|
2009-08-18
|
|
DreamPics Builder - 'exhibition_id' SQL Injection
|
19 |
WEB
|
Mr.SQL
|
|
2009-08-18
|
|
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross
|
19 |
WEB
|
USH
|
|
2009-08-18
|
|
SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File
|
20 |
WEB
|
Kernel_Panik
|
|
2009-08-18
|
|
AJ Auction Pro OOPD 2.x - 'id' SQL Injection
|
15 |
WEB
|
NoGe
|
|
2009-08-18
|
|
BaBB 2.8 - Remote Code Injection
|
17 |
WEB
|
Khashayar Fereidani
|
|
2009-08-18
|
|
PHP-Lance 1.52 - Multiple Local File Inclusions
|
19 |
WEB
|
jetli007
|
|
2009-08-14
|
|
MyWeight 1.0 - Arbitrary File Upload
|
19 |
WEB
|
Mr.tro0oqy
|
|
2009-08-14
|
|
DS CMS 1.0 - 'nFileId' SQL Injection
|
18 |
WEB
|
Mr.tro0oqy
|
|
2009-08-14
|
|
PHP Competition System 0.84 - 'competition' SQL Injection
|
19 |
WEB
|
Mr.SQL
|
|
2009-08-14
|
|
Ignition 1.2 - 'comment' Remote Code Injection
|
19 |
WEB
|
Khashayar Fereidani
|
|
2009-08-13
|
|
tgs CMS 0.x - Cross-Site Scripting / SQL Injection / File Disclosure
|
18 |
WEB
|
[]ViZiOn
|
|
2009-08-13
|
|
Gazelle CMS 1.0 - Arbitrary File Upload
|
18 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-08-27
|
|
WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution
|
21 |
WEB
|
Raz0r
|
|
2009-08-13
|
|
JBLOG 1.5.1 - SQL Table Backup
|
20 |
WEB
|
Ams
|
|
2009-08-12
|
|
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
|
19 |
WEB
|
IHTeam
|
|
2009-08-12
|
|
Plume CMS 1.2.3 - Multiple SQL Injections
|
17 |
WEB
|
Sense of Security
|
|
2009-08-12
|
|
Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category
|
20 |
WEB
|
ilker Kandemir
|
|
2009-08-12
|
|
Shorty 0.7.1b - (Authentication Bypass) Insecure Cookie Handling
|
20 |
WEB
|
Pedro Laguna
|
|
2009-08-11
|
|
OCS Inventory NG 1.2.1 - 'systemid' SQL Injection
|
22 |
WEB
|
Guilherme Marinheiro
|
|
2009-08-11
|
|
Joomla! Component idoblog 1.1b30 (com_idoblog) - SQL Injection
|
17 |
WEB
|
kkr
|
|
2009-08-11
|
|
WordPress Core 2.8.3 - Remote Admin Reset Password
|
19 |
WEB
|
laurent gaffié
|
|
2009-08-10
|
|
Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
|
20 |
WEB
|
ilker Kandemir
|
|
2009-08-10
|
|
CMS Made Simple 1.6.2 - Local File Disclosure
|
19 |
WEB
|
IHTeam
|
|
2009-08-10
|
|
Mini-CMS 1.0.1 - 'page.php' SQL Injection
|
17 |
WEB
|
Ins3t
|
|
2009-08-10
|
|
Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution
|
19 |
WEB
|
RedTeam Pentesting
|
|
2009-08-10
|
|
SmilieScript 1.0 - Authentication Bypass
|
22 |
WEB
|
Mr.tro0oqy
|
|
2009-08-07
|
|
logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling
|
21 |
WEB
|
ZoRLu
|
|
2009-08-07
|
|
Logoshows BBS 2.0 - Authentication Bypass
|
20 |
WEB
|
Dns-Team
|
|
2009-08-07
|
|
Joomla! Component com_pms 2.0.4 - 'Ignore-List' SQL Injection
|
18 |
WEB
|
M4dhead
|
|
2009-08-07
|
|
IsolSoft Support Center 2.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
19 |
WEB
|
Moudi
|
|
2009-08-07
|
|
Facil Helpdesk - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
