|
2005-05-04
|
|
Interspire articlelive 2005 - Multiple Vulnerabilities
|
7 |
WEB
|
Dcrab
|
|
2005-05-04
|
|
ASP Inline Corporate Calendar 3.6.3 - 'Details.asp' SQL Injection
|
7 |
WEB
|
Zinho
|
|
2005-05-04
|
|
ASP Inline Corporate Calendar 3.6.3 - 'Defer.asp' SQL Injection
|
8 |
WEB
|
Zinho
|
|
2005-05-04
|
|
Gossamer Threads Links 2.x - 'User.cgi' Cross-Site Scripting
|
7 |
WEB
|
Nathan House
|
|
2005-05-03
|
|
Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting
|
7 |
WEB
|
arron ward
|
|
2005-05-03
|
|
WebCrossing WebX 5.0 - Cross-Site Scripting
|
7 |
WEB
|
dr_insane
|
|
2005-05-03
|
|
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
|
7 |
WEB
|
GulfTech Security
|
|
2005-05-03
|
|
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
|
7 |
WEB
|
GulfTech Security
|
|
2005-05-02
|
|
Maxwebportal 1.3 - 'custom_link.asp' Multiple SQL Injections
|
6 |
WEB
|
s-dalili
|
|
2005-05-02
|
|
Maxwebportal 1.3 - 'dl_toprated.asp' SQL Injection
|
7 |
WEB
|
s-dalili
|
|
2005-05-02
|
|
Maxwebportal 1.3 - 'pic_popular.asp' SQL Injection
|
7 |
WEB
|
s-dalili
|
|
2005-05-02
|
|
Maxwebportal 1.3 - 'links_popular.asp' SQL Injection
|
7 |
WEB
|
s-dalili
|
|
2005-05-02
|
|
Maxwebportal 1.3 - 'dl_popular.asp' SQL Injection
|
7 |
WEB
|
s-dalili
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'news_view.php' Multiple Cross-Site Scripting Vulnerabiliti
|
7 |
WEB
|
Lostmon
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'products.php' Multiple Cross-Site Scripting Vulnerabilitie
|
7 |
WEB
|
Lostmon
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'product_details.php?category_id' Cross-Site Scripting
|
8 |
WEB
|
Lostmon
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'reviews.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Lostmon
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'page.php?page' Cross-Site Scripting
|
7 |
WEB
|
Lostmon
|
|
2005-05-02
|
|
CodetoSell ViArt Shop Enterprise 2.1.6 - 'basket.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Lostmon
|
|
2005-04-30
|
|
JGS-Portal 3.0.1 - 'ID' SQL Injection
|
9 |
WEB
|
admin@batznet.com
|
|
2005-04-28
|
|
phpCOIN 1.2 Pages Module - Multiple SQL Injections
|
9 |
WEB
|
Dcrab
|
|
2005-04-28
|
|
phpCOIN 1.2 - 'login.php?PHPcoinsessid' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-28
|
|
Just William's Amazon Webstore - HTTP Response Splitting
|
8 |
WEB
|
Lostmon
|
|
2005-04-28
|
|
Just William's Amazon Webstore - 'CurrentNumber' Cross-Site Scripting
|
9 |
WEB
|
Lostmon
|
|
2005-04-28
|
|
Just William's Amazon Webstore - 'searchFor' Cross-Site Scripting
|
9 |
WEB
|
Lostmon
|
|
2005-04-28
|
|
Just William's Amazon Webstore - 'CurrentIsExpanded' Cross-Site Scripting
|
9 |
WEB
|
Lostmon
|
|
2005-04-28
|
|
Just William's Amazon Webstore - 'Closeup.php?Image' Cross-Site Scripting
|
8 |
WEB
|
Lostmon
|
|
2005-04-28
|
|
phpBB Notes Module - SQL Injection
|
8 |
WEB
|
GulfTech Security
|
|
2005-04-27
|
|
Dream4 Koobi CMS 4.2.3 - 'index.php?Q' SQL Injection
|
8 |
WEB
|
CENSORED Search Vulnerabilities
|
|
2005-04-27
|
|
Dream4 Koobi CMS 4.2.3 - 'index.php?P' SQL Injection
|
9 |
WEB
|
CENSORED Search Vulnerabilities
|
|
2005-04-27
|
|
Claroline E-Learning 1.5/1.6 - 'exercises_details.php?exo_id' SQL Injection
|
8 |
WEB
|
Sieg Fried
|
|
2005-04-27
|
|
Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple SQL Injections
|
8 |
WEB
|
Sieg Fried
|
|
2005-04-27
|
|
Claroline 1.5/1.6 - 'myagenda.php?coursePath' Cross-Site Scripting
|
8 |
WEB
|
Sieg Fried
|
|
2005-04-27
|
|
Claroline 1.5/1.6 - 'user_access_details.php?data' Cross-Site Scripting
|
9 |
WEB
|
Sieg Fried
|
|
2005-04-27
|
|
Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting
|
9 |
WEB
|
Sieg Fried
|
|
2005-04-27
|
|
PHPCart - Input Validation
|
9 |
WEB
|
Lostmon
|
|
2004-04-26
|
|
BBlog 0.7.4 - 'PostID' SQL Injection
|
8 |
WEB
|
jericho+bblog@attrition.org
|
|
2005-04-26
|
|
