|
2018-10-26
|
|
Quick Count 2.0 - 'txtInstID' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Open STA Manager 2.3 - Arbitrary File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
MPS Box 0.1.8.0 - 'uuid' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
AjentiCP 1.2.23.13 - Cross-Site Scripting
|
3 |
WEB
|
Numan OZDEMIR
|
|
2018-10-25
|
|
AiOPMSD Final 1.0.0 - 'q' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple POS and Inventory 1.0 - 'cat' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
ClipBucket 2.8 - 'id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
User Management 1.1 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-25
|
|
Delta Sql 1.8.2 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
Simple Chat System 1.0 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-25
|
|
phptpoint Hospital Management System 1.0 - 'user' SQL injection
|
4 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-25
|
|
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
|
3 |
WEB
|
Boumediene KADDOUR
|
|
2018-10-25
|
|
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-10-25
|
|
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
|
4 |
WEB
|
AkkuS
|
|
2018-10-12
|
|
D-Link Routers - Directory Traversal
|
4 |
WEB
|
Blazej Adamczyk
|
|
2018-10-12
|
|
D-Link Routers - Plaintext Password
|
4 |
WEB
|
Blazej Adamczyk
|
|
2018-10-12
|
|
D-Link Routers - Command Injection
|
4 |
WEB
|
Blazej Adamczyk
|
|
2018-10-24
|
|
Apache OFBiz 16.11.04 - XML External Entity Injection
|
4 |
WEB
|
Jamie Parfet
|
|
2018-10-24
|
|
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-24
|
|
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
|
4 |
WEB
|
Dino Barlattani
|
|
2018-10-24
|
|
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-24
|
|
SG ERP 1.0 - 'info' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
SIM-PKH 2.4.1 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
School ERP Pro+Responsive 1.0 - Arbitrary File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
|
4 |
WEB
|
hyp3rlinx
|
|
2018-10-23
|
|
SIM-PKH 2.4.1 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-23
|
|
Appsource School Management System 1.0 - 'student_id' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
The Open ISES Project 3.30A - Arbitrary File Download
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
eNdonesia Portal 8.7 - 'artid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
School ERP Ultimate 2018 - 'fid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
Oracle Siebel CRM 8.1.1 - CSV Injection
|
4 |
WEB
|
Sarath Nair
|
|
2018-10-22
|
|
School ERP Ultimate 2018 - Arbitrary File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-22
|
|
MySQL Edit Table 1.0 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-18
|
|
OwnTicket 1.0 - 'TicketID' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-18
|
|
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Alireza Norkazemi
|
|
2018-10-18
|
|
Learning with Texts 1.6.2 - 'start' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
Time and Expense Management System 3.0 - 'table' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2018-10-17
|
|
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-17
|
|
BigTree CMS 4.2.23 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
|
4 |
WEB
|
d0wnp0ur
|
|
2018-10-16
|
|
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Vishesh Auto Index 3.1 - 'fid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Kados R10 GreenBee - 'release_id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
Library CMS 2.1.1 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-16
|
|
Navigate CMS 2.8.5 - Arbitrary File Download
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-16
|
|
HotelDruid 2.2.4 - 'anno' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
KORA 2.7.0 - 'cid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0 - Information Disclosure
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
|
4 |
WEB
|
seccops
|
|
2018-10-15
|
|
FLIR Brickstream 3D+ - RTSP Stream Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
Advanced HRM 1.6 - Remote Code Execution
|
3 |
WEB
|
Renos Nikolaou
|
|
2018-10-15
|
|
College Notes Management System 1.0 - 'user' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
|
4 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
AlchemyCMS 4.1 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-15
|
|
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
|
5 |
WEB
|
LiquidWorm
