|
2008-01-29
|
|
phpCMS 1.2.2 - 'file' Remote File Disclosure
|
20 |
WEB
|
DSecRG
|
|
2008-01-29
|
|
Smart Publisher 1.0.1 - 'filedata' Remote Code Execution
|
18 |
WEB
|
GoLd_M
|
|
2008-01-29
|
|
Bigware Shop 2.0 - 'pollid' SQL Injection
|
17 |
WEB
|
D4m14n
|
|
2008-01-28
|
|
bubbling library 1.32 - 'uri' Remote File Disclosure
|
16 |
WEB
|
Stack
|
|
2008-01-28
|
|
phpMyClub 0.0.1 - 'page_courante' Local File Inclusion
|
16 |
WEB
|
S.W.A.T.
|
|
2008-01-27
|
|
WordPress Plugin fGallery 2.4.1 - 'fimrss.php' SQL Injection
|
19 |
WEB
|
Houssamix
|
|
2008-01-27
|
|
WordPress Plugin WP-Cal 0.3 - 'editevent.php' SQL Injection
|
17 |
WEB
|
Houssamix
|
|
2008-01-26
|
|
Bubbling Library 1.32 - Multiple Local File Inclusions
|
18 |
WEB
|
Stack
|
|
2008-01-26
|
|
phpIP 4.3.2 - Multiple SQL Injections
|
19 |
WEB
|
Charles Hooper
|
|
2008-01-26
|
|
Simple Forum 3.2 - File Disclosure / Cross-Site Scripting
|
19 |
WEB
|
tomplixsee
|
|
2008-01-25
|
|
CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities
|
16 |
WEB
|
BugReport.IR
|
|
2008-01-25
|
|
flinx 1.3 - 'id' SQL Injection
|
17 |
WEB
|
Houssamix
|
|
2008-01-25
|
|
Tiger PHP News System 1.0b build 39 - SQL Injection
|
20 |
WEB
|
0in
|
|
2008-01-24
|
|
Seagull 0.6.3 - 'files' Remote File Disclosure
|
17 |
WEB
|
fuzion
|
|
2008-01-23
|
|
Aconon Mail 2004 - Directory Traversal
|
18 |
WEB
|
Arno Toll
|
|
2008-01-23
|
|
Liquid-Silver CMS 0.1 - 'update' Local File Inclusion
|
17 |
WEB
|
Stack
|
|
2008-01-23
|
|
SLAED CMS 2.5 Lite - 'newlang' Local File Inclusion
|
17 |
WEB
|
The_HuliGun
|
|
2008-01-23
|
|
Siteman 1.1.9 - 'cat' Remote File Disclosure
|
18 |
WEB
|
Khashayar Fereidani
|
|
2008-01-23
|
|
Web Wiz NewsPad 1.02 - 'sub' Directory Traversal
|
17 |
WEB
|
BugReport.IR
|
|
2008-01-23
|
|
Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities
|
17 |
WEB
|
BugReport.IR
|
|
2008-01-23
|
|
Web Wiz Forums 9.07 - 'sub' Directory Traversal
|
17 |
WEB
|
BugReport.IR
|
|
2008-01-23
|
|
LulieBlog 1.02 - SQL Injection
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-01-23
|
|
Foojan Wms 1.0 - 'story' SQL Injection
|
16 |
WEB
|
Khashayar Fereidani
|
|
2008-01-22
|
|
Invision Gallery 2.0.7 - SQL Injection
|
18 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
PHP-Nuke 8.0 Final - 'sid' SQL Injection
|
18 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
PHP-Nuke < 8.0 - 'sid' SQL Injection
|
19 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
YaBB SE 1.5.5 - Remote Command Execution
|
17 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
SetCMS 3.6.5 - Remote Command Execution
|
17 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
Coppermine Photo Gallery 1.4.10 - SQL Injection
|
20 |
WEB
|
RST/GHC
|
|
2008-01-22
|
|
Easysitenetwork Recipe - 'categoryId' SQL Injection
|
19 |
WEB
|
S@BUN
|
|
2008-01-22
|
|
