|
2012-11-30
|
|
SmartCMS - '/index.php?menuitem' SQL Injection / Cross-Site Scripting
|
10 |
WEB
|
Yakir Wizman
|
|
2012-11-30
|
|
Free Hosting Manager 2.0 - 'id' SQL Injection
|
9 |
WEB
|
Yakir Wizman
|
|
2003-08-13
|
|
HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion
|
8 |
WEB
|
Virginity Security
|
|
2003-08-13
|
|
Xoops 1.0/1.3.x - BBCode HTML Injection
|
10 |
WEB
|
frog
|
|
2003-08-13
|
|
SurgeLDAP 1.0 d - 'User.cgi' Cross-Site Scripting
|
10 |
WEB
|
Ziv Kamir
|
|
2003-08-12
|
|
Eudora WorldMail 2.0 - Search Cross-Site Scripting
|
12 |
WEB
|
Donnie Werner
|
|
2003-08-12
|
|
HostAdmin - Full Path Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-11
|
|
PHPOutsourcing Zorum 3.4 - Full Path Disclosure
|
9 |
WEB
|
Zone-h Security Team
|
|
2003-08-11
|
|
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module - 'PDA_limit' Cross-Site Scripting
|
10 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-11
|
|
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - 'PAGE_id' Cross-Site Scripting
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-11
|
|
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module - 'fatcat_id' Cross-Site Scripting
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-11
|
|
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - 'day' Cross-Site Scripting
|
8 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-11
|
|
PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - SQL Injection
|
7 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-11
|
|
News Wizard 2.0 - Full Path Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-11
|
|
PHPOutSourcing Zorum 3.x - Cross-Site Scripting
|
9 |
WEB
|
G00db0y
|
|
2003-08-11
|
|
Better Basket Pro 3.0 Store Builder - Full Path Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-11
|
|
Stellar Docs 1.2 - Full Path Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-11
|
|
DCForum+ 1.2 - 'Subject' HTML Injection
|
9 |
WEB
|
G00db0y
|
|
2012-11-29
|
|
FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass
|
8 |
WEB
|
Soroush Dalili
|
|
2012-11-29
|
|
Oracle OpenSSO 8.0 - Multiple Cross-Site Scripting POST Injection Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2003-08-09
|
|
Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting
|
8 |
WEB
|
Boy Bear
|
|
2003-08-09
|
|
geeeekShop 1.4 - Information Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-08
|
|
PostNuke 0.6/0.7 web_links Module - TTitle Cross-Site Scripting
|
8 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-08
|
|
PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting
|
10 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-08-08
|
|
C-Cart 1.0 - Full Path Disclosure
|
9 |
WEB
|
G00db0y
|
|
2003-08-07
|
|
IdealBB 1.4.9 - 'error.asp' Cross-Site Scripting
|
8 |
WEB
|
G00db0y
|
|
2003-08-06
|
|
vBulletin 3.0 - 'register.php' HTML Injection
|
8 |
WEB
|
Ferruh Mavituna
|
|
2003-08-04
|
|
Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-07-31
|
|
MOD Guthabenhack 1.3 For Woltlab Burning Board - SQL Injection
