|
2008-09-24
|
|
Drupal Module Ajax Checklist 5.x-1.0 - Multiple SQL Injections
|
3 |
WEB
|
Justin C. Klein Keane
|
|
2008-09-23
|
|
InterTech WCMS - 'etemplate.php' SQL Injection
|
3 |
WEB
|
GeNiUs IrAQI
|
|
2008-09-23
|
|
Omnicom Content Platform - 'browser.asp' Directory Traversal
|
3 |
WEB
|
AlbaniaN-[H]
|
|
2008-09-23
|
|
Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting
|
3 |
WEB
|
Hadi Kiamarsi
|
|
2008-09-22
|
|
6rbScript - 'cat.php' SQL Injection
|
3 |
WEB
|
Karar Alshami
|
|
2008-09-20
|
|
Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting
|
3 |
WEB
|
Rohit Bansal
|
|
2008-09-21
|
|
BlueCUBE CMS - 'tienda.php' SQL Injection
|
3 |
WEB
|
r45c4l
|
|
2008-09-22
|
|
BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation
|
3 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
xt:Commerce 3.04 - 'XTCsid' Session Fixation
|
3 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
xt:Commerce 3.04 - 'advanced_search_result.php?keywords' Cross-Site Scripting
|
3 |
WEB
|
David Vieira-Kurz
|
|
2008-09-22
|
|
Fuzzylime (cms) 3.0 - 'usercheck.php' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-22
|
|
MapCal 0.1 - 'id' SQL Injection
|
3 |
WEB
|
0x90
|
|
2008-09-22
|
|
UNAK-CMS - Cookie Authentication Bypass
|
3 |
WEB
|
Ciph3r
|
|
2008-09-22
|
|
rgb72 WCMS 1.0 - 'index.php' SQL Injection
|
2 |
WEB
|
CWH Underground
|
|
2008-09-21
|
|
eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting
|
3 |
WEB
|
DigiTrust Group
|
|
2008-09-19
|
|
PHP Pro Bid 5.2.4/6.04 - Multiple SQL Injections
|
3 |
WEB
|
Jan Van Niekerk
|
|
2008-09-19
|
|
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
t0fx
|
|
2008-09-19
|
|
HyperStop WebHost Directory 1.2 - Database Disclosure
|
3 |
WEB
|
r45c4l
|
|
2008-09-18
|
|
Sama Educational Management System - 'error.asp' Cross-Site Scripting
|
3 |
WEB
|
Lagon666
|
|
2008-09-17
|
|
Add a link 4 - Security Bypass / SQL Injection
|
3 |
WEB
|
JosS
|
|
2008-09-17
|
|
Quick Cart 3.1 - 'admin.php' Cross-Site Scripting
|
3 |
WEB
|
John Cobb
|
|
2008-09-17
|
|
Cars & Vehicle - 'page.php' SQL Injection
|
4 |
WEB
|
Hussin X
|
|
2008-09-16
|
|
Quick CMS Lite 2.1 - 'admin.php' Cross-Site Scripting
|
3 |
WEB
|
John Cobb
|
|
2014-03-20
|
|
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
|
3 |
WEB
|
Dhruv Shah
|
|
2008-09-15
|
|
phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution
|
3 |
WEB
|
Norman Hippert
|
|
2014-03-20
|
|
OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities
|
3 |
WEB
|
//sToRm
|
|
2014-03-20
|
|
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
|
3 |
WEB
|
Vulnerability-Lab
|
|
2014-03-19
|
|
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities
|
3 |
WEB
|
xistence
|
|
2014-03-19
|
|
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
|
3 |
WEB
|
Brandon Perry
|
|
2008-09-12
|
|
QuicO - 'photo.php' SQL Injection
|
4 |
WEB
|
Beenu Arora
|
|
2008-09-12
|
|
Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities
|
4 |
WEB
|
Xylitol
|
|
2008-09-12
|
|
Dynamic MP3 Lister 2.0.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Xylitol
|
|
2008-09-11
|
|
Nooms 1.1 - 'search.php?q' Cross-Site Scripting
|
4 |
WEB
|
Dr.Crash
|
|
2008-09-11
|
|
Nooms 1.1 - 'smileys.php?page_id' Cross-Site Scripting
|
5 |
WEB
|
Dr.Crash
|
|
2008-09-10
|
|
Hot Links SQL-PHP - 'news.php' SQL Injection
|
4 |
WEB
|
r45c4l
|
|
2008-09-10
|
|
Horde 3.2 - MIME Attachment Filename Insufficient Filtering Cross-Site Scripting
|
4 |
WEB
|
Alexios Fakos
|
|
2008-09-10
|
|
Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting
|
4 |
WEB
|
Alexios Fakos
|
|
2008-09-10
|
|
AvailScript Job Portal Script - 'applynow.php' SQL Injection
|
3 |
WEB
|
InjEctOr5
|
|
2008-09-10
|
|
Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions
|
4 |
WEB
|
SirGod
|
|
2008-09-02
|
|
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
|
3 |
WEB
|
GulfTech Security
|
|
2008-09-07
|
|
E-PHP B2B Trading Marketplace Script - 'listings.php' SQL Injection
|
3 |
