|
2009-02-27
|
|
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
|
10 |
WEB
|
Corwin
|
|
2009-02-27
|
|
SkyPortal Downloads Manager 1.1 - Remote Contents Change
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
BannerManager 0.81 - Authentication Bypass
|
11 |
WEB
|
rootzig
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation
|
9 |
WEB
|
Inphex
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
|
10 |
WEB
|
StAkeR
|
|
2009-02-26
|
|
DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
Golabi CMS 1.0 - Remote File Inclusion
|
10 |
WEB
|
CrazyAngel
|
|
2009-02-25
|
|
SkyPortal WebLinks 0.12 - Contents Change
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Picture Manager 0.11 - Contents Change
|
11 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Classifieds System 0.12 - Contents Change
|
9 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
PenPal 2.0 - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
pPIM 1.0 - Multiple Vulnerabilities
|
10 |
WEB
|
Justin Keane
|
|
2009-02-24
|
|
Qwerty CMS - 'id' SQL Injection
|
10 |
WEB
|
b3
|
|
2009-02-24
|
|
XGuestBook 2.0 - Authentication Bypass
|
11 |
WEB
|
Fireshot
|
|
2009-02-23
|
|
MDPro Module My_eGallery - 'pid' SQL Injection
|
11 |
WEB
|
StAkeR
|
|
2009-02-23
|
|
taifajobs 1.0 - 'jobid' SQL Injection
|
10 |
WEB
|
K-159
|
|
2009-02-23
|
|
Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution
|
11 |
WEB
|
Osirys
|
|
2009-02-23
|
|
Free Arcade Script 1.0 - Local File Inclusion Command Execution
|
10 |
WEB
|
Osirys
|
|
2009-02-23
|
|
pPIM 1.01 - 'notes.php' Remote Command Execution
|
11 |
WEB
|
JosS
|
|
2009-02-23
|
|
zFeeder 1.6 - 'admin.php' Admin Bypass
|
10 |
WEB
|
ahmadbady
|
|
2009-02-20
|
|
Graugon Forum 1 - 'id' Command Injection / SQL Injection
|
10 |
WEB
|
Osirys
|
|
2009-02-20
|
|
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
|
10 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB Server - 'admin.dat' File Disclosure
|
10 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
|
10 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
|
10 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
|
10 |
WEB
|
Kacper
|
|
2009-02-18
|
|
smNews 1.0 - Authentication Bypass / Column Truncation
|
9 |
WEB
|
x0r
|
|
2009-02-18
|
|
Firepack - '/admin/ref.php' Remote Code Execution
|
12 |
WEB
|
Lidloses_Auge
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'genbackup.php' Database Disclosure
|
10 |
WEB
|
x0r
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'mod' SQL Injection
|
12 |
WEB
|
x0r
|
|
2009-02-17
|
|
S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete
|
12 |
WEB
|
x0r
|
|
2009-02-17
|
|
SAS Hotel Management System - Arbitrary File Upload
|
11 |
WEB
|
ZoRLu
|
|
2009-02-16
|
|
Grestul 1.x - Cookie Authentication Bypass
|
10 |
WEB
|
x0r
|
|
2009-02-16
|
|
ravennuke 2.3.0 - Multiple Vulnerabilities
|
11 |
WEB
|
waraxe
|
|
2009-02-16
|
|
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion
|
12 |
WEB
|
ahmadbady
|
|
2009-02-16
|
|
SAS Hotel Management System - 'id' SQL Injection
|
11 |
WEB
|
Darkb0x
|
|
2009-02-16
|
|
MemHT Portal 4.0.1 - Delete All Private Messages
|
13 |
WEB
|
StAkeR
|
|
2009-02-16
|
|
Novaboard 1.0.0 - Multiple Vulnerabilities
|
10 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
|
11 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution
|
12 |
WEB
|
Osirys
|
|
2009-02-16
|
|
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
|
13 |
WEB
|
Sp3shial
|
|
2009-02-16
|
|
InselPhoto 1.1 - Cross-Site Scripting
|
10 |
WEB
|
rAWjAW
|
|
2009-02-13
|
|
CmsFaethon 2.2.0 - 'item' SQL Injection
|
10 |
WEB
|
Osirys
|
|
2009-02-13
|
|
