|
2001-12-17
|
|
Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting
|
8 |
WEB
|
Tamer Sahin
|
|
2001-12-01
|
|
EasyNews 1.5 - NewsDatabase/Template Modification
|
8 |
WEB
|
markus arndt
|
|
2001-12-03
|
|
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Cabezon Aurélien
|
|
2001-12-03
|
|
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'user.php?uname' Cross-Site Scripting
|
8 |
WEB
|
Cabezon Aurélien
|
|
2001-11-19
|
|
bharat Mediratta Gallery 1.1/1.2 - Directory Traversal
|
8 |
WEB
|
Cabezon Aurelien
|
|
2012-09-08
|
|
Pinterest Clone Script - Multiple Vulnerabilities
|
9 |
WEB
|
DaOne
|
|
2012-09-07
|
|
TestLink 1.9.3 - Cross-Site Request Forgery
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2012-09-07
|
|
Sitecom Home Storage Center - Authentication Bypass
|
8 |
WEB
|
Mattijs van Ommeren
|
|
2012-09-07
|
|
Clipster Video - Persistent Cross-Site Scripting
|
7 |
WEB
|
DaOne
|
|
2012-09-07
|
|
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2001-10-13
|
|
PostNuke 0.6 - User Login
|
9 |
WEB
|
anonymous
|
|
2012-09-05
|
|
Ektron CMS 8.5.0 - Multiple Vulnerabilities
|
8 |
WEB
|
Sense of Security
|
|
2012-09-05
|
|
ES Job Search Engine 3.0 - SQL Injection
|
7 |
WEB
|
Vulnerability-Lab
|
|
2011-12-18
|
|
novell sentinel log manager 1.2.0.1 - Directory Traversal
|
10 |
WEB
|
Andrea Fabrizi
|
|
2012-09-05
|
|
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
|
8 |
WEB
|
Andrea Fabrizi
|
|
2012-09-05
|
|
MobileCartly 1.0 - Arbitrary File Creation (Metasploit)
|
8 |
WEB
|
Metasploit
|
|
2001-07-31
|
|
phpBB 1.x - Page Header Arbitrary Command Execution
|
8 |
WEB
|
UnderSpell
|
|
2012-09-04
|
|
Group Office Calendar - '/calendar/json.php' SQL Injection
|
8 |
WEB
|
Chris Cooper
|
|
2012-09-04
|
|
Support4Arabs Pages 2.0 - SQL Injection
|
9 |
WEB
|
L0n3ly-H34rT
|
|
2012-09-04
|
|
Splunk 4.3.3 - Arbitrary File Read
|
8 |
WEB
|
Marcio Almeida
|
|
2012-09-04
|
|
jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities
|
7 |
WEB
|
Hoyt LLC Research
|
|
2001-08-03
|
|
phpBB 1.4 - SQL Query Manipulation
|
9 |
WEB
|
kill-9
|
|
2001-07-27
|
|
PHP-Nuke 5.0 - 'user.php' Form Element Substitution
|
8 |
WEB
|
dinopio
|
|
2012-09-03
|
|
Sitecom Home Storage Center - Directory Traversal
|
8 |
WEB
|
Mattijs van Ommeren
|
|
2012-09-03
|
|
Conceptronic Grab'n'Go Network Storage - Directory Traversal
|
8 |
WEB
|
Mattijs van Ommeren
|
|
2001-07-21
|
|
PHPLib Team PHPLIB 7.2 - Remote Script Execution
|
9 |
WEB
|
giancarlo pinerolo
|
|
2012-09-02
|
|
AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection
|
8 |
WEB
|
DaOne
|
|
2012-09-02
|
|
Admidio 2.3.5 - Multiple Vulnerabilities
|
8 |
WEB
|
Stefan Schurtz
|
|
2001-07-06
|
|
Basilix Webmail 1.0 - File Disclosure
|
8 |
WEB
|
karol _
|
|
2001-07-05
|
|
Cobalt Qube Webmail 1.0 - Directory Traversal
|
7 |
WEB
|
kf
|
|
2001-07-02
|
|
Citrix Nfuse 1.51 - Webroot Disclosure
|
10 |
WEB
|
sween
|
|
2012-09-01
|
|
