|
2012-05-25
|
|
appRain CMF - Arbitrary '.PHP' File Upload (Metasploit)
|
17 |
WEB
|
Metasploit
|
|
2012-05-24
|
|
Jaow 2.4.5 - Blind SQL Injection
|
19 |
WEB
|
kallimero
|
|
2012-05-21
|
|
Supernews 2.6.1 - SQL Injection
|
22 |
WEB
|
WhiteCollarGroup
|
|
2012-05-21
|
|
Vanilla FirstLastNames 1.3.2 Plugin - Persistent Cross-Site Scripting
|
20 |
WEB
|
Henry Hoggard
|
|
2012-05-21
|
|
Vanilla Forums About Me Plugin - Persistent Cross-Site Scripting
|
23 |
WEB
|
Henry Hoggard
|
|
2012-05-18
|
|
Vanilla Forums LatestComment 1.1 Plugin - Persistent Cross-Site Scripting
|
22 |
WEB
|
Henry Hoggard
|
|
2012-05-19
|
|
FreeNAC 3.02 - SQL Injection / Cross-Site Scripting
|
23 |
WEB
|
blake
|
|
2012-05-19
|
|
PHP Address Book 7.0.0 - Multiple Vulnerabilities
|
20 |
WEB
|
Stefan Schurtz
|
|
2012-05-16
|
|
Artiphp CMS 5.5.0 - Database Backup Disclosure
|
21 |
WEB
|
LiquidWorm
|
|
2012-01-03
|
|
OpenKM Document Management System 5.1.7 - Command Execution
|
28 |
WEB
|
Cyrill Brunschwiler
|
|
2012-05-16
|
|
Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
21 |
WEB
|
Ivano Binetti
|
|
2012-05-08
|
|
S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection
|
19 |
WEB
|
Stefan Schurtz
|
|
2012-05-15
|
|
b2ePms 1.0 - Authentication Bypass
|
19 |
WEB
|
Jean Pascal Pereira
|
|
2012-05-13
|
|
Liferay Portal 6.0.x < 6.1 - Privilege Escalation
|
22 |
WEB
|
Jelmer Kuperus
|
|
2012-05-13
|
|
Galette - 'picture.php' SQL Injection
|
22 |
WEB
|
sbz
|
|
2012-05-13
|
|
Free Realty 3.1-0.6 - Multiple Vulnerabilities
|
20 |
WEB
|
Vulnerability-Lab
|
|
2012-05-13
|
|
Viscacha Forum CMS 0.8.1.1 - Multiple Vulnerabilities
|
19 |
WEB
|
Vulnerability-Lab
|
|
2012-05-13
|
|
Proman Xpress 5.0.1 - Multiple Vulnerabilities
|
21 |
WEB
|
Vulnerability-Lab
|
|
2012-05-13
|
|
Travelon Express CMS 6.2.2 - Multiple Vulnerabilities
|
20 |
WEB
|
Vulnerability-Lab
|
|
2012-05-12
|
|
Sockso 1.51 - Persistent Cross-Site Scripting
|
20 |
WEB
|
Ciaran McNally
|
|
2012-05-12
|
|
WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)
|
20 |
WEB
|
Metasploit
|
|
2012-05-11
|
|
Belkin N150 Wireless Router - Password Disclosure
|
20 |
WEB
|
Avinash Tangirala
|
|
2012-05-10
|
|
eLearning server 4g - Multiple Vulnerabilities
|
22 |
WEB
|
Andrey Komarov
|
|
2012-05-10
|
|
Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure
|
20 |
WEB
|
Andrey Komarov
|
|
2012-05-09
|
|
X7 Chat 2.0.5.1 - Cross-Site Request Forgery (Add Admin)
|
19 |
WEB
|
DennSpec
|
|
2012-05-07
|
|
PHP Agenda 2.2.8 - SQL Injection
|
21 |
WEB
|
loneferret
|
|
2012-05-07
|
|
myCare2x CMS - Multiple Vulnerabilities
|
18 |
WEB
|
Vulnerability-Lab
|
|
2012-05-07
|
|
Myre Real Estate Mobile 2012/2 - Multiple Vulnerabilities
|
20 |
WEB
|
Vulnerability-Lab
|
|
2012-05-07
|
|
Genium CMS 2012/Q2 - Multiple Vulnerabilities
|
20 |
WEB
|
Vulnerability-Lab
|
|
2012-05-07
|
|
Lynx Message Server - Multiple Vulnerabilities
|
20 |
WEB
|
Mark Lachniet
|
|
2012-05-07
|
|
