Exploit Web Applications 2018 -

Exploit Web Applications 2018 - Úvod Remote Web App Local&Privilege Escalation DoS & PoC ShellCode Exploit Exploit prog. Ex. Techniky Exp. kit Typy Exploitů Exploit Articles

Web Applications H 2020 2019 2018

27.12.2018	Craft CMS 3.0.25 - Cross-Site Scripting	webapps	PHP
27.12.2018	WordPress Plugin Audio Record 1.0 - Arbitrary File Upload	webapps	PHP
27.12.2018	bludit Pages Editor 3.0.0 - Arbitrary File Upload	webapps	PHP
27.12.2018	WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload	webapps	PHP
24.12.2018	WSTMart 2.0.8 - Cross-Site Scripting	webapps	PHP
24.12.2018	WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
24.12.2018	FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection	webapps	PHP
21.12.2018	ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)	webapps	PHP
19.12.2018	Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)	webapps	PHP
19.12.2018	Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)	webapps	PHP
19.12.2018	Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting	webapps	PHP
19.12.2018	Integria IMS 5.0.83 - Cross-Site Request Forgery	webapps	PHP
19.12.2018	Bolt CMS < 3.6.2 - Cross-Site Scripting	webapps	PHP
19.12.2018	Yeswiki Cercopitheque - 'id' SQL Injection	webapps	PHP
19.12.2018	IBM Operational Decision Manager 8.x - XML External Entity Injection	webapps	Multiple
18.12.2018	SDL Web Content Manager 8.5.0 - XML External Entity Injection	webapps	XML
15.12.2018	phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read	webapps	PHP
14.12.2018	Responsive FileManager 9.13.4 - Multiple Vulnerabilities	webapps	PHP
14.12.2018	Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure	webapps	Multiple
14.12.2018	Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)	webapps	Multiple
14.12.2018	Huawei Router HG532e - Command Execution	webapps	Hardware
14.12.2018	Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)	webapps	PHP
14.12.2018	Facebook And Google Reviews System For Businesses 1.1 - SQL Injection	webapps	PHP
14.12.2018	Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution	webapps	PHP
14.12.2018	Double Your Bitcoin Script Automatic - Authentication Bypass	webapps	PHP
12.12.2018	phpBB 3.2.3 - Remote Code Execution	webapps	PHP
11.12.2018	Tourism Website Blog - Remote Code Execution / SQL Injection	webapps	PHP
11.12.2018	Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery	webapps	PHP
11.12.2018	PrestaShop 1.6.x/1.7.x - Remote Code Execution	webapps	PHP
11.12.2018	DomainMOD 4.11.01 - Cross-Site Scripting	webapps	PHP
11.12.2018	PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion	webapps	Multiple
11.12.2018	TP-Link wireless router Archer C1200 - Cross-Site Scripting	webapps	Hardware
11.12.2018	Huawei B315s-22 - Information Leak	webapps	Hardware
11.12.2018	ZTE ZXHN H168N - Improper Access Restrictions	webapps	Hardware
11.12.2018	Apache OFBiz 16.11.05 - Cross-Site Scripting	webapps	Multiple
11.12.2018	HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection	webapps	PHP
11.12.2018	WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection	webapps	PHP
11.12.2018	ThinkPHP 5.0.23/5.1.31 - Remote Code Execution	webapps	PHP
11.12.2018	Adobe ColdFusion 2018 - Arbitrary File Upload	webapps	Multiple
09.12.2018	i-doit CMDB 1.11.2 - Remote Code Execution	webapps	PHP
09.12.2018	Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting	webapps	PHP
09.12.2018	DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting	webapps	PHP
05.12.2018	HasanMWB 1.0 - SQL Injection	webapps	PHP
04.12.2018	Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass	webapps	Hardware
04.12.2018	DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting	webapps	PHP
04.12.2018	NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage	webapps	Hardware
04.12.2018	KeyBase Botnet 1.5 - SQL Injection	webapps	PHP
04.12.2018	Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting	webapps	PHP
04.12.2018	DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting	webapps	PHP
04.12.2018	DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting	webapps	PHP
04.12.2018	NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection	webapps	PHP
04.12.2018	DomainMOD 4.11.01 - Registrar Cross-Site Scripting	webapps	PHP
04.12.2018	FreshRSS 1.11.1 - Cross-Site Scripting	webapps	PHP
03.12.2018	Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution	webapps	PHP
03.12.2018	Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting	webapps	Hardware
03.12.2018	PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure	webapps	Linux
03.12.2018	Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection	webapps	PHP
03.12.2018	PHP Server Monitor 3.3.1 - Cross-Site Request Forgery	webapps	PHP
03.12.2018	Apache Superset < 0.23 - Remote Code Execution	webapps	Linux
03.12.2018	WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting	webapps	PHP
30.11.2018	Schneider Electric PLC - Session Calculation Authentication Bypass	webapps	Hardware
30.11.2018	Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass	webapps	CGI
30.11.2018	PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)	webapps	PHP
26.11.2018	Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials	webapps	Hardware
26.11.2018	WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting	webapps	PHP
26.11.2018	Ticketly 1.0 - 'kind_id' SQL Injection	webapps	PHP
26.11.2018	No-Cms 1.0 - 'order_by' SQL Injection	webapps	PHP
26.11.2018	Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal	webapps	Hardware
21.11.2018	Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
21.11.2018	Ticketly 1.0 - 'name' SQL Injection	webapps	PHP
21.11.2018	WordPress CherryFramework Themes 3.1.4 - Backup File Download	webapps	PHP
21.11.2018	WebOfisi E-Ticaret V4 - 'urun' SQL Injection	webapps	PHP
20.11.2018	Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
16.11.2018	Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection	webapps	PHP
16.11.2018	Helpdezk 1.1.1 - Arbitrary File Upload	webapps	PHP
16.11.2018	DomainMOD 4.11.01 - 'raid' Cross-Site Scripting	webapps	PHP
15.11.2018	Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
15.11.2018	PHP-Proxy 5.1.0 - Local File Inclusion	webapps	PHP
15.11.2018	BitZoom 1.0 - 'rollno' SQL Injection	webapps	PHP
15.11.2018	Net-Billetterie 2.9 - 'login' SQL Injection	webapps	PHP
15.11.2018	Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection	webapps	PHP
15.11.2018	EverSync 0.5 - Arbitrary File Download	webapps	PHP
15.11.2018	Meneame English Pligg 5.8 - 'search' SQL Injection	webapps	PHP
15.11.2018	Kordil EDMS 2.2.60rc3 - Arbitrary File Upload	webapps	PHP
15.11.2018	Simple E-Document 1.31 - 'username' SQL Injection	webapps	PHP
15.11.2018	2-Plan Team 1.0.4 - Arbitrary File Upload	webapps	PHP
15.11.2018	PHP Mass Mail 1.0 - Arbitrary File Upload	webapps	PHP
15.11.2018	WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting	webapps	PHP
14.11.2018	iServiceOnline 1.0 - 'r' SQL Injection	webapps	PHP
14.11.2018	Helpdezk 1.1.1 - 'query' SQL Injection	webapps	PHP
14.11.2018	Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)	webapps	PHP
14.11.2018	EdTv 2 - 'id' SQL Injection	webapps	PHP
14.11.2018	Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities	webapps	Linux
14.11.2018	Advanced Comment System 1.0 - SQL Injection	webapps	PHP
14.11.2018	Rmedia SMS 1.0 - SQL Injection	webapps	PHP
14.11.2018	Pedidos 1.0 - SQL Injection	webapps	PHP
14.11.2018	Electricks eCommerce 1.0 - Persistent Cross-Site Scripting	webapps	PHP
14.11.2018	DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload	webapps	PHP
13.11.2018	CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting	webapps	PHP
13.11.2018	Surreal ToDo 0.6.1.2 - SQL Injection	webapps	PHP
13.11.2018	Surreal ToDo 0.6.1.2 - Local File Inclusion	webapps	PHP
13.11.2018	Alienor Web Libre 2.0 - SQL Injection	webapps	PHP
13.11.2018	Musicco 2.0.0 - Arbitrary Directory Download	webapps	PHP
13.11.2018	Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
13.11.2018	Tina4 Stack 1.0.3 - SQL Injection / Database File Download	webapps	PHP
13.11.2018	Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
13.11.2018	Easyndexer 1.0 - Arbitrary File Download	webapps	PHP
13.11.2018	ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
13.11.2018	Gumbo CMS 0.99 - SQL Injection	webapps	PHP
13.11.2018	Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection	webapps	PHP
13.11.2018	ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)	webapps	PHP
13.11.2018	Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload	webapps	PHP
13.11.2018	Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download	webapps	PHP
13.11.2018	Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)	webapps	PHP
13.11.2018	Webiness Inventory 2.3 - 'order' SQL Injection	webapps	PHP
13.11.2018	SIPve 0.0.2-R19 - SQL Injection	webapps	PHP
12.11.2018	Data Center Audit 2.6.2 - 'username' SQL Injection	webapps	PHP
12.11.2018	TufinOS 2.17 Build 1193 - XML External Entity Injection	webapps	Linux
12.11.2018	Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting	webapps	PHP
12.11.2018	Paroiciel 11.20 - 'tRecIdListe' SQL Injection	webapps	PHP
12.11.2018	TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)	webapps	Hardware
12.11.2018	The Don 1.0.1 - 'login' SQL Injection	webapps	PHP
12.11.2018	Facturation System 1.0 - 'modid' SQL Injection	webapps	PHP
12.11.2018	Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
12.11.2018	GPS Tracking System 2.12 - 'username' SQL Injection	webapps	PHP
12.11.2018	ServerZilla 1.0 - 'email' SQL Injection	webapps	PHP
12.11.2018	D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery	webapps	Hardware
12.11.2018	Nominas 0.27 - 'username' SQL Injection	webapps	PHP