WEB
|
r45c4l
|
|
2008-09-08
|
|
eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection
|
3 |
WEB
|
Omer Singer
|
|
2008-09-08
|
|
Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
sl4xUz
|
|
2008-09-07
|
|
phpAdultSite CMS - 'results_per_page' Cross-Site Scripting
|
3 |
WEB
|
David Sopas
|
|
2008-09-06
|
|
Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Maximiliano Soler
|
|
2008-09-03
|
|
CeleronDude Uploader 6.1 - 'account.php' Cross-Site Scripting
|
3 |
WEB
|
Xc0re
|
|
2014-03-17
|
|
Joomla! Component AJAX Shoutbox 1.6 - SQL Injection
|
3 |
WEB
|
Ibrahim Raafat
|
|
2014-03-17
|
|
OpenSupports 2.0 - Blind SQL Injection
|
3 |
WEB
|
indoushka
|
|
2008-09-04
|
|
XRms 1.99.2 - 'starting' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'file_id' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'case_title' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'last_name' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'company_name' Cross-Site Scripting
|
2 |
WEB
|
Fabian Fingerle
|
|
2008-09-04
|
|
XRms 1.99.2 - 'title' Cross-Site Scripting
|
2 |
WEB
|
Fabian Fingerle
|
|
2014-03-17
|
|
OpenSupports 2.x - Authentication Bypass / Cross-Site Request Forgery
|
2 |
WEB
|
TN CYB3R
|
|
2008-09-04
|
|
XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-09-03
|
|
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
C1c4Tr1Z
|
|
2008-09-03
|
|
eliteCMS 1.0 - 'page' SQL Injection
|
3 |
WEB
|
e.wiZz!
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'user_profile.php?redirect_url' Cross-Site Scripting
|
3 |
WEB
|
C1c4Tr1Z
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'listings.php?title' Cross-Site Scripting
|
3 |
WEB
|
C1c4Tr1Z
|
|
2008-08-28
|
|
OpenDB 1.0.6 - 'user_admin.php?user_id' Cross-Site Scripting
|
3 |
WEB
|
C1c4Tr1Z
|
|
2008-09-02
|
|
IDevSpot BizDirectory 2.04 - 'page' Cross-Site Scripting
|
3 |
WEB
|
Am!r
|
|
2008-08-29
|
|
Full PHP Emlak Script - 'landsee.php' SQL Injection
|
3 |
WEB
|
Hussin X
|
|
2008-09-01
|
|
GenPortal - 'buscarCat.php' Cross-Site Scripting
|
3 |
WEB
|
sl4xUz
|
|
2008-09-01
|
|
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Fabian Fingerle
|
|
2008-08-29
|
|
dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
C1c4Tr1Z
|
|
2008-08-27
|
|
AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting
|
3 |
WEB
|
Bug Researchers Group
|
|
2008-08-26
|
|
Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting
|
2 |
WEB
|
JoCk3r
|
|
2008-08-26
|
|
MatterDaddy Market 1.1 - 'login.php' Cross-Site Scripting
|
2 |
WEB
|
Sam Georgiou
|
|
2008-08-26
|
|
HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting
|
2 |
WEB
|
Luca Carettoni
|
|
2008-08-26
|
|
Smart Survey 1.0 - 'surveyresults.asp' Cross-Site Scripting
|
3 |
WEB
|
Bug Researchers Group
|
|
2008-08-25
|
|
Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Lostmon
|
|
2008-08-25
|
|
PHP-Ultimate WebBoard 2.0 - 'admindel.php' Multiple Input Validation Vulnerabilities
|
2 |
WEB
|
t0pP8uZz
|
|
2008-08-23
|
|
One-News - Multiple Input Validation Vulnerabilities
|
3 |
WEB
|
suN8Hclf
|
|
2008-08-22
|
|
PicturesPro Photo Cart 3.9 - Search Cross-Site Scripting
|
3 |
WEB
|
Tyler Trioxide
|
|
2008-08-22
|
|
Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Eric Beaulieu
|
|
2008-08-21
|
|
TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities
|
2 |
WEB
|
Doz
|
|
2008-08-21
|
|
FAR-PHP 1.0 - 'index.php' Local File Inclusion
|
3 |
WEB
|
Beenu Arora
|
|
2008-08-20
|
|
vBulletin 3.6.10/3.7.2 - '$newpm[title]' Cross-Site Scripting
|
3 |
WEB
|
Core Security
|
|
2008-08-21
|
|
Simasy CMS - 'id' SQL Injection
|
3 |
WEB
|
r45c4l
|
|
2008-08-21
|
|
Scripts4Profit DXShopCart 4.30 - 'pid' SQL Injection
|
3 |
WEB
|
Hussin X
|
|
2014-03-15
|
|
Church Edit - Blind SQL Injection
|
3 |
WEB
|
ThatIcyChill
|
|
2008-06-19
|
|
Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure
|
3 |
WEB
|
Charalambous Glafkos
|
|
2008-08-20
|
|
YourFreeWorld Ad-Exchange Script - 'id' SQL Injection
|
2 |
