|
2009-03-31
|
|
VirtueMart 1.1.2 - SQL Injection (Metasploit)
|
4 |
WEB
|
waraxe
|
|
2009-03-31
|
|
Podcast Generator 1.1 - Remote Code Execution
|
4 |
WEB
|
BlackHawk
|
|
2009-03-31
|
|
Community CMS 0.5 - Multiple SQL Injections
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
family connection 1.8.1 - Multiple Vulnerabilities
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
JobHut 1.2 - 'pk' SQL Injection
|
5 |
WEB
|
K-159
|
|
2009-03-30
|
|
X-Forum 0.6.2 - Remote Command Execution
|
5 |
WEB
|
Osirys
|
|
2009-03-30
|
|
gravy media CMS 1.07 - Multiple Vulnerabilities
|
5 |
WEB
|
x0r
|
|
2009-03-30
|
|
BandSite CMS 1.1.4 - 'members.php' SQL Injection
|
4 |
WEB
|
SirGod
|
|
2009-03-30
|
|
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
|
4 |
WEB
|
AnGeL25dZ
|
|
2009-03-29
|
|
iWare CMS 5.0.4 - Multiple SQL Injections
|
4 |
WEB
|
boom3rang
|
|
2009-03-29
|
|
Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling
|
4 |
WEB
|
ZoRLu
|
|
2009-03-29
|
|
glFusion 1.1.2 - 'COM_applyFilter()/order' SQL Injection
|
4 |
WEB
|
Nine:Situations:Group
|
|
2009-03-27
|
|
My Simple Forum 7.1 - Remote Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-03-27
|
|
Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure
|
3 |
WEB
|
Christian J. Eibl
|
|
2009-03-27
|
|
Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
|
6 |
WEB
|
Anarchy Angel
|
|
2009-03-27
|
|
Free PHP Petition Signing Script - Authentication Bypass
|
4 |
WEB
|
Qabandi
|
|
2009-03-27
|
|
Simply Classified 0.2 - 'category_id' SQL Injection
|
5 |
WEB
|
G4N0K
|
|
2009-03-26
|
|
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
|
4 |
WEB
|
SirGod
|
|
2009-03-26
|
|
blogplus 1.0 - Multiple Local File Inclusions
|
4 |
WEB
|
ahmadbady
|
|
2009-03-26
|
|
PhotoStand 1.2.0 - Remote Command Execution
|
3 |
WEB
|
Osirys
|
|
2009-03-25
|
|
WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload
|
3 |
WEB
|
Ahmad Pay
|
|
2009-03-25
|
|
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
|
4 |
WEB
|
EgiX
|
|
2009-03-24
|
|
SurfMyTV Script 1.0 - 'view.php?id' SQL Injection
|
4 |
WEB
|
x0r
|
|
2009-03-24
|
|
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
|
4 |
WEB
|
Nine:Situations:Group
|
|
2009-03-24
|
|
Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion
|
4 |
WEB
|
dun
|
|
2009-03-23
|
|
Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload
|
4 |
WEB
|
Mr.Skonnie
|
|
2009-03-23
|
|
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-03-23
|
|
Codice CMS 2 - Command Execution (via SQL Injection)
|
5 |
WEB
|
darkjoker
|
|
2009-03-23
|
|
Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion
|
4 |
WEB
|
Alfons Luja
|
|
2009-03-23
|
|
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
|
4 |
WEB
|
YOUCODE
|
|
2009-03-23
|
|
X-BLC 0.2.0 - 'get_read.php?section' SQL Injection
|
4 |
WEB
|
dun
|
|
2009-03-23
|
|
Supernews 1.5 - 'valor.php?noticia' SQL Injection
|
4 |
WEB
|
p3s0k!