BlogWrite 0.91 - Remote File Disclosure / SQL Injection
|
12 |
WEB
|
Osirys
|
|
2009-02-13
|
|
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion
|
10 |
WEB
|
bd0rk
|
|
2009-02-13
|
|
Vlinks 1.1.6 - 'id' SQL Injection
|
12 |
WEB
|
JIKO
|
|
2009-02-13
|
|
ideacart 0.02 - Local File Inclusion / SQL Injection
|
10 |
WEB
|
nuclear
|
|
2009-02-12
|
|
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripti
|
10 |
WEB
|
Aria-Security Team
|
|
2009-02-12
|
|
Free Joke Script 1.0 - Authentication Bypass
|
11 |
WEB
|
Muhacir
|
|
2009-02-12
|
|
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
|
11 |
WEB
|
x0r
|
|
2009-02-11
|
|
InselPhoto 1.1 - 'query' SQL Injection
|
11 |
WEB
|
Osirys
|
|
2009-02-11
|
|
Den Dating 9.01 - 'txtlookgender' SQL Injection
|
10 |
WEB
|
nuclear
|
|
2009-02-11
|
|
Bloggeruniverse 2.0 Beta - 'id' SQL Injection
|
12 |
WEB
|
Osirys
|
|
2009-02-11
|
|
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
|
11 |
WEB
|
Mehmet Ince
|
|
2009-02-11
|
|
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
|
9 |
WEB
|
x0r
|
|
2009-02-11
|
|
SkaDate Online 7 - Arbitrary File Upload
|
12 |
WEB
|
ZoRLu
|
|
2009-02-10
|
|
TYPO3 < 4.0.12/4.1.10/4.2.6 - 'jumpUrl' Remote File Disclosure
|
10 |
WEB
|
Lolek
|
|
2009-02-10
|
|
Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution
|
11 |
WEB
|
Osirys
|
|
2009-02-10
|
|
BlueBird Pre-Release - Authentication Bypass
|
11 |
WEB
|
x0r
|
|
2009-02-10
|
|
Mynews 0.10 - Authentication Bypass
|
11 |
WEB
|
x0r
|
|
2009-02-10
|
|
AuthPhp 1.0 - Authentication Bypass
|
10 |
WEB
|
x0r
|
|
2009-02-10
|
|
Potato News 1.0.0 - Local File Inclusion
|
13 |
WEB
|
x0r
|
|
2009-02-10
|
|
Q-News 2.0 - Remote Command Execution
|
10 |
WEB
|
Fireshot
|
|
2009-02-10
|
|
Papoo CMS 3.x - 'pfadhier' Local File Inclusion
|
13 |
WEB
|
SirGod
|
|
2009-02-10
|
|
Thyme 1.3 - 'export_to' Local File Inclusion
|
11 |
WEB
|
cheverok
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution
|
13 |
WEB
|
Osirys
|
|
2009-02-09
|
|
Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure
|
11 |
WEB
|
bd0rk
|
|
2009-02-09
|
|
WB News 2.1.1 - config[installdir] Remote File Inclusion
|
10 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
webframe 0.76 - Multiple File Inclusions
|
11 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
Yet Another NOCC 0.1.0 - Local File Inclusion
|
10 |
WEB
|
Kacper
|
|
2009-02-09
|
|
ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting
|
10 |
WEB
|
make0day
|
|
2009-02-09
|
|
FlexCMS 2.5 - 'catId' SQL Injection
|
10 |
WEB
|
MisterRichard
|
|
2009-02-09
|
|
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
|
10 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
|
11 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Remote Command Execution
|
10 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
PHP Director 0.21 - Remote Command Execution
|
10 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
|
11 |
WEB
|
BackDoor
|
|
2009-02-09
|
|
BusinessSpace 1.2 - 'id' SQL Injection
|
11 |
WEB
|
K-159
|
|
2009-02-09
|
|
w3bcms 3.5.0 - Multiple Vulnerabilities
|
11 |
WEB
|
DNX
|
|
2009-02-09
|
|
IF-CMS 2.0 - 'id' Blind SQL Injection
|
10 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
Traidnt UP 1.0 - Arbitrary File Upload
|
10 |
WEB
|
fantastic
|
|
2009-02-06
|
|
phpYabs 0.1.2 - 'Azione' Remote File Inclusion
|
13 |
WEB
|
Arka69
|
|
2009-02-06
|
|
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
|
10 |
WEB
|
x0r
|
|
2009-02-06
|
|
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion
|
11 |
WEB
|
JosS
|
|
2009-02-06
|
|
CafeEngine - 'catid' SQL Injection
|
11 |
WEB
|
SuNHouSe2
|
|
