|
2008-12-21
|
|
ReVou Twitter Clone - Arbitrary File Upload
|
8 |
WEB
|
S.W.A.T.
|
|
2008-12-21
|
|
Userlocator 3.0 - Blind SQL Injection
|
8 |
WEB
|
katharsis
|
|
2008-12-19
|
|
Constructr CMS 3.02.5 stable - Multiple Vulnerabilities
|
8 |
WEB
|
fuzion
|
|
2008-12-19
|
|
OneOrZero helpdesk 1.6.x. - Arbitrary File Upload
|
8 |
WEB
|
Ams
|
|
2008-12-19
|
|
FreeLyrics 1.0 - Remote File Disclosure
|
7 |
WEB
|
Piker
|
|
2008-12-19
|
|
myPHPscripts Login Session 2.0 - Cross-Site Scripting / Database Disclosure
|
9 |
WEB
|
Osirys
|
|
2008-12-19
|
|
Extract Website - 'Filename' File Disclosure
|
8 |
WEB
|
Cold Zero
|
|
2008-12-19
|
|
Online Keyword Research Tool - 'download.php' File Disclosure
|
8 |
WEB
|
Cold Zero
|
|
2008-12-19
|
|
ReVou Twitter Clone - Admin Password Change
|
8 |
WEB
|
G4N0K
|
|
2008-12-19
|
|
MyPBS - 'seasonID' SQL Injection
|
8 |
WEB
|
Piker
|
|
2008-12-18
|
|
MyPHPsite - Local File Inclusion
|
8 |
WEB
|
Piker
|
|
2008-12-18
|
|
Gobbl CMS 1.0 - Insecure Cookie Handling
|
9 |
WEB
|
x0r
|
|
2008-12-18
|
|
Injader CMS 2.1.1 - 'id' SQL Injection
|
7 |
WEB
|
fuzion
|
|
2008-12-18
|
|
phpclanwebsite 1.23.3 fix pack #5 - Multiple Vulnerabilities
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-18
|
|
I-Rater Basic - SQL Injection
|
8 |
WEB
|
boom3rang
|
|
2008-12-18
|
|
Calendar Script 1.1 - Insecure Cookie Handling
|
8 |
WEB
|
Osirys
|
|
2008-12-18
|
|
2532/Gigs 1.2.2 Stable - Remote Command Execution
|
8 |
WEB
|
StAkeR
|
|
2008-12-18
|
|
2532/Gigs 1.2.2 Stable - Remote Authentication Bypass
|
7 |
WEB
|
StAkeR
|
|
2008-12-18
|
|
2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities
|
8 |
WEB
|
Osirys
|
|
2008-12-18
|
|
Mini File Host 1.x - Arbitrary '.PHP' File Upload
|
9 |
WEB
|
Pouya_Server
|
|
2008-12-17
|
|
QuickerSite Easy CMS - Database Disclosure
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-17
|
|
Lizardware CMS 0.6.0 - Blind SQL Injection
|
9 |
WEB
|
StAkeR
|
|
2008-12-17
|
|
TinyMCE 2.0.1 - 'menuID' SQL Injection
|
9 |
WEB
|
AnGeL25dZ
|
|
2008-12-17
|
|
Joomla! Component Tech Article 1.x - SQL Injection
|
9 |
WEB
|
InjEctOr5
|
|
2008-12-17
|
|
r.cms 2.0 - Multiple SQL Injections
|
8 |
WEB
|
Lidloses_Auge
|
|
2008-12-17
|
|
K&S Shopsysteme - Arbitrary File Upload
|
7 |
WEB
|
mNt
|
|
2008-12-17
|
|
BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure
|
7 |
WEB
|
Dxil
|
|
2008-12-17
|
|
RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling
|
7 |
WEB
|
Osirys
|
|
2008-12-16
|
|
Gnews Publisher .NET - SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-16
|
|
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
|
6 |
WEB
|
ZoRLu
|
|
2008-12-16
|
|
Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure
|
8 |
WEB
|
Cold Zero
|
|
2008-12-16
|
|
Nukedit 4.9.8 - Remote Database Disclosure
|
8 |
WEB
|
Cyber.Zer0
|
|
2008-12-16
|
|
Aiyoota! CMS - Blind SQL Injection
|
7 |
WEB
|
Lidloses_Auge
|
|
2008-12-16
|
|
FLDS 1.2a - 'report.php' SQL Injection
|
7 |
WEB
|
ka0x
|
|
2008-12-16
|
|
Web Wiz Guestbook 8.21 - Database Disclosure
|
7 |
WEB
|
Cold Zero
|
|
2008-12-16
|
|
FaScript FaUpload - SQL Injection
|
7 |
WEB
|
Aria-Security Team
|
|
2008-12-15
|
|
Click&Rank - SQL Injection / Cross-Site Scripting
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
clickandemail - SQL Injection / Cross-Site Scripting
|
6 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
Click&BaneX - Multiple SQL Injections
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
CFAGCMS 1 - SQL Injection
|
7 |
WEB
|
ZoRLu
|
|
2008-12-15
|
|
Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection
|
7 |
WEB
|
NoGe
|
|
2008-12-15
|
|
WorkSimple 1.2.1 - Remote File Inclusion / Sensitive Data Disclosure
