Exploit Web Applications 2019 -

Exploit Web Applications 2019 - Úvod Remote Web App Local&Privilege Escalation DoS & PoC ShellCode Exploit Exploit prog. Ex. Techniky Exp. kit Typy Exploitů Exploit Articles

Web Applications H 2020 2019 2018

2019-12-31	Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass	webapps	PHP
2019-12-31	Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)	webapps	Hardware
2019-12-30	HomeAutomation 3.3.2 - Persistent Cross-Site Scripting	webapps	Hardware
2019-12-30	HomeAutomation 3.3.2 - Authentication Bypass	webapps	PHP
2019-12-30	HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
2019-12-30	HomeAutomation 3.3.2 - Remote Code Execution	webapps	PHP
2019-12-30	elearning-script 1.0 - Authentication Bypass	webapps	Windows
2019-12-30	XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
2019-12-30	Thrive Smart Home 1.1 - Authentication Bypass	webapps	PHP
2019-12-30	XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
2019-12-30	XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
2019-12-30	WEMS BEMS 21.3.1 - Undocumented Backdoor Account	webapps	Hardware
2019-12-30	AVE DOMINAplus 1.10.x - Credential Disclosure	webapps	Hardware
2019-12-30	AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot	webapps	Hardware
2019-12-30	AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)	webapps	Hardware
2019-12-30	AVE DOMINAplus 1.10.x - Authentication Bypass	webapps	Hardware
2019-12-30	Heatmiser Netmonitor 3.03 - Hardcoded Credentials	webapps	Hardware
2019-12-30	MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure	webapps	Hardware
2019-12-30	RICOH SP 4510SF Printer - HTML Injection	webapps	Hardware
2019-12-30	RICOH Web Image Monitor 1.09 - HTML Injection	webapps	Hardware
2019-12-30	Heatmiser Netmonitor 3.03 - HTML Injection	webapps	Hardware
2019-12-24	Django < 3.0 < 2.2 < 1.11 - Account Hijack	webapps	Python
2019-12-20	phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting	webapps	PHP
2019-12-19	Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation	webapps	Hardware
2019-12-18	Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)	webapps	Windows
2019-12-18	Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
2019-12-18	Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting	webapps	ASP
2019-12-18	Telerik UI - Remote Code Execution via Insecure Deserialization	webapps	ASPX
2019-12-17	Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting	webapps	Java
2019-12-17	Netgear R6400 - Remote Code Execution	webapps	Hardware
2019-12-17	NopCommerce 4.2.0 - Privilege Escalation	webapps	ASPX
2019-12-17	WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service	webapps	PHP
2019-12-16	D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting	webapps	Hardware
2019-12-16	Roxy Fileman 1.4.5 - Directory Traversal	webapps	ASPX
2019-12-16	D-Link DIR-615 - Privilege Escalation	webapps	Hardware
2019-12-13	NVMS 1000 - Directory Traversal	webapps	Hardware
2019-12-12	OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)	webapps	PHP
2019-12-12	Bullwark Momentum Series JAWS 1.0 - Directory Traversal	webapps	PHP
2019-12-11	Apache Olingo OData 4.0 - XML External Entity Injection	webapps	Java
2019-12-10	Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery	webapps	Hardware
2019-12-10	Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution	webapps	Hardware
2019-12-09	Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting	webapps	PHP
2019-12-09	PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass	webapps	PHP
2019-12-09	Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution	webapps	Hardware
2019-12-09	Alcatel-Lucent Omnivista 8770 - Remote Code Execution	webapps	PHP
2019-12-09	Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting	webapps	Java
2019-12-06	Verot 2.0.3 - Remote Code Execution	webapps	PHP
2019-12-05	Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution	webapps	Windows
2019-12-04	Online Clinic Management System 2.2 - HTML Injection	webapps	PHP
2019-12-04	Cisco WLC 2504 8.9 - Denial of Service (PoC)	webapps	Hardware
2019-12-04	OwnCloud 8.1.8 - Username Disclosure	webapps	PHP
2019-12-03	Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting	webapps	PHP
2019-12-03	Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery	webapps	Hardware
2019-12-03	Revive Adserver 4.2 - Remote Code Execution	webapps	PHP
2019-12-02	SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery	webapps	PHP
2019-12-02	Dokuwiki 2018-04-22b - Username Enumeration	webapps	PHP
2019-11-29	Online Inventory Manager 3.2 - Persistent Cross-Site Scripting	webapps	PHP
2019-11-28	Wordpress 5.3 - User Disclosure	webapps	PHP
2019-11-28	Mersive Solstice 2.8.0 - Remote Code Execution	webapps	Android
2019-11-21	TestLink 1.9.19 - Persistent Cross-Site Scripting	webapps	Hardware
2019-11-21	Network Management Card 6.2.0 - Host Header Injection	webapps	Hardware
2019-11-20	OpenNetAdmin 18.1.1 - Remote Code Execution	webapps	PHP
2019-11-18	Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal	webapps	Hardware
2019-11-18	Crystal Live HTTP Server 6.01 - Directory Traversal	webapps	ASP
2019-11-18	Centova Cast 3.2.11 - Arbitrary File Download	webapps	Hardware
2019-11-18	TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
2019-11-18	TemaTres 3.0 - 'value' Persistent Cross-site Scripting	webapps	PHP
2019-11-14	Xfilesharing 2.5.1 - Arbitrary File Upload	webapps	PHP
2019-11-13	Linear eMerge E3 1.00-06 - Remote Code Execution	webapps	Hardware
2019-11-13	FUDForum 3.0.9 - Remote Code Execution	webapps	PHP
2019-11-13	Technicolor TD5130.2 - Remote Command Execution	webapps	Hardware
2019-11-13	Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting	webapps	Hardware
2019-11-13	gSOAP 2.8 - Directory Traversal	webapps	PHP
2019-11-13	Fastweb Fastgate 0.00.81 - Remote Code Execution	webapps	Hardware
2019-11-12	Prima FlexAir Access Control 2.3.38 - Remote Code Execution	webapps	Hardware
2019-11-12	Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting	webapps	ASPX
2019-11-12	Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting	webapps	Hardware
2019-11-12	Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting	webapps	ASPX
2019-11-12	eMerge E3 1.00-06 - Unauthenticated Directory Traversal	webapps	Hardware
2019-11-12	eMerge E3 1.00-06 - Privilege Escalation	webapps	Hardware
2019-11-12	eMerge E3 1.00-06 - Remote Code Execution	webapps	Hardware
2019-11-12	eMerge E3 1.00-06 - Cross-Site Request Forgery	webapps	Hardware
2019-11-12	Atlassian Confluence 6.15.1 - Directory Traversal	webapps	JSP
2019-11-12	eMerge E3 1.00-06 - Arbitrary File Upload	webapps	Hardware
2019-11-12	eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting	webapps	Hardware
2019-11-12	eMerge50P 5000P 4.6.07 - Remote Code Execution	webapps	Hardware
2019-11-12	CBAS-Web 19.0.0 - Remote Code Execution	webapps	Hardware
2019-11-12	CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)	webapps	Hardware
2019-11-12	CBAS-Web 19.0.0 - Username Enumeration	webapps	Hardware
2019-11-12	CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection	webapps	PHP
2019-11-12	Joomla 3.9.13 - 'Host' Header Injection	webapps	PHP
2019-11-12	Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting	webapps	Alpha
