|
2013-10-28
|
|
WordPress GeoPlaces 4.x Shell Upload
|
66 |
WEB
|
DevilScreaM
|
|
2013-10-28
|
|
WebCollab 3.30 HTTP Response Splitting
|
77 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-24
|
|
Joomla Component com_maianmedia Remote Code Execution
|
97 |
WEB
|
indexphp
|
|
2013-10-23
|
|
Apache Shindig 2.5.0 XXE Injection
|
74 |
WEB
|
Kousuke Ebihara
|
|
2013-10-21
|
|
Bluetooth U 1.2.0 Directory Traversal
|
74 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-10-21
|
|
WebTester 5.x Command Execution
|
65 |
WEB
|
Brendan Coles
|
|
2013-10-18
|
|
Oracle Portal Demo Organization Chart PL/SQL Injection
|
114 |
WEB
|
Manuel Garcia Cardenas
|
|
2013-10-18
|
|
Level One Enterprise Access Points Password Disclosure
|
72 |
WEB
|
Richard Weinberger
|
|
2013-10-15
|
|
Zabbix 2.0.8 SQL Injection / Remote Code Execution
|
94 |
WEB
|
Lincoln
|
|
2013-10-08
|
|
WordPress Woopra Remote Code Execution
|
98 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress Slimstat Ex Code Execution
|
69 |
WEB
|
wantexz
|
|
2013-10-08
|
|
WordPress SEO Watcher Remote Code Execution
|
79 |
WEB
|
wantexz
|
|
2013-09-27
|
|
Astium Remote Code Execution
|
138 |
WEB
|
xistence
|
|
2013-09-26
|
|
Nodejs js-yaml load() Code Execution
|
117 |
WEB
|
joev
|
|
2013-09-24
|
|
Raidsonic NAS Devices Unauthenticated Remote Command Execution
|
116 |
WEB
|
juan vazquez
|
|
2013-08-29
|
|
SPIP Connect Parameter PHP Injection
|
83 |
WEB
|
Frederic Cikala
|
|
2013-08-15
|
|
Struts2 2.3.15 Open Redirect
|
80 |
WEB
|
Takeshi Terada
|
|
2013-08-15
|
|
Struts2 2.3.15 OGNL Injection
|
353 |
WEB
|
Takeshi Terada
|
|
2013-08-12
|
|
Sybase EAServer XXE Injection
|
67 |
WEB
|
MustLive
|
|
2013-08-08
|
|
MyBB 1.6.10 Open Redirection
|
60 |
WEB
|
LiquidWorm
|
|
2013-07-30
|
|
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
|
66 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
|
74 |
WEB
|
Dave Weinstein
|
|
2013-07-30
|
|
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
|
84 |
WEB
|
temp66
|
|
2013-07-26
|
|
Powershell Payload Web Delivery
|
71 |
WEB
|
Chris Campbell
|
|
2013-06-24
|
|
HP System Management Homepage JustGetSNMPQueue Command Injection
|
89 |
WEB
|
sinn3r
|
|
2013-06-24
|
|
LibrettoCMS File Manager Arbitrary File Upload
|
110 |
WEB
|
sinn3r
|
|
2013-06-19
|
|
MoinMoin twikidraw Action Traversal File Upload
|
77 |
WEB
|
HTP
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Cross Site Scripting
|
68 |
WEB
|
LiquidWorm
|
|
2013-06-09
|
|
Resin Application Server 4.0.36 Source Code Disclosure
|
68 |
WEB
|
LiquidWorm
|
|
2013-06-08
|
|
JBoss AS Administrative Console Password Disclosure
|
237 |
WEB
|
amroot
|
|
2013-06-04
|
|
Seowonintech Routers Remote Root File Dumper
|
57 |
WEB
|
Todor Donev
|
|
2013-06-03
|
|
PhpTax 0.8 - File Manipulation(newvalue,field) Remote Code Execution
|
103 |
WEB
|
CWH Underground
