|
2016-08-16
|
|
Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist
|
10 |
WEB
|
loneferret
|
|
2016-08-16
|
|
Lepton CMS 2.2.0/2.2.1 - PHP Code Injection
|
11 |
WEB
|
hyp3rlinx
|
|
2016-08-16
|
|
Lepton CMS 2.2.0/2.2.1 - Directory Traversal
|
11 |
WEB
|
hyp3rlinx
|
|
2016-08-16
|
|
WSO2 Carbon 4.4.5 - Denial of Service / Cross-Site Request Forgery
|
11 |
WEB
|
hyp3rlinx
|
|
2016-08-16
|
|
WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting
|
11 |
WEB
|
hyp3rlinx
|
|
2016-08-16
|
|
WSO2 Carbon 4.4.5 - Local File Inclusion
|
11 |
WEB
|
hyp3rlinx
|
|
2016-08-16
|
|
WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities
|
9 |
WEB
|
hyp3rlinx
|
|
2016-08-15
|
|
Zabbix 2.2.x/3.0.x - SQL Injection
|
10 |
WEB
|
1n3
|
|
2016-08-15
|
|
GitLab - 'impersonate' Feature Privilege Escalation
|
11 |
WEB
|
Kaimi
|
|
2016-08-11
|
|
ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal
|
11 |
WEB
|
Rv3Laboratory
|
|
2016-08-10
|
|
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities
|
10 |
WEB
|
Pedro Ribeiro
|
|
2016-08-10
|
|
EyeLock nano NXT 3.5 - Remote Code Execution
|
10 |
WEB
|
LiquidWorm
|
|
2016-08-10
|
|
EyeLock nano NXT 3.5 - Local File Disclosure
|
11 |
WEB
|
LiquidWorm
|
|
2016-08-10
|
|
vBulletin 5.2.2 - Server-Side Request Forgery
|
13 |
WEB
|
Dawid Golunski
|
|
2016-08-10
|
|
Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
14 |
WEB
|
hyp3rlinx
|
|
2016-08-08
|
|
WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)
|
9 |
WEB
|
Edwin Molenaar
|
|
2016-08-08
|
|
PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection
|
11 |
WEB
|
Vulnerability-Lab
|
|
2016-08-08
|
|
Navis Webaccess - SQL Injection
|
9 |
WEB
|
bRpsd
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
|
10 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion
|
9 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)
|
8 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
|
10 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Local File Disclosure
|
9 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
|
9 |
WEB
|
LiquidWorm
|
|
2016-08-06
|
|
NUUO NVRmini 2 3.0.8 - Remote Code Execution
|
11 |
WEB
|
LiquidWorm
|
|
2016-08-05
|
|
NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
|
10 |
WEB
|
SySS GmbH
|
|
2016-08-05
|
|
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
|
10 |
WEB
|
Julien Rentrop
|
|
2016-08-05
|
|
Davolink DV-2051 - Multiple Vulnerabilities
|
8 |
WEB
|
Eric Flokstra
|
|
2016-08-05
|
|
PHP Power Browse 1.2 - Directory Traversal
|
11 |
WEB
|
Manuel Mancera
|
|
2016-08-05
|
|
Subrion CMS 4.0.5 - SQL Injection
|
11 |
WEB
|
Vulnerability-Lab
|
|
2016-08-02
|
|
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
|
14 |
WEB
|
Vinesh Redkar
|
|
2016-08-01
|
|
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Su
|
11 |
WEB
|
Yorick Koster
|
|
2016-08-01
|
|
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
|
11 |
WEB
|
Dennis Kerdijk & Erwin Kievith
|
|
2016-08-01
|
|
WordPress Plugin Booking Calendar 6.2 - SQL Injection
|
9 |
WEB
|
Edwin Molenaar
|
|
2016-07-29
|
|
phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution
|
11 |
WEB
|
@iamsecurity
|
|
2016-07-29
|
|
Trend Micro Deep Discovery 3.7/3.8 SP1 (3.81)/3.8 SP2 (3.82) - 'hotfix_upload.cgi' Filename Remote C
|
12 |
WEB
|
korpritzombie
|
|
2016-07-29
|
|
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
|
14 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-07-29
|
|
AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution
|
12 |
WEB
|
Orwelllabs
|
|
2016-07-26
|
|
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution
|
10 |
WEB
|
LiquidWorm
|
|
2016-07-26
|
|
Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2016-07-26
|
|
PHP File Vault 0.9 - Directory Traversal
|
9 |
WEB
|
N_A
|
|
2016-07-25
|
|
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
|
9 |
WEB
|
SEC Consult
|
|
2016-07-25
|
|
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
|