2019-11-12	Prima Access Control 2.3.35 - Arbitrary File Upload	webapps	Hardware
2019-11-12	Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)	webapps	JSP
2019-11-12	Optergy 2.3.0a - Remote Code Execution	webapps	Hardware
2019-11-12	FlexAir Access Control 2.4.9api3 - Remote Code Execution	webapps	Hardware
2019-11-12	Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
2019-11-12	Optergy 2.3.0a - Username Disclosure	webapps	Hardware
2019-11-12	Optergy 2.3.0a - Remote Code Execution (Backdoor)	webapps	Hardware
2019-11-12	Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting	webapps	ASPX
2019-11-12	FlexAir Access Control 2.3.35 - Authentication Bypass	webapps	Hardware
2019-11-12	Bematech Printer MP-4200 - Denial of Service	webapps	Hardware
2019-11-08	Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting	webapps	Java
2019-11-08	Adive Framework 2.0.7 - Privilege Escalation	webapps	PHP
2019-11-08	Nextcloud 17 - Cross-Site Request Forgery	webapps	PHP
2019-11-06	Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass	webapps	Hardware
2019-11-06	Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure	webapps	Hardware
2019-11-05	thejshen Globitek CMS 1.4 - 'id' SQL Injection	webapps	PHP
2019-11-05	thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting	webapps	PHP
2019-11-05	rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection	webapps	PHP
2019-11-05	html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting	webapps	PHP
2019-11-05	html5_snmp 1.11 - 'Router_ID' SQL Injection	webapps	PHP
2019-11-05	SD.NET RIM 4.7.3c - 'idtyp' SQL Injection	webapps	ASPX
2019-11-01	TheJshen contentManagementSystem 1.04 - 'id' SQL Injection	webapps	PHP
2019-11-01	ownCloud 10.3.0 stable - Cross-Site Request Forgery	webapps	Linux
2019-11-01	Apache Solr 8.2.0 - Remote Code Execution	webapps	Java
2019-10-31	Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection	webapps	PHP
2019-10-30	Ajenti 2.1.31 - Remote Code Exection (Metasploit)	webapps	JSON
2019-10-30	Citrix StoreFront Server 7.15 - XML External Entity Injection	webapps	XML
2019-10-30	iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure	webapps	Hardware
2019-10-29	rConfig 3.9.2 - Remote Code Execution	webapps	PHP
2019-10-29	Wordpress 5.2.4 - Cross-Origin Resource Sharing	webapps	PHP
2019-10-28	Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery	webapps	Hardware
2019-10-28	waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection	webapps	PHP
2019-10-28	Part-DB 0.4 - Authentication Bypass	webapps	PHP
2019-10-28	waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting	webapps	PHP
2019-10-28	delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection	webapps	PHP
2019-10-28	PHP-FPM + Nginx - Remote Code Execution	webapps	PHP
2019-10-25	ClonOs WEB UI 19.09 - Improper Access Control	webapps	PHP
2019-10-24	Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection	webapps	PHP
2019-10-24	AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control	webapps	Hardware
2019-10-24	AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection	webapps	Hardware
2019-10-23	Rocket.Chat 2.1.0 - Cross-Site Scripting	webapps	Linux
2019-10-23	Joomla! 3.4.6 - Remote Code Execution (Metasploit)	webapps	PHP
2019-10-18	Joomla! 3.4.6 - Remote Code Execution	webapps	PHP
2019-10-17	Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting	webapps	PHP
2019-10-17	Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting	webapps	PHP
2019-10-17	Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting	webapps	PHP
2019-10-17	Restaurant Management System 1.0 - Remote Code Execution	webapps	PHP
2019-10-16	Accounts Accounting 7.02 - Persistent Cross-Site Scripting	webapps	PHP
2019-10-15	Bolt CMS 3.6.10 - Cross-Site Request Forgery	webapps	PHP
2019-10-14	Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting	webapps	PHP
2019-10-14	Ajenti 2.1.31 - Remote Code Execution	webapps	Python
2019-10-14	Kirona-DRS 5.5.3.5 - Information Disclosure	webapps	PHP
2019-10-14	Apache Httpd mod_proxy - Error Page Cross-Site Scripting	webapps	Multiple
2019-10-14	Apache Httpd mod_rewrite - Open Redirects	webapps	Multiple
2019-10-14	WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts	webapps	Multiple
2019-10-11	Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting	webapps	Hardware
2019-10-11	WordPress Arforms 3.7.1 - Directory Traversal	WebApps	PHP
2019-10-11	Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting	WebApps	Hardware
2019-10-11	National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation	Local	Windows
2019-10-10	Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File	DoS	Windows
2019-10-10	Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File	DoS	Windows
2019-10-10	Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File	DoS	Windows
2019-10-10	Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File	DoS	Windows
2019-10-10	Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File	DoS	Windows
2019-10-10	Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter	DoS	Windows
2019-10-10	TP-Link TL-WR1043ND 2 - Authentication Bypass	WebApps	Hardware
2019-10-10	ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit, DEP Bypass)	Local	Linux
2019-10-10	SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery	WebApps	Hardware
2019-10-09	XNU - Remote Double-Free via Data Race in IPComp Input Path	DoS	macOS
2019-10-09	Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)	DoS	Windows
2019-10-09	DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)	Local	Windows
2019-10-07	vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution	WebApps	PHP
2019-10-08	Zabbix 4.4 - Authentication Bypass	WebApps	PHP
2019-10-07	freeFTP 1.0.8 - 'PASS' Remote Buffer Overflow	Remote	Windows
2019-10-07	CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation	Local	Windows
2019-10-07	IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload	WebApps	Java
2019-10-07	Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting	WebApps	PHP
2019-10-07	ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)	Local	Windows_x86-64
2019-10-07	Zabbix 4.2 - Authentication Bypass	WebApps	PHP
2019-10-07	logrotten 3.15.1 - Privilege Escalation	Local	Linux
2019-10-07	Joomla 3.4.6 - 'configuration.php' Remote Code Execution	WebApps	PHP
2019-10-04	Android - Binder Driver Use-After-Free	Local	Android
2019-10-03	PHP 7.0 < 7.3 (Unix) - 'gc' Disable Functions Bypass	WebApps	PHP
2019-10-04	LabCollector 5.423 - SQL Injection	WebApps	PHP
2019-10-03	AnchorCMS < 0.12.3a - Information Disclosure	WebApps	Multiple
2019-10-03	mintinstall 7.9.9 - Code Execution	WebApps	Linux
2019-10-02	DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)	Remote	Windows
2019-10-02	Detrix EDMS 1.2.3.1505 - SQL Injection	WebApps	PHP
2019-09-18	Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)	Local	Windows
2019-10-01	WebKit - Universal XSS Using Cached Pages	DoS	Multiple
2019-10-01	WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment	DoS	Multiple
2019-10-01	WebKit - Universal XSS in WebCore::command	DoS	Multiple
2019-10-01	WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads	DoS	Multiple
2019-10-01	DotNetNuke < 9.4.0 - Cross-Site Scripting	WebApps	Multiple
