|
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Exploit
|
|
2018-01-12
|
|
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation Exploit
|
|
2018-01-12
|
|
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Exploit
|
|
2018-01-12
|
|
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow Exploit
|
|
2018-01-12
|
|
phpCollab 2.5.1 - Unauthenticated File Upload Exploit
|
|
2018-01-12
|
|
FreeBSD/x86 - reboot() Shellcode (15 Bytes)
|
|
2018-01-12
|
|
D-Link Routers 110/412/615/815 < 1.03 - service.cgi Arbitrary Code Execution Exploit
|
|
2018-01-12
|
|
MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service Vulnerability
|
|
2018-01-12
|
|
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping Vulnerability
|
|
2018-01-12
|
|
Parity Browser < 1.6.10 - Bypass Same Origin Policy Vulnerability
|
|
2018-01-12
|
|
SAP NetWeaver J2EE Engine 7.40 - SQL Injection Exploit
|
|
2018-01-12
|
|
Jungo Windriver 12.5.1 - Privilege Escalation Exploit
|
|
2018-01-12
|
|
Multiple CPUs - Information Leak Using Speculative Execution Exploit
|
|
2018-01-12
|
|
WordPress Admin Menu Tree Page View 2.6.9 Plugin - Cross-Site Request Forgery / Privilege Escalation
|
|
2018-01-12
|
|
WordPress CMS Tree Page View 1.4 Plugin - Cross-Site Request Forgery / Privilege Escalation Exploit
|
|
2018-01-12
|
|
WordPress Download Manager 2.9.60 Plugin - Cross-Site Request Forgery Vulnerability
|
|
2018-01-12
|
|
WordPress Social Media Widget by Acurax 3.2.5 Plugin - Cross-Site Request Forgery Vulnerability
|
|
2018-01-12
|
|
Joomla Easydiscuss Component < 4.0.21 - Cross-Site Scripting Vulnerability
|
|
2018-01-12
|
|
Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check
|
|
2018-01-12
|
|
BSD/x86 - setreuid(geteuid(), geteuid()) + execve(/bin/sh) Shellcode (36 bytes)
|
|
2018-01-12
|
|
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution Exploit
|
|
2018-01-12
|
|
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution Exploit
|
|
2018-01-12
|
|
WordPress Events Calendar Plugin - event_id SQL Injection Vulnerability
|
|
2018-01-12
|
|
Worpress Service Finder Booking < 3.2 Plugin - Local File Disclosure Vulnerability
|
|
2018-01-12
|
|
Synology Photostation 6.7.2-3429 - Remote Code Execution Exploit
|
|
2018-01-12
|
|
DiskBoss Enterprise 8.8.16 - Buffer Overflow Exploit
|
|
2018-01-12
|
|
Muviko 1.1 - SQL Injection Vulnerability
|
|
2018-01-12
|
|
Yawcam 0.6.0 Directory Traversal Vulnerability
|
|
2018-01-12
|
|
Commvault Communications Service (cvd) - Command Injection Exploit
|
|
2018-01-12
|
|
Microsoft Windows - nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformati
|
|
2018-01-12
|
|
Microsoft Windows - nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues) Ke
|
|
2018-01-12
|
|
Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit
|
|
2018-01-12
|
|
Microsoft Edge Chakra asm.js Out-of-Bounds Read Exploit
|
|
2018-01-12
|
|
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined Jav
|
|
2018-01-12
|
|
Microsoft Windows - Local XPS Print Spooler Sandbox Escape Exploit
|
|
2018-01-12
|
|
Android - Inter-Process munmap due to Race Condition in ashmem Exploit
|
|
2018-01-12
|
|
FiberHome LM53Q1 - Multiple Vulnerabilities
|
|
2018-01-12
|
|
Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability
|
|
2018-01-12
|
|
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC) Vulnerability
|
|
2018-01-12
|
|
DiskBoss Enterprise 8.5.12 - Denial of Service Exploit
|
|
2018-01-12
|
|
Disk Pulse Enterprise 10.1.18 - Denial of Service Exploit
|
|
2018-01-12
|
|
Microsoft Skypexspaces - DNS Squatting Web Vulnerability
|
|
2018-01-12
|
|
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability
|
|
2018-01-12
|
|
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability
|
|
2018-01-12
|
|
SonicWall SonicOS NSA - Bypass & Persistent Vulnerability
|
|
2018-01-12
|
|
SonicWall SonicOS NSA - Multiple Web Vulnerabilities
|
|
2018-01-12
|
|
Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability
|
|
2018-01-12
|
|
Linux/x86-64 - execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL) Shellcode (43 bytes)
|
|
2018-01-12
|
|
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
|
|
2018-01-12
|
|
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
|
|
2018-01-12
|
|
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
|
|
2018-01-12
|
|
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
|
|
2018-01-12
|
|
PyroBatchFTP < 3.19 - Buffer Overflow
|
|
2018-01-12
|
|
Kentico CMS 11.0 - Buffer Overflow
|
|
2018-01-12
|
|
Linux/SPARC - setreuid(0,0) + standard execve() Shellcode (72 bytes)
|
|
2018-01-12
|
|
Linux/SPARC - setreuid(0,0) + execve(/bin/sh) Shellcode (64 bytes)
|
|
2018-01-12
|
|
Taxi Booking Script 1.0 - Cross-site Scripting
|
|
2018-01-12
|
|
Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes)
|
|
2018-01-12
|
|
Linux/SuperH (sh4) - execve("/bin/sh", 0, 0) Shellcode (19 bytes)
|
|
2018-01-12
|
|
Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes)
|
|
2018-01-12
|
|
Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes)
|
|
2018-01-12
|
|
Linux/StrongARM - setuid() Shellcode (20 bytes)
|
|
2018-01-12
|
|
Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)
|
|
2018-01-12
|
|
Xnami 1.0 - Cross-Site Scripting
|
|
2018-01-12
|
|
Linux/ARM - execve("/bin/sh",NULL,0) Shellcode (31 bytes)
|
|
2018-01-12
|
|
Linux/ARM - execve("/bin/sh", [], [0 vars]) Shellcode (35 bytes)
|
|
2018-01-12
|
|
Linux/ARM - creat("/root/pwned", 0777) Shellcode (39 bytes)
|
|
2018-01-12
|
|
Linux/ARM - chmod("/etc/passwd", 0777) Shellcode (39 bytes)
|
|
2018-01-12
|
|
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
|
|
2018-01-12
|
|
Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata)
|
|
2018-01-12
|
|
ALLMediaServer 0.95 - Buffer Overflow
|
|
2018-01-12
|
|
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read
|
|
2018-01-11
|
|
macOS - 'process_policy' Stack Leak Through Uninitialized Field
|
|
2018-01-11
|
|
Linux/ARM - execve("/bin/sh", NULL, 0) Shellcode (34 bytes)
|
|
2018-01-11
|
|
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)
|
|
2018-01-11
|
|
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
|
|
2018-01-11
|
|
Microsoft Windows SMB Server (v1 and v2) - Mount Point Arbitrary Device Open Privilege Escalation
|
|
2018-01-11
|
|
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
|
|
2018-01-11
|
|
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
|
|
2018-01-11
|
|
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
|
|
2018-01-11
|
|
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
|
|
2018-01-11
|
|
IRIX - stdin-read Shellcode (40 bytes)
|
|
2018-01-11
|
|
IRIX - execve(/bin/sh) Shellcode (68 bytes)
|
|
2018-01-11
|
|
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
|
|
2018-01-11
|
|
IRIX - execve(/bin/sh) Shellcode (43 bytes)
|
|
2018-01-11
|
|
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
|
|
2018-01-11
|
|
FreeBSD - reboot() Shellcode (15 Bytes)
|
|
2018-01-11
|
|
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
|
|
2018-01-11
|
|
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 Bytes)
|
|
2018-01-11
|
|
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
|
|
2018-01-11
|
|
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
|
|
2018-01-11
|
|
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
|
|
2018-01-11
|
|
MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
|
|
2018-01-11
|
|
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping
|
|
2018-01-11
|
|
Parity Browser < 1.6.10 - Bypass Same Origin Policy
|
|
2018-01-11
|
|
Jungo WinDriver 12.5.1 - Local Privilege Escalation
|
|
2018-01-11
|
|
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
|
|
2018-01-11
|
|
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
|
|
2018-01-11
|
|
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
|
|
2018-01-11
|
|
Jungo Windriver 12.5.1 - Privilege Escalation
|
|
2018-01-11
|
|
HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)
|
|
2018-01-10
|
|
HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)
|
|
2018-01-10
|
|
Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check
|
|
2018-01-10
|
|
Multiple CPUs - Information Leak Using Speculative Execution
|
|
2018-01-10
|
|
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
|
|
2018-01-10
|
|
Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting
|
|
2018-01-10
|
|
WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery
|
|
2018-01-10
|
|
WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation
|
|
2018-01-10
|
|
WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation
|
|
2018-01-10
|
|
WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery
|
|
2018-01-10
|
|
BSD/x86 - setreuid(geteuid(), geteuid()) + execve("/bin/sh") Shellcode (36 bytes)
|
|
2018-01-10
|
|
