|
2013-01-28
|
|
Microsoft Internet Explorer 8/9 - Steal Any Cookie
|
3 |
WEB
|
Christian Haider
|
|
2004-09-01
|
|
phpWebSite 0.7.3/0.8.x/0.9.x Comment Module - 'CM_pid' Cross-Site Scripting
|
4 |
WEB
|
GulfTech Security
|
|
2004-09-01
|
|
Newtelligence DasBlog 1.x - Request Log HTML Injection
|
4 |
WEB
|
Dominick Baier
|
|
2004-09-01
|
|
Comersus Cart 5.0 - HTTP Response Splitting
|
4 |
WEB
|
Maestro De-Seguridad
|
|
2004-08-31
|
|
Web Animations Password Protect - Multiple Input Validation Vulnerabilities
|
4 |
WEB
|
Criolabs
|
|
2004-08-28
|
|
Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
CyruxNET
|
|
2004-08-24
|
|
PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Nikyt0x Argentina
|
|
2004-08-24
|
|
Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal
|
5 |
WEB
|
Jerome Athias
|
|
2004-08-24
|
|
SWsoft Plesk Reloaded 7.1 - 'Login_name' Cross-Site Scripting
|
4 |
WEB
|
sourvivor
|
|
2004-08-23
|
|
eGroupWare 1.0 Calendar Module - 'date' Cross-Site Scripting
|
3 |
WEB
|
Joxean Koret
|
|
2004-08-23
|
|
Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass
|
4 |
WEB
|
bashis
|
|
2004-08-23
|
|
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal
|
4 |
WEB
|
bashis
|
|
2004-08-23
|
|
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
|
4 |
WEB
|
bashis
|
|
2004-08-23
|
|
PhotoADay - 'Pad_selected' Cross-Site Scripting
|
4 |
WEB
|
King Of Love
|
|
2004-08-23
|
|
Compulsive Media CNU5 - 'News.mdb' Database Disclosure
|
5 |
WEB
|
Security .Net Information
|
|
2004-08-21
|
|
MyDms 1.4 - SQL Injection / Directory Traversal
|
4 |
WEB
|
Jose Antonio
|
|
2004-08-21
|
|
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
|
4 |
WEB
|
Jose Antonio
|
|
2004-08-21
|
|
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Jose Antonio
|
|
2004-08-21
|
|
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
|
3 |
WEB
|
Jose Antonio
|
|
2004-08-21
|
|
Sympa 4.x - New List HTML Injection
|
4 |
WEB
|
Jose Antonio
|
|
2004-07-19
|
|
Zixforum - ZixForum.mdb Database Disclosure
|
4 |
WEB
|
Security .Net Information
|
|
2004-07-18
|
|
PHP-Fusion Database Backup - Information Disclosure
|
4 |
WEB
|
Ahmad Muammar
|
|
2004-07-17
|
|
Gallery 1.4.4 - Remote Server-Side Script Execution
|
4 |
WEB
|
aCiDBiTS
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - 'calendar.html?schedule' SQL Injection
|
4 |
WEB
|
Criolabs
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - address.html Full Path Disclosure
|
4 |
WEB
|
Criolabs
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - HTML Message Body Cross-Site Scripting
|
4 |
WEB
|
Criolabs
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - 'attachment.html?attachmentpage_text_error' Cross-Site Scripting
|
4 |
WEB
|
Criolabs
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Criolabs
|
|
2004-07-17
|
|
Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Criolabs
|
|
2004-07-16
|
|
RaXnet Cacti 0.6.x/0.8.x - 'Auth_Login.php' SQL Injection
|
4 |
WEB
|
Fernando Quintero
|
|
2004-07-16
|
|
PScript PForum 1.24/1.25 - User Profile HTML Injection
|
4 |
WEB
|
Christoph Jeschke
|
|
2004-07-16