|
8 |
WEB
|
ben.moeckel@badwebmasters.net
|
|
2012-11-28
|
|
gleamtech filevista/fileultimate 4.6 - Directory Traversal
|
8 |
WEB
|
Soroush Dalili
|
|
2003-07-28
|
|
Softshoe - Parse-file Cross-Site Scripting
|
9 |
WEB
|
Bahaa Naamneh
|
|
2003-07-27
|
|
Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting
|
9 |
WEB
|
Larry Nguyen
|
|
2003-07-28
|
|
PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection
|
8 |
WEB
|
Quan Van Truong
|
|
2003-07-25
|
|
e107 Website System 0.554 - HTML Injection
|
8 |
WEB
|
Pete Foster
|
|
2003-07-24
|
|
e107 Website System 0.555 - 'db.php' Information Disclosure
|
8 |
WEB
|
Artoor Petrovich
|
|
2003-07-24
|
|
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload / Execution
|
8 |
WEB
|
Martin Eiszner
|
|
2003-07-24
|
|
PHP-Gastebuch 1.60 - Information Disclosure
|
8 |
WEB
|
Jim Pangalos
|
|
2003-07-21
|
|
MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion
|
9 |
WEB
|
phil dunn
|
|
2003-07-21
|
|
WebCalendar 0.9.x - Local File Inclusion Information Disclosure
|
9 |
WEB
|
noconflic
|
|
2003-07-21
|
|
atomicboard 0.6.2 - Directory Traversal
|
9 |
WEB
|
gr00vy
|
|
2003-07-21
|
|
Drupal 4.1/4.2 - Cross-Site Scripting
|
9 |
WEB
|
Ferruh Mavituna
|
|
2012-11-26
|
|
PRADO PHP Framework 3.2.0 - Arbitrary File Read
|
8 |
WEB
|
LiquidWorm
|
|
2012-11-26
|
|
SmartCMS - 'index.php?idx' SQL Injection
|
8 |
WEB
|
NoGe
|
|
2012-11-26
|
|
BuyClassifiedScript - PHP Code Injection
|
9 |
WEB
|
d3b4g
|
|
2003-07-18
|
|
SimpNews 2.0.1/2.13 - 'path_simpnews' Remote File Inclusion
|
10 |
WEB
|
PUPET
|
|
2003-07-17
|
|
eStore 1.0.1/1.0.2 - 'Settings.inc.php' Full Path Disclosure
|
9 |
WEB
|
Bosen
|
|
2003-07-16
|
|
Ultimate Bulletin Board 6.0/6.2 - UBBER Cookie HTML Injection
|
9 |
WEB
|
anti_acid
|
|
2003-07-16
|
|
.netCART Settings.XML - Information Disclosure
|
8 |
WEB
|
G00db0y
|
|
2003-07-15
|
|
Splatt Forum 3/4 - Post Icon HTML Injection
|
11 |
WEB
|
Lethalman
|
|
2012-11-25
|
|
ES CmS 0.1 - SQL Injection
|
8 |
WEB
|
hossein beizaee
|
|
2012-11-25
|
|
jBilling 3.0.2 - Cross-Site Scripting
|
8 |
WEB
|
Woody Hughes
|
|
2003-07-14
|
|
BlazeBoard 1.0 - Information Disclosure
|
8 |
WEB
|
JackDaniels
|
|
2003-07-13
|
|
HTMLToNuke - Cross-Site Scripting
|
8 |
WEB
|
JOCANOR
|
|
2003-07-13
|
|
ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions
|
8 |
WEB
|
G00db0y
|
|
2003-07-10
|
|
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)
|
9 |
WEB
|
Bosen & TioEuy
|
|
2003-07-10
|
|
Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)
|
8 |
WEB
|
TioEuy & AresU
|
|
2003-07-10
|
|
PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion
|
7 |
WEB
|
theblacksheep
|
|
2003-07-09
|
|
ChangshinSoft EZTrans Server - 'download.php' Directory Traversal
|
8 |
WEB
|
SSR Team
|
|
2003-07-09
|
|
QuadComm Q-Shop 2.5 - Failure To Validate Credentials
|
9 |
WEB
|
G00db0y
|
|
2012-11-21
|
|
PHP Server Monitor - Persistent Cross-Site Scripting
|
9 |
WEB
|
loneferret
|
|
2012-11-21
|
|
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-11-21
