|
2012-02-06
|
|
Tube Ace (Adult PHP Tube Script) - SQL Injection
|
9 |
WEB
|
Daniel Godoy
|
|
2012-02-06
|
|
BASE 1.4.5 - 'base_qry_main.php?t_view' SQL Injection
|
9 |
WEB
|
a.kadir altan
|
|
2012-02-05
|
|
GAzie 5.20 - Cross-Site Request Forgery
|
9 |
WEB
|
Giuseppe D'Inverno
|
|
2012-02-02
|
|
Achievo 1.4.3 - Multiple Web Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2012-02-02
|
|
osCommerce 3.0.2 - Persistent Cross-Site Scripting
|
10 |
WEB
|
Vulnerability-Lab
|
|
2012-02-02
|
|
Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
SecPod Research
|
|
2012-02-02
|
|
Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
SecPod Research
|
|
2012-01-13
|
|
MailEnable Webmail - Cross-Site Scripting
|
8 |
WEB
|
Sajjad Pourali
|
|
2012-02-01
|
|
sit! support incident tracker 3.64 - Multiple Vulnerabilities
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-01
|
|
swDesk - Multiple Vulnerabilities
|
8 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
Vastal I-Tech Agent Zone - 'search.php' Blind SQL Injection
|
7 |
WEB
|
Cagri Tepebasili
|
|
2012-01-31
|
|
PragmaMX 1.2.10 - Persistent Cross-Site Scripting
|
8 |
WEB
|
HauntIT
|
|
2012-01-31
|
|
Ez Album - Blind SQL Injection
|
8 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
phpShowtime - Directory Traversal
|
9 |
WEB
|
Red Security TEAM
|
|
2012-01-31
|
|
Snort Report 1.3.2 - SQL Injection
|
10 |
WEB
|
a.kadir altan
|
|
2012-01-30
|
|
phux Download Manager - Blind SQL Injection
|
9 |
WEB
|
Red Security TEAM
|
|
2012-01-30
|
|
Ajax Upload - Arbitrary File Upload
|
10 |
WEB
|
Daniel Godoy
|
|
2012-01-30
|
|
Campaign Enterprise 11.0.421 - SQL Injection
|
10 |
WEB
|
Craig Freyman
|
|
2012-01-30
|
|
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
|
10 |
WEB
|
Or4nG.M4N
|
|
2012-01-30
|
|
HostBill App 2.3 - Remote Code Injection
|
9 |
WEB
|
Dr.DaShEr
|
|
2012-01-27
|
|
vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)
|
8 |
WEB
|
EgiX
|
|
2012-01-26
|
|
Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
|
9 |
WEB
|
Cyber-Crystal
|
|
2012-01-26
|
|
phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
|
9 |
WEB
|
Cyber-Crystal
|
|
2012-01-26
|
|
VR GPub 4.0 - Cross-Site Request Forgery
|
10 |
WEB
|
Cyber-Crystal
|
|
2012-01-25
|
|
WordPress Core 3.3.1 - Multiple Vulnerabilities
|
9 |
WEB
|
Trustwave's SpiderLabs
|
|
2012-01-24
|
|
stoneware webnetwork6 - Multiple Vulnerabilities
|
9 |
WEB
|
Jacob Holcomb
|
|
2012-01-23
|
|
SpamTitan Application 5.08x - SQL Injection
|
10 |
WEB
|
Vulnerability-Lab
|
|
2012-01-23
|
|
WordPress Plugin Kish Guest Posting 1.0 - Arbitrary File Upload
|
11 |
WEB
|
EgiX
|
|
2012-01-22
|
|
MiniCMS 1.0/2.0 - PHP Code Injection
|
8 |
WEB
|
Or4nG.M4N
|
|
2012-01-22
|
|
WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload
|
8 |
WEB
|
6Scan
|
|
2012-01-21
|
|
ARYADAD - Multiple Vulnerabilities
