|
2014-09-08
|
|
WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery
|
9 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery
|
8 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin WP to Twitter - Authentication Bypass
|
7 |
WEB
|
Voxel@Night
|
|
2014-09-08
|
|
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
|
8 |
WEB
|
Voxel@Night
|
|
2014-09-07
|
|
WordPress Plugin Spider Facebook - 'facebook.php' SQL Injection
|
7 |
WEB
|
Claudio Viviani
|
|
2014-09-08
|
|
WordPress Theme Antioch - 'download.php' Arbitrary File Download
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Epic - 'download.php' Arbitrary File Download
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Authentic - 'download.php' Arbitrary File Download
|
9 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-09-08
|
|
WordPress Theme Urban City - 'download.php' Arbitrary File Download
|
12 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-08-26
|
|
Joomla! Component spidervideoplayer - 'theme' SQL Injection
|
10 |
WEB
|
Claudio Viviani
|
|
2014-08-24
|
|
WordPress Plugin KenBurner Slider - 'admin-ajax.php' Arbitrary File Download
|
11 |
WEB
|
MF0x
|
|
2014-08-22
|
|
MyAwards MyBB Module - Cross-Site Request Forgery
|
9 |
WEB
|
Vagineer
|
|
2014-08-20
|
|
ArticleFR - 'id' SQL Injection
|
7 |
WEB
|
High-Tech Bridge
|
|
2014-08-20
|
|
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
|
7 |
WEB
|
Pedro Ribeiro
|
|
2014-08-19
|
|
WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal
|
7 |
WEB
|
Henri Salo
|
|
2014-07-28
|
|
WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection
|
8 |
WEB
|
Amirh03in
|
|
2014-08-11
|
|
WordPress Plugin GB Gallery Slideshow - '/wp-admin/admin-ajax.php' SQL Injection
|
8 |
WEB
|
Claudio Viviani
|
|
2014-08-08
|
|
VoipSwitch - 'user.php' Local File Inclusion
|
10 |
WEB
|
0x4148
|
|
2014-05-28
|
|
WordPress Plugin HDW Player - '/wp-admin/admin.php' SQL Injection
|
11 |
WEB
|
Anant Shrivastava
|
|
2014-08-06
|
|
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
|
12 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-07-28
|
|
CMSimple 4.4.4 - 'color' Remote Code Execution
|
8 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
CMSimple 4.4.4 - Remote File Inclusion
|
8 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
CMSimple - Default Administrator Credentials
|
8 |
WEB
|
Govind Singh
|
|
2014-07-28
|
|
WordPress Plugin WhyDoWork AdSense - 'options-general.php' Cross-Site Request Forgery (Option Manipu
|
8 |
WEB
|
Dylan Irzi
|
|
2014-07-28
|
|
WordPress Plugin Lead Octopus Power - 'id' SQL Injection
|
9 |
WEB
|
Amirh03in
|
|
2014-07-23
|
|
Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass
|
8 |
WEB
|
Seth Art
|
|
2014-07-23
|
|
Ilya Birman E2 - '/@actions/comment-process' SQL Injection
|
8 |
WEB
|
High-Tech Bridge
|
|
2016-01-18
|
|
SeaWell Networks Spectrum - Multiple Vulnerabilities
|
8 |
WEB
|
Karn Ganeshen
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery
|
8 |
WEB
|
hyp3rlinx
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting
|
8 |
WEB
|
hyp3rlinx
|
|
2016-01-18
|
|
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
|
11 |
WEB
|
hyp3rlinx
|
|
2014-05-28
|
|
WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal
|
10 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal
|
8 |
WEB
|
Anant Shrivastava
|
|
2014-07-14
|
|
WEBMIS CMS - Arbitrary File Upload
|
7 |
WEB
|
Jagriti Sahu
|
|
2014-07-14
|
|
WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload
|
7 |
WEB
|
Jagriti Sahu
|
|
2014-05-28
|
|
WordPress Plugin ENL NewsLetter - '/wp-admin/admin.php' SQL Injection
|
7 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin WP Rss Poster - '/wp-admin/admin.php' SQL Injection
|
7 |
WEB
|
Anant Shrivastava
|
|
2014-05-28
|
|
WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion
|
7 |
WEB
|
Anant Shrivastava
|
|
2014-07-13
|
|
WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection
|
7 |
WEB
|
MustLive
|
|
2014-07-10
|
|
WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities
|
7 |
WEB
|
Govind Singh
|
|
2016-01-15
|
|
mcart.xls Bitrix Module 6.5.2 - SQL Injection
