|
2009-04-20
|
|
Studio Lounge Address Book 2.5 - 'profile' Arbitrary File Upload
|
18 |
WEB
|
JosS
|
|
2009-04-20
|
|
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
|
20 |
WEB
|
Salvatore Fresta
|
|
2009-04-17
|
|
Hot Project 7.0 - Authentication Bypass
|
20 |
WEB
|
HCOCA_MAN
|
|
2009-04-17
|
|
Online Email Manager - Insecure Cookie Handling
|
19 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
|
20 |
WEB
|
Hussin X
|
|
2009-04-17
|
|
e-cart.biz Shopping Cart - Arbitrary File Upload
|
20 |
WEB
|
ahmadbady
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - 'slug' Blind SQL Injection
|
19 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger 1.1.1 - Authentication Bypass
|
21 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
ClanTiger < 1.1.1 - Multiple Insecure Cookie Handling Vulnerabilities
|
18 |
WEB
|
YEnH4ckEr
|
|
2009-04-17
|
|
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation
|
22 |
WEB
|
Alfons Luja
|
|
2009-04-17
|
|
Tiny Blogr 1.0.0 rc4 - Authentication Bypass
|
17 |
WEB
|
Salvatore Fresta
|
|
2009-04-16
|
|
chCounter 3.1.3 - Authentication Bypass
|
19 |
WEB
|
tmh
|
|
2009-04-16
|
|
SMA-DB 0.3.13 - Multiple Remote File Inclusions
|
20 |
WEB
|
JosS
|
|
2009-04-16
|
|
eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-16
|
|
NetHoteles 3.0 - 'ficha.php' SQL Injection
|
21 |
WEB
|
snakespc
|
|
2009-04-16
|
|
CPCommerce 1.2.8 - 'id_document' Blind SQL Injection
|
20 |
WEB
|
NoGe
|
|
2009-04-16
|
|
DNS Tools (PHP Digger) - Remote Command Execution
|
20 |
WEB
|
SirGod
|
|
2009-04-16
|
|
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
|
22 |
WEB
|
YEnH4ckEr
|
|
2009-04-16
|
|
Online Password Manager 4.1 - Insecure Cookie Handling
|
18 |
WEB
|
ZoRLu
|
|
2009-04-16
|
|
NetHoteles 2.0/3.0 - Authentication Bypass
|
20 |
WEB
|
Dns-Team
|
|
2009-04-16
|
|
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection
|
19 |
WEB
|
Nine:Situations:Group
|
|
2009-04-15
|
|
FreeWebShop.org 2.2.9 RC2 - 'lang_file' Local File Inclusion
|
18 |
WEB
|
ahmadbady
|
|
2009-04-15
|
|
Job2C 4.2 - 'adtype' Local File Inclusion
|
19 |
WEB
|
ZoRLu
|
|
2009-04-15
|
|
Job2C - 'conf.inc' Configuration File Disclosure
|
17 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpDatingClub - 'conf.inc' File Disclosure
|
16 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoardPro - 'config.inc' Configuration File Disclosure
|
19 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
W2B Restaurant 1.2 - 'conf.inc' Configuration File Disclosure
|
18 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpGreetCards - Config File Disclosure
|
18 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
|
18 |
WEB
|
InjEctOr5
|
|
2009-04-15
|
|
Job2C 4.2 - 'profile' Arbitrary File Upload
|
19 |
WEB
|
InjEctOr5
|
|
2009-04-14
|
|
phpEmployment - 'conf.inc' File Disclosure
|
19 |
WEB
|
InjEctOr5
|
|
2009-04-14
|
|
RQms (Rash) 1.2.2 - Multiple SQL Injections
|
22 |
WEB
|
Dimi4