07.11.2018	PlayJoom 0.10.1 - 'catid' SQL Injection	webapps	PHP
06.11.2018	CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution	webapps	PHP
06.11.2018	OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
06.11.2018	Grocery crud 1.6.1 - 'search_field' SQL Injection	webapps	PHP
06.11.2018	OOP CMS BLOG 1.0 - 'search' SQL Injection	webapps	PHP
06.11.2018	OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection	webapps	PHP
06.11.2018	LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions	webapps	PHP
05.11.2018	SiAdmin 1.1 - 'id' SQL Injection	webapps	PHP
05.11.2018	Advantech WebAccess SCADA 8.3.2 - Remote Code Execution	webapps	ASP
05.11.2018	WebVet 0.1a - 'id' SQL Injection	webapps	PHP
05.11.2018	Virgin Media Hub 3.0 Router - Denial of Service (PoC)	webapps	Hardware
05.11.2018	Poppy Web Interface Generator 0.8 - Arbitrary File Upload	webapps	PHP
05.11.2018	Mongo Web Admin 6.0 - Information Disclosure	webapps	PHP
05.11.2018	PHP Proxy 3.0.3 - Local File Inclusion	webapps	PHP
05.11.2018	Royal TS/X - Information Disclosure	webapps	JSON
05.11.2018	Voovi Social Networking Script 1.0 - 'user' SQL Injection	webapps	PHP
02.11.2018	Fantastic Blog CMS 1.0 - 'id' SQL Injection	webapps	PHP
02.11.2018	Jelastic 5.4 - 'host' SQL Injection	webapps	PHP
02.11.2018	Gate Pass Management System 2.1 - 'login' SQL Injection	webapps	PHP
02.11.2018	qdPM 9.1 - 'filter_by' SQL Injection	webapps	PHP
02.11.2018	Yot CMS 3.3.1 - 'aid' SQL Injection	webapps	PHP
31.10.2018	Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution	webapps	PHP
30.10.2018	South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection	webapps	PHP
30.10.2018	Electricks eCommerce 1.0 - 'prodid' SQL Injection	webapps	PHP
30.10.2018	phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection	webapps	PHP
30.10.2018	Webiness Inventory 2.9 - Arbitrary File Upload	webapps	PHP
30.10.2018	NETGEAR WiFi Router R6120 - Credential Disclosure	webapps	Hardware
30.10.2018	MyBB Downloads 2.0.3 - SQL Injection	webapps	PHP
30.10.2018	Expense Management 1.0 - Arbitrary File Upload	webapps	PHP
30.10.2018	University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)	webapps	PHP
30.10.2018	Notes Manager 1.0 - Arbitrary File Upload	webapps	PHP
30.10.2018	Instagram Clone 1.0 - Arbitrary File Upload	webapps	PHP
30.10.2018	Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal	webapps	JSP
30.10.2018	Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection	webapps	PHP
30.10.2018	CI User Login and Management 1.0 - Arbitrary File Upload	webapps	PHP
29.10.2018	Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection	webapps	PHP
29.10.2018	Grapixel New Media 2 - 'pageref' SQL Injection	webapps	PHP
29.10.2018	Library Management System 1.0 - 'frmListBooks' SQL Injection	webapps	ASPX
29.10.2018	Open Faculty Evaluation System 7 - 'batch_name' SQL Injection	webapps	PHP
29.10.2018	Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
29.10.2018	MTGAS MOGG Web Simulator Script - SQL Injection	webapps	PHP
29.10.2018	Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery	webapps	PHP
29.10.2018	Curriculum Evaluation System 1.0 - SQL Injection	webapps	PHP
29.10.2018	Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection	webapps	PHP
29.10.2018	Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection	webapps	PHP
29.10.2018	School Event Management System 1.0 - SQL Injection	webapps	PHP
29.10.2018	School Event Management System 1.0 - Arbitrary File Upload	webapps	PHP
29.10.2018	School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
29.10.2018	School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
29.10.2018	School Attendance Monitoring System 1.0 - Arbitrary File Upload	webapps	PHP
29.10.2018	School Attendance Monitoring System 1.0 - SQL Injection	webapps	PHP
29.10.2018	PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection	webapps	PHP
29.10.2018	RhinOS CMS 3.x - Arbitrary File Download	webapps	PHP
29.10.2018	E-Negosyo System 1.0 - SQL Injection	webapps	PHP
29.10.2018	SaltOS Erp Crm 3.1 r8126 - SQL Injection	webapps	PHP
29.10.2018	SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)	webapps	PHP
29.10.2018	SaltOS Erp Crm 3.1 r8126 - Database File Download	webapps	PHP
29.10.2018	K-iwi Framework 1775 - SQL Injection	webapps	PHP
26.10.2018	Quick Count 2.0 - 'txtInstID' SQL Injection	webapps	PHP
26.10.2018	MPS Box 0.1.8.0 - Arbitrary File Upload	webapps	PHP
26.10.2018	Delta Sql 1.8.2 - 'id' SQL Injection	webapps	PHP
26.10.2018	Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection	webapps	PHP
25.10.2018	ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution	webapps	PHP
25.10.2018	Ekushey Project Manager CRM 3.1 - Cross-Site Scripting	webapps	PHP
25.10.2018	phptpoint Pharmacy Management System 1.0 - 'username' SQL injection	webapps	PHP
25.10.2018	phptpoint Hospital Management System 1.0 - 'user' SQL injection	webapps	PHP
25.10.2018	Simple Chat System 1.0 - 'id' SQL Injection	webapps	PHP
25.10.2018	Delta Sql 1.8.2 - Arbitrary File Upload	webapps	PHP
25.10.2018	User Management 1.1 - Cross-Site Scripting	webapps	PHP
25.10.2018	ClipBucket 2.8 - 'id' SQL Injection	webapps	PHP
25.10.2018	Simple POS and Inventory 1.0 - 'cat' SQL Injection	webapps	PHP
25.10.2018	AiOPMSD Final 1.0.0 - 'q' SQL Injection	webapps	PHP
25.10.2018	AjentiCP 1.2.23.13 - Cross-Site Scripting	webapps	PHP
25.10.2018	MPS Box 0.1.8.0 - 'uuid' SQL Injection	webapps	PHP
25.10.2018	Open STA Manager 2.3 - Arbitrary File Download	webapps	PHP
24.10.2018	SG ERP 1.0 - 'info' SQL Injection	webapps	PHP
24.10.2018	Fifa Master XLS 2.3.2 - 'usw' SQL Injection	webapps	PHP
24.10.2018	Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting	webapps	ASPX
24.10.2018	LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting	webapps	PHP
24.10.2018	Apache OFBiz 16.11.04 - XML External Entity Injection	webapps	Java
23.10.2018	Appsource School Management System 1.0 - 'student_id' SQL Injection	webapps	PHP
23.10.2018	SIM-PKH 2.4.1 - Arbitrary File Upload	webapps	PHP
23.10.2018	ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection	webapps	Windows
23.10.2018	School ERP Pro+Responsive 1.0 - Arbitrary File Download	webapps	PHP
23.10.2018	School ERP Pro+Responsive 1.0 - 'fid' SQL Injection	webapps	PHP
23.10.2018	SIM-PKH 2.4.1 - 'id' SQL Injection	webapps	PHP
23.10.2018	MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection	webapps	Windows
22.10.2018	MySQL Edit Table 1.0 - 'id' SQL Injection	webapps	PHP
22.10.2018	School ERP Ultimate 2018 - Arbitrary File Download	webapps	PHP
22.10.2018	Oracle Siebel CRM 8.1.1 - CSV Injection	webapps	Java
22.10.2018	The Open ISES Project 3.30A - 'tick_lat' SQL Injection	webapps	PHP
22.10.2018	School ERP Ultimate 2018 - 'fid' SQL Injection	webapps	PHP
22.10.2018	eNdonesia Portal 8.7 - 'artid' SQL Injection	webapps	PHP
22.10.2018	The Open ISES Project 3.30A - Arbitrary File Download	webapps	PHP
22.10.2018	Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection	webapps	PHP
18.10.2018	Learning with Texts 1.6.2 - 'start' SQL Injection	webapps	PHP
18.10.2018	PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
18.10.2018	OwnTicket 1.0 - 'TicketID' SQL Injection	webapps	PHP
17.10.2018	BigTree CMS 4.2.23 - Cross-Site Scripting	webapps	PHP
17.10.2018	Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
17.10.2018	TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure	webapps	Hardware
17.10.2018	Time and Expense Management System 3.0 - 'table' SQL Injection	webapps	PHP
16.10.2018	HotelDruid 2.2.4 - 'anno' SQL Injection	webapps	PHP
16.10.2018	Navigate CMS 2.8.5 - Arbitrary File Download	webapps	PHP
16.10.2018	Library CMS 2.1.1 - Cross-Site Scripting	webapps	PHP
16.10.2018	Kados R10 GreenBee - 'release_id' SQL Injection	webapps	PHP
16.10.2018	Vishesh Auto Index 3.1 - 'fid' SQL Injection	webapps	PHP
16.10.2018	WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting	webapps	PHP
16.10.2018	Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection	webapps	PHP
16.10.2018	MV Video Sharing Software 1.2 - 'searchname' SQL Injection	webapps	PHP
16.10.2018	GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection	webapps	PHP
16.10.2018	Heatmiser Wifi Thermostat 1.7 - Credential Disclosure	webapps	Hardware
15.10.2018	MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection	webapps	PHP
15.10.2018	FLIR Brickstream 3D+ - RTSP Stream Disclosure	webapps	Hardware
15.10.2018	FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure	webapps	Hardware
15.10.2018	Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection	webapps	PHP
15.10.2018	FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure	webapps	Hardware
15.10.2018	FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure	webapps	Hardware
15.10.2018	Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)	webapps	PHP
15.10.2018	AlchemyCMS 4.1 - Cross-Site Scripting	webapps	Ruby
15.10.2018	FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution	webapps	Hardware
15.10.2018	College Notes Management System 1.0 - 'user' SQL Injection	webapps	PHP
15.10.2018	Advanced HRM 1.6 - Remote Code Execution	webapps	PHP
15.10.2018	Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities	webapps	PHP
15.10.2018	Academic Timetable Final Build 7.0 - Information Disclosure	webapps	PHP
15.10.2018	KORA 2.7.0 - 'cid' SQL Injection	webapps	PHP
12.10.2018	HaPe PKH 1.1 - 'id' SQL Injection	webapps	PHP
12.10.2018	LUYA CMS 1.0.12 - Cross-Site Scripting	webapps	PHP
12.10.2018	Phoenix Contact WebVisit 2985725 - Authentication Bypass	webapps	Windows
12.10.2018	HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
12.10.2018	CAMALEON CMS 2.4 - Cross-Site Scripting	webapps	Ruby
12.10.2018	HaPe PKH 1.1 - Arbitrary File Upload	webapps	PHP
