Serhyo
February 15, 2018, 4:22pm
141
2018.02.15
SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)
XSS vulnerability in Dark-mode plugin 1.66 for WordPress (CVE-2018-5651 and CVE-2018-5652)
CSRF and XSS vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)
CSRF & XSS vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6466, CVE-2018-6467, CVE-2018-6468 and CVE-2018-6469)
XSS vulnerability in CMS Made Simple 2.2.5 (CVE-2018-5963, CVE-2018-5964 and CVE-2018-5965)
XSS vulnerability in BigTree CMS 4.2.19 (CVE-2018-6013)
bl_domains update
Serhyo
February 22, 2018, 5:48pm
142
2018.02.22
SQL injection vulnerability in the SimpleCalendar 3.1.9 component for Joomla! (CVE-2018-5974)
SQL injection vulnerability in the MediaLibrary Free 4.0.12 component for Joomla! (CVE-2018-5971)
XSS vulnerability in WordPress Booking Plugin Lite before 14.5 (CVE-2018-6891)
XSS vulnerability in wp-splashing-images-2.1.0 plugin for WordPress (CVE-2018-6194)
XSS vulnerability in UltimateMember plugin 2.0 for WordPress (CVE-2018-6943 and CVE-2018-6944)
OS Command Injection vulnerability in OpenEMR version 5.0.0 (CVE-2018-1000019)
Stored XSS vulnerability in Dolibarr ERP/CRM version 6.0.2 (CVE-2017-1000509)
bl_domains update
Serhyo
March 1, 2018, 5:28pm
143
2018.03.01
SQL injection vulnerability in Zh YandexMap 6.2.1.0, Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582, CVE-2018-6604 and 2018-6605)
SQL injection vulnerability in JSP Tickets 1.1 component for Joomla (CVE-2018-6609)
Unauthenticated attackers can cause a denial of service in WordPress through 4.9.2 (CVE-2018-6389)
Unrestricted file upload vulnerability in AccessPress Anonymous Post Pro 3.2.0 for WordPress (CVE-2017-1649)
XSS vulnerability in SilverStripe CMS before 3.6.1 (CVE-2017-14498)
XSS in Monstra CMS through 3.0.4 (CVE-2018-6550)
bl_domains update
Serhyo
March 14, 2018, 1:22pm
144
2018.03.14
Added the rules set for ModSecurity 3 and NGINX
SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)
SQL injection vulnerability in the PrayerCenter 3.0.2 component for Joomla! (CVE-2018-7314)
SQL injection vulnerability in JEXTN Classified 1.0.0 component and JEXTN Reverse Auction 3.1.0 component for Joomla (CVE-2018-6575 and CVE-2018-6579)
SQL Injection vulnerability in CP Contact Form with PayPal plugin 1.1.5 for WordPress (CVE-2015-9234)
XSS vulnerability in Bullet Proof Security plugin before 0.52.5 for WordPress (CVE-2018-6194)
XSS vulnerabilities in the XCloner plugin 3.1.2 for WordPress (CVE-2015-4337)
XSS vulnerability in phpMyAdmin before 4.7.8 (CVE-2018-7260)
bl_domains update
Serhyo
April 4, 2018, 4:57pm
145
2018.04.04
SQLi vulnerability in Piwigo before 2.9.3 (CVE-2018-6883)
SQL injection vulnerability in in the Saxum Astro 4.0.14 component for Joomla! (CVE-2018-7180)
SQL injection vulnerability in the Saxum Picker 3.2.10 component for Joomla! (CVE-2018-7178)
SQL injection vulnerability in Ek Rishta 2.9 component for Joomla! (CVE-2018-7315)
XSS & Unrestricted file upload vulnerability in Tiki before 18 (CVE-2018-7188)
Directory traversal vulnerability in BlackCat CMS before 1.1.2 (CVE-2015-5079)
bl_domains update
Serhyo
April 18, 2018, 2:28pm
146
2018.04.18
Updated rules for IP whitelisting/blacklisting for modsec3 for nginx
SQL injection vulnerability in JMS Music 1.1.1 component for Joomla (CVE-2018-6581)
Remote file inclusion vulnerability in the Jimtawl 2.1.6 and 2.2.5 component for Joomla (CVE-2018-6580)
