|
2008-10-14
|
|
Webscene eCommerce - 'productlist.php' SQL Injection
|
8 |
WEB
|
Angela Chang
|
|
2008-10-13
|
|
ASP Indir Iltaweb Alisveris Sistemi - 'xurunler.asp' SQL Injection
|
7 |
WEB
|
tRoot
|
|
2014-03-24
|
|
BigDump 0.35b - Arbitrary File Upload
|
9 |
WEB
|
felipe andrian
|
|
2008-10-11
|
|
EEB-CMS 0.95 - 'index.php' Cross-Site Scripting
|
9 |
WEB
|
d3v1l
|
|
2008-10-11
|
|
Joomla! Component com_jeux - 'id' SQL Injection
|
10 |
WEB
|
H!tm@N
|
|
2008-10-08
|
|
DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions
|
9 |
WEB
|
GoLd_M
|
|
2008-10-08
|
|
Opera Web Browser 8.51 - URI redirection Remote Code Execution
|
9 |
WEB
|
MATASANOS
|
|
2008-10-06
|
|
PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion
|
8 |
WEB
|
Pepelux
|
|
2008-10-06
|
|
PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion
|
7 |
WEB
|
Pepelux
|
|
2008-10-06
|
|
Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass
|
9 |
WEB
|
WHK
|
|
2008-10-03
|
|
AmpJuke 0.7.5 - 'index.php' SQL Injection
|
11 |
WEB
|
S_DLA_S
|
|
2008-10-05
|
|
VeriSign Kontiki Delivery Management System 5.0 - 'action' Cross-Site Scripting
|
11 |
WEB
|
Mazin Faour
|
|
2008-10-03
|
|
Website Directory - 'index.php' Cross-Site Scripting
|
11 |
WEB
|
Ghost Hacker
|
|
2008-10-02
|
|
Dreamcost HostAdmin 3.1 - 'index.php' Cross-Site Scripting
|
9 |
WEB
|
Am!r
|
|
2008-10-01
|
|
WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities
|
12 |
WEB
|
Omer Singer
|
|
2008-10-01
|
|
H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
C1c4Tr1Z
|
|
2008-10-01
|
|
Celoxis - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
teuquooch1seero
|
|
2008-09-30
|
|
A4Desk Event Calendar - 'v' Remote File Inclusion
|
9 |
WEB
|
Lo$er
|
|
2008-09-29
|
|
WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Juan Galiana Lara
|
|
2008-09-29
|
|
CAcert - 'analyse.php' Cross-Site Scripting
|
9 |
WEB
|
Alexander Klink
|
|
2008-09-29
|
|
PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass
|
8 |
WEB
|
Crackers_Child
|
|
2014-03-22
|
|
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
|
10 |
WEB
|
Brandon Perry
|
|
2008-09-27
|
|
Recipe Script - 'search.php' Cross-Site Scripting
|
11 |
WEB
|
Ghost Hacker
|
|
2008-09-27
|
|
Membership Script - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Ghost Hacker
|
|
2008-09-27
|
|
ClickBank Portal - 'search.php' Cross-Site Scripting
|
9 |
WEB
|
Ghost Hacker
|
|
2008-09-27
|
|
Lyrics Script - 'search_results.php' Cross-Site Scripting
|
9 |
WEB
|
Ghost Hacker
|
|
2008-09-27
|
|
WhoDomLite 1.1.3 - 'wholite.cgi' Cross-Site Scripting
|
9 |
WEB
|
Ghost Hacker
|
|
2008-09-26
|
|
Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion
|
8 |
WEB
|
Br0k3n H34rT
|
|
2008-09-25
|
|
OpenNMS 1.5.x - 'filter' Cross-Site Scripting
|
9 |
WEB
|
d2d
|
|
2008-09-25
|
|
OpenNMS 1.5.x - 'Username' Cross-Site Scripting
|
9 |
WEB
|
d2d
|
|
2008-09-25
|
|
OpenNMS 1.5.x - 'j_username' Cross-Site Scripting
|
11 |
WEB
|
d2d
|
|
2008-09-25
|
|
Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access
|
10 |
WEB
|
StAkeR
|
|
2008-09-25
|
|
Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Fabian Fingerle
|
|
2008-09-25
|
|
Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion
|
10 |
WEB
|
Pepelux
|
|
2008-09-25
|
|
EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injections
|
9 |
WEB
|
David Sopas
|
|
2008-09-24
|
|
Drupal Module Ajax Checklist 5.x-1.0 - Multiple SQL Injections
|
9 |
WEB
|
Justin C. Klein Keane
|
|
2008-09-23
|
|
InterTech WCMS - 'etemplate.php' SQL Injection
|
8 |
WEB
|
GeNiUs IrAQI
|
|
2008-09-23
|
|
Omnicom Content Platform - 'browser.asp' Directory Traversal
|
9 |
WEB
|
AlbaniaN-[H]
|
|
2008-09-23
|
|
Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting
|
9 |
WEB
|
Hadi Kiamarsi
|
|
2008-09-22
|
|
6rbScript - 'cat.php' SQL Injection
|
7 |
WEB
|
Karar Alshami
|
|
2008-09-20
|
|
Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting
|
8 |
WEB
|
Rohit Bansal
|
|
2008-09-21
|
|
BlueCUBE CMS - 'tienda.php' SQL Injection
|
10 |
WEB
|
r45c4l
|
|
2008-09-22
|
|
BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation
|
8 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
xt:Commerce 3.04 - 'XTCsid' Session Fixation
|
11 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
xt:Commerce 3.04 - 'advanced_search_result.php?keywords' Cross-Site Scripting
|
9 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
Fuzzylime (cms) 3.0 - 'usercheck.php' Cross-Site Scripting
|
8 |
WEB
|
Fabian Fingerle
|
|
