|
2006-05-12
|
|
PHP Blue Dragon CMS 2.9 - Remote File Inclusion
|
12 |
WEB
|
Kacper
|
|
2006-05-12
|
|
Foing 0.7.0 - 'phpBB' Remote File Inclusion
|
10 |
WEB
|
Kurdish Security
|
|
2006-05-11
|
|
Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion
|
10 |
WEB
|
rgod
|
|
2006-05-09
|
|
pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion
|
9 |
WEB
|
Darkfire
|
|
2006-05-09
|
|
phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion
|
10 |
WEB
|
Kurdish Security
|
|
2006-05-08
|
|
phpListPro 2.01 - Multiple Remote File Inclusions
|
9 |
WEB
|
Aesthetico
|
|
2006-05-08
|
|
ActualAnalyzer Pro 6.88 - 'rf' Remote File Inclusion
|
10 |
WEB
|
ReZEN
|
|
2006-05-08
|
|
ActualAnalyzer Server 8.23 - 'rf' Remote File Inclusion
|
11 |
WEB
|
Aesthetico
|
|
2006-05-08
|
|
Claroline E-Learning 1.75 - 'ldap.inc.php' Remote File Inclusion
|
9 |
WEB
|
beford
|
|
2006-05-08
|
|
Dokeos Lms 1.6.4 - 'authldap.php' Remote File Inclusion
|
11 |
WEB
|
beford
|
|
2006-05-07
|
|
EQdkp 1.3.0 - 'dbal.php' Remote File Inclusion
|
12 |
WEB
|
OLiBekaS
|
|
2006-05-07
|
|
ACal 2.2.6 - 'day.php' Remote File Inclusion
|
11 |
WEB
|
PiNGuX
|
|
2006-05-07
|
|
Jetbox CMS 2.1 - 'relative_script_path' Remote File Inclusion
|
10 |
WEB
|
beford
|
|
2006-05-07
|
|
PHP-Fusion 6.00.306 - Multiple Vulnerabilities
|
12 |
WEB
|
rgod
|
|
2006-05-06
|
|
VP-ASP 6.00 - 'shopcurrency.asp' SQL Injection
|
10 |
WEB
|
tracewar
|
|
2006-05-06
|
|
HiveMail 1.3 - 'addressbook.add.php' Remote Code Execution
|
10 |
WEB
|
[Oo]
|
|
2006-05-06
|
|
AWStats 6.5 - 'migrate' Remote Shell Command Injection
|
9 |
WEB
|
redsand
|
|
2006-05-05
|
|
TotalCalendar 2.30 - 'inc' Remote File Inclusion
|
11 |
WEB
|
Aesthetico
|
|
2006-05-05
|
|
StatIt 4 - 'statitpath' Remote File Inclusion
|
10 |
WEB
|
IGNOR3
|
|
2006-05-05
|
|
Limbo CMS 1.0.4.2 - 'catid' SQL Injection
|
11 |
WEB
|
[Oo]
|
|
2006-05-04
|
|
Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
|
10 |
WEB
|
webDEViL
|
|
2006-05-03
|
|
Albinator 2.0.6 - 'Config_rootdir' Remote File Inclusion
|
10 |
WEB
|
webDEViL
|
|
2006-05-02
|
|
Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion
|
10 |
WEB
|
R@1D3N
|
|
2006-05-02
|
|
X7 Chat 2.0 - 'help_file' Remote Command Execution
|
9 |
WEB
|
rgod
|
|
2006-05-01
|
|
Invision Power Board 2.1.5 - 'from_contact' SQL Injection
|
11 |
WEB
|
Ykstortion Security
|
|
2006-04-30
|
|
Aardvark Topsites PHP 4.2.2 - 'lostpw.php' Remote File Inclusion
|
10 |
WEB
|
cijfer
|
|
2006-04-30
|
|
phpMyAgenda 3.0 Final - 'rootagenda' Remote File Inclusion
|
10 |
WEB
|
Aesthetico
|
|
2006-04-30
|
|
Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion
|
11 |
WEB
|
[Oo]
|
|
2006-04-29
|
|
Limbo CMS 1.0.4.2 - 'sql.php' Remote File Inclusion
|
10 |
WEB
|
[Oo]
|
|
2006-04-29
|
|
Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
|
9 |
WEB
|
[Oo]
|
|
2006-04-29
|
|
openPHPNuke 2.3.3 - Remote File Inclusion