WEB
|
Hussin X
|
|
2008-08-19
|
|
Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting
|
3 |
WEB
|
GulfTech Security
|
|
2008-08-18
|
|
K Web CMS - 'sayfala.asp' SQL Injection
|
3 |
WEB
|
baltazar
|
|
2008-08-18
|
|
itMedia - Multiple SQL Injections
|
3 |
WEB
|
baltazar
|
|
2014-03-14
|
|
Synology DSM 4.3-3827 - 'article.php' Blind SQL Injection
|
3 |
WEB
|
Michael Wisniewski
|
|
2008-08-18
|
|
Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting
|
3 |
WEB
|
ThE dE@Th
|
|
2008-08-18
|
|
NewsHOWLER 1.03 - Cookie Data SQL Injection
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File
|
4 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusi
|
4 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion
|
3 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion
|
3 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/includes/modules/newsdesk/newsdesk_article_require.php?language' Traversal Loc
|
2 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local
|
3 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/french/account_newsletters.php?language' Traversal Local File Inclusion
|
3 |
WEB
|
Digital Security Research Group
|
|
2014-03-14
|
|
Fonality trixbox - 'mac' Remote Code Injection
|
3 |
WEB
|
i-Hmx
|
|
2008-08-18
|
|
Freeway 1.4.1.171 - '/english/account.php?language' Traversal Local File Inclusion
|
3 |
WEB
|
Digital Security Research Group
|
|
2008-08-18
|
|
AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting
|
3 |
WEB
|
Morgan Todd
|
|
2008-08-15
|
|
PromoProducts - 'view_product.php' Multiple SQL Injections
|
3 |
WEB
|
baltazar
|
|
2008-08-15
|
|
FipsCMS 2.1 - 'neu.asp' SQL Injection
|
3 |
WEB
|
U238
|
|
2008-08-15
|
|
FlexCMS 2.5 - 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting
|
3 |
WEB
|
Dr.Crash
|
|
2008-08-15
|
|
Mambo Open Source 4.6.2 - '/mambots/editors/mostlyce/' PHP/connector.php?Query String Cross-Site Scr
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-08-15
|
|
Mambo Open Source 4.6.2 - '/administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Script
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-08-15
|
|
PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion
|
4 |
WEB
|
Lostmon
|
|
2008-08-15
|
|
mUnky 0.01 - 'index.php' Remote Code Execution
|
3 |
WEB
|
Khashayar Fereidani
|
|
2008-08-14
|
|
Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting
|
3 |
WEB
|
Daniel Henninger
|
|
2008-08-13
|
|
Nortel Networks SRG V16 - 'modules.php?module' Traversal Local File Inclusion
|
4 |
WEB
|
CraCkEr
|
|
2008-08-13
|
|
Nortel Networks SRG V16 - 'admin_modules.php?module' Traversal Local File Inclusion
|
3 |
WEB
|
CraCkEr
|
|
2008-08-13
|
|
Nortel Networks SRG V16 - 'modules.php?module' Cross-Site Scripting
|
3 |
WEB
|
CraCkEr
|
|
2008-08-13
|
|
YapBB 1.2 - 'class_yapbbcooker.php' Remote File Inclusion
|
3 |
WEB
|
CraCkEr
|
|
2008-08-13
|
|
Nukeviet 2.0 - '/admin/login.php' Cookie Authentication Bypass
|
3 |
WEB
|
Ciph3r
|
|
2008-08-13
|
|
PHP-Fusion 4.01 - 'readmore.php' SQL Injection
|
3 |
WEB
|
Rake
|
|
2008-08-13
|
|
PHP Realty - 'dpage.php' SQL Injection
|
3 |
WEB
|
CraCkEr
|
|
2008-08-13
|
|
Freeway 1.4.1 - Multiple Input Validation Vulnerabilities
|
3 |
WEB
|
Digital Security Research Group
|
|
2014-03-13
|
|
Fonality trixbox - SQL Injection
|
3 |
WEB
|
Sc4nX
|
|
2014-03-13
|
|
Ubee EVW3200 - Cross-Site Request Forgery
|
3 |
WEB
|
Jeroen - IT Nerdbox
|
|
2014-03-13
|
|
Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities
|
3 |
WEB
|
Jeroen - IT Nerdbox
|
|
2008-08-13
|
|
Meet#Web 0.8 - 'RegRightsResource.class.php?root_path' Remote File Inclusion
|
3 |
WEB
|
Rakesh S
|
|
2008-08-13
|
|
Meet#Web 0.8 - 'RegResource.class.php?root_path' Remote File Inclusion
|
3 |
WEB
|
Rakesh S
|
|
2008-08-13
|
|
Meet#Web 0.8 - 'RegForm.class.php?root_path' Remote File Inclusion
|
3 |
WEB
|
Rakesh S
|
|
2008-08-13
|
|
Meet#Web 0.8 - 'ManagerRightsResource.class.php?root_path' Remote File Inclusion
|
3 |
WEB
|
Rakesh S
|