|
|
2009-04-14
|
|
Aqua CMS - 'Username' SQL Injection
|
17 |
WEB
|
halkfild
|
|
2009-04-14
|
|
GuestCal 2.1 - 'index.php?lang' Local File Inclusion
|
19 |
WEB
|
SirGod
|
|
2009-04-14
|
|
PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scrip
|
20 |
WEB
|
SirDarckCat
|
|
2009-04-14
|
|
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
|
20 |
WEB
|
DSecRG
|
|
2009-04-14
|
|
Jamroom 4.0.2 - 't' Local File Inclusion
|
20 |
WEB
|
zxvf
|
|
2009-04-13
|
|
ASP Product Catalog 1.0 - Cross-Site Scripting / File Disclosure
|
22 |
WEB
|
AlpHaNiX
|
|
2009-04-13
|
|
e107 Plugin userjournals_menu - 'blog.id' SQL Injection
|
19 |
WEB
|
boom3rang
|
|
2009-04-13
|
|
FreznoShop 1.3.0 - 'id' SQL Injection
|
22 |
WEB
|
NoGe
|
|
2009-04-13
|
|
XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass
|
19 |
WEB
|
Dr-HTmL
|
|
2009-04-13
|
|
Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion
|
19 |
WEB
|
ahmadbady
|
|
2009-04-13
|
|
X10media Mp3 Search Engine < 1.6.2 - Admin Access
|
17 |
WEB
|
THUNDER
|
|
2009-04-13
|
|
Flatnuke 2.7.1 - 'level' Privilege Escalation
|
18 |
WEB
|
StAkeR
|
|
2009-04-10
|
|
FunkyASP AD System 1.1 - Arbitrary File Upload
|
19 |
WEB
|
ZoRLu
|
|
2009-04-10
|
|
w3bcms Gaestebuch 3.0.0 - Blind SQL Injection
|
19 |
WEB
|
DNX
|
|
2009-04-10
|
|
RedaxScript 0.2.0 - 'Language' Local File Inclusion
|
22 |
WEB
|
SirGod
|
|
2009-04-10
|
|
moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
|
21 |
WEB
|
SirGod
|
|
2009-04-10
|
|
Loggix Project 9.4.5 - 'refer_id' Blind SQL Injection
|
21 |
WEB
|
Salvatore Fresta
|
|
2009-04-10
|
|
PHP-Agenda 2.2.5 - Remote File Overwriting
|
21 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
dynamic flash forum 1.0 Beta - Multiple Vulnerabilities
|
19 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
Absolute Form Processor XE-V 1.5 - Authentication Bypass
|
23 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
My Dealer CMS 2.0 - Authentication Bypass
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
adaptbb 1.0b - Multiple Vulnerabilities
|
22 |
WEB
|
Salvatore Fresta
|
|
2009-04-09
|
|
WebFileExplorer 3.1 - Authentication Bypass
|
18 |
WEB
|
Osirys
|
|
2009-04-09
|
|
Simbas CMS 2.0 - Authentication Bypass
|
21 |
WEB
|
ThE g0bL!N
|
|
2009-04-09
|
|
Back-End CMS 5.0 - 'main.asp?id' SQL Injection
|
18 |
WEB
|
AnGeL25dZ
|
|
2009-04-09
|
|
Exjune Guestbook 2.0 - Remote Database Disclosure
|
18 |
WEB
|
AlpHaNiX
|
|
2009-04-09
|
|
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
|
20 |
WEB
|
Nine:Situations:Group
|
|
2009-04-08
|
|
WebFileExplorer 3.1 - 'db.mdb' Database Disclosure
|
19 |
WEB
|
ByALBAYX
|
|
2009-04-08
|
|
Xplode CMS - 'wrap_script' SQL Injection
|
23 |
WEB
|
PLATEN
|
|
2009-04-08
|
|
photo graffix 3.4 - Multiple Vulnerabilities
|
23 |
WEB
|
ahmadbady
|
|
2009-04-08
|
|
Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
|
20 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
