|
2012-03-22
|
|
Cyberoam UTM - Multiple Vulnerabilities
|
22 |
WEB
|
Saurabh Harit
|
|
2012-03-22
|
|
vBShout - Persistent Cross-Site Scripting
|
25 |
WEB
|
ToiL
|
|
2012-03-21
|
|
phpList 2.10.17 - SQL Injection / Cross-Site Scripting
|
21 |
WEB
|
LiquidWorm
|
|
2012-03-21
|
|
D-Link DIR-605 - Cross-Site Request Forgery
|
23 |
WEB
|
iqzer0
|
|
2012-03-20
|
|
OneFileCMS - Failure to Restrict URL Access
|
31 |
WEB
|
Abhi M Balakrishnan
|
|
2012-03-20
|
|
OneForum - 'topic.php' SQL Injection
|
23 |
WEB
|
Red Security TEAM
|
|
2012-03-19
|
|
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
|
23 |
WEB
|
rgod
|
|
2012-03-19
|
|
Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection
|
29 |
WEB
|
A. Ramos
|
|
2012-03-18
|
|
Pre Printing Press - 'product_desc.php?pid' SQL Injection
|
26 |
WEB
|
Easy Laster
|
|
2012-03-17
|
|
PRE PRINTING STUDIO - SQL Injection
|
26 |
WEB
|
r45c4l
|
|
2012-03-17
|
|
ASP Classifieds - SQL Injection
|
29 |
WEB
|
r45c4l
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities
|
31 |
WEB
|
Ivano Binetti
|
|
2012-03-16
|
|
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
|
27 |
WEB
|
storm
|
|
2012-03-16
|
|
OneFileCMS 1.1.5 - Local File Inclusion
|
27 |
WEB
|
mr.pr0n
|
|
2012-03-15
|
|
sockso 1.5 - Directory Traversal
|
23 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
TVersity 1.9.7 - Arbitrary File Download
|
25 |
WEB
|
Luigi Auriemma
|
|
2012-03-14
|
|
asaanCart - Cross-Site Scripting / Local File Inclusion
|
23 |
WEB
|
Number 7
|
|
2012-03-14
|
|
Encaps PHP Gallery - SQL Injection
|
29 |
WEB
|
Daniel Godoy
|
|
2012-03-14
|
|
Sitecom WLM-2501 - Cross-Site Request Forgery
|
25 |
WEB
|
Ivano Binetti
|
|
2012-03-14
|
|
Max Guestbook 1.0 - Multiple Vulnerabilities
|
27 |
WEB
|
n0tch
|
|
2012-03-14
|
|
Simple Posting System - Multiple Vulnerabilities
|
23 |
WEB
|
n0tch
|
|
2012-03-14
|
|
ModX 2.2.0 - Multiple Vulnerabilities
|
23 |
WEB
|
n0tch
|
|
2012-03-13
|
|
4Images Image Gallery Management System - Cross-Site Request Forgery
|
25 |
WEB
|
Dmar al3noOoz
|
|
2012-03-13
|
|
Cycade Gallery - SQL Injection
|
23 |
WEB
|
-DownFall
|
|
2012-03-13
|
|
PBLang Bulletin Board System - Local File Inclusion
|
23 |
WEB
|
Number 7
|
|
2012-03-12
|
|
Acal Calendar 2.2.6 - Cross-Site Request Forgery
|
32 |
WEB
|
Number 7
|
|
2012-03-12
|
|
Saman Portal - Local File Inclusion
|
26 |
WEB
|
TMT
|
|
2012-03-12
|
|
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
|
26 |
WEB
|
LiquidWorm
|
|
2012-03-10
|
|
PHP Address Book 6.2.12 - Multiple Vulnerabilities
|
23 |
WEB
|
Stefan Schurtz
|
|
2012-03-08
|
|
RazorCMS 1.2.1 Stable - Cross-Site Request Forgery (Delete Web Pages)
|
27 |
WEB
|
Ivano Binetti
|
|
2012-03-08
|
|
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
|
25 |
WEB
|
i2sec_Hyo jun Oh
|
|
2012-03-07
|
|
promise webpam 2.2.0.13 - Multiple Vulnerabilities
|
29 |
WEB
|
LiquidWorm
|
|
2012-03-07
|
|