2019-09-23	vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution	WebApps	PHP
2019-09-28	PHP 7.1 < 7.3 - 'json serializer' Disable Functions Bypass	WebApps	Multiple
2019-10-01	kic 2.4a - Denial of Service	DoS	Linux
2019-10-01	DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)	Local	Windows
2019-09-30	Cisco Small Business 220 Series - Multiple Vulnerabilities	Remote	Hardware
2019-09-30	TheSystem 1.0 - Command Injection	WebApps	Python
2019-09-30	thesystem 1.0 - Cross-Site Scripting	WebApps	Python
2019-09-30	GoAhead 2.5.0 - Host Header Injection	Remote	Multiple
2019-09-30	phpIPAM 1.4 - SQL Injection	WebApps	PHP
2019-09-30	vBulletin 5.x - Remote Command Execution (Metasploit)	WebApps	PHP
2019-09-27	WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting	WebApps	PHP
2019-09-27	V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation	WebApps	Hardware
2019-09-27	V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery	WebApps	Hardware
2019-09-27	V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download	WebApps	Hardware
2019-09-27	thesystem App 1.0 - 'username' SQL Injection	WebApps	PHP
2019-09-27	thesystem App 1.0 - Persistent Cross-Site Scripting	WebApps	PHP
2019-09-27	thesystem App 1.0 - 'server_name' SQL Injection	WebApps	PHP
2019-09-27	Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)	Local	Windows
2019-09-27	InoERP 0.7.2 - Persistent Cross-Site Scripting	WebApps	PHP
2019-09-26	citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection	WebApps	PHP
2019-09-26	inoERP 4.15 - 'download' SQL Injection	WebApps	PHP
2019-09-26	all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting	WebApps	PHP
2019-09-26	Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting	WebApps	PHP
2019-09-26	Chamillo LMS 1.11.8 - Arbitrary File Upload	WebApps	PHP
2019-09-25	YzmCMS 5.3 - 'Host' Header Injection	WebApps	PHP
2019-09-25	ABRT - sosreport Privilege Escalation (Metasploit)	Local	Linux
2019-09-25	NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution	WebApps	JSON
2019-09-25	WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting	WebApps	PHP
2019-09-25	SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service	DoS	Windows
2019-09-25	Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting	WebApps	ASPX
2019-09-24	Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)	Remote	Windows
2019-09-24	iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds	DoS	iOS
2019-09-24	Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service	DoS	Windows
2019-09-24	File Sharing Wizard 1.5.0 - POST SEH Overflow	Remote	Windows
2019-09-24	DeviceViewer 3.12.0.1 - 'creating user' Denial of Service	DoS	Windows
2019-09-23	HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure	Remote	watchOS
2019-09-23	Gila CMS < 1.11.1 - Local File Inclusion	WebApps	Multiple
2019-09-23	Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure	Remote	Hardware
2019-09-20	LayerBB < 1.1.4 - Cross-Site Request Forgery	WebApps	PHP
2019-09-19	GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting	WebApps	PHP
2019-09-19	DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection	WebApps	PHP
2019-09-19	macOS 18.7.0 Kernel - Local Privilege Escalation	Local	macOS
2019-09-19	Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution	WebApps	Hardware
2019-09-18	Hospital-Management 1.26 - 'fname' SQL Injection	WebApps	PHP
2019-09-16	CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection	WebApps	PHP
2019-09-16	docPrint Pro 8.0 - SEH Buffer Overflow	Local	Windows
2019-09-16	Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload	WebApps	CFM
2019-09-16	Inteno IOPSYS Gateway - Improper Access Restrictions	Remote	Hardware
2019-09-16	AppXSvc - Privilege Escalation	Local	Windows
2019-09-14	College-Management-System 1.2 - Authentication Bypass	WebApps	PHP
2019-09-14	Ticket-Booking 1.4 - Authentication Bypass	WebApps	PHP
2019-09-13	LimeSurvey 3.17.13 - Cross-Site Scripting	WebApps	PHP
2019-09-13	phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery	WebApps	PHP
2019-09-13	Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting	WebApps	PHP
2019-09-13	Folder Lock 7.7.9 - Denial of Service	DoS	Windows
2019-09-12	Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts	DoS	Windows
2019-09-12	Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts	DoS	Windows
2019-09-11	eWON Flexy - Authentication Bypass	WebApps	Hardware
2019-09-11	AVCON6 systems management platform - OGNL Remote Command Execution	WebApps	Java
2019-09-10	Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)	Local	Windows
2019-09-10	Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)	Local	Windows
2019-09-10	October CMS - Upload Protection Bypass Code Execution (Metasploit)	Remote	PHP
2019-09-10	LibreNMS - Collectd Command Injection (Metasploit)	Remote	Linux
2019-09-10	WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)	WebApps	PHP
2019-09-10	WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting	WebApps	PHP
2019-09-10	WordPress Plugin Photo Gallery 1.5.34 - SQL Injection	WebApps	PHP
2019-09-09	Dolibarr ERP-CRM 10.0.1 - SQL Injection	WebApps	PHP
2019-09-09	WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting	WebApps	PHP
2019-09-09	Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure	WebApps	CGI
2019-09-09	Online Appointment - SQL Injection	WebApps	PHP
2019-09-09	Enigma NMS 65.0.0 - SQL Injection	WebApps	Multiple
2019-09-09	Enigma NMS 65.0.0 - OS Command Injection	WebApps	Multiple
2019-09-09	Enigma NMS 65.0.0 - Cross-Site Request Forgery	WebApps	Multiple
2019-09-09	Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection	WebApps	PHP
2019-09-09	WordPress 5.2.3 - Cross-Site Host Modification	WebApps	PHP
2019-09-06	FusionPBX 4.4.8 - Remote Code Execution	Remote	Linux
2019-09-06	Windows NTFS - Privileged File Access Enumeration	Local	Windows
2019-09-06	Inventory Webapp - 'itemquery' SQL injection	WebApps	PHP
2019-09-06	Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution	Remote	Multiple
2019-09-05	AwindInc SNMP Service - Command Injection (Metasploit)	Remote	Linux
2019-09-04	DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting	WebApps	Hardware
2019-09-04	WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting	WebApps	PHP
2019-08-12	BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting	WebApps	PHP
2019-08-08	Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection	WebApps	PHP
2019-08-08	Adive Framework 2.0.7 - Cross-Site Request Forgery	WebApps	PHP
2019-08-08	Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download	WebApps	PHP
2019-08-08	Aptana Jaxer 1.0.3.4547 - Local File inclusion	WebApps	Multiple
2019-08-08	Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)	WebApps	PHP
2019-08-08	Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting	WebApps	PHP
2019-08-07	WordPress Plugin JoomSport 3.3 - SQL Injection	WebApps	PHP
2019-08-02	1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting	WebApps	PHP
2019-08-02	Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection	WebApps	PHP
2019-08-02	Sar2HTML 3.2.1 - Remote Command Execution	WebApps	PHP
2019-08-01	Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery	WebApps	Hardware