Directory traversal vulnerability in The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress (CVE-2017-15079)
Stored XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7723)
XSS vulnerability in Piwigo Facetag plugin 0.0.3 (CVE-2017-9425)
SQLi vulnerability in Piwigo Facetag plugin 0.0.3 (CVE-2017-9426)
SQLi vulnerability in Textpattern CMS 4.6.2 (CVE-2018-7474)
XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7722)
XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7724)
XSS vulnerability in Enhancesoft osTicket before 1.10.2 (CVE-2018-7193)
XSS vulnerability in Enhancesoft osTicket before 1.10.2 (CVE-2018-7196)
FP fix
bl_domains update
Serhyo
April 26, 2018, 4:32pm
147
2018.04.26
XSS vulnerability in Two-Factor Authentication - Clockwork SMS plugin 1.0.2 for wordpress (CVE-2017-17780)
XSS vulnerability in elevanssi plugin 4.0.4 for WordPress (CVE-2018-9034)
XSS vulnerability in The Iptanus WordPress File Upload plugin before 4.3.4 for wordpress (CVE-2018-9844)
XSS vulnerability in WP Live Chat Support plugin before 8.0.06 for wordpress (CVE-2018-9864)
Directory Traversal vulnerability in WP Background Takeover Advertisements plugin before 4.1.5 for wordpress (CVE-2018-9118)
RCE vulerability in Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 (CVE-2018-7600, CVE-2018-7602)
SQLi vulnerability in Western Bridge Cobub Razor 0.8.0 (CVE-2018-8057)
XSS vulnerability in Xiuno BBS 4.0.0 (CVE-2018-8942)
bl_domains update
Serhyo
May 2, 2018, 5:01pm
148
2018.05.02
XSS vulnerability in bilboplanet 2.0 (CVE-2014-9916)
XSS vulnerability in GetSimple CMS 3.3.13 (CVE-2018-9173)
XSS vulnerability in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 (CVE-2014-4612)
XSS vulnerability in CMS Made Simple 2.2.7 (CVE-2018-10029 & CVE-2018-10032)
XSS vulnerability in Zurmo 3.2.3 (CVE-2017-18004)
SQLi vulnerability in Dolibarr ERP/CRM 7.0.0 (CVE-2017-18260)
XSS vulnerability in frog cms 0.9.5 (CVE-2018-9992)
bl_domains update
Serhyo
May 8, 2018, 2:17pm
149
2018.05.08
XSS vulnerability in WordPress Download Manager prior to version 2.9.50 for wordpress (CVE-2017-2216)
XSS vulnerability in phpIPAM before 1.3.1 (CVE-2018-10329)
XSS vulnerability in Dolibarr ERP/CRM 7.0.0 (CVE-2017-18259)
XSS vulnerability in iCMS V7.0.8 (CVE-2018-10250)
XSS vulnerability in GeniXCMS 1.1.0 (CVE-2017-14740)
XSS vulnerability in the Threads to Link plugin 1.3 for MyBB (CVE-2018-10365)
bl_domains update
Serhyo
May 15, 2018, 4:43pm
150
2018.05.15
SQLi and XSS vulnerability in Dolibarr ERP/CRM before 5.0.4 (CVE-2017-9839)
XSS vulnerability in Z-BlogPHP 1.5.2 (CVE-2018-10680, CVE-2018-7736)
XSS vulnerability in iCMS V7.0.7 (CVE-2018-9925)
XSS vulnerability in HRSALE The Ultimate HRM v1.0.2 (CVE-2018-10259)
XSS vulnerability in phpIPAM before 1.3.1 (CVE-2017-15640)
SQLi vulnerability in iCMS V7.0.7 (CVE-2018-9924)
bl_domains update
Serhyo
May 22, 2018, 3:14pm
151
2018.05.22
XSS vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress (CVE-2018-0578)
XSS vulnerability in WP Live Chat Support plugin before 8.0.08 for WordPress (CVE-2018-11105)
XSS vulnerability in Dolibarr ERP/CRM before 5.0.4 (CVE-2017-9838)
XSS vulnerability in frog cms 0.9.5 (CVE-2018-10806)
Directory traversal vulnerability in NoneCms through 1.3.0 (CVE-2018-6022)
XSS vulnerability in Z-BlogPHP 2.0.0 (CVE-2018-11208)
bl_domains update
Serhyo
June 7, 2018, 10:32pm
152
2018.06.08
SQLi vulnerability in HRSALE The Ultimate HRM v1.0.2 (CVE-2018-10256)
