|
2009-12-15
|
|
Horde 3.3.5 - '/Administration Interface admin/cmdshell.php?PATH_INFO' Cross-Site Scripting
|
8 |
WEB
|
Juan Galiana Lara
|
|
2009-12-15
|
|
Horde 3.3.5 - Cross-Site Scripting
|
12 |
WEB
|
Juan Galiana Lara
|
|
2009-12-14
|
|
phpFaber CMS 1.3.36 - 'module.php' Cross-Site Scripting
|
9 |
WEB
|
bi0
|
|
2009-12-14
|
|
Million Pixel Script 3 - 'pa' Cross-Site Scripting
|
10 |
WEB
|
bi0
|
|
2009-12-14
|
|
Ez Cart - 'sid' Cross-Site Scripting
|
10 |
WEB
|
anti-gov
|
|
2009-12-10
|
|
Zeeways ZeeJobsite - 'basic_search_result.php' Cross-Site Scripting
|
10 |
WEB
|
bi0
|
|
2009-12-09
|
|
Invision Power Board (IP.Board) 3.0.3 - '.txt' MIME-Type Cross-Site Scripting
|
9 |
WEB
|
Xacker
|
|
2009-12-04
|
|
Joomla! Component You!Hostit! 1.0.1 Template - Cross-Site Scripting
|
11 |
WEB
|
andresg888
|
|
2009-12-04
|
|
Joomla! Component YOOtheme Warp5 - 'yt_color' Cross-Site Scripting
|
11 |
WEB
|
andresg888
|
|
2009-12-07
|
|
Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
|
10 |
WEB
|
aBo MoHaMeD
|
|
2009-12-04
|
|
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
|
11 |
WEB
|
intern0t
|
|
2014-05-16
|
|
eGroupWare 1.8.006 - Multiple Vulnerabilities
|
9 |
WEB
|
High-Tech Bridge SA
|
|
2009-12-01
|
|
phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Amol Naik
|
|
2009-11-30
|
|
Elxis - 'Filename' Directory Traversal
|
11 |
WEB
|
cr4wl3r
|
|
2009-11-30
|
|
SmartMedia Module 0.85 Beta for XOOPS - 'categoryId' Cross-Site Scripting
|
10 |
WEB
|
SoldierOfAllah
|
|
2009-11-30
|
|
Content Module 0.5 for XOOPS - 'id' SQL Injection
|
10 |
WEB
|
s4r4d0
|
|
2008-02-16
|
|
Power Phlogger 2.2.x - Cross-Site Scripting
|
10 |
WEB
|
MustLive
|
|
2009-11-23
|
|
Joomla! 1.5.x - 404 Error Page Cross-Site Scripting
|
10 |
WEB
|
MustLive
|
|
2009-11-16
|
|
Joomla! Component ProofReader 1.0 RC9 - Cross-Site Scripting
|
12 |
WEB
|
MustLive
|
|
2009-11-24
|
|
klinza Professional CMS 5.0.1 - 'menulast.php' Local File Inclusion
|
11 |
WEB
|
klinza
|
|
2009-11-24
|
|
Quick.Cart 3.4 / Quick.CMS 2.4 - Delete Function Cross-Site Request Forgery
|
10 |
WEB
|
Alice Kaerast
|
|
2009-11-21
|
|
Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
Moritz Naumann
|
|
2009-11-16
|
|
WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities
|
9 |
WEB
|
MustLive
|
|
2009-11-13
|
|
WordPress Plugin Fuctweb CapCC 1.0 CAPTCHA - Security Bypass
|
10 |
WEB
|
MustLive
|
|
2009-11-09
|
|
WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting
|
13 |
WEB
|
MustLive
|
|
2014-05-15
|
|
ElasticSearch - Remote Code Execution
|
11 |
WEB
|
Jeff Geiger
|
|
2009-11-24
|
|
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabili
|
11 |
WEB
|
MustLive
|
|
2009-11-24
|
|
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabili
|
11 |
WEB
|
MustLive
|
|
2009-11-15
|
|
WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting
|
11 |
WEB
|
MustLive
|
|
2009-11-29
|
|
WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting
|
10 |
WEB
|
MustLive
|
|
2009-11-19
|
|
CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection
|
9 |
WEB
|
Sangte Amtham
|
|
2009-11-17
|
|
JiRo's (Multiple Products) - '/files/login.asp' Multiple SQL Injections
