|
2011-11-05
|
|
PHPMyFAQ 2.7.0 - 'ajax_create_folder.php' Remote Code Execution
|
7 |
WEB
|
EgiX
|
|
2011-11-05
|
|
ZenPhoto 1.4.1.4 - 'ajax_create_folder.php' Remote Code Execution
|
6 |
WEB
|
EgiX
|
|
2011-11-04
|
|
WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure
|
9 |
WEB
|
red virus
|
|
2011-11-04
|
|
HP Data Protector Media Operations 6.20 - Directory Traversal
|
7 |
WEB
|
Luigi Auriemma
|
|
2011-11-04
|
|
Advanced Poll 2.02 - SQL Injection
|
7 |
WEB
|
Yassin Aboukir
|
|
2011-11-04
|
|
Ajax File and Image Manager 1.0 Final - Remote Code Execution
|
7 |
WEB
|
EgiX
|
|
2011-11-03
|
|
Web File Browser 0.4b14 - File Download
|
7 |
WEB
|
Sangyun YOO
|
|
2011-11-03
|
|
Jara 1.6 - Multiple Vulnerabilities
|
8 |
WEB
|
Or4nG.M4N
|
|
2011-11-02
|
|
CaupoShop Pro (2.x < 3.70) Classic 3.01 - Local File Inclusion
|
7 |
WEB
|
Rami Salama
|
|
2011-11-02
|
|
SetSeed CMS 5.8.20 - 'loggedInUser' SQL Injection
|
7 |
WEB
|
LiquidWorm
|
|
2011-11-02
|
|
BST (BestShopPro) - 'nowosci.php' Multiple Vulnerabilities
|
7 |
WEB
|
CoBRa_21
|
|
2011-11-01
|
|
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities
|
7 |
WEB
|
mehdi boukazoula
|
|
2011-10-31
|
|
Joomla! Component Alameda 1.0 - SQL Injection
|
6 |
WEB
|
kaMtiEz
|
|
2011-10-31
|
|
jbShop e107 7 CMS Plugin - SQL Injection
|
7 |
WEB
|
Robert Cooper
|
|
2011-10-31
|
|
WordPress Plugin Glossary - SQL Injection
|
7 |
WEB
|
longrifle0x
|
|
2011-10-31
|
|
WordPress Theme classipress 3.1.4 - Persistent Cross-Site Scripting
|
7 |
WEB
|
Paul Loftness
|
|
2011-10-31
|
|
Joomla! Component HM Community - Multiple Vulnerabilities
|
7 |
WEB
|
599eme Man
|
|
2011-10-29
|
|
Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
|
5 |
WEB
|
Chris Russell
|
|
2011-10-29
|
|
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
|
6 |
WEB
|
Chris Russell
|
|
2011-10-29
|
|
Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities
|
6 |
WEB
|
Chris Russell
|
|
2011-10-29
|
|
PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities
|
6 |
WEB
|
BHG Security Center
|
|
2011-10-28
|
|
Joomla! Component Techfolio 1.0 - SQL Injection
|
7 |
WEB
|
Chris Russell
|
|
2011-10-27
|
|
WordPress Plugin wptouch - SQL Injection
|
7 |
WEB
|
longrifle0x
|
|
2011-10-26
|
|
phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-10-27
|
|
eFront 3.6.10 (build 11944) - Multiple Vulnerabilities
|
7 |
WEB
|
EgiX
|
|
2011-10-26
|
|
Online Subtitles Workshop - Cross-Site Scripting
|
7 |
WEB
|
M.Jock3R
|
|
2011-10-25
|
|
Joomla! Component com_yjcontactus - Local File Inclusion
|
7 |
WEB
|
MeGo
|
|
2011-10-24
|
|
SAP Management Console - OSExecute Payload Execution (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-10-25
|
|
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)
|
8 |
WEB
|
Metasploit
|
|
2011-10-23
|
|
InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)
|