Alpha - setuid() Shellcode (156 bytes)
|
|
2018-01-10
|
|
Alpha - execve() Shellcode (112 bytes)
|
|
2018-01-10
|
|
Alpha - /bin/sh Shellcode (80 bytes)
|
|
2018-01-10
|
|
WordPress Plugin Events Calendar - 'event_id' SQL Injection
|
|
2018-01-10
|
|
DiskBoss Enterprise 8.8.16 - Buffer Overflow
|
|
2018-01-10
|
|
Muviko 1.1 - SQL Injection
|
|
2018-01-10
|
|
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
|
|
2018-01-10
|
|
Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
|
|
2018-01-10
|
|
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
|
|
2018-01-10
|
|
Commvault Communications Service (cvd) - Command Injection (Metasploit)
|
|
2018-01-09
|
|
Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure
|
|
2018-01-09
|
|
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
|
|
2018-01-09
|
|
Microsoft Edge Chakra JIT - Escape Analysis Bug
|
|
2018-01-09
|
|
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read
|
|
2018-01-09
|
|
Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
|
|
2018-01-09
|
|
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions
|
|
2018-01-09
|
|
Microsoft Windows - Local XPS Print Spooler Sandbox Escape
|
|
2018-01-09
|
|
Android - Inter-Process munmap due to Race Condition in ashmem
|
|
2018-01-09
|
|
Magento Connect T1 - (Claim) Persistent Vulnerability
|
|
2018-01-08
|
|
Sync Breeze Enterprise 10.1.16 - Denial of Service Exploit
|
|
2018-01-08
|
|
Synology DiskStation Manager (DSM) < 6.1.3-15152 - forget_passwd.cgi User Enumeration
|
|
2018-01-08
|
|
VX Search Enterprise 10.1.12 - Denial of Service Exploit
|
|
2018-01-08
|
|
WordPress LearnDash 2.5.3 Plugin - Arbitrary File Upload Vulnerability
|
|
2018-01-08
|
|
Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit
|
|
2018-01-08
|
|
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access Vulnerability
|
|
2018-01-08
|
|
Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)
|
|
2018-01-08
|
|
Vanilla < 2.1.5 - Cross-Site Request Forgery
|
|
2018-01-08
|
|
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
|
|
2018-01-08
|
|
FiberHome LM53Q1 - Multiple Vulnerabilities
|
|
2018-01-08
|
|
SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities
|
|
2018-01-08
|
|
Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution
|
|
2018-01-08
|
|
Photos in Wifi 1.0.1 - Path Traversal
|
|
2018-01-08
|
|
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow
|
|
2018-01-08
|
|
Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration
|
|
2018-01-08
|
|
DiskBoss Enterprise 8.5.12 - Denial of Service
|
|
2018-01-08
|
|
Sync Breeze Enterprise 10.1.16 - Denial of Service
|
|
2018-01-08
|
|
Disk Pulse Enterprise 10.1.18 - Denial of Service
|
|
2018-01-08
|
|
VX Search Enterprise 10.1.12 - Denial of Service
|
|
2018-01-08
|
|
MS Sharepoint 2013 - Limited Access Permission Bypass
|
|
2018-01-08
|
|
Joomla Ad Agency 6.0.9 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla JHotelReservation 6.0.5 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla JMultipleHotelReservation 6.0.5 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla J-BusinessDirectory 4.7.3 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla JUX Real Estate 3.3.0 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla Real Estate 1.5 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla vRestaurant 1.9.4 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Joomla VMap 1.9.2 SQL Injection Vulnerability
|
|
2018-01-07
|
|
WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability
|
|
2018-01-07
|
|
AMD PSP fTPM Remote Code Execution Vulnerability
|
|
2018-01-07
|
|
Western Digital WDMyCloud mydlinkBRionyg Backdoor Exploit
|
|
2018-01-07
|
|
Western Digital WDMyCloud 2.30.165 Multiple Vulnerabilities
|
|
2018-01-07
|
|
BarcodeWiz ActiveX Control Buffer Overflow Vulnerability
|
|
2018-01-07
|
|
Gespage 7.4.8 Cross Site Scripting Vulnerability
|
|
2018-01-07
|
|
Icyphoenix 2.2.0.105 SQL Injection Vulnerability
|
|
2018-01-07
|
|
Linux/x86 chmod 777 /etc/sudoers Shellcode (36 bytes)
|
|
2018-01-07
|
|
Cisco IOS - Remote Code Execution Exploit
|
|
2018-01-07
|
|
Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit
|
|
2018-01-07
|
|
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
|
|
2018-01-06
|
|
VMware Workstation - ALSA Config File Local Privilege Escalation Exploit
|
|
2018-01-06
|
|
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC
|
|
2018-01-06
|
|
GetGo Download Manager 5.3.0.2712 - Proxy Buffer Overflow Exploit
|
|
2018-01-06
|
|
Gespage 7.4.8 - SQL Injection Exploit
|
|
2018-01-06
|
|
Cisco IOS - Remote Code Execution
|
|
2018-01-05
|
|
VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
|
|
2018-01-05
|
|
Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit)
|
|
2018-01-05
|
|
Gespage 7.4.8 - SQL Injection
|
|
2018-01-05
|
|
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache
|
|
2018-01-05
|
|
Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
Max Web Portal < 1.30 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
MegaBrowser < 0.71b - Multiple Vulnerabilities
|
|
2018-01-05
|
|
FTP Service < 1.2 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
WinMX < 2.6 - Design Error
|
|
2018-01-05
|
|
P-Synch < 6.2.5 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
phpLinks < 2.1.2 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
PHP Topsites < 2.2 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
Zen Cart < 1.3.8a - SQL Injection
|
|
2018-01-05
|
|
WDMyCloud < 2.30.165 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access
|
|
2018-01-05
|
|
Linux/x86 - Reverse TCP Shell (127.1.1.1:8888/TCP) Shellcode (69 bytes)
|
|
2018-01-05
|
|
GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow
|
|
2018-01-05
|
|
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
|
|
2018-01-05
|
|
Wickr Inc - App Clock & Message Deletion Glitch P2
|
|
2018-01-05
|
|
Wowonder CMS - Privilege Escalation Vulnerability
|
|
2018-01-05
|
|
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability
|
|
2018-01-05
|
|
Iopsys Router - dhcp Remote Code Execution
|
|
2018-01-04
|
|
Multiple CPUs - Spectre Information Disclosure (PoC) Exploit
|
|
2018-01-04
|
|
Xplico - Remote Code Execution (Metasploit)
|
|
2018-01-04
|
|
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)
|
|
2018-01-04
|
|
Iopsys Router - 'dhcp' Remote Code Execution
|
|
2018-01-04
|
|
Apple iOS v11 6S & 7 - (Health Application) DoS Vulnerability
|
|
2018-01-04
|
|
Adobe CreativeCloud (Webform) - Persistent Vulnerability
|
|
2018-01-04
|
|
Linksys WVBR0-25 User-Agent Command Execution Exploit
|
|
2018-01-04
|
|
Multiple CPUs - 'Spectre' Information Disclosure (PoC)
|
|
2018-01-04
|
|
Xplico Remote Code Execution Exploit
|
|
2018-01-04
|
|
Kingsoft Antivirus / Internet Security 9+ - Privilege Escalation Exploit
|
|
2018-01-04
|
|
EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection
|
|
2018-01-03
|
|
Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation
|
|
2018-01-03
|
|
Atlassian Bamboo Code Execution / Argument Injection Vulnerabilities
|
|
2018-01-03
|
|
b2evolution CMS 6.8.10 PHP Code Execution Vulnerability
|
|
2018-01-03
|
|
EMC xPression 4.5SP1 Patch 13 SQL Injection Vulnerability
|
|
2018-01-03
|
|
Joomla Advertisement Board Classifieds 3.2.0 Shell Upload Vulnerability
|
|
2018-01-03
|
|
Joomla VehicleManager 3.9.15 SQL Injection Vulnerability
|
|
2018-01-03
|
|
Joomla RealEstateManager 4.2.0 SQL Injection Vulnerability
|
|
2018-01-03
|
|
Joomla EXP Auto 4.2.3 SQL Injection Vulnerability
|
|
2018-01-03
|
|
Salesforce Force (EventRSVP) - Multiple Web Vulnerabilities
|
|
2018-01-03
|
|
Wickr Inc Bug Bounty Program - Zero Day Vulnerabilities
|
|
2018-01-03
|
|
Wincor Nixdorf PC/E Mobile Cash TryOut - API Vulnerability
|
|
2018-01-03
|
|
Wickr Inc - Zero Day Vulnerability Research Report P1
|
|
2018-01-03
|
|
Magento Commerce - SSRF & XSPA Web Vulnerability
|
|
2018-01-03
|
|
WordPress Smart Google Code Inserter Plugin < 3.5 - Authentication Bypass / SQL Injection
|
|
2018-01-03
|
|
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities
|
|
2018-01-03
|
|
DLink DSL-6850U Multiple Vulnerabilities
|
|
2018-01-03
|
|
Joomla VP Conversion Tracking 1.7 SQL Injection Vulnerability
|
|
2018-01-03
|
|
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
|
|
2018-01-03
|
|
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Privilege Escalation Exploit
|
|
2018-01-03
|
|
Joomla JomDirectory 4.4 SQL Injection Vulnerability
|
|
2018-01-03
|
|
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)
|
|
2018-01-02
|
|
Apple macOS - IOHIDSystem Kernel Read/Write Exploit
|
|
2018-01-02
|
|
Huawei HG532 Router - Arbitrary Command Execution Exploit
|
|
2018-01-02
|
|
D3DGear 5.00 Build 2175 - Buffer Overflow Exploit
|
|
2018-01-02
|
|
PHP Melody 2.7.1 - playlist SQL Injection Vulnerability
