Exploit - ┌vod  Remote Exploint  Web Applications  Local&Privilege Escalation  DoS & PoC  ShellCode  Exploit  Exploit program  Exploit techniky  Exploint kit  Typy Exploit¨

Web Applications

 

2019-10-11 WordPress Arforms 3.7.1 - Directory Traversal WebApps PHP
2019-10-11 Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting WebApps Hardware
2019-10-11 National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation Local Windows
2019-10-10 Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File DoS Windows
2019-10-10 Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File DoS Windows
2019-10-10 Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File DoS Windows
2019-10-10 Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File DoS Windows
2019-10-10 Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File DoS Windows
2019-10-10 Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter DoS Windows
2019-10-10 TP-Link TL-WR1043ND 2 - Authentication Bypass WebApps Hardware
2019-10-10 ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit, DEP Bypass) Local Linux
2019-10-10 SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery WebApps Hardware
2019-10-09 XNU - Remote Double-Free via Data Race in IPComp Input Path DoS macOS
2019-10-09 Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC) DoS Windows
2019-10-09 DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass) Local Windows
2019-10-07 vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution WebApps PHP
2019-10-08 Zabbix 4.4 - Authentication Bypass WebApps PHP
2019-10-07 freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow Remote Windows
2019-10-07 CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Local Windows
2019-10-07 IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload WebApps Java
2019-10-07 Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting WebApps PHP
2019-10-07 ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP) Local Windows_x86-64
2019-10-07 Zabbix 4.2 - Authentication Bypass WebApps PHP
2019-10-07 logrotten 3.15.1 - Privilege Escalation Local Linux
2019-10-07 Joomla 3.4.6 - 'configuration.php' Remote Code Execution WebApps PHP
2019-10-04 Android - Binder Driver Use-After-Free Local Android
2019-10-03 PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass WebApps PHP
2019-10-04 LabCollector 5.423 - SQL Injection WebApps PHP
2019-10-03 AnchorCMS < 0.12.3a - Information Disclosure WebApps Multiple
2019-10-03 mintinstall 7.9.9 - Code Execution WebApps Linux
2019-10-02 DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit) Remote Windows
2019-10-02 Detrix EDMS 1.2.3.1505 - SQL Injection WebApps PHP
2019-09-18 Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Local Windows
2019-10-01 WebKit - Universal XSS Using Cached Pages DoS Multiple
2019-10-01 WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment DoS Multiple
2019-10-01 WebKit - Universal XSS in WebCore::command DoS Multiple
2019-10-01 WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads DoS Multiple
2019-10-01 DotNetNuke < 9.4.0 - Cross-Site Scripting WebApps Multiple
2019-09-23 vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution WebApps PHP
2019-09-28 PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass WebApps Multiple
2019-10-01 kic 2.4a - Denial of Service DoS Linux
2019-10-01 DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH) Local Windows
2019-09-30 Cisco Small Business 220 Series - Multiple Vulnerabilities Remote Hardware
2019-09-30 TheSystem 1.0 - Command Injection WebApps Python
2019-09-30 thesystem 1.0 - Cross-Site Scripting WebApps Python
2019-09-30 GoAhead 2.5.0 - Host Header Injection Remote Multiple
2019-09-30 phpIPAM 1.4 - SQL Injection WebApps PHP
2019-09-30 vBulletin 5.x - Remote Command Execution (Metasploit) WebApps PHP
2019-09-27 WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting WebApps PHP
2019-09-27 V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation WebApps Hardware
2019-09-27 V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery WebApps Hardware
2019-09-27 V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download WebApps Hardware
2019-09-27 thesystem App 1.0 - 'username' SQL Injection WebApps PHP
2019-09-27 thesystem App 1.0 - Persistent Cross-Site Scripting WebApps PHP
2019-09-27 thesystem App 1.0 - 'server_name' SQL Injection WebApps PHP
2019-09-27 Mobatek MobaXterm 12.1 - Buffer Overflow (SEH) Local Windows
2019-09-27 InoERP 0.7.2 - Persistent Cross-Site Scripting WebApps PHP
2019-09-26 citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection WebApps PHP
2019-09-26 inoERP 4.15 - 'download' SQL Injection WebApps PHP
2019-09-26 all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting WebApps PHP
2019-09-26 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting WebApps PHP
2019-09-26 Chamillo LMS 1.11.8 - Arbitrary File Upload WebApps PHP
2019-09-25 YzmCMS 5.3 - 'Host' Header Injection WebApps PHP
2019-09-25 ABRT - sosreport Privilege Escalation (Metasploit) Local Linux
2019-09-25 NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution WebApps JSON
2019-09-25 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting WebApps PHP
2019-09-25 SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service DoS Windows
2019-09-25 Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting WebApps ASPX
2019-09-24 Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit) Remote Windows
2019-09-24 iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds DoS iOS
2019-09-24 Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service DoS Windows
2019-09-24 File Sharing Wizard 1.5.0 - POST SEH Overflow Remote Windows
2019-09-24 DeviceViewer 3.12.0.1 - 'creating user' Denial of Service DoS Windows
2019-09-23 HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure Remote watchOS
2019-09-23 Gila CMS < 1.11.1 - Local File Inclusion WebApps Multiple
2019-09-23 Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure Remote Hardware
2019-09-20 LayerBB < 1.1.4 - Cross-Site Request Forgery WebApps PHP
2019-09-19 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting WebApps PHP
2019-09-19 DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection WebApps PHP
2019-09-19 macOS 18.7.0 Kernel - Local Privilege Escalation Local macOS
2019-09-19 Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution WebApps Hardware
2019-09-18 Hospital-Management 1.26 - 'fname' SQL Injection WebApps PHP
2019-09-16 CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection WebApps PHP
2019-09-16 docPrint Pro 8.0 - SEH Buffer Overflow Local Windows
2019-09-16 Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload WebApps CFM
2019-09-16 Inteno IOPSYS Gateway - Improper Access Restrictions Remote Hardware
2019-09-16 AppXSvc - Privilege Escalation Local Windows
2019-09-14 College-Management-System 1.2 - Authentication Bypass WebApps PHP
2019-09-14 Ticket-Booking 1.4 - Authentication Bypass WebApps PHP
2019-09-13 LimeSurvey 3.17.13 - Cross-Site Scripting WebApps PHP
2019-09-13 phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery WebApps PHP
2019-09-13 Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting WebApps PHP
2019-09-13 Folder Lock 7.7.9 - Denial of Service DoS Windows
2019-09-12 Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts DoS Windows
2019-09-12 Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts DoS Windows
2019-09-11 eWON Flexy - Authentication Bypass WebApps Hardware
2019-09-11 AVCON6 systems management platform - OGNL Remote Command Execution WebApps Java
2019-09-10 Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Local Windows
