|
2006-03-26
|
|
CuteNews 1.4.1 - 'function.php' Local File Inclusion
|
1 |
WEB
|
Hamid Ebadi
|
|
2006-03-25
|
|
TFT Gallery 0.10 - Password Disclosure
|
1 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
|
1 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
PHP Ticket 0.71 - 'search.php' SQL Injection
|
1 |
WEB
|
undefined1_
|
|
2006-03-25
|
|
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
|
3 |
WEB
|
rgod
|
|
2006-03-22
|
|
XHP CMS 0.5 - 'upload' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-03-21
|
|
FreeWPS 2.11 - 'images.php' Remote Code Execution
|
1 |
WEB
|
x128
|
|
2006-03-20
|
|
ASPPortal 3.1.1 - 'downloadid' SQL Injection
|
1 |
WEB
|
nukedx
|
|
2006-03-20
|
|
gCards 1.45 - Multiple Vulnerabilities
|
1 |
WEB
|
rgod
|
|
2006-03-19
|
|
SoftBB 0.1 - 'mail' Blind SQL Injection
|
1 |
WEB
|
LOTFREE
|
|
2006-03-18
|
|
ShoutLIVE 1.1.0 - 'savesettings.php' Remote Code Execution
|
1 |
WEB
|
DarkFig
|
|
2006-03-18
|
|
BetaParticle Blog 6.0 - 'fldGalleryID' SQL Injection
|
0 |
WEB
|
nukedx
|
|
2006-03-18
|
|
nodez 4.6.1.1 mercury - Multiple Vulnerabilities
|
1 |
WEB
|
rgod
|
|
2006-03-15
|
|
KnowledgebasePublisher 1.2 - 'Include' Remote Code Execution
|
1 |
WEB
|
uid0
|
|
2006-03-15
|
|
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution
|
1 |
WEB
|
rgod
|
|
2006-03-15
|
|
PHP iCalendar 2.21 - 'cookie' Remote Code Execution
|
1 |
WEB
|
rgod
|
|
2006-03-13
|
|
Simple PHP Blog 0.4.7.1 - Remote Command Execution
|
1 |
WEB
|
rgod
|
|
2006-03-11
|
|
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities
|
1 |
WEB
|
Nomenumbra
|
|
2006-03-11
|
|
Guestbook Script 1.7 - 'include_files' Remote Code Execution
|
0 |
WEB
|
rgod
|
|
2006-03-09
|
|
JiRos Banner Experience 1.0 - Unauthorized Create Admin
|
0 |
WEB
|
nukedx
|
|
2006-03-09
|
|
Light Weight Calendar 1.x - 'date' Remote Code Execution
|
0 |
WEB
|
Hessam-x
|
|
2006-03-09
|
|
d2kBlog 1.0.3 - 'memName' SQL Injection
|
0 |
WEB
|
DevilBox
|
|
2006-03-08
|
|
RedBLoG 0.5 - 'cat_id' SQL Injection
|
0 |
WEB
|
x128
|
|
2006-03-08
|
|
Gallery 2.0.3 - 'stepOrder[]' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-03-07
|
|
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
|
0 |
WEB
|
sirh0t
|
|
2006-03-07
|
|
CilemNews System 1.1 - 'yazdir.asp' haber_id SQL Injection
|
0 |
WEB
|
nukedx
|
|
2006-03-07
|
|
OWL Intranet Engine 0.82 - 'xrms_file_root' Code Execution
|
0 |
WEB
|
rgod
|
|
2006-03-06
|
|
D2-Shoutbox 4.2 IPB Mod - 'load' SQL Injection
|
1 |
WEB
|
SkOd
|
|
2006-03-04
|
|
Fantastic News 2.1.2 - 'script_path' Remote Code Execution
|
1 |
WEB
|
uid0
|
|
2006-03-04
|
|
TotalECommerce 1.0 - 'index.asp?id' SQL Injection
|
1 |
WEB
|
nukedx
|
|
2006-03-04
|
|
PHP-Stats 0.1.9.1 - Remote Commans Execution
|
1 |
WEB
|
rgod
|
|
2006-03-03
|
|
MyBulletinBoard (MyBB) 1.04 - 'misc.php' SQL Injection (2)
|
1 |
WEB
|
Devil-00
|
|
2006-03-02
|
|
Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection
|
1 |
WEB
|
lorenzo
|
|
2006-03-02
|
|
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
|
1 |
WEB
|
cijfer
|
|
2006-03-01
|
|
Woltlab Burning Board 2.x - Datenbank MOD 'fileid' SQL Injection
|
1 |
WEB
|
nukedx
|
|
2006-03-01
|
|
vuBB 0.2 Final - 'cookie' SQL Injection
|
1 |
WEB
|
KingOfSka
|
|
2006-03-01
|
|
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)
|
1 |
WEB
|
LorD
|
|
2006-03-01
|
|
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution
|
1 |
WEB
|
str0ke
|
|
2006-02-28
|
|
MyBulletinBoard (MyBB) 1.03 - 'misc.php' SQL Injection
|
1 |
WEB
|
Devil-00
|
|
2006-02-28
|
|
Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access
|
1 |
WEB
|
Hessam-x
|
|
2006-02-26
|
|
4Images 1.7.1 - Local File Inclusion / Remote Code Execution
|
1 |
WEB
|
