|
2012-04-22
|
|
vTiger CRM 5.1.0 - Local File Inclusion
|
9 |
WEB
|
Pi3rrot
|
|
2012-04-22
|
|
Mega File Manager - File Download
|
9 |
WEB
|
i2sec-Min Gi Jo
|
|
2012-04-22
|
|
Oracle GlassFish Server - REST Cross-Site Request Forgery
|
9 |
WEB
|
Roberto Suggi Liverani
|
|
2012-04-22
|
|
Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Roberto Suggi Liverani
|
|
2012-04-19
|
|
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-19
|
|
newscoop 3.5.3 - Multiple Vulnerabilities
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-19
|
|
Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
|
9 |
WEB
|
Trustwave's SpiderLabs
|
|
2012-04-15
|
|
ManageEngine Support Center Plus 7903 - Multiple Vulnerabilities
|
9 |
WEB
|
xistence
|
|
2012-04-15
|
|
MediaXxx Adult Video / Media Script - SQL Injection
|
9 |
WEB
|
Daniel Godoy
|
|
2012-04-15
|
|
NetworX CMS - Cross-Site Request Forgery (Add Admin)
|
10 |
WEB
|
N3t.Crack3r
|
|
2012-04-15
|
|
Joomla! Component com_ponygallery - SQL Injection
|
10 |
WEB
|
xDarkSton3x
|
|
2012-04-13
|
|
Ushahidi 2.2 - Multiple Vulnerabilities
|
9 |
WEB
|
shpendk
|
|
2012-04-13
|
|
Invision Power Board 3.3.0 - Local File Inclusion
|
8 |
WEB
|
waraxe
|
|
2012-04-12
|
|
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
|
9 |
WEB
|
hordcode security
|
|
2012-04-10
|
|
Joomla! Component com_bearleague - SQL Injection
|
8 |
WEB
|
xDarkSton3x
|
|
2012-04-10
|
|
Joomla! Component Estate Agent - SQL Injection
|
8 |
WEB
|
xDarkSton3x
|
|
2012-04-09
|
|
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection
|
10 |
WEB
|
Nahuel Grisolia
|
|
2012-04-09
|
|
Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit)
|
11 |
WEB
|
Metasploit
|
|
2012-04-08
|
|
ZTE - Change Admin Password
|
8 |
WEB
|
Nuevo Asesino
|
|
2012-04-08
|
|
Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
Dr.NaNo
|
|
2012-04-08
|
|
Liferay XSL - Command Execution (Metasploit)
|
8 |
WEB
|
Spencer McIntyre
|
|
2012-04-06
|
|
w-CMS 2.0.1 - Multiple Vulnerabilities
|
9 |
WEB
|
Black-ID
|
|
2012-04-05
|
|
GENU CMS - SQL Injection
|
8 |
WEB
|
hordcode security
|
|
2012-04-04
|
|
Hotel Booking Portal - SQL Injection
|
8 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
phpPaleo - Local File Inclusion
|
10 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
e-ticketing - SQL Injection
|
10 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Ivano Binetti
|
|
2012-04-03
|
|
Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin / Add Event)
|
10 |
WEB
|
Ivano Binetti
|
|
2012-03-31
|
|
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
|
8 |
WEB
|
Ivan Terkin
|
|
2012-03-31
|
|
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
|
8 |
WEB
|
Easy Laster
|
|
2012-03-31
|
|
Landshop 0.9.2 - Multiple Web Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2012-03-30
|
|
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
