|
2008-09-17
|
|
Technote 7 - 'shop_this_skin_path' Remote File Inclusion
|
20 |
WEB
|
webDEViL
|
|
2008-09-17
|
|
PHP Crawler 0.8 - Remote File Inclusion
|
18 |
WEB
|
Piker
|
|
2008-09-17
|
|
phpRealty 0.3 - 'INC' Remote File Inclusion
|
20 |
WEB
|
ka0x
|
|
2008-09-16
|
|
Hotel Reservation System - 'city.asp' Blind SQL Injection
|
17 |
WEB
|
JosS
|
|
2008-09-16
|
|
Gonafish LinksCaffePRO 4.5 - 'index.php' SQL Injection
|
18 |
WEB
|
sl4xUz
|
|
2008-09-16
|
|
Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities
|
20 |
WEB
|
K-159
|
|
2008-09-16
|
|
iScripts EasyIndex - 'produid' SQL Injection
|
20 |
WEB
|
SirGod
|
|
2008-09-15
|
|
Link Bid Script 1.5 - Multiple SQL Injections
|
21 |
WEB
|
SirGod
|
|
2008-09-15
|
|
Pre Real Estate Listings - 'search.php' SQL Injection
|
16 |
WEB
|
JosS
|
|
2008-09-15
|
|
CzarNews 1.20 - Account Hijacking SQL Injection
|
19 |
WEB
|
0ut0fbound
|
|
2008-09-15
|
|
CzarNews 1.20 - 'cookie' SQL Injection
|
15 |
WEB
|
StAkeR
|
|
2008-09-14
|
|
cPanel 11.x - 'Fantastico' Local File Inclusion
|
19 |
WEB
|
joker_1
|
|
2008-09-14
|
|
Kasseler CMS 1.1.0/1.2.0 Lite - SQL Injection
|
19 |
WEB
|
~!Dok_tOR!~
|
|
2008-09-14
|
|
Free PHP VX Guestbook 1.06 - Insecure Cookie Handling
|
18 |
WEB
|
Stack
|
|
2008-09-13
|
|
Free PHP VX Guestbook 1.06 - Arbitrary Database Backup
|
20 |
WEB
|
SirGod
|
|
2008-09-13
|
|
Linkarity - 'link.php' SQL Injection
|
19 |
WEB
|
Egypt Coder
|
|
2008-09-13
|
|
FoT Video scripti 1.1b - 'oyun' SQL Injection
|
21 |
WEB
|
Crackers_Child
|
|
2008-09-13
|
|
phpsmartcom 0.2 - Local File Inclusion / SQL Injection
|
20 |
WEB
|
r3dm0v3
|
|
2008-09-13
|
|
Talkback 2.3.6 - Multiple Local File Inclusion / PHPInfo Disclosure Vulnerabilities
|
20 |
WEB
|
SirGod
|
|
2008-09-13
|
|
Sports Clubs Web Panel 0.0.1 - Remote Game Delete
|
18 |
WEB
|
ka0x
|
|
2008-09-13
|
|
pLink 2.07 - 'linkto.php' Blind SQL Injection
|
20 |
WEB
|
Stack
|
|
2008-09-12
|
|
WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload
|
20 |
WEB
|
S.W.A.T.