|
|
2018-01-02
|
|
Apple macOS - IOHIDSystem Kernel Read/Write
|
|
2018-01-01
|
|
Huawei Router HG532 - Arbitrary Command Execution
|
|
2018-01-01
|
|
Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)
|
|
2018-01-01
|
|
Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)
|
|
2018-01-01
|
|
HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)
|
|
2018-01-01
|
|
D3DGear 5.00 Build 2175 - Buffer Overflow
|
|
2017-12-31
|
|
PHP Melody 2.7.1 - 'playlist' SQL Injection
|
|
2017-12-31
|
|
Joomla Jtag Members Directory 5.3.7 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla JomEstate PRO 3.7 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla JomEvents 3.7 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla JomHoliday 4.0 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla Jtag Minicart 4.1.0 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla Varista Education 2.9 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla SP Movie Database 1.4 SQL Injection Vulnerability
|
|
2017-12-31
|
|
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution Exploit
|
|
2017-12-31
|
|
Library CMS 1.0 Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
Locations Multipurpose CMS Directory Theme 1.0 Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
Tripbuddy Travel, Locations, And Events 1.0 Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
GoodTravel Travel And Locations 1.0 Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
NetWin SurgeFTP 23f2 Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution Exploit
|
|
2017-12-31
|
|
Cambium ePMP1000 3.1-3.5-RC7 Command Injection Exploit
|
|
2017-12-31
|
|
Cambium ePMP1000 2.5 Command Injection Exploit
|
|
2017-12-31
|
|
HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability
|
|
2017-12-31
|
|
Joomla YJ Filter For K2 1.0.5 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla YJ Live Search 2.0 SQL Injection Vulnerability
|
|
2017-12-31
|
|
Joomla YouBumpit 2.0 SQL Injection Vulnerability
|
|
2017-12-31
|
|
NetTransport 2.96L - Buffer Overflow (DEP Bypass) Exploit
|
|
2017-12-31
|
|
ALLMediaServer 0.95 - Buffer Overflow (Metasploit) Exploit
|
|
2017-12-31
|
|
Huawei P8 wkupccpu debugfs Kernel Buffer Overflow Vulnerability
|
|
2017-12-31
|
|
Ichano AtHome IP Cameras Multiple Vulnerabilities
|
|
2017-12-31
|
|
Kingsoft Antivirus/Internet Security 9+ Privilege Escalation Exploit
|
|
2017-12-31
|
|
Trustwave SWG Unauthorized Access Vulnerability
|
|
2017-12-31
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure Vulnerability
|
|
2017-12-31
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Vulnerability
|
|
2017-12-31
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service Exploit
|
|
2017-12-31
|
|
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download Exploit
|
|
2017-12-31
|
|
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Vulnerability
|
|
2017-12-31
|
|
WordPress Easy Appointments 1.2.1 Plugin - Cross-Site Scripting Vulnerability
|
|
2017-12-31
|
|
ALLMediaServer 0.95 - Buffer Overflow Exploit
|
|
2017-12-31
|
|
SysGauge Server 3.6.18 - Denial of Service Exploit
|
|
2017-12-31
|
|
Sony Playstation 4 4.05 FW - Local Kernel Exploit
|
|
2017-12-31
|
|
Joomla JEXTN FAQ Pro 4.0.0 Component - id SQL Injection Vulnerability
|
|
2017-12-31
|
|
Sendroid < 6.5.0 - SQL Injection Exploit
|
|
2017-12-31
|
|
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability
|
|
2017-12-31
|
|
COMTREND ADSL Router CT-5367 - Remote Code Execution Exploit
|
|
2017-12-31
|
|
Biometric Shift Employee Management System 3.0 - Local File Disclosure Vulnerability
|
|
2017-12-31
|
|
Vitek Remote Code Execution / Information Disclosure Vulnerabilities
|
|
2017-12-31
|
|
Ubiquiti UniFi Video 3.7.3 Local Privilege Escalation Vulnerability
|
|
2017-12-31
|
|
GetGo Download Manager 5.3.0.2712 Buffer Overflow Exploit
|
|
2017-12-31
|
|
EMC VNX1 / VNX2 Family Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
WordPress mgl-instagram-gallery Plugin Cross Site Scripting Vulnerability
|
|
2017-12-31
|
|
NetTransport 2.96L - Buffer Overflow (DEP Bypass)
|
|
2017-12-29
|
|
ALLMediaServer 0.95 - Buffer Overflow (Metasploit)
|
|
2017-12-28
|
|
ALLMediaServer 0.95 - Buffer Overflow (PoC)
|
|
2017-12-28
|
|
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)
|
|
2017-12-28
|
|
SysGauge Server 3.6.18 - Denial of Service
|
|
2017-12-28
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure
|
|
2017-12-28
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
|
|
2017-12-28
|
|
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
|
|
2017-12-28
|
|
Easy!Appointments 1.2.1 - Cross-Site Scripting
|
|
2017-12-28
|
|
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
|
|
2017-12-28
|
|
Sony Playstation 4 4.05 FW - Local Kernel Loader
|
|
2017-12-28
|
|
SilverStripe CMS 3.6.2 - CSV Excel Macro Injection
|
|
2017-12-28
|
|
Sendroid < 6.5.0 - SQL Injection
|
|
2017-12-28
|
|
Biometric Shift Employee Management System 3.0 - Local File Disclosure
|
|
2017-12-28
|
|
Joomla! Component JEXTN FAQ Pro 4.0.0 - 'id' SQL Injection
|
|
2017-12-28
|
|
GetGo Download Manager 5.3.0.2712 - Buffer Overflow
|
|
2017-12-28
|
|
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation
|
|
2017-12-28
|
|
COMTREND ADSL Router CT-5367 - Remote Code Execution
|
|
2017-12-28
|
|
Oracle MySQL UDF Payload Execution Exploit
|
|
2017-12-22
|
|
Joomla JB Bus 2.3.0 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Joomla JB Tour Booking 2.2.2 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure Vulnerabilities
|
|
2017-12-22
|
|
ServersCheck Monitoring Software Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
phpMars 1.0.9 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Online Hotel Booking System Pro 1.3 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Roommate And Real Estate Listing Classified Response 1.0 XSS Vulnerability
|
|
2017-12-22
|
|
Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
|
|
2017-12-22
|
|
Xbox 360 Aurora 0.6b Default Credentials / FTP BruteForce Exploit
|
|
2017-12-22
|
|
Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory E
|
|
2017-12-22
|
|
Netcore / Netis Routers - UDP Backdoor Exploit
|
|
2017-12-22
|
|
Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Exploit
|
|
2017-12-22
|
|
Technicolor DPC3928SL - SNMP Authentication Bypass Exploit
|
|
2017-12-22
|
|
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit
|
|
2017-12-22
|
|
Linux Kernel >= 4.9 eBPF memory corruption bugs Vulnerability
|
|
2017-12-22
|
|
Palo Alto Networks PAN-OS Cookie Injection Vulnerability
|
|
2017-12-22
|
|
WordPress Itinerary 1.0.0 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress WebConnex Form Management 1.6.3 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Grifus 4.0.1 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Conarc iChannel - Improper Access Restrictions Vulnerability
|
|
2017-12-22
|
|
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Chan
|
|
2017-12-22
|
|
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0
|
|
2017-12-22
|
|
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit
|
|
2017-12-22
|
|
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities
|
|
2017-12-22
|
|
WordPress Clean Up Optimizer 4.0.0 SQL Injection Vulnerability
|
|
2017-12-22
|
|
WordPress Concours 1.1 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Custom Map 1.1 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress CSV Import-Export 1.1 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Microsoft Windows 10 Hello Face Authentication Bypass Vulnerability
|
|
2017-12-22
|
|
TP-Link TL-SG108E XSS / Weak Access Control Vulnerability
|
|
2017-12-22
|
|
Samsung Internet Browser - SOP Bypass Exploit
|
|
2017-12-22
|
|
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Exploit
|
|
2017-12-22
|
|
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free Exploit
|
|
2017-12-22
|
|
Microsoft Windows jscript!JsArraySlice Uninitialized Variable Exploit
|
|
2017-12-22
|
|
Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit
|
|
2017-12-22
|
|
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit
|
|
2017-12-22
|
|
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read Exploit
|
|
2017-12-22
|
|
Microsoft Windows Array.sort jscript.dll Heap Overflow Exploit
|
|
2017-12-22
|
|
Jenkins XStream Groovy classpath Deserialization Exploit
|
|
2017-12-22
|
|
Tuleap 9.6 Second-Order PHP Object Injection Exploit
|
|
2017-12-22
|
|
WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS Vulnerability
|
|
2017-12-22
|
|
WordPress Share This Image 1.03 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Joomla NextGen Editor 2.1.0 Component - plname SQL Injection Vulnerability
|
|
2017-12-22
|
|
Linksys WVBR0 - User-Agent Remote Command Injection Exploit
