|
2009-05-13
|
|
Password Protector SD 1.3.1 - Insecure Cookie Handling
|
18 |
WEB
|
Mr.tro0oqy
|
|
2009-05-13
|
|
TinyButStrong 3.4.0 - 'script' Local File Disclosure
|
19 |
WEB
|
ahmadbady
|
|
2009-05-12
|
|
BigACE 2.5 - SQL Injection
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-05-12
|
|
Bitweaver 2.6 - 'saveFeed()' Remote Code Execution
|
17 |
WEB
|
Nine:Situations:Group
|
|
2009-05-11
|
|
PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection
|
20 |
WEB
|
scriptjunkie
|
|
2009-05-11
|
|
microTopic 1 - 'Rating' Blind SQL Injection
|
20 |
WEB
|
YEnH4ckEr
|
|
2009-05-11
|
|
openWYSIWYG 1.4.7 - Local Directory Traversal
|
19 |
WEB
|
StAkeR
|
|
2009-05-11
|
|
Dacio's Image Gallery 1.6 - Directory Traversal / Authentication Bypass / Arbitrary File Upload
|
18 |
WEB
|
ahmadbady
|
|
2009-05-11
|
|
EggBlog 4.1.1 - Local Directory Traversal
|
17 |
WEB
|
StAkeR
|
|
2009-05-08
|
|
TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution
|
17 |
WEB
|
EgiX
|
|
2009-05-08
|
|
RTWebalbum 1.0.462 - 'albumID' Blind SQL Injection
|
16 |
WEB
|
YEnH4ckEr
|
|
2009-05-08
|
|
Battle Blog 1.25 - 'uploadform.asp' Arbitrary File Upload
|
15 |
WEB
|
Cyber-Zone
|
|
2009-05-08
|
|
Luxbum 0.5.5/stable - Authentication Bypass
|
18 |
WEB
|
knxone
|
|
2009-05-08
|
|
Realty Web-Base 1.0 - Authentication Bypass
|
17 |
WEB
|
ThE g0bL!N
|
|
2009-05-08
|
|
The Recipe Script 5 - Authentication Bypass / Database Backup
|
17 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
Job Script 2.0 - Arbitrary Change Admin Password
|
20 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
Simple Customer 1.3 - Arbitrary Change Admin Password
|
20 |
WEB
|
ahmadbady
|
|
2009-05-07
|
|
ST-Gallery 0.1a - Multiple SQL Injections
|
22 |
WEB
|
YEnH4ckEr
|
|
2009-05-07
|
|
VIDEOSCRIPT.us - Authentication Bypass
|
23 |
WEB
|
snakespc
|
|
2009-05-07
|
|
T-Dreams Job Career Package 3.0 - Insecure Cookie Handling
|
17 |
WEB
|
TiGeR-Dz
|
|
2009-05-07
|
|
TCPDB 3.8 - Arbitrary Add Admin Account
|
19 |
WEB
|
Mr.tro0oqy
|
|
2009-05-07
|
|
webSPELL 4.2.0e - 'page' Blind SQL Injection
|
20 |
WEB
|
DNX
|
|
2009-05-05
|
|
Joomla! Component Almond Classifieds 5.6.2 - Blind SQL Injection
|
19 |
WEB
|
InjEctOr5
|
|
2009-05-05
|
|
LinkBase 2.0 - Remote Cookie Grabber
|
17 |
WEB
|
SirGod
|
|
2009-05-05
|
|
TemaTres 1.0.3 - Blind SQL Injection
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-05-05
|
|
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
|
20 |
WEB
|
YEnH4ckEr
|
|
2009-05-04
|
|
Ublog access version - Arbitrary Database Disclosure
|
20 |
WEB
|
Cyber-Zone
|
|
2009-05-04
|
|
Uguestbook 1.0b - 'Guestbook.mdb' Arbitrary Database Disclosure
|
17 |
WEB
|
Cyber-Zone
|
|
2009-05-04
|
|
projectCMS 1.1b - Multiple Vulnerabilities
|
24 |
WEB
|
YEnH4ckEr
|
|
2009-05-04
|
|
Million Dollar Text Links 1.0 - Arbitrary Authentication Bypass
|
20 |
WEB
|
ThE g0bL!N
|
|
2009-05-04
|
|
PHP Site Lock 2.0 - Insecure Cookie Handling
|
19 |
WEB
|
ThE g0bL!N
|
|
2009-05-04
|
|
eLitius 1.0 - Remote Command Execution
|
18 |
WEB
|
G4N0K
|
|
2009-05-04
|
|
Qt QuickTeam - Multiple Remote File Inclusions
|
16 |
WEB
|
ahmadbady
|
|
2009-05-04
|
|
BluSky CMS - 'news_id' SQL Injection
|
17 |
WEB
|
snakespc
|
|
2009-05-04
|
|
AGTC MyShop 3.2 - Insecure Cookie Handling
|
19 |
WEB
|
Mr.tro0oqy
|
|
2009-05-04
|
|
Winn ASP Guestbook 1.01b - Remote Database Disclosure
|
19 |
WEB
|
ZoRLu
|
|
2009-05-01
|
|
pecio CMS 1.1.5 - 'index.php?language' Local File Inclusion
|
18 |
WEB
|
SirGod
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Remote User Options Changer
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
MiniTwitter 0.2b - Multiple SQL Injections
|
19 |
WEB
|
YEnH4ckEr
|
|
2009-05-01
|
|
Golabi CMS 1.0.1 - Session Poisoning
|
16 |
WEB
|
CrazyAngel
