|
2018-11-21
|
|
WebOfisi E-Ticaret V4 - 'urun' SQL Injection
|
3 |
WEB
|
AkkuS
|
|
2018-11-21
|
|
WordPress Theme CherryFramework 3.1.4 - Backup File Download
|
3 |
WEB
|
b1p0l4r
|
|
2018-11-21
|
|
Ticketly 1.0 - 'name' SQL Injection
|
3 |
WEB
|
Javier Olmedo
|
|
2018-11-21
|
|
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
|
3 |
WEB
|
LiquidWorm
|
|
2018-11-20
|
|
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
|
2 |
WEB
|
Javier Olmedo
|
|
2018-11-16
|
|
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting
|
3 |
WEB
|
Dawood Ansar
|
|
2018-11-16
|
|
Helpdezk 1.1.1 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-16
|
|
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
|
3 |
WEB
|
MTK
|
|
2018-11-15
|
|
PHP Mass Mail 1.0 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
2-Plan Team 1.0.4 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Simple E-Document 1.31 - 'username' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Meneame English Pligg 5.8 - 'search' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
EverSync 0.5 - Arbitrary File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
Net-Billetterie 2.9 - 'login' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
BitZoom 1.0 - 'rollno' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-15
|
|
PHP-Proxy 5.1.0 - Local File Inclusion
|
3 |
WEB
|
Ameer Pornillos
|
|
2018-11-15
|
|
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
|
1 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Nawaf Alkeraithe
|
|
2018-11-14
|
|
Pedidos 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Rmedia SMS 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Advanced Comment System 1.0 - SQL Injection
|
3 |
WEB
|
Rafael Pedrero
|
|
2018-11-14
|
|
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
|
3 |
WEB
|
KoreLogic
|
|
2018-11-14
|
|
EdTv 2 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
|
3 |
WEB
|
Nawaf Alkeraithe
|
|
2018-11-14
|
|
Helpdezk 1.1.1 - 'query' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-14
|
|
iServiceOnline 1.0 - 'r' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
SIPve 0.0.2-R19 - SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - 'order' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
|
3 |
WEB
|
Ameer Pornillos
|
|
2018-11-13
|
|
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Gumbo CMS 0.99 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Easyndexer 1.0 - Arbitrary File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Musicco 2.0.0 - Arbitrary Directory Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Alienor Web Libre 2.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - Local File Inclusion
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
Surreal ToDo 0.6.1.2 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-13
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
|
2 |
WEB
|
InfinitumIT
|
|
2018-11-13
|
|
CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting
|
4 |
WEB
|
InfinitumIT
|
|
2018-11-12
|
|
Nominas 0.27 - 'username' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
|
4 |
WEB
|
hyp3rlinx
|
|
2018-11-12
|
|
ServerZilla 1.0 - 'email' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
GPS Tracking System 2.12 - 'username' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
Facturation System 1.0 - 'modid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
The Don 1.0.1 - 'login' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosur
|
4 |
WEB
|
Wadeek
|
|
2018-11-12
|
|
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-12
|
|
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
|
4 |
WEB
|
Pasquale Turi
|
|
2018-11-12
|
|
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
|
4 |
WEB
|
Pasquale Turi
|
|
2018-11-12
|
|
TufinOS 2.17 Build 1193 - XML External Entity Injection
|
3 |
WEB
|
Konstantinos Alexiou
|
|
2018-11-12
|
|
Data Center Audit 2.6.2 - 'username' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-07
|
|
PlayJoom 0.10.1 - 'catid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
|
4 |
WEB
|
Carlos Avila
|
|
2018-11-06
|
|
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
|
2 |
WEB
|
AkkuS
|
|
2018-11-06
|
|
OOP CMS BLOG 1.0 - 'search' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
Grocery crud 1.6.1 - 'search_field' SQL Injection
|
4 |
WEB
|
Loading Kura Kura
|
|
2018-11-06
|
|
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-06
|
|
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
|
5 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-11-05
|
|
Voovi Social Networking Script 1.0 - 'user' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Royal TS/X - Information Disclosure
|
4 |
WEB
|
Jakub Palaczynski
|
|
2018-11-05
|
|
PHP Proxy 3.0.3 - Local File Inclusion
|
4 |
WEB
|
AkkuS
|
|
2018-11-05
|
|
Mongo Web Admin 6.0 - Information Disclosure
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
WebVet 0.1a - 'id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-05
|
|
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
|
4 |
WEB
|
Chris Lyne
|
|
2018-11-05
|
|
SiAdmin 1.1 - 'id' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
Yot CMS 3.3.1 - 'aid' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
qdPM 9.1 - 'filter_by' SQL Injection
|
3 |
WEB
|
AkkuS
|
|
2018-11-02
|
|
Gate Pass Management System 2.1 - 'login' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-11-02
|
|
Jelastic 5.4 - 'host' SQL Injection
|
3 |
WEB
|
Procode701
|
|
2018-11-02
|
|
Fantastic Blog CMS 1.0 - 'id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-31
|
|
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
|
5 |
WEB
|
Jakub Palaczynski
|
|
2018-10-30
|
|
CI User Login and Management 1.0 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
3 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
|
3 |
WEB
|
Rafael Pedrero
|
|
2018-10-30
|
|
Instagram Clone 1.0 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Notes Manager 1.0 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
Expense Management 1.0 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
MyBB Downloads 2.0.3 - SQL Injection
|
4 |
WEB
|
Lucian Ioan Nitescu
|
|
2018-10-30
|
|
Netgear WiFi Router R6120 - Credential Disclosure
|
4 |
WEB
|
Wadeek
|
|
2018-10-30
|
|
Webiness Inventory 2.9 - Arbitrary File Upload
|
4 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
|
4 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-30
|
|
Electricks eCommerce 1.0 - 'prodid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-30
|
|
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
K-iwi Framework 1775 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - Database File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
SaltOS Erp Crm 3.1 r8126 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
E-Negosyo System 1.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
RhinOS CMS 3.x - Arbitrary File Download
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
School Event Management System 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Curriculum Evaluation System 1.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
MTGAS MOGG Web Simulator Script - SQL Injection
|
4 |
WEB
|
Meisam Monsef
|
|
2018-10-29
|
|
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Open Faculty Evaluation System 7 - 'batch_name' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Library Management System 1.0 - 'frmListBooks' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-29
|
|
Grapixel New Media 2 - 'pageref' SQL Injection
|
4 |
WEB
|
Berk Dusunur
|
|
2018-10-29
|
|
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
Delta Sql 1.8.2 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-26
|
|
MPS Box 0.1.8.0 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