|
|
2017-12-22
|
|
Joomla My Projects 2.0 Component - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Joomla User Bench 1.0 Component - userid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Joomla Guru Pro Component - promocode SQL Injection Vulnerability
|
|
2017-12-22
|
|
Joomla JB Visa 1.0 Component - visatype SQL Injection Vulnerability
|
|
2017-12-22
|
|
Linux kernel < 4.10.15 - Race Condition Privilege Escalation Exploit
|
|
2017-12-22
|
|
Outlook for Android - Attachment Download Directory Traversal Exploit
|
|
2017-12-22
|
|
GoAhead httpd 2.5 < 3.6.5 - LD_PRELOAD Remote Code Execution Exploit
|
|
2017-12-22
|
|
CDex 1.96 - Buffer Overflow Exploit
|
|
2017-12-22
|
|
WordPress Placemarks 2.0.0 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS Vulnerability
|
|
2017-12-22
|
|
Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability
|
|
2017-12-22
|
|
Zoom Linux Client 2.0.106600.0904 Buffer Overflow Vulnerability
|
|
2017-12-22
|
|
Monstra CMS 3.0.4 Remote Shell Upload Vulnerability
|
|
2017-12-22
|
|
VLC 2.2.8 MP4 Demux Type Conversion Vulnerability
|
|
2017-12-22
|
|
Joomla JBcatalog Component - Arbitrary File Upload Vulnerability
|
|
2017-12-22
|
|
WordPress FormCraft Plugins - Cross-Site Scripting Image type Vulnerability
|
|
2017-12-22
|
|
Western Digital MyCloud multi_uploadify File Upload Exploit
|
|
2017-12-22
|
|
Movie Guide 2.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Sync Breeze 10.2.12 - Denial of Service Exploit
|
|
2017-12-22
|
|
WordPress Pinterest Badge 1.8.0 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Kemp Load Balancer WAF 7.2.40 Bypass Vulnerability
|
|
2017-12-22
|
|
ITGuard-Manager 0.0.0.1 - Remote Code Execution Exploit
|
|
2017-12-22
|
|
vBulletin 5 routestring Unauthenticated Remote Code Execution Vulnerability
|
|
2017-12-22
|
|
vBulletin 5 cacheTemplates Unauthenticated Remote Arbitrary File Deletion Vulnerability
|
|
2017-12-22
|
|
pfSense 2.4.1 - CSRF Error Page Clickjacking Exploit
|
|
2017-12-22
|
|
Palo Alto Networks Firewalls Remote Root Code Execution Vulnerability
|
|
2017-12-22
|
|
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password Vulnerabilities
|
|
2017-12-22
|
|
EMC Isilon OneFS Privilege Escalation Vulnerability
|
|
2017-12-22
|
|
Fortinet FortiClient VPN Credential Disclosure Vulnerability
|
|
2017-12-22
|
|
Advantech WebAccess 8.2 Stack Buffer Overflow Exploit
|
|
2017-12-22
|
|
Dup Scout Enterprise 10.0.18 Buffer Overflow Exploit
|
|
2017-12-22
|
|
Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass Vulnerability
|
|
2017-12-22
|
|
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability (2)
|
|
2017-12-22
|
|
Piwigo 2.9.1 - cat_true / cat_false SQL Injection Vulnerability
|
|
2017-12-22
|
|
Bus Booking Script 1.0 - txtname SQL Injection Vulnerability
|
|
2017-12-22
|
|
FS Lynda Clone 1.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Paid To Read Script 2.0.5 - uid / fnum / fn SQL Injection Vulnerability
|
|
2017-12-22
|
|
Readymade Video Sharing Script 3.2 - HTML Injection Vulnerability
|
|
2017-12-22
|
|
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability
|
|
2017-12-22
|
|
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress WordApp Mobile 2.0.3 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress WooPay Inicis 1.1.3 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Joomla JEXTN Video Gallery 3.0.5 Component - id SQL Injection Vulnerability
|
|
2017-12-22
|
|
Joomla JEXTN Question And Answer 3.1.0 Component - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Microsoft Office DDE Payload Delivery Exploit
|
|
2017-12-22
|
|
glibc ld.so - Memory Leak / Buffer Overflow Vulnerability
|
|
2017-12-22
|
|
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkCo
|
|
2017-12-22
|
|
Libraw 0.18.5 Denial Of Service Vulnerability
|
|
2017-12-22
|
|
Joomla JBuildozer 1.4.1 Component - appid SQL Injection Vulnerability
|
|
2017-12-22
|
|
WordPress Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Vulnerab
|
|
2017-12-22
|
|
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 3
|
|
2017-12-22
|
|
macOS / iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in I
|
|
2017-12-22
|
|
macOS / iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
|
|
2017-12-22
|
|
macOS getrusage Stack Leak Exploit
|
|
2017-12-22
|
|
macOS necp_get_socket_attributes so_pcb Type Confusion Exploit
|
|
2017-12-22
|
|
Vanguard 1.4 Arbitrary File Upload Vulnerability
|
|
2017-12-22
|
|
Vanguard 1.4 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Basic Job Site Script 2.0.5 SQL Injection Vulnerability
|
|
2017-12-22
|
|
MLM Forex Market Plan Script 2.0.4 - newid / eventid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Advanced Real Estate Script 4.0.7 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Single Theater Booking Script 3.2.1 - findcity.php?q SQL Injection Vulnerability
|
|
2017-12-22
|
|
Multiplex Movie Theater Booking Script 3.1.5 - moid / eid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Responsive Events & Movie Ticket Booking Script 3.2.1 - findcity.php?q SQL Injection Vulnerabili
|
|
2017-12-22
|
|
Multireligion Responsive Matrimonial 4.7.2 - succid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Responsive Realestate Script 3.2 - property-list?tbud SQL Injection Vulnerability
|
|
2017-12-22
|
|
Readymade Video Sharing Script 3.2 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Readymade PHP Classified Script 3.3 - subctid / mctid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Professional Service Script 1.0 - service-list?city SQL Injection Vulnerability
|
|
2017-12-22
|
|
PHP Multivendor Ecommerce 1.0 - sid / searchcat / chid1 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Opensource Classified Ads Script 3.2 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Online Exam Test Application Script 1.6 - exams.php?sort SQL Injection Vulnerability
|
|
2017-12-22
|
|
Lawyer Search Script 1.1 - lawyer-list?city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Laundry Booking Script 1.0 - list?city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Secure E-commerce Script 2.0.1 - searchcat / searchmain SQL Injection Vulnerability
|
|
2017-12-22
|
|
Foodspotting Clone Script 1.0 - quicksearch.php?q SQL Injection Vulnerability
|
|
2017-12-22
|
|
Hot Scripts Clone 3.1 - subctid / mctid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Freelance Website Script 2.0.6 - pr_id / catid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Yoga Class Script 1.0 - list?city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Food Order Script 1.0 - list?city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Facebook Clone Script 1.0 - id / send SQL Injection Vulnerability
|
|
2017-12-22
|
|
Entrepreneur Dating Script 2.0.1 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
TeamCity 2017.1.5 Privilege Escalation Vulnerability
|
|
2017-12-22
|
|
Doctor Search Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Event Calendar Category Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
E-commerce MLM Software 1.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Entrepreneur Job Portal Script 2.0.6 - jobsearch_all.php?rid1 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Consumer Complaints Clone Script 1.0 - id SQL Injection Vulnerability
|
|
2017-12-22
|
|
Co-work Space Search Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Child Care Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Cab Booking Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Nearbuy Clone Script 3.2 - search SQL Injection Vulnerability
|
|
2017-12-22
|
|
CMS Auditor Website 1.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Chartered Accountant Booking Script 1.0 - city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Basic B2B Script 2.0.8 - product_details.php?id SQL Injection Vulnerability
|
|
2017-12-22
|
|
Beauty Parlour Booking Script 1.0 - gender / city SQL Injection Vulnerability
|
|
2017-12-22
|
|
Affiliate MLM Script 1.0 - product-category.php?key SQL Injection Vulnerability
|
|
2017-12-22
|
|
Advance Online Learning Management Script 3.1 - subcatid / popcourseid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Advance B2B Script 2.1.3 - show_id / pid SQL Injection Vulnerability
|
|
2017-12-22
|
|
Simple Chatting System 1.0.0 Arbitrary File Upload Vulnerability
|
|
2017-12-22
|
|
DomainSale PHP Script 1.0 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Realestate Crowdfunding Script 2.7.2 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Website Auction Marketplace 2.0.5 SQL Injection Vulnerability
|
|
2017-12-22
|
|
Apple macOS 10.13.1 High Sierra - Blank Root Local Privilege Escalation Vulnerability
|
|
2017-12-22
|
|