|
|
2009-03-23
|
|
WBB3 rGallery 1.2.3 - 'UserGallery' Blind SQL Injection
|
4 |
WEB
|
Invisibility
|
|
2009-03-20
|
|
Pixie CMS - Cross-Site Scripting / SQL Injection
|
3 |
WEB
|
Justin Keane
|
|
2009-03-19
|
|
Hannon Hill Cascade Server - (Authenticated) Command Execution
|
5 |
WEB
|
Emory University
|
|
2009-03-19
|
|
Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
|
5 |
WEB
|
Fireshot
|
|
2009-03-19
|
|
Bloginator 1a - Cookie Bypass / SQL Injection
|
5 |
WEB
|
Fireshot
|
|
2009-03-18
|
|
DeluxeBB 1.3 - 'qorder' SQL Injection
|
4 |
WEB
|
girex
|
|
2009-03-18
|
|
Pivot 1.40.6 - Arbitrary File Deletion
|
4 |
WEB
|
Alfons Luja
|
|
2009-03-18
|
|
Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
|
4 |
WEB
|
boom3rang
|
|
2009-03-18
|
|
Facil-CMS 0.1RC2 - Multiple Vulnerabilities
|
4 |
WEB
|
any.zicky
|
|
2009-03-17
|
|
Mega File Hosting Script 1.2 - 'url' Remote File Inclusion
|
5 |
WEB
|
Garry
|
|
2009-03-17
|
|
WordPress Plugin fMoblog 2.1 - 'id' SQL Injection
|
4 |
WEB
|
strange kevin
|
|
2009-03-17
|
|
GDL 4.x - 'node' SQL Injection
|
4 |
WEB
|
g4t3w4y
|
|
2009-03-17
|
|
PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
|
4 |
WEB
|
BugReport.IR
|
|
2009-03-16
|
|
phpComasy 0.9.1 - 'entry_id' SQL Injection
|
4 |
WEB
|
boom3rang
|
|
2009-03-16
|
|
YAP 1.1.1 - Blind SQL Injection / SQL Injection
|
4 |
WEB
|
SirGod
|
|
2009-03-16
|
|
Beerwin's PHPLinkAdmin 1.0 - Remote File Inclusion / SQL Injection
|
4 |
WEB
|
SirGod
|
|
2009-03-16
|
|
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection
|
4 |
WEB
|
s4squatch
|
|
2009-03-13
|
|
Kim Websites 1.0 - Authentication Bypass
|
4 |
WEB
|
Virangar Security
|
|
2009-03-13
|
|
YAP 1.1.1 - 'index.php' Local File Inclusion
|
5 |
WEB
|
Alkindiii
|
|
2009-03-12
|
|
phpmysport 1.4 - Cross-Site Scripting / SQL Injection
|
4 |
WEB
|
XaDoS
|
|
2009-03-11
|
|
Traidnt up 2.0 - 'cookie' Add Extension Bypass
|
4 |
WEB
|
SP4rT
|
|
2009-03-10
|
|
RoomPHPlanning 1.6 - 'userform.php' Create Admin User
|
5 |
WEB
|
Jonathan Salwan
|
|
2009-03-10
|
|
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
|
4 |
WEB
|
XaDoS
|
|
2009-03-10
|
|
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
|
4 |
WEB
|
Juan Galiana Lara
|
|
2009-03-10
|
|
WeBid 0.7.3 RC9 - Multiple Remote File Inclusions
|
4 |
WEB
|
K-159
|
|
2009-03-10
|
|
PHP-Fusion Mod Book Panel - 'course_id' SQL Injection
|
4 |
WEB
|
SuB-ZeRo
|
|
2009-03-10
|
|
CMS WEBjump! - Multiple SQL Injections
|
4 |
WEB
|
M3NW5
|
|
2009-03-09
|
|
PHP-Fusion Mod Book Panel - 'bookid' SQL Injection
|
4 |
WEB
|
elusiven
|
|
2009-03-09
|
|
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-09
|
|
CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection
|
4 |
WEB
|
netsoul
|
|
2009-03-09
|
|
woltlab burning board 3.0.x - Multiple Vulnerabilities
|
4 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
PHPRecipeBook 2.24 - 'base_id' SQL Injection
|
4 |
WEB
|
d3b4g
|
|
2009-03-09
|
|
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
|
3 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
cms s.builder 3.7 - Remote File Inclusion
|
4 |
WEB
|
cr0w
|
|
2009-03-09
|
|
nForum 1.5 - Multiple SQL Injections
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
OneOrZero Helpdesk 1.6.5.7 - Local File Inclusion
|
4 |
WEB
|
dun
|
|
2009-03-06
|
|
isiAJAX 1 - 'praises.php?id' SQL Injection
|
3 |
WEB
|
dun
|
|
2009-03-06
|
|
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection
|
3 |
WEB
|
ka0x
|
|
2009-03-05
|
|
Joomla! Component com_iJoomla_archive - Blind SQL Injection
|
4 |
WEB
|
Stack
|
|
2009-03-05
|
|
celerbb 0.0.2 - Multiple Vulnerabilities
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Jogjacamp JProfile Gold - 'id_news' SQL Injection
|
5 |
WEB
|
kecemplungkalen
|
|
2009-03-03
|
|
Novaboard 1.0.1 - Cross-Site Scripting
|
6 |
WEB
|
Pepelux
|
|
2009-03-03
|
|
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
|
4 |
WEB
|
d3b4g
|
|
2009-03-03
|
|
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