rgod
|
|
2006-02-25
|
|
PwsPHP 1.2.3 - 'index.php' SQL Injection
|
1 |
WEB
|
papipsycho
|
|
2006-02-25
|
|
saPHP Lesson 2.0 - 'forumid' SQL Injection
|
1 |
WEB
|
SnIpEr_SA
|
|
2006-02-25
|
|
Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass
|
1 |
WEB
|
nukedx
|
|
2006-02-25
|
|
Pentacle In-Out Board 6.03 - 'newsdetailsview' SQL Injection
|
1 |
WEB
|
nukedx
|
|
2006-02-25
|
|
iGENUS WebMail 2.0.2 - 'config_inc.php' Remote Code Execution
|
1 |
WEB
|
rgod
|
|
2006-02-24
|
|
Lansuite 2.1.0 Beta - 'fid' SQL Injection
|
1 |
WEB
|
x128
|
|
2006-02-24
|
|
phpWebSite 0.10.0-full - 'topics.php' SQL Injection
|
1 |
WEB
|
SnIpEr_SA
|
|
2006-02-23
|
|
VHCS 2.4.7.1 - Add User Authentication Bypass
|
1 |
WEB
|
RoMaNSoFt
|
|
2006-02-23
|
|
PHP-Nuke 7.5 < 7.8 - 'Search' SQL Injection
|
0 |
WEB
|
unitedbr
|
|
2006-02-23
|
|
NOCC Webmail 1.0 - Local File Inclusion / Remote Code Execution
|
0 |
WEB
|
rgod
|
|
2006-02-22
|
|
Noahs Classifieds 1.3 - 'lowerTemplate' Remote Code Execution
|
0 |
WEB
|
trueend5
|
|
2006-02-20
|
|
ilchClan 1.05g - 'tid' SQL Injection
|
0 |
WEB
|
x128
|
|
2006-02-20
|
|
GeekLog 1.x - 'error.log' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-19
|
|
MiniNuke 1.8.2b - 'pages.asp' SQL Injection
|
0 |
WEB
|
nukedx
|
|
2006-02-19
|
|
BXCP 0.2.9.9 - 'tid' SQL Injection
|
0 |
WEB
|
x128
|
|
2006-02-19
|
|
Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-17
|
|
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-17
|
|
Gravity Board X 1.1 - 'csscontent' Remote Code Execution
|
0 |
WEB
|
RusH
|
|
2006-02-17
|
|
Zorum Forum 3.5 - 'rollid' SQL Injection
|
0 |
WEB
|
RusH
|
|
2006-02-17
|
|
AWStats < 6.4 - 'referer' Remote Command Execution
|
0 |
WEB
|
RusH
|
|
2006-02-16
|
|
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
|
0 |
WEB
|
cijfer
|
|
2006-02-16
|
|
PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-15
|
|
MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections
|
1 |
WEB
|
HACKERS PAL
|
|
2006-02-14
|
|
webSPELL 4.01 - 'title_op' SQL Injection
|
1 |
WEB
|
x128
|
|
2006-02-13
|
|
FlySpray 0.9.7 - 'install-0.9.7.php' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-13
|
|
EnterpriseGS 1.0 rc4 - Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-13
|
|
Invision Power Board Army System Mod 2.1 - SQL Injection
|
0 |
WEB
|
fRoGGz
|
|
2006-02-11
|
|
DocMGR 0.54.2 - 'file_exists' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2006-02-09
|
|
RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
|
1 |
WEB
|
rgod
|
|
2006-02-09
|
|
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
|
1 |
WEB
|
rgod
|
|
2006-02-08
|
|
SPIP 1.8.2g - Remote Command Execution
|
1 |
WEB
|
rgod
|
|
2006-02-08
|
|
CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution
|
1 |
WEB
|
rgod
|
|
2006-02-06
|
|
ASPThai.Net Guestbook 5.5 - Authentication Bypass
|
1 |
WEB
|
Zodiac
|
|
2006-02-06
|
|
MyQuiz 1.01 - 'PATH_INFO' Arbitrary Command Execution
|
1 |
WEB
|
Hessam-x
|
|
2006-02-05
|
|
phpBB 2.0.19 - Style Changer/Demo Mod SQL Injection
|
1 |
WEB
|
SkOd
|
|
2006-02-04
|
|
Clever Copy 3.0 - Admin Auth Details / SQL Injection
|
1 |
WEB
|
rgod
|
|
2006-02-03
|
|
LoudBlog 0.4 - Remote File Inclusion
|
0 |
WEB
|
rgod
|
|
2006-01-31
|
|
Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection
|
1 |
WEB
|
SkOd
|
|
2006-01-30
|
|
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
|
1 |
WEB
|
cijfer
|
|
2006-01-29
|
|
phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure
|
1 |
WEB
|
threesixthousan
|
|
2006-01-25
|
|
Phpclanwebsite 1.23.1 - SQL Injection
|
1 |
WEB
|
matrix_killer
|
|
2006-01-24
|
|
creLoaded 6.15 - 'HTMLAREA' Automated Perl
|
1 |
WEB
|
kaneda
|
|
2006-01-22
|
|
EZDatabase 2.0 - 'db_id' Remote Command Execution
