|
2009-02-02
|
|
WholeHogSoftware Password Protect - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-02-02
|
|
WholeHogSoftware Ware Support - Authentication Bypass
|
13 |
WEB
|
ByALBAYX
|
|
2009-02-02
|
|
AJA Portal 1.2 (Windows) - Local File Inclusion
|
11 |
WEB
|
ahmadbady
|
|
2009-02-02
|
|
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection
|
12 |
WEB
|
Alfons Luja
|
|
2009-02-02
|
|
sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting
|
13 |
WEB
|
ahmadbady
|
|
2009-01-30
|
|
eVision CMS 2.0 - SQL Injection
|
10 |
WEB
|
darkjoker
|
|
2009-01-30
|
|
SkaLinks 1.5 - Authentication Bypass
|
10 |
WEB
|
Dimi4
|
|
2009-01-30
|
|
Orca 2.0.2 - 'topic ' Cross-Site Scripting
|
11 |
WEB
|
J-Hacker
|
|
2009-01-30
|
|
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
|
9 |
WEB
|
Mehmet Ince
|
|
2009-01-30
|
|
GNUBoard 4.31.04 (09.01.30) - Multiple Local/Remote Vulnerabilities
|
10 |
WEB
|
make0day
|
|
2009-01-30
|
|
Revou Twitter Clone - Cross-Site Scripting / SQL Injection
|
11 |
WEB
|
nuclear
|
|
2009-01-30
|
|
SalesCart - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-29
|
|
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
|
12 |
WEB
|
Michael Brooks
|
|
2009-01-29
|
|
PLE CMS 1.0 Beta 4.2 - Blind SQL Injection
|
11 |
WEB
|
darkjoker
|
|
2009-01-29
|
|
Netartmedia Car Portal 1.0 - Authentication Bypass
|
15 |
WEB
|
Mehmet Ince
|
|
2009-01-29
|
|
GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities
|
10 |
WEB
|
Zigma
|
|
2009-01-29
|
|
Coppermine Photo Gallery 1.4.19 - Remote File Upload
|
10 |
WEB
|
Michael Brooks
|
|
2009-01-29
|
|
Star Articles 6.0 - Remote Contents Change
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-29
|
|
Personal Site Manager 0.3 - Remote Command Execution
|
10 |
WEB
|
darkjoker
|
|
2009-01-28
|
|
SmartSiteCMS 1.0 - Blind SQL Injection
|
11 |
WEB
|
certaindeath
|
|
2009-01-28
|
|
Social Engine 3.06 - 'category_id' SQL Injection
|
10 |
WEB
|
snakespc
|
|
2009-01-28
|
|
Max.Blog 1.0.6 - 'offline_auth.php' Offline Authentication Bypass
|
10 |
WEB
|
Salvatore Fresta
|
|
2009-01-28
|
|
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
|
10 |
WEB
|
Salvatore Fresta
|
|
2009-01-28
|
|
phpList 2.10.x - Remote Code Execution / Local File Inclusion
|
10 |
WEB
|
mozi
|
|
2009-01-28
|
|
Lore 1.5.6 - 'article.php' Blind SQL Injection
|
10 |
WEB
|
OzX
|
|
2009-01-28
|
|
Gazelle CMS 1.0 - 'template' Local File Inclusion
|
10 |
WEB
|
fuzion
|
|
2009-01-28
|
|
Chipmunk Blog - (Authentication Bypass) Add Admin
|
10 |
WEB
|
x0r
|
|
2009-01-28
|
|
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
|
10 |
WEB
|
Encrypt3d.M!nd
|
|
2009-01-28
|
|
Community CMS 0.4 - 'id' Blind SQL Injection
|
12 |
WEB
|
darkjoker
|
|
2009-01-27
|
|
Pixie CMS 1.0 - Multiple Local File Inclusions
|
11 |
WEB
|
DSecRG
|
|
2009-01-27
|
|
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
|
11 |
WEB
|
Salvatore Fresta
|
|
2009-01-27
|
|
Flax Article Manager 1.1 - Remote PHP Script Upload
|
10 |
WEB
|
S.W.A.T.
