|
2010-06-07
|
|
cPanel 11.25 Image Manager - 'target' Local File Inclusion
|
10 |
WEB
|
AnTi SeCuRe
|
|
2014-07-18
|
|
WordPress Plugin Gallery Objects 0.4 - SQL Injection
|
9 |
WEB
|
Claudio Viviani
|
|
2014-07-18
|
|
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
|
9 |
WEB
|
Vulnerability-Lab
|
|
2014-07-17
|
|
Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
|
8 |
WEB
|
LiquidWorm
|
|
2010-06-06
|
|
CuteSITE CMS 1.x - '/manage/main.php?fld_path' Cross-Site Scripting
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-06-06
|
|
CuteSITE CMS 1.x - '/manage/add_user.php?user_id' SQL Injection
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-01-15
|
|
PonVFTP - 'login.php' SQL Injection
|
9 |
WEB
|
S2K9
|
|
2010-06-06
|
|
JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities
|
7 |
WEB
|
Adam Baldwin
|
|
2010-01-04
|
|
Pay Per Minute Video Chat Script 2.x - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
R3d-D3V!L
|
|
2014-07-16
|
|
Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Vivek N
|
|
2014-07-16
|
|
Joomla! Component Youtube Gallery 4.1.7 - SQL Injection
|
9 |
WEB
|
Pham Van Khanh
|
|
2014-07-16
|
|
BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
|
9 |
WEB
|
SEC Consult
|
|
2010-06-04
|
|
WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting
|
8 |
WEB
|
MustLive
|
|
2010-01-06
|
|
L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities
|
8 |
WEB
|
Ignacio Garrido
|
|
2009-12-30
|
|
Western Digital My Book World Edition 1.1.16 - 'lang' Cross-Site Scripting
|
9 |
WEB
|
emgent
|
|
2010-01-02
|
|
Obsession-Design Image-Gallery 1.1 - 'display.php' Cross-Site Scripting
|
9 |
WEB
|
kaMtiEz
|
|
2010-01-06
|
|
KubeLabs PHPDug 2.0 - 'upcoming.php' Cross-Site Scripting
|
9 |
WEB
|
indoushka
|
|
2010-06-03
|
|
MoinMoin 1.x - 'PageEditor.py' Cross-Site Scripting
|
9 |
WEB
|
anonymous
|
|
2010-01-06
|
|
Sniggabo CMS 2.21 - 'search.php' Cross-Site Scripting
|
9 |
WEB
|
Sora
|
|
2010-06-02
|
|
PHP City Portal 1.3 - 'cms_data.php' Cross-Site Scripting
|
8 |
WEB
|
Red-D3v1L
|
|
2010-06-02
|
|
TPO Duyuru Scripti - Insecure Cookie Authentication Bypass
|
8 |
WEB
|
Septemb0x
|
|
2010-06-02
|
|
TCExam 10.1.7 - '/admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload
|
7 |
WEB
|
John Leitch
|
|
2010-06-01
|
|
Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting
|
10 |
WEB
|
hexon
|
|
2010-06-02
|
|
Joomla! Component com_sar_news - 'id' SQL Injection
|
9 |
WEB
|
LynX
|
|
2010-01-07
|
|
Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
R3d-D3V!L
|
|
2010-01-01
|
|
CMS Made Simple 1.x - Cross-Site Scripting / Cross-Site Request Forgery
|
8 |
WEB
|
Truong Thao Nguyen
|
|
2010-01-10
|
|
Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting
|
8 |
WEB
|
R3d-D3V!L
|
|
2014-07-14
|
|
Shopizer 1.1.5 - Multiple Vulnerabilities
|
7 |
WEB
|
SEC Consult
|
|
2010-05-31
|
|
wsCMS - 'news.php' Cross-Site Scripting
|
9 |
WEB
|
cyberlog
|
|
2010-05-28
|
|
CMScout 2.08 - Cross-Site Scripting
|
7 |
WEB
|
XroGuE
|
|
2010-05-30
|
|
GR Board 1.8.6 - 'page.php' Remote File Inclusion
|
9 |
WEB
|
eidelweiss
|
|
2010-05-28
|
|
ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-28
|
|
osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection
|
6 |
WEB
|
Christopher Schramm
|
|
2010-05-27
|
|
BackLinkSpider 1.3.1774 - 'cat_id' SQL Injection
|
10 |
WEB
|
sniper ip
|
|
2010-05-26
|
|
md5 Encryption Decryption PHP Script - 'index.php' Cross-Site Scripting
|
8 |
WEB
|
indoushka
|
|
2010-05-24
|
|
360 Web Manager 3.0 - 'webpages-form-led-edit.php' SQL Injection
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-24
|
|
Ruubikcms 1.0.3 - 'index.php' Cross-Site Scripting
|
12 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-24
|
|
Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-24
|
|
RazorCMS 1.0 - '/admin/index.php' HTML Injection
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2014-07-12
|
|
Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities
|
10 |
WEB
|
DearBytes
|
|
2010-05-23
|
|
OpenForum 2.2 b005 - 'saveAsAttachment()' Method Arbitrary File Creation
|
10 |
WEB
|
John Leitch
|
|
2010-05-22
|
|
cyberhost - 'default.asp' SQL Injection
|
10 |
WEB
|
redst0rm
|
|
2010-05-20
|
|
NPDS REvolution 10.02 - 'admin.php' Cross-Site Request Forgery
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-18
|
|
gpEasy CMS 1.6.2 - 'editing_files.php' Cross-Site Scripting
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2014-07-10
|
|
Infoblox 6.8.2.11 - OS Command Injection
|
10 |
WEB
|
Nate Kettlewell
|
|
2010-05-21
|
|
Specialized Data Systems Parent Connect 2010.04.11 - Multiple SQL Injections
|
8 |
WEB
|
epixoip
|
|
2014-07-10
|
|
C99Shell (Web Shell) - 'c99.php' Authentication Bypass
|
11 |
WEB
|
Mandat0ry
|
|
2010-01-15
|
|
Triburom - 'forum.php' Cross-Site Scripting
|
10 |
WEB
|
ViRuSMaN
|
|
2010-05-20
|
|
Lisk CMS 4.4 - 'id' Multiple Cross-Site Scripting / SQL Injections
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2010-01-13
|
|
StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting
|
10 |
WEB
|
PaL-D3v1L
|
|
2010-05-19
|
|
Joomla! Component com_horses - 'id' SQL Injection
|
9 |
WEB
|
Kernel Security Group
|
|
2010-05-20
|
|
Snipe Gallery 3.1 - 'image.php?cfg_admin_path' Remote File Inclusion
|
8 |
WEB
|
Sn!pEr.S!Te Hacker
|
|
2010-05-20
|
|
Snipe Gallery 3.1 - 'gallery.php?cfg_admin_path' Remote File Inclusion
|
10 |
WEB
|
Sn!pEr.S!Te Hacker
|
|
2010-05-19
|
|
SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting
|
10 |
WEB
|
indoushka
|
|
2010-05-08
|
|
Web 2.0 Social Network Freunde Community System - 'user.php' SQL Injection
|
10 |
WEB
|
Easy Laster
|
|
2010-05-19
|
|
Caucho Resin Professional 3.1.5 - '/resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabil
|
11 |
WEB
|
xuanmumu
|
|
2010-05-19
|
|
Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting
|
8 |
WEB
|
Andrea Bocchetti
|
|
2010-05-19
|
|
Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Arbitrary File Access
|
10 |
WEB
|
AntiSecurity
|
|
2014-07-08
|
|
Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
|
9 |
WEB
|
Deepak Rathore
|
|
2010-05-19
|
|
Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Traversal Arbitrary File Access
|
10 |
WEB
|
AntiSecurity
|
|
2010-05-19
|
|
Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Traversal Arbitrary File Access
|
9 |
WEB
|
AntiSecurity
|
|
2010-05-19
|
|
Joomla! Component Percha Fields Attach 1.0 - 'Controller' Traversal Arbitrary File Access
|
9 |
WEB
|
AntiSecurity
|
|
2010-05-19
|
|
Joomla! Component Percha Image Attach 1.1 - 'Controller' Traversal Arbitrary File Access
|
10 |
WEB
|
AntiSecurity
|
|
2010-01-18
|
|
Serialsystem 1.0.4 Beta - 'list' Cross-Site Scripting
|
9 |
WEB
|
indoushka
|
|
2010-01-18
|
|
Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting
|
10 |
WEB
|
indoushka
|
|
2010-05-18
|
|
Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-18
|
|
NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting
|
10 |
WEB
|
High-Tech Bridge SA
|
|
2014-07-07
|
|
Photo Org WonderApplications 8.3 iOS - Local File Inclusion
|
9 |
WEB
|
Vulnerability-Lab
|
|
2010-01-19
|
|
Blaze Apps 1.x - SQL Injection / HTML Injection
|
10 |
WEB
|
AmnPardaz Security Research Team
|
|
2010-05-17
|
|
PonVFTP - Insecure Cookie Authentication Bypass
|
10 |
WEB
|
SkuLL-HackeR
|
|
2010-05-14
|
|
Planet Script 1.x - 'idomains.php' Cross-Site Scripting
|
10 |
WEB
|
Mr.ThieF
|
|
2010-05-17
|
|
Platnik 8.1.1 - Multiple SQL Injections
|
10 |
WEB
|
podatnik386
|
|
2010-01-03
|
|
PHP Banner Exchange 1.2 - 'signupconfirm.php' Cross-Site Scripting
|
11 |
WEB
|
indoushka
|
|
2010-01-03
|
|
PHP File Uploader - Arbitrary File Upload
|
10 |
WEB
|
indoushka
|
|
2010-05-13
|
|
NPDS REvolution 10.02 - 'topic' Cross-Site Scripting
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2014-07-07
|
|
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
|
9 |
WEB
|
c1ph04
|
|
2014-07-06
|
|
Frog CMS 0.9.5 - Arbitrary File Upload
|
10 |
WEB
|
Javid Hussain
|
|
2010-05-13
|
|
NPDS REvolution 10.02 - 'download.php' SQL Injection
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-19
|
|
C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting
|
8 |
WEB
|
indoushka
|
|
2010-05-12
|
|
TomatoCMS 2.0.x - SQL Injection
|
9 |
WEB
|
Russ McRee
|
|
2010-05-11
|
|
Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-11
|
|
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections
|
7 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-10
|
|
Advanced Poll 2.0 - 'mysql_host' Cross-Site Scripting
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-10
|
|
EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2010-05-09
|
|
eFront 3.x - 'ask_chat.php' SQL Injection
|
9 |
WEB
|
Stefan Esser
|
|
2010-01-20
|
|
Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities
|
7 |
WEB
|
b0telh0
|
|
2010-05-07
|
|
ECShop 2.7.2 - 'category.php' SQL Injection
|
9 |
WEB
|
Liscker
|
|
2010-05-07
|
|
Consona - 'n6plugindestructor.asp' Cross-Site Scripting
|
9 |
WEB
|
Ruben Santamarta
|
|
2010-05-06
|
|
Digital Factory Publique! 2.3 - 'sid' SQL Injection
|
7 |
WEB
|
Christophe de la Fuente
|
|
2010-01-20
|
|
kloNews 2.0 - 'cat.php' Cross-Site Scripting
|
9 |
WEB
|
cr4wl3r
|
|
2014-07-02
|
|
Kerio Control 8.3.1 - Blind SQL Injection
|
8 |
WEB
|
Khashayar Fereidani
|
|
2014-07-02
|
|
Zurmo CRM - Persistent Cross-Site Scripting
|
9 |
WEB
|
Provensec
|
|