|
|
CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting
|
4 |
WEB
|
Debasis Mohanty
|
|
2004-07-15
|
|
MapInfo Discovery 1.0/1.1 - Administrative Authentication Bypass
|
4 |
WEB
|
anonymous
|
|
2004-07-15
|
|
MapInfo Discovery 1.0/1.1 - Cleartext Transmission Credential Disclosure
|
4 |
WEB
|
anonymous
|
|
2004-07-15
|
|
MapInfo Discovery 1.0/1.1 - 'MapFrame.asp?mapname' Cross-Site Scripting
|
4 |
WEB
|
anonymous
|
|
2004-07-15
|
|
MapInfo Discovery 1.0/1.1 - Remote Log File Access Information Disclosure
|
4 |
WEB
|
anonymous
|
|
2004-08-11
|
|
IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities
|
4 |
WEB
|
ShineShadow
|
|
2013-01-25
|
|
ImageCMS 4.0.0b - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2013-01-25
|
|
WordPress Plugin SolveMedia 1.1.0 - Cross-Site Request Forgery
|
4 |
WEB
|
Junaid Hussain
|
|
2004-07-07
|
|
YaPiG 0.92 - Remote Server-Side Script Execution
|
4 |
WEB
|
aCiDBiTS
|
|
2004-08-07
|
|
PluggedOut Blog 1.51/1.60 - 'Blog_Exec.php' Cross-Site Scripting
|
3 |
WEB
|
befcake beefy
|
|
2004-08-16
|
|
Moodle 1.x - 'post.php' Cross-Site Scripting
|
3 |
WEB
|
Javier Ubilla
|
|
2004-08-04
|
|
PHP-Nuke 0-7 - Delete God Admin Access Control Bypass
|
4 |
WEB
|
Ahmad Muammar
|
|
2004-08-04
|
|
eNdonesia 8.3 - Search Form Cross-Site Scripting
|
4 |
WEB
|
Ahmad Muammar
|
|
2004-08-04
|
|
Pete Stein GoScript 2.0 - Remote Command Execution
|
5 |
WEB
|
Francisco Alisson
|
|
2004-07-30
|
|
Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution
|
3 |
WEB
|
Joseph Moniz
|
|
2004-07-30
|
|
PowerPortal 1.1/1.3 - Private Message HTML Injection
|
4 |
WEB
|
vampz
|
|
2004-07-29
|
|
Jaws 0.2/0.3/0.4 - 'ControlPanel.php' SQL Injection
|
4 |
WEB
|
Fernando Quintero
|
|
2004-07-29
|
|
Verylost LostBook 1.1 - Message Entry HTML Injection
|
4 |
WEB
|
Joseph Moniz
|
|
2004-07-29
|
|
Comersus Cart 5.0 - SQL Injection
|
4 |
WEB
|
evol@ruiner.halo.nu
|
|
2004-07-28
|
|
Phorum 5.0.7 - Search Script Cross-Site Scripting
|
5 |
WEB
|
vampz
|
|
2004-07-28
|
|
AntiBoard 0.6/0.7 - 'antiboard.php?feedback' Cross-Site Scripting
|
4 |
WEB
|
Josh Gilmour
|
|
2004-07-28
|
|
AntiBoard 0.6/0.7 - 'antiboard.php' Multiple SQL Injections
|
4 |
WEB
|
Josh Gilmour
|
|
2004-07-26
|
|
PostNuke 0.72/0.75 Reviews Module - Cross-Site Scripting
|
4 |
WEB
|
DarkBicho
|
|
2013-01-24
|
|
SQLiteManager 1.2.4 - Remote PHP Code Injection
|
4 |
WEB
|
RealGame
|
|
2004-07-26
|
|
XLineSoft ASPRunner 1.0/2.x - Database Direct Request Information Disclosure
|
4 |
WEB
|
Ferruh Mavituna
|
|
2004-07-26
|
|
XLineSoft ASPRunner 1.0/2.x - 'export.asp?SQL' Cross-Site Scripting
|
4 |
WEB
|
Ferruh Mavituna
|
|
2004-07-26
|
|
XLineSoft ASPRunner 1.0/2.x - '[TABLE]_list.asp?searchFor' Cross-Site Scripting
|
4 |
WEB
|
Ferruh Mavituna
|
|
2004-07-26
|
|
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_edit.asp?SQL' Cross-Site Scripting
|
4 |
WEB
|
Ferruh Mavituna
|
|
2004-07-26
|
|
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_search.asp?Typeen' Cross-Site Scripting
|
4 |
WEB
|
Ferruh Mavituna
|
|
2004-07-24
|
|
EasyIns Stadtportal 4.0 - 'Site' Remote File Inclusion