19 |
WEB
|
Moudi
|
|
2009-08-07
|
|
PHPCityPortal - Authentication Bypass
|
17 |
WEB
|
CoBRa_21
|
|
2009-08-07
|
|
Arab Portal 2.2 - Blind Cookie Authentication Bypass
|
16 |
WEB
|
Jafer Al Zidjali
|
|
2009-08-07
|
|
Typing Pal 1.0 - 'idTableProduit' SQL Injection
|
22 |
WEB
|
Red-D3v1L
|
|
2009-08-07
|
|
Logoshows BBS 2.0 - 'forumid' SQL Injection
|
16 |
WEB
|
Ruzgarin_Oglu
|
|
2009-08-07
|
|
Banner Exchange Script 1.0 - 'targetid' Blind SQL Injection
|
19 |
WEB
|
599eme Man
|
|
2009-08-07
|
|
PHotoLa Gallery 1.0 - Authentication Bypass
|
18 |
WEB
|
Red-D3v1L
|
|
2009-08-07
|
|
Alwasel 1.5 - Multiple SQL Injections
|
19 |
WEB
|
SwEET-DeViL
|
|
2009-08-06
|
|
LM Starmail 2.0 - SQL Injection / File Inclusion
|
18 |
WEB
|
int_main();
|
|
2009-08-06
|
|
TYPO3 CMS 4.0 - 'showUid' SQL Injection
|
23 |
WEB
|
Ro0T-MaFia
|
|
2009-08-06
|
|
PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting
|
18 |
WEB
|
int_main();
|
|
2009-08-05
|
|
Portel 2008 - 'decide.php?patron' Blind SQL Injection
|
21 |
WEB
|
Chip d3 bi0s
|
|
2009-08-05
|
|
opennews 1.0 - SQL Injection / Remote Code Execution
|
20 |
WEB
|
SirGod
|
|
2009-08-05
|
|
AccessoriesMe PHP Affiliate Script 1.4 - Blind SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
Moudi
|
|
2009-08-05
|
|
Irokez CMS 0.7.1 - SQL Injection
|
20 |
WEB
|
Ins3t
|
|
2009-08-05
|
|
tenrok 1.1.0 - File Disclosure / Remote Code Execution
|
19 |
WEB
|
SirGod
|
|
2009-08-05
|
|
mybackup 1.4.0 - File Download / Remote File Inclusion
|
19 |
WEB
|
SirGod
|
|
2009-08-04
|
|
In-portal 4.3.1 - 'index.php?env' Local File Inclusion
|
19 |
WEB
|
Angela Chang
|
|
2009-08-04
|
|
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
|
21 |
WEB
|
Shadow
|
|
2009-08-04
|
|
ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion
|
18 |
WEB
|
PLATEN
|
|
2009-08-04
|
|
elgg 1.5 - '/_css/js.php' Local File Inclusion
|
19 |
WEB
|
eLwaux
|
|
2009-08-04
|
|
MOC Designs PHP News 1.1 - Authentication Bypass
|
15 |
WEB
|
SirGod
|
|
2009-08-03
|
|
Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection
|
17 |
WEB
|
ZoRLu
|
|
2009-08-03
|
|
MAXcms 3.11.20b - Remote File Inclusion / File Disclosure
|
17 |
WEB
|
GoLd_M
|
|
2009-08-03
|
|
Discloser 0.0.4-rc2 - 'index.php?more' SQL Injection
|
19 |
WEB
|
Salvatore Fresta
|
|
2009-08-03
|
|
Blink Blog System - Authentication Bypass
|
18 |
WEB
|
Salvatore Fresta
|
|
2009-08-03
|
|
Arab Portal 2.2 - 'mod.php' Local File Inclusion
|
18 |
WEB
|
Qabandi
|
|
2009-08-03
|
|
Multi Website 1.5 - index PHP action SQL Injection
|
17 |
WEB
|
SarBoT511
|
|
2009-08-03
|
|
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
599eme Man
|
|
2009-08-03
|
|
Questions Answered 1.3 - Authentication Bypass
|
18 |
WEB
|
snakespc
|
|
2009-08-03
|
|
x10 media adult script 1.7 - Multiple Vulnerabilities
|
17 |
WEB
|
Moudi
|
|
2009-08-03
|
|
Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