|
|
2013-05-31
|
|
HP LaserJet Pro P1606dn Password Reset
|
91 |
WEB
|
m3tamantra
|
|
2013-05-29
|
|
Matterdaddy Market 1.4.2 Cross Site Request Forgery / Arbitrary File Upload
|
74 |
WEB
|
KedAns-Dz
|
|
2013-05-20
|
|
D-Link DIR615h OS Command Injection
|
197 |
WEB
|
juan vazquez
|
|
2013-04-26
|
|
phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities
|
76 |
WEB
|
waraxe
|
|
2013-04-26
|
|
Hornbill Supportworks ITSM 1.0.0 - SQL Injection Vulnerability
|
77 |
WEB
|
Joseph Sheridan
|
|
2013-04-25
|
|
CiviCRM for Joomla 4.2.2 - Remote Code Injection
|
84 |
WEB
|
iskorpitx
|
|
2013-04-25
|
|
SMF 2.0.4 PHP Code Injection
|
183 |
WEB
|
Jakub Galczyk
|
|
2013-04-23
|
|
Janissaries Joomla Civicrm Shell Upload
|
69 |
WEB
|
miyachung
|
|
2013-04-22
|
|
nginx 0.6.x Arbitrary Code Execution NullByte Injection
|
83 |
WEB
|
Neal Poole
|
|
2013-04-22
|
|
Netgear DGN2200B pppoe.cgi Remote Command Execution
|
190 |
WEB
|
juan vazquez
|
|
2013-04-18
|
|
Java Web Start Launcher Memory Corruption
|
181 |
WEB
|
A. Antukh
|
|
2013-04-03
|
|
Aspen 0.8 Directory Traversal
|
75 |
WEB
|
Daniel Ricardo dos Santos
|
|
2013-04-03
|
|
Netgear WNR1000 Authentication Bypass
|
104 |
WEB
|
Roberto Paleari
|
|
2013-03-29
|
|
PsychoStats 3.2.2b Blind SQL Injection
|
64 |
WEB
|
Mohamed from ALG
|
|
2013-03-29
|
|
McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X
|
82 |
WEB
|
High-Tech Bridge SA
|
|
2013-03-29
|
|
AWS XMS 2.5 Path Traversal
|
82 |
WEB
|
High-Tech Bridge SA
|
|
2013-03-21
|
|
TP-Link TL-WR740N Wireless Router Remote Denial Of Service
|
101 |
WEB
|
LiquidWorm
|
|
2013-03-15
|
|
QuinStreet Database ID Spoofing
|
83 |
WEB
|
Henry Garrison
|
|
2013-03-14
|
|
LCG Disk Pool Manager SQL Injection
|
61 |
WEB
|
Adam Zabrocki
|
|
2013-03-14
|
|
Apache Rave User Exposure
|
62 |
WEB
|
Andreas Guth
|
|
2013-03-13
|
|
Web Cookbook SQL Injection
|
75 |
WEB
|
Saadat Ullah
|
|
2013-02-20
|
|
OpenEMR PHP File Upload
|
78 |
WEB
|
juan vazquez
|
|
2013-01-29
|
|
PHP Weby Directory Software 1.2 Multiple Vulnerabilities
|
140 |
WEB
|
AkaStep
|
|
2013-01-21
|
|
PHP-Charts 1.0 PHP Code Execution
|
61 |
WEB
|
Akastep
|
|
2013-01-18
|
|
PHP Chart 1.0 Code Execution
|
86 |
WEB
|
Akastep
|
|
2013-01-16
|
|
Oracle Application Framework Diagnostic Mode Bypass
|
108 |
WEB
|
David Byrne
|
|
2013-01-09
|
|
GetSimple 3.1.2 Code Execution
|
54 |
WEB
|
Jakub Galczyk
|
|
2013-01-05
|
|
Elastix 2.3 PHP Code Injection
|
81 |
WEB
|
Faris AKA i-Hmx
|
|
2013-01-05
|
|
Simple Webserver 2.3-rc1 Directory Traversal
|
82 |
WEB
|
CwG GeNiuS
|
|
2012-12-18
|
|
phpwcms 1.5.4.6 Remote Code Execution
|
101 |
WEB
|
aeon flux
|
|
2012-12-07
|
|
Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability
|
80 |
WEB
|
Woody Hughes
|
|
2012-11-30
|
|
FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
|
105 |
WEB
|
Soroush Dalili
|
|
2012-11-30