|
7 |
WEB
|
Osirys
|
|
2008-12-15
|
|
CadeNix - SQL Injection
|
7 |
WEB
|
HaCkeR_EgY
|
|
2008-12-15
|
|
XOOPS Module Amevents - SQL Injection
|
8 |
WEB
|
nétRoot
|
|
2008-12-15
|
|
The Rat CMS Alpha 2 - Authentication Bypass
|
7 |
WEB
|
x0r
|
|
2008-12-15
|
|
Mediatheka 4.2 - Blind SQL Injection
|
8 |
WEB
|
StAkeR
|
|
2008-12-15
|
|
BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber
|
8 |
WEB
|
SirGod
|
|
2008-12-15
|
|
FLDS 1.2a - 'lpro.php' SQL Injection
|
7 |
WEB
|
nuclear
|
|
2008-12-15
|
|
EZ Publish < 3.9.5/3.10.1/4.0.1 - 'token' Privilege Escalation
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-15
|
|
CodeAvalanche RateMySite - Database Disclosure
|
8 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche Articles - Database Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche FreeWallpaper - Remote Database Disclosure
|
8 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche FreeForAll - Database Disclosure
|
8 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche Directory - Database Disclosure
|
8 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
Forest Blog 1.3.2 - Remote Database Disclosure
|
8 |
WEB
|
Cold Zero
|
|
2008-12-14
|
|
isweb CMS 3.0 - SQL Injection / Cross-Site Scripting
|
8 |
WEB
|
XaDoS
|
|
2008-12-14
|
|
ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
ASPSiteWare Home Builder 1.0/2.0 - SQL Injection
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
Flatnux - html/JavaScript Injection Cookie Grabber
|
8 |
WEB
|
gmda
|
|
2008-12-14
|
|
CFAGCMS 1 - Remote File Inclusion
|
8 |
WEB
|
BeyazKurt
|
|
2008-12-14
|
|
Mediatheka 4.2 - 'lang' Local File Inclusion
|
8 |
WEB
|
Osirys
|
|
2008-12-14
|
|
AvailScript Classmate Script - Arbitrary File Upload
|
8 |
WEB
|
S.W.A.T.
|
|
2008-12-14
|
|
AvailScript Article Script - Arbitrary File Upload
|
8 |
WEB
|
S.W.A.T.
|
|
2008-12-14
|
|
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation
|
9 |
WEB
|
x0r
|
|
2008-12-14
|
|
FLDS 1.2a - 'redir.php' SQL Injection
|
7 |
WEB
|
nuclear
|
|
2008-12-14
|
|
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
|
8 |
WEB
|
ahmadbady
|
|
2008-12-14
|
|
CodeAvalanche FreeForum - Database Disclosure
|
8 |
WEB
|
Ghost Hacker
|
|
2008-12-14
|
|
iyzi Forum 1.0b3 - Database Disclosure
|
7 |
WEB
|
Ghost Hacker
|
|
2008-12-14
|
|
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
|
7 |
WEB
|
SirGod
|
|
2008-12-14
|
|
ASP-DEV Internal E-Mail System - Authentication Bypass
|
7 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
ASPired2Quote - Remote Database Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
Discussion Web 4 - Remote Database Disclosure
|
8 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion
|
7 |
WEB
|
Osirys
|
|
2008-12-14
|
|
FlexPHPNews 0.0.6 / PRO - Authentication Bypass
|
7 |
WEB
|
Osirys
|
|
2008-12-12
|
|
Joomla! Component live chat - SQL Injection / Open Proxy
|
8 |
WEB
|
jdc
|
|
2008-12-12
|
|
ColdFusion Scripts Red_Reservations - Database Disclosure
|
7 |
WEB
|
Cyber-Zone
|
|
2008-12-12
|
|
Umer Inc Songs Portal Script - 'id' SQL Injection
|
7 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
VP-ASP Shopping Cart 6.50 - Database Disclosure
|
7 |
WEB
|
Dxil
|
|
2008-12-12
|
|
Moodle 1.9.3 - Remote Code Execution
|
7 |
WEB
|
USH
|
|
2008-12-12
|
|
the net guys aspired2blog - SQL Injection / File Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-12-12
|
|
Social Groupie - 'create_album.php' Arbitrary File Upload
|
7 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
Wysi Wiki Wyg 1.0 - Remote Password Retrieve
|
7 |
WEB
|
StAkeR
|
|
2008-12-12
|
|
Social Groupie - 'id' SQL Injection