|
4 |
WEB
|
Francisco Alisson
|
|
2004-07-24
|
|
PostNuke 0.7x - Install Script Administrator Password Disclosure
|
5 |
WEB
|
hellsink
|
|
2004-07-23
|
|
EasyWeb 1.0 FileManager Module - Directory Traversal
|
4 |
WEB
|
sullo@cirt.net
|
|
2004-07-21
|
|
Layton Technology HelpBox 3.0.1 - Multiple SQL Injections
|
4 |
WEB
|
Noam Rathaus
|
|
2004-07-21
|
|
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
|
4 |
WEB
|
Noam Rathaus
|
|
2004-07-21
|
|
Mensajeitor Tag Board 1.x - Authentication Bypass
|
4 |
WEB
|
Jordi Corrales
|
|
2004-07-21
|
|
Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection
|
4 |
WEB
|
Noam Rathaus
|
|
2004-07-21
|
|
NetSupport DNA HelpDesk 1.0 Problist Script - SQL Injection
|
4 |
WEB
|
Noam Rathaus
|
|
2004-07-21
|
|
Internet Software Sciences Web+Center 4.0.1 - Cookie Object SQL Injection
|
4 |
WEB
|
Noam Rathaus
|
|
2004-07-20
|
|
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion
|
4 |
WEB
|
Radek Hulan
|
|
2013-01-22
|
|
Adult WebMaster Script - Password Disclosure
|
4 |
WEB
|
Dshellnoi Unix
|
|
2013-01-22
|
|
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
|
4 |
WEB
|
Junaid Hussain
|
|
2004-07-19
|
|
Adam Ismay Print Topic Mod 1.0 - SQL Injection
|
4 |
WEB
|
Bartek Nowotarski
|
|
2004-07-19
|
|
Outblaze Webmail - HTML Injection
|
4 |
WEB
|
DarkBicho
|
|
2004-07-19
|
|
CuteNews 1.3 - Comment HTML Injection
|
4 |
WEB
|
DarkBicho
|
|
2004-07-19
|
|
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion
|
3 |
WEB
|
Adam Simuntis
|
|
2004-07-15
|
|
BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting
|
4 |
WEB
|
Alexander Antipov
|
|
2004-07-15
|
|
Gattaca Server 2003 - Cross-Site Scripting
|
4 |
WEB
|
dr_insane
|
|
2004-07-15
|
|
Gattaca Server 2003 - 'Language' Path Exposure
|
4 |
WEB
|
dr_insane
|
|
2004-07-15
|
|
Gattaca Server 2003 - Null Byte Full Path Disclosure
|
4 |
WEB
|
dr_insane
|
|
2004-07-13
|
|
Moodle Help Script 1.x - Cross-Site Scripting
|
4 |
WEB
|
morpheus[bd]
|
|
2004-07-12
|
|
phpBB 2.0.x - 'viewtopic.php' PHP Script Injection
|
4 |
WEB
|
sasan hezarkhani
|
|
2013-01-21
|
|
NConf 1.3 - Arbitrary File Creation
|
4 |
WEB
|
haidao
|
|
2013-01-21
|
|
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
|
4 |
WEB
|
haidao
|
|
2004-07-07
|
|
Comersus Open Technologies Comersus 5.0 - 'comersus_message.asp' Cross-Site Scripting
|
4 |
WEB
|
Thomas Ryan
|
|
2004-07-07
|
|
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
|
5 |
WEB
|
Thomas Ryan
|
|
2004-07-06
|
|
Jaws 0.2/0.3 - 'action' Cross-Site Scripting
|
5 |
WEB
|
Fernando Quintero
|
|
2004-07-06
|
|
Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass
|
4 |
WEB
|
Fernando Quintero
|
|
2004-07-06
|
|
Jaws 0.2/0.3 - 'gadget' Traversal Arbitrary File Access
|
4 |
WEB
|
Fernando Quintero
|
|
2004-07-05
|
|
BasiliX Webmail 1.1 - Email Header HTML Injection
|
3 |
WEB
|
Roman Medina-Heigl Hernandez
|
|
2004-07-05
|
|
Fastream NETFile FTP/Web Server 6.5/6.7 - Directory Traversal
|
4 |
WEB
|
Andres Tarasco Acuna
|
|
2004-07-05
|
|
Symantec Brightmail Anti-Spam 6.0 - Unauthorized Message Disclosure
|
4 |
WEB
|
Thomas Springer