|
|
2008-09-12
|
|
pNews 2.03 - 'newsid' SQL Injection
|
17 |
WEB
|
r45c4l
|
|
2008-09-12
|
|
vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection
|
19 |
WEB
|
FIREH4CK3R
|
|
2008-09-12
|
|
SkaLinks 1.5 - 'register.php' Arbitrary Add Editor
|
19 |
WEB
|
mr.al7rbi
|
|
2008-09-12
|
|
iBoutique 4.0 - 'cat' SQL Injection
|
17 |
WEB
|
r45c4l
|
|
2008-09-12
|
|
WebPortal CMS 0.7.4 - 'download.php' SQL Injection
|
17 |
WEB
|
StAkeR
|
|
2008-09-12
|
|
pForum 1.30 - 'showprofil.php' SQL Injection
|
19 |
WEB
|
tmh
|
|
2008-09-12
|
|
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
|
21 |
WEB
|
ka0x
|
|
2008-09-12
|
|
Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload
|
19 |
WEB
|
Stack
|
|
2008-09-11
|
|
Yourownbux 4.0 - 'cookie' Authentication Bypass
|
21 |
WEB
|
Tec-n0x
|
|
2008-09-11
|
|
Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user
|
16 |
WEB
|
Stack
|
|
2008-09-11
|
|
PHPWebGallery 1.3.4 - Blind SQL Injection (1)
|
16 |
WEB
|
Stack
|
|
2008-09-11
|
|
Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection
|
19 |
WEB
|
Virangar Security
|
|
2008-09-11
|
|
Autodealers CMS AutOnline - 'id' SQL Injection
|
16 |
WEB
|
ZoRLu
|
|
2008-09-11
|
|
minb 0.1.0 - Remote Code Execution
|
18 |
WEB
|
Khashayar Fereidani
|
|
2008-09-11
|
|
phsBlog 0.2 - Bypass SQL Injection Filtering
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-09-11
|
|
D-iscussion Board 3.01 - 'topic' Local File Inclusion
|
22 |
WEB
|
SirGod
|
|
2008-09-11
|
|
Easy Photo Gallery 2.1 - Cross-Site Scripting / File Disclosure/Bypass / SQL Injection
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-09-11
|
|
Sports Clubs Web Panel 0.0.1 - 'p' Local File Inclusion
|
22 |
WEB
|
StAkeR
|
|
2008-09-11
|
|
Autodealers CMS AutOnline - 'pageid' SQL Injection
|
20 |
WEB
|
r45c4l
|
|
2008-09-11
|
|
PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-09-10
|
|
Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection
|
18 |
WEB
|
Cru3l.b0y
|
|
2008-09-10
|
|
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
|
16 |
WEB
|
r45c4l
|
|
2008-09-10
|
|
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)
|
23 |
WEB
|
iso^kpsbr
|
|
2008-09-10
|
|
aspwebalbum 3.2 - Multiple Vulnerabilities
|
21 |
WEB
|
e.wiZz!
|
|
2008-09-10
|
|
Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload
|
21 |
WEB
|
reptil
|
|
2008-09-10
|
|
AvailScript Jobs Portal Script - 'jid' SQL Injection
|
18 |
WEB
|
InjEctOr5
|
|
2008-09-10
|
|
Libera CMS 1.12 - 'cookie' SQL Injection
|
17 |
WEB
|
StAkeR
|
|
2008-09-10
|
|
Zanfi CMS lite 1.2 - Multiple Local File Inclusions
|
19 |
WEB
|
SirGod
|
|
2008-09-09
|
|
AvailScript Classmate Script - 'viewprofile.php' SQL Injection
|
16 |
WEB
|
Stack
|
|
2008-09-09
|
|
AvailScript Photo Album - 'pics.php' Multiple Vulnerabilities
|
23 |
WEB
|
sl4xUz
|
|
2008-09-09
|
|
Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload
|
17 |
WEB
|
Ciph3r
|
|
2008-09-09
|
|
AvailScript Article Script - 'articles.php' Multiple Vulnerabilities
|
17 |
WEB
|
sl4xUz
|
|
2008-09-09
|
|
CMS Buzz - 'id' SQL Injection
|
21 |
WEB
|
security fears team
|
|
2008-09-09
|
|
Stash 1.0.3 - Insecure Cookie Handling
|
17 |
WEB
|
Ciph3r
|
|
2008-09-09
|
|
Creator CMS 5.0 - 'sideid' SQL Injection
|
14 |
WEB
|
ThE X-HaCkEr
|
|
2008-09-09
|
|
Live TV Script - 'index.php?mid' SQL Injection
|
18 |
WEB
|
InjEctOr5
|
|
2008-09-09
|
|
Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities
|
21 |
WEB
|
sl4xUz
|
|
2008-09-09
|
|
Stash 1.0.3 - Multiple SQL Injections
|
17 |
WEB
|
Khashayar Fereidani
|
|
2008-09-09
|
|
Alstrasoft Forum - 'catid' SQL Injection
|
20 |
WEB
|
r45c4l
|
|
2008-09-07
|
|
E-Shop Shopping Cart Script - 'search_results.php' SQL Injection
|
17 |