|
8 |
WEB
|
Ivano Binetti
|
|
2012-03-30
|
|
dalbum 144 build 174 - Cross-Site Request Forgery
|
9 |
WEB
|
Ahmed Elhady Mohamed
|
|
2012-03-30
|
|
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
|
11 |
WEB
|
SecPod Research
|
|
2012-03-30
|
|
coppermine 1.5.18 - Multiple Vulnerabilities
|
8 |
WEB
|
waraxe
|
|
2012-03-28
|
|
BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)
|
9 |
WEB
|
Dr.NaNo
|
|
2012-03-28
|
|
PicoPublisher 2.0 - SQL Injection
|
8 |
WEB
|
ZeTH
|
|
2012-03-26
|
|
vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
ToiL
|
|
2012-03-26
|
|
Family CMS 2.9 - Multiple Vulnerabilities
|
9 |
WEB
|
Ahmed Elhady Mohamed
|
|
2012-03-24
|
|
RIPS 0.53 - Multiple Local File Inclusions
|
9 |
WEB
|
localh0t
|
|
2012-03-24
|
|
FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)
|
10 |
WEB
|
Metasploit
|
|
2012-03-23
|
|
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
|
8 |
WEB
|
EgiX
|
|
2012-03-23
|
|
Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting
|
9 |
WEB
|
Ivano Binetti
|
|
2012-03-23
|
|
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
Ivano Binetti
|
|
2012-03-23
|
|
FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution
|
8 |
WEB
|
muts
|
|
2012-03-22
|
|
FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities
|
10 |
WEB
|
Martin Tschirsich
|
|
2012-03-22
|
|
phpMoneyBooks 1.0.2 - Local File Inclusion
|
10 |
WEB
|
Mark Stanislav
|
|
2012-03-22
|
|
PHP Grade Book 1.9.4 - SQL Database Export
|
10 |
WEB
|
Mark Stanislav
|
|
2012-03-22
|
|
Cyberoam UTM - Multiple Vulnerabilities
|
8 |
WEB
|
Saurabh Harit
|
|
2012-03-22
|
|
vBShout - Persistent Cross-Site Scripting
|
8 |
WEB
|
ToiL
|
|
2012-03-21
|
|
phpList 2.10.17 - SQL Injection / Cross-Site Scripting
|
7 |
WEB
|
LiquidWorm
|
|
2012-03-21
|
|
D-Link DIR-605 - Cross-Site Request Forgery
|
8 |
WEB
|
iqzer0
|
|
2012-03-20
|
|
OneFileCMS - Failure to Restrict URL Access
|
8 |
WEB
|
Abhi M Balakrishnan
|
|
2012-03-20
|
|
OneForum - 'topic.php' SQL Injection
|
9 |
WEB
|
Red Security TEAM
|
|
2012-03-19
|
|
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
|
10 |
WEB
|
rgod
|
|
2012-03-19
|
|
Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection
|
9 |
WEB
|
A. Ramos
|
|
2012-03-18
|
|
Pre Printing Press - 'product_desc.php?pid' SQL Injection
|
10 |
WEB
|
Easy Laster
|
|
2012-03-17
|
|
PRE PRINTING STUDIO - SQL Injection
|
10 |
WEB
|
r45c4l
|
|
2012-03-17
|
|
ASP Classifieds - SQL Injection
|
11 |
WEB
|
r45c4l
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
10 |
WEB
|
Ivano Binetti
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
|
11 |
WEB
|
storm
|
|
2012-03-16
|
|
OneFileCMS 1.1.5 - Local File Inclusion
|
11 |
WEB
|
mr.pr0n
|
|
2012-03-15
|
|
sockso 1.5 - Directory Traversal
|
8 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
TVersity 1.9.7 - Arbitrary File Download
|
