|
2009-09-11
|
|
Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
K-159
|
|
2009-09-11
|
|
PHP-IPNMonitor - 'maincat_id' SQL Injection
|
8 |
WEB
|
noname
|
|
2009-09-11
|
|
gyro 5.0 - SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
OoN_Boy
|
|
2009-09-11
|
|
Image voting 1.0 - 'index.php?show' SQL Injection
|
8 |
WEB
|
SkuLL-HackeR
|
|
2009-09-10
|
|
T-HTB Manager 0.5 - Multiple Blind SQL Injections
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-09-10
|
|
An image Gallery 1.0 - 'navigation.php' Local Directory Traversal
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-09-10
|
|
Drunken:Golem Gaming Portal - 'admin_news_bot.php' Remote File Inclusion
|
8 |
WEB
|
EA Ngel
|
|
2009-09-10
|
|
Adult Portal escort listing - 'user_id' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-09-10
|
|
Bus Script - 'sitetext_id' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-09-10
|
|
Accommodation Hotel Booking Portal - 'hotel_id' SQL Injection
|
7 |
WEB
|
Mr.SQL
|
|
2009-09-10
|
|
iDesk - 'download.php?cat_id' SQL Injection
|
9 |
WEB
|
Mr.SQL
|
|
2009-09-10
|
|
MYRE Holiday Rental Manager - 'action' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-09-10
|
|
Graffiti CMS 1.x - Arbitrary File Upload
|
8 |
WEB
|
Alexander Concha
|
|
2009-09-10
|
|
nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting
|
10 |
WEB
|
Salvatore Fresta
|
|
2009-09-10
|
|
Advanced Comment System 1.0 - Multiple Remote File Inclusions
|
8 |
WEB
|
Kurd-Team
|
|
2009-09-09
|
|
ChartDirector 5.0.1 - 'cacheId' Arbitrary File Disclosure
|
9 |
WEB
|
DokFLeed
|
|
2009-09-09
|
|
PHPNagios 1.2.0 - 'menu.php' Local File Inclusion
|
9 |
WEB
|
CoBRa_21
|
|
2009-09-09
|
|
Mambo Component Hestar - SQL Injection
|
8 |
WEB
|
M3NW5
|
|
2009-09-09
|
|
Agoko CMS 0.4 - Remote Command Execution
|
8 |
WEB
|
StAkeR
|
|
2009-09-09
|
|
Joomla! Component Joomloc 1.0 - 'id' SQL Injection
|
8 |
WEB
|
Chip d3 bi0s
|
|
2009-09-09
|
|
Model Agency Manager Pro - 'user_id' SQL Injection
|
8 |
WEB
|
R3d-D3V!L
|
|
2009-09-09
|
|
Joomla! Component TPDugg 1.1 - Blind SQL Injection
|
9 |
WEB
|
NoGe
|
|
2009-09-09
|
|
Joomla! Component BF Survey Pro Free - SQL Injection
|
8 |
WEB
|
jdc
|
|
2009-09-09
|
|
OBOphiX 2.7.0 - 'fonctions_racine.php' Remote File Inclusion
|
8 |
WEB
|
EA Ngel
|
|
2009-09-09
|
|
The Rat CMS Alpha 2 - Arbitrary File Upload
|
8 |
WEB
|
Securitylab.ir
|
|
2009-09-04
|
|
Joomla! Component com_Joomlaub - 'aid' SQL Injection
|
8 |
WEB
|
599eme Man
|
|
2009-09-04
|
|
Ticket Support Script - 'ticket.php' Arbitrary File Upload
|
8 |
WEB
|
InjEctOr5
|
|
2009-09-04
|
|
ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution
|
8 |
WEB
|
SpeeDr00t
|
|
2009-09-04
|
|
Mambo Component com_zoom - 'catid' Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2009-09-03
|
|
PHPope 1.0.0 - Multiple Remote File Inclusions
|
8 |
WEB
|
cr4wl3r
|
|
2009-09-03
|
|
FreeSchool 1.1.0 - Multiple Remote File Inclusions
|