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2016-01-15
|
|
Roundcube Webmail 1.1.3 - Directory Traversal
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2016-01-15
|
|
phpDolphin 2.0.5 - Multiple Vulnerabilities
|
10 |
WEB
|
WhiteCollarGroup
|
|
2016-01-15
|
|
GlassFish Server - Arbitrary File Read
|
8 |
WEB
|
bingbing
|
|
2014-07-09
|
|
WordPress Plugin BSK PDF Manager - '/wp-admin/admin.php' Multiple SQL Injections
|
8 |
WEB
|
Claudio Viviani
|
|
2014-07-07
|
|
xClassified - 'ads.php' SQL Injection
|
7 |
WEB
|
Lazmania61
|
|
2014-07-07
|
|
AtomCMS - SQL Injection / Arbitrary File Upload
|
7 |
WEB
|
Jagriti Sahu
|
|
2014-05-19
|
|
WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload
|
7 |
WEB
|
SANTHO
|
|
2016-01-14
|
|
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
|
7 |
WEB
|
Bikramaditya Guha
|
|
2016-01-14
|
|
Manage Engine Applications Manager 12 - Multiple Vulnerabilities
|
8 |
WEB
|
Bikramaditya Guha
|
|
2016-01-14
|
|
SevOne NMS 5.3.6.0 - Remote Command Execution
|
8 |
WEB
|
@iamsecurity
|
|
2016-01-13
|
|
WhatsUp Gold 16.3 - Remote Code Execution
|
8 |
WEB
|
Matt Buzanowski
|
|
2014-06-24
|
|
ZeusCart - 'prodid' SQL Injection
|
9 |
WEB
|
Kenny Mathis
|
|
2014-06-10
|
|
WordPress Plugin Featured Comments - Cross-Site Request Forgery
|
8 |
WEB
|
Tom Adams
|
|
2014-06-10
|
|
WordPress Plugin JW Player for Flash & HTML5 Video - Cross-Site Request Forgery
|
10 |
WEB
|
Tom Adams
|
|
2014-06-08
|
|
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
|
9 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-05-15
|
|
Seo Panel - 'file' Directory Traversal
|
10 |
WEB
|
Eric Sesterhenn
|
|
2014-05-28
|
|
webEdition CMS - 'we_fs.php' SQL Injection
|
14 |
WEB
|
RedTeam Pentesting GmbH
|
|
2016-01-08
|
|
WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities
|
14 |
WEB
|
Rahul Pratap Singh
|
|
2014-05-24
|
|
PHP-Nuke 'Submit_News' Component - SQL Injection
|
13 |
WEB
|
ali ahmady
|
|
2014-05-23
|
|
Pyplate - 'addScript.py' Cross-Site Request Forgery
|
10 |
WEB
|
Henri Salo
|
|
2014-05-25
|
|
User Cake - Cross-Site Request Forgery
|
11 |
WEB
|
Dolev Farhi
|
|
2014-05-21
|
|
WordPress Plugin Booking System (Booking Calendar) - 'booking_form_id' SQL Injection
|
11 |
WEB
|
maodun
|
|
2016-01-07
|
|
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
|
12 |
WEB
|
Brian D. Hysell
|
|
2016-01-07
|
|
D-Link DCS-931L - Arbitrary File Upload (Metasploit)
|
11 |
WEB
|
Metasploit
|
|
2014-05-20
|
|
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
|
10 |
WEB
|
Manish Tanwar
|
|
2014-05-18
|
|
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
|
9 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-05-19
|
|
Softmatica SMART iPBX - Multiple SQL Injections
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-05-19
|
|
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-05-16
|
|
CIS Manager - 'email' SQL Injection
|
13 |
WEB
|
Edge
|
|
2016-01-06
|
|
MediaAccess TG788vn - File Disclosure
|
13 |
WEB
|
0x4148
|
|
2014-05-08
|
|
CMS Touch - 'news.php?News_ID' SQL Injection
|
11 |
WEB
|
indoushka
|
|
2014-05-08
|
|
CMS Touch - 'pages.php?Page_ID' SQL Injection
|
11 |
WEB
|
indoushka
|
|
2014-05-08
|
|
TOA - Cross-Site Request Forgery
|
14 |
WEB
|
High-Tech Bridge
|
|
2014-05-07
|
|
Caldera - '/costview2/printers.php?tr' SQL Injection
|
13 |
WEB
|
Thomas Fischer
|
|
2014-05-07
|
|
Caldera - '/costview2/jobs.php?tr' SQL Injection
|
11 |
WEB
|
Thomas Fischer
|
|
2014-05-05
|
|
PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection
|
9 |
WEB
|
indoushka
|
|
2016-01-05
|
|
PHPIPAM 1.1.010 - Multiple Vulnerabilities
|
11 |
WEB
|
Mickael Dorigny
|
|
2016-01-05
|
|
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
|
10 |
WEB
|
Sebastian Perez
|
|
2016-01-05
|
|
Simple PHP Polling System - Multiple Vulnerabilities
|
10 |
WEB
|
WICS
|
|
2016-01-05
|
|
Online Airline Booking System - Multiple Vulnerabilities
|
8 |
WEB
|
Manish Tanwar
|
|
2014-04-06
|
|
Puntopy - 'novedad.php' SQL Injection
|
14 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-04-02
|
|
ZamFoo - Multiple Remote Command Execution Vulnerabilities
|
16 |