aflog 1.01 - Cross-Site Scripting / SQL Injection
|
18 |
WEB
|
shinmai
|
|
2008-01-21
|
|
MoinMoin 1.5.x - 'MOIND_ID' Cookie Login Bypass
|
19 |
WEB
|
nonroot
|
|
2008-01-21
|
|
Alstrasoft Forum Pay Per Post Exchange 2.0 - SQL Injection
|
18 |
WEB
|
t0pP8uZz
|
|
2008-01-21
|
|
Lama Software 14.12.2007 - Multiple Remote File Inclusions
|
16 |
WEB
|
QTRinux
|
|
2008-01-21
|
|
IDM-OS 1.0 - 'Filename' File Disclosure
|
19 |
WEB
|
MhZ91
|
|
2008-01-21
|
|
OZJournals 2.1.1 - 'id' File Disclosure
|
19 |
WEB
|
shinmai
|
|
2008-01-21
|
|
BoastMachine 3.1 - 'mail.php' id SQL Injection
|
16 |
WEB
|
Virangar Security
|
|
2008-01-21
|
|
Mooseguy Blog System 1.0 - 'month' SQL Injection
|
18 |
WEB
|
The_HuliGun
|
|
2008-01-21
|
|
Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
|
18 |
WEB
|
bazik
|
|
2008-01-20
|
|
bloofox 0.3 - SQL Injection / File Disclosure
|
18 |
WEB
|
BugReport.IR
|
|
2008-01-20
|
|
360 Web Manager 3.0 - 'IDFM' SQL Injection
|
17 |
WEB
|
Ded MustD!e
|
|
2008-01-20
|
|
Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal
|
19 |
WEB
|
Houssamix
|
|
2008-01-20
|
|
TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal
|
18 |
WEB
|
Sha0
|
|
2008-01-20
|
|
Mini File Host 1.2.1 - 'language' Local File Inclusion
|
19 |
WEB
|
shinmai
|
|
2008-01-19
|
|
WordPress Plugin WP-Forum 1.7.4 - SQL Injection
|
16 |
WEB
|
websec Team
|
|
2008-01-18
|
|
Small Axe 0.3.1 - 'cfile' Remote File Inclusion
|
17 |
WEB
|
RoMaNcYxHaCkEr
|
|
2008-01-18
|
|
Gradman 0.1.3 - 'info.php' Local File Inclusion
|
15 |
WEB
|
Syndr0me
|
|
2008-01-18
|
|
AuraCMS 1.62 - 'stat.php' Remote Code Execution
|
17 |
WEB
|
k1tk4t
|
|
2008-01-17
|
|
Mini File Host 1.2 - 'language' Local File Inclusion
|
18 |
WEB
|
Scary-Boys
|
|
2008-01-17
|
|
PHPEcho CMS 2.0 - 'id' SQL Injection
|
19 |
WEB
|
Stack
|
|
2008-01-16
|
|
MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities
|
18 |
WEB
|
waraxe
|
|
2008-01-16
|
|
MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution
|
17 |
WEB
|
Silentz
|
|
2008-01-16
|
|
Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion
|
18 |
WEB
|
JosS
|
|
2008-01-16
|
|
PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection
|
14 |
WEB
|
Khashayar Fereidani
|
|
2008-01-16
|
|
PixelPost 1.7 - Blind SQL Injection
|
18 |
WEB
|
Silentz
|
|
2008-01-16
|
|
alitalk 1.9.1.1 - Multiple Vulnerabilities
|
17 |
WEB
|
tomplixsee
|
|
2008-01-16
|
|
MailBee WebMail Pro 4.1 - Remote File Disclosure
|
16 |
WEB
|
-=M.o.B=-
|
|
2008-01-16
|
|
Aria 0.99-6 - 'page' Local File Inclusion
|
17 |
WEB
|
DSecRG
|
|
2008-01-16
|
|
Blog:CMS 4.2.1b - SQL Injection / Cross-Site Scripting
|
18 |
WEB
|
DSecRG
|
|
2008-01-15
|
|
FaScript FaPersianHack 1.0 - SQL Injection
|
18 |
WEB
|
Khashayar Fereidani
|
|
2008-01-15
|
|
FaScript FaPersian Petition - SQL Injection
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-01-15
