|
2009-04-08
|
|
photo graffix 3.4 - Multiple Vulnerabilities
|
9 |
WEB
|
ahmadbady
|
|
2009-04-08
|
|
Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
|
8 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
Joomla! Component MailTo - 'article' SQL Injection
|
9 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
Joomla! Component Maian Music 1.2.1 - 'category' SQL Injection
|
10 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
saspcms 0.9 - Multiple Vulnerabilities
|
8 |
WEB
|
BugReport.IR
|
|
2009-04-07
|
|
Lanius CMS 0.5.2 - Arbitrary File Upload
|
8 |
WEB
|
EgiX
|
|
2009-04-07
|
|
Family Connections CMS 1.8.2 - Blind SQL Injection
|
9 |
WEB
|
Salvatore Fresta
|
|
2009-04-06
|
|
iDB 0.2.5pa SVN 243 - 'skin' Local File Inclusion
|
8 |
WEB
|
LOTFREE
|
|
2009-04-06
|
|
FlexCMS Calendar - 'itemID' Blind SQL Injection
|
8 |
WEB
|
Lanti-Net
|
|
2009-04-06
|
|
Joomla! Component com_bookJoomlas 0.1 - SQL Injection
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-03
|
|
AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure
|
9 |
WEB
|
StAkeR
|
|
2009-04-03
|
|
Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
|
8 |
WEB
|
brain[pillow]
|
|
2009-04-03
|
|
Family Connections 1.8.2 - Arbitrary File Upload
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-04-03
|
|
form2list - 'page.php?id' SQL Injection
|
8 |
WEB
|
Cyber-Zone
|
|
2009-04-03
|
|
glFusion 1.1.2 - 'COM_applyFilter()/cookies' Blind SQL Injection
|
8 |
WEB
|
Nine:Situations:Group
|
|
2009-04-03
|
|
ActiveKB KnowledgeBase - 'Panel' Local File Inclusion
|
8 |
WEB
|
Angela Chang
|
|
2009-04-01
|
|
TinyPHPForum 3.61 - File Disclosure / Code Execution
|
8 |
WEB
|
brain[pillow]
|
|
2009-04-01
|
|
MyioSoft Ajax Portal 3.0 - 'page' SQL Injection
|
8 |
WEB
|
cOndemned
|
|
2009-04-01
|
|
Koschtit Image Gallery 1.82 - Multiple Local File Inclusions
|
8 |
WEB
|
ahmadbady
|
|
2009-03-31
|
|
vsp stats processor 0.45 - 'gamestat.php?gameID' SQL Injection
|
8 |
WEB
|
Dimi4
|
|
2009-03-31
|
|
PHPRecipeBook 2.39 - 'course_id' SQL Injection
|
8 |
WEB
|
DarKdewiL
|
|
2009-03-31
|
|
JobHut 1.2 - Remote Password Change/Delete/Activate User
|
7 |
WEB
|
ThE g0bL!N
|
|
2009-03-31
|
|
webEdition 6.0.0.4 - 'WE_LANGUAGE' Local File Inclusion
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-31
|
|
virtuemart 1.1.2 - Multiple Vulnerabilities
|
8 |
WEB
|
waraxe
|
|
2009-03-31
|
|
VirtueMart 1.1.2 - SQL Injection (Metasploit)
|
8 |
WEB
|
waraxe
|
|
2009-03-31
|
|
Podcast Generator 1.1 - Remote Code Execution
|
8 |
WEB
|
BlackHawk
|
|
2009-03-31
|
|
Community CMS 0.5 - Multiple SQL Injections
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
family connection 1.8.1 - Multiple Vulnerabilities
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
JobHut 1.2 - 'pk' SQL Injection
|
9 |
WEB
|
K-159
|
|
2009-03-30
|
|
X-Forum 0.6.2 - Remote Command Execution
|
9 |
WEB
|
Osirys
|
|
2009-03-30
|
|
gravy media CMS 1.07 - Multiple Vulnerabilities
|
9 |
WEB
|
x0r
|
|
2009-03-30
|
|
BandSite CMS 1.1.4 - 'members.php' SQL Injection
|
8 |
WEB
|
SirGod
|
|
2009-03-30
|
|
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
|
8 |
WEB
|
AnGeL25dZ
|
|
2009-03-29
|
|
iWare CMS 5.0.4 - Multiple SQL Injections
|
8 |
WEB
|
boom3rang
|
|
2009-03-29
|
|
Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling
|
8 |
WEB
|
ZoRLu
|
|
2009-03-29
|
|
glFusion 1.1.2 - 'COM_applyFilter()/order' SQL Injection
|
8 |
WEB
|
Nine:Situations:Group
|
|
2009-03-27
|
|
My Simple Forum 7.1 - Remote Command Execution
|
8 |
WEB
|
Osirys
|
|
2009-03-27
|
|
Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure
|
8 |
WEB
|
Christian J. Eibl
|
|
2009-03-27
|
|
Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
|
10 |
WEB
|
Anarchy Angel
|
|
2009-03-27
|
|
Free PHP Petition Signing Script - Authentication Bypass
|
8 |
WEB
|
Qabandi
|
|
2009-03-27
|
|