Moudi
|
|
2009-08-03
|
|
Miniweb 2.0 Module Publisher - Blind SQL Injection / Cross-Site Scripting
|
21 |
WEB
|
Moudi
|
|
2009-08-03
|
|
simplePHPWeb 0.2 - 'files.php' Authentication Bypass
|
19 |
WEB
|
SirGod
|
|
2009-08-03
|
|
SimpleLoginSys 0.5 - Authentication Bypass
|
19 |
WEB
|
SirGod
|
|
2009-08-03
|
|
TT Web Site Manager 0.5 - Authentication Bypass
|
21 |
WEB
|
SirGod
|
|
2009-08-03
|
|
QuickDev 4 - 'download.php' File Disclosure
|
19 |
WEB
|
SirGod
|
|
2009-08-03
|
|
Netpet CMS 1.9 - 'confirm.php?language' Local File Inclusion
|
16 |
WEB
|
SirGod
|
|
2009-08-03
|
|
Ajax Short URL Script - Authentication Bypass
|
15 |
WEB
|
Cicklow
|
|
2009-08-03
|
|
ProjectButler 1.5.0 - 'pda_projects.php?offset' Remote File Inclusion
|
20 |
WEB
|
cr4wl3r
|
|
2009-08-03
|
|
AW BannerAd - Authentication Bypass
|
18 |
WEB
|
Ro0T-MaFia
|
|
2009-08-01
|
|
Mobilelib Gold 3.0 - Authentication Bypass / SQL Injection
|
19 |
WEB
|
SwEET-DeViL
|
|
2009-08-01
|
|
aa33code 0.0.1 - Local File Inclusion / Authentication Bypass / File Disclosure
|
19 |
WEB
|
SirGod
|
|
2009-08-01
|
|
PortalXP Teacher Edition 1.2 - Multiple SQL Injections
|
19 |
WEB
|
SirGod
|
|
2009-08-01
|
|
Joomla! Component com_jfusion - 'itemID' Blind SQL Injection
|
19 |
WEB
|
Chip d3 bi0s
|
|
2009-08-01
|
|
MAXcms 3.11.20b - Multiple Remote File Inclusions
|
20 |
WEB
|
NoGe
|
|
2009-08-01
|
|
Arab Portal 2.x - 'forum.php' SQL Injection
|
16 |
WEB
|
rEcruit
|
|
2009-07-30
|
|
linkSpheric 0.74b6 - 'listID' SQL Injection
|
18 |
WEB
|
NoGe
|
|
2009-07-30
|
|
PunBB Reputation.php Mod 2.0.4 - Local File Inclusion
|
17 |
WEB
|
Dante90
|
|
2009-07-30
|
|
MUJE CMS 1.0.4.34 - Local File Inclusion
|
19 |
WEB
|
SirGod
|
|
2009-07-30
|
|
Really Simple CMS 0.3a - 'PT' Local File Inclusion
|
19 |
WEB
|
SirGod
|
|
2009-07-30
|
|
d.net CMS - Local File Inclusion / SQL Injection
|
21 |
WEB
|
SirGod
|
|
2009-07-30
|
|
cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting
|
19 |
WEB
|
SirGod
|
|
2009-07-30
|
|
dit.cms 1.3 - 'path/sitemap/relPath' Local File Inclusion
|
20 |
WEB
|
SirGod
|
|
2009-07-30
|
|
Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection
|
19 |
WEB
|
SirGod
|
|
2009-07-30
|
|
justVisual 1.2 - 'fs_jVroot' Remote File Inclusion
|
21 |
WEB
|
SirGod
|
|
2009-07-30
|
|
Ultrize TimeSheet 1.2.2 - 'readfile()' Local File Disclosure
|
18 |
WEB
|
GoLd_M
|
|
2009-07-28
|
|
ultrize timesheet 1.2.2 - Remote File Inclusion
|
17 |
WEB
|
NoGe
|
|
2009-07-28
|
|
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities
|
18 |
WEB
|
Aung Khant
|
|
2009-07-28
|
|
PaoLiber 1.1 - 'login_ok' Authentication Bypass
|
21 |
WEB
|
SirGod
|
|
2009-07-28
|
|
PaoBacheca Guestbook 2.1 - 'login_ok' Authentication Bypass
|
18 |
WEB
|
SirGod
|
|
2009-07-28
|
|
PaoLink 1.0 - 'login_ok' Authentication Bypass
|
19 |
WEB
|
SirGod
|
|
2009-07-28
|
|
In-portal 4.3.1 - Arbitrary File Upload
|
20 |
WEB
|
Mr.tro0oqy
|
|
2009-07-28
