|
2011-02-07
|
|
jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection
|
5 |
WEB
|
Saif El-Sherei
|
|
2011-02-07
|
|
T-Content Managment System - Multiple Vulnerabilities
|
4 |
WEB
|
Daniel Godoy
|
|
2011-02-06
|
|
Dew-NewPHPLinks 2.1b - 'index.php' SQL Injection
|
4 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2011-02-05
|
|
Escort und Begleitservice Agentur Script - SQL Injection
|
4 |
WEB
|
NoNameMT
|
|
2011-02-05
|
|
Qcodo Development Framework 0.3.3 - Full Information Disclosure
|
3 |
WEB
|
Daniel Godoy
|
|
2011-02-05
|
|
Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure
|
5 |
WEB
|
beford
|
|
2011-02-04
|
|
osCommerce - Authentication Bypass
|
5 |
WEB
|
Nicolas Krassas
|
|
2011-02-04
|
|
reos 2.0.5 - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-02-04
|
|
Podcast Generator 1.3 - Multiple Vulnerabilities
|
5 |
WEB
|
High-Tech Bridge SA
|
|
2011-02-03
|
|
OemPro 3.6.4 - Multiple Vulnerabilities
|
4 |
WEB
|
Ignacio Garrido
|
|
2011-02-03
|
|
Islam Sound IV2 - 'details.php' SQL Injection
|
4 |
WEB
|
ZxH-Labs
|
|
2011-02-02
|
|
Zikula CMS 1.2.4 - Cross-Site Request Forgery
|
4 |
WEB
|
Aung Khant
|
|
2011-02-02
|
|
RedaxScript 0.3.2 - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-02-02
|
|
Raja Natarajan Guestbook 1.0 - Local File Inclusion
|
4 |
WEB
|
h0rd
|
|
2011-02-01
|
|
Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
|
4 |
WEB
|
Jeff Channell
|
|
2011-02-01
|
|
TinyWebGallery 1.8.3 - Multiple Vulnerabilities
|
4 |
WEB
|
Yam Mesicka
|
|
2011-02-01
|
|
NetLink - Arbitrary File Upload
|
4 |
WEB
|
lumut--
|
|
2011-02-01
|
|
PMB Services 3.4.3 - SQL Injection
|
4 |
WEB
|
Luchador
|
|
2011-01-30
|
|
RW-Download 4.0.6 - 'index.php' SQL Injection
|
4 |
WEB
|
Dr.NeT
|
|
2011-01-30
|
|
vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities
|
4 |
WEB
|
MaXe
|
|
2011-01-30
|
|
vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks
|
4 |
WEB
|
MaXe
|
|
2011-01-29
|
|
MultiCMS - Local File Inclusion
|
4 |
WEB
|
R3VAN_BASTARD
|
|
2011-01-28
|
|
PHP Script Directory Software - 'sbcat_id' SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-28
|
|
PHP Classified ads software - 'cid' Blind SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-28
|
|
PHP Link Directory Software - 'sbcat_id' SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-27
|
|
comercioplus 5.6 - Multiple Vulnerabilities
|
4 |
WEB
|
Daniel Godoy
|
|
2011-01-26
|
|
Xnova Legacies 2009.2 - Cross-Site Request Forgery
|
4 |
WEB
|
Xploit A Day
|
|
2011-01-26
|
|
MultiPowUpload 2.1 - Arbitrary File Upload
|
4 |
WEB
|
DIES3L
|
|
2011-01-26
|
|
sap crystal report server 2008 - Directory Traversal
|
4 |
WEB
|
Dmitriy Chastuhin
|
|
2011-01-26
|
|
Froxlor 0.9.15 - Remote File Inclusion
|
4 |
WEB
|
DIES3L
|
|
2011-01-26
|
|
class.upload.php 0.30 - Arbitrary File Upload
|
4 |
WEB
|
DIES3L
|
|