|
9 |
WEB
|
[Oo]
|
|
2006-04-29
|
|
Invision Power Board 2.1.5 - 'search.php' Remote Code Execution
|
10 |
WEB
|
Javier Olascoaga
|
|
2006-04-28
|
|
Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion
|
11 |
WEB
|
n0m3rcy
|
|
2006-04-28
|
|
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
|
9 |
WEB
|
FOX_MULDER
|
|
2006-04-28
|
|
Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
|
12 |
WEB
|
[Oo]
|
|
2006-04-27
|
|
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
|
10 |
WEB
|
[Oo]
|
|
2006-04-26
|
|
Invision Power Board 2.1.5 - 'lastdate' Remote Code Execution
|
9 |
WEB
|
RusH
|
|
2006-04-24
|
|
BK Forum 4.0 - 'member.asp' SQL Injection
|
10 |
WEB
|
n0m3rcy
|
|
2006-04-24
|
|
FlexBB 0.5.5 - '/function/showprofile.php' SQL Injection
|
10 |
WEB
|
Devil-00
|
|
2006-04-23
|
|
Built2Go PHP Movie Review 2B - Remote File Inclusion
|
10 |
WEB
|
Camille Myers
|
|
2006-04-23
|
|
Clansys 1.1 - 'index.php' PHP Code Insertion
|
10 |
WEB
|
nukedx
|
|
2006-04-22
|
|
My Gaming Ladder Combo System 7.0 - Remote Code Execution
|
12 |
WEB
|
nukedx
|
|
2006-04-21
|
|
dForum 1.5 - 'DFORUM_PATH' Multiple Remote File Inclusions
|
12 |
WEB
|
nukedx
|
|
2006-04-21
|
|
Simplog 0.9.3 - 'tid' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-04-21
|
|
CoreNews 2.0.1 - 'userid' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-04-20
|
|
PHPSurveyor 0.995 - 'surveyid' Remote Command Execution
|
11 |
WEB
|
rgod
|
|
2006-04-19
|
|
ASPSitem 1.83 - 'Haberler.asp' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-04-19
|
|
RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion
|
10 |
WEB
|
GroundZero Security
|
|
2006-04-19
|
|
Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service
|
11 |
WEB
|
trueend5
|
|
2006-04-19
|
|
PCPIN Chat 5.0.4 - 'login/language' Remote Code Execution
|
11 |
WEB
|
rgod
|
|
2006-04-18
|
|
PHP Net Tools 2.7.1 - Remote Code Execution
|
11 |
WEB
|
FOX_MULDER
|
|
2006-04-18
|
|
Internet PhotoShow 1.3 - 'page' Remote File Inclusion
|
10 |
WEB
|
Hessam-x
|
|
2006-04-17
|
|
MyEvent 1.3 - 'event.php' Remote File Inclusion
|
11 |
WEB
|
botan
|
|
2006-04-17
|
|
FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass
|
10 |
WEB
|
Devil-00
|
|
2006-04-16
|
|
Blackorpheus ClanMemberSkript 1.0 - SQL Injection
|
10 |
WEB
|
snatcher
|
|
2006-04-16
|
|
Fuju News 1.0 - Authentication Bypass / SQL Injection
|
12 |
WEB
|
snatcher
|
|
2006-04-15
|
|
Symantec Sygate Management Server - 'LOGIN' SQL Injection (Metasploit)
|
12 |
WEB
|
Nicob
|
|
2006-04-15
|
|
PHP Album 0.3.2.3 - Remote Command Execution
|
12 |
WEB
|
rgod
|
|
2006-04-14
|
|
SysInfo 1.21 - 'sysinfo.cgi' Remote Command Execution
|
11 |
WEB
|
rgod
|
|
2006-04-14
|
|
osCommerce 2.2 - 'extras' Source Code Disclosure
|
10 |
WEB
|
rgod
|
|
2006-04-14
|
|
phpWebSite 0.10.2 - 'hub_dir' Remote Command Execution
|
13 |
WEB
|
rgod
|
|
2006-04-13
|
|