2019-08-01	WebIncorp ERP - SQL injection	WebApps	PHP
2019-08-01	Ultimate Loan Manager 2.0 - Cross-Site Scripting	WebApps	Multiple
2019-07-31	Oracle Hyperion Planning 11.1.2.3 - XML External Entity	WebApps	Multiple
2019-07-30	Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming	WebApps	Hardware
2019-07-29	GigToDo 1.3 - Cross-Site Scripting	WebApps	PHP
2019-07-29	WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting	WebApps	PHP
2019-07-29	WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery	WebApps	PHP
2019-07-26	Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection	WebApps	JSP
2019-07-26	Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)	WebApps	JSP
2019-07-26	Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution	WebApps	JSP
2019-07-26	Moodle Filepicker 3.5.2 - Server Side Request Forgery	WebApps	PHP
2019-07-25	Ovidentia 8.4.3 - SQL Injection	WebApps	PHP
2019-07-25	Ovidentia 8.4.3 - Cross-Site Scripting	WebApps	PHP
2019-07-24	WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions	WebApps	PHP
2019-07-24	Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery	WebApps	Hardware
2019-07-24	NoviSmart CMS - SQL injection	WebApps	PHP
2019-07-22	Axway SecureTransport 5 - Unauthenticated XML Injection	WebApps	Linux
2019-07-19	REDCap < 9.1.2 - Cross-Site Scripting	WebApps	PHP
2019-07-19	Web Ofisi Firma 13 - 'oz' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi Rent a Car 3 - 'klima' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi Firma Rehberi 1 - 'il' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi Emlak 2 - 'ara' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection	WebApps	Linux
2019-07-19	Web Ofisi E-Ticaret 3 - 'a' SQL Injection	WebApps	Linux
2019-07-19	fuelCMS 1.4.1 - Remote Code Execution	WebApps	Linux
2019-07-18	WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting	WebApps	Linux
2019-07-17	Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting	WebApps	Linux
2019-07-16	CentOS Control Web Panel 0.9.8.838 - User Enumeration	WebApps	Linux
2019-07-16	CentOS Control Web Panel 0.9.8.836 - Privilege Escalation	WebApps	Linux
2019-07-16	CentOS Control Web Panel 0.9.8.836 - Authentication Bypass	WebApps	Linux
2019-07-15	FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion	WebApps	PHP
2019-07-15	CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities	WebApps	Hardware
2019-07-15	NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass	WebApps	Hardware
2019-07-12	Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution	WebApps	CGI
2019-07-12	Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting	WebApps	Java
2019-07-12	Sahi Pro 8.0.0 - Remote Command Execution	WebApps	Java
2019-07-12	MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting	WebApps	PHP
2019-07-12	Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting	WebApps	Hardware
2019-07-11	Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting	WebApps	ASPX
2019-07-08	WordPress Plugin Like Button 1.6.0 - Authentication Bypass	WebApps	PHP
2019-07-08	Karenderia Multiple Restaurant System 5.3 - SQL Injection	WebApps	PHP
2019-07-05	Karenderia Multiple Restaurant System 5.3 - Local File Inclusion	WebApps	PHP
2019-07-03	Symantec DLP 15.5 MP1 - Cross-Site Scripting	WebApps	Multiple
2019-07-02	Centreon 19.04 - Remote Code Execution	WebApps	PHP
2019-07-01	FaceSentry Access Control System 6.4.8 - Remote Root Exploit	WebApps	Hardware
2019-07-01	FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery	WebApps	Hardware
2019-07-01	FaceSentry Access Control System 6.4.8 - Remote Command Injection	WebApps	Hardware
2019-07-01	CyberPanel 1.8.4 - Cross-Site Request Forgery	WebApps	Multiple
2019-07-01	Sahi pro 8.x - Directory Traversal	WebApps	Multiple
2019-07-01	SAP Crystal Reports - Information Disclosure	WebApps	Multiple
2019-07-01	ZoneMinder 1.32.3 - Cross-Site Scripting	WebApps	PHP
2019-07-01	PowerPanel Business Edition - Cross-Site Scripting	WebApps	Linux
2019-07-01	Varient 1.6.1 - SQL Injection	WebApps	Multiple
2019-07-01	CiuisCRM 1.6 - 'eventType' SQL Injection	WebApps	PHP
2019-07-01	WorkSuite PRM 2.4 - 'password' SQL Injection	WebApps	PHP
2019-06-28	LibreNMS 1.46 - 'addhost' Remote Code Execution	WebApps	PHP
2019-06-25	WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting	WebApps	PHP
2019-06-25	WordPress Plugin iLive 1.0.4 - Cross-Site Scripting	WebApps	PHP
2019-06-25	BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal	WebApps	ASPX
2019-06-25	AZADMIN CMS 1.0 - SQL Injection	WebApps	PHP
2019-06-25	Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution	WebApps	Hardware
2019-06-24	GrandNode 4.40 - Path Traversal / Arbitrary File Download	WebApps	Multiple
2019-06-24	SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting	WebApps	PHP
2019-06-24	SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting	WebApps	PHP
2019-06-24	SeedDMS versions < 5.1.11 - Remote Command Execution	WebApps	PHP
2019-06-24	dotProject 2.1.9 - SQL Injection	WebApps	PHP
2019-06-20	Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)	Local	Linux
2019-06-20	Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)	Remote	Linux
2019-06-20	Linux - Use-After-Free via race Between modify_ldt() and #BR Exception	DoS	Linux
2019-06-20	BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection	WebApps	ASPX
2019-06-20	WebERP 4.15 - SQL injection	WebApps	PHP
2019-06-20	Tuneclone 2.20 - Local SEH Buffer Overflow	Local	Windows
2019-06-19	BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution	WebApps	ASPX
2019-06-19	BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution	WebApps	ASPX
2019-06-18	Serv-U FTP Server < 15.1.7 - Local Privilege Escalation	Local	Linux
2019-06-18	Sahi pro 8.x - Cross-Site Scripting	WebApps	Multiple
2019-06-18	Sahi pro 8.x - SQL Injection	WebApps	Multiple
2019-06-18	Sahi pro 7.x/8.x - Directory Traversal	WebApps	Multiple
2019-06-17	Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow	DoS	Multiple
2019-06-17	Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow	DoS	Multiple
2019-06-17	Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow	DoS	Multiple
2019-06-17	Thunderbird ESR < 60.7.XXX - Type Confusion	DoS	Multiple
2019-06-17	Spring Security OAuth - Open Redirector	WebApps	Java
2019-06-17	AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)	Remote	PHP
2019-06-17	Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)	Local	Windows
2019-06-17	Netperf 2.6.0 - Stack-Based Buffer Overflow	DoS	Linux
2019-06-17	Exim 4.87 - 4.91 - Local Privilege Escalation	Local	Linux
2019-06-17	HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write	DoS	Windows
2019-06-17	CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities	WebApps	Hardware
2019-06-17	RedwoodHQ 2.5.5 - Authentication Bypass	WebApps	Multiple
2019-06-14	Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow	Local	Windows
2019-06-14	CentOS 7.6 - 'ptrace_scope' Privilege Escalation	Local	Linux
2019-06-13	Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation	Local	Windows
2019-06-13	Sitecore 8.x - Deserialization Remote Code Execution	WebApps	ASPX
2019-06-12	FusionPBX 4.4.3 - Remote Command Execution	WebApps	PHP
2019-06-11	Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)	Remote	Linux