Joomla! Component Spider Calendar - SQL Injection
|
8 |
WEB
|
D4NB4R
|
|
2012-09-01
|
|
SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities
|
8 |
WEB
|
Brendan Coles
|
|
2012-08-31
|
|
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
|
8 |
WEB
|
Mike Eduard
|
|
2012-08-31
|
|
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
|
8 |
WEB
|
Backsl@sh/Dan
|
|
2012-08-30
|
|
Booking System Pro - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2001-06-13
|
|
SiteWare 2.5/3.0/3.1 Editor Desktop - Directory Traversal
|
8 |
WEB
|
Foundstone Labs
|
|
2012-08-29
|
|
WordPress Plugin HD Webplayer 1.1 - SQL Injection
|
9 |
WEB
|
JoinSe7en
|
|
2012-08-29
|
|
Disqus Blog Comments - Blind SQL Injection
|
8 |
WEB
|
Spy_w4r3
|
|
2012-08-28
|
|
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
|
9 |
WEB
|
Mattijs van Ommeren
|
|
2012-08-28
|
|
RV Shopping Cart - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2012-08-28
|
|
RV Article Publisher - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2012-08-28
|
|
mieric AddressBook 1.0 - SQL Injection
|
8 |
WEB
|
Jean Pascal Pereira
|
|
2012-08-28
|
|
CommPort 1.01 - Multiple Vulnerabilities
|
8 |
WEB
|
Jean Pascal Pereira
|
|
2012-08-27
|
|
aoop CMS 0.3.6 - Multiple Vulnerabilities
|
8 |
WEB
|
Julien Ahrens
|
|
2012-08-27
|
|
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
|
8 |
WEB
|
Sense of Security
|
|
2012-08-27
|
|
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
|
8 |
WEB
|
LiquidWorm
|
|
2012-08-27
|
|
WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting
|
9 |
WEB
|
Crim3R
|
|
2012-08-27
|
|
Vlinks 2.0.3 - 'id' SQL Injection
|
8 |
WEB
|
JIKO
|
|
2012-08-27
|
|
web@all CMS 2.0 - Multiple Vulnerabilities
|
7 |
WEB
|
LiquidWorm
|
|
2012-08-27
|
|
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Shai rod
|
|
2012-08-27
|
|
Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Shai rod
|
|
2001-04-15
|
|
PHPSlash 0.5.3 2/0.6.1 - URL Block Arbitrary File Disclosure
|
8 |
WEB
|
tobozo tagada
|
|
2012-08-24
|
|
businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload
|
8 |
WEB
|
Shai rod
|
|
2012-08-24
|
|
Easy Banner Pro - 'index.php' Local File Inclusion
|
8 |
WEB
|
Yakir Wizman
|
|
2012-08-24
|
|
AB Banner Exchange - 'index.php' Local File Inclusion
|
8 |
WEB
|
Yakir Wizman
|
|
2012-08-24
|
|
Text Exchange Pro - 'index.php' Local File Inclusion
|
7 |
WEB
|
Yakir Wizman
|
|
2012-08-24
|
|
Ad Manager Pro - Multiple Vulnerabilities
|
8 |
WEB
|
Yakir Wizman
|
|
2012-08-24
|
|
webpa 1.1.0.1 - Multiple Vulnerabilities
|
8 |
WEB
|
dun
|
|
2012-08-23
|
|
Ad Manager Pro 4 - Local File Inclusion
|
8 |
WEB
|
CorryL
|
|
2012-08-23
|
|
op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities
|
8 |
WEB
|
loneferret
|
|
2012-08-23
|
|
letodms 3.3.6 - Multiple Vulnerabilities
|
7 |
WEB
|
Shai rod
|
|
2001-04-02
|
|
PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change
|
8 |
WEB
|
Juan Diego
|
|
2012-08-22
|
|
