|
2009-03-11
|
|
Traidnt up 2.0 - 'cookie' Add Extension Bypass
|
2 |
WEB
|
SP4rT
|
|
2009-03-10
|
|
RoomPHPlanning 1.6 - 'userform.php' Create Admin User
|
1 |
WEB
|
Jonathan Salwan
|
|
2009-03-10
|
|
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
|
1 |
WEB
|
XaDoS
|
|
2009-03-10
|
|
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
|
2 |
WEB
|
Juan Galiana Lara
|
|
2009-03-10
|
|
WeBid 0.7.3 RC9 - Multiple Remote File Inclusions
|
2 |
WEB
|
K-159
|
|
2009-03-10
|
|
PHP-Fusion Mod Book Panel - 'course_id' SQL Injection
|
2 |
WEB
|
SuB-ZeRo
|
|
2009-03-10
|
|
CMS WEBjump! - Multiple SQL Injections
|
2 |
WEB
|
M3NW5
|
|
2009-03-09
|
|
PHP-Fusion Mod Book Panel - 'bookid' SQL Injection
|
2 |
WEB
|
elusiven
|
|
2009-03-09
|
|
phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-03-09
|
|
CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection
|
2 |
WEB
|
netsoul
|
|
2009-03-09
|
|
woltlab burning board 3.0.x - Multiple Vulnerabilities
|
2 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
PHPRecipeBook 2.24 - 'base_id' SQL Injection
|
2 |
WEB
|
d3b4g
|
|
2009-03-09
|
|
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
|
1 |
WEB
|
StAkeR
|
|
2009-03-09
|
|
cms s.builder 3.7 - Remote File Inclusion
|
1 |
WEB
|
cr0w
|
|
2009-03-09
|
|
nForum 1.5 - Multiple SQL Injections
|
1 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
OneOrZero Helpdesk 1.6.5.7 - Local File Inclusion
|
2 |
WEB
|
dun
|
|
2009-03-06
|
|
isiAJAX 1 - 'praises.php?id' SQL Injection
|
1 |
WEB
|
dun
|
|
2009-03-06
|
|
Wili-CMS 0.4.0 - Local File Inclusion / Remote File Inclusion / Authentication Bypass
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-03-06
|
|
Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection
|
1 |
WEB
|
ka0x
|
|
2009-03-05
|
|
Joomla! Component com_iJoomla_archive - Blind SQL Injection
|
2 |
WEB
|
Stack
|
|
2009-03-05
|
|
celerbb 0.0.2 - Multiple Vulnerabilities
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Jogjacamp JProfile Gold - 'id_news' SQL Injection
|
2 |
WEB
|
kecemplungkalen
|
|
2009-03-03
|
|
Novaboard 1.0.1 - Cross-Site Scripting
|
1 |
WEB
|
Pepelux
|
|
2009-03-03
|
|
tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion
|
2 |
WEB
|
d3b4g
|
|
2009-03-03
|
|
blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-03-03
|
|
Zabbix 1.6.2 Frontend - Multiple Vulnerabilities
|
1 |
WEB
|
USH
|
|
2009-03-02
|
|
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
|
1 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Joomla! / Mambo Component eXtplorer - Code Execution
|
1 |
WEB
|
Juan Galiana Lara
|
|
2009-03-02
|
|
Joomla! Component com_digistore - 'pid' Blind SQL Injection
|
2 |
WEB
|
InjEctOr5
|
|
2009-03-02
|
|
Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling
|
2 |
WEB
|
x0r
|
|
2009-03-02
|
|
Access2asp - 'imageLibrar' Arbitrary File Upload
|
2 |
WEB
|
mr.al7rbi
|
|
2009-03-02
|
|
Digital Interchange Calendar 5.7.13 - Contents Change
|
1 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
Document Library 1.0.1 - Arbitrary Change Admin
|
2 |
WEB
|
ByALBAYX
|
|
2009-03-02
|
|
EZ-Blog beta1 - Delete All Posts / SQL Injection
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-03-02
|
|
Blogman 0.45 - Multiple Vulnerabilities
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-02-27
|
|
Demium CMS 0.2.1b - Multiple Vulnerabilities
|
2 |
WEB
|
Osirys
|
|
2009-02-27
|
|
irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection
|
2 |
WEB
|
Corwin
|
|
2009-02-27
|
|
SkyPortal Downloads Manager 1.1 - Remote Contents Change
|
2 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
BannerManager 0.81 - Authentication Bypass
|
1 |
WEB
|
rootzig
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation
|
1 |
WEB
|
Inphex
|
|
2009-02-26
|
|
Coppermine Photo Gallery 1.4.20 - BBCode IMG Privilege Escalation
|
1 |
WEB
|
StAkeR
|
|
2009-02-26
|
|
DesignerfreeSolutions NewsLetter Manager Pro - Authentication Bypass
|
2 |
WEB
|
ByALBAYX
|
|
2009-02-26
|
|
Golabi CMS 1.0 - Remote File Inclusion
|
1 |
WEB
|
CrazyAngel
|
|
2009-02-25
|
|
SkyPortal WebLinks 0.12 - Contents Change
|
1 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Picture Manager 0.11 - Contents Change
|
2 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
SkyPortal Classifieds System 0.12 - Contents Change
|
2 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
PenPal 2.0 - Authentication Bypass
|
2 |
WEB
|
ByALBAYX
|
|
2009-02-25
|
|
pPIM 1.0 - Multiple Vulnerabilities
|
2 |
WEB
|
Justin Keane
|
|
2009-02-24
|
|
Qwerty CMS - 'id' SQL Injection
|
2 |
WEB
|
b3
|
|
2009-02-24
|
|
XGuestBook 2.0 - Authentication Bypass
|
1 |
WEB
|
Fireshot
|
|
2009-02-23
|
|
MDPro Module My_eGallery - 'pid' SQL Injection
|
1 |
WEB
|
StAkeR
|
|
2009-02-23
|
|
taifajobs 1.0 - 'jobid' SQL Injection
|
1 |
WEB
|
K-159
|
|
2009-02-23
|
|
Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution
|
1 |
WEB
|
Osirys
|
|
2009-02-23
|
|
Free Arcade Script 1.0 - Local File Inclusion Command Execution
|
1 |
WEB
|
Osirys
|
|
2009-02-23
|
|
pPIM 1.01 - 'notes.php' Remote Command Execution
|
1 |
WEB
|
JosS
|
|
2009-02-23
|
|
zFeeder 1.6 - 'admin.php' Admin Bypass
|
1 |
WEB
|
ahmadbady
|
|
2009-02-20
|
|
Graugon Forum 1 - 'id' Command Injection / SQL Injection
|
1 |
WEB
|
Osirys
|
|
2009-02-20
|
|
Osmodia Bulletin Board 1.x - 'admin.txt' File Disclosure
|
1 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB Server - 'admin.dat' File Disclosure
|
1 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams GB 5.4 Final - 'admin.dat' File Disclosure
|
1 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure
|
2 |
WEB
|
Pouya_Server
|
|
2009-02-20
|
|
phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion
|
2 |
WEB
|
Kacper
|
|
2009-02-18
|
|
smNews 1.0 - Authentication Bypass / Column Truncation
|
1 |
WEB
|
x0r
|
|
2009-02-18
|
|
Firepack - '/admin/ref.php' Remote Code Execution
|
2 |
WEB
|
Lidloses_Auge
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'genbackup.php' Database Disclosure
|
2 |
WEB
|
x0r
|
|
2009-02-17
|
|
pHNews Alpha 1 - 'mod' SQL Injection
|
2 |
WEB
|
x0r
|
|
2009-02-17
|
|
S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete
|
0 |
WEB
|
x0r
|
|
2009-02-17
|
|
SAS Hotel Management System - Arbitrary File Upload
|
1 |
WEB
|
ZoRLu
|
|
2009-02-16
|
|
Grestul 1.x - Cookie Authentication Bypass
|
1 |
WEB
|
x0r
|
|
2009-02-16
|
|
ravennuke 2.3.0 - Multiple Vulnerabilities
|
1 |
WEB
|
waraxe
|
|
2009-02-16
|
|
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion
|
1 |
WEB
|
ahmadbady
|
|
2009-02-16
|
|
SAS Hotel Management System - 'id' SQL Injection
|
1 |
WEB
|
Darkb0x
|
|
2009-02-16
|
|
MemHT Portal 4.0.1 - Delete All Private Messages
|
1 |
WEB
|
StAkeR
|
|
2009-02-16
|
|
Novaboard 1.0.0 - Multiple Vulnerabilities
|
0 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
|
2 |
WEB
|
brain[pillow]
|
|
2009-02-16
|
|
simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution
|
2 |
WEB
|
Osirys
|
|
2009-02-16
|
|
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
|
2 |
WEB
|
Sp3shial
|
|
2009-02-16
|
|
InselPhoto 1.1 - Cross-Site Scripting
|
2 |
WEB
|
rAWjAW
|
|
2009-02-13
|
|
CmsFaethon 2.2.0 - 'item' SQL Injection
|
2 |
WEB
|
Osirys
|
|
2009-02-13
|
|
BlogWrite 0.91 - Remote File Disclosure / SQL Injection
|
2 |
WEB
|
Osirys
|
|
2009-02-13
|
|
ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion
|
2 |
WEB
|
bd0rk
|
|
2009-02-13
|
|
Vlinks 1.1.6 - 'id' SQL Injection