2019-06-11	Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting	WebApps	JSP
2019-06-11	phpMyAdmin 4.8 - Cross-Site Request Forgery	WebApps	PHP
2019-06-11	WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution	WebApps	PHP
2019-06-11	ProShow 9.0.3797 - Local Privilege Escalation	Local	Windows
2019-06-10	Ubuntu 18.04 - 'lxd' Privilege Escalation	Local	Linux
2019-06-10	UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting	WebApps	PHP
2019-06-07	Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)	Local	Windows
2019-06-05	Exim 4.87 < 4.91 - (Local / Remote) Command Execution	Remote	Linux
2019-06-04	Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution	Local	Linux
2019-06-03	Nvidia GeForce Experience Web Helper - Command Injection	Local	Windows
2019-06-06	Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion	WebApps	Hardware
2019-06-05	LibreNMS - addhost Command Injection (Metasploit)	Remote	Linux
2019-06-05	IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)	Remote	Windows
2019-06-05	Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free	DoS	Multiple
2019-06-05	Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery	WebApps	JSP
2019-06-04	Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting	WebApps	Java
2019-06-04	Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting	WebApps	Java
2019-06-04	Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting	WebApps	Java
2019-06-04	Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting	WebApps	Java
2019-06-04	DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)	Local	Windows
2019-06-04	Cisco RV130W 1.0.3.44 - Remote Stack Overflow	Remote	Hardware
2019-06-04	NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow	Remote	Hardware
2019-06-04	IceWarp 10.4.4 - Local File Inclusion	WebApps	PHP
2019-06-03	WordPress Plugin Form Maker 1.13.3 - SQL Injection	WebApps	PHP
2019-06-03	AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control	WebApps	Hardware
2019-06-03	KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities	WebApps	PHP
2019-05-30	Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service	DoS	Windows
2014-11-24	Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)	Local	Windows
2019-05-29	Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)	Remote	Java
2019-05-29	Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL	DoS	Android
2019-05-29	Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation	DoS	Multiple
2019-05-29	Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script	DoS	Multiple
2019-05-23	Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)	Local	Windows
2019-05-29	Free SMTP Server 2.5 - Denial of Service (PoC)	DoS	Windows
2019-05-29	pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting	WebApps	PHP
2019-05-28	Phraseanet < 4.0.7 - Cross-Site Scripting	WebApps	Multiple
2019-05-28	Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass	Remote	Windows
2019-05-28	EquityPandit 1.0 - Password Disclosure	Local	Android
2019-05-27	Typora 0.9.9.24.6 - Directory Traversal	Remote	macOS
2019-05-27	Deltek Maconomy 2.2.5 - Local File Inclusion	WebApps	Multiple
2019-05-27	Pidgin 2.13.0 - Denial of Service (PoC)	DoS	Windows
2019-05-24	Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)	DoS	Windows
2019-05-24	Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption	Remote	Windows
2019-05-24	Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)	DoS	Windows
2019-05-24	Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)	DoS	Windows
2019-05-24	Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)	DoS	Windows
2019-05-24	Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)	DoS	Windows
2019-05-24	Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)	DoS	Windows
2019-05-24	Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow	Local	Windows
2019-05-24	Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC	WebApps	PHP
2019-05-15	Microsoft Windows - 'Win32k' Local Privilege Escalation	Local	Windows
2019-05-22	Microsoft Internet Explorer 11 - Sandbox Escape	Local	Windows
2019-05-22	Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation	Local	Windows
2019-05-22	Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation	Local	Windows
2019-05-23	Microsoft Windows 10 (17763.379) - Install DLL	Local	Windows
2019-05-23	Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)	Remote	PHP
2019-05-23	Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)	Local	macOS
2019-05-23	Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free	DoS	iOS
2019-05-23	Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation	Local	Windows
2019-05-23	Terminal Services Manager 3.2.1 - Denial of Service	DoS	Windows
2019-05-23	Nagios XI 5.6.1 - SQL injection	WebApps	PHP
2019-05-23	NetAware 1.20 - 'Share Name' Denial of Service (PoC)	DoS	Windows
2019-05-23	NetAware 1.20 - 'Add Block' Denial of Service (PoC)	DoS	Windows
2019-05-22	Horde Webmail 5.2.22 - Multiple Vulnerabilities	WebApps	PHP
2019-05-22	TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)	DoS	Windows
2019-05-22	TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)	DoS	Windows
2019-05-22	RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)	DoS	Windows
2019-05-22	RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)	DoS	Windows
2019-05-22	Carel pCOWeb < B1.2.1 - Credentials Disclosure	WebApps	Hardware
2019-05-22	Carel pCOWeb < B1.2.1 - Cross-Site Scripting	WebApps	Hardware
2019-05-22	AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting	WebApps	Hardware
2019-05-22	Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting	WebApps	Multiple
2019-05-22	Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions	WebApps	Multiple
2019-05-22	BlueStacks 4.80.0.1060 - Denial of Service (PoC)	DoS	Windows
2019-05-21	Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free	DoS	Multiple
2019-05-21	Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl	DoS	Multiple
2019-05-21	Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register	DoS	Multiple
2019-05-21	Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized	DoS	Multiple
2019-05-21	Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free	DoS	Multiple
2019-05-21	Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution	WebApps	Java
2019-05-21	WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities	WebApps	PHP
2019-05-21	Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection	WebApps	Java
2019-05-21	Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)	DoS	Windows
2019-05-21	Deluge 1.3.15 - 'URL' Denial of Service (PoC)	DoS	Multiple
2019-05-21	TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting	WebApps	Hardware
2019-05-21	Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting	WebApps	PHP
2019-05-20	GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)	Remote	PHP
2019-05-20	Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)	Local	Solaris
2019-05-20	Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)	Local	Solaris
2019-05-20	Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation	Local	Solaris
2019-04-02	LimeSurvey < 3.16 - Remote Code Execution	WebApps	PHP