|
1 |
WEB
|
cijfer
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - 'hid' SQL Injection
|
0 |
WEB
|
DetMyl
|
|
2006-01-14
|
|
MiniNuke 1.8.2 - Multiple SQL Injections
|
0 |
WEB
|
nukedx
|
|
2006-01-09
|
|
Magic News Plus 1.0.3 - Admin Pass Change
|
0 |
WEB
|
cijfer
|
|
2006-01-04
|
|
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
|
1 |
WEB
|
cijfer
|
|
2006-01-03
|
|
Valdersoft Shopping Cart 3.0 - Remote Command Execution
|
1 |
WEB
|
cijfer
|
|
2006-01-01
|
|
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
|
0 |
WEB
|
cijfer
|
|
2005-12-30
|
|
WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection
|
0 |
WEB
|
DevilBox
|
|
2005-12-30
|
|
CubeCart 3.0.6 - Remote Command Execution
|
0 |
WEB
|
cijfer
|
|
2005-12-29
|
|
phpDocumentor 1.3.0 rc4 - Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-12-24
|
|
phpBB 2.0.17 - 'signature_bbcode_uid' Remot Command
|
0 |
WEB
|
RusH
|
|
2005-12-24
|
|
Dev Web Management System 1.5 - 'cat' SQL Injection
|
0 |
WEB
|
rgod
|
|
2005-12-23
|
|
PHP-Fusion 6.00.3 - 'rating' SQL Injection
|
0 |
WEB
|
krasza
|
|
2005-12-21
|
|
phpBB 2.0.18 - Cross-Site Scripting / Cookie Disclosure
|
0 |
WEB
|
jet
|
|
2006-02-20
|
|
phpBB 2.0.18 - Remote Brute Force/Dictionary (2)
|
0 |
WEB
|
DarkFig
|
|
2005-12-20
|
|
PHPGedView 3.3.7 - Remote Code Execution
|
0 |
WEB
|
rgod
|
|
2005-12-14
|
|
Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-12-12
|
|
phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution
|
0 |
WEB
|
rgod
|
|
2005-12-10
|
|
Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-12-08
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (2)
|
0 |
WEB
|
pointslash
|
|
2005-12-08
|
|
Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution
|
0 |
WEB
|
rgod
|
|
2005-12-07
|
|
SimpleBBS 1.1 - Remote Command Execution
|
1 |
WEB
|
unitedasia
|
|
2005-12-07
|
|
SugarSuite Open Source 4.0beta - Remote Code Execution (1)
|
1 |
WEB
|
rgod
|
|
2005-12-06
|
|
SimpleBBS 1.1 - Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-12-04
|
|
DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload
|
0 |
WEB
|
rgod
|
|
2005-12-02
|
|
Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection
|
0 |
WEB
|
rgod
|
|
2005-11-28
|
|
Guppy 4.5.9 - 'REMOTE_ADDR' Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-11-25
|
|
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload
|
0 |
WEB
|
rgod
|
|
2005-11-22
|
|
Mambo 4.5.2 - Globals Overwrite / Remote Command Execution
|
0 |
WEB
|
rgod
|
|
2005-11-17
|
|
EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution
|
0 |
WEB
|
rgod
|
|
2005-11-16
|
|
PHP-Nuke 7.8 Search Module - SQL Injection
|
0 |
WEB
|
anonymous
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'forum' SQL Injection
|
0 |
WEB
|
AhLam
|
|
2005-11-16
|
|
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection
|
0 |
WEB
|
rgod
|
|
2005-11-14
|
|
Wizz Forum 1.20 - 'TopicID' SQL Injection
|
0 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Cyphor 0.19 - 'show.php?id' SQL Injection
|
0 |
WEB
|
HACKERS PAL
|
|
2005-11-14
|
|
Arki-DB 1.0 - 'catid' SQL Injection
|
0 |
WEB
|
Devil-00
|
|
2005-11-14
|
|
Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection
|
0 |
WEB
|
rgod
|
|
2005-11-13
|
|
Coppermine Photo Gallery 1.3.2 - File Retrieval / SQL Injection
|
0 |
WEB
|
DiGiTAL_MiDWAY
|
|
2005-11-12
|
|
XOOPS (wfdownloads) 2.05 Module - Multiple Vulnerabilities
|
1 |
WEB
|
rgod
|
|
2005-11-10
|
|
Moodle 1.6dev - SQL Injection / Command Execution
|
1 |
WEB
|
rgod
|
|
2005-11-07
|
|
ATutor 1.5.1pl2 - SQL Injection / Command Execution
|
1 |
WEB
|
rgod
|
|
2005-11-06
|
|
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
|
1 |
WEB
|
B~HFH
|
