|
2012-03-08
|
|
SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting
|
2 |
WEB
|
vulns@dionach.com
|
|
2012-03-08
|
|
SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting
|
2 |
WEB
|
vulns@dionach.com
|
|
2012-03-08
|
|
SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting
|
2 |
WEB
|
vulns@dionach.com
|
|
2015-05-07
|
|
WordPress Plugin Freshmail 1.5.8 - SQL Injection
|
2 |
WEB
|
Felipe Molina
|
|
2012-03-08
|
|
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
4 |
WEB
|
Julien Ahrens
|
|
2012-03-08
|
|
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
|
2 |
WEB
|
AkaStep
|
|
2012-03-08
|
|
LeKommerce - 'id' SQL Injection
|
1 |
WEB
|
Mazt0r
|
|
2015-05-06
|
|
elFinder 2 - Remote Command Execution (via File Creation)
|
2 |
WEB
|
TUNISIAN CYBER
|
|
2015-05-06
|
|
PDF Converter & Editor 2.1 iOS - Local File Inclusion
|
2 |
WEB
|
Vulnerability-Lab
|
|
2015-05-06
|
|
vPhoto-Album 4.2 iOS - Local File Inclusion
|
2 |
WEB
|
Vulnerability-Lab
|
|
2012-03-07
|
|
OSClass 2.3.x - Directory Traversal / Arbitrary File Upload
|
2 |
WEB
|
Filippo Cavallarin
|
|
2012-03-07
|
|
Exponent CMS 2.0 - 'src' SQL Injection
|
2 |
WEB
|
Rob Miller
|
|
2012-03-06
|
|
Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
2 |
WEB
|
Gjoko Krstic
|
|
2012-03-05
|
|
Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
|
2 |
WEB
|
Colin Wong
|
|
2012-03-05
|
|
11in1 CMS 1.2.1 - 'admin/tps?id' SQL Injection
|
2 |
WEB
|
Chokri B.A
|
|
2012-03-05
|
|
11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection
|
1 |
WEB
|
Chokri B.A
|
|
2012-03-05
|
|
Open Realty 2.5.x - 'select_users_template' Local File Inclusion
|
1 |
WEB
|
Aung Khant
|
|
2015-05-04
|
|
WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross
|
2 |
WEB
|
Felipe Molina
|
|
2015-05-04
|
|
PhotoWebsite 3.1 iOS - Local File Inclusion
|
2 |
WEB
|
Vulnerability-Lab
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'photo_view.php?return' Cross-Site Scripting
|
2 |
WEB
|
Aung Khant
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'photo_search.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Aung Khant
|
|
2012-03-05
|
|
Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Aung Khant
|
|
2012-03-04
|
|
LastGuru ASP Guestbook - 'View.asp' SQL Injection
|
2 |
WEB
|
demonalex
|
|
2012-03-02
|
|
starCMS - 'q' URI Cross-Site Scripting
|
2 |
WEB
|
Am!r
|
|
2012-02-28
|
|
Fork CMS 3.x - '/backend/modules/error/actions/index.php?parse()' Multiple Error Display Cross-Site
|
2 |
WEB
|
anonymous
|
|
2012-02-28
|
|
Fork CMS 3.x - '/private/en/locale/index?name' Cross-Site Scripting
|
2 |
WEB
|
anonymous
|
|
2012-02-29
|
|
Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery
|
2 |
WEB
|
Green Hornet
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/plugin.php?page' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Cross-Site Scripting Vulnerabilities
|
1 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/blogs.php?nb' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-29
|
|
Dotclear 2.4.1.2 - '/admin/auth.php?login_data' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-27
|
|
OSQA's CMS - Multiple HTML Injection Vulnerabilities
|
2 |
WEB
|
Ucha Gobejishvili
|
|
2012-02-27
|
|
Bontq - 'user/' URI Cross-Site Scripting
|
2 |
WEB
|
sonyy
|
|
2012-02-26
|
|
Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
MustLive
|
|
2012-02-26
|
|
MyJobList 0.1.3 - 'eid' SQL Injection
|
2 |
WEB
|
Red Security TEAM
|
|
2012-02-23
|
|
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
|
2 |
WEB
|
Corrado Liotta
|
|
2012-02-22
|
|
Oxwall 1.1.1 - 'plugin' Cross-Site Scripting
|
2 |
WEB
|
Ariko-Security
|
|
2012-02-22
|
|
Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-22
|
|
Chyrp 2.1.1 - 'ajax.php' HTML Injection
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-22
|
|
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
|
1 |
WEB
|
Benjamin Kunz Mejri
|
|
2012-02-22
|
|
ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting
|
2 |
WEB
|
Stefan Schurtz