XODA 0.4.5 - Arbitrary '.PHP' File Upload (Metasploit)
|
8 |
WEB
|
Metasploit
|
|
2012-08-22
|
|
E-Mail Security Virtual Appliance - 'learn-msg.cgi' Command Injection (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2012-08-22
|
|
VamCart 0.9 - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2012-08-22
|
|
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
|
6 |
WEB
|
Shai rod
|
|
2012-08-21
|
|
Clipbucket 2.5 - Blind SQL Injection
|
7 |
WEB
|
loneferret
|
|
2012-08-21
|
|
Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change
|
7 |
WEB
|
Kc57
|
|
2012-08-21
|
|
Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change (Metasploit)
|
6 |
WEB
|
Kc57
|
|
2012-08-21
|
|
Clipbucket 2.5 - Directory Traversal
|
8 |
WEB
|
loneferret
|
|
2012-08-21
|
|
XODA Document Management System 0.4.5 - Cross-Site Scripting / Arbitrary File Upload
|
9 |
WEB
|
Shai rod
|
|
2012-08-20
|
|
IOServer 1.0.18.0 - Directory Traversal
|
9 |
WEB
|
hinge
|
|
2012-08-20
|
|
uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Shai rod
|
|
2012-08-20
|
|
YourArcadeScript 2.4 - 'index.php?id' SQL Injection
|
8 |
WEB
|
DaOne
|
|
2012-08-20
|
|
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Shai rod
|
|
2012-08-20
|
|
PG Portal Pro - Cross-Site Request Forgery
|
8 |
WEB
|
Noxious
|
|
2012-08-20
|
|
GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution
|
8 |
WEB
|
Shai rod
|
|
2012-08-20
|
|
hupa webmail 0.0.2 - Persistent Cross-Site Scripting
|
9 |
WEB
|
Shai rod
|
|
2012-08-20
|
|
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 - Password Disclosure
|
9 |
WEB
|
Alberto Ortega
|
|
2012-08-20
|
|
Clipbucket 2.5 - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2012-08-20
|
|
T-dah Webmail - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
10 |
WEB
|
Yakir Wizman
|
|
2012-08-18
|
|
ManageEngine OpUtils 6.0 - Persistent Cross-Site Scripting
|
10 |
WEB
|
loneferret
|
|
2012-08-18
|
|
IlohaMail Webmail - Persistent Cross-Site Scripting
|
9 |
WEB
|
Shai rod
|
|
2012-08-17
|
|
Jaow CMS 2.3 - Blind SQL Injection
|
10 |
WEB
|
loneferret
|
|
2000-01-06
|
|
Phorum 3.0.7 - 'auth.php3' Backdoor Access
|
10 |
WEB
|
Max Vision
|
|
2000-01-01
|
|
Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
|
10 |
WEB
|
Max Vision
|
|
2000-01-06
|
|
Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change
|
11 |
WEB
|
Max Vision
|
|
2012-08-17
|
|
webid 1.0.4 - Multiple Vulnerabilities
|
9 |
WEB
|
dun
|
|
2012-08-17
|
|
T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
Shai rod
|
|
2012-08-17
|
|
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
|
9 |
WEB
|
Shai rod
|
|
2012-08-17
|
|
Inferno vBShout 2.5.2 - SQL Injection
|
9 |
WEB
|
Luit
|
|
2012-08-17
|
|
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
|
10 |
WEB
|
Vulnerability-Lab
|
|
2012-08-17
|
|
Social Engine 4.2.5 - Multiple Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2012-08-17
|
|
Jaow CMS 2.3 - Cross-Site Request Forgery
|
8 |
WEB
|