2011-01-26
|
|
AWCM 2.2 Final - Local File Inclusion
|
4 |
WEB
|
Cucura
|
|
2011-01-26
|
|
PHPDirector Game Edition - 'game.php' SQL Injection
|
4 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2011-01-25
|
|
ab Web CMS 1.35 - Multiple Vulnerabilities
|
4 |
WEB
|
Dr.0rYX & Cr3W-DZ
|
|
2011-01-24
|
|
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
|
4 |
WEB
|
Salvatore Fresta
|
|
2011-01-23
|
|
PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2011-01-23
|
|
PHP Coupon Script 6.0 - 'bus' Blind SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-22
|
|
cultbooking 2.0.4 - Multiple Vulnerabilities
|
4 |
WEB
|
LiquidWorm
|
|
2011-01-22
|
|
phpCMS 9.0 - Blind SQL Injection
|
4 |
WEB
|
eidelweiss
|
|
2011-01-20
|
|
PHP Lowbids - 'viewfaqs.php' Blind SQL Injection
|
5 |
WEB
|
h4ck3r
|
|
2011-01-20
|
|
phpCMS 2008 - SQL Injection
|
4 |
WEB
|
R3d-D3V!L
|
|
2011-01-19
|
|
PHP auctions - 'viewfaqs.php' Blind SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-19
|
|
Simploo CMS 1.7.1 - PHP Code Execution
|
3 |
WEB
|
David Vieira-Kurz
|
|
2011-01-18
|
|
N-13 News 3.4 - Cross-Site Request Forgery (Admin Add)
|
4 |
WEB
|
anT!-Tr0J4n
|
|
2011-01-18
|
|
CakePHP 1.3.5/1.2.8 - 'Unserialize()' File Inclusion
|
4 |
WEB
|
felix
|
|
2011-01-18
|
|
Joomla! Component allCineVid 1.0.0 - Blind SQL Injection
|
5 |
WEB
|
Salvatore Fresta
|
|
2011-01-17
|
|
AneCMS 1.3 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Penguin
|
|
2011-01-17
|
|
SmoothWall Express 3.0 - Multiple Vulnerabilities
|
4 |
WEB
|
dave b
|
|
2011-01-17
|
|
PHP-Fusion Teams Structure Infusion Addon - SQL Injection
|
4 |
WEB
|
Saif
|
|
2011-01-16
|
|
AWBS 2.9.2 - 'cart.php' Blind SQL Injection
|
4 |
WEB
|
ShivX
|
|
2011-01-16
|
|
Joomla! Component com_people 1.0.0 - Local File Inclusion
|
4 |
WEB
|
ALTBTA
|
|
2011-01-16
|
|
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
|
4 |
WEB
|
Mark Stanislav
|
|
2011-01-16
|
|
BetMore Site Suite 4 - 'bid' Blind SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2011-01-16
|
|
MeshCMS 3.5 - Remote Code Execution
|
4 |
WEB
|
mr_me
|
|
2011-01-15
|
|
CompactCMS 1.4.1 - Multiple Vulnerabilities
|
4 |
WEB
|
Patrick de Brouwer
|
|
2011-01-15
|
|
glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting
|
6 |
WEB
|
Saif
|
|
2011-01-15
|
|
ViArt Shop 4.0.5 - Cross-Site Request Forgery
|
5 |
WEB
|
Or4nG.M4N
|
|
2011-01-14
|
|
Joomla! Component People 1.0.0 - SQL Injection
|
4 |
WEB
|
Salvatore Fresta
|
|
2011-01-13
|
|
SiteScape Enterprise Forum 7 - TCL Injection
|
4 |
WEB
|
Spencer McIntyre
|
|
2011-01-12
|
|
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
|
4 |
WEB
|
Saif El-Sherei
|
|
2011-01-12
|
|
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
|
5 |
WEB
|
Jeff Channell
|
|
2011-01-11
|
|
whCMS 0.115 - Cross-Site Request Forgery
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-11
