|
2002-10-21
|
|
PHP Arena PAFileDB 1.1.3/2.1.1/3.0 - 'Email To Friend' Cross-Site Scripting
|
10 |
WEB
|
ersatz
|
|
2002-10-21
|
|
KMMail 1.0 - E-Mail HTML Injection
|
3 |
WEB
|
Ulf Harnhammar
|
|
2002-10-18
|
|
YaBB 1.40/1.41 - Login Cross-Site Scripting
|
5 |
WEB
|
Nir Adar
|
|
2002-10-18
|
|
vBulletin 2.0/2.2.x - Cross-Site Scripting
|
4 |
WEB
|
Sp.IC
|
|
2002-10-10
|
|
PHPRank 1.8 - 'add.php' Cross-Site Scripting
|
4 |
WEB
|
Jedi/Sector One
|
|
2002-10-10
|
|
PHPBBMod 1.3.3 - PHPInfo Information Disclosure
|
3 |
WEB
|
Roland Verlander
|
|
2002-10-10
|
|
PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting
|
4 |
WEB
|
Arab VieruZ
|
|
2012-10-16
|
|
Project Pier - Arbitrary File Upload (Metasploit)
|
4 |
WEB
|
Metasploit
|
|
2002-10-09
|
|
Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting
|
4 |
WEB
|
Max
|
|
2002-10-08
|
|
SurfControl SuperScout Email Filter 3.5 - User Credential Disclosure
|
5 |
WEB
|
ken@FTU
|
|
2002-10-08
|
|
SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting
|
4 |
WEB
|
ken@FTU
|
|
2002-10-09
|
|
VBZoom 1.0 - Arbitrary File Upload
|
5 |
WEB
|
hish
|
|
2002-10-09
|
|
Microsoft Content Management Server 2001 - Cross-Site Scripting
|
4 |
WEB
|
overclocking_a_la_abuela
|
|
2002-10-08
|
|
VBZoom 1.0 - SQL Injection
|
3 |
WEB
|
hish
|
|
2002-10-08
|
|
SSGBook 1.0 - Image Tag HTML Injection
|
4 |
WEB
|
frog
|
|
2002-10-07
|
|
Killer Protection 1.0 - Information Disclosure
|
4 |
WEB
|
frog
|
|
2002-10-04
|
|
phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Sp.IC
|
|
2002-10-03
|
|
phpMyNewsletter 0.6.10 - Remote File Inclusion
|
6 |
WEB
|
frog
|
|
2002-10-03
|
|
Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting
|
5 |
WEB
|
Pistone
|
|
2002-10-02
|
|
MySimpleNews 1.0 - Remote Readable Administrator Password
|
3 |
WEB
|
frog
|
|
2002-10-02
|
|
MySimpleNews 1.0 - PHP Injection
|
4 |
WEB
|
frog
|
|
2002-10-02
|
|
phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting
|
5 |
WEB
|
Sp.IC
|
|
2002-10-02
|
|
Midicart PHP - Arbitrary File Upload
|
4 |
WEB
|
frog
|
|
2002-10-02
|
|
Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution
|
6 |
WEB
|
Matt Moore
|
|
2002-10-02
|
|
Midicart PHP - Information Disclosure
|
5 |
WEB
|
frog
|
|
2002-10-02
|
|
TightAuction 3.0 - Config.INC Information Disclosure
|
5 |
WEB
|
frog
|
|
2012-10-11
|
|
vOlk Botnet Framework 4.0 - Multiple Vulnerabilities
|
5 |
WEB
|
Vulnerability-Lab
|
|
2012-10-11
|
|
Omnistar Document Manager 8.0 - Multiple Vulnerabilities
|
4 |
WEB
|
Vulnerability-Lab
|
|
2002-10-02
|
|
Py-Membres 3.1 - 'index.php' Unauthorized Access
|
4 |
WEB
|
frog
|
|
2002-09-30
|
|
Sun ONE Starter Kit 2.0 / ASTAware SearchDisc 3.1 - Search Engine Directory Traversal
|
5 |
WEB
|
ET LoWNOISE
|
|
2002-09-29
|
|
EmuMail 5.0 Email Form - Script Injection
|
4 |
WEB
|
FVS
|
|
2002-09-29
|
|
EmuMail 5.0 - Web Root Full Path Disclosure
|
4 |
WEB
|