|
|
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
|
89 |
WEB
|
LiquidWorm
|
|
2012-11-14
|
|
Invision IP.Board 3.3.4 unserialize() PHP Code Execution
|
93 |
WEB
|
sinn3r
|
|
2012-11-08
|
|
Invision Power Board 3.3.4 Unserialize REGEX Bypass
|
61 |
WEB
|
webDEViL
|
|
2012-10-31
|
|
TP-LINK TL-WR841N Local File Inclusion Vulnerability
|
51 |
WEB
|
Matan Azugi
|
|
2012-10-30
|
|
OneForum Multiple Vulnerabilities
|
61 |
WEB
|
DaOne aka Mocking Bird
|
|
2012-10-30
|
|
Joomla Component com_jce remote Code Injecion / Execution Exploit (perl)
|
98 |
WEB
|
Caddy-Dz
|
|
2012-10-22
|
|
ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal
|
108 |
WEB
|
xistence
|
|
2012-10-19
|
|
ModSecurity 2.6.8 Bypass
|
82 |
WEB
|
Bernhard Mueller
|
|
2012-10-18
|
|
Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
|
96 |
WEB
|
SEC Consult
|
|
2012-10-16
|
|
AjaXplorer checkInstall.php Remote Command Execution
|
80 |
WEB
|
sinn3r
|
|
2012-10-11
|
|
ServersCheck Monitoring Software v9.0.12 / 9.0.14 - Stored XSS
|
64 |
WEB
|
loneferret
|
|
2012-09-29
|
|
Wordpress phpBAK Red Config Vulnerability
|
64 |
WEB
|
Angel Injection
|
|
2012-09-26
|
|
Auxilium RateMyPet Arbitrary File Upload
|
101 |
WEB
|
sinn3r
|
|
2012-09-24
|
|
ZEN Load Balancer Filelog Command Execution
|
90 |
WEB
|
Brendan Coles
|
|
2012-09-24
|
|
NTR ActiveX Control Check() Method Buffer Overflow
|
105 |
WEB
|
juan vazquez
|
|
2012-09-24
|
|
NTR ActiveX Control StopModule() Remote Code Execution
|
120 |
WEB
|
juan vazquez
|
|
2012-09-17
|
|
Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit
|
180 |
WEB
|
Mattijs van Ommeren
|
|
2012-09-05
|
|
JBoss DeploymentFileRepository WAR Deployment
|
97 |
WEB
|
h0ng10
|
|
2012-09-05
|
|
MobileCartly 1.0 Arbitrary File Creation
|
165 |
WEB
|
sinn3r
|
|
2012-09-04
|
|
Android Mobile 2.6.xx Bypass Security Vulnerability
|
102 |
WEB
|
Taurus Omar
|
|
2012-08-31
|
|
AP NetWeaver HostControl Command Injection
|
48 |
WEB
|
juan vazquez
|
|
2012-08-27
|
|
BusinessWiki 2.5RC3 Stored XSS & Arbitrary File Upload
|
53 |
WEB
|
Shai rod
|
|
2012-08-27
|
|
WebPA <= 1.1.0.1 Multiple Vulnerabilities
|
84 |
WEB
|
dun
|
|
2012-08-24
|
|
XODA 0.4.5 Arbitrary PHP File Upload
|
79 |
WEB
|
Shai rod
|
|
2012-08-24
|
|
Apache Struts2 Remote Code Execution
|
110 |
WEB
|
kxlzx
|
|
2012-08-24
|
|
op5 Monitoring v5.4.2 (VM Applicance) Multiple Vulnerabilities
|
79 |
WEB
|
loneferret
|
|
2012-08-23
|
|
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
|
71 |
WEB
|
iJoo
|
|
2012-08-22
|
|
Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change (MSF)
|
65 |
WEB
|
Kc57
|
|
2012-08-22
|
|
Symantec Web Gateway <= 5.0.3.18 Arbitrary Password Change
|
67 |
WEB
|
Kc57
|
|
2012-08-15
|
|
MaxForum v1.0.0 Local File Inclusion Vulnerability
|
95 |
WEB
|
ahwak2000
|
|
2012-08-14
|
|
Cyclope Employee Surveillance Solution 6 SQL Injection