|
|
2009-01-26
|
|
OpenX 2.6.3 - 'MAX_type' Local File Inclusion
|
13 |
WEB
|
Charlie Briggs
|
|
2009-01-26
|
|
Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection
|
11 |
WEB
|
TurkGuvenligi
|
|
2009-01-26
|
|
ClickAuction - Authentication Bypass
|
12 |
WEB
|
R3d-D3V!L
|
|
2009-01-26
|
|
SiteXS CMS 0.1.1 - Local File Inclusion
|
12 |
WEB
|
darkjoker
|
|
2009-01-26
|
|
Groone's GLink ORGanizer - 'index.php?cat' SQL Injection
|
12 |
WEB
|
nuclear
|
|
2009-01-26
|
|
Wazzum Dating Software - 'userid' SQL Injection
|
11 |
WEB
|
nuclear
|
|
2009-01-26
|
|
PHP-CMS 1 - 'Username' Blind SQL Injection
|
11 |
WEB
|
darkjoker
|
|
2009-01-26
|
|
SHOP-INET 4 - 'grid' SQL Injection
|
11 |
WEB
|
FeDeReR
|
|
2009-01-26
|
|
Script Toko Online 5.01 - SQL Injection
|
11 |
WEB
|
k1n9k0ng
|
|
2009-01-26
|
|
E-ShopSystem - Authentication Bypass / SQL Injection
|
11 |
WEB
|
InjEctOr5
|
|
2009-01-26
|
|
ITLPoll 2.7 Stable2 - Blind SQL Injection
|
11 |
WEB
|
fuzion
|
|
2009-01-26
|
|
Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Uplo
|
10 |
WEB
|
Xianur0
|
|
2009-01-25
|
|
EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure
|
12 |
WEB
|
Pouya_Server
|
|
2009-01-25
|
|
OpenGoo 1.1 - Local File Inclusion
|
9 |
WEB
|
fuzion
|
|
2009-01-25
|
|
Flax Article Manager 1.1 - 'cat_id' SQL Injection
|
9 |
WEB
|
JIKO
|
|
2009-01-25
|
|
Web-Calendar Lite 1.0 - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-25
|
|
Mambo Component com_sim 0.8 - Blind SQL Injection
|
11 |
WEB
|
Mehmet Ince
|
|
2009-01-25
|
|
MemHT Portal 4.0.1 - Remote Code Execution
|
10 |
WEB
|
StAkeR
|
|
2009-01-22
|
|
Pardal CMS 0.2.0 - Blind SQL Injection
|
13 |
WEB
|
darkjoker
|
|
2009-01-22
|
|
asp-project 1.0 - Insecure Cookie Method
|
11 |
WEB
|
Khashayar Fereidani
|
|
2009-01-22
|
|
OwnRS Blog 1.2 - 'autor.php' SQL Injection
|
10 |
WEB
|
nuclear
|
|
2009-01-21
|
|
Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
|
11 |
WEB
|
vds_s
|
|
2009-01-21
|
|
Joomla! Component com_pcchess - Blind SQL Injection
|
11 |
WEB
|
InjEctOr5
|
|
2009-01-21
|
|
Sad Raven's Click Counter 1.0 - 'passwd.dat' File Disclosure
|
9 |
WEB
|
Pouya_Server
|
|
2009-01-21
|
|
Mambo Component SOBI2 RC 2.8.2 - SQL Injection
|
11 |
WEB
|
Br1ght D@rk
|
|
2009-01-21
|
|
Joomla! Component Com BazaarBuilder Shopping Cart 5.0 - SQL Injection
|
13 |
WEB
|
XaDoS
|
|
2009-01-20
|
|
Dodo's Quiz Script 1.1 - Local File Inclusion
|
10 |
WEB
|
Stack
|
|
2009-01-20
|
|
LinPHA Photo Gallery 2.0 - Remote Command Execution
|
12 |
WEB
|
Osirys
|
|
2009-01-20
|
|
AJ Auction Pro OOPD 2.3 - 'id' SQL Injection
|
10 |
WEB
|
snakespc
|
|
2009-01-20
|
|
Max.Blog 1.0.6 - Arbitrary Delete Post
|
12 |
WEB
|
SirGod
|
|
2009-01-19
|
|
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
|
9 |
WEB
|