|
13 |
WEB
|
blackenedsecurity
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'caso_insert.php?URL' Cross-Site Scripting
|
11 |
WEB
|
Amol Naik
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'atributo_list.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Amol Naik
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'atributo.php?URL' Cross-Site Scripting
|
9 |
WEB
|
Amol Naik
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'area_list.php' Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
Amol Naik
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'solic_display.php?q_registros' Cross-Site Scripting
|
9 |
WEB
|
Amol Naik
|
|
2009-11-16
|
|
PHD Help Desk 1.43 - 'area.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Amol Naik
|
|
2014-05-14
|
|
Broadcom PIPA C211 - Sensitive Information Disclosure
|
10 |
WEB
|
Portcullis
|
|
2009-11-06
|
|
McAfee Network Security Manager 5.1.7 - Information Disclosure
|
10 |
WEB
|
Daniel King
|
|
2009-11-06
|
|
McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Daniel King
|
|
2009-11-10
|
|
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass
|
9 |
WEB
|
Andrew Horton
|
|
2009-11-10
|
|
CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)
|
9 |
WEB
|
Andrew Horton
|
|
2009-11-10
|
|
CuteNews 1.4.6 - 'result' Cross-Site Scripting
|
8 |
WEB
|
Andrew Horton
|
|
2009-11-10
|
|
CuteNews 1.4.6 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Andrew Horton
|
|
2009-11-10
|
|
CuteNews 1.4.6 - 'from_date_day' Full Path Disclosure
|
8 |
WEB
|
Andrew Horton
|
|
2009-11-10
|
|
CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Andrew Horton
|
|
2014-05-12
|
|
VM Turbo Operations Manager 4.5x - Directory Traversal
|
9 |
WEB
|
Jamal Pecou
|
|
2014-05-12
|
|
SpiceWorks 7.2.00174 - Persistent Cross-Site Scripting
|
10 |
WEB
|
Dolev Farhi
|
|
2014-05-12
|
|
Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures
|
10 |
WEB
|
Luigi Vezzoso
|
|
2009-11-02
|
|
TFTgallery 0.13 - 'sample' Cross-Site Scripting
|
10 |
WEB
|
blake
|
|
2014-05-12
|
|
Alienvault Open Source SIEM (OSSIM) 4.6.1 - (Authenticated) SQL Injection (Metasploit)
|
10 |
WEB
|
Chris Hebert
|
|
2009-10-26
|
|
TFTgallery 0.13 - 'album' Cross-Site Scripting
|
8 |
WEB
|
blake
|
|
2009-10-27
|
|
Sahana 0.6.2 - 'mod' Local File Disclosure
|
11 |
WEB
|
Greg Miernicki
|
|
2009-10-26
|
|
RunCMS - 'forum' SQL Injection
|
10 |
WEB
|
Nine:Situations:Group::bookoo
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'view_file.php' Cross-Site Scripting
|
11 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'user.php' Cross-Site Scripting
|
10 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'search.php' Cross-Site Scripting
|
8 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'rejects.php' Cross-Site Scripting
|
10 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'profile.php' Cross-Site Scripting
|
10 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'department.php' Cross-Site Scripting
|
11 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'category.php' Cross-Site Scripting
|