HomeSeer HS2 and HomeSeer PRO - Multiple Vulnerabilities
|
21 |
WEB
|
Silent_Dream
|
|
2012-03-07
|
|
Iciniti Store - SQL Injection
|
23 |
WEB
|
Sense of Security
|
|
2012-03-02
|
|
Drupal 7.12 - Multiple Vulnerabilities
|
25 |
WEB
|
Ivano Binetti
|
|
2012-02-21
|
|
Fork CMS 3.2.5 - Multiple Vulnerabilities
|
26 |
WEB
|
Ivano Binetti
|
|
2012-03-05
|
|
lizard cart - 'search.php' SQL Injection
|
25 |
WEB
|
Number 7
|
|
2012-03-05
|
|
Symfony2 - Local File Disclosure
|
24 |
WEB
|
Sense of Security
|
|
2012-03-04
|
|
AneCMS 2e2c583 - Local File Inclusion
|
26 |
WEB
|
I2sec-Jong Hwan Park
|
|
2012-03-04
|
|
DZCP (deV!L_z Clanportal) Witze Addon 0.9 - SQL Injection
|
23 |
WEB
|
Easy Laster
|
|
2012-03-03
|
|
Endian UTM Firewall 2.4.x < 2.5.0 - Multiple Web Vulnerabilities
|
24 |
WEB
|
Vulnerability-Lab
|
|
2012-03-03
|
|
Timesheet Next Gen 1.5.2 - Multiple SQL Injections
|
25 |
WEB
|
G13
|
|
2012-03-03
|
|
Rivettracker 1.03 - Multiple SQL Injections
|
25 |
WEB
|
Ali Raheem
|
|
2012-03-02
|
|
phxEventManager 2.0 Beta 5 - 'search.php' search_terms SQL Injection
|
23 |
WEB
|
skysbsb
|
|
2012-02-29
|
|
Wolf CMS 0.7.5 - Multiple Vulnerabilities
|
25 |
WEB
|
longrifle0x
|
|
2012-02-29
|
|
ImgPals Photo Host 1.0 - Admin Account Disactivation
|
29 |
WEB
|
CorryL
|
|
2012-02-29
|
|
Yealink VOIP Phone - Persistent Cross-Site Scripting
|
27 |
WEB
|
Narendra Shinde
|
|
2012-02-28
|
|
WebfolioCMS 1.1.4 - Cross-Site Request Forgery (Add Admin/Modify Pages)
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-26
|
|
ContaoCMS (aka TYPOlight) 2.11 - Cross-Site Request Forgery (Delete Admin / Delete Article)
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-25
|
|
YVS Image Gallery - SQL Injection
|
27 |
WEB
|
CorryL
|
|
2012-02-25
|
|
webgrind 1.0 - 'file' Local File Inclusion
|
27 |
WEB
|
LiquidWorm
|
|
2012-02-25
|
|
cPassMan 1.82 - Remote Command Execution
|
33 |
WEB
|
ls
|
|
2012-02-24
|
|
PHP Gift Registry 1.5.5 - SQL Injection
|
27 |
WEB
|
G13
|
|
2012-02-23
|
|
The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)
|
22 |
WEB
|
Danny Moules
|
|
2012-02-23
|
|
Snom IP Phone - Privilege Escalation
|
28 |
WEB
|
Sense of Security
|
|
2012-02-23
|
|
phpDenora 1.4.6 - Multiple SQL Injections
|
28 |
WEB
|
Patrick de Brouwer
|
|
2012-02-22
|
|
DFLabs PTK 1.0.5 - Steal Authentication Credentials
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-22
|
|
D-Link DSL-2640B ADSL Router - Authentication Bypass
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-22
|
|
WebcamXP and webcam 7 - Directory Traversal
|
25 |
WEB
|
Silent_Dream
|
|
2012-02-22
|
|
D-Link DCS Series - Cross-Site Request Forgery (Change Admin Password)
|
25 |
WEB
|
rigan
|
|
2012-02-22
|
|
LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection
|
31 |
WEB
|
TorTukiTu
|
|
2012-02-22
|
|
Brim < 2.0.0 - SQL Injection
|
28 |
WEB
|
ifnull
|
|
2012-02-22
|
|
Sagem F@ST 2604 ADSL Router - Cross-Site Request Forgery
|
27 |
WEB
|
