|
2018-05-18
|
|
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
|
2 |
WEB
|
L0RD
|
|
2018-05-18
|
|
Cisco SA520W Security Appliance - Path Traversal
|
2 |
WEB
|
Nassim Asrir
|
|
2018-05-18
|
|
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
|
1 |
WEB
|
Richard Alviarez
|
|
2018-05-18
|
|
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
|
3 |
WEB
|
Berk Dusunur
|
|
2018-05-18
|
|
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
|
3 |
WEB
|
L0RD
|
|
2018-05-17
|
|
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
|
3 |
WEB
|
t4rkd3vilz
|
|
2018-05-17
|
|
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request for
|
3 |
WEB
|
L0RD
|
|
2018-05-17
|
|
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request for
|
3 |
WEB
|
L0RD
|
|
2018-05-17
|
|
Intelbras NCLOUD 300 1.0 - Authentication bypass
|
2 |
WEB
|
Pedro Aguiar
|
|
2018-05-17
|
|
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
|
3 |
WEB
|
L0RD
|
|
2018-05-17
|
|
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
|
3 |
WEB
|
L0RD
|
|
2018-05-16
|
|
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross
|
2 |
WEB
|
SEC Consult
|
|
2018-05-16
|
|
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross
|
2 |
WEB
|
SEC Consult
|
|
2018-05-16
|
|
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
|
3 |
WEB
|
dxw
|
|
2018-05-16
|
|
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
|
1 |
WEB
|
Compass Security
|
|
2018-05-16
|
|
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
|
3 |
WEB
|
L0RD
|
|
2018-05-16
|
|
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
|
3 |
WEB
|
L0RD
|
|
2018-05-16
|
|
Rockwell Scada System 27.011 - Cross-Site Scripting
|
3 |
WEB
|
t4rkd3vilz
|
|
2018-05-16
|
|
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
|
3 |
WEB
|
Mattia Furlani
|
|
2018-05-16
|
|
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
|
3 |
WEB
|
0xB9
|
|
2018-05-03
|
|
JasperReports - (Authenticated) File Read
|
3 |
WEB
|
Hector Monsegur
|
|
2018-05-14
|
|
XATABoost 1.0.0 - SQL Injection
|
3 |
WEB
|
MgThuraMoeMyint
|
|
2018-05-13
|
|
WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
|
3 |
WEB
|
jiguang
|
|
2018-05-13
|
|
WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
|
3 |
WEB
|
jiguang
|
|
2018-05-11
|
|
Open-AudIT Community 2.2.0 - Cross-Site Scripting
|
3 |
WEB
|
Tejesh Kolisetty
|
|
2018-05-11
|
|
Open-AudIT Professional - 2.1.1 - Cross-Site Scripting
|
3 |
WEB
|
Tejesh Kolisetty
|
|
2018-05-10
|
|
MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting
|
2 |
WEB
|
0xB9
|
|
2018-05-10
|
|
ModbusPal 1.6b - XML External Entity Injection
|
3 |
WEB
|
Trent Gordon
|
|
2018-05-10
|
|
Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery
|
3 |
WEB
|
Raffaele Sabato
|
|
2018-05-06
|
|
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
|
3 |
WEB
|
Tomislav Paskalev
|
|
2018-05-06
|
|
CSP MySQL User Manager 2.3.1 - Authentication Bypass
|
3 |
WEB
|
Youssef Mami
|
|
2018-05-04
|
|
IceWarp Mail Server < 11.1.1 - Directory Traversal
|
3 |
WEB
|
Trustwave's SpiderLabs
|
|
2018-05-04
|
|
WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting
|
3 |
WEB
|
B0UG
|
|
2014-01-14
|
|
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
|
3 |
WEB
|
Takeshi Terada
|
|
2018-03-27
|
|
DLINK DCS-5020L - Remote Code Execution (PoC)
|
3 |
WEB
|
Fidus InfoSecurity
|
|
2018-05-02
|
|
Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery
|
3 |
WEB
|
Qian Wu_ Bo Wang_ Jiawang Zhang
|
|
2018-05-01
|
|
WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site S
|
3 |
WEB
|
B0UG
|
|
2018-04-30
|
|
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
|
3 |
WEB
|
Jared Arave
|
|
2018-04-30
|
|
Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root
|
3 |
WEB
|
Jared Arave
|
|
2018-04-30
|
|
WordPress Plugin Form Maker 1.12.20 - CSV Injection