2008-09-22
|
|
MapCal 0.1 - 'id' SQL Injection
|
9 |
WEB
|
0x90
|
|
2008-09-22
|
|
UNAK-CMS - Cookie Authentication Bypass
|
9 |
WEB
|
Ciph3r
|
|
2008-09-22
|
|
rgb72 WCMS 1.0 - 'index.php' SQL Injection
|
9 |
WEB
|
CWH Underground
|
|
2008-09-21
|
|
eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting
|
10 |
WEB
|
DigiTrust Group
|
|
2008-09-19
|
|
PHP Pro Bid 5.2.4/6.04 - Multiple SQL Injections
|
10 |
WEB
|
Jan Van Niekerk
|
|
2008-09-19
|
|
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
t0fx
|
|
2008-09-19
|
|
HyperStop WebHost Directory 1.2 - Database Disclosure
|
8 |
WEB
|
r45c4l
|
|
2008-09-18
|
|
Sama Educational Management System - 'error.asp' Cross-Site Scripting
|
9 |
WEB
|
Lagon666
|
|
2008-09-17
|
|
Add a link 4 - Security Bypass / SQL Injection
|
12 |
WEB
|
JosS
|
|
2008-09-17
|
|
Quick Cart 3.1 - 'admin.php' Cross-Site Scripting
|
10 |
WEB
|
John Cobb
|
|
2008-09-17
|
|
Cars & Vehicle - 'page.php' SQL Injection
|
12 |
WEB
|
Hussin X
|
|
2008-09-16
|
|
Quick CMS Lite 2.1 - 'admin.php' Cross-Site Scripting
|
9 |
WEB
|
John Cobb
|
|
2014-03-20
|
|
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
|
8 |
WEB
|
Dhruv Shah
|
|
2008-09-15
|
|
phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution
|
8 |
WEB
|
Norman Hippert
|
|
2014-03-20
|
|
OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities
|
11 |
WEB
|
//sToRm
|
|
2014-03-20
|
|
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2014-03-19
|
|
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
|
10 |
WEB
|
xistence
|
|
2014-03-19
|
|
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
|
9 |
WEB
|
Brandon Perry
|
|
2008-09-12
|
|
QuicO - 'photo.php' SQL Injection
|
10 |
WEB
|
Beenu Arora
|
|
2008-09-12
|
|
Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
Xylitol
|
|
2008-09-12
|
|
Dynamic MP3 Lister 2.0.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Xylitol
|
|
2008-09-11
|
|
Nooms 1.1 - 'search.php?q' Cross-Site Scripting
|
11 |
WEB
|
Dr.Crash
|
|
2008-09-11
|
|
Nooms 1.1 - 'smileys.php?page_id' Cross-Site Scripting
|
12 |
WEB
|
Dr.Crash
|
|
2008-09-10
|
|
Hot Links SQL-PHP - 'news.php' SQL Injection
|
13 |
WEB
|
r45c4l
|
|
2008-09-10
|
|
Horde 3.2 - MIME Attachment Filename Insufficient Filtering Cross-Site Scripting
|
10 |
WEB
|
Alexios Fakos
|
|
2008-09-10
|
|
Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting
|
11 |
WEB
|
Alexios Fakos
|
|
2008-09-10
|
|
AvailScript Job Portal Script - 'applynow.php' SQL Injection
|
11 |
WEB
|
InjEctOr5
|
|
2008-09-10
|
|
Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions
|
10 |
WEB
|
SirGod
|
|
2008-09-02
|
|
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
|
10 |
WEB
|
GulfTech Security
|
|
2008-09-07
|
|
E-PHP B2B Trading Marketplace Script - 'listings.php' SQL Injection
|
9 |
WEB
|
r45c4l
|
|
2008-09-08
|
|
eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection
|
10 |
WEB
|
Omer Singer
|
|
2008-09-08
|
|
Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
sl4xUz
|
|
2008-09-07
|
|
phpAdultSite CMS - 'results_per_page' Cross-Site Scripting
|
8 |
WEB
|
David Sopas
|
|
2008-09-06
|
|
Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Maximiliano Soler
|
|
2008-09-03
|
|
CeleronDude Uploader 6.1 - 'account.php' Cross-Site Scripting
|
11 |
WEB
|
Xc0re
|
|
2014-03-17
|
|
Joomla! Component AJAX Shoutbox 1.6 - SQL Injection
|
9 |
WEB
|
Ibrahim Raafat
|
|
2014-03-17
|
|
OpenSupports 2.0 - Blind SQL Injection
|
8 |
WEB
|
indoushka
|
|
2008-09-04
|
|
XRms 1.99.2 - 'starting' Cross-Site Scripting
|
10 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'file_id' Cross-Site Scripting
|
11 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'case_title' Cross-Site Scripting
|
9 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
|
9 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
|
9 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'last_name' Cross-Site Scripting
|
10 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'company_name' Cross-Site Scripting
|
8 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'title' Cross-Site Scripting
|
9 |
WEB
|
Fabian Fingerle
|
|
2014-03-17
|
|
OpenSupports 2.x - Authentication Bypass / Cross-Site Request Forgery
|
9 |
WEB
|
TN CYB3R
|
|
2008-09-04
|
|
XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
|
9 |
WEB
|
Fabian Fingerle
|
|
2008-09-03
|
|
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
C1c4Tr1Z
|
|
2008-09-03
|
|
eliteCMS 1.0 - 'page' SQL Injection
|
9 |
WEB
|
e.wiZz!
