|
2014-04-13
|
|
CubeCart 5.2.8 - Session Fixation
|
3 |
WEB
|
absane
|
|
2009-03-02
|
|
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Isfahan
|
|
2009-03-02
|
|
Afian - 'includer.php' Directory Traversal
|
3 |
WEB
|
vnbrain.net
|
|
2009-02-27
|
|
Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities
|
3 |
WEB
|
Corwin
|
|
2009-02-26
|
|
APC PowerChute Network Shutdown - HTTP Response Splitting / Cross-Site Scripting
|
3 |
WEB
|
Digital Security Research Group
|
|
2009-02-26
|
|
Parsi PHP CMS 2.0 - 'index.php' SQL Injection
|
3 |
WEB
|
Cru3l.b0y
|
|
2009-02-25
|
|
JOnAS 4.10.3 - 'select' Error Page Cross-Site Scripting
|
3 |
WEB
|
Digital Security Research Group
|
|
2009-02-25
|
|
Orooj CMS - 'news.php' SQL Injection
|
3 |
WEB
|
Cru3l.b0y
|
|
2014-04-11
|
|
Sendy 1.1.9.1 - SQL Injection
|
3 |
WEB
|
delme
|
|
2009-02-24
|
|
Magento 1.2 - 'downloader/index.php' Cross-Site Scripting
|
2 |
WEB
|
Loukas Kalenderidis
|
|
2009-02-24
|
|
Magento 1.2 - '/app/code/core/Mage/Adminhtml/controllers/IndexController.php?email' Cross-Site Scrip
|
3 |
WEB
|
Loukas Kalenderidis
|
|
2009-02-24
|
|
Magento 1.2 - '/app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting
|
3 |
WEB
|
Loukas Kalenderidis
|
|
2009-02-23
|
|
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
|
2 |
WEB
|
Salvatore Fresta
|
|
2009-02-22
|
|
Blue Utopia - 'index.php' Local File Inclusion
|
3 |
WEB
|
PLATEN
|
|
2009-02-20
|
|
lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion
|
3 |
WEB
|
Kacper
|
|
2008-10-01
|
|
A4Desk Event Calendar - 'eventid' SQL Injection
|
2 |
WEB
|
r45c4l
|
|
2009-02-16
|
|
Clipbucket 1.7 - 'dwnld.php' Directory Traversal
|
3 |
WEB
|
JIKO
|
|
2009-02-10
|
|
Banking@Home 2.1 - 'login.asp' Multiple SQL Injections
|
3 |
WEB
|
Francesco Bianchino
|
|
2014-04-10
|
|
Orbit Open Ad Server 1.1.0 - SQL Injection
|
3 |
WEB
|
High-Tech Bridge SA
|
|
2014-04-10
|
|
XCloner Standalone 3.5 - Cross-Site Request Forgery
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2009-02-09
|
|
Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities
|
3 |
WEB
|
aGGreSSor
|
|
2009-02-05
|
|
glFusion 1.1 - Anonymous Comment 'Username' HTML Injection
|
3 |
WEB
|
Bjarne Mathiesen Schacht
|
|
2009-02-09
|
|
FotoWeb 6.0 - 'Grid.fwx?search' Cross-Site Scripting
|
3 |
WEB
|
Stelios Tigkas
|
|
2009-02-09
|
|
FotoWeb 6.0 - 'Login.fwx?s' Cross-Site Scripting
|
3 |
WEB
|
Stelios Tigkas
|
|
2009-02-06
|
|
Ilch CMS 1.1 - 'HTTP_X_FORWARDED_FOR' SQL Injection
|
3 |
WEB
|
Gizmore
|
|
2009-02-04
|
|
MetaBBS 0.11 - Administration Settings Authentication Bypass
|
3 |
WEB
|
make0day
|
|
2009-02-03
|
|
Simple Machines Forum (SMF) 1.1.7 - '[url]' Tag HTML Injection
|
3 |
WEB
|
Xianur0
|
|
2009-01-30
|
|
E-PHP B2B Trading Marketplace Script - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
SaiedHacker
|
|
2009-01-29
|
|
PerlSoft Gästebuch 1.7b - 'admincenter.cgi' Remote Command Execution
|
3 |
WEB
|
Perforin
|
|
2014-04-09
|
|
Quick.CMS 5.4 - Multiple Vulnerabilities
|
3 |
WEB
|
Shpend Kurtishaj
|
|
2009-01-28
|
|
