|
2007-03-20
|
|
PHPRaid < 3.0.7 - 'rss.php?PHPraid_dir' Remote File Inclusion
|
5 |
WEB
|
Cold Zero
|
|
2007-03-20
|
|
PHP-Nuke Module htmltonuke 2.0alpha - 'htmltonuke.php' Remote File Inclusion
|
4 |
WEB
|
Cold Zero
|
|
2007-03-20
|
|
GeBlog 0.1 (Windows) - GLOBALS[tplname] Local File Inclusion
|
4 |
WEB
|
GoLd_M
|
|
2007-03-19
|
|
pragmaMX Module Landkarten 2.1 (Windows) - Local File Inclusion
|
6 |
WEB
|
bd0rk
|
|
2007-03-19
|
|
NetVIOS Portal - 'page.asp' SQL Injection
|
4 |
WEB
|
parad0x
|
|
2007-03-19
|
|
phpBB Minerva Mod 2.0.21 build 238a - SQL Injection
|
4 |
WEB
|
Mehmet Ince
|
|
2007-03-19
|
|
PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion
|
4 |
WEB
|
GoLd_M
|
|
2007-03-19
|
|
MetaForum 0.513 Beta - Arbitrary File Upload
|
5 |
WEB
|
Gu1ll4um3r0m41n
|
|
2007-03-19
|
|
ScriptMagix Lyrics 2.0 - 'index.php?recid' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-18
|
|
Katalog Plyt Audio (pl) 1.0 - SQL Injection
|
3 |
WEB
|
Kacper
|
|
2007-03-18
|
|
PHP-Nuke - 'iframe.php' Remote File Inclusion
|
4 |
WEB
|
Cold Zero
|
|
2007-03-18
|
|
ScriptMagix Photo Rating 2.0 - SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-18
|
|
ScriptMagix Recipes 2.0 - 'index.php?catid' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-18
|
|
ScriptMagix Jokes 2.0 - 'index.php?catid' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-18
|
|
Moodle 1.5.2 - 'moodledata' Remote Session Disclosure
|
4 |
WEB
|
xSh
|
|
2007-03-18
|
|
ScriptMagix FAQ Builder 2.0 - 'index.php' SQL Injection
|
2 |
WEB
|
ajann
|
|
2007-03-18
|
|
Guestbara 1.2 - Change Admin Login and Password
|
3 |
WEB
|
Kacper
|
|
2007-03-18
|
|
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (1)
|
3 |
WEB
|
DarkFig
|
|
2007-03-17
|
|
Active PHP Bookmark Notes 0.2.5 - Remote File Inclusion
|
3 |
WEB
|
GoLd_M
|
|
2007-03-17
|
|
MPM Chat 2.5 - 'view.php?logi' Local File Inclusion
|
3 |
WEB
|
GoLd_M
|
|
2007-03-17
|
|
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution
|
4 |
WEB
|
rgod
|
|
2007-03-16
|
|
PHP DB Designer 1.02 - Remote File Inclusion
|
4 |
WEB
|
GoLd_M
|
|
2007-03-16
|
|
Particle Blogger 1.2.0 - 'post.php?postid' SQL Injection
|
4 |
WEB
|
WiLdBoY
|
|
2007-03-16
|
|
Creative Files 1.2 - 'kommentare.php' SQL Injection
|
5 |
WEB
|
Mehmet Ince
|
|
2007-03-16
|
|
PHP-Stats 0.1.9.1b - 'ip' SQL Injection
|
4 |
WEB
|
rgod
|
|
2007-03-16
|
|
PHP-Stats 0.1.9.1b - 'PC-REMOTE-ADDR' SQL Injection
|
4 |
WEB
|
rgod
|
|
2007-03-15
|
|
McGallery 0.5b - 'download.php' Arbitrary File Download
|
3 |
WEB
|
Piker
|
|
2007-03-15
|
|
Absolute Image Gallery 2.0 - 'gallery.asp?categoryId' SQL Injection
|
3 |
WEB
|
WiLdBoY
|
|
2007-03-15
|
|
WebCalendar 0.9.45 - 'includedir' Remote File Inclusion
|
3 |
WEB
|
Drackanz
|
|
2007-03-15
|
|
wbblog - Cross-Site Scripting / SQL Injection
|
4 |
WEB
|
Mehmet Ince
|
|
2007-03-15
|
|
creative Guestbook 1.0 - Multiple Vulnerabilities
|
4 |
WEB
|
Dj7xpl
|
|