FVS
|
|
2002-09-28
|
|
Jetty 4.1 Servlet Engine - Cross-Site Scripting
|
3 |
WEB
|
Skinnay
|
|
2002-09-27
|
|
vBulletin 2.0.3 - 'calendar.php' Command Execution
|
5 |
WEB
|
gosper
|
|
2002-09-26
|
|
PostNuke 0.72 - 'modules.php' Cross-Site Scripting
|
5 |
WEB
|
Mark Grimes
|
|
2012-10-10
|
|
ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting
|
4 |
WEB
|
loneferret
|
|
2002-09-25
|
|
phpWebSite 0.8.3 - News Message HTML Injection
|
4 |
WEB
|
das@hush.com
|
|
2002-09-25
|
|
Drupal 4.0 - News Message HTML Injection
|
4 |
WEB
|
das@hush.com
|
|
2002-09-25
|
|
PHP-Nuke 6.0 - 'modules.php' SQL Injection
|
4 |
WEB
|
Pedro Inacio
|
|
2002-09-25
|
|
DaCode 1.2 - News Message HTML Injection
|
4 |
WEB
|
das@hush.com
|
|
2002-09-25
|
|
NPDS 4.8 - News Message HTML Injection
|
4 |
WEB
|
das@hush.com
|
|
2002-09-25
|
|
PHP-Nuke 6.0 - News Message HTML Injection
|
4 |
WEB
|
das@hush.com
|
|
2002-09-24
|
|
PHP-Nuke 6.0/6.5 - Search Form Cross-Site Scripting
|
4 |
WEB
|
Mark Grimes
|
|
2012-10-10
|
|
Auxilium RateMyPet - Arbitrary File Upload (Metasploit)
|
4 |
WEB
|
Metasploit
|
|
2012-10-10
|
|
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
|
5 |
WEB
|
Metasploit
|
|
2012-10-10
|
|
phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)
|
5 |
WEB
|
Metasploit
|
|
2012-10-10
|
|
PhpTax - 'pfilez' Execution Remote Code Injection (Metasploit)
|
6 |
WEB
|
Metasploit
|
|
2002-09-24
|
|
XOOPS 1.0 RC3 - HTML Injection
|
3 |
WEB
|
das@hush.com
|
|
2002-09-23
|
|
phpWebSite 0.8.2 - PHP File Inclusion
|
4 |
WEB
|
Tim Vandermeersch
|
|
2012-10-09
|
|
Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities
|
4 |
WEB
|
Vulnerability-Lab
|
|
2002-09-23
|
|
Rudi Benkovic JAWMail 1.0 - Script Injection
|
4 |
WEB
|
Ulf Harnhammar
|
|
2002-09-19
|
|
SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
|
5 |
WEB
|
DarC KonQuest
|
|
2012-10-08
|
|
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting
|
4 |
WEB
|
loneferret
|
|
2002-09-17
|
|
Lycos HTMLGear - guestGear CSS HTML Injection
|
4 |
WEB
|
Matthew Murphy
|
|
2012-10-07
|
|
MyAuth3 - Blind SQL Injection
|
4 |
WEB
|
Marcio Almeida
|
|
2012-10-07
|
|
Blog Mod 0.1.9 - 'index.php?month' SQL Injection
|
5 |
WEB
|
WhiteCollarGroup
|
|
2002-09-09
|
|
PHPGB 1.1/1.2 - PHP Code Injection
|
4 |
WEB
|
ppp-design
|
|
2002-09-09
|
|
phpGB 1.1 - HTML Injection
|
5 |
WEB
|
ppp-design
|
|
2002-09-09
|
|
WoltLab Burning Board 2.0 - SQL Injection
|
4 |
WEB
|
Cano2
|
|
2002-09-09
|
|
phpGB 1.x - SQL Injection
|
4 |
WEB
|
ppp-design
|
|
2002-09-07
|
|
PHP 4.2.3 - Header Function Script Injection
|
4 |
WEB
|
Matthew Murphy
|
|
2002-09-03
|
|
Aestiva HTML/OS 2.4 - Cross-Site Scripting
|
4 |
WEB
|
eax@3xT.org
|
|
2002-09-03
|
|
Super Site Searcher - Remote Command Execution
|
4 |
WEB
|
luca.ercoli
|
|
2002-08-31
|
|
FactoSystem Weblog 0.9/1.0/1.1 - Multiple SQL Injections
|
3 |
WEB
|
Matthew Murphy
|
|
2002-08-24
