|
2009-02-16
|
|
Novaboard 1.0.0 - Multiple Vulnerabilities
|
4 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution
|
5 |
WEB
|
Osirys
|
|
2009-02-16
|
|
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
|
6 |
WEB
|
Sp3shial
|
|
2009-02-16
|
|
InselPhoto 1.1 - Cross-Site Scripting
|
4 |
WEB
|
rAWjAW
|
|
2009-02-13
|
|
CmsFaethon 2.2.0 - 'item' SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-02-13
|
|
BlogWrite 0.91 - Remote File Disclosure / SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-02-13
|
|
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion
|
4 |
WEB
|
bd0rk
|
|
2009-02-13
|
|
Vlinks 1.1.6 - 'id' SQL Injection
|
4 |
WEB
|
JIKO
|
|
2009-02-13
|
|
ideacart 0.02 - Local File Inclusion / SQL Injection
|
4 |
WEB
|
nuclear
|
|
2009-02-12
|
|
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripti
|
3 |
WEB
|
Aria-Security Team
|
|
2009-02-12
|
|
Free Joke Script 1.0 - Authentication Bypass
|
4 |
WEB
|
Muhacir
|
|
2009-02-12
|
|
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
|
4 |
WEB
|
x0r
|
|
2009-02-11
|
|
InselPhoto 1.1 - 'query' SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-02-11
|
|
Den Dating 9.01 - 'txtlookgender' SQL Injection
|
4 |
WEB
|
nuclear
|
|
2009-02-11
|
|
Bloggeruniverse 2.0 Beta - 'id' SQL Injection
|
4 |
WEB
|
Osirys
|
|
2009-02-11
|
|
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
|
5 |
WEB
|
Mehmet Ince
|
|
2009-02-11
|
|
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
|
3 |
WEB
|
x0r
|
|
2009-02-11
|
|
SkaDate Online 7 - Arbitrary File Upload
|
4 |
WEB
|
ZoRLu
|
|
2009-02-10
|
|
TYPO3 < 4.0.12/4.1.10/4.2.6 - 'jumpUrl' Remote File Disclosure
|
4 |
WEB
|
Lolek
|
|
2009-02-10
|
|
Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution
|
5 |
WEB
|
Osirys
|
|
2009-02-10
|
|
BlueBird Pre-Release - Authentication Bypass
|
5 |
WEB
|
x0r
|
|
2009-02-10
|
|
Mynews 0.10 - Authentication Bypass
|
4 |
WEB
|
x0r
|
|
2009-02-10
|
|
AuthPhp 1.0 - Authentication Bypass
|
4 |
WEB
|
x0r
|
|
2009-02-10
|
|
Potato News 1.0.0 - Local File Inclusion
|
4 |
WEB
|
x0r
|
|
2009-02-10
|
|
Q-News 2.0 - Remote Command Execution
|
4 |
WEB
|
Fireshot
|
|
2009-02-10
|
|
Papoo CMS 3.x - 'pfadhier' Local File Inclusion
|
4 |
WEB
|
SirGod
|
|
2009-02-10
|
|
Thyme 1.3 - 'export_to' Local File Inclusion
|
4 |
WEB
|
cheverok
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-09
|
|
Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure
|
4 |
WEB
|
bd0rk
|
|
2009-02-09
|
|
WB News 2.1.1 - config[installdir] Remote File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
webframe 0.76 - Multiple File Inclusions
|
5 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
Yet Another NOCC 0.1.0 - Local File Inclusion
|
4 |
WEB
|
Kacper
|
|
2009-02-09
|
|
ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting
|
4 |
WEB
|
make0day
|
|
2009-02-09
|
|
FlexCMS 2.5 - 'catId' SQL Injection
|
4 |
WEB
|
MisterRichard
|
|
2009-02-09
|
|
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
|
4 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
|
5 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Remote Command Execution
|
4 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
PHP Director 0.21 - Remote Command Execution
|
4 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
|
4 |
WEB
|
BackDoor
|
|
2009-02-09
|
|
BusinessSpace 1.2 - 'id' SQL Injection
|
4 |
WEB
|
K-159
|
|
2009-02-09
|
|
w3bcms 3.5.0 - Multiple Vulnerabilities
|
4 |
WEB
|
DNX
|
|
2009-02-09
|
|
IF-CMS 2.0 - 'id' Blind SQL Injection
|
4 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
Traidnt UP 1.0 - Arbitrary File Upload
|
4 |
WEB
|
fantastic
|
|
2009-02-06
|
|
