|
2016-03-31
|
|
MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)
|
13 |
WEB
|
LiquidWorm
|
|
2016-03-30
|
|
CubeCart 6.0.10 - Multiple Vulnerabilities
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2016-03-28
|
|
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting
|
13 |
WEB
|
Sarim Kiani
|
|
2016-03-27
|
|
WordPress Plugin Photocart Link 1.6 - Local File Inclusion
|
8 |
WEB
|
CrashBandicot
|
|
2016-03-27
|
|
Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery
|
8 |
WEB
|
hyp3rlinx
|
|
2016-03-27
|
|
WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion
|
10 |
WEB
|
CrashBandicot
|
|
2016-03-23
|
|
MiCollab 7.0 - SQL Injection
|
14 |
WEB
|
Goran Tuzovic
|
|
2016-03-22
|
|
WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download
|
12 |
WEB
|
Felipe Molina
|
|
2016-03-22
|
|
WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion
|
10 |
WEB
|
AMAR^SHG
|
|
2016-03-22
|
|
WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion
|
9 |
WEB
|
AMAR^SHG
|
|
2016-03-22
|
|
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection
|
10 |
WEB
|
Persian Hack Team
|
|
2016-03-22
|
|
WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download
|
10 |
WEB
|
CrashBandicot
|
|
2016-03-21
|
|
ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
Michael Helwig
|
|
2016-03-21
|
|
iTop 2.2.1 - Cross-Site Request Forgery
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2016-03-21
|
|
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2016-03-21
|
|
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
|
13 |
WEB
|
AMAR^SHG
|
|
2016-03-21
|
|
XOOPS 2.5.7.2 - Directory Traversal Bypass
|
14 |
WEB
|
hyp3rlinx
|
|
2016-03-21
|
|
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
|
11 |
WEB
|
hyp3rlinx
|
|
2016-03-21
|
|
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
|
11 |
WEB
|
Saeed reza Zamanian
|
|
2016-03-21
|
|
Disc ORGanizer (DORG) - Multiple Vulnerabilities
|
16 |
WEB
|
SECUPENT
|
|
2016-03-21
|
|
WordPress Plugin Abtest - Local File Inclusion
|
14 |
WEB
|
CrashBandicot
|
|
2016-03-21
|
|
WordPress Plugin Import CSV 1.0 - Directory Traversal
|
10 |
WEB
|
Wadeek
|
|
2016-03-21
|
|
WordPress Plugin eBook Download 1.1 - Directory Traversal
|
10 |
WEB
|
Wadeek
|
|
2016-03-20
|
|
Wildfly - 'WEB-INF' / 'META-INF' Information Disclosure via Filter Restriction Bypass
|
8 |
WEB
|
Tal Solomon of Palantir Security
|
|
2016-03-17
|
|
PivotX 2.3.11 - Directory Traversal
|
9 |
WEB
|
Curesec Research Team
|
|
2016-03-17
|
|
ZenPhoto 1.4.11 - Remote File Inclusion
|
9 |
WEB
|
Curesec Research Team
|
|
2016-03-16
|
|
Monstra CMS 3.0.3 - Multiple Vulnerabilities
|
12 |
WEB
|
Sarim Kiani
|
|
2016-03-16
|
|
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
|
9 |
WEB
|
BrianWGray
|
|
2016-03-15
|
|
Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities
|
12 |
WEB
|
Security-Assessment.com
|
|
2016-03-14
|
|
TeamPass 2.1.24 - Multiple Vulnerabilities
|
8 |
WEB
|
Vincent Malguy
|
|
2016-03-14
|
|
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
|
8 |
WEB
|
Wadeek
|
|
2016-03-11
|
|
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
|
12 |
WEB
|
Colette Chamberland
|
|
2016-03-11
|
|
WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload
|
10 |
WEB
|
Colette Chamberland
|
|
2016-03-10
|
|
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Mohammad Khaleghi
|
|
2016-03-10
|
|
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities
|
8 |
WEB
|
Colette Chamberland
|
|
2016-03-09
|
|
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
|
6 |
WEB
|
LSE Leading Security Experts GmbH
|
|
2016-03-09
|
|
Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities
|
10 |
WEB
|
Brandon Murphy
|
|
2016-03-07
|
|
Cerberus Helpdesk (Cerb5) 5 < 6.7 - Password Hash Disclosure
|
6 |
WEB
|
asdizzle_
|
|
2016-03-07
|
|
ATutor LMS - '/install_modules.php' Cross-Site Request Forgery / Remote Code Execution
|
11 |
WEB
|
mr_me
|
|
2016-03-03
|
|
WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation
|
13 |
WEB
|
Panagiotis Vagenas
|
|
2016-03-01
|
|
WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities
|