|
|
PHPReactor 1.2.7 - Style Attribute HTML Injection
|
4 |
WEB
|
Matthew Murphy
|
|
2002-08-22
|
|
Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution
|
5 |
WEB
|
Jeroen Latour
|
|
2012-10-04
|
|
Novell Sentinel Log Manager 1.2.0.2 - Retention Policy
|
4 |
WEB
|
Piotr Chmylkowski
|
|
2012-10-04
|
|
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
|
4 |
WEB
|
waraxe
|
|
2012-10-04
|
|
Template CMS 2.1.1 - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2012-10-04
|
|
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
|
4 |
WEB
|
L0n3ly-H34rT
|
|
2002-08-20
|
|
Mozilla Bonsai 1.3 - Full Path Disclosure
|
5 |
WEB
|
Stan Bubrouski
|
|
2002-08-20
|
|
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Stan Bubrouski
|
|
2002-08-19
|
|
Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Abraham Lincoln
|
|
2002-08-19
|
|
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
|
4 |
WEB
|
Joao Gouveia
|
|
2002-08-19
|
|
Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification
|
4 |
WEB
|
Ulf Harnhammar
|
|
2002-08-19
|
|
Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Disclosure
|
5 |
WEB
|
Ulf Harnhammar
|
|
2012-10-03
|
|
Omnistar Mailer 7.2 - Multiple Vulnerabilities
|
5 |
WEB
|
Vulnerability-Lab
|
|
2012-10-03
|
|
WordPress Plugin spider Calendar - Multiple Vulnerabilities
|
5 |
WEB
|
D4NB4R
|
|
2002-08-14
|
|
Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection
|
4 |
WEB
|
Matthew Murphy
|
|
2002-08-10
|
|
Midicart ASP - Remote Customer Information Retrieval
|
5 |
WEB
|
Dimitri Sekhniashvili
|
|
2002-07-30
|
|
Dispair 0.1/0.2 - Remote Command Execution
|
4 |
WEB
|
anonymous
|
|
2002-08-01
|
|
Bharat Mediratta Gallery 1.x - Remote File Inclusion
|
5 |
WEB
|
PowerTech
|
|
2002-07-29
|
|
ShoutBox 1.2 - 'Form' HTML Injection
|
5 |
WEB
|
delusion
|
|
2012-10-02
|
|
phptax 0.8 - Remote Code Execution
|
4 |
WEB
|
Jean Pascal Pereira
|
|
2002-07-29
|
|
dotProject 0.2.1 - User Cookie Authentication Bypass
|
3 |
WEB
|
pokleyzz
|
|
2002-07-29
|
|
phpBB2 Gender Mod 1.1.3 - SQL Injection
|
4 |
WEB
|
langtuhaohoa caothuvolam
|
|
2002-07-29
|
|
Ben Chivers Easy Guestbook 1.0 - Administrative Access
|
4 |
WEB
|
Arek Suroboyo
|
|
2002-07-29
|
|
Ben Chivers Easy Homepage Creator 1.0 - File Modification
|
4 |
WEB
|
Arek Suroboyo
|
|
2012-10-01
|
|
WordPress Theme Archin 3.2 - Configuration Access
|
4 |
WEB
|
bwall
|
|
2002-07-24
|
|
Cobalt Qube 3.0 - Authentication Bypass
|
4 |
WEB
|
pokley
|
|
2002-07-19
|
|
Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting
|
6 |
WEB
|
Ulf Harnhammar
|
|
2002-07-17
|
|
PHP-Wiki 1.2/1.3 - Cross-Site Scripting
|
5 |
WEB
|
Pistone
|
|
2002-07-17
|
|
Macromedia Sitespring 1.2 - Default Error Page Cross-Site Scripting
|
4 |
WEB
|
Peter Gründl
|
|
2002-07-15
|
|
IMHO Webmail 0.9x - Account Hijacking
|
4 |
WEB
|
Security Bugware
|
|
2002-07-11
|
|