9 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
asaanCart - Cross-Site Scripting / Local File Inclusion
|
9 |
WEB
|
Number 7
|
|
2012-03-14
|
|
Encaps PHP Gallery - SQL Injection
|
8 |
WEB
|
Daniel Godoy
|
|
2012-03-14
|
|
Sitecom WLM-2501 - Cross-Site Request Forgery
|
9 |
WEB
|
Ivano Binetti
|
|
2012-03-14
|
|
Max Guestbook 1.0 - Multiple Vulnerabilities
|
10 |
WEB
|
n0tch
|
|
2012-03-14
|
|
Simple Posting System - Multiple Vulnerabilities
|
7 |
WEB
|
n0tch
|
|
2012-03-14
|
|
ModX 2.2.0 - Multiple Vulnerabilities
|
8 |
WEB
|
n0tch
|
|
2012-03-13
|
|
4Images Image Gallery Management System - Cross-Site Request Forgery
|
9 |
WEB
|
Dmar al3noOoz
|
|
2012-03-13
|
|
Cycade Gallery - SQL Injection
|
7 |
WEB
|
-DownFall
|
|
2012-03-13
|
|
PBLang Bulletin Board System - Local File Inclusion
|
8 |
WEB
|
Number 7
|
|
2012-03-12
|
|
Acal Calendar 2.2.6 - Cross-Site Request Forgery
|
8 |
WEB
|
Number 7
|
|
2012-03-12
|
|
Saman Portal - Local File Inclusion
|
11 |
WEB
|
TMT
|
|
2012-03-12
|
|
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
|
8 |
WEB
|
LiquidWorm
|
|
2012-03-10
|
|
PHP Address Book 6.2.12 - Multiple Vulnerabilities
|
8 |
WEB
|
Stefan Schurtz
|
|
2012-03-08
|
|
RazorCMS 1.2.1 Stable - Cross-Site Request Forgery (Delete Web Pages)
|
8 |
WEB
|
Ivano Binetti
|
|
2012-03-08
|
|
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
|
8 |
WEB
|
i2sec_Hyo jun Oh
|
|
2012-03-07
|
|
promise webpam 2.2.0.13 - Multiple Vulnerabilities
|
9 |
WEB
|
LiquidWorm
|
|
2012-03-07
|
|
HomeSeer HS2 and HomeSeer PRO - Multiple Vulnerabilities
|
6 |
WEB
|
Silent_Dream
|
|
2012-03-07
|
|
Iciniti Store - SQL Injection
|
8 |
WEB
|
Sense of Security
|
|
2012-03-02
|
|
Drupal 7.12 - Multiple Vulnerabilities
|
9 |
WEB
|
Ivano Binetti
|
|
2012-02-21
|
|
Fork CMS 3.2.5 - Multiple Vulnerabilities
|
10 |
WEB
|
Ivano Binetti
|
|
2012-03-05
|
|
lizard cart - 'search.php' SQL Injection
|
11 |
WEB
|
Number 7
|
|
2012-03-05
|
|
Symfony2 - Local File Disclosure
|
8 |
WEB
|
Sense of Security
|
|
2012-03-04
|
|
AneCMS 2e2c583 - Local File Inclusion
|
8 |
WEB
|
I2sec-Jong Hwan Park
|
|
2012-03-04
|
|
DZCP (deV!L_z Clanportal) Witze Addon 0.9 - SQL Injection
|
10 |
WEB
|
Easy Laster
|
|
2012-03-03
|
|
Endian UTM Firewall 2.4.x < 2.5.0 - Multiple Web Vulnerabilities
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-03-03
|
|
Timesheet Next Gen 1.5.2 - Multiple SQL Injections
|
10 |
WEB
|
G13
|
|
2012-03-03
|
|
Rivettracker 1.03 - Multiple SQL Injections
|
10 |
WEB
|
Ali Raheem
|
|
2012-03-02
|
|
phxEventManager 2.0 Beta 5 - 'search.php' search_terms SQL Injection
|
9 |
WEB
|
skysbsb
|
|
2012-02-29
|
|
Wolf CMS 0.7.5 - Multiple Vulnerabilities
|
10 |
WEB
|
longrifle0x
|
|
2012-02-29
|
|
ImgPals Photo Host 1.0 - Admin Account Disactivation
|
11 |
WEB
|
CorryL
|
|
2012-02-29
|
|
Yealink VOIP Phone - Persistent Cross-Site Scripting
