|
2005-12-02
|
|
Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection
|
20 |
WEB
|
rgod
|
|
2005-11-28
|
|
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution
|
19 |
WEB
|
rgod
|
|
2005-11-25
|
|
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload
|
19 |
WEB
|
rgod
|
|
2005-11-22
|
|
Mambo 4.5.2 - Globals Overwrite / Remote Command Execution
|
17 |
WEB
|
rgod
|
|
2005-11-17
|
|
EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution
|
18 |
WEB
|
rgod
|
|
2005-11-16
|
|
PHP-Nuke 7.8 Search Module - SQL Injection
|
18 |
WEB
|
anonymous
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'forum' SQL Injection
|
21 |
WEB
|
AhLam
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection
|
20 |
WEB
|
rgod
|
|
2005-11-14
|
|
Wizz Forum 1.20 - 'TopicID' SQL Injection
|
22 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Cyphor 0.19 - 'show.php?id' SQL Injection
|
21 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Arki-DB 1.0 - 'catid' SQL Injection
|
19 |
WEB
|
Devil-00
|
|
2005-11-14
|
|
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
|
21 |
WEB
|
rgod
|
|
2005-11-13
|
|
Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection
|
21 |
WEB
|
DiGiTAL_MiDWAY
|
|
2005-11-12
|
|
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
|
17 |
WEB
|
rgod
|
|
2005-11-10
|
|
Moodle 1.6dev - SQL Injection / Command Execution
|
19 |
WEB
|
rgod
|
|
2005-11-07
|
|
ATutor 1.5.1pl2 - SQL Injection / Command Execution
|
19 |
WEB
|
rgod
|
|
2005-11-06
|
|
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
|
17 |
WEB
|
B~HFH
|
|
2005-11-03
|
|
CuteNews 1.4.1 - Shell Injection / Remote Command Execution
|
19 |
WEB
|
rgod
|
|
2005-11-02
|
|
VuBB Forum RC1 - 'm' SQL Injection
|
21 |
WEB
|
Devil-00
|
|
2005-10-31
|
|
Subdreamer 2.2.1 - SQL Injection / Command Execution
|
18 |
WEB
|
RusH
|
|
2005-10-26
|
|
TClanPortal 1.1.3 - 'id' SQL Injection
|
22 |
WEB
|
Devil-00
|
|
2005-10-23
|
|
PHP-Nuke 7.8 - SQL Injection / Remote Command Execution
|
20 |
WEB
|
rgod
|
|
2005-10-15
|
|
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
|
25 |
WEB
|
nukedx
|
|
2005-10-14
|
|
w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution
|
22 |
WEB
|
rgod
|
|
2005-10-10
|
|
versatileBulletinBoard 1.00 RC2 - Board Takeover (SQL Injection)
|
20 |
WEB
|
rgod
|
|
2005-10-10
|
|
phpMyAdmin 2.6.4-pl1 - Directory Traversal
|
23 |
WEB
|
cXIb8O3
|
|
2005-10-08
|
|
Cyphor 0.19 - Board Takeover (SQL Injection)
|
22 |
WEB
|
rgod
|
|
2005-10-06
|
|
Utopia News Pro 1.1.3 - 'news.php' SQL Injection
|
21 |
WEB
|
rgod
|
|
2005-09-28
|
|
PHP-Fusion 6.00.109 - 'msg_send' SQL Injection
|
20 |
WEB
|
rgod
|
|
2005-09-27
|
|
Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)
|
19 |
WEB
|
Nicolas Gregoire
|
|
2005-09-24
|
|
MailGust 1.9 - Board Takeover (SQL Injection)
|
22 |
WEB
|
rgod
|
|
2005-09-23
|
|
phpMyFAQ 1.5.1 - 'User-Agent' Remote Shell Injection
|
21 |
WEB
|
rgod
|
|
2005-09-22
|
|
My Little Forum 1.5 - 'SearchString' SQL Injection
|
22 |
WEB
|
rgod
|
|
2005-09-17
|
|
CuteNews 1.4.0 - Shell Injection / Remote Command Execution
|
21 |
WEB
|
rgod
|
|
2005-09-16
|
|
PHP-Nuke 7.8 - 'modules.php' SQL Injection
|
22 |
WEB
|
RusH
|
|
2005-09-15
|
|
phpWebSite 0.10.0 - 'module' SQL Injection
|
22 |
WEB
|
RusH
|
|
2005-09-13
|
|
AzDGDatingLite 2.1.3 - Remote Code Execution
|
19 |
WEB
|
rgod
|
|
2005-09-11
|
|
PhpTagCool 1.0.3 - SQL Injection
|
19 |
WEB
|
Megabyte
|
|
2005-03-27
|
|
phpMyFamily 1.4.0 - SQL Injection
|
21 |
WEB
|
basher13
|
|
2005-09-09
|
|
Class-1 Forum 0.24.4 - Remote Code Execution
|
19 |
WEB
|
rgod
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (2)
|
21 |
WEB
|
RusH
|
|
2005-09-07
|
|
PBLang 4.65 - Remote Command Execution (1)
|
25 |
WEB
|
rgod
|
|
2005-09-04
|