DaOne
|
|
2012-08-16
|
|
ProQuiz 2.0.2 - Cross-Site Request Forgery
|
10 |
WEB
|
DaOne
|
|
2012-08-16
|
|
Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting
|
11 |
WEB
|
Shai rod
|
|
2012-08-15
|
|
sphpforum 0.4 - Multiple Vulnerabilities
|
10 |
WEB
|
loneferret
|
|
2012-08-15
|
|
Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities
|
9 |
WEB
|
loneferret
|
|
2012-08-15
|
|
xt:Commerce 3.04 SP2.1 - Blind SQL Injection
|
9 |
WEB
|
stoffline.com
|
|
2012-08-15
|
|
MaxForum 1.0.0 - Local File Inclusion
|
8 |
WEB
|
ahwak2000
|
|
2012-08-15
|
|
MobileCartly 1.0 - Arbitrary File Upload
|
10 |
WEB
|
ICheer_No0M
|
|
2001-01-11
|
|
Basilix Webmail 0.9.7 - Incorrect File Permissions
|
9 |
WEB
|
Tamer Sahin
|
|
2012-08-13
|
|
IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control
|
10 |
WEB
|
Nir Valtman
|
|
2012-08-13
|
|
IBM Websphere MQ File Transfer Edition Web Gateway - Cross-Site Request Forgery
|
9 |
WEB
|
Nir Valtman
|
|
2012-08-13
|
|
Hotel Booking Portal 0.1 - Multiple Vulnerabilities
|
8 |
WEB
|
Yakir Wizman
|
|
2012-08-13
|
|
WordPress Plugin RSVPMaker 2.5.4 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Chris Kellum
|
|
2000-11-24
|
|
Phorum 3.x - Arbitrary File Read
|
10 |
WEB
|
Joao Gouveia
|
|
2000-11-23
|
|
Phorum 3.x - PHP Configuration Disclosure
|
10 |
WEB
|
Joao Gouveia
|
|
2012-08-10
|
|
MobileCartly 1.0 - Arbitrary File Write
|
9 |
WEB
|
Yakir Wizman
|
|
2012-08-11
|
|
ProQuiz 2.0.2 - Multiple Vulnerabilities
|
10 |
WEB
|
L0n3ly-H34rT
|
|
2012-08-11
|
|
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities
|
11 |
WEB
|
Vulnerability-Lab
|
|
2012-08-10
|
|
WordPress Plugin Mz-jajak 2.1 - SQL Injection
|
10 |
WEB
|
StRoNiX
|
|
2012-08-10
|
|
MobileCartly 1.0 - Arbitrary File Deletion
|
10 |
WEB
|
GoLd_M
|
|
2012-08-09
|
|
Cyclope Employee Surveillance Solution 6.0/6.1.0/6.2.0/6.2.1/6.3.0 - SQL Injection
|
9 |
WEB
|
loneferret
|
|
2012-08-09
|
|
Kamads Classifieds 2.0 - Admin Hash Disclosure
|
10 |
WEB
|
Mr.tro0oqy
|
|
2012-08-09
|
|
Joomla! Component com_fireboard - SQL Injection
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-08-08
|
|
IBM Proventia Network Mail Security System 2.5 - POST File Read
|
10 |
WEB
|
muts
|
|
2012-08-08
|
|
xeams email server 4.4 build 5720 - Persistent Cross-Site Scripting
|
9 |
WEB
|
loneferret
|
|
2012-08-08
|
|
winwebmail server 3.8.1.6 - Persistent Cross-Site Scripting
|
10 |
WEB
|
loneferret
|
|
2012-08-08
|
|
WordPress Plugin ThreeWP Email Reflector 1.13 - Persistent Cross-Site Scripting
|
8 |
WEB
|
loneferret
|
|
2012-08-08
|
|
T-dah Webmail Client 3.2.0-2.3 - Persistent Cross-Site Scripting
|
9 |
WEB
|
loneferret
|
|
2012-08-08
|
|
Surgemail 6.0a4 - Persistent Cross-Site Scripting
|
9 |
WEB
|
loneferret
|
|
2012-08-08
|
|
smartermail free 9.2 - Persistent Cross-Site Scripting
|
9 |
WEB
|
loneferret
|
|
2012-08-08
|
|
WordPress Plugin simplemail 1.0.6 - Persistent Cross-Site Scripting
|
8 |
WEB
|
loneferret
|