2019-09-10 Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Local Windows
2019-09-10 October CMS - Upload Protection Bypass Code Execution (Metasploit) Remote PHP
2019-09-10 LibreNMS - Collectd Command Injection (Metasploit) Remote Linux
2019-09-10 WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2) WebApps PHP
2019-09-10 WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting WebApps PHP
2019-09-10 WordPress Plugin Photo Gallery 1.5.34 - SQL Injection WebApps PHP
2019-09-09 Dolibarr ERP-CRM 10.0.1 - SQL Injection WebApps PHP
2019-09-09 WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting WebApps PHP
2019-09-09 Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure WebApps CGI
2019-09-09 Online Appointment - SQL Injection WebApps PHP
2019-09-09 Enigma NMS 65.0.0 - SQL Injection WebApps Multiple
2019-09-09 Enigma NMS 65.0.0 - OS Command Injection WebApps Multiple
2019-09-09 Enigma NMS 65.0.0 - Cross-Site Request Forgery WebApps Multiple
2019-09-09 Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection WebApps PHP
2019-09-09 WordPress 5.2.3 - Cross-Site Host Modification WebApps PHP
2019-09-06 FusionPBX 4.4.8 - Remote Code Execution Remote Linux
2019-09-06 Windows NTFS - Privileged File Access Enumeration Local Windows
2019-09-06 Inventory Webapp - 'itemquery' SQL injection WebApps PHP
2019-09-06 Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution Remote Multiple
2019-09-05 AwindInc SNMP Service - Command Injection (Metasploit) Remote Linux
2019-09-04 DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting WebApps Hardware
2019-09-04 WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting WebApps PHP
2019-08-12 BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting WebApps PHP
2019-08-08 Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection WebApps PHP
2019-08-08 Adive Framework 2.0.7 - Cross-Site Request Forgery WebApps PHP
2019-08-08 Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download WebApps PHP
2019-08-08 Aptana Jaxer 1.0.3.4547 - Local File inclusion WebApps Multiple
2019-08-08 Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income) WebApps PHP
2019-08-08 Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting WebApps PHP
2019-08-07 WordPress Plugin JoomSport 3.3 - SQL Injection WebApps PHP
2019-08-02 1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting WebApps PHP
2019-08-02 Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection WebApps PHP
2019-08-02 Sar2HTML 3.2.1 - Remote Command Execution WebApps PHP
2019-08-01 Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery WebApps Hardware
2019-08-01 WebIncorp ERP - SQL injection WebApps PHP
2019-08-01 Ultimate Loan Manager 2.0 - Cross-Site Scripting WebApps Multiple
2019-07-31 Oracle Hyperion Planning 11.1.2.3 - XML External Entity WebApps Multiple
2019-07-30 Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming WebApps Hardware
2019-07-29 GigToDo 1.3 - Cross-Site Scripting WebApps PHP
2019-07-29 WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting WebApps PHP
2019-07-29 WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery WebApps PHP
2019-07-26 Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection WebApps JSP
2019-07-26 Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit) WebApps JSP
2019-07-26 Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution WebApps JSP
2019-07-26 Moodle Filepicker 3.5.2 - Server Side Request Forgery WebApps PHP
2019-07-25 Ovidentia 8.4.3 - SQL Injection WebApps PHP
2019-07-25 Ovidentia 8.4.3 - Cross-Site Scripting WebApps PHP
2019-07-24 WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions WebApps PHP
2019-07-24 Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery WebApps Hardware
2019-07-24 NoviSmart CMS - SQL injection WebApps PHP
2019-07-22 Axway SecureTransport 5 - Unauthenticated XML Injection WebApps Linux
2019-07-19 REDCap < 9.1.2 - Cross-Site Scripting WebApps PHP
2019-07-19 Web Ofisi Firma 13 - 'oz' SQL Injection WebApps Linux
2019-07-19 Web Ofisi Rent a Car 3 - 'klima' SQL Injection WebApps Linux
2019-07-19 Web Ofisi Firma Rehberi 1 - 'il' SQL Injection WebApps Linux
2019-07-19 Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection WebApps Linux
2019-07-19 Web Ofisi Emlak 2 - 'ara' SQL Injection WebApps Linux
2019-07-19 Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection WebApps Linux
2019-07-19 Web Ofisi E-Ticaret 3 - 'a' SQL Injection WebApps Linux
2019-07-19 fuelCMS 1.4.1 - Remote Code Execution WebApps Linux
2019-07-18 WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting WebApps Linux
2019-07-17 Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting WebApps Linux
2019-07-16 CentOS Control Web Panel 0.9.8.838 - User Enumeration WebApps Linux
2019-07-16 CentOS Control Web Panel 0.9.8.836 - Privilege Escalation WebApps Linux
2019-07-16 CentOS Control Web Panel 0.9.8.836 - Authentication Bypass WebApps Linux
2019-07-15 FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion WebApps PHP
2019-07-15 CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities WebApps Hardware
2019-07-15 NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass WebApps Hardware
2019-07-12 Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution WebApps CGI
2019-07-12 Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting WebApps Java
2019-07-12 Sahi Pro 8.0.0 - Remote Command Execution WebApps Java
2019-07-12 MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting WebApps PHP
2019-07-12 Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting WebApps Hardware
2019-07-11 Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting WebApps ASPX
2019-07-08 WordPress Plugin Like Button 1.6.0 - Authentication Bypass WebApps PHP
2019-07-08 Karenderia Multiple Restaurant System 5.3 - SQL Injection WebApps PHP
2019-07-05 Karenderia Multiple Restaurant System 5.3 - Local File Inclusion WebApps PHP
2019-07-03 Symantec DLP 15.5 MP1 - Cross-Site Scripting WebApps Multiple
2019-07-02 Centreon 19.04 - Remote Code Execution WebApps PHP
2019-07-01 FaceSentry Access Control System 6.4.8 - Remote Root Exploit WebApps Hardware
2019-07-01 FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery WebApps Hardware
2019-07-01 FaceSentry Access Control System 6.4.8 - Remote Command Injection WebApps Hardware
2019-07-01 CyberPanel 1.8.4 - Cross-Site Request Forgery WebApps Multiple
2019-07-01 Sahi pro 8.x - Directory Traversal WebApps Multiple
2019-07-01 SAP Crystal Reports - Information Disclosure WebApps Multiple
2019-07-01 ZoneMinder 1.32.3 - Cross-Site Scripting WebApps PHP
2019-07-01 PowerPanel Business Edition - Cross-Site Scripting WebApps Linux
2019-07-01 Varient 1.6.1 - SQL Injection WebApps Multiple
2019-07-01 CiuisCRM 1.6 - 'eventType' SQL Injection WebApps PHP
2019-07-01 WorkSuite PRM 2.4 - 'password' SQL Injection WebApps PHP
2019-06-28 LibreNMS 1.46 - 'addhost' Remote Code Execution WebApps PHP
2019-06-25 WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WebApps PHP
2019-06-25 WordPress Plugin iLive 1.0.4 - Cross-Site Scripting WebApps PHP
2019-06-25 BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal WebApps ASPX
2019-06-25 AZADMIN CMS 1.0 - SQL Injection WebApps PHP
2019-06-25 Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution WebApps Hardware
2019-06-24 GrandNode 4.40 - Path Traversal / Arbitrary File Download WebApps Multiple
2019-06-24 SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting WebApps PHP
2019-06-24 SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting WebApps PHP
2019-06-24 SeedDMS versions < 5.1.11 - Remote Command Execution WebApps PHP
2019-06-24 dotProject 2.1.9 - SQL Injection WebApps PHP