Danny Moules
|
|
2009-01-19
|
|
Joomla! Component com_waticketsystem - Blind SQL Injection
|
10 |
WEB
|
InjEctOr5
|
|
2009-01-19
|
|
phpads 2.0 - Multiple Vulnerabilities
|
10 |
WEB
|
Danny Moules
|
|
2009-01-19
|
|
Ninja Blog 4.8 - Remote Information Disclosure
|
10 |
WEB
|
Danny Moules
|
|
2009-01-19
|
|
RCBlog 1.03 - Authentication Bypass
|
10 |
WEB
|
Danny Moules
|
|
2009-01-19
|
|
Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting
|
10 |
WEB
|
Osirys
|
|
2009-01-19
|
|
Joomla! Component com_news - SQL Injection
|
14 |
WEB
|
snakespc
|
|
2009-01-19
|
|
Joomla! Component com_pccookbook - 'recipe_id' Blind SQL Injection
|
12 |
WEB
|
InjEctOr5
|
|
2009-01-19
|
|
Fhimage 1.2.1 - Remote Command Execution (mq = off)
|
10 |
WEB
|
Osirys
|
|
2009-01-19
|
|
Fhimage 1.2.1 - Remote Index Change
|
10 |
WEB
|
Osirys
|
|
2009-01-18
|
|
ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure
|
10 |
WEB
|
bd0rk
|
|
2009-01-18
|
|
SCMS 1 - Local File Inclusion
|
10 |
WEB
|
ahmadbady
|
|
2009-01-18
|
|
Click&Email - Authentication Bypass
|
12 |
WEB
|
SuB-ZeRo
|
|
2009-01-18
|
|
DS-IPN.NET Digital Sales IPN - Database Disclosure
|
10 |
WEB
|
Moudi
|
|
2009-01-18
|
|
Joomla! Component Gigcal 1.x - 'id' SQL Injection
|
10 |
WEB
|
Lanti-Net
|
|
2009-01-16
|
|
BibCiter 1.4 - Multiple SQL Injections
|
10 |
WEB
|
nuclear
|
|
2009-01-16
|
|
Simple PHP NewsLetter 1.5 - Local File Inclusion
|
9 |
WEB
|
ahmadbady
|
|
2009-01-16
|
|
Aj Classifieds For Sale 3.0 - Arbitrary File Upload
|
9 |
WEB
|
ZoRLu
|
|
2009-01-16
|
|
Aj Classifieds Personals 3.0 - Arbitrary File Upload
|
10 |
WEB
|
ZoRLu
|
|
2009-01-16
|
|
Aj Classifieds Real Estate 3.0 - Arbitrary File Upload
|
13 |
WEB
|
ZoRLu
|
|
2009-01-16
|
|
ASP ActionCalendar 1.3 - Authentication Bypass
|
12 |
WEB
|
SuB-ZeRo
|
|
2009-01-16
|
|
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
|
11 |
WEB
|
Pouya_Server
|
|
2009-01-16
|
|
Rankem - File Disclosure / Cross-Site Scripting / Cookie
|
12 |
WEB
|
Pouya_Server
|
|
2009-01-16
|
|
Ping IP - Authentication Bypass
|
11 |
WEB
|
ByALBAYX
|
|
2009-01-16
|
|
The Walking Club - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-16
|
|
eReservations - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-16
|
|
eFAQ - Authentication Bypass
|
10 |
WEB
|
ByALBAYX
|
|
2009-01-15
|
|
Free Bible Search PHP Script - SQL Injection
|
10 |
WEB
|
nuclear
|
|
2009-01-15
|
|
Blue Eye CMS 1.0.0 - 'clanek' Blind SQL Injection
|
11 |
WEB
|
darkjoker
|
|
2009-01-15
|
|
MKPortal 1.2.1 - Multiple Vulnerabilities
|
10 |
WEB
|
waraxe
|
|
2009-01-15
|
|
Joomla! Component RD-Autos 1.5.5 - SQL Injection
|
11 |
WEB
|
H!tm@N
|
|
2009-01-15
|
|
Joomla! Component com_Eventing 1.6.x - Blind SQL Injection
|
12 |
WEB
|
InjEctOr5
|
|
2009-01-15
|
|