|
3 |
WEB
|
Sairam Jetty
|
|
2018-04-30
|
|
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)
|
2 |
WEB
|
SixP4ck3r
|
|
2018-04-30
|
|
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)
|
3 |
WEB
|
SixP4ck3r
|
|
2018-04-26
|
|
Frog CMS 0.9.5 - Persistent Cross-Site Scripting
|
3 |
WEB
|
Wenming Jiang
|
|
2018-04-26
|
|
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot
|
3 |
WEB
|
Wadeek
|
|
2018-04-26
|
|
GitList 0.6 - Remote Code Execution
|
3 |
WEB
|
Kacper Szurek
|
|
2018-04-26
|
|
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
|
3 |
WEB
|
0xB9
|
|
2018-04-26
|
|
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
|
3 |
WEB
|
0xB9
|
|
2018-04-26
|
|
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
|
3 |
WEB
|
Sven Fassbender
|
|
2018-04-26
|
|
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
|
2 |
WEB
|
Wadeek
|
|
2018-04-26
|
|
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
|
3 |
WEB
|
Alessio Sergi
|
|
2018-04-25
|
|
Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)
|
3 |
WEB
|
Blaklis
|
|
2018-04-25
|
|
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
|
3 |
WEB
|
8bitsec
|
|
2018-04-25
|
|
HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting
|
3 |
WEB
|
8bitsec
|
|
2018-04-25
|
|
HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection
|
3 |
WEB
|
8bitsec
|
|
2018-04-25
|
|
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
|
2 |
WEB
|
8bitsec
|
|
2018-04-25
|
|
Blog Master Pro 1.0 - CSV Injection
|
4 |
WEB
|
8bitsec
|
|
2018-04-25
|
|
Shopy Point of Sale 1.0 - CSV Injection
|
2 |
WEB
|
8bitsec
|
|
2018-04-24
|
|
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
|
2 |
WEB
|
SEC Consult
|
|
2018-04-24
|
|
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
|
2 |
WEB
|
Lenon Leite
|
|
2018-04-24
|
|
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
|
2 |
WEB
|
Berk Cem Göksel
|
|
2018-04-24
|
|
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
|
3 |
WEB
|
devcoinfet
|
|
2018-04-24
|
|
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
|
4 |
WEB
|
Wenming Jiang
|
|
2018-04-24
|
|
Open-AudIT 2.1 - CSV Macro Injection
|
3 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-24
|
|
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
|
3 |
WEB
|
jiguang
|
|
2018-04-24
|
|
UK Cookie Consent - Persistent Cross-Site Scripting
|
2 |
WEB
|
B0UG
|
|
2018-04-23
|
|
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
|
2 |
WEB
|
Wenming Jiang
|
|
2018-04-23
|
|
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
|
3 |
WEB
|
Larry W. Cashdollar
|
|
2018-04-23
|
|
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
|
2 |
WEB
|
r4wd3r
|
|
2018-04-23
|
|
Ncomputing vSpace Pro 10/11 - Directory Traversal
|
2 |
WEB
|
Javier Bernardo
|
|
2018-04-23
|
|
phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
|
3 |
WEB
|
revengsh
|
|
2018-04-20
|
|
Cobub Razor 0.8.0 - Physical Path Leakage
|
3 |
WEB
|
Kyhvedn
|
|
2018-04-18
|
|
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
|
3 |
WEB
|
bzyo
|
|
2018-04-18
|
|
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
|
3 |
WEB
|
bzyo
|
|
2018-04-18
|
|
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
|
3 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-18
|
|
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
|
3 |
WEB
|
Federico Scalco
|
|
2018-04-18
|
|
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
|
3 |
WEB
|
SadFud
|
|
2018-04-18
|
|
Kodi 17.6 - Persistent Cross-Site Scripting
|
3 |
WEB
|
Manuel García Cárdenas
|
|
2018-04-18
|
|
Match Clone Script 1.0.4 - Cross-Site Scripting
|
3 |
WEB
|
ManhNho
|
|
2018-04-18
|
|
Rvsitebuilder CMS - Database Backup Download
|
3 |
WEB
|
Hesam Bazvand
|
|
2018-04-18
|
|
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
|
3 |
WEB
|
Keerati T.
