|
2005-08-08
|
|
Flatnuke 2.5.5 - Remote Code Execution
|
10 |
WEB
|
rgod
|
|
2005-08-05
|
|
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
|
11 |
WEB
|
Easyex
|
|
2005-08-05
|
|
MySQL Eventum 1.5.5 - 'login.php' SQL Injection
|
11 |
WEB
|
GulfTech Security
|
|
2005-08-03
|
|
vBulletin 3.0.6 - 'template' Command Execution (Metasploit)
|
12 |
WEB
|
str0ke
|
|
2005-07-25
|
|
FtpLocate 2.02 - 'current' Remote Command Execution
|
9 |
WEB
|
newbug
|
|
2005-07-19
|
|
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
|
10 |
WEB
|
str0ke
|
|
2005-07-18
|
|
Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota
|
10 |
WEB
|
Soroush Dalili
|
|
2005-07-18
|
|
Open Bulletin Board 1.0.5 - SQL Injection
|
10 |
WEB
|
RusH
|
|
2005-07-14
|
|
e107 0.617 - Cross-Site Scripting Remote Cookie Disclosure
|
10 |
WEB
|
warlord
|
|
2005-07-13
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
|
10 |
WEB
|
Sjaak Rake
|
|
2005-07-11
|
|
BlogTorrent 0.92 - Remote Password Disclosure
|
10 |
WEB
|
LazyCrs
|
|
2005-07-08
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure
|
10 |
WEB
|
D|ablo
|
|
2005-07-05
|
|
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
|
10 |
WEB
|
dab
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)
|
10 |
WEB
|
Mike Rifone
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)
|
12 |
WEB
|
dukenn
|
|
2005-07-04
|
|
XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
|
10 |
WEB
|
RusH
|
|
2005-07-03
|
|
phpBB 2.0.15 - 'highlight' Database Authentication Details
|
10 |
WEB
|
SecureD
|
|
2005-07-01
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
|
10 |
WEB
|
ilo--
|
|
2005-06-30
|
|
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
|
10 |
WEB
|
GulfTech Security
|
|
2005-06-29
|
|
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution
|
9 |
WEB
|
rattle
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'comment_post.asp' SQL Injection
|
10 |
WEB
|
Alberto Trivero
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'article.asp' SQL Injection
|
11 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection
|
11 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
PHP-Fusion 6.00.105 - Accessible Database Backups Download
|
10 |
WEB
|
Easyex
|
|
2005-06-22
|
|
Cacti 0.8.6d - Remote Command Execution
|
10 |
WEB
|
Alberto Trivero
|
|
2005-06-21
|
|
Mambo 4.5.2.1 - SQL Injection
|
10 |
WEB
|
RusH
|
|
2005-06-21
|
|
Forum Russian Board 4.2 - Full Command Execution
|
10 |
WEB
|
RusH
|
|
2005-06-21
|
|
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
|
10 |
WEB
|
RusH
|
|
2005-06-21
|
|
MercuryBoard 1.1.4 - SQL Injection
|
9 |
WEB
|
RusH
|
|
2005-06-21
|
|
Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection
|
12 |
WEB
|
GulfTech Security
|
|
2005-06-19
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (2)
|
10 |
WEB
|
K-C0d3r
|
|
2005-06-17
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (1)
|
10 |
WEB
|
mh_p0rtal
|
|
2005-06-16
|
|
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
|
11 |
WEB
|
Alberto Trivero
|
|
2005-06-15
|
|
PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-06-15
|
|
Mambo 4.5.2.1 - Fetch Password Hash
|
11 |
WEB
|
pokleyzz
|
|
2005-06-15
|
|
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
|
12 |
WEB
|
Action Spider
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (3)
|
11 |
WEB
|
MadSheep
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (C) (2)
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (1)
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-06-08
|
|
Invision Power Board 1.3.1 - 'login.php' SQL Injection
|
12 |
WEB
|
anonymous
|
|
2005-06-22
|
|