|
9 |
WEB
|
Red Security TEAM
|
|
2012-01-21
|
|
iSupport 1.x - Cross-Site Request Forgery / HTML Code Injection (Add Admin)
|
10 |
WEB
|
Or4nG.M4N
|
|
2012-01-21
|
|
Nova CMS - Directory Traversal
|
9 |
WEB
|
Red Security TEAM
|
|
2012-01-21
|
|
PHP iReport 1.0 - Remote Html Code Injection
|
9 |
WEB
|
Or4nG.M4N
|
|
2012-01-20
|
|
WhatsApp - Remote Change Status
|
9 |
WEB
|
emgent
|
|
2012-01-20
|
|
EasyPage - SQL Injection
|
9 |
WEB
|
Red Security TEAM
|
|
2012-01-20
|
|
ICTimeAttendance - Authentication Bypass
|
9 |
WEB
|
v3n0m
|
|
2012-01-19
|
|
appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload
|
7 |
WEB
|
EgiX
|
|
2012-01-19
|
|
WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting
|
7 |
WEB
|
Gianluca Brindisi
|
|
2012-01-19
|
|
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
|
7 |
WEB
|
MaXe
|
|
2012-01-18
|
|
DZCP (deV!L_z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection
|
7 |
WEB
|
Easy Laster
|
|
2012-01-18
|
|
DZCP (deV!L_z Clanportal) Gamebase Addon - SQL Injection
|
8 |
WEB
|
Easy Laster
|
|
2012-01-18
|
|
PHPBridges Blog System - 'members.php' SQL Injection
|
9 |
WEB
|
3spi0n
|
|
2012-01-18
|
|
pGB 2.12 - 'kommentar.php' SQL Injection
|
8 |
WEB
|
3spi0n
|
|
2012-01-17
|
|
Joomla! Component com_discussions - SQL Injection
|
10 |
WEB
|
Red Security TEAM
|
|
2012-01-16
|
|
PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities
|
8 |
WEB
|
Or4nG.M4N
|
|
2012-01-15
|
|
Cloupia End-to-end FlexPod Management - Directory Traversal
|
9 |
WEB
|
Chris Rock
|
|
2012-01-14
|
|
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
|
7 |
WEB
|
Marco Batista
|
|
2012-01-13
|
|
Pragyan CMS 2.6.1 - Arbitrary File Upload
|
9 |
WEB
|
Dr.KroOoZ
|
|
2012-01-13
|
|
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2012-01-12
|
|
WordPress Plugin Count Per Day - Multiple Vulnerabilities
|
8 |
WEB
|
6Scan
|
|
2012-01-12
|
|
WordPress Plugin wp-autoyoutube - Blind SQL Injection
|
8 |
WEB
|
longrifle0x
|
|
2012-01-12
|
|
Advanced Image Hosting Script - SQL Injection
|
8 |
WEB
|
Robert Cooper
|
|
2012-01-10
|
|
WordPress Plugin Age Verification 0.4 - Open Redirect
|
9 |
WEB
|
Gianluca Brindisi
|
|
2012-01-10
|
|
w-CMS 2.01 - Multiple Vulnerabilities
|
10 |
WEB
|
th3.g4m3_0v3r
|
|
2012-01-10
|
|
Pragyan CMS 3.0 - Remote File Disclosure
|
9 |
WEB
|
Or4nG.M4N
|
|
2012-01-10
|
|
RazorCMS 1.2 - Directory Traversal
|
8 |
WEB
|
chap0
|
|
2012-01-09
|
|
Enigma2 Webinterface 1.5.x/1.6.x/1.7.x (Linux) - Remote File Disclosure
|
8 |
WEB
|
Todor Donev
|
|
2012-01-09
|
|
SAPID 1.2.3 Stable - Remote File Inclusion
|
8 |
WEB
|
Opa Yong
|
|
2012-01-09
|
|
Clipbucket 2.6 - Multiple Vulnerabilities
|
7 |
WEB
|
YaDoY666
|
|
2012-01-09
|
|
Paddelberg Topsite Script - Authentication Bypass
|
9 |
WEB
|
Christian Inci
|
|
2012-01-08
|
|
phpMyDirectory.com 1.3.3 - SQL Injection
|
8 |
WEB