phpYabs 0.1.2 - 'Azione' Remote File Inclusion
|
4 |
WEB
|
Arka69
|
|
2009-02-06
|
|
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
|
4 |
WEB
|
x0r
|
|
2009-02-06
|
|
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion
|
4 |
WEB
|
JosS
|
|
2009-02-06
|
|
CafeEngine - 'catid' SQL Injection
|
4 |
WEB
|
SuNHouSe2
|
|
2009-02-06
|
|
Mailist 3.0 - Insecure Backup / Local File Inclusion
|
4 |
WEB
|
SirGod
|
|
2009-02-06
|
|
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
|
4 |
WEB
|
make0day
|
|
2009-02-06
|
|
Simple PHP News 1.0 - Remote Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-06
|
|
WikkiTikkiTavi 1.11 - Arbitrary '.PHP' File Upload
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-05
|
|
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
|
4 |
WEB
|
cOndemned
|
|
2009-02-05
|
|
ClearBudget 0.6.1 - Insecure Database Disclosure
|
4 |
WEB
|
Room-Hacker
|
|
2009-02-05
|
|
Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure
|
4 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-05
|
|
ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion
|
4 |
WEB
|
SirGod
|
|
2009-02-04
|
|
GR Note 0.94 Beta - (Authentication Bypass) Remote Database Backup
|
4 |
WEB
|
JosS
|
|
2009-02-04
|
|
gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass
|
3 |
WEB
|
JosS
|
|
2009-02-04
|
|
YapBB 1.2 - 'forumID' Blind SQL Injection
|
4 |
WEB
|
darkjoker
|
|
2009-02-04
|
|
team 1.x - File Disclosure / Cross-Site Scripting
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-04
|
|
Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting
|
4 |
WEB
|
Pouya_Server
|
|
2009-02-04
|
|
PHPbbBook 1.3 - 'bbcode.php?l' Local File Inclusion
|
4 |
WEB
|
Osirys
|
|
2009-02-04
|
|
GRBoard 1.8 - Multiple Remote File Inclusions
|
3 |
WEB
|
make0day
|
|
2009-02-04
|
|
rgboard 4 5p1 (07.07.27) - Multiple Vulnerabilities
|
4 |
WEB
|
make0day
|
|
2009-02-04
|
|
Syntax Desktop 2.7 - 'synTarget' Local File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-02-04
|
|
Jaws 0.8.8 - Multiple Local File Inclusions
|
4 |
WEB
|
fuzion
|
|
2009-02-03
|
|
OpenFiler 2.3 - (Authentication Bypass) Remote Password Change
|
4 |
WEB
|
nonroot
|
|
2009-02-03
|
|
Flatnux 2009-01-27 - Remote File Inclusion
|
5 |
WEB
|
Alfons Luja
|
|
2009-02-03
|
|
DreamPics Photo/Video Gallery - Blind SQL Injection
|
3 |
WEB
|
Mehmet Ince
|
|
2009-02-03
|
|
TxtBlog 1.0 Alpha - Remote Command Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-03
|
|
Technote 7.2 - Remote File Inclusion
|
4 |
WEB
|
make0day
|
|
2009-02-03
|
|
4Site CMS 2.6 - Multiple SQL Injections
|
4 |
WEB
|
D.Mortalov
|
|
2009-02-03
|
|
MyDesing Sayac 2.0 - Authentication Bypass
|
5 |
WEB
|
Kacak
|
|
2009-02-03
|
|
WEBalbum 2.4b - 'id' Blind SQL Injection
|
5 |
WEB
|
Mehmet Ince
|
|
2009-02-03
|
|
AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload
|
4 |
WEB
|
Hussin X
|
|
2009-02-03
|
|
Simple Machines Forum (SMF) - 'BBCode' Cookie Stealing
|
4 |
WEB
|
Xianur0
|
|
2009-02-03
|
|
Online Grades 3.2.4 - Authentication Bypass
|
4 |
WEB
|
x0r
|
|
2009-02-03
|
|
groone's Guestbook 2.0 - Remote File Inclusion
|
4 |
WEB
|
k3vin mitnick
|
|
2009-02-03
|
|
groone glinks 2.1 - Remote File Inclusion
|
4 |
WEB
|
k3vin mitnick
|
|
2009-02-03
|
|
ClickCart 6.0 - Authentication Bypass
|
4 |
WEB
|
R3d-D3V!L
|
|
2009-02-03
|
|
WholeHogSoftware Password Protect - Insecure Cookie Handling
|
4 |
WEB
|
Stack
|
|
2009-02-03
|
|
WholeHogSoftware Ware Support - Insecure Cookie Handling
|
4 |
WEB
|
Stack
|
|
2009-02-02
|
|
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
|
3 |
WEB
|
LSO
|
|
2009-02-02
|
|
PHPSlash 0.8.1.1 - Remote Code Execution
|
4 |
WEB
|
DarkFig
|
|
2009-02-02
|
|
eVision CMS 2.0 - Remote Code Execution