11 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'admin.php?last_message' Cross-Site Scripting
|
10 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'index.php?last_message' Cross-Site Scripting
|
11 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'toBePublished.php' Multiple Cross-Site Scripting Vulnerabilities
|
11 |
WEB
|
Amol Naik
|
|
2009-10-21
|
|
OpenDocMan 1.2.5 - 'add.php?last_message' Cross-Site Scripting
|
9 |
WEB
|
Amol Naik
|
|
2009-10-19
|
|
TBmnetCMS 1.0 - Cross-Site Scripting
|
10 |
WEB
|
drunken danish rednecks
|
|
2009-10-15
|
|
IBM Rational RequisitePro 7.10 - ReqWeb Help Feature 'ReqWebHelp/basic/searchView.jsp' Multiple Cros
|
9 |
WEB
|
IBM
|
|
2009-10-15
|
|
IBM Rational RequisitePro 7.10 - 'ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp?Operation'
|
12 |
WEB
|
IBM
|
|
2009-10-15
|
|
Snitz Forums 2000 3.4.7 - Sound Tag Onload Attribute Cross-Site Scripting
|
11 |
WEB
|
Andrea Fabrizi
|
|
2009-10-15
|
|
Snitz Forums 2000 3.4.7 - 'pop_send_to_friend.asp?url' Cross-Site Scripting
|
11 |
WEB
|
Andrea Fabrizi
|
|
2009-10-14
|
|
Zainu 1.0 - 'searchSongKeyword' Cross-Site Scripting
|
11 |
WEB
|
drunken danish rednecks
|
|
2009-10-15
|
|
BloofoxCMS 0.3.5 - 'search' Cross-Site Scripting
|
9 |
WEB
|
drunken danish rednecks
|
|
2009-10-14
|
|
Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting
|
11 |
WEB
|
Michele Orru
|
|
2009-10-14
|
|
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
|
11 |
WEB
|
euronymous
|
|
2009-10-13
|
|
Dream Poll 3.1 - '/index.php' Cross-Site Scripting / SQL Injection
|
10 |
WEB
|
infosecstuff
|
|
2009-10-13
|
|
Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
11 |
WEB
|
Ryan Dewhurst
|
|
2009-10-06
|
|
AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities
|
10 |
WEB
|
Sébastien Duquette
|
|
2009-10-06
|
|
X-Cart Email Subscription - 'email' Cross-Site Scripting
|
9 |
WEB
|
Paulo Santos
|
|
2009-10-05
|
|
Joomla! Component CB Resume Builder - 'group_id' SQL Injection
|
10 |
WEB
|
kaMtiEz
|
|
2009-09-29
|
|
Interspire Knowledge Manager 5 - 'p' Directory Traversal
|
11 |
WEB
|
Infected Web
|
|
2009-09-28
|
|
e107 0.7.x - CAPTCHA Security Bypass / Cross-Site Scripting
|
8 |
WEB
|
MustLive
|
|
2009-09-23
|
|
IBM Lotus Connections 2.0.1 - 'simpleSearch.do' Cross-Site Scripting
|
10 |
WEB
|
IBM
|
|
2014-05-08
|
|
Cobbler 2.4.x < 2.6.x - Local File Inclusion
|
9 |
WEB
|
Dolev Farhi
|
|
2014-05-08
|
|
Collabtive 1.2 - Persistent Cross-Site Scripting
|
7 |
WEB
|
Deepak Rathore
|
|
2014-05-08
|
|
Collabtive 1.2 - SQL Injection
|
9 |
WEB
|
Deepak Rathore
|
|
2014-05-08
|
|
OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
8 |
WEB
|
Dolev Farhi
|
|
2014-05-08
|
|
OpenFiler 2.99.1 - Arbitrary Code Execution
|
10 |
WEB
|
Dolev Farhi
|
|
2009-09-23
|
|
Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection
|
10 |
WEB
|
OoN_Boy
|
|
2009-09-22
|
|
Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting
|
9 |
WEB
|
OoN_Boy
|
|
2009-09-22
|
|
Vastal I-Tech DVD Zone - 'view_mag.php' SQL Injection
|
10 |
WEB
|
OoN_Boy
|
|
2009-09-22
|
|
Vastal I-Tech Cosmetics Zone - 'view_products.php' SQL Injection
|
9 |
WEB
|
OoN_Boy
|
|
2009-09-22
|
|