Sun i-Runbook 2.5.2 - Directory and File Content Disclosure
|
4 |
WEB
|
JWC
|
|
2002-07-10
|
|
Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting
|
5 |
WEB
|
VALDEUX
|
|
2002-07-10
|
|
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
|
3 |
WEB
|
Matt Moore
|
|
2002-07-02
|
|
phpAuction 1/2 - Unauthorized Administrative Access
|
4 |
WEB
|
ethx
|
|
2002-07-01
|
|
BlackBoard 5.0 - Cross-Site Scripting
|
4 |
WEB
|
Berend-Jan Wever
|
|
2002-07-01
|
|
BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting
|
4 |
WEB
|
Mark Rowe
|
|
2002-06-21
|
|
YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
|
4 |
WEB
|
methodic
|
|
2002-06-19
|
|
BasiliX Webmail 1.1 - Message Content Script Injection
|
4 |
WEB
|
Ulf Harnhammar
|
|
2002-06-06
|
|
WebScripts WebBBS 4.x/5.0 - Remote Command Execution
|
7 |
WEB
|
NERF Security
|
|
2002-06-17
|
|
PHP-Address 0.2 e - Remote File Inclusion
|
5 |
WEB
|
Tim Vandermeerch
|
|
2002-06-16
|
|
osCommerce 2.1 - Remote File Inclusion
|
5 |
WEB
|
Tim Vandermeerch
|
|
2002-06-17
|
|
Wolfram Research webMathematica 4.0 - File Disclosure
|
4 |
WEB
|
Andrew Badr
|
|
2002-06-15
|
|
My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure
|
5 |
WEB
|
cult
|
|
2002-06-15
|
|
ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution
|
4 |
WEB
|
onlooker
|
|
2002-06-14
|
|
Mewsoft NetAuction 3.0 - Cross-Site Scripting
|
5 |
WEB
|
windows-1256
|
|
2002-06-14
|
|
PHP Classifieds 6.0.5 - Cross-Site Scripting
|
5 |
WEB
|
windows-1256
|
|
2012-09-27
|
|
Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection
|
4 |
WEB
|
otoy
|
|
2012-09-27
|
|
JAMF Casper Suite MDM - Cross-Site Request Forgery
|
3 |
WEB
|
Jacob Holcomb
|
|
2002-06-13
|
|
Ruslan Communications Builder - Authentication Bypass
|
4 |
WEB
|
Alexander Korchagin
|
|
2002-06-12
|
|
MakeBook 2.2 - Form Field Input Validation
|
4 |
WEB
|
b0iler
|
|
2002-06-11
|
|
CGIScript.net csNews 1.0 - Header File Type Restriction Bypass
|
4 |
WEB
|
Steve Gustin
|
|
2002-06-11
|
|
CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access
|
4 |
WEB
|
Steve Gustin
|
|
2002-06-10
|
|
W-Agora 4.1.x - Remote File Inclusion
|
4 |
WEB
|
frog
|
|
2002-06-10
|
|
Geeklog 1.3.5 - Calendar Event Form Script Injection
|
4 |
WEB
|
Ahmet Sabri ALPER
|
|
2002-06-10
|
|
MyHelpDesk 20020509 - SQL Injection
|
4 |
WEB
|
Ahmet Sabri ALPER
|
|
2002-06-10
|
|
MyHelpDesk 20020509 - Cross-Site Scripting
|
4 |
WEB
|
Ahmet Sabri ALPER
|
|
2002-06-10
|
|
Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Ahmet Sabri ALPER
|
|
2012-09-26
|
|
ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusions
|
3 |
WEB
|
L0n3ly-H34rT
|
|
2012-09-25
|
|
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
|
4 |
WEB
|
LiquidWorm
|
|
2002-06-10
|
|
MyHelpDesk 20020509 - HTML Injection
|
4 |
WEB
|
Ahmet Sabri ALPER
|
|
2002-06-06
|
|
Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities
|
4 |
WEB
|
Ulf Harnhammar
|
