|
2008-12-08
|
|
XOOPS 2.3.1 - Multiple Local File Inclusions
|
8 |
WEB
|
DSecRG
|
|
2008-12-08
|
|
MG2 0.5.1 - 'filename' Remote Code Execution
|
7 |
WEB
|
Alfons Luja
|
|
2008-12-07
|
|
asp talk - SQL Injection / Cross-Site Scripting
|
7 |
WEB
|
Bl@ckbe@rD
|
|
2008-12-07
|
|
PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal
|
7 |
WEB
|
zAx
|
|
2008-12-07
|
|
QMail Mailing List Manager 1.2 - Database Disclosure
|
7 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Mini-CMS 1.0.1 - 'index.php' Local File Inclusion
|
7 |
WEB
|
cOndemned
|
|
2008-12-07
|
|
Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusions
|
7 |
WEB
|
cOndemned
|
|
2008-12-07
|
|
aspmanage banners - Arbitrary File Upload / File Disclosure
|
6 |
WEB
|
ZoRLu
|
|
2008-12-07
|
|
Ikon ADManager 2.1 - Remote Database Disclosure
|
7 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Professional Download Assistant 0.1 - Database Disclosure
|
7 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Natterchat 1.12 - Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-07
|
|
w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion
|
7 |
WEB
|
DNX
|
|
2008-12-07
|
|
Product Sale Framework 0.1b - SQL Injection
|
7 |
WEB
|
b3hz4d
|
|
2008-12-07
|
|
PayPal eStore - Admin Password Change
|
7 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
Bonza Cart 1.10 - Admin Password Changing
|
6 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
DL PayCart 1.34 - Admin Password Changing
|
7 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
IPNPro3 < 1.44 - Admin Password Changing
|
7 |
WEB
|
G4N0K
|
|
2008-12-06
|
|
phpPgAdmin 4.2.1 - '_language' Local File Inclusion
|
7 |
WEB
|
dun
|
|
2008-12-06
|
|
ASP PORTAL - Remote Database Disclosure
|
7 |
WEB
|
ZoRLu
|
|
2008-12-06
|
|
ASP AutoDealer - Remote Database Disclosure
|
7 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
ASPTicker 1.0 - Remote Database Disclosure
|
7 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
ASP Portal - Multiple SQL Injections
|
9 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
ASP AutoDealer - SQL Injection / File Disclosure
|
8 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
Tizag Countdown Creator 3 - Insecure Upload
|
9 |
WEB
|
ahmadbady
|
|
2008-12-05
|
|
Cold BBS - Remote Database Disclosure
|
8 |
WEB
|
ahmadbady
|
|
2008-12-05
|
|
Merlix Teamworx Server - File Disclosure/Bypass
|
7 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
Rankem - Authentication Bypass
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
RankEm - 'siteID' SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
merlix educate servert - Authentication Bypass / File Disclosure
|
7 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
Multiple Membership Script 2.5 - 'id' SQL Injection
|
7 |
WEB
|
ViRuS_HaCkErS
|
|
2008-12-04
|
|
BNCwi 1.04 - Local File Inclusion
|
7 |
WEB
|
dun
|
|
2008-12-04
|
|
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
|
8 |
WEB
|
dun
|
|
2008-12-04
|
|
Joomla! Component mydyngallery 1.4.2 - SQL Injection
|
7 |
WEB
|
Khashayar Fereidani
|
|
2008-12-04
|
|
My Simple Forum 3.0 - Local File Inclusion
|
6 |
WEB
|
cOndemned
|
|
2008-12-04
|
|
lcxbbportal 0.1 alpha 2 - Remote File Inclusion
|
7 |
WEB
|
NoGe
|
|
2008-12-04
|
|
Easy News Content Management - Database Disclosure
|
7 |
WEB
|
BeyazKurt
|
|
2008-12-04
|
|
template creature - SQL Injection / File Disclosure
|
6 |
WEB
|
ZoRLu
|
|
2008-12-04
|
|
User Engine Lite ASP - 'users.mdb' Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-04
|
|
wbstreet 1.0 - SQL Injection / File Disclosure
|
7 |
WEB
|
CWH Underground
|
|
2008-12-04
|
|
ccTiddly 1.7.4 - 'cct_base' Remote File Inclusion