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
|
16 |
WEB
|
YEnH4ckEr
|
|
2009-04-30
|
|
Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
|
19 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
Tiger Dms - Authentication Bypass
|
20 |
WEB
|
ThE g0bL!N
|
|
2009-04-29
|
|
Zubrag Smart File Download 1.3 - Arbitrary File Download
|
19 |
WEB
|
Aodrulez
|
|
2009-04-29
|
|
S-CMS 1.1 Stable - 'page' Local File Inclusion
|
18 |
WEB
|
ZoRLu
|
|
2009-04-29
|
|
ProjectCMS 1.0b - 'index.php?sn' SQL Injection
|
22 |
WEB
|
YEnH4ckEr
|
|
2009-04-29
|
|
eLitius 1.0 - 'banner-details.php?id' SQL Injection
|
19 |
WEB
|
snakespc
|
|
2009-04-28
|
|
webSPELL 4.2.0d (Linux) - Local File Disclosure
|
17 |
WEB
|
StAkeR
|
|
2009-04-28
|
|
MIM: InfiniX 1.2.003 - Multiple SQL Injections
|
17 |
WEB
|
YEnH4ckEr
|
|
2009-04-28
|
|
VisionLms 1.0 - 'changePW.php' Remote Password Change
|
21 |
WEB
|
Mr.tro0oqy
|
|
2009-04-27
|
|
ABC Advertise 1.0 - Admin Password Disclosure
|
19 |
WEB
|
SirGod
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Remote Password Change
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LiveHelp 2.0 - Insecure Cookie Handling
|
18 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway FileStream 1.0 - Insecure Cookie Handling
|
17 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Teraway LinkTracker 1.0 - Insecure Cookie Handling
|
19 |
WEB
|
ThE g0bL!N
|
|
2009-04-27
|
|
Flatchat 3.0 - 'pmscript.php' Local File Inclusion
|
18 |
WEB
|
SirGod
|
|
2009-04-27
|
|
ECShop 2.5.0 - 'order_sn' SQL Injection
|
19 |
WEB
|
Securitylab.ir
|
|
2009-04-27
|
|
EZ-Blog Beta2 - 'category' SQL Injection
|
17 |
WEB
|
YEnH4ckEr
|
|
2009-04-27
|
|
Thickbox Gallery 2 - 'index.php' Local File Inclusion
|
20 |
WEB
|
SirGod
|
|
2009-04-27
|
|
Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting
|
18 |
WEB
|
d3v1l
|
|
2009-04-27
|
|
LightBlog 9.9.2 - 'register.php' Remote Code Execution
|
18 |
WEB
|
EgiX
|
|
2009-04-27
|
|
Opencart 1.1.8 - 'route' Local File Inclusion
|
21 |
WEB
|
OoN_Boy
|
|
2009-04-27
|
|
Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure
|
20 |
WEB
|
brain[pillow]
|
|
2009-04-24
|
|
Pragyan CMS 2.6.4 - Multiple SQL Injections
|
20 |
WEB
|
Salvatore Fresta
|
|
2009-04-24
|
|
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
|
20 |
WEB
|
YEnH4ckEr
|
|
2009-04-24
|
|
Absolute Form Processor XE-V 1.5 - Remote Change Password
|
20 |
WEB
|
ThE g0bL!N
|
|
2009-04-24
|
|
Absolute Form Processor XE-V 1.5 - Insecure Cookie Handling
|
17 |
WEB
|
ZoRLu
|
|
2009-04-23
|
|
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-04-22
|
|
Joomla! Component rsmonials - Cross-Site Scripting
|
17 |
WEB
|
jdc
|
|
2009-04-22
|
|
WebPortal CMS 0.8b - Multiple Local/Remote File Inclusions
|
17 |
WEB
|
ahmadbady
|
|
2009-04-22
|
|
5 star Rating 1.2 - Authentication Bypass
|
19 |
WEB
|
zer0day
|
|
2009-04-22
|
|
Elkagroup Image Gallery 1.0 - Arbitrary File Upload
|
18 |
WEB
|
Securitylab.ir
|
|
2009-04-22
|
|
Dokeos Lms 1.8.5 - 'Include' Remote Code Execution
|
18 |
WEB
|
StAkeR
|
|
2009-04-21
|
|
mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosu
|
16 |
WEB
|
YEnH4ckEr
|
|
2009-04-21
|
|
Studio Lounge Address Book 2.5 - Authentication Bypass
|
20 |
WEB
|
ThE g0bL!N
|
|
2009-04-21
|
|
I-Rater Pro/Plantinum 4.0 - Authentication Bypass
|
18 |
WEB
|
Hakxer
|
|
2009-04-21
|
|
VS PANEL 7.3.6 - 'Cat_ID' SQL Injection
|
18 |
WEB
|
Player
|
|
2009-04-21
|
|
Quick.CMS.Lite 0.5 - 'id' SQL Injection
|
18 |
WEB
|
Player
|
|
2009-04-21
|
|
NotFTP 1.3.1 - 'newlang' Local File Inclusion
|
19 |
WEB
|
Kacper
|
|
2009-04-21
|
|
TotalCalendar 2.4 - 'Include' Local File Inclusion
|
15 |
WEB
|
SirGod
|
|
2009-04-21
|
|
pastelcms 0.8.0 - Local File Inclusion / SQL Injection
|
21 |
WEB
|
SirGod
|
|
2009-04-21
|
|
CRE Loaded 6.2 - 'products_id' SQL Injection