|
5 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Zabbix 1.6.2 Frontend - Multiple Vulnerabilities
|
3 |
WEB
|
USH
|
|
2009-03-02
|
|
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Joomla! / Mambo Component eXtplorer - Code Execution
|
3 |
WEB
|
Juan Galiana Lara
|
|
2009-03-02
|
|
Joomla! Component com_digistore - 'pid' Blind SQL Injection
|
4 |
WEB
|
InjEctOr5
|
|
2009-03-02
|
|
Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling
|
4 |
WEB
|
x0r
|
|
2009-03-02
|
|
Access2asp - 'imageLibrar' Arbitrary File Upload
|
4 |
WEB
|
mr.al7rbi
|
|
2009-03-02
|
|
Digital Interchange Calendar 5.7.13 - Contents Change
|
3 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
Document Library 1.0.1 - Arbitrary Change Admin
|
4 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
EZ-Blog beta1 - Delete All Posts / SQL Injection
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Blogman 0.45 - Multiple Vulnerabilities
|
5 |
WEB
|
Salvatore Fresta
|
|
2009-02-27
|
|
Demium CMS 0.2.1b - Multiple Vulnerabilities
|
4 |
WEB
|
Osirys
|
|
2009-02-27
|
|
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
|
4 |
WEB
|
Corwin
|
|
2009-02-27
|
|
SkyPortal Downloads Manager 1.1 - Remote Contents Change
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
BannerManager 0.81 - Authentication Bypass
|
4 |
WEB
|
rootzig
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation
|
3 |
WEB
|
Inphex
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
|
3 |
WEB
|
StAkeR
|
|
2009-02-26
|
|
DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
Golabi CMS 1.0 - Remote File Inclusion
|
4 |
WEB
|
CrazyAngel
|
|
2009-02-25
|
|
SkyPortal WebLinks 0.12 - Contents Change
|
3 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Picture Manager 0.11 - Contents Change
|
5 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Classifieds System 0.12 - Contents Change
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
PenPal 2.0 - Authentication Bypass
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
pPIM 1.0 - Multiple Vulnerabilities
|
4 |
WEB
|
Justin Keane
|
|
2009-02-24
|
|
Qwerty CMS - 'id' SQL Injection
|
4 |
WEB
|
b3
|
|
2009-02-24
|
|
XGuestBook 2.0 - Authentication Bypass
|
4 |
WEB
|
Fireshot
|
|
2009-02-23
|
|
MDPro Module My_eGallery - 'pid' SQL Injection
|
4 |
WEB
|
StAkeR
|
|
2009-02-23
|
|
taifajobs 1.0 - 'jobid' SQL Injection
|
4 |
WEB
|
K-159
|
|
2009-02-23
|
|
Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-23
|
|
Free Arcade Script 1.0 - Local File Inclusion Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-23
|
|
pPIM 1.01 - 'notes.php' Remote Command Execution
|
5 |
WEB
|
JosS
|
|
2009-02-23
|
|
zFeeder 1.6 - 'admin.php' Admin Bypass
|
4 |
WEB
|
ahmadbady
|
|
2009-02-20
|
|
Graugon Forum 1 - 'id' Command Injection / SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-02-20
|
|
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB Server - 'admin.dat' File Disclosure
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
|
4 |
WEB
|
Kacper
|
|
2009-02-18
|
|
smNews 1.0 - Authentication Bypass / Column Truncation
|
3 |
WEB
|
x0r
|
|
2009-02-18
|
|
Firepack - '/admin/ref.php' Remote Code Execution
|
4 |
WEB
|
Lidloses_Auge
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'genbackup.php' Database Disclosure
|
4 |
WEB
|
x0r
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'mod' SQL Injection
|
4 |
WEB
|
x0r
|
|
2009-02-17
|
|
S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete
|
4 |
WEB
|
x0r
|
|
2009-02-17
|
|
SAS Hotel Management System - Arbitrary File Upload
|
4 |
WEB
|
ZoRLu
|
|
2009-02-16
|
|
Grestul 1.x - Cookie Authentication Bypass
|
4 |
WEB
|
x0r
|
|
2009-02-16
|
|
ravennuke 2.3.0 - Multiple Vulnerabilities
|
4 |
WEB
|
waraxe
|
|
2009-02-16
|
|
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-02-16
|
|
SAS Hotel Management System - 'id' SQL Injection
|
4 |
WEB
|
Darkb0x
|
|
2009-02-16
|
|
MemHT Portal 4.0.1 - Delete All Private Messages
|
4 |
WEB
|
StAkeR
|