Apple macOS 10.13.1 High Sierra - Insecure Cron System Local Privilege Escalation Vulnerability
|
|
2017-12-22
|
|
WordPress Crowd Ideas 1.0 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
LabF nfsAxe FTP Client 3.7 Buffer Overflow Exploit
|
|
2017-12-22
|
|
iTech Travel Script v9.59 - id SQL Injection Vulnerability
|
|
2017-12-22
|
|
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Exploit
|
|
2017-12-22
|
|
LaCie 5big Network 2.2.8 Command Injection Exploit
|
|
2017-12-22
|
|
Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Exploit
|
|
2017-12-22
|
|
Linux Kernel - DCCP Socket Use-After-Free Exploit
|
|
2017-12-22
|
|
FS Facebook Clone - token SQL Injection Vulnerability
|
|
2017-12-22
|
|
FS IMDB Clone - XSS REFLECTED/PERSISTENT Vulnerabilties
|
|
2017-12-22
|
|
FS IMDB Clone - id SQL Injection Vulnerability
|
|
2017-12-22
|
|
WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Z-URL Preview 1.6.1 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress WP Mailster 1.5.4.0 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Super Simple Custom CSS 1.2 Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS Vulnerability
|
|
2017-12-22
|
|
Hashicorp vagrant-vmware-fusion 4.0.24 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Hashicorp vagrant-vmware-fusion 5.0.1 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Arq 5.9.7 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Arq 5.9.6 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Microsoft Edge Chakra CFG Bypass With leafInterpreterFrame Vulnerability
|
|
2017-12-22
|
|
Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability
|
|
2017-12-22
|
|
Microsoft Edge Chakra CFG Bypass By Overwriting JavaScript Bytecode Vulnerability
|
|
2017-12-22
|
|
Claymore Dual Miner 10.1 Stack Buffer Overflow Vulnerability
|
|
2017-12-22
|
|
Murus 1.4.11 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Sera 1.2 - Local root Privilege Escalation / Password Disclosure Exploit
|
|
2017-12-22
|
|
Microsoft Office Equation Editor Code Execution Exploit
|
|
2017-12-22
|
|
Proxifier for Mac 2.19 - Local root Privilege Escalation Exploit
|
|
2017-12-22
|
|
Polycom Shell HDX Series Traceroute Command Execution Exploit
|
|
2017-12-22
|
|
FS Makemytrip Clone - SQL Injection Vulnerability
|
|
2017-12-22
|
|
FS Shaadi Clone - SQL Injection Vulnerability
|
|
2017-12-22
|
|
VX Search 10.2.14 - command_nameuffer Overflow Exploit
|
|
2017-12-22
|
|
Techno Portfolio Management Panel - id SQL Injection Vulnerability
|
|
2017-12-22
|
|
Readymade Classifieds Script 1.0 - SQL Injection Vulnerability
|
|
2017-12-22
|
|
Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation Vulnerability
|
|
2017-12-22
|
|
Artica Web Proxy 3.06.112216 Remote Code Execution Vulnerability
|
|
2017-12-22
|
|
aws-cfn-bootstrap Local Code Execution Vulnerability
|
|
2017-12-22
|
|
Symantec Encryption Desktop And Endpoint Encryption Local Privilege Escalation
|
|
2017-12-22
|
|
WinduCMS 3.1 Local File Disclosure Exploit
|
|
2017-12-22
|
|
SocuSoft Co. Photo 2 Video Converter 8.0.0 Code Execution / DoS Exploit
|
|
2017-12-22
|
|
CEMLink 6 Unrestricted WSDL Service Access / Poor Crypto Implementation Vulnerabilities
|
|
2017-12-22
|
|
Axis Communications MPQT/PACS Heap Overflow / Information Leakage Vulnerabilities
|
|
2017-12-22
|
|
FortiGate SSL VPN Portal 5.x Cross Site Scripting Vulnerability
|
|
2017-12-22
|
|
Apache Struts2 S2-055 DoS Vulnerability
|
|
2017-12-22
|
|
Apache Struts2 S2-054 DoS Vulnerability
|
|
2017-12-22
|
|
OpenEMR 5.0.0 Command Injection / Cross Site Scripting Vulnerabilities
|
|
2017-12-22
|
|
Netcore / Netis Routers - UDP Backdoor
|
|
2017-12-21
|
|
Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor
|
|
2017-12-21
|
|
Technicolor DPC3928SL - SNMP Authentication Bypass
|
|
2017-12-21
|
|
Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory
|
|
2017-12-21
|
|
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
|
|
2017-12-21
|
|
Conarc iChannel - Improper Access Restrictions
|
|
2017-12-21
|
|
Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' Double-Write Ring-0 Address Leak
|
|
2017-12-20
|
|
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
|
|
2017-12-20
|
|
Ability Mail Server 3.3.2 - Cross-Site Scripting
|
|
2017-12-20
|
|
Samsung Internet Browser - SOP Bypass (Metasploit)
|
|
2017-12-20
|
|
Jenkins - XStream Groovy classpath Deserialization (Metasploit)
|
|
2017-12-19
|
|
Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)
|
|
2017-12-19
|
|
Intel Content Protection HECI Service - Type Confusion Privilege Escalation
|
|
2017-12-19
|
|
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read
|
|
2017-12-19
|
|
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
|
|
2017-12-19
|
|
Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow
|
|
2017-12-19
|
|
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD
|
|
2017-12-19
|
|
Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free
|
|
2017-12-19
|
|
Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free
|
|
2017-12-19
|
|
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change (PoC)
|
|
2017-12-19
|
|
Joomla! Component NextGen Editor 2.1.0 - 'plname' SQL Injection
|
|
2017-12-19
|
|
BrightSign Digital Signage - Multiple Vulnerablities
|
|
2017-12-19
|
|
Linksys WVBR0 - 'User-Agent' Remote Command Injection
|
|
2017-12-18
|
|
vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
|
|
2017-12-18
|
|
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution
|
|
2017-12-18
|
|
vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution
|
|
2017-12-18
|
|
Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape
|
|
2017-12-18
|
|
Joomla! Component My Projects 2.0 - SQL Injection
|
|
2017-12-18
|
|
Outlook for Android - Attachment Download Directory Traversal
|
|
2017-12-18
|
|
Joomla! Component User Bench 1.0 - 'userid' SQL Injection
|
|
2017-12-18
|
|
Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit)
|
|
2017-12-18
|
|
Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow
|
|
2017-12-18
|
|
Zoom Linux Client 2.0.106600.0904 - Command Injection
|
|
2017-12-18
|
|
Linux kernel < 4.10.15 - Race Condition Privilege Escalation
|
|
2017-12-18
|
|
CDex 1.96 - Buffer Overflow
|
|
2017-12-18
|
|
Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection
|
|
2017-12-18
|
|
Joomla! Component Guru Pro - 'promocode' SQL Injection
|
|
2017-12-18
|
|
Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
|
|
2017-12-18
|
|
Movie Guide 2.0 - SQL Injection
|
|
2017-12-15
|
|
Sync Breeze 10.2.12 - Denial of Service
|
|
2017-12-15
|
|
ITGuard-Manager 0.0.0.1 - Remote Code Execution
|
|
2017-12-15
|
|
Palo Alto Networks Firewalls - Remote root Code Execution
|
|
2017-12-14
|
|
pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit)
|
|
2017-12-14
|
|
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
|
|
2017-12-14
|
|
Dup Scout Enterprise - Login Buffer Overflow (Metasploit)
|
|
2017-12-14
|
|
Microsoft Office - DDE Payload Delivery (Metasploit)
|
|
2017-12-14
|
|
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
|
|
2017-12-14
|
|
Bus Booking Script 1.0 - 'txtname' SQL Injection
|
|
2017-12-14
|
|
FS Lynda Clone 1.0 - SQL Injection
|
|
2017-12-14
|
|
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection
|
|
2017-12-14
|
|
Readymade Video Sharing Script 3.2 - HTML Injection
|
|
2017-12-14
|
|
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection
|
|
2017-12-14
|
|
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
|
|
2017-12-14
|
|
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
|
|
2017-12-13
|
|
glibc ld.so - Memory Leak / Buffer Overflow
|
|
2017-12-13
|
|
macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
|
|
2017-12-12
|
|
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
|
|
2017-12-12
|
|
macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient
|
|
2017-12-12
|
|
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms
|
|
2017-12-12
|
|
Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
|
|
2017-12-12
|
|
Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection
|
|
2017-12-12
|
|
iOS/macOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
|
|
2017-12-11
|
|
macOS - 'getrusage' Stack Leak Through struct Padding
|
|
2017-12-11
|
|
macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
|
|
2017-12-11
|
|
LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow
|
|
2017-12-11
|
|
macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
|
|
2017-12-11
|
|
MikroTik 6.40.5 ICMP - Denial of Service
|
|
2017-12-11
|
|
Muslim Matrimonial Script 3.02 - 'succid' SQL Injection
|
|
2017-12-11
|
|
Vanguard 1.4 - SQL Injection
|
|
2017-12-11
|
|
Vanguard 1.4 - Arbitrary File Upload
|
|
2017-12-11
|
|
Basic Job Site Script 2.0.5 - SQL Injection
|
|
2017-12-11
|
|
Resume Clone Script 2.0.5 - SQL Injection