|
|
2018-10-15
|
|
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2014-11-21
|
|
FluxBB < 1.5.6 - SQL Injection
|
3 |
WEB
|
secthrowaway
|
|
2018-10-12
|
|
SugarCRM 6.5.26 - Cross-Site Scripting
|
3 |
WEB
|
Purplemet Security
|
|
2018-10-12
|
|
HaPe PKH 1.1 - Arbitrary File Upload
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-12
|
|
CAMALEON CMS 2.4 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-12
|
|
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-12
|
|
Phoenix Contact WebVisit 2985725 - Authentication Bypass
|
5 |
WEB
|
Photubias
|
|
2018-10-12
|
|
LUYA CMS 1.0.12 - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
|
2018-10-12
|
|
HaPe PKH 1.1 - 'id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-11
|
|
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
|
5 |
WEB
|
Photubias
|
|
2018-10-11
|
|
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
|
5 |
WEB
|
Larry W. Cashdollar
|
|
2018-10-11
|
|
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-11
|
|
WAGO 750-881 01.09.18 - Cross-Site Scripting
|
3 |
WEB
|
SecuNinja
|
|
2018-10-11
|
|
Wikidforum 2.20 - Cross-Site Scripting
|
3 |
WEB
|
Amir Hossein Mahboubi
|
|
2018-10-10
|
|
Ektron CMS 9.20 SP2 - Improper Access Restrictions
|
3 |
WEB
|
alt3kx
|
|
2018-10-09
|
|
Wikidforum 2.20 - 'message_id' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-09
|
|
Wikidforum 2.20 - 'select_sort' SQL Injection
|
3 |
WEB
|
seccops
|
|
2018-10-08
|
|
Imperva SecureSphere 13 - Remote Command Execution
|
4 |
WEB
|
rsp3ar
|
|
2018-10-08
|
|
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2018-10-06
|
|
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2018-10-06
|
|
Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
|
4 |
WEB
|
cakes
|
|
2018-10-05
|
|
Chamilo LMS 1.11.8 - Cross-Site Scripting
|
4 |
WEB
|
cakes
|
|
2018-10-05
|
|
ISPConfig < 3.1.13 - Remote Command Execution
|
3 |
WEB
|
0x09AL
|
|
2018-10-05
|
|
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
|
3 |
WEB
|
Core Security
|
|
2018-10-05
|
|
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
|
4 |
WEB
|
Core Security
|
|
2018-10-05
|
|
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
cakes
|
|
2018-10-04
|
|
LayerBB Forum 1.1.1 - 'search_query' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-03
|
|
RICOH MP C1803 JPN Printer - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-10-03
|
|
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
|
5 |
WEB
|
Ismail Tasdelen
|
|
2018-10-03
|
|
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-03
|
|
Zechat 1.5 - 'uname' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-02
|
|
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-10-02
|
|
Coaster CMS 5.5.0 - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-10-02
|
|
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
|
4 |
WEB
|
Dino Barlattani
|
|
2018-10-01
|
|
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
|
4 |
WEB
|
cakes
|
|
2018-10-01
|
|
WUZHICMS 2.0 - Cross-Site Scripting
|
5 |
WEB
|
Renzi
|
|
2018-10-01
|
|
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Binary MLM Software 1.0 - 'pid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Education Website 1.0 - 'subject' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-10-01
|
|
Fork CMS 5.4.0 - Cross-Site Scripting
|
6 |
WEB
|
Ismail Tasdelen
|
|
2018-10-01
|
|
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
|
5 |
WEB
|
Ismail Tasdelen
|
|
2018-10-01
|
|
H2 Database 1.4.196 - Remote Code Execution
|
5 |
WEB
|
h4ckNinja
|
|
2018-09-27
|
|
Rausoft ID.prove 2.95 - 'Username' SQL injection
|
4 |
WEB
|
Ilya Timchenko
|
|
2018-09-27
|
|
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-09-27
|
|
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
|
4 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-09-25
|
|
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
|
4 |
WEB
|
AkkuS
|
|
2018-09-25
|
|
RICOH MP C406Z Printer - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-09-25
|
|
RICOH MP 305+ Printer - Cross-Site Scripting
|
4 |
WEB
|
Ismail Tasdelen
|
|
2018-09-25
|
|
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Collection Factory 4.1.9 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component Swap Factory 2.2.1 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-09-25
|
|
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
|
2 |
WEB
|
AkkuS
|
|
2018-09-25
|
|
RICOH MP C6503 Plus Printer - Cross-Site Scripting
|
3 |
WEB
|
Ismail Tasdelen
|