2007-03-15
|
|
CcMail 1.0.1 - 'functions_dir' Remote File Inclusion
|
4 |
WEB
|
Crackers_Child
|
|
2007-03-15
|
|
Groupit 2.00b5 - 'c_basepath' Remote File Inclusion
|
3 |
WEB
|
the_day
|
|
2007-03-15
|
|
Company WebSite Builder PRO 1.9.8 - 'INCLUDE_PATH' Remote File Inclusion
|
4 |
WEB
|
the_day
|
|
2007-03-15
|
|
WebLog - 'index.php' Remote File Disclosure
|
4 |
WEB
|
Dj7xpl
|
|
2007-03-15
|
|
Woltlab Burning Board 2.x - 'usergroups.php' SQL Injection
|
4 |
WEB
|
x666
|
|
2007-03-15
|
|
Orion-Blog 2.0 - Remote Authentication Bypass
|
4 |
WEB
|
WiLdBoY
|
|
2007-03-14
|
|
Dayfox Blog 4 - 'postpost.php' Remote Code Execution
|
4 |
WEB
|
Dj7xpl
|
|
2007-03-14
|
|
WSN Guest 1.21 - 'id' SQL Injection
|
3 |
WEB
|
WiLdBoY
|
|
2007-03-14
|
|
Zomplog 3.7.6 (Windows x86) - Local File Inclusion
|
4 |
WEB
|
Bl0od3r
|
|
2007-03-13
|
|
WebCreator 0.2.6-rc3 - 'moddir' Remote File Inclusion
|
2 |
WEB
|
the_day
|
|
2007-03-13
|
|
CARE2X 1.1 - 'ROOT_PATH' Remote File Inclusion
|
2 |
WEB
|
the_day
|
|
2007-03-13
|
|
Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion
|
3 |
WEB
|
the_day
|
|
2007-03-13
|
|
JGBBS 3.0beta1 - 'search.asp?author' SQL Injection
|
3 |
WEB
|
WiLdBoY
|
|
2007-03-13
|
|
X-ice News System 1.0 - 'devami.asp?id' SQL Injection
|
4 |
WEB
|
CyberGhost
|
|
2007-03-13
|
|
MySQL Commander 2.7 - 'home' Remote File Inclusion
|
4 |
WEB
|
K-159
|
|
2007-03-13
|
|
GestArt Beta 1 - 'aide.php?aide' Remote File Inclusion
|
4 |
WEB
|
Dj7xpl
|
|
2007-03-12
|
|
BP Blog 7.0 - 'layout' SQL Injection
|
4 |
WEB
|
BeyazKurt
|
|
2007-03-12
|
|
OES (Open Educational System) 0.1beta - Remote File Inclusion
|
4 |
WEB
|
K-159
|
|
2007-03-11
|
|
cPanel 10.9.x - 'Fantastico' Local File Inclusion
|
4 |
WEB
|
cyb3rt & 020
|
|
2007-03-11
|
|
AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure
|
4 |
WEB
|
h4ck3r
|
|
2007-03-11
|
|
SonicMailer Pro 3.2.3 - 'index.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-11
|
|
Top Auction 1.0 - 'viewcat.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-11
|
|
JobSitePro 1.0 - 'search.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-11
|
|
PostNuke Module phgstats 0.5 - 'phgdir' Remote File Inclusion
|
4 |
WEB
|
bd0rk
|
|
2007-03-10
|
|
NukeSentinel 2.5.06 - SQL Injection
|
4 |
WEB
|
DarkFig
|
|
2007-03-10
|
|
HC Newssystem 1.0-1.4 - 'index.php?ID' SQL Injection
|
4 |
WEB
|
WiLdBoY
|
|
2007-03-10
|
|
work system E-Commerce 3.0.5 - Remote File Inclusion
|
4 |
WEB
|
Rodrigo Duarte
|
|
2007-03-09
|
|
Grayscale Blog 0.8.0 - Security Bypass / SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Omni
|
|
2007-03-09
|
|
PMB Services 3.0.13 - Multiple Remote File Inclusions
|
4 |
WEB
|
K-159
|
|
2007-03-08
|
|
Magic CMS 4.2.747 - 'mysave.php' Remote File Inclusion
|
4 |
WEB
|
DNX
|
|
2007-03-08
|
|
GaziYapBoz Game Portal - 'kategori.asp' SQL Injection
|
4 |
WEB
|
CyberGhost
|
|
2007-03-08
|
|
WEBO (Web ORGanizer) 1.0 - 'baseDir' Remote File Inclusion