12.10.2018	SugarCRM 6.5.26 - Cross-Site Scripting	webapps	PHP
12.10.2018	D-Link Routers - Command Injection	webapps	Hardware
12.10.2018	D-Link Routers - Plaintext Password	webapps	Hardware
12.10.2018	D-Link Routers - Directory Traversal	webapps	Hardware
11.10.2018	Wikidforum 2.20 - Cross-Site Scripting	webapps	PHP
11.10.2018	WAGO 750-881 01.09.18 - Cross-Site Scripting	webapps	Hardware
11.10.2018	E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection	webapps	PHP
11.10.2018	jQuery-File-Upload 9.22.0 - Arbitrary File Upload	webapps	PHP
11.10.2018	Phoenix Contact WebVisit 6.40.00 - Password Disclosure	webapps	Hardware
10.10.2018	Ektron CMS 9.20 SP2 - Improper Access Restrictions	webapps	ASPX
09.10.2018	Wikidforum 2.20 - 'select_sort' SQL Injection	webapps	PHP
09.10.2018	Wikidforum 2.20 - 'message_id' SQL Injection	webapps	PHP
08.10.2018	FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure	webapps	Hardware
08.10.2018	Imperva SecureSphere 13 - Remote Command Execution	webapps	Linux
06.10.2018	Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting	webapps	PHP
06.10.2018	FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure	webapps	Hardware
05.10.2018	Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
05.10.2018	D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities	webapps	PHP
05.10.2018	ISPConfig < 3.1.13 - Remote Command Execution	webapps	PHP
05.10.2018	Chamilo LMS 1.11.8 - Cross-Site Scripting	webapps	PHP
04.10.2018	LayerBB Forum 1.1.1 - 'search_query' SQL Injection	webapps	PHP
03.10.2018	Zechat 1.5 - 'uname' SQL Injection	webapps	PHP
03.10.2018	Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection	webapps	PHP
03.10.2018	Airties AIR5342 1.0.0.18 - Cross-Site Scripting	webapps	Hardware
03.10.2018	RICOH MP C1803 JPN Printer - Cross-Site Scripting	webapps	Hardware
02.10.2018	OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection	webapps	PHP
02.10.2018	Coaster CMS 5.5.0 - Cross-Site Scripting	webapps	PHP
02.10.2018	OPAC EasyWeb Five 5.7 - 'nome' SQL Injection	webapps	PHP
01.10.2018	H2 Database 1.4.196 - Remote Code Execution	webapps	Java
01.10.2018	ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting	webapps	Java
01.10.2018	Fork CMS 5.4.0 - Cross-Site Scripting	webapps	PHP
01.10.2018	Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection	webapps	PHP
01.10.2018	Education Website 1.0 - 'subject' SQL Injection	webapps	PHP
01.10.2018	Singleleg MLM Software 1.0 - 'msg_id' SQL Injection	webapps	PHP
01.10.2018	Binary MLM Software 1.0 - 'pid' SQL Injection	webapps	PHP
01.10.2018	Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection	webapps	PHP
01.10.2018	WUZHICMS 2.0 - Cross-Site Scripting	webapps	PHP
01.10.2018	Billion ADSL Router 400G 20151105641 - Cross-Site Scripting	webapps	Hardware
27.09.2018	iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection	webapps	Windows
27.09.2018	ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting	webapps	Java
27.09.2018	Rausoft ID.prove 2.95 - 'Username' SQL injection	webapps	Windows_x86-64
25.09.2018	RICOH MP C2003 Printer - Cross-Site Scripting	webapps	Hardware
25.09.2018	Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection	webapps	PHP
25.09.2018	Super Cms Blog Pro 1.0 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Raffle Factory 3.5.2 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Music Collection 3.0.3 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Questions 1.4.3 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Jobs Factory 2.0.4 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Social Factory 3.8.3 - SQL Injection	webapps	PHP
25.09.2018	RICOH MP C6503 Plus Printer - Cross-Site Scripting	webapps	Hardware
25.09.2018	Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Swap Factory 2.2.1 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Collection Factory 4.1.9 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Article Factory Manager 4.3.9 - SQL Injection	webapps	PHP
25.09.2018	Joomla! Component Timetable Schedule 3.6.8 - SQL Injection	webapps	PHP
25.09.2018	RICOH MP 305+ Printer - Cross-Site Scripting	webapps	Hardware
25.09.2018	RICOH MP C406Z Printer - Cross-Site Scripting	webapps	Hardware
25.09.2018	Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection	webapps	PHP
24.09.2018	Navigate CMS 2.8 - Cross-Site Scripting	webapps	PHP
24.09.2018	Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection	webapps	PHP
24.09.2018	LG SuperSign EZ CMS 2.5 - Remote Code Execution	webapps	Hardware
24.09.2018	MyBB Visual Editor 1.8.18 - Cross-Site Scripting	webapps	PHP
24.09.2018	Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection	webapps	PHP
24.09.2018	Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection	webapps	PHP
24.09.2018	RICOH Aficio MP 301 Printer - Cross-Site Scripting	webapps	Hardware
24.09.2018	Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection	webapps	PHP
24.09.2018	RICOH MP C6003 Printer - Cross-Site Scripting	webapps	Hardware
21.09.2018	Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection	webapps	Hardware
19.09.2018	Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting	webapps	Linux
19.09.2018	WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion	webapps	PHP
19.09.2018	WordPress Plugin Localize My Post 1.0 - Local File Inclusion	webapps	PHP
19.09.2018	LG SuperSign EZ CMS 2.5 - Local File Inclusion	webapps	Hardware
18.09.2018	WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting	webapps	PHP
17.09.2018	Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting	webapps	Hardware
17.09.2018	Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection	webapps	PHP
14.09.2018	Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)	webapps	Linux
14.09.2018	Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection	webapps	PHP
13.09.2018	Apache Portals Pluto 3.0.0 - Remote Code Execution	webapps	Windows
13.09.2018	Apache Syncope 2.0.7 - Remote Code Execution	webapps	Windows
12.09.2018	CirCarLife SCADA 4.3.0 - Credential Disclosure	webapps	Hardware
12.09.2018	Rubedo CMS 3.4.0 - Directory Traversal	webapps	Linux
12.09.2018	SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting	webapps	Windows
12.09.2018	SynaMan 4.0 build 1488 - SMTP Credential Disclosure	webapps	Windows
12.09.2018	IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection	webapps	PHP
12.09.2018	MyBB 1.8.17 - Cross-Site Scripting	webapps	PHP
12.09.2018	LG Smart IP Camera 1508190 - Backup File Download	webapps	Hardware
11.09.2018	Bayanno Hospital Management System 4.0 - Cross-Site Scripting	webapps	PHP
10.09.2018	LW-N605R 12.20.2.1486 - Remote Code Execution	webapps	Hardware
07.09.2018	MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection	webapps	PHP
07.09.2018	Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal	webapps	PHP
07.09.2018	QNAP Photo Station 5.7.0 - Cross-Site Scripting	webapps	Hardware
06.09.2018	NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)	webapps	XML
06.09.2018	Jorani Leave Management 0.6.5 - Cross-Site Scripting	webapps	PHP
06.09.2018	Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection	webapps	PHP
06.09.2018	Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)	webapps	Linux
06.09.2018	WirelessHART Fieldgate SWG70 3.0 - Directory Traversal	webapps	Hardware
06.09.2018	D-Link Dir-600M N150 - Cross-Site Scripting	webapps	Hardware
05.09.2018	Tenda ADSL Router D152 - Cross-Site Scripting	webapps	Hardware
04.09.2018	Logicspice FAQ Script 2.9.7 - Remote Code Execution	webapps	PHP
04.09.2018	PHP File Browser Script 1 - Directory Traversal	webapps	PHP
04.09.2018	Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection	webapps	PHP
04.09.2018	mooSocial Store Plugin 2.6 - SQL Injection	webapps	PHP
04.09.2018	RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution	webapps	Linux
03.09.2018	FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection	webapps	Windows
03.09.2018	Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)	webapps	PHP
03.09.2018	Online Quiz Maker 1.0 - 'catid' SQL Injection	webapps	PHP
31.08.2018	Vox TG790 ADSL Router - Cross-Site Scripting	webapps	Hardware
31.08.2018	DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)	webapps	PHP
30.08.2018	Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal	webapps	Windows_x86-64
30.08.2018	WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting	webapps	PHP
30.08.2018	DLink DIR-601 - Credential Disclosure	webapps	Hardware
30.08.2018	WordPress Plugin Quizlord 2.0 - Cross-Site Scripting	webapps	PHP
30.08.2018	Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting	webapps	Windows_x86-64
29.08.2018	phpMyAdmin 4.7.x - Cross-Site Request Forgery	webapps	PHP
29.08.2018	Episerver 7 patch 4 - XML External Entity Injection	webapps	Hardware
29.08.2018	Argus Surveillance DVR 4.0.0.0 - Directory Traversal	webapps	Windows_x86
27.08.2018	Sentrifugo HRMS 3.2 - 'deptid' SQL Injection	webapps	Windows
27.08.2018	Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
27.08.2018	RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
27.08.2018	LiteCart 2.1.2 - Arbitrary File Upload	webapps	PHP
27.08.2018	Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection	webapps	Hardware
27.08.2018	Responsive FileManager < 9.13.4 - Directory Traversal	webapps	PHP
27.08.2018	WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection	webapps	PHP
26.08.2018	WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection	webapps	PHP
26.08.2018	ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting	webapps	Windows_x86-64
25.08.2018	UltimatePOS 2.5 - Remote Code Execution	webapps	PHP
25.08.2018	ManageEngine ADManager Plus 6.5.7 - HTML Injection	webapps	Windows
24.08.2018	Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