13 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-02-29
|
|
WordPress Plugin More Fields 2.1 - Cross-Site Request Forgery
|
8 |
WEB
|
Aatif Shahdad
|
|
2016-02-26
|
|
Joomla! Component com_poweradmin 2.3.0 - Multiple Vulnerabilities
|
8 |
WEB
|
RatioSec Research
|
|
2016-02-26
|
|
Centreon 2.5.3 - Remote Command Execution
|
8 |
WEB
|
Sysdream
|
|
2016-02-26
|
|
Zimbra 8.0.9 GA - Cross-Site Request Forgery
|
9 |
WEB
|
Sysdream
|
|
2016-02-26
|
|
WordPress Plugin Ocim MP3 - SQL Injection
|
9 |
WEB
|
xevil & Blankon33
|
|
2016-02-26
|
|
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2016-02-25
|
|
IBM Lotus Domino R8 - Password Hash Extraction
|
11 |
WEB
|
Jonathan Broche
|
|
2016-02-24
|
|
WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation
|
9 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-23
|
|
Ubiquiti Networks UniFi 3.2.10 - Cross-Site Request Forgery
|
13 |
WEB
|
Julien Ahrens
|
|
2016-02-23
|
|
Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal
|
11 |
WEB
|
hantwister
|
|
2016-02-22
|
|
Thru Managed File Transfer Portal 9.0.2 - SQL Injection
|
10 |
WEB
|
SySS GmbH
|
|
2016-02-22
|
|
BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
|
9 |
WEB
|
Security-Assessment.com
|
|
2016-02-22
|
|
InstantCoder 1.0 iOS - Multiple Vulnerabilities
|
9 |
WEB
|
Vulnerability-Lab
|
|
2016-02-20
|
|
SOLIDserver < 5.0.4 - Local File Inclusion
|
10 |
WEB
|
Saeed reza Zamanian
|
|
2016-02-19
|
|
ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities
|
10 |
WEB
|
Sachin Wagh
|
|
2016-02-19
|
|
Chamilo LMS - Persistent Cross-Site Scripting
|
10 |
WEB
|
Vulnerability-Lab
|
|
2016-02-19
|
|
Chamilo LMS IDOR - 'messageId' Delete POST Injection
|
11 |
WEB
|
Vulnerability-Lab
|
|
2016-02-18
|
|
DirectAdmin 1.491 - Cross-Site Request Forgery
|
10 |
WEB
|
Necmettin COSKUN
|
|
2016-02-18
|
|
Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Necmettin COSKUN
|
|
2016-02-17
|
|
Redaxo 5.0.0 - Multiple Vulnerabilities
|
10 |
WEB
|
LSE Leading Security Experts GmbH
|
|
2016-02-17
|
|
OCS Inventory NG 2.2 - SQL Injection
|
10 |
WEB
|
Ephreet
|
|
2016-02-17
|
|
JMX2 Email Tester - 'save_email.php' Arbitrary File Upload
|
11 |
WEB
|
HaHwul
|
|
2016-02-16
|
|
phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery
|
10 |
WEB
|
hyp3rlinx
|
|
2016-02-16
|
|
WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery
|
12 |
WEB
|
Mohsen Lotfi
|
|
2016-02-16
|
|
ManageEngine Network Configuration Management Build 11000 - Privilege Escalation
|
11 |
WEB
|
Kaustubh G. Padwad
|
|
2016-02-16
|
|
ManageEngine OPutils 8.0 - Multiple Vulnerabilities
|
11 |
WEB
|
Kaustubh G. Padwad
|
|
2016-02-15
|
|
Tiny Tiny RSS - Blind SQL Injection
|
10 |
WEB
|
Kacper Szurek
|
|
2015-08-27
|
|
Oracle GlassFish Server 4.1 - Directory Traversal
|
13 |
WEB
|
Trustwave's SpiderLabs
|
|
2016-02-10
|
|
Yeager CMS 1.2.1 - Multiple Vulnerabilities
|
15 |
WEB
|
SEC Consult
|
|
2016-02-10
|
|
Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
|
11 |
WEB
|
Vulnerability-Lab
|
|
2010-03-10
|
|
Employee TimeClock Software 0.99 - SQL Injection
|
12 |
WEB
|
Secunia Research
|
|
2016-02-08
|
|
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities
|
9 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-02-08
|
|
WordPress Plugin WP User Frontend < 2.3.11 - Unrestricted Arbitrary File Upload
|
12 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation
|
7 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
|
8 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-08
|
|
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
|
9 |
WEB
|
hyp3rlinx
|
|
2016-02-08
|
|
Solr 3.5.0 - Arbitrary Data Deletion
|
8 |
WEB
|
N37
|
|
2016-02-04
|
|
Symphony CMS 2.6.3 - Multiple SQL Injections
|
6 |
WEB
|
Sachin Wagh
|
|
2016-02-04
|
|
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Curesec Research Team
|
|
2016-02-04
|
|
OpenDocMan 1.3.4 - Cross-Site Request Forgery
|
6 |
WEB
|
Curesec Research Team
|
|
2016-02-04
|
|
UliCMS v9.8.1 - SQL Injection
|
7 |
WEB
|
Manuel García Cárdenas
|
|
2016-02-04
|
|
Netgear NMS300 ProSafe Network Management System - Multiple Vulnerabilities
|
7 |
WEB
|
Pedro Ribeiro
