|
2009-01-11
|
|
BKWorks ProPHP 0.50b1 - Authentication Bypass
|
10 |
WEB
|
SirGod
|
|
2009-01-11
|
|
XOOPS Module tadbook2 - SQL Injection
|
9 |
WEB
|
stylextra
|
|
2009-01-11
|
|
phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection
|
8 |
WEB
|
darkjoker
|
|
2009-01-11
|
|
Seo4SMF for SMF forums - Multiple Vulnerabilities
|
8 |
WEB
|
WHK
|
|
2009-01-11
|
|
DZcms 3.1 - SQL Injection
|
8 |
WEB
|
Glafkos Charalambous
|
|
2009-01-11
|
|
Fast Guest Book - Authentication Bypass
|
8 |
WEB
|
Moudi
|
|
2009-01-11
|
|
Joomla! Component com_newsflash - 'id' SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-11
|
|
Joomla! Component com_jashowcase - 'catid' SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-11
|
|
Joomla! Component com_xevidmegahd - SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-09
|
|
Fast FAQs System - Authentication Bypass
|
9 |
WEB
|
x0r
|
|
2009-01-08
|
|
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
|
9 |
WEB
|
StAkeR
|
|
2009-01-08
|
|
Pizzis CMS 1.5.1 - Blind SQL Injection
|
9 |
WEB
|
darkjoker
|
|
2009-01-08
|
|
PHP-Fusion Mod vArcade 1.8 - 'comment_id' SQL Injection
|
9 |
WEB
|
Khashayar Fereidani
|
|
2009-01-08
|
|
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
|
8 |
WEB
|
StAkeR
|
|
2009-01-07
|
|
QuoteBook - Remote Configuration File Disclosure
|
8 |
WEB
|
Moudi
|
|
2009-01-07
|
|
PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection
|
8 |
WEB
|
Khashayar Fereidani
|
|
2009-01-07
|
|
PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection
|
8 |
WEB
|
Khashayar Fereidani
|
|
2009-01-07
|
|
Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
|
8 |
WEB
|
irk4z
|
|
2009-01-06
|
|
PollHelper - Remote Configuration File Disclosure
|
9 |
WEB
|
ahmadbady
|
|
2009-01-06
|
|
BlogHelper - Remote Configuration File Disclosure
|
8 |
WEB
|
ahmadbady
|
|
2009-01-06
|
|
PlaySms 0.9.3 - Multiple Local/Remote File Inclusions
|
9 |
WEB
|
ahmadbady
|
|
2009-01-06
|
|
ItCMS 2.1a - Authentication Bypass
|
8 |
WEB
|
certaindeath
|
|
2009-01-06
|
|
Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection
|
8 |
WEB
|
darkjoker
|
|
2009-01-06
|
|
RiotPix 0.61 - Authentication Bypass
|
8 |
WEB
|
ZoRLu
|
|
2009-01-06
|
|
ezpack 4.2b2 - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
!-BUGJACK-!