7 |
WEB
|
EjRaM HaCkEr
|
|
2011-10-23
|
|
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
|
7 |
WEB
|
EgiX
|
|
2011-10-23
|
|
Jara 1.6 - SQL Injection
|
7 |
WEB
|
muuratsalo
|
|
2011-10-21
|
|
SportsPHool 1.0 - Remote File Inclusion
|
6 |
WEB
|
cr4wl3r
|
|
2011-10-20
|
|
Cyclope Internet Filtering Proxy 4.0 - Persistent Cross-Site Scripting
|
6 |
WEB
|
loneferret
|
|
2011-10-20
|
|
Metasploit Web UI 4.1.0 - Persistent Cross-Site Scripting
|
6 |
WEB
|
Stefan Schurtz
|
|
2011-10-20
|
|
Pre Studio Business Cards Designer - SQL Injection
|
6 |
WEB
|
dr_zig
|
|
2011-10-20
|
|
OCS Inventory NG 2.0.1 - Persistent Cross-Site Scripting
|
7 |
WEB
|
Nicolas DEROUET
|
|
2011-10-20
|
|
Simple Free PHP Forum Script - SQL Injection
|
7 |
WEB
|
Skraps
|
|
2011-10-20
|
|
fims File Management System 1.2.1a - Multiple Vulnerabilities
|
7 |
WEB
|
Skraps
|
|
2011-10-20
|
|
Uiga Personal Portal - Multiple Vulnerabilities
|
6 |
WEB
|
Eyup CELIK
|
|
2011-10-20
|
|
CMS mini 0.2.2 - Local File Inclusion
|
7 |
WEB
|
BeopSeong/I2Sec
|
|
2011-10-19
|
|
1024 CMS 1.1.0 Beta - 'force_download.php' Local File Inclusion
|
7 |
WEB
|
Sangyun YOO
|
|
2011-10-19
|
|
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
|
7 |
WEB
|
Lagripe-Dz & Mca-Crb
|
|
2011-10-19
|
|
Openemr-4.1.0 - SQL Injection
|
7 |
WEB
|
I2sec-dae jin Oh
|
|
2011-10-19
|
|
Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting
|
7 |
WEB
|
Stefan Schurtz
|
|
2011-10-18
|
|
Joomla! Plugin NoNumber Framework - Multiple Vulnerabilities
|
7 |
WEB
|
jdc
|
|
2011-10-18
|
|
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
|
6 |
WEB
|
EgiX
|
|
2011-10-17
|
|
GNUBoard 4.33.02 - 'tp.php?PATH_INFO' SQL Injection
|
6 |
WEB
|
flyh4t
|
|
2011-10-17
|
|
Dominant Creature BBG/RPG Browser Game - Persistent Cross-Site Scripting
|
7 |
WEB
|
M.Jock3R
|
|
2011-10-17
|
|
WordPress Plugin BackWPUp 2.1.4 - Code Execution
|
8 |
WEB
|
Sense of Security
|
|
2011-10-16
|
|
Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion
|
8 |
WEB
|
Sangyun YOO
|
|
2011-10-15
|
|
WordPress Plugin Photo Album Plus 4.1.1 - SQL Injection
|
8 |
WEB
|
Skraps
|
|
2011-10-14
|
|
WordPress Plugin Contact Form 2.7.5 - SQL Injection
|
6 |
WEB
|
Skraps
|
|
2011-10-12
|
|
WordPress Plugin GD Star Rating 1.9.10 - SQL Injection
|
8 |
WEB
|
Miroslav Stampar
|
|
2011-10-12
|
|
MyBB MyStatus 3.1 - SQL Injection
|
9 |
WEB
|
Mario_Vs
|
|
2011-10-11
|
|
WordPress Plugin WP-SpamFree Spam Plugin - SQL Injection
|
8 |
WEB
|
cheki
|
|
2011-10-10
|
|
MyBB Forum Userbar Plugin (Userbar 2.2) - SQL Injection
|
8 |
WEB
|
Mario_Vs
|
|
2011-10-10
|
|
MyBB Advanced Forum Signatures - 'afsignatures-2.0.4' SQL Injection
|
8 |
WEB
|
Mario_Vs
|
|
2011-10-10
|
|
POSH - Multiple Vulnerabilities
|
7 |
WEB
|
Crashfr
|
|
2011-10-10
|
|
cotonti CMS 0.9.4 - Multiple Vulnerabilities
|
6 |
WEB
|
LiquidWorm
|
|
2011-10-10
|