WEB
|
Al-Shabaab
|
|
2014-04-22
|
|
iDevAffiliate - 'idevads.php' SQL Injection
|
13 |
WEB
|
Robert Cooper
|
|
2016-01-02
|
|
Open Audit - SQL Injection
|
14 |
WEB
|
Rahul Pratap Singh
|
|
2014-04-14
|
|
Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection
|
11 |
WEB
|
Daniel Godoy
|
|
2014-04-14
|
|
Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
|
9 |
WEB
|
Jan Kadijk
|
|
2014-04-14
|
|
Xangati - '/servlet/Installer?file' Directory Traversal
|
10 |
WEB
|
Jan Kadijk
|
|
2014-04-14
|
|
Xangati - '/servlet/MGConfigData' Multiple Directory Traversals
|
8 |
WEB
|
Jan Kadijk
|
|
2014-04-09
|
|
eazyCMS - 'index.php' SQL Injection
|
8 |
WEB
|
Renzi
|
|
2014-04-08
|
|
Joomla! Component Inneradmission - 'index.php' SQL Injection
|
8 |
WEB
|
Lazmania61
|
|
2014-04-05
|
|
PHPFox - Access Control Security Bypass
|
10 |
WEB
|
Wesley Henrique
|
|
2014-03-31
|
|
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
|
11 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-24
|
|
Symphony 2.2.4 - Cross-Site Request Forgery
|
10 |
WEB
|
High-Tech Bridge
|
|
2014-03-23
|
|
WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload
|
7 |
WEB
|
CaFc Versace
|
|
2015-12-30
|
|
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
|
9 |
WEB
|
Kacper Szurek
|
|
2014-03-26
|
|
Beheer Systeem - 'pbs.cgi' Remote Command Execution
|
8 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-26
|
|
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
|
9 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-25
|
|
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
|
8 |
WEB
|
Gjoko Krstic
|
|
2014-02-21
|
|
Jorjweb - 'id' SQL Injection
|
10 |
WEB
|
Vulnerability Laboratory
|
|
2014-03-21
|
|
innoEDIT - 'innoedit.cgi' Remote Command Execution
|
10 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-19
|
|
BigACE 2.7.5 - 'LANGUAGE' Directory Traversal
|
10 |
WEB
|
Hossein Hezami
|
|
2014-03-10
|
|
MeiuPic 2.1.2 - 'ctl' Local File Inclusion
|
7 |
WEB
|
Dr.3v1l
|
|
2014-03-17
|
|
osCMax 2.5 - Cross-Site Request Forgery
|
12 |
WEB
|
TUNISIAN CYBER
|
|
2014-03-15
|
|
OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities
|
11 |
WEB
|
Mahmoud Ghorbanzadeh
|
|
2014-03-19
|
|
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections
|
10 |
WEB
|
Claepo Wang
|
|
2014-03-08
|
|
Professional Designer E-Store - 'id' Multiple SQL Injections
|
9 |
WEB
|
Nawaf Alkeraithe
|
|
2014-03-06
|
|
WordPress Plugin Premium Gallery Manager - Arbitrary File Upload
|
6 |
WEB
|
eX-Sh1Ne
|
|
2014-03-05
|
|
Cory Jobs Search - 'cid' SQL Injection
|
7 |
WEB
|
Slotleet
|
|
2014-03-04
|
|
WordPress Plugin Relevanssi - 'category_name' SQL Injection
|
8 |
WEB
|
anonymous
|
|
2014-02-26
|
|
POSH 3.1.x - 'addtoapplication.php' SQL Injection
|
7 |
WEB
|
Anthony BAUBE
|
|
2014-02-22
|
|
ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
8 |
WEB
|
HauntIT
|
|
2014-02-22
|
|
eshtery CMS - 'FileManager.aspx' Local File Disclosure
|
9 |
WEB
|
peng.deng
|
|
2014-02-18
|
|
MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload
|
10 |
WEB
|
TUNISIAN CYBER
|
|
2014-02-19
|
|
WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal
|
7 |
WEB
|
Tom Adams
|
|
2014-02-12
|
|
Rhino - Cross-Site Scripting / Password Reset
|
8 |
WEB
|
Slotleet
|
|
2014-02-17
|
|
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
|
10 |
WEB
|
MR.XpR
|
|
2014-02-17
|
|
i-doit Pro - 'objID' SQL Injection
|
10 |
WEB
|
Stephan Rickauer
|
|
2015-12-24
|
|
Rips Scanner 0.5 - 'code.php' Local File Inclusion
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-24
|
|
Beezfud - Remote Code Execution
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-02-05
|
|
WordPress Theme Kiddo - Arbitrary File Upload
|
10 |
WEB
|
TUNISIAN CYBER
|
|
2013-12-13
|
|
Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload
|
11 |
WEB
|
Yuri Kramarz
|
|
2014-02-05
|
|
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
|
8 |
WEB
|
TUNISIAN CYBER
|
|
2015-12-23
|
|
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
|
9 |
WEB
|
Curesec Research Team
|
|
2015-12-23
|
|
Arastta 1.1.5 - SQL Injection
|
7 |
WEB
|
Curesec Research Team
|
