|
2012-05-10
|
|
Chevereto 1.91 - '/Upload/engine.php?v' Traversal Arbitrary File Enumeration
|
2 |
WEB
|
AkaStep
|
|
2012-05-10
|
|
Chevereto 1.91 - '/Upload/engine.php?v' Cross-Site Scripting
|
2 |
WEB
|
AkaStep
|
|
2012-05-09
|
|
PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-09
|
|
OrangeHRM 2.7 RC - 'index.php?URI' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-09
|
|
OrangeHRM 2.7 RC - '/templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-09
|
|
OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting
|
1 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-09
|
|
OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?hspSummaryId' SQL Injection
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-08
|
|
PHP Enter 4.1.2 - 'banners.php' PHP Code Injection
|
2 |
WEB
|
L3b-r1'z
|
|
2012-05-07
|
|
JibberBook 2.3 - 'Login_form.php' Authentication Bypass
|
2 |
WEB
|
L3b-r1'z
|
|
2012-05-07
|
|
Ramui Forum Script - 'query' Cross-Site Scripting
|
2 |
WEB
|
3spi0n
|
|
2012-05-06
|
|
Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 - 'kw.dll' HTML Injection
|
2 |
WEB
|
phocean
|
|
2012-05-07
|
|
Trombinoscope 3.x - 'photo.php' Server SQL Injection
|
2 |
WEB
|
Ramdan Yantu
|
|
2012-05-02
|
|
iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting
|
2 |
WEB
|
Usman Saeed
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution
|
3 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'index.php?page' Cross-Site Scripting
|
3 |
WEB
|
AkaStep
|
|
2015-05-27
|
|
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting
|
2 |
WEB
|
Panagiotis Vagenas
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'main.php' Multiple Cross-Site Request Forgery Vulnerabilities
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosures
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'filemanagement.php?f' Traversal Arbitrary File Access
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'sql.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'install.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'install.php?language' Traversal Arbitrary File Access
|
2 |
WEB
|
AkaStep
|
|
2012-04-27
|
|
MySQLDumper 1.24.4 - 'restore.php?Filename' Cross-Site Scripting
|
2 |
WEB
|
AkaStep
|
|
2012-04-30
|
|
WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting
|
2 |
WEB
|
Am!r
|
|
2012-04-28
|
|
Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' SQL Injection
|
2 |
WEB
|
eidelweiss
|
|
2012-04-27
|
|
BBSXP CMS - Multiple SQL Injections
|
2 |
WEB
|
Farbod Mahini
|
|
2012-04-27
|
|
Uiga FanClub - 'p' SQL Injection
|
2 |
WEB
|
Farbod Mahini
|
|
2012-04-27
|
|
XM Forum - 'id' Multiple SQL Injections
|
3 |
WEB
|
Farbod Mahini
|
|
2012-04-27
|
|
SKYUC 3.2.1 - 'encode' Cross-Site Scripting
|
2 |
WEB
|
farbodmahini
|
|
2012-04-29
|
|
Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities
|
2 |
WEB
|
Chokri Ben Achor
|
|
2012-04-27
|
|
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
|
2 |
WEB
|
Mehmet Ince
|
|
2015-05-26
|
|
ClickHeat 1.13+ - Remote Command Execution
|
2 |
WEB
|
Calum Hutton
|
|
2015-05-26
|
|
Sendio ESP - Information Disclosure
|
2 |
WEB
|
Core Security
|
|
2015-05-26
|
|
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
|
2 |
WEB
|
woodspeed
|
|
2015-05-26
|
|
WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting
|
2 |
WEB
|
woodspeed
|
|
2015-05-26
|
|
WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution
|
2 |
WEB
|
woodspeed
|
|
2015-05-26
|
|
Apache JackRabbit - WebDAV XML External Entity
|
2 |
WEB
|
Mikhail Egorov
|
|
2015-05-26
|
|
WordPress Plugin GigPress 2.3.8 - SQL Injection
|
2 |
WEB
|
Adrián M. F.
|
|
2015-05-26
|
|
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities
|
2 |
WEB
|
Adrián M. F.
|
|
2015-05-26
|
|
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
|
2 |
WEB
|
Adrián M. F.