2009-02-06
|
|
Mailist 3.0 - Insecure Backup / Local File Inclusion
|
10 |
WEB
|
SirGod
|
|
2009-02-06
|
|
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
|
10 |
WEB
|
make0day
|
|
2009-02-06
|
|
Simple PHP News 1.0 - Remote Command Execution
|
10 |
WEB
|
Osirys
|
|
2009-02-06
|
|
WikkiTikkiTavi 1.11 - Arbitrary '.PHP' File Upload
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-05
|
|
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
|
10 |
WEB
|
cOndemned
|
|
2009-02-05
|
|
ClearBudget 0.6.1 - Insecure Database Disclosure
|
11 |
WEB
|
Room-Hacker
|
|
2009-02-05
|
|
Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure
|
10 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-05
|
|
ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion
|
10 |
WEB
|
SirGod
|
|
2009-02-04
|
|
GR Note 0.94 Beta - (Authentication Bypass) Remote Database Backup
|
10 |
WEB
|
JosS
|
|
2009-02-04
|
|
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
|
9 |
WEB
|
JosS
|
|
2009-02-04
|
|
YapBB 1.2 - 'forumID' Blind SQL Injection
|
10 |
WEB
|
darkjoker
|
|
2009-02-04
|
|
team 1.x - File Disclosure / Cross-Site Scripting
|
10 |
WEB
|
Pouya_Server
|
|
2009-02-04
|
|
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
|
11 |
WEB
|
Pouya_Server
|
|
2009-02-04
|
|
PHPbbBook 1.3 - 'bbcode.php?l' Local File Inclusion
|
10 |
WEB
|
Osirys
|
|
2009-02-04
|
|
GRBoard 1.8 - Multiple Remote File Inclusions
|
12 |
WEB
|
make0day
|
|
2009-02-04
|
|
rgboard 4 5p1 (07.07.27) - Multiple Vulnerabilities
|
10 |
WEB
|
make0day
|
|
2009-02-04
|
|
Syntax Desktop 2.7 - 'synTarget' Local File Inclusion
|
11 |
WEB
|
ahmadbady
|
|
2009-02-04
|
|
Jaws 0.8.8 - Multiple Local File Inclusions
|
10 |
WEB
|
fuzion
|
|
2009-02-03
|
|
OpenFiler 2.3 - (Authentication Bypass) Remote Password Change
|
11 |
WEB
|
nonroot
|
|
2009-02-03
|
|
Flatnux 2009-01-27 - Remote File Inclusion
|
11 |
WEB
|
Alfons Luja
|
|
2009-02-03
|
|
DreamPics Photo/Video Gallery - Blind SQL Injection
|
9 |
WEB
|
Mehmet Ince
|
|
2009-02-03
|
|
TxtBlog 1.0 Alpha - Remote Command Execution
|
11 |
WEB
|
Osirys
|
|
2009-02-03
|
|
Technote 7.2 - Remote File Inclusion
|
10 |
WEB
|
make0day
|
|
2009-02-03
|
|
4Site CMS 2.6 - Multiple SQL Injections
|
10 |
WEB
|
D.Mortalov
|
|
2009-02-03
|
|
MyDesing Sayac 2.0 - Authentication Bypass
|
11 |
WEB
|
Kacak
|
|
2009-02-03
|
|
WEBalbum 2.4b - 'id' Blind SQL Injection
|
14 |
WEB
|
Mehmet Ince
|
|
2009-02-03
|
|
AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload
|
10 |
WEB
|
Hussin X
|
|
2009-02-03
|
|
Simple Machines Forum (SMF) - 'BBCode' Cookie Stealing
|
11 |
WEB
|
Xianur0
|
|
2009-02-03
|
|
Online Grades 3.2.4 - Authentication Bypass
|
10 |
WEB
|
x0r
|
|
2009-02-03
|
|
groone's Guestbook 2.0 - Remote File Inclusion
|
10 |
WEB
|
k3vin mitnick
|
|
2009-02-03
|
|
groone glinks 2.1 - Remote File Inclusion
|
10 |
WEB
|
k3vin mitnick
|
|
2009-02-03
|
|
ClickCart 6.0 - Authentication Bypass
|
12 |
WEB
|
R3d-D3V!L
|
|
2009-02-03
|
|
WholeHogSoftware Password Protect - Insecure Cookie Handling
|
10 |
WEB
|
Stack
|
|
2009-02-03
|
|
WholeHogSoftware Ware Support - Insecure Cookie Handling
|
11 |
WEB
|
Stack
|
|
2009-02-02
|
|
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
|
9 |
WEB
|
LSO
|
|
2009-02-02
|
|
PHPSlash 0.8.1.1 - Remote Code Execution
|
10 |
WEB
|
DarkFig
|
|
2009-02-02
|
|
eVision CMS 2.0 - Remote Code Execution
|
12 |
WEB
|
Osirys
|
|
2009-02-02
|
|
sourdough 0.3.5 - Remote File Inclusion
|
13 |
WEB
|
ahmadbady
|
|
2009-02-02
|
|
CMS Mini 0.2.2 - Remote Command Execution
|
10 |
WEB
|
darkjoker
|
|
2009-02-02
|
|
phpBLASTER 1.0 RC1 - Blind SQL Injection
|
12 |
WEB
|
darkjoker
|
