|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
|
9 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
|
8 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
|
9 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
CGIScript.net CSFAQ 1.0 Script - Full Path Disclosure
|
9 |
WEB
|
DarkBicho
|
|
2004-06-28
|
|
McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script - Cross-Site Scripting
|
8 |
WEB
|
Dr.Ponidi Haryanto
|
|
2004-06-24
|
|
ZaireWeb Solutions NewsLetter ZWS - Administrative Interface Authentication Bypass
|
8 |
WEB
|
GaMeS
|
|
2004-06-24
|
|
vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting
|
8 |
WEB
|
Cheng Peng Su
|
|
2004-06-23
|
|
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - Multiple Vulnerabilities
|
8 |
WEB
|
Janek Vind
|
|
2004-06-22
|
|
ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting
|
9 |
WEB
|
Josh Gilmour
|
|
2013-01-19
|
|
WordPress Plugin Ripe HD FLV Player - SQL Injection
|
8 |
WEB
|
Zikou-16
|
|
2013-01-19
|
|
Joomla! Component com_collector - Arbitrary File Upload
|
9 |
WEB
|
Red Dragon_al
|
|
2004-06-21
|
|
SqWebMail 4.0.4.20040524 - Email Header HTML Injection
|
8 |
WEB
|
Luca Legato
|
|
2004-06-21
|
|
osTicket STS 1.2 - Attachment Remote Command Execution
|
9 |
WEB
|
Guy Pearce
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'admin.php3' Arbitrary File Access
|
8 |
WEB
|
HEX
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'edituser.php3?do_not_login' Authentication Bypass
|
8 |
WEB
|
HEX
|
|
2004-06-15
|
|
phpHeaven phpMyChat 0.14.5 - 'usersL.php3' Multiple SQL Injections
|
8 |
WEB
|
HEX
|
|
2004-06-15
|
|
Web Wiz Forums 7.x - 'Registration_Rules.asp' Cross-Site Scripting
|
8 |
WEB
|
Ferruh Mavituna
|
|
2004-06-15
|
|
Pivot 1.0 - 'module_db.php' Remote File Inclusion
|
9 |
WEB
|
loofus
|
|
2013-01-18
|
|
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution
|
9 |
WEB
|
Nikolas Sotiriu
|
|
2013-01-18
|
|
SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass
|
8 |
WEB
|
Nikolas Sotiriu
|
|
2013-01-18
|
|
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
|
10 |
WEB
|
m-1-k-3
|
|
2013-01-18
|
|
PHP-Charts - Arbitrary PHP Code Execution
|
8 |
WEB
|
AkaStep
|
|
2004-06-14
|
|
Invision Power Board (IP.Board) 1.3 - 'SSI.php' Cross-Site Scripting
|
8 |
WEB
|
IMAN Sharafoddin
|
|
2004-06-14
|
|
Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting
|
9 |
WEB
|
Thomas Ryan
|
|
2004-06-14
|
|
Linksys Web Camera Software 2.10 - 'Next_file' Cross-Site Scripting
|
9 |
WEB
|
scriptX
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities
|
9 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Reviews Module - 'order' SQL Injection
|
7 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Janek Vind
|
|
2004-06-11
|
|
PHP-Nuke 6.x/7.x FAQ Module - 'categories' Cross-Site Scripting
|
7 |
WEB
|
Janek Vind
|
|
2004-06-10
|
|
BlackBoard Learning System 6.0 - Dropbox File Download
|
8 |
WEB
|
Maarten Verbeek
|
|
2004-06-11
|
|
Invision Power Board 1.3 - 'SSI.php' SQL Injection
|
8 |
WEB
|
JvdR
|
|
2004-06-09
|
|
AspDotNetStorefront 3.3 - 'ReturnURL' Cross-Site Scripting
|
9 |
WEB
|
Thomas Ryan
|
|
2004-06-09
|
|
AspDotNetStorefront 3.3 - Access Validation
|
8 |
WEB
|
Thomas Ryan
|
|
2004-06-09
|
|
cPanel 5-9 - Passwd SQL Injection
|
8 |
WEB
|
verb0s@virtualnova.net
|
|
2013-01-17
|
|
Invision Gallery 2.0.5 - SQL Injection
|
8 |
WEB
|
Ashiyane Digital Security Team
|
|
2004-06-07
|
|
NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Login Form Cross-Site Scripting
|
8 |
WEB
|
Donnie Werner
|
|
2004-06-07
|
|
NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure
|
9 |
WEB
|
Donnie Werner
|
|
2004-06-07
|
|
Linksys Web Camera Software 2.10 - 'Next_file' File Disclosure
|
8 |
WEB
|
John Doe
|
|
2004-06-05
|
|
cPanel 5-9 - Killacct Script Customer Account DNS Information Deletion
|
9 |
WEB
|
qbann targ
|
|
2004-06-04
|
|
Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities
|
9 |
WEB
|
HNK Technology Solutions
|
|
2004-06-03