|
|
Yii Framework 1.1.8 - Search SQL Injection
|
11 |
WEB
|
Juno_okyo
|
|
2003-07-07
|
|
CPanel 5.0/5.3/6.x - Admin Interface HTML Injection
|
9 |
WEB
|
Ory Segal
|
|
2003-07-05
|
|
ProductCart 1.5/1.6/2.0 - File Disclosure
|
9 |
WEB
|
Tri Huynh
|
|
2003-07-05
|
|
ProductCart 1.5/1.6/2.0 - 'MSG.asp' Cross-Site Scripting
|
9 |
WEB
|
atomix
|
|
2003-07-04
|
|
ProductCart 1.5/1.6/2.0 - 'login.asp' SQL Injection
|
11 |
WEB
|
Bosen
|
|
2003-07-04
|
|
ProductCart 1.5/1.6/2.0 - 'Custva.asp' SQL Injection
|
9 |
WEB
|
Bosen
|
|
2003-07-02
|
|
Verity K2 Toolkit 2.20 Query Builder Search Script - Cross-Site Scripting
|
9 |
WEB
|
SSR Team
|
|
2012-11-20
|
|
WordPress Plugin Facebook Survey 1.0 - SQL Injection
|
10 |
WEB
|
Vulnerability Research Laboratory
|
|
2012-11-20
|
|
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
|
9 |
WEB
|
Vulnerability-Lab
|
|
2003-07-02
|
|
Verity K2 Toolkit 2.20 - Cross-Site Scripting
|
8 |
WEB
|
SSR Team
|
|
2003-06-30
|
|
PABox 1.6 - Password Reset
|
10 |
WEB
|
silentscripter
|
|
2003-06-29
|
|
MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities
|
9 |
WEB
|
Morning Wood
|
|
2003-06-29
|
|
CutePHP CuteNews 1.3 - HTML Injection
|
9 |
WEB
|
Peter Winter-Smith
|
|
2003-06-26
|
|
iXmail 0.2/0.3 - 'iXmail_NetAttach.php' File Deletion
|
9 |
WEB
|
leseulfrog
|
|
2012-11-19
|
|
weBid 1.0.5 - Directory Traversal
|
8 |
WEB
|
loneferret
|
|
2012-11-19
|
|
WeBid 1.0.5 - Cross-Site Scripting
|
9 |
WEB
|
Woody Hughes
|
|
2003-06-23
|
|
VisNetic WebMail 5.8.6 .6 - Information Disclosure
|
8 |
WEB
|
posidron
|
|
2003-06-23
|
|
XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting
|
9 |
WEB
|
Knight Commander
|
|
2003-06-23
|
|
XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
|
9 |
WEB
|
Knight Commander
|
|
2003-06-20
|
|
Tutos 1.1 - File_New Arbitrary File Upload
|
9 |
WEB
|
François SORIN
|
|
2003-06-20
|
|
Tutos 1.1 - 'File_Select.php' Cross-Site Scripting
|
9 |
WEB
|
François SORIN
|
|
2003-06-20
|
|
WebJeff FileManager 1.6 - File Disclosure
|
8 |
WEB
|
Adam Stephens
|
|
2003-06-19
|
|
pMachine 1.0/2.x - Search Module Cross-Site Scripting
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-19
|
|
pMachine 1.0/2.x - Multiple Script 'sfx' Full Path Disclosures
|
8 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-19
|
|
pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-17
|
|
Tmax Soft JEUS 3.1.4 p1 - URL.jsp Cross-Site Scripting
|
10 |
WEB
|
Jeremy Bae
|
|
2003-06-18
|
|
Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting
|
8 |
WEB
|
David F.Madrid
|
|
2003-06-18
|
|
Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting
|
9 |
WEB
|
David F.Madrid
|
|
2003-06-18
|
|
phpMyAdmin 2.x - Information Disclosure
|
8 |
WEB
|
Lorenzo Manuel Hernandez Garcia-Hierro
|
|
2003-06-17
|
|
SquirrelMail 1.2.11 - Multiple Vulnerabilities
|
9 |
WEB
|
dr_insane
|
|
2003-06-17
|
|
SquirrelMail 1.2.11 Administrator Plugin - 'options.php' Arbitrary Admin Account Creation
|
9 |
WEB
|
dr_insane
|
|
2003-06-17
|
|
