|
2015-12-23
|
|
Grawlix 1.0.3 - Cross-Site Request Forgery
|
7 |
WEB
|
Curesec Research Team
|
|
2015-12-23
|
|
Bigware Shop 2.3.01 - Multiple Local File Inclusions
|
7 |
WEB
|
bd0rk
|
|
2013-03-25
|
|
Atmail WebMail - 'INBOX.Trash?mailId' Reflected Cross-Site Scripting
|
9 |
WEB
|
Vicente Aguilera Diaz
|
|
2013-03-25
|
|
Atmail WebMail - 'searchResultsTab5?filter' Reflected Cross-Site Scripting
|
8 |
WEB
|
Vicente Aguilera Diaz
|
|
2013-03-25
|
|
Atmail WebMail - Message Attachment File Name Reflected Cross-Site Scripting
|
8 |
WEB
|
Vicente Aguilera Diaz
|
|
2014-01-22
|
|
Web Video Streamer - Multiple Vulnerabilities
|
8 |
WEB
|
Eric Sesterhenn
|
|
2015-12-21
|
|
Ovidentia Widgets 1.0.61 - Remote Command Execution
|
9 |
WEB
|
bd0rk
|
|
2015-12-21
|
|
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion
|
9 |
WEB
|
bd0rk
|
|
2014-01-28
|
|
Eventum 2.3.4 - 'hostname' Remote Code Execution
|
9 |
WEB
|
High-Tech Bridge
|
|
2014-01-27
|
|
Eventum - Insecure File Permissions
|
8 |
WEB
|
High-Tech Bridge
|
|
2014-01-24
|
|
Maian Uploader 4.0 - Multiple Vulnerabilities
|
9 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
WordPress Plugin WP E-Commerce - Multiple Vulnerabilities
|
7 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
ZenPhoto - SQL Injection
|
7 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
XOS Shop - 'goto' SQL Injection
|
7 |
WEB
|
JoKeR_StEx
|
|
2014-01-18
|
|
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
|
9 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-01-21
|
|
Imageview - 'upload.php' Arbitrary File Upload
|
8 |
WEB
|
TUNISIAN CYBER
|
|
2014-01-13
|
|
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections
|
7 |
WEB
|
Rohan Stelling
|
|
2015-12-18
|
|
pfSense 2.2.5 - Directory Traversal
|
8 |
WEB
|
R-73eN
|
|
2015-12-18
|
|
Ovidentia maillist Module 4.0 - Remote File Inclusion
|
7 |
WEB
|
bd0rk
|
|
2015-12-18
|
|
Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution
|
7 |
WEB
|
Andrew McNicol
|
|
2014-01-17
|
|
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-16
|
|
Joomla! Component Sexy polling 1.0.8 - 'answer_id' SQL Injection
|
7 |
WEB
|
High-Tech Bridge
|
|
2015-12-17
|
|
Zen Cart 1.5.4 - Local File Inclusion
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2014-01-10
|
|
Joomla! Component Almond Classifieds - Arbitrary File Upload
|
9 |
WEB
|
DevilScreaM
|
|
2014-01-14
|
|
Atmail Webmail Server - Email Body HTML Injection
|
7 |
WEB
|
Zhao Liang
|
|
2014-01-08
|
|
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
UAEPD Shopping Script - 'news.php?id' SQL Injection
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
UAEPD Shopping Script - 'products.php' Multiple SQL Injections
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2015-12-16
|
|
Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion
|
9 |
WEB
|
bd0rk
|
|
2015-12-15
|
|
ArticleSetup Article Script 1.00 - SQL Injection
|
11 |
WEB
|
Linux Zone Research Team
|
|
2015-12-15
|
|
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions
|
10 |
WEB
|
bd0rk
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Di
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Ma
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2015-12-15
|
|
Tequila File Hosting 1.5 - Multiple Vulnerabilities
|
10 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-15
|
|
Ovidentia absences Module 2.64 - Remote File Inclusion
|
9 |
WEB
|
bd0rk
|
|
2015-12-15
|
|
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
|
12 |
WEB
|
Sec-1
|
|
2015-12-14
|
|
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
|
13 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Polycom VVX-Series Business Media Phones - Directory Traversal
|
12 |
WEB
|
Jake Reynolds
|
|
2015-12-14
|
|
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
|
16 |
WEB
|
Kacper Szurek
|
|
2015-12-14
|
|
ECommerceMajor - 'productdtl.php?prodid' SQL Injection
|
9 |
WEB
|
Rahul Pratap Singh
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Cre
|
11 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forger
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Reque
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
|
7 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
|
10 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
|
9 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
|
9 |
WEB
|
TUNISIAN CYBER
|
|
2013-10-03
|
|
SPAMINA Cloud Email Firewall - Directory Traversal
|
11 |
WEB
|
Sisco Barrera
|
|
2015-12-12
|
|
GoAutoDial CE 3.3 - Multiple SQL Injections / Command Injection
|
12 |
WEB
|
R-73eN
|
|
2013-12-24
|
|
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
|
11 |
WEB
|
TUNISIAN CYBER
|
|
2013-12-30
|
|
WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
|
10 |
WEB
|
Henri Salo
|
|
2013-12-30
|
|
CMS Afroditi - 'id' SQL Injection
|
12 |
WEB
|
projectzero labs
|
|
2015-12-10
|
|
Skybox Platform < 7.0.611 - Multiple Vulnerabilities
|
15 |
WEB
|
SEC Consult
|
|
2015-12-10
|
|
Gökhan Balbal Script 2.0 - Cross-Site Request Forgery
|
14 |
WEB
|
KnocKout
|
|