WordPress Core 1.5.1.1 - SQL Injection
|
11 |
WEB
|
Alberto Trivero
|
|
2005-06-06
|
|
Portail PHP < 1.3 - SQL Injection
|
10 |
WEB
|
Alberto Trivero
|
|
2005-06-05
|
|
PostNuke 0.750 - 'readpmsg.php' SQL Injection
|
10 |
WEB
|
K-C0d3r
|
|
2005-05-31
|
|
MyBloggie 2.1.1 < 2.1.2 - SQL Injection
|
10 |
WEB
|
Alberto Trivero
|
|
2005-05-31
|
|
MyBulletinBoard (MyBB) 1.00 RC4 - 'calendar.php' SQL Injection
|
12 |
WEB
|
Alberto Trivero
|
|
2005-05-31
|
|
ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell
|
11 |
WEB
|
n0gada
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)
|
10 |
WEB
|
Nikyt0x
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)
|
9 |
WEB
|
mh_p0rtal
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-05-27
|
|
Hosting Controller 0.6.1 - User Registration (3)
|
10 |
WEB
|
Soroush Dalili
|
|
2005-05-27
|
|
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
|
10 |
WEB
|
Danica Jones
|
|
2005-05-26
|
|
Invision Power Board 2.0.3 - 'login.php' SQL Injection
|
10 |
WEB
|
Petey Beege
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
|
10 |
WEB
|
Soroush Dalili
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (2)
|
10 |
WEB
|
mh_p0rtal
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-05-20
|
|
Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection
|
12 |
WEB
|
deluxe89
|
|
2005-05-20
|
|
WebAPP 0.9.9.2.1 - Remote Command Execution (1)
|
10 |
WEB
|
Alpha_Programmer
|
|
2005-05-20
|
|
WebAPP 0.9.9.2.1 - Remote Command Execution (2)
|
19 |
WEB
|
Nikyt0x
|
|
2005-05-20
|
|
Fusion SBX 1.2 - Remote Command Execution
|
10 |
WEB
|
Silentium
|
|
2005-05-17
|
|
ZPanel 2.5b10 - SQL Injection
|
12 |
WEB
|
RusH
|
|
2005-05-13
|
|
PhotoPost - Arbitrary Data Hash
|
10 |
WEB
|
basher13
|
|
2005-05-06
|
|
ZeroBoard - Worm Source Code
|
10 |
WEB
|
anonymous
|
|
2005-05-04
|
|
I-Mall Commerce - 'i-mall.cgi' Remote Command Execution
|
10 |
WEB
|
Jerome Athias
|
|
2005-04-25
|
|
E-Cart 1.1 - 'index.cgi' Remote Command Execution
|
10 |
WEB
|
z
|
|
2005-04-13
|
|
S9Y Serendipity 0.8beta4 - 'exit.php' SQL Injection
|
10 |
WEB
|
kre0n
|
|
2005-04-11
|
|
PunBB 1.2.4 - 'id' SQL Injection
|
10 |
WEB
|
Stefan Esser
|
|
2005-04-09
|
|
ACNews 1.0 - Authentication Bypass
|
7 |
WEB
|
LaMeR
|
|
2005-04-08
|
|
The Includer CGI 1.0 - Remote Command Execution (3)
|
10 |
WEB
|
K-C0d3r
|
|
2005-04-08
|
|
The Includer CGI 1.0 - Remote Command Execution (2)
|
10 |
WEB
|
GreenwooD
|
|
2005-04-07
|
|
PHP-Nuke 6.x < 7.6 Top module - SQL Injection
|
9 |
WEB
|
Fabrizi Andrea
|
|
2005-04-04
|
|
phpBB 2.0.13 - 'Calendar Pro' mod Get Hash
|
13 |
WEB
|
CereBrums
|
|
2005-04-02
|
|
phpBB 2.0.13 - 'downloads.php' mod Get Hash
|
11 |
WEB
|
CereBrums
|
|
2005-03-29
|
|
PunBB 1.2.2 - Authentication Bypass
|
11 |
WEB
|
RusH
|
|
2005-03-24
|
|
phpBB 2.0.12 - Change User Rights Authentication Bypass
|
11 |
WEB
|
str0ke
|
|
2005-03-21
|
|
phpMyFamily 1.4.0 - Authentication Bypass
|
11 |
WEB
|
kre0n
|
|
2005-03-21
|
|
phpBB 2.0.12 - Change User Rights Authentication Bypass
|
11 |
WEB
|
Kutas
|
|
2005-03-15
|
|
ZPanel 2.5 - SQL Injection
|
11 |
WEB
|
Mikhail
|
|
2005-03-11
|
|
phpDEV5 - Remote Default Insecure Users
|
11 |
WEB
|
Ali7
|
|
2005-03-11
|
|
SocialMPN - Arbitrary File Injection
|
12 |
WEB
|
y3dips
|
|
2005-03-11
|
|
phpBB 2.0.12 - Session Handling Authentication Bypass
|
10 |
WEB
|
Ali7
|
|
2005-03-10
|
|
Download Center Lite (DCL) 1.5 - Remote File Inclusion
|
10 |
WEB
|
Filip Groszynski
|
|
2005-03-08
|
|
paNews 2.0b4 - Remote Admin Creation SQL Injection
|
10 |
WEB
|
Silentium
|
|
2005-03-07
|
|
PHP mcNews 1.3 - 'skinfile' Remote File Inclusion
|
10 |
WEB
|
Filip Groszynski
|
|