8 |
WEB
|
cr4wl3r
|
|
2009-09-02
|
|
PHP Live! 3.3 - 'deptid' SQL Injection
|
10 |
WEB
|
v3n0m
|
|
2009-09-02
|
|
Ve-EDIT 0.1.4 - 'highlighter' Remote File Inclusion
|
9 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-09-02
|
|
Discuz! Plugin JiangHu 1.1 - 'id' SQL Injection
|
8 |
WEB
|
ZhaoHuAn
|
|
2009-09-01
|
|
DataLife Engine 8.2 - dle_config_api Remote File Inclusion
|
8 |
WEB
|
Kurd-Team
|
|
2009-09-01
|
|
Joomla! Component com_gameserver 1.0 - 'id' SQL Injection
|
9 |
WEB
|
v3n0m
|
|
2009-09-01
|
|
Ve-EDIT 0.1.4 - 'debug_PHP.php' Local File Inclusion
|
8 |
WEB
|
CoBRa_21
|
|
2009-09-01
|
|
phpBB3 - addon prime_quick_style GetAdmin
|
8 |
WEB
|
-SmoG-
|
|
2009-09-01
|
|
KingCMS 0.6.0 - 'menu.php' Remote File Inclusion
|
9 |
WEB
|
CoBRa_21
|
|
2009-09-01
|
|
Xstate Real Estate 1.0 - Blind SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-09-01
|
|
Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
|
8 |
WEB
|
ByALBAYX
|
|
2009-09-01
|
|
Joomla! Component com_artportal 1.0 - 'portalid' SQL Injection
|
8 |
WEB
|
599eme Man
|
|
2009-09-01
|
|
JSFTemplating / Mojarra Scales / GlassFish - File Disclosure
|
8 |
WEB
|
SEC Consult
|
|
2009-08-31
|
|
osCommerce Online Merchant 2.2 RC2a - Code Execution
|
8 |
WEB
|
flyh4t
|
|
2009-08-31
|
|
Mybuxscript PTC-BUX - 'spnews.php' SQL Injection
|
8 |
WEB
|
HxH
|
|
2009-08-31
|
|
Rock Band CMS 0.10 - 'news.php' Multiple SQL Injections (1)
|
9 |
WEB
|
Affix
|
|
2009-08-31
|
|
Re-Script 0.99 Beta - 'listings.php?op' SQL Injection
|
10 |
WEB
|
Mr.SQL
|
|
2009-08-31
|
|
Modern Script 5.0 - 'index.php?s' SQL Injection
|
8 |
WEB
|
Red-D3v1L
|
|
2009-08-28
|
|
Silurus Classifieds System - 'category.php' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-27
|
|
Uiga Church Portal - 'year' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-27
|
|
Joomla! Component com_digifolio 1.52 - 'id' SQL Injection
|
8 |
WEB
|
v3n0m
|
|
2009-08-26
|
|
PHPSANE 0.5.0 - 'save.php' Remote File Inclusion
|
8 |
WEB
|
CoBRa_21
|
|
2009-08-26
|
|
allomani 2007 - 'cat' SQL Injection
|
8 |
WEB
|
NeX HaCkEr
|
|
2009-08-26
|
|
PAD Site Scripts 3.6 - 'list.php?string' SQL Injection
|
9 |
WEB
|
Mr.SQL
|
|
2009-08-26
|
|
Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities
|
8 |
WEB
|
Andrew Horton
|
|
2009-08-26
|
|
Discuz! Plugin Crazy Star 2.0 - 'fmid' SQL Injection
|
8 |
WEB
|
ZhaoHuAn
|
|
2009-08-26
|
|
Simple CMS Framework 1.0 - 'page' SQL Injection
|
8 |
WEB
|
Red-D3v1L
|
|
2009-08-26
|
|
Moa Gallery 1.2.0 - 'p_filename' Remote File Disclosure
|
8 |
WEB
|
GoLd_M
|
|
2009-08-26
|
|
totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion
|
8 |
WEB
|
Moudi
|
|
2009-08-26
|
|
Moa Gallery 1.2.0 - 'index.php?action' SQL Injection
|
9 |
WEB
|
Mr.SQL
|
|
2009-08-26
|
|
Moa Gallery 1.2.0 - Multiple Remote File Inclusions
|
9 |
WEB
|
cr4wl3r
|
|
2009-08-25
|
|
EMO Breader Manager - 'video.php?movie' SQL Injection
|
9 |
WEB
|
Mr.SQL
|
|
2009-08-25
|
|
