|
2008-09-09
|
|
Creator CMS 5.0 - 'sideid' SQL Injection
|
4 |
WEB
|
ThE X-HaCkEr
|
|
2008-09-09
|
|
Live TV Script - 'index.php?mid' SQL Injection
|
4 |
WEB
|
InjEctOr5
|
|
2008-09-09
|
|
Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities
|
5 |
WEB
|
sl4xUz
|
|
2008-09-09
|
|
Stash 1.0.3 - Multiple SQL Injections
|
4 |
WEB
|
Khashayar Fereidani
|
|
2008-09-09
|
|
Alstrasoft Forum - 'catid' SQL Injection
|
4 |
WEB
|
r45c4l
|
|
2008-09-07
|
|
E-Shop Shopping Cart Script - 'search_results.php' SQL Injection
|
4 |
WEB
|
Mormoroth
|
|
2008-09-07
|
|
WordPress Core 2.6.1 - SQL Column Truncation
|
4 |
WEB
|
irk4z
|
|
2008-09-07
|
|
Alstrasoft Forum - 'cat' SQL Injection
|
4 |
WEB
|
r45c4l
|
|
2008-09-07
|
|
Masir Camp E-Shop Module 3.0 - 'ordercode' SQL Injection
|
4 |
WEB
|
BugReport.IR
|
|
2008-09-06
|
|
MemHT Portal 3.9.0 - Remote Create Shell
|
4 |
WEB
|
Ams
|
|
2008-09-06
|
|
Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password
|
4 |
WEB
|
Raz0r
|
|
2008-09-06
|
|
Integramod 1.4.x - Insecure Directory Download Database
|
5 |
WEB
|
TheJT
|
|
2008-09-06
|
|
Vastal I-Tech Dating Zone - 'fage' SQL Injection
|
3 |
WEB
|
ZoRLu
|
|
2008-09-05
|
|
Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' SQL Injection
|
4 |
WEB
|
e.wiZz!
|
|
2008-09-05
|
|
EsFaq 2.0 - 'idcat' SQL Injection
|
4 |
WEB
|
SuB-ZeRo
|
|
2008-09-05
|
|
Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Freelance Zone - 'coder_id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech MMORPG Zone - 'game_id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Jobs Zone - 'news_id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech DVD Zone - 'cat_id' SQL Injection
|
4 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Share Zone - 'id' SQL Injection
|
4 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Toner Cart - 'id' SQL Injection
|
3 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Visa Zone - 'news_id' SQL Injection
|
4 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Agent Zone - 'ann_id' SQL Injection
|
4 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
WebCMS Portal Edition - 'id' Blind SQL Injection
|
4 |
WEB
|
JosS
|
|
2008-09-05
|
|
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-09-05
|
|
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
|
4 |
WEB
|
Ricardo Almeida
|
|
2008-09-04
|
|
ACG-ScriptShop - 'cid' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-09-04
|
|
qwicsite pro - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Cr@zy_King
|
|
2008-09-04
|
|
ACG-PTP 1.0.6 - 'adid' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-09-03
|
|
Living Local Website - 'listtest.php' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-09-03
|
|
TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload
|
4 |
WEB
|
BugReport.IR
|
|
2008-09-03
|
|
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Alemin_Krali
|
|
2008-09-03
|
|
Moodle 1.8.4 - Remote Code Execution
|
4 |
WEB
|
zurlich.lpt
|
|
2008-09-03
|
|
Spice Classifieds - 'cat_path' SQL Injection
|
4 |
WEB
|
InjEctOr5
|
|
2008-09-02
|
|
CS-Cart 1.3.5 - Authentication Bypass
|
4 |
WEB
|
GulfTech Security
|
|
2008-09-02
|
|
AJ HYIP ACME - 'readarticle.php' SQL Injection
|
4 |
WEB
|
InjEctOr5
|
|
2008-09-02
|
|
AJ HYIP ACME - 'comment.php' SQL Injection
|
4 |
WEB
|
security fears team
|
|
2008-09-02
|
|
Reciprocal Links Manager 1.1 - 'site' SQL Injection
|
5 |
WEB
|
Hussin X
|
|
2008-09-02
|
|
Coupon Script 4.0 - 'id' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-09-02
|
|
myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
|
4 |
WEB
|
MustLive
|
|
2008-09-01
|
|
e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
|
4 |
WEB
|
Virangar Security
|
|
2008-09-01
|
|
WeBid 0.5.4 - 'FCKeditor' Arbitrary File Upload
|
4 |
WEB
|
Stack
|
|
2008-09-01
|
|
CMSbright - 'id_rub_page' SQL Injection
|
4 |
WEB
|
h4ck3r
|
|
2008-09-01
|
|
EasyClassifields 3.0 - 'go' SQL Injection
|
4 |
WEB
|
e.wiZz!