Simply Classified 0.2 - 'category_id' SQL Injection
|
9 |
WEB
|
G4N0K
|
|
2009-03-26
|
|
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
|
8 |
WEB
|
SirGod
|
|
2009-03-26
|
|
blogplus 1.0 - Multiple Local File Inclusions
|
8 |
WEB
|
ahmadbady
|
|
2009-03-26
|
|
PhotoStand 1.2.0 - Remote Command Execution
|
7 |
WEB
|
Osirys
|
|
2009-03-25
|
|
WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload
|
8 |
WEB
|
Ahmad Pay
|
|
2009-03-25
|
|
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
|
8 |
WEB
|
EgiX
|
|
2009-03-24
|
|
SurfMyTV Script 1.0 - 'view.php?id' SQL Injection
|
8 |
WEB
|
x0r
|
|
2009-03-24
|
|
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
|
8 |
WEB
|
Nine:Situations:Group
|
|
2009-03-24
|
|
Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion
|
8 |
WEB
|
dun
|
|
2009-03-23
|
|
Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload
|
8 |
WEB
|
Mr.Skonnie
|
|
2009-03-23
|
|
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
|
8 |
WEB
|
Osirys
|
|
2009-03-23
|
|
Codice CMS 2 - Command Execution (via SQL Injection)
|
9 |
WEB
|
darkjoker
|
|
2009-03-23
|
|
Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion
|
8 |
WEB
|
Alfons Luja
|
|
2009-03-23
|
|
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
|
8 |
WEB
|
YOUCODE
|
|
2009-03-23
|
|
X-BLC 0.2.0 - 'get_read.php?section' SQL Injection
|
8 |
WEB
|
dun
|
|
2009-03-23
|
|
Supernews 1.5 - 'valor.php?noticia' SQL Injection
|
8 |
WEB
|
p3s0k!
|
|
2009-03-23
|
|
WBB3 rGallery 1.2.3 - 'UserGallery' Blind SQL Injection
|
8 |
WEB
|
Invisibility
|
|
2009-03-20
|
|
Pixie CMS - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
Justin Keane
|
|
2009-03-19
|
|
Hannon Hill Cascade Server - (Authenticated) Command Execution
|
9 |
WEB
|
Emory University
|
|
2009-03-19
|
|
Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
|
9 |
WEB
|
Fireshot
|
|
2009-03-19
|
|
Bloginator 1a - Cookie Bypass / SQL Injection
|
9 |
WEB
|
Fireshot
|
|
2009-03-18
|
|
DeluxeBB 1.3 - 'qorder' SQL Injection
|
8 |
WEB
|
girex
|
|
2009-03-18
|
|
Pivot 1.40.6 - Arbitrary File Deletion
|
8 |
WEB
|
Alfons Luja
|
|
2009-03-18
|
|
Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2009-03-18
|
|
Facil-CMS 0.1RC2 - Multiple Vulnerabilities
|
8 |
WEB
|
any.zicky
|
|
2009-03-17
|
|
Mega File Hosting Script 1.2 - 'url' Remote File Inclusion
|
9 |
WEB
|
Garry
|
|
2009-03-17
|
|
WordPress Plugin fMoblog 2.1 - 'id' SQL Injection
|
9 |
WEB
|
strange kevin
|
|
2009-03-17
|
|
GDL 4.x - 'node' SQL Injection
|
8 |
WEB
|
g4t3w4y
|
|
2009-03-17
|
|
PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
|
8 |
WEB
|
BugReport.IR
|
|
2009-03-16
|
|
phpComasy 0.9.1 - 'entry_id' SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2009-03-16
|
|
YAP 1.1.1 - Blind SQL Injection / SQL Injection
|
8 |
WEB
|
SirGod
|
|
2009-03-16
|
|
Beerwin's PHPLinkAdmin 1.0 - Remote File Inclusion / SQL Injection
|
8 |
WEB
|
SirGod
|
|
2009-03-16
|
|
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection
|
8 |
WEB
|
s4squatch
|
|
2009-03-13
|
|
Kim Websites 1.0 - Authentication Bypass
|
8 |
WEB
|
Virangar Security
|
|
2009-03-13
|
|
YAP 1.1.1 - 'index.php' Local File Inclusion
|
9 |
WEB
|
Alkindiii
|
|
2009-03-12
|
|
phpmysport 1.4 - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
XaDoS
|
|
2009-03-11
|
|
Traidnt up 2.0 - 'cookie' Add Extension Bypass
|
8 |
WEB
|
SP4rT
|
|
2009-03-10
|
|
RoomPHPlanning 1.6 - 'userform.php' Create Admin User
|
10 |
WEB
|
Jonathan Salwan
|
|
2009-03-10
|
|
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
|
8 |
WEB
|
XaDoS
|
|
2009-03-10
|
|
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
|
8 |
WEB
|
Juan Galiana Lara
|
|
2009-03-10
|
|
WeBid 0.7.3 RC9 - Multiple Remote File Inclusions
|
8 |
WEB
|
K-159
|
|
2009-03-10
|
|
PHP-Fusion Mod Book Panel - 'course_id' SQL Injection
|
8 |
WEB
|
SuB-ZeRo
|
|
2009-03-10
|
|