TCPDB 3.8 - Remote Content Change Bypass
|
8 |
WEB
|
Securitylab.ir
|
|
2009-08-25
|
|
Turnkey Arcade Script - SQL Injection (2)
|
8 |
WEB
|
Red-D3v1L
|
|
2009-08-25
|
|
Joomla! Component com_siirler 1.2 - 'sid' SQL Injection
|
8 |
WEB
|
v3n0m
|
|
2009-08-24
|
|
Geeklog 1.6.0sr1 - Arbitrary File Upload
|
8 |
WEB
|
JaL0h
|
|
2009-08-24
|
|
Joomla! Component com_jtips 1.0.x - 'season' Blind SQL Injection
|
8 |
WEB
|
Chip d3 bi0s
|
|
2009-08-24
|
|
Joomla! Component com_ninjamonial 1.1 - 'testimID' SQL Injection
|
8 |
WEB
|
Chip d3 bi0s
|
|
2009-08-24
|
|
New5starRating 1.0 - 'rating.php' SQL Injection
|
9 |
WEB
|
Bgh7
|
|
2009-08-24
|
|
ITechBids 8.0 - 'ProductID' Blind SQL Injection
|
9 |
WEB
|
Mr.SQL
|
|
2009-08-24
|
|
humanCMS - Authentication Bypass
|
8 |
WEB
|
next
|
|
2009-08-24
|
|
Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure
|
8 |
WEB
|
Septemb0x
|
|
2009-11-16
|
|
Dow Group - 'new.php' SQL Injection
|
9 |
WEB
|
ProF.Code
|
|
2009-08-24
|
|
Lanai Core 0.6 - Remote File Disclosure / Info Disclosure
|
8 |
WEB
|
Khashayar Fereidani
|
|
2009-08-24
|
|
Cuteflow 2.10.3 - 'edituser.php' Security Bypass
|
8 |
WEB
|
Hever Costa Rocha
|
|
2009-08-24
|
|
PHP Dir Submit - 'aid' SQL Injection
|
9 |
WEB
|
Mr.tro0oqy
|
|
2009-08-24
|
|
Arcade Trade Script 1.0b - (Authentication Bypass) Insecure Cookie Handling
|
10 |
WEB
|
Mr.tro0oqy
|
|
2009-08-24
|
|
Moa Gallery 1.1.0 - 'gallery_id' SQL Injection
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-08-18
|
|
asaher pro 1.0.4 - Remote Database Backup
|
9 |
WEB
|
alnjm33
|
|
2009-08-18
|
|
Traidnt UP 2.0 - SQL Injection
|
8 |
WEB
|
Jafer Al Zidjali
|
|
2009-08-18
|
|
Best Dating Script - Arbitrary File Upload
|
8 |
WEB
|
jetli007
|
|
2009-08-18
|
|
CBAuthority - ClickBank Affiliate Management SQL Injection
|
7 |
WEB
|
Angela Chang
|
|
2009-08-18
|
|
PHP Email Manager - 'remove.php?ID' SQL Injection
|
7 |
WEB
|
MuShTaQ
|
|
2009-08-18
|
|
Ultimate Fade-in Slideshow 1.51 - Arbitrary File Upload
|
7 |
WEB
|
NeX HaCkEr
|
|
2009-08-18
|
|
phpfreeBB 1.0 - Blind SQL Injection
|
8 |
WEB
|
Moudi
|
|
2009-08-18
|
|
Fotoshow PRO - 'category' SQL Injection
|
8 |
WEB
|
darkmasking
|
|
2009-08-18
|
|
Joomla! Component MisterEstate - Blind SQL Injection
|
8 |
WEB
|
jdc
|
|
2009-08-18
|
|
Infinity 2.x - 'options[style_dir]' Local File Disclosure
|
8 |
WEB
|
SwEET-DeViL
|
|
2009-08-18
|
|
E CMS 1.0 - 'index.php?s' SQL Injection
|
8 |
WEB
|
Red-D3v1L
|
|
2009-08-18
|
|
autonomous lan party 0.98.3 - Remote File Inclusion
|
8 |
WEB
|
cr4wl3r
|
|
2009-08-18
|
|
2WIRE Gateway - Authentication Bypass / Password Reset (2)
|
9 |
WEB
|
bugz
|
|
2009-08-18
|
|
Videos Broadcast Yourself 2 - 'UploadID' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-18
|
|
Arcadem Pro 2.8 - 'article' Blind SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-18
|
|
DreamPics Builder - 'exhibition_id' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-18
|
|