|
|
FaScript FaName 1.0 - SQL Injection
|
22 |
WEB
|
Khashayar Fereidani
|
|
2008-01-15
|
|
FaScript FaMp3 1.0 - SQL Injection
|
19 |
WEB
|
Khashayar Fereidani
|
|
2008-01-15
|
|
LulieBlog 1.0.1 - Remote Authentication Bypass
|
20 |
WEB
|
ka0x
|
|
2008-01-14
|
|
RichStrong CMS - 'cat' SQL Injection
|
22 |
WEB
|
JosS
|
|
2008-01-14
|
|
Xforum 1.4 - 'topic' SQL Injection
|
18 |
WEB
|
j0j0
|
|
2008-01-14
|
|
X7 Chat 2.0.5 - 'day' SQL Injection
|
19 |
WEB
|
nonroot
|
|
2008-01-13
|
|
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)
|
17 |
WEB
|
Pr0metheuS
|
|
2008-01-13
|
|
Binn SBuilder - 'nid' Blind SQL Injection
|
17 |
WEB
|
JosS
|
|
2008-01-13
|
|
minimal Gallery 0.8 - Remote File Disclosure
|
18 |
WEB
|
Houssamix
|
|
2008-01-12
|
|
TutorialCMS 1.02 - 'Username' SQL Injection
|
17 |
WEB
|
ka0x
|
|
2008-01-12
|
|
ASP Photo Gallery 1.0 - Multiple SQL Injections
|
18 |
WEB
|
trew
|
|
2008-01-12
|
|
TaskFreak! 0.6.1 - SQL Injection
|
15 |
WEB
|
TheDefaced
|
|
2008-01-12
|
|
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)
|
16 |
WEB
|
ka0x
|
|
2008-01-11
|
|
photokron 1.7 - Remote Database Disclosure
|
17 |
WEB
|
Pr0metheuS
|
|
2008-01-11
|
|
0DayDB 2.3 - 'id' Remote Authentication Bypass
|
16 |
WEB
|
Pr0metheuS
|
|
2008-01-11
|
|
ImageAlbum 2.0.0b2 - 'id' SQL Injection
|
21 |
WEB
|
Raw Security
|
|
2008-01-11
|
|
Docebo 3.5.0.3 - '/lib.regset.php/non-blind' SQL Injection
|
17 |
WEB
|
rgod
|
|
2008-01-11
|
|
AJchat 0.10 - 'unse' SQL Injection
|
20 |
WEB
|
Eugene Minaev
|
|
2008-01-11
|
|
vcart 3.3.2 - Multiple Remote File Inclusions
|
18 |
WEB
|
k1n9k0ng
|
|
2008-01-11
|
|
DomPHP 0.81 - 'cat' SQL Injection
|
15 |
WEB
|
MhZ91
|
|
2008-01-11
|
|
DigitalHive 2.0 RC2 - 'user_id' SQL Injection
|
20 |
WEB
|
j0j0
|
|
2008-01-11
|
|
iGaming CMS 1.3.1/1.5 - SQL Injection
|
19 |
WEB
|
Eugene Minaev
|
|
2008-01-10
|
|
Evilsentinel 1.0.9 - Multiple Vulnerabilities Disable
|
19 |
WEB
|
BlackHawk
|
|
2008-01-10
|
|
DomPHP 0.81 - 'index.php' Remote File Inclusion
|
16 |
WEB
|
Houssamix
|
|
2008-01-10
|
|
MTCMS 2.0 - SQL Injection
|
19 |
WEB
|
Virangar Security
|
|
2008-01-10
|
|
DomPHP 0.81 - Remote Add Administrator
|
18 |
WEB
|
j0j0
|
|
2008-01-09
|
|
Docebo 3.5.0.3 - 'lib.regset.php' Command Execution
|
17 |
WEB
|
EgiX
|
|
2008-01-09
|
|
Tuned Studios Templates - Local File Inclusion
|
19 |
WEB
|
DSecRG
|
|
2008-01-09
|
|
PHP Webquest 2.6 - Get Database Credentials
|
20 |
WEB
|
MhZ91
|
|
2008-01-09
|
|
UploadImage/UploadScript 1.0 - Remote Change Admin Password
|
20 |
WEB
|
Dj7xpl
|
|
2008-01-09
|
|
osData 2.08 Modules Php121 - Local File Inclusion
|
18 |
WEB
|
Cold Zero
|
|
2008-01-08
|
|
PHP Webquest 2.6 - 'id_actividad' SQL Injection
|
17 |
WEB
|
ka0x
|
|
2008-01-08
|
|
evilboard 0.1a - SQL Injection / Cross-Site Scripting
|
19 |
WEB
|
seaofglass
|
