|
111 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
|
179 |
WEB
|
Google Security Research
|
|
2017-04-12
|
|
Brother MFC-J6520DW - Authentication Bypass / Password Change
|
188 |
WEB
|
Patryk Bogdan
|
|
2017-04-12
|
|
Adobe Multiple Products - XML Injection File Content Disclosure
|
176 |
WEB
|
Thomas Sluyter
|
|
2017-04-11
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
215 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
231 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
158 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
147 |
WEB
|
Harry Sintonen
|
|
2017-04-11
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
130 |
WEB
|
dxw
|
|
2017-04-11
|
|
Wordpress webplayer Plugins SQL Injection Vulnerability
|
359 |
WEB
|
Hassan Shakeri
|
|
2017-04-07
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
196 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Moodle 2.x/3.x - SQL Injection
|
177 |
WEB
|
Marko Belzetski
|
|
2017-04-06
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
203 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - 'constructJSReadableStreamDefaultReader' Type Confu
|
155 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
104 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
189 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
210 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
203 |
WEB
|
Google Security Research
|
|
2017-04-05
|
|
Splunk Enterprise - Information Disclosure
|
173 |
WEB
|
hyp3rlinx
|
|
2017-03-30
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
216 |
WEB
|
Dany Bach
|
|
2017-03-21
|
|
D-Link DGS-1510 - Multiple Vulnerabilities
|
134 |
WEB
|
Varang Amin
|
|
2017-03-20
|
|
Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
|
175 |
WEB
|
The Martian
|
|
2017-03-20
|
|
Microsoft Internet Information Services Cross Site Scripting
|
127 |
WEB
|
David Fernandez
|
|
2017-03-16
|
|
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
|
153 |
WEB
|
iblue
|
|
2017-03-15
|
|
Microsoft Edge Fetch API Arbitrary Header Setting
|
215 |
WEB
|
Securify B.V.
|
|
2017-03-13
|
|
e107 <= 2.1.4 - 'keyword' Blind SQL Injection
|
234 |
WEB
|
StAkeR
|
|
2017-03-13
|
|
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
|
246 |
WEB
|
KoreLogic
|
|
2017-03-10
|
|
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
|
344 |
WEB
|
hyp3rlinx
|
|
2017-03-10
|
|
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
|
301 |
WEB
|
Bruno Bierbaumer
|
|
2017-03-10
|
|
Drupal 7.x Module Services - Remote Code Execution
|
328 |
WEB
|
Charles Fol
|
|
2017-03-09
|
|
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
|
203 |
WEB
|
SEC Consult
|
|
2017-03-08
|
|
Western Digital My Cloud Command Injection
|
327 |
WEB
|
Remco Vermeulen
|
|
2017-03-07
|
|
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
|
245 |
WEB
|
Kyle Neideck
|
|
2017-03-07
|
|
WordPress Multiple Plugins - Arbitrary File Upload
|
341 |
WEB
|
The Martian
|
|
2017-03-06
|
|
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
|
217 |
WEB
|
Yann CAM
|
|
2017-03-06
|
|
WordPress Username Enumeration
|
287 |
WEB
|
Dctor
|
|
2017-03-01
|
|
NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
|
214 |
WEB
|
SivertPL
|
|
2017-03-01
|
|
Blizard BB 1.7 (privtmsg) MD5 Hash Retrieve Blind sql injection Exploit
|
362 |
WEB
|
StAkeR
|
|
2017-02-28
|
|
Grails PDF Plugin 0.6 - XML External Entity Injection
|
251 |
WEB
|
Charles Fol
|
|
2017-02-28
|
|
NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution
|
227 |
WEB
|
SivertPL
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
|
176 |
WEB
|
Google Security Research
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
|
243 |
WEB
|
Google Security Research
|
|
2017-02-27
|
|