KinG Of PiraTeS
|
|
2012-02-21
|
|
Cisco Linksys WAG54GS - Cross-Site Request Forgery (Change Admin Password)
|
29 |
WEB
|
Ivano Binetti
|
|
2012-02-20
|
|
Plume CMS 1.2.4 - Cross-Site Request Forgery
|
24 |
WEB
|
Ivano Binetti
|
|
2012-02-20
|
|
D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-19
|
|
SyndeoCMS 3.0 - Cross-Site Request Forgery
|
29 |
WEB
|
Ivano Binetti
|
|
2012-02-19
|
|
4PSA CMS - SQL Injection
|
29 |
WEB
|
BHG Security Center
|
|
2012-02-18
|
|
almnzm 2.4 - Cross-Site Request Forgery (Add Admin)
|
26 |
WEB
|
HaNniBaL KsA
|
|
2012-02-17
|
|
Pandora Fms 4.0.1 - Local File Inclusion
|
28 |
WEB
|
Vulnerability-Lab
|
|
2012-02-16
|
|
SocialCMS 1.0.2 - Cross-Site Request Forgery
|
27 |
WEB
|
Ivano Binetti
|
|
2012-02-12
|
|
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
|
28 |
WEB
|
Avram Marius
|
|
2012-02-10
|
|
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion
|
24 |
WEB
|
Vulnerability-Lab
|
|
2012-02-08
|
|
Cyberoam Central Console 2.00.2 - Remote File Inclusion
|
26 |
WEB
|
Vulnerability-Lab
|
|
2012-02-08
|
|
Gazelle CMS 1.0 - Update Statement SQL Injection
|
28 |
WEB
|
hackme
|
|
2012-02-07
|
|
Flyspray 0.9.9.6 - Cross-Site Request Forgery
|
25 |
WEB
|
Vaibhav Gupta
|
|
2012-02-06
|
|
XRayCMS 1.1.1 - SQL Injection
|
24 |
WEB
|
chap0
|
|
2012-02-06
|
|
Tube Ace (Adult PHP Tube Script) - SQL Injection
|
28 |
WEB
|
Daniel Godoy
|
|
2012-02-06
|
|
BASE 1.4.5 - 'base_qry_main.php?t_view' SQL Injection
|
26 |
WEB
|
a.kadir altan
|
|
2012-02-05
|
|
GAzie 5.20 - Cross-Site Request Forgery
|
25 |
WEB
|
Giuseppe D'Inverno
|
|
2012-02-02
|
|
Achievo 1.4.3 - Multiple Web Vulnerabilities
|
28 |
WEB
|
Vulnerability-Lab
|
|
2012-02-02
|
|
osCommerce 3.0.2 - Persistent Cross-Site Scripting
|
28 |
WEB
|
Vulnerability-Lab
|
|
2012-02-02
|
|
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
32 |
WEB
|
SecPod Research
|
|
2012-02-02
|
|
Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
23 |
WEB
|
SecPod Research
|
|
2012-01-13
|
|
MailEnable Webmail - Cross-Site Scripting
|
26 |
WEB
|
Sajjad Pourali
|
|
2012-02-01
|
|
sit! support incident tracker 3.64 - Multiple Vulnerabilities
|
26 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-01
|
|
swDesk - Multiple Vulnerabilities
|
22 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
Vastal I-Tech Agent Zone - 'search.php' Blind SQL Injection
|
24 |
WEB
|
Cagri Tepebasili
|
|
2012-01-31
|
|
PragmaMX 1.2.10 - Persistent Cross-Site Scripting
|
22 |
WEB
|
HauntIT
|
|
2012-01-31
|
|
Ez Album - Blind SQL Injection
|
25 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
phpShowtime - Directory Traversal
|
28 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
Snort Report 1.3.2 - SQL Injection
|
24 |
WEB
|
a.kadir altan
|
|
2012-01-30
|
|
phux Download Manager - Blind SQL Injection
|
25 |
WEB
|
Red Security TEAM
|
|
2012-01-30
|
|
Ajax Upload - Arbitrary File Upload
|
28 |
WEB
|
Daniel Godoy