SQLi vulnerability in OpenEMR before v5_0_1_1 (CVE-2018-9250)
Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11342)
XSS vulnerability in DomainMod v4.09.03 (CVE-2018-11403 and CVE-2018-11404)
XSS vulnerability in Dolibarr ERP/CRM before 7.0.1 (CVE-2018-10095)
XSS vulnerability in Z-BlogPHP 1.5.1 (CVE-2018-9169)
Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11344)
bl_domains update
Serhyo
June 12, 2018, 4:59pm
153
2018.06.12
SQLi vulnerability in Dolibarr ERP/CRM before 7.0.1 (CVE-2018-10094)
Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11341)
XSS And SQLi vulnerability in EasyService Billing 1.0. (CVE-2018-11443 and CVE-2018-11444)
XSS vulnerability in the Moderator Log Notes plugin 1.1 for MyBB (CVE-2018-11430)
XSS vulnerability in ASUSTOR soundsgood (CVE-2018-11343)
XSS vulnerability in DomainMod v4.10.0 (CVE-2018-11558 and CVE-2018-11559)
SQLi vulnerability in iScripts eSwap v2.4 (CVE-2018-11372 and CVE-2018-11373)
bl_domains update
Serhyo
June 20, 2018, 3:42pm
154
2018.06.20
XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)
CSRF vulnerability in Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress (CVE-2018-11632)
CSRF vulnerability in Woo Checkout for Digital Goods plugin 2.1 for WordPress (CVE-2018-11633)
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress (CVE-2018-10969)
RCE vulerability in Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 (CVE-2018-7600, CVE-2018-7602)
XSS vulnerability in the MODX Revolution 2.6.3 (CVE-2018-10382)
bl_domains update
Serhyo
July 6, 2018, 12:24pm
155
2018.07.06
SQL injection vulnerability in CW Tags 2.0.6 component for Joomla (CVE-2018-7313)
XSS vulnerability in Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla (CVE-2018-11690)
SQLi vulnerability in The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress (CVE-2018-12636)
XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)
SQL Injection vulnerability in Quick Chat plugin before 4.00 for WordPress (CVE-2018-12534)
XSS vulnerability in the User Profile & Membership plugin before 2.0.11 for WordPress (CVE-2018-10234)
XSS vulnerability in the WP Statistics plugin 12.0.2-12.0.5 for WordPress (CVE-2018-1000556)
XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0587)
CSRF & XSS vulnerability in SLiMS 8 Akasia through 8.3.1 (CVE-2017-12584, CVE-2018-12659)
bl_domains update
Serhyo
July 16, 2018, 4:20pm
156
2018.07.16
SQL Injection vulnerability in JB Bus 2.3 component for Joomla (CVE-2018-6372)
SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)
Unrestricted file upload vulnerability in WP Live Chat Support Pro plugin before 8.0.07 for WordPress (CVE-2018-12426)
SQL injection vulnerability in the MemberMouse plugin 2.2.8 and prior for WordPress (CVE-2018-11309)
XSS vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress (CVE-2018-0579)
XSS vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress (CVE-2018-0577)
XSS vulnerability in SLiMS 8 Akasia through 8.3.1 (CVE-2018-12654, CVE-2018-12655, CVE-2018-12656, CVE-2018-12657, CVE-2018-12658)
XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-11572)
XSS vulnerability in Chevereto Free before 1.0.13 (CVE-2018-12030)
SQL Injection vulnerability in iCMS V7.0.8 (CVE-2018-12498)
Directory Traversal vulnerability in in YXcms 1.4.7 (CVE-2018-13025)
XSS vulnerability in BigTree-CMS (CVE-2018-1000521)
XSS vulnerability in CMS Made Simple in 2.2.6 (CVE-2018-7893, CVE-2018-8058)