|
|
2009-01-06
|
|
RiotPix 0.61 - 'forumid' Blind SQL Injection
|
8 |
WEB
|
cOndemned
|
|
2009-01-06
|
|
PHPAuctionSystem - Multiple Remote File Inclusions
|
8 |
WEB
|
darkmasking
|
|
2009-01-05
|
|
PHPAuctionSystem - Insecure Cookie Handling
|
8 |
WEB
|
ZoRLu
|
|
2009-01-05
|
|
PHPAuctionSystem - Cross-Site Scripting / SQL Injection
|
8 |
WEB
|
x0r
|
|
2009-01-05
|
|
Joomla! Component com_phocadocumentation - 'id' SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-05
|
|
Joomla! Component com_na_newsdescription - 'newsid' SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-05
|
|
Cybershade CMS 0.2b - 'index.php' Remote File Inclusion
|
8 |
WEB
|
JosS
|
|
2009-01-05
|
|
Joomla! Component simple_review 1.x - SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2009-01-05
|
|
Ayemsis Emlak Pro - Authentication Bypass
|
8 |
WEB
|
ByALBAYX
|
|
2009-01-05
|
|
Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure
|
8 |
WEB
|
ByALBAYX
|
|
2009-01-04
|
|
The Rat CMS Alpha 2 - Blind SQL Injection
|
8 |
WEB
|
darkjoker
|
|
2009-01-04
|
|
plxAutoReminder 3.7 - 'id' SQL Injection
|
8 |
WEB
|
ZoRLu
|
|
2009-01-04
|
|
PHPMesFilms 1.0 - 'index.php?id' SQL Injection
|
8 |
WEB
|
SuB-ZeRo
|
|
2009-01-04
|
|
WSN Guest 1.23 - 'Search' SQL Injection
|
8 |
WEB
|
DaiMon
|
|
2009-01-04
|
|
PNPHPBB2 < 1.2i - 'ModName' Multiple Local File Inclusions
|
7 |
WEB
|
StAkeR
|
|
2009-01-04
|
|
webSPELL 4.01.02 - 'id' Remote Edit Topics
|
9 |
WEB
|
StAkeR
|
|
2009-01-03
|
|
webSPELL 4 - Authentication Bypass
|
8 |
WEB
|
anonymous
|
|
2009-01-03
|
|
Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection Vulnerabilities
|
8 |
WEB
|
darkjoker
|
|
2009-01-02
|
|
phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
|
8 |
WEB
|
ahmadbady
|
|
2009-01-02
|
|
Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload
|
9 |
WEB
|
ZoRLu
|
|
2009-01-02
|
|
Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload
|
8 |
WEB
|
ZoRLu
|
|
2009-01-01
|
|
PowerClan 1.14a - Authentication Bypass
|
8 |
WEB
|
Virangar Security
|
|
2009-01-01
|
|
PowerNews 2.5.4 - 'newsid' SQL Injection
|
8 |
WEB
|
Virangar Security
|
|
2009-01-01
|
|
w3blabor CMS 3.3.0 - Authentication Bypass
|
8 |
WEB
|
DNX
|
|
2009-01-01
|
|
phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure
|
8 |
WEB
|
ahmadbady
|
|
2009-01-01
|
|
Memberkit 1.0 - Arbitrary File Upload
|
8 |
WEB
|
Lo$er
|
|
2009-01-01
|
|
PHPFootball 1.6 - Remote Hash Disclosure
|
8 |
WEB
|
KinG-LioN
|
|
2009-01-01
|
|
ASPThai.Net WebBoard 6.0 - SQL Injection
|
7 |
WEB
|
DaiMon
|
|
2009-01-01
|
|
EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)
|
8 |
WEB
|
x0r
|
|
2009-01-01
|
|
2Capsule - SQL Injection
|
8 |
WEB
|
Zenith
|
|
2009-01-01
|
|
DDL-Speed Script - 'acp/backup' Admin Backup Bypass
|
8 |
WEB
|
tmh
|
|
2009-01-01
|
|
Viart shopping cart 3.5 - Multiple Vulnerabilities
|
9 |
WEB
|
Xia Shing Zee
|
|
2008-12-30
|
|
Pixel8 Web Photo Album 3.0 - SQL Injection
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-30
|
|
Mole Group Vacation Estate Listing Script - Blind SQL Injection
|
8 |
WEB
|
x0r
|
|
2008-12-30
|
|
CMScout 2.06 - SQL Injection / Local File Inclusion
|
8 |
WEB
|
SirGod
|
|
2008-12-30
|
|
Flexphpic 0.0.x - Authentication Bypass
|
10 |
WEB
|
S.W.A.T.