11 |
WEB
|
James McLean
|
|
2016-07-25
|
|
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
|
9 |
WEB
|
Gergely Eberhardt
|
|
2016-07-25
|
|
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
|
9 |
WEB
|
Gergely Eberhardt
|
|
2016-07-25
|
|
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
|
8 |
WEB
|
Gergely Eberhardt
|
|
2016-07-25
|
|
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
|
10 |
WEB
|
Gergely Eberhardt
|
|
2016-07-25
|
|
PHP gettext 1.0.12 - 'gettext.php' Code Execution
|
8 |
WEB
|
kmkz
|
|
2016-07-25
|
|
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
|
9 |
WEB
|
kmkz
|
|
2016-07-25
|
|
CodoForum 3.2.1 - SQL Injection
|
11 |
WEB
|
Yakir Wizman
|
|
2016-07-25
|
|
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)
|
11 |
WEB
|
Mehmet Ince
|
|
2016-07-21
|
|
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
|
11 |
WEB
|
Hasan Emre Ozer
|
|
2016-07-20
|
|
WordPress Plugin Video Player 1.5.16 - SQL Injection
|
11 |
WEB
|
David Vaartjes
|
|
2016-07-20
|
|
Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities
|
12 |
WEB
|
LiquidWorm
|
|
2016-07-20
|
|
Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)
|
11 |
WEB
|
LiquidWorm
|
|
2016-07-20
|
|
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
|
11 |
WEB
|
LiquidWorm
|
|
2016-07-20
|
|
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
|
11 |
WEB
|
Vulnerability-Lab
|
|
2016-07-19
|
|
newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure
|
11 |
WEB
|
Meisam Monsef
|
|
2016-07-19
|
|
NewsP Free News Script 1.4.7 - User Credentials Disclosure
|
15 |
WEB
|
Meisam Monsef
|
|
2014-10-12
|
|
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
|
10 |
WEB
|
tintinweb
|
|
2014-10-12
|
|
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting
|
11 |
WEB
|
tintinweb
|
|
2016-07-15
|
|
Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure
|
14 |
WEB
|
Damaster
|
|
2016-07-14
|
|
Joomla! Component Guru Pro - 'Itemid' SQL Injection
|
12 |
WEB
|
s0nk3y
|
|
2016-07-13
|
|
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities
|
12 |
WEB
|
Julien Ahrens
|
|
2016-07-13
|
|
GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials
|
10 |
WEB
|
ndevnull
|
|
2016-07-11
|
|
Clinic Management System - Blind SQL Injection
|
15 |
WEB
|
Yakir Wizman
|
|
2016-07-11
|
|
Beauty Parlour & SPA Saloon Management System - Blind SQL Injection
|
14 |
WEB
|
Yakir Wizman
|
|
2016-07-11
|
|
Tiki Wiki 15.1 - File Upload (Metasploit)
|
16 |
WEB
|
Mehmet Ince
|
|
2016-07-11
|
|
IPS Community Suite 4.1.12.3 - PHP Code Injection
|
13 |
WEB
|
Egidio Romano
|
|
2016-07-11
|
|
WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting
|
12 |
WEB
|
Han Sahin
|
|
2016-07-11
|
|
WordPress Plugin All in One SEO Pack 2.3.6.1 - Persistent Cross-Site Scripting
|
15 |
WEB
|
David Vaartjes
|
|
2016-07-11
|
|
Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass
|
12 |
WEB
|
Gregory Smiley
|
|
2016-07-11
|
|
Tiki Wiki CMS 15.0 - Arbitrary File Download
|
14 |
WEB
|
Kacper Szurek
|
|
2016-07-08
|
|
Streamo Online Radio And TV Streaming CMS - SQL Injection
|
12 |
WEB
|
N4TuraL
|
|
2016-07-08
|
|
CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval
|
15 |
WEB
|
LiquidWorm
|
|
2016-07-08
|
|
PHP Real Estate Script 3 - Arbitrary File Disclosure
|
14 |
WEB
|
Meisam Monsef
|
|
2016-07-08
|
|
WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)
|
8 |
WEB
|
Persian Hack Team
|
|
2016-07-07
|
|
OPAC KpwinSQL - Multiple Vulnerabilities
|
10 |
WEB
|
Yakir Wizman
|
|
2016-07-06
|
|
OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities
|
12 |
WEB
|
Sysdream
|
|
2016-07-06
|
|
PaKnPost Pro 1.14 - Multiple Vulnerabilities
|
12 |
WEB
|
Edvin Rustemagic_ Grega Preseren
|
|
2016-07-06
|
|
Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
|
12 |
WEB
|
Bikramaditya Guha
|
|
2016-07-06
|
|
24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
|
13 |
WEB
|
Rahul Raz
|
|
2016-07-06
|
|