23.08.2018	Twitter-Clone 1 - 'code' SQL Injection	webapps	PHP
23.08.2018	PCViewer vt1000 - Directory Traversal	webapps	Windows
22.08.2018	Geutebrueck re_porter 7.8.974.20 - Credential Disclosure	webapps	Hardware
22.08.2018	ZyXEL VMG3312-B10B - Cross-Site Scripting	webapps	Hardware
22.08.2018	KingMedia 4.1 - File Upload	webapps	PHP
22.08.2018	Geutebrueck re_porter 16 - Cross-Site Scripting	webapps	Hardware
21.08.2018	Twitter-Clone 1 - 'userid' SQL Injection	webapps	PHP
21.08.2018	Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)	webapps	Hardware
21.08.2018	Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)	webapps	PHP
21.08.2018	Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection	webapps	PHP
20.08.2018	WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection	webapps	PHP
20.08.2018	MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery	webapps	PHP
20.08.2018	WordPress Plugin Tagregator 0.6 - Cross-Site Scripting	webapps	PHP
20.08.2018	Countly - Cross-Site Scripting	webapps	PHP
17.08.2018	Mikrotik WinBox 6.42 - Credential Disclosure (golang)	webapps	Hardware
17.08.2018	ADM 3.1.2RHG1 - Remote Code Execution	webapps	Hardware
16.08.2018	OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions	webapps	Linux
16.08.2018	WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection	webapps	PHP
16.08.2018	Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
15.08.2018	ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection	webapps	CGI
15.08.2018	ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass	webapps	Hardware
14.08.2018	cgit 1.2.1 - Directory Traversal (Metasploit)	webapps	Linux
14.08.2018	Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)	webapps	Windows
14.08.2018	Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)	webapps	Linux
13.08.2018	IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting	webapps	Multiple
10.08.2018	MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting	webapps	PHP
10.08.2018	Zimbra 8.6.0_GA_1153 - Cross-Site Scripting	webapps	PHP
10.08.2018	MyBB Like Plugin 3.0.0 - Cross-Site Scripting	webapps	PHP
09.08.2018	TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)	webapps	Hardware
09.08.2018	TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)	webapps	Hardware
08.08.2018	osTicket 1.10.1 - Arbitrary File Upload	webapps	Windows
08.08.2018	LG-Ericsson iPECS NMS 30M - Directory Traversal	webapps	Linux
07.08.2018	OpenEMR < 5.0.1 - (Authenticated) Remote Code Execution	webapps	PHP
07.08.2018	Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)	webapps	PHP
06.08.2018	Open-AudIT Community 2.2.6 - Cross-Site Scripting	webapps	Windows
06.08.2018	Subrion CMS 4.2.1 - Cross-Site Scripting	webapps	PHP
06.08.2018	Sitecore.Net 8.1 - Directory Traversal	webapps	ASPX
06.08.2018	LAMS < 3.1 - Cross-Site Scripting	webapps	Java
06.08.2018	onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
06.08.2018	CMS ISWEB 3.5.3 - Directory Traversal	webapps	PHP
06.08.2018	Wavemaker Studio 6.6 - Server-Side Request Forgery	webapps	Java
03.08.2018	PHP Template Store Script 3.0.6 - Cross-Site Scripting	webapps	PHP
03.08.2018	Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection	webapps	XML
03.08.2018	Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection	webapps	XML
03.08.2018	cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal	webapps	CGI
02.08.2018	WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)	webapps	PHP
02.08.2018	TI Online Examination System v2 - Arbitrary File Download	webapps	PHP
02.08.2018	PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection	webapps	PHP
02.08.2018	CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection	webapps	PHP
02.08.2018	Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection	webapps	XML
02.08.2018	ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution	webapps	Hardware
02.08.2018	Seq 4.2.476 - Authentication Bypass	webapps	Windows
31.07.2018	Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection	webapps	Linux
31.07.2018	LG NAS 3718.510.a0 - Remote Command Execution	webapps	Hardware
30.07.2018	Responsive Filemanager 9.13.1 - Server-Side Request Forgery	webapps	Linux
30.07.2018	H2 Database 1.4.197 - Information Disclosure	webapps	Linux
27.07.2018	Online Trade 1 - Information Disclosure	webapps	Linux
27.07.2018	SoftNAS Cloud < 4.0.3 - OS Command Injection	webapps	PHP
26.07.2018	Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)	webapps	Hardware
26.07.2018	Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)	webapps	Linux
24.07.2018	Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)	webapps	PHP
24.07.2018	D-link DAP-1360 - Path Traversal / Cross-Site Scripting	webapps	Hardware
23.07.2018	Kirby CMS 2.5.12 - Cross-Site Scripting	webapps	PHP
23.07.2018	NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution	webapps	Hardware
23.07.2018	Synology DiskStation Manager 4.1 - Directory Traversal	webapps	Linux
23.07.2018	Davolink DVW 3200 Router - Password Disclosure	webapps	Hardware
23.07.2018	Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)	webapps	Hardware
22.07.2018	GeoVision GV-SNVR0811 - Directory Traversal	webapps	Hardware
20.07.2018	MSVOD 10 - 'cid' SQL Injection	webapps	PHP
20.07.2018	Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass	webapps	Hardware
19.07.2018	WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting	webapps	PHP
19.07.2018	MyBB New Threads Plugin 1.1 - Cross-Site Scripting	webapps	PHP
18.07.2018	Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection	webapps	PHP
18.07.2018	Open-AudIT Community 2.1.1 - Cross-Site Scripting	webapps	Multiple
18.07.2018	FTP2FTP 1.0 - Arbitrary File Download	webapps	PHP
18.07.2018	Modx Revolution < 2.6.4 - Remote Code Execution	webapps	PHP
17.07.2018	Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery	webapps	Hardware
17.07.2018	Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service	webapps	Hardware
17.07.2018	Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download	webapps	Hardware
17.07.2018	Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation	webapps	Hardware
17.07.2018	Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root	webapps	Hardware
16.07.2018	VelotiSmart WiFi B-380 Camera - Directory Traversal	webapps	Hardware
16.07.2018	Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection	webapps	Java
16.07.2018	WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting	webapps	PHP
16.07.2018	PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation	webapps	PHP
16.07.2018	PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation	webapps	PHP
13.07.2018	WAGO e!DISPLAY 7300T - Multiple Vulnerabilities	webapps	PHP
13.07.2018	QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities	webapps	Hardware
13.07.2018	Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure	webapps	PHP
13.07.2018	Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload	webapps	Hardware
13.07.2018	Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery	webapps	Hardware
11.07.2018	Instagram-Clone Script 2.0 - Cross-Site Scripting	webapps	PHP
11.07.2018	Dicoogle PACS 2.5.0 - Directory Traversal	webapps	Multiple
10.07.2018	WolfSight CMS 3.2 - SQL Injection	webapps	PHP
10.07.2018	Elektronischer Leitz-Ordner 10 - SQL Injection	webapps	Linux
10.07.2018	D-Link DIR601 2.02 - Credential Disclosure	webapps	Hardware
09.07.2018	Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting	webapps	PHP
07.07.2018	Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution	webapps	Multiple
06.07.2018	Airties AIR5444TT - Cross-Site Scripting	webapps	Windows
05.07.2018	ADB Broadband Gateways / Routers - Authorization Bypass	webapps	Hardware
05.07.2018	SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection	webapps	PHP
04.07.2018	ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution	webapps	Java
04.07.2018	CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution	webapps	PHP
04.07.2018	Online Trade - Information Disclosure	webapps	PHP
04.07.2018	ShopNx - Arbitrary File Upload	webapps	PHP
04.07.2018	Gitea 1.4.0 - Remote Code Execution	webapps	Multiple
03.07.2018	ntop-ng < 3.4.180617 - Authentication Bypass	webapps	Lua
02.07.2018	Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)	webapps	Hardware
02.07.2018	VMware NSX SD-WAN Edge < 3.1.2 - Command Injection	webapps	Hardware
02.07.2018	DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
02.07.2018	Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection	webapps	PHP
28.06.2018	BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
28.06.2018	HongCMS 3.0.0 - (Authenticated) SQL Injection	webapps	PHP
28.06.2018	hycus CMS 1.0.4 - Authentication Bypass	webapps	PHP
28.06.2018	DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting	webapps	Hardware
28.06.2018	Cisco Adaptive Security Appliance - Path Traversal	webapps	Hardware
27.06.2018	WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion	webapps	PHP
27.06.2018	HPE VAN SDN 2.7.18.0503 - Remote Root	webapps	Linux
26.06.2018	Liferay Portal < 7.0.4 - Server-Side Request Forgery	webapps	Java
25.06.2018	WordPress Plugin iThemes Security < 7.0.3 - SQL Injection	webapps	PHP
25.06.2018	WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection	webapps	PHP
25.06.2018	Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)	webapps	Linux
25.06.2018	Intex Router N-150 - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
25.06.2018	DIGISOL DG-BR4000NG - Cross-Site Scripting	webapps	Hardware
25.06.2018	Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)	webapps	Hardware
25.06.2018	AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)	webapps	Hardware
25.06.2018	Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)	webapps	Hardware