|
|
2008-09-01
|
|
WeBid 0.5.4 - 'item.php' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-08-31
|
|
webid 0.5.4 - Multiple Vulnerabilities
|
4 |
WEB
|
InjEctOr5
|
|
2008-08-31
|
|
myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
|
4 |
WEB
|
MustLive
|
|
2008-08-31
|
|
Words tag script 1.2 - 'word' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-31
|
|
Web Directory Script 1.5.3 - 'site' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-30
|
|
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
InjEctOr5
|
|
2008-08-29
|
|
Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)
|
4 |
WEB
|
DarkFig
|
|
2008-08-27
|
|
Yourownbux 3.1/3.2 Beta - SQL Injection
|
3 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-27
|
|
PHPMyRealty 1.0.9 - Multiple SQL Injections
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-26
|
|
MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (2)
|
4 |
WEB
|
c411k
|
|
2008-08-26
|
|
iFdate 2.0.3 - SQL Injection
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-26
|
|
Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure
|
4 |
WEB
|
SirGod
|
|
2008-08-26
|
|
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup
|
3 |
WEB
|
SirGod
|
|
2008-08-26
|
|
k-rate - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Corwin
|
|
2008-08-26
|
|
Simple PHP Blog (SPHPBlog) 0.5.1 - Code Execution
|
4 |
WEB
|
mAXzA
|
|
2008-08-26
|
|
Kolifa.net Download Script 1.2 - 'id' SQL Injection
|
4 |
WEB
|
Kacak
|
|
2008-08-26
|
|
z-breaknews 2.0 - 'single.php' SQL Injection
|
4 |
WEB
|
cOndemned
|
|
2008-08-25
|
|
Crafty Syntax Live Help 2.14.6 - 'department' SQL Injection
|
4 |
WEB
|
GulfTech Security
|
|
2008-08-25
|
|
GeekLog 1.5.0 - Arbitrary File Upload
|
4 |
WEB
|
t0pP8uZz
|
|
2008-08-25
|
|
WebBoard 2.0 - Arbitrary SQL Question/Anwser Delete
|
5 |
WEB
|
t0pP8uZz
|
|
2008-08-25
|
|
EZContents CMS 2.0.3 - Multiple Local File Inclusions
|
4 |
WEB
|
DSecRG
|
|
2008-08-25
|
|
Pluck CMS 4.5.2 - Multiple Local File Inclusions
|
4 |
WEB
|
DSecRG
|
|
2008-08-25
|
|
Web Directory Script 2.0 - 'name' SQL Injection
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-25
|
|
Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-25
|
|
BtiTracker 1.4.7 / xbtit 2.0.542 - SQL Injection
|
4 |
WEB
|
InATeam
|
|
2008-08-24
|
|
MiaCMS 4.6.5 - Multiple SQL Injections
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-24
|
|
5 star review - Cross-Site Scripting / SQL Injection
|
4 |
WEB
|
Mr.SQL
|
|
2008-08-23
|
|
onenews Beta 2 - Cross-Site Scripting / HTML Injection / SQL Injection
|
4 |
WEB
|
suN8Hclf
|
|
2008-08-23
|
|
noname script 1.1 - Multiple Vulnerabilities
|
4 |
WEB
|
SirGod
|
|
2008-08-21
|
|
easysite 2.3 - Multiple Vulnerabilities
|
4 |
WEB
|
SirGod
|
|
2008-08-21
|
|
TinyCMS 1.1.2 - 'templater.php' Local File Inclusion
|
4 |
WEB
|
cOndemned
|
|
2008-08-21
|
|
BandSite CMS 1.1.4 - Download Backup / Cross-Site Scripting / Cross-Site Request Forgery
|
4 |
WEB
|
SirGod
|
|
2008-08-21
|
|
Photocart 3.9 - Multiple SQL Injections
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-21
|
|
CustomCMS 4.0 - 'print.php' SQL Injection
|
4 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-20
|
|
webEdition CMS - 'we_objectID' Blind SQL Injection
|
4 |
WEB
|
Lidloses_Auge
|
|
2008-08-20
|
|
phpBazar 2.0.2 - 'adid' SQL Injection
|
4 |
WEB
|
e.wiZz!
|
|
2008-08-20
|
|
Pars4U Videosharing 1.0 - Cross-Site Scripting / Blind SQL Injection
|
4 |
WEB
|
Mr.SQL
|
|
2008-08-19
|
|
Active PHP BookMarks 1.1.02 - SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-19
|
|
Banner Management Script - 'id' SQL Injection
|
4 |
WEB
|
S.W.A.T.