|
Serseri
|
|
2012-01-08
|
|
MangosWeb - SQL Injection
|
10 |
WEB
|
Hood3dRob1n
|
|
2012-01-06
|
|
WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities
|
7 |
WEB
|
Gianluca Brindisi
|
|
2012-01-06
|
|
Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
|
8 |
WEB
|
SEC Consult
|
|
2012-01-06
|
|
TinyWebGallery 1.8.3 - Remote Command Execution
|
8 |
WEB
|
Expl0!Ts
|
|
2012-01-04
|
|
Posse Softball Director CMS - 'team.php' Blind SQL Injection
|
8 |
WEB
|
Easy Laster
|
|
2012-01-04
|
|
Posse Softball Director CMS - SQL Injection
|
8 |
WEB
|
H4ckCity Security Team
|
|
2012-01-04
|
|
Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion
|
7 |
WEB
|
MaXe
|
|
2012-01-02
|
|
MyPHPDating 1.0 - SQL Injection
|
9 |
WEB
|
ITTIHACK
|
|
2012-01-02
|
|
PHP-X-Links Script - SQL Injection
|
8 |
WEB
|
H4ckCity Security Team
|
|
2012-01-02
|
|
WSN Links Script 2.3.4 - SQL Injection
|
8 |
WEB
|
H4ckCity Security Team
|
|
2011-12-30
|
|
Akiva WebBoard 8.x - SQL Injection
|
9 |
WEB
|
Alexander Fuchs
|
|
2011-12-30
|
|
Dede CMS - SQL Injection
|
7 |
WEB
|
CWH & Nafsh
|
|
2011-12-29
|
|
Winn Guestbook 2.4.8c - Persistent Cross-Site Scripting
|
8 |
WEB
|
G13
|
|
2011-12-29
|
|
DIY-CMS blog mod - SQL Injection
|
8 |
WEB
|
snup
|
|
2011-12-28
|
|
Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution
|
8 |
WEB
|
gmda
|
|
2011-12-26
|
|
Free Image Hosting Script - Arbitrary File Upload
|
7 |
WEB
|
ySecurity
|
|
2011-12-26
|
|
WordPress Plugin Mailing List - Arbitrary File Download
|
7 |
WEB
|
6Scan
|
|
2011-12-25
|
|
OpenEMR 4 - Multiple Vulnerabilities
|
7 |
WEB
|
Level
|
|
2011-12-23
|
|
Open Conference/Journal/Harvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities
|
8 |
WEB
|
mr_me
|
|
2011-12-22
|
|
Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
|
7 |
WEB
|
EgiX
|
|
2011-12-21
|
|
Plone and Zope - Remote Command Execution
|
8 |
WEB
|
Nick Miles
|
|
2011-12-21
|
|
SpamTitan 5.08 - Multiple Vulnerabilities
|
7 |
WEB
|
Vulnerability-Lab
|
|
2011-12-21
|
|
Barracuda Control Center 620 - Multiple Web Vulnerabilities
|
7 |
WEB
|
Vulnerability-Lab
|
|
2011-12-21
|
|
Infoproject Business Hero - Multiple Vulnerabilities
|
7 |
WEB
|
LiquidWorm
|
|
2011-12-19
|
|
Joomla! Component com_dshop - SQL Injection
|
7 |
WEB
|
CoBRa_21
|
|
2011-12-19
|
|
DotA OpenStats 1.3.9 - SQL Injection
|
7 |
WEB
|
HvM17
|
|
2011-12-19
|
|
appRain CMF 0.1.5 - Multiple Web Vulnerabilities
|
8 |
WEB
|
Vulnerability-Lab
|
|
2011-12-16
|
|
mPDF 5.3 - File Disclosure
|
8 |
WEB
|
ZadYree
|
|
2011-12-16
|
|
Capexweb 1.1 - SQL Injection
|
8 |
WEB
|
D1rt3 Dud3
|
|
2011-12-16
|
|
Seotoaster - SQL Injection
|
8 |
WEB
|
Stefan Schurtz
|
|
2011-12-14
|
|
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (2) (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-12-13
|
|
Traq 2.3 - Authentication Bypass / Remote Code Execution (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-12-11