|
|
PunBB Reputation.php Mod 2.0.4 - Blind SQL Injection
|
18 |
WEB
|
Dante90
|
|
2009-07-28
|
|
phpArcadeScript 4.0 - 'id' SQL Injection
|
18 |
WEB
|
MizoZ
|
|
2009-07-28
|
|
PHP Paid 4 Mail Script - 'paidbanner.php?ID' SQL Injection
|
18 |
WEB
|
ThE g0bL!N
|
|
2009-07-27
|
|
SerWeb 2.1.0-dev1 2009-07-02 - Multiple Remote File Inclusions
|
19 |
WEB
|
GoLd_M
|
|
2009-07-27
|
|
Magician Blog 1.0 - Authentication Bypass
|
19 |
WEB
|
Evil-Cod3r
|
|
2009-07-27
|
|
Magician Blog 1.0 - 'ids' SQL Injection
|
19 |
WEB
|
Evil-Cod3r
|
|
2009-07-27
|
|
Limny 1.01 - Authentication Bypass
|
19 |
WEB
|
SirGod
|
|
2009-07-27
|
|
PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete
|
18 |
WEB
|
Dante90
|
|
2009-07-27
|
|
PunBB Automatic Image Upload 1.3.5 - SQL Injection
|
20 |
WEB
|
Dante90
|
|
2009-07-27
|
|
Joomla! Component IXXO Cart! Standalone and - SQL Injection
|
16 |
WEB
|
sm0k3
|
|
2009-07-27
|
|
Allomani Movies & Clips 2.7.0 - Blind SQL Injection
|
20 |
WEB
|
Qabandi
|
|
2009-07-27
|
|
Allomani Songs & Clips 2.7.0 - Blind SQL Injection
|
17 |
WEB
|
Qabandi
|
|
2009-07-27
|
|
Allomani Mobile 2.5 - Blind SQL Injection
|
20 |
WEB
|
Qabandi
|
|
2009-07-27
|
|
Inout Adserver - 'id' SQL Injection
|
17 |
WEB
|
boom3rang
|
|
2009-07-27
|
|
Super Mod System 3.0 - 's' SQL Injection
|
18 |
WEB
|
MizoZ
|
|
2009-07-27
|
|
PHP Paid 4 Mail Script - 'home.php' Remote File Inclusion
|
20 |
WEB
|
int_main();
|
|
2009-07-27
|
|
VS PANEL 7.5.5 - 'Cat_ID' SQL Injection
|
17 |
WEB
|
octopos
|
|
2009-07-27
|
|
iwiccle 1.01 - Local File Inclusion / SQL Injection
|
17 |
WEB
|
SirGod
|
|
2009-07-27
|
|
URA 3.0 - 'cat' SQL Injection
|
18 |
WEB
|
Chip d3 bi0s
|
|
2009-07-27
|
|
garagesalesjunkie - SQL Injection / Cross-Site Scripting
|
15 |
WEB
|
Moudi
|
|
2009-07-27
|
|
XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting
|
16 |
WEB
|
Moudi
|
|
2009-07-27
|
|
skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
17 |
WEB
|
Moudi
|
|
2009-07-27
|
|
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
|
17 |
WEB
|
Moudi
|
|
2009-07-27
|
|
Joomla! Component Almond Classifieds com_aclassf 7.5 - Multiple Vulnerabilities
|
18 |
WEB
|
Moudi
|
|
2009-07-24
|
|
Pixaria Gallery 2.3.5 - 'file' Remote File Disclosure
|
18 |
WEB
|
Qabandi
|
|
2009-07-24
|
|
Scripteen Free Image Hosting Script 2.3 - Insecure Cookie Handling
|
19 |
WEB
|
Qabandi
|
|
2009-07-24
|
|
Clip Bucket 1.7.1 - Insecure Cookie Handling
|
20 |
WEB
|
Qabandi
|
|
2009-07-24
|
|
PHP Live! 3.2.2 - 'questid' SQL Injection (2)
|
18 |
WEB
|
skys
|
|
2009-07-24
|
|
Scripteen Free Image Hosting Script 2.3 - SQL Injection
|
16 |
WEB
|
Coksnuss
|
|
2009-07-24
|
|
Deonixscripts Templates Management 1.3 - SQL Injection
|
17 |
WEB
|
d3b4g
|
|
2009-07-24
|
|
WordPress Core 2.8.1 - 'url' Cross-Site Scripting
|
18 |
WEB
|
superfreakaz0rz
|
|
2009-07-24
|
|
XOOPS Celepar Module Qas - 'codigo' SQL Injection
|
20 |
WEB
|
s4r4d0
|
