|
2006-02-25
|
|
Pentacle In-Out Board 6.03 - 'newsdetailsview' SQL Injection
|
8 |
WEB
|
nukedx
|
|
2006-02-25
|
|
iGENUS WebMail 2.0.2 - 'config_inc.php' Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2006-02-24
|
|
Lansuite 2.1.0 Beta - 'fid' SQL Injection
|
7 |
WEB
|
x128
|
|
2006-02-24
|
|
phpWebSite 0.10.0-full - 'topics.php' SQL Injection
|
8 |
WEB
|
SnIpEr_SA
|
|
2006-02-23
|
|
VHCS 2.4.7.1 - Add User Authentication Bypass
|
7 |
WEB
|
RoMaNSoFt
|
|
2006-02-23
|
|
PHP-Nuke 7.5 < 7.8 - 'Search' SQL Injection
|
7 |
WEB
|
unitedbr
|
|
2006-02-23
|
|
NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2006-02-22
|
|
Noahs Classifieds 1.3 - 'lowerTemplate' Remote Code Execution
|
8 |
WEB
|
trueend5
|
|
2006-02-20
|
|
ilchClan 1.05g - 'tid' SQL Injection
|
9 |
WEB
|
x128
|
|
2006-02-20
|
|
GeekLog 1.x - 'error.log' Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2006-02-19
|
|
MiniNuke 1.8.2b - 'pages.asp' SQL Injection
|
7 |
WEB
|
nukedx
|
|
2006-02-19
|
|
BXCP 0.2.9.9 - 'tid' SQL Injection
|
7 |
WEB
|
x128
|
|
2006-02-19
|
|
Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2006-02-17
|
|
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2006-02-17
|
|
Gravity Board X 1.1 - 'csscontent' Remote Code Execution
|
7 |
WEB
|
RusH
|
|
2006-02-17
|
|
Zorum Forum 3.5 - 'rollid' SQL Injection
|
7 |
WEB
|
RusH
|
|
2006-02-17
|
|
AWStats < 6.4 - 'referer' Remote Command Execution
|
7 |
WEB
|
RusH
|
|
2006-02-16
|
|
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
|
9 |
WEB
|
cijfer
|
|
2006-02-16
|
|
PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2006-02-15
|
|
MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections
|
8 |
WEB
|
HACKERS PAL
|
|
2006-02-14
|
|
webSPELL 4.01 - 'title_op' SQL Injection
|
7 |
WEB
|
x128
|
|
2006-02-13
|
|
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution
|
9 |
WEB
|
rgod
|
|
2006-02-13
|
|
EnterpriseGS 1.0 rc4 - Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2006-02-13
|
|
Invision Power Board Army System Mod 2.1 - SQL Injection
|
8 |
WEB
|
fRoGGz
|
|
2006-02-11
|
|
DocMGR 0.54.2 - 'file_exists' Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2006-02-09
|
|
RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
|
7 |
WEB
|
rgod
|
|
2006-02-09
|
|
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
|
7 |
WEB
|
rgod
|
|
2006-02-08
|
|
SPIP 1.8.2g - Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2006-02-08
|
|
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution
|
9 |
WEB
|
rgod
|
|
2006-02-06
|
|
ASPThai.Net Guestbook 5.5 - Authentication Bypass
|
7 |
WEB
|
Zodiac
|
|
2006-02-06
|
|
MyQuiz 1.01 - 'PATH_INFO' Arbitrary Command Execution
|
8 |
WEB
|
Hessam-x
|
|
2006-02-05
|
|
phpBB 2.0.19 - Style Changer/Demo Mod SQL Injection
|
7 |
WEB
|
SkOd
|
|
2006-02-04
|
|
Clever Copy 3.0 - Admin Auth Details / SQL Injection
|
8 |
WEB
|
rgod
|
|
2006-02-03
|
|
LoudBlog 0.4 - Remote File Inclusion
|
7 |
WEB
|
rgod
|
|
2006-01-31
|
|
Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection
|
9 |
WEB
|
SkOd
|
|
2006-01-30
|
|
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
|
8 |
WEB
|
cijfer
|
|
2006-01-29
|
|
phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure
|
8 |
WEB
|
threesixthousan
|
|
2006-01-25
|
|
Phpclanwebsite 1.23.1 - SQL Injection
|
7 |
WEB
|
matrix_killer
|
|
2006-01-24
|
|
creLoaded 6.15 - 'HTMLAREA' Automated Perl
|
8 |
WEB
|
kaneda
|
|
2006-01-22
|
|
EZDatabase 2.0 - 'db_id' Remote Command Execution
|
8 |
WEB
|
cijfer
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - 'hid' SQL Injection
|
7 |
WEB
|
DetMyl
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - Multiple SQL Injections