|
|
2017-12-11
|
|
Advanced World Database 2.0.5 - SQL Injection
|
|
2017-12-11
|
|
Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection
|
|
2017-12-11
|
|
Car Rental Script 2.0.4 - 'val' SQL Injection
|
|
2017-12-11
|
|
MLM Forced Matrix 2.0.9 - 'newid' SQL Injection
|
|
2017-12-11
|
|
MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection
|
|
2017-12-11
|
|
Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection
|
|
2017-12-11
|
|
Advanced Real Estate Script 4.0.7 - SQL Injection
|
|
2017-12-11
|
|
Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
|
|
2017-12-11
|
|
Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection
|
|
2017-12-11
|
|
Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
|
|
2017-12-11
|
|
Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection
|
|
2017-12-11
|
|
Entrepreneur Dating Script 2.0.1 - 'marital' / 'gender' / 'country' / 'profileid' SQL Injection
|
|
2017-12-11
|
|
Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection
|
|
2017-12-11
|
|
Readymade Video Sharing Script 3.2 - SQL Injection
|
|
2017-12-11
|
|
Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection
|
|
2017-12-11
|
|
Professional Service Script 1.0 - 'service-list?city' SQL Injection
|
|
2017-12-11
|
|
PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection
|
|
2017-12-11
|
|
Opensource Classified Ads Script 3.2 - SQL Injection
|
|
2017-12-11
|
|
Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection
|
|
2017-12-11
|
|
Multivendor Penny Auction Clone Script 1.0 - SQL Injection
|
|
2017-12-11
|
|
Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection
|
|
2017-12-11
|
|
Laundry Booking Script 1.0 - 'list?city' SQL Injection
|
|
2017-12-11
|
|
Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection
|
|
2017-12-11
|
|
Kickstarter Clone Acript 2.0 - 'projid' SQL Injection
|
|
2017-12-11
|
|
Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection
|
|
2017-12-11
|
|
Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection
|
|
2017-12-11
|
|
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection
|
|
2017-12-11
|
|
Yoga Class Script 1.0 - 'list?city' SQL Injection
|
|
2017-12-11
|
|
Food Order Script 1.0 - 'list?city' SQL Injection
|
|
2017-12-11
|
|
Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection
|
|
2017-12-11
|
|
E-commerce MLM Software 1.0 - SQL Injection
|
|
2017-12-10
|
|
Doctor Search Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection
|
|
2017-12-10
|
|
Consumer Complaints Clone Script 1.0 - 'id' SQL Injection
|
|
2017-12-10
|
|
Event Calendar Category Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
Co-work Space Search Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
CMS Auditor Website 1.0 - SQL Injection
|
|
2017-12-10
|
|
Child Care Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
Chartered Accountant Booking Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
Cab Booking Script 1.0 - 'city' SQL Injection
|
|
2017-12-10
|
|
Nearbuy Clone Script 3.2 - 'search' SQL Injection
|
|
2017-12-10
|
|
Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection
|
|
2017-12-09
|
|
Basic B2B Script 2.0.8 - 'product_details.php?id' SQL Injection
|
|
2017-12-09
|
|
Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection
|
|
2017-12-09
|
|
Advance Online Learning Management Script 3.1 - 'subcatid' / 'popcourseid' SQL Injection
|
|
2017-12-09
|
|
Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection
|
|
2017-12-09
|
|
FS Foodpanda Clone 1.0 - SQL Injection
|
|
2017-12-09
|
|
FS Amazon Clone 1.0 - SQL Injection
|
|
2017-12-09
|
|
FS Crowdfunding Script 1.0 - 'latest_news_details.php?id' SQL Injection
|
|
2017-12-09
|
|
FS Expedia Clone 1.0 - 'fl_orig' / 'fl_dest' / 'id' SQL Injection
|
|
2017-12-09
|
|
FS Trademe Clone 1.0 - 'search' / 'id' SQL Injection
|
|
2017-12-09
|
|
FS Care Clone 1.0 - 'jobFrequency' / 'jobType' SQL Injection
|
|
2017-12-09
|
|
FS Ebay Clone 1.0 - 'id' / 'sub_category_id' / 'category_id' SQL Injection
|
|
2017-12-09
|
|
FS Freelancer Clone 1.0 - 'profile.php?u' SQL Injection
|
|
2017-12-09
|
|
FS Gigs Script 1.0 - 'cat' / 'sc' SQL Injection
|
|
2017-12-09
|
|
FS Groupon Clone 1.0 - 'id' SQL Injection
|
|
2017-12-09
|
|
FS Grubhub Clone 1.0 - 'keywords' SQL Injection
|
|
2017-12-09
|
|
FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection
|
|
2017-12-09
|
|
FS Indiamart Clone 1.0 - 'token' / 'id' / 'c' SQL Injection
|
|
2017-12-09
|
|
FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection
|
|
2017-12-09
|
|
FS Makemytrip Clone 1.0 - 'fl_orig' / 'fl_dest' SQL Injection
|
|
2017-12-09
|
|
Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation
|
|
2017-12-09
|
|
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation
|
|
2017-12-08
|
|
FS Monster Clone 1.0 - 'Employer_Details.php?id' SQL Injection
|
|
2017-12-08
|
|
FS Olx Clone 1.0 - 'scat' / 'pid' SQL Injection
|
|
2017-12-08
|
|
FS Quibids Clone 1.0 - SQL Injection
|
|
2017-12-08
|
|
FS Thumbtack Clone 1.0 - 'cat' / 'sc' SQL Injection
|
|
2017-12-08
|
|
Website Auction Marketplace 2.0.5 - 'cat_id' SQL Injection
|
|
2017-12-08
|
|
FS Shutterstock Clone 1.0 - 'keywords' SQL Injection
|
|
2017-12-08
|
|
FS Stackoverflow Clone 1.0 - 'keywords' SQL Injection
|
|
2017-12-08
|
|
Realestate Crowdfunding Script 2.7.2 - 'pid' SQL Injection
|
|
2017-12-08
|
|
Simple Chatting System 1.0.0 - Arbitrary File Upload
|
|
2017-12-08
|
|
LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass)
|
|
2017-12-08
|
|
DomainSale PHP Script 1.0 - 'id' SQL Injection
|
|
2017-12-08
|
|
Linux Kernel - DCCP Socket Use-After-Free
|
|
2017-12-07
|
|
Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash
|
|
2017-12-07
|
|
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
|
|
2017-12-07
|
|
Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal
|
|
2017-12-07
|
|
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)
|
|
2017-12-07
|
|
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
|
|
2017-12-07
|
|
FS Facebook Clone - 'token' SQL Injection
|
|
2017-12-07
|
|
FS IMDB Clone - 'id' SQL Injection
|
|
2017-12-07
|
|
LaCie 5big Network 2.2.8 - Command Injection
|
|
2017-12-07
|
|
WAGO PFC 200 SERIES Multiple Vulnerabilities
|
|
2017-12-06
|
|
Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability
|
|
2017-12-06
|
|
HP iMC Plat 7.2 - Remote Code Execution Exploit (2)
|
|
2017-12-06
|
|
HP iMC Plat 7.2 - Remote Code Execution Exploit
|
|
2017-12-06
|
|
Jobs2Careers / Coroflot Clone - SQL Injection Vulnerability
|
|
2017-12-06
|
|
MistServer 2.12 - Cross-Site Scripting Vulnerability
|
|
2017-12-06
|
|
Artica Web Proxy 3.06 - Remote Code Execution Vulnerability
|
|
2017-12-06
|
|
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting Vulnerability
|
|
2017-12-06
|
|
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability
|
|
2017-12-06
|
|
macOS High Sierra - Root Privilege Escalation Exploit
|
|
2017-12-06
|
|
WordPress WooCommerce 2.0/3.0 Plugin - Directory Traversal Vulnerability
|
|
2017-12-06
|
|
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page Exploit
|
|
2017-12-06
|
|
Proxifier for Mac 2.19 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Hashicorp vagrant-vmware-fusion 4.0.24 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Sera 1.2 - Local root Privilege Escalation / Password Disclosure
|
|
2017-12-06
|
|
Hashicorp vagrant-vmware-fusion 5.0.1 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Arq 5.9.6 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Murus 1.4.11 - Local root Privilege Escalation
|
|
2017-12-06
|
|
Arq 5.9.7 - Local root Privilege Escalation
|
|
2017-12-06
|
|
FS Shaadi Clone - 'token' SQL Injection
|
|
2017-12-06
|
|
WinduCMS 3.1 - Local File Disclosure
|
|
2017-12-06
|
|
FS Makemytrip Clone - 'id' SQL Injection
|
|
2017-12-06
|
|
Techno Portfolio Management Panel - 'id' SQL Injection
|
|
2017-12-05
|
|
Readymade Classifieds Script 1.0 - SQL Injection
|
|
2017-12-05
|
|
Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation
|
|
2017-12-05
|
|
VX Search 10.2.14 - 'command_name' Buffer Overflow
|
|
2017-12-05
|
|
Abyss Web Server < 2.11.6 - Heap Memory Corruption
|
|
2017-12-01
|
|
Artica Web Proxy 3.06 - Remote Code Execution
|
|
2017-12-01
|
|
MistServer 2.12 - Cross-Site Scripting
|
|
2017-12-01
|
|
Jobs2Careers / Coroflot Clone - SQL Injection
|
|
2017-12-01
|
|
HP iMC Plat 7.2 - Remote Code Execution (2)
|
|
2017-12-01
|
|
HP iMC Plat 7.2 - Remote Code Execution
|
|
2017-12-01
|
|
macOS High Sierra - Root Privilege Escalation (Metasploit)
|
|
2017-11-30
|
|
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page
|
|
2017-11-30
|
|
Asterisk 13.17.2 - Memory Corruption
|
|
2017-11-30
|
|
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
|
|
2017-11-30
|
|
Hipchat For Mac 4.x Remote Code Execution Vulnerability