|
|
2008-12-29
|
|
Flexcustomer 0.0.6 - Admin Authentication Bypass / Possible PHP Code Writing
|
9 |
WEB
|
Osirys
|
|
2008-12-29
|
|
PHPAlumni - SQL Injection
|
8 |
WEB
|
Mr.SQL
|
|
2008-12-29
|
|
ThePortal 2.2 - Arbitrary File Upload
|
8 |
WEB
|
siurek22
|
|
2008-12-29
|
|
eDNews 2.0 - SQL Injection
|
8 |
WEB
|
Virangar Security
|
|
2008-12-29
|
|
Flexphplink 0.0.x - Authentication Bypass
|
9 |
WEB
|
x0r
|
|
2008-12-29
|
|
Flexphpsite 0.0.1 - Authentication Bypass
|
8 |
WEB
|
x0r
|
|
2008-12-29
|
|
FlexPHPDirectory 0.0.1 - Authentication Bypass
|
8 |
WEB
|
x0r
|
|
2008-12-29
|
|
Sepcity Classified - 'ID' SQL Injection
|
8 |
WEB
|
S.W.A.T.
|
|
2008-12-29
|
|
Joomla! Component com_na_content 1.0 - Blind SQL Injection
|
8 |
WEB
|
Mehmet Ince
|
|
2008-12-29
|
|
CMS NetCat 3.0/3.12 - Blind SQL Injection
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-29
|
|
Sepcity Lawyer Portal - SQL Injection
|
8 |
WEB
|
Osmanizim
|
|
2008-12-29
|
|
Sepcity Shopping Mall - SQL Injection
|
8 |
WEB
|
Osmanizim
|
|
2008-12-29
|
|
Ultimate PHP Board 2.2.1 - Privilege Escalation
|
8 |
WEB
|
StAkeR
|
|
2008-12-29
|
|
FubarForum 1.6 - Authentication Bypass Change User Password
|
10 |
WEB
|
R31P0l
|
|
2008-12-29
|
|
TaskDriver 1.3 - Remote Change Admin Password
|
8 |
WEB
|
cOndemned
|
|
2008-12-29
|
|
eDContainer 2.22 - Local File Inclusion
|
8 |
WEB
|
GoLd_M
|
|
2008-12-29
|
|
eDNews 2.0 - Local File Inclusion
|
8 |
WEB
|
GoLd_M
|
|
2008-12-29
|
|
webClassifieds 2005 - Authentication Bypass
|
8 |
WEB
|
AnGeL25dZ
|
|
2008-12-28
|
|
Silentum LoginSys 1.0.0 - Insecure Cookie Handling
|
8 |
WEB
|
Osirys
|
|
2008-12-28
|
|
Flexphplink Pro - Arbitrary File Upload
|
8 |
WEB
|
Osirys
|
|
2008-12-28
|
|
ForumApp 3.3 - Remote Database Disclosure
|
8 |
WEB
|
Cyber.Zer0
|
|
2008-12-28
|
|
PHP-Fusion Mod TI - 'id' SQL Injection
|
8 |
WEB
|
Khashayar Fereidani
|
|
2008-12-28
|
|
OwenPoll 1.0 - Insecure Cookie Handling
|
8 |
WEB
|
Osirys
|
|
2008-12-28
|
|
Alstrasoft Web Email Script Enterprise - 'id' SQL Injection
|
8 |
WEB
|
Bgh7
|
|
2008-12-28
|
|
FubarForum 1.6 - Arbitrary Authentication Bypass
|
9 |
WEB
|
k3yv4n
|
|
2008-12-28
|
|
DeluxeBB 1.2 - Blind SQL Injection
|
8 |
WEB
|
StAkeR
|
|
2008-12-28
|
|
Joomla! Component PAX Gallery 0.1 - Blind SQL Injection
|
7 |
WEB
|
XaDoS
|
|
2008-12-28
|
|
Miniweb 2.0 - Authentication Bypass
|
9 |
WEB
|
bizzit
|
|
2008-12-24
|
|
BloofoxCMS 0.3.4 - 'lang' Local File Inclusion
|
8 |
WEB
|
fuzion
|
|
2008-12-24
|
|
ClaSS 0.8.60 - 'export.php' Local File Inclusion
|
9 |
WEB
|
fuzion
|
|
2008-12-24
|
|
PHP-Fusion 7.0.2 - Blind SQL Injection
|
9 |
WEB
|
StAkeR
|
|
2008-12-24
|
|
Joomla! Component 5starhotels - SQL Injection
|
8 |
WEB
|
EcHoLL
|
|
2008-12-24
|
|
Joomla! Component mDigg 2.2.8 - 'category' SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-24