bl_domains update
Serhyo
July 23, 2018, 4:17pm
157
2018.07.23
Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)
SQL injection vulnerability in the Saxum Numerology 3.0.4 component for Joomla (CVE-2018-7177)
SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)
SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)
SQL Injection vulnerability in the JS Jobs 1.1.9 component for Joomla (CVE-2018-5994)
SQL injection vulnerability in CP Event Calendar 3.0.1 component for Joomla (CVE-2018-6398)
XSS vulnerability in Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress (CVE-2018-13832)
XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-11332, CVE-2018-13106)
Directory traversal vulnerability in CMS Made Simple in 2.2.7 (CVE-2018-10083)
XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-13998)
Directory traversal vulnerability in CMS Made Simple in 2.2.7 (CVE-2018-10520)
bl_domains update
Serhyo
July 30, 2018, 1:26pm
158
2018.07.30
SQL injection vulnerability in JquickContact 1.3.2.2.1 component for Joomla (CVE-2018-5983)
SQL injection vulnerability in the Form Maker 3.6.12 component for Joomla (CVE-2018-5991)
SQL Injection vulnerability in Visual Calendar 3.1.3 component for Joomla (CVE-2018-6395)
SQL injection vulnerability in Advertisement Board 3.1.0 component for Joomla (CVE-2018-5982)
SQL injection vulnerability in Smart Shoutbox 3.0.0 component for Joomla (CVE-2018-5975)
SQL injection vulnerability in Realpin 1.5.04 component for Joomla (CVE-2018-6005)
Arbitrary File Download vulnerability in Jtag Members Directory 5.3.7 component for Joomla (CVE-2018-6008)
SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)
SQL injection vulnerability in Aist through 2.0 component for Joomla (CVE-2018-5993)
SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)
bl_domains update
Serhyo
August 8, 2018, 4:30pm
159
2018.08.08
SQL injection vulnerability in Google Map Landkarten 4.2.3 component for Joomla (CVE-2018-6396)
Directory Traversal vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0588)
XSS vulnerability in Responsive Cookie Consent plugin before 1.8 for WordPress (CVE-2018-10309)
XSS vulnerability in Multi Step Form plugin 1.2.5 for WordPress (CVE-2018-14846)
XSS vulnerability in YXcms 1.7 (CVE-2018-14686)
XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14515, CVE-2018-14472)
XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14512)
XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14513)
XSS vulnerability in iCMS before 7.0.10 (CVE-2018-14415)
bl_domains update
Serhyo
August 15, 2018, 3:35pm
160
2018.08.15
SQL injection vulnerability in Staff Master through 1.0 RC 1 component for Joomla (CVE-2018-5992)
Arbitrary File Upload vulnerability in Proclaim 9.1.1 component for Joomla (CVE-2018-7316)
SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)
CSRF vulnerability in JS Support Ticket 1.1.0 component for Joomla (CVE-2018-6007)
SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)
XSS vulnerability in Multi Step Form plugin through 1.2.5 for WordPress (CVE-2018-14430)
SQLi vulnerability in WP Support Plus Responsive Ticket System plugin 9.0.2 and earlier for WordPress (CVE-2018-1000131)
XSS vulnerability in October CMS prior to build 437 (CVE-2018-1999008)
XSS vulnerability in Subrion CMS 4.2.1 (CVE-2018-14835)
XSS vulnerability in SeedDMS before 5.1.8 (CVE-2018-12944)
XSS vulnerability in SeedDMS before 5.1.8 (CVE-2018-12943)
bl_domains update