|
2018-04-02
|
|
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
|
3 |
WEB
|
LiquidWorm
|
|
2018-04-02
|
|
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
|
3 |
WEB
|
LiquidWorm
|
|
2018-04-02
|
|
WampServer 3.1.2 - Cross-Site Request Forgery
|
2 |
WEB
|
Vipin Chaudhary
|
|
2018-04-02
|
|
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
3 |
WEB
|
Vipin Chaudhary
|
|
2018-04-02
|
|
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
|
3 |
WEB
|
Samrat Das
|
|
2018-03-30
|
|
Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change
|
2 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)
|
2 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2018-03-30
|
|
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
|
3 |
WEB
|
Gem George
|
|
2018-03-30
|
|
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
|
2 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
osCommerce 2.3.4.1 - Remote Code Execution
|
1 |
WEB
|
Simon Scannell
|
|
2018-03-30
|
|
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change
|
1 |
WEB
|
Todor Donev
|
|
2018-03-30
|
|
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
|
2 |
WEB
|
Colette Chamberland
|
|
2018-03-30
|
|
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-03-30
|
|
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
|
2 |
WEB
|
Sureshbabu Narvaneni
|
|
2018-03-30
|
|
Homematic CCU2 2.29.23 - Remote Command Execution
|
1 |
WEB
|
Patrick Muench and Gregor Kopf
|
|
2018-03-30
|
|
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
|
2 |
WEB
|
Stefan Broeder
|
|
2018-03-30
|
|
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
|
2 |
WEB
|
Stefan Broeder
|
|
2018-03-30
|
|
MiniCMS 1.10 - Cross-Site Request Forgery
|
2 |
WEB
|
zixian
|
|
2018-03-30
|
|
Homematic CCU2 2.29.23 - Arbitrary File Write
|
2 |
WEB
|
Patrick Muench and Gregor Kopf
|
|
2018-03-30
|
|
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
|
2 |
WEB
|
Nilesh Sapariya
|
|
2018-03-29
|
|
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2018-03-29
|
|
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
|
1 |
WEB
|
Metasploit
|
|
2014-11-03
|
|
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
|
2 |
WEB
|
Stefan Horst
|
|
2018-03-28
|
|
Open-AuditIT Professional 2.1 - Cross-Site Scripting
|
1 |
WEB
|
Nilesh Sapariya
|
|
2018-03-28
|
|
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
|
1 |
WEB
|
Todor Donev
|
|
2018-03-28
|
|
Microsoft Windows Remote Assistance - XML External Entity Injection
|
2 |
WEB
|
Nabeel Ahmed
|
|
2018-03-28
|
|
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Sven Fassbender
|
|
2018-03-28
|
|
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
|
2 |
WEB
|
Sven Fassbender
|
|
2018-03-27
|
|
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2018-03-27
|
|
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2018-03-26
|
|
Laravel Log Viewer < 0.13.0 - Local File Download
|
3 |
WEB
|
Haboob Team
|
|
2018-03-23
|
|
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion
|
3 |
WEB
|
Nicolas Buzy-Debat
|
|
2018-03-23
|
|
MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting
|
3 |
WEB
|
0xB9
|
|
2018-03-23
|
|
TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery
|
3 |
WEB
|
Mans van Someren
|
|
2018-03-23
|
|
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass
|
3 |
WEB
|
Matamorphosis
|
|
2018-03-20
|
|
Cisco node-jos < 0.11.0 - Re-sign Tokens
|
3 |
WEB
|
zioBlack
|
|
2018-03-20
|
|
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting
|
3 |
WEB
|
Sayan Chatterjee
|
|
2018-03-20
|
|
Vehicle Sales Management System - Multiple Vulnerabilities
|
4 |
WEB
|
Sing
|
|
2018-03-20
|
|
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
|
2 |
WEB
|
anhax0r
|
|
2018-03-16
|
|
Contec Smart Home 4.15 - Unauthorized Password Reset
|
3 |
WEB
|
Z3ro0ne
|
|
2018-03-15
|
|
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
|
3 |
WEB
|
Antonio Francesco Sardella
|
|
2018-03-15
|
|
WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting
|
3 |
WEB
|
Stefan Broeder
|
|
2018-03-13
|
|
Tuleap 9.17.99.189 - Blind SQL Injection
|
5 |
WEB
|
Cristiano Maruti
|
|
2018-03-13
|
|
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
|
3 |
WEB
|
SEC Consult
|
|
2018-03-12
|
|
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
|
4 |
WEB
|
Clutchisback1
|
|
2018-03-12
|
|
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
|
4 |
WEB
|
Chris Lyne
|
|
2018-03-12
|
|
TextPattern 4.6.2 - 'qty' SQL Injection
|
3 |
WEB
|
Manuel García Cárdenas
|
|
2018-03-12
|
|
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
|
3 |
WEB
|
LiquidWorm
|
|
2018-03-12
|
|
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
|
3 |
WEB
|
Mehmet Ince
|
|