2005-03-07
|
|
phpWebLog 0.5.3 - Arbitrary File Inclusion
|
11 |
WEB
|
Filip Groszynski
|
|
2005-03-07
|
|
The Includer CGI 1.0 - Remote Command Execution (1)
|
10 |
WEB
|
Francisco Alisson
|
|
2005-03-07
|
|
Aztek Forum 4.0 - 'myadmin.php' Database Dumper
|
10 |
WEB
|
sirius_black
|
|
2005-03-05
|
|
phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)
|
11 |
WEB
|
PPC
|
|
2005-03-05
|
|
PHP Form Mail 2.3 - Arbitrary File Inclusion
|
16 |
WEB
|
Filip Groszynski
|
|
2005-03-02
|
|
AWStats 5.7 < 6.2 - Multiple Remote s
|
12 |
WEB
|
omin0us
|
|
2005-02-24
|
|
AWStats 5.7 < 6.2 - Multiple Remote
|
12 |
WEB
|
Silentium
|
|
2005-02-22
|
|
vBulletin 3.0.6 - PHP Code Injection
|
13 |
WEB
|
pokley
|
|
2005-02-15
|
|
vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)
|
14 |
WEB
|
AL3NDALEEB
|
|
2005-02-14
|
|
vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)
|
11 |
WEB
|
AL3NDALEEB
|
|
2005-02-12
|
|
MercuryBoard 1.1.1 - SQL Injection
|
12 |
WEB
|
Zeelock
|
|
2005-02-10
|
|
Chipmunk Forums - SQL Injection
|
13 |
WEB
|
GHC
|
|
2005-02-10
|
|
CMScore - SQL Injection
|
11 |
WEB
|
GHC
|
|
2005-02-10
|
|
MyPHP Forum 1.0 - SQL Injection
|
12 |
WEB
|
GHC
|
|
2005-02-09
|
|
PHP-Nuke 7.4 - Admin
|
11 |
WEB
|
Silentium
|
|
2005-02-08
|
|
PostNuke PostWrap Module - Remote File Inclusion / Code Execution
|
12 |
WEB
|
ALBANIA SECURITY
|
|
2005-02-05
|
|
PerlDesk 1.x - SQL Injection
|
11 |
WEB
|
deluxe89
|
|
2005-02-04
|
|
LiteForum 2.1.1 - SQL Injection
|
10 |
WEB
|
RusH
|
|
2005-01-25
|
|
Siteman 1.1.10 - Remote Administrative Account Addition
|
12 |
WEB
|
Noam Rathaus
|
|
2005-01-25
|
|
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution
|
10 |
WEB
|
GHC
|
|
2005-01-25
|
|
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution
|
10 |
WEB
|
THUNDER
|
|
2005-01-13
|
|
ITA Forum 1.49 - SQL Injection
|
9 |
WEB
|
RusH
|
|
2005-01-04
|
|
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista
|
11 |
WEB
|
Severino Honorato
|
|
2005-01-04
|
|
QwikiWiki - Directory Traversal
|
11 |
WEB
|
Madelman
|
|
2004-12-25
|
|
PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
|
10 |
WEB
|
anonymous
|
|
2004-12-25
|
|
Sanity.b - phpBB 2.0.10 Bot Install (AOL/Yahoo Search)
|
10 |
WEB
|
anonymous
|
|
2004-12-22
|
|
e107 - 'include()' Remote File Upload
|
12 |
WEB
|
sysbug
|
|
2004-12-22
|
|
phpMyChat 0.14.5 - Remote Improper File Permissions
|
12 |
WEB
|
sysbug
|
|
2004-12-22
|
|
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload
|
10 |
WEB
|
anonymous
|
|
2004-12-17
|
|
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak
|
12 |
WEB
|
overdose
|
|
2004-12-05
|
|
phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Code Execution
|
10 |
WEB
|
evilrabbi
|
|
2004-12-03
|
|
phpBB 2.0.10 - Remote Command Execution (CGI)
|
10 |
WEB
|
ZzagorR
|
|
2004-11-25
|
|
Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal
|
11 |
WEB
|
Zero X
|
|
2004-11-22
|
|
Invision Power Board 2.0.0 < 2.0.2 - SQL Injection
|
12 |
WEB
|
RusH
|
|
2004-11-22
|
|
phpBB 2.0.10 - Remote Command Execution
|
10 |
WEB
|
RusH
|
|
2004-11-21
|
|
GFHost PHP GMail - Remote Command Execution
|
10 |
WEB
|
spabam
|
|
2004-11-20
|
|
TWiki 20030201 - 'search.pm' Remote Command Execution
|
10 |
WEB
|
RoMaNSoFt
|
|
2004-11-16
|
|
MiniBB 1.7f - 'user' SQL Injection
|
10 |
WEB
|
anonymous
|
|
2004-11-15
|
|
vBulletin - 'LAST.php' SQL Injection
|
11 |
WEB
|
anonymous
|
|
2004-11-15
|
|
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force
|
10 |
WEB
|
RusH
|
|
2004-10-13
|
|
ocPortal 1.0.3 - Remote File Inclusion
|
10 |
WEB
|
Exoduks
|
|
2004-10-10
|
|
WordPress Core 1.2 - HTTP Splitting
|
11 |
WEB
|
Tenable NS
|