25.06.2018	Intex Router N-150 - Arbitrary File Upload	webapps	Hardware
25.06.2018	WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection	webapps	PHP
22.06.2018	GreenCMS 2.3.0603 - Information Disclosure	webapps	PHP
22.06.2018	phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)	webapps	PHP
22.06.2018	phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)	webapps	PHP
21.06.2018	LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)	webapps	PHP
21.06.2018	LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
21.06.2018	phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)	webapps	PHP
20.06.2018	Mirasys DVMS Workstation 5.12.6 - Path Traversal	webapps	Windows
20.06.2018	MaDDash 2.0.2 - Directory Listing	webapps	Java
20.06.2018	NewMark CMS 2.1 - 'sec_id' SQL Injection	webapps	Linux
20.06.2018	TP-Link TL-WA850RE - Remote Command Execution	webapps	Hardware
20.06.2018	Apache CouchDB < 2.1.0 - Remote Code Execution	webapps	Linux
20.06.2018	IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)	webapps	Multiple
20.06.2018	VideoInsight WebClient 5 - SQL Injection	webapps	Windows
18.06.2018	Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)	webapps	PHP
18.06.2018	RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)	webapps	Linux
18.06.2018	Redatam Web Server < 7 - Directory Traversal	webapps	Windows
15.06.2018	OEcms 3.1 - Cross-Site Scripting	webapps	PHP
15.06.2018	Dimofinf CMS 3.0.0 - Cross-Site Scripting	webapps	PHP
14.06.2018	Joomla Component Ek Rishta 2.10 - SQL Injection	webapps	PHP
13.06.2018	MACCMS 10 - Cross-Site Request Forgery (Add User)	webapps	PHP
13.06.2018	Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload	webapps	PHP
12.06.2018	Joomla! Component EkRishta 2.10 - 'username' SQL Injection	webapps	PHP
12.06.2018	OX App Suite 7.8.4 - Multiple Vulnerabilities	webapps	XML
12.06.2018	Canon PrintMe EFI - Cross-Site Scripting	webapps	PHP
12.06.2018	WordPress Plugin Google Map < 4.0.4 - SQL Injection	webapps	PHP
12.06.2018	WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection	webapps	PHP
11.06.2018	Schools Alert Management Script - SQL Injection	webapps	PHP
11.06.2018	WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection	webapps	PHP
11.06.2018	Event Manager Admin panel - 'events_new.php' SQL injection	webapps	PHP
11.06.2018	Joomla! Component EkRishta 2.10 - 'cid' SQL Injection	webapps	PHP
11.06.2018	Schools Alert Management Script - Arbitrary File Deletion	webapps	PHP
11.06.2018	userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting	webapps	PHP
11.06.2018	userSpice 4.3.24 - Username Enumeration	webapps	PHP
11.06.2018	Schools Alert Management Script - 'get_sec.php' SQL Injection	webapps	PHP
11.06.2018	Schools Alert Management Script - Arbitrary File Read	webapps	PHP
11.06.2018	Siaberry 1.2.2 - Command Injection	webapps	Hardware
08.06.2018	XiongMai uc-httpd 1.0.0 - Buffer Overflow	webapps	Hardware
08.06.2018	Splunk < 7.0.1 - Information Disclosure	webapps	Linux
07.06.2018	WampServer 3.0.6 - Cross-Site Request Forgery	webapps	PHP
07.06.2018	WordPress Plugin Form Maker 1.12.24 - SQL Injection	webapps	PHP
07.06.2018	WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection	webapps	PHP
07.06.2018	Monstra CMS < 3.0.4 - Cross-Site Scripting (1)	webapps	PHP
05.06.2018	MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting	webapps	PHP
05.06.2018	Pagekit < 1.0.13 - Cross-Site Scripting Code Generator	webapps	PHP
05.06.2018	Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)	webapps	Linux
04.06.2018	SearchBlox 8.6.7 - XML External Entity Injection	webapps	Java
04.06.2018	EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting	webapps	ASPX
04.06.2018	Brother HL Series Printers 1.15 - Cross-Site Scripting	webapps	Hardware
03.06.2018	Smartshop 1 - 'id' SQL Injection	webapps	PHP
03.06.2018	Smartshop 1 - Cross-Site Request Forgery	webapps	PHP
03.06.2018	GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution	webapps	PHP
03.06.2018	GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
31.05.2018	TAC Xenta 511/911 - Directory Traversal	webapps	Hardware
31.05.2018	New STAR 2.1 - SQL Injection / Cross-Site Scripting	webapps	PHP
31.05.2018	PHP Dashboards NEW 5.5 - 'email' SQL Injection	webapps	PHP
31.05.2018	CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting	webapps	PHP
31.05.2018	Grid Pro Big Data 1.0 - SQL Injection	webapps	PHP
30.05.2018	SearchBlox 8.6.6 - Cross-Site Request Forgery	webapps	Java
30.05.2018	Yosoro 1.0.4 - Remote Code Execution	webapps	macOS
30.05.2018	MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass	webapps	PHP
30.05.2018	Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection	webapps	PHP
29.05.2018	IssueTrak 7.0 - SQL Injection	webapps	ASP
29.05.2018	Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection	webapps	PHP
29.05.2018	NUUO NVRmini2 / NVRsolo - Arbitrary File Upload	webapps	Hardware
29.05.2018	MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting	webapps	PHP
29.05.2018	Facebook Clone Script 1.0.5 - 'search' SQL Injection	webapps	PHP
29.05.2018	Facebook Clone Script 1.0.5 - Cross-Site Request Forgery	webapps	PHP
28.05.2018	TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass	webapps	Hardware
28.05.2018	DomainMod 4.09.03 - 'oid' Cross-Site Scripting	webapps	PHP
28.05.2018	DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting	webapps	PHP
28.05.2018	WordPress Plugin Events Calendar - SQL Injection	webapps	PHP
28.05.2018	Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection	webapps	PHP
28.05.2018	Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery	webapps	PHP
28.05.2018	Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery	webapps	PHP
28.05.2018	wityCMS 0.6.1 - Cross-Site Scripting	webapps	PHP
27.05.2018	Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting	webapps	PHP
27.05.2018	Ingenious School Management System - 'id' SQL Injection	webapps	PHP
27.05.2018	Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting	webapps	PHP
27.05.2018	Lyrist - 'id' SQL Injection	webapps	PHP
27.05.2018	BookingWizz Booking System 5.5 - 'id' SQL Injection	webapps	PHP
27.05.2018	Listing Hub CMS 1.0 - SQL Injection	webapps	PHP
27.05.2018	ClipperCMS 1.3.3 - Cross-Site Scripting	webapps	PHP
27.05.2018	My Directory 2.0 - SQL Injection / Cross-Site Scripting	webapps	PHP
27.05.2018	Baby Names Search Engine 1.0 - 'a' SQL Injection	webapps	PHP
26.05.2018	Employee Work Schedule 5.9 - 'cal_id' SQL Injection	webapps	PHP
26.05.2018	Ajax Full Featured Calendar 2.0 - 'search' SQL Injection	webapps	PHP
26.05.2018	EasyService Billing 1.0 - Cross-Site Request Forgery	webapps	PHP
26.05.2018	EasyService Billing 1.0 - Cross-Site Scripting	webapps	PHP
26.05.2018	EasyService Billing 1.0 - 'q' SQL Injection	webapps	PHP
26.05.2018	mySurvey 1.0 - 'id' SQL Injection	webapps	PHP
26.05.2018	easyLetters 1.0 - 'id' SQL Injection	webapps	PHP
25.05.2018	KomSeo Cart 1.3 - 'my_item_search' SQL Injection	webapps	PHP
25.05.2018	MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting	webapps	PHP
25.05.2018	SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting	webapps	Multiple
25.05.2018	Oracle WebCenter FatWire Content Server < 7 - Improper Access Control	webapps	Linux
25.05.2018	Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting	webapps	Multiple
24.05.2018	ASP.NET jVideo Kit - 'query' SQL Injection	webapps	ASP
24.05.2018	PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting	webapps	PHP
24.05.2018	Timber 1.1 - Cross-Site Request Forgery	webapps	PHP
24.05.2018	Honeywell XL Web Controller - Cross-Site Scripting	webapps	Linux
24.05.2018	EU MRV Regulatory Complete Solution 1 - Authentication Bypass	webapps	Linux
23.05.2018	EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting	webapps	PHP
23.05.2018	EasyService Billing 1.0 - 'p1' SQL Injection	webapps	PHP
23.05.2018	MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting	webapps	PHP
23.05.2018	MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting	webapps	PHP
23.05.2018	MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting	webapps	PHP
23.05.2018	MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting	webapps	PHP
23.05.2018	MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection	webapps	PHP
23.05.2018	PHP Dashboards 4.5 - 'email' SQL Injection	webapps	PHP
23.05.2018	Mobile Card Selling Platform 1 - Cross-Site Request Forgery	webapps	PHP
23.05.2018	PHP Dashboards 4.5 - SQL Injection	webapps	PHP
23.05.2018	Online Store System CMS 1.0 - SQL Injection	webapps	PHP
23.05.2018	Gigs 2.0 - 'username' SQL Injection	webapps	PHP
23.05.2018	GPSTracker 1.0 - 'id' SQL Injection	webapps	PHP
23.05.2018	Shipping System CMS 1.0 - SQL Injection	webapps	PHP
23.05.2018	Wecodex Store Paypal 1.0 - SQL Injection	webapps	PHP
23.05.2018	SAT CFDI 3.3 - SQL Injection	webapps	PHP
23.05.2018	School Management System CMS 1.0 - 'username' SQL Injection	webapps	PHP
23.05.2018	Library CMS 1.0 - SQL Injection	webapps	PHP
23.05.2018	Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection	webapps	PHP
23.05.2018	Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection	webapps	PHP
23.05.2018	eWallet Online Payment Gateway 2 - Cross-Site Request Forgery	webapps	PHP
23.05.2018	Mcard Mobile Card Selling Platform 1 - SQL Injection	webapps	PHP
23.05.2018	Honeywell Scada System - Information Disclosure	webapps	Linux
23.05.2018	SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change	webapps	Hardware
23.05.2018	WordPress Plugin Peugeot Music - Arbitrary File Upload	webapps	PHP
22.05.2018	Zechat 1.5 - SQL Injection / Cross-Site Request Forgery	webapps	PHP
22.05.2018	Nordex N149/4.0-4.5 - SQL Injection	webapps	Hardware