PAJAX 0.5.1 - Remote Code Execution
|
13 |
WEB
|
Stoney
|
|
2006-04-13
|
|
quizz 1.01 - 'quizz.pl' Remote Command Execution
|
10 |
WEB
|
FOX_MULDER
|
|
2006-04-13
|
|
Censtore 7.3.x - 'censtore.cgi' Remote Command Execution
|
11 |
WEB
|
FOX_MULDER
|
|
2006-04-13
|
|
vBulletin ImpEx 1.74 - Remote Command Execution
|
12 |
WEB
|
ReZEN
|
|
2006-04-12
|
|
PHP121 Instant Messenger 1.4 - Remote Code Execution
|
10 |
WEB
|
rgod
|
|
2006-04-12
|
|
Sphider 1.3 - 'configset.php' Remote File Inclusion
|
10 |
WEB
|
rgod
|
|
2006-04-11
|
|
Simplog 0.9.2 - 's' Remote Command Execution
|
12 |
WEB
|
rgod
|
|
2006-04-10
|
|
Clansys 1.1 (showid) - SQL Injection
|
10 |
WEB
|
snatcher
|
|
2006-04-10
|
|
phpBB 2.0.19 - 'user_sig_bbcode_uid' Remote Code Execution
|
10 |
WEB
|
RusH
|
|
2006-04-10
|
|
Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution (Metasploit)
|
10 |
WEB
|
Inkubus
|
|
2006-04-10
|
|
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution
|
11 |
WEB
|
rgod
|
|
2006-04-09
|
|
Sire 2.0 - '/lire.php' Remote File Inclusion / Arbitrary File Upload
|
10 |
WEB
|
simo64
|
|
2006-04-09
|
|
XBrite Members 1.1 - 'id' SQL Injection
|
11 |
WEB
|
snatcher
|
|
2006-04-09
|
|
autonomous lan party 0.98.1.0 - Remote File Inclusion
|
11 |
WEB
|
Codexploder
|
|
2006-04-09
|
|
dnGuestbook 2.0 - SQL Injection
|
10 |
WEB
|
snatcher
|
|
2006-04-09
|
|
ADODB < 4.70 (PHPOpenChat 3.0.x) - 'Server.php' SQL Injection
|
10 |
WEB
|
rgod
|
|
2006-04-07
|
|
Horde Help Viewer 3.1 - Remote Command Execution
|
11 |
WEB
|
deese
|
|
2006-04-06
|
|
phpMyChat 0.15.0dev - SYS enter Remote Code Execution
|
11 |
WEB
|
rgod
|
|
2006-04-05
|
|
phpMyChat 0.14.5 - SYS enter Remote Code Execution
|
9 |
WEB
|
rgod
|
|
2006-04-04
|
|
Crafty Syntax Image Gallery 3.1g - Remote Code Execution
|
9 |
WEB
|
undefined1_
|
|
2006-04-04
|
|
INDEXU 5.0.1 - 'base_path' Remote File Inclusion
|
11 |
WEB
|
K-159
|
|
2006-04-04
|
|
AngelineCMS 0.8.1 - 'installpath' Remote File Inclusion
|
9 |
WEB
|
K-159
|
|
2006-04-02
|
|
VWar 1.5.0 R12 - Remote File Inclusion
|
10 |
WEB
|
uid0
|
|
2006-04-02
|
|
ReloadCMS 1.2.5 - Cross-Site Scripting / Remote Code Execution
|
9 |
WEB
|
rgod
|
|
2006-04-01
|
|
PHPNuke-Clan 3.0.1 - 'vwar_root2' Remote File Inclusion
|
9 |
WEB
|
uid0
|
|
2006-04-01
|
|
SQuery 4.5 - 'libpath' Remote File Inclusion
|
11 |
WEB
|
uid0
|
|
2006-03-30
|
|
Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution
|
9 |
WEB
|
rgod
|
|
2006-03-29
|
|
EzASPSite 2.0 RC3 - 'Scheme' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-03-28
|
|
Plogger Beta 2.1 - Administrative Credentials Disclosure
|
9 |
WEB
|
rgod
|
|
2006-03-28
|
|
GreyMatter WebLog 1.21d - Remote Command Execution (2)
|
10 |
WEB
|
Hessam-x
|
|
2006-03-28
|
|
GreyMatter WebLog 1.21d - Remote Command Execution (1)
|
11 |
WEB
|
No_Face_King
|
|
2006-03-28
|
|
PHPCollab 2.x / NetOffice 2.x - 'sendpassword.php' SQL Injection