|
|
Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion
|
8 |
WEB
|
The Warlock [BhQ]
|
|
2004-06-03
|
|
SquirrelMail 1.2.x - From Email Header HTML Injection
|
8 |
WEB
|
anonymous
|
|
2004-06-01
|
|
PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
|
9 |
WEB
|
Squid
|
|
2004-06-01
|
|
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure
|
8 |
WEB
|
Ziv Kamir
|
|
2013-01-16
|
|
Oracle Application Framework - Diagnostic Mode Bypass
|
8 |
WEB
|
Trustwave's SpiderLabs
|
|
2013-01-16
|
|
Cydia Repo Manager - Cross-Site Request Forgery
|
8 |
WEB
|
Ramdan Yantu
|
|
2004-05-29
|
|
e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
|
9 |
WEB
|
Janek Vind
|
|
2004-05-29
|
|
e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting
|
9 |
WEB
|
Janek Vind
|
|
2004-05-29
|
|
Land Down Under - BBCode HTML Injection
|
8 |
WEB
|
Tim De Gier
|
|
2004-05-28
|
|
jPORTAL 2.2.1 - 'print.php' SQL Injection
|
8 |
WEB
|
Maciek Wierciski
|
|
2004-05-22
|
|
Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Sandeep Giri
|
|
2004-05-21
|
|
e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
|
9 |
WEB
|
Chinchilla
|
|
2013-01-15
|
|
CMS snews - SQL Injection
|
8 |
WEB
|
By onestree
|
|
2004-05-18
|
|
dsm light Web file browser 2.0 - Directory Traversal
|
9 |
WEB
|
Humberto
|
|
2004-05-17
|
|
PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
|
8 |
WEB
|
waraxe
|
|
2004-05-17
|
|
osCommerce 2.x - File Manager Directory Traversal
|
8 |
WEB
|
Rene
|
|
2004-05-17
|
|
vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
|
9 |
WEB
|
p0rk
|
|
2004-05-17
|
|
TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
9 |
WEB
|
Kaloyan Olegov Georgiev
|
|
2013-01-14
|
|
phpShop 2.0 - SQL Injection
|
9 |
WEB
|
By onestree
|
|
2004-05-10
|
|
Tutorials Manager 1.0 - Multiple SQL Injections
|
8 |
WEB
|
Hillel Himovich
|
|
2004-05-08
|
|
Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection
|
9 |
WEB
|
Janek Vind
|
|
2004-05-08
|
|
Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Janek Vind
|
|
2004-05-05
|
|
SurgeLDAP 1.0 - Web Administration Authentication Bypass
|
8 |
WEB
|
GSS IT
|
|
2004-05-05
|
|
PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
|
10 |
WEB
|
JeiAr
|
|
2004-05-05
|
|
PHPX 3.x - '/images.php' Cross-Site Request Forgery / Arbitrary Command Execution
|
8 |
WEB
|
JeiAr
|
|
2004-05-05
|
|
PHPX 3.x - '/user.php' Cross-Site Request Forgery / Arbitrary Command Execution
|
6 |
WEB
|
JeiAr
|
|
2004-05-05
|
|
PHPX 3.x - '/news.php' Cross-Site Request Forgery / Arbitrary Command Execution
|
7 |
WEB
|
JeiAr
|
|
2004-05-05
|
|
PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution
|
7 |
WEB
|
JeiAr
|
|
2013-01-13
|
|
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
|
7 |
WEB
|
LiquidWorm
|
|
2013-01-13
|
|
phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
|
7 |
WEB
|
LiquidWorm
|
|
2004-05-05
|
|
PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
JeiAr
|
|
2004-05-05
|
|
Simple Machines Forum (SMF) 1.0 - Size Tag HTML Injection
|
7 |
WEB
|
Cheng Peng Su
|
|
2004-05-05
|
|
E-Zone Media FuzeTalk 2.0 - 'AddUser.cfm' Administrator Command Execution
|
8 |
WEB
|
Stuart Jamieson
|
|
2004-04-30
|
|
Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
|
7 |
WEB
|
Janek Vind
|
|
2004-04-30
|
|
Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
|
7 |
WEB
|
Janek Vind
|
|
2004-04-30
|
|
Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
|
7 |
WEB
|
Janek Vind
|
|
2004-04-30
|
|
Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
|
7 |
WEB
|
Janek Vind
|
|
2004-04-30
|
|
Moodle 1.1/1.2 - Cross-Site Scripting
|
7 |
WEB
|
Bartek Nowotarski
|
|
2004-04-30
|
|
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
|
7 |
WEB
|
Alvin Alex
|
|
2004-04-26
|
|
OpenBB 1.0.x - Private Message Disclosure
|
7 |
WEB
|
Manuel Lopez
|
|
2004-04-26
|
|
PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection
|
7 |
WEB
|
k1LL3r B0y
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'post.php' Multiple SQL Injections