|
|
Cambio 0.5a - Cross-Site Request Forgery
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-11
|
|
diafan.cms 4.3 - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-11
|
|
vam shop 1.6 - Multiple Vulnerabilities
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-11
|
|
energine 2.3.8 - Multiple Vulnerabilities
|
5 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-11
|
|
Extcalendar 2 - 'calendar.php' SQL Injection
|
5 |
WEB
|
Lagripe-Dz & Mca-Crb
|
|
2011-01-10
|
|
Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution
|
5 |
WEB
|
mr_me
|
|
2011-01-10
|
|
TinyBB 1.2 - SQL Injection
|
5 |
WEB
|
Aodrulez
|
|
2011-01-10
|
|
Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload
|
4 |
WEB
|
eidelweiss
|
|
2011-01-09
|
|
Joomla! Plugin Captcha 4.5.1 - Local File Disclosure
|
4 |
WEB
|
dun
|
|
2011-01-08
|
|
Zwii 2.1.1 - Remote File Inclusion
|
4 |
WEB
|
Abdi Mohamed
|
|
2011-01-08
|
|
WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities
|
4 |
WEB
|
Charles Hooper
|
|
2011-01-08
|
|
sahana agasti 0.6.5 - Multiple Vulnerabilities
|
6 |
WEB
|
dun
|
|
2011-01-08
|
|
Elxis CMS 2009.2 - Remote File Inclusion
|
4 |
WEB
|
n0n0x
|
|
2011-01-08
|
|
axdcms-0.1.1 - Local File Inclusion
|
4 |
WEB
|
n0n0x
|
|
2011-01-07
|
|
openSite 0.2.2 Beta - Local File Inclusion
|
6 |
WEB
|
n0n0x
|
|
2011-01-06
|
|
PHP MicroCMS 1.0.1 - Cross-Site Request Forgery / Cross-Site Scripting
|
5 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-06
|
|
Phenotype CMS 3.0 - SQL Injection
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-06
|
|
phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-06
|
|
F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2011-01-06
|
|
Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities
|
4 |
WEB
|
Riyaz Ahemed Walikar
|
|
2011-01-06
|
|
Ignition 1.3 - 'comment.php' Local File Inclusion
|
5 |
WEB
|
n0n0x
|
|
2011-01-05
|
|
Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution
|
5 |
WEB
|
mr_me
|
|
2011-01-05
|
|
PhpGedView 4.2.3 - Local File Inclusion
|
5 |
WEB
|
dun
|
|
2011-01-05
|
|
Nucleus 3.61 - Multiple Remote File Inclusions
|
4 |
WEB
|
n0n0x
|
|
2011-01-04
|
|
S40 CMS 0.4.1 - Cross-Site Request Forgery (Change Admin Password)
|
4 |
WEB
|
pentesters.ir
|
|
2011-01-03
|
|
Sahana Agasti 0.6.4 - Multiple Remote File Inclusions
|
4 |
WEB
|
n0n0x
|
|
2011-01-02
|
|
amoeba CMS 1.01 - Multiple Vulnerabilities
|
4 |
WEB
|
mr_me
|
|
2011-01-02
|
|
YourTube 1.0 - Cross-Site Request Forgery (Add User)
|
5 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2011-01-02
|
|
GALLARIFIC PHP Photo Gallery Script - 'gallery.php' SQL Injection
|
5 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2011-01-01
|
|
Tech Shop Technote 7 - SQL Injection
|
4 |
WEB
|
MaJ3stY
|
|
2011-01-01
|
|
Sahana Agasti 0.6.4 - SQL Injection
|
5 |
WEB
|
dun
|