2019-06-20

Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Local

Linux

2019-06-20

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)

Remote

Linux

2019-06-20

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

DoS

Linux

2019-06-20

BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection

WebApps

ASPX

2019-06-20

WebERP 4.15 - SQL injection

WebApps

PHP

2019-06-20

Tuneclone 2.20 - Local SEH Buffer Overflow

Local

Windows

2019-06-19

BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution

WebApps

ASPX

2019-06-19

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

WebApps

ASPX

2019-06-18

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation

Local

Linux

2019-06-18

Sahi pro 8.x - Cross-Site Scripting

WebApps

Multiple

2019-06-18

Sahi pro 8.x - SQL Injection

WebApps

Multiple

2019-06-18

Sahi pro 7.x/8.x - Directory Traversal

WebApps

Multiple

2019-06-17

Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow

DoS

Multiple

2019-06-17

Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow

DoS

Multiple

2019-06-17

Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow

DoS

Multiple

2019-06-17

Thunderbird ESR < 60.7.XXX - Type Confusion

DoS

Multiple

2019-06-17

Spring Security OAuth - Open Redirector

WebApps

Java

2019-06-17

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)

Remote

PHP

2019-06-17

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Local

Windows

2019-06-17

Netperf 2.6.0 - Stack-Based Buffer Overflow

DoS

Linux

2019-06-17

Exim 4.87 - 4.91 - Local Privilege Escalation

Local

Linux

2019-06-17

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

DoS

Windows

2019-06-17

CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities

WebApps

Hardware

2019-06-17

RedwoodHQ 2.5.5 - Authentication Bypass

WebApps

Multiple

2019-06-14

Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow

Local

Windows

2019-06-14

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

Local

Linux

2019-06-13

Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Local

Windows

2019-06-13

Sitecore 8.x - Deserialization Remote Code Execution

WebApps

ASPX

2019-06-12

FusionPBX 4.4.3 - Remote Command Execution

WebApps

PHP

2019-06-11

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)

Remote

Linux

2019-06-11

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

WebApps

JSP

2019-06-11

phpMyAdmin 4.8 - Cross-Site Request Forgery

WebApps

PHP

2019-06-11

WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution

WebApps

PHP

2019-06-11

ProShow 9.0.3797 - Local Privilege Escalation

Local

Windows

2019-06-10

Ubuntu 18.04 - 'lxd' Privilege Escalation

Local

Linux

2019-06-10

UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting

WebApps

PHP

2019-06-07

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Local

Windows

2019-06-05

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Remote

Linux

2019-06-04

Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution

Local

Linux

2019-06-03

Nvidia GeForce Experience Web Helper - Command Injection

Local

Windows

2019-06-06

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion

WebApps

Hardware

2019-06-05

LibreNMS - addhost Command Injection (Metasploit)

Remote

Linux

2019-06-05

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

Remote

Windows

2019-06-05

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free

DoS

Multiple

2019-06-05

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery

WebApps

JSP

2019-06-04

Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting

WebApps

Java

2019-06-04

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting

WebApps

Java

2019-06-04

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting

WebApps

Java

2019-06-04

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting

WebApps

Java

2019-06-04

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)

Local

Windows

2019-06-04

Cisco RV130W 1.0.3.44 - Remote Stack Overflow

Remote

Hardware

2019-06-04

NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow

Remote

Hardware

2019-06-04

IceWarp 10.4.4 - Local File Inclusion

WebApps

PHP

2019-06-03

WordPress Plugin Form Maker 1.13.3 - SQL Injection

WebApps

PHP

2019-06-03

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

WebApps

Hardware

2019-06-03

KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities

WebApps

PHP

2019-05-30

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service

DoS

Windows

2014-11-24

Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)

Local

Windows

2019-05-29

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

Remote

Java

2019-05-29

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

DoS

Android

2019-05-29

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

DoS

Multiple

2019-05-29

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

DoS

Multiple

2019-05-23

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

Local

Windows

2019-05-29

Free SMTP Server 2.5 - Denial of Service (PoC)

DoS

Windows

2019-05-29

pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting

WebApps

PHP

2019-05-28

Phraseanet < 4.0.7 - Cross-Site Scripting

WebApps

Multiple

2019-05-28

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

Remote

Windows

2019-05-28

EquityPandit 1.0 - Password Disclosure

Local

Android

2019-05-27

Typora 0.9.9.24.6 - Directory Traversal

Remote

macOS

2019-05-27

Deltek Maconomy 2.2.5 - Local File Inclusion

WebApps

Multiple

2019-05-27

Pidgin 2.13.0 - Denial of Service (PoC)

DoS

Windows

2019-05-24

Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)

DoS

Windows

2019-05-24

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Remote

Windows

2019-05-24

Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)

DoS

Windows

2019-05-24

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)

DoS

Windows

2019-05-24

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)

DoS

Windows

2019-05-24

Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)

DoS

Windows

2019-05-24

Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)

DoS

Windows

2019-05-24

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

Local

Windows

2019-05-24

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WebApps

PHP

2019-05-15

Microsoft Windows - 'Win32k' Local Privilege Escalation

Local

Windows

2019-05-22

Microsoft Internet Explorer 11 - Sandbox Escape

Local

Windows

2019-05-22

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

Local

Windows

2019-05-22

Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

Local

Windows

2019-05-23

Microsoft Windows 10 (17763.379) - Install DLL

Local

Windows

2019-05-23

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)

Remote

PHP

2019-05-23

Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)

Local

macOS

2019-05-23

Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free

DoS

iOS

2019-05-23

Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation

Local

Windows

2019-05-23

Terminal Services Manager 3.2.1 - Denial of Service

DoS

Windows

2019-05-23

Nagios XI 5.6.1 - SQL injection

WebApps

PHP

2019-05-23

NetAware 1.20 - 'Share Name' Denial of Service (PoC)

DoS

Windows

2019-05-23

NetAware 1.20 - 'Add Block' Denial of Service (PoC)

DoS

Windows

2019-05-22

Horde Webmail 5.2.22 - Multiple Vulnerabilities

WebApps

PHP

2019-05-22

TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)

DoS

Windows

2019-05-22

TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)