|
2008-01-08
|
|
ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection
|
19 |
WEB
|
KiNgOfThEwOrLd
|
|
2008-01-08
|
|
SmallNuke 2.0.4 - Pass Recovery SQL Injection
|
20 |
WEB
|
Eugene Minaev
|
|
2008-01-07
|
|
TUTOS 1.3 - 'cmd.php' Remote Command Execution
|
18 |
WEB
|
Houssamix
|
|
2008-01-07
|
|
EggBlog 3.1.0 - Cookies SQL Injection
|
19 |
WEB
|
Eugene Minaev
|
|
2008-01-07
|
|
EkinBoard 1.1.0 - Arbitrary File Upload / Authentication Bypass
|
18 |
WEB
|
Eugene Minaev
|
|
2008-01-07
|
|
FlexBB 0.6.3 - Cookies SQL Injection
|
18 |
WEB
|
Eugene Minaev
|
|
2008-01-07
|
|
OneCMS 2.4 - SQL Injection / Upload
|
19 |
WEB
|
BugReport.IR
|
|
2008-01-06
|
|
Shop-Script 2.0 - 'index.php' Remote File Disclosure
|
16 |
WEB
|
Fisher762
|
|
2008-01-06
|
|
SineCMS 2.3.5 - Local File Inclusion / Remote Code Execution
|
21 |
WEB
|
KiNgOfThEwOrLd
|
|
2008-01-06
|
|
DCP-Portal 6.11 - SQL Injection
|
18 |
WEB
|
x0kster
|
|
2008-01-06
|
|
NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection
|
20 |
WEB
|
Virangar Security
|
|
2008-01-06
|
|
CuteNews 1.1.1 - 'html.php' Remote Code Execution
|
15 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
|
18 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
LoudBlog 0.6.1 - 'parsedpage' Remote Code Execution
|
19 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass
|
19 |
WEB
|
r3dm0v3
|
|
2008-01-06
|
|
XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion
|
19 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure
|
19 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
RunCMS Newbb_plus 0.92 - Client IP SQL Injection
|
18 |
WEB
|
Eugene Minaev
|
|
2008-01-06
|
|
WordPress Plugin Wp-FileManager 1.2 - Arbitrary File Upload
|
18 |
WEB
|
Houssamix
|
|
2008-01-05
|
|
MODx CMS 0.9.6.1 - Multiple Vulnerabilities
|
18 |
WEB
|
BugReport.IR
|
|
2008-01-05
|
|
NetRisk 1.9.7 - Remote Password Change
|
16 |
WEB
|
Cod3rZ
|
|
2008-01-05
|
|
Invision Power Board (IP.Board) 2.1.7 - 'ACTIVE' Cross-Site Scripting / SQL Injection
|
20 |
WEB
|
Eugene Minaev
|
|
2008-01-05
|
|
Tribisur 2.0 - SQL Injection
|
20 |
WEB
|
x0kster
|
|
2008-01-05
|
|
snetworks PHP Classifieds 5.0 - Remote File Inclusion
|
18 |
WEB
|
Crackers_Child
|
|
2008-01-05
|
|
ClipShare 2.6 - Remote User Password Change
|
19 |
WEB
|
Pr0metheuS
|
|
2008-01-05
|
|
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
|
19 |
WEB
|
BackDoor
|
|
2008-01-04
|
|
WebPortal CMS 0.6-beta - Remote Password Change
|
16 |
WEB
|
The:Paradox
|
|
2008-01-04
|
|
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
|
17 |
WEB
|
Crackers_Child
|
|
2008-01-04
|
|
NetRisk 1.9.7 - Local/Remote File Inclusion
|
21 |
WEB
|
S.W.A.T.
|
|
2008-01-03
|
|
Site@School 2.4.10 - Blind SQL Injection
|
16 |
WEB
|
EgiX
|
|
2008-01-03
|
|
MyPHP Forum 3.0 - 'Final' SQL Injection
|
17 |
WEB
|
The:Paradox
|
