|
2019-08-14
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
|
2 |
WEB
|
qw3rTyTy
|
|
2019-08-14
|
|
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
2 |
WEB
|
Ilca Lucian Florin
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
|
2 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
|
2 |
WEB
|
xerubus
|
|
2019-08-12
|
|
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
|
2 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Formula Injection
|
2 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
|
1 |
WEB
|
Aishwarya Iyer
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deleti
|
2 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
|
2 |
WEB
|
qw3rTyTy
|
|
2019-08-12
|
|
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
|
2 |
WEB
|
Greg.Priest
|
|
2019-08-12
|
|
Cisco Adaptive Security Appliance - Path Traversal (Metasploit)
|
2 |
WEB
|
Angelo Ruwantha
|
|
2019-08-12
|
|
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
|
2 |
WEB
|
Angelo Ruwantha
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
|
2 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Adive Framework 2.0.7 - Cross-Site Request Forgery
|
2 |
WEB
|
Pablo Santiago
|
|
2019-08-08
|
|
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
|
1 |
WEB
|
qw3rTyTy
|
|
2019-08-08
|
|
Aptana Jaxer 1.0.3.4547 - Local File inclusion
|
2 |
WEB
|
Steph Jensen
|
|
2019-08-08
|
|
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
|
2 |
WEB
|
Mr Winst0n
|
|
2019-08-08
|
|
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
|
2 |
WEB
|
Greg.Priest
|
|
2019-08-07
|
|
WordPress Plugin JoomSport 3.3 - SQL Injection
|
2 |
WEB
|
Pablo Santiago
|
|
2019-08-02
|
|
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Kusol Watchara-Apanukorn
|
|
2019-08-02
|
|
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
|
2 |
WEB
|
n1x_
|
|
2019-08-02
|
|
Sar2HTML 3.2.1 - Remote Command Execution
|
2 |
WEB
|
Cemal Cihad ÇİFTÇİ
|
|
2019-08-01
|
|
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
|
1 |
WEB
|
Alperen Soydan
|
|
2019-08-01
|
|
WebIncorp ERP - SQL injection
|
1 |
WEB
|
n1x_
|
|
2019-08-01
|
|
Ultimate Loan Manager 2.0 - Cross-Site Scripting
|
2 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-31
|
|
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
|
2 |
WEB
|
Lucas Dinucci
|
|
2019-07-30
|
|
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
|
2 |
WEB
|
Jacob Baines
|
|
2019-07-29
|
|
GigToDo 1.3 - Cross-Site Scripting
|
2 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
|
1 |
WEB
|
m0ze
|
|
2019-07-29
|
|
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
|
1 |
WEB
|
rubyman
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
|
2 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploi
|
2 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
|
2 |
WEB
|
Wietse Boonstra
|
|
2019-07-26
|
|
Moodle Filepicker 3.5.2 - Server Side Request Forgery
|
2 |
WEB
|
Fabian Mosch_ Nick Theisinger
|
|
2019-07-25
|
|
MyBB < 1.8.21 - Remote Code Execution
|
2 |
WEB
|
Giovanni Chhatta
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - SQL Injection
|
3 |
WEB
|
UserX
|
|
2019-07-25
|
|
Ovidentia 8.4.3 - Cross-Site Scripting
|
2 |
WEB
|
n3k00n3
|
|
2019-07-24
|
|
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
|
3 |
WEB
|
yasin
|
|
2019-07-24
|
|
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
|
0 |
WEB
|
Mehmet Onder
|
|
2019-07-24
|
|
NoviSmart CMS - SQL injection
|
1 |
WEB
|
n1x_
|
|
2019-07-22
|
|
Axway SecureTransport 5 - Unauthenticated XML Injection
|
1 |
WEB
|
Dominik Penner
|
|
2019-07-19
|
|
REDCap < 9.1.2 - Cross-Site Scripting