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
|
231 |
WEB
|
Google Security Research
|
|
2017-02-23
|
|
Teradici Management Console 2.2.0 - Privilege Escalation
|
374 |
WEB
|
hantwister
|
|
2017-02-22
|
|
AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
|
148 |
WEB
|
Mehmet Ince
|
|
2017-02-22
|
|
Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)
|
217 |
WEB
|
xort
|
|
2017-02-22
|
|
Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)
|
185 |
WEB
|
xort
|
|
2017-02-22
|
|
Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit)
|
192 |
WEB
|
xort
|
|
2017-02-22
|
|
Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit)
|
238 |
WEB
|
xort
|
|
2017-02-20
|
|
NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution
|
242 |
WEB
|
SivertPL
|
|
2017-02-20
|
|
TI Online Examination System 2.0 Admin Password Changer Exploit
|
269 |
WEB
|
StAkeR
|
|
2017-02-17
|
|
dotCMS 3.6.1 - Blind Boolean SQL Injection
|
263 |
WEB
|
Ben Nott
|
|
2017-02-16
|
|
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
|
192 |
WEB
|
Davy Douhine
|
|
2017-02-14
|
|
PHP Marketplace Script - SQL Injection
|
227 |
WEB
|
Th3GundY
|
|
2017-02-10
|
|
WordPress wp-json Content Injection
|
276 |
WEB
|
Larry W. Cashdollar
|
|
2017-02-09
|
|
POSNIC 1.03 Shell Upload Exploit
|
174 |
WEB
|
Rony Das
|
|
2017-02-06
|
|
Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection
|
119 |
WEB
|
Ihsan Sencan
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
|
360 |
WEB
|
Harsh Jaiswal
|
|
2017-02-03
|
|
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
|
243 |
WEB
|
leonjza
|
|
2017-02-03
|
|
Multiple Netgear Routers - Password Disclosure
|
225 |
WEB
|
Trustwave's SpiderLabs
|
|
2017-02-03
|
|
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
|
222 |
WEB
|
Mariusz Poplawski
|
|
2017-02-03
|
|
Joomla! < 3.6.4 - Admin TakeOver
|
352 |
WEB
|
Charles Fol
|
|
2017-02-03
|
|
Joomla! < 2.5.2 - Admin Creation
|
124 |
WEB
|
Charles Fol
|
|
2017-01-23
|
|
PageKit 1.0.10 - Password Reset
|
121 |
WEB
|
Saurabh Banawar
|
|
2017-01-22
|
|
Pirelli DRG A115 v3 ADSL Router - Unauthenticated DNS Change
|
212 |
WEB
|
Todor Donev
|
|
2017-01-22
|
|
Tenda ADSL2/2+ Modem D820R - Unauthenticated DNS Change
|
307 |
WEB
|
Todor Donev
|
|
2017-01-18
|
|
BoZoN 2.4 - Remote Code Execution
|
269 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
dirLIST 0.3.0 - Arbitrary File Upload
|
236 |
WEB
|
hyp3rlinx
|
|
2017-01-18
|
|
WordPress WooCommerce Direct Download Local File Inclusion
|
251 |
WEB
|
Diego Celdran Morell
|
|
2017-01-17
|
|
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
|
252 |
WEB
|
Todor Donev
|
|
2017-01-17
|
|
Pirelli DRG A115 ADSL Router - Unauthenticated DNS Change
|
247 |
WEB
|
Todor Donev
|
|
2017-01-13
|
|
iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection
|
340 |
WEB
|
v3n0m
|
|
2017-01-11
|
|
Freepbx < 2.11.1.5 - Remote Code Execution
|
229 |
WEB
|
inj3ctor3
|
|
2017-01-04
|
|
PHPMailer Sendmail Argument Injection
|
215 |
WEB
|
Spencer McIntyre
|
|
2017-01-03
|
|
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScri
|
177 |
WEB
|
Dawid Golunski
|
|
2017-01-03
|
|
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery
|
229 |
WEB
|
Ayushman Dutta
|
|
2017-01-03
|
|
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
|
240 |
WEB
|
Dawid Golunski
|
|
2016-12-30
|
|
PHPMailer < 5.2.18 - Remote Code Execution (Python)
|
484 |
WEB
|
anarc0der
|
|
2016-12-29
|
|
SwiftMailer < 5.4.5-DEV - Remote Code Execution
|
127 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
|
231 |
WEB
|
Dawid Golunski
|
|
2016-12-29
|
|
PHPMailer < 5.2.20 - Remote Code Execution
|
139 |
WEB
|
Dawid Golunski
|
|
2016-12-27
|
|
PHPMailer 5.2.17 - Remote Code Execution
|
125 |
WEB
|
Dawid Golunski
|