2019-04-02	JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery	WebApps	Hardware
2019-04-02	WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering	WebApps	PHP
2019-04-02	Inout RealEstate - 'city' SQL Injection	WebApps	PHP
2019-04-02	Inout EasyRooms - SQL Injection	WebApps	PHP
2019-03-29	CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting	WebApps	Linux
2019-03-28	Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection	WebApps	PHP
2019-03-28	BigTree 4.3.4 CMS - Multiple SQL Injection	WebApps	PHP
2019-03-28	Job Portal 3.1 - 'job_submit' SQL Injection	WebApps	PHP
2019-03-28	i-doit 1.12 - 'qr.php' Cross-Site Scripting	WebApps	PHP
2019-03-28	WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion	WebApps	PHP
2019-03-28	WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion	WebApps	PHP
2019-03-28	Fat Free CRM 0.19.0 - HTML Injection	WebApps	Ruby
2019-03-28	Airbnb Clone Script - Multiple SQL Injection	WebApps	PHP
2019-03-28	Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion	WebApps	Windows
2019-03-27	Jettweb Hazır Rent A Car Scripti V4 - SQL Injection	WebApps	PHP
2019-03-26	SJS Simple Job Script - SQL Injection / Cross-Site Scripting	WebApps	PHP
2019-03-26	Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion	WebApps	Windows
2019-03-26	XooDigital - 'p' SQL Injection	WebApps	PHP
2019-03-26	XooGallery - Multiple SQL Injection	WebApps	PHP
2019-03-26	Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting	WebApps	PHP
2019-03-26	Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection	WebApps	PHP
2019-03-25	Zeeways Matrimony CMS - SQL Injection	WebApps	PHP
2019-03-25	Zeeways Jobsite CMS - 'id' SQL Injection	WebApps	PHP
2019-03-25	Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection	WebApps	PHP
2019-03-25	Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)	WebApps	PHP
2019-03-25	Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection	WebApps	PHP
2019-03-25	Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting	WebApps	Multiple
2019-03-22	Inout Article Base CMS - SQL Injection	WebApps	PHP
2019-03-22	Meeplace Business Review Script - 'id' SQL Injection	WebApps	PHP
2019-03-22	Matri4Web Matrimony Website Script - Multiple SQL Injection	WebApps	PHP
2019-03-21	Bootstrapy CMS - Multiple SQL Injection	WebApps	PHP
2019-03-21	Placeto CMS Alpha v4 - 'page' SQL Injection	WebApps	PHP
2019-03-21	uHotelBooking System - 'system_page' SQL Injection	WebApps	PHP
2019-03-21	The Company Business Website CMS - Multiple Vulnerabilities	WebApps	PHP
2019-03-21	Rails 5.2.1 - Arbitrary File Content Disclosure	WebApps	Multiple
21.03.2019	Netartmedia Vlog System - 'email' SQL Injection	webapps	PHP
21.03.2019	Rails 5.2.1 - Arbitrary File Content Disclosure	webapps	Multiple
21.03.2019	The Company Business Website CMS - Multiple Vulnerabilities	webapps	PHP
21.03.2019	uHotelBooking System - 'system_page' SQL Injection	webapps	PHP
21.03.2019	Placeto CMS Alpha v4 - 'page' SQL Injection	webapps	PHP
21.03.2019	Bootstrapy CMS - Multiple SQL Injection	webapps	PHP
20.03.2019	Netartmedia PHP Car Dealer - SQL Injection	webapps	PHP
20.03.2019	Netartmedia PHP Real Estate Agency 4.0 - SQL Injection	webapps	PHP
20.03.2019	Netartmedia Jobs Portal 6.1 - SQL Injection	webapps	PHP
20.03.2019	Netartmedia PHP Dating Site - SQL Injection	webapps	PHP
20.03.2019	Netartmedia PHP Business Directory 4.2 - SQL Injection	webapps	PHP
20.03.2019	202CMS v10beta - Multiple SQL Injection	webapps	PHP
20.03.2019	PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control	webapps	Hardware
20.03.2019	PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery	webapps	Hardware
20.03.2019	Netartmedia Deals Portal - 'Email' SQL Injection	webapps	PHP
19.03.2019	Gila CMS 1.9.1 - Cross-Site Scripting	webapps	PHP
19.03.2019	MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting	webapps	PHP
19.03.2019	eNdonesia Portal 8.7 - Multiple Vulnerabilities	webapps	PHP
19.03.2019	Netartmedia Event Portal 2.0 - 'Email' SQL Injection	webapps	PHP
19.03.2019	Netartmedia PHP Mall 4.1 - SQL Injection	webapps	PHP
19.03.2019	Netartmedia Real Estate Portal 5.0 - SQL Injection	webapps	PHP
18.03.2019	TheCarProject 2 - Multiple SQL Injection	webapps	PHP
15.03.2019	NetData 1.13.0 - HTML Injection	webapps	Multiple
15.03.2019	CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload	webapps	PHP
15.03.2019	ICE HRM 23.0 - Multiple Vulnerabilities	webapps	PHP
15.03.2019	Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities	webapps	PHP
15.03.2019	Laundry CMS - Multiple Vulnerabilities	webapps	PHP
15.03.2019	Moodle 3.4.1 - Remote Code Execution	webapps	PHP
14.03.2019	Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)	webapps	PHP
14.03.2019	Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution	webapps	PHP
13.03.2019	WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion	webapps	PHP
13.03.2019	pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting	webapps	PHP
12.03.2019	PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
11.03.2019	Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)	webapps	Multiple
11.03.2019	OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)	webapps	JSP
11.03.2019	PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution	webapps	Windows
11.03.2019	Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution	webapps	PHP
08.03.2019	OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting	webapps	Multiple
08.03.2019	McAfee ePO 5.9.1 - Registered Executable Local Access Bypass	webapps	Windows
08.03.2019	DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery	webapps	PHP
07.03.2019	Kados R10 GreenBee - Multiple SQL Injection	webapps	PHP
05.03.2019	OpenDocMan 1.3.4 - 'search.php where' SQL Injection	webapps	PHP
04.03.2019	Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution	webapps	Hardware
04.03.2019	zzzphp CMS 1.6.1 - Cross-Site Request Forgery	webapps	PHP
04.03.2019	Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)	webapps	Windows
04.03.2019	Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)	webapps	PHP
04.03.2019	OOP CMS BLOG 1.0 - Multiple SQL Injection	webapps	PHP
04.03.2019	OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery	webapps	PHP
04.03.2019	CMSsite 1.0 - Multiple Cross-Site Request Forgery	webapps	PHP
04.03.2019	elFinder 2.1.47 - 'PHP connector' Command Injection	webapps	PHP
04.03.2019	MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal	webapps	Windows
04.03.2019	Bolt CMS 3.6.4 - Cross-Site Scripting	webapps	PHP
04.03.2019	Craft CMS 3.1.12 Pro - Cross-Site Scripting	webapps	PHP
04.03.2019	WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities	webapps	PHP
04.03.2019	Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting	webapps	Hardware
01.03.2019	WordPress Core 5.0 - Remote Code Execution	webapps	PHP
28.02.2019	Simple Online Hotel Reservation System - SQL Injection	webapps	PHP
28.02.2019	Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)	webapps	PHP
28.02.2019	Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)	webapps	PHP
28.02.2019	Joomla! Component J2Store < 3.3.7 - SQL Injection	webapps	PHP
28.02.2019	Usermin 1.750 - Remote Command Execution (Metasploit)	webapps	Linux
28.02.2019	Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)	webapps	PHP