|
|
2015-05-26
|
|
WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay
|
3 |
WEB
|
Claudio Viviani
|
|
2012-04-26
|
|
Quick.CMS 4.0 - 'p' Cross-Site Scripting
|
2 |
WEB
|
Jakub Galczyk
|
|
2012-04-26
|
|
gpEasy 2.3.3 - 'jsoncallback' Cross-Site Scripting
|
2 |
WEB
|
Jakub Galczyk
|
|
2012-04-26
|
|
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
|
2 |
WEB
|
Jakub Galczyk
|
|
2012-04-24
|
|
Joomla! Component com_videogallery - Local File Inclusion / SQL Injection
|
2 |
WEB
|
KedAns-Dz
|
|
2012-04-23
|
|
Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection
|
2 |
WEB
|
E1nzte1N
|
|
2012-04-20
|
|
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
|
2 |
WEB
|
TheCyberNuxbie
|
|
2012-04-20
|
|
Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities
|
2 |
WEB
|
Gjoko Krstic
|
|
2012-04-20
|
|
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
|
2 |
WEB
|
sonyy
|
|
2012-04-18
|
|
ownCloud 3.0.0 - 'index.php?redirect_url' Arbitrary Site Redirect
|
3 |
WEB
|
Tobias Glemser
|
|
2012-04-18
|
|
XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Cross-Site Script
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-18
|
|
XOOPS 2.5.4 - '/modules/pm/pmlite.php?to_userid' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-17
|
|
Acuity CMS 2.6.2 - 'Username' Cross-Site Scripting
|
2 |
WEB
|
Aung Khant
|
|
2012-04-17
|
|
Joomla! Component JA T3 Framework - Directory Traversal
|
2 |
WEB
|
indoushka
|
|
2012-04-17
|
|
TeamPass 2.1.5 - 'login' HTML Injection
|
3 |
WEB
|
Marcos Garcia
|
|
2012-04-16
|
|
WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Ryuzaki Lawlet
|
|
2012-04-15
|
|
Seditio CMS 165 - 'plug.php' SQL Injection
|
4 |
WEB
|
AkaStep
|
|
2012-04-13
|
|
Munin 2.0~rc4-1 - Remote Command Injection
|
3 |
WEB
|
Helmut Grohne
|
|
2012-04-16
|
|
Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Aung Khant
|
|
2012-04-16
|
|
Bioly 1.3 - '/index.php' Cross-Site Scripting / SQL Injection
|
3 |
WEB
|
T0xic
|
|
2015-05-21
|
|
WordPress Plugin WP Symposium 15.1 - '&show=' SQL Injection
|
4 |
WEB
|
Hannes Trunde
|
|
2015-05-21
|
|
Forma LMS 1.3 - Multiple SQL Injections
|
3 |
WEB
|
Filippo Roncari
|
|
2012-04-11
|
|
WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting V
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-11
|
|
WordPress Plugin All-in-One Event Calendar 1.4 - 'save_successful.php?msg' Cross-Site Scripting
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-11
|
|
WordPress Plugin All-in-One Event Calendar 1.4 - 'box_publish_button.php?button_value' Cross-Site Sc
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-11
|
|
WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget-form.php?title' Cross-Site Scripting
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2015-05-21
|
|
WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities
|
3 |
WEB
|
Panagiotis Vagenas
|
|
2012-04-11
|
|
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
3 |
WEB
|
LiquidWorm
|
|
2012-04-10
|
|
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections
|
3 |
WEB
|
Chokri B.A
|
|
2012-04-09
|
|
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
|
3 |
WEB
|
wacky
|
|
2012-04-06
|
|
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
waraxe
|
|
2015-05-20
|
|
WordPress Plugin FeedWordPress 2015.0426 - SQL Injection
|
3 |
WEB
|
Adrián M. F.