|
82 |
WEB
|
sinn3r
|
|
2012-08-14
|
|
TestLink 1.9.3 Arbitrary File Upload
|
160 |
WEB
|
Brendan Coles
|
|
2012-08-10
|
|
Cyclope Employee Surveillance Solution 6.0 SQL Injection
|
57 |
WEB
|
loneferret
|
|
2012-08-09
|
|
IBM Proventia Network Mail Security System 2.5 POST File Read
|
96 |
WEB
|
muts
|
|
2012-08-07
|
|
Power Bulletin Board Bypass
|
63 |
WEB
|
i-Hmx
|
|
2012-08-06
|
|
am4ss Support System 1.2 PHP Code Injection Exploit
|
105 |
WEB
|
i-Hmx
|
|
2012-08-01
|
|
WebPageTest Arbitrary PHP File Upload
|
68 |
WEB
|
sinn3r
|
|
2012-07-31
|
|
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
|
69 |
WEB
|
Plixer International
|
|
2012-07-31
|
|
Symantec Web Gateway 5.0.3.18 (deptUploads_data.php groupid parameter) Blind SQLi
|
110 |
WEB
|
@_Kc57
|
|
2012-07-30
|
|
CuteFlow 2.11.2 Arbitrary File Upload
|
114 |
WEB
|
Brendan Coles
|
|
2012-07-27
|
|
Redaxo 4.4 Cross Site Scripting Vulnerability
|
89 |
WEB
|
High-Tech Bridge Security Research Lab
|
|
2012-07-27
|
|
PHP UnZIP v0.1 - Full Disclosure
|
87 |
WEB
|
TAURUS OMAR
|
|
2012-07-27
|
|
Develoweb - Blind SQL Injection Vulnerability
|
50 |
WEB
|
TAURUS OMAR
|
|
2012-07-27
|
|
Thelia 1.5.1 Cross Site Scripting
|
67 |
WEB
|
HTTPCS
|
|
2012-07-26
|
|
Joomla com_odudeprofile V2.x Exploit
|
101 |
WEB
|
Daniel Barragan "D4NB4R"
|
|
2012-07-25
|
|
Zabbix 2.0.1 and Earlier Session Extractor 0day
|
102 |
WEB
|
muts
|
|
2012-07-25
|
|
WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload
|
68 |
WEB
|
Chris Kellum
|
|
2012-07-25
|
|
phpProfiles 4.5.4 Beta XSS / RFI / SQL Injection
|
87 |
WEB
|
L0n3ly-H34rT
|
|
2012-07-24
|
|
AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection
|
69 |
WEB
|
muts
|
|
2012-07-24
|
|
Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
|
77 |
WEB
|
muts
|
|
2012-07-24
|
|
Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection
|
73 |
WEB
|
muts
|
|
2012-07-24
|
|
EGallery PHP File Upload Vulnerability
|
134 |
WEB
|
juan
|
|
2012-07-23
|
|
Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE
|
76 |
WEB
|
muts
|
|
2012-07-23
|
|
Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injection
|
78 |
WEB
|
muts
|
|
2012-07-23
|
|
SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities
|
153 |
WEB
|
muts
|
|
2012-07-20
|
|
Maian Survey 1.1 Local File Inclusion / Open Redirection
|
53 |
WEB
|
PuN!Sh3r
|
|
2012-07-20
|
|
Joomla Hello Local File Inclusion
|
215 |
WEB
|
Ajax Security Team
|
|
2012-07-18
|
|
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
|
389 |
WEB
|
Stefan Schurtz
|
|
2012-07-18
|
|
WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
|
62 |
WEB
|
Stefan Schurtz
|
|
2012-07-18
|
|
Forum Oxalis <= 0.1.2 SQL Injection Vulnerability
|
51 |
WEB
|
Jean Pascal Pereira
|
|
2012-07-17
|
|
Wordpress Diary/Notebook Site5 Theme Email Spoofing
|
67 |
WEB
|
bwallHatesTwits
|
