|
2006-02-06
|
|
MyQuiz 1.01 - 'PATH_INFO' Arbitrary Command Execution
|
4 |
WEB
|
Hessam-x
|
|
2006-02-05
|
|
phpBB 2.0.19 - Style Changer/Demo Mod SQL Injection
|
3 |
WEB
|
SkOd
|
|
2006-02-04
|
|
Clever Copy 3.0 - Admin Auth Details / SQL Injection
|
3 |
WEB
|
rgod
|
|
2006-02-03
|
|
LoudBlog 0.4 - Remote File Inclusion
|
1 |
WEB
|
rgod
|
|
2006-01-31
|
|
Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection
|
3 |
WEB
|
SkOd
|
|
2006-01-30
|
|
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
|
3 |
WEB
|
cijfer
|
|
2006-01-29
|
|
phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure
|
3 |
WEB
|
threesixthousan
|
|
2006-01-25
|
|
Phpclanwebsite 1.23.1 - SQL Injection
|
3 |
WEB
|
matrix_killer
|
|
2006-01-24
|
|
creLoaded 6.15 - 'HTMLAREA' Automated Perl
|
4 |
WEB
|
kaneda
|
|
2006-01-22
|
|
EZDatabase 2.0 - 'db_id' Remote Command Execution
|
4 |
WEB
|
cijfer
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - 'hid' SQL Injection
|
4 |
WEB
|
DetMyl
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - Multiple SQL Injections
|
4 |
WEB
|
nukedx
|
|
2006-01-09
|
|
Magic News Plus 1.0.3 - Admin Pass Change
|
4 |
WEB
|
cijfer
|
|
2006-01-04
|
|
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
|
3 |
WEB
|
cijfer
|
|
2006-01-03
|
|
Valdersoft Shopping Cart 3.0 - Remote Command Execution
|
4 |
WEB
|
cijfer
|
|
2006-01-01
|
|
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
|
3 |
WEB
|
cijfer
|
|
2005-12-30
|
|
WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection
|
3 |
WEB
|
DevilBox
|
|
2005-12-30
|
|
CubeCart 3.0.6 - Remote Command Execution
|
3 |
WEB
|
cijfer
|
|
2005-12-29
|
|
phpDocumentor 1.3.0 rc4 - Remote Command Execution
|
4 |
WEB
|
rgod
|
|
2005-12-24
|
|
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
|
3 |
WEB
|
RusH
|
|
2005-12-24
|
|
Dev Web Management System 1.5 - 'cat' SQL Injection
|
4 |
WEB
|
rgod
|
|
2005-12-23
|
|
PHP-Fusion 6.00.3 - 'rating' SQL Injection
|
2 |
WEB
|
krasza
|
|
2005-12-21
|
|
phpBB 2.0.18 - Cross-Site Scripting / Cookie Disclosure
|
3 |
WEB
|
jet
|
|
2006-02-20
|
|
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
|
2 |
WEB
|
DarkFig
|
|
2005-12-20
|
|
PHPGedView 3.3.7 - Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-12-14
|
|
Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution
|
3 |
WEB
|
rgod
|
|
2005-12-12
|
|
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-12-10
|
|
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
|
3 |
WEB
|
rgod
|
|
2005-12-08
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (2)
|
3 |
WEB
|
pointslash
|
|
2005-12-08
|
|
Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-12-07
|
|
SimpleBBS 1.1 - Remote Command Execution
|
4 |
WEB
|
unitedasia
|
|
2005-12-07
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (1)
|
4 |
WEB
|
rgod
|
|
2005-12-06
|
|
SimpleBBS 1.1 - Remote Command Execution
|
3 |
WEB
|
rgod
|
|
2005-12-04
|
|
DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload
|
3 |
WEB
|
rgod
|
|
2005-12-02
|
|
Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection
|
4 |
WEB
|
rgod
|
|
2005-11-28
|
|
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution
|
4 |
WEB
|
rgod
|
|
2005-11-25
|
|
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload
|
4 |
WEB
|
rgod
|
|
2005-11-22
|
|
Mambo 4.5.2 - Globals Overwrite / Remote Command Execution
|
3 |
WEB
|
rgod
|
|
2005-11-17
|
|
EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution
|
4 |
WEB
|
rgod
|
|
2005-11-16
|
|
PHP-Nuke 7.8 Search Module - SQL Injection
|
4 |
WEB
|
anonymous
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'forum' SQL Injection
|
4 |
WEB
|
AhLam
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection
|
3 |
WEB
|
rgod
|
|
2005-11-14
|
|
Wizz Forum 1.20 - 'TopicID' SQL Injection
|
4 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Cyphor 0.19 - 'show.php?id' SQL Injection
|
4 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Arki-DB 1.0 - 'catid' SQL Injection
|
2 |
WEB
|
Devil-00
|
|
2005-11-14
|
|
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
|
3 |
WEB
|
rgod
|
|
2005-11-13
|
|
Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection
|
2 |
WEB
|
DiGiTAL_MiDWAY
|
|
2005-11-12
|
|
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
|
3 |
WEB
|
rgod
|
|
2005-11-10
|
|
Moodle 1.6dev - SQL Injection / Command Execution
|
4 |
WEB
|
rgod
|
|
2005-11-07
|
|
ATutor 1.5.1pl2 - SQL Injection / Command Execution
|
4 |
WEB
|
rgod
|
|
2005-11-06
|
|
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
|
3 |
WEB
|
B~HFH
|
|
2005-11-03
|
|
CuteNews 1.4.1 - Shell Injection / Remote Command Execution
|
4 |
WEB
|
rgod
|
|
2005-11-02
|
|
VuBB Forum RC1 - 'm' SQL Injection
|
5 |
WEB
|
Devil-00
|
|
2005-10-31
|
|
Subdreamer 2.2.1 - SQL Injection / Command Execution
|
4 |
WEB
|
RusH
|
|
2005-10-26
|
|
TClanPortal 1.1.3 - 'id' SQL Injection
|
4 |
WEB
|
Devil-00
|
|
2005-10-23
|
|
PHP-Nuke 7.8 - SQL Injection / Remote Command Execution
|
4 |
WEB
|
rgod
|
|
2005-10-15
|
|
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
|
4 |
WEB
|
nukedx
|
|
2005-10-14
|
|
w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-10-10
|
|
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)
|
4 |
WEB
|
rgod
|
|
2005-10-10
|
|
phpMyAdmin 2.6.4-pl1 - Directory Traversal
|
4 |
WEB
|
cXIb8O3
|
|
2005-10-08
|
|
Cyphor 0.19 - Board Takeover (SQL Injection)
|
4 |
WEB
|
rgod
|
|
2005-10-06
|
|
Utopia News Pro 1.1.3 - 'news.php' SQL Injection
|
4 |
WEB
|
rgod
|
|
2005-09-28
|
|
PHP-Fusion 6.00.109 - 'msg_send' SQL Injection
|
4 |
WEB
|
rgod
|
|
2005-09-27
|
|
Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)
|
4 |
WEB
|
Nicolas Gregoire
|
|
2005-09-24
|
|
MailGust 1.9 - Board Takeover (SQL Injection)
|
6 |
WEB
|
rgod
|
|
2005-09-23
|
|
phpMyFAQ 1.5.1 - 'User-Agent' Remote Shell Injection
|
2 |
WEB
|
rgod
|
|
2005-09-22
|
|
My Little Forum 1.5 - 'SearchString' SQL Injection
|
4 |
WEB
|
rgod
|
|
2005-09-17
|
|
CuteNews 1.4.0 - Shell Injection / Remote Command Execution
|
4 |
WEB
|
rgod
|
|
2005-09-16
|
|
PHP-Nuke 7.8 - 'modules.php' SQL Injection
|
4 |
WEB
|
RusH
|
|
2005-09-15
|
|
phpWebSite 0.10.0 - 'module' SQL Injection
|
4 |
WEB
|
RusH
|
|
2005-09-13
|
|
AzDGDatingLite 2.1.3 - Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-09-11
|
|
PhpTagCool 1.0.3 - SQL Injection
|
4 |
WEB
|
Megabyte
|
|
2005-03-27
|
|
phpMyFamily 1.4.0 - SQL Injection
|
4 |
WEB
|
basher13
|
|
2005-09-09
|
|
Class-1 Forum 0.24.4 - Remote Code Execution
|
5 |
WEB
|
rgod
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (2)
|
4 |
WEB
|
RusH
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (1)
|
5 |
WEB
|
rgod
|
|
2005-09-04
|
|
man2web 0.88 - Multiple Remote Command Executions (2)
|
4 |
WEB
|
tracewar
|
|
2005-09-01
|
|
Simple PHP Blog 0.4.0 - Multiple Remote s
|
4 |
WEB
|
Kenneth Belva
|
|
2005-08-31
|
|
vBulletin 3.0.8 - Accessible Database Backup Searcher (3)
|
5 |
WEB
|
str0ke
|
|
2005-08-22
|
|
MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection
|
4 |
WEB
|
Alpha_Programmer
|
|
2005-08-10
|
|
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
|
4 |
WEB
|
str0ke
|
|
2005-08-09
|
|
WordPress Core 1.5.1.3 - Remote Code Execution
|
4 |
WEB
|
Kartoffelguru
|
|
2005-08-08
|
|
Flatnuke 2.5.5 - Remote Code Execution
|
4 |
WEB
|
rgod
|
|
2005-08-05
|
|
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
|
4 |
WEB
|
Easyex
|
|
2005-08-05
|
|