2010-01-31
|
|
HAWHAW - 'newsread.php' SQL Injection
|
9 |
WEB
|
s4r4d0
|
|
2010-01-31
|
|
Site Manager 3.0 - 'id' SQL Injection
|
9 |
WEB
|
Sec Attack Team
|
|
2010-01-31
|
|
Last Wizardz - 'id' SQL Injection
|
9 |
WEB
|
Sec Attack Team
|
|
2010-02-01
|
|
EmiratesHost - Insecure Cookie Authentication Bypass
|
8 |
WEB
|
jago-dz
|
|
2010-05-06
|
|
DeluxeBB 1.x - 'newpost.php' SQL Injection
|
9 |
WEB
|
Stefan Esser
|
|
2014-07-01
|
|
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities
|
9 |
WEB
|
SEC Consult
|
|
2010-02-06
|
|
ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting
|
9 |
WEB
|
cp77fk4r
|
|
2010-05-05
|
|
WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
|
10 |
WEB
|
MustLive
|
|
2009-02-09
|
|
eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass
|
9 |
WEB
|
JIKO
|
|
2010-02-09
|
|
ThinkPHP 2.0 - 'index.php' Cross-Site Scripting
|
9 |
WEB
|
zx
|
|
2010-05-18
|
|
ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-03-11
|
|
SamaGraph CMS - 'inside.aspx' SQL Injection
|
7 |
WEB
|
K053
|
|
2010-03-15
|
|
CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities
|
8 |
WEB
|
EL-KAHINA
|
|
2010-05-03
|
|
IslamSound - Multiple SQL Injections
|
10 |
WEB
|
JIKO
|
|
2010-05-01
|
|
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection
|
9 |
WEB
|
ekse
|
|
2010-05-01
|
|
CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload
|
9 |
WEB
|
The.Morpheus
|
|
2010-05-02
|
|
Billwerx RC5.2.2 PL2 - 'primary_number' SQL Injection
|
10 |
WEB
|
indoushka
|
|
2010-05-03
|
|
Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting
|
9 |
WEB
|
MustLive
|
|
2010-04-30
|
|
Campsite 3.x - 'article_id' SQL Injection
|
10 |
WEB
|
Stefan Esser
|
|
2010-03-21
|
|
4x CMS - 'login.php' Multiple SQL Injections
|
11 |
WEB
|
cr4wl3r
|
|
2010-04-30
|
|
osCommerce 3.0a5 - Local File Inclusion / HTML Injection
|
10 |
WEB
|
Jordi Chancel
|
|
2010-04-28
|
|
Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection
|
8 |
WEB
|
John Leitch
|
|
2010-04-29
|
|
Your Articles Directory - Login Option SQL Injection
|
9 |
WEB
|
Sid3^effects
|
|
2010-04-28
|
|
velBox 1.2 - Insecure Cookie Authentication Bypass
|
11 |
WEB
|
indoushka
|
|
2014-06-27
|
|
Endeca Latitude 2.2.2 - Cross-Site Request Forgery
|
9 |
WEB
|
RedTeam Pentesting
|
|
2014-06-27
|
|
WordPress Plugin Simple Share Buttons Adder 4.4 - Multiple Vulnerabilities
|
9 |
WEB
|
dxw
|
|
2014-06-27
|
|
Python CGIHTTPServer - Encoded Directory Traversal
|
9 |
WEB
|
RedTeam Pentesting
|
|
2010-04-27
|
|
SmartBlog 1.3 - SQL Injection / Cross-Site Scripting
|
10 |
WEB
|
indoushka
|
|
2010-04-27
|
|
ProArcadeScript - 'search.php' Cross-Site Scripting
|
9 |
WEB
|
Sid3^effects
|
|
2014-06-27
|
|
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
|
7 |
WEB
|
Onur Alanbel (BGA)
|
|
2010-04-13
|
|
Zikula Application Framework 1.2.2 - 'index.php?func' Cross-Site Scripting
|
8 |
WEB
|
High-Tech Bridge SA
|
|
2010-04-13
|
|
Zikula Application Framework 1.2.2 - 'ZLanguage.php?lang' Cross-Site Scripting
|
11 |
WEB
|
High-Tech Bridge SA
|
|
2010-04-26
|
|
Kasseler CMS 2.0.5 - 'index.php' Cross-Site Scripting
|
9 |
WEB
|
indoushka
|
