|
2017-04-11
|
|
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
|
2 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
|
2 |
WEB
|
Zhiyang Zeng
|
|
2017-04-11
|
|
FAQ Script 3.1.3 - 'category_id' SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
Social Directory Script 2.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-11
|
|
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
|
2 |
WEB
|
Manuel García Cárdenas
|
|
2017-04-11
|
|
MyClassifiedScript 5.1 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Adobe (Multiple Products) - XML Injection File Content Disclosure
|
0 |
WEB
|
Tess Sluyter
|
|
2017-04-08
|
|
Jobscript4Web 4.5 - Authentication Bypass
|
2 |
WEB
|
TurkCyberArmy
|
|
2017-04-07
|
|
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
|
2 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
|
2 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
e107 CMS 2.1.4 - Cross-Site Request Forgery
|
2 |
WEB
|
Zhiyang Zeng
|
|
2017-04-07
|
|
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
|
2 |
WEB
|
Harry Sintonen
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
2 |
WEB
|
dxw
|
|
2017-04-07
|
|
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
|
2 |
WEB
|
dxw
|
|
2017-04-07
|
|
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download
|
2 |
WEB
|
Patryk Bogdan
|
|
2017-04-07
|
|
Ladder System 6.0 - 'faqid' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
My Gaming Ladder Combo System 7.5 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Survey Template 1.1 - 'masterkey1' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Quiz Template 1.0 - 'testid' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Forum Template 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Calendar Template 2.0 - 'editid1' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Shopping Cart Template - 'item' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Document Management Template - 'hash' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-07
|
|
Invoice Template - 'hash' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
|
2 |
WEB
|
rungga_reksya
|
|
2017-04-07
|
|
Intellinet NFC-30IR Camera - Multiple Vulnerabilities
|
2 |
WEB
|
Dimitri Fousekis
|
|
2017-04-06
|
|
Moodle 2.x/3.x - SQL Injection
|
2 |
WEB
|
Marko Belzetski
|
|
2017-04-05
|
|
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
|
2 |
WEB
|
rungga_reksya
|
|
2017-04-03
|
|
GeoMoose < 2.9.2 - Directory Traversal
|
2 |
WEB
|
Sander Ferdinand
|
|
2017-04-05
|
|
D-Link DIR-615 - Cross-Site Request Forgery
|
3 |
WEB
|
Pratik S. Shah
|
|
2017-04-05
|
|
Appointment Script - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Sweepstakes Pro Software - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Premium Penny Auction Script - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
Airbnb Crashpadder Clone Script - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-05
|
|
ImagePro Lazygirls Clone Script - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confus
|
2 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
|
2 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
|
2 |
WEB
|
Google Security Research
|
|
2017-04-04
|
|
Maian Greetings 2.1 - 'cat' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Survey 1.1 - 'survey' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-04
|
|
Maian Uploader 4.0 - 'user' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-04-02
|
|
Pixie 1.0.4 - Arbitrary File Upload
|
2 |
WEB
|
rungga_reksya
|
|
2017-04-02
|
|
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
|
2 |
WEB
|
trevor Hough
|
|
2017-03-31
|
|
Membership Formula - 'order' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-31
|
|
Splunk Enterprise - Information Disclosure
|
2 |
WEB
|
hyp3rlinx
|
|
2017-03-29
|
|
EyesOfNetwork (EON) 5.1 - SQL Injection
|
1 |
WEB
|
Dany Bach
|
|
2017-03-29
|
|
Opensource Classified Ads Script - 'keyword' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
2 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
2 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
|
2 |
WEB
|
Tim Herres
|
|
2017-03-27
|
|
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)
|
2 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
EyesOfNetwork (EON) 5.0 - SQL Injection
|
2 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
EyesOfNetwork (EON) 5.0 - Remote Code Execution
|
2 |
WEB
|
Sysdream
|
|
2017-03-27
|
|
CouponPHP CMS 3.1 - 'code' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-27
|
|
Professional Bus Booking Script - 'hid_Busid' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Tour Package Booking 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Hotel Booking Script 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Delux Same Day Delivery Script 1.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Parcel Delivery Booking Script 1.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Courier Tracking Software 6.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Php Real Estate Property Script - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
B2B Marketplace Script 2.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Alibaba Clone Script - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-25
|
|