|
|
2017-11-30
|
|
Hipchat Data Center / Hipchat Server Code Execution / SSRF Vulnerabilities
|
|
2017-11-30
|
|
MacOSX Root Privilege Escalation Exploit
|
|
2017-11-30
|
|
Apache CouchDB Remote Code Execution Vulnerability
|
|
2017-11-30
|
|
Exim Use-After-Free Exploit
|
|
2017-11-30
|
|
osCommerce 2.3.4.1 - Arbitrary File Upload Exploit
|
|
2017-11-29
|
|
Microsoft Windows 10 Creators Update version 1703 - Kernel Local Privilege Escalation Exploit
|
|
2017-11-29
|
|
pfSense 2.3.1_1 Remote Command Execution Exploit
|
|
2017-11-29
|
|
HikVision Wi-Fi IP Camera Wireless Access Point State Vulnerability
|
|
2017-11-29
|
|
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Exploit
|
|
2017-11-29
|
|
Synology StorageManager 5.2 - Remote Root Command Execution Exploit
|
|
2017-11-29
|
|
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection Vulnerabilities
|
|
2017-11-29
|
|
KMPlayer 4.2.2.4 - Denial of Service Exploit
|
|
2017-11-29
|
|
Winamp Pro 5.66.Build.3512 - Denial of Service Exploit
|
|
2017-11-29
|
|
Diving Log 6.0 - XML External Entity Injection Vulnerability
|
|
2017-11-29
|
|
ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability
|
|
2017-11-29
|
|
Exim 4.89 - BDAT Denial of Service Exploit
|
|
2017-11-29
|
|
Wget HTTP integer overflow Exploit
|
|
2017-11-29
|
|
JBOSSAS 5.x/6.x Deserializer Vulnerability
|
|
2017-11-29
|
|
JBOSSAS 4.x Deserializer Vulnerability
|
|
2017-11-29
|
|
Cambium Multiple Vulnerabilities
|
|
2017-11-29
|
|
DblTek GoIP GSM Gateway Multiple Vulnerabilities
|
|
2017-11-29
|
|
WordPress CMS Tree Page View 1.3.4 plugin Privilege Escalation Vulnerability
|
|
2017-11-29
|
|
WordPress WPDB SQL Injection Vulnerability
|
|
2017-11-29
|
|
Ubuntu 17.04 Linux Kernel XFRM Privilege Escalation Exploit
|
|
2017-11-29
|
|
D-Link DIR-850L Credential Disclosure Exploit
|
|
2017-11-29
|
|
CSC Cart 4.6.2 Shell Upload Vulnerability
|
|
2017-11-29
|
|
Microsoft Windows win32kfull!GreUpdateSpriteInternal Kernel Stack Memory Disclosure Exploit
|
|
2017-11-29
|
|
Microsoft Windows win32kbase!NtQueryCompositionInputQueueAndTransform Kernel Stack Memory Disclosure
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT Incorrect Function Declaration Scope Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared Failed Return Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT BailOutOnTaggedValue Bailouts Exploit
|
|
2017-11-29
|
|
CommuniGatePro 6.1.16 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode) Exploit
|
|
2017-11-29
|
|
Linux - mincore() Uninitialized Kernel Heap Page Disclosure Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::FormSubmission::create Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::RenderObject::previousSibling Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::DocumentLoader::frameLoader Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::Style::TreeResolver::styleForElement Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::SVGPatternElement::collectPatternAttributes Out-of-Bounds Read Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::SimpleLineLayout::RunResolver::runForPoint Out-of-Bounds Read Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::RenderText::localCaretRect Out-of-Bounds Read Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::AXObjectCache::performDeferredCacheUpdate Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::PositionIterator::decrement Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::InputType::element Use-After-Free Exploit
|
|
2017-11-29
|
|
WebKit - WebCore::TreeScope::documentScope Use-After-Free Exploit
|
|
2017-11-29
|
|
Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
MyTy 5.1.6 Blind SQL Injection Vulnerability
|
|
2017-11-29
|
|
MyTy 5.1.7 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
WordPress Breezing Forms 1.2.7.42 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
WordPress Yoast SEO Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
Vonage VDV-23 - Denial of Service Exploit
|
|
2017-11-29
|
|
WordPress In Link 1.0 SQL Injection Vulnerability
|
|
2017-11-29
|
|
WordPress amtyThumb 8.1.3 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
WordPress Emag Marketplace Connector 1.0 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
RSA Authentication Manager 8.2 SP1 P5 Cross Site Scripting Vulnerability
|
|
2017-11-29
|
|
EMC ScaleIO 2.0.1.x Buffer Overflow / Information Disclosure Vulnerabilities
|
|
2017-11-29
|
|
Microsoft Windows NTFS File System Metadata Disclosures Exploit
|
|
2017-11-29
|
|
Microsoft Windows 10 - nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosur
|
|
2017-11-29
|
|
MyBB 1.8.13 - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
Microsoft Office - OLE Remote Code Execution Exploit
|
|
2017-11-29
|
|
Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass Vulnerability
|
|
2017-11-29
|
|
iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service Exploit
|
|
2017-11-29
|
|
Dell Active Roles 7.x Unquoted Service Path Privilege Escalation Vulnerability
|
|
2017-11-29
|
|
phpMyFAQ 2.9.9 Code Injection Exploit
|
|
2017-11-29
|
|
Cisco Umbrella Virtual Appliance 2.1.0 Hardcoded Credentials Vulnerability
|
|
2017-11-29
|
|
TP-Link TL-WA830RE - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection Vulnerability
|
|
2017-11-29
|
|
VX Search 10.2.14 - Proxy Buffer Overflow (SEH) Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT - OP_Memset Type Confusion Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check Exploit
|
|
2017-11-29
|
|
Microsoft Edge Chakra JIT - Type Confusion with switch Statements Exploit
|
|
2017-11-29
|
|
Microsoft Edge - Object.setPrototypeOf Memory Corruption Exploit
|
|
2017-11-29
|
|
Zeta Components Mail 1.8.1 - Remote Code Execution Vulnerability
|
|
2017-11-29
|
|
LanSweeper 6.0.100.75 - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
Vonage VDV23 - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
DLink DIR-605L < 2.08 - Denial of Service Exploit
|
|
2017-11-29
|
|
DLink DCS-936L Network Camera Cross-Site Request Forgery Vulnerability
|
|
2017-11-29
|
|
TP-Link TL-WR740N - Cross-Site Scripting Vulnerability
|
|
2017-11-29
|
|
WIFICAM Wireless IP Camera (P2P) - Unauthenticated Remote Code Execution Exploit
|
|
2017-11-29
|
|
PHP 7.1.8 - Heap-Based Buffer Overflow Vulnerability
|
|
2017-11-29
|
|
Vivotek IP Cameras Remote Stack Overflow Vulnerability
|
|
2017-11-29
|
|
QEMU - NBD Server Long Export Name Stack Buffer Overflow
|
|
2017-11-29
|
|
pfSense - Authenticated Group Member RCE (Metasploit)
|
|
2017-11-29
|
|
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
|
|
2017-11-29
|
|
osCommerce 2.3.4.1 - Arbitrary File Upload
|
|
2017-11-29
|
|
DVD Creator 4.1.0 - Insecure File Permissions Vulnerability
|
|
2017-11-28
|
|
Hola VPN v1.34 - Privilege Escalation Vulnerability
|
|
2017-11-28
|
|
Synology StorageManager 5.2 - Remote Root Command Execution
|
|
2017-11-28
|
|
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download
|
|
2017-11-28
|
|
ZTE ZXDSL 831CII - Improper Access Restrictions
|
|
2017-11-27
|
|
Diving Log 6.0 - XML External Entity Injection
|
|
2017-11-27
|
|
Winamp Pro 5.66.Build.3512 - Denial of Service
|
|
2017-11-27
|
|
KMPlayer 4.2.2.4 - Denial of Service
|
|
2017-11-27
|
|
Exim 4.89 - 'BDAT' Denial of Service
|
|
2017-11-27
|
|
Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly
|
|
2017-11-27
|
|
Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope
|
|
2017-11-27
|
|
Microsoft Edge Chakra JIT - 'Inline::InlineCallApplyTarget_Shared' does not Return the return Instruction
|
|
2017-11-27
|
|
Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion
|
|
2017-11-27
|
|
CommuniGatePro 6.1.16 - Cross-Site Scripting
|
|
2017-11-27
|
|
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)
|
|
2017-11-26
|
|
Linux - 'mincore()' Uninitialized Kernel Heap Page Disclosure
|
|
2017-11-24
|
|
WebKit - 'WebCore::FormSubmission::create' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::DocumentLoader::frameLoader' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::SVGPatternElement::collectPatternAttributes' Out-of-Bounds Read
|
|
2017-11-22
|
|
WebKit - 'WebCore::SimpleLineLayout::RunResolver::runForPoint' Out-of-Bounds Read
|
|
2017-11-22
|
|
WebKit - 'WebCore::RenderText::localCaretRect' Out-of-Bounds Read
|
|
2017-11-22
|
|
WebKit - 'WebCore::AXObjectCache::performDeferredCacheUpdate' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::InputType::element' Use-After-Free
|
|
2017-11-22
|
|
WebKit - 'WebCore::TreeScope::documentScope' Use-After-Free
|
|
2017-11-22
|
|
Vonage VDV-23 - Denial of Service
|
|
2017-11-22
|
|
Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting
|
|
2017-11-22
|
|
Microsoft Windows 10 - 'nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)' Pool Memory Disclosure