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross
|
9 |
WEB
|
USH
|
|
2009-08-18
|
|
SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File
|
9 |
WEB
|
Kernel_Panik
|
|
2009-08-18
|
|
AJ Auction Pro OOPD 2.x - 'id' SQL Injection
|
7 |
WEB
|
NoGe
|
|
2009-08-18
|
|
BaBB 2.8 - Remote Code Injection
|
7 |
WEB
|
Khashayar Fereidani
|
|
2009-08-18
|
|
PHP-Lance 1.52 - Multiple Local File Inclusions
|
8 |
WEB
|
jetli007
|
|
2009-08-14
|
|
MyWeight 1.0 - Arbitrary File Upload
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-08-14
|
|
DS CMS 1.0 - 'nFileId' SQL Injection
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-08-14
|
|
PHP Competition System 0.84 - 'competition' SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2009-08-14
|
|
Ignition 1.2 - 'comment' Remote Code Injection
|
9 |
WEB
|
Khashayar Fereidani
|
|
2009-08-13
|
|
tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure
|
8 |
WEB
|
[]ViZiOn
|
|
2009-08-13
|
|
Gazelle CMS 1.0 - Arbitrary File Upload
|
8 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-08-27
|
|
WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution
|
10 |
WEB
|
Raz0r
|
|
2009-08-13
|
|
JBLOG 1.5.1 - SQL Table Backup
|
8 |
WEB
|
Ams
|
|
2009-08-12
|
|
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
|
8 |
WEB
|
IHTeam
|
|
2009-08-12
|
|
Plume CMS 1.2.3 - Multiple SQL Injections
|
9 |
WEB
|
Sense of Security
|
|
2009-08-12
|
|
Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category
|
8 |
WEB
|
ilker Kandemir
|
|
2009-08-12
|
|
Shorty 0.7.1b - (Authentication Bypass) Insecure Cookie Handling
|
8 |
WEB
|
Pedro Laguna
|
|
2009-08-11
|
|
OCS Inventory NG 1.2.1 - 'systemid' SQL Injection
|
9 |
WEB
|
Guilherme Marinheiro
|
|
2009-08-11
|
|
Joomla! Component idoblog 1.1b30 (com_idoblog) - SQL Injection
|
9 |
WEB
|
kkr
|
|
2009-08-11
|
|
WordPress Core 2.8.3 - Remote Admin Reset Password
|
9 |
WEB
|
laurent gaffié
|
|
2009-08-10
|
|
Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
|
9 |
WEB
|
ilker Kandemir
|
|
2009-08-10
|
|
CMS Made Simple 1.6.2 - Local File Disclosure
|
8 |
WEB
|
IHTeam
|
|
2009-08-10
|
|
Mini-CMS 1.0.1 - 'page.php' SQL Injection
|
8 |
WEB
|
Ins3t
|
|
2009-08-10
|
|
Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution
|
8 |
WEB
|
RedTeam Pentesting
|
|
2009-08-10
|
|
SmilieScript 1.0 - Authentication Bypass
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-08-07
|
|
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
|
8 |
WEB
|
ZoRLu
|
|
2009-08-07
|
|
Logoshows BBS 2.0 - Authentication Bypass
|
8 |
WEB
|
Dns-Team
|
|
2009-08-07
|
|
Joomla! Component com_pms 2.0.4 - 'Ignore-List' SQL Injection
|
8 |
WEB
|
M4dhead
|
|
2009-08-07
|
|
IsolSoft Support Center 2.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-08-07
|
|
Facil Helpdesk - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
7 |
WEB
|
Moudi
|
|
2009-08-07
|
|
PHPCityPortal - Authentication Bypass
|
8 |
WEB
|
CoBRa_21
|