DoS

Windows

2019-05-22

RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)

DoS

Windows

2019-05-22

RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)

DoS

Windows

2019-05-22

Carel pCOWeb < B1.2.1 - Credentials Disclosure

WebApps

Hardware

2019-05-22

Carel pCOWeb < B1.2.1 - Cross-Site Scripting

WebApps

Hardware

2019-05-22

AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting

WebApps

Hardware

2019-05-22

Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting

WebApps

Multiple

2019-05-22

Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions

WebApps

Multiple

2019-05-22

BlueStacks 4.80.0.1060 - Denial of Service (PoC)

DoS

Windows

2019-05-21

Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free

DoS

Multiple

2019-05-21

Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl

DoS

Multiple

2019-05-21

Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register

DoS

Multiple

2019-05-21

Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

DoS

Multiple

2019-05-21

Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free

DoS

Multiple

2019-05-21

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution

WebApps

Java

2019-05-21

WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities

WebApps

PHP

2019-05-21

Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection

WebApps

Java

2019-05-21

Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)

DoS

Windows

2019-05-21

Deluge 1.3.15 - 'URL' Denial of Service (PoC)

DoS

Multiple

2019-05-21

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting

WebApps

Hardware

2019-05-21

Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting

WebApps

PHP

2019-05-20

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)

Remote

PHP

2019-05-20

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Local

Solaris

2019-05-20

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)

Local

Solaris

2019-05-20

Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation

Local

Solaris

2019-04-02

LimeSurvey < 3.16 - Remote Code Execution

WebApps

PHP

2019-04-02

JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery

WebApps

Hardware

2019-04-02

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering

WebApps

PHP

2019-04-02

Inout RealEstate - 'city' SQL Injection

WebApps

PHP

2019-04-02

Inout EasyRooms - SQL Injection

WebApps

PHP

2019-03-29

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

WebApps

Linux

2019-03-28

Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection

WebApps

PHP

2019-03-28

BigTree 4.3.4 CMS - Multiple SQL Injection

WebApps

PHP

2019-03-28

Job Portal 3.1 - 'job_submit' SQL Injection

WebApps

PHP

2019-03-28

i-doit 1.12 - 'qr.php' Cross-Site Scripting

WebApps

PHP

2019-03-28

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

WebApps

PHP

2019-03-28

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion

WebApps

PHP

2019-03-28

Fat Free CRM 0.19.0 - HTML Injection

WebApps

Ruby

2019-03-28

Airbnb Clone Script - Multiple SQL Injection

WebApps

PHP

2019-03-28

Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion

WebApps

Windows

2019-03-27

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection

WebApps

PHP

2019-03-26

SJS Simple Job Script - SQL Injection / Cross-Site Scripting

WebApps

PHP

2019-03-26

Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion

WebApps

Windows

2019-03-26

XooDigital - 'p' SQL Injection

WebApps

PHP

2019-03-26

XooGallery - Multiple SQL Injection

WebApps

PHP

2019-03-26

Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting

WebApps

PHP

2019-03-26

Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection

WebApps

PHP

2019-03-25

Zeeways Matrimony CMS - SQL Injection

WebApps

PHP

2019-03-25

Zeeways Jobsite CMS - 'id' SQL Injection

WebApps

PHP

2019-03-25

Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection

WebApps

PHP

2019-03-25

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)

WebApps

PHP

2019-03-25

Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection

WebApps

PHP

2019-03-25

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

WebApps

Multiple

2019-03-22

Inout Article Base CMS - SQL Injection

WebApps

PHP

2019-03-22

Meeplace Business Review Script - 'id' SQL Injection

WebApps

PHP

2019-03-22

Matri4Web Matrimony Website Script - Multiple SQL Injection

WebApps

PHP

2019-03-21

Bootstrapy CMS - Multiple SQL Injection

WebApps

PHP

2019-03-21

Placeto CMS Alpha v4 - 'page' SQL Injection

WebApps

PHP

2019-03-21

uHotelBooking System - 'system_page' SQL Injection

WebApps

PHP

2019-03-21

The Company Business Website CMS - Multiple Vulnerabilities

WebApps

PHP

2019-03-21

Rails 5.2.1 - Arbitrary File Content Disclosure

WebApps

Multiple

21.03.2019

Netartmedia Vlog System - 'email' SQL Injection

webapps

PHP

21.03.2019

Rails 5.2.1 - Arbitrary File Content Disclosure

webapps

Multiple

21.03.2019

The Company Business Website CMS - Multiple Vulnerabilities

webapps

PHP

21.03.2019

uHotelBooking System - 'system_page' SQL Injection

webapps

PHP

21.03.2019

Placeto CMS Alpha v4 - 'page' SQL Injection

webapps

PHP

21.03.2019

Bootstrapy CMS - Multiple SQL Injection

webapps

PHP

20.03.2019

Netartmedia PHP Car Dealer - SQL Injection

webapps

PHP

20.03.2019

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

webapps

PHP

20.03.2019

Netartmedia Jobs Portal 6.1 - SQL Injection

webapps

PHP

20.03.2019

Netartmedia PHP Dating Site - SQL Injection

webapps

PHP

20.03.2019

Netartmedia PHP Business Directory 4.2 - SQL Injection

webapps

PHP

20.03.2019

202CMS v10beta - Multiple SQL Injection

webapps

PHP

20.03.2019

PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control

webapps

Hardware

20.03.2019

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery

webapps

Hardware

20.03.2019

Netartmedia Deals Portal - 'Email' SQL Injection

webapps

PHP

19.03.2019

Gila CMS 1.9.1 - Cross-Site Scripting

webapps

PHP

19.03.2019

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

webapps

PHP

19.03.2019

eNdonesia Portal 8.7 - Multiple Vulnerabilities

webapps

PHP

19.03.2019

Netartmedia Event Portal 2.0 - 'Email' SQL Injection

webapps

PHP

19.03.2019

Netartmedia PHP Mall 4.1 - SQL Injection

webapps

PHP

19.03.2019

Netartmedia Real Estate Portal 5.0 - SQL Injection

webapps

PHP

18.03.2019

TheCarProject 2 - Multiple SQL Injection

webapps

PHP

15.03.2019

NetData 1.13.0 - HTML Injection

webapps

Multiple

15.03.2019

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

webapps

PHP

15.03.2019

ICE HRM 23.0 - Multiple Vulnerabilities

webapps

PHP

15.03.2019

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

webapps

PHP

15.03.2019

Laundry CMS - Multiple Vulnerabilities

webapps

PHP

15.03.2019

Moodle 3.4.1 - Remote Code Execution

webapps

PHP

14.03.2019

Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)

webapps

PHP

14.03.2019

Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution

webapps

PHP

13.03.2019

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

webapps

PHP

13.03.2019

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

webapps

PHP

12.03.2019

PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

11.03.2019

Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)

webapps

Multiple

11.03.2019

OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)