Fortinet FortiWeb Web Application Firewall - Policy Bypass
|
22 |
WEB
|
Geffrey Velasquez
|
|
2012-05-04
|
|
Symantec Web Gateway - Cross-Site Scripting
|
21 |
WEB
|
B00y@
|
|
2012-05-03
|
|
PluXml 5.1.5 - Local File Inclusion
|
24 |
WEB
|
High-Tech Bridge SA
|
|
2012-05-03
|
|
Baby Gekko CMS 1.1.5c - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
24 |
WEB
|
LiquidWorm
|
|
2012-05-02
|
|
Websense Triton - Multiple Vulnerabilities
|
22 |
WEB
|
Ben Williams
|
|
2012-05-02
|
|
PHP-decoda - 'Video Tag' Cross-Site Scripting
|
25 |
WEB
|
RedTeam Pentesting
|
|
2012-05-02
|
|
OpenConf 4.11 - '/author/edit.php' Blind SQL Injection
|
20 |
WEB
|
EgiX
|
|
2012-05-01
|
|
STRATO NewsLetter Manager - Directory Traversal
|
20 |
WEB
|
Zero X
|
|
2012-05-01
|
|
MyClientBase 0.12 - Multiple Vulnerabilities
|
22 |
WEB
|
Vulnerability-Lab
|
|
2012-05-01
|
|
opencart 1.5.2.1 - Multiple Vulnerabilities
|
20 |
WEB
|
waraxe
|
|
2012-05-01
|
|
GENU CMS 2012.3 - Multiple SQL Injections
|
20 |
WEB
|
Vulnerability-Lab
|
|
2012-05-01
|
|
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting
|
20 |
WEB
|
Mehmet Ince
|
|
2012-04-30
|
|
DIY CMS 1.0 Poll - Multiple Vulnerabilities
|
26 |
WEB
|
Vulnerability-Lab
|
|
2012-04-30
|
|
Opial CMS 2.0 - Multiple Vulnerabilities
|
24 |
WEB
|
Vulnerability-Lab
|
|
2012-04-30
|
|
C4B XPhone UC Web 4.1.890S R1 - Cross-Site Scripting
|
19 |
WEB
|
Vulnerability-Lab
|
|
2012-04-30
|
|
Car Portal CMS 3.0 - Multiple Vulnerabilities
|
22 |
WEB
|
Vulnerability-Lab
|
|
2012-04-29
|
|
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
|
24 |
WEB
|
Stefan Schurtz
|
|
2012-04-29
|
|
Soco CMS - Local File Inclusion
|
15 |
WEB
|
BHG Security Center
|
|
2012-04-29
|
|
WebCalendar 1.2.4 - Remote Code Injection (Metasploit)
|
18 |
WEB
|
Metasploit
|
|
2012-04-27
|
|
Axous 1.1.0 - SQL Injection
|
22 |
WEB
|
H4ckCity Secuirty TeaM
|
|
2012-04-27
|
|
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
23 |
WEB
|
Ivano Binetti
|
|
2012-04-26
|
|
PHP Volunteer management 1.0.2 - Multiple Vulnerabilities
|
21 |
WEB
|
G13
|
|
2012-04-26
|
|
WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities
|
21 |
WEB
|
Mehmet Ince
|
|
2012-04-25
|
|
piwigo 2.3.3 - Multiple Vulnerabilities
|
20 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-24
|
|
PHP Ticket System Beta 1 - 'index.php?p' SQL Injection
|
19 |
WEB
|
G13
|
|
2012-04-23
|
|
WebCalendar 1.2.4 - Remote Code Execution
|
21 |
WEB
|
EgiX
|
|
2012-04-23
|
|
exponentcms 2.0.5 - Multiple Vulnerabilities
|
23 |
WEB
|
Onur Yılmaz
|
|
2012-04-23
|
|
Havalite CMS 1.0.4 - Multiple Vulnerabilities
|
22 |
WEB
|
Vulnerability-Lab
|
|
2012-04-22
|
|
vTiger CRM 5.1.0 - Local File Inclusion
|
22 |
WEB
|
Pi3rrot
|
|
2012-04-22
|
|
Mega File Manager - File Download
|
22 |
WEB
|
i2sec-Min Gi Jo
|
|
2012-04-22
|
|
Oracle GlassFish Server - REST Cross-Site Request Forgery
|
17 |
WEB
|
Roberto Suggi Liverani
|
|
2012-04-22
|
|
Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