Autonomy Ultraseek - 'cs.html' Open Redirection
|
5 |
WEB
|
buzzy
|
|
2014-04-09
|
|
csUpload Script Site - Authentication Bypass
|
3 |
WEB
|
Satanic2000
|
|
2009-01-24
|
|
NewsCMSLite - Insecure Cookie Authentication Bypass
|
4 |
WEB
|
FarhadKey
|
|
2009-01-26
|
|
OpenX 2.6.2 - 'MAX_type' Local File Inclusion
|
4 |
WEB
|
Sarid Harper
|
|
2009-01-26
|
|
Lootan - 'login.asp' SQL Injection
|
4 |
WEB
|
Arash Setayeshi
|
|
2009-01-26
|
|
ConPresso CMS 4.07 - Multiple Remote Vulnerabilities
|
4 |
WEB
|
David Vieira-Kurz
|
|
2009-01-26
|
|
LDF - 'login.asp' SQL Injection
|
3 |
WEB
|
Arash Setayeshi
|
|
2009-01-23
|
|
OBLOG - 'err.asp' Cross-Site Scripting
|
4 |
WEB
|
arash.setayeshi
|
|
2009-01-23
|
|
BBSXP 5.13 - 'error.asp' Cross-Site Scripting
|
3 |
WEB
|
arashps0
|
|
2009-01-23
|
|
PHP-Nuke Downloads Module - 'url' SQL Injection
|
5 |
WEB
|
Sina Yazdanmehr
|
|
2009-01-20
|
|
MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting
|
4 |
WEB
|
SecureState
|
|
2009-01-20
|
|
Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'swr.jsp?q' Cross-Site Scripting
|
4 |
WEB
|
Red Hat
|
|
2009-01-20
|
|
Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'search.jsp?q' Cross-Site Scripting
|
3 |
WEB
|
Red Hat
|
|
2009-01-16
|
|
Blog Manager - 'categoryId' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-16
|
|
Blog Manager - 'ItemID' SQL Injection
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-16
|
|
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
|
3 |
WEB
|
clément Oudot
|
|
2009-01-15
|
|
w3bcms - '/admin/index.php' SQL Injection
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-15
|
|
Masir Camp 3.0 - 'SearchKeywords' SQL Injection
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-15
|
|
Active Bids - 'search' SQL Injection
|
2 |
WEB
|
Pouya_Server
|
|
2009-01-15
|
|
Active Bids - 'search' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-15
|
|
LinksPro - 'OrderDirection' SQL Injection
|
3 |
WEB
|
Pouya_Server
|
|
2009-01-15
|
|
MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting
|
3 |
WEB
|
waraxe
|
|
2009-01-15
|
|
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
|
3 |
WEB
|
waraxe
|
|
2009-01-14
|
|
Dark Age CMS 2.0 - 'login.php' SQL Injection
|
3 |
WEB
|
darkjoker
|
|
2014-04-07
|
|
XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities
|
3 |
WEB
|
hackerDesk
|
|
2009-01-12
|
|
Ovidentia 6.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Ivan Sanchez
|
|
2009-01-12
|
|
Comersus Cart 6 - User Email and User Password Unauthorized Access
|
3 |
WEB
|
ajann
|
|
2009-01-12
|
|
Visuplay CMS - Multiple SQL Injections
|
3 |
WEB
|
Joseph Giron
|
|
2009-01-07
|
|
tadbook2 Module for XOOPS - 'open_book.php' SQL Injection
|
3 |
WEB
|
stylextra
|
|
2009-01-07
|
|
Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_job.jsp?Pfad' Direct Request Information Disclosure
|
3 |
WEB
|
Matteo Ignaccolo
|
|
2009-01-07
|
|
Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosu
|
2 |
WEB
|
Matteo Ignaccolo
|
|
2009-01-07
|
|
Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting
|
3 |
WEB
|
Matteo Ignaccolo
|
|
2014-04-05
|
|
Private Photo+Video 1.1 Pro iOS - Persistent
|
4 |
WEB
|
Vulnerability-Lab
|
|
2014-04-04
|
|
WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery
|
2 |
WEB
|
High-Tech Bridge SA
|
|
2009-01-05
|
|
SolucionXpressPro - 'main.php' SQL Injection
|
3 |
WEB
|
Ehsan_Hp200
|
|
2008-12-04
|
|
NPDS < 08.06 - Multiple Input Validation Vulnerabilities
|
4 |
WEB
|
Jean-François Leclerc
|
|
2008-12-29
|
|
Madrese-Portal - 'haber.asp' SQL Injection
|
4 |
WEB
|
Sina Yazdanmehr
|
|
2008-12-29
|
|
ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting
|
4 |
WEB
|
Xia Shing Zee
|
|
2008-12-29
|
|
Mavi Emlak - 'newDetail.asp' SQL Injection
|
4 |
WEB
|
Sina Yazdanmehr
|
|
2009-01-08
|
|
Openfire 3.6.2 - 'log.jsp' Directory Traversal
|
4 |
WEB
|
Federico Muttis
|
|
2009-01-08
|
|
Openfire 3.6.2 - 'log.jsp' Cross-Site Scripting
|
4 |
WEB
|
Federico Muttis
|
|
2009-01-08
|
|
Openfire 3.6.2 - 'user-properties.jsp' Cross-Site Scripting
|
4 |
WEB
|
Federico Muttis
|
|
2009-01-08
|
|
Openfire 3.6.2 - 'group-summary.jsp' Cross-Site Scripting
|
3 |
WEB
|
Federico Muttis
|
|
2008-12-19
|
|
PECL Alternative PHP Cache Local 3 - HTML Injection
|
4 |
WEB
|
Moritz Naumann
|
|
2008-12-18
|
|
Easysitenetwork Jokes Complete Website - 'joke.php' SQL Injection
|
4 |
WEB
|
Ehsan_Hp200
|
|
2008-12-18
|
|
DO-CMS 3.0 - 'p' Multiple SQL Injections
|
4 |
WEB
|
crash over
|
|
2014-04-03
|
|
Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
|
4 |
WEB
|
Giuseppe D'Amore
|
|
2008-12-17
|
|
PHPcksec 0.2 - 'PHPcksec.php' Cross-Site Scripting
|
4 |
WEB
|
ahmadbady
|
|
2014-04-03
|
|
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Blessen Thomas
|
|
2014-04-02
|
|
Kloxo-MR 6.5.0 - Cross-Site Request Forgery
|
3 |
WEB
|
Necmettin COSKUN
|
|
2014-04-02
|
|
Kloxo 6.1.18 Stable - Cross-Site Request Forgery
|
4 |
WEB
|
Necmettin COSKUN
|
|
2014-04-02
|
|
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
|
4 |
WEB
|
Vulnerability-Lab
|
|
2008-12-15
|
|
Injader 2.1.1 - SQL Injection / HTML Injection
|
4 |
WEB
|
anonymous
|
|
2008-12-14
|
|
WebPhotoPro - Multiple SQL Injections
|
4 |
WEB
|
baltazar
|
|
2014-04-02
|
|
CIS Manager CMS - SQL Injection
|
4 |
WEB
|
felipe andrian
|
|
2008-12-13
|
|
ASP-DEV XM Events Diary - 'cat' SQL Injection
|
4 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
Octeth Oempro 3.5.5 - Multiple SQL Injections
|
3 |
WEB
|
security curmudgeon
|
|
2008-12-11
|
|
Multiple Ad Server Solutions Products - 'logon_processing.jsp' SQL Injection
|
4 |
WEB
|
3d D3v!L
|
|
2008-12-09
|
|
Professional Download Assistant 0.1 - SQL Injection
|
4 |
WEB
|
ZoRLu
|
|
2008-12-08
|
|
PHPepperShop 1.4 - 'shop/Admin/SHOP_KONFIGURATION.php' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-08
|
|
PHPepperShop 1.4 - 'shop/Admin/shop_kunden_mgmt.php' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-08
|
|
PHPepperShop 1.4 - 'shop/kontakt.php' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-08
|
|
PHPepperShop 1.4 - 'index.php' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-08