CMS WEBjump! - Multiple SQL Injections
|
8 |
WEB
|
M3NW5
|
|
2009-03-09
|
|
PHP-Fusion Mod Book Panel - 'bookid' SQL Injection
|
8 |
WEB
|
elusiven
|
|
2009-03-09
|
|
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-09
|
|
CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection
|
8 |
WEB
|
netsoul
|
|
2009-03-09
|
|
woltlab burning board 3.0.x - Multiple Vulnerabilities
|
8 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
PHPRecipeBook 2.24 - 'base_id' SQL Injection
|
8 |
WEB
|
d3b4g
|
|
2009-03-09
|
|
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
|
8 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
cms s.builder 3.7 - Remote File Inclusion
|
8 |
WEB
|
cr0w
|
|
2009-03-09
|
|
nForum 1.5 - Multiple SQL Injections
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
OneOrZero Helpdesk 1.6.5.7 - Local File Inclusion
|
8 |
WEB
|
dun
|
|
2009-03-06
|
|
isiAJAX 1 - 'praises.php?id' SQL Injection
|
7 |
WEB
|
dun
|
|
2009-03-06
|
|
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection
|
7 |
WEB
|
ka0x
|
|
2009-03-05
|
|
Joomla! Component com_iJoomla_archive - Blind SQL Injection
|
8 |
WEB
|
Stack
|
|
2009-03-05
|
|
celerbb 0.0.2 - Multiple Vulnerabilities
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Jogjacamp JProfile Gold - 'id_news' SQL Injection
|
9 |
WEB
|
kecemplungkalen
|
|
2009-03-03
|
|
Novaboard 1.0.1 - Cross-Site Scripting
|
9 |
WEB
|
Pepelux
|
|
2009-03-03
|
|
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
|
8 |
WEB
|
d3b4g
|
|
2009-03-03
|
|
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
|
9 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Zabbix 1.6.2 Frontend - Multiple Vulnerabilities
|
7 |
WEB
|
USH
|
|
2009-03-02
|
|
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
|
9 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Joomla! / Mambo Component eXtplorer - Code Execution
|
8 |
WEB
|
Juan Galiana Lara
|
|
2009-03-02
|
|
Joomla! Component com_digistore - 'pid' Blind SQL Injection
|
8 |
WEB
|
InjEctOr5
|
|
2009-03-02
|
|
Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling
|
8 |
WEB
|
x0r
|
|
2009-03-02
|
|
Access2asp - 'imageLibrar' Arbitrary File Upload
|
8 |
WEB
|
mr.al7rbi
|
|
2009-03-02
|
|
Digital Interchange Calendar 5.7.13 - Contents Change
|
7 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
Document Library 1.0.1 - Arbitrary Change Admin
|
8 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
EZ-Blog beta1 - Delete All Posts / SQL Injection
|
8 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Blogman 0.45 - Multiple Vulnerabilities
|
9 |
WEB
|
Salvatore Fresta
|
|
2009-02-27
|
|
Demium CMS 0.2.1b - Multiple Vulnerabilities
|
8 |
WEB
|
Osirys
|
|
2009-02-27
|
|
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
|
8 |
WEB
|
Corwin
|
|
2009-02-27
|
|
SkyPortal Downloads Manager 1.1 - Remote Contents Change
|
8 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
BannerManager 0.81 - Authentication Bypass
|
10 |
WEB
|
rootzig
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation
|
7 |
WEB
|
Inphex
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
|
8 |
WEB
|
StAkeR
|
|
2009-02-26
|
|
DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass
|
8 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
Golabi CMS 1.0 - Remote File Inclusion
|
8 |
WEB
|
CrazyAngel
|
|
2009-02-25
|
|
SkyPortal WebLinks 0.12 - Contents Change
|
8 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Picture Manager 0.11 - Contents Change
|
9 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Classifieds System 0.12 - Contents Change
|
7 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
PenPal 2.0 - Authentication Bypass
|
8 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
pPIM 1.0 - Multiple Vulnerabilities
|
8 |
WEB
|
Justin Keane
|
|
2009-02-24
|
|
Qwerty CMS - 'id' SQL Injection
|
8 |
WEB
|
b3
|