Joomla! Component MailTo - 'article' SQL Injection
|
20 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
Joomla! Component Maian Music 1.2.1 - 'category' SQL Injection
|
20 |
WEB
|
H!tm@N
|
|
2009-04-08
|
|
saspcms 0.9 - Multiple Vulnerabilities
|
21 |
WEB
|
BugReport.IR
|
|
2009-04-07
|
|
Lanius CMS 0.5.2 - Arbitrary File Upload
|
25 |
WEB
|
EgiX
|
|
2009-04-07
|
|
Family Connections CMS 1.8.2 - Blind SQL Injection
|
18 |
WEB
|
Salvatore Fresta
|
|
2009-04-06
|
|
iDB 0.2.5pa SVN 243 - 'skin' Local File Inclusion
|
19 |
WEB
|
LOTFREE
|
|
2009-04-06
|
|
FlexCMS Calendar - 'itemID' Blind SQL Injection
|
18 |
WEB
|
Lanti-Net
|
|
2009-04-06
|
|
Joomla! Component com_bookJoomlas 0.1 - SQL Injection
|
20 |
WEB
|
Salvatore Fresta
|
|
2009-04-03
|
|
AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure
|
20 |
WEB
|
StAkeR
|
|
2009-04-03
|
|
Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
|
21 |
WEB
|
brain[pillow]
|
|
2009-04-03
|
|
Family Connections 1.8.2 - Arbitrary File Upload
|
21 |
WEB
|
Salvatore Fresta
|
|
2009-04-03
|
|
form2list - 'page.php?id' SQL Injection
|
18 |
WEB
|
Cyber-Zone
|
|
2009-04-03
|
|
glFusion 1.1.2 - 'COM_applyFilter()/cookies' Blind SQL Injection
|
19 |
WEB
|
Nine:Situations:Group
|
|
2009-04-03
|
|
ActiveKB KnowledgeBase - 'Panel' Local File Inclusion
|
21 |
WEB
|
Angela Chang
|
|
2009-04-01
|
|
TinyPHPForum 3.61 - File Disclosure / Code Execution
|
21 |
WEB
|
brain[pillow]
|
|
2009-04-01
|
|
MyioSoft Ajax Portal 3.0 - 'page' SQL Injection
|
17 |
WEB
|
cOndemned
|
|
2009-04-01
|
|
Koschtit Image Gallery 1.82 - Multiple Local File Inclusions
|
18 |
WEB
|
ahmadbady
|
|
2009-03-31
|
|
vsp stats processor 0.45 - 'gamestat.php?gameID' SQL Injection
|
20 |
WEB
|
Dimi4
|
|
2009-03-31
|
|
PHPRecipeBook 2.39 - 'course_id' SQL Injection
|
17 |
WEB
|
DarKdewiL
|
|
2009-03-31
|
|
JobHut 1.2 - Remote Password Change/Delete/Activate User
|
19 |
WEB
|
ThE g0bL!N
|
|
2009-03-31
|
|
webEdition 6.0.0.4 - 'WE_LANGUAGE' Local File Inclusion
|
17 |
WEB
|
Salvatore Fresta
|
|
2009-03-31
|
|
virtuemart 1.1.2 - Multiple Vulnerabilities
|
16 |
WEB
|
waraxe
|
|
2009-03-31
|
|
VirtueMart 1.1.2 - SQL Injection (Metasploit)
|
21 |
WEB
|
waraxe
|
|
2009-03-31
|
|
Podcast Generator 1.1 - Remote Code Execution
|
20 |
WEB
|
BlackHawk
|
|
2009-03-31
|
|
Community CMS 0.5 - Multiple SQL Injections
|
19 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
family connection 1.8.1 - Multiple Vulnerabilities
|
17 |
WEB
|
Salvatore Fresta
|
|
2009-03-30
|
|
JobHut 1.2 - 'pk' SQL Injection
|
23 |
WEB
|
K-159
|
|
2009-03-30
|
|
X-Forum 0.6.2 - Remote Command Execution
|
21 |
WEB
|
Osirys
|
|
2009-03-30
|
|
gravy media CMS 1.07 - Multiple Vulnerabilities
|
22 |
WEB
|
x0r
|
|
2009-03-30
|
|
BandSite CMS 1.1.4 - 'members.php' SQL Injection
|
18 |
WEB
|
SirGod
|
|
2009-03-30
|
|
Diskos CMS Manager - SQL Injection / File Disclosure / Authentication Bypass
|
22 |
WEB
|
AnGeL25dZ
|
|
2009-03-29
|
|