|
|
Joomla! Component Live Ticker 1.0 - Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-24
|
|
Joomla! Component Ice Gallery 0.5b2 - 'catid' Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-24
|
|
ILIAS 3.7.4 - 'ref_id' Blind SQL Injection
|
8 |
WEB
|
Lidloses_Auge
|
|
2008-12-24
|
|
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
|
8 |
WEB
|
x0r
|
|
2008-12-23
|
|
Joomla! Component com_allhotels - Blind SQL Injection
|
8 |
WEB
|
Hussin X
|
|
2008-12-23
|
|
Joomla! Component com_lowcosthotels - Blind SQL Injection
|
9 |
WEB
|
Hussin X
|
|
2008-12-23
|
|
StormBoard 1.0.1 - SQL Injection
|
10 |
WEB
|
Samir-M
|
|
2008-12-23
|
|
phpEmployment - 'PHP Upload' Arbitrary File Upload
|
9 |
WEB
|
ahmadbady
|
|
2008-12-23
|
|
PHPAdBoard - PHP uploads Arbitrary File Upload
|
8 |
WEB
|
ahmadbady
|
|
2008-12-23
|
|
phpGreetCards - Cross-Site Scripting / Arbitrary File Upload
|
8 |
WEB
|
ahmadbady
|
|
2008-12-23
|
|
CMS NetCat 3.12 - Multiple Vulnerabilities
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-23
|
|
CMS NetCat 3.12 - 'password_recovery.php' Blind SQL Injection
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-23
|
|
PHPLD 3.3 - Blind SQL Injection
|
8 |
WEB
|
fuzion
|
|
2008-12-23
|
|
PHPmotion 2.1 - Cross-Site Request Forgery
|
8 |
WEB
|
Ausome1
|
|
2008-12-22
|
|
Roundcube Webmail 0.2b - Remote Code Execution
|
8 |
WEB
|
Hunger
|
|
2008-12-22
|
|
REDPEACH CMS - SQL Injection
|
8 |
WEB
|
Lidloses_Auge
|
|
2008-12-22
|
|
Calendar Script 1.1 - Authentication Bypass
|
8 |
WEB
|
StAkeR
|
|
2008-12-22
|
|
Roundcube Webmail 0.2-3 Beta - Code Execution
|
9 |
WEB
|
Jacobo Avariento
|
|
2008-12-22
|
|
SolarCMS 0.53.8 - 'Forum' Remote Cookies Disclosure
|
8 |
WEB
|
StAkeR
|
|
2008-12-22
|
|
Joomla! Component Volunteer 2.0 - SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-22
|
|
yourplace 1.0.2 - Multiple Vulnerabilities / Remote Code Execution
|
8 |
WEB
|
Osirys
|
|
2008-12-22
|
|
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
|
8 |
WEB
|
Ams
|
|
2008-12-22
|
|
WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure
|
7 |
WEB
|
GoLd_M
|
|
2008-12-22
|
|
Text Lines Rearrange Script - 'Filename' File Disclosure
|
8 |
WEB
|
SirGod
|
|
2008-12-22
|
|
RSS Simple News - SQL Injection
|
8 |
WEB
|
Piker
|
|
2008-12-21
|
|
phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service
|
8 |
WEB
|
Anarchy Angel
|
|
2008-12-21
|
|
Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-21
|
|
Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-21
|
|
BLOG 1.55B - 'image_upload.php' Arbitrary File Upload
|
7 |
WEB
|
Piker
|
|
2008-12-21
|
|
Emefa Guestbook 3.0 - Remote Database Disclosure
|
8 |
WEB
|
Cyber.Zer0
|
|
2008-12-21
|
|
Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
|
8 |
WEB
|
BugReport.IR
|