22.05.2018	WebSocket Live Chat - Cross-Site Scripting	webapps	PHP
22.05.2018	Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting	webapps	Linux
22.05.2018	PaulPrinting CMS Printing 1.0 - SQL Injection	webapps	PHP
22.05.2018	iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
22.05.2018	ERPnext 11 - Cross-Site Scripting	webapps	Java
22.05.2018	NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection	webapps	Linux
22.05.2018	Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting	webapps	PHP
22.05.2018	NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection	webapps	PHP
22.05.2018	Feedy RSS News Ticker 2.0 - 'cat' SQL Injection	webapps	PHP
22.05.2018	NewsBee CMS 1.4 - 'download.php' SQL Injection	webapps	PHP
22.05.2018	Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting	webapps	PHP
21.05.2018	Superfood 1.0 - Multiple Vulnerabilities	webapps	PHP
21.05.2018	Private Message PHP Script 2.0 - Cross-Site Scripting	webapps	PHP
21.05.2018	Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
21.05.2018	Zenar Content Management System - Cross-Site Scripting	webapps	PHP
21.05.2018	GitBucket 4.23.1 - Remote Code Execution	webapps	Java
21.05.2018	ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting	webapps	Java
21.05.2018	Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery	webapps	Linux
21.05.2018	Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery	webapps	Hardware
21.05.2018	Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery	webapps	Hardware
21.05.2018	Teradek Cube 7.3.6 - Cross-Site Request Forgery	webapps	Hardware
21.05.2018	Teradek Slice 7.3.15 - Cross-Site Request Forgery	webapps	Hardware
21.05.2018	Schneider Electric PLCs - Cross-Site Request Forgery	webapps	Windows
21.05.2018	Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities	webapps	PHP
21.05.2018	Merge PACS 7.0 - Cross-Site Request Forgery	webapps	Linux
21.05.2018	Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities	webapps	PHP
21.05.2018	Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting	webapps	PHP
20.05.2018	D-Link DSL-3782 - Authentication Bypass	webapps	Hardware
20.05.2018	Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection	webapps	PHP
18.05.2018	Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
18.05.2018	Monstra CMS < 3.0.4 - Cross-Site Scripting (2)	webapps	PHP
18.05.2018	SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure	webapps	Linux
18.05.2018	Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery	webapps	PHP
18.05.2018	Cisco SA520W Security Appliance - Path Traversal	webapps	Hardware
18.05.2018	SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion	webapps	Linux
17.05.2018	NodAPS 4.0 - SQL injection / Cross-Site Request Forgery	webapps	PHP
17.05.2018	Intelbras NCLOUD 300 1.0 - Authentication bypass	webapps	Hardware
17.05.2018	SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass	webapps	PHP
17.05.2018	Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery	webapps	Linux
16.05.2018	MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery	webapps	PHP
16.05.2018	VirtueMart 3.1.14 - Persistent Cross-Site Scripting	webapps	PHP
16.05.2018	Rockwell Scada System 27.011 - Cross-Site Scripting	webapps	Windows
16.05.2018	Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting	webapps	PHP
16.05.2018	Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery	webapps	Linux
16.05.2018	totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery	webapps	ASP
16.05.2018	WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery	webapps	PHP
16.05.2018	RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting	webapps	Java
14.05.2018	XATABoost 1.0.0 - SQL Injection	webapps	PHP
13.05.2018	WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting	webapps	PHP
13.05.2018	WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting	webapps	PHP
11.05.2018	Open-AudIT Professional - 2.1.1 - Cross-Site Scripting	webapps	Windows
11.05.2018	Open-AudIT Community 2.2.0 - Cross-Site Scripting	webapps	Windows
10.05.2018	Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery	webapps	Hardware
10.05.2018	ModbusPal 1.6b - XML External Entity Injection	webapps	Java
10.05.2018	MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting	webapps	PHP
06.05.2018	CSP MySQL User Manager 2.3.1 - Authentication Bypass	webapps	Linux
06.05.2018	WordPress Plugin User Role Editor < 4.25 - Privilege Escalation	webapps	PHP
04.05.2018	WordPress Plugin WF Cookie Consent 1.1.3 - Cross-Site Scripting	webapps	PHP
04.05.2018	IceWarp Mail Server < 11.1.1 - Directory Traversal	webapps	PHP
03.05.2018	JasperReports - (Authenticated) File Read	webapps	Multiple
02.05.2018	Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery	webapps	PHP
01.05.2018	WordPress Plugin Responsive Cookie Consent 1.7 / 1.6 / 1.5 - (Authenticated) Persistent Cross-Site Scripting	webapps	PHP
30.04.2018	Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit)	webapps	PHP
30.04.2018	WordPress Plugin Form Maker 1.12.20 - CSV Injection	webapps	PHP
30.04.2018	Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root	webapps	PHP
26.04.2018	Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution	webapps	Linux
26.04.2018	WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion	webapps	PHP
26.04.2018	SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response	webapps	Linux
26.04.2018	October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting	webapps	PHP
26.04.2018	MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting	webapps	PHP
26.04.2018	GitList 0.6 - Remote Code Execution	webapps	PHP
26.04.2018	TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot	webapps	Hardware
26.04.2018	Frog CMS 0.9.5 - Persistent Cross-Site Scripting	webapps	PHP
25.04.2018	Shopy Point of Sale 1.0 - CSV Injection	webapps	PHP
25.04.2018	Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC)	webapps	PHP
25.04.2018	Blog Master Pro 1.0 - CSV Injection	webapps	PHP
25.04.2018	HRSALE The Ultimate HRM 1.0.2 - CSV Injection	webapps	PHP
25.04.2018	HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection	webapps	PHP
25.04.2018	HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting	webapps	PHP
25.04.2018	HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion	webapps	PHP
24.04.2018	UK Cookie Consent - Persistent Cross-Site Scripting	webapps	PHP
24.04.2018	WUZHI CMS 4.1.0 - Cross-Site Request Forgery	webapps	PHP
24.04.2018	Open-AudIT 2.1 - CSV Macro Injection	webapps	Windows
24.04.2018	Monstra CMS 3.0.4 - Arbitrary Folder Deletion	webapps	PHP
24.04.2018	Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass	webapps	PHP
24.04.2018	Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure	webapps	PHP
24.04.2018	WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion	webapps	PHP
24.04.2018	WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting	webapps	Java
23.04.2018	phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery	webapps	PHP
23.04.2018	Ncomputing vSpace Pro 10/11 - Directory Traversal	webapps	Windows
23.04.2018	Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation	webapps	Linux
23.04.2018	Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure	webapps	PHP
23.04.2018	Monstra cms 3.0.4 - Persitent Cross-Site Scripting	webapps	PHP
20.04.2018	Cobub Razor 0.8.0 - Physical path Leakage	webapps	PHP
18.04.2018	MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting	webapps	PHP
18.04.2018	Rvsitebuilder CMS - Database Backup Download	webapps	PHP
18.04.2018	Match Clone Script 1.0.4 - Cross-Site Scripting	webapps	PHP
18.04.2018	Kodi 17.6 - Persistent Cross-Site Scripting	webapps	Multiple
18.04.2018	Lutron Quantum 2.0 - 3.2.243 - Information Disclosure	webapps	Hardware
18.04.2018	WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting	webapps	PHP
18.04.2018	Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery	webapps	PHP
18.04.2018	Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities	webapps	XML
17.04.2018	Joomla! Component jDownloads 3.2.58 - Cross Site Scripting	webapps	PHP
16.04.2018	Cobub Razor 0.8.0 - SQL injection	webapps	PHP
16.04.2018	Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference	webapps	JSP
13.04.2018	Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)	webapps	PHP
13.04.2018	MikroTik 6.41.4 - FTP daemon Denial of Service PoC	webapps	Linux
13.04.2018	Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution	webapps	PHP
12.04.2018	Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)	webapps	PHP
10.04.2018	iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting	webapps	PHP
10.04.2018	Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting	webapps	PHP
10.04.2018	WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
10.04.2018	WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)	webapps	PHP
10.04.2018	Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control	webapps	Linux
10.04.2018	WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting	webapps	PHP
10.04.2018	WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)	webapps	PHP
09.04.2018	WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal	webapps	PHP
09.04.2018	WolfCMS 0.8.3.1 - Cross-Site Request Forgery	webapps	PHP
09.04.2018	Cobub Razor 0.7.2 - Add New Superuser Account	webapps	PHP
09.04.2018	MyBB Plugin Recent Threads On Index - Cross-Site Scripting	webapps	PHP
09.04.2018	WolfCMS 0.8.3.1 - Open Redirection	webapps	PHP
09.04.2018	Yahei PHP Prober 0.4.7 - Cross-Site Scripting	webapps	PHP
09.04.2018	WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution	webapps	PHP
09.04.2018	CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution	webapps	JSON
09.04.2018	KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection	webapps	XML