2018-03-09
|
|
Bacula-Web < 8.0.0-rc2 - SQL Injection
|
4 |
WEB
|
Gustavo Sorondo
|
|
2018-03-07
|
|
antMan 0.9.0c - Authentication Bypass
|
5 |
WEB
|
Joshua Bowser
|
|
2018-03-07
|
|
Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection
|
3 |
WEB
|
h0n1gsp3cht
|
|
2018-03-06
|
|
Bravo Tejari Web Portal - Cross-Site Request Forgery
|
4 |
WEB
|
Arvind V
|
|
2017-07-01
|
|
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download
|
3 |
WEB
|
Luth1er
|
|
2018-03-05
|
|
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
|
4 |
WEB
|
SEC Consult
|
|
2018-03-05
|
|
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
|
4 |
WEB
|
SEC Consult
|
|
2018-02-22
|
|
Parallels Remote Application Server 15.5 - Path Traversal
|
5 |
WEB
|
Nicolas Markitanis
|
|
2018-03-02
|
|
uWSGI < 2.0.17 - Directory Traversal
|
3 |
WEB
|
Marios Nicolaides
|
|
2018-03-02
|
|
antMan < 0.9.1a - Authentication Bypass
|
4 |
WEB
|
Joshua Bowser
|
|
2018-03-02
|
|
D-Link DIR-600M Wireless - Cross-Site Scripting
|
4 |
WEB
|
Prasenjit Kanti Paul
|
|
2018-02-28
|
|
Routers2 2.24 - Cross-Site Scripting
|
4 |
WEB
|
Lorenzo Di Fuccia
|
|
2018-02-27
|
|
Concrete5 CMS < 8.3.0 - Username / Comments Enumeration
|
2 |
WEB
|
Chapman Schleiss
|
|
2018-02-27
|
|
CMS Made Simple 2.1.6 - Remote Code Execution
|
4 |
WEB
|
Keerati T.
|
|
2018-02-27
|
|
School Management Script 3.0.4 - Authentication Bypass
|
4 |
WEB
|
Samiran Santra
|
|
2018-02-27
|
|
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting
|
4 |
WEB
|
0xB9
|
|
2018-02-22
|
|
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
|
3 |
WEB
|
Core Security
|
|
2018-02-22
|
|
Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component CheckList 1.1.1 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Ek Rishta 2.9 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component Proclaim 9.1.1 - Backup File Download
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-22
|
|
Joomla! Component CW Tags 2.0.6 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-19
|
|
October CMS < 1.0.431 - Cross-Site Scripting
|
5 |
WEB
|
Samrat Das
|
|
2018-02-16
|
|
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
|
4 |
WEB
|
Marios Nicolaides
|
|
2018-02-16
|
|
PSNews Website 1.0.0 - 'Keywords' SQL Injection
|
3 |
WEB
|
L0RD
|
|
2018-02-16
|
|
PHIMS - Hospital Management Information System - 'Password' SQL Injection
|
3 |
WEB
|
L0RD
|
|
2018-02-16
|
|
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
|
4 |
WEB
|
Samrat Das
|
|
2018-02-16
|
|
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component SquadManagement 1.0.3 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Solidres 2.5.1 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Realpin 1.5.04 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component NeoRecruit 4.1 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JTicketing 2.0.16 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JS Jobs 1.1.9 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JS Autoz 1.0.9 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component jGive 2.0.9 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Gallery WD 1.3.6 - SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Form Maker 3.6.12 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component File Download Tracker 3.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Fastball 2.5 - 'season' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Aist 2.0 - 'id' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
|
5 |
WEB
|
Ihsan Sencan
|
|
2018-02-16
|
|
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
|
4 |
WEB
|
Alwin Peppels
|
|
2018-02-16
|
|
Twig < 2.4.4 - Server Side Template Injection
|
5 |
WEB
|
JameelNabbo
|
|
2018-02-16
|
|
UserSpice 4.3 - Blind SQL Injection
|
5 |
WEB
|
Dolev Farhi
|
|
2018-02-16
|
|
TV - Video Subscription - Authentication Bypass SQL Injection
|
5 |
WEB
|
L0RD
|
|
2018-02-16
|
|
EPIC MyChart - X-Path Injection
|
4 |
WEB
|
Shayan S
|
|
2017-12-06
|
|
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Exec
|
2 |
WEB
|
SecuriTeam
|
|
2017-07-16
|
|
Geneko Routers - Path Traversal
|
5 |
WEB
|
SecuriTeam
|
|
2017-06-08
|
|
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
|
5 |
WEB
|
SecuriTeam
|
|
2017-05-10
|
|
Cisco DPC3928 Router - Arbitrary File Disclosure
|
5 |
WEB
|
SecuriTeam
|
|
2017-06-19
|
|
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
|
5 |
WEB
|
SecuriTeam
|
|
2017-09-07
|
|
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
|
5 |
WEB
|
SecuriTeam
|
|
2017-09-11
|
|
Hanbanggaoke IP Camera - Arbitrary Password Change
|
5 |
WEB
|
SecuriTeam
|
|
2017-10-09
|
|
QNAP HelpDesk < 1.1.12 - SQL Injection
|
5 |
WEB
|
SecuriTeam
|
