|
2005-02-15
|
|
CitrusDB 0.3.6 - 'uploadcc.php' Arbitrary Database Injection
|
20 |
WEB
|
RedTeam Pentesting
|
|
2005-02-15
|
|
CitrusDB 0.3.6 - 'importcc.php' Arbitrary Database Injection
|
21 |
WEB
|
RedTeam Pentesting
|
|
2005-02-14
|
|
Brooky CubeCart 2.0.1/2.0.4 - 'index.php?language' Traversal Arbitrary File Access
|
19 |
WEB
|
John Cobb
|
|
2005-02-14
|
|
Brooky CubeCart 2.0.1/2.0.4 - 'index.php?language' Cross-Site Scripting
|
17 |
WEB
|
John Cobb
|
|
2005-02-14
|
|
AWStats 5.x/6.x - Debug Remote Information Disclosure
|
19 |
WEB
|
GHC
|
|
2005-02-09
|
|
MercuryBoard 1.1 - 'index.php' SQL Injection
|
20 |
WEB
|
Zeelock
|
|
2005-02-08
|
|
XGB 2.0 - Authentication Bypass
|
19 |
WEB
|
Albania Security Clan
|
|
2005-02-08
|
|
PHP-Fusion 4.0 - 'Viewthread.php' Information Disclosure
|
22 |
WEB
|
TheGreatOne2176
|
|
2013-04-29
|
|
Foe CMS 1.6.5 - Multiple Vulnerabilities
|
21 |
WEB
|
flux77
|
|
2013-04-26
|
|
Joomla! 3.0.3 - 'remember.php' PHP Object Injection
|
16 |
WEB
|
EgiX
|
|
2013-04-29
|
|
Ipswitch IMail 11.01 - Cross-Site Scripting
|
18 |
WEB
|
DaOne
|
|
2005-02-07
|
|
Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection
|
24 |
WEB
|
Morning Wood
|
|
2005-02-02
|
|
Eurofull E-Commerce - 'Mensresp.asp' Cross-Site Scripting
|
22 |
WEB
|
Yani-ari
|
|
2005-01-28
|
|
XOOPS Module module 3.0 - Directory Traversal
|
21 |
WEB
|
Lostmon
|
|
2005-01-29
|
|
Captaris Infinite Mobile Delivery Webmail 2.6 - Full Path Disclosure
|
19 |
WEB
|
steven@lovebug.org
|
|
2005-01-28
|
|
IceWarp Web Mail 5.3 - 'accountsettings_add.html?accountid' Cross-Site Scripting
|
16 |
WEB
|
ShineShadow
|
|
2005-01-28
|
|
IceWarp Web Mail 5.3 - login.html 'Username' Cross-Site Scripting
|
20 |
WEB
|
ShineShadow
|
|
2005-01-28
|
|
alt-n WebAdmin 3.0.2 - Multiple Vulnerabilities
|
20 |
WEB
|
David A. P?rez
|
|
2005-01-27
|
|
Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload
|
19 |
WEB
|
Tan Chew Keong
|
|
2005-01-27
|
|
Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access
|
20 |
WEB
|
Tan Chew Keong
|
|
2005-01-25
|
|
Comdev eCommerce 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
17 |
WEB
|
SmOk3
|
|
2005-01-25
|
|
Comersus Cart 5.0/6.0 - Multiple Vulnerabilities
|
19 |
WEB
|
raf somers
|
|
2005-01-25
|
|
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities
|
18 |
WEB
|
Alberto Trivero
|
|
2005-12-25
|
|
Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities
|
19 |
WEB
|
y3dips
|
|
2005-01-19
|
|
Siteman 1.1 - User Database Privilege Escalation (2)
|
23 |
WEB
|
amironline452
|
|
2005-01-19
|
|
Siteman 1.1 - User Database Privilege Escalation (1)
|
18 |
WEB
|
Noam Rathaus
|
|
2004-12-23
|
|
Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution
|
20 |
WEB
|
Poznan Supercomputing
|
|
2004-12-22
|
|
2BGal 2.5.1 - SQL Injection
|
19 |
WEB
|
zib
|
|
2004-01-27
|
|
phpGroupWare 0.9.x - 'index.php' HTML Injection
|
19 |
WEB
|
Cedric Cochin
|
|
2004-01-27
|
|
phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion
|
20 |
WEB
|
Cedric Cochin
|
|
2004-12-20
|
|
Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution
|
20 |
WEB
|
Jaroslaw Sajko
|
|
2004-12-20
|
|
escripts software e_board 4.0 - Directory Traversal
|
21 |
WEB
|
white_e@nogimmick.org
|
|
2004-12-18
|
|
Kayako eSupport 2.x - Ticket System Multiple SQL Injections
|
21 |
WEB
|
GulfTech Security
|
|
2004-12-18
|
|
Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
|
21 |
WEB
|
GulfTech Security
|
|
2013-04-26
|
|
D-Link DIR-635 - Multiple Vulnerabilities
|
19 |
WEB
|
m-1-k-3
|
|
2004-12-17
|
|
WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities
|
20 |
WEB
|
Lostmon
|
|
2013-04-25
|
|
phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
|
22 |
WEB
|
waraxe
|
|
2013-04-25
|
|
Hornbill Supportworks ITSM 1.0.0 - SQL Injection
|
19 |
WEB
|
Joseph Sheridan
|
|
2004-12-16
|
|
MediaWiki 1.3.x - Arbitrary Script Upload
|
20 |
WEB
|
Jeremy Bae
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
|