GNUBoard 4.31.03 (08.12.29) - Local File Inclusion
|
10 |
WEB
|
flyh4t
|
|
2009-01-15
|
|
DMXReady Billboard Manager 1.1 - Arbitrary File Upload
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady SDK 1.1 - Arbitrary File Download
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady BillboardManager 1.1 - Contents Change
|
10 |
WEB
|
x0r
|
|
2009-01-14
|
|
DMXReady Secure Document Library 1.1 - SQL Injection
|
11 |
WEB
|
ajann
|
|
2009-01-14
|
|
PHP Photo Album 0.8b - 'preview' Local File Inclusion
|
11 |
WEB
|
Osirys
|
|
2009-01-14
|
|
DMXReady Registration Manager 1.1 - Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Photo Gallery Manager 1.1 - Contents Change
|
11 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady PayPal Store Manager 1.1 - Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
phosheezy 2.0 - Remote Command Execution
|
10 |
WEB
|
Osirys
|
|
2009-01-14
|
|
phpList 2.10.8 - Local File Inclusion
|
11 |
WEB
|
BugReport.IR
|
|
2009-01-14
|
|
Joomla! Component Fantasytournament - SQL Injection
|
10 |
WEB
|
H!tm@N
|
|
2009-01-14
|
|
Joomla! Component Camelcitydb2 2.2 - SQL Injection
|
10 |
WEB
|
H!tm@N
|
|
2009-01-14
|
|
DMXReady Members Area Manager 1.2 - SQL Injection
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Member Directory Manager 1.1 - SQL Injection
|
11 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Links Manager 1.1 - Remote Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Job Listing 1.1 - Remote Contents Change
|
9 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Faqs Manager 1.1 - Remote Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Document Library Manager 1.1 - Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Contact Us Manager 1.1 - Remote Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Classified Listings Manager 1.1 - SQL Injection
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Catalog Manager 1.1 - Remote Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-14
|
|
DMXReady Blog Manager 1.1 - Remote File Delete
|
12 |
WEB
|
ajann
|
|
2009-01-14
|
|
Netvolution CMS 1.0 - Cross-Site Scripting / SQL Injection
|
12 |
WEB
|
Ellinas
|
|
2009-01-14
|
|
Syzygy CMS 0.3 - Authentication Bypass
|
10 |
WEB
|
darkjoker
|
|
2009-01-13
|
|
Dark Age CMS 0.2c Beta - Authentication Bypass
|
14 |
WEB
|
darkjoker
|
|
2009-01-13
|
|
DMXReady Account List Manager 1.1 - Contents Change
|
10 |
WEB
|
ajann
|
|
2009-01-13
|
|
HSPell 1.1 - 'cilla.cgi' Remote Command Execution
|
9 |
WEB
|
ZeN
|
|
2009-01-13
|
|
DMXReady News Manager 1.1 - Arbitrary Category Change
|
10 |
WEB
|
ajann
|
|
2009-01-13
|
|
Joomla! Component gigCalendar 1.0 - SQL Injection
|
10 |
WEB
|
boom3rang
|
|
2009-01-13
|
|
Virtual Guestbook 2.1 - Remote Database Disclosure
|
12 |
WEB
|
Moudi
|