webapps

JSP

11.03.2019

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution

webapps

Windows

11.03.2019

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

webapps

PHP

08.03.2019

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

webapps

Multiple

08.03.2019

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass

webapps

Windows

08.03.2019

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

webapps

PHP

07.03.2019

Kados R10 GreenBee - Multiple SQL Injection

webapps

PHP

05.03.2019

OpenDocMan 1.3.4 - 'search.php where' SQL Injection

webapps

PHP

04.03.2019

Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

webapps

Hardware

04.03.2019

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

webapps

PHP

04.03.2019

Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)

webapps

Windows

04.03.2019

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

webapps

PHP

04.03.2019

OOP CMS BLOG 1.0 - Multiple SQL Injection

webapps

PHP

04.03.2019

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

webapps

PHP

04.03.2019

CMSsite 1.0 - Multiple Cross-Site Request Forgery

webapps

PHP

04.03.2019

elFinder 2.1.47 - 'PHP connector' Command Injection

webapps

PHP

04.03.2019

MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal

webapps

Windows

04.03.2019

Bolt CMS 3.6.4 - Cross-Site Scripting

webapps

PHP

04.03.2019

Craft CMS 3.1.12 Pro - Cross-Site Scripting

webapps

PHP

04.03.2019

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

webapps

PHP

04.03.2019

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

webapps

Hardware

01.03.2019

WordPress Core 5.0 - Remote Code Execution

webapps

PHP

28.02.2019

Simple Online Hotel Reservation System - SQL Injection

webapps

PHP

28.02.2019

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

webapps

PHP

28.02.2019

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

webapps

PHP

28.02.2019

Joomla! Component J2Store < 3.3.7 - SQL Injection

webapps

PHP

28.02.2019

Usermin 1.750 - Remote Command Execution (Metasploit)

webapps

Linux

28.02.2019

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

webapps

PHP

25.02.2019

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution

webapps

Java

25.02.2019

zzzphp CMS 1.6.1 - Remote Code Execution

webapps

PHP

25.02.2019

PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection

webapps

PHP

25.02.2019

News Website Script 2.0.5 - SQL Injection

webapps

PHP

25.02.2019

Advance Gift Shop Pro Script 2.0.3 - SQL Injection

webapps

PHP

25.02.2019

Drupal < 8.6.9 - REST Module Remote Code Execution

webapps

PHP

23.02.2019

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution

webapps

PHP

22.02.2019

Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

webapps

Multiple

22.02.2019

Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation

webapps

Linux

22.02.2019

Teracue ENC-400 - Command Injection / Missing Authentication

webapps

Hardware

21.02.2019

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

webapps

PHP

21.02.2019

EI-Tube 3 - SQL Injection

webapps

PHP

20.02.2019

HotelDruid 2.3 - Cross-Site Scripting

webapps

PHP

19.02.2019

Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection

webapps

PHP

19.02.2019

Listing Hub CMS 1.0 - 'pages.php id' SQL Injection

webapps

PHP

19.02.2019

Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting

webapps

PHP

19.02.2019

eDirectory - SQL Injection

webapps

PHP

19.02.2019

XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting

webapps

PHP

19.02.2019

Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting

webapps

JSP

19.02.2019

Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection

webapps

PHP

19.02.2019

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)

webapps

Java

18.02.2019

qdPM 9.1 - 'type' Cross-Site Scripting

webapps

PHP

18.02.2019

qdPM 9.1 - 'search[keywords]' Cross-Site Scripting

webapps

PHP

18.02.2019

Master IP CAM 01 3.3.4.2103 - Remote Command Execution

webapps

CGI

18.02.2019

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

webapps

PHP

18.02.2019

CMSsite 1.0 - 'post' SQL Injection

webapps

PHP

18.02.2019

M/Monit 3.7.2 - Privilege Escalation

webapps

Multiple

18.02.2019

Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload

webapps

PHP

18.02.2019

Apache CouchDB 2.3.0 - Cross-Site Scripting

webapps

Multiple

18.02.2019

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

webapps

Multiple

18.02.2019

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting

webapps

Multiple

18.02.2019

Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload

webapps

JSP

18.02.2019

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

webapps

PHP

15.02.2019

MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

webapps

PHP

15.02.2019

Jinja2 2.10 - 'from_string' Server Side Template Injection

webapps

Python

15.02.2019

qdPM 9.1 - 'search_by_extrafields[]' SQL Injection

webapps

PHP

15.02.2019

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

webapps

PHP

14.02.2019

DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting

webapps

PHP

14.02.2019

DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting

webapps

PHP

14.02.2019

DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting

webapps

PHP

14.02.2019

DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting

webapps

PHP

14.02.2019

DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting

webapps

PHP

14.02.2019

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

webapps

PHP

14.02.2019

LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

13.02.2019

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting

webapps

PHP

13.02.2019

PilusCart 1.4.1 - 'send' SQL Injection

webapps

PHP

12.02.2019

OPNsense < 19.1.1 - Cross-Site Scripting

webapps

PHP

12.02.2019

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

webapps

Linux

12.02.2019

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution

webapps

ASPX

12.02.2019

LayerBB 1.1.2 - Cross-Site Scripting

webapps

PHP

11.02.2019

Smoothwall Express 3.1-SP4 - Cross-Site Scripting

webapps

CGI

11.02.2019

Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset

webapps

Hardware

11.02.2019

IPFire 2.21 - Cross-Site Scripting

webapps

CGI

11.02.2019

MyBB Bans List 1.0 - Cross-Site Scripting

webapps

PHP

11.02.2019

VA MAX 8.3.4 - (Authenticated) Remote Code Execution

webapps

PHP

11.02.2019

CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting

webapps

Linux

11.02.2019

Webiness Inventory 2.3 - 'email' SQL Injection

webapps

PHP

06.02.2019

osCommerce 2.3.4.1 - 'currency' SQL Injection

webapps

PHP

06.02.2019

osCommerce 2.3.4.1 - 'products_id' SQL Injection

webapps

PHP

06.02.2019

osCommerce 2.3.4.1 - 'reviews_id' SQL Injection

webapps

PHP

05.02.2019

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure

webapps

Hardware

05.02.2019

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)

webapps

Hardware

05.02.2019

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

webapps

Hardware

05.02.2019

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

webapps

Hardware

05.02.2019

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery

webapps

Hardware

05.02.2019

devolo dLAN 550 duo+ Starter Kit - Remote Code Execution

webapps

Hardware

05.02.2019

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery

webapps

Hardware

05.02.2019

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

webapps

Java

04.02.2019

ResourceSpace 8.6 - 'watched_searches.php' SQL Injection

webapps

PHP

04.02.2019

SuiteCRM 7.10.7 - 'parentTab' SQL Injection

webapps

PHP

04.02.2019

SuiteCRM 7.10.7 - 'record' SQL Injection

webapps

PHP

04.02.2019

Nessus 8.2.1 - Cross-Site Scripting

webapps

Multiple

04.02.2019

pfSense 2.4.4-p1 - Cross-Site Scripting

webapps

Multiple

01.02.2019

SureMDM < 2018-11 Patch - Local / Remote File Inclusion

webapps

Windows

30.01.2019

Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

webapps

PHP

29.01.2019

PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)

