|
2017-08-18
|
|
iTech Job Script 9.27 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Dating Script 3.40 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Multi Vendor Script 6.63 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Travel Script 9.49 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Freelancer Script 5.27 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Image Sharing Script 4.13 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Classifieds Script 7.41 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Caregiver Script 2.71 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech Business Networking Script 8.26 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
iTech B2B Script 4.42 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
DeWorkshop 1.0 - Arbitrary File Upload
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component SP Movie Database 1.3 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component Calendar Planner 1.0.1 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
SOA School Management 3.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
eCardMAX 10.5 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Matrimony Script 2.7 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component KissGallery 1.0.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component Twitch Tv 1.1 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
Joomla! Component Appointment 1.1 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
LiveProjects 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
LiveSales 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
LiveInvoices 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
LiveSupport 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-18
|
|
LiveCRM 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-17
|
|
Food Ordering Script 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-17
|
|
Doctor Patient Project 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-17
|
|
Photogallery Project 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-17
|
|
Online Quiz Project 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-15
|
|
AdvanDate iCupid Dating Software 12.2 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-15
|
|
ClipBucket 2.8.3 - Multiple Vulnerabilities
|
2 |
WEB
|
bRpsd
|
|
2017-08-14
|
|
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting
|
2 |
WEB
|
Benjamin Lee
|
|
2017-08-14
|
|
RPi Cam Control < 6.3.14 - Remote Command Execution
|
1 |
WEB
|
Alexander Korznikov
|
|
2017-08-12
|
|
AirMaster 3000M - Multiple Vulnerabilities
|
2 |
WEB
|
Mr.8Th BiT
|
|
2017-08-12
|
|
RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-08-11
|
|
De-Tutor 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-11
|
|
De-Journal 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-11
|
|
DeWorkshop 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-10
|
|
Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass
|
1 |
WEB
|
Paul Taylor
|
|
2017-08-10
|
|
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-08-10
|
|
GIF Collection 2.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-10
|
|
ImageBay 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-09
|
|
WebFile Explorer 1.0 - Arbitrary File Download
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-09
|
|
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
|
2 |
WEB
|
LiquidWorm
|
|
2017-08-09
|
|
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
|
2 |
WEB
|
LiquidWorm
|
|
2017-08-09
|
|
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
1 |
WEB
|
LiquidWorm
|
|
2017-08-09
|
|
DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration
|
2 |
WEB
|
LiquidWorm
|
|
2017-08-08
|
|
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
|
3 |
WEB
|
Kacper Szurek
|
|
2017-08-07
|
|
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
|
2 |
WEB
|
defensecode
|
|
2017-08-03
|
|
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
|
2 |
WEB
|
Geolado giolado
|
|
2017-08-03
|
|
Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Muviko 1.0 - 'q' SQL Injection
|
2 |
WEB
|
Kaan KAMIS
|
|
2017-08-02
|
|
EDUMOD Pro 1.3 - SQL Injection
|
1 |
WEB
|
Kaan KAMIS
|
|
2017-08-02
|
|
Premium Servers List Tracker 1.0 - SQL Injection
|
2 |
WEB
|
Kaan KAMIS
|
|
2017-08-02
|
|
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-08-02
|
|
Entrepreneur B2B Script - 'pid' SQL Injection
|
1 |
WEB
|
Meisam Monsef
|
|
2017-08-01
|
|
JoySale 2.2.1 - Arbitrary File Upload
|
2 |
WEB
|
Mutlu Benmutlu
|
|
2017-08-01
|
|
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
|
2 |
WEB
|
Andy Tan
|
|
2017-08-01
|
|
VehicleWorkshop - Arbitrary File Upload
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-08-01
|
|
VehicleWorkshop - Authentication Bypass
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-08-01