|
7 |
WEB
|
nukedx
|
|
2006-01-09
|
|
Magic News Plus 1.0.3 - Admin Pass Change
|
8 |
WEB
|
cijfer
|
|
2006-01-04
|
|
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
|
7 |
WEB
|
cijfer
|
|
2006-01-03
|
|
Valdersoft Shopping Cart 3.0 - Remote Command Execution
|
8 |
WEB
|
cijfer
|
|
2006-01-01
|
|
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
|
8 |
WEB
|
cijfer
|
|
2005-12-30
|
|
WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection
|
8 |
WEB
|
DevilBox
|
|
2005-12-30
|
|
CubeCart 3.0.6 - Remote Command Execution
|
7 |
WEB
|
cijfer
|
|
2005-12-29
|
|
phpDocumentor 1.3.0 rc4 - Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-12-24
|
|
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
|
7 |
WEB
|
RusH
|
|
2005-12-24
|
|
Dev Web Management System 1.5 - 'cat' SQL Injection
|
8 |
WEB
|
rgod
|
|
2005-12-23
|
|
PHP-Fusion 6.00.3 - 'rating' SQL Injection
|
7 |
WEB
|
krasza
|
|
2005-12-21
|
|
phpBB 2.0.18 - Cross-Site Scripting / Cookie Disclosure
|
8 |
WEB
|
jet
|
|
2006-02-20
|
|
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
|
7 |
WEB
|
DarkFig
|
|
2005-12-20
|
|
PHPGedView 3.3.7 - Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-12-14
|
|
Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2005-12-12
|
|
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-12-10
|
|
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2005-12-08
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (2)
|
7 |
WEB
|
pointslash
|
|
2005-12-08
|
|
Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-12-07
|
|
SimpleBBS 1.1 - Remote Command Execution
|
8 |
WEB
|
unitedasia
|
|
2005-12-07
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (1)
|
8 |
WEB
|
rgod
|
|
2005-12-06
|
|
SimpleBBS 1.1 - Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-12-04
|
|
DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload
|
8 |
WEB
|
rgod
|
|
2005-12-02
|
|
Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection
|
9 |
WEB
|
rgod
|
|
2005-11-28
|
|
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-11-25
|
|
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload
|
8 |
WEB
|
rgod
|
|
2005-11-22
|
|
Mambo 4.5.2 - Globals Overwrite / Remote Command Execution
|
7 |
WEB
|
rgod
|
|
2005-11-17
|
|
EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution
|
8 |
WEB
|
rgod
|
|
2005-11-16
|
|
PHP-Nuke 7.8 Search Module - SQL Injection
|
8 |
WEB
|
anonymous
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'forum' SQL Injection
|
8 |
WEB
|
AhLam
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection
|
8 |
WEB
|
rgod
|
|
2005-11-14
|
|
Wizz Forum 1.20 - 'TopicID' SQL Injection
|
10 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Cyphor 0.19 - 'show.php?id' SQL Injection
|
9 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Arki-DB 1.0 - 'catid' SQL Injection
|
7 |
WEB
|
Devil-00
|
|
2005-11-14
|
|
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
|
9 |
WEB
|
rgod
|
|
2005-11-13
|
|
Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection
|
7 |
WEB
|
DiGiTAL_MiDWAY
|
|
2005-11-12
|
|
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
|
7 |
WEB
|
rgod
|
|
2005-11-10
|
|
Moodle 1.6dev - SQL Injection / Command Execution
|
8 |
WEB
|
rgod
|
|
2005-11-07
|
|
ATutor 1.5.1pl2 - SQL Injection / Command Execution
|
8 |
WEB
|
rgod
|
|
2005-11-06
|
|
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
|
7 |
WEB
|
B~HFH
|
|
2005-11-03
|
|
CuteNews 1.4.1 - Shell Injection / Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-11-02
|
|
VuBB Forum RC1 - 'm' SQL Injection
|
9 |
WEB
|
Devil-00
|
|
2005-10-31
|
|
