|
2008-12-17
|
|
K&S Shopsysteme - Arbitrary File Upload
|
27 |
WEB
|
mNt
|
|
2008-12-17
|
|
BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure
|
26 |
WEB
|
Dxil
|
|
2008-12-17
|
|
RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling
|
28 |
WEB
|
Osirys
|
|
2008-12-16
|
|
Gnews Publisher .NET - SQL Injection
|
29 |
WEB
|
AlpHaNiX
|
|
2008-12-16
|
|
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
|
27 |
WEB
|
ZoRLu
|
|
2008-12-16
|
|
Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure
|
28 |
WEB
|
Cold Zero
|
|
2008-12-16
|
|
Nukedit 4.9.8 - Remote Database Disclosure
|
27 |
WEB
|
Cyber.Zer0
|
|
2008-12-16
|
|
Aiyoota! CMS - Blind SQL Injection
|
26 |
WEB
|
Lidloses_Auge
|
|
2008-12-16
|
|
FLDS 1.2a - 'report.php' SQL Injection
|
27 |
WEB
|
ka0x
|
|
2008-12-16
|
|
Web Wiz Guestbook 8.21 - Database Disclosure
|
28 |
WEB
|
Cold Zero
|
|
2008-12-16
|
|
FaScript FaUpload - SQL Injection
|
27 |
WEB
|
Aria-Security Team
|
|
2008-12-15
|
|
Click&Rank - SQL Injection / Cross-Site Scripting
|
24 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
clickandemail - SQL Injection / Cross-Site Scripting
|
25 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
Click&BaneX - Multiple SQL Injections
|
27 |
WEB
|
AlpHaNiX
|
|
2008-12-15
|
|
CFAGCMS 1 - SQL Injection
|
24 |
WEB
|
ZoRLu
|
|
2008-12-15
|
|
Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection
|
26 |
WEB
|
NoGe
|
|
2008-12-15
|
|
WorkSimple 1.2.1 - Remote File Inclusion / Sensitive Data Disclosure
|
31 |
WEB
|
Osirys
|
|
2008-12-15
|
|
CadeNix - SQL Injection
|
29 |
WEB
|
HaCkeR_EgY
|
|
2008-12-15
|
|
XOOPS Module Amevents - SQL Injection
|
28 |
WEB
|
nétRoot
|
|
2008-12-15
|
|
The Rat CMS Alpha 2 - Authentication Bypass
|
29 |
WEB
|
x0r
|
|
2008-12-15
|
|
Mediatheka 4.2 - Blind SQL Injection
|
26 |
WEB
|
StAkeR
|
|
2008-12-15
|
|
BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber
|
28 |
WEB
|
SirGod
|
|
2008-12-15
|
|
FLDS 1.2a - 'lpro.php' SQL Injection
|
28 |
WEB
|
nuclear
|
|
2008-12-15
|
|
EZ Publish < 3.9.5/3.10.1/4.0.1 - 'token' Privilege Escalation
|
25 |
WEB
|
s4avrd0w
|
|
2008-12-15
|
|
CodeAvalanche RateMySite - Database Disclosure
|
30 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche Articles - Database Disclosure
|
25 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche FreeWallpaper - Remote Database Disclosure
|
28 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche FreeForAll - Database Disclosure
|
27 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
CodeAvalanche Directory - Database Disclosure
|
25 |
WEB
|
Pouya_Server
|
|
2008-12-15
|
|
Forest Blog 1.3.2 - Remote Database Disclosure
|
27 |
WEB
|
Cold Zero
|
|
2008-12-14
|
|
isweb CMS 3.0 - SQL Injection / Cross-Site Scripting
|
29 |
WEB
|
XaDoS
|
|
2008-12-14
|
|
ASPSiteWare RealtyListing 1.0/2.0 - SQL Injection
|
27 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
ASPSiteWare Automotive Dealer 1.0/2.0 - SQL Injection
|
28 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
ASPSiteWare Home Builder 1.0/2.0 - SQL Injection
|
30 |
WEB
|
AlpHaNiX
|
|
2008-12-14
|
|
Flatnux - html/JavaScript Injection Cookie Grabber
|
28 |
WEB
|
gmda
|
|
2008-12-14
|
|
CFAGCMS 1 - Remote File Inclusion
|
29 |
WEB
|
BeyazKurt
|
|
2008-12-14
|
|
Mediatheka 4.2 - 'lang' Local File Inclusion
|
30 |
WEB
|
Osirys
|
|
2008-12-14
|
|
AvailScript Classmate Script - Arbitrary File Upload
|
26 |
WEB
|
S.W.A.T.
|
|
2008-12-14
|
|
AvailScript Article Script - Arbitrary File Upload
|
30 |
WEB
|
S.W.A.T.