SquirrelMail 1.2.11 - 'move_messages.php' Arbitrary File Moving
|
9 |
WEB
|
dr_insane
|
|
2003-06-16
|
|
Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting
|
8 |
WEB
|
JeiAr
|
|
2003-06-16
|
|
LedNews 0.7 Post Script - Code Injection
|
8 |
WEB
|
gilbert vilvoorde
|
|
2003-06-15
|
|
PMachine 2.2.1 - '/Lib.Inc.php' Remote File Inclusion / Command Execution
|
9 |
WEB
|
frog
|
|
2003-06-12
|
|
Infinity CGI Exploit Scanner 3.11 - Remote Command Execution
|
11 |
WEB
|
badpack3t
|
|
2003-06-12
|
|
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting
|
9 |
WEB
|
badpack3t
|
|
2003-06-13
|
|
PostNuke 0.723 - 'user.php' UNAME Cross-Site Scripting
|
8 |
WEB
|
David F. Madrid
|
|
2012-11-16
|
|
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
|
8 |
WEB
|
unsuprise
|
|
2003-06-13
|
|
Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-13
|
|
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
David F. Madrid
|
|
2003-06-13
|
|
Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification
|
8 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-09
|
|
H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting
|
9 |
WEB
|
Lorenzo Hernandez Garcia-Hierro
|
|
2003-06-06
|
|
Zentrack 2.2/2.3/2.4 - 'index.php' Remote File Inclusion
|
8 |
WEB
|
farking
|
|
2003-06-06
|
|
Maxwebportal 1.30 - Remote Database Disclosure
|
9 |
WEB
|
JeiAr
|
|
2003-06-06
|
|
Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting
|
9 |
WEB
|
JeiAr
|
|
2003-06-06
|
|
Synkron.Web 3.0 - HTML Injection
|
8 |
WEB
|
Gyrniff
|
|
2003-06-05
|
|
ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal
|
8 |
WEB
|
Paul Craig
|
|
2012-11-15
|
|
ReciPHP 1.1 - SQL Injection
|
8 |
WEB
|
cr4wl3r
|
|
2012-11-15
|
|
BabyGekko 1.2.2e - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2012-11-15
|
|
Friends in War Make or Break 1.3 - Authentication Bypass
|
10 |
WEB
|
d3b4g
|
|
2012-11-15
|
|
iDev Rentals 1.0 - Multiple Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2003-06-04
|
|
Mailtraq 2.2 - Webmail Utility Full Path Disclosure
|
10 |
WEB
|
Ziv Kamir
|
|
2003-06-04
|
|
Mailtraq 2.2 - 'Browse.asp' Cross-Site Scripting
|
10 |
WEB
|
Ziv Kamir
|
|
2002-10-12
|
|
PHP 4 - 'PHPInfo()' Cross-Site Scripting
|
8 |
WEB
|
Matthew Murphy
|
|
2003-06-04
|
|
Xpressions Interactive - Multiple SQL Injections
|
9 |
WEB
|
Paul Craig
|
|
2003-06-02
|
|
SPChat 0.8 Module - Remote File Inclusion
|
8 |
WEB
|
Rynho Zeros Web
|
|
2003-06-02
|
|
WebChat 2.0 - 'users.php' Cross-Site Scripting
|
9 |
WEB
|
Rynho Zeros Web
|
|
2003-06-02
|
|
WebChat 2.0 - 'users.php?Database Username Disclosure
|
9 |
WEB
|
Rynho Zeros Web
|
|
2012-11-14
|
|
MYRE Realty Manager - Multiple Vulnerabilities
|
9 |
WEB
|
d3b4g
|
|
2012-11-14
|
|
MYREphp Vacation Rental Software - Multiple Vulnerabilities
|
9 |
WEB
|
d3b4g
|
|
2012-11-14
|
|
Myrephp Business Directory - Multiple Vulnerabilities
|
9 |
WEB
|
d3b4g
|
|
2012-11-14
|
|
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
|
8 |
WEB
|
d3b4g
|
|
2012-11-14
|
|
Narcissus - Remote Command Execution
|
9 |
WEB
|
dun
|