Subdreamer 2.2.1 - SQL Injection / Command Execution
|
8 |
WEB
|
RusH
|
|
2005-10-26
|
|
TClanPortal 1.1.3 - 'id' SQL Injection
|
9 |
WEB
|
Devil-00
|
|
2005-10-23
|
|
PHP-Nuke 7.8 - SQL Injection / Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-10-15
|
|
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
|
8 |
WEB
|
nukedx
|
|
2005-10-14
|
|
w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-10-10
|
|
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)
|
8 |
WEB
|
rgod
|
|
2005-10-10
|
|
phpMyAdmin 2.6.4-pl1 - Directory Traversal
|
8 |
WEB
|
cXIb8O3
|
|
2005-10-08
|
|
Cyphor 0.19 - Board Takeover (SQL Injection)
|
8 |
WEB
|
rgod
|
|
2005-10-06
|
|
Utopia News Pro 1.1.3 - 'news.php' SQL Injection
|
8 |
WEB
|
rgod
|
|
2005-09-28
|
|
PHP-Fusion 6.00.109 - 'msg_send' SQL Injection
|
8 |
WEB
|
rgod
|
|
2005-09-27
|
|
Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)
|
8 |
WEB
|
Nicolas Gregoire
|
|
2005-09-24
|
|
MailGust 1.9 - Board Takeover (SQL Injection)
|
10 |
WEB
|
rgod
|
|
2005-09-23
|
|
phpMyFAQ 1.5.1 - 'User-Agent' Remote Shell Injection
|
9 |
WEB
|
rgod
|
|
2005-09-22
|
|
My Little Forum 1.5 - 'SearchString' SQL Injection
|
9 |
WEB
|
rgod
|
|
2005-09-17
|
|
CuteNews 1.4.0 - Shell Injection / Remote Command Execution
|
8 |
WEB
|
rgod
|
|
2005-09-16
|
|
PHP-Nuke 7.8 - 'modules.php' SQL Injection
|
8 |
WEB
|
RusH
|
|
2005-09-15
|
|
phpWebSite 0.10.0 - 'module' SQL Injection
|
8 |
WEB
|
RusH
|
|
2005-09-13
|
|
AzDGDatingLite 2.1.3 - Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-09-11
|
|
PhpTagCool 1.0.3 - SQL Injection
|
8 |
WEB
|
Megabyte
|
|
2005-03-27
|
|
phpMyFamily 1.4.0 - SQL Injection
|
9 |
WEB
|
basher13
|
|
2005-09-09
|
|
Class-1 Forum 0.24.4 - Remote Code Execution
|
9 |
WEB
|
rgod
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (2)
|
8 |
WEB
|
RusH
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (1)
|
9 |
WEB
|
rgod
|
|
2005-09-04
|
|
man2web 0.88 - Multiple Remote Command Executions (2)
|
8 |
WEB
|
tracewar
|
|
2005-09-01
|
|
Simple PHP Blog 0.4.0 - Multiple Remote s
|
9 |
WEB
|
Kenneth Belva
|
|
2005-08-31
|
|
vBulletin 3.0.8 - Accessible Database Backup Searcher (3)
|
9 |
WEB
|
str0ke
|
|
2005-08-22
|
|
MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection
|
8 |
WEB
|
Alpha_Programmer
|
|
2005-08-10
|
|
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
|
8 |
WEB
|
str0ke
|
|
2005-08-09
|
|
WordPress Core 1.5.1.3 - Remote Code Execution
|
8 |
WEB
|
Kartoffelguru
|
|
2005-08-08
|
|
Flatnuke 2.5.5 - Remote Code Execution
|
8 |
WEB
|
rgod
|
|
2005-08-05
|
|
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
|
8 |
WEB
|
Easyex
|
|
2005-08-05
|
|
MySQL Eventum 1.5.5 - 'login.php' SQL Injection
|
9 |
WEB
|
GulfTech Security
|
|
2005-08-03
|
|
vBulletin 3.0.6 - 'template' Command Execution (Metasploit)
|
8 |
WEB
|
str0ke
|
|
2005-07-25
|
|
FtpLocate 2.02 - 'current' Remote Command Execution
|
7 |
WEB
|
newbug
|
|
2005-07-19
|
|
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
|
8 |
WEB
|
str0ke
|
|
2005-07-18
|
|
Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota
|
8 |
WEB
|
Soroush Dalili
|
|
2005-07-18
|
|
Open Bulletin Board 1.0.5 - SQL Injection
|
8 |
WEB
|
RusH
|
|
2005-07-14
|
|
e107 0.617 - Cross-Site Scripting Remote Cookie Disclosure
|
8 |
WEB
|
warlord
|
|
2005-07-13
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
|
8 |
WEB
|
Sjaak Rake
|
|
2005-07-11
|
|
BlogTorrent 0.92 - Remote Password Disclosure
|
8 |
WEB
|
LazyCrs
|
|
2005-07-08
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure
|
8 |
WEB
|
D|ablo
|
|
2005-07-05
|
|
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
|
8 |
WEB
|
dab
|
