|
2009-05-04
|
|
Qt QuickTeam - Multiple Remote File Inclusions
|
7 |
WEB
|
ahmadbady
|
|
2009-05-04
|
|
BluSky CMS - 'news_id' SQL Injection
|
8 |
WEB
|
snakespc
|
|
2009-05-04
|
|
AGTC MyShop 3.2 - Insecure Cookie Handling
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-05-04
|
|
Winn ASP Guestbook 1.01b - Remote Database Disclosure
|
8 |
WEB
|
ZoRLu
|
|
2009-05-01
|
|
pecio CMS 1.1.5 - 'index.php?language' Local File Inclusion
|
9 |
WEB
|
SirGod
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Remote User Options Changer
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Multiple SQL Injections
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
Golabi CMS 1.0.1 - Session Poisoning
|
8 |
WEB
|
CrazyAngel
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
|
9 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
Tiger Dms - Authentication Bypass
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-29
|
|
Zubrag Smart File Download 1.3 - Arbitrary File Download
|
8 |
WEB
|
Aodrulez
|
|
2009-04-29
|
|
S-CMS 1.1 Stable - 'page' Local File Inclusion
|
8 |
WEB
|
ZoRLu
|
|
2009-04-29
|
|
ProjectCMS 1.0b - 'index.php?sn' SQL Injection
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
eLitius 1.0 - 'banner-details.php?id' SQL Injection
|
7 |
WEB
|
snakespc
|
|
2009-04-28
|
|
webSPELL 4.2.0d (Linux) - Local File Disclosure
|
8 |
WEB
|
StAkeR
|
|
2009-04-28
|
|
MIM: InfiniX 1.2.003 - Multiple SQL Injections
|
7 |
WEB
|
YEnH4ckEr
|
|
2009-04-28
|
|
VisionLms 1.0 - 'changePW.php' Remote Password Change
|
8 |
WEB
|
Mr.tro0oqy
|
|
2009-04-27
|
|
ABC Advertise 1.0 - Admin Password Disclosure
|
8 |
WEB
|
SirGod
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Remote Password Change
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LiveHelp 2.0 - Insecure Cookie Handling
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway FileStream 1.0 - Insecure Cookie Handling
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Insecure Cookie Handling
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
|
9 |
WEB
|
SirGod
|
|
2009-04-27
|
|
ECShop 2.5.0 - 'order_sn' SQL Injection
|
8 |
WEB
|
Securitylab.ir
|
|
2009-04-27
|
|
EZ-Blog Beta2 - 'category' SQL Injection
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-27
|
|
Thickbox Gallery 2 - 'index.php' Local File Inclusion
|
8 |
WEB
|
SirGod
|
|
2009-04-27
|
|
Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting
|
8 |
WEB
|
d3v1l
|
|
2009-04-27
|
|
LightBlog 9.9.2 - 'register.php' Remote Code Execution
|
8 |
WEB
|
EgiX
|
|
2009-04-27
|
|
Opencart 1.1.8 - 'route' Local File Inclusion
|
8 |
WEB
|
OoN_Boy
|
|
2009-04-27
|
|
Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure
|
8 |
WEB
|
brain[pillow]
|
|
2009-04-24
|
|
Pragyan CMS 2.6.4 - Multiple SQL Injections
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-24
|
|
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-24
|
|
Absolute Form Processor XE-V 1.5 - Remote Change Password
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-24
|
|
Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling
|
8 |
WEB
|
ZoRLu
|
|
2009-04-23
|
|
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-22
|
|
Joomla! Component rsmonials - Cross-Site Scripting
|
8 |
WEB
|
jdc
|
|
2009-04-22
|
|
WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions
|
8 |
WEB
|
ahmadbady
|
|
2009-04-22
|
|
5 star Rating 1.2 - Authentication Bypass
|
8 |
WEB
|
zer0day
|
|
2009-04-22
|
|
Elkagroup Image Gallery 1.0 - Arbitrary File Upload
|
7 |
WEB
|
Securitylab.ir
|
|
2009-04-22
|
|
Dokeos Lms 1.8.5 - 'Include' Remote Code Execution
|
7 |
WEB
|
StAkeR
|
|
2009-04-21
|
|