|
15 |
WEB
|
Player
|
|
2009-04-21
|
|
Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection
|
18 |
WEB
|
EgiX
|
|
2009-04-20
|
|
eLitius 1.0 - Arbitrary Database Backup
|
16 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
Creasito E-Commerce 1.3.16 - Authentication Bypass
|
17 |
WEB
|
Salvatore Fresta
|
|
2009-04-20
|
|
TotalCalendar 2.4 - Remote Password Change
|
19 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
e107 < 0.7.15 - 'extended_user_fields' Blind SQL Injection
|
17 |
WEB
|
StAkeR
|
|
2009-04-20
|
|
TotalCalendar 2.4 - 'inc_dir' Remote File Inclusion
|
23 |
WEB
|
DarKdewiL
|
|
2009-04-20
|
|
fungamez rc1 - Authentication Bypass / Local File Inclusion
|
21 |
WEB
|
YEnH4ckEr
|
|
2009-04-20
|
|
WB News 2.1.2 - Insecure Cookie Handling
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
WysGui CMS 1.2b - Insecure Cookie Handling Blind SQL Injection
|
21 |
WEB
|
YEnH4ckEr
|
|
2009-04-20
|
|
Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection
|
21 |
WEB
|
Rohit Bansal
|
|
2009-04-20
|
|
EZ Webitor - Authentication Bypass
|
17 |
WEB
|
snakespc
|
|
2009-04-20
|
|
webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-20
|
|
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
|
18 |
WEB
|
girex
|
|
2009-04-20
|
|
Seditio CMS Events Plugin - 'c' SQL Injection
|
16 |
WEB
|
OoN_Boy
|
|
2009-04-20
|
|
Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
|
18 |
WEB
|
JosS
|
|
2009-04-20
|
|
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
|
19 |
WEB
|
Salvatore Fresta
|
|
2009-04-17
|
|
Hot Project 7.0 - Authentication Bypass
|
20 |
WEB
|
HCOCA_MAN
|
|
2009-04-17
|
|
Online Email Manager - Insecure Cookie Handling
|
19 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
|
17 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
e-cart.biz Shopping Cart - Arbitrary File Upload
|
16 |
WEB
|
ahmadbady
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - 'slug' Blind SQL Injection
|
19 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - Authentication Bypass
|
21 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation
|
22 |
WEB
|
Alfons Luja
|
|
2009-04-17
|
|
Tiny Blogr 1.0.0 rc4 - Authentication Bypass
|
17 |
WEB
|
Salvatore Fresta
|
|
2009-04-16
|
|
chCounter 3.1.3 - Authentication Bypass
|
18 |
WEB
|
tmh
|
|
2009-04-16
|
|
SMA-DB 0.3.13 - Multiple Remote File Inclusions
|
18 |
WEB
|
JosS
|
|
2009-04-16
|
|
eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-16
|
|
NetHoteles 3.0 - 'ficha.php' SQL Injection
|
20 |
WEB
|
snakespc
|
|
2009-04-16
|
|
CPCommerce 1.2.8 - 'id_document' Blind SQL Injection
|
19 |
WEB
|
NoGe
|
|
2009-04-16
|
|
DNS Tools (PHP Digger) - Remote Command Execution
|
20 |
WEB
|
SirGod
|
|
2009-04-16
|
|
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
|
20 |
WEB
|
YEnH4ckEr
|
|
2009-04-16
|
|
Online Password Manager 4.1 - Insecure Cookie Handling
|
18 |
WEB
|
ZoRLu
|
|
2009-04-16
|
|
NetHoteles 2.0/3.0 - Authentication Bypass
|
20 |
WEB
|
Dns-Team
|
|
2009-04-16
|
|
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
|
19 |
WEB
|
Nine:Situations:Group
|
|
2009-04-15
|
|
FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
|
17 |
WEB
|
ahmadbady
|
|
2009-04-15
|
|
Job2C 4.2 - 'adtype' Local File Inclusion
|
19 |
WEB
|
ZoRLu
|
|
2009-04-15
|
|
Job2C - 'conf.inc' Configuration File Disclosure
|
17 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpDatingClub - 'conf.inc' File Disclosure
|
16 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoardPro - 'config.inc' Configuration File Disclosure
|
17 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure
|
18 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpGreetCards - Config File Disclosure
|
18 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
|
18 |
WEB
|
InjEctOr5
|