webapps

PHP

28.01.2019

Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting

webapps

Java

28.01.2019

WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download

webapps

PHP

28.01.2019

AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery

webapps

Hardware

28.01.2019

LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference

webapps

Multiple

28.01.2019

CMSsite 1.0 - 'cat_id' SQL Injection

webapps

PHP

28.01.2019

CMSsite 1.0 - 'search' SQL Injection

webapps

PHP

28.01.2019

Cisco RV300 / RV320 - Information Disclosure

webapps

Hardware

28.01.2019

Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting

webapps

Hardware

28.01.2019

Newsbull Haber Script 1.0.0 - 'search' SQL Injection

webapps

PHP

28.01.2019

Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection

webapps

PHP

28.01.2019

Teameyo Project Management System 1.0 - SQL Injection

webapps

PHP

28.01.2019

Mess Management System 1.0 - SQL Injection

webapps

PHP

28.01.2019

MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting

webapps

PHP

28.01.2019

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

webapps

PHP

25.01.2019

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection

webapps

Hardware

25.01.2019

GreenCMS 2.x - SQL Injection

webapps

PHP

25.01.2019

GreenCMS 2.x - Arbitrary File Download

webapps

PHP

25.01.2019

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

webapps

PHP

24.01.2019

Joomla! Component J-CruisePortal 6.0.4 - SQL Injection

webapps

PHP

24.01.2019

Joomla! Component JHotelReservation 6.0.7 - SQL Injection

webapps

PHP

24.01.2019

SimplePress CMS 1.0.7 - SQL Injection

webapps

PHP

24.01.2019

SirsiDynix e-Library 3.5.x - Cross-Site Scripting

webapps

CGI

24.01.2019

Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution

webapps

Windows

24.01.2019

ImpressCMS 1.3.11 - 'bid' SQL Injection

webapps

PHP

24.01.2019

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery

webapps

Hardware

23.01.2019

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation

webapps

Linux

23.01.2019

Joomla! Component vBizz 1.0.7 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component vBizz 1.0.7 - Remote Code Execution

webapps

PHP

23.01.2019

Joomla! Component vWishlist 1.0.1 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection

webapps

PHP

23.01.2019

Joomla! Component vReview 1.9.11 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component vRestaurant 1.9.4 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component VMap 1.9.6 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection

webapps

PHP

23.01.2019

Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection

webapps

PHP

23.01.2019

Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection

webapps

PHP

22.01.2019

Joomla! Component Easy Shop 1.2.3 - Local File Inclusion

webapps

PHP

21.01.2019

Kepler Wallpaper Script 1.1 - SQL Injection

webapps

PHP

21.01.2019

Coman 1.0 - 'id' SQL Injection

webapps

PHP

21.01.2019

Reservic 1.0 - 'id' SQL Injection

webapps

PHP

21.01.2019

MoneyFlux 1.0 - 'id' SQL Injection

webapps

PHP

21.01.2019

PHP Dashboards NEW 5.8 - 'dashID' SQL Injection

webapps

PHP

21.01.2019

PHP Dashboards NEW 5.8 - Local File Inclusion

webapps

PHP

21.01.2019

PHP Uber-style GeoTracking 1.1 - SQL Injection

webapps

PHP

21.01.2019

Adianti Framework 5.5.0 - SQL Injection

webapps

PHP

18.01.2019

SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion

webapps

PHP

18.01.2019

phpTransformer 2016.9 - SQL Injection

webapps

PHP

18.01.2019

phpTransformer 2016.9 - Directory Traversal

webapps

PHP

18.01.2019

Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings

webapps

PHP

18.01.2019

Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload

webapps

PHP

17.01.2019

Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting

webapps

Multiple

16.01.2019

FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure

webapps

Hardware

16.01.2019

Roxy Fileman 1.4.5 - Arbitrary File Download

webapps

PHP

16.01.2019

doorGets CMS 7.0 - Arbitrary File Download

webapps

PHP

16.01.2019

ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution

webapps

PHP

16.01.2019

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal

webapps

Hardware

16.01.2019

Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset

webapps

Hardware

16.01.2019

Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

webapps

PHP

15.01.2019

ownDMS 4.7 - SQL Injection

webapps

PHP

14.01.2019

Across DR-810 ROM-0 - Backup File Disclosure

webapps

Hardware

14.01.2019

i-doit CMDB 1.12 - Arbitrary File Download

webapps

PHP

14.01.2019

i-doit CMDB 1.12 - SQL Injection

webapps

PHP

14.01.2019

Horde Imp - 'imap_open' Remote Command Execution

webapps

PHP

14.01.2019

Modern POS 1.3 - Arbitrary File Download

webapps

PHP

14.01.2019

Modern POS 1.3 - SQL Injection

webapps

PHP

14.01.2019

Twilio WEB To Fax Machine System Application 1.0 - SQL Injection

webapps

PHP

14.01.2019

Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

14.01.2019

Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection

webapps

PHP

14.01.2019

Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection

webapps

PHP

14.01.2019

Find a Place CMS Directory 1.5 - SQL Injection

webapps

PHP

14.01.2019

Cleanto 5.0 - SQL Injection

webapps

PHP

14.01.2019

Lenovo R2105 - Cross-Site Request Forgery (Command Execution)

webapps

Hardware

14.01.2019

HealthNode Hospital Management System 1.0 - SQL Injection

webapps

PHP

14.01.2019

Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)