25.02.2019	Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution	webapps	Java
25.02.2019	zzzphp CMS 1.6.1 - Remote Code Execution	webapps	PHP
25.02.2019	PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection	webapps	PHP
25.02.2019	News Website Script 2.0.5 - SQL Injection	webapps	PHP
25.02.2019	Advance Gift Shop Pro Script 2.0.3 - SQL Injection	webapps	PHP
25.02.2019	Drupal < 8.6.9 - REST Module Remote Code Execution	webapps	PHP
23.02.2019	Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution	webapps	PHP
22.02.2019	Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution	webapps	Multiple
22.02.2019	Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation	webapps	Linux
22.02.2019	Teracue ENC-400 - Command Injection / Missing Authentication	webapps	Hardware
21.02.2019	C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection	webapps	PHP
21.02.2019	EI-Tube 3 - SQL Injection	webapps	PHP
20.02.2019	HotelDruid 2.3 - Cross-Site Scripting	webapps	PHP
19.02.2019	Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection	webapps	PHP
19.02.2019	Listing Hub CMS 1.0 - 'pages.php id' SQL Injection	webapps	PHP
19.02.2019	Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting	webapps	PHP
19.02.2019	eDirectory - SQL Injection	webapps	PHP
19.02.2019	XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting	webapps	PHP
19.02.2019	Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting	webapps	JSP
19.02.2019	Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection	webapps	PHP
19.02.2019	Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)	webapps	Java
18.02.2019	qdPM 9.1 - 'type' Cross-Site Scripting	webapps	PHP
18.02.2019	qdPM 9.1 - 'search[keywords]' Cross-Site Scripting	webapps	PHP
18.02.2019	Master IP CAM 01 3.3.4.2103 - Remote Command Execution	webapps	CGI
18.02.2019	MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module	webapps	PHP
18.02.2019	CMSsite 1.0 - 'post' SQL Injection	webapps	PHP
18.02.2019	M/Monit 3.7.2 - Privilege Escalation	webapps	Multiple
18.02.2019	Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload	webapps	PHP
18.02.2019	Apache CouchDB 2.3.0 - Cross-Site Scripting	webapps	Multiple
18.02.2019	ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting	webapps	Multiple
18.02.2019	Comodo Dome Firewall 2.7.0 - Cross-Site Scripting	webapps	Multiple
18.02.2019	Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload	webapps	JSP
18.02.2019	WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing	webapps	PHP
15.02.2019	MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery	webapps	PHP
15.02.2019	Jinja2 2.10 - 'from_string' Server Side Template Injection	webapps	Python
15.02.2019	qdPM 9.1 - 'search_by_extrafields[]' SQL Injection	webapps	PHP
15.02.2019	UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload	webapps	PHP
14.02.2019	DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting	webapps	PHP
14.02.2019	DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting	webapps	PHP
14.02.2019	DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting	webapps	PHP
14.02.2019	DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting	webapps	PHP
14.02.2019	DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting	webapps	PHP
14.02.2019	WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection	webapps	PHP
14.02.2019	LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
13.02.2019	Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting	webapps	PHP
13.02.2019	PilusCart 1.4.1 - 'send' SQL Injection	webapps	PHP
12.02.2019	OPNsense < 19.1.1 - Cross-Site Scripting	webapps	PHP
12.02.2019	Jenkins 2.150.2 - Remote Command Execution (Metasploit)	webapps	Linux
12.02.2019	BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution	webapps	ASPX
12.02.2019	LayerBB 1.1.2 - Cross-Site Scripting	webapps	PHP
11.02.2019	Smoothwall Express 3.1-SP4 - Cross-Site Scripting	webapps	CGI
11.02.2019	Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset	webapps	Hardware
11.02.2019	IPFire 2.21 - Cross-Site Scripting	webapps	CGI
11.02.2019	MyBB Bans List 1.0 - Cross-Site Scripting	webapps	PHP
11.02.2019	VA MAX 8.3.4 - (Authenticated) Remote Code Execution	webapps	PHP
11.02.2019	CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting	webapps	Linux
11.02.2019	Webiness Inventory 2.3 - 'email' SQL Injection	webapps	PHP
06.02.2019	osCommerce 2.3.4.1 - 'currency' SQL Injection	webapps	PHP
06.02.2019	osCommerce 2.3.4.1 - 'products_id' SQL Injection	webapps	PHP
06.02.2019	osCommerce 2.3.4.1 - 'reviews_id' SQL Injection	webapps	PHP
05.02.2019	BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure	webapps	Hardware
05.02.2019	BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)	webapps	Hardware
05.02.2019	BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution	webapps	Hardware
05.02.2019	BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure	webapps	Hardware
05.02.2019	devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery	webapps	Hardware
05.02.2019	devolo dLAN 550 duo+ Starter Kit - Remote Code Execution	webapps	Hardware
05.02.2019	Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery	webapps	Hardware
05.02.2019	OpenMRS Platform < 2.24.0 - Insecure Object Deserialization	webapps	Java
04.02.2019	ResourceSpace 8.6 - 'watched_searches.php' SQL Injection	webapps	PHP
04.02.2019	SuiteCRM 7.10.7 - 'parentTab' SQL Injection	webapps	PHP
04.02.2019	SuiteCRM 7.10.7 - 'record' SQL Injection	webapps	PHP
04.02.2019	Nessus 8.2.1 - Cross-Site Scripting	webapps	Multiple
04.02.2019	pfSense 2.4.4-p1 - Cross-Site Scripting	webapps	Multiple
01.02.2019	SureMDM < 2018-11 Patch - Local / Remote File Inclusion	webapps	Windows
30.01.2019	Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection	webapps	PHP
29.01.2019	PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)	webapps	PHP
28.01.2019	Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting	webapps	Java
28.01.2019	WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download	webapps	PHP
28.01.2019	AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery	webapps	Hardware
28.01.2019	LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference	webapps	Multiple
28.01.2019	CMSsite 1.0 - 'cat_id' SQL Injection	webapps	PHP
28.01.2019	CMSsite 1.0 - 'search' SQL Injection	webapps	PHP
28.01.2019	Cisco RV300 / RV320 - Information Disclosure	webapps	Hardware
28.01.2019	Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting	webapps	Hardware
28.01.2019	Newsbull Haber Script 1.0.0 - 'search' SQL Injection	webapps	PHP
28.01.2019	Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection	webapps	PHP
28.01.2019	Teameyo Project Management System 1.0 - SQL Injection	webapps	PHP
28.01.2019	Mess Management System 1.0 - SQL Injection	webapps	PHP
28.01.2019	MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting	webapps	PHP
28.01.2019	ResourceSpace 8.6 - 'collection_edit.php' SQL Injection	webapps	PHP
25.01.2019	Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection	webapps	Hardware
25.01.2019	GreenCMS 2.x - SQL Injection	webapps	PHP
25.01.2019	GreenCMS 2.x - Arbitrary File Download	webapps	PHP
25.01.2019	Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing	webapps	PHP