Adult Tube Video Script - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-26
|
|
Just Another Video Script 1.4.3 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-24
|
|
Gr8 Gallery Script - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-24
|
|
Gr8 Tutorial Script - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2012-04-08
|
|
Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2015-02-11
|
|
WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2015-02-11
|
|
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2016-05-04
|
|
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)
|
1 |
WEB
|
Metasploit
|
|
2015-06-03
|
|
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2016-12-26
|
|
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2015-01-05
|
|
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2015-01-25
|
|
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2014-11-18
|
|
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
|
2 |
WEB
|
Metasploit
|
|
2015-02-26
|
|
D-Link/TRENDnet - NCC Service Command Injection (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2014-10-15
|
|
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)
|
2 |
WEB
|
Metasploit
|
|
2017-03-23
|
|
Flippa Clone - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-22
|
|
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
|
2 |
WEB
|
Hamed Izadi
|
|
2017-03-22
|
|
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
|
1 |
WEB
|
SEC Consult
|
|
2017-03-22
|
|
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
|
2 |
WEB
|
SEC Consult
|
|
2017-03-22
|
|
GLink Word Link Script 1.2.3 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-21
|
|
Joomla! Component Extra Search 2.2.8 - 'establename' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-20
|
|
D-Link DGS-1510 - Multiple Vulnerabilities
|
2 |
WEB
|
Varang Amin
|
|
2017-03-20
|
|
phplist 3.2.6 - SQL Injection
|
1 |
WEB
|
Curesec Research Team
|
|
2017-03-20
|
|
Joomla! Component jCart for OpenCart 2.0 - 'product_id' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-20
|
|
Joomla! Component JooCart 2.x - 'product_id' SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-19
|
|
Secure Download Links - 'dc' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-18
|
|
Omegle Clone - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-18
|
|
DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation
|
2 |
WEB
|
Indrajith.A.N
|
|
2017-03-18
|
|
iFdate Social Dating Script 2.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-16
|
|
Cobbler 2.8.0 - (Authenticated) Remote Code Execution
|
2 |
WEB
|
Dolev Farhi
|
|
2017-03-17
|
|
Departmental Store Management System 1.2 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-17
|
|
AXIS (Multiple Products) - Cross-Site Request Forgery
|
2 |
WEB
|
Orwelllabs
|
|
2017-03-17
|
|
AXIS Communications - Cross-Site Scripting / Content Injection
|
2 |
WEB
|
Orwelllabs
|
|
2017-03-16
|
|
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download
|
1 |
WEB
|
The Martian
|
|
2017-03-15
|
|
Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
|
1 |
WEB
|
Pralhad Chaskar
|
|
2017-03-13
|
|
Steam Profile Integration 2.0.11 - SQL injection
|
1 |
WEB
|
DrWhat
|
|
2017-03-15
|
|
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
|
2 |
WEB
|
iblue
|
|
2017-03-15
|
|
Joomla! Component Vik Rent Car 1.11 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-15
|
|
Joomla! Component Vik Rent Items 1.3 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-15
|
|
Joomla! Component Vik Appointments 1.5 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-14
|
|
Joomla! Component Advertisement Board 3.0.4 - 'id' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-14
|
|
Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-13
|
|
Car Workshop System - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Fiyo CMS 2.0.6.1 - Privilege Escalation
|
2 |
WEB
|
rungga_reksya
|
|
2017-03-11
|
|
Mirage - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
PHP Forum Script 3.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Yellow Pages Script 3.2 - 'category_id' SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Yacht Listing Script 2.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Travel Tours Script 2.0 - SQL Injection
|
2 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Property Listing Script 3.1 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Pet Listing Script 3.0 - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Vanelo - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Global In - Arbitrary File Upload
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Global In - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-11
|
|
Domain Marketplace Script - SQL Injection
|
1 |
WEB
|
Ihsan Sencan
|
|
2017-03-09
|
|
e107 < 2.1.4 - 'keyword' Blind SQL Injection
|
1 |
WEB
|
StAkeR
|
|
2017-03-10
|
|
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
|
1 |
WEB
|
KoreLogic
|
|
2017-03-10
|
|
dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting
|
1 |
WEB
|
Shorebreak Security
|
|
2017-03-10
|
|
Kinsey Infor/Lawson / ESBUS - SQL Injection
|
1 |
WEB
|
Michael Benich
|
|
2017-03-10
|
|
FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery
|
1 |
WEB
|
hyp3rlinx
|