|
|
PrestaShop 1.1 - 'order.php?PATH_INFO' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-08
|
|
PrestaShop 1.1 - '/admin/login.php?PATH_INFO' Cross-Site Scripting
|
3 |
WEB
|
th3.r00k.ieatpork
|
|
2008-12-06
|
|
TWiki 4.x - 'URLPARAM' Cross-Site Scripting
|
3 |
WEB
|
Marc Schoenefeld
|
|
2008-12-06
|
|
TWiki 4.x - 'SEARCH' Remote Command Execution
|
3 |
WEB
|
Troy Bollinge
|
|
2014-04-01
|
|
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
|
3 |
WEB
|
Brandon Perry
|
|
2008-12-04
|
|
PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection
|
3 |
WEB
|
CWH Underground
|
|
2008-12-04
|
|
RevSense 1.0 - SQL Injection / Cross-Site Scripting
|
4 |
WEB
|
Pouya_Server
|
|
2008-12-03
|
|
Yappa-ng - Query String Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2008-12-03
|
|
Yappa-ng - 'index.php?album' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2014-04-01
|
|
Horde Webmail 5.1 - Open Redirect
|
2 |
WEB
|
felipe andrian
|
|
2008-12-02
|
|
Orkut Clone - 'profile_social.php?id' Cross-Site Scripting
|
2 |
WEB
|
d3b4g
|
|
2008-12-02
|
|
Orkut Clone - 'profile_social.php?id' SQL Injection
|
2 |
WEB
|
d3b4g
|
|
2008-12-02
|
|
Jbook - SQL Injection
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-02
|
|
Z1Exchange 1.0 - 'id' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-02
|
|
Z1Exchange 1.0 - 'id' SQL Injection
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-02
|
|
Fantastico - 'index.php' Local File Inclusion
|
2 |
WEB
|
Super-Crystal
|
|
2008-12-01
|
|
IBM Rational ClearCase 7/8 - Cross-Site Scripting
|
2 |
WEB
|
IBM
|
|
2008-12-01
|
|
Pre ASP Job Board - 'emp_login.asp' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
ASP Forum Script - 'default.asp' Query String Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
ASP Forum Script - 'messages.asp?forum_id' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
ASP Forum Script - 'new_message.asp?forum_id' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
ASP Forum Script - 'messages.asp?message_id' SQL Injection
|
2 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
PHP JOBWEBSITE PRO - 'adname' SQL Injection
|
2 |
WEB
|
Pouya_Server
|
|
2014-03-31
|
|
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)
|
3 |
WEB
|
Brandon Perry
|
|
2014-03-31
|
|
WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion
|
3 |
WEB
|
Glyn Wintle
|
|
2014-03-31
|
|
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
|
3 |
WEB
|
Vulnerability-Lab
|
|
2014-03-31
|
|
PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities
|
2 |
WEB
|
Vulnerability-Lab
|
|
2008-12-01
|
|
Softbiz Classifieds Script - '/admin/index.php?msg' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
Softbiz Classifieds Script - '/admin/adminhome.php?msg' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
Softbiz Classifieds Script - 'lostpassword.php?msg' Cross-Site Scripting
|
3 |
WEB
|
Pouya_Server
|
|
2008-12-01
|
|
Softbiz Classifieds Script - 'gallery.php?radio' Cross-Site Scripting
|
2 |
WEB
|
Pouya_Server
|