webapps

PHP

14.01.2019

ThinkPHP 5.X - Remote Command Execution

webapps

PHP

14.01.2019

Real Estate Custom Script 2.0 - SQL Injection

webapps

PHP

14.01.2019

Job Portal Platform 1.0 - SQL Injection

webapps

PHP

14.01.2019

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

webapps

ASPX

14.01.2019

Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection

webapps

PHP

14.01.2019

Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection

webapps

Windows

14.01.2019

AudioCode 400HD - Command Injection

webapps

CGI

11.01.2019

Adapt Inventory Management System 1.0 - SQL Injection

webapps

PHP

11.01.2019

Joomla! Component JoomProject 1.1.3.2 - Information Disclosure

webapps

PHP

11.01.2019

Joomla! Component JoomCRM 1.1.1 - SQL Injection

webapps

PHP

10.01.2019

PEAR Archive_Tar < 1.4.4 - PHP Object Injection

webapps

PHP

10.01.2019

eBrigade ERP 4.5 - Arbitrary File Download

webapps

PHP

10.01.2019

Matrix MLM Script 1.0 - Information Disclosure

webapps

PHP

10.01.2019

doitX 1.0 - 'search' SQL Injection

webapps

PHP

10.01.2019

Shield CMS 2.2 - 'email' SQL Injection

webapps

PHP

10.01.2019

Architectural 1.0 - 'email' SQL Injection

webapps

PHP

10.01.2019

MLMPro 1.0 - SQL Injection

webapps

PHP

10.01.2019

Event Calendar 3.7.4 - 'id' SQL Injection

webapps

PHP

10.01.2019

Event Locations 1.0.1 - 'id' SQL Injection

webapps

PHP

10.01.2019

eBrigade ERP 4.5 - SQL Injection

webapps

PHP

10.01.2019

OpenSource ERP 6.3.1. - SQL Injection

webapps

Multiple

09.01.2019

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

webapps

Hardware

09.01.2019

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

webapps

Hardware

09.01.2019

BlogEngine 3.3 - XML External Entity Injection

webapps

Windows

08.01.2019

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation

webapps

PHP

08.01.2019

Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection

webapps

PHP

07.01.2019

Embed Video Scripts - Persistent Cross-Site Scripting

webapps

PHP

07.01.2019

All in One Video Downloader 1.2 - (Authenticated) SQL Injection

webapps

PHP

07.01.2019

LayerBB 1.1.1 - Persistent Cross-Site Scripting

webapps

PHP

07.01.2019

MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting

webapps

PHP

07.01.2019

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting

webapps

CGI

07.01.2019

phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting

webapps

PHP

07.01.2019

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

webapps

PHP

07.01.2019

MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection

webapps

PHP

07.01.2019

Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal

webapps

PHP

07.01.2019

Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data

webapps

Windows

07.01.2019

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery

webapps

Windows

07.01.2019

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection

webapps

Windows

07.01.2019

Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)

webapps

Hardware

02.01.2019

WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection

webapps

PHP

02.01.2019

Frog CMS 0.9.5 - Cross-Site Scripting

webapps

PHP

02.01.2019

Vtiger CRM 7.1.0 - Remote Code Execution

webapps

PHP

27.12.2018

Craft CMS 3.0.25 - Cross-Site Scripting

webapps

PHP

27.12.2018

WordPress Plugin Audio Record 1.0 - Arbitrary File Upload

webapps

PHP

27.12.2018

bludit Pages Editor 3.0.0 - Arbitrary File Upload

webapps

PHP

27.12.2018

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload

webapps

PHP

24.12.2018

WSTMart 2.0.8 - Cross-Site Scripting

webapps

PHP

24.12.2018

WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

24.12.2018

FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection

webapps

PHP

21.12.2018

ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)

webapps

PHP

19.12.2018

Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)

webapps

PHP

19.12.2018

Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)

webapps

PHP

19.12.2018

Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting

webapps

PHP

19.12.2018

Integria IMS 5.0.83 - Cross-Site Request Forgery

webapps

PHP

19.12.2018

Bolt CMS < 3.6.2 - Cross-Site Scripting

webapps

PHP

19.12.2018

Yeswiki Cercopitheque - 'id' SQL Injection

webapps

PHP

19.12.2018

IBM Operational Decision Manager 8.x - XML External Entity Injection

webapps

Multiple

18.12.2018

SDL Web Content Manager 8.5.0 - XML External Entity Injection

webapps

XML

15.12.2018

phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read

webapps

PHP

14.12.2018

Responsive FileManager 9.13.4 - Multiple Vulnerabilities

webapps

PHP

14.12.2018

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

webapps

Multiple

14.12.2018

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

webapps

Multiple

14.12.2018

Huawei Router HG532e - Command Execution

webapps

Hardware

14.12.2018

Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)

webapps

PHP

14.12.2018

Facebook And Google Reviews System For Businesses 1.1 - SQL Injection

webapps

PHP

14.12.2018

Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution

webapps

PHP

14.12.2018

Double Your Bitcoin Script Automatic - Authentication Bypass

webapps

PHP

12.12.2018

phpBB 3.2.3 - Remote Code Execution

webapps

PHP

11.12.2018

Tourism Website Blog - Remote Code Execution / SQL Injection

webapps

PHP

11.12.2018

Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery

webapps

PHP

11.12.2018

PrestaShop 1.6.x/1.7.x - Remote Code Execution

webapps

PHP

11.12.2018

DomainMOD 4.11.01 - Cross-Site Scripting

webapps

PHP

11.12.2018

PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion

webapps

Multiple

11.12.2018

TP-Link wireless router Archer C1200 - Cross-Site Scripting

webapps

Hardware

11.12.2018

Huawei B315s-22 - Information Leak

webapps

Hardware

11.12.2018

ZTE ZXHN H168N - Improper Access Restrictions

webapps

Hardware

11.12.2018

Apache OFBiz 16.11.05 - Cross-Site Scripting

webapps

Multiple

11.12.2018

HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection

webapps

PHP

11.12.2018

WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection

webapps

PHP

11.12.2018

ThinkPHP 5.0.23/5.1.31 - Remote Code Execution

webapps

PHP

11.12.2018

Adobe ColdFusion 2018 - Arbitrary File Upload

webapps

Multiple

09.12.2018

i-doit CMDB 1.11.2 - Remote Code Execution

webapps

PHP

09.12.2018

Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting

webapps

PHP

09.12.2018

DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting

webapps

PHP

05.12.2018

HasanMWB 1.0 - SQL Injection

webapps

PHP

04.12.2018

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass

webapps

Hardware

04.12.2018

DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting

webapps

PHP

04.12.2018

NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage

webapps

Hardware

04.12.2018

KeyBase Botnet 1.5 - SQL Injection

webapps

PHP

04.12.2018

Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting

webapps

PHP

04.12.2018

DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting

webapps

PHP

04.12.2018

DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting

webapps

PHP

04.12.2018

NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection

webapps

PHP

04.12.2018

DomainMOD 4.11.01 - Registrar Cross-Site Scripting

webapps

PHP

04.12.2018

FreshRSS 1.11.1 - Cross-Site Scripting

webapps

PHP

03.12.2018

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution

webapps

PHP

03.12.2018

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting

webapps

Hardware

03.12.2018

PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure

webapps

Linux

03.12.2018

Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection

webapps

PHP

03.12.2018

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery

webapps

PHP

03.12.2018

Apache Superset < 0.23 - Remote Code Execution

webapps

Linux

03.12.2018

WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

webapps

PHP

30.11.2018

Schneider Electric PLC - Session Calculation Authentication Bypass

webapps

Hardware

30.11.2018

Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass

webapps

CGI

30.11.2018

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

webapps

PHP

26.11.2018

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials

webapps

Hardware

26.11.2018

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting

webapps

PHP

26.11.2018

Ticketly 1.0 - 'kind_id' SQL Injection

webapps

PHP

26.11.2018

No-Cms 1.0 - 'order_by' SQL Injection

webapps

PHP

26.11.2018

Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal

webapps

Hardware

21.11.2018

Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)

