|
2009-05-21
|
|
ZaoCMS - 'download.php' Remote File Disclosure
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-21
|
|
ZaoCMS - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-21
|
|
Article Directory - 'page.php' Blind SQL Injection
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-21
|
|
Article Directory - Authentication Bypass
|
3 |
WEB
|
Hakxer
|
|
2009-05-21
|
|
Flash Quiz Beta 2 - Multiple SQL Injections
|
3 |
WEB
|
YEnH4ckEr
|
|
2009-05-21
|
|
asp inline Corporate Calendar - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Bl@ckbe@rD
|
|
2009-05-21
|
|
VICIDIAL 2.0.5-173 - Authentication Bypass
|
4 |
WEB
|
Striker7
|
|
2009-05-20
|
|
Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-20
|
|
bSpeak 1.10 - 'forumid' Blind SQL Injection
|
3 |
WEB
|
snakespc
|
|
2009-05-20
|
|
PHP Article Publisher - Arbitrary Authentication Bypass
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-20
|
|
DMXReady Registration Manager 1.1 - Arbitrary File Upload
|
4 |
WEB
|
Securitylab.ir
|
|
2009-05-20
|
|
Realty Web-Base 1.0 - 'list_list.php?id' SQL Injection
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-20
|
|
NC LinkList 1.3.1 - Remote Command Injection
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-20
|
|
NC GBook 1.0 - Remote Command Injection
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-20
|
|
Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting
|
4 |
WEB
|
ByALBAYX
|
|
2009-05-20
|
|
Exjune Officer Message System 1 - Multiple Vulnerabilities
|
4 |
WEB
|
ByALBAYX
|
|
2009-05-20
|
|
Joomla! Component Casino 0.3.1 - Multiple SQL Injections s
|
4 |
WEB
|
ByALBAYX
|
|
2009-05-19
|
|
DM FileManager 3.9.2 - Authentication Bypass
|
4 |
WEB
|
snakespc
|
|
2009-05-19
|
|
Dog Pedigree Online Database 1.0.1b - Blind SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-19
|
|
Dog Pedigree Online Database 1.0.1b - Insecure Cookie Handling
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-19
|
|
Dog Pedigree Online Database 1.0.1b - Multiple SQL Injections
|
3 |
WEB
|
YEnH4ckEr
|
|
2009-05-19
|
|
vidshare pro - SQL Injection / Cross-Site Scripting
|
3 |
WEB
|
snakespc
|
|
2009-05-19
|
|
Coppermine Photo Gallery 1.4.22 - SQL Injection
|
4 |
WEB
|
girex
|
|
2009-05-19
|
|
PAD Site Scripts 3.6 - Insecure Cookie Handling
|
4 |
WEB
|
Mr.tro0oqy
|
|
2009-05-19
|
|
Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure
|
4 |
WEB
|
Securitylab.ir
|
|
2009-05-19
|
|
Joomla! Component com_gsticketsystem - 'catid' Blind SQL Injection
|
3 |
WEB
|
InjEctOr5
|
|
2009-05-19
|
|
VidShare Pro - Arbitrary File Upload
|
3 |
WEB
|
InjEctOr5
|
|
2009-05-18
|
|
PHP Article Publisher - Remote Change Admin Password
|
4 |
WEB
|
ahmadbady
|
|
2009-05-18
|
|
DGNews 3.0 Beta - 'id' SQL Injection
|
3 |
WEB
|
Cyber-Zone
|
|
2009-05-18
|
|
MaxCMS 2.0 - '/inc/ajax.asp' SQL Injection
|
4 |
WEB
|
Securitylab.ir
|
|
2009-05-18
|
|
Jieqi CMS 1.5 - Remote Code Execution
|
4 |
WEB
|
Securitylab.ir
|
|
2009-05-18
|
|
LightOpenCMS 0.1 - 'id' SQL Injection
|
4 |
WEB
|
Mi4night
|
|
2009-05-18
|
|
Dana Portal - Remote Change Admin Password
|
4 |
WEB
|
Abysssec
|
|
2009-05-18
|
|
douran portal 3.9.0.23 - Multiple Vulnerabilities
|
4 |
WEB
|
Abysssec
|
|
2009-05-18
|
|
ClanWeb 1.4.2 - Remote Change Password / Add Admin
|
4 |
WEB
|
ahmadbady
|
|
2009-05-18
|
|
Pluck CMS 4.6.2 - 'langpref' Local File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-05-18
|
|
Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin
|
4 |
WEB
|
ahmadbady
|
|
2009-05-18
|
|
coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities
|
4 |
WEB
|
girex
|
|
2009-05-18
|
|
Online Rental Property Script 5.0 - 'pid' SQL Injection
|
4 |
WEB
|
UnderTaker HaCkEr
|
|
2009-05-18
|
|
PHP Dir Submit - Authentication Bypass
|
4 |
WEB
|
snakespc
|
|
2009-05-18
|
|
Pc4Uploader 9.0 - Blind SQL Injection
|
4 |
WEB
|
Qabandi
|
|
2009-05-15
