|
2017-07-19
|
|
Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
|
2 |
WEB
|
xort
|
|
2017-07-19
|
|
Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection
|
3 |
WEB
|
xort
|
|
2017-07-19
|
|
Oracle E-Business Suite 12.x - Server-Side Request Forgery
|
3 |
WEB
|
Sarath Nair
|
|
2017-07-18
|
|
PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting
|
4 |
WEB
|
Daniel Correa
|
|
2017-07-18
|
|
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)
|
3 |
WEB
|
xort
|
|
2017-07-18
|
|
Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)
|
4 |
WEB
|
xort
|
|
2017-07-16
|
|
Orangescrum 1.6.1 - Multiple Vulnerabilities
|
3 |
WEB
|
tomplixsee
|
|
2017-07-14
|
|
WDTV Live SMP 2.03.20 - Remote Password Reset
|
3 |
WEB
|
Sw1tCh
|
|
2017-07-07
|
|
Apache Struts 2.3.x Showcase - Remote Code Execution
|
4 |
WEB
|
Vex Woo
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download
|
3 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation
|
3 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-13
|
|
Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-12
|
|
WordPress Plugin Sabai Discuss - Cross-Site Scripting
|
3 |
WEB
|
Hesam Bazvand
|
|
2017-07-11
|
|
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
|
3 |
WEB
|
Paul Taylor
|
|
2017-07-11
|
|
DataTaker DT80 dEX 1.50.012 - Information Disclosure
|
3 |
WEB
|
Nassim Asrir
|
|
2017-07-10
|
|
Pelco VideoXpert 1.12.105 - Information Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco VideoXpert 1.12.105 - Directory Traversal
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Remote Code Execution
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
|
4 |
WEB
|
LiquidWorm
|
|
2017-07-10
|
|
NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
|
4 |
WEB
|
Paul Taylor
|
|
2017-07-03
|
|
OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution
|
4 |
WEB
|
Jonatas Fil
|
|
2017-07-03
|
|
WordPress Plugin WatuPRO 5.5.1 - SQL Injection
|
3 |
WEB
|
Manich Koomsusi
|
|
2017-06-20
|
|
BOA Web Server 0.94.14rc21 - Arbitrary File Access
|
4 |
WEB
|
Miguel Mendez Z
|
|
2017-06-30
|
|
Humax HG100R 2.0.6 - Backup File Download
|
3 |
WEB
|
gambler
|
|
2017-06-28
|
|
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
|
3 |
WEB
|
Core Security
|
|
2017-06-28
|
|
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
|
3 |
WEB
|
Chako
|
|
2017-06-27
|
|
WordPress Plugin Ultimate Product Catalogue 4.2.2 - SQL Injection
|
2 |
WEB
|
Lenon Leite
|
|
2017-06-27
|
|
GLPI 0.90.4 - SQL Injection
|
2 |
WEB
|
Eric CARTER
|
|
2017-06-26
|
|
Eltek SmartPack - Backdoor Account
|
3 |
WEB
|
Saeed reza Zamanian
|
|
2017-06-21
|
|
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
|
3 |
WEB
|
phackt_ul
|
|
2017-06-19
|
|
WonderCMS 2.1.0 - Cross-Site Request Forgery
|
2 |
WEB
|
Ehsan Hosseini
|
|
2017-06-18
|
|
D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
Beetel BCM96338 Router - DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
D-Link DSL-2640U - DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2017-06-17
|
|
UTstarcom WA3002G4 - DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2017-06-09
|
|
nuevoMailer 6.0 - SQL Injection
|
3 |
WEB
|
Oleg Boytsev
|
|
2017-06-16
|
|
iBall Baton iB-WRA150N - DNS Change
|
3 |
WEB
|
Todor Donev
|
|
2017-06-16
|
|
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
|
3 |
WEB
|
IMgod
|
|
2017-06-15
|
|
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
|
2 |
WEB
|
EziBilisim
|
|
2017-06-14
|
|
KBVault MySQL 0.16a - Arbitrary File Upload
|
3 |
WEB
|
Fatih Emiral
|
|
2017-05-22
|
|
Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution
|
3 |
WEB
|
Ike-Clinton
|
|
2017-06-04
|
|