09.04.2018	KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)	webapps	Linux
09.04.2018	Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution	webapps	PHP
09.04.2018	WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution	webapps	PHP
09.04.2018	iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)	webapps	PHP
09.04.2018	WordPress Plugin Google Drive 2.2 - Remote Code Execution	webapps	PHP
06.04.2018	FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass	webapps	Hardware
06.04.2018	DotNetNuke DNNarticle Module 11 - Directory Traversal	webapps	Windows
06.04.2018	Cobub Razor 0.7.2 - Cross-Site Request Forgery	webapps	PHP
05.04.2018	MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting	webapps	PHP
05.04.2018	Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting	webapps	PHP
05.04.2018	WebRTC - Private IP Leakage (Metasploit)	webapps	Multiple
05.04.2018	YzmCMS 3.6 - Cross-Site Scripting	webapps	PHP
05.04.2018	Z-Blog 1.5.1.1740 - Cross-Site Scripting	webapps	PHP
05.04.2018	Z-Blog 1.5.1.1740 - Full Path Disclosure	webapps	PHP
05.04.2018	GetSimple CMS 3.3.13 - Cross-Site Scripting	webapps	PHP
05.04.2018	WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting	webapps	PHP
04.04.2018	ProcessMaker - Plugin Upload (Metasploit)	webapps	PHP
02.04.2018	Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)	webapps	PHP
02.04.2018	WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
02.04.2018	WampServer 3.1.2 - Cross-Site Request Forgery	webapps	PHP
02.04.2018	VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal	webapps	Perl
02.04.2018	VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials	webapps	Hardware
02.04.2018	DLink DIR-601 - Admin Password Disclosure	webapps	Hardware
02.04.2018	LifeSize ClearSea 3.1.4 - Directory Traversal	webapps	Windows
02.04.2018	OpenCMS 10.5.3 - Cross-Site Request Forgery	webapps	PHP
02.04.2018	OpenCMS 10.5.3 - Cross-Site Scripting	webapps	PHP
02.04.2018	Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change	webapps	Hardware
30.03.2018	Open-AuditIT Professional 2.1 - Cross-Site Request Forgery	webapps	Multiple
30.03.2018	Homematic CCU2 2.29.23 - Arbitrary File Write	webapps	CGI
30.03.2018	MiniCMS 1.10 - Cross-Site Request Forgery	webapps	PHP
30.03.2018	WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting	webapps	PHP
30.03.2018	WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection	webapps	PHP
30.03.2018	Homematic CCU2 2.29.23 - Remote Command Execution	webapps	CGI
30.03.2018	Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection	webapps	PHP
30.03.2018	Joomla! Component AcySMS 3.5.0 - CSV Macro Injection	webapps	PHP
30.03.2018	WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure	webapps	PHP
30.03.2018	Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change	webapps	ASP
30.03.2018	osCommerce 2.3.4.1 - Remote Code Execution	webapps	PHP
30.03.2018	Tenda W316R Wireless Router 5.07.50 - Remote DNS Change	webapps	ASP
30.03.2018	D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass	webapps	PHP
30.03.2018	Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change	webapps	ASP
30.03.2018	Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)	webapps	PHP
30.03.2018	Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)	webapps	ASP
29.03.2018	Joomla Component Fields - SQLi Remote Code Execution (Metasploit)	webapps	PHP
28.03.2018	TwonkyMedia Server 7.0.11-8.5 - Directory Traversal	webapps	Multiple
28.03.2018	TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting	webapps	Multiple
28.03.2018	Microsoft Windows Remote Assistance - XML External Entity Injection	webapps	Windows
28.03.2018	Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change	webapps	Hardware
28.03.2018	Open-AuditIT Professional 2.1 - Cross-Site Scripting	webapps	PHP
27.03.2018	ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)	webapps	PHP
27.03.2018	DLINK DCS-5020L - Remote Code Execution (PoC)	webapps	Hardware
26.03.2018	Laravel Log Viewer < 0.13.0 - Local File Download	webapps	PHP
23.03.2018	Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass	webapps	XML
23.03.2018	TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery	webapps	Hardware
23.03.2018	XenForo 2 - CSS Loader Denial of Service	webapps	PHP
23.03.2018	MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting	webapps	PHP
23.03.2018	Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion	webapps	PHP
20.03.2018	Intelbras Telefone IP TIP200 LITE - Local File Disclosure	webapps	Hardware
20.03.2018	Vehicle Sales Management System - Multiple Vulnerabilities	webapps	PHP
20.03.2018	Coship RT3052 Wireless Router - Persistent Cross-Site Scripting	webapps	Hardware
20.03.2018	Cisco node-jos < 0.11.0 - Re-sign Tokens	webapps	Multiple
16.03.2018	Contec Smart Home 4.15 - Unauthorized Password Reset	webapps	Hardware
15.03.2018	WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting	webapps	PHP
15.03.2018	Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution	webapps	Java
13.03.2018	SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities	webapps	ASPX
13.03.2018	Tuleap 9.17.99.189 - Blind SQL Injection	webapps	PHP
12.03.2018	ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)	webapps	Java
12.03.2018	Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials	webapps	Multiple
12.03.2018	TextPattern 4.6.2 - 'qty' SQL Injection	webapps	PHP
12.03.2018	Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution	webapps	Windows
12.03.2018	ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution	webapps	Windows
09.03.2018	Bacula-Web < 8.0.0-rc2 - SQL Injection	webapps	PHP
07.03.2018	Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection	webapps	PHP
07.03.2018	antMan 0.9.0c - Authentication Bypass	webapps	Java
06.03.2018	Bravo Tejari Web Portal - Cross-Site Request Forgery	webapps	Multiple
05.03.2018	ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection	webapps	PHP
02.03.2018	D-Link DIR-600M Wireless - Cross-Site Scripting	webapps	Hardware
02.03.2018	antMan < 0.9.1a - Authentication Bypass	webapps	Multiple
02.03.2018	uWSGI < 2.0.17 - Directory Traversal	webapps	PHP
28.02.2018	Routers2 2.24 - Cross-Site Scripting	webapps	Perl
27.02.2018	MyBB My Arcade Plugin 1.3 - Cross-Site Scripting	webapps	PHP
27.02.2018	School Management Script 3.0.4 - Authentication Bypass	webapps	PHP
27.02.2018	CMS Made Simple 2.1.6 - Remote Code Execution	webapps	PHP
27.02.2018	Concrete5 < 8.3.0 - Username / Comments Enumeration	webapps	PHP
22.02.2018	Joomla! Component CW Tags 2.0.6 - SQL Injection	webapps	PHP
22.02.2018	Joomla! Component Proclaim 9.1.1 - Backup File Download	webapps	PHP
22.02.2018	Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection	webapps	PHP
22.02.2018	Joomla! Component Ek Rishta 2.9 - SQL Injection	webapps	PHP
22.02.2018	Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection	webapps	PHP
22.02.2018	Joomla! Component CheckList 1.1.1 - SQL Injection	webapps	PHP
22.02.2018	Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload	webapps	PHP
22.02.2018	Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection	webapps	PHP
22.02.2018	Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities	webapps	JSP
22.02.2018	Parallels Remote Application Server 15.5 - Path Traversal	webapps	Windows
19.02.2018	October CMS < 1.0.431 - Cross-Site Scripting	webapps	PHP
16.02.2018	EPIC MyChart - X-Path Injection	webapps	ASP
16.02.2018	TV - Video Subscription - Authentication Bypass SQL Injection	webapps	PHP
16.02.2018	UserSpice 4.3 - Blind SQL Injection	webapps	PHP
16.02.2018	Twig < 2.4.4 - Server Side Template Injection	webapps	PHP
16.02.2018	Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting	webapps	PHP
16.02.2018	Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Aist 2.0 - 'id' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component DT Register 3.2.7 - 'id' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Fastball 2.5 - 'season' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component File Download Tracker 3.0 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Form Maker 3.6.12 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Gallery WD 1.3.6 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component jGive 2.0.9 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JS Autoz 1.0.9 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JS Jobs 1.1.9 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component JTicketing 2.0.16 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component NeoRecruit 4.1 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Project Log 1.5.3 - 'search' SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Realpin 1.5.04 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component SimpleCalendar 3.1.9 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Solidres 2.5.1 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Staff Master 1.0 RC 1 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection	webapps	PHP
16.02.2018	Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection	webapps	PHP
16.02.2018	Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Saxum Astro 4.0.14 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Saxum Numerology 3.0.4 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component SquadManagement 1.0.3 - SQL Injection	webapps	PHP
16.02.2018	Joomla! Component Saxum Picker 3.2.10 - SQL Injection	webapps	PHP
16.02.2018	Front Accounting ERP 2.4.3 - Cross-Site Request Forgery	webapps	PHP
16.02.2018	PHIMS - Hospital Management Information System - 'Password' SQL Injection	webapps	PHP
16.02.2018	PSNews Website 1.0.0 - 'Keywords' SQL Injection	webapps	PHP
16.02.2018	Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting	webapps	Multiple