|
|
2008-12-14
|
|
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation
|
28 |
WEB
|
x0r
|
|
2008-12-14
|
|
FLDS 1.2a - 'redir.php' SQL Injection
|
28 |
WEB
|
nuclear
|
|
2008-12-14
|
|
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
|
24 |
WEB
|
ahmadbady
|
|
2008-12-14
|
|
CodeAvalanche FreeForum - Database Disclosure
|
27 |
WEB
|
Ghost Hacker
|
|
2008-12-14
|
|
iyzi Forum 1.0b3 - Database Disclosure
|
26 |
WEB
|
Ghost Hacker
|
|
2008-12-14
|
|
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
|
27 |
WEB
|
SirGod
|
|
2008-12-14
|
|
ASP-DEV Internal E-Mail System - Authentication Bypass
|
25 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
ASPired2Quote - Remote Database Disclosure
|
28 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
Discussion Web 4 - Remote Database Disclosure
|
30 |
WEB
|
Pouya_Server
|
|
2008-12-14
|
|
Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion
|
28 |
WEB
|
Osirys
|
|
2008-12-14
|
|
FlexPHPNews 0.0.6 / PRO - Authentication Bypass
|
28 |
WEB
|
Osirys
|
|
2008-12-12
|
|
Joomla! Component live chat - SQL Injection / Open Proxy
|
32 |
WEB
|
jdc
|
|
2008-12-12
|
|
ColdFusion Scripts Red_Reservations - Database Disclosure
|
26 |
WEB
|
Cyber-Zone
|
|
2008-12-12
|
|
Umer Inc Songs Portal Script - 'id' SQL Injection
|
26 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
VP-ASP Shopping Cart 6.50 - Database Disclosure
|
24 |
WEB
|
Dxil
|
|
2008-12-12
|
|
Moodle 1.9.3 - Remote Code Execution
|
26 |
WEB
|
USH
|
|
2008-12-12
|
|
the net guys aspired2blog - SQL Injection / File Disclosure
|
28 |
WEB
|
Pouya_Server
|
|
2008-12-12
|
|
Social Groupie - 'create_album.php' Arbitrary File Upload
|
26 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
Wysi Wiki Wyg 1.0 - Remote Password Retrieve
|
31 |
WEB
|
StAkeR
|
|
2008-12-12
|
|
Social Groupie - 'id' SQL Injection
|
29 |
WEB
|
InjEctOr5
|
|
2008-12-12
|
|
Xpoze 4.10 - 'menu' Blind SQL Injection
|
28 |
WEB
|
XaDoS
|
|
2008-12-12
|
|
SUMON 0.7.0 - Command Execution
|
29 |
WEB
|
dun
|
|
2008-12-12
|
|
ASP-CMS 1.0 - 'cha' SQL Injection
|
31 |
WEB
|
Khashayar Fereidani
|
|
2008-12-12
|
|
The Net Guys ASPired2Protect - Database Disclosure
|
29 |
WEB
|
AlpHaNiX
|
|
2008-12-11
|
|
The Net Guys ASPired2Poll - Remote Database Disclosure
|
28 |
WEB
|
AlpHaNiX
|
|
2008-12-11
|
|
PHP Support Tickets 2.2 - Arbitrary File Upload
|
29 |
WEB
|
ahmadbady
|
|
2008-12-11
|
|
Banner Exchange Java - Authentication Bypass
|
27 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Ad Management Java - Authentication Bypass
|
27 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Affiliate Software Java 4.0 - Authentication Bypass
|
27 |
WEB
|
R3d-D3V!L
|
|
2008-12-11
|
|
Feed CMS 1.07.03.19b - 'lang' Local File Inclusion
|
31 |
WEB
|
x0r
|
|
2008-12-11
|
|
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
|
27 |
WEB
|
s4avrd0w
|
|
2008-12-11
|
|
MyCal Personal Events Calendar - Database Disclosure
|
23 |
WEB
|
CoBRa_21
|
|
2008-12-11
|
|
evCal Events Calendar - Database Disclosure
|
27 |
WEB
|
Cyber-Zone
|
|
2008-12-11
|
|
PhpAddEdit 1.3 - 'cookie' Authentication Bypass
|
26 |
WEB
|
x0r
|
|
2008-12-10
|
|
phpAddEdit 1.3 - 'editform' Local File Inclusion
|
27 |
WEB
|
nuclear
|
|
2008-12-10
|
|
CF_Forum - Blind SQL Injection
|
25 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CFMBLOG - 'categorynbr' Blind SQL Injection
|
30 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CF_Auction - Blind SQL Injection
|
27 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
CF_Calendar - 'calendarevent.cfm' SQL Injection
|
28 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
cf shopkart 5.2.2 - SQL Injection / File Disclosure
|
29 |
WEB
|
AlpHaNiX
|
|
2008-12-10
|
|
Butterfly ORGanizer 2.0.1 - 'id' SQL Injection
|
25 |
WEB
|
Osirys
|
|
2008-12-10
|
|
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
|
30 |
WEB
|
ZynbER
|
|
2008-12-10
|
|
living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload
|
28 |
WEB
|
Bgh7
|
|
2008-12-10
|
|
WebMaster Marketplace - SQL Injection
|
26 |
WEB
|
Hussin X
|
|
2008-12-10
|
|
EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
|
30 |
WEB
|
s4avrd0w
|
|
2008-12-10
|
|
HTMPL 1.11 - Command Execution
|
25 |
WEB
|
ZeN
|
|
2008-12-09
|
|
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
|
26 |
WEB
|
ahmadbady
|
|
2008-12-09
|
|
PHPmyGallery 1.5beta - '/common-tpl-vars.php' Local/Remote File Inclusion
|
27 |
WEB
|
CoBRa_21
|
|
2008-12-09
|
|
postecards - SQL Injection / File Disclosure
|
24 |
WEB
|
AlpHaNiX
|
|
2008-12-09
|
|
ProQuiz 1.0 - Authentication Bypass
|
27 |
WEB
|
Osirys
|
|
2008-12-09
|
|
Netref 4.0 - Multiple SQL Injections
|
32 |
WEB
|
SuB-ZeRo
|
|
2008-12-09
|
|
Peel Shopping 3.1 - 'rubid' SQL Injection
|
31 |
WEB
|
SuB-ZeRo
|
|
2008-12-09
|
|
PHPmyGallery 1.0beta2 - Local/Remote File Inclusion
|
28 |
WEB
|
ZoRLu
|
|
2008-12-09
|
|
Poll Pro 2.0 - Authentication Bypass
|
27 |
WEB
|
AlpHaNiX
|
|
2008-12-09
|
|
Professional Download Assistant 0.1 - Authentication Bypass
|
29 |
WEB
|
ZoRLu
|
|
2008-12-08
|
|
webcaf 1.4 - Local File Inclusion / Remote Code Execution
|
32 |
WEB
|
dun
|
|
2008-12-08
|
|
phpBB 3 - Mod Tag Board 4 Blind SQL Injection
|
30 |
WEB
|
StAkeR
|
|
2008-12-08
|
|
vBulletin Secure Downloads 2.0.0r - SQL Injection
|
28 |
WEB
|
Cnaph
|
|
2008-12-08
|
|
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
|
28 |
WEB
|
Michael Brooks
|
|
2008-12-08
|
|
phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection
|
26 |
WEB
|
Michael Brooks
|
|
2008-12-08
|
|
siu guarani - Multiple Vulnerabilities
|
26 |
WEB
|
Ubik & proudhon
|
|
2008-12-08
|
|
XOOPS 2.3.1 - Multiple Local File Inclusions
|
28 |
WEB
|
DSecRG
|
|
2008-12-08
|
|
MG2 0.5.1 - 'filename' Remote Code Execution
|
30 |
WEB
|
Alfons Luja
|
|
2008-12-07
|
|
asp talk - SQL Injection / Cross-Site Scripting
|
33 |
WEB
|
Bl@ckbe@rD
|
|
2008-12-07
|
|
PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal
|
28 |
WEB
|
zAx
|
|
2008-12-07
|
|
QMail Mailing List Manager 1.2 - Database Disclosure
|
26 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Mini-CMS 1.0.1 - 'index.php' Local File Inclusion
|
23 |
WEB
|
cOndemned
|
|
2008-12-07
|
|
Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusions
|
26 |
WEB
|
cOndemned
|
|
2008-12-07
|
|
aspmanage banners - Arbitrary File Upload / File Disclosure
|
26 |
WEB
|
ZoRLu
|
|
2008-12-07
|
|
Ikon ADManager 2.1 - Remote Database Disclosure
|
29 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Professional Download Assistant 0.1 - Database Disclosure
|
27 |
WEB
|
Ghost Hacker
|
|
2008-12-07
|
|
Natterchat 1.12 - Database Disclosure
|
30 |
WEB
|
AlpHaNiX
|
|
2008-12-07
|
|
w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion
|
30 |
WEB
|
DNX
|
|
2008-12-07
|
|
Product Sale Framework 0.1b - SQL Injection
|
27 |
WEB
|
b3hz4d
|
|
2008-12-07
|
|
PayPal eStore - Admin Password Change
|
27 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
Bonza Cart 1.10 - Admin Password Changing
|
26 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
DL PayCart 1.34 - Admin Password Changing
|
28 |
WEB
|
G4N0K
|
|
2008-12-07
|
|
IPNPro3 < 1.44 - Admin Password Changing
|
29 |
WEB
|
G4N0K
|
|
2008-12-06
|
|
phpPgAdmin 4.2.1 - '_language' Local File Inclusion
|
28 |
WEB
|
dun
|
|
2008-12-06
|
|
ASP PORTAL - Remote Database Disclosure
|
27 |
WEB
|
ZoRLu
|
|
2008-12-06
|
|
ASP AutoDealer - Remote Database Disclosure
|
29 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
ASPTicker 1.0 - Remote Database Disclosure
|
28 |
WEB
|
ZoRLu
|
|
2008-12-05
|
|
ASP Portal - Multiple SQL Injections
|
28 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
ASP AutoDealer - SQL Injection / File Disclosure
|
32 |
WEB
|
AlpHaNiX
|
|
2008-12-05
|
|
Tizag Countdown Creator 3 - Insecure Upload
|
31 |
WEB
|
ahmadbady
|
|
2008-12-05
|
|
Cold BBS - Remote Database Disclosure
|
29 |
WEB
|
ahmadbady
|