|
2 |
WEB
|
K-159
|
|
2007-03-08
|
|
netForo! 0.1 - 'down.php?file_to_download' Remote File Disclosure
|
5 |
WEB
|
GoLd_M
|
|
2007-03-07
|
|
Flat Chat 2.0 - 'include online.txt' Remote Code Execution
|
4 |
WEB
|
Dj7xpl
|
|
2007-03-07
|
|
PHP-Nuke Module PostGuestbook 0.6.1 - 'tpl_pgb_moddir' Remote File Inclusion
|
4 |
WEB
|
GoLd_M
|
|
2007-03-05
|
|
Links Management Application 1.0 - 'lcnt' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-04
|
|
RRDBrowse 1.6 - Arbitrary File Disclosure
|
6 |
WEB
|
Sebastian Wolfgarten
|
|
2007-03-04
|
|
AJ Forum 1.0 - 'topic_title.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-04
|
|
AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-04
|
|
AJ Dating 1.0 - 'view_profile.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-04
|
|
AJ Auction Pro - 'subcat.php' SQL Injection
|
4 |
WEB
|
ajann
|
|
2007-03-04
|
|
News-Letterman 1.1 - 'eintrag.php?sqllog' Remote File Inclusion
|
4 |
WEB
|
bd0rk
|
|
2007-03-04
|
|
Rigter Portal System (RPS) 6.2 - Blind SQL Injection
|
4 |
WEB
|
s0cratex
|
|
2007-03-03
|
|
webSPELL 4.01.02 - PHP Remote Code Execution
|
4 |
WEB
|
DarkFig
|
|
2007-03-02
|
|
webSPELL 4.01.02 - Multiple SQL Injections
|
4 |
WEB
|
DNX
|
|
2007-03-02
|
|
Mani Stats Reader 1.2 - 'ipath' Remote File Inclusion
|
4 |
WEB
|
mozi
|
|
2007-03-01
|
|
phpMyFAQ 1.6.7 - SQL Injection / Command Execution
|
4 |
WEB
|
elgCrew
|
|
2007-03-01
|
|
Angel Lms 7.1 - 'default.asp?id' SQL Injection
|
4 |
WEB
|
Craig Heffner
|
|
2007-02-28
|
|
vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
|
4 |
WEB
|
rgod
|
|
2007-02-27
|
|
Admin Phorum 3.3.1a - 'del.php?include_path' Remote File Inclusion
|
4 |
WEB
|
GoLd_M
|
|
2007-02-26
|
|
STWC-Counter 3.4.0 - 'downloadcounter.php' Remote File Inclusion
|
4 |
WEB
|
burncycle
|
|
2007-02-25
|
|
PHP-MIP 0.1 - 'top.php?laypath' Remote File Inclusion
|
2 |
WEB
|
GoLd_M
|
|
2007-02-24
|
|
phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion
|
4 |
WEB
|
bd0rk
|
|
2007-02-24
|
|
CS-Gallery 2.0 - 'index.php?album' Remote File Inclusion
|
4 |
WEB
|
burncycle
|
|
2007-02-24
|
|
Coppermine Photo Gallery 1.3.x - Blind SQL Injection
|
4 |
WEB
|
s0cratex
|
|
2007-02-24
|
|
Extreme phpBB 3.0.1 - 'functions.php' Remote File Inclusion
|
4 |
WEB
|
Mehmet Ince
|
|
2007-02-23
|
|
Sinapis Forum 2.2 - 'sinapis.php?fuss' Remote File Inclusion
|
4 |
WEB
|
kezzap66345
|
|
2007-02-23
|
|
Sinapis 2.2 Gastebuch - 'sinagb.php?fuss' Remote File Inclusion
|
4 |
WEB
|
kezzap66345
|
|
2007-02-23
|
|
FCRing 1.31 - 'fcring.php?s_fuss' Remote File Inclusion
|
4 |
WEB
|
kezzap66345
|
|
2007-02-22
|
|
eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion
|
4 |
WEB
|
ThE dE@Th
|
|
2007-02-22
|
|
FlashGameScript 1.5.4 - 'index.php?func' Remote File Inclusion
|
4 |
WEB
|
JuMp-Er
|
|
2007-02-21
|
|
DZCP (deV!L_z Clanportal) 1.4.5 - Remote File Disclosure
|
4 |
WEB
|
Kiba
|
|
2007-02-21
|
|