|
7 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
Xpoze 4.10 - 'menu' Blind SQL Injection
|
7 |
WEB
|
XaDoS
|
|
2008-12-12
|
|
SUMON 0.7.0 - Command Execution
|
7 |
WEB
|
dun
|
|
2008-12-12
|
|
ASP-CMS 1.0 - 'cha' SQL Injection
|
7 |
WEB
|
Khashayar Fereidani
|
|
2008-12-12
|
|
The Net Guys ASPired2Protect - Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-11
|
|
The Net Guys ASPired2Poll - Remote Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-11
|
|
PHP Support Tickets 2.2 - Arbitrary File Upload
|
7 |
WEB
|
ahmadbady
|
|
2008-12-11
|
|
Banner Exchange Java - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Ad Management Java - Authentication Bypass
|
6 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Affiliate Software Java 4.0 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Feed CMS 1.07.03.19b - 'lang' Local File Inclusion
|
7 |
WEB
|
x0r
|
|
2008-12-11
|
|
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
|
7 |
WEB
|
s4avrd0w
|
|
2008-12-11
|
|
MyCal Personal Events Calendar - Database Disclosure
|
7 |
WEB
|
CoBRa_21
|
|
2008-12-11
|
|
evCal Events Calendar - Database Disclosure
|
7 |
WEB
|
Cyber-Zone
|
|
2008-12-11
|
|
PhpAddEdit 1.3 - 'cookie' Authentication Bypass
|
7 |
WEB
|
x0r
|
|
2008-12-10
|
|
phpAddEdit 1.3 - 'editform' Local File Inclusion
|
7 |
WEB
|
nuclear
|
|
2008-12-10
|
|
CF_Forum - Blind SQL Injection
|
6 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CFMBLOG - 'categorynbr' Blind SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CF_Auction - Blind SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CF_Calendar - 'calendarevent.cfm' SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
cf shopkart 5.2.2 - SQL Injection / File Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
Butterfly ORGanizer 2.0.1 - 'id' SQL Injection
|
7 |
WEB
|
Osirys
|
|
2008-12-10
|
|
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
|
7 |
WEB
|
ZynbER
|
|
2008-12-10
|
|
living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload
|
7 |
WEB
|
Bgh7
|
|
2008-12-10
|
|
WebMaster Marketplace - SQL Injection
|
7 |
WEB
|
Hussin X
|
|
2008-12-10
|
|
EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
|
8 |
WEB
|
s4avrd0w
|
|
2008-12-10
|
|
HTMPL 1.11 - Command Execution
|
7 |
WEB
|
ZeN
|
|
2008-12-09
|
|
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
|
6 |
WEB
|
ahmadbady
|
|
2008-12-09
|
|
PHPmyGallery 1.5beta - '/common-tpl-vars.php' Local/Remote File Inclusion
|
7 |
WEB
|
CoBRa_21
|
|
2008-12-09
|
|
postecards - SQL Injection / File Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-09
|
|
ProQuiz 1.0 - Authentication Bypass
|
7 |
WEB
|
Osirys
|
|
2008-12-09
|
|
Netref 4.0 - Multiple SQL Injections
|
8 |
WEB
|
SuB-ZeRo
|
|
2008-12-09
|
|
Peel Shopping 3.1 - 'rubid' SQL Injection
|
8 |
WEB
|
SuB-ZeRo
|
|
2008-12-09
|
|
PHPmyGallery 1.0beta2 - Local/Remote File Inclusion
|
7 |
WEB
|
ZoRLu
|
|
2008-12-09
|
|
Poll Pro 2.0 - Authentication Bypass
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-09
|
|
Professional Download Assistant 0.1 - Authentication Bypass
|
8 |
WEB
|
ZoRLu
|
|
2008-12-08
|
|
webcaf 1.4 - Local File Inclusion / Remote Code Execution
|
8 |
WEB
|
dun
|
|
2008-12-08
|
|
phpBB 3 - Mod Tag Board 4 Blind SQL Injection
|
8 |
WEB
|
StAkeR
|
|
2008-12-08
|
|
vBulletin Secure Downloads 2.0.0r - SQL Injection
|
8 |
WEB
|
Cnaph
|
|
2008-12-08
|
|
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
|
7 |
WEB
|
Michael Brooks
|
|
2008-12-08
|
|
phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection
|
7 |
WEB
|
Michael Brooks
|
|
2008-12-08
|
|
siu guarani - Multiple Vulnerabilities
|
8 |
WEB
|
Ubik & proudhon
|