|
Roundcube Webmail 0.3.1 - Cross-Site Request Forgery / SQL Injection
|
8 |
WEB
|
Smith Falcon
|
|
2011-10-10
|
|
6kbbs - Multiple Vulnerabilities
|
8 |
WEB
|
labs insight
|
|
2011-10-10
|
|
Filmis 0.2 Beta - Multiple Vulnerabilities
|
6 |
WEB
|
M.Jock3R
|
|
2011-10-10
|
|
KaiBB 2.0.1 - SQL Injection
|
5 |
WEB
|
Stefan Schurtz
|
|
2011-10-10
|
|
openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities
|
8 |
WEB
|
Stefan Schurtz
|
|
2011-10-09
|
|
GotoCode Online Classifieds - Multiple Vulnerabilities
|
6 |
WEB
|
Nathaniel Carew
|
|
2011-10-09
|
|
MyBB 1.6.4 - Backdoor Access (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-10-09
|
|
Snortreport - '/nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-10-08
|
|
NexusPHP 1.5 - SQL Injection
|
7 |
WEB
|
flyh4t
|
|
2011-10-08
|
|
Joomla! Component Time Returns 2.0 - SQL Injection
|
6 |
WEB
|
kaMtiEz
|
|
2011-10-08
|
|
BOOKSolved 1.2.2 - Remote File Disclosure
|
7 |
WEB
|
bd0rk
|
|
2011-10-07
|
|
Spreecommerce 0.60.1 - Arbitrary Command Execution (Metasploit)
|
6 |
WEB
|
Metasploit
|
|
2011-10-07
|
|
EFront 3.6.9 Community Edition - Multiple Vulnerabilities
|
6 |
WEB
|
IHTeam
|
|
2011-10-07
|
|
URL Shortener Script 1.0 - SQL Injection
|
5 |
WEB
|
M.Jock3R
|
|
2011-10-06
|
|
Tsmim Lessons Library - 'show.php' SQL Injection
|
7 |
WEB
|
M.Jock3R
|
|
2011-10-04
|
|
CF Image Hosting Script 1.3.82 - File Disclosure
|
7 |
WEB
|
bd0rk
|
|
2011-10-04
|
|
Easy Hosting Control Panel - Admin Authentication Bypass
|
7 |
WEB
|
Jasman
|
|
2011-10-04
|
|
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
|
8 |
WEB
|
Ryan Dewhurst
|
|
2011-10-03
|
|
JBoss & JMX Console - Misconfigured Deployment Scanner
|
8 |
WEB
|
y0ug
|
|
2011-10-02
|
|
CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)
|
7 |
WEB
|
Metasploit
|
|
2011-10-03
|
|
GotoCode Online Bookstore - Multiple Vulnerabilities
|
8 |
WEB
|
Nathaniel Carew
|
|
2011-10-02
|
|
Vivvo CMS - Local File Inclusion
|
8 |
WEB
|
JaBrOtxHaCkEr
|
|
2011-10-02
|
|
Banana Dance CMS and Wiki - SQL Injection
|
8 |
WEB
|
Aodrulez
|
|
2011-09-30
|
|
Feed on Feeds 0.5 - Remote PHP Code Injection
|
6 |
WEB
|
EgiX
|
|
2011-09-30
|
|
Marinet CMS - 'room.php' Blind SQL Injection
|
6 |
WEB
|
BHG Security Center
|
|
2011-09-30
|
|
WordPress Plugin Bannerize 2.8.7 - SQL Injection
|
6 |
WEB
|
Miroslav Stampar
|
|
2011-09-29
|
|
Typo3 - File Disclosure
|
5 |
WEB
|
Number 7
|
|
2011-09-28
|
|
timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities
|
8 |
WEB
|
Nathaniel Carew
|
|
2011-09-27
|
|
redmind Online-Shop / E-Commerce-System - SQL Injection
|
6 |
WEB
|
Indonesian BlackCoder
|
|
2011-09-27
|
|
Omnidocs - Multiple Vulnerabilities
|
6 |
WEB
|
Sohil Garg
|
|
2011-09-27
|
|
Jarida 1.0 - Multiple Vulnerabilities
|
7 |
WEB
|
Ptrace Security
|
|
2011-09-27
|
|
WordPress Plugin Mingle Forum 1.0.31 - SQL Injection