|
man2web 0.88 - Multiple Remote Command Executions (2)
|
19 |
WEB
|
tracewar
|
|
2005-09-01
|
|
Simple PHP Blog 0.4.0 - Multiple Remote s
|
20 |
WEB
|
Kenneth Belva
|
|
2005-08-31
|
|
vBulletin 3.0.8 - Accessible Database Backup Searcher (3)
|
21 |
WEB
|
str0ke
|
|
2005-08-22
|
|
MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection
|
20 |
WEB
|
Alpha_Programmer
|
|
2005-08-10
|
|
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
|
21 |
WEB
|
str0ke
|
|
2005-08-09
|
|
WordPress Core 1.5.1.3 - Remote Code Execution
|
22 |
WEB
|
Kartoffelguru
|
|
2005-08-08
|
|
Flatnuke 2.5.5 - Remote Code Execution
|
17 |
WEB
|
rgod
|
|
2005-08-05
|
|
PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection
|
26 |
WEB
|
Easyex
|
|
2005-08-05
|
|
MySQL Eventum 1.5.5 - 'login.php' SQL Injection
|
22 |
WEB
|
GulfTech Security
|
|
2005-08-03
|
|
vBulletin 3.0.6 - 'template' Command Execution (Metasploit)
|
23 |
WEB
|
str0ke
|
|
2005-07-25
|
|
FtpLocate 2.02 - 'current' Remote Command Execution
|
17 |
WEB
|
newbug
|
|
2005-07-19
|
|
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
|
19 |
WEB
|
str0ke
|
|
2005-07-18
|
|
Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota
|
20 |
WEB
|
Soroush Dalili
|
|
2005-07-18
|
|
Open Bulletin Board 1.0.5 - SQL Injection
|
20 |
WEB
|
RusH
|
|
2005-07-14
|
|
e107 0.617 - Cross-Site Scripting Remote Cookie Disclosure
|
23 |
WEB
|
warlord
|
|
2005-07-13
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
|
18 |
WEB
|
Sjaak Rake
|
|
2005-07-11
|
|
BlogTorrent 0.92 - Remote Password Disclosure
|
20 |
WEB
|
LazyCrs
|
|
2005-07-08
|
|
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure
|
21 |
WEB
|
D|ablo
|
|
2005-07-05
|
|
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
|
23 |
WEB
|
dab
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)
|
19 |
WEB
|
Mike Rifone
|
|
2005-07-04
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)
|
23 |
WEB
|
dukenn
|
|
2005-07-04
|
|
XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection
|
20 |
WEB
|
RusH
|
|
2005-07-03
|
|
phpBB 2.0.15 - 'highlight' Database Authentication Details
|
18 |
WEB
|
SecureD
|
|
2005-07-01
|
|
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
|
20 |
WEB
|
ilo--
|
|
2005-06-30
|
|
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
|
23 |
WEB
|
GulfTech Security
|
|
2005-06-29
|
|
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution
|
16 |
WEB
|
rattle
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'comment_post.asp' SQL Injection
|
21 |
WEB
|
Alberto Trivero
|
|
2005-06-27
|
|
ASPNuke 0.80 - 'article.asp' SQL Injection
|
22 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection
|
20 |
WEB
|
mh_p0rtal
|
|
2005-06-25
|
|
PHP-Fusion 6.00.105 - Accessible Database Backups Download
|
20 |
WEB
|
Easyex
|
|
2005-06-22
|
|
Cacti 0.8.6d - Remote Command Execution
|
21 |
WEB
|
Alberto Trivero
|
|
2005-06-21
|
|
Mambo 4.5.2.1 - SQL Injection
|
19 |
WEB
|
RusH
|
|
2005-06-21
|
|
Forum Russian Board 4.2 - Full Command Execution
|
21 |
WEB
|
RusH
|
|
2005-06-21
|
|
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
|
19 |
WEB
|
RusH
|
|
2005-06-21
|
|
MercuryBoard 1.1.4 - SQL Injection
|
18 |
WEB
|
RusH
|
|
2005-06-21
|
|
Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection
|
21 |
WEB
|
GulfTech Security
|
|
2005-06-19
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (2)
|
22 |
WEB
|
K-C0d3r
|
|
2005-06-17
|
|
Claroline E-Learning 1.6 - Remote Hash SQL Injection (1)
|
22 |
WEB
|
mh_p0rtal
|
|
2005-06-16
|
|
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
|
20 |
WEB
|
Alberto Trivero
|
|
2005-06-15
|
|
PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password
|
20 |
WEB
|
Alpha_Programmer
|
|
2005-06-15
|
|