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'user_profile.php?redirect_url' Cross-Site Scripting
|
8 |
WEB
|
C1c4Tr1Z
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'listings.php?title' Cross-Site Scripting
|
9 |
WEB
|
C1c4Tr1Z
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'user_admin.php?user_id' Cross-Site Scripting
|
10 |
WEB
|
C1c4Tr1Z
|
|
2008-09-02
|
|
IDevSpot BizDirectory 2.04 - 'page' Cross-Site Scripting
|
7 |
WEB
|
Am!r
|
|
2008-08-29
|
|
Full PHP Emlak Script - 'landsee.php' SQL Injection
|
7 |
WEB
|
Hussin X
|
|
2008-09-01
|
|
GenPortal - 'buscarCat.php' Cross-Site Scripting
|
9 |
WEB
|
sl4xUz
|
|
2008-09-01
|
|
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Fabian Fingerle
|
|
2008-08-29
|
|
dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
C1c4Tr1Z
|
|
2008-08-27
|
|
AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting
|
9 |
WEB
|
Bug Researchers Group
|
|
2008-08-26
|
|
Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting
|
8 |
WEB
|
JoCk3r
|
|
2008-08-26
|
|
MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting
|
8 |
WEB
|
Sam Georgiou
|
|
2008-08-26
|
|
HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting
|
7 |
WEB
|
Luca Carettoni
|
|
2008-08-26
|
|
Smart Survey 1.0 - 'surveyresults.asp' Cross-Site Scripting
|
9 |
WEB
|
Bug Researchers Group
|
|
2008-08-25
|
|
Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Lostmon
|
|
2008-08-25
|
|
PHP-Ultimate WebBoard 2.0 - 'admindel.php' Multiple Input Validation Vulnerabilities
|
7 |
WEB
|
t0pP8uZz
|
|
2008-08-23
|
|
One-News - Multiple Input Validation Vulnerabilities
|
10 |
WEB
|
suN8Hclf
|
|
2008-08-22
|
|
PicturesPro Photo Cart 3.9 - Search Cross-Site Scripting
|
8 |
WEB
|
Tyler Trioxide
|
|
2008-08-22
|
|
Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Eric Beaulieu
|
|
2008-08-21
|
|
TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Doz
|
|
2008-08-21
|
|
FAR-PHP 1.0 - 'index.php' Local File Inclusion
|
8 |
WEB
|
Beenu Arora
|
|
2008-08-20
|
|
vBulletin 3.6.10/3.7.2 - '$newpm[title]' Cross-Site Scripting
|
10 |
WEB
|
Core Security
|
|
2008-08-21
|
|
Simasy CMS - 'id' SQL Injection
|
10 |
WEB
|
r45c4l
|
|
2008-08-21
|
|
Scripts4Profit DXShopCart 4.30 - 'pid' SQL Injection
|
9 |
WEB
|
Hussin X
|
|
2014-03-15
|
|
Church Edit - Blind SQL Injection
|
8 |
WEB
|
ThatIcyChill
|
|
2008-06-19
|
|
Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure
|
8 |
WEB
|
Charalambous Glafkos
|
|
2008-08-20
|
|
YourFreeWorld Ad-Exchange Script - 'id' SQL Injection
|
8 |
WEB
|
Hussin X
|
|
2008-08-19
|
|
Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting
|
10 |
WEB
|
GulfTech Security
|
|
2008-08-18
|
|
K Web CMS - 'sayfala.asp' SQL Injection
|
7 |
WEB
|
baltazar
|
|
2008-08-18
|
|
itMedia - Multiple SQL Injections
|
7 |
WEB
|
baltazar
|
|
2014-03-14
|
|
Synology DSM 4.3-3827 - 'article.php' Blind SQL Injection
|
10 |
WEB
|
Michael Wisniewski
|