MetaBid Auctions - 'intAuctionID' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart2 - 'strSubCatalog_NAME' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart2 - 'CurCatalogID' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart2 - 'StrSubCatalogID' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart2 - 'IntCatalogID' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
GrayCMS 1.1 - 'error.php' Remote File Inclusion
|
8 |
WEB
|
Kold
|
|
2005-04-26
|
|
MetaCart E-Shop V-8 - 'StrCatalog_NAME' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
MetaCart E-Shop V-8 - 'IntProdID' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-26
|
|
Invision Power Board 2.0.1 - 'QPid' SQL Injection
|
8 |
WEB
|
SVT
|
|
2005-04-15
|
|
SqWebMail 3.x/4.0 - HTTP Response Splitting
|
8 |
WEB
|
Zinho
|
|
2005-04-24
|
|
Yappa-ng 1.x/2.x - Cross-Site Scripting
|
9 |
WEB
|
GulfTech Security
|
|
2005-04-24
|
|
Yappa-ng 1.x/2.x - Remote File Inclusion
|
9 |
WEB
|
GulfTech Security
|
|
2005-04-26
|
|
PHPMyVisites 1.3 - 'Set_Lang' File Inclusion
|
8 |
WEB
|
Max Cerny
|
|
2005-04-25
|
|
OneWorldStore - IDOrder Information Disclosure
|
9 |
WEB
|
Lostmon
|
|
2005-04-25
|
|
StorePortal 2.63 - 'default.asp' Multiple SQL Injections
|
9 |
WEB
|
Dcrab
|
|
2005-04-25
|
|
WoltLab Burning Board 2.3.1 - 'PMS.php' Cross-Site Scripting
|
10 |
WEB
|
deluxe89
|
|
2005-04-23
|
|
phpBB 2.0.x - 'viewtopic.php' Cross-Site Scripting
|
8 |
WEB
|
HaCkZaTaN
|
|
2005-04-23
|
|
phpBB 2.0.x - 'profile.php' Cross-Site Scripting
|
7 |
WEB
|
HaCkZaTaN
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'searchresults.asp' Name Argument Cross-Site Scripting
|
8 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'searchresults.asp' SKU Argument Cross-Site Scripting
|
8 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
|
8 |
WEB
|
Dcrab
|
|
2013-04-16
|
|
ZPanel - 'templateparser.class.php' Crafted Template Remote Command Execution
|
7 |
WEB
|
Sven Slootweg
|
|
2013-05-17
|
|
Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'login.asp' Redirect Argument Cross-Site Scripting
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'error.asp' Cross-Site Scripting
|
8 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'Access.asp' Cross-Site Scripting
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'AddToWishlist.asp' Cross-Site Scripting
|
20 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'TellAFriend.asp' Cross-Site Scripting
|
6 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'searchresults.asp' idcategory Argument SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'searchresults.asp' PriceFrom Argument SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'searchresults.asp' PriceTo Argument SQL Injection
|
7 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'ProductDetails.asp' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'ProductCatalogSubCats.asp' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
CartWIZ 1.10 - 'AddToCart.asp' SQL Injection
|
7 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
Black Knight Forum 4.0 - 'forum.asp' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-23
|
|
Black Knight Forum 4.0 - 'Member.asp' SQL Injection
|
7 |
WEB
|
Dcrab
|
|
2005-04-22
|
|
WoltLab Burning Board 2.3.1 - 'thread.php' Cross-Site Scripting
|
8 |
WEB
|
deluxe89
|
|
2005-04-22
|
|
ASPNuke 0.80 - 'Select.asp' Cross-Site Scripting
|
7 |
WEB
|
Dcrab
|
|
2005-04-22
|
|
ASPNuke 0.80 - 'profile.asp' Cross-Site Scripting
|
7 |
WEB
|
Dcrab
|
|
2005-04-22
|
|
ASPNuke 0.80 - 'detail.asp' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-22
|
|
ASPNuke 0.80 - 'Comments.asp' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2013-05-17
|
|
PHP-Charts 1.0 - Code Execution
|
11 |
WEB
|
fizzle stick
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - AdminShop MMActionComm Cross-Site Scripting
|
9 |
WEB
|
Lostmon
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - AdminShop ProMod Cross-Site Scripting
|
11 |
WEB
|
Lostmon
|
|
2013-05-17
|
|
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting
|
12 |
WEB
|
r0ng
|
|
2004-04-21
|
|
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting
|
10 |
WEB
|
Lostmon