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosu
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-21
|
|
Studio Lounge Address Book 2.5 - Authentication Bypass
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-21
|
|
I-Rater Pro/Plantinum 4.0 - Authentication Bypass
|
8 |
WEB
|
Hakxer
|
|
2009-04-21
|
|
VS PANEL 7.3.6 - 'Cat_ID' SQL Injection
|
8 |
WEB
|
Player
|
|
2009-04-21
|
|
Quick.CMS.Lite 0.5 - 'id' SQL Injection
|
8 |
WEB
|
Player
|
|
2009-04-21
|
|
NotFTP 1.3.1 - 'newlang' Local File Inclusion
|
7 |
WEB
|
Kacper
|
|
2009-04-21
|
|
TotalCalendar 2.4 - 'Include' Local File Inclusion
|
7 |
WEB
|
SirGod
|
|
2009-04-21
|
|
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
|
8 |
WEB
|
SirGod
|
|
2009-04-21
|
|
CRE Loaded 6.2 - 'products_id' SQL Injection
|
7 |
WEB
|
Player
|
|
2009-04-21
|
|
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
|
8 |
WEB
|
EgiX
|
|
2009-04-20
|
|
eLitius 1.0 - Arbitrary Database Backup
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
Creasito E-Commerce 1.3.16 - Authentication Bypass
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-20
|
|
TotalCalendar 2.4 - Remote Password Change
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
e107 < 0.7.15 - 'extended_user_fields' Blind SQL Injection
|
8 |
WEB
|
StAkeR
|
|
2009-04-20
|
|
TotalCalendar 2.4 - 'inc_dir' Remote File Inclusion
|
8 |
WEB
|
DarKdewiL
|
|
2009-04-20
|
|
fungamez rc1 - Authentication Bypass / Local File Inclusion
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-20
|
|
WB News 2.1.2 - Insecure Cookie Handling
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
WysGui CMS 1.2b - Insecure Cookie Handling Blind SQL Injection
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-20
|
|
Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection
|
8 |
WEB
|
Rohit Bansal
|
|
2009-04-20
|
|
EZ Webitor - Authentication Bypass
|
8 |
WEB
|
snakespc
|
|
2009-04-20
|
|
webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
|
8 |
WEB
|
girex
|
|
2009-04-20
|
|
Seditio CMS Events Plugin - 'c' SQL Injection
|
8 |
WEB
|
OoN_Boy
|
|
2009-04-20
|
|
Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
|
8 |
WEB
|
JosS
|
|
2009-04-20
|
|
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-17
|
|
Hot Project 7.0 - Authentication Bypass
|
8 |
WEB
|
HCOCA_MAN
|
|
2009-04-17
|
|
Online Email Manager - Insecure Cookie Handling
|
8 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
|
8 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
e-cart.biz Shopping Cart - Arbitrary File Upload
|
8 |
WEB
|
ahmadbady
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - 'slug' Blind SQL Injection
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - Authentication Bypass
|
9 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation
|
8 |
WEB
|
Alfons Luja
|
|
2009-04-17
|
|
Tiny Blogr 1.0.0 rc4 - Authentication Bypass
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-16
|
|
chCounter 3.1.3 - Authentication Bypass
|
8 |
WEB
|
tmh
|
|
2009-04-16
|
|
SMA-DB 0.3.13 - Multiple Remote File Inclusions
|
8 |
WEB
|
JosS
|
|
2009-04-16
|
|
eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password
|
9 |
WEB
|
ThE g0bL!N
|
|
2009-04-16
|
|
NetHoteles 3.0 - 'ficha.php' SQL Injection
|
8 |
WEB
|
snakespc
|
|
2009-04-16
|
|
CPCommerce 1.2.8 - 'id_document' Blind SQL Injection
|
8 |
WEB
|
NoGe
|
|
2009-04-16
|
|
DNS Tools (PHP Digger) - Remote Command Execution
|
8 |
WEB
|
SirGod
|
|
2009-04-16
|
|
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
|
8 |
WEB
|
YEnH4ckEr
|
|
2009-04-16
|
|
Online Password Manager 4.1 - Insecure Cookie Handling
|
8 |
WEB
|
ZoRLu
|
|
2009-04-16
|
|