|
3 |
WEB
|
Alexandre ZANNI
|
|
2019-07-19
|
|
Web Ofisi Firma 13 - 'oz' SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Rent a Car 3 - 'klima' SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Firma Rehberi 1 - 'il' SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Emlak 2 - 'ara' SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
Web Ofisi E-Ticaret 3 - 'a' SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2019-07-19
|
|
fuel CMS 1.4.1 - Remote Code Execution (1)
|
2 |
WEB
|
0xd0ff9
|
|
2019-07-18
|
|
WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
|
2 |
WEB
|
LiquidWorm
|
|
2019-07-17
|
|
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Sarath Nair
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.838 - User Enumeration
|
2 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
|
2 |
WEB
|
Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Nari
|
|
2019-07-16
|
|
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
|
2 |
WEB
|
Pongtorn Angsuchotmetee
|
|
2019-07-15
|
|
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
|
2 |
WEB
|
Mohammed Althibyani
|
|
2019-07-15
|
|
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
|
2 |
WEB
|
Ramikan
|
|
2019-07-15
|
|
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
|
1 |
WEB
|
Wadeek
|
|
2019-07-12
|
|
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
|
2 |
WEB
|
Chris Lyne
|
|
2019-07-12
|
|
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Ishaq Mohammed
|
|
2019-07-12
|
|
Sahi Pro 8.0.0 - Remote Command Execution
|
2 |
WEB
|
AkkuS
|
|
2019-07-12
|
|
MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting
|
1 |
WEB
|
Metin Yunus Kandemir
|
|
2019-07-12
|
|
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
|
1 |
WEB
|
ABDO10
|
|
2019-07-11
|
|
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Owais Mehtab
|
|
2019-07-08
|
|
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
|
2 |
WEB
|
Benjamin Lim
|
|
2019-07-08
|
|
Karenderia Multiple Restaurant System 5.3 - SQL Injection
|
2 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-05
|
|
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
|
2 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-03
|
|
Symantec DLP 15.5 MP1 - Cross-Site Scripting
|
2 |
WEB
|
Chapman Schleiss
|
|
2019-07-02
|
|
Centreon 19.04 - Remote Code Execution
|
1 |
WEB
|
Askar
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
|
2 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
|
2 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
FaceSentry Access Control System 6.4.8 - Remote Command Injection
|
2 |
WEB
|
LiquidWorm
|
|
2019-07-01
|
|
CyberPanel 1.8.4 - Cross-Site Request Forgery
|
3 |
WEB
|
Bilgi Birikim Sistemleri
|
|
2019-07-01
|
|
Sahi pro 8.x - Directory Traversal
|
2 |
WEB
|
Operat0r
|
|
2019-07-01
|
|
SAP Crystal Reports - Information Disclosure
|
2 |
WEB
|
Mohamed M.Fouad
|
|
2019-07-01
|
|
ZoneMinder 1.32.3 - Cross-Site Scripting
|
2 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
PowerPanel Business Edition - Cross-Site Scripting
|
2 |
WEB
|
Joey Lane
|
|
2019-07-01
|
|
Varient 1.6.1 - SQL Injection
|
1 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
CiuisCRM 1.6 - 'eventType' SQL Injection
|
3 |
WEB
|
Mehmet EMIROGLU
|
|
2019-07-01
|
|
WorkSuite PRM 2.4 - 'password' SQL Injection
|
2 |
WEB
|
Mehmet EMIROGLU
|
|
2019-06-28
|
|
LibreNMS 1.46 - 'addhost' Remote Code Execution
|
1 |
WEB
|
Askar
|
|
2019-06-25
|
|
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
|
2 |
WEB
|
m0ze
|
|
2019-06-25
|
|
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
|
2 |
WEB
|
m0ze
|
|