|
|
2004-07-01
|
|
Netegrity IdentityMinder Web Edition 5.6 - Management Interface Cross-Site Scripting
|
3 |
WEB
|
vuln@hexview.com
|
|
2004-07-01
|
|
Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting
|
3 |
WEB
|
vuln@hexview.com
|
|
2004-06-28
|
|
PowerPortal 1.1/1.3 - 'modules.php' Traversal Arbitrary Directory Listing
|
4 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
|
4 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
|
4 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
|
4 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CGIScript.net CSFAQ 1.0 Script - Full Path Disclosure
|
4 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script - Cross-Site Scripting
|
4 |
WEB
|
Dr.Ponidi Haryanto
|
|
2004-06-24
|
|
ZaireWeb Solutions NewsLetter ZWS - Administrative Interface Authentication Bypass
|
4 |
WEB
|
GaMeS
|
|
2004-06-24
|
|
vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting
|
4 |
WEB
|
Cheng Peng Su
|
|
2004-06-23
|
|
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - Multiple Vulnerabilities
|
4 |
WEB
|
Janek Vind
|
|
2004-06-22
|
|
ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting
|
4 |
WEB
|
Josh Gilmour
|
|
2013-01-19
|
|
WordPress Plugin Ripe HD FLV Player - SQL Injection
|
4 |
WEB
|
Zikou-16
|
|
2013-01-19
|
|
Joomla! Component com_collector - Arbitrary File Upload
|
4 |
WEB
|
Red Dragon_al
|
|
2004-06-21
|
|
SqWebMail 4.0.4.20040524 - Email Header HTML Injection
|
4 |
WEB
|
Luca Legato
|
|
2004-06-21
|
|
osTicket STS 1.2 - Attachment Remote Command Execution
|
4 |
WEB
|
Guy Pearce
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'admin.php3' Arbitrary File Access
|
4 |
WEB
|
HEX
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'edituser.php3?do_not_login' Authentication Bypass
|
4 |
WEB
|
HEX
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'usersL.php3' Multiple SQL Injections
|
4 |
WEB
|
HEX
|
|
2004-06-15
|
|
Web Wiz Forums 7.x - 'Registration_Rules.asp' Cross-Site Scripting
|
3 |
WEB
|
Ferruh Mavituna
|
|
2004-06-15
|
|
Pivot 1.0 - 'module_db.php' Remote File Inclusion
|
4 |
WEB
|
loofus
|
|
2013-01-18
|
|
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution
|
4 |
WEB
|
Nikolas Sotiriu
|
|
2013-01-18
|
|
SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass
|
4 |
WEB
|
Nikolas Sotiriu
|
|
2013-01-18
|
|
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
|
5 |
WEB
|
m-1-k-3
|
|
2013-01-18
|
|
PHP-Charts - Arbitrary PHP Code Execution
|
3 |
WEB
|
AkaStep
|
|
2004-06-14
|
|
Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting
|
4 |
WEB
|
IMAN Sharafoddin
|
|
2004-06-14
|
|
Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting
|
4 |
WEB
|
Thomas Ryan
|
|
2004-06-14
|
|
Linksys Web Camera Software 2.10 - 'Next_file' Cross-Site Scripting
|
4 |
WEB
|
scriptX
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities
|
4 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Reviews Module - 'order' SQL Injection
|
4 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x FAQ Module - 'categories' Cross-Site Scripting
|
4 |
WEB
|
Janek Vind
|