|
12 |
WEB
|
rgod
|
|
2006-03-26
|
|
Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation
|
10 |
WEB
|
Sparah
|
|
2006-03-26
|
|
CuteNews 1.4.1 - 'function.php' Local File Inclusion
|
10 |
WEB
|
Hamid Ebadi
|
|
2006-03-25
|
|
TFT Gallery 0.10 - Password Disclosure
|
10 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
|
11 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
PHP Ticket 0.71 - 'search.php' SQL Injection
|
10 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
|
13 |
WEB
|
rgod
|
|
2006-03-22
|
|
XHP CMS 0.5 - 'upload' Remote Command Execution
|
11 |
WEB
|
rgod
|
|
2006-03-21
|
|
FreeWPS 2.11 - 'images.php' Remote Code Execution
|
9 |
WEB
|
x128
|
|
2006-03-20
|
|
ASPPortal 3.1.1 - 'downloadid' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-03-20
|
|
gCards 1.45 - Multiple Vulnerabilities
|
10 |
WEB
|
rgod
|
|
2006-03-19
|
|
SoftBB 0.1 - 'mail' Blind SQL Injection
|
9 |
WEB
|
LOTFREE
|
|
2006-03-18
|
|
ShoutLIVE 1.1.0 - 'savesettings.php' Remote Code Execution
|
10 |
WEB
|
DarkFig
|
|
2006-03-18
|
|
BetaParticle Blog 6.0 - 'fldGalleryID' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-03-18
|
|
nodez 4.6.1.1 mercury - Multiple Vulnerabilities
|
11 |
WEB
|
rgod
|
|
2006-03-15
|
|
KnowledgebasePublisher 1.2 - 'Include' Remote Code Execution
|
10 |
WEB
|
uid0
|
|
2006-03-15
|
|
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution
|
10 |
WEB
|
rgod
|
|
2006-03-15
|
|
PHP iCalendar 2.21 - 'cookie' Remote Code Execution
|
11 |
WEB
|
rgod
|
|
2006-03-13
|
|
Simple PHP Blog 0.4.7.1 - Remote Command Execution
|
10 |
WEB
|
rgod
|
|
2006-03-11
|
|
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Nomenumbra
|
|
2006-03-11
|
|
Guestbook Script 1.7 - 'include_files' Remote Code Execution
|
10 |
WEB
|
rgod
|
|
2006-03-09
|
|
JiRos Banner Experience 1.0 - Unauthorized Create Admin
|
11 |
WEB
|
nukedx
|
|
2006-03-09
|
|
Light Weight Calendar 1.x - 'date' Remote Code Execution
|
10 |
WEB
|
Hessam-x
|
|
2006-03-09
|
|
d2kBlog 1.0.3 - 'memName' SQL Injection
|
10 |
WEB
|
DevilBox
|
|
2006-03-08
|
|
RedBLoG 0.5 - 'cat_id' SQL Injection
|
12 |
WEB
|
x128
|
|
2006-03-08
|
|
Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution
|
11 |
WEB
|
rgod
|
|
2006-03-07
|
|
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
|
12 |
WEB
|
sirh0t
|
|
2006-03-07
|
|
CilemNews System 1.1 - 'yazdir.asp' haber_id SQL Injection
|
13 |
WEB
|
nukedx
|
|
2006-03-07
|
|
OWL Intranet Engine 0.82 - 'xrms_file_root' Code Execution
|
11 |
WEB
|
rgod
|
|
2006-03-06
|
|
D2-Shoutbox 4.2 IPB Mod - 'load' SQL Injection
|
9 |
WEB
|
SkOd
|
|
2006-03-04
|
|
Fantastic News 2.1.2 - 'script_path' Remote Code Execution
|
10 |
WEB
|
uid0
|
|
2006-03-04
|
|
TotalECommerce 1.0 - 'index.asp?id' SQL Injection
|
10 |
WEB
|
nukedx
|
|
2006-03-04
|
|
PHP-Stats 0.1.9.1 - Remote Commans Execution
|
10 |
WEB
|
rgod
|