2019-06-25
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
|
1 |
WEB
|
Aaron Bishop
|
|
2019-06-25
|
|
AZADMIN CMS 1.0 - SQL Injection
|
2 |
WEB
|
felipe andrian
|
|
2019-06-25
|
|
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
|
3 |
WEB
|
XORcat
|
|
2019-06-24
|
|
GrandNode 4.40 - Path Traversal / Arbitrary File Download
|
2 |
WEB
|
Corey Robinson
|
|
2019-06-24
|
|
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
|
1 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
|
2 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
SeedDMS versions < 5.1.11 - Remote Command Execution
|
2 |
WEB
|
Nimit Jain
|
|
2019-06-24
|
|
dotProject 2.1.9 - SQL Injection
|
2 |
WEB
|
Metin Yunus Kandemir
|
|
2019-06-20
|
|
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
|
2 |
WEB
|
Aaron Bishop
|
|
2019-06-20
|
|
WebERP 4.15 - SQL injection
|
2 |
WEB
|
Semen Alexandrovich Lyhin
|
|
2019-06-19
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
|
2 |
WEB
|
Aaron Bishop
|
|
2019-06-19
|
|
BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
|
2 |
WEB
|
Aaron Bishop
|
|
2019-06-18
|
|
Sahi pro 8.x - Cross-Site Scripting
|
1 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-18
|
|
Sahi pro 8.x - SQL Injection
|
2 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-18
|
|
Sahi pro 7.x/8.x - Directory Traversal
|
2 |
WEB
|
Goutham Madhwaraj
|
|
2019-06-17
|
|
Spring Security OAuth - Open Redirector
|
1 |
WEB
|
Riemann
|
|
2019-06-17
|
|
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
|
1 |
WEB
|
Alex Akinbi
|
|
2019-06-17
|
|
RedwoodHQ 2.5.5 - Authentication Bypass
|
2 |
WEB
|
EthicalHCOP
|
|
2019-06-13
|
|
Sitecore 8.x - Deserialization Remote Code Execution
|
2 |
WEB
|
Jarad Kopf
|
|
2019-06-12
|
|
FusionPBX 4.4.3 - Remote Command Execution
|
2 |
WEB
|
Dustin Cobb
|
|
2019-06-11
|
|
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
|
2 |
WEB
|
Valerio Brussani
|
|
2019-06-11
|
|
phpMyAdmin 4.8 - Cross-Site Request Forgery
|
2 |
WEB
|
Riemann
|
|
2019-06-11
|
|
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
|
2 |
WEB
|
xulchibalraa
|
|
2019-06-10
|
|
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
|
2 |
WEB
|
Unk9vvN
|
|
2019-06-06
|
|
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
|
2 |
WEB
|
Dhiraj Mishra
|
|
2019-06-05
|
|
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
|
2 |
WEB
|
k8gege
|
|
2019-06-05
|
|
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
|
2 |
WEB
|
k8gege
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
|
1 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
|
2 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
|
2 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
|
1 |
WEB
|
Vingroup
|
|
2019-06-04
|
|
IceWarp 10.4.4 - Local File Inclusion
|
2 |
WEB
|
JameelNabbo
|
|
2019-06-03
|
|
WordPress Plugin Form Maker 1.13.3 - SQL Injection
|
1 |
WEB
|
Daniele Scanu
|
|
2019-06-03
|
|
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
|
2 |
WEB
|
Luca.Chiou
|
|
2019-06-03
|
|
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
|
1 |
WEB
|
SlidingWindow
|
|
2019-05-29
|
|
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
|
1 |
WEB
|
Chi Tran
|
|
2019-05-28
|
|
Phraseanet < 4.0.7 - Cross-Site Scripting
|
1 |
WEB
|
Krzysztof Szulski
|
|
2019-05-27
|
|
Deltek Maconomy 2.2.5 - Local File Inclusion
|
2 |
WEB
|
JameelNabbo
|
|
2019-05-23
|
|
Nagios XI 5.6.1 - SQL injection
|
1 |
WEB
|
JameelNabbo
|
|
2019-05-22
|
|
Horde Webmail 5.2.22 - Multiple Vulnerabilities
|
1 |
WEB
|
InfinitumIT
|
|
2019-05-22
|
|
Carel pCOWeb < B1.2.1 - Credentials Disclosure
|
1 |
WEB
|
Luca.Chiou
|