|
|
my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-15
|
|
my-colex 1.4.2 - Authentication Bypass / SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-15
|
|
PHPenpals 1.1 - 'mail.php?ID' SQL Injection
|
4 |
WEB
|
Br0ly
|
|
2009-05-15
|
|
DMXReady Registration Manager 1.1 - Database Disclosure
|
4 |
WEB
|
S4S-T3rr0r!sT
|
|
2009-05-15
|
|
2DayBiz Custom T-shirt Design - SQL Injection / Cross-Site Scripting
|
5 |
WEB
|
snakespc
|
|
2009-05-15
|
|
Rama CMS 0.9.8 - 'download.php' File Disclosure
|
4 |
WEB
|
Br0ly
|
|
2009-05-15
|
|
Harland Scripts 11 - Products Remote Command Execution
|
5 |
WEB
|
G4N0K
|
|
2009-05-15
|
|
Joomla! Component ArtForms 2.1 b7 - Remote File Inclusion
|
4 |
WEB
|
iskorpitx
|
|
2009-05-14
|
|
MRCGIGUY Top Sites 1.0.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-14
|
|
MRCGIGUY SimpLISTic SQL 2.0.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-14
|
|
2DayBiz Template Monster Clone - 'edituser.php' Change Pass
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
Easy Scripts Answer and Question Script - Multiple Vulnerabilities
|
4 |
WEB
|
InjEctOr5
|
|
2009-05-14
|
|
2DayBiz Business Community Script - Multiple Vulnerabilities
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
MRCGIGUY Ultimate Profit Portal 1.0.1 - Insecure Cookie Handling
|
2 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
MRCGIGUY The Ticket System 2.0 - Insecure Cookie Handling
|
3 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
MRCGIGUY Message Box 1.0 - Insecure Cookie Handling
|
2 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
MRCGIGUY Amazon Directory 1.0/2.0 - Insecure Cookie Handling
|
3 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
MRCGIGUY Hot Links SQL 3.2.0 - Insecure Cookie Handling
|
2 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
Submitter Script - Authentication Bypass
|
2 |
WEB
|
ThE g0bL!N
|
|
2009-05-14
|
|
MRCGIGUY ClickBank Directory 1.0.1 - Insecure Cookie Handling
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-14
|
|
StrawBerry 1.1.1 - Local File Inclusion / Remote Command Execution
|
4 |
WEB
|
[AVT]
|
|
2009-05-14
|
|
beLive 0.2.3 - 'arch.php?arch' Local File Inclusion
|
4 |
WEB
|
Kacper
|
|
2009-05-14
|
|
Shutter 0.1.1 - Multiple SQL Injections
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-14
|
|
My Game Script 2.0 - Authentication Bypass
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-14
|
|
Ascad Networks 5 - Products Insecure Cookie Handling
|
4 |
WEB
|
G4N0K
|
|
2009-05-13
|
|
Mlffat 2.1 - Cookie Authentication Bypass
|
4 |
WEB
|
Qabandi
|
|
2009-05-13
|
|
MaxCMS 2.0 - 'm_username' Arbitrary Create Admin
|
4 |
WEB
|
Securitylab.ir
|
|
2009-05-13
|
|
Family Connections CMS 1.9 - SQL Injection
|
5 |
WEB
|
YEnH4ckEr
|
|
2009-05-13
|
|
Password Protector SD 1.3.1 - Insecure Cookie Handling
|
4 |
WEB
|
Mr.tro0oqy
|
|
2009-05-13
|
|
TinyButStrong 3.4.0 - 'script' Local File Disclosure
|
4 |
WEB
|
ahmadbady
|
|
2009-05-12
|
|
BigACE 2.5 - SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-12
|
|
Bitweaver 2.6 - 'saveFeed()' Remote Code Execution
|
2 |
WEB
|
Nine:Situations:Group
|
|
2009-05-11
|
|
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection
|
5 |
WEB
|
scriptjunkie
|
|
2009-05-11
|
|
microTopic 1 - 'Rating' Blind SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-11
|
|
openWYSIWYG 1.4.7 - Local Directory Traversal
|
4 |
WEB
|
StAkeR
|
|
2009-05-11
|
|
Dacio's Image Gallery 1.6 - Directory Traversal / Authentication Bypass / Arbitrary File Upload
|
4 |
WEB
|
ahmadbady
|
|
2009-05-11
|
|
EggBlog 4.1.1 - Local Directory Traversal
|
4 |
WEB
|
StAkeR
|
|
2009-05-08
|
|
TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution
|
4 |
WEB
|
EgiX
|
|
2009-05-08
|
|
RTWebalbum 1.0.462 - 'albumID' Blind SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-08
|
|
Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload
|
4 |
WEB
|
Cyber-Zone
|
|
2009-05-08
|
|
Luxbum 0.5.5/stable - Authentication Bypass
|
4 |
WEB
|
knxone
|
|
2009-05-08
|
|
Realty Web-Base 1.0 - Authentication Bypass
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-08
|
|
The Recipe Script 5 - Authentication Bypass / Database Backup
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
Job Script 2.0 - Arbitrary Change Admin Password
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
Simple Customer 1.3 - Arbitrary Change Admin Password
|
5 |
WEB
|
ahmadbady
|
|
2009-05-07
|
|
ST-Gallery 0.1a - Multiple SQL Injections
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-07
|
|
VIDEOSCRIPT.us - Authentication Bypass
|
4 |
WEB
|
snakespc
|
|
2009-05-07
|
|
T-Dreams Job Career Package 3.0 - Insecure Cookie Handling
|
4 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
TCPDB 3.8 - Arbitrary Add Admin Account
|
4 |
WEB
|
Mr.tro0oqy
|
|
2009-05-07
|
|
webSPELL 4.2.0e - 'page' Blind SQL Injection
|
5 |
WEB
|
DNX
|
|
2009-05-05
|
|
Joomla! Component Almond Classifieds 5.6.2 - Blind SQL Injection
|
4 |
WEB
|
InjEctOr5
|
|
2009-05-05
|
|
LinkBase 2.0 - Remote Cookie Grabber
|
4 |
WEB
|
SirGod
|
|
2009-05-05
|
|
TemaTres 1.0.3 - Blind SQL Injection
|
5 |
WEB
|
YEnH4ckEr
|
|
2009-05-05
|
|
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-04
|
|
Ublog access version - Arbitrary Database Disclosure
|
4 |
WEB
|
Cyber-Zone
|
|
2009-05-04
|
|
Uguestbook 1.0b - 'Guestbook.mdb' Arbitrary Database Disclosure
|
4 |
WEB
|
Cyber-Zone
|
|
2009-05-04
|
|
projectCMS 1.1b - Multiple Vulnerabilities
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-04
|
|
Million Dollar Text Links 1.0 - Arbitrary Authentication Bypass
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-04
|
|
PHP Site Lock 2.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-05-04
|
|
eLitius 1.0 - Remote Command Execution
|
4 |
WEB
|
G4N0K
|
|
2009-05-04
|
|
Qt QuickTeam - Multiple Remote File Inclusions
|
3 |
WEB
|
ahmadbady
|
|
2009-05-04
|
|
BluSky CMS - 'news_id' SQL Injection
|
4 |
WEB
|
snakespc
|
|
2009-05-04
|
|
AGTC MyShop 3.2 - Insecure Cookie Handling
|
4 |
WEB
|
Mr.tro0oqy
|
|
2009-05-04
|
|
Winn ASP Guestbook 1.01b - Remote Database Disclosure
|
3 |
WEB
|
ZoRLu
|
|
2009-05-01
|
|
pecio CMS 1.1.5 - 'index.php?language' Local File Inclusion
|
4 |
WEB
|
SirGod
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Remote User Options Changer
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Multiple SQL Injections
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
Golabi CMS 1.0.1 - Session Poisoning
|
4 |
WEB
|
CrazyAngel
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
Tiger Dms - Authentication Bypass
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-04-29
|
|
Zubrag Smart File Download 1.3 - Arbitrary File Download
|
4 |
WEB
|
Aodrulez
|
|
2009-04-29
|
|
S-CMS 1.1 Stable - 'page' Local File Inclusion
|
4 |
WEB
|
ZoRLu
|
|
2009-04-29
|
|
ProjectCMS 1.0b - 'index.php?sn' SQL Injection
|
4 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
eLitius 1.0 - 'banner-details.php?id' SQL Injection
|
3 |
WEB
|
snakespc
|
|
2009-04-28
|
|
webSPELL 4.2.0d (Linux) - Local File Disclosure
|
4 |
WEB
|
StAkeR
|
|
2009-04-28
|
|
MIM: InfiniX 1.2.003 - Multiple SQL Injections
|
3 |
WEB
|
YEnH4ckEr
|
|
2009-04-28
|
|
VisionLms 1.0 - 'changePW.php' Remote Password Change
|
4 |
WEB
|
Mr.tro0oqy
|
|
2009-04-27
|
|
ABC Advertise 1.0 - Admin Password Disclosure
|
4 |
WEB
|
SirGod
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Remote Password Change
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LiveHelp 2.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway FileStream 1.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Insecure Cookie Handling
|
4 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
|
4 |
WEB
|
SirGod
|