|
|
2018-04-18
|
|
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
|
3 |
WEB
|
Keerati T.
|
|
2018-04-17
|
|
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-16
|
|
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
|
3 |
WEB
|
Frogy
|
|
2018-04-16
|
|
Cobub Razor 0.8.0 - SQL injection
|
3 |
WEB
|
Kyhvedn
|
|
2018-04-13
|
|
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
|
2 |
WEB
|
Hans Topo & g0tmi1k
|
|
2018-04-13
|
|
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
|
3 |
WEB
|
Vitalii Rudnykh
|
|
2018-04-12
|
|
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
|
3 |
WEB
|
Sairam Jetty
|
|
2018-04-10
|
|
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
|
3 |
WEB
|
ManhNho
|
|
2018-04-10
|
|
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
|
2 |
WEB
|
ManhNho
|
|
2018-04-10
|
|
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Contr
|
3 |
WEB
|
SlidingWindow
|
|
2018-04-10
|
|
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
|
3 |
WEB
|
taoge
|
|
2018-04-10
|
|
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
|
2 |
WEB
|
taoge
|
|
2018-04-10
|
|
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
|
2 |
WEB
|
Stefan Broeder
|
|
2018-04-10
|
|
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
|
1 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WordPress Plugin Google Drive 2.2 - Remote Code Execution
|
2 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
|
2 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
|
3 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
|
3 |
WEB
|
Lenon Leite
|
|
2018-04-09
|
|
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
|
2 |
WEB
|
LiquidWorm
|
|
2018-04-09
|
|
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
|
2 |
WEB
|
LiquidWorm
|
|
2018-04-09
|
|
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
|
2 |
WEB
|
RedTeam Pentesting
|
|
2018-04-09
|
|
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
|
3 |
WEB
|
Graeme Robinson
|
|
2018-04-09
|
|
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
|
2 |
WEB
|
ManhNho
|
|
2018-04-09
|
|
WolfCMS 0.8.3.1 - Open Redirection
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-09
|
|
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
|
2 |
WEB
|
Perileos
|
|
2018-04-09
|
|
Cobub Razor 0.7.2 - Add New Superuser Account
|
3 |
WEB
|
ppb
|
|
2018-04-09
|
|
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
|
3 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-09
|
|
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
|
3 |
WEB
|
Colette Chamberland
|
|
2018-04-06
|
|
Cobub Razor 0.7.2 - Cross-Site Request Forgery
|
3 |
WEB
|
ppb
|
|
2018-04-06
|
|
DotNetNuke DNNarticle Module 11 - Directory Traversal
|
3 |
WEB
|
Esmaeil Rahimian
|
|
2018-04-06
|
|
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
|
3 |
WEB
|
Noman Riffat
|
|
2018-04-05
|
|
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
|
2 |
WEB
|
Stefan Broeder
|
|
2018-04-05
|
|
GetSimple CMS 3.3.13 - Cross-Site Scripting
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-05
|
|
Z-Blog 1.5.1.1740 - Full Path Disclosure
|
2 |
WEB
|
zzw
|
|
2018-04-05
|
|
Z-Blog 1.5.1.1740 - Cross-Site Scripting
|
3 |
WEB
|
zzw
|
|
2018-04-05
|
|
YzmCMS 3.6 - Cross-Site Scripting
|
3 |
WEB
|
zzw
|
|
2018-04-05
|
|
WebRTC - Private IP Leakage (Metasploit)
|
3 |
WEB
|
Dhiraj Mishra
|
|
2018-04-05
|
|
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
|
3 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-05
|
|
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting
|
3 |
WEB
|
0xB9
|
|
2018-04-04
|
|
ProcessMaker - Plugin Upload (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2018-04-02
|
|
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2018-04-02
|
|
OpenCMS 10.5.3 - Cross-Site Scripting
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-02
|
|
OpenCMS 10.5.3 - Cross-Site Request Forgery
|
3 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-04-02
|
|
LifeSize ClearSea 3.1.4 - Directory Traversal
|
3 |
WEB
|
rsp3ar
|
|
2018-04-02
|
|
DLink DIR-601 - Admin Password Disclosure
|
3 |
WEB
|
Kevin Randall
|
