|
2010-12-30
|
|
Ignition 1.3 - Remote Code Execution
|
7 |
WEB
|
cOndemned
|
|
2010-12-30
|
|
Ignition 1.3 - 'page.php' Local File Inclusion
|
7 |
WEB
|
cOndemned
|
|
2010-12-29
|
|
LightNEasy 3.2.2 - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-29
|
|
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
|
8 |
WEB
|
Saif
|
|
2010-12-29
|
|
Discovery TorrentTrader 2.6 - Multiple Vulnerabilities
|
8 |
WEB
|
EsS4ndre
|
|
2010-12-29
|
|
TYPO3 - Arbitrary File Retrieval
|
8 |
WEB
|
ikki
|
|
2010-12-29
|
|
DGNews 2.1 - SQL Injection
|
10 |
WEB
|
kalashnikov
|
|
2010-12-29
|
|
Siteframe CMS 3.2.3 - 'user.php' SQL Injection
|
10 |
WEB
|
AnGrY BoY
|
|
2010-12-29
|
|
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
|
8 |
WEB
|
Ali Raheem
|
|
2010-12-29
|
|
LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection
|
9 |
WEB
|
hiphop
|
|
2010-12-29
|
|
PHP-AddressBook 6.2.4 - 'group.php' SQL Injection
|
9 |
WEB
|
hiphop
|
|
2010-12-29
|
|
DzTube - SQL Injection
|
8 |
WEB
|
errnick qwe
|
|
2010-12-29
|
|
kaibb 1.0.1 - Multiple Vulnerabilities
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-29
|
|
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
|
8 |
WEB
|
Net.Edit0r
|
|
2010-12-29
|
|
ardeaCore 2.25 - PHP Framework Remote File Inclusion
|
8 |
WEB
|
n0n0x
|
|
2010-12-28
|
|
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting
|
8 |
WEB
|
Michael Brooks
|
|
2010-12-27
|
|
Web@all 1.1 - Remote Admin Settings Change
|
8 |
WEB
|
Giuseppe D'Inverno
|
|
2010-12-27
|
|
OpenEMR 3.2.0 - SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
blake
|
|
2010-12-27
|
|
pecio CMS 2.0.5 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
P0C T34M
|
|
2010-12-26
|
|
Interact 2.4.1 - SQL Injection
|
8 |
WEB
|
IR Security
|
|
2010-12-25
|
|
LoveCMS 1.6.2 Final - Multiple Local File Inclusions
|
8 |
WEB
|
cOndemned
|
|
2010-12-25
|
|
Social Engine 4.x (Music Plugin) - Arbitrary File Upload
|
8 |
WEB
|
MyDoom
|
|
2010-12-25
|
|
Vacation Rental Script 4.0 - Cross-Site Request Forgery
|
8 |
WEB
|
OnurTURKESHAN
|
|
2010-12-25
|
|
Joomla! Component com_idoblog - SQL Injection
|
8 |
WEB
|
NOCKAR1111
|
|
2010-12-25
|
|
Traidnt Up 3.0 - Cross-Site Request Forgery
|
8 |
WEB
|
P0C T34M
|
|
2010-12-25
|
|
openauto 1.6.3 - Multiple Vulnerabilities
|
8 |
WEB
|
Michael Brooks
|
|
2010-12-25
|
|
Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
Michael Brooks
|
|
2010-12-24
|
|
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
|
8 |
WEB
|
P0C T34M
|
|
2010-12-24
|
|
SquareCMS 0.3.1 - 'post.php' SQL Injection
|
8 |
WEB
|
cOndemned
|
|
2010-12-24
|
|
Joomla! Component com_xmovie 1.0 - Local File Inclusion
|
9 |
WEB
|
KelvinX
|
|
2010-12-24
|
|
iDevSpot iDevCart 1.10 - Multiple Local File Inclusions
|
8 |
WEB
|
v3n0m
|
|
2010-12-23
|
|
CubeCart 3.0.4 - SQL Injection
|
8 |
WEB
|
Dr.NeT
|
|
2010-12-23
|
|
Joomla! Component com_adsmanager - Remote File Inclusion
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2010-12-23
|
|
Joomla! Component com_ponygallery - Remote File Inclusion
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2010-12-23
|
|
IPN Development Handler 2.0 - Multiple Vulnerabilities
|
8 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2010-12-23
|
|
Ypninc Realty Classifieds - SQL Injection
|
8 |
WEB
|
Br0ly
|
|
2010-12-23
|
|
Built2Go PHP Shopping - SQL Injection
|
8 |
WEB
|
Br0ly
|
|
2010-12-23
|
|
D-Link WBR-1310 - Authentication Bypass
|
9 |
WEB
|
Craig Heffner
|
|
2010-12-22
|
|
WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting
|
8 |
WEB
|
clshack
|
|
2010-12-22
|
|
Mitel AWC - Command Execution
|
7 |
WEB
|
Procheckup
|
|
2010-12-21
|
|
jobappr 1.4 - Multiple Vulnerabilities
|
7 |
WEB
|
giudinvx
|
|
2010-12-21
|
|
Joomla! Component com_xgallery 1.0 - Local File Inclusion
|
6 |
WEB
|
KelvinX
|
|
2010-12-21
|
|
html-edit CMS - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-21