|
|
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
|
2 |
WEB
|
James Fitts
|
|
2017-08-01
|
|
Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)
|
1 |
WEB
|
James Fitts
|
|
2017-07-28
|
|
VehicleWorkshop - SQL Injection
|
1 |
WEB
|
Shahab Shamsi
|
|
2017-03-15
|
|
GitHub Enterprise < 2.8.7 - Remote Code Execution
|
1 |
WEB
|
orange
|
|
2017-07-28
|
|
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
|
1 |
WEB
|
patryk_bogdan
|
|
2017-07-27
|
|
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
|
1 |
WEB
|
Shahab Shamsi
|
|
2017-07-26
|
|
Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)
|
2 |
WEB
|
shinnai
|
|
2017-07-26
|
|
Friends in War Make or Break 1.7 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-07-25
|
|
WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection
|
1 |
WEB
|
8bitsec
|
|
2017-07-25
|
|
Friends in War Make or Break 1.7 - Authentication Bypass
|
2 |
WEB
|
Adam
|
|
2017-07-25
|
|
WebKit JSC - 'JSObject::putInlineSlow' / 'JSValue::putToPrimitive' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-07-24
|
|
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
|
2 |
WEB
|
RedTeam Pentesting
|
|
2017-07-24
|
|
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
|
2 |
WEB
|
RedTeam Pentesting
|
|
2017-07-24
|
|
PaulShop - SQL Injection / Cross-Site Scripting
|
1 |
WEB
|
BTIS Team
|
|
2017-07-24
|
|
ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)
|
2 |
WEB
|
Kacper Szurek
|
|
2017-07-21
|
|
NEC UNIVERGE UM4730 < 11.8 - SQL Injection
|
1 |
WEB
|
b0x41s
|
|
2017-07-20
|
|
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
|
1 |
WEB
|
Viktoras
|
|
2017-07-20
|
|
WordPress Plugin IBPS Online Exam 1.0 - SQL Injection / Cross-Site Scripting
|
2 |
WEB
|
8bitsec
|
|
2017-07-20
|
|
Tilde CMS 1.01 - Multiple Vulnerabilities
|
3 |
WEB
|
Raffaele Forte
|
|
2017-07-20
|
|
Joomla! Component JoomRecipe 1.0.4 - 'search_author' SQL Injection
|
2 |
WEB
|
Teng
|
|
2017-07-19
|
|
Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
|
3 |
WEB
|
xort
|
|
2017-07-19
|
|
Oracle E-Business Suite 12.x - Server-Side Request Forgery
|
2 |
WEB
|
Sarath Nair
|
|
2017-07-18
|
|
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
|
2 |
WEB
|
Daniel Correa
|
|
2017-07-18
|
|
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-18
|
|
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-16
|
|
Orangescrum 1.6.1 - Multiple Vulnerabilities
|
2 |
WEB
|
tomplixsee
|
|
2017-07-14
|
|
WDTV Live SMP 2.03.20 - Remote Password Reset
|
1 |
WEB
|
Sw1tCh
|
|
2017-07-07
|
|
Apache Struts 2.3.x Showcase - Remote Code Execution
|
2 |
WEB
|
Vex Woo
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download
|
1 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-12
|
|
WordPress Plugin Sabai Discuss - Cross-Site Scripting
|
2 |
WEB
|
Hesam Bazvand
|
|
2017-07-11
|
|
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
|
2 |
WEB
|
Paul Taylor
|
|
2017-07-11
|
|
DataTaker DT80 dEX 1.50.012 - Information Disclosure
|
2 |
WEB
|
Nassim Asrir
|
|
2017-07-10
|
|
Pelco VideoXpert 1.12.105 - Information Disclosure
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco VideoXpert 1.12.105 - Directory Traversal
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Remote Code Execution
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
|
2 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
|
2 |
WEB
|
Paul Taylor
|
|
2017-07-03
|
|
OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution
|
2 |
WEB
|
Jonatas Fil
|
|
2017-07-03
|
|
WordPress Plugin WatuPRO 5.5.1 - SQL Injection
|
2 |
WEB
|
Manich Koomsusi
|
|
2017-06-20
|
|
BOA Web Server 0.94.14rc21 - Arbitrary File Access
|
2 |
WEB
|
Miguel Mendez Z
|
|
2017-06-30
|
|
Humax HG100R 2.0.6 - Backup File Download
|
2 |
WEB
|
gambler
|
|
2017-06-28
|
|
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
|
2 |
WEB
|
Core Security
|
|
2017-06-28
|
|
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
|
3 |
WEB
|
Chako
|
|
2017-06-27
|
|
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
|
1 |
WEB
|
Lenon Leite
|
|
2017-06-27
|
|
GLPI 0.90.4 - SQL Injection
|
1 |
WEB
|
Eric CARTER
|
|
2017-06-26
|
|
Eltek SmartPack - Backdoor Account
|
2 |
WEB
|
Saeed reza Zamanian
|
|
2017-06-21
|
|
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
|
1 |
WEB
|
phackt_ul
|
|
2017-06-19
|
|
WonderCMS 2.1.0 - Cross-Site Request Forgery
|
1 |
WEB
|
Ehsan Hosseini
|
|
2017-06-18
|
|
D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change
|
1 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
Beetel BCM96338 Router - DNS Change
|
1 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
D-Link DSL-2640U - DNS Change
|
2 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
UTstarcom WA3002G4 - DNS Change
|
2 |
WEB
|
Todor Donev
|
|
2017-06-09
|
|
nuevoMailer 6.0 - SQL Injection
|
2 |
WEB
|
Oleg Boytsev
|
