|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Ma
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2015-12-15
|
|
Tequila File Hosting 1.5 - Multiple Vulnerabilities
|
3 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-15
|
|
Ovidentia absences Module 2.64 - Remote File Inclusion
|
1 |
WEB
|
bd0rk
|
|
2015-12-15
|
|
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
|
3 |
WEB
|
Sec-1
|
|
2015-12-14
|
|
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Polycom VVX-Series Business Media Phones - Directory Traversal
|
3 |
WEB
|
Jake Reynolds
|
|
2015-12-14
|
|
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
|
4 |
WEB
|
Kacper Szurek
|
|
2015-12-14
|
|
ECommerceMajor - 'productdtl.php?prodid' SQL Injection
|
1 |
WEB
|
Rahul Pratap Singh
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Cre
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forger
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Reque
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
|
2 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
|
3 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
|
3 |
WEB
|
TUNISIAN CYBER
|
|
2013-10-03
|
|
SPAMINA Cloud Email Firewall - Directory Traversal
|
3 |
WEB
|
Sisco Barrera
|
|
2015-12-12
|
|
GoAutoDial CE 3.3 - Multiple SQL Injections / Command Injection
|
3 |
WEB
|
R-73eN
|
|
2013-12-24
|
|
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
|
3 |
WEB
|
TUNISIAN CYBER
|
|
2013-12-30
|
|
WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
|
2 |
WEB
|
Henri Salo
|
|
2013-12-30
|
|
CMS Afroditi - 'id' SQL Injection
|
3 |
WEB
|
projectzero labs
|
|
2015-12-10
|
|
Skybox Platform < 7.0.611 - Multiple Vulnerabilities
|
4 |
WEB
|
SEC Consult
|
|
2015-12-10
|
|
Gökhan Balbal Script 2.0 - Cross-Site Request Forgery
|
3 |
WEB
|
KnocKout
|
|
2015-12-10
|
|
iy10 Dizin Scripti - Multiple Vulnerabilities
|
4 |
WEB
|
KnocKout
|
|
2013-12-17
|
|
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
|
4 |
WEB
|
MustLive
|
|
2013-12-25
|
|
AFCommerce - 'controlheader.php' Remote File Inclusion
|
4 |
WEB
|
NoGe
|
|
2013-12-25
|
|
AFCommerce - 'adminpassword.php' Remote File Inclusion
|
4 |
WEB
|
NoGe
|
|
2013-12-25
|
|
AFCommerce - 'adblock.php' Remote File Inclusion
|
3 |
WEB
|
NoGe
|
|
2013-12-26
|
|
JForum 'adminUsers' Module - Cross-Site Request Forgery
|
4 |
WEB
|
arno
|
|
2015-12-09
|
|
WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
|
4 |
WEB
|
Mysticism
|
|
2015-12-09
|
|
WIMAX MT711x - Multiple Vulnerabilities
|
4 |
WEB
|
alimp5
|
|
2015-12-09
|
|
WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities
|
3 |
WEB
|
alimp5
|
|
2013-12-18
|
|
Leed - 'id' SQL Injection
|
4 |
WEB
|
Alexandre Herzog
|
|
2013-12-14
|
|
Osclass - Multiple Input Validation Vulnerabilities
|
3 |
WEB
|
R3d-D3V!L
|
|
2015-12-08
|
|
dotCMS 3.2.4 - Multiple Vulnerabilities
|
3 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
WordPress Plugin Polls Widget 1.0.7 - SQL Injection
|
3 |
WEB
|
WICS
|
|
2015-12-08
|
|
PHP Utility Belt - Remote Code Execution
|
5 |
WEB
|
WICS
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Local File Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - Expression Language Injection
|
2 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
OpenMRS 2.3 (1.11.4) - XML External Entity Processing
|
3 |
WEB
|
LiquidWorm
|
|
2015-12-08
|
|
SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities
|
3 |
WEB
|
HaHwul
|
|
2013-12-15
|
|
iScripts AutoHoster - 'id' Local File Inclusion