WEB
|
Mormoroth
|
|
2008-09-07
|
|
WordPress Core 2.6.1 - SQL Column Truncation
|
19 |
WEB
|
irk4z
|
|
2008-09-07
|
|
Alstrasoft Forum - 'cat' SQL Injection
|
17 |
WEB
|
r45c4l
|
|
2008-09-07
|
|
Masir Camp E-Shop Module 3.0 - 'ordercode' SQL Injection
|
19 |
WEB
|
BugReport.IR
|
|
2008-09-06
|
|
MemHT Portal 3.9.0 - Remote Create Shell
|
20 |
WEB
|
Ams
|
|
2008-09-06
|
|
Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password
|
17 |
WEB
|
Raz0r
|
|
2008-09-06
|
|
Integramod 1.4.x - Insecure Directory Download Database
|
19 |
WEB
|
TheJT
|
|
2008-09-06
|
|
Vastal I-Tech Dating Zone - 'fage' SQL Injection
|
18 |
WEB
|
ZoRLu
|
|
2008-09-05
|
|
Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' SQL Injection
|
20 |
WEB
|
e.wiZz!
|
|
2008-09-05
|
|
EsFaq 2.0 - 'idcat' SQL Injection
|
18 |
WEB
|
SuB-ZeRo
|
|
2008-09-05
|
|
Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection
|
19 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Freelance Zone - 'coder_id' SQL Injection
|
17 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Mag Zone - 'cat_id' SQL Injection
|
18 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech MMORPG Zone - 'game_id' SQL Injection
|
19 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech Jobs Zone - 'news_id' SQL Injection
|
18 |
WEB
|
Stack
|
|
2008-09-05
|
|
Vastal I-Tech DVD Zone - 'cat_id' SQL Injection
|
18 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Share Zone - 'id' SQL Injection
|
19 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Toner Cart - 'id' SQL Injection
|
16 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Visa Zone - 'news_id' SQL Injection
|
18 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
Vastal I-Tech Agent Zone - 'ann_id' SQL Injection
|
18 |
WEB
|
DeViL iRaQ
|
|
2008-09-05
|
|
WebCMS Portal Edition - 'id' Blind SQL Injection
|
21 |
WEB
|
JosS
|
|
2008-09-05
|
|
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
|
15 |
WEB
|
Khashayar Fereidani
|
|
2008-09-05
|
|
AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution
|
22 |
WEB
|
Ricardo Almeida
|
|
2008-09-04
|
|
ACG-ScriptShop - 'cid' SQL Injection
|
17 |
WEB
|
Hussin X
|
|
2008-09-04
|
|
qwicsite pro - SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
Cr@zy_King
|
|
2008-09-04
|
|
ACG-PTP 1.0.6 - 'adid' SQL Injection
|
19 |
WEB
|
Hussin X
|
|
2008-09-03
|
|
Living Local Website - 'listtest.php' SQL Injection
|
17 |
WEB
|
Hussin X
|
|
2008-09-03
|
|
TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload
|
19 |
WEB
|
BugReport.IR
|
|
2008-09-03
|
|
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
|
17 |
WEB
|
Alemin_Krali
|
|
2008-09-03
|
|
Moodle 1.8.4 - Remote Code Execution
|
18 |
WEB
|
zurlich.lpt
|
|
2008-09-03
|
|
Spice Classifieds - 'cat_path' SQL Injection
|
18 |
WEB
|
InjEctOr5
|
|
2008-09-02
|
|
CS-Cart 1.3.5 - Authentication Bypass
|
17 |
WEB
|
GulfTech Security
|
|
2008-09-02
|
|
AJ HYIP ACME - 'readarticle.php' SQL Injection
|
18 |
WEB
|
InjEctOr5
|
|
2008-09-02
|
|
AJ HYIP ACME - 'comment.php' SQL Injection
|
16 |
WEB
|
security fears team
|
|
2008-09-02
|
|
Reciprocal Links Manager 1.1 - 'site' SQL Injection
|
17 |
WEB
|
Hussin X
|
|
2008-09-02
|
|
Coupon Script 4.0 - 'id' SQL Injection
|
18 |
WEB
|
Hussin X
|
|
2008-09-02
|
|
myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
|
23 |
WEB
|
MustLive
|
|
2008-09-01
|
|
e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
|
19 |
WEB
|
Virangar Security
|
|
2008-09-01
|
|
WeBid 0.5.4 - 'FCKeditor' Arbitrary File Upload
|
20 |
WEB
|
Stack
|
|
2008-09-01
|
|
CMSbright - 'id_rub_page' SQL Injection
|
20 |
WEB
|
h4ck3r
|
|
2008-09-01
|
|
EasyClassifields 3.0 - 'go' SQL Injection
|
20 |
WEB
|
e.wiZz!