|
2011-01-01
|
|
ChurchInfo 1.2.12 - SQL Injection
|
6 |
WEB
|
dun
|
|
2011-01-01
|
|
KLINK - SQL Injection
|
6 |
WEB
|
Mauro Rossi & Andres Gomez
|
|
2010-12-30
|
|
Ignition 1.3 - Remote Code Execution
|
3 |
WEB
|
cOndemned
|
|
2010-12-30
|
|
Ignition 1.3 - 'page.php' Local File Inclusion
|
4 |
WEB
|
cOndemned
|
|
2010-12-29
|
|
LightNEasy 3.2.2 - Multiple Vulnerabilities
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-29
|
|
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
|
4 |
WEB
|
Saif
|
|
2010-12-29
|
|
Discovery TorrentTrader 2.6 - Multiple Vulnerabilities
|
4 |
WEB
|
EsS4ndre
|
|
2010-12-29
|
|
TYPO3 - Arbitrary File Retrieval
|
4 |
WEB
|
ikki
|
|
2010-12-29
|
|
DGNews 2.1 - SQL Injection
|
5 |
WEB
|
kalashnikov
|
|
2010-12-29
|
|
Siteframe CMS 3.2.3 - 'user.php' SQL Injection
|
6 |
WEB
|
AnGrY BoY
|
|
2010-12-29
|
|
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
|
4 |
WEB
|
Ali Raheem
|
|
2010-12-29
|
|
LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection
|
4 |
WEB
|
hiphop
|
|
2010-12-29
|
|
PHP-AddressBook 6.2.4 - 'group.php' SQL Injection
|
5 |
WEB
|
hiphop
|
|
2010-12-29
|
|
DzTube - SQL Injection
|
4 |
WEB
|
errnick qwe
|
|
2010-12-29
|
|
kaibb 1.0.1 - Multiple Vulnerabilities
|
4 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-29
|
|
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
|
4 |
WEB
|
Net.Edit0r
|
|
2010-12-29
|
|
ardeaCore 2.25 - PHP Framework Remote File Inclusion
|
4 |
WEB
|
n0n0x
|
|
2010-12-28
|
|
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting
|
4 |
WEB
|
Michael Brooks
|
|
2010-12-27
|
|
Web@all 1.1 - Remote Admin Settings Change
|
4 |
WEB
|
Giuseppe D'Inverno
|
|
2010-12-27
|
|
OpenEMR 3.2.0 - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
blake
|
|
2010-12-27
|
|
pecio CMS 2.0.5 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
P0C T34M
|
|
2010-12-26
|
|
Interact 2.4.1 - SQL Injection
|
4 |
WEB
|
IR Security
|
|
2010-12-25
|
|
LoveCMS 1.6.2 Final - Multiple Local File Inclusions
|
4 |
WEB
|
cOndemned
|
|
2010-12-25
|
|
Social Engine 4.x (Music Plugin) - Arbitrary File Upload
|
4 |
WEB
|
MyDoom
|
|
2010-12-25
|
|
Vacation Rental Script 4.0 - Cross-Site Request Forgery
|
4 |
WEB
|
OnurTURKESHAN
|
|
2010-12-25
|
|
Joomla! Component com_idoblog - SQL Injection
|
4 |
WEB
|
NOCKAR1111
|
|
2010-12-25
|
|
Traidnt Up 3.0 - Cross-Site Request Forgery
|
4 |
WEB
|
P0C T34M
|
|
2010-12-25
|
|
openauto 1.6.3 - Multiple Vulnerabilities
|
4 |
WEB
|
Michael Brooks
|
|
2010-12-25
|
|
Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Michael Brooks
|
|
2010-12-24
|
|
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
|
4 |
WEB
|
P0C T34M
|
|
2010-12-24
|
|
SquareCMS 0.3.1 - 'post.php' SQL Injection
|
4 |
WEB
|
cOndemned
|
|
2010-12-24
|
|
Joomla! Component com_xmovie 1.0 - Local File Inclusion
|
4 |
WEB
|
KelvinX
|