20 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
|
22 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
|
20 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
|
17 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
|
19 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
|
18 |
WEB
|
Thomas Waldegger
|
|
2004-12-16
|
|
JSBoard 2.0.x - Arbitrary Script Upload
|
17 |
WEB
|
Jeremy Bae
|
|
2004-12-16
|
|
IkonBoard 3.x - Multiple SQL Injections
|
17 |
WEB
|
anonymous
|
|
2013-04-23
|
|
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
|
20 |
WEB
|
m-1-k-3
|
|
2013-04-22
|
|
VoipNow 2.5 - Local File Inclusion
|
18 |
WEB
|
i-Hmx
|
|
2013-04-22
|
|
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
|
19 |
WEB
|
iskorpitx
|
|
2013-04-19
|
|
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
|
19 |
WEB
|
Neal Poole
|
|
2013-04-18
|
|
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
|
19 |
WEB
|
High-Tech Bridge SA
|
|
2013-04-18
|
|
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
|
17 |
WEB
|
SEC Consult
|
|
2013-04-15
|
|
phpVms Virtual Airline Administration 2.1.934/2.1.935 - SQL Injection
|
19 |
WEB
|
NoGe
|
|
2013-04-15
|
|
CMSLogik 1.2.1 - Multiple Vulnerabilities
|
17 |
WEB
|
LiquidWorm
|
|
2013-04-15
|
|
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
|
19 |
WEB
|
Henry Hoggard
|
|
2013-04-12
|
|
Simple HRM System 2.3 - Multiple Vulnerabilities
|
18 |
WEB
|
Doraemon
|
|
2013-04-12
|
|
Free Monthly Websites 2.0 - Admin Password Change
|
20 |
WEB
|
Yassin Aboukir
|
|
2013-04-09
|
|
ZAPms 1.41 - SQL Injection
|
26 |
WEB
|
NoGe
|
|
2013-04-08
|
|
WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php?hash' SQL Injection
|
19 |
WEB
|
HJauditing Employee Tim
|
|
2013-04-08
|
|
Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities
|
19 |
WEB
|
SEC Consult
|
|
2013-04-08
|
|
TP-Link TD-8817 6.0.1 Build 111128 Rel.26763 - Cross-Site Request Forgery
|
23 |
WEB
|
Un0wn_X
|
|
2013-04-08
|
|
Vanilla Forums 2-0-18-4 - SQL Injection
|
18 |
WEB
|
bl4ckw0rm
|
|
2013-04-08
|
|
D-Link - Multiple Vulnerabilities
|
20 |
WEB
|
m-1-k-3
|
|
2013-04-08
|
|
Belkin Wemo - Arbitrary Firmware Upload
|
17 |
WEB
|
Daniel Buentello
|
|
2013-04-08
|
|
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
|
19 |
WEB
|
Luigi Vezzoso
|
|
2013-04-08
|
|
OpenCart - Cross-Site Request Forgery (Change User Password)
|
21 |
WEB
|
Saadi Siddiqui
|
|
2013-04-02
|
|
Netgear WNR1000 - Authentication Bypass
|
18 |
WEB
|
Roberto Paleari
|
|
2013-04-02
|
|
Aspen 0.8 - Directory Traversal
|
20 |
WEB
|
Daniel Ricardo dos Santos
|
|
2013-04-02
|
|
WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting
|
20 |
WEB
|
Rob Armstrong
|
|
2013-04-02
|
|
Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting
|
17 |
WEB
|
Daniel Ricardo dos Santos
|
|
2013-04-02
|
|
Pollen CMS 0.6 - 'index.php?p' Paramete' Local File Disclosure
|
16 |
WEB
|
MizoZ
|
|
2013-03-29
|
|
AWS Xms 2.5 - 'importer.php?what' Directory Traversal
|
19 |
WEB
|
High-Tech Bridge SA
|
|
2013-03-29
|
|
MailOrderWorks 5.907 - Multiple Vulnerabilities
|
21 |
WEB
|
Vulnerability-Lab
|
|
2013-03-29
|
|
SynConnect Pms - 'index.php?loginid' SQL Injection
|
21 |
WEB
|
Bhadresh Patel
|
|
2013-03-27
|
|
ClipShare 4.1.1 - Multiples Vulnerabilities
|
20 |
WEB
|
Esac
|
|
2013-03-27
|
|
PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection
|
20 |
WEB
|
Mohamed from ALG
|
|
2013-03-26
|
|
WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery
|
19 |
WEB
|
Junaid Hussain
|
|
2013-03-25
|
|
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)
|
20 |
WEB
|
bwall
|
|
2013-03-25
|
|
vBulletin 5.0.0 Beta 11 < 5.0.0 Beta 28 - SQL Injection
|
21 |
WEB
|
Orestis Kourides
|
|
2013-03-25
|
|
ClipShare 4.1.1 - 'gid' Blind SQL Injection
|
22 |
WEB
|
Esac
|
|
2013-03-25
|
|
Free Hosting Manager 2.0.2 - Multiple SQL Injections
|
23 |
WEB
|
Saadi Siddiqui
|
|
2013-03-22
|
|
OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access
|
18 |
WEB