Mambo 4.5.2.1 - Fetch Password Hash
|
21 |
WEB
|
pokleyzz
|
|
2005-06-15
|
|
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
|
22 |
WEB
|
Action Spider
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (3)
|
20 |
WEB
|
MadSheep
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (C) (2)
|
19 |
WEB
|
Alpha_Programmer
|
|
2005-06-11
|
|
Webhints 1.03 - Remote Command Execution (Perl) (1)
|
21 |
WEB
|
Alpha_Programmer
|
|
2005-06-08
|
|
Invision Power Board 1.3.1 - 'login.php' SQL Injection
|
25 |
WEB
|
anonymous
|
|
2005-06-22
|
|
WordPress Core 1.5.1.1 - SQL Injection
|
20 |
WEB
|
Alberto Trivero
|
|
2005-06-06
|
|
Portail PHP < 1.3 - SQL Injection
|
19 |
WEB
|
Alberto Trivero
|
|
2005-06-05
|
|
PostNuke 0.750 - 'readpmsg.php' SQL Injection
|
24 |
WEB
|
K-C0d3r
|
|
2005-05-31
|
|
MyBloggie 2.1.1 < 2.1.2 - SQL Injection
|
21 |
WEB
|
Alberto Trivero
|
|
2005-05-31
|
|
MyBulletinBoard (MyBB) 1.00 RC4 - 'calendar.php' SQL Injection
|
20 |
WEB
|
Alberto Trivero
|
|
2005-05-31
|
|
ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell
|
21 |
WEB
|
n0gada
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)
|
20 |
WEB
|
Nikyt0x
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)
|
18 |
WEB
|
mh_p0rtal
|
|
2005-05-30
|
|
phpStat 1.5 - 'setup.php' Authentication Bypass
|
18 |
WEB
|
Alpha_Programmer
|
|
2005-05-27
|
|
Hosting Controller 0.6.1 - User Registration (3)
|
20 |
WEB
|
Soroush Dalili
|
|
2005-05-27
|
|
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
|
19 |
WEB
|
Danica Jones
|
|
2005-05-26
|
|
Invision Power Board 2.0.3 - 'login.php' SQL Injection
|
20 |
WEB
|
Petey Beege
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
|
20 |
WEB
|
Soroush Dalili
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (2)
|
19 |
WEB
|
mh_p0rtal
|
|
2005-05-26
|
|
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
|
19 |
WEB
|
Alpha_Programmer
|
|
2005-05-20
|
|
Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection
|
20 |
WEB
|
deluxe89
|
|
2005-05-20
|
|
WebAPP 0.9.9.2.1 - Remote Command Execution (1)
|
20 |
WEB
|
Alpha_Programmer
|
|
2005-05-20
|
|
WebAPP 0.9.9.2.1 - Remote Command Execution (2)
|
29 |
WEB
|
Nikyt0x
|
|
2005-05-20
|
|
Fusion SBX 1.2 - Remote Command Execution
|
20 |
WEB
|
Silentium
|
|
2005-05-17
|
|
ZPanel 2.5b10 - SQL Injection
|
20 |
WEB
|
RusH
|
|
2005-05-13
|
|
PhotoPost - Arbitrary Data Hash
|
20 |
WEB
|
basher13
|
|
2005-05-06
|
|
ZeroBoard - Worm Source Code
|
22 |
WEB
|
anonymous
|
|
2005-05-04
|
|
I-Mall Commerce - 'i-mall.cgi' Remote Command Execution
|
17 |
WEB
|
Jerome Athias
|
|
2005-04-25
|
|
E-Cart 1.1 - 'index.cgi' Remote Command Execution
|
19 |
WEB
|
z
|
|
2005-04-13
|
|
S9Y Serendipity 0.8beta4 - 'exit.php' SQL Injection
|
20 |
WEB
|
kre0n
|
|
2005-04-11
|
|
PunBB 1.2.4 - 'id' SQL Injection
|
20 |
WEB
|
Stefan Esser
|
|
2005-04-09
|
|
ACNews 1.0 - Authentication Bypass
|
18 |
WEB
|
LaMeR
|
|
2005-04-08
|
|
The Includer CGI 1.0 - Remote Command Execution (3)
|
19 |
WEB
|
K-C0d3r
|
|
2005-04-08
|
|
The Includer CGI 1.0 - Remote Command Execution (2)
|
21 |
WEB
|
GreenwooD
|
|
2005-04-07
|
|
PHP-Nuke 6.x < 7.6 Top module - SQL Injection
|
20 |
WEB
|
Fabrizi Andrea
|
|
2005-04-04
|
|
phpBB 2.0.13 - 'Calendar Pro' mod Get Hash
|
21 |
WEB
|
CereBrums
|
|
2005-04-02
|
|
phpBB 2.0.13 - 'downloads.php' mod Get Hash
|
22 |
WEB
|
CereBrums
|
|
2005-03-29
|
|
PunBB 1.2.2 - Authentication Bypass
|
21 |
WEB
|
RusH
|
|
2005-03-24
|
|
phpBB 2.0.12 - Change User Rights Authentication Bypass
|
21 |
WEB
|
str0ke
|
|
2005-03-21
|
|
phpMyFamily 1.4.0 - Authentication Bypass
|
20 |
WEB
|
kre0n
|
|
2005-03-21
|
|
phpBB 2.0.12 - Change User Rights Authentication Bypass
|
20 |
WEB
|
Kutas
|
|
2005-03-15
|
|
ZPanel 2.5 - SQL Injection
|
21 |
WEB
|
Mikhail
|