|
|
2012-02-21
|
|
CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Ariko-Security
|
|
2012-02-21
|
|
Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Sit
|
1 |
WEB
|
Busindre
|
|
2012-02-20
|
|
Joomla! Component Machine - Multiple SQL Injections
|
2 |
WEB
|
the_cyber_nuxbie
|
|
2015-04-29
|
|
OS Solution OSProperty 2.8.0 - SQL Injection
|
2 |
WEB
|
Brandon Perry
|
|
2015-04-29
|
|
Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
|
2 |
WEB
|
hyp3rlinx
|
|
2015-04-29
|
|
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-18
|
|
Joomla! Component com_xvs - 'Controller' Local File Inclusion
|
2 |
WEB
|
KedAns-Dz
|
|
2012-02-21
|
|
Dolphin 7.0.x - 'explanation.php?explain' Cross-Site Scripting
|
2 |
WEB
|
Aung Khant
|
|
2012-02-21
|
|
Dolphin 7.0.x - 'viewFriends.php' Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Aung Khant
|
|
2012-02-20
|
|
TestLink - Multiple SQL Injections
|
2 |
WEB
|
Juan M. Natal
|
|
2012-02-20
|
|
F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
muuratsalo
|
|
2012-02-20
|
|
VOXTRONIC Voxlog Professional 3.7.x - 'userlogdetail.php?idclient' SQL Injection
|
2 |
WEB
|
J. Greil
|
|
2012-02-20
|
|
VOXTRONIC Voxlog Professional 3.7.x - 'get.php?v' Arbitrary File Access
|
2 |
WEB
|
J. Greil
|
|
2012-02-18
|
|
Tiki Wiki CMS Groupware - 'url' Open Redirection
|
2 |
WEB
|
sonyy
|
|
2015-04-27
|
|
WordPress Core 4.2 - Persistent Cross-Site Scripting
|
2 |
WEB
|
klikki
|
|
2015-04-27
|
|
OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting
|
2 |
WEB
|
Adam Ziaja
|
|
2012-02-18
|
|
Joomla! Component com_xcomp - Local File Inclusion
|
2 |
WEB
|
KedAns-Dz
|
|
2012-02-18
|
|
Joomla! Component com_x-shop - 'idd' SQL Injection
|
2 |
WEB
|
KedAns-Dz
|
|
2012-02-16
|
|
Impulsio CMS - 'id' SQL Injection
|
2 |
WEB
|
sonyy
|
|
2012-02-17
|
|
JaWiki - 'versionNo' Cross-Site Scripting
|
2 |
WEB
|
sonyy
|
|
2015-04-23
|
|
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
|
2 |
WEB
|
Felipe Molina
|
|
2015-04-23
|
|
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
|
2 |
WEB
|
Felipe Molina
|
|
2015-04-23
|
|
WebUI 1.5b6 - Remote Code Execution
|
1 |
WEB
|
TUNISIAN CYBER
|
|
2015-04-22
|
|
Wolf CMS 0.8.2 - Arbitrary File Upload
|
2 |
WEB
|
CWH Underground
|
|
2015-04-22
|
|
Open-Letters - Remote PHP Code Injection
|
2 |
WEB
|
TUNISIAN CYBER
|
|
2015-04-21
|
|
BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion
|
2 |
WEB
|
Portcullis
|
|
2015-04-21
|
|
GoAutoDial CE 3.3-1406088000 - Authentication Bypass / Arbitrary File Upload / Command Injection
|
1 |
WEB
|
Chris McCurley
|
|
2015-04-21
|
|
WordPress Plugin Community Events 1.3.5 - SQL Injection
|
1 |
WEB
|
Hannes Trunde
|
|
2015-04-21
|
|
MediaSuite CMS - Artibary File Disclosure
|
1 |
WEB
|
KnocKout inj3ct0r
|
|
2015-04-21
|
|
WordPress Plugin Tune Library 1.5.4 - SQL Injection
|
1 |
WEB
|
Hannes Trunde
|
|
2015-04-21
|
|
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)
|
1 |
WEB
|
dadou dz
|
|
2015-04-21
|
|
WordPress Plugin NEX-Forms < 3.0 - SQL Injection
|
1 |
WEB
|
Claudio Viviani
|
|
2015-04-21
|
|
Photo Manager Pro 4.4.0 iOS - Code Execution
|
1 |
WEB
|
Vulnerability-Lab
|
|
2015-04-21
|
|
Mobile Drive HD 1.8 - Local File Inclusion
|
1 |
WEB
|
Vulnerability-Lab
|
|
2015-04-21
|
|
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
|
1 |
WEB
|
Vulnerability-Lab
|
|
2015-04-21
|
|
Wifi Drive Pro 1.2 iOS - Local File Inclusion
|
1 |
WEB
|
Vulnerability-Lab
|
|
2015-04-21
|
|
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
|
1 |
WEB
|
Vulnerability-Lab
|
|
2012-02-17
|
|
ButorWiki 3.0 - 'service' Cross-Site Scripting
|
1 |
WEB
|
sonyy
|
|
2012-02-17
|
|
Pandora FMS 4.0.1 - 'sec2' Local File Inclusion
|
1 |
WEB
|
Ucha Gobejishvili
|
|
2012-02-16
|
|
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
|
1 |
WEB
|
tempe_mendoan
|
|
2012-02-16
|
|
Tube Ace - 'q' Cross-Site Scripting
|
1 |
WEB
|
Daniel Godoy
|
|
2012-02-15
|
|
LEPTON 1.1.3 - Cross-Site Scripting
|
1 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-15