|
10 |
WEB
|
Narendra Shinde
|
|
2012-02-28
|
|
WebfolioCMS 1.1.4 - Cross-Site Request Forgery (Add Admin/Modify Pages)
|
11 |
WEB
|
Ivano Binetti
|
|
2012-02-26
|
|
ContaoCMS (aka TYPOlight) 2.11 - Cross-Site Request Forgery (Delete Admin / Delete Article)
|
9 |
WEB
|
Ivano Binetti
|
|
2012-02-25
|
|
YVS Image Gallery - SQL Injection
|
10 |
WEB
|
CorryL
|
|
2012-02-25
|
|
webgrind 1.0 - 'file' Local File Inclusion
|
10 |
WEB
|
LiquidWorm
|
|
2012-02-25
|
|
cPassMan 1.82 - Remote Command Execution
|
9 |
WEB
|
ls
|
|
2012-02-24
|
|
PHP Gift Registry 1.5.5 - SQL Injection
|
10 |
WEB
|
G13
|
|
2012-02-23
|
|
The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)
|
9 |
WEB
|
Danny Moules
|
|
2012-02-23
|
|
Snom IP Phone - Privilege Escalation
|
10 |
WEB
|
Sense of Security
|
|
2012-02-23
|
|
phpDenora 1.4.6 - Multiple SQL Injections
|
11 |
WEB
|
Patrick de Brouwer
|
|
2012-02-22
|
|
DFLabs PTK 1.0.5 - Steal Authentication Credentials
|
10 |
WEB
|
Ivano Binetti
|
|
2012-02-22
|
|
D-Link DSL-2640B ADSL Router - Authentication Bypass
|
10 |
WEB
|
Ivano Binetti
|
|
2012-02-22
|
|
WebcamXP and webcam 7 - Directory Traversal
|
9 |
WEB
|
Silent_Dream
|
|
2012-02-22
|
|
D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)
|
9 |
WEB
|
rigan
|
|
2012-02-22
|
|
LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection
|
10 |
WEB
|
TorTukiTu
|
|
2012-02-22
|
|
Brim < 2.0.0 - SQL Injection
|
10 |
WEB
|
ifnull
|
|
2012-02-22
|
|
Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery
|
9 |
WEB
|
KinG Of PiraTeS
|
|
2012-02-21
|
|
Cisco Linksys WAG54GS - Cross-Site Request Forgery (Change Admin Password)
|
8 |
WEB
|
Ivano Binetti
|
|
2012-02-20
|
|
Plume CMS 1.2.4 - Cross-Site Request Forgery
|
7 |
WEB
|
Ivano Binetti
|
|
2012-02-20
|
|
D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery
|
10 |
WEB
|
Ivano Binetti
|
|
2012-02-19
|
|
SyndeoCMS 3.0 - Cross-Site Request Forgery
|
9 |
WEB
|
Ivano Binetti
|
|
2012-02-19
|
|
4PSA CMS - SQL Injection
|
10 |
WEB
|
BHG Security Center
|
|
2012-02-18
|
|
almnzm 2.4 - Cross-Site Request Forgery (Add Admin)
|
9 |
WEB
|
HaNniBaL KsA
|
|
2012-02-17
|
|
Pandora Fms 4.0.1 - Local File Inclusion
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-02-16
|
|
SocialCMS 1.0.2 - Cross-Site Request Forgery
|
10 |
WEB
|
Ivano Binetti
|
|
2012-02-12
|
|
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
|
10 |
WEB
|
Avram Marius
|
|
2012-02-10
|
|
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion
|
9 |
WEB
|
Vulnerability-Lab
|
|
2012-02-08
|
|
Cyberoam Central Console 2.00.2 - Remote File Inclusion
|
10 |
WEB
|
Vulnerability-Lab
|
|
2012-02-08
|
|
Gazelle CMS 1.0 - Update Statement SQL Injection
|
10 |
WEB
|
hackme
|
|
2012-02-07
|
|
Flyspray 0.9.9.6 - Cross-Site Request Forgery
|
11 |
WEB
|
Vaibhav Gupta
|
|
2012-02-06
|
|
XRayCMS 1.1.1 - SQL Injection
|
7 |
WEB
|
chap0
|