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'search.php?q' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'member.php' Multiple SQL Injections
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'board.php?FID' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'index.php?redirect' Cross-Site Scripting
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting
|
7 |
WEB
|
JeiAr
|
|
2004-04-26
|
|
OpenBB 1.0.x - 'member.php?redirect' Cross-Site Scripting
|
7 |
WEB
|
JeiAr
|
|
2004-04-23
|
|
Advanced Guestbook 2.2 - 'Password' SQL Injection
|
7 |
WEB
|
JQ
|
|
2004-04-23
|
|
PW New Media Network Modular Site Management System 0.2.1 - 'Ver.asp' Information Disclosure
|
7 |
WEB
|
CyberTalon
|
|
2004-04-23
|
|
Protector System 1.15 - 'blocker_query.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
waraxe
|
|
2004-04-23
|
|
Protector System 1.15 b1 - 'index.php' SQL Injection
|
7 |
WEB
|
waraxe
|
|
2004-04-23
|
|
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting
|
7 |
WEB
|
DarkBicho
|
|
2013-01-11
|
|
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
|
7 |
WEB
|
L@usch
|
|
2004-04-22
|
|
NewsTraXor Website Management Script 2.9 Beta - Database Disclosure
|
7 |
WEB
|
CyberTal0n
|
|
2004-04-21
|
|
PostNuke Phoenix 0.726 - 'openwindow.php?hlpfile' Cross-Site Scripting
|
7 |
WEB
|
Janek Vind
|
|
2004-04-23
|
|
PHProfession 2.5 - 'modules.php?jcode' Cross-Site Scripting
|
7 |
WEB
|
Janek Vind
|
|
2004-04-23
|
|
PHProfession 2.5 - 'upload.php' Direct Request Full Path Disclosure
|
9 |
WEB
|
Janek Vind
|
|
2004-04-23
|
|
PHProfession 2.5 - 'modules.php?offset' SQL Injection
|
7 |
WEB
|
Janek Vind
|
|
2004-04-19
|
|
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion
|
7 |
WEB
|
Officerrr
|
|
2004-04-19
|
|
Phorum 3.4.x - Phorum_URIAuth SQL Injection
|
7 |
WEB
|
Janek Vind
|
|
2004-04-15
|
|
Gemitel 3.50 - '/affich.php' Remote File Inclusion / Command Injection
|
7 |
WEB
|
jaguar
|
|
2004-04-15
|
|
SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
|
7 |
WEB
|
spiffomatic 64
|
|
2004-04-15
|
|
phpBugTracker 0.9 - 'user.php?bugid' Cross-Site Scripting
|
7 |
WEB
|
JeiAr
|
|
2004-04-15
|
|
phpBugTracker 0.9 - 'query.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
JeiAr
|
|
2004-04-15
|
|
phpBugTracker 0.9 - 'bug.php' Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
JeiAr
|
|
2004-04-15
|
|
phpBugTracker 0.9 - 'bug.php' Multiple SQL Injections
|
7 |
WEB
|
JeiAr
|
|
2004-04-15
|
|
phpBugTracker 0.9 - 'query.php' Multiple SQL Injections
|
7 |
WEB
|
JeiAr
|
|
2004-04-14
|
|
Rhino Software Zaep AntiSpam 2.0 - Cross-Site Scripting
|
7 |
WEB
|
Noam Rathaus
|
|
2004-04-13
|
|
PHP-Nuke 6.x/7.x - Multiple SQL Injections
|
7 |
WEB
|
waraxe
|
|
2013-01-09
|
|
WeBid 1.0.6 - SQL Injection
|
8 |
WEB
|
Life Wasted
|
|
2013-01-09
|
|
Watson Management Console 4.11.2.G - Directory Traversal
|
9 |
WEB
|
Dhruv Shah
|
|
2013-01-09
|
|
Free Blog 1.0 - Multiple Vulnerabilities
|
6 |
WEB
|
cr4wl3r
|
|
2013-01-09
|
|
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
|
6 |
WEB
|
Stefan Schurtz
|
|
2004-04-13
|
|
Tutos 1.1.20031017 - 'note_overview.php?id' SQL Injection
|
7 |
WEB
|
François SORIN
|
|
2004-04-13
|
|
PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting
|
7 |
WEB
|
waraxe
|
|
2004-04-12
|
|
Nuked-klaN 1.x - Multiple Vulnerabilities
|
7 |
WEB
|
frog
|
|
2004-04-12
|
|
BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
DarC KonQuest
|
|
2004-04-12
|
|
TikiWiki Project 1.8 - 'tiki-list_blogs.php?offset' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-12
|
|
TikiWiki Project 1.8 - 'tiki-list_trackers.php?offset' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-12
|
|
TikiWiki Project 1.8 - 'tiki-list_faqs.php?offset' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-12
|
|
TikiWiki Project 1.8 - 'tiki-usermenu.php?offset' SQL Injection
|
7 |
WEB
|
JeiAr
|
|
2004-04-12
|
|
TikiWiki Project 1.8 - 'tiki-list_blogs.php?sort_mode' SQL Injection
|
5 |
WEB
|
JeiAr
|