|
|
2008-08-19
|
|
SunShop Shopping Cart 4.1.4 - 'id' SQL Injection
|
4 |
WEB
|
GulfTech Security
|
|
2008-08-19
|
|
Ad Board - 'id' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-19
|
|
Affiliate Directory - 'id' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-19
|
|
TWiki 4.2.0 - 'configure' Remote File Disclosure
|
4 |
WEB
|
Th1nk3r
|
|
2008-08-18
|
|
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
|
4 |
WEB
|
GulfTech Security
|
|
2008-08-18
|
|
cyberBB 0.6 - Multiple SQL Injections
|
4 |
WEB
|
cOndemned
|
|
2008-08-18
|
|
VidiScript (Avatar) - Arbitrary File Upload
|
4 |
WEB
|
InjEctOr5
|
|
2008-08-17
|
|
PHPBasket - 'pro_id' SQL Injection
|
4 |
WEB
|
r45c4l
|
|
2008-08-17
|
|
phpArcadeScript 4 - 'cat' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-17
|
|
XNova 0.8 sp1 - 'xnova_root_path' Remote File Inclusion
|
4 |
WEB
|
NuclearHaxor
|
|
2008-08-15
|
|
deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-08-15
|
|
Zeeways ZeeJobsite 2.0 - 'adid' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-15
|
|
dotCMS 1.6 - 'id' Local File Inclusion
|
4 |
WEB
|
Don
|
|
2008-08-13
|
|
gelato CMS 0.95 - 'img' Remote File Disclosure
|
4 |
WEB
|
JIKO
|
|
2008-08-12
|
|
Joomla! 1.5.x - 'Token' Remote Admin Change Password
|
4 |
WEB
|
d3m0n
|
|
2008-08-12
|
|
BBlog 0.7.6 - 'mod' SQL Injection
|
5 |
WEB
|
IP-Sh0k
|
|
2008-08-11
|
|
Ovidentia 6.6.5 - 'item' SQL Injection
|
4 |
WEB
|
Khashayar Fereidani
|
|
2008-08-11
|
|
pPIM 1.0 - Upload/Change Password
|
4 |
WEB
|
Stack
|
|
2008-08-11
|
|
ZeeBuddy 2.1 - 'adid' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-08-10
|
|
OpenImpro 1.1 - 'image.php' SQL Injection
|
5 |
WEB
|
nuclear
|
|
2008-08-10
|
|
psipuss 1.0 - Multiple SQL Injections
|
5 |
WEB
|
Virangar Security
|
|
2008-08-10
|
|
PHP-Ring Webring System 0.9.1 - Insecure Cookie Handling
|
3 |
WEB
|
Virangar Security
|
|
2008-08-10
|
|
txtSQL 2.2 Final - 'startup.php' Remote File Inclusion
|
4 |
WEB
|
CraCkEr
|
|
2008-08-10
|
|
Quicksilver Forums 1.4.1 - SQL Injection
|
3 |
WEB
|
irk4z
|
|
2008-08-10
|
|
Vacation Rental Script 3.0 - 'id' SQL Injection
|
4 |
WEB
|
CraCkEr
|
|
2008-08-10
|
|
e107 < 0.7.11 - Arbitrary Variable Overwriting
|
4 |
WEB
|
GulfTech Security
|
|
2008-08-10
|
|
pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting
|
4 |
WEB
|
BeyazKurt
|
|
2008-08-06
|
|
Discuz! 6.0.1 - 'searchid' SQL Injection
|
4 |
WEB
|
james
|
|
2008-08-06
|
|
Free Hosting Manager 1.2/2.0 - Insecure Cookie Handling
|
4 |
WEB
|
Scary-Boys
|
|
2008-08-06
|
|
Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting
|
4 |
WEB
|
CraCkEr
|
|
2008-08-06
|
|
LoveCMS 1.6.2 Final - Update Settings
|
4 |
WEB
|
PoMdaPiMp
|
|
2008-08-06
|
|
LoveCMS 1.6.2 Final - Remote Code Execution
|
5 |
WEB
|
PoMdaPiMp
|
|
2008-08-06
|
|
Wsn (Multiple Products) - Local File Inclusion / Code Execution
|
4 |
WEB
|
otmorozok428
|
|
2008-08-05
|
|
LiteNews 0.1 - 'id' SQL Injection
|
4 |
WEB
|
Stack
|
|
2008-08-05
|
|
LiteNews 0.1 - Insecure Cookie Handling
|
4 |
WEB
|
Scary-Boys
|
|
2008-08-05
|
|
iges CMS 2.0 - Cross-Site Scripting / SQL Injection
|
4 |
WEB
|
BugReport.IR
|
|
2008-08-05
|
|
Plogger 3.0 - SQL Injection
|
4 |
WEB
|
GulfTech Security
|
|
2008-08-04
|
|
Dayfox Blog 4 - Multiple Local File Inclusions
|
4 |
WEB
|
Virangar Security
|
|
2008-08-03
|
|
syzygyCMS 0.3 - 'index.php' Local File Inclusion
|
4 |
WEB
|
SirGod
|
|
2008-08-03
|
|
Joomla! Component EZ Store Remote - Blind SQL Injection
|
3 |
WEB
|
His0k4
|