webapps

Hardware

21.11.2018

Ticketly 1.0 - 'name' SQL Injection

webapps

PHP

21.11.2018

WordPress CherryFramework Themes 3.1.4 - Backup File Download

webapps

PHP

21.11.2018

WebOfisi E-Ticaret V4 - 'urun' SQL Injection

webapps

PHP

20.11.2018

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

16.11.2018

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

webapps

PHP

16.11.2018

Helpdezk 1.1.1 - Arbitrary File Upload

webapps

PHP

16.11.2018

DomainMOD 4.11.01 - 'raid' Cross-Site Scripting

webapps

PHP

15.11.2018

Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

15.11.2018

PHP-Proxy 5.1.0 - Local File Inclusion

webapps

PHP

15.11.2018

BitZoom 1.0 - 'rollno' SQL Injection

webapps

PHP

15.11.2018

Net-Billetterie 2.9 - 'login' SQL Injection

webapps

PHP

15.11.2018

Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection

webapps

PHP

15.11.2018

EverSync 0.5 - Arbitrary File Download

webapps

PHP

15.11.2018

Meneame English Pligg 5.8 - 'search' SQL Injection

webapps

PHP

15.11.2018

Kordil EDMS 2.2.60rc3 - Arbitrary File Upload

webapps

PHP

15.11.2018

Simple E-Document 1.31 - 'username' SQL Injection

webapps

PHP

15.11.2018

2-Plan Team 1.0.4 - Arbitrary File Upload

webapps

PHP

15.11.2018

PHP Mass Mail 1.0 - Arbitrary File Upload

webapps

PHP

15.11.2018

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

webapps

PHP

14.11.2018

iServiceOnline 1.0 - 'r' SQL Injection

webapps

PHP

14.11.2018

Helpdezk 1.1.1 - 'query' SQL Injection

webapps

PHP

14.11.2018

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

webapps

PHP

14.11.2018

EdTv 2 - 'id' SQL Injection

webapps

PHP

14.11.2018

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities

webapps

Linux

14.11.2018

Advanced Comment System 1.0 - SQL Injection

webapps

PHP

14.11.2018

Rmedia SMS 1.0 - SQL Injection

webapps

PHP

14.11.2018

Pedidos 1.0 - SQL Injection

webapps

PHP

14.11.2018

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

webapps

PHP

14.11.2018

DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload

webapps

PHP

13.11.2018

CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting

webapps

PHP

13.11.2018

Surreal ToDo 0.6.1.2 - SQL Injection

webapps

PHP

13.11.2018

Surreal ToDo 0.6.1.2 - Local File Inclusion

webapps

PHP

13.11.2018

Alienor Web Libre 2.0 - SQL Injection

webapps

PHP

13.11.2018

Musicco 2.0.0 - Arbitrary Directory Download

webapps

PHP

13.11.2018

Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)

webapps

PHP

13.11.2018

Tina4 Stack 1.0.3 - SQL Injection / Database File Download

webapps

PHP

13.11.2018

Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)

webapps

PHP

13.11.2018

Easyndexer 1.0 - Arbitrary File Download

webapps

PHP

13.11.2018

ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)

webapps

PHP

13.11.2018

Gumbo CMS 0.99 - SQL Injection

webapps

PHP

13.11.2018

Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection

webapps

PHP

13.11.2018

ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)

webapps

PHP

13.11.2018

Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload

webapps

PHP

13.11.2018

Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download

webapps

PHP

13.11.2018

Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)

webapps

PHP

13.11.2018

Webiness Inventory 2.3 - 'order' SQL Injection

webapps

PHP

13.11.2018

SIPve 0.0.2-R19 - SQL Injection

webapps

PHP

12.11.2018

Data Center Audit 2.6.2 - 'username' SQL Injection

webapps

PHP

12.11.2018

TufinOS 2.17 Build 1193 - XML External Entity Injection

webapps

Linux

12.11.2018

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

webapps

PHP

12.11.2018

Paroiciel 11.20 - 'tRecIdListe' SQL Injection

webapps

PHP

12.11.2018

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

webapps

Hardware

12.11.2018

The Don 1.0.1 - 'login' SQL Injection

webapps

PHP

12.11.2018

Facturation System 1.0 - 'modid' SQL Injection

webapps

PHP

12.11.2018

Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

12.11.2018

GPS Tracking System 2.12 - 'username' SQL Injection

webapps

PHP

12.11.2018

ServerZilla 1.0 - 'email' SQL Injection

webapps

PHP

12.11.2018

D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery

webapps

Hardware

12.11.2018

Nominas 0.27 - 'username' SQL Injection

webapps

PHP

07.11.2018

PlayJoom 0.10.1 - 'catid' SQL Injection

webapps

PHP

06.11.2018

CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution

webapps

PHP

06.11.2018

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

webapps

PHP

06.11.2018

Grocery crud 1.6.1 - 'search_field' SQL Injection

webapps

PHP

06.11.2018

OOP CMS BLOG 1.0 - 'search' SQL Injection

webapps

PHP

06.11.2018

OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection

webapps

PHP

06.11.2018

LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions

webapps

PHP

05.11.2018

SiAdmin 1.1 - 'id' SQL Injection

webapps

PHP

05.11.2018

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution

webapps

ASP

05.11.2018

WebVet 0.1a - 'id' SQL Injection

webapps

PHP

05.11.2018

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

webapps

Hardware

05.11.2018

Poppy Web Interface Generator 0.8 - Arbitrary File Upload

webapps

PHP

05.11.2018

Mongo Web Admin 6.0 - Information Disclosure

webapps

PHP

05.11.2018

PHP Proxy 3.0.3 - Local File Inclusion

webapps

PHP

05.11.2018

Royal TS/X - Information Disclosure

webapps

JSON

05.11.2018

Voovi Social Networking Script 1.0 - 'user' SQL Injection

webapps

PHP

02.11.2018

Fantastic Blog CMS 1.0 - 'id' SQL Injection

webapps

PHP

02.11.2018

Jelastic 5.4 - 'host' SQL Injection

webapps

PHP

02.11.2018

Gate Pass Management System 2.1 - 'login' SQL Injection

webapps

PHP

02.11.2018

qdPM 9.1 - 'filter_by' SQL Injection

webapps

PHP

02.11.2018

Yot CMS 3.3.1 - 'aid' SQL Injection

webapps

PHP

31.10.2018

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

webapps

PHP

30.10.2018

South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection

webapps

PHP

30.10.2018

Electricks eCommerce 1.0 - 'prodid' SQL Injection

webapps

PHP

30.10.2018

phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection

webapps

PHP

30.10.2018

Webiness Inventory 2.9 - Arbitrary File Upload

webapps