|
7 |
WEB
|
Miroslav Stampar
|
|
2011-09-26
|
|
WordPress Plugin CevherShare 2.0 - SQL Injection
|
6 |
WEB
|
bd0rk
|
|
2011-09-24
|
|
WordPress Plugin AdRotate 3.6.5 - SQL Injection
|
8 |
WEB
|
Miroslav Stampar
|
|
2011-09-24
|
|
WordPress Plugin Link Library 5.2.1 - SQL Injection
|
7 |
WEB
|
Miroslav Stampar
|
|
2011-09-22
|
|
JAKCMS PRO 2.2.5 - Arbitrary File Upload
|
8 |
WEB
|
EgiX
|
|
2011-09-20
|
|
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
|
7 |
WEB
|
Sense of Security
|
|
2011-09-20
|
|
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
|
7 |
WEB
|
Nicolas Gregoire
|
|
2011-09-19
|
|
Multiple WordPress Plugins - 'timthumb.php' File Upload
|
6 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities
|
7 |
WEB
|
Sense of Security
|
|
2011-09-19
|
|
WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion
|
7 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion
|
7 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion
|
7 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion
|
7 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion
|
5 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Livesig 0.4 - Remote File Inclusion
|
6 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion
|
6 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion
|
6 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin AllWebMenus 1.1.3 - Remote File Inclusion
|
6 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion
|
7 |
WEB
|
Ben Schmidt
|
|
2011-09-19
|
|
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
|
7 |
WEB
|
LiquidWorm
|
|
2011-09-19
|
|
WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure
|
7 |
WEB
|
Septemb0x
|
|
2011-09-18
|
|
WordPress Plugin Count per Day 2.17 - SQL Injection
|
7 |
WEB
|
Miroslav Stampar
|
|
2011-09-17
|
|
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
|
7 |
WEB
|
LiquidWorm
|
|
2011-09-17
|
|
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
|
7 |
WEB
|
LiquidWorm
|
|
2011-09-17
|
|
iBrowser Plugin 1.4.1 - 'lang' Local File Inclusion
|
7 |
WEB
|
LiquidWorm
|
|
2011-09-15
|
|
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
|
8 |
WEB
|
rgod
|
|
2011-09-14
|
|
Cogent DataHub 7.1.1.63 - Source Disclosure
|
6 |
WEB
|
Luigi Auriemma
|
|
2011-09-14
|
|
WordPress Plugin E-Commerce 3.8.6 - SQL Injection
|
9 |
WEB
|
Miroslav Stampar
|
|
2011-09-13
|
|
dotProject 2.1.5 - SQL Injection
|
6 |
WEB
|
sherl0ck_
|
|
2011-09-13
|
|
WordPress Plugin Forum Server 1.7 - SQL Injection
|
7 |
WEB
|
Miroslav Stampar
|
|
2011-09-12
|
|
AstroCMS - Multiple Vulnerabilities
|
7 |
WEB
|
brain[pillow]
|
|
2011-09-12
|
|
Slaed CMS - Code Execution
|
7 |
WEB
|
brain[pillow]
|
|
2011-09-12
|
|
NetCat CMS - Multiple Vulnerabilities
|
7 |
WEB
|
brain[pillow]
|
|
2011-09-12
|
|
PHP Support Tickets 2.2 - Code Execution
|
7 |
WEB
|
brain[pillow]
|