CIMA DocuClass ECM - Multiple Vulnerabilities
|
11 |
WEB
|
Karn Ganeshen
|
|
2016-07-04
|
|
eCardMAX 10.5 - Multiple Vulnerabilities
|
12 |
WEB
|
Bikramaditya Guha
|
|
2016-07-04
|
|
WebCalendar 1.2.7 - Multiple Vulnerabilities
|
13 |
WEB
|
hyp3rlinx
|
|
2016-07-04
|
|
WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities
|
12 |
WEB
|
Mukarram Khalid
|
|
2016-07-07
|
|
Tiki Wiki 15.1 - File Upload
|
11 |
WEB
|
Ivan Ivanovic
|
|
2016-07-04
|
|
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
|
11 |
WEB
|
Yakir Wizman
|
|
2016-07-04
|
|
XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery
|
10 |
WEB
|
LiquidWorm
|
|
2016-07-01
|
|
Phoenix Exploit Kit - Remote Code Execution
|
8 |
WEB
|
CrashBandicot
|
|
2016-06-30
|
|
Ktools Photostore 4.7.5 - Blind SQL Injection
|
9 |
WEB
|
Gal Goldshtein & Viktor Minin
|
|
2016-06-29
|
|
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
|
12 |
WEB
|
Egidio Romano
|
|
2016-06-29
|
|
Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)
|
11 |
WEB
|
KoreLogic
|
|
2016-06-29
|
|
WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection
|
12 |
WEB
|
wp0Day.com
|
|
2016-06-29
|
|
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
|
10 |
WEB
|
hyp3rlinx
|
|
2016-06-28
|
|
Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection
|
12 |
WEB
|
Matt Bush
|
|
2016-06-27
|
|
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
|
13 |
WEB
|
Security-Assessment.com
|
|
2016-06-27
|
|
SugarCRM 6.5.18 - PHP Code Injection
|
13 |
WEB
|
Egidio Romano
|
|
2016-06-27
|
|
BigTree CMS 4.2.11 - SQL Injection
|
14 |
WEB
|
Mehmet Ince
|
|
2016-06-27
|
|
iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting
|
9 |
WEB
|
Bikramaditya Guha
|
|
2016-06-27
|
|
My Little Forum 2.3.5 - PHP Command Injection
|
10 |
WEB
|
hyp3rlinx
|
|
2016-06-27
|
|
Kagao 3.0 - Multiple Vulnerabilities
|
9 |
WEB
|
N4TuraL
|
|
2016-06-27
|
|
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2016-06-27
|
|
CodoForum 3.4 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Ahmed Sherif
|
|
2016-06-27
|
|
OPAC KpwinSQL - SQL Injection
|
9 |
WEB
|
bRpsd
|
|
2016-06-27
|
|
WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload
|
11 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-06-23
|
|
FinderView - Multiple Vulnerabilities
|
12 |
WEB
|
HaHwul
|
|
2016-06-23
|
|
XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)
|
11 |
WEB
|
HaHwul
|
|
2016-06-23
|
|
XuezhuLi FileSharing - Directory Traversal
|
12 |
WEB
|
HaHwul
|
|
2016-06-23
|
|
Getsimple CMS 3.3.10 - Arbitrary File Upload
|
13 |
WEB
|
s0nk3y
|
|
2016-06-23
|
|
Alibaba Clone B2B Script - Arbitrary File Disclosure
|
12 |
WEB
|
Meisam Monsef
|
|
2016-06-21
|
|
YetiForce CRM < 3.1 - Persistent Cross-Site Scripting
|
11 |
WEB
|
David Silveiro
|
|
2016-06-21
|
|
Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
David Silveiro
|
|
2016-06-21
|
|
SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal
|
9 |
WEB
|
ERPScan
|
|
2016-06-21
|
|
SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity
|
9 |
WEB
|
ERPScan
|
|
2016-06-21
|
|
Joomla! Component com_publisher - SQL Injection
|
9 |
WEB
|
s0nk3y
|
|
2016-06-21
|
|
Yona CMS - Cross-Site Request Forgery
|
9 |
WEB
|
s0nk3y
|
|
2016-06-21
|
|
IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)
|
11 |
WEB
|
s0nk3y
|
|
2016-06-20
|
|
Symphony CMS 2.6.7 - Session Fixation
|
10 |
WEB
|
hyp3rlinx
|
|
2016-06-20
|
|
Airia - Arbitrary File Upload
|
10 |
WEB
|
HaHwul
|
|
2016-06-20
|
|
Airia - Cross-Site Request Forgery (Add Content)
|
12 |
WEB
|
HaHwul
|
|
2016-06-20
|
|
WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite
|
12 |
WEB
|
wp0Day.com
|
|
2016-06-20
|
|
Joomla! Component com_bt_media 1.0 - SQL Injection
|
7 |
WEB
|
Persian Hack Team
|
|
2016-06-20
|
|
sNews CMS 1.7.1 - Multiple Vulnerabilities
|
12 |
WEB
|
hyp3rlinx
|
|
2016-06-20
|
|
WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation
|
12 |
WEB
|
i0akiN SEC-LABORATORY
|