iWare CMS 5.0.4 - Multiple SQL Injections
|
20 |
WEB
|
boom3rang
|
|
2009-03-29
|
|
Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling
|
22 |
WEB
|
ZoRLu
|
|
2009-03-29
|
|
glFusion 1.1.2 - 'COM_applyFilter()/order' SQL Injection
|
23 |
WEB
|
Nine:Situations:Group
|
|
2009-03-27
|
|
My Simple Forum 7.1 - Remote Command Execution
|
20 |
WEB
|
Osirys
|
|
2009-03-27
|
|
Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure
|
17 |
WEB
|
Christian J. Eibl
|
|
2009-03-27
|
|
Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
|
21 |
WEB
|
Anarchy Angel
|
|
2009-03-27
|
|
Free PHP Petition Signing Script - Authentication Bypass
|
21 |
WEB
|
Qabandi
|
|
2009-03-27
|
|
Simply Classified 0.2 - 'category_id' SQL Injection
|
21 |
WEB
|
G4N0K
|
|
2009-03-26
|
|
acute control panel 1.0.0 - SQL Injection / Remote File Inclusion
|
18 |
WEB
|
SirGod
|
|
2009-03-26
|
|
blogplus 1.0 - Multiple Local File Inclusions
|
21 |
WEB
|
ahmadbady
|
|
2009-03-26
|
|
PhotoStand 1.2.0 - Remote Command Execution
|
19 |
WEB
|
Osirys
|
|
2009-03-25
|
|
WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload
|
19 |
WEB
|
Ahmad Pay
|
|
2009-03-25
|
|
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
|
18 |
WEB
|
EgiX
|
|
2009-03-24
|
|
SurfMyTV Script 1.0 - 'view.php?id' SQL Injection
|
20 |
WEB
|
x0r
|
|
2009-03-24
|
|
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
|
20 |
WEB
|
Nine:Situations:Group
|
|
2009-03-24
|
|
Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion
|
21 |
WEB
|
dun
|
|
2009-03-23
|
|
Free Arcade Script 1.0 - Authentication Bypass / Arbitrary File Upload
|
19 |
WEB
|
Mr.Skonnie
|
|
2009-03-23
|
|
Syzygy CMS 0.3 - Local File Inclusion / SQL Injection
|
20 |
WEB
|
Osirys
|
|
2009-03-23
|
|
Codice CMS 2 - Command Execution (via SQL Injection)
|
19 |
WEB
|
darkjoker
|
|
2009-03-23
|
|
Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion
|
21 |
WEB
|
Alfons Luja
|
|
2009-03-23
|
|
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
|
20 |
WEB
|
YOUCODE
|
|
2009-03-23
|
|
X-BLC 0.2.0 - 'get_read.php?section' SQL Injection
|
21 |
WEB
|
dun
|
|
2009-03-23
|
|
Supernews 1.5 - 'valor.php?noticia' SQL Injection
|
20 |
WEB
|
p3s0k!
|
|
2009-03-23
|
|
WBB3 rGallery 1.2.3 - 'UserGallery' Blind SQL Injection
|
22 |
WEB
|
Invisibility
|
|
2009-03-20
|
|
Pixie CMS - Cross-Site Scripting / SQL Injection
|
19 |
WEB
|
Justin Keane
|
|
2009-03-19
|
|
Hannon Hill Cascade Server - (Authenticated) Command Execution
|
25 |
WEB
|
Emory University
|
|
2009-03-19
|
|
Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
|
21 |
WEB
|
Fireshot
|
|
2009-03-19
|
|
Bloginator 1a - Cookie Bypass / SQL Injection
|
21 |
WEB
|
Fireshot
|
|
2009-03-18
|
|
DeluxeBB 1.3 - 'qorder' SQL Injection
|
23 |
WEB
|
girex
|
|
2009-03-18
|
|
Pivot 1.40.6 - Arbitrary File Deletion
|
16 |
WEB
|
Alfons Luja
|
|
2009-03-18
|
|
Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection
|
18 |
WEB
|
boom3rang
|