|
|
Habari Blog - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-21
|
|
Injader CMS - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-21
|
|
Hycus CMS - Multiple Vulnerabilities
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-21
|
|
S9Y Serendipity 1.5.4 - Arbitrary File Upload
|
7 |
WEB
|
pentesters.ir
|
|
2010-12-20
|
|
Vacation Rental Script 4.0 - Arbitrary File Upload
|
7 |
WEB
|
Br0ly
|
|
2010-12-20
|
|
Joomla! Component JotLoader 2.2.1 - Local File Inclusion
|
7 |
WEB
|
v3n0m
|
|
2010-12-20
|
|
PHP Web Scripts Ad Manager Pro 3.0 - SQL Injection
|
7 |
WEB
|
R4dc0re
|
|
2010-12-20
|
|
plx Ad Trader 3.2 - Authentication Bypass
|
7 |
WEB
|
R4dc0re
|
|
2010-12-20
|
|
Elcom CommunityManager.NET - Authentication Bypass
|
7 |
WEB
|
Sense of Security
|
|
2010-12-20
|
|
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
|
7 |
WEB
|
xer0x
|
|
2010-12-20
|
|
Inout Webmail Script - Persistent Cross-Site Scripting
|
8 |
WEB
|
Sid3^effects
|
|
2010-12-19
|
|
Joomla! Component JE Auto - Local File Inclusion
|
7 |
WEB
|
Sid3^effects
|
|
2010-12-19
|
|
Oto Galery 1.0 - Multiple SQL Injections
|
6 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
Virtual Store Open 3.0 - Acess SQL Injection
|
8 |
WEB
|
Br0ly
|
|
2010-12-18
|
|
Mafia Game Script - SQL Injection
|
11 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
Projekt Shop - 'details.php' Multiple SQL Injections
|
9 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
PayPal Shop Digital - SQL Injection
|
9 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
SchuldnerBeratung - SQL Injection
|
7 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
Download Center 2.2 - SQL Injection
|
10 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
Ero Auktion 2010 - 'item.php' SQL Injection
|
8 |
WEB
|
DeadLy DeMon
|
|
2010-12-18
|
|
MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload
|
8 |
WEB
|
Vladimir Vorontsov
|
|
2010-12-17
|
|
Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Rodrigo Rubira Branco
|
|
2010-12-17
|
|
CubeCart 3.x - Arbitrary File Upload
|
8 |
WEB
|
StunTMaN!
|
|
2010-12-17
|
|
MHP Downloadshop - SQL Injection
|
10 |
WEB
|
Easy Laster
|
|
2010-12-17
|
|
Easy Online Shop - SQL Injection
|
10 |
WEB
|
Easy Laster
|
|
2010-12-17
|
|
Immo Makler Script - SQL Injection
|
9 |
WEB
|
Easy Laster
|
|
2010-12-17
|
|
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)
|
10 |
WEB
|
outlaw.dll
|
|
2010-12-17
|
|
Softbiz PHP Joke Site Software - Multiple SQL Injections
|
9 |
WEB
|
v3n0m
|
|
2010-12-16
|
|
Joomla! Component JRadio - Local File Inclusion
|
10 |
WEB
|
Sid3^effects
|
|
2010-12-16
|
|
QualDev eCommerce script - SQL Injection
|
10 |
WEB
|
ErrNick
|
|
2010-12-15
|
|
gitWeb 1.7.3.3 - Cross-Site Scripting
|
11 |
WEB
|
emgent
|
|
2010-12-15
|
|
Blog:CMS 4.2.1e - Multiple Vulnerabilities
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-15
|
|
BEdita 3.0.1.2550 - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-15
|
|
Pointter PHP Micro-Blogging Social Network - Unauthorized Privilege Escalation
|
10 |
WEB
|
Mark Stanislav
|
|
2010-12-15
|
|
Pointter PHP Content Management System - Unauthorized Privilege Escalation
|
10 |
WEB
|
Mark Stanislav
|
|
2010-12-15
|
|
Google Urchin 5.7.03 - Local File Inclusion
|
9 |
WEB
|
Kristian Erik Hermansen
|
|
2010-12-15
|
|
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
|
9 |
WEB
|
LiquidWorm
|
|
2010-12-15
|
|
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
|
8 |
WEB
|
LiquidWorm
|
|
2010-12-12
|
|
Clear iSpot/Clearspot 2.0.0.0 - Cross-Site Request Forgery
|
9 |
WEB
|
Trustwave's SpiderLabs
|
|
2010-12-10
|
|
Joomla! Component com_billyportfolio 1.1.2 - Blind SQL Injection
|
9 |
WEB
|
jdc
|
|
2010-12-10
|
|
Sulata iSoft - 'stream.php' Local File Disclosure
|
7 |
WEB
|
Sudden_death
|
|
2010-12-09
|
|