2015-12-10
|
|
iy10 Dizin Scripti - Multiple Vulnerabilities
|
14 |
WEB
|
KnocKout
|
|
2013-12-17
|
|
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
|
13 |
WEB
|
MustLive
|
|
2013-12-25
|
|
AFCommerce - 'controlheader.php' Remote File Inclusion
|
15 |
WEB
|
NoGe
|
|
2013-12-25
|
|
AFCommerce - 'adminpassword.php' Remote File Inclusion
|
11 |
WEB
|
NoGe
|
|
2013-12-25
|
|
AFCommerce - 'adblock.php' Remote File Inclusion
|
13 |
WEB
|
NoGe
|
|
2013-12-26
|
|
JForum 'adminUsers' Module - Cross-Site Request Forgery
|
15 |
WEB
|
arno
|
|
2015-12-09
|
|
WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
|
11 |
WEB
|
Mysticism
|
|
2015-12-09
|
|
WIMAX MT711x - Multiple Vulnerabilities
|
12 |
WEB
|
alimp5
|
|
2015-12-09
|
|
WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities
|
12 |
WEB
|
alimp5
|
|
2013-12-18
|
|
Leed - 'id' SQL Injection
|
14 |
WEB
|
Alexandre Herzog
|
|
2013-12-14
|
|
Osclass - Multiple Input Validation Vulnerabilities
|
11 |
WEB
|
R3d-D3V!L
|
|
2015-12-08
|
|
dotCMS 3.2.4 - Multiple Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
WordPress Plugin Polls Widget 1.0.7 - SQL Injection
|
11 |
WEB
|
WICS
|
|
2015-12-08
|
|
PHP Utility Belt - Remote Code Execution
|
13 |
WEB
|
WICS
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Local File Disclosure
|
13 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Expression Language Injection
|
9 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - XML External Entity Processing
|
11 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities
|
11 |
WEB
|
HaHwul
|
|
2013-12-15
|
|
iScripts AutoHoster - 'id' Local File Inclusion
|
9 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'fname' Local File Inclusion
|
12 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'tmpid' Local File Inclusion
|
10 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'main_smtp.php' Traversal
|
11 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'invno' SQL Injection
|
11 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'additionalsettings.php' SQL Injection
|
9 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection
|
11 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'checktransferstatus.php' SQL Injection
|
10 |
WEB
|
i-Hmx
|
|
2013-12-13
|
|
Dynamic Biz Website Builder 'QuickWeb' 1.0 - '/login.asp' Multiple Field SQL Injections / Authentica
|
12 |
WEB
|
R3d-D3V!L
|
|
2013-12-13
|
|
Dynamic Biz Website Builder (QuickWeb) 1.0 - '/apps/news-events/newdetail.asp?id' SQL Injection
|
11 |
WEB
|
R3d-D3V!L
|
|
2013-12-17
|
|
Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)
|
10 |
WEB
|
sajith
|
|
2013-12-11
|
|
Veno File Manager - 'q' Arbitrary File Download
|
9 |
WEB
|
Daniel Godoy
|
|
2013-12-14
|
|
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
|
11 |
WEB
|
R3d-D3V!L
|
|
2013-12-16
|
|
C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)
|
9 |
WEB
|
R3d-D3V!L
|
|
2013-12-16
|
|
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp?pa' SQL Injection
|
8 |
WEB
|
R3d-D3V!L
|
|
2013-12-09
|
|
osCMax - Arbitrary File Upload / Full Path Information Disclosure
|
9 |
WEB
|
KedAns-Dz
|
|
2013-12-13
|
|
BoastMachine - 'blog' SQL Injection
|
10 |
WEB
|
Omar Kurt
|
|
2013-12-11
|
|
eduTrac - 'showmask' Directory Traversal
|
9 |
WEB
|
High-Tech Bridge
|
|
2013-12-08
|
|
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
|
7 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-12-06
|
|
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
|
8 |
WEB
|
Iranian_Dark_Coders_Team
|
|
2015-12-04
|
|
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities
|
8 |
WEB
|
KedAns-Dz
|
|
2015-12-04
|
|
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
|
9 |
WEB
|
KedAns-Dz
|
|
2015-12-04
|
|
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
|
8 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill 0.9-alpha - 'language' Local File Inclusion
|
7 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill - '/install/include/solidstate.php' Multiple SQL Injections
|
6 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution
|
9 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
Enorth Webpublisher CMS - 'thisday' SQL Injection
|
9 |
WEB
|
xin.wang
|
|
2015-12-03
|
|
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-03
|
|
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Panagiotis Vagenas
|
|
2015-12-03
|
|
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
|
9 |
WEB
|
Panagiotis Vagenas
|
|
2013-12-02
|
|
D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure
|
9 |
WEB
|
tytusromekiatomek
|
|
2013-12-01
|
|
PHPThumb - 'PHPThumb.php' Arbitrary File Upload
|
14 |
WEB
|
DevilScreaM
|
|
2013-11-20
|
|
WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload
|
9 |
WEB
|
DevilScreaM
|
|
2013-11-23
|
|
WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery
|
13 |
WEB
|
Haider Mahmood
|
|
2013-11-18
|
|
TomatoCart 1.1.8.2 - 'class' Local File Inclusion
|
8 |
WEB
|
Esac
|
|
2013-11-13
|
|
Testa OTMS - Multiple SQL Injections
|
9 |
WEB
|
Ashiyane Digital Security Team
|