|
7 |
WEB
|
cOndemned
|
|
2008-12-03
|
|
Multi SEO phpBB 1.1.0 - Remote File Inclusion
|
7 |
WEB
|
NoGe
|
|
2008-12-03
|
|
Rae Media Contact MS - Authentication Bypass
|
8 |
WEB
|
b3hz4d
|
|
2008-12-03
|
|
ASP User Engine .NET - Remote Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-03
|
|
Joomla! Component JMovies 1.1 - 'id' SQL Injection
|
7 |
WEB
|
StAkeR
|
|
2008-12-03
|
|
Check New 4.52 - SQL Injection
|
7 |
WEB
|
CWH Underground
|
|
2008-12-03
|
|
Calendar MX Professional 2.0.0 - Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-12-03
|
|
Gallery MX 2.0.0 - Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-12-02
|
|
Codefixer MailingListPro - Database Disclosure
|
7 |
WEB
|
AlpHaNiX
|
|
2008-12-02
|
|
Rapid Classified 3.1 - Database Disclosure
|
7 |
WEB
|
CoBRa_21
|
|
2008-12-02
|
|
SunByte e-Flower - 'id' SQL Injection
|
7 |
WEB
|
w4rl0ck
|
|
2008-12-02
|
|
CMS MAXSITE Component Guestbook - Remote Command Execution
|
7 |
WEB
|
CWH Underground
|
|
2008-12-02
|
|
Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
|
7 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
PacPoll 4.0 - Database Disclosure
|
6 |
WEB
|
AlpHaNiX
|
|
2008-12-01
|
|
bcoos 1.0.13 - 'viewcat.php' SQL Injection
|
7 |
WEB
|
CWH Underground
|
|
2008-12-01
|
|
ASPPortal 3.2.5 - Database Disclosure
|
7 |
WEB
|
CWH Underground
|
|
2008-12-01
|
|
E.Z. Poll 2 - Authentication Bypass
|
7 |
WEB
|
t0fx
|
|
2008-12-01
|
|
Andy's PHP KnowledgeBase 0.92.9 - Arbitrary File Upload
|
7 |
WEB
|
CWH Underground
|
|
2008-12-01
|
|
z1exchange 1.0 - 'site' SQL Injection
|
7 |
WEB
|
JIKO
|
|
2008-11-30
|
|
Broadcast Machine 0.1 - Multiple Remote File Inclusions
|
6 |
WEB
|
NoGe
|
|
2008-11-30
|
|
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass
|
6 |
WEB
|
girex
|
|
2008-11-30
|
|
minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass
|
7 |
WEB
|
NoGe
|
|
2008-11-30
|
|
KTP Computer Customer Database CMS 1.0 - Blind SQL Injection
|
6 |
WEB
|
CWH Underground
|
|
2008-11-30
|
|
KTP Computer Customer Database CMS 1.0 - Local File Inclusion
|
7 |
WEB
|
CWH Underground
|
|
2008-11-30
|
|
Quick Tree View .NET 3.1 - Database Disclosure
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-30
|
|
Active Business Directory 2 - Blind SQL Injection
|
7 |
WEB
|
AlpHaNiX
|
|
2008-11-30
|
|
Active Time Billing 3.2 - Authentication Bypass
|
7 |
WEB
|
AlpHaNiX
|
|
2008-11-30
|
|
Active Photo Gallery 6.2 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-30
|
|
Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-29
|
|
Active Test 2.1 - 'QuizID' Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Lito Lite CMS - 'cid' SQL Injection
|
7 |
WEB
|
CWH Underground
|
|
2008-11-29
|
|
Active Web Helpdesk 2 - Authentication Bypass
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-29
|
|
ASPThai.Net Forum 8.5 - Remote Database Disclosure
|
6 |
WEB
|
CWH Underground
|
|
2008-11-29
|
|
OpenForum 0.66 Beta - Remote Reset Admin Password
|
7 |
WEB
|
CWH Underground
|
|
2008-11-29
|
|
Active Bids 3.5 - 'itemID' Blind SQL Injection
|
6 |
WEB
|
Stack
|
|
2008-11-30
|
|
Active Price Comparison 4 - 'ProductID' Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Web Mail 4 - Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
ActiveVotes 2.2 - 'AccountID' Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
OraMon 2.0.1 - Remote Configuration File Disclosure
|
7 |
WEB
|
ahmadbady
|
|
2008-11-29
|
|
CMS Made Simple 1.4.1 - Local File Inclusion
|
7 |
WEB
|
M4ck-h@cK
|
|
2008-11-29
|
|
PHP TV Portal 2.0 - 'mid' SQL Injection
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-29
|
|