Joomla! Component JoomlaFacebook - SQL Injection
|
8 |
WEB
|
kaMtiEz
|
|
2009-09-22
|
|
Joomla! Component SportFusion 0.2.x - SQL Injection
|
8 |
WEB
|
kaMtiEz
|
|
2009-09-22
|
|
Maxwebportal 1.365 - 'forum.asp' SQL Injection
|
10 |
WEB
|
OoN_Boy
|
|
2009-09-19
|
|
MyBB 1.4.8 - 'search.php' SQL Injection
|
8 |
WEB
|
$qL_DoCt0r
|
|
2009-09-18
|
|
Avaya Intuity Audix LX R1.1 - Multiple Remote Vulnerabilities
|
7 |
WEB
|
pagvac
|
|
2009-09-16
|
|
TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting
|
9 |
WEB
|
Moudi
|
|
2009-09-16
|
|
Mega File Hosting Script 1.2 - 'emaillinks.php' Cross-Site Scripting
|
9 |
WEB
|
Moudi
|
|
2009-09-11
|
|
Planet 2.0 - HTML Injection
|
8 |
WEB
|
Steve Kemp
|
|
2009-09-11
|
|
Joomla! Component com_mediaalert - 'id' SQL Injection
|
9 |
WEB
|
Moudi
|
|
2009-09-10
|
|
Joomla! Component com_pressrelease - 'id' SQL Injection
|
8 |
WEB
|
Moudi
|
|
2009-09-04
|
|
DvBBS 2.0 - 'boardrule.php' SQL Injection
|
8 |
WEB
|
Securitylab.ir
|
|
2009-09-03
|
|
Adobe RoboHelp Server 8 - Authentication Bypass
|
8 |
WEB
|
Intevydis
|
|
2009-08-31
|
|
MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities
|
10 |
WEB
|
Inj3ct0r
|
|
2009-08-31
|
|
MKPortal 1.x (Multiple Modules) - Cross-Site Scripting
|
8 |
WEB
|
Inj3ct0r
|
|
2009-09-09
|
|
phpAuction 3.2 - 'lan' Remote File Inclusion
|
8 |
WEB
|
Beenu Arora
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'viewmember.php' Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'viewlisting.php' Cross-Site Scripting
|
10 |
WEB
|
Moudi
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'toplistings.php' Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'searchresults.php' Cross-Site Scripting
|
9 |
WEB
|
Moudi
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'login.php' Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-07-27
|
|
68 Classifieds 4.1 - 'category.php' Cross-Site Scripting
|
9 |
WEB
|
Moudi
|
|
2014-05-05
|
|
TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Cred
|
9 |
WEB
|
bhamb
|
|
2009-08-28
|
|
FlexCMS 2.5 - 'CookieUsername' Cookie SQL Injection
|
9 |
WEB
|
Inj3ct0r
|
|
2009-08-25
|
|
OpenAutoClassifieds 1.5.9 - SQL Injection
|
7 |
WEB
|
Andrew Horton
|
|
2009-08-26
|
|
PHP-Fusion 6.1.18 - Multiple Information Disclosure Vulnerabilities
|
8 |
WEB
|
Inj3ct0r
|
|
2009-08-26
|
|
VideoGirls - 'view.php?p' Cross-Site Scripting
|
9 |
WEB
|
Moudi
|
|
2009-08-26
|
|
VideoGirls - 'profile.php?profile_name' Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-08-26
|
|
VideoGirls - 'forum.php?t' Cross-Site Scripting
|
8 |
WEB
|
Moudi
|
|
2009-06-08
|
|
Computer Associates SiteMinder - Unicode Cross-Site Scripting Protection Security Bypass
|
8 |
WEB
|
Arshan Dabirsiaghi
|
|
2009-08-19
|
|
Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting
|
9 |
WEB
|
Adam Bixby
|
|
2009-06-08
|
|
Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass
|
8 |
WEB
|
Arshan Dabirsiaghi
|
|
2009-08-17
|
|
DUWare DUgallery 3.0 - '/admin/edit.asp' Authentication Bypass
|
7 |
WEB
|
spymeta
|
|
2009-08-17
|
|
Adobe ColdFusion Server 8.0.1 - '/administrator/enter.cfm' Query String Cross-Site Scripting
|
8 |
WEB
|
Alexander Polyakov
|