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - AdminShop ModID Cross-Site Scripting
|
10 |
WEB
|
Lostmon
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - AdminShop HDoc Cross-Site Scripting
|
8 |
WEB
|
Lostmon
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - Ckprvd Cross-Site Scripting
|
9 |
WEB
|
Lostmon
|
|
2005-04-21
|
|
ProfitCode Software PayProCart 3.0 - 'Username' Cross-Site Scripting
|
8 |
WEB
|
Lostmon
|
|
2005-04-20
|
|
DUportal 3.1.2 - 'type.asp?iCat' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal 3.1.2 - 'inc_rating.asp' Multiple SQL Injections
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal 3.1.2 - 'inc_poll_voting.asp?DAT_PARENT' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal 3.1.2 - 'channel.asp?iChannel' SQL Injection
|
9 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'detail.asp' Multiple SQL Injections
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'cat.asp' Multiple SQL Injections
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'result.asp' Multiple SQL Injections
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'inc_vote.asp' Multiple SQL Injections
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'search.asp?iChannel' SQL Injection
|
8 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
DUportal Pro 3.4 - 'default.asp' Multiple SQL Injections
|
9 |
WEB
|
Dcrab
|
|
2005-04-20
|
|
phpBB-Auction Module 1.0/1.2 - 'Auction_Offer.php' SQL Injection
|
8 |
WEB
|
sNKenjoi
|
|
2005-04-20
|
|
phpBB-Auction Module 1.0/1.2 - 'Auction_Rating.php' SQL Injection
|
9 |
WEB
|
sNKenjoi
|
|
2005-04-20
|
|
PHP Labs - '.proFile' File URI Cross-Site Scripting
|
9 |
WEB
|
sNKenjoi
|
|
2005-04-20
|
|
Ocean12 Calendar Manager 1.0 - Admin Form SQL Injection
|
10 |
WEB
|
Zinho
|
|
2005-04-20
|
|
PHP Labs - '.proFile' Dir URI Cross-Site Scripting
|
9 |
WEB
|
sNKenjoi
|
|
2005-04-20
|
|
Netref 4.2 - 'Cat_for_gen.php' Remote PHP Script Injection
|
9 |
WEB
|
jaguar
|
|
2005-04-20
|
|
ECommPro 3.0 - 'Admin/login.asp' SQL Injection
|
9 |
WEB
|
c0d3r
|
|
2005-04-19
|
|
CityPost Simple PHP Upload - 'Simple-upload-53.php' Cross-Site Scripting
|
9 |
WEB
|
Thom
|
|
2005-04-19
|
|
CityPost PHP Image Editor M1/M2/M3/Imgsrc/M4 - 'URI' Cross-Site Scripting
|
8 |
WEB
|
Thom
|
|
2005-04-19
|
|
CityPost PHP LNKX 52.0 - 'message.php' Cross-Site Scripting
|
8 |
WEB
|
Thom
|
|
2005-03-11
|
|
UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection
|
8 |
WEB
|
HLL
|
|
2005-04-19
|
|
OneWorldStore - 'DisplayResults.asp' Cross-Site Scripting
|
7 |
WEB
|
Lostmon
|
|
2005-04-19
|
|
OneWorldStore - 'DisplayResults.asp' SQL Injection
|
8 |
WEB
|
Lostmon
|
|
2005-04-13
|
|
phpBB 1.x/2.0.x - Knowledge Base Module 'KB.php' SQL Injection
|
9 |
WEB
|
deluxe@security-project.org
|
|
2013-05-14
|
|
UMI CMS 2.9 - Cross-Site Request Forgery
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2013-05-14
|
|
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
|
8 |
WEB
|
RunRunLevel
|
|
2013-05-14
|
|
WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection
|
9 |
WEB
|
Ahmed Aboul-Ela
|
|
2013-05-14
|
|
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
|
8 |
WEB
|
John JEAN
|
|
2013-05-14
|
|
WordPress Plugin wp-FileManager - Arbitrary File Download
|
9 |
WEB
|
ByEge
|
|
2005-04-18
|
|
MVNForum 1.0 - Search Cross-Site Scripting
|
8 |
WEB
|
hoang yen
|
|
2005-04-18
|
|
eGroupWare 1.0 - 'index.php?cats_app' SQL Injection
|
8 |
WEB
|
GulfTech Security
|
|
2005-04-18
|
|
eGroupWare 1.0 - '/tts/index.php?filter' SQL Injection
|
9 |
WEB
|
GulfTech Security
|
|
2005-04-18
|
|
eGroupWare 1.0 - '/sitemgr-site/index.php?category_id' Cross-Site Scripting
|
8 |
WEB
|
GulfTech Security
|
|
2005-04-18
|
|
eGroupWare 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
GulfTech Security
|
|
2005-04-16
|
|
Datenbank Module For phpBB - 'Remote mod.php' Cross-Site Scripting
|
9 |
WEB
|
tom cruise
|
|
2005-04-16
|
|
phpBB Remote - 'mod.php' SQL Injection
|
9 |
WEB
|
tom cruise
|
|
2006-10-19
|
|
Ariadne CMS 2.4 - Remote File Inclusion
|
8 |
WEB
|
Fidel Costa
|