|
|
Pixie 1.04 - Blog Post Cross-Site Request Forgery
|
6 |
WEB
|
hackme
|
|
2011-12-11
|
|
Xoops 2.5.4 - Blind SQL Injection
|
7 |
WEB
|
blkhtc0rp
|
|
2011-12-11
|
|
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
Ahmed Elhady Mohamed
|
|
2011-12-11
|
|
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
|
6 |
WEB
|
Saif
|
|
2011-12-10
|
|
Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
Ahmed Elhady Mohamed
|
|
2011-12-09
|
|
Docebo Lms 4.0.4 - 'Messages' Remote Code Execution
|
10 |
WEB
|
mr_me
|
|
2011-12-09
|
|
SePortal 2.5 - SQL Injection (1)
|
7 |
WEB
|
Don
|
|
2011-12-08
|
|
Joomla! Component com_qcontacts 1.0.6 - SQL Injection
|
7 |
WEB
|
Don
|
|
2011-12-08
|
|
SantriaCMS - SQL Injection
|
7 |
WEB
|
Troy
|
|
2011-12-07
|
|
SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection
|
9 |
WEB
|
Havok
|
|
2011-12-07
|
|
SMF 2.0.1 - SQL Injection / Privilege Escalation
|
6 |
WEB
|
The:Paradox
|
|
2011-12-07
|
|
Traq 2.3 - Authentication Bypass / Remote Code Execution
|
7 |
WEB
|
EgiX
|
|
2011-12-07
|
|
phpBB MyPage Plugin - SQL Injection
|
8 |
WEB
|
CrazyMouse
|
|
2011-12-07
|
|
PHP City Portal Script Software - SQL Injection
|
9 |
WEB
|
Don
|
|
2011-12-07
|
|
Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit)
|
6 |
WEB
|
Metasploit
|
|
2011-12-06
|
|
Alstrasoft EPay Enterprise 4.0 - Blind SQL Injection
|
7 |
WEB
|
Don
|
|
2011-12-05
|
|
Meditate Web Content Editor 'username_input' - SQL Injection
|
10 |
WEB
|
Stefan Schurtz
|
|
2011-12-04
|
|
Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution
|
10 |
WEB
|
mr_me
|
|
2011-12-02
|
|
WSN Classifieds 6.2.12/6.2.18 - Multiple Vulnerabilities
|
8 |
WEB
|
d3v1l
|
|
2011-12-02
|
|
Joomla! Component com_jobprofile - SQL Injection
|
8 |
WEB
|
kaMtiEz
|
|
2011-12-01
|
|
Muster Render Farm Management System - Arbitrary File Download
|
8 |
WEB
|
Nick Freeman
|
|
2011-11-30
|
|
WikkaWiki 1.3.2 - Multiple Vulnerabilities
|
10 |
WEB
|
EgiX
|
|
2011-11-28
|
|
JQuery-Real-Person plugin - Bypass Captcha
|
8 |
WEB
|
Alberto_García_Illera
|
|
2011-11-28
|
|
Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
|
8 |
WEB
|
Thomas Cannon
|
|
2011-11-25
|
|
PHP video script - SQL Injection
|
10 |
WEB
|
longrifle0x
|
|
2011-11-24
|
|
Zabbix 1.8.4 - 'popup.php' SQL Injection
|
8 |
WEB
|
Marcio Almeida
|
|
2011-11-24
|
|
LibLime Koha 4.2 - Local File Inclusion
|
8 |
WEB
|
Akin Tosunlar
|
|
2011-11-24
|
|
Log1 CMS 2.0 - 'ajax_create_folder.php' Remote Code Execution
|
8 |
WEB
|
Adel SBM
|
|
2011-11-23
|
|
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)
|
8 |
WEB
|
EgiX
|
|
2011-11-23
|
|
PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection
|
8 |
WEB
|
Dante90
|
|
2011-11-19
|
|
Support Incident Tracker 3.65 - 'translate.php' Remote Code Execution
|
10 |
WEB
|
EgiX
|