|
30 |
WEB
|
Roberto Suggi Liverani
|
|
2012-04-19
|
|
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
|
25 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-19
|
|
newscoop 3.5.3 - Multiple Vulnerabilities
|
21 |
WEB
|
High-Tech Bridge SA
|
|
2012-04-19
|
|
Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities
|
19 |
WEB
|
Trustwave's SpiderLabs
|
|
2012-04-15
|
|
ManageEngine Support Center Plus 7903 - Multiple Vulnerabilities
|
19 |
WEB
|
xistence
|
|
2012-04-15
|
|
MediaXxx Adult Video / Media Script - SQL Injection
|
22 |
WEB
|
Daniel Godoy
|
|
2012-04-15
|
|
NetworX CMS - Cross-Site Request Forgery (Add Admin)
|
24 |
WEB
|
N3t.Crack3r
|
|
2012-04-15
|
|
Joomla! Component com_ponygallery - SQL Injection
|
20 |
WEB
|
xDarkSton3x
|
|
2012-04-13
|
|
Ushahidi 2.2 - Multiple Vulnerabilities
|
20 |
WEB
|
shpendk
|
|
2012-04-13
|
|
Invision Power Board 3.3.0 - Local File Inclusion
|
17 |
WEB
|
waraxe
|
|
2012-04-12
|
|
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
|
19 |
WEB
|
hordcode security
|
|
2012-04-10
|
|
Joomla! Component com_bearleague - SQL Injection
|
18 |
WEB
|
xDarkSton3x
|
|
2012-04-10
|
|
Joomla! Component Estate Agent - SQL Injection
|
19 |
WEB
|
xDarkSton3x
|
|
2012-04-09
|
|
Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection
|
20 |
WEB
|
Nahuel Grisolia
|
|
2012-04-09
|
|
Dolibarr ERP/CRM 3 - (Authenticated) OS Command Injection (Metasploit)
|
21 |
WEB
|
Metasploit
|
|
2012-04-08
|
|
ZTE - Change Admin Password
|
19 |
WEB
|
Nuevo Asesino
|
|
2012-04-08
|
|
Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)
|
18 |
WEB
|
Dr.NaNo
|
|
2012-04-08
|
|
Liferay XSL - Command Execution (Metasploit)
|
23 |
WEB
|
Spencer McIntyre
|
|
2012-04-06
|
|
w-CMS 2.0.1 - Multiple Vulnerabilities
|
18 |
WEB
|
Black-ID
|
|
2012-04-05
|
|
GENU CMS - SQL Injection
|
21 |
WEB
|
hordcode security
|
|
2012-04-04
|
|
Hotel Booking Portal - SQL Injection
|
17 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
phpPaleo - Local File Inclusion
|
21 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
e-ticketing - SQL Injection
|
20 |
WEB
|
Mark Stanislav
|
|
2012-04-04
|
|
Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
24 |
WEB
|
Ivano Binetti
|
|
2012-04-03
|
|
Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin / Add Event)
|
19 |
WEB
|
Ivano Binetti
|
|
2012-03-31
|
|
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
|
19 |
WEB
|
Ivan Terkin
|
|
2012-03-31
|
|
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
|
20 |
WEB
|
Easy Laster
|
|
2012-03-31
|
|
Landshop 0.9.2 - Multiple Web Vulnerabilities
|
22 |
WEB
|
Vulnerability-Lab
|
|
2012-03-30
|
|
SyndeoCMS 3.0.01 - Persistent Cross-Site Scripting
|
17 |
WEB
|
Ivano Binetti
|
|
2012-03-30
|
|
dalbum 144 build 174 - Cross-Site Request Forgery
|
21 |
WEB
|
Ahmed Elhady Mohamed
|
|
2012-03-30
|
|
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
|
23 |
WEB
|
SecPod Research
|
|