|
|
2012-01-30
|
|
Campaign Enterprise 11.0.421 - SQL Injection
|
24 |
WEB
|
Craig Freyman
|
|
2012-01-30
|
|
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
|
30 |
WEB
|
Or4nG.M4N
|
|
2012-01-30
|
|
HostBill App 2.3 - Remote Code Injection
|
24 |
WEB
|
Dr.DaShEr
|
|
2012-01-27
|
|
vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)
|
24 |
WEB
|
EgiX
|
|
2012-01-26
|
|
Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
|
27 |
WEB
|
Cyber-Crystal
|
|
2012-01-26
|
|
phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
|
28 |
WEB
|
Cyber-Crystal
|
|
2012-01-26
|
|
VR GPub 4.0 - Cross-Site Request Forgery
|
30 |
WEB
|
Cyber-Crystal
|
|
2012-01-25
|
|
WordPress Core 3.3.1 - Multiple Vulnerabilities
|
27 |
WEB
|
Trustwave's SpiderLabs
|
|
2012-01-24
|
|
stoneware webnetwork6 - Multiple Vulnerabilities
|
28 |
WEB
|
Jacob Holcomb
|
|
2012-01-23
|
|
SpamTitan Application 5.08x - SQL Injection
|
28 |
WEB
|
Vulnerability-Lab
|
|
2012-01-23
|
|
WordPress Plugin Kish Guest Posting 1.0 - Arbitrary File Upload
|
32 |
WEB
|
EgiX
|
|
2012-01-22
|
|
MiniCMS 1.0/2.0 - PHP Code Injection
|
25 |
WEB
|
Or4nG.M4N
|
|
2012-01-22
|
|
WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload
|
22 |
WEB
|
6Scan
|
|
2012-01-21
|
|
ARYADAD - Multiple Vulnerabilities
|
22 |
WEB
|
Red Security TEAM
|
|
2012-01-21
|
|
iSupport 1.x - Cross-Site Request Forgery / HTML Code Injection (Add Admin)
|
22 |
WEB
|
Or4nG.M4N
|
|
2012-01-21
|
|
Nova CMS - Directory Traversal
|
28 |
WEB
|
Red Security TEAM
|
|
2012-01-21
|
|
PHP iReport 1.0 - Remote Html Code Injection
|
25 |
WEB
|
Or4nG.M4N
|
|
2012-01-20
|
|
WhatsApp - Remote Change Status
|
24 |
WEB
|
emgent
|
|
2012-01-20
|
|
EasyPage - SQL Injection
|
25 |
WEB
|
Red Security TEAM
|
|
2012-01-20
|
|
ICTimeAttendance - Authentication Bypass
|
25 |
WEB
|
v3n0m
|
|
2012-01-19
|
|
appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload
|
26 |
WEB
|
EgiX
|
|
2012-01-19
|
|
WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting
|
26 |
WEB
|
Gianluca Brindisi
|
|
2012-01-19
|
|
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
|
22 |
WEB
|
MaXe
|
|
2012-01-18
|
|
DZCP (deV!L_z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection
|
24 |
WEB
|
Easy Laster
|
|
2012-01-18
|
|
DZCP (deV!L_z Clanportal) Gamebase Addon - SQL Injection
|
23 |
WEB
|
Easy Laster
|
|
2012-01-18
|
|
PHPBridges Blog System - 'members.php' SQL Injection
|
25 |
WEB
|
3spi0n
|
|
2012-01-18
|
|
pGB 2.12 - 'kommentar.php' SQL Injection
|
25 |
WEB
|
3spi0n
|
|
2012-01-17
|
|
Joomla! Component com_discussions - SQL Injection
|
24 |
WEB
|
Red Security TEAM
|
|
2012-01-16
|
|
PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities
|
25 |
WEB
|
Or4nG.M4N
|
|
2012-01-15
|
|
Cloupia End-to-end FlexPod Management - Directory Traversal
|
25 |
WEB
|
Chris Rock
|
|
2012-01-14
|
|
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
|
27 |
WEB
|
Marco Batista
|