MySQL Eventum 1.5.5 - 'login.php' SQL Injection
|
4 |
WEB
|
GulfTech Security
|
|
2005-08-03
|
|
vBulletin 3.0.6 - 'template' Command Execution (Metasploit)
|
4 |
WEB
|
str0ke
|
|
2005-07-25
|
|
FtpLocate 2.02 - 'current' Remote Command Execution
|
3 |
WEB
|
newbug
|
|
2005-07-19
|
|
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
|
4 |
WEB
|
str0ke
|
|
2005-07-18
|
|
Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota
|
4 |
WEB
|
Soroush Dalili
|
|
2005-07-18
|
|
Open Bulletin Board 1.0.5 - SQL Injection
|
4 |
WEB
|
RusH
|
|
2005-07-14
|
|
e107 0.617 - Cross-Site Scripting Remote Cookie Disclosure
|
4 |
WEB
|
warlord
|
|
2005-07-13
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
|
4 |
WEB
|
Sjaak Rake
|
|
2005-07-11
|
|
BlogTorrent 0.92 - Remote Password Disclosure
|
4 |
WEB
|
LazyCrs
|
|
2005-07-08
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure
|
4 |
WEB
|
D|ablo
|
|
2005-07-05
|
|
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
|
4 |
WEB
|
dab
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)
|
3 |
WEB
|
Mike Rifone
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)
|
4 |
WEB
|
dukenn
|
|
2005-07-04
|
|
XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
|
3 |
WEB
|
RusH
|
|
2005-07-03
|
|
phpBB 2.0.15 - 'highlight' Database Authentication Details
|
3 |
WEB
|
SecureD
|
|
2005-07-01
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
|
3 |
WEB
|
ilo--
|
|
2005-06-30
|
|
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
|
3 |
WEB
|
GulfTech Security
|
|
2005-06-29
|
|
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution
|
2 |
WEB
|
rattle
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'comment_post.asp' SQL Injection
|
4 |
WEB
|
Alberto Trivero
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'article.asp' SQL Injection
|
4 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection
|
4 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
PHP-Fusion 6.00.105 - Accessible Database Backups Download
|
4 |
WEB
|
Easyex
|
|
2005-06-22
|
|
Cacti 0.8.6d - Remote Command Execution
|
4 |
WEB
|
Alberto Trivero
|
|
2005-06-21
|
|
Mambo 4.5.2.1 - SQL Injection
|
4 |
WEB
|
RusH
|
|
2005-06-21
|
|
Forum Russian Board 4.2 - Full Command Execution
|
4 |
WEB
|
RusH
|
|
2005-06-21
|
|
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
|
4 |
WEB
|
RusH
|
|
2005-06-21
|
|
MercuryBoard 1.1.4 - SQL Injection
|
3 |
WEB
|
RusH
|
|
2005-06-21
|
|
Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection
|
4 |
WEB
|
GulfTech Security
|
|
2005-06-19
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (2)
|
4 |
WEB
|
K-C0d3r
|
|
2005-06-17
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (1)
|
4 |
WEB
|
mh_p0rtal
|
|
2005-06-16
|
|
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
|
3 |
WEB
|
Alberto Trivero
|
|
2005-06-15
|
|
PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password
|
3 |
WEB
|
Alpha_Programmer
|
|
2005-06-15
|
|
Mambo 4.5.2.1 - Fetch Password Hash
|
4 |
WEB
|
pokleyzz
|
|
2005-06-15
|
|
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
|
4 |
WEB
|
Action Spider
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (3)
|
4 |
WEB
|
MadSheep
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (C) (2)
|
4 |
WEB
|
Alpha_Programmer
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (1)
|
4 |
WEB
|
Alpha_Programmer
|
|
2005-06-08
|
|
Invision Power Board 1.3.1 - 'login.php' SQL Injection
|
4 |
WEB
|
anonymous
|
|
2005-06-22
|
|
WordPress Core 1.5.1.1 - SQL Injection
|
4 |
WEB
|
Alberto Trivero
|
|
2005-06-06
|
|
Portail PHP < 1.3 - SQL Injection
|
4 |
WEB
|
Alberto Trivero
|
|
2005-06-05
|
|
PostNuke 0.750 - 'readpmsg.php' SQL Injection
|
4 |
WEB
|
K-C0d3r
|