|
3 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'fname' Local File Inclusion
|
4 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'tmpid' Local File Inclusion
|
2 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'main_smtp.php' Traversal
|
3 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'invno' SQL Injection
|
3 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'additionalsettings.php' SQL Injection
|
3 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection
|
3 |
WEB
|
i-Hmx
|
|
2013-12-15
|
|
iScripts AutoHoster - 'checktransferstatus.php' SQL Injection
|
4 |
WEB
|
i-Hmx
|
|
2013-12-13
|
|
Dynamic Biz Website Builder 'QuickWeb' 1.0 - '/login.asp' Multiple Field SQL Injections / Authentica
|
3 |
WEB
|
R3d-D3V!L
|
|
2013-12-13
|
|
Dynamic Biz Website Builder (QuickWeb) 1.0 - '/apps/news-events/newdetail.asp?id' SQL Injection
|
3 |
WEB
|
R3d-D3V!L
|
|
2013-12-17
|
|
Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)
|
3 |
WEB
|
sajith
|
|
2013-12-11
|
|
Veno File Manager - 'q' Arbitrary File Download
|
2 |
WEB
|
Daniel Godoy
|
|
2013-12-14
|
|
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
|
2 |
WEB
|
R3d-D3V!L
|
|
2013-12-16
|
|
C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)
|
3 |
WEB
|
R3d-D3V!L
|
|
2013-12-16
|
|
C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp?pa' SQL Injection
|
3 |
WEB
|
R3d-D3V!L
|
|
2013-12-09
|
|
osCMax - Arbitrary File Upload / Full Path Information Disclosure
|
3 |
WEB
|
KedAns-Dz
|
|
2013-12-13
|
|
BoastMachine - 'blog' SQL Injection
|
3 |
WEB
|
Omar Kurt
|
|
2013-12-11
|
|
eduTrac - 'showmask' Directory Traversal
|
2 |
WEB
|
High-Tech Bridge
|
|
2013-12-08
|
|
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
|
2 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-12-06
|
|
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
|
2 |
WEB
|
Iranian_Dark_Coders_Team
|
|
2015-12-04
|
|
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities
|
2 |
WEB
|
KedAns-Dz
|
|
2015-12-04
|
|
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
|
2 |
WEB
|
KedAns-Dz
|
|
2015-12-04
|
|
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
|
2 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill 0.9-alpha - 'language' Local File Inclusion
|
2 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill - '/install/include/solidstate.php' Multiple SQL Injections
|
1 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution
|
3 |
WEB
|
KedAns-Dz
|
|
2013-12-06
|
|
Enorth Webpublisher CMS - 'thisday' SQL Injection
|
3 |
WEB
|
xin.wang
|
|
2015-12-03
|
|
WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion
|
5 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-03
|
|
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Panagiotis Vagenas
|
|
2015-12-03
|
|
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
|
3 |
WEB
|
Panagiotis Vagenas
|
|
2013-12-02
|
|
D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure
|
3 |
WEB
|
tytusromekiatomek
|
|
2013-12-01
|
|
PHPThumb - 'PHPThumb.php' Arbitrary File Upload
|
4 |
WEB
|
DevilScreaM
|
|
2013-11-20
|
|
WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload
|
1 |
WEB
|
DevilScreaM
|
|
2013-11-23
|
|
WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery
|
5 |
WEB
|
Haider Mahmood
|
|
2013-11-18
|
|
TomatoCart 1.1.8.2 - 'class' Local File Inclusion
|
3 |
WEB
|
Esac
|
|
2013-11-13
|
|
Testa OTMS - Multiple SQL Injections
|
3 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-01