2012-03-30
|
|
coppermine 1.5.18 - Multiple Vulnerabilities
|
21 |
WEB
|
waraxe
|
|
2012-03-28
|
|
BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)
|
22 |
WEB
|
Dr.NaNo
|
|
2012-03-28
|
|
PicoPublisher 2.0 - SQL Injection
|
18 |
WEB
|
ZeTH
|
|
2012-03-26
|
|
vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
26 |
WEB
|
ToiL
|
|
2012-03-26
|
|
Family CMS 2.9 - Multiple Vulnerabilities
|
27 |
WEB
|
Ahmed Elhady Mohamed
|
|
2012-03-24
|
|
RIPS 0.53 - Multiple Local File Inclusions
|
21 |
WEB
|
localh0t
|
|
2012-03-24
|
|
FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)
|
22 |
WEB
|
Metasploit
|
|
2012-03-23
|
|
PHPFox 3.0.1 - 'ajax.php' Remote Command Execution
|
18 |
WEB
|
EgiX
|
|
2012-03-23
|
|
Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting
|
18 |
WEB
|
Ivano Binetti
|
|
2012-03-23
|
|
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
|
18 |
WEB
|
Ivano Binetti
|
|
2012-03-23
|
|
FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution
|
21 |
WEB
|
muts
|
|
2012-03-22
|
|
FreePBX 2.9.0/2.10.0 - Multiple Vulnerabilities
|
23 |
WEB
|
Martin Tschirsich
|
|
2012-03-22
|
|
phpMoneyBooks 1.0.2 - Local File Inclusion
|
19 |
WEB
|
Mark Stanislav
|
|
2012-03-22
|
|
PHP Grade Book 1.9.4 - SQL Database Export
|
18 |
WEB
|
Mark Stanislav
|
|
2012-03-22
|
|
Cyberoam UTM - Multiple Vulnerabilities
|
18 |
WEB
|
Saurabh Harit
|
|
2012-03-22
|
|
vBShout - Persistent Cross-Site Scripting
|
20 |
WEB
|
ToiL
|
|
2012-03-21
|
|
phpList 2.10.17 - SQL Injection / Cross-Site Scripting
|
17 |
WEB
|
LiquidWorm
|
|
2012-03-21
|
|
D-Link DIR-605 - Cross-Site Request Forgery
|
18 |
WEB
|
iqzer0
|
|
2012-03-20
|
|
OneFileCMS - Failure to Restrict URL Access
|
25 |
WEB
|
Abhi M Balakrishnan
|
|
2012-03-20
|
|
OneForum - 'topic.php' SQL Injection
|
19 |
WEB
|
Red Security TEAM
|
|
2012-03-19
|
|
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
|
20 |
WEB
|
rgod
|
|
2012-03-19
|
|
Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection
|
26 |
WEB
|
A. Ramos
|
|
2012-03-18
|
|
Pre Printing Press - 'product_desc.php?pid' SQL Injection
|
22 |
WEB
|
Easy Laster
|
|
2012-03-17
|
|
PRE PRINTING STUDIO - SQL Injection
|
22 |
WEB
|
r45c4l
|
|
2012-03-17
|
|
ASP Classifieds - SQL Injection
|
25 |
WEB
|
r45c4l
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
27 |
WEB
|
Ivano Binetti
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
|
24 |
WEB
|
storm
|
|
2012-03-16
|
|
OneFileCMS 1.1.5 - Local File Inclusion
|
23 |
WEB
|
mr.pr0n
|
|
2012-03-15
|
|
sockso 1.5 - Directory Traversal
|
19 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
TVersity 1.9.7 - Arbitrary File Download
|
21 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
asaanCart - Cross-Site Scripting / Local File Inclusion
|
19 |
WEB
|
Number 7
|
|
2012-03-14
|
|
Encaps PHP Gallery - SQL Injection
|
25 |
WEB
|
Daniel Godoy
|
|
2012-03-14
|
|
Sitecom WLM-2501 - Cross-Site Request Forgery
|
22 |
WEB
|
Ivano Binetti
|