|
|
2012-04-05
|
|
WordPress Plugin TagGator - 'tagid' SQL Injection
|
2 |
WEB
|
Am!r
|
|
2012-04-04
|
|
vBulletin 4.1.10 - 'announcementid' SQL Injection
|
2 |
WEB
|
Am!r
|
|
2015-05-18
|
|
ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery
|
2 |
WEB
|
Akash S. Chavan
|
|
2015-05-18
|
|
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
|
2 |
WEB
|
Vulnerability-Lab
|
|
2015-05-18
|
|
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
|
2 |
WEB
|
Vulnerability-Lab
|
|
2015-05-18
|
|
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
|
2 |
WEB
|
Filippo Roncari
|
|
2015-05-18
|
|
ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal
|
2 |
WEB
|
pandujar
|
|
2015-05-18
|
|
Chronosite 5.12 - SQL Injection
|
2 |
WEB
|
Wadeek
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/stats_monthly_sales.php?status' SQL Injection
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/login.php?Username' SQL Injection
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/new_attributes_include.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/geo_zones.php?zID' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/information_manager.php?information_id' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/stats_customers.php?sorted' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/stats_monthly_sales.php?status' Cross-Site Scripting
|
1 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/stats_products_purchased.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/xsell.php?search' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/htaccess.php' Multiple Cross-Site Scripting Vulnerabilities
|
1 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-04
|
|
osCMax 2.5 - '/admin/login.php?Username' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-01
|
|
FlatnuX CMS - Cross-Site Request Forgery (Add Admin)
|
3 |
WEB
|
Vulnerability Laboratory
|
|
2012-04-01
|
|
FlatnuX CMS - Traversal Arbitrary File Access
|
3 |
WEB
|
Vulnerability Laboratory
|
|
2012-04-02
|
|
JBMC Software DirectAdmin 1.403 - 'domain' Cross-Site Scripting
|
3 |
WEB
|
Dawid Golak
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
|
2 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting
|
2 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting
|
4 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-04-01
|
|
ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-03-30
|
|
JamWiki 1.1.5 - 'num' Cross-Site Scripting
|
2 |
WEB
|
Sooraj K.S
|
|
2012-03-29
|
|
Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting
|
2 |
WEB
|
Am!r
|
|
2012-03-30
|
|
e107 1.0 - 'view' SQL Injection
|
2 |
WEB
|
Am!r
|
|
2012-03-30
|
|
PHP Designer 2007 Personal - Multiple SQL Injections
|
2 |
WEB
|
MR.XpR
|
|
2012-03-29
|
|
EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
|
1 |
WEB
|
Yann MICHARD
|
|
2012-03-29
|
|
EasyPHP - 'main.php' SQL Injection
|
2 |
WEB
|
Skote Vahshat
|
|
2012-03-28
|
|
ocPortal 7.1.5 - 'code_editor.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
High-Tech Bridge
|
|
2012-03-28
|
|
TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion
|
2 |
WEB
|
Canberk BOLAT
|
|
2013-03-27
|
|
MyBB 1.6.6 - 'index.php?conditions[usergroup][]' Cross-Site Scripting
|
2 |
WEB
|
Aditya Modha
|
|
2013-03-27
|
|
MyBB 1.6.6 - 'index.php?conditions[usergroup][]' SQL Injection
|
2 |
WEB
|
Aditya Modha
|
|
2012-03-28
|
|
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting
|
2 |
WEB
|
sonyy
|
|
2012-03-28
|
|
WordPress Plugin Integrator 1.32 - 'redirect_to' Cross-Site Scripting
|
2 |
WEB
|
Stefan Schurtz
|
|
2012-03-27
|
|
Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
demonalex
|
|
2012-03-27
|
|
NextBBS 0.6 - 'index.php?do' Cross-Site Scripting
|
2 |
WEB
|
waraxe
|
|
2012-03-27
|
|
NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections
|
1 |
WEB
|
waraxe
|
|
2012-03-27
|
|
Geeklog 1.8.1 - 'index.php' SQL Injection
|
2 |
WEB
|
HELLBOY
|
|
2012-03-25
|
|
Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting
|
3 |
WEB
|
Crim3R
|
|
2012-03-23
|
|
Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload
|
2 |
WEB
|
voidloafer
|
|
2012-03-24
|
|
Event Calendar PHP - 'cal_year' Cross-Site Scripting
|
2 |
WEB
|
3spi0n
|
|
2012-03-21
|
|
Minify 2.1.x - 'g' Cross-Site Scripting
|
2 |
WEB
|
Ayoub Aboukir
|
|
2015-05-13
|
|
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
|
2 |
WEB
|
Wadeek
|
|
2015-05-13
|
|
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
|
2 |
WEB
|
i0akiN SEC-LABORATORY
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation
|
2 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload
|
2 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()'
|
2 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
|
1 |
WEB
|
High-Tech Bridge
|
|
2012-03-21
|
|
CMSimple 3.3 - 'index.php' Cross-Site Scripting
|
3 |
WEB
|
Stefan Schurtz
|