|
4 |
WEB
|
Osirys
|
|
2009-02-02
|
|
sourdough 0.3.5 - Remote File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-02-02
|
|
CMS Mini 0.2.2 - Remote Command Execution
|
4 |
WEB
|
darkjoker
|
|
2009-02-02
|
|
phpBLASTER 1.0 RC1 - Blind SQL Injection
|
5 |
WEB
|
darkjoker
|
|
2009-02-02
|
|
WholeHogSoftware Password Protect - Authentication Bypass
|
4 |
WEB
|
ByALBAYX
|
|
2009-02-02
|
|
WholeHogSoftware Ware Support - Authentication Bypass
|
5 |
WEB
|
ByALBAYX
|
|
2009-02-02
|
|
AJA Portal 1.2 (Windows) - Local File Inclusion
|
4 |
WEB
|
ahmadbady
|
|
2009-02-02
|
|
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection
|
5 |
WEB
|
Alfons Luja
|
|
2009-02-02
|
|
sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting
|
6 |
WEB
|
ahmadbady
|
|
2009-01-30
|
|
eVision CMS 2.0 - SQL Injection
|
4 |
WEB
|
darkjoker
|
|
2009-01-30
|
|
SkaLinks 1.5 - Authentication Bypass
|
3 |
WEB
|
Dimi4
|
|
2009-01-30
|
|
Orca 2.0.2 - 'topic ' Cross-Site Scripting
|
4 |
WEB
|
J-Hacker
|
|
2009-01-30
|
|
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
|
3 |
WEB
|
Mehmet Ince
|
|
2009-01-30
|
|
GNUBoard 4.31.04 (09.01.30) - Multiple Local/Remote Vulnerabilities
|
4 |
WEB
|
make0day
|
|
2009-01-30
|
|
Revou Twitter Clone - Cross-Site Scripting / SQL Injection
|
3 |
WEB
|
nuclear
|
|
2009-01-30
|
|
SalesCart - Authentication Bypass
|
4 |
WEB
|
ByALBAYX
|
|
2009-01-29
|
|
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
|
5 |
WEB
|
Michael Brooks
|
|
2009-01-29
|
|
PLE CMS 1.0 Beta 4.2 - Blind SQL Injection
|
4 |
WEB
|
darkjoker
|
|
2009-01-29
|
|
Netartmedia Car Portal 1.0 - Authentication Bypass
|
6 |
WEB
|
Mehmet Ince
|
|
2009-01-29
|
|
GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities
|
4 |
WEB
|
Zigma
|
|
2009-01-29
|
|
Coppermine Photo Gallery 1.4.19 - Remote File Upload
|
4 |
WEB
|
Michael Brooks
|
|
2009-01-29
|
|
Star Articles 6.0 - Remote Contents Change
|
4 |
WEB
|
ByALBAYX
|
|
2009-01-29
|
|
Personal Site Manager 0.3 - Remote Command Execution
|
4 |
WEB
|
darkjoker
|
|
2009-01-28
|
|
SmartSiteCMS 1.0 - Blind SQL Injection
|
4 |
WEB
|
certaindeath
|
|
2009-01-28
|
|
Social Engine 3.06 - 'category_id' SQL Injection
|
4 |
WEB
|
snakespc
|
|
2009-01-28
|
|
Max.Blog 1.0.6 - 'offline_auth.php' Offline Authentication Bypass
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-01-28
|
|
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-01-28
|
|
phpList 2.10.x - Remote Code Execution / Local File Inclusion
|
4 |
WEB
|
mozi
|
|
2009-01-28
|
|
Lore 1.5.6 - 'article.php' Blind SQL Injection
|
4 |
WEB
|
OzX
|
|
2009-01-28
|
|
Gazelle CMS 1.0 - 'template' Local File Inclusion
|
4 |
WEB
|
fuzion
|
|
2009-01-28
|
|
Chipmunk Blog - (Authentication Bypass) Add Admin
|
4 |
WEB
|
x0r
|
|
2009-01-28
|
|
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
|
4 |
WEB
|
Encrypt3d.M!nd
|
|
2009-01-28
|
|
Community CMS 0.4 - 'id' Blind SQL Injection
|
4 |
WEB
|
darkjoker
|
|
2009-01-27
|
|
Pixie CMS 1.0 - Multiple Local File Inclusions
|
5 |
WEB
|
DSecRG
|
|
2009-01-27
|
|
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
|
4 |
WEB
|
Salvatore Fresta
|
|
2009-01-27
|
|
Flax Article Manager 1.1 - Remote PHP Script Upload
|
4 |
WEB
|
S.W.A.T.
|
|
2009-01-26
|
|
OpenX 2.6.3 - 'MAX_type' Local File Inclusion
|
4 |
WEB
|
Charlie Briggs
|
|
2009-01-26
|
|
Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection
|
4 |
WEB
|
TurkGuvenligi
|
|
2009-01-26
|
|
ClickAuction - Authentication Bypass
|
5 |
WEB
|
R3d-D3V!L
|
|
2009-01-26
|
|
SiteXS CMS 0.1.1 - Local File Inclusion
|
5 |
WEB
|
darkjoker
|
|
2009-01-26
|
|
Groone's GLink ORGanizer - 'index.php?cat' SQL Injection
|
4 |
WEB
|
nuclear
|