|
|
2008-09-01
|
|
WeBid 0.5.4 - 'item.php' SQL Injection
|
17 |
WEB
|
Stack
|
|
2008-08-31
|
|
webid 0.5.4 - Multiple Vulnerabilities
|
19 |
WEB
|
InjEctOr5
|
|
2008-08-31
|
|
myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
|
20 |
WEB
|
MustLive
|
|
2008-08-31
|
|
Words tag script 1.2 - 'word' SQL Injection
|
23 |
WEB
|
Hussin X
|
|
2008-08-31
|
|
Web Directory Script 1.5.3 - 'site' SQL Injection
|
18 |
WEB
|
Hussin X
|
|
2008-08-30
|
|
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
InjEctOr5
|
|
2008-08-29
|
|
Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)
|
23 |
WEB
|
DarkFig
|
|
2008-08-27
|
|
Yourownbux 3.1/3.2 Beta - SQL Injection
|
21 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-27
|
|
PHPMyRealty 1.0.9 - Multiple SQL Injections
|
16 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-26
|
|
MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (2)
|
19 |
WEB
|
c411k
|
|
2008-08-26
|
|
iFdate 2.0.3 - SQL Injection
|
17 |
WEB
|
~!Dok_tOR!~
|
|
2008-08-26
|
|
Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure
|
17 |
WEB
|
SirGod
|
|
2008-08-26
|
|
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup
|
18 |
WEB
|
SirGod
|
|
2008-08-26
|
|
k-rate - SQL Injection / Cross-Site Scripting
|
18 |
WEB
|
Corwin
|
|
2008-08-26
|
|
Simple PHP Blog (SPHPBlog) 0.5.1 - Code Execution
|
19 |
WEB
|
mAXzA
|
|
2008-08-26
|
|
Kolifa.net Download Script 1.2 - 'id' SQL Injection
|
20 |
WEB
|
Kacak
|
|
2008-08-26
|
|
z-breaknews 2.0 - 'single.php' SQL Injection
|
19 |
WEB
|
cOndemned
|
|
2008-08-25
|
|
Crafty Syntax Live Help 2.14.6 - 'department' SQL Injection
|
17 |
WEB
|
GulfTech Security
|
|
2008-08-25
|
|
GeekLog 1.5.0 - Arbitrary File Upload
|
18 |
WEB
|
t0pP8uZz
|
|
2008-08-25
|
|
WebBoard 2.0 - Arbitrary SQL Question/Anwser Delete
|
19 |
WEB
|
t0pP8uZz
|
|
2008-08-25
|
|
EZContents CMS 2.0.3 - Multiple Local File Inclusions
|
19 |
WEB
|
DSecRG
|
|
2008-08-25
|
|
Pluck CMS 4.5.2 - Multiple Local File Inclusions
|
20 |
WEB
|
DSecRG
|
|
2008-08-25
|
|
Web Directory Script 2.0 - 'name' SQL Injection
|
16 |
WEB
|
~!Dok_tOR!~
|