Nabopoll 1.2 - 'result.php?surv' Blind SQL Injection
|
4 |
WEB
|
s0cratex
|
|
2007-02-21
|
|
DBGuestbook 1.1 - 'dbs_base_path' Remote File Inclusion
|
4 |
WEB
|
Denven
|
|
2007-02-21
|
|
DBImageGallery 1.2.2 - 'donsimg_base_path' Remote File Inclusion
|
3 |
WEB
|
Denven
|
|
2007-02-21
|
|
Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities
|
4 |
WEB
|
DarkFig
|
|
2007-02-21
|
|
webSPELL 4.01.02 - 'topic' SQL Injection
|
4 |
WEB
|
DNX
|
|
2007-02-20
|
|
SendStudio 2004.14 - 'ROOTDIR' Remote File Inclusion
|
4 |
WEB
|
K-159
|
|
2007-02-20
|
|
PHP-Nuke 8.0 Final - HTTP Referers SQL Injection
|
4 |
WEB
|
krasza
|
|
2007-02-20
|
|
PHP-Nuke 8.0 Final - 'INSERT' SQL Injection
|
4 |
WEB
|
krasza
|
|
2007-02-20
|
|
PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
|
4 |
WEB
|
krasza
|
|
2007-02-20
|
|
Online Web Building 2.0 - 'id' SQL Injection
|
4 |
WEB
|
Mehmet Ince
|
|
2007-02-20
|
|
NukeSentinel 2.5.05 - 'nukesentinel.php' File Disclosure
|
4 |
WEB
|
DarkFig
|
|
2007-02-20
|
|
NukeSentinel 2.5.05 - 'nsbypass.php' Blind SQL Injection
|
4 |
WEB
|
DarkFig
|
|
2007-02-20
|
|
Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion
|
4 |
WEB
|
kezzap66345
|
|
2007-02-19
|
|
PHP-Nuke Module Emporium 2.3.0 - SQL Injection
|
3 |
WEB
|
ajann
|
|
2007-02-18
|
|
Xpression News 1.0.1 - 'archives.php' Remote File Disclosure
|
4 |
WEB
|
r0ut3r
|
|
2007-02-18
|
|
S-Gastebuch 1.5.3 - 'gb_pfad' Remote File Inclusion
|
4 |
WEB
|
ajann
|
|
2007-02-17
|
|
XLAtunes 0.1 - 'album' SQL Injection
|
4 |
WEB
|
Bl0od3r
|
|
2007-02-16
|
|
Vivvo Article Manager 3.4 - 'root' Local File Inclusion
|
4 |
WEB
|
Snip0r
|
|
2007-02-16
|
|
webSPELL 4.01.02 - 'showonly' Blind SQL Injection
|
3 |
WEB
|
DNX
|
|
2007-02-16
|
|
Htaccess Passwort Generator 1.1 - 'ht_pfad' Remote File Inclusion
|
3 |
WEB
|
kezzap66345
|
|
2007-02-16
|
|
VS-Link-Partner 2.1 - 'script_pfad' Remote File Inclusion
|
3 |
WEB
|
ajann
|
|
2007-02-16
|
|
VS-News-System 1.2.1 - 'newsordner' Remote File Inclusion
|
3 |
WEB
|
ajann
|
|
2007-02-16
|
|
Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection
|
3 |
WEB
|
Mehmet Ince
|
|
2007-02-15
|
|
Aktueldownload Haber scripti - 'id' SQL Injection
|
3 |
WEB
|
Mehmet Ince
|
|
2007-02-15
|
|
CodeAvalanche News 1.x - 'CAT_ID' SQL Injection
|
4 |
WEB
|
beks
|
|
2007-02-15
|
|
nabopoll 1.2 - 'survey.inc.php?path' Remote File Inclusion
|
3 |
WEB
|
Cr@zy_King
|
|
2007-02-15
|
|
ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion
|
3 |
WEB
|
ThE dE@Th
|
|
2007-02-15
|
|
Drupal < 4.7.6 - Post Comments Remote Command Execution
|
4 |
WEB
|
str0ke
|
|
2007-02-15
|
|
Drupal < 5.1 - Post Comments Remote Command Execution
|
4 |
WEB
|
str0ke
|
|
2007-02-14
|
|
Jupiter CMS 1.1.5 - Arbitrary File Upload
|
4 |
WEB
|
DarkFig
|
|
2007-02-14
|
|
Jupiter CMS 1.1.5 - 'Client-IP' SQL Injection
|
4 |
WEB
|
DarkFig
|
|
2007-02-14
|
|
Jupiter CMS 1.1.5 - '/index.php' Local/Remote File Inclusion
|
3 |
WEB
|
DarkFig
|