Active Price Comparison 4 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Trade 2 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Web Mail 4 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active NewsLetter 4.3 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
eWebquiz 8 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Membership 2 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Websurvey 9.1 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Test 2.1 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
ActiveVotes 2.2 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
ASPReferral 5.3 - 'AccountID' Blind SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-29
|
|
Active Force Matrix 2 - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-28
|
|
Ocean12 FAQ Manager Pro - 'ID' Blind SQL Injection
|
7 |
WEB
|
Stack
|
|
2008-11-28
|
|
ReVou Twitter Clone - Authentication Bypass
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-28
|
|
CMS little 0.0.1 - 'term' SQL Injection
|
7 |
WEB
|
CWH Underground
|
|
2008-11-28
|
|
Bluo CMS 1.2 - Blind SQL Injection
|
7 |
WEB
|
The_5p3ctrum
|
|
2008-11-28
|
|
SailPlanner 0.3a - Authentication Bypass
|
7 |
WEB
|
JIKO
|
|
2008-11-28
|
|
All Club CMS 0.0.2 - Remote Database Configuration Retrieve
|
7 |
WEB
|
StAkeR
|
|
2008-11-28
|
|
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
|
7 |
WEB
|
Bl@ckbe@rD
|
|
2008-11-28
|
|
Booking Centre 2.01 - Authentication Bypass
|
7 |
WEB
|
MrDoug
|
|
2008-11-28
|
|
Basic-CMS - Blind SQL Injection
|
7 |
WEB
|
CWH Underground
|
|
2008-11-28
|
|
Basic-CMS - Remote Database Disclosure
|
7 |
WEB
|
Stack
|
|
2008-11-27
|
|
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
|
7 |
WEB
|
Bl@ckbe@rD
|
|
2008-11-27
|
|
Ocean12 FAQ Manager Pro - Database Disclosure
|
7 |
WEB
|
Stack
|
|
2008-11-27
|
|
Turnkey Arcade Script - SQL Injection (1)
|
7 |
WEB
|
The_5p3ctrum
|
|
2008-11-27
|
|
pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion
|
7 |
WEB
|
NoGe
|
|
2008-11-27
|
|
Ocean12 Membership Manager Pro - Authentication Bypass
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-27
|
|
Booking Centre 2.01 - 'HotelID' SQL Injection
|
7 |
WEB
|
R3d-D3V!L
|
|
2008-11-27
|
|
Web Calendar 4.1 - Authentication Bypass
|
7 |
WEB
|
Cyber-Zone
|
|
2008-11-27
|
|
Star Articles 6.0 - Arbitrary File Upload
|
6 |
WEB
|
ZoRLu
|
|
2008-11-27
|
|
RakhiSoftware Shopping Cart - SQL Injection
|
7 |
WEB
|
XaDoS
|
|
2008-11-27
|
|
Family Project 2.x - Authentication Bypass
|
7 |
WEB
|
The_5p3ctrum
|
|
2008-11-27
|
|
Ocean12 Calendar Manager Gold - Database Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-11-27
|
|
Ocean12 Poll Manager Pro - Database Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-11-27
|
|
Ocean12 Membership Manager Pro - Database Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-11-27
|
|
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
|
7 |
WEB
|
Pouya_Server
|
|
2008-11-27
|
|
Star Articles 6.0 - Blind SQL Injection (2)
|
7 |
WEB
|
Stack
|
|
2008-11-27
|
|
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities
|
7 |
WEB
|
Bl@ckbe@rD
|
|
2008-11-27
|
|
TxtBlog 1.0 Alpha - Local File Inclusion
|
7 |
WEB
|
CWH Underground
|
|
2008-11-26
|
|
Star Articles 6.0 - Blind SQL Injection (1)
|
6 |
WEB
|
b3hz4d
|
|
2008-11-26
|
|
ParsBlogger - 'blog.asp' SQL Injection
|
7 |
WEB
|
h4ck3r
|
|
2008-11-26
|
|
Post Affiliate Pro 3 - 'umprof_status' Blind SQL Injection
|
7 |
WEB
|
XaDoS
|
|
2008-11-26
|
|
CMS Ortus 1.13 - SQL Injection
|
7 |
WEB
|
otmorozok428
|
|
2008-11-25
|
|
Jamit Job Board 3.x - Blind SQL Injection
|
5 |
WEB
|
XaDoS
|
|
2008-11-25
|
|
VideoGirls BiZ - Blind SQL Injection
|
7 |
WEB
|
Cyber-Zone
|