|
|
2016-02-04
|
|
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
|
7 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-04
|
|
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
|
7 |
WEB
|
Panagiotis Vagenas
|
|
2016-02-04
|
|
D-Link DVGN5402SP - Multiple Vulnerabilities
|
8 |
WEB
|
Karn Ganeshen
|
|
2016-02-04
|
|
GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities
|
8 |
WEB
|
Karn Ganeshen
|
|
2016-02-03
|
|
Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting
|
9 |
WEB
|
Portcullis
|
|
2016-02-03
|
|
Jive Forums 5.5.25 - Directory Traversal
|
8 |
WEB
|
ZhaoHuAn
|
|
2016-02-03
|
|
TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections
|
7 |
WEB
|
Benetrix
|
|
2016-02-02
|
|
eClinicalWorks (CCMR) - Multiple Vulnerabilities
|
9 |
WEB
|
Jerold Hoong
|
|
2016-02-02
|
|
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery
|
8 |
WEB
|
Kaustubh G. Padwad
|
|
2016-02-01
|
|
ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation
|
11 |
WEB
|
GraphX
|
|
2016-02-01
|
|
Hippo CMS 10.1 - Multiple Vulnerabilities
|
12 |
WEB
|
LiquidWorm
|
|
2016-02-01
|
|
iScripts EasyCreate 3.0 - Remote Code Execution
|
14 |
WEB
|
Bikramaditya Guha
|
|
2016-02-01
|
|
iScripts EasyCreate 3.0 - Multiple Vulnerabilities
|
8 |
WEB
|
Bikramaditya Guha
|
|
2016-01-29
|
|
ProjectSend r582 - Multiple Vulnerabilities
|
8 |
WEB
|
Filippo Cavallarin
|
|
2016-01-29
|
|
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
|
11 |
WEB
|
ALIREZA_PROMIS
|
|
2016-01-28
|
|
SAP HANA 1.00.095 - hdbindexserver Memory Corruption
|
12 |
WEB
|
ERPScan
|
|
2016-01-28
|
|
Netgear WNR1000v4 - Authentication Bypass
|
9 |
WEB
|
Daniel Haake
|
|
2016-01-28
|
|
Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion
|
9 |
WEB
|
bd0rk
|
|
2016-01-28
|
|
Ramui Forum Script 9.0 - SQL Injection
|
8 |
WEB
|
bd0rk
|
|
2014-07-17
|
|
Fonality trixbox - 'index.php' Remote Code Execution
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'endpointcfg.php' Directory Traversal
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'repo.php' Directory Traversal
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'asterisk_info.php' Directory Traversal
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'index.php' Directory Traversal
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
Fonality trixbox - 'endpoint_generic.php' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/create_account.php?country' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/affiliate_show_banner.php?affiliate_banner_id' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-07-17
|
|
OL-Commerce - '/OL-Commerce/affiliate_signup.php?a_country' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2016-01-27
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection
|
9 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-27
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities
|
10 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-27
|
|
BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities
|
11 |
WEB
|
Rahul Pratap Singh
|
|
2016-01-27
|
|
Secure Item Hub 1.0 iOS - Multiple Vulnerabilities
|
12 |
WEB
|
Vulnerability-Lab
|
|
2014-06-12
|
|
Yealink VoIP Phones - '/servlet' HTTP Response Splitting
|
11 |
WEB
|
Jesus Oquendo
|
|
2014-06-08
|
|
WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
|
10 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-05-19
|
|
Wiser Backup - Information Disclosure
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2016-01-26
|
|
Gongwalker API Manager 1.1 - Blind SQL Injection
|
8 |
WEB
|
HaHwul
|
|
2016-01-26
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
|
12 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2014-09-14
|
|
WordPress Plugin Wordfence Security - Multiple Vulnerabilities
|
10 |
WEB
|
Voxel@Night
|
|
2014-09-12
|
|
Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery
|
15 |
WEB
|
KnocKout
|
|
2016-01-25
|
|
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
|
8 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2016-01-25
|
|
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
|
10 |
WEB
|
Aatif Shahdad
|