|
waraxe
|
|
2013-03-22
|
|
Stradus CMS 1.0beta4 - Multiple Vulnerabilities
|
19 |
WEB
|
DaOne
|
|
2013-03-22
|
|
Slash CMS - Multiple Vulnerabilities
|
17 |
WEB
|
DaOne
|
|
2013-03-22
|
|
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion
|
23 |
WEB
|
DaOne
|
|
2013-03-22
|
|
AContent 1.3 - Local File Inclusion
|
18 |
WEB
|
DaOne
|
|
2013-03-22
|
|
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection
|
21 |
WEB
|
m3tamantra
|
|
2013-03-22
|
|
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
|
19 |
WEB
|
m3tamantra
|
|
2013-03-22
|
|
StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure
|
22 |
WEB
|
Todor Donev
|
|
2013-03-19
|
|
ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities
|
20 |
WEB
|
Matthew R. Bucci
|
|
2013-03-19
|
|
Rebus:list - 'list.php?list_id' SQL Injection
|
16 |
WEB
|
Robert Cooper
|
|
2013-03-19
|
|
Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
|
20 |
WEB
|
Jacob Holcomb
|
|
2013-03-19
|
|
WordPress Plugin Count Per Day 3.2.5 - 'counter.php' Cross-Site Scripting
|
20 |
WEB
|
m3tamantra
|
|
2013-03-19
|
|
WordPress Plugin Occasions 1.0.4 - Cross-Site Request Forgery
|
18 |
WEB
|
m3tamantra
|
|
2013-03-18
|
|
Joomla! Component com_rsfiles - 'cid' SQL Injection
|
20 |
WEB
|
ByEge
|
|
2013-03-18
|
|
WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities
|
21 |
WEB
|
m3tamantra
|
|
2013-03-18
|
|
DaloRadius - Multiple Vulnerabilities
|
18 |
WEB
|
Saadi Siddiqui
|
|
2004-12-15
|
|
phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections
|
24 |
WEB
|
GulfTech Security
|
|
2004-12-15
|
|
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection
|
19 |
WEB
|
GulfTech Security
|
|
2004-12-15
|
|
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
|
21 |
WEB
|
GulfTech Security
|
|
2004-12-15
|
|
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
19 |
WEB
|
GulfTech Security
|
|
2004-12-15
|
|
IWebNegar - Multiple SQL Injections
|
19 |
WEB
|
Shervin Khaleghjou
|
|
2004-12-14
|
|
ASP-Rider - SQL Injection
|
22 |
WEB
|
Shervin Khaleghjou
|
|
2004-12-14
|
|
Active Server Corner ASP Calendar 1.0 - Administrative Access
|
17 |
WEB
|
ali reza AcTiOnSpIdEr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Timeline.php' SQL Injection
|
17 |
WEB
|
JeiAr
|
|
2004-12-14
|
|
UseModWiki 1.0 - Wiki.pl Cross-Site Scripting
|
19 |
WEB
|
Jeremy Bae
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Placelist.php' SQL Injection
|
21 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting
|
21 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting
|
21 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
|
20 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting
|
19 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'login.php?URL' Cross-Site Scripting
|
20 |
WEB
|
JeiAr
|
|
2004-12-13
|
|
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scripting
|
20 |
WEB
|
dw. & ms.
|
|
2004-12-13
|
|
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scripting
|
18 |
WEB
|
dw. & ms.
|
|
2004-12-13
|
|
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting
|
19 |
WEB
|
dw. & ms.
|
|
2004-12-13
|
|
UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php?Cat' Cross-Site Scripting
|
22 |
WEB
|
dw. & ms.
|
|
2004-12-13
|
|
sugarsales 1.x/2.0 - Multiple Vulnerabilities
|
21 |
WEB
|
Daniel Fabian
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Gdbi_interface.php' Cross-Site Scripting
|
18 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Gedrecord.php' Cross-Site Scripting
|
21 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting
|
21 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Source.php' Cross-Site Scripting
|
18 |
WEB
|
JeiAr
|
|
2004-12-13
|
|
phpMyAdmin 2.x - External Transformations Remote Command Execution
|
19 |
WEB
|
Nicolas Gregoire
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting
|
19 |
WEB
|
JeiAr
|
|
2004-01-12
|
|
PHPGedView 2.5/2.6 - 'index.php' Cross-Site Scripting
|
21 |
WEB
|
JeiAr
|