WordPress Plugin Event List < 0.7.8 - SQL Injection
|
3 |
WEB
|
Dimitrios Tsagkarakis
|
|
2017-06-11
|
|
WordPress Plugin WP Jobs < 1.5 - SQL Injection
|
2 |
WEB
|
Dimitrios Tsagkarakis
|
|
2017-06-12
|
|
Real Estate Classifieds Script - SQL Injection
|
3 |
WEB
|
EziBilisim
|
|
2017-06-03
|
|
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
|
3 |
WEB
|
Dimitrios Tsagkarakis
|
|
2017-06-09
|
|
Nuevomailer < 6.0 - SQL Injection
|
3 |
WEB
|
Oleg Boytsev
|
|
2017-06-10
|
|
PaulShop - SQL Injection
|
3 |
WEB
|
Se0pHpHack3r
|
|
2017-06-09
|
|
EFS Easy Chat Server 3.1 - Password Reset
|
3 |
WEB
|
Aitezaz Mohsin
|
|
2017-06-09
|
|
EFS Easy Chat Server 3.1 - Password Disclosure
|
3 |
WEB
|
Aitezaz Mohsin
|
|
2017-06-10
|
|
eCom Cart 1.3 - SQL Injection
|
3 |
WEB
|
Alperen Eymen Ozcan
|
|
2017-06-09
|
|
Uniview NVR - Password Disclosure
|
3 |
WEB
|
B1t
|
|
2017-06-09
|
|
IPFire 2.19 - Remote Code Execution
|
3 |
WEB
|
0x09AL
|
|
2017-06-08
|
|
Craft CMS 2.6 - Cross-Site Scripting
|
3 |
WEB
|
Ahsan Tahir
|
|
2017-06-07
|
|
Robert 0.5 - Multiple Vulnerabilities
|
3 |
WEB
|
Cyril Vallicari
|
|
2017-06-07
|
|
Xavier 2.4 - SQL Injection
|
3 |
WEB
|
Vulnerability-Lab
|
|
2017-06-07
|
|
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
|
3 |
WEB
|
Ahsan Tahir
|
|
2017-06-06
|
|
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclos
|
2 |
WEB
|
X41 D-Sec GmbH
|
|
2017-06-06
|
|
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclos
|
2 |
WEB
|
X41 D-Sec GmbH
|
|
2017-06-06
|
|
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclos
|
3 |
WEB
|
X41 D-Sec GmbH
|
|
2017-06-06
|
|
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
|
3 |
WEB
|
defensecode
|
|
2017-06-05
|
|
Kronos Telestaff < 2.92EU29 - SQL Injection
|
4 |
WEB
|
Goran Tuzovic
|
|
2017-06-05
|
|
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
|
3 |
WEB
|
hyp3rlinx
|
|
2017-06-05
|
|
Subsonic 6.1.1 - Server-Side Request Forgery
|
3 |
WEB
|
hyp3rlinx
|
|
2017-06-05
|
|
Subsonic 6.1.1 - Cross-Site Request Forgery
|
2 |
WEB
|
hyp3rlinx
|
|
2017-06-04
|
|
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution
|
2 |
WEB
|
LiquidWorm
|
|
2017-06-03
|
|
Joomla! Component Payage 2.05 - 'aid' SQL Injection
|
3 |
WEB
|
Persian Hack Team
|
|
2017-06-02
|
|
Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection
|
2 |
WEB
|
Goran Tuzovic
|
|
2017-06-01
|
|
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-06-01
|
|
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-06-01
|
|
WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-06-01
|
|
Riverbed SteelHead VCX 9.6.0a - Arbitrary File Read
|
3 |
WEB
|
Gregory Draperi
|
|
2017-05-31
|
|
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
|
3 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-31
|
|
OV3 Online Administration 3.0 - SQL Injection
|
3 |
WEB
|
LiquidWorm
|
|
2017-05-31
|
|
OV3 Online Administration 3.0 - Remote Code Execution
|
3 |
WEB
|
LiquidWorm
|
|
2017-05-31
|
|
OV3 Online Administration 3.0 - Directory Traversal
|
3 |
WEB
|
LiquidWorm
|
|
2017-05-30
|
|
Piwigo Plugin Facetag 0.0.3 - SQL Injection
|
3 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-30
|
|
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution
|
3 |
WEB
|
Simone Margaritelli
|
|
2017-05-30
|
|
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
|
3 |
WEB
|
SecuriTeam
|
|
2017-05-30
|
|
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
|
3 |
WEB
|
SecuriTeam
|
|
2017-05-30
|
|
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote
|
3 |
WEB
|
SecuriTeam
|
|
2017-05-30
|
|
uc-http Daemon - Local File Inclusion / Directory Traversal
|
3 |
WEB
|
Project Insecurity
|
|
2017-05-29
|
|
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
|
3 |
WEB
|
defensecode
|
|
2017-05-26
|
|
QWR-1104 Wireless-N Router - Cross-Site Scripting
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-02-22
|
|
D-Link DCS Series Cameras - Insecure Crossdomain
|
2 |
WEB
|
SlidingWindow
|
|
2017-05-25
|
|
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scr
|
3 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
|
2 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting
|
1 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
WebKit - 'ContainerNode::parserInsertBefore' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-05-25
|
|
Sophos Cyberoam - Cross-site scripting
|
2 |
WEB
|
Bhadresh Patel
|
|
2017-05-24
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
3 |
WEB
|
f3ci
|
|
2017-05-24
|
|
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
|
3 |
WEB
|
f3ci
|
|
2017-05-21
|
|
PlaySMS 1.4 - 'import.php' Remote Code Execution
|
3 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-20
|
|
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
|
3 |
WEB
|
hyp3rlinx
|
|
2017-05-20
|
|
KMCIS CaseAware - Cross-Site Scripting
|
3 |
WEB
|
justpentest
|
|
2017-05-19
|
|
D-Link DIR-600M Wireless N 150 - Authentication Bypass
|
3 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-19
|
|
PlaySMS 1.4 - Remote Code Execution
|
3 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-19
|
|
ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass
|
3 |
WEB
|
ByteM3
|
|
2017-05-19
|
|
SAP Business One for Android 1.2.3 - XML External Entity Injection
|
3 |
WEB
|
Ravindra Singh Rathore
|
|
2017-05-19
|
|
Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption
|
3 |
WEB
|
David Tomaschik
|
|
2017-05-19
|
|
Oracle PeopleSoft - Server-Side Request Forgery
|
3 |
WEB
|
ERPScan
|
|
2017-05-19
|
|
Joomla! 3.7.0 - 'com_fields' SQL Injection
|
3 |
WEB
|
Mateus Lino
|
|
2017-05-17
|
|
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
|
3 |
WEB
|
Yoroi
|
|
2017-05-17
|
|
INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection
|
3 |
WEB
|
Yoroi
|
|
2017-01-12
|
|
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
|
4 |
WEB
|
SlidingWindow
|
|
2017-02-28
|
|
Sophos Web Appliance 4.3.1.1 - Session Fixation
|
3 |
WEB
|
SlidingWindow
|
|
2017-04-28
|
|
Admidio 3.2.8 - Cross-Site Request Forgery
|
3 |
WEB
|
Faiz Ahmed Zaidi
|
|
2017-05-15
|
|
Mailcow 0.14 - Cross-Site Request Forgery
|
3 |
WEB
|
hyp3rlinx
|
|
2017-05-14
|
|
PlaySMS 1.4 - '/sendfromfile.php' Remote Code Execution / Unrestricted File Upload
|
2 |
WEB
|
Touhid M.Shaikh
|
|
2017-05-02
|
|
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
|
3 |
WEB
|
ReverseBrain
|
|
2017-05-10
|
|
CMS Made Simple 2.1.6 - Multiple Vulnerabilities
|
2 |
WEB
|
Osanda Malith Jayathissa
|
|
2017-05-10
|
|
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
|
2 |
WEB
|
HaHwul
|
|
2017-05-10
|
|
BanManager WebUI 1.5.8 - PHP Code Injection
|
2 |
WEB
|
HaHwul
|
|
2017-05-10
|
|
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
|
2 |
WEB
|
Kacper Szurek
|
|
2017-05-09
|
|
Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions
|
3 |
WEB
|
Pesach Zirkind
|
|
2017-05-09
|
|
Personify360 7.5.2/7.6.1 - Improper Access Restrictions
|
3 |
WEB
|
Pesach Zirkind
|
|
2017-05-09
|
|
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cro
|
3 |
WEB
|
SEC Consult
|
|
2017-05-09
|
|
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cro
|
3 |
WEB
|
SEC Consult
|
|
2017-04-24
|
|
LogRhythm Network Monitor - Authentication Bypass / Command Injection
|
2 |
WEB
|
Francesco Oddo
|
|
2017-05-05
|
|
ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities
|
5 |
WEB
|
Sysdream
|