|
|
ZenPhoto 1.4.10 - Local File Inclusion
|
3 |
WEB
|
hyp3rlinx
|
|
2015-12-01
|
|
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
|
3 |
WEB
|
Rahul Pratap Singh
|
|
2015-12-01
|
|
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting
|
4 |
WEB
|
Mehdi Alouache
|
|
2015-12-01
|
|
ntop-ng 2.0.151021 - Privilege Escalation
|
3 |
WEB
|
Dolev Farhi
|
|
2015-12-01
|
|
Kodi 15 - Web Interface Arbitrary File Access
|
3 |
WEB
|
Machiel Pronk
|
|
2015-11-30
|
|
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
|
2 |
WEB
|
LSE Leading Security Experts GmbH
|
|
2015-11-30
|
|
MyCustomers CMS 1.3.873 - SQL Injection
|
4 |
WEB
|
Persian Hack Team
|
|
2013-11-17
|
|
Limonade Framework - 'limonade.php' Local File Disclosure
|
5 |
WEB
|
Yashar shahinzadeh
|
|
2015-11-28
|
|
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)
|
4 |
WEB
|
hland
|
|
2013-11-01
|
|
WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload
|
4 |
WEB
|
Bet0
|
|
2013-10-21
|
|
Course Registration Management System - Cross-Site Scripting / SQL Injection
|
5 |
WEB
|
Omar Kurt
|
|
2013-10-25
|
|
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
|
3 |
WEB
|
Poonam Singh
|
|
2013-10-20
|
|
Joomla! Component Maian15 - 'name' Arbitrary File Upload
|
4 |
WEB
|
SultanHaikal
|
|
2013-10-23
|
|
WordPress Theme Daily Deal - Arbitrary File Upload
|
5 |
WEB
|
DevilScreaM
|
|
2013-10-08
|
|
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
|
3 |
WEB
|
Napsterakos
|
|
2013-10-09
|
|
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
|
3 |
WEB
|
Mateusz Goik
|
|
2013-10-09
|
|
Bugzilla - 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Mateusz Goik
|
|
2015-11-24
|
|
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Pier-Luc Maltais
|
|
2013-09-27
|
|
FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Sarahma Security
|
|
2013-09-27
|
|
FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection
|
1 |
WEB
|
Sarahma Security
|
|
2013-10-11
|
|
Bilboplanet - 'auth.php' SQL Injection
|
2 |
WEB
|
Omar Kurt
|
|
2015-11-23
|
|
vBulletin 5.x - Remote Code Execution
|
4 |
WEB
|
Mohammad Reza Espargham
|
|
2013-10-10
|
|
Ziteman CMS - Login Page SQL Injection
|
2 |
WEB
|
Ashiyane Digital Security Team
|
|
2013-10-13
|
|
vBulletin 4.1.x - '/install/upgrade.php' Security Bypass
|
2 |
WEB
|
Joshua Rogers
|
|
2013-10-08
|
|
Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal
|
3 |
WEB
|
Ding Yu-Chi
|
|
2013-10-07
|
|
WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution
|
3 |
WEB
|
wantexz
|
|
2013-10-03
|
|
WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution
|
3 |
WEB
|
wantexz
|
|
2013-10-02
|
|
Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections
|
3 |
WEB
|
Yu-Chi Ding
|
|
2013-09-23
|
|
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
|
3 |
WEB
|
Benjamin Kunz Mejri
|
|
2013-09-21
|
|
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
|
3 |
WEB
|
SixP4ck3r
|
|
2015-11-20
|
|
Cambium ePMP 1000 - Multiple Vulnerabilities
|
3 |
WEB
|
Karn Ganeshen
|
|
2015-11-20
|
|
ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
|
3 |
WEB
|
Karn Ganeshen
|
|
2015-11-20
|
|
ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
|
3 |
WEB
|
Karn Ganeshen
|
|
2013-09-20
|
|
MentalJS - Sandbox Security Bypass
|
3 |
WEB
|
Rafay Baloch
|
|
2013-09-20
|
|
Monstra CMS 1.2.0 - 'login' SQL Injection
|
3 |
WEB
|
linc0ln.dll
|
|
2013-09-19
|
|
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
|
3 |
WEB
|
MustLive
|