|
|
11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-15
|
|
11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2012-02-15
|
|
11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2015-04-16
|
|
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection
|
2 |
WEB
|
Claudio Viviani
|
|
2015-04-15
|
|
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)
|
2 |
WEB
|
Necmettin COSKUN
|
|
2012-02-13
|
|
EditWrxLite CMS - 'wrx.cgi' Remote Command Execution
|
2 |
WEB
|
chippy1337
|
|
2012-02-13
|
|
STHS v2 Web Portal - 'team.php?team' SQL Injection
|
1 |
WEB
|
Liyan Oz
|
|
2012-02-13
|
|
STHS v2 Web Portal - 'prospect.php?team' SQL Injection
|
1 |
WEB
|
Liyan Oz
|
|
2012-02-13
|
|
STHS v2 Web Portal - 'prospects.php?team' SQL Injection
|
1 |
WEB
|
Liyan Oz
|
|
2012-02-10
|
|
ProWiki - 'id' Cross-Site Scripting
|
1 |
WEB
|
sonyy
|
|
2012-02-13
|
|
Powie pFile 1.02 - '/pfile/file.php?id' SQL Injection
|
1 |
WEB
|
indoushka
|
|
2012-02-13
|
|
Powie pFile 1.02 - '/pfile/kommentar.php?filecat' Cross-Site Scripting
|
2 |
WEB
|
indoushka
|
|
2012-02-13
|
|
SMW+ 1.5.6 - 'target' HTML Injection
|
2 |
WEB
|
sonyy
|
|
2015-04-14
|
|
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code
|
2 |
WEB
|
LiquidWorm
|
|
2015-04-14
|
|
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerab
|
2 |
WEB
|
LiquidWorm
|
|
2015-04-14
|
|
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion
|
2 |
WEB
|
LiquidWorm
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php' Crafted Arbitrary File Upload /
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/index.php?base_path' Remote File Inclusion
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/base_useradmin.php?base_path' Remote File
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'index.php?base_path' Remote File Inclusion
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_user.php?base_path' Remote File Inclusion
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_uaddr.php?base_path' Remote File Inclus
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_time.php?base_path' Remote File Inclusi
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_sensor.php?base_path' Remote File Inclu
|
2 |
WEB
|
indoushka
|
|
2015-04-14
|
|
WordPress Plugin Video Gallery 2.8 - SQL Injection
|
2 |
WEB
|
Claudio Viviani
|
|
2015-04-13
|
|
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)
|
2 |
WEB
|
Claudio Viviani
|
|
2015-04-13
|
|
Traidnt Up 3.0 - SQL Injection
|
2 |
WEB
|
Ali Trixx
|
|
2015-04-13
|
|
WordPress Plugin Duplicator 0.5.14 - SQL Injection / Cross-Site Request Forgery
|
2 |
WEB
|
Claudio Viviani
|
|
2015-04-13
|
|
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
|
2 |
WEB
|
Khwanchai Kaewyos
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ports.php?base_path' Remote File Inclus
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_iplink.php?base_path' Remote File Inclu
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ipaddr.php?base_path' Remote File Inclu
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_common.php?base_path' Remote File Inclu
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_class.php?base_path' Remote File Inclus
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_alerts.php?base_path' Remote File Inclu
|
2 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_common.php?base_path' Remote File Inclus
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_alert.php?base_path' Remote File Inclusi
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php?base_path' Remote File Inclusion
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/setup2.php?ado_inc_PHP' Remote File Inclus
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_common.inc.php?GLOBALS[user_
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/base_conf_contents.php' Multiple Remote Fi
|
1 |
WEB
|
indoushka
|
|
2012-02-11
|
|
Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_query.inc.php?base_path' Rem
|
1 |
WEB
|
indoushka
|