NetHoteles 2.0/3.0 - Authentication Bypass
|
7 |
WEB
|
Dns-Team
|
|
2009-04-16
|
|
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
|
8 |
WEB
|
Nine:Situations:Group
|
|
2009-04-15
|
|
FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
|
7 |
WEB
|
ahmadbady
|
|
2009-04-15
|
|
Job2C 4.2 - 'adtype' Local File Inclusion
|
8 |
WEB
|
ZoRLu
|
|
2009-04-15
|
|
Job2C - 'conf.inc' Configuration File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpDatingClub - 'conf.inc' File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoardPro - 'config.inc' Configuration File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpGreetCards - Config File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
Job2C 4.2 - 'profile' Arbitrary File Upload
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-14
|
|
phpEmployment - 'conf.inc' File Disclosure
|
8 |
WEB
|
InjEctOr5
|
|
2009-04-14
|
|
RQms (Rash) 1.2.2 - Multiple SQL Injections
|
8 |
WEB
|
Dimi4
|
|
2009-04-14
|
|
Aqua CMS - 'Username' SQL Injection
|
8 |
WEB
|
halkfild
|
|
2009-04-14
|
|
GuestCal 2.1 - 'index.php?lang' Local File Inclusion
|
8 |
WEB
|
SirGod
|
|
2009-04-14
|
|
PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scrip
|
8 |
WEB
|
SirDarckCat
|
|
2009-04-14
|
|
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
|
8 |
WEB
|
DSecRG
|
|
2009-04-14
|
|
Jamroom 4.0.2 - 't' Local File Inclusion
|
8 |
WEB
|
zxvf
|
|
2009-04-13
|
|
ASP Product Catalog 1.0 - Cross-Site Scripting / File Disclosure
|
8 |
WEB
|
AlpHaNiX
|
|
2009-04-13
|
|
e107 Plugin userjournals_menu - 'blog.id' SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2009-04-13
|
|
FreznoShop 1.3.0 - 'id' SQL Injection
|
8 |
WEB
|
NoGe
|
|
2009-04-13
|
|
XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass
|
8 |
WEB
|
Dr-HTmL
|
|
2009-04-13
|
|
Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion
|
9 |
WEB
|
ahmadbady
|
|
2009-04-13
|
|
X10media Mp3 Search Engine < 1.6.2 - Admin Access
|
8 |
WEB
|
THUNDER
|
|
2009-04-13
|
|
Flatnuke 2.7.1 - 'level' Privilege Escalation
|
8 |
WEB
|
StAkeR
|
|
2009-04-10
|
|
FunkyASP AD System 1.1 - Arbitrary File Upload
|
8 |
WEB
|
ZoRLu
|
|
2009-04-10
|
|
w3bcms Gaestebuch 3.0.0 - Blind SQL Injection
|
8 |
WEB
|
DNX
|
|
2009-04-10
|
|
RedaxScript 0.2.0 - 'Language' Local File Inclusion
|
8 |
WEB
|
SirGod
|
|
2009-04-10
|
|
moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
|
9 |
WEB
|
SirGod
|
|
2009-04-10
|
|
Loggix Project 9.4.5 - 'refer_id' Blind SQL Injection
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-10
|
|
PHP-Agenda 2.2.5 - Remote File Overwriting
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
dynamic flash forum 1.0 Beta - Multiple Vulnerabilities
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
Absolute Form Processor XE-V 1.5 - Authentication Bypass
|
8 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
My Dealer CMS 2.0 - Authentication Bypass
|
9 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
adaptbb 1.0b - Multiple Vulnerabilities
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
WebFileExplorer 3.1 - Authentication Bypass
|
8 |
WEB
|
Osirys
|
|
2009-04-09
|
|
Simbas CMS 2.0 - Authentication Bypass
|
9 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
Back-End CMS 5.0 - 'main.asp?id' SQL Injection
|
8 |
WEB
|
AnGeL25dZ
|
|
2009-04-09
|
|
Exjune Guestbook 2.0 - Remote Database Disclosure
|
8 |
WEB
|
AlpHaNiX
|
|
2009-04-09
|
|
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
|
8 |
WEB
|
Nine:Situations:Group
|
|
2009-04-08
|
|
WebFileExplorer 3.1 - 'db.mdb' Database Disclosure
|
8 |
WEB
|
ByALBAYX
|
|
2009-04-08
|
|
Xplode CMS - 'wrap_script' SQL Injection
|
8 |
WEB
|
PLATEN
|