14.02.2018	NAT32 2.2 Build 22284 - Remote Command Execution	webapps	Windows
14.02.2018	NAT32 2.2 Build 22284 - Cross-Site Request Forgery	webapps	Windows
14.02.2018	Social Oauth Login PHP - Authentication Bypass	webapps	PHP
14.02.2018	SOA School Management - 'access_login' SQL Injection	webapps	PHP
14.02.2018	userSpice 4.3 - Cross-Site Scripting	webapps	PHP
14.02.2018	Dell EMC Isilon OneFS - Multiple Vulnerabilities	webapps	Linux
13.02.2018	TypeSetter CMS 5.1 - 'Host' Header Injection	webapps	PHP
13.02.2018	TypeSetter CMS 5.1 - Cross-Site Request Forgery	webapps	PHP
13.02.2018	News Website Script 2.0.4 - 'search' SQL Injection	webapps	PHP
12.02.2018	LogicalDOC Enterprise 7.7.4 - Directory Traversal	webapps	Java
12.02.2018	LogicalDOC Enterprise 7.7.4 - User Enumeration	webapps	Java
12.02.2018	LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution	webapps	Java
11.02.2018	Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection	webapps	PHP
11.02.2018	Readymade Video Sharing Script 3.2 - 'search' SQL Injection	webapps	PHP
10.02.2018	Naukri Clone Script 3.0.3 - 'indus' SQL Injection	webapps	PHP
10.02.2018	Multi Language Olx Clone Script - Cross-Site Scripting	webapps	PHP
07.02.2018	Online Test Script 2.0.7 - 'cid' SQL Injection	webapps	PHP
07.02.2018	Entrepreneur Dating Script 2.0.2 - Authentication Bypass	webapps	PHP
05.02.2018	Wonder CMS 2.3.1 - Unrestricted File Upload	webapps	PHP
05.02.2018	Wonder CMS 2.3.1 - 'Host' Header Injection	webapps	PHP
05.02.2018	Matrimonial Website Script 2.1.6 - 'uid' SQL Injection	webapps	PHP
05.02.2018	NixCMS 1.0 - 'category_id' SQL Injection	webapps	PHP
05.02.2018	Online Voting System - Authentication Bypass	webapps	PHP
05.02.2018	Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection	webapps	PHP
05.02.2018	Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection	webapps	PHP
05.02.2018	Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection	webapps	PHP
05.02.2018	Joomla! Component jLike 1.0 - Information Leak	webapps	PHP
05.02.2018	Joomla! Component JSP Tickets 1.1 - SQL Injection	webapps	PHP
05.02.2018	Student Profile Management System Script 2.0.6 - Authentication Bypass	webapps	PHP
05.02.2018	Netis WF2419 Router - Cross-Site Scripting	webapps	Hardware
02.02.2018	Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection	webapps	PHP
02.02.2018	Event Manager 1.0 - SQL Injection	webapps	PHP
02.02.2018	Fancy Clone Script - 'search_browse_product' SQL Injection	webapps	PHP
02.02.2018	Real Estate Custom Script - 'route' SQL Injection	webapps	PHP
02.02.2018	Advance Loan Management System - 'id' SQL Injection	webapps	PHP
02.02.2018	IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting	webapps	ASPX
02.02.2018	Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection	webapps	PHP
02.02.2018	Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection	webapps	PHP
02.02.2018	Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection	webapps	PHP
02.02.2018	Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload	webapps	PHP
02.02.2018	Joomla! Component JMS Music 1.1.1 - SQL Injection	webapps	PHP
02.02.2018	Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal	webapps	Multiple
02.02.2018	FiberHome AN5506 - Remote DNS Change	webapps	Hardware
30.01.2018	Advantech WebAccess < 8.3 - SQL Injection	webapps	Windows
30.01.2018	Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal	webapps	PHP
30.01.2018	Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection	webapps	PHP
30.01.2018	Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection	webapps	PHP
30.01.2018	BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure	webapps	Windows
29.01.2018	iBall WRA150N - Multiple Vulnerabilities	webapps	Hardware
28.01.2018	PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal	webapps	PHP
28.01.2018	PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection	webapps	PHP
28.01.2018	Gnew 2018.1 - Cross-Site Request Forgery	webapps	PHP
28.01.2018	Nexpose < 6.4.66 - Cross-Site Request Forgery	webapps	Multiple
28.01.2018	Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery	webapps	PHP
28.01.2018	Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download	webapps	PHP
28.01.2018	Task Rabbit Clone 1.0 - 'id' SQL Injection	webapps	PHP
28.01.2018	TSiteBuilder 1.0 - SQL Injection	webapps	PHP
28.01.2018	Hot Scripts Clone - 'subctid' SQL Injection	webapps	PHP
28.01.2018	Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection	webapps	PHP
28.01.2018	Buddy Zone 2.9.9 - SQL Injection	webapps	PHP
28.01.2018	Netis WF2419 Router - Cross-Site Request Forgery	webapps	Hardware
28.01.2018	KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery	webapps	NodeJS
26.01.2018	Dodocool DC38 N300 - Cross-site Request Forgery	webapps	Hardware
26.01.2018	WordPress Plugin Learning Management System - 'course_id' SQL Injection	webapps	PHP
25.01.2018	ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password	webapps	Hardware
24.01.2018	Professional Local Directory Script 1.0 - SQL Injection	webapps	PHP
24.01.2018	WordPress Plugin Email Subscribers & Newsletters 3.4.7 - Information Disclosure	webapps	PHP
24.01.2018	Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure	webapps	ASPX
24.01.2018	Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload	webapps	ASPX
23.01.2018	CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection	webapps	PHP
23.01.2018	NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download	webapps	Multiple
23.01.2018	LiveCRM SaaS Cloud 1.0 - SQL Injection	webapps	PHP
23.01.2018	Affiligator 2.1.0 - SQL Injection	webapps	PHP
23.01.2018	RSVP Invitation Online 1.0 - Cross-Site Request Forgery (Update Admin)	webapps	PHP
23.01.2018	Easy Car Script 2014 - SQL Injection	webapps	PHP
23.01.2018	Wchat 1.5 - SQL Injection	webapps	PHP
23.01.2018	Zechat 1.5 - SQL Injection	webapps	PHP
23.01.2018	Tumder 2.1 - SQL Injection	webapps	PHP
23.01.2018	Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
23.01.2018	Quickad 4.0 - SQL Injection	webapps	PHP
23.01.2018	Flexible Poll 1.2 - SQL Injection	webapps	PHP
21.01.2018	Oracle JDeveloper 11.1.x/12.x - Directory Traversal	webapps	Java
21.01.2018	Shopware 5.2.5/5.3 - Cross-Site Scripting	webapps	JSON
21.01.2018	CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities	webapps	PHP
21.01.2018	PHPFreeChat 1.7 - Denial of Service	webapps	PHP
21.01.2018	OTRS 5.0.x/6.0.x - Remote Command Execution	webapps	Perl
18.01.2018	Primefaces 5.x - Remote Code Execution (Metasploit)	webapps	Java
18.01.2018	GitStack 2.3.10 - Remote Code Execution	webapps	PHP
17.01.2018	Zomato Clone Script - Arbitrary File Upload	webapps	PHP
17.01.2018	Reservo Image Hosting Script 1.5 - Cross-Site Scripting	webapps	PHP
17.01.2018	D-Link DSL-2640R - DNS Change	webapps	Hardware
17.01.2018	Belkin N600DB Wireless Router - Multiple Vulnerabilities	webapps	Hardware
17.01.2018	SugarCRM 3.5.1 - Cross-Site Scripting	webapps	PHP
15.01.2018	ImgHosting 1.5 - Cross-Site Scripting	webapps	PHP
15.01.2018	Domains & Hostings Manager PRO 3.0 - Authentication Bypass	webapps	PHP
15.01.2018	PerfexCRM 1.9.7 - Arbitrary File Upload	webapps	PHP
15.01.2018	RISE 1.9 - 'search' SQL Injection	webapps	PHP
15.01.2018	Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect	webapps	JSP
15.01.2018	Adminer 4.3.1 - Server-Side Request Forgery	webapps	PHP
15.01.2018	Oracle PeopleSoft 8.5x - Remote Code Execution	webapps	Java
15.01.2018	ILIAS < 5.2.4 - Cross-Site Scripting	webapps	PHP
15.01.2018	Flash Operator Panel 2.31.03 - Command Execution	webapps	PHP
15.01.2018	D-Link DNS-343 ShareCenter < 1.05 - Command Injection	webapps	PHP
15.01.2018	D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities	webapps	PHP
15.01.2018	DarkComet (C2 Server) - File Upload	webapps	Multiple
15.01.2018	pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection	webapps	PHP
15.01.2018	GitStack - Remote Code Execution	webapps	PHP
12.01.2018	Xnami 1.0 - Cross-Site Scripting	webapps	PHP
12.01.2018	Taxi Booking Script 1.0 - Cross-site Scripting	webapps	PHP
10.01.2018	Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)	webapps	PHP
10.01.2018	WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure	webapps	PHP
10.01.2018	Muviko 1.1 - SQL Injection	webapps	PHP
10.01.2018	WordPress Plugin Events Calendar - 'event_id' SQL Injection	webapps	PHP
10.01.2018	WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery	webapps	PHP
10.01.2018	WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation	webapps	PHP
10.01.2018	WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation	webapps	PHP
10.01.2018	WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery	webapps	PHP
10.01.2018	Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting	webapps	PHP
10.01.2018	SAP NetWeaver J2EE Engine 7.40 - SQL Injection	webapps	Multiple
10.01.2018	D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution	webapps	Hardware
08.01.2018	Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities	webapps	PHP
08.01.2018	Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration	webapps	CGI
08.01.2018	Photos in Wifi 1.0.1 - Path Traversal	webapps	iOS
08.01.2018	SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities	webapps	Hardware
08.01.2018	FiberHome LM53Q1 - Multiple Vulnerabilities	webapps	Hardware
08.01.2018	WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload	webapps	PHP
08.01.2018	Vanilla < 2.1.5 - Cross-Site Request Forgery	webapps	PHP
05.01.2018	gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities	webapps	PHP
05.01.2018	Gespage 7.4.8 - SQL Injection	webapps	JSP
03.01.2018	WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection	webapps	PHP
03.01.2018	EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection	webapps	Multiple