Joomla! Component JE Messenger 1.0 - Arbitrary File Upload
|
8 |
WEB
|
Salvatore Fresta
|
|
2010-12-09
|
|
AJ Matrix DNA - SQL Injection
|
8 |
WEB
|
Br0ly
|
|
2010-12-09
|
|
CMScout 2.09 - Cross-Site Request Forgery
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-09
|
|
Joomla! Component JE Auto 1.0 - SQL Injection
|
9 |
WEB
|
Salvatore Fresta
|
|
2010-12-09
|
|
Abtp Portal Project 0.1.0 - Local File Inclusion
|
10 |
WEB
|
Br0ly
|
|
2010-12-09
|
|
Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery
|
8 |
WEB
|
Anatolia Security
|
|
2010-12-07
|
|
SOOP Portal Raven 1.0b - Arbitrary File Upload
|
7 |
WEB
|
Sun Army
|
|
2010-12-06
|
|
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
|
7 |
WEB
|
LiquidWorm
|
|
2010-12-06
|
|
phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification
|
8 |
WEB
|
emgent white_sheep & scox
|
|
2010-12-05
|
|
Pulse CMS Basic - Local File Inclusion
|
11 |
WEB
|
Mark Stanislav
|
|
2010-12-05
|
|
SOOP Portal 2.0 - Arbitrary File Upload
|
9 |
WEB
|
Net.Edit0r
|
|
2010-12-05
|
|
HotWebScripts HotWeb Rentals - 'resorts.asp' SQL Injection
|
9 |
WEB
|
R4dc0re
|
|
2010-12-05
|
|
Ecommercemax Solutions Digital Goods Seller - SQL Injection
|
10 |
WEB
|
R4dc0re
|
|
2010-12-05
|
|
Gatesoft Docusafe 4.1.0 - SQL Injection
|
9 |
WEB
|
R4dc0re
|
|
2010-12-05
|
|
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
|
9 |
WEB
|
FreWaL
|
|
2010-12-05
|
|
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
|
10 |
WEB
|
M4g
|
|
2010-12-04
|
|
ASPSiteWare Contact Directory 1.0 - SQL Injection
|
10 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
ASPSiteWare ASP Gallery 1.0 - SQL Injection
|
10 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
ASPSiteWare JobPost 1.0 - SQL Injection
|
9 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
ASPSiteWare Project Reporter - SQL Injection
|
8 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
ASPSiteWare Recipe ORGanizer - SQL Injection
|
8 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
T-Dreams Job Seekers Package 3.0 - SQL Injection
|
8 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
T-Dreams Cars Ads Package 2.0 - SQL Injection
|
8 |
WEB
|
R4dc0re
|
|
2010-12-04
|
|
Linksys Routers - Cross-Site Request Forgery
|
9 |
WEB
|
Martin Barbella
|
|
2010-12-04
|
|
Dejcom Market CMS - 'showbrand.aspx' SQL Injection
|
11 |
WEB
|
Mormoroth
|
|
2010-12-03
|
|
D-Link Routers - Authentication Bypass (1)
|
10 |
WEB
|
Craig Heffner
|
|
2010-12-03
|
|
Easy Travel Portal 2 - 'travelbycountry.asp' SQL Injection
|
12 |
WEB
|
Ulrik Persson
|
|
2010-12-02
|
|
Ananda Real Estate 3.4 - 'list.asp' Multiple SQL Injections
|
10 |
WEB
|
underground-stockholm.com
|
|
2010-12-02
|
|
etomite 1.1 - Multiple Vulnerabilities
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-02
|
|
Contenido CMS 4.8.12 - Cross-Site Scripting
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2010-12-01
|
|
LittlePhpGallery 1.0.2 - Local File Inclusion
|
10 |
WEB
|
kire bozorge khavarmian
|
|
2010-12-01
|
|
Digitalus 1.10.0 Alpha2 - Arbitrary File Upload
|
9 |
WEB
|
eidelweiss
|
|
2010-12-01
|
|
BugTracker.NET 3.4.4 - Multiple Vulnerabilities
|
10 |
WEB
|
Core Security
|
|
2010-12-01
|
|
OsCSS 1.2 - Arbitrary File Upload
|
9 |
WEB
|
Shichemt Alen
|
|
2010-12-01
|
|
Alibaba Clone B2B 3.4 - SQL Injection
|
10 |
WEB
|
Dr.0rYX & Cr3W-DZ
|
|
2010-11-30
|
|
Elxis CMS 2009.2 - SQL Injection
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-11-30
|
|
DynPG 4.2.0 - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-11-30
|
|
enano CMS 1.1.7pl1 - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-11-30
|
|
Eclime 1.1.2b - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-11-30
|
|
Pandora Fms 3.1 - Directory Traversal / Local File Inclusion
|
10 |
WEB
|
Juan Galiana Lara
|
|
2010-11-30
|
|
Pandora Fms 3.1 - Blind SQL Injection
|
9 |
WEB
|
Juan Galiana Lara
|