|
2 |
WEB
|
JIKO
|
|
2009-02-13
|
|
ideacart 0.02 - Local File Inclusion / SQL Injection
|
2 |
WEB
|
nuclear
|
|
2009-02-12
|
|
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripti
|
1 |
WEB
|
Aria-Security Team
|
|
2009-02-12
|
|
Free Joke Script 1.0 - Authentication Bypass
|
2 |
WEB
|
Muhacir
|
|
2009-02-12
|
|
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
|
2 |
WEB
|
x0r
|
|
2009-02-11
|
|
InselPhoto 1.1 - 'query' SQL Injection
|
2 |
WEB
|
Osirys
|
|
2009-02-11
|
|
Den Dating 9.01 - 'txtlookgender' SQL Injection
|
2 |
WEB
|
nuclear
|
|
2009-02-11
|
|
Bloggeruniverse 2.0 Beta - 'id' SQL Injection
|
2 |
WEB
|
Osirys
|
|
2009-02-11
|
|
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
|
2 |
WEB
|
Mehmet Ince
|
|
2009-02-11
|
|
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
|
1 |
WEB
|
x0r
|
|
2009-02-11
|
|
SkaDate Online 7 - Arbitrary File Upload
|
2 |
WEB
|
ZoRLu
|
|
2009-02-10
|
|
TYPO3 < 4.0.12/4.1.10/4.2.6 - 'jumpUrl' Remote File Disclosure
|
1 |
WEB
|
Lolek
|
|
2009-02-10
|
|
Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution
|
1 |
WEB
|
Osirys
|
|
2009-02-10
|
|
BlueBird Pre-Release - Authentication Bypass
|
1 |
WEB
|
x0r
|
|
2009-02-10
|
|
Mynews 0.10 - Authentication Bypass
|
1 |
WEB
|
x0r
|
|
2009-02-10
|
|
AuthPhp 1.0 - Authentication Bypass
|
1 |
WEB
|
x0r
|
|
2009-02-10
|
|
Potato News 1.0.0 - Local File Inclusion
|
0 |
WEB
|
x0r
|
|
2009-02-10
|
|
Q-News 2.0 - Remote Command Execution
|
0 |
WEB
|
Fireshot
|
|
2009-02-10
|
|
Papoo CMS 3.x - 'pfadhier' Local File Inclusion
|
0 |
WEB
|
SirGod
|
|
2009-02-10
|
|
Thyme 1.3 - 'export_to' Local File Inclusion
|
0 |
WEB
|
cheverok
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution
|
0 |
WEB
|
Osirys
|
|
2009-02-09
|
|
Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure
|
0 |
WEB
|
bd0rk
|
|
2009-02-09
|
|
WB News 2.1.1 - config[installdir] Remote File Inclusion
|
1 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
webframe 0.76 - Multiple File Inclusions
|
1 |
WEB
|
ahmadbady
|
|
2009-02-09
|
|
Yet Another NOCC 0.1.0 - Local File Inclusion
|
1 |
WEB
|
Kacper
|
|
2009-02-09
|
|
ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting
|
1 |
WEB
|
make0day
|
|
2009-02-09
|
|
FlexCMS 2.5 - 'catId' SQL Injection
|
1 |
WEB
|
MisterRichard
|
|
2009-02-09
|
|
SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting
|
1 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion
|
1 |
WEB
|
RoMaNcYxHaCkEr
|
|
2009-02-09
|
|
Hedgehog-CMS 1.21 - Remote Command Execution
|
1 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
PHP Director 0.21 - Remote Command Execution
|
2 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection
|
2 |
WEB
|
BackDoor
|
|
2009-02-09
|
|
BusinessSpace 1.2 - 'id' SQL Injection
|
2 |
WEB
|
K-159
|
|
2009-02-09
|
|
w3bcms 3.5.0 - Multiple Vulnerabilities
|
1 |
WEB
|
DNX
|
|
2009-02-09
|
|
IF-CMS 2.0 - 'id' Blind SQL Injection
|
1 |
WEB
|
darkjoker
|
|
2009-02-09
|
|
Traidnt UP 1.0 - Arbitrary File Upload
|
1 |
WEB
|
fantastic
|
|
2009-02-06
|
|
phpYabs 0.1.2 - 'Azione' Remote File Inclusion
|
1 |
WEB
|
Arka69
|
|
2009-02-06
|
|
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
|
1 |
WEB
|
x0r
|
|
2009-02-06
|
|
1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion
|
1 |
WEB
|
JosS
|
|
2009-02-06
|
|
CafeEngine - 'catid' SQL Injection
|
0 |
WEB
|
SuNHouSe2
|
|
2009-02-06
|
|
Mailist 3.0 - Insecure Backup / Local File Inclusion
|
0 |
WEB
|
SirGod
|
|
2009-02-06
|
|
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
|
1 |
WEB
|
make0day
|
|
2009-02-06
|
|
Simple PHP News 1.0 - Remote Command Execution
|
1 |
WEB
|
Osirys
|
|
2009-02-06
|
|
WikkiTikkiTavi 1.11 - Arbitrary '.PHP' File Upload
|
1 |
WEB
|
ByALBAYX
|