|
|
2017-11-21
|
|
Microsoft Office - OLE Remote Code Execution
|
|
2017-11-21
|
|
Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass
|
|
2017-11-20
|
|
iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service
|
|
2017-11-20
|
|
MyBB 1.8.13 - Cross-Site Scripting
|
|
2017-11-19
|
|
MyBB 1.8.13 - Remote Code Execution
|
|
2017-11-19
|
|
VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH)
|
|
2017-11-17
|
|
Zeta Components Mail 1.8.1 - Remote Code Execution
|
|
2017-11-16
|
|
Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion
|
|
2017-11-16
|
|
Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check
|
|
2017-11-16
|
|
Microsoft Edge Chakra JIT - Type Confusion with switch Statements
|
|
2017-11-16
|
|
Microsoft Edge - 'Object.setPrototypeOf' Memory Corruption
|
|
2017-11-16
|
|
Vonage VDV23 - Cross-Site Scripting
|
|
2017-11-16
|
|
LanSweeper 6.0.100.75 - Cross-Site Scripting
|
|
2017-11-16
|
|
TP-Link TL-WR740N - Cross-Site Scripting
|
|
2017-11-16
|
|
Anti-Virus Privileged File Write Vulnerability
|
|
2017-11-16
|
|
Identity Governance 12.6 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
WordPress AMP Toolbox 1.9.4 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
WordPress Affiliate Ads For Clickbank Products 1.3 XSS Vulnerability
|
|
2017-11-16
|
|
Scala 2.x Privilege Escalation Vulnerability
|
|
2017-11-16
|
|
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution Vulnerabilities
|
|
2017-11-16
|
|
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
Dup Scout Enterprise 10.0.18 - Login Buffer Overflow Exploit
|
|
2017-11-16
|
|
PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free Vulnerability
|
|
2017-11-16
|
|
Technicolor TG789vn v3 HTTP DoS Exploit
|
|
2017-11-16
|
|
WordPress Appointments 2.2.2.2 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
WordPress Cartogiraffe Map 1.0 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
WordPress Boozang 1.0.0 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
D-Link DIR-850L Unauthenticated Command Execution Exploit
|
|
2017-11-16
|
|
Ulterius Server < 1.9.5.0 - Directory Traversal Exploit
|
|
2017-11-16
|
|
Kirby CMS < 2.5.7 - Cross-Site Scripting Vulnerability
|
|
2017-11-16
|
|
Monstra CMS 3.0.4 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload Exploit
|
|
2017-11-16
|
|
IKARUS anti.virus 2.16.7 - ntguard_x64 Privilege Escalation Exploit
|
|
2017-11-16
|
|
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC) Exploit
|
|
2017-11-16
|
|
Fierce Buffer Overflow Vulnerability
|
|
2017-11-16
|
|
Symantec Endpoint Protection v12.1 / Tamper-Protection Bypass Exploit
|
|
2017-11-16
|
|
Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free Exploit
|
|
2017-11-16
|
|
Datto Windows Agent Remote Code Execution Vulnerability
|
|
2017-11-16
|
|
WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting Vulnerability
|
|
2017-11-16
|
|
D-Link DIR605L - Denial of Service
|
|
2017-11-15
|
|
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
|
|
2017-11-15
|
|
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow
|
|
2017-11-15
|
|
PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free
|
|
2017-11-14
|
|
PHP 7.1.8 - Heap-Based Buffer Overflow
|
|
2017-11-14
|
|
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
|
|
2017-11-14
|
|
Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free
|
|
2017-11-14
|
|
DIR-850L - (Un)authenticated OS Command Execution (Metasploit)
|
|
2017-11-14
|
|
Wireless IP Camera (P2P) WIFICAM - Unauthenticated Remote Code Execution
|
|
2017-11-14
|
|
Ulterius Server < 1.9.5.0 - Directory Traversal
|
|
2017-11-14
|
|
Kirby CMS < 2.5.7 - Cross-Site Scripting
|
|
2017-11-14
|
|
IKARUS anti.virus 2.16.7 - 'ntguard_x64' Privilege Escalation
|
|
2017-11-13
|
|
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
|
|
2017-11-13
|
|
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
|
|
2017-11-13
|
|
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
|
|
2017-11-13
|
|
Microsoft Windows LNK File Code Execution Exploit
|
|
2017-11-09
|
|
WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting Vulnerability
|
|
2017-11-09
|
|
IBM Lotus Notes Denial Of Service Exploit
|
|
2017-11-09
|
|
Mako Server 2.5 Command Injection Exploit
|
|
2017-11-09
|
|
Geutebrueck GCore GCoreServer.exe Buffer Overflow Exploit
|
|
2017-11-09
|
|
iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability
|
|
2017-11-09
|
|
WordPress Duplicator Migration 1.2.28 Cross Site Scripting Vulnerability
|
|
2017-11-09
|
|
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEP/SMAP Privilege Escalation Exploit
|
|
2017-11-09
|
|
pfSense 2.3.1_1 - Command Execution Vulnerability
|
|
2017-11-09
|
|
ManageEngine Applications Manager 13 - SQL Injection Vulnerability
|
|
2017-11-09
|
|
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability
|
|
2017-11-09
|
|
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability
|
|
2017-11-09
|
|
SMPlayer 17.11.0 - .m3u Buffer Overflow (PoC) Exploit
|
|
2017-11-09
|
|
ManageEngine Applications Manager 13 - SQL Injection
|
|
2017-11-07
|
|
pfSense 2.3.1_1 - Command Execution
|
|
2017-11-07
|
|
Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability
|
|
2017-11-07
|
|
TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability
|
|
2017-11-07
|
|
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP Privilege Escalation
|
|
2017-11-07
|
|
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)
|
|
2017-11-06
|
|
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
|
|
2017-11-06
|
|
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
|
|
2017-11-06
|
|
WordPress Userpro Plugin 4.9.17.1 - Authentication Bypass Vulnerability
|
|
2017-11-06
|
|
Actiontec C1000A Modem - Backdoor Account Vulnerability
|
|
2017-11-06
|
|
Debut Embedded httpd 1.20 - Denial of Service Exploit
|
|
2017-11-06
|
|
Avaya OfficeScan (IPO) < 10.1 - 'SoftConsole' Buffer Overflow (SEH)
|
|
2017-11-06
|
|
Avaya OfficeScan (IPO) < 10.1 - ActiveX Buffer Overflow
|
|
2017-11-06
|
|
Debut Embedded httpd 1.20 - Denial of Service
|
|
2017-11-06
|
|
Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH) Exploit
|
|
2017-11-06
|
|
Actiontec C1000A Modem - Backdoor Account
|
|
2017-11-06
|
|
WordPress Plugin Userpro < 4.9.17.1 - Authentication Bypass
|
|
2017-11-06
|
|
Ipswitch WS_FTP Professional < 12.6.0.3 - Local Buffer Overflow (SEH)
|
|
2017-11-06
|
|
Avaya OfficeScan (IPO) Remote ActiveX Buffer Overflow Exploit
|
|
2017-11-05
|
|
Avaya OfficeScan (IPO) SoftConsole Remote SEH Buffer Overflow Exploit
|
|
2017-11-05
|
|
Tor Browser 7.0.8 IP Address Leak Vulnerability
|
|
2017-11-05
|
|
Splunk 6.6.x Local Privilege Escalation Vulnerability
|
|
2017-11-05
|
|
Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External En
|
|
2017-11-05
|
|
WordPress WP Mobile Detector 3.5 Shell Upload Exploit
|
|
2017-11-05
|
|
WordPress JTRT Responsive Tables 4.1 Plugin - SQL Injection Vulnerability
|
|
2017-11-05
|
|
tnftp (savefile) Arbitrary Command Execution Exploit
|
|
2017-11-05
|
|
GraphicsMagick - Memory Disclosure / Heap Overflow Exploit
|
|
2017-11-05
|
|
Ladon Framework For Python 0.9.40 XXE Injection Vulnerability
|
|
2017-11-05
|
|
Sera 1.2 Local Root / Password Disclosure Exploit
|
|
2017-11-05
|
|
Vir.IT eXplorer Anti-Virus - Privilege Escalation Exploit
|
|
2017-11-05
|
|
WhatsApp 2.17.52 - Memory Corruption Exploit
|
|
2017-11-05
|
|
ZyXEL PK5001Z Modem - Backdoor Account Vulnerability
|
|
2017-11-05
|
|
Ingenious School Management System 2.3.0 - friend_index SQL injection Vulnerability
|
|
2017-11-05
|
|
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Vulnerability
|
|
2017-11-05
|
|
WordPress User Login History 1.5.2 Cross Site Scripting Vulnerability
|
|
2017-11-05
|
|
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management Vulnerability
|
|
2017-11-05
|
|
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication Vulnerability
|
|
2017-11-05
|
|
Progea Movicon 11.5.1181 Search Path Issues Vulnerability
|
|
2017-11-05
|
|
Sync Breeze 10.1.16 Buffer Overflow Vulnerability
|
|
2017-11-05
|
|
EMC VMAX Virtual Appliance (vApp) Authentication Bypass Vulnerability
|
|
2017-11-05
|
|
EMC AppSync Server Hardcoded Password Vulnerability
|
|
2017-11-05
|
|
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit
|
|
2017-11-05
|
|
Ingenious 2.3.0 - Arbitrary File Upload Vulnerability
|
|
2017-11-05
|
|
D-Park Pro 1.0 - SQL Injection Vulnerability
|
|
2017-11-05
|
|
Adult Script Pro 2.2.4 - SQL Injection Vulnerability
|
|
2017-11-05
|
|
Article Directory Script 3.0 - id SQL Injection Vulnerability
|
|
2017-11-05
|
|
iProject Management System 1.0 - ID SQL Injection Vulnerability
|
|
2017-11-05
|
|
iStock Management System 1.0 - Arbitrary File Upload Vulnerability
|
|
2017-11-05
|