24.01.2019	Joomla! Component J-CruisePortal 6.0.4 - SQL Injection	webapps	PHP
24.01.2019	Joomla! Component JHotelReservation 6.0.7 - SQL Injection	webapps	PHP
24.01.2019	SimplePress CMS 1.0.7 - SQL Injection	webapps	PHP
24.01.2019	SirsiDynix e-Library 3.5.x - Cross-Site Scripting	webapps	CGI
24.01.2019	Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution	webapps	Windows
24.01.2019	ImpressCMS 1.3.11 - 'bid' SQL Injection	webapps	PHP
24.01.2019	Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery	webapps	Hardware
23.01.2019	Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation	webapps	Linux
23.01.2019	Joomla! Component vBizz 1.0.7 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component vBizz 1.0.7 - Remote Code Execution	webapps	PHP
23.01.2019	Joomla! Component vWishlist 1.0.1 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection	webapps	PHP
23.01.2019	Joomla! Component vReview 1.9.11 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component vRestaurant 1.9.4 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component VMap 1.9.6 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection	webapps	PHP
23.01.2019	Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection	webapps	PHP
23.01.2019	Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection	webapps	PHP
22.01.2019	Joomla! Component Easy Shop 1.2.3 - Local File Inclusion	webapps	PHP
21.01.2019	Kepler Wallpaper Script 1.1 - SQL Injection	webapps	PHP
21.01.2019	Coman 1.0 - 'id' SQL Injection	webapps	PHP
21.01.2019	Reservic 1.0 - 'id' SQL Injection	webapps	PHP
21.01.2019	MoneyFlux 1.0 - 'id' SQL Injection	webapps	PHP
21.01.2019	PHP Dashboards NEW 5.8 - 'dashID' SQL Injection	webapps	PHP
21.01.2019	PHP Dashboards NEW 5.8 - Local File Inclusion	webapps	PHP
21.01.2019	PHP Uber-style GeoTracking 1.1 - SQL Injection	webapps	PHP
21.01.2019	Adianti Framework 5.5.0 - SQL Injection	webapps	PHP
18.01.2019	SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion	webapps	PHP
18.01.2019	phpTransformer 2016.9 - SQL Injection	webapps	PHP
18.01.2019	phpTransformer 2016.9 - Directory Traversal	webapps	PHP
18.01.2019	Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings	webapps	PHP
18.01.2019	Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload	webapps	PHP
17.01.2019	Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting	webapps	Multiple
16.01.2019	FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure	webapps	Hardware
16.01.2019	Roxy Fileman 1.4.5 - Arbitrary File Download	webapps	PHP
16.01.2019	doorGets CMS 7.0 - Arbitrary File Download	webapps	PHP
16.01.2019	ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution	webapps	PHP
16.01.2019	GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal	webapps	Hardware
16.01.2019	Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset	webapps	Hardware
16.01.2019	Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit	webapps	PHP
15.01.2019	ownDMS 4.7 - SQL Injection	webapps	PHP
14.01.2019	Across DR-810 ROM-0 - Backup File Disclosure	webapps	Hardware
14.01.2019	i-doit CMDB 1.12 - Arbitrary File Download	webapps	PHP
14.01.2019	i-doit CMDB 1.12 - SQL Injection	webapps	PHP
14.01.2019	Horde Imp - 'imap_open' Remote Command Execution	webapps	PHP
14.01.2019	Modern POS 1.3 - Arbitrary File Download	webapps	PHP
14.01.2019	Modern POS 1.3 - SQL Injection	webapps	PHP
14.01.2019	Twilio WEB To Fax Machine System Application 1.0 - SQL Injection	webapps	PHP
14.01.2019	Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)	webapps	PHP
14.01.2019	Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection	webapps	PHP
14.01.2019	Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection	webapps	PHP
14.01.2019	Find a Place CMS Directory 1.5 - SQL Injection	webapps	PHP
14.01.2019	Cleanto 5.0 - SQL Injection	webapps	PHP
14.01.2019	Lenovo R2105 - Cross-Site Request Forgery (Command Execution)	webapps	Hardware
14.01.2019	HealthNode Hospital Management System 1.0 - SQL Injection	webapps	PHP
14.01.2019	Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)	webapps	PHP
14.01.2019	ThinkPHP 5.X - Remote Command Execution	webapps	PHP
14.01.2019	Real Estate Custom Script 2.0 - SQL Injection	webapps	PHP
14.01.2019	Job Portal Platform 1.0 - SQL Injection	webapps	PHP
14.01.2019	Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution	webapps	ASPX
14.01.2019	Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection	webapps	PHP
14.01.2019	Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection	webapps	Windows
14.01.2019	AudioCode 400HD - Command Injection	webapps	CGI
11.01.2019	Adapt Inventory Management System 1.0 - SQL Injection	webapps	PHP
11.01.2019	Joomla! Component JoomProject 1.1.3.2 - Information Disclosure	webapps	PHP
11.01.2019	Joomla! Component JoomCRM 1.1.1 - SQL Injection	webapps	PHP
10.01.2019	PEAR Archive_Tar < 1.4.4 - PHP Object Injection	webapps	PHP
10.01.2019	eBrigade ERP 4.5 - Arbitrary File Download	webapps	PHP
10.01.2019	Matrix MLM Script 1.0 - Information Disclosure	webapps	PHP
10.01.2019	doitX 1.0 - 'search' SQL Injection	webapps	PHP
10.01.2019	Shield CMS 2.2 - 'email' SQL Injection	webapps	PHP
10.01.2019	Architectural 1.0 - 'email' SQL Injection	webapps	PHP
10.01.2019	MLMPro 1.0 - SQL Injection	webapps	PHP
10.01.2019	Event Calendar 3.7.4 - 'id' SQL Injection	webapps	PHP
10.01.2019	Event Locations 1.0.1 - 'id' SQL Injection	webapps	PHP
10.01.2019	eBrigade ERP 4.5 - SQL Injection	webapps	PHP
10.01.2019	OpenSource ERP 6.3.1. - SQL Injection	webapps	Multiple
09.01.2019	Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)	webapps	Hardware
09.01.2019	ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting	webapps	Hardware
09.01.2019	BlogEngine 3.3 - XML External Entity Injection	webapps	Windows
08.01.2019	CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation	webapps	PHP
08.01.2019	Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection	webapps	PHP
07.01.2019	Embed Video Scripts - Persistent Cross-Site Scripting	webapps	PHP
07.01.2019	All in One Video Downloader 1.2 - (Authenticated) SQL Injection	webapps	PHP
07.01.2019	LayerBB 1.1.1 - Persistent Cross-Site Scripting	webapps	PHP
07.01.2019	MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting	webapps	PHP
07.01.2019	PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting	webapps	CGI
07.01.2019	phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting	webapps	PHP
07.01.2019	Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation	webapps	PHP
07.01.2019	MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection	webapps	PHP
07.01.2019	Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal	webapps	PHP
07.01.2019	Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data	webapps	Windows
07.01.2019	Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery	webapps	Windows
07.01.2019	Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection	webapps	Windows
07.01.2019	Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)	webapps	Hardware
02.01.2019	WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection	webapps	PHP
02.01.2019	Frog CMS 0.9.5 - Cross-Site Scripting	webapps	PHP
02.01.2019	Vtiger CRM 7.1.0 - Remote Code Execution	webapps	PHP