|
2017-05-05
|
|
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
|
3 |
WEB
|
defensecode
|
|
2017-05-03
|
|
WordPress Core < 4.7.4 - Unauthorized Password Reset
|
3 |
WEB
|
Dawid Golunski
|
|
2017-05-03
|
|
WordPress Core 4.6 - Remote Code Execution
|
3 |
WEB
|
Dawid Golunski
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
|
2 |
WEB
|
LiquidWorm
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
|
4 |
WEB
|
LiquidWorm
|
|
2017-05-03
|
|
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2017-05-01
|
|
Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
|
3 |
WEB
|
Ben Nott
|
|
2017-05-01
|
|
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities
|
2 |
WEB
|
David Tomaschik
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - Directory Traversal
|
4 |
WEB
|
LiquidWorm
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - Password Reset
|
3 |
WEB
|
LiquidWorm
|
|
2017-04-30
|
|
Emby MediaServer 3.2.5 - SQL Injection
|
3 |
WEB
|
LiquidWorm
|
|
2017-04-27
|
|
Easy File Uploader - Arbitrary File Upload
|
3 |
WEB
|
Daniel Godoy
|
|
2017-04-27
|
|
Simple File Uploader - Arbitrary File Download
|
3 |
WEB
|
Daniel Godoy
|
|
2017-04-27
|
|
TYPO3 Extension News - SQL Injection
|
3 |
WEB
|
Charles Fol
|
|
2017-04-26
|
|
Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
|
3 |
WEB
|
Cyril Vallicari
|
|
2017-04-25
|
|
October CMS 1.0.412 - Multiple Vulnerabilities
|
3 |
WEB
|
Anti Räis
|
|
2017-04-24
|
|
Joomla! Component Myportfolio 3.0.2 - 'pid' SQL Injection
|
3 |
WEB
|
Persian Hack Team
|
|
2017-04-25
|
|
OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution
|
2 |
WEB
|
Andrey B. Panfilov
|
|
2017-04-25
|
|
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
|
2 |
WEB
|
Paolo Stagno
|
|
2017-04-25
|
|
HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion
|
3 |
WEB
|
Paolo Stagno
|
|
2017-04-25
|
|
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
|
2 |
WEB
|
ERPScan
|
|
2017-04-25
|
|
Oracle PeopleSoft - 'PeopleSoftServiceListeningConnector' XML External Entity via DOCTYPE
|
2 |
WEB
|
ERPScan
|
|
2017-04-25
|
|
WordPress Plugin Wow Forms 2.1 - SQL Injection
|
3 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
|
2 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin Car Rental System 2.5 - SQL Injection
|
3 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
WordPress Plugin KittyCatfish 2.2 - SQL Injection
|
2 |
WEB
|
TAD GROUP
|
|
2017-04-25
|
|
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
|
2 |
WEB
|
Cyril Vallicari
|
|
2017-04-20
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripti
|
2 |
WEB
|
Google Security Research
|
|
2017-04-20
|
|
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-
|
3 |
WEB
|
Google Security Research
|
|
2017-04-16
|
|
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset
|
4 |
WEB
|
hyp3rlinx
|
|
2017-04-14
|
|
Concrete5 CMS 8.1.0 - 'Host' Header Injection
|
3 |
WEB
|
hyp3rlinx
|
|
2017-04-13
|
|
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
|
3 |
WEB
|
Peter Lapp
|
|
2017-04-13
|
|
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
|
2 |
WEB
|
SySS GmbH
|
|
2017-04-13
|
|
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
|
2 |
WEB
|
SySS GmbH
|
|
2016-01-11
|
|
SedSystems D3 Decimator - Multiple Vulnerabilities
|
3 |
WEB
|
prdelka
|
|
2017-02-15
|
|
Coppermine Gallery < 1.5.44 - Directory Traversal
|
3 |
WEB
|
Hacker Fantastic
|
|
2017-04-11
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Li
|
3 |
WEB
|
Google Security Research
|
|
2017-04-11
|
|
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-04-11
|
|
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
|
3 |
WEB
|
SecuriTeam
|
|
2017-04-11
|
|
Brother MFC-J6520DW - Authentication Bypass / Password Change
|
3 |
WEB
|
Patryk Bogdan
|
|
2017-04-11
|
|
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
|
3 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
|
3 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
FAQ Script 3.1.3 - 'category_id' SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
Social Directory Script 2.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
|
3 |
WEB
|
Manuel García Cárdenas
|
|
2017-04-11
|
|
MyClassifiedScript 5.1 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Adobe (Multiple Products) - XML Injection File Content Disclosure
|
1 |
WEB
|
Tess Sluyter
|
|
2017-04-08
|
|
Jobscript4Web 4.5 - Authentication Bypass
|
3 |
WEB
|
TurkCyberArmy
|
|
2017-04-07
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
3 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
3 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
3 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
3 |
WEB
|
Harry Sintonen
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
3 |
WEB
|
dxw
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
3 |
WEB
|
dxw
|
|
2017-04-07
|
|
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download
|
3 |
WEB
|
Patryk Bogdan
|
|
2017-04-07
|
|
Ladder System 6.0 - 'faqid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
My Gaming Ladder Combo System 7.5 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Survey Template 1.1 - 'masterkey1' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Quiz Template 1.0 - 'testid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Forum Template 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Calendar Template 2.0 - 'editid1' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Shopping Cart Template - 'item' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Document Management Template - 'hash' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Invoice Template - 'hash' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
|
3 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Intellinet NFC-30IR Camera - Multiple Vulnerabilities
|
3 |
WEB
|
Dimitri Fousekis
|
|
2017-04-06
|
|
Moodle 2.x/3.x - SQL Injection
|
3 |
WEB
|
Marko Belzetski
|
|
2017-04-05
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
3 |
WEB
|
rungga_reksya
|
|
2017-04-03
|
|
GeoMoose < 2.9.2 - Directory Traversal
|
3 |
WEB
|
Sander Ferdinand
|
|
2017-04-05
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
3 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Appointment Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Sweepstakes Pro Software - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Premium Penny Auction Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Airbnb Crashpadder Clone Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
ImagePro Lazygirls Clone Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confus
|
3 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
3 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
3 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Maian Greetings 2.1 - 'cat' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Survey 1.1 - 'survey' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Uploader 4.0 - 'user' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-04-02
|
|
Pixie 1.0.4 - Arbitrary File Upload
|
3 |
WEB
|
rungga_reksya
|
|
2017-04-02
|
|
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
|
3 |
WEB
|
trevor Hough
|
|
2017-03-31
|
|
Membership Formula - 'order' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-31
|
|
Splunk Enterprise - Information Disclosure
|
3 |
WEB
|
hyp3rlinx
|
|
2017-03-29
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
2 |
WEB
|
Dany Bach
|
|
2017-03-29
|
|
Opensource Classified Ads Script - 'keyword' SQL Injection
|
4 |
WEB
|
Ihsan Sencan
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
3 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
3 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
3 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)
|
3 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
EyesOfNetwork (EON) 5.0 - SQL Injection
|
3 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
EyesOfNetwork (EON) 5.0 - Remote Code Execution
|
3 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
CouponPHP CMS 3.1 - 'code' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-27
|
|
Professional Bus Booking Script - 'hid_Busid' SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Tour Package Booking 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Hotel Booking Script 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Delux Same Day Delivery Script 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Parcel Delivery Booking Script 1.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Courier Tracking Software 6.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Php Real Estate Property Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
B2B Marketplace Script 2.0 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Alibaba Clone Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-25
|
|
Adult Tube Video Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Just Another Video Script 1.4.3 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-24
|
|
Gr8 Gallery Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-24
|
|
Gr8 Tutorial Script - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2012-04-08
|
|
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2015-02-11
|
|
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2015-02-11
|
|
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2016-05-04
|
|
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2015-06-03
|
|
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2016-12-26
|
|
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2015-01-05
|
|
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2015-01-25
|
|
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2014-11-18
|
|
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
|
3 |
WEB
|
Metasploit
|
|
2015-02-26
|
|
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2014-10-15
|
|
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
|
3 |
WEB
|
Metasploit
|
|
2017-03-23
|
|
Flippa Clone - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
|
2017-03-22
|
|
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
|
3 |
WEB
|
Hamed Izadi
|
|
2017-03-22
|
|
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
|
2 |
WEB
|
SEC Consult
|
|
2017-03-22
|
|
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
|
3 |
WEB
|
SEC Consult
|
|
2017-03-22
|
|
GLink Word Link Script 1.2.3 - SQL Injection
|
3 |
WEB
|
Ihsan Sencan